Page MenuHomeMiraheze

Extension review: Avatar
Closed, DeclinedPublic

Event Timeline

Zppix triaged this task as Normal priority.Oct 10 2019, 14:48
Zppix created this task.

I would advise against this extension.

It creates its own web entry point, extensions/Avatar/avatar.php, as well as a custom file-upload process. Both of these things are a security risk. I'm not saying that there's any particular vulnerability with either of them (I haven't looked). There are other, more secure and well-known, ways of doing what it's trying to do.

@Zppix could you explain a bit more of what you're trying to do with this extension? It looks like displaying a user avatar on profile pages and user links could be done via a gadget and some file naming conventions. Are there other aspects of this extension that you need?

AmandaCath added a subscriber: AmandaCath.

Security review declined per above. Pending answer from task author.

@Aunst see Sam’s message above as requester

Oh, ok, I think my wiki not must to have a avatar system.

Thanks a lot.