Hi, tl;dr: <https://gerrit.wikimedia.org/r/144854> stops supporting MediaWiki instances with register_globals enabled.
When PHP 5.3 was released, register_globals was officially deprecated, and that was over 5 years ago[1]. It was then removed in PHP 5.4. Since MediaWiki still supports 5.3, we've had a check at the top of WebStart.php and in the installer to recommend disabling register_globals if it's still enabled. When working with configuration database-related things as well as general code review of extensions, I've noticed code that does isset( $wgFoo ) in an unsafe manner. We could fix those individual issues, but I think it would be easier to just stop supporting installs that have register_globals enabled. It's 2014! I've uploaded a patchset[2] that will disable any current installation that has register_globals enabled. It also modifies the command-line installer to prevent installation if it is enabled. [1] http://www.php.net/manual/en/security.globals.php [2] https://gerrit.wikimedia.org/r/144854 -- Legoktm _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
