There really isn't a previous content model because the page didn't
exist beforehand, so say the page was created with a non-default
content model.
Bug: T128645
Change-Id: Ibe0b124e3f3ceaaf3775f82e2646b7639a146a42
It's been unmaintained for a while and does not support
various languages adequately.
Also, document $wgExternalDiffEngine.
Change-Id: Ia8aeffd79d550fb7a1a7121456940446eea8bd4f
Stop using a TLD in the EmailNotification class that can now
potentially become a valid domainname.
Bug: T97711
Change-Id: If69d5f32b97320986b14260c851d4aca0d28aa69
This is the first step before this userright can be granted to everyone
(or at least 'user').
There were a few issues with granting this permission at all on public
wikis (tracked at T85847) which are now all fixed.
Bug: T85847
Change-Id: Idcaaaaa5cc3fd7c3efca6c57698767689b9a1d09
In addition to the 5 attempts every 5 minutes rule, add some long
term rules. Its extraordinarily unlikely that a non-malicious person would
use the wrong password 150 times in a row, so add a rule that you
can't have 150 login fails in a row in 48 hours all from the same
IP address. Also add the ability to set throttles across all IPs, but
do not set any of these types by default (There is an unclear risk/benefit
tradeoff between making it easy to lock someone out of their
account in a DoS attack, and preventing brute-forcing)
Bug: T122164
Change-Id: I5c279906936ef3991a42fc21325c3ffd4a200493
When an entry point specifies MW_NO_SESSION, actually enforce that by
having both SessionManager and PHP's session handling (session_start()
and friends) throw exceptions.
If an entry point needs the old behavior of using PHP's default session
handling (as defined in php.ini), it should define
MW_NO_SESSION_HANDLER instead of or in addition to MW_NO_SESSION.
This also makes PHPSessionHandler be installed in CLI mode, where it
wasn't installed before.
Bug: T127233
Change-Id: I2a3db06ee8e44a044096c57a819b5fd5e51c5c5c
The feature no longer exists starting in PHP 5.4.0, and MediaWiki
now only supports PHP 5.5.9 or newer.
Change-Id: I3f2d1b564c50f0a28ec1ec0abd7d1b242e26953b
As an attempt to detect SessionManager errors that log people into
the wrong account, log multiple IPs using the same session, or the same
user account.
Bug: T125455
Change-Id: I27468a3f6d582d9b46984227b9307dc71190fd6a
We don't want it to accidentally end up in MediaWiki 1.27 release.
It can be restored again when needed.
This reverts commit d0e47d475c.
Bug: T120867
Change-Id: Ie1a90ad2d2ccdecf189313e18c3c5b24576363f4
Currently, the "alpha version" of MediaWiki is the only version, that doesn't
follow semantic versioning (1.27alpha), wmf branches are named according to the
sember convention (e.g. 1.27.0-wmf.1) and releases, too (e.g. 1.26.0). Change the
alpha version naming to follow semver, too:
1.27alpha -> 1.27.0-alpha
Change-Id: I026825c688e2eaed104ed2d0ec206b5a897a3527
This allows for quickly invalidating everyone's session all at once by
changing a single value.
As a side effect, setting this also stops the user_token field from
the database from being served to the user as a cookie.
This mitigates but doesn't completely solve T49490, as it allows for
invalidating all existing sessions and token-cookies but does not help
if the user_token field in the database was leaked.
Bug: T49490
Change-Id: I9d316a6bbb36278d138f39a89125ebb8cc71b28f
In Special:Export if you enter a category in the "Add pages from
category" textbox, there was a hardcoded limit of 5000 page titles in
the function getPagesFromCategory().
The same is true for a similar function fetching pages by namespace
instead of category, function getPagesFromNamespace().
I have a couple of wikis where we wish to export a nummber of pages
exceeding 5000, so this is inconvenient. In this commit, I have
introduced one new global configuration variable: $wgExportPagelistLimit.
This new configuration variable has had its default set in
includes/DefaultSettings.php to the values the two affected functions
were hardcoded to prior to this patch; 5000 in both instances.
This way, I can adjust the number of pages returned in the
Special:Export page by adjusting the above new variable in
LocalSettings.php.
Change-Id: I6ca9e26eb6bc4a7a2bafd73b9460f445940c8ecb
The plan here is to take it out of 1.27.0-wmf.12 and put it back in
1.27.0-wmf.13.
Since BotPasswords depends on SessionManager, that's getting temporarily
removed too.
This reverts the following commits:
* 6acd424e0d SessionManager: Notify AuthPlugin before calling hooks
* 4d1ad32d8a Close a loophole in CookieSessionProvider
* fcdd643a46 SessionManager: Don't save non-persisted sessions to backend storage
* 058aec4c76 MessageCache: Don't get a ParserOptions for $wgUser before the end of Setup.php
* b5c0c03bb7 SessionManager: Save user name to metadata even if the user doesn't exist locally
* 13f2f09a19 SECURITY: Fix User::setToken() call on User::newSystemUser
* 305bc75b27 SessionManager: Don't generate user tokens when checking the tokens
* 7c4bd85d21 RequestContext::exportSession() should only export persisted session IDs
* 296ccfd4a9 SessionManager: Save 'persisted' flag in session metadata
* 94ba53f677 Move CSRF token handling into MediaWiki\Session\Session
* 46a565d6b0 Avoid false "added in both Session and $_SESSION" when value is null
* c00d0b5d94 Log backtrace for "User::loadFromSession called before the end of Setup.php"
* 4eeff5b559 Use $wgSecureCookie to decide whether to actually mark secure cookies as 'secure'
* 7491b52f70 Call session_cache_limiter() before starting a session
* 2c34aeea72 SessionManager: Abstract forceHTTPS cookie setting
* 9aa53627a5 Ignore auth cookies with value 'deleted'
* 43f904b51a SessionManager: Kill getPersistedSessionId()
* 50c5256352 SessionManager: Add SessionBackend::setProviderMetadata()
* f640d40315 SessionManager: Notify AuthPlugin when auto-creating accounts
* 70b05d1ac1 Add checks of $wgEnableBotPasswords in more places
* bfed32eb78 Do not raise a PHP warning when session write fails
* 722a7331ad Only check LoggedOut timestamp on the user loaded from session
* 4f5057b84b SessionManager: Change behavior of getSessionById()
* 66e82e614e Fix typo in [[MediaWiki:Botpasswords-editexisting/en]]
* f9fd9516d9 Add "bot passwords"
* d7716f1df0 Add missing argument for wfDebugLog
* a73c5b7395 Add SessionManager
Change-Id: I2389a8133e25ab929e9f27f41fa9a05df8147a50
Move ZhConversion.php and Names.php to languages/data and make them both
expose their data as static class variables instead of in the local
scope. This means that the autoloader can be used to load the data,
which is efficient and secure. This also makes additional request-local
caching of the arrays unnecessary.
Change-Id: Iafb96ac4165d0965fcb9a69f1d0a91139ea9790c
Always treat this as on and simplify the code.
This will also make it easier to move updateWatchlistTimestamp() into
the EnotifNotifyJob class to avoid query timeouts.
Change-Id: I8ceaa42cdcfe3ad00a26368be6a73052be329045
We need to centrally define our definition of a tablet device so
we can consistently serve alternative mobile and tablet versions.
As well as the two mentioned extensions in the see section, there
are also instances in Gather, Vector, Metrolook and various other
extensions that will benefit from this.
See I257b3b34536 and I97d9600c839.
Bug: T93675
Change-Id: Iefce83763da0cbd037a7ff889088b0da820220a0
None of this works and it's been long begging for a mercy kill.
All it does is waste contributor time on updating deprecations
in the dead code. I imagine we wouldn't reuse much of this
code if we're ever going to reimplement it.
Bug: T119336
Change-Id: Ibd26a4bea621857aac77823017e9be9b7dc52cca
* Give changetags and applychangetags to anyone granted the ability to edit
* Give move-categorypages along with the other move-related rights
Change-Id: Ic246c5699a21d56d2050669e7b2c89136894b805
This removes the userright 'proxyunbannable' from core, because it has
no uses. It is never checked for users with 'ipblock-exempt', yet all
usergroups with 'proxyunbannable' also have 'ipblock-exempt'.
Bug: T75414
Change-Id: I1e4f6ca439c0274af89f3280fbc519df2b68312c
Bot passwords are something like OAuth-lite, or Google's application
passwords: the bot can use API action=login to log in with the special
username and password, and will then be allowed to use the API with a
restricted set of rights.
This is intended to provide an easy migration path for legacy bots and
for bots on wikis without OAuth, since AuthManager is going to greatly
complicate non-interactive authentication. If OAuth is available, an
owner-only consumer would be a better choice.
Bug: T121113
Change-Id: Iaa4015e00edbfbfaedcc8b2d27a2d3fd25009159
Depends-On: I7e15331efb162275c4116bcae61f19d6b884cbe3
This also adds code to User to allow SessionProviders to apply the grant
restrictions without needing to hook UserGetRights.
Change-Id: Ida2b686157aab7c8240d6a7a5a5046374ef86d52
SessionManager is a general-purpose session management framework, rather
than the cookie-based sessions that PHP wants to provide us.
While fallback is provided for using $_SESSION and other PHP session
management functions, they should be avoided in favor of using
SessionManager directly.
For proof-of-concept extensions, see OAuth change Ib40b221 and
CentralAuth change I27ccabdb.
Bug: T111296
Change-Id: Ic1ffea74f3ccc8f93c8a23b795ecab6f06abca72
This allows to patrol file uploads, both new files and new file
versions, from the description page, provided $wgUseFilePatrol
is set to true. Special:NewFiles can be filtered to hide patrolled
files.
Bug: T11501
Change-Id: If71af58719a4461f12d125455b7bef07164525ca
This is similar to the main() method for index.php but also
makes use of write mode checks to more granular.
Change-Id: I40fbaef0f5eaefaf2c6d0937d49016a17da532da
For the same reasons wikiversions.cdb was converted to a PHP file -- viz., that
static arrays in PHP files get cached in HHVM's bytecode cache and are
therefore faster to use with HHVM than CDB files.
Bug: T122362
Change-Id: I5a979f047031ef211622f399df9b3b388797f53a
This prevents a malicious person from using external resources on their
website to cause the victim's web browser to load
Special:MyPage -> User:Username, and then looking it up in the page hit
statistics in order to correlate IPs from the malicious person's server
log, with usernames on wiki.
This feature can be disabled with $wgHideIdentifiableRedirects.
Bug: T109724
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
Change-Id: Ia0e742dc92c77af4832174dfa24c6dcaa6ee80e9
It turns out that people click the checkbox affirming that they are
they author of the file and that they release it under CC BY-SA even
when neither of those is true. So we're trying some interfaces that
require a modicum of thought rather than just a click on "I agree".
Option 1: The form we have right now, with a single checkbox.
Option 2: Four checkboxes, each with a label explaining one facet of
the requirements (own work; no pictures of copyrighted work;
educational/useful; irrevocably released as CC BY-SA).
Option 3: Some Yes/No questions structured so that 'Yes' is not
always the right answer to continue uploading.
Option 4: Longer introduction before a single checkbox (as in option
1), with examples of good and unacceptable content.
As only logged in users are able to upload files, we're able to bucket
them into four groups by user ID number. When the user completes a
file upload, the bucket number is saved server-side in a change tag by
the companion patch I90cb12c505b2581f36113ec6b4f7bf732f0971b7 (we could
match the user IDs cross-wiki by username, but that sounds painful).
For testing and debugging, add '?uploadbucket=N' to the URL to force
given interface option to appear. Any completed upload won't count
towards the bucket.
Note that for expediency, the tested options all assume uploads to
'shared' repository (that is, Wikimedia Commons). The winner's
messages will be tweaked to work with 'local' and other targets too.
This patch DOES NOT ENABLE THE TEST yet, it just implements the options.
Enabling it on specific wikis can be done via config:
* $wgForeignUploadTestEnabled = true/false (defaults to 'false')
Whether the test is running.
* $wgForeignUploadTestDefault = 1/2/3/4 (defaults to '1')
Interface to use when the test is not running (and for anons).
Bug: T120867
Bug: T121021
Change-Id: I557056b867c6a55ef2c9af321eb48893312632a3
