| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
* removed useless ?>
* removed useless inclusion of DatbaseFunctions.php
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/43222
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Doxygen documentation update:
* Changed alls @addtogroup to @ingroup. @addtogroup adds the comment to the group description, but doesn't add the file, class, function, ... to the group like @ingroup does. See for example http://svn.wikimedia.org/doc/group__SpecialPage.html where it's impossible to see related files, classes, ... that should belong to that group.
* Added @file to file description, it seems that it should be explicitely decalred for file descriptions, otherwise doxygen will think that the comment document the first class, variabled, function, ... that is in that file.
* Removed some empty comments
* Removed some ?>
Added following groups:
* ExternalStorage
* JobQueue
* MaintenanceLanguage
One more thing: there are still a lot of warnings when generating the doc.
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/35098
|
| |
|
|
| |
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/32318
|
| |
|
|
| |
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/32314
|
| |
|
|
| |
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/31330
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to forestall additional UTF-7-autodetect XSS issues. Probably not an
issue on Apache 2.0+, but most servers send only 'text/html' by default
when the script didn't specify more details.
This fixes an issue with the Ajax interface error message on MSIE when
$wgUseAjax is enabled (not default configuration); this UTF-7 variant
on a previously fixed attack vector was discovered by Moshe BA from BugSec:
http://www.bugsec.com/articles.php?Security=24
* Trackback responses now specify XML content type
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/20007
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
directives.
This can be done either by:
* Using explicit full paths, using the $IP global for the installation directory full path, and then working down the tree from there.
* Using explicit full paths, using the "dirname(__FILE__)" directive to get a full directory path for the includer file.
* Occasionally removing the line altogether, and then for some files the inclusion is handled by the autoloader.
For example, if the "extensions/wikihiero/wh_main.php" file does an include or require on "wh_list.php", then PHP does the following:
* tries to open "wiki/wh_list.php", and fails.
* tries to open "wiki/includes/wh_list.php", and fails.
* tries to open "wiki/languages/wh_list.php", and fails.
* tries to open "wiki/extensions/wikihiero/wh_list.php", and succeeds.
So in this example, the first 3 calls can be prevented if PHP is told where the file is.
Testing Method: On a Linux box, run these commands to attach strace to all the apache2 processes, and log their system calls to a temporary file, then generate some activity, and then stop the strace:
-----------------------------------
rm /tmp/strace-log.txt
strace -tt -o /tmp/strace-log.txt -p `pidof apache2 | sed 's/ / -p /g'` &
php maintenance/fuzz-tester.php --keep-passed-tests --include-binary --max-runtime=3 > /tmp/strace-tests.txt
killall -9 strace
grep "No such file or directory" /tmp/strace-log.txt | sort -u
-----------------------------------
Any failed file stats will be marked with: "-1 ENOENT (No such file or directory)".
Also:
* Strict Standards: Undefined offset: 230 in includes/normal/UtfNormal.php on line 637
* Strict Standards: iconv() [<a href='function.iconv'>function.iconv</a>]: Detected an illegal character in input string in languages/Language.php on line 776
[Note: Partial only - despite adding "//IGNORE", it still seems to be possible with some
messed- up binary input to cause PHP 5.1.2's iconv() function to squeal like a stuck pig].
* Update one $fname variable (method belongs to HistoryBlobStub class).
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/19835
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Convert "$dbw =& wfGetDB( DB_MASTER );" --> "$dbw = wfGetDB( DB_MASTER );"
* convert "$skin =& $wgUser->getSkin();" --> "$skin = $wgUser->getSkin();"
For the time being have not changed the function definitions of wfGetDB() or User::getSkin() [i.e. they are still both return-by-ref], so as to ensure the interface does not change for extensions [some of which may still be trying to run on PHP4 environments]. However presumably at some point this can be changed too.
Also includes tiny tweak to newlines in parserTests - will show 1 rather than 2 newlines between the "Reading tests from" strings when in quiet mode.
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/19598
|
| |
|
|
| |
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/19502
|
| |
|
|
|
|
|
| |
trackback.php with bad input
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/16451
|
| |
|
|
|
|
|
| |
profiling setup to a hook file "StartProfiler.php", following Brion's suggestion to merge Wikimedia's early profiling patch into subversion. Renamed Profiling.php and logProfilingData(), removed unnecessary wfProfileClose() calls.
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/15605
|
| |
|
|
| |
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/14658
|
| |
|
|
|
|
|
| |
will have to investigate (or ask nicely Tim to help there)
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/14640
|
| |
|
|
| |
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/14636
|
| |
|
|
| |
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/13184
|
| |
|
|
|
|
|
| |
to the shell to return nonzero when we crap out with an error.
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/12660
|
| |
|
|
|
|
|
| |
vulnerability
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/11598
|
| |
|
|
| |
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/10255
|
|
|
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/10252
|
