summaryrefslogtreecommitdiff
AgeCommit message (Expand)Author
2017-11-15Add missing ComposerVendorHtaccessCreator class to autoload.phpREL1_28Reedy
2017-11-15Fix tests for I7afaa955a4b393ef00b11e420709bd62b84fbc71Gergő Tisza
2017-11-15Fix phpcs issues from LanguageConverter patchesReedy
2017-11-15Follow-up I077d30c50 fix phpcs errorBrian Wolff
2017-11-15Fix langauge converter parser test with self-close tagsBrian Wolff
2017-11-15Fix LanguageSrTest for language converterBrian Wolff
2017-11-14Bump 1.28.31.28.3Reedy
2017-11-14SECURITY: Handle -{}- syntax in attributes safelyBrian Wolff
2017-11-14SECURITY: XSS in langconverter when regex hits pcre.backtrack_limitBrian Wolff
2017-11-14SECURITY: update.php: Remove eval-stdin.php if necessaryKunal Mehta
2017-11-14SECURITY: Create a .htaccess in /vendor after composer runsKunal Mehta
2017-11-14SECURITY: Make anchor for headlines escape > and <Max Semenik
2017-11-14SECURITY: Ensure Message::rawParams can't lead to XSSBrian Wolff
2017-11-14SECURITY: Do not reveal if user exists during login failureBrian Wolff
2017-11-14SECURITY: API: Avoid some silliness with browser-guessed filenamesBrad Jorsch
2017-11-14SECURITY: Add throttling for BotPasswords authentication attemptsBrad Jorsch
2017-11-14SECURITY: Escape internal error messageBrian Wolff
2017-11-11Suggest running composer (install|update) with --no-devReedy
2017-11-10Updated dev dependancy phpunit/phpunit from v4.8.24 to v4.8.36Reedy
2017-11-06Add RELEASE-NOTES for 1.28 backportsReedy
2017-11-01importDump.php: Declare uploadCount propertyMark A. Hershberger
2017-10-16Remove use of implicitGroupBy() in ActiveUsersPagerAaron Schulz
2017-09-12Quote $default in PostgresUpdater::setDefaultReedy
2017-08-28Merge "Fix/hack ErrorPageError to work from non-UI contexts" into REL1_28jenkins-bot
2017-08-28CryptRand: only use random_bytes on php 7 and HHVMDerk-Jan Hartman
2017-08-28Add support for PHP7 random_bytes in favor of mcrypt_create_ivDerk-Jan Hartman
2017-08-26Fix/hack ErrorPageError to work from non-UI contextsChad Horohoe
2017-07-28Merge "Allow namespaces defined in extension.json to be overwritten locally."...jenkins-bot
2017-07-17Allow SVGs using an older proposed recommendation DTDMatthias Mullie
2017-07-12Allow namespaces defined in extension.json to be overwritten locally.daniel
2017-07-07Merge "Fix phrase search" into REL1_28jenkins-bot
2017-07-06registration: Provide credits information to callbacksKunal Mehta
2017-07-06Fix phrase searchDavid Causse
2017-06-28Fix highlighting for phrase queriesDavid Causse
2017-06-14Fix Postgres supportmwjames
2017-06-12Make DeferredUpdates detect LBFactory transaction roundsAaron Schulz
2017-06-07Use AutoCommitUpdate instead of Database->onTransactionIdleSeb35
2017-06-02Better handling of jobs execution in post-connection shutdownSeb35
2017-05-19Add missing doUpdates() call to refreshLinks.phpAaron Schulz
2017-04-30Merge "Bump version to 1.28.2 for new point release" into REL1_281.28.2jenkins-bot
2017-04-30Bump version to 1.28.2 for new point releaseChad Horohoe
2017-04-27Merge "Replace use of &$this" into REL1_28jenkins-bot
2017-04-27Replace use of &$thisBrad Jorsch
2017-04-27Work around &$this usage in SkinTemplateGeoffrey Mon
2017-04-21Add wikimedia/testing-access-wrapperGergő Tisza
2017-04-11chmod -x SpecialNewpages.phpKunal Mehta
2017-04-06Bump $wgVersion and finalise RELEASE-NOTES for 1.28.11.28.1Reedy
2017-04-06SECURITY: Do not allow users to undelete a page they can't edit or createBrian Wolff
2017-04-06SECURITY: Always normalize link url before adding to ParserOutputBrian Wolff
2017-04-06SECURITY: Don't write LocalisationCache to temporary directoryReedy
generated by cgit v1.2.3 (git 2.44.0) at 2024-05-02 00:57:44 +0000