summaryrefslogtreecommitdiff
AgeCommit message (Expand)Author
2016-08-231.26.4: release notes and bump version number1.26.4REL1_26Chad Horohoe
2016-08-23SECURITY: API: Generate head items in the context of the given titleBrad Jorsch
2016-08-23SECURITY: XSS in unclosed internal linksBrian Wolff
2016-08-23SECURITY: Escape '<' and ']]>' in inline <style> blocksBrian Wolff
2016-08-22SECURITY: Require login to preview user CSS pagesBrian Wolff
2016-08-22SECURITY: Do not allow undeleting a revdel'd file if its top fileBrian Wolff
2016-08-22SECURITY: Make $wgBlockDisablesLogin also restrict logged in permissionsBrian Wolff
2016-08-22SECURITY: Make blocks log users out if $wgBlockDisablesLoginBrian Wolff
2016-08-19SECURITY: Check read permission when loading page content in ApiParse.Daniel Kinzler
2016-08-10Remove support for $wgWellFormedXml=falseBrian Wolff
2016-08-10Use ipb_id when updating expiry in Block::updateTimestamp()Kunal Mehta
2016-07-19Remove support for getenv('http_proxy') in MediaWikiChad Horohoe
2016-06-18Fix heading levels in release notesLewis Cawte
2016-06-16Don't quote assert expressions in DairikiDiffOri Livneh
2016-05-22Suppress session_destroy() warnings for unit testsBrian Wolff
2016-05-20I iz ugh1.26.3Max Semenik
2016-05-20Fix fatal with PHP 5.3Max Semenik
2016-05-20Bump to 1.26.3 for taggingChad Horohoe
2016-05-18Add rel="noreferrer noopener" when target attribute would open windowBrian Wolff
2016-05-18SECURITY: Rate limit moves via the APIBrad Jorsch
2016-05-18SECURITY: Wrap diff generation in PoolCounterMax Semenik
2016-05-18Enforce upper limit on invocations of wfShellExec()Darian Anthony Patrick
2016-05-18SECURITY: Throw exception on unknown hash algorithmcsteipp
2016-05-18Canonicalize usernames before rate limiting loginsBrian Wolff
2016-05-18Use global cache keys login/create account rate limittingChad Horohoe
2016-05-18SECURITY: RawAction: Vary on the usual headersBrad Jorsch
2016-05-18SECURITY: Improve cross-domain-policy manglingBrad Jorsch
2016-05-18SECURITY: Don't use m modifier when checking link prefixcsteipp
2016-05-18SECURITY: Check for mbstring.func_overload at runtimeBrad Jorsch
2016-05-18Reset wsEditToken on loginBrian Wolff
2016-05-18Update default hash storage settingsChad Horohoe
2016-05-18SECURITY: Include quote characters in strip markers so esc in attrBrian Wolff
2016-05-18SECURITY: Add class to <a> for patrol links so it can't be spoofed by userBrian Wolff
2016-05-18API: Add "standard" header and hook for lacksSameOriginSecurity()Brad Jorsch
2016-04-06Merge "Clear previously left-over PQresult before calling pg_get_result()"cicalese
2016-03-19Handle HTTPS when running jobs asynchronouslyCindy Cicalese
2016-03-14Merge "resoureloader: Consolidate styles-only queue at the top" into REL1_26jenkins-bot
2016-03-14Merge "build: Set private flag in package.json (for now)" into REL1_26jenkins-bot
2016-03-04qunit: Don't require expect() anymoreTimo Tijhof
2016-03-04mediawiki.widgets.CategorySelector: Add missing dependency for ForeignApi and...Timo Tijhof
2016-03-03build: Set private flag in package.json (for now)James D. Forrester
2016-02-28resoureloader: Consolidate styles-only queue at the topTimo Tijhof
2016-01-10Add missing RELEASE-NOTES for backport.Reedy
2016-01-10Fix exception in Import, when import of a revision failsThis, that and the other
2015-12-25Fix "Undefined property: DiffEngine::$seq" under HHVM in DairikiDiff.phpEdward Chernenko
2015-12-20Prep 1.26.21.26.2Reedy
2015-12-20Fix Fatal on various special pages introduced in 1.26.1Reedy
2015-12-171.26.1: Bump version and add release notes1.26.1Chad Horohoe
2015-12-17Add $query to JavaScript redirect infoBartosz DziewoƄski
2015-12-17SECURITY: Make Special:MyPage and friends fake redirect to prevent info leakcsteipp
generated by cgit v1.2.3 (git 2.44.0) at 2024-05-02 02:30:33 +0000