From ed929caf35b91662df31b9ee922286ddea5659cb Mon Sep 17 00:00:00 2001 From: "Edward Z. Yang" Date: Wed, 15 Aug 2012 19:25:42 +0800 Subject: [PATCH] MediaWiki 1.17.3 Signed-off-by: Edward Z. Yang --- RELEASE-NOTES | 46 +- includes/AutoLoader.php | 1 + includes/CryptRand.php | 463 ++++++++++ includes/DefaultSettings.php | 9 +- includes/GlobalFunctions.php | 29 + includes/OutputPage.php | 10 +- includes/User.php | 78 +- includes/api/ApiMain.php | 2 +- includes/api/ApiQueryRevisions.php | 2 +- includes/installer/Installer.php | 29 +- includes/parser/CoreParserFunctions.php | 40 +- includes/parser/Parser.php | 10 + includes/resourceloader/ResourceLoader.php | 42 +- .../ResourceLoaderUserOptionsModule.php | 31 +- includes/specials/SpecialUpload.php | 9 +- includes/specials/SpecialUserlogin.php | 6 +- languages/messages/MessagesAf.php | 3 +- languages/messages/MessagesAn.php | 83 +- languages/messages/MessagesAr.php | 28 +- languages/messages/MessagesArc.php | 45 +- languages/messages/MessagesArn.php | 6 + languages/messages/MessagesAry.php | 3 +- languages/messages/MessagesArz.php | 16 +- languages/messages/MessagesAs.php | 192 ++-- languages/messages/MessagesAst.php | 439 ++++----- languages/messages/MessagesAvk.php | 3 +- languages/messages/MessagesAz.php | 43 +- languages/messages/MessagesBa.php | 81 +- languages/messages/MessagesBar.php | 30 +- languages/messages/MessagesBcc.php | 5 +- languages/messages/MessagesBcl.php | 201 +++-- languages/messages/MessagesBe.php | 3 +- languages/messages/MessagesBe_tarask.php | 81 +- languages/messages/MessagesBg.php | 19 +- languages/messages/MessagesBjn.php | 7 +- languages/messages/MessagesBn.php | 25 +- languages/messages/MessagesBr.php | 110 +-- languages/messages/MessagesBs.php | 19 +- languages/messages/MessagesCa.php | 8 +- languages/messages/MessagesCkb.php | 28 +- languages/messages/MessagesCps.php | 419 +++++---- languages/messages/MessagesCs.php | 8 +- languages/messages/MessagesCy.php | 3 +- languages/messages/MessagesDa.php | 6 +- languages/messages/MessagesDe.php | 70 +- languages/messages/MessagesDe_formal.php | 6 +- languages/messages/MessagesDiq.php | 59 +- languages/messages/MessagesDsb.php | 11 +- languages/messages/MessagesEl.php | 22 +- languages/messages/MessagesEo.php | 6 +- languages/messages/MessagesEs.php | 25 +- languages/messages/MessagesEt.php | 30 +- languages/messages/MessagesEu.php | 5 +- languages/messages/MessagesExt.php | 4 +- languages/messages/MessagesFa.php | 157 ++-- languages/messages/MessagesFi.php | 22 +- languages/messages/MessagesFo.php | 2 +- languages/messages/MessagesFr.php | 12 +- languages/messages/MessagesFrp.php | 2 +- languages/messages/MessagesFur.php | 3 +- languages/messages/MessagesGan_hans.php | 3 +- languages/messages/MessagesGan_hant.php | 3 +- languages/messages/MessagesGd.php | 62 +- languages/messages/MessagesGl.php | 59 +- languages/messages/MessagesGot.php | 2 + languages/messages/MessagesGrc.php | 3 +- languages/messages/MessagesGsw.php | 3 +- languages/messages/MessagesGu.php | 175 ++-- languages/messages/MessagesGv.php | 169 ++-- languages/messages/MessagesHe.php | 33 +- languages/messages/MessagesHi.php | 238 ++--- languages/messages/MessagesHif_latn.php | 3 +- languages/messages/MessagesHr.php | 17 +- languages/messages/MessagesHsb.php | 231 +++-- languages/messages/MessagesHu.php | 7 +- languages/messages/MessagesIa.php | 5 +- languages/messages/MessagesId.php | 11 +- languages/messages/MessagesIe.php | 3 +- languages/messages/MessagesIlo.php | 145 +-- languages/messages/MessagesIo.php | 3 +- languages/messages/MessagesIs.php | 38 +- languages/messages/MessagesIt.php | 23 +- languages/messages/MessagesJa.php | 192 ++-- languages/messages/MessagesJbo.php | 2 +- languages/messages/MessagesJv.php | 6 +- languages/messages/MessagesKa.php | 86 +- languages/messages/MessagesKaa.php | 20 +- languages/messages/MessagesKiu.php | 34 +- languages/messages/MessagesKk_arab.php | 9 +- languages/messages/MessagesKk_cyrl.php | 43 +- languages/messages/MessagesKm.php | 3 +- languages/messages/MessagesKn.php | 16 +- languages/messages/MessagesKo.php | 85 +- languages/messages/MessagesKrc.php | 3 +- languages/messages/MessagesKsh.php | 18 +- languages/messages/MessagesKu_latn.php | 3 +- languages/messages/MessagesLa.php | 9 +- languages/messages/MessagesLb.php | 26 +- languages/messages/MessagesLez.php | 208 +++-- languages/messages/MessagesLfn.php | 3 +- languages/messages/MessagesLi.php | 3 +- languages/messages/MessagesLn.php | 140 +-- languages/messages/MessagesLoz.php | 3 +- languages/messages/MessagesLt.php | 18 +- languages/messages/MessagesLv.php | 3 +- languages/messages/MessagesMai.php | 5 +- languages/messages/MessagesMap_bms.php | 764 ++++++++++++---- languages/messages/MessagesMdf.php | 3 +- languages/messages/MessagesMg.php | 3 +- languages/messages/MessagesMhr.php | 3 +- languages/messages/MessagesMk.php | 14 +- languages/messages/MessagesMl.php | 11 +- languages/messages/MessagesMn.php | 84 +- languages/messages/MessagesMr.php | 122 +-- languages/messages/MessagesMs.php | 9 +- languages/messages/MessagesMt.php | 3 +- languages/messages/MessagesMyv.php | 3 +- languages/messages/MessagesNah.php | 87 +- languages/messages/MessagesNan.php | 295 +++++-- languages/messages/MessagesNb.php | 74 +- languages/messages/MessagesNds.php | 12 +- languages/messages/MessagesNds_nl.php | 3 +- languages/messages/MessagesNe.php | 95 +- languages/messages/MessagesNl.php | 181 ++-- languages/messages/MessagesNl_informal.php | 4 +- languages/messages/MessagesNn.php | 9 +- languages/messages/MessagesNov.php | 3 +- languages/messages/MessagesNso.php | 13 +- languages/messages/MessagesOc.php | 11 +- languages/messages/MessagesOr.php | 32 +- languages/messages/MessagesOs.php | 236 +++-- languages/messages/MessagesPa.php | 380 +++++--- languages/messages/MessagesPam.php | 3 +- languages/messages/MessagesPcd.php | 3 +- languages/messages/MessagesPdc.php | 57 +- languages/messages/MessagesPfl.php | 3 +- languages/messages/MessagesPl.php | 20 +- languages/messages/MessagesPms.php | 54 +- languages/messages/MessagesPnb.php | 512 +++++------ languages/messages/MessagesPnt.php | 3 +- languages/messages/MessagesPrg.php | 5 +- languages/messages/MessagesPs.php | 16 +- languages/messages/MessagesPt.php | 31 +- languages/messages/MessagesPt_br.php | 15 +- languages/messages/MessagesQqq.php | 38 +- languages/messages/MessagesQu.php | 3 +- languages/messages/MessagesRm.php | 27 +- languages/messages/MessagesRo.php | 58 +- languages/messages/MessagesRoa_tara.php | 3 +- languages/messages/MessagesRu.php | 321 +++---- languages/messages/MessagesRue.php | 3 +- languages/messages/MessagesSa.php | 2 +- languages/messages/MessagesSah.php | 21 +- languages/messages/MessagesScn.php | 5 +- languages/messages/MessagesSd.php | 4 +- languages/messages/MessagesSdc.php | 3 +- languages/messages/MessagesSe.php | 46 +- languages/messages/MessagesSei.php | 3 +- languages/messages/MessagesSgs.php | 3 +- languages/messages/MessagesSh.php | 17 +- languages/messages/MessagesSi.php | 5 +- languages/messages/MessagesSk.php | 13 +- languages/messages/MessagesSli.php | 673 +++++++------- languages/messages/MessagesSo.php | 74 +- languages/messages/MessagesSq.php | 7 +- languages/messages/MessagesSr_ec.php | 831 +++++++++--------- languages/messages/MessagesSr_el.php | 829 +++++++++-------- languages/messages/MessagesSrn.php | 3 +- languages/messages/MessagesStq.php | 4 +- languages/messages/MessagesSu.php | 24 +- languages/messages/MessagesSv.php | 5 +- languages/messages/MessagesSw.php | 9 +- languages/messages/MessagesSzl.php | 8 +- languages/messages/MessagesTa.php | 132 +-- languages/messages/MessagesTcy.php | 12 +- languages/messages/MessagesTe.php | 43 +- languages/messages/MessagesTg_cyrl.php | 5 +- languages/messages/MessagesTg_latn.php | 5 +- languages/messages/MessagesTh.php | 45 +- languages/messages/MessagesTk.php | 3 +- languages/messages/MessagesTl.php | 3 +- languages/messages/MessagesTpi.php | 5 +- languages/messages/MessagesTr.php | 53 +- languages/messages/MessagesTyv.php | 129 ++- languages/messages/MessagesUdm.php | 2 +- languages/messages/MessagesUg_arab.php | 7 +- languages/messages/MessagesUz.php | 7 +- languages/messages/MessagesVec.php | 3 +- languages/messages/MessagesVep.php | 41 +- languages/messages/MessagesVi.php | 13 +- languages/messages/MessagesVo.php | 4 +- languages/messages/MessagesVro.php | 5 +- languages/messages/MessagesWar.php | 705 +++++++++++---- languages/messages/MessagesWo.php | 2 +- languages/messages/MessagesXmf.php | 5 +- languages/messages/MessagesYi.php | 25 +- languages/messages/MessagesYo.php | 17 +- languages/messages/MessagesYue.php | 3 +- languages/messages/MessagesZh_hans.php | 27 +- languages/messages/MessagesZh_hant.php | 33 +- maintenance/tests/parser/parserTests.txt | 81 ++ 201 files changed, 7684 insertions(+), 5280 deletions(-) create mode 100644 includes/CryptRand.php diff --git a/RELEASE-NOTES b/RELEASE-NOTES index b5a1c2cc..c5781a44 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -3,32 +3,11 @@ Security reminder: MediaWiki does not require PHP's register_globals setting since version 1.2.0. If you have it on, turn it '''off''' if you can. -== MediaWiki 1.17.2 == -2012-01-11 +== MediaWiki 1.17.3 == +2012-03-21 This a maintenance and security release of the MediaWiki 1.17 branch. -=== Security changes === -* (bug 33117) prop=revisions allows deleted text to be exposed through cache pollution. - -=== Changes since 1.17.1 === -* (bug 32709) Private Wiki users were always taken to Special:Badtitle on login. - -== MediaWiki 1.17.1 == - -2011-11-24 - -This a maintenance and security release of the MediaWiki 1.17 branch. - -=== Security changes === -* (bug 32276) Skins were generating output using the internal page title which - would allow anonymous users to determine wheter a page exists, potentially - leaking private data. In fact, the curid and oldid request parameters would - allow page titles to be enumerated even when they are not guessable. -* (bug 32616) action=ajax requests were dispatched to the relevant internal - functions without any read permission checks being done. This could lead to - data leakage on private wikis. - === Summary of selected changes in 1.17 === Selected changes since MediaWiki 1.16 that may be of interest: @@ -56,6 +35,20 @@ Selected changes since MediaWiki 1.16 that may be of interest: * The lowest supported version of PHP is now 5.2.3. If necessary, please upgrade PHP prior to upgrading MediaWiki. +=== Changes since 1.17.2 === + +* (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in + core parser functions which operate on strings, such as padleft. +* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token + parameter present. +* (bug 34907) Fixed exposure of tokens through load.php that could have facilitated + CSRF attacks. +* (bug 35317) CSRF in Special:Upload. + +=== Changes since 1.17.1 === +* (bug 33117) prop=revisions allows deleted text to be exposed through cache pollution. +* (bug 32709) Private Wiki users were always taken to Special:Badtitle on login. + === Changes since 1.17.0 === * (bug 29535) Added missing Creative Commons CC0 icon. @@ -89,6 +82,13 @@ Selected changes since MediaWiki 1.16 that may be of interest: * Hardcoded NLS_NUMERIC_CHARACTERS for Oracle DB to prevent type conversion errors. * Fixed recentchanges FK violation on page delete and cache purge error in updater for Oracle DB. +* (bug 32276) Skins were generating output using the internal page title which + would allow anonymous users to determine wheter a page exists, potentially + leaking private data. In fact, the curid and oldid request parameters would + allow page titles to be enumerated even when they are not guessable. +* (bug 32616) action=ajax requests were dispatched to the relevant internal + functions without any read permission checks being done. This could lead to + data leakage on private wikis. === Changes since 1.17.0rc1 === diff --git a/includes/AutoLoader.php b/includes/AutoLoader.php index 347ed694..d423a304 100644 --- a/includes/AutoLoader.php +++ b/includes/AutoLoader.php @@ -167,6 +167,7 @@ $wgAutoloadLocalClasses = array( 'MessageBlobStore' => 'includes/MessageBlobStore.php', 'MessageCache' => 'includes/MessageCache.php', 'MimeMagic' => 'includes/MimeMagic.php', + 'MWCryptRand' => 'includes/CryptRand.php', 'MWException' => 'includes/Exception.php', 'MWHttpRequest' => 'includes/HttpFunctions.php', 'MWMemcached' => 'includes/memcached-client.php', diff --git a/includes/CryptRand.php b/includes/CryptRand.php new file mode 100644 index 00000000..10f379cb --- /dev/null +++ b/includes/CryptRand.php @@ -0,0 +1,463 @@ + $v ) { + if ( is_numeric( $k ) ) { + unset( $k ); + } + } + // The absolute filename itself will differ from install to install so don't leave it out + $state .= realpath( $file ); + $state .= implode( '', $stat ); + } else { + // The fact that the file isn't there is worth at least a + // minuscule amount of entropy. + $state .= '0'; + } + } + + // Try and make this a little more unstable by including the varying process + // id of the php process we are running inside of if we are able to access it + if ( function_exists( 'getmypid' ) ) { + $state .= getmypid(); + } + + // If available try to increase the instability of the data by throwing in + // the precise amount of memory that we happen to be using at the moment. + if ( function_exists( 'memory_get_usage' ) ) { + $state .= memory_get_usage( true ); + } + + // It's mostly worthless but throw the wiki's id into the data for a little more variance + $state .= wfWikiID(); + + // If we have a secret key or proxy key set then throw it into the state as well + global $wgSecretKey, $wgProxyKey; + if ( $wgSecretKey ) { + $state .= $wgSecretKey; + } elseif ( $wgProxyKey ) { + $state .= $wgProxyKey; + } + + return $state; + } + + /** + * Randomly hash data while mixing in clock drift data for randomness + * + * @param $data The data to randomly hash. + * @return String The hashed bytes + * @author Tim Starling + */ + protected function driftHash( $data ) { + // Minimum number of iterations (to avoid slow operations causing the loop to gather little entropy) + $minIterations = self::MIN_ITERATIONS; + // Duration of time to spend doing calculations (in seconds) + $duration = ( self::MSEC_PER_BYTE / 1000 ) * $this->hashLength(); + // Create a buffer to use to trigger memory operations + $bufLength = 10000000; + $buffer = str_repeat( ' ', $bufLength ); + $bufPos = 0; + + // Iterate for $duration seconds or at least $minIerations number of iterations + $iterations = 0; + $startTime = microtime( true ); + $currentTime = $startTime; + while ( $iterations < $minIterations || $currentTime - $startTime < $duration ) { + // Trigger some memory writing to trigger some bus activity + // This may create variance in the time between iterations + $bufPos = ( $bufPos + 13 ) % $bufLength; + $buffer[$bufPos] = ' '; + // Add the drift between this iteration and the last in as entropy + $nextTime = microtime( true ); + $delta = (int)( ( $nextTime - $currentTime ) * 1000000 ); + $data .= $delta; + // Every 100 iterations hash the data and entropy + if ( $iterations % 100 === 0 ) { + $data = sha1( $data ); + } + $currentTime = $nextTime; + $iterations++; + } + $timeTaken = $currentTime - $startTime; + $data = $this->hash( $data ); + + wfDebug( __METHOD__ . ": Clock drift calculation " . + "(time-taken=" . ( $timeTaken * 1000 ) . "ms, " . + "iterations=$iterations, " . + "time-per-iteration=" . ( $timeTaken / $iterations * 1e6 ) . "us)\n" ); + return $data; + } + + /** + * Return a rolling random state initially build using data from unstable sources + * @return A new weak random state + */ + protected function randomState() { + static $state = null; + if ( is_null( $state ) ) { + // Initialize the state with whatever unstable data we can find + // It's important that this data is hashed right afterwards to prevent + // it from being leaked into the output stream + $state = $this->hash( $this->initialRandomState() ); + } + // Generate a new random state based on the initial random state or previous + // random state by combining it with clock drift + $state = $this->driftHash( $state ); + return $state; + } + + /** + * Decide on the best acceptable hash algorithm we have available for hash() + * @return String A hash algorithm + */ + protected function hashAlgo() { + if ( !is_null( $this->algo ) ) { + return $this->algo; + } + + $algos = hash_algos(); + $preference = array( 'whirlpool', 'sha256', 'sha1', 'md5' ); + + foreach ( $preference as $algorithm ) { + if ( in_array( $algorithm, $algos ) ) { + $this->algo = $algorithm; + wfDebug( __METHOD__ . ": Using the {$this->algo} hash algorithm.\n" ); + return $this->algo; + } + } + + // We only reach here if no acceptable hash is found in the list, this should + // be a technical impossibility since most of php's hash list is fixed and + // some of the ones we list are available as their own native functions + // But since we already require at least 5.2 and hash() was default in + // 5.1.2 we don't bother falling back to methods like sha1 and md5. + throw new MWException( "Could not find an acceptable hashing function in hash_algos()" ); + } + + /** + * Return the byte-length output of the hash algorithm we are + * using in self::hash and self::hmac. + * + * @return int Number of bytes the hash outputs + */ + protected function hashLength() { + if ( is_null( $this->hashLength ) ) { + $this->hashLength = strlen( $this->hash( '' ) ); + } + return $this->hashLength; + } + + /** + * Generate an acceptably unstable one-way-hash of some text + * making use of the best hash algorithm that we have available. + * + * @return String A raw hash of the data + */ + protected function hash( $data ) { + return hash( $this->hashAlgo(), $data, true ); + } + + /** + * Generate an acceptably unstable one-way-hmac of some text + * making use of the best hash algorithm that we have available. + * + * @return String A raw hash of the data + */ + protected function hmac( $data, $key ) { + return hash_hmac( $this->hashAlgo(), $data, $key, true ); + } + + /** + * @see self::wasStrong() + */ + public function realWasStrong() { + if ( is_null( $this->strong ) ) { + throw new MWException( __METHOD__ . ' called before generation of random data' ); + } + return $this->strong; + } + + /** + * @see self::generate() + */ + public function realGenerate( $bytes, $forceStrong = false ) { + wfProfileIn( __METHOD__ ); + + wfDebug( __METHOD__ . ": Generating cryptographic random bytes for " . wfGetAllCallers( 5 ) . "\n" ); + + $bytes = floor( $bytes ); + static $buffer = ''; + if ( is_null( $this->strong ) ) { + // Set strength to false initially until we know what source data is coming from + $this->strong = true; + } + + if ( strlen( $buffer ) < $bytes ) { + // If available make use of mcrypt_create_iv URANDOM source to generate randomness + // On unix-like systems this reads from /dev/urandom but does it without any buffering + // and bypasses openbasdir restrictions so it's preferable to reading directly + // On Windows starting in PHP 5.3.0 Windows' native CryptGenRandom is used to generate + // entropy so this is also preferable to just trying to read urandom because it may work + // on Windows systems as well. + if ( function_exists( 'mcrypt_create_iv' ) ) { + wfProfileIn( __METHOD__ . '-mcrypt' ); + $rem = $bytes - strlen( $buffer ); + $iv = mcrypt_create_iv( $rem, MCRYPT_DEV_URANDOM ); + if ( $iv === false ) { + wfDebug( __METHOD__ . ": mcrypt_create_iv returned false.\n" ); + } else { + $bytes .= $iv; + wfDebug( __METHOD__ . ": mcrypt_create_iv generated " . strlen( $iv ) . " bytes of randomness.\n" ); + } + wfProfileOut( __METHOD__ . '-mcrypt' ); + } + } + + if ( strlen( $buffer ) < $bytes ) { + // If available make use of openssl's random_pesudo_bytes method to attempt to generate randomness. + // However don't do this on Windows with PHP < 5.3.4 due to a bug: + // http://stackoverflow.com/questions/1940168/openssl-random-pseudo-bytes-is-slow-php + if ( function_exists( 'openssl_random_pseudo_bytes' ) + && ( !wfIsWindows() || version_compare( PHP_VERSION, '5.3.4', '>=' ) ) + ) { + wfProfileIn( __METHOD__ . '-openssl' ); + $rem = $bytes - strlen( $buffer ); + $openssl_bytes = openssl_random_pseudo_bytes( $rem, $openssl_strong ); + if ( $openssl_bytes === false ) { + wfDebug( __METHOD__ . ": openssl_random_pseudo_bytes returned false.\n" ); + } else { + $buffer .= $openssl_bytes; + wfDebug( __METHOD__ . ": openssl_random_pseudo_bytes generated " . strlen( $openssl_bytes ) . " bytes of " . ( $openssl_strong ? "strong" : "weak" ) . " randomness.\n" ); + } + if ( strlen( $buffer ) >= $bytes ) { + // openssl tells us if the random source was strong, if some of our data was generated + // using it use it's say on whether the randomness is strong + $this->strong = !!$openssl_strong; + } + wfProfileOut( __METHOD__ . '-openssl' ); + } + } + + // Only read from urandom if we can control the buffer size or were passed forceStrong + if ( strlen( $buffer ) < $bytes && ( function_exists( 'stream_set_read_buffer' ) || $forceStrong ) ) { + wfProfileIn( __METHOD__ . '-fopen-urandom' ); + $rem = $bytes - strlen( $buffer ); + if ( !function_exists( 'stream_set_read_buffer' ) && $forceStrong ) { + wfDebug( __METHOD__ . ": Was forced to read from /dev/urandom without control over the buffer size.\n" ); + } + // /dev/urandom is generally considered the best possible commonly + // available random source, and is available on most *nix systems. + wfSuppressWarnings(); + $urandom = fopen( "/dev/urandom", "rb" ); + wfRestoreWarnings(); + + // Attempt to read all our random data from urandom + // php's fread always does buffered reads based on the stream's chunk_size + // so in reality it will usually read more than the amount of data we're + // asked for and not storing that risks depleting the system's random pool. + // If stream_set_read_buffer is available set the chunk_size to the amount + // of data we need. Otherwise read 8k, php's default chunk_size. + if ( $urandom ) { + // php's default chunk_size is 8k + $chunk_size = 1024 * 8; + if ( function_exists( 'stream_set_read_buffer' ) ) { + // If possible set the chunk_size to the amount of data we need + stream_set_read_buffer( $urandom, $rem ); + $chunk_size = $rem; + } + $random_bytes = fread( $urandom, max( $chunk_size, $rem ) ); + $buffer .= $random_bytes; + fclose( $urandom ); + wfDebug( __METHOD__ . ": /dev/urandom generated " . strlen( $random_bytes ) . " bytes of randomness.\n" ); + if ( strlen( $buffer ) >= $bytes ) { + // urandom is always strong, set to true if all our data was generated using it + $this->strong = true; + } + } else { + wfDebug( __METHOD__ . ": /dev/urandom could not be opened.\n" ); + } + wfProfileOut( __METHOD__ . '-fopen-urandom' ); + } + + // If we cannot use or generate enough data from a secure source + // use this loop to generate a good set of pseudo random data. + // This works by initializing a random state using a pile of unstable data + // and continually shoving it through a hash along with a variable salt. + // We hash the random state with more salt to avoid the state from leaking + // out and being used to predict the /randomness/ that follows. + if ( strlen( $buffer ) < $bytes ) { + wfDebug( __METHOD__ . ": Falling back to using a pseudo random state to generate randomness.\n" ); + } + while ( strlen( $buffer ) < $bytes ) { + wfProfileIn( __METHOD__ . '-fallback' ); + $buffer .= $this->hmac( $this->randomState(), mt_rand() ); + // This code is never really cryptographically strong, if we use it + // at all, then set strong to false. + $this->strong = false; + wfProfileOut( __METHOD__ . '-fallback' ); + } + + // Once the buffer has been filled up with enough random data to fulfill + // the request shift off enough data to handle the request and leave the + // unused portion left inside the buffer for the next request for random data + $generated = substr( $buffer, 0, $bytes ); + $buffer = substr( $buffer, $bytes ); + + wfDebug( __METHOD__ . ": " . strlen( $buffer ) . " bytes of randomness leftover in the buffer.\n" ); + + wfProfileOut( __METHOD__ ); + return $generated; + } + + /** + * @see self::generateHex() + */ + public function realGenerateHex( $chars, $forceStrong = false ) { + // hex strings are 2x the length of raw binary so we divide the length in half + // odd numbers will result in a .5 that leads the generate() being 1 character + // short, so we use ceil() to ensure that we always have enough bytes + $bytes = ceil( $chars / 2 ); + // Generate the data and then convert it to a hex string + $hex = bin2hex( $this->generate( $bytes, $forceStrong ) ); + // A bit of paranoia here, the caller asked for a specific length of string + // here, and it's possible (eg when given an odd number) that we may actually + // have at least 1 char more than they asked for. Just in case they made this + // call intending to insert it into a database that does truncation we don't + // want to give them too much and end up with their database and their live + // code having two different values because part of what we gave them is truncated + // hence, we strip out any run of characters longer than what we were asked for. + return substr( $hex, 0, $chars ); + } + + /** Publicly exposed static methods **/ + + /** + * Return a singleton instance of MWCryptRand + */ + protected static function singleton() { + if ( is_null( self::$singleton ) ) { + self::$singleton = new self; + } + return self::$singleton; + } + + /** + * Return a boolean indicating whether or not the source used for cryptographic + * random bytes generation in the previously run generate* call + * was cryptographically strong. + * + * @return bool Returns true if the source was strong, false if not. + */ + public static function wasStrong() { + return self::singleton()->realWasStrong(); + } + + /** + * Generate a run of (ideally) cryptographically random data and return + * it in raw binary form. + * You can use MWCryptRand::wasStrong() if you wish to know if the source used + * was cryptographically strong. + * + * @param $bytes int the number of bytes of random data to generate + * @param $forceStrong bool Pass true if you want generate to prefer cryptographically + * strong sources of entropy even if reading from them may steal + * more entropy from the system than optimal. + * @return String Raw binary random data + */ + public static function generate( $bytes, $forceStrong = false ) { + return self::singleton()->realGenerate( $bytes, $forceStrong ); + } + + /** + * Generate a run of (ideally) cryptographically random data and return + * it in hexadecimal string format. + * You can use MWCryptRand::wasStrong() if you wish to know if the source used + * was cryptographically strong. + * + * @param $chars int the number of hex chars of random data to generate + * @param $forceStrong bool Pass true if you want generate to prefer cryptographically + * strong sources of entropy even if reading from them may steal + * more entropy from the system than optimal. + * @return String Hexadecimal random data + */ + public static function generateHex( $chars, $forceStrong = false ) { + return self::singleton()->realGenerateHex( $chars, $forceStrong ); + } + +} diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 883f1b46..92fcc16b 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -34,7 +34,7 @@ if ( !defined( 'MW_PHP4' ) ) { /** @endcond */ /** MediaWiki version number */ -$wgVersion = '1.17.2'; +$wgVersion = '1.17.3'; /** Name of the site. It must be changed in LocalSettings.php */ $wgSitename = 'MediaWiki'; @@ -2413,13 +2413,6 @@ $wgResourceLoaderMaxage = array( ), ); -/** - * Whether to embed private modules inline with HTML output or to bypass - * caching and check the user parameter against $wgUser to prevent - * unauthorized access to private modules. - */ -$wgResourceLoaderInlinePrivateModules = true; - /** * The default debug mode (on/off) for of ResourceLoader requests. This will still * be overridden when the debug URL parameter is used. diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php index 2c35568b..5d86001c 100644 --- a/includes/GlobalFunctions.php +++ b/includes/GlobalFunctions.php @@ -3037,6 +3037,33 @@ function wfHttpOnlySafe() { return true; } +/** + * Override session_id before session startup if php's built-in + * session generation code is not secure. + */ +function wfFixSessionID() { + // If the cookie or session id is already set we already have a session and should abort + if ( isset( $_COOKIE[ session_name() ] ) || session_id() ) { + return; + } + + // PHP's built-in session entropy is enabled if: + // - entropy_file is set or you're on Windows with php 5.3.3+ + // - AND entropy_length is > 0 + // We treat it as disabled if it doesn't have an entropy length of at least 32 + $entropyEnabled = ( + ( wfIsWindows() && version_compare( PHP_VERSION, '5.3.3', '>=' ) ) + || ini_get( 'session.entropy_file' ) + ) + && intval( ini_get( 'session.entropy_length' ) ) >= 32; + + // If built-in entropy is not enabled or not sufficient override php's built in session id generation code + if ( !$entropyEnabled ) { + wfDebug( __METHOD__ . ": PHP's built in entropy is disabled or not sufficient, overriding session id generation using our cryptrand source.\n" ); + session_id( MWCryptRand::generateHex( 32 ) ); + } +} + /** * Initialise php session */ @@ -3068,6 +3095,8 @@ function wfSetupSession( $sessionId = false ) { session_cache_limiter( 'private, must-revalidate' ); if ( $sessionId ) { session_id( $sessionId ); + } else { + wfFixSessionID(); } wfSuppressWarnings(); session_start(); diff --git a/includes/OutputPage.php b/includes/OutputPage.php index 3a0be7bc..207af21d 100644 --- a/includes/OutputPage.php +++ b/includes/OutputPage.php @@ -2340,8 +2340,7 @@ class OutputPage { * @return string html