I've forgotten why Extension:SpecialDeleteOldRevisions2 had a security problem.
Topic on User talk:Peachey88
Jump to navigation Jump to search
Reply to "Extension:SpecialDeleteOldRevisions2"
Warning: The code or configuration described here poses a major security risk.
Site administrators: You are advised against using it until this security issue is resolved.
Problem: Vulnerable to SQL injection attacks, because it passes user input directly into SQL commands. This may lead to user accounts being hijacked, wiki content being compromised, private data being leaked, malware being injected, and the entire wiki content being erased, among other things.
Solution: make proper use of MediaWiki's database class instead of concatenating raw sql
Warning: This extension assumes that only the revisions and archives tables use our text storage. If any extension you have installed makes use of our text storage on its own then this extension will purge all content that is being used by that extension and break it.
Is what was posted on the page.