MediaWiki-l October 2020

mediawiki-l@lists.wikimedia.org

22 participants
25 discussions

Using two primary authentication providers?
by Silas 26 Oct '20

26 Oct '20

I just installed LDAP Authentication and it worked fine after setting it with $wgAuthManagerAutoConfig: $wgAuthManagerAutoConfig['primaryauth'] += [ LdapPrimaryAuthenticationProvider::class => [ 'class' => LdapPrimaryAuthenticationProvider::class, 'args' => [[ 'authoritative' => true, ]], 'sort' => 50, ], ]; I can enable either LdapPrimaryAuthenticationProvider or LocalPasswordPrimaryAuthenticationProvider, but not both. I can switch the authentication method by changing the value for the 'sort' key (LocalPasswordPrimaryAuthenticationProvider has 'sort' => 100), but I couldn't figure out how to allow both LDAP and local accounts. I tried to set 'authoritative' => true, and I also tried it as false, but none of them seem to work. Is there anything I'm missing? Thanks.

1 0

MediaWiki logo
by Amir Sarabadani 26 Oct '20

26 Oct '20

Hello people! So the voting period is done now and the second proposal is the clear winner. https://www.mediawiki.org/wiki/Project:Proposal_for_changing_logo_of_MediaW… 163 people participated and these are the top winners using Schulze method: * 2: Gradient (translucent - CamelCase) * 8: Yellow (solid - CamelCase) * 6: Yellow (translucent - CamelCase) Comparing 2 and 8, 92 people preferred 2 over 8 while 71 people preferred the other way around. Now we are in the legal clearance period (which hopefully will take a month) and once it's over, we will start implementing the change, if 2 doesn't get cleared, 8 will be implemented and so on. Thank you for everyone who participated (except myself, thanking myself would be weird) -- Amir (he/him)

1 0

New Wikipedia interface, is it the right place to ask?
by Pascal GREGIS 24 Oct '20

24 Oct '20

Hello, I noticed that recently the interface of the french wikipedia had changed. Surprisingly, it doesn't seem to be the case on the english wikipedia. Is it the right place here to make some remarks about it? Thanks Pascal ----- End forwarded message -----

4 4

Special:Translate
by John 23 Oct '20

23 Oct '20

I saw the useful translation that mediawiki.org uses for hosting multi-lingual content on the same wiki. Is there a good how to for implementing that?

2 1

The second round of voting for mediawiki logo - one week left
by Amir Sarabadani 18 Oct '20

18 Oct '20

Hello, This is a gentle reminder that there's one week left from the voting period of choosing the next logo of mediawiki. If you haven't voted yet, you can vote in https://www.mediawiki.org/wiki/Project:Proposal_for_changing_logo_of_MediaW… Best -- Amir (he/him)

1 0

Announcing MediaWiki 1.35.0
by Sam Reed 16 Oct '20

16 Oct '20

I am happy to announce the belated availability of the general release of MediaWiki 1.35! Tarballs have already been uploaded, and the git tag has been pushed. Thanks to everyone who helped out with this release, especially thanks to those who tested out the release candidates and provided feedback, as well as the developers who worked hard to get several important fixes merged in time for the 1.35 final release. To see what's changed in 1.35, see the release notes below. Please note that the PHP version requirement has been raised from 7.2.9 in MediaWiki 1.34 (and 7.0 in MediaWiki 1.31), to 7.3.19. MediaWiki 1.35 is an LTS and is due to be supported until the end of September 2023. As a reminder, 1.31 is due to become end of life in June 2021. 1.34 is due to become end of life in November 2020. As per the pre-release announcement, 1.35.0 also includes some security fixes that weren't in the release candidates, which came out yesterday for the ther supported MediaWiki branches. Known/outstanding issues: * VisualEditor and Parsoid are now bundled in the tarball and no longer need a separate Node.js service. The documentation for this still may still require some updates. Please report any bugs [2] if this affects you. * (T259685) Zeroconf (zero-configuration) VisualEditor/Parsoid doesn't work using SQLite as the database backend for MediaWiki. This is due to the lack of write concurrency in SQLite. If you wish to use this feature, it is recommended to use MySQL/MariaDB rather than SQLite. * Watchlist expiry (behind the $wgWatchlistExpiry flag) is currently still experimental. It should become stable in a later point release. Please report any issues/bugs [3]. == Security fixes == * (T232568, CVE-2020-25813) SECURITY: SpecialUserrights: If a viewer lacks `hideuser`, ignore hidden users. * (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on Special:Contributions. * (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within LogEventsList. * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking firejail's --output functionality. * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and 'style' attribute. * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in mw.message( ... ).parse(). * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct database. * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used. * (T251661, CVE-2020-25827) SECURITY: TOTP throttle not enforced cross-wiki. == Links to all mentioned tasks == * https://phabricator.wikimedia.org/T232568 * https://phabricator.wikimedia.org/T255918 * https://phabricator.wikimedia.org/T256171 * https://phabricator.wikimedia.org/T258763 * https://phabricator.wikimedia.org/T86738 * https://phabricator.wikimedia.org/T115888 * https://phabricator.wikimedia.org/T260485 * https://phabricator.wikimedia.org/T251661 === Changes since MediaWiki 1.35.0-rc.3 === * (T261258) Remove checks for ancient ImageMagick versions in BitmapHandler. * (T260232) Don't include null page ids in query list for category dumps. * (T260009) Check existing watchitem when saving action=watch. * (T259055) Correct success messages for action=watch. * mediawiki.page.ready: Simpler tablesorter/makeCollapsible call. * mediawiki.page.ready: Fix skin override config flags, wrong way round. * (T262175, T248512) Remove requirement for ApiWatchlistTrait to be in ApiBase. * (T259053, T260434) Watchlist: Fix updateWatchLink removing css class when action=watch. * (T261901, T261476) mediawiki.notification: Don't close notif when clicking <select> element. * (T251506) Sanitizer: Truncate IDs to a reasonable length. * (T259452) Parsoid updated to v0.12.0. * (T261970) watch.ajax: Add expiry support to watchpage.mw event. * (T262900) Fix failure of rebuildLocalisationCache.php due to ResourceLoader hook. * (T263014) Hard deprecate File::userCan() with $user=null. * (T262547) Use localized success message after watching via action=watch. * (T201491) Fix typo 'Watchlst' in `apihelp-edit-param-watchlistexpiry`. * (T261081) Installer: consistently reset Language objects. * (T250449, T250450) Installer: consistently reset Language objects. * Explicitly wrap some XML calls in libxml_disable_entity_loader(). * (T262934) Ensure dropdown label is always on its own line. * (T246855) resourceloader: Use a local HookRunner. * (T263604) Have findBadBlobs.php require Maintenance.php rather than cleanupTable.inc. * (T263606) Set fake time, to avoid flaky tests. * (T261325) Add FindMissingActors script. * (T262364) shell: Don't blacklist /run/firejail. * (T263655) NewPagesPager: Ignore nonexistent namespaces. * Update specialPageAliases and magicWords for Egyptian Arabic (arz). * (T261347) ParserOutput: don't throw on bad editsection. * (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on Special:Contributions. * (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within LogEventsList. * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking firejail's --output functionality. * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and 'style' attribute. * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in mw.message( ... ).parse(). * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct database. * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used. * Add Finnish special page aliases. * Fix GuzzleHttpRequest request headers. * Fix description for pruneFileCache.php. * emptyUserGroup.php: handle more than 5000 users. * Make ApiSandbox copyable URL absolute. * (T261087) Add a link from a deleted page to that page's logs. Open Bugs: [1] https://phabricator.wikimedia.org/project/board/4035/ Bug report form: [2] https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-… [3] https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-… ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz Patch to previous version (1.35.0-rc.3): https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz GPG signatures: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz.… https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz.sig Public keys: https://www.mediawiki.org/keys/keys.html Release Notes https://www.mediawiki.org/wiki/Release_notes/1.35

6 9

Verification of my email address and photo profile
by Victor Valle 15 Oct '20

15 Oct '20

Sent from Yahoo Mail for iPad

1 0

Newsletter Wikimedia Belgium September 2020
by Geert Van Pamel 15 Oct '20

15 Oct '20

See <https://be.wikimedia.org/wiki/Newsletter/2020-09> https://be.wikimedia.org/wiki/Newsletter/2020-09

1 0

New episode of Between the Brackets: Markus and Richard from Hallo Welt
by Yaron Koren 14 Oct '20

14 Oct '20

Hi, There is a new episode of the MediaWiki podcast "Between the Brackets", featuring an interview with Richard Heigl and Markus Glaser, two of the founders/executives of the MediaWiki development and consulting company Hallo Welt, which is best known for producing the BlueSpice MediaWiki distribution. You can listen to the episode here: https://betweenthebrackets.libsyn.com/episode-71-richard-heigl-and-markus-g… -Yaron

1 0

M.W. 1.34.4 VS SyntaxHighlight 2.0 on Linux
by NL 12 Oct '20

12 Oct '20

Hi All, I have recently upgraded mediawiki to version 1.34.4 (from 1.24) in a fresh directory and found that SyntaxHighlight extension is not working well. There is no color applied for all the langs I tried (especialy ksh one). I guess there is a link with the Python version used. Both Python V2.7.9 and V3.4.2 are available on the server. Her are the specs : OS: Linux Distribution Hosting: OVH Shared hosting PHP version: 7.3.20 (cgi-fcgi) Mediawiki version: 1.34.4 SyntaxHighlight: 2.0 (embended) Does anybody have a clue ? Regards

2 6

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

MediaWiki-l October 2020