Security reminder: MediaWiki does not require PHP's register_globals
setting since version 1.2.0. If you have it on, turn it *off* if you can.
-== MediaWiki 1.15.0 ==
+== MediaWiki 1.15.1 ==
-2009-06-10
+July 14, 2009
-This is a stable release of the the 2009 Q2 branch of MediaWiki.
+This is a security and bugfix release of the the 2009 Q2 branch of MediaWiki.
MediaWiki is now using a "continuous integration" development model with
quarterly snapshot releases. The latest development code is always kept
Those wishing to use the latest code instead of a branch release can obtain
it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
+=== Changes since 1.15.0 ===
+
+* Fixed fatal errors for unusual file repository configurations, such as
+ ForeignAPIRepo.
+* Fixed the "change password" link on Special:Preferences to have the correct
+ returnto parameter.
+* (bug 19693) Fixed cross-site scripting vulnerability in Special:Block
+
=== Changes since 1.15.0rc1 ===
* Removed category redirect feature, implementation was incomplete.
}
/** MediaWiki version number */
-$wgVersion = '1.15.0';
+$wgVersion = '1.15.1';
/** Name of the site. It must be changed in LocalSettings.php */
$wgSitename = 'MediaWiki';
* $wgExtensionCredits[$type][] = array(
* 'name' => 'Example extension',
* 'version' => 1.9,
- * 'svn-revision' => '$LastChangedRevision: 51678 $',
+ * 'svn-revision' => '$LastChangedRevision: 53179 $',
* 'author' => 'Foo Barstein',
* 'url' => 'http://wwww.example.com/Example%20Extension/',
* 'description' => 'An example extension',
function cleanupDeletedBatch( $storageKeys ) {}
/**
- * Checks if there is a redirect named as $title
+ * Checks if there is a redirect named as $title. If there is, return the
+ * title object. If not, return false.
+ * STUB
*
* @param Title $title Title of image
*/
function checkRedirect( $title ) {
- global $wgMemc;
-
- if( is_string( $title ) ) {
- $title = Title::newFromTitle( $title );
- }
- if( $title instanceof Title && $title->getNamespace() == NS_MEDIA ) {
- $title = Title::makeTitle( NS_FILE, $title->getText() );
- }
-
- $memcKey = $this->getMemcKey( "image_redirect:" . md5( $title->getPrefixedDBkey() ) );
- $cachedValue = $wgMemc->get( $memcKey );
- if( $cachedValue ) {
- return Title::newFromDbKey( $cachedValue );
- } elseif( $cachedValue == ' ' ) { # FIXME: ugly hack, but BagOStuff caching seems to be weird and return false if !cachedValue, not only if it doesn't exist
- return false;
- }
-
- $id = $this->getArticleID( $title );
- if( !$id ) {
- $wgMemc->set( $memcKey, " ", 9000 );
- return false;
- }
- $dbr = $this->getSlaveDB();
- $row = $dbr->selectRow(
- 'redirect',
- array( 'rd_title', 'rd_namespace' ),
- array( 'rd_from' => $id ),
- __METHOD__
- );
-
- if( $row ) $targetTitle = Title::makeTitle( $row->rd_namespace, $row->rd_title );
- $wgMemc->set( $memcKey, ($row ? $targetTitle->getPrefixedDBkey() : " "), 9000 );
- if( !$row ) {
- return false;
- }
- return $targetTitle;
+ return false;
}
/**
function getMasterDB() {
return wfGetDB( DB_MASTER );
}
+
+ function getMemcKey( $key ) {
+ return wfWikiID( $this->getSlaveDB() ) . ":{$key}";
+ }
}
var $fileFromRowFactory = array( 'LocalFile', 'newFromRow' );
var $oldFileFromRowFactory = array( 'OldLocalFile', 'newFromRow' );
- function getMemcKey( $key ) {
- return wfWikiID( $this->getSlaveDB() ) . ":{$key}";
- }
-
function newFileFromRow( $row ) {
if ( isset( $row->img_name ) ) {
return call_user_func( $this->fileFromRowFactory, $row, $this );
}
return $status;
}
+
+ /**
+ * Checks if there is a redirect named as $title
+ *
+ * @param Title $title Title of image
+ */
+ function checkRedirect( $title ) {
+ global $wgMemc;
+
+ if( is_string( $title ) ) {
+ $title = Title::newFromTitle( $title );
+ }
+ if( $title instanceof Title && $title->getNamespace() == NS_MEDIA ) {
+ $title = Title::makeTitle( NS_FILE, $title->getText() );
+ }
+
+ $memcKey = $this->getMemcKey( "image_redirect:" . md5( $title->getPrefixedDBkey() ) );
+ $cachedValue = $wgMemc->get( $memcKey );
+ if( $cachedValue ) {
+ return Title::newFromDbKey( $cachedValue );
+ } elseif( $cachedValue == ' ' ) { # FIXME: ugly hack, but BagOStuff caching seems to be weird and return false if !cachedValue, not only if it doesn't exist
+ return false;
+ }
+
+ $id = $this->getArticleID( $title );
+ if( !$id ) {
+ $wgMemc->set( $memcKey, " ", 9000 );
+ return false;
+ }
+ $dbr = $this->getSlaveDB();
+ $row = $dbr->selectRow(
+ 'redirect',
+ array( 'rd_title', 'rd_namespace' ),
+ array( 'rd_from' => $id ),
+ __METHOD__
+ );
+
+ if( $row ) $targetTitle = Title::makeTitle( $row->rd_namespace, $row->rd_title );
+ $wgMemc->set( $memcKey, ($row ? $targetTitle->getPrefixedDBkey() : " "), 9000 );
+ if( !$row ) {
+ return false;
+ }
+ return $targetTitle;
+ }
+
/**
* Function link Title::getArticleID().
*/
private function getContribsLink( $skin ) {
$contribsPage = SpecialPage::getTitleFor( 'Contributions', $this->BlockAddress );
- return $skin->link( $contribsPage, wfMsgHtml( 'ipb-blocklist-contribs', $this->BlockAddress ) );
+ return $skin->link( $contribsPage, wfMsgExt( 'ipb-blocklist-contribs', 'escape', $this->BlockAddress ) );
}
/**
# Password
if( $wgAuth->allowPasswordChange() ) {
$link = $wgUser->getSkin()->link( SpecialPage::getTitleFor( 'ResetPass' ), wfMsgHtml( 'prefs-resetpass' ),
- array() , array('returnto' => SpecialPage::getTitleFor( 'Preferences') ) );
+ array() , array( 'returnto' => SpecialPage::getTitleFor( 'Preferences' )->getPrefixedText() ) );
$wgOut->addHTML(
$this->tableRow( Xml::element( 'h2', null, wfMsg( 'changepassword' ) ) ) .
$this->tableRow( '<ul><li>' . $link . '</li></ul>' ) );
);
INSERT INTO mediawiki_version (type,mw_version,sql_version,sql_date)
- VALUES ('Creation','??','$LastChangedRevision: 48615 $','$LastChangedDate: 2009-03-19 20:15:41 -0500 (Thu, 19 Mar 2009) $');
+ VALUES ('Creation','??','$LastChangedRevision: 48615 $','$LastChangedDate: 2009-03-20 12:15:41 +1100 (Fri, 20 Mar 2009) $');
'mw_version' => $wgVersion,
'pg_version' => $version,
'sql_version' => '$LastChangedRevision: 51640 $',
- 'sql_date' => '$LastChangedDate: 2009-06-09 07:58:05 -0500 (Tue, 09 Jun 2009) $',
+ 'sql_date' => '$LastChangedDate: 2009-06-09 22:58:05 +1000 (Tue, 09 Jun 2009) $',
) );
return;
}