summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPierre Schmitz <pierre@archlinux.de>2009-07-13 21:58:36 +0200
committerPierre Schmitz <pierre@archlinux.de>2009-07-13 21:58:36 +0200
commit5260ea4fce50f1426d9546efc2e8c3b0a62e642c (patch)
treef921b260e5bf9f96dfc8504cf920eaa5347f3f53
parent9f38be46358e62f33ae2c556269a0223963edc26 (diff)
upgrade to 1.15.1 (security fix)
-rw-r--r--RELEASE-NOTES14
-rw-r--r--includes/DefaultSettings.php4
-rw-r--r--includes/filerepo/FileRepo.php45
-rw-r--r--includes/filerepo/LocalRepo.php49
-rw-r--r--includes/specials/SpecialBlockip.php2
-rw-r--r--includes/specials/SpecialPreferences.php2
-rw-r--r--maintenance/postgres/tables.sql2
-rw-r--r--maintenance/updaters.inc2
8 files changed, 70 insertions, 50 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index f6d2523e..903d0d81 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -3,11 +3,11 @@
Security reminder: MediaWiki does not require PHP's register_globals
setting since version 1.2.0. If you have it on, turn it *off* if you can.
-== MediaWiki 1.15.0 ==
+== MediaWiki 1.15.1 ==
-2009-06-10
+July 14, 2009
-This is a stable release of the the 2009 Q2 branch of MediaWiki.
+This is a security and bugfix release of the the 2009 Q2 branch of MediaWiki.
MediaWiki is now using a "continuous integration" development model with
quarterly snapshot releases. The latest development code is always kept
@@ -20,6 +20,14 @@ will be made on the development trunk and appear in the next quarterly release.
Those wishing to use the latest code instead of a branch release can obtain
it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
+=== Changes since 1.15.0 ===
+
+* Fixed fatal errors for unusual file repository configurations, such as
+ ForeignAPIRepo.
+* Fixed the "change password" link on Special:Preferences to have the correct
+ returnto parameter.
+* (bug 19693) Fixed cross-site scripting vulnerability in Special:Block
+
=== Changes since 1.15.0rc1 ===
* Removed category redirect feature, implementation was incomplete.
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 19878f76..136817bf 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -33,7 +33,7 @@ if ( !defined( 'MW_PHP4' ) ) {
}
/** MediaWiki version number */
-$wgVersion = '1.15.0';
+$wgVersion = '1.15.1';
/** Name of the site. It must be changed in LocalSettings.php */
$wgSitename = 'MediaWiki';
@@ -2561,7 +2561,7 @@ $wgAutoloadClasses = array();
* $wgExtensionCredits[$type][] = array(
* 'name' => 'Example extension',
* 'version' => 1.9,
- * 'svn-revision' => '$LastChangedRevision: 51678 $',
+ * 'svn-revision' => '$LastChangedRevision: 53179 $',
* 'author' => 'Foo Barstein',
* 'url' => 'http://wwww.example.com/Example%20Extension/',
* 'description' => 'An example extension',
diff --git a/includes/filerepo/FileRepo.php b/includes/filerepo/FileRepo.php
index face1614..c9d34377 100644
--- a/includes/filerepo/FileRepo.php
+++ b/includes/filerepo/FileRepo.php
@@ -517,47 +517,14 @@ abstract class FileRepo {
function cleanupDeletedBatch( $storageKeys ) {}
/**
- * Checks if there is a redirect named as $title
+ * Checks if there is a redirect named as $title. If there is, return the
+ * title object. If not, return false.
+ * STUB
*
* @param Title $title Title of image
*/
function checkRedirect( $title ) {
- global $wgMemc;
-
- if( is_string( $title ) ) {
- $title = Title::newFromTitle( $title );
- }
- if( $title instanceof Title && $title->getNamespace() == NS_MEDIA ) {
- $title = Title::makeTitle( NS_FILE, $title->getText() );
- }
-
- $memcKey = $this->getMemcKey( "image_redirect:" . md5( $title->getPrefixedDBkey() ) );
- $cachedValue = $wgMemc->get( $memcKey );
- if( $cachedValue ) {
- return Title::newFromDbKey( $cachedValue );
- } elseif( $cachedValue == ' ' ) { # FIXME: ugly hack, but BagOStuff caching seems to be weird and return false if !cachedValue, not only if it doesn't exist
- return false;
- }
-
- $id = $this->getArticleID( $title );
- if( !$id ) {
- $wgMemc->set( $memcKey, " ", 9000 );
- return false;
- }
- $dbr = $this->getSlaveDB();
- $row = $dbr->selectRow(
- 'redirect',
- array( 'rd_title', 'rd_namespace' ),
- array( 'rd_from' => $id ),
- __METHOD__
- );
-
- if( $row ) $targetTitle = Title::makeTitle( $row->rd_namespace, $row->rd_title );
- $wgMemc->set( $memcKey, ($row ? $targetTitle->getPrefixedDBkey() : " "), 9000 );
- if( !$row ) {
- return false;
- }
- return $targetTitle;
+ return false;
}
/**
@@ -598,4 +565,8 @@ abstract class FileRepo {
function getMasterDB() {
return wfGetDB( DB_MASTER );
}
+
+ function getMemcKey( $key ) {
+ return wfWikiID( $this->getSlaveDB() ) . ":{$key}";
+ }
}
diff --git a/includes/filerepo/LocalRepo.php b/includes/filerepo/LocalRepo.php
index 1ec1b9a6..c679dd98 100644
--- a/includes/filerepo/LocalRepo.php
+++ b/includes/filerepo/LocalRepo.php
@@ -10,10 +10,6 @@ class LocalRepo extends FSRepo {
var $fileFromRowFactory = array( 'LocalFile', 'newFromRow' );
var $oldFileFromRowFactory = array( 'OldLocalFile', 'newFromRow' );
- function getMemcKey( $key ) {
- return wfWikiID( $this->getSlaveDB() ) . ":{$key}";
- }
-
function newFileFromRow( $row ) {
if ( isset( $row->img_name ) ) {
return call_user_func( $this->fileFromRowFactory, $row, $this );
@@ -71,6 +67,51 @@ class LocalRepo extends FSRepo {
}
return $status;
}
+
+ /**
+ * Checks if there is a redirect named as $title
+ *
+ * @param Title $title Title of image
+ */
+ function checkRedirect( $title ) {
+ global $wgMemc;
+
+ if( is_string( $title ) ) {
+ $title = Title::newFromTitle( $title );
+ }
+ if( $title instanceof Title && $title->getNamespace() == NS_MEDIA ) {
+ $title = Title::makeTitle( NS_FILE, $title->getText() );
+ }
+
+ $memcKey = $this->getMemcKey( "image_redirect:" . md5( $title->getPrefixedDBkey() ) );
+ $cachedValue = $wgMemc->get( $memcKey );
+ if( $cachedValue ) {
+ return Title::newFromDbKey( $cachedValue );
+ } elseif( $cachedValue == ' ' ) { # FIXME: ugly hack, but BagOStuff caching seems to be weird and return false if !cachedValue, not only if it doesn't exist
+ return false;
+ }
+
+ $id = $this->getArticleID( $title );
+ if( !$id ) {
+ $wgMemc->set( $memcKey, " ", 9000 );
+ return false;
+ }
+ $dbr = $this->getSlaveDB();
+ $row = $dbr->selectRow(
+ 'redirect',
+ array( 'rd_title', 'rd_namespace' ),
+ array( 'rd_from' => $id ),
+ __METHOD__
+ );
+
+ if( $row ) $targetTitle = Title::makeTitle( $row->rd_namespace, $row->rd_title );
+ $wgMemc->set( $memcKey, ($row ? $targetTitle->getPrefixedDBkey() : " "), 9000 );
+ if( !$row ) {
+ return false;
+ }
+ return $targetTitle;
+ }
+
/**
* Function link Title::getArticleID().
diff --git a/includes/specials/SpecialBlockip.php b/includes/specials/SpecialBlockip.php
index 0efaedf1..f002e570 100644
--- a/includes/specials/SpecialBlockip.php
+++ b/includes/specials/SpecialBlockip.php
@@ -632,7 +632,7 @@ class IPBlockForm {
*/
private function getContribsLink( $skin ) {
$contribsPage = SpecialPage::getTitleFor( 'Contributions', $this->BlockAddress );
- return $skin->link( $contribsPage, wfMsgHtml( 'ipb-blocklist-contribs', $this->BlockAddress ) );
+ return $skin->link( $contribsPage, wfMsgExt( 'ipb-blocklist-contribs', 'escape', $this->BlockAddress ) );
}
/**
diff --git a/includes/specials/SpecialPreferences.php b/includes/specials/SpecialPreferences.php
index f4a42ef4..49c4f4e0 100644
--- a/includes/specials/SpecialPreferences.php
+++ b/includes/specials/SpecialPreferences.php
@@ -813,7 +813,7 @@ class PreferencesForm {
# Password
if( $wgAuth->allowPasswordChange() ) {
$link = $wgUser->getSkin()->link( SpecialPage::getTitleFor( 'ResetPass' ), wfMsgHtml( 'prefs-resetpass' ),
- array() , array('returnto' => SpecialPage::getTitleFor( 'Preferences') ) );
+ array() , array( 'returnto' => SpecialPage::getTitleFor( 'Preferences' )->getPrefixedText() ) );
$wgOut->addHTML(
$this->tableRow( Xml::element( 'h2', null, wfMsg( 'changepassword' ) ) ) .
$this->tableRow( '<ul><li>' . $link . '</li></ul>' ) );
diff --git a/maintenance/postgres/tables.sql b/maintenance/postgres/tables.sql
index e8d5eb77..23e8b596 100644
--- a/maintenance/postgres/tables.sql
+++ b/maintenance/postgres/tables.sql
@@ -599,5 +599,5 @@ CREATE TABLE mediawiki_version (
);
INSERT INTO mediawiki_version (type,mw_version,sql_version,sql_date)
- VALUES ('Creation','??','$LastChangedRevision: 48615 $','$LastChangedDate: 2009-03-19 20:15:41 -0500 (Thu, 19 Mar 2009) $');
+ VALUES ('Creation','??','$LastChangedRevision: 48615 $','$LastChangedDate: 2009-03-20 12:15:41 +1100 (Fri, 20 Mar 2009) $');
diff --git a/maintenance/updaters.inc b/maintenance/updaters.inc
index 71a0fe84..edef1fdc 100644
--- a/maintenance/updaters.inc
+++ b/maintenance/updaters.inc
@@ -1814,7 +1814,7 @@ function do_postgres_updates() {
'mw_version' => $wgVersion,
'pg_version' => $version,
'sql_version' => '$LastChangedRevision: 51640 $',
- 'sql_date' => '$LastChangedDate: 2009-06-09 07:58:05 -0500 (Tue, 09 Jun 2009) $',
+ 'sql_date' => '$LastChangedDate: 2009-06-09 22:58:05 +1000 (Tue, 09 Jun 2009) $',
) );
return;
}