| Index: trunk/phase3/RELEASE-NOTES-1.19 |
| — | — | @@ -26,6 +26,7 @@ |
| 27 | 27 | * (bug 30160) Add public method to mw.loader to get module names from registry. |
| 28 | 28 | * (bug 15558) Parameters to special pages included in wikitext can now be passed |
| 29 | 29 | as with templates. |
| | 30 | +* Installer now issues a warning if mod_security is present. |
| 30 | 31 | |
| 31 | 32 | === Bug fixes in 1.19 === |
| 32 | 33 | * $wgUploadNavigationUrl should be used for file redlinks if |
| Index: trunk/phase3/includes/installer/Installer.php |
| — | — | @@ -97,6 +97,7 @@ |
| 98 | 98 | 'envCheckPCRE', |
| 99 | 99 | 'envCheckMemory', |
| 100 | 100 | 'envCheckCache', |
| | 101 | + 'envCheckModSecurity', |
| 101 | 102 | 'envCheckDiff3', |
| 102 | 103 | 'envCheckGraphics', |
| 103 | 104 | 'envCheckServer', |
| — | — | @@ -806,6 +807,15 @@ |
| 807 | 808 | } |
| 808 | 809 | |
| 809 | 810 | /** |
| | 811 | + * Scare user to death if they have mod_security |
| | 812 | + */ |
| | 813 | + protected function envCheckModSecurity() { |
| | 814 | + if ( !self::apacheModulePresent( 'mod_security' ) ) { |
| | 815 | + $this->showMessage( 'config-mod-security' ); |
| | 816 | + } |
| | 817 | + } |
| | 818 | + |
| | 819 | + /** |
| 810 | 820 | * Search for GNU diff3. |
| 811 | 821 | */ |
| 812 | 822 | protected function envCheckDiff3() { |
| — | — | @@ -1169,6 +1179,23 @@ |
| 1170 | 1180 | } |
| 1171 | 1181 | |
| 1172 | 1182 | /** |
| | 1183 | + * Checks for presence of an Apache module. Works only if PHP is running as an Apache module, too. |
| | 1184 | + * |
| | 1185 | + * @param $moduleName String: Name of module to check. |
| | 1186 | + * @return bool |
| | 1187 | + */ |
| | 1188 | + public static function apacheModulePresent( $moduleName ) { |
| | 1189 | + if ( function_exists( 'apache_get_modules' ) && in_array( $moduleName, apache_get_modules() ) ) { |
| | 1190 | + return true; |
| | 1191 | + } |
| | 1192 | + // try it the hard way |
| | 1193 | + ob_start(); |
| | 1194 | + phpinfo( INFO_MODULES ); |
| | 1195 | + $info = ob_get_clean(); |
| | 1196 | + return strpos( $info, $moduleName ) !== false; |
| | 1197 | + } |
| | 1198 | + |
| | 1199 | + /** |
| 1173 | 1200 | * ParserOptions are constructed before we determined the language, so fix it |
| 1174 | 1201 | * |
| 1175 | 1202 | * @param $lang Language |
| Index: trunk/phase3/includes/installer/Installer.i18n.php |
| — | — | @@ -138,6 +138,8 @@ |
| 139 | 139 | 'config-wincache' => '[http://www.iis.net/download/WinCacheForPhp WinCache] is installed', |
| 140 | 140 | 'config-no-cache' => "'''Warning:''' Could not find [http://eaccelerator.sourceforge.net eAccelerator], [http://www.php.net/apc APC], [http://trac.lighttpd.net/xcache/ XCache] or [http://www.iis.net/download/WinCacheForPhp WinCache]. |
| 141 | 141 | Object caching is not enabled.", |
| | 142 | + 'config-mod-security' => "'''Warning''': your web server has [http://modsecurity.org/ mod_security] enabled. If misconfigured, it can cause problems for MediaWiki or other software that allows users to post arbitrary content. |
| | 143 | +Refer to [http://modsecurity.org/documentation/ mod_security documentation] or contact your host's support if you encounter random errors.", |
| 142 | 144 | 'config-diff3-bad' => 'GNU diff3 not found.', |
| 143 | 145 | 'config-imagemagick' => 'Found ImageMagick: <code>$1</code>. |
| 144 | 146 | Image thumbnailing will be enabled if you enable uploads.', |