Index: skins/MySkin.deps.php
===================================================================
--- skins/MySkin.deps.php	(.../REL1_8_3/phase3)	(revision 20016)
+++ skins/MySkin.deps.php	(.../REL1_8_4/phase3)	(revision 20016)
@@ -5,6 +5,9 @@
 // changed on a subsequent page view.
 // see http://mail.wikipedia.org/pipermail/wikitech-l/2006-January/033660.html
 
+if ( ! defined( 'MEDIAWIKI' ) )
+	die( 1 );
+
 require_once('includes/SkinTemplate.php');
 require_once('MonoBook.php');
-?>
\ No newline at end of file
+?>
Index: skins/Chick.deps.php
===================================================================
--- skins/Chick.deps.php	(.../REL1_8_3/phase3)	(revision 20016)
+++ skins/Chick.deps.php	(.../REL1_8_4/phase3)	(revision 20016)
@@ -5,6 +5,9 @@
 // changed on a subsequent page view.
 // see http://mail.wikipedia.org/pipermail/wikitech-l/2006-January/033660.html
 
+if ( ! defined( 'MEDIAWIKI' ) )
+	die( 1 );
+
 require_once('includes/SkinTemplate.php');
 require_once('MonoBook.php');
-?>
\ No newline at end of file
+?>
Index: skins/MonoBook.deps.php
===================================================================
--- skins/MonoBook.deps.php	(.../REL1_8_3/phase3)	(revision 20016)
+++ skins/MonoBook.deps.php	(.../REL1_8_4/phase3)	(revision 20016)
@@ -5,5 +5,8 @@
 // changed on a subsequent page view.
 // see http://mail.wikipedia.org/pipermail/wikitech-l/2006-January/033660.html
 
+if ( ! defined( 'MEDIAWIKI' ) )
+	die( 1 );
+
 require_once('includes/SkinTemplate.php');
-?>
\ No newline at end of file
+?>
Index: skins/Simple.deps.php
===================================================================
--- skins/Simple.deps.php	(.../REL1_8_3/phase3)	(revision 20016)
+++ skins/Simple.deps.php	(.../REL1_8_4/phase3)	(revision 20016)
@@ -5,6 +5,9 @@
 // changed on a subsequent page view.
 // see http://mail.wikipedia.org/pipermail/wikitech-l/2006-January/033660.html
 
+if ( ! defined( 'MEDIAWIKI' ) )
+	die( 1 );
+
 require_once('includes/SkinTemplate.php');
 require_once('MonoBook.php');
-?>
\ No newline at end of file
+?>
Index: includes/GlobalFunctions.php
===================================================================
--- includes/GlobalFunctions.php	(.../REL1_8_3/phase3)	(revision 20016)
+++ includes/GlobalFunctions.php	(.../REL1_8_4/phase3)	(revision 20016)
@@ -1062,7 +1062,7 @@
 	header( "Status: $code $label" );
 	$wgOut->sendCacheControl();
 
-	header( 'Content-type: text/html' );
+	header( 'Content-type: text/html; charset=utf-8' );
 	print "<html><head><title>" .
 		htmlspecialchars( $label ) .
 		"</title></head><body><h1>" .
Index: includes/AjaxDispatcher.php
===================================================================
--- includes/AjaxDispatcher.php	(.../REL1_8_3/phase3)	(revision 20016)
+++ includes/AjaxDispatcher.php	(.../REL1_8_4/phase3)	(revision 20016)
@@ -54,15 +54,15 @@
 		wfProfileIn( 'AjaxDispatcher::performAction' );
 
 		if (! in_array( $this->func_name, $wgAjaxExportList ) ) {
-			header( 'Status: 400 Bad Request', true, 400 );
-			print "unknown function " . htmlspecialchars( (string) $this->func_name );
+			wfHttpError( 400, 'Bad Request',
+				"unknown function " . (string) $this->func_name );
 		} else {
 			try {
 				$result = call_user_func_array($this->func_name, $this->args);
 				
 				if ( $result === false || $result === NULL ) {
-					header( 'Status: 500 Internal Error', true, 500 );
-					echo "{$this->func_name} returned no data";
+					wfHttpError( 500, 'Internal Error',
+						"{$this->func_name} returned no data" );
 				}
 				else {
 					if ( is_string( $result ) ) {
@@ -75,8 +75,8 @@
 				
 			} catch (Exception $e) {
 				if (!headers_sent()) {
-					header( 'Status: 500 Internal Error', true, 500 );
-					print $e->getMessage();
+					wfHttpError( 500, 'Internal Error',
+						$e->getMessage() );
 				} else {
 					print $e->getMessage();
 				}
Index: includes/EditPage.php
===================================================================
--- includes/EditPage.php	(.../REL1_8_3/phase3)	(revision 20016)
+++ includes/EditPage.php	(.../REL1_8_4/phase3)	(revision 20016)
@@ -1701,7 +1701,7 @@
 	function livePreview() {
 		global $wgOut;
 		$wgOut->disable();
-		header( 'Content-type: text/xml' );
+		header( 'Content-type: text/xml; charset=utf-8' );
 		header( 'Cache-control: no-cache' );
 		# FIXME
 		echo $this->getPreviewText( );
Index: includes/OutputPage.php
===================================================================
--- includes/OutputPage.php	(.../REL1_8_3/phase3)	(revision 20016)
+++ includes/OutputPage.php	(.../REL1_8_4/phase3)	(revision 20016)
@@ -513,6 +513,7 @@
 
 			$this->sendCacheControl();
 
+			$wgRequest->response()->header("Content-Type: text/html; charset=utf-8");
 			if( $wgDebugRedirects ) {
 				$url = htmlspecialchars( $this->mRedirect );
 				print "<html>\n<head>\n<title>Redirect</title>\n</head>\n<body>\n";
Index: includes/StreamFile.php
===================================================================
--- includes/StreamFile.php	(.../REL1_8_3/phase3)	(revision 20016)
+++ includes/StreamFile.php	(.../REL1_8_4/phase3)	(revision 20016)
@@ -6,6 +6,7 @@
 	$stat = @stat( $fname );
 	if ( !$stat ) {
 		header( 'HTTP/1.0 404 Not Found' );
+		header( 'Content-Type: text/html; charset=utf-8' );
 		$encFile = htmlspecialchars( $fname );
 		$encScript = htmlspecialchars( $_SERVER['SCRIPT_NAME'] );
 		echo "<html><body>
Index: includes/DefaultSettings.php
===================================================================
--- includes/DefaultSettings.php	(.../REL1_8_3/phase3)	(revision 20016)
+++ includes/DefaultSettings.php	(.../REL1_8_4/phase3)	(revision 20016)
@@ -32,7 +32,7 @@
 $wgConf = new SiteConfiguration;
 
 /** MediaWiki version number */
-$wgVersion			= '1.8.3';
+$wgVersion			= '1.8.4';
 
 /** Name of the site. It must be changed in LocalSettings.php */
 $wgSitename         = 'MediaWiki';
Index: includes/Metadata.php
===================================================================
--- includes/Metadata.php	(.../REL1_8_3/phase3)	(revision 20016)
+++ includes/Metadata.php	(.../REL1_8_4/phase3)	(revision 20016)
@@ -80,7 +80,7 @@
 		return false;
 	} else {
 		$wgOut->disable();
-		header( "Content-type: {$rdftype}" );
+		header( "Content-type: {$rdftype}; charset=utf-8" );
 		$wgOut->sendCacheControl();
 		return true;
 	}
Index: trackback.php
===================================================================
--- trackback.php	(.../REL1_8_3/phase3)	(revision 20016)
+++ trackback.php	(.../REL1_8_4/phase3)	(revision 20016)
@@ -12,6 +12,7 @@
  *
  */
 function XMLsuccess() {
+	header("Content-Type: application/xml; charset=utf-8");
 	echo "
 <?xml version=\"1.0\" encoding=\"utf-8\"?>
 <response>
@@ -23,6 +24,7 @@
 
 function XMLerror($err = "Invalid request.") {
 	header("HTTP/1.0 400 Bad Request");
+	header("Content-Type: application/xml; charset=utf-8");
 	echo "
 <?xml version=\"1.0\" encoding=\"utf-8\"?>
 <response>
Index: img_auth.php
===================================================================
--- img_auth.php	(.../REL1_8_3/phase3)	(revision 20016)
+++ img_auth.php	(.../REL1_8_4/phase3)	(revision 20016)
@@ -42,6 +42,7 @@
 
 function wfForbidden() {
 	header( 'HTTP/1.0 403 Forbidden' );
+	header( 'Content-Type: text/html; charset=utf-8' );
 	print
 "<html><body>
 <h1>Access denied</h1>
Index: thumb.php
===================================================================
--- thumb.php	(.../REL1_8_3/phase3)	(revision 20016)
+++ thumb.php	(.../REL1_8_4/phase3)	(revision 20016)
@@ -73,6 +73,7 @@
 } else {
 	$badtitle = wfMsg( 'badtitle' );
 	$badtitletext = wfMsg( 'badtitletext' );
+	header( 'Content-Type: text/html; charset=utf-8' );
 	echo "<html><head>
 	<title>$badtitle</title>
 	<body>
Index: RELEASE-NOTES
===================================================================
--- RELEASE-NOTES	(.../REL1_8_3/phase3)	(revision 20016)
+++ RELEASE-NOTES	(.../REL1_8_4/phase3)	(revision 20016)
@@ -3,6 +3,40 @@
 Security reminder: MediaWiki does not require PHP's register_globals
 setting since version 1.2.0. If you have it on, turn it *off* if you can.
 
+== MediaWiki 1.8.4 ==
+
+February 20, 2007
+
+This is a security and bug-fix update to the Fall 2006 quarterly release.
+
+An XSS injection vulnerability based on Microsoft Internet Explorer's UTF-7
+charset autodetection was located in the AJAX support module, affecting MSIE
+users on MediaWiki 1.6.x and up when the optional setting $wgUseAjax is
+enabled.
+
+If you are using an extension based on the optional Ajax module,
+either disable it or upgrade to a version containing the fix:
+
+* 1.9: fixed in 1.9.3
+* 1.8: fixed in 1.8.4
+* 1.7: fixed in 1.7.3
+* 1.6: fixed in 1.6.10
+
+There is no known danger in the default configuration, with $wgUseAjax off.
+
+* (bug 8819) Fix full path disclosure with skins dependencies
+* Add 'charset' to Content-Type headers on various HTTP error responses
+  to forestall additional UTF-7-autodetect XSS issues. PHP sends only
+  'text/html' by default when the script didn't specify more details,
+  which some inconsiderate browsers consider a license to autodetect
+  the deadly, hard-to-escape UTF-7.
+    This fixes an issue with the Ajax interface error message on MSIE when
+  $wgUseAjax is enabled (not default configuration); this UTF-7 variant
+  on a previously fixed attack vector was discovered by Moshe BA from BugSec:
+  http://www.bugsec.com/articles.php?Security=24
+* Trackback responses now specify XML content type
+
+
 == MediaWiki 1.8.3 ==
 
 January 9, 2007