From: Brion Vibber <brion(a)pobox.com>
>As you're aware, there's no hurry here.
There was a hurry, because it would have been good to turn it off before Google re-indexed the site, but now it's too late for that.
I asked on the page, but got no reply: what exactly will it take to get it turned off for any specific project?
Ben
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MediaWiki 1.3.10 is a security release.
In earlier 1.3.x releases an attacker could craft a URL which, when
visited by a particular logged-in user, would execute arbitrary
JavaScript code on the user's browser in the wiki's site context. This
attack has been blocked, and as an extra precaution the user CSS and
JavaScript subpage support is now disabled by default. Sites which want
this ability may set $wgAllowUserCss and $wgAllowUserJs in
LocalSettings.php.
Additional protections have been added against off-site form submissions
hijacking user credentials. Authors of bot tools may need to update
their code to include additional fields.
All wikis running 1.3.x are strongly urged to upgrade to 1.3.10.
=== Changes from 1.3.9 ===
* Logged-in edits and preview of user CSS/JS are now locked to a
session token.
* Per-user CSS and JavaScript subpage customizations now disabled by
default. They can be re-enabled via $wgAllowUserJs and $wgAllowUserCss.
* Removed .ogg from the default uploads whitelist as an extra
precaution. If your web server is configured to serve Ogg files with the
correct Content-Type header, you can re-add it in LocalSettings.php:
~ $wgFileExtensions[] = 'ogg';
Release notes:
http://sourceforge.net/project/shownotes.php?release_id=302313
Download:
http://prdownloads.sf.net/wikipedia/mediawiki-1.3.10.tar.gz?download
Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikipedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCAyTSwRnhpk1wk44RAtX7AJkBo1tLdta5ooHjg02ZVdnGpyoQKQCgsG1K
8j2DYMGGs3LbysjOrLCvudA=
=eAx7
-----END PGP SIGNATURE-----
From: Brion Vibber <brion.vibber(a)gmail.com>
>Beta 6 also introduces the use of rel="nofollow" attributes on external
>links in wiki pages to reduce the effectiveness of wiki spam. This will
>cause participating search engines to ignore external URL links from
>wiki pages for purposes of page relevancy ranking.
How is the per-project option coming on this?
(See also: [[m:Nofollow]])
Ben
Hi, my next question - and I am not sure if this is the right list to
ask these questions, so if I am wrong, please tell me.
On the Italian wiktionary there are different namespaces:
Wikizionario:
Aiuto:
etc.
Now "Aiuto:" always has a red background - so there must be a place
where I can set up this layout.
The two questions I have:
1) where to edit these layouts?
2) is there a problem if I would like to create a separate namespace
(for example "Projects:") and where to create the pre-defined layout for
this part.
I had a look at this:
http://meta.wikimedia.org/wiki/Help:Custom_Namespaces
But this does not help me with what I search for.
Thank you!!!
Sorry, I know these are basic questions.
Ciao, Sabine.
Hello,
I am new to this list and I don't know about older discussions.
So I ask you: is it interesting for you, to change Wikipedia from PHP to a
C-written engine?
I just in development (most is ready) of a high-performance, high-security
tool, usable for Wikis, CMS or forums. It is Open-Source (GPL). The sources
are not available at the moment, because I make changes every day. But it
need only some weeks... I created two libraries to make a
forum-platform-application: libstd3000c and libcpcgic. The application can
use fastCGI and communicate with Apache as an daemon (FastCGIExternalServer).
I'm writing C-Code since 1987, C++ since 1990 and PHP since many years too. I
switch back to C with modern methods, using objects, encapsulated data,
multithreading and internationalization. Sophisticated string methods avoid
buffer overflows and consequently use of C-classes make memory management
easy. And, and, and...
Manfred
Brion Vibber wrote:
> Updates to any file in MediaWiki should be submitted as a unified diff
> against the files in CVS (cvs diff -u) FOR EACH AFFECTED BRANCH (the
> REL1_4 release branch is not the same as the current development work in
> HEAD), posted as a file attachment to a bug report in Bugzilla.
> Assurances that it's been tested are helpful.
I added brions text above to
http://meta.wikimedia.org/wiki/Locales_for_the_Wikimedia_projects
put a deprecated note on the page and removed all red links.
For creating clean locales, I propose to set up a wiki only for this
purpose where a team of volunteers can translate the locales via the
mediawiki namespace in a coordinate effort (doing this via the mediawiki
namespace has the advantage that you can test the stuff live and see
formatting errors instantly). At a certain deadline these translations
could be all converted at once into the according Language files and
released together with mediawiki. If that's sounds feasible to you and
someone sets up a wiki for this, I'm willing to maintain the german
language version.
greetings,
elian
Hi, on all wiktionaries/wikipedias normally when viewing the recent
changes you have the possibilty to exclude the recent changes. On the
Italian wiktionary this option is not there:
http://it.wiktionary.org/wiki/Speciale:Recentchanges. (Strange enough I
noted the same on the Italian wikipedia).
Where can I add this? It helps so much to monitor manual entries - and
at the moment we are having at least one vandal a day on the Italian
wiktionary - so I really need this.
Thank you for any hint!!!
Ciao, Sabine
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MediaWiki 1.4beta6 is a security and bug fix release for the 1.4 beta
series.
In previous 1.4beta and 1.3.x releases an attacker could craft a URL
which, when visited by a particular logged-in user, would execute
arbitrary JavaScript code on the user's browser in the wiki's site
context. This attack has been blocked, and as an extra precaution the
user CSS and JavaScript subpage support is now disabled by default.
Sites which want this ability may set $wgAllowUserCss and $wgAllowUserJs
in LocalSettings.php.
Additional protections have been added against off-site form submissions
hijacking user credentials. Authors of bot tools may need to update
their code to include additional fields.
1.3.x users not using the 1.4 beta should upgrade to 1.3.10.
Note that 1.4 beta releases prior to beta 5 include an input validation
error which could lead to execution of arbitrary PHP code on the server.
Users of older betas should upgrade immediately to the current version.
Beta 6 also introduces the use of rel="nofollow" attributes on external
links in wiki pages to reduce the effectiveness of wiki spam. This will
cause participating search engines to ignore external URL links from
wiki pages for purposes of page relevancy ranking.
The current implementation adds this attribute to _all_ external URL
links in wiki text (but not internal [[wiki links]] or interwiki links).
To disable the attribute for _all_ external links, add this line to your
LocalSettings.php:
~ $wgNoFollowLinks = false
For background information on nofollow see:
~ http://www.google.com/googleblog/2005/01/preventing-comment-spam.html
=== Changes since beta 5 ===
* (bug 1335) implement 'tooltip-watch' in Language.php
* Fix linktrail for nn: language
* (bug 1214) Fix prev/next links in Special:Log
* (bug 1354) Fix linktrail for fo: language
* (bug 512) Reload generated CSS on preference change
* (bug 63) Fix displaying as if logged in after logout
* Set default MediaWiki:Sitenotice to '-', avoiding extra database hits
* Skip message cache initialization on raw page view (quick hack)
* Fix notice errors in wfDebugDieBacktrace() in XML callbacks
* Suppress notice error on bogus timestamp input (returns epoch as before)
* Remove unnecessary initialization and double-caching of parser variables
* Call-tree output mode for profiling
* (bug 730) configurable $wgRCMaxAge; don't try to update purged RC entries
* Add $wgNoFollowLinks option to add rel="nofollow" on external links
~ (on by default)
* (bug 1130) Show actual title when moving page instead of encoded one.
* (bug 925) Fix headings containing <math>
* (bug 1131) Fix headings containing interwiki links
* (bug 1380) Update Nynorsk language file
* (bug 1232) Fix sorting of cached Special:Wantedpages in miser mode
* (bug 1217) Image within an image caption broke rendering
* (bug 1384) Make patrol signs have the same width for page moves as for
edits
* (bug 1364) fix "clean up whitespace" in Title:SecureAndSplit
* (bug 1389) i18n for proxyblocker message
* Add fur/Furlan/Friulian to language names list
* Add TitleMoveComplete hook on page renames
* Allow simple comments for each translation rules in MW:Zhconversiontable
* (bug 1402) Make link color of tab subject page link on talk page
indicate whether article exists
* (bug 1368) Fix SQL error on stopword/short word search w/ MySQL 3.x
* Translated Hebrew namespace names
* (bug 1429) Stop double-escaping of block comments; fix formatting
* (bug 829) Fix URL-escaping on block success
* (bug 1228) Fix double-escaping on & sequences in [enclosed] URLs
* (bug 1435) Fixed many CSS errors
* (bug 1457) Fix XHTML validation on category column list
* (bug 1458) Don't save if edit form submission is incomplete
* Logged-in edits and preview of user CSS/JS are now locked to a session
token.
* Per-user CSS and JavaScript subpage customizations now disabled by
default.
~ They can be re-enabled via $wgAllowUserJs and $wgAllowUserCss.
* Removed .ogg from the default uploads whitelist as an extra precaution.
~ If your web server is configured to serve Ogg files with the correct
~ Content-Type header, you can re-add it in LocalSettings.php:
~ $wgFileExtensions[] = 'ogg';
Release notes:
http://sourceforge.net/project/shownotes.php?release_id=302312
Download:
http://prdownloads.sf.net/wikipedia/mediawiki-1.4beta6.tar.gz?download
Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikipedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCAyhRwRnhpk1wk44RAnIUAKDdqRHUZeEM8g9+qazg+9yxtLpMogCgxNGb
0cawqMHSyQSVbc7CFav4hMg=
=qmq7
-----END PGP SIGNATURE-----
Greetings all,
I have implemented the "preview with diff" feature requested in bug 15
(http://bugzilla.wikimedia.org/show_bug.cgi?id=15). I would be most
grateful if somebody would review the four associated patches.
The patches are written against the current HEAD revision, and
backporting to 1.4 and 1.3 has not yet been done. Anyone is welcome
to tackle that effort if they like. Also, Language.php is involved in
the change (a label for a preference checkbox), so translations of the
new string will be needed in the various LanguageX.php files.
I'm happy to add documentation to meta (or wherever it belongs) when
appropriate. Should I do this now, or wait for the patch to be
accepted?
Regards,
Alan Wessman