Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F585199
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Flag For Later
Award Token
Size
5 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/RELEASE-NOTES-1.44 b/RELEASE-NOTES-1.44
index fb355cfb477..bd448625996 100644
--- a/RELEASE-NOTES-1.44
+++ b/RELEASE-NOTES-1.44
@@ -67,6 +67,13 @@ For notes on 1.43.x and older releases, see HISTORY.
that your wiki's content or an extension is incompatible with the new markup.
More information: https://www.mediawiki.org/wiki/Heading_HTML_changes
This option will be removed in a future release.
+* (T45646) $wgAllowRawHtmlCopyrightMessages now defaults to `false`, which
+ means that the 'copyright-footer' and 'copyright-footer-history' wikitext
+ messages will be used instead of 'copyright' and 'history_copyright' that
+ supported raw HTML, and the 'SkinCopyrightFooter' hook will not be called.
+ This helps protect your wiki against attacks by a rogue administrator
+ account. You can set it to `true` to temporarily re-enable them until you
+ can update your overrides. This option will be removed in a future release.
* (T386210) $wgAddGroups and $wgRemoveGroups now use the correct merge strategy
of `array_merge_recursive`. This lets extensions add entries from the
extension.json file, which would previously be silently ignored.
@@ -747,6 +754,7 @@ because of Phabricator reports.
is no longer used within core/extensions. No replacement is provided.
* (T387995) Deprecated AbortTalkPageEmailNotification hook. Use the Notification
Middleware to filter our Talk Page notifications
+* (T45646) The hook 'SkinCopyrightFooter' now emits deprecation warnings.
* …
=== Other changes in 1.44 ===
diff --git a/docs/config-schema.yaml b/docs/config-schema.yaml
index b21fe4c11f7..5f3b7206aaa 100644
--- a/docs/config-schema.yaml
+++ b/docs/config-schema.yaml
@@ -3202,12 +3202,14 @@ config-schema:
letter.
@since 1.32
AllowRawHtmlCopyrightMessages:
- default: true
+ default: false
type: boolean
+ deprecated: 'since 1.44'
description: |-
Whether on-wiki overrides for the 'copyright' and 'history_copyright' messages, which allow raw
HTML, will be used.
@since 1.43
+ @deprecated since 1.44
Localtimezone:
dynamicDefault:
callback: [MediaWiki\MainConfigSchema, getDefaultLocaltimezone]
diff --git a/docs/config-vars.php b/docs/config-vars.php
index 50a568bac3c..dbfccd011d4 100644
--- a/docs/config-vars.php
+++ b/docs/config-vars.php
@@ -1943,6 +1943,7 @@ $wgRawHtmlMessages = null;
/**
* Config variable stub for the AllowRawHtmlCopyrightMessages setting, for use by phpdoc and IDEs.
* @see MediaWiki\MainConfigSchema::AllowRawHtmlCopyrightMessages
+ * @deprecated since 1.44
*/
$wgAllowRawHtmlCopyrightMessages = null;
diff --git a/includes/HookContainer/DeprecatedHooks.php b/includes/HookContainer/DeprecatedHooks.php
index 29e4acce55d..5bb709c0acd 100644
--- a/includes/HookContainer/DeprecatedHooks.php
+++ b/includes/HookContainer/DeprecatedHooks.php
@@ -53,7 +53,7 @@ class DeprecatedHooks {
'ProtectionForm::buildForm' => [ 'deprecatedVersion' => '1.36', 'silent' => true ],
'RollbackComplete' => [ 'deprecatedVersion' => '1.36', 'silent' => true ],
'SearchDataForIndex' => [ 'deprecatedVersion' => '1.40', 'silent' => true ],
- 'SkinCopyrightFooter' => [ 'deprecatedVersion' => '1.43', 'silent' => true ],
+ 'SkinCopyrightFooter' => [ 'deprecatedVersion' => '1.43' ],
'userCan' => [ 'deprecatedVersion' => '1.37' ],
'UserCanSendEmail' => [ 'deprecatedVersion' => '1.41', 'silent' => true ],
'WikiPageDeletionUpdates' => [ 'deprecatedVersion' => '1.32', 'silent' => true ],
diff --git a/includes/MainConfigNames.php b/includes/MainConfigNames.php
index 5aa685fa8e6..57a9d37ab89 100644
--- a/includes/MainConfigNames.php
+++ b/includes/MainConfigNames.php
@@ -1958,6 +1958,7 @@ class MainConfigNames {
/**
* Name constant for the AllowRawHtmlCopyrightMessages setting, for use with Config::get()
* @see MainConfigSchema::AllowRawHtmlCopyrightMessages
+ * @deprecated since 1.44
*/
public const AllowRawHtmlCopyrightMessages = 'AllowRawHtmlCopyrightMessages';
diff --git a/includes/MainConfigSchema.php b/includes/MainConfigSchema.php
index 05d75899392..0b30bb88cdc 100644
--- a/includes/MainConfigSchema.php
+++ b/includes/MainConfigSchema.php
@@ -5136,10 +5136,12 @@ class MainConfigSchema {
* HTML, will be used.
*
* @since 1.43
+ * @deprecated since 1.44
*/
public const AllowRawHtmlCopyrightMessages = [
- 'default' => true,
+ 'default' => false,
'type' => 'boolean',
+ 'deprecated' => 'since 1.44',
];
/**
diff --git a/includes/config-schema.php b/includes/config-schema.php
index a4e667287bc..be6d4ae50e5 100644
--- a/includes/config-schema.php
+++ b/includes/config-schema.php
@@ -616,7 +616,7 @@ return [
'copyright',
'history_copyright',
],
- 'AllowRawHtmlCopyrightMessages' => true,
+ 'AllowRawHtmlCopyrightMessages' => false,
'Localtimezone' => null,
'LocalTZoffset' => null,
'OverrideUcfirstCharacters' => [
@@ -3424,6 +3424,9 @@ return [
'type' => 'string',
],
],
+ 'AllowRawHtmlCopyrightMessages' => [
+ 'deprecated' => 'since 1.44',
+ ],
'InterwikiLogoOverride' => [
'items' => [
'type' => 'string',
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Sat, Jul 5, 5:32 AM (17 h, 47 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
227611
Default Alt Text
(5 KB)
Attached To
Mode
rMW mediawiki
Attached
Detach File
Event Timeline
Log In to Comment