Revert "Temporarily trim leading/trailing whitespace from parser test clauses"

[lhc/web/wiklou.git] / includes / DefaultSettings.php

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 537f411..4ec82ed 100644 (file)
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -940,7 +940,7 @@ $wgFileBlacklist = [
        # HTML may contain cookie-stealing JavaScript and web bugs
        'html', 'htm', 'js', 'jsb', 'mhtml', 'mht', 'xhtml', 'xht',
        # PHP scripts may execute arbitrary code on the server
-       'php', 'phtml', 'php3', 'php4', 'php5', 'phps',
+       'php', 'phtml', 'php3', 'php4', 'php5', 'phps', 'phar',
        # Other types that may be interpreted by some servers
        'shtml', 'jhtml', 'pl', 'py', 'cgi',
        # May contain harmful executables for Windows victims
@@ -1234,7 +1234,7 @@ $wgAllowTitlesInSVG = false;
  *
  * @since 1.33
  */
-$wgMediaInTargetLanguage = false;
+$wgMediaInTargetLanguage = true;
 
 /**
  * The maximum number of pixels a source image can have if it is to be scaled
@@ -4445,6 +4445,11 @@ $wgCentralIdLookupProvider = 'local';
  * - value: (number, boolean or null) the value to pass to the callback
  * - forceChange: (bool, default false) if the password is invalid, do
  *   not let the user log in without changing the password
+ * - suggestChangeOnLogin: (bool, default false) if true and the password is
+ *   invalid, suggest a password change if logging in. If all the failing policies
+ *   that apply to the user have this set to false, the password change
+ *   screen will not be shown. 'forceChange' takes precedence over
+ *   'suggestChangeOnLogin' if they are both present.
  * As a shorthand for [ 'value' => <value> ], simply <value> can be written.
  * When multiple password policies are defined for a user, the settings
  * arrays are merged, and for fields which are set in both arrays, the
@@ -4480,6 +4485,13 @@ $wgCentralIdLookupProvider = 'local';
  *             100,000 commonly used passwords. Due to the size of the list this
  *      is a probabilistic test.
  *
+ * If you add custom checks, for Special:PasswordPolicies to display them correctly,
+ * every check should have a corresponding passwordpolicies-policy-<check> message,
+ * and every settings field other than 'value' should have a corresponding
+ * passwordpolicies-policyflag-<flag> message (<check> and <flag> are in lowercase).
+ * The check message receives the policy value as a parameter, the flag message
+ * receives the flag value (or values if it's an array).
+ *
  * @since 1.26
  * @see PasswordPolicyChecks
  * @see User::checkPasswordValidity()
@@ -4507,10 +4519,10 @@ $wgPasswordPolicy = [
                        'PasswordNotInLargeBlacklist' => true,
                ],
                'default' => [
-                       'MinimalPasswordLength' => 1,
-                       'PasswordCannotMatchUsername' => true,
-                       'PasswordCannotMatchBlacklist' => true,
-                       'MaximalPasswordLength' => 4096,
+                       'MinimalPasswordLength' => [ 'value' => 1, 'suggestChangeOnLogin' => true ],
+                       'PasswordCannotMatchUsername' => [ 'value' => true, 'suggestChangeOnLogin' => true ],
+                       'PasswordCannotMatchBlacklist' => [ 'value' => true, 'suggestChangeOnLogin' => true ],
+                       'MaximalPasswordLength' => [ 'value' => 4096, 'suggestChangeOnLogin' => true ],
                ],
        ],
        'checks' => [
@@ -4782,6 +4794,24 @@ $wgPasswordConfig = [
                'cost' => '30000',
                'length' => '64',
        ],
+       'argon2' => [
+               'class' => Argon2Password::class,
+
+               // Algorithm used:
+               // * 'argon2i' is optimized against side-channel attacks (PHP 7.2+)
+               // * 'argon2id' is optimized against both side-channel and GPU cracking (PHP 7.3+)
+               // * 'auto' to use best available algorithm. If you're using more than one server, be
+               //   careful when you're mixing PHP versions because newer PHP might generate hashes that
+               //   older versions might would not understand.
+               'algo' => 'auto',
+
+               // The parameters below are the same as options accepted by password_hash().
+               // Set them to override that function's defaults.
+               //
+               // 'memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST,
+               // 'time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST,
+               // 'threads' => PASSWORD_ARGON2_DEFAULT_THREADS,
+       ],
 ];
 
 /**
@@ -6433,7 +6463,7 @@ $wgStatsdServer = false;
 /**
  * Prefix for metric names sent to $wgStatsdServer.
  *
- * @see MediaWikiServices::getStatsdDataFactory
+ * @see MediaWikiServices::getInstance()->getStatsdDataFactory
  * @see BufferingStatsdDataFactory
  * @since 1.25
  */
@@ -7446,13 +7476,6 @@ $wgAutoloadAttemptLowercase = true;
  */
 $wgExtensionCredits = [];
 
-/**
- * Authentication plugin.
- * @var $wgAuth AuthPlugin
- * @deprecated since 1.27 use $wgAuthManagerConfig instead
- */
-$wgAuth = null;
-
 /**
  * Global list of hooks.
  *
@@ -7908,6 +7931,7 @@ $wgActionFilteredLogs = [
        'upload' => [
                'upload' => [ 'upload' ],
                'overwrite' => [ 'overwrite' ],
+               'revert' => [ 'revert' ],
        ],
 ];
 
@@ -9019,6 +9043,24 @@ $wgEnableRollbackConfirmationPrompt = true;
  */
 $wgEnableBlockNoticeStats = false;
 
+/**
+ * Origin Trials tokens.
+ *
+ * @since 1.34
+ * @var array
+ */
+$wgOriginTrials = [];
+
+/**
+ * Enable client-side Priority Hints.
+ *
+ * @warning EXPERIMENTAL!
+ *
+ * @since 1.34
+ * @var bool
+ */
+$wgPriorityHints = false;
+
 /**
  * For really cool vim folding this needs to be at the end:
  * vim: foldmarker=@{,@} foldmethod=marker