diff options
| author | Sam Reed <reedy@users.mediawiki.org> | 2012-01-11 21:59:55 +0000 |
|---|---|---|
| committer | Sam Reed <reedy@users.mediawiki.org> | 2012-01-11 21:59:55 +0000 |
| commit | 5f19d09b5fbd772d91cf697e2d1c718e09202098 (patch) | |
| tree | 5353f91d9a32d8e43b9226c180e4455f2487a4c6 | |
| parent | 6be7942359c63ea2397ba38be5c9fce18db5849d (diff) | |
* (bug 33117) prop=revisions allows deleted text to be exposed through cache pollution1.18.1
Bump 1.18.1
Notes
http://mediawiki.org/wiki/Special:Code/MediaWiki/108687
| -rw-r--r-- | RELEASE-NOTES-1.18 | 10 | ||||
| -rw-r--r-- | includes/DefaultSettings.php | 2 | ||||
| -rw-r--r-- | includes/api/ApiQueryRevisions.php | 2 |
3 files changed, 8 insertions, 6 deletions
diff --git a/RELEASE-NOTES-1.18 b/RELEASE-NOTES-1.18 index cd0ca552c881..01f750b2b6c0 100644 --- a/RELEASE-NOTES-1.18 +++ b/RELEASE-NOTES-1.18 @@ -4,10 +4,12 @@ Security reminder: MediaWiki does not require PHP's register_globals setting since version 1.2.0. If you have it on, turn it '''off''' if you can. == MediaWiki 1.18.1 == +2012-01-11 -????-??-?? +This a maintenance and security release of the MediaWiki 1.18 branch. -???????????????????????????????????????????????????????????? +=== Security changes === +* (bug 33117) prop=revisions allows deleted text to be exposed through cache pollution. === Changes since 1.18.0 === * (bug 32712) Fix for search indexing of pages with certain unicode chars following URL. @@ -742,8 +744,8 @@ changes to languages because of Bugzilla reports. * (bug 27681) Set $namespaceGenderAliases for Portuguese (pt and pt-br). * (bug 27785) Fallback language for Kabardian (kbd) is English now. * (bug 27825) Raw watchlist edit message now uses formatted numbers. -* (bug 28040) Turkish: properly lower case 'I' to 'ı' (dotless i) and - uppercase 'i' to 'İ' (dotted i). +* (bug 28040) Turkish: properly lower case 'I' to 'i' (dotless i) and + uppercase 'i' to 'I' (dotted i). * Conversion script between Syllabics and Latin for the Inuktitut language. * Date formats for Indonesian (id) updated. * Bhojpuri (bho) (renamed from "bh"). diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index ecc232ffc570..9d387fb5c971 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -33,7 +33,7 @@ $wgConf = new SiteConfiguration; /** @endcond */ /** MediaWiki version number */ -$wgVersion = '1.18.0'; +$wgVersion = '1.18.1'; /** Name of the site. It must be changed in LocalSettings.php */ $wgSitename = 'MediaWiki'; diff --git a/includes/api/ApiQueryRevisions.php b/includes/api/ApiQueryRevisions.php index 378a25636f72..401406bba066 100644 --- a/includes/api/ApiQueryRevisions.php +++ b/includes/api/ApiQueryRevisions.php @@ -136,7 +136,7 @@ class ApiQueryRevisions extends ApiQueryBase { if ( !$difftoRev ) { $this->dieUsageMsg( array( 'nosuchrevid', $params['diffto'] ) ); } - if ( !$difftoRev->userCan( Revision::DELETED_TEXT ) ) { + if ( $difftoRev->isDeleted( Revision::DELETED_TEXT ) ) { $this->setWarning( "Couldn't diff to r{$difftoRev->getID()}: content is hidden" ); $params['diffto'] = null; } |