*
* @since 1.33
*/
-$wgMediaInTargetLanguage = false;
+$wgMediaInTargetLanguage = true;
/**
* The maximum number of pixels a source image can have if it is to be scaled
*
* The format is an associative array where the key is a cache identifier, and
* the value is an associative array of parameters. The "cacheId" parameter is
- * a cache identifier from $wgObjectCaches. The "channels" parameter is a map of
- * actions ('purge') to PubSub channels defined in $wgEventRelayerConfig.
- * The "loggroup" parameter controls where log events are sent.
+ * a cache identifier from $wgObjectCaches. The "loggroup" parameter controls
+ * where log events are sent.
*
* @since 1.26
*/
$wgWANObjectCaches = [
CACHE_NONE => [
'class' => WANObjectCache::class,
- 'cacheId' => CACHE_NONE,
- 'channels' => []
+ 'cacheId' => CACHE_NONE
]
/* Example of a simple single data-center cache:
'memcached-php' => [
'class' => WANObjectCache::class,
- 'cacheId' => 'memcached-php',
- 'channels' => [ 'purge' => 'wancache-main-memcached-purge' ]
+ 'cacheId' => 'memcached-php'
]
*/
];
*/
$wgParserCacheExpireTime = 86400;
-/**
- * @deprecated since 1.27, session data is always stored in object cache.
- */
-$wgSessionsInObjectCache = true;
-
/**
* The expiry time to use for session storage, in seconds.
*/
$wgObjectCacheSessionExpiry = 3600;
-/**
- * @deprecated since 1.27, MediaWiki\Session\SessionManager doesn't use PHP session storage.
- */
-$wgSessionHandler = null;
-
/**
* Whether to use PHP session handling ($_SESSION and session_*() functions)
*
*/
$wgFileCacheDepth = 2;
-/**
- * Kept for extension compatibility; see $wgParserCacheType
- * @deprecated since 1.26
- */
-$wgEnableParserCache = true;
-
/**
* Append a configured value to the parser cache and the sitenotice key so
* that they can be kept separate for some class of activity.
$wgCentralIdLookupProvider = 'local';
/**
- * Password policy for local wiki users. A user's effective policy
- * is the superset of all policy statements from the policies for the
- * groups where the user is a member. If more than one group policy
- * include the same policy statement, the value is the max() of the
- * values. Note true > false. The 'default' policy group is required,
- * and serves as the minimum policy for all users. New statements can
- * be added by appending to $wgPasswordPolicy['checks'].
- * Statements:
- * - MinimalPasswordLength - minimum length a user can set
- * - MinimumPasswordLengthToLogin - passwords shorter than this will
+ * Password policy for the wiki.
+ * Structured as
+ * [
+ * 'policies' => [ <group> => [ <policy> => <settings>, ... ], ... ],
+ * 'checks' => [ <policy> => <callback>, ... ],
+ * ]
+ * where <group> is a user group, <policy> is a password policy name
+ * (arbitrary string) defined in the 'checks' part, <callback> is the
+ * PHP callable implementing the policy check, <settings> is an array
+ * of options with the following keys:
+ * - value: (number, boolean or null) the value to pass to the callback
+ * - forceChange: (bool, default false) if the password is invalid, do
+ * not let the user log in without changing the password
+ * As a shorthand for [ 'value' => <value> ], simply <value> can be written.
+ * When multiple password policies are defined for a user, the settings
+ * arrays are merged, and for fields which are set in both arrays, the
+ * larger value (as understood by PHP's 'max' method) is taken.
+ *
+ * A user's effective policy is the superset of all policy statements
+ * from the policies for the groups where the user is a member. If more
+ * than one group policy include the same policy statement, the value is
+ * the max() of the values. Note true > false. The 'default' policy group
+ * is required, and serves as the minimum policy for all users.
+ *
+ * Callbacks receive three arguments: the policy value, the User object
+ * and the password; and must return a StatusValue. A non-good status
+ * means the password will not be accepted for new accounts, and existing
+ * accounts will be prompted for password change or barred from logging in
+ * (depending on whether the status is a fatal or merely error/warning).
+ *
+ * The checks supported by core are:
+ * - MinimalPasswordLength - Minimum length a user can set.
+ * - MinimumPasswordLengthToLogin - Passwords shorter than this will
* not be allowed to login, regardless if it is correct.
* - MaximalPasswordLength - maximum length password a user is allowed
* to attempt. Prevents DoS attacks with pbkdf2.
- * - PasswordCannotMatchUsername - Password cannot match username to
+ * - PasswordCannotMatchUsername - Password cannot match the username.
* - PasswordCannotMatchBlacklist - Username/password combination cannot
- * match a specific, hardcoded blacklist.
+ * match a blacklist of default passwords used by MediaWiki in the past.
* - PasswordCannotBePopular - Blacklist passwords which are known to be
* commonly chosen. Set to integer n to ban the top n passwords.
* If you want to ban all common passwords on file, use the
* PHP_INT_MAX constant.
+ * Deprecated since 1.33. Use PasswordNotInLargeBlacklist instead.
* - PasswordNotInLargeBlacklist - Password not in best practices list of
- * 100,000 commonly used passwords.
+ * 100,000 commonly used passwords. Due to the size of the list this
+ * is a probabilistic test.
+ *
* @since 1.26
+ * @see PasswordPolicyChecks
+ * @see User::checkPasswordValidity()
*/
$wgPasswordPolicy = [
'policies' => [
'bureaucrat' => [
- 'MinimalPasswordLength' => 8,
+ 'MinimalPasswordLength' => 10,
'MinimumPasswordLengthToLogin' => 1,
- 'PasswordCannotMatchUsername' => true,
- 'PasswordCannotBePopular' => 25,
'PasswordNotInLargeBlacklist' => true,
],
'sysop' => [
- 'MinimalPasswordLength' => 8,
+ 'MinimalPasswordLength' => 10,
'MinimumPasswordLengthToLogin' => 1,
- 'PasswordCannotMatchUsername' => true,
- 'PasswordCannotBePopular' => 25,
'PasswordNotInLargeBlacklist' => true,
],
'interface-admin' => [
- 'MinimalPasswordLength' => 8,
+ 'MinimalPasswordLength' => 10,
'MinimumPasswordLengthToLogin' => 1,
- 'PasswordCannotMatchUsername' => true,
- 'PasswordCannotBePopular' => 25,
'PasswordNotInLargeBlacklist' => true,
],
'bot' => [
- 'MinimalPasswordLength' => 8,
+ 'MinimalPasswordLength' => 10,
'MinimumPasswordLengthToLogin' => 1,
- 'PasswordCannotMatchUsername' => true,
'PasswordNotInLargeBlacklist' => true,
],
'default' => [
'PasswordCannotMatchUsername' => true,
'PasswordCannotMatchBlacklist' => true,
'MaximalPasswordLength' => 4096,
- 'PasswordNotInLargeBlacklist' => false,
],
],
'checks' => [
'cost' => '30000',
'length' => '64',
],
+ 'argon2' => [
+ 'class' => Argon2Password::class,
+
+ // Algorithm used:
+ // * 'argon2i' is optimized against side-channel attacks (PHP 7.2+)
+ // * 'argon2id' is optimized against both side-channel and GPU cracking (PHP 7.3+)
+ // * 'auto' to use best available algorithm. If you're using more than one server, be
+ // careful when you're mixing PHP versions because newer PHP might generate hashes that
+ // older versions might would not understand.
+ 'algo' => 'auto',
+
+ // The parameters below are the same as options accepted by password_hash().
+ // Set them to override that function's defaults.
+ //
+ // 'memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST,
+ // 'time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST,
+ // 'threads' => PASSWORD_ARGON2_DEFAULT_THREADS,
+ ],
];
/**
/**
* Set this to true to allow blocked users to edit their own user talk page.
+ *
+ * This only applies to sitewide blocks. Partial blocks always allow users to
+ * edit their own user talk page unless otherwise specified in the block
+ * restrictions.
*/
$wgBlockAllowsUTEdit = true;
$wgGrantPermissions['editmycssjs']['editmyuserjs'] = true;
$wgGrantPermissions['editmyoptions']['editmyoptions'] = true;
+$wgGrantPermissions['editmyoptions']['editmyuserjson'] = true;
$wgGrantPermissions['editinterface'] = $wgGrantPermissions['editpage'];
$wgGrantPermissions['editinterface']['editinterface'] = true;
$wgGrantPermissions['delete']['deleterevision'] = true;
$wgGrantPermissions['delete']['undelete'] = true;
+$wgGrantPermissions['oversight']['suppressrevision'] = true;
+
$wgGrantPermissions['protect'] = $wgGrantPermissions['editprotected'];
$wgGrantPermissions['protect']['protect'] = true;
'viewdeleted' => 'administration',
'viewrestrictedlogs' => 'administration',
'protect' => 'administration',
+ 'oversight' => 'administration',
'createaccount' => 'administration',
'highvolume' => 'high-volume',
*
* @see maintenance/createCommonPasswordCdb.php
* @since 1.27
+ * @deprecated since 1.33
* @var string path to file
*/
$wgPopularPasswordFile = __DIR__ . '/password/commonpasswords.cdb';
*/
$wgInterwikiPrefixDisplayTypes = [];
-/**
- * Comment table schema migration stage.
- * @since 1.30
- * @var int One of the MIGRATION_* constants
- */
-$wgCommentTableSchemaMigrationStage = MIGRATION_NEW;
-
/**
* RevisionStore table schema migration stage (content, slots, content_models & slot_roles tables).
* Use the SCHEMA_COMPAT_XXX flags. Supported values:
* Flag to enable Partial Blocks. This allows an admin to prevent a user from editing specific pages
* or namespaces.
*
- * @since 1.32
- * @deprecated 1.32
+ * @since 1.33
+ * @deprecated 1.33
* @var bool
*/
$wgEnablePartialBlocks = false;
+/**
+ * Enable confirmation prompt for rollback actions to prevent accidental rollbacks.
+ * May be disabled to reduce number of clicks needed to perform rollbacks.
+ *
+ * @since 1.33
+ * @var bool
+ */
+$wgEnableRollbackConfirmationPrompt = true;
+
/**
* Enable stats monitoring when Block Notices are displayed in different places around core
* and extensions.