-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
This should be the final beta release of MediaWiki 1.3.0; the final final version will be released in a few days after some more bug fixing and polishing up of documentation and installation.
Beta 6 includes a security fix: earlier 1.3.0 beta releases may be vulnerable to a PHP inclusion attack if you have allow_url_fopen and register_globals on (this is the default configuration in PHP 4.1.x, but register_globals is off by default in 4.2.x and later).
Note that while MediaWiki through 1.1 required register_globals to be on, 1.2 and 1.3 *do not*. If you have register_globals on, you should turn it off unless you are absolutely sure you require it for some other package. See http://php.net/register_globals for general information.
Release notes: https://sourceforge.net/project/shownotes.php?release_id=258701
Download: http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.3.0beta6.tar.gz?dow...
Wiki admin help mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system: https://sourceforge.net/tracker/?group_id=34373&atid=411192
Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com)
Beta 6 includes a security fix: earlier 1.3.0 beta releases may be vulnerable to a PHP inclusion attack if you have allow_url_fopen and register_globals on (this is the default configuration in PHP 4.1.x, but register_globals is off by default in 4.2.x and later).
Incidentally, a side note about this. From what I've read, you cannot set allow_url_fopen by using ini_set - it's an admin value only. I think I saw an attempt to turn this off in one of the source files. Is this "just in case" sorta stuff?
Morbus Iff wrote:
Incidentally, a side note about this. From what I've read, you cannot set allow_url_fopen by using ini_set - it's an admin value only. I think I saw an attempt to turn this off in one of the source files. Is this "just in case" sorta stuff?
An empirical test on 4.3.2 shows that you can indeed turn allow_url_fopen on and off via ini_set(), despite what the documentation says.
They may have changed it and the documentation is incomplete, or it might be an old bug.
-- brion vibber (brion @ pobox.com)
Hi,
great work.
Will the final version include the "Wikipedia Portal" menu item by default? I think the MediaWiki release shouldn't contain any Wikipedia-specific strings.
By the way: what is the recommended way of customizing the menu on the left?
And: are there any public tools available to convert a 1.2 iso-8859-1 system to a 1.3 utf-8 installation?
Greetings Tim
On 07.08.2004, at 01:07, Brion Vibber wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
This should be the final beta release of MediaWiki 1.3.0; the final final version will be released in a few days after some more bug fixing and polishing up of documentation and installation.
Beta 6 includes a security fix: earlier 1.3.0 beta releases may be vulnerable to a PHP inclusion attack if you have allow_url_fopen and register_globals on (this is the default configuration in PHP 4.1.x, but register_globals is off by default in 4.2.x and later).
Note that while MediaWiki through 1.1 required register_globals to be on, 1.2 and 1.3 *do not*. If you have register_globals on, you should turn it off unless you are absolutely sure you require it for some other package. See http://php.net/register_globals for general information.
Release notes: https://sourceforge.net/project/shownotes.php?release_id=258701
Download: http://prdownloads.sourceforge.net/wikipedia/mediawiki -1.3.0beta6.tar.gz?download
Wiki admin help mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system: https://sourceforge.net/tracker/?group_id=34373&atid=411192
Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBFA81wRnhpk1wk44RAjtcAJ45L8KSHvZEv6strva58iChHvYliQCgj85E UyHl6D/y/mm4nPhnS6zWjpE= =lNM6 -----END PGP SIGNATURE----- _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
------ Tim Pritlove, Discordian Evangelist, Chaos Computer Club mailto:tim@ccc.de http://tim.geekheim.de/ aim:timpritlove jabber:tim@jabber.berlin.ccc.de Project Blinkenlights http://www.blinkenlights.de/ ------ The Fifth Commandment: A Discordian is Prohibited of Believing What he reads.
Tim Pritlove wrote:
Will the final version include the "Wikipedia Portal" menu item by default? I think the MediaWiki release shouldn't contain any Wikipedia-specific strings.
I'm not aware of any such item. There is a "Community Portal" link, which can be renamed by editing MediaWiki:Portal and MediaWiki:Portal-url
By the way: what is the recommended way of customizing the menu on the left?
There currently is none, sorry. You have to hack up the template or the code.
And: are there any public tools available to convert a 1.2 iso-8859-1 system to a 1.3 utf-8 installation?
There is a tool of some sort but I'm not sure where it is offhand...
-- brion vibber (brion @ pobox.com)
mediawiki-l@lists.wikimedia.org