wrapping should be done (default true) * * See includes/tidy/RemexDriver.php for detail on configuration. * * Overriding the default configuration is strongly discouraged in * production. */ public const TidyConfig = [ 'default' => [], 'type' => 'map', ]; /** * Default Parsoid configuration. * * Overriding the default configuration is strongly discouraged in * production. * * @since 1.39 */ public const ParsoidSettings = [ 'default' => [ 'useSelser' => true, ], 'type' => 'map', ]; /** * Enable legacy media HTML structure in the output from the Parser. The * alternative modern HTML structure that replaces it is described at * https://www.mediawiki.org/wiki/Parsing/Media_structure * * @deprecated since 1.41 * @since 1.36 */ public const ParserEnableLegacyMediaDOM = [ 'default' => false, 'deprecated' => 'since 1.41', ]; /** * Enable legacy HTML structure for headings in the output from the Parser. * The legacy structure includes section edit links (and other markup added * by some extensions) inside the headings rather than outside them, leading * to poor accessibility. This doesn't affect headings on special pages. * Note that each skin also has to indicate support for the new structure. * More information: https://www.mediawiki.org/wiki/Heading_HTML_changes * * @since 1.43 */ public const ParserEnableLegacyHeadingDOM = [ 'default' => true, ]; /** * Enable shipping the styles for the media HTML structure that replaces * legacy, when $wgParserEnableLegacyMediaDOM is `false`. This is configured * separately so that it can continue to be served after the latter is disabled * but still in the cache. * * @deprecated since 1.41 * @internal Temporary flag, T51097. * @since 1.38 */ public const UseContentMediaStyles = [ 'default' => false, 'deprecated' => 'since 1.41', ]; /** * Disable shipping the styles for the legacy media HTML structure * that has been replaced when $wgParserEnableLegacyMediaDOM is `false`. This is * configured separately to give time for templates and extensions that mimic the * parser output to be migrated away. * * @internal Temporary feature flag for T318433. * @since 1.41 */ public const UseLegacyMediaStyles = [ 'default' => false, ]; /** * Allow raw, unchecked HTML in "..." sections. * * THIS IS VERY DANGEROUS on a publicly editable site, so USE $wgGroupPermissions * TO RESTRICT EDITING to only those that you trust */ public const RawHtml = [ 'default' => false, ]; /** * Set a default target for external links, e.g. _blank to pop up a new window. * * This will also set the "noreferrer" and "noopener" link rel to prevent the * attack described at https://mathiasbynens.github.io/rel-noopener/ . * Some older browsers may not support these link attributes, hence * setting $wgExternalLinkTarget to _blank may represent a security risk * to some of your users. */ public const ExternalLinkTarget = [ 'default' => false, ]; /** * If true, external URL links in wiki text will be given the * rel="nofollow" attribute as a hint to search engines that * they should not be followed for ranking purposes as they * are user-supplied and thus subject to spamming. */ public const NoFollowLinks = [ 'default' => true, ]; /** * Namespaces in which $wgNoFollowLinks doesn't apply. * * See Language.php for a list of namespaces. */ public const NoFollowNsExceptions = [ 'default' => [], 'type' => 'list', ]; /** * If this is set to an array of domains, external links to these domain names * (or any subdomains) will not be set to rel="nofollow" regardless of the * value of $wgNoFollowLinks. For instance: * * $wgNoFollowDomainExceptions = [ 'en.wikipedia.org', 'wiktionary.org', 'mediawiki.org' ]; * * This would add rel="nofollow" to links to de.wikipedia.org, but not * en.wikipedia.org, wiktionary.org, en.wiktionary.org, us.en.wikipedia.org, * etc. * * Defaults to mediawiki.org for the links included in the software by default. */ public const NoFollowDomainExceptions = [ 'default' => [ 'mediawiki.org', ], 'type' => 'list', ]; /** * By default MediaWiki does not register links pointing to same server in * externallinks dataset, use this value to override: */ public const RegisterInternalExternals = [ 'default' => false, ]; /** * Allow DISPLAYTITLE to change title display */ public const AllowDisplayTitle = [ 'default' => true, ]; /** * For consistency, restrict DISPLAYTITLE to text that normalizes to the same * canonical DB key. Also disallow some inline CSS rules like display: none; * which can cause the text to be hidden or unselectable. */ public const RestrictDisplayTitle = [ 'default' => true, ]; /** * Maximum number of calls per parse to expensive parser functions such as * PAGESINCATEGORY. */ public const ExpensiveParserFunctionLimit = [ 'default' => 100, ]; /** * Preprocessor caching threshold * Setting it to 'false' will disable the preprocessor cache. */ public const PreprocessorCacheThreshold = [ 'default' => 1000, ]; /** * Enable interwiki transcluding. Only when iw_trans=1 in the interwiki table. */ public const EnableScaryTranscluding = [ 'default' => false, ]; /** * Expiry time for transcluded templates cached in object cache. * * Only used $wgEnableInterwikiTranscluding is set to true. */ public const TranscludeCacheExpiry = [ 'default' => 3600, ]; /** * Enable the magic links feature of automatically turning ISBN xxx, * PMID xxx, RFC xxx into links * * @since 1.28 */ public const EnableMagicLinks = [ 'default' => [ 'ISBN' => false, 'PMID' => false, 'RFC' => false, ], 'type' => 'map', ]; /** * Set this to true to allow the {{USERLANGUAGE}} magic word to return the * actual user language. If it is false, {{USERLANGUAGE}} will return the * page language. Setting this to true is discouraged since the page * language should typically be used in the content area. Accessing the user * language using this feature reduces the efficiency of the parser cache. * * @since 1.43 */ public const ParserEnableUserLanguage = [ 'default' => false, ]; // endregion -- end of parser settings /***************************************************************************/ // region Statistics and content analysis /** @name Statistics and content analysis */ /** * Method used to determine if a page in a content namespace should be counted * as a valid article. * * Redirect pages will never be counted as valid articles. * * This variable can have the following values: * - 'any': all pages as considered as valid articles * - 'link': the page must contain a [[wiki link]] to be considered valid * * See also See https://www.mediawiki.org/wiki/Manual:Article_count * * Retroactively changing this variable will not affect the existing count, * to update it, you will need to run the maintenance/updateArticleCount.php * script. */ public const ArticleCountMethod = [ 'default' => 'link', ]; /** * How many days user must be idle before he is considered inactive. Will affect * the number shown on Special:Statistics, Special:ActiveUsers, and the * {{NUMBEROFACTIVEUSERS}} magic word in wikitext. * * You might want to leave this as the default value, to provide comparable * numbers between different wikis. */ public const ActiveUserDays = [ 'default' => 30, ]; /** * The following variables define 3 user experience levels: * * - newcomer: has not yet reached the 'learner' level * * - learner: has at least $wgLearnerEdits and has been * a member for $wgLearnerMemberSince days * but has not yet reached the 'experienced' level. * * - experienced: has at least $wgExperiencedUserEdits edits and * has been a member for $wgExperiencedUserMemberSince days. */ public const LearnerEdits = [ 'default' => 10, ]; /** * Number of days the user must exist before becoming a learner. * * @see self::LearnerEdits */ public const LearnerMemberSince = [ 'default' => 4, ]; /** * Number of edits the user must have before becoming "experienced". * * @see self::LearnerEdits */ public const ExperiencedUserEdits = [ 'default' => 500, ]; /** * Number of days the user must exist before becoming "experienced". * * @see self::LearnerEdits */ public const ExperiencedUserMemberSince = [ 'default' => 30, ]; /** * Maximum number of revisions of a page that will be checked against every new edit * made to determine whether the edit was a manual revert. * * Computational time required increases roughly linearly with this configuration * variable. * * Larger values will let you detect very deep reverts, but at the same time can give * unexpected results (such as marking large amounts of edits as reverts) and may slow * down the wiki slightly when saving new edits. * * Setting this to 0 will disable the manual revert detection feature entirely. * * See this document for a discussion on this topic: * https://meta.wikimedia.org/wiki/Research:Revert * * @since 1.36 */ public const ManualRevertSearchRadius = [ 'default' => 15, 'type' => 'integer', ]; /** * Maximum depth (revision count) of reverts that will have their reverted edits marked * with the mw-reverted change tag. Reverts deeper than that will not have any edits * marked as reverted at all. * * Large values can lead to lots of revisions being marked as "reverted", which may appear * confusing to users. * * Setting this to 0 will disable the reverted tag entirely. * * @since 1.36 */ public const RevertedTagMaxDepth = [ 'default' => 15, 'type' => 'integer', ]; // endregion -- End of statistics and content analysis /***************************************************************************/ // region User accounts, authentication /** @name User accounts, authentication */ /** * Central ID lookup providers * Key is the provider ID, value is a specification for ObjectFactory * * @since 1.27 */ public const CentralIdLookupProviders = [ 'default' => [ 'local' => [ 'class' => LocalIdLookup::class, 'services' => [ 'MainConfig', 'DBLoadBalancerFactory', 'HideUserUtils', ] ] ], 'type' => 'map', ]; /** * Central ID lookup provider to use by default */ public const CentralIdLookupProvider = [ 'default' => 'local', 'type' => 'string', ]; /** * User registration timestamp provider classes * @since 1.41 */ public const UserRegistrationProviders = [ 'default' => [ LocalUserRegistrationProvider::TYPE => [ 'class' => LocalUserRegistrationProvider::class, 'services' => [ 'UserFactory' ] ] ], 'type' => 'map', ]; /** * Password policy for the wiki. * * Structured as * ``` * [ * 'policies' => [ => [ => , ... ], ... ], * 'checks' => [ => , ... ], * ] * ``` * where is a user group, is a password policy name * (arbitrary string) defined in the 'checks' part, is the * PHP callable implementing the policy check, is an array * of options with the following keys: * - value: (number, boolean or null) the value to pass to the callback * - forceChange: (boolean, default false) if the password is invalid, do * not let the user log in without changing the password * - suggestChangeOnLogin: (boolean, default false) if true and the password is * invalid, suggest a password change if logging in. If all the failing policies * that apply to the user have this set to false, the password change * screen will not be shown. 'forceChange' takes precedence over * 'suggestChangeOnLogin' if they are both present. * As a shorthand for [ 'value' => ], simply can be written. * When multiple password policies are defined for a user, the settings * arrays are merged, and for fields which are set in both arrays, the * larger value (as understood by PHP's 'max' method) is taken. * * A user's effective policy is the superset of all policy statements * from the policies for the groups where the user is a member. If more * than one group policy include the same policy statement, the value is * the max() of the values. Note true > false. The 'default' policy group * is required, and serves as the minimum policy for all users. * * Callbacks receive three arguments: the policy value, the User object * and the password; and must return a StatusValue. A non-good status * means the password will not be accepted for new accounts, and existing * accounts will be prompted for password change or barred from logging in * (depending on whether the status is a fatal or merely error/warning). * * The checks supported by core are: * - MinimalPasswordLength - Minimum length a user can set. * - MinimumPasswordLengthToLogin - Passwords shorter than this will * not be allowed to login, or offered a chance to reset their password * as part of the login workflow, regardless if it is correct. * - MaximalPasswordLength - maximum length password a user is allowed * to attempt. Prevents DoS attacks with pbkdf2. * - PasswordCannotBeSubstringInUsername - Password cannot be a substring * (contained within) the username. * - PasswordCannotMatchDefaults - Username/password combination cannot * match a list of default passwords used by MediaWiki in the past. * - PasswordNotInCommonList - Password not in best practices list of * 100,000 commonly used passwords. Due to the size of the list this * is a probabilistic test. * * If you add custom checks, for Special:PasswordPolicies to display them correctly, * every check should have a corresponding passwordpolicies-policy- message, * and every settings field other than 'value' should have a corresponding * passwordpolicies-policyflag- message ( and are in lowercase). * The check message receives the policy value as a parameter, the flag message * receives the flag value (or values if it's an array). * * @since 1.26 * @see \MediaWiki\Password\PasswordPolicyChecks * @see \MediaWiki\User\User::checkPasswordValidity() */ public const PasswordPolicy = [ 'default' => [ 'policies' => [ 'bureaucrat' => [ 'MinimalPasswordLength' => 10, 'MinimumPasswordLengthToLogin' => 1, ], 'sysop' => [ 'MinimalPasswordLength' => 10, 'MinimumPasswordLengthToLogin' => 1, ], 'interface-admin' => [ 'MinimalPasswordLength' => 10, 'MinimumPasswordLengthToLogin' => 1, ], 'bot' => [ 'MinimalPasswordLength' => 10, 'MinimumPasswordLengthToLogin' => 1, ], 'default' => [ 'MinimalPasswordLength' => [ 'value' => 8, 'suggestChangeOnLogin' => true ], 'PasswordCannotBeSubstringInUsername' => [ 'value' => true, 'suggestChangeOnLogin' => true ], 'PasswordCannotMatchDefaults' => [ 'value' => true, 'suggestChangeOnLogin' => true ], 'MaximalPasswordLength' => [ 'value' => 4096, 'suggestChangeOnLogin' => true ], 'PasswordNotInCommonList' => [ 'value' => true, 'suggestChangeOnLogin' => true ], ], ], 'checks' => [ 'MinimalPasswordLength' => [ PasswordPolicyChecks::class, 'checkMinimalPasswordLength' ], 'MinimumPasswordLengthToLogin' => [ PasswordPolicyChecks::class, 'checkMinimumPasswordLengthToLogin' ], 'PasswordCannotBeSubstringInUsername' => [ PasswordPolicyChecks::class, 'checkPasswordCannotBeSubstringInUsername' ], 'PasswordCannotMatchDefaults' => [ PasswordPolicyChecks::class, 'checkPasswordCannotMatchDefaults' ], 'MaximalPasswordLength' => [ PasswordPolicyChecks::class, 'checkMaximalPasswordLength' ], 'PasswordNotInCommonList' => [ PasswordPolicyChecks::class, 'checkPasswordNotInCommonList' ], ], ], 'type' => 'map', 'mergeStrategy' => 'array_replace_recursive', ]; /** * Configure AuthManager * * All providers are constructed using ObjectFactory, see that for the general * structure. The array may also contain a key "sort" used to order providers: * providers are stably sorted by this value, which should be an integer * (default is 0). * * Elements are: * - preauth: Array (keys ignored) of specifications for PreAuthenticationProviders * - primaryauth: Array (keys ignored) of specifications for PrimaryAuthenticationProviders * - secondaryauth: Array (keys ignored) of specifications for SecondaryAuthenticationProviders * * @since 1.27 * @note If this is null or empty, the value from $wgAuthManagerAutoConfig is * used instead. Local customization should generally set this variable from * scratch to the desired configuration. Extensions that want to * auto-configure themselves should use $wgAuthManagerAutoConfig instead. */ public const AuthManagerConfig = [ 'default' => null, 'type' => '?map', ]; /** * @see self::AuthManagerConfig * @since 1.27 */ public const AuthManagerAutoConfig = [ 'default' => [ 'preauth' => [ ThrottlePreAuthenticationProvider::class => [ 'class' => ThrottlePreAuthenticationProvider::class, 'sort' => 0, ], ], 'primaryauth' => [ // TemporaryPasswordPrimaryAuthenticationProvider should come before // any other PasswordAuthenticationRequest-based // PrimaryAuthenticationProvider (or at least any that might return // FAIL rather than ABSTAIN for a wrong password), or password reset // won't work right. Do not remove this (or change the key) or // auto-configuration of other such providers in extensions will // probably auto-insert themselves in the wrong place. TemporaryPasswordPrimaryAuthenticationProvider::class => [ 'class' => TemporaryPasswordPrimaryAuthenticationProvider::class, 'services' => [ 'DBLoadBalancerFactory', 'UserOptionsLookup', ], 'args' => [ [ // Fall through to LocalPasswordPrimaryAuthenticationProvider 'authoritative' => false, ] ], 'sort' => 0, ], LocalPasswordPrimaryAuthenticationProvider::class => [ 'class' => LocalPasswordPrimaryAuthenticationProvider::class, 'services' => [ 'DBLoadBalancerFactory', ], 'args' => [ [ // Last one should be authoritative, or else the user will get // a less-than-helpful error message (something like "supplied // authentication info not supported" rather than "wrong // password") if it too fails. 'authoritative' => true, ] ], 'sort' => 100, ], ], 'secondaryauth' => [ CheckBlocksSecondaryAuthenticationProvider::class => [ 'class' => CheckBlocksSecondaryAuthenticationProvider::class, 'sort' => 0, ], ResetPasswordSecondaryAuthenticationProvider::class => [ 'class' => ResetPasswordSecondaryAuthenticationProvider::class, 'sort' => 100, ], // Linking during login is experimental, enable at your own risk - T134952 // MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class => [ // 'class' => MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class, // 'sort' => 100, // ], EmailNotificationSecondaryAuthenticationProvider::class => [ 'class' => EmailNotificationSecondaryAuthenticationProvider::class, 'services' => [ 'DBLoadBalancerFactory', ], 'sort' => 200, ], ], ], 'type' => 'map', 'mergeStrategy' => 'array_plus_2d', ]; /** * Configures RememberMe authentication request added by AuthManager. It can show a "remember * me" checkbox that, when checked, will cause it to take more time for the authenticated * session to expire. It can also be configured to always or to never extend the authentication * session. * * Valid values are listed in RememberMeAuthenticationRequest::ALLOWED_FLAGS. * * @since 1.36 */ public const RememberMe = [ 'default' => 'choose', 'type' => 'string', ]; /** * Time frame for re-authentication. * * With only password-based authentication, you'd just ask the user to re-enter * their password to verify certain operations like changing the password or * changing the account's email address. But under AuthManager, the user might * not have a password (you might even have to redirect the browser to a * third-party service or something complex like that), you might want to have * both factors of a two-factor authentication, and so on. So, the options are: * - Incorporate the whole multi-step authentication flow within everything * that needs to do this. * - Consider it good if they used Special:UserLogin during this session within * the last X seconds. * - Come up with a third option. * * MediaWiki currently takes the second option. This setting configures the * "X seconds". * * This allows for configuring different time frames for different * "operations". The operations used in MediaWiki core include: * - LinkAccounts * - UnlinkAccount * - ChangeCredentials * - RemoveCredentials * - ChangeEmail * * Additional operations may be used by extensions, either explicitly by * calling AuthManager::securitySensitiveOperationStatus(), * ApiAuthManagerHelper::securitySensitiveOperation() or * SpecialPage::checkLoginSecurityLevel(), or implicitly by overriding * SpecialPage::getLoginSecurityLevel() or by subclassing * AuthManagerSpecialPage. * * The key 'default' is used if a requested operation isn't defined in the array. * * @since 1.27 */ public const ReauthenticateTime = [ 'default' => [ 'default' => 300, ], 'type' => 'map', 'additionalProperties' => [ 'type' => 'integer', ], ]; /** * Whether to allow security-sensitive operations when re-authentication is not possible. * * If AuthManager::canAuthenticateNow() is false (e.g. the current * SessionProvider is not able to change users, such as when OAuth is in use), * AuthManager::securitySensitiveOperationStatus() cannot sensibly return * SEC_REAUTH. Setting an operation true here will have it return SEC_OK in * that case, while setting it false will have it return SEC_FAIL. * * The key 'default' is used if a requested operation isn't defined in the array. * * @since 1.27 * @see self::ReauthenticateTime */ public const AllowSecuritySensitiveOperationIfCannotReauthenticate = [ 'default' => [ 'default' => true, ], 'type' => 'map', 'additionalProperties' => [ 'type' => 'boolean', ], ]; /** * List of AuthenticationRequest class names which are not changeable through * Special:ChangeCredentials and the changeauthenticationdata API. * * This is only enforced on the client level; AuthManager itself (e.g. * AuthManager::allowsAuthenticationDataChange calls) is not affected. * Class names are checked for exact match (not for subclasses). * * @since 1.27 */ public const ChangeCredentialsBlacklist = [ 'default' => [ TemporaryPasswordAuthenticationRequest::class, ], 'type' => 'list', 'items' => [ 'type' => 'string', ], ]; /** * List of AuthenticationRequest class names which are not removable through * Special:RemoveCredentials and the removeauthenticationdata API. * * This is only enforced on the client level; AuthManager itself (e.g. * AuthManager::allowsAuthenticationDataChange calls) is not affected. * Class names are checked for exact match (not for subclasses). * * @since 1.27 */ public const RemoveCredentialsBlacklist = [ 'default' => [ PasswordAuthenticationRequest::class, ], 'type' => 'list', 'items' => [ 'type' => 'string', ], ]; /** * Specifies if users should be sent to a password-reset form on login, if their * password doesn't meet the requirements of User::isValidPassword(). * * @since 1.23 */ public const InvalidPasswordReset = [ 'default' => true, ]; /** * Default password type to use when hashing user passwords. * * Must be set to a type defined in $wgPasswordConfig, or a type that * is registered by default in PasswordFactory.php. * * @since 1.24 */ public const PasswordDefault = [ 'default' => 'pbkdf2', ]; /** * Configuration for built-in password types. * * Maps the password type to an array of options: * * - class: The Password class to use. * - factory (since 1.40): A function that creates and returns a suitable Password object. * This option is intended only for internal use; the function signature is unstable and * subject to change in future versions. * * All other options are class-dependent. * * An advanced example: * * ``` * $wgPasswordConfig['bcrypt-peppered'] = [ * 'class' => EncryptedPassword::class, * 'underlying' => 'bcrypt', * 'secrets' => [ * hash( 'sha256', 'secret', true ), * ], * 'cipher' => 'aes-256-cbc', * ]; * ``` * * @since 1.24 */ public const PasswordConfig = [ 'default' => [ 'A' => [ 'class' => MWOldPassword::class, ], 'B' => [ 'class' => MWSaltedPassword::class, ], 'pbkdf2-legacyA' => [ 'class' => LayeredParameterizedPassword::class, 'types' => [ 'A', 'pbkdf2', ], ], 'pbkdf2-legacyB' => [ 'class' => LayeredParameterizedPassword::class, 'types' => [ 'B', 'pbkdf2', ], ], 'bcrypt' => [ 'class' => BcryptPassword::class, 'cost' => 9, ], 'pbkdf2' => [ 'class' => Pbkdf2PasswordUsingOpenSSL::class, 'algo' => 'sha512', 'cost' => '30000', 'length' => '64', ], 'argon2' => [ 'class' => Argon2Password::class, // Algorithm used: // * 'argon2i' is optimized against side-channel attacks // * 'argon2id' is optimized against both side-channel and GPU cracking // * 'auto' to use the best available algorithm. If you're using more than one server, be // careful when you're mixing PHP versions because newer PHP might generate hashes that // older versions would not understand. 'algo' => 'auto', // The parameters below are the same as options accepted by password_hash(). // Set them to override that function's defaults. // // 'memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST, // 'time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST, // 'threads' => PASSWORD_ARGON2_DEFAULT_THREADS, ], ], 'type' => 'map', ]; /** * Whether to allow password resets ("enter some identifying data, and we'll send an email * with a temporary password you can use to get back into the account") identified by * various bits of data. Setting all of these to false (or the whole variable to false) * has the effect of disabling password resets entirely */ public const PasswordResetRoutes = [ 'default' => [ 'username' => true, 'email' => true, ], 'type' => 'map', ]; /** * Maximum number of Unicode characters in signature */ public const MaxSigChars = [ 'default' => 255, ]; /** * Behavior of signature validation. Allowed values are: * - 'warning' - invalid signatures cause a warning to be displayed on the preferences page, * but they are still used when signing comments; new invalid signatures can still be saved as * normal * - 'new' - existing invalid signatures behave as above; new invalid signatures can't be * saved * - 'disallow' - existing invalid signatures are no longer used when signing comments; new * invalid signatures can't be saved * * @since 1.35 */ public const SignatureValidation = [ 'default' => 'warning', ]; /** * List of lint error codes which don't cause signature validation to fail. * * @see https://www.mediawiki.org/wiki/Help:Lint_errors * @since 1.35 */ public const SignatureAllowedLintErrors = [ 'default' => [ 'obsolete-tag', ], 'type' => 'list', ]; /** * Maximum number of bytes in username. You want to run the maintenance * script ./maintenance/checkUsernames.php once you have changed this value. */ public const MaxNameChars = [ 'default' => 255, ]; /** * Array of usernames which may not be registered or logged in from * Maintenance scripts can still use these * * @see \MediaWiki\User\User::MAINTENANCE_SCRIPT_USER */ public const ReservedUsernames = [ 'default' => [ 'MediaWiki default', // Default 'Main Page' and MediaWiki: message pages 'Conversion script', // Used for the old Wikipedia software upgrade 'Maintenance script', // Maintenance scripts which perform editing, image import script 'Template namespace initialisation script', // Used in 1.2->1.3 upgrade 'ScriptImporter', // Default user name used by maintenance/importSiteScripts.php 'Delete page script', // Default user name used by maintenance/deleteBatch.php 'Move page script', // Default user name used by maintenance/deleteBatch.php 'Command line script', // Default user name used by maintenance/undelete.php 'Unknown user', // Used in WikiImporter & RevisionStore for revisions with no author and in User for invalid user id 'msg:double-redirect-fixer', // Automatic double redirect fix 'msg:usermessage-editor', // Default user for leaving user messages 'msg:proxyblocker', // For $wgProxyList and Special:Blockme (removed in 1.22) 'msg:sorbs', // For $wgEnableDnsBlacklist etc. 'msg:spambot_username', // Used by cleanupSpam.php 'msg:autochange-username', // Used by anon category RC entries (parser functions, Lua & purges) ], 'type' => 'list', ]; /** * Settings added to this array will override the default globals for the user * preferences used by anonymous visitors and newly created accounts. * * For instance, to disable editing on double clicks: * $wgDefaultUserOptions ['editondblclick'] = 0; * * To save storage space, no user_properties row will be stored for users with the * default setting for a given option, even if the user manually selects that option. * This means that a change to the defaults will change the setting for all users who * have been using the default setting; there is no way for users to opt out of this. * $wgConditionalUserOptions can be used to change the default value for future users * only. * * @see self::ConditionalUserOptions */ public const DefaultUserOptions = [ 'default' => // This array should be sorted by key [ 'ccmeonemails' => 0, 'date' => 'default', 'diffonly' => 0, 'diff-type' => 'table', 'disablemail' => 0, 'editfont' => 'monospace', 'editondblclick' => 0, 'editrecovery' => 0, 'editsectiononrightclick' => 0, 'email-allow-new-users' => 1, 'enotifminoredits' => 0, 'enotifrevealaddr' => 0, 'enotifusertalkpages' => 1, 'enotifwatchlistpages' => 1, 'extendwatchlist' => 1, 'fancysig' => 0, 'forceeditsummary' => 0, 'forcesafemode' => 0, 'gender' => 'unknown', 'hidecategorization' => 1, 'hideminor' => 0, 'hidepatrolled' => 0, 'imagesize' => 2, 'minordefault' => 0, 'newpageshidepatrolled' => 0, 'nickname' => '', 'norollbackdiff' => 0, 'prefershttps' => 1, 'previewonfirst' => 0, 'previewontop' => 1, 'pst-cssjs' => 1, 'rcdays' => 7, 'rcenhancedfilters-disable' => 0, 'rclimit' => 50, 'requireemail' => 0, 'search-match-redirect' => true, 'search-special-page' => 'Search', 'search-thumbnail-extra-namespaces' => true, 'searchlimit' => 20, 'showhiddencats' => 0, 'shownumberswatching' => 1, 'showrollbackconfirmation' => 0, 'skin' => false, 'skin-responsive' => 1, 'thumbsize' => 5, 'underline' => 2, 'useeditwarning' => 1, 'uselivepreview' => 0, 'usenewrc' => 1, 'watchcreations' => 1, 'watchdefault' => 1, 'watchdeletion' => 0, 'watchlistdays' => 7, 'watchlisthideanons' => 0, 'watchlisthidebots' => 0, 'watchlisthidecategorization' => 1, 'watchlisthideliu' => 0, 'watchlisthideminor' => 0, 'watchlisthideown' => 0, 'watchlisthidepatrolled' => 0, 'watchlistreloadautomatically' => 0, 'watchlistunwatchlinks' => 0, 'watchmoves' => 0, 'watchrollback' => 0, 'watchuploads' => 1, 'wlenhancedfilters-disable' => 0, 'wllimit' => 250, ], 'type' => 'map', ]; /** * Conditional defaults for user options * * Map of user options to conditional defaults descriptors, which is an array * of conditional cases [ VALUE, CONDITION1, CONDITION2 ], where VALUE is the default value for * all users that meet ALL conditions, and each CONDITION is either a: * (a) a CUDCOND_* constant (when condition does not take any arguments), or * (b) an array [ CUDCOND_*, argument1, argument1, ... ] (when chosen condition takes at * least one argument). * * When `null` is used as the VALUE, it is interpreted as "no conditional default for this * condition". In other words, `null` and $wgDefaultUserOptions['user-option'] can be used * interchangeably as the VALUE. * * All conditions are evaluated in order. When no condition matches. * $wgDefaultUserOptions is used instead. * * Example of valid configuration: * $wgConditionalUserOptions['user-option'] = [ * [ 'registered in 2024', [ CUDCOND_AFTER, '20240101000000' ] ] * ]; * * List of valid conditions: * * CUDCOND_AFTER: user registered after given timestamp (args: string $timestamp) * * CUDCOND_ANON: allows specifying a default for anonymous (logged-out, non-temporary) users * * CUDCOND_NAMED: allows specifying a default for named (registered, non-temporary) users * * CUDCOND_USERGROUP: users with a specific user group * * @since 1.42 * @see self::DefaultUserOptions */ public const ConditionalUserOptions = [ 'default' => [], 'type' => 'map', ]; /** * An array of preferences to not show for the user */ public const HiddenPrefs = [ 'default' => [], 'type' => 'list', ]; /** * Characters to prevent during new account creations. * * This is used in a regular expression character class during * registration (regex metacharacters like / are escaped). */ public const InvalidUsernameCharacters = [ 'default' => '@:>=', ]; /** * Character used as a delimiter when testing for interwiki userrights * (In Special:UserRights, it is possible to modify users on different * databases if the delimiter is used, e.g. "Someuser@enwiki"). * * It is recommended that you have this delimiter in * $wgInvalidUsernameCharacters above, or you will not be able to * modify the user rights of those users via Special:UserRights */ public const UserrightsInterwikiDelimiter = [ 'default' => '@', ]; /** * This is to let user authenticate using https when they come from http. * * Based on an idea by George Herbert on wikitech-l: * https://lists.wikimedia.org/pipermail/wikitech-l/2010-October/050039.html * * @since 1.17 */ public const SecureLogin = [ 'default' => false, ]; /** * Versioning for authentication tokens. * * If non-null, this is combined with the user's secret (the user_token field * in the DB) to generate the token cookie. Changing this will invalidate all * active sessions (i.e. it will log everyone out). * * @since 1.27 */ public const AuthenticationTokenVersion = [ 'default' => null, 'type' => '?string', ]; /** * MediaWiki\Session\SessionProvider configuration. * * Values are ObjectFactory specifications for the SessionProviders to be * used. Keys in the array are ignored; the class name is conventionally * used as the key to avoid collisions. Order is not significant. * * @since 1.27 */ public const SessionProviders = [ 'type' => 'map', 'default' => [ \MediaWiki\Session\CookieSessionProvider::class => [ 'class' => \MediaWiki\Session\CookieSessionProvider::class, 'args' => [ [ 'priority' => 30, ] ], ], \MediaWiki\Session\BotPasswordSessionProvider::class => [ 'class' => \MediaWiki\Session\BotPasswordSessionProvider::class, 'args' => [ [ 'priority' => 75, ] ], 'services' => [ 'GrantsInfo' ], ], ], ]; /** * Configuration for automatic creation of temporary accounts on page save. * This can be enabled to avoid exposing the IP addresses of casual editors who * do not explicitly create an account. * * @warning This is EXPERIMENTAL, enabling may break extensions. * * An associative array with the following keys: * * - known: (bool) Whether auto-creation is known about. Set this to 'true' if * temp accounts have been created on this wiki already. This setting allows * temp users to be recognized even if auto-creation is currently disabled. * If auto-creation is enabled via the 'enabled' property, then 'known' is * overriden to true. * - enabled: (bool) Whether auto-creation is enabled. If changing this * value from 'true' to 'false', you should also set 'known' to true, so * that relevant code can continue to identify temporary accounts as * visually and conceptually distinct from anonymous accounts and named accounts. * - actions: (array) A list of actions for which the feature is enabled. * Currently only "edit" is supported. * - genPattern: (string) The pattern used when generating new usernames. * This should have "$1" indicating the place where the serial string will * be substituted. * - matchPattern: (string|string[]|null) The pattern used when determining whether a * username is a temporary user. This affects the rights of the user * and also prevents explicit creation of users with matching names. * This is ignored if "enabled" is false. If the value is null, the * the genPattern value is used as the matchPattern. * - reservedPattern: (string) A pattern used to determine whether a * username should be denied for explicit creation, in addition to * matchPattern. This is used even if "enabled" is false. * - serialProvider: (array) Configuration for generation of unique integer * indexes which are used to make temporary usernames. * - type: (string) May be "local" to allocate indexes using the local * database. If the CentralAuth extension is enabled, it may be * "centralauth". Extensions may plug in additional types using the * TempUserSerialProviders attribute. * - numShards (int, default 1): A small integer. This can be set to a * value greater than 1 to avoid acquiring a global lock when * allocating IDs, at the expense of making the IDs be non-monotonic. * - useYear: (bool) Restart at 1 each time the year changes (in UTC). * To avoid naming conflicts, the year is included in the name after * the prefix, in the form 'YYYY-'. * - serialMapping: (array) Configuration for mapping integer indexes to strings * to substitute into genPattern. * - type: (string) May be * - "plain-numeric" to use ASCII decimal numbers * - "localized-numeric" to use numbers localized using a specific language * - "filtered-radix" to use numbers in an arbitrary base between 2 and 36, * with an optional list of "bad" IDs to skip over. * - "scramble": to use ASCII decimal numbers that are short but * non-consecutive. * - language: (string) With "localized-numeric", the language code * - radix: (int) With "filtered-radix", the base * - badIndexes: (array) With "filtered-radix", an array with the bad unmapped * indexes in the values. The integers must be sorted and the list * must never change after the indexes have been allocated. The keys must * be zero-based array indexes. * - uppercase: (bool) With "filtered-radix", whether to use uppercase * letters, default false. * - offset: (int) With "plain-numeric", a constant to add to the stored index. * - expireAfterDays: (int|null, default 90) If not null, how many days should the temporary * accounts expire? Requires expireTemporaryAccounts.php to be periodically executed in * order to work. * - notifyBeforeExpirationDays: (int|null, default 10) If not null, how many days before the * expiration of a temporary account should it be notified that their account is to be expired. * * @unstable EXPERIMENTAL * @since 1.39 */ public const AutoCreateTempUser = [ 'properties' => [ 'known' => [ 'type' => 'bool', 'default' => false ], 'enabled' => [ 'type' => 'bool', 'default' => false ], 'actions' => [ 'type' => 'list', 'default' => [ 'edit' ] ], 'genPattern' => [ 'type' => 'string', 'default' => '~$1' ], 'matchPattern' => [ 'type' => 'string|array|null', 'default' => null ], 'reservedPattern' => [ 'type' => 'string|null', 'default' => '~$1' ], 'serialProvider' => [ 'type' => 'object', 'default' => [ 'type' => 'local', 'useYear' => true ] ], 'serialMapping' => [ 'type' => 'object', 'default' => [ 'type' => 'plain-numeric' ] ], 'expireAfterDays' => [ 'type' => 'int|null', 'default' => 90 ], 'notifyBeforeExpirationDays' => [ 'type' => 'int|null', 'default' => 10 ], ], 'type' => 'object', ]; // endregion -- end user accounts /***************************************************************************/ // region User rights, access control and monitoring /** @name User rights, access control and monitoring */ /** * Number of seconds before autoblock entries expire. Default 86400 = 1 day. */ public const AutoblockExpiry = [ 'default' => 86400, ]; /** * Set this to true to allow blocked users to edit their own user talk page. * * This only applies to sitewide blocks. Partial blocks always allow users to * edit their own user talk page unless otherwise specified in the block * restrictions. */ public const BlockAllowsUTEdit = [ 'default' => true, ]; /** * Limits on the possible sizes of range blocks. * * CIDR notation is hard to understand, it's easy to mistakenly assume that a * /1 is a small range and a /31 is a large range. For IPv4, setting a limit of * half the number of bits avoids such errors, and allows entire ISPs to be * blocked using a small number of range blocks. * * For IPv6, RFC 3177 recommends that a /48 be allocated to every residential * customer, so range blocks larger than /64 (half the number of bits) will * plainly be required. RFC 4692 implies that a very large ISP may be * allocated a /19 if a generous HD-Ratio of 0.8 is used, so we will use that * as our limit. As of 2012, blocking the whole world would require a /4 range. */ public const BlockCIDRLimit = [ 'default' => [ 'IPv4' => 16, 'IPv6' => 19, ], 'type' => 'map', ]; /** * If true, sitewide blocked users will not be allowed to login. (Direct * blocks only; IP blocks are ignored.) This can be used to remove users' * read access on a private wiki. */ public const BlockDisablesLogin = [ 'default' => false, ]; /** * Flag to enable partial blocks against performing certain actions. * * @unstable Temporary feature flag, T280532 * @since 1.37 */ public const EnablePartialActionBlocks = [ 'default' => false, 'type' => 'boolean', ]; /** * If this is false, the number of blocks of a given target is limited to only 1. * * @since 1.42 */ public const EnableMultiBlocks = [ 'default' => false, 'type' => 'boolean', ]; /** * Ipblocks table schema migration stage, for normalizing ipb_address field and * adding the block_target table. * * Use the SCHEMA_COMPAT_XXX flags. Supported values: * * - SCHEMA_COMPAT_OLD * - SCHEMA_COMPAT_WRITE_BOTH | SCHEMA_COMPAT_READ_OLD * - SCHEMA_COMPAT_NEW * * History: * - 1.42: Added * - 1.43: Default changed from SCHEMA_COMPAT_OLD to SCHEMA_COMPAT_NEW * - 1.43: Deprecated, ignored, SCHEMA_COMPAT_NEW is implied * * @deprecated since 1.43 */ public const BlockTargetMigrationStage = [ 'default' => SCHEMA_COMPAT_NEW, 'type' => 'integer', ]; /** * Pages anonymous user may see, set as an array of pages titles. * * **Example:** * * ``` * $wgWhitelistRead = [ "Main Page", "Wikipedia:Help" ]; * ``` * * Special:Userlogin and Special:ChangePassword are always allowed. * * @note This will only work if $wgGroupPermissions['*']['read'] is false -- * see below. Otherwise, ALL pages are accessible, regardless of this setting. * @note Also that this will only protect _pages in the wiki_. Uploaded files * will remain readable. You can use img_auth.php to protect uploaded files, * see https://www.mediawiki.org/wiki/Manual:Image_Authorization * @note Extensions should not modify this, but use the TitleReadWhitelist * hook instead. */ public const WhitelistRead = [ 'default' => false, ]; /** * Pages anonymous user may see, set as an array of regular expressions. * * This function will match the regexp against the title name, which * is without underscore. * * **Example:** * To whitelist [[Main Page]]: * * ``` * $wgWhitelistReadRegexp = [ "/Main Page/" ]; * ``` * @note Unless ^ and/or $ is specified, a regular expression might match * pages not intended to be allowed. The above example will also * allow a page named 'Security Main Page'. * * **Example:** * To allow reading any page starting with 'User' regardless of the case: * * ``` * $wgWhitelistReadRegexp = [ "@^UsEr.*@i" ]; * ``` * * Will allow both [[User is banned]] and [[User:JohnDoe]] * @note This will only work if $wgGroupPermissions['*']['read'] is false -- * see below. Otherwise, ALL pages are accessible, regardless of this setting. */ public const WhitelistReadRegexp = [ 'default' => false, ]; /** * Should editors be required to have a validated e-mail * address before being allowed to edit? */ public const EmailConfirmToEdit = [ 'default' => false, ]; /** * Should MediaWiki attempt to protect user's privacy when doing redirects? * Keep this true if access counts to articles are made public. */ public const HideIdentifiableRedirects = [ 'default' => true, ]; /** * Permission keys given to users in each group. * * This is an array where the keys are all groups and each value is an * array of the format (right => boolean). * * The second format is used to support per-namespace permissions. * Note that this feature does not fully work for all permission types. * * All users are implicitly in the '*' group including anonymous visitors; * logged-in users are all implicitly in the 'user' group. These will be * combined with the permissions of all groups that a given user is listed * in the user_groups table. * * Note: Don't set $wgGroupPermissions = []; unless you know what you're * doing! This will wipe all permissions, and may mean that your users are * unable to perform certain essential tasks or access new functionality * when new permissions are introduced and default grants established. * * Functionality to make pages inaccessible has not been extensively tested * for security. Use at your own risk! * * This replaces $wgWhitelistAccount and $wgWhitelistEdit */ public const GroupPermissions = [ 'type' => 'map', 'additionalProperties' => [ 'type' => 'map', 'additionalProperties' => [ 'type' => 'boolean', ], ], 'mergeStrategy' => 'array_plus_2d', 'default' => [ '*' => [ 'createaccount' => true, 'read' => true, 'edit' => true, 'createpage' => true, 'createtalk' => true, 'viewmyprivateinfo' => true, 'editmyprivateinfo' => true, 'editmyoptions' => true, ], 'user' => [ 'move' => true, 'move-subpages' => true, 'move-rootuserpages' => true, 'move-categorypages' => true, 'movefile' => true, 'read' => true, 'edit' => true, 'createpage' => true, 'createtalk' => true, 'upload' => true, 'reupload' => true, 'reupload-shared' => true, 'minoredit' => true, 'editmyusercss' => true, 'editmyuserjson' => true, 'editmyuserjs' => true, 'editmyuserjsredirect' => true, 'sendemail' => true, 'applychangetags' => true, 'changetags' => true, 'editcontentmodel' => true, 'viewmywatchlist' => true, 'editmywatchlist' => true, ], 'autoconfirmed' => [ 'autoconfirmed' => true, 'editsemiprotected' => true, ], 'bot' => [ 'bot' => true, 'autoconfirmed' => true, 'editsemiprotected' => true, 'nominornewtalk' => true, 'autopatrol' => true, 'suppressredirect' => true, 'apihighlimits' => true, ], 'sysop' => [ 'block' => true, 'createaccount' => true, 'delete' => true, 'bigdelete' => true, 'deletedhistory' => true, 'deletedtext' => true, 'undelete' => true, 'editinterface' => true, 'editsitejson' => true, 'edituserjson' => true, 'import' => true, 'importupload' => true, 'move' => true, 'move-subpages' => true, 'move-rootuserpages' => true, 'move-categorypages' => true, 'patrol' => true, 'autopatrol' => true, 'protect' => true, 'editprotected' => true, 'rollback' => true, 'upload' => true, 'reupload' => true, 'reupload-shared' => true, 'unwatchedpages' => true, 'autoconfirmed' => true, 'editsemiprotected' => true, 'ipblock-exempt' => true, 'blockemail' => true, 'markbotedits' => true, 'apihighlimits' => true, 'browsearchive' => true, 'noratelimit' => true, 'movefile' => true, 'unblockself' => true, 'suppressredirect' => true, 'mergehistory' => true, 'managechangetags' => true, 'deletechangetags' => true, ], 'interface-admin' => [ 'editinterface' => true, 'editsitecss' => true, 'editsitejson' => true, 'editsitejs' => true, 'editusercss' => true, 'edituserjson' => true, 'edituserjs' => true, ], 'bureaucrat' => [ 'userrights' => true, 'noratelimit' => true, 'renameuser' => true, ], 'suppress' => [ 'hideuser' => true, 'suppressrevision' => true, 'viewsuppressed' => true, 'suppressionlog' => true, 'deleterevision' => true, 'deletelogentry' => true, ], ], ]; /** * List of groups which should be considered privileged (user accounts * belonging in these groups can be abused in dangerous ways). * This is used for some security checks, mainly logging. * @since 1.41 * @see \MediaWiki\User\UserGroupManager::getUserPrivilegedGroups() */ public const PrivilegedGroups = [ 'default' => [ 'bureaucrat', 'interface-admin', 'suppress', 'sysop', ], 'type' => 'list', ]; /** * Permission keys revoked from users in each group. * * This acts the same way as $wgGroupPermissions above, except that * if the user is in a group here, the permission will be removed from them. * * Improperly setting this could mean that your users will be unable to perform * certain essential tasks, so use at your own risk! */ public const RevokePermissions = [ 'default' => [], 'type' => 'map', 'mergeStrategy' => 'array_plus_2d', ]; /** * Groups that should inherit permissions from another group * * This allows defining a group that inherits its permissions * from another group without having to copy all the permission * grants over. For example, if you wanted a manual "confirmed" * group that had the same permissions as "autoconfirmed": * * ``` * $wgGroupInheritsPermissions['confirmed'] = 'autoconfirmed'; * ``` * * Recursive inheritance is currently not supported. In the above * example, confirmed will only gain the permissions explicitly * granted (or revoked) from autoconfirmed, not any permissions * that autoconfirmed might inherit. * * @since 1.38 */ public const GroupInheritsPermissions = [ 'default' => [], 'type' => 'map', 'additionalProperties' => [ 'type' => 'string', ], ]; /** * Implicit groups, aren't shown on Special:Listusers or somewhere else */ public const ImplicitGroups = [ 'default' => [ '*', 'user', 'autoconfirmed' ], 'type' => 'list', ]; /** * A map of group names that the user is in, to group names that those users * are allowed to add or revoke. * * Setting the list of groups to add or revoke to true is equivalent to "any * group". * * **Example:** * To allow sysops to add themselves to the "bot" group: * * ``` * $wgGroupsAddToSelf = [ 'sysop' => [ 'bot' ] ]; * ``` * * **Example:** * Implicit groups may be used for the source group, for instance: * * ``` * $wgGroupsRemoveFromSelf = [ '*' => true ]; * ``` * * This allows users in the '*' group (i.e. any user) to remove themselves from * any group that they happen to be in. */ public const GroupsAddToSelf = [ 'default' => [], 'type' => 'map', ]; /** * @see self::GroupsAddToSelf */ public const GroupsRemoveFromSelf = [ 'default' => [], 'type' => 'map', ]; /** * Set of available actions that can be restricted via action=protect * You probably shouldn't change this. * * Translated through restriction-* messages. * RestrictionStore::listApplicableRestrictionTypes() will remove restrictions that are not * applicable to a specific title (create and upload) */ public const RestrictionTypes = [ 'default' => [ 'create', 'edit', 'move', 'upload' ], 'type' => 'list', ]; /** * Rights which can be required for each protection level (via action=protect) * * You can add a new protection level that requires a specific * permission by manipulating this array. The ordering of elements * dictates the order on the protection form's lists. * * - '' will be ignored (i.e. unprotected) * - 'autoconfirmed' is quietly rewritten to 'editsemiprotected' for backwards compatibility * - 'sysop' is quietly rewritten to 'editprotected' for backwards compatibility */ public const RestrictionLevels = [ 'default' => [ '', 'autoconfirmed', 'sysop' ], 'type' => 'list', ]; /** * Restriction levels that can be used with cascading protection * * A page can only be protected with cascading protection if the * requested restriction level is included in this array. * * 'autoconfirmed' is quietly rewritten to 'editsemiprotected' for backwards compatibility. * 'sysop' is quietly rewritten to 'editprotected' for backwards compatibility. */ public const CascadingRestrictionLevels = [ 'default' => [ 'sysop', ], 'type' => 'list', ]; /** * Restriction levels that should be considered "semiprotected" * * Certain places in the interface recognize a dichotomy between "protected" * and "semiprotected", without further distinguishing the specific levels. In * general, if anyone can be eligible to edit a protection level merely by * reaching some condition in $wgAutopromote, it should probably be considered * "semiprotected". * * 'autoconfirmed' is quietly rewritten to 'editsemiprotected' for backwards compatibility. * 'sysop' is not changed, since it really shouldn't be here. */ public const SemiprotectedRestrictionLevels = [ 'default' => [ 'autoconfirmed', ], 'type' => 'list', ]; /** * Set the minimum permissions required to edit pages in each * namespace. If you list more than one permission, a user must * have all of them to edit pages in that namespace. * * @note NS_MEDIAWIKI is implicitly restricted to 'editinterface'. */ public const NamespaceProtection = [ 'default' => [], 'type' => 'map', ]; /** * Pages in namespaces in this array can not be used as templates. * * Elements MUST be numeric namespace ids, you can safely use the MediaWiki * namespaces constants (NS_USER, NS_MAIN...). * * Among other things, this may be useful to enforce read-restrictions * which may otherwise be bypassed by using the template mechanism. */ public const NonincludableNamespaces = [ 'default' => [], 'type' => 'map', ]; /** * Number of seconds an account is required to age before it's given the * implicit 'autoconfirm' group membership. This can be used to limit * privileges of new accounts. * * Accounts created by earlier versions of the software may not have a * recorded creation date, and will always be considered to pass the age test. * * When left at 0, all registered accounts will pass. * * **Example:** * Set automatic confirmation to 10 minutes (which is 600 seconds): * * ``` * $wgAutoConfirmAge = 600; // ten minutes * ``` * * Set age to one day: * * ``` * $wgAutoConfirmAge = 3600*24; // one day * ``` */ public const AutoConfirmAge = [ 'default' => 0, ]; /** * Number of edits an account requires before it is autoconfirmed. * * Passing both this AND the time requirement is needed. Example: * * **Example:** * * ``` * $wgAutoConfirmCount = 50; * ``` */ public const AutoConfirmCount = [ 'default' => 0, ]; /** * Array containing the conditions of automatic promotion of a user to specific groups. * * The basic syntax for `$wgAutopromote` is: * * $wgAutopromote = [ * 'groupname' => cond, * 'group2' => cond2, * ]; * * A `cond` may be: * - a single condition without arguments: * Note that Autopromote wraps a single non-array value into an array * e.g. `APCOND_EMAILCONFIRMED` OR * [ `APCOND_EMAILCONFIRMED` ] * - a single condition with arguments: * e.g. `[ APCOND_EDITCOUNT, 100 ]` * - a set of conditions: * e.g. `[ 'operand', cond1, cond2, ... ]` * * When constructing a set of conditions, the following conditions are available: * - `&` (**AND**): * promote if user matches **ALL** conditions * - `|` (**OR**): * promote if user matches **ANY** condition * - `^` (**XOR**): * promote if user matches **ONLY ONE OF THE CONDITIONS** * - `!` (**NOT**): * promote if user matces **NO** condition * - [ APCOND_EMAILCONFIRMED ]: * true if user has a confirmed e-mail * - [ APCOND_EDITCOUNT, number of edits (if null or missing $wgAutoConfirmCount will be used)]: * true if user has the at least the number of edits as the passed parameter * - [ APCOND_AGE, seconds since registration (if null or missing $wgAutoConfirmAge will be used)]: * true if the length of time since the user created his/her account * is at least the same length of time as the passed parameter * - [ APCOND_AGE_FROM_EDIT, seconds since first edit ]: * true if the length of time since the user made his/her first edit * is at least the same length of time as the passed parameter * - [ APCOND_INGROUPS, group1, group2, ... ]: * true if the user is a member of each of the passed groups * - [ APCOND_ISIP, ip ]: * true if the user has the passed IP address * - [ APCOND_IPINRANGE, range ]: * true if the user has an IP address in the range of the passed parameter * - [ APCOND_BLOCKED ]: * true if the user is sitewide blocked * - [ APCOND_ISBOT ]: * true if the user is a bot * - similar constructs can be defined by extensions * * The sets of conditions are evaluated recursively, so you can use nested sets of conditions * linked by operands. * * Note that if $wgEmailAuthentication is disabled, APCOND_EMAILCONFIRMED will be true for any * user who has provided an e-mail address. */ public const Autopromote = [ 'default' => [ 'autoconfirmed' => [ '&', [ APCOND_EDITCOUNT, null ], // NOTE: null means $wgAutoConfirmCount [ APCOND_AGE, null ], // NOTE: null means AutoConfirmAge ], ], 'type' => 'map', ]; /** * Automatically add a usergroup to any user who matches certain conditions. * * Does not add the user to the group again if it has been removed. * Also, does not remove the group if the user no longer meets the criteria. * * The format is: * * ``` * [ event => criteria, ... ] * ``` * * The only recognised value for event is 'onEdit' (when the user edits). * * Criteria has the same format as $wgAutopromote * * @see self::Autopromote * @since 1.18 */ public const AutopromoteOnce = [ 'default' => [ 'onEdit' => [], ], 'type' => 'map', ]; /** * Put user rights log entries for autopromotion in recent changes? * * @since 1.18 */ public const AutopromoteOnceLogInRC = [ 'default' => true, ]; /** * $wgAddGroups and $wgRemoveGroups can be used to give finer control over who * can assign which groups at Special:Userrights. * * **Example:** * Bureaucrats can add any group: * * ``` * $wgAddGroups['bureaucrat'] = true; * ``` * * Bureaucrats can only remove bots and sysops: * * ``` * $wgRemoveGroups['bureaucrat'] = [ 'bot', 'sysop' ]; * ``` * * Sysops can make bots: * * ``` * $wgAddGroups['sysop'] = [ 'bot' ]; * ``` * * Sysops can disable other sysops in an emergency, and disable bots: * * ``` * $wgRemoveGroups['sysop'] = [ 'sysop', 'bot' ]; * ``` */ public const AddGroups = [ 'default' => [], 'type' => 'map', ]; /** * @see self::AddGroups */ public const RemoveGroups = [ 'default' => [], 'type' => 'map', ]; /** * A list of available rights, in addition to the ones defined by the core. * Rights in this list are denied unless explicitly granted, typically * using GroupPermissions. * * For extensions only. * * @see self::GroupPermissions * @see self::ImplicitRights */ public const AvailableRights = [ 'default' => [], 'type' => 'list', 'items' => [ 'type' => 'string', ], ]; /** * A list of implicit rights, in addition to the ones defined by the core. * Rights in this list are granted implicitly to all users, but rate limits * may apply to them. * * Extensions that define rate limits should add the corresponding right to * either ImplicitRights or AvailableRights, depending on whether the right * should be granted to everyone. * * @since 1.41 * @see self::RateLimits * @see self::AvailableRights */ public const ImplicitRights = [ 'default' => [], 'type' => 'list', 'items' => [ 'type' => 'string', ] ]; /** * Optional to restrict deletion of pages with higher revision counts * to users with the 'bigdelete' permission. (Default given to sysops.) */ public const DeleteRevisionsLimit = [ 'default' => 0, ]; /** * Page deletions with > this number of revisions will use the job queue. * * Revisions will be archived in batches of (at most) this size, one batch per job. */ public const DeleteRevisionsBatchSize = [ 'default' => 1000, ]; /** * The maximum number of edits a user can have and * can still be hidden by users with the hideuser permission. * * This is limited for performance reason. * Set to false to disable the limit. * * @since 1.23 */ public const HideUserContribLimit = [ 'default' => 1000, ]; /** * Number of accounts each IP address may create per specified period(s). * * **Example:** * * ``` * $wgAccountCreationThrottle = [ * // no more than 100 per month * [ * 'count' => 100, * 'seconds' => 30*86400, * ], * // no more than 10 per day * [ * 'count' => 10, * 'seconds' => 86400, * ], * ]; * ``` * * @note For backwards compatibility reasons, this may also be given as a single * integer, representing the number of account creations per day. * @see self::TempAccountCreationThrottle for the temporary accounts version of * this throttle * @warning Requires $wgMainCacheType to be enabled */ public const AccountCreationThrottle = [ 'default' => [ [ 'count' => 0, 'seconds' => 86400, ] ], 'type' => 'int|list', ]; /** * Number of temporary accounts each IP address may create per specified period(s). * * **Example:** * * ``` * $wgTempAccountCreationThrottle = [ * // no more than 100 per month * [ * 'count' => 100, * 'seconds' => 30*86400, * ], * // no more than 6 per day * [ * 'count' => 6, * 'seconds' => 86400, * ], * ]; * ``` * * @see self::AccountCreationThrottle for the regular account version of this throttle. * @warning Requires $wgMainCacheType to be enabled * * @since 1.42 */ public const TempAccountCreationThrottle = [ 'default' => [ [ 'count' => 6, 'seconds' => 86400, ] ], 'type' => 'list', ]; /** * Number of temporary accounts usernames each IP address may acquire per specified period(s). * * This should be set to a higher value than TempAccountCreationThrottle. * * On editing, we first attempt to acquire a temp username before proceeding with saving an edit * and potentially creating a temp account if the edit save is successful. * * Some edits may fail (due to core or extensions denying an edit); this throttle ensures that * there are limits to the number of temporary account names that can be acquired and stored in * the database. * * **Example:** * * ``` * $wgTempAccountNameAcquisitionThrottle = [ * // no more than 100 per month * [ * 'count' => 100, * 'seconds' => 30*86400, * ], * // no more than 60 per day * [ * 'count' => 60, * 'seconds' => 86400, * ], * ]; * ``` * * @see self::TempAccountCreationThrottle Make sure that TempAccountNameAcquisitionThrottle is greater than or * equal to TempAccountCreationThrottle * @warning Requires $wgMainCacheType to be enabled * * @since 1.42 */ public const TempAccountNameAcquisitionThrottle = [ 'default' => [ [ 'count' => 60, 'seconds' => 86400, ] ], 'type' => 'list', ]; /** * Edits matching these regular expressions in body text * will be recognised as spam and rejected automatically. * * There's no administrator override on-wiki, so be careful what you set. :) * May be an array of regexes or a single string for backwards compatibility. * * @see https://en.wikipedia.org/wiki/Regular_expression * @note Each regex needs a beginning/end delimiter, eg: # or / */ public const SpamRegex = [ 'default' => [], 'type' => 'list', ]; /** * Same as SpamRegex except for edit summaries */ public const SummarySpamRegex = [ 'default' => [], 'type' => 'list', ]; /** * Whether to use DNS blacklists in $wgDnsBlacklistUrls to check for open * proxies * * @since 1.16 */ public const EnableDnsBlacklist = [ 'default' => false, ]; /** * List of DNS blacklists to use, if $wgEnableDnsBlacklist is true. * * This is an array of either a URL or an array with the URL and a key (should * the blacklist require a key). * * **Example:** * * ``` * $wgDnsBlacklistUrls = [ * // String containing URL * 'http.dnsbl.sorbs.net.', * // Array with URL and key, for services that require a key * [ 'dnsbl.httpbl.net.', 'mykey' ], * // Array with just the URL. While this works, it is recommended that you * // just use a string as shown above * [ 'opm.tornevall.org.' ] * ]; * ``` * * @note You should end the domain name with a . to avoid searching your * eventual domain search suffixes. * @since 1.16 */ public const DnsBlacklistUrls = [ 'default' => [], 'type' => 'list', ]; /** * List of banned IP addresses. * * This can have the following formats: * - An array of addresses * - A string, in which case this is the path to a file * containing the list of IP addresses, one per line */ public const ProxyList = [ 'default' => [], 'type' => 'string|list', ]; /** * Proxy whitelist, list of addresses that are assumed to be non-proxy despite * what the other methods might say. */ public const ProxyWhitelist = [ 'default' => [], 'type' => 'list', ]; /** * IP ranges that should be considered soft-blocked (anon-only, account * creation allowed). The intent is to use this to prevent anonymous edits from * shared resources such as Wikimedia Labs. * * @since 1.29 */ public const SoftBlockRanges = [ 'default' => [], 'type' => 'list', 'items' => [ 'type' => 'string', ], ]; /** * Whether to look at the X-Forwarded-For header's list of (potentially spoofed) * IPs and apply IP blocks to them. This allows for IP blocks to work with correctly-configured * (transparent) proxies without needing to block the proxies themselves. */ public const ApplyIpBlocksToXff = [ 'default' => false, ]; /** * Simple rate limiter options to brake edit floods. * * Maximum number actions allowed in the given number of seconds; after that * the violating client receives HTTP 500 error pages until the period * elapses. * * **Example:** * Limits per configured per action and then type of users. * * ``` * $wgRateLimits = [ * 'edit' => [ * 'anon' => [ x, y ], // any and all anonymous edits (aggregate) * 'user' => [ x, y ], // each logged-in user * 'user-global' => [ x, y ], // per username, across all sites (assumes names are * global) * 'newbie' => [ x, y ], // each new autoconfirmed accounts; overrides 'user' * 'ip' => [ x, y ], // each anon and recent account, across all sites * 'subnet' => [ x, y ], // ... within a /24 subnet in IPv4 or /64 in IPv6 * 'ip-all' => [ x, y ], // per ip, across all sites * 'subnet-all' => [ x, y ], // ... within a /24 subnet in IPv4 or /64 in IPv6 * 'groupName' => [ x, y ], // by group membership * ] * ]; * ``` * * **Normally, the 'noratelimit' right allows a user to bypass any rate** * limit checks. This can be disabled on a per-action basis by setting the * special '&can-bypass' key to false in that action's configuration. * * ``` * $wgRateLimits = [ * 'some-action' => [ * '&can-bypass' => false, * 'user' => [ x, y ], * ]; * ``` * * @see self::ImplicitRights * @warning Requires that $wgMainCacheType is set to something persistent */ public const RateLimits = [ 'default' => [ // Page edits 'edit' => [ 'ip' => [ 8, 60 ], 'newbie' => [ 8, 60 ], 'user' => [ 90, 60 ], ], // Page moves 'move' => [ 'newbie' => [ 2, 120 ], 'user' => [ 8, 60 ], ], // File uploads 'upload' => [ 'ip' => [ 8, 60 ], 'newbie' => [ 8, 60 ], ], // Page rollbacks 'rollback' => [ 'user' => [ 10, 60 ], 'newbie' => [ 5, 120 ] ], // Triggering password resets emails 'mailpassword' => [ 'ip' => [ 5, 3600 ], ], // Emailing other users using MediaWiki 'sendemail' => [ 'ip' => [ 5, 86400 ], 'newbie' => [ 5, 86400 ], 'user' => [ 20, 86400 ], ], 'changeemail' => [ 'ip-all' => [ 10, 3600 ], 'user' => [ 4, 86400 ] ], // since 1.33 - rate limit email confirmations 'confirmemail' => [ 'ip-all' => [ 10, 3600 ], 'user' => [ 4, 86400 ] ], // Purging pages 'purge' => [ 'ip' => [ 30, 60 ], 'user' => [ 30, 60 ], ], // Purges of link tables 'linkpurge' => [ 'ip' => [ 30, 60 ], 'user' => [ 30, 60 ], ], // Files rendered via thumb.php or thumb_handler.php 'renderfile' => [ 'ip' => [ 700, 30 ], 'user' => [ 700, 30 ], ], // Same as above but for non-standard thumbnails 'renderfile-nonstandard' => [ 'ip' => [ 70, 30 ], 'user' => [ 70, 30 ], ], // Stashing edits into cache before save 'stashedit' => [ 'ip' => [ 30, 60 ], 'newbie' => [ 30, 60 ], ], // Stash base HTML for VE edits 'stashbasehtml' => [ 'ip' => [ 5, 60 ], 'newbie' => [ 5, 60 ], ], // Adding or removing change tags 'changetags' => [ 'ip' => [ 8, 60 ], 'newbie' => [ 8, 60 ], ], // Changing the content model of a page 'editcontentmodel' => [ 'newbie' => [ 2, 120 ], 'user' => [ 8, 60 ], ], ], 'type' => 'map', 'mergeStrategy' => 'array_plus_2d', ]; /** * Array of IPs / CIDR ranges which should be excluded from rate limits. * * This may be useful for allowing NAT gateways for conferences, etc. */ public const RateLimitsExcludedIPs = [ 'default' => [], 'type' => 'list', ]; /** * Log IP addresses in the recentchanges table; can be accessed only by * extensions (e.g. CheckUser) or a DB admin * Used for retroactive autoblocks */ public const PutIPinRC = [ 'default' => true, ]; /** * Integer defining default number of entries to show on * special pages which are query-pages such as Special:Whatlinkshere. */ public const QueryPageDefaultLimit = [ 'default' => 50, ]; /** * Limit password attempts to X attempts per Y seconds per IP per account. * * Value is an array of arrays. Each sub-array must have a key for count * (ie count of how many attempts before throttle) and a key for seconds. * If the key 'allIPs' (case sensitive) is present, then the limit is * just per account instead of per IP per account. * * @since 1.27 allIps support and multiple limits added in 1.27. Prior * to 1.27 this only supported having a single throttle. * @warning Requires $wgMainCacheType to be enabled */ public const PasswordAttemptThrottle = [ 'default' => [ // Short term limit [ 'count' => 5, 'seconds' => 300 ], // Long term limit. We need to balance the risk // of somebody using this as a DoS attack to lock someone // out of their account, and someone doing a brute force attack. [ 'count' => 150, 'seconds' => 60 * 60 * 48 ], ], 'type' => 'list', ]; /** * Users authorize consumers (like Apps) to act on their behalf but only with * a subset of the user's normal account rights (signed off on by the user). * The possible rights to grant to a consumer are bundled into groups called * "grants". Each grant defines some rights it lets consumers inherit from the * account they may act on behalf of. Note that a user granting a right does * nothing if that user does not actually have that right to begin with. * * @since 1.27 */ public const GrantPermissions = [ 'default' => [ 'basic' => [ 'autocreateaccount' => true, 'autoconfirmed' => true, 'autopatrol' => true, 'editsemiprotected' => true, 'ipblock-exempt' => true, 'nominornewtalk' => true, 'patrolmarks' => true, 'read' => true, 'unwatchedpages' => true, ], 'highvolume' => [ 'bot' => true, 'apihighlimits' => true, 'noratelimit' => true, 'markbotedits' => true, ], 'import' => [ 'import' => true, 'importupload' => true, ], 'editpage' => [ 'edit' => true, 'minoredit' => true, 'applychangetags' => true, 'changetags' => true, 'editcontentmodel' => true, 'pagelang' => true, ], 'editprotected' => [ 'edit' => true, 'minoredit' => true, 'applychangetags' => true, 'changetags' => true, 'editcontentmodel' => true, 'editprotected' => true, ], 'editmycssjs' => [ 'edit' => true, 'minoredit' => true, 'applychangetags' => true, 'changetags' => true, 'editcontentmodel' => true, 'editmyusercss' => true, 'editmyuserjson' => true, 'editmyuserjs' => true, ], 'editmyoptions' => [ 'editmyoptions' => true, 'editmyuserjson' => true, ], 'editinterface' => [ 'edit' => true, 'minoredit' => true, 'applychangetags' => true, 'changetags' => true, 'editcontentmodel' => true, 'editinterface' => true, 'edituserjson' => true, 'editsitejson' => true, ], 'editsiteconfig' => [ 'edit' => true, 'minoredit' => true, 'applychangetags' => true, 'changetags' => true, 'editcontentmodel' => true, 'editinterface' => true, 'edituserjson' => true, 'editsitejson' => true, 'editusercss' => true, 'edituserjs' => true, 'editsitecss' => true, 'editsitejs' => true, ], 'createeditmovepage' => [ 'edit' => true, 'minoredit' => true, 'applychangetags' => true, 'changetags' => true, 'editcontentmodel' => true, 'createpage' => true, 'createtalk' => true, 'delete-redirect' => true, 'move' => true, 'move-rootuserpages' => true, 'move-subpages' => true, 'move-categorypages' => true, 'suppressredirect' => true, ], 'uploadfile' => [ 'upload' => true, 'reupload-own' => true, ], 'uploadeditmovefile' => [ 'upload' => true, 'reupload-own' => true, 'reupload' => true, 'reupload-shared' => true, 'upload_by_url' => true, 'movefile' => true, 'suppressredirect' => true, ], 'patrol' => [ 'patrol' => true, ], 'rollback' => [ 'rollback' => true, ], 'blockusers' => [ 'block' => true, 'blockemail' => true, ], 'viewdeleted' => [ 'browsearchive' => true, 'deletedhistory' => true, 'deletedtext' => true, ], 'viewrestrictedlogs' => [ 'suppressionlog' => true, ], 'delete' => [ 'edit' => true, 'minoredit' => true, 'applychangetags' => true, 'changetags' => true, 'editcontentmodel' => true, 'browsearchive' => true, 'deletedhistory' => true, 'deletedtext' => true, 'delete' => true, 'bigdelete' => true, 'deletelogentry' => true, 'deleterevision' => true, 'undelete' => true, ], 'oversight' => [ 'suppressrevision' => true, 'viewsuppressed' => true, ], 'protect' => [ 'edit' => true, 'minoredit' => true, 'applychangetags' => true, 'changetags' => true, 'editcontentmodel' => true, 'editprotected' => true, 'protect' => true, ], 'viewmywatchlist' => [ 'viewmywatchlist' => true, ], 'editmywatchlist' => [ 'editmywatchlist' => true, ], 'sendemail' => [ 'sendemail' => true, ], 'createaccount' => [ 'createaccount' => true, ], 'privateinfo' => [ 'viewmyprivateinfo' => true, ], 'mergehistory' => [ 'mergehistory' => true, ], ], 'type' => 'map', 'mergeStrategy' => 'array_plus_2d', 'additionalProperties' => [ 'type' => 'map', 'additionalProperties' => [ 'type' => 'boolean', ], ], ]; /** * Grant groups are used on some user interfaces to display conceptually * similar grants together. * * This configuration value should usually be set by extensions, not * site administrators. * * @see self::GrantPermissions * @since 1.27 */ public const GrantPermissionGroups = [ 'default' => [ // Hidden grants are implicitly present 'basic' => 'hidden', 'editpage' => 'page-interaction', 'createeditmovepage' => 'page-interaction', 'editprotected' => 'page-interaction', 'patrol' => 'page-interaction', 'uploadfile' => 'file-interaction', 'uploadeditmovefile' => 'file-interaction', 'sendemail' => 'email', 'viewmywatchlist' => 'watchlist-interaction', 'editviewmywatchlist' => 'watchlist-interaction', 'editmycssjs' => 'customization', 'editmyoptions' => 'customization', 'editinterface' => 'administration', 'editsiteconfig' => 'administration', 'rollback' => 'administration', 'blockusers' => 'administration', 'delete' => 'administration', 'viewdeleted' => 'administration', 'viewrestrictedlogs' => 'administration', 'protect' => 'administration', 'oversight' => 'administration', 'createaccount' => 'administration', 'mergehistory' => 'administration', 'import' => 'administration', 'highvolume' => 'high-volume', 'privateinfo' => 'private-information', ], 'type' => 'map', 'additionalProperties' => [ 'type' => 'string', ], ]; /** * Group grants by risk level. Keys are grant names (i.e. keys from GrantPermissions), * values are GrantsInfo::RISK_* constants. * * Note that this classification is only informative; merely applying 'security' or 'internal' * to a grant won't prevent it from being available. It's used to give guidance to users * in various interfaces about the riskiness of the various grants. * * @since 1.42 */ public const GrantRiskGroups = [ 'default' => [ 'basic' => GrantsInfo::RISK_LOW, 'editpage' => GrantsInfo::RISK_LOW, 'createeditmovepage' => GrantsInfo::RISK_LOW, 'editprotected' => GrantsInfo::RISK_VANDALISM, 'patrol' => GrantsInfo::RISK_LOW, 'uploadfile' => GrantsInfo::RISK_LOW, 'uploadeditmovefile' => GrantsInfo::RISK_LOW, 'sendemail' => GrantsInfo::RISK_SECURITY, 'viewmywatchlist' => GrantsInfo::RISK_LOW, 'editviewmywatchlist' => GrantsInfo::RISK_LOW, 'editmycssjs' => GrantsInfo::RISK_SECURITY, 'editmyoptions' => GrantsInfo::RISK_SECURITY, 'editinterface' => GrantsInfo::RISK_VANDALISM, 'editsiteconfig' => GrantsInfo::RISK_SECURITY, 'rollback' => GrantsInfo::RISK_LOW, 'blockusers' => GrantsInfo::RISK_VANDALISM, 'delete' => GrantsInfo::RISK_VANDALISM, 'viewdeleted' => GrantsInfo::RISK_VANDALISM, 'viewrestrictedlogs' => GrantsInfo::RISK_SECURITY, 'protect' => GrantsInfo::RISK_VANDALISM, 'oversight' => GrantsInfo::RISK_SECURITY, 'createaccount' => GrantsInfo::RISK_LOW, 'mergehistory' => GrantsInfo::RISK_VANDALISM, 'import' => GrantsInfo::RISK_SECURITY, 'highvolume' => GrantsInfo::RISK_LOW, 'privateinfo' => GrantsInfo::RISK_LOW, ], 'type' => 'map', ]; /** * @since 1.27 */ public const EnableBotPasswords = [ 'default' => true, 'type' => 'boolean', ]; /** * Cluster for the bot_passwords table * * @since 1.27 * @deprecated since 1.42 Use $wgVirtualDomainsMapping instead. */ public const BotPasswordsCluster = [ 'default' => false, 'type' => 'string|false', ]; /** * Database name for the bot_passwords table * * To use a database with a table prefix, set this variable to * "{$database}-{$prefix}". * * @since 1.27 * @deprecated since 1.42 Use $wgVirtualDomainsMapping instead. */ public const BotPasswordsDatabase = [ 'default' => false, 'type' => 'string|false', ]; // endregion -- end of user rights settings /***************************************************************************/ // region Security /** @name Security */ /** * This should always be customised in LocalSettings.php */ public const SecretKey = [ 'default' => false, ]; /** * Allow user Javascript page? * This enables a lot of neat customizations, but may * increase security risk to users and server load. */ public const AllowUserJs = [ 'default' => false, ]; /** * Allow user Cascading Style Sheets (CSS)? * This enables a lot of neat customizations, but may * increase security risk to users and server load. */ public const AllowUserCss = [ 'default' => false, ]; /** * Allow style-related user-preferences? * * This controls whether the `editfont` and `underline` preferences * are available to users. */ public const AllowUserCssPrefs = [ 'default' => true, ]; /** * Use the site's Javascript page? */ public const UseSiteJs = [ 'default' => true, ]; /** * Use the site's Cascading Style Sheets (CSS)? */ public const UseSiteCss = [ 'default' => true, ]; /** * Break out of framesets. This can be used to prevent clickjacking attacks, * or to prevent external sites from framing your site with ads. */ public const BreakFrames = [ 'default' => false, ]; /** * The X-Frame-Options header to send on pages sensitive to clickjacking * attacks, such as edit pages. This prevents those pages from being displayed * in a frame or iframe. The options are: * * - 'DENY': Do not allow framing. This is recommended for most wikis. * * - 'SAMEORIGIN': Allow framing by pages on the same domain. This can be used * to allow framing within a trusted domain. This is insecure if there * is a page on the same domain which allows framing of arbitrary URLs. * * - false: Allow all framing. This opens up the wiki to XSS attacks and thus * full compromise of local user accounts. Private wikis behind a * corporate firewall are especially vulnerable. This is not * recommended. * * For extra safety, set $wgBreakFrames = true, to prevent framing on all pages, * not just edit pages. */ public const EditPageFrameOptions = [ 'default' => 'DENY', ]; /** * Disallow framing of API pages directly, by setting the X-Frame-Options * header. Since the API returns CSRF tokens, allowing the results to be * framed can compromise your user's account security. * * Options are: * - 'DENY': Do not allow framing. This is recommended for most wikis. * - 'SAMEORIGIN': Allow framing by pages on the same domain. * - false: Allow all framing. * Note: $wgBreakFrames will override this for human formatted API output. */ public const ApiFrameOptions = [ 'default' => 'DENY', ]; /** * Controls Content-Security-Policy header * * @warning May cause slowness on Windows due to slow random number generator. * * @unstable EXPERIMENTAL * @since 1.32 * @see https://www.w3.org/TR/CSP2/ */ public const CSPHeader = [ 'default' => false, 'type' => 'false|object', ]; /** * Controls Content-Security-Policy-Report-Only header * * @since 1.32 */ public const CSPReportOnlyHeader = [ 'default' => false, 'type' => 'false|object', ]; /** * List of urls which appear often to be triggering CSP reports * but do not appear to be caused by actual content, but by client * software inserting scripts (i.e. Ad-Ware). * * List based on results from Wikimedia logs. * * @since 1.28 */ public const CSPFalsePositiveUrls = [ 'default' => [ 'https://3hub.co' => true, 'https://morepro.info' => true, 'https://p.ato.mx' => true, 'https://s.ato.mx' => true, 'https://adserver.adtech.de' => true, 'https://ums.adtechus.com' => true, 'https://cas.criteo.com' => true, 'https://cat.nl.eu.criteo.com' => true, 'https://atpixel.alephd.com' => true, 'https://rtb.metrigo.com' => true, 'https://d5p.de17a.com' => true, 'https://ad.lkqd.net/vpaid/vpaid.js' => true, 'https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0' => true, 'https://t.lkqd.net/t' => true, 'chrome-extension' => true, ], 'type' => 'map', ]; /** * Allow anonymous cross origin requests to the REST API. * * This should be disabled for intranet sites (sites behind a firewall). * * @since 1.36 */ public const AllowCrossOrigin = [ 'default' => false, 'type' => 'boolean', ]; /** * Allows authenticated cross-origin requests to the REST API with session cookies. * * With this option enabled, any origin specified in $wgCrossSiteAJAXdomains may send session * cookies for authorization in the REST API. * * There is a performance impact by enabling this option. Therefore, it should be left disabled * for most wikis and clients should instead use OAuth to make cross-origin authenticated * requests. * * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials * @since 1.36 */ public const RestAllowCrossOriginCookieAuth = [ 'default' => false, 'type' => 'boolean', ]; /** * Secret for session storage. * * This should be set in LocalSettings.php, otherwise $wgSecretKey will * be used. * * @since 1.27 */ public const SessionSecret = [ 'default' => false, ]; // endregion -- end of security /***************************************************************************/ // region Cookie settings /** @name Cookie settings */ /** * Default cookie lifetime, in seconds. Setting to 0 makes all cookies session-only. */ public const CookieExpiration = [ 'default' => 30 * 86400, ]; /** * Default login cookie lifetime, in seconds. Setting * $wgExtendLoginCookieExpiration to null will use $wgCookieExpiration to * calculate the cookie lifetime. As with $wgCookieExpiration, 0 will make * login cookies session-only. */ public const ExtendedLoginCookieExpiration = [ 'default' => 180 * 86400, ]; /** * Set to set an explicit domain on the login cookies eg, "justthis.domain.org" * or ".any.subdomain.net" */ public const CookieDomain = [ 'default' => '', ]; /** * Set this variable if you want to restrict cookies to a certain path within * the domain specified by $wgCookieDomain. */ public const CookiePath = [ 'default' => '/', ]; /** * Whether the "secure" flag should be set on the cookie. This can be: * - true: Set secure flag * - false: Don't set secure flag * - "detect": Set the secure flag if $wgServer is set to an HTTPS URL, * or if $wgForceHTTPS is true. * * If $wgForceHTTPS is true, session cookies will be secure regardless of this * setting. However, other cookies will still be affected. */ public const CookieSecure = [ 'default' => 'detect', 'dynamicDefault' => [ 'use' => [ 'ForceHTTPS' ] ] ]; public static function getDefaultCookieSecure( $forceHTTPS ): bool { return $forceHTTPS || ( WebRequest::detectProtocol() === 'https' ); } /** * Cookies generated by MediaWiki have names starting with this prefix. Set it * to a string to use a custom prefix. Setting it to false causes the database * name to be used as a prefix. */ public const CookiePrefix = [ 'default' => false, 'dynamicDefault' => [ 'use' => [ 'SharedDB', 'SharedPrefix', 'SharedTables', 'DBname', 'DBprefix' ] ], ]; public static function getDefaultCookiePrefix( $sharedDB, $sharedPrefix, $sharedTables, $dbName, $dbPrefix ): string { if ( $sharedDB && in_array( 'user', $sharedTables ) ) { return $sharedDB . ( $sharedPrefix ? "_$sharedPrefix" : '' ); } return $dbName . ( $dbPrefix ? "_$dbPrefix" : '' ); } /** * Set authentication cookies to HttpOnly to prevent access by JavaScript, * in browsers that support this feature. This can mitigates some classes of * XSS attack. */ public const CookieHttpOnly = [ 'default' => true, ]; /** * The SameSite cookie attribute used for login cookies. This can be "Lax", * "Strict", "None" or empty/null to omit the attribute. * * This only applies to login cookies, since the correct value for other * cookies depends on what kind of cookie it is. * * @since 1.35 */ public const CookieSameSite = [ 'default' => null, 'type' => '?string', ]; /** * A list of cookies that vary the cache (for use by extensions) */ public const CacheVaryCookies = [ 'default' => [], 'type' => 'list', ]; /** * Override to customise the session name */ public const SessionName = [ 'default' => false, ]; /** * Whether to set a cookie when a user is autoblocked. Doing so means that a blocked user, even * after logging out and moving to a new IP address, will still be blocked. This cookie will * contain an authentication code if $wgSecretKey is set, or otherwise will just be the block * ID (in which case there is a possibility of an attacker discovering the names of revdeleted * users, so it is best to use this in conjunction with $wgSecretKey being set). */ public const CookieSetOnAutoblock = [ 'default' => true, ]; /** * Whether to set a cookie when a logged-out user is blocked. Doing so means that a blocked * user, even after moving to a new IP address, will still be blocked. This cookie will contain * an authentication code if $wgSecretKey is set, or otherwise will just be the block ID (in * which case there is a possibility of an attacker discovering the names of revdeleted users, * so it is best to use this in conjunction with $wgSecretKey being set). */ public const CookieSetOnIpBlock = [ 'default' => true, ]; // endregion -- end of cookie settings /***************************************************************************/ // region Profiling, testing and debugging /** @name Profiling, testing and debugging */ // See $wgProfiler for how to enable profiling. /** * Enable verbose debug logging for all channels and log levels. * * See https://www.mediawiki.org/wiki/How_to_debug * * For static requests, this enables all channels and warning-level and * above only. Use $wgDebugRawPage to make those verbose as well. * * The debug log file should be not be web-accessible if it is used in * a production environment, as may contain private data. */ public const DebugLogFile = [ 'default' => '', ]; /** * Prefix for debug log lines */ public const DebugLogPrefix = [ 'default' => '', ]; /** * If true, instead of redirecting, show a page with a link to the redirect * destination. This allows for the inspection of PHP error messages, and easy * resubmission of form data. For developer use only. */ public const DebugRedirects = [ 'default' => false, ]; /** * If true, debug logging is also enabled for load.php and action=raw requests. * * By default, $wgDebugLogFile enables all channels and warning-level and * above for static requests. * * This ensures that the debug log is likely a chronological record of * of specific web request you are debugging, instead of overlapping with * messages from static requests, which would make it unclear which message * originated from what request. * * Also, during development this can make browsing and JavaScript testing * considerably slower (T85805). */ public const DebugRawPage = [ 'default' => false, ]; /** * Send debug data to an HTML comment in the output. * * This may occasionally be useful when supporting a non-technical end-user. * It's more secure than exposing the debug log file to the web, since the * output only contains private data for the current user. But it's not ideal * for development use since data is lost on fatal errors and redirects. */ public const DebugComments = [ 'default' => false, ]; /** * Write SQL queries to the debug log. * * This setting is only used $wgLBFactoryConf['class'] is set to * '\Wikimedia\Rdbms\LBFactorySimple'; otherwise the DBO_DEBUG flag must be set in * the 'flags' option of the database connection to achieve the same functionality. */ public const DebugDumpSql = [ 'default' => false, ]; /** * Performance expectations for DB usage * * @since 1.26 */ public const TrxProfilerLimits = [ 'default' => [ // HTTP GET/HEAD requests. // Primary queries should not happen on GET requests 'GET' => [ 'masterConns' => 0, 'writes' => 0, 'readQueryTime' => 5, 'readQueryRows' => 10000 ], // HTTP POST requests. // Primary reads and writes will happen for a subset of these. 'POST' => [ 'readQueryTime' => 5, 'writeQueryTime' => 1, 'readQueryRows' => 100_000, 'maxAffected' => 1000 ], 'POST-nonwrite' => [ 'writes' => 0, 'readQueryTime' => 5, 'readQueryRows' => 10000 ], // Deferred updates that run after HTTP response is sent for GET requests 'PostSend-GET' => [ 'readQueryTime' => 5, 'writeQueryTime' => 1, 'readQueryRows' => 10000, 'maxAffected' => 1000, // Log primary queries under the post-send entry point as they are discouraged 'masterConns' => 0, 'writes' => 0, ], // Deferred updates that run after HTTP response is sent for POST requests 'PostSend-POST' => [ 'readQueryTime' => 5, 'writeQueryTime' => 1, 'readQueryRows' => 100_000, 'maxAffected' => 1000 ], // Background job runner 'JobRunner' => [ 'readQueryTime' => 30, 'writeQueryTime' => 5, 'readQueryRows' => 100_000, 'maxAffected' => 500 // ballpark of $wgUpdateRowsPerQuery ], // Command-line scripts 'Maintenance' => [ 'writeQueryTime' => 5, 'maxAffected' => 1000 ] ], 'type' => 'map', ]; /** * Map of string log group names to log destinations. * * If set, wfDebugLog() output for that group will go to that file instead * of the regular $wgDebugLogFile. Useful for enabling selective logging * in production. * * Log destinations may be one of the following: * - false to completely remove from the output, including from $wgDebugLogFile. * - string values specifying a filename or URI. * - associative array with keys: * - 'destination' desired filename or URI. * - 'sample' an integer value, specifying a sampling factor (optional) * - 'level' A \Psr\Log\LogLevel constant, indicating the minimum level * to log (optional, since 1.25) * * **Example:** * * ``` * $wgDebugLogGroups['redis'] = '/var/log/mediawiki/redis.log'; * ``` * * **Advanced example:** * * ``` * $wgDebugLogGroups['memcached'] = [ * 'destination' => '/var/log/mediawiki/memcached.log', * 'sample' => 1000, // log 1 message out of every 1,000. * 'level' => \Psr\Log\LogLevel::WARNING * ]; * ``` */ public const DebugLogGroups = [ 'default' => [], 'type' => 'map', ]; /** * Default service provider for creating Psr\Log\LoggerInterface instances. * * The value should be an array suitable for use with * ObjectFactory::getObjectFromSpec(). The created object is expected to * implement the MediaWiki\Logger\Spi interface. See ObjectFactory for additional * details. * * Alternately the MediaWiki\Logger\LoggerFactory::registerProvider method can * be called to inject an MediaWiki\Logger\Spi instance into the LoggerFactory * and bypass the use of this configuration variable entirely. * * **To completely disable logging:** * * ``` * $wgMWLoggerDefaultSpi = [ 'class' => \MediaWiki\Logger\NullSpi::class ]; * ``` * * @since 1.25 * @see \MwLogger */ public const MWLoggerDefaultSpi = [ 'default' => [ 'class' => 'MediaWiki\\Logger\\LegacySpi', ], 'mergeStrategy' => 'replace', 'type' => 'map', ]; /** * Display debug data at the bottom of the main content area. * * Useful for developers and technical users trying to working on a closed wiki. */ public const ShowDebug = [ 'default' => false, ]; /** * Show the contents of $wgHooks in Special:Version */ public const SpecialVersionShowHooks = [ 'default' => false, ]; /** * Show exception message and stack trace when printing details about uncaught exceptions * in web response output. * * This may reveal private information in error messages or function parameters. * If set to false, only the exception type or class name will be exposed. */ public const ShowExceptionDetails = [ 'default' => false, ]; /** * If true, send the exception backtrace to the error log */ public const LogExceptionBacktrace = [ 'default' => true, ]; /** * If true, the MediaWiki error handler passes errors/warnings to the default error handler * after logging them. The setting is ignored when the track_errors php.ini flag is true. */ public const PropagateErrors = [ 'default' => true, ]; /** * Expose backend server host names through the API and various HTML comments */ public const ShowHostnames = [ 'default' => false, ]; /** * Override server hostname detection with a hardcoded value. * * Should be a string, default false. * * @since 1.20 */ public const OverrideHostname = [ 'default' => false, ]; /** * If set to true MediaWiki will throw notices for some possible error * conditions and for deprecated functions. */ public const DevelopmentWarnings = [ 'default' => false, ]; /** * Release limitation to wfDeprecated warnings, if set to a release number * development warnings will not be generated for deprecations added in releases * after the limit. */ public const DeprecationReleaseLimit = [ 'default' => false, ]; /** * Profiler configuration. * * To use a profiler, set $wgProfiler in LocalSettings.php. * * Options: * * - 'class' (`string`): The Profiler subclass to use. * Default: ProfilerStub. * - 'sampling' (`integer`): Only enable the profiler on one in this many requests. * For requests that are not in the sampling, * the 'class' option will be replaced with ProfilerStub. * Default: `1`. * - 'threshold' (`float`): Only process the recorded data if the total elapsed * time for a request is more than this number of seconds. * Default: `0.0`. * - 'output' (`string|string[]`): ProfilerOutput subclass or subclasess to use. * Default: `[]`. * * The options array is passed in its entirety to the specified * Profiler `class`. Check individual Profiler subclasses for additional * options that may be available. * * Profiler subclasses available in MediaWiki core: * * - ProfilerXhprof: Based on XHProf or Tideways-XHProf. * - ProfilerExcimer: Based on Excimer. * - ProfilerSectionOnly * * Profiler output classes available in MediaWiki: * * - ProfilerOutputText: outputs profiling data in the web page body as * a comment. You can make the profiling data in HTML render visibly * instead by setting the 'visible' configuration flag. * * - ProfilerOutputStats: outputs profiling data as StatsD metrics. * It expects that $wgStatsdServer is set to the host (or host:port) * of a statsd server. * * - ProfilerOutputDump: outputs dump files that are compatible * with the XHProf gui. It expects that `$wgProfiler['outputDir']` * is set as well. * * Examples: * * ``` * $wgProfiler = [ * 'class' => ProfilerXhprof::class, * 'output' => ProfilerOutputText::class, * ]; * ``` * * ``` * $wgProfiler = [ * 'class' => ProfilerXhprof::class, * 'output' => [ ProfilerOutputText::class ], * 'sampling' => 50, // one in every 50 requests * ]; * ``` * * For performance, the profiler is always disabled for CLI scripts as they * could be long running and the data would accumulate. Use the `--profiler` * parameter of maintenance scripts to override this. * * @since 1.17.0 */ public const Profiler = [ 'default' => [], 'type' => 'map', 'mergeStrategy' => 'replace', ]; /** * Destination of statsd metrics. * * A host or host:port of a statsd server. Port defaults to 8125. * * If not set, statsd metrics will not be collected. * * @see MediaWiki::emitBufferedStatsdData() * @since 1.25 */ public const StatsdServer = [ 'default' => false, ]; /** * Prefix for metric names sent to $wgStatsdServer. * * @see \MediaWiki\MediaWikiServices::getInstance()->getStatsdDataFactory * @see \Wikimedia\Stats\BufferingStatsdDataFactory * @since 1.25 */ public const StatsdMetricPrefix = [ 'default' => 'MediaWiki', ]; /** * Stats output target URI e.g. udp://127.0.0.1:8125 * * If null, metrics will not be sent. * Note: this only affects metrics instantiated by the StatsFactory service * * @since 1.38 */ public const StatsTarget = [ 'default' => null, 'type' => '?string', ]; /** * Stats output format * * If null, metrics will not be rendered nor sent. * Note: this only affects metrics instantiated by the StatsFactory service * * @see \Wikimedia\Stats\OutputFormats::SUPPORTED_FORMATS * @since 1.41 */ public const StatsFormat = [ 'default' => null, 'type' => '?string', ]; /** * Stats service name prefix * * Required. Must not be zero-length. * Defaults to: 'mediawiki' * Note: this only affects metrics instantiated by the StatsFactory service * * @since 1.41 */ public const StatsPrefix = [ 'default' => 'mediawiki', 'type' => 'string', ]; /** * Configuration for OpenTelemetry instrumentation, or `null` to disable it. * Possible keys: * - `samplingProbability`: probability in % of sampling a trace for which no sampling decision has been * taken yet. Must be between 0 and 100. * - `serviceName`: name of the service being instrumented. * - `endpoint`: URL of the OpenTelemetry collector to send trace data to. * This has to be an endpoint accepting OTLP data over HTTP (not gRPC). * * An example config to send data to a local OpenTelemetry or Jaeger collector instance: * ``` * $wgOpenTelemetryConfig = [ * 'samplingProbability' => 0.1, * 'serviceName' => 'mediawiki-local', * 'endpoint' => 'http://127.0.0.1:4318/v1/traces', * ]; * ``` * @since 1.43 */ public const OpenTelemetryConfig = [ 'default' => null, 'type' => 'map|null' ]; /** * InfoAction retrieves a list of transclusion links (both to and from). * * This number puts a limit on that query in the case of highly transcluded * templates. */ public const PageInfoTransclusionLimit = [ 'default' => 50, ]; /** * Allow running of QUnit tests via [[Special:JavaScriptTest]]. */ public const EnableJavaScriptTest = [ 'default' => false, ]; /** * Overwrite the caching key prefix with custom value. * * @since 1.19 */ public const CachePrefix = [ 'default' => false, ]; /** * Display the new debugging toolbar. This also enables profiling on database * queries and other useful output. * * Will be ignored if $wgUseFileCache or $wgUseCdn is enabled. * * @since 1.19 */ public const DebugToolbar = [ 'default' => false, ]; // endregion -- end of profiling, testing and debugging /***************************************************************************/ // region Search /** @name Search */ /** * Set this to true to disable the full text search feature. */ public const DisableTextSearch = [ 'default' => false, ]; /** * Set to true to have nicer highlighted text in search results, * by default off due to execution overhead */ public const AdvancedSearchHighlighting = [ 'default' => false, ]; /** * Regexp to match word boundaries, defaults for non-CJK languages * should be empty for CJK since the words are not separate */ public const SearchHighlightBoundaries = [ 'default' => '[\\p{Z}\\p{P}\\p{C}]', ]; /** * Templates for OpenSearch suggestions, defaults to API action=opensearch * * Sites with heavy load would typically have these point to a custom * PHP wrapper to avoid firing up mediawiki for every keystroke * * Placeholders: {searchTerms} */ public const OpenSearchTemplates = [ 'default' => [ 'application/x-suggestions+json' => false, 'application/x-suggestions+xml' => false, ], 'type' => 'map', ]; /** * This was previously a used to force empty responses from ApiOpenSearch * with the 'suggest' parameter set. * * @deprecated since 1.35 No longer used */ public const EnableOpenSearchSuggest = [ 'default' => true, 'obsolete' => 'Since 1.35, no longer used', 'description' => 'Has been emitting warnings since 1.39 (LTS). ' . 'Can be removed completely in 1.44, assuming 1.43 is an LTS release.' ]; /** * Integer defining default number of entries to show on * OpenSearch call. */ public const OpenSearchDefaultLimit = [ 'default' => 10, ]; /** * Minimum length of extract in . Actual extracts will last until the end of * sentence. */ public const OpenSearchDescriptionLength = [ 'default' => 100, ]; /** * Expiry time for search suggestion responses */ public const SearchSuggestCacheExpiry = [ 'default' => 1200, ]; /** * If you've disabled search semi-permanently, this also disables updates to the * table. If you ever re-enable, be sure to rebuild the search table. */ public const DisableSearchUpdate = [ 'default' => false, ]; /** * List of namespaces which are searched by default. * * **Example:** * * ``` * $wgNamespacesToBeSearchedDefault[NS_MAIN] = true; * $wgNamespacesToBeSearchedDefault[NS_PROJECT] = true; * ``` */ public const NamespacesToBeSearchedDefault = [ 'default' => [ NS_MAIN => true, ], 'type' => 'map', ]; /** * Disable the internal MySQL-based search, to allow it to be * implemented by an extension instead. */ public const DisableInternalSearch = [ 'default' => false, ]; /** * Set this to a URL to forward search requests to some external location. * * If the URL includes '$1', this will be replaced with the URL-encoded * search term. Before using this, $wgDisableTextSearch must be set to true. * * **Example:** * To forward to Google you'd have something like: * * ``` * $wgSearchForwardUrl = * 'https://www.google.com/search?q=$1' . * '&domains=https://example.com' . * '&sitesearch=https://example.com' . * '&ie=utf-8&oe=utf-8'; * ``` */ public const SearchForwardUrl = [ 'default' => null, ]; /** * Array of namespaces to generate a Google sitemap for when the * maintenance/generateSitemap.php script is run, or false if one is to be * generated for all namespaces. */ public const SitemapNamespaces = [ 'default' => false, 'type' => 'false|list', ]; /** * Custom namespace priorities for sitemaps. Setting this will allow you to * set custom priorities to namespaces when sitemaps are generated using the * maintenance/generateSitemap.php script. * * This should be a map of namespace IDs to priority * * **Example:** * * ``` * $wgSitemapNamespacesPriorities = [ * NS_USER => '0.9', * NS_HELP => '0.0', * ]; * ``` */ public const SitemapNamespacesPriorities = [ 'default' => false, 'type' => 'false|map', ]; /** * If true, searches for IP addresses will be redirected to that IP's * contributions page. E.g. searching for "1.2.3.4" will redirect to * [[Special:Contributions/1.2.3.4]] */ public const EnableSearchContributorsByIP = [ 'default' => true, ]; /** * Options for Special:Search completion widget form created by SearchFormWidget class. * * Settings that can be used: * - showDescriptions: true/false - whether to show opensearch description results * - performSearchOnClick: true/false - whether to perform search on click * See also TitleWidget.js UI widget. * * @since 1.34 */ public const SpecialSearchFormOptions = [ 'default' => [], 'type' => 'map', ]; /** * Set true to allow logged-in users to set a preference whether or not matches in * search results should force redirection to that page. If false, the preference is * not exposed and cannot be altered from site default. To change your site's default * preference, set via $wgDefaultUserOptions['search-match-redirect']. * * @since 1.35 */ public const SearchMatchRedirectPreference = [ 'default' => false, 'type' => 'boolean', ]; /** * Controls whether zero-result search queries with suggestions should display results for * these suggestions. * * @since 1.26 */ public const SearchRunSuggestedQuery = [ 'default' => true, 'type' => 'boolean', ]; // endregion -- end of search settings /***************************************************************************/ // region Edit user interface /** @name Edit user interface */ /** * Path to the GNU diff3 utility. If the file doesn't exist, edit conflicts will * fall back to the old behavior (no merging). */ public const Diff3 = [ 'default' => '/usr/bin/diff3', ]; /** * Path to the GNU diff utility. */ public const Diff = [ 'default' => '/usr/bin/diff', ]; /** * Which namespaces have special treatment where they should be preview-on-open * Internally only Category: pages apply, but using this extensions (e.g. Semantic MediaWiki) * can specify namespaces of pages they have special treatment for */ public const PreviewOnOpenNamespaces = [ 'default' => [ NS_CATEGORY => true ], 'type' => 'map', ]; /** * Enable the UniversalEditButton for browsers that support it * (currently only Firefox with an extension) * See http://universaleditbutton.org for more background information */ public const UniversalEditButton = [ 'default' => true, ]; /** * If user doesn't specify any edit summary when making a an edit, MediaWiki * will try to automatically create one. This feature can be disabled by set- * ting this variable false. */ public const UseAutomaticEditSummaries = [ 'default' => true, ]; // endregion -- end edit UI /***************************************************************************/ // region Maintenance /** @name Maintenance */ // See also $wgSiteNotice /** * For colorized maintenance script output, is your terminal background dark ? */ public const CommandLineDarkBg = [ 'default' => false, ]; /** * Set this to a string to put the wiki into read-only mode. The text will be * used as an explanation to users. * * This prevents most write operations via the web interface. Cache updates may * still be possible. To prevent database writes completely, use the read_only * option in MySQL. */ public const ReadOnly = [ 'default' => null, ]; /** * Set this to true to put the wiki watchlists into read-only mode. * * @since 1.31 */ public const ReadOnlyWatchedItemStore = [ 'default' => false, 'type' => 'boolean', ]; /** * If this lock file exists (size > 0), the wiki will be forced into read-only mode. * * Its contents will be shown to users as part of the read-only warning * message. * * Will default to "{$wgUploadDirectory}/lock_yBgMBwiR" in Setup.php */ public const ReadOnlyFile = [ 'default' => false, 'dynamicDefault' => [ 'use' => [ 'UploadDirectory' ] ] ]; /** * @param mixed $uploadDirectory Value of UploadDirectory * @return string */ public static function getDefaultReadOnlyFile( $uploadDirectory ): string { return "$uploadDirectory/lock_yBgMBwiR"; } /** * When you run the web-based upgrade utility, it will tell you what to set * this to in order to authorize the upgrade process. It will subsequently be * used as a password, to authorize further upgrades. * * For security, do not set this to a guessable string. Use the value supplied * by the install/upgrade process. To cause the upgrader to generate a new key, * delete the old key from LocalSettings.php. */ public const UpgradeKey = [ 'default' => false, ]; /** * Fully specified path to git binary */ public const GitBin = [ 'default' => '/usr/bin/git', ]; /** * Map GIT repository URLs to viewer URLs to provide links in Special:Version * * Key is a pattern passed to preg_match() and preg_replace(), * without the delimiters (which are #) and must match the whole URL. * The value is the replacement for the key (it can contain $1, etc.) * %h will be replaced by the short SHA-1 (7 first chars) and %H by the * full SHA-1 of the HEAD revision. * %r will be replaced with a URL-encoded version of $1. * %R will be replaced with $1 and no URL-encoding * * @since 1.20 */ public const GitRepositoryViewers = [ 'default' => [ 'https://(?:[a-z0-9_]+@)?gerrit.wikimedia.org/r/(?:p/)?(.*)' => 'https://gerrit.wikimedia.org/g/%R/+/%H', 'ssh://(?:[a-z0-9_]+@)?gerrit.wikimedia.org:29418/(.*)' => 'https://gerrit.wikimedia.org/g/%R/+/%H', ], 'type' => 'map', ]; // endregion -- End of maintenance /***************************************************************************/ // region Recent changes, new pages, watchlist and history /** @name Recent changes, new pages, watchlist and history */ /** * Recentchanges items are periodically purged; entries older than this many * seconds will go. * * Default: 90 days = about three months */ public const RCMaxAge = [ 'default' => 90 * 24 * 3600, ]; /** * Page watchers inactive for more than this many seconds are considered inactive. * * Used mainly by action=info. Default: 180 days = about six months. * * @since 1.26 */ public const WatchersMaxAge = [ 'default' => 180 * 24 * 3600, ]; /** * If active watchers (per above) are this number or less, do not disclose it. * * Left to 1, prevents unprivileged users from knowing for sure that there are 0. * Set to -1 if you want to always complement watchers count with this info. * * @since 1.26 */ public const UnwatchedPageSecret = [ 'default' => 1, ]; /** * Filter $wgRCLinkDays by $wgRCMaxAge to avoid showing links for numbers * higher than what will be stored. Note that this is disabled by default * because we sometimes do have RC data which is beyond the limit for some * reason, and some users may use the high numbers to display that data which * is still there. */ public const RCFilterByAge = [ 'default' => false, ]; /** * List of Limits options to list in the Special:Recentchanges and * Special:Recentchangeslinked pages. */ public const RCLinkLimits = [ 'default' => [ 50, 100, 250, 500 ], 'type' => 'list', ]; /** * List of Days options to list in the Special:Recentchanges and * Special:Recentchangeslinked pages. * * @see \MediaWiki\SpecialPage\ChangesListSpecialPage::getLinkDays */ public const RCLinkDays = [ 'default' => [ 1, 3, 7, 14, 30 ], 'type' => 'list', ]; /** * Configuration for feeds to which notifications about recent changes will be sent. * * The following feed classes are available by default: * - 'UDPRCFeedEngine' - sends recent changes over UDP to the specified server. * - 'RedisPubSubFeedEngine' - send recent changes to Redis. * * Only 'class' or 'uri' is required. If 'uri' is set instead of 'class', then * RecentChange::getEngine() is used to determine the class. All options are * passed to the constructor. * * Common options: * - 'class' -- The class to use for this feed (must implement RCFeed). * - 'omit_bots' -- Exclude bot edits from the feed. (default: false) * - 'omit_anon' -- Exclude anonymous edits from the feed. (default: false) * - 'omit_user' -- Exclude edits by registered users from the feed. (default: false) * - 'omit_minor' -- Exclude minor edits from the feed. (default: false) * - 'omit_patrolled' -- Exclude patrolled edits from the feed. (default: false) * * FormattedRCFeed-specific options: * - 'uri' -- [required] The address to which the messages are sent. * The uri scheme of this string will be looked up in $wgRCEngines * to determine which FormattedRCFeed class to use. * - 'formatter' -- [required] The class (implementing RCFeedFormatter) which will * produce the text to send. This can also be an object of the class. * Formatters available by default: JSONRCFeedFormatter, XMLRCFeedFormatter, * IRCColourfulRCFeedFormatter. * * IRCColourfulRCFeedFormatter-specific options: * - 'add_interwiki_prefix' -- whether the titles should be prefixed with * the first entry in the $wgLocalInterwikis array * * JSONRCFeedFormatter-specific options: * - 'channel' -- if set, the 'channel' parameter is also set in JSON values. * * **Examples:** * * ``` * $wgRCFeeds['example'] = [ * 'uri' => 'udp://localhost:1336', * 'formatter' => 'JSONRCFeedFormatter', * 'add_interwiki_prefix' => false, * 'omit_bots' => true, * ]; * ``` * * ``` * $wgRCFeeds['example'] = [ * 'uri' => 'udp://localhost:1338', * 'formatter' => 'IRCColourfulRCFeedFormatter', * 'add_interwiki_prefix' => false, * 'omit_bots' => true, * ]; * ``` * * ``` * $wgRCFeeds['example'] = [ * 'class' => ExampleRCFeed::class, * ]; * ``` * * @since 1.22 */ public const RCFeeds = [ 'default' => [], 'type' => 'map', ]; /** * Used by RecentChange::getEngine to find the correct engine for a given URI scheme. * * Keys are scheme names, values are names of FormattedRCFeed sub classes. * * @since 1.22 */ public const RCEngines = [ 'default' => [ 'redis' => RedisPubSubFeedEngine::class, 'udp' => UDPRCFeedEngine::class, ], 'type' => 'map', ]; /** * Treat category membership changes as a RecentChange. * * Changes are mentioned in RC for page actions as follows: * - creation: pages created with categories are mentioned * - edit: category additions/removals to existing pages are mentioned * - move: nothing is mentioned (unless templates used depend on the title) * - deletion: nothing is mentioned * - undeletion: nothing is mentioned * * @since 1.27 */ public const RCWatchCategoryMembership = [ 'default' => false, ]; /** * Use RC Patrolling to check for vandalism (from recent changes and watchlists) * New pages and new files are included. * * @note If you disable all patrolling features, you probably also want to * remove 'patrol' from $wgFilterLogTypes so a show/hide link isn't shown on * Special:Log. */ public const UseRCPatrol = [ 'default' => true, ]; /** * Polling rate, in seconds, used by the 'live update' and 'view newest' features * of the RCFilters app on SpecialRecentChanges and Special:Watchlist. * * 0 to disable completely. */ public const StructuredChangeFiltersLiveUpdatePollingRate = [ 'default' => 3, ]; /** * Use new page patrolling to check new pages on Special:Newpages * * @note If you disable all patrolling features, you probably also want to * remove 'patrol' from $wgFilterLogTypes so a show/hide link isn't shown on * Special:Log. */ public const UseNPPatrol = [ 'default' => true, ]; /** * Use file patrolling to check new files on Special:Newfiles * * @note If you disable all patrolling features, you probably also want to * remove 'patrol' from $wgFilterLogTypes so a show/hide link isn't shown on * Special:Log. * @since 1.27 */ public const UseFilePatrol = [ 'default' => true, ]; /** * Provide syndication feeds (RSS, Atom) for, e.g., Recentchanges, Newpages */ public const Feed = [ 'default' => true, ]; /** * Set maximum number of results to return in syndication feeds (RSS, Atom) for * eg Recentchanges, Newpages. */ public const FeedLimit = [ 'default' => 50, ]; /** * _Minimum_ timeout for cached Recentchanges feed, in seconds. * * A cached version will continue to be served out even if changes * are made, until this many seconds runs out since the last render. * * If set to 0, feed caching is disabled. Use this for debugging only; * feed generation can be pretty slow with diffs. */ public const FeedCacheTimeout = [ 'default' => 60, ]; /** * When generating Recentchanges RSS/Atom feed, diffs will not be generated for * pages larger than this size. */ public const FeedDiffCutoff = [ 'default' => 32768, ]; /** * Override the site's default RSS/ATOM feed for recentchanges that appears on * every page. Some sites might have a different feed they'd like to promote * instead of the RC feed (maybe like a "Recent New Articles" or "Breaking news" one). * * Should be a format as key (either 'rss' or 'atom') and an URL to the feed * as value. * * **Example:** * Configure the 'atom' feed to https://example.com/somefeed.xml * * ``` * $wgSiteFeed['atom'] = "https://example.com/somefeed.xml"; * ``` */ public const OverrideSiteFeed = [ 'default' => [], 'type' => 'map', ]; /** * Available feeds objects. * * Should probably only be defined when a page is syndicated ie when * $wgOut->isSyndicated() is true. */ public const FeedClasses = [ 'default' => [ 'rss' => \MediaWiki\Feed\RSSFeed::class, 'atom' => \MediaWiki\Feed\AtomFeed::class, ], 'type' => 'map', ]; /** * Which feed types should we provide by default? This can include 'rss', * 'atom', neither, or both. */ public const AdvertisedFeedTypes = [ 'default' => [ 'atom', ], 'type' => 'list', ]; /** * Show watching users in recent changes, watchlist and page history views */ public const RCShowWatchingUsers = [ 'default' => false, ]; /** * Show the amount of changed characters in recent changes */ public const RCShowChangedSize = [ 'default' => true, ]; /** * If the difference between the character counts of the text * before and after the edit is below that value, the value will be * highlighted on the RC page. */ public const RCChangedSizeThreshold = [ 'default' => 500, ]; /** * Show "Updated (since my last visit)" marker in RC view, watchlist and history * view for watched pages with new changes */ public const ShowUpdatedMarker = [ 'default' => true, ]; /** * Disable links to talk pages of anonymous users (IPs) in listings on special * pages like page history, Special:Recentchanges, etc. */ public const DisableAnonTalk = [ 'default' => false, ]; /** * Allow filtering by change tag in recentchanges, history, etc * Has no effect if no tags are defined. */ public const UseTagFilter = [ 'default' => true, ]; /** * List of core tags to enable. * * @since 1.31 * @since 1.36 Added 'mw-manual-revert' and 'mw-reverted' * @see \ChangeTags::TAG_CONTENT_MODEL_CHANGE * @see \ChangeTags::TAG_NEW_REDIRECT * @see \ChangeTags::TAG_REMOVED_REDIRECT * @see \ChangeTags::TAG_CHANGED_REDIRECT_TARGET * @see \ChangeTags::TAG_BLANK * @see \ChangeTags::TAG_REPLACE * @see \ChangeTags::TAG_ROLLBACK * @see \ChangeTags::TAG_UNDO * @see \ChangeTags::TAG_MANUAL_REVERT * @see \ChangeTags::TAG_REVERTED * @see \ChangeTags::TAG_SERVER_SIDE_UPLOAD */ public const SoftwareTags = [ 'default' => [ 'mw-contentmodelchange' => true, 'mw-new-redirect' => true, 'mw-removed-redirect' => true, 'mw-changed-redirect-target' => true, 'mw-blank' => true, 'mw-replace' => true, 'mw-rollback' => true, 'mw-undo' => true, 'mw-manual-revert' => true, 'mw-reverted' => true, 'mw-server-side-upload' => true, ], 'type' => 'map', 'additionalProperties' => [ 'type' => 'boolean', ], ]; /** * If set to an integer, pages that are watched by this many users or more * will not require the unwatchedpages permission to view the number of * watchers. * * @since 1.21 */ public const UnwatchedPageThreshold = [ 'default' => false, ]; /** * Flags (letter symbols) shown in recent changes and watchlist to indicate * certain types of edits. * * To register a new one: * * ``` * $wgRecentChangesFlags['flag'] => [ * // message for the letter displayed next to rows on changes lists * 'letter' => 'letter-msg', * // message for the tooltip of the letter * 'title' => 'tooltip-msg', * // optional (defaults to 'tooltip-msg'), message to use in the legend box * 'legend' => 'legend-msg', * // optional (defaults to 'flag'), CSS class to put on changes lists rows * 'class' => 'css-class', * // optional (defaults to 'any'), how top-level flag is determined. 'any' * // will set the top-level flag if any line contains the flag, 'all' will * // only be set if all lines contain the flag. * 'grouping' => 'any', * ]; * ``` * * @since 1.22 */ public const RecentChangesFlags = [ 'default' => [ 'newpage' => [ 'letter' => 'newpageletter', 'title' => 'recentchanges-label-newpage', 'legend' => 'recentchanges-legend-newpage', 'grouping' => 'any', ], 'minor' => [ 'letter' => 'minoreditletter', 'title' => 'recentchanges-label-minor', 'legend' => 'recentchanges-legend-minor', 'class' => 'minoredit', 'grouping' => 'all', ], 'bot' => [ 'letter' => 'boteditletter', 'title' => 'recentchanges-label-bot', 'legend' => 'recentchanges-legend-bot', 'class' => 'botedit', 'grouping' => 'all', ], 'unpatrolled' => [ 'letter' => 'unpatrolledletter', 'title' => 'recentchanges-label-unpatrolled', 'legend' => 'recentchanges-legend-unpatrolled', 'grouping' => 'any', ], ], 'type' => 'map', ]; /** * Whether to enable the watchlist expiry feature. * * @since 1.35 */ public const WatchlistExpiry = [ 'default' => false, 'type' => 'boolean', ]; /** * Chance of expired watchlist items being purged on any page edit. * * Only has effect if $wgWatchlistExpiry is true. * * If this is zero, expired watchlist items will not be removed * and the purgeExpiredWatchlistItems.php maintenance script should be run periodically. * * @since 1.35 */ public const WatchlistPurgeRate = [ 'default' => 0.1, 'type' => 'float', ]; /** * Relative maximum duration for watchlist expiries, as accepted by strtotime(). * * This relates to finite watchlist expiries only. Pages can be watched indefinitely * regardless of what this is set to. * * This is used to ensure the watchlist_expiry table doesn't grow to be too big. * * Only has effect if $wgWatchlistExpiry is true. * * Set to null to allow expiries of any duration. * * @since 1.35 */ public const WatchlistExpiryMaxDuration = [ 'default' => '1 year', 'type' => '?string', ]; // endregion -- end RC/watchlist /***************************************************************************/ // region Copyright and credits settings /** @name Copyright and credits settings */ /** * Override for copyright metadata. * * This is the name of the page containing information about the wiki's copyright status, * which will be added as a link in the footer if it is specified. It overrides * $wgRightsUrl if both are specified. */ public const RightsPage = [ 'default' => null, ]; /** * Set this to specify an external URL containing details about the content license used on your * wiki. * * If $wgRightsPage is set then this setting is ignored. */ public const RightsUrl = [ 'default' => null, ]; /** * If either $wgRightsUrl or $wgRightsPage is specified then this variable gives the text for * the link. Otherwise, it will be treated as raw HTML. * * If using $wgRightsUrl then this value must be specified. If using $wgRightsPage then the * name * of the page will also be used as the link text if this variable is not set. */ public const RightsText = [ 'default' => null, ]; /** * Override for copyright metadata. */ public const RightsIcon = [ 'default' => null, ]; /** * Set this to true if you want detailed copyright information forms on Upload. */ public const UseCopyrightUpload = [ 'default' => false, ]; /** * Set this to the number of authors that you want to be credited below an * article text. Set it to zero to hide the attribution block, and a negative * number (like -1) to show all authors. Note that this will require 2-3 extra * database hits, which can have a not insignificant impact on performance for * large wikis. */ public const MaxCredits = [ 'default' => 0, ]; /** * If there are more than $wgMaxCredits authors, show $wgMaxCredits of them. * * Otherwise, link to a separate credits page. */ public const ShowCreditsIfMax = [ 'default' => true, ]; // endregion -- end of copyright and credits settings /***************************************************************************/ // region Import / Export /** @name Import / Export */ /** * List of interwiki prefixes for wikis we'll accept as sources for * Special:Import and API action=import. Since complete page history can be * imported, these should be 'trusted'. * * This can either be a regular array, or an associative map specifying * subprojects on the interwiki map of the target wiki, or a mix of the two, * e.g. * * ``` * $wgImportSources = [ * 'wikipedia' => [ 'cs', 'en', 'fr', 'zh' ], * 'wikispecies', * 'wikia' => [ 'animanga', 'brickipedia', 'desserts' ], * ]; * ``` * * If you have a very complex import sources setup, you can lazy-load it using * the ImportSources hook. * * If a user has the 'import' permission but not the 'importupload' permission, * they will only be able to run imports through this transwiki interface. */ public const ImportSources = [ 'default' => [], 'type' => 'map', ]; /** * Optional default target namespace for interwiki imports. * * Can use this to create an incoming "transwiki"-style queue. * Set to numeric key, not the name. * * Users may override this in the Special:Import dialog. */ public const ImportTargetNamespace = [ 'default' => null, ]; /** * If set to false, disables the full-history option on Special:Export. * * This is currently poorly optimized for long edit histories, so is * disabled on Wikimedia's sites. */ public const ExportAllowHistory = [ 'default' => true, ]; /** * If set nonzero, Special:Export requests for history of pages with * more revisions than this will be rejected. On some big sites things * could get bogged down by very very long pages. */ public const ExportMaxHistory = [ 'default' => 0, ]; /** * Return distinct author list (when not returning full history) */ public const ExportAllowListContributors = [ 'default' => false, ]; /** * If non-zero, Special:Export accepts a "pagelink-depth" parameter * up to this specified level, which will cause it to include all * pages linked to from the pages you specify. Since this number * can become *really really large* and could easily break your wiki, * it's disabled by default for now. * * @warning There's a HARD CODED limit of 5 levels of recursion to prevent a * crazy-big export from being done by someone setting the depth number too * high. In other words, last resort safety net. */ public const ExportMaxLinkDepth = [ 'default' => 0, ]; /** * Whether to allow the "export all pages in namespace" option */ public const ExportFromNamespaces = [ 'default' => false, ]; /** * Whether to allow exporting the entire wiki into a single file */ public const ExportAllowAll = [ 'default' => false, ]; /** * Maximum number of pages returned by the GetPagesFromCategory and * GetPagesFromNamespace functions. * * @since 1.27 */ public const ExportPagelistLimit = [ 'default' => 5000, ]; /** * The schema to use by default when generating XML dumps. This allows sites to control * explicitly when to make breaking changes to their export and dump format. */ public const XmlDumpSchemaVersion = [ 'default' => XML_DUMP_SCHEMA_VERSION_11, ]; // endregion -- end of import/export /***************************************************************************/ // region Wiki Farm /** @name Wiki Farm */ /** * A directory that contains site-specific configuration files. * * Setting this will enable multi-tenant ("wiki farm") mode, causing * site-specific settings to be loaded based on information from the web request. * * @unstable EXPERIMENTAL * @since 1.38 */ public const WikiFarmSettingsDirectory = [ 'default' => null ]; /** * The file extension to be used when looking up site-specific settings files in * $wgWikiFarmSettingsDirectory, such as 'json' or 'yaml'. * * @unstable EXPERIMENTAL * @since 1.38 */ public const WikiFarmSettingsExtension = [ 'default' => 'yaml' ]; // endregion -- End Wiki Farm /***************************************************************************/ // region Extensions /** @name Extensions */ /** * A list of callback functions which are called once MediaWiki is fully * initialised */ public const ExtensionFunctions = [ 'default' => [], 'type' => 'list', ]; /** * Extension messages files. * * Associative array mapping extension name to the filename where messages can be * found. The file should contain variable assignments. Any of the variables * present in languages/messages/MessagesEn.php may be defined, but $messages * is the most common. * * Variables defined in extensions will override conflicting variables defined * in the core. * * Since MediaWiki 1.23, use of this variable to define messages is discouraged; instead, store * messages in JSON format and use $wgMessagesDirs. For setting other variables than * $messages, $wgExtensionMessagesFiles should still be used. Use a DIFFERENT key because * any entry having a key that also exists in $wgMessagesDirs will be ignored. * * Extensions using the JSON message format can preserve backward compatibility with * earlier versions of MediaWiki by using a compatibility shim, such as one generated * by the generateJsonI18n.php maintenance script, listing it under the SAME key * as for the $wgMessagesDirs entry. * * **Example:** * * ``` * $wgExtensionMessagesFiles['ConfirmEdit'] = __DIR__.'/ConfirmEdit.i18n.php'; * ``` */ public const ExtensionMessagesFiles = [ 'default' => [], 'type' => 'map', ]; /** * Extension messages directories. * * Associative array mapping extension name to the path of the directory where message files can * be found. The message files are expected to be JSON files named for their language code, e.g. * en.json, de.json, etc. Extensions with messages in multiple places may specify an array of * message directories. * * Message directories in core should be added to LocalisationCache::getMessagesDirs() * * **Simple example:** * * ``` * $wgMessagesDirs['Example'] = __DIR__ . '/i18n'; * ``` * * **Complex example:** * * ``` * $wgMessagesDirs['Example'] = [ * __DIR__ . '/lib/ve/i18n', * __DIR__ . '/lib/ooui/i18n', * __DIR__ . '/i18n', * ] * ``` * * @since 1.23 */ public const MessagesDirs = [ 'default' => [], 'type' => 'map', ]; /** * Message directories containing JSON files for localisation of special page aliases. * * Associative array mapping extension name to the directory where configurations can be * found. The directory is expected to contain JSON files corresponding to each language code. * * Variables defined in extensions will override conflicting variables defined * in the core. We recommend using this configuration to set variables that require localisation: * special page aliases, and in the future namespace aliases and magic words. * * **Simple example**: extension.json * ``` * "TranslationAliasesDirs": { * "TranslationNotificationsAlias": "i18n/aliases" * } * ``` * **Complex example**: extension.json * ``` * "TranslationAliasesDirs": { * "TranslationNotificationsAlias": [ "i18n/special-page-aliases", "i18n/magic-words", "i18n/namespaces" ] * } * ``` * * @unstable EXPERIMENTAL * @since 1.42 */ public const TranslationAliasesDirs = [ 'default' => [], 'type' => 'map', ]; /** * Array of files with list(s) of extension entry points to be used in * maintenance/mergeMessageFileList.php * * @since 1.22 */ public const ExtensionEntryPointListFiles = [ 'default' => [], 'type' => 'map', ]; /** * Whether to include the NewPP limit report as a HTML comment */ public const EnableParserLimitReporting = [ 'default' => true, ]; /** * List of valid skin names * * The key should be the name in all lower case. * * As of 1.35, the value should be a an array in the form of the ObjectFactory specification. * * For example for 'foobarskin' where the PHP class is 'MediaWiki\Skins\FooBar\FooBarSkin' set: * * **skin.json Example:** * * ``` * "ValidSkinNames": { * "foobarskin": { * "displayname": "FooBarSkin", * "class": "MediaWiki\\Skins\\FooBar\\FooBarSkin" * } * } * ``` * * Historically, the value was a properly cased name for the skin (and is still currently * supported). This value will be prefixed with "Skin" to create the class name of the * skin to load. Use Skin::getSkinNames() as an accessor if you wish to have access to the * full list. */ public const ValidSkinNames = [ 'default' => [], 'type' => 'map', ]; /** * Special page list. This is an associative array mapping the (canonical) names of * special pages to either a class name or a ObjectFactory spec to be instantiated, or a callback to use for * creating the special page object. In all cases, the result must be an instance of SpecialPage. */ public const SpecialPages = [ 'default' => [], 'type' => 'map', ]; /** * Obsolete switch that controlled legacy case-insensitive classloading. * * Case-insensitive classloading was needed for loading data that had * been serialized by PHP 4 with the class names converted to lowercase. * It is no longer necessary since 1.31; the lowercase forms in question * are now listed in autoload.php (T166759). * * @deprecated since 1.35 */ public const AutoloadAttemptLowercase = [ 'default' => false, 'obsolete' => 'Since 1.40; no longer has any effect.', 'description' => 'Has been emitting warnings since 1.39 (LTS). ' . 'Can be removed completely in 1.44, assuming 1.43 is an LTS release.' ]; /** * Add information about an installed extension, keyed by its type. * * This is for use from LocalSettings.php and legacy PHP-entrypoint * extensions. In general, extensions should (only) declare this * information in their extension.json file. * * The 'name', 'path' and 'author' keys are required. * * ``` * $wgExtensionCredits['other'][] = [ * 'path' => __FILE__, * 'name' => 'Example extension', * 'namemsg' => 'exampleextension-name', * 'author' => [ * 'Foo Barstein', * ], * 'version' => '0.0.1', * 'url' => 'https://example.org/example-extension/', * 'descriptionmsg' => 'exampleextension-desc', * 'license-name' => 'GPL-2.0-or-later', * ]; * ``` * * The extensions are listed on Special:Version. This page also looks for a file * named COPYING or LICENSE (optional .txt extension) and provides a link to * view said file. When the 'license-name' key is specified, this file is * interpreted as wikitext. * * - $type: One of 'specialpage', 'parserhook', 'variable', 'media', 'antispam', * 'skin', 'api', or 'other', or any additional types as specified through the * ExtensionTypes hook as used in SpecialVersion::getExtensionTypes(). * * - name: Name of extension as an inline string instead of localizable message. * Do not omit this even if 'namemsg' is provided, as it is used to override * the path Special:Version uses to find extension's license info, and is * required for backwards-compatibility with MediaWiki 1.23 and older. * * - namemsg (since MW 1.24): A message key for a message containing the * extension's name, if the name is localizable. (For example, skin names * usually are.) * * - author: A string or an array of strings. Authors can be linked using * the regular wikitext link syntax. To have an internationalized version of * "and others" show, add an element "...". This element can also be linked, * for instance "[https://example ...]". * * - descriptionmsg: A message key or an array with message key and parameters: * `'descriptionmsg' => 'exampleextension-desc',` * * - description: Description of extension as an inline string instead of * localizable message (omit in favour of 'descriptionmsg'). * * - license-name: Short name of the license (used as label for the link), such * as "GPL-2.0-or-later" or "MIT" (https://spdx.org/licenses/ for a list of identifiers). * * @see \MediaWiki\Specials\SpecialVersion::getCredits */ public const ExtensionCredits = [ 'default' => [], 'type' => 'map', ]; /** * Global list of hooks. * * The key is one of the events made available by MediaWiki, you can find * a description for most of them in their respective hook interfaces. For * overview of the hook system see docs/Hooks.md. The array is used internally * by HookContainer::run(). * * The value can be one of: * * - A function name: `$wgHooks['event_name'][] = $function;` * * - A function with some data: `$wgHooks['event_name'][] = [ $function, $data ];` * * * - A an object method: `$wgHooks['event_name'][] = [ $object, 'method' ];` * * - A closure: * ``` * $wgHooks['event_name'][] = function ( $hookParam ) { * // Handler code goes here. * }; * ``` * * @warning You should always append to an event array or you will end up * deleting a previous registered hook. * @warning Hook handlers should be registered at file scope. Registering * handlers after file scope can lead to unexpected results due to caching. */ public const Hooks = [ 'default' => [], 'type' => 'map', 'mergeStrategy' => 'array_merge_recursive', ]; /** * List of service wiring files to be loaded by the default instance of MediaWikiServices. Each * file listed here is expected to return an associative array mapping service names to * instantiator functions. Extensions may add wiring files to define their own services. * However, this cannot be used to replace existing services - use the MediaWikiServices hook * for that. * * @note the default wiring file will be added automatically by Setup.php * @see \MediaWiki\MediaWikiServices * @see \Wikimedia\Services\ServiceContainer::loadWiringFiles() for details on loading * service instantiator functions. * @see docs/Injection.md for an overview of dependency * injection in MediaWiki. */ public const ServiceWiringFiles = [ 'default' => [], 'type' => 'list', ]; /** * Maps jobs to their handlers; extensions * can add to this to provide custom jobs. * * Since 1.40, job handlers can be specified as object specs * for use with ObjectFactory, using an array, a plain class name, * or a callback. * * @note The constructor signature of job classes has to follow one of two patterns: * Either it takes a parameter array as the first argument, followed by any services it * needs to have injected: ( array $params, ... ). * Or it takes a PageReference as the first parameter, followed by the parameter array, * followed by any services: ( PageReference $page, array $params, ... ). * In order to signal to the JobFactory that the $page parameter should be omitted from * the constructor arguments, the job class has to be a subclass of GenericParameterJob, * or the object specification for the job has to set the 'needsPage' key to false. * If a callback is used, its signature follows the same rules. */ public const JobClasses = [ 'default' => [ 'deletePage' => DeletePageJob::class, 'refreshLinks' => RefreshLinksJob::class, 'deleteLinks' => DeleteLinksJob::class, 'htmlCacheUpdate' => HTMLCacheUpdateJob::class, 'sendMail' => [ 'class' => EmaillingJob::class, 'services' => [ 0 => 'Emailer' ] ], 'enotifNotify' => EnotifNotifyJob::class, 'fixDoubleRedirect' => [ 'class' => DoubleRedirectJob::class, 'services' => [ 'RevisionLookup', 'MagicWordFactory', 'WikiPageFactory', ], // This job requires a title 'needsPage' => true, ], 'AssembleUploadChunks' => AssembleUploadChunksJob::class, 'PublishStashedFile' => PublishStashedFileJob::class, 'ThumbnailRender' => ThumbnailRenderJob::class, 'UploadFromUrl' => UploadFromUrlJob::class, 'recentChangesUpdate' => RecentChangesUpdateJob::class, 'refreshLinksPrioritized' => RefreshLinksJob::class, 'refreshLinksDynamic' => RefreshLinksJob::class, 'activityUpdateJob' => ActivityUpdateJob::class, 'categoryMembershipChange' => CategoryMembershipChangeJob::class, 'clearUserWatchlist' => ClearUserWatchlistJob::class, 'watchlistExpiry' => WatchlistExpiryJob::class, 'cdnPurge' => CdnPurgeJob::class, 'userGroupExpiry' => UserGroupExpiryJob::class, 'clearWatchlistNotifications' => ClearWatchlistNotificationsJob::class, 'userOptionsUpdate' => UserOptionsUpdateJob::class, 'revertedTagUpdate' => RevertedTagUpdateJob::class, 'null' => NullJob::class, 'userEditCountInit' => UserEditCountInitJob::class, 'parsoidCachePrewarm' => [ 'class' => ParsoidCachePrewarmJob::class, 'services' => [ 'ParserOutputAccess', 'PageStore', 'RevisionLookup', 'ParsoidSiteConfig', ], // tell the JobFactory not to include the $page parameter in the constructor call 'needsPage' => false ], 'renameUser' => [ 'class' => RenameUserJob::class, 'services' => [ 'MainConfig', 'DBLoadBalancerFactory' ] ], ], 'type' => 'map', ]; /** * Jobs that must be explicitly requested, i.e. aren't run by job runners unless * special flags are set. The values here are keys of $wgJobClasses. * * These can be: * - Very long-running jobs. * - Jobs that you would never want to run as part of a page rendering request. * - Jobs that you want to run on specialized machines ( like transcoding, or a particular * machine on your cluster has 'outside' web access you could restrict uploadFromUrl ) * These settings should be global to all wikis. */ public const JobTypesExcludedFromDefaultQueue = [ 'default' => [ 'AssembleUploadChunks', 'PublishStashedFile', 'UploadFromUrl' ], 'type' => 'list', ]; /** * Map of job types to how many job "work items" should be run per second * on each job runner process. The meaning of "work items" varies per job, * but typically would be something like "pages to update". A single job * may have a variable number of work items, as is the case with batch jobs. * * This is used by runJobs.php and not jobs run via $wgJobRunRate. * These settings should be global to all wikis. */ public const JobBackoffThrottling = [ 'default' => [], 'type' => 'map', 'additionalProperties' => [ 'type' => 'float', ], ]; /** * Map of job types to configuration arrays. * * This determines which queue class and storage system is used for each job type. * Job types that do not have explicit configuration will use the 'default' config. * These settings should be global to all wikis. */ public const JobTypeConf = [ 'default' => [ 'default' => [ 'class' => JobQueueDB::class, 'order' => 'random', 'claimTTL' => 3600 ], ], 'additionalProperties' => [ 'type' => 'object', 'properties' => [ 'class' => [ 'type' => 'string' ], 'order' => [ 'type' => 'string' ], 'claimTTL' => [ 'type' => 'int' ] ], ], 'type' => 'map', ]; /** * Whether to include the number of jobs that are queued * for the API's maxlag parameter. * * The total number of jobs will be divided by this to get an * estimated second of maxlag. Typically bots backoff at maxlag=5, * so setting this to the max number of jobs that should be in your * queue divided by 5 should have the effect of stopping bots once * that limit is hit. * * @since 1.29 */ public const JobQueueIncludeInMaxLagFactor = [ 'default' => false, ]; /** * Additional functions to be performed with updateSpecialPages. * * Expensive Querypages are already updated. */ public const SpecialPageCacheUpdates = [ 'default' => [ 'Statistics' => [ SiteStatsUpdate::class, 'cacheUpdate' ] ], 'type' => 'map', ]; /** * Page property link table invalidation lists. When a page property * changes, this may require other link tables to be updated (eg * adding __HIDDENCAT__ means the hiddencat tracking category will * have been added, so the categorylinks table needs to be rebuilt). * * This array can be added to by extensions. */ public const PagePropLinkInvalidations = [ 'default' => [ 'hiddencat' => 'categorylinks', ], 'type' => 'map', ]; // endregion -- End extensions /***************************************************************************/ // region Categories /** @name Categories */ /** * On category pages, show thumbnail gallery for images belonging to that * category instead of listing them as articles. */ public const CategoryMagicGallery = [ 'default' => true, ]; /** * Paging limit for categories */ public const CategoryPagingLimit = [ 'default' => 200, ]; /** * Specify how category names should be sorted, when listed on a category page. * * A sorting scheme is also known as a collation. * * Available values are: * * - uppercase: Converts the category name to upper case, and sorts by that. * * - identity: Does no conversion. Sorts by binary value of the string. * * - uca-default: Provides access to the Unicode Collation Algorithm with * the default element table. This is a compromise collation which sorts * all languages in a mediocre way. However, it is better than "uppercase". * * To use the uca-default collation, you must have PHP's intl extension * installed. See https://www.php.net/manual/en/intl.setup.php . The details of the * resulting collation will depend on the version of ICU installed on the * server. * * After you change this, you must run maintenance/updateCollation.php to fix * the sort keys in the database. * * Extensions can define there own collations by subclassing Collation * and using the Collation::factory hook. */ public const CategoryCollation = [ 'default' => 'uppercase', ]; /** * Additional category collations to store during LinksUpdate. This can be used * to perform online migration of categories from one collation to another. An * array of associative arrays each having the following keys: * * - table: (string) The table name * - collation: (string) The collation to use for cl_sortkey * - fakeCollation: (string) The collation name to insert into cl_collation * * @since 1.38 */ public const TempCategoryCollations = [ 'default' => [], 'type' => 'list', ]; /** * Whether to sort categories in OutputPage for display. * * The value of CategoryCollation is used for sorting. * * @unstable EXPERIMENTAL This feature is used for Parsoid development, * but its future as a core feature will depend on community uptake. */ public const SortedCategories = [ 'default' => false, 'type' => 'boolean', ]; /** * Array holding default tracking category names. * * Array contains the system messages for each tracking category. * Tracking categories allow pages with certain characteristics to be tracked. * It works by adding any such page to a category automatically. * * A message with the suffix '-desc' should be added as a description message * to have extra information on Special:TrackingCategories. * * @deprecated since 1.25 Extensions should now register tracking categories using * the new extension registration system. * @since 1.23 */ public const TrackingCategories = [ 'default' => [], 'type' => 'list', 'deprecated' => 'since 1.25 Extensions should now register tracking categories using ' . 'the new extension registration system.', ]; // endregion -- End categories /***************************************************************************/ // region Logging /** @name Logging */ /** * The logging system has two levels: an event type, which describes the * general category and can be viewed as a named subset of all logs; and * an action, which is a specific kind of event that can exist in that * log type. * * Note that code should call LogPage::validTypes() to get a list of valid * log types instead of checking the global variable. */ public const LogTypes = [ 'default' => [ '', 'block', 'protect', 'rights', 'delete', 'upload', 'move', 'import', 'patrol', 'merge', 'suppress', 'tag', 'managetags', 'contentmodel', 'renameuser', ], 'type' => 'list', ]; /** * This restricts log access to those who have a certain right * Users without this will not see it in the option menu and can not view it * Restricted logs are not added to recent changes * Logs should remain non-transcludable * Format: logtype => permissiontype */ public const LogRestrictions = [ 'default' => [ 'suppress' => 'suppressionlog', ], 'type' => 'map', ]; /** * Show/hide links on Special:Log will be shown for these log types. * * This is associative array of log type => boolean "hide by default" * * See $wgLogTypes for a list of available log types. * * **Example:** * * `$wgFilterLogTypes = [ 'move' => true, 'import' => false ];` * * Will display show/hide links for the move and import logs. Move logs will be * hidden by default unless the link is clicked. Import logs will be shown by * default, and hidden when the link is clicked. * * A message of the form logeventslist-[type]-log should be added, and will be * used for the link text. */ public const FilterLogTypes = [ 'default' => [ 'patrol' => true, 'tag' => true, 'newusers' => false, ], 'type' => 'map', ]; /** * Lists the message key string for each log type. The localized messages * will be listed in the user interface. * * Extensions with custom log types may add to this array. * * @since 1.19, if you follow the naming convention log-name-TYPE, * where TYPE is your log type, you don't need to use this array. */ public const LogNames = [ 'default' => [ '' => 'all-logs-page', 'block' => 'blocklogpage', 'protect' => 'protectlogpage', 'rights' => 'rightslog', 'delete' => 'dellogpage', 'upload' => 'uploadlogpage', 'move' => 'movelogpage', 'import' => 'importlogpage', 'patrol' => 'patrol-log-page', 'merge' => 'mergelog', 'suppress' => 'suppressionlog', ], 'type' => 'map', ]; /** * Lists the message key string for descriptive text to be shown at the * top of each log type. * * Extensions with custom log types may add to this array. * * @since 1.19, if you follow the naming convention log-description-TYPE, * where TYPE is your log type, yoy don't need to use this array. */ public const LogHeaders = [ 'default' => [ '' => 'alllogstext', 'block' => 'blocklogtext', 'delete' => 'dellogpagetext', 'import' => 'importlogpagetext', 'merge' => 'mergelogpagetext', 'move' => 'movelogpagetext', 'patrol' => 'patrol-log-header', 'protect' => 'protectlogtext', 'rights' => 'rightslogtext', 'suppress' => 'suppressionlogtext', 'upload' => 'uploadlogpagetext', ], 'type' => 'map', ]; /** * Maps log actions to message keys, for formatting log entries of each type * and action when displaying logs to the user. * The array keys are composed as "$type/$action". * * Extensions with custom log types may add to this array. */ public const LogActions = [ 'default' => [], 'type' => 'map', ]; /** * The same as above, but here values are class names or ObjectFactory specifications, * not messages. The specification must resolve to a LogFormatter subclass, * and will receive the LogEntry object as its first constructor argument. * The type can be specified as '*' (e.g. 'block/*') to handle all types. * * @see \LogPage::actionText * @see \LogFormatter */ public const LogActionsHandlers = [ 'default' => [ 'block/block' => BlockLogFormatter::class, 'block/reblock' => BlockLogFormatter::class, 'block/unblock' => BlockLogFormatter::class, 'contentmodel/change' => ContentModelLogFormatter::class, 'contentmodel/new' => ContentModelLogFormatter::class, 'delete/delete' => DeleteLogFormatter::class, 'delete/delete_redir' => DeleteLogFormatter::class, 'delete/delete_redir2' => DeleteLogFormatter::class, 'delete/event' => DeleteLogFormatter::class, 'delete/restore' => DeleteLogFormatter::class, 'delete/revision' => DeleteLogFormatter::class, 'import/interwiki' => ImportLogFormatter::class, 'import/upload' => ImportLogFormatter::class, 'managetags/activate' => LogFormatter::class, 'managetags/create' => LogFormatter::class, 'managetags/deactivate' => LogFormatter::class, 'managetags/delete' => LogFormatter::class, 'merge/merge' => MergeLogFormatter::class, 'move/move' => MoveLogFormatter::class, 'move/move_redir' => MoveLogFormatter::class, 'patrol/patrol' => PatrolLogFormatter::class, 'patrol/autopatrol' => PatrolLogFormatter::class, 'protect/modify' => ProtectLogFormatter::class, 'protect/move_prot' => ProtectLogFormatter::class, 'protect/protect' => ProtectLogFormatter::class, 'protect/unprotect' => ProtectLogFormatter::class, 'renameuser/renameuser' => RenameuserLogFormatter::class, 'rights/autopromote' => RightsLogFormatter::class, 'rights/rights' => RightsLogFormatter::class, 'suppress/block' => BlockLogFormatter::class, 'suppress/delete' => DeleteLogFormatter::class, 'suppress/event' => DeleteLogFormatter::class, 'suppress/reblock' => BlockLogFormatter::class, 'suppress/revision' => DeleteLogFormatter::class, 'tag/update' => TagLogFormatter::class, 'upload/overwrite' => UploadLogFormatter::class, 'upload/revert' => UploadLogFormatter::class, 'upload/upload' => UploadLogFormatter::class, ], 'type' => 'map', ]; /** * List of log types that can be filtered by action types * * To each action is associated the list of log_action * subtypes to search for, usually one, but not necessarily so * Extensions may append to this array * * @since 1.27 */ public const ActionFilteredLogs = [ 'default' => [ 'block' => [ 'block' => [ 'block' ], 'reblock' => [ 'reblock' ], 'unblock' => [ 'unblock' ], ], 'contentmodel' => [ 'change' => [ 'change' ], 'new' => [ 'new' ], ], 'delete' => [ 'delete' => [ 'delete' ], 'delete_redir' => [ 'delete_redir', 'delete_redir2' ], 'restore' => [ 'restore' ], 'event' => [ 'event' ], 'revision' => [ 'revision' ], ], 'import' => [ 'interwiki' => [ 'interwiki' ], 'upload' => [ 'upload' ], ], 'managetags' => [ 'create' => [ 'create' ], 'delete' => [ 'delete' ], 'activate' => [ 'activate' ], 'deactivate' => [ 'deactivate' ], ], 'move' => [ 'move' => [ 'move' ], 'move_redir' => [ 'move_redir' ], ], 'newusers' => [ 'create' => [ 'create', 'newusers' ], 'create2' => [ 'create2' ], 'autocreate' => [ 'autocreate' ], 'byemail' => [ 'byemail' ], ], 'protect' => [ 'protect' => [ 'protect' ], 'modify' => [ 'modify' ], 'unprotect' => [ 'unprotect' ], 'move_prot' => [ 'move_prot' ], ], 'rights' => [ 'rights' => [ 'rights' ], 'autopromote' => [ 'autopromote' ], ], 'suppress' => [ 'event' => [ 'event' ], 'revision' => [ 'revision' ], 'delete' => [ 'delete' ], 'block' => [ 'block' ], 'reblock' => [ 'reblock' ], ], 'upload' => [ 'upload' => [ 'upload' ], 'overwrite' => [ 'overwrite' ], 'revert' => [ 'revert' ], ], ], 'type' => 'map', ]; /** * Maintain a log of newusers at Special:Log/newusers? */ public const NewUserLog = [ 'default' => true, ]; /** * Maintain a log of page creations at Special:Log/create? * * @since 1.32 */ public const PageCreationLog = [ 'default' => true, ]; // endregion -- end logging /***************************************************************************/ // region Special pages (general and miscellaneous) /** @name Special pages (general and miscellaneous) */ /** * Allow special page inclusions such as {{Special:Allpages}} */ public const AllowSpecialInclusion = [ 'default' => true, ]; /** * Set this to an array of special page names to prevent * maintenance/updateSpecialPages.php from updating those pages. * * Mapping each special page name to a run mode like 'periodical' if a cronjob is set up. */ public const DisableQueryPageUpdate = [ 'default' => false, ]; /** * On Special:Unusedimages, consider images "used", if they are put * into a category. Default (false) is not to count those as used. */ public const CountCategorizedImagesAsUsed = [ 'default' => false, ]; /** * Maximum number of links to a redirect page listed on * Special:Whatlinkshere/RedirectDestination */ public const MaxRedirectLinksRetrieved = [ 'default' => 500, ]; /** * Shortest CIDR limits that can be checked in any individual range check * at Special:Contributions. * * @since 1.30 */ public const RangeContributionsCIDRLimit = [ 'default' => [ 'IPv4' => 16, 'IPv6' => 32, ], 'type' => 'map', 'additionalProperties' => [ 'type' => 'integer', ], ]; // endregion -- end special pages /***************************************************************************/ // region Actions /** @name Actions */ /** * Map of allowed values for the "title=foo&action=" parameter. * to the corresponding handler code. * See ActionFactory for the syntax. Core defaults are in ActionFactory::CORE_ACTIONS, * anything here overrides that. */ public const Actions = [ 'default' => [], 'type' => 'map', ]; // endregion -- end actions /***************************************************************************/ // region Robot (search engine crawler) policy /** @name Robot (search engine crawler) policy */ // See also $wgNoFollowLinks. /** * Default robot policy. The default policy is to encourage indexing and fol- * lowing of links. It may be overridden on a per-namespace and/or per-page * basis. */ public const DefaultRobotPolicy = [ 'default' => 'index,follow', ]; /** * Robot policies per namespaces. The default policy is given above, the array * is made of namespace constants as defined in includes/Defines.php. You can- * not specify a different default policy for NS_SPECIAL: it is always noindex, * nofollow. This is because a number of special pages (e.g., ListPages) have * many permutations of options that display the same data under redundant * URLs, so search engine spiders risk getting lost in a maze of twisty special * pages, all alike, and never reaching your actual content. * * **Example:** * * ``` * $wgNamespaceRobotPolicies = [ NS_TALK => 'noindex' ]; * ``` */ public const NamespaceRobotPolicies = [ 'default' => [], 'type' => 'map', ]; /** * Robot policies per article. These override the per-namespace robot policies. * * Must be in the form of an array where the key part is a properly canonicalised * text form title and the value is a robot policy. * * **Example:** * * ``` * $wgArticleRobotPolicies = [ * 'Main Page' => 'noindex,follow', * 'User:Bob' => 'index,follow', * ]; * ``` * * **Example that DOES NOT WORK because the names are not canonical text** * forms: * * ``` * $wgArticleRobotPolicies = [ * // Underscore, not space! * 'Main_Page' => 'noindex,follow', * // "Project", not the actual project name! * 'Project:X' => 'index,follow', * // Needs to be "Abc", not "abc" (unless $wgCapitalLinks is false for that namespace)! * 'abc' => 'noindex,nofollow' * ]; * ``` */ public const ArticleRobotPolicies = [ 'default' => [], 'type' => 'map', ]; /** * An array of namespace keys in which the __INDEX__/__NOINDEX__ magic words * will not function, so users can't decide whether pages in that namespace are * indexed by search engines. If set to null, default to $wgContentNamespaces. * * **Example:** * * ``` * $wgExemptFromUserRobotsControl = [ NS_MAIN, NS_TALK, NS_PROJECT ]; * ``` */ public const ExemptFromUserRobotsControl = [ 'default' => null, 'type' => '?list', ]; // endregion End robot policy /***************************************************************************/ // region Action API and REST API /** @name Action API and REST API */ /** * WARNING: SECURITY THREAT - debug use only * * Disables many security checks in the API for debugging purposes. * This flag should never be used on the production servers, as it introduces * a number of potential security holes. Even when enabled, the validation * will still be performed, but instead of failing, API will return a warning. * Also, there will always be a warning notifying that this flag is set. * At this point, the flag allows GET requests to go through for modules * requiring POST. * * @since 1.21 */ public const DebugAPI = [ 'default' => false, ]; /** * API module extensions. * * Associative array mapping module name to modules specs; * Each module spec is an associative array containing at least * the 'class' key for the module's class, and optionally a * 'factory' key for the factory function to use for the module. * * That factory function will be called with two parameters, * the parent module (an instance of ApiBase, usually ApiMain) * and the name the module was registered under. The return * value must be an instance of the class given in the 'class' * field. * * For backward compatibility, the module spec may also be a * simple string containing the module's class name. In that * case, the class' constructor will be called with the parent * module and module name as parameters, as described above. * * Examples for registering API modules: * * ``` * $wgAPIModules['foo'] = 'ApiFoo'; * $wgAPIModules['bar'] = [ * 'class' => ApiBar::class, * 'factory' => function( $main, $name ) { ... } * ]; * $wgAPIModules['xyzzy'] = [ * 'class' => ApiXyzzy::class, * 'factory' => [ XyzzyFactory::class, 'newApiModule' ] * ]; * ``` * Extension modules may override the core modules. * See ApiMain::MODULES for a list of the core modules. */ public const APIModules = [ 'default' => [], 'type' => 'map', ]; /** * API format module extensions. * * Associative array mapping format module name to module specs (see $wgAPIModules). * Extension modules may override the core modules. * * See ApiMain::FORMATS for a list of the core format modules. */ public const APIFormatModules = [ 'default' => [], 'type' => 'map', ]; /** * API Query meta module extensions. * * Associative array mapping meta module name to module specs (see $wgAPIModules). * Extension modules may override the core modules. * * See ApiQuery::QUERY_META_MODULES for a list of the core meta modules. */ public const APIMetaModules = [ 'default' => [], 'type' => 'map', ]; /** * API Query prop module extensions. * * Associative array mapping prop module name to module specs (see $wgAPIModules). * Extension modules may override the core modules. * * See ApiQuery::QUERY_PROP_MODULES for a list of the core prop modules. */ public const APIPropModules = [ 'default' => [], 'type' => 'map', ]; /** * API Query list module extensions. * * Associative array mapping list module name to module specs (see $wgAPIModules). * Extension modules may override the core modules. * * See ApiQuery::QUERY_LIST_MODULES for a list of the core list modules. */ public const APIListModules = [ 'default' => [], 'type' => 'map', ]; /** * Maximum amount of rows to scan in a DB query in the API * The default value is generally fine */ public const APIMaxDBRows = [ 'default' => 5000, ]; /** * The maximum size (in bytes) of an API result. * * @warning Do not set this lower than $wgMaxArticleSize*1024 */ public const APIMaxResultSize = [ 'default' => 8_388_608, ]; /** * The maximum number of uncached diffs that can be retrieved in one API * request. Set this to 0 to disable API diffs altogether */ public const APIMaxUncachedDiffs = [ 'default' => 1, ]; /** * Maximum amount of DB lag on a majority of DB replica DBs to tolerate * before forcing bots to retry any write requests via API errors. * * This should be lower than the 'max lag' value in $wgLBFactoryConf. */ public const APIMaxLagThreshold = [ 'default' => 7, ]; /** * Log file or URL (TCP or UDP) to log API requests to, or false to disable * API request logging */ public const APIRequestLog = [ 'default' => false, 'deprecated' => 'since 1.43; use api or api-request $wgDebugLogGroups channel', ]; /** * Set the timeout for the API help text cache. If set to 0, caching disabled */ public const APICacheHelpTimeout = [ 'default' => 60 * 60, ]; /** * The ApiQueryQueryPages module should skip pages that are redundant to true * API queries. */ public const APIUselessQueryPages = [ 'default' => [ 'MIMEsearch', 'LinkSearch', ], 'type' => 'list', ]; /** * Enable previewing licences via AJAX. */ public const AjaxLicensePreview = [ 'default' => true, ]; /** * Settings for incoming cross-site AJAX requests: * Newer browsers support cross-site AJAX when the target resource allows requests * from the origin domain by the Access-Control-Allow-Origin header. * * This is currently only used by the API (requests to api.php) * $wgCrossSiteAJAXdomains can be set using a wildcard syntax: * * - '*' matches any number of characters * - '?' matches any 1 character * * **Example:** * * ``` * $wgCrossSiteAJAXdomains = [ * 'www.mediawiki.org', * '*.wikipedia.org', * '*.wikimedia.org', * '*.wiktionary.org', * ]; * ``` */ public const CrossSiteAJAXdomains = [ 'default' => [], 'type' => 'map', ]; /** * Domains that should not be allowed to make AJAX requests, * even if they match one of the domains allowed by $wgCrossSiteAJAXdomains * Uses the same syntax as $wgCrossSiteAJAXdomains */ public const CrossSiteAJAXdomainExceptions = [ 'default' => [], 'type' => 'map', ]; /** * List of allowed headers for cross-origin API requests. */ public const AllowedCorsHeaders = [ 'default' => [ /* simple headers (see spec) */ 'Accept', 'Accept-Language', 'Content-Language', 'Content-Type', /* non-authorable headers in XHR, which are however requested by some UAs */ 'Accept-Encoding', 'DNT', 'Origin', /* MediaWiki whitelist */ 'User-Agent', 'Api-User-Agent', /* Allowing caching preflight requests, see T269636 */ 'Access-Control-Max-Age', /* OAuth 2.0, see T322944 */ 'Authorization', ], 'type' => 'list', ]; /** * Additional REST API Route files. * * A common usage is to enable development/experimental endpoints only on test wikis. */ public const RestAPIAdditionalRouteFiles = [ 'default' => [], 'type' => 'list', ]; /** * A list of OpenAPI specs to be made available for exploration on * Special:RestSandbox. If none are given, Special:RestSandbox is disabled. * * This is an associative array, arbitrary spec IDs to spec descriptions. * Each spec description is an array with the following keys: * - url: the URL that will return the OpenAPI spec. * - name: the name of the API, to be shown on Special:RestSandbox. * Ignored if msg is given. * - msg: a message key for the name of the API, to be shown on * Special:RestSandbox. * * @unstable Introduced in 1.43. We may want to rename or change this to * accommodate the need to list external APIs in a central discovery * document. */ public const RestSandboxSpecs = [ 'default' => [], 'type' => 'map', 'additionalProperties' => [ 'type' => 'object', 'properties' => [ 'url' => [ 'type' => 'string', 'format' => 'url' ], 'name' => [ 'type' => 'string' ], 'msg' => [ 'type' => 'string', 'description' => 'a message key' ] ], 'required' => [ 'url' ] ] ]; // endregion -- End AJAX and API /***************************************************************************/ // region Shell and process control /** @name Shell and process control */ /** * Maximum amount of virtual memory available to shell processes under linux, in KiB. */ public const MaxShellMemory = [ 'default' => 307_200, ]; /** * Maximum file size created by shell processes under linux, in KiB * ImageMagick convert for example can be fairly hungry for scratch space */ public const MaxShellFileSize = [ 'default' => 102_400, ]; /** * Maximum CPU time in seconds for shell processes under Linux */ public const MaxShellTime = [ 'default' => 180, ]; /** * Maximum wall clock time (i.e. real time, of the kind the clock on the wall * would measure) in seconds for shell processes under Linux */ public const MaxShellWallClockTime = [ 'default' => 180, ]; /** * Under Linux: a cgroup directory used to constrain memory usage of shell * commands. The directory must be writable by the user which runs MediaWiki. * * If specified, this is used instead of ulimit, which is inaccurate, and * causes malloc() to return NULL, which exposes bugs in C applications, making * them segfault or deadlock. * * A wrapper script will create a cgroup for each shell command that runs, as * a subgroup of the specified cgroup. If the memory limit is exceeded, the * kernel will send a SIGKILL signal to a process in the subgroup. * * **Example:** * * ``` * mkdir -p /sys/fs/cgroup/memory/mediawiki * mkdir -m 0777 /sys/fs/cgroup/memory/mediawiki/job * echo '$wgShellCgroup = "/sys/fs/cgroup/memory/mediawiki/job";' >> LocalSettings.php * ``` * The reliability of cgroup cleanup can be improved by installing a * notify_on_release script in the root cgroup, see e.g. * https://gerrit.wikimedia.org/r/#/c/40784 */ public const ShellCgroup = [ 'default' => false, ]; /** * Executable path of the PHP cli binary. Should be set up on install. */ public const PhpCli = [ 'default' => '/usr/bin/php', ]; /** * Method to use to restrict shell commands * * Supported options: * - 'autodetect': Autodetect if any restriction methods are available * - 'firejail': Use firejail * - false: Don't use any restrictions * * @note If using firejail with MediaWiki running in a home directory different * from the webserver user, firejail 0.9.44+ is required. * @since 1.31 */ public const ShellRestrictionMethod = [ 'default' => 'autodetect', 'type' => 'string|false', ]; /** * Shell commands can be run on a remote server using Shellbox. To use this * feature, set this to the URLs mapped by the service, and also configure $wgShellboxSecretKey. * * You can also disable a certain service by setting it to false or null. * * 'default' would be the default URL if no URL is defined for that service. * * For more information about installing Shellbox, see * https://www.mediawiki.org/wiki/Shellbox * * @since 1.37 */ public const ShellboxUrls = [ 'default' => [ 'default' => null, ], 'type' => 'map', 'additionalProperties' => [ 'type' => 'string|false|null', ], ]; /** * The secret key for HMAC verification of Shellbox requests. Set this to * a long random string. * * @since 1.36 */ public const ShellboxSecretKey = [ 'default' => null, 'type' => '?string', ]; /** * The POSIX-compatible shell to use when running scripts. This is used by * some media handling shell commands. * * If ShellboxUrls is configured, this path should exist on the remote side. * On Windows this should be the full path to bash.exe, not git-bash.exe. * * @since 1.42 */ public const ShellboxShell = [ 'default' => '/bin/sh', 'type' => '?string', ]; // endregion -- end Shell and process control /***************************************************************************/ // region HTTP client /** @name HTTP client */ /** * Timeout for HTTP requests done internally, in seconds. * * @since 1.5 */ public const HTTPTimeout = [ 'default' => 25, 'type' => 'float', ]; /** * Timeout for connections done internally (in seconds). * * Only supported if cURL is installed, ignored otherwise. * * @since 1.22 */ public const HTTPConnectTimeout = [ 'default' => 5.0, 'type' => 'float', ]; /** * The maximum HTTP request timeout in seconds. If any specified or configured * request timeout is larger than this, then this value will be used instead. * Zero is interpreted as "no limit". * * @since 1.35 */ public const HTTPMaxTimeout = [ 'default' => 0, 'type' => 'float', ]; /** * The maximum HTTP connect timeout in seconds. If any specified or configured * connect timeout is larger than this, then this value will be used instead. * Zero is interpreted as "no limit". * * @since 1.35 */ public const HTTPMaxConnectTimeout = [ 'default' => 0, 'type' => 'float', ]; /** * Timeout for HTTP requests done internally for transwiki imports, in seconds. * * @since 1.29 */ public const HTTPImportTimeout = [ 'default' => 25, ]; /** * Timeout for Asynchronous (background) HTTP requests, in seconds. */ public const AsyncHTTPTimeout = [ 'default' => 25, ]; /** * Proxy to use for CURL requests. */ public const HTTPProxy = [ 'default' => '', ]; /** * Local virtual hosts. * * This lists domains that are configured as virtual hosts on the same machine. * It is expected that each domain can be identified by its hostname alone, * without any ports. * * This affects the following: * - MWHttpRequest: If a request is to be made to a domain listed here, or any * subdomain thereof, then $wgLocalHTTPProxy will be used. * Command-line scripts are not affected by this setting and will always use * the proxy if it is configured. * * @since 1.25 */ public const LocalVirtualHosts = [ 'default' => [], 'type' => 'map', ]; /** * Reverse proxy to use for requests to domains in $wgLocalVirtualHosts * * When used, any port in the request URL will be dropped. The behavior of * redirects and cookies is dependent upon the reverse proxy actually in use, * as MediaWiki doesn't implement any special handling for them. * * If set to false, no reverse proxy will be used for local requests. * * @since 1.38 */ public const LocalHTTPProxy = [ 'default' => false, 'type' => 'string|false', ]; /** * Whether to respect/honour * - request ID provided by the incoming request via the `X-Request-Id` * - trace context provided by the incoming request via the `tracestate` and `traceparent` * * Set to `true` if the entity sitting in front of MediaWiki sanitises external requests. * * Default: `false`. */ public const AllowExternalReqID = [ 'default' => false, ]; // endregion -- End HTTP client /***************************************************************************/ // region Job queue /** @name Job queue */ /** * Number of jobs to perform per request. May be less than one in which case jobs are * performed probabilistically. If this is zero, jobs will not be done during ordinary * apache requests. In this case, maintenance/runJobs.php should be run in loop every * few seconds via a service or cron job. If using a cron job, be sure to handle the * case where the script is already running (e.g. via `/usr/bin/flock -n `). * * If this is set to a non-zero number, then it is highly recommended that PHP run in * fastcgi mode (php_fpm). When using a standard Apache PHP handler (mod_php), it is * recommended that output_buffering and zlib.output_compression both be set to "Off", * allowing MediaWiki to install an unlimited size output buffer on the fly. Setting * output_buffering to an integer (e.g. 4096) or enabling zlib.output_compression can * cause user-visible slowness as background tasks execute during web requests. * * Regardless of the web server engine in use, be sure to configure a sufficient number * processes/threads in order to avoid exhaustion (which will cause user-visible slowness). */ public const JobRunRate = [ 'default' => 1, ]; /** * When $wgJobRunRate > 0, try to run jobs asynchronously, spawning a new process * to handle the job execution, instead of blocking the request until the job * execution finishes. * * @since 1.23 */ public const RunJobsAsync = [ 'default' => false, ]; /** * Number of rows to update per job */ public const UpdateRowsPerJob = [ 'default' => 300, ]; /** * Number of rows to update per query */ public const UpdateRowsPerQuery = [ 'default' => 100, ]; // endregion -- End job queue /***************************************************************************/ // region Miscellaneous /** @name Miscellaneous */ /** * Allow redirection to another page when a user logs in. * * To enable, set to a string like 'Main Page' */ public const RedirectOnLogin = [ 'default' => null, ]; /** * Global configuration variable for Virtual REST Services. * * Use the 'path' key to define automatically mounted services. The value for this * key is a map of path prefixes to service configuration. The latter is an array of: * - class : the fully qualified class name * - options : map of arguments to the class constructor * Such services will be available to handle queries under their path from the VRS * singleton, e.g. MediaWikiServices::getInstance()->getVirtualRESTServiceClient(); * * Auto-mounting example for Parsoid: * * $wgVirtualRestConfig['paths']['/parsoid/'] = [ * 'class' => ParsoidVirtualRESTService::class, * 'options' => [ * 'url' => 'http://localhost:8000', * 'prefix' => 'enwiki', * 'domain' => 'en.wikipedia.org' * ] * ]; * * Parameters for different services can also be declared inside the 'modules' value, * which is to be treated as an associative array. The parameters in 'global' will be * merged with service-specific ones. The result will then be passed to * VirtualRESTService::__construct() in the module. * * Example config for Parsoid: * * $wgVirtualRestConfig['modules']['parsoid'] = [ * 'url' => 'http://localhost:8000', * 'prefix' => 'enwiki', * 'domain' => 'en.wikipedia.org', * ]; * * @since 1.25 */ public const VirtualRestConfig = [ 'default' => [ 'paths' => [], 'modules' => [], 'global' => [ # Timeout in seconds 'timeout' => 360, # 'domain' is set to $wgCanonicalServer in Setup.php 'forwardCookies' => false, 'HTTPProxy' => null ] ], 'mergeStrategy' => 'array_plus_2d', 'type' => 'map', ]; /** * Mapping of event channels (or channel categories) to EventRelayer configuration. * * By setting up a PubSub system (like Kafka) and enabling a corresponding EventRelayer class * that uses it, MediaWiki can broadcast events to all subscribers. Certain features like WAN * cache purging and CDN cache purging will emit events to this system. Appropriate listeners * can subscribe to the channel and take actions based on the events. For example, a local daemon * can run on each CDN cache node and perform local purges based on the URL purge channel * events. * * Some extensions may want to use "channel categories" so that different channels can also * share the same custom relayer instance (e.g. when it's likely to be overridden). They can use * EventRelayerGroup::getRelayer() based on the category but call notify() on various different * actual channels. One reason for this would be that some systems have very different * performance vs durability needs, so one system (e.g. Kafka) may not be suitable for all * uses. * * The 'default' key is for all channels (or channel categories) without an explicit entry * here. * * @since 1.27 */ public const EventRelayerConfig = [ 'default' => [ 'default' => [ 'class' => EventRelayerNull::class, ], ], 'type' => 'map', ]; /** * Share data about this installation with MediaWiki developers * * When set to true, MediaWiki will periodically ping https://www.mediawiki.org/ with basic * data about this MediaWiki instance. This data includes, for example, the type of system, * PHP version, and chosen database backend. The Wikimedia Foundation shares this data with * MediaWiki developers to help guide future development efforts. * * For details about what data is sent, see: https://www.mediawiki.org/wiki/Manual:$wgPingback * * For the pingback privacy policy, see: * https://wikimediafoundation.org/wiki/MediaWiki_Pingback_Privacy_Statement * * Aggregate pingback data is available at: https://pingback.wmflabs.org/ * * @since 1.28 */ public const Pingback = [ 'default' => false, 'type' => 'boolean', ]; /** * Origin Trials tokens. * * @since 1.33 */ public const OriginTrials = [ 'default' => [], 'type' => 'list', ]; /** * Expiry of the endpoint definition for the Reporting API. * * @unstable EXPERIMENTAL * @since 1.34 */ public const ReportToExpiry = [ 'default' => 86400, 'type' => 'integer', ]; /** * List of endpoints for the Reporting API. * * @unstable EXPERIMENTAL * @since 1.34 */ public const ReportToEndpoints = [ 'default' => [], 'type' => 'list', ]; /** * List of Feature Policy Reporting types to enable. * * Each entry is turned into a Feature-Policy-Report-Only header. * * @unstable EXPERIMENTAL * @since 1.34 */ public const FeaturePolicyReportOnly = [ 'default' => [], 'type' => 'list', ]; /** * List of preferred skins to be listed higher in Special:Preferences * * @since 1.38 */ public const SkinsPreferred = [ 'default' => [ 'vector-2022', 'vector' ], 'type' => 'list', ]; /** * List of skins that show a link to the Special:Contribute page * * @since 1.40 */ public const SpecialContributeSkinsEnabled = [ 'default' => [], 'type' => 'list', ]; /** * Whether to enable the client-side edit recovery feature. * * @unstable Temporary feature flag, T341844 * @since 1.41 */ public const EnableEditRecovery = [ 'default' => false, 'type' => 'boolean', ]; /** * Number of seconds to keep edit recovery data after the edit is stored. */ public const EditRecoveryExpiry = [ 'default' => 30 * 24 * 3600, 'type' => 'integer', ]; /** * Whether to use Codex in Special:Block form. * * @unstable Temporary feature flag, T358153 * @since 1.42 */ public const UseCodexSpecialBlock = [ 'default' => false, 'type' => 'boolean', ]; /** * Whether to display a confirmation screen during user log out. * * @unstable Temporary feature flag, T357484 * @since 1.42 */ public const ShowLogoutConfirmation = [ 'default' => false, 'type' => 'boolean', ]; /** * Whether to show indicators on a page when it is protected. * * @since 1.43 */ public const EnableProtectionIndicators = [ 'default' => false, 'type' => 'boolean', ]; /** * OutputPipelineStages to add to the DefaultOutputPipeline. * * @unstable EXPERIMENTAL * @since 1.43 */ public const OutputPipelineStages = [ 'default' => [], 'type' => 'map', ]; // endregion -- End Miscellaneous }