repo.or.cz
/
mediawiki.git
/
search
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
log
|
graphiclog1
|
graphiclog2
|
commit
|
commitdiff
|
tree
|
refs
|
edit
|
fork
first
·
prev
·
next
Clean up Special:Undelete read-only checks
2015-08-20
CSte
i
pp
Re
v
ert "Enable u
s
ers to
w
atch ca
t
egor
y
membership changes"
commit
|
commitdiff
|
tree
2015-07-14
c
s
t
eipp
Add "
p
u
r
pose" to password validit
y
check
commit
|
commitdiff
|
tree
2015-06-29
cste
i
p
p
Check inst
a
ll user
'
s password as sysop/b
u
rea
u
c
r
a
t
commit
|
commitdiff
|
tree
2015-06-10
csteipp
P
assword v
a
lidity by poli
c
y
per group
commit
|
commitdiff
|
tree
2015-04-01
cs
t
eip
p
SEC
U
RITY: Don't
allow entities in XMP with
HHVM
commit
|
commitdiff
|
tree
2015-04-01
csteipp
SECURITY
:
D
on't
a
l
l
ow di
r
ectly calling Xml::isWel
l
F
or
m
ed
commit
|
commitdiff
|
tree
2015-04-01
csteipp
SECURITY: Alwa
y
s
e
xpa
n
d
xml en
t
ities when ch
e
c
k
ing
.
.
.
commit
|
commitdiff
|
tree
2015-04-01
cste
i
pp
SECURIT
Y
: Esc
a
pe >
i
n H
t
ml
:
:expandAttri
b
utes
commit
|
commitdiff
|
tree
2015-04-01
c
st
e
ipp
SECURITY:
F
ix
a
nimate
bl
a
cklist
commit
|
commitdiff
|
tree
2015-04-01
c
ste
i
pp
SECURITY: D
o
n
'
t all
o
w embedded ap
p
lication/xml in SVG's
commit
|
commitdiff
|
tree
2014-11-27
cstei
p
p
SECURITY: Do not show log a
c
t
ion if re
v
de
l
eted
commit
|
commitdiff
|
tree
2014-11-26
cstei
p
p
SE
C
URITY: Require new right to change c
o
ntent mode
l
commit
|
commitdiff
|
tree
2014-11-19
csteipp
Make
cal
l
ing w
f
M
angleFlashPolicy conf
i
gurable
commit
|
commitdiff
|
tree
2014-09-24
csteipp
S
ECURITY: Enhance CSS filtering
in SVG files
commit
|
commitdiff
|
tree
2014-09-16
cst
e
ipp
Use 0
x
for hexadecimal prefix
commit
|
commitdiff
|
tree
2014-09-04
csteipp
Allow ext
e
nsio
n
s
t
o
i
n
dicate a user
n
ame doesn't exist
commit
|
commitdiff
|
tree
2014-08-28
cs
t
eipp
Load password information w
h
en expiring
commit
|
commitdiff
|
tree
2014-07-30
csteipp
SE
C
UR
I
TY: Prepend j
s
o
np ca
l
lback wit
h
comm
e
nt
commit
|
commitdiff
|
tree
2014-06-25
csteipp
SECURIT
Y
:
Prevent external resourc
e
s
in SVG files
commit
|
commitdiff
|
tree
2014-06-24
csteipp
Rel
e
ase note
s
for browser tests
commit
|
commitdiff
|
tree
2014-06-09
csteipp
A
d
d HKDF as
a fast, random
n
u
m
ber source
commit
|
commitdiff
|
tree
2014-06-02
csteipp
Add some SVG e
l
ement
name
s
paces
commit
|
commitdiff
|
tree
2014-05-29
csteipp
SEC
U
R
I
TY: Don
'
t parse user
n
a
mes
as wiki
t
ext
commit
|
commitdiff
|
tree
2014-05-02
cs
t
eipp
Mainta
i
n
r
e
member me state on password chan
g
e
commit
|
commitdiff
|
tree
2014-05-01
c
s
teipp
Initialize
st
a
ti
c
i
nput to n
u
ll
commit
|
commitdiff
|
tree
2014-04-28
c
s
teip
p
Allow adding Dele
t
ed log entries
commit
|
commitdiff
|
tree
2014-04-24
csteipp
SECURITY: escape sortKey in pageInfo
commit
|
commitdiff
|
tree
2014-04-14
csteipp
P
r
event GC during phpun
i
t shu
t
down
commit
|
commitdiff
|
tree
2014-03-27
csteipp
SECURITY: Add CSRF
t
oken on Specia
l
:ChangePass
w
ord
commit
|
commitdiff
|
tree
2014-03-18
csteipp
Allow
log
i
n
w
ith
p
asswords n
o
t
m
ee
t
ing complexity
r
equirem
e
n
ts
commit
|
commitdiff
|
tree
2014-03-15
csteipp
Refactor
password validit
y
c
h
ecking
commit
|
commitdiff
|
tree
2014-03-03
csteipp
Add
U
pd
a
ter for Oracle
commit
|
commitdiff
|
tree
2014-02-27
csteipp
SE
C
UR
I
TY: Ma
k
e toke
n
c
o
mparison co
n
stant time
commit
|
commitdiff
|
tree
2014-02-27
cst
e
ipp
SECURIT
Y
:
Di
s
allow non
-
wh
i
t
el
i
ste
d
namespaces
commit
|
commitdiff
|
tree
2014-02-21
c
s
tei
p
p
Add not
e
about use
r
_password_expi
r
e
s
schema change
commit
|
commitdiff
|
tree
2014-02-20
cst
e
ipp
Password Expir
a
tio
n
commit
|
commitdiff
|
tree
2014-01-14
csteipp
SE
C
URITY: Return e
r
ro
r
on invalid XML fo
r
SVGs
commit
|
commitdiff
|
tree
2014-01-14
csteipp
SECU
R
ITY
:
Disallow -o-
l
ink in
styles
commit
|
commitdiff
|
tree
2014-01-14
csteipp
SE
C
U
RIT
Y
: Don't normalize U
+
FF3
C
to \
commit
|
commitdiff
|
tree
2013-11-14
c
steipp
SEC
U
RI
T
Y:
Don't
c
ache whe
n
a cal
l
coul
d
autocreate
commit
|
commitdiff
|
tree
2013-11-14
csteipp
SEC
U
RITY: Impro
v
e css jav
a
sc
r
i
p
t detection
commit
|
commitdiff
|
tree
2013-10-07
cstei
p
p
Move force
H
TTPS check until af
t
er wgTitle is setup
commit
|
commitdiff
|
tree
2013-09-30
csteipp
A
d
d Vary: X-Forwarded-Pro
t
o for https redire
c
ts
commit
|
commitdiff
|
tree
2013-09-30
c
s
teipp
R
e
direct to ht
t
ps
for signup
commit
|
commitdiff
|
tree
2013-09-25
cst
e
ipp
Vary on for
c
eHTTPS cookie
commit
|
commitdiff
|
tree
2013-09-03
csteipp
S
E
CURITY: Pre
v
en
t
F
P
D o
n
e
xceptions in lo
a
d
.
p
hp
commit
|
commitdiff
|
tree
2013-08-31
csteipp
Also redirect if prefixed https coo
k
ie
i
s
pres
e
t
commit
|
commitdiff
|
tree
2013-08-29
csteip
p
Remove prefix from forceHTTPS co
o
k
ie
commit
|
commitdiff
|
tree
2013-08-28
c
steipp
Efficiently res
e
t null user tokens
commit
|
commitdiff
|
tree
2013-08-24
csteipp
Setup
cookies
s
ecu
r
ity bas
e
d on use
r
pr
e
f
e
r
ence
commit
|
commitdiff
|
tree
2013-07-29
csteipp
Ad
d
m
ethods to get raw reque
s
t in WebRequest
commit
|
commitdiff
|
tree
2013-05-21
csteipp
SECUR
I
TY:
D
o checks on
all
u
pload types
commit
|
commitdiff
|
tree
2013-05-10
csteipp
Add value to a
d
d() c
a
ll when locking
commit
|
commitdiff
|
tree
2013-04-30
csteipp
SECURITY: Check SVG xml en
c
oding against whitel
i
s
t
commit
|
commitdiff
|
tree
2013-04-23
csteipp
(bug 3
8
082) Check read permissions in ApiFe
e
d
C
ontribs
commit
|
commitdiff
|
tree
2013-04-15
c
steipp
Merge "Disable ex
t
ernal entit
i
es in Import"
commit
|
commitdiff
|
tree
2013-04-15
csteipp
Merge
"
Disable e
x
ternal e
n
titie
s
in XMLReader"
commit
|
commitdiff
|
tree
2013-04-15
csteipp
Merge "Sanitize $limi
t
Report befo
r
e o
u
tputting"
commit
|
commitdiff
|
tree
2013-04-15
csteipp
Disable external
e
ntiti
e
s in Imp
o
rt
commit
|
commitdiff
|
tree
2013-04-15
cstei
p
p
Disa
b
le ext
e
rnal en
t
ities
i
n XMLReader
commit
|
commitdiff
|
tree
2013-04-15
csteip
p
Sa
n
itize
$lim
i
tR
e
port be
f
ore ou
t
putt
i
ng
commit
|
commitdiff
|
tree
2013-04-14
csteip
p
Use a pr
o
vider
for
X
f
f
blocking tests
commit
|
commitdiff
|
tree
2013-02-13
C
S
teipp
M
e
rge "(bug
447
7
5) Don't pre-
f
ill username when creating
.
"
commit
|
commitdiff
|
tree
2013-01-25
c
s
teipp
By default,
k
eep users in HTTPS
w
ith w
g
SecureLogin
commit
|
commitdiff
|
tree
2013-01-18
c
s
teipp
Add gua
r
d to Resour
c
es
.
php
commit
|
commitdiff
|
tree
2012-12-14
CSte
i
pp
Merg
e
"(bug 37714) Use log type in target obj
e
ct when
.
.
.
commit
|
commitdiff
|
tree
2012-11-29
cstei
p
p
(bug 40
9
95)
Refr
e
sh
S
e
ssionId
o
n login
commit
|
commitdiff
|
tree
2012-11-26
csteipp
(bug 36780)
I
mpr
o
ve display of
I
P
v6 addresses
commit
|
commitdiff
|
tree
2012-10-09
CStei
p
p
M
erge "(bu
g
40789) Fixed $wg
S
ecureLogi
n
aft
e
r-
l
ogin
.
.
.
commit
|
commitdiff
|
tree
2012-09-27
csteipp
(bug 334
7
1) comp
a
r
e
detec
t
Pr
o
tocol to '
h
ttps
'
commit
|
commitdiff
|
tree
2012-09-21
cst
e
i
p
p
(bug 298
9
8) S
e
t cookie t
o
force HTTPS
f
r
o
m HTTP
commit
|
commitdiff
|
tree
2012-08-31
cs
t
ei
p
p
Merge "(b
u
g 39700) Add htmlspe
c
ia
l
chars encoding t
o
.
.
.
commit
|
commitdiff
|
tree
2012-08-31
c
s
te
i
pp
(bug 39700) Add htmlspecialch
a
rs encoding to labe
l
commit
|
commitdiff
|
tree
2012-08-31
c
s
teipp
(bug 3918
4
) LD
A
P pa
s
sword le
a
kage
commit
|
commitdiff
|
tree
2012-08-17
c
s
te
i
pp
(bug 39180) Se
t
x-frame-opt
i
o
ns='DE
N
Y
'
for api
commit
|
commitdiff
|
tree
2012-08-14
csteipp
(b
u
g
3
5
8
39) Check permisions for re
v
del blocks
commit
|
commitdiff
|
tree
2012-08-07
cst
e
ipp
(b
u
g 24
4
37) Add nofollow to image link
commit
|
commitdiff
|
tree
2012-07-23
csteipp
(
bug 3833
3
) Ch
e
ck g
l
oba
l
bl
o
cks on
a
c
count create
commit
|
commitdiff
|
tree
2012-05-01
csteipp
(bug 29296) Expande
d
Blacklist for S
V
G
Files
commit
|
commitdiff
|
tree