Page MenuHomeMiraheze
Create Task
Maniphest T6625

Sitemap is leaking page titles of private wikis
Closed, ResolvedPublic
Actions

Description

Steps to reproduce:

  1. Visit a private wiki's robots.txt page.
  2. Look for Sitemap: https://static.miraheze.org/sitemaps/WIKI URL/sitemap.xml.
  3. Go to that URL.
  4. Grab any xml file, and unzip it.
  5. Open the XML file.

What you expect: Nothing.

What happens: I can browse title of all existing pages, across namespaces.

Event Timeline

revi created this task.Dec 21 2020, 18:44
Herald added subscribers: Unknown Object (User), RhinosF1, Reception123. · View Herald TranscriptDec 21 2020, 18:44
revi moved this task from Incoming to Radar on the revi board.Dec 21 2020, 18:45
Paladox added a project: Site Reliability Engineering.Dec 21 2020, 18:54
revi added a comment.Dec 21 2020, 18:54

I ended up downloading r4356thwiki and conductwiki's NS 0 xml pages, but I certify that I deleted those pages after verifying the bug.

Reception123 added a comment.Dec 21 2020, 18:55

@revi Thanks for the report! Paladox will be removing the entire sitemaps folder as a temporary measure.

RhinosF1 added a comment.Dec 21 2020, 18:55

https://github.com/miraheze/MirahezeMagic/blob/master/maintenance/generateMirahezeSitemap.php#L40

RhinosF1 added a comment.EditedDec 21 2020, 22:40

Note to self: Google has 939 sitemaps prior to us breaking all the urls. 1335 are in the new file.

Paladox closed this task as Resolved.Dec 21 2020, 23:01
Paladox claimed this task.
Paladox subscribed.

This should be resolved now.

Paladox changed the visibility from "Custom Policy" to "Public (No Login Required)".Dec 21 2020, 23:02
Paladox changed the edit policy from "Custom Policy" to "All Users".