--- /dev/null
+[gerrit]
+host=gerrit.wikimedia.org
+port=29418
+project=mediawiki/core.git
+defaultbranch=REL1_17
Security reminder: MediaWiki does not require PHP's register_globals
setting since version 1.2.0. If you have it on, turn it '''off''' if you can.
-== MediaWiki 1.17.3 ==
-2012-03-21
+== MediaWiki 1.17.4 ==
+2012-04-25
-This a maintenance and security release of the MediaWiki 1.17 branch.
+This a maintenance of the MediaWiki 1.17 branch.
=== Summary of selected changes in 1.17 ===
* The lowest supported version of PHP is now 5.2.3. If necessary, please
upgrade PHP prior to upgrading MediaWiki.
+=== Changes since 1.17.3 ===
+
+* (bug 35961) Hash comparison should always be strict.
+* Fix broken email confirmation expiration caused by MWCryptRand changes.
+* (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php
+ on line 598.
+
=== Changes since 1.17.2 ===
* (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in
/**
* Randomly hash data while mixing in clock drift data for randomness
*
- * @param $data The data to randomly hash.
+ * @param $data string The data to randomly hash.
* @return String The hashed bytes
* @author Tim Starling
*/
/**
* Return a rolling random state initially build using data from unstable sources
- * @return A new weak random state
+ * @return string A new weak random state
*/
protected function randomState() {
static $state = null;
/**
* Decide on the best acceptable hash algorithm we have available for hash()
+ * @throws MWException
* @return String A hash algorithm
*/
protected function hashAlgo() {
* Generate an acceptably unstable one-way-hash of some text
* making use of the best hash algorithm that we have available.
*
+ * @param $data string
* @return String A raw hash of the data
*/
protected function hash( $data ) {
* Generate an acceptably unstable one-way-hmac of some text
* making use of the best hash algorithm that we have available.
*
+ * @param $data string
+ * @param $key string
* @return String A raw hash of the data
*/
protected function hmac( $data, $key ) {
if ( $iv === false ) {
wfDebug( __METHOD__ . ": mcrypt_create_iv returned false.\n" );
} else {
- $bytes .= $iv;
+ $buffer .= $iv;
wfDebug( __METHOD__ . ": mcrypt_create_iv generated " . strlen( $iv ) . " bytes of randomness.\n" );
}
wfProfileOut( __METHOD__ . '-mcrypt' );
/**
* Return a singleton instance of MWCryptRand
+ * @return MWCryptRand
*/
protected static function singleton() {
if ( is_null( self::$singleton ) ) {
/** @endcond */
/** MediaWiki version number */
-$wgVersion = '1.17.3';
+$wgVersion = '1.17.4';
/** Name of the site. It must be changed in LocalSettings.php */
$wgSitename = 'MediaWiki';
function confirmationToken( &$expiration ) {
$now = time();
$expires = $now + 7 * 24 * 60 * 60;
- $expiration =
+ $expiration = wfTimestamp( TS_MW, $expires );
$token = MWCryptRand::generateHex( 32 );
$hash = md5( $token );
$this->load();
$this->mEmailToken = $hash;
- $this->mEmailTokenExpires = wfTimestamp( TS_MW, $expires );
+ $this->mEmailTokenExpires = $expiration;
return $token;
}
} elseif ( $type == ':B:' ) {
# Salted
list( $salt, $realHash ) = explode( ':', substr( $hash, 3 ), 2 );
- return md5( $salt.'-'.md5( $password ) ) == $realHash;
+ return md5( $salt.'-'.md5( $password ) ) === $realHash;
} else {
# Old-style
return self::oldCrypt( $password, $userId ) === $hash;
* @return string
*/
public static function getBaseVersion() {
- return __CLASS__ . ': $Id: ApiBase.php 82730 2011-02-24 16:03:05Z reedy $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiBlock.php 77192 2010-11-23 22:05:27Z btongminh $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiDelete.php 77141 2010-11-23 10:04:38Z ialex $';
+ return __CLASS__ . ': $Id$';
}
}
\ No newline at end of file
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiDisabled.php 70647 2010-08-07 19:59:42Z ialex $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiEditPage.php 90492 2011-06-20 22:39:10Z reedy $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiEmailUser.php 85354 2011-04-04 18:25:31Z demon $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiExpandTemplates.php 70647 2010-08-07 19:59:42Z ialex $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiFeedWatchlist.php 77674 2010-12-03 19:47:22Z catrope $';
+ return __CLASS__ . ': $Id$';
}
}
}
public static function getBaseVersion() {
- return __CLASS__ . ': $Id: ApiFormatBase.php 75970 2010-11-04 00:55:30Z reedy $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiFormatBase.php 75970 2010-11-04 00:55:30Z reedy $';
+ return __CLASS__ . ': $Id$';
}
}
\ No newline at end of file
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiFormatDbg.php 70647 2010-08-07 19:59:42Z ialex $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiFormatJson.php 70647 2010-08-07 19:59:42Z ialex $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiFormatPhp.php 70647 2010-08-07 19:59:42Z ialex $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiFormatRaw.php 70647 2010-08-07 19:59:42Z ialex $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiFormatTxt.php 70647 2010-08-07 19:59:42Z ialex $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiFormatWddx.php 70647 2010-08-07 19:59:42Z ialex $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiFormatXml.php 73753 2010-09-25 16:56:03Z reedy $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiFormatYaml.php 70647 2010-08-07 19:59:42Z ialex $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiHelp.php 73863 2010-09-28 02:33:43Z brion $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiImport.php 77800 2010-12-05 14:22:49Z ialex $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiLogin.php 76080 2010-11-05 11:54:35Z catrope $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiLogout.php 70647 2010-08-07 19:59:42Z ialex $';
+ return __CLASS__ . ': $Id$';
}
}
$moduleParams = $module->extractRequestParams();
// Die if token required, but not provided (unless there is a gettoken parameter)
+ if ( isset( $moduleParams['gettoken'] ) ) {
+ $gettoken = $moduleParams['gettoken'];
+ } else {
+ $gettoken = false;
+ }
+
$salt = $module->getTokenSalt();
- if ( $salt !== false && !$moduleParams['gettoken'] ) {
+ if ( $salt !== false && !$gettoken ) {
if ( !isset( $moduleParams['token'] ) ) {
$this->dieUsageMsg( array( 'missingparam', 'token' ) );
} else {
public function getVersion() {
$vers = array ();
$vers[] = 'MediaWiki: ' . SpecialVersion::getVersion() . "\n http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/";
- $vers[] = __CLASS__ . ': $Id: ApiMain.php 76196 2010-11-06 16:11:19Z reedy $';
+ $vers[] = __CLASS__ . ': $Id$';
$vers[] = ApiBase::getBaseVersion();
$vers[] = ApiFormatBase::getBaseVersion();
$vers[] = ApiQueryBase::getBaseVersion();
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiMove.php 77192 2010-11-23 22:05:27Z btongminh $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiOpenSearch.php 79720 2011-01-06 14:48:34Z catrope $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiPageSet.php 76196 2010-11-06 16:11:19Z reedy $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiParamInfo.php 87170 2011-04-30 16:57:22Z catrope $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiParse.php 89672 2011-06-07 18:45:20Z catrope $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiPatrol.php 78437 2010-12-15 14:14:16Z catrope $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiProtect.php 77192 2010-11-23 22:05:27Z btongminh $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiPurge.php 74944 2010-10-18 09:19:20Z catrope $';
+ return __CLASS__ . ': $Id$';
}
}
public function getVersion() {
$psModule = new ApiPageSet( $this );
$vers = array();
- $vers[] = __CLASS__ . ': $Id: ApiQuery.php 80897 2011-01-24 18:57:42Z catrope $';
+ $vers[] = __CLASS__ . ': $Id$';
$vers[] = $psModule->getVersion();
return $vers;
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryAllCategories.php 70647 2010-08-07 19:59:42Z ialex $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryAllLinks.php 77192 2010-11-23 22:05:27Z btongminh $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryAllUsers.php 85354 2011-04-04 18:25:31Z demon $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryAllimages.php 71838 2010-08-28 01:18:18Z reedy $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryAllmessages.php 73756 2010-09-25 17:08:23Z reedy $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryAllpages.php 85354 2011-04-04 18:25:31Z demon $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryBacklinks.php 75921 2010-11-03 12:49:21Z demon $';
+ return __CLASS__ . ': $Id$';
}
}
* @return string
*/
public static function getBaseVersion() {
- return __CLASS__ . ': $Id: ApiQueryBase.php 85435 2011-04-05 14:00:08Z demon $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryBlocks.php 73858 2010-09-28 01:21:15Z reedy $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryCategories.php 86474 2011-04-20 13:22:05Z catrope $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryCategoryInfo.php 70647 2010-08-07 19:59:42Z ialex $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryCategoryMembers.php 86474 2011-04-20 13:22:05Z catrope $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryDeletedrevs.php 77192 2010-11-23 22:05:27Z btongminh $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryDisabled.php 70647 2010-08-07 19:59:42Z ialex $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryDuplicateFiles.php 70647 2010-08-07 19:59:42Z ialex $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryExtLinksUsage.php 70647 2010-08-07 19:59:42Z ialex $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryExternalLinks.php 70647 2010-08-07 19:59:42Z ialex $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryFilearchive.php 85354 2011-04-04 18:25:31Z demon $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryIWBacklinks.php 70647 2010-08-07 19:59:42Z ialex $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryIWLinks.php 77080 2010-11-21 17:27:13Z reedy $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryImageInfo.php 85435 2011-04-05 14:00:08Z demon $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryImages.php 73543 2010-09-22 16:50:09Z platonides $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryInfo.php 78439 2010-12-15 14:23:46Z catrope $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryLangLinks.php 77660 2010-12-03 14:44:07Z catrope $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryLinks.php 70647 2010-08-07 19:59:42Z ialex $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryLogEvents.php 74535 2010-10-09 00:01:45Z reedy $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryPageProps.php 85211 2011-04-02 21:01:00Z demon $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryProtectedTitles.php 71838 2010-08-28 01:18:18Z reedy $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryRecentChanges.php 78437 2010-12-15 14:14:16Z catrope $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryRevisions.php 108686 2012-01-11 21:58:58Z reedy $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQuerySearch.php 76300 2010-11-08 12:23:24Z reedy $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQuerySiteinfo.php 77192 2010-11-23 22:05:27Z btongminh $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryStashImageInfo.php 81000 2011-01-25 22:49:34Z catrope $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryTags.php 73858 2010-09-28 01:21:15Z reedy $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryUserContributions.php 75096 2010-10-20 18:50:33Z reedy $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryUserInfo.php 75937 2010-11-03 17:01:21Z reedy $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryUsers.php 85354 2011-04-04 18:25:31Z demon $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryWatchlist.php 85435 2011-04-05 14:00:08Z demon $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryWatchlistRaw.php 70647 2010-08-07 19:59:42Z ialex $';
+ return __CLASS__ . ': $Id$';
}
}
\ No newline at end of file
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiResult.php 74230 2010-10-03 19:07:11Z reedy $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiRollback.php 75602 2010-10-28 00:04:48Z reedy $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiRsd.php 76195 2010-11-06 15:57:15Z btongminh $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiRsd.php 76195 2010-11-06 15:57:15Z btongminh $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiUnblock.php 74098 2010-10-01 20:12:50Z reedy $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiUndelete.php 74098 2010-10-01 20:12:50Z reedy $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiUserrights.php 75602 2010-10-28 00:04:48Z reedy $';
+ return __CLASS__ . ': $Id$';
}
}
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiWatch.php 77192 2010-11-23 22:05:27Z btongminh $';
+ return __CLASS__ . ': $Id$';
}
}
* @author Matt Knapp <mdknapp[at]gmail[dot]com>
* @author Brett Stimmerman <brettstimmerman[at]gmail[dot]com>
* @copyright 2005 Michal Migurski
-* @version CVS: $Id: Services_JSON.php 90492 2011-06-20 22:39:10Z reedy $
+* @version CVS: $Id$
* @license http://www.opensource.org/licenses/bsd-license.php
* @see http://pear.php.net/pepr/pepr-proposal-show.php?id=198
*/
/*
* This software is in the public domain.
*
- * $Id: counts.d 10510 2005-08-15 01:46:19Z kateturner $
+ * $Id$
*/
#pragma D option quiet
/*
* This software is in the public domain.
*
- * $Id: tree.d 10510 2005-08-15 01:46:19Z kateturner $
+ * $Id$
*/
#pragma D option quiet
#!/usr/bin/perl
## Convert data from a MySQL mediawiki database into a Postgres mediawiki database
-## svn: $Id: mediawiki_mysql2postgres.pl 65542 2010-04-26 13:46:04Z demon $
+## svn: $Id$
## NOTE: It is probably easier to dump your wiki using maintenance/dumpBackup.php
## and then import it with maintenance/importDump.php
print qq{
-- Dump of MySQL Mediawiki tables for import into a Postgres Mediawiki schema
-- Performed by the program: $0
--- Version: $VERSION (subversion }.q{$LastChangedRevision: 65542 $}.qq{)
+-- Version: $VERSION (subversion }.q{$LastChangedRevision$}.qq{)
-- Author: Greg Sabino Mullane <greg\@turnstep.com> Comments welcome
--
-- This file was created: $now