Merge "Better logging for botpasswords"

[lhc/web/wiklou.git] / includes / DefaultSettings.php

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 2dc43fe..87ca016 100644 (file)
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -3237,6 +3237,14 @@ $wgHTMLFormAllowTableFormat = true;
  */
 $wgUseMediaWikiUIEverywhere = false;
 
+/**
+ * Temporary variable that determines whether the EditPage class should use OOjs UI or not.
+ * This will be removed later and OOjs UI will become the only option.
+ *
+ * @since 1.32
+ */
+$wgOOUIPreferences = false;
+
 /**
  * Whether to label the store-to-database-and-show-to-others button in the editor
  * as "Save page"/"Save changes" if false (the default) or, if true, instead as
@@ -4273,8 +4281,6 @@ $wgAllowImageTag = false;
  *    - RaggettInternalHHVM: Use the limited-functionality HHVM extension
  *    - RaggettInternalPHP: Use the PECL extension
  *    - RaggettExternal: Shell out to an external binary (tidyBin)
- *    - Html5Depurate: Use external Depurate service
- *    - Html5Internal: Use the Balancer library in PHP
  *    - RemexHtml: Use the RemexHtml library in PHP
  *
  *  - tidyConfigFile: Path to configuration file for any of the Raggett drivers
@@ -5663,6 +5669,7 @@ $wgRateLimits = [
        'edit' => [
                'ip' => [ 8, 60 ],
                'newbie' => [ 8, 60 ],
+               'user' => [ 90, 60 ],
        ],
        // Page moves
        'move' => [
@@ -7857,10 +7864,6 @@ $wgActionFilteredLogs = [
                'autocreate' => [ 'autocreate' ],
                'byemail' => [ 'byemail' ],
        ],
-       'patrol' => [
-               'patrol' => [ 'patrol' ],
-               'autopatrol' => [ 'autopatrol' ],
-       ],
        'protect' => [
                'protect' => [ 'protect' ],
                'modify' => [ 'modify' ],
@@ -8745,6 +8748,34 @@ $wgMaxUserDBWriteDuration = false;
  */
 $wgMaxJobDBWriteDuration = false;
 
+/**
+ * Controls Content-Security-Policy header [Experimental]
+ *
+ * @see https://www.w3.org/TR/CSP2/
+ * @since 1.32
+ * @var bool|array true to send default version, false to not send.
+ *  If an array, can have parameters:
+ *  'default-src' If true or array (of additional urls) will set a default-src
+ *    directive, which limits what places things can load from. If false or not
+ *    set, will send a default-src directive allowing all sources.
+ *  'includeCORS' If true or not set, will include urls from
+ *    $wgCrossSiteAJAXdomains as an allowed load sources.
+ *  'unsafeFallback' Add unsafe-inline as a script source, as a fallback for
+ *    browsers that do not understand nonce-sources [default on].
+ *  'script-src' Array of additional places that are allowed to have JS be loaded from.
+ *  'report-uri' true to use MW api [default], false to disable, string for alternate uri
+ * @warning May cause slowness on windows due to slow random number generator.
+ */
+$wgCSPHeader = false;
+
+/**
+ * Controls Content-Security-Policy-Report-Only header
+ *
+ * @since 1.32
+ * @var bool|array Same as $wgCSPHeader
+ */
+$wgCSPReportOnlyHeader = false;
+
 /**
  * Mapping of event channels (or channel categories) to EventRelayer configuration.
  *