# HTML may contain cookie-stealing JavaScript and web bugs
'html', 'htm', 'js', 'jsb', 'mhtml', 'mht', 'xhtml', 'xht',
# PHP scripts may execute arbitrary code on the server
- 'php', 'phtml', 'php3', 'php4', 'php5', 'phps',
+ 'php', 'phtml', 'php3', 'php4', 'php5', 'phps', 'phar',
# Other types that may be interpreted by some servers
'shtml', 'jhtml', 'pl', 'py', 'cgi',
# May contain harmful executables for Windows victims
* - value: (number, boolean or null) the value to pass to the callback
* - forceChange: (bool, default false) if the password is invalid, do
* not let the user log in without changing the password
+ * - suggestChangeOnLogin: (bool, default false) if true and the password is
+ * invalid, suggest a password change if logging in. If all the failing policies
+ * that apply to the user have this set to false, the password change
+ * screen will not be shown. 'forceChange' takes precedence over
+ * 'suggestChangeOnLogin' if they are both present.
* As a shorthand for [ 'value' => <value> ], simply <value> can be written.
* When multiple password policies are defined for a user, the settings
* arrays are merged, and for fields which are set in both arrays, the
* 100,000 commonly used passwords. Due to the size of the list this
* is a probabilistic test.
*
+ * If you add custom checks, for Special:PasswordPolicies to display them correctly,
+ * every check should have a corresponding passwordpolicies-policy-<check> message,
+ * and every settings field other than 'value' should have a corresponding
+ * passwordpolicies-policyflag-<flag> message (<check> and <flag> are in lowercase).
+ * The check message receives the policy value as a parameter, the flag message
+ * receives the flag value (or values if it's an array).
+ *
* @since 1.26
* @see PasswordPolicyChecks
* @see User::checkPasswordValidity()
'PasswordNotInLargeBlacklist' => true,
],
'default' => [
- 'MinimalPasswordLength' => 1,
- 'PasswordCannotMatchUsername' => true,
- 'PasswordCannotMatchBlacklist' => true,
- 'MaximalPasswordLength' => 4096,
+ 'MinimalPasswordLength' => [ 'value' => 1, 'suggestChangeOnLogin' => true ],
+ 'PasswordCannotMatchUsername' => [ 'value' => true, 'suggestChangeOnLogin' => true ],
+ 'PasswordCannotMatchBlacklist' => [ 'value' => true, 'suggestChangeOnLogin' => true ],
+ 'MaximalPasswordLength' => [ 'value' => 4096, 'suggestChangeOnLogin' => true ],
],
],
'checks' => [
/**
* Prefix for metric names sent to $wgStatsdServer.
*
- * @see MediaWikiServices::getStatsdDataFactory
+ * @see MediaWikiServices::getInstance()->getStatsdDataFactory
* @see BufferingStatsdDataFactory
* @since 1.25
*/
*/
$wgExtensionCredits = [];
-/**
- * Authentication plugin.
- * @var $wgAuth AuthPlugin
- * @deprecated since 1.27 use $wgAuthManagerConfig instead
- */
-$wgAuth = null;
-
/**
* Global list of hooks.
*
'upload' => [
'upload' => [ 'upload' ],
'overwrite' => [ 'overwrite' ],
+ 'revert' => [ 'revert' ],
],
];
*/
$wgEnableBlockNoticeStats = false;
+/**
+ * Origin Trials tokens.
+ *
+ * @since 1.34
+ * @var array
+ */
+$wgOriginTrials = [];
+
+/**
+ * Enable client-side Priority Hints.
+ *
+ * @warning EXPERIMENTAL!
+ *
+ * @since 1.34
+ * @var bool
+ */
+$wgPriorityHints = false;
+
/**
* For really cool vim folding this needs to be at the end:
* vim: foldmarker=@{,@} foldmethod=marker