From a2bbd243c85ea0e425ee3e8c380aba9f254cee61 Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Mon, 18 Apr 2016 21:41:27 +0000 Subject: Add note about yahoo mail delivery problems https://bugs.archlinux.org/task/48628 Signed-off-by: Florian Pritz --- includes/templates/Usercreate.php | 1 + 1 file changed, 1 insertion(+) diff --git a/includes/templates/Usercreate.php b/includes/templates/Usercreate.php index a39690a7..84695e1f 100644 --- a/includes/templates/Usercreate.php +++ b/includes/templates/Usercreate.php @@ -164,6 +164,7 @@ class UsercreateTemplate extends BaseTemplate { ); ?> +

Note: We are currently experiencing delivery issues to Yahoo. Please do not use a Yahoo email account to sign up.

data['email'], 'email', array( 'class' => 'mw-ui-input loginText', -- cgit v1.2.3-54-g00ecf From 7bf2eb8ba09b54cec804446ea39a3e658773fac9 Mon Sep 17 00:00:00 2001 From: Pierre Schmitz Date: Sat, 21 May 2016 08:33:14 +0200 Subject: Update to MediaWiki 1.26.3 --- README.mediawiki | 1 - RELEASE-NOTES-1.26 | 28 ++++++++++ docs/hooks.txt | 6 ++ .../SyntaxHighlight_GeSHi.class.php | 5 +- .../SyntaxHighlight_GeSHi/tests/parserTests.txt | 9 +++ includes/DefaultSettings.php | 16 ++++-- includes/Defines.php | 6 ++ includes/GlobalFunctions.php | 8 +++ includes/Import.php | 18 ++++-- includes/Linker.php | 11 +++- includes/MediaWiki.php | 13 ++++- includes/OutputHandler.php | 4 +- includes/OutputPage.php | 28 ++-------- includes/User.php | 3 + includes/WebStart.php | 3 + includes/actions/RawAction.php | 6 ++ includes/api/ApiBase.php | 8 ++- includes/api/ApiFormatJson.php | 4 +- includes/api/ApiFormatPhp.php | 2 +- includes/api/ApiMain.php | 35 ++++++++++++ includes/api/ApiMove.php | 5 ++ includes/db/DatabasePostgres.php | 3 + includes/diff/DairikiDiff.php | 6 +- includes/diff/DifferenceEngine.php | 31 ++++++++++- includes/page/Article.php | 2 +- includes/parser/CoreTagHooks.php | 24 ++++++-- includes/parser/Parser.php | 28 ++++++++-- includes/password/MWOldPassword.php | 4 ++ includes/password/MWSaltedPassword.php | 4 ++ includes/password/Pbkdf2Password.php | 9 ++- .../resourceloader/ResourceLoaderFileModule.php | 1 - .../resourceloader/ResourceLoaderImageModule.php | 6 -- includes/resourceloader/ResourceLoaderModule.php | 17 ------ .../resourceloader/ResourceLoaderWikiModule.php | 2 - includes/specials/SpecialUserlogin.php | 15 +++-- includes/upload/UploadBase.php | 2 +- resources/Resources.php | 2 + .../mediawiki.page/mediawiki.page.patrol.ajax.js | 2 +- tests/browser/README.mediawiki | 64 ---------------------- tests/parser/parserTests.txt | 13 ++++- tests/phpunit/includes/api/ApiMainTest.php | 27 +++++++++ .../includes/api/format/ApiFormatJsonTest.php | 4 +- tests/phpunit/includes/upload/UploadBaseTest.php | 6 ++ tests/qunit/data/testrunner.js | 2 - 44 files changed, 329 insertions(+), 164 deletions(-) delete mode 120000 README.mediawiki delete mode 100644 tests/browser/README.mediawiki diff --git a/README.mediawiki b/README.mediawiki deleted file mode 120000 index 100b9382..00000000 --- a/README.mediawiki +++ /dev/null @@ -1 +0,0 @@ -README \ No newline at end of file diff --git a/RELEASE-NOTES-1.26 b/RELEASE-NOTES-1.26 index e617f00b..fd2e5e69 100644 --- a/RELEASE-NOTES-1.26 +++ b/RELEASE-NOTES-1.26 @@ -1,6 +1,34 @@ Security reminder: If you have PHP's register_globals option set, you must turn it off. MediaWiki will not work with it enabled. +== MediaWiki 1.26.3 == + +This is a maintenance release of the MediaWiki 1.26 branch. + +== Changes since 1.26.2 == +* (T116266) Fixed undefined property notices in DairikiDiff under HHVM. +* (T123166) Fix fatal error when importing pages to titles which cannot be + created, such as invalid titles or titles the user is not allowed to edit. +* (T122056) Old tokens are remaining valid within a new session +* (T127114) Login throttle can be tricked using non-canonicalized usernames +* (T123653) Cross-domain policy regexp is too narrow +* (T123071) Incorrectly identifying http link in a's href attributes, due to + m modifier in regex +* (T129506) MediaWiki:Gadget-popups.js isn't renderable +* (T125283) Users occasionally logged in as different users after + SessionManager deployment +* (T103239) Patrol allows click catching and patrolling of any page +* (T122807) [tracking] Check php crypto primatives +* (T98313) Graphs can leak tokens, leading to CSRF +* (T130947) Diff generation should use PoolCounter +* (T133507) Careless use of $wgExternalLinkTarget is insecure +* (T132874) API action=move is not rate limited +* (T110143) strip markers can be used to get around html attribute escaping in + (many?) parser tags +* (T116030) Increase pbkdf2 parameter strengths +* (T127420) Pbkdf2Password does not check if hash_pbkdf2() succeeded +* (T126685) Globally throttle password attempts + == MediaWiki 1.26.2 == This is a maintenance release of the MediaWiki 1.26 branch. diff --git a/docs/hooks.txt b/docs/hooks.txt index 7671e6e3..4e134e5d 100644 --- a/docs/hooks.txt +++ b/docs/hooks.txt @@ -2449,6 +2449,12 @@ $context: (IContextSource) The RequestContext the skin is being created for. &$skin: A variable reference you may set a Skin instance or string key on to override the skin that will be used for the context. +'RequestHasSameOriginSecurity': Called to determine if the request is somehow +flagged to lack same-origin security. Return false to indicate the lack. Note +if the "somehow" involves HTTP headers, you'll probably need to make sure +the header is varied on. +WebRequest $request: The request. + 'ResetPasswordExpiration': Allow extensions to set a default password expiration $user: The user having their password expiration reset &$newExpire: The new expiration date diff --git a/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.class.php b/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.class.php index 9eed2763..e2da350b 100644 --- a/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.class.php +++ b/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.class.php @@ -111,8 +111,11 @@ class SyntaxHighlight_GeSHi { public static function parserHook( $text, $args = array(), $parser ) { global $wgUseTidy; + // Replace strip markers (For e.g. {{#tag:syntaxhighlight|...}}) + $out = $parser->mStripState->unstripNoWiki( $text ); + // Don't trim leading spaces away, just the linefeeds - $out = preg_replace( '/^\n+/', '', rtrim( $text ) ); + $out = preg_replace( '/^\n+/', '', rtrim( $out ) ); // Convert deprecated attributes if ( isset( $args['enclose'] ) ) { diff --git a/extensions/SyntaxHighlight_GeSHi/tests/parserTests.txt b/extensions/SyntaxHighlight_GeSHi/tests/parserTests.txt index c6aaa9a4..5d5038c9 100644 --- a/extensions/SyntaxHighlight_GeSHi/tests/parserTests.txt +++ b/extensions/SyntaxHighlight_GeSHi/tests/parserTests.txt @@ -154,3 +154,12 @@ Text var a;.

Text var a;.

!! end + +!! test +Enclose with nowiki +!! input +{{#tag:syntaxhighlight|foo|lang="text"|inline=none}} +!! result +

foo +

+!! end diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 61fec6e1..7498a021 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -75,7 +75,7 @@ $wgConfigRegistry = array( * MediaWiki version number * @since 1.2 */ -$wgVersion = '1.26.2'; +$wgVersion = '1.26.3'; /** * Name of the site. It must be changed in LocalSettings.php @@ -4188,7 +4188,13 @@ $wgDebugTidy = false; $wgRawHtml = false; /** - * Set a default target for external links, e.g. _blank to pop up a new window + * Set a default target for external links, e.g. _blank to pop up a new window. + * + * This will also set the "noreferrer" and "noopener" link rel to prevent the + * attack described at https://mathiasbynens.github.io/rel-noopener/ . + * Some older browsers may not support these link attributes, hence + * setting $wgExternalLinkTarget to _blank may represent a security risk + * to some of your users. */ $wgExternalLinkTarget = false; @@ -4438,9 +4444,9 @@ $wgPasswordConfig = array( ), 'pbkdf2' => array( 'class' => 'Pbkdf2Password', - 'algo' => 'sha256', - 'cost' => '10000', - 'length' => '128', + 'algo' => 'sha512', + 'cost' => '30000', + 'length' => '64', ), ); diff --git a/includes/Defines.php b/includes/Defines.php index d55bbcf8..2f3d64fe 100644 --- a/includes/Defines.php +++ b/includes/Defines.php @@ -304,3 +304,9 @@ define( 'CONTENT_FORMAT_JSON', 'application/json' ); // for future use with the api, and for use by extensions define( 'CONTENT_FORMAT_XML', 'application/xml' ); /**@}*/ + +/**@{ + * Max string length for shell invocations; based on binfmts.h + */ +define( 'SHELL_MAX_ARG_STRLEN', '100000'); +/**@}*/ diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php index 64aa87ec..c4d5b5bc 100644 --- a/includes/GlobalFunctions.php +++ b/includes/GlobalFunctions.php @@ -2812,6 +2812,14 @@ function wfShellExec( $cmd, &$retval = null, $environ = array(), } wfDebug( "wfShellExec: $cmd\n" ); + // Don't try to execute commands that exceed Linux's MAX_ARG_STRLEN. + // Other platforms may be more accomodating, but we don't want to be + // accomodating, because very long commands probably include user + // input. See T129506. + if ( strlen( $cmd ) > SHELL_MAX_ARG_STRLEN ) { + throw new Exception( __METHOD__ . '(): total length of $cmd must not exceed SHELL_MAX_ARG_STRLEN' ); + } + $desc = array( 0 => array( 'file', 'php://stdin', 'r' ), 1 => array( 'pipe', 'w' ), diff --git a/includes/Import.php b/includes/Import.php index 6a0bfd09..db4a6b2d 100644 --- a/includes/Import.php +++ b/includes/Import.php @@ -728,13 +728,14 @@ class WikiImporter { $title = $this->processTitle( $pageInfo['title'], isset( $pageInfo['ns'] ) ? $pageInfo['ns'] : null ); - if ( !$title ) { + // $title is either an array of two titles or false. + if ( is_array( $title ) ) { + $this->pageCallback( $title ); + list( $pageInfo['_title'], $foreignTitle ) = $title; + } else { $badTitle = true; $skip = true; } - - $this->pageCallback( $title ); - list( $pageInfo['_title'], $foreignTitle ) = $title; } if ( $title ) { @@ -750,10 +751,17 @@ class WikiImporter { } } - $this->pageOutCallback( $pageInfo['_title'], $foreignTitle, + // @note $pageInfo is only set if a valid $title is processed above with + // no error. If we have a valid $title, then pageCallback is called + // above, $pageInfo['title'] is set and we do pageOutCallback here. + // If $pageInfo['_title'] is not set, then $foreignTitle is also not + // set since they both come from $title above. + if ( array_key_exists( '_title', $pageInfo ) ) { + $this->pageOutCallback( $pageInfo['_title'], $foreignTitle, $pageInfo['revisionCount'], $pageInfo['successfulRevisionCount'], $pageInfo ); + } } /** diff --git a/includes/Linker.php b/includes/Linker.php index 9b5ff27b..f0fa4a5a 100644 --- a/includes/Linker.php +++ b/includes/Linker.php @@ -1073,7 +1073,16 @@ class Linker { if ( !$title ) { $title = $wgTitle; } - $attribs['rel'] = Parser::getExternalLinkRel( $url, $title ); + $newRel = Parser::getExternalLinkRel( $url, $title ); + if ( !isset( $attribs['rel'] ) || $attribs['rel'] === '' ) { + $attribs['rel'] = $newRel; + } elseif( $newRel !== '' ) { + // Merge the rel attributes. + $newRels = explode( ' ', $newRel ); + $oldRels = explode( ' ', $attribs['rel'] ); + $combined = array_unique( array_merge( $newRels, $oldRels ) ); + $attribs['rel'] = implode( ' ', $combined ); + } $link = ''; $success = Hooks::run( 'LinkerMakeExternalLink', array( &$url, &$text, &$link, &$attribs, $linktype ) ); diff --git a/includes/MediaWiki.php b/includes/MediaWiki.php index 2da2f6ce..a902f367 100644 --- a/includes/MediaWiki.php +++ b/includes/MediaWiki.php @@ -806,9 +806,18 @@ class MediaWiki { $errno = $errstr = null; $info = wfParseUrl( $this->config->get( 'Server' ) ); MediaWiki\suppressWarnings(); + $host = $info['host']; + $port = 80; + if ( isset( $info['scheme'] ) && $info['scheme'] == 'https' ) { + $host = "tls://" . $host; + $port = 443; + } + if ( isset( $info['port'] ) ) { + $port = $info['port']; + } $sock = fsockopen( - $info['host'], - isset( $info['port'] ) ? $info['port'] : 80, + $host, + $port, $errno, $errstr, // If it takes more than 100ms to connect to ourselves there diff --git a/includes/OutputHandler.php b/includes/OutputHandler.php index c6209eeb..dd99361e 100644 --- a/includes/OutputHandler.php +++ b/includes/OutputHandler.php @@ -154,8 +154,8 @@ function wfGzipHandler( $s ) { */ function wfMangleFlashPolicy( $s ) { # Avoid weird excessive memory usage in PCRE on big articles - if ( preg_match( '/\<\s*cross-domain-policy\s*\>/i', $s ) ) { - return preg_replace( '/\<\s*cross-domain-policy\s*\>/i', '', $s ); + if ( preg_match( '/\<\s*cross-domain-policy(?=\s|\>)/i', $s ) ) { + return preg_replace( '/\<(\s*)(cross-domain-policy(?=\s|\>))/i', '<$1NOT-$2', $s ); } else { return $s; } diff --git a/includes/OutputPage.php b/includes/OutputPage.php index 69ed8def..324cab34 100644 --- a/includes/OutputPage.php +++ b/includes/OutputPage.php @@ -610,20 +610,6 @@ class OutputPage extends ContextSource { * @return array Array of module names */ public function getModuleStyles( $filter = false, $position = null ) { - // T97420 - $resourceLoader = $this->getResourceLoader(); - - foreach ( $this->mModuleStyles as $val ) { - $module = $resourceLoader->getModule( $val ); - - if ( $module instanceof ResourceLoaderModule && $module->isPositionDefault() ) { - $warning = __METHOD__ . ': style module should define its position explicitly: ' . - $val . ' ' . get_class( $module ); - wfDebugLog( 'resourceloader', $warning ); - wfLogWarning( $warning ); - } - } - return $this->getModules( $filter, $position, 'mModuleStyles' ); } @@ -2044,6 +2030,11 @@ class OutputPage extends ContextSource { * @return string */ public function getVaryHeader() { + // If we vary on cookies, let's make sure it's always included here too. + if ( $this->getCacheVaryCookies() ) { + $this->addVaryHeader( 'Cookie' ); + } + return 'Vary: ' . join( ', ', array_keys( $this->mVaryHeader ) ); } @@ -3074,10 +3065,6 @@ class OutputPage extends ContextSource { ResourceLoaderModule::TYPE_SCRIPTS ); - $links[] = $this->makeResourceLoaderLink( $this->getModuleStyles( true, 'bottom' ), - ResourceLoaderModule::TYPE_STYLES - ); - // Modules requests - let the client calculate dependencies and batch requests as it likes // Only load modules that have marked themselves for loading at the bottom $modules = $this->getModules( true, 'bottom' ); @@ -3140,9 +3127,6 @@ class OutputPage extends ContextSource { * @return string */ function getBottomScripts() { - // In case the skin wants to add bottom CSS - $this->getSkin()->setupSkinUserCss( $this ); - return $this->getScriptsForBottomQueue(); } @@ -3665,7 +3649,7 @@ class OutputPage extends ContextSource { $otherTags = array(); // Tags to append after the normal tags $resourceLoader = $this->getResourceLoader(); - $moduleStyles = $this->getModuleStyles( true, 'top' ); + $moduleStyles = $this->getModuleStyles(); // Per-site custom styles $moduleStyles[] = 'site'; diff --git a/includes/User.php b/includes/User.php index 199dd1dc..f6df7e03 100644 --- a/includes/User.php +++ b/includes/User.php @@ -3630,11 +3630,14 @@ class User implements IDBAccessObject { $this->clearInstanceCache( 'defaults' ); $this->getRequest()->setSessionData( 'wsUserID', 0 ); + $this->getRequest()->setSessionData( 'wsEditToken', null ); $this->clearCookie( 'UserID' ); $this->clearCookie( 'Token' ); $this->clearCookie( 'forceHTTPS', false, array( 'prefix' => '' ) ); + wfResetSessionID(); + // Remember when user logged out, to prevent seeing cached pages $this->setCookie( 'LoggedOut', time(), time() + 86400 ); } diff --git a/includes/WebStart.php b/includes/WebStart.php index f5a4f93b..e75e97fd 100644 --- a/includes/WebStart.php +++ b/includes/WebStart.php @@ -40,6 +40,9 @@ if ( function_exists( 'get_magic_quotes_gpc' ) && get_magic_quotes_gpc() ) { . 'for help on how to disable magic quotes.' ); } +if ( ini_get( 'mbstring.func_overload' ) ) { + die( 'MediaWiki does not support installations where mbstring.func_overload is non-zero.' ); +} # bug 15461: Make IE8 turn off content sniffing. Everybody else should ignore this # We're adding it here so that it's *always* set, even for alternate entry diff --git a/includes/actions/RawAction.php b/includes/actions/RawAction.php index b71b0e9e..6b99258f 100644 --- a/includes/actions/RawAction.php +++ b/includes/actions/RawAction.php @@ -90,6 +90,12 @@ class RawAction extends FormlessAction { } } + // Set standard Vary headers so cache varies on cookies and such (T125283) + $response->header( $this->getOutput()->getVaryHeader() ); + if ( $config->get( 'UseXVO' ) ) { + $response->header( $this->getOutput()->getXVO() ); + } + $response->header( 'Content-type: ' . $contentType . '; charset=UTF-8' ); // Output may contain user-specific data; // vary generated content for open sessions on private wikis diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php index d53797bc..4f40499c 100644 --- a/includes/api/ApiBase.php +++ b/includes/api/ApiBase.php @@ -421,7 +421,13 @@ abstract class ApiBase extends ContextSource { * @return bool */ public function lacksSameOriginSecurity() { - return $this->getMain()->getRequest()->getVal( 'callback' ) !== null; + // Main module has this method overridden + // Safety - avoid infinite loop: + if ( $this->isMain() ) { + ApiBase::dieDebug( __METHOD__, 'base method was called on main module.' ); + } + + return $this->getMain()->lacksSameOriginSecurity(); } /** diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php index be1b12c3..baba5b2d 100644 --- a/includes/api/ApiFormatJson.php +++ b/includes/api/ApiFormatJson.php @@ -102,9 +102,9 @@ class ApiFormatJson extends ApiFormatBase { // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in // Flash, but what it does isn't friendly for the API, so we need to // work around it. - if ( preg_match( '/\<\s*cross-domain-policy\s*\>/i', $json ) ) { + if ( preg_match( '/\<\s*cross-domain-policy(?=\s|\>)/i', $json ) ) { $json = preg_replace( - '/\<(\s*cross-domain-policy\s*)\>/i', '\\u003C$1\\u003E', $json + '/\<(\s*cross-domain-policy(?=\s|\>))/i', '\\u003C$1', $json ); } diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php index 6420a5b5..643379c7 100644 --- a/includes/api/ApiFormatPhp.php +++ b/includes/api/ApiFormatPhp.php @@ -65,7 +65,7 @@ class ApiFormatPhp extends ApiFormatBase { // just be broken in a useful manner. if ( $this->getConfig()->get( 'MangleFlashPolicy' ) && in_array( 'wfOutputHandler', ob_list_handlers(), true ) && - preg_match( '/\<\s*cross-domain-policy\s*\>/i', $text ) + preg_match( '/\<\s*cross-domain-policy(?=\s|\>)/i', $text ) ) { $this->dieUsage( 'This response cannot be represented using format=php. ' . diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php index d943c86b..1f0aebb6 100644 --- a/includes/api/ApiMain.php +++ b/includes/api/ApiMain.php @@ -145,6 +145,9 @@ class ApiMain extends ApiBase { private $mCacheControl = array(); private $mParamsUsed = array(); + /** @var bool|null Cached return value from self::lacksSameOriginSecurity() */ + private $lacksSameOriginSecurity = null; + /** * Constructs an instance of ApiMain that utilizes the module and format specified by $request. * @@ -242,6 +245,36 @@ class ApiMain extends ApiBase { return $this->mResult; } + /** + * Get the security flag for the current request + * @return bool + */ + public function lacksSameOriginSecurity() { + if ( $this->lacksSameOriginSecurity !== null ) { + return $this->lacksSameOriginSecurity; + } + + $request = $this->getRequest(); + + // JSONP mode + if ( $request->getVal( 'callback' ) !== null ) { + $this->lacksSameOriginSecurity = true; + return true; + } + + // Header to be used from XMLHTTPRequest when the request might + // otherwise be used for XSS. + if ( $request->getHeader( 'Treat-as-Untrusted' ) !== false ) { + $this->lacksSameOriginSecurity = true; + return true; + } + + // Allow extensions to override. + $this->lacksSameOriginSecurity = !Hooks::run( 'RequestHasSameOriginSecurity', array( $request ) ); + return $this->lacksSameOriginSecurity; + } + + /** * Get the ApiErrorFormatter object associated with current request * @return ApiErrorFormatter @@ -717,6 +750,8 @@ class ApiMain extends ApiBase { $response = $this->getRequest()->response(); $out = $this->getOutput(); + $out->addVaryHeader( 'Treat-as-Untrusted' ); + $config = $this->getConfig(); if ( $config->get( 'VaryOnXFP' ) ) { diff --git a/includes/api/ApiMove.php b/includes/api/ApiMove.php index aca43784..dc50594c 100644 --- a/includes/api/ApiMove.php +++ b/includes/api/ApiMove.php @@ -72,6 +72,11 @@ class ApiMove extends ApiBase { } } + // Rate limit + if ( $user->pingLimiter( 'move' ) ) { + $this->dieUsageMsg( 'actionthrottledtext' ); + } + // Move the page $toTitleExists = $toTitle->exists(); $status = $this->movePage( $fromTitle, $toTitle, $params['reason'], !$params['noredirect'] ); diff --git a/includes/db/DatabasePostgres.php b/includes/db/DatabasePostgres.php index 56a5b2cf..d5143689 100644 --- a/includes/db/DatabasePostgres.php +++ b/includes/db/DatabasePostgres.php @@ -486,6 +486,9 @@ class DatabasePostgres extends DatabaseBase { if ( function_exists( 'mb_convert_encoding' ) ) { $sql = mb_convert_encoding( $sql, 'UTF-8' ); } + while ( $res = pg_get_result( $this->mConn ) ) { + pg_free_result( $res ); + } $this->mTransactionState->check(); if ( pg_send_query( $this->mConn, $sql ) === false ) { throw new DBUnexpectedError( $this, "Unable to post new query to PostgreSQL\n" ); diff --git a/includes/diff/DairikiDiff.php b/includes/diff/DairikiDiff.php index d327433f..7bdc6543 100644 --- a/includes/diff/DairikiDiff.php +++ b/includes/diff/DairikiDiff.php @@ -296,9 +296,9 @@ class DiffEngine { $this->xchanged = $this->ychanged = array(); $this->xv = $this->yv = array(); $this->xind = $this->yind = array(); - unset( $this->seq ); - unset( $this->in_seq ); - unset( $this->lcs ); + $this->seq = array(); + $this->in_seq = array(); + $this->lcs = 0; // Skip leading common lines. for ( $skip = 0; $skip < $n_from && $skip < $n_to; $skip++ ) { diff --git a/includes/diff/DifferenceEngine.php b/includes/diff/DifferenceEngine.php index c138eec2..fa1cd79d 100644 --- a/includes/diff/DifferenceEngine.php +++ b/includes/diff/DifferenceEngine.php @@ -511,7 +511,7 @@ class DifferenceEngine extends ContextSource { $this->mMarkPatrolledLink = ' [' . Linker::linkKnown( $this->mNewPage, $this->msg( 'markaspatrolleddiff' )->escaped(), - array(), + array( 'class' => 'mw-patrollink' ), array( 'action' => 'markpatrolled', 'rcid' => $rcid, @@ -823,6 +823,35 @@ class DifferenceEngine extends ContextSource { * @return bool|string */ public function generateTextDiffBody( $otext, $ntext ) { + $self = $this; + $diff = function() use ( $self, $otext, $ntext ) { + return $self->textDiff( $otext, $ntext ); + }; + + $error = function( $status ) { + throw new FatalError( $status->getWikiText() ); + }; + + // Use PoolCounter if the diff looks like it can be expensive + if ( strlen( $otext ) + strlen( $ntext ) > 20000 ) { + $work = new PoolCounterWorkViaCallback( 'diff', + md5( $otext ) . md5( $ntext ), + array( 'doWork' => $diff, 'error' => $error ) + ); + return $work->execute(); + } + + return $diff(); + } + + /** + * Generates diff, to be wrapped internally in a logging/instrumentation + * + * @param string $otext Old text, must be already segmented + * @param string $ntext New text, must be already segmented + * @return bool|string + */ + public function textDiff( $otext, $ntext ) { global $wgExternalDiffEngine, $wgContLang; $otext = str_replace( "\r\n", "\n", $otext ); diff --git a/includes/page/Article.php b/includes/page/Article.php index 56b9520a..97412dc7 100644 --- a/includes/page/Article.php +++ b/includes/page/Article.php @@ -1168,7 +1168,7 @@ class Article implements Page { $link = Linker::linkKnown( $this->getTitle(), wfMessage( 'markaspatrolledtext' )->escaped(), - array(), + array( 'class' => 'mw-patrollink' ), array( 'action' => 'markpatrolled', 'rcid' => $rcid, diff --git a/includes/parser/CoreTagHooks.php b/includes/parser/CoreTagHooks.php index 9755ea93..3f4f54a3 100644 --- a/includes/parser/CoreTagHooks.php +++ b/includes/parser/CoreTagHooks.php @@ -56,9 +56,14 @@ class CoreTagHooks { $content = StringUtils::delimiterReplace( '', '', '$1', $text, 'i' ); $attribs = Sanitizer::validateTagAttributes( $attribs, 'pre' ); - return Xml::openElement( 'pre', $attribs ) . - Xml::escapeTagsOnly( $content ) . - ''; + // We need to let both '"' and '&' through, + // for strip markers and entities respectively. + $content = str_replace( + array( '>', '<' ), + array( '>', '<' ), + $content + ); + return Html::rawElement( 'pre', $attribs, $content ); } /** @@ -98,8 +103,17 @@ class CoreTagHooks { * @return array */ public static function nowiki( $content, $attributes, $parser ) { - $content = strtr( $content, array( '-{' => '-{', '}-' => '}-' ) ); - return array( Xml::escapeTagsOnly( $content ), 'markerType' => 'nowiki' ); + $content = strtr( $content, array( + // lang converter + '-{' => '-{', + '}-' => '}-', + // html tags + '<' => '<', + '>' => '>' + // Note: Both '"' and '&' are not converted. + // This allows strip markers and entities through. + ) ); + return array( $content, 'markerType' => 'nowiki' ); } /** diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php index c07a08ac..12953167 100644 --- a/includes/parser/Parser.php +++ b/includes/parser/Parser.php @@ -129,9 +129,14 @@ class Parser { * * Must not consist of all title characters, or else it will change * the behavior of in a link. + * + * Must have a character that needs escaping in attributes, otherwise + * someone could put a strip marker in an attribute, to get around + * escaping quote marks, and break out of the attribute. Thus we add + * `'". */ - const MARKER_SUFFIX = "-QINU\x7f"; - const MARKER_PREFIX = "\x7fUNIQ-"; + const MARKER_SUFFIX = "-QINU`\"'\x7f"; + const MARKER_PREFIX = "\x7f'\"`UNIQ-"; # Markers used for wrapping the table of contents const TOC_START = ''; @@ -1862,11 +1867,22 @@ class Parser { */ public function getExternalLinkAttribs( $url = false ) { $attribs = array(); - $attribs['rel'] = self::getExternalLinkRel( $url, $this->mTitle ); - - if ( $this->mOptions->getExternalLinkTarget() ) { - $attribs['target'] = $this->mOptions->getExternalLinkTarget(); + $rel = self::getExternalLinkRel( $url, $this->mTitle ); + + $target = $this->mOptions->getExternalLinkTarget(); + if ( $target ) { + $attribs['target'] = $target; + if ( !in_array( $target, array( '_self', '_parent', '_top' ) ) ) { + // T133507. New windows can navigate parent cross-origin. + // Including noreferrer due to lacking browser + // support of noopener. Eventually noreferrer should be removed. + if ( $rel !== '' ) { + $rel .= ' '; + } + $rel .= 'noreferrer noopener'; + } } + $attribs['rel'] = $rel; return $attribs; } diff --git a/includes/password/MWOldPassword.php b/includes/password/MWOldPassword.php index afa5cacc..43c13553 100644 --- a/includes/password/MWOldPassword.php +++ b/includes/password/MWOldPassword.php @@ -44,5 +44,9 @@ class MWOldPassword extends ParameterizedPassword { $this->args = array(); $this->hash = md5( $plaintext ); } + + if ( !is_string( $this->hash ) || strlen( $this->hash ) < 32 ) { + throw new PasswordError( 'Error when hashing password.' ); + } } } diff --git a/includes/password/MWSaltedPassword.php b/includes/password/MWSaltedPassword.php index 6c6895a2..40d2b6a1 100644 --- a/includes/password/MWSaltedPassword.php +++ b/includes/password/MWSaltedPassword.php @@ -42,5 +42,9 @@ class MWSaltedPassword extends ParameterizedPassword { } $this->hash = md5( $this->args[0] . '-' . md5( $plaintext ) ); + + if ( !is_string( $this->hash ) || strlen( $this->hash ) < 32 ) { + throw new PasswordError( 'Error when hashing password.' ); + } } } diff --git a/includes/password/Pbkdf2Password.php b/includes/password/Pbkdf2Password.php index 080e3b0d..808fd8a6 100644 --- a/includes/password/Pbkdf2Password.php +++ b/includes/password/Pbkdf2Password.php @@ -55,8 +55,15 @@ class Pbkdf2Password extends ParameterizedPassword { (int)$this->params['length'], true ); + if ( !is_string( $hash ) ) { + throw new PasswordError( 'Error when hashing password.' ); + } } else { - $hashLen = strlen( hash( $this->params['algo'], '', true ) ); + $hashLenHash = hash( $this->params['algo'], '', true ); + if ( !is_string( $hashLenHash ) ) { + throw new PasswordError( 'Error when hashing password.' ); + } + $hashLen = strlen( $hashLenHash ); $blockCount = ceil( $this->params['length'] / $hashLen ); $hash = ''; diff --git a/includes/resourceloader/ResourceLoaderFileModule.php b/includes/resourceloader/ResourceLoaderFileModule.php index 7fbc1cb4..8060f6e1 100644 --- a/includes/resourceloader/ResourceLoaderFileModule.php +++ b/includes/resourceloader/ResourceLoaderFileModule.php @@ -279,7 +279,6 @@ class ResourceLoaderFileModule extends ResourceLoaderModule { break; // Single strings case 'position': - $this->isPositionDefined = true; case 'group': case 'skipFunction': $this->{$member} = (string)$option; diff --git a/includes/resourceloader/ResourceLoaderImageModule.php b/includes/resourceloader/ResourceLoaderImageModule.php index 8de87f2e..e2da28bb 100644 --- a/includes/resourceloader/ResourceLoaderImageModule.php +++ b/includes/resourceloader/ResourceLoaderImageModule.php @@ -184,7 +184,6 @@ class ResourceLoaderImageModule extends ResourceLoaderModule { break; case 'position': - $this->isPositionDefined = true; case 'prefix': case 'selectorWithoutVariant': case 'selectorWithVariant': @@ -456,9 +455,4 @@ class ResourceLoaderImageModule extends ResourceLoaderModule { $this->loadFromDefinition(); return $this->position; } - - public function isPositionDefault() { - $this->loadFromDefinition(); - return parent::isPositionDefault(); - } } diff --git a/includes/resourceloader/ResourceLoaderModule.php b/includes/resourceloader/ResourceLoaderModule.php index 1d3ffb55..9b6702aa 100644 --- a/includes/resourceloader/ResourceLoaderModule.php +++ b/includes/resourceloader/ResourceLoaderModule.php @@ -67,10 +67,6 @@ abstract class ResourceLoaderModule { // In-object cache for module content protected $contents = array(); - // Whether the position returned by getPosition() is defined in the module configuration - // and not a default value - protected $isPositionDefined = false; - /** * @var Config */ @@ -291,19 +287,6 @@ abstract class ResourceLoaderModule { return 'bottom'; } - /** - * Whether the position returned by getPosition() is a default value or comes from the module - * definition. This method is meant to be short-lived, and is only useful until classes added - * via addModuleStyles with a default value define an explicit position. See getModuleStyles() - * in OutputPage for the related migration warning. - * - * @return bool - * @since 1.26 - */ - public function isPositionDefault() { - return !$this->isPositionDefined; - } - /** * Whether this module's JS expects to work without the client-side ResourceLoader module. * Returning true from this function will prevent mw.loader.state() call from being diff --git a/includes/resourceloader/ResourceLoaderWikiModule.php b/includes/resourceloader/ResourceLoaderWikiModule.php index 0023de27..693bcee4 100644 --- a/includes/resourceloader/ResourceLoaderWikiModule.php +++ b/includes/resourceloader/ResourceLoaderWikiModule.php @@ -72,8 +72,6 @@ class ResourceLoaderWikiModule extends ResourceLoaderModule { foreach ( $options as $member => $option ) { switch ( $member ) { case 'position': - $this->isPositionDefined = true; - // Don't break since we need the member set as well case 'styles': case 'scripts': case 'group': diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php index 21f1194f..2d6737bd 100644 --- a/includes/specials/SpecialUserlogin.php +++ b/includes/specials/SpecialUserlogin.php @@ -628,7 +628,7 @@ class LoginForm extends SpecialPage { "allowed account creation w/o throttle\n" ); } else { if ( ( $wgAccountCreationThrottle && $currentUser->isPingLimitable() ) ) { - $key = wfMemcKey( 'acctcreate', 'ip', $ip ); + $key = wfGlobalCacheKey( 'acctcreate', 'ip', $ip ); $value = $wgMemc->get( $key ); if ( !$value ) { $wgMemc->set( $key, 0, 86400 ); @@ -862,11 +862,12 @@ class LoginForm extends SpecialPage { */ public static function incLoginThrottle( $username ) { global $wgPasswordAttemptThrottle, $wgMemc, $wgRequest; - $username = trim( $username ); // sanity + $canUsername = User::getCanonicalName( $username, 'usable' ); + $username = $canUsername !== false ? $canUsername : $username; $throttleCount = 0; if ( is_array( $wgPasswordAttemptThrottle ) ) { - $throttleKey = wfMemcKey( 'password-throttle', $wgRequest->getIP(), md5( $username ) ); + $throttleKey = wfGlobalCacheKey( 'password-throttle', $wgRequest->getIP(), md5( $username ) ); $count = $wgPasswordAttemptThrottle['count']; $period = $wgPasswordAttemptThrottle['seconds']; @@ -890,9 +891,10 @@ class LoginForm extends SpecialPage { */ public static function clearLoginThrottle( $username ) { global $wgMemc, $wgRequest; - $username = trim( $username ); // sanity + $canUsername = User::getCanonicalName( $username, 'usable' ); + $username = $canUsername !== false ? $canUsername : $username; - $throttleKey = wfMemcKey( 'password-throttle', $wgRequest->getIP(), md5( $username ) ); + $throttleKey = wfGlobalCacheKey( 'password-throttle', $wgRequest->getIP(), md5( $username ) ); $wgMemc->delete( $throttleKey ); } @@ -1608,7 +1610,8 @@ class LoginForm extends SpecialPage { if ( $wgSecureLogin && !$this->mStickHTTPS ) { $wgCookieSecure = false; } - + // Always make sure edit token is regenerated. (T114419) + $this->getRequest()->setSessionData( 'wsEditToken', null ); wfResetSessionID(); } diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php index e9e1f658..02192904 100644 --- a/includes/upload/UploadBase.php +++ b/includes/upload/UploadBase.php @@ -1399,7 +1399,7 @@ abstract class UploadBase { && strpos( $value, '#' ) !== 0 ) { if ( !( $strippedElement === 'a' - && preg_match( '!^https?://!im', $value ) ) + && preg_match( '!^https?://!i', $value ) ) ) { wfDebug( __METHOD__ . ": Found href attribute <$strippedElement " . "'$attrib'='$value' in uploaded file.\n" ); diff --git a/resources/Resources.php b/resources/Resources.php index 6a22af66..6626f05a 100644 --- a/resources/Resources.php +++ b/resources/Resources.php @@ -2031,6 +2031,8 @@ return array( 'dependencies' => array( 'oojs-ui', 'mediawiki.api', + 'mediawiki.ForeignApi', + 'mediawiki.Title', ), 'targets' => array( 'desktop', 'mobile' ), ), diff --git a/resources/src/mediawiki.page/mediawiki.page.patrol.ajax.js b/resources/src/mediawiki.page/mediawiki.page.patrol.ajax.js index f9b0d356..e0307b72 100644 --- a/resources/src/mediawiki.page/mediawiki.page.patrol.ajax.js +++ b/resources/src/mediawiki.page/mediawiki.page.patrol.ajax.js @@ -12,7 +12,7 @@ return; } $( function () { - var $patrolLinks = $( '.patrollink a' ); + var $patrolLinks = $( '.patrollink a.mw-patrollink' ); $patrolLinks.on( 'click', function ( e ) { var $spinner, href, rcid, apiRequest; diff --git a/tests/browser/README.mediawiki b/tests/browser/README.mediawiki deleted file mode 100644 index 22657627..00000000 --- a/tests/browser/README.mediawiki +++ /dev/null @@ -1,64 +0,0 @@ -Purpose: - -The purpose of these tests is to validate that a newly installed (or updated, or hacked, or whatever) mediawiki instance presents to the user a set of expected features, regardless of what language the wiki is in, or where it is installed, or what extensions it might have. - -The tests are based on the basic definition of a wiki, a website where anyone - -* can read a page -* can create a page -* can edit a page -* can link one page to another page - -Install: - -Ruby 1.9.3 or higher is required -Firefox browser is required -:: - cd /tests/browser - gem update --system - gem install bundler - bundle install - -Run the tests: - -Edit the environment_variables file with appropriate values for your wiki -$source environment_variables (example shown in bash shell) - -bundle exec cucumber features/ - -Note that the acceptance tests will create three pages in your wiki entitled "Editing Test Page", "Link Source Test Page", and "Link Target Test Page". These pages may be deleted at any time. If you wish to re-run the tests at any time, these test pages will be re-created or reset to their original contents at the time that the tests run. - -For more information about running Selenium tests please see -https://github.com/wikimedia/mediawiki-selenium - -Details: - -create_account.feature -* Checks three different ways to arrive on page allowing the user to create an account - -create_and_follow_wiki_link.feature: -* uses the mediawiki API to create a link target page -* uses the mediawiki API to create a link source page -* navigates a browser to the link source page -* clicks the link in that page to the link target page -* validates that the browser has in fact followed the link to the target page correctly - -edit_page.feature: -* uses the mediawiki API to create an editable page on the wiki -* navigates a browser to the page -* clicks the Edit button to invoke the basic editor -* edits the page with a particular string containing a static part and also a quasi-unique random part -* saves the edited page -* checks that the saved page contains the particular string with which the page was edited - -main_page.feature: -* navigates a browser to the default landing page of the wiki -* checks for the View History link on the landing page -* checks for the full set of of sidebar links that should exist on every mediawiki wiki - -view_history.feature -* similar to edit_page.feature but checks for an older version of the edited page - -Notes: - -Tested on beta labs hewiki, dewiki, enwiki, and on a local installation of mediawiki \ No newline at end of file diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt index c8c63f39..67da1f0a 100644 --- a/tests/parser/parserTests.txt +++ b/tests/parser/parserTests.txt @@ -2262,6 +2262,15 @@ Entities inside
 
 !! end
 
+!! test
+ inside of #tag:pre
+!! wikitext
+{{#tag:pre|Foo →bar}}
+!! html
+
Foo →bar
+ +!! end + !! test and
 preference (first one wins)
 !! wikitext
@@ -12863,7 +12872,7 @@ Image with link parameter, wgExternalLinkTarget
 !! config
 wgExternalLinkTarget='foobar'
 !! html
-

Foobar.jpg +

Foobar.jpg

!! end @@ -12896,7 +12905,7 @@ Image with link parameter, wgExternalLinkTarget, unnamed parameter !! config wgExternalLinkTarget='foobar' !! html -

Title +

Title

!! end diff --git a/tests/phpunit/includes/api/ApiMainTest.php b/tests/phpunit/includes/api/ApiMainTest.php index 94b741dc..a2bc7aed 100644 --- a/tests/phpunit/includes/api/ApiMainTest.php +++ b/tests/phpunit/includes/api/ApiMainTest.php @@ -248,4 +248,31 @@ class ApiMainTest extends ApiTestCase { ); } + /** + * @covers ApiMain::lacksSameOriginSecurity + */ + public function testLacksSameOriginSecurity() { + // Basic test + $main = new ApiMain( new FauxRequest( array( 'action' => 'query', 'meta' => 'siteinfo' ) ) ); + $this->assertFalse( $main->lacksSameOriginSecurity(), 'Basic test, should have security' ); + + // JSONp + $main = new ApiMain( + new FauxRequest( array( 'action' => 'query', 'format' => 'xml', 'callback' => 'foo' ) ) + ); + $this->assertTrue( $main->lacksSameOriginSecurity(), 'JSONp, should lack security' ); + + // Header + $request = new FauxRequest( array( 'action' => 'query', 'meta' => 'siteinfo' ) ); + $request->setHeader( 'TrEaT-As-UnTrUsTeD', '' ); // With falsey value! + $main = new ApiMain( $request ); + $this->assertTrue( $main->lacksSameOriginSecurity(), 'Header supplied, should lack security' ); + + // Hook + $this->mergeMwGlobalArrayValue( 'wgHooks', array( + 'RequestHasSameOriginSecurity' => array( function () { return false; } ) + ) ); + $main = new ApiMain( new FauxRequest( array( 'action' => 'query', 'meta' => 'siteinfo' ) ) ); + $this->assertTrue( $main->lacksSameOriginSecurity(), 'Hook, should lack security' ); + } } diff --git a/tests/phpunit/includes/api/format/ApiFormatJsonTest.php b/tests/phpunit/includes/api/format/ApiFormatJsonTest.php index 3dfcaf0f..8d599b08 100644 --- a/tests/phpunit/includes/api/format/ApiFormatJsonTest.php +++ b/tests/phpunit/includes/api/format/ApiFormatJsonTest.php @@ -61,7 +61,7 @@ class ApiFormatJsonTest extends ApiFormatTestBase { array( array( 1 ), '/**/myCallback([1])', array( 'callback' => 'myCallback' ) ), // Cross-domain mangling - array( array( '< Cross-Domain-Policy >' ), '["\u003C Cross-Domain-Policy \u003E"]' ), + array( array( '< Cross-Domain-Policy >' ), '["\u003C Cross-Domain-Policy >"]' ), ) ), self::addFormatVersion( 2, array( // Basic types @@ -102,7 +102,7 @@ class ApiFormatJsonTest extends ApiFormatTestBase { array( array( 1 ), '/**/myCallback([1])', array( 'callback' => 'myCallback' ) ), // Cross-domain mangling - array( array( '< Cross-Domain-Policy >' ), '["\u003C Cross-Domain-Policy \u003E"]' ), + array( array( '< Cross-Domain-Policy >' ), '["\u003C Cross-Domain-Policy >"]' ), ) ) ); } diff --git a/tests/phpunit/includes/upload/UploadBaseTest.php b/tests/phpunit/includes/upload/UploadBaseTest.php index 9441b77f..a3f8ae48 100644 --- a/tests/phpunit/includes/upload/UploadBaseTest.php +++ b/tests/phpunit/includes/upload/UploadBaseTest.php @@ -374,6 +374,12 @@ class UploadBaseTest extends MediaWikiTestCase { false, 'SVG with external entity' ), + array( + " ", + true, + true, + 'SVG with javascript link with newline (T122653)' + ), // Test good, but strange files that we want to allow array( diff --git a/tests/qunit/data/testrunner.js b/tests/qunit/data/testrunner.js index 01f96252..53bff763 100644 --- a/tests/qunit/data/testrunner.js +++ b/tests/qunit/data/testrunner.js @@ -27,8 +27,6 @@ // and assuming failure. QUnit.config.testTimeout = 30 * 1000; - QUnit.config.requireExpects = true; - // Add a checkbox to QUnit header to toggle MediaWiki ResourceLoader debug mode. QUnit.config.urlConfig.push( { id: 'debug', -- cgit v1.2.3-54-g00ecf From 788cb78c4c2ab6606c731f45b5d0238ac2080da0 Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Thu, 16 Jun 2016 13:11:10 +0200 Subject: Add AbuseFilter and CheckUser Requested by Jason Signed-off-by: Florian Pritz --- .gitmodules | 6 ++++++ extensions/AbuseFilter | 1 + extensions/CheckUser | 1 + 3 files changed, 8 insertions(+) create mode 100644 .gitmodules create mode 160000 extensions/AbuseFilter create mode 160000 extensions/CheckUser diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 00000000..fc47ad4e --- /dev/null +++ b/.gitmodules @@ -0,0 +1,6 @@ +[submodule "extensions/CheckUser"] + path = extensions/CheckUser + url = https://gerrit.wikimedia.org/r/p/mediawiki/extensions/CheckUser.git +[submodule "extensions/AbuseFilter"] + path = extensions/AbuseFilter + url = https://github.com/wikimedia/mediawiki-extensions-AbuseFilter.git diff --git a/extensions/AbuseFilter b/extensions/AbuseFilter new file mode 160000 index 00000000..063ac925 --- /dev/null +++ b/extensions/AbuseFilter @@ -0,0 +1 @@ +Subproject commit 063ac925a80b7a87dbdd21b7acec8177efdac3d7 diff --git a/extensions/CheckUser b/extensions/CheckUser new file mode 160000 index 00000000..c149e123 --- /dev/null +++ b/extensions/CheckUser @@ -0,0 +1 @@ +Subproject commit c149e123ffd2d972b8a31374f502e424fa03ef61 -- cgit v1.2.3-54-g00ecf From bde9bc38aec7f938a9be9b8978f0aa7ea279afd3 Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Mon, 11 Jul 2016 09:30:04 +0200 Subject: Add public LocalSettings.archlinux.org.php config Signed-off-by: Florian Pritz --- LocalSettings.archlinux.org.php | 209 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 209 insertions(+) create mode 100644 LocalSettings.archlinux.org.php diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php new file mode 100644 index 00000000..6d021f12 --- /dev/null +++ b/LocalSettings.archlinux.org.php @@ -0,0 +1,209 @@ + 'https://www.archlinux.org/', + 'Packages' => 'https://www.archlinux.org/packages/', + 'Forums' => 'https://bbs.archlinux.org/', + 'Wiki' => 'https://wiki.archlinux.org/', + 'Bugs' => 'https://bugs.archlinux.org/', + 'AUR' => 'https://aur.archlinux.org/', + 'Download' => 'https://www.archlinux.org/download/' + ); +$wgArchNavBarSelectedDefault = 'Wiki'; +$wgFooterIcons = array(); + +$wgLocaltimezone = 'UTC'; + +## For attaching licensing metadata to pages, and displaying an +## appropriate copyright notice / icon. GNU Free Documentation +## License and Creative Commons licenses are supported so far. +$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright +$wgRightsUrl = "http://www.gnu.org/copyleft/fdl.html"; +$wgRightsText = "GNU Free Documentation License 1.3 or later"; +$wgRightsIcon = "{$wgStylePath}/common/images/gnu-fdl.png"; + +# Query string length limit for ResourceLoader. You should only set this if +# your web server has a query string length limit (then set it to that limit), +# or if you have suhosin.get.max_value_length set in php.ini (then set it to +# that value) +$wgResourceLoaderMaxQueryLength = -1; + +# The following permissions were set based on your choice in the installer +$wgEmailConfirmToEdit = true; +$wgAllowUserCssPrefs = false; +$wgDisableAnonTalk = true; +$wgGroupPermissions['*']['edit'] = false; +$wgGroupPermissions['sysop']['deleterevision'] = true; +$wgGroupPermissions['user']['upload'] = false; +$wgGroupPermissions['user']['reupload'] = false; +$wgGroupPermissions['user']['reupload-shared'] = false; +$wgGroupPermissions['autoconfirmed']['upload'] = false; +$wgGroupPermissions['maintainer']['autopatrol'] = true; +$wgGroupPermissions['maintainer']['patrol'] = true; +$wgGroupPermissions['maintainer']['noratelimit'] = true; +$wgGroupPermissions['maintainer']['suppressredirect'] = true; +$wgGroupPermissions['maintainer']['rollback'] = true; +$wgGroupPermissions['maintainer']['browsearchive'] = true; +$wgGroupPermissions['maintainer']['apihighlimits'] = true; +$wgGroupPermissions['maintainer']['unwatchedpages'] = true; +$wgGroupPermissions['maintainer']['deletedhistory'] = true; +$wgGroupPermissions['maintainer']['deletedtext'] = true; + +# disable user account creation via API +$wgAPIModules['createaccount'] = 'ApiDisabled'; +# remove 'writeapi' right from users +$wgGroupPermissions['*']['writeapi'] = false; +$wgGroupPermissions['user']['writeapi'] = false; +# add 'writeapi' to autoconfirmed users, maintainers and admins +$wgGroupPermissions['autoconfirmed']['writeapi'] = true; +$wgGroupPermissions['maintainer']['writeapi'] = true; +$wgGroupPermissions['sysop']['writeapi'] = true; +# stricter conditions for 'autoconfirmed' promotion +$wgAutoConfirmAge = 86400*3; // three days +# require at least 20 normal edits before granting the 'writeapi' right +$wgAutoConfirmCount = 20; + +# Enabled Extensions. Most extensions are enabled by including the base extension file here +# but check specific extension documentation for more details +# The following extensions were automatically enabled: + +# $wgShowSQLErrors = true; +# $wgReadOnly = 'Database migration in progress. We`ll be back in a few minutes.'; + +$wgGitRepositoryViewers['.+projects\.archlinux\.org/vhosts/wiki\.archlinux\.org\.git(.*)'] = 'https://projects.archlinux.org/vhosts/wiki.archlinux.org.git/commit/?id=%H'; + +$wgJobRunRate = 0; + +require_once( "$IP/extensions/Nuke/Nuke.php" ); + +wfLoadExtension( 'CheckUser' ); +require_once "$IP/extensions/AbuseFilter/AbuseFilter.php"; + +# AbuseFilter extension +$wgGroupPermissions['sysop']['abusefilter-modify'] = true; +$wgGroupPermissions['*']['abusefilter-log-detail'] = true; +$wgGroupPermissions['*']['abusefilter-view'] = true; +$wgGroupPermissions['*']['abusefilter-log'] = true; +$wgGroupPermissions['sysop']['abusefilter-private'] = true; +$wgGroupPermissions['sysop']['abusefilter-modify-restricted'] = true; +$wgGroupPermissions['sysop']['abusefilter-revert'] = true; + +# CheckUser extension +$wgGroupPermissions['sysop']['checkuser'] = true; +$wgGroupPermissions['sysop']['checkuser-log'] = true; + + +# temporary disable registration; reverted 2016-6-26 bluewind +#$wgGroupPermissions['*']['createaccount'] = false; + +$wgUserEmailUseReplyTo = true; -- cgit v1.2.3-54-g00ecf From b62fd6a871dcdd00c642c3cad4a167c24e6e2c33 Mon Sep 17 00:00:00 2001 From: Jakub Klinkovský Date: Thu, 14 Jul 2016 10:35:38 +0200 Subject: Use specific release of AbuseFilter and CheckUser extensions --- .gitmodules | 2 ++ extensions/AbuseFilter | 2 +- extensions/CheckUser | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.gitmodules b/.gitmodules index fc47ad4e..d4d6a6c5 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,6 +1,8 @@ [submodule "extensions/CheckUser"] path = extensions/CheckUser url = https://gerrit.wikimedia.org/r/p/mediawiki/extensions/CheckUser.git + branch = REL1_26 [submodule "extensions/AbuseFilter"] path = extensions/AbuseFilter url = https://github.com/wikimedia/mediawiki-extensions-AbuseFilter.git + branch = REL1_26 diff --git a/extensions/AbuseFilter b/extensions/AbuseFilter index 063ac925..e4e82228 160000 --- a/extensions/AbuseFilter +++ b/extensions/AbuseFilter @@ -1 +1 @@ -Subproject commit 063ac925a80b7a87dbdd21b7acec8177efdac3d7 +Subproject commit e4e82228a8af22fc423b282de36a970412e94a9f diff --git a/extensions/CheckUser b/extensions/CheckUser index c149e123..710d3020 160000 --- a/extensions/CheckUser +++ b/extensions/CheckUser @@ -1 +1 @@ -Subproject commit c149e123ffd2d972b8a31374f502e424fa03ef61 +Subproject commit 710d30200318f1e8ec579bf0d07b07acbb105b5f -- cgit v1.2.3-54-g00ecf From 862da92c7a3b6479fc4daa4bf3b8944aa6735d8b Mon Sep 17 00:00:00 2001 From: Jakub Klinkovský Date: Thu, 14 Jul 2016 13:10:13 +0200 Subject: LocalSettings: move general settings to the top --- LocalSettings.archlinux.org.php | 62 ++++++++++++++++++++++------------------- 1 file changed, 34 insertions(+), 28 deletions(-) diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php index 6d021f12..89f8ca92 100644 --- a/LocalSettings.archlinux.org.php +++ b/LocalSettings.archlinux.org.php @@ -15,11 +15,20 @@ if ( !defined( 'MEDIAWIKI' ) ) { exit; } -## Uncomment this to disable output compression -# $wgDisableOutputCompression = true; +## +## General settings +## $wgSitename = "ArchWiki"; +## The protocol and server name to use in fully-qualified URLs +$wgServer = "https://wiki.archlinux.org"; + +$wgLocaltimezone = 'UTC'; + +# Site language code, should be one of the list in ./languages/Names.php +$wgLanguageCode = "en"; + ## The URL base path to the directory containing the wiki; ## defaults for all runtime URL paths are based off of this. ## For more information on customizing the URLs please see: @@ -29,9 +38,6 @@ $wgScriptPath = ""; $wgUsePathInfo = true; $wgScriptExtension = ".php"; -## The protocol and server name to use in fully-qualified URLs -$wgServer = "https://wiki.archlinux.org"; - ## The relative URL path to the skins directory $wgStylePath = "$wgScriptPath/skins"; @@ -39,6 +45,29 @@ $wgStylePath = "$wgScriptPath/skins"; ## or else you'll overwrite your logo when you upgrade! $wgLogo = "$wgStylePath/archlinux/archlogo.png"; +## For attaching licensing metadata to pages, and displaying an +## appropriate copyright notice / icon. GNU Free Documentation +## License and Creative Commons licenses are supported so far. +$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright +$wgRightsUrl = "http://www.gnu.org/copyleft/fdl.html"; +$wgRightsText = "GNU Free Documentation License 1.3 or later"; +$wgRightsIcon = "{$wgStylePath}/common/images/gnu-fdl.png"; + +# Query string length limit for ResourceLoader. You should only set this if +# your web server has a query string length limit (then set it to that limit), +# or if you have suhosin.get.max_value_length set in php.ini (then set it to +# that value) +# TODO: -1 is the default +$wgResourceLoaderMaxQueryLength = -1; + +$wgGitRepositoryViewers['.+projects\.archlinux\.org/vhosts/wiki\.archlinux\.org\.git(.*)'] = 'https://projects.archlinux.org/vhosts/wiki.archlinux.org.git/commit/?id=%H'; + +$wgJobRunRate = 0; + + +## Uncomment this to disable output compression +# $wgDisableOutputCompression = true; + ## UPO means: this is also a user preference option $wgEnableEmail = true; @@ -100,9 +129,6 @@ $wgFileCacheDirectory = "$IP/../cache/html"; $wgUseGzip = true; $wgUseETag = true; -# Site language code, should be one of the list in ./languages/Names.php -$wgLanguageCode = "en"; - ## Default skin: you can change the default skin. Use the internal symbolic ## names, ie 'standard', 'nostalgia', 'cologneblue', 'monobook', 'vector': //require_once "$IP/skins/ArchLinux/ArchLinux.php"; @@ -122,22 +148,6 @@ $wgArchNavBar = array( $wgArchNavBarSelectedDefault = 'Wiki'; $wgFooterIcons = array(); -$wgLocaltimezone = 'UTC'; - -## For attaching licensing metadata to pages, and displaying an -## appropriate copyright notice / icon. GNU Free Documentation -## License and Creative Commons licenses are supported so far. -$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright -$wgRightsUrl = "http://www.gnu.org/copyleft/fdl.html"; -$wgRightsText = "GNU Free Documentation License 1.3 or later"; -$wgRightsIcon = "{$wgStylePath}/common/images/gnu-fdl.png"; - -# Query string length limit for ResourceLoader. You should only set this if -# your web server has a query string length limit (then set it to that limit), -# or if you have suhosin.get.max_value_length set in php.ini (then set it to -# that value) -$wgResourceLoaderMaxQueryLength = -1; - # The following permissions were set based on your choice in the installer $wgEmailConfirmToEdit = true; $wgAllowUserCssPrefs = false; @@ -180,10 +190,6 @@ $wgAutoConfirmCount = 20; # $wgShowSQLErrors = true; # $wgReadOnly = 'Database migration in progress. We`ll be back in a few minutes.'; -$wgGitRepositoryViewers['.+projects\.archlinux\.org/vhosts/wiki\.archlinux\.org\.git(.*)'] = 'https://projects.archlinux.org/vhosts/wiki.archlinux.org.git/commit/?id=%H'; - -$wgJobRunRate = 0; - require_once( "$IP/extensions/Nuke/Nuke.php" ); wfLoadExtension( 'CheckUser' ); -- cgit v1.2.3-54-g00ecf From d3defaa19b976e7811e95edb5ac5c78f9ef9fa40 Mon Sep 17 00:00:00 2001 From: Jakub Klinkovský Date: Thu, 14 Jul 2016 13:11:44 +0200 Subject: LocalSettings: move database settings --- LocalSettings.archlinux.org.php | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php index 89f8ca92..0129df54 100644 --- a/LocalSettings.archlinux.org.php +++ b/LocalSettings.archlinux.org.php @@ -65,6 +65,23 @@ $wgGitRepositoryViewers['.+projects\.archlinux\.org/vhosts/wiki\.archlinux\.org\ $wgJobRunRate = 0; +## +## Database settings +## + +$wgDBtype = "mysql"; +$wgDBserver = "localhost"; + +# MySQL specific settings +$wgDBprefix = ""; + +# MySQL table options to use during installation or update +$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary"; + +# Experimental charset support for MySQL 5.0. +$wgDBmysql5 = false; + + ## Uncomment this to disable output compression # $wgDisableOutputCompression = true; @@ -80,19 +97,6 @@ $wgEnotifUserTalk = true; # UPO $wgEnotifWatchlist = true; # UPO $wgEmailAuthentication = true; -## Database settings -$wgDBtype = "mysql"; -$wgDBserver = "localhost"; - -# MySQL specific settings -$wgDBprefix = ""; - -# MySQL table options to use during installation or update -$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary"; - -# Experimental charset support for MySQL 5.0. -$wgDBmysql5 = false; - ## Shared memory settings $wgMainCacheType = CACHE_ACCEL; $wgMemCachedServers = array(); -- cgit v1.2.3-54-g00ecf From d69ef76ef7d1775f2b208e2930288feec0220401 Mon Sep 17 00:00:00 2001 From: Jakub Klinkovský Date: Thu, 14 Jul 2016 13:21:46 +0200 Subject: LocalSettings: move email settings --- LocalSettings.archlinux.org.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php index 0129df54..de52ad26 100644 --- a/LocalSettings.archlinux.org.php +++ b/LocalSettings.archlinux.org.php @@ -82,8 +82,9 @@ $wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary"; $wgDBmysql5 = false; -## Uncomment this to disable output compression -# $wgDisableOutputCompression = true; +## +## Email settings +## ## UPO means: this is also a user preference option @@ -97,6 +98,13 @@ $wgEnotifUserTalk = true; # UPO $wgEnotifWatchlist = true; # UPO $wgEmailAuthentication = true; +# avoid bouncing of user-to-user emails (FS#26737) +$wgUserEmailUseReplyTo = true; + + +## Uncomment this to disable output compression +# $wgDisableOutputCompression = true; + ## Shared memory settings $wgMainCacheType = CACHE_ACCEL; $wgMemCachedServers = array(); @@ -215,5 +223,3 @@ $wgGroupPermissions['sysop']['checkuser-log'] = true; # temporary disable registration; reverted 2016-6-26 bluewind #$wgGroupPermissions['*']['createaccount'] = false; - -$wgUserEmailUseReplyTo = true; -- cgit v1.2.3-54-g00ecf From c13e67c0a0ab99ed0952824b69850c3efed2a9dc Mon Sep 17 00:00:00 2001 From: Jakub Klinkovský Date: Thu, 14 Jul 2016 13:24:19 +0200 Subject: LocalSettings: move cache settings --- LocalSettings.archlinux.org.php | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php index de52ad26..5cafa9cd 100644 --- a/LocalSettings.archlinux.org.php +++ b/LocalSettings.archlinux.org.php @@ -102,13 +102,30 @@ $wgEmailAuthentication = true; $wgUserEmailUseReplyTo = true; -## Uncomment this to disable output compression -# $wgDisableOutputCompression = true; +## +## Cache settings +## ## Shared memory settings $wgMainCacheType = CACHE_ACCEL; $wgMemCachedServers = array(); +## Set $wgCacheDirectory to a writable directory on the web server +## to make your wiki go slightly faster. The directory should not +## be publically accessible from the web. +$wgCacheDirectory = "$IP/../cache/data"; +$wgShowIPinHeader = false; +$wgDisableCounters = true; +$wgEnableSidebarCache = true; +$wgUseFileCache = true; +$wgFileCacheDirectory = "$IP/../cache/html"; +$wgUseGzip = true; +$wgUseETag = true; + +## Uncomment this to disable output compression +# $wgDisableOutputCompression = true; + + ## To enable image uploads, make sure the 'images' directory ## is writable, then set this to true: $wgEnableUploads = true; @@ -129,18 +146,6 @@ $wgShellLocale = "en_US.utf8"; ## this, if it's not already uncommented: #$wgHashedUploadDirectory = false; -## Set $wgCacheDirectory to a writable directory on the web server -## to make your wiki go slightly faster. The directory should not -## be publically accessible from the web. -$wgCacheDirectory = "$IP/../cache/data"; -$wgShowIPinHeader = false; -$wgDisableCounters = true; -$wgEnableSidebarCache = true; -$wgUseFileCache = true; -$wgFileCacheDirectory = "$IP/../cache/html"; -$wgUseGzip = true; -$wgUseETag = true; - ## Default skin: you can change the default skin. Use the internal symbolic ## names, ie 'standard', 'nostalgia', 'cologneblue', 'monobook', 'vector': //require_once "$IP/skins/ArchLinux/ArchLinux.php"; -- cgit v1.2.3-54-g00ecf From 9a884e1ade06b8b116967c86a03aaf195871cb61 Mon Sep 17 00:00:00 2001 From: Jakub Klinkovský Date: Thu, 14 Jul 2016 13:28:54 +0200 Subject: LocalSettings: add remaining section comments --- LocalSettings.archlinux.org.php | 35 ++++++++++++++++++++++++++--------- 1 file changed, 26 insertions(+), 9 deletions(-) diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php index 5cafa9cd..31f0d0aa 100644 --- a/LocalSettings.archlinux.org.php +++ b/LocalSettings.archlinux.org.php @@ -126,6 +126,10 @@ $wgUseETag = true; # $wgDisableOutputCompression = true; +## +## Media settings +## + ## To enable image uploads, make sure the 'images' directory ## is writable, then set this to true: $wgEnableUploads = true; @@ -146,6 +150,11 @@ $wgShellLocale = "en_US.utf8"; ## this, if it's not already uncommented: #$wgHashedUploadDirectory = false; + +## +## Skin settings +## + ## Default skin: you can change the default skin. Use the internal symbolic ## names, ie 'standard', 'nostalgia', 'cologneblue', 'monobook', 'vector': //require_once "$IP/skins/ArchLinux/ArchLinux.php"; @@ -165,7 +174,11 @@ $wgArchNavBar = array( $wgArchNavBarSelectedDefault = 'Wiki'; $wgFooterIcons = array(); -# The following permissions were set based on your choice in the installer + +## +## Access control settings +## + $wgEmailConfirmToEdit = true; $wgAllowUserCssPrefs = false; $wgDisableAnonTalk = true; @@ -200,19 +213,15 @@ $wgAutoConfirmAge = 86400*3; // three days # require at least 20 normal edits before granting the 'writeapi' right $wgAutoConfirmCount = 20; -# Enabled Extensions. Most extensions are enabled by including the base extension file here -# but check specific extension documentation for more details -# The following extensions were automatically enabled: -# $wgShowSQLErrors = true; -# $wgReadOnly = 'Database migration in progress. We`ll be back in a few minutes.'; +## +## Additional extensions +## require_once( "$IP/extensions/Nuke/Nuke.php" ); -wfLoadExtension( 'CheckUser' ); -require_once "$IP/extensions/AbuseFilter/AbuseFilter.php"; - # AbuseFilter extension +require_once "$IP/extensions/AbuseFilter/AbuseFilter.php"; $wgGroupPermissions['sysop']['abusefilter-modify'] = true; $wgGroupPermissions['*']['abusefilter-log-detail'] = true; $wgGroupPermissions['*']['abusefilter-view'] = true; @@ -222,9 +231,17 @@ $wgGroupPermissions['sysop']['abusefilter-modify-restricted'] = true; $wgGroupPermissions['sysop']['abusefilter-revert'] = true; # CheckUser extension +wfLoadExtension( 'CheckUser' ); $wgGroupPermissions['sysop']['checkuser'] = true; $wgGroupPermissions['sysop']['checkuser-log'] = true; +## +## Temporary settings for maintenance +## + # temporary disable registration; reverted 2016-6-26 bluewind #$wgGroupPermissions['*']['createaccount'] = false; + +# $wgShowSQLErrors = true; +# $wgReadOnly = 'Database migration in progress. We`ll be back in a few minutes.'; -- cgit v1.2.3-54-g00ecf From 2a42cb76964d1cc806c3e2bf10c7a7665db1f800 Mon Sep 17 00:00:00 2001 From: Jakub Klinkovský Date: Thu, 14 Jul 2016 13:48:27 +0200 Subject: LocalSettings: update path to license icon The path was changed in MediaWiki 1.24, see https://www.mediawiki.org/wiki/Manual:$wgRightsIcon --- LocalSettings.archlinux.org.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php index 31f0d0aa..165f2bb1 100644 --- a/LocalSettings.archlinux.org.php +++ b/LocalSettings.archlinux.org.php @@ -51,7 +51,7 @@ $wgLogo = "$wgStylePath/archlinux/archlogo.png"; $wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright $wgRightsUrl = "http://www.gnu.org/copyleft/fdl.html"; $wgRightsText = "GNU Free Documentation License 1.3 or later"; -$wgRightsIcon = "{$wgStylePath}/common/images/gnu-fdl.png"; +$wgRightsIcon = "$wgScriptPath/resources/assets/licenses/gnu-fdl.png"; # Query string length limit for ResourceLoader. You should only set this if # your web server has a query string length limit (then set it to that limit), -- cgit v1.2.3-54-g00ecf From 44eaa7c4ad62cf6e1228bb7b845716edc98c7431 Mon Sep 17 00:00:00 2001 From: Dario Giovannetti Date: Thu, 14 Jul 2016 23:06:45 +0800 Subject: Remind LocalSettings.php variables --- LocalSettings.archlinux.org.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php index 165f2bb1..f889ecc5 100644 --- a/LocalSettings.archlinux.org.php +++ b/LocalSettings.archlinux.org.php @@ -15,6 +15,20 @@ if ( !defined( 'MEDIAWIKI' ) ) { exit; } +## +## LocalSettings.php +## + +#$wgDBname = "XXX"; +#$wgDBuser = "XXX"; +#$wgDBpassword = "XXX"; +#$wgSecretKey = "XXX"; +#$wgUpgradeKey = "XXX"; +#require_once( "$IP/extensions/FunnyQuestion/FunnyQuestion.php" ); +#$wgFunnyQuestionHash = "XXX"; +#$wgFunnyQuestions = array(); + + ## ## General settings ## -- cgit v1.2.3-54-g00ecf From 06f04a2df473a712b61015db19c4f2da0c9808c3 Mon Sep 17 00:00:00 2001 From: Jakub Klinkovský Date: Sat, 16 Jul 2016 13:16:37 +0200 Subject: LocalSettings: remove $wgDisableCounters The feature was completely removed in MediaWiki 1.25.0, see https://www.mediawiki.org/wiki/Manual:$wgDisableCounters --- LocalSettings.archlinux.org.php | 1 - 1 file changed, 1 deletion(-) diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php index f889ecc5..57594b08 100644 --- a/LocalSettings.archlinux.org.php +++ b/LocalSettings.archlinux.org.php @@ -129,7 +129,6 @@ $wgMemCachedServers = array(); ## be publically accessible from the web. $wgCacheDirectory = "$IP/../cache/data"; $wgShowIPinHeader = false; -$wgDisableCounters = true; $wgEnableSidebarCache = true; $wgUseFileCache = true; $wgFileCacheDirectory = "$IP/../cache/html"; -- cgit v1.2.3-54-g00ecf From 5c93cc0eed19ee88427274e124e3a2aeb3b55eb6 Mon Sep 17 00:00:00 2001 From: Jakub Klinkovský Date: Sat, 16 Jul 2016 13:33:30 +0200 Subject: LocalSettings: move $wgAllowUserCssPrefs to relevant section --- LocalSettings.archlinux.org.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php index 57594b08..7cab6ac7 100644 --- a/LocalSettings.archlinux.org.php +++ b/LocalSettings.archlinux.org.php @@ -117,7 +117,7 @@ $wgUserEmailUseReplyTo = true; ## -## Cache settings +## Cache and performance settings ## ## Shared memory settings @@ -135,6 +135,10 @@ $wgFileCacheDirectory = "$IP/../cache/html"; $wgUseGzip = true; $wgUseETag = true; +# CSS-based preferences supposedly cause about 20 times slower page loads +# https://phabricator.wikimedia.org/rSVN63707 +$wgAllowUserCssPrefs = false; + ## Uncomment this to disable output compression # $wgDisableOutputCompression = true; @@ -193,7 +197,6 @@ $wgFooterIcons = array(); ## $wgEmailConfirmToEdit = true; -$wgAllowUserCssPrefs = false; $wgDisableAnonTalk = true; $wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['sysop']['deleterevision'] = true; -- cgit v1.2.3-54-g00ecf From c20bddf2d35e5d9185262a46fda7ca91a4eade0c Mon Sep 17 00:00:00 2001 From: Jakub Klinkovský Date: Wed, 20 Jul 2016 09:39:07 +0200 Subject: LocalSettings: Enable subpages in the main namespace The default value for the main namespace is `false`, because Wikipedia does not use subpages for categorization anymore. That is not the case on ArchWiki, so there is no reason why the main namespace should behave differently. The most visible changes are relative links using the normal double square brackets notation and automatic breadcrumb links appearing at the top of the subpage, linking to each parent page that exists. See [1] for discussion and [2] for upstream documentation of this setting. Also see the related FS#39668 [3], which will be solved by this patch. [1] https://wiki.archlinux.org/index.php/Help_talk:Style#Slashes_in_titles [2] https://www.mediawiki.org/wiki/Manual:$wgNamespacesWithSubpages [3] https://bugs.archlinux.org/task/39668 --- LocalSettings.archlinux.org.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php index 7cab6ac7..e5249dc9 100644 --- a/LocalSettings.archlinux.org.php +++ b/LocalSettings.archlinux.org.php @@ -78,6 +78,9 @@ $wgGitRepositoryViewers['.+projects\.archlinux\.org/vhosts/wiki\.archlinux\.org\ $wgJobRunRate = 0; +# Enable subpages in the main namespace (FS#39668) +$wgNamespacesWithSubpages[NS_MAIN] = true; + ## ## Database settings -- cgit v1.2.3-54-g00ecf From 4bdf6e63e50da874ac4db65096d6d3af7f50aa64 Mon Sep 17 00:00:00 2001 From: Jakub Klinkovský Date: Wed, 20 Jul 2016 10:27:19 +0200 Subject: LocalSettings: Hide "minordefault" and "forceeditsummary" user options There is little wrong in letting the users configure these settings, but setting "Mark all edits as minor by default" to true or "Prompt me when entering a blank edit summary" to false has bad impact on the quality of the wiki edits, because such users tend to ignore the fundamental rules [1] and there is nothing to remind it to them. Disabling these user preferences and forcing the default values according to this patch will decrease the effort of the Maintenance Team spent on guiding the editors and also generally increase the quality of user contributions. This will solve FS#46190 [2]. [1] https://wiki.archlinux.org/index.php/ArchWiki:Contributing#The_3_fundamental_rules [2] https://bugs.archlinux.org/task/46190 --- LocalSettings.archlinux.org.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php index e5249dc9..0d5d0d2c 100644 --- a/LocalSettings.archlinux.org.php +++ b/LocalSettings.archlinux.org.php @@ -199,14 +199,21 @@ $wgFooterIcons = array(); ## Access control settings ## +# disable anonymous editing $wgEmailConfirmToEdit = true; $wgDisableAnonTalk = true; $wgGroupPermissions['*']['edit'] = false; + +# extra rights for admins $wgGroupPermissions['sysop']['deleterevision'] = true; + +# disable uploads by normal users $wgGroupPermissions['user']['upload'] = false; $wgGroupPermissions['user']['reupload'] = false; $wgGroupPermissions['user']['reupload-shared'] = false; $wgGroupPermissions['autoconfirmed']['upload'] = false; + +# maintainers' rights $wgGroupPermissions['maintainer']['autopatrol'] = true; $wgGroupPermissions['maintainer']['patrol'] = true; $wgGroupPermissions['maintainer']['noratelimit'] = true; @@ -232,6 +239,16 @@ $wgAutoConfirmAge = 86400*3; // three days # require at least 20 normal edits before granting the 'writeapi' right $wgAutoConfirmCount = 20; +# Enforce basic editing etiquette (FS#46190) +# We set the defaults for "minordefault" (disabled) and "forceeditsummary" +# (enabled) options and hide them from the user preferences dialog. Note that +# hiding the user preferences with $wgHiddenPrefs results in everybody using +# the defaults, regardless of the users' earlier preference. +$wgDefaultUserOptions["minordefault"] = 0; +$wgDefaultUserOptions["forceeditsummary"] = 1; +$wgHiddenPrefs[] = "minordefault"; +$wgHiddenPrefs[] = "forceeditsummary"; + ## ## Additional extensions -- cgit v1.2.3-54-g00ecf From f1c44a65db08b237e7d65ec243e050c2c8db49e6 Mon Sep 17 00:00:00 2001 From: Jakub Klinkovský Date: Wed, 20 Jul 2016 21:14:14 +0200 Subject: LocalSettings: Enable support for userscripts and user-stylesheets Related bug report: FS#46699 [1] Enabling userscripts allows the users to use many existing scripts from Wikipedia [2], which can greatly improve the experience of reading, editing and maintaining the wiki. It will also allow us to make some ArchWiki-specific scripts like Wiki Monkey [3] more portable (currently it depends on browser extensions like Greasemonkey to work). Enabling user-stylesheets lets the users customize the default Arch skin on the wiki according to their preference, and more importantly, it makes it easier for users to test modifications and prepare patches for the main skin. This is probably the main blocker of FS#46697 [4]. [1] https://bugs.archlinux.org/task/46699 [2] https://en.wikipedia.org/wiki/Wikipedia:User_scripts [3] https://wiki.archlinux.org/index.php/Wiki_Monkey [4] https://bugs.archlinux.org/task/46697 --- LocalSettings.archlinux.org.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php index 0d5d0d2c..484ec190 100644 --- a/LocalSettings.archlinux.org.php +++ b/LocalSettings.archlinux.org.php @@ -81,6 +81,10 @@ $wgJobRunRate = 0; # Enable subpages in the main namespace (FS#39668) $wgNamespacesWithSubpages[NS_MAIN] = true; +# Enable support for userscripts and user-stylesheets (FS#46699) +$wgAllowUserJs = true; +$wgAllowUserCss = true; + ## ## Database settings -- cgit v1.2.3-54-g00ecf From 688fde9f793c9dbe85c561c00ee9b72ef97b1d6d Mon Sep 17 00:00:00 2001 From: Jakub Klinkovský Date: Wed, 20 Jul 2016 21:49:44 +0200 Subject: LocalSettings: add groups for AbuseFilter rules --- LocalSettings.archlinux.org.php | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php index 484ec190..6d432b0b 100644 --- a/LocalSettings.archlinux.org.php +++ b/LocalSettings.archlinux.org.php @@ -270,6 +270,17 @@ $wgGroupPermissions['sysop']['abusefilter-private'] = true; $wgGroupPermissions['sysop']['abusefilter-modify-restricted'] = true; $wgGroupPermissions['sysop']['abusefilter-revert'] = true; +# filter groups +$wgAbuseFilterValidGroups = array( 'default', 'proofed' ); +$wgAbuseFilterEmergencyDisableThreshold = array( + 'default' => 0.5, + 'proofed' => 1.0, +); +$wgAbuseFilterEmergencyDisableCount = array( + 'default' => 10, + 'proofed' => 65535, +); + # CheckUser extension wfLoadExtension( 'CheckUser' ); $wgGroupPermissions['sysop']['checkuser'] = true; -- cgit v1.2.3-54-g00ecf From 26fe3772c0d44656849169584dbba32a579dab14 Mon Sep 17 00:00:00 2001 From: Alad Wenter Date: Sun, 24 Jul 2016 00:16:18 +0200 Subject: Enable ParserFunctions extension ParserFunctions allows for more versatile wiki templates, amongst other functionality, and is shipped with MediaWiki since version 1.18. [1] Included string functionality remains disabled, as is done on wikimedia projects. [2] [1] https://www.mediawiki.org/wiki/Extension:ParserFunctions [2] https://phabricator.wikimedia.org/T8455#110965 --- LocalSettings.archlinux.org.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php index 6d432b0b..afcbe857 100644 --- a/LocalSettings.archlinux.org.php +++ b/LocalSettings.archlinux.org.php @@ -286,6 +286,8 @@ wfLoadExtension( 'CheckUser' ); $wgGroupPermissions['sysop']['checkuser'] = true; $wgGroupPermissions['sysop']['checkuser-log'] = true; +# ParserFunctions extension +wfLoadExtension( 'ParserFunctions' ); ## ## Temporary settings for maintenance -- cgit v1.2.3-54-g00ecf From b5e7f46db0fcb6f251206eaf36339ad3ad589f8b Mon Sep 17 00:00:00 2001 From: Alad Wenter Date: Tue, 26 Jul 2016 20:02:58 +0200 Subject: Enable Interwiki extension This extension allows to modify the interwiki table [1], and is shipped with MediaWiki since version 1.21. [2] It is enabled as a temporary measure until functionality is merged to the MediaWiki core. [3] [1] https://www.mediawiki.org/wiki/Manual:Interwiki_table [2] https://www.mediawiki.org/wiki/Extension:Interwiki [3] https://phabricator.wikimedia.org/T33951 --- LocalSettings.archlinux.org.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php index afcbe857..db98bdb4 100644 --- a/LocalSettings.archlinux.org.php +++ b/LocalSettings.archlinux.org.php @@ -289,6 +289,10 @@ $wgGroupPermissions['sysop']['checkuser-log'] = true; # ParserFunctions extension wfLoadExtension( 'ParserFunctions' ); +# Interwiki extension +wfLoadExtension( 'Interwiki' ); +$wgGroupPermissions['sysop']['interwiki'] = true; + ## ## Temporary settings for maintenance ## -- cgit v1.2.3-54-g00ecf