From: Chad Horohoe Date: Sun, 29 Nov 2009 16:13:40 +0000 (+0000) Subject: Add $wgWikiId to override default wfWikiId() output. Solves bug 21086 (security issue... X-Git-Tag: 1.31.0-rc.0~38675 X-Git-Url: https://git.cyclocoop.org/admin/?a=commitdiff_plain;h=03d5e6f93c0fb9c1e675c33d4c712318a8096396;p=lhc%2Fweb%2Fwiklou.git Add $wgWikiId to override default wfWikiId() output. Solves bug 21086 (security issue: generateSitemap.php does use wfWikiID in sitemap filenames) --- diff --git a/RELEASE-NOTES b/RELEASE-NOTES index a87e6a0cb7..42af146905 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -98,6 +98,7 @@ Hopefully we will remove this configuration var soon) CIDR ranges for blocking * $wgUseInstantCommons added for quick and easy enabling of Commons as a remote file repository +* $wgWikiId added to override default output of wfWikiId() === New features in 1.16 === diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index a0644c6434..5253829617 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -713,6 +713,12 @@ $wgDBservers = false; */ $wgLBFactoryConf = array( 'class' => 'LBFactory_Simple' ); +/** + * Unique identifier if you're paranoid and don't want $wgDBname as part of + * wfWikiId(). See bug 21086 + */ +$wgWikiId = false; + /** How long to wait for a slave to catch up to the master */ $wgMasterWaitTimeout = 10; diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php index 645bb4dcc4..53e0b87044 100644 --- a/includes/GlobalFunctions.php +++ b/includes/GlobalFunctions.php @@ -2896,7 +2896,9 @@ function wfForeignMemcKey( $db, $prefix /*, ... */ ) { * This is used as a prefix in memcached keys */ function wfWikiID() { - global $wgDBprefix, $wgDBname; + global $wgDBprefix, $wgDBname, $wgWikiId; + if( $wgWikiId ) + return $wgWikiId; if ( $wgDBprefix ) { return "$wgDBname-$wgDBprefix"; } else {