Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/includes
History
Brian Wolff 1c7889446d SECURITY: Disable <html> tag on system messages despite $wgRawHtml = true; 
System messages may take parameters from untrusted sources. This
may include taking parameters from urls given by unauthenticated
users even if the wiki is a read-only wiki. Allowing <html> tags
in such a context seems like an accident waiting to happen.

Bug: T156184
Change-Id: I661f482986d319cf41da1d3e7b20a0f028a42e90
2017-03-28 21:51:44 +00:00
..
actions Move ResultWrapper subclasses to Rdbms 2017-03-03 00:44:41 +00:00
api Localisation updates from https://translatewiki.net. 2017-03-27 22:56:37 +02:00
auth Demote "throttler data not found" logs to info level 2017-02-17 00:59:07 +00:00
cache SECURITY: Disable <html> tag on system messages despite $wgRawHtml = true; 2017-03-28 21:51:44 +00:00
changes RCFilters: Prevent duplicate filter names 2017-03-16 07:19:40 +00:00
changetags Add parameter to API modules to apply change tags to log entries 2017-01-12 16:30:17 -06:00
clientpool
collation Clean up remaining get_class() uses 2017-03-07 22:03:47 +00:00
compat Follow-up a57b64436c: Correct @deprecated version 2017-02-28 21:31:49 -08:00
composer
config
content Merge "Miscellaneous indentation tweaks" 2017-02-28 18:38:36 +00:00
context Replace deprecated Context::getStats() with MWServices::getStatsdDataFactory() 2017-03-17 12:07:03 +01:00
dao Move remaining LoadBalancer classes to Rdbms 2017-02-23 20:38:31 -08:00
db Move ResultWrapper subclasses to Rdbms 2017-03-03 00:44:41 +00:00
debug Miscellaneous indentation tweaks 2017-02-27 19:23:54 +01:00
deferred Replace deprecated Context::getStats() with MWServices::getStatsdDataFactory() 2017-03-17 12:07:03 +01:00
diff Replace deprecated Context::getStats() with MWServices::getStatsdDataFactory() 2017-03-17 12:07:03 +01:00
exception Clean up remaining get_class() uses 2017-03-07 22:03:47 +00:00
export Merge "Handle missing namespace prefix in XML dumps more gracefully" 2017-03-08 05:07:57 +00:00
externalstore Move remaining LoadBalancer classes to Rdbms 2017-02-23 20:38:31 -08:00
filebackend Replace some of the deprecated wfGetLBFactory() calls 2017-02-07 14:41:09 +01:00
filerepo Replace deprecated Context::getStats() with MWServices::getStatsdDataFactory() 2017-03-17 12:07:03 +01:00
gallery Merge "Add showThumbnails option to slideshow galleries" 2017-01-02 07:06:52 +00:00
htmlform Update account creation form validation 2017-03-16 15:42:06 +00:00
http MWHttpRequest: optionally add original request data 2017-03-27 19:20:52 +00:00
import Add @since tags to WikiRevision 2017-03-25 00:53:09 +00:00
installer Localisation updates from https://translatewiki.net. 2017-03-28 21:58:48 +02:00
interwiki Cleanup some incorrect return annotations 2016-12-12 10:15:05 -08:00
jobqueue Replace deprecated Context::getStats() with MWServices::getStatsdDataFactory() 2017-03-17 12:07:03 +01:00
json Code style: no space after unary minus operator 2017-01-05 14:38:32 +01:00
libs resourceloader: Optimise getMimeType() for common case 2017-03-24 20:23:11 -07:00
linker
logging Merge "includes: Replace implicit Bugzilla bug numbers with Phab ones" 2017-02-28 00:51:57 +00:00
mail Merge "Miscellaneous indentation tweaks" 2017-02-28 18:38:36 +00:00
media Clean up remaining get_class() uses 2017-03-07 22:03:47 +00:00
objectcache Fix mistake in ObjectCache doc 2017-03-10 13:12:43 +03:30
page Stop declaring ImageHistoryPseudoPager props dynamically 2017-03-22 15:19:42 +00:00
pager Clean up remaining get_class() uses 2017-03-07 22:03:47 +00:00
parser SECURITY: Disable <html> tag on system messages despite $wgRawHtml = true; 2017-03-28 21:51:44 +00:00
password Decrease the number of 'function says it should return something' errors 2016-12-15 16:05:52 -08:00
poolcounter includes: Replace implicit Bugzilla bug numbers with Phab ones 2017-02-21 18:13:24 +00:00
profiler Replace deprecated Context::getStats() with MWServices::getStatsdDataFactory() 2017-03-17 12:07:03 +01:00
rcfeed rcfeed: Ensure formatter (and other params) is passed to RCFeedEngine 2017-02-04 03:31:44 +00:00
registration Miscellaneous indentation tweaks 2017-02-27 19:23:54 +01:00
resourceloader Merge "ResourceLoaderImage: Point to the right skin when generating URL" 2017-03-23 18:40:30 +00:00
revisiondelete Move ResultWrapper subclasses to Rdbms 2017-03-03 00:44:41 +00:00
search Allow fields to define their own merge strategy via callback. 2017-03-07 10:36:53 -08:00
services
session Clean up remaining get_class() uses 2017-03-07 22:03:47 +00:00
site Add maintenance script to add sites to sites table 2017-02-26 16:30:13 +00:00
skins Skin: Only load jquery.makeCollapsible if needed 2017-03-08 20:25:59 +00:00
specialpage hidemyself/hidebyothers: Use rc_user_text since there is an index 2017-03-28 15:40:56 -04:00
specials Merge "SpecialAllMessages: Remove unused variable langcode" 2017-03-23 23:37:43 +00:00
templates
tidy RemexCompatMunger: fix a couple of memory leaks 2017-03-23 02:32:52 +00:00
title Merge "Handle missing namespace prefix in XML dumps more gracefully" 2017-03-08 05:07:57 +00:00
upload Fix log msg param in UploadFromUrl::saveTempFileChunk 2017-03-22 10:39:46 +00:00
user Decode '0'-valued user options to integer 0 2017-03-23 11:26:42 -04:00
utils Use tabs for autoloader extension.json generation 2017-03-02 23:18:50 +00:00
widget mw.widgets.SearchInputWidget: Do not pass type: 'search' to TextInputWidget 2017-03-14 21:44:42 +00:00
.htaccess
AjaxDispatcher.php Replace some of the deprecated wfGetLBFactory() calls 2017-02-07 14:41:09 +01:00
AjaxResponse.php
AuthPlugin.php Cleanup static analysis errors 2016-12-06 16:10:38 -08:00
AutoLoader.php
Autopromote.php
Block.php Remove the localStorage replication of the block cookie 2017-03-17 11:58:48 -07:00
Category.php includes: Replace implicit Bugzilla bug numbers with Phab ones 2017-02-21 18:13:24 +00:00
CategoryFinder.php Remove empty lines from PHP and JavaScript comment blocks 2016-12-09 09:01:06 +00:00
CategoryViewer.php Replaced all deprecated Linker methods with proper ones in core(1) 2017-01-20 11:46:13 +02:00
DefaultSettings.php Bugzilla -> Phab task number in $wgUrlProtocols phpdoc 2017-03-22 10:02:55 +00:00
Defines.php Use wikimedia/timestamp 2017-02-28 21:15:38 -08:00
DeprecatedGlobal.php
DerivativeRequest.php Remove WebRequest::checkSessionCookie() method as being deprecated 2016-12-31 17:37:04 +00:00
DummyLinker.php Removed deprecated Linker functions 2017-01-07 15:33:33 +00:00
EditPage.php EditPage: Minor code style improvements 2017-03-25 17:24:16 +01:00
EventRelayerGroup.php
FauxRequest.php
Feed.php
FeedUtils.php Merge "includes: Replace implicit Bugzilla bug numbers with Phab ones" 2017-02-28 00:51:57 +00:00
FileDeleteForm.php Replace some of the deprecated wfGetLBFactory() calls 2017-02-07 14:41:09 +01:00
ForkController.php
FormOptions.php
GitInfo.php Cleanup some incorrect return annotations 2016-12-12 10:15:05 -08:00
GlobalFunctions.php Miscellaneous indentation tweaks 2017-02-27 19:23:54 +01:00
HeaderCallback.php Log a backtrace from the culprit location if headers were already sent 2017-02-23 14:10:12 +11:00
HistoryBlob.php includes: Replace implicit Bugzilla bug numbers with Phab ones 2017-02-21 18:13:24 +00:00
Hooks.php Cleanup after Iba0138a6 2017-01-03 14:58:06 -05:00
Html.php Improve Html/Xml element generation docs 2017-03-01 16:13:29 -08:00
HtmlFormatter.php
Licenses.php
limit.sh
Linker.php Merge "includes: Replace implicit Bugzilla bug numbers with Phab ones" 2017-02-28 00:51:57 +00:00
LinkFilter.php Move LikeMatch to Rdbms namespace 2017-02-06 21:20:39 -08:00
ListToggle.php
MagicWord.php Merge "Miscellaneous indentation tweaks" 2017-02-28 18:38:36 +00:00
MagicWordArray.php
MediaWiki.php includes: Replace implicit Bugzilla bug numbers with Phab ones 2017-02-21 18:13:24 +00:00
MediaWikiServices.php Move remaining LoadBalancer classes to Rdbms 2017-02-23 20:38:31 -08:00
MediaWikiVersionFetcher.php
MergeHistory.php Use wikimedia/timestamp 2017-02-28 21:15:38 -08:00
Message.php More properly fix error message 2016-12-16 09:34:43 -05:00
MimeMagic.php
MovePage.php includes: Replace implicit Bugzilla bug numbers with Phab ones 2017-02-21 18:13:24 +00:00
MWGrants.php Replaced all deprecated Linker methods with proper ones in core(1) 2017-01-20 11:46:13 +02:00
MWNamespace.php Remove empty lines from PHP and JavaScript comment blocks 2016-12-09 09:01:06 +00:00
MWTimestamp.php Use wikimedia/timestamp 2017-02-28 21:15:38 -08:00
NoLocalSettings.php includes: Replace implicit Bugzilla bug numbers with Phab ones 2017-02-21 18:13:24 +00:00
OutputHandler.php
OutputPage.php SECURITY: Disable <html> tag on system messages despite $wgRawHtml = true; 2017-03-28 21:51:44 +00:00
PageProps.php Remove empty lines from PHP and JavaScript comment blocks 2016-12-09 09:01:06 +00:00
PathRouter.php Cleanup some incorrect return annotations 2016-12-12 10:15:05 -08:00
PHPVersionCheck.php Miscellaneous indentation tweaks 2017-02-27 19:23:54 +01:00
Pingback.php
Preferences.php includes: Replace implicit Bugzilla bug numbers with Phab ones 2017-02-21 18:13:24 +00:00
PrefixSearch.php includes: Replace implicit Bugzilla bug numbers with Phab ones 2017-02-21 18:13:24 +00:00
ProtectionForm.php Merge "Revert "Added reason suggestion in block/delete/protect forms"" 2017-01-21 19:47:27 +00:00
ProxyLookup.php
Revision.php Fix undefined ExternalStore::decompressRevisionText 2017-03-22 11:16:43 +00:00
RevisionList.php Move ResultWrapper subclasses to Rdbms 2017-03-03 00:44:41 +00:00
Sanitizer.php Merge "Miscellaneous indentation tweaks" 2017-02-28 18:38:36 +00:00
ServiceWiring.php Use FileBaseSiteLookup if $wgSitesCacheFile is set. 2016-12-20 20:53:32 +00:00
Setup.php Avoid breaking wikis that were modifying $wgDummyLanguageCodes 2017-03-09 01:15:58 +00:00
SiteConfiguration.php Cleanup some incorrect return annotations 2016-12-12 10:15:05 -08:00
SiteStats.php Make user_groups queries honor $wgDisableUserGroupExpiry 2017-01-31 01:21:47 +11:00
Status.php
StreamFile.php
StubObject.php
TemplateParser.php rv accidental inclusion of debug code in TemplateParser 2017-03-15 04:53:39 +00:00
TemplatesOnThisPageFormatter.php
Title.php Merge "Change Title::getPreviousRevisionID (and next) to ignore PRIMARY" 2017-03-28 15:09:28 +00:00
TitleArray.php Move ResultWrapper subclasses to Rdbms 2017-03-03 00:44:41 +00:00
TitleArrayFromResult.php Move ResultWrapper subclasses to Rdbms 2017-03-03 00:44:41 +00:00
TrackingCategories.php Add a tracking category when a template loop is detected 2017-03-17 11:52:38 +00:00
WatchedItem.php
WatchedItemQueryService.php Merge "includes: Replace implicit Bugzilla bug numbers with Phab ones" 2017-02-28 00:51:57 +00:00
WatchedItemQueryServiceExtension.php Move ResultWrapper subclasses to Rdbms 2017-03-03 00:44:41 +00:00
WatchedItemStore.php Add missing @group Database tags in tests 2017-03-18 19:13:18 -04:00
WebRequest.php includes: Replace implicit Bugzilla bug numbers with Phab ones 2017-02-21 18:13:24 +00:00
WebRequestUpload.php
WebResponse.php Log a backtrace from the culprit location if headers were already sent 2017-02-23 14:10:12 +11:00
WebStart.php Merge "includes: Replace implicit Bugzilla bug numbers with Phab ones" 2017-02-28 00:51:57 +00:00
WikiMap.php Cleanup some incorrect return annotations 2016-12-12 10:15:05 -08:00
Xml.php Xml: Add test for listDropDown and remove unused getArrayFromWikiTextList 2017-03-20 22:47:19 +00:00
XmlSelect.php