Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
34230 commits 1 branch 0 tags 744 MiB
Commit graph

39 commits

Author SHA1 Message Date
Niklas Laxström
0b53892e72 Add a content type and encoding header to profileinfo.php, encoding was borked 2011-02-11 19:28:04 +00:00
Sam Reed
6b3b915353 Big attack on unused variables... 2010-10-14 20:53:04 +00:00
Platonides
8a0282e238 Move some globals into the class. 2010-09-29 16:05:46 +00:00
Chad Horohoe
9e6c7cc8ef Get rid of PHP4-style constructors 2010-08-30 16:52:51 +00:00
Alexandre Emsenhuber
db966a52af Put copyright notice in the standard place (and added @file) 2010-08-07 14:35:18 +00:00
Tim Starling
f21fdea9e5 * Rewrote r69952, profileinfo.php XSS fix. It was probably safe, but it seemed very confused about the order of escaping operations. The whole MediaWiki framework is available, including wfArrayToCGI(), there's no need for unconventional code. 
* Renamed makeurl() to something more descriptive and less likely to conflict with extensions.
 2010-07-27 02:39:32 +00:00
Platonides
f3a89bb4d0 Close the web page when it is disabled. 
Fix XSS in filter parameter. Normal setups (with $wgEnableProfileInfo = false) are not affected.
 2010-07-26 17:41:14 +00:00
Aryeh Gregor
74a21f3bd1 Remove most named character references from output 
Recommit of r66254 to trunk.  This was just

find extensions phase3 -iname '*.php' \! -iname '*.i18n.php' \! -iname 'Messages*.php' \! -iname '*_Messages.php' -exec sed -i 's/ /\ /g;s/—/―/g;s/•/•/g;s/á/á/g;s/´/´/g;s/à/à/g;s/α/α/g;s/ä/ä/g;s/ç/ç/g;s/©/©/g;s/↓/↓/g;s/°/°/g;s/é/é/g;s/ê/ê/g;s/ë/ë/g;s/è/è/g;s/€/€/g;s/↔//g;s/…/…/g;s/í/í/g;s/ì/ì/g;s/←/←/g;s/“/“/g;s/·/·/g;s/−/−/g;s/–/–/g;s/ó/ó/g;s/ô/ô/g;s/œ/œ/g;s/ò/ò/g;s/õ/õ/g;s/ö/ö/g;s/£/£/g;s/′/′/g;s/″/″/g;s/»/»/g;s/→/→/g;s/”/”/g;s/Σ/Σ/g;s/×/×/g;s/ú/ú/g;s/↑/↑/g;s/ü/ü/g;s/¥/¥/g' {} +

followed by reading over every single line of the resulting diff and
fixing a whole bunch of false positives.  The reason for this change is
given in <http://lists.wikimedia.org/pipermail/wikitech-l/2010-April/047617.html>.
I cleared it with Tim and Brion on IRC before committing.  It might
cause a few problems, but I tried to be careful; please report any
issues.

I skipped all messages files.  I plan to make a follow-up commit that
alters wfMsgExt() with 'escapenoentities' to sanitize all the entities.
That way, the only messages that will be problems will be ones that
output raw HTML, and we want to get rid of those anyway.

This should get rid of all named entities everywhere except messages.  I
skipped a few things like &nbsp that I noticed in manual inspection,
because they weren't well-formed XML anyway.

Also, to everyone who uses non-breaking spaces when they could use a
normal space, or nothing at all, or CSS padding: I still hate you.  Die.
 2010-05-30 17:33:59 +00:00
Chad Horohoe
d0ff1e57ff * (bug 14201) Set $wgDBadminuser/$wgDBadminpassword during setup 
* (bug 18768) Remove AdminSettings requirements. Maintenance environment will still load it if it exists, but it's not required for anything
 2009-07-23 00:31:37 +00:00
Brion Vibber
1c9773bd01 Revert r52336 "Merge maintenance-work branch:" 
Seems to have broken a bunch of stuff. Don't commit giant non-critical changes that break Setup.php and all maint scripts. Thanks!
 2009-06-24 02:49:24 +00:00
Chad Horohoe
59b60fc311 Merge maintenance-work branch: 
* (bug 16322) Allow maint scripts to accept DB user/pass over input or params if no AdminSettings.php
* (bug 18768) Remove AdminSettings.php from MediaWiki core
* (bug 19157) createAndPromote error on bad password
* (bug 14201) Create AdminSettings.php during wiki installation, in the same way as LocalSettings.php
* Introduce new Maintenance class framework and port a good number of scripts over; the ones that are left are a little more complicated. Read the docs.
* Not deleting "unused" files yet, don't want to break everything at once :)
 2009-06-24 02:02:37 +00:00
Alexandre Emsenhuber
58beeaa183 Tweaks to profileinfo.php: 
* whitespaces fixes
* changed "<form method="profiling.php">" to "<form method="get" action="profileinfo.php">" since "method" should be either "get" or "post" and the script's name was incorrect
 2009-05-29 16:48:12 +00:00
Alexandre Emsenhuber
768b6aa491 Per Tim's comment on r50192: $res->free(); is useless and should not be used 2009-05-28 19:56:19 +00:00
Alexandre Emsenhuber
fe535c030d * (bug 6802) profileinfo.php now also work on other database servers than MySQL 
Based on patches by Robert Treat (http://bug-attachment.wikimedia.org/attachment.cgi?id=2311) and Karun Dambiec (http://bug-attachment.wikimedia.org/attachment.cgi?id=6083)
 2009-05-04 18:35:49 +00:00
Aaron Schulz
d67b431f5a Set $wgProfileToDatabase = false 2008-12-10 03:59:43 +00:00
Brion Vibber
29e1b9a6ae * Less verbose errors from profileinfo.php when not configured 2008-11-17 18:53:35 +00:00
Alexandre Emsenhuber
24075418fb Warning: ini_set() [ref.outcontrol]: Cannot change zlib.output_compression - headers already sent in profileinfo.php on line 58 2008-09-23 18:23:09 +00:00
Aaron Schulz
7934561780 disable compression 2008-08-18 02:36:34 +00:00
Brion Vibber
d59abb95f7 don't need CSS units on non-CSS border attribute 2008-04-30 21:25:19 +00:00
Aaron Schulz
046bb8f4db More tweaks 2008-04-29 16:50:29 +00:00
Alexandre Emsenhuber
c44fc31ac7 tweaks: 
* group master queries with other queries in "SQL Queries" in profileinfo.php
* end 'main-misc-setup' section before executing ajax requests so that they don't get closed by the profiler for ajax requests.
 2008-04-29 16:35:11 +00:00
Aaron Schulz
274b9ac0ac * No need to *1000 
* Hide div-by-zero messages
* Fix kb factor
 2008-04-29 15:42:51 +00:00
Aaron Schulz
0a84547a88 Add border to make it easier to see 2008-04-29 15:18:45 +00:00
Aaron Schulz
f4281f54d5 * HTML clean up 
* Colors
 2008-04-29 15:14:12 +00:00
Aaron Schulz
58a42ae339 Keep this in kb too 2008-04-29 15:04:41 +00:00
Aaron Schulz
cccf275d2f More sorting 2008-04-29 15:03:21 +00:00
Aaron Schulz
1a4afa8f7e Re-arrange a little. Show memory. 2008-04-29 12:10:56 +00:00
Aaron Schulz
4e0efac138 Use dbprefix, so it actually gets results 2008-04-28 16:53:09 +00:00
Victor Vasiliev
972b0afa76 Tweak profileinfo.php: 
* Added average calls per request column
* Added time % column
 2008-01-14 18:46:31 +00:00
Tim Starling
94eb70b529 No setup, no wfDie(). You can't have it both ways. 2006-10-04 07:14:56 +00:00
Tim Starling
3ea576aa25 Consolidated web initialisation code into includes/WebStart.php. Moved profiling setup to a hook file "StartProfiler.php", following Brion's suggestion to merge Wikimedia's early profiling patch into subversion. Renamed Profiling.php and logProfilingData(), removed unnecessary wfProfileClose() calls. 2006-07-14 05:35:31 +00:00
Tim Starling
0cb21ebe29 XSS 2006-07-09 04:30:16 +00:00
Brion Vibber
266d41f165 * Added wfDie() wrapper, and some manual die(-1), to force the return code 
to the shell to return nonzero when we crap out with an error.
 2006-01-14 02:49:43 +00:00
Antoine Musso
e7a00df4c9 Fix #4418: remove $id and $header that causes conflicts 2006-01-03 11:59:39 +00:00
Tim Starling
239ba39261 workaround for any current or future exploit of the $GLOBALS overwrite vulnerability 2005-10-31 21:14:07 +00:00
Brion Vibber
c42635c15a tyop in mrakup 2005-07-06 05:18:09 +00:00
River Tarnell
3791c6e5e0 sort sql queries into their own tree 2005-07-03 02:36:51 +00:00
River Tarnell
152a60a024 initialise to false 2005-07-03 02:28:11 +00:00
River Tarnell
9af3c09e5c spiffy script to display profiling info on the interweb 2005-07-03 02:22:09 +00:00