"in-place", as long as you have the necessary prerequisites available.
Required software:
-* Web server with PHP 5.2.3 or higher.
+* Web server with PHP 5.3.2 or higher.
* A SQL server, the following types are supported
** MySQL 5.0.2 or higher
** PostgreSQL 8.3 or higher
MediaWiki 1.20 is an alpha-quality branch and is not recommended for use in
production.
+=== PHP 5.3 now required ==
+Since 1.20, the lowest supported version of MediaWiki is now 5.3.2. Please
+upgrade PHP if you have not done so prior to upgrading MediaWiki.
+
=== Configuration changes in 1.20 ===
* `$wgUsePathInfo = true;` is no longer needed to make $wgArticlePath work on servers
using like nginx, lighttpd, and apache over fastcgi. MediaWiki now always extracts
== Compatibility ==
-MediaWiki 1.20 requires PHP 5.2.3. PHP 4 is no longer supported.
+MediaWiki 1.20 requires PHP 5.3.2. PHP 4 is no longer supported.
MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but
support for them is somewhat less mature. There is experimental support for IBM
define( 'MW_API', true );
// Bail if PHP is too low
-if ( !function_exists( 'version_compare' ) || version_compare( phpversion(), '5.2.3' ) < 0 ) {
+if ( !function_exists( 'version_compare' ) || version_compare( phpversion(), '5.3.2' ) < 0 ) {
require( dirname( __FILE__ ) . '/includes/PHPVersionError.php' );
wfPHPVersionError( 'api.php' );
}
* @return array( User|String, Block::TYPE_ constant )
*/
public static function parseTarget( $target ) {
- $target = trim( $target );
-
# We may have been through this before
if( $target instanceof User ){
if( IP::isValid( $target->getName() ) ){
return array( null, null );
}
+ $target = trim( $target );
+
if ( IP::isValid( $target ) ) {
# We can still create a User if it's an IP address, but we need to turn
# off validation checking (which would exclude IP addresses)
}
# User/IP blocking
- $block = Block::newFromTarget( $this->getName(), $ip, !$bFromSlave );
+ $block = Block::newFromTarget( $this, $ip, !$bFromSlave );
# Proxy blocking
if ( !$block instanceof Block && $ip !== null && !$this->isAllowed( 'proxyunbannable' )
# same repo.
$results[$k] = false;
unset( $files[$k] );
+ } elseif ( FileBackend::isStoragePath( $f ) ) {
+ $results[$k] = false;
+ unset( $files[$k] );
+ wfWarn( "Got mwstore:// path '$f'." );
}
}
*/
function getThumbUrlFromCache( $name, $width, $height, $params="" ) {
global $wgMemc;
+ // We can't check the local cache using FileRepo functions because
+ // we override fileExistsBatch(). We have to use the FileBackend directly.
+ $backend = $this->getBackend(); // convenience
if ( !$this->canCacheThumbs() ) {
$result = null; // can't pass "null" by reference, but it's ok as default value
$localFilename = $localPath . "/" . $fileName;
$localUrl = $this->getZoneUrl( 'thumb' ) . "/" . $this->getHashPath( $name ) . rawurlencode( $name ) . "/" . rawurlencode( $fileName );
- if( $this->fileExists( $localFilename ) && isset( $metadata['timestamp'] ) ) {
+ if( $backend->fileExists( array( 'src' => $localFilename ) )
+ && isset( $metadata['timestamp'] ) )
+ {
wfDebug( __METHOD__ . " Thumbnail was already downloaded before\n" );
- $modified = $this->getFileTimestamp( $localFilename );
+ $modified = $backend->getFileTimestamp( array( 'src' => $localFilename ) );
$remoteModified = strtotime( $metadata['timestamp'] );
$current = time();
$diff = abs( $modified - $current );
}
# @todo FIXME: Delete old thumbs that aren't being used. Maintenance script?
- wfSuppressWarnings();
- $backend = $this->getBackend();
+ $backend->prepare( array( 'dir' => dirname( $localFilename ) ) );
$op = array( 'op' => 'create', 'dst' => $localFilename, 'content' => $thumb );
if( !$backend->doOperation( $op )->isOK() ) {
wfRestoreWarnings();
wfDebug( __METHOD__ . " could not write to thumb path\n" );
return $foreignUrl;
}
- wfRestoreWarnings();
$knownThumbUrls[$sizekey] = $localUrl;
$wgMemc->set( $key, $knownThumbUrls, $this->apiThumbCacheExpiry );
wfDebug( __METHOD__ . " got local thumb $localUrl, saving to cache \n" );
/**
* Destroy the singleton instance
- *
+ *
* @return void
*/
public static function destroySingleton() {
/**
* Register file backends from the global variables
- *
+ *
* @return void
*/
protected function initFromGlobals() {
abstract class Installer {
// This is the absolute minimum PHP version we can support
- const MINIMUM_PHP_VERSION = '5.2.3';
+ const MINIMUM_PHP_VERSION = '5.3.2';
/**
* @var array
<?php
/**
+ * Interwiki table entry.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
* @file
- * Interwiki table entry
*/
/**
<?php
/**
- * Job to fix double redirects after moving a page
+ * Job to fix double redirects after moving a page.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
*
* @file
* @ingroup JobQueue
/**
* Old job for notification emails.
*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
* @file
* @ingroup JobQueue
*/
/**
* Job for notification emails.
*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
* @file
* @ingroup JobQueue
*/
<?php
/**
- * Job queue base code
+ * Job queue base code.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
*
* @file
* @defgroup JobQueue JobQueue
/**
* Job to update links for a given title.
*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
* @file
* @ingroup JobQueue
*/
/**
* Job for asynchronous upload-by-url.
*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
* @file
* @ingroup JobQueue
*/
<?php
/**
- * Simple wrapper for json_econde and json_decode that falls back on Services_JSON class
+ * Simple wrapper for json_econde and json_decode that falls back on Services_JSON class.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
*
* @file
*/
<?php
/**
+ * PHP port of CSSJanus.
+ *
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* http://www.gnu.org/copyleft/gpl.html
*
+ * @file
*/
/**
<?php
/**
+ * Minification of CSS stylesheets.
+ *
* Copyright 2010 Wikimedia Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
* OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
- */
-
-/**
- * Transforms CSS data
- *
- * This class provides minification, URL remapping, URL extracting, and data-URL embedding.
*
* @file
* @version 0.1.1 -- 2010-09-11
* @copyright Copyright 2010 Wikimedia Foundation
* @license http://www.apache.org/licenses/LICENSE-2.0
*/
+
+/**
+ * Transforms CSS data
+ *
+ * This class provides minification, URL remapping, URL extracting, and data-URL embedding.
+ */
class CSSMin {
/* Constants */
<?php
+/**
+ * List of HTTP status codes.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
+ * @file
+ */
+
/**
* @todo document
*/
<?php
+/**
+ * Simulation of Microsoft Internet Explorer's MIME type detection algorithm.
+ *
+ * @file
+ * @todo Define the exact license of this file.
+ */
/**
* This class simulates Microsoft Internet Explorer's terribly broken and
<?php
+/**
+ * Checks for validity of requested URL's extension.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
+ * @file
+ */
/**
* Internet Explorer derives a cache filename from a URL, and then in certain
/**
* JavaScript Minifier
*
+ * @file
+ * @author Paul Copperman <paul.copperman@gmail.com>
+ * @license Choose any of Apache, MIT, GPL, LGPL
+ */
+
+/**
* This class is meant to safely minify javascript code, while leaving syntactically correct
* programs intact. Other libraries, such as JSMin require a certain coding style to work
* correctly. OTOH, libraries like jsminplus, that do parse the code correctly are rather
* slow, because they construct a complete parse tree before outputting the code minified.
* So this class is meant to allow arbitrary (but syntactically correct) input, while being
* fast enough to be used for on-the-fly minifying.
- *
- * Author: Paul Copperman <paul.copperman@gmail.com>
- * License: choose any of Apache, MIT, GPL, LGPL
*/
-
class JavaScriptMinifier {
/* Class constants */
<?php
-
/**
* JSMinPlus version 1.4
*
*
* Latest version of this script: http://files.tweakers.net/jsminplus/jsminplus.zip
*
+ * @file
*/
/* ***** BEGIN LICENSE BLOCK *****
* @return bool
*/
public function checkSvgScriptCallback( $element, $attribs ) {
- $stripped = $this->stripXmlNamespace( $element );
+ $strippedElement = $this->stripXmlNamespace( $element );
- if( $stripped == 'script' ) {
+ /*
+ * check for elements that can contain javascript
+ */
+ if( $strippedElement == 'script' ) {
wfDebug( __METHOD__ . ": Found script element '$element' in uploaded file.\n" );
return true;
}
+ # e.g., <svg xmlns="http://www.w3.org/2000/svg"> <handler xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load">alert(1)</handler> </svg>
+ if( $strippedElement == 'handler' ) {
+ wfDebug( __METHOD__ . ": Found scriptable element '$element' in uploaded file.\n" );
+ return true;
+ }
+
+ # SVG reported in Feb '12 that used xml:stylesheet to generate javascript block
+ if( $strippedElement == 'stylesheet' ) {
+ wfDebug( __METHOD__ . ": Found scriptable element '$element' in uploaded file.\n" );
+ return true;
+ }
+
foreach( $attribs as $attrib => $value ) {
$stripped = $this->stripXmlNamespace( $attrib );
+ $value = strtolower($value);
+
if( substr( $stripped, 0, 2 ) == 'on' ) {
- wfDebug( __METHOD__ . ": Found script attribute '$attrib'='value' in uploaded file.\n" );
+ wfDebug( __METHOD__ . ": Found event-handler attribute '$attrib'='$value' in uploaded file.\n" );
return true;
}
+
+ # href with javascript target
if( $stripped == 'href' && strpos( strtolower( $value ), 'javascript:' ) !== false ) {
- wfDebug( __METHOD__ . ": Found script href attribute '$attrib'='$value' in uploaded file.\n" );
+ wfDebug( __METHOD__ . ": Found script in href attribute '$attrib'='$value' in uploaded file.\n" );
+ return true;
+ }
+
+ # href with embeded svg as target
+ if( $stripped == 'href' && preg_match( '!data:[^,]*image/svg[^,]*,!sim', $value ) ) {
+ wfDebug( __METHOD__ . ": Found href to embedded svg \"<$strippedElement '$attrib'='$value'...\" in uploaded file.\n" );
+ return true;
+ }
+
+ # href with embeded (text/xml) svg as target
+ if( $stripped == 'href' && preg_match( '!data:[^,]*text/xml[^,]*,!sim', $value ) ) {
+ wfDebug( __METHOD__ . ": Found href to embedded svg \"<$strippedElement '$attrib'='$value'...\" in uploaded file.\n" );
+ return true;
+ }
+
+ # use set/animate to add event-handler attribute to parent
+ if( ( $strippedElement == 'set' || $strippedElement == 'animate' ) && $stripped == 'attributename' && substr( $value, 0, 2 ) == 'on' ) {
+ wfDebug( __METHOD__ . ": Found svg setting event-handler attribute with \"<$strippedElement $stripped='$value'...\" in uploaded file.\n" );
return true;
}
+
+ # use set to add href attribute to parent element
+ if( $strippedElement == 'set' && $stripped == 'attributename' && strpos( $value, 'href' ) !== false ) {
+ wfDebug( __METHOD__ . ": Found svg setting href attibute '$value' in uploaded file.\n" );
+ return true;
+ }
+
+ # use set to add a remote / data / script target to an element
+ if( $strippedElement == 'set' && $stripped == 'to' && preg_match( '!(http|https|data|script):!sim', $value ) ) {
+ wfDebug( __METHOD__ . ": Found svg setting attibute to '$value' in uploaded file.\n" );
+ return true;
+ }
+
+
+ # use handler attribute with remote / data / script
+ if( $stripped == 'handler' && preg_match( '!(http|https|data|script):!sim', $value ) ) {
+ wfDebug( __METHOD__ . ": Found svg setting handler with remote/data/script '$attrib'='$value' in uploaded file.\n" );
+ return true;
+ }
+
+ # use CSS styles to bring in remote code
+ # catch url("http:..., url('http:..., url(http:..., but not url("#..., url('#..., url(#....
+ if( $stripped == 'style' && preg_match_all( '!((?:font|clip-path|fill|filter|marker|marker-end|marker-mid|marker-start|mask|stroke)\s*:\s*url\s*\(\s*["\']?\s*[^#]+.*?\))!sim', $value, $matches ) ) {
+ foreach ($matches[1] as $match) {
+ if (!preg_match( '!(?:font|clip-path|fill|filter|marker|marker-end|marker-mid|marker-start|mask|stroke)\s*:\s*url\s*\(\s*(#|\'#|"#)!sim', $match ) ) {
+ wfDebug( __METHOD__ . ": Found svg setting a style with remote url '$attrib'='$value' in uploaded file.\n" );
+ return true;
+ }
+ }
+ }
+
+ # image filters can pull in url, which could be svg that executes scripts
+ if( $strippedElement == 'image' && $stripped == 'filter' && preg_match( '!url\s*\(!sim', $value ) ) {
+ wfDebug( __METHOD__ . ": Found image filter with url: \"<$strippedElement $stripped='$value'...\" in uploaded file.\n" );
+ return true;
+ }
+
}
+
+ return false; //No scripts detected
}
private function stripXmlNamespace( $name ) {
# has structures (try/catch, foo()->bar(), etc etc) which throw parse errors in
# PHP 4. Setup.php and ObjectCache.php have structures invalid in PHP 5.0 and
# 5.1, respectively.
-if ( !function_exists( 'version_compare' ) || version_compare( phpversion(), '5.2.3' ) < 0 ) {
+if ( !function_exists( 'version_compare' ) || version_compare( phpversion(), '5.3.2' ) < 0 ) {
require( dirname( __FILE__ ) . '/includes/PHPVersionError.php' );
wfPHPVersionError( 'index.php' );
}
*/
// Bail if PHP is too low
-if ( !function_exists( 'version_compare' ) || version_compare( phpversion(), '5.2.3' ) < 0 ) {
+if ( !function_exists( 'version_compare' ) || version_compare( phpversion(), '5.3.2' ) < 0 ) {
require( dirname( __FILE__ ) . '/includes/PHPVersionError.php' );
wfPHPVersionError( 'load.php' );
}
$maintClass = false;
// Make sure we're on PHP5 or better
-if ( !function_exists( 'version_compare' ) || version_compare( PHP_VERSION, '5.2.3' ) < 0 ) {
+if ( !function_exists( 'version_compare' ) || version_compare( PHP_VERSION, '5.3.2' ) < 0 ) {
require_once( dirname( __FILE__ ) . '/../includes/PHPVersionError.php' );
wfPHPVersionError( 'cli' );
}
* @see wfWaitForSlaves()
*/
-if ( !function_exists( 'version_compare' ) || ( version_compare( phpversion(), '5.2.3' ) < 0 ) ) {
- echo "You are using PHP version " . phpversion() . " but MediaWiki needs PHP 5.2.3 or higher. ABORTING.\n" .
+if ( !function_exists( 'version_compare' ) || ( version_compare( phpversion(), '5.3.2' ) < 0 ) ) {
+ echo "You are using PHP version " . phpversion() . " but MediaWiki needs PHP 5.3.2 or higher. ABORTING.\n" .
"Check if you have a newer php executable with a different name, such as php5.\n";
die( 1 );
}
* @ingroup Maintenance
*/
-if ( !function_exists( 'version_compare' ) || ( version_compare( phpversion(), '5.2.3' ) < 0 ) ) {
- echo "You are using PHP version " . phpversion() . " but MediaWiki needs PHP 5.2.3 or higher. ABORTING.\n" .
+if ( !function_exists( 'version_compare' ) || ( version_compare( phpversion(), '5.3.2' ) < 0 ) ) {
+ echo "You are using PHP version " . phpversion() . " but MediaWiki needs PHP 5.3.2 or higher. ABORTING.\n" .
"Check if you have a newer php executable with a different name, such as php5.\n";
die( 1 );
}