summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
authorPierre Schmitz <pierre@archlinux.de>2012-09-02 15:19:34 +0200
committerPierre Schmitz <pierre@archlinux.de>2012-09-02 15:19:34 +0200
commit9498a3d2852ace0f4ee23598f542dbce3fd2ec28 (patch)
tree5aeced25a9fc09f93682788259f5c7d6d248634d /includes
parent588cc40aeec0165400421ef9612e81b6d2c7b936 (diff)
Update to MediaWiki 1.19.2
Diffstat (limited to 'includes')
-rw-r--r--includes/AuthPlugin.php9
-rw-r--r--includes/DefaultSettings.php14
-rw-r--r--includes/Linker.php24
-rw-r--r--includes/User.php5
-rw-r--r--includes/api/ApiFormatBase.php6
-rw-r--r--includes/db/Database.php4
-rw-r--r--includes/installer/OracleUpdater.php24
-rw-r--r--includes/specials/SpecialBlock.php8
-rw-r--r--includes/specials/SpecialUserlogin.php6
9 files changed, 81 insertions, 19 deletions
diff --git a/includes/AuthPlugin.php b/includes/AuthPlugin.php
index 2fdba797..e8bab859 100644
--- a/includes/AuthPlugin.php
+++ b/includes/AuthPlugin.php
@@ -157,6 +157,15 @@ class AuthPlugin {
}
/**
+ * Should MediaWiki store passwords in its local database?
+ *
+ * @return bool
+ */
+ public function allowSetLocalPassword() {
+ return true;
+ }
+
+ /**
* Set the given password in the authentication database.
* As a special case, the password may be set to null to request
* locking the password to an unusable value, with the expectation
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 1034ea2e..acd89bde 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -33,7 +33,7 @@ $wgConf = new SiteConfiguration;
/** @endcond */
/** MediaWiki version number */
-$wgVersion = '1.19.1';
+$wgVersion = '1.19.2';
/** Name of the site. It must be changed in LocalSettings.php */
$wgSitename = 'MediaWiki';
@@ -2420,6 +2420,18 @@ $wgBreakFrames = false;
$wgEditPageFrameOptions = 'DENY';
/**
+ * Disallow framing of API pages directly, by setting the X-Frame-Options
+ * header. Since the API returns CSRF tokens, allowing the results to be
+ * framed can compromise your user's account security.
+ * Options are:
+ * - 'DENY': Do not allow framing. This is recommended for most wikis.
+ * - 'SAMEORIGIN': Allow framing by pages on the same domain.
+ * - false: Allow all framing.
+ */
+
+$wgApiFrameOptions = 'DENY';
+
+/**
* Disable output compression (enabled by default if zlib is available)
*/
$wgDisableOutputCompression = false;
diff --git a/includes/Linker.php b/includes/Linker.php
index 3691d040..0b813ac0 100644
--- a/includes/Linker.php
+++ b/includes/Linker.php
@@ -768,31 +768,31 @@ class Linker {
* Make a "broken" link to an image
*
* @param $title Title object
- * @param $html String: link label in htmlescaped text form
+ * @param $label String: link label (plain text)
* @param $query String: query string
- * @param $trail String: link trail (HTML fragment)
- * @param $prefix String: link prefix (HTML fragment)
+ * @param $unused1 Unused parameter kept for b/c
+ * @param $unused2 Unused parameter kept for b/c
* @param $time Boolean: a file of a certain timestamp was requested
* @return String
*/
- public static function makeBrokenImageLinkObj( $title, $html = '', $query = '', $trail = '', $prefix = '', $time = false ) {
+ public static function makeBrokenImageLinkObj( $title, $label = '', $query = '', $unused1 = '', $unused2 = '', $time = false ) {
global $wgEnableUploads, $wgUploadMissingFileUrl, $wgUploadNavigationUrl;
if ( ! $title instanceof Title ) {
- return "<!-- ERROR -->{$prefix}{$html}{$trail}";
+ return "<!-- ERROR -->" . htmlspecialchars( $label );
}
wfProfileIn( __METHOD__ );
+ if ( $label == '' ) {
+ $label = $title->getPrefixedText();
+ }
+ $encLabel = htmlspecialchars( $label );
$currentExists = $time ? ( wfFindFile( $title ) != false ) : false;
- list( $inside, $trail ) = self::splitTrail( $trail );
- if ( $html == '' )
- $html = htmlspecialchars( $title->getPrefixedText() );
-
if ( ( $wgUploadMissingFileUrl || $wgUploadNavigationUrl || $wgEnableUploads ) && !$currentExists ) {
$redir = RepoGroup::singleton()->getLocalRepo()->checkRedirect( $title );
if ( $redir ) {
wfProfileOut( __METHOD__ );
- return self::linkKnown( $title, "$prefix$html$inside", array(), $query ) . $trail;
+ return self::linkKnown( $title, $encLabel, array(), wfCgiToArray( $query ) );
}
$href = self::getUploadUrl( $title, $query );
@@ -800,10 +800,10 @@ class Linker {
wfProfileOut( __METHOD__ );
return '<a href="' . htmlspecialchars( $href ) . '" class="new" title="' .
htmlspecialchars( $title->getPrefixedText(), ENT_QUOTES ) . '">' .
- "$prefix$html$inside</a>$trail";
+ $encLabel . '</a>';
} else {
wfProfileOut( __METHOD__ );
- return self::linkKnown( $title, "$prefix$html$inside", array(), $query ) . $trail;
+ return self::linkKnown( $title, $encLabel, array(), wfCgiToArray( $query ) );
}
}
diff --git a/includes/User.php b/includes/User.php
index cfba748f..1529da1e 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -2812,11 +2812,16 @@ class User {
* @todo Only rarely do all these fields need to be set!
*/
public function saveSettings() {
+ global $wgAuth;
+
$this->load();
if ( wfReadOnly() ) { return; }
if ( 0 == $this->mId ) { return; }
$this->mTouched = self::newTouchedTimestamp();
+ if ( !$wgAuth->allowSetLocalPassword() ) {
+ $this->mPassword = '';
+ }
$dbw = wfGetDB( DB_MASTER );
$dbw->update( 'user',
diff --git a/includes/api/ApiFormatBase.php b/includes/api/ApiFormatBase.php
index 543c90ce..1eee717a 100644
--- a/includes/api/ApiFormatBase.php
+++ b/includes/api/ApiFormatBase.php
@@ -143,6 +143,12 @@ abstract class ApiFormatBase extends ApiBase {
$this->getMain()->getRequest()->response()->header( "Content-Type: $mime; charset=utf-8" );
+ //Set X-Frame-Options API results (bug 39180)
+ global $wgApiFrameOptions;
+ if ( $wgApiFrameOptions ) {
+ $this->getMain()->getRequest()->response()->header( "X-Frame-Options: $wgApiFrameOptions" );
+ }
+
if ( $isHtml ) {
?>
<!DOCTYPE HTML>
diff --git a/includes/db/Database.php b/includes/db/Database.php
index 9d517e4a..f3e84675 100644
--- a/includes/db/Database.php
+++ b/includes/db/Database.php
@@ -1973,7 +1973,9 @@ abstract class DatabaseBase implements DatabaseType {
# Quote the $database and $table and apply the prefix if not quoted.
if ( isset( $database ) ) {
- $database = ( $format == 'quoted' || $this->isQuotedIdentifier( $database ) ? $database : $this->addIdentifierQuotes( $database ) );
+ if ( $format == 'quoted' && !$this->isQuotedIdentifier( $database ) ) {
+ $database = $this->addIdentifierQuotes( $database );
+ }
}
$table = "{$prefix}{$table}";
diff --git a/includes/installer/OracleUpdater.php b/includes/installer/OracleUpdater.php
index c4c52ee2..93c2726b 100644
--- a/includes/installer/OracleUpdater.php
+++ b/includes/installer/OracleUpdater.php
@@ -40,17 +40,16 @@ class OracleUpdater extends DatabaseUpdater {
//1.19
array( 'addIndex', 'logging', 'i05', 'patch-logging_type_action_index.sql'),
- array( 'addTable', 'globaltemplatelinks', 'patch-globaltemplatelinks.sql' ),
- array( 'addTable', 'globalnamespaces', 'patch-globalnamespaces.sql' ),
- array( 'addTable', 'globalinterwiki', 'patch-globalinterwiki.sql' ),
array( 'addField', 'revision', 'rev_sha1', 'patch-rev_sha1_field.sql' ),
array( 'addField', 'archive', 'ar_sha1', 'patch-ar_sha1_field.sql' ),
array( 'doRemoveNotNullEmptyDefaults2' ),
array( 'addIndex', 'page', 'i03', 'patch-page_redirect_namespace_len.sql' ),
- array( 'modifyField', 'user', 'ug_group', 'patch-ug_group-length-increase.sql' ),
+ array( 'modifyField', 'user_groups', 'ug_group', 'patch-ug_group-length-increase.sql' ),
array( 'addField', 'uploadstash', 'us_chunk_inx', 'patch-us_chunk_inx_field.sql' ),
array( 'addField', 'job', 'job_timestamp', 'patch-job_timestamp_field.sql' ),
array( 'addIndex', 'job', 'i02', 'patch-job_timestamp_index.sql' ),
+ array( 'doPageRestrictionsPKUKFix' ),
+ array( 'modifyField', 'user_former_groups', 'ufg_group', 'patch-ufg_group-length-increase.sql' ),
// KEEP THIS AT THE BOTTOM!!
array( 'doRebuildDuplicateFunction' ),
@@ -180,6 +179,23 @@ class OracleUpdater extends DatabaseUpdater {
}
/**
+ * Fixed wrong PK, UK definition
+ */
+ protected function doPageRestrictionsPKUKFix() {
+ $this->output( "Altering PAGE_RESTRICTIONS keys ... " );
+
+ $meta = $this->db->query( 'SELECT column_name FROM all_cons_columns WHERE owner = \''.strtoupper($this->db->getDBname()).'\' AND constraint_name = \'MW_PAGE_RESTRICTIONS_PK\' AND rownum = 1' );
+ $row = $meta->fetchRow();
+ if ( $row['column_name'] == 'PR_ID' ) {
+ $this->output( "seems to be up to date.\n" );
+ return;
+ }
+
+ $this->applyPatch( 'patch-page_restrictions_pkuk_fix.sql', false );
+ $this->output( "ok\n" );
+ }
+
+ /**
* rebuilding of the function that duplicates tables for tests
*/
protected function doRebuildDuplicateFunction() {
diff --git a/includes/specials/SpecialBlock.php b/includes/specials/SpecialBlock.php
index 7d93cc75..da8eed1b 100644
--- a/includes/specials/SpecialBlock.php
+++ b/includes/specials/SpecialBlock.php
@@ -257,7 +257,13 @@ class SpecialBlock extends FormSpecialPage {
$fields['DisableUTEdit']['default'] = $block->prevents( 'editownusertalk' );
}
- $fields['Reason']['default'] = $block->mReason;
+ // If the username was hidden (ipb_deleted == 1), don't show the reason
+ // unless this user also has rights to hideuser: Bug 35839
+ if ( !$block->mHideName || $this->getUser()->isAllowed( 'hideuser' ) ) {
+ $fields['Reason']['default'] = $block->mReason;
+ } else {
+ $fields['Reason']['default'] = '';
+ }
if( $this->getRequest()->wasPosted() ){
# Ok, so we got a POST submission asking us to reblock a user. So show the
diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index 13ea5def..764ff401 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -326,6 +326,12 @@ class LoginForm extends SpecialPage {
return false;
}
+ # Include checks that will include GlobalBlocking (Bug 38333)
+ $permErrors = $this->getTitle()->getUserPermissionsErrors( 'createaccount', $currentUser, true );
+ if ( count( $permErrors ) ) {
+ throw new PermissionsError( 'createaccount', $permErrors );
+ }
+
$ip = $this->getRequest()->getIP();
if ( $currentUser->isDnsBlacklisted( $ip, true /* check $wgProxyWhitelist */ ) ) {
$this->mainLoginForm( $this->msg( 'sorbs_create_account_reason' )->text() . ' (' . htmlspecialchars( $ip ) . ')' );