MediaWiki 1.4.5 is a security update and bugfix release.
Incorrect handling of page template inclusions made it possible to
inject JavaScript code into HTML attributes, which could lead to
cross-site scripting attacks on a publicly editable wiki.
Vulnerable releases and fix:
* 1.5 prerelease: fixed in 1.5alpha2
* 1.4 stable series: fixed in 1.4.5
* 1.3 legacy series: fixed in 1.3.13
* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended
This release also includes a number of bug fixes (see changelog below)
and merges some large-server load balancing patches from Wikipedia.
An experimental rate limiter for page edits and moves can be enabled
with global, per-IP, per-subnet, or per-user bases. See configuration
options in includes/DefaultSettings.php
=== Changes since 1.4.4 ===
* Fix for reading incorrectly re-gzipped HistoryBlob entries
* Generalize project namespace for Latin localization, update namespaces
* (bug 2075) Corrected namespace definitions in Tamil localization
* (bug 1692) Fix margin on unwatch tab
* Avoid overwriting shared image metadata cache with bogus encoding
conversions
* Fix reporting of minor edits in Special:Export output
* (bug 2150) Fix tab indexes on edit form
* Run ArticleSave hooks on image upload.
* (bug 2239) Fix non-ASCII chars in linktrail for Latin-1 mode
* (bug 1454) Backport edit/move rate limiter from CVS HEAD (experimental)
* (bug 1929) Fix documentation comment for $wgWhitelistRead
* (bug 1975) The name for Limburgish (li) changed from "Lèmburgs" to
"Limburgs"
* (bug 2019) Wrapped the output of Special:Version in <div dir='ltr'> in
order to preserve the correct flow of text on RTL wikis.
* (bug 2084) Fixed a regular expression in includes/Title.php that was
accepting invalid syntax like #REDIRECT [[foo] in redirects
* (bug 2087) Fixed a bug in special page handling which which stopped
"0" from
* (bug 2094) Multiple use of a template produced wrong results in some
cases being passed to all special pages Special:Page/0 syntax.
* Fixed a bug in Special:Allpages, Special:Contributions,
Special:Whatlinkshere, Special:Recentchangeslinked and
Special:Emailuser, they all mishandled being passed "0" with the
Special:Page/0 syntax (unrelated to bug 2087), this either required a
workaround in the form of passing "0" as a GET value or blocked the user
from passing that value at all.
* Fixed a bug in Special:Newimages that made it impossible to search for '0'
* (bug 2217) Negative ISO years were incorrectly converted to BC notation.
* (bug 2267) Don't generate thumbnail at the same size as the source image.
* Disable fulltext image name search in Special:Imagelist during MiserMode.
* Fix sorting of profiling output in debug log: largest last for easy
tailing
* (bug 2281) Fix regression with page moves taking the wrong talk pages
* Regression fix: watchlist day cutoff
* (bug 2173) Fatal error when removing an article with an empty title
from the watchlist
* (bug 2034) Armor HTML attributes against template inclusion and links
munging
Release notes:
http://sourceforge.net/project/shownotes.php?release_id=332231
Download:
http://prdownloads.sf.net/wikipedia/mediawiki-1.4.5.tar.gz?download
Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikipedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
-- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MediaWiki 1.3.13 is a security maintenance release.
Incorrect handling of page template inclusions made it possible to
inject JavaScript code into HTML attributes, which could lead to
cross-site scripting attacks on a publicly editable wiki.
Vulnerable releases and fix:
* 1.5 prerelease: fixed in 1.5alpha2
* 1.4 stable series: fixed in 1.4.5
* 1.3 legacy series: fixed in 1.3.13
* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended
The 1.3.x series is no longer maintained except for security fixes;
new users and those seeking general bug fixes should install 1.4.5.
Existing 1.3.x installations not willing or able to upgrade to the
current stable relase should update the installation to 1.3.13; only
includes/Parser.php has changed from 1.3.12.
Release notes:
http://sourceforge.net/project/shownotes.php?release_id=332230
Download:
http://prdownloads.sf.net/wikipedia/mediawiki-1.3.13.tar.gz?download
Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikipedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCoHbQwRnhpk1wk44RArfFAJ924sPPqqy14sfDPOlVVF/zq3m9AwCfaTKY
/C1EiL5nXaEou/aJNTqsdI8=
=6HE3
-----END PGP SIGNATURE-----
It may be exactly like that, which is why I was hoping there
would be a facility. I *assumed* that the media link would work for
mp3s or oggs (as documented) and attempt to play them. I don't want
anything to happen to the tarball except that it get downloaded. If
I use the media link on an arbitrary file (say, one that ends in .tar
or .tgz :-) ) would it just download the file?
Scott Emery
emery(a)nas.nasa.gov
> Scott T. Emery wrote:
> > Mediawiki is really fun and easy to use. I think my initial
> > issues with it are all resolved. There is one small task I would like
> > to do using mediawiki, but it may be outside its baliwick. I want to
> > embed a tarball in a wiki page for download using syntax similar to
> > the image and media file links. This would be a sort of "arbitrary
> > file link" which would download the file for processing on the remote
> > computer.
>
> I'm not sure how this is supposed to be different from uploading a file
> and using a media link, as already supported...?
>
> -- brion vibber (brion @ pobox.com)
>
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l(a)Wikimedia.org
> http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
>
I just read about the google sitemaps. This might be worth to support
in mediawiki:
http://googleblog.blogspot.com/2005/06/webmaster-friendly.html
I have written a quick script to create a sitemap from the cur table
in the xml format google expects and will see if it makes any
difference.
might be good for wikipedia too, I don't know how good google is
spidering wikipedia at the moment.
christof
--
Christof Damian
christof(a)damian.net
[Resurrecting old unanswered question]
I'm attempting to change the login message. I edited MediaWiki:Login prompt as I was advised by Brion, but the edits do not appear on Special:Userlogin... not by normally logging in, nor by directly navigating to Special:Userlogin
What have I done wrong? How can I make this change appear?
Thanks,
Carlton
> -----Original Message-----
> From: mediawiki-l-bounces(a)Wikimedia.org
> [mailto:mediawiki-l-bounces@Wikimedia.org]On Behalf Of Brion Vibber
> Sent: Monday, April 25, 2005 6:43 PM
> To: MediaWiki announcements and site admin list
> Subject: Re: [Mediawiki-l] Disabling account creation
>
>
> Carlton B wrote:
> > Thanks Brion... still having problems though.
> > The text of [[MediaWiki:Loginprompt]] is: "You must have
> cookies enabled
> > to log in to Takipedia."
> > I need to change that, but it doesn't hide the fields that a
> user could use
> > to create a new account.
>
> If you have set $wgWhitelistAccount to disable user account creation,
> those form controls will not be shown.
>
> Also make sure you're looking at the page as an anonymous user to
> confirm you're looking at the correct display.
>
> > Is Special:Userlogin the page to edit, and if so, how is it
> possible to edit
> > it? Even when logged in as a sysop, this page has no edit tabs.
>
> There is not a page Special:Userlogin that you can edit; it's generated
> by code. All the interface text on the special pages comes from the
> language-specific messages, which are imported into the database at
> install time and are editable as the various MediaWiki: pages. These are
> all listed at Special:Allmessages.
>
> If you really, really need to change the layout of Special:Userlogin,
> take a look at includes/templates/Userlogin.php. However I don't think
> you need to touch anything in there to do what you've asked about.
>
> -- brion vibber (brion @ pobox.com)
>
Mediawiki is really fun and easy to use. I think my initial
issues with it are all resolved. There is one small task I would like
to do using mediawiki, but it may be outside its baliwick. I want to
embed a tarball in a wiki page for download using syntax similar to
the image and media file links. This would be a sort of "arbitrary
file link" which would download the file for processing on the remote
computer.
I would like to embed tarballs in a mediawiki page and make them
available for download. While what I mean appears obvious to me, I will take
a moment to explain exactly what I want to happen.
Upload file
I want to upload the tarball, just like I currently do .jpg
and .png files and have them "go somewhere".
Link into wiki
I want to link the tarball into mediawiki with a syntax similar
to web links.
[file:ball.tar ball distribution]
I want the above to show "ball distribution" as highlighted text in the
wiki.
download tarball
I want to be able to click on "ball distribution" above and download
the ball.tar file using either http or ftp.
I could accomplish an equivalent of the above by linking to a web server
from inside the wiki, but I would like to do this using the wiki software
itself.
Perhaps this is an abuse of wikis in general or perhaps this is outside
the boundries of mediawiki's target design. Or maybe it's already implemented
and I didn't notice... :-). It would be helpful, but I will find some other
way to do what I need if it can't be done in mediawiki.
Hi
Is there any English version for this article?
-Munish
> -----Original Message-----
> From: mediawiki-l-bounces(a)Wikimedia.org
> [mailto:mediawiki-l-bounces@Wikimedia.org]On Behalf Of ext Dori
> Sent: Thursday, June 02. 2005 15:51
> To: MediaWiki announcements and site admin list
> Subject: Re: [Mediawiki-l] Is there some tool to convert HTML text to
> Wikitextautomatically
>
>
> On 6/2/05, Ext-Munish.Mittal(a)nokia.com
> <Ext-Munish.Mittal(a)nokia.com> wrote:
> >
> > Hi
> >
> > First I would like to thank you all guys for providing
> quick solutions to
> > all my questions.
> >
> > Now I am facing a new problem and I am sure someone will
> come up with a
> > solution for this too :-)
> >
> > I have requirement in which I have to convert MSWord format to
> > Wikitext.For this I first convert it to HTML which is quite easy.
> > Then I need to convert HTML to wikitext.Is
<http://wikitext.Is> there any
> way to do it?
Have you tried this macro to convert directly from Microsoft Word?
http://www.homeopathy.at/wiki/index.php/Word2Wiki
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)Wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Hi everybody:
I am building a community site using MediaWiki and have a couple of
questions:
1) How do I protect, or preferably lock, the main page from user editing?
I've looked through the user guide and have yet to find a how-to on that
specifically.
2) How do I make the search tool in the left column function like the one
in Wikipedia? I would like searchers to get an "Editing (search terms)"
result instead of "No Page Found" as is happening now.
Any help would be greatly appreciated.
Thanks,
Alison :-)
----- Original Message -----
From: <mediawiki-l-request(a)Wikimedia.org>
To: <alorraineguard-registrations(a)yahoo.com>
1) How do I protect, or preferably lock, the main page from user editing?
I've looked through the user guide and have yet to find a how-to on that
specifically.
As as admin "protect" the page via the MediaWiki interface.
al.
-----Original Message-----
From: Alison Lorraine [mailto:alisonlorraine@yahoo.com]
Sent: Wednesday, June 01, 2005 5:13 PM
To: mediawiki-l(a)Wikimedia.org
Subject: [Mediawiki-l] Questions regarding new installation...
Hi everybody:
I am building a community site using MediaWiki and have a couple of
questions:
1) How do I protect, or preferably lock, the main page from user editing?
I've looked through the user guide and have yet to find a how-to on that
specifically.
2) How do I make the search tool in the left column function like the one
in Wikipedia? I would like searchers to get an "Editing (search terms)"
result instead of "No Page Found" as is happening now.
Any help would be greatly appreciated.
Thanks,
Alison :-)
----- Original Message -----
From: <mediawiki-l-request(a)Wikimedia.org>
To: <alorraineguard-registrations(a)yahoo.com>
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)Wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l