Difference between revisions of "Template:Execution alert"

From RobotX
Jump to navigation Jump to search
m (Text replacement - "</translate>" to "")
m (Text replacement - "<!--T:(.*)-->" to "")
 
Line 4: Line 4:
 
| =
 
| =
 
{{Security alert
 
{{Security alert
|problem={{{problem|<!--T:1--> Vulnerable to '''[[w:Code_injection#Shell_injection|code injection]] attacks''', because it passes user input directly to executable statements, such as exec(), passthru() or include(). <!--T:2--> This may lead to '''arbitrary code being run on your server''', among other things.}}}
+
|problem={{{problem| Vulnerable to '''[[w:Code_injection#Shell_injection|code injection]] attacks''', because it passes user input directly to executable statements, such as exec(), passthru() or include(). This may lead to '''arbitrary code being run on your server''', among other things.}}}
|solution={{{solution|<!--T:3--> Strictly validate user input and/or apply escaping to all characters that have a special meaning in executable statements.}}}
+
|solution={{{solution| Strictly validate user input and/or apply escaping to all characters that have a special meaning in executable statements.}}}
 
|signed={{{signed|{{{1||}}}}}}
 
|signed={{{signed|{{{1||}}}}}}
 
|nocat=1
 
|nocat=1

Latest revision as of 14:31, 21 December 2019


Template documentation[create]
Editors can experiment in this template's sandbox (create | mirror) and testcases (create) pages.
Please add categories to the /doc subpage. Subpages of this template.
Template documentation
Description
Adds an alert box describing a code injection vulnerability in including Extension page. Also adds including page to Category:Extensions with arbitrary execution vulnerabilities
Example
{{Execution alert|~~~~}}
Editors can experiment in this template's sandbox (create | mirror) and testcases (create) pages.
Subpages of this template.
Retrieved from "http://OCRobotx.org/mediawiki/index.php?title=Template:Execution_alert&oldid=9163"