Summary: | Gentoo Wiki search box not doing input sanitization on "-" | ||
---|---|---|---|
Product: | Websites | Reporter: | Addison Amiri <addisonamiri> |
Component: | Wiki | Assignee: | Gentoo Wiki Team <wiki> |
Status: | RESOLVED UPSTREAM | ||
Severity: | minor | CC: | addisonamiri |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Addison Amiri
2015-06-06 21:10:29 UTC
My observations: - Searching for strings containing a - works as intended. - /^-+/ is a 'problem'. - The resulting queries are properly escaped, the '-' is simply not expected there in the mysql fulltext query. This might be fixed in a recent mediawiki version and an update of our site might fix it. Otherwise, I don't see a need for more investigation and/or fixing. Thanks for your report and concern. |