From fa89acd685cb09cdbe1c64cbb721ec64975bbbc1 Mon Sep 17 00:00:00 2001 From: Pierre Schmitz Date: Mon, 21 Dec 2015 06:22:43 +0100 Subject: Update to MediaWiki 1.26.2 --- RELEASE-NOTES-1.26 | 9 ++++++++- includes/DefaultSettings.php | 2 +- includes/OutputPage.php | 14 +++++++++++++- 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/RELEASE-NOTES-1.26 b/RELEASE-NOTES-1.26 index 0adfbe20..e617f00b 100644 --- a/RELEASE-NOTES-1.26 +++ b/RELEASE-NOTES-1.26 @@ -1,6 +1,13 @@ Security reminder: If you have PHP's register_globals option set, you must turn it off. MediaWiki will not work with it enabled. +== MediaWiki 1.26.2 == + +This is a maintenance release of the MediaWiki 1.26 branch. + +== Changes since 1.26.1 == +* (T121892) Fix fatal error on some Special pages, introduced in 1.26.1. + == MediaWiki 1.26.1 == This is a maintenance release of the MediaWiki 1.26 branch. @@ -11,7 +18,7 @@ This is a maintenance release of the MediaWiki 1.26 branch. Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an error. -* (T119309) SECURITY: Use hash_equals() for edit token comparison +* (T119309) SECURITY: Use hash_compare() for edit token comparison * (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting with '@' as file uploads * (T115522) SECURITY: Passwords generated by User::randomPassword() can no diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 919d05b8..61fec6e1 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -75,7 +75,7 @@ $wgConfigRegistry = array( * MediaWiki version number * @since 1.2 */ -$wgVersion = '1.26.1'; +$wgVersion = '1.26.2'; /** * Name of the site. It must be changed in LocalSettings.php diff --git a/includes/OutputPage.php b/includes/OutputPage.php index 552e1815..69ed8def 100644 --- a/includes/OutputPage.php +++ b/includes/OutputPage.php @@ -236,6 +236,8 @@ class OutputPage extends ContextSource { /** @var int Cache stuff. Looks like mEnableClientCache */ protected $mSquidMaxage = 0; + /** @var int Upper limit on mCdnMaxage */ + protected $mCdnMaxageLimit = INF; /** * @var bool Controls if anti-clickjacking / frame-breaking headers will @@ -1945,7 +1947,17 @@ class OutputPage extends ContextSource { * @param int $maxage Maximum cache time on the Squid, in seconds. */ public function setSquidMaxage( $maxage ) { - $this->mSquidMaxage = $maxage; + $this->mSquidMaxage = min( $maxage, $this->mCdnMaxageLimit ); + } + + /** + * Lower the value of the "s-maxage" part of the "Cache-control" HTTP header + * + * @param int $maxage Maximum cache time on the CDN, in seconds + */ + public function lowerCdnMaxage( $maxage ) { + $this->mCdnMaxageLimit = min( $maxage, $this->mCdnMaxageLimit ); + $this->setSquidMaxage( $this->mSquidMaxage ); } /** -- cgit v1.2.3