# HTML may contain cookie-stealing JavaScript and web bugs
'html', 'htm', 'js', 'jsb', 'mhtml', 'mht', 'xhtml', 'xht',
# PHP scripts may execute arbitrary code on the server
- 'php', 'phtml', 'php3', 'php4', 'php5', 'phps',
+ 'php', 'phtml', 'php3', 'php4', 'php5', 'phps', 'phar',
# Other types that may be interpreted by some servers
'shtml', 'jhtml', 'pl', 'py', 'cgi',
# May contain harmful executables for Windows victims
*
* @since 1.33
*/
-$wgMediaInTargetLanguage = false;
+$wgMediaInTargetLanguage = true;
/**
* The maximum number of pixels a source image can have if it is to be scaled
* - value: (number, boolean or null) the value to pass to the callback
* - forceChange: (bool, default false) if the password is invalid, do
* not let the user log in without changing the password
+ * - suggestChangeOnLogin: (bool, default false) if true and the password is
+ * invalid, suggest a password change if logging in. If all the failing policies
+ * that apply to the user have this set to false, the password change
+ * screen will not be shown. 'forceChange' takes precedence over
+ * 'suggestChangeOnLogin' if they are both present.
* As a shorthand for [ 'value' => <value> ], simply <value> can be written.
* When multiple password policies are defined for a user, the settings
* arrays are merged, and for fields which are set in both arrays, the
* 100,000 commonly used passwords. Due to the size of the list this
* is a probabilistic test.
*
+ * If you add custom checks, for Special:PasswordPolicies to display them correctly,
+ * every check should have a corresponding passwordpolicies-policy-<check> message,
+ * and every settings field other than 'value' should have a corresponding
+ * passwordpolicies-policyflag-<flag> message (<check> and <flag> are in lowercase).
+ * The check message receives the policy value as a parameter, the flag message
+ * receives the flag value (or values if it's an array).
+ *
* @since 1.26
* @see PasswordPolicyChecks
* @see User::checkPasswordValidity()
'PasswordNotInLargeBlacklist' => true,
],
'default' => [
- 'MinimalPasswordLength' => 1,
- 'PasswordCannotMatchUsername' => true,
- 'PasswordCannotMatchBlacklist' => true,
- 'MaximalPasswordLength' => 4096,
+ 'MinimalPasswordLength' => [ 'value' => 1, 'suggestChangeOnLogin' => true ],
+ 'PasswordCannotMatchUsername' => [ 'value' => true, 'suggestChangeOnLogin' => true ],
+ 'PasswordCannotMatchBlacklist' => [ 'value' => true, 'suggestChangeOnLogin' => true ],
+ 'MaximalPasswordLength' => [ 'value' => 4096, 'suggestChangeOnLogin' => true ],
],
],
'checks' => [
'cost' => '30000',
'length' => '64',
],
+ 'argon2' => [
+ 'class' => Argon2Password::class,
+
+ // Algorithm used:
+ // * 'argon2i' is optimized against side-channel attacks (PHP 7.2+)
+ // * 'argon2id' is optimized against both side-channel and GPU cracking (PHP 7.3+)
+ // * 'auto' to use best available algorithm. If you're using more than one server, be
+ // careful when you're mixing PHP versions because newer PHP might generate hashes that
+ // older versions might would not understand.
+ 'algo' => 'auto',
+
+ // The parameters below are the same as options accepted by password_hash().
+ // Set them to override that function's defaults.
+ //
+ // 'memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST,
+ // 'time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST,
+ // 'threads' => PASSWORD_ARGON2_DEFAULT_THREADS,
+ ],
];
/**
/**
* Prefix for metric names sent to $wgStatsdServer.
*
- * @see MediaWikiServices::getStatsdDataFactory
+ * @see MediaWikiServices::getInstance()->getStatsdDataFactory
* @see BufferingStatsdDataFactory
* @since 1.25
*/
*/
$wgExtensionCredits = [];
-/**
- * Authentication plugin.
- * @var $wgAuth AuthPlugin
- * @deprecated since 1.27 use $wgAuthManagerConfig instead
- */
-$wgAuth = null;
-
/**
* Global list of hooks.
*
'upload' => [
'upload' => [ 'upload' ],
'overwrite' => [ 'overwrite' ],
+ 'revert' => [ 'revert' ],
],
];
*/
$wgEnableBlockNoticeStats = false;
+/**
+ * Origin Trials tokens.
+ *
+ * @since 1.34
+ * @var array
+ */
+$wgOriginTrials = [];
+
+/**
+ * Enable client-side Priority Hints.
+ *
+ * @warning EXPERIMENTAL!
+ *
+ * @since 1.34
+ * @var bool
+ */
+$wgPriorityHints = false;
+
/**
* For really cool vim folding this needs to be at the end:
* vim: foldmarker=@{,@} foldmethod=marker