From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Fri, 5 Feb 2016 18:47:51 +0000 (-0500)
Subject: Add release notes and installer support for $wgAuthenticationTokenVersion
X-Git-Tag: 1.31.0-rc.0~8051
X-Git-Url: http://git.heureux-cyclage.org/?a=commitdiff_plain;h=854406883e120093a8f693e6d5f7b4bc88ec09f0;p=lhc%2Fweb%2Fwiklou.git

Add release notes and installer support for $wgAuthenticationTokenVersion

Change-Id: I092a0052b2ab50310cd8ca403d6b2f201b482d5b
---

diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index d1f8ca77ce..04bab03145 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -160,6 +160,9 @@ production.
   All values are now allowed for the role attribute.
 * $wgContentHandlers now also supports callbacks to create an instance of the
   appropriate ContentHandler subclass.
+* Added $wgAuthenticationTokenVersion, which if non-null prevents the
+  user_token database field from being exposed in cookies. Setting this would
+  be a good idea, but will log out all current sessions.
 
 === External library changes in 1.27 ===
 
diff --git a/includes/installer/Installer.php b/includes/installer/Installer.php
index de841993b5..e61e2d2509 100644
--- a/includes/installer/Installer.php
+++ b/includes/installer/Installer.php
@@ -223,6 +223,7 @@ abstract class Installer {
 		// $wgLogo is probably wrong (bug 48084); set something that will work.
 		// Single quotes work fine here, as LocalSettingsGenerator outputs this unescaped.
 		'wgLogo' => '$wgResourceBasePath/resources/assets/wiki.png',
+		'wgAuthenticationTokenVersion' => 1,
 	);
 
 	/**
diff --git a/includes/installer/LocalSettingsGenerator.php b/includes/installer/LocalSettingsGenerator.php
index 3b6a37f6a5..4f20c7003a 100644
--- a/includes/installer/LocalSettingsGenerator.php
+++ b/includes/installer/LocalSettingsGenerator.php
@@ -65,7 +65,7 @@ class LocalSettingsGenerator {
 				'wgRightsText', '_MainCacheType', 'wgEnableUploads',
 				'_MemCachedServers', 'wgDBserver', 'wgDBuser',
 				'wgDBpassword', 'wgUseInstantCommons', 'wgUpgradeKey', 'wgDefaultSkin',
-				'wgMetaNamespace', 'wgLogo',
+				'wgMetaNamespace', 'wgLogo', 'wgAuthenticationTokenVersion',
 			),
 			$db->getGlobalNames()
 		);
@@ -396,6 +396,9 @@ ${serverSetting}
 
 \$wgSecretKey = \"{$this->values['wgSecretKey']}\";
 
+# Changing this will log out all existing sessions.
+\$wgAuthenticationTokenVersion = \"{$this->values['wgAuthenticationTokenVersion']}\";
+
 # Site upgrade key. Must be set to a string (default provided) to turn on the
 # web installer while LocalSettings.php is in place
 \$wgUpgradeKey = \"{$this->values['wgUpgradeKey']}\";
diff --git a/includes/installer/WebInstallerExistingWiki.php b/includes/installer/WebInstallerExistingWiki.php
index 2c08c9c729..1d17c940f4 100644
--- a/includes/installer/WebInstallerExistingWiki.php
+++ b/includes/installer/WebInstallerExistingWiki.php
@@ -178,6 +178,13 @@ class WebInstallerExistingWiki extends WebInstallerPage {
 		// All good
 		$this->setVar( '_ExistingDBSettings', true );
 
+		// Copy $wgAuthenticationTokenVersion too, if it exists
+		$this->setVar( 'wgAuthenticationTokenVersion',
+			isset( $vars['wgAuthenticationTokenVersion'] )
+				? $vars['wgAuthenticationTokenVersion']
+				: null
+		);
+
 		return $status;
 	}