- MWCryptRand: A new api for generating cryptographic randomness for security tokens. Uses whatever cryptographic source is available and if not falls back to using random state and clock drift.
- wfRandomString - A simple non-cryptographic pesudo-random string generation function to replace wfGenerateToken which was written pretending to be secure when it's really not.
- Core updates to use MWCryptRand in various places:
-- user_token generation (to do this we stop generating user_token implicitly and only generate it when needed to avoid depleting the system's entropy pool by reading random data we'll never use)
-- email confirmation token generation
-- password salt generation
-- temporary password generation
-- Generation of the automatic watchlist token
-- login and create user tokens
-- session ids when php's entropy sources are not set
-- the installer when generating wgSecretKey and the upgrade key
* Made WatchedItem select wl_notificationtimestamp instead of "1"
* Added loading mechanism, accessor to wl_notificationtimestamp and method to reset that timestamp
This allows the entire user_token column to be regenerated after a leak by running `UPDATE user SET user_token = NULL;` and letting the user_tokens be regenerated as users try to log back in.
PHP Notice: Use of User::getSkin was deprecated in MediaWiki 1.18. [Called from TalkpageView::show in /www/w/extensions/LiquidThreads/pages/TalkpageView.php at line 251] in /www/w/includes/GlobalFunctions.php on line 3520
PHP Notice: Use of User::getSkin was deprecated in MediaWiki 1.18. [Called from MessageTable::contents in /www/w/extensions/Translate/utils/MessageTable.php at line 98] in /www/w/includes/GlobalFunctions.php on line 3520
PHP Notice: Use of User::getSkin was deprecated in MediaWiki 1.18. [Called from TranslationHelpers::ajaxEditLink in /www/w/extensions/Translate/utils/TranslationHelpers.php at line 1186] in /www/w/includes/GlobalFunctions.php on line 3520
PHP Notice: Use of User::getSkin was deprecated in MediaWiki 1.18. [Called from ThreadPermalinkView::getSubtitle in /www/w/extensions/LiquidThreads/pages/ThreadPermalinkView.php at line 153] in /www/w/includes/GlobalFunctions.php on line 3520
and maybe more
This is the wrong configuration format for such a feature, and the wrong interface. We already have certain per-namespace permissions in the Title class, and we didn't need to add extra formal parameters to a whole lot of User methods in order to get them. The feature should be implemented wholly in Title, and the concept of user rights should remain relatively simple and easy to understand, and independent of its many applications, i.e. a user either has a right or doesn't. Rights are just a tool for developing access policies; the complexity should be in the caller.
The revert was mostly done by hand, since there were a lot of conflicts. I tried to preserve the gist of conflicting changes in r102187 and r102873. The test changes are not simple reverts, rather I just edited out the per-namespace tests. I reverted the followups r92589 and r104310.
email address is removed
In Preferences::trySetUserEmail no point trying to reset the users email if it's the same
Same for User::setEmail
After setting the email though, invalidate email auth tokens
Add a UserDisplayName hook to allow extensions to give custom display names for users.
Add a $wgRealNameInInterface to use the real name of a user as the display name.
To start of the first use of the display name functionality tweak SkinTemplate to declare the userdisplayname and use it inside of personal_urls.
Added run of ConvertUserOptions maintenance script into update.php before dropping the column
Removed usages of user_options in code
Marked User::decodeOptions() deprecated as of 1.19.
Made ConvertUserOptions drop out early if the user_options field doesn't exist
Made ConvertUserOptions update user_options to '' after migration of user options to mOptions
It's necessary for User::loadFromRow() to set $this->mGroups to null, same as the calling code in User::loadFromDatabase(), so that they will be loaded dynamically when User::newFromRow() is called.
No bugs found that are caused by this but it couldn't hurt to have working accessors. Tested from eval.php.
