summaryrefslogtreecommitdiff
AgeCommit message (Expand)Author
2017-04-11Bumping release version to 1.23.171.23.17REL1_23Chad Horohoe
2017-04-07Merge "Fix up new-style arrays that snuck into REL1_23" into REL1_23Chad
2017-04-07Fix up new-style arrays that snuck into REL1_23Chad Horohoe
2017-04-07Fix short array syntax in REL1_23 branchTim Starling
2017-04-06Bump $wgVersion and finalise RELEASE-NOTES for 1.23.161.23.16Reedy
2017-04-06SECURITY: Do not allow users to undelete a page they can't edit or createBrian Wolff
2017-04-06SECURITY: Always normalize link url before adding to ParserOutputBrian Wolff
2017-04-06SECURITY: Whitelist DTD declaration in SVGBrian Wolff
2017-04-06SECURITY: Escape wikitext content model/format in messageBrian Wolff
2017-04-06SECURITY: SpecialWatchlist: Check CSRF token when using "Mark all pages visited"Bartosz DziewoƄski
2017-04-06SECURITY: API: Don't log "sensitive" parametersBrad Jorsch
2017-04-06SECURITY: XSS in search if $wgAdvancedSearchHighlighting = true;Brian Wolff
2017-04-06SECURITY: Do not directly redirect to interwikis, but use splash pageReedy
2017-04-05Merge "API: Insist authn parameters be in the POST body" into REL1_23Reedy
2017-04-05Fix phpunit test added in 57efcafa8a3a64fBrian Wolff
2017-04-02API: Insist authn parameters be in the POST bodyBrad Jorsch
2017-04-01SECURITY: Disable <html> tag on system messages despite $wgRawHtml = true;Brian Wolff
2016-10-18Disallow css attr() with url typecsteipp
2016-09-11Add missing global $wgUseXVO to RawAction.phpPaladox
2016-09-01Merge "Followup af6d9aba: $search is a string, not an object" into REL1_23jenkins-bot
2016-08-231.23.15: Release notes and bump version number1.23.15Chad Horohoe
2016-08-23SECURITY: API: Generate head items in the context of the given titleBrad Jorsch
2016-08-23SECURITY: XSS in unclosed internal linksBrian Wolff
2016-08-23SECURITY: Escape '<' and ']]>' in inline <style> blocksBrian Wolff
2016-08-22SECURITY: Require login to preview user CSS pagesBrian Wolff
2016-08-22SECURITY: Do not allow undeleting a revdel'd file if its top fileBrian Wolff
2016-08-22SECURITY: Make $wgBlockDisablesLogin also restrict logged in permissionsBrian Wolff
2016-08-22SECURITY: Make blocks log users out if $wgBlockDisablesLoginBrian Wolff
2016-08-19SECURITY: Check read permission when loading page content in ApiParse.Daniel Kinzler
2016-08-18Followup af6d9aba: $search is a string, not an objectChad Horohoe
2016-08-11Remove support for $wgWellFormedXml=falseBrian Wolff
2016-08-11Merge "Use ipb_id when updating expiry in Block::updateTimestamp()" into REL1_23jenkins-bot
2016-08-10Use ipb_id when updating expiry in Block::updateTimestamp()Kunal Mehta
2016-08-10Set the default database schema to "mediawiki" so as not to break the CLI ins...Paladox
2016-07-19Remove support for getenv('http_proxy') in MediaWikiChad Horohoe
2016-06-30Fix parser tests. <nowiki> no longer escapes quotes.Brian Wolff
2016-05-20I iz ugh1.23.14Max Semenik
2016-05-20Fix fatal with PHP 5.3Max Semenik
2016-05-20Bump to 1.23.14 for taggingChad Horohoe
2016-05-18Add rel="noreferrer noopener" when target attribute would open windowBrian Wolff
2016-05-18SECURITY: Rate limit moves via the APIBrad Jorsch
2016-05-18SECURITY: Wrap diff generation in PoolCounterMax Semenik
2016-05-18Enforce upper limit on invocations of wfShellExec()Darian Anthony Patrick
2016-05-18Canonicalize usernames before rate limiting loginsBrian Wolff
2016-05-18Use global cache keys login/create account rate limittingChad Horohoe
2016-05-18SECURITY: RawAction: Vary on the usual headersBrad Jorsch
2016-05-18SECURITY: Improve cross-domain-policy manglingBrad Jorsch
2016-05-18SECURITY: Don't use m modifier when checking link prefixcsteipp
2016-05-18SECURITY: Check for mbstring.func_overload at runtimeBrad Jorsch
2016-05-18Reset wsEditToken on loginBrian Wolff
generated by cgit v1.2.3 (git 2.44.0) at 2024-05-02 07:04:44 +0000