River Tarnell [Mon, 18 Oct 2004 00:15:30 +0000 (00:15 +0000)]
security_fix
Brion Vibber [Sun, 17 Oct 2004 21:59:36 +0000 (21:59 +0000)]
1.2 to 1.3 updater script from wikipedia. Not exactly useful still. :D
Brion Vibber [Sun, 17 Oct 2004 21:38:47 +0000 (21:38 +0000)]
Interactive scripts are a pain in the butt, and have bad interactions
with output buffering. If no option is given on the command line, just
print a help message instead of the ill-fated prompt.
Also now accepts --update and --rebuild in standard GNU long option style.
Brion Vibber [Sun, 17 Oct 2004 08:32:27 +0000 (08:32 +0000)]
Bug 732: Typo in config/index.php
Brion Vibber [Sun, 17 Oct 2004 07:33:03 +0000 (07:33 +0000)]
Add test for links with double-escaped hex codes (raw hex codes in titles are now illegal as they don't survive round-trip conversion and thus are inaccessible)
Tim Starling [Sun, 17 Oct 2004 01:46:18 +0000 (01:46 +0000)]
ang
Tim Starling [Sun, 17 Oct 2004 01:41:12 +0000 (01:41 +0000)]
Gothic
Brion Vibber [Sat, 16 Oct 2004 07:15:18 +0000 (07:15 +0000)]
Reject titles with %XX hex codes (since these have special meaning in URL links and are interpreted for this purpose, breaking things if they're used literally)
Brion Vibber [Sat, 16 Oct 2004 02:36:51 +0000 (02:36 +0000)]
Work around weird vanishing form data problem (bugs.php.net/bug.php?id=22427 )
Emmanuel Engelhart [Fri, 15 Oct 2004 22:15:11 +0000 (22:15 +0000)]
+ "/Mozilla\/4\.78 \[en\] \(X11; U; Linux/" to the browser black list
array
Wil Mahan [Fri, 15 Oct 2004 17:50:08 +0000 (17:50 +0000)]
Add tests for links inside section headings and
<nowiki> inside links, and explicitly set the title
for some tests now that Skin.php used by the parser
has been corrected to longer use the $wgTitle global.
Wil Mahan [Fri, 15 Oct 2004 17:46:42 +0000 (17:46 +0000)]
Now it is no longer necessary to create an OutputPage
object, because Parser replaces link placeholders.
This also means that tidy happens automatically
on the parser output if $wgUseTidy = true.
Wil Mahan [Fri, 15 Oct 2004 17:39:10 +0000 (17:39 +0000)]
Move replaceLinkHolders() from OutputPage to Parser, because
it needs to happen before unstripNoWiki() and before tidy.
This also makes the parser more self-contained, so there is
no need to create an OutputPage object for the parser
tester.
Call unstripNoWiki() before creating a Title object
for an internal link; this fixes <nowiki> inside of
a link target. Need to make sure this does not degrade
performance.
Wil Mahan [Fri, 15 Oct 2004 17:33:51 +0000 (17:33 +0000)]
Change editSectionLink() and editSectionScript() to take a
title object instead of using a global; we want to keep
$wgTitle and $wgUser out of the parser
Domas Mituzas [Fri, 15 Oct 2004 09:57:23 +0000 (09:57 +0000)]
disable client cache for 'you have new messages'
River Tarnell [Thu, 14 Oct 2004 09:26:51 +0000 (09:26 +0000)]
don't double escape
River Tarnell [Thu, 14 Oct 2004 09:18:36 +0000 (09:18 +0000)]
restore accidentally broken functionality
River Tarnell [Thu, 14 Oct 2004 08:58:47 +0000 (08:58 +0000)]
fix xss attack
Brion Vibber [Thu, 14 Oct 2004 08:38:06 +0000 (08:38 +0000)]
Validate input
Brion Vibber [Thu, 14 Oct 2004 07:49:22 +0000 (07:49 +0000)]
url-encode the url
Brion Vibber [Thu, 14 Oct 2004 07:33:22 +0000 (07:33 +0000)]
xhtml fix
Brion Vibber [Thu, 14 Oct 2004 07:32:20 +0000 (07:32 +0000)]
XHTML fix
River Tarnell [Thu, 14 Oct 2004 07:29:38 +0000 (07:29 +0000)]
fix xss attack if wgRawHtml is enabled
Brion Vibber [Thu, 14 Oct 2004 07:29:12 +0000 (07:29 +0000)]
XHTML fix, handle bad target more gracefully
Brion Vibber [Thu, 14 Oct 2004 06:52:42 +0000 (06:52 +0000)]
escape html output
Brion Vibber [Thu, 14 Oct 2004 06:38:12 +0000 (06:38 +0000)]
Never used; just a TODO note
Brion Vibber [Thu, 14 Oct 2004 06:21:33 +0000 (06:21 +0000)]
Escape HTMl output
Brion Vibber [Thu, 14 Oct 2004 05:53:30 +0000 (05:53 +0000)]
Fix XHTML tags
Brion Vibber [Thu, 14 Oct 2004 05:30:30 +0000 (05:30 +0000)]
Escape HTML output
Brion Vibber [Thu, 14 Oct 2004 05:14:45 +0000 (05:14 +0000)]
Escape input on a few error messages
River Tarnell [Thu, 14 Oct 2004 05:08:33 +0000 (05:08 +0000)]
fix xss attack
Brion Vibber [Thu, 14 Oct 2004 04:55:57 +0000 (04:55 +0000)]
Never used; just had a todo message.
Brion Vibber [Thu, 14 Oct 2004 04:55:06 +0000 (04:55 +0000)]
spaces to tabs
River Tarnell [Thu, 14 Oct 2004 04:50:14 +0000 (04:50 +0000)]
fix potential xss attack
Brion Vibber [Thu, 14 Oct 2004 04:40:58 +0000 (04:40 +0000)]
Fix potential HTML breakage if removechecked message were to include an apostrophe
Zheng Zhu [Thu, 14 Oct 2004 04:40:57 +0000 (04:40 +0000)]
Changed the second Chinese character for Traditional Chinese to what it should be, Traditional;)
River Tarnell [Thu, 14 Oct 2004 04:15:29 +0000 (04:15 +0000)]
fix xss attack
River Tarnell [Thu, 14 Oct 2004 03:50:14 +0000 (03:50 +0000)]
fix xss attack
River Tarnell [Thu, 14 Oct 2004 02:56:02 +0000 (02:56 +0000)]
fix two xss attacks and one path validation attack
Brion Vibber [Thu, 14 Oct 2004 02:13:12 +0000 (02:13 +0000)]
Clean up a few scriptlets
River Tarnell [Wed, 13 Oct 2004 21:38:50 +0000 (21:38 +0000)]
fix xss attack
Jens Frank [Wed, 13 Oct 2004 21:30:18 +0000 (21:30 +0000)]
Fix SQL injection bug
Jens Frank [Wed, 13 Oct 2004 21:07:08 +0000 (21:07 +0000)]
Fix cross site scripting bug
Brion Vibber [Wed, 13 Oct 2004 20:02:32 +0000 (20:02 +0000)]
(bug 704) remove misleading LocalSettings.sample
Jens Frank [Wed, 13 Oct 2004 20:02:10 +0000 (20:02 +0000)]
Fix cross site scripting bug
Brion Vibber [Wed, 13 Oct 2004 07:38:43 +0000 (07:38 +0000)]
Pull the actual series of updater calls into do_all_updaters(), add
the necessary require_all's to updaters.inc, and add a command-line
update.php which runs them without having to pull things out and
run the web installer.
Brion Vibber [Wed, 13 Oct 2004 07:31:52 +0000 (07:31 +0000)]
patch from tom
Bug 697: Several XHTML errors on Special:Preferences
Wil Mahan [Wed, 13 Oct 2004 06:09:01 +0000 (06:09 +0000)]
A pair of tests for self links
Wil Mahan [Wed, 13 Oct 2004 04:30:19 +0000 (04:30 +0000)]
When checking for self links, use Title::getFragment() rather
than searching for '#', so that self-links escaped with
character entities are handled correctly. Related to
bug 337.
Jens Frank [Tue, 12 Oct 2004 10:57:27 +0000 (10:57 +0000)]
BUG#178 Allow center/right/left/etc image options even if
$wgUseImageResize is set to false. Changing width or computing thumbs still depends on $wgUseImageResize.
Jens Frank [Tue, 12 Oct 2004 10:07:31 +0000 (10:07 +0000)]
Catch error 2000, too. Some mysql servers return 2000 instead of 1045
Wil Mahan [Tue, 12 Oct 2004 00:17:13 +0000 (00:17 +0000)]
Add the new "longdesc" attribute to all image tests, and
fix a test that is currently broken (in a right-aligned
image with no caption, the title/alt text should not
be "right").
Wil Mahan [Tue, 12 Oct 2004 00:12:06 +0000 (00:12 +0000)]
Add "longdesc" attribute to all (non-external) images, containing
the URL of the image page.
Evan Prodromou [Mon, 11 Oct 2004 22:59:29 +0000 (22:59 +0000)]
Briefly document the $wgLocaltimezone variable.
Wil Mahan [Mon, 11 Oct 2004 22:13:02 +0000 (22:13 +0000)]
Test case for disallowed character in an external link
Wil Mahan [Mon, 11 Oct 2004 22:10:14 +0000 (22:10 +0000)]
Also add " to disallowed URI characters, per RFC 2396, fixing
some more test cases.
Wil Mahan [Mon, 11 Oct 2004 21:55:35 +0000 (21:55 +0000)]
Pass the -a option to diff in case there are tests with
non-text characters; set wgMaxTocLevel global; use
.PHONY target in Makefile in case someone happens
to have a file named 'test' or similar in the
maintenance/ directory.
Brion Vibber [Mon, 11 Oct 2004 21:47:31 +0000 (21:47 +0000)]
Update tests for 289:
* fix the expected output to match actual behavior with caught invalid chars
* add cases with double-quote (")
Brion Vibber [Mon, 11 Oct 2004 21:23:39 +0000 (21:23 +0000)]
$wgBrowserBlackList must be an array, not a string. Also, the previous value would have matched virtually all browsers other than Mozilla.
Jens Frank [Mon, 11 Oct 2004 20:03:24 +0000 (20:03 +0000)]
BUG#187, BUG#669 Fix centered images. span apparently didn't work properly
Wil Mahan [Mon, 11 Oct 2004 19:17:34 +0000 (19:17 +0000)]
Use the new wfRandom() function for setting cur_random
Wil Mahan [Mon, 11 Oct 2004 19:15:24 +0000 (19:15 +0000)]
Oops, invalid chars in bracketed external links should
be added to the link description, not the trail.
Jens Frank [Mon, 11 Oct 2004 19:02:56 +0000 (19:02 +0000)]
Fix bounding box feature of thumbnails (e.g. |200x200px|)
Wil Mahan [Mon, 11 Oct 2004 18:54:35 +0000 (18:54 +0000)]
Re-exclude '<' and '>' from external links, since brion pointed
out cases where it matters. We don't need to exclude them from
external link text, to allow for e.g. bold text in the link
description.
Emmanuel Engelhart [Mon, 11 Oct 2004 18:38:32 +0000 (18:38 +0000)]
+ better browser black list example
Emmanuel Engelhart [Mon, 11 Oct 2004 18:36:01 +0000 (18:36 +0000)]
$wgBrowserBlackList = "/Mozilla\/4./";
Brion Vibber [Mon, 11 Oct 2004 18:33:30 +0000 (18:33 +0000)]
Bug 686: broken linktrail in Catalan
Brion Vibber [Mon, 11 Oct 2004 18:12:14 +0000 (18:12 +0000)]
Add more test cases for bug 289
Wil Mahan [Mon, 11 Oct 2004 17:34:39 +0000 (17:34 +0000)]
Bug 589: make random selection slightly more random. PHP's
mt_rand() function has a maximum value of 2^31-1, which
is small enough that duplicate values can occur due to the
Birthday paradox, e.g. on the English Wikipedia. To fix
this, add a wfRandom() function that calls mt_rand()
twice to get the desired amount of randomness.
Wil Mahan [Mon, 11 Oct 2004 16:57:49 +0000 (16:57 +0000)]
Detect and disallow > and < within external links.
Fixes bug 289.
Wil Mahan [Mon, 11 Oct 2004 16:16:27 +0000 (16:16 +0000)]
Prevent double-escaping of '<' and '>' in external links;
allow them in free external links again, at least until there
is a consistent way of handling them. Convert some spaces to
tabs from zhengzhu's last commit.
Emmanuel Engelhart [Mon, 11 Oct 2004 16:13:53 +0000 (16:13 +0000)]
+ comment about the browser blacklist array
Emmanuel Engelhart [Mon, 11 Oct 2004 16:10:47 +0000 (16:10 +0000)]
+ explicit example for the browser black list.
River Tarnell [Mon, 11 Oct 2004 11:09:18 +0000 (11:09 +0000)]
don't show redirects in categories
Brion Vibber [Mon, 11 Oct 2004 07:44:37 +0000 (07:44 +0000)]
If wiki has the old non-unique indexes on cur, check for duplicate cur entries and remove the extras.
Brion Vibber [Mon, 11 Oct 2004 07:43:44 +0000 (07:43 +0000)]
Obsolete and probably dangerous old script. Removed from 1.3 branch long ago, forgot to get it here.
Brion Vibber [Mon, 11 Oct 2004 06:38:42 +0000 (06:38 +0000)]
add missing autoConvert wrapper
Domas Mituzas [Mon, 11 Oct 2004 04:13:43 +0000 (04:13 +0000)]
fix from live site, set->add for "loading".
Erik Moeller [Mon, 11 Oct 2004 04:10:41 +0000 (04:10 +0000)]
bugfix: check for existence of PRIMARY key in addition to UNIQUE key, as
MySQL returns "PRIMARY" as key_name. This caused uploads to fail with a
"patch required" message in HEAD even if the schema was up to date.
Erik Moeller [Mon, 11 Oct 2004 03:28:18 +0000 (03:28 +0000)]
this seems to have sneaked into HEAD somehow, belongs in SCHEMA_WORK only
Zheng Zhu [Mon, 11 Oct 2004 03:05:48 +0000 (03:05 +0000)]
update doc
Zheng Zhu [Mon, 11 Oct 2004 02:46:31 +0000 (02:46 +0000)]
Adding the interface language to the page rendering hash; also fixed some formatting errors from my previous commits.
Zheng Zhu [Mon, 11 Oct 2004 02:15:55 +0000 (02:15 +0000)]
For content language, removed language code suffix from the message keys in the mediawiki: namespace. This way languages that do not support multiple variants will see no change in the way the namespace works.
Evan Prodromou [Sun, 10 Oct 2004 23:28:45 +0000 (23:28 +0000)]
Updated the checktrans.php script to be a little more modern and to
WFM. Removed the two variations on the theme, since they don't work.
Might as well have just one broken script instead of three.
Brion Vibber [Sun, 10 Oct 2004 22:56:23 +0000 (22:56 +0000)]
When deleting images / old image revisions, don't fail out if the file
doesn't exist or the oi_archive_name field is empty. Treat it gracefully
and continue deleting the database records.
Bug 484: image deletion causes an internal error
Brion Vibber [Sun, 10 Oct 2004 22:40:58 +0000 (22:40 +0000)]
Fix brainfart that broke options on insertArray()
Emmanuel Engelhart [Sun, 10 Oct 2004 21:30:17 +0000 (21:30 +0000)]
+ checkUnicodeCompliantBrowser() and code to show if necessary a warning message
Emmanuel Engelhart [Sun, 10 Oct 2004 21:27:15 +0000 (21:27 +0000)]
+ nonunicodebrowser message
Emmanuel Engelhart [Sun, 10 Oct 2004 21:25:42 +0000 (21:25 +0000)]
+ $wgBrowserBlackList
Brion Vibber [Sun, 10 Oct 2004 13:41:09 +0000 (13:41 +0000)]
fix bug 439: protected pages should not display a "move" link.
Brion Vibber [Sun, 10 Oct 2004 13:17:56 +0000 (13:17 +0000)]
fix for bug 433: Title attribute on undelete button wrong
Brion Vibber [Sun, 10 Oct 2004 13:05:04 +0000 (13:05 +0000)]
Test case for bug 289
Brion Vibber [Sun, 10 Oct 2004 09:44:00 +0000 (09:44 +0000)]
fix for bug 149: Special:Recentchanges: Link that adds &from= to URL discards &limit= and vice-versa
Brion Vibber [Sun, 10 Oct 2004 08:36:59 +0000 (08:36 +0000)]
Disable message cache transforms on install (bug 296)
Brion Vibber [Sun, 10 Oct 2004 04:30:01 +0000 (04:30 +0000)]
'fromwikipedia' has been renamed to 'tagline'
Brion Vibber [Sat, 9 Oct 2004 21:55:28 +0000 (21:55 +0000)]
Fix for last checkin on Squid and for the generated data
Brion Vibber [Sat, 9 Oct 2004 21:24:52 +0000 (21:24 +0000)]
More paranoia checks for Internet Explorer
Brion Vibber [Sat, 9 Oct 2004 08:41:55 +0000 (08:41 +0000)]
Adjust spacing, and fix the disclaimer link again so it's separated from the printable link
Brion Vibber [Sat, 9 Oct 2004 08:34:52 +0000 (08:34 +0000)]
Re-tabification
Brion Vibber [Sat, 9 Oct 2004 08:08:26 +0000 (08:08 +0000)]
Load form C data on demand; if we are dealing in all-ASCII text we can save some memory and time by not loading it.