The previous check for the necessary permissions to create a user were
no longer correct. They did not check for the CREATE USER global
permission, which is also sufficient for user creation. Additionally,
they were checking for the ability to grant permissions by comparing
the IS_GRANTABLE column against a boolean true (integer 1). The column
is a varchar(3) that stores the string 'YES' to indicate the presence
of the permission, so the comparison against the integer boolean is
always false.
MySQL has had both the CREATE USER permission and the use of a
varchar(3) column for IS_GRANTABLE since at least MySQL 5.0, so they
are present for all supported versions of MySQL/MariaDB.
This was likely not a problem until 3f852f7ddc, at which point the
checks were added to the web installer flow.
Now, the CREATE USER permission is also accepted and IS_GRANTABLE is
compared against 'YES', so the web installer will be able to present
the option to create users if the database administrator account has
the correct permissions.
Bug: T391179
Change-Id: I5c2454599d6e91559d9996fe7c274eb8daab44bd
(cherry picked from commit daff6d03638f5c7108339f0a8774d2cfd9fbc0f0)
Why:
- Special:PasswordReset uses raw POST values to add username and email
info to success messages post-submit.
- These values may be parsed by PHP as arrays if a client supplied
crafted input with multi-value fields.
- Instead of doing our own param validation in onSuccess(), we can reuse
parsed values in onSubmit() and do the rendering there.
What:
- Move success message processing to onSubmit().
Bug: T392086
Change-Id: I9b0e115c417d0f3080e711441c79608d782932ce
(cherry picked from commit 37d63156c841f9a19080c9438cdf66cf58a7da7a)
* Update skins/Vector from branch 'REL1_43'
to 3b1380e2dc4128604d6853f47a300b1fb28c3bd5
- Localisation updates from https://translatewiki.net.
Change-Id: I4666b645d518eda566d0a7cd746d4ce109feb0d6
* Update skins/MinervaNeue from branch 'REL1_43'
to c0a1ed22874285de977665e387f03e13097f39a2
- Localisation updates from https://translatewiki.net.
Change-Id: I565b964eb6daaf3115e575c33df255863fa4ad9e
* Update extensions/VisualEditor from branch 'REL1_43'
to 25f48f8dfd7e3ffd3d74aa4ad756abdae3caa434
- Localisation updates from https://translatewiki.net.
Change-Id: I91aa63c29747d3141b27cc324a379278d7176271
* Update extensions/WikiEditor from branch 'REL1_43'
to c627ce9b01d8c0fdde15371a40c0211842b34d49
- Localisation updates from https://translatewiki.net.
Change-Id: I13742d4dff2a7682280faea6db5aecfb8b5580dd
* Update extensions/Scribunto from branch 'REL1_43'
to 87916a34e0516c1dd1eaed4adf5b2d44603c7c3c
- Localisation updates from https://translatewiki.net.
Change-Id: I6f7ef6462c8fd4c499bf4ea0d9ee0f3b0c39e1d0
* Update extensions/Thanks from branch 'REL1_43'
to b9cc839a0a3f62dc3a13ab2c76c0ec1e45328551
- Localisation updates from https://translatewiki.net.
Change-Id: If992ed5c7e31969970d26b378a1a373298b9d846
* Update extensions/LoginNotify from branch 'REL1_43'
to 0fe872ed32d55852fccc8e1f1c28a6d2b6f4b6b5
- Localisation updates from https://translatewiki.net.
Change-Id: I39c299dd7667abc0685739f7c9908da25de9622c
* Update extensions/Cite from branch 'REL1_43'
to 67f62f9a65e3686e07574e3362f81bf494ed4d8f
- Localisation updates from https://translatewiki.net.
Change-Id: Id680ec353b27ada02836f9c644d0bc080a791878
* Update extensions/CategoryTree from branch 'REL1_43'
to bd89d6d9a1ad59701baddc1099596e531c51eabe
- Localisation updates from https://translatewiki.net.
Change-Id: I1b007293048df70e9180ee6be84186ef0d0e9955
* Update extensions/Echo from branch 'REL1_43'
to bab9504f6ebdda74f48b5926335d7240568f1d5a
- Localisation updates from https://translatewiki.net.
Change-Id: I931e7c0b15f638b0d3cdf53c297d46a4db18783b
* Update extensions/OATHAuth from branch 'REL1_43'
to 72d8ec5feebd8a160199d5a5dfa6789f1dd99d74
- Localisation updates from https://translatewiki.net.
Change-Id: I0387c52c562ad664b034de994310e628c40435b1
* Update extensions/Linter from branch 'REL1_43'
to 8600393f64c095dbf1c344d5e555f524c9a797d5
- Localisation updates from https://translatewiki.net.
Change-Id: I39c299dd7667abc0685739f7c9908da25de9622c
* Update extensions/DiscussionTools from branch 'REL1_43'
to 123e7732c17aba2969dc60ab982f20b2904707db
- Localisation updates from https://translatewiki.net.
Change-Id: I3bb30c250ba693be81f9da720bb42a8a3812e23c
* Update extensions/CiteThisPage from branch 'REL1_43'
to 53d0e706a4863e9b1155b6e782936b89da9d7b17
- Localisation updates from https://translatewiki.net.
Change-Id: I034af01f283e5837a1de20c41cacabaab283ce9e
* Update extensions/Nuke from branch 'REL1_43'
to 96798529616368805af951aee745ba5c2d12b7c1
- Localisation updates from https://translatewiki.net.
Change-Id: I7c29571fae1de16d186e922519d331323e7e59ad
* Update extensions/MultimediaViewer from branch 'REL1_43'
to 94438020a3660a00d99a575a5d62494b3321ed43
- Localisation updates from https://translatewiki.net.
Change-Id: If0aac57bee3e712f9b67c6cf617c75fed7d9a129
* Update extensions/Math from branch 'REL1_43'
to 6e27f6acd4e255e7133467117bcdd7e7c585cb86
- Localisation updates from https://translatewiki.net.
Change-Id: I1aba04c29f56c32a8f6967033a634e6bbd23e7e5
* Update extensions/InputBox from branch 'REL1_43'
to 10a4dd9588a1bc5e4f69497aa55dfd7621282ef1
- Localisation updates from https://translatewiki.net.
Change-Id: I28d9ff879dadedf97012ba73fa3dc50d5a0c3356
* Update extensions/ConfirmEdit from branch 'REL1_43'
to cc9dc0cf90b9b38ab873fb42b004cc63ca8f4c7e
- Localisation updates from https://translatewiki.net.
Change-Id: I913b95ff735ec64a7d70d51e7eff146eef31c055
* Update extensions/AbuseFilter from branch 'REL1_43'
to ef2dde18bd6d059b8dd312fe55ba9d9ace53b7ca
- Localisation updates from https://translatewiki.net.
Change-Id: I7cec52c07aeb74121b64c245f9d5e1fe3d1ae8d1
Why:
- Since we re-distribute a Swagger bundle that includes all the
libraries, we should also supply the licenses associated with these
libraries.
- See https://github.com/swagger-api/swagger-ui/issues/8317
What:
- Create a directory containing the relevant OSI licenses.
- Create a list of all the libraries included in Swagger UI
and their respective licenses.
Bug: T382086
Change-Id: I30be1fee2b3ebd7352fa6255a95969e91a75d575
(cherry picked from commit ea8d04800ff074f15ab4c83b39db438bb26fa617)
strtr(): Passing null to parameter #1 ($string) of type string is
deprecated in php8.1
Change-Id: I224d8e8baa9d878db3635cb6c46eb62eb6f60469
(cherry picked from commit 596589d9032b5e7a3f9b4ed7e0558b42cf66690b)
* Update extensions/OATHAuth from branch 'REL1_43'
to b6cb1d5739c3ff3d165ae56d6131c85481deb5a1
- Do not make Copy button the default submit action on TOTP form
Bug: T354028
Change-Id: I30d4bae47141e06aa6993c22836f7336ba758a14
* Update extensions/AbuseFilter from branch 'REL1_43'
to 6ebcd929c7f7a2f8be715dfe39c59b53570829f0
- SECURITY: Use correct bitwise operator on CentralDBNotAvailableException
Why:
* When FilterLookup::getFilter throws a
CentralDBNotAvailableException, the code which calls it
sometimes catches the exception and then assumes the filter
has the maximum privacy level.
* This logic is broken as the wrong PHP bitwise operator is used
("&" instead of "|").
What:
* Update all uses of "&" to "|" in the affected places.
Bug: T389235
Change-Id: Idb08add69a55fb387ec51fb220cafc46542afd1a
CVE-2025-3469
Only use HtmlSnippet when the labels are not coming from a message, to
avoid XSS-via-i18n vulnerabilities.
Bug: T358689
Change-Id: If91500bc76b3ed8cdc58da4f9de326df6d201398
CVE-2025-32699
Ensure that Unicode NFC normalization can be applied to our HTML
output safely. Even though the W3C officially recommends against
normalizing HTML
https://www.w3.org/International/questions/qa-html-css-normalization#converting
this is still easily done inadvertently, especially when using the
MediaWiki action API which normalizes parameters and results by
default.
See also I671648603c4635a35585c860b4857f5ea085e47f in Parsoid, and
T266140 / I2e78e660ba1867744e34eda7d00ea527ec016b71 for another similar
issue.
The following changes are made:
* The various HTML serializers (Remex/Tidy-derived, as well as the
Html::* helpers) are tweaked to entity-escape U+0338 wherever it
appears.
* Similarly, Message::escaped() is tweaked to entity-escape U+0338.
* Finally, a post-processing pass is added to the OutputTransform
pipeline to catch any remaining U+0338 and entity-escape them.
This catches U+0338 added during any of the previous OutputTransform
stages (like TOC insertion, section edit links, etc).
*When backporting* this code will likely need to be moved to
ParserOutput::getText(), as the OutputTransform pipeline wasn't added
until MW 1.42.
Bug: T387130
Change-Id: I66564e14e730f5393f4fa5780b80f24de6075af5
Same as was done in 5f2584b648
Bug: T391586
Follows-Up: I966cddb337c9373ed3a369496548a8d8c538ae84
Change-Id: I757eb043f8043d6620fb69bd072d9bb9e97ad163
(cherry picked from commit 7a84c34398639d3422f81ab9711539c34d435621)
Almost every call to isCascadeProtected() (which uses short-circuit
mode) is followed by a call to getCascadeProtectionSources() (which
doesn't), so this attempted optimization (skipping a loop that does
some very cheap operations) actually results in worse performance
in the common case (because the result of the database query can't
be cached in short-circuit mode, and we must query it again), and
it makes the code really annoying to read or modify.
Relevant code: https://codesearch.wmcloud.org/search/?q=getCascadeProtectionSources\(|isCascadeProtected\(&excludeFiles=RestrictionStore.php|HISTORY|tests%2F
Change-Id: Ib9eb6cab28492776d40a10cbfb28e9c1cec8c1d2
(cherry picked from commit f9180c4a36fb8874fc0211f05a1eebaceb67aa0c)
If something inside the callback above throws an exception (e.g.
`parseCachedTable()` when the database is down), and it is caught,
`$this->mTablesLoaded` and `$this->mTables` will be left in an
inconsistent state for the rest of the request, causing confusing
errors elsewhere.
Bug: T388807
Change-Id: I79704d6d5c03d5e028c0c762a37fd55b953a4a6a
(cherry picked from commit 6d4f287059521fd4e7fe094ccb00aca54906b31f)
* Update skins/Vector from branch 'REL1_43'
to a4a127342e106a27d89253921cc771a978523a68
- Localisation updates from https://translatewiki.net.
Change-Id: I9189d564e985d3115d39dc29d2894421c0c491d4
* Update skins/MinervaNeue from branch 'REL1_43'
to 9dfbada4fe1994e279828289a424ecbfdc8b754c
- Localisation updates from https://translatewiki.net.
Change-Id: I54de52119783721703597574d7f2f6289c2db456
* Update extensions/VisualEditor from branch 'REL1_43'
to b890dad267289a9ecec8c02c3e6fedc957948e9f
- Localisation updates from https://translatewiki.net.
Change-Id: Ic7a4e06cc699ce46a339ffdbdb56f67e6be8a24c
* Update extensions/TemplateData from branch 'REL1_43'
to 514b72c1cd263c641d0fcf6eb6e564eec8b5f593
- Localisation updates from https://translatewiki.net.
Change-Id: I6379ffa6a64588002bb3c09704be965b326b5488
* Update extensions/TitleBlacklist from branch 'REL1_43'
to 8e8ebe02588343ea0d0c44095c2765632194f241
- Localisation updates from https://translatewiki.net.
Change-Id: Icb7281fa197293315391243f8784a1500b2e3999
* Update extensions/WikiEditor from branch 'REL1_43'
to 67f6158919d1d2e0de0a716c7cf4f7fbd240445a
- Localisation updates from https://translatewiki.net.
Change-Id: I1f4573b9768b025f17c6d20884fb75dc4fd91790
