From 9441dde8bfb95277df073717ed7817dced40f948 Mon Sep 17 00:00:00 2001
From: Pierre Schmitz <pierre@archlinux.de>
Date: Fri, 28 Mar 2014 05:41:12 +0100
Subject: Update to MediaWiki 1.22.5

---
 includes/DefaultSettings.php                |  2 +-
 includes/EditPage.php                       | 21 +++++++++++++++++++--
 includes/db/DatabaseMysqli.php              | 13 ++++++++++++-
 includes/specials/SpecialChangePassword.php | 16 ++++++++++++++++
 includes/templates/Userlogin.php            | 13 +++++++++++--
 5 files changed, 59 insertions(+), 6 deletions(-)

(limited to 'includes')

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 2aa5b09f..c0228282 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -63,7 +63,7 @@ $wgConf = new SiteConfiguration;
  * MediaWiki version number
  * @since 1.2
  */
-$wgVersion = '1.22.4';
+$wgVersion = '1.22.5';
 
 /**
  * Name of the site. It must be changed in LocalSettings.php
diff --git a/includes/EditPage.php b/includes/EditPage.php
index 530e2674..16d9a5a4 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -2049,10 +2049,27 @@ class EditPage {
 		}
 		# Try to add a custom edit intro, or use the standard one if this is not possible.
 		if ( !$this->showCustomIntro() && !$this->mTitle->exists() ) {
+			$helpLink = wfExpandUrl( Skin::makeInternalOrExternalUrl(
+				wfMessage( 'helppage' )->inContentLanguage()->text()
+			) );
 			if ( $wgUser->isLoggedIn() ) {
-				$wgOut->wrapWikiMsg( "<div class=\"mw-newarticletext\">\n$1\n</div>", 'newarticletext' );
+				$wgOut->wrapWikiMsg(
+					// Suppress the external link icon, consider the help url an internal one
+					"<div class=\"mw-newarticletext plainlinks\">\n$1\n</div>",
+					array(
+						'newarticletext',
+						$helpLink
+					)
+				);
 			} else {
-				$wgOut->wrapWikiMsg( "<div class=\"mw-newarticletextanon\">\n$1\n</div>", 'newarticletextanon' );
+				$wgOut->wrapWikiMsg(
+					// Suppress the external link icon, consider the help url an internal one
+					"<div class=\"mw-newarticletextanon plainlinks\">\n$1\n</div>",
+					array(
+						'newarticletextanon',
+						$helpLink
+					)
+				);
 			}
 		}
 		# Give a notice if the user is editing a deleted/moved page...
diff --git a/includes/db/DatabaseMysqli.php b/includes/db/DatabaseMysqli.php
index 7761abe9..0ec54314 100644
--- a/includes/db/DatabaseMysqli.php
+++ b/includes/db/DatabaseMysqli.php
@@ -51,6 +51,17 @@ class DatabaseMysqli extends DatabaseMysqlBase {
 				. " have you compiled PHP with the --with-mysqli option?\n" );
 		}
 
+		// Other than mysql_connect, mysqli_real_connect expects an explicit port
+		// parameter. So we need to parse the port out of $realServer
+		$port = null;
+		$hostAndPort = IP::splitHostAndPort( $realServer );
+		if ( $hostAndPort ) {
+			$realServer = $hostAndPort[0];
+			if ( $hostAndPort[1] ) {
+				$port = $hostAndPort[1];
+			}
+		}
+
 		$connFlags = 0;
 		if ( $this->mFlags & DBO_SSL ) {
 			$connFlags |= MYSQLI_CLIENT_SSL;
@@ -70,7 +81,7 @@ class DatabaseMysqli extends DatabaseMysqlBase {
 				usleep( 1000 );
 			}
 			if ( $mysqli->real_connect( $realServer, $this->mUser,
-				$this->mPassword, $this->mDBname, null, null, $connFlags ) )
+				$this->mPassword, $this->mDBname, $port, null, $connFlags ) )
 			{
 				return $mysqli;
 			}
diff --git a/includes/specials/SpecialChangePassword.php b/includes/specials/SpecialChangePassword.php
index c54b5575..a75e7e83 100644
--- a/includes/specials/SpecialChangePassword.php
+++ b/includes/specials/SpecialChangePassword.php
@@ -52,6 +52,11 @@ class SpecialChangePassword extends UnlistedSpecialPage {
 		$this->mDomain = $request->getVal( 'wpDomain' );
 
 		$user = $this->getUser();
+
+		if ( !$user->isLoggedIn() && !LoginForm::getLoginToken() ) {
+			LoginForm::setLoginToken();
+		}
+
 		if ( !$request->wasPosted() && !$user->isLoggedIn() ) {
 			$this->error( $this->msg( 'resetpass-no-info' )->text() );
 
@@ -81,6 +86,14 @@ class SpecialChangePassword extends UnlistedSpecialPage {
 					return;
 				}
 
+				if ( !$user->isLoggedIn()
+					&& $request->getVal( 'wpLoginOnChangeToken' ) !== LoginForm::getLoginToken()
+				) {
+					// Potential CSRF (bug 62497)
+					$this->error( $this->msg( 'sessionfailure' )->text() );
+					return false;
+				}
+
 				$this->attemptReset( $this->mNewpass, $this->mRetype );
 
 				if ( $user->isLoggedIn() ) {
@@ -157,6 +170,9 @@ class SpecialChangePassword extends UnlistedSpecialPage {
 			'wpName' => $this->mUserName,
 			'wpDomain' => $this->mDomain,
 		) + $this->getRequest()->getValues( 'returnto', 'returntoquery' );
+		if ( !$user->isLoggedIn() ) {
+			$hiddenFields['wpLoginOnChangeToken'] = LoginForm::getLoginToken();
+		}
 		$hiddenFieldsStr = '';
 		foreach ( $hiddenFields as $fieldname => $fieldvalue ) {
 			$hiddenFieldsStr .= Html::hidden( $fieldname, $fieldvalue ) . "\n";
diff --git a/includes/templates/Userlogin.php b/includes/templates/Userlogin.php
index 5eb60948..9aedd3c7 100644
--- a/includes/templates/Userlogin.php
+++ b/includes/templates/Userlogin.php
@@ -154,9 +154,18 @@ class UserloginTemplate extends BaseTemplate {
 				) );
 				?>
 			</div>
-
 			<div id="mw-userlogin-help">
-				<?php echo $this->getMsg( 'userlogin-helplink' )->parse(); ?>
+				<?php
+				echo Html::element(
+					'a',
+					array(
+						'href' => Skin::makeInternalOrExternalUrl(
+							wfMessage( 'helplogin-url' )->inContentLanguage()->text()
+						),
+					),
+					$this->getMsg( 'userlogin-helplink2' )->text()
+				);
+				?>
 			</div>
 			<?php if ( $this->haveData( 'createOrLoginHref' ) ) { ?>
 				<?php if ( $this->data['loggedin'] ) { ?>
-- 
cgit v1.2.2