# HG changeset patch # User Dan # Date 1196044842 18000 # Node ID ee1fc84f12a8e0a76f56f653a76fdb737c0c832a # Parent fb3df5ce6c9e3b3016f54ce94c50045847108480 SECURITY: Tighten default allowed file types; make sure search index rebuild is performed on upgrade diff -r fb3df5ce6c9e -r ee1fc84f12a8 schema.sql --- a/schema.sql Sun Nov 25 21:18:52 2007 -0500 +++ b/schema.sql Sun Nov 25 21:40:42 2007 -0500 @@ -271,7 +271,7 @@ ('copyright_notice', '{{COPYRIGHT}}'), ('wiki_edit_notice_text', '== Why can I edit this page? ==\n\nEveryone can edit almost any page in this website. This concept is called a wiki. It gives everyone the opportunity to make a change for the best. While some spam and vandalism may occur, it is believed that most contributions will be legitimate and helpful.\n\nFor security purposes, a history of all page edits is kept, and administrators are able to restore vandalized or spammed pages with just a few clicks.'), ('cache_thumbs', '{{ENABLE_CACHE}}'), - ('max_file_size', '256000'),('enano_version', '{{VERSION}}'),( 'allowed_mime_types', 'cbf:len=168;crc=c3dcad3f;data=0[1],1[4],0[3],1[1],0[2],1[1],0[11],1[1],0[7],1[1],0[9],1[1],0[6],1[3],0[10],1[1],0[2],1[2],0[1],1[1],0[1],1[2],0[6],1[3],0[1],1[1],0[2],1[4],0[1],1[2],0[3],1[1],0[4],1[2],0[26],1[5],0[6],1[2],0[2],1[1],0[4],1[1],0[10],1[2],0[1],1[1],0[6]|end' ), + ('max_file_size', '256000'),('enano_version', '{{VERSION}}'),( 'allowed_mime_types', 'cbf:len=185;crc=55fb6f14;data=0[1],1[4],0[3],1[1],0[22],1[1],0[16],1[3],0[16],1[1],0[1],1[2],0[6],1[1],0[1],1[1],0[4],1[2],0[3],1[1],0[48],1[2],0[2],1[1],0[4],1[1],0[37]|end' ), ('contact_email', '{{ADMIN_EMAIL}}'), ('powered_btn', '1'); diff -r fb3df5ce6c9e -r ee1fc84f12a8 upgrade.php --- a/upgrade.php Sun Nov 25 21:18:52 2007 -0500 +++ b/upgrade.php Sun Nov 25 21:40:42 2007 -0500 @@ -93,7 +93,7 @@ '1.0b4' => Array('u_1_0_RC1_update_user_ids', 'u_1_0_RC1_add_admins_to_group', 'u_1_0_RC1_alter_files_table', 'u_1_0_RC1_destroy_session_cookie', 'u_1_0_RC1_set_contact_email', 'u_1_0_RC1_update_page_text'), // , // '1.0RC2' => Array('u_1_0_populate_userpage_comments') '1.0RC3' => Array('u_1_0_RC3_make_users_extra'), - '1.0.2b1' => Array('u_1_0_2_nuke_template_cache') + '1.0.2b1' => Array('u_1_0_2_nuke_template_cache', 'u_1_0_2_rebuild_search_index') ); if(!isset($_GET['mode'])) @@ -457,6 +457,13 @@ } } +function u_1_0_2_rebuild_search_index() +{ + global $paths; + @set_time_limit(0); + $paths->rebuild_search_index(); +} + switch($_GET['mode']) { case "login": diff -r fb3df5ce6c9e -r ee1fc84f12a8 upgrade.sql --- a/upgrade.sql Sun Nov 25 21:18:52 2007 -0500 +++ b/upgrade.sql Sun Nov 25 21:40:42 2007 -0500 @@ -17,6 +17,7 @@ ALTER TABLE {{TABLE_PREFIX}}pages MODIFY COLUMN urlname varchar(255), MODIFY COLUMN name varchar(255); ALTER TABLE {{TABLE_PREFIX}}page_text MODIFY COLUMN page_id varchar(255), MODIFY COLUMN namespace varchar(63), MODIFY COLUMN page_text longtext; @CREATE FULLTEXT INDEX {{TABLE_PREFIX}}page_search_idx ON {{TABLE_PREFIX}}page_text(page_id, namespace, page_text); +UPDATE {{TABLE_PREFIX}}config SET config_value='cbf:len=185;crc=55fb6f14;data=0[1],1[4],0[3],1[1],0[22],1[1],0[16],1[3],0[16],1[1],0[1],1[2],0[6],1[1],0[1],1[1],0[4],1[2],0[3],1[1],0[48],1[2],0[2],1[1],0[4],1[1],0[37]|end' WHERE config_name = 'allowed_mime_types' AND config_value='cbf:len=168;crc=c3dcad3f;data=0[1],1[4],0[3],1[1],0[2],1[1],0[11],1[1],0[7],1[1],0[9],1[1],0[6],1[3],0[10],1[1],0[2],1[2],0[1],1[1],0[1],1[2],0[6],1[3],0[1],1[1],0[2],1[4],0[1],1[2],0[3],1[1],0[4],1[2],0[26],1[5],0[6],1[2],0[2],1[1],0[4],1[1],0[10],1[2],0[1],1[1],0[6]|end'; ---END 1.0.2b1--- ---BEGIN 1.0.1.1--- ---END 1.0.1.1---