diff options
| -rw-r--r-- | RELEASE-NOTES | 19 | ||||
| -rw-r--r-- | config/index.php | 2 | ||||
| -rw-r--r-- | includes/DefaultSettings.php | 4 | ||||
| -rw-r--r-- | maintenance/storage/compressOld.inc | 4 | ||||
| -rw-r--r-- | skins/ArchLinux.deps.php | 3 | ||||
| -rw-r--r-- | skins/Chick.deps.php | 5 | ||||
| -rw-r--r-- | skins/MonoBook.deps.php | 5 | ||||
| -rw-r--r-- | skins/MySkin.deps.php | 5 | ||||
| -rw-r--r-- | skins/Simple.deps.php | 5 | ||||
| -rw-r--r-- | skins/common/sorttable.js | 3 | ||||
| -rw-r--r-- | skins/common/wikibits.js | 2 |
11 files changed, 45 insertions, 12 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 6c1a8626..77ae6c5f 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -3,6 +3,25 @@ Security reminder: MediaWiki does not require PHP's register_globals setting since version 1.2.0. If you have it on, turn it *off* if you can. +== MediaWiki 1.9.2 == + +February 4, 2007 + +This is a bug-fix update that fixes some installation and other minor +issues with the 1.9.1 release as well as a security issue which was +introduced in the 1.9 branch. + +JavaScript code which regenerated the "sortable tables" feature did +not properly sanitize input, leading to an HTML injection vulnerability. + +* (bug 8774) Fix path for GNU FDL rights icon on new installs +* (bug 8819) Fix full path disclosure with skins dependencies +* (bug 4268) Fixed data-loss bug in compressOld batch text compression + affecting pages which had null edits (move, protect, etc) as second + edit in a batch group. Isolated and patched by Travis Derouin. +* Security fix for sortable tables JavaScript + + == MediaWiki 1.9.1 == January 24, 2007 diff --git a/config/index.php b/config/index.php index 53e77d44..69394e69 100644 --- a/config/index.php +++ b/config/index.php @@ -551,7 +551,7 @@ if( $conf->License == "gfdl" ) { $conf->RightsUrl = "http://www.gnu.org/copyleft/fdl.html"; $conf->RightsText = "GNU Free Documentation License 1.2"; $conf->RightsCode = "gfdl"; - $conf->RightsIcon = '${wgStylePath}/common/images/gnu-fdl.png'; + $conf->RightsIcon = '${wgScriptPath}/skins/common/images/gnu-fdl.png'; } elseif( $conf->License == "none" ) { $conf->RightsUrl = $conf->RightsText = $conf->RightsCode = $conf->RightsIcon = ""; } else { diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 3790be87..df1b9d55 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -32,7 +32,7 @@ require_once( 'includes/SiteConfiguration.php' ); $wgConf = new SiteConfiguration; /** MediaWiki version number */ -$wgVersion = '1.9.1'; +$wgVersion = '1.9.2'; /** Name of the site. It must be changed in LocalSettings.php */ $wgSitename = 'MediaWiki'; @@ -1096,7 +1096,7 @@ $wgCacheEpoch = '20030516000000'; * to ensure that client-side caches don't keep obsolete copies of global * styles. */ -$wgStyleVersion = '42a'; +$wgStyleVersion = '42b'; # Server-side caching: diff --git a/maintenance/storage/compressOld.inc b/maintenance/storage/compressOld.inc index 3c426841..d38bb741 100644 --- a/maintenance/storage/compressOld.inc +++ b/maintenance/storage/compressOld.inc @@ -284,8 +284,8 @@ function compressWithConcat( $startId, $maxChunkSize, $maxChunkFactor, $factorTh # Store the stub objects for ( $j = 1; $j < $thisChunkSize; $j++ ) { - # Skip if not compressing - if ( $stubs[$j] !== false ) { + # Skip if not compressing and don't overwrite the first revision + if ( $stubs[$j] !== false && $revs[$i + $j]->rev_text_id != $primaryOldid ) { $dbw->update( 'text', array( /* SET */ 'old_text' => serialize($stubs[$j]), diff --git a/skins/ArchLinux.deps.php b/skins/ArchLinux.deps.php index 8a78ae6b..afc41392 100644 --- a/skins/ArchLinux.deps.php +++ b/skins/ArchLinux.deps.php @@ -5,5 +5,8 @@ // changed on a subsequent page view. // see http://mail.wikipedia.org/pipermail/wikitech-l/2006-January/033660.html +if ( ! defined( 'MEDIAWIKI' ) ) + die( 1 ); + require_once('includes/SkinTemplate.php'); ?>
\ No newline at end of file diff --git a/skins/Chick.deps.php b/skins/Chick.deps.php index 273ac18b..a178a791 100644 --- a/skins/Chick.deps.php +++ b/skins/Chick.deps.php @@ -5,6 +5,9 @@ // changed on a subsequent page view. // see http://mail.wikipedia.org/pipermail/wikitech-l/2006-January/033660.html +if ( ! defined( 'MEDIAWIKI' ) ) + die( 1 ); + require_once('includes/SkinTemplate.php'); require_once('MonoBook.php'); -?>
\ No newline at end of file +?> diff --git a/skins/MonoBook.deps.php b/skins/MonoBook.deps.php index 8a78ae6b..b054c840 100644 --- a/skins/MonoBook.deps.php +++ b/skins/MonoBook.deps.php @@ -5,5 +5,8 @@ // changed on a subsequent page view. // see http://mail.wikipedia.org/pipermail/wikitech-l/2006-January/033660.html +if ( ! defined( 'MEDIAWIKI' ) ) + die( 1 ); + require_once('includes/SkinTemplate.php'); -?>
\ No newline at end of file +?> diff --git a/skins/MySkin.deps.php b/skins/MySkin.deps.php index ea0455f2..ba00558b 100644 --- a/skins/MySkin.deps.php +++ b/skins/MySkin.deps.php @@ -5,6 +5,9 @@ // changed on a subsequent page view. // see http://mail.wikipedia.org/pipermail/wikitech-l/2006-January/033660.html +if ( ! defined( 'MEDIAWIKI' ) ) + die( 1 ); + require_once('includes/SkinTemplate.php'); require_once('MonoBook.php'); -?>
\ No newline at end of file +?> diff --git a/skins/Simple.deps.php b/skins/Simple.deps.php index ffc51557..369f6b00 100644 --- a/skins/Simple.deps.php +++ b/skins/Simple.deps.php @@ -5,6 +5,9 @@ // changed on a subsequent page view. // see http://mail.wikipedia.org/pipermail/wikitech-l/2006-January/033660.html +if ( ! defined( 'MEDIAWIKI' ) ) + die( 1 ); + require_once('includes/SkinTemplate.php'); require_once('MonoBook.php'); -?>
\ No newline at end of file +?> diff --git a/skins/common/sorttable.js b/skins/common/sorttable.js index 24877865..229b4c3a 100644 --- a/skins/common/sorttable.js +++ b/skins/common/sorttable.js @@ -55,9 +55,8 @@ function ts_makeSortable(table) { // We have a first row: assume it's the header, and make its contents clickable links for (var i=0;i<firstRow.cells.length;i++) { var cell = firstRow.cells[i]; - var txt = ts_getInnerText(cell); if (cell.className != "unsortable" && cell.className.indexOf("unsortable") == -1) { - cell.innerHTML = txt+' <a href="#" class="sortheader" onclick="ts_resortTable(this);return false;"><span class="sortarrow"><img src="'+ image_path + image_none + '" alt="↓"/></span></a>'; + cell.innerHTML += ' <a href="#" class="sortheader" onclick="ts_resortTable(this);return false;"><span class="sortarrow"><img src="'+ image_path + image_none + '" alt="↓"/></span></a>'; } } if (alternate_row_colors) { diff --git a/skins/common/wikibits.js b/skins/common/wikibits.js index afb1fa27..1e8e10ae 100644 --- a/skins/common/wikibits.js +++ b/skins/common/wikibits.js @@ -853,7 +853,7 @@ function getElementsByClassName(oElm, strTagName, oClassNames){ function sortableTables() { if (getElementsByClassName(document, "table", "sortable").length != 0) { - document.write('<script type="text/javascript" src="'+stylepath+'/common/sorttable.js"></script>'); + document.write('<script type="text/javascript" src="'+stylepath+'/common/sorttable.js?1"></script>'); } } |