r65403 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r65402‎ \| r65403 \| r65404 >
Date:	16:18, 21 April 2010
Author:	maxsem
Status:	ok
Tags:
Comment:	Per Brion, reverted part of r65085, now we just warn people instead of disabling uploads unconditionally
Modified paths:	/branches/new-installer/phase3/includes/installer/Installer.i18n.php (modified) (history) /branches/new-installer/phase3/includes/installer/Installer.php (modified) (history) /branches/new-installer/phase3/includes/installer/WebInstaller.php (modified) (history)

Diff [purge]

Index: branches/new-installer/phase3/includes/installer/Installer.i18n.php
—	—	@@ -136,7 +136,7 @@
137	137	'config-shell-locale' => 'Detected shell locale "$1"',
138	138	'config-uploads-safe' => 'Default uploads directory is safe from arbitrary scripts execution.',
139	139	'config-uploads-not-safe' => "'''Warning:''' Your default uploads directory <code>$1</code> is vulnerable to arbitrary scripts execution.
140		~~-Uploads will be disabled.",~~
	140	+Although MediaWiki checks all uploaded files for security threats, it is highly recommended to [http://www.mediawiki.org/wiki/Manual:Security#Upload_security close this hole] before enabling uploads.",
141	141	'config-db-type' => 'Database type:',
142	142	'config-db-host' => 'Database host:',
143	143	'config-db-host-help' => 'If your database server is on different server, enter the host name or IP address here.
—	—	@@ -340,7 +340,6 @@
341	341
342	342	To enable file uploads, change the mode on the <code>images</code> subdirectory under MediaWiki's root directory so that the web server can write to it.
343	343	Then enable this option.",
344		~~- 'config-upload-disabled' => 'Because your web server is configured to execute scripts from the default uploads directory, uploads will be disabled.',~~
345	344	'config-upload-deleted' => 'Directory for deleted files:',
346	345	'config-upload-deleted-help' => 'Choose a directory in which to archive deleted files.
347	346	Ideally, this should not be accessible from the web.',
—	—	@@ -510,7 +509,7 @@
511	510	'config-shell-locale' => 'Als shelllocale is "$1" herkend',
512	511	'config-uploads-safe' => 'De uploadmap is beveiligd tegen het arbitrair uitvoeren van scripts.',
513	512	'config-uploads-not-safe' => "'''Waarschuwing:''' uw uploadmap <code>$1</code> kan gebruikt worden voor het arbitrair uitvoeren van scripts.
514		~~-Uploadmogelijkheden worden uitgeschakeld.",~~
	513	+Uploadmogelijkheden worden uitgeschakeld.", // FIXME: outdated
515	514	'config-db-type' => 'Databasetype:',
516	515	'config-db-host' => 'Databasehost:',
517	516	'config-db-host-help' => 'Als uw databaseserver een andere server is, voer dan de hostnaam of het IP-adres hier in.
—	—	@@ -677,7 +676,6 @@
678	677	Veel mailservers vereisen dat tenminste het domein bestaat.',
679	678	'config-upload-settings' => 'Afbeeldingen en bestanden uploaden',
680	679	'config-upload-enable' => 'Uploaden van bestanden inschakelen',
681		~~- 'config-upload-disabled' => 'Omdat uw webserver is ingesteld om scripts uit te voeren die in de uploadmap staan, wordt uploaden uitgeschakeld.',~~
682	680	'config-upload-deleted' => 'Map voor verwijderde bestanden:',
683	681	'config-upload-deleted-help' => 'Kies een map waarin verwijderde bestanden gearchiveerd kunnen worden.
684	682	Idealiter is deze map niet via het web te benaderen.',
Index: branches/new-installer/phase3/includes/installer/WebInstaller.php
—	—	@@ -1372,33 +1372,27 @@
1373	1373	$this->addHTML( $extHtml );
1374	1374	}
1375	1375
1376		~~- # Uploading~~
1377		~~- $this->addHTML( $this->parent->getFieldsetStart( 'config-upload-settings' ) );~~
1378		~~- if ( $this->getVar( '_UploadsAreSafe' ) ) {~~
1379		~~- $this->addHTML(~~
1380		~~- $this->parent->getCheckBox( array(~~
1381		~~- 'var' => 'wgEnableUploads',~~
1382		~~- 'label' => 'config-upload-enable',~~
1383		~~- 'attribs' => array( 'class' => 'showHideRadio', 'rel' => 'uploadwrapper' ),~~
1384		~~- ) ) .~~
1385		~~- $this->parent->getHelpBox( 'config-upload-help' ) .~~
1386		~~- '<div id="uploadwrapper" style="display: none;">' .~~
1387		~~- $this->parent->getTextBox( array(~~
1388		~~- 'var' => 'wgDeletedDirectory',~~
1389		~~- 'label' => 'config-upload-deleted',~~
1390		~~- ) ) .~~
1391		~~- $this->parent->getHelpBox( 'config-upload-deleted-help' ) .~~
1392		~~- '</div>'~~
1393		~~- );~~
1394		~~- } else {~~
1395		~~- $this->parent->showError( 'config-upload-disabled' );~~
1396		~~- }~~
1397	1376	$this->addHTML(
	1377	+ # Uploading
	1378	+ $this->parent->getFieldsetStart( 'config-upload-settings' ) .
	1379	+ $this->parent->getCheckBox( array(
	1380	+ 'var' => 'wgEnableUploads',
	1381	+ 'label' => 'config-upload-enable',
	1382	+ 'attribs' => array( 'class' => 'showHideRadio', 'rel' => 'uploadwrapper' ),
	1383	+ ) ) .
	1384	+ $this->parent->getHelpBox( 'config-upload-help' ) .
	1385	+ '<div id="uploadwrapper" style="display: none;">' .
	1386	+ $this->parent->getTextBox( array(
	1387	+ 'var' => 'wgDeletedDirectory',
	1388	+ 'label' => 'config-upload-deleted',
	1389	+ ) ) .
	1390	+ $this->parent->getHelpBox( 'config-upload-deleted-help' ) .
1398	1391	$this->parent->getTextBox( array(
1399	1392	'var' => 'wgLogo',
1400	1393	'label' => 'config-logo'
1401	1394	) ) .
1402	1395	$this->parent->getHelpBox( 'config-logo-help' ) .
	1396	+ '</div>' .
1403	1397	$this->parent->getFieldsetEnd()
1404	1398	);
1405	1399
—	—	@@ -1516,7 +1510,7 @@
1517	1511
1518	1512	function submit() {
1519	1513	$this->parent->setVarsFromRequest( array( '_RightsProfile', '_LicenseCode',
1520		~~- 'wgEnableEmail', 'wgPasswordSender', 'wgLogo',~~
	1514	+ 'wgEnableEmail', 'wgPasswordSender', 'wgEnableUpload', 'wgLogo',
1521	1515	'wgEnableUserEmail', 'wgEnotifUserTalk', 'wgEnotifWatchlist',
1522	1516	'wgEmailAuthentication', 'wgMainCacheType', '_MemCachedServers' ) );
1523	1517
—	—	@@ -1548,10 +1542,6 @@
1549	1543	$this->setVar( 'wgRightsIcon', '' );
1550	1544	}
1551	1545
1552		~~- $this->setVar( 'wgEnableUploads',~~
1553		~~- $this->getVar( 'wgEnableUploads' ) && $this->getVar( '_UploadsAreSafe' )~~
1554		~~- );~~
1555		-
1556	1546	$exts = $this->parent->getVar( '_Extensions' );
1557	1547	foreach( $exts as $key => $ext ) {
1558	1548	if( !$this->parent->request->getCheck( 'config_ext-' . $ext ) ) {
Index: branches/new-installer/phase3/includes/installer/Installer.php
—	—	@@ -70,7 +70,6 @@
71	71	'_CCDone' => false,
72	72	'_Extensions' => array(),
73	73	'_MemCachedServers' => '',
74		~~- '_UploadsAreSafe' => false,~~
75	74	);
76	75
77	76	/**
—	—	@@ -711,7 +710,6 @@
712	711	} else {
713	712	$this->showMessage( 'config-uploads-not-safe', $dir );
714	713	}
715		~~- $this->setVar( '_UploadsAreSafe', $safe );~~
716	714	}
717	715
718	716	/**

Follow-up revisions

Revision	Commit summary	Author	Date
r65408	Update translation per r65403.	siebrand	18:29, 21 April 2010

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r65085	new-installer: don't allow uploads if uploaded in some way scripts are execut...	maxsem	19:28, 15 April 2010

Status & tagging log

18:52, 30 April 2010 😂 (talk | contribs) changed the status of r65403 [removed: new added: ok]