diff options
author | Sam Reed <reedy@users.mediawiki.org> | 2012-01-11 21:58:58 +0000 |
---|---|---|
committer | Sam Reed <reedy@users.mediawiki.org> | 2012-01-11 21:58:58 +0000 |
commit | 631af7bd17072a2b36801c6069cd0a44b1c60030 (patch) | |
tree | c5d7fe94ab05b7ba4d45f4a555c01d5efde9cf8c | |
parent | ad0458fd6d1470cccdfdf17ce1f0a4ac110b5e28 (diff) |
* (bug 33117) prop=revisions allows deleted text to be exposed through cache pollution1.17.2
Bump 1.17.2
Notes
http://mediawiki.org/wiki/Special:Code/MediaWiki/108686
-rw-r--r-- | RELEASE-NOTES | 8 | ||||
-rw-r--r-- | includes/DefaultSettings.php | 2 | ||||
-rw-r--r-- | includes/api/ApiQueryRevisions.php | 2 |
3 files changed, 8 insertions, 4 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 53fa8c0dba66..b5a1c2cc7eeb 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -4,10 +4,12 @@ Security reminder: MediaWiki does not require PHP's register_globals setting since version 1.2.0. If you have it on, turn it '''off''' if you can. == MediaWiki 1.17.2 == +2012-01-11 -????-??-?? +This a maintenance and security release of the MediaWiki 1.17 branch. -This is a maintenance release of the MediaWiki 1.17 branch. +=== Security changes === +* (bug 33117) prop=revisions allows deleted text to be exposed through cache pollution. === Changes since 1.17.1 === * (bug 32709) Private Wiki users were always taken to Special:Badtitle on login. @@ -85,6 +87,8 @@ Selected changes since MediaWiki 1.16 that may be of interest: * (bug 30219) The page shown when LocalSettings.php does not exist was broken on Windows servers. * Hardcoded NLS_NUMERIC_CHARACTERS for Oracle DB to prevent type conversion errors. +* Fixed recentchanges FK violation on page delete and cache purge error in updater + for Oracle DB. === Changes since 1.17.0rc1 === diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 0395633d8387..883f1b466ba4 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -34,7 +34,7 @@ if ( !defined( 'MW_PHP4' ) ) { /** @endcond */ /** MediaWiki version number */ -$wgVersion = '1.17.1'; +$wgVersion = '1.17.2'; /** Name of the site. It must be changed in LocalSettings.php */ $wgSitename = 'MediaWiki'; diff --git a/includes/api/ApiQueryRevisions.php b/includes/api/ApiQueryRevisions.php index 2d7e549fa200..44da15fee320 100644 --- a/includes/api/ApiQueryRevisions.php +++ b/includes/api/ApiQueryRevisions.php @@ -131,7 +131,7 @@ class ApiQueryRevisions extends ApiQueryBase { if ( !$difftoRev ) { $this->dieUsageMsg( array( 'nosuchrevid', $params['diffto'] ) ); } - if ( !$difftoRev->userCan( Revision::DELETED_TEXT ) ) { + if ( $difftoRev->isDeleted( Revision::DELETED_TEXT ) ) { $this->setWarning( "Couldn't diff to r{$difftoRev->getID()}: content is hidden" ); $params['diffto'] = null; } |