Difference between revisions of "Template:Execution alert"
Joelmartin (talk | contribs) m (Text replacement - "<translate>" to "") |
Joelmartin (talk | contribs) m (Text replacement - "<!--T:(.*)-->" to "") |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
<noinclude> | <noinclude> | ||
<languages/> | <languages/> | ||
| − | </noinclude>{{#switch: | + | </noinclude>{{#switch: |
| = | | = | ||
{{Security alert | {{Security alert | ||
| − | |problem={{{problem| | + | |problem={{{problem| Vulnerable to '''[[w:Code_injection#Shell_injection|code injection]] attacks''', because it passes user input directly to executable statements, such as exec(), passthru() or include(). This may lead to '''arbitrary code being run on your server''', among other things.}}} |
| − | |solution={{{solution| | + | |solution={{{solution| Strictly validate user input and/or apply escaping to all characters that have a special meaning in executable statements.}}} |
|signed={{{signed|{{{1||}}}}}} | |signed={{{signed|{{{1||}}}}}} | ||
|nocat=1 | |nocat=1 | ||
Latest revision as of 14:31, 21 December 2019
Template documentation[create] Template documentation- Description
- Adds an alert box describing a code injection vulnerability in including Extension page. Also adds including page to Category:Extensions with arbitrary execution vulnerabilities
- Example
{{Execution alert|~~~~}}