Add rate limiter to Special:ConfirmEmail

[lhc/web/wiklou.git] / includes / DefaultSettings.php

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 7d3802c..208cfe6 100644 (file)
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -330,15 +330,22 @@ $wgAppleTouchIcon = false;
 $wgReferrerPolicy = false;
 
 /**
- * The local filesystem path to a temporary directory. This is not required to
- * be web accessible.
+ * The local filesystem path to a temporary directory. This must not be web accessible.
  *
- * When this setting is set to false, its value will be set through a call
- * to wfTempDir(). See that methods implementation for the actual detection
- * logic.
+ * When this setting is set to false, its value will automatically be decided
+ * through the first call to wfTempDir(). See that method's implementation for
+ * the actual detection logic.
  *
- * Developers should use the global function wfTempDir() instead of this
- * variable.
+ * To find the temporary path for the current wiki, developers must not use
+ * this variable directly. Use the global function wfTempDir() instead.
+ *
+ * The temporary directory is expected to be shared with other applications,
+ * including other MediaWiki instances (which might not run the same version
+ * or configution). When storing files here, take care to avoid conflicts
+ * with other instances of MediaWiki. For example, when caching the result
+ * of a computation, the file name should incorporate the input of the
+ * computation so that it cannot be confused for the result of a similar
+ * computation by another MediaWiki instance.
  *
  * @see wfTempDir()
  * @note Default changed to false in MediaWiki 1.20.
@@ -1563,7 +1570,7 @@ $wgUseTinyRGBForJPGThumbnails = false;
  *   - captionLength:  Length to truncate filename to in caption when using "showfilename".
  *                     A value of 'true' will truncate the filename to one line using CSS
  *                     and will be the behaviour after deprecation.
- * @deprecated since 1.28
+ *                     @deprecated since 1.28
  *   - showBytes:      Show the filesize in bytes in categories
  *   - showDimensions: Show the dimensions (width x height) in categories
  *   - mode:           Gallery mode
@@ -5704,6 +5711,11 @@ $wgRateLimits = [
                'ip-all' => [ 10, 3600 ],
                'user' => [ 4, 86400 ]
        ],
+       // since 1.33 - rate limit email confirmations
+       'confirmemail' => [
+               'ip-all' => [ 10, 3600 ],
+               'user' => [ 4, 86400 ]
+       ],
        // Purging pages
        'purge' => [
                'ip' => [ 30, 60 ],
@@ -5796,6 +5808,7 @@ $wgGrantPermissions = [];
 // @TODO: clean up grants
 // @TODO: auto-include read/editsemiprotected rights?
 
+$wgGrantPermissions['basic']['autocreateaccount'] = true;
 $wgGrantPermissions['basic']['autoconfirmed'] = true;
 $wgGrantPermissions['basic']['autopatrol'] = true;
 $wgGrantPermissions['basic']['editsemiprotected'] = true;