| Index: branches/REL1_9/phase3/skins/common/wikibits.js |
| — | — | @@ -853,7 +853,7 @@ |
| 854 | 854 | |
| 855 | 855 | function sortableTables() { |
| 856 | 856 | if (getElementsByClassName(document, "table", "sortable").length != 0) { |
| 857 | | - document.write('<script type="text/javascript" src="'+stylepath+'/common/sorttable.js"></script>'); |
| | 857 | + document.write('<script type="text/javascript" src="'+stylepath+'/common/sorttable.js?1"></script>'); |
| 858 | 858 | } |
| 859 | 859 | } |
| 860 | 860 | |
| Index: branches/REL1_9/phase3/skins/common/sorttable.js |
| — | — | @@ -55,9 +55,8 @@ |
| 56 | 56 | // We have a first row: assume it's the header, and make its contents clickable links |
| 57 | 57 | for (var i=0;i<firstRow.cells.length;i++) { |
| 58 | 58 | var cell = firstRow.cells[i]; |
| 59 | | - var txt = ts_getInnerText(cell); |
| 60 | 59 | if (cell.className != "unsortable" && cell.className.indexOf("unsortable") == -1) { |
| 61 | | - cell.innerHTML = txt+' <a href="#" class="sortheader" onclick="ts_resortTable(this);return false;"><span class="sortarrow"><img src="'+ image_path + image_none + '" alt="↓"/></span></a>'; |
| | 60 | + cell.innerHTML += ' <a href="#" class="sortheader" onclick="ts_resortTable(this);return false;"><span class="sortarrow"><img src="'+ image_path + image_none + '" alt="↓"/></span></a>'; |
| 62 | 61 | } |
| 63 | 62 | } |
| 64 | 63 | if (alternate_row_colors) { |
| Index: branches/REL1_9/phase3/includes/DefaultSettings.php |
| — | — | @@ -32,7 +32,7 @@ |
| 33 | 33 | $wgConf = new SiteConfiguration; |
| 34 | 34 | |
| 35 | 35 | /** MediaWiki version number */ |
| 36 | | -$wgVersion = '1.9.1'; |
| | 36 | +$wgVersion = '1.9.2'; |
| 37 | 37 | |
| 38 | 38 | /** Name of the site. It must be changed in LocalSettings.php */ |
| 39 | 39 | $wgSitename = 'MediaWiki'; |
| — | — | @@ -1096,7 +1096,7 @@ |
| 1097 | 1097 | * to ensure that client-side caches don't keep obsolete copies of global |
| 1098 | 1098 | * styles. |
| 1099 | 1099 | */ |
| 1100 | | -$wgStyleVersion = '42a'; |
| | 1100 | +$wgStyleVersion = '42b'; |
| 1101 | 1101 | |
| 1102 | 1102 | |
| 1103 | 1103 | # Server-side caching: |
| Index: branches/REL1_9/phase3/RELEASE-NOTES |
| — | — | @@ -5,16 +5,21 @@ |
| 6 | 6 | |
| 7 | 7 | == MediaWiki 1.9.2 == |
| 8 | 8 | |
| 9 | | -?? ??, 2007 |
| | 9 | +February 4, 2007 |
| 10 | 10 | |
| 11 | 11 | This is a bug-fix update that fixes some installation and other minor |
| 12 | | -issues with the 1.9.1 release. |
| | 12 | +issues with the 1.9.1 release as well as a security issue which was |
| | 13 | +introduced in the 1.9 branch. |
| 13 | 14 | |
| | 15 | +JavaScript code which regenerated the "sortable tables" feature did |
| | 16 | +not properly sanitize input, leading to an HTML injection vulnerability. |
| | 17 | + |
| 14 | 18 | * (bug 8774) Fix path for GNU FDL rights icon on new installs |
| 15 | 19 | * (bug 8819) Fix full path disclosure with skins dependencies |
| 16 | 20 | * (bug 4268) Fixed data-loss bug in compressOld batch text compression |
| 17 | 21 | affecting pages which had null edits (move, protect, etc) as second |
| 18 | 22 | edit in a batch group. Isolated and patched by Travis Derouin. |
| | 23 | +* Security fix for sortable tables JavaScript |
| 19 | 24 | |
| 20 | 25 | |
| 21 | 26 | == MediaWiki 1.9.1 == |