$wgEmergencyContact = false;
/**
- * Password reminder email address.
+ * Sender email address for e-mail notifications.
*
- * The address we should use as sender when a user is requesting his password.
+ * The address we use as sender when a user requests a password reminder.
*
* Defaults to "apache@$wgServerName".
*/
$wgPasswordSender = false;
/**
- * Password reminder name
+ * Sender name for e-mail notifications.
*
* @deprecated since 1.23; use the system message 'emailsender' instead.
*/
$wgPasswordSenderName = 'MediaWiki Mail';
/**
- * Dummy address which should be accepted during mail send action.
- * It might be necessary to adapt the address or to set it equal
- * to the $wgEmergencyContact address.
+ * Reply-To address for e-mail notifications.
+ *
+ * Defaults to $wgPasswordSender.
*/
-$wgNoReplyAddress = 'reply@not.possible.invalid';
+$wgNoReplyAddress = false;
/**
* Set to true to enable the e-mail basic features:
* Set to true to put the sending user's email in a Reply-To header
* instead of From. ($wgEmergencyContact will be used as From.)
*
- * Some mailers (eg sSMTP) set the SMTP envelope sender to the From value,
+ * Some mailers (eg SMTP) set the SMTP envelope sender to the From value,
* which can cause problems with SPF validation and leak recipient addresses
* when bounces are sent to the sender.
*/
$wgGroupPermissions['sysop']['editinterface'] = true;
$wgGroupPermissions['sysop']['editusercss'] = true;
$wgGroupPermissions['sysop']['edituserjs'] = true;
+$wgGroupPermissions['sysop']['editcontentmodel'] = true;
$wgGroupPermissions['sysop']['import'] = true;
$wgGroupPermissions['sysop']['importupload'] = true;
$wgGroupPermissions['sysop']['move'] = true;
/**
* Number of accounts each IP address may create, 0 to disable.
*
- * @warning Requires memcached
+ * @warning Requires $wgMainCacheType to be enabled
*/
$wgAccountCreationThrottle = 0;
/**
* Limit password attempts to X attempts per Y seconds per IP per account.
*
- * @warning Requires memcached.
- */
-$wgPasswordAttemptThrottle = [ 'count' => 5, 'seconds' => 300 ];
+ * Value is an array of arrays. Each sub-array must have a key for count
+ * (ie count of how many attempts before throttle) and a key for seconds.
+ * If the key 'allIPs' (case sensitive) is present, then the limit is
+ * just per account instead of per IP per account.
+ *
+ * @since 1.27 allIps support and multiple limits added in 1.27. Prior
+ * to 1.27 this only supported having a single throttle.
+ * @warning Requires $wgMainCacheType to be enabled
+ */
+$wgPasswordAttemptThrottle = [
+ // Short term limit
+ [ 'count' => 5, 'seconds' => 300 ],
+ // Long term limit. We need to balance the risk
+ // of somebody using this as a DoS attack to lock someone
+ // out of their account, and someone doing a brute force attack.
+ [ 'count' => 150, 'seconds' => 60*60*48 ],
+];
/**
* @var Array Map of (grant => right => boolean)