Description
Description
Status | Assigned | Task | ||
---|---|---|---|---|
Invalid | None | T4612 Add some extensions on "mcspringfieldserver.miraheze.org" | ||
Declined | None | T4788 Extension review: Avatar |
Event Timeline
Comment Actions
I would advise against this extension.
It creates its own web entry point, extensions/Avatar/avatar.php, as well as a custom file-upload process. Both of these things are a security risk. I'm not saying that there's any particular vulnerability with either of them (I haven't looked). There are other, more secure and well-known, ways of doing what it's trying to do.
@Zppix could you explain a bit more of what you're trying to do with this extension? It looks like displaying a user avatar on profile pages and user links could be done via a gadget and some file naming conventions. Are there other aspects of this extension that you need?