Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Current configuration on the wiki
129206 commits 1 branch 0 tags 744 MiB
PHP 82.2%
JavaScript 15.7%
Less 1.1%
CSS 0.7%
Vue 0.1%
Find a file
Dreamy Jazz f7c717b09a SECURITY: Don't send suppressed recent changes to RCFeeds 
CVE-2025-61643

Why:
* Some RecentChange objects being processed by
  RecentChangeRCFeedNotifier::notifyRCFeeds can be already
  deleted / suppressed
** This can happen for log entries which are deleted or suppressed
   when they are created such as described by T280413
* RecentChanges feeds are often not equipped to handle appropriate
  redaction of deleted or suppressed recent change entries
** Therefore, sending them suppressed recentchanges entries will
   likely publicly expose the suppressed information
* As a short-term fix we can stop sending any defined RCFeed
  instances RecentChange objects which are suppressed
** We may want to consider making RCFeeds capable of suppressing
   information before publishing the data, but that would need a
   more considered approach.

What:
* Update RecentChangeRCFeedNotifier::notifyRCFeeds to return early
  if the rc_deleted attribute on the provided RecentChange object
  isn't zero (0 means not deleted).
* Add a PHPUnit test to check for this

Bug: T403757
Change-Id: Ic5e553bab8e82e7faee323a46ed6704043c5163b
2025-10-02 19:38:49 +00:00
.phan structure tests: allow PHP 8.1 syntax and autoload enums 2025-06-18 10:55:15 +01:00
cache In .htaccess deny files, use "Satisfy All" 2025-04-04 13:17:15 +00:00
docs config: Change Reauthenticate Time Default 2025-08-20 21:56:57 +00:00
extensions Update git submodules 2025-09-30 06:48:10 +00:00
images
includes SECURITY: Don't send suppressed recent changes to RCFeeds 2025-10-02 19:38:49 +00:00
languages COPYING: Do not reference old FSF postal address 2025-10-02 09:32:10 +00:00
maintenance Regenerate patch-drop-page_restrictions-pr_user.sql for SQLite 2025-09-29 22:19:19 +00:00
mw-config installer: Fix class name in example override 2025-01-25 15:07:10 +00:00
resources SECURITY: Parse messages instead of inserting them as HTML 2025-10-02 19:21:42 +00:00
skins Update git submodules 2025-09-30 06:49:52 +00:00
tests SECURITY: Sanitize data- attributes 2025-10-02 19:21:42 +00:00
vendor@d9b7761127 Update git submodules 2025-09-29 16:26:13 +00:00
.dockerignore
.editorconfig Fix .editorconfig for tests/parser/ directory 2024-02-27 17:35:16 +01:00
.eslintignore SimpleParsoidOutputStash: add serialization test cases 2025-09-09 14:26:59 +00:00
.eslintrc.json
.fresnel.yml
.git-blame-ignore-revs Add .git-blame-ignore-revs 2024-06-02 23:03:04 +02:00
.gitattributes
.gitignore Branch commit for REL1_43 2024-10-22 12:47:33 -04:00
.gitmessage
.gitmodules Branch commit for REL1_43 2024-10-22 12:47:33 -04:00
.gitreview
.mailmap build: De-duplicate two recent CREDITS additions via mailmap 2024-09-11 10:02:02 -07:00
.phpcs.xml build: Use inline ignore for MediaWiki.Usage.DeprecatedGlobalVariables 2024-09-26 18:15:32 +00:00
.stylelintrc.json
.svgo.config.js
.vsls.json
api.php
autoload.php Make Content JsonCodecable 2025-09-05 16:12:09 -04:00
CODE_OF_CONDUCT.md
composer.json Upgrading wikimedia/parsoid (v0.20.3 => v0.20.4) 2025-09-29 16:47:11 +00:00
composer.local.json-sample
COPYING COPYING: Do not reference old FSF postal address 2025-10-02 09:32:10 +00:00
CREDITS build: De-duplicate two recent CREDITS additions via mailmap 2024-09-11 10:02:02 -07:00
DEVELOPERS.md Codex: Allow a local development version to be used 2024-08-22 17:20:24 -07:00
docker-compose.yml dev(docker): Bump mediawiki-web container to dev/bookworm-apache2:1.0.1 2025-01-07 17:02:36 +00:00
FAQ
Gruntfile.js Merge "codex: Provide i18n function and messages" 2024-07-03 07:06:47 +00:00
HISTORY HISTORY: Add point releases 2024-10-01 02:21:50 +01:00
img_auth.php filerepo: extract AuthenticatedFileEntryPoint from img_auth.php 2024-05-16 13:22:00 +02:00
index.php
INSTALL INSTALL: Document requirement for bcmath/gmp on 32-bit systems 2025-04-18 15:57:48 +00:00
jsdoc.json Update jsdoc-wmf-theme from 1.0.1 to 1.1.0 2024-06-27 19:29:24 +00:00
load.php
opensearch_desc.php Replace direct use of $wgRestPath with wfScript() 2024-07-01 22:01:32 +00:00
package-lock.json build: Updating npm dependencies 2025-01-06 08:38:45 -05:00
package.json Merge "Update Codex from v1.13.1 to v1.14.0" 2024-10-16 17:26:41 +00:00
phpunit.xml.dist
README.md
RELEASE-NOTES-1.43 RELEASE-NOTES-1.43: Update 2025-09-30 19:54:45 +00:00
rest.php Use namespaced classes (1) 2024-06-16 20:18:23 +02:00
SECURITY
thumb.php Use namespaced classes (1) 2024-06-16 20:18:23 +02:00
thumb_handler.php Use namespaced classes (1) 2024-06-16 20:18:23 +02:00
UPGRADE UPGRADE: Update mailing list archive link 2024-04-14 21:36:52 +03:00

README.md

MediaWiki

MediaWiki is a free and open-source wiki software package written in PHP. It serves as the platform for Wikipedia and the other Wikimedia projects, used by hundreds of millions of people each month. MediaWiki is localised in over 350 languages and its reliability and robust feature set have earned it a large and vibrant community of third-party users and developers.

MediaWiki is:

  • feature-rich and extensible, both on-wiki and with hundreds of extensions;
  • scalable and suitable for both small and large sites;
  • simple to install, working on most hardware/software combinations; and
  • available in your language.

For system requirements, installation, and upgrade details, see the files RELEASE-NOTES, INSTALL, and UPGRADE.

MediaWiki is the result of global collaboration and cooperation. The CREDITS file lists technical contributors to the project. The COPYING file explains MediaWiki's copyright and license (GNU General Public License, version 2 or later). Many thanks to the Wikimedia community for testing and suggestions.