Hello community,
here is the log from the commit of package mediawiki
checked in at Sat Mar 3 14:32:13 CET 2007.
--------
--- mediawiki/mediawiki.changes 2007-01-15 11:21:38.000000000 +0100
+++ /mounts/work_src_done/STABLE/mediawiki/mediawiki.changes 2007-03-02 16:02:38.000000000 +0100
@@ -1,0 +2,13 @@
+Fri Mar 2 15:53:08 CET 2007 - anicka@suse.cz
+
+- update to 1.9.3
+ * Fix a remaining raw use of REQUEST_URI in history
+ * Fix a database error in Special:Recentchangeslinked
+ when using the PostgreSQL database.
+ * Add 'charset' to Content-Type headers on various HTTP error
+ responses to forestall additional UTF-7-autodetect XSS issues.
+ This fixes an issue with the Ajax interface error message on
+ MSIE when $wgUseAjax is enabled (not default configuration);
+ * Trackback responses now specify XML content type
+
+-------------------------------------------------------------------
Old:
----
mediawiki-1.9.0.tar.bz2
New:
----
mediawiki-1.9.3.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mediawiki.spec ++++++
--- /var/tmp/diff_new_pack.F31955/_old 2007-03-03 14:31:53.000000000 +0100
+++ /var/tmp/diff_new_pack.F31955/_new 2007-03-03 14:31:53.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package mediawiki (Version 1.9.0)
+# spec file for package mediawiki (Version 1.9.3)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -17,7 +17,7 @@
URL: http://www.mediawiki.org
Requires: mod_php_any php-session php-gettext php-zlib php-mysql ImageMagick-Magick++ tetex cjk-latex
Autoreqprov: on
-Version: 1.9.0
+Version: 1.9.3
Release: 1
Summary: A Web-Based Collaborative Editing Environment
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -102,7 +102,17 @@
%attr(-, root, www) %{mediawiki_path}/AdminSettings.sample
%attr(-, root, www) %{mediawiki_path}/config
-%changelog -n mediawiki
+%changelog
+* Fri Mar 02 2007 - anicka@suse.cz
+- update to 1.9.3
+ * Fix a remaining raw use of REQUEST_URI in history
+ * Fix a database error in Special:Recentchangeslinked
+ when using the PostgreSQL database.
+ * Add 'charset' to Content-Type headers on various HTTP error
+ responses to forestall additional UTF-7-autodetect XSS issues.
+ This fixes an issue with the Ajax interface error message on
+ MSIE when $wgUseAjax is enabled (not default configuration);
+ * Trackback responses now specify XML content type
* Mon Jan 15 2007 - anicka@suse.cz
- update to 1.9.0
* major quarterly release
++++++ mediawiki-1.9.0.tar.bz2 -> mediawiki-1.9.3.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/config/index.php new/mediawiki-1.9.3/config/index.php
--- old/mediawiki-1.9.0/config/index.php 2007-01-10 21:38:12.000000000 +0100
+++ new/mediawiki-1.9.3/config/index.php 2007-02-21 03:20:32.000000000 +0100
@@ -551,7 +551,7 @@
$conf->RightsUrl = "http://www.gnu.org/copyleft/fdl.html";
$conf->RightsText = "GNU Free Documentation License 1.2";
$conf->RightsCode = "gfdl";
- $conf->RightsIcon = '${wgStylePath}/common/images/gnu-fdl.png';
+ $conf->RightsIcon = '${wgScriptPath}/skins/common/images/gnu-fdl.png';
} elseif( $conf->License == "none" ) {
$conf->RightsUrl = $conf->RightsText = $conf->RightsCode = $conf->RightsIcon = "";
} else {
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/img_auth.php new/mediawiki-1.9.3/img_auth.php
--- old/mediawiki-1.9.0/img_auth.php 2007-01-10 21:38:39.000000000 +0100
+++ new/mediawiki-1.9.3/img_auth.php 2007-02-21 03:20:43.000000000 +0100
@@ -49,6 +49,7 @@
function wfForbidden() {
header( 'HTTP/1.0 403 Forbidden' );
+ header( 'Content-Type: text/html; charset=utf-8' );
print
"<html><body>
<h1>Access denied</h1>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/includes/AjaxDispatcher.php new/mediawiki-1.9.3/includes/AjaxDispatcher.php
--- old/mediawiki-1.9.0/includes/AjaxDispatcher.php 2007-01-10 21:38:09.000000000 +0100
+++ new/mediawiki-1.9.3/includes/AjaxDispatcher.php 2007-02-21 03:20:31.000000000 +0100
@@ -54,15 +54,15 @@
wfProfileIn( __METHOD__ );
if (! in_array( $this->func_name, $wgAjaxExportList ) ) {
- header( 'Status: 400 Bad Request', true, 400 );
- print "unknown function " . htmlspecialchars( (string) $this->func_name );
+ wfHttpError( 400, 'Bad Request',
+ "unknown function " . (string) $this->func_name );
} else {
try {
$result = call_user_func_array($this->func_name, $this->args);
if ( $result === false || $result === NULL ) {
- header( 'Status: 500 Internal Error', true, 500 );
- echo "{$this->func_name} returned no data";
+ wfHttpError( 500, 'Internal Error',
+ "{$this->func_name} returned no data" );
}
else {
if ( is_string( $result ) ) {
@@ -75,8 +75,8 @@
} catch (Exception $e) {
if (!headers_sent()) {
- header( 'Status: 500 Internal Error', true, 500 );
- print $e->getMessage();
+ wfHttpError( 500, 'Internal Error',
+ $e->getMessage() );
} else {
print $e->getMessage();
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/includes/api/ApiFormatBase.php new/mediawiki-1.9.3/includes/api/ApiFormatBase.php
--- old/mediawiki-1.9.0/includes/api/ApiFormatBase.php 2007-01-10 21:38:03.000000000 +0100
+++ new/mediawiki-1.9.3/includes/api/ApiFormatBase.php 2007-02-21 03:20:28.000000000 +0100
@@ -81,7 +81,7 @@
if (is_null($mime))
return; // skip any initialization
- header("Content-Type: $mime; charset=utf-8;");
+ header("Content-Type: $mime; charset=utf-8");
if ($isHtml) {
?>
@@ -170,7 +170,7 @@
}
public static function getBaseVersion() {
- return __CLASS__ . ': $Id: ApiFormatBase.php 17374 2006-11-03 06:53:47Z yurik $';
+ return __CLASS__ . ': $Id: ApiFormatBase.php 19434 2007-01-18 02:04:11Z brion $';
}
}
@@ -226,7 +226,7 @@
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiFormatBase.php 17374 2006-11-03 06:53:47Z yurik $';
+ return __CLASS__ . ': $Id: ApiFormatBase.php 19434 2007-01-18 02:04:11Z brion $';
}
}
?>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/includes/api/ApiQueryRevisions.php new/mediawiki-1.9.3/includes/api/ApiQueryRevisions.php
--- old/mediawiki-1.9.0/includes/api/ApiQueryRevisions.php 2007-01-10 21:38:03.000000000 +0100
+++ new/mediawiki-1.9.3/includes/api/ApiQueryRevisions.php 2007-02-21 03:20:28.000000000 +0100
@@ -177,7 +177,7 @@
// Ensure that all revisions are shown as '<rev>' elements
$result = $this->getResult();
if ($result->getIsRawMode()) {
- $data = $result->getData();
+ $data =& $result->getData();
foreach ($data['query']['pages'] as & $page) {
if (is_array($page) && array_key_exists('revisions', $page)) {
$result->setIndexedTagName($page['revisions'], 'rev');
@@ -262,7 +262,7 @@
}
public function getVersion() {
- return __CLASS__ . ': $Id: ApiQueryRevisions.php 17374 2006-11-03 06:53:47Z yurik $';
+ return __CLASS__ . ': $Id: ApiQueryRevisions.php 19434 2007-01-18 02:04:11Z brion $';
}
}
?>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/includes/DefaultSettings.php new/mediawiki-1.9.3/includes/DefaultSettings.php
--- old/mediawiki-1.9.0/includes/DefaultSettings.php 2007-01-10 21:38:10.000000000 +0100
+++ new/mediawiki-1.9.3/includes/DefaultSettings.php 2007-02-21 03:20:31.000000000 +0100
@@ -32,7 +32,7 @@
$wgConf = new SiteConfiguration;
/** MediaWiki version number */
-$wgVersion = '1.9.0';
+$wgVersion = '1.9.3';
/** Name of the site. It must be changed in LocalSettings.php */
$wgSitename = 'MediaWiki';
@@ -1096,7 +1096,7 @@
* to ensure that client-side caches don't keep obsolete copies of global
* styles.
*/
-$wgStyleVersion = '42';
+$wgStyleVersion = '42b';
# Server-side caching:
@@ -2237,7 +2237,7 @@
MEDIATYPE_VIDEO, //all plain video formats
"image/svg", //svg (only needed if inline rendering of svg is not supported)
"application/pdf", //PDF files
- #"application/x-shockwafe-flash", //flash/shockwave movie
+ #"application/x-shockwave-flash", //flash/shockwave movie
);
/**
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/includes/DjVuImage.php new/mediawiki-1.9.3/includes/DjVuImage.php
--- old/mediawiki-1.9.0/includes/DjVuImage.php 2007-01-10 21:38:11.000000000 +0100
+++ new/mediawiki-1.9.3/includes/DjVuImage.php 2007-02-21 03:20:32.000000000 +0100
@@ -216,7 +216,8 @@
function retrieveMetaData() {
global $wgDjvuToXML;
if ( isset( $wgDjvuToXML ) ) {
- $cmd = $wgDjvuToXML . ' --without-anno --without-text ' . $this->mFilename;
+ $cmd = $wgDjvuToXML . ' --without-anno --without-text ' .
+ wfEscapeShellArg( $this->mFilename );
$xml = wfShellExec( $cmd );
} else {
$xml = null;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/includes/EditPage.php new/mediawiki-1.9.3/includes/EditPage.php
--- old/mediawiki-1.9.0/includes/EditPage.php 2007-01-10 21:38:09.000000000 +0100
+++ new/mediawiki-1.9.3/includes/EditPage.php 2007-02-21 03:20:31.000000000 +0100
@@ -1765,7 +1765,7 @@
function livePreview() {
global $wgOut;
$wgOut->disable();
- header( 'Content-type: text/xml' );
+ header( 'Content-type: text/xml; charset=utf-8' );
header( 'Cache-control: no-cache' );
# FIXME
echo $this->getPreviewText( );
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/includes/Exception.php new/mediawiki-1.9.3/includes/Exception.php
--- old/mediawiki-1.9.0/includes/Exception.php 2007-01-10 21:38:11.000000000 +0100
+++ new/mediawiki-1.9.3/includes/Exception.php 2007-02-21 03:20:32.000000000 +0100
@@ -54,10 +54,11 @@
}
function getLogMessage() {
+ global $wgRequest;
$file = $this->getFile();
$line = $this->getLine();
$message = $this->getMessage();
- return "{$_SERVER['REQUEST_URI']} Exception from line $line of $file: $message";
+ return $wgRequest->getRequestURL() . " Exception from line $line of $file: $message";
}
function reportHTML() {
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/includes/GlobalFunctions.php new/mediawiki-1.9.3/includes/GlobalFunctions.php
--- old/mediawiki-1.9.0/includes/GlobalFunctions.php 2007-01-10 21:38:09.000000000 +0100
+++ new/mediawiki-1.9.3/includes/GlobalFunctions.php 2007-02-21 03:20:31.000000000 +0100
@@ -230,7 +230,7 @@
$forward .= ' anon';
$log = sprintf( "%s\t%04.3f\t%s\n",
gmdate( 'YmdHis' ), $elapsed,
- urldecode( $_SERVER['REQUEST_URI'] . $forward ) );
+ urldecode( $wgRequest->getRequestURL() . $forward ) );
if ( '' != $wgDebugLogFile && ( $wgRequest->getVal('action') != 'raw' || $wgDebugRawPage ) ) {
error_log( $log . $prof, 3, $wgDebugLogFile );
}
@@ -1078,7 +1078,7 @@
header( "Status: $code $label" );
$wgOut->sendCacheControl();
- header( 'Content-type: text/html' );
+ header( 'Content-type: text/html; charset=utf-8' );
print "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">".
"<html><head><title>" .
htmlspecialchars( $label ) .
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/includes/Image.php new/mediawiki-1.9.3/includes/Image.php
--- old/mediawiki-1.9.0/includes/Image.php 2007-01-10 21:38:09.000000000 +0100
+++ new/mediawiki-1.9.3/includes/Image.php 2007-02-21 03:20:31.000000000 +0100
@@ -2271,7 +2271,7 @@
# Check for files uploaded prior to DJVU support activation
# They have a '0' in their metadata field.
#
- if ( $this->metadata == '0' ) {
+ if ( $this->metadata == '0' || $this->metadata == '' ) {
$deja = new DjVuImage( $this->imagePath );
$this->metadata = $deja->retrieveMetaData();
$this->purgeMetadataCache();
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/includes/Metadata.php new/mediawiki-1.9.3/includes/Metadata.php
--- old/mediawiki-1.9.0/includes/Metadata.php 2007-01-10 21:38:10.000000000 +0100
+++ new/mediawiki-1.9.3/includes/Metadata.php 2007-02-21 03:20:32.000000000 +0100
@@ -81,7 +81,7 @@
return false;
} else {
$wgOut->disable();
- header( "Content-type: {$rdftype}" );
+ header( "Content-type: {$rdftype}; charset=utf-8" );
$wgOut->sendCacheControl();
return true;
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/includes/OutputPage.php new/mediawiki-1.9.3/includes/OutputPage.php
--- old/mediawiki-1.9.0/includes/OutputPage.php 2007-01-10 21:38:09.000000000 +0100
+++ new/mediawiki-1.9.3/includes/OutputPage.php 2007-02-21 03:20:31.000000000 +0100
@@ -561,6 +561,7 @@
$this->sendCacheControl();
+ $wgRequest->response()->header("Content-Type: text/html; charset=utf-8");
if( $wgDebugRedirects ) {
$url = htmlspecialchars( $this->mRedirect );
print "<html>\n<head>\n<title>Redirect</title>\n</head>\n<body>\n";
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/includes/Skin.php new/mediawiki-1.9.3/includes/Skin.php
--- old/mediawiki-1.9.0/includes/Skin.php 2007-01-10 21:38:10.000000000 +0100
+++ new/mediawiki-1.9.3/includes/Skin.php 2007-02-21 03:20:32.000000000 +0100
@@ -783,13 +783,6 @@
function printableLink() {
global $wgOut, $wgFeedClasses, $wgRequest;
- $baseurl = $_SERVER['REQUEST_URI'];
- if( strpos( '?', $baseurl ) == false ) {
- $baseurl .= '?';
- } else {
- $baseurl .= '&';
- }
- $baseurl = htmlspecialchars( $baseurl );
$printurl = $wgRequest->escapeAppendQuery( 'printable=yes' );
$s = "" . wfMsg( 'printableversion' ) . '</a>';
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/includes/SpecialRecentchangeslinked.php new/mediawiki-1.9.3/includes/SpecialRecentchangeslinked.php
--- old/mediawiki-1.9.0/includes/SpecialRecentchangeslinked.php 2007-01-10 21:38:09.000000000 +0100
+++ new/mediawiki-1.9.3/includes/SpecialRecentchangeslinked.php 2007-02-21 03:20:31.000000000 +0100
@@ -73,7 +73,7 @@
$GROUPBY = "
GROUP BY rc_cur_id,rc_namespace,rc_title,
rc_user,rc_comment,rc_user_text,rc_timestamp,rc_minor,
- rc_new, rc_id, rc_this_oldid, rc_last_oldid, rc_bot, rc_patrolled, rc_type
+ rc_new, rc_id, rc_this_oldid, rc_last_oldid, rc_bot, rc_patrolled, rc_type, rc_old_len, rc_new_len
" . ($uid ? ",wl_user" : "") . "
ORDER BY rc_timestamp DESC
LIMIT {$limit}";
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/includes/StreamFile.php new/mediawiki-1.9.3/includes/StreamFile.php
--- old/mediawiki-1.9.0/includes/StreamFile.php 2007-01-10 21:38:10.000000000 +0100
+++ new/mediawiki-1.9.3/includes/StreamFile.php 2007-02-21 03:20:31.000000000 +0100
@@ -7,7 +7,7 @@
if ( !$stat ) {
header( 'HTTP/1.0 404 Not Found' );
header( 'Cache-Control: no-cache' );
- header( 'Content-Type: text/html' );
+ header( 'Content-Type: text/html; charset=utf-8' );
$encFile = htmlspecialchars( $fname );
$encScript = htmlspecialchars( $_SERVER['SCRIPT_NAME'] );
echo "<html><body>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/includes/WebRequest.php new/mediawiki-1.9.3/includes/WebRequest.php
--- old/mediawiki-1.9.0/includes/WebRequest.php 2007-01-10 21:38:09.000000000 +0100
+++ new/mediawiki-1.9.3/includes/WebRequest.php 2007-02-21 03:20:31.000000000 +0100
@@ -314,7 +314,20 @@
* @return string
*/
function getRequestURL() {
- $base = $_SERVER['REQUEST_URI'];
+ if( isset( $_SERVER['REQUEST_URI'] ) ) {
+ $base = $_SERVER['REQUEST_URI'];
+ } elseif( isset( $_SERVER['SCRIPT_NAME'] ) ) {
+ // Probably IIS; doesn't set REQUEST_URI
+ $base = $_SERVER['SCRIPT_NAME'];
+ if( isset( $_SERVER['QUERY_STRING'] ) && $_SERVER['QUERY_STRING'] != '' ) {
+ $base .= '?' . $_SERVER['QUERY_STRING'];
+ }
+ } else {
+ // This shouldn't happen!
+ throw new MWException( "Web server doesn't provide either " .
+ "REQUEST_URI or SCRIPT_NAME. Report details of your " .
+ "web server configuration to http://bugzilla.wikimedia.org/" );
+ }
if( $base{0} == '/' ) {
return $base;
} else {
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/includes/Wiki.php new/mediawiki-1.9.3/includes/Wiki.php
--- old/mediawiki-1.9.0/includes/Wiki.php 2007-01-10 21:38:09.000000000 +0100
+++ new/mediawiki-1.9.3/includes/Wiki.php 2007-02-21 03:20:31.000000000 +0100
@@ -118,7 +118,7 @@
* Initialize the object to be known as $wgArticle for special cases
*/
function initializeSpecialCases ( &$title, &$output, $request ) {
-
+ global $wgRequest;
wfProfileIn( 'MediaWiki::initializeSpecialCases' );
$search = $this->getVal('Search');
@@ -151,8 +151,7 @@
$targetUrl = $title->getFullURL();
// Redirect to canonical url, make it a 301 to allow caching
global $wgServer, $wgUsePathInfo;
- if( isset( $_SERVER['REQUEST_URI'] ) &&
- $targetUrl == $wgServer . $_SERVER['REQUEST_URI'] ) {
+ if( $targetUrl == $wgRequest->getFullRequestURL() ) {
$message = "Redirect loop detected!\n\n" .
"This means the wiki got confused about what page was " .
"requested; this sometimes happens when moving a wiki " .
@@ -423,7 +422,8 @@
}
break;
case 'history':
- if( $_SERVER['REQUEST_URI'] == $title->getInternalURL( 'action=history' ) ) {
+ global $wgRequest;
+ if( $wgRequest->getFullRequestURL() == $title->getInternalURL( 'action=history' ) ) {
$output->setSquidMaxage( $this->getVal( 'SquidMaxage' ) );
}
$history = new PageHistory( $article );
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/index.php new/mediawiki-1.9.3/index.php
--- old/mediawiki-1.9.0/index.php 2007-01-10 21:38:39.000000000 +0100
+++ new/mediawiki-1.9.3/index.php 2007-02-21 03:20:43.000000000 +0100
@@ -14,6 +14,11 @@
$action = $wgRequest->getVal( 'action', 'view' );
$title = $wgRequest->getVal( 'title' );
+$wgTitle = $mediaWiki->checkInitialQueries( $title,$action,$wgOut, $wgRequest, $wgContLang );
+if ($wgTitle == NULL) {
+ unset( $wgTitle );
+}
+
#
# Send Ajax requests to the Ajax dispatcher.
#
@@ -26,10 +31,6 @@
exit;
}
-$wgTitle = $mediaWiki->checkInitialQueries( $title,$action,$wgOut, $wgRequest, $wgContLang );
-if ($wgTitle == NULL) {
- unset( $wgTitle );
-}
wfProfileOut( 'main-misc-setup' );
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/languages/messages/MessagesAr.php new/mediawiki-1.9.3/languages/messages/MessagesAr.php
--- old/mediawiki-1.9.0/languages/messages/MessagesAr.php 2007-01-10 21:38:37.000000000 +0100
+++ new/mediawiki-1.9.3/languages/messages/MessagesAr.php 2007-02-21 03:20:42.000000000 +0100
@@ -406,7 +406,7 @@
'noemailtext' => 'لم يحدد هذا المستخدم عنوان بريد إلكتروني صحيح،
أو طلب عدم إستلام الرسائل من المستخدمين الآخرين.',
'noemailtitle' => 'لا يوجد عنوان بريد إلكتروني',
-'noexactmatch' => 'لا يوجد صفحة بنفس العنوان، حاول البحث بشكل مفصل أكثر من خلال إستعمال صندوق البحث أدناه. بإمكانك أيضاً إنشاء [[:1|صفحة جديدة]] بالعنوان الذي طلبته.',
+'noexactmatch' => 'لا يوجد صفحة بنفس العنوان، حاول البحث بشكل مفصل أكثر من خلال إستعمال صندوق البحث أدناه. بإمكانك أيضاً إنشاء [[:$1|صفحة جديدة]] بالعنوان الذي طلبته.',
'nohistory' => 'لا يوجد تاريخ للتغييرات لهذه الصفحة.',
'nolinkshere' => 'لا يوجد صفحات تصل لهذه الصفحة.',
'nolinkstoimage' => 'لا يوجد صفحات تصل لهذه الصورة.',
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/languages/messages/MessagesHe.php new/mediawiki-1.9.3/languages/messages/MessagesHe.php
--- old/mediawiki-1.9.0/languages/messages/MessagesHe.php 2007-01-10 21:38:37.000000000 +0100
+++ new/mediawiki-1.9.3/languages/messages/MessagesHe.php 2007-02-21 03:20:42.000000000 +0100
@@ -344,7 +344,7 @@
'privacy' => 'מדיניות הפרטיות',
'privacypage' => '{{ns:project}}:מדיניות הפרטיות',
'errorpagetitle' => 'שגיאה',
-'returnto' => 'חזרו לדף $1.',
+'returnto' => 'חזרה לדף $1.',
'tagline' => 'מתוך {{SITENAME}}',
'search' => 'חיפוש',
'searchbutton' => 'חיפוש',
@@ -616,7 +616,7 @@
'link_sample' => 'קישור',
'link_tip' => 'קישור פנימי',
'extlink_sample' => 'http://www.example.com כותרת הקישור לתצוגה',
-'extlink_tip' => 'קישור חיצוני (כולל קידומת http מלאה',
+'extlink_tip' => 'קישור חיצוני (כולל קידומת http מלאה)',
'headline_sample' => 'כותרת',
'headline_tip' => 'כותרת – דרגה 2',
'math_sample' => 'formula',
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/maintenance/Doxyfile new/mediawiki-1.9.3/maintenance/Doxyfile
--- old/mediawiki-1.9.0/maintenance/Doxyfile 2007-01-10 21:37:49.000000000 +0100
+++ new/mediawiki-1.9.3/maintenance/Doxyfile 2007-02-21 03:20:14.000000000 +0100
@@ -133,7 +133,7 @@
RECURSIVE = YES
EXCLUDE =
EXCLUDE_SYMLINKS = NO
-EXCLUDE_PATTERNS =
+EXCLUDE_PATTERNS = LocalSettings.php AdminSettings.php
EXAMPLE_PATH =
EXAMPLE_PATTERNS = *
EXAMPLE_RECURSIVE = NO
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/maintenance/storage/compressOld.inc new/mediawiki-1.9.3/maintenance/storage/compressOld.inc
--- old/mediawiki-1.9.0/maintenance/storage/compressOld.inc 2007-01-10 21:37:44.000000000 +0100
+++ new/mediawiki-1.9.3/maintenance/storage/compressOld.inc 2007-02-21 03:20:07.000000000 +0100
@@ -284,8 +284,8 @@
# Store the stub objects
for ( $j = 1; $j < $thisChunkSize; $j++ ) {
- # Skip if not compressing
- if ( $stubs[$j] !== false ) {
+ # Skip if not compressing and don't overwrite the first revision
+ if ( $stubs[$j] !== false && $revs[$i + $j]->rev_text_id != $primaryOldid ) {
$dbw->update( 'text',
array( /* SET */
'old_text' => serialize($stubs[$j]),
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/maintenance/updaters.inc new/mediawiki-1.9.3/maintenance/updaters.inc
--- old/mediawiki-1.9.0/maintenance/updaters.inc 2007-01-10 21:37:49.000000000 +0100
+++ new/mediawiki-1.9.3/maintenance/updaters.inc 2007-02-21 03:20:14.000000000 +0100
@@ -35,7 +35,6 @@
array( 'langlinks', 'patch-langlinks.sql' ),
array( 'querycache_info', 'patch-querycacheinfo.sql' ),
array( 'filearchive', 'patch-filearchive.sql' ),
- array( 'redirect', 'patch-redirect.sql' ),
array( 'querycachetwo', 'patch-querycachetwo.sql' ),
);
@@ -43,7 +42,6 @@
# table field patch file (in maintenance/archives)
array( 'ipblocks', 'ipb_id', 'patch-ipblocks.sql' ),
array( 'ipblocks', 'ipb_expiry', 'patch-ipb_expiry.sql' ),
- array( 'ipblocks', 'ipb_enable_autoblock', 'patch-ipb_optional_autoblock.sql' ),
array( 'recentchanges', 'rc_type', 'patch-rc_type.sql' ),
array( 'recentchanges', 'rc_ip', 'patch-rc_ip.sql' ),
array( 'recentchanges', 'rc_id', 'patch-rc_id.sql' ),
@@ -66,6 +64,7 @@
array( 'ipblocks', 'ipb_range_start', 'patch-ipb_range_start.sql' ),
array( 'site_stats', 'ss_images', 'patch-ss_images.sql' ),
array( 'ipblocks', 'ipb_anon_only', 'patch-ipb_anon_only.sql' ),
+ array( 'ipblocks', 'ipb_enable_autoblock', 'patch-ipb_optional_autoblock.sql' ),
array( 'user', 'user_newpass_time','patch-user_newpass_time.sql' ),
array( 'user', 'user_editcount', 'patch-user_editcount.sql' ),
);
@@ -902,7 +901,9 @@
do_page_random_update(); flush();
do_rc_indices_update(); flush();
-
+
+ add_table( 'redirect', 'patch-redirect.sql' );
+
do_backlinking_indices_update(); flush();
echo "Deleting old default messages..."; flush();
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/RELEASE-NOTES new/mediawiki-1.9.3/RELEASE-NOTES
--- old/mediawiki-1.9.0/RELEASE-NOTES 2007-01-10 21:38:39.000000000 +0100
+++ new/mediawiki-1.9.3/RELEASE-NOTES 2007-02-21 03:20:43.000000000 +0100
@@ -3,6 +3,87 @@
Security reminder: MediaWiki does not require PHP's register_globals
setting since version 1.2.0. If you have it on, turn it *off* if you can.
+== MediaWiki 1.9.3 ==
+
+February 20, 2007
+
+This is a security and bug-fix update to the Winter 2007 quarterly release.
+Minor compatibility fixes for IIS and PostgreSQL are included.
+
+An XSS injection vulnerability based on Microsoft Internet Explorer's UTF-7
+charset autodetection was located in the AJAX support module, affecting MSIE
+users on MediaWiki 1.6.x and up when the optional setting $wgUseAjax is
+enabled.
+
+If you are using an extension based on the optional Ajax module,
+either disable it or upgrade to a version containing the fix:
+
+* 1.9: fixed in 1.9.3
+* 1.8: fixed in 1.8.4
+* 1.7: fixed in 1.7.3
+* 1.6: fixed in 1.6.10
+
+There is no known danger in the default configuration, with $wgUseAjax off.
+
+* (bug 8992) Fix a remaining raw use of REQUEST_URI in history
+* (bug 8984) Fix a database error in Special:Recentchangeslinked
+ when using the PostgreSQL database.
+* Add 'charset' to Content-Type headers on various HTTP error responses
+ to forestall additional UTF-7-autodetect XSS issues. PHP sends only
+ 'text/html' by default when the script didn't specify more details,
+ which some inconsiderate browsers consider a license to autodetect
+ the deadly, hard-to-escape UTF-7.
+ This fixes an issue with the Ajax interface error message on MSIE when
+ $wgUseAjax is enabled (not default configuration); this UTF-7 variant
+ on a previously fixed attack vector was discovered by Moshe BA from BugSec:
+ http://www.bugsec.com/articles.php?Security=24
+* Trackback responses now specify XML content type
+
+
+== MediaWiki 1.9.2 ==
+
+February 4, 2007
+
+This is a bug-fix update that fixes some installation and other minor
+issues with the 1.9.1 release as well as a security issue which was
+introduced in the 1.9 branch.
+
+JavaScript code which regenerated the "sortable tables" feature did
+not properly sanitize input, leading to an HTML injection vulnerability.
+
+* (bug 8774) Fix path for GNU FDL rights icon on new installs
+* (bug 8819) Fix full path disclosure with skins dependencies
+* (bug 4268) Fixed data-loss bug in compressOld batch text compression
+ affecting pages which had null edits (move, protect, etc) as second
+ edit in a batch group. Isolated and patched by Travis Derouin.
+* Security fix for sortable tables JavaScript
+
+
+== MediaWiki 1.9.1 ==
+
+January 24, 2007
+
+This is a bug-fix update that fixes some installation and upgrade issues
+with the original 1.9.0 release.
+
+* (bug 3000) Fall back to SCRIPT_NAME plus QUERY_STRING when REQUEST_URI is
+ not available, as on IIS with PHP-CGI
+* Security fix for DjVu images. (Only affects servers where .djvu file
+ uploads are enabled and $wgDjvuToXML is set.)
+* (bug 8638) Fix update from 1.4 and earlier
+* (bug 8641) Fix order of updates to ipblocks table for updates from <=1.7
+* (bug 8673) Minor fix for web service API content-type header
+* Fix API revision list on PHP 5.2.1; bad reference assignment
+* Fixed up the AjaxSearch
+* Exclude settings files when generating documentation. That could
+ expose the database user and password to remote users.
+* ar: fix the 'create a new page' on search page when no exact match found
+* Correct tooltip accesskey hint for Opera on the Macintosh
+ (uses Shift-Esc-, not Ctrl-).
+* (bug 8719) Firefox release notes lie! Fix tooltips for Firefox 2 on x11;
+ accesskeys default settings appear to be same as Windows.
+
+
== MediaWiki 1.9 ==
January 10, 2007
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/skins/Chick.deps.php new/mediawiki-1.9.3/skins/Chick.deps.php
--- old/mediawiki-1.9.0/skins/Chick.deps.php 2007-01-10 21:37:58.000000000 +0100
+++ new/mediawiki-1.9.3/skins/Chick.deps.php 2007-02-21 03:20:22.000000000 +0100
@@ -5,6 +5,9 @@
// changed on a subsequent page view.
// see http://mail.wikipedia.org/pipermail/wikitech-l/2006-January/033660.html
+if ( ! defined( 'MEDIAWIKI' ) )
+ die( 1 );
+
require_once('includes/SkinTemplate.php');
require_once('MonoBook.php');
-?>
\ No newline at end of file
+?>
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/mediawiki-1.9.0/skins/common/sorttable.js new/mediawiki-1.9.3/skins/common/sorttable.js
--- old/mediawiki-1.9.0/skins/common/sorttable.js 2007-01-10 21:37:58.000000000 +0100
+++ new/mediawiki-1.9.3/skins/common/sorttable.js 2007-02-21 03:20:22.000000000 +0100
@@ -55,9 +55,8 @@
// We have a first row: assume it's the header, and make its contents clickable links
for (var i=0;i