From a2bbd243c85ea0e425ee3e8c380aba9f254cee61 Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Mon, 18 Apr 2016 21:41:27 +0000
Subject: Add note about yahoo mail delivery problems

https://bugs.archlinux.org/task/48628

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 includes/templates/Usercreate.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/includes/templates/Usercreate.php b/includes/templates/Usercreate.php
index a39690a7..84695e1f 100644
--- a/includes/templates/Usercreate.php
+++ b/includes/templates/Usercreate.php
@@ -164,6 +164,7 @@ class UsercreateTemplate extends BaseTemplate {
 							);
 						?>
 					</label>
+						<p><b>Note:</b> We are currently experiencing delivery issues to Yahoo. Please do not use a Yahoo email account to sign up.</p>
 					<?php
 						echo Html::input( 'wpEmail', $this->data['email'], 'email', array(
 							'class' => 'mw-ui-input loginText',
-- 
cgit v1.2.3-54-g00ecf


From 7bf2eb8ba09b54cec804446ea39a3e658773fac9 Mon Sep 17 00:00:00 2001
From: Pierre Schmitz <pierre@archlinux.de>
Date: Sat, 21 May 2016 08:33:14 +0200
Subject: Update to MediaWiki 1.26.3

---
 README.mediawiki                                   |  1 -
 RELEASE-NOTES-1.26                                 | 28 ++++++++++
 docs/hooks.txt                                     |  6 ++
 .../SyntaxHighlight_GeSHi.class.php                |  5 +-
 .../SyntaxHighlight_GeSHi/tests/parserTests.txt    |  9 +++
 includes/DefaultSettings.php                       | 16 ++++--
 includes/Defines.php                               |  6 ++
 includes/GlobalFunctions.php                       |  8 +++
 includes/Import.php                                | 18 ++++--
 includes/Linker.php                                | 11 +++-
 includes/MediaWiki.php                             | 13 ++++-
 includes/OutputHandler.php                         |  4 +-
 includes/OutputPage.php                            | 28 ++--------
 includes/User.php                                  |  3 +
 includes/WebStart.php                              |  3 +
 includes/actions/RawAction.php                     |  6 ++
 includes/api/ApiBase.php                           |  8 ++-
 includes/api/ApiFormatJson.php                     |  4 +-
 includes/api/ApiFormatPhp.php                      |  2 +-
 includes/api/ApiMain.php                           | 35 ++++++++++++
 includes/api/ApiMove.php                           |  5 ++
 includes/db/DatabasePostgres.php                   |  3 +
 includes/diff/DairikiDiff.php                      |  6 +-
 includes/diff/DifferenceEngine.php                 | 31 ++++++++++-
 includes/page/Article.php                          |  2 +-
 includes/parser/CoreTagHooks.php                   | 24 ++++++--
 includes/parser/Parser.php                         | 28 ++++++++--
 includes/password/MWOldPassword.php                |  4 ++
 includes/password/MWSaltedPassword.php             |  4 ++
 includes/password/Pbkdf2Password.php               |  9 ++-
 .../resourceloader/ResourceLoaderFileModule.php    |  1 -
 .../resourceloader/ResourceLoaderImageModule.php   |  6 --
 includes/resourceloader/ResourceLoaderModule.php   | 17 ------
 .../resourceloader/ResourceLoaderWikiModule.php    |  2 -
 includes/specials/SpecialUserlogin.php             | 15 +++--
 includes/upload/UploadBase.php                     |  2 +-
 resources/Resources.php                            |  2 +
 .../mediawiki.page/mediawiki.page.patrol.ajax.js   |  2 +-
 tests/browser/README.mediawiki                     | 64 ----------------------
 tests/parser/parserTests.txt                       | 13 ++++-
 tests/phpunit/includes/api/ApiMainTest.php         | 27 +++++++++
 .../includes/api/format/ApiFormatJsonTest.php      |  4 +-
 tests/phpunit/includes/upload/UploadBaseTest.php   |  6 ++
 tests/qunit/data/testrunner.js                     |  2 -
 44 files changed, 329 insertions(+), 164 deletions(-)
 delete mode 120000 README.mediawiki
 delete mode 100644 tests/browser/README.mediawiki

diff --git a/README.mediawiki b/README.mediawiki
deleted file mode 120000
index 100b9382..00000000
--- a/README.mediawiki
+++ /dev/null
@@ -1 +0,0 @@
-README
\ No newline at end of file
diff --git a/RELEASE-NOTES-1.26 b/RELEASE-NOTES-1.26
index e617f00b..fd2e5e69 100644
--- a/RELEASE-NOTES-1.26
+++ b/RELEASE-NOTES-1.26
@@ -1,6 +1,34 @@
 Security reminder: If you have PHP's register_globals option set, you must
 turn it off. MediaWiki will not work with it enabled.
 
+== MediaWiki 1.26.3 ==
+
+This is a maintenance release of the MediaWiki 1.26 branch.
+
+== Changes since 1.26.2 ==
+* (T116266) Fixed undefined property notices in DairikiDiff under HHVM.
+* (T123166) Fix fatal error when importing pages to titles which cannot be
+  created, such as invalid titles or titles the user is not allowed to edit.
+* (T122056) Old tokens are remaining valid within a new session
+* (T127114) Login throttle can be tricked using non-canonicalized usernames
+* (T123653) Cross-domain policy regexp is too narrow
+* (T123071) Incorrectly identifying http link in a's href attributes, due to
+  m modifier in regex
+* (T129506) MediaWiki:Gadget-popups.js isn't renderable
+* (T125283) Users occasionally logged in as different users after
+  SessionManager deployment
+* (T103239) Patrol allows click catching and patrolling of any page
+* (T122807) [tracking] Check php crypto primatives
+* (T98313) Graphs can leak tokens, leading to CSRF
+* (T130947) Diff generation should use PoolCounter
+* (T133507) Careless use of $wgExternalLinkTarget is insecure
+* (T132874) API action=move is not rate limited
+* (T110143) strip markers can be used to get around html attribute escaping in
+  (many?) parser tags
+* (T116030) Increase pbkdf2 parameter strengths
+* (T127420) Pbkdf2Password does not check if hash_pbkdf2() succeeded
+* (T126685) Globally throttle password attempts
+
 == MediaWiki 1.26.2 ==
 
 This is a maintenance release of the MediaWiki 1.26 branch.
diff --git a/docs/hooks.txt b/docs/hooks.txt
index 7671e6e3..4e134e5d 100644
--- a/docs/hooks.txt
+++ b/docs/hooks.txt
@@ -2449,6 +2449,12 @@ $context: (IContextSource) The RequestContext the skin is being created for.
 &$skin: A variable reference you may set a Skin instance or string key on to
   override the skin that will be used for the context.
 
+'RequestHasSameOriginSecurity': Called to determine if the request is somehow
+flagged to lack same-origin security. Return false to indicate the lack. Note
+if the "somehow" involves HTTP headers, you'll probably need to make sure
+the header is varied on.
+WebRequest $request: The request.
+
 'ResetPasswordExpiration': Allow extensions to set a default password expiration
 $user: The user having their password expiration reset
 &$newExpire: The new expiration date
diff --git a/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.class.php b/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.class.php
index 9eed2763..e2da350b 100644
--- a/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.class.php
+++ b/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.class.php
@@ -111,8 +111,11 @@ class SyntaxHighlight_GeSHi {
 	public static function parserHook( $text, $args = array(), $parser ) {
 		global $wgUseTidy;
 
+		// Replace strip markers (For e.g. {{#tag:syntaxhighlight|<nowiki>...}})
+		$out = $parser->mStripState->unstripNoWiki( $text );
+
 		// Don't trim leading spaces away, just the linefeeds
-		$out = preg_replace( '/^\n+/', '', rtrim( $text ) );
+		$out = preg_replace( '/^\n+/', '', rtrim( $out ) );
 
 		// Convert deprecated attributes
 		if ( isset( $args['enclose'] ) ) {
diff --git a/extensions/SyntaxHighlight_GeSHi/tests/parserTests.txt b/extensions/SyntaxHighlight_GeSHi/tests/parserTests.txt
index c6aaa9a4..5d5038c9 100644
--- a/extensions/SyntaxHighlight_GeSHi/tests/parserTests.txt
+++ b/extensions/SyntaxHighlight_GeSHi/tests/parserTests.txt
@@ -154,3 +154,12 @@ Text <source lang="javascript" enclose="none">var a;</source>.
 <p>Text <code class="mw-highlight" dir="ltr"><span class="kd">var</span> <span class="nx">a</span><span class="p">;</span></code>.
 </p>
 !! end
+
+!! test
+Enclose with nowiki
+!! input
+{{#tag:syntaxhighlight|<nowiki>foo</nowiki>|lang="text"|inline=none}}
+!! result
+<p><code class="mw-highlight" dir="ltr">foo</code>
+</p>
+!! end
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 61fec6e1..7498a021 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -75,7 +75,7 @@ $wgConfigRegistry = array(
  * MediaWiki version number
  * @since 1.2
  */
-$wgVersion = '1.26.2';
+$wgVersion = '1.26.3';
 
 /**
  * Name of the site. It must be changed in LocalSettings.php
@@ -4188,7 +4188,13 @@ $wgDebugTidy = false;
 $wgRawHtml = false;
 
 /**
- * Set a default target for external links, e.g. _blank to pop up a new window
+ * Set a default target for external links, e.g. _blank to pop up a new window.
+ *
+ * This will also set the "noreferrer" and "noopener" link rel to prevent the
+ * attack described at https://mathiasbynens.github.io/rel-noopener/ .
+ * Some older browsers may not support these link attributes, hence
+ * setting $wgExternalLinkTarget to _blank may represent a security risk
+ * to some of your users.
  */
 $wgExternalLinkTarget = false;
 
@@ -4438,9 +4444,9 @@ $wgPasswordConfig = array(
 	),
 	'pbkdf2' => array(
 		'class' => 'Pbkdf2Password',
-		'algo' => 'sha256',
-		'cost' => '10000',
-		'length' => '128',
+		'algo' => 'sha512',
+		'cost' => '30000',
+		'length' => '64',
 	),
 );
 
diff --git a/includes/Defines.php b/includes/Defines.php
index d55bbcf8..2f3d64fe 100644
--- a/includes/Defines.php
+++ b/includes/Defines.php
@@ -304,3 +304,9 @@ define( 'CONTENT_FORMAT_JSON', 'application/json' );
 // for future use with the api, and for use by extensions
 define( 'CONTENT_FORMAT_XML', 'application/xml' );
 /**@}*/
+
+/**@{
+ * Max string length for shell invocations; based on binfmts.h
+ */
+define( 'SHELL_MAX_ARG_STRLEN', '100000');
+/**@}*/
diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index 64aa87ec..c4d5b5bc 100644
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -2812,6 +2812,14 @@ function wfShellExec( $cmd, &$retval = null, $environ = array(),
 	}
 	wfDebug( "wfShellExec: $cmd\n" );
 
+	// Don't try to execute commands that exceed Linux's MAX_ARG_STRLEN.
+	// Other platforms may be more accomodating, but we don't want to be
+	// accomodating, because very long commands probably include user
+	// input. See T129506.
+	if ( strlen( $cmd ) > SHELL_MAX_ARG_STRLEN ) {
+		throw new Exception( __METHOD__ . '(): total length of $cmd must not exceed SHELL_MAX_ARG_STRLEN' );
+	}
+
 	$desc = array(
 		0 => array( 'file', 'php://stdin', 'r' ),
 		1 => array( 'pipe', 'w' ),
diff --git a/includes/Import.php b/includes/Import.php
index 6a0bfd09..db4a6b2d 100644
--- a/includes/Import.php
+++ b/includes/Import.php
@@ -728,13 +728,14 @@ class WikiImporter {
 					$title = $this->processTitle( $pageInfo['title'],
 						isset( $pageInfo['ns'] ) ? $pageInfo['ns'] : null );
 
-					if ( !$title ) {
+					// $title is either an array of two titles or false.
+					if ( is_array( $title ) ) {
+						$this->pageCallback( $title );
+						list( $pageInfo['_title'], $foreignTitle ) = $title;
+					} else {
 						$badTitle = true;
 						$skip = true;
 					}
-
-					$this->pageCallback( $title );
-					list( $pageInfo['_title'], $foreignTitle ) = $title;
 				}
 
 				if ( $title ) {
@@ -750,10 +751,17 @@ class WikiImporter {
 			}
 		}
 
-		$this->pageOutCallback( $pageInfo['_title'], $foreignTitle,
+		// @note $pageInfo is only set if a valid $title is processed above with
+		//       no error. If we have a valid $title, then pageCallback is called
+		//       above, $pageInfo['title'] is set and we do pageOutCallback here.
+		//       If $pageInfo['_title'] is not set, then $foreignTitle is also not
+		//       set since they both come from $title above.
+		if ( array_key_exists( '_title', $pageInfo ) ) {
+			$this->pageOutCallback( $pageInfo['_title'], $foreignTitle,
 					$pageInfo['revisionCount'],
 					$pageInfo['successfulRevisionCount'],
 					$pageInfo );
+		}
 	}
 
 	/**
diff --git a/includes/Linker.php b/includes/Linker.php
index 9b5ff27b..f0fa4a5a 100644
--- a/includes/Linker.php
+++ b/includes/Linker.php
@@ -1073,7 +1073,16 @@ class Linker {
 		if ( !$title ) {
 			$title = $wgTitle;
 		}
-		$attribs['rel'] = Parser::getExternalLinkRel( $url, $title );
+		$newRel = Parser::getExternalLinkRel( $url, $title );
+		if ( !isset( $attribs['rel'] ) || $attribs['rel'] === '' ) {
+			$attribs['rel'] = $newRel;
+		} elseif( $newRel !== '' ) {
+			// Merge the rel attributes.
+			$newRels = explode( ' ', $newRel );
+			$oldRels = explode( ' ', $attribs['rel'] );
+			$combined = array_unique( array_merge( $newRels, $oldRels ) );
+			$attribs['rel'] = implode( ' ', $combined );
+		}
 		$link = '';
 		$success = Hooks::run( 'LinkerMakeExternalLink',
 			array( &$url, &$text, &$link, &$attribs, $linktype ) );
diff --git a/includes/MediaWiki.php b/includes/MediaWiki.php
index 2da2f6ce..a902f367 100644
--- a/includes/MediaWiki.php
+++ b/includes/MediaWiki.php
@@ -806,9 +806,18 @@ class MediaWiki {
 		$errno = $errstr = null;
 		$info = wfParseUrl( $this->config->get( 'Server' ) );
 		MediaWiki\suppressWarnings();
+		$host = $info['host'];
+		$port = 80;
+		if ( isset( $info['scheme'] ) && $info['scheme'] == 'https' ) {
+			$host = "tls://" . $host;
+			$port = 443;
+		}
+		if ( isset( $info['port'] ) ) {
+			$port = $info['port'];
+		}
 		$sock = fsockopen(
-			$info['host'],
-			isset( $info['port'] ) ? $info['port'] : 80,
+			$host,
+			$port,
 			$errno,
 			$errstr,
 			// If it takes more than 100ms to connect to ourselves there
diff --git a/includes/OutputHandler.php b/includes/OutputHandler.php
index c6209eeb..dd99361e 100644
--- a/includes/OutputHandler.php
+++ b/includes/OutputHandler.php
@@ -154,8 +154,8 @@ function wfGzipHandler( $s ) {
  */
 function wfMangleFlashPolicy( $s ) {
 	# Avoid weird excessive memory usage in PCRE on big articles
-	if ( preg_match( '/\<\s*cross-domain-policy\s*\>/i', $s ) ) {
-		return preg_replace( '/\<\s*cross-domain-policy\s*\>/i', '<NOT-cross-domain-policy>', $s );
+	if ( preg_match( '/\<\s*cross-domain-policy(?=\s|\>)/i', $s ) ) {
+		return preg_replace( '/\<(\s*)(cross-domain-policy(?=\s|\>))/i', '<$1NOT-$2', $s );
 	} else {
 		return $s;
 	}
diff --git a/includes/OutputPage.php b/includes/OutputPage.php
index 69ed8def..324cab34 100644
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -610,20 +610,6 @@ class OutputPage extends ContextSource {
 	 * @return array Array of module names
 	 */
 	public function getModuleStyles( $filter = false, $position = null ) {
-		// T97420
-		$resourceLoader = $this->getResourceLoader();
-
-		foreach ( $this->mModuleStyles as $val ) {
-			$module = $resourceLoader->getModule( $val );
-
-			if ( $module instanceof ResourceLoaderModule && $module->isPositionDefault() ) {
-				$warning = __METHOD__ . ': style module should define its position explicitly: ' .
-					$val . ' ' . get_class( $module );
-				wfDebugLog( 'resourceloader', $warning );
-				wfLogWarning( $warning );
-			}
-		}
-
 		return $this->getModules( $filter, $position, 'mModuleStyles' );
 	}
 
@@ -2044,6 +2030,11 @@ class OutputPage extends ContextSource {
 	 * @return string
 	 */
 	public function getVaryHeader() {
+		// If we vary on cookies, let's make sure it's always included here too.
+		if ( $this->getCacheVaryCookies() ) {
+			$this->addVaryHeader( 'Cookie' );
+		}
+
 		return 'Vary: ' . join( ', ', array_keys( $this->mVaryHeader ) );
 	}
 
@@ -3074,10 +3065,6 @@ class OutputPage extends ContextSource {
 			ResourceLoaderModule::TYPE_SCRIPTS
 		);
 
-		$links[] = $this->makeResourceLoaderLink( $this->getModuleStyles( true, 'bottom' ),
-			ResourceLoaderModule::TYPE_STYLES
-		);
-
 		// Modules requests - let the client calculate dependencies and batch requests as it likes
 		// Only load modules that have marked themselves for loading at the bottom
 		$modules = $this->getModules( true, 'bottom' );
@@ -3140,9 +3127,6 @@ class OutputPage extends ContextSource {
 	 * @return string
 	 */
 	function getBottomScripts() {
-		// In case the skin wants to add bottom CSS
-		$this->getSkin()->setupSkinUserCss( $this );
-
 		return $this->getScriptsForBottomQueue();
 	}
 
@@ -3665,7 +3649,7 @@ class OutputPage extends ContextSource {
 		$otherTags = array(); // Tags to append after the normal <link> tags
 		$resourceLoader = $this->getResourceLoader();
 
-		$moduleStyles = $this->getModuleStyles( true, 'top' );
+		$moduleStyles = $this->getModuleStyles();
 
 		// Per-site custom styles
 		$moduleStyles[] = 'site';
diff --git a/includes/User.php b/includes/User.php
index 199dd1dc..f6df7e03 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -3630,11 +3630,14 @@ class User implements IDBAccessObject {
 		$this->clearInstanceCache( 'defaults' );
 
 		$this->getRequest()->setSessionData( 'wsUserID', 0 );
+		$this->getRequest()->setSessionData( 'wsEditToken', null );
 
 		$this->clearCookie( 'UserID' );
 		$this->clearCookie( 'Token' );
 		$this->clearCookie( 'forceHTTPS', false, array( 'prefix' => '' ) );
 
+		wfResetSessionID();
+
 		// Remember when user logged out, to prevent seeing cached pages
 		$this->setCookie( 'LoggedOut', time(), time() + 86400 );
 	}
diff --git a/includes/WebStart.php b/includes/WebStart.php
index f5a4f93b..e75e97fd 100644
--- a/includes/WebStart.php
+++ b/includes/WebStart.php
@@ -40,6 +40,9 @@ if ( function_exists( 'get_magic_quotes_gpc' ) && get_magic_quotes_gpc() ) {
 		. 'for help on how to disable magic quotes.' );
 }
 
+if ( ini_get( 'mbstring.func_overload' ) ) {
+       die( 'MediaWiki does not support installations where mbstring.func_overload is non-zero.' );
+}
 
 # bug 15461: Make IE8 turn off content sniffing. Everybody else should ignore this
 # We're adding it here so that it's *always* set, even for alternate entry
diff --git a/includes/actions/RawAction.php b/includes/actions/RawAction.php
index b71b0e9e..6b99258f 100644
--- a/includes/actions/RawAction.php
+++ b/includes/actions/RawAction.php
@@ -90,6 +90,12 @@ class RawAction extends FormlessAction {
 			}
 		}
 
+		// Set standard Vary headers so cache varies on cookies and such (T125283)
+		$response->header( $this->getOutput()->getVaryHeader() );
+		if ( $config->get( 'UseXVO' ) ) {
+			$response->header( $this->getOutput()->getXVO() );
+		}
+
 		$response->header( 'Content-type: ' . $contentType . '; charset=UTF-8' );
 		// Output may contain user-specific data;
 		// vary generated content for open sessions on private wikis
diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php
index d53797bc..4f40499c 100644
--- a/includes/api/ApiBase.php
+++ b/includes/api/ApiBase.php
@@ -421,7 +421,13 @@ abstract class ApiBase extends ContextSource {
 	 * @return bool
 	 */
 	public function lacksSameOriginSecurity() {
-		return $this->getMain()->getRequest()->getVal( 'callback' ) !== null;
+		// Main module has this method overridden
+		// Safety - avoid infinite loop:
+		if ( $this->isMain() ) {
+			ApiBase::dieDebug( __METHOD__, 'base method was called on main module.' );
+		}
+
+		return $this->getMain()->lacksSameOriginSecurity();
 	}
 
 	/**
diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php
index be1b12c3..baba5b2d 100644
--- a/includes/api/ApiFormatJson.php
+++ b/includes/api/ApiFormatJson.php
@@ -102,9 +102,9 @@ class ApiFormatJson extends ApiFormatBase {
 		// Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in
 		// Flash, but what it does isn't friendly for the API, so we need to
 		// work around it.
-		if ( preg_match( '/\<\s*cross-domain-policy\s*\>/i', $json ) ) {
+		if ( preg_match( '/\<\s*cross-domain-policy(?=\s|\>)/i', $json ) ) {
 			$json = preg_replace(
-				'/\<(\s*cross-domain-policy\s*)\>/i', '\\u003C$1\\u003E', $json
+				'/\<(\s*cross-domain-policy(?=\s|\>))/i', '\\u003C$1', $json
 			);
 		}
 
diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php
index 6420a5b5..643379c7 100644
--- a/includes/api/ApiFormatPhp.php
+++ b/includes/api/ApiFormatPhp.php
@@ -65,7 +65,7 @@ class ApiFormatPhp extends ApiFormatBase {
 		// just be broken in a useful manner.
 		if ( $this->getConfig()->get( 'MangleFlashPolicy' ) &&
 			in_array( 'wfOutputHandler', ob_list_handlers(), true ) &&
-			preg_match( '/\<\s*cross-domain-policy\s*\>/i', $text )
+			preg_match( '/\<\s*cross-domain-policy(?=\s|\>)/i', $text )
 		) {
 			$this->dieUsage(
 				'This response cannot be represented using format=php. ' .
diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index d943c86b..1f0aebb6 100644
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -145,6 +145,9 @@ class ApiMain extends ApiBase {
 	private $mCacheControl = array();
 	private $mParamsUsed = array();
 
+	/** @var bool|null Cached return value from self::lacksSameOriginSecurity() */
+	private $lacksSameOriginSecurity = null;
+
 	/**
 	 * Constructs an instance of ApiMain that utilizes the module and format specified by $request.
 	 *
@@ -242,6 +245,36 @@ class ApiMain extends ApiBase {
 		return $this->mResult;
 	}
 
+	/**
+	 * Get the security flag for the current request
+	 * @return bool
+	 */
+	public function lacksSameOriginSecurity() {
+		if ( $this->lacksSameOriginSecurity !== null ) {
+			return $this->lacksSameOriginSecurity;
+		}
+
+		$request = $this->getRequest();
+
+		// JSONP mode
+		if ( $request->getVal( 'callback' ) !== null ) {
+			$this->lacksSameOriginSecurity = true;
+			return true;
+		}
+
+		// Header to be used from XMLHTTPRequest when the request might
+		// otherwise be used for XSS.
+		if ( $request->getHeader( 'Treat-as-Untrusted' ) !== false ) {
+			$this->lacksSameOriginSecurity = true;
+			return true;
+		}
+
+		// Allow extensions to override.
+		$this->lacksSameOriginSecurity = !Hooks::run( 'RequestHasSameOriginSecurity', array( $request ) );
+		return $this->lacksSameOriginSecurity;
+	}
+
+
 	/**
 	 * Get the ApiErrorFormatter object associated with current request
 	 * @return ApiErrorFormatter
@@ -717,6 +750,8 @@ class ApiMain extends ApiBase {
 		$response = $this->getRequest()->response();
 		$out = $this->getOutput();
 
+		$out->addVaryHeader( 'Treat-as-Untrusted' );
+
 		$config = $this->getConfig();
 
 		if ( $config->get( 'VaryOnXFP' ) ) {
diff --git a/includes/api/ApiMove.php b/includes/api/ApiMove.php
index aca43784..dc50594c 100644
--- a/includes/api/ApiMove.php
+++ b/includes/api/ApiMove.php
@@ -72,6 +72,11 @@ class ApiMove extends ApiBase {
 			}
 		}
 
+		// Rate limit
+		if ( $user->pingLimiter( 'move' ) ) {
+			$this->dieUsageMsg( 'actionthrottledtext' );
+		}
+
 		// Move the page
 		$toTitleExists = $toTitle->exists();
 		$status = $this->movePage( $fromTitle, $toTitle, $params['reason'], !$params['noredirect'] );
diff --git a/includes/db/DatabasePostgres.php b/includes/db/DatabasePostgres.php
index 56a5b2cf..d5143689 100644
--- a/includes/db/DatabasePostgres.php
+++ b/includes/db/DatabasePostgres.php
@@ -486,6 +486,9 @@ class DatabasePostgres extends DatabaseBase {
 		if ( function_exists( 'mb_convert_encoding' ) ) {
 			$sql = mb_convert_encoding( $sql, 'UTF-8' );
 		}
+		while ( $res = pg_get_result( $this->mConn ) ) {
+			pg_free_result( $res );
+		}
 		$this->mTransactionState->check();
 		if ( pg_send_query( $this->mConn, $sql ) === false ) {
 			throw new DBUnexpectedError( $this, "Unable to post new query to PostgreSQL\n" );
diff --git a/includes/diff/DairikiDiff.php b/includes/diff/DairikiDiff.php
index d327433f..7bdc6543 100644
--- a/includes/diff/DairikiDiff.php
+++ b/includes/diff/DairikiDiff.php
@@ -296,9 +296,9 @@ class DiffEngine {
 			$this->xchanged = $this->ychanged = array();
 			$this->xv = $this->yv = array();
 			$this->xind = $this->yind = array();
-			unset( $this->seq );
-			unset( $this->in_seq );
-			unset( $this->lcs );
+			$this->seq = array();
+			$this->in_seq = array();
+			$this->lcs = 0;
 
 			// Skip leading common lines.
 			for ( $skip = 0; $skip < $n_from && $skip < $n_to; $skip++ ) {
diff --git a/includes/diff/DifferenceEngine.php b/includes/diff/DifferenceEngine.php
index c138eec2..fa1cd79d 100644
--- a/includes/diff/DifferenceEngine.php
+++ b/includes/diff/DifferenceEngine.php
@@ -511,7 +511,7 @@ class DifferenceEngine extends ContextSource {
 					$this->mMarkPatrolledLink = ' <span class="patrollink">[' . Linker::linkKnown(
 						$this->mNewPage,
 						$this->msg( 'markaspatrolleddiff' )->escaped(),
-						array(),
+						array( 'class' => 'mw-patrollink' ),
 						array(
 							'action' => 'markpatrolled',
 							'rcid' => $rcid,
@@ -823,6 +823,35 @@ class DifferenceEngine extends ContextSource {
 	 * @return bool|string
 	 */
 	public function generateTextDiffBody( $otext, $ntext ) {
+		$self = $this;
+		$diff = function() use ( $self, $otext, $ntext ) {
+			return $self->textDiff( $otext, $ntext );
+		};
+
+		$error = function( $status ) {
+			throw new FatalError( $status->getWikiText() );
+		};
+
+		// Use PoolCounter if the diff looks like it can be expensive
+		if ( strlen( $otext ) + strlen( $ntext ) > 20000 ) {
+			$work = new PoolCounterWorkViaCallback( 'diff',
+				md5( $otext ) . md5( $ntext ),
+				array( 'doWork' => $diff, 'error' => $error )
+			);
+			return $work->execute();
+		}
+
+		return $diff();
+	}
+
+	/**
+	 * Generates diff, to be wrapped internally in a logging/instrumentation
+	 *
+	 * @param string $otext Old text, must be already segmented
+	 * @param string $ntext New text, must be already segmented
+	 * @return bool|string
+	 */
+	public function textDiff( $otext, $ntext ) {
 		global $wgExternalDiffEngine, $wgContLang;
 
 		$otext = str_replace( "\r\n", "\n", $otext );
diff --git a/includes/page/Article.php b/includes/page/Article.php
index 56b9520a..97412dc7 100644
--- a/includes/page/Article.php
+++ b/includes/page/Article.php
@@ -1168,7 +1168,7 @@ class Article implements Page {
 		$link = Linker::linkKnown(
 			$this->getTitle(),
 			wfMessage( 'markaspatrolledtext' )->escaped(),
-			array(),
+			array( 'class' => 'mw-patrollink' ),
 			array(
 				'action' => 'markpatrolled',
 				'rcid' => $rcid,
diff --git a/includes/parser/CoreTagHooks.php b/includes/parser/CoreTagHooks.php
index 9755ea93..3f4f54a3 100644
--- a/includes/parser/CoreTagHooks.php
+++ b/includes/parser/CoreTagHooks.php
@@ -56,9 +56,14 @@ class CoreTagHooks {
 		$content = StringUtils::delimiterReplace( '<nowiki>', '</nowiki>', '$1', $text, 'i' );
 
 		$attribs = Sanitizer::validateTagAttributes( $attribs, 'pre' );
-		return Xml::openElement( 'pre', $attribs ) .
-			Xml::escapeTagsOnly( $content ) .
-			'</pre>';
+		// We need to let both '"' and '&' through,
+		// for strip markers and entities respectively.
+		$content = str_replace(
+			array( '>', '<' ),
+			array( '&gt;', '&lt;' ),
+			$content
+		);
+		return Html::rawElement( 'pre', $attribs, $content );
 	}
 
 	/**
@@ -98,8 +103,17 @@ class CoreTagHooks {
 	 * @return array
 	 */
 	public static function nowiki( $content, $attributes, $parser ) {
-		$content = strtr( $content, array( '-{' => '-&#123;', '}-' => '&#125;-' ) );
-		return array( Xml::escapeTagsOnly( $content ), 'markerType' => 'nowiki' );
+		$content = strtr( $content, array(
+			// lang converter
+			'-{' => '-&#123;',
+			'}-' => '&#125;-',
+			// html tags
+			'<' => '&lt;',
+			'>' => '&gt;'
+			// Note: Both '"' and '&' are not converted.
+			// This allows strip markers and entities through.
+		) );
+		return array( $content, 'markerType' => 'nowiki' );
 	}
 
 	/**
diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php
index c07a08ac..12953167 100644
--- a/includes/parser/Parser.php
+++ b/includes/parser/Parser.php
@@ -129,9 +129,14 @@ class Parser {
 	 *
 	 * Must not consist of all title characters, or else it will change
 	 * the behavior of <nowiki> in a link.
+	 *
+	 * Must have a character that needs escaping in attributes, otherwise
+	 * someone could put a strip marker in an attribute, to get around
+	 * escaping quote marks, and break out of the attribute. Thus we add
+	 * `'".
 	 */
-	const MARKER_SUFFIX = "-QINU\x7f";
-	const MARKER_PREFIX = "\x7fUNIQ-";
+	const MARKER_SUFFIX = "-QINU`\"'\x7f";
+	const MARKER_PREFIX = "\x7f'\"`UNIQ-";
 
 	# Markers used for wrapping the table of contents
 	const TOC_START = '<mw:toc>';
@@ -1862,11 +1867,22 @@ class Parser {
 	 */
 	public function getExternalLinkAttribs( $url = false ) {
 		$attribs = array();
-		$attribs['rel'] = self::getExternalLinkRel( $url, $this->mTitle );
-
-		if ( $this->mOptions->getExternalLinkTarget() ) {
-			$attribs['target'] = $this->mOptions->getExternalLinkTarget();
+		$rel = self::getExternalLinkRel( $url, $this->mTitle );
+
+		$target = $this->mOptions->getExternalLinkTarget();
+		if ( $target ) {
+			$attribs['target'] = $target;
+			if ( !in_array( $target, array( '_self', '_parent', '_top' ) ) ) {
+				// T133507. New windows can navigate parent cross-origin.
+				// Including noreferrer due to lacking browser
+				// support of noopener. Eventually noreferrer should be removed.
+				if ( $rel !== '' ) {
+					$rel .= ' ';
+				}
+				$rel .= 'noreferrer noopener';
+			}
 		}
+		$attribs['rel'] = $rel;
 		return $attribs;
 	}
 
diff --git a/includes/password/MWOldPassword.php b/includes/password/MWOldPassword.php
index afa5cacc..43c13553 100644
--- a/includes/password/MWOldPassword.php
+++ b/includes/password/MWOldPassword.php
@@ -44,5 +44,9 @@ class MWOldPassword extends ParameterizedPassword {
 			$this->args = array();
 			$this->hash = md5( $plaintext );
 		}
+
+		if ( !is_string( $this->hash ) || strlen( $this->hash ) < 32 ) {
+			throw new PasswordError( 'Error when hashing password.' );
+		}
 	}
 }
diff --git a/includes/password/MWSaltedPassword.php b/includes/password/MWSaltedPassword.php
index 6c6895a2..40d2b6a1 100644
--- a/includes/password/MWSaltedPassword.php
+++ b/includes/password/MWSaltedPassword.php
@@ -42,5 +42,9 @@ class MWSaltedPassword extends ParameterizedPassword {
 		}
 
 		$this->hash = md5( $this->args[0] . '-' . md5( $plaintext ) );
+
+		if ( !is_string( $this->hash ) || strlen( $this->hash ) < 32 ) {
+			throw new PasswordError( 'Error when hashing password.' );
+		}
 	}
 }
diff --git a/includes/password/Pbkdf2Password.php b/includes/password/Pbkdf2Password.php
index 080e3b0d..808fd8a6 100644
--- a/includes/password/Pbkdf2Password.php
+++ b/includes/password/Pbkdf2Password.php
@@ -55,8 +55,15 @@ class Pbkdf2Password extends ParameterizedPassword {
 				(int)$this->params['length'],
 				true
 			);
+			if ( !is_string( $hash ) ) {
+				throw new PasswordError( 'Error when hashing password.' );
+			}
 		} else {
-			$hashLen = strlen( hash( $this->params['algo'], '', true ) );
+			$hashLenHash = hash( $this->params['algo'], '', true );
+			if ( !is_string( $hashLenHash ) ) {
+				throw new PasswordError( 'Error when hashing password.' );
+			}
+			$hashLen = strlen( $hashLenHash );
 			$blockCount = ceil( $this->params['length'] / $hashLen );
 
 			$hash = '';
diff --git a/includes/resourceloader/ResourceLoaderFileModule.php b/includes/resourceloader/ResourceLoaderFileModule.php
index 7fbc1cb4..8060f6e1 100644
--- a/includes/resourceloader/ResourceLoaderFileModule.php
+++ b/includes/resourceloader/ResourceLoaderFileModule.php
@@ -279,7 +279,6 @@ class ResourceLoaderFileModule extends ResourceLoaderModule {
 					break;
 				// Single strings
 				case 'position':
-					$this->isPositionDefined = true;
 				case 'group':
 				case 'skipFunction':
 					$this->{$member} = (string)$option;
diff --git a/includes/resourceloader/ResourceLoaderImageModule.php b/includes/resourceloader/ResourceLoaderImageModule.php
index 8de87f2e..e2da28bb 100644
--- a/includes/resourceloader/ResourceLoaderImageModule.php
+++ b/includes/resourceloader/ResourceLoaderImageModule.php
@@ -184,7 +184,6 @@ class ResourceLoaderImageModule extends ResourceLoaderModule {
 					break;
 
 				case 'position':
-					$this->isPositionDefined = true;
 				case 'prefix':
 				case 'selectorWithoutVariant':
 				case 'selectorWithVariant':
@@ -456,9 +455,4 @@ class ResourceLoaderImageModule extends ResourceLoaderModule {
 		$this->loadFromDefinition();
 		return $this->position;
 	}
-
-	public function isPositionDefault() {
-		$this->loadFromDefinition();
-		return parent::isPositionDefault();
-	}
 }
diff --git a/includes/resourceloader/ResourceLoaderModule.php b/includes/resourceloader/ResourceLoaderModule.php
index 1d3ffb55..9b6702aa 100644
--- a/includes/resourceloader/ResourceLoaderModule.php
+++ b/includes/resourceloader/ResourceLoaderModule.php
@@ -67,10 +67,6 @@ abstract class ResourceLoaderModule {
 	// In-object cache for module content
 	protected $contents = array();
 
-	// Whether the position returned by getPosition() is defined in the module configuration
-	// and not a default value
-	protected $isPositionDefined = false;
-
 	/**
 	 * @var Config
 	 */
@@ -291,19 +287,6 @@ abstract class ResourceLoaderModule {
 		return 'bottom';
 	}
 
-	/**
-	 * Whether the position returned by getPosition() is a default value or comes from the module
-	 * definition. This method is meant to be short-lived, and is only useful until classes added
-	 * via addModuleStyles with a default value define an explicit position. See getModuleStyles()
-	 * in OutputPage for the related migration warning.
-	 *
-	 * @return bool
-	 * @since  1.26
-	 */
-	public function isPositionDefault() {
-		return !$this->isPositionDefined;
-	}
-
 	/**
 	 * Whether this module's JS expects to work without the client-side ResourceLoader module.
 	 * Returning true from this function will prevent mw.loader.state() call from being
diff --git a/includes/resourceloader/ResourceLoaderWikiModule.php b/includes/resourceloader/ResourceLoaderWikiModule.php
index 0023de27..693bcee4 100644
--- a/includes/resourceloader/ResourceLoaderWikiModule.php
+++ b/includes/resourceloader/ResourceLoaderWikiModule.php
@@ -72,8 +72,6 @@ class ResourceLoaderWikiModule extends ResourceLoaderModule {
 		foreach ( $options as $member => $option ) {
 			switch ( $member ) {
 				case 'position':
-					$this->isPositionDefined = true;
-					// Don't break since we need the member set as well
 				case 'styles':
 				case 'scripts':
 				case 'group':
diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index 21f1194f..2d6737bd 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -628,7 +628,7 @@ class LoginForm extends SpecialPage {
 				"allowed account creation w/o throttle\n" );
 		} else {
 			if ( ( $wgAccountCreationThrottle && $currentUser->isPingLimitable() ) ) {
-				$key = wfMemcKey( 'acctcreate', 'ip', $ip );
+				$key = wfGlobalCacheKey( 'acctcreate', 'ip', $ip );
 				$value = $wgMemc->get( $key );
 				if ( !$value ) {
 					$wgMemc->set( $key, 0, 86400 );
@@ -862,11 +862,12 @@ class LoginForm extends SpecialPage {
 	 */
 	public static function incLoginThrottle( $username ) {
 		global $wgPasswordAttemptThrottle, $wgMemc, $wgRequest;
-		$username = trim( $username ); // sanity
+		$canUsername = User::getCanonicalName( $username, 'usable' );
+		$username = $canUsername !== false ? $canUsername : $username;
 
 		$throttleCount = 0;
 		if ( is_array( $wgPasswordAttemptThrottle ) ) {
-			$throttleKey = wfMemcKey( 'password-throttle', $wgRequest->getIP(), md5( $username ) );
+			$throttleKey = wfGlobalCacheKey( 'password-throttle', $wgRequest->getIP(), md5( $username ) );
 			$count = $wgPasswordAttemptThrottle['count'];
 			$period = $wgPasswordAttemptThrottle['seconds'];
 
@@ -890,9 +891,10 @@ class LoginForm extends SpecialPage {
 	 */
 	public static function clearLoginThrottle( $username ) {
 		global $wgMemc, $wgRequest;
-		$username = trim( $username ); // sanity
+		$canUsername = User::getCanonicalName( $username, 'usable' );
+		$username = $canUsername !== false ? $canUsername : $username;
 
-		$throttleKey = wfMemcKey( 'password-throttle', $wgRequest->getIP(), md5( $username ) );
+		$throttleKey = wfGlobalCacheKey( 'password-throttle', $wgRequest->getIP(), md5( $username ) );
 		$wgMemc->delete( $throttleKey );
 	}
 
@@ -1608,7 +1610,8 @@ class LoginForm extends SpecialPage {
 		if ( $wgSecureLogin && !$this->mStickHTTPS ) {
 			$wgCookieSecure = false;
 		}
-
+		// Always make sure edit token is regenerated. (T114419)
+		$this->getRequest()->setSessionData( 'wsEditToken', null );
 		wfResetSessionID();
 	}
 
diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index e9e1f658..02192904 100644
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -1399,7 +1399,7 @@ abstract class UploadBase {
 				&& strpos( $value, '#' ) !== 0
 			) {
 				if ( !( $strippedElement === 'a'
-					&& preg_match( '!^https?://!im', $value ) )
+					&& preg_match( '!^https?://!i', $value ) )
 				) {
 					wfDebug( __METHOD__ . ": Found href attribute <$strippedElement "
 						. "'$attrib'='$value' in uploaded file.\n" );
diff --git a/resources/Resources.php b/resources/Resources.php
index 6a22af66..6626f05a 100644
--- a/resources/Resources.php
+++ b/resources/Resources.php
@@ -2031,6 +2031,8 @@ return array(
 		'dependencies' => array(
 			'oojs-ui',
 			'mediawiki.api',
+			'mediawiki.ForeignApi',
+			'mediawiki.Title',
 		),
 		'targets' => array( 'desktop', 'mobile' ),
 	),
diff --git a/resources/src/mediawiki.page/mediawiki.page.patrol.ajax.js b/resources/src/mediawiki.page/mediawiki.page.patrol.ajax.js
index f9b0d356..e0307b72 100644
--- a/resources/src/mediawiki.page/mediawiki.page.patrol.ajax.js
+++ b/resources/src/mediawiki.page/mediawiki.page.patrol.ajax.js
@@ -12,7 +12,7 @@
 		return;
 	}
 	$( function () {
-		var $patrolLinks = $( '.patrollink a' );
+		var $patrolLinks = $( '.patrollink a.mw-patrollink' );
 		$patrolLinks.on( 'click', function ( e ) {
 			var $spinner, href, rcid, apiRequest;
 
diff --git a/tests/browser/README.mediawiki b/tests/browser/README.mediawiki
deleted file mode 100644
index 22657627..00000000
--- a/tests/browser/README.mediawiki
+++ /dev/null
@@ -1,64 +0,0 @@
-Purpose:
-
-The purpose of these tests is to validate that a newly installed (or updated, or hacked, or whatever) mediawiki instance presents to the user a set of expected features, regardless of what language the wiki is in, or where it is installed, or what extensions it might have.
-
-The tests are based on the basic definition of a wiki, a website where anyone
-
-* can read a page
-* can create a page
-* can edit a page
-* can link one page to another page
-
-Install:
-
-Ruby 1.9.3 or higher is required
-Firefox browser is required
-::
- cd /tests/browser
- gem update --system
- gem install bundler
- bundle install
-
-Run the tests:
-
-Edit the environment_variables file with appropriate values for your wiki
-$source environment_variables (example shown in bash shell)
-
-bundle exec cucumber features/
-
-Note that the acceptance tests will create three pages in your wiki entitled "Editing Test Page", "Link Source Test Page", and "Link Target Test Page".  These pages may be deleted at any time.  If you wish to re-run the tests at any time, these test pages will be re-created or reset to their original contents at the time that the tests run.
-
-For more information about running Selenium tests please see
-https://github.com/wikimedia/mediawiki-selenium
-
-Details:
-
-create_account.feature
-* Checks three different ways to arrive on page allowing the user to create an account
-
-create_and_follow_wiki_link.feature:
-* uses the mediawiki API to create a link target page
-* uses the mediawiki API to create a link source page
-* navigates a browser to the link source page
-* clicks the link in that page to the link target page
-* validates that the browser has in fact followed the link to the target page correctly
-
-edit_page.feature:
-* uses the mediawiki API to create an editable page on the wiki
-* navigates a browser to the page
-* clicks the Edit button to invoke the basic editor
-* edits the page with a particular string containing a static part and also a quasi-unique random part
-* saves the edited page
-* checks that the saved page contains the particular string with which the page was edited
-
-main_page.feature:
-* navigates a browser to the default landing page of the wiki
-* checks for the View History link on the landing page
-* checks for the full set of of sidebar links that should exist on every mediawiki wiki
-
-view_history.feature
-* similar to edit_page.feature but checks for an older version of the edited page
-
-Notes:
-
-Tested on beta labs hewiki, dewiki, enwiki, and on a local installation of mediawiki
\ No newline at end of file
diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt
index c8c63f39..67da1f0a 100644
--- a/tests/parser/parserTests.txt
+++ b/tests/parser/parserTests.txt
@@ -2262,6 +2262,15 @@ Entities inside <pre>
 
 !! end
 
+!! test
+<nowiki> inside of #tag:pre
+!! wikitext
+{{#tag:pre|Foo <nowiki>&rarr;bar</nowiki>}}
+!! html
+<pre>Foo &#8594;bar</pre>
+
+!! end
+
 !! test
 <nowiki> and <pre> preference (first one wins)
 !! wikitext
@@ -12863,7 +12872,7 @@ Image with link parameter, wgExternalLinkTarget
 !! config
 wgExternalLinkTarget='foobar'
 !! html
-<p><a href="http://example.com/" target="foobar" rel="nofollow"><img alt="Foobar.jpg" src="http://example.com/images/3/3a/Foobar.jpg" width="1941" height="220" /></a>
+<p><a href="http://example.com/" target="foobar" rel="nofollow noreferrer noopener"><img alt="Foobar.jpg" src="http://example.com/images/3/3a/Foobar.jpg" width="1941" height="220" /></a>
 </p>
 !! end
 
@@ -12896,7 +12905,7 @@ Image with link parameter, wgExternalLinkTarget, unnamed parameter
 !! config
 wgExternalLinkTarget='foobar'
 !! html
-<p><a href="http://example.com/" title="Title" target="foobar" rel="nofollow"><img alt="Title" src="http://example.com/images/3/3a/Foobar.jpg" width="1941" height="220" /></a>
+<p><a href="http://example.com/" title="Title" target="foobar" rel="nofollow noreferrer noopener"><img alt="Title" src="http://example.com/images/3/3a/Foobar.jpg" width="1941" height="220" /></a>
 </p>
 !! end
 
diff --git a/tests/phpunit/includes/api/ApiMainTest.php b/tests/phpunit/includes/api/ApiMainTest.php
index 94b741dc..a2bc7aed 100644
--- a/tests/phpunit/includes/api/ApiMainTest.php
+++ b/tests/phpunit/includes/api/ApiMainTest.php
@@ -248,4 +248,31 @@ class ApiMainTest extends ApiTestCase {
 		);
 	}
 
+	/**
+	 * @covers ApiMain::lacksSameOriginSecurity
+	 */
+	public function testLacksSameOriginSecurity() {
+		// Basic test
+		$main = new ApiMain( new FauxRequest( array( 'action' => 'query', 'meta' => 'siteinfo' ) ) );
+		$this->assertFalse( $main->lacksSameOriginSecurity(), 'Basic test, should have security' );
+
+		// JSONp
+		$main = new ApiMain(
+			new FauxRequest( array( 'action' => 'query', 'format' => 'xml', 'callback' => 'foo'  ) )
+		);
+		$this->assertTrue( $main->lacksSameOriginSecurity(), 'JSONp, should lack security' );
+
+		// Header
+		$request = new FauxRequest( array( 'action' => 'query', 'meta' => 'siteinfo' ) );
+		$request->setHeader( 'TrEaT-As-UnTrUsTeD', '' ); // With falsey value!
+		$main = new ApiMain( $request );
+		$this->assertTrue( $main->lacksSameOriginSecurity(), 'Header supplied, should lack security' );
+
+		// Hook
+		$this->mergeMwGlobalArrayValue( 'wgHooks', array(
+			'RequestHasSameOriginSecurity' => array( function () { return false; } )
+		) );
+		$main = new ApiMain( new FauxRequest( array( 'action' => 'query', 'meta' => 'siteinfo' ) ) );
+		$this->assertTrue( $main->lacksSameOriginSecurity(), 'Hook, should lack security' );
+	}
 }
diff --git a/tests/phpunit/includes/api/format/ApiFormatJsonTest.php b/tests/phpunit/includes/api/format/ApiFormatJsonTest.php
index 3dfcaf0f..8d599b08 100644
--- a/tests/phpunit/includes/api/format/ApiFormatJsonTest.php
+++ b/tests/phpunit/includes/api/format/ApiFormatJsonTest.php
@@ -61,7 +61,7 @@ class ApiFormatJsonTest extends ApiFormatTestBase {
 				array( array( 1 ), '/**/myCallback([1])', array( 'callback' => 'myCallback' ) ),
 
 				// Cross-domain mangling
-				array( array( '< Cross-Domain-Policy >' ), '["\u003C Cross-Domain-Policy \u003E"]' ),
+				array( array( '< Cross-Domain-Policy >' ), '["\u003C Cross-Domain-Policy >"]' ),
 			) ),
 			self::addFormatVersion( 2, array(
 				// Basic types
@@ -102,7 +102,7 @@ class ApiFormatJsonTest extends ApiFormatTestBase {
 				array( array( 1 ), '/**/myCallback([1])', array( 'callback' => 'myCallback' ) ),
 
 				// Cross-domain mangling
-				array( array( '< Cross-Domain-Policy >' ), '["\u003C Cross-Domain-Policy \u003E"]' ),
+				array( array( '< Cross-Domain-Policy >' ), '["\u003C Cross-Domain-Policy >"]' ),
 			) )
 		);
 	}
diff --git a/tests/phpunit/includes/upload/UploadBaseTest.php b/tests/phpunit/includes/upload/UploadBaseTest.php
index 9441b77f..a3f8ae48 100644
--- a/tests/phpunit/includes/upload/UploadBaseTest.php
+++ b/tests/phpunit/includes/upload/UploadBaseTest.php
@@ -374,6 +374,12 @@ class UploadBaseTest extends MediaWikiTestCase {
 				false,
 				'SVG with external entity'
 			),
+			array(
+				"<svg xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\"> <g> <a xlink:href=\"javascript:alert('1&#10;https://google.com')\"> <rect width=\"300\" height=\"100\" style=\"fill:rgb(0,0,255);stroke-width:1;stroke:rgb(0,0,2)\" /> </a> </g> </svg>",
+				true,
+				true,
+				'SVG with javascript <a> link with newline (T122653)'
+			),
 
 			// Test good, but strange files that we want to allow
 			array(
diff --git a/tests/qunit/data/testrunner.js b/tests/qunit/data/testrunner.js
index 01f96252..53bff763 100644
--- a/tests/qunit/data/testrunner.js
+++ b/tests/qunit/data/testrunner.js
@@ -27,8 +27,6 @@
 	// and assuming failure.
 	QUnit.config.testTimeout = 30 * 1000;
 
-	QUnit.config.requireExpects = true;
-
 	// Add a checkbox to QUnit header to toggle MediaWiki ResourceLoader debug mode.
 	QUnit.config.urlConfig.push( {
 		id: 'debug',
-- 
cgit v1.2.3-54-g00ecf


From 788cb78c4c2ab6606c731f45b5d0238ac2080da0 Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Thu, 16 Jun 2016 13:11:10 +0200
Subject: Add AbuseFilter and CheckUser

Requested by Jason

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 .gitmodules            | 6 ++++++
 extensions/AbuseFilter | 1 +
 extensions/CheckUser   | 1 +
 3 files changed, 8 insertions(+)
 create mode 100644 .gitmodules
 create mode 160000 extensions/AbuseFilter
 create mode 160000 extensions/CheckUser

diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 00000000..fc47ad4e
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,6 @@
+[submodule "extensions/CheckUser"]
+	path = extensions/CheckUser
+	url = https://gerrit.wikimedia.org/r/p/mediawiki/extensions/CheckUser.git
+[submodule "extensions/AbuseFilter"]
+	path = extensions/AbuseFilter
+	url = https://github.com/wikimedia/mediawiki-extensions-AbuseFilter.git
diff --git a/extensions/AbuseFilter b/extensions/AbuseFilter
new file mode 160000
index 00000000..063ac925
--- /dev/null
+++ b/extensions/AbuseFilter
@@ -0,0 +1 @@
+Subproject commit 063ac925a80b7a87dbdd21b7acec8177efdac3d7
diff --git a/extensions/CheckUser b/extensions/CheckUser
new file mode 160000
index 00000000..c149e123
--- /dev/null
+++ b/extensions/CheckUser
@@ -0,0 +1 @@
+Subproject commit c149e123ffd2d972b8a31374f502e424fa03ef61
-- 
cgit v1.2.3-54-g00ecf


From bde9bc38aec7f938a9be9b8978f0aa7ea279afd3 Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Mon, 11 Jul 2016 09:30:04 +0200
Subject: Add public LocalSettings.archlinux.org.php config

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 LocalSettings.archlinux.org.php | 209 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 209 insertions(+)
 create mode 100644 LocalSettings.archlinux.org.php

diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php
new file mode 100644
index 00000000..6d021f12
--- /dev/null
+++ b/LocalSettings.archlinux.org.php
@@ -0,0 +1,209 @@
+<?php
+# This file was automatically generated by the MediaWiki 1.19.0
+# installer. If you make manual changes, please keep track in case you
+# need to recreate them later.
+#
+# See includes/DefaultSettings.php for all configurable settings
+# and their default values, but don't forget to make changes in _this_
+# file, not there.
+#
+# Further documentation for configuration settings may be found at:
+# http://www.mediawiki.org/wiki/Manual:Configuration_settings
+
+# Protect against web entry
+if ( !defined( 'MEDIAWIKI' ) ) {
+	exit;
+}
+
+## Uncomment this to disable output compression
+# $wgDisableOutputCompression = true;
+
+$wgSitename      = "ArchWiki";
+
+## The URL base path to the directory containing the wiki;
+## defaults for all runtime URL paths are based off of this.
+## For more information on customizing the URLs please see:
+## http://www.mediawiki.org/wiki/Manual:Short_URL
+$wgScriptPath	    = "";
+# $wgArticlePath      = "$wgScript/$1";
+$wgUsePathInfo = true;
+$wgScriptExtension  = ".php";
+
+## The protocol and server name to use in fully-qualified URLs
+$wgServer           = "https://wiki.archlinux.org";
+
+## The relative URL path to the skins directory
+$wgStylePath        = "$wgScriptPath/skins";
+
+## The relative URL path to the logo.  Make sure you change this from the default,
+## or else you'll overwrite your logo when you upgrade!
+$wgLogo             = "$wgStylePath/archlinux/archlogo.png";
+
+## UPO means: this is also a user preference option
+
+$wgEnableEmail      = true;
+$wgEnableUserEmail  = true; # UPO
+
+$wgEmergencyContact = "webmaster@archlinux.org";
+$wgPasswordSender   = "webmaster@archlinux.org";
+
+$wgEnotifUserTalk      = true; # UPO
+$wgEnotifWatchlist     = true; # UPO
+$wgEmailAuthentication = true;
+
+## Database settings
+$wgDBtype           = "mysql";
+$wgDBserver         = "localhost";
+
+# MySQL specific settings
+$wgDBprefix         = "";
+
+# MySQL table options to use during installation or update
+$wgDBTableOptions   = "ENGINE=InnoDB, DEFAULT CHARSET=binary";
+
+# Experimental charset support for MySQL 5.0.
+$wgDBmysql5 = false;
+
+## Shared memory settings
+$wgMainCacheType    = CACHE_ACCEL;
+$wgMemCachedServers = array();
+
+## To enable image uploads, make sure the 'images' directory
+## is writable, then set this to true:
+$wgEnableUploads  = true;
+#$wgUseImageMagick = true;
+#$wgImageMagickConvertCommand = "/usr/bin/convert";
+
+# InstantCommons allows wiki to use images from http://commons.wikimedia.org
+$wgUseInstantCommons  = false;
+
+## If you use ImageMagick (or any other shell command) on a
+## Linux server, this will need to be set to the name of an
+## available UTF-8 locale
+$wgShellLocale = "en_US.utf8";
+
+## If you want to use image uploads under safe mode,
+## create the directories images/archive, images/thumb and
+## images/temp, and make them all writable. Then uncomment
+## this, if it's not already uncommented:
+#$wgHashedUploadDirectory = false;
+
+## Set $wgCacheDirectory to a writable directory on the web server
+## to make your wiki go slightly faster. The directory should not
+## be publically accessible from the web.
+$wgCacheDirectory = "$IP/../cache/data";
+$wgShowIPinHeader = false;
+$wgDisableCounters = true;
+$wgEnableSidebarCache = true;
+$wgUseFileCache = true;
+$wgFileCacheDirectory = "$IP/../cache/html";
+$wgUseGzip = true;
+$wgUseETag = true;
+
+# Site language code, should be one of the list in ./languages/Names.php
+$wgLanguageCode = "en";
+
+## Default skin: you can change the default skin. Use the internal symbolic
+## names, ie 'standard', 'nostalgia', 'cologneblue', 'monobook', 'vector':
+//require_once "$IP/skins/ArchLinux/ArchLinux.php";
+wfLoadSkin( 'ArchLinux' );
+$wgDefaultSkin = 'archlinux';
+$wgDefaultUserOptions['skin'] = 'archlinux';
+$wgArchHome = 'https://www.archlinux.org/';
+$wgArchNavBar = array(
+			'Home' => 'https://www.archlinux.org/',
+			'Packages' => 'https://www.archlinux.org/packages/',
+			'Forums' => 'https://bbs.archlinux.org/',
+			'Wiki' => 'https://wiki.archlinux.org/',
+			'Bugs' => 'https://bugs.archlinux.org/',
+			'AUR' => 'https://aur.archlinux.org/',
+			'Download' => 'https://www.archlinux.org/download/'
+		);
+$wgArchNavBarSelectedDefault = 'Wiki';
+$wgFooterIcons = array();
+
+$wgLocaltimezone = 'UTC';
+
+## For attaching licensing metadata to pages, and displaying an
+## appropriate copyright notice / icon. GNU Free Documentation
+## License and Creative Commons licenses are supported so far.
+$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
+$wgRightsUrl  = "http://www.gnu.org/copyleft/fdl.html";
+$wgRightsText = "GNU Free Documentation License 1.3 or later";
+$wgRightsIcon = "{$wgStylePath}/common/images/gnu-fdl.png";
+
+# Query string length limit for ResourceLoader. You should only set this if
+# your web server has a query string length limit (then set it to that limit),
+# or if you have suhosin.get.max_value_length set in php.ini (then set it to
+# that value)
+$wgResourceLoaderMaxQueryLength = -1;
+
+# The following permissions were set based on your choice in the installer
+$wgEmailConfirmToEdit = true;
+$wgAllowUserCssPrefs = false;
+$wgDisableAnonTalk = true;
+$wgGroupPermissions['*']['edit'] = false;
+$wgGroupPermissions['sysop']['deleterevision']  = true;
+$wgGroupPermissions['user']['upload']          = false;
+$wgGroupPermissions['user']['reupload']        = false;
+$wgGroupPermissions['user']['reupload-shared'] = false;
+$wgGroupPermissions['autoconfirmed']['upload'] = false;
+$wgGroupPermissions['maintainer']['autopatrol'] = true;
+$wgGroupPermissions['maintainer']['patrol'] = true;
+$wgGroupPermissions['maintainer']['noratelimit'] = true;
+$wgGroupPermissions['maintainer']['suppressredirect'] = true;
+$wgGroupPermissions['maintainer']['rollback'] = true;
+$wgGroupPermissions['maintainer']['browsearchive'] = true;
+$wgGroupPermissions['maintainer']['apihighlimits'] = true;
+$wgGroupPermissions['maintainer']['unwatchedpages'] = true;
+$wgGroupPermissions['maintainer']['deletedhistory'] = true;
+$wgGroupPermissions['maintainer']['deletedtext'] = true;
+
+# disable user account creation via API
+$wgAPIModules['createaccount'] = 'ApiDisabled';
+# remove 'writeapi' right from users
+$wgGroupPermissions['*']['writeapi'] = false;
+$wgGroupPermissions['user']['writeapi'] = false;
+# add 'writeapi' to autoconfirmed users, maintainers and admins
+$wgGroupPermissions['autoconfirmed']['writeapi'] = true;
+$wgGroupPermissions['maintainer']['writeapi'] = true;
+$wgGroupPermissions['sysop']['writeapi'] = true;
+# stricter conditions for 'autoconfirmed' promotion
+$wgAutoConfirmAge = 86400*3; // three days
+# require at least 20 normal edits before granting the 'writeapi' right
+$wgAutoConfirmCount = 20;
+
+# Enabled Extensions. Most extensions are enabled by including the base extension file here
+# but check specific extension documentation for more details
+# The following extensions were automatically enabled:
+
+# $wgShowSQLErrors = true;
+# $wgReadOnly = 'Database migration in progress. We`ll be back in a few minutes.';
+
+$wgGitRepositoryViewers['.+projects\.archlinux\.org/vhosts/wiki\.archlinux\.org\.git(.*)'] = 'https://projects.archlinux.org/vhosts/wiki.archlinux.org.git/commit/?id=%H';
+
+$wgJobRunRate = 0;
+
+require_once( "$IP/extensions/Nuke/Nuke.php" );
+
+wfLoadExtension( 'CheckUser' );
+require_once "$IP/extensions/AbuseFilter/AbuseFilter.php";
+
+# AbuseFilter extension
+$wgGroupPermissions['sysop']['abusefilter-modify'] = true;
+$wgGroupPermissions['*']['abusefilter-log-detail'] = true;
+$wgGroupPermissions['*']['abusefilter-view'] = true;
+$wgGroupPermissions['*']['abusefilter-log'] = true;
+$wgGroupPermissions['sysop']['abusefilter-private'] = true;
+$wgGroupPermissions['sysop']['abusefilter-modify-restricted'] = true;
+$wgGroupPermissions['sysop']['abusefilter-revert'] = true;
+
+# CheckUser extension
+$wgGroupPermissions['sysop']['checkuser'] = true;
+$wgGroupPermissions['sysop']['checkuser-log'] = true;
+
+
+# temporary disable registration; reverted 2016-6-26 bluewind
+#$wgGroupPermissions['*']['createaccount'] = false;
+
+$wgUserEmailUseReplyTo = true;
-- 
cgit v1.2.3-54-g00ecf


From b62fd6a871dcdd00c642c3cad4a167c24e6e2c33 Mon Sep 17 00:00:00 2001
From: Jakub Klinkovský <j.l.k@gmx.com>
Date: Thu, 14 Jul 2016 10:35:38 +0200
Subject: Use specific release of AbuseFilter and CheckUser extensions

---
 .gitmodules            | 2 ++
 extensions/AbuseFilter | 2 +-
 extensions/CheckUser   | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/.gitmodules b/.gitmodules
index fc47ad4e..d4d6a6c5 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,6 +1,8 @@
 [submodule "extensions/CheckUser"]
 	path = extensions/CheckUser
 	url = https://gerrit.wikimedia.org/r/p/mediawiki/extensions/CheckUser.git
+	branch = REL1_26
 [submodule "extensions/AbuseFilter"]
 	path = extensions/AbuseFilter
 	url = https://github.com/wikimedia/mediawiki-extensions-AbuseFilter.git
+	branch = REL1_26
diff --git a/extensions/AbuseFilter b/extensions/AbuseFilter
index 063ac925..e4e82228 160000
--- a/extensions/AbuseFilter
+++ b/extensions/AbuseFilter
@@ -1 +1 @@
-Subproject commit 063ac925a80b7a87dbdd21b7acec8177efdac3d7
+Subproject commit e4e82228a8af22fc423b282de36a970412e94a9f
diff --git a/extensions/CheckUser b/extensions/CheckUser
index c149e123..710d3020 160000
--- a/extensions/CheckUser
+++ b/extensions/CheckUser
@@ -1 +1 @@
-Subproject commit c149e123ffd2d972b8a31374f502e424fa03ef61
+Subproject commit 710d30200318f1e8ec579bf0d07b07acbb105b5f
-- 
cgit v1.2.3-54-g00ecf


From 862da92c7a3b6479fc4daa4bf3b8944aa6735d8b Mon Sep 17 00:00:00 2001
From: Jakub Klinkovský <j.l.k@gmx.com>
Date: Thu, 14 Jul 2016 13:10:13 +0200
Subject: LocalSettings: move general settings to the top

---
 LocalSettings.archlinux.org.php | 62 ++++++++++++++++++++++-------------------
 1 file changed, 34 insertions(+), 28 deletions(-)

diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php
index 6d021f12..89f8ca92 100644
--- a/LocalSettings.archlinux.org.php
+++ b/LocalSettings.archlinux.org.php
@@ -15,11 +15,20 @@ if ( !defined( 'MEDIAWIKI' ) ) {
 	exit;
 }
 
-## Uncomment this to disable output compression
-# $wgDisableOutputCompression = true;
+##
+## General settings
+##
 
 $wgSitename      = "ArchWiki";
 
+## The protocol and server name to use in fully-qualified URLs
+$wgServer           = "https://wiki.archlinux.org";
+
+$wgLocaltimezone = 'UTC';
+
+# Site language code, should be one of the list in ./languages/Names.php
+$wgLanguageCode = "en";
+
 ## The URL base path to the directory containing the wiki;
 ## defaults for all runtime URL paths are based off of this.
 ## For more information on customizing the URLs please see:
@@ -29,9 +38,6 @@ $wgScriptPath	    = "";
 $wgUsePathInfo = true;
 $wgScriptExtension  = ".php";
 
-## The protocol and server name to use in fully-qualified URLs
-$wgServer           = "https://wiki.archlinux.org";
-
 ## The relative URL path to the skins directory
 $wgStylePath        = "$wgScriptPath/skins";
 
@@ -39,6 +45,29 @@ $wgStylePath        = "$wgScriptPath/skins";
 ## or else you'll overwrite your logo when you upgrade!
 $wgLogo             = "$wgStylePath/archlinux/archlogo.png";
 
+## For attaching licensing metadata to pages, and displaying an
+## appropriate copyright notice / icon. GNU Free Documentation
+## License and Creative Commons licenses are supported so far.
+$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
+$wgRightsUrl  = "http://www.gnu.org/copyleft/fdl.html";
+$wgRightsText = "GNU Free Documentation License 1.3 or later";
+$wgRightsIcon = "{$wgStylePath}/common/images/gnu-fdl.png";
+
+# Query string length limit for ResourceLoader. You should only set this if
+# your web server has a query string length limit (then set it to that limit),
+# or if you have suhosin.get.max_value_length set in php.ini (then set it to
+# that value)
+# TODO: -1 is the default
+$wgResourceLoaderMaxQueryLength = -1;
+
+$wgGitRepositoryViewers['.+projects\.archlinux\.org/vhosts/wiki\.archlinux\.org\.git(.*)'] = 'https://projects.archlinux.org/vhosts/wiki.archlinux.org.git/commit/?id=%H';
+
+$wgJobRunRate = 0;
+
+
+## Uncomment this to disable output compression
+# $wgDisableOutputCompression = true;
+
 ## UPO means: this is also a user preference option
 
 $wgEnableEmail      = true;
@@ -100,9 +129,6 @@ $wgFileCacheDirectory = "$IP/../cache/html";
 $wgUseGzip = true;
 $wgUseETag = true;
 
-# Site language code, should be one of the list in ./languages/Names.php
-$wgLanguageCode = "en";
-
 ## Default skin: you can change the default skin. Use the internal symbolic
 ## names, ie 'standard', 'nostalgia', 'cologneblue', 'monobook', 'vector':
 //require_once "$IP/skins/ArchLinux/ArchLinux.php";
@@ -122,22 +148,6 @@ $wgArchNavBar = array(
 $wgArchNavBarSelectedDefault = 'Wiki';
 $wgFooterIcons = array();
 
-$wgLocaltimezone = 'UTC';
-
-## For attaching licensing metadata to pages, and displaying an
-## appropriate copyright notice / icon. GNU Free Documentation
-## License and Creative Commons licenses are supported so far.
-$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
-$wgRightsUrl  = "http://www.gnu.org/copyleft/fdl.html";
-$wgRightsText = "GNU Free Documentation License 1.3 or later";
-$wgRightsIcon = "{$wgStylePath}/common/images/gnu-fdl.png";
-
-# Query string length limit for ResourceLoader. You should only set this if
-# your web server has a query string length limit (then set it to that limit),
-# or if you have suhosin.get.max_value_length set in php.ini (then set it to
-# that value)
-$wgResourceLoaderMaxQueryLength = -1;
-
 # The following permissions were set based on your choice in the installer
 $wgEmailConfirmToEdit = true;
 $wgAllowUserCssPrefs = false;
@@ -180,10 +190,6 @@ $wgAutoConfirmCount = 20;
 # $wgShowSQLErrors = true;
 # $wgReadOnly = 'Database migration in progress. We`ll be back in a few minutes.';
 
-$wgGitRepositoryViewers['.+projects\.archlinux\.org/vhosts/wiki\.archlinux\.org\.git(.*)'] = 'https://projects.archlinux.org/vhosts/wiki.archlinux.org.git/commit/?id=%H';
-
-$wgJobRunRate = 0;
-
 require_once( "$IP/extensions/Nuke/Nuke.php" );
 
 wfLoadExtension( 'CheckUser' );
-- 
cgit v1.2.3-54-g00ecf


From d3defaa19b976e7811e95edb5ac5c78f9ef9fa40 Mon Sep 17 00:00:00 2001
From: Jakub Klinkovský <j.l.k@gmx.com>
Date: Thu, 14 Jul 2016 13:11:44 +0200
Subject: LocalSettings: move database settings

---
 LocalSettings.archlinux.org.php | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php
index 89f8ca92..0129df54 100644
--- a/LocalSettings.archlinux.org.php
+++ b/LocalSettings.archlinux.org.php
@@ -65,6 +65,23 @@ $wgGitRepositoryViewers['.+projects\.archlinux\.org/vhosts/wiki\.archlinux\.org\
 $wgJobRunRate = 0;
 
 
+##
+## Database settings
+##
+
+$wgDBtype           = "mysql";
+$wgDBserver         = "localhost";
+
+# MySQL specific settings
+$wgDBprefix         = "";
+
+# MySQL table options to use during installation or update
+$wgDBTableOptions   = "ENGINE=InnoDB, DEFAULT CHARSET=binary";
+
+# Experimental charset support for MySQL 5.0.
+$wgDBmysql5 = false;
+
+
 ## Uncomment this to disable output compression
 # $wgDisableOutputCompression = true;
 
@@ -80,19 +97,6 @@ $wgEnotifUserTalk      = true; # UPO
 $wgEnotifWatchlist     = true; # UPO
 $wgEmailAuthentication = true;
 
-## Database settings
-$wgDBtype           = "mysql";
-$wgDBserver         = "localhost";
-
-# MySQL specific settings
-$wgDBprefix         = "";
-
-# MySQL table options to use during installation or update
-$wgDBTableOptions   = "ENGINE=InnoDB, DEFAULT CHARSET=binary";
-
-# Experimental charset support for MySQL 5.0.
-$wgDBmysql5 = false;
-
 ## Shared memory settings
 $wgMainCacheType    = CACHE_ACCEL;
 $wgMemCachedServers = array();
-- 
cgit v1.2.3-54-g00ecf


From d69ef76ef7d1775f2b208e2930288feec0220401 Mon Sep 17 00:00:00 2001
From: Jakub Klinkovský <j.l.k@gmx.com>
Date: Thu, 14 Jul 2016 13:21:46 +0200
Subject: LocalSettings: move email settings

---
 LocalSettings.archlinux.org.php | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php
index 0129df54..de52ad26 100644
--- a/LocalSettings.archlinux.org.php
+++ b/LocalSettings.archlinux.org.php
@@ -82,8 +82,9 @@ $wgDBTableOptions   = "ENGINE=InnoDB, DEFAULT CHARSET=binary";
 $wgDBmysql5 = false;
 
 
-## Uncomment this to disable output compression
-# $wgDisableOutputCompression = true;
+##
+## Email settings
+##
 
 ## UPO means: this is also a user preference option
 
@@ -97,6 +98,13 @@ $wgEnotifUserTalk      = true; # UPO
 $wgEnotifWatchlist     = true; # UPO
 $wgEmailAuthentication = true;
 
+# avoid bouncing of user-to-user emails (FS#26737)
+$wgUserEmailUseReplyTo = true;
+
+
+## Uncomment this to disable output compression
+# $wgDisableOutputCompression = true;
+
 ## Shared memory settings
 $wgMainCacheType    = CACHE_ACCEL;
 $wgMemCachedServers = array();
@@ -215,5 +223,3 @@ $wgGroupPermissions['sysop']['checkuser-log'] = true;
 
 # temporary disable registration; reverted 2016-6-26 bluewind
 #$wgGroupPermissions['*']['createaccount'] = false;
-
-$wgUserEmailUseReplyTo = true;
-- 
cgit v1.2.3-54-g00ecf


From c13e67c0a0ab99ed0952824b69850c3efed2a9dc Mon Sep 17 00:00:00 2001
From: Jakub Klinkovský <j.l.k@gmx.com>
Date: Thu, 14 Jul 2016 13:24:19 +0200
Subject: LocalSettings: move cache settings

---
 LocalSettings.archlinux.org.php | 33 +++++++++++++++++++--------------
 1 file changed, 19 insertions(+), 14 deletions(-)

diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php
index de52ad26..5cafa9cd 100644
--- a/LocalSettings.archlinux.org.php
+++ b/LocalSettings.archlinux.org.php
@@ -102,13 +102,30 @@ $wgEmailAuthentication = true;
 $wgUserEmailUseReplyTo = true;
 
 
-## Uncomment this to disable output compression
-# $wgDisableOutputCompression = true;
+##
+## Cache settings
+##
 
 ## Shared memory settings
 $wgMainCacheType    = CACHE_ACCEL;
 $wgMemCachedServers = array();
 
+## Set $wgCacheDirectory to a writable directory on the web server
+## to make your wiki go slightly faster. The directory should not
+## be publically accessible from the web.
+$wgCacheDirectory = "$IP/../cache/data";
+$wgShowIPinHeader = false;
+$wgDisableCounters = true;
+$wgEnableSidebarCache = true;
+$wgUseFileCache = true;
+$wgFileCacheDirectory = "$IP/../cache/html";
+$wgUseGzip = true;
+$wgUseETag = true;
+
+## Uncomment this to disable output compression
+# $wgDisableOutputCompression = true;
+
+
 ## To enable image uploads, make sure the 'images' directory
 ## is writable, then set this to true:
 $wgEnableUploads  = true;
@@ -129,18 +146,6 @@ $wgShellLocale = "en_US.utf8";
 ## this, if it's not already uncommented:
 #$wgHashedUploadDirectory = false;
 
-## Set $wgCacheDirectory to a writable directory on the web server
-## to make your wiki go slightly faster. The directory should not
-## be publically accessible from the web.
-$wgCacheDirectory = "$IP/../cache/data";
-$wgShowIPinHeader = false;
-$wgDisableCounters = true;
-$wgEnableSidebarCache = true;
-$wgUseFileCache = true;
-$wgFileCacheDirectory = "$IP/../cache/html";
-$wgUseGzip = true;
-$wgUseETag = true;
-
 ## Default skin: you can change the default skin. Use the internal symbolic
 ## names, ie 'standard', 'nostalgia', 'cologneblue', 'monobook', 'vector':
 //require_once "$IP/skins/ArchLinux/ArchLinux.php";
-- 
cgit v1.2.3-54-g00ecf


From 9a884e1ade06b8b116967c86a03aaf195871cb61 Mon Sep 17 00:00:00 2001
From: Jakub Klinkovský <j.l.k@gmx.com>
Date: Thu, 14 Jul 2016 13:28:54 +0200
Subject: LocalSettings: add remaining section comments

---
 LocalSettings.archlinux.org.php | 35 ++++++++++++++++++++++++++---------
 1 file changed, 26 insertions(+), 9 deletions(-)

diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php
index 5cafa9cd..31f0d0aa 100644
--- a/LocalSettings.archlinux.org.php
+++ b/LocalSettings.archlinux.org.php
@@ -126,6 +126,10 @@ $wgUseETag = true;
 # $wgDisableOutputCompression = true;
 
 
+##
+## Media settings
+##
+
 ## To enable image uploads, make sure the 'images' directory
 ## is writable, then set this to true:
 $wgEnableUploads  = true;
@@ -146,6 +150,11 @@ $wgShellLocale = "en_US.utf8";
 ## this, if it's not already uncommented:
 #$wgHashedUploadDirectory = false;
 
+
+##
+## Skin settings
+##
+
 ## Default skin: you can change the default skin. Use the internal symbolic
 ## names, ie 'standard', 'nostalgia', 'cologneblue', 'monobook', 'vector':
 //require_once "$IP/skins/ArchLinux/ArchLinux.php";
@@ -165,7 +174,11 @@ $wgArchNavBar = array(
 $wgArchNavBarSelectedDefault = 'Wiki';
 $wgFooterIcons = array();
 
-# The following permissions were set based on your choice in the installer
+
+##
+## Access control settings
+##
+
 $wgEmailConfirmToEdit = true;
 $wgAllowUserCssPrefs = false;
 $wgDisableAnonTalk = true;
@@ -200,19 +213,15 @@ $wgAutoConfirmAge = 86400*3; // three days
 # require at least 20 normal edits before granting the 'writeapi' right
 $wgAutoConfirmCount = 20;
 
-# Enabled Extensions. Most extensions are enabled by including the base extension file here
-# but check specific extension documentation for more details
-# The following extensions were automatically enabled:
 
-# $wgShowSQLErrors = true;
-# $wgReadOnly = 'Database migration in progress. We`ll be back in a few minutes.';
+##
+## Additional extensions
+##
 
 require_once( "$IP/extensions/Nuke/Nuke.php" );
 
-wfLoadExtension( 'CheckUser' );
-require_once "$IP/extensions/AbuseFilter/AbuseFilter.php";
-
 # AbuseFilter extension
+require_once "$IP/extensions/AbuseFilter/AbuseFilter.php";
 $wgGroupPermissions['sysop']['abusefilter-modify'] = true;
 $wgGroupPermissions['*']['abusefilter-log-detail'] = true;
 $wgGroupPermissions['*']['abusefilter-view'] = true;
@@ -222,9 +231,17 @@ $wgGroupPermissions['sysop']['abusefilter-modify-restricted'] = true;
 $wgGroupPermissions['sysop']['abusefilter-revert'] = true;
 
 # CheckUser extension
+wfLoadExtension( 'CheckUser' );
 $wgGroupPermissions['sysop']['checkuser'] = true;
 $wgGroupPermissions['sysop']['checkuser-log'] = true;
 
 
+##
+## Temporary settings for maintenance
+##
+
 # temporary disable registration; reverted 2016-6-26 bluewind
 #$wgGroupPermissions['*']['createaccount'] = false;
+
+# $wgShowSQLErrors = true;
+# $wgReadOnly = 'Database migration in progress. We`ll be back in a few minutes.';
-- 
cgit v1.2.3-54-g00ecf


From 2a42cb76964d1cc806c3e2bf10c7a7665db1f800 Mon Sep 17 00:00:00 2001
From: Jakub Klinkovský <j.l.k@gmx.com>
Date: Thu, 14 Jul 2016 13:48:27 +0200
Subject: LocalSettings: update path to license icon

The path was changed in MediaWiki 1.24, see
https://www.mediawiki.org/wiki/Manual:$wgRightsIcon
---
 LocalSettings.archlinux.org.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php
index 31f0d0aa..165f2bb1 100644
--- a/LocalSettings.archlinux.org.php
+++ b/LocalSettings.archlinux.org.php
@@ -51,7 +51,7 @@ $wgLogo             = "$wgStylePath/archlinux/archlogo.png";
 $wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
 $wgRightsUrl  = "http://www.gnu.org/copyleft/fdl.html";
 $wgRightsText = "GNU Free Documentation License 1.3 or later";
-$wgRightsIcon = "{$wgStylePath}/common/images/gnu-fdl.png";
+$wgRightsIcon = "$wgScriptPath/resources/assets/licenses/gnu-fdl.png";
 
 # Query string length limit for ResourceLoader. You should only set this if
 # your web server has a query string length limit (then set it to that limit),
-- 
cgit v1.2.3-54-g00ecf


From 44eaa7c4ad62cf6e1228bb7b845716edc98c7431 Mon Sep 17 00:00:00 2001
From: Dario Giovannetti <dariogiova@gmail.com>
Date: Thu, 14 Jul 2016 23:06:45 +0800
Subject: Remind LocalSettings.php variables

---
 LocalSettings.archlinux.org.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php
index 165f2bb1..f889ecc5 100644
--- a/LocalSettings.archlinux.org.php
+++ b/LocalSettings.archlinux.org.php
@@ -15,6 +15,20 @@ if ( !defined( 'MEDIAWIKI' ) ) {
 	exit;
 }
 
+##
+## LocalSettings.php
+##
+
+#$wgDBname     = "XXX";
+#$wgDBuser     = "XXX";
+#$wgDBpassword = "XXX";
+#$wgSecretKey  = "XXX";
+#$wgUpgradeKey = "XXX";
+#require_once( "$IP/extensions/FunnyQuestion/FunnyQuestion.php" );
+#$wgFunnyQuestionHash = "XXX";
+#$wgFunnyQuestions = array();
+
+
 ##
 ## General settings
 ##
-- 
cgit v1.2.3-54-g00ecf


From 06f04a2df473a712b61015db19c4f2da0c9808c3 Mon Sep 17 00:00:00 2001
From: Jakub Klinkovský <j.l.k@gmx.com>
Date: Sat, 16 Jul 2016 13:16:37 +0200
Subject: LocalSettings: remove $wgDisableCounters

The feature was completely removed in MediaWiki 1.25.0, see
https://www.mediawiki.org/wiki/Manual:$wgDisableCounters
---
 LocalSettings.archlinux.org.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php
index f889ecc5..57594b08 100644
--- a/LocalSettings.archlinux.org.php
+++ b/LocalSettings.archlinux.org.php
@@ -129,7 +129,6 @@ $wgMemCachedServers = array();
 ## be publically accessible from the web.
 $wgCacheDirectory = "$IP/../cache/data";
 $wgShowIPinHeader = false;
-$wgDisableCounters = true;
 $wgEnableSidebarCache = true;
 $wgUseFileCache = true;
 $wgFileCacheDirectory = "$IP/../cache/html";
-- 
cgit v1.2.3-54-g00ecf


From 5c93cc0eed19ee88427274e124e3a2aeb3b55eb6 Mon Sep 17 00:00:00 2001
From: Jakub Klinkovský <j.l.k@gmx.com>
Date: Sat, 16 Jul 2016 13:33:30 +0200
Subject: LocalSettings: move $wgAllowUserCssPrefs to relevant section

---
 LocalSettings.archlinux.org.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php
index 57594b08..7cab6ac7 100644
--- a/LocalSettings.archlinux.org.php
+++ b/LocalSettings.archlinux.org.php
@@ -117,7 +117,7 @@ $wgUserEmailUseReplyTo = true;
 
 
 ##
-## Cache settings
+## Cache and performance settings
 ##
 
 ## Shared memory settings
@@ -135,6 +135,10 @@ $wgFileCacheDirectory = "$IP/../cache/html";
 $wgUseGzip = true;
 $wgUseETag = true;
 
+# CSS-based preferences supposedly cause about 20 times slower page loads
+# https://phabricator.wikimedia.org/rSVN63707
+$wgAllowUserCssPrefs = false;
+
 ## Uncomment this to disable output compression
 # $wgDisableOutputCompression = true;
 
@@ -193,7 +197,6 @@ $wgFooterIcons = array();
 ##
 
 $wgEmailConfirmToEdit = true;
-$wgAllowUserCssPrefs = false;
 $wgDisableAnonTalk = true;
 $wgGroupPermissions['*']['edit'] = false;
 $wgGroupPermissions['sysop']['deleterevision']  = true;
-- 
cgit v1.2.3-54-g00ecf


From c20bddf2d35e5d9185262a46fda7ca91a4eade0c Mon Sep 17 00:00:00 2001
From: Jakub Klinkovský <j.l.k@gmx.com>
Date: Wed, 20 Jul 2016 09:39:07 +0200
Subject: LocalSettings: Enable subpages in the main namespace

The default value for the main namespace is `false`, because Wikipedia
does not use subpages for categorization anymore. That is not the case
on ArchWiki, so there is no reason why the main namespace should behave
differently. The most visible changes are relative links using the
normal double square brackets notation and automatic breadcrumb links
appearing at the top of the subpage, linking to each parent page that
exists.

See [1] for discussion and [2] for upstream documentation of this
setting. Also see the related FS#39668 [3], which will be solved by this
patch.

[1] https://wiki.archlinux.org/index.php/Help_talk:Style#Slashes_in_titles
[2] https://www.mediawiki.org/wiki/Manual:$wgNamespacesWithSubpages
[3] https://bugs.archlinux.org/task/39668
---
 LocalSettings.archlinux.org.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php
index 7cab6ac7..e5249dc9 100644
--- a/LocalSettings.archlinux.org.php
+++ b/LocalSettings.archlinux.org.php
@@ -78,6 +78,9 @@ $wgGitRepositoryViewers['.+projects\.archlinux\.org/vhosts/wiki\.archlinux\.org\
 
 $wgJobRunRate = 0;
 
+# Enable subpages in the main namespace (FS#39668)
+$wgNamespacesWithSubpages[NS_MAIN] = true;
+
 
 ##
 ## Database settings
-- 
cgit v1.2.3-54-g00ecf


From 4bdf6e63e50da874ac4db65096d6d3af7f50aa64 Mon Sep 17 00:00:00 2001
From: Jakub Klinkovský <j.l.k@gmx.com>
Date: Wed, 20 Jul 2016 10:27:19 +0200
Subject: LocalSettings: Hide "minordefault" and "forceeditsummary" user
 options

There is little wrong in letting the users configure these settings, but
setting "Mark all edits as minor by default" to true or "Prompt me when
entering a blank edit summary" to false has bad impact on the quality of
the wiki edits, because such users tend to ignore the fundamental rules
[1] and there is nothing to remind it to them. Disabling these user
preferences and forcing the default values according to this patch will
decrease the effort of the Maintenance Team spent on guiding the editors
and also generally increase the quality of user contributions.

This will solve FS#46190 [2].

[1] https://wiki.archlinux.org/index.php/ArchWiki:Contributing#The_3_fundamental_rules
[2] https://bugs.archlinux.org/task/46190
---
 LocalSettings.archlinux.org.php | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php
index e5249dc9..0d5d0d2c 100644
--- a/LocalSettings.archlinux.org.php
+++ b/LocalSettings.archlinux.org.php
@@ -199,14 +199,21 @@ $wgFooterIcons = array();
 ## Access control settings
 ##
 
+# disable anonymous editing
 $wgEmailConfirmToEdit = true;
 $wgDisableAnonTalk = true;
 $wgGroupPermissions['*']['edit'] = false;
+
+# extra rights for admins
 $wgGroupPermissions['sysop']['deleterevision']  = true;
+
+# disable uploads by normal users
 $wgGroupPermissions['user']['upload']          = false;
 $wgGroupPermissions['user']['reupload']        = false;
 $wgGroupPermissions['user']['reupload-shared'] = false;
 $wgGroupPermissions['autoconfirmed']['upload'] = false;
+
+# maintainers' rights
 $wgGroupPermissions['maintainer']['autopatrol'] = true;
 $wgGroupPermissions['maintainer']['patrol'] = true;
 $wgGroupPermissions['maintainer']['noratelimit'] = true;
@@ -232,6 +239,16 @@ $wgAutoConfirmAge = 86400*3; // three days
 # require at least 20 normal edits before granting the 'writeapi' right
 $wgAutoConfirmCount = 20;
 
+# Enforce basic editing etiquette (FS#46190)
+# We set the defaults for "minordefault" (disabled) and "forceeditsummary"
+# (enabled) options and hide them from the user preferences dialog. Note that
+# hiding the user preferences with $wgHiddenPrefs results in everybody using
+# the defaults, regardless of the users' earlier preference.
+$wgDefaultUserOptions["minordefault"] = 0;
+$wgDefaultUserOptions["forceeditsummary"] = 1;
+$wgHiddenPrefs[] = "minordefault";
+$wgHiddenPrefs[] = "forceeditsummary";
+
 
 ##
 ## Additional extensions
-- 
cgit v1.2.3-54-g00ecf


From f1c44a65db08b237e7d65ec243e050c2c8db49e6 Mon Sep 17 00:00:00 2001
From: Jakub Klinkovský <j.l.k@gmx.com>
Date: Wed, 20 Jul 2016 21:14:14 +0200
Subject: LocalSettings: Enable support for userscripts and user-stylesheets

Related bug report: FS#46699 [1]

Enabling userscripts allows the users to use many existing scripts from
Wikipedia [2], which can greatly improve the experience of reading,
editing and maintaining the wiki. It will also allow us to make some
ArchWiki-specific scripts like Wiki Monkey [3] more portable (currently
it depends on browser extensions like Greasemonkey to work).

Enabling user-stylesheets lets the users customize the default Arch skin
on the wiki according to their preference, and more importantly, it
makes it easier for users to test modifications and prepare patches for
the main skin. This is probably the main blocker of FS#46697 [4].

[1] https://bugs.archlinux.org/task/46699
[2] https://en.wikipedia.org/wiki/Wikipedia:User_scripts
[3] https://wiki.archlinux.org/index.php/Wiki_Monkey
[4] https://bugs.archlinux.org/task/46697
---
 LocalSettings.archlinux.org.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php
index 0d5d0d2c..484ec190 100644
--- a/LocalSettings.archlinux.org.php
+++ b/LocalSettings.archlinux.org.php
@@ -81,6 +81,10 @@ $wgJobRunRate = 0;
 # Enable subpages in the main namespace (FS#39668)
 $wgNamespacesWithSubpages[NS_MAIN] = true;
 
+# Enable support for userscripts and user-stylesheets (FS#46699)
+$wgAllowUserJs = true;
+$wgAllowUserCss = true;
+
 
 ##
 ## Database settings
-- 
cgit v1.2.3-54-g00ecf


From 688fde9f793c9dbe85c561c00ee9b72ef97b1d6d Mon Sep 17 00:00:00 2001
From: Jakub Klinkovský <j.l.k@gmx.com>
Date: Wed, 20 Jul 2016 21:49:44 +0200
Subject: LocalSettings: add groups for AbuseFilter rules

---
 LocalSettings.archlinux.org.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php
index 484ec190..6d432b0b 100644
--- a/LocalSettings.archlinux.org.php
+++ b/LocalSettings.archlinux.org.php
@@ -270,6 +270,17 @@ $wgGroupPermissions['sysop']['abusefilter-private'] = true;
 $wgGroupPermissions['sysop']['abusefilter-modify-restricted'] = true;
 $wgGroupPermissions['sysop']['abusefilter-revert'] = true;
 
+# filter groups
+$wgAbuseFilterValidGroups = array( 'default', 'proofed' );
+$wgAbuseFilterEmergencyDisableThreshold = array(
+    'default' => 0.5,
+    'proofed' => 1.0,
+);
+$wgAbuseFilterEmergencyDisableCount = array(
+    'default' => 10,
+    'proofed' => 65535,
+);
+
 # CheckUser extension
 wfLoadExtension( 'CheckUser' );
 $wgGroupPermissions['sysop']['checkuser'] = true;
-- 
cgit v1.2.3-54-g00ecf


From 26fe3772c0d44656849169584dbba32a579dab14 Mon Sep 17 00:00:00 2001
From: Alad Wenter <alad@archlinux.info>
Date: Sun, 24 Jul 2016 00:16:18 +0200
Subject: Enable ParserFunctions extension

ParserFunctions allows for more versatile wiki templates, amongst other
functionality, and is shipped with MediaWiki since version 1.18. [1]

Included string functionality remains disabled, as is done on wikimedia
projects. [2]

[1] https://www.mediawiki.org/wiki/Extension:ParserFunctions
[2] https://phabricator.wikimedia.org/T8455#110965
---
 LocalSettings.archlinux.org.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php
index 6d432b0b..afcbe857 100644
--- a/LocalSettings.archlinux.org.php
+++ b/LocalSettings.archlinux.org.php
@@ -286,6 +286,8 @@ wfLoadExtension( 'CheckUser' );
 $wgGroupPermissions['sysop']['checkuser'] = true;
 $wgGroupPermissions['sysop']['checkuser-log'] = true;
 
+# ParserFunctions extension
+wfLoadExtension( 'ParserFunctions' );
 
 ##
 ## Temporary settings for maintenance
-- 
cgit v1.2.3-54-g00ecf


From b5e7f46db0fcb6f251206eaf36339ad3ad589f8b Mon Sep 17 00:00:00 2001
From: Alad Wenter <alad@archlinux.info>
Date: Tue, 26 Jul 2016 20:02:58 +0200
Subject: Enable Interwiki extension

This extension allows to modify the interwiki table [1], and is shipped
with MediaWiki since version 1.21. [2] It is enabled as a temporary
measure until functionality is merged to the MediaWiki core. [3]

[1] https://www.mediawiki.org/wiki/Manual:Interwiki_table
[2] https://www.mediawiki.org/wiki/Extension:Interwiki
[3] https://phabricator.wikimedia.org/T33951
---
 LocalSettings.archlinux.org.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/LocalSettings.archlinux.org.php b/LocalSettings.archlinux.org.php
index afcbe857..db98bdb4 100644
--- a/LocalSettings.archlinux.org.php
+++ b/LocalSettings.archlinux.org.php
@@ -289,6 +289,10 @@ $wgGroupPermissions['sysop']['checkuser-log'] = true;
 # ParserFunctions extension
 wfLoadExtension( 'ParserFunctions' );
 
+# Interwiki extension
+wfLoadExtension( 'Interwiki' );
+$wgGroupPermissions['sysop']['interwiki'] = true;
+
 ##
 ## Temporary settings for maintenance
 ##
-- 
cgit v1.2.3-54-g00ecf