[[Extension:Runphp page/ru]]

Fragment of a discussion from User talk:MaxSem
Jump to: navigation, search

Attacker doesn't need to have access to a site with this extension, the only thing he needs to know is its URL, then he can construct a link like http://example.com/wiki/api.php?action=parse&text=<runphp>whackSiteDown();</runphp> and trick an admin into clicking on it. No way, in no environment this can be acceptable to use, hosting a page for this extension would be like publishing a suicide how-to.

Max Semenik08:26, 1 October 2011
Retrieved from "http://www.mediawiki.org/wiki/Thread:User_talk:MaxSem/Extension:Runphp_page/ru/reply#x.5B.5BExtension:Runphp_page.2Fru.5D.5D_7783"
Personal tools

Variants
Actions
Navigation
Support
Download
Development
Communication
Toolbox