r108686 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r108685‎ \| r108686 \| r108687 >
Date:	21:58, 11 January 2012
Author:	reedy
Status:	ok
Tags:
Comment:	* (bug 33117) prop=revisions allows deleted text to be exposed through cache pollution Bump 1.17.2
Modified paths:	/branches/REL1_17/phase3/RELEASE-NOTES (modified) (history) /branches/REL1_17/phase3/includes/DefaultSettings.php (modified) (history) /branches/REL1_17/phase3/includes/api/ApiQueryRevisions.php (modified) (history)

Diff [purge]

Index: branches/REL1_17/phase3/includes/api/ApiQueryRevisions.php
—	—	@@ -131,7 +131,7 @@
132	132	if ( !$difftoRev ) {
133	133	$this->dieUsageMsg( array( 'nosuchrevid', $params['diffto'] ) );
134	134	}
135		~~- if ( !$difftoRev->userCan( Revision::DELETED_TEXT ) ) {~~
	135	+ if ( $difftoRev->isDeleted( Revision::DELETED_TEXT ) ) {
136	136	$this->setWarning( "Couldn't diff to r{$difftoRev->getID()}: content is hidden" );
137	137	$params['diffto'] = null;
138	138	}
Index: branches/REL1_17/phase3/includes/DefaultSettings.php
—	—	@@ -34,7 +34,7 @@
35	35	/** @endcond */
36	36
37	37	/** MediaWiki version number */
38		~~-$wgVersion = '1.17.1';~~
	38	+$wgVersion = '1.17.2';
39	39
40	40	/** Name of the site. It must be changed in LocalSettings.php */
41	41	$wgSitename = 'MediaWiki';
Index: branches/REL1_17/phase3/RELEASE-NOTES
—	—	@@ -4,10 +4,12 @@
5	5	setting since version 1.2.0. If you have it on, turn it '''off''' if you can.
6	6
7	7	== MediaWiki 1.17.2 ==
	8	+2012-01-11
8	9
9		~~-????-??-??~~
	10	+This a maintenance and security release of the MediaWiki 1.17 branch.
10	11
11		~~-This is a maintenance release of the MediaWiki 1.17 branch.~~
	12	+=== Security changes ===
	13	+* (bug 33117) prop=revisions allows deleted text to be exposed through cache pollution.
12	14
13	15	=== Changes since 1.17.1 ===
14	16	* (bug 32709) Private Wiki users were always taken to Special:Badtitle on login.
—	—	@@ -85,6 +87,8 @@
86	88	* (bug 30219) The page shown when LocalSettings.php does not exist was broken on
87	89	Windows servers.
88	90	* Hardcoded NLS_NUMERIC_CHARACTERS for Oracle DB to prevent type conversion errors.
	91	+* Fixed recentchanges FK violation on page delete and cache purge error in updater
	92	+ for Oracle DB.
89	93
90	94	=== Changes since 1.17.0rc1 ===
91	95

Follow-up revisions

Revision	Commit summary	Author	Date
r108687	* (bug 33117) prop=revisions allows deleted text to be exposed through cache ...	reedy	21:59, 11 January 2012

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r108682	* (bug 33117) prop=revisions allows deleted text to be exposed through cache ...	reedy	21:52, 11 January 2012
r108683	* (bug 33117) prop=revisions allows deleted text to be exposed through cache ...	reedy	21:52, 11 January 2012

Status & tagging log

22:01, 11 January 2012 😂 (talk | contribs) changed the status of r108686 [removed: new added: ok]