From: Tim Starling Date: Fri, 10 Dec 2010 03:02:03 +0000 (+0000) Subject: * Hide the "back" buttons on the completion pages, they are potentially confusing... X-Git-Tag: 1.31.0-rc.0~33403 X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/membres/fiche.php?a=commitdiff_plain;h=e253adc4dcba37724bb26c9e3a9266b5a9b91b0f;p=lhc%2Fweb%2Fwiklou.git * Hide the "back" buttons on the completion pages, they are potentially confusing and almost useless. * Made the links to the wiki on the completion pages open in the same window, not a popup. * Do not allow the user to regenerate LocalSettings.php when $wgUpgradeKey was given and the DB settings were prefilled, since this allows a leak of $wgUpgradeKey to escalate to a leak of $wgDBpassword. It's not unreasonable to require that the user removes their old LocalSettings.php when they wish to generate a new one. * Rewrote the doc comment on $wgUpgradeKey, to discourage users from setting it to an easily guessable string, per concerns on CR r78118. --- diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 0d9d42cd92..fd8ec0575e 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -4132,7 +4132,13 @@ $wgReadOnly = null; $wgReadOnlyFile = false; /** - * Set this to a random string to allow web-based upgrades + * When you run the web-based upgrade utility, it will tell you what to set + * this to in order to authorize the upgrade process. It will subsequently be + * used as a password, to authorize further upgrades. + * + * For security, do not set this to a guessable string. Use the value supplied + * by the install/upgrade process. To cause the upgrader to generate a new key, + * delete the old key from LocalSettings.php. */ $wgUpgradeKey = false; diff --git a/includes/installer/Installer.i18n.php b/includes/installer/Installer.i18n.php index 99332c3903..7e179c84d5 100644 --- a/includes/installer/Installer.i18n.php +++ b/includes/installer/Installer.i18n.php @@ -284,6 +284,9 @@ You can now [$1 start using your wiki]. If you want to regenerate your LocalSettings.php file, click the button below. This is '''not recommended''' unless you are having problems with your wiki.", + 'config-upgrade-done-no-regenerate' => "Upgrade complete. + +You can now [$1 start using your wiki].", 'config-regenerate' => 'Regenerate LocalSettings.php →', 'config-show-table-status' => 'SHOW TABLE STATUS query failed!', 'config-unknown-collation' => "'''Warning:''' Database is using unrecognised collation.", diff --git a/includes/installer/Installer.php b/includes/installer/Installer.php index 5f91ceeb10..766b4f4842 100644 --- a/includes/installer/Installer.php +++ b/includes/installer/Installer.php @@ -324,6 +324,19 @@ abstract class Installer { return $html; } + public function getParserOptions() { + return $this->parserOptions; + } + + public function disableLinkPopups() { + $this->parserOptions->setExternalLinkTarget( false ); + } + + public function restoreLinkPopups() { + global $wgExternalLinkTarget; + $this->parserOptions->setExternalLinkTarget( $wgExternalLinkTarget ); + } + /** * TODO: document * diff --git a/includes/installer/WebInstallerPage.php b/includes/installer/WebInstallerPage.php index ff7c681f76..16fe6265ec 100644 --- a/includes/installer/WebInstallerPage.php +++ b/includes/installer/WebInstallerPage.php @@ -49,7 +49,7 @@ abstract class WebInstallerPage { ); } - public function endForm( $continue = 'continue' ) { + public function endForm( $continue = 'continue', $back = 'back' ) { $s = "
\n"; $id = $this->getId(); @@ -63,10 +63,10 @@ abstract class WebInstallerPage { array( 'name' => "enter-$continue", 'style' => 'visibility:hidden;overflow:hidden;width:1px;margin:0' ) ) . "\n"; } - if ( $id !== 0 ) { - $s .= Xml::submitButton( wfMsg( 'config-back' ), + if ( $back ) { + $s .= Xml::submitButton( wfMsg( "config-$back" ), array( - 'name' => 'submit-back', + 'name' => "submit-$back", 'tabindex' => $this->parent->nextTabIndex() ) ) . "\n"; } @@ -172,7 +172,7 @@ class WebInstaller_Language extends WebInstallerPage { $this->getLanguageSelector( 'UserLang', 'config-your-language', $userLang, $this->parent->getHelpBox( 'config-your-language-help' ) ) . $this->getLanguageSelector( 'ContLang', 'config-wiki-language', $contLang, $this->parent->getHelpBox( 'config-wiki-language-help' ) ); $this->addHTML( $s ); - $this->endForm(); + $this->endForm( 'continue', false ); } /** @@ -435,7 +435,10 @@ class WebInstaller_Upgrade extends WebInstallerPage { public function execute() { if ( $this->getVar( '_UpgradeDone' ) ) { - if ( $this->parent->request->wasPosted() ) { + // Allow regeneration of LocalSettings.php, unless we are working + // from a pre-existing LocalSettings.php file and we want to avoid + // leaking its contents + if ( $this->parent->request->wasPosted() && !$this->getVar( '_ExistingDBSettings' ) ) { // Done message acknowledged return 'continue'; } else { @@ -483,16 +486,24 @@ class WebInstaller_Upgrade extends WebInstallerPage { public function showDoneMessage() { $this->startForm(); + $regenerate = !$this->getVar( '_ExistingDBSettings' ); + if ( $regenerate ) { + $msg = 'config-upgrade-done'; + } else { + $msg = 'config-upgrade-done-no-regenerate'; + } + $this->parent->disableLinkPopups(); $this->addHTML( $this->parent->getInfoBox( - wfMsgNoTrans( 'config-upgrade-done', + wfMsgNoTrans( $msg, $GLOBALS['wgServer'] . $this->getVar( 'wgScriptPath' ) . '/index' . $this->getVar( 'wgScriptExtension' ) ), 'tick-32.png' ) ); - $this->endForm( 'regenerate' ); + $this->parent->restoreLinkPopups(); + $this->endForm( $regenerate ? 'regenerate' : false, false ); } } @@ -1029,6 +1040,7 @@ class WebInstaller_Complete extends WebInstallerPage { $this->parent->request->response()->header( "Refresh: 0;$lsUrl" ); $this->startForm(); + $this->parent->disableLinkPopups(); $this->addHTML( $this->parent->getInfoBox( wfMsgNoTrans( 'config-install-done', @@ -1040,7 +1052,8 @@ class WebInstaller_Complete extends WebInstallerPage { ), 'tick-32.png' ) ); - $this->endForm( false ); + $this->parent->restoreLinkPopups(); + $this->endForm( false, false ); } }