Use HTTPS instead of HTTP where the HTTP link is a redirect to the HTTPS link.
Also update some defect links.
Change-Id: Ic3a5eac910d098ed5c2a21e9f47c9b6ee06b2643
In core this holds the 'suppressionlog' right. SpamBlacklist and
TitleBlacklist would add their permissions here as well.
Bug: T149235
Change-Id: I8e2304e7b6f2af0c3d21d7d7390e4979b8eaee39
Branch point was dc0f9b3a3a
The following commits missed the branch point and should probably
be backported because master reports them as 1.28
- 4290f686c0
- 81698d4c16
- 40da8bf039
- 95db9833dd
- 7bd97758f7
Change-Id: I51562ba357b5533500ef9dd1e29107dd05cc9e1e
It may be reasonable to ignore the 'noratelimit' right granted to a user
when perfuming some rate limit checks. As an example, a rate limit check
on failed authentication attempts should not be bypassed.
Add an optional '&can-bypass' configuration option for each
$wgRateLimits action that can be set to false to disable checking
User::isPingLimitable(). This bypasses both 'noratelimit' and
$wgRateLimitsExcludedIPs exclusions.
Depends-On: Iacdd1719d5f08eca91de0a35c0042ffee2136f34
Change-Id: Ia3add8bbbab0307f036e9b77e752c382da3a0d04
This adds support for multiple count-per-period limits and arbitrary
period durations in the AuthManager account creation throttle in the
wiki settings. The $wgAccountCreationThrottle config variable becomes
an array like $wgPasswordAttemptThrottle.
Bug: T146290
Change-Id: Iea182a92a1199b0ce7103ab9ae24f1c87b01985c
* Also simplified the srvCache variable usage to be unconditional.
* The wfRandomString() call has also been replaced.
Change-Id: I17e83b17ec549906ee200bbe9eb2f0b151423e26
The magic link functionality is "old backwards-compatibility baggage"
that we probably want to get rid of eventually. The first step to doing
so would be making it configurable and allowing it to be turned off on
wikis that don't use it.
This adds each of the 3 magic link types as individual parser options,
which can be controlled by the $wgEnableMagicLinks setting.
Additionally, wfEscapeWikiText() was updated to only escape enabled
magic link types.
Bug: T47942
Change-Id: If63965f31d17da4b864510146e0018da1cae188c
* If CACHE_DB is used, it will not use the cache however.
* If persistent cache is disabled, at least maintain the
process caching.
Change-Id: I23b455ef46f27c313bb9573f69723b1436b2d584
This is more consistent with LoadBalancer, modern, and inclusive
of master/master mysql, NDB cluster, and MariaDB galera cluster.
The old constant is an alias now.
Change-Id: I0b37299ecb439cc446ffbe8c341365d1eef45849
This is used as the main stash by default, which is not a
performance cache but a stash for ephemeral values typically.
Change-Id: Ie3740c0387f36a3f9b2d8d7d3b4e04ee9238ab1a
This avoids slave lag and makes query time account easier.
It also avoids table-level autoinc locking and slave drift
with statement-based replication in some setups.
Also refactored the use of $wgCommandLine mode in
DatabaseBase slightly, so that it can be injected.
Change-Id: I2dba6024ecf32c9ee24a3080cce3b02568c1458b
* Add getVirtualRESTServiceClient() to MediaWikiServices.
* Support auto-mounting services that are usable by the
main MediaWikiServices instance.
* Support lazy-loading in mount(), where only class/args
are set until the service is needed. This avoids excess
overhead.
Change-Id: I5c22be59664b3f5716c957e2c3d7c8e70d5fdc6c
* Use getCanonicalURL() to avoid links with the wrong host (e.g.
when it is virtual) and to avoid getting redirects.
* Also disable this setting when post-send execution is already
available, by default.
* Bump the socket timeout slightly.
Bug: T107290
Bug: T68485
Change-Id: I56c43193fa6583cc0c8209ff59cf20c986a799a3
For the index.php end point, POSTs do not need a token.
This avoids cross-DC writes in active/active DC setups and
avoids DB writes that can be caused by just accidentally
following a link.
There are no links to action=purge by default in MediaWiki.
User scripts that create purge links will continue to work.
However these links will now point to a confirmation form.
To preserve the immediate-purge-redirect effect, these
scripts should be updated to use the API instead.
Bug: T135170
Change-Id: I5749ff470d99c5e3f22e05ff6856394cc05a0f48
Add 'viewmyprivateinfo' user right, which controls
access to information like email and real name.
Bug: T68493
Change-Id: I9f7de8ad77a1592707695cb5c1983b8f4cace1b6
The defaults that were in $wgMediaHandlers are now listed in
MediaHandlerFactory.
The main advantage of doing this is we get O(1) replacement when
extensions set a media handler in their extension.json.
Bug: T141305
Change-Id: I05771a673837ab8d6331eedc24eb707be7f3a250
* Add slash and backslash ('/' and '\') to $wgIllegalFileChars.
* Replace illegal chars before removing paths in wfStripIllegalFilenameChars().
This way users trying to upload a file with slashes in the name will
get a better filename suggestion (e.g. for 'Foo part 1/3.jpg', you
previously got '3.jpg', now you'll get 'Foo part 1-3.jpg'). Uploading
tools that don't special-case slashes will also behave better.
Change-Id: Ib78f48a5f8c92e8ab2dc773ea6789b96b3662177
When $wgPingback is true, MediaWiki will periodically ping
https://www.mediawiki.org/beacon with basic information about the local
MediaWiki installation. This data includes, for example, the type of system,
PHP version, and chosen database backend.
The pingback is sent via a deferred (post-send) update whenever $wgVersion
changes, using the updatelog table to ensure we don't send duplicate pingbacks.
A database lock ensures only one thread attempts to send the pingback, and a
cache key throttles attempts to no more than once per hour.
$wgPingback is false by default. The web installer has a checkbox for
controlling this option, and it is checked by default. This nudges new installs
to turn on pingbacks, but does not sneak this decision past sysops of existing
installs.
Change-Id: Ie43a6b46a07ebd9ccc1b9c3001f2ea02435d826b
Deletes LanguageEo.php class which only had remains of the server-side
character conversion (sx <-> ŝ, etc). This is being obsoleted in favor
of client-side IMEs provided by UniversalLanguageSelector extension.
Removes deprecated $wgEditEncoding, which was only used for this.
Turns Language::recodeInput() and Language::recordForEdit() into no-ops
for any old or extension code that happened to still use them.
Bug: T62677
Change-Id: Ib647353538d258dee941f2f7c571191060bc9c7d
