Page MenuHomeMiraheze

Private configs are also exposed by DataDump
Closed, ResolvedPublic

Description

Kind of a follow up to T7213, but users with the generate-dump and view-dump permissions (by default these are given to Administrators) have the ability to dump all ManageWiki configuration, which includes private options. I've confirmed this on testwiki.

I recommend either reimplementing these private configuration options so that they have their own special page, or limiting managewiki backups to only be accessible to users with the managewiki right.

Event Timeline

Any objections to adding Universal Omega to this task? As he did resolve the other one, so he might be able to find a fix relatively quickly for this as well.

Reception123 claimed this task.
Reception123 changed the edit policy from "Custom Policy" to "All Users".
Reception123 changed the visibility from "Custom Policy" to "Public (No Login Required)".