MediaWiki-l April 2011

mediawiki-l@lists.wikimedia.org

76 participants
74 discussions

MediaWiki security release 1.16.4
by Tim Starling 15 Apr '11

15 Apr '11

Our patch for the Internet Explorer 6 XSS issue (bug 28235) released two days ago in 1.16.3 was insufficient to fix that bug. The original reporter, Masato Kinugawa, pointed out the flaw on bug 28507. So we are doing another release, which contains a second attempt at fixing the issue. Apologies to everyone for the inconvenience. Big thanks go to Masato Kinugawa for helping to keep MediaWiki secure. Thanks also to Roan Kattouw who helped me test the patch this time around, so that we can hopefully avoid a repeat. It is necessary to upgrade MediaWiki to avoid an XSS vulnerability for Internet Explorer clients, version 6 and earlier. Also, if you used the Apache configuration I suggested in the previous release announcement, you should update it to: RewriteEngine On RewriteCond %{QUERY_STRING} \.[a-z0-9]{1,4}(#|\?|$) [nocase] RewriteRule . - [forbidden] We missed the fact that there can be more than one question mark in a URL. In certain circumstances, IE 6 will use a file extension immediately before a question mark character, regardless of how many question marks precede it. For example, with the URL: http://example.com/a?b?c.html?d?e IE 6 will see the file extension as ".html". ********************************************************************** Download: http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.4.tar.gz Patch to previous version (1.16.3): http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.4.patch.gz GPG signatures: http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.4.tar.gz.sig http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.4.patch.gz.sig Public keys: https://secure.wikimedia.org/keys.html

5 5

How do I add a Link of a external website into the footer?
by uv22e Alcott 15 Apr '11

15 Apr '11

Hello :) Does somebody know how to add an external Link like "www.example.com" into the footer?

3 5

Re: [Mediawiki-l] Dropping IE6 support (was: MediaWiki security release 1.16.4)
by WJhonson＠aol.com 15 Apr '11

15 Apr '11

In a message dated 4/14/2011 2:11:49 AM Pacific Daylight Time, s.mazeland(a)xs4all.nl writes: > I would suggest to set a percentage of worldwide usage as reported by > some > "trusted" statistics reported, or possibly a percentage of Wikimedia > pageviews. 3% or 4%? > That's high. I would like something more in the range of 0.1% to 0.5% Dubya.

2 1

Sidebar Customization
by John Durant 14 Apr '11

14 Apr '11

Does anyone know of a technique or extension that would allow me to customize the Sidebar? Following the example shown on Manual:Interface/Sidebar does not return the results shown. The manual page further states: " The link target can be the name of an interface message (page in the MediaWiki namespace) or wiki page, or an external link. In either case, the link can be internal, interwiki, or external. In some cases (such as links with the "&" character), an interface message is necessary. The link target cannot be made dependent on the interface language set in the preferences." After trying every permutation of link and link text the Sidebar does not perform as stated. What am I missing here? Further down the page examples using Javascript and PHP. Are these my only recourse? Thanks, John

3 4

parser function + multibyte characters = blank article?
by Daniel Barrett 14 Apr '11

14 Apr '11

I'm having a problem with a parser function that reads a string from a database and displays it on a wiki page. The basic structure is this: static function myParserFunction($parser, $arg) { $value = getFromDatabase(); return $value; } Everything works great unless the value contains a multibyte character. In this case, after the parser function returns its value, something else goes wrong internal to MediaWiki and the ENTIRE content area of the article gets blanked. No PHP errors appear in the logs. Here's another clue. If my parser function echoes the value instead of returning it: static function myParserFunction($parser, $arg) { $value = getFromDatabase(); echo $value; return 'dummy'; } then the value appears without a problem in the browser. So the value is correctly read from the database, and correctly returned by the parser function, but it fouls up something downstream. Does anyone know what's going on, or have suggestions on how to debug further? Thanks, DanB

2 1

Concurrency in editions
by Juan Jesús Cremades Monserrat 12 Apr '11

12 Apr '11

Hi, I must resolve the next problem: If one user is editing one page, I do not want that a second user enters to the editor and save another modifications because the first changes stored will be showed like an old versions and do not appear. I has been looking for an addon to block the editor in a page that it has being edited, but I hasn't found. Exists really? Thanks

2 1

Hide "Contribute" and "History"
by Franz Kinader 12 Apr '11

12 Apr '11

Hi at all, I have now the skin "daddio" and want to hide the buttons "contribute" and "history". Where I have to change a .css file, code or anything else? Best Regards, Franz Kinader

1 0

Daddio skin
by Franz Kinader 12 Apr '11

12 Apr '11

Ok, that was a Problem with the $IP variable. Set it with path and it works. Thanx for the help :-)

1 0

php_value session.save_path '/tmp'
by Fred Bauder 12 Apr '11

12 Apr '11

If I wanted to put the equivalent of "php_value session.save_path '/tmp' " into LocalSettings.php with /tmp being a writable subdirectory of the directory LocalSettings.php is in, what would I add? I'm trying to solve a problem that results in the error message "Sorry! We could not process your edit due to a loss of session data." Fred Bauder

2 1

PHP 5.3 update and MediaWiki hook return values?
by Daniel Barrett 12 Apr '11

12 Apr '11

I updated our wiki server (1.16.2) from PHP 5.1.6 to PHP 5.3.3, and now MediaWiki is complaining about extensions not returning values in their hook functions, when they are definitely returning "true". Does this look familiar to anybody? Example: $wgHooks['SkinAfterBottomScripts'][] = 'MyClass::addBottomScripts'; class MyClass { static function addBottomScripts( &$sk, &$bottomScriptText ) { return true; } } Results on rendering a wiki page: MediaWiki internal error. Original exception: exception 'MWException' with message 'Detected bug in an extension! Hook MyClass::addBottomScripts failed to return a value; should return true to continue hook processing or false to abort.' in /var/www/html/w/includes/Hooks.php:155 Stack trace: #0 /var/www/html/w/includes/Skin.php(978): wfRunHooks('SkinAfterBottom...', Array) #1 /var/www/html/w/includes/SkinTemplate.php(455): Skin->bottomScripts() #2 /var/www/html/w/includes/OutputPage.php(1615): SkinTemplate->outputPage(Object(OutputPage)) #3 /var/www/html/w/includes/Wiki.php(376): OutputPage->output() #4 /var/www/html/w/index.php(118): MediaWiki->finalCleanup(Array, Object(OutputPage)) #5 {main} Exception caught inside exception handler: exception 'MWException' with message 'Detected bug in an extension! Hook MyClass::addBottomScripts failed to return a value; should return true to continue hook processing or false to abort.' in /var/www/html/w/includes/Hooks.php:155 Stack trace: #0 /var/www/html/w/includes/Skin.php(978): wfRunHooks('SkinAfterBottom...', Array) #1 /var/www/html/w/includes/SkinTemplate.php(455): Skin->bottomScripts() #2 /var/www/html/w/includes/OutputPage.php(1615): SkinTemplate->outputPage(Object(OutputPage)) #3 /var/www/html/w/includes/Exception.php(164): OutputPage->output() #4 /var/www/html/w/includes/Exception.php(191): MWException->reportHTML() #5 /var/www/html/w/includes/Exception.php(289): MWException->report() #6 /var/www/html/w/includes/Exception.php(348): wfReportException(Object(MWException)) #7 [internal function]: wfExceptionHandler(Object(MWException)) #8 {main} Thanks for any insights! DanB

2 2

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

MediaWiki-l April 2011