User:CSteipp (WMF)/Training/VulnTagging medium
Appearance
WARNING: This is a vulnerable script for demonstration. Don't use it! This code has used naive, but commonly-seen, fixes for the SQL injections and XSS in User:CSteipp/Training/VulnTagging_easy. See if you can find ways to still inject SQL and javascript.
<?php $wgHooks['ParserFirstCallInit'][] = 'wfVulntagging'; function wfVulntagging( &$parser ) { $parser->setHook( 'vtag', 'wfAddTags' ); return true; } function wfAddTags( $input, $argv, $parser ) { $articleId = $parser->getTitle()->getArticleID(); if ( isset( $argv['articleid'] ) ) { $articleId = mysql_real_escape_string( $argv['articleid'] ); } $dbr = wfGetDB( DB_SLAVE ); $res = $dbr->select( 'vulntags', array( 'vt_tid', 'vt_tag_text' ), array( "vt_article_id = $articleId" ), __METHOD__ ); $tags = array(); foreach ( $res as $tag ) { $otherpages = Linker::link( SpecialPage::getTitleFor( 'ArticlesWithTag', $tag->vt_tag_text ), $tag->vt_tag_text ); $tags[] = Html::rawElement( 'li', array( 'id'=>'vuln-tag-list', 'class'=>'tag-'.$tag->vt_tid ), $otherpages ); } $articleId = htmlspecialchars( $articleId ); return "<ul id='vuln-tag-list' class='tags-for-$articleId'>" . implode( "\n", $tags ) . "</ul>"; }