All values are now allowed for the role attribute.
* $wgContentHandlers now also supports callbacks to create an instance of the
appropriate ContentHandler subclass.
+* Added $wgAuthenticationTokenVersion, which if non-null prevents the
+ user_token database field from being exposed in cookies. Setting this would
+ be a good idea, but will log out all current sessions.
=== External library changes in 1.27 ===
// $wgLogo is probably wrong (bug 48084); set something that will work.
// Single quotes work fine here, as LocalSettingsGenerator outputs this unescaped.
'wgLogo' => '$wgResourceBasePath/resources/assets/wiki.png',
+ 'wgAuthenticationTokenVersion' => 1,
);
/**
'wgRightsText', '_MainCacheType', 'wgEnableUploads',
'_MemCachedServers', 'wgDBserver', 'wgDBuser',
'wgDBpassword', 'wgUseInstantCommons', 'wgUpgradeKey', 'wgDefaultSkin',
- 'wgMetaNamespace', 'wgLogo',
+ 'wgMetaNamespace', 'wgLogo', 'wgAuthenticationTokenVersion',
),
$db->getGlobalNames()
);
\$wgSecretKey = \"{$this->values['wgSecretKey']}\";
+# Changing this will log out all existing sessions.
+\$wgAuthenticationTokenVersion = \"{$this->values['wgAuthenticationTokenVersion']}\";
+
# Site upgrade key. Must be set to a string (default provided) to turn on the
# web installer while LocalSettings.php is in place
\$wgUpgradeKey = \"{$this->values['wgUpgradeKey']}\";
// All good
$this->setVar( '_ExistingDBSettings', true );
+ // Copy $wgAuthenticationTokenVersion too, if it exists
+ $this->setVar( 'wgAuthenticationTokenVersion',
+ isset( $vars['wgAuthenticationTokenVersion'] )
+ ? $vars['wgAuthenticationTokenVersion']
+ : null
+ );
+
return $status;
}