summaryrefslogtreecommitdiff
AgeCommit message (Expand)Author
2016-05-20I iz ugh1.25.6REL1_25Max Semenik
2016-05-20Fix fatal with PHP 5.3Max Semenik
2016-05-20Bump to 1.25.6 for taggingChad Horohoe
2016-05-18Add rel="noreferrer noopener" when target attribute would open windowBrian Wolff
2016-05-18SECURITY: Rate limit moves via the APIBrad Jorsch
2016-05-18SECURITY: Wrap diff generation in PoolCounterMax Semenik
2016-05-18Enforce upper limit on invocations of wfShellExec()Darian Anthony Patrick
2016-05-18SECURITY: Throw exception on unknown hash algorithmcsteipp
2016-05-18Canonicalize usernames before rate limiting loginsBrian Wolff
2016-05-18Use global cache keys login/create account rate limittingChad Horohoe
2016-05-18SECURITY: RawAction: Vary on the usual headersBrad Jorsch
2016-05-18SECURITY: Improve cross-domain-policy manglingBrad Jorsch
2016-05-18SECURITY: Don't use m modifier when checking link prefixcsteipp
2016-05-18SECURITY: Check for mbstring.func_overload at runtimeBrad Jorsch
2016-05-18Reset wsEditToken on loginBrian Wolff
2016-05-18Update default hash storage settingsChad Horohoe
2016-05-18SECURITY: Include quote characters in strip markers so esc in attrcsteipp
2016-05-18SECURITY: Add class to <a> for patrol links so it can't be spoofed by userBrian Wolff
2016-05-18SECURITY: API: Add "standard" header and hook for lacksSameOriginSecurity()Brad Jorsch
2016-05-15Merge "Bump composer-merge-plugin to v1.3.1" into REL1_25jenkins-bot
2016-05-12Bump composer-merge-plugin to v1.3.1Bryan Davis
2016-03-04Merge "sajax: Explicitly specify released under 3-clause BSD license" into RE...jenkins-bot
2016-03-03build: Bump various devDependenciesJames D. Forrester
2016-03-03sajax: Explicitly specify released under 3-clause BSD licenseKunal Mehta
2016-02-16Fix exception in Import, when import of a revision failsThis, that and the other
2015-12-20Prep 1.25.51.25.5Reedy
2015-12-20Fix Fatal on various special pages introduced in 1.25.4Reedy
2015-12-171.25.4: Prep release notes and bump version number1.25.4Chad Horohoe
2015-12-17Add $query to JavaScript redirect infoBartosz Dziewoński
2015-12-17SECURITY: Make Special:MyPage and friends fake redirect to prevent info leakcsteipp
2015-12-17Fixed some doc errors in tryNormaliseRedirect()Aaron Schulz
2015-12-17MediaWiki.php: Factor out tryNormaliseRedirectTimo Tijhof
2015-12-17Really validate that $wgArticlePath starts with a slashBartosz Dziewoński
2015-12-17Validates wgArticlePath does start with slash (/).JuneHyeon Bae
2015-12-17Fix IP::toHex for IPv4 addresses with a double/triple 0 blockMarius Hoch
2015-12-17[SECURITY] 0-pad to length in random string generationBrad Jorsch
2015-12-17SECURITY: Work around CURL insanity breaking POST parameters that start with '@'Roan Kattouw
2015-12-17Use hash_equals in User::matchEditTokenGergő Tisza
2015-12-14Don't install a custom error handler for hooksOri Livneh
2015-12-02Fixup MW for HHVM Repo Authorative modeReedy
2015-12-01tests: let us select/exclude ParserTestsAntoine Musso
2015-11-20Added RakefileŽeljko Filipin
2015-10-17Fix mw.notify not being visible if first loaded when scrolled downMatt Russell
2015-10-16$wgUseGzip had no effectSeb35
2015-10-161.25.3 version bump and release notes1.25.3Chad Horohoe
2015-10-16Avoid exposure of local path in PNG thumbnailsDarian Anthony Patrick
2015-10-16SECURITY: RevDel: Check all revisions for suppression, not just the firstBrad Jorsch
2015-10-16SECURITY: API: Improve validation in chunked uploadingChad Horohoe
2015-10-15SECURITY: Throttle uploadscsteipp
2015-10-08Fixed edit stash inclusion queriesAaron Schulz
generated by cgit v1.2.3 (git 2.44.0) at 2024-05-02 02:37:20 +0000