Merge "Enable $wgCookieSetOnAutoblock and $wgCookieSetOnIpBlock by default"

diff --git a/RELEASE-NOTES-1.34 b/RELEASE-NOTES-1.34
index 5cd1bbc..03ced76 100644 (file)
--- a/RELEASE-NOTES-1.34
+++ b/RELEASE-NOTES-1.34
@@ -66,6 +66,7 @@ For notes on 1.33.x and older releases, see HISTORY.
   which was deprecated in 1.30, no longer works. Instead, $wgProxyList should be
   an array with IP addresses as the values, or a string path to a file
   containing one IP address per line.
+* $wgCookieSetOnAutoblock and $wgCookieSetOnIpBlock are now enabled by default.
 * …
 
 ==== Removed configuration ====

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 81de1a0..48943de 100644 (file)
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -6071,7 +6071,7 @@ $wgSessionName = false;
  * which case there is a possibility of an attacker discovering the names of revdeleted users, so
  * it is best to use this in conjunction with $wgSecretKey being set).
  */
-$wgCookieSetOnAutoblock = false;
+$wgCookieSetOnAutoblock = true;
 
 /**
  * Whether to set a cookie when a logged-out user is blocked. Doing so means that a blocked user,
@@ -6080,7 +6080,7 @@ $wgCookieSetOnAutoblock = false;
  * case there is a possibility of an attacker discovering the names of revdeleted users, so it
  * is best to use this in conjunction with $wgSecretKey being set).
  */
-$wgCookieSetOnIpBlock = false;
+$wgCookieSetOnIpBlock = true;
 
 /** @} */ # end of cookie settings }