Extension:MaintenanceShell/Change log

This is the change log of the MaintenanceShell extension.

  • Fix various security issues

- Use in_array on the directory scan instead of sanitising $script and doing file_exists. - Catch the output of the maintenance script with AJAX and output it as a text node instead of echo'ing it raw unescaped between <pre> and </pre>, which can cause html escape issues with the output of the maintenance script.

  • Phase out hacks in main php file, in favour of using regular MediaWiki interfaces for:

- i18n messages - user tokens - user permissions

  • Use FormSpecialPage to automatically take care of:

- Visual layout and creation of HTML <form> output - User token handling - Input validation - User block status, rights and permissions checking - Simple <select> drop down menu instead of <table> of <a> links.

  • Use ResourceLoader for delivery of javascript/css
  • Implement basic parser for the cli arguments instead of the manual regexing, also adding unit tests for many edge cases that the old regex didn't support.

To run: $ cd mw/core/tests/phpunit; $ php phpunit.php ../../extensions/MaintenanceShell/;

  • Config changes:

- Removed obsolete $wgMaintenanceShellLang - Renamed $maintenance_path to $wgMaintenanceShellPath

  • Cleaned up directory structure and file naming to latest MediaWiki extension recommendations and coding style conventions.
  • Native new lines.
  • Consistent coding style regarding curly braces, spaces and quotes.
  • Newline at EOF.
  • Fixed a small bug with the exit callback function introduced in 0.3.0.
  • Fixed XSS and CSRF vulnerabilities.
  • Fixed IE related bug.
  • Moved all strings to the language file to allow for localization.
  • Includes German language localization.
  • Fixed some minor bugs.
  • Included support for double quote marks ("") which allow for parameters with spaces as well as parameters with null values.
  • Added a few links to relevant info on the maintenance shell page.
  • Fixed some minor bugs.
  • Added message notifying user when MaintenanceShell is incorrectly configured.
  • Replaced buggy and annoying password system with Mediawiki based authentication.
  • Changed look of interface slightly.
  • First public release.