Our patch for the Internet Explorer 6 XSS issue (bug 28235) released
two days ago in 1.16.3 was insufficient to fix that bug. The original
reporter, Masato Kinugawa, pointed out the flaw on bug 28507. So we
are doing another release, which contains a second attempt at fixing
the issue.
Apologies to everyone for the inconvenience. Big thanks go to Masato
Kinugawa for helping to keep MediaWiki secure. Thanks also to Roan
Kattouw who helped me test the patch this time around, so that we can
hopefully avoid a repeat.
It is necessary to upgrade MediaWiki to avoid an XSS vulnerability for
Internet Explorer clients, version 6 and earlier. Also, if you used
the Apache configuration I suggested in the previous release
announcement, you should update it to:
RewriteEngine On
RewriteCond %{QUERY_STRING} \.[a-z0-9]{1,4}(#|\?|$) [nocase]
RewriteRule . - [forbidden]
We missed the fact that there can be more than one question mark in a
URL. In certain circumstances, IE 6 will use a file extension
immediately before a question mark character, regardless of how many
question marks precede it. For example, with the URL:
http://example.com/a?b?c.html?d?e
IE 6 will see the file extension as ".html".
**********************************************************************
Download:
http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.4.tar.gz
Patch to previous version (1.16.3):
http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.4.patch.gz
GPG signatures:
http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.4.tar.gz.sighttp://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.4.patch.gz.sig
Public keys:
https://secure.wikimedia.org/keys.html
In a message dated 4/14/2011 2:11:49 AM Pacific Daylight Time,
s.mazeland(a)xs4all.nl writes:
> I would suggest to set a percentage of worldwide usage as reported by
> some
> "trusted" statistics reported, or possibly a percentage of Wikimedia
> pageviews. 3% or 4%?
>
That's high. I would like something more in the range of 0.1% to 0.5%
Dubya.
Does anyone know of a technique or extension that would allow me to customize the Sidebar? Following the example shown on Manual:Interface/Sidebar does not return the results shown.
The manual page further states:
" The link target can be the name of an interface message (page in the MediaWiki namespace) or wiki page, or an external link. In either case, the link can be internal, interwiki, or external. In some cases (such as links with the "&" character), an interface message is necessary. The link target cannot be made dependent on the interface language set in the preferences."
After trying every permutation of link and link text the Sidebar does not perform as stated. What am I missing here?
Further down the page examples using Javascript and PHP. Are these my only recourse?
Thanks,
John
I'm having a problem with a parser function that reads a string from a database and displays it on a wiki page. The basic structure is this:
static function myParserFunction($parser, $arg) {
$value = getFromDatabase();
return $value;
}
Everything works great unless the value contains a multibyte character. In this case, after the parser function returns its value, something else goes wrong internal to MediaWiki and the ENTIRE content area of the article gets blanked. No PHP errors appear in the logs.
Here's another clue. If my parser function echoes the value instead of returning it:
static function myParserFunction($parser, $arg) {
$value = getFromDatabase();
echo $value;
return 'dummy';
}
then the value appears without a problem in the browser. So the value is correctly read from the database, and correctly returned by the parser function, but it fouls up something downstream.
Does anyone know what's going on, or have suggestions on how to debug further?
Thanks,
DanB
Hi,
I must resolve the next problem:
If one user is editing one page, I do not want that a second user enters to
the editor and save another modifications because the first changes stored
will be showed like an old versions and do not appear.
I has been looking for an addon to block the editor in a page that it has
being edited, but I hasn't found. Exists really? Thanks
Hi at all,
I have now the skin "daddio" and want to hide the buttons "contribute"
and "history".
Where I have to change a .css file, code or anything else?
Best Regards,
Franz Kinader
If I wanted to put the equivalent of "php_value session.save_path '/tmp'
" into LocalSettings.php
with /tmp being a writable subdirectory of the directory
LocalSettings.php is in, what would I add?
I'm trying to solve a problem that results in the error message "Sorry!
We could not process your edit due to a loss of session data."
Fred Bauder
I updated our wiki server (1.16.2) from PHP 5.1.6 to PHP 5.3.3, and now MediaWiki is complaining about extensions not returning values in their hook functions, when they are definitely returning "true". Does this look familiar to anybody?
Example:
$wgHooks['SkinAfterBottomScripts'][] = 'MyClass::addBottomScripts';
class MyClass {
static function addBottomScripts( &$sk, &$bottomScriptText ) {
return true;
}
}
Results on rendering a wiki page:
MediaWiki internal error.
Original exception: exception 'MWException' with message 'Detected bug in an extension! Hook MyClass::addBottomScripts failed to return a value; should return true to continue hook processing or false to abort.' in /var/www/html/w/includes/Hooks.php:155
Stack trace:
#0 /var/www/html/w/includes/Skin.php(978): wfRunHooks('SkinAfterBottom...', Array)
#1 /var/www/html/w/includes/SkinTemplate.php(455): Skin->bottomScripts()
#2 /var/www/html/w/includes/OutputPage.php(1615): SkinTemplate->outputPage(Object(OutputPage))
#3 /var/www/html/w/includes/Wiki.php(376): OutputPage->output()
#4 /var/www/html/w/index.php(118): MediaWiki->finalCleanup(Array, Object(OutputPage))
#5 {main}
Exception caught inside exception handler: exception 'MWException' with message 'Detected bug in an extension! Hook MyClass::addBottomScripts failed to return a value; should return true to continue hook processing or false to abort.' in /var/www/html/w/includes/Hooks.php:155
Stack trace:
#0 /var/www/html/w/includes/Skin.php(978): wfRunHooks('SkinAfterBottom...', Array)
#1 /var/www/html/w/includes/SkinTemplate.php(455): Skin->bottomScripts()
#2 /var/www/html/w/includes/OutputPage.php(1615): SkinTemplate->outputPage(Object(OutputPage))
#3 /var/www/html/w/includes/Exception.php(164): OutputPage->output()
#4 /var/www/html/w/includes/Exception.php(191): MWException->reportHTML()
#5 /var/www/html/w/includes/Exception.php(289): MWException->report()
#6 /var/www/html/w/includes/Exception.php(348): wfReportException(Object(MWException))
#7 [internal function]: wfExceptionHandler(Object(MWException))
#8 {main}
Thanks for any insights!
DanB