# HTML may contain cookie-stealing JavaScript and web bugs
'html', 'htm', 'js', 'jsb', 'mhtml', 'mht', 'xhtml', 'xht',
# PHP scripts may execute arbitrary code on the server
- 'php', 'phtml', 'php3', 'php4', 'php5', 'phps',
+ 'php', 'phtml', 'php3', 'php4', 'php5', 'phps', 'phar',
# Other types that may be interpreted by some servers
'shtml', 'jhtml', 'pl', 'py', 'cgi',
# May contain harmful executables for Windows victims
*
* @since 1.33
*/
-$wgMediaInTargetLanguage = false;
+$wgMediaInTargetLanguage = true;
/**
* The maximum number of pixels a source image can have if it is to be scaled
*/
$wgDBerrorLogTZ = false;
-/**
- * Set to true to engage MySQL 4.1/5.0 charset-related features;
- * for now will just cause sending of 'SET NAMES=utf8' on connect.
- *
- * @warning THIS IS EXPERIMENTAL!
- *
- * May break if you're not using the table defs from mysql5/tables.sql.
- * May break if you're upgrading an existing wiki if set differently.
- * Broken symptoms likely to include incorrect behavior with page titles,
- * usernames, comments etc containing non-ASCII characters.
- * Might also cause failures on the object cache and other things.
- *
- * Even correct usage may cause failures with Unicode supplementary
- * characters (those not in the Basic Multilingual Plane) unless MySQL
- * has enhanced their Unicode support.
- *
- * @deprecated since 1.31
- */
-$wgDBmysql5 = false;
-
/**
* Set true to enable Oracle DCRP (supported from 11gR1 onward)
*
*
* The format is an associative array where the key is a cache identifier, and
* the value is an associative array of parameters. The "cacheId" parameter is
- * a cache identifier from $wgObjectCaches. The "channels" parameter is a map of
- * actions ('purge') to PubSub channels defined in $wgEventRelayerConfig.
- * The "loggroup" parameter controls where log events are sent.
+ * a cache identifier from $wgObjectCaches. The "loggroup" parameter controls
+ * where log events are sent.
*
* @since 1.26
*/
$wgWANObjectCaches = [
CACHE_NONE => [
'class' => WANObjectCache::class,
- 'cacheId' => CACHE_NONE,
- 'channels' => []
+ 'cacheId' => CACHE_NONE
]
/* Example of a simple single data-center cache:
'memcached-php' => [
'class' => WANObjectCache::class,
- 'cacheId' => 'memcached-php',
- 'channels' => [ 'purge' => 'wancache-main-memcached-purge' ]
+ 'cacheId' => 'memcached-php'
]
*/
];
*/
$wgUseGzip = false;
-/**
- * Clock skew or the one-second resolution of time() can occasionally cause cache
- * problems when the user requests two pages within a short period of time. This
- * variable adds a given number of seconds to vulnerable timestamps, thereby giving
- * a grace period.
- */
-$wgClockSkewFudge = 5;
-
/**
* Invalidate various caches when LocalSettings.php changes. This is equivalent
* to setting $wgCacheEpoch to the modification time of LocalSettings.php, as
/** @} */ # end of Interwiki caching settings.
-/**
- * @name SiteStore caching settings.
- * @{
- */
-
-/**
- * Specify the file location for the Sites json cache file.
- */
-$wgSitesCacheFile = false;
-
-/** @} */ # end of SiteStore caching settings.
-
/**
* If local interwikis are set up which allow redirects,
* set this regexp to restrict URLs which will be displayed
* - value: (number, boolean or null) the value to pass to the callback
* - forceChange: (bool, default false) if the password is invalid, do
* not let the user log in without changing the password
+ * - suggestChangeOnLogin: (bool, default false) if true and the password is
+ * invalid, suggest a password change if logging in. If all the failing policies
+ * that apply to the user have this set to false, the password change
+ * screen will not be shown. 'forceChange' takes precedence over
+ * 'suggestChangeOnLogin' if they are both present.
* As a shorthand for [ 'value' => <value> ], simply <value> can be written.
* When multiple password policies are defined for a user, the settings
* arrays are merged, and for fields which are set in both arrays, the
'PasswordNotInLargeBlacklist' => true,
],
'default' => [
- 'MinimalPasswordLength' => 1,
- 'PasswordCannotMatchUsername' => true,
- 'PasswordCannotMatchBlacklist' => true,
- 'MaximalPasswordLength' => 4096,
+ 'MinimalPasswordLength' => [ 'value' => 1, 'suggestChangeOnLogin' => true ],
+ 'PasswordCannotMatchUsername' => [ 'value' => true, 'suggestChangeOnLogin' => true ],
+ 'PasswordCannotMatchBlacklist' => [ 'value' => true, 'suggestChangeOnLogin' => true ],
+ 'MaximalPasswordLength' => [ 'value' => 4096, 'suggestChangeOnLogin' => true ],
],
],
'checks' => [
'cost' => '30000',
'length' => '64',
],
+ 'argon2' => [
+ 'class' => Argon2Password::class,
+
+ // Algorithm used:
+ // * 'argon2i' is optimized against side-channel attacks (PHP 7.2+)
+ // * 'argon2id' is optimized against both side-channel and GPU cracking (PHP 7.3+)
+ // * 'auto' to use best available algorithm. If you're using more than one server, be
+ // careful when you're mixing PHP versions because newer PHP might generate hashes that
+ // older versions might would not understand.
+ 'algo' => 'auto',
+
+ // The parameters below are the same as options accepted by password_hash().
+ // Set them to override that function's defaults.
+ //
+ // 'memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST,
+ // 'time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST,
+ // 'threads' => PASSWORD_ARGON2_DEFAULT_THREADS,
+ ],
];
/**
'rows' => 25, // @deprecated since 1.29 No longer used in core
'showhiddencats' => 0,
'shownumberswatching' => 1,
+ 'showrollbackconfirmation' => 0,
'skin' => false,
'stubthreshold' => 0,
'thumbsize' => 5,
/**
* Prefix for metric names sent to $wgStatsdServer.
*
- * @see MediaWikiServices::getStatsdDataFactory
+ * @see MediaWikiServices::getInstance()->getStatsdDataFactory
* @see BufferingStatsdDataFactory
* @since 1.25
*/
*/
$wgExtensionCredits = [];
-/**
- * Authentication plugin.
- * @var $wgAuth AuthPlugin
- * @deprecated since 1.27 use $wgAuthManagerConfig instead
- */
-$wgAuth = null;
-
/**
* Global list of hooks.
*
'upload' => [
'upload' => [ 'upload' ],
'overwrite' => [ 'overwrite' ],
+ 'revert' => [ 'revert' ],
],
];
*/
$wgMultiContentRevisionSchemaMigrationStage = SCHEMA_COMPAT_WRITE_BOTH | SCHEMA_COMPAT_READ_NEW;
+/**
+ * The schema to use per default when generating XML dumps. This allows sites to control
+ * explicitly when to make breaking changes to their export and dump format.
+ */
+$wgXmlDumpSchemaVersion = XML_DUMP_SCHEMA_VERSION_10;
+
/**
* Actor table schema migration stage.
*
$wgEnablePartialBlocks = false;
/**
- * Enable confirmation prompt for rollback actions to prevent accidental rollbacks.
- * May be disabled to reduce number of clicks needed to perform rollbacks.
+ * Enable stats monitoring when Block Notices are displayed in different places around core
+ * and extensions.
*
- * @since 1.33
+ * @since 1.34
+ * @deprecated 1.34
* @var bool
*/
-$wgEnableRollbackConfirmationPrompt = true;
+$wgEnableBlockNoticeStats = false;
/**
- * Enable stats monitoring when Block Notices are displayed in different places around core
- * and extensions.
+ * Origin Trials tokens.
+ *
+ * @since 1.34
+ * @var array
+ */
+$wgOriginTrials = [];
+
+/**
+ * Enable client-side Priority Hints.
+ *
+ * @warning EXPERIMENTAL!
*
* @since 1.34
- * @deprecated 1.34
* @var bool
*/
-$wgEnableBlockNoticeStats = false;
+$wgPriorityHints = false;
+
+/**
+ * Enable Element Timing.
+ *
+ * @warning EXPERIMENTAL!
+ *
+ * @since 1.34
+ * @var bool
+ */
+$wgElementTiming = false;
+
+/**
+ * Temporary option to show rollback confirmation user settings
+ * without activating the feature itself
+ * @see T217039
+ * @since 1.33
+ * @deprecated 1.33
+ * @var bool
+ */
+$wgDisableRollbackConfirmationFeature = false;
/**
* For really cool vim folding this needs to be at the end: