Template:Execution alert

From MediaWiki.org
Jump to: navigation, search
WARNING: the code or configuration described here poses a major security risk.

Problem: Vulnerable to code injection attacks, because it passes user input directly to executable statements, such as exec(), passthru() or include(). This may lead to arbitrary code being run on your server, among other things

Solution: strictly validate user input and/or apply escaping to all characters that have a special meaning in executable statements
Description
Adds an alert box describing a code injection vulnerability in including Extension page. Also adds including page to Category:Extensions with arbitrary execution vulnerabilities
Example
{{Execution alert|~~~~}}
Retrieved from "http://www.mediawiki.org/w/index.php?title=Template:Execution_alert&oldid=469197"
Personal tools
Namespaces

Variants
Actions
Navigation
Support
Download
Development
Communication
Toolbox