Difference between revisions of "Template:Execution alert"
Jump to navigation
Jump to search
Template documentation[create]
Template documentation
Joelmartin (talk | contribs) m (Text replacement - "<translate>" to "") |
Joelmartin (talk | contribs) m (Text replacement - "</translate>" to "") |
||
| Line 1: | Line 1: | ||
<noinclude> | <noinclude> | ||
<languages/> | <languages/> | ||
| − | </noinclude>{{#switch: | + | </noinclude>{{#switch: |
| = | | = | ||
{{Security alert | {{Security alert | ||
| − | |problem={{{problem|<!--T:1--> Vulnerable to '''[[w:Code_injection#Shell_injection|code injection]] attacks''', because it passes user input directly to executable statements, such as exec(), passthru() or include(). | + | |problem={{{problem|<!--T:1--> Vulnerable to '''[[w:Code_injection#Shell_injection|code injection]] attacks''', because it passes user input directly to executable statements, such as exec(), passthru() or include(). <!--T:2--> This may lead to '''arbitrary code being run on your server''', among other things.}}} |
| − | |solution={{{solution|<!--T:3--> Strictly validate user input and/or apply escaping to all characters that have a special meaning in executable statements. | + | |solution={{{solution|<!--T:3--> Strictly validate user input and/or apply escaping to all characters that have a special meaning in executable statements.}}} |
|signed={{{signed|{{{1||}}}}}} | |signed={{{signed|{{{1||}}}}}} | ||
|nocat=1 | |nocat=1 | ||
Revision as of 04:23, 21 December 2019
Template documentation[create] Template documentation- Description
- Adds an alert box describing a code injection vulnerability in including Extension page. Also adds including page to Category:Extensions with arbitrary execution vulnerabilities
- Example
{{Execution alert|~~~~}}