From 81be3ba123fa26c29ab157288530ffaec9d0930f Mon Sep 17 00:00:00 2001
From: Pierre Schmitz <pierre@archlinux.de>
Date: Thu, 22 Mar 2012 21:04:56 +0100
Subject: Update to MediaWiki 1.18.2

---
 includes/installer/Installer.php       | 29 +++++++++--------------------
 includes/installer/OracleInstaller.php |  4 +++-
 2 files changed, 12 insertions(+), 21 deletions(-)

(limited to 'includes/installer')

diff --git a/includes/installer/Installer.php b/includes/installer/Installer.php
index ef484a8f..dc31dfea 100644
--- a/includes/installer/Installer.php
+++ b/includes/installer/Installer.php
@@ -1347,8 +1347,7 @@ abstract class Installer {
 	}
 
 	/**
-	 * Generate $wgSecretKey. Will warn if we had to use mt_rand() instead of
-	 * /dev/urandom
+	 * Generate $wgSecretKey. Will warn if we had to use an insecure random source.
 	 *
 	 * @return Status
 	 */
@@ -1361,8 +1360,8 @@ abstract class Installer {
 	}
 
 	/**
-	 * Generate a secret value for variables using either
-	 * /dev/urandom or mt_rand(). Produce a warning in the later case.
+	 * Generate a secret value for variables using our CryptRand generator.
+	 * Produce a warning if the random source was insecure.
 	 *
 	 * @param $keys Array
 	 * @return Status
@@ -1370,28 +1369,18 @@ abstract class Installer {
 	protected function doGenerateKeys( $keys ) {
 		$status = Status::newGood();
 
-		wfSuppressWarnings();
-		$file = fopen( "/dev/urandom", "r" );
-		wfRestoreWarnings();
-
+		$strong = true;
 		foreach ( $keys as $name => $length ) {
-			if ( $file ) {
-					$secretKey = bin2hex( fread( $file, $length / 2 ) );
-			} else {
-				$secretKey = '';
-
-				for ( $i = 0; $i < $length / 8; $i++ ) {
-					$secretKey .= dechex( mt_rand( 0, 0x7fffffff ) );
-				}
+			$secretKey = MWCryptRand::generateHex( $length, true );
+			if ( !MWCryptRand::wasStrong() ) {
+				$strong = false;
 			}
 
 			$this->setVar( $name, $secretKey );
 		}
 
-		if ( $file ) {
-			fclose( $file );
-		} else {
-			$names = array_keys ( $keys );
+		if ( !$strong ) {
+			$names = array_keys( $keys );
 			$names = preg_replace( '/^(.*)$/', '\$$1', $names );
 			global $wgLang;
 			$status->warning( 'config-insecure-keys', $wgLang->listToText( $names ), count( $names ) );
diff --git a/includes/installer/OracleInstaller.php b/includes/installer/OracleInstaller.php
index 175baf0b..a8015832 100644
--- a/includes/installer/OracleInstaller.php
+++ b/includes/installer/OracleInstaller.php
@@ -226,6 +226,8 @@ class OracleInstaller extends DatabaseInstaller {
 			// user created or already existing, switching back to a normal connection
 			// as the new user has all needed privileges to setup the rest of the schema
 			// i will be using that user as _InstallUser from this point on
+			$this->db->close();
+			$this->db = false;
 			$this->parent->setVar( '_InstallUser', $this->getVar( 'wgDBuser' ) );
 			$this->parent->setVar( '_InstallPassword', $this->getVar( 'wgDBpassword' ) );
 			$this->parent->setVar( '_InstallDBname', $this->getVar( 'wgDBuser' ) );
@@ -240,8 +242,8 @@ class OracleInstaller extends DatabaseInstaller {
 	 */
 	public function createTables() {
 		$this->setupSchemaVars();
-		$this->db->selectDB( $this->getVar( 'wgDBuser' ) );
 		$this->db->setFlag( DBO_DDLMODE );
+		$this->parent->setVar( 'wgDBname', $this->getVar( 'wgDBuser' ) );
 		$status = parent::createTables();
 		$this->db->clearFlag( DBO_DDLMODE );
 
-- 
cgit v1.2.2