Index: maintenance/archives/patch-objectcache.sql
===================================================================
--- maintenance/archives/patch-objectcache.sql	(.../REL1_11_0/phase3)	(revision 30098)
+++ maintenance/archives/patch-objectcache.sql	(.../REL1_11_1/phase3)	(revision 30098)
@@ -1,9 +1,9 @@
 -- For a few generic cache operations if not using Memcached
 CREATE TABLE /*$wgDBprefix*/objectcache (
-  keyname varbinary(255) binary not null default '',
+  keyname varbinary(255) NOT NULL default '',
   value mediumblob,
   exptime datetime,
-  unique key (keyname),
-  key (exptime)
+  UNIQUE KEY (keyname),
+  KEY (exptime)
 
 ) /*$wgDBTableOptions*/;
Index: includes/LinkBatch.php
===================================================================
--- includes/LinkBatch.php	(.../REL1_11_0/phase3)	(revision 30098)
+++ includes/LinkBatch.php	(.../REL1_11_1/phase3)	(revision 30098)
@@ -158,9 +158,9 @@
 			}
 			
 			if (count($dbkeys)==1) { // avoid multiple-reference syntax if simple equality can be used
-				
+				$singleKey = array_keys($dbkeys);
 				$sql .= "({$prefix}_namespace=$ns AND {$prefix}_title=".
-					$db->addQuotes(current(array_keys($dbkeys))).
+					$db->addQuotes($singleKey[0]).
 					")";
 			} else {
 				$sql .= "({$prefix}_namespace=$ns AND {$prefix}_title IN (";
Index: includes/AutoLoader.php
===================================================================
--- includes/AutoLoader.php	(.../REL1_11_0/phase3)	(revision 30098)
+++ includes/AutoLoader.php	(.../REL1_11_1/phase3)	(revision 30098)
@@ -96,7 +96,6 @@
 		'HTMLCacheUpdate' => 'includes/HTMLCacheUpdate.php',
 		'Http' => 'includes/HttpFunctions.php',
 		'IP' => 'includes/IP.php',
-		'ThumbnailImage' => 'includes/Image.php',
 		'ImageGallery' => 'includes/ImageGallery.php',
 		'ImagePage' => 'includes/ImagePage.php',
 		'ImageHistoryList' => 'includes/ImagePage.php',
Index: includes/DefaultSettings.php
===================================================================
--- includes/DefaultSettings.php	(.../REL1_11_0/phase3)	(revision 30098)
+++ includes/DefaultSettings.php	(.../REL1_11_1/phase3)	(revision 30098)
@@ -31,7 +31,7 @@
 $wgConf = new SiteConfiguration;
 
 /** MediaWiki version number */
-$wgVersion			= '1.11.0';
+$wgVersion			= '1.11.1';
 
 /** Name of the site. It must be changed in LocalSettings.php */
 $wgSitename         = 'MediaWiki';
Index: INSTALL
===================================================================
--- INSTALL	(.../REL1_11_0/phase3)	(revision 30098)
+++ INSTALL	(.../REL1_11_1/phase3)	(revision 30098)
@@ -27,7 +27,7 @@
 detailed notes on particular operating systems and workarounds for
 difficult hosting environments:
 
-http://meta.wikimedia.org/wiki/Help:Installation
+http://www.mediawiki.org/wiki/Manual:Installation
 
 
 ********************** WARNING **************************
@@ -52,7 +52,7 @@
   |  *different* directory from the virtual path where page   |
   |  names will appear.                                       |
   |                                                           |
-  |    See: http://meta.wikimedia.org/wiki/Rewrite_rules      |
+  |    See: http://www.mediawiki.org/wiki/Manual:Short_URL    |
   +-----------------------------------------------------------+
 
 To run the install script, you'll need to temporarily make
Index: README
===================================================================
--- README	(.../REL1_11_0/phase3)	(revision 30098)
+++ README	(.../REL1_11_1/phase3)	(revision 30098)
@@ -1,4 +1,4 @@
-2006-04-05
+2007-09-15
 
 For system requirements, installation and upgrade details, see the files RELEASE-NOTES, 
 INSTALL, and UPGRADE.
@@ -61,7 +61,7 @@
 
 Many thanks to the Wikimedia regulars for testing and suggestions.
 
-The official website for mediawiki is located at:
+The official website for MediaWiki is located at:
 
   http://www.mediawiki.org/
 
@@ -81,23 +81,23 @@
 
 Extensions are listed at:
 
-  http://meta.wikimedia.org/wiki/Category:MediaWiki_extensions
+  http://www.mediawiki.org/wiki/Category:Extensions
 
 If you are setting up your own wiki based on this software, it is highly
 recommended that you subscribe to mediawiki-announce:
 
-  http://mail.wikimedia.org/mailman/listinfo/mediawiki-announce
+  http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
 
 The mailing list is very low volume, and is intended primarily for
 announcements of new versions, bug fixes, and security issues.
 
 A higher volume support mailing list can be found at:
 
-  http://mail.wikimedia.org/mailman/listinfo/mediawiki-l
+  http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
 
 Developer discussion takes place at:
 
-  http://mail.wikimedia.org/mailman/listinfo/wikitech-l
+  http://lists.wikimedia.org/mailman/listinfo/wikitech-l
 
 There is also a development and support channel #mediawiki on
-irc.freenode.net, and an unoffical support forum at www.mwusers.com.
+irc.freenode.net, and an unoffical support forum at www.mwusers.com.
\ No newline at end of file
Index: api.php
===================================================================
--- api.php	(.../REL1_11_0/phase3)	(revision 30098)
+++ api.php	(.../REL1_11_1/phase3)	(revision 30098)
@@ -37,6 +37,29 @@
 
 wfProfileIn('api.php');
 
+// URL safety checks
+//
+// See RawPage.php for details; summary is that MSIE can override the
+// Content-Type if it sees a recognized extension on the URL, such as
+// might be appended via PATH_INFO after 'api.php'.
+//
+// Some data formats can end up containing unfiltered user-provided data
+// which will end up triggering HTML detection and execution, hence
+// XSS injection and all that entails.
+//
+// Ensure that all access is through the canonical entry point...
+//
+if( isset( $_SERVER['SCRIPT_URL'] ) ) {
+	$url = $_SERVER['SCRIPT_URL'];
+} else {
+	$url = $_SERVER['PHP_SELF'];
+}
+if( strcmp( "$wgScriptPath/api$wgScriptExtension", $url ) ) {
+	wfHttpError( 403, 'Forbidden',
+		'API must be accessed through the primary script entry point.' );
+	return;
+}
+
 // Verify that the API has not been disabled
 if (!$wgEnableAPI) {
 	echo 'MediaWiki API is not enabled for this site. Add the following line to your LocalSettings.php';
Index: config/index.php
===================================================================
--- config/index.php	(.../REL1_11_0/phase3)	(revision 30098)
+++ config/index.php	(.../REL1_11_1/phase3)	(revision 30098)
@@ -271,7 +271,7 @@
 <ul>
 	<li>
 		<b>Don't forget security updates!</b> Keep an eye on the
-		<a href="http://mail.wikimedia.org/mailman/listinfo/mediawiki-announce">low-traffic
+		<a href="http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce">low-traffic
 		release announcements mailing list</a>.
 	</li>
 </ul>
Index: languages/messages/MessagesEn.php
===================================================================
--- languages/messages/MessagesEn.php	(.../REL1_11_0/phase3)	(revision 30098)
+++ languages/messages/MessagesEn.php	(.../REL1_11_1/phase3)	(revision 30098)
@@ -347,7 +347,7 @@
  * listed alias will be used as the default. Aliases from the fallback
  * localisation (usually English) will be included by default.
  *
- * This array may be altered at runtime using the LangugeGetSpecialPageAliases
+ * This array may be altered at runtime using the LanguageGetSpecialPageAliases
  * hook.
  */
 $specialPageAliases = array(
Index: languages/messages/MessagesHy.php
===================================================================
--- languages/messages/MessagesHy.php	(.../REL1_11_0/phase3)	(revision 30098)
+++ languages/messages/MessagesHy.php	(.../REL1_11_1/phase3)	(revision 30098)
@@ -264,7 +264,7 @@
  * listed alias will be used as the default. Aliases from the fallback 
  * localisation (usually English) will be included by default. 
  * 
- * This array may be altered at runtime using the LangugeGetSpecialPageAliases 
+ * This array may be altered at runtime using the LanguageGetSpecialPageAliases 
  * hook. 
  */
 $specialPageAliases = array(
Index: languages/messages/MessagesNl.php
===================================================================
--- languages/messages/MessagesNl.php	(.../REL1_11_0/phase3)	(revision 30098)
+++ languages/messages/MessagesNl.php	(.../REL1_11_1/phase3)	(revision 30098)
@@ -213,7 +213,7 @@
  * listed alias will be used as the default. Aliases from the fallback
  * localisation (usually English) will be included by default.
  *
- * This array may be altered at runtime using the LangugeGetSpecialPageAliases
+ * This array may be altered at runtime using the LanguageGetSpecialPageAliases
  * hook.
  */
 $specialPageAliases = array(
Index: languages/messages/MessagesDa.php
===================================================================
--- languages/messages/MessagesDa.php	(.../REL1_11_0/phase3)	(revision 30098)
+++ languages/messages/MessagesDa.php	(.../REL1_11_1/phase3)	(revision 30098)
@@ -55,7 +55,7 @@
  * listed alias will be used as the default. Aliases from the fallback 
  * localisation (usually English) will be included by default. 
  * 
- * This array may be altered at runtime using the LangugeGetSpecialPageAliases 
+ * This array may be altered at runtime using the LanguageGetSpecialPageAliases 
  * hook.
  */
 $specialPageAliases = array(
Index: languages/messages/MessagesDe.php
===================================================================
--- languages/messages/MessagesDe.php	(.../REL1_11_0/phase3)	(revision 30098)
+++ languages/messages/MessagesDe.php	(.../REL1_11_1/phase3)	(revision 30098)
@@ -57,7 +57,7 @@
  * listed alias will be used as the default. Aliases from the fallback 
  * localisation (usually English) will be included by default. 
  * 
- * This array may be altered at runtime using the LangugeGetSpecialPageAliases 
+ * This array may be altered at runtime using the LanguageGetSpecialPageAliases 
  * hook.
  */
 $specialPageAliases = array(
Index: languages/messages/MessagesSv.php
===================================================================
--- languages/messages/MessagesSv.php	(.../REL1_11_0/phase3)	(revision 30098)
+++ languages/messages/MessagesSv.php	(.../REL1_11_1/phase3)	(revision 30098)
@@ -42,7 +42,7 @@
  * listed alias will be used as the default. Aliases from the fallback
  * localisation (usually English) will be included by default.
  *
- * This array may be altered at runtime using the LangugeGetSpecialPageAliases
+ * This array may be altered at runtime using the LanguageGetSpecialPageAliases
  * hook.
  */
 $specialPageAliases = array(
Index: languages/Language.php
===================================================================
--- languages/Language.php	(.../REL1_11_0/phase3)	(revision 30098)
+++ languages/Language.php	(.../REL1_11_1/phase3)	(revision 30098)
@@ -1179,7 +1179,7 @@
 		$this->load();
 		if ( !isset( $this->mExtendedSpecialPageAliases ) ) {
 			$this->mExtendedSpecialPageAliases = $this->specialPageAliases;
-			wfRunHooks( 'LangugeGetSpecialPageAliases', 
+			wfRunHooks( 'LanguageGetSpecialPageAliases', 
 				array( &$this->mExtendedSpecialPageAliases, $this->getCode() ) );
 		}
 		return $this->mExtendedSpecialPageAliases;
Index: RELEASE-NOTES
===================================================================
--- RELEASE-NOTES	(.../REL1_11_0/phase3)	(revision 30098)
+++ RELEASE-NOTES	(.../REL1_11_1/phase3)	(revision 30098)
@@ -3,6 +3,45 @@
 Security reminder: MediaWiki does not require PHP's register_globals
 setting since version 1.2.0. If you have it on, turn it *off* if you can.
 
+== MediaWiki 1.11.1 ==
+
+January 23, 2008
+
+This is a security and bugfix release of the Fall 2007 snapshot release of
+MediaWiki. A potential XSS injection vector affecting api.php only for
+Microsoft Internet Explorer users has been closed.
+
+Changes in this release:
+
+* (bug 11450) Fix creation of objectcache table on upgrade
+* (bug 11462) Fix typo in LanguageGetSpecialPageAliases hook name
+* Fix regression in LinkBatch.php breaking PHP 5.0
+* Security fix for API on MSIE
+
+
+To work around the vulnerability without upgrading, you may disable the
+API if you don't need it:
+
+  $wgEnableAPI = false;
+
+Not vulnerable versions:
+* 1.12 or later
+* 1.11 >= 1.11.1
+* 1.10 >= 1.10.3
+* 1.9 >= 1.9.5
+* 1.8 any version (if $wgEnableAPI has been left off)
+
+Vulnerable versions:
+* 1.11 <= 1.11.0rc1
+* 1.10 <= 1.10.2
+* 1.9 <= 1.9.4
+* 1.8 any version (if $wgEnableAPI has been switched on)
+
+MediaWiki 1.7 and below are not affected as they do not include
+the API functionality, however the BotQuery extension is similarly
+vulnerable unless updated to the latest SVN version.
+
+
 == MediaWiki 1.11.0 ==
 
 September 10, 2007
@@ -532,6 +571,7 @@
 * (bug 10890) Timestamp support for categorymembers query
 * (bug 10980) Add exclude redirects on backlinks
 * IPv6 titles in User namespace are normalized (run cleanupTitles.php to fix any old stray pages)
+* Sysops now have the same limits on the number of items they can request in a query as bots.
 
 == Maintenance script changes since 1.10 ==
 
@@ -643,6 +683,10 @@
 If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
 new database fields are filled with data.
 
+If upgrading from before 1.11, and you are using a wiki as a commons repository, 
+make sure that it is updated as well. Otherwise, errors may arise due to 
+database schema changes.
+
 If you are upgrading from MediaWiki 1.4.x or earlier, some major database
 changes are made, and there is a slightly higher chance that things could
 break. Don't forget to always back up your database before upgrading!
Index: FAQ
===================================================================
--- FAQ	(.../REL1_11_0/phase3)	(revision 30098)
+++ FAQ	(.../REL1_11_1/phase3)	(revision 30098)
@@ -2,4 +2,4 @@
 http://meta.wikimedia.org/wiki/MediaWiki_FAQ.
 
 A newer version is available at
-http://www.mediawiki.org/wiki/Help:FAQ.
+http://www.mediawiki.org/wiki/Manual:FAQ.