1Change notes from older releases. For current info, see RELEASE-NOTES-1.35. 2 3= MediaWiki 1.34 = 4 5== MediaWiki 1.34.2 == 6 7This is a security and maintenance release of the MediaWiki 1.34 branch. 8 9=== Changes since MediaWiki 1.34.1 === 10* (T247017) PasswordReset performance improvements. 11* The MultiHttpClient code will fallover to non-curl if curl_multi* is blocked. 12* (T250568) Work around change in SimpleXMLElement behavior introduced in PHP 13 7.3.17. 14* (T251789) Let $wgResourceLoaderMaxQueryLength=-1 fallback to default. 15* Remove some rotten and out of date documentation. 16* (T252311) Improvements to some older SQLite update patches. 17* (T240307) Minor fixes to extension.schema.v2.json and 18 extension.schema.v1.json. 19* (T238043) cleanupUsersWithNoId.php: Handle missing fields. 20* (T199474) Set rc_patrolled to 2 for autopatrolled changes in 21 rebuildrecentchanges.php. 22* (T229461) Update the change_tag table in rebuildrecentchanges.php. 23* (T249730) Password Reset Updates. 24* (T234450) Per-user concurrency in SpecialContributions can now be limited by 25 setting $wgPoolCounterConf['SpecialContributions'] appropriately. 26* (T248947) SECURITY: img_auth.php may leak private extension images into the 27 public cache. 28 29== MediaWiki 1.34.1 == 30 31This is a security and maintenance release of the MediaWiki 1.34 branch. 32 33=== Changes since MediaWiki 1.34.0 === 34* (T211450) User: better error message when getActorId fails. 35* (T241340) Don't redefine MW_ENTRY_POINT in thumb.php if already defined. 36* (T236444) User: Allow newSystemUser() to create over anonymous actors. 37* (T238483) Fix NewPagesPager "hide registered users" option. 38* (T245072) mediawiki.language: Rename languageData back to languageNames. 39* Use proper SemVer comparison in CheckComposerLockUpToDate. 40* (T212738) Add the MW_VERSION constant, global $wgVersion is soft deprecated. 41* (T246127) Fix error when initialising updateCollation.php. 42* Update comment about PHP versions supported by The PHP Group. 43* (T247215) Fix output of RecountCategories::doWork(). 44* Add check for page existence to view.php maintenance script. 45* (T245149) Fix fetching login token from action=query&meta=tokens on private 46 wikis. 47* (T236509) SECURITY: Fix HTML escaping in UserGroupMembership::getLink(). 48* (T232932) SECURITY: User content can redirect the logout button to different 49 URL. 50* (T246602) SECURITY: jquery.makeCollapsible allows applying event handler to 51 any CSS selector. 52 53== MediaWiki 1.34.0 == 54 55=== Changes since MediaWiki 1.34.0-rc.1 === 56* $wgDiffEngine (T237049) – This configuration can be used to specify which 57 difference engine to use. MediaWiki continues to default to automatically 58 choosing the first of $wgExternalDiffEngine, wikidiff2, or php that is 59 usable. 60* (T231866) SqlBlobStore no longer needs Language object. 61* (T236735) WikiExporter: Remove unnecessary check for SCHEMA_COMPAT_WRITE_OLD 62 flag. 63* (T231673) Set MCR migration stage to SCHEMA_COMPAT_NEW. 64* (T229601) Make sure DBLoadBalancerFactory service is not disabled. 65* (T232866) Fix support for HTTP/2 in MultiHttpClient. 66* (T231866) LocalisationCache: Don't instantiate ResourceLoader. 67* (T227461) Stop calling deprecated Redis delete functions. 68* (T239561) Mark options as requiring parameters in addSite.php. 69* (T232866) Mimic CURLOPT_POST in GuzzleHttpRequest. 70* (T239734) Replace deprecated lSize with lLen in Redis code. 71* (T192134) SECURITY: Do not allow user scripts on Special:PasswordReset. 72* (T239428) ApiEditPage: Test for bad redirect targets. 73* (T233342) rdbms: Log debug message traces as 'exception.trace' instead of 74 'trace'. 75* (T226751) media: Log and fail gracefully on invalid EXIF coordinates. 76* (T240924) NewPagesPager: Fix namespace query conditions. 77* (T212067) Tests for an old PHP bug in parse_url. 78 79== MediaWiki 1.34.0-rc.1 == 80 81=== Changes since MediaWiki 1.34.0-rc.0 === 82* (T231742) rdbms: Restore debug toolbar "Queries" feature. 83* (T231366) The ProfilerOutputDb class, 'profiling' table, and profileinfo.php 84 entry point had been deprecated. 85* (T234361) localisation: Add debug message for backend of MessageCache. 86* (T234361) session: Add debug message for the used store class. 87* (T235559) Fix example Kask configuration in RESTBagOStuff class comment. 88* (T235137) Don't apply styling for Special:Contributions on other pages. 89* Upgrade mediawiki-codesniffer from 26.0.0 to 28.0.0 (dev-only). 90* (T219604) The "jquery.ui.*" and "jquery.effects.*" modules are now 91 deprecated as aliases for the "jquery.ui" module. 92* (T235392) Deprecate setting Parser::mTitle to null. 93* Supporting commits for T235392 were also backported to prevent divergence 94 from master (MediaWiki 1.35). 95* (T234581) The 'jquery.tabIndex' module is deprecated. 96* Fix docs for GetUserBlock hooks. 97* Parser: Hard deprecate getConverterLanguage. 98* (T236810) A number of public methods of Parser were exposed only for 99 historical reasons and have been deprecated: doMagicLinks, 100 doDoubleUnderscore, doHeadings, doAllQuotes, replaceExternalLinks, 101 replaceInternalLinks, replaceInternalLinks2, getVariableValue, 102 initialiseVariables, formatHeadings, testPst, testPreprocess, testSrvus, 103 areSubpagesAllowed, maybeDoSubpageLink, splitWhitespace, createAssocArgs, 104 armorLinks, makeKnownLinkHolder, getImageParams, parseLinkParameter, 105 stripAltText, replaceLinkHolders, replaceLinkHoldersText, armorLinks, 106 makeKnownLinkHolder, getImageParams, parseLinkParameter, stripAltText. 107* (T30798) $wgServer must now always be set in LocalSettings.php. This is most 108 likely the case already for any wiki installed after 1.18. The autodetection 109 system was informally deprecated since 1.18 and vulnerable to cache poisoning 110 attacks. Older wikis may need to update their LocalSettings.php file. 111* (T232169) Hard deprecate $wgSysopEmailBans. 112* (T236628) Fix for ArticleRevisionViewCustom hook in DifferenceEngine.php. 113* (T181658) Do not insert page titles into querycache.qc_value. 114* ParamValidator has been flagged as unstable. 115* Hard deprecate Parser::disableCache(). 116 117== MediaWiki 1.34.0-rc.0 == 118 119== Upgrading notes for 1.34 == 1201.34 has several database changes since 1.33, and will not work without schema 121updates. Note that due to changes to some very large tables like the revision 122table, the schema update may take quite long (minutes on a medium sized site, 123many hours on a large site). 124 125Don't forget to always back up your database before upgrading! 126 127See the file UPGRADE for more detailed upgrade instructions, including 128important information when upgrading from versions prior to 1.11. 129 130Some specific notes for MediaWiki 1.34 upgrades are below: 131 132* MediaWiki now requires PHP 7.2.9 or above. 133* MediaWiki no longer supports HHVM. 134 135For notes on 1.33.x and older releases, see HISTORY. 136 137=== Configuration changes for system administrators in 1.34 === 138 139In an effort to enforce best practices for passwords, MediaWiki will now warn 140users, and suggest that they change their password, if it is in the list of 141100,000 commonly used passwords that are considered bad passwords. If you want 142to disable this for your users, please add the following to your local settings: 143 144$wgPasswordPolicy['policies']['default']['PasswordNotInLargeBlacklist'] = false; 145 146==== New configuration ==== 147* $wgAllowExternalReqID (T201409) - This configuration setting controls whether 148 Mediawiki accepts the request ID set by the incoming request via the 149 `X-Request-Id` header. If set to `true`, that value will be used throughout 150 the code as the request identificator. Otherwise, the sent header will be 151 ignored and the request ID will either be taken from Apache's mod_unique 152 module or will be generated by Mediawiki itself (depending on the set-up). 153* $wgEnableSpecialMute (T218265) - This configuration controls whether 154 Special:Mute is available and whether to include a link to it on emails 155 originating from Special:Email. 156* editmyuserjsredirect user right – users without this right now cannot edit JS 157 redirects in their userspace unless the target of the redirect is also in 158 their userspace. By default, this right is given to everyone. 159* (T226733) Add rate limiter to Special:ConfirmEmail. 160* $wgDiffEngine (T237049) – This configuration can be used to specify which 161 difference engine to use. MediaWiki continues to default to automatically 162 choosing the first of $wgExternalDiffEngine, wikidiff2, or php that is 163 usable. 164 165==== Changed configuration ==== 166* $wgUseCdn, $wgCdnServers, $wgCdnServersNoPurge, and $wgCdnMaxAge – These four 167 CDN-related config variables have been renamed from being specific to Squid – 168 they were previously $wgUseSquid, $wgSquidServers, $wgSquidServersNoPurge, and 169 $wgSquidMaxage respectively. This aligns them with the related existing 170 variable $wgCdnMaxageLagged. The previous configuration variable names are 171 deprecated, but will be used as the fall back if they are still set. 172 Note that wgSquidPurgeUseHostHeader has not been renamed, as it is deprecated. 173* (T27707) File type checks for image uploads have been relaxed to allow files 174 containing some HTML markup in metadata. As a result, the $wgAllowTitlesInSVG 175 setting is no longer applied and is now always true. Note that MSIE 7 may 176 still be able to misinterpret certain malformed PNG files as HTML. 177* (T30798) $wgServer must now always be set in LocalSettings.php. This is most 178 likely the case already for any wiki installed after 1.18. The autodetection 179 system was informally deprecated since 1.18 and vulnerable to cache poisoning 180 attacks. Older wikis may need to update their LocalSettings.php file. 181* Introduced $wgVerifyMimeTypeIE to allow disabling the MSIE 6/7 file type 182 detection heuristic on upload, which is more conservative than the checks 183 that were changed above. 184* $wgExternalDiffEngine — Setting this to a string value of 'wikidiff', 185 'wikidiff2', or 'wikidiff3' will no longer work. This legacy behaviour was 186 deprecated in MediaWiki 1.27, 1.32, and 1.27, respectively. 187* $wgSkipSkin — Setting this instead of $wgSkipSkins, deprecated in 1.23, is now 188 hard-deprecated. 189* $wgLocalInterwiki — Setting this instead of $wgLocalInterwikis, deprecated in 190 1.23, is now hard-deprecated. 191* $wgProfileOnly — Setting this, deprecated in 1.23, is now hard-deprecated. 192 Instead, set the log file in $wgDebugLogGroups['profileoutput']. 193* $wgProxyList — Setting this to an array with IP addresses in the array keys, 194 which was deprecated in 1.30, no longer works. Instead, $wgProxyList should be 195 an array with IP addresses as the values, or a string path to a file 196 containing one IP address per line. 197* $wgCookieSetOnAutoblock and $wgCookieSetOnIpBlock are now enabled by default. 198 199==== Removed configuration ==== 200* $wgWikiDiff2MovedParagraphDetectionCutoff — If you still want a custom change 201 size threshold, please specify in php.ini, using the configuration variable 202 wikidiff2.moved_paragraph_detection_cutoff. 203* $wgUseESI - This experimental setting, deprecated in 1.33, is now removed. 204* $wgDebugPrintHttpHeaders - The default of including HTTP headers in the 205 debug log channel is no longer configurable. The debug log itself remains 206 configurable via $wgDebugLogFile. 207* $wgMsgCacheExpiry - The MessageCache uses 24 hours as the expiry for values 208 stored in WANObjectCache. This is no longer configurable. 209* $wgPasswordSalt – This setting, used for migrating exceptionally old, insecure 210 password setups and deprecated since 1.24, is now removed. 211* $wgDBOracleDRCP - If you must use persistent connections, set DBO_PERSISTENT 212 in the 'flags' field for servers in $wgDBServers (or $wgLBFactoryConf). 213* $wgMemCachedDebug - Set the cache "debug" field in $wgObjectCaches instead. 214* $wgActorTableSchemaMigrationStage has been removed. Extension code for 215 MediaWiki 1.31+ finding it unset should treat it as being SCHEMA_COMPAT_NEW. 216 217=== New user-facing features in 1.34 === 218* Special:Mute has been added as a quick way for users to block unwanted emails 219 from other users originating from Special:EmailUser. 220* (T207577) Special:NewSection has been created as a shortcut to creating a new 221 section on a page. When linked to, its subpage is used as the target 222 ([[Special:NewSection/Test]] redirects to creating a new section in "Test"). 223 Otherwise, it displays a basic interface to allow the end user to specify 224 the target manually. 225* (T220447) Special:Contributions/newbies has been removed for performance and 226 usefulness reasons. Use Special:RecentChanges?userExpLevel=newcomer instead. 227* Special:NewFiles/newbies has been removed for performance and usefulness 228 reasons. Use Special:RecentChanges?userExpLevel=newcomer&namespace=6 instead. 229 230=== New developer features in 1.34 === 231* The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification 232 of headers in private wikis. 233* Language::formatTimePeriod now supports the new 'avoidhours' option to output 234 strings like "5 days ago" instead of "5 days 13 hours ago". 235* (T220163) Added SpecialMuteModifyFormFields hook to allow extensions 236 to add fields to Special:Mute. 237* (T100896) Skin authors can define custom OOUI themes using OOUIThemePaths. 238 See <https://www.mediawiki.org/wiki/OOUI/Themes> for details. 239* (T229035) The GetUserBlock hook was added. Use this instead of 240 GetBlockedStatus. 241* ObjectFactory is available as a service. When used as a service, the object 242 specs can now specify needed DI services. 243* (T222388) Special pages can now be specified as an ObjectFactory spec, 244 allowing the construction of special pages that require services to be 245 injected in their constructor. 246* (T222388) API modules can now be specified as an ObjectFactory spec, 247 allowing the construction of modules that require services to be injected 248 in their constructor. 249* (T117736) The function signature of SpecialContributions::getForm::filters 250 has changed. It now expects definitions of additional filter fields as array 251 rather than string. 252 253=== External library changes in 1.34 === 254 255==== Changed external libraries ==== 256* Updated Mustache from 1.0.0 to v3.0.1. 257* Updated OOUI from v0.31.3 to v0.34.0. 258* Updated OOjs from v2.2.2 to v3.0.0. 259* Updated composer/semver from 1.4.2 to 1.5.0. 260* Updated composer/spdx-licenses from 1.4.0 to 1.5.1 (dev-only). 261* Updated mediawiki/codesniffer from 25.0.0 to 28.0.0 (dev-only). 262* Updated cssjanus/cssjanus from 1.2.1 to 1.3.0. 263* Updated wikimedia/at-ease from 1.2.0 to 2.0.0. 264* Updated wikimedia/remex-html from 2.0.1 to 2.1.0. 265* Updated monolog/monolog from 1.22.1 to 1.24.0 (dev-only). 266* Updated wikimedia/object-factory from 1.0.0 to 2.1.0. 267* Updated wikimedia/timestamp from 2.2.0 to 3.0.0. 268* Updated wikimedia/xmp-reader from 0.6.2 to 0.6.3. 269* Updated mediawiki/mediawiki-phan-config from 0.6.0 to 0.6.1 (dev-only). 270* Updated wikimedia/avro from 1.8.0 to 1.9.0 (dev-only). 271 272==== Removed external libraries ==== 273* The jquery.async module, deprecated in 1.33, was removed. 274 275=== Bug fixes in 1.34 === 276* (T222529) If a log entry or page revision is recorded in the database with an 277 empty username, attempting to display it will log an error and return a "no 278 username available" to the user instead of silently displaying nothing or 279 invalid links. 280 281=== Action API changes in 1.34 === 282* The 'recenteditcount' response property from action=query list=allusers, 283 deprecated in 1.25, has been removed. 284* (T60993) action=query list=filearchive, list=alldeletedrevisions and 285 prop=deletedrevisions no longer require the 'deletedhistory' user right. 286* In the response to queries that use 'prop=imageinfo', entries for 287 non-existing files (indicated by the 'filemissing' field) now omit the 288 following fields, since they are meaningless in this context: 289 'timestamp', 'userhidden', 'user', 'userid', 'anon', 'size', 'width', 290 'height', 'pagecount', 'duration', 'commenthidden', 'parsedcomment', 291 'comment', 'thumburl', 'thumbwidth', 'thumbheight', 'thumbmime', 292 'thumberror', 'url', 'sha1', 'metadata', 'extmetadata', 'commonmetadata', 293 'mime', 'mediadtype', 'bitdepth'. 294 Clients that process these fields should first check if 'filemissing' is 295 set. Fields that are supported even if the file is missing include: 296 'canonicaltitle', 'archivename' (deleted files only), 'descriptionurl', 297 'descriptionshorturl'. 298* The 'blockexpiry' result property in list=users and list=allusers will now be 299 returned in the same format used by the rest of the API: ISO 8601 for 300 expiring blocks, and "infinite" for non-expiring blocks. 301 302=== Action API internal changes in 1.34 === 303* The exception thrown in ApiModuleManager::getModule has been changed 304 from an MWException to an UnexpectedValueException, thrown by ObjectFactory. 305 ApiModuleManager::getModule now also throws InvalidArgumentExceptions when 306 ObjectFactory is presented with an invalid spec or incorrectly constructed 307 objects. 308* Added ApiQueryBlockInfoTrait. 309 310=== Languages updated in 1.34 === 311MediaWiki supports over 350 languages. Many localisations are updated regularly. 312Below only new and removed languages are listed, as well as changes to languages 313because of Phabricator reports. 314 315* (T152908) Added language support for N'Ko (nqo). 316 317=== Breaking changes in 1.34 === 318* The global functions wfSuppressWarnings and wfRestoreWarnings, deprecated in 319 1.26, have been removed. Use Wikimedia\AtEase\AtEase::suppressWarnings() and 320 Wikimedia\AtEase\AtEase::restoreWarnings() directly. 321* Preferences class, deprecated in 1.31, has been removed. 322* The following parts of code, deprecated in 1.32, were removed in favor of 323 built-in PHP functions: 324 * CryptRand class 325 * CryptRand service 326 * Functions of the MWCryptRand class: singleton(), wasStrong() and generate(). 327* Various Special Page PHP Classes were renamed (mostly casing changes): 328 * SpecialAncientpages => SpecialAncientPages 329 * SpecialConfirmemail => SpecialConfirmEmail 330 * SpecialDeadendpages => SpecialDeadendPages 331 * SpecialFewestrevisions => SpecialFewestRevisions 332 * SpecialListredirects => SpecialListRedirects 333 * SpecialLonelypages => SpecialLonelyPages 334 * SpecialLongpages => SpecialLongPages 335 * SpecialMIMEsearch => SpecialMIMESearch 336 * SpecialMostcategories => SpecialMostCategories 337 * SpecialMostinterwikis => SpecialMostInterwikis 338 * SpecialMostlinked => SpecialMostLinked 339 * SpecialMostlinkedcategories => SpecialMostLinkedCategories 340 * SpecialMostlinkedtemplates => SpecialMostLinkedTemplates 341 * SpecialMostrevisions => SpecialMostRevisions 342 * SpecialNewimages => SpecialNewFiles 343 * SpecialShortpages => SpecialShortPages 344 * SpecialUncategorizedcategories => SpecialUncategorizedCategories 345 * SpecialUncategorizedimages => SpecialUncategorizedImages 346 * SpecialUncategorizedpages => SpecialUncategorizedPages 347 * SpecialUncategorizedtemplates => SpecialUncategorizedTemplates 348 * SpecialUnusedcategories => SpecialUnusedCategories 349 * SpecialUnusedimages => SpecialUnusedImages 350 * SpecialUnusedtemplates => SpecialUnusedTemplates 351 * SpecialUnwatchedpages => SpecialUnwatchedPages 352 * SpecialWantedcategories => SpecialWantedCategories 353 * SpecialWantedtemplates => SpecialWantedTemplates 354 * SpecialWithoutinterwiki => SpecialWithoutInterwiki 355* Language::setCode, deprecated in 1.32, was removed. Use Language::factory to 356 create a new Language object with a different language code. 357* MWNamespace::clearCaches() has been removed. So has the $rebuild parameter 358 to MWNamespace::getCanonicalNamespaces(), which was deprecated since 1.31. 359 Instead, reset services, such as by calling $this->overrideMwServices() (if 360 your test extends MediaWikiTestCase). Services will generally not pick up 361 configuration changes from after they were created, so you must reset 362 services after any configuration change. Even if your code works now, it is 363 likely to break in future versions as more code is moved to services. 364* The ill-defined "DatabaseOraclePostInit" hook has been removed. 365* PreferencesFormLegacy and PreferencesForm classes, deprecated in 1.32, have 366 been removed. 367* ObjectFactory class, deprecated in 1.31, has been removed. 368* HWLDFWordAccumudlator class, deprecated in 1.28, has been removed. 369* XMPInfo, XMPReader and XMPValidate, deprecated in 1.32, have been removed. 370* The RedirectSpecialPage::execute method could sometimes return a Title object. 371 This behavior was removed, and the method now matches the parent signature 372 (SpecialPage::execute) which is to return HTML string or void. 373 To obtain the destination title, use RedirectSpecialPage::getRedirect. 374* The 'recenteditcount' response property from action API action=query 375 list=allusers, deprecated in 1.25, has been removed. 376* SearchEngine::userNamespaces(), SearchEngine::namespacesAsText(), 377 SearchEngine::create(), SearchEngine::getSearchTypes() and 378 SearchEngine::getNearMatch(), methods deprecated in 1.27, have been removed. 379* FileRepo::streamFile(), deprecated in 1.26, has been removed. 380* User::randomPassword() method, deprecated in 1.27, have been removed. 381* MWNamespace::canTalk(), deprecated in 1.30, have been removed. 382* Parser class property $mUniqPrefix, deprecated in 1.26, has been removed. 383* wfArrayFilter() and wfArrayFilterByKey(), deprecated in 1.32, have been 384 removed. 385* wfMakeUrlIndexes() function, deprecated in 1.33, have been removed. 386* Method signatures in WatchedItemQueryServiceExtension have changed from taking 387 User objects to taking UserIdentity objects. Extensions implementing this 388 interface need to be changed accordingly. 389* User::getGroupPage() and ::makeGroupLinkHTML(), deprecated in 1.29, have been 390 removed. Use UserGroupMembership::getGroupPage and ::getLink instead. 391* User::makeGroupLinkWiki(), deprecated in 1.29, has been removed. Use 392 UserGroupMembership::getLink() instead. 393* SavepointPostgres, deprecated in 1.31, has been removed. 394* OutputPage::enableSectionEditLinks(), OutputPage::sectionEditLinksEnabled(), 395 ParserOptions::getEditSection(), ParserOptions::setEditSection(), and 396 ParserOutput::getEditSectionTokens, ::getTOCEnabled, ::setEditSectionTokens, 397 and ::setTOCEnabled, deprecated in 1.31, have been removed. 398* EditPage::safeUnicodeInput() and ::safeUnicodeOutput(), deprecated in 1.30, 399 have been removed. 400* Four methods in OutputPage, deprecated in 1.32, have been removed. You should 401 use OutputPage::showFatalError or throw a FatalError instead. The methods are 402 ::showFileCopyError(), ::showFileRenameError(), ::showFileDeleteError(), and 403 ::showFileNotFoundError(). 404* ApiBase::truncateArray(), deprecated in 1.32, has been removed. 405* IcuCollation::getICUVersion(), deprecated in 1.32, has been removed. Use PHP's 406 INTL_ICU_VERSION constant directly. 407* HTMLForm::setSubmitProgressive(), deprecated in 1.32, has been removed. 408* ResourceLoaderStartUpModules::getStartupModules() and ::getLegacyModules(), 409 both deprecated in 1.32, have been removed. 410* BaseTemplate::msgHtml() and QuickTemplate::msgHtml(), deprecated in 1.32, have 411 been removed. Use ->msg() or ->getMsg() instead. 412* WatchAction::getUnwatchToken(), deprecated in 1.32, has been removed. Instead, 413 use WatchAction::getWatchToken() with action 'unwatch' directly. 414* Language::initEncoding(), ::recodeForEdit(), and recodeInput(), deprecated in 415 1.28, have been removed. 416* PageArchive::getTextFromRow(), ::listAllPages(), and ::getLastRevisionText(), 417 deprecated in 1.32, have been removed. 418* OutputPage::getModuleScripts(), ParserOutput::getModuleScripts(), deprecated 419 in 1.33, have been removed. 420* User::getPasswordValidity(), deprecated in 1.33, has been removed. 421* ApiQueryBase::prepareUrlQuerySearchString(), deprecated in 1.33, has been 422 removed. 423* ChangeTags::purgeTagUsageCache(), deprecated in 1.33, has been removed. 424* JobQueueGroup::pushLazyJobs(), deprecated in 1.33, has been removed. 425* MediaWikiTestCase::stashMwGlobals(), deprecated in 1.32, has been removed. 426* SearchEngine::transformSearchTerm(), deprecated in 1.32, has been removed. 427* The Block typehint only refers to blocks stored in the database. It should be 428 updated to AbstractBlock in cases where any type of block could be expected. 429* FileRepoStatus, deprecated in 1.25, has been removed. 430* The LegacyHookPreAuthenticationProvider class, deprecated since its creation 431 in 1.27, has been removed. 432* IP::isValidBlock(), deprecated in 1.30, has been removed. 433* WikiPage::prepareContentForEdit now doesn't accept an integer for $revision, 434 was deprecated in 1.25. 435* The jquery.byteLength module, deprecated in 1.31, was removed. 436 Use the mediawiki.String module instead. 437* mw.language.specialCharacters, deprecated in 1.33, has been removed. 438 Use require( 'mediawiki.language.specialCharacters' ) instead. 439* The jquery.colorUtil module was removed. Use jquery.color instead. 440* The jquery.checkboxShiftClick module was removed. The functionality 441 is provided by mediawiki.page.ready instead (T232688). 442* The 'jquery.accessKeyLabel' module has been removed. This jQuery 443 plugin now ships as part of the 'mediawiki.util' module bundle. 444* EditPage::submit(), deprecated in 1.29, has been removed. Use $this->edit() 445 directly. 446* HTMLForm::getErrors(), deprecated in 1.28, has been removed. Use 447 getErrorsOrWarnings() instead. 448* SpecialPage::getTitle(), deprecated in 1.23, has been removed. Use 449 SpecialPage::getPageTitle() instead. 450* jquery.ui.effect-bounce, jquery.ui.effect-explode, jquery.ui.effect-fold 451 jquery.ui.effect-pulsate, jquery.ui.effect-slide, jquery.ui.effect-transfer, 452 which are no longer used, have now been removed. 453* SpecialEmailUser::validateTarget(), ::getTarget() without a sender/user 454 specified, deprecated in 1.30, have been removed. 455* BufferingStatsdDataFactory::getBuffer(), deprecated in 1.30, has been removed. 456* The constant DB_SLAVE, deprecated in 1.28, has been removed. Use DB_REPLICA. 457* The constants NS_IMAGE and NS_IMAGE_TALK, deprecated in 1.14, have been 458 removed. Use NS_FILE and NS_FILE_TALK respectively. 459* Replacer, DoubleReplacer, HashtableReplacer and RegexlikeReplacer 460 (deprecated in 1.32) have been removed. Closures should be used instead. 461* OutputPage::addWikiText(), ::addWikiTextWithTitle(), ::addWikiTextTitleTidy(), 462 ::addWikiTextTidy(), ::addWikiTextTitle(), deprecated in 1.32, have been 463 removed. 464* The $wgUseKeyHeader configuration option and the OutputPage::getKeyHeader() 465 method, deprecated in 1.32, have been removed. 466* WebInstallerOutput::addWikiText(), deprecated in 1.32, has been removed. 467* Parser::fetchFile(), deprecated in 1.32, has been removed. Use the method 468 Parser::fetchFileAndTitle() instead. 469* The global function wfBCP47, deprecated in 1.31, has been removed. 470* wfCountDown() function, deprecated in 1.31, has been removed. Use 471 \Maintenance::countDown() method instead. 472* OutputPage::wrapWikiMsg() no longer accepts an options parameter. This was 473 deprecated since 1.20. 474* Skin::outputPage() no longer accepts a context. This was deprecated in 1.20. 475* Linker::link() no longer accepts a string for the query array, as was 476 deprecated in 1.20. 477* PrefixSearch::titleSearch(), deprecated in 1.23, has been removed. Use the 478 SearchEngine::defaultPrefixSearch or ::completionSearch() methods instead. 479* The UserRights hook, deprecated in 1.26, has been removed. Instead, use the 480 UserGroupsChanged hook. 481* Skin::getDefaultInstance(), deprecated in 1.27, has been removed. Get the 482 instance from MediaWikiServices instead. 483* The UserLoadFromSession hook, deprecated in 1.27, has been removed. 484* The wfResetSessionID global function, deprecated in 1.27, has been removed. 485 Use MediaWiki\Session\SessionManager instead. 486* The wfGetLBFactory global function, deprecated in 1.27, has been removed. 487 Use MediaWikiServices::getInstance()->getDBLoadBalancerFactory(). 488* The internal method OutputPage->addScriptFile() will no longer silently drop 489 calls that use an invalid path (i.e., something other than an absolute path, 490 protocol-relative URL, or full scheme URL), and will instead pass them to the 491 client where they will likely 404. This usage was deprecated in 1.24. 492* Database::reportConnectionError, deprecated in 1.32, has been removed. 493* APIEditBeforeSave hook, deprecated in 1.28, has been removed. Please see 494 EditFilterMergedContent hook for an alternative way to use this feature. 495* API module methods getDescription(), getParamDescription(), & getExamples(), 496 all deprecated in 1.25 and ignored, have been removed. 497* The API module method getDescriptionMessage(), deprecated in 1.30, has been 498 removed. 499* The JavaScript global variable wgLoadScript has been removed. Use 500 mw.util.wikiScript( 'load' ) instead. 501* ResourceLoader no longer creates the 'mw.legacy' placeholder object. It has 502 been unused since 1.16 and was deprecated in 1.22. To deprecate a property 503 in JavaScript, use mw.log.deprecate() instead. 504* The 'user.groups' module, deprecated in 1.28, was removed. 505 Use the 'user' module instead. 506* The ResourceLoaderContext::expandModuleNames method, deprecated in 1.33, was 507 removed. Use ResourceLoader::expandModuleNames instead. 508* The ability to override User::$mRights has been removed. Use 509 PermissionManager::addTemporaryUserRights() instead. 510* Previously, when iterating ResultWrapper with foreach() or a similar 511 construct, the range of the index was 1..numRows. This has been fixed to be 512 0..(numRows-1). 513* The ChangePasswordForm hook, deprecated in 1.27, has been removed. Use the 514 AuthChangeFormFields hook or security levels instead. 515* WikiMap::getWikiIdFromDomain(), deprecated in 1.33, has been removed. 516 Use WikiMap::getWikiIdFromDbDomain() instead. 517* The config variables $wgHtml5, $wgJsMimeType, and $wgXhtmlDefaultNamespace, 518 which were deprecated and ignored by core since 1.22, are no longer set to any 519 value, and SkinTemplate no longer emits a 'jsmimetype' key. Any extensions not 520 updated since 2013 to cope with this deprecation may now break. 521* (T222637) Passing ResourceLoaderModule objects to ResourceLoader::register() 522 or $wgResourceModules is no longer supported. 523 Use the 'class' or 'factory' option of the array format instead. 524* The parameter $lang of the functions generateTOC and tocList in Linker and 525 DummyLinker must be in type Language when present. Other types are 526 deprecated since 1.33. 527* The static properties mw.Api.errors and mw.Api.warnings, deprecated in 1.29, 528 have been removed. 529* ParserOption::getSpeculativeRevIdCallback(), deprecated in 1.28, has been 530 removed. 531* The UploadVerification hook, deprecated in 1.28, has been removed. Instead, 532 use the UploadVerifyFile hook. 533* UploadBase:: and UploadFromChunks::stashFileGetKey() and stashSession(), 534 deprecated in 1.28, have been removed. Instead, please use the getFileKey() 535 method on the response from doStashFile(). 536* LBFactory::setDomainPrefix() and LoadBalancer::setDomainPrefix(), deprecated 537 in 1.33, have been removed. Use setLocalDomainPrefix() instead. 538* IDatabase::implicitGroupby(), deprecated in 1.30, has been removed. 539* IDatabase::doneWrites(), deprecated in 1.31, has been removed. 540 Use IDatabase::lastDoneWrites() instead. 541* Database::reportConnectionError(), deprecated in 1.32, has been removed. 542* LoadBalancer::laggedSlaveUsed(), deprecated in 1.28, has been removed. 543 Use LoadBalancer::laggedReplicaUsed() instead. 544* Database::getProperty(), deprecated in 1.28, has been removed. 545* IDatabase::getWikiId(), deprecated in 1.30, has been removed. 546 Use IDatabase::getDomainID() instead. 547* (T191231) Support for using Oracle or MSSQL as database backends has been 548 dropped. 549* MessageCache::destroyInstance() has been removed. Instead, call 550 MediaWikiTestCase::resetServices(). 551* SearchResult protected field $searchEngine is removed and no longer 552 initialized after calling SearchResult::initFromTitle(). 553* The UserIsBlockedFrom hook is only called if a block is found first, and 554 should only be used to unblock a blocked user. 555* Parameters for index.php from PATH_INFO, such as the title, are no longer 556 written to $_GET. 557* The selectFields() methods on classes LocalFile, ArchivedFile, OldLocalFile, 558 DatabaseBlock, and RecentChange, deprecated in 1.31, have been removed. Use 559 the corresponding getQueryInfo() methods instead. 560* The following methods on Revision, deprecated since 1.31, have been removed. 561 Use RevisionStore::getQueryInfo() or RevisionStore::getArchiveQueryInfo() 562 instead. 563 * Revision::userJoinCond() 564 * Revision::pageJoinCond() 565 * Revision::selectFields() 566 * Revision::selectArchiveFields() 567 * Revision::selectTextFields() 568 * Revision::selectPageFields() 569 * Revision::selectUserFields() 570* User::setNewpassword(), deprecated in 1.27 has been removed. 571* The ObjectCache::getMainWANInstance and ObjectCache::getMainStashInstance 572 functions, deprecated since 1.28, have been removed. 573* Language::$dataCache has been removed (without prior deprecation, for 574 practical reasons). Use MediaWikiServices instead to get a LocalisationCache. 575 576=== Deprecations in 1.34 === 577* The MWNamespace class is deprecated. Use NamespaceInfo. 578* ExtensionRegistry->load() is deprecated, as it breaks dependency checking. 579 Instead, use ->queue(). 580* User::isBlocked() is deprecated since it does not tell you if the user is 581 blocked from editing a particular page. Use User::getBlock() or 582 PermissionManager::isBlockedFrom() or PermissionManager::userCan() instead. 583* User::isLocallyBlockedProxy and User::inDnsBlacklist are deprecated and moved 584 to the BlockManager as private helper methods. 585* User::isDnsBlacklisted is deprecated. Use BlockManager::isDnsBlacklisted 586 instead. 587* The Config argument to ChangesListSpecialPage::checkStructuredFilterUiEnabled 588 is deprecated. Pass only the User argument. 589* WatchedItem::getUser is deprecated. Use getUserIdentity. 590* Passing a Title as the first parameter to the getTimestampById method of 591 RevisionStore is deprecated. Omit it, passing only the remaining parameters. 592* Title::getPreviousRevisionId and Title::getNextRevisionId are deprecated. Use 593 RevisionLookup::getPreviousRevision and RevisionLookup::getNextRevision. 594* The Title parameter to RevisionLookup::getPreviousRevision and 595 RevisionLookup::getNextRevision is deprecated and should be omitted. 596* MWHttpRequest::factory is deprecated. Use HttpRequestFactory. 597* The Http class is deprecated. For the request, get, and post methods, use 598 HttpRequestFactory. For isValidURI, use MWHttpRequest::isValidURI. For 599 getProxy, use (string)$wgHTTPProxy. For createMultiClient, construct a 600 MultiHttpClient directly. 601* Http::$httpEngine is deprecated and has no replacement. The default 'guzzle' 602 engine will eventually be made the only engine for HTTP requests. 603* RepoGroup::singleton(), RepoGroup::destroySingleton(), 604 RepoGroup::setSingleton(), wfFindFile(), and wfLocalFile() are all 605 deprecated. Use MediaWikiServices instead. 606* The getSubjectPage, getTalkPage, and getOtherPage of Title are deprecated. 607 Use NamespaceInfo's getSubjectPage, getTalkPage, and getAssociatedPage. 608* MWMessagePack class, no longer used, has been deprecated in 1.34. 609* The Block class is separated into DatabaseBlock (for blocks stored in the 610 database), and SystemBlock (for temporary blocks created by the system). 611 SystemBlock should be used when creating any temporary blocks. Block is 612 a deprecated alias for DatabaseBlock. 613* Parser::$mConf is deprecated. It will be removed entirely in a later version. 614 Some context can be found at T224165. 615* Constructing Parser directly is deprecated. Obtain one from ParserFactory. 616* Title::moveSubpages is deprecated. Use MovePage::moveSubpages or 617 MovePage::moveSubpagesIfAllowed. 618* The MWNamespace class is deprecated. Use MediaWikiServices::getNamespaceInfo. 619* (T62260) Hard deprecate Language::getExtraUserToggles() method. 620* Language::viewPrevNext function is deprecated, use 621 PrevNextNavigationRenderer::buildPrevNextNavigation instead 622* User::trackBlockWithCookie and DatabaseBlock::clearCookie are deprecated. Use 623 BlockManager::trackBlockWithCookie and BlockManager::clearCookie instead. 624* DatabaseBlock::setCookie, DatabaseBlock::getCookieValue, 625 DatabaseBlock::getIdFromCookieValue and AbstractBlock::shouldTrackWithCookie 626 are moved to internal helper methods for BlockManager::trackBlockWithCookie. 627* ResourceLoaderContext::getConfig and ResourceLoaderContext::getLogger have 628 been deprecated. Inside ResourceLoaderModule subclasses, use the local methods 629 instead. Elsewhere, use the methods from the ResourceLoader class. 630* The Profiler::setTemplated and Profiler::getTemplated methods have been 631 deprecated. Use Profiler::setAllowOutput and Profiler::getAllowOutput 632 instead. 633* The ProfilerOutputDb class, 'profiling' table, and profileinfo.php entry 634 point had been deprecated (T231366). 635* The Preprocessor_DOM implementation has been deprecated. It will be 636 removed in a future release. Use the Preprocessor_Hash implementation 637 instead. 638* Sanitizer::attributeWhitelist() and Sanitizer::setupAttributeWhitelist() 639 have been deprecated; they will be made private in the future. 640* SearchResult::termMatches() method is deprecated. It was unreliable because 641 only populated by few search engine implementations. Use 642 SqlSearchResult::getTermMatches() if really needed. 643* SearchResult::getTextSnippet( $terms ) the $terms param is being deprecated 644 and should no longer be passed. Search engine implemenations should be 645 responsible for carrying relevant information needed for highlighting with 646 their own SearchResultSet/SearchResult sub-classes. 647* SearchResultSet::free() method is deprecated. 648* SearchEngine::$searchTerms protected field is deprecated. Moved to 649 SearchDatabase. 650* The use of the $terms param in the ShowSearchHit and ShowSearchHitTitle 651 hooks is highly discouraged as it's only populated by SearchDatabase search 652 engines. 653* Skin::escapeSearchLink() is deprecated. Use Skin::getSearchLink() or the skin 654 template option 'searchaction' instead. 655* Skin::getRevisionId() and Skin::isRevisionCurrent() have been deprecated. 656 Use OutputPage::getRevisionId() and OutputPage::isRevisionCurrent() instead. 657* LoadBalancer::haveIndex() and LoadBalancer::isNonZeroLoad() have 658 been deprecated. 659* FileBackend::getWikiId() has been deprecated. 660 Use FileBackend::getDomainId() instead. 661* User::getRights() and User::$mRights have been deprecated. Use 662 PermissionManager::getUserPermissions() instead. 663* The LocalisationCacheRecache hook no longer allows purging of message blobs 664 to be prevented. Modifying the $purgeBlobs parameter now has no effect. 665* SVGMetadataExtractor::getMetadata has been deprecated. Instead, you should 666 use SVGReader->getMetadata() directly. 667* The following public properties on AbstractBlock are deprecated: $mReason, 668 $mTimestamp, $mExpiry, $mHideName. Use the getters/setters instead. 669* The following public properties on DatabaseBlock are deprecated: $mAuto, 670 $mParentBlockId. To check for an autoblock use DatabaseBlock::getType; to 671 check for the parent ID, use DatabaseBlock::getParentBlockId. 672* SearchEngine::userHighlightPrefs() is deprecated, simply stop passing 673 $contextlines and $contextchars to the SearchHighlighter methods, they will 674 use proper defaults defined in SearchHighlighter::DEFAULT_CONTEXT_LINES and 675 DEFAULT_CONTEXT_CHARS. 676* SearchUpdate constructor: passing a string as the title param and or a boolean 677 or a string as the content will produce a deprecation warning. 678* SearchEngine::getTextFromContent() is deprecated, use getTextForSearchIndex() 679 directly from the Content object. 680* SearchEngine::textAlreadyUpdatedForIndex() is deprecated, given the 681 deprecation above this method is no longer needed/called and should not be 682 implemented by SearchEngine implementation. 683* IDatabase::bufferResults() has been deprecated. Use query batching instead. 684* MessageCache::singleton() is deprecated. Use 685 MediaWikiServices::getMessageCache(). 686* ObjectCache::getWANInstance() is deprecated. Use 687 MediaWikiServices::getMainWANObjectCache() instead. 688* ObjectCache::newWANCacheFromParams() is deprecated. Use 689 MediaWikiServices::getMainWANObjectCache() instead. 690* Constructing MovePage directly is deprecated. Use MovePageFactory. 691* TempFSFile::factory() has been deprecated. Use TempFSFileFactory instead. 692* wfIsBadImage() is deprecated. Use the BadFileLookup service instead. 693* Building a new SearchResult is hard-deprecated, always call 694 SearchResult::newFromTitle(). This class is being refactored into an abstract 695 class. If you extend this class please be sure to override all its methods 696 or extend RevisionSearchResult. 697* Skin::getSkinNameMessages() is deprecated and no longer used. 698* The mediawiki.RegExp module is deprecated; use mw.util.escapeRegExp() instead. 699* Specifying a SpecialPage object for the list of special pages (either through 700 the SpecialPage_initList hook or by adding to $wgSpecialPages) is now 701 deprecated. 702* The 'jquery.tabIndex' module is deprecated. 703* WebInstaller::getWarningBox() and getErrorBox() are deprecated. 704 Use Html::errorBox() or Html::warningBox() instead. 705* Use of ActorMigration with 'ar_user', 'img_user', 'oi_user', 'fa_user', 706 'rc_user', 'log_user', and 'ipb_by' is deprecated. Queries should be adjusted 707 to use the corresponding actor fields directly. Note that use with 708 'rev_user' is *not* deprecated at this time. 709* Specifying both the class and factory parameters for 710 ApiModuleManager::addModule is now deprecated. The ObjectFactory spec should 711 be used instead. 712* The UserIsHidden hook is deprecated. Use GetUserBlock instead, and add a 713 system block that hides the user. 714* The GetBlockedStatus hook is deprecated. Use GetUserBlock instead, to add or 715 remove a block. 716* $wgContentHandlerUseDB is deprecated and should always be true. 717* StreamFile::send404Message() and StreamFile::parseRange() are now deprecated. 718 Use HTTPFileStreamer::send404Message() and HTTPFileStreamer::parseRange() 719 respectively instead. 720* Global variable $wgSysopEmailBans is deprecated; to allow sysops to ban 721 users from sending emails, use 722 $wgGroupPermissions['sysop']['blockemail'] = true; 723* ApiQueryBase::showHiddenUsersAddBlockInfo() is deprecated. Use 724 ApiQueryBlockInfoTrait instead. 725* PasswordReset is now a service, its direct instantiation is deprecated. 726* RESTBagOStuff users should specify either "JSON" or "PHP" serialization type. 727* The global function wfIsHHVM() is deprecated and will now always return false 728 regardless of the runtime environment. This is part of the continuing work to 729 remove HHVM support from MediaWiki, which started in MediaWiki 1.31. 730* Language::getLocalisationCache() is deprecated. Use MediaWikiServices 731 instead. 732* The following Language methods are deprecated: isSupportedLanguage, 733 isValidCode, isValidBuiltInCode, isKnownLanguageTag, fetchLanguageNames, 734 fetchLanguageName, getFileName, getMessagesFileName, getJsonMessagesFileName. 735 Use the new LanguageNameUtils class instead. (Note that fetchLanguageName(s) 736 are called getLanguageName(s) in the new class.) 737* Using the Parser without initializing its $mTitle property to non-null has 738 been deprecated. In a future release Parser::getTitle() will throw a 739 TypeError if $mTitle is uninitialized. 740* A number of public methods of Parser were exposed only for historical 741 reasons and have been deprecated: doMagicLinks, doDoubleUnderscore, 742 doHeadings, doAllQuotes, replaceExternalLinks, replaceInternalLinks, 743 replaceInternalLinks2, getVariableValue, initialiseVariables, formatHeadings, 744 testPst, testPreprocess, testSrvus, areSubpagesAllowed, maybeDoSubpageLink, 745 splitWhitespace, createAssocArgs, armorLinks, makeKnownLinkHolder, 746 getImageParams, parseLinkParameter, stripAltText, replaceLinkHolders, 747 replaceLinkHoldersText, armorLinks, makeKnownLinkHolder, getImageParams, 748 parseLinkParameter, stripAltText. 749 750=== Other changes in 1.34 === 751* Added option to specify "Various authors" as author in extension credits using 752 "..." as the only author name. If the "author" array contains more than one 753 entry and "..." is one of the entries in the array, "..." will be parsed as 754 "others" (version-poweredby-others i18n message) like previously. 755* (T232563) Browser support ("Grade C") for Internet Explorer 6 and 7 756 was discontinued. Basic content and security features may no longer 757 work correctly in these browsers. 758 759= MediaWiki 1.33 = 760 761== MediaWiki 1.33.4 == 762 763This is a security and maintenance release of the MediaWiki 1.33 branch. 764 765=== Changes since MediaWiki 1.33.3 === 766* (T247017) PasswordReset performance improvements. 767* The MultiHttpClient code will fallover to non-curl if curl_multi* is blocked. 768* (T250568) Work around change in SimpleXMLElement behavior introduced in PHP 769 7.3.17. 770* Remove some rotten and out of date documentation. 771* (T252311) Improvements to some older SQLite update patches. 772* (T240307) Minor fixes to extension.schema.v2.json and 773 extension.schema.v1.json. 774* rdbms: Add callback for atomic section cancellation. 775* (T191668) NameTableStoreTest::getCallCheckingDb simplification. 776* Make NameTableStore use LoadBalancer::getConnectionRef(). 777* (T224949) NameTableStore: ensure consistency upon rollback. 778* (T199474) Set rc_patrolled to 2 for autopatrolled changes in 779 rebuildrecentchanges.php. 780* (T229461) Update the change_tag table in rebuildrecentchanges.php. 781* (T234450) Per-user concurrency in SpecialContributions can now be limited by 782 setting $wgPoolCounterConf['SpecialContributions'] appropriately. 783* (T248947) SECURITY: img_auth.php may leak private extension images into the 784 public cache. 785 786== MediaWiki 1.33.3 == 787 788This is a security and maintenance release of the MediaWiki 1.33 branch. 789 790=== Changes since MediaWiki 1.33.2 === 791* (T245072) mediawiki.language: Rename languageData back to languageNames. 792* Use proper SemVer comparison in CheckComposerLockUpToDate. 793* (T212738) Add the MW_VERSION constant, global $wgVersion is soft deprecated. 794* Update comment about PHP versions supported by The PHP Group. 795* (T247215) Fix output of RecountCategories::doWork(). 796* Add check for page existence to view.php maintenance script. 797* (T236509) SECURITY: Fix HTML escaping in UserGroupMembership::getLink(). 798* (T246602) SECURITY: jquery.makeCollapsible allows applying event handler to 799 any CSS selector. 800 801== MediaWiki 1.33.2 == 802 803This is a security and maintenance release of the MediaWiki 1.33 branch. 804 805=== Changes since MediaWiki 1.33.1 === 806* (T217831) (T200653) PopulateContentTables: compute sha1 and length if needed. 807* Fix extra newlines in the installer. 808* (T236628) Fix for ArticleRevisionViewCustom hook in DifferenceEngine.php. 809* (T181658) Do not insert page titles into querycache.qc_value. 810* (T206013) Suppress errors when reading invalid XML file properties. 811* (T237931) Remove references to pg_attrdef.adsrc in Postgres code. 812* Use correct value for 'sslmode' in DatabasePostgres. 813* (T232866) Fix support for HTTP/2 in MultiHttpClient. 814* (T227461) Stop calling deprecated Redis delete functions. 815* (T239561) Mark options as requiring parameters in addSite.php. 816* (T219440) Skip flaky rollback test. 817* (T232866) Mimic CURLOPT_POST in GuzzleHttpRequest. 818* (T239734) Replace deprecated lSize with lLen in Redis code. 819* (T192134) SECURITY: Do not allow user scripts on Special:PasswordReset. 820* (T239428) ApiEditPage: Test for bad redirect targets. 821* (T233342) rdbms: Log debug message traces as 'exception.trace' instead of 822 'trace'. 823* (T226751) media: Log and fail gracefully on invalid EXIF coordinates. 824* (T212067) SECURITY: Work around PHP bug in parse_url. 825 826== MediaWiki 1.33.1 == 827 828This is a security and maintenance release of the MediaWiki 1.33 branch. 829 830=== Changes since MediaWiki 1.33.0 === 831* A change that kept people with a database table prefix that didn't 832 end with an underscore from updating was reverted. 833* (T207100) Updated LanguageTr for dotted and dotless I in PHP 7.3. 834* The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification 835 of headers in private wikis. 836* (T230317) Allow upgrading from MediaWiki before 1.15 where the valid_tag table 837 doesn't yet exist. 838* (T208897) MessageCache: Restore 'loadedLanguages' tracking for load(). 839* (T228555) MessageCache: Fix isMainCacheable() logic for non-content languages. 840* (T200088) Remove title protection correctly for undeletions and imports. 841* (T230402) SECURITY: Add permission check for suppressed account to 842 Special:Redirect. 843* Add helper for HTTPFileStreamer header syntax. 844* (T227461) ObjectCache: avoid using deprecated phpredis::delete() alias. 845* (T231386) SpecialRedirect::dispatchUser() should use a 302 http status code. 846* (T118799) Fix XMP parser errors due to trailing nullchar. 847* (T230618) Fix GROUP BY in ActiveUsersPager and RecentChangesUpdateJob for 848 PostgreSQL. 849* (T230487) Handle changed defaults in Argon2PasswordTest::testPartialConfig(). 850* (T233119) Improve documentation for the MinimumPasswordLengthToLogin policy. 851* (T227662) Split down patch-comment-table.sql and patch-actor-table.sql into 852 separate files to help allieviate potential migration problems. 853 854=== Upgrading notes for 1.33 === 8551.33 has several database changes since 1.32, and will not work without schema 856updates. Note that due to changes to some very large tables like the revision 857table, the schema update may take quite long (minutes on a medium sized site, 858many hours on a large site). 859 860Don't forget to always back up your database before upgrading! 861 862See the file UPGRADE for more detailed upgrade instructions, including 863important information when upgrading from versions prior to 1.11. 864 865Some specific notes for MediaWiki 1.33 upgrades are below: 866 867* Some external link searches will not work correctly until update.php (or 868 refreshExternallinksIndex.php) is run. These include searches for links using 869 IP addresses, internationalized domain names, and possibly mailto links. 870* If you ran migrateActors.php using an older version of MediaWiki and want to 871 run your wiki with $wgActorTableSchemaMigrationStage SCHEMA_COMPAT_READ_OLD, 872 note that log_search rows needed to find revision deletions by target user 873 were incorrectly deleted. See T215464 for details. 874* If revision deletions were performed when the wiki was configured with 875 $wgActorTableSchemaMigrationStage SCHEMA_COMPAT_WRITE_BOTH and without 876 migrateActors.php having been run, the log_search table may contain rows with 877 empty values for "target_author_actor" which will prevent log searches for 878 revision deletions by target user from finding those log entries. These rows 879 may be corrected by (re-)running migrateActors.php. 880 881For notes on 1.32.x and older releases, see HISTORY. 882 883== MediaWiki 1.33.0 == 884 885=== Changes since MediaWiki 1.33.0-rc.0 === 886* (T225558) Update installer link to PHP intl. 887* (T225901) Only attempt to deduplicate if there is data in archive and revision 888 tables. 889* (T225564) Fetch tag ID before calling undefineTag(). 890* (T225496) Detect APC for MainCacheType in CLI installer. 891* Call unpack() with correct parameters in MimeAnalyzer.php for PHP 7.0 support. 892* (T212613) Style change tags correctly on Special:Newpages. 893* (T202211) Fix SQLite patch-(page|template)links-fix-pk.sql column order. 894 895== MediaWiki 1.33.0-rc.0 == 896 897=== Configuration changes for system administrators in 1.33 === 898==== New configuration ==== 899* $wgEnablePartialBlocks – This enables the Partial Blocks feature, which gives 900 accounts with block permissions the ability to block users, IPs, and IP ranges 901 from editing specific pages, while allowing them to edit the rest of the wiki. 902 It is a temporary setting for gradual enablement, current default to `false`, 903 and will be set to `true` and then removed once initial development completes. 904 905==== Changed configuration ==== 906* $wgChangeTagsSchemaMigrationStage (T193868) — This temporary setting, added in 907 MediaWiki 1.32, now defaults to MIGRATION_NEW instead of MIGRATION_WRITE_BOTH. 908* $wgPasswordPolicy – There is a new password policy to check that the account's 909 password is not in the large blacklist. This is enabled by default for the 910 built-in user groups bureaucrat, sysop, interface-admin, and bot. To configure 911 this for other user groups, set the `PasswordNotInLargeBlacklist` flag `true`. 912* $wgPasswordDefault – There is a new password type configuration using Argon2 913 password hashing (which requires PHP 7.2 and above). It's designed to resist 914 timing attacks, and (on systems with PHP 7.3+) GPU hacking; if you configure 915 argon2 to be used, by default, it will automatically choose the best available 916 algorithm depending on which version of PHP you have available. To use this, 917 you can set `$wgPasswordDefault = 'argon2';`. 918* $wgActorTableSchemaMigrationStage now defaults to reading the new schema. 919 update.php will back-populate the new database fields due to the changed 920 setting, which may take some time on large wikis. You can avoid downtime by 921 following a process like that described in T188327. 922 923==== Removed configuration ==== 924* $wgTagStatisticsNewTable (T199334) — This temporary setting, added in 925 MediaWiki 1.32, has now been removed. When loading Special:Tags, MediaWiki 926 will now always use the `change_tag_def` instead of the `change_tag` table. 927* $wgUseTidy, $wgTidyBin, $wgTidyConf, $wgTidyOpts, $wgTidyInternal, and 928 $wgDebugTidy – These options, all deprecated since 1.26, have now all been 929 removed, as MediaWiki now always tidies user output. The $wgTidyConfig setting 930 remains only for experimental features and debugging, and should not be used. 931* $wgEnableParserCache – This setting has been deprecated since 1.26, has now 932 been removed. If you still desire to disable the parser cache, instead you can 933 set `$wgParserCacheType = CACHE_NONE;`. 934* $wgCommentTableSchemaMigrationStage – This temporary migration setting has now 935 been removed. Code finding it unset should treat it as being MIGRATION_NEW. 936* $wgAuth – This old setting, deprecated in 1.27, has been removed as part of 937 the removal of AuthPlugin. 938* $wgSitesCacheFile – This configuration was introduced in 1.25 with the intent 939 to allow sites to configure a file in which to cache the SiteStore database 940 table, but it was never used. SiteStore already caches its information by 941 default using BagOStuff (e.g. Memcached or APC). 942* $wgClockSkewFudge – This setting was used by User.php to let sites adjust by 943 how much MediaWiki would fudge when trying to minimize the chances of a 944 user.user_touched database update to the "current" timestamp being before the 945 value already there (e.g. due to clock skew between different servers). This 946 is no longer a problem, because the code now ensures the timestamp is always 947 higher than the previous one. The writes are guarded with CAS logic (check 948 and set), which prevents updates that would overlap. 949* $wgDBmysql5 (T196185) - This experimental setting, deprecated in 1.31, has 950 been removed. 951 952=== New user-facing features in 1.33 === 953* (T96041) __EXPECTUNUSEDCATEGORY__ on a category page causes the category 954 to be hidden on Special:UnusedCategories. 955* (T210814) SVGs are now by default displayed in wiki language on image 956 pages. 957* Special:CreateAccount now warns the user if their chosen username has to be 958 normalized. 959* (T205040) Multilingual images are now be displayed in the current parse 960 language where available. 961* Special:ActiveUsers will no longer filter out users who became inactive since 962 the last time the active users query cache was updated. 963* (T215675) RecentChange and ManualLogEntry implement new Taggable interface. 964* (T215675) Added a hook, ManualLogEntryBeforePublish, to allow extensions 965 to modify (example: add tags) log entries. 966 967=== New developer features in 1.33 === 968* The AuthManagerLoginAuthenticateAudit hook has a new parameter for 969 additional information about the authentication event. 970* TextContent::getText() was introduced as a replacement for 971 Content::getNativeData() for text-based content models. 972* (T214706) LinksUpdate::getAddedExternalLinks() and 973 LinksUpdate::getRemovedExternalLinks() were introduced. 974* (T213893) Added 'MaintenanceUpdateAddParams' hook 975* (T219655) The MarkPatrolled hook has a new parameter for the tags 976 associated with this entry in the patrol log. 977* (T212472) Extensions can now specify platform abilities they require to work, 978 limited to shell access for now. 979 980 981=== External library changes in 1.33 === 982==== New external libraries ==== 983* Added wikimedia/password-blacklist 0.1.4. 984* Added guzzlehttp/guzzle 6.3.3. 985 986==== Changed external libraries ==== 987* Updated OOUI from v0.29.2 to v0.31.3. 988* Updated OOjs Router from pre-release to v0.2.0. 989* Updated moment from v2.19.3 to v2.24.0. 990* Updated wikimedia/xmp-reader from 0.6.0 to 0.6.2. 991* Updated wikimedia/scoped-callback from 2.0.0 to 3.0.0. 992* Updated jquery-client from 2.0.1 to 2.0.2. 993* Updated pear/net_smtp from 1.8.0 to 1.8.1. 994* Updated cssjanus/cssjanus from 1.2.0 to 1.3.0. 995* Updated wikimedia/php-session-serializer from 1.0.6 to 1.0.7. 996 997==== Removed external libraries ==== 998* (T219403) jquery.ui.spinner, deprecated since 1.31, was removed. 999 1000 1001=== Developer library changes in 1.33 === 1002==== New developer libraries ==== 1003* Added jakub-onderka/php-console-highlighter 0.3.2 explicitly (dev-only). 1004* Added mediawiki/mediawiki-phan-config 0.5.0 (dev-only). 1005 1006==== Changed developer libraries ==== 1007* Updated wikimedia/ip-set from 1.3.0 to 2.0.1. 1008 * The deprecated IPSet\IPSet alias was removed, Wikimedia\IPSet must be 1009 used instead. 1010* Updated psy/psysh from 0.9.6 to 0.9.9 (dev-only). 1011* Updated nikic/php-parser from 3.1.3 to 3.1.5 (dev-only). 1012* Updated mediawiki/mediawiki-codesniffer from 22.0.0 to 25.0.0 (dev-only). 1013* Updated qunitjs from 2.6.2 to 2.9.1. 1014 1015==== Removed developer libraries ==== 1016* The jetbrains/phpstorm-stubs repository was removed in favour of the minimal 1017 stubs we need, which are kept in the new `.phan/internal_stubs` directory 1018 (dev-only). 1019 1020 1021=== Bug fixes in 1.33 === 1022* (T164211) Special:UserRights could sometimes fail with a 1023 "conflict detected" error when there weren't any conflicts. 1024* (T216029) Chrome redirects to Special:BadTitle after editing a section with 1025 a non-Latin name on a page with non-Latin characters in title. 1026* (T222385) resourceloader: Use AND instead of OR for upsert conds in 1027 saveFileDependencies(). 1028 1029=== Action API changes in 1.33 === 1030* (T198913) Added 'ApiOptions' hook. 1031* The JSON formatversion=2 is no longer experimental. 1032* Internal API errors (those with code beginning "internal_api_error") will 1033 include the exception class name in a data field named "errorclass". 1034 * Class names are not guaranteed to remain stable, and in particular database 1035 exceptions will now include the "Wikimedia\Rdbms\" prefix in the class name. 1036 * The code including an exception class name is deprecated. In the future, 1037 all internal errors will use code "internal_api_error". 1038* (T212356) When using action=delete on pages with many revisions, the module 1039 may return a boolean-true 'scheduled' and no 'logid'. This signifies that the 1040 deletion will be processed via the job queue. 1041* action=setnotificationtimestamp will now update the watchlist asynchronously 1042 if entirewatchlist is set, so updates may not be visible immediately 1043* Block info will be added to "blocked" errors from more modules. 1044* (T216245) Autoblocks will now be spread by action=edit and action=move. 1045* action=query&meta=userinfo has a new uiprop, 'latestcontrib', that returns 1046 the date of user's latest contribution. 1047* (T25227) action=logout now requires to be posted and have a csrf token. 1048 1049=== Action API internal changes in 1.33 === 1050* A number of deprecated methods for API documentation, intended for overriding 1051 by extensions, are no longer called by MediaWiki, and will emit deprecation 1052 notices if your extension attempts to use them: 1053 * ApiBase::getDescription() (deprecated in 1.25) 1054 * ApiBase::getParamDescription() (deprecated in 1.25) 1055 * ApiBase::getExamples() (deprecated in 1.25) 1056 * ApiBase::getDescriptionMessage() (deprecated in 1.30) 1057 Additionally, the 'APIGetDescription' and 'APIGetParamDescription' hooks have 1058 been removed, as their only use was to let extensions override values returned 1059 by getDescription() and getParamDescription(), respectively. 1060* API error codes may only contain ASCII letters, numbers, underscore, and 1061 hyphen. Methods such as ApiBase::dieWithError() and 1062 ApiMessageTrait::setApiCode() will throw an InvalidArgumentException if 1063 passed a bad code. 1064* ApiBase::checkTitleUserPermissions() now takes an options array as its third 1065 parameter. Passing a User object or null is deprecated. 1066* The api-feature-usage log channel now has log context. The text message is 1067 deprecated and will be removed in the future. 1068 1069=== Languages updated in 1.33 === 1070MediaWiki supports over 350 languages. Many localisations are updated regularly. 1071Below only new and removed languages are listed, as well as changes to languages 1072because of Phabricator reports. 1073 1074* (T203908) Added language support for Eastern Pwo (kjp). 1075* (T213717) Fixed a translation error on Goan Konkani (gom-deva) translations 1076 for NS_TEMPLATE. 1077* (T212221) Added $digitTransformTable for Santali (sat). 1078* (T216479) Added language support for Saisiyat (xsy). 1079* (T219728) Added support for new Japanese era name "Reiwa" 1080 1081=== Breaking changes in 1.33 === 1082* The parameteter $lang in DifferenceEngine::setTextLanguage must be of type 1083 Language. Other types are deprecated since 1.32. 1084* Skin::doEditSectionLink requires type Language for the parameter $lang. 1085 The parameters $tooltip and $lang are mandatory. Omitting the parameters is 1086 deprecated since 1.32. 1087* Language::truncate(), deprecated in 1.31, has been removed. 1088* UtfNormal, deprecated in 1.25, was removed. Use UtfNormal\Validator directly 1089 instead. 1090* (T197179) In OOUI HTMLForm fields, the parameters 'notice', 'notice-messages', 1091 and 'notice-message', which were deprecated in 1.32, were removed. Instead, 1092 use 'help', 'help-message', and 'help-messages'. 1093* (T197179) HTMLFormField::getNotices(), deprecated in 1.32, was removed. 1094* The "Parsoid v1" compatibility mappings in ParsoidVirtualRESTService and 1095 RestbaseVirtualRESTService, deprecated since 1.26, have been removed. 1096 Use the RESTBase v1 or Parsoid v3 API instead. 1097* ParserOptions defaults 'tidy' to true now, since the untidy modes of the 1098 parser are being deprecated and ParserOptions::getCanonicalOverrides() 1099 has always been true at any rate. 1100* Support for disabling tidy and external tidy implementations has been removed. 1101 This was deprecated in 1.32. The pure PHP Remex tidy implementation is now 1102 used and no configuration is necessary. 1103* A number of deprecated methods for API documentation, intended for overriding 1104 by extensions, are no longer called by MediaWiki, and will emit deprecation 1105 notices if your extension attempts to use them: 1106 * ApiBase::getDescription() (deprecated in 1.25) 1107 * ApiBase::getParamDescription() (deprecated in 1.25) 1108 * ApiBase::getExamples() (deprecated in 1.25) 1109 * ApiBase::getDescriptionMessage() (deprecated in 1.30) 1110 Additionally, the 'APIGetDescription' and 'APIGetParamDescription' hooks have 1111 been removed, as their only use was to let extensions override values returned 1112 by getDescription() and getParamDescription(), respectively. 1113* The authentication hooks 'AbortAutoAccount' 'AbortNewAccount', 'AbortLogin', 1114 'LoginUserMigrated', 'UserCreateForm', and 'UserLoginForm', all deprecated by 1115 the creation of AuthManager in 1.27, have been removed. This also means that 1116 the FakeAuthTemplate and LoginForm classes are removed, that FakeAuthTemplate 1117 is no longer passed into LoginSignupSpecialPage->getFieldDefinitions(), and 1118 that LoginSignupSpecialPage->getBCFieldDefinitions() is removed. 1119* The 'jquery.localize' module, deprecated in 1.32, has been removed. Instead, 1120 use 'jquery.i18n'. 1121* The hooks LanguageGetSpecialPageAliases and LanguageGetMagic, deprecated since 1122 1.16, have now been removed. Instead, use $specialPageAliases or $magicWords 1123 respectively in a $wgExtensionMessagesFiles file. 1124* The following methods of the Preferences class, deprecated in 1.31, have been 1125 removed: 1126 * getSaveBlacklist() 1127 * loadPreferenceValues() 1128 * getOptionFromUser() 1129 * profilePreferences() 1130 * skinPreferences() 1131 * filesPreferences() 1132 * datetimePreferences() 1133 * renderingPreferences() 1134 * editingPreferences() 1135 * rcPreferences() 1136 * watchlistPreferences() 1137 * searchPreferences() 1138 * miscPreferences() 1139 * generateSkinOptions() 1140 * getDateOptions() 1141 * getImageSizes() 1142 * getThumbSizes() 1143 * validateSignature() 1144 * cleanSignature() 1145 * getTimezoneOptions() 1146 * filterIntval() 1147 * filterTimezoneInput() 1148 * getTimeZoneList() 1149* mw.util.jsMessage(), deprecated in 1.20, was removed. Use mw.notify instead. 1150* (T61113) User::EDIT_TOKEN_SUFFIX was removed. It was deprecated since 1.27. 1151* The 'mediawiki.api' module aliases, deprecated in 1.32, have been removed. 1152 Specifically: mediawiki.api.category, mediawiki.api.edit, 1153 mediawiki.api.login, mediawiki.api.options, mediawiki.api.parse, 1154 mediawiki.api.upload, mediawiki.api.user, mediawiki.api.watch, 1155 mediawiki.api.messages, and mediawiki.api.rollback. 1156* The 'jquery.byteLimit' module alias for 'jquery.lengthLimit', 1157 deprecated in 1.31, was removed. 1158* Revision::fetchRevision(), deprecated in 1.28, was removed. 1159* Class SquidUpdate, deprecated in 1.27, was removed. 1160* Title->getSquidURLs(), deprecated in 1.27, was removed. Instead, use 1161 Title->getCdnUrls(). 1162* Title::escapeFragmentForURL(), deprecated in 1.30, was removed. Use 1163 Sanitizer::escapeIdForLink() or escapeIdForExternalInterwiki() instead. 1164* Title->canTalk(), deprecated in 1.30, was removed. Instead, use 1165 Title->canHaveTalkPage(). 1166* Title's methods for site and user page related to CSS and JS, deprecated in 1167 1.31, were removed: 1168 * Title->isCssOrJsPage() — Use Title->isSiteConfigPage() 1169 * Title->isCssJsSubpage() – Use Title->isUserConfigPage() 1170 * Title->getSkinFromCssJsSubpage() – Use Title->getSkinFromConfigSubpage() 1171 * Title->isCssSubpage() – Use Title->isUserCssConfigPage() 1172 * Title->isJsSubpage() – Use Title->isUserJsConfigPage() 1173* SiteSQLStore, deprecated in 1.27 and whose only method, ::newInstance(), 1174 would return the global SiteStore instance, has been removed. You can get to 1175 this via MediaWiki\MediaWikiServices::getInstance()->getSiteStore() directly. 1176* Linker::formatSize, deprecated in 1.28, has been removed (with DummyLinker's). 1177 Instead, use Language->formatSize() with the relevant Language object. 1178* Linker::formatTemplates, deprecated in 1.28, has been removed (along with the 1179 version in DummyLinker). You can use TemplatesOnThisPageFormatter directly. 1180* EventRelayerGroup::singleton(), deprecated in 1.27, has been removed. You can 1181 use MediaWikiServices::getInstance()->getEventRelayerGroup() directly. 1182* LinkCache->addLink(), deprecated in 1.27, has been removed. It is thought to 1183 be unused, and is distinct from OutputPage->addLink(), which remains. 1184* JsonContent->getJsonData(), deprecated in 1.25, has been removed. Instead, use 1185 JsonContent->getData(). 1186* MWExceptionHandler::getLogId(), deprecated in 1.27, has been removed, as the 1187 exception ID is the same as the request ID, from WebRequest::getRequestId(). 1188* SearchEngine::getNearMatchResultSet(), deprecated in 1.27, has been removed. 1189 You can use SearchEngine::getNearMatcher() instead. 1190* EmailNotification::updateWatchlistTimestamp, deprecated in 1.27, has been 1191 removed. Instead, use WatchedItemStore::updateNotificationTimestamp directly. 1192* User::getGroupName() and ::getGroupMember(), both deprecated in 1.29, have 1193 been removed. Instead, please use UserGroupMembership::getGroupName() and 1194 UserGroupMembership::getGroupMemberName(). 1195* Backwards compatibility for setting wgSessionsInObjectCache to false or using 1196 wgSessionHandler, both of which were deprecated in 1.27 with the introduction 1197 of SessionManager, has been removed. 1198* SessionManager::autoCreateUser, deprecated in 1.27, has been removed. Use 1199 MediaWiki\Auth\AuthManager::autoCreateUser instead. 1200* The mw.libs.jpegmeta property, deprecated in 1.31, was removed. 1201 Use require( 'mediawiki.libs.jpegmeta' ) instead. 1202* The mw.user.stickyRandomId() method, deprecated in 1.32, was removed. 1203 Use mw.user.getPageviewToken() instead. 1204* Removed deprecated class property WikiRevision::$importer. 1205* ResourceLoaderFileModule::readStyleFiles() now requires its $context 1206 parameter. 1207* The ChangeList::insertArticleLink() method, that was deprecated in 1.27, has 1208 been removed. 1209* MessageBlobStore::__construct() now requires its $rl parameter. 1210* Second parameter to Sanitizer::escapeIdReferenceList() (deprecated in 1.31) 1211 has been removed. 1212* The 'jquery.xmldom' module has been removed. 1213* The 'jquery.mockjax' module has been removed. 1214* The 'jquery.hidpi' module, deprecated in 1.32, has been removed. 1215* AuthPlugin and related code, deprecated in 1.27, has been removed. Extensions 1216 should instead use AuthManager. The following no longer exist: 1217 * The AuthPlugin class itself and the related AuthPluginUser class and i18n 1218 * The AuthPluginSetup and AuthPluginAutoCreate hooks 1219 * The transitional wrapper classes AuthPluginPrimaryAuthenticationProvider, 1220 AuthManagerAuthPlugin, and AuthManagerAuthPluginUser. 1221 * The $wgAuth configuration setting and its use in Setup.php and unit tests 1222* (T217772) The 'wgAvailableSkins' mw.config key in JavaScript, was removed. 1223* Language::markNoConversion, deprecated in 1.32, has been removed. Use 1224 LanguageConverter::markNoConversion instead. 1225* BagOStuff::modifySimpleRelayEvent() method has been removed. 1226* ParserOutput::getLegacyOptions, deprecated in 1.30, has been removed. 1227 Use ParserOutput::allCacheVaryingOptions instead. 1228* CdnCacheUpdate::newSimplePurge, deprecated in 1.27, has been removed. 1229 Use CdnCacheUpdate::newFromTitles() instead. 1230* Handling of multiple arguments by the Block constructor, deprecated in 1.26, 1231 has been removed. 1232* The translation of main page in Sardinian (sc) was changed from "Pàgina Base" 1233 to "Pàgina printzipale". Existing wikis using this content language need to 1234 move the main page or change the name through MediaWiki:Mainpage page. 1235* wfSplitWikiID(), deprecated in 1.32, has been removed. 1236* MessageBlobStore::getBlob(), deprecated in 1.27, has been removed. 1237 Use ::getBlobs() instead. 1238* The .background-size() LESS mixin, deprecated in 1.27, has been removed. 1239* ReadOnlyMode::clearCache() and ConfiguredReadOnlyMode::clearCache() have been 1240 removed. Use MediaWikiTestCase::overrideMwServices() instead. 1241* Support for the 'aggregator' option of JobQueue (and thus $wgJobTypeConf) was 1242 removed. The JobQueueAggregator interface and JobQueueAggregatorRedis class 1243 have also been removed. They were experimentally developed for use by the 1244 Wikimedia Foundation, but were never used, with no known use cases. (Note that 1245 this does not affect JobQueueRedis which is still supported.) 1246 1247=== Deprecations in 1.33 === 1248* The configuration option $wgUseESI has been deprecated, and is expected 1249 to be removed in a future release. 1250* The configuration option $wgSquidPurgeUseHostHeader has been deprecated, 1251 and is expected to be removed in a future release. 1252* The configuration options $wgFixArabicUnicode and $wgFixMalayalamUnicode, 1253 introduced in MW 1.17, have been deprecated. These fixes will always be 1254 applied for Arabic and Malayalam in the future. Please enable these on 1255 your local wiki (if you have them explicitly set to false) and run 1256 maintenance/cleanupTitles.php to fix any existing page titles. 1257* The LegacyHookPreAuthenticationProvider class, deprecated since its creation 1258 in 1.27 as part of the AuthManager re-write, now emits deprecation warnings. 1259 This will help identify the issue if you added it to $wgAuthManagerConfig. 1260* wfSplitWikiId() is now deprecated. Cache key generation should have the wiki 1261 domain ID as a key component and use makeGlobalKey(). 1262* (T202094) Title::getUserCaseDBKey() is deprecated; instead, please use 1263 Title::getDBkey(), which doesn't vary case. 1264* User::getPasswordValidity() is now deprecated. User::checkPasswordValidity() 1265 returns the same information in a more useful format. 1266* For Linker::generateTOC() and Linker::tocList(), passing strings or booleans 1267 as the $lang parameter was deprecated. The same applies to DummyLinker. 1268* The PasswordPolicy 'PasswordCannotBePopular' has been deprecated. To 1269 follow best practices, it is reccommended to use 'PasswordNotInLargeBlacklist' 1270 instead which blacklists 100,000 commonly used passwords. 1271* (T208862) Action::requiresUnblock() is now called from 1272 Title::getUserPermissionsErrors() and Title::userCan(). Previously, the method 1273 was only called in Action::checkCanExecute(). Actions should ensure that their 1274 requiresUnblock() returns the proper result (the default is `true`). 1275* (T211608) The MediaWiki\Services namespace has been renamed to 1276 Wikimedia\Services. The old name is still supported, but deprecated. 1277* (T155582) Content::getNativeData has been deprecated. Please use model- 1278 specific getters, such as TextContent::getText(). 1279* The class WebInstallerOutput is now marked as @private. 1280* (T209699) The jquery.async module has been deprecated. JavaScript code that 1281 needs asynchronous behaviour should use Promises. 1282* Password::equals() is deprecated, use verify(). 1283* BaseTemplate::msgWiki() and QuickTemplate::msgWiki() will be removed. Use 1284 other means to fetch a properly escaped message string or Message object. 1285* (T126091) The 'ResourceLoaderTestModules' hook, which lets you declare QUnit 1286 testing code for your JavaScript modules, is deprecated. Instead, you can now 1287 use the new extension registration key 'QUnitTestModule'. 1288* (T213426) The jquery.throttle-debounce module has been deprecated. JavaScript 1289 code that needs this behaviour should use OO.ui.debounce/throttle. 1290* The mw.language.specialCharacters property from the 1291 'mediawiki.language.specialCharacters' module has been deprecated. 1292 Use require( 'mediawiki.language.specialCharacters' ) instead. 1293* ChangeTags::purgeTagUsageCache() has been deprecated, and is expected to be 1294 removed in a future release. 1295* Passing a User object or null as the third parameter to 1296 ApiBase::checkTitleUserPermissions() has been deprecated. Pass an array 1297 [ 'user' => $user ] instead. 1298* (T211578) Block::prevents is deprecated. Use Block::isEmailBlocked, 1299 Block::isCreateAccountBlocked and Block::isUsertalkEditAllowed to get and set 1300 block properties; use Block::appliesToRight and Block::appliesToUsertalk to 1301 check block behaviour. 1302* The api-feature-usage log channel now has log context. The text message is 1303 deprecated and will be removed in the future. 1304* The FileBasedSiteLookup class has been deprecated. For a cacheable SiteLookup 1305 implementation, use CachingSiteStore instead. 1306* Language::viewPrevNext function is deprecated, use 1307 SpecialPage::buildPrevNextNavigation instead 1308* ManualLogEntry::setTags() is deprecated, use ManualLogEntry::addTags() 1309 instead. The setTags() method was overriding the tags, addTags() doesn't 1310 override, only adds new tags. 1311* Block::isValid is deprecated, since it is no longer needed in core. 1312* Calling Maintenance::hasArg() as well as Maintenance::getArg() with no 1313 parameter has been deprecated. Please pass the argument number 0. 1314* ResourceLoaderContext::expandModuleNames has been deprecated. 1315 Use ResourceLoader::expandModuleNames instead. 1316 1317=== Other changes in 1.33 === 1318* (T201747) Html::openElement() warns if given an element name with a space 1319 in it. 1320* The implementation of buildStringCast() in Wikimedia\Rdbms\Database has 1321 changed to explicitly cast. Subclasses relying on the base-class 1322 implementation should check whether they need to override it now. 1323* BagOStuff::add is now abstract and must explicitly be defined in subclasses. 1324* LinksDeletionUpdate is now a subclass of LinksUpdate. As a consequence, 1325 the following hooks will now be triggered upon page deletion in addition 1326 to page updates: LinksUpdateConstructed, LinksUpdate, LinksUpdateComplete. 1327 LinksUpdateAfterInsert is not triggered since deletions do not cause 1328 insertions into links tables. 1329* Category::newFromID( $id )->getID() will now return $id without any 1330 validation, to avoid a mostly unnecessary DB query. 1331* On Special:Version, the name for an extension can no longer be arbitrary 1332 html when no link is specified. 1333 1334= MediaWiki 1.32 = 1335 1336== MediaWiki 1.32.6 == 1337 1338This is a security and maintenance release of the MediaWiki 1.32 branch. 1339 1340=== Changes since MediaWiki 1.32.5 === 1341* (T236628) Fix for ArticleRevisionViewCustom hook in DifferenceEngine.php. 1342* (T181658) Do not insert page titles into querycache.qc_value. 1343* (T206013) Suppress errors when reading invalid XML file properties. 1344* (T237931) Remove references to pg_attrdef.adsrc in Postgres code. 1345* Use correct value for 'sslmode' in DatabasePostgres. 1346* (T232866) Fix support for HTTP/2 in MultiHttpClient. 1347* (T227461) Stop calling deprecated Redis delete functions. 1348* (T239561) Mark options as requiring parameters in addSite.php. 1349* (T239734) Replace deprecated lSize with lLen in Redis code. 1350* (T192134) SECURITY: Do not allow user scripts on Special:PasswordReset. 1351* (T239428) ApiEditPage: Test for bad redirect targets. 1352* (T233342) rdbms: Log debug message traces as 'exception.trace' instead of 1353 'trace'. 1354* (T226751) media: Log and fail gracefully on invalid EXIF coordinates. 1355* (T212067) SECURITY: Work around PHP bug in parse_url. 1356 1357== MediaWiki 1.32.5 == 1358 1359This is a maintenance release of the MediaWiki 1.32 branch. 1360 1361=== Changes since MediaWiki 1.32.4 === 1362* Compute sha1 and length if needed in maintenance/populateContentTables.php. 1363* Fix extra newlines in the installer. 1364* Followup T230402, PermissionManager doesn't exist until 1.33, so fix the 1365 backported patches to use User::isAllowed() instead. 1366 1367== MediaWiki 1.32.4 == 1368 1369This is a security and maintenance release of the MediaWiki 1.32 branch. 1370 1371=== Changes since MediaWiki 1.32.3 === 1372* (T207100) Updated LanguageTr for dotted and dotless I in PHP 7.3. 1373* The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification 1374 of headers in private wikis. 1375* (T230402) SECURITY: Add permission check for suppressed account to 1376 Special:Redirect. 1377* (T208897) MessageCache: Restore 'loadedLanguages' tracking for load(). 1378* (T200088) Remove title protection correctly for undeletions and imports. 1379* Add helper for HTTPFileStreamer header syntax. 1380* (T118799) Fix XMP parser errors due to trailing nullchar. 1381* (T233119) Improve documentation for the MinimumPasswordLengthToLogin policy. 1382* Cache redirects from Special:Redirect. 1383* (T231386) dispatchUser() should use a 302 http status code. 1384* (T227662) Split down patch-comment-table.sql and patch-actor-table.sql into 1385 separate files to help allieviate potential migration problems. 1386* Make SQLite's patch-add-3d.sql a no-op to prevent clobbering other database 1387 updates. 1388 1389== MediaWiki 1.32.3 == 1390 1391This is a maintenance release of the MediaWiki 1.32 branch. 1392 1393=== Changes since MediaWiki 1.32.2 === 1394* (T225558) Update installer link to PHP intl. 1395* (T225496) Detect APC for MainCacheType in CLI installer. 1396* (T226766) Remove jetbrains/phpstorm-stubs from composer dev dependencies. 1397* (T202211) Fix SQLite patch-(image|page|template)links-fix-pk.sql column order. 1398 1399== MediaWiki 1.32.2 == 1400 1401This is a security and maintenance release of the MediaWiki 1.32 branch. 1402 1403=== Changes since MediaWiki 1.32.1 === 1404* (T204423) Backport support for hyphenated DB names in JobQueueGroup. 1405* (T216968) Return pageid as int in both list=iwbacklinks and 1406 list=langbacklinks. 1407* (T215169) Fix for Database::update() with IGNORE option fails on PostgreSQL. 1408* (T199474) Fix typo in rebuildrecentchanges.php resulting in rogue flags. 1409* (T218608) SECURITY: Fix an issue that prevents Extension:OAuth working when 1410 $wgBlockDisablesLogin is true. 1411* (T216029) Chrome redirects to Special:BadTitle after editing a section with 1412 a non-Latin name on a page with non-Latin characters in title. 1413* Unbreak language related maintenance scripts that use StaticArrayWriter. 1414* (T219728) Added support for new Japanese era name "Reiwa". 1415* (T25227) SECURITY: action=logout now requires to be posted and have a csrf 1416 token. 1417* Updated cssjanus/cssjanus from 1.2.0 to 1.3.0. 1418* (T221045) Remove orphaned code from ConfigRepository. 1419* (T222385) resourceloader: Use AND instead of OR for upsert conds in 1420 saveFileDependencies(). 1421* (T224374) Fix message parameters so that the message that says SQLite is 1422 out of date makes sense. 1423* (T200471) Prevent LBFactorySimple breaking ExternalStorage, when trying to 1424 connect to external server with local database name. 1425* (T197279) SECURITY: Fix reauth in Special:ChangeEmail. 1426* (T208881) SECURITY: blacklist CSS var(). 1427* (T209794) SECURITY: rate-limit and prevent blocked users from changing email. 1428* (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block. 1429* (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query. 1430* (T222036, T222038) SECURITY: Add permission check for user is permitted to 1431 view the log type. 1432* (T221739) SECURITY: resources: Patch jQuery 3.3.1 for CVE-2019-11358. 1433 1434== MediaWiki 1.32.1 == 1435 1436=== Changes since MediaWiki 1.32.0 === 1437* (T213577) rdbms: avoid transaction status errors from ping() in rollback(). 1438* rdbms: Pass required parameter. 1439* rdbms: do not treat SAVEPOINT and RELEASE SAVEPOINT as write queries. 1440* (T204531) rdbms: reduce LoadBalancer replication log spam. 1441* (T213489) Avoid session double-start in Setup.php. 1442* (T213717) Correct namespace 'Template' for gom-deva 1443* (T198054) Fix login page crash caused by unknown language via ?uselang 1444* (T215324) (T210937) list=users mistakenly reports user as missing. 1445* (T209483) Add ILBFactory::redefineLocalDomain method. This is intended for 1446use with scripts like addWiki.php to avoid mismatched domain errors. 1447* (T208871) The hard-coded Google search form on the database error page was 1448removed. 1449* (T204800) Fix Title::getFragmentForURL for bad interwiki prefix 1450* (T215566) Fix installer being unable to determine if the database exists 1451during a fresh installation. 1452 1453== MediaWiki 1.32.0 == 1454 1455=== Changes since MediaWiki 1.32.0-rc.2 === 1456* (T188327) Fix slow queries in migrateActors.php. 1457* (T102320) Fix $magicWords for the Sanskrit language. 1458 1459=== Changes since MediaWiki 1.32.0-rc.1 === 1460* Fix addition of ug_expiry column to user_groups table on MSSQL. 1461* (T210307) Fix the cache timestamp for forced updates. 1462* (T210621) User: Bypass repeatable-read when creating an actor_id. 1463* (T197535) Extensions can now specify PHP versions and PHP extensions they 1464 depend on. 1465* Updated wikimedia/ip-set from v1.2.0 to v1.3.0. 1466* (T212356) When using action=delete on pages with many revisions, the module 1467 may return a boolean-true 'scheduled' and no 'logid'. This signifies that the 1468 deletion will be processed via the job queue. 1469* (T64103) Dropped columns category.cat_hidden, site_stats.ss_admins, and 1470 recentchanges.rc_cur_time from the PostgreSQL schema. 1471 1472=== Changes since MediaWiki 1.32.0-rc.0 === 1473* (T209885) Prevent populateSearchIndex.php from breaking once actor migration 1474 has been started. 1475* (T210998) Properly set $wgLanguageCode in the generated LocalSettings.php 1476 if --lang is used with the command-line installer (install.php). 1477 1478=== Configuration changes in 1.32 === 1479 1480==== New configuration ==== 1481* $wgJpegQuality – The quality of JPEG thumbnails is now configurable through 1482 this setting. The default is 80, which matches the quality of JPEG thumbnails 1483 previously generated by ImageMagick. The quality of JPEG thumbnails generated 1484 by GD was previously 95, but now uses the $wgJpegQuality setting as well. 1485* $wgCookieSetOnIpBlock - This determines whether to set a cookie when an IP 1486 user is blocked. Doing so means that a blocked user, even after moving to a 1487 new IP address, will still be blocked. 1488* $wgRawHtmlMessages – This new configuration setting is added for listing 1489 messages which are displayed as raw HTML. 1490* $wgCSPHeader and $wgCSPReportOnlyHeader – You can now define a 1491 "Content Security Policy" for your wiki. This adds a defense-in-depth feature 1492 to stop an attacker who has found a bug in the parser allowing them to insert 1493 malicious attributes. Disabled by default. (T135963) 1494* $wgGroupPermissions – A new user group, 'interface-admin', is added for 1495 controlling access to sitewide CSS/JS (and editing other users' CSS/JS). No 1496 other group has 'editsitecss', 'editusercss', 'editsitejs' or 'edituserjs' 1497 by default. 1498* $wgGrantPermissions – A new grant group, 'editsiteconfig', is added for 1499 granting the above rights. 1500* $wgDBDefaultGroup – A default database group for use by maintenance scripts. 1501* $wgResourceLoaderEnableJSProfiler – This new configuration setting lets you 1502 enable client-side profiling of JavaScript modules; it is off by default. 1503* (T193868) $wgChangeTagsSchemaMigrationStage — This temporary configuration 1504 setting allows sysadmins to gradually migrate the database table schema for 1505 how change tags are stored. 1506* (T199334) $wgTagStatisticsNewTable — This temporary configuration setting 1507 allows sysadmins to enable the caching of Special:Tags via the new 1508 change_tag_def table. 1509 1510==== Changed configuration ==== 1511* $wgUseAjax – This setting, deprecated in 1.31, is now ignored. 1512* $wgDefaultUserOptions – The default watchlist view time (watchlistdays) has 1513 been increased from 3 to 7 days. (T194414) 1514* $wgGroupPermissions – The right to edit sitewide Javascript 1515 (e.g. MediaWiki:Common.js), CSS or JSON was separated from 'editinterface' 1516 and is available under 'editsitejs'/'editsitecss'/'editsitejson'. Having 1517 'editinterface' is still necessary to edit such pages. 1518* $wgMultiContentRevisionSchemaMigrationStage now defaults to writing both the 1519 old and the new schema, but reading the new schema, so Multi-Content Revisions 1520 (MCR) are now functional per default. The new default value of the setting is 1521 SCHEMA_COMPAT_WRITE_BOTH | SCHEMA_COMPAT_READ_NEW. 1522* $wgActorTableSchemaMigrationStage no longer accepts MIGRATION_WRITE_BOTH or 1523 MIGRATION_WRITE_NEW. It instead uses SCHEMA_COMPAT_WRITE_BOTH | 1524 SCHEMA_COMPAT_READ_OLD and SCHEMA_COMPAT_WRITE_BOTH | SCHEMA_COMPAT_READ_NEW 1525 for intermediate stages of migration. 1526* $wgDBTableOptions – The default table options now use the binary charset. The 1527 default was already overridden in the installer-generated LocalSettings.php, 1528 and so is always set to binary after the installer UI option was removed. The 1529 default value is only used when the installer installs an extension. 1530* $wgPopularPasswordFile — The location of the default popular passwords file 1531 has been moved to be in line with other non-PHP files used by libraries and 1532 classes. 1533* $wgEnableImageWhitelist is now disabled by default, as it opens up a hole for 1534 potential privacy leaks by administrators. You can check 1535 "MediaWiki:External image whitelist" on your wiki to see whether the feature 1536 was ever used, and whether it needs to be re-enabled. 1537 1538==== Removed configuration ==== 1539* $wgEnableAPI and $wgEnableWriteAPI – These settings, deprecated in 1.31, 1540 have been removed. (T115414) 1541* $wgSiteSupportPage – This setting, unused since 1.5, was removed. 1542* $wgBrowserBlacklist – This setting, deprecated in 1.30, was removed. 1543* $wgExperimentalHtmlIds – This setting, deprecated since 1.30, was removed. 1544 The 'html5-legacy' value for $wgFragmentMode is no longer accepted. 1545* $wgPasswordSenderName - This setting, ignored since 1.23 by MediaWiki and 1546 most extensions, is no longer set. Instead, you can modify the system 1547 message `emailsender`. 1548* $wgTidyConfig – The experimental Html5Internal and Html5Depurate tidy drivers 1549 were removed. RemexHtml, which is the default, should be used instead. 1550* (T181318) The $wgStyleVersion setting and its appendage to various script and 1551 style URLs in OutputPage, deprecated in 1.31, was removed. 1552* (T140807) The wgResourceLoaderLESSImportPaths configuration option was removed 1553 from ResourceLoader. Instead, use `@import` statements in LESS to import 1554 files directly from nearby directories within the same project. 1555* (T140804) The wgResourceLoaderLESSVars configuration option, deprecated 1556 since 1.30, was removed. Instead, to expose variables from PHP to LESS, use 1557 the ResourceLoaderModule::getLessVars() method. 1558* $wgResourceLoaderValidateStaticJS – This setting, unused since MediaWiki 1.18, 1559 was removed. 1560* Two temporary variables for deploying the feature of filters on change lists, 1561 $wgStructuredChangeFiltersShowPreference introduced in MediaWiki 1.30 and 1562 $wgStructuredChangeFiltersOnWatchlist in 1.31, were removed. 1563 1564=== New features in 1.32 === 1565* (T112474) Generalized the ResourceLoader mechanism for overriding modules 1566 using a particular page during edit previews. 1567* (T12331) You can now log page creation events by setting $wgPageCreationLog 1568 to true. 1569* Added 'ApiParseMakeOutputPage' hook. 1570* (T174313) Added checkbox on Special:ListUsers to display only users in 1571 temporary user groups. 1572* (T152462) A cookie can now be set when an IP user is blocked to track that 1573 user if they move to a new IP address. This is disabled by default. 1574* (T194950) Added 'ApiMaxLagInfo' hook. 1575* SpecialPage::checkLoginSecurityLevel() will now preserve POST data when 1576 reauthenticating. 1577* FormSpecialPage::execute() will now call checkLoginSecurityLevel() if 1578 getLoginSecurityLevel() returns non-false. 1579* The 'ImageBeforeProduceHTML' hook is now passed three new parameters, $parser, 1580 &$query and &$widthOption, allowing extensions even finer control over the 1581 resulting HTML code. 1582* Added new 'ArticleShowPatrolFooter' hook, which allows extensions to determine 1583 if the [mark as patrolled] link should be shown at the footer of patrollable 1584 pages. 1585* The array of hidden options ($opts) passed to the 'SpecialSearchPowerBox' hook 1586 is now passed by reference, allowing extensions to modify or even unset it. 1587* Added new 'OutputPageAfterGetHeadLinksArray' hook, allowing extensions to 1588 modify the return value of OutputPage#getHeadLinksArray in order to add, 1589 remove or otherwise alter the elements to be output in the page <head>. 1590* (T28934) The 'HistoryPageToolLinks' hook allows extensions to append 1591 additional links to the subtitle of a history page. 1592* The 'GetLinkColours' hook now receives an additional $title parameter, 1593 the Title object of the page being parsed, on which the links will be shown. 1594* (T194731) DifferenceEngine supports multiple slots. Added SlotDiffRenderer to 1595 render diffs between two Content objects, and DifferenceEngine::setRevisions() 1596 to render diffs between two custom (potentially multi-content) revisions. 1597 Added GetSlotDiffRenderer hook which works like GetDifferenceEngine for slots. 1598* Added a temporary action=mcrundo to the web UI, as the normal undo logic 1599 can't yet handle MCR and deadlines are forcing is to put off fixing that. 1600 This action should be considered deprecated and should not be used directly. 1601* Extensions overriding ContentHandler::getUndoContent() will need to be 1602 updated for the changed method signature. 1603* Added a new hook, 'UserGetRightsRemove', which can be used to remove rights 1604 from user. Unlike the 'UserGetRights' it will ensure that removed rights 1605 will not be reinserted. 1606* (T197535) Extensions can now specify PHP versions and PHP extensions they 1607 depend on. 1608 1609=== External library changes in 1.32 === 1610 1611==== New external libraries ==== 1612* Added pear/Net_SMTP v1.8.0. 1613* Added wikimedia/xmp-reader v0.6.0. 1614 1615* Added cache/integration-tests v0.16.0 (dev-only). 1616* Added giorgiosironi/eris v0.10.0 (dev-only). 1617* Added seld/jsonlint v1.7.1 (dev-only). 1618 1619* Added EasyDeflate (unversioned). 1620 1621==== Changed external libraries ==== 1622* Updated OOUI from v0.26.3 to v0.29.2. 1623* Updated wikimedia/base-convert from v1.0.1 to v2.0.0. 1624* Updated wikimedia/remex-html from v1.0.3 to v2.0.1. 1625* Updated wikimedia/scoped-callback from v1.0.0 to v2.0.0. 1626** ScopedCallback objects can no longer be serialized. 1627* Updated wikimedia/timestamp from v1.0.0 to v2.2.0. 1628* Updated wikimedia/wrappedstring from v2.3.0 to v3.0.1. 1629* oyejorge/less.php replaced with our fork wikimedia/less.php 1630* Updated wikimedia/ip-set from v1.2.0 to v1.3.0. 1631 1632* Updated composer/spdx-licenses from v1.3.0 to v1.4.0 (dev-only). 1633* Updated mediawiki/mediawiki-codesniffer from v18.0.0 to v22.0.0 (dev-only). 1634* Updated psy/psysh from v0.8.11 to v0.9.6 (dev-only). 1635 1636* Updated CLDRPluralRuleParser from v0.1.0 to v1.3.2-pre. 1637* Updated jquery from v3.2.1 to v3.3.1. 1638* Updated jquery.client from v2.0.0 to v2.0.1. 1639* Updated jquery.i18n from v1.0.4 to v1.0.5. 1640* Updated mustache.js from v0.8.2-d9aa703 to v1.0.0. 1641* Updated OOjs from v2.2.0 to v2.2.2. 1642* Updated qunitjs from v2.4.0 to v2.6.2. 1643* Updated sinonjs from v1.17.3 to v1.17.7. 1644 1645==== Removed external libraries ==== 1646* pear/mail_mime-decode was removed. 1647 1648=== Bug fixes in 1.32 === 1649* SpecialPage::execute() will now only call checkLoginSecurityLevel() if 1650 getLoginSecurityLevel() returns non-false. 1651* (T43720, T46197) Improved page display title handling for category pages 1652* (T65080) Fixed resetting options of some types via API action=options. 1653 1654=== Action API changes in 1.32 === 1655* Added templated parameters. 1656 * A module can define a templated parameter like "{fruit}-quantity", where 1657 the actual parameters recognized correspond to the values of a multi-valued 1658 parameter. Then clients can make requests like 1659 "fruits=apples|bananas&apples-quantity=1&bananas-quantity=5". 1660 * action=paraminfo will return templated parameter definitions separately 1661 from normal parameters. All parameter definitions now include an "index" 1662 key to allow clients to maintain parameter ordering when merging normal and 1663 templated parameters. 1664* It is now an error to submit too many values for a multi-valued parameter. 1665 This has generated a warning since MediaWiki 1.14. 1666* Assertion failures from the 'assert' and 'assertuser' parameters will no 1667 longer use the action module's custom response format, for the few modules 1668 that use custom formatters that handle errors. 1669* (T198935) User list preferences such as `email-blacklist` and similar 1670 extension preferences are no longer represented as arrays when returned by 1671 action=query&meta=userinfo&uiprop=options. 1672* 'missingparam' errors will now use the prefixed parameter name in the code 1673 and error text, e.g. "noxxfoo" and "The 'xxfoo' parameter must be set" rather 1674 than "nofoo" and "The 'foo' parameter must be set". 1675* action=query&prop=revisions now takes a 'rvslots' parameter to indicate the 1676 multi-content revision slots for which content should be returned. It also 1677 has a new rvprop, 'roles', to indicate which roles have slots. A deprecation 1678 warning will be issued if rvprop=content or rvprop=contentmodel are used 1679 without rvslots. 1680* The rvcontentformat parameter to action=query&prop=revisions has been 1681 deprecated. Clients should be prepared to deal with the default format for 1682 relevant models. 1683* Use of the deprecated parameters rvexpandtemplates, rvgeneratexml, rvparse, 1684 rvdiffto, rvdifftotext, rvdifftotextpst, rvcontentformat, or the deprecated 1685 rvprop=parsetree is forbidden with the new 'rvslots' parameter. 1686* action=query&prop=deletedrevisions, action=query&list=allrevisions, and 1687 action=query&list=alldeletedrevisions are changed similarly to 1688 &prop=revisions (see the three previous items). 1689* (T174032) action=compare now supports multi-content revisions. 1690 * It has a 'slots' parameter to select diffing of individual slots. The 1691 default behavior is to return one combined diff. 1692 * The 'fromtext', 'fromsection', 'fromcontentmodel', 'fromcontentformat', 1693 'totext', 'tosection', 'tocontentmodel', and 'tocontentformat' parameters 1694 are deprecated. Specify the new 'fromslots' and 'toslots' to identify which 1695 slots have text supplied and the corresponding templated parameters for 1696 each slot. 1697 * The behavior of 'fromsection' and 'tosection' of extracting one section's 1698 content is not being preserved. 'fromsection-{slot}' and 'tosection-{slot}' 1699 instead expand the given text as if for a section edit. This effectively 1700 declines T183823 in favor of T185723. 1701* (T198214) The 'disabletidy' parameter to action=parse has been 1702 deprecated; untidy output will not be supported by future wikitext 1703 parsers. 1704* Added intestactionsdetail to action=query&prop=info to allow retrieving the 1705 reasons an action is not allowed. 1706* Deprecated action=query&prop=info inprop=readable in favor of 1707 intestactions=read. 1708* (T212356) When using action=delete on pages with many revisions, the module 1709 may return a boolean-true 'scheduled' and no 'logid'. This signifies that the 1710 deletion will be processed via the job queue. 1711 1712=== Action API internal changes in 1.32 === 1713* Added 'ApiParseMakeOutputPage' hook. 1714* Parameter names may no longer contain '{' or '}', as these are now used for 1715 templated parameters. 1716* (T194950) Added 'ApiMaxLagInfo' hook. 1717* The following methods now take a RevisionRecord rather than a Revision. No 1718 external callers are known. 1719 * ApiFeedContributions::feedItemAuthor() 1720 * ApiFeedContributions::feedItemDesc() 1721 * ApiQueryRevisionsBase::extractRevisionInfo() 1722* The following deprecated methods have been removed: 1723 * ApiBase::profileIn() (deprecated in 1.25) 1724 * ApiBase::profileOut() (deprecated in 1.25) 1725 * ApiBase::safeProfileOut() (deprecated in 1.25) 1726 * ApiBase::profileDBIn() (deprecated in 1.25) 1727 * ApiBase::profileDBOut() (deprecated in 1.25) 1728 * ApiBase::dieUsage() (deprecated in 1.29) 1729 * ApiBase::dieUsageMsg() (deprecated in 1.29) 1730 * ApiBase::dieUsageMsgOrDebug() (deprecated in 1.29) 1731 * ApiBase::getErrorFromStatus() (deprecated in 1.29) 1732 * ApiBase::parseMsg() (deprecated in 1.29) 1733 * ApiBase::setWarning() (deprecated in 1.29) 1734 * ApiPageSet::getInvalidTitles() (deprecated in 1.26) 1735 * ApiQueryLogEvents::addLogParams() (deprecated in 1.25) 1736 * ApiUsageException::getCodeString() (deprecated in 1.29) 1737 * ApiUsageException::getMessageArray() (deprecated in 1.29) 1738* Class UsageException, deprecated in 1.29, has been removed. 1739* ApiErrorFormatter: Added getFormat() and newWithFormat(). In particular, you 1740 can now easily test $formatter->getFormat() === 'bc', and then call 1741 $formatter->newWithFormat( 'plaintext' ) to get a non-BC formatter. 1742 1743=== Languages updated in 1.32 === 1744MediaWiki supports over 350 languages. Many localisations are updated regularly. 1745Below only new and removed languages are listed, as well as changes to languages 1746because of Phabricator reports. 1747 1748* (T193566) Added language support for Ambonese Malay (abs). 1749* (T194047) Added language support for Shawiya, Latin script (shy-latn). 1750* (T195940) Added language support for Batak Mandailing (btm). 1751* (T137491) Added language support for Standard Moroccan Amazigh (zgh). 1752* (T198132) Added language support for Manipuri (mni). 1753* (T201276) Added language support for Western Armenian (hyw). 1754* (T201583) Added language support for Mon (mnw). 1755 1756=== Breaking changes in 1.32 === 1757* $wgRequestTime, deprecated in 1.25, was removed. Use 1758 $_SERVER['REQUEST_TIME_FLOAT'] or WebRequest::getElapsedTime() instead. 1759* The MediaWikiI18N class, deprecated in 1.31, was removed. 1760* QuickTemplate::setTranslator(), deprecated in 1.31, was removed. Use 1761 Skin::msg() instead. 1762* wfInitShellLocale(), deprecated in 1.30, was removed. 1763* wfShellExecDisabled(), deprecated in 1.30, was removed. 1764* The type string for the parameter $lang of DateFormatter::getInstance, 1765 deprecated in 1.31, was removed. 1766* The EDIT_TOKEN_SUFFIX constant deprecated in 1.27, was removed. Use 1767 MediaWiki\Session\Token::SUFFIX instead. 1768* EditPage::isOouiEnabled() deprecated in 1.30, was removed. 1769* mw.util.wikiGetlink(), deprecated in 1.23, was removed. Use mw.util.getUrl() 1770 instead. 1771* (T61113) The following methods and constants from the Revision class, which 1772 were deprecated in 1.25, have now been removed: 1773 * Revision::getRawUser() 1774 * Revision::getRawUserText() 1775 * Revision::getRawComment() 1776* window.gM() from mediawiki.jqueryMsg, deprecated in 1.23, was removed. Use 1777 mw.msg() or mw.message() instead. 1778* mw.util.escapeId(), deprecated in 1.30, was removed. Use 1779 mw.util.escapeIdForAttribute or mw.util.escapeIdForLink instead. 1780* mw.util.updateTooltipAccessKeys(), deprecated in 1.24, was removed. Use 1781 jquery.accessKeyLabel instead. 1782* The SqlDataUpdate class, deprecated in 1.28, has been removed. 1783* The Html5Internal and Html5Depurate tidy driver classes were removed, along 1784 with the Balancer tidy implementation. Both implementations were experimental, 1785 and were replaced by RemexHtml. 1786* (T179624) Job::insert() and ::batchInsert(), deprecated in 1.21, were both 1787 removed. Use JobQueueGroup::singleton()->push() instead. 1788* The jquery.footHovzer module, for mediawiki.debug, was removed. 1789* The es5-shim module, empty and deprecated since 1.29, was removed. 1790* the dom-level2-shim module, empty and deprecated since 1.29, was removed. 1791* the json module, empty and deprecated since 1.29, was removed. 1792* The mediawiki.widgets.visibleByteLimit module alias, deprecated in 1.32, was 1793 removed. Use mediawiki.widgets.visibleLengthLimit instead. 1794* The jquery.farbtastic module, unused since 1.18, was removed. 1795* The 'jquery.expandableField' module, unused since 1.22, was removed. 1796* The hooks 'PreferencesFormPreSave' and 'PreferencesGetLegend' may provide 1797 any HTMLForm object rather than PreferencesForm. 1798* The non namespaced TimestampException class, deprecated in 1.29, was removed. 1799 Use Wikimedia\Timestamp\TimestampException instead. 1800* The global functions codepointToUtf8, hexSequenceToUtf8, utf8ToHexSequence, 1801 utf8ToCodepoint, and escapeSingleString (deprecated in 1.25) were removed. 1802 The UtfNormal\Utils class from the utfnormal library should be used instead. 1803* The deprecated UTF8_ and UNICODE_ constants were removed. The class constants 1804 from the UtfNormal\Constants class from the utfnormal library should be used 1805* The protected methods PHPSessionHandler::returnSuccess() and returnFailure(), 1806 only needed for PHP5 compatibility, have been removed. It now uses the boolean 1807 values `true` and `false` respectively. 1808* The $parserMemc global and wfGetParserCacheStorage(), deprecated since 1.30, 1809 were removed. Use the ParserCache class instead. 1810* ScopedCallback (deprecated in 1.28) was removed. Use Wikimedia\ScopedCallback 1811 instead. 1812* Support for ResourceLoaderModule::getModifiedTime() and getModifiedHash(), 1813 deprecated since 1.26, was removed. Use getDefinitionSummary() instead. 1814* (T195256) Skins are recommended not to rely on JavaScript for the "mw-jump" 1815 and "jump-to-nav" accessibility links. To this end, the "jquery.mw-jump" 1816 is no longer loaded by default. The Vector and MonoBook skins have made a 1817 minor change to implement the toggle feature with CSS instead. To restore 1818 prior functionality, either explicitly load "jquery.mw-jump" in your skin 1819 or refer to T195256 for details on how to make the same change. 1820* Hook 'EditPageBeforeEditChecks' was removed; 1821 use 'EditPageGetCheckboxesDefinition' instead. 1822* Linker::getLinkColour() and DummyLinker::getLinkColour(), deprecated since 1823 1.28, were removed. LinkRenderer::getLinkClasses() should be used instead. 1824* Wikimedia\Rdbms\LoadBalancer::getLaggedSlaveMode(), deprecated in 1.28, has 1825 been removed. Use Wikimedia\Rdbms\LoadBalancer::getLaggedReplicaMode() 1826 instead. 1827* mw.widgets.CategoryMultiselectWidget now uses TagMultiselectWidget instead of 1828 CapsuleMultiselectWidget. The following methods may no longer be used: 1829 * setItemsFromData: Use setValue instead 1830 * getItemsData: Use getItems instead and get the data property 1831* Two OutputPage methods, addMetadataLink() and getMetadataAttribute(), were 1832 removed. Use addLink() instead. 1833* Another two OutputPage methods, setPageTitleActionText() and 1834 getPageTitleActionText(), were removed. They did nothing since 1.15 (almost 1835 ten years). Use setHTMLTitle() directly. 1836* The return value of OutputPage::adaptCdnTTL() has been removed. The 1837 value returned was misleading and probably not what any caller would 1838 have wanted. 1839* All MagicWord static member variables have been removed. Use appropriate 1840 hooks or MagicWordFactory methods instead. 1841* MagicWord::clearCache() has been removed. Instead, create a new 1842 MagicWordFactory, such as by calling 1843 resetServiceForTesting( 'MagicWordFactory' ) on a MediaWikiServices. 1844* mw.util.init() has been removed. This function is not needed anymore and was 1845 a no-op function since 1.30. 1846* SpecialPageFactory::resetList() is a no-op. Call overrideMwServices() 1847 instead. 1848* MediaWiki no longer supports a StartProfiler.php file. Instead, you can set 1849 $wgProfiler and $wgEnableProfileInfo. 1850* The mw.loader.addSource() is now considered a private method, and no longer 1851 supports the `id, url` signature. Use the `Object` parameter instead. 1852* The backwards-compatibility code in HTMLForm to add a drop-down control to an 1853 option that is not set to be a drop-down if the "mw-chosen" class is present, 1854 is now removed. 1855* Several collations were removed. They were workarounds for bugs in the ICU 1856 library and they are no longer needed (as of ICU 57.1): 1857 * 'uppercase-se' (NorthernSamiUppercaseCollation) - use 'uca-se' instead 1858 * 'xx-uca-et' (CollationEt) - use 'uca-et' instead 1859 * 'xx-uca-fa' (CollationFa) - use 'uca-fa' instead 1860* LanguageCode::bcp47() now always returns a valid BCP 47 code. This means 1861 that some MediaWiki-specific language codes, such as `simple`, are mapped 1862 into valid BCP 47 codes (eg `en-simple`). 1863* The hooks 'SpecialRecentChangesFilters' & 'SpecialWatchlistFilters' deprecated 1864 in 1.23 were removed. Instead, use 'ChangesListSpecialPageStructuredFilters'. 1865 The ChangesListSpecialPage code for these legacy hooks, and their use in 1866 SpecialRecentchanges.php and SpecialWatchlist, was also removed: 1867 * ChangesListSpecialPage->getCustomFilters() 1868 * ChangesListSpecialPage->getFilterGroupDefinitionFromLegacyCustomFilters() 1869 * ChangesListSpecialPage::customFilters 1870* The global function wfUseMW, deprecated since 1.26, has now been removed. Use 1871 the "requires" property of static extension registration instead. 1872* $wgSpecialPages no longer accepts array syntax, deprecated since 1.18. 1873* The MailAddress constructor can no longer be called with a User object, 1874 behaviour which has been deprecated since 1.24. 1875* LBFactory, deprecated since 1.28, has been removed. Instead, use 1876 Wikimedia\Rdbms\LBFactory. 1877* The MimeMagic class, deprecated since 1.28 has been removed. Get a 1878 MimeAnalyzer instance from MediaWikiServices instead. 1879* The '--tidy' option to maintenance/parse.php has been removed. Tidying 1880 the output is now the default. Use '--no-tidy' to bypass the tidy 1881 phase. 1882* The global function wfErrorLog, deprecated since 1.25, has now been removed. 1883 Use MWLoggerLegacyLogger::emit or UDPTransport. 1884* The hooks 'SpecialRecentChangesQuery' & 'SpecialWatchlistQuery', deprecated in 1885 1.23, were removed. Instead, use ChangesListSpecialPageStructuredFilters or 1886 ChangesListSpecialPageQuery. 1887* The global function wfUsePHP, deprecated since 1.30, has now been removed. To 1888 assert a newer version of PHP than MediaWiki does, use extension registration. 1889* The hook 'ChangesListSpecialPageFilters', deprecated in 1.29, has now been 1890 removed. Use the 'ChangesListSpecialPageStructuredFilters' hook instead. 1891* DeferredUpdates::setImmediateMode(), deprecated since 1.29, has been removed. 1892* File / MediaHandler::getStreamHeaders(), deprecated since 1.30, was removed. 1893* The hook 'DoEditSectionLink', deprecated since 1.25, has been removed. Use 1894 the hook 'SkinEditSectionLinks' instead. 1895* The hook 'UserGetImplicitGroups', deprecated since 1.25, has been removed. 1896* The global function wfRunHooks, deprecated since 1.25, has now been removed. 1897 Use Hooks::run(). 1898* The hook 'UnknownAction', deprecated since 1.19, has now been removed. 1899* The hook 'ParserLimitReport', deprecated since 1.22, has been removed. Use 1900 the hooks 'ParserLimitReportPrepare' and 'ParserLimitReportFormat' instead. 1901* The following deprecated API methods have been removed: 1902 * ApiBase::profileIn() (deprecated in 1.25) 1903 * ApiBase::profileOut() (deprecated in 1.25) 1904 * ApiBase::safeProfileOut() (deprecated in 1.25) 1905 * ApiBase::profileDBIn() (deprecated in 1.25) 1906 * ApiBase::profileDBOut() (deprecated in 1.25) 1907 * ApiBase::dieUsage() (deprecated in 1.29) 1908 * ApiBase::dieUsageMsg() (deprecated in 1.29) 1909 * ApiBase::dieUsageMsgOrDebug() (deprecated in 1.29) 1910 * ApiBase::getErrorFromStatus() (deprecated in 1.29) 1911 * ApiBase::parseMsg() (deprecated in 1.29) 1912 * ApiBase::setWarning() (deprecated in 1.29) 1913 * ApiPageSet::getInvalidTitles() (deprecated in 1.26) 1914 * ApiQueryLogEvents::addLogParams() (deprecated in 1.25) 1915 * ApiUsageException::getCodeString() (deprecated in 1.29) 1916 * ApiUsageException::getMessageArray() (deprecated in 1.29) 1917* Class UsageException, deprecated in 1.29, has been removed. 1918* MediaWiki no longer has a 'JavaScript-powered' wikitext toolbar built in. The 1919 old "bulletin board style toolbar", known as "the 2006 wikitext editor", has 1920 been removed, and instead sysadmins will be required to choose one (or more) 1921 of the several extensions available for this purpose if they need the 1922 functionality. The MediaWiki "tarball" releases have included the replacement 1923 extension for this, the WikiEditor extension aka "the 2010 wikitext editor", 1924 for many years now. As part of this, several parts of MediaWiki have been 1925 removed or simplified: 1926 * The user option 'showtoolbar' (shown as "Show edit toolbar") is no longer 1927 available; if an extension adds a toolbar via the EditPageBeforeEditToolbar 1928 hook, it will be shown; extensions should provide a specific user preference 1929 to disable themselves as needed. 1930 * The public methods Language::getImageFile() and ::getImageFiles(), and the 1931 related specification of $imageFiles within individual languages' code file, 1932 as well as the referenced static media assets, all of which were only used 1933 inside MediaWiki itself for providing the icons for the old toolbar, have 1934 been removed without explicit deprecation. 1935 * The internal ResourceLoader module "mediawiki.toolbar", which is unused 1936 except by MediaWiki itself and back-compatibility code, has been removed. 1937 * The internal ResourceLoaderEditToolbarModule class has been removed. 1938 1939=== Deprecations in 1.32 === 1940* HTMLForm::setSubmitProgressive() is deprecated. No need to call it. Submit 1941 button is already marked as progressive. 1942* Skin::setupSkinUserCss() is deprecated. Adding of modules to load 1943 has been centralised to Skin::getDefaultModules(), which is now capable 1944 of queueing style modules as well. 1945* OutputPage::addModuleScripts() and ParserOutput::addModuleScripts are 1946 deprecated. Use addModules() instead. 1947* Overriding SearchEngine::{searchText,searchTitle,searchArchiveTitle} 1948 in extending classes is deprecated. Extend related doSearch* methods 1949 instead. 1950* The following 'mediawiki.api' plugin modules were merged into mediawiki.api 1951 and deprecated: mediawiki.api.category, mediawiki.api.edit, 1952 mediawiki.api.login, mediawiki.api.options, mediawiki.api.parse, 1953 mediawiki.api.upload, mediawiki.api.user, mediawiki.api.watch, 1954 mediawiki.api.messages, and mediawiki.api.rollback. 1955* ApiBase::truncateArray() is deprecated. No replacement, as nothing is known 1956 to use it. 1957* WatchAction::getUnwatchToken is deprecated. Use WatchAction::getWatchToken 1958 with the 'unwatch' action parameter instead. 1959* IcuCollation::getICUVersion() is deprecated, as you can just use the PHP 1960 constant INTL_ICU_VERSION directly in all versions that MediaWiki supports. 1961* Parser::fetchFile() is deprecated. Use ::fetchFileAndTitle() instead. 1962* The ApiQueryContributions class has been renamed to ApiQueryUserContribs. 1963* The XMPInfo, XMPReader, and XMPValidate classes have been deprecated in favor 1964 of the namespaced classes provided by the wikimedia/xmp-reader library. 1965* SearchResultSet::{next,rewind} are deprecated. Calling code should 1966 use foreach on the SearchResultSet, or the extractResults method. Extending 1967 code should override extractResults. 1968* Instantiating SearchResultSet directly is deprecated. SearchEngine 1969 implementations must subclass SearchResultSet for their purposes. 1970* SearchResult::setExtensionData argument has been changed from accepting an 1971 array to accepting a Closure that returns the array when called. 1972* Class CryptRand, everything in MWCryptRand except generateHex() and function 1973 MediaWikiServices::getInstance()->getCryptRand() are deprecated, use 1974 random_bytes() to generate cryptographically secure random byte sequences. 1975* Parser::getConverterLanguage() is deprecated. Use ::getTargetLanguage() 1976 instead. 1977* Language::markNoConversion() is deprecated. It confused readers because 1978 it had unexpected behavior (only marking text if it looked like a URL) 1979 and was only used in a single place in the code. Use 1980 LanguageConverter::markNoConversion() instead. 1981* (T197492) Language::truncate() was soft deprecated in 1.31 and is 1982 hard deprecated in this release. It has been split into two similar 1983 methods, Language::truncateForVisual() and Language::truncateForDatabase(), 1984 which measure length in characters and bytes, respectively. Use 1985 Language::truncateForVisual() when possible to provide equity to users 1986 of multibyte scripts. 1987* (T176526) EditPage::getContextTitle() falling back to $wgTitle when the 1988 context title is unset is now deprecated; anything creating an EditPage 1989 instance should set the context title via ::setContextTitle(). 1990* The 'jquery.hidpi' module (polyfill for IMG srcset) is deprecated. 1991* ResourceLoaderStartUpModule::getStartupModules() and ::getLegacyModules() 1992 are deprecated. These concepts are obsolete and have no replacement. 1993* String type for $lang of DifferenceEngine::setTextLanguage is deprecated. 1994* The following methods of OutputPage are now deprecated in favour 1995 of using showFatalError directly: OutputPage::showFileDeleteError() 1996 OutputPage::showFileNotFoundError(), OutputPage::showFileRenameError() 1997 OutputPage::showFileCopyError() and OutputPage::showUnexpectedValueError(). 1998* The Replacer, DoubleReplacer, HashtableReplacer, and RegexlikeReplacer 1999 classes are now deprecated. Use a Closure instead. 2000* (T194263) ContentHandler::makeParserOptions() is deprecated. Use 2001 WikiPage::makeParserOptions() or ParserOptions::newCanonical() instead. 2002* (T100681) Use of the Parsoid v1 API with the VirtualRESTService, deprecated in 2003 MediaWiki 1.26, is now hard-deprecated. All known clients were converted to 2004 the Parsoid v3 API in May 2015. 2005* $input is deprecated in hook 'LogEventsListGetExtraInputs'. Use 2006 $formDescriptor instead. 2007* SearchEngine::transformSearchTerm( $term ) should no longer be called prior 2008 to running searchText. This method was mainly implemented to support the 2009 'prefix' URI param in SpecialSearch, but there are no reasons to expose this 2010 logic as it should be handled internally by SearchEngine implementations 2011 supporting this feature. SearchEngine implementations should no longer 2012 override this methods. 2013* SearchEngine::replacePrefixes( $query ) should no longer be called prior 2014 to running searchText/searchTitle. 2015* (T199657) Messages for $wgFilterLogTypes labels should be no longer be in the 2016 'log-show-hide-[type]' format. Instead use 'logeventslist-[type]-log'. 2017* Global functions wfArrayFilter() and wfArrayFilterByKey() are deprecated. 2018 use array_filter() directly. 2019* The $wgShowSQLErrors global is deprecated and nonfunctional. 2020 Set $wgShowExceptionDetails and/or $wgShowHostnames instead. 2021* The $wgShowDBErrorBacktrace global is deprecated and nonfunctional. 2022 Set $wgShowExceptionDetails instead. 2023* Public access to the DifferenceEngine properties mOldid, mNewid, mOldRev, 2024 mNewRev, mOldPage, mNewPage, mOldContent, mNewContent, mRevisionsLoaded, 2025 mTextLoaded and mCacheHit is deprecated. Use getOldid() / getNewid() / 2026 getOldRevision() / getNewRevision() for the first four (note that the 2027 revision ones return a RevisionRecord, not a Revision), do your own lookup 2028 for page/content. 2029* The $wgExternalDiffEngine value 'wikidiff2' is deprecated. To use wikidiff2 2030 just enable the PHP extension, and it will be autodetected. 2031* (T194731) DifferenceEngine properties mOldContent and mNewContent and methods 2032 setContent(), generateContentDiffBody(), generateTextDiffBody() and textDiff() 2033 are deprecated. To interact with a single slot, use a SlotDiffRenderer (and 2034 subclass it to customize diff rendering); to diff custom (e.g. unsaved) 2035 content, use setRevisions(). Subclassing DifferenceEngine should only be done 2036 to customize page-level diff properties (such as the navigation header). 2037* The wfUseMW function, soft-deprecated in 1.26, is now hard deprecated. 2038* All MagicWord static methods are now deprecated. Use the MagicWordFactory 2039 methods instead. 2040* PasswordFactory::init is deprecated. To get a password factory with the 2041 standard configuration, use 2042 MediaWikiServices::getInstance()->getPasswordFactory. 2043* $wgContLang is deprecated, use 2044 MediaWikiServices::getInstance()->getContentLanguage() instead. 2045* $wgParser is deprecated, use MediaWikiServices::getInstance()->getParser() 2046 instead. 2047* wfGetMainCache() is deprecated, use ObjectCache::getLocalClusterInstance() 2048 instead. 2049* wfGetCache() is deprecated, use ObjectCache::getInstance() instead. 2050* All SpecialPageFactory static methods are deprecated. Instead, call the 2051 methods on a SpecialPageFactory instance, which may be obtained from 2052 MediaWikiServices. 2053* mw.user.stickyRandomId was renamed to the more explicit 2054 mw.user.getPageviewToken to better capture its function. 2055* Passing Revision objects to ContentHandler::getUndoContent() is deprecated, 2056 Content object should be passed instead. 2057* (T197179) Parameters 'notice', 'notice-messages', 'notice-message', 2058 previously used by OOUI HTMLForm fields, are now deprecated. Use 2059 'help', 'help-message', 'help-messages' instead. 2060* (T197179) HTMLFormField::getNotices() is now deprecated. 2061* The jquery.localize module is now deprecated. Use jquery.i18n instead. 2062* The SecondaryDataUpdates hook was deprecated in favor of RevisionDataUpdates, 2063 or overriding ContentHandler::getSecondaryDataUpdates (T194038). 2064* The WikiPageDeletionUpdates hook was deprecated in favor of 2065 PageDeletionDataUpdates, or overriding ContentHandler::getDeletionDataUpdates 2066 (T194038). 2067* Content::getSecondaryDataUpdates has been deprecated in favor of 2068 ContentHandler::getSecondaryDataUpdates() for overriding by extensions 2069 (T194038). 2070 Application logic should call WikiPage::doSecondaryDataUpdates() (T194037). 2071* Content::getDeletionUpdates has been deprecated in favor of 2072 ContentHandler::getDeletionUpdates() for overriding by extensions (T194038). 2073 Application logic should call WikiPage::doSecondaryDataUpdates() (T194037). 2074* (T198214) Old Tidy-related configuration settings, which were soft-deprecated 2075 in MediaWiki 1.26, have now been hard deprecated. This affects $wgUseTidy, 2076 $wgTidyBin, $wgTidyConf, $wgTidyOpts, $wgTidyInternal, and $wgDebugTidy. Use 2077 $wgTidyConfig instead. 2078* All Tidy configurations other than Remex have been hard deprecated; 2079 future parsers will not emit compatible output for these configurations. 2080 In particular, running MediaWiki with tidy disabled has been deprecated. 2081* (T198214) OutputPage::addWikiText(), OutputPage::addWikiTextWithTitle(), 2082 and OutputPage::addWikiTextTitle() have been deprecated, since they 2083 can result in untidy output. In addition OutputPage::addWikiTextTidy() 2084 and OutputPage::addWikiTextTitleTidy() was deprecated to make naming new 2085 methods consistent. Use OutputPage::addWikiTextAsInterface() or 2086 OutputPage::addWikiTextAsContent() instead, which ensures the output is 2087 tidy and clarifies whether content-language specific postprocessing should 2088 be done on the text. 2089* OutputPage::parse() and OutputPage::parseInline() have been deprecated 2090 due to untidy output and inconsistent handling of wrapper divs and 2091 interface/content language defaults. Use OutputPage::parseAsContent(), 2092 OutputPage::parseAsInterface(), or OutputPage::parseInlineAsInterface() 2093 as appropriate. 2094* QuickTemplate::msgHtml() and BaseTemplate::msgHtml() have been deprecated 2095 as they promote bad practises. I18n messages should always be properly 2096 escaped. 2097* Skin::getDynamicStylesheetQuery() has been deprecated. It always 2098 returns action=raw&ctype=text/css which callers should use directly. 2099* Class LegacyFormatter is deprecated. 2100* Use of CommentStore::insertWithTempTable() with 'img_description' is 2101 deprecated. Use CommentStore::insert() instead. 2102* Language::setCode is deprecated as public function. Use Language::factory 2103 to create a new Language object with a different language code. 2104* Several classes have been moved from the MediaWiki\Storage\ namespace to the 2105 MediaWiki\Revision\ namespace. The old class names are aliased for 2106 compatibility, but are deprecated. Classes are IncompleteRevisionException, 2107 MutableRevisionRecord, MutableRevisionSlots, RevisionAccessException, 2108 RevisionArchiveRecord, RevisionFactory, RevisionLookup, RevisionRecord, 2109 RevisionSlots, RevisionStore, RevisionStoreRecord, SlotRecord, and 2110 SuppressedDataException. 2111* When using OOUI HTMLForm containing an 'info' field which uses the 'rawrow' 2112 option, it is now deprecated to give its contents (the 'default' option) 2113 as a string. They should be given as a OOUI\FieldLayout object instead. 2114 Notably, this affects fields defined in the 'GetPreferences' hook, because 2115 Special:Preferences uses an OOUI form now. (If possible, don't use 'rawrow'.) 2116* In Skin::doEditSectionLink omitting the parameters $tooltip and $lang is 2117 deprecated. For the $lang parameter, types other than Language are 2118 deprecated. 2119* The $wgUseKeyHeader configuration option and the 2120 OutputPage::getKeyHeader() method have been deprecated; the relevant 2121 draft IETF spec expired without becoming a standard. 2122* Deprecated API action=query&prop=info inprop=readable in favor of 2123 intestactions=read. 2124 2125=== Other changes in 1.32 === 2126* (T198811) The following tables have had their UNIQUE indexes turned into 2127 proper PRIMARY KEYs for increased maintainability: interwiki, page_props, 2128 protected_titles and site_identifiers. 2129* OOUI HTMLForm will now display help text inline after the input field, 2130 rather than in a popup. Previous behavior can be restored by using 2131 `'help-inline' => false`. 2132* The archive table's ar_rev_id field is now unique. 2133* Special:BotPasswords now requires reauthentication. 2134* (T174023) Multi-Content Revision (MCR) capabilities were introduced into the 2135 storage layer and have basic support for display. No user interface exists 2136 yet for creating or managing content in slots beides the main slot. See 2137 <https://www.mediawiki.org/wiki/Multi-Content_Revisions> for more 2138 information. 2139* The image_comment_temp database table has been removed. Since all access 2140 should be mediated by the CommentStore class, this change shouldn't affect 2141 external code. 2142* (T206147) Database::close() will no longer commit any open transactions. 2143* (T64103) Dropped columns category.cat_hidden, site_stats.ss_admins, and 2144 recentchanges.rc_cur_time from the PostgreSQL schema. 2145 2146= MediaWiki 1.31 = 2147 2148== MediaWiki 1.31.8 == 2149 2150This is a security and maintenance release of the MediaWiki 1.31 branch. 2151 2152=== Changes since MediaWiki 1.31.7 === 2153* (T199809) Don't invalidate BotPasswords if a password reset email is sent. 2154* (T247017) PasswordReset performance improvements. 2155* (T250568) Work around change in SimpleXMLElement behavior introduced in PHP 2156 7.3.17. 2157* Remove some rotten and out of date documentation. 2158* (T252311) Improvements to some older SQLite update patches. 2159* (T240307) Minor fixes to extension.schema.v2.json and 2160 extension.schema.v1.json. 2161* (T199474) Set rc_patrolled to 2 for autopatrolled changes in 2162 rebuildrecentchanges.php. 2163* (T229461) Update the change_tag table in rebuildrecentchanges.php. 2164* (T206476) Call ob_start() before running tests. 2165* (T234450) Per-user concurrency in SpecialContributions can now be limited by 2166 setting $wgPoolCounterConf['SpecialContributions'] appropriately. 2167* (T248947) SECURITY: img_auth.php may leak private extension images into the 2168 public cache. 2169 2170== MediaWiki 1.31.7 == 2171 2172This is a security and maintenance release of the MediaWiki 1.31 branch. 2173 2174=== Changes since MediaWiki 1.31.6 === 2175* (T193565, T234022) Re-add DB domain sanity checks to LoadBalancer. 2176* Use proper SemVer comparison in CheckComposerLockUpToDate. 2177* (T212738) Add the MW_VERSION constant, global $wgVersion is soft deprecated. 2178* Update comment about PHP versions supported by The PHP Group. 2179* (T247215) Fix output of RecountCategories::doWork(). 2180* Add check for page existence to view.php maintenance script. 2181* (T247580) Disable some broken Selenium tests. 2182* (T236509) SECURITY: Fix HTML escaping in UserGroupMembership::getLink(). 2183* (T246602) SECURITY: jquery.makeCollapsible allows applying event handler to 2184 any CSS selector. 2185 2186== MediaWiki 1.31.6 == 2187 2188This is a security and maintenance release of the MediaWiki 1.31 branch. 2189 2190=== Changes since MediaWiki 1.31.5 === 2191* (T181658) Do not insert page titles into querycache.qc_value. 2192* (T206013) Suppress errors when reading invalid XML file properties. 2193* (T237931) Remove references to pg_attrdef.adsrc in Postgres code. 2194* Use correct value for 'sslmode' in DatabasePostgres. 2195* (T232866) Fix support for HTTP/2 in MultiHttpClient. 2196* (T227461) Stop calling deprecated Redis delete functions. 2197* (T239561) Mark options as requiring parameters in addSite.php. 2198* (T239734) Replace deprecated lSize with lLen in Redis code. 2199* (T192134) SECURITY: Do not allow user scripts on Special:PasswordReset. 2200* (T239428) ApiEditPage: Test for bad redirect targets. 2201* (T233342) rdbms: Log debug message traces as 'exception.trace' instead of 2202 'trace'. 2203* (T226751) media: Log and fail gracefully on invalid EXIF coordinates. 2204* (T212067) Work around PHP bug in parse_url. 2205 2206== MediaWiki 1.31.5 == 2207 2208This is a maintenance release of the MediaWiki 1.31 branch. 2209 2210=== Changes since MediaWiki 1.31.4 === 2211* Fix extra newlines in installer. 2212* Followup T230402, PermissionManager doesn't exist until 1.33, so fix the 2213 backported patches to use User::isAllowed() instead. 2214 2215== MediaWiki 1.31.4 == 2216 2217This is a security and maintenance release of the MediaWiki 1.31 branch. 2218 2219=== Changes since MediaWiki 1.31.3 === 2220* (T207100) Updated LanguageTr for dotted and dotless I in PHP 7.3. 2221* The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification 2222 of headers in private wikis. 2223* (T230402) SECURITY: Add permission check for suppressed account to 2224 Special:Redirect. 2225* Add helper for HTTPFileStreamer header syntax. 2226* (T118799) Fix XMP parser errors due to trailing nullchar. 2227* (T233119) Improve documentation for the MinimumPasswordLengthToLogin policy. 2228* (T202183) Give more specific error messages on Special:Redirect. 2229* Cache redirects from Special:Redirect. 2230* (T231386) dispatchUser() should use a 302 http status code. 2231* (T227662) Split down patch-comment-table.sql and patch-actor-table.sql into 2232 separate files to help allieviate potential migration problems. 2233* Make SQLite's patch-add-3d.sql a no-op to prevent clobbering other database 2234 updates. 2235 2236== MediaWiki 1.31.3 == 2237 2238This is a maintenance release of the MediaWiki 1.31 branch. 2239 2240=== Changes since MediaWiki 1.31.2 === 2241* (T225558) Update installer link to PHP intl. 2242* (T225496) Detect APC for MainCacheType in CLI installer. 2243* (T226766) Remove jetbrains/phpstorm-stubs from composer dev dependencies. 2244* (T202211) Fix SQLite patch-(image|page|template)links-fix-pk.sql column order. 2245 2246== MediaWiki 1.31.2 == 2247 2248This is a security and maintenance release of the MediaWiki 1.31 branch. 2249 2250Required PHP version has been increased from 7.0.0 to 7.0.13. 2251 2252=== Changes since MediaWiki 1.31.1 === 2253* (T204729) WatchedItemStore::countVisitingWatchersMultiple() shouldn't query 2254 all titles when asked for none. 2255* (T205967) Fix syntax error typo in postgres database upgrade file. 2256* (T200254) Add pear/Net_SMTP 1.7.3 to composer dependencies. 2257* (T206765) Load installer i18n when running update.php. 2258* (T109121) Remove deprecated pear/mail_mime-decode from composer suggested 2259 libraries. 2260 [Also in the bundled composer /vendor directory.] 2261* Various PHP 7.2 and 7.3 compatibility fixes: 2262 * (T200595, T206974) Fix PHP 7.3 warnings of using "continue" in some 2263 scenarios instead of "break". 2264 * (T206976, T206977) Also in the bundled LocalisationUpdate and 2265 ParserFunctions extensions. 2266 * (T206979) Fix PHP 7.3 warnings of using "compact()" when some variables may 2267 not be set. 2268 * (T215632) FormatMetadata and UploadStash regexes fixed to be PHP 2269 7.3-compatible. 2270 * Fix PHP warnings "preg_replace(): [...] invalid range in character class. 2271 * Avoid PHP 7.2 warnings in DBConRefTest about count() on non-Countable. 2272 * Suppress "Headers already sent" in PHP 7.2 too. 2273 * (T206476) Output only to stderr in unit tests. 2274 * (T207112) Add session_write_close() calls to SessionManager tests. 2275 * oyejorge/less.php replaced with our fork wikimedia/less.php 2276 * (T209756) Updated wikimedia/ip-set from 1.2.0 to 1.3.0. 2277 * (T213489) Avoid session double-start in Setup.php. 2278 * (T206975) Switch to our fork of less.php. 2279* (T207540) Include IP address in "Login for $1 succeeded" log entry. 2280* (T201781) Database: Allow selectFieldValues() to accept SQL fragments. 2281* (T205765) installer: Don't link to the obsolete "Extension Matrix" page. 2282* (T206013) Update ImportableUploadRevisionImporter for interwiki usernames. 2283* (T207541) Pass an email address, not a MailAddress, to mail(). 2284* (T207603) SECURITY: User JS may no longer be loaded with mime type 2285 text/javascript if there is no account associated with the username. 2286* (T112937, T113042) SECURITY: Do not allow loading pages raw with a 2287 text/javascript MIME 2288 type if non-admins can edit the page. 2289* (T17491) <ins>/<del> elements can be phrasing or flow. 2290* (T200827) RemexCompatMunger: Don't call endTag() in case B/b 2291* (T207088) Upgrade wikimedia/remex-html to 2.0.1. 2292 [Also in the bundled composer /vendor directory.] 2293* (T194052) Updated wikimedia/base-convert from 1.0.1 to 2.0.0. 2294 [Also in the bundled composer /vendor directory.] 2295* (T199494) Fix notices in maintenance/removeUnusuedAccounts.php. 2296* Require ext-fileinfo in composer.json, per PHPVersionCheck. 2297* (T176390) Bundled LocalisationUpdate extension: Handle exceptions from 2298 GitHubFetcher. 2299* (T208255) Completion search should not change the search query. 2300* (T209870) Fix SQL syntax error in MS-SQL initialisation file for new wikis. 2301* (T185049) LogFormatter: Fail softer when trying to link an invalid titles. 2302* (T210998) Properly set $wgLanguageCode in the generated LocalSettings.php 2303 if --lang is used with the command-line installer (install.php). 2304* (T211061) ImageListPager: Actor migration for buildQueryConds(). 2305* (T209335) Clarify the default sidebar 'Help' link is about MediaWiki itself. 2306* Fix addition of ug_expiry column to user_groups table on MSSQL. 2307* (T204767) Add join conditions to ActiveUsersPager. 2308* (T210621) User: Bypass repeatable-read when creating an actor_id. 2309* (T204531) rdbms: reduce LoadBalancer replication log spam. 2310* (T195525) Fix db error outage page. 2311* (T208871) The hard-coded Google search form on the database error page was 2312 removed. 2313* (T176097) Fix flaky MessageBlobStoreTest assertion failures. 2314* (T209423) Update required PHP version to 7.0.13. 2315* (T209885) Prevent populateSearchIndex.php from breaking once actor migration 2316 has been started. 2317* (T216968) Return pageid as int in both list=iwbacklinks and 2318 list=langbacklinks. 2319* (T215169) Fix for Database::update() with IGNORE option fails on PostgreSQL. 2320* (T204423) Backport support for hyphenated DB names in JobQueueGroup. 2321* (T199474) Fix typo in rebuildrecentchanges.php resulting in rogue flags. 2322* (T218608) SECURITY: Fix an issue that prevents Extension:OAuth working when 2323 $wgBlockDisablesLogin is true. 2324* (T216029) Chrome redirects to Special:BadTitle after editing a section with 2325 a non-Latin name on a page with non-Latin characters in title. 2326* (T219728) Added support for new Japanese era name "Reiwa". 2327* (T25227) SECURITY: action=logout now requires to be posted and have a csrf 2328 token. 2329* Updated cssjanus/cssjanus from 1.2.0 to 1.3.0. 2330* (T222385) resourceloader: Use AND instead of OR for upsert conds in 2331 saveFileDependencies(). 2332* (T224374) Fix message parameters so that the message that says SQLite is out 2333 of date makes sense. 2334* SpecialPage::checkLoginSecurityLevel() will now preserve POST data when 2335 reauthenticating. 2336* FormSpecialPage::execute() will now call checkLoginSecurityLevel() if 2337 getLoginSecurityLevel() returns non-false. 2338* (T197279) SECURITY: Fix reauth in Special:ChangeEmail. 2339* (T208881) SECURITY: blacklist CSS var(). 2340* (T209794) SECURITY: rate-limit and prevent blocked users from changing email. 2341* (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block. 2342* (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query. 2343* (T222036, T222038) SECURITY: Add permission check for user is permitted to 2344 view the log type. 2345* (T221739) SECURITY: resources: Patch jQuery 3.2.1 for CVE-2019-11358. 2346 2347== MediaWiki 1.31.1 == 2348 2349This is a security and maintenance release of the MediaWiki 1.31 branch. 2350 2351=== Changes since MediaWiki 1.31.0 === 2352* (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides 2353 'newbie'. 2354* (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's 2355 account lock. 2356* (T199029, CVE-2018-13258) SECURITY: Tarball was missing .htaccess files. 2357* (T197229) Bundle Nuke extension, it was accidentally omitted. 2358* (T193995) Fix undefined patchPath() method call in parser tests. 2359* (T198687) Fix various selectFields methods to use the string 'NULL', not null. 2360* Special:BotPasswords now requires reauthentication. 2361* (T191608, T187638) Add 'logid' parameter to Special:Log. 2362* (T193829) Indicate when a Bot Password needs reset. 2363* (T198037) GitInfo: Don't try shelling out if it's disabled. 2364* (T151415) Log email changes. 2365* (T197206) Fix performance regression when multiple DB used without caching. 2366* (T197030) PHPSessionHandler: Suppress headers warnings in initialize(). 2367* (T182377, T196793) Exif: Guard against uncountable tag values. 2368* (T200861) Fix total breakage of SQLite web upgrade. 2369* (T200864) Fix pingback over-reporting on non-MySQL databases 2370* (T202550) Unbreak SpecialListusersHeaderForm and SpecialListusersHeader 2371 hooks. 2372 2373== MediaWiki 1.31.0 == 2374 2375=== Changes since MediaWiki 1.31.0-rc.2 === 2376* (T195783) Initialize PSR-4 namespaces at same stage as normal autoloader. 2377* (T196092) Hide MySQL binary/utf-8 charset option in the installer. 2378* (T196185) Don't allow setting $wgDBmysql5 in the installer. 2379* (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported. 2380* (T182366) UploadBase::checkXMLEncodingMissmatch() now works on PHP 7.1+ 2381* (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete 2382 hook. 2383* (T196672) The mtime of extension.json files is now able to be zero 2384* (T180403) Validate $length in padleft/padright parser functions. 2385* (T143790) Make $wgEmailConfirmToEdit only affect edit actions. 2386 2387=== Changes since MediaWiki 1.31.0-rc.0 === 2388* (T33223) Drop archive.ar_text and ar_flags. 2389* Add default edit rate limit of 90 edits/minute for all users. 2390* (T187645) Use codepoint as tiebreaker when getting first-letters in 2391 IcuCollation. 2392* (T191947) Don't shell during the installer if shelling out is disabled. 2393* (T194319) Improve duplicate config setting exception as part of extension 2394 registration. 2395* (T195211) Don't require trailing slash in PSR-4 autoloader directory. 2396* (T186565) Fix PHP Notice from `ob_end_flush()` in `FileRepo::streamFile()`. 2397* Do not incorrectly hide namespace input field in the installer. 2398* (T186456) Refactor checks looking for PEAR maik libraries to be clearer. 2399 2400=== Important pre-upgrade notes for 1.31 === 2401* If you're using MySQL, SQLite, or MSSQL, are not using update.php to apply 2402 schema changes, and cannot have downtime to run migrateArchiveText.php and 2403 apply patch-drop-ar_text.sql manually, you'll have to apply a default value 2404 to the ar_text and ar_flags columns of the archive table or make those 2405 columns nullable before upgrading to MediaWiki 1.31. 2406 maintenance/archives/patch-nullable-ar_text.sql shows how to do this for 2407 MySQL. 2408 2409=== Configuration changes in 1.31 === 2410* $wgEnableAPI and $wgEnableWriteAPI are now deprecated and will be removed in 2411 a future version. The API is now considered to be stable, secure and 2412 essential. 2413* $wgUsejQueryThree was removed, as it is now the default. This was documented 2414 as a temporary variable during the migration period, deprecated since 1.29. 2415* $wgLogoHD has been updated to support svg images and uses $wgLogo where 2416 possible for fallback images such as png. 2417* (T44246) $wgFilterLogTypes will no longer ignore 'patrol' when user does not 2418 have the right to mark things patrolled. 2419* Wikis that contain imported revisions or CentralAuth global blocks should run 2420 maintenance/cleanupUsersWithNoId.php. 2421* The configuration settings $wgResourceLoaderMinifierStatementsOnOwnLine and 2422 $wgResourceLoaderMinifierMaxLineLength, deprecated since 1.27, were removed. 2423* (T180921) $wgReferrerPolicy now supports having fallbacks for browsers that 2424 are not using the latest version of the Referrer Policy specification. 2425* $wgFragmentMode is now set to [ 'legacy', 'html5' ] by default. This is a 2426 first step of migration to human-readable section IDs that will later result 2427 in 'html5' being the default mode. 2428* CACHE_ACCEL now only supports APC(u) or WinCache. XCache support was removed 2429 as upstream is inactive and has no plans to move to PHP 7. 2430* The old CategorizedRecentChanges feature, including its related configuration 2431 option $wgAllowCategorizedRecentChanges, has been removed. 2432* (T188472) The 'comma' value for $wgArticleCountMethod is no longer supported 2433 for performance reasons, and installations with this setting will now work as 2434 if it was configured with 'any'. 2435* (T185753) MediaWiki now defaults to using RemexHtml to tidy up user input, 2436 rather than being off by default. If you wish to disable HTML tidying 2437 entirely, set $wgTidyConfig to null; if you wish to use the old, deprecated 2438 Tidy external binary, both set $wgTidyConfig to null and $wgUseTidy to true. 2439* $wgLogAutopatrol now defaults to false instead of true. 2440* $wgValidateAllHtml was removed and will be ignored. 2441* $wgScriptExtension, deprecated and ignored since 1.25, was removed. See the 2442 1.25 release notes for more information. 2443* $wgUseAjax is now marked as deprecated, just like the deprecated AJAX 2444 framework that it enables. Some extensions mistakenly used this to check 2445 whether any AJAX functionality at all should be enabled, further making this 2446 problematic to retain. 2447* $wgDBmysql5 is now deprecated, and will be removed in a future version. It 2448 has been marked as experimental ever since it was introduced. 2449 2450=== New features in 1.31 === 2451* (T76554) User sub-pages named ….json are now protected in the same way that 2452 ….js and ….css pages are, so that configuration options can safely be placed 2453 there. 2454* Wikimedia\Rdbms\IDatabase->select() and similar methods now support joins 2455 with parentheses for grouping. 2456* As a first pass in standardizing dialog boxes across the MediaWiki product, 2457 Html class now provides helper methods for messageBox, successBox, errorBox 2458 and warningBox generation. 2459* (T9240) Imports will now record unknown (and, optionally, known) usernames in 2460 a format like "iw>Example". 2461* (T20209) Linker (used on history pages, log pages, and so on) will display 2462 usernames formed like "iw>Example" as interwiki links, as if by wikitext like 2463 [[iw:User:Example|iw>Example]]. 2464* (T111605) The 'ImportHandleUnknownUser' hook allows extensions to auto-create 2465 users during an import. 2466* Added a hook, ParserOutputPostCacheTransform, to allow extensions to affect 2467 the ParserOutput::getText() post-cache transformations. 2468* Added a hook, UploadForm:getInitialPageText, to allow extensions to alter the 2469 initial page text for file uploads. 2470* (T181651) The info page for File pages now displays the file's base-16 SHA1 2471 hash value in the table of basic information. 2472* Style tags with a 'data-mw-deduplicate' attribute will be deduplicated as a 2473 ParserOutput::getText() post-cache transformation. This may be disabled by 2474 passing 'deduplicateStyles' => false to that method. 2475* The identity of the logged-in or IP "actor" for logged actions is being moved 2476 into a new actor table, with the rows in tables such as revision and logging 2477 referring to the actor ID instead of storing the user ID and name/IP in 2478 every row. 2479 * This is currently gated by $wgActorTableSchemaMigrationStage. Most wikis 2480 can set this to MIGRATION_NEW and run maintenance/migrateActors.php as 2481 soon as any necessary extensions are updated. 2482 * Most code accessing rows for logged actions from the database should use 2483 the relevant getQueryInfo() methods to get the information needed to build 2484 the SQL query. The ActorMigration class may also be used to get feature 2485 -flagged information needed to access actor-related fields during the 2486 migration period. 2487* Added Wikimedia\Rdbms\IDatabase::cancelAtomic(), to roll back an atomic 2488 section without having to roll back the whole transaction. 2489* Wikimedia\Rdbms\IDatabase::doAtomicSection(), non-native ::insertSelect(), 2490 and non-MySQL ::replace() and ::upsert() no longer roll back the whole 2491 transaction on failure. 2492* (T189785) Added a monthly heartbeat ping to the pingback feature. 2493* The CLI installer (maintenance/install.php) learned to detect and include 2494 extensions. Pass --with-extensions to enable that feature. 2495* (T184791) rc_patrolled now has three states: "0" for unpatrolled, 2496 "1" for manually patrolled and "2" for autopatrolled actions. 2497* Extensions can now set their type to "editor" if they provide an editor or 2498 enhance the editing experience. 2499* Extensions can use a PSR-4 autoloader by setting an "AutoloadNamespaces" 2500 property in extension.json. See the documentation at 2501 <https://mediawiki.org/wiki/Manual:Extension.json/Schema#AutoloadNamespaces> 2502 for more details and an example. 2503* (T19099) Tabs which link to pages that don't exist (like those to uncreated 2504 discussion pages) now have a tooltip to indicate state, not just colour. 2505 2506=== External library changes in 1.31 === 2507* pear/mail, pear/mail_mime and pear/mail_mime-decode have been moved from 2508 suggested to required. These packages now must be installed via composer 2509 and not via PEAR itself. 2510 2511==== Upgraded external libraries ==== 2512* Updated jquery.chosen from v0.9.14 to v1.8.2. 2513* Updated composer/spdx-licenses from 1.1.4 to 1.3.0 (development dependency). 2514* Updated nikic/php-parser from 2.1.0 to 3.1.3 (development dependency). 2515* Updated wikimedia/ip-set from 1.1.0 to 1.2.0. 2516* Updated wikimedia/relpath from 2.0.0 to 2.1.1. 2517* Updated wikimedia/running-stat from 1.1.0 to 1.2.0. 2518* Updated wikimedia/wrappedstring from 2.2.0 to 2.3.0. 2519* Updated mediawiki/at-ease from 1.1.0 to 1.2.0. 2520* Updated wikimedia/php-session-serializer from 1.0.4 to 1.0.6. 2521* Updated wikimedia/remex-html from 1.0.2 to 1.0.3. 2522* Updated wikimedia/html-formatter from 1.0.1 to 1.0.2. 2523 2524==== New external libraries ==== 2525* Added wikimedia/object-factory 1.0.0 2526 2527==== Removed and replaced external libraries ==== 2528* (T17845) The deprecated 'jquery.badge' module was removed. 2529* The deprecated 'jquery.autoEllipsis' module was removed. Use the CSS 2530 text-overflow property instead. 2531* The deprecated 'jquery.placeholder' module was removed. 2532* The deprecated 'jquery.appear' module was removed. Use the 2533 'mediawiki.viewport' module instead. 2534* mediawiki/at-ease was replaced with wikimedia/at-ease. 2535 2536=== Bug fixes in 1.31 === 2537* (T90902) Non-breaking space in header ID breaks anchor. 2538* (T189375) CSSMin now allows quoted urls in `url()` syntax to start with a 2539 space. 2540* (T2087, T10897, T87753, T174639) Whitespace created by category and language 2541 links is now stripped rather than leaving blank lines in odd places. 2542* (T3780) Uploads with UTF-8 names now work on PHP7.1+ on Windows servers. 2543* (T182366) UploadBase::checkXMLEncodingMissmatch() now works on PHP 7.1+ 2544 2545=== Action API changes in 1.31 === 2546* (T185058) The 'name' value to tgprop for action=query&list=tags has been 2547 removed. It has never made a difference in the output, the name was always 2548 returned regardless. 2549* The 'watch' and 'unwatch' parameters for action=move have been removed. They 2550 were deprecated and also accidentally nonfunctional since 1.17 in 2010. Use 2551 'watchlist' instead. 2552 2553=== Action API internal changes in 1.31 === 2554* ApiBase::getProfileDBTime, deprecated since 1.25, was removed. 2555* ApiBase::getModuleProfileName, deprecated since 1.25, was removed. 2556* ApiBase::getProfileTime, deprecated since 1.25, was removed. 2557 2558=== Languages updated in 1.31 === 2559MediaWiki supports over 350 languages. Many localisations are updated 2560regularly. Below only new and removed languages are listed, as well as 2561changes to languages because of Phabricator reports. 2562 2563* (T180052) Mirandese (mwl) now supports gendered NS_USER/NS_USER_TALK. 2564* (T182305) New language support: Nyungar (nys). 2565* (T186359) New language support: Siberian Tatar [себертатар] (sty). 2566* (T186635) New language support: Guianan Creole (gcr). 2567* (T186647) New language support: Kumyk [къумукъ] (kum). 2568* (T187750) New language support: Spanish formal address (es-formal). 2569* (T187824) New language support: Hungarian formal address (hu-formal). 2570* (T189127) New language support: Gorontalo (gor). 2571 2572=== Breaking changes in 1.31 === 2573* MessageBlobStore::insertMessageBlob(), deprecated in 1.27, was removed. 2574* The OutputPage class constructor now requires a context parameter. 2575 Instantiating without context was deprecated in 1.18. 2576* The mw.page JavaScript singleton, deprecated in 1.30, was removed. 2577* Article::getLastPurgeTimestamp(), WikiPage::getLastPurgeTimestamp(), and the 2578 related WikiPage::PURGE_* constants, deprecated in 1.29, were removed. 2579* The Article::selectFields(), ::onArticleCreate(), ::onArticleDelete(), and 2580 ::onArticleEdit() methods, deprecated in 1.24, were removed. 2581* Installer::locateExecutable() and ::locateExecutableInDefaultPaths() were 2582 removed. Use ExecutableFinder::findInDefaultPaths() instead. 2583* The deprecated MW_DIFF_VERSION constant was removed. 2584 DifferenceEngine::MW_DIFF_VERSION should be used instead. 2585* Due to significant refactoring, method ContribsPager::getUserCond() that had 2586 no access restriction has been removed. 2587* The Block class will no longer accept usable-but-missing usernames for 2588 'byText' or ->setBlocker(). Callers should either ensure the blocker exists 2589 locally or use a new interwiki-format username like "iw>Example". 2590* The following methods and constants from the WatchedItem class, which were 2591 deprecated in 1.27, have been removed: 2592 * WatchedItem::getTitle() 2593 * WatchedItem::fromUserTitle() 2594 * WatchedItem::addWatch() 2595 * WatchedItem::removeWatch() 2596 * WatchedItem::isWatched() 2597 * WatchedItem::duplicateEntries() 2598 * WatchedItem::IGNORE_USER_RIGHTS 2599 * WatchedItem::CHECK_USER_RIGHTS 2600 * WatchedItem::DEPRECATED_USAGE_TIMESTAMP 2601* The $statementsOnOwnLine parameter of JavaScriptMinifier::minify was removed. 2602 $wgResourceLoaderMinifierStatementsOnOwnLine, the corresponding configuration 2603 variable, has been deprecated since 1.27 and was removed as well. 2604* The $maxLineLength parameter of JavaScriptMinifier::minify was removed. 2605 $wgResourceLoaderMinifierMaxLineLength, the corresponding configuration 2606 variable, has been deprecated since 1.27 and was removed as well. 2607* The HtmlFormatter class, deprecated in 1.27, was removed. The namespaced 2608 HtmlFormatter\HtmlFormatter class should be used instead. 2609* The driver 'mysql' for MySQL, deprecated in MediaWiki 1.30, has been removed. 2610 The driver has been deprecated since PHP 5.5 and was removed in PHP 7.0. The 2611 default driver for MySQL has been 'mysqli' since MediaWiki 1.22. 2612* The following properties of PreparedEdit were deprecated in 1.21 and have 2613 been removed: 2614 * PreparedEdit->newText 2615 * PreparedEdit->oldText 2616 * PreparedEdit->pst 2617* ParserOutput objects which are generated using a non-default value for 2618 ParserOptions::setWrapOutputClass() can no longer be added to the parser 2619 cache. 2620* The following deprecated methods from the OutputPage class have been removed: 2621 * OutputPage::addExtensionStyle(); deprecated in 1.27 2622 * OutputPage::getExtStyle(); deprecated in 1.27 2623 * OutputPage::setETag(); deprecated in 1.28 (obsolete no-op) 2624 * OutputPage::setSquidMaxage(); deprecated in 1.27 2625 * OutputPage::readOnlyPage(); deprecated in 1.25 2626 * OutputPage::rateLimited(); deprecated in 1.25 2627 * Additionally, the protected OutputPage::$mExtStyles array, only accessed 2628 through the above and with no known uses, was removed. 2629* The no-op method Skin::showIPinHeader(), deprecated in 1.27, was removed. 2630* The following variables and methods in EditPage, deprecated in MediaWiki 1.30, 2631 were removed: 2632 * $isCssJsSubpage — use ::isUserConfigPage() 2633 * $isCssSubpage — use ::isUserCssConfigPage() 2634 * $isJsSubpage — use ::isUserJsConfigPage() 2635 * $isWrongCaseCssJsPage – use ::isWrongCaseUserConfigPage() 2636 * ::getSummaryInput() – use ::getSummaryInputWidget() 2637 * ::getSummaryInputOOUI() – use ::getSummaryInputWidget() 2638 * ::getCheckboxes() – use ::getCheckboxesWidget() or 2639 ::getCheckboxesDefinition() 2640 * ::getCheckboxesOOUI() – use ::getCheckboxesWidget() or 2641 ::getCheckboxesDefinition() 2642* ResourceLoaderModule::getPosition(), deprecated in 1.29, has been removed. 2643* In User, the cookie-related methods which were wrappers for the functions on 2644 the response object, and were deprecated in 1.27, have been removed: 2645 * ::setCookie() 2646 * ::clearCookie() 2647 * ::setExtendedLoginCookie() 2648 Note that User::setCookies() remains, and is not deprecated. 2649* Also in User, some auth-related methods which were deprecated in 1.27 have 2650 been removed: 2651 * ::getEditTokenTimestamp() – use MediaWiki\Session\Token::getTimestamp() 2652 * ::getPasswordFactory() – create a PasswordFactory directly 2653 * ::passwordChangeInputAttribs() 2654* The global functions wfProfileIn and wfProfileOut, deprecated in 1.25, have 2655 been removed. 2656* SpecialPageFactory::getList(), deprecated in 1.24, has been removed. You can 2657 use ::getNames() instead. 2658* OpenSearch::getOpenSearchTemplate(), deprecated in 1.25, has been removed. You 2659 can use ApiOpenSearch::getOpenSearchTemplate() instead. 2660* The global function wfBaseConvert, deprecated in 1.27, has been removed. Use 2661 Wikimedia\base_convert() directly. 2662* Calling Database::begin() explicitly during an implicit transaction or when 2663 DBO_TRX is set results in an exception. Calling Database::commit() explicitly 2664 for an implicit transaction also results in an exception. Previously these 2665 were logged as errors. The startAtomic() and endAtomic() methods, or 2666 AtomicSectionUpdate should be used instead. 2667* The global function wfOutputHandler() was removed, use the its replacement 2668 MediaWiki\OutputHandler::handle() instead. The global function was only 2669 sometimes defined. Its replacement is always available via the autoloader. 2670* ChangeTags::listExtensionActivatedTags and ::listExtensionDefinedTags, 2671 deprecated in 1.28, have been removed. Use ::listSoftwareActivatedTags() and 2672 ::listSoftwareDefinedTags() instead. 2673* Title::getTitleInvalidRegex(), deprecated in 1.25, has been removed. You can 2674 use MediaWikiTitleCodec::getTitleInvalidRegex() instead. 2675* HTMLForm & VFormHTMLForm::isVForm(), deprecated in 1.25, have been removed. 2676* The ProfileSection class, deprecated in 1.25 and unused, has been removed. 2677* The ResourceLoaderGetLessVars hook, deprecated in 1.30, has been removed. Use 2678 ResourceLoaderModule::getLessVars() to expose local variables instead of 2679 global ones. 2680* As part of work to modernise user-generated content clean-up, a config option 2681 and some methods related to HTML validity were removed without deprecation. 2682 The public methods MWTidy::checkErrors() and the path through which it was 2683 called, TidyDriverBase::validate(), are removed, as are the testing methods 2684 MediaWikiTestCase::assertValidHtmlSnippet() and ::assertValidHtmlDocument(). 2685 The $wgValidateAllHtml configuration option is removed and will be ignored. 2686* Execution of external programs using MediaWiki\Shell\Command now applies 2687 the RESTRICT_DEFAULT Firejail restriction by default. 2688* The ResourceLoaderModule::getHashMtime() and ::getDefinitionMtime() methods, 2689 deprecated in 1.26, were removed. 2690* The deprecated 'mediawiki.widgets.CategorySelector' module alias was removed. 2691 Use the 'mediawiki.widgets.CategoryMultiselectWidget' module directly. 2692 2693=== Deprecations in 1.31 === 2694* The Revision class was deprecated in favor of RevisionStore, BlobStore, and 2695 RevisionRecord and its subclasses. 2696* The global function wfBCP47 is deprecated in favour of LanguageCode::bcp47. 2697* The global function wfCountDown is now deprecated in favor of 2698 Maintenance::countDown. 2699* Several methods for returning lists of fields to select from the database 2700 have been deprecated in favor of similar methods that also return the tables 2701 to select from and the join conditions for those tables. 2702 * Block::selectFields() → Block::getQueryInfo() 2703 * RecentChange::selectFields() → RecentChange::getQueryInfo() 2704 * ArchivedFile::selectFields() → ArchivedFile::getQueryInfo() 2705 * LocalFile::selectFields() → LocalFile::getQueryInfo() 2706 * LocalFile::getCacheFields() with a prefix no longer works 2707 * LocalFile::getLazyCacheFields() with a prefix no longer works 2708 * OldLocalFile::selectFields() → OldLocalFile::getQueryInfo() 2709 * RecentChange::selectFields() → RecentChange::getQueryInfo() 2710 * Revision::userJoinCond() → Revision::getQueryInfo( [ 'user' ] ) 2711 * Revision::selectUserFields() → Revision::getQueryInfo( [ 'user' ] ) 2712 * Revision::pageJoinCond() → Revision::getQueryInfo( [ 'page' ] ) 2713 * Revision::selectPageFields() → Revision::getQueryInfo( [ 'page' ] ) 2714 * Revision::selectTextFields() → Revision::getQueryInfo( [ 'text' ] ) 2715 * Revision::selectFields() → Revision::getQueryInfo() 2716 * Revision::selectArchiveFields() → Revision::getArchiveQueryInfo() 2717 * User::selectFields() → User::getQueryInfo() 2718 * WikiPage::selectFields() → WikiPage::getQueryInfo() 2719* Revision::setUserIdAndName() was deprecated. 2720* Access to TitleValue class properties was deprecated, the relevant getters 2721 should be used instead. 2722* DifferenceEngine::getDiffBodyCacheKey() is deprecated. Subclasses should 2723 override DifferenceEngine::getDiffBodyCacheKeyParams() instead. 2724* Use of Maintenance::error( $err, $die ) to exit script was deprecated. Use 2725 Maintenance::fatalError() instead. 2726* Passing a ParserOptions object to OutputPage::parserOptions() is deprecated. 2727* The RevisionInsertComplete hook is now deprecated; use instead the hook 2728 RevisionRecordInserted. RevisionInsertComplete is still called, but the second 2729 and third parameter will always be null. Hard deprecation is scheduled for 2730 1.32. 2731* The following methods that get and set ParserOutput state are deprecated. 2732 Callers should use the new stateless $options parameter to 2733 ParserOutput::getText() instead. 2734 * ParserOptions::getEditSection() 2735 * ParserOptions::setEditSection() 2736 * ParserOutput::getEditSectionTokens() 2737 * ParserOutput::setEditSectionTokens() 2738 * ParserOutput::getTOCEnabled() 2739 * ParserOutput::setTOCEnabled() 2740 * OutputPage::enableSectionEditLinks() 2741 * OutputPage::sectionEditLinksEnabled() 2742 * The public ParserOutput state fields $mTOCEnabled and $mEditSectionTokens 2743 are also deprecated. 2744* License::getLicenses has been deprecated; use License::getLines instead. 2745* QuickTemplate::setRef() was deprecated in favour of QuickTemplate::set(). 2746 Setting template variables by reference allowed violating the principle of 2747 data being immutable once added to the skin template. In practice, this method 2748 was not being used for that. Rather, setRef() existed as memory optimisation 2749 for PHP 4. 2750* QuickTemplate::setTranslator() and MediaWikiI18N::set() were deprecated in 2751 favour of Skin::msg() parameters. 2752* MediaWikiI18N::translate() was deprecated in favour of Skin::msg() or 2753 wfMessage(). 2754* Passing false to ParserOptions::setWrapOutputClass() is deprecated. Use the 2755 'unwrap' transform to ParserOutput::getText() instead. 2756* \ObjectFactory (no namespace) is deprecated, the namespaced class 2757 \Wikimedia\ObjectFactory from the wikimedia/object-factory library should be 2758 used instead. 2759* CommentStore::newKey is deprecated. Instead, get an instance from 2760 MediaWikiServices. 2761* The following CommentStore methods have had their signatures changed to 2762 introduce a $key parameter, usage of the methods on instances retrieved from 2763 CommentStore::newKey will remain unchanged but deprecated: 2764 * CommentStore::getFields 2765 * CommentStore::getJoin 2766 * CommentStore::getComment 2767 * CommentStore::getCommentLegacy 2768 * CommentStore::insert 2769 * CommentStore::insertWithTemplate 2770* The following methods in Title have been renamed, and the old ones are 2771 deprecated: 2772 * Title::getSkinFromCssJsSubpage – use ::getSkinFromConfigSubpage 2773 * Title::isCssOrJsPage – use ::isSiteConfigPage 2774 * Title::isCssJsSubpage – use ::isUserConfigPage 2775 * Title::isCssSubpage – use ::isUserCssConfigPage 2776 * Title::isJsSubpage – use ::isUserJsConfigPage 2777* The following methods related to caching of half-parsed HTML were deprecated: 2778 * Parser::serializeHalfParsedText() 2779 * Parser::unserializeHalfParsedText() 2780 * Parser::isValidHalfParsedText() 2781 * StripState::getSubState() 2782 * StripState::merge() 2783* The DeferredStringifier class is deprecated, use Message::listParam() instead. 2784* The type string for the parameter $lang of DateFormatter::getInstance is 2785 deprecated. 2786* Wikimedia\Rdbms\SavepointPostgres is deprecated. 2787* The DO_MAINTENANCE constant is deprecated. RUN_MAINTENANCE_IF_MAIN should be 2788 used instead. 2789* The function wfShellWikiCmd() has been deprecated, use 2790 MediaWiki\Shell::makeScriptCommand(). 2791* In the future, the hooks 'PreferencesFormPreSave' and 'PreferencesGetLegend' 2792 will be allowed to provide any HTMLForm object rather than PreferencesForm. 2793 2794=== Other changes in 1.31 === 2795* Browser support for Internet Explorer 10 was lowered from Grade A to Grade C. 2796* Browser support for Opera 12 and older was dropped entirely. Opera 15+ 2797 continues at Grade A. 2798* Multi-content-revision capability was introduced into the storage layer. See 2799 <https://mediawiki.org/wiki/Requests_for_comment/Multi-Content_Revisions>. 2800* The "free" CSS class is now only applied to unbracketed URLs in wikitext. 2801 Links written using square brackets will get the class "text" not "free". 2802* RFC 157418: Whitespace is trimmed from wikitext headings, wikitext list items, 2803 wikitext table captions, wikitext table headings, wikitext table cells. HTML 2804 headings, HTML list items, HTML table captions, HTML table headings, HTML 2805 table cells will not have this trimming behavior. 2806 2807== Compatibility == 2808MediaWiki 1.31 requires PHP 7.0.0 or later. Although HHVM 3.18.5 or later is 2809supported, it is generally advised to use PHP 7.0.0 or later for long term 2810support. 2811 2812MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used, 2813but support for them is somewhat less mature. There is experimental support for 2814Oracle and Microsoft SQL Server. 2815 2816The supported versions are: 2817 2818* MySQL 5.5.8 or later 2819* PostgreSQL 9.2 or later 2820* SQLite 3.3.7 or later 2821* Oracle 9.0.1 or later 2822* Microsoft SQL Server 2005 (9.00.1399) 2823 2824== Upgrading == 28251.31 has several database changes since 1.30, and will not work without schema 2826updates. Note that due to changes to some very large tables like the revision 2827table, the schema update may take quite long (minutes on a medium sized site, 2828many hours on a large site). 2829 2830Don't forget to always back up your database before upgrading! 2831 2832See the file UPGRADE for more detailed upgrade instructions, including 2833important information when upgrading from versions prior to 1.11. 2834 2835For notes on 1.30.x and older releases, see HISTORY. 2836 2837== Online documentation == 2838Documentation for both end-users and site administrators is available on 2839MediaWiki.org, and is covered under the GNU Free Documentation License (except 2840for pages that explicitly state that their contents are in the public domain): 2841 2842 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation 2843 2844== Mailing list == 2845A mailing list is available for MediaWiki user support and discussion: 2846 2847 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l 2848 2849A low-traffic announcements-only list is also available: 2850 2851 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce 2852 2853It's highly recommended that you sign up for one of these lists if you're 2854going to run a public MediaWiki, so you can be notified of security fixes. 2855 2856== IRC help == 2857There's usually someone online in #mediawiki on irc.freenode.net. 2858 2859 2860= MediaWiki 1.30 = 2861 2862== MediaWiki 1.30.2 == 2863 2864This is a security and maintenance release of the MediaWiki 1.30 branch. 2865 2866=== Changes since MediaWiki 1.30.1 === 2867* (T204729) WatchedItemStore::countVisitingWatchersMultiple() shouldn't query 2868 all titles when asked for none. 2869* (T109121) Remove deprecated pear/mail_mime-decode from composer suggested 2870 libraries. 2871* (T207540) Include IP address in "Login for $1 succeeded" log entry. 2872* (T205765) Don't link to the obsolete "Extension Matrix" page in installer. 2873* (T207603) SECURITY: User JS may no longer be loaded with mime type 2874 text/javascript if there is no account associated with the username. 2875* (T113042) SECURITY: Do not allow loading pages raw with a text/javascript MIME 2876 type if non-admins can edit the page. 2877* (T207541) Pass email address to mail(). 2878* Fix addition of ug_expiry column to user_groups table on MSSQL. 2879* (T204531) rdbms: reduce LoadBalancer replication log spam. 2880* (T213489) Avoid session double-start in Setup.php. 2881* (T195525) Fix db error outage page. 2882* (T208871) The hard-coded Google search form on the database error page was 2883 removed. 2884* (T216968) Return pageid as int in both list=iwbacklinks and 2885 list=langbacklinks. 2886* (T218608) SECURITY: Fix an issue that prevents Extension:OAuth working when 2887 $wgBlockDisablesLogin is true. 2888* (T25227) SECURITY: action=logout now requires to be posted and have a csrf 2889 token. 2890* (T222385) resourceloader: Use AND instead of OR for upsert conds in 2891 saveFileDependencies(). 2892* (T224374) Fix message parameters so that the message that says SQLite is out 2893 of date makes sense. 2894* SpecialPage::checkLoginSecurityLevel() will now preserve POST data when 2895 reauthenticating. 2896* FormSpecialPage::execute() will now call checkLoginSecurityLevel() if 2897 getLoginSecurityLevel() returns non-false. 2898* (T197279) SECURITY: Fix reauth in Special:ChangeEmail. 2899* (T208881) SECURITY: blacklist CSS var(). 2900* (T209794) SECURITY: rate-limit and prevent blocked users from changing email. 2901* (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block. 2902* (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query. 2903* (T222036, T222038) SECURITY: Add permission check for user is permitted to 2904 view the log type. 2905* (T221739) SECURITY: resources: Patch jQuery 1.11.3 for CVE-2019-11358. 2906 2907== MediaWiki 1.30.1 == 2908 2909This is a security and maintenance release of the MediaWiki 1.30 branch. 2910 2911=== Changes since MediaWiki 1.30.0 === 2912* (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides 2913 'newbie'. 2914* (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's 2915 account lock. 2916* (T87572) Make FormatMetadata::flattenArrayReal() work for an associative 2917 array. 2918* Updated composer/spdx-licenses from 1.1.4 to 1.3.0 (development dependency). 2919* (T189567) the CLI installer (maintenance/install.php) learned to detect and 2920 include extensions. Pass --with-extensions to enable that feature. 2921* (T190503) Let built-in web server (maintenance/dev) handle .php requests. 2922* (T167507) selenium: Run Chrome headlessly. 2923* selenium: Pass -no-sandbox to Chrome under Docker. 2924* (T179190) selenium: Move logic for running tests from package.json to 2925 selenium.sh 2926* (T192584) Stop incorrectly passing USE INDEX to RecentChange::newFromConds(). 2927* Add default edit rate limit of 90 edits/minute for all users. 2928* (T186565) Fix PHP Notice from `ob_end_flush()` in `FileRepo::streamFile()`. 2929* oojs/oojs-ui updated to remove an unnecessary dependancy. 2930* (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported. 2931* (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete 2932 hook. 2933* (T196672) The mtime of extension.json files is now able to be zero 2934* (T180403) Validate $length in padleft/padright parser functions. 2935* (T143790) Make $wgEmailConfirmToEdit only affect edit actions. 2936* (T193995) Fix undefined patchPath() method call in parser tests. 2937* Special:BotPasswords now requires reauthentication. 2938* (T191608, T187638) Add 'logid' parameter to Special:Log. 2939* (T193829) Indicate when a Bot Password needs reset. 2940* (T151415) Log email changes. 2941* (T200861) Fix total breakage of SQLite web upgrade. 2942* (T202550) Unbreak SpecialListusersHeaderForm and SpecialListusersHeader 2943 hooks. 2944* (T190539) Explicitly require Postgres 9.1. 2945* (T118420) Unbreak Oracle installer. 2946 2947== MediaWiki 1.30.0 == 2948 2949=== Changes since MediaWiki 1.30.0-rc.0 === 2950* Upgraded Moment.js from v2.15.0 to v2.19.3. 2951* Add ip_changes to postgres/tables.sql. 2952* Skip null shell parameters. 2953* Add wfWaitForSlaves() to maintenance/migrateComments.php. 2954* (T182245) Fix join conditions in ImageListPager. 2955* (T178626) Revert #contentSub and #jump-to-nav margin changes. 2956 2957=== MySQL version requirement in 1.30 === 2958As of 1.30, MediaWiki now requires MySQL 5.5.8 or higher (see Compatibility 2959section). 2960 2961=== Configuration changes in 1.30 === 2962* The "C.UTF-8" locale should be used for $wgShellLocale, if available, to avoid 2963 unexpected behavior when code uses locale-sensitive string comparisons. For 2964 example, the Scribunto extension considers "bar" < "Foo" in most locales 2965 since it ignores case. 2966* $wgShellLocale now affects LC_ALL rather than only LC_CTYPE. See 2967 documentation of $wgShellLocale for details. 2968* $wgShellLocale is now applied for all requests. wfInitShellLocale() is 2969 deprecated and a no-op, as it is no longer needed. 2970* $wgJobClasses may now specify callback functions as an alternative to plain 2971 class names. This is intended for extensions that want control over the 2972 instantiation of their jobs, to allow for proper dependency injection. 2973* $wgResourceModules may now specify callback functions as an alternative 2974 to plain class names, using the 'factory' key in the module description 2975 array. This allows dependency injection to be used for ResourceLoader modules. 2976* $wgExceptionHooks has been removed. 2977* (T163562) $wgRangeContributionsCIDRLimit was introduced to control the size 2978 of IP ranges that can be queried at Special:Contributions. 2979* (T45547) $wgUsePigLatinVariant added (off by default). 2980* (T152540) MediaWiki now supports a section ID escaping style that allows to 2981 display non-Latin characters verbatim on many modern browsers. This is 2982 controlled by the new configuration setting, $wgFragmentMode. 2983* $wgExperimentalHtmlIds is now deprecated and will be removed in a future 2984 version, use $wgFragmentMode to migrate off it to a modern alternative. 2985* $wgExternalInterwikiFragmentMode was introduced to control how fragments in 2986 sinterwikis going outside of current wiki farm are encoded. 2987* (T120333) Soft-deprecated the use of PHP extension 'mysql' in favor of 2988 'mysqli'. This PHP extension was deprecated in PHP 5.5 and removed in PHP 7.0. 2989 MediaWiki auto-selects the 'mysqli' driver since MediaWiki 1.22, except if 2990 explicitly requested through the configuration parameter $wgDBservers. 2991* $wgOOUIEditPage was removed, as it is now the default. This was documented as 2992 a temporary variable during the migration period. 2993 2994=== New features in 1.30 === 2995* (T37247) Output from Parser::parse() will now be wrapped in a div with 2996 class="mw-parser-output" by default. This may be changed or disabled using 2997 ParserOptions::setWrapOutputClass(). 2998* (T163562) Added ability to search for contributions within an IP ranges 2999 at Special:Contributions. 3000* Added 'ChangeTagsAllowedAdd' hook, enabling extensions to allow software- 3001 specific tags to be added by users. 3002* Added a 'ParserOptionsRegister' hook to allow extensions to register 3003 additional parser options. 3004* (T45547) Included Pig Latin, a language game in English, as a 3005 LanguageConverter variant. This allows English-speaking developers 3006 to develop and test LanguageConverter more easily. Pig Latin can be 3007 enabled by setting $wgUsePigLatinVariant to true. 3008* Added RecentChangesPurgeRows hook to allow extensions to purge data that 3009 depends on the recentchanges table. 3010* Added JS config values wgDiffOldId/wgDiffNewId to the output of diff pages. 3011* (T2424) Added direct unwatch links to entries in Special:Watchlist (if the 3012 'watchlistunwatchlinks' preference option is enabled). With JavaScript 3013 enabled, these links toggle so the user can also re-watch pages that have 3014 just been unwatched. 3015* Added $wgParserTestMediaHandlers, where mock media handlers can be passed to 3016 MediaHandlerFactory for parser tests. 3017* Edit summaries, block reasons, and other "comments" are now stored in a 3018 separate database table. Use the CommentFormatter class to access them. 3019** This is currently gated by $wgCommentTableSchemaMigrationStage. Most wikis 3020 can set this to MIGRATION_NEW and run maintenance/migrateComments.php as 3021 soon as any necessary extensions are updated. 3022* (T138166) Added ability for users to prohibit other users from sending them 3023 emails with Special:Emailuser. Can be enabled by setting 3024 $wgEnableUserEmailBlacklist to true. 3025* (T67297) $wgBrowserBlacklist is deprecated, and changing it will have no 3026 effect. Instead, users using browsers that do not support Unicode will be 3027 unable to edit and should upgrade to a modern browser instead. 3028 3029=== External library changes in 1.30 === 3030 3031==== Upgraded external libraries ==== 3032* Updated justinrainbow/json-schema from v3.0 to v5.2. 3033* Updated mediawiki/mediawiki-codesniffer from v0.7.2 to v0.12.0. 3034* Updated wikimedia/composer-merge-plugin from v1.4.0 to v1.4.1. 3035* Updated wikimedia/relpath from v1.0.3 to v2.0.0. 3036* Updated OOjs from v2.0.0 to v2.1.0. 3037* Updated OOUI from v0.21.1 to v0.23.0. 3038* Updated QUnit from v1.23.1 to v2.4.0. 3039* Updated phpunit/phpunit from v4.8.35 to v4.8.36. 3040* Upgraded Moment.js from v2.15.0 to v2.19.3. 3041 3042==== New external libraries ==== 3043* The class \TestingAccessWrapper has been moved to the external library 3044 wikimedia/testing-access-wrapper and renamed \Wikimedia\TestingAccessWrapper. 3045* Purtle, a fast, lightweight RDF generator. 3046 3047=== Bug fixes in 1.30 === 3048* (T151633) Ordered list items use now Devanagari digits in Nepalese 3049 (thanks to Sfic) 3050 3051=== Action API changes in 1.30 === 3052* (T37247) action=parse output will be wrapped in a div with 3053 class="mw-parser-output" by default. This may be changed or disabled using 3054 the new 'wrapoutputclass' parameter. 3055* When errorformat is not 'bc', abort reasons from action=login will be 3056 formatted as specified by the error formatter parameters. 3057* action=compare can now handle arbitrary text, deleted revisions, and 3058 returning users and edit comments. 3059* (T164106) The 'rvdifftotext', 'rvdifftotextpst', 'rvdiffto', 3060 'rvexpandtemplates', 'rvgeneratexml', 'rvparse', and 'rvprop=parsetree' 3061 parameters to prop=revisions are deprecated, as are the similarly named 3062 parameters to prop=deletedrevisions, list=allrevisions, and 3063 list=alldeletedrevisions. Use action=compare, action=parse, or 3064 action=expandtemplates instead. 3065 3066=== Action API internal changes in 1.30 === 3067* ApiBase::getDescriptionMessage() and the "apihelp-*-description" messages are 3068 deprecated. The existing message should be split between "apihelp-*-summary" 3069 and "apihelp-*-extended-description". 3070* (T123931) Individual values of multi-valued parameters can now be marked as 3071 deprecated. 3072 3073=== Languages updated in 1.30 === 3074MediaWiki supports over 350 languages. Many localisations are updated 3075regularly. Below only new and removed languages are listed, as well as 3076changes to languages because of Phabricator reports. 3077 3078* Added: kbp (Kabɩyɛ / Kabiyè) 3079* Added: skr (Saraiki, سرائیکی) 3080* Added: tay (Tayal / Atayal) 3081* Removed: tokipona (Toki Pona) 3082 3083==== Pig Latin added ==== 3084* (T45547) Added Pig Latin, a made-up English variant (en-x-piglatin), 3085 for easier variant development and testing. Disabled by default. It can be 3086 enabled by setting $wgUsePigLatinVariant to true. 3087 3088=== Other changes in 1.30 === 3089* The use of an associative array for $wgProxyList, where the IP address is in 3090 the key instead of the value, is deprecated (e.g. [ '127.0.0.1' => 'value' ]). 3091 Please convert these arrays to indexed/sequential ones (e.g. [ '127.0.0.1' ]). 3092* mw.user.bucket (deprecated in 1.23) was removed. 3093* LoadBalancer::getServerInfo() and LoadBalancer::setServerInfo() are 3094 deprecated. There are no known callers. 3095* File::getStreamHeaders() was deprecated. 3096* MediaHandler::getStreamHeaders() was deprecated. 3097* Title::canTalk() was deprecated. The new Title::canHaveTalkPage() should be 3098 used instead. 3099* MWNamespace::canTalk() was deprecated. The new MWNamespace::hasTalkNamespace() 3100 should be used instead. 3101* The ExtractThumbParameters hook (deprecated in 1.21) was removed. 3102* The OutputPage::addParserOutputNoText and ::getHeadLinks methods (both 3103 deprecated in 1.24) were removed. 3104* wfMemcKey() and wfGlobalCacheKey() were deprecated. BagOStuff::makeKey() and 3105 BagOStuff::makeGlobalKey() should be used instead. 3106* (T146304) Preprocessor handling of LanguageConverter markup has been improved. 3107 As a result of the new uniform handling, '-{' may need to be escaped 3108 (for example, as '-<nowiki/>{') where it occurs inside template arguments 3109 or wikilinks. 3110* (T163966) Page moves are now counted as edits for the purposes of 3111 autopromotion, i.e., they increment the user_editcount field in the database. 3112* Two new hooks, LogEventsListLineEnding and NewPagesLineEnding, were added for 3113 manipulating Special:Log and Special:NewPages lines. 3114* The OldChangesListRecentChangesLine, EnhancedChangesListModifyLineData, 3115 PageHistoryLineEnding, ContributionsLineEnding and 3116 DeletedContributionsLineEnding hooks have an additional parameter, for 3117 manipulating HTML data attributes of RC/history lines. 3118 EnhancedChangesListModifyBlockLineData can do that via the 3119 $data['attribs'] subarray. 3120* (T130632) The OutputPage::enableTOC() method was removed. 3121* WikiPage::getParserOutput() will now throw an exception if passed 3122 ParserOptions that would pollute the parser cache. Callers should use 3123 WikiPage::makeParserOptions() to create the ParserOptions object and only 3124 change options that affect the parser cache key. 3125* Article::viewRedirect() is deprecated. 3126* IP::isValidBlock() was deprecated. Use the equivalent IP::isValidRange(). 3127* DeprecatedGlobal no longer supports passing in a direct value, it requires a 3128 callable factory function or a class name. 3129* The $parserMemc global, wfGetParserCacheStorage(), and 3130 ParserCache::singleton() are all deprecated. The main ParserCache instance 3131 should be obtained from MediaWikiServices instead. Access to the underlying 3132 BagOStuff is possible through the new ParserCache::getCacheStorage() method. 3133* .mw-ui-constructive CSS class (deprecated in 1.27) was removed. 3134* Sanitizer::escapeId() was deprecated, use escapeIdForAttribute(), 3135 escapeIdForLink() or escapeIdForExternalInterwiki() instead. 3136* Title::escapeFragmentForURL() was deprecated, use one of the aforementioned 3137 Sanitizer functions or, if possible, Title::getFragmentForURL(). 3138* Second parameter to Sanitizer::escapeIdReferenceList() ($options) now does 3139 nothing and is deprecated. 3140* mw.util.escapeId() was deprecated, use escapeIdForAttribute() or 3141 escapeIdForLink(). 3142* MagicWord::replaceMultiple() (deprecated in 1.25) was removed. 3143* WikiImporter now requires the second parameter to be an instance of the 3144 Config, class. Prior to that, the Config parameter was optional (a behavior 3145 deprecated in 1.25). 3146* Removed 'jquery.mwExtension' module. (deprecated since 1.26) 3147* mediawiki.ui: Deprecate greys, which are not part of WikimediaUI color palette 3148 any more. 3149* CdbReader, CdbWriter, CdbException classes (deprecated in 1.25) were removed. 3150 The namespaced classes in the Cdb namespace should be used instead. 3151* IPSet class (deprecated in 1.26) was removed. The namespaced IPSet\IPSet 3152 should be used instead. 3153* RunningStat class (deprecated in 1.27) was removed. The namespaced 3154 RunningStat\RunningStat should be used instead. 3155* MWMemcached and MemCachedClientforWiki classes (deprecated in 1.27) were 3156 removed. 3157 The MemcachedClient class should be used instead. 3158* EditPage underwent some refactoring and deprecations: 3159 * EditPage::isOouiEnabled() is deprecated and will always return true. 3160 * EditPage::getSummaryInput() and ::getSummaryInputOOUI() are deprecated. 3161 Please use ::getSummaryInputWidget() instead. 3162 * EditPage::getCheckboxes() and ::getCheckboxesOOUI() are deprecated. Please 3163 use ::getCheckboxesWidget() instead. 3164 * Creating an EditPage instance without calling EditPage::setContextTitle() 3165 should be avoided and will be deprecated in a future release. 3166 * EditPage::safeUnicodeInput() and ::safeUnicodeOutput() are deprecated and 3167 no-ops. 3168 * EditPage::$isCssJsSubpage, ::$isCssSubpage, and ::$isJsSubpage are 3169 deprecated. The corresponding methods from Title should be used instead. 3170 * EditPage::$isWrongCaseCssJsPage is deprecated. There is no replacement. 3171 * EditPage::$mArticle and ::$mTitle are deprecated for public usage. The 3172 getters ::getArticle() and ::getTitle() should be used instead. 3173 * Trying to control or fake EditPage context by overriding $wgUser, 3174 $wgRequest, $wgOut, and $wgLang is no longer supported and won't work. The 3175 IContextSource returned from EditPage::getContext() must be modified 3176 instead. 3177* Parser::getRandomString() (deprecated in 1.26) was removed. 3178* Parser::uniqPrefix() (deprecated in 1.26) was removed. 3179* Parser::extractTagsAndParams() now only accepts three arguments. The fourth, 3180 $uniq_prefix was deprecated in 1.26 and has now been removed. 3181* (T172514) The following tables have had their UNIQUE indexes turned into 3182 proper PRIMARY KEYs for increased maintainability: categorylinks, imagelinks, 3183 iwlinks, langlinks, log_search, module_deps, objectcache, pagelinks, 3184 query_cache, site_stats, templatelinks, text, transcache, user_former_groups, 3185 user_properties. 3186* IDatabase::nextSequenceValue() is no longer needed by any database backends 3187 (formerly it was needed by PostgreSQL and Oracle), and is now deprecated. 3188* (T146591) The lc_lang_key index on the l10n_cache table has been changed into 3189 a PRIMARY KEY. 3190* (T157227) bot_password.bp_user, change_tag.ct_log_id, change_tag.ct_rev_id, 3191 page_restrictions.pr_user, tag_summary.ts_log_id, tag_summary.ts_rev_id and 3192 user_properties.up_user have all been made unsigned on MySQL. 3193* DB_SLAVE is deprecated. DB_REPLICA should be used instead. 3194* wfUsePHP() is deprecated. 3195* wfFixSessionID() was removed. 3196* wfShellExec() and related functions are deprecated, use Shell::command(). This 3197 also slightly changes the behavior of how execution time limits are calculated 3198 when only some of defaults are overridden per-call. When in doubt, always 3199 override both wall clock and CPU time. 3200* (T138166) SpecialEmailUser::getTarget() now requires a second argument, the 3201 sending user object. Using the method without the second argument is 3202 deprecated. 3203* (T67297) Browsers that don't support Unicode will have their edits rejected. 3204* (T178450) The module 'jquery.badge' is deprecated and will be removed in a 3205 future release. For notifying the user of an event, the Notifications ("Echo") 3206 system should be used instead. 3207* (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and 3208 browser sends non-standard url escaping. 3209* (T165846) SECURITY: BotPassword login attempts weren't throttled. 3210 3211= MediaWiki 1.29 = 3212 3213== MediaWiki 1.29.3 == 3214 3215This is a security and maintenance release of the MediaWiki 1.29 branch. 3216 3217=== Changes since 1.29.2 === 3218* (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides 3219 'newbie'. 3220* (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's 3221 account lock. 3222* (T180551) Fix LanguageSrTest for language converter 3223* (T180552) Fix language converter parser test with self-close tags 3224* (T180537) Remove $wgAuth usage from wrapOldPasswords.php 3225* (T180485) InputBox: Have inputbox langconvert certain attributes 3226* (T161732, T181547) Upgraded Moment.js from v2.15.0 to v2.19.3. 3227* (T172927) Drop vendor from MW release branch 3228* (T87572) Make FormatMetadata::flattenArrayReal() work for an associative array 3229* Updated composer/spdx-licenses from 1.1.4 to 1.3.0 (development dependency). 3230* (T189567) the CLI installer (maintenance/install.php) learned to detect and 3231 include extensions. Pass --with-extensions to enable that feature. 3232* (T182381) Mask deprecated call in WatchedItemUnitTest 3233* (T190503) Let built-in web server (maintenance/dev) handle .php requests. 3234* The karma qunit tests would fail on some configuration due to headers already 3235 sent. Check headers_sent() before sending cpPosTime headers 3236* (T167507) selenium: Run Chrome headlessly. 3237* selenium: Pass -no-sandbox to Chrome under Docker 3238* (T191247) Use MediaWiki\SuppressWarnings around trigger_error('') instead @ 3239* (T75174, T161041) Unit test ChangesListSpecialPageTest::testFilterUserExpLevel 3240 fails under SQLite. 3241* (T192584) Stop incorrectly passing USE INDEX to RecentChange::newFromConds(). 3242* (T179190) selenium: Move test running logic from package.json to selenium.sh. 3243* (T117839, T193200) PDFHandler: Fix for pdfinfo changes in poppler-utils 0.48. 3244* Add default edit rate limit of 90 edits/minute for all users. 3245* (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported. 3246* (T196672) The mtime of extension.json files is now able to be zero 3247* (T180403) Validate $length in padleft/padright parser functions. 3248* (T143790) Make $wgEmailConfirmToEdit only affect edit actions. 3249* (T194237) Special:BotPasswords now requires reauthentication. 3250* (T191608, T187638) Add 'logid' parameter to Special:Log. 3251* (T176097) resourceloader: Disable a flaky MessageBlobStoreTest case 3252* (T193829) Indicate when a Bot Password needs reset. 3253* (T151415) Log email changes. 3254* (T118420) Unbreak Oracle installer. 3255 3256== MediaWiki 1.29.2 == 3257 3258This is a security and maintenance release of the MediaWiki 1.29 branch. 3259 3260=== Changes since 1.29.1 === 3261* (T166757) Avoid scoped lock errors in Category::refreshCounts() due to 3262 nesting. 3263* (T175439) Unbreak Postgres Updater when setting defaults for a column. 3264* (T160298) Remove use of implicitGroupBy() in ActiveUsersPager. 3265* Fixed login button label to accept RawMessage. 3266* Fixed case of SpecialRecentChanges class usage. 3267* (T174255) Declare uploadCount property in importDump.php. 3268* (T163646) Pass a string not an int to mysql_real_escape_string(). 3269* (T180143) Bump justinrainbow/json-schema development dependency to ~5.2. 3270* Updated dev dependancy phpunit/phpunit from v4.8.35 to v4.8.36. 3271* (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and 3272 browser sends non-standard url escaping. 3273* (T165846) SECURITY: BotPassword login attempts weren't throttled. 3274* (T128209) SECURITY: Reflected File Download from api.php. 3275* (T134100) SECURITY: Do not reveal if user exists during login failure. 3276* (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS. 3277* (T125163) SECURITY: Make anchor for headlines escape > and <. 3278* (T180237) SECURITY: Protect vendor folder with .htaccess. 3279* (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in 3280 update.php. 3281* (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit. 3282* (T119158) SECURITY: Handle -{}- syntax in attributes safely. 3283* (T180488) (T125177) "api.log contains passwords in plaintext" wasn't correctly 3284 fixed in all branches in the previous security release. 3285 3286== MediaWiki 1.29.1 == 3287 3288This is a maintenance release of the MediaWiki 1.29 branch. 3289 3290The SpamBlacklist and PdfHandler extensions were missing from the generated 3291packages. 3292 3293=== Changes since 1.29.1 === 3294* (T164999) Define mw.Upload.Dialog.static.name in mediawiki.Upload.Dialog.js. 3295* (T172061) Fix fatal when passing a category to refreshLinks.php. 3296 3297== MediaWiki 1.29.0 == 3298 3299=== Configuration changes in 1.29 === 3300* Default cookie expiration time has been reduced to 30 days. Login cookie 3301 expiration time is kept at 180 days. 3302* A new configuration variable has been added: $wgCookieSetOnAutoblock. This 3303 determines whether to set a cookie when a user is autoblocked. Doing so means 3304 that a blocked user, even after logging out and moving to a new IP address, 3305 will still be blocked. 3306* The resetpassword right and associated password reset capture feature has 3307 been removed. 3308* The $error parameter to the EmailUser hook should be set to a Status object 3309 or boolean false. This should be compatible with at least MediaWiki 1.23 if 3310 not earlier. Returning a raw HTML string is now deprecated. 3311* The $message parameter to the ApiCheckCanExecute hook should be set to an 3312 ApiMessage. This is compatible with MediaWiki 1.27 and later. Returning a 3313 code for ApiBase::parseMsg() will no longer work. 3314* ApiBase::$messageMap is no longer public. Code attempting to access it will 3315 result in a PHP fatal error. 3316* $wgUserEmailUseReplyTo is now true by default to work around restrictive DMARC 3317 policies. 3318* Subpages are now enabled by default in the Template namespace. Set 3319 $wgNamespacesWithSubpages[NS_TEMPLATE] to false to keep the old behavior. 3320* $wgRunJobsAsync is now false by default (T142751). This change only affects 3321 wikis with $wgJobRunRate > 0. 3322* (T158474) "Unknown user" has been added to $wgReservedUsernames. 3323* (T156983) $wgRateLimitsExcludedIPs now accepts CIDR ranges as well as single 3324 IPs. 3325* $wgDummyLanguageCodes is deprecated. Additional language code mappings may be 3326 added to $wgExtraLanguageCodes instead. 3327* (T161453) LocalisationCache will no longer use the temporary directory in it's 3328 fallback chain when trying to work out where to write the cache. 3329* The user right 'editusercssjs' (deprecated in 1.16) was removed. Use 3330 'editusercss' and 'edituserjs' in $wgGroupPermissions and elsewhere instead. 3331 3332=== New features in 1.29 === 3333* (T5233) A cookie can now be set when a user is autoblocked, to track that user 3334 if they move to a new IP address. This is disabled by default. 3335* Added ILocalizedException interface to standardize the use of localized 3336 exceptions, largely so the API can handle them more sensibly. 3337* Blocks created automatically by MediaWiki, such as for configured proxies or 3338 dnsbls, are now indicated as such and use a new i18n message when displayed. 3339* Added new $wgHTTPImportTimeout setting. Sets timeout for 3340 downloading the XML dump during a transwiki import in seconds. 3341* Parser limit report is now available in machine-readable format to JavaScript 3342 via mw.config.get('wgPageParseReport'). 3343* Added $wgSoftBlockRanges, to allow for automatically blocking anonymous edits 3344 from certain IP ranges (e.g. private IPs). 3345* (T59603) Added new magic word {{PAGELANGUAGE}} which returns the language code 3346 of the page being parsed. 3347* HTML5 form validation attributes will no longer be suppressed. Originally 3348 browsers had poor support for them, but modern browsers handle them fine. 3349 This might affect some forms that used them and only worked because the 3350 attributes were not actually being set. 3351* Expiry times can now be specified when users are added to user groups. 3352* Completely new user interface for the RecentChanges page, which 3353 structures filters into user-friendly groups. This has corresponding 3354 changes to how filters are registered by core and extensions. 3355* The edit form now uses pretty OOjs UI buttons, checkboxes and summary input. 3356 Because this change can cause problems for extensions and on-wiki 3357 scripts depending on the exact HTML, the old version is still available 3358 and can be used by setting $wgOOUIEditPage = false; in LocalSettings.php. 3359 This will be removed later and OOjs UI will become the only option. 3360 To make testing easier, users can also force either mode by adding 3361 &ooui=true or &ooui=false to the action=edit URL. 3362 3363=== External library changes in 1.29 === 3364 3365==== Upgraded external libraries ==== 3366* Updated QUnit from v1.22.0 to v1.23.1. 3367* Updated cssjanus from v1.1.2 to v1.2.0. 3368* Updated psr/log from v1.0.0 to v1.0.2. 3369* Update Moment.js from v2.8.4 to v2.15.0. 3370* Updated oyejorge/less.php from v1.7.0.10 to v1.7.0.14. 3371* Updated monolog from v1.18.2 to 1.22.1. 3372* Updated wikimedia/composer-merge-plugin from v1.3.1 to v1.4.0. 3373* Updated OOjs from v1.1.10 to v2.0.0. 3374* Updated jQuery from v1.11.3 to v3.2.1 (including jQuery Migrate v3.0.0). 3375 3376==== New external libraries ==== 3377* Added wikimedia/timestamp v1.0.0. 3378* Added wikimedia/remex-html v1.0.1. 3379 3380==== Removed and replaced external libraries ==== 3381 3382=== Bug fixes in 1.29 === 3383* (T62604) Core parser functions returning a number now format the number 3384 according to the page content language, not wiki content language. 3385* (T27187) Search suggestions based on jquery.suggestions will now correctly 3386 only highlight prefix matches in the results. 3387* (T157035) "new mw.Uri()" was ignoring options when using default URI. 3388* Special:Allpages can no longer be filtered by redirect in miser mode. 3389* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is 3390 installed. 3391* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow 3392 redirect to interwiki links. 3393* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when 3394 $wgAdvancedSearchHighlighting is true. 3395* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep 3396 their values out of the logs. 3397* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a 3398 CSRF token. 3399* (T156184) SECURITY: Escape content model/format url parameter in message. 3400* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD 3401 declaration. 3402* (T161453) SECURITY: LocalisationCache will no longer use the temporary 3403 directory in it's fallback chain when trying to work out where to write the 3404 cache. 3405* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file 3406 inclusion syntax's link parameter. 3407* (T108138) SECURITY: Sysops can undelete pages, although the page is protected 3408 against it. 3409 3410=== Action API changes in 1.29 === 3411* Submitting sensitive authentication request parameters to action=login, 3412 action=clientlogin, action=createaccount, action=linkaccount, and 3413 action=changeauthenticationdata in the query string is now an error. They 3414 should be submitted in the POST body instead. 3415* The capture option for action=resetpassword has been removed 3416* action=clearhasmsg now requires a POST. 3417* (T47843) API errors and warnings may be requested in non-English languages 3418 using the new 'errorformat', 'errorlang', and 'errorsuselocal' parameters. 3419* API error codes may have changed. Most notably, errors from modules using 3420 parameter prefixes (e.g. all query submodules) will no longer be prefixed. 3421* ApiPageSet-using modules will report the 'invalidreason' using the specified 3422 'errorformat'. 3423* action=emailuser may return a "Warnings" status, and now returns 'warnings' 3424 and 'errors' subelements (as applicable) instead of 'message'. 3425* action=imagerotate returns an 'errors' subelement rather than 'errormessage'. 3426* action=move now reports errors when moving the talk page as an array under 3427 key 'talkmove-errors', rather than using 'talkmove-error-code' and 3428 'talkmove-error-info'. The format for subpage move errors has also changed. 3429* action=revisiondelete no longer includes a "rendered" property on warnings 3430 and errors for each item. Use errorformat=wikitext if you're wanting parsed 3431 output. 3432* action=rollback no longer returns a "messageHtml" property. Use 3433 errorformat=html if you're wanting HTML formatting of error messages. 3434* action=upload now reports optional stash failures as an array under key 3435 'stasherrors' rather than a 'stashfailed' text string. 3436* action=watch reports 'errors' and 'warnings' instead of a single 'error', and 3437 no longer returns a 'message' on success. 3438* Added action=validatepassword to validate passwords for the account creation 3439 and password change forms. 3440* action=purge now requires a POST. 3441* There is a new `languagevariants` siprop for action=query&meta=siteinfo, 3442 which returns a list of languages with active LanguageConverter instances. 3443* action=query&query=allpages will no longer filter redirects using a database 3444 query in miser mode. This may result in less results being returned than were 3445 requested. 3446 3447=== Action API internal changes in 1.29 === 3448* New methods were added to ApiBase to handle errors and warnings using i18n 3449 keys. Methods for using hard-coded English messages were deprecated: 3450 * ApiBase::dieUsage() was deprecated 3451 * ApiBase::dieUsageMsg() was deprecated 3452 * ApiBase::dieUsageMsgOrDebug() was deprecated 3453 * ApiBase::getErrorFromStatus() was deprecated 3454 * ApiBase::parseMsg() was deprecated 3455 * ApiBase::setWarning() was deprecated 3456* ApiBase::$messageMap is no longer public. Code attempting to access it will 3457 result in a PHP fatal error. 3458* The $message parameter to the ApiCheckCanExecute hook should be set to an 3459 ApiMessage. This is compatible with MediaWiki 1.27 and later. Returning a 3460 code for ApiBase::parseMsg() will no longer work. 3461* UsageException is deprecated in favor of ApiUsageException. For the time 3462 being ApiUsageException is a subclass of UsageException to allow things that 3463 catch only UsageException to still function properly. 3464* If, for some strange reason, code was using an ApiErrorFormatter instead of 3465 ApiErrorFormatter_BackCompat, note that the result format has changed and 3466 various methods now take a module path rather than a module name. 3467* ApiMessageTrait::getApiCode() now strips 'apierror-' and 'apiwarn-' prefixes 3468 from the message key, and maps some message keys for backwards compatibility. 3469* API parameters may now be marked as "sensitive" to keep their values out of 3470 the logs. 3471 3472=== Languages updated in 1.29 === 3473 3474MediaWiki supports over 350 languages. Many localisations are updated 3475regularly. Below only new and removed languages are listed, as well as 3476changes to languages because of Phabricator reports. 3477 3478* Based as always on linguistic studies on intelligibility and language 3479 knowledge by geography, language fallbacks have been expanded. When a 3480 translation is missing in the user's preferred interface language, the 3481 corresponding translation for the fallback language will be used instead. 3482 English will only be used as last resort when there are no translations. 3483 Some configurations (such as date formats and gender namespaces) have also 3484 been updated when using the fallback language's configuration was inadequate. 3485 The new or reinstated language fallbacks are (after cs ↔ sk in 1.28): 3486 ca ↔ oc; hsb ↔ dsb; io → eo; mdf → ru; pnt → el; roa-tara → it; rup → ro; 3487 sh → bs, sr-el, hr. 3488* (T137376) New language support: Atikamekw (atj). 3489* (T163600) New language support: Dinka (din). 3490* (T155957) Talk Namespaces for Javanese language (jv) have been updated. 3491 3492==== No fallback for Ukrainian ==== 3493* (T39314) The fallback from Ukrainian to Russian was removed. The Ukrainian 3494 language will now use the default fallback language: English. When a 3495 translation to Ukrainian is not available, an English string will be shown. 3496 3497=== Other changes in 1.29 === 3498* Database::getSearchEngine() (deprecated in 1.28) was removed. Use 3499 SearchEngineFactory::getSearchEngineClass() instead. 3500* $wgSessionsInMemcached (deprecated in 1.20) was removed. No replacement is 3501 required as all sessions are stored in Object Cache now. 3502* MWHttpRequest::execute() should be considered to return a StatusValue; the 3503 Status return type is deprecated. 3504* User::edits() (deprecated in 1.21) was removed. 3505* Xml::escapeJsString() (deprecated in 1.21) was removed. 3506* Article::getText() and Article::prepareTextForEdit() (deprecated in 1.21) 3507 were removed. 3508* Article::getAutosummary() and WikiPage::getAutosummary() (deprecated in 1.21) 3509 were removed. 3510* Hook ArticleViewCustom (deprecated in 1.21) was removed. Use 3511 ArticleContentViewCustom instead. 3512* Hooks EditPageGetDiffText and ShowRawCssJs (deprecated in 1.21) were removed. 3513* Class RevisiondeleteAction (deprecated in 1.25) was removed. 3514* WikiPage::prepareTextForEdit() (deprecated in 1.21) was removed. 3515* WikiPage::getText() (deprecated in 1.21) was removed. 3516* Article::fetchContent() (deprecated in 1.21) was removed. 3517* User::getPassword() (deprecated in 1.27) was removed. 3518* User::getTemporaryPassword() (deprecated in 1.27) was removed. 3519* User::isPasswordReminderThrottled() (deprecated in 1.27) was removed. 3520* Class FSRepo (deprecated in 1.19) was removed. 3521* WebRequest::checkSessionCookie() (deprecated in 1.27) was removed. Use 3522 \MediaWiki\Session\SessionManager::singleton()->getPersistedSessionId() 3523 instead. 3524* Class ImageGallery (deprecated in 1.22) was removed. 3525 Use ImageGalleryBase::factory instead. 3526* Title::moveNoAuth() (deprecated in 1.25) was removed. Use MovePage class 3527 instead. 3528* Hook UnknownAction (deprecated in 1.19) was actually deprecated (it will now 3529 emit warnings). Create a subclass of Action and add it to $wgActions instead. 3530* WikiRevision::getText() (deprecated since 1.21) is no longer marked 3531 deprecated. 3532* Linker::getInterwikiLinkAttributes() (deprecated since 1.25) was removed. 3533* Linker::getInternalLinkAttributes() (deprecated since 1.25) was removed. 3534* Linker::getInternalLinkAttributesObj() (deprecated since 1.25) was removed. 3535* Linker::getLinkAttributesInternal() (deprecated since 1.25) was removed. 3536* RedisConnectionPool::handleException (deprecated since 1.23) was removed. 3537* The static properties mw.Api.errors and mw.Api.warnings, containing incomplete 3538 and outdated lists of errors/warnings returned by the API, are now deprecated. 3539* wiki.phtml entry point was removed. Refer to index.php instead. If you want 3540 "wiki.phtml" URLs to continue to work, set up redirects. In Apache, this can 3541 be done by enabling mod_rewrite and adding the following rules to your 3542 configuration: 3543 3544 RewriteEngine On 3545 RewriteBase / 3546 RewriteRule ^/w/wiki\.phtml$ /w/index.php [R=301,L] 3547* Hook ArticleAfterFetchContent (deprecated in 1.21) was removed. 3548 Use ArticleAfterFetchContentObject instead. 3549* Hook ArticleInsertComplete (deprecated in 1.21) was removed. 3550 Use PageContentInsertComplete instead. 3551* Hook ArticleSave (deprecated in 1.21) was removed. 3552 Use PageContentSave instead. 3553* Hook ArticleSaveComplete (deprecated in 1.21) was removed. 3554 Use PageContentSaveComplete instead. 3555* Hook EditFilterMerged (deprecated in 1.21) was removed. 3556 Use EditFilterMergedContent instead. 3557* Hook EditPageGetPreviewText (deprecated in 1.21) was removed. 3558 Use EditPageGetPreviewContent instead. 3559* Hook TitleIsCssOrJsPage (deprecated in 1.21) was removed. 3560 Use ContentHandlerDefaultModelFor instead. 3561* Hook TitleIsWikitextPage (deprecated in 1.21) was removed. 3562 Use ContentHandlerDefaultModelFor instead. 3563* Article::getContent() (deprecated in 1.21) was removed. 3564* Revision::getText() (deprecated in 1.21) was removed. 3565* Article::doEdit() and WikiPage::doEdit() (deprecated in 1.21) were removed. 3566* Parser::replaceUnusualEscapes() (deprecated in 1.24) was removed. 3567* Article::doEditContent() was marked as deprecated, to be removed in 1.30 3568 or later. 3569* ContentHandler::runLegacyHooks() was removed. 3570* refreshLinks.php now can be limited to a particular category with 3571 --category=... or a tracking category with --tracking-category=... 3572* User-like objects that are passed to SpecialUserRights and its subclasses are 3573 now required to have a getGroupMemberships() method. See UserRightsProxy for 3574 an example. 3575* User::$mGroups (instance variable) was marked private. Use User::getGroups() 3576 instead. 3577* User::getGroupName(), User::getGroupMember(), User:getGroupPage(), 3578 User::makeGroupLinkHTML(), and User::makeGroupLinkWiki() were deprecated. 3579 Use equivalent methods on the UserGroupMembership class. 3580* Maintenance scripts and tests that call User::addGroup() must now ensure that 3581 User objects have been added to the database prior to calling addGroup(). 3582* Protected function UsersPager::getGroups() was removed, and protected function 3583 UsersPager::buildGroupLink() was changed from a static to an instance method. 3584* The third parameter ($cache) to the UsersPagerDoBatchLookups hook was changed; 3585 see docs/hooks.txt. 3586* User::crypt() (deprecated in 1.24) was removed. 3587* User::comparePasswords() (deprecated in 1.24) was removed. 3588* ArchivedFile::getUserText() (deprecated in 1.23) was removed. 3589* HTMLFileCache::newFromTitle() (deprecated in 1.24) was removed. 3590* BREAKING CHANGE: Internal signature changes to ChangesListSpecialPage 3591 and subclasses. It should only break if you call buildMainQueryConds 3592 (changed to buildQuery with new signature) or doMainQuery (new 3593 signature). Subclasses are likely to call at least doMainQuery 3594 (possibly both), but other classes might too, because they were 3595 public. 3596 Also, some related hooks were deprecated, but this is not yet a 3597 breaking change. 3598* Removed 'jquery.arrowSteps' module. (deprecated since 1.28) 3599* The 'jquery.autoEllipsis' ResourceLoader module is now deprecated. 3600* WikiRevision::$fileIsTemp was deprecated. 3601* WikiRevision::$importer was deprecated. 3602* WikiRevision::$user was deprecated. 3603* Article::getLastPurgeTimestamp(), WikiPage::getLastPurgeTimestamp(), and the 3604 WikiPage::PURGE_* constants are deprecated, and the functions will always 3605 return false. They were a hack for an issue that has since been fixed. 3606* Hook 'EditPageBeforeEditChecks' is now deprecated. Instead use the new hook 3607 'EditPageGetCheckboxesDefinition', or 'EditPage::showStandardInputs:options' 3608 if you don't actually care about checkboxes and just want to add some HTML 3609 to the page. 3610* Selflinks are now rendered as href-less <a> tags with the class mw-selflink 3611 rather than <strong> tags. The old class name, "selflink", was deprecated 3612 and will be removed in a future release. (T160480) 3613* (T156184) $wgRawHtml will no longer apply to internationalization messages. 3614* Browser support for non-ES5 JavaScript browsers, including Android 2, 3615 Opera <12.10, and Internet Explorer 9, was lowered from Grade A to Grade C. 3616* Removed wikibits global methods deprecated since MediaWiki 1.17 (T122755): 3617 is_gecko, is_chrome_mac, is_chrome, webkit_version, is_safari_win, is_safari, 3618 webkit_match, is_ff2, ff2_bugs, is_ff2_win, is_ff2_x11, opera95_bugs, 3619 opera7_bugs, opera6_bugs, is_opera_95, is_opera_preseven, is_opera, 3620 ie6_bugs, clientPC, changeText, killEvt, addHandler, hookEvent, 3621 addClickHandler, removeHandler, getElementsByClassName, getInnerText, 3622 setupCheckboxShiftClick, addCheckboxClickHandlers, mwEditButtons, 3623 mwCustomEditButtons, injectSpinner, removeSpinner, escapeQuotes, 3624 escapeQuotesHTML, jsMsg, addPortletLink, appendCSS, tooltipAccessKeyPrefix, 3625 tooltipAccessKeyRegexp, updateTooltipAccessKeys. 3626* The ID of the <li> element containing the login link has changed from 3627 'pt-login' to 'pt-login-private' in private wikis. 3628* The old, neglected "bulletin board style toolbar" in the edit form is now 3629 deprecated (T30856). This old code dates from 2006, and was replaced in the 3630 MediaWiki release tarball and in Wikimedia production by the WikiEditor 3631 extension in 2010. It is only shown to users if no other editor was 3632 installed, and leads to confusion. 3633* (T92459) Loading ResourceLoader modules containing JavaScript through 3634 addModuleStyles() is deprecated and will log a warning server-side. 3635 3636= MediaWiki 1.28 = 3637 3638== MediaWiki 1.28.3 == 3639 3640This is a security and maintenance release of the MediaWiki 1.28 branch. 3641 3642=== Changes since 1.28.2 == 3643* (T168856) Allow SVGs created by Dia to be uploaded. 3644* (T157545) Add missing doUpdates() call to refreshLinks.php. 3645* (T165714) (T100085) Better handling of jobs execution in post-connection 3646 shutdown. 3647* (T154425) (T154438) (T157679) Use AutoCommitUpdate instead of 3648 Database->onTransactionIdle. 3649* (T154425) Make DeferredUpdates detect LBFactory transaction rounds. 3650* (T149454) Restore erroneously removed realTableName call from 3651 DatabasePostgres. 3652* (T167798) Fix phrase search and highlighting for phrase queries. 3653* (T151136) Provide credits information to callbacks in extension registration. 3654* (T160462) Allow namespaces defined in extension.json to be overwritten 3655 locally. 3656* (T168337) Fix ErrorPageError to work from non-UI contexts. 3657* (T143788) Backports for PHP 7.0 and 7.1 support. 3658* (T175439) Unbreak Postgres Updater when setting defaults for a column. 3659* (T160298) Remove use of implicitGroupBy() in ActiveUsersPager. 3660* (T174255) Declare uploadCount property in importDump.php. 3661* (T180231) SECURITY: Updated dev dependancy phpunit/phpunit from v4.8.24 to 3662 v4.8.36. 3663* (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and 3664 browser sends non-standard url escaping. 3665* (T165846) SECURITY: BotPassword login attempts weren't throttled. 3666* (T128209) SECURITY: Reflected File Download from api.php. 3667* (T134100) SECURITY: Do not reveal if user exists during login failure. 3668* (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS. 3669* (T125163) SECURITY: Make anchor for headlines escape > and <. 3670* (T180237) SECURITY: Protect vendor folder with .htaccess. 3671* (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in 3672 update.php. 3673* (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit. 3674* (T119158) SECURITY: Handle -{}- syntax in attributes safely. 3675 3676== MediaWiki 1.28.2 == 3677 3678Due to a packaging error, the wrong version of the SyntaxHighlight extension was 3679included in the tarball version of MediaWiki 1.28.1. The version included had a 3680serious security issue in it (T158689). There was also some minor code fixes in 3681MediaWiki itself since 1.28.1, but none of them were security relevant. 3682 3683== MediaWiki 1.28.1 == 3684 3685This is a security and maintenance release of the MediaWiki 1.28 branch. 3686 3687=== Changes since 1.28.0 === 3688 3689* $wgRunJobsAsync is now false by default (T142751). This change only affects 3690 wikis with $wgJobRunRate > 0. 3691* Fix fatal from "WaitConditionLoop" not being found, experienced when a wiki 3692 has more than one database server setup. 3693* (T152717) Better escaping for PHP mail() command, 3694* (T154670) A missing method causing the MySQL installer to fatal in rare 3695 circumstances was restored. 3696* (T154672) Un-deprecate ArticleAfterFetchContentObject hook. 3697* (T158766) Avoid SQL error on MSSQL when using selectRowCount(). 3698* (T145635) Fix too long index error when installing with MSSQL. 3699* (T156184) $wgRawHtml will no longer apply to internationalization messages. 3700* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is 3701 installed. 3702* (T154872) Fix incorrect ar_usertext_timestamp index names in new 1.28 3703 installs. 3704* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow 3705 redirect to interwiki links. 3706* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when 3707 $wgAdvancedSearchHighlighting is true. 3708* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep 3709 their values out of the logs. 3710* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a 3711 CSRF token. 3712* (T156184) SECURITY: Escape content model/format url parameter in message. 3713* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD 3714 declaration. 3715* (T161453) SECURITY: LocalisationCache will no longer use the temporary 3716 directory in it's fallback chain when trying to work out where to write the 3717 cache. 3718* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file 3719 inclusion syntax's link parameter. 3720* (T108138) SECURITY: Sysops can undelete pages, although the page is protected 3721 against it. 3722 3723== MediaWiki 1.28 == 3724 3725=== Changes since 1.28.0-rc1 === 3726* (T148957) Replace wgShowExceptionDetails with wgShowDBErrorBacktrace on db 3727 errors. 3728* (T148956) Only apply wgDBschema to postgres/mssql. 3729* (T145991) Introduce separate log action for deleting pages on move. 3730* (T141474) (T110464) Bypass login page if no user input is required. 3731 3732=== Changes since 1.28.0-rc0 === 3733* (T142210) The changes to move the parser "NewPP limit report" from a HTML 3734 comment to a machine-readable JavaScript config option 'wgPageParseReport' 3735 have been undone. They caused the human-readable limit report to be shown 3736 incompletely or not at all. ParserOutput::setLimitReportData() and 3737 getLimitReportData() behave as they did in MediaWiki 1.27 again. 3738* (T149510) Value of {{DISPLAYTITLE:}} parser function will not be used for 3739 the text of subheadings on a category page when creating it. This wasn't 3740 working correctly. 3741* (T106793) MediaWiki will no longer try to perform a HTTP redirect to the 3742 canonical pretty URL when a non-pretty URL is used. It resulted in redirect 3743 loops in some clients and in some server configurations. This undoes a change 3744 made in MediaWiki 1.26. 3745* (T149759) manifest_version: 2 was removed. 3746 3747=== Configuration changes in 1.28 === 3748* $wgSend404Code now affects status code of action=history if the page is not 3749 there. 3750* BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests 3751 made by MediaWiki via a proxy. Relying on the http_proxy environment 3752 variable is no longer supported. 3753* The load.php entry point now enforces the existing policy of not allowing 3754 access to session data, which includes the session user and the session 3755 user's language. If such access is attempted, an exception will be thrown. 3756* The number of internal PBKDF2 iterations used to derive the session secret 3757 is configurable via $wgSessionPbkdf2Iterations. 3758* Upload dialog's file upload log comment can now be configured separately for 3759 local and foreign uploads. 3760* $wgForeignUploadTargets now defaults to `[ 'local' ]`, where `'local'` 3761 signifies local uploads. A value of `[]` (empty array) now means that 3762 no upload targets are allowed, effectively disabling the upload dialog. 3763* The deprecated $wgEditEncoding variable has been removed; it was only used 3764 for Esperanto language character conversion. You are now recommended to use 3765 input methods provided by the UniversalLanguageSelector extension. 3766* When $wgPingback is true, MediaWiki will periodically ping 3767 https://www.mediawiki.org/beacon with basic information about the local 3768 MediaWiki installation. This data includes, for example, the type of system, 3769 PHP version, and chosen database backend. This behavior is off by default. 3770* When $wgEditSubmitButtonLabelPublish is true, MediaWiki will label the button 3771 to store-to-database-and-show-to-others as "Publish page"/"Publish changes"; 3772 if false, the default, they will be "Save page"/"Save changes". 3773* The 'editcontentmodel' permission is now granted to all logged-in users 3774 ('user'). 3775 instead of just administrators ('sysop'). Documentation for this feature is 3776 available at <https://www.mediawiki.org/wiki/Help:ChangeContentModel>. 3777* $wgRevisionCacheExpiry is now set to one week by default instead of being 3778 disabled. 3779* Magic links are now disabled by default, and can be re-enabled by modifying 3780 the value of $wgEnableMagicLinks. Their usage is discouraged, but if they are 3781 manually enabled, a tracking category will be added to help identify usage and 3782 make it easier to migrate away from. If you depend upon magic link 3783 functionality, it is requested that you comment on 3784 <https://www.mediawiki.org/wiki/Requests_for_comment/Future_of_magic_links> 3785 and explain your use case(s). 3786* New config variable $wgCSPFalsePositiveUrls to control what URLs to ignore 3787 in upcoming Content-Security-Policy feature's reporting. 3788 3789=== New features in 1.28 === 3790* User::isBot() method for checking if an account is a bot role account. 3791* Added a new 'slideshow' mode for galleries. 3792* Added a new hook, 'UserIsBot', to aid in determining if a user is a bot. 3793* Added a new hook, 'ApiMakeParserOptions', to allow extensions to better 3794 interact with API parsing. 3795* Added a new hook, 'UploadVerifyUpload', which can be used to reject a file 3796 upload. Unlike 'UploadVerifyFile' it provides information about upload comment 3797 and the file description page, but does not run for uploads to stash. 3798* (T141604) Extensions can now provide a better error message when their 3799 maintenance scripts are run without the extension being installed. 3800* (T8948) Numeric sorting in categories is now supported by setting 3801 $wgCategoryCollation to 'uca-default-u-kn' or 'uca-<langcode>-u-kn'. If you 3802 can't use UCA collations, a 'numeric' collation is also available. If 3803 migrating from another collation, you will need to run the updateCollation.php 3804 maintenance script. 3805* Two new codes have been added to #time parser function: "xit" for days in 3806 current month, and "xiz" for days passed in the year, both in Iranian 3807 calendar. 3808* mw.Api has a new option, useUS, to use U+001F (Unit Separator) when 3809 appropriate for sending multi-valued parameters. This defaults to true when 3810 the mw.Api instance seems to be for the local wiki. 3811* After a client performs an action which alters a database that has replica 3812 databases, MediaWiki will wait for the replica databases to synchronize with 3813 the master database while it renders the HTML output. However, if the output 3814 is a redirect to another wiki on the wiki farm with a different domain, 3815 MediaWiki will instead alter the redirect URL to include a ?cpPosTime 3816 parameter that triggers the database synchronization when the URL is followed 3817 by the client. The same-domain case uses a new cpPosTime cookie. 3818* Added new hooks, 'ApiQueryBaseBeforeQuery', 'ApiQueryBaseAfterQuery', and 3819 'ApiQueryBaseProcessRow', to make it easier for extensions to add 'prop' and 3820 'show' parameters to existing API query modules. 3821 3822=== External library changes in 1.28 === 3823 3824==== Upgraded external libraries ==== 3825* Updated es5-shim from v4.1.5 to v4.5.8 3826* Updated composer/semver from v1.4.1 to v1.4.2 3827* Updated wikimedia/php-session-serializer from v1.0.3 to v1.0.4 3828 3829==== New external libraries ==== 3830* Added wikimedia/scoped-callback v1.0.0 3831* Added wikimedia/wait-condition-loop v1.0.1 3832 3833=== Bug fixes in 1.28 === 3834* (T146496) action=history pages should return 404 HTTP error code if the page 3835 does not exist 3836* (T137264) SECURITY: XSS in unclosed internal links 3837* (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks 3838* (T133147) SECURITY: Require login to preview user CSS pages 3839* (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is 3840 the top file 3841* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in 3842 permissions 3843* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true 3844* (T139670) Move 'UserGetRights' call before application of 3845 Session::getAllowedUserRights() 3846 3847=== Action API changes in 1.28 === 3848* Added 'maxarticlesize' property to action=query&meta=siteinfo which contains 3849 the value of $wgMaxArticleSize. 3850* Property 'modulemessages' from action=parse&prop=modules was removed 3851 (deprecated since 1.26). 3852* The following response properties from action=login, deprecated in 1.27, are 3853 now removed: lgtoken, cookieprefix, sessionid. Clients should handle cookies 3854 to properly manage session state. 3855* Submitting the lgtoken and lgpassword parameters in the query string to 3856 action=login is now deprecated and outputs a warning. They should be submitted 3857 in the POST body instead. 3858* Submitting sensitive authentication request parameters to action=clientlogin, 3859 action=createaccount, action=linkaccount, and action=changeauthenticationdata 3860 in the query string is now deprecated and outputs a warning. They should be 3861 submitted in the POST body instead. 3862* (T141960) Multi-valued parameters may now be separated using U+001F 3863 (Unit Separator) instead of the pipe character. This will be useful if some of 3864 the multiple values need to contain pipes, e.g. for action=options. 3865* The API will now warn if input is not NFC-normalized Unicode or if it 3866 contains invalid characters. 3867* The 'normalized' list output by action=query and other modules that use 3868 ApiPageSet may contain entries where the 'from' value is percent-encoded as 3869 the raw value cannot be represented in a valid API response. These are 3870 indicated by a 'fromencoded' boolean alongside the existing 'from' parameter. 3871* (T28680) action=paraminfo can now return info about all submodules of a 3872 module without listing them all explicitly. 3873* (T146770) It is now possible to assert that the current user is a specific 3874 named user, using the 'assertuser' parameter. 3875* (T141963) Added a 'known' property when missing-but-known titles (e.g. from 3876 the 'TitleIsAlwaysKnown' hook) are output in various modules. 3877 3878=== Action API internal changes in 1.28 === 3879* Added a new hook, 'ApiMakeParserOptions', to allow extensions to better 3880 interact with ApiParse and ApiExpandTemplates. 3881* (T139565) SECURITY: API: Generate head items in the context of the given title 3882* (T115333) SECURITY: Check read permission when loading page content in 3883 ApiParse 3884* ApiBase::getResultData() was removed (deprecated since 1.25) 3885* ApiBase::makeHelpArrayToString() was removed (deprecated since 1.25) 3886* ApiBase::makeHelpMsgParameters() was removed (deprecated since 1.25) 3887* ApiBase::makeHelpMsg() was removed (deprecated since 1.25) 3888* ApiFormatBase::formatHTML() was removed (deprecated since 1.25) 3889* ApiFormatBase::getNeedsRawData() was removed (deprecated since 1.25) 3890* ApiFormatBase::getWantsHelp() was removed (deprecated since 1.25) 3891* ApiFormatBase::setBufferResult() was removed (deprecated since 1.25) 3892* ApiFormatBase::setHelp() was removed (deprecated since 1.25) 3893* ApiFormatBase::setUnescapeAmps() was removed (deprecated since 1.25) 3894* ApiMain::makeHelpMsgHeader() was removed (deprecated since 1.25) 3895* ApiMain::reallyMakeHelpMsg() was removed (deprecated since 1.25) 3896* ApiMain::setHelp() was removed (deprecated since 1.25) 3897* ApiResult::beginContinuation() was removed (deprecated since 1.25) 3898* ApiResult::cleanUpUTF8() was removed (deprecated since 1.25) 3899* ApiResult::convertStatusToArray() was removed (deprecated since 1.25) 3900* ApiResult::disableSizeCheck() was removed (deprecated since 1.24) 3901* ApiResult::enableSizeCheck() was removed (deprecated since 1.24) 3902* ApiResult::endContinuation() was removed (deprecated since 1.25) 3903* ApiResult::getData() was removed (deprecated since 1.25) 3904* ApiResult::getIsRawMode() was removed (deprecated since 1.25) 3905* ApiResult::setContent() was removed (deprecated since 1.25) 3906* ApiResult::setContinueParam() was removed (deprecated since 1.25) 3907* ApiResult::setElement() was removed (deprecated since 1.25) 3908* ApiResult::setGeneratorContinueParam() was removed (deprecated since 1.25) 3909* ApiResult::setIndexedTagName_internal() was removed (deprecated since 1.25) 3910* ApiResult::setIndexedTagName_recursive() was removed (deprecated since 1.25) 3911* ApiResult::setMainForContinuation() was removed (deprecated since 1.25) 3912* ApiResult::setParsedLimit() was removed (deprecated since 1.25) 3913* ApiResult::setRawMode() was removed (deprecated since 1.25) 3914* ApiResult::size() was removed (deprecated since 1.25) 3915* Added new hooks, 'ApiQueryBaseBeforeQuery', 'ApiQueryBaseAfterQuery', and 3916 'ApiQueryBaseProcessRow', to make it easier for extensions to add 'prop' and 3917 'show' parameters to existing API query modules. A query module can enable 3918 these hooks by passing an array for $hookData to ApiQueryBase::select() and 3919 by calling ApiQueryBase->processRow() before adding a row's data to the 3920 result. 3921 3922=== Languages updated in 1.28 === 3923 3924MediaWiki supports over 375 languages. Many localisations are updated 3925regularly. Below only new and removed languages are listed, as well as 3926changes to languages because of Phabricator reports. 3927 3928* (T137411) ban (Balinese), thanks to translators Adi Mayndra, Andru, 3929 BASAbali, M. Adiputra, Naval Scene, Nemo bis, NoiX180, and 아라. 3930* (T135867) shn (Shan), thanks to translators Khun Sar, Piangpha, 3931 Saiddzone Saimawnkham, Saosukham, and Sengwan. 3932* Czech (cs) and Slovak (sk) set as reciprocal fallbacks. 3933* (T146744) Livvi-Karelian (olo) namespace messages created thanks to translator 3934 Ilja.mos. 3935 3936=== Other changes in 1.28 === 3937* (T128697) Improved handling of large diffs. 3938* [BREAKING CHANGE] $wgExtendedLoginCookies has been removed. You can 3939 use or update a custom session provider if needed. 3940* Deprecated APIEditBeforeSave hook in favor of EditFilterMergedContent. 3941* The 'UploadVerification' hook is deprecated. Use 'UploadVerifyFile' instead. 3942* SiteConfiguration::isLocalVHost() was removed (deprecated since 1.25). 3943* The 'UserLoginComplete' hook has a new parameter to differentiate between 3944 actual login and visiting the login page while already logged in. 3945* ResourceLoader::makeLoaderURL() was removed (deprecated since 1.24). 3946* $.fn.liveAndTestAtStart was removed (deprecated since 1.24). 3947* mw.util.tooltipAccessKeyPrefix was removed (deprecated since 1.24). 3948* mw.util.tooltipAccessKeyRegexp was removed (deprecated since 1.24). 3949* Linker::link() and Linker::linkKnown() were deprecated; please instead use 3950 MediaWiki\Linker\LinkRenderer. In addition, the LinkBegin and LinkEnd hooks 3951 were replaced by HtmlPageLinkRendererBegin and HtmlPageLinkRendererEnd 3952 respectively. See docs/hooks.txt for the specific changes needed for those 3953 hooks. 3954* Linker::formatSize() was deprecated. Use Language::formatSize() directly. 3955* Aliases for Linker methods, deprecated since 1.21, were removed from Skin: 3956 * Skin::commentBlock() (use Linker::commentBlock() instead) 3957 * Skin::generateRollback() (use Linker::generateRollback() instead) 3958 * Skin::link() (use MediaWiki\Linker\LinkRenderer instead) 3959 * Skin::linkKnown() (use MediaWiki\Linker\LinkRenderer instead) 3960 * Skin::userLink() (use Linker::userLink() instead) 3961 * Skin::userToolLinks() (use Linker::userToolLinks() instead) 3962* Disabled "bug 2702" HTML tidying of parsed UI messages on wikis where Tidy is 3963 disabled. 3964* DifferenceEngine::generateDiffBody() was removed (deprecated since 1.21). 3965* UploadBase::stashFileGetKey() and UploadBase::stashSession() were deprecated. 3966 Use ...->stashFile()->getFileKey() instead. 3967* "Public domain" was removed as a wiki license option from the installer, in 3968 favour of CC-0. 3969* AuthenticationRequest::$required is now changed from REQUIRED to 3970 PRIMARY_REQUIRED on requests needed by primary providers even if all primaries 3971 need them. 3972 Primary providers are discouraged from returning multiple REQUIRED requests. 3973* OOjs UI PHP widgets constructed with the `'infusable' => true` config option 3974 will no longer be automatically infused. You should call `OO.ui.infuse()` 3975 on them yourself from your JavaScript code. 3976* parserTests.php has moved to tests/parser/parserTests.php 3977* The command line options specific to parser tests have been removed from 3978 phpunit.php: --regex and --keep-uploads. Instead of --regex, use --filter. 3979 Instead of --keep-uploads, use the same option to parserTests.php, but you 3980 must specify a directory with --upload-dir. 3981* The 'jquery.arrowSteps' ResourceLoader module is now deprecated. 3982* IP::isConfiguredProxy() and IP::isTrustedProxy() were removed. Callers should 3983 migrate to using the same functions on a ProxyLookup instance, obtainable from 3984 MediaWikiServices. 3985* The ArticleAfterFetchContent, ArticleInsertComplete, ArticleSave, 3986 ArticleSaveComplete, ArticleViewCustom, EditFilterMerged, EditPageGetDiffText, 3987 EditPageGetPreviewText and ShowRawCssJs hooks will now emit deprecation 3988 warnings if used. 3989* (T68404) CSS3 attr() function with url type is no longer allowed 3990 in inline styles. 3991* Database::getSearchEngine() is deprecated, use 3992 SearchEngineFactory::getSearchEngineClass instead. 3993 3994== Compatibility == 3995 3996MediaWiki 1.28 requires PHP 5.5.9 or later. There is experimental support for 3997HHVM 3.6.5 or later. 3998 3999MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but 4000support for them is somewhat less mature. There is experimental support for 4001Oracle and Microsoft SQL Server. 4002 4003The supported versions are: 4004 4005* MySQL 5.0.3 or later 4006* PostgreSQL 8.3 or later 4007* SQLite 3.3.7 or later 4008* Oracle 9.0.1 or later 4009* Microsoft SQL Server 2005 (9.00.1399) 4010 4011== Upgrading == 4012 40131.28 has several database changes since 1.27, and will not work without schema 4014updates. Note that due to changes to some very large tables like the revision 4015table, the schema update may take quite long (minutes on a medium sized site, 4016many hours on a large site). 4017 4018If upgrading from before 1.11, and you are using a wiki as a commons 4019repository, make sure that it is updated as well. Otherwise, errors may arise 4020due to database schema changes. 4021 4022If upgrading from before 1.7, you may want to run refreshLinks.php to ensure 4023new database fields are filled with data. 4024 4025If you are upgrading from MediaWiki 1.4.x or earlier, you should upgrade to 40261.5 first. The upgrade script maintenance/upgrade1_5.php has been removed 4027with MediaWiki 1.21. 4028 4029Don't forget to always back up your database before upgrading! 4030 4031See the file UPGRADE for more detailed upgrade instructions. 4032 4033For notes on 1.27.x and older releases, see HISTORY. 4034 4035== Online documentation == 4036 4037Documentation for both end-users and site administrators is available on 4038MediaWiki.org, and is covered under the GNU Free Documentation License (except 4039for pages that explicitly state that their contents are in the public domain): 4040 4041 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation 4042 4043== Mailing list == 4044 4045A mailing list is available for MediaWiki user support and discussion: 4046 4047 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l 4048 4049A low-traffic announcements-only list is also available: 4050 4051 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce 4052 4053It's highly recommended that you sign up for one of these lists if you're 4054going to run a public MediaWiki, so you can be notified of security fixes. 4055 4056== IRC help == 4057 4058There's usually someone online in #mediawiki on irc.freenode.net. 4059 4060= MediaWiki 1.27 = 4061 4062== MediaWiki 1.27.7 == 4063 4064This is a maintenance release of the MediaWiki 1.27 branch. 4065 4066=== Changes since MediaWiki 1.27.6 === 4067* Add missing `use MediaWiki\MediaWikiServices;` to LogEventsList.php. 4068* Remove broken tests from ApiBlockTest.php. 4069 4070== MediaWiki 1.27.6 == 4071 4072This is a security and maintenance release of the MediaWiki 1.27 branch. 4073 4074=== Changes since MediaWiki 1.27.5 === 4075* (T204729) WatchedItemStore::countVisitingWatchersMultiple() shouldn't query 4076 all titles when asked for none. 4077* (T109121) Remove deprecated pear/mail_mime-decode from composer suggested 4078 libraries. 4079* (T207241) Augment precision of updatelist time. 4080* (T207540) Include IP address in "Login for $1 succeeded" log entry. 4081* (T205765) Don't link to the obsolete "Extension Matrix" page in installer. 4082* (T207603) SECURITY: User JS may no longer be loaded with mime type 4083 text/javascript if there is no account associated with the username. 4084* (T113042) SECURITY: Do not allow loading pages raw with a text/javascript MIME 4085 type if non-admins can edit the page. 4086* (T207541) Pass email address to mail(). 4087* (T209335) Clarify the default sidebar 'Help' link is about MediaWiki itself. 4088* (T213359) Update mediawiki/mediawiki-codesniffer to 0.8.1. 4089* (T208871) The hard-coded Google search form on the database error page was 4090 removed. 4091* (T216968) Return pageid as int in both list=iwbacklinks and 4092 list=langbacklinks. 4093* (T218608) Fix an issue that prevents Extension:OAuth working when 4094 $wgBlockDisablesLogin is true. 4095* (T219728) Added support for new Japanese era name "Reiwa". 4096* (T25227) SECURITY: action=logout now requires to be posted and have a csrf 4097 token. 4098* SpecialPage::checkLoginSecurityLevel() will now preserve POST data when 4099 reauthenticating. 4100* FormSpecialPage::execute() will now call checkLoginSecurityLevel() if 4101 getLoginSecurityLevel() returns non-false. 4102* (T197279) SECURITY: Fix reauth in Special:ChangeEmail. 4103* (T208881) SECURITY: blacklist CSS var(). 4104* (T209794) SECURITY: rate-limit and prevent blocked users from changing email. 4105* (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block. 4106* (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query. 4107* (T222036, T222038) SECURITY: Add permission check for user is permitted to 4108 view the log type. 4109* (T221739) SECURITY: resources: Patch jQuery 1.11.3 for CVE-2019-11358. 4110 4111== MediaWiki 1.27.5 == 4112 4113This is a security and maintenance release of the MediaWiki 1.27 branch. 4114 4115=== Changes since 1.27.4 === 4116* (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides 4117 'newbie'. 4118* (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's 4119 account lock. 4120* Upgraded Moment.js from v2.8.4 to v2.19.3. 4121* (T160298) Fixed Special:ActiveUsers due to bad backport. 4122* (T87572) Make FormatMetadata::flattenArrayReal() work for an associative 4123 array. 4124* Updated list of SPDX licenses for extensions. 4125* (T189567) the CLI installer (maintenance/install.php) learned to detect and 4126 include extensions. Pass --with-extensions to enable that feature. 4127* (T192584) Stop incorrectly passing USE INDEX to RecentChange::newFromConds(). 4128* Add default edit rate limit of 90 edits/minute for all users. 4129* (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported. 4130* (T196672) The mtime of extension.json files is now able to be zero. 4131* (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete 4132 hook. 4133* (T180403) Validate $length in padleft/padright parser functions. 4134* (T143790) Make $wgEmailConfirmToEdit only affect edit actions. 4135* Special:BotPasswords now requires reauthentication. 4136* (T191608, T187638) Add 'logid' parameter to Special:Log. 4137* (T193829) Indicate when a Bot Password needs reset. 4138* (T151415) Log email changes. 4139* (T118420) Unbreak Oracle installer. 4140 4141== MediaWiki 1.27.4 == 4142This is a security and maintenance release of the MediaWiki 1.27 branch. 4143 4144=== Changes since 1.27.3 === 4145* (T100085) Better handling of jobs execution in post-connection shutdown. 4146* (T141604) Support conditionally registered namespaces. 4147* (T167798) Fix highlighting for phrase queries and phrase search. 4148* (T151136) Provide credits information to callbacks. 4149* (T160462) Allow namespaces defined in extension.json to be overwritten 4150 locally. 4151* (T168856) Allow SVGs created by Dia to be uploaded. 4152* (T144705) (T148662) Password reset link is no longer shown when no reset 4153 options are available. 4154* (T143788) (T174262) Various backports for PHP 7.0 and 7.1 support. 4155* (T66795) $wgUserEmailUseReplyTo is now true by default to work around 4156 restrictive DMARC policies. 4157* DB_REPLICA constant added from REL1_28+ to ease backports to extensions and 4158 core. 4159* (T175439) Unbreak Postgres Updater when setting defaults for a column. 4160* (T160298) Remove use of implicitGroupBy() in ActiveUsersPager. 4161* (T142304) Allow putting the app ID in the password for bot passwords. 4162* Updated dev dependancy phpunit/phpunit from v4.8.24 to v4.8.36. 4163* (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and 4164 browser sends non-standard url escaping. 4165* (T165846) SECURITY: BotPassword login attempts weren't throttled. 4166* (T128209) SECURITY: Reflected File Download from api.php. 4167* (T134100) SECURITY: Do not reveal if user exists during login failure. 4168* (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS. 4169* (T125163) SECURITY: Make anchor for headlines escape > and <. 4170* (T180237) SECURITY: Protect vendor folder with .htaccess. 4171* (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in 4172 update.php. 4173* (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit. 4174* (T119158) SECURITY: Handle -{}- syntax in attributes safely. 4175 4176== MediaWiki 1.27.3 == 4177Due to a packaging error, the wrong version of the SyntaxHighlight extension was 4178included in the tarball version of MediaWiki 1.27.2. The version included had a 4179serious security issue in it (T158689). There was also some minor code fixes in 4180MediaWiki itself since 1.27.2, but none of them were security relevant. 4181 4182=== Changes since 1.27.2 === 4183* (T145664) Fix broken wincache merge() implementation 4184* (T163434) Add wikimedia/testing-access-wrapper for forwards compatibility 4185* (T153505) Fix php warnings on php 7.1 due to use of &$this 4186 4187== MediaWiki 1.27.2 == 4188This is a security and maintenance release of the MediaWiki 1.27 branch. 4189 4190ApiCreateAccount was removed in 1.27.0. It was incorrectly still marked as 4191deprecated (rather than already removed) in the RELEASE-NOTES at the point 41921.27.0 was released. 4193 4194=== Changes since 1.27.1 === 4195 4196* (T68404) CSS3 attr() function with url type argument is no longer allowed 4197 in inline styles. 4198* $wgRunJobsAsync is now false by default (T142751). This change only affects 4199 wikis with $wgJobRunRate > 0. 4200* (T152717) Better escaping for PHP mail() command 4201* Submitting the lgtoken and lgpassword parameters in the query string to 4202 action=login is now deprecated and outputs a warning. They should be submitted 4203 in the POST body instead. 4204* Submitting sensitive authentication request parameters to action=clientlogin, 4205 action=createaccount, action=linkaccount, and action=changeauthenticationdata 4206 in the query string is now deprecated and outputs a warning. They should be 4207 submitted in the POST body instead. 4208* (T158766) Avoid SQL error on MSSQL when using selectRowCount() 4209* (T145635) Fix too long index error when installing with MSSQL. 4210* (T156184) $wgRawHtml will no longer apply to internationalization messages. 4211* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is 4212 installed. 4213* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow 4214 redirect to interwiki links. 4215* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when 4216 $wgAdvancedSearchHighlighting is true. 4217* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep 4218 their values out of the logs. 4219* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a 4220 CSRF token. 4221* (T156184) SECURITY: Escape content model/format url parameter in message. 4222* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD 4223 declaration. 4224* (T161453) SECURITY: LocalisationCache will no longer use the temporary 4225 directory in it's fallback chain when trying to work out where to write the 4226 cache. 4227* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file 4228 inclusion syntax's link parameter. 4229* (T108138) SECURITY: Sysops can undelete pages, although the page is protected 4230 against it. 4231 4232== MediaWiki 1.27.1 == 4233 4234This is a maintenance release of the MediaWiki 1.27 branch. 4235 4236=== Changes since 1.27.0 === 4237* BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests 4238 made by MediaWiki via a proxy. Relying on the http_proxy environment 4239 variable is no longer supported. 4240* (T139565) SECURITY: API: Generate head items in the context of the given title 4241* (T137264) SECURITY: XSS in unclosed internal links 4242* (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks 4243* (T133147) SECURITY: Require login to preview user CSS pages 4244* (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is 4245 the top file 4246* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in 4247 permissions 4248* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true 4249* (T115333) SECURITY: Check read permission when loading page content in 4250 ApiParse 4251* (T57548) Remove support for $wgWellFormedXml = false, all output is now well 4252 formed 4253* (T139670) Move 'UserGetRights' call before application of 4254 Session::getAllowedUserRights() 4255 4256== MediaWiki 1.27.0 == 4257 4258=== PHP version requirement in 1.27 === 4259As of 1.27, MediaWiki now requires PHP 5.5.9 or higher (see Compatibility 4260section). Additionally, the following PHP extensions are required: 4261* ctype 4262* iconv 4263* json 4264* mbstring (new requirement in 1.27) 4265* xml 4266The following PHP extensions are strongly recommended: 4267* openssl 4268 4269=== Configuration changes in 1.27 === 4270* $wgAllowMicrodataAttributes and $wgAllowRdfaAttributes were removed, 4271 now always enabled. If you use RDFa on your wiki, you now have to explicitly 4272 set $wgHtml5Version to 'HTML+RDFa 1.0' or 'XHTML+RDFa 1.0'. 4273* $wgUseLinkNamespaceDBFields was removed. 4274* Deprecated $wgResourceLoaderMinifierStatementsOnOwnLine and 4275 $wgResourceLoaderMinifierMaxLineLength, because there was little value in 4276 making the behavior configurable. The default values (`false` for the former, 4277 1000 for the latter) are now hard-coded. 4278* $wgDebugDumpSqlLength was removed (deprecated in 1.24). 4279* $wgDebugDBTransactions was removed (deprecated in 1.20). 4280* $wgUseXVO has been removed, as it provides functionality only used by 4281 custom Wikimedia patches against Squid 2.x that probably noone uses in 4282 production anymore. There is now $wgUseKeyHeader that provides similar 4283 functionality but instead of the MediaWiki-specific X-Vary-Options header, 4284 uses the draft Key header standard. 4285* $wgScriptExtension (and support for '.php5' entry points) was removed. See the 4286 deprecation notice in the release notes for version 1.25 for advice on how to 4287 preserve support for '.php5' entry points via URL rewriting. 4288* Password handling via the User object has been deprecated and partially 4289 removed, pending the future introduction of AuthManager. In particular: 4290** expirePassword(), getPasswordExpireDate(), resetPasswordExpiration(), and 4291 getPasswordExpired() have been removed. They were unused outside of core. 4292** The mPassword, mNewpassword, mNewpassTime, and mPasswordExpires fields are 4293 now private and will be removed in the future. 4294** The getPassword() and getTemporaryPassword() methods now throw 4295 BadMethodCallException and will be removed in the future. 4296** The ability to pass 'password' and 'newpassword' to createNew() has been 4297 removed. The only users of it seem to have been using it to set invalid 4298 passwords, and so shouldn't be greatly affected. 4299** setPassword(), setInternalPassword(), and setNewpassword() have been 4300 deprecated, pending the introduction of AuthManager. 4301** User::randomPassword() is deprecated in favor of a new method 4302 PasswordFactory::generateRandomPasswordString() 4303** User::getPasswordFactory() is deprecated, callers should just create a 4304 PasswordFactory themselves. 4305** A new constructor, User::newSystemUser(), has been added to simplify the 4306 creation of passwordless "system" users for logged actions. 4307* $wgMaxSquidPurgeTitles was removed. 4308* $wgAjaxWatch was removed. This is now enabled by default. 4309* $wgUseInstantCommons now hotlinks Commons images by default instead of 4310 downloading originals and thumbnailing them locally. This allows wikis to save 4311 on CPU and bandwidth while reducing time to first byte for pages, even without 4312 a thumbnail handler. See $wgForeignFileRepos documentation for tweaks. 4313* (T27397) WebP is enabled by default as an uploadable filetype. 4314* (T48998) $wgArticlePath must now be either a full url, or start with a "/". 4315* $wgRateLimitLog was removed; use $wgDebugLogGroups['ratelimit'] instead. 4316* Deprecated API formats dbg, txt, and yaml have been removed. 4317* CLDRPluralRule* classes have been replaced with 4318 wikimedia/cldr-plural-rule-parser. 4319* Removed $wgProfilePerHost, $wgUDPProfilerHost, $wgUDPProfilerPort, 4320 $wgUDPProfilerFormatString, $wgStatsMethod, $wgAggregateStatsID, 4321 $wgStatsFormatString, and $wgProfileCallTree (deprecated since 1.20). 4322* For proper operation of LocalIdLookup with shared user tables, ensure that 4323 $wgSharedDB and $wgSharedTables are properly set even on the "central" wiki 4324 that all others are sharing from and that $wgLocalDatabases is set to the 4325 full list of sharing wikis on all those wikis. 4326* Massive overhaul to session handling: 4327** $wgSessionsInObjectCache is no longer supported and must be true, due to 4328 MediaWiki\Session\SessionManager. $wgSessionHandler is similarly no longer 4329 used. 4330** ObjectCacheSessionHandler is removed, replaced with 4331 MediaWiki\Session\PhpSessionHandler. 4332** PHP session handling in general ($_SESSION, session_id(), and so on) is 4333 deprecated. Use MediaWiki\Session\SessionManager instead. A new config 4334 variable, $wgPHPSessionHandling, is available to cause use of $_SESSION to 4335 issue a deprecation warning or to cause most PHP session handling to throw 4336 exceptions. 4337** Deprecated UserSetCookies hook. Session-handling extensions should generally 4338 be creating a custom subclass of CookieSessionProvider. Other extensions 4339 messing with cookies can no longer count on user data being saved in cookies 4340 versus other methods. 4341** Deprecated UserLoadFromSession hook, extensions should create a 4342 MediaWiki\Session\SessionProvider. 4343** The User cannot be loaded from session until after Setup.php completes. 4344 Attempts to do so will be ignored and the User will remain unloaded. 4345** CSRF tokens may be fetched from the MediaWiki\Session\Session, which uses 4346 the MediaWiki\Session\Token class. 4347* MediaWiki will now auto-create users as necessary, removing the need for 4348 extensions to do so. An 'autocreateaccount' right is added to allow 4349 auto-creation when 'createaccount' is not granted to all users. 4350* Deprecated AuthPluginAutoCreate hook in favor of LocalUserCreated. 4351* Most cookie-handling methods in User are deprecated. 4352* $wgAllowAsyncCopyUploads and $CopyUploadAsyncTimeout were removed. This was an 4353 experimental feature that has never worked. 4354* Login and createaccount tokens now vary by timestamp. 4355* LoginForm::getLoginToken() and LoginForm::getCreateaccountToken() 4356 return a MediaWiki\Session\Token, and tokens must be checked using that 4357 class's methods. 4358* $wgEnotifUseJobQ was removed and the job queue is always used. 4359* The functionality of the ApiSandbox extension has been merged into core. The 4360 extension should no longer be used. 4361* $wgPreloadJavaScriptMwUtil was removed (deprecated in 1.26). 4362 Extensions, skins, gadgets and scripts that use the mediawiki.util module must 4363 express a dependency on it. 4364* $wgIncludeLegacyJavaScript, deprecated in MediaWiki 1.26, now defaults false. 4365 Extensions, skins, gadgets and scripts that need the mediawiki.legacy.wikibits 4366 module should express a dependency on it. 4367* Removed configuration option $wgCopyrightIcon (deprecated since 1.18). Use 4368 $wgFooterIcons['copyright']['copyright'] instead. 4369* If the openssl and mcrypt PHP extensions are both unavailable, secure 4370 session storage (used for login) will raise an exception. This exception may 4371 be bypassed by setting $wgSessionInsecureSecrets = true. 4372* Massive overhaul to authentication: 4373** AuthPlugin and AuthPluginUser are deprecated. 4374** LoginForm and associated templates are deprecated. Extensions which called 4375 static LoginForm methods should be converted into authentication providers. 4376** The following hooks are deprecated: 4377*** AbortAutoAccount (create a MediaWiki\Auth\PreAuthenticationProvider instead) 4378*** AbortLogin (create a MediaWiki\Auth\PreAuthenticationProvider instead) 4379*** AbortNewAccount (create a MediaWiki\Auth\PreAuthenticationProvider instead) 4380*** AddNewAccount (use LocalUserCreated instead) 4381*** AuthPluginSetup (create a MediaWiki\Auth\PrimaryAuthenticationProvider 4382 instead) 4383*** ChangePasswordForm (use AuthChangeFormFields instead, or security levels) 4384*** LoginUserMigrated (create a MediaWiki\Auth\PreAuthenticationProvider 4385 instead) 4386*** UserCreateForm (create a MediaWiki\Auth\AuthenticationProvider of some type 4387 instead) 4388*** UserLoginForm (create a MediaWiki\Auth\AuthenticationProvider of some type 4389 instead) 4390** The following hooks are removed: 4391*** AbortChangePassword 4392*** LoginPasswordResetMessage 4393*** PrefsPasswordAudit 4394** The UserLoginComplete hook will no longer be called for all logins, only for 4395 those via the web UI. Use UserLoggedIn if you need to do something on all 4396 logins. 4397** $wgRequirePasswordforEmailChange is removed. 4398 4399=== New features in 1.27 === 4400* $wgDataCenterUpdateStickTTL was also added. This decides how long a user 4401 sticks to the primary DC (via cookies) after they make changes to the site. 4402* Added a new hook, 'UserMailerTransformContent', to transform the contents 4403 of an email. This is similar to the EmailUser hook but applies to all mail 4404 sent via UserMailer. 4405* Added a new hook, 'UserMailerTransformMessage', to transform the contents 4406 of an emai after MIME encoding. 4407* Added a new hook, 'UserMailerSplitTo', to control which users have to be 4408 emailed separately (ie. there is a single address in the To: field) so 4409 user-specific changes to the email can be applied safely. 4410* $wgCdnMaxageLagged was added, which limits the CDN cache TTL 4411 when any load balancer uses a DB that is lagged beyond the 'max lag' 4412 setting in the relevant section of $wgLBFactoryConf. 4413* User::newSystemUser() may be used to simplify the creation of passwordless 4414 "system" users for logged actions from scripts and extensions. 4415* Extensions can now return detailed error information via the API when 4416 preventing user actions using 'getUserPermissionsErrors' and similar hooks 4417 by using ApiMessage instances instead of strings for the $result value. 4418* $wgAPIMaxLagThreshold was added to limit bot changes when databases lag 4419 becomes too high. 4420* Skins and extensions can now use FlexBox mixins (.flex-display(@display: flex) 4421 and .flex(@grow: 1, @shrink: 1, @width: auto, @order: 1)) in Less to create 4422 cross-browser-compatible FlexBox rules. Users will still need to add fallback 4423 float rules or the like for compatibility with IE9- separately. 4424* Added MWTimestamp::getTimezoneString() which returns the localized timezone 4425 string, if available. To localize this string, see the comments of 4426 $wgLocaltimezone in includes/DefaultSettings.php. 4427* Added CentralIdLookup, a service that allows extensions needing a concept of 4428 "central" users to get that without having to know about specific central 4429 authentication extensions. 4430* $wgMaxUserDBWriteDuration added to limit huge user-generated transactions. 4431 Regular web request transactions that takes longer than this are aborted. 4432* Added a new hook, 'TitleMoveCompleting', which runs before a page move is 4433 committed. 4434* $wgCdnReboundPurgeDelay was added to provide secondary delayed purges of URLs 4435 from CDN to mitigate DB replication lag and WAN cache purge lag. 4436* (T49162) Installer will default to setting CACHE_ACCEL as the main cache type 4437 if it is available. 4438* It is now possible to patrol file uploads (both for new files and new versions 4439 of existing files). Special:NewFiles has gained an option to filter by patrol 4440 status. This functionality can be disabled using $wgUseFilePatrol. 4441* MediaWiki\Session infrastructure allows for easier use of session mechanisms 4442 other than the usual cookies. 4443** SessionMetadata and SessionCheckInfo hooks allow for setting and checking 4444 custom session metadata. 4445* Added MWGrants and associated configuration settings $wgGrantPermissions and 4446 $wgGrantPermissionGroups to hold configuration for authentication features 4447 such as OAuth that want to allow restricting the user rights a user may make 4448 use of. 4449** If you're already using the OAuth extension, these new variables are 4450 identical to (and will replace) $wgMWOAuthGrantPermissions and 4451 $wgMWOAuthGrantPermissionGroups. 4452* Added MWRestrictions as a class to check restrictions on a WebRequest, e.g. 4453 to assert that the request comes from a particular IP range. 4454* Added bot passwords, a rights-restricted login mechanism for API-using bots. 4455* Whitelisted the following HTML attributes for all elements in wikitext: 4456 aria-describedby, aria-flowto, aria-label, aria-labelledby, aria-owns. 4457* Removed "presentation" restriction on the HTML role attribute in wikitext. 4458 All values are now allowed for the role attribute. 4459* $wgContentHandlers now also supports callbacks to create an instance of the 4460 appropriate ContentHandler subclass. 4461* Added $wgAuthenticationTokenVersion, which if non-null prevents the 4462 user_token database field from being exposed in cookies. Setting this would 4463 be a good idea, but will log out all current sessions. 4464* $wgEventRelayerConfig was added, for managing PubSub event relay 4465 configuration, specifically for reliable CDN url purges. 4466* Requests have unique IDs, equal to the UNIQUE_ID environment variable (when 4467 MediaWiki is behind Apache+mod_unique_id or something similar) or a randomly- 4468 generated 24-character string. This request ID is used to annotate log records 4469 and error messages. It is available client-side via 4470 mw.config.get( 'wgRequestId' ). 4471 The request ID supplants exception IDs. Accordingly, 4472 MWExceptionHandler::getLogId() is deprecated. 4473* (T33313) Add a preference for watching uploads by default, also applies 4474 to API-based upload tools. 4475* $wgJpegPixelFormat was added to override chroma subsampling for JPEG image 4476 thumbnails created via ImageMagick. Defaults to 'yuv420', providing bandwidth 4477 savings versus the previous behavior on many files. 4478* MediaWiki\Auth infrastructure (called "AuthManager") allows for more flexible 4479 configuration of multiple authentication pieces that was possible with 4480 AuthPlugin. For example, it's now easy to plug in second-factor 4481 authentication, or add additional checks to the login process, or to support 4482 multiple login methods at once, or to support non-password-based login 4483 methods. 4484** Providers are configured via the global setting $wgAuthManagerConfig. 4485** A global, $wgDisableAuthManager, is temporarily available to disable 4486 AuthManager until extensions are ready to support it. 4487** New hook, AuthChangeFormFields, to adjust the form fields on 4488 AuthManager-related special pages. 4489** New hook, AuthManagerLoginAuthenticateAudit, for additional logging of 4490 AuthManager-related authentication requests. 4491** New hook, ChangeAuthenticationDataAudit, for additional logging of 4492 AuthManager-related authentication data changes. 4493** New hook, SecuritySensitiveOperationStatus, to work with the new mechanism 4494 for requiring a recent login before taking security-sensitive operations 4495 like changing a password. 4496** Two new globals, $wgChangeCredentialsBlacklist and 4497 $wgRemoveCredentialsBlacklist can be used to prevent the web UI and the API 4498 changing certain authentication data. 4499* The file upload dialog (available if you install WikiEditor or VisualEditor) 4500 can now be configured using $wgUploadDialog. 4501 4502=== External library changes in 1.27 === 4503 4504==== Upgraded external libraries ==== 4505* Updated oojs/oojs-ui from v0.12.12 to v0.13.3. 4506* Updated composer/semver from v1.0.0 to v1.2.0. 4507* Updated liuggio/statsd-php-client to 1.0.18. 4508* Updated QUnit from v1.18.0 to v1.22.0. 4509 4510==== New external libraries ==== 4511* Added wikimedia/base-convert v1.0.1. 4512* Added wikimedia/cldr-plural-rule-parser v1.0.0. 4513* Added wikimedia/relpath v1.0.3. 4514* Added wikimedia/running-stat v1.1.0. 4515* Added wikimedia/php-session-serializer v1.0.3. 4516 4517==== Removed and replaced external libraries ==== 4518 4519=== Bug fixes in 1.27 === 4520* Special:Upload will now display correct maximum allowed file size when running 4521 under HHVM (T116347). 4522* (T54077) The APIEditBeforeSave hook will once again give only the content of 4523 the section being edited, rather than the whole revision. This reverts the 4524 change made in MediaWiki 1.22. 4525 4526=== Action API changes in 1.27 === 4527* Added list=allrevisions. 4528* generator=recentchanges now has the option to generate revids. 4529* ApiPageSet::setRedirectMergePolicy() was added. This allows generator 4530 modules to define how generator data for a redirect source gets merged 4531 into the redirect destination. 4532* prop=imageinfo&iiprop=uploadwarning will no longer include the possibility of 4533 "was-deleted" warning. 4534* Added difftotextpst to query=revisions which preforms a pre-save transform on 4535 the text before diffing it. 4536* Deprecated formats dbg, txt, and yaml have been removed. 4537* (T47988) The protect log event details now use new-style formatting. 4538* The following response properties from action=login are deprecated, and may 4539 be removed in the future: lgtoken, cookieprefix, sessionid. Clients should 4540 handle cookies to properly manage session state. 4541* action=login transparently allows login using bot passwords. Clients should 4542 merely need to change the username and password used after setting up a bot 4543 password. 4544* action=upload no longer understands statuskey, asyncdownload or leavemessage. 4545* Several changes when $wgDisableAuthManager is false: 4546** action=login is deprecated for uses other than bot passwords. 4547** list=users can now indicate if a missing username is creatable. 4548** action=createaccount is changed in a non-backwards-compatible manner. 4549** Added action=query&meta=authmanagerinfo. 4550** Added action=clientlogin to be used to log into the main account instead of 4551 action=login. 4552** Added action=linkaccount. 4553** Added action=unlinkaccount. 4554** Added action=changeauthenticationdata. 4555** Added action=removeauthenticationdata. 4556** Added action=resetpassword. 4557 4558=== Action API internal changes in 1.27 === 4559* ApiQueryORM removed. 4560* The following classes have been removed: 4561** ApiFormatDbg 4562** ApiFormatTxt 4563** ApiFormatYaml 4564* ApiBase::addTokenProperties() was removed (deprecated since 1.24). 4565* ApiBase::getFinalPossibleErrors() was removed (deprecated since 1.24). 4566* ApiBase::getFinalResultProperties() was removed (deprecated since 1.24). 4567* ApiBase::getRequireAtLeastOneParameterErrorMessages() was removed (deprecated 4568 since 1.24). 4569* ApiBase::getPossibleErrors() was removed (deprecated since 1.24). 4570* ApiBase::getRequireMaxOneParameterErrorMessages() was removed (deprecated 4571 since 1.24). 4572* ApiBase::getRequireOnlyOneParameterErrorMessages() was removed (deprecated 4573 since 1.24). 4574* ApiBase::getResultProperties() was removed (deprecated since 1.24). 4575* ApiBase::getTitleOrPageIdErrorMessage() was removed (deprecated since 1.24). 4576* ApiBase::parseErrors() was removed (deprecated since 1.24). 4577* ApiQueryBase::titleToKey(), ApiQueryBase::keyToTitle() and 4578 ApiQueryBase::keyPartToTitle() all removed (deprecated since 1.24). 4579* ApiQueryBase::checkRowCount() was removed (deprecated since 1.24). 4580* ApiQueryBase::getDirectionDescription() was removed (deprecated since 1.25). 4581* ApiQuery::getGenerators() was removed (deprecated since 1.21). 4582* ApiQuery::getModules() was removed (deprecated since 1.21). 4583* ApiQuery::getModuleType() was removed (deprecated since 1.21). 4584* ApiQuery::setGeneratorContinue() was removed (deprecated since 1.24). 4585* ApiMain::getModules() was removed (deprecated since 1.21). 4586* ApiBase::getVersion() was removed (deprecated since 1.21). 4587* ApiMain::getShowVersions() was removed (deprecated in 1.21). 4588* ApiMain::addModule() was removed (deprecated in 1.21). 4589* ApiMain::addFormat() was removed (deprecated in 1.21). 4590* ApiMain::getFormats() was removed (deprecated in 1.21). 4591* ApiPageSet::finishPageSetGeneration() was removed (deprecated in 1.21). 4592* ApiCreateAccount was removed. 4593 4594=== Languages updated in 1.27 === 4595 4596MediaWiki supports over 350 languages. Many localisations are updated 4597regularly. Below only new and removed languages are listed, as well as 4598changes to languages because of Phabricator reports. 4599 4600* (T113688) Change default numerals from Gurmukhi to Arabic for Punjabi locale. 4601* (T116020) Aliases of magic words in MessagesXx.php are sorted by usage. 4602 4603=== Other changes in 1.27 === 4604* Added dependency injection (DI) infrastructure, see docs/injection.txt for 4605 details. 4606 It is planned to incrementally move MediaWiki code towards using DI, using the 4607 service locator (SL) pattern as a stepping stone. 4608* ProfilerOutputUdp was removed. Note that there is a ProfilerOutputStats class. 4609* WikiPage::doDeleteArticleReal() and WikiPage::doDeleteArticle() now 4610 ignore the 2nd and 3rd arguments (formerly $id and $commit). 4611* Removed "loaderScripts" option from ResourceLoaderFileModule class. 4612* Removed ORM-like wrapper added in 1.20. 4613* LinkCache::getGoodLinks and LinkCache::getBadLinks were removed 4614 (deprecated in 1.26). 4615* WikiPage::doQuickEdit() was removed (deprecated since 1.21). 4616* Removed SiteObject and SiteArray classes (deprecated in 1.21). 4617* MessageBlobStore::getInstance() was removed (deprecated since 1.25). 4618* (T84937) Free external links ("autolinked" urls) will now be terminated 4619 by and HTML entity encodings of  , <, and >. 4620* (T36948) The default file revert message's timestamp is now in 4621 $wgLocaltimezone, instead of UTC. 4622* The default name of the 'suppress' group page has been changed from 4623 'Project:Oversight' to 'Project:Suppress'. 4624* DatabaseBase::resultObject() is now protected (use outside Database classes 4625 not necessary since 1.11). 4626* Calling ResourceLoaderFileModule::readStyleFiles() without a 4627 ResourceLoaderContext instance is deprecated. 4628* ResourceLoader::getLessCompiler() now takes an optional parameter of 4629 additional LESS variables to set for the compiler. 4630* wfBaseConvert() marked as deprecated, use Wikimedia\base_convert() directly 4631 instead. 4632* Obsolete maintenance scripts clearCacheStats.php and showCacheStats.php 4633 were removed. The underlying data is sent to StatsD (see $wgStatsdServer). 4634* Removed msg_resource_links database table and associated code. 4635* Removed msg_resource database table and associated code. 4636* Skin::getNamespaceNotice() was removed. 4637* wfIsConfiguredProxy() was removed (deprecated since 1.24). 4638* wfDebugTimer() was removed (deprecated since 1.25). 4639* wfIsTrustedProxy() was removed (deprecated since 1.24). 4640* wfGetIP() was removed (deprecated since 1.19). 4641* MWHookException was removed. 4642* OutputPage::appendSubtitle() was removed (deprecated since 1.19). 4643* OutputPage::loginToUse() was removed (deprecated since 1.19). 4644* Article::loadContent() was removed (deprecated since 1.19). 4645* User::editToken() was removed (deprecated since 1.19). 4646* Removed --force-normal option of dumpBackup.php, as it no longer served 4647 any useful purpose since 1.22. 4648* The functions processOption() and processArgs() on the BackupDumper and 4649 TextPassDumper classes have been removed. 4650* The maintenance/backupTextPass.inc file was deleted. You should include 4651 maintenance/dumpTextPass.php instead. 4652* WikiPage::getUsedTemplates() was removed (deprecated since 1.19). 4653* wfEmptyMsg() was removed (deprecated since 1.18). 4654* OutputPage::permissionRequired() was removed (deprecated since 1.18). 4655* OutputPage::blockedPage() was removed (deprecated since 1.18). 4656* User::getSkin() was removed (deprecated since 1.18). 4657* OutputPage::includeJQuery() was removed (deprecated since 1.17). 4658* WikiPage::updateRestrictions() was removed (deprecated since 1.19). 4659* WikiPage::testPreSaveTransform() was removed (deprecated since 1.19). 4660* LogPage::logName() was removed (deprecated since 1.19). 4661* LogPage::logHeader() was removed (deprecated since 1.19). 4662* wfCheckLimits() was removed (deprecated since 1.24). 4663* Linker::makeKnownLinkObj() was removed (deprecated since 1.16). 4664* Linker::makeLinkObj() was removed (deprecated since 1.16). 4665* wfMsgForContentNoTrans() was removed (deprecated since 1.18). 4666* ChangesList::usePatrol was removed (deprecated since 1.22). 4667* wfMsgNoTrans() was removed (deprecated since 1.18). 4668* Linker::makeImageLink2 was removed (deprecated since 1.20). 4669* Title::userIsWatching() was removed (deprecated since 1.20). 4670* Removed WaitForSlave maintenance script; use SELECT MASTER_POS_WAIT() 4671 database function directly instead. 4672* wfMsg() was removed (deprecated since 1.18). 4673* wfMsgForContent() was removed (deprecated since 1.18). 4674* wfMsgReal() was removed (deprecated since 1.18). 4675* wfMsgGetKey() was removed (deprecated since 1.18). 4676* wfMsgHtml() was removed (deprecated since 1.18). 4677* wfMsgWikiHtml() was removed (deprecated since 1.18). 4678* wfMsgExt() was removed (deprecated since 1.18). 4679* Language::armourMath() was removed (deprecated since 1.22). 4680* LanguageConverter::armourMath() was removed (deprecated since 1.22). 4681* FakeConverter::armourMath() was removed (deprecated since 1.22). 4682* The unused jquery.validate ResourceLoader module was removed. 4683* FileRepo::getRootUrl() was removed (deprecated since 1.20). 4684* User::generateToken() was removed (deprecated since 1.20). 4685* WikiPage::getRawText() was removed (deprecated since 1.21). 4686* ParserOutput::hasCustomDataUpdates() was removed (deprecated since 1.25). 4687* ParserOutput::addSecondaryDataUpdate() was removed (deprecated since 1.25). 4688* ParserOutput::getSecondaryDataUpdates() was removed (deprecated since 1.25). 4689* Gallery images with multiple caption pipes no longer concatenate them all 4690 together but instead pick the final one, similar to image syntax. 4691* XML-like parser tags (such as <gallery>), when unclosed, will be left unparsed 4692 rather than consume everything until the end of the page. 4693* New maintenance script resetUserEmail.php allows sysadmins to reset user 4694 emails in case a user forgot password/account was stolen. 4695* wfCheckEntropy() was removed (deprecated in 1.27). 4696* Browser support for Internet Explorer 8 lowered from Grade A to Grade C. 4697* ContentHandler::supportsCategories method added. Default is true. 4698 CategoryMembershipChangeJob updates are skipped for content that 4699 does not support categories. 4700* wikidiff difference engine is no longer supported, anyone still using it are 4701 encouraged to upgrade to wikidiff2 which is actively maintained and has better 4702 package availability. 4703* Database logic was removed from WatchedItem and a WatchedItemStore was 4704 created: 4705** WatchedItem::IGNORE_USER_RIGHTS and WatchedItem::CHECK_USER_RIGHTS were 4706 deprecated. User::IGNORE_USER_RIGHTS and User::CHECK_USER_RIGHTS were 4707 introduced. 4708** WatchedItem::fromUserTitle was deprecated in favour of the constructor. 4709** WatchedItem::resetNotificationTimestamp was deprecated. 4710** WatchedItem::batchAddWatch was deprecated. 4711** WatchedItem::addWatch was deprecated. 4712** WatchedItem::removeWatch was deprecated. 4713** WatchedItem::isWatched was deprecated. 4714** WatchedItem::duplicateEntries was deprecated. 4715** EmailNotification::updateWatchlistTimestamp was deprecated. 4716** User::getWatchedItem was removed. 4717* Unit tests don't work with external PHPUnit anymore, Composer is now the only 4718 supported way. Run `composer install` to install it and other dev dependencies 4719 to run unit tests. 4720* wl_id field added to the watchlist table. 4721* Revision::getRawText() was removed (deprecated since 1.21). 4722* WikiPage::replaceSection() was removed (deprecated since 1.21). 4723* Article::replaceSection() was removed (deprecated since 1.21). 4724* Language::getLangObj() was removed (deprecated since 1.24). 4725* Language::getLanguageName() was removed (deprecated since 1.20). 4726* Language::getLanguageNames() was removed (deprecated since 1.20). 4727* Language::getTranslatedLanguageNames() was removed (deprecated since 1.20). 4728* Language::specialPage() was removed (deprecated since 1.24). 4729* MediaWikiTestCase::assertException() was removed (deprecated since 1.22). 4730* OutputPage::getHeadItems() was removed (deprecated since 1.24). 4731* OutputPage::getScript() was removed (deprecated since 1.24). 4732* OutputPage::out() was removed (deprecated since 1.22). 4733* OutputPage::setAllowedModules() was removed (deprecated since 1.24). 4734* UserrightsPage::makeGroupNameListForLog() was removed (deprecated since 1.21). 4735* MediaWikiSite::newFromGlobalId() was removed (deprecated since 1.21). 4736* Title::newFromRedirect() was removed (deprecated since 1.21). 4737* Skin::commonPrintStylesheet() was removed (deprecated since 1.22). 4738* Skin::getCommonStylePath() was removed (deprecated since 1.24). 4739* Skin::newFromKey() was removed (deprecated since 1.24). 4740* Skin::getUsableSkins() was removed (deprecated since 1.23). 4741* LoadBalancer::pickRandom() was removed (deprecated in 1.21). 4742* Article::getUndoText() and WikiPage::getUndoText were removed (deprecated 4743 since 1.21). 4744* DifferenceEngine::setText() was removed (deprecated in 1.21). 4745* Title::newFromRedirectArray() was removed (deprecated in 1.21). 4746* UserMailer::send() no longer accepts $replyto as the 5th argument and 4747 $contentType as the 6th. These must be passed in the options array now. 4748* Title::newFromRedirectRecurse() was removed (deprecated in 1.21). 4749* Skin::accesskey was removed (deprecated since 1.21). 4750* Skin::blockLink was removed (deprecated since 1.21). 4751* Skin::buildRollbackLink was removed (deprecated since 1.21). 4752* Skin::emailLink was removed (deprecated since 1.21). 4753* Skin::formatComment was removed (deprecated since 1.21). 4754* Skin::formatHiddenCategories was removed (deprecated since 1.21). 4755* Skin::formatLinksInComment was removed (deprecated since 1.21). 4756* Skin::formatRevisionSize was removed (deprecated since 1.21). 4757* Skin::formatSize was removed (deprecated since 1.21). 4758* Skin::formatTemplates was removed (deprecated since 1.21). 4759* Skin::generateTOC was removed (deprecated since 1.21). 4760* Skin::getInternalLinkAttributes was removed (deprecated since 1.21). 4761* Skin::getInternalLinkAttributesObj was removed (deprecated since 1.21). 4762* Skin::getInterwikiLinkAttributes was removed (deprecated since 1.21). 4763* Skin::getInvalidTitleDescription was removed (deprecated since 1.21). 4764* Skin::getLinkColour was removed (deprecated since 1.21). 4765* Skin::getRevDeleteLink was removed (deprecated since 1.21). 4766* Skin::getRollbackEditCount was removed (deprecated since 1.21). 4767* Skin::makeBrokenImageLinkObj was removed (deprecated since 1.21). 4768* Skin::makeCommentLink was removed (deprecated since 1.21). 4769* Skin::makeExternalImage was removed (deprecated since 1.21). 4770* Skin::makeExternalLink was removed (deprecated since 1.21). 4771* Skin::makeHeadline was removed (deprecated since 1.21). 4772* Skin::makeImageLink was removed (deprecated since 1.21). 4773* Skin::makeMediaLinkFile was removed (deprecated since 1.21). 4774* Skin::makeMediaLinkObj was removed (deprecated since 1.21). 4775* Skin::makeSelfLinkObj was removed (deprecated since 1.21). 4776* Skin::makeThumbLink2 was removed (deprecated since 1.21). 4777* Skin::makeThumbLinkObj was removed (deprecated since 1.21). 4778* Skin::normaliseSpecialPage was removed (deprecated since 1.21). 4779* Skin::normalizeSubpageLink was removed (deprecated since 1.21). 4780* Skin::processResponsiveImages was removed (deprecated since 1.21). 4781* Skin::revComment was removed (deprecated since 1.21). 4782* Skin::revDeleteLink was removed (deprecated since 1.21). 4783* Skin::revDeleteLinkDisabled was removed (deprecated since 1.21). 4784* Skin::revUserLink was removed (deprecated since 1.21). 4785* Skin::revUserTools was removed (deprecated since 1.21). 4786* Skin::specialLink was removed (deprecated since 1.21). 4787* Skin::splitTrail was removed (deprecated since 1.21). 4788* Skin::titleAttrib was removed (deprecated since 1.21). 4789* Skin::tocIndent was removed (deprecated since 1.21). 4790* Skin::tocLine was removed (deprecated since 1.21). 4791* Skin::tocLineEnd was removed (deprecated since 1.21). 4792* Skin::tocList was removed (deprecated since 1.21). 4793* Skin::tocUnindent was removed (deprecated since 1.21). 4794* Skin::tooltip was removed (deprecated since 1.21). 4795* Skin::tooltipAndAccesskeyAttribs was removed (deprecated since 1.21). 4796* Skin::userTalkLink was removed (deprecated since 1.21). 4797* Skin::userToolLinksRedContribs was removed (deprecated since 1.21). 4798* wikidiff3 is now the default and only PHP diff engine. It provides improved 4799 diff performance on complex changes. $wgExternalDiffEngine = 'wikidiff3' 4800 therefore makes no difference now. Users are still recommended to use 4801 wikidiff2 if possible, though. 4802* User::addNewUserLogEntry() was deprecated. 4803* User::addNewUserLogEntryAutoCreate() was deprecated. 4804* User::isPasswordReminderThrottled() was deprecated. 4805* Bot-oriented parameters to Special:UserLogin (wpCookieCheck, 4806 wpSkipCookieCheck) were removed. 4807* Installer can now be customized without patching MediaWiki code, see 4808 mw-config/overrides/README for details. 4809 4810=== Compatibility === 4811 4812MediaWiki 1.27 requires PHP 5.5.9 or later. There is experimental support for 4813HHVM 3.6.5 or later. 4814 4815MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but 4816support for them is somewhat less mature. There is experimental support for 4817Oracle and Microsoft SQL Server. 4818 4819The supported versions are: 4820 4821* MySQL 5.0.3 or later 4822* PostgreSQL 8.3 or later 4823* SQLite 3.3.7 or later 4824* Oracle 9.0.1 or later 4825* Microsoft SQL Server 2005 (9.00.1399) 4826 4827=== Upgrading === 4828 48291.27 has several database changes since 1.26, and will not work without schema 4830updates. Note that due to changes to some very large tables like the revision 4831table, the schema update may take quite long (minutes on a medium sized site, 4832many hours on a large site). 4833 4834If upgrading from before 1.11, and you are using a wiki as a commons 4835repository, make sure that it is updated as well. Otherwise, errors may arise 4836due to database schema changes. 4837 4838If upgrading from before 1.7, you may want to run refreshLinks.php to ensure 4839new database fields are filled with data. 4840 4841If you are upgrading from MediaWiki 1.4.x or earlier, you should upgrade to 48421.5 first. The upgrade script maintenance/upgrade1_5.php has been removed 4843with MediaWiki 1.21. 4844 4845Don't forget to always back up your database before upgrading! 4846 4847See the file UPGRADE for more detailed upgrade instructions. 4848 4849For notes on 1.26.x and older releases, see HISTORY. 4850 4851 4852= MediaWiki 1.26 = 4853 4854== MediaWiki 1.26.4 == 4855 4856This is a maintenance release of the MediaWiki 1.26 branch. 4857 4858=== Changes since 1.26.3 === 4859* BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests 4860 made by MediaWiki via a proxy. Relying on the http_proxy environment 4861 variable is no longer supported. 4862* (T124163) Fixed fatal error in DifferenceEngine under HHVM. 4863* (T139565) SECURITY: API: Generate head items in the context of the given title 4864* (T137264) SECURITY: XSS in unclosed internal links 4865* (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks 4866* (T133147) SECURITY: Require login to preview user CSS pages 4867* (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is 4868 the top file 4869* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in 4870 permissions 4871* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true 4872* (T115333) SECURITY: Check read permission when loading page content in 4873 ApiParse 4874* Remove support for $wgWellFormedXml = false, all output is now well formed 4875 4876== MediaWiki 1.26.3 == 4877 4878This is a maintenance release of the MediaWiki 1.26 branch. 4879 4880=== Changes since 1.26.2 === 4881* (T116266) Fixed undefined property notices in DairikiDiff under HHVM. 4882* (T123166) Fix fatal error when importing pages to titles which cannot be 4883 created, such as invalid titles or titles the user is not allowed to edit. 4884* (T122056) Old tokens are remaining valid within a new session 4885* (T127114) Login throttle can be tricked using non-canonicalized usernames 4886* (T123653) Cross-domain policy regexp is too narrow 4887* (T123071) Incorrectly identifying http link in a's href attributes, due to 4888 m modifier in regex 4889* (T129506) MediaWiki:Gadget-popups.js isn't renderable 4890* (T125283) Users occasionally logged in as different users after 4891 SessionManager deployment 4892* (T103239) Patrol allows click catching and patrolling of any page 4893* (T122807) [tracking] Check php crypto primatives 4894* (T98313) Graphs can leak tokens, leading to CSRF 4895* (T130947) Diff generation should use PoolCounter 4896* (T133507) Careless use of $wgExternalLinkTarget is insecure 4897* (T132874) API action=move is not rate limited 4898* (T110143) strip markers can be used to get around html attribute escaping in 4899 (many?) parser tags 4900* (T116030) Increase pbkdf2 parameter strengths 4901* (T127420) Pbkdf2Password does not check if hash_pbkdf2() succeeded 4902* (T126685) Globally throttle password attempts 4903 4904== MediaWiki 1.26.2 == 4905 4906This is a maintenance release of the MediaWiki 1.26 branch. 4907 4908=== Changes since 1.26.1 === 4909* (T121892) Fix fatal error on some Special pages, introduced in 1.26.1. 4910 4911== MediaWiki 1.26.1 == 4912 4913This is a maintenance release of the MediaWiki 1.26 branch. 4914 4915=== Changes since 1.26.0 === 4916* (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths 4917 that do not begin with a slash. This enabled trivial XSS attacks. 4918 Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are 4919 "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an 4920 error. 4921* (T119309) SECURITY: Use hash_compare() for edit token comparison 4922* (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting 4923 with '@' as file uploads 4924* (T115522) SECURITY: Passwords generated by User::randomPassword() can no 4925 longer be shorter than $wgMinimalPasswordLength 4926* (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could 4927 result in improper blocks being issued 4928* (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions 4929 and related pages no longer use HTTP redirects and are now redirected by 4930 MediaWiki 4931* Fixed ConfigException in ExpandTemplates due to AlwaysUseTidy. 4932* Fixed stray literal \n in Special:Search. 4933* Fix issue that breaks HHVM Repo Authorative mode. 4934* (T120267) Work around APCu memory corruption bug 4935 4936== MediaWiki 1.26.0 == 4937 4938=== Configuration changes in 1.26 === 4939* $wgPasswordResetRoutes['email'] = true by default. 4940* $wgEnableParserCache was deprecated, set $wgParserCacheType to CACHE_NONE 4941 instead if you want to disable the parser cache. 4942* New-style continuation is now the default for API action=continue. Clients may 4943 use the 'rawcontinue' parameter to receive raw query-continue data, but the 4944 new style is encouraged as it's harder to implement incorrectly. 4945* Deprecated API formats dump and wddx have been completely removed. 4946* (T7645) The "Signature" button on the edit toolbar is now hidden by default 4947 in non-talk namespaces. A new configuration variable, 4948 $wgExtraSignatureNamespaces, controls in which subject (non-talk) namespaces 4949 the "Signature" button on the edit toolbar will be displayed. 4950* $wgResourceLoaderUseESI was deprecated and removed. This was an experimental 4951 feature that was never enabled by default. 4952* $wgResourceLoaderExperimentalAsyncLoading was deprecated and removed. 4953 This experimental feature was never enabled by default and is obsolete as of 4954 MediaWiki 1.26, in where ResourceLoader became fully asynchronous. 4955* $wgMasterWaitTimeout was removed (deprecated in 1.24). 4956* Fields in ParserOptions are now private. Use the accessors instead. 4957* Custom LESS functions (defined via $wgResourceLoaderLESSFunctions or 4958 in extension.json) have been removed, after being deprecated in 1.24. 4959* $wgAlwaysUseTidy has been removed. 4960* ResetSessionID hook has been removed. Nothing seems to use it. 4961* Certain AuthPlugin methods are deprecated in favor of new hooks: 4962** AuthPlugin::initUser() is replaced by LocalUserCreated. 4963** AuthPlugin::updateUser() is replaced by UserLoggedIn. 4964** AuthPlugin::updateExternalDB() is replaced by the existing UserSaveSettings. 4965** AuthPlugin::updateExternalDBGroups() is replaced by UserGroupsChanged. 4966** AuthPluginUser::isHidden() is replaced by UserIsHidden. 4967** AuthPluginUser::isLocked() is replaced by UserIsLocked. 4968* The UserRights hook is deprecated in favor of the new UserGroupsChanged hook. 4969* AuthPlugin::initUser() and AuthPlugin::updateUser() should no longer replace 4970 the passed User object. 4971* $wgBlockAllowsUTEdit is now set to true by default. This allows 4972 blocked users to edit their talk pages unless explicitly disabled 4973 when they are being blocked. 4974 4975=== New features in 1.26 === 4976* (T51506) Now action=info gives estimates of actual watchers for a page. 4977 See $wgRCMaxAge, $wgWatchersMaxAge and $wgUnwatchedPageSecret 4978 to learn how to configure if needed. 4979* Change tags can now be hidden in the interface by disabling the associated 4980 "tag-<id>" interface message. 4981* ':' (colon) is now invalid in usernames for new accounts. Existing accounts 4982 are not affected. 4983* Added a new hook, 'LogException', to log exceptions in nonstandard ways. 4984* Revive the 'SpecialSearchResultsAppend' hook which occurs after the list of 4985 search results are rendered. The initial use case is to append a "give us 4986 feedback" link beneath the search results. 4987* Added a new hook, 'RejectParserCacheValue', which allows extensions to 4988 reject an otherwise-successful parser cache lookup. The intent is to allow 4989 extensions to manage the eviction of archaic HTML output from the cache. 4990* (T68699) The expiration of the UserID and Token login cookies 4991 ($wgExtendedLoginCookieExpiration) can be configured independently of the 4992 expiration of all other cookies ($wgCookieExpiration). 4993* (T50519) Support for generating JPEG/PNG thumbnails from WebP images added 4994 if ImageMagick is used as image scaler ($wgUseImageMagick = true). Uploading 4995 of WebP images still disabled by default. Add $wgFileExtensions[] = 4996 'webp'; to LocalSettings.php to enable uploading of WebP images. 4997* Added new hooks 'EnhancedChangesListModifyLineData' & 4998 'EnhancedChangesListModifyBlockLineData', to modify the data used to build 4999 lines in enhanced recentchanges and watchlist. 5000* Caches that need purging ability now use the WANObjectCache interface. 5001 This corresponds to a new $wgMainWANCache setting, which defaults to using 5002 the $wgMainCacheType settings. 5003* Callers needing fast light-weight data stores use $wgMainStash to select 5004 the store type from $wgObjectCaches. The default is the local database. 5005* Interface message overrides in the MediaWiki namespace will now be cached in 5006 memcached and APC (if available), rather than memcached and local files. 5007* Added a new hook, 'RandomPageQuery', to allow modification of the query used 5008 by Special:Random to select random pages. 5009* $wgTransactionalTimeLimit was added, which controls the request time limit 5010 for potentially slow POST requests that need to be as atomic as possible. 5011* ResourceLoader now loads all scripts asynchronously. The top-queue and 5012 startup modules are no longer synchronously loaded. 5013* 'mediawiki.ui.button' styles are no longer unconditionally loaded on every 5014 page. During the deprecation period, the styles will only be loaded on pages 5015 which contain 'mw-ui-button' in their HTML. Starting in 1.28, the styles will 5016 only be loaded if explicitly required. 5017* If search returns zero results and current search engine has a "did you mean" 5018 suggestion, results for suggestion will be shown. Can be disabled by setting 5019 $wgSearchRunSuggestedQuery to false. 5020* Added several JavaScript libraries for uploading files to MediaWiki 5021 from the client-side. See documentation for mw.Upload and its 5022 subclasses for more information. 5023* Added OOUI dialogs and layout for file upload interfaces. See 5024 documentation for mw.Upload.Dialog, mw.Upload.BookletLayout and its 5025 subclasses for more information. 5026 5027=== extension.json changes in 1.26 === 5028* (T99344) The extension.json schema is now versioned. All extensions 5029 and skins should set a "manifest_version" property corresponding to 5030 the schema version they were written for. The only supported version 5031 currently is "1". 5032* (T102523) The error message if a non-array attribute is set was improved. 5033* (T107646) Configuration settings can now specify how they should be merged, 5034 which is necessary for arrays using integer keys. 5035* (T110389) Adding namespaces through extension.json now actually works 5036* $wgNamespaceProtection can now be set in extension.json. 5037* $wgCapitalLinkOverrides can now be set in extension.json. 5038* (T97186) Extensions using a custom prefix for their configuration settings 5039 can now set a "_prefix" key to override the default of "wg". 5040* (T99084) Extensions can now specify what MediaWiki core versions they 5041 depend upon. 5042* (T105236) The extension.json schema now validates custom classes in 5043 the "ResourceModules" property properly. 5044 5045=== External library changes in 1.26 === 5046==== Upgraded external libraries ==== 5047* Updated es5-shim from v4.0.0 to v4.1.5. 5048* Updated json2 from revision 2014-02-04 to 2015-05-03. 5049* Updated Sinon.JS from 1.10.3 to 1.15.4. 5050* Updated jQuery Client from v1.0.0 to v2.0.0. 5051* Updated QUnit from v1.17.1 to v1.18.0. 5052* Updated liuggio/statsd-php-client from v1.0.12 to v1.0.16. 5053* Updated oojs/oojs-ui from v0.11.3 to v0.12.12. 5054* Updated wikimedia/cdb from v1.0.1 to v1.3.0. 5055* Updated wikimedia/utfnormal from v1.0.2 to v1.0.3. 5056* Updated wikimedia/composer-merge-plugin from v1.0.0 to v1.3.0. 5057* Updated zordius/lightncandy from v0.18 to v0.21. 5058 5059==== New external libraries ==== 5060* Added composer/semver v1.0.0. 5061* Added mediawiki/at-ease v1.1.0. 5062* Added wikimedia/assert v0.2.2. 5063* Added wikimedia/ip-set v1.0.1. 5064* Added wikimedia/wrappedstring v2.0.0. 5065 5066==== Removed and replaced external libraries ==== 5067* Replaced leafo/lessphp v0.5.0 with oyejorge/less.php v1.7.0.9. 5068 5069=== Bug fixes in 1.26 === 5070* (T53283) load.php sometimes sends 304 response without full headers 5071* (T65198) Talk page tabs now have a "rel=discussion" attribute 5072* (T98841) {{msgnw:}} now preserves comments even when subst: is not used. 5073* (T104142) $wgEmergencyContact and $wgPasswordSender now use their default 5074 value if set to an empty string. 5075 5076=== Action API changes in 1.26 === 5077* New-style continuation is now the default for action=continue. Clients may 5078 use the 'rawcontinue' parameter to receive raw query-continue data, but the 5079 new style is encouraged as it's harder to implement incorrectly. 5080* Deprecated API formats dump and wddx have been completely removed. 5081* API action=query&list=tags: The displayname can now be boolean false if the 5082 tag is meant to be hidden from user interfaces. 5083* action=import no longer allows both the namespace= and rootpage= parameters 5084 to be set. If they are both set, the value of rootpage= will be ignored. 5085* prop=revision output in enum mode is now sorted by timestamp rather than 5086 revision ID. This usually won't make any difference. 5087* (T102645) Namespace list from meta=siteinfo&siprop=namespaces is now an array 5088 with formatversion=2. 5089* Various other output from meta=siteinfo will now always be arrays instead of 5090 sometimes being numerically-indexed objects with formatversion=2. 5091* When errors about users being blocked are returned, they now include 5092 information about the relevant block. 5093* (T99926) list=random has higher limits, in line with other API modules. 5094* list=random's rnredirect parameter is deprecated in favor of a new 5095 rnfilterredir parameter that also allows for listing both redirects and 5096 non-redirects. 5097* list=random now supports continuation. 5098* API responses to GET requests may now include ETag and Last-Modified headers, 5099 and will honor corresponding If-None-Match and If-Modified-Since on such 5100 requests. 5101 5102=== Action API internal changes in 1.26 === 5103* New metadata item ApiResult::META_KVP_MERGE to allow for merging the KVP key 5104 into the value when the value is an assoc. 5105* API action modules may now provide values for the RFC 7232 ETag and 5106 Last-Modified headers. The API will check these against If-None-Match and 5107 If-Modified-Since request headers on GET requests and avoid executing the 5108 module when appropriate. 5109 5110=== Languages updated in 1.26 === 5111 5112MediaWiki supports over 350 languages. Many localisations are updated 5113regularly. Below only new and removed languages are listed, as well as 5114changes to languages because of Phabricator reports. 5115 5116* Languages added: 5117** ase (American sign language), thanks to translator Icemandeaf 5118** dty (डोटेली/Doteli), thanks to translators जनक राज भट्ट, बिप्लब आनन्द, 5119 मेश सिंह बोहरा, and राम प्रसाद जोशी 5120** luz (لئری دوٙمینی / Southern Luri) 5121** olo (Livvinкarjala / Livvi-Karelian), thanks to translators Denö, Hiloin 5122 Natoi, Ilja.mos, and Mashoi7 5123 5124=== Other changes in 1.26 === 5125* ChangeTags::tagDescription() will return false if the interface message 5126 for the tag is disabled. 5127* Added PageHistoryPager::doBatchLookups hook. 5128* Added $wikiId parameter to FormatAutocomments hook. 5129* Added ParserCacheSaveComplete to ParserCache 5130* supportsDirectEditing and supportsDirectApiEditing methods added to 5131 ContentHandler, to provide a way for ApiEditPage and EditPage to check 5132 if direct editing of content is allowed. These methods return false, 5133 by default for the ContentHandler base class and true for TextContentHandler 5134 and it's derivative classes (everything in core). For Content types that 5135 do not support direct editing, an alternative mechanism should be provided 5136 for editing, such as action overrides or specific api modules. 5137* mediaWiki.confirmCloseWindow now returns an object of functions, instead of 5138 one function. The callback can't be called directly any more. The callback 5139 function is replaced with confirmCloseWindow.release(). 5140* BREAKING CHANGE: Added an optional ResouceLoaderContext parameter to 5141 ResourceLoaderModule::getDependencies(). Extension classes that override that 5142 method should be updated. If they aren't updated, PHP Strict standards 5143 warnings will appear when E_STRICT error reporting is enabled. Note: in the 5144 near future, this parameter will probably become non-optional. 5145* Removed maintenance script deleteImageMemcached.php. 5146* MWFunction::newObj() was removed (deprecated in 1.25). 5147 ObjectFactory::getObjectFromSpec() should be used instead. 5148* The parser will no longer randomize the string it uses to mark the place of 5149 items that were stripped during parsing. It will use a fixed string instead. 5150 This causes the parser to re-use the regular expressions it uses to search 5151 and replace markers rather than generate novel expressions on each parse. 5152 Re-using regular expressions will improve performance on HHVM and the 5153 forthcoming PHP 7. The interfaces changes accompanying this change are: 5154 - Parser::getRandomString() and Parser::uniqPrefix() have been deprecated. 5155 - The $uniq_prefix argument for Parser::extractTagsAndParams() and the 5156 $prefix argument for StripState::_construct() are deprecated and their 5157 value is ignored. 5158* wfSuppressWarnings() and wfRestoreWarnings() were split into a separate 5159 library, mediawiki/at-ease, and are now deprecated. Callers should use 5160 MediaWiki\suppressWarnings() and MediaWiki\restoreWarnings() directly. 5161* The Block class constructor now takes an associative array of parameters 5162 instead of many optional positional arguments. Calling the constructor the old 5163 way will issue a deprecation warning. 5164* The jquery.mwExtension module was deprecated. 5165* $wgSpecialPageGroups was removed (deprecated in 1.21). 5166* SpecialPageFactory::setGroup was removed (deprecated in 1.21). 5167* SpecialPageFactory::getGroup was removed (deprecated in 1.21). 5168* DatabaseBase::ignoreErrors() is now protected. 5169* BREAKING CHANGE: mediawiki.legacy.ajax has been removed, following 5170 a lengthy deprecation period. 5171* The ScopedPHPTimeout class was removed. 5172* Removed maintenance script fixSlaveDesync.php. 5173* Watchlist tokens, SpecialResetTokens, and User::getTokenFromOption() 5174 are deprecated. Applications using those can work via the OAuth 5175 extension instead. New tokens types should not be added. 5176* DatabaseBase::errorCount() was removed (unused). 5177* $wgDeferredUpdateList was removed. 5178* DeferredUpdates::addHTMLCacheUpdate() was removed. 5179 5180= MediaWiki 1.25 = 5181 5182== MediaWiki 1.25.6 == 5183 5184This is a maintenance release of the MediaWiki 1.25 branch. 5185 5186=== Changes since 1.25.5 === 5187* (T123166) Fix fatal error when importing pages to titles which cannot be 5188 created, such as invalid titles or titles the user is not allowed to edit. 5189* (T122056) Old tokens are remaining valid within a new session 5190* (T127114) Login throttle can be tricked using non-canonicalized usernames 5191* (T123653) Cross-domain policy regexp is too narrow 5192* (T123071) Incorrectly identifying http link in a's href attributes, due to 5193 m modifier in regex 5194* (T129506) MediaWiki:Gadget-popups.js isn't renderable 5195* (T125283) Users occasionally logged in as different users after 5196 SessionManager deployment 5197* (T103239) Patrol allows click catching and patrolling of any page 5198* (T122807) [tracking] Check php crypto primatives 5199* (T98313) Graphs can leak tokens, leading to CSRF 5200* (T130947) Diff generation should use PoolCounter 5201* (T133507) Careless use of $wgExternalLinkTarget is insecure 5202* (T132874) API action=move is not rate limited 5203* (T110143) strip markers can be used to get around html attribute escaping in 5204 (many?) parser tags 5205* (T116030) Increase pbkdf2 parameter strengths 5206* (T127420) Pbkdf2Password does not check if hash_pbkdf2() succeeded 5207* (T126685) Globally throttle password attempts 5208 5209== MediaWiki 1.25.5 == 5210 5211This is a maintenance release of the MediaWiki 1.25 branch. 5212 5213=== Changes since 1.25.4 === 5214* (T121892) Fix fatal error on some Special pages, introduced in 1.25.4. 5215 5216== MediaWiki 1.25.4 == 5217 5218This is a security and maintenance release of the MediaWiki 1.25 branch. 5219 5220=== Changes since 1.25.3 === 5221* (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths 5222 that do not begin with a slash. This enabled trivial XSS attacks. 5223 Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are 5224 "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an 5225 error. 5226* (T119309) SECURITY: Use hash_compare() for edit token comparison 5227* (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting 5228 with '@' as file uploads 5229* (T115522) SECURITY: Passwords generated by User::randomPassword() can no 5230 longer be shorter than $wgMinimalPasswordLength 5231* (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could 5232 result in improper blocks being issued 5233* (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions 5234 and related pages no longer use HTTP redirects and are now redirected by 5235 MediaWiki 5236* (T103237) $wgUseGzip had no effect when using file cache. 5237* (T114606) mw.notify was not correctly fixed to the page if 5238 initialized while not at the top of the page. 5239* Fix issue that breaks HHVM Repo Authorative mode. 5240 5241== MediaWiki 1.25.3 == 5242 5243This is a security and maintenance release of the MediaWiki 1.25 branch. 5244 5245=== Changes since 1.25.2 === 5246 5247* (T98975) Fix having multiple callbacks for a single hook. 5248* (T107632) maintenance/refreshLinks.php did not always remove all links 5249 pointing to nonexistent pages. 5250* (T104142) $wgEmergencyContact and $wgPasswordSender now use their default 5251 value if set to an empty string. 5252* (T62174) Provide fallbacks for use of mb_convert_encoding() in 5253 HtmlFormatter. It was causing an error when accessing the api help page 5254 if the mbstring PHP extension was not installed. 5255* (T105896) Confirmation emails would sometimes contain invalid codes. 5256* (T105597) Fixed edit stash inclusion queries. 5257* (T91850) SECURITY: Add throttle check in ApiUpload and SpecialUpload 5258* (T91203, T91205) SECURITY: API: Improve validation in chunked uploading 5259* (T95589) SECURITY: RevDel: Check all revisions for suppression, not just the 5260 first 5261* (T108616) SECURITY: Avoid exposure of local path in PNG thumbnails 5262 5263== MediaWiki 1.25.2 == 5264 5265This is a security and maintenance release of the MediaWiki 1.25 branch. 5266 5267=== Changes since 1.25.1 === 5268 5269* (T94116) SECURITY: Compare API watchlist token in constant time 5270* (T97391) SECURITY: Escape error message strings in thumb.php 5271* (T106893) SECURITY: Don't leak autoblocked IP addresses on 5272 Special:DeletedContributions 5273* (T102562) Fix InstantCommons parameters to handle the new HTTPS-only 5274 policy of Wikimedia Commons. 5275* (T100767) Setting a configuration setting for skin or extension to 5276 false in LocalSettings.php was not working. 5277* (T100635) API action=opensearch json output no longer breaks when 5278 $wgDebugToolbar is enabled. 5279* (T102522) Using an extension.json or skin.json file which has 5280 a "manifest_version" property for 1.26 compatability will no longer 5281 trigger warnings. 5282* (T86156) Running updateSearchIndex.php will not throw an error as 5283 page_restrictions has been added to the locked table list. 5284* Special:Version would throw notices if using SVN due to an incorrectly 5285 named variable. Add an additional check that an index is defined. 5286 5287== MediaWiki 1.25.1 == 5288 5289This is a bug fix release of the MediaWiki 1.25 branch. 5290 5291=== Changes since 1.25 === 5292* (T100351) Fix syntax errors in extension.json of ConfirmEdit extension 5293 5294== MediaWiki 1.25.0 == 5295 5296=== Configuration changes in 1.25 === 5297* $wgPageShowWatchingUsers was removed. 5298* $wgLocalVirtualHosts has been added to replace $wgConf->localVHosts. 5299* $wgAntiLockFlags was removed. 5300* $wgJavaScriptTestConfig was removed. 5301* Edit tokens returned from User::getEditToken may change on every call. Token 5302 validity must be checked by passing the user-supplied token to 5303 User::matchEditToken rather than by testing for equality with a 5304 newly-generated token. 5305* (T74951) The UserGetLanguageObject hook may be passed any IContextSource 5306 for its $context parameter. Formerly it was documented as receiving a 5307 RequestContext specifically. 5308* Profiling was restructured and $wgProfiler now requires an 'output' parameter. 5309 See StartProfiler.sample for details. 5310* $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that 5311 might be a flash policy directive configurable. 5312* ApiOpenSearch now supports XML output. The OpenSearchXml extension should no 5313 longer be used. If extracts and page images are desired, the TextExtracts and 5314 PageImages extensions are required. 5315* $wgOpenSearchTemplate is deprecated in favor of $wgOpenSearchTemplates. 5316* Edits are now prepared via AJAX as users type edit summaries. This behavior 5317 can be disabled via $wgAjaxEditStash. 5318* (T46740) The temporary option $wgIncludejQueryMigrate was removed, along 5319 with the jQuery Migrate library, as indicated when this option was provided in 5320 MediaWiki 1.24. 5321* ProfilerStandard and ProfilerSimpleTrace were removed. Make sure that any 5322 StartProfiler.php config is updated to reflect this. Xhprof is available 5323 for zend/hhvm. Also, for hhvm, one can consider using its xenon profiler. 5324* Default value of $wgSVGConverters['rsvg'] now uses the 'rsvg-convert' binary 5325 rather than 'rsvg'. 5326* Default value of $wgSVGConverters['ImageMagick'] now uses transparent 5327 background with white fallback color, rather than just white background. 5328 * MediaWikiBagOStuff class removed, make sure any object cache config 5329 uses SqlBagOStuff instead. 5330* The 'daemonized' flag must be set to true in $wgJobTypeConf for any redis 5331 job queues. This means that mediawiki/services/jobrunner service has to 5332 be installed and running for any such queues to work. 5333* $wgAutopromoteOnce no longer supports the 'view' event. For keeping some 5334 compatibility, any 'view' event triggers will still trigger on 'edit'. 5335* $wgExtensionDirectory was added for when your extensions directory is 5336 somewhere other than $IP/extensions (as $wgStyleDirectory does with the skins 5337 directory). 5338 5339=== New features in 1.25 === 5340* (T64861) Updated plural rules to CLDR 26. Includes incompatible changes 5341 for plural forms in Russian, Prussian, Tagalog, Manx and several languages 5342 that fall back to Russian. 5343* (T60139) ResourceLoaderFileModule now supports language fallback 5344 for 'languageScripts'. 5345* Added a new hook, "ContentAlterParserOutput", to allow extensions to modify 5346 the parser output for a content object before links update. 5347* (T37785) Enhanced recent changes and extended watchlist are now default. 5348 Documentation: https://meta.wikimedia.org/wiki/Help:Enhanced_recent_changes 5349 and https://www.mediawiki.org/wiki/Manual:$wgDefaultUserOptions 5350* (T69341) SVG images will no longer be base64-encoded when being embedded 5351 in CSS. This results in slight size increase before gzip compression (due to 5352 percent-encoding), but up to 20% decrease after it. 5353* Update jStorage to v0.4.12. 5354* MediaWiki now natively supports page status indicators: icons (or short text 5355 snippets) usually displayed in the top-right corner of the page. They have 5356 been in use on Wikipedia for a long time, implemented using templates and CSS 5357 absolute positioning. 5358 - Basic wikitext syntax: 5359 <indicator name="foo">[[File:Foo.svg|20px]]</indicator> 5360 - Usage instructions: 5361 https://www.mediawiki.org/wiki/Help:Page_status_indicators 5362 - Adjusting custom skins to support indicators: 5363 https://www.mediawiki.org/wiki/Manual:Skinning#Page_status_indicators 5364* Edit tokens may now be time-limited: passing a maximum age to 5365 User::matchEditToken will reject any older tokens. 5366* The debug logging internals have been overhauled, and are now using the 5367 PSR-3 interfaces. 5368* Update CSSJanus to v1.1.1. 5369* Update lessphp to v0.5.0. 5370* Added a hook, "ApiOpenSearchSuggest", to allow extensions to provide extracts 5371 and images for ApiOpenSearch output. The semantics are identical to the 5372 "OpenSearchXml" hook provided by the OpenSearchXml extension. 5373* PrefixSearchBackend hook now has an $offset parameter. Combined with $limit, 5374 this allows for pagination of prefix results. Extensions using this hook 5375 should implement supporting behavior. Not doing so can result in undefined 5376 behavior from API clients trying to continue through prefix results. 5377* Update jQuery from v1.11.1 to v1.11.3. 5378* External libraries installed via composer will now be displayed 5379 on Special:Version in their own section. Extensions or skins that are 5380 installed via composer will not be shown in this section as it is assumed 5381 they will add the proper credits to the skins or extensions section. They 5382 can also be accessed through the API via the new siprop=libraries to 5383 ApiQuerySiteinfo. 5384* Update QUnit from v1.14.0 to v1.16.0. 5385* Update Moment.js from v2.8.3 to v2.8.4. 5386* Special:Tags now allows for manipulating the list of user-modifiable change 5387 tags. 5388* Added 'managetags' user right and 'ChangeTagCanCreate', 'ChangeTagCanDelete', 5389 and 'ChangeTagCanCreate' hooks to allow for managing user-modifiable change 5390 tags. 5391* Added 'ChangeTagsListActive' hook, to separate the concepts of "defined" and 5392 "active" formerly conflated by the 'ListDefinedTags' hook. 5393* Added TemplateParser class that provides a server-side interface to cachable 5394 dynamically-compiled Mustache templates (currently uses lightncandy library). 5395* Clickable anchors for each section heading in the content are now generated 5396 and appear in the gutter on hovering over the heading. 5397* Added 'CategoryViewer::doCategoryQuery' and 'CategoryViewer::generateLink' 5398 hooks to allow extensions to override how links to pages are rendered within 5399 NS_CATEGORY 5400* (T19665) Special:WantedPages only lists page which having at least one red 5401 link pointing to it. 5402* New hooks 'ApiMain::moduleManager' and 'ApiQuery::moduleManager', can be 5403 used for conditional registration of API modules. 5404* New hook 'EnhancedChangesList::getLogText' to alter, remove or add to the 5405 links of a group of changes in EnhancedChangesList. 5406* A full interface for StatsD metric reporting has been added to the context 5407 interface, reachable via IContextSource::getStats(). 5408* Move the jQuery Client library from being mastered in MediaWiki as v0.1.0 to a 5409 proper, published library, which is now tagged as v1.0.0. 5410* A new message (defaulting to blank), 'editnotice-notext', can be shown to 5411 users when they are editing if no edit notices apply to the page being edited. 5412* (T94536) You can now make the sitenotice appear to logged-in users only by 5413 editing MediaWiki:Anonnotice and replacing its content with "". Setting it to 5414 "-" (default) will continue disable it and fallback to MediaWiki:Sitenotice. 5415* Modifying the tagging of a revision or log entry is now available via 5416 Special:EditTags, generally accessed via the revision-deletion-like interface 5417 on history pages and Special:Log is likely to be more useful. 5418* Added 'applychangetags' and 'changetags' user rights. 5419* (T35235) LogFormatter subclasses are now responsible for formatting the 5420 parameters for API log event output. Extensions should implement the new 5421 getParametersForApi() method in their log formatters. 5422 5423==== External libraries ==== 5424* MediaWiki now requires certain external libraries to be installed. In the past 5425 these were bundled inside the Git repository of MediaWiki core, but now they 5426 need to be installed separately. For users using the tarball, this will be 5427 taken care of and no action will be required. Users using Git will either need 5428 to use composer to fetch dependencies or use the mediawiki/vendor repository 5429 which includes all dependencies for MediaWiki core and ones used in Wikimedia 5430 deployment. Detailed instructions can be found at: 5431 https://www.mediawiki.org/wiki/Download_from_Git#Fetch_external_libraries 5432* The following libraries are now required: 5433** psr/log 5434 This library provides the interfaces set by the PSR-3 standard 5435 (http://www.php-fig.org/psr/psr-3/) which are used by MediaWiki internally 5436 via the MediaWiki\Logger\LoggerFactory class. 5437 See the structured logging RfC 5438 <https://www.mediawiki.org/wiki/Requests_for_comment/Structured_logging> 5439 for more background information. 5440** cssjanus/cssjanus 5441 This library was formerly bundled with MediaWiki core and has been removed. 5442 It automatically flips CSS for RTL support. 5443** leafo/lessphp 5444 This library was formerly bundled with MediaWiki core and has been removed. 5445 It compiles LESS files into CSS. 5446** wikimedia/cdb 5447 This library was formerly a part of MediaWiki core, and has been moved into a 5448 separate library. It provides CDB functions which are used in the Interwiki 5449 and Localization caches. More information about the library can be found at 5450 https://www.mediawiki.org/wiki/CDB. 5451** liuggio/statsd-php-client 5452 This library provides a StatsD client API for logging application metrics to 5453 a remote server. 5454 5455=== Bug fixes in 1.25 === 5456* (T73003) No additional code will be generated to try to load CSS-embedded 5457 SVG images in Internet Explorer 6 and 7, as they don't support them anyway. 5458* (T69021) On Special:BookSources, corrected validation of ISBNs (both 5459 10- and 13-digit forms) containing "X". 5460* Page moving was refactored into a MovePage class. As part of that: 5461** The AbortMove hook was removed. 5462** MovePageIsValidMove is for extensions to specify whether a page 5463 cannot be moved for technical reasons, and should not be overridden. 5464** MovePageCheckPermissions is for checking whether the given user is 5465 allowed to make the move. 5466** Title::moveNoAuth() was deprecated. Use the MovePage class instead. 5467** Title::moveTo() was deprecated. Use the MovePage class instead. 5468** Title::isValidMoveOperation() broken down into MovePage::isValidMove() 5469 and MovePage::checkPermissions(). 5470* (T18530) Multiple autocomments are now formatted in an edit summary. 5471* (T70361) Autocomments containing "/*" are parsed correctly. 5472* The Special:WhatLinksHere page linked from 'Number of redirects to this page' 5473 on action=info about a file page does not list file links anymore. 5474* (T78637) Search bar is not autofocused unless it is empty so that proper 5475 scrolling using arrow keys is possible. 5476* (T50853) Database::makeList() modified to handle 'NULL' separately when 5477 building IN clause 5478* (T85192) Captcha position modified in Usercreate template. As a result: 5479** extrafields parameter added to Usercreate.php to insert additional data 5480** 'extend' method added to QuickTemplate to append additional values to any 5481 field of data array 5482* (T86974) Several Title methods now load from the database when necessary 5483 (instead of returning incorrect results) even when the page ID is known. 5484* (T74070) Duplicate search for archived files on file upload now omits the 5485 extension. 5486 This requires the fa_sha1 field being populated. 5487* Removed rel="archives" from the "View history" link, as it did not pass 5488 HTML validation. 5489* $wgUseTidy is now set when parserTests are run with the tidy option to match 5490 output on wiki. 5491* (T37472) update.php will purge ResourceLoader cache unless --nopurge is passed 5492 to it. 5493* (T72109) mediawiki.language should respect $wgTranslateNumerals in 5494 convertNumber(). 5495 5496=== Action API changes in 1.25 === 5497* (T67403) XML tag highlighting is now only performed for formats 5498 "xmlfm" and "wddxfm". 5499* action=paraminfo supports generalized submodules (modules=query+value), 5500 querymodules and formatmodules are deprecated 5501* action=paraminfo no longer outputs descriptions and other help text by 5502 default. If needed, it may be requested using the new 'helpformat' parameter. 5503* action=help has been completely rewritten, and outputs help in HTML 5504 rather than plain text. 5505* Hitting api.php without specifying an action now displays only the help for 5506 the main module, with links to submodule help. 5507* API help is no longer displayed on errors. 5508* 'uselang' is now a recognized API parameter; "uselang=user" may be used to 5509 explicitly select the language from the current user's preferences, and 5510 "uselang=content" may be used to select the wiki's content language. 5511* Default output format for the API is now jsonfm. 5512* Simplified continuation will return a "batchcomplete" property in the result 5513 when a batch of pages is complete. 5514* Pretty-printed HTML output now has nicer formatting and (if available) 5515 better syntax highlighting. 5516* Deprecated list=deletedrevs in favor of newly-added prop=deletedrevisions and 5517 list=alldeletedrevisions. 5518* prop=revisions will gracefully continue when given too many revids or titles, 5519 rather than just ignoring the extras. 5520* prop=revisions will no longer die if rvcontentformat doesn't match a 5521 revision's content model; it will instead warn and omit the content. 5522* If the user has the 'deletedhistory' right, action=query's revids parameter 5523 will now recognize deleted revids. 5524* prop=revisions may be used as a generator, generating revids. 5525* (T68776) format=json results will no longer be corrupted when 5526 $wgMangleFlashPolicy is in effect. format=php results will cleanly return an 5527 error instead of returning invalid serialized data. 5528* Generators may now return data for the generated pages when used with 5529 action=query. 5530* Query page data for generator=search and generator=prefixsearch will now 5531 include an "index" field, which may be used by the client for sorting the 5532 search results. 5533* ApiOpenSearch now supports XML output. 5534* ApiOpenSearch will now output descriptions and URLs as array indexes 2 and 3 5535 in JSON format. 5536* (T76051) list=tags will now continue correctly. 5537* (T76052) list=tags can now indicate whether a tag is defined. 5538* (T75522) list=prefixsearch now supports continuation 5539* (T78737) action=expandtemplates can now return page properties. 5540* (T78690) list=allimages now accepts multiple pipe-separated values 5541 for the 'aimime' parameter. 5542* prop=info with inprop=protections will now return applicable protection types 5543 with the 'restrictiontypes' key. 5544* (T85417) When resolving redirects, ApiPageSet will now add the targets of 5545 interwiki redirects to the list of interwiki titles. 5546* (T85417) When outputting the list of redirect titles, a 'tointerwiki' 5547 property (like the existing 'tofragment' property) will be set. 5548* Added action=managetags to allow for managing the list of 5549 user-modifiable change tags. Actually modifying the tagging of a revision or 5550 log entry is not implemented yet. 5551* list=tags has additional properties to indicate 'active' status and tag 5552 sources. 5553* siprop=libraries was added to ApiQuerySiteinfo to list installed external 5554 libraries. 5555* (T88010) Added action=checktoken, to test a CSRF token's validity. 5556* (T88010) Added intestactions to prop=info, to allow querying of 5557 Title::userCan() via the API. 5558* Default type param for query list=watchlist and list=recentchanges has 5559 been changed from all types (e.g. including 'external') to 'edit|new|log'. 5560* Added formatversion to format=json. Still "experimental" as further changes 5561 to the output formatting might still be made. 5562* (T73020) Log event details are now always under a 'params' subkey for 5563 list=logevents, and a 'logparams' subkey for list=watchlist and 5564 list=recentchanges. 5565* Log event details are changing formatting: 5566 * block events now report flags as an array rather than as a comma-separated 5567 list. 5568 * patrol events now report the 'auto' flag as a boolean (absent/empty string 5569 for BC formats) rather than as an integer. 5570 * rights events now report the old and new group lists as arrays rather than 5571 as comma-separated lists. 5572 * merge events use new-style formatting. 5573 * delete/event and delete/revision events use new-style formatting. 5574* The root node and various other nodes will now always be an object in formats 5575 such as json that distinguish between arrays and objects. 5576 * Except for action=opensearch where the spec requires an array. 5577 5578=== Action API internal changes in 1.25 === 5579* ApiHelp has been rewritten to support i18n and paginated HTML output. 5580 Most existing modules should continue working without changes, but should do 5581 the following: 5582 * Add an i18n message "apihelp-{$moduleName}-description" to replace 5583 getDescription(). 5584 * Add i18n messages "apihelp-{$moduleName}-param-{$param}" for each parameter 5585 to replace getParamDescription(). If necessary, the settings array returned 5586 by getParams() can use the new ApiBase::PARAM_HELP_MSG key to override the 5587 message. 5588 * Implement getExamplesMessages() to replace getExamples(). 5589* Modules with submodules (like action=query) must have their submodules 5590 override ApiBase::getParent() to return the correct parent object. 5591* The 'APIGetDescription' and 'APIGetParamDescription' hooks are deprecated, 5592 and will have no effect for modules using i18n messages. Use 5593 'APIGetDescriptionMessages' and 'APIGetParamDescriptionMessages' instead. 5594* Api formatters will no longer be asked to display the help screen on errors. 5595* ApiMain::getCredits() was removed. The credits are available in the 5596 'api-credits' i18n message. 5597* ApiFormatBase has been changed to support i18n and syntax highlighting via 5598 extensions with the new 'ApiFormatHighlight' hook. Core syntax highlighting 5599 has been removed. 5600* ApiFormatBase now always buffers. Output is done when 5601 ApiFormatBase::closePrinter is called. 5602* Much of the logic in ApiQueryRevisions has been split into 5603 ApiQueryRevisionsBase. 5604* The 'revids' parameter supplied by ApiPageSet will now count deleted 5605 revisions as "good" if the user has the 'deletedhistory' right. New methods 5606 ApiPageSet::getLiveRevisionIDs() and ApiPageSet::getDeletedRevisionIDs() are 5607 provided to access just the live or just the deleted revids. 5608* Added ApiPageSet::setGeneratorData() and ApiPageSet::populateGeneratorData() 5609 to allow generators to include data in the action=query result. 5610* New hooks 'ApiMain::moduleManager' and 'ApiQuery::moduleManager', can be 5611 used for conditional registration of API modules. 5612* Added ApiBase::lacksSameOriginSecurity() to allow modules to easily check if 5613 the current request was sent with the 'callback' parameter (or any future 5614 method that breaks the same-origin policy). 5615* Profiling methods in ApiBase are deprecated and no longer need to be called. 5616* ApiResult was greatly overhauled. See inline documentation for details. 5617* ApiResult will automatically convert objects to strings or arrays (depending 5618 on whether a __toString() method exists on the object), and will refuse to 5619 add unsupported value types. 5620 * An informal interface, ApiSerializable, exists to override the default 5621 object conversion. 5622* ApiResult/ApiFormatBase "raw mode" is deprecated. 5623* ApiFormatXml now assumes defaults and so on instead of throwing errors when 5624 metadata isn't set. 5625* (T35235) LogFormatter subclasses are now responsible for formatting log event 5626 parameters for the API. 5627* Many modules have changed result data formats. While this shouldn't affect 5628 clients not using the experimental formatversion=2, code using 5629 ApiResult::getResultData() without the transformations for backwards 5630 compatibility may need updating, as will code that wasn't following the old 5631 conventions for API boolean output. 5632* The following methods have been deprecated and may be removed in a future 5633 release: 5634 * ApiBase::getDescription 5635 * ApiBase::getParamDescription 5636 * ApiBase::getExamples 5637 * ApiBase::makeHelpMsg 5638 * ApiBase::makeHelpArrayToString 5639 * ApiBase::makeHelpMsgParameters 5640 * ApiBase::getModuleProfileName 5641 * ApiBase::profileIn 5642 * ApiBase::profileOut 5643 * ApiBase::safeProfileOut 5644 * ApiBase::getProfileTime 5645 * ApiBase::profileDBIn 5646 * ApiBase::profileDBOut 5647 * ApiBase::getProfileDBTime 5648 * ApiBase::getResultData 5649 * ApiFormatBase::setUnescapeAmps 5650 * ApiFormatBase::getWantsHelp 5651 * ApiFormatBase::setHelp 5652 * ApiFormatBase::formatHTML 5653 * ApiFormatBase::setBufferResult 5654 * ApiFormatBase::getDescription 5655 * ApiFormatBase::getNeedsRawData 5656 * ApiMain::setHelp 5657 * ApiMain::reallyMakeHelpMsg 5658 * ApiMain::makeHelpMsgHeader 5659 * ApiResult::setRawMode 5660 * ApiResult::getIsRawMode 5661 * ApiResult::getData 5662 * ApiResult::setElement 5663 * ApiResult::setContent 5664 * ApiResult::setIndexedTagName_recursive 5665 * ApiResult::setIndexedTagName_internal 5666 * ApiResult::setParsedLimit 5667 * ApiResult::beginContinuation 5668 * ApiResult::setContinueParam 5669 * ApiResult::setGeneratorContinueParam 5670 * ApiResult::endContinuation 5671 * ApiResult::size 5672 * ApiResult::convertStatusToArray 5673 * ApiQueryImageInfo::getPropertyDescriptions 5674 * ApiQueryLogEvents::addLogParams 5675* The following classes have been deprecated and may be removed in a future 5676 release: 5677 * ApiQueryDeletedrevs 5678 5679=== Languages updated in 1.25 === 5680 5681MediaWiki supports over 350 languages. Many localisations are updated 5682regularly. Below only new and removed languages are listed, as well as 5683changes to languages because of Bugzilla reports. 5684 5685* Languages added: 5686** awa (अवधी / Awadhi), thanks to translator 1AnuraagPandey; 5687** bgn (بلوچی رخشانی / Western Balochi), thanks to translators 5688 Baloch Afghanistan, Ibrahim khashrowdi and Rachitrali; 5689** ses (Koyraboro Senni), thanks to translator Songhay. 5690* (T66440) Kazakh (kk) wikis should no longer forcefully reset the user's 5691 interface language to kk where unexpected. 5692* The Chinese conversion table was substantially updated to fix a lot of 5693 bugs and ensure better reading experience for different variants. 5694 5695=== Other changes in 1.25 === 5696* (T45591) Links to MediaWiki.org translatable help were added to indicators, 5697 mostly in special pages. Local custom target titles can be placed in the 5698 relevant '(namespace-X|action name|special page name)-helppage' system 5699 message. Extensions can use the addHelpLink() function to do the same. 5700* The skin autodiscovery mechanism, deprecated in MediaWiki 1.23, has been 5701 removed. See https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery for 5702 migration guide for creators and users of custom skins that relied on it. 5703* Javascript variables 'wgFileCanRotate' and 'wgFileExtensions' now only 5704 available on Special:Upload. 5705* (T58257) Set site logo from mediawiki.skinning.interface module instead of 5706 inline styles in the HTML. 5707* Removed ApiQueryUsers::getAutoGroups(). (deprecated since 1.20) 5708* Removed XmlDumpWriter::schemaVersion(). (deprecated since 1.20) 5709* Removed LogEventsList::getDisplayTitle(). (deprecated since 1.20) 5710* Removed Preferences::trySetUserEmail(). (deprecated since 1.20) 5711* Removed mw.user.name() and mw.user.anonymous() methods. (deprecated since 5712 1.20) 5713* Removed 'ok' and 'err' parameters in the mediawiki.api modules. (deprecated 5714 since 1.20) 5715* Removed 'async' parameter from the mw.Api#getCategories() method. (deprecated 5716 since 1.20) 5717* Removed 'jquery.json' module. (deprecated since 1.24) 5718 Use the 'json' module and global JSON object instead. 5719* Deprecated OutputPage::readOnlyPage() and OutputPage::rateLimited(). 5720 Also, the former will now throw an MWException if called with one or more 5721 arguments. 5722* Removed hitcounters and associated code. 5723* The "temp" zone of the upload respository is now considered private. If it 5724 already exists (such as under the images/ directory), please make sure that 5725 the directory is not web readable (e.g. via a .htaccess file). 5726* BREAKING CHANGE: In the XML dump format used by Special:Export and 5727 dumpBackup.php, the <model> and <format> tags now apprear before the <text> 5728 tag, instead of after the <text> and <sha1> tags. 5729 The new schema version is 0.10, the new schema URI is: 5730 https://www.mediawiki.org/xml/export-0.10.xsd 5731* MWFunction::call() and MWFunction::callArray() were removed, having being 5732 deprecated in 1.22. 5733* Deprecated the getInternalLinkAttributes, getInternalLinkAttributesObj, 5734 and getInternalLinkAttributes methods in Linker, and removed 5735 getExternalLinkAttributes method, which was deprecated in MediaWiki 1.18. 5736* Removed Sites class, which was deprecated in 1.21 and replaced by 5737 SiteSQLStore. 5738* Added wgRelevantArticleId to the client-side config, for use on special pages. 5739* Deprecated the TitleIsCssOrJsPage hook. Superseded by the 5740 ContentHandlerDefaultModelFor hook since MediaWiki 1.21. 5741* Deprecated the TitleIsWikitextPage hook. Superseded by the 5742 ContentHandlerDefaultModelFor hook since MediaWiki 1.21. 5743* Changed parsing of variables in schema (.sql) files: 5744** The substituted values are no longer parsed. (Formerly, several passes 5745 were made for each variable, so depending on the order in which variables 5746 were defined, variables might have been found inside encoded values. This 5747 is no longer the case.) 5748** Variables are no longer string encoded when the /*$var*/ syntax is used. 5749 If string encoding is necessary, use the '{$var}' syntax instead. 5750** Variable names must only consist of one or more of the characters 5751 "A-Za-z0-9_". 5752** In source text of the form '{$A}'{$B}' or `{$A}`{$B}`, where variable A 5753 does not exist yet variable B does, the latter may not be replaced. 5754 However, this difference is unlikely to arise in practice. 5755* (T67278) RFC, PMID, and ISBN "magic links" must be surrounded by non-word 5756 characters on both sides. 5757* The FormatAutocomments hook will now receive $pre and $post as booleans, 5758 rather than as strings that must be prepended or appended to $comment. 5759* (T30950, T31025) RFC, PMID, and ISBN "magic links" can no longer contain 5760 newlines; but they can contain and other non-newline whitespace. 5761* The 'mediawiki.action.edit' ResourceLoader module no longer generates the edit 5762 toolbar, which has been moved to a separate 'mediawiki.toolbar' module. If you 5763 relied on this behavior, update your scripts' dependencies. 5764* HTMLForm's 'vform' display style has been separated to a subclass. Therefore: 5765 * HTMLForm::isVForm() is now deprecated. 5766 * You can no longer do this: 5767 $form = new HTMLForm( … ); 5768 $form->setDisplayFormat( 'vform' ); // throws exception 5769 Instead, do this: 5770 $form = HTMLForm::factory( 'vform', … ); 5771* Deprecated Revision methods getRawUser(), getRawUserText() and 5772 getRawComment(). 5773* BREAKING CHANGE: mediawiki.user.generateRandomSessionId: 5774 The alphabet of the prior string returned was A-Za-z0-9 and now it is 0-9A-F 5775* (T87504) Avoid serving SVG background-images in CSS for Opera 12, which 5776 renders them incorrectly when combined with border-radius or background-size. 5777* Removed maintenance script dumpSisterSites.php. 5778* DatabaseBase class constructors must be called using the array argument style. 5779 Ideally, DatabaseBase:factory() should be used instead in most cases. 5780* Deprecated ParserOutput::addSecondaryDataUpdate and 5781 ParserOutput::getSecondaryDataUpdates. 5782 This is a hard deprecation, with getSecondaryDataUpdates returning an empty 5783 array and addSecondaryDataUpdate throwing an exception. These functions will 5784 be removed in 1.26, since they interfere with caching of ParserOutput objects. 5785* Introduced new hook 'SecondaryDataUpdates' that allows extensions to inject 5786 custom updates. 5787* Introduced new hook 'OpportunisticLinksUpdate' that allows extensions to 5788 perform updates when a page is re-rendered. 5789* EditPage::attemptSave has been modified not to call handleStatus itself and 5790 instead just returns the Status object. Extension calling it should be aware 5791 of this. 5792* Removed class DBObject. (unused since 1.10) 5793* wfDiff() is deprecated. 5794* The -m (maximum replication lag) option of refreshLinks.php was removed. 5795 It had no effect since MediaWiki 1.18 and should be removed from any cron 5796 jobs or similar scripts you may have set up. 5797* (T85864) The following messages no longer support raw html: redirectto, 5798 thisisdeleted, viewdeleted, editlink, retrievedfrom, version-poweredby-others, 5799 retrievedfrom, thisisdeleted, viewsourcelink, lastmodifiedat, laggedslavemode, 5800 protect-summary-cascade 5801* All BloomCache related code has been removed. This was largely experimental. 5802* $wgResourceModuleSkinStyles no longer supports per-module local or remote 5803 paths. They can only be set for the entire skin. 5804* Removed global function swap(). (deprecated since 1.24) 5805* Deprecated the ".php5" file extension entry points and the $wgScriptExtension 5806 configuration variable. Refer to the ".php" files instead. If you want 5807 ".php5" URLs to continue to work, set up redirects. In Apache, this can be 5808 done by enabling mod_rewrite and adding the following rules to your 5809 configuration: 5810 5811 RewriteEngine On 5812 RewriteBase / 5813 RewriteRule ^(.*)\.php5 $1.php [R=301,L] 5814 5815* The global importScriptURI and importStylesheetURI functions, as well as the 5816 loadedScripts object, from wikibits.js (deprecated since 1.17) now emit 5817 warnings through mw.log.warn when accessed. 5818 5819= MediaWiki 1.24 = 5820 5821== MediaWiki 1.24.6 == 5822 5823This is a maintenance release of the MediaWiki 1.24 branch. 5824 5825=== Changes since 1.24.5 === 5826* (T121892) Fix fatal error on some Special pages, introduced in 1.24.5. 5827 5828== MediaWiki 1.24.5 == 5829 5830This is a security and maintenance release of the MediaWiki 1.23 branch. 5831 5832=== Changes since 1.24.4 === 5833* (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths 5834 that do not begin with a slash. This enabled trivial XSS attacks. 5835 Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are 5836 "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an 5837 error. 5838* (T119309) SECURITY: Use hash_compare() for edit token comparison 5839* (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting 5840 with '@' as file uploads 5841* (T115522) SECURITY: Passwords generated by User::randomPassword() can no 5842 longer be shorter than $wgMinimalPasswordLength 5843* (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could 5844 result in improper blocks being issued 5845* (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions 5846 and related pages no longer use HTTP redirects and are now redirected by 5847 MediaWiki 5848* (T103237) $wgUseGzip had no effect when using file cache. 5849 5850== MediaWiki 1.24.4 == 5851 5852This is a security and maintenance release of the MediaWiki 1.24 branch. 5853 5854=== Changes since 1.24.3 === 5855 5856* (T91653) Minimal PSR-3 debug logger to support backports from 1.25+. 5857* (T68650) Fix indexing of moved pages with PostgreSQL. Requires running 5858 update.php to fix. 5859* (T91850) SECURITY: Add throttle check in ApiUpload and SpecialUpload 5860* (T91203, T91205) SECURITY: API: Improve validation in chunked uploading 5861* (T95589) SECURITY: RevDel: Check all revisions for suppression, not just the 5862 first 5863* (T108616) SECURITY: Avoid exposure of local path in PNG thumbnails 5864 5865== MediaWiki 1.24.3 == 5866 5867This is a security and maintenance release of the MediaWiki 1.24 branch. 5868 5869=== Changes since 1.24.2 === 5870 5871* (T94116) SECURITY: Compare API watchlist token in constant time 5872* (T97391) SECURITY: Escape error message strings in thumb.php 5873* (T106893) SECURITY: Don't leak autoblocked IP addresses on 5874 Special:DeletedContributions 5875* Update jQuery from v1.11.2 to v1.11.3. 5876* (T102562) Fix InstantCommons parameters to handle the new HTTPS-only 5877 policy of Wikimedia Commons. 5878 5879== MediaWiki 1.24.2 == 5880 5881This is a security and maintenance release of the MediaWiki 1.24 branch. 5882 5883=== Changes since 1.24.1 === 5884 5885* (T85848, T71210) SECURITY: Don't parse XMP blocks that contain XML entities, 5886 to prevent various DoS attacks. 5887* (T85848) SECURITY: Don't allow directly calling Xml::isWellFormed, to reduce 5888 likelihood of DoS. 5889* (T88310) SECURITY: Always expand xml entities when checking SVG's. 5890* (T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS. 5891* (T85855) SECURITY: Don't execute another user's CSS or JS on preview. 5892* (T64685) SECURITY: Allow setting maximal password length to prevent DoS when 5893 using PBKDF2. 5894* (T85349, T85850, T86711) SECURITY: Multiple issues fixed in SVG filtering to 5895 prevent XSS and protect viewer's privacy. 5896* Fix case of SpecialAllPages/SpecialAllMessages in SpecialPageFactory to fix 5897 loading these special pages when $wgAutoloadAttemptLowercase is false. 5898* (bug T70087) Fix Special:ActiveUsers page for installations using 5899 PostgreSQL. 5900* (bug T76254) Fix deleting of pages with PostgreSQL. Requires a schema change 5901 and running update.php to fix. 5902 5903== MediaWiki 1.24.1 == 5904 5905This is a security and maintenance release of the MediaWiki 1.24 branch. 5906 5907=== Changes since 1.24.0 === 5908 5909* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which 5910 could lead to xss. Permission to edit MediaWiki namespace is required to 5911 exploit this. 5912* (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in 5913 $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as 5914 part of its name. 5915* (bug T74222) The original patch for T74222 was reverted as unnecessary. 5916* Fixed a couple of entries in RELEASE-NOTES-1.24. 5917* (bug T76168) OutputPage: Add accessors for some protected properties. 5918* (bug T74834) Make 1.24 branch directly installable under PostgreSQL. 5919 5920== MediaWiki 1.24.0 == 5921 5922=== Configuration changes in 1.24 === 5923* MediaWiki will no longer run if register_globals is enabled. It has been 5924 deprecated for 5 years now, and was removed in PHP 5.4. For more information 5925 about why, see <https://www.mediawiki.org/wiki/register_globals>. 5926* MediaWiki now requires PHP's iconv extension. openSUSE users may need to 5927 install the php5-iconv package. Users of other systems may need to add 5928 extension=iconv.so to php.ini or recompile PHP without --without-iconv. 5929* MediaWiki will no longer function if magic quotes are enabled. It has 5930 been deprecated for 5 years now, and was removed in PHP 5.4. 5931* The server's canonical hostname is available as $wgServerName, which is 5932 exposed in both mw.config and ApiQuerySiteinfo. 5933* Introduced $wgPagePropsHaveSortkey as a backwards-compatibility switch, 5934 for using the old schema of the page_props table, in case the respective 5935 schema update was not applied. 5936* $wgSearchEverythingOnlyLoggedIn was removed as the 'searcheverything' 5937 user option was removed. Use $wgNamespacesToBeSearchedDefault instead or 5938 if you used to have $wgDefaultUserOptions['searcheverything'] = 1. 5939* $wgMasterWaitTimeout has been deprecated. 5940* $wgDBClusterTimeout has been removed. 5941* $wgProxyKey has been removed. It is no longer used by MediaWiki core. 5942 Ensure $wgSecretKey is set in LocalSettings.php. 5943* $wgExtraInterlanguageLinkPrefixes is a new configuration variable that 5944 contains an array of interwiki prefixes that should be treated as language 5945 prefixes (i.e. turned into interlanguage links when $wgInterwikiMagic is set 5946 to true). 5947* $wgParserTestRemote has been removed. 5948* $wgCountTotalSearchHits has been removed. If you're concerned about efficiency 5949 of search, you should use something like CirrusSearch instead of built in 5950 search. 5951* Users in the 'sysop' group have access to Special:MergeHistory by default. 5952* $wgFileStore was removed after having been deprecated in 1.17. Alternative 5953 configurations are $wgDeletedDirectory and $wgHashedUploadDirectory. 5954* The deprecated $wgUseCommaCount variable has been removed. 5955* $wgEnableSorbs and $wgSorbsUrl have been removed. 5956* The UserCryptPassword and UserComparePassword hooks are no longer called. 5957 Any extensions using them must be updated to use the Password Hashing API. 5958* $wgCompiledFiles has been removed. 5959* $wgSortSpecialPages was removed, the listing on Special:SpecialPages is 5960 now always sorted. 5961* $wgSpecialPages may now use callback functions as an alternative to plain 5962 class names. This allows more control over constructor parameters. 5963* $wgHTCPMulticastAddress, $wgHTCPMulticastRouting and $wgHTCPPort were removed. 5964* $wgRC2UDPAddress, $wgRC2UDPInterwikiPrefix, $wgRC2UDPOmitBots, $wgRC2UDPPort 5965 and $wgRC2UDPPrefix have been removed. 5966* The default password type for MediaWiki has been changed from MD5 to PBKDF2. 5967 Password hashes will automatically be updated as users log in. If necessary, 5968 the old MD5 hashing can be restored by changing $wgPasswordDefault to 'B'. 5969 In addition, there is a maintenance script wrapOldPassword.php that can wrap 5970 all passwords in PBKDF2 (or the hashing algorithm of your choice) if you don't 5971 want to wait for your users to log in. 5972* $wgImportSources can now either be a regular array, or an associative map 5973 specifying subprojects on the interwiki map of the target wiki, or a mix of 5974 the two. Existing configurations will still work. 5975* Users must be able to edit through a page's protection to be able to delete 5976 it. 5977* The default thumb size ($wgDefaultUserOptions['thumbsize']) is now 300px, up 5978 from 180px. If you have altered the number of entries in $wgThumbLimits for 5979 your wiki, you may need to adjust your default user settings to compensate for 5980 the index change. 5981* $wgDeferredUpdateList is now deprecated, you should use 5982 DeferredUpdates::addUpdate() instead. 5983* $wgCanonicalLanguageLinks has been removed. Per Google recommendations, we 5984 will not send a rel=canonical pointing to a variant-neutral page, however 5985 we will send rel=alternate. 5986* $wgResourceLoaderLESSFunctions has been deprecated and will be removed in the 5987 future. 5988* $wgGoToEdit has been removed. Use the SpecialSearchNogomatch hook for similar 5989 functionality. 5990 5991=== New features in 1.24 === 5992* Added new hook WatchlistEditorBeforeFormRender, allowing subscribers to 5993 manipulate the list of pages and/or preload lots of data at once. 5994* Added new argument &$link in hook WatchlistEditorBuildRemoveLine, allowing the 5995 link to the title to be changed. 5996* Added a new hook, "WhatLinksHereProps", to allow extensions to annotate 5997 WhatLinksHere entries. 5998* Added a new hook, "ContentGetParserOutput", to customize parser output for 5999 a given content object. 6000* Deprecated the hook "ShowRawCssJs", use "ContentGetParserOutput" instead. 6001* HTMLForm's HTMLTextField now supports the 'url' type. 6002* HTMLForm fields may now be dynamically hidden based on the values of other 6003 fields in the form. 6004* HTMLForm now supports multiple copies of an input field or set of input 6005 fields, e.g. the form may request "one or more usernames" without having to 6006 have the user enter delimited list of names into a text field. 6007* Added a new hook, "SidebarBeforeOutput", to allow to edit the structure of 6008 the sidebar just before its display. 6009* (bug 49156) Added the mediawiki.cookie ResourceLoader module, which wraps 6010 jquery.cookie so that getting/setting a cookie is syntactically and 6011 functionally similar to using the WebRequest::getCookie() and 6012 WebResponse::setcookie() methods. 6013* (bug 44740) jQuery upgraded from 1.8.3 to 1.11.1. A new configuration option, 6014 $wgIncludejQueryMigrate, also loads the jQuery Migrate hack to let extensions 6015 and gadgets use the long-deprecated functions that were removed in jQuery 1.9. 6016 This option is turned off by default, and will be removed in MediaWiki 1.25. 6017* (bug 47076) jQuery UI upgraded from 1.8.24 to 1.9.2. 6018* Changes to content typography (fonts, etc.). See 6019 https://www.mediawiki.org/wiki/Typography_refresh for further information. 6020* WikitextContent will now render redirects with the expected "redirect" 6021 header, rather than as an ordered list. Code calling Article::viewRedirect 6022 can probably be changed to no longer special-case redirects. 6023* Header font set to a serif font stack. See 6024 https://www.mediawiki.org/wiki/Typography_refresh for further information. 6025* (bug 65567) Added a new hook, "BeforeHttpsRedirect", to allow cancellation of 6026 the HTTP to HTTPS redirect due to forceHTTPS cookie, userRequires, etc. This 6027 is only for page views, since this hook doesn't affect UserLogin, OAuth, 6028 CentralAuth, etc. ATTENTION: This hook is likely to be removed soon due to 6029 overall design of the system. 6030* (bug 17367) It is now possible to add pages to your watchlist from 6031 Special:UnwatchedPages without reloading the special page. 6032* New methods setVolatile and isVolatile are added to PPFrame, so that 6033 extensions such as Cite.php can mark that their output is volatile and 6034 shouldn't be cached. 6035* (bug 52817) Advanced search options are now saved on the search page itself, 6036 rather than in a dedicated pane in the preferences panel. 6037* (bug 44591) The dropdown actions menu (little triangle next to page tabs) in 6038 the Vector skin has gained a label that should make it more discoverable. 6039* MWCryptHKDF added for fast, cryptographically secure random number generation 6040 that won't deplete openssl's entropy pool. 6041* ResourceLoader: File modules can now provide a skip function that uses an 6042 inline feature test to bypass loading of the module. 6043* (bug 20210) Special pages may now provide autocompletion of their subpage 6044 names in search suggestions. Right now the only useful implementation is in 6045 Special:Log, but more are to come. 6046* Special:MostLinkedTemplates is no longer limited to transclusions from the 6047 Template namespace. 6048* Skins can now use 'remoteSkinPath' when defining ResourceLoader modules. 6049 This works the same as 'remoteExtPath' but is relative to the skins/ folder 6050 instead of the extensions/ folder. 6051* Added the json2.js polyfill for the ES5 JSON.stringify and JSON.parse methods. 6052 Exposed as module "json" with a skip function to optimise loading. 6053* Extensions and skins may now use 'namemsg' in $wgExtensionCredits in addition 6054 to 'name', to allow for the name to be localizable. 'name' should still be 6055 specified for backwards-compatibility and to define the path Special:Version 6056 uses to find extension license information. 6057* Browser tests are now included to verify basic wiki functionality in developer 6058 environments. For details on running tests, see 6059 tests/browser/README.mediawiki. 6060* Upgrade jStorage to v0.4.10. 6061* {{!}} is now a magic word that produces the | character. This removes the need 6062 for Template:! for purposes such as passing pipes inside of parameters. 6063* (bug 20790) The block log snippet on Special:Contributions and while 6064 editing user and user talk pages now works for IP range blocks. 6065* (bug 9360) Added ability to change the page language for MediaWiki pages using 6066 Special:PageLanguage. All pages are set to wiki language by default. 6067 The feature needs to be enabled with $wgPageLanguageUseDB=true and 6068 permission needs to be set for 'pagelang'. 6069* Upgrade Moment.js to v2.8.3. 6070* (bug 67042) Added support for the HTML5 <rtc> tag for East Asian typography. 6071* Upgrade Sinon.JS to 1.10.3. 6072* Added the es5-shim polyfill for older or non-compliant javascript engines. 6073* Upgrade jQuery Cookie to v1.3.1. 6074* (bug 20476) Add a "viewsuppressed" user right to be able to view 6075 suppressed content but not suppress it ("suppressrevision" right). 6076* (bug 66440) The MediaWiki web installer will now allow you to choose the skins 6077 to enable (from the ones included in download tarball) and decide which one 6078 should be the default. 6079* (bug 68085, 68802) Links like [[localInterwikiPrefix:languageCode:pageTitle]], 6080 where localInterwikiPrefix is a member of the $wgLocalInterwikis array, will 6081 no longer be displayed in the sidebar when $wgInterwikiMagic is true. In a 6082 similar way, links like [[localInterwikiPrefix:File:Image.png]] and 6083 [[localInterwikiPrefix:Category:Hello]] will now render as regular links, and 6084 will not include the file or add the page to the category. 6085* New special page, MyLanguage, to redirect users to subpages with localised 6086 versions of a page. (Integrated from Extension:Translate) 6087* MediaWiki now supports multiple password types, including bcrypt and PBKDF2. 6088 The default type can be changed with $wgPasswordDefault and the type 6089 configurations can be changed with $wgPasswordConfig. 6090* Skins can now define custom styles for default ResourceLoader modules using 6091 the $wgResourceModuleSkinStyles global. See the Vector skin for examples. 6092* (bug 4488) There is now a preference to watch pages where the user has 6093 rollbacked an edit by default. 6094* (bug 15484) Users will now be redirected to the login page when they need to 6095 log in, rather than being shown a page asking them to log in and having to 6096 click another link to actually get to the login page. 6097* A JsonContent and JsonContentHandler were added for extensions to extend. 6098* (bug 35045) Redirects to sections will now update the URL in browser's address 6099 bar using the HTML5 History API. When [[Dog]] redirects to [[Animals#Dog]], 6100 the user will now see "Animals#Dog" in their browser instead of "Dog#Dog". 6101* API token handling has been rewritten. Any API module using tokens will need 6102 to be updated. See the entry below under "Action API internal changes". 6103* Added HTMLAutoCompleteSelectField. 6104* Added a new hook, "SkinPreloadExistence", to allow extensions to add titles to 6105 link existence cache before the page is rendered. 6106* Config::set() was moved to its own interface, MutableConfig. 6107 GlobalVarConfig::set() is now deprecated, does not implement MutableConfig. 6108* A MutableConfig named HashConfig was added, that stores an array of 6109 configuration settings. 6110* (bug 69418) A MultiConfig implementation was added that supports fallback 6111 to multiple Config instances. 6112* Update CSSJanus to v1.1.0. 6113* Added FormatJson::parse() returning status with result or localized error 6114 message 6115* Added DeletedContribsPager::reallyDoQuery hook allowing extensions to data to 6116 Special:DeletedContributions 6117* Added DeletedContributionsLineEnding hook allowing extensions to format 6118 Special:DeletedContributions lines 6119* (T69525) You can now make MediaWiki speed up its thumbnail rendering by using 6120 intermediary thumbnails. $wgThumbnailBuckets must be set to a list of target 6121 thumbnail widths; when a new thumbnail needs to be rendered, MediaWiki will 6122 find the smallest bucket smaller than the original but larger than the target 6123 width + $wgThumbnailMinimumBucketDistance, and it will scale that thumbnail, 6124 rather than the original, down to the target size at greater speed in return 6125 for minor loss of fidelity. 6126 6127=== Bug fixes in 1.24 === 6128* (bug 50572) MediaWiki:Blockip should support gender 6129* (bug 49116) Footer copyright notice is now always displayed in user language 6130 rather than content language (same as copyright notice for editing interface). 6131* (bug 62258) A bug was fixed in File::getUnscaledThumb when a height 6132 restriction was present in the parameters. Images with both the "frame" 6133 option and a size specification set will now always ignore the provided 6134 size and display an unscaled image, as the documentation has always 6135 claimed it would. 6136* (bug 39035) Improved Vector skin performance by removing collapsibleNav, 6137 which used to collapse some sidebar elements by default. 6138 This removes -list id suffixes like p-lang-list: instead of using things like 6139 #p-lang-list, you can do #p-lang .body ul. 6140* (bug 890) Links in Special:RecentChanges and Special:Watchlist no longer 6141 follow redirects to their target pages. 6142* Parser now dies early if called recursively, instead of producing subtle bugs. 6143* (bug 14323) Redirect pages, when viewed with redirect=no, no longer hide the 6144 remaining page content. 6145* (bug 52587) Maintenance script deleteBatch.php no longer follows redirects 6146 in the file namespace and delete the file on the target page. It will still 6147 however delete the redirect page. 6148* (bug 22683) {{msgnw:}} and other uses of PPFrame::RECOVER_ORIG will correctly 6149 recover the original code of extension tags. 6150* (bug 65757) MSSQL: Update script drops unnamed constraints to be prepared 6151 for future updates. Because it's doing so heuristically, it may fail or drop 6152 wrong constraints. 6153* (bug 67870) wfShellExec() cuts off stdout at multiples of 8192 bytes. 6154* $wgRunJobsAsync now works with private wikis (e.g. read requires login). 6155* (bugs 57238, 65206) Blank pages can now be directly created. 6156* (bug 69789) Title::getContentModel() now loads from the database when 6157 necessary instead of incorrectly returning the default content model. 6158* (bug 69249) wfBaseConvert() now works around PHP Bug #50175 when using GMP. 6159* (bug 57909) URLs in the externallinks table will no longer have certain 6160 characters decoded in the query string. 6161* (bug 67368) LESS mixins like .background-image() correctly flip image 6162 references for RTL stylesheets now. 6163 6164=== Action API changes in 1.24 === 6165* action=parse API now supports prop=modules, which provides the list of 6166 ResourceLoader modules that should be used to enhance the parsed content. 6167* action=query&meta=siteinfo&siprop=interwikimap returns a new "protorel" 6168 field which is true if protocol-relative urls can be used to access 6169 a particular interwiki map entry. 6170* list=logevents now provides logpage, which is the page ID from the 6171 logging table, if ids are requested and the user has the permissions. 6172* action=edit now requires that appendtext, prependtext, or section=new be used 6173 when using the 'redirect' parameter, to prevent clients accidentally 6174 overwriting the target page with the content of the redirect. 6175* list=logevents will now return an error if both letitle and leprefix are 6176 specified. 6177* list=logevents has a new parameter, lenamespace, to allow filtering by 6178 namespace. 6179* action=expandtemplates has a new parameter, prop, and a new output format. 6180 The old format is still used if prop isn't provided, but this is deprecated. 6181* meta=userinfo can now return the count of unread pages on the watchlist. 6182* list=watchlist can now filter by unread status. 6183* The deprecated action=parse&prop=languageshtml has been removed. 6184* (bug 48071) action=setnotificationtimestamp no longer throws PHP or database 6185 errors when no pages are given. 6186* (bug 60734) Actions that use ApiPageSet (e.g. purge, watch, 6187 setnotificationtimestamp) will now include continuation information when 6188 using a generator. 6189* Removed 'props' and 'errors' from action=paraminfo, as they have extremely 6190 limited use and are generally inaccurate, unmaintained, and impossible to 6191 properly maintain. 6192* Formats dbg, dump, txt, wddx, and yaml are now deprecated. 6193* action=paraminfo now indicates when a parameter is specifying a submodule. 6194* The iwurl parameter to prop=iwlinks is deprecated in favor of iwprop=url, for 6195 parallelism with prop=langlinks. 6196* All tokens should be fetched from action=query&meta=tokens; all other methods 6197 of fetching tokens are deprecated. The value needed for meta=tokens's 'type' 6198 parameter for each module is documented in the action=help output and is 6199 returned from action=paraminfo. 6200* New action ClearHasMsg that can be used to clear HasMsg flag. 6201* The cmstartsortkey and cmendsortkey parameters to list=categorymembers are 6202 deprecated in favor of cmstarthexsortkey and cmendhexsortkey. 6203* (bug 63326) Add blockedtimestamp field to output of blockinfo property for 6204 the list=allusers and list=users modules. 6205* prop=imageinfo no longer requires iiurlwidth to be set when using iiurlparam. 6206* Added prop=linkshere, prop=fileusage, and prop=transcludedin, which are 6207 roughly equivalent to list=backlinks, list=imageusage, and list=embeddedin 6208 but can work on a list of titles (including titles from a generator). 6209* prop=redirects can now filter returned redirects by namespace. 6210 6211=== Action API internal changes in 1.24 === 6212* Methods for handling continuation are added to ApiResult, so actions other 6213 than query that use generators can easily support continuation. 6214* $wgAPIModules (and the related $wgAPIFormatModules, $wgAPIMetaModules, 6215 $wgAPIPropModules, and $wgAPIListModules settings) now allow API modules 6216 to be specified using a "module spec" array instead of a plain class name. 6217 A "module spec" is an associative array containing at least the 'class' key 6218 for the module's class, and optionally a 'factory' key for the factory 6219 function to use for the module. This is intended for extensions that want 6220 control over the instantiation of their API modules, to allow for proper 6221 dependency injection. 6222* A new param type 'submodule' is available. Parameters of this type will take 6223 the list of valid values from the module's ApiModuleManager for the group 6224 corresponding to the parameter name. 6225* The 'APIGetPossibleErrors' and 'APIGetResultProperties' hooks are no longer 6226 used. 6227* API token handling has been rewritten. Any API module using tokens will need 6228 to be updated: 6229 * ApiBase::needsToken now returns a token type instead of boolean true when a 6230 token is needed. Returning true will throw an exception. See documentation 6231 of that method for details. 6232 * Information for the 'token' parameter is automatically set by ApiBase 6233 getFinalParams and getFinalParamDescription. 6234 * ApiBase::getTokenSalt has been removed. 6235 * The hooks APIQueryInfoTokens, APIQueryRevisionsTokens, 6236 APIQueryRecentChangesTokens, APIQueryUsersTokens, and 6237 ApiTokensGetTokenTypes are deprecated, but are still called to support 6238 backwards-compatible token access. 6239* ApiBase::validateLimit and ApiBase::validateTimestamp are now protected. 6240* ApiQueryRedirects was removed; prop=redirects is now implemented by 6241 ApiQueryBacklinksProp along with the newly-added prop modules. 6242* The following methods have been deprecated and may be removed in a future 6243 release: 6244 * ApiBase::getResultProperties 6245 * ApiBase::getFinalResultProperties 6246 * ApiBase::addTokenProperties 6247 * ApiBase::getRequireOnlyOneParameterErrorMessages 6248 * ApiBase::getRequireMaxOneParameterErrorMessages 6249 * ApiBase::getRequireAtLeastOneParameterErrorMessages 6250 * ApiBase::getTitleOrPageIdErrorMessage 6251 * ApiBase::getPossibleErrors 6252 * ApiBase::getFinalPossibleErrors 6253 * ApiBase::parseErrors 6254 * ApiQuery::setGeneratorContinue 6255 * ApiQueryBase::checkRowCount 6256 * ApiQueryBase::titleToKey 6257 * ApiQueryBase::keyToTitle 6258 * ApiQueryBase::keyPartToTitle 6259 * ApiQueryInfo::getTokenFunctions 6260 * ApiQueryInfo::resetTokenCache 6261 * ApiQueryInfo::getEditToken 6262 * ApiQueryInfo::getDeleteToken 6263 * ApiQueryInfo::getProtectToken 6264 * ApiQueryInfo::getMoveToken 6265 * ApiQueryInfo::getBlockToken 6266 * ApiQueryInfo::getUnblockToken 6267 * ApiQueryInfo::getEmailToken 6268 * ApiQueryInfo::getImportToken 6269 * ApiQueryInfo::getWatchToken 6270 * ApiQueryInfo::getOptionsToken 6271 * ApiQueryRecentChanges::getTokenFunctions 6272 * ApiQueryRecentChanges::getPatrolToken 6273 * ApiQueryRevisions::getTokenFunctions 6274 * ApiQueryRevisions::getRollbackToken 6275 * ApiQueryUsers::getTokenFunctions 6276 * ApiQueryUsers::getUserrightsToken 6277* The following classes have been deprecated and may be removed in a future 6278 release: 6279 * ApiFormatDbg 6280 * ApiFormatDump 6281 * ApiFormatTxt 6282 * ApiFormatWddx 6283 * ApiFormatYaml 6284 * ApiTokens 6285* The following class constants have been deprecated and may be removed in a 6286 future release: 6287 * ApiBase::PROP_ROOT 6288 * ApiBase::PROP_LIST 6289 * ApiBase::PROP_TYPE 6290 * ApiBase::PROP_NULLABLE 6291 6292=== Languages updated in 1.24 === 6293 6294MediaWiki supports over 350 languages. Many localisations are updated 6295regularly. Below only new and removed languages are listed, as well as 6296changes to languages because of Bugzilla reports. 6297 6298=== Other changes in 1.24 === 6299* The deprecated jquery.delayedBind ResourceLoader module was removed. 6300* The deprecated function mw.util.toggleToc was removed. 6301* The Special:Search hooks SpecialSearchGo and SpecialSearchResultsAppend 6302 were removed as they were unused. 6303* (bug 65477) User::pingLimiter() now has an additional profile point varying 6304 by action being used. 6305* mediawiki.util.$content no longer supports old versions of the Vector, 6306 Monobook, Modern and CologneBlue skins that don't yet implement the "mw-body" 6307 and/or "mw-body-primary" class name in their html. 6308* Added pp_sortkey column to page_props table, so pages can be efficiently 6309 queried and sorted by property value (bug 58032). 6310 See $wgPagePropsHaveSortkey if you want to postpone the schema change. 6311* BREAKING CHANGE: All four built-in MediaWiki skins (Vector, MonoBook, Modern 6312 and Cologne Blue) were moved out of MediaWiki core to their own respective 6313 repositories. They will be installed with the release tarball, but you must 6314 install them separately if installing MediaWiki from source code. A warning 6315 message displayed until you do it should guide you through the process. See 6316 also <https://www.mediawiki.org/wiki/Manual:Skin_configuration>. 6317* BREAKING CHANGE: Skins built for MediaWiki 1.15 and earlier that do not use 6318 the "headelement" template key are no longer supported. Setting 6319 $useHeadElement = false; is no longer supported and will not cause old keys 6320 like "headlinks", "skinnameclass", etc. to be defined. 6321* BREAKING CHANGE: The files commonElements.css, commonContent.css and 6322 commonInterface.css (in skins/common/) have been removed. Skins may no longer 6323 rely on their presence and include them in their style modules. ResourceLoader 6324 modules introduced in MediaWiki 1.23 should be loaded instead: 6325 - skins/common/commonElements.css → 'mediawiki.skinning.elements' module 6326 - skins/common/commonContent.css → 'mediawiki.skinning.content' module 6327 - skins/common/commonInterface.css → 'mediawiki.skinning.interface' module 6328* The deprecated 'SpecialVersionExtensionTypes' hook was removed. 6329* (bug 63891) Add 'X-Robots-Tag: noindex' header in action=render pages. 6330* SpecialPage no longer supports the syntax for invoking wfSpecial*() functions. 6331 Special pages should subclass SpecialPage and implement the execute() method. 6332* (bug 63755) The deprecated constants RC_MOVE and RC_MOVE_OVER_REDIRECT were 6333 removed. 6334* Special:MostLinkedTemplates has been renamed to Special:MostTranscludedPages. 6335* The skin autodiscovery mechanism has been deprecated and will be removed in 6336 MediaWiki 1.25. See https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery 6337 for migration guide for creators and users of custom skins that relied on it. 6338* ResourceLoaderFileModule#getAllStyleFiles now returns all style files and all 6339 skin style files used by the module. 6340* Removed getLang() from IContextSource and subclasses. (deprecated since 1.19) 6341* Removed setLang() from subclasses of IContextSource. (deprecated since 1.19) 6342* Removed WebRequest::escapeAppendQuery(). (deprecated since 1.20) 6343* Removed info(), purge(), revert() and rollback() from the Article class; they 6344 have since become subclasses of the Action class. (deprecated since 1.19) 6345* SearchEngineReplacePrefixesComplete hook was removed. 6346* The "jquery.json" module has been deprecated. Use the "json" module instead. 6347* Removed HTMLForm::addJS(). (deprecated since 1.18) 6348* Removed LogEventsList::showHeader(). (deprecated since 1.19) 6349* Removed ImageGalleryBase::useSkin(). (deprecated since 1.18) 6350* Removed DatabaseMysqlBase::getLagFromProcesslist(). (deprecated since 1.19) 6351* Removed LoadBalancer::closeConnecton(). (deprecated since 1.18) 6352* Removed ApiBase::createContext(). (deprecated since 1.19) 6353* BREAKING CHANGE: The undocumented Special{$this->getName()}BeforeFormDisplay 6354 set of hooks has been removed and replaced by a single new hook 6355 SpecialPageBeforeFormDisplay. 6356* (bug 65781) Removed block warning on included {{Special:Contributions}} 6357* Removed Skin::makeGlobalVariablesScript(). (deprecated since 1.19) 6358* Removed MWNamespace::isMain(). (deprecated since 1.19) 6359* Removed Preferences::loadOldSearchNs(). (deprecated since 1.19) 6360* Removed OutputPage::getStatusMessage(). (deprecated since 1.18) 6361* Removed OutputPage::isUserJsAllowed(). (deprecated since 1.18) 6362* Removed Title::updateTitleProtection(). (deprecated since 1.19) 6363* Removed ParserOptions::setSkin(). (deprecated since 1.19) 6364* Removed Title::escapeCanonicalURL(). (deprecated since 1.19) 6365* Removed Title::escapeLocalURL(). (deprecated since 1.19) 6366* Removed Title::escapeFullURL(). (deprecated since 1.19) 6367* Removed User::isValidEmailAddr(). (deprecated since 1.18) 6368* Removed Title::getEscapedText(). (deprecated since 1.19) 6369* Removed Language::getFallbackLanguageCode(). (deprecated since 1.19) 6370* Removed WikiPage::isBigDeletion(). (deprecated since 1.19) 6371* Removed MWInit class which contained functions related to a now discontinued 6372 PHP compiler called hphpc. (deprecated since 1.22) 6373* ApiResult::enableSizeCheck() and disableSizeCheck() are now obsolete. 6374* Removed ResourceLoaderGetStartupModules hook. (deprecated since 1.23) 6375* Removed getFormFields(), onSubmit() and onSuccess() from FormlessAction, as 6376 these were meant specifically for FormAction instead. 6377* Removed Action::execute(). 6378* Removed AjaxAddScript which has been obsolete since ResourceLoader and 6379 is unused by any modern extension. 6380* Removed maintenance/nextJobDB.php; no longer in use. 6381* Removed global function wfViewPrevNext(). (deprecated since 1.19) 6382* Removed global function xmlsafe() from Export.php. (moved to OAIRepo 6383 extension) 6384* Removed Title::userCanRead(). (deprecated since 1.19) 6385* Removed maintenance script importTextFile.php. Use edit.php script instead. 6386* A _from_namespace field has been added to the templatelinks, pagelinks, 6387 and filelinks tables. Run update.php to apply this change to the schema. 6388* Removed File::sha1Base36(). (deprecated since 1.19) 6389* Removed File::getPropsFromPath(). (deprecated since 1.19) 6390* Removed functions blockedPage(), noCreatePermission(), readOnlyPage() and 6391 userNotLoggedInPage() from EditPage.php. (deprecated since 1.19) 6392* Removed functions getContent(), getPreloadedText(), mergeChangesInto() and 6393 setPreloadedText() from EditPage.php. (deprecated since 1.21) 6394* Removed global functions wfArrayLookup(), wfArrayMerge(), 6395 wfDebugDieBacktrace() and wfTime(). (deprecated since 1.22) 6396* Browser support for Internet Explorer 6 and 7 lowered from Grade A to Grade C, 6397 meaning that JavaScript is no longer executed in these browser versions. 6398* Browser support for Opera 11 lowered from Grade A to Grade C. 6399* Removed IEFixes module which existed purely to provide support for MSIE 6400 versions below 7 (conditionally loaded only for those browsers). 6401* Deprecated SpecialPageFactory::getList() in favor of 6402 SpecialPageFactory::getNames() 6403* Action::checkCanExecute() no longer has a return value. 6404* Removed cleanupForIRC(), loadFromCurRow(), newFromCurRow(), notifyRC2UDP() 6405 and sendToUDP() from RecentChange.php. (deprecated since 1.22) 6406* Removed EnhancedChangesList::arrow(), sideArrow(), downArrow(), spacerArrow(). 6407* Removed Xml::namespaceSelector(). (deprecated since 1.19) 6408* Removed WikiPage::estimateRevisionCount(). (deprecated since 1.19) 6409* MYSQL: Enum item added to "major MIME type" columns. 6410 Running update.php on MySQL < v5.1 may result in heavy processing. 6411* RSS and Atom feeds generated by MediaWiki no longer include a fallback 6412 stylesheet. It was ignored by most browsers these days anyway. 6413* SpecialSearchNoResults hook has been removed. SpecialSearchResults is now 6414 called unconditionally. 6415* TablePager::getBody() is now 'final' and can't be overridden in subclasses. 6416* TablePager::getBody() is deprecated, use getBodyOutput() or getFullOutput(). 6417* Added $outputPage parameter to the SkinTemplateGetLanguageLink hook. 6418* log_page for move log entries store the original page ID, rather than that 6419 of the new redirect page. This is not retroactive. 6420* LCStoreAccel was removed. $wgLocalisationCacheConf can no longer be set to 6421 use this store class. 6422* Html::infoBox() no longer accepts paths relative to skins/common/images/. 6423* Deprecated defunct Skin::getCommonStylePath(). 6424* Some extensions had their ResourceLoader modules depend on the "mediawiki" 6425 and "jquery" modules. In the past, this behavior was undefined, now it will 6426 throw an error. 6427* Removed BagOStuff::replace(). (deprecated since 1.23) 6428* In Linker.php, link(), linkText() and makeBrokenImageLinkObj() now display 6429 warnings if their first parameter is not a Title object. Also makeImageLink() 6430 now requires a Parser as its first parameter. 6431* (bug 67368) LESS functions embed() and embeddable(), added in MediaWiki 1.23 6432 and broken by design, have been removed. Use appropriate LESS mixins instead. 6433* Removed cssjanus.py from maintenance directory as it was unused. 6434* Removed maintenance/purgeOldText.inc and the PurgeRedundantText() function 6435 it contained (superseded by Maintenance::purgeRedundantText() in 1.16). 6436 The purgeOldText.php maintenance script has been retained. 6437* PHPUnit tests can be found by directory discovery, by adding the directory 6438 path from your UnitTestsList callback. Older versions of MediaWiki core will 6439 barf at this usage. 6440 6441==== Renamed classes ==== 6442* CLDRPluralRuleConverter_Expression to CLDRPluralRuleConverterExpression 6443* CLDRPluralRuleConverter_Fragment to CLDRPluralRuleConverterFragment 6444* CLDRPluralRuleConverter_Operator to CLDRPluralRuleConverterOperator 6445* CLDRPluralRuleEvaluator_Range to CLDRPluralRuleEvaluatorRange 6446* CSSJanus_Tokenizer to CSSJanusTokenizer 6447* MediaWiki_I18N to MediaWikiI18N 6448* Parser_DiffTest to ParserDiffTest 6449* RevDel_ArchiveItem to RevDelArchiveItem 6450* RevDel_ArchiveList to RevDelArchiveList 6451* RevDel_ArchivedFileItem to RevDelArchivedFileItem 6452* RevDel_ArchivedFileList to RevDelArchivedFileList 6453* RevDel_ArchivedRevisionItem to RevDelArchivedRevisionItem 6454* RevDel_FileItem to RevDelFileItem 6455* RevDel_FileList to RevDelFileList 6456* RevDel_Item to RevDelItem 6457* RevDel_List to RevDelList 6458* RevDel_LogItem to RevDelLogItem 6459* RevDel_LogList to RevDelLogList 6460* RevDel_RevisionItem to RevDelRevisionItem 6461* RevDel_RevisionList to RevDelRevisionList 6462* WebInstaller_Complete to WebInstallerComplete 6463* WebInstaller_Copying to WebInstallerCopying 6464* WebInstaller_DBConnect to WebInstallerDBConnect 6465* WebInstaller_DBSettings to WebInstallerDBSettings 6466* WebInstaller_Document to WebInstallerDocument 6467* WebInstaller_ExistingWiki to WebInstallerExistingWiki 6468* WebInstaller_Install to WebInstallerInstall 6469* WebInstaller_Language to WebInstallerLanguage 6470* WebInstaller_Name to WebInstallerName 6471* WebInstaller_Options to WebInstallerOptions 6472* WebInstaller_Readme to WebInstallerReadme 6473* WebInstaller_ReleaseNotes to WebInstallerReleaseNotes 6474* WebInstaller_Restart to WebInstallerRestart 6475* WebInstaller_Upgrade to WebInstallerUpgrade 6476* WebInstaller_UpgradeDoc to WebInstallerUpgradeDoc 6477* WebInstaller_Welcome to WebInstallerWelcome 6478 6479==== Removed classes ==== 6480* IPBlockForm - Use SpecialBlock directly 6481* WatchlistEditor - Use SpecialEditWatchlist directly 6482* FormatExif - Use FormatMetadata directly 6483* RevertFileAction - Use RevertAction directly 6484* HistoryPage - Use HistoryAction directly 6485* RawPage - Use RawAction directly 6486* StubContLang - Use Language::factory() instead 6487* XMLReader2 - Use XMLReader directly 6488* ResourceLoaderLESSFunctions - No longer in use, not intended for public usage 6489 6490==== Removed files ==== 6491The skins/common/ directory, previously containing some assets intended to be 6492used by skins and a number of legacy styles and scripts, has been removed. Its 6493contents have been deleted or relocated into the resources/ directory. Full list 6494of files that are no longer available follows. 6495 6496* skins/common/ajax.js 6497* skins/common/commonContent.css 6498* skins/common/commonElements.css 6499* skins/common/commonInterface.css 6500* skins/common/commonPrint.css 6501* skins/common/config-cc.css 6502* skins/common/config.css 6503* skins/common/config.js 6504* skins/common/feed.css 6505* skins/common/IEFixes.js 6506* skins/common/oldshared.css 6507* skins/common/protect.js 6508* skins/common/shared.css 6509* skins/common/upload.js 6510* skins/common/wikibits.js 6511* skins/common/images/add.png 6512* skins/common/images/ajax-loader.gif 6513* skins/common/images/arrow_disabled_first_25.png 6514* skins/common/images/arrow_disabled_last_25.png 6515* skins/common/images/arrow_disabled_left_25.png 6516* skins/common/images/arrow_disabled_right_25.png 6517* skins/common/images/arrow_first_25.png 6518* skins/common/images/arrow_last_25.png 6519* skins/common/images/arrow_left_25.png 6520* skins/common/images/arrow_right_25.png 6521* skins/common/images/Arr_.png 6522* skins/common/images/Arr_d.png 6523* skins/common/images/Arr_l.png 6524* skins/common/images/Arr_r.png 6525* skins/common/images/Arr_u.png 6526* skins/common/images/bullet.gif 6527* skins/common/images/button_bold.png 6528* skins/common/images/button_extlink.png 6529* skins/common/images/button_headline.png 6530* skins/common/images/button_hr.png 6531* skins/common/images/button_image.png 6532* skins/common/images/button_italic.png 6533* skins/common/images/button_link.png 6534* skins/common/images/button_media.png 6535* skins/common/images/button_nowiki.png 6536* skins/common/images/button_sig.png 6537* skins/common/images/button_template.png 6538* skins/common/images/cc-0.png 6539* skins/common/images/cc-by-nc-sa.png 6540* skins/common/images/cc-by-sa.png 6541* skins/common/images/cc-by.png 6542* skins/common/images/Checker-16x16.png 6543* skins/common/images/closewindow.png 6544* skins/common/images/closewindow19x19.png 6545* skins/common/images/critical-32.png 6546* skins/common/images/diffunderline.gif 6547* skins/common/images/download-32.png 6548* skins/common/images/feed-icon.png 6549* skins/common/images/feed-icon.svg 6550* skins/common/images/gnu-fdl.png 6551* skins/common/images/help-question-hover.gif 6552* skins/common/images/help-question.gif 6553* skins/common/images/info-32.png 6554* skins/common/images/link_icon.gif 6555* skins/common/images/magnify-clip-rtl.png 6556* skins/common/images/magnify-clip.png 6557* skins/common/images/mediawiki.png 6558* skins/common/images/nextredirectltr.png 6559* skins/common/images/nextredirectrtl.png 6560* skins/common/images/poweredby_mediawiki_88x31.png 6561* skins/common/images/public-domain.png 6562* skins/common/images/question-small.png 6563* skins/common/images/question.svg 6564* skins/common/images/redirectltr.png 6565* skins/common/images/redirectrtl.png 6566* skins/common/images/remove.png 6567* skins/common/images/spinner.gif 6568* skins/common/images/tick-32.png 6569* skins/common/images/tipsy-arrow.gif 6570* skins/common/images/tooltip_icon.png 6571* skins/common/images/warning-32.png 6572* skins/common/images/wiki.png 6573* skins/common/images/Zoom_sans.gif 6574* skins/common/images/ar/button_bold.png 6575* skins/common/images/ar/button_headline.png 6576* skins/common/images/ar/button_italic.png 6577* skins/common/images/ar/button_link.png 6578* skins/common/images/ar/button_nowiki.png 6579* skins/common/images/be-tarask/button_bold.png 6580* skins/common/images/be-tarask/button_italic.png 6581* skins/common/images/be-tarask/button_link.png 6582* skins/common/images/cyrl/button_bold.png 6583* skins/common/images/cyrl/button_italic.png 6584* skins/common/images/cyrl/button_link.png 6585* skins/common/images/de/button_bold.png 6586* skins/common/images/de/button_italic.png 6587* skins/common/images/fa/button_bold.png 6588* skins/common/images/fa/button_headline.png 6589* skins/common/images/fa/button_italic.png 6590* skins/common/images/fa/button_link.png 6591* skins/common/images/fa/button_nowiki.png 6592* skins/common/images/icons/fileicon-c.png 6593* skins/common/images/icons/fileicon-cpp.png 6594* skins/common/images/icons/fileicon-deb.png 6595* skins/common/images/icons/fileicon-djvu.png 6596* skins/common/images/icons/fileicon-djvu.xcf 6597* skins/common/images/icons/fileicon-dvi.png 6598* skins/common/images/icons/fileicon-exe.png 6599* skins/common/images/icons/fileicon-h.png 6600* skins/common/images/icons/fileicon-html.png 6601* skins/common/images/icons/fileicon-iso.png 6602* skins/common/images/icons/fileicon-java.png 6603* skins/common/images/icons/fileicon-mid.png 6604* skins/common/images/icons/fileicon-mov.png 6605* skins/common/images/icons/fileicon-o.png 6606* skins/common/images/icons/fileicon-ogg.png 6607* skins/common/images/icons/fileicon-ogg.xcf 6608* skins/common/images/icons/fileicon-pdf.png 6609* skins/common/images/icons/fileicon-ps.png 6610* skins/common/images/icons/fileicon-psd.png 6611* skins/common/images/icons/fileicon-rm.png 6612* skins/common/images/icons/fileicon-rpm.png 6613* skins/common/images/icons/fileicon-svg.png 6614* skins/common/images/icons/fileicon-tar.png 6615* skins/common/images/icons/fileicon-tex.png 6616* skins/common/images/icons/fileicon-ttf.png 6617* skins/common/images/icons/fileicon-txt.png 6618* skins/common/images/icons/fileicon.png 6619* skins/common/images/ksh/button_S_italic.png 6620 6621= MediaWiki 1.23 = 6622 6623== MediaWiki 1.23.17 == 6624 6625=== Changes since 1.23.16 === <!--T:69--> 6626* Fix syntax errors introduced in 1.23.16 when running PHP 5.3. 6627 6628== MediaWiki 1.23.16 == 6629This is a security and maintenance release of the MediaWiki 1.23 branch. 6630 6631=== Changes since 1.23.15 === 6632* (T68404) CSS3 attr() function with url type is no longer allowed 6633 in inline styles. 6634* (T156184) $wgRawHtml will no longer apply to internationalization messages. 6635* Submitting the lgtoken and lgpassword parameters in the query string to 6636 action=login is now deprecated and outputs a warning. They should be submitted 6637 in the POST body instead. 6638* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow 6639 redirect to interwiki links. 6640* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when 6641 $wgAdvancedSearchHighlighting is true. 6642* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep 6643 their values out of the logs. 6644* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a 6645 CSRF token. 6646* (T156184) SECURITY: Escape content model/format url parameter in message. 6647* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD 6648 declaration. 6649* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file 6650 inclusion syntax's link parameter. 6651* (T108138) SECURITY: Sysops can undelete pages, although the page is protected 6652 against it. 6653 6654== MediaWiki 1.23.15 == 6655 6656This is a maintenance release of the MediaWiki 1.23 branch. 6657 6658=== Changes since 1.23.14 === 6659* BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests 6660 made by MediaWiki via a proxy. Relying on the http_proxy environment 6661 variable is no longer supported. 6662* (T139565) SECURITY: API: Generate head items in the context of the given title 6663* (T137264) SECURITY: XSS in unclosed internal links 6664* (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks 6665* (T133147) SECURITY: Require login to preview user CSS pages 6666* (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is 6667 the top file 6668* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in 6669 permissions 6670* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true 6671* (T115333) SECURITY: Check read permission when loading page content in 6672 ApiParse 6673* Remove support for $wgWellFormedXml = false, all output is now well formed 6674 6675== MediaWiki 1.23.13 == 6676 6677This is a maintenance release of the MediaWiki 1.23 branch. 6678 6679=== Changes since 1.23.12 === 6680* (T121892) Fix fatal errors on some Special pages, introduced in 1.23.12. 6681 6682== MediaWiki 1.23.12 == 6683 6684This is a security and maintenance release of the MediaWiki 1.23 branch. 6685 6686=== Changes since 1.23.11 === 6687* (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths 6688 that do not begin with a slash. This enabled trivial XSS attacks. 6689 Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are 6690 "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an 6691 error. 6692* (T119309) SECURITY: Use hash_compare() for edit token comparison 6693* (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting 6694 with '@' as file uploads 6695* (T115522) SECURITY: Passwords generated by User::randomPassword() can no 6696 longer be shorter than $wgMinimalPasswordLength 6697* (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could 6698 result in improper blocks being issued 6699* (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions 6700 and related pages no longer use HTTP redirects and are now redirected by 6701 MediaWiki 6702 6703== MediaWiki 1.23.11 == 6704 6705This is a security and maintenance release of the MediaWiki 1.23 branch. 6706 6707=== Changes since 1.23.10 === 6708 6709* (T91850) SECURITY: Add throttle check in ApiUpload and SpecialUpload 6710* (T91203, T91205) SECURITY: API: Improve validation in chunked uploading 6711* (T108616) SECURITY: Avoid exposure of local path in PNG thumbnails 6712 6713== MediaWiki 1.23.10 == 6714 6715This is a security and maintenance release of the MediaWiki 1.23 branch. 6716 6717=== Changes since 1.23.9 === 6718 6719* (T94116) SECURITY: Compare API watchlist token in constant time 6720* (T97391) SECURITY: Escape error message strings in thumb.php 6721* (T106893) SECURITY: Don't leak autoblocked IP addresses on 6722 Special:DeletedContributions 6723* (bug 67644) Make AutoLoaderTest handle namespaces 6724* (T91653) Minimal PSR-3 debug logger to support backports from 1.25+. 6725* (T102562) Fix InstantCommons parameters to handle the new HTTPS-only 6726 policy of Wikimedia Commons. 6727 6728== MediaWiki 1.23.9 == 6729 6730This is a security and maintenance release of the MediaWiki 1.23 branch. 6731 6732=== Changes since 1.23.8 === 6733 6734* (T85848, T71210) SECURITY: Don't parse XMP blocks that contain XML entities, 6735 to prevent various DoS attacks. 6736* (T85848) SECURITY: Don't allow directly calling Xml::isWellFormed, to reduce 6737 likelihood of DoS. 6738* (T88310) SECURITY: Always expand xml entities when checking SVG's. 6739* (T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS. 6740* (T85855) SECURITY: Don't execute another user's CSS or JS on preview. 6741* (T85349, T85850, T86711) SECURITY: Multiple issues fixed in SVG filtering to 6742 prevent XSS and protect viewer's privacy. 6743* (bug T68650) Fix indexing of moved pages with PostgreSQL. Requires running 6744 update.php to fix. 6745* (bug T70087) Fix Special:ActiveUsers page for installations using 6746 PostgreSQL. 6747 6748== MediaWiki 1.23.8 == 6749 6750This is a security and maintenance release of the MediaWiki 1.23 branch. 6751 6752=== Changes since 1.23.7 === 6753 6754* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which 6755 could lead to xss. Permission to edit MediaWiki namespace is required to 6756 exploit this. 6757* (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in 6758 $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as 6759 part of its name. 6760* (bug T74222) The original patch for T74222 was reverted as unnecessary. 6761 6762== MediaWiki 1.23.7 == 6763 6764This is a security and maintenance release of the MediaWiki 1.23 branch. 6765 6766=== Changes since 1.23.6 === 6767 6768* (bugs 66776, 71478) SECURITY: User PleaseStand reported a way to inject code 6769 into API clients that used format=php to process pages that underwent flash 6770 policy mangling. This was fixed along with improving how the mangling was done 6771 for format=json, and allowing sites to disable the mangling using 6772 $wgMangleFlashPolicy. 6773* (bug 70901) SECURITY: User Jackmcbarn reported that the ability to update 6774 the content model for a page could allow an unprivileged attacker to edit 6775 another user's common.js under certain circumstances. The user right 6776 "editcontentmodel" was added, and is needed to change a revision's content 6777 model. 6778* (bug 71111) SECURITY: User PleaseStand reported that on wikis that allow raw 6779 HTML, it is not safe to preview wikitext coming from an untrusted source such 6780 as a cross-site request. Thus add an edit token to the form, and when raw HTML 6781 is allowed, ensure the token is provided before showing the preview. This 6782 check is not performed on wikis that both allow raw HTML and anonymous 6783 editing, since there are easier ways to exploit that scenario. 6784* (bug 72222) SECURITY: Do not show log action when the entry is revdeleted with 6785 DELETED_ACTION. NOTICE: this may be reverted in a future release pending a 6786 public RFC about the desired functionality. This issue was reported by user 6787 Bawolff. 6788* (bug 71621) Make allowing site-wide styles on restricted special pages a 6789 config option. 6790* (bug 42723) Added updated version history from 1.19.2 to 1.22.13 6791* $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that 6792 might be a flash policy directive configurable. 6793 6794== MediaWiki 1.23.6 == 6795 6796This is a maintenance release of the MediaWiki 1.23 branch. 6797 6798=== Changes since 1.23.5 === 6799* (Bug 72274) Job queue not running (HTTP 411) due to missing 6800 Content-Length: header 6801* (Bug 67440) Allow classes to be registered properly from installer 6802 6803== MediaWiki 1.23.5 == 6804 6805This is a security release of the MediaWiki 1.23 branch. 6806 6807=== Changes since 1.23.4 === 6808* (bug 70672) SECURITY: OutputPage: Remove separation of css and js module 6809 allowance. 6810 6811== MediaWiki 1.23.4 == 6812 6813This is a security and maintenance release of the MediaWiki 1.23 branch. 6814 6815=== Changes since 1.23.3 === 6816 6817* (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style> 6818 elements; normalize style elements and attributes before filtering; add 6819 checks for attributes that contain css; add unit tests for html5sec and 6820 reported bugs. 6821* (bug 65998) Make MySQLi work with non-standard socket. 6822* (bug 66986) GlobalVarConfig shouldn't throw exceptions for null-valued config 6823 settings. 6824 6825== MediaWiki 1.23.3 == 6826 6827This is a maintenance release of the MediaWiki 1.23 branch. 6828 6829=== Changes since 1.23.2 === 6830 6831* (bug 68501) Correctly handle incorrect namespace in cleanupTitles.php. 6832* (bug 64970) Fix support for blobs on DatabaseOracle::update. 6833* (bug 66574) Display MediaWiki:Loginprompt on the login page. 6834* (bug 67870) wfShellExec() cuts off stdout at multiples of 8192 bytes. 6835* (bug 60629) Handle invalid language code gracefully in 6836 Language::fetchLanguageNames. 6837* (bug 62017) Restore the number of rows shown on Special:Watchlist. 6838* Check for boolean false result from database query in SqlBagOStuff. 6839 6840== MediaWiki 1.23.2 == 6841 6842This is a security and maintenance release of the MediaWiki 1.23 branch. 6843 6844=== Changes since 1.23.1 === 6845 6846* (bug 68187) SECURITY: Prepend jsonp callback with comment. 6847* (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used 6848 for loading a new page in Javascript,instead of relying on the URL in the link 6849 that has been clicked. 6850* (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and 6851 ParserOutput. 6852* (bug 68313) Preferences: Turn stubthreshold back into a combo box. 6853* (bug 65214) Fix initSiteStats.php maintenance script. 6854* (bug 67594) Special:ActiveUsers: Fix to work with PostgreSQL. 6855 6856== MediaWiki 1.23.1 == 6857 6858This is a security and maintenance release of the MediaWiki 1.23 branch. 6859 6860=== Changes since 1.23.0 === 6861 6862* (bug 65839) SECURITY: Prevent external resources in SVG files. 6863* (bug 67025) Special:Watchlist: Don't try to render empty row. 6864* (bug 66922) Don't allow some E_NOTICE messages to end up in the 6865 LocalSettings.php. 6866* (bug 66467) FileBackend: Avoid using popen() when "parallelize" is disabled. 6867* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects 6868 like only extracting the tail of the file partially or not at all. 6869* (bug 66182) Removed -x flag on some php files. 6870 6871== MediaWiki 1.23.0 == 6872 6873=== Configuration changes in 1.23 === 6874* (bug 13250) Restored method for clearing a watchlist in web UI 6875 so that users with large watchlists don't have to perform 6876 contortions to clear them. 6877* When $wgJobRunRate is higher than zero, jobs are now executed via an 6878 asynchronous HTTP request to a MediaWiki entry point. This may require 6879 increasing the number of server worker threads. $wgRunJobsAsync has been 6880 added to disable this feature if needed, falling back to executing the job 6881 on the same process but making the execution synchronously. 6882* $wgDebugLogGroups values may be set to an associative array with a 6883 'destination' key specifying the log destination. The array may also contain 6884 a 'sample' key with a positive integer value N indicating that the log group 6885 should be sampled by dispatching one in every N messages on average. The 6886 sampling is random. 6887* In addition to the current exception log format, MediaWiki now serializes 6888 exception metadata to JSON and logs it to the 'exception-json' log group. 6889 This makes MediaWiki easier to integrate with log aggregation and analysis 6890 tools. 6891* $wgSquidServersNoPurge now supports the use of Classless Inter-Domain 6892 Routing (CIDR) notation to specify contiguous blocks of IPv4 and/or IPv6 6893 addresses that should be trusted to provide X-Forwarded-For headers. 6894* Preferences 'watchcreations', 'watchdefault', 'enotifwatchlistpages' ("Add 6895 pages I create and files I upload to my watchlist", "Add pages and files I 6896 edit to my watchlist", "Email me when a page or file on my watchlist is 6897 changed") are now enabled by default. In addition new user accounts' personal 6898 and talk pages are now watched by them by default. 6899* $wgLBFactoryConf: Class names have had underscores removed. The configuration 6900 should be updated if LBFactory_Simple or LBFactory_Multi is configured. 6901* $wgPasswordSenderName has been removed and is no longer functional. To set a 6902 custom mailer name, the system message 'emailsender' should be modified 6903 (default: "{{SITENAME}}"). 6904* (bug 63269) Email notifications were not correctly handling the 6905 [[MediaWiki:Helppage]] message being set to a full URL (the default). 6906 If you customized [[MediaWiki:Enotif body]] (the text of email notifications), 6907 you'll need to edit it locally to include the URL via the new variable 6908 $HELPPAGE instead of the parser functions fullurl and canonicalurl; otherwise 6909 you don't have to do anything. 6910* $wgDBAhandler was removed as the only class using it was also removed 6911* The 'max threads' setting was removed from $wgDBservers. 6912* Support for AdminSettings.php has been completely removed. All configuration 6913 belongs in LocalSettings.php. 6914* $wgSkipSkin, which has been replaceable by $wgSkipSkins since 2005 (r9249), is 6915 now formally deprecated. 6916* Removed deprecated $wgDisabledActions as it is hardly used anywhere. 6917* $wgRateLimitLog has been deprecated and replaced by 6918 $wgDebugLogGroup['ratelimit']. 6919* $wgLocalInterwikis is an array containing multiple local interwiki prefixes 6920 (interwiki prefixes that point back to the current wiki). This effectively 6921 allows more than one value of $wgLocalInterwiki to be specified and 6922 understood by the parser. The value of $wgLocalInterwiki is automatically 6923 prepended to the start of this array. 6924* $wgQueryPages has been removed. Query Pages should be added to by using the 6925 wgQueryPages hook. 6926* $wgHttpOnlyBlacklist has been removed. 6927* $wgLicenseTerms has been removed as it was unused. 6928* $wgProfileOnly is now deprecated; set the log file in 6929 $wgDebugLogGroups['profileoutput'] to replace it. 6930* $wgMaxBacklinksInvalidate was removed; use $wgJobBackoffThrottling instead 6931* Deprecated ResourceLoaderGetStartupModules hook. 6932 6933=== New features in 1.23 === 6934* ResourceLoader can utilize the Web Storage API to cache modules client-side. 6935 Compared to the browser cache, caching in Web Storage allows ResourceLoader 6936 to be more granular about evicting stale modules from the cache while 6937 retaining the ability to retrieve multiple modules in a single HTTP request. 6938 This capability can be enabled by setting $wgResourceLoaderStorageEnabled to 6939 true. This feature is currently considered experimental and should only be 6940 enabled with care. 6941* (bug 6092) Add expensive parser functions {{REVISIONID:}}, {{REVISIONUSER:}} 6942 and {{REVISIONTIMESTAMP:}} (with friends). 6943* Add "wgRelevantUserName" to mw.config containing the current 6944 Skin::getRelevantUser value. 6945* (bug 56033) Add content model to the page information. 6946* Added Article::MissingArticleConditions hook to give extensions a chance to 6947 hide their (unrelated) log entries. 6948* Added LonelyPagesQuery hook to let extensions modify the query used to 6949 generate Special:LonelyPages. 6950* Added $wgOpenSearchDefaultLimit defining the default number of entries to show 6951 on action=opensearch API call. 6952* For namespaces with $wgNamespaceProtection (including the MediaWiki 6953 namespace), the "protect" tab will be shown only if there are restriction 6954 levels available that would restrict editing beyond what 6955 $wgNamespaceProtection already applies. The protection form will offer only 6956 those protection levels. 6957* Added $wgAPIFormatModules, allowing extensions to add additional output 6958 formatting modules for the API. 6959* (bug 47812) The MediaWiki:Group-user.{css,js} pages can now be used to add 6960 custom CSS or JavaScript enabled only for registered users. 6961* (bug 52005) Special pages RecentChanges, RecentChangesLinked and Watchlist 6962 now include a legend describing the symbols used in lists of changes. 6963* Improved the accessibility of the tabs in Special:Preferences. 6964* Added ApiBeforeMain hook, roughly equivalent to the BeforeInitialize hook: 6965 it's called after everything is set up but before any major processing 6966 happens. 6967* The jquery.client module now performs a component-wise version comparison in 6968 its #test method when strings are used in the browser map: version '1.10' is 6969 now correctly considered larger than '1.2'. Using numbers in the version map 6970 is not affected. 6971* All API modules now support an assert parameter, which can either be 6972 'user' or 'bot'. The API will throw an error if the user is not logged 6973 in (user) or does not have the 'bot' userright (bot). Based off of the 6974 AssertEdit extension by Steve Sanbeg. 6975* [[Special:Diff]] was added, allowing users to create internal links to 6976 revision comparison pages using syntax such as [[Special:Diff/12345]], 6977 [[Special:Diff/12345/prev]] or [[Special:Diff/12345/98765]]. 6978* New user accounts' personal and talk pages are now watched by them by default. 6979* Added SkinTemplateGetLanguageLink hook to allow changing the html of language 6980 links. 6981* Added MessageCache::get hook as a new way to customize messages across 6982 multiple sites. 6983* Added jquery.throttle-debounce ResourceLoader module to limit the number of 6984 callbacks for frequently occurring events. 6985* Special:ProtectedPages shows now a table. The timestamp, the reason and 6986 the protecting user are also shown. 6987* Added experimental support for using Microsoft SQL Server as the database 6988 backend. 6989** Added new Microsoft SQL Server-specific configuration variable 6990 $wgDBWindowsAuthentication, which makes the web server authenticate against 6991 the database server using Integrated Windows Authentication instead of 6992 $wgDBuser/$wgDBpassword. 6993* HTMLForm 'select', 'selectandother', 'selectorother', 'multiselect', and 6994 'radio' fields can now use message keys as labels via the 'options-messages' 6995 parameter, which overrides the 'options' parameter. 6996* Admins can expire users passwords manually, or on a schedule using the 6997 $wgPasswordExpirationDays configuration setting. 6998* Add new hook SendWatchlistEmailNotification, this will be used to determine 6999 whether to send a watchlist email notification. 7000* (bug 42026) Special:Contributions now includes an option to filter page 7001 creations, similar to the topOnly option. 7002* Add mediawiki.ui.button styling to all pages so wiki content can use styled 7003 buttons. 7004* Special:UserLogin/signup now does AJAX checks for invalid and taken usernames, 7005 displaying the error live. 7006* Added BaseTemplateAfterPortlet hook to allow injecting html after portlets in 7007 skins. 7008* Support has been added for a JSON based localisation file format. The 7009 installer has been updated to use it. 7010* Changes to content typography (colors, line-height etc.). See 7011 https://www.mediawiki.org/wiki/Typography_refresh for further information. 7012* The Vector skin's visual treatment of external links has been simplified to a 7013 single icon (from nine). This should not affect local rules unless they were 7014 re-using these icons, which have now been deleted. 7015* ResourceLoader: mw.loader.using() now implements a Promise interface. 7016* Add new hook ChangesListInitRows accessed via 7017 ChangesList::initChangesListRows. 7018 If called by the ChangesList consumer this gives extensions a chance to batch 7019 process the result set prior to rendering. 7020* A PoolCounterRedis class was added which can be make use of in 7021 $wgPoolCounterConf. This requires at least one Redis 2.6+ server. 7022* $wgProfileToDatabase was removed. Set $wgProfiler to ProfilerSimpleDB 7023 in StartProfiler.php instead of using this. 7024* (bug 63444) Made it possible to change the indent string (default: 4 spaces) 7025 used by FormatJson::encode(). 7026 7027=== Bug fixes in 1.23 === 7028* (bug 41759) The "updated since last visit" markers (on history pages, recent 7029 changes and watchlist) and the talk page message indicator are now correctly 7030 updated when the user is viewing old revisions of pages, instead of always 7031 acting as if the latest revision was being viewed. 7032* (bug 56443) Special:ConfirmEmail no longer shows a "Mail a confirmation code" 7033 when the email address is already confirmed. Also, consistently use 7034 "confirmed", rather than "authenticated", when messaging whether or not the 7035 user has confirmed an email address. 7036* (bug 19415) action=render no longer shows section edit links. This affects 7037 behavior of several other features where (bogus) section edit links will 7038 disappear, such as file description pages loaded via $wgUseInstantCommons or 7039 pages transcluded cross-wiki via $wgEnableScaryTranscluding. 7040* (bug 56912) Show correct link color on cached result of Special:DeadendPages. 7041* Classes TitleListDependency and TitleDependency have been removed, as they 7042 have been found unused in core and extensions for a long time. 7043* (bug 57098) SpecialPasswordReset now obeys returnto parameter 7044* (bug 37812) ResourceLoader will notice when a module's definition changes and 7045 recompile it accordingly. 7046* (bug 57201) SpecialRecentChangesFilters hook is now executed for feeds. 7047* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages 7048 to appear blank or with missing text. 7049* (bug 56931) Updated the plural rules to CLDR 24. They are in new format 7050 which is detailed in UTS 35 Rev 33. The PHP parser and evaluator as well as 7051 the JavaScript evaluator were updated to support the new format. Plural rules 7052 for some languages have changed, most notably Russian. Affected software 7053 messages have been updated and marked for review at translatewiki.net. 7054* (bug 23542) imagelinks now stores both the redirect and target (as 7055 templatelinks does). 7056* (bug 58167) The web installer no longer throws an exception when PHP is 7057 compiled without support for MySQL yet with support for another DBMS. 7058* (bug 56199) Raw option of parser functions must now match complete word, 7059 to take effect. 7060* (bug 60543) Special:PrefixIndex forgot stripprefix=1 for "Next page" link 7061* (bug 29762) Undoing an already-undone edit will now display an appropriate 7062 message instead of leading the user to make a null edit. 7063* (bug 52659) mediawiki.notification: Notification area remained visible when 7064 empty and thus was stealing pointer events from links on the page. 7065* (bug 26811) When a DBUnexpectedError occurs, DB server hostnames are now 7066 hidden unless $wgShowExceptionDetails is true, and $wgShowDBErrorBacktrace 7067 no longer applies in such cases. 7068* (bug 60960) Avoid doing file_exist() checks on data: URIs, as they cause 7069 warnings to be printed on Windows due to large path length. 7070* (bug 48084) Fixed a bug in the installer that could cause $wgLogo to hold 7071 the wrong path to the placeholder logo (skins/common/images/wiki.png). 7072* (bug 64289) jquery.textSelection: Don't throw errors on empty collections. 7073 7074=== Web API changes in 1.23 === 7075* (bug 54884) action=parse&prop=categories now indicates hidden and missing 7076 categories. 7077* action=query&meta=filerepoinfo now returns additional information for each 7078 repo. 7079* action=parse&prop=languageshtml was deprecated in 1.18 and will be removed in 7080 MediaWiki 1.24. 7081* action=parse now has disabletoc flag to disable table of contents in output. 7082* (bug 25702) list=allcategories, list=allimages, list=alllinks, list=allpages, 7083 list=deletedrevs and list=filearchive did not handle case-sensitivity 7084 properly for all parameters. 7085* ApiQueryBase::titlePartToKey allows an extra parameter that indicates the 7086 namespace in order to properly capitalize the title part. 7087* (bug 57874) action=feedcontributions no longer has one item more than limit. 7088* All API modules now support an assert parameter. See the new features section 7089 for more details. 7090* Added prop=contributors to fetch the list of contributors to the page. 7091* The following API modules will now return entries where fields have been 7092 revision-deleted: list=deletedrevs, list=filearchive, list=recentchanges, 7093 list=watchlist. "hidden" indicators will be included, in the same style as is 7094 already done for prop=revisions. 7095* The following API modules will now return the content of revision-deleted 7096 fields, in addition to the "hidden" indicators, if the querying user has the 7097 necessary rights: list=logevents, list=usercontribs, prop=imageinfo, 7098 prop=revisions. 7099* The above modules, where applicable, will now return entries filtered by 7100 revision-deleted fields if the querying user has the necessary rights. For 7101 example, prop=revisions with rvuser or rvexcludeuser will no longer skip 7102 revisions where the user was revision-deleted if the current user has the 7103 deletedhistory right. 7104* The 'hideuser' right, used when blocking, is no longer necessary or 7105 sufficient for seeing contributions with revision-deleted in 7106 list=usercontribs. 7107* list=watchlist now uses the querying user's rights rather than the wlowner's 7108 rights when checking whether wlprop=patrol is allowed. 7109* (bug 32151) ApiWatch now has pageset capabilities (titles/pageids/generators). 7110 Title parameter is now deprecated. 7111* (bug 23005) Added action=revisiondelete. 7112* Added siprop=restrictions to API action=query&meta=siteinfo for querying 7113 possible page restriction (protection) levels and types. 7114* Added prop 'limitreportdata' and 'limitreporthtml' to action=parse. 7115* (bug 58627) Provide language names on action=parse&prop=langlinks. 7116* Deprecated llurl= in favour of llprop=url for action=query&prop=langlinks. 7117* Added llprop=langname and llprop=autonym for action=query&prop=langlinks. 7118* prop=redirects is added, to return redirects to the pages in the query. 7119* list=allredirects is added, to list all redirects pointing to a namespace. 7120* (bug 42026) Added ucshow={new,!new,top,!top} to list=usercontribs. 7121 Also added newonly to action=feedcontributions. 7122* (bug 42026) Deprecated uctoponly in favor of ucshow=top. 7123* list=search no longer has a "srredirects" parameter. Redirects are now 7124 included in all searches. 7125* Added list=prefixsearch that works like action=opensearch but can be used as 7126 a generator. 7127* (bug 24782) Various modules will now use unique continuation parameters. 7128* (bug 63249) Cache RecentChanges Atom feed in varnish for 15 seconds. 7129 7130=== Languages updated in 1.23 === 7131 7132MediaWiki supports over 350 languages. Many localisations are updated 7133regularly. Below only new and removed languages are listed, as well as 7134changes to languages because of Bugzilla reports. 7135 7136* Support was added for Algerian Spoken Arabic (arq). 7137* Support was added for Riograndenser Hunsrückisch (hrx). 7138* Support was added for Northern Luri (lrc). 7139 7140=== Other changes in 1.23 === 7141* The rc_type field in the recentchanges table has been superseded by a new 7142 rc_source field. The rc_source field is a string representation of the 7143 change type where rc_type was a numeric constant. This field is not yet 7144 queried but will be in a future release. 7145** Utilize update.php to create and populate this new field. On larger wikis 7146 which do not wish to update recentchanges table in one large update please 7147 review the SQL and comments in maintenance/archives/patch-rc_source.sql. 7148** The rc_type field of recentchanges will be deprecated in a future release. 7149* The global variable $wgArticle has been removed after a lengthy deprecation. 7150* The global functions addButton and insertTags (for mw.toolbar.addButton and 7151 mw.toolbar.insertTags) now emits mw.log.warn when accessed. 7152* The ExpandTemplates extension has been moved into MediaWiki core. 7153* (bug 52812) Removed "Disable search suggestions" from Preference. 7154* (bug 52809) Removed "Disable browser page caching" from Preference. 7155* Three new modules intended for use by custom skins were added: 7156 'mediawiki.skinning.elements', 'mediawiki.skinning.content', and 7157 'mediawiki.skinning.interface', representing three levels of standard 7158 MediaWiki styling. Previously skin creators wishing to use them had to refer 7159 to the file names of appropriate files directly, which is now discouraged. 7160* The modules 'skins.vector' and 'skins.monobook' have been renamed to 7161 'skins.vector.styles' and 'skins.monobook.styles', respectively, 7162 and their definition was changed not to include the common*.css files; 7163 the two skins now load the 'mediawiki.skinning.interface' module instead. 7164* A page_links_updated field has been added to the page table. 7165* SpecialPage::getTitle has been deprecated in favor of 7166 SpecialPage::getPageTitle. 7167* BREAKING CHANGE: Two potentially backwards-incompatible changes have been made 7168 to the 'SpecialWatchlistQuery' hook's last parameter (array $values) to make 7169 the hook more consistent with the 'SpecialRecentChangesQuery' one: 7170** Several array keys have been renamed: hideMinor → hideminor, 7171 hideBots → hidebots, hideAnons → hideanons, hideLiu → hideliu, 7172 hidePatrolled → hidepatrolled, hideOwn → hidemyself. 7173** The parameter value is now a FormOptions object, not a plain array (array 7174 access operators should continue to work, as it implements the ArrayAccess 7175 interface). 7176* Option to mark hooks as deprecated has been added. 7177* (bug 52811) Preference "Enable section editing via [edit] links" was removed. 7178* (bug 52813) Preference "Show table of contents (for pages with more than 7179 3 headings)" was removed. 7180* (bug 52810) Preference "Justify paragraphs" was removed. 7181* OutputPage::showErrorPage raises a notice if arguments are incoherent. 7182* Thumbnails that keep failing to render in thumb.php will be rate-limited 7183 against further render attempts for 1 hour. $wgAttemptFailureEpoch can be 7184 altered to reset all rate-limited thumbnails at once. 7185* (bug 56572) Builds of the OOjs and OOjs UI libraries are now available. 7186* mw.loader.go and mw.loader.version have been removed. 7187* (bug 52815) Preference "Enable simplified search bar (Vector skin only)" 7188 was removed. 7189* A user_password_expires column has been added to the user table. The User 7190 object expects this column to exist. Use update.php to create this new field. 7191* The jquery.delayedBind ResourceLoader module was deprecated in favor of the 7192 jquery.throttle-debounce module. It will be removed in MediaWiki 1.24. 7193* mw.user.bucket has been deprecated. 7194* On Special:PrefixIndex, a table#mw-prefixindex-list-table was changed to 7195 table.mw-prefixindex-list-table to avoid duplicate ids when the special page 7196 is transcluded. 7197* (bug 62198) window.$j has been deprecated. 7198* Preference "Disable link title conversion" was removed. 7199* SpecialRecentChanges no longer includes any functionality for generating feeds 7200 - it has been factored out to ApiFeedRecentChanges. Old URLs redirect to new 7201 ones. 7202* RecentChange::mExtra['lang'] is no longer set and should no longer be used. 7203 Extensions should read from other configuration variables, including 7204 $wgLocalInterwikis, to identify the current wiki. 7205* Sections in the parser test framework have been renamed and the old 7206 section names are deprecated. Please use "!!wikitext" and "!!html" 7207 (or "!!html/php") instead of "!!input" and "!!result". This allows 7208 us to extend parser tests to accommodate additional input/output 7209 pairs, such as "!!html/parsoid" (for the output of the Parsoid 7210 parser, where it differs from the PHP parser). 7211* Special:Search no longer has an "include redirects" option on the advanced 7212 tab. Redirects are now included in all searches. 7213* mediawiki.api.category's getCategories() 'async' parameter was deprecated. 7214* The locations of resources have been split between upstream libraries, now in 7215 resources/lib/, local libaries in resources/src/, and local forks of upstream 7216 libraries, also in resources/src/. 7217* BREAKING CHANGE: The automatically-generated function closure with which 7218 ResourceLoader wraps all modules' JavaScript code now binds the identifier 7219 names 'jQuery' and '$' to the jQuery object of the version of jQuery that is 7220 bundled with MediaWiki. If you bind these names to other objects in global 7221 scope (like Zepto.js or document.querySelectorAll, for example) you will need 7222 to use different names to or re-bind them at the top of each 7223 ResourceLoader-loaded module. 7224* (bug 52342) Preference "Remember my login" was removed. 7225* The skin autodiscovery mechanism has been deprecated and will be removed in 7226 MediaWiki 1.25. See https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery 7227 for migration guide for creators and users of custom skins that relied on it. 7228 7229==== Removed classes ==== 7230* FakeMemCachedClient (deprecated in 1.18) 7231* RdfMetaData (unused) 7232* TitleDependency (unused) 7233* TitleListDependency (unused) 7234* WikiError (deprecated in 1.17) 7235* WikiXmlError (deprecated in 1.17) 7236* WikiErrorMsg (deprecated in 1.17) 7237 7238==== Renamed classes ==== 7239* CdbReader_DBA to CdbReaderDBA 7240* CdbReader_PHP to CdbReaderPHP 7241* CdbWriter_DBA to CdbWriterDBA 7242* CdbWriter_PHP to CdbWriterPHP 7243* DiffOp_Add to DiffOpAdd 7244* DiffOp_Change to DiffOpChange 7245* DiffOp_Copy to DiffOpCopy 7246* DiffOp_Delete to DiffOpDelete 7247* HWLDF_WordAccumulator to HWLDFWordAccumulator 7248* LBFactory_Fake to LBFactoryFake 7249* LBFactory_Multi to LBFactoryMulti 7250* LBFactory_Simple to LBFactorySimple 7251* LBFactory_Single to LBFactorySingle 7252* LCStore_Accel to LCStoreAccel 7253* LCStore_CDB to LCStoreCDB 7254* LCStore_DB to LCStoreDB 7255* LCStore_Null to LCStoreNull 7256* LoadBalancer_Single to LoadBalancerSingle 7257* LoadMonitor_MySQL to LoadMonitorMySQL 7258* LoadMonitor_Null to LoadMonitorNull 7259* LocalisationCache_BulkLoad to LocalisationCacheBulkLoad 7260* csvStatsOutput to CsvStatsOutput 7261* extensionLanguages to ExtensionLanguages 7262* languages to Languages 7263* statsOutput to StatsOutput 7264* textStatsOutput to TextStatsOutput 7265* wikiStatsOutput to WikiStatsOutput 7266 7267==== Removed methods ==== 7268* ApiBase::getValidNamespaces() (deprecated in 1.17) 7269* ApiMain::setCachePrivate() (deprecated in 1.17) 7270* ApiMain::setVaryCookie (deprecated in 1.17) 7271* Article::doRedirect() (deprecated in 1.18) 7272* Article::doUnwatch() (deprecated in 1.18) 7273* Article::doWatch() (deprecated in 1.18) 7274* Article::forUpdate() (deprecated in 1.18) 7275* Article::markpatrolled() (deprecated in 1.18) 7276* Article::unwatch() (deprecated in 1.18) 7277* Article::watch() (deprecated in 1.18) 7278* Block::clear() (deprecated in 1.18) 7279* Block::decodeExpiry() (deprecated in 1.18) 7280* Block::encodeExpiry() (deprecated in 1.18) 7281* Block::forUpdate() (deprecated in 1.18) 7282* Block::infinity() (deprecated in 1.18) 7283* Block::load() (deprecated in 1.18) 7284* Block::newFromDB() (deprecated in 1.18) 7285* Block::normaliseRange() (deprecated in 1.18) 7286* Block::parseExpiryInput() (deprecated in 1.18) 7287* CategoryViewer::addSubcategory() (deprecated in 1.17) 7288* EditPage::spamPage() (deprecated since 1.17) 7289* Exif::getFormattedData() (deprecated in 1.18) 7290* Exif::makeFormattedData() (deprecated in 1.18) 7291* in_string (deprecated in 1.21) 7292* Language::convertLinkToAllVariants() (deprecated in 1.17) 7293* LanguageConverter::convertLinkToAllVariants() (deprecated in 1.17) 7294* Linker::makeBrokenLink() (deprecated in 1.16) 7295* Linker::makeBrokenLinkObj() (deprecated in 1.16) 7296* Linker::makeColouredLinkObj() (deprecated in 1.16) 7297* Linker::makeSizeLinkObj() (deprecated in 1.17) 7298* MediaWiki::articleFromTitle() (deprecated in 1.18) 7299* ParserOptions::getkin() (deprecated 1.18) 7300* ProfilerSimple::getCpuTime (deprecated in 1.20) 7301* Revision::revText() (deprecated in 1.17) 7302* SkinTemplate::jstext() (deprecated in 1.21) 7303* SpecialPage::__call() (deprecated in 1.17) 7304* SpecialPage::executePath() (deprecated in 1.18) 7305* SpecialPage::exists() (deprecated in 1.18) 7306* SpecialPage::file() (deprecated in 1.18) 7307* SpecialPage::func() (deprecated in 1.18) 7308* SpecialPage::getGroup() (deprecated in 1.18) 7309* SpecialPage::getPage() (deprecated in 1.18) 7310* SpecialPage::getPageByAlias() (deprecated in 1.18) 7311* SpecialPage::getLocalNameFor() (deprecated in 1.18) 7312* SpecialPage::getRegularPages() (deprecated in 1.18) 7313* SpecialPage::getRestrictedPages() (deprecated in 1.18) 7314* SpecialPage::getTitleForAlias() (deprecated in 1.18) 7315* SpecialPage::getUsablePages() (deprecated in 1.18) 7316* SpecialPage::includable() (deprecated in 1.18) 7317* SpecialPage::init() 7318* SpecialPage::initAliasList() (deprecated in 1.18) 7319* SpecialPage::initList() (deprecated in 1.18) 7320* SpecialPage::name() (deprecated in 1.18) 7321* SpecialPage::removePage() (deprecated in 1.18) 7322* SpecialPage::resolveAlias() (deprecated in 1.18) 7323* SpecialPage::resolveAliasWithSubpage() (deprecated in 1.18) 7324* SpecialPage::restriction() (deprecated in 1.18) 7325* SpecialPage::setGroup() (deprecated in 1.18) 7326* SpecialRecentChanges::feedSetup() 7327* SpecialRevisionDelete::extractBitField() (deprecated in 1.22) 7328* User::getPageRenderingHash() (deprecated in 1.17) 7329* WebRequest::getFileSize() (deprecated in 1.17) 7330* WebRequest::isPathInfoBad() (deprecated in 1.17) 7331* wfGenerateToken (deprecated in 1.20) 7332* wfStreamFile (deprecated in 1.19) 7333* wfUILang (deprecated in 1.18) 7334* WikiPage::createUpdates() (deprecated in 1.18) 7335* WikiPage::quickEdit() (deprecated in 1.18) 7336* WikiPage::useParserCache() (deprecated in 1.18) 7337* WikiPage::viewUpdates() (deprecated in 1.18) 7338 7339==== Removed globals ==== 7340* $wgBetterDirectionality (deprecated in 1.18) 7341 7342= MediaWiki 1.22 = 7343 7344== MediaWiki 1.22.15 == 7345 7346This is a security and maintenance release of the MediaWiki 1.22 branch. 7347 7348=== Changes since 1.22.14 === 7349 7350* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which 7351 could lead to xss. Permission to edit MediaWiki namespace is required to 7352 exploit this. 7353* (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in 7354 $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as 7355 part of its name. 7356* (bug T74222) The original patch for T74222 was reverted as unnecessary. 7357 7358== MediaWiki 1.22.14 == 7359 7360This is a security and maintenance release of the MediaWiki 1.22 branch. 7361 7362=== Changes since 1.22.13 === 7363 7364* (bugs 66776, 71478) SECURITY: User PleaseStand reported a way to inject code 7365 into API clients that used format=php to process pages that underwent flash 7366 policy mangling. This was fixed along with improving how the mangling was done 7367 for format=json, and allowing sites to disable the mangling using 7368 $wgMangleFlashPolicy. 7369* (bug 70901) SECURITY: User Jackmcbarn reported that the ability to update 7370 the content model for a page could allow an unprivileged attacker to edit 7371 another user's common.js under certain circumstances. The user right 7372 "editcontentmodel" was added, and is needed to change a revision's content 7373 model. 7374* (bug 72222) SECURITY: Do not show log action when the entry is revdeleted with 7375 DELETED_ACTION. NOTICE: this may be reverted in a future release pending a 7376 public RFC about the desired functionality. This issue was reported by user 7377 Bawolff. 7378* (bug 71621) Make allowing site-wide styles on restricted special pages a 7379 config option. 7380* $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that 7381 might be a flash policy directive configurable. 7382 7383== MediaWiki 1.22.13 == 7384This is a maintenance release of the MediaWiki 1.22 branch. 7385 7386=== Changes since 1.22.12 === 7387* (bug 67440) Allow classes to be registered properly from installer 7388 7389== MediaWiki 1.22.12 == 7390This is a security release of the MediaWiki 1.22 branch. 7391 7392=== Changes since 1.22.11 === 7393* (bug 70672) SECURITY: OutputPage: Remove separation of css and js module 7394 allowance. 7395 7396== MediaWiki 1.22.11 == 7397This is a security release of the MediaWiki 1.22 branch. 7398 7399=== Changes since 1.22.10 === 7400* (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style> 7401 elements; normalize style elements and attributes before filtering; add checks 7402 for attributes that contain css; add unit tests for html5sec and reported 7403 bugs. 7404 7405== MediaWiki 1.22.10 == 7406This is a maintenance release of the MediaWiki 1.22 branch. 7407 7408=== Changes since 1.22.9 === 7409* (bug 64970) Fix support for blobs on DatabaseOracle::update 7410* (bug 60719) In MediaWiki 1.22, the job queue execution on each page request 7411 was changed (Gerrit change 59797) so, instead of executing the job inside the 7412 same PHP process that's rendering the page, a new PHP cli command is spawned 7413 to execute runJobs.php in the background. It will only work if $wgPhpCli is 7414 set to an actual path or safe mode is off, otherwise, the old method will be 7415 used. See 7416 https://www.mediawiki.org/wiki/Manual:Job_queue#Changes_in_MediaWiki_1.22 7417 for more information. This change was in earlier releases of 1.22 but was not 7418 noted here until now. 7419 7420== MediaWiki 1.22.9 == 7421This is a security and maintenance release of the MediaWiki 1.22 branch. 7422 7423=== Changes since 1.22.8 === 7424* (bug 68187) SECURITY: Prepend jsonp callback with comment. 7425* (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used 7426 for loading a new page in Javascript,instead of relying on the URL in the 7427 link that has been clicked. 7428* (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and 7429 ParserOutput. 7430* (bug 59147) The img_metadata field was not being decoded from bytea into text. 7431 7432== MediaWiki 1.22.8 == 7433This is a security and maintenance release of the MediaWiki 1.22 branch. 7434 7435=== Changes since 1.22.7 === 7436* (bug 65839) SECURITY: Prevent external resources in SVG files. 7437* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like 7438 only extracting the tail of the file partially or not at all. 7439 7440== MediaWiki 1.22.7 == 7441This is a security and maintenance release of the MediaWiki 1.22 branch. 7442 7443=== Changes since 1.22.6 === 7444* (bug 65501) SECURITY: Don't parse usernames as wikitext on 7445 Special:PasswordReset. 7446* (bug 36356) Add space between two feed links. 7447* (bug 63269) Email notifications were not correctly handling the 7448 MediaWiki:Helppage message being set to a full URL. This is a regression from 7449 the 1.22.5 point release, which made the default value for it a URL. If you 7450 customized MediaWiki:Enotif body (the text of email notifications), you'll 7451 need to edit it locally to include the URL via the new variable $HELPPAGE 7452 instead of the parser functions fullurl and canonicalurl; otherwise you don't 7453 have to do anything. 7454* Add missing uploadstash.us_props for PostgreSQL. 7455* (bug 56047) Fixed stream wrapper in PhpHttpRequest. 7456 7457== MediaWiki 1.22.6 == 7458This is a security release of the MediaWiki 1.22 branch. 7459 7460=== Changes since 1.22.5 === 7461* (bug 63251) SECURITY: Escape sortKey in pageInfo. 7462 7463== MediaWiki 1.22.5 == 7464This is a security and maintenance release of the MediaWiki 1.22 branch. 7465 7466=== Changes since 1.22.4 === 7467* (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword. 7468* (bug 62467) Set a title for the context during import on the cli. 7469* Fix custom local MediaWiki:Helppage values. 7470* mediawiki.js: Fix documentation breakage. 7471* (bug 58153) Make MySQLi work with non standard port. 7472* (bug 53887) Reintroduced a link to help pages in the default sidebar, that any 7473 sysop can customize by editing MediaWiki:Sidebar locally. The link now points 7474 to a mediawiki.org page which is guaranteed to exist. Nothing needs to be done 7475 on your end, but remember to adjust MediaWiki:Sidebar for the needs of your 7476 wikis. Everyone can help with the shared documentation by translating: 7477 https://www.mediawiki.org/wiki/Special:Translate/agg-Help_pages . 7478* (bug 53888) Corrected a regression in 1.22 which introduced red links on the 7479 login page. If you previously installed 1.22.x and have created a local page 7480 to make the red link blue, write its title as in MediaWiki:helplogin-url if 7481 you didn't already. Otherwise, you don't need to do anything, but you can 7482 translate the help page at <https://www.mediawiki.org/wiki/Help:Logging_in>. 7483 7484== MediaWiki 1.22.4 == 7485This is a maintenance release of the MediaWiki 1.22 branch. 7486 7487=== Changes since 1.22.3 === 7488* Use the correct branch of the extensions' git repositories. 7489 7490== MediaWiki 1.22.3 == 7491This is a security and bugfix release of the MediaWiki 1.22 branch. 7492 7493=== Changes since 1.22.2 === 7494* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted 7495 namespaces. Also disallow iframe elements. * User will get an error including 7496 the namespace name if they use a non- whitelisted namespace. 7497* (bug 61346) SECURITY: Make token comparison use constant time. It seems like 7498 our token comparison would be vulnerable to timing attacks. This will take 7499 constant time. 7500* (bug 61362) SECURITY: API: Don't find links in the middle of api.php links. 7501* (bug 53710) Add sequence support for upsert in DatabaseOracle in the same way 7502 as in selectInsert 7503* (bug 60231, bug 58719) Various fixes to job running code in Wiki.php: Make it 7504 async on Windows. Fixed possible "invalid filename" errors on Windows. 7505 Redirect output to dev/null to avoid hanging PHP. 7506* (bug 60083) Correct sequence name for fresh Postgres installation. Spotted by 7507 gebhkla 7508* (bug 60531) Avoid variable naming conflicts in 7509 DatabasePostgres::selectSQLText. Spotted by gebhkla 7510* (bug 60094) Fix rebuildall.php fatal error with PostgreSQL. 7511* (bug 43817) Add error handling if descriptionmsg isn't defined for extension. 7512* (bug 60543) Special:PrefixIndex omits stripprefix=1 for "Next page" link. 7513 7514== MediaWiki 1.22.2 == 7515This is a security and bugfix release of the MediaWiki 1.22 branch. 7516 7517=== Changes since 1.22.1 === 7518* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media 7519 formats 7520* (bug 58253) Check for very old PCRE versions in installer and updater 7521* (bug 60054) Make WikiPage::$mPreparedEdit public 7522 7523== MediaWiki 1.22.1 == 7524This is a security and maintenance release of the MediaWiki 1.22 branch. 7525 7526=== Changes since 1.22.0 === 7527* (bug 57550) SECURITY: Disallow stylesheets in SVG Uploads 7528* (bug 58088) SECURITY: Don't normalize U+FF3C to \ in CSS Checks 7529* (bug 58472) SECURITY: Disallow -o-link in styles 7530* (bug 58553) SECURITY: Return error on invalid XML for SVG Uploads 7531* (bug 58699) SECURITY: Fix RevDel log entry information leaks 7532* (bug 58178) Restore compatibility with curl < 7.16.2. 7533* (bug 56931) Updated the plural rules to CLDR 24. They are in new format which 7534 is detailed in UTS 35 Rev 33. The PHP parser and evaluator as well as the 7535 JavaScript evaluator were updated to support the new format. Plural rules for 7536 some languages have changed, most notably Russian. Affected software messages 7537 have been updated and marked for review at translatewiki.net. This change is 7538 backported from the development branch of MediaWiki 1.23. 7539* (bug 58434) The broken installer for database backend Oracle was fixed. 7540* (bug 58167) The web installer no longer throws an exception when PHP is 7541 compiled without support for MySQL yet with support for another DBMS. 7542* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to 7543 appear blank or with missing text. 7544* (bug 47055) Changed FOR UPDATE handling in Postgresql 7545* (bug 57026) Avoid extra parsing in prepareContentForEdit() 7546 7547== MediaWiki 1.22.0 == 7548 7549=== Configuration changes in 1.22 === 7550* $wgRedirectScript was removed. It was unused. 7551* Removed $wgLocalMessageCacheSerialized, it is now always true. 7552* $wgVectorUseIconWatch is now enabled by default. 7553* $wgCascadingRestrictionLevels was added. 7554* ftps, ssh, sftp, xmpp, sip, sips, tel, sms, bitcoin, magnet, urn, and geo 7555 have been whitelisted inside of $wgUrlProtocols. 7556* $wgDocType and $wgDTD have been removed and are no longer used for the 7557 DOCTYPE. 7558* $wgHtml5 is no longer used by core. Setting it to false will no longer disable 7559 HTML5. It is still set to true for extension compatibility but doing so in 7560 extensions is deprecated. 7561* $wgXhtmlDefaultNamespace is no longer used by core. Setting it will no longer 7562 change the xmlns used by MediaWiki. Reliance on this variable by extensions 7563 is deprecated. 7564* $wgHandheldStyle was removed. 7565* $wgHandheldForIPhone was removed. 7566* $wgJsMimeType is no longer used by core. Most usage has been removed since 7567 HTML output is now exclusively HTML5. 7568* $wgDBOracleDRCP added. True enables persistent connection with DRCP on Oracle. 7569* $wgLogAutopatrol added to allow disabling logging of autopatrol edits in the 7570 logging table. 7571 Default for $wgLogAutopatrol is true. 7572* The 'edit' right no longer allows for editing a user's own CSS and JS. 7573* New rights 'editmyusercss', 'editmyuserjs', 'viewmywatchlist', 7574 'editmywatchlist', 'viewmyprivateinfo', 'editmyprivateinfo', and 7575 'editmyoptions' restrict actions that were formerly allowed by default. They 7576 have been added to the default for $wgGroupPermissions['*']. 7577* The 'editprotected' right no longer allows bypassing of all page protection 7578 restrictions. Any group using it for this purpose will now need to have all 7579 the individual rights listed in $wgRestrictionTypes for the same effect. 7580* The 'protect' and 'autoconfirmed' rights are no longer used for the default 7581 page protection levels. The rights 'editprotected' and 'editsemiprotected' 7582 are now used for this purpose instead. 7583* (bug 40866) wgOldChangeTagsIndex removed. 7584* $wgNoFollowDomainExceptions now only matches entire domains. For example, 7585 an entry for 'bar.com' will still match 'foo.bar.com' but not 'foobar.com'. 7586* $wgCopyUploadTimeout and $wgCopyUploadAsyncTimeout added to change the timeout 7587 times for fetching the file during upload by url. 7588* New key added to $wgGalleryOptions - $wgGalleryOptions['mode'] to set 7589 default gallery mode. 7590* New hook 'GalleryGetModes' to allow extensions to make new gallery modes. 7591* The checkbox for staying in HTTPS displayed on the login form when 7592 $wgSecureLogin is enabled has been removed. Instead, whether the user stays in 7593 HTTPS will be determined 7594 based on the user's preferences, and whether they came from HTTPS or not. 7595* $wgRC2UDPAddress, $wgRC2UDPInterwikiPrefix, $wgRC2UDPOmitBots, $wgRC2UDPPort, 7596 and $wgRC2UDPPrefix configuration options have been deprecated in favor of a 7597 $wgRCFeeds configuration array. $wgRCFeeds makes both the format and 7598 destination of recent change notifications customizable, and allows for 7599 multiple destinations to be specified. 7600* (bug 53862) portal-url, currentevents-url and helppage have been removed from 7601 the default Sidebar. 7602* The 'vector-simplesearch' preference is now enabled by default. Previously 7603 it was only enabled if the Vector extension was installed. 7604* The precise format of metric datagrams produced by the UDP profiler and stats 7605 counter may now be specified as $wgUDPProfilerFormatString and 7606 $wgStatsFormatString, respectively. 7607* (bug 54597) $wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath, and 7608 $wgProxyMemcExpiry have been removed, along with the open proxy scanner 7609 script they were added for. 7610* Default value of $wgMaxShellMemory has been tripled (it's now 300 MB). 7611 7612=== New features in 1.22 === 7613* You can now install extensions using Composer. 7614 See https://www.mediawiki.org/wiki/Composer 7615* (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and 7616 attributes. 7617* (bug 33454) Language::sprintfDate now has a timezone parameter, and supports 7618 the "eIOPTZ" formatting characters. 7619* EditWarning: A warning is shown when an editor leaves the edit form without 7620 saving (enabled by default, users can opt-out via the 'useeditwarning' 7621 preference). This feature was moved from the Vector extension, and is now part 7622 of core for all skins. Take care when upgrading that you don't use an older 7623 version of the Vector extension as this feature may conflict. 7624* New 'mediawiki.ui' CSS module providing mw-ui-* styles for buttons and a 7625 compact vertical form layout. 7626* HTMLForm supports a new display format 'vform' which applies this compact 7627 vertical 7628 layout and button styling. Special:PasswordReset uses this format. 7629* New versions of login (Special:UserLogin) and create account 7630 (Special:UserLogin/signup) forms using the "vform" compact vertical form 7631 layout. These forms use new messages that assume a "Help logging in" link, see 7632 https://www.mediawiki.org/wiki/Manual:Page_customizations; 7633 https://www.mediawiki.org/wiki/Account_creation_user_experience/Strings lists 7634 the message key changes. 7635* (bug 23343) Implemented ability to apply IP blocks to the contents of 7636 X-Forwarded-For headers by adding a new configuration variable 7637 $wgApplyIpBlocksToXff (disabled by default). 7638* The new hook 'APIGetPossibleErrors' to modify the list of possible errors was 7639 added. 7640* (bug 25592) LogEventsList::showLogExtract() will now ignore various 7641 Pager-related WebRequest parameters by default, as this is overwhelmingly 7642 likely to be what was intended by users of the method. If any caller wishes 7643 to use these parameters, the new param 'useRequestParams' may be set to true. 7644* mw.util.addPortletLink: Tooltip is no longer required to be plain (without 7645 an accesskey in it already). As such it now rountrips. Creating a link with a 7646 message as tooltip, grabbing the title attribute and using it to create 7647 another portlet will work as expected. 7648* (bug 6747) {{ROOTPAGENAME}} introduced, contains the name of the topmost 7649 page without namespace. 7650* BREAKING CHANGE: (bug 41729) Display editsection links next to headings. Also 7651 change their class name from .editsection to .mw-editsection and place them at 7652 the end of the heading element instead of the beginning. Client-side code and 7653 screen-scrapers will have to be adjusted to handle both cases (old HTML will 7654 still be visible on cached page renders until they are purged); extensions 7655 using the DoEditSectionLink or EditSectionLink hooks might need adjustments as 7656 well. 7657* (bug 45535) introduced the new 'LanguageLinks' hook for manipulating the 7658 language links associated with a page before display. 7659* Chosen (http://harvesthq.github.io/chosen/) was added as module 7660 'jquery.chosen' 7661* HTMLForm will turn multiselect checkboxes into a Chosen interface when setting 7662 cssclass 'mw-chosen' 7663* rebuildLocalisationCache learned --lang option. Let you rebuild l10n caches 7664 of the specified languages instead of all of them. 7665* New GetNewMessagesAlert hook allowing extensions to disable or modify the new 7666 messages alert 7667* New wgUserNewMsgRevisionId JS global for logged in users. This will be null 7668 if the user has no new talk page messages. Otherwise it will be set to the 7669 revision ID of the oldest new talk page message. This will allow gadgets and 7670 extensions to create their own new message alerts on the client side. 7671* mediawiki.log: Added log.warn wrapper (uses console.warn and console.trace). 7672* mediawiki.log: Implemented log.deprecate. This method defines a property and 7673 uses ES5 getter/setter to emit a warning when they are used. 7674* $wgCascadingRestrictionLevels was added, allowing one to specify restriction 7675 levels which can be cascading (previously 'sysop' was hard-coded as the only 7676 one). 7677* XHTML5 support has been improved. If you set 7678 $wgMimeType = 'application/xhtml+xml' MediaWiki will try outputting markup 7679 according to XHTML5 rules. 7680* Altered hook 'ProtectionForm::save', adding the reason page protection is 7681 changed as third parameter. 7682* New hook 'TitleSquidURLs' for manipulating the list of URLs to be purged from 7683 HTTP caches when a page is changed. 7684* Changed the patrolling system to always show the link for patrolling in case 7685 the current revision is patrollable. This also removed the usage of the rcid 7686 URI parameters. 7687* Oracle DB backend now supports Database Resident Connection Pooling (DRCP). 7688 Can be enabled by setting $wgDBOracleDRCP=true. 7689 Requires Oracle DB 11gR1 or above, enabled DRCP inside the DB itself and a 7690 propper connect string. 7691 More about DRCP can be found at: 7692 https://oracle-base.com/articles/11g/database-resident-connection-pool-11gr1 7693* Add a new parameter $patrolFooterShown to hook ArticleViewFooter so the hook 7694 handlers can take further action based on the status of the patrol footer 7695* A new hook TitleQuickPermissions was added to allow overriding of quick 7696 permissions in the Title class. 7697* LinkCache singleton can now be altered or cleared, letting one to specify 7698 another instance that does not rely on a database backend. 7699* MediaWiki's PHPUnit tests can now use PHPUnit installed using composer --dev. 7700* (bug 43689) The lists of templates used on the page and hidden categories it 7701 is a member of, shown below the edit form, are now collapsible (and collapsed 7702 by default). 7703* Parser profiling data, formerly only available in the "NewPP limit report" 7704 HTML comment, is now also displayed at the bottom of page previews. 7705* Added ParserLimitReportPrepare and ParserLimitReportFormat hooks, deprecated 7706 ParserLimitReport hook. 7707* New user rights have been added to increase granularity in rights management 7708 for extensions such as OAuth: 7709** editmyusercss controls whether a user may edit their own CSS subpages. 7710** editmyuserjs controls whether a user may edit their own JS subpages. 7711** viewmywatchlist controls whether a user may view their watchlist. 7712** editmywatchlist controls whether a user may edit their watchlist. 7713** viewmyprivateinfo controls whether a user may access their private 7714 information (e.g. registered email address, real name). 7715** editmyprivateinfo controls whether a user may change their private 7716 information. 7717** editmyoptions controls whether a user may change their preferences. 7718* Add new hook AbortTalkPageEmailNotification, this will be used to determine 7719 whether to send the regular talk page email notification 7720* Action classes registered in $wgActions are now also supported in the form of 7721 a callback (which returns an instance of Action) instead of providing the name 7722 of a subclass of Action. 7723* (bug 46513) Vector: Add the collapsibleTabs script from the Vector extension. 7724* Added $wgRecentChangesFlags for defining new flags for RecentChanges and 7725 watchlists. 7726* (bug 40518) mw.toolbar: Implemented mw.toolbar.addButtons for adding multiple 7727 button objects in one call. 7728* Rights used for the default protection levels ('sysop' and 'autoconfirmed') 7729 are now used just for that purpose, instead of overloading other rights. This 7730 allows easy granting of the ability to edit sysop-protected pages without 7731 also granting the ability to protect and unprotect. 7732* (bug 48256) Make brackets in section edit links accessible to CSS. 7733 They are now wrapped in <span class="mw-editsection-bracket" />. 7734* (bug 8480) Allow handler specific parameters in galleries (like page number) 7735* jquery.client: Add detection for Opera 15 and Internet Explorer 11. 7736* Change tags (used by the AbuseFilter extension) are now shown on diff pages. 7737* Change tag lists (shown on recent changes, watchlist, user contributions, 7738 history pages, diff pages) now include a link to Special:Tags to distinguish 7739 them from edit summaries. 7740* Added a new method and hook, User::isEveryoneAllowed() and 7741 UserIsEveryoneAllowed, for use in situations where a "does everyone have this 7742 right?" check is used to avoid more expensive checks. 7743* (bug 14431) Display "(No difference)" instead of an empty diff (when comparing 7744 revisions in the history or when previewing changes while editing). 7745* New hook 'IsUploadAllowedFromUrl' is added which can be used to intercept 7746 uploads by URL, useful for blacklisting specific URLs 7747* (bug 21912) Watchlist token implementation has been refactored and 7748 Special:ResetTokens was added to allow users to reset their tokens 7749 instead of presenting them in Preferences. 7750* Special:PrefixIndex now lets you strip the searched prefix from the displayed 7751 titles. Given a list of articles named Bug1, Bug2, you can now transclude the 7752 list of bug numbers using: {{Special:PrefixIndex/Bug|stripprefix=1}}. 7753 The special page form received a new checkbox matching that option. 7754* (bug 23580) Implement javascript callback interface "mw.hook". 7755* (bug 30713) New mw.hook "wikipage.content". 7756* (bug 40430) jquery.placeholder gets a new parameter to set the attribute value 7757 to be used. 7758* $wgHTCPMulticastRouting renamed $wgHTCPRouting since it accepts unicast. 7759* $wgHTCPRouting rules can now be passed an array of hosts/ports to send purge 7760 too. Can be used whenever several multicast group could be interested by a 7761 specific purge. 7762* (bug 25931) Add Special:RandomInCategory. 7763* mediawiki.util: addPortletLink now supports passing a jQuery object as 7764 nextnode. 7765* <wbr> can now be used inside WikiText. 7766* WebResponse::setcookie is much more featureful. Callers using PHP's 7767 setcookie() or setrawcookie() should begin using this instead. 7768* New hook WebResponseSetCookie, called from WebResponse::setcookie(). 7769* New hook ResetSessionID, called when the session id is reset. 7770* Add a mode parameter to <gallery> tag with potential options of "traditional", 7771 "nolines", "packed", "packed-overlay", or "packed-hover". 7772* (bug 47399) A success message is now displayed after changing the password. 7773* Make thumb.php give HTTP redirects for file redirects 7774* (bug 30607) Special:ListFiles can now show old versions of files. Additionally 7775 Special:AllMyUploads was introduced so the user can get a list of all things 7776 they have ever uploaded, even if it was subsequently overridden. 7777* Introduced Special:MyFiles and Special:AllMyFiles as an alias for 7778 Special:MyUploads and Special:AllMyUploads respectively. 7779* IPv6 addresses in X-Forwarded-For headers are now normalised before checking 7780 against allowed proxy lists. 7781* Add deferrable update support for callback/closure. 7782* Add TitleMove hook before page renames. 7783* Revision deletion backend code is moved out of SpecialRevisiondelete 7784* Added {{REVISIONSIZE}} variable to get the current size of a revision. 7785* Add support for the LESS stylesheet language to ResourceLoader. LESS is a 7786 stylesheet language that compiles into CSS. ResourceLoader file modules may 7787 include LESS style files; ResourceLoader will compile these files into CSS 7788 before sending them to the client. 7789** The $wgResourceLoaderLESSVars configuration variable is an associative array 7790 mapping variable names to string CSS values. These variables are considered 7791 declared for all LESS files. Additional variables may be registered by 7792 adding keys to the array. 7793** $wgResourceLoaderLESSFunctions is an associative array of custom LESS 7794 function names to PHP callables. See 7795 <http://leafo.net/lessphp/docs/#custom_functions> 7796 for more details regarding custom functions. 7797** $wgResourceLoaderLESSImportPaths is an array of file system paths. Files 7798 referenced in LESS '@import' statements are looked up here first. 7799* ResourceLoader supports hashes as module cache invalidation trigger (instead 7800 of or in addition to timestamps). 7801* Added $wgExtensionEntryPointListFiles for use in mergeMessageFileList.php. 7802* Added a hook, APIQuerySiteInfoStatisticsInfo, to allow extensions to modify 7803 the output of the API query meta=siteinfo&siprop=statistics 7804* Primary keys have been added to both the archive table and the externallinks 7805 tables. 7806* Added $wgEnableParserLimitReporting to control whether the NewPP limit report 7807 is output in a HTML comment. 7808* The 'UnwatchArticle' and 'WatchArticle' hooks now support a Status object 7809 instead of just a boolean return value to abort the hook. 7810* Added a hook, SpecialWatchlistGetNonRevisionTypes, to allow extensions 7811 with custom recentchanges entries to hook into the Watchlist without 7812 clobbering each other. 7813* A hidden, empty input field was added to the edit form, and any edit that 7814 fills it in will be rejected. This prevents against the simplest form of 7815 spambots. Previously in the "SimpleAntiSpam" extension by Ryan Schmidt. 7816* populateRevisionLength.php maintenance script updated to also populate 7817 archive.ar_len field. 7818* (bug 43571) DatabaseMySQLBase learned to list views, optionally filtered by a 7819 prefix. Also fixed PHPUnit test suite when using a MySQL backend containing 7820 views. 7821 7822=== Bug fixes in 1.22 === 7823* (bug 47271) $wgContentHandlerUseDB should be set to false during the upgrade 7824* Disable Special:PasswordReset when $wgEnableEmail is false. Previously one 7825 could still navigate to the page by entering the URL directly. 7826* (bug 47138) Fixed a fatal error when a blocked user tries to automatically 7827 create an account on login due external authentication in some circumstances. 7828* (bug 23393) HTML <hN> headings containing line breaks are now handled 7829 correctly. 7830* (bug 45803) Whitespace within == Headline == syntax and within <hN> headings 7831 is now non-significant and not preserved in the HTML output. 7832* (bug 47218) Special:BlockList now handles correctly user names with spaces 7833 when passed as subpage. 7834* Pager's properly validate which fields are allowed to be sorted on. 7835* mw.util.tooltipAccessKeyRegexp: The regex now matches "option-" as well. 7836 Support for Mac "option" was added in 1.16, but the regex was never updated. 7837* (bug 46768) Usernames of blocking users now display correctly, even if 7838 numeric. 7839* (bug 39590) Self-transclusions now show the most up to date result always 7840 after save instead of being a revision behind. 7841* A bias in wfRandomString() toward digits 1-7 has been corrected. Generated 7842 strings will now start with digits 0 and 8-f as often as they should. 7843* (bug 45371) Removed Parser_LinkHooks and CoreLinkFunctions classes. 7844* (bug 41545) Allow <kbd>, <samp>, and <var> to be nested like allowed in html. 7845* PLURAL magic word no longer causes a PHP notice when no matching form exists. 7846* (bug 36641) Patrol page links no longer show on non-existent revisions. 7847* (bug 35810) Pages not linked from Special:RecentChanges or Special:NewPages 7848 are patrollable now. 7849* (bug 30213) JavaScript for search suggestions is now disabled when the API 7850 is disabled, and AJAX patrolling and watching are now disabled when use of 7851 the write API is not allowed. 7852* (bug 48294) API: Fix chunk upload async mode. 7853* (bug 46749) Broken files tracking category removed from pages if an image 7854 with that name is uploaded. 7855* (bug 14176) System messages that are empty were previously incorrectly treated 7856 as non-existent, causing a fallback to the default. This stopped users from 7857 overriding system messages to make them blank. 7858* (bug 48319) action=parse no longer returns an error if passed none of 'oldid', 7859 'pageid', 'page', 'title', and 'text' (e.g. if only passed 'summary'). A 7860 warning will instead be issued if 'title' is non-default, unless no props are 7861 requested. 7862* Special:Recentchangeslinked will now include upload log entries 7863* (bug 41281) Fixed ugly output if file size could not be extracted for 7864 multi-page media. 7865* (bug 50315) list=logevents API module will now output log entries by anonymous 7866 users. 7867* (bug 38911) Handle headers with rowspan in jquery.tablesorter 7868* (bug 658) Converted the table of contents on wiki pages from <table> to <div> 7869 and adjusted skin CSS accordingly. The CSS was carefully crafted to be 7870 backwards-compatible in all reasonable cases (uses of the __TOC__ magic word, 7871 the #toc CSS id and the .toc CSS class). However, particularly bad abuse of 7872 the id or the class can possibly break. 7873* CSSJanus now supports rgb, hsl, rgba, and hsla color syntaxes. 7874* Special:Listfiles can no longer be sorted by image name when filtering 7875 by user in miser mode. 7876* (bug 49074) CSSJanus: Handle values of border-radius correctly. 7877* Handle relative inclusions ({{../name}}) in main namespace with subpages 7878 enabled correctly (previously MediaWiki tried to include Template:Parent/name 7879 instead of just Parent/name). 7880* Added $wgAPIUselessQueryPages to allow extensions to flag their query pages 7881 for non-inclusion in ApiQueryQueryPages. 7882* (bug 50870) mediawiki.notification: Notification area should remain visible 7883 when scrolled down. 7884* (bug 13438) Special:MIMESearch no longer an expensive special page. 7885* (bug 48342) Fixed a fatal error when $wgValidateAllHtml is set to true and 7886 the function apache_request_headers() function is not available. 7887* (bug 33399) LivePreview: Re-run wikipage content handlers 7888 (jquery.makeCollapsible, jquery.tablesorter) after preview content is loaded. 7889* (bug 51891) Fixed PHP notice on Special:PagesWithProp when no properties 7890 are defined. 7891* (bug 52006) Corrected documentation of $wgTranscludeCacheExpiry. 7892* (bug 52077) The APIEditBeforeSave hook is giving the content of the whole 7893 revision as second argument now, rather than just the current section. 7894* (bug 49694) $wgSpamRegex is now also applied on the new section headline text 7895 adding a new topic on a page 7896* (bug 41756) Improve treatment of multiple comments on a blank line. 7897* (bug 51064) Purge upstream caches when deleting file assets. 7898* (bug 39012) File types with a mime that we do not know the extension for 7899 can no longer be uploaded as an extension that we do know the mime type 7900 for. 7901* (bug 51742) Add data-sort-value for better sorting of hitcounts Special:Tags 7902* (bug 26811) On DB error pages, server hostnames are now hidden when both 7903 $wgShowHostnames and $wgShowSQLErrors are false. 7904* (bug 6200) line breaks in <blockquote> are handled like they are in <div> 7905* (bug 14931) Default character set now set to 'utf8' when a new MySQL 7906 database is created. 7907* (bug 47191) Fixed "Column 'si_title' cannot be part of FULLTEXT index" 7908 MySQL error when installing using the binary character set option. 7909* (bug 45288) Support mysqli PHP extension 7910* (bug 55818) BREAKING CHANGE: Removed undocumented 'Debug' hook in wfDebug. 7911 This resolves an infinite loop when using $wgDebugFunctionEntry = true. 7912* (bug 56707) Correct tooltip of "Next n results" on query special pages. 7913* (bug 56770) mw.util.addPortletLink: Check length before access array index. 7914 7915=== API changes in 1.22 === 7916* (bug 25553) The JSON output formatter now leaves forward slashes unescaped 7917 to improve human readability of URLs and similar strings. Also, a "utf8" 7918 option is now provided to use UTF-8 encoding instead of hex escape codes 7919 for most non-ASCII characters. 7920* (bug 46626) xmldoublequote parameter was removed. Because of a bug, the 7921 parameter has had no effect since MediaWiki 1.16, and so its removal is 7922 unlikely to impact existing clients. 7923* (bug 47216) action=query&meta=siteinfo&siprop=skins will now indicate which 7924 skin is the default and which are unusable (e.g. listed in $wgSkipSkins). 7925* (bug 25325) Added support for wlshow filtering (bots/anon/minor/patrolled) 7926 to action=feedwatchlist. 7927* WDDX formatted output will actually be formatted (and normal output will no 7928 longer be), and will no longer choke on booleans. 7929* action=opensearch no longer silently ignores the format parameter. 7930* action=opensearch now supports format=jsonfm. 7931* list=usercontribs&ucprop=ids will now include the parent revision id. 7932* BREAKING CHANGE: action=parse no longer returns all langlinks for the page 7933 with prop=langlinks by default. The new effectivelanglinks parameter will 7934 request that the LanguageLinks hook be called to determine the effective 7935 language links. 7936* BREAKING CHANGE: list=allpages, list=langbacklinks, and prop=langlinks do not 7937 apply the new LanguageLinks hook, and thus only consider language links 7938 stored in the database. 7939* (bug 47219) Allow specifying change type of Wikipedia feed items 7940* prop=imageinfo now allows setting iiurlheight without setting iiurlwidth 7941* prop=info now adds the content model and page language of the title. 7942* New upload log entries will now contain information on the relevant 7943 image (sha1 and timestamp). 7944* (bug 49239) action=parse now can parse in preview and section preview modes. 7945* (bug 49259) action=patrol now accepts revision ids. 7946* (bug 48129) list=blocks&bkip= now correctly handles IPv6 CIDR ranges and 7947 honors $wgBlockCIDRLimit. Note any clients passing invalid values to bkip 7948 will now receive an error, rather than the previous behavior listing all 7949 user blocks. 7950* (bug 48201) action=parse&text=foo now assumes wikitext if no title is given, 7951 rather than using the content model of the page "API". 7952* action=watch no longer silently ignores hook abort. 7953* (bug 50785) action=purge with forcelinkupdate=1 no longer queues refreshLinks 7954 jobs in the job queue for link table updates of pages that use the given page 7955 as a template. Instead, forcerecursivelinkupdate=1 is introduced and should 7956 be used if that behaviour is desirable. 7957* The 'debugLog' property (enabled by $wgDebugToolbar) no longer sets the log 7958 entry values through ApiResult::content but directly. This changes the JSON 7959 output from an array of objects with content in '*' to an array of strings 7960 with the content. 7961* (bug 51342) prop=imageinfo iicontinue now contains the dbkey, not the text 7962 version of the title. 7963* (bug 52538) action=edit will now use empty text instead of the contents 7964 of section 0 when passed prependtext or appendtext with section=new. 7965* Support for the 'gettoken' parameter to action=block and action=unblock, 7966 deprecated since 1.20, has been removed. 7967* (bug 49090) Token-getting functions will fail when using jsonp callbacks. 7968* (bug 52699) action=upload returns normalized file name on warning 7969 "exists-normalized" instead of filename to be uploaded to. 7970* (bug 53884) action=edit will now return an error when the specified section 7971 does not exist in the page. 7972* Added meta=filerepoinfo API module for getting information about foreign 7973 file repositories, and related ForeignAPIRepo methods getInfo and getApiUrl. 7974* The new query module list=allfileusages to enumerate file usages was added. 7975 7976=== Languages updated in 1.22 === 7977 7978MediaWiki supports over 350 languages. Many localisations are updated 7979regularly. Below only new and removed languages are listed, as well as 7980changes to languages because of Bugzilla reports. 7981 7982* Batak Toba (bbc-latn) added. 7983* (bug 46751) Made Buryat (Russia) (буряад) (bxr) fallback to Russian. 7984 7985=== Other changes in 1.22 === 7986* BREAKING CHANGE: Implementation of MediaWiki's JS and JSON value encoding 7987 has changed: 7988** MediaWiki no longer supports PHP installations in which the native JSON 7989 extension is missing or disabled. 7990** XmlJsCode objects can no longer be nested inside objects or arrays. 7991 (For Xml::encodeJsCall(), this individually applies to each argument.) 7992** The sets of characters escaped by default, along with the precise escape 7993 sequences used, have changed (except for the Xml::escapeJsString() 7994 function, which is now deprecated). 7995* BREAKING CHANGE: The Services_JSON class has been removed. If necessary, 7996 be sure to upgrade affected extensions at the same time (e.g. Collection). 7997* redirect.php was removed. It was unused. 7998* ClickTracking integration was dropped from the mediaWiki.user.bucket 7999 JavaScript function. The 'tracked' option is now ignored. 8000* BREAKING CHANGE: Legacy skins Simple, MySkin, Chick, Standard and Nostalgia 8001 were all removed. (Nostalgia was moved to an extension.) The SkinLegacy and 8002 LegacyTemplate classes that supported them were removed as well and are now a 8003 part of the Nostalgia extension. 8004* Event namespace used by jquery.makeCollapsible has been changed from 8005 'mw-collapse' to 'mw-collapsible' for consistency with the module name. 8006* BREAKING CHANGE: The "ExternalAuth" authentication subsystem was removed, 8007 along with its associated globals of $wgExternalAuthType, $wgExternalAuthConf, 8008 $wgAutocreatePolicy and $wgAllowPrefChange. Affected users are encouraged to 8009 use AuthPlugin for external authentication/authorization needs. 8010* The Quickbar feature of the legacy skin model and the last remnants of it 8011 throughout the code base have been removed. 8012* Externaledit/externaldiff preference was removed. Very few users used this 8013 feature, and improper configuration can actually prevent a user from editing 8014* Calling Linker methods using a skin will now output deprecation warnings. 8015* (bug 46680) "Return to" links are no longer tagged with rel="next". 8016* BREAKING CHANGE: mw.util.tooltipAccessKeyRegexp: The match group for the 8017 accesskey character is now $6 instead of $5. 8018* HipHop compiler (hphpc) support was removed. HipHop VM support (hhvm) was 8019 added. 8020* A new Special:Redirect page was added, providing lookup by revision ID, 8021 user ID, or file name. The old Special:Filepath page was reimplemented 8022 to redirect through Special:Redirect. 8023* Monobook: Removed the old conditional stylesheets for Opera 6, 7 and 9. 8024* Support for XHTML 1.0 has been removed. MediaWiki now only outputs (X)HTML5. 8025* wikibits: User-agent related globals have been deprecated. The following 8026 properties now default to false and emit mw.log.warn: is_gecko, is_chrome_mac, 8027 is_chrome, webkit_version, is_safari_win, is_safari, webkit_match, is_ff2, 8028 ff2_bugs, is_ff2_win, is_ff2_x11, opera95_bugs, opera7_bugs, opera6_bugs, 8029 is_opera_95, is_opera_preseven, is_opera, and ie6_bugs. 8030* (bug 48276) MediaWiki will now flash a confirmation message upon successfully 8031 editing a page. 8032* (bug 40785) mediawiki.legacy.ajax has been marked as deprecated. The following 8033 properties now emit mw.log.warn when accessed: sajax_debug, sajax_init_object, 8034 sajax_do_call and wfSupportsAjax. 8035* BREAKING CHANGE: meta keywords are no longer supported. A 8036 <meta name="keywords" will no longer be output and OutputPage::addKeyword no 8037 longer exists. 8038* Methods Title::userCanEditCssSubpage and Title::userCanEditJsSubpage, 8039 deprecated since 1.19, have been removed. 8040* (bug 50134) Hook functions are no longer required to return a value. When a 8041 hook function does not return a value (or when it returns an explicit null), 8042 processing continues. To abort the hook, a hook function must return an 8043 explicit, boolean false or a string error message. Other falsey values are 8044 tantamount to a 'return true' in earlier versions of MediaWiki. 8045* BREAKING CHANGE: The EditSectionLink hook was removed after being 8046 deprecated since MediaWiki 1.14. Use DoEditSectionLink instead. 8047* (bug 48256) The 'editsection-brackets' optional message was removed. 8048 Section edit links' brackets can now be customized using CSS by 8049 styling span.mw-editsection-bracket. 8050* The usePatrol function in ChangesList has been marked as deprecated. 8051* (bug 50785) A "null edit", that is, a save action in which no changes to the 8052 page text are made and no revision recorded, will no longer send refreshLinks 8053 jobs to the job table to update pages which use the edited page as a template. 8054* The LivePreviewPrepare and LivePreviewDone events triggered on "jQuery( mw )" 8055 have been deprecated in favour of using mw.hook. 8056* The 'showjumplinks' user preference has been removed, jump links are now 8057 always included. 8058* Methods RecentChange::notifyRC2UDP, RecentChange::sendToUDP, and 8059 RecentChange::cleanupForIRC have been deprecated, as it is now the 8060 responsibility of classes implementing the RCFeedFormatter and RCFeedEngine 8061 interfaces to implement the formatting and delivery for recent change 8062 notifications. 8063* SpecialPrefixindex methods namespacePrefixForm() and showPrefixChunk() have 8064 been made protected. They were accepting form variance arguments, this is now 8065 using properties in the SpecialPrefixindex class. 8066* (bug 50310) BREAKING CHANGE: wikibits: Drop support for mwCustomEditButtons. 8067 It defaults to an empty array and emits mw.log.warn when accessed. 8068* BREAKING CHANGE: Special:Disambiguations has been removed from MediaWiki core. 8069 Functions related to disambiguation pages are now handled by the Disambiguator 8070 extension (https://www.mediawiki.org/wiki/Extension:Disambiguator) (bug 8071 35981). 8072* BREAKING CHANGE: The 'mediawiki.legacy.wikiprintable' module has been removed. 8073 The skins/common/wikiprintable.css file no longer exists. Return value of 8074 Skin#commonPrintStylesheet is ignored. Please use the 8075 'mediawiki.legacy.commonPrint' module instead or base your skin on 8076 SkinTemplate. 8077* (bug 49629) The hook ExtractThumbParameters has been deprecated in favour 8078 of media handler overriding MediaHandler::parseParamString. 8079* (bug 46512) The collapsibleNav feature from the Vector extension has been 8080 moved to the Vector skin in core. 8081* SpecialRecentChanges::addRecentChangesJS() function has been renamed 8082 to addModules() and made protected. 8083* Methods WatchAction::doWatch and WatchAction::doUnwatch now return a Status 8084 object instead of a boolean. 8085* Information boxes (CSS classes errorbox, warningbox, successbox) have been 8086 made more subtle. 8087* BREAKING CHANGE: The module 'mediawiki.legacy.IEFixes' has been removed as it 8088 was unused. The file skins/common/IEFixes.js remains but is only used by 8089 wikibits. The file never contained any re-usable components. To use it in a 8090 skin, load 'mediawiki.legacy.wikibits' (which IEFixes depends on) and that 8091 will import IEFixes automatically if user agent conditions are met. 8092* Code specific to the Math extension was marked as deprecated. 8093* mediawiki.util: mw.util.wikiGetlink has been renamed to getUrl. (The old name 8094 still works, but is deprecated.) 8095 8096= MediaWiki 1.21 = 8097 8098== MediaWiki 1.21.11 == 8099This is a security and maintenance release of the MediaWiki 1.21 branch. 8100 8101=== Changes since 1.21.10 === 8102* (bug 65839) SECURITY: Prevent external resources in SVG files. 8103* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like 8104 only extracting the tail of the file partially or not at all. 8105 8106== MediaWiki 1.21.10 == 8107This is a security and maintenance release of the MediaWiki 1.21 branch. 8108 8109=== Changes since 1.21.9 === 8110* (bug 65501) SECURITY: Don't parse usernames as wikitext on 8111 Special:PasswordReset. 8112* (bug 36356) Add space between two feed links. 8113 8114== MediaWiki 1.21.9 == 8115This is a security and maintenance release of the MediaWiki 1.21 branch. 8116 8117=== Changes since 1.21.8 === 8118* (bug 63251) SECURITY: Escape sortKey in pageInfo. 8119* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to 8120 appear blank or with missing text. 8121 8122== MediaWiki 1.21.8 == 8123This is a security and maintenance release of the MediaWiki 1.21 branch. 8124 8125=== Changes since 1.21.7 === 8126* (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword. 8127* (bug 62467) Set a title for the context during import on the cli. 8128 8129== MediaWiki 1.21.7 == 8130This is a maintenance release of the MediaWiki 1.21 branch. 8131 8132=== Changes since 1.21.6 === 8133* Use the correct branch of the extensions' git repositories. 8134 8135== MediaWiki 1.21.6 == 8136This is a security release of the MediaWiki 1.21 branch. 8137 8138=== Changes since 1.21.5 === 8139* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted 8140 namespaces. Also disallow iframe elements. 8141* User will get an error including the namespace name if they use a 8142 non-whitelisted namespace. 8143* (bug 61346) SECURITY: Make token comparison use constant time. It seems like 8144 our token comparison would be vulnerable to timing attacks. This will take 8145 constant time. 8146* (bug 61362) SECURITY: API: Don't find links in the middle of api.php links. 8147 8148== MediaWiki 1.21.5 == 8149This is a security release of the MediaWiki 1.21 branch. 8150 8151=== Changes since 1.21.4 === 8152* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media 8153 formats 8154 8155== MediaWiki 1.21.4 == 8156This is a security release of the MediaWiki 1.21 branch. 8157 8158=== Changes since 1.21.3 === 8159* (bug 57550) SECURITY: Disallow stylesheets in SVG Uploads 8160* (bug 58088) SECURITY: Don't normalize U+FF3C to \ in CSS Checks 8161* (bug 58472) SECURITY: Disallow -o-link in styles 8162* (bug 58553) SECURITY: Return error on invalid XML for SVG Uploads 8163* (bug 58699) SECURITY: Fix RevDel log entry information leaks 8164 8165== MediaWiki 1.21.3 == 8166This is a security and maintenance release of the MediaWiki 1.21 branch. 8167 8168=== Changes since 1.21.2 === 8169* (bug 53032) SECURITY: Don't cache when a call could autocreate 8170* (bug 55332) SECURITY: Improve css javascript detection 8171* (bug 49717) Fix behaviour $wgVerifyMimeType = false; in Upload 8172* Fix comma errors in various js files 8173* Translations 8174 8175== MediaWiki 1.21.2 == 8176This is a security and maintenance release of the MediaWiki 1.21 branch. 8177 8178=== Changes since 1.21.1 === 8179* SECURITY: Fix extension detection with 2 .'s 8180* SECURITY: Support for the 'gettoken' parameter to action=block and 8181 action=unblock, deprecated since 1.20, has been removed. 8182* SECURITY: Sanitize ResourceLoader exception messages 8183* Purge upstream caches when deleting file assets. 8184* Unit test suite now runs the AutoLoader tests. Also fixed the autoloading 8185 entry for the PageORMTableForTesting class though it had no impact. 8186 8187== MediaWiki 1.21.1 == 8188This is a maintenance release of the MediaWiki 1.21 branch. 8189 8190=== Changes since 1.21.0 === 8191* An incorrect version number was used for 1.21.0. 1.21.1 has the correct 8192 number. 8193* A problem with the Oracle SQL table creation was fixed. 8194* (PdfHandler extension) Fix warning if pdfinfo fails but pdftext succeeds. 8195 8196== MediaWiki 1.21.0 == 8197 8198=== Configuration changes in 1.21 === 8199* (bug 29374) $wgVectorUseSimpleSearch is now enabled by default. 8200* Deprecated $wgAllowRealName is removed. Use $wgHiddenPrefs[] = 'realname' 8201 instead. 8202* (bug 39957) Added $wgUnwatchedPageThreshold, specifying minimum count 8203 of page watchers required for the number to be accessible to users 8204 without the unwatchedpages permission. 8205* $wgBug34832TransitionalRollback has been removed. 8206* (bug 29472) $wgUseDynamicDates has been removed and its functionality 8207 disabled. 8208 8209=== New features in 1.21 === 8210* (bug 38110) Schema changes (adding or dropping tables, indices and 8211 fields) can be now be done separately from other changes that 8212 update.php makes. This is useful in environments that use database 8213 permissions to restrict schema changes but allow the DB user that 8214 MediaWiki normally runs as to perform other changes that update.php 8215 makes. Schema changes can be run separately. See the file UPGRADE 8216 for more information. 8217* (bug 34876) jquery.makeCollapsible has been improved in performance. 8218* Added ContentHandler facility to allow extensions to support other content 8219 than wikitext. See docs/contenthandler.txt for details. 8220* New feature was developed for showing high-DPI thumbnails for high-DPI mobile 8221 and desktop displays (configurable with $wgResponsiveImages). 8222* Added new backend to represent and store information about sites and site 8223 specific configuration. 8224* jQuery upgraded from 1.8.2 to 1.8.3. 8225* jQuery UI upgraded from 1.8.23 to 1.8.24. 8226* Added separate fa_sha1 field to filearchive table. This allows sha1 8227 searches with the api in miser mode for deleted files. 8228* Add initial and programmatic sorting for tablesorter. 8229* Add the event "sortEnd.tablesorter", triggered after sorting has completed. 8230* The Job system was refactored to allow for different backing stores for 8231 queues as well as cross-wiki access to queues, among other things. The schema 8232 for the DB queue was changed to support better concurrency and reduce 8233 deadlock errors. 8234* Added ApiQueryORM class to facilitate creation of query API modules based on 8235 tables that have a corresponding ORMTable class. 8236* (bug 40876) Icon for PSD (Adobe Photoshop) file types. 8237* (bug 40641) Implemented Special:Version/Credits with a list of contributors. 8238* (bug 7851) Implemented one-click AJAX patrolling. 8239* The <data>, <time>, <meta>, and <link> elements are allowed within WikiText 8240 for use with Microdata. 8241* The HTML5 <mark> tag has been whitelisted. 8242* Added ParserCloned hook for when the Parser object is cloned. 8243* Added AlternateEditPreview hook to allow extensions to replace the page 8244 preview from the edit page. 8245* Added EditPage::showStandardInputs:options hook to allow extensions to add 8246 new fields to the "editOptions" area of the edit form. 8247* Upload stash DB schema altered to improve upload performance. 8248* The following global functions are now reporting deprecated warnings in 8249 debug mode: wfMsg, wfMsgNoTrans, wfMsgForContent, wfMsgForContentNoTrans, 8250 wfMsgReal, wfMsgGetKey, wfMsgHtml, wfMsgWikiHtml, wfMsgExt, wfEmptyMsg. Use 8251 the Message class, or the global method wfMessage. 8252* Added $wgEnableCanonicalServerLink, off by default. If enabled, a 8253 <link rel=canonical> tag is added to every page indicating the correct server 8254 to use. 8255* Debug message emitted by wfDebugLog() will now be prefixed with the group 8256 name when its logged to the default log file. That is the case whenever the 8257 group has no key in wgDebugLogGroups, that will help triage the default log. 8258* (bug 24620) Add types to LogFormatter. 8259* jQuery JSON upgraded from 2.3 to 2.4.0. 8260* Added GetDoubleUnderscoreIDs hook, for modifying the list of magic words. 8261* DatabaseUpdater class has two new methods to ease extensions schema changes: 8262 dropExtensionIndex and renameExtensionIndex. 8263* New preference type - 'api'. Preferences of this type are not shown on 8264 Special:Preferences, but are still available via the action=options API. 8265* (bug 39397) Hide rollback link if a user is the only contributor of the page. 8266* $wgPageInfoTransclusionLimit limits the list size of transcluded articles 8267 on the info action. Default is 50. 8268* Added action=createaccount to allow user account creation. 8269* (bug 40124) action=options API also allows for setting of arbitrary 8270 preferences, provided that their names are prefixed with 'userjs-'. This 8271 officially reenables the feature that was undocumented and defective 8272 in MW 1.20 (saving preferences using Special:Preferences cleared any 8273 additional fields) and which has been disabled in 1.20.1 as a part of 8274 a security fix (bug 42202). 8275* Added option to specify "others" as author in extension credits using 8276 "..." as author name. 8277* Added the ability to limit the wall clock time used by shell processes, 8278 as well as the CPU time. Configurable with $wgMaxShellWallClockTime. 8279* Allow memory of shell subprocesses to be limited using Linux cgroups 8280 instead of ulimit -v, which tends to cause deadlocks in recent versions 8281 of ImageMagick. Configurable with $wgShellCgroup. 8282* Added $wgWhitelistReadRegexp for regex whitelisting. 8283* (bug 5346) Categories that are redirects will be displayed italic in 8284 the category links section at the bottom of a page. 8285* (bug 43915) New maintenance script deleteEqualMessages.php. 8286* You can now create checkbox option matrices through the HTMLCheckMatrix 8287 subclass in HTMLForm. 8288* WikiText now permits the use of WAI-ARIA's role="presentation" inside of 8289 html elements and tables. This allows presentational markup, especially 8290 tables. To be marked up as such. 8291* maintenance/sql.php learned the --cluster option. Let you run the script 8292 on some external cluster instead of the primary cluster for a given wiki. 8293* (bug 20281) test the parsing of inline URLs. 8294* Added Special:PagesWithProp, which lists pages using a particular page 8295 property. 8296* Implemented language-specific collations for category sorting for 67 languages 8297 based in latin, greek and cyrillic alphabets. This allows one to *finally* get 8298 articles to be correctly sorted on category pages. They are named 8299 'uca-<langcode>', where <langcode> is one of: af, ast, az, be, bg, br, bs, ca, 8300 co, cs, cy, da, de, dsb, el, en, eo, es, et, eu, fi, fo, fr, fur, fy, ga, gd, 8301 gl, hr, hsb, hu, is, it, kk, kl, ku, ky, la, lb, lt, lv, mk, mo, mt, nl, no, 8302 oc, pl, pt, rm, ro, ru, rup, sco, sk, sl, smn, sq, sr, sv, tk, tl, tr, tt, uk, 8303 uz, vi. 8304* Added 'CategoryAfterPageAdded' and 'CategoryAfterPageRemoved' hooks. 8305* Added 'HistoryRevisionTools' and 'DiffRevisionTools' hooks. 8306* Added 'SpecialSearchResultsPrepend' and 'SpecialSearchResultsAppend' hooks. 8307* (bug 33186) Add image rotation api "imagerotate" 8308* (bug 34040) Add "User rights management" link on user page toolbox. 8309* (bug 45526) Add QUnit assertion helper "QUnit.assert.htmlEqual" for asserting 8310 structual equality of HTML (ignoring insignificant differences like 8311 quotmarks, order and whitespace in the attribute list). 8312* (bug 23393) HTML <hN> headings containing line breaks are now handled 8313 correctly. 8314* (bug 45803) Whitespace within == Headline == syntax and within <hN> headings 8315 is now non-significant and not preserved in the HTML output. 8316 8317=== Bug fixes in 1.21 === 8318* (bug 40353) SpecialDoubleRedirect should support interwiki redirects. 8319* (bug 40352) fixDoubleRedirects.php should support interwiki redirects. 8320* (bug 9237) SpecialBrokenRedirect should not list interwiki redirects. 8321* (bug 34960) Drop unused fields rc_moved_to_ns and rc_moved_to_title from 8322 recentchanges table. 8323* (bug 32951) Do not register internal externals with absolute protocol, 8324 when server has relative protocol. 8325* (bug 39005) When purging proxies listed in $wgSquidServers using HTTP PURGE 8326 method requests, we now send a Host header by default, for Varnish 8327 compatibility. This also works with Squid in reverse-proxy mode. If you wish 8328 to support Squid configured in forward-proxy mode, set 8329 $wgSquidPurgeUseHostHeader to false. 8330* (bug 37020) sql.php with readline eats semicolon. 8331* (bug 11748) Properly handle optionally-closed HTML tags when Tidy is 8332 disabled, and don't wrap HTML-syntax definition lists in paragraphs. 8333* (bug 41409) Diffs while editing an old revision should again diff against the 8334 current revision. 8335* (bug 41494) Honor $wgLogExceptionBacktrace when logging non-API exceptions 8336 caught during API execution. 8337* (bug 37963) Fixed loading process for user options. 8338* (bug 26995) Update filename field on Upload page after having sanitized it. 8339* (bug 41793) Contribution links to users with 0 edits on Special:ListUsers 8340 didn't show up red. 8341* (bug 41899) A PHP notice no longer occurs when using the "rvcontinue" API 8342 parameter. 8343* (bug 42036) Account creation emails now contain canonical (not 8344 protocol-relative) URLs. 8345* (bug 41990) Fix regression: API edit with redirect=true and lacking 8346 starttimestamp and basetimestamp should not cause an edit conflict. 8347* (bug 41706) EditPage: Preloaded page should be converted if possible and 8348 needed. 8349* (bug 41886) Rowspans are no longer exploded by tablesorter until the table is 8350 actually sorted. 8351* (bug 2865) User interface HTML elements don't use lang attribute. 8352 (completed the fix by adding the lang attribute to firstHeading). 8353* (bug 42173) Removed namespace prefixes on Special:UncategorizedCategories. 8354* (bug 36053) Log in "returnto" feature forgets query parameters if no 8355 title parameter was specified. 8356* (bug 42410) API action=edit now returns correct timestamp for the new edit. 8357* (bug 14901) Email notification mistakes log action for new page creation. 8358 Enotif no longer sends "page has been created" notifications for some log 8359 actions. The following events now have a correct message: page creation, 8360 deletion, move, restore (undeletion), change (edit). Parameter 8361 $CHANGEDORCREATED is deprecated in 'enotif_body' and scheduled for removal in 8362 MediaWiki 1.23. 8363* (bug 457) In the sidebar of Vector, CologneBlue, Monobook, and Monobook-based 8364 skins, the heading levels have been changed from (variously per skin) 8365 <h4>, <h5> or <h6> to only <h3>s, with a <h2> hidden heading above them. 8366 If you are styling or scripting the headings in a custom way, this change 8367 will require updates to your site's CSS or JS. 8368* (bug 41342) jquery.suggestions should cancel any active (async) fetches 8369 before it triggers another fetch. 8370* (bug 42184) $wgUploadSizeWarning missing second variable. 8371* (bug 34581) removeUnusedAccounts.php maintenance script now ignores newuser 8372 log when determining whether an account is used. 8373* (bug 43379) Gracefully fail if rev_len is unavailable for a revision on the 8374 History page. 8375* (bug 42949) API no longer assumes all exceptions are MWException. 8376* (bug 41733) Hide "New user message" (.usermessage) element from printable 8377 view. 8378* (bug 39062) Special:Contributions will display changes that don't have 8379 a parent id instead of just an empty bullet item. 8380* (bug 37209) "LinkCache doesn't currently know about this title" error fixed. 8381* wfMerge() now works if $wgDiff3 contains spaces 8382* (bug 43052) mediawiki.action.view.dblClickEdit.dblClickEdit should trigger 8383 ca-edit click instead opening URL directly. 8384* (bug 43964) Invalid value of "link" parameter in <gallery> no longer produces 8385 a fatal error. 8386* (bug 44775) The username field is not pre-filled when creating an account. 8387* (bug 45069) wfParseUrl() no longer produces a PHP notice if passed a "mailto:" 8388 URL without address 8389* (bug 45012) Creating an account by e-mail can no longer show a 8390 "password mismatch" error. 8391* (bug 44599) On Special:Version, HEADs for submodule checkouts (e.g. for 8392 extensions) performed using Git 1.7.8+ should now appear. 8393* (bug 42184) $wgUploadSizeWarning missing second variable 8394* (bug 40326) Check if files exist with a different extension during uploading 8395* (bug 34798) Updated CSS for Atom/RSS recent changes feeds to match on-wiki 8396 diffs. 8397* (bug 42430) Calling numRows on MySQL no longer propagates unrelated errors. 8398* (bug 44719) Removed mention of non-existing maintenance/migrateCurStubs.php 8399 script in includes/DefaultSettings.php 8400* (bug 45143) jquery.badge: Treat non-Latin variants of zero as zero as well. 8401* (bug 46151) mwdocgen.php should not ignore exit code of doxygen command. 8402* (bug 41889) Fix $.tablesorter rowspan exploding for complex cases. 8403 8404=== API changes in 1.21 === 8405* prop=revisions can now report the contentmodel and contentformat. 8406 See docs/contenthandler.txt. 8407* action=edit and action=parse now support contentmodel and contentformat 8408 parameters to control the interpretation of page content. 8409 See docs/contenthandler.txt for details. 8410* (bug 35693) ApiQueryImageInfo now suppresses errors when unserializing 8411 metadata. 8412* (bug 40111) Disable minor edit for page/section creation by API. 8413* (bug 41042) Revert change to action=parse&page=... behavior when the page 8414 does not exist. 8415* (bug 27202) Add timestamp sort to list=allimages. 8416* (bug 43137) Don't return the sha1 of revisions through the API if the content 8417 is revision-deleted. 8418* ApiQueryImageInfo now also returns imageinfo for redirects. 8419* list=alltransclusions added to enumerate every instance of page embedding 8420* list=alllinks & alltransclusions now allow both 'from' and 'continue' in 8421 the same query. When both are present, 'from' is simply ignored. 8422* list=alllinks & alltransclusions now allow 'unique' in generators, to yield 8423 a list of all link/template target pages instead of source pages. 8424* BREAKING CHANGE: list=logevents output format changed for details of some log 8425 types. Specifically, details that were formerly reported under a key like 8426 "4::foo" will now be reported under a key of simply "foo". 8427* BREAKING CHANGE: '??_badcontinue' error code was changed to '??badcontinue' 8428 for all query modules. 8429* ApiQueryBase adds 'badcontinue' error code if module has 'continue' parameter. 8430* (bug 35885) Removed version parameter and all getVersion() methods. 8431* action=options now takes a "resetkinds" option, which allows only resetting 8432 certain types of preferences when the "reset" option is set. 8433* (bug 36751) ApiQueryImageInfo now returns imageinfo for the redirect target 8434 when queried with &redirects=. 8435* (bug 31849) ApiQueryImageInfo no longer gets confused when asked for info on 8436 a redirect and its target. 8437* (bug 43849) ApiQueryImageInfo no longer throws exceptions with ForeignDBRepo 8438 redirects. 8439* On error, any warnings generated before that error will be shown in the 8440 result. 8441* action=help supports generalized submodules (modules=query+value), 8442 querymodules obsolete 8443* ApiQueryImageInfo continuation is more reliable. The only major change is 8444 that the imagerepository property will no longer be set on page objects not 8445 processed in the current query (i.e. non-images or those skipped due to 8446 iicontinue). 8447* Add supports for all pageset capabilities - generators, redirects, 8448 converttitles to action=purge and action=setnotificationtimestamp. 8449* (bug 43251) prop=pageprops&ppprop= now accepts multiple props to query. 8450* ApiQueryImageInfo will now limit the number of calls to File::transform made 8451 in any one query. If there are too many, iicontinue will be returned. 8452* action=query&meta=siteinfo&siprop=general will now return the regexes used for 8453 link trails and link prefixes. Added for Parsoid support. 8454* Added an API query module list=pageswithprop, which lists pages using a 8455 particular page property. 8456* Added an API query module list=pagepropnames, which lists all page prop names 8457 currently in use on the wiki. 8458* (bug 44921) ApiMain::execute() will now return after the CORS check for an 8459 HTTP OPTIONS request. 8460* (bug 44923) action=upload works correctly if the entire file is uploaded in 8461 the first chunk. 8462* Added 'continue=' parameter to streamline client iteration over complex query 8463 results 8464* (bug 44909) API parameters may now be marked as type "upload", which is now 8465 used for action=upload's 'file' and 'chunk' parameters. This type will raise 8466 an error during parameter validation if the parameter is given but not 8467 recognized as an uploaded file. 8468* (bug 44244) prop=info may now return the number of people watching each page. 8469* (bug 33304) list=allpages will no longer return duplicate entries when 8470 querying protection. 8471* (bug 33304) list=allpages will now find really old indefinite protections. 8472* (bug 45937) meta=allmessages will report a syntactically invalid lang as a 8473 proper error instead of as an uncaught exception. 8474* (bug 25325) added support for wlshow filtering (bots/anon/minor/patrolled) 8475 to action=feedwatchlist 8476* WDDX formatted output will actually be formatted (and normal output will no 8477 longer be), and will no longer choke on booleans. 8478 8479=== API internal changes in 1.21 === 8480* For debugging only, a new global $wgDebugAPI removes many API restrictions 8481 when true. 8482 Never use on the production servers, as this flag introduces security holes. 8483 Whenever enabled, a warning will also be added to all output. 8484* ApiModuleManager now handles all submodules (actions,props,lists) and 8485 instantiation 8486* Query stores prop/list/meta as submodules 8487* ApiPageSet can now be used in any action to process titles/pageids/revids or 8488 any generator. 8489* BREAKING CHANGE: ApiPageSet constructor now has two params instead of three, 8490 with only the first one keeping its meaning. ApiPageSet is now derived from 8491 ApiBase. 8492* BREAKING CHANGE: ApiQuery::newGenerator() and executeGeneratorModule() were 8493 deleted. 8494* ApiQueryGeneratorBase::setGeneratorMode() now requires a pageset param. 8495* $wgAPIGeneratorModules is now obsolete and will be ignored. 8496* Added flags ApiResult::OVERRIDE and ADD_ON_TOP to setElement() and addValue() 8497* Internal API calls will now include <warnings> in case of unused parameters 8498 8499=== Languages updated in 1.21 === 8500 8501MediaWiki supports over 350 languages. Many localisations are updated 8502regularly. Below only new and removed languages are listed, as well as 8503changes to languages because of Bugzilla reports. 8504 8505* South Azerbaijani (azb) added. 8506* (bug 30040) Autonym for nds-nl is now 'Nedersaksies' (was 'Nedersaksisch'). 8507* (bug 45436) Autonym for pi (Pali) is now 'पालि' (was ''पाळि'). 8508* (bug 34977) Now formatted numbers in Spanish use space as separator 8509 for thousands, as mandated by the Real Academia Española. 8510* (bug 35031) Kurdish formatted numbers now use period and comma 8511 as separators for thousands and decimals respectively. 8512 8513=== Other changes in 1.21 === 8514* BREAKING CHANGE: (bug 44385) Removed the jquery.collapsibleTabs module and 8515 moved it to the Vector extension. It was entirely Vector-extension-specific, 8516 deeply interconnected with the extension, and this functionality really 8517 belongs to the extension instead of the skin anyway. In the unlikely case you 8518 were using it, you have to either copy it to your extension, or install the 8519 Vector extension (and possibly disable its features using config settings if 8520 you don't want them). 8521* Experimental IBM DB2 support was removed due to lack of interest and 8522 maintainership 8523* BREAKING CHANGE: Filenames of maintenance scripts were standardized into 8524 lowerCamelCase format, and made more explicit: 8525 - clear_stats.php -> clearCacheStats.php 8526 - clear_interwiki_cache.php -> clearInterwikiCache.php 8527 - initStats.php -> initSiteStats.php 8528 - proxy_check.php -> proxyCheck.php 8529 - stats.php -> showCacheStats.php 8530 - showStats.php -> showSiteStats.php. 8531 Class names were renamed accordingly: 8532 - clear_stats -> ClearCacheStats 8533 - InitStats -> InitSiteStats 8534 - CacheStats -> ShowCacheStats 8535 - ShowStats -> ShowSiteStats. 8536* BREAKING CHANGE: (bug 38244) Removed the mediawiki.api.titleblacklist module 8537 and moved it to the TitleBlacklist extension. 8538 8539= MediaWiki 1.20 = 8540 8541== MediaWiki 1.20.8 == 8542This is a security release of the MediaWiki 1.20 branch. 8543 8544=== Changes since 1.20.7 === 8545* (bug 53032) SECURITY: Don't cache when a call could autocreate 8546* (bug 55332) SECURITY: Improve css javascript detection 8547* (bug 49717) Fix behaviour $wgVerifyMimeType = false; in Upload 8548* Fix comma errors in various js files 8549* Translations 8550 8551== MediaWiki 1.20.7 == 8552This is a security release of the MediaWiki 1.20 branch. 8553 8554=== Changes since 1.20.6 === 8555* SECURITY: Fix extension detection with 2 .'s 8556* SECURITY: Token-getting functions will fail when using jsonp callbacks. 8557* SECURITY: Sanitize ResourceLoader exception messages 8558* Purge upstream caches when deleting file assets. 8559 8560== MediaWiki 1.20.6 == 8561This is a security and maintenance release of the MediaWiki 1.20 branch. 8562 8563=== Changes since 1.20.5 === 8564* (bug 48306) SECURITY: Run file validation checks on chunked uploads, and 8565 chunks of upload, during the upload process. 8566* (bug 44327) mediawiki.user: Use session ID instead of 1-year cross-session 8567 cookies 8568* (bug 47202) wikibits: FF2Fixes.css should not be loaded in Firefox 20. 8569* (bug 31044) Make ResourceLoader behave in read-only mode 8570 8571== MediaWiki 1.20.5 == 8572This is a security and maintenance release of the MediaWiki 1.20 branch. 8573 8574=== Changes since 1.20.4 === 8575* (bug 46590) Add hook AbortChangePassword to Special:ChangePassword 8576* (bug 47304) SECURITY: Check SVG xml encoding against whitelist 8577* Localisation updates from http://translatewiki.net. 8578* mwdocgen.php: Implement --version option. 8579* Remove svnstat stuff used in Doxygen generation 8580* (bug 43594) Correctly suppress warnings that were missed after the upstream 8581* PHP change to E_STRICT being included in E_ALL. 8582 8583== MediaWiki 1.20.4 == 8584This is a security release of the MediaWiki 1.20 branch. 8585 8586=== Changes since 1.20.3 === 8587* (bug 47251) SECURITY: Disable external entities in Import 8588* (bug 46859) SECURITY: Disable external entities in XMLReader 8589* (bug 46084) SECURITY: Sanitize $limitReport before outputting 8590 8591== MediaWiki 1.20.3 == 8592This is a security and maintenance release of the MediaWiki 1.20 branch. 8593 8594=== Changes since MediaWiki 1.20.2 === 8595* New preference type - 'api'. Preferences of this type are not shown on 8596 Special:Preferences, but are still available via the action=options API. 8597 (Unbreaks MLEB.) 8598* (bug 44010) Context is passed to UserGetLanguageObject. 8599* The recursion guard on RequestContext::getLanguage() was weakened. 8600* (bug 40585) Don't drop 'step="any"' in HTML input fields. 8601* (bug 44024) Fixed problems in ObjectCache when using XCache. 8602* (bug 44010) FauxRequest leaked cookie data from primary request. 8603* (bug 44135/bug 42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST 8604* (bug 43518) API action=unblock should return the user name, not the full user 8605 object 8606* (bug 45355) Prevent read of arbitrary files through mwdoc-filter.php 8607 8608== MediaWiki 1.20.2 == 8609This is a maintenance release of the MediaWiki 1.20 branch 8610 8611=== Changes since MediaWiki 1.20.1 === 8612* (bug 42638) Fix API action=options&reset=1 & unit tests. 8613* (bug 42370) Fixed backport of 60cc060 to use mDoneWrites — caused 8614* (bug 42592) User rights, preferences and other things are not saving in 8615 1.20.1. 8616 8617== MediaWiki 1.20.1 == 8618This is a security release of the MediaWiki 1.20 branch 8619 8620=== Changes since 1.20.0 === 8621* (bug 42202) Validate options to prevent html injection 8622* (bug 40995) Prevent session fixation in Special:UserLogin (CVE-2012-5391) 8623* (bug 41400) Prevent linker regex from exceeding PCRE backtrack limit 8624* Javscript Lint fixes 8625* (bug 40632) Remove CleanupPresentationalAttributes feature 8626* [Database] Fixed case where trx idle callbacks might be lost. 8627 8628== MediaWiki 1.20.0 == 8629 8630=== PHP 5.3 now required === 8631Since 1.20, the lowest supported version of PHP is now 5.3.2. Please 8632upgrade PHP if you have not done so prior to upgrading MediaWiki. 8633 8634=== Configuration changes in 1.20 === 8635* $wgGitRepositoryViewers defines a mapping from Git remote repository to the 8636 Gitweb instance URL used in Special:Version. 8637* `$wgUsePathInfo = true;` is no longer needed to make $wgArticlePath work on 8638 servers using like nginx, lighttpd, and apache over fastcgi. MediaWiki now 8639 always extracts path info from REQUEST_URI if it's available. 8640* The user right 'upload_by_url' is no longer given to sysops by default. 8641 This only affects installations which have $wgAllowCopyUploads set to true. 8642* Removed f-prot support from $wgAntivirusSetup. 8643* New variable $wgDBerrorLogTZ to provide dates in the error log in a 8644 different timezone than the wiki timezone set by $wgLocaltimezone. 8645* New variables $wgDBssl and $wgDBcompress to enable SSL and compression for 8646 database connections, if either are available for the selected DB type. 8647* $wgUseCombinedLoginLink now defaults to false, making MediaWiki output 8648 separate login and create account links by default. 8649 8650=== New features in 1.20 === 8651* Added TitleIsAlwaysKnown hook which gets called when determining if a page 8652 exists. 8653* Added NamespaceIsMovable hook which gets called when determining if pages in a 8654 certain namespace can be moved. 8655* Added SpecialPageBeforeExecute hook which gets called before 8656 SpecialPage::execute. 8657* Added SpecialPageAfterExecute hook which gets called after 8658 SpecialPage::execute. 8659* Added ORMTable, ORMRow and ORMResult classes for additional abstraction of 8660 database interaction. 8661* Added CacheHelper and associated SpecialCachedPage and CachedAction helper 8662 classes. 8663* (bug 32341) Add upload by URL domain limitation. 8664* &useskin=default will now always display the default skin. Useful for users 8665 with a preference for the non-default skin to look at something using the 8666 default skin. 8667* (bug 27619) Remove preference option to display broken links as link? 8668* (bug 34896) jQuery JSON plugin upgraded to v2.3 (2011-09-17). 8669* (bug 34302) Add CSS classes to email fields in user preferences. 8670* Introduced $wgDebugDBTransactions to trace transaction status (currently 8671 PostgreSQL only). 8672* (bug 23795) Add parser itself to ParserMakeImageParams hook. 8673* Introduce a cryptographic random number generator source api for use when 8674 generating various tokens. 8675* (bug 30963) Option on Special:Prefixindex and Special:Allpages to not show 8676 redirects. 8677* (bug 18062) New message when edit or create the local page of a shared file. 8678* (bug 22870) Separate interface message when creating a page. 8679* (bug 17615) nosummary option should be reassigned on preview/captcha. 8680* (bug 34355) Add a variable and parser function for the namespace number. 8681* (bug 35649) Special:Version now shows hashes of extensions checked out from 8682 git. 8683* (bug 35728) Git revisions are now linked on Special:Version. 8684* "Show Changes" on default messages shows now diff against default message text 8685* (bug 23006) create #speciale parser function. 8686* generateSitemap can now optionally skip redirect pages. 8687* (bug 27757) New API command just for retrieving tokens (not page-based). 8688* Added GitViewers hook for extensions using external git repositories to have a 8689 web-based repository viewer linked to from Special:Version. 8690* Memcached debug logs can now be sent to their own file logs by setting 8691 $wgDebugLogFile['memcached'] to some filepath. 8692* (bug 35685) api.php URL and other entry point URLs are now listed on 8693 Special:Version 8694* Edit notices can now be translated. 8695* jQuery upgraded to 1.8.2. 8696* jQuery UI upgraded to 1.8.23. 8697* QUnit upgraded from v1.2.0 to v1.10.0. 8698* (bug 37604) jquery.cookie upgraded to 2011 version. 8699* (bug 22887) Add warning and tracking category for preprocessor errors 8700* (bug 31704) Allow selection of associated namespace on the watchlist 8701* (bug 5445) Now remove autoblocks when a user is unblocked. 8702* Added $wgLogExceptionBacktrace, on by default, to allow logging of exception 8703 backtraces. 8704* Added device detection for determining device capabilities. 8705* QUnit.newMwEnvironment now supports passing a custom setup and/or teardown 8706 function. Arguments signature has changed. First arguments is now an options 8707 object of which 'config' can be a property. Previously 'config' itself was the 8708 first and only argument. 8709* New getCreator and getOldestRevision methods added to WikiPage class 8710* (bug 4220) the XML dump format schema now have unique identity constraints 8711 for page and revision identifiers. Patch by Elvis Stansvik. 8712* cleanupSpam.php now can delete spam pages if --delete was specified instead of 8713 blanking them. 8714* Added new hook ChangePasswordForm to allow adding of additional fields in 8715 Special:ChangePassword 8716* Added new function getDomain to AuthPlugin for getting a user's domain 8717* (bug 23427) New magic word {{PAGEID}} which gives the current page ID. 8718 Will be null on previewing a page being created. 8719* (bug 37627) UserNotLoggedIn() exception to show a generic error page whenever 8720 a user is not logged in. 8721* Watched status in changes lists are no longer indicated by <strong></strong> 8722 tags with class "mw-watched". Instead, each line now has a class 8723 "mw-changeslist-line-watched" or "mw-changeslist-line-not-watched", and the 8724 title itself is surrounded by <span></span> tags with class "mw-title". 8725* Added ContribsPager::reallyDoQuery hook allowing extensions to data to 8726 MyContribs 8727* Added new hook ParserAfterParse to allow extensions to affect parsed output 8728 after the parse is complete but before block level processing, link holder 8729 replacement, and so on. 8730* (bug 34678) Added InternalParseBeforeSanitize hook which gets called during 8731 Parser's internalParse method just before the parser removes 8732 unwanted/dangerous HTML tags. 8733* Added new hook AfterFinalPageOutput to allow modifications to buffered page 8734 output before sent to the client. 8735* (bug 36783) Implement jQuery Promise interface in mediawiki.api module. 8736* Make dates in sortable tables sort according to the page content language 8737 instead of the site content language 8738* (bug 37926) Deleterevision will no longer allow users to delete log entries, 8739 the new deletelogentry permission is required for this. 8740* (bug 14237) Allow PAGESINCATEGORY to distinguish between 'all', 'pages', 8741 'files' and 'subcats' 8742* (bug 38362) Make Special:Listuser includeable on wiki pages. 8743* Added support in jquery.localize for placeholder attributes. 8744* (bug 38151) Implemented mw.user.getRights for getting and caching the current 8745 user's user rights. 8746* Session storage can now configured independently of general object cache 8747 storage, by using $wgSessionCacheType. $wgSessionsInMemcached has been 8748 renamed to $wgSessionsInObjectCache, with the old name retained for backwards 8749 compatibility. When this feature is enabled, the expiry time can now be 8750 configured with $wgObjectCacheSessionExpiry. 8751* Added a Redis client for object caching. 8752* Implemented mw.user.getGroups for getting and caching user groups. 8753* (bug 37830) Added $wgRequirePasswordforEmailChange to control whether password 8754 confirmation is required for changing an email address or not. 8755* HTMLForm mutators can now be chained (they return $this) 8756* A new message, "api-error-filetype-banned-type", is available for formatting 8757 API upload errors due to the file extension blacklist. 8758* New hook 'ParserTestGlobals' allows to set globals before running parser 8759 tests. 8760* Allow importing pages as subpage. 8761* Add lang and hreflang attributes to language links on Login page. 8762* (bug 22749) Create Special:MostInterwikis. 8763* Show change tags when transclude Special:Recentchanges(linked) or 8764 Special:Newpages. 8765* (bug 23226) Add |class= parameter to image links in order to add class(es) to 8766 HTML img tag. 8767* (bug 39431) SVG animated status is now shown in long description. 8768* (bug 39376) jquery.form upgraded to 3.14. 8769* SVG files will now show the actual width in the SVG's specified units 8770 in the metadata box. 8771* Added ResourceLoader module "jquery.jStorage" (v0.3.0, http://jStorage.info/). 8772* (bug 39273) Added AJAX support for "Show changes" (diff) in LivePreview. 8773* Added ResourceLoader module "jquery.badge". 8774* mw.util.$content now points to the overall content area in the skin rather 8775 than just page text content area. If you need the old behavior please use 8776 $( '#mw-content-text'). 8777* jsMessage has been replaced with a floating bubble notification system 8778 complete with auto-hide, multi-message support, and message replacement tags. 8779* jquery.messageBox which appears to be unused by both core and extensions has 8780 been removed. 8781* (bug 34939) Made link parsing insensitive ([HttP://]). 8782* (bug 40072) Add CSS classes to items in output of ChangesList pages. 8783* Added $wgCopyUploadProxy global to define which proxy to use for copy 8784 uploads. 8785* (bug 40448) mediawiki.legacy.mwsuggest has been replaced with a new module, 8786 mediawiki.searchSuggest, based on SimpleSearch from Extension:Vector. 8787 8788=== Known issues in 1.20.0 === 8789These are issues that we're targeting to be fixed in a later release 8790in the 1.20 series. Issues may be added or removed from this list as 8791we see fit. For now, it is comprised of those bugs on the 1.20.0 8792milestone in Bugzilla. 8793 8794* (bug 35894): Reports of secret key generation "hanging" on windows 8795 This is probably a bug that has been fixed in PHP. If you run 8796 into this, try upgrading your PHP. 8797* (bug 38334): PHP Notice: Undefined index: href in /www/w/skins/Vector.php on 8798 line 416 8799 We think this is a problem in some extension. If you see this, 8800 try disabling your extensions and check out the logging patch on 8801 this bug. Or try this patch: 8802 <https://gerrit.wikimedia.org/r/#/c/27937/1/skins/Vector.php> 8803* (bug 39268): [Regression] Toolbar inserts in main textarea only (instead of 8804 the focussed textarea) 8805 This should only be an issue if you are using the ProofreadPage 8806 extension. 8807* (bug 40641): Clicking "others" in Special:Version asks to download a file 8808 If you encounter this, you can tell your webserver to serve the 8809 CREDITS file with text/plain MIME type to fix it. 8810 8811=== Bug fixes in 1.20 === 8812* (bug 40939): [Regression] InfoAction: Call to a member function getUserText() 8813 on a non-object 8814* (bug 40780): searchsuggest-containing line ("containing...") doesn't include 8815 the entered text 8816* (bug 37714): [Regression] Incomplete log entries 8817* (bug 27202): API: Add timestamp sort to list=allimages 8818* (bug 30245) Use the correct way to construct a log page title. 8819* (bug 34237) Regenerate an empty user_token and save to the database 8820 when we try to set the user's cookies for login. 8821* (bug 32210) New edit emails for watched pages always provide a link to the 8822 edit which triggered the mail. 8823* (bug 12021) Added user talk link on Special:Listusers. 8824* (bug 34445) section edit and TOC hide/show links are excluded from selection 8825 and copy/paste on supporting browsers. 8826* (bug 34428) Fixed incorrect hash mismatch errors in the DiffHistoryBlob 8827 history compression method. 8828* (bug 34702) Localised parentheses are now used in more special pages. 8829* (bug 34723) When editing a script page on a RTL wiki the textbox should be 8830 LTR. 8831* (bug 34762) Calling close() on a DatabaseBase object now clears the 8832 connection. 8833* (bug 34863) Show deletion log extract on non-existent file pages if 8834 applicable. 8835* (bug 28019) Let ?preloadtitle=foo be passed on to target of 8836 Special:MyPage and Special:MyTalk. 8837* (bug 34929) Show the correct diff when a section edit is rejected by the spam 8838 filter. 8839* (bug 15816) Add a switch for SETting the search_path (Postgres). 8840* (bug 34521) Returning to the previous page after logging in loses any array- 8841 valued parameters in the query string. 8842* (bug 34735) Updated compressOld.php documentation to mention the different 8843 usages of -s and -n parameters depending on compression type. 8844* (bug 13896) Rendering of devanagari numbers in automatic '#' number lists. 8845* (bug 33689) Upgrade to 1.19 on Postgres fails due to incomplete query when 8846 trying to defer foreign key for externallinks. 8847* (bug 32748) Printer friendly version of article decode Unicode chars as a 8848 pretty IRI in footer. 8849* Removed white border around thumbnails in galleries. 8850* (bug 31236) "Next" and "Previous" buttons are shown incorrectly in 8851 an RTL environment. 8852* (bug 35749) Updated maintenance/checkSyntax.php to use Git instead of 8853 Subversion when invoked with the --modified option. 8854* (bug 35069) On history pages, the " . . " separator after the number of 8855 characters changed in a revision is now suppressed if no text would follow. 8856* (bug 18704) Add a unique CSS class or ID to the tagfilter table row at 8857 RecentChanges 8858* (bug 33564) transwiki import sometimes result in invalid title. 8859* (bug 35572) Blocks appear to succeed even if query fails due to wrong DB 8860 structure 8861* (bug 31757) Add a word-separator between help-messages in HTMLForm 8862* (bug 30410) Removed deprecated $wgFilterCallback and the 'filtered' API error. 8863* (bug 32604) Some messages needs escaping of wikitext inside username. 8864* (bug 36537) Rename wfArrayToCGI to wfArrayToCgi for consistency with 8865 wfCgiToArray. 8866* (bug 25946) The message on the top of Special:RecentChanges is now displayed 8867 in user language instead of content language. 8868* (bug 35264) Wrong type used for <ns> in export.xsd 8869* (bug 24985) Use $wgTmpDirectory as the default temp directory so that people 8870 who don't have access to /tmp can specify an alternative. 8871* (bug 27283) SqlBagOStuff breaks PostgreSQL transactions. 8872* (bug 35727) mw.Api ajax() should put token parameter last. 8873* (bug 37708) mw.Uri.clone() should make a deep copy. 8874* (bug 38024) ResourceLoader should not create empty stylesheets for modules 8875 that don't have stylesheets. 8876* (bug 36812) Special:ActiveUsers "Hide bots" should hide users from any group 8877 having the "bot" user right, instead of just the default "bot" user group. 8878* (bug 35082) mw.util.addPortletLink incorrectly adds link to mutiple <ul> tags. 8879* (bug 36991) jquery.tablesorter should extract date sort format from date 8880 string instead of global config. Dates like "April 1 2012" and "1 April 2012" 8881 now sort correctly regardless of the content language's DefaultDateFormat. 8882* (bug 31895) mw.loader mode now correct when triggered from a $.fn.ready 8883 handler that is bound before mediawiki.js's handler (e.g. browser-userscripts 8884 like greasemonkey). 8885* (bug 38152) jquery.tablesorter: Use .data() instead of .attr(), so that live 8886 values are used instead of just the fixed values from when the tablesorter 8887 was initialized. 8888* (bug 38093) Gender of changed user groups missing in Special:Log/rights 8889* (bug 35893) Special:Block needs to load mediawiki.special.block.js. 8890* (bug 37331) ResourceLoader modules sometimes execute twice in Firefox 8891* (bug 31644) GlobalUsage, CentralAuth and AbuseLog extensions should not use 8892 insecure links to foreign wikis in the WikiMap. 8893* (bug 36073) Avoid duplicate element IDs on File pages. 8894* (bug 25095) Special:Categories should also include the first relevant item 8895 when "from" is filled. 8896* (bug 35526) jquery.tablesorter now uses a stable sort. 8897* (bug 38953) --memory-limit switch not working for runJobs.php. 8898* (bug 33037) Make subpage of Special:newfiles control how many files 8899 are returned, like in previous versions. 8900* (bug 36524) "Show" options on Special:RecentChanges and 8901 Special:RecentChangesLinked are now remembered between successive clicks. 8902* (bug 26069) Page title is no longer "Error" for all error pages. 8903* (bug 39297) Show warning if thumbnail of animated image will not be animated. 8904* (bug 38249) Parser will throw an exception instead of outputting gibberish if 8905 PCRE is compiled without support for unicode properties. 8906* (bug 30390) Suggested file name on Special:Upload should not contain 8907 illegal characters. 8908* EXIF below sea level GPS altitude data is now shown correctly. 8909* (bug 39284) jquery.tablesorter should not consider "."" or "?"" to be a 8910 currency. 8911* (bug 39273) "Show changes" should not be incorrectly displayed in the Live 8912 Preview state. 8913* Made body-content lang attribute honor the variant language when it is set. 8914* (bug 36761) "Mark pages as visited" now submits previously established filter 8915 options. 8916* (bug 39635) PostgreSQL LOCK IN SHARE MODE option is a syntax error. 8917* (bug 36329) Accesskey tooltips for Firefox 14 on Mac should use "ctrl-option-" 8918 prefix. 8919* (bug 32552) Drop unused database field cat_hidden from table category. 8920* (bug 24502) Do not allow multiple language links to the same language. 8921* (bug 40214) Category pages no longer use deprecated "width" HTML attribute. 8922* (bug 39941) Add missing stylesheets to the installer pages 8923* In HTML5 mode, allow new input element types values (such as color, range..) 8924* (bug 36151) mw.Title: Don't limit extension in title parsing. 8925* (bug 38158) jquery.byteLimit sometimes causes an unexpected 0 maxLength being 8926 enforced. 8927* (bug 38163) jquery.byteLimit incorrectly limits input when using methods other 8928 than basic per-char typing. 8929* (bug 34495) patrol log now credit the user patrolling (instead of patrolled 8930 user). 8931* (bug 31676) ResourceLoader should work around IE stylesheet limit. 8932* (bug 40498) ResourceLoader should not output an empty "@media print { }" 8933 block. 8934* (bug 40500) ResourceLoader should not ignore media-type for urls in debug 8935 mode. 8936* (bug 40660) ResourceLoaderWikiModule should not convert " " to a space 8937 for pages from the MediaWiki-namespace. 8938* (bug 40329) (bug 40632) Removed CleanupPresentationalAttributes feature. 8939 8940=== API changes in 1.20 === 8941* (bug 34316) Add ability to retrieve maximum upload size from MediaWiki API. 8942* (bug 34313) MediaWiki API intro message about "HTML format" should mention 8943 the format parameter. 8944* (bug 32384) Allow descending order for list=watchlistraw. 8945* (bug 31883) Limit of bkusers of list=blocks and titles of action=query is 8946 not documented in API help. 8947* (bug 32492) API now allows editing using pageid. 8948* (bug 32497) API now allows changing of protection level using pageid. 8949* (bug 32498) API now allows comparing pages using pageids. 8950* (bug 30975) API import of pages with invalid characters in this wiki leads to 8951 Fatal Error. 8952* (bug 30488) API now allows listing of backlinks/embeddedin/imageusage per 8953 pageid. 8954* (bug 34927) Output media_type for list=filearchive. 8955* (bug 28814) add properties to output of action=parse. 8956* (bug 33224) add variants of content language to meta=siteinfo. 8957* (bug 32643) action=purge with forcelinkupdate no longer crashes when ratelimit 8958 is reached. 8959* The paraminfo module now also contains result properties for most modules. 8960* (bug 32348) Allow descending order for list=alllinks. 8961* (bug 31777) Upload unknown error ``fileexists-forbidden''. 8962* (bug 32382) Allow descending order for list=iwbacklinks. 8963* (bug 32381) Allow descending order for list=backlinks, list=embeddedin and 8964 list=imageusage. 8965* (bug 32383) Allow descending order for list=langbacklinks. 8966* API meta=siteinfo can now return the list of known variable IDs. 8967* (bug 35980) list=deletedrevs now honors drdir correctly in "all" mode 8968 (mode #3). 8969* (bug 29290) API avoids mangling fields in continuation parameters 8970* (bug 36987) API avoids mangling fields in continuation parameters 8971* (bug 30836) siteinfo prop=specialpagealiases will no longer return nonexistent 8972 special pages 8973* (bug 38190) Add "required" flag to some token params for hint in api docs. 8974* (bug 27567) Add file repo support to prop=duplicatefiles. 8975* (bug 27610) Add archivename for non-latest image version to list=filearchive 8976* (bug 38231) Add xml parse tree to action=parse. 8977* Watchlist notification timestamp may be queried by page and may be updated via 8978 the API. 8979* (bug 38904) prop=revisions&rvstart=... no longer blows up when continuing. 8980* (bug 39032) ApiQuery generates help in constructor. 8981* (bug 11142) Improve file extension blacklist error reporting in API upload. 8982* (bug 39665) List of query generators is now not built using reflection, 8983 instead it is defined in code. 8984* (bug 35993) Deprecated gettoken parameter - support will be removed in 1.22. 8985 8986=== Languages updated in 1.20 === 8987 8988MediaWiki supports over 350 languages. Many localisations are updated 8989regularly. Below only new and removed languages are listed, as well as 8990changes to languages because of Bugzilla reports. 8991 8992* Emilian (egl) added. 8993* Tornedalen Finnish (fit) added. 8994* Mizo (lus) added. 8995* Santali (sat) added. 8996* (bug 34192) Namespace gender aliases for Albanian languages (sq & aln). 8997* (bug 35541) Namespace gender aliases for Croatian (hr). 8998* (bug 36012) Space in $separatorTransformTable should be non-breaking in 8999 Portuguese, Esperanto and Udmurt. 9000* Turoyo (tru) added. 9001* Cyrillic-Latin language converter added for Uzbek (uz). 9002 9003=== Other changes in 1.20 === 9004* The user_token field is now left empty until a user attempts to login and 9005 cookies need to be set. It is also now possible to reset every user's 9006 user_token simply by clearing the values in the user_token column. 9007* Removed ./tests/qunit/index.html from core. It wasn't actively maintained and 9008 has been made obsolete when [[Special:JavaScriptTest/qunit]] was introduced, 9009 which actually uses ResourceLoader, LocalSettings and the Skin. 9010* Removed $wgDBtransactions global. This was only checked in one class 9011 and only applies to MyISAM or similar DBs. Those should only be used 9012 for archived sites anyway. We can't get edit conflicts on such sites, 9013 so the WikiPage code wasn't useful there either. 9014* Deprecated mw.user.name in favour of mw.user.getName. 9015* Deprecated mw.user.anonymous in favour of mw.user.isAnon. 9016* Deprecated DatabaseBase functions newFromParams(), newFromType(), set(), 9017 quote_ident(), and escapeLike() were removed. 9018* Use of __DIR__ instead of dirname( __FILE__ ). 9019* OutputPage::wrapWikiMsg() no longer supports the 'options' parameter. It was 9020 not used and complicated migration to Message class. 9021* Live preview functionality has been improved and moved into the 9022 'mediawiki.action.edit.preview' module. The old 'mediawiki.legacy.preview' 9023 module has been removed. 9024* (bug 40448) Removed mediawiki.legacy.mwsuggest module, and removed the 9025 following that has become obsolete: 9026 - globals $wgEnableMWSuggest and $wgMWSuggestTemplate. 9027 - mw.config.values wgMWSuggestTemplate and wgSearchNamespaces. 9028 - method SearchEngine::getMWSuggestTemplate(). 9029 9030== MediaWiki 1.19 == 9031 9032== MediaWiki 1.19.24 == 9033 9034This is a security and maintenance release of the MediaWiki 1.19 branch. 9035 9036=== Changes since 1.19.23 === 9037 9038* ({{bug|T85848}}, {{bug|T71210}}) SECURITY: Don't parse XMP blocks that 9039contain XML entities, to prevent various DoS attacks. 9040* ({{bug|T88310}}) SECURITY: Always expand xml entities when checking SVG's. 9041* ({{bug|T73394}}) SECURITY: Escape > in Html::expandAttributes to prevent XSS. 9042* ({{bug|T85855}}) SECURITY: Don't execute another user's CSS or JS on preview. 9043* ({{bug|T85349}}, {{bug|T85850}}, {{bug|T86711}}) SECURITY: Multiple issues 9044fixed in SVG filtering to prevent XSS and protect viewer's privacy. 9045 9046== MediaWiki 1.19.23 == 9047 9048This is a security and maintenance release of the MediaWiki 1.19 branch. 9049 9050=== Changes since 1.19.22 === 9051 9052* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which 9053could lead to xss. Permission to edit MediaWiki namespace is required to 9054exploit this. 9055* (bug T74222) The original patch for T74222 was reverted as unnecessary. 9056* Add missing $ in front of variable in OutputPage.php 9057 9058== MediaWiki 1.19.22 == 9059 9060This is a security and maintenance release of the MediaWiki 1.19 branch. 9061 9062=== Changes since 1.19.21 === 9063 9064* ({{bug|66776}}, {{bug|71478}}) SECURITY: User PleaseStand reported a way to 9065inject code into API clients that used format=php to process pages that 9066underwent flash policy mangling. This was fixed along with improving how the 9067mangling was done for format=json, and allowing sites to disable the mangling 9068using $wgMangleFlashPolicy. 9069* ({{bug|72222}}) SECURITY: Do not show log action when the entry is revdeleted 9070with DELETED_ACTION. NOTICE: this may be reverted in a future release pending a 9071public RFC about the desired functionality. This issue was reported by user 9072Bawolff. 9073* ({{bug|71621}}) Make allowing site-wide styles on restricted special pages a 9074config option. 9075* $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that 9076might be a flash policy directive configurable. 9077 9078== MediaWiki 1.19.21 == 9079This is a maintenance release of the MediaWiki 1.19 branch. 9080 9081=== Changes since 1.19.20 === 9082* (bug 67440) Allow classes to be registered properly from installer. 9083* (bug 47281) Fixed a dumpBackup.php error with --uploads 9084 --include-filesoptions: Unable to find the wrapper "mwstore". 9085* System administrators are encouraged to upgrade to this release or 1.22+ and 9086 produce a full data dump. 9087 https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Backing_up_a_wiki 9088* (bug 63049) Removed anonymous functions from ApiFormatBase, added in1.19.13 as 9089 part of the fix for bug 61362, for PHP 5.2 compatibility. 9090 9091== MediaWiki 1.19.20 == 9092This is a security release of the MediaWiki 1.19 branch. 9093 9094=== Changes since 1.19.19 === 9095* (bug 70672) SECURITY: OutputPage: Remove separation of css and js module 9096 allowance. 9097 9098== MediaWiki 1.19.19 == 9099This is a security release of the MediaWiki 1.19 branch. 9100 9101=== Changes since 1.19.18 === 9102* (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style> 9103 elements; normalize style elements and attributes before filtering; add checks 9104 for attributes that contain css; add unit tests for html5sec and reported 9105 bugs. 9106 9107== MediaWiki 1.19.18 == 9108This is a security release of the MediaWiki 1.19 branch. 9109 9110=== Changes since 1.19.17 === 9111* (bug 68187) SECURITY: Prepend jsonp callback with comment. 9112* (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and 9113 ParserOutput. 9114 9115== MediaWiki 1.19.17 == 9116This is a security and maintenance release of the MediaWiki 1.19 branch. 9117 9118=== Changes since 1.19.16 === 9119* (bug 65839) SECURITY: Prevent external resources in SVG files. 9120* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like 9121 only extracting the tail of the file partially or not at all. 9122 9123== MediaWiki 1.19.16 == 9124This is a security release of the MediaWiki 1.19 branch. 9125 9126=== Changes since 1.19.15 === 9127* (bug 65501) SECURITY: Don't parse usernames as wikitext on 9128 Special:PasswordReset. 9129 9130== MediaWiki 1.19.15 == 9131This is a security and maintenance release of the MediaWiki 1.19 branch. 9132 9133=== Changes since 1.19.14 === 9134Fixed resetting passwords. 9135* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to 9136 appear blank or with missing text. 9137 9138== MediaWiki 1.19.14 == 9139This is a security and maintenance release of the MediaWiki 1.19 branch. 9140 9141=== Changes since 1.19.13 === 9142* (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword. 9143* (bug 62467) Set a title for the context during import on the cli. 9144 9145== MediaWiki 1.19.13 == 9146This is a security and maintenance release of the MediaWiki 1.19 branch. 9147 9148=== Changes since 1.19.12 === 9149* (bug 61362) SECURITY: API: Don't find links in the middle of api.php links. 9150* Use the correct branch of the extensions' git repositories. 9151 9152== MediaWiki 1.19.12 == 9153This is a security release of the MediaWiki 1.19 branch. 9154 9155=== Changes since 1.19.11 === 9156* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted 9157 namespaces. Also disallow iframe elements. * User will get an error including 9158 the namespace name if they use a non- whitelisted namespace. 9159* (bug 61346) SECURITY: Make token comparison use constant time. It seems like 9160 our token comparison would be vulnerable to timing attacks. This will take 9161 constant time. 9162 9163== MediaWiki 1.19.11 == 9164This is a security release of the MediaWiki 1.19 branch. 9165 9166=== Changes since 1.19.10 === 9167* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media 9168 formats 9169 9170== MediaWiki 1.19.10 == 9171This is a security release of the MediaWiki 1.19 branch. 9172 9173=== Changes since 1.19.9 === 9174* (bug 57550) SECURITY: Disallow stylesheets in SVG Uploads 9175* (bug 58088) SECURITY: Don't normalize U+FF3C to \ in CSS Checks 9176* (bug 58472) SECURITY: Disallow -o-link in styles 9177* (bug 58553) SECURITY: Return error on invalid XML for SVG Uploads 9178* (bug 58699) SECURITY: Fix RevDel log entry information leaks 9179 9180== MediaWiki 1.19.9 == 9181This is a security and maintenance release of the MediaWiki 1.19 branch. 9182 9183=== Changes since 1.19.8 === 9184* (bug 53032) SECURITY: Don't cache when a call could autocreate 9185* (bug 55332) SECURITY: Improve css javascript detection 9186* (bug 49717) Fix behaviour $wgVerifyMimeType = false; in Upload 9187* Translations 9188 9189== MediaWiki 1.19.8 == 91902013-09-03 9191 9192This is a security and maintenance release of the MediaWiki 1.19 branch. 9193 9194=== Changes since 1.19.7 === 9195* SECURITY: Sanitize ResourceLoader exception messages 9196* SECURITY: Token-getting functions will fail when using jsonp callbacks. 9197* SECURITY: Fix extension detection with 2 .'s 9198* Allow a string other than '*' as condition for DatabaseBase::delete() 9199* Purge upstream caches when deleting file assets. 9200* jquery.tablesorter: Add missing dependency on jquery.mwExtension 9201 9202== MediaWiki 1.19.7 == 92032013-05-21 9204 9205This is a security release of the MediaWiki 1.19 branch 9206 9207=== Changes since 1.19.6 === 9208* (bug 48306) SECURITY: Run file validation checks on chunked uploads, and 9209 chunks of upload, during the upload process. 9210 9211== MediaWiki 1.19.6 == 92122013-04-30 9213 9214This is a security and maintenance release of the MediaWiki 1.19 branch 9215 9216=== Changes since 1.19.5 === 9217* (bug 47304) SECURITY: Check SVG xml encoding against whitelist 9218* (bug 46590) Added AbortChangePassword hook to allow extensions to abort 9219 password changes from Special:ChangePassword 9220* Localisation updates from http://translatewiki.net. 9221* mwdocgen.php: Implement --version option. 9222* Remove svnstat stuff used in Doxygen generation 9223* E_USER_DEPRECATED undefined prior to php 5.3 9224 9225== MediaWiki 1.19.5 == 92262013-04-15 9227 9228This is a security and maintenance release of the MediaWiki 1.19 branch 9229 9230=== Changes since 1.19.4 === 9231* (bug 47251) SECURITY: Disable external entities in Import 9232* (bug 46859) SECURITY: Disable external entities in XMLReader 9233* (bug 46084) SECURITY: Sanitize $limitReport before outputting 9234* (bug 43594) Fix notices displayed on PHP 5.4 9235* (bug 40585) Don't drop 'step="any"' in HTML input fields. 9236 9237== MediaWiki 1.19.4 == 92382013-03-04 9239 9240This is a security release of the MediaWiki 1.19 branch 9241 9242=== Changes since 1.19.3 === 9243* New preference type - 'api'. Preferences of this type are not shown on 9244 Special:Preferences, but are still available via the action=options API. 9245* (bug 44010) Context is passed to UserGetLanguageObject. 9246* The recursion guard on RequestContext::getLanguage() was weakened. 9247* (bug 44135/bug 42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST 9248* (bug 43518) API action=unblock should return the user name, not the full user 9249 object 9250 9251== MediaWiki 1.19.3 == 92522012-11-30 9253 9254This is a security release of the MediaWiki 1.19 branch 9255 9256=== Changes since 1.19.2 === 9257* (bug 40995) Prevent session fixation in Special:UserLogin (CVE-2012-5391) 9258* (bug 41400) Prevent linker regex from exceeding PCRE backtrack limit 9259* Increase permitted runtime for testParserTest (only used for continuous 9260 integration). 9261* Updated messages translations from http://translatewiki.net/ 9262 9263== MediaWiki 1.19.2 == 9264 9265This is a security release of the MediaWiki 1.19 branch 9266 9267=== Changes since 1.19.1 === 9268* (bug 39700) File: link to non-existing file can inject html 9269* (bug 39823) Hidden block text leaking to admins 9270* (bug 39184) LDAP password leakage 9271* (bug 39180) Disallow framing of api results 9272* (bug 37587) Enforce language codes to be html safe 9273* (bug 39824) Check global blocks on account creation 9274 9275== MediaWiki 1.19 == 9276 9277MediaWiki 1.19 is a large release that contains many new features and bug 9278fixes. This is a summary of the major changes of interest to users. 9279You can consult the RELEASE-NOTES-1.19 file for the full list of changes in 9280this version. 9281 9282Our thanks go to everyone who helped to improve MediaWiki by testing the beta 9283release and submitting bug reports. 9284 9285=== Changes since 1.19.1 === 9286* (bug 38406) Properly quote table names in DatabaseBase::tableName() 9287* (bug 38249) Parser will throw an exception instead of outputting gibberish if 9288 PCRE is compiled without support for unicode properties. 9289 9290=== Changes since 1.19.0 === 9291* (bug 36568) Fixed "Illegal string offset 'LIMIT'" warnings in updater 9292* (bug 36938) Correctly escape uselang attribute to prevent xss 9293* Expanded Blacklist for SVG Files 9294 9295=== Changes since 1.19 beta 2 === 9296* Special:Watchlist no longer sets links to feed when the user is anonymous. 9297* (bug 35961) Hash comparison should always be strict. 9298* Fix broken email confirmation expiration caused by MWCryptRand changes. 9299* (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php 9300 on line 598. 9301* (bug 36042) 'show' causes a fatal in blocks API. 9302 9303=== Changes since 1.19 beta 1 === 9304* (bug 35014) Including a special page no longer sets the page's title to the 9305 included page 9306* (bug 35019) Edit summaries are no longer transformed in notification e-mails 9307* (bug 35152) Help message for e-mail is shown again in user preferences 9308* (bug 34887) $3 and $4 parameters are now substituted correctly in message 9309 "movepage-moved" 9310* (bug 34841) Edit links are no longer displayed when display old page versions 9311* (bug 34889) User name should be normalized on Special:Contributions 9312* (bug 35051) If heading has a trailing space after == then its name is not 9313 preloaded into edit summary on section edit 9314* (bug 31417) New ID mw-content-text around the actual page text, without 9315 categories, contentSub, ... The same div often also contains the class 9316 mw-content-ltr/rtl. 9317* (bug 35303) Proxy and DNS blacklist blocking works again 9318* (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in 9319 core parser functions which operate on strings, such as padleft. 9320* (bug 18295) Don't expose strip markers when a tag appears inside a link 9321 inside a heading. 9322* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token 9323 parameter present. 9324* (bug 34907) Fixed exposure of tokens through load.php that could have 9325 facilitated CSRF attacks. 9326* (bug 35317) CSRF in Special:Upload. 9327 9328=== Configuration changes in 1.19 === 9329* Removed SkinTemplateSetupPageCss hook; use BeforePageDisplay instead. 9330* (bug 27132) movefile right granted by default to registered users. 9331* Default cookie lifetime ($wgCookieExpiration) is increased to 180 days. 9332* (bug 31204) Removed old user.user_options. 9333* $wgMaxImageArea now applies to jpeg files if they are not scaled with 9334 ImageMagick. 9335* Introduced $wgQueryPageDefaultLimit (defaults to 50) for the number of 9336 items to show by default on query pages (special pages such as Whatlinkshere). 9337* (bug 32470) Increase the length of ug_group. 9338* (bug 32239) Removed $wgEnableTooltipsAndAccesskeys. 9339* Removed $wgVectorShowVariantName. 9340* Removed $wgExtensionAliasesFiles. Use $wgExtensionMessagesFiles. 9341* Removed $wgResourceLoaderInlinePrivateModules , now always enabled. 9342 9343=== New features in 1.19 === 9344* (bug 19838) Add ability to get all interwiki prefixes also if the interwiki 9345 cache is used. 9346* $wgDnsBlacklistUrls now accepts an array with url and key as the 9347 elements to work with DNSBLs that require keys, such as 9348 Project Honeypot. 9349* (bug 30022) Add support for custom loadScript sources to ResourceLoader. 9350* (bug 19052) Unicode space separator characters (Zs) now terminates external 9351 links and images links. 9352* (bug 30160) Add public method to mw.loader to get module names from registry. 9353* (bug 15558) Parameters to special pages included in wikitext can now be passed 9354 as with templates. 9355* Installer now issues a warning if mod_security is present. 9356* (bug 29455) Add support for a filter callback function in jQuery byteLimit 9357 plugin. 9358* Added two new GetLocalURL hooks to better serve extensions working on a 9359 limited type of titles. 9360* Added a --no-updates flag to importDump.php that skips updating the links 9361 tables. 9362* Most presentational html attributes like valign are now converted to inline 9363 css style rules. These attributes were removed from html5 and so we clean 9364 them up when $wgHtml5 is enabled. This can be disabled using 9365 $wgCleanupPresentationalAttributes. 9366* Magic words (time and number-formatting ones, plus DIRECTIONMARK, but not 9367 NAMESPACE) now depend on the page content language instead of the site 9368 language. In theory this sets the right magic words in system messages, 9369 although they are not used there. 9370* (bug 30451) Add page_props to RefreshLinks::deleteLinksFromNonexistent. 9371* (bug 30450) Clear page_props table on page deletion. 9372* Hook added to check for exempt from account creation throttle. 9373* (bug 30344) Add configuration variable for setting custom priorities when 9374 generating sitemaps. 9375* (bug 96170) Add array support for space-separated list attributes (like 9376 'class') in the Html helper class. 9377* (bug 26470) Add checkered background image on hover on files pages. 9378* (bug 30774) mediawiki.html: Add support for numbers and booleans in the 9379 attribute values and element contents. 9380* Conversion script between Tifinagh and Latin for the Tachelhit language. 9381* (bug 16755) Add options 'noreplace' and 'noerror' to {{DEFAULTSORT:...}} 9382 to stop it from replace an already existing default sort, and suppress error. 9383* (bug 18578) Rewrote revision delete related messages to allow better 9384 localisation. 9385* (bug 30364) LanguageConverter now depends on the page content language 9386 instead of the wiki content language. 9387* Jump links will now be usable in CSS-capable browsers instead of only 9388 in outdated text browsers. 9389* New common*.css files usable by skins instead of having to copy piles 9390 of generic styles from MonoBook or Vector's css. 9391* Some deprecated presentational html attributes will now be automatically 9392 converted to css. 9393* (bug 31297) Add support for namespaces in Special:RecentChanges subpage filter 9394 syntax. 9395* The default user signature now contains a talk link in addition to the user 9396 link. 9397* (bug 25306) Add link of old page title to MediaWiki:Delete_and_move_reason. 9398* Added hook BitmapHandlerCheckImageArea. 9399* (bug 30062) Add $wgDBprefix option to cli installer. 9400* getUserPermissionsErrors and getUserPermissionsErrorsExpensive hooks are now 9401 also called when checking for 'read' permission. 9402* Introduce $wgEnableSearchContributorsByIP which controls whether searching 9403 for an IP address redirects to the contributions list for that IP. 9404* (bug 8859) Database::update should take array of tables too. 9405* (bug 19698) Add "Inverse namespaces" option to Special:Contributions. 9406* (bug 24037) Add byte length of revision to Special:Contributions. 9407* (bug 1672) Added $wgDisableUploadScriptChecks to allow uploading of files 9408 containing HTML or JS. DISABLING THESE CHECKS IS VERY DANGEROUS. 9409* New path mappings can be added using the WebRequestPathInfoRouter hook 9410 and adding paths to the PathRouter. 9411* (bug 32666) Special:ActiveUsers now allows a subpage to be used as value for 9412 the "target" query parameter (eg. Special:ActiveUsers/Username). 9413* New JavaScript variable wgPageContentLanguage. 9414* Added new debugging toolbar, enabled with $wgDebugToolbar. 9415* Differences in the history page now uses slightly better colors for people 9416 perceiving colors differently. 9417* (bug 32879) Upgrade jQuery to 1.7.1. 9418* jQuery UI upgraded to 1.8.17. 9419* Extensions can use the 'Language::getMessagesFileName' hook to define new 9420 languages using messages files outside of core. 9421* (bug 32512) Add 'Associated namespace' checkbox to Special:Contributions. 9422* Added $wgSend404Code, true by default, which can be set to false to send a 9423 200 status code instead of 404 for nonexistent articles. 9424* (bug 33447) Link to the broken image tracking category from 9425 Special:Wantedfiles. 9426* (bug 27724) Add timestamp to job queue. 9427* (bug 30339) Implement SpecialPage for running javascript tests. Disabled by 9428 default, due to tests potentially being harmful, not to be run on a production 9429 wiki. Enable by setting $wgEnableJavaScriptTest to true. 9430* Extensions can use the RequestContextCreateSkin hook to override what skin is 9431 loaded in some contexts. 9432* (bug 33456) Show $wgQueryCacheLimit on cached query pages. 9433* (bug 10574) Add an option to allow all pages to be exported by Special:Export. 9434* mediawiki.js Message object constructor is now publicly available as 9435 mw.Message. 9436* (bug 29309) Allow CSS class per tooltip (tipsy). 9437* (bug 33565) Add accesskey/tooltip to submit buttons on Special:EditWatchlist. 9438* (bug 17959) Inline rendering/thumbnailing for Gimp XCF images. 9439* (bug 27775) Namespace has it's own XML tag in the XML dump file. 9440* (bug 30513) Redirect tag is now resolved in XML dump file. 9441* sha1 xml tag added to XML dump file. 9442* (bug 33646) Badtitle error page now emits a 400 HTTP status. 9443* Special:MovePage now has a dropdown menu for namespaces. 9444* (bug 34420) Special:Version now shows git HEAD sha1 when available. 9445* (bug 33952) Refactor mw.toolbar to allow dynamic additions at any time. 9446 9447=== Bug fixes in 1.19 === 9448* $wgUploadNavigationUrl should be used for file redlinks if. 9449 $wgUploadMissingFileUrl is not set. The first was used for this 9450 until the second was introduced in 1.17. 9451* BREAKING CHANGE: Style rules for wikitable are now more specific and prevent 9452 inheritance to nested tables which caused various issues (bug 30485 and bug 9453 33434). If your wiki has overridden rules for ".wikitable", please revise them 9454 and adjust where necessary. For comparison, use the "table.wikitable" section 9455 in skins/common/shared.css as base. 9456* $wgUploadNavigationUrl is now used for file redlinks if 9457 $wgUploadMissingFileUrl is not set. The former was used for this until the 9458 second was introduced in 1.17. 9459* (bug 27894) Move 'editondblclick' event listener down from body to 9460 div#bodyContent. 9461* (bug 30172) The check for posix_isatty() in maintenance scripts did not detect 9462 when the function exists but is disabled. Introduced 9463 Maintenance::posix_isatty(). 9464* (bug 30264) Changed installer-generated LocalSettings.php to use 9465 require_once() instead require() for included extensions. 9466* Do not convert text in the user interface language to another script. 9467* (bug 26283) Previewing user JS/CSS pages didn't load other user JS/CSS pages. 9468* (bug 26486) ResourceLoader modules with paths to nonexistent files cause PHP 9469 warnings/notices to be thrown. 9470* (bug 30335) Fix for HTMLForms using GET that were breaking when non-friendly 9471 URLs are used. 9472* (bug 28649) Preventing half truncated multi-byte unicode characters when 9473 truncating log comments. 9474* Show --batch-size option in help of maintenance scripts that support it. 9475* (bug 4381) Magic quotes cleaning was not comprehensive, key strings were not 9476 unescaped. 9477* (bug 23057) Importers no longer can 'edit' or 'create' a fully-protected page 9478 by importing a new revision into it. 9479* Allow moving the associated talk pages of subpages even if the base page 9480 has no subpage. 9481* Per page edit-notices now work in namespaces without subpages enabled. 9482* (bug 31081) $wgEnotifUseJobQ is no longer unconditionally enqueueing jobs. 9483* (bug 30202) File names are now restricted on upload to 240 bytes, because of 9484 restrictions on some of the database fields. 9485* Timezones are now recognised in user preferences when offset is different 9486 due to DST. 9487* (bug 31692) "summary" parameter now also works when undoing revisions. 9488* (bug 18823) "move succeeded" text displayed bluelinks even when redirect was 9489 suppressed. 9490* (bug 19186) Special:UserLogin's title on Special:SpecialPages now says 9491 "create account" when the user cannot create an account. 9492* (bug 31818) 'usercreated' message now supports GENDER. 9493* (bug 32022) Our phpunit.php script can now be executed from another directory. 9494* (bug 26020) Setting $wgEmailConfirmToEdit to true no longer removes diffs 9495 from recent changes feeds. 9496* (bug 30232) add current time to message wlnote on Special:Watchlist. 9497* (bug 29110) $wgFeedDiffCutoff did not affect new pages. 9498* (bug 32168) Add wfRemoveDotSegments for use in wfExpandUrl. 9499* (bug 32358) Do not display "No higher resolution available" for dimensionless 9500 files (like audio files). 9501* (bug 32168) Add wfAssembleUrl for use in wfExpandUrl. 9502* (bug 32168) fixed - wfExpandUrl expands dot segments now. 9503* (bug 31535) Upload comments now truncated properly, and don't have brackets. 9504* (bug 32086) Special:PermanentLink now shows an error message when no subpage 9505 was specified. 9506* (bug 30368) Special:Newpages now shows the new page name for moved pages. 9507* (bug 1697) The way to search blocked usernames in block log should be clearer. 9508* (bug 29747) eAccelerator shared memory caching has been removed since it is 9509 now disabled by default and is buggy. APC, XCache and WinCache are not 9510 affected. 9511* Installer now refuses to install if php was not compiled with Ctype support. 9512* (bug 29475) Remove "trackback" feature entirely from core. 9513* (bug 32665) Special:BlockList prefills the username in the input field if 9514 using the Special:BlockList/username URL. 9515* (bug 27721) Make JavaScript variables wgSeparatorTransformTable and 9516 wgDigitTransformTable depend on page content language so the sort script 9517 sorts correctly more often. 9518* (bug 32230) Expose wgRedirectedFrom in JavaScript. 9519* (bug 31212) History tab not collapsed when the screen is narrow. 9520* (bug 15521) Use new section summary when the action of adding a new section 9521 also happens to create the page. 9522* (bug 32960) Remove EmailAuthenticationTimestamp from database when a 9523 email address is removed. 9524* (bug 32414) Empty page get a empty bytes attribute in Export/Dump. 9525* (bug 33101) Viewing a User or User talk of username resembling IP ending 9526 with .xxx causes Internal error. 9527* Warning about undefined index in certain situations when $wgLogRestrictions 9528 causes the first log type requested to be removed but not the others. 9529* Use separate message ('prefixindex-namespace') for title of 9530 Special:PrefixIndex rather then re-using Special:AllPages's allinnamespace. 9531* (bug 33156) Special:Block now allows you to confirm you want to block yourself 9532 when using non-normalized username. 9533* (bug 33246) News icon shown for news:// URLs but not for news: URLs. 9534* (bug 33305) Make mw.util.addCSS resistant to IE's @font-face bug by setting 9535 cssText after DOM insertion. 9536* (bug 30711) When adding a new section to a page with section=new, the text is 9537 now always added to the current version of the page. 9538* (bug 31719) Fix uploads of SVGs exported by Adobe Illustrator by expanding 9539 XML entities correctly. 9540* (bug 30914) Embeddable ResourceLoader modules (user.options, user.tokens) 9541 should be loaded in <head> for proper dependency resolution. 9542* (bug 32702) Removed method Skin::makeGlobalVariablesScript() has been readded 9543 for backward compatibility. 9544* (bug 31469) Make sure tracking category messages expand variables like 9545 {{NAMESPACE}} relative to correct title. 9546* (bug 33454) ISO-8601 week-based year number (format character 'o') is now 9547 calculated correctly with respect to timezone. 9548* (bug 32219) InstantCommons now fetches content from Wikimedia Commons using 9549 HTTPS when the local wiki is served over HTTPS. 9550* (bug 33525) clearTagHooks doesn't clear function hooks. 9551* (bug 33523) Function tag hooks don't appear on Special:Version. 9552* Files with IPTC blocks we can't read no longer prevent extraction of exif 9553 or other metadata. 9554* (bug 33587) Remove action "historysubmit" from history pages. 9555* (bug 25800) mw.config wgAction should contain the actually performed action 9556 instead of whatever the query value contains. 9557* (bug 4438) Add CSS hook for current WikiPage action. 9558* (bug 33703) Common border-bottom color for <abbr> should inherit default 9559 (text) color. 9560* (bug 33819) Display file sizes in appropriate units. 9561* (bug 32948) {{REVISIONID}} and related variables are no longer blank after 9562 doing a null edit. 9563* (bug 33880) $wgUsersNotifiedOnAllChanges should not send e-mail to user who 9564 made the edit. 9565* (bug 33902) Decoding %2B with mw.Uri.decode results in ' ' instead of +. 9566* (bug 33762) QueryPage-based special pages no longer misses *-summary message. 9567* Other sizes links are no longer generated for wikis without a 404 thumbnail 9568 handler. 9569* (bug 29454) Enforce byteLimit for page title input on Special:MovePage. 9570* (bug 34114) CSSMin::remap() doesn't respect its $embed parameter. 9571* Special:Contributions/newbies now shows the contributions for the user 9572 "newbies". New user contributions are obtained using the form or using 9573 ?contribs=newbie in URL. 9574* It is now possible to delete images that have no corresponding description 9575 pages. 9576* (bug 33165) GlobalFunctions.php line 1312: Call to a member function 9577 getText() on a non-object. 9578* (bug 31676) Group dynamically inserted CSS into a single <style> tag, to work 9579 around a bug where not all styles were applied in Internet Explorer. 9580* (bug 28936, bug 5280) Broken or invalid titles can't be removed from 9581 watchlist. 9582* (bug 34600) Older skins using useHeadElement=false were broken in 1.18. 9583* (bug 34604) [mw.config] wgActionPaths should be an object instead of a numeral 9584 array. 9585* (bug 12262) Indents and lists are now aligned 9586* (bug 29753) mw.util.tooltipAccessKeyPrefix should be alt-shift for Chrome 9587 on Windows 9588* (bug 25095) Special:Categories should also include the first relevant item 9589 when "from" is filled. 9590* (bug 34972) An error occurred while changing your watchlist settings for 9591 [[Special:WhatLinksHere/Example]] 9592 9593=== API changes in 1.19 === 9594* Made action=edit less likely to return "unknownerror", by returning the actual 9595 error message (which may have come from a hook call or similar). 9596* (bug 19838) siprop=interwikimap can now use the interwiki cache. 9597* (bug 29748) Add API search prefix support. 9598* (bug 29684) Set forgotten parameter types in ApiQueryIWLinks. 9599* (bug 29685) do not output NULL parentid with list=deletedrevs&drprop=parentid. 9600* siprop=interwikimap and siprop=languages can use silanguagecode to have 9601 a best effort language name translation. Use CLDR extension for best result. 9602* (bug 30230) action=expandtemplates should not silently override invalid title 9603 inputs. 9604* (bug 18634) Create API to fetch MediaWiki's language fallback tree structure. 9605* (bug 26885) Allow show/hide of account blocks, temporary blocks and single IP 9606 address blocks for list=blocks. 9607* (bug 30591) Add support to only return keys in ApiAllMessages. 9608* The API now respects $wgShowHostnames and won't share the hostname in 9609 servedby if it's set to false. 9610* wlexcludeuser parameter added to ApiFeedWatchlist. 9611* (bug 7304) Links on redirect pages no longer cause the redirect page to show 9612 up as a redirect to the linked page on Special:Whatlinkshere. 9613* (bug 32609) API: Move captchaid/captchaword of action=edit from core 9614 to Captcha extension(s). 9615* Added 'APIGetDescription' hook. 9616* (bug 32688) Paraminfo for parameter "generator" of the query module shows too 9617 many types. 9618* (bug 32415) Empty page get no size attribute in API output. 9619* (bug 31759) Undefined property notice in querypages API. 9620* (bug 32495) API should allow purge by pageids. 9621* (bug 33147) API examples should explain what they do. 9622* (bug 33482) Api incorrectly calls ApiBase::parseMultiValue if allowed 9623 values is given as an array. 9624* (bug 32948) {{REVISIONID}} and related variables are no longer blank after 9625 calling action=purge&forcelinkupdate. 9626* (bug 34377) action=watch now parses messages using the correct title instead 9627 of "API". 9628* (bug 35036) WikiLove messages were not automatically updated in JavaScript 9629 after having been changed on-wiki due to a bug in core 9630 9631=== Languages updated in 1.19 === 9632 9633MediaWiki supports over 350 languages. Many localisations are updated 9634regularly. Below only new and removed languages are listed, as well as 9635changes to languages because of Bugzilla reports. 9636 9637* Canadian English (en-ca) (new). 9638* Norwegian (bokmål) (nb) (renamed from no). 9639* Uighur (Latin) (ug-latn) was incorrectly marked as right-to-left language. 9640* (bug 30217) Make pt-br a fallback of pt. 9641* (bug 31193) Set fallback language of Assamese from Bengali to English. 9642* Update date format for dsb and hsb: month names need the genitive. 9643* (bug 28643) Serbian variant conversion improvements (Nikola Smolenski). 9644* (bug 29405, bug 30809) Lower diacritics are invisible in titles in Indic 9645 languages Assamese, Bengali, Hindi, Malyalam and Odiya. 9646* (bug 32826) Titles in indic languages are partially cut. 9647* (bug 33367) Gendered namespaces for Czech. 9648* (bug 33014) Language::formatSize()/formatBitrate() should be able to deal 9649 with larger numbers (tera-yotta). 9650 9651=== Other changes in 1.19 === 9652* BREAKING CHANGE: Legacy global array 'ta' and global function 'akeytt' have 9653 been removed from wikibits.js. 9654* jquery.mwPrototypes module was renamed to jquery.mwExtension. 9655* The maintenance script populateSha1.php was renamed to the more concise 9656 populateImageSha1.php. 9657* The Client-IP header is no longer checked for when trying to resolve a 9658 client's real IP address. 9659* (bug 22096) Although IE5.x and below was already unsupported officially, 9660 stylesheets existing exclusively for IE5.0 and IE5.5 have now been removed 9661 (which were in skins 'chick' and 'monobook'). 9662* The constructor for CategoryView has changed, the second parameter is now a 9663 Context source and is required. 9664* The Title::escape{Local,Full,Canonical}URL methods are deprecated, please use 9665 proper html building methods to escape the normal get{...}URL methods instead. 9666* The $variant arguments in the Title::get{Local,Full,Link,Canonical}URL methods 9667 have been replaced with a secondary query argument. 9668* The $variant argument in the hooks for the 9669 Title::get{Local,Full,Link,Canonical}URL methods have been removed, the 9670 variant is now part of the $query argument. 9671* Removed Title::isValidCssJsSubpage(), deprecated since 1.17 in favor of 9672 using Title::isCssJsSubpage() or checking Title::isWrongCaseCssJsPage(). 9673* Support for the deprecated hook MagicWordMagicWords was removed. 9674* The Xml::namespaceSelector method has been deprecated, please use 9675 Html::namespaceSelector instead (note that the parameters have changed also). 9676* (bug 33746) Preload popular ResourceLoader modules (mediawiki.util) as 9677 stop-gap for scripts missing dependencies. 9678 New configuration variable $wgPreloadJavaScriptMwUtil has been introduced for 9679 this (set to false by default for new installations). Set to true if your wiki 9680 has a large amount of user/site scripts that are lacking dependency 9681 information. In the short to medium term these user/site scripts should be 9682 fixed by adding the used modules to the dependencies in the module registry 9683 and/or wrapping them in a callback to mw.loader.using. 9684 9685== MediaWiki 1.18 == 9686 9687== MediaWiki 1.18.6 == 96882012-11-29 9689 9690This is a maintenance and security release of the MediaWiki 1.18 branch 9691 9692=== Changes since 1.18.5 === 9693* ([[bugzilla:40995|bug 40995]]) Prevent session fixation in Special:UserLogin 9694(CVE-2012-5391) 9695* ([[bugzilla:41400|bug 41400]]) Prevent linker regex from exceeding PCRE 9696backtrack limit 9697* Localisation updates 9698* Increase permitted runtime for testParserTest 9699* ([[bugzilla:36179|bug 36179]]) Unquote 'null' for PostgreSQL. 9700 9701== MediaWiki 1.18.5 == 97022012-08-30 9703 9704This is a security release of the MediaWiki 1.18 branch 9705 9706=== Changes since 1.18.4 === 9707* (bug 39700) File: link to non-existing file can inject html 9708* (bug 39823) Hidden block text leaking to admins 9709* (bug 39184) LDAP password leakage 9710* (bug 39180) Disallow framing of api results 9711* (bug 37587) Enforce language codes to be html safe 9712* (bug 39824) Check global blocks on account creation 9713 9714== MediaWiki 1.18.4 == 97152012-06-12 9716 9717This is a security release of the MediaWiki 1.18 branch. 9718 9719=== Changes since 1.18.3 === 9720* (bug 36938) Correctly escape uselang attribute to prevent xss 9721* Expanded Blacklist for SVG Files 9722 9723== MediaWiki 1.18.3 == 97242012-04-25 9725 9726This is a maintenance release of the MediaWiki 1.18 branch. 9727 9728=== Changes since 1.18.2 === 9729* (bug 35446) Using "{{nse:}}" with an invalid namespace name no longer throws 9730 a PHP warning. 9731* (bug 35567) The whole password reminder e-mail is now sent in the same 9732 language. 9733* (bug 35961) Hash comparison should always be strict. 9734* (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php 9735 on line 598. 9736* Fix broken email confirmation expiration caused by MWCryptRand changes. 9737 9738== MediaWiki 1.18.2 == 97392012-03-21 9740 9741This is a maintenance and security release of the MediaWiki 1.18 branch. 9742 9743=== Changes since 1.18.1 === 9744* (bug 33686) could not get a list of contributors for an article when using 9745 a SQLite database. 9746* (Bug 33865) Exception thrown in action=parse when attempting to use the title 9747 parameter without setting the text parameter. 9748* UserMailer could potentially throw a fatal error when a MailAddress object had 9749 an empty email address. 9750* (Bug 33087) Exchange server rejected mail sent by MediaWiki 9751* (bug 34528) Edit section tooltips show correction section name again 9752* (bug 34246) MediaWiki:Whatlinkshere-summary message is displayed again in 9753 Special:Whatlinkshere 9754* (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in 9755 core parser functions which operate on strings, such as formatnum. 9756* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token 9757 parameter present. 9758* (bug 34907) Fixed exposure of tokens through load.php that could have 9759 facilitated CSRF attacks. 9760* (bug 35317) CSRF in Special:Upload. 9761 9762== MediaWiki 1.18.1 == 97632012-01-11 9764 9765This a maintenance and security release of the MediaWiki 1.18 branch. 9766 9767=== Changes since 1.18.0 === 9768* (bug 32712) Fix for search indexing of pages with certain unicode chars 9769 following URL. 9770* (bug 3901) Lang, hreflang attribs added to sidebar interlanguage links for 9771 screen readers. 9772* (bug 30774) mediawiki.html: Add support for numbers and booleans in the 9773 attribute values and element contents. 9774* (bug 32473) [[Special:PasswordReset]] can not be used on private wiki. 9775* (bug 32853) Fixed CACHE_DBA object cache type. 9776* (bug 32786) Backward compatibility for extension using 1.17's 9777 Database::newFromType(). 9778* Fixed exception when using Special:WhatLinksHere on a Media: file. 9779* (bug 32709) Private Wiki users were always taken to Special:Badtitle on login. 9780* (bug 33240) Sort images are missing but referenced in css. 9781* (bug 31921) Magic words REVISIONDAY, REVISIONMONTH and REVISIONYEAR were 9782 not showing their values on preview. 9783* (bug 32702) Removed method Skin::makeGlobalVariablesScript() has been readded 9784 for backward compatibility. 9785* (bug 30172) The check for posix_isatty() in maintenance scripts did not detect 9786 when the function exists but is disabled. Introduced 9787 Maintenance::posix_isatty(). 9788* (bug 33305) Make mw.util.addCSS resistant to IE's @font-face bug by setting 9789 cssText after DOM insertion. 9790* (bug 29102) Upgrades no longer fail with the error "Unknown character set: 9791 'mysql4'. 9792* (bug 25355) Parser generates edit section links for special pages. 9793* (bug 33321) Adding a line to MediaWiki:Sidebar that contains a pipe, but 9794 doesn't have any pipes after being transformed by MessageCache, causes 9795 exception on all pages. 9796* Fixed recentchanges FK violation on page delete and cache purge error in 9797 updater for Oracle DB. 9798* (bug 33117) prop=revisions allows deleted text to be exposed through cache 9799 pollution. 9800 9801== MediaWiki 1.18.0 == 98022011-11-24 9803 9804This is the first stable release of the MediaWiki 1.18 branch. 9805 9806=== Summary of selected changes in 1.18 === 9807 9808Selected changes since MediaWiki 1.17 that may be of interest: 9809 9810* Some of the more commonly used MediaWiki extensions are now included in the 9811 release tarball. These extensions are ConfirmEdit, Gadgets, Nuke, 9812 ParserFunctions, Renameuser, Vector and WikiEditor. 9813 9814* Gender support has been improved, meaning user pages can display the correct 9815 gender variant of "User" can now be used. 9816 9817* MediaWiki can now detect the camera orientation of an image from the Exif 9818 metadata, and can rotate the image thumbnail appropriately. Metadata support 9819 has been generally improved, and can now extract IPTC and XMP metadata. 9820 9821* Improved directionality support in 1.18 means that MediaWiki is better to use 9822 for RTL users. 9823 9824* MediaWiki now supports protocol - relative URLs in links, interwiki targets 9825 and $wgServer 9826 9827* Math support has been removed from core 9828 9829=== Changes since 1.18.0rc1 === 9830* (bug 32228) regression in Special:Search which did not conserve profile on 9831 new search 9832* (bug 32460) Categories were improperly aligned in Simple and CologneBlue 9833* (bug 32412) TOC links on [[Special:EditWatchlist]] points to the fieldsets 9834* (bug 32582) Fix TOC show/hide link regression on IE 8 9835 9836=== Changes since 1.18 beta 1 === 9837* (bug 31886) Wrong titles redirecting to Special:Badtitle in the 1.18 9838 deployment. 9839* (bug 32051) Fix description for wlprop=sizes. 9840* (bug 31913) Special:MostLinkedTemplates had an incorrect GROUP BY clause 9841 under Microsoft SQL. 9842* (bug 32100) installer complains about suhosin GET limit. 9843* (bug 31933) fix 1.18 regression in Monobook sidebar: huge spacing between 9844 portlets on IE 7 and IE 8/9 in compatibility view. 9845* (bug 32126) Fix 1.18 regression in watchlist editor when items already removed 9846 from watchlist. 9847* (bug 32183) remove the client-* classes added from user-agent-sniffing onto 9848 the <html> element. 9849* (bug 29912) Unit tests break if parsertest tables are still present. 9850* (bug 31694) During installation, tabbing order (cursor focus) goes to logo 9851 instead of 'continue'. 9852* (bug 29102) Upgrade fails "Unknown character set: 'mysql4". 9853* (bug 31990) justify paragraphs pref adds extra space to category listing. 9854* (bug 20148) Better title for [[Special:Disambiguations]] page. 9855* (bug 31502) TOC is missing on Special:EditWatchlist. 9856* (bug 32256) API list=search stops at first invalid result. 9857* (bug 32047) jquery.tablesorter.js: thead is before caption. 9858* (bug 29854) Store protocol-relative links twice in the externallinks table, 9859 one with http: in el_index and once with https. 9860* (bug 31822) Error during upgrade due to output buffer reset in stdout. 9861 9862=== Configuration changes in 1.18 === 9863* The WantedPages::getSQL hook has been removed and replaced with 9864 WantedPages::getQueryInfo. This may break older extensions. 9865* The SkinTemplateBuildContentActionUrlsAfterSpecialPage, 9866 SkinTemplateContentActions and SkinTemplateTabs hooks have been removed in 9867 favor of SkinTemplateNavigation and SkinTemplateNavigation::SpecialPage. 9868* $wgUseCombinedLoginLink controls whether to output a combined 9869 login / create account link in the personal bar, or to output separate login 9870 and create account links. 9871* Skin names are no longer created based on a ucfirst version of the key in 9872 $wgValidSkinNames but now the value. This means for 9873 $wgValidSkinNames["monobook"] = "MonoBook"; the skin loader will no longer try 9874 loading SkinMonobook and will instead load SkinMonoBook. 9875* $wgMaxUploadSize may now be set to an array to specify the upload size limit 9876 per upload type. 9877* $wgAPICacheHelp added in 1.16 is now removed. To disable API help caching, set 9878 $wgAPICacheHelpTimeout = 0; 9879* OutputPage::isUserJsAllowed() no longer returns false when scripts are allowed 9880 by the page, but $wgAllowUserJs is set to false. 9881* Pure "Skin" class based custom skins are no longer supported, all custom skins 9882 should be put together using SkinTemplate and BaseTemplate or QuickTemplate. 9883* The transliteration for passwords in case they were migrated from an old 9884 Latin-1 install (previous to MediaWiki 1.5) is now only done for wikis with 9885 $wgLegacyEncoding set. 9886* (bug 27508) Add $wgSVGMetadataCutoff to limit the maximum amount of an SVG we 9887 look at when finding metadata to prevent excessive resource usage. 9888* $wgSysopUserBans and $wgSysopRangeBans (deprecated in 1.17) are now removed. 9889 Use $wgBlockCIDRLimit = array( 'IPv4' => 43, 'IPv6' => 128 ) to achieve the 9890 same functionality as $wgSysopRangeBans; you can use the BlockIp hook to 9891 replicate $wgSysopUserBans functionality. 9892* The options on the block form have been standardised such that checking a box 9893 makes the block 'more serious'; so while "check to prevent account creation" 9894 and "check to enable autoblock" remain the same, "check to allow user-talk 9895 edit" is reversed to "check to *disable* user-talk edit", and "check to block 9896 anon-only" becomes "check to block logged-in users too". The default settings 9897 remain the same. 9898* Most of the field names on the Special:Block form have been changed, which 9899 will probably break screen-scraping bots. 9900* (bug 26866) The 'trackback' right is no longer granted to sysops by default. 9901 $wgUseTrackbacks is already false by default. 9902* (bug 17009) the hiddenStructure CSS class, a highly hackish way of at least 9903 *appearing* to hide article elements, has been removed. Use the 9904 ParserFunctions extension to actually remove unwanted elements from the 9905 output. 9906* (bug 14202) $wgUseTeX has been superseded by the Math extension. To re-enable 9907 math conversion after upgrading, obtain the Math extension from SVN or from 9908 https://www.mediawiki.org/wiki/Extension:Math and add to LocalSettings.php: 9909 require_once "$IP/extensions/Math/Math.php"; 9910* $wgProfiler is now a configuration array, see StartProfiler.sample for 9911 details. 9912* $wgProfiling has been removed. 9913* The spyc library is now no longer included in phase3. 9914* (bug 28343) Unused preferences contextlines/contextchars have been removed 9915* $wgSkinExtensionFunctions has been removed. Use $wgExtensionFunctions instead. 9916* $wgProto has been removed. You now only need to set $wgServer to change the 9917 URL protocol. 9918* $wgRateLimitsExcludedGroups (deprecated in 1.13) has been removed. 9919* $wgInputEncoding and $wgOutputEncoding (deprecated in 1.5) have now been 9920 removed. 9921* $wgAllowUserSkin (deprecated in 1.16) has now been removed. 9922* $wgExtraRandompageSQL (deprecated in 1.16) has now been removed. 9923* LogReader and LogViewer classes (deprecated in 1.14) have now been removed. 9924* (bug 26033) Added $wgArticleCountMethod to select the method to use to say 9925 whether a page is an article or not. $wgUseCommaCount is now deprecated. 9926* $wgEnableDublinCoreRdf and $wgEnableCreativeCommonsRdf no longer work in core, 9927 and the functionality has been moved to the relevant extensions. See 9928 https://www.mediawiki.org/wiki/Extension:DublinCoreRdf and 9929 https://www.mediawiki.org/wiki/Extension:CreativeCommonsRdf as appropriate. 9930* (bug 21107) Split error "customcssjsprotected" into separate messages for JS 9931 and CSS 9932* Removed $wgCheckCopyrightUpload from DefaultSettings, since the relevant 9933 feature was removed in about 1.5. 9934* LogPageValidTypes, LogPageLogName, LogPageLogHeader and LogPageActionText 9935 hooks have been removed. 9936* New hook "Collation::factory" to allow extensions to create custom 9937 category collations. 9938* $wgGroupPermissions now supports per namespace permissions. 9939* $wgEnableAutoRotation enables or disables auto-rotation. Leaving it set to 9940 null will cause MediaWiki to determine if auto-rotation is available. 9941 9942=== New features in 1.18 === 9943* BREAKING CHANGE: action=watch / action=unwatch now requires a token. 9944* BREAKING CHANGE: Article class hierarchy split into WikiPage (backend) 9945 and Article (frontend) hierarchies. Several hooks now pass a WikiPage object 9946 instead of an Article object. These hooks all use an $article parameter as 9947 documented in hooks.txt. Extensions should be updated to account for this, 9948 though most won't require any changes. 9949* (bug 27860) Minor edit after clicking 'new section' tab 9950 Now the "This is a minor edit" checkbox is not available when you 9951 create a page or new section. 9952* (bug 8130) Query pages should limit to content namespaces, not just main 9953 namespace. 9954* Special:Contribs now redirects to Special:Contributions. 9955* (bug 6672) Images are now autorotated according to their EXIF orientation. 9956 This only affects thumbnails; the source remains unrotated. 9957* (bug 25708) Update case mappings and normalization to Unicode 6.0.0. 9958* New hook ArticlePrepareTextForEdit added, called when preparing text to be 9959 saved. 9960* New parser option PreSaveTransform added, allows the pre-save transformation 9961 to be selectively disabled. 9962* Alternative to $wgHooks implemented, using the new Hooks class. 9963* Add width parameter to Special:Filepath to allow getting the file path of a 9964 thumbnail. 9965* (bug 26870) Add size to {{filepath:}}. 9966* Upload warnings now show a thumbnail of the uploaded file. 9967* Introduced the edittools-upload message, which will be inserted under the 9968 upload form instead of edittools if available. 9969* (bug 26285) Extensions will be automatically generated on upload if the user 9970 specified a filename without extension. 9971* (bug 26851) Special:UserRights now allows to prefill the reason field 9972* New maintenance script to fix double redirects 9973 (maintenance/fixDoubleRedirects.php). 9974* (bug 23315) New body classes to allow easier styling of special pages. 9975* (bug 27159) Make email confirmation code expiration time configurable. 9976* (bug 29047) CSS/JS for each user group is imported from 9977 MediaWiki:Group-sysop.js, MediaWiki:Group-autoconfirmed.css, etc. 9978* (bug 24230) Uploads of ZIP types, such as MS Office or OpenOffice can now be 9979 safely enabled. A ZIP file reader was added which can scan a ZIP file for 9980 potentially dangerous Java applets. This allows applets to be blocked 9981 specifically, rather than all ZIP files being blocked. 9982* (bug 2429) Allow selection of associated namespace in recent changes. 9983* (bug 26217) File size is now checked before uploading in HTML5 browsers. 9984* CSS stylesheet MediaWiki:Noscript.css is now loaded for users with JavaScript 9985 disabled (enclosed in the head in a <noscript> tag). 9986* Added UserGetLanguageObject hook to change the language used in $wgLang. 9987* (bug 14645) When $wgMiserMode is on, expensive special pages are styled 9988 differently (italicized by default) on Special:SpecialPages. 9989* Added $wgAggregateStatsID, which allows UDP stats to be aggregated over 9990 several wikis. 9991* When $wgAllowMicrodataAttributes is true, all itemtypes are allowed, not just 9992 the three that were defined in the original specification. 9993* (bug 14706) Added support for the Imagick PHP extension. 9994* (bug 18691) Added support for SVG rasterization using the Imagick PHP 9995 extension. 9996* (bug 2581, bug 6834) Added links to thumbnail in several resolutions to the 9997 file description page. The sizes are set by $wgImageLimits. 9998* (bug 28031) Add pageCount support to ArchivedFile. 9999* (bug 27924) PhpHttpRequest doesn't return response body if HTTP != 200. 10000* Added hook BitmapHandlerTransform to allow extension to transform a file 10001 without overriding the entire handler. 10002* The parser now attempts to output markers for editsection tokens and defer the 10003 rendering of them post-cache to reduce parser cache fragmentation and ensure 10004 skin customizability of edit section links. 10005* (bug 24755) AuthPlugin auto-creation of local accounts can now be aborted by 10006 other extensions by handling the 'AbortAutoAccount' hook, similar to the 10007 'AbortNewAccount' triggered by explicit account creations. (They are separate 10008 to avoid loops and confusion; auth plugins like CentralAuth need to handle 10009 AbortNewAccount separately. 10010* Special:ListFiles is now transcludable. 10011* (bug 13879) Special:Emailuser asks for suitable target user if called without. 10012* (bug 16956) IPTC and XMP metadata now extracted from images. 10013* (bug 23816) A tracking category is now added for any pages with broken images. 10014* (bug 23495) Allow createAndPromote.php to create non-sysop users. 10015* (bug 28916) A way to to toggle mw.config legacy globals settings from 10016 LocalSettings.php has been created by introducing $wgLegacyJavaScriptGlobals. 10017* (bug 28503) Support for ircs:// URL protocols. 10018* (bug 26033) It is now possible to count all non-redirect pages in content 10019 namespaces as articles. 10020* Images can now be embedded in an XML dump stream using backupDump.php 10021 --include-files and can be imported using importDump.php --uploads; 10022 furthermore, it can import files from the filesystem using --image-base-path. 10023* Three new hooks in Special:Undelete, 'UndeleteForm::showHistory', 10024 'UndeleteForm::showRevision' and 'UndeleteForm::undelete', so that extensions 10025 may override the usage of PageArchive class and replace it with their own 10026 class that extends PageArchive. 10027* (bug 28915) Implement QUnit test suite for MediaWiki JavaScript. 10028 Also built-in support for distribution through a TestSwarm instance. 10029* (bug 29036) For cascade-protected pages, the mw-textarea-cprotected class is 10030 added to the textarea on the edit form. 10031* mw.util.wikiScript has been implemented (like wfScript in GlobalFunctions.php) 10032* (bug 29067) Expose user.tokens (like we do user.options) in ResourceLoader. 10033* New 'Debug' hook used by wfDebug() and wfDebugLog(). 10034* (bug 27655) Require token for watching/unwatching pages) 10035* (bug 28904) (bug 29773) Update jQuery version from 1.4.4 to 1.6.2 (the latest 10036 version) 10037* (bug 29441) Expose CapitalLinks config in JS to allow modules to properly 10038 handle titles on case-sensitive wikis. 10039* (bug 29397) Implement mw.Title module in core. 10040* In MySQL 4.1.9+ with replication enabled, fetch the slave lag from SHOW SLAVE 10041 STATUS instead of SHOW PROCESSLIST. This ensures that lag is reported 10042 correctly in the case where there are no write events occurring. Note that 10043 the DB user now needs to have the REPLICATION CLIENT privilege if you are 10044 using replication. 10045* Language codes in $wgDummyLanguageCodes are now excluded on localization 10046 statistics (maintenance/language/transstat.php). 10047* (bug 29586) Make the (next 200) links on categories link directly to 10048 the relevant section of the category. 10049* (bug 29109) Allow the automatic edit summary for redirect creation 10050 show the first bit of the new redirect page. 10051* (bug 29723) mw.util.wikiGetlink() now defaults to wgPageName. 10052* (bug 29680) Add GetDefaultSortkey hook to override the default sortkey. 10053* (bug 16699) {{#language:}} accepts second parameter to specify the language in 10054 which the language name is wanted. Coverage depends on the cldr extension. 10055* (bug 15802) An easy way to look up messages: language qqx which returns 10056 the message keys. 10057* (bug 29868) Add support for passing parameters to mw.msg in jquery.localize. 10058* (bug 29558) $wgMiserMode now disables update.php by default. 10059* AjaxCategories: Easily add, edit or delete categories on article pages. 10060 Suggests possible categories when typing, all saves are done via AJAX. 10061 Supports editing of multiple categories and then saving them in one batch. 10062* $wgAutopromoteOnce was added, allowing for users to be automatically promoted 10063 to explicit usergroups. If a group is removed from a user via 10064 Special:UserRights, it will not automatically be re-added. Configuration is 10065 similar to $wgAutopromote (see DefaultSettings.php). 10066* The PerformRetroactiveAutoblock hook was added to allow overriding or 10067 complementing retroactive autoblock handling. This runs when blocking a user 10068 with the 'autoblock' option. 10069* MediaWiki now supports using protocol-relative URLs in links, interwiki 10070 targets and $wgServer. 10071* Introduced $wgVaryOnXFPForAPI which will cause the API to send 10072 Vary: X-Forwarded-Proto headers. 10073* New maintenance script to refresh image metadata 10074 (maintenance/refreshImageMetadata.php). 10075* (bug 16428) Include permalink in printable version. 10076* (bug 30722) Add an identity collation that sorts things based on what the 10077 unicode code point is (aka pre-1.17 behavior). 10078* (bug 30940) Add a hook in User:getDefaultOptions. 10079 To give extensions a better and more flexible way of providing default 10080 values for preferences a hook has been introduced in User:getDefaultOptions(). 10081 Setting preferences in $wgDefaultUserOptions still work fine, but when reading 10082 them (i.e. with array_keys) to get a list of all preferences, then 10083 $wgDefaultUserOptions should no longer be used as it will contain those set 10084 via User:getDefaultOptions(). 10085* (bug 30497) Add client-nojs and client-js classes on document element 10086 to let styles easily hide or show things based on general JS availability. 10087* (bug 31293) If Special:Userlogin is loaded over HTTPS, display 10088 MediaWiki:loginend-https instead of MediaWiki:loginend, if it's not empty. 10089 Same for signupend on the account creation page. 10090* (bug 31233) New OutputPage::addJsConfigVars() method to make the output page 10091 specific mw.config map extendable. 10092* mw.util.wikiScript has been implemented (like wfScript in 10093 GlobalFunctions.php). 10094 10095=== Bug fixes in 1.18 === 10096* (bug 27860) Minor edit after clicking 'new section' tab. 10097* (bug 23119) WikiError class and subclasses are now marked as deprecated. 10098* (bug 10871) Javascript and CSS pages in MediaWiki namespace are no longer 10099 treated as wikitext on preview. 10100* (bug 22753) Output from update.php is more clear when things changed, entries 10101 indicating nothing changed are now all prefixed by "...". 10102* Page existence is now not revealed (in the colour of the tabs) to users who 10103 cannot read the page in question. 10104* (bug 19006) {{REVISIONUSER}} no longer acts like {{CURRENTUSER}} in some 10105 cases. 10106* (bug 16019) $wgArticlePath = "/$1" no longer breaks API edit/watch actions. 10107* (bug 18372) File types blacklisted by $wgFileBlacklist will no longer be shown 10108 as "Permitted file types" on the upload form. 10109* (bug 26379) importImages.php gives more descriptive error message on failure. 10110* (bug 26410) + signs are no longer treated as spaces in internal links if 10111 link has a % sign in it. 10112* (bug 26412) Search results headers no longer show a bogus edit link. 10113* (bug 26540) Fixed wrong call to applyPatch in MysqlUpdater. 10114* (bug 26574) Added 'upload' to $wgRestrictionTypes, allowing upload protected 10115 pages to be queried via the API and Special:ProtectedPages, and allowing 10116 disabling upload protection by removing it from $wgRestrictionTypes. 10117* If an edit summary exceeds 250 bytes and is truncated, add an ellipse. 10118* (bug 26638) Database error pages display correctly in RTL languages. 10119* (bug 26187) Confirmrecreate no longer parses the edit summary. 10120* (bug 26208) Mark directionality of some interlanguage links. 10121* (bug 26034) Make the "View / Read" tab in content_navigation style tabs remain 10122 selected when the action is "purge". 10123* (bug 14267) Support a MediaWiki:Mainpage-nstab override for the subject 10124 namespace tab on the mainpage of a wiki. 10125* (bug 10158) Do not mention allowing others to contact you when the feature 10126 is disabled ($wgEnableUserEmail=false). 10127* (bug 26733) Wrap initial table creation in transaction. 10128* (bug 26729) Category pages should return 404 if they do not exist and have no 10129 members. 10130* (bug 2585) Image pages should send 404 if no image, no shared image and no 10131 description page. 10132* Custom editintro's using the editintro url parameter will no longer show 10133 <noinclude> sections on pages they are included on. 10134* (bug 26449) Keep underlines from headings outside of tables and thumbs by 10135 adding overflow:hidden to h1,h2,h3,h4,h5,h6 (also fixes editsection bunching). 10136* (bug 26708) Remove background-color:white from tables in Monobook and Vector. 10137* (bug 28422) Remove color:black from tables in Monobook and Vector. And add it 10138 to table.wikitable instead. 10139* (bug 26781) {{PAGENAME}} and related parser functions escape their output 10140 better. 10141* (bug 26716) Provide link to instructions for external editor related 10142 preferences and add a comment to the ini control file explaining what is 10143 going on. 10144* Trying to upload a file with no extension or with a disallowed MIME type now 10145 gives the right message instead of complaining about a MIME/extension 10146 mismatch. 10147* (bug 26809) Uploading files with multiple extensions where one of the 10148 extensions is blacklisted now gives the proper extension in the error message. 10149* (bug 26961) Hide anon edits in watchlist preference now actually works. 10150* (bug 19751) Filesystem is now checked during image undeletion. 10151* Send last modified headers for Special:Recentchanges when RC patrol is 10152 enabled, but user cannot see rc patrol links. 10153* (bug 26548) ForeignAPIRepo (InstantCommons) now works with PDF files 10154 and other multi-paged file formats. 10155* Files with a mime type that does not match the extension are now properly 10156 thumbnailed. 10157* (bug 27201) Special:WhatLinksHere output no longer contains duplicate IDs. 10158* (bug 15905) Nostalgia skin could become more usable by including a Talk: 10159 link at the top of the page. 10160* (bug 27560) Search queries no longer fail in Walloon language. 10161* (bug 27679) Broken embedded files with special characters are no longer 10162 double HTML escaped. 10163* (bug 27700) The upload protection can now also be set for files that do not 10164 exist. 10165* (bug 27763) Article::getParserOutput() no longer throws a fatal given when an 10166 incorrect revision ID is passed. 10167* Trim the form field for uploading by url to remove extra spaces which could 10168 cause confusing error messages. 10169* (bug 27854) Http::isValidURI is way too lax. 10170* Do not show enotifminoredits preference, if disabled by $wgEnotifMinorEdits. 10171* AbortLogin returning "ABORTED" now handled. Also allows message identifier 10172 for "ABORTED" reason to be returned and displayed to user. 10173* (bug 28034) uploading file to local wiki when file exists on shared repository 10174 (commons) gives spurious info in the warning message. 10175* Usernames get lost when selecting different sorts on Special:listfiles. 10176* (bug 14005) editing section 0 of an existing but empty page gives no such 10177 section error. 10178* (bug 26939) Installer does not set $wgMetaNamespace. 10179* (bug 28166) UploadBase assumes that 'edit' and 'upload' rights are not per 10180 page restrictions. 10181* Make truncate function automatically consider length of '...' string, 10182 since length can vary by localization. 10183* (bug 28242) Make redirects generated by urls containing a local interwiki 10184 prefix be a 301 instead of a 302. 10185* (bug 15641) blocked administrators are now prevented from deleting or 10186 protecting their own talk page; and all blocked users are more 10187 comprehensively prevented from performing other actions. 10188* (bug 27893) Edit-on-doubleclick now applies only on view and purge actions; 10189 no longer triggers unexpectedly on delete, history etc. 10190* (bug 28417) Fix PHP notice when importing revision without a listed id. 10191* (bug 28430) Make html and TeX output of <math> always be left-to-right. 10192* (bug 28306) Fix exposure of suppressed usernames in ForeignDBRepo. 10193* (bug 28372) Fix bogus link to suppressed file versions in ForeignDBRepo. 10194* (bug 27473) Fix regression: bold, italic no longer interfere with linktrail 10195 for ca, kaa. 10196* (bug 28444) Fix regression: edit-on-doubleclick retains revision id again. 10197* ' character entity is now allowed in wikitext. 10198* UtfNormal::cleanUp on an invalid utf-8 sequence no longer returns false if 10199 intl installed. 10200* (bug 28561) The css class small will no longer make nested elements even 10201 smaller. 10202* (bug 13172) Array type exif data (like GPS) was not being extracted from 10203 images. 10204* (bug 28532) wfMsgExt() and wfMsgWikiHtml() use $wgOut->parse(). 10205* (bug 16129) Transcluded special pages expose strip markers when they output 10206 parsed messages. 10207* (bug 27249) "Installed software" table in Special:Version should always be 10208 left-to-right. 10209* (bug 28719) Do not call mLinkHolders __destruct explicitly. 10210* (bug 21196) Article::getContributors() no longer fails on PostgreSQL. 10211* (bug 28752) XCache doesn't work in CLI mode. 10212* (bug 28076) Thumbnail height limited to 360 pixels on Special:Listfiles. 10213* (bug 22227) Special:Listfiles no longer throws an error on bogus file entries. 10214* (bug 19408) user_properties.up_property: 32 bytes is not enough. 10215* (bug 25262) Fix for minification of hardcoded data: URIs in CSS. 10216* (bug 29263) Add LTR class to the shared CSS to be used for left-to-right text 10217 such as SQL queries shown in dberrortext and similar messages in RTL 10218 environments. 10219* (bug 14977) Fixed $wgServer detection in cases where an IPv6 address is used 10220 as the server name. 10221* The View X deleted revisions is now shown again on Special:Upload. 10222* (bug 29071) mediawiki.action.watch.ajax.js should pass uselang to API. 10223* (bug 28868) Show total pages in the subtitle of an image on the 10224 file description page for multi-paged documents. 10225* (bug 28883) Message names for different compression types commonly 10226 used in Tiff files. 10227* When transcluding a special page, do not let it interpret url parameters. 10228* (bug 28887) Special page classes are no longer re-used during 1 request. 10229* (bug 28888) Searching for something starting with a # sign no longer tells 10230 the user a page named [[:]] already exists. 10231* (bug 23002) Imagelinks table not updated after imagemove. 10232* (bug 27864) Transcluding {{Special:Prefix}} with empty prefix now lists all 10233 pages. 10234* (bug 18803) JPEG2000 images should not be uploadable as .jpg files. 10235* (bug 11868) If using links to count articles, the checking will now be based 10236 on the real presence of an internal link instead of the "[[" string. 10237* (bug 28287) The "your changes" box for edit conflicts is now read-only. 10238* (bug 28940) When making a thumb of an SVG, and only specifying the height 10239 make the width be the max SVG size, not the natrual width of the SVG. 10240* (bug 1780) Uploading files with non-ascii characters are now forbidden on 10241 Windows. 10242* (bug 23464) File: prefixes are now chopped off during uploading. 10243* (bug 28174) Message config-logo-help amended to not explicitly assume any 10244 LTR/RTL screen layout. 10245* (bug 28992) Revision numbers in the patrol log are transformed in the user 10246 language. 10247* (bug 27073) ResourceLoaderDynamicStyles marker should be dynamically appended 10248 to the document head if it doesn't exist. 10249* (bug 27023) After the document is ready, mw.loader is broken (calls callback 10250 before module is parsed). 10251* (bug 4330) External URLs without a custom title should be treated as LTR, 10252 even in RTL text. 10253* (bug 29055) Make "don't send email on minor edits" preference apply to 10254 changes to talk page in addition to watchlist edits. 10255* (bug 28272) Special:AllMessages should have only one "Go" button. 10256* (bug 29101) Special:FileDuplicateSearch no longer shows silly message. 10257* (bug 29048) jQuery.tabIndex: firstTabIndex() should not output the same 10258 as lastTabIndex(). 10259* (bug 29332) Warn if user requests mediawiki-announce subscription but does not 10260 enter an e-mail address. 10261* (bug 25375) Add canonical namespaces to "wgNamespaceIds" in mw.config. 10262* The class JpegOrTiffHandler was renamed ExifBitmapHandler. 10263* (bug 29443) Special:Undelete should use JavaScript to invert all checkboxes 10264 instead of reloading the page. 10265* (bug 29325) Setting $wgStrictFileExtensions to false no longer gives incorrect 10266 warning. 10267* (bug 29437) Multiple apostrophes in deleted article title cause odd rendering. 10268* (bug 29485) RSS feed of Special:RecentChange grouped together multiple 10269 consecutive edits by same user in included diff, but then linked to 10270 a single ungrouped diff. 10271* Do not try to group together a page creation and edit in the RSS feed of RC. 10272* (bug 29342) Patrol preferences shouldn't be visible to users who don't have 10273 patrol permissions. 10274* (bug 29471) Exception no longer thrown for files with invalid date in 10275 metadata. 10276* (bug 29492) Long-running steps in the installer (such as Upgrade and Install) 10277 no longer cause timeouts. 10278* (bug 29507) Change 'image link' to 'file link' in Special:Whatlinkshere. 10279* If the db is really screwed up, and doesn't have a recentchanges table, 10280 make the updater throw an exception instead of a fatal. 10281* wfArrayToCGI() and wfCgiToArray() now handle nested and associative arrays 10282 correctly. 10283* (bug 29567) mw.util.addPortletLink should only wrap link in <span> for 10284 "vectorTabs" portlets. 10285* (bug 8556) Incorrect session failure warning on preview-on-open 10286 namespaces (categories) when combined with $wgRawHtml. 10287* Use content language in formatting of dates in revertpage message 10288 (rollback revert edit summary) and do not adjust for user timezone. 10289* (bug 29277) MediaWiki:Filepage.css is also shown on the local wiki 10290* Make sure Backlink cache does not retrieve interwiki redirects when looking 10291 for redirects to a local page. 10292* (bug 6100) Allow different directionality (LTR/RTL) for user interface 10293 and wiki content, along with many other RTL and directionality improvements 10294 (such as bugs 28030, 12406, 28349). 10295* (bug 29712) Removed broken defaultUserOptionOverrides in MessagesXx files and 10296 unneeded CSS flipping of quickbar. Instead, introduce option 5 which sets 10297 left/right according to the directionality of your interface language. 10298* (bug 19514) Unordered list list-style-image should be IE6-compatible (8-bit). 10299* (bug 27410) The tag filter on a history page is now within a <label> element. 10300* (bug 29779) DairikiDiff/WikiDiff <ins> and <del> should undo browser default 10301 styling (strike/underline). 10302* (bug 28630) Add iwlinks, langlinks, redirect to 10303 RefreshLinks::deleteLinksFromNonexistent. 10304* (bug 29797) Error: "Tried to load block with invalid type" when subpages 10305 are disabled for user pages. 10306* (bug 12205) Bidirectional names in action=credits are split and displayed 10307 incorrectly when wrapped to the next line. 10308* (bug 20781) Move 'mainpagetext' messages to installer's .i18n file. 10309* (bug 29737) "MediaWiki:Qbsettings-directionality" should refer to script, 10310 not language. 10311* (bug 26360) $wgSessionHandler was overriding system settings unconditionally. 10312* Removed AjaxFunctions.php. The last remaining function js_unescape() was moved 10313 to the FCKEditor extension. 10314* (bug 28762) Resizing to specified height broken for very thin images. 10315* (bug 29959) Installer fatal when cURL and allow_url_fopen is disabled and user 10316 tries to subscribe to mediawiki-announce. 10317* (bug 27427) mw.util.getParamValue shouldn't return value from hash even if 10318 param is only present in hash. 10319* Installer checked for magic_quotes_runtime instead of register_globals. 10320* (bug 30131) XCache with variable caching disabled no longer used for variable 10321 caching (CACHE_ACCEL) 10322* $wgSVGMaxSize is now applied to the smaller of width or height, making very 10323 wide pano/timeline/diagram SVGs renderable at saner sizes. 10324* (bug 30219) The page shown when LocalSettings.php does not exist was broken on 10325 Windows servers. 10326* (bug 30074) Moving user JS subpages resulted in JS errors because 10327 #REDIRECT [[Foo]] is invalid JS. 10328* (bug 30335) Fix for HTMLForms using GET breaking when non-friendly URLs 10329 are used. 10330* (bug 30264) Changed installer-generated LocalSettings.php to use 10331 require_once() instead of require() for included extensions. 10332* Tracking categories are no longer shown in footer for special pages. 10333* (bug 30684) Fix bad escaping in mw.message for inexistent messages (i.e. 10334 <key>). 10335* $wgOverrideSiteFeed no longer double escapes urls. 10336* The preprocessor no longer fails with a PHP warning about XML_PARSE_HUGE when 10337 processing complex pages using newer versions of libxml2. 10338* (bug 30907) Special:Unusedcategories should sort ascendingly. 10339* (bug 28545) When using the uca-default collation, sortkey's starting with a 10340 space (U+20) will sort under an invisible header like in 1.16 rather than a 10341 U+6DE. 10342* (bug 30192) Thumbnails of archived files are now deleted. 10343* (bug 30843) mediawiki.Title should not convert extensions (anything after the 10344 last full stop) to lower case). 10345* (bug 31213) Exception thrown when trying to move file cross-namespace. 10346* (bug 18424) Special:Prefixindex and Special:Allpages paging links are 10347 really small, and somewhat inconsistent with each other. 10348* (bug 30466) Entries in iwlinks table are now cleared when moving a page over 10349 redirect. 10350* (bug 31674) Can't edit watchlist if it contains special pages. 10351* (bug 32100) Installer complains about Suhosin GET limit even if it is 10352 already set above 1024 bytes. 10353 10354=== API changes in 1.18 === 10355* BREAKING CHANGE: action=watch now requires POST and token. 10356* (bug 26339) Throw warning when truncating an overlarge API result. 10357* (bug 14869) Add API module for accessing QueryPage-based special pages. 10358* (bug 14020) API for Special:Unwatchedpages. 10359* (bug 24287) Wrap API Help output at 100 characters. 10360* Add a realname uiprop option to query=userinfo so a user's realname can be 10361 extracted. 10362* Add a &watchuser option to ApiBlock. 10363* (bug 26541) Generator-ise ApiQueryRecentChanges. 10364* action=parse now correctly returns an error for nonexistent pages. 10365* (bug 25767) Add userrights properties to allusers and users query lists. 10366* (bug 26558) list=allusers auprop=groups does not list groups a user is 10367 automatically a member of. 10368* (bug 26559) list=allusers auprop=rights does not match 10369 list=users usprop=rights. 10370* (bug 26560) On allusers if limit < total number of users, last user gets 10371 duplicate. 10372* (bug 25135) add "normalized" to action=parse. 10373* (bug 26460) Add support for listing category members by category pageid. 10374* (bug 26482) add a imimages param to prop=images. 10375* (bug 26498) allow LinksUpdate with API. 10376* (bug 26485) add a elextlinks param to prop=extlinks. 10377* (bug 26483) add a iwtitles param to prop=iwlinks. 10378* (bug 26484) add a lltitles param to prop=langlinks. 10379* (bug 26480) add a pppageprops param to prop=pageprops. 10380* (bug 26650) Remove $wgAPICacheHelp in favour of $wgAPICacheHelpTimeout. 10381* (bug 24650) Fix API to work with categorylinks changes. 10382* Expose list of skins in meta=siteinfo. 10383* (bug 26548) Add iiurlparam param to query=imageinfo and query=stashimageinfo. 10384* (bug 27205) aiprop=metadata and aiprop=parsedcomment need help text. 10385* Add a amtitle param to meta=allmessages. 10386* (bug 25832) query=allimages now outputs ns/title as well. 10387* (bug 27199) Thumbnail urls can be fetched for old files as well. 10388* (bug 27376) when using ApiBase::PARAM_TYPE => 'integer' without a min or 10389 max value, API doesn't validate the input is actually an integer. 10390* (bug 27479) API error when using both prop=pageprops and 10391 prop=info&inprop=displaytitle. 10392* (bug 27554) Update API information text to reflect change in bug 26125. 10393* (bug 27611) list=blocks: Use ipb_by_text instead of join with user table. 10394* (bug 27616) Add userid of blocked user and blocker to list=blocks. 10395* (bug 27688) Simplify queries to list user block information. 10396* (bug 27708) list=users does not have a property to return user id. 10397* (bug 27715) imageinfo didn't respect revdelete. 10398* (bug 27862) Useremail module didn't properly return success on success. 10399* (bug 27590) prop=imageinfo now allows querying the media type. 10400* (bug 27587) list=filearchive now outputs full title info. 10401* (bug 27018) Added action=filerevert to revert files to an old version. 10402* (bug 27897) list=allusers and list=users list hidden users. 10403* (bug 27717) API's exturlusage module does not respect $wgMiserMode. 10404* (bug 27588) list=filearchive&faprop=sha1 returns empty attribute. 10405* (bug 28010) Passing a non existent user to list=users gives internal error. 10406* (bug 27549) action=query&list=users&usprop=groups doesn't show implicit 10407 groups if a user doesn't have explicit groups. 10408* (bug 27670) Ordering by timestamp (and usage of start and end) isn't as clear 10409 in auto generated document, as it is on mediawiki.org. 10410* (bug 27182) API: Add filter by prefix for meta=allmessages. 10411* (bug 27183) API: Add filter by customisation state for meta=allmessages. 10412* (bug 27340) API: Allow listing of "small" categories. 10413* (bug 27342) Add audir param to list=allusers. 10414* (bug 27203) add fato param to list=filearchive. 10415* (bug 27341) Add drto param to list=deletedrevs. 10416* (bug 26630) Add API for Special:ActiveUsers. 10417* (bug 27020) API: Allow title prefix search of logevents (only when not in 10418 miser mode). 10419* (bug 26629) add Special:MIMESearch to API. 10420* (bug 27585) add pagecount to list=filearchive. 10421* (bug 28104) Namespace for local pages in interwiki backlinks (iwbacklinks) 10422 is missing. 10423* (bug 27343) Add parseddescription to list=filearchive. 10424* (bug 27469) label implicit groups in list=allusers&auprop=groups/ 10425 list=users&usprop=groups. 10426* Addition of APIQuerySiteInfoGeneralInfo hook to add extra information to 10427 the general site info results. 10428* (bug 16288) API: consider making closure status of wikis more clear 10429 with meta=siteinfo. 10430* (bug 27589) list=allimages&aiprop=archivename is useless. 10431* (bug 27586) Remove duplication of props in ApiQueryStashImageInfo 10432 by using ApiQueryImageInfo. 10433* (bug 28226) prop=extlinks&eloffset should be an integer. 10434* (bug 28070) Fix watchlist RSS for databases that store timestamps in a 10435 real timestamp field. 10436* API upload errors may now return the parameter that needs to be changed and 10437 a sessionkey to fix the error. 10438* (bug 28249) allow dupes in meta=allmessages&amargs. 10439* (bug 28263) cannot import xml with the API, when have not "import" user 10440 right, but "importupload". 10441* (bug 28365) Added description for uiprop=preferencestoken in meta=userinfo. 10442* (bug 28394) Set forgotten parameters types in ApiUnblock. 10443* (bug 28395) Set forgotten parameters types in ApiParse. 10444* (bug 28368) add hint for multipart/form-data to API information of 10445 action=import&xml=. 10446* (bug 28391) action=feedwatchlist&allrev should be a bool. 10447* (bug 28364) add registration date to meta=userinfo. 10448* (bug 28254) action=paraminfo: Extract type from PARAM_DFLT if 10449 PARAM_TYPE is not set. 10450* (bug 27712) add parent_id to list=deletedrevs. 10451* (bug 28455) Add 'toponly' to recentchanges API module. 10452* (bug 26873) API: Add 'toponly' filter in usercontribs module. 10453* (bug 28586) YAML: strings that are the same as boolean literals. 10454* (bug 28591) Update/replace/supplement spyc (YAML parsing library). 10455* YAML API output is now 1.2 compliant, using JSON as the formatter. 10456* (bug 28672) give information about misermode on API. 10457* (bug 28558) Add iw_api and iw_wikiid to meta=siteinfo&siprop=interwikimap 10458* (bug 26882) Allow listing of indefinite protections with the API. 10459* (bug 27344) add drprefix param to list=deletedrevs. 10460* (bug 28560) list=deletedrevs should die, if combination of param is invalid. 10461* (bug 28238) paraminfo: output both limits for multi param. 10462* (bug 27179) API: List of extension tags through meta=siteinfo. 10463* Get a list of function hooks through meta=siteinfo. 10464* Get a list of all subscribed hooks, and those subscribers. 10465* (bug 28225) Allow hiding of user groups in list=allusers. 10466* (bug 27185) API: Add Special:ComparePages. 10467* (bug 28265) allow outputting of comments for action=expandtemplates. 10468* (bug 27790) Add query type for querymodules to output of ApiParamInfo. 10469* (bug 28963) Add langbacklinks query module to the api. 10470* (bug 27593) API should return error message when sha1/sha1base36 is invalid. 10471* (bug 28578) API's parse module should not silently override invalid 10472 title inputs. 10473* (bug 20699) Watchlist API should list log-events. 10474* (bug 29070) Require a token in API action=watch. 10475* (bug 29221) Expose oldrevid in ApiQueryWatchlist output. 10476* (bug 29267) Always give the servername for meta=siteinfo&siprop=dbrepllag. 10477* (bug 28897) rvparse now respects rvsection for action=query&prop=revisions. 10478* (bug 25734) API: Possible issue with revids validation. 10479* (bug 28002) Internal error in ApiFormatRaw::getMimeType. 10480* (bug 29237) ApiQuery now has an option to output the "iwurl" attribute. 10481* (bug 28392) Mark action=undelete×tamps as type "timestamp". 10482* (bug 21346) Make deleted images searchable by hash (disabled in Miser Mode). 10483* (bug 27595) sha1 search of list=filearchive does not work. 10484* (bug 26763) Make RSS/Atom of user contributions more visible. 10485* (bug 25133) Allow redirects also for action=parse&pageid. 10486* (bug 29745) Fatal error in API search. 10487* (bug 29476) API returns page title instead of sectiontitle for 10488 srprop=sectiontitle. 10489* Correct the documentation of srprop properties. 10490* (bug 28817) Add reference help page link to API Modules. 10491* (bug 29935) Improve formatting of examples in ApiParamInfo. 10492* (bug 29938) list=users&usprop=rights shows rights the user doesn't have. 10493* (bug 24781) The API will include an XML namespace if the includexmlnamespace 10494 parameter is set. 10495* (bug 29392) Setting the start or end parameter now works with lists blocks, 10496 categorymembers, deletedrevs, logevents, protectedtitles, usercontributions 10497 and watchlist in Postgres. 10498 10499=== Languages updated in 1.18 === 10500 10501MediaWiki supports over 330 languages. Many localisations are updated 10502regularly. Below only new and removed languages are listed, as well as 10503changes to languages because of Bugzilla reports. 10504 10505* Angika (anp) (new). 10506* Brahui (brh) (new). 10507* Central Dusun (dtp) (new). 10508* Jamaican Creole English (jam) (new). 10509* Khowar (khw) (new). 10510* Liv (liv) (new). 10511* Kichwa (qug) (new). 10512* Tokipona (tp) (removed) 'tokipona' is still valid. 10513* (bug 17160) Gender specific display text for User namespace. 10514* Link trail added for sl and sh. 10515* (bug 27633) Add characters to linkTrail for Portuguese (pt and pt-br). 10516* (bug 27426) Set $namespaceGenderAliases for Arabic (ar). 10517* (bug 27385) Set Polish $namespaceGenderAliases. 10518* (bug 27681) Set $namespaceGenderAliases for Portuguese (pt and pt-br). 10519* (bug 27785) Fallback language for Kabardian (kbd) is English now. 10520* (bug 27825) Raw watchlist edit message now uses formatted numbers. 10521* (bug 28040) Turkish: properly lower case 'I' to 'i' (dotless i) and 10522 uppercase 'i' to 'I' (dotted i). 10523* Conversion script between Syllabics and Latin for the Inuktitut language. 10524* Date formats for Indonesian (id) updated. 10525* Bhojpuri (bho) (renamed from "bh"). 10526* (bug 29031) When translating block log entries, indefinite, infinite, and 10527 infinity are now considered the same. 10528* Aromanian (rup) (renamed from "rua-rup"). 10529* Kashmiri (ks) split into Kashmiri (Perso-Arabic) (ks-arab) and Kashmiri 10530 (Devanagari) (ks-deva). Defaults to ks-arab. 10531* (bug 30864) Use bengali numerals for <ol> for Assamese. 10532* (bug 30817) Restored linktrail for kk (Kazakh). 10533* (bug 27398) Add $wgExtraGenderNamespaces for configured gendered namespaces. 10534* (bug 30846) New LanguageOs class. 10535 10536=== Other changes in 1.18 === 10537* Removed legacy wgAjaxWatch javascript global object, no longer in use. 10538* (bug 28556) Upload support for MacBinary files has been removed (Used by 10539 Internet Explorer 5 for Mac OS 9). 10540* On wiki farm setups using $wgConf, 'wgCanonicalServer' is now expected to be 10541 set for all wikis. This was already the case for 'wgServer'. 10542 10543== MediaWiki 1.17 == 10544 10545== MediaWiki 1.17.5 == 105462012-06-12 10547 10548This is a security release of the MediaWiki 1.17 branch. 10549 10550=== Summary of selected changes in 1.17 === 10551 10552Selected changes since MediaWiki 1.16 that may be of interest: 10553 10554* A new installer has been introduced. It has a wizard-style interface which is 10555 translated into many languages. Many shortcomings in the old installer were 10556 addressed with this rewrite. Note that it is no longer required for the config 10557 directory to be made writable by the webserver. Instead the generated 10558 LocalSettings.php file is offered as a download, which you must then upload 10559 to the wiki's base directory. 10560 10561* ResourceLoader, a new framework for delivering client-side resources such as 10562 JavaScript and CSS, has been introduced. These resources are now delivered 10563 through the new entry point script "load.php", instead of as static files 10564 served directly by the web server. This allows minification, compression and 10565 client-side caching to be used more effectively, which should provide a net 10566 performance improvement for most users. 10567 10568* Category sorting has been improved. 10569** Sorting is now case insensitive. 10570** Sub-categories, pages and files can now be paged separately. 10571** When several pages are given the same sort key, they sort by their 10572 names instead of randomly. 10573 10574* The lowest supported version of PHP is now 5.2.3. If necessary, please 10575 upgrade PHP prior to upgrading MediaWiki. 10576 10577=== Changes since 1.17.4 === 10578 10579* (bug 36938) Correctly escape uselang attribute to prevent xss 10580* Expanded Blacklist for SVG Files 10581 10582=== Changes since 1.17.3 === 10583 10584* (bug 35961) Hash comparison should always be strict. 10585* Fix broken email confirmation expiration caused by MWCryptRand changes. 10586* (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php 10587 on line 598. 10588 10589=== Changes since 1.17.2 === 10590 10591* (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in 10592 core parser functions which operate on strings, such as padleft. 10593* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token 10594 parameter present. 10595* (bug 34907) Fixed exposure of tokens through load.php that could have 10596 facilitated CSRF attacks. 10597* (bug 35317) CSRF in Special:Upload. 10598 10599=== Changes since 1.17.1 === 10600* (bug 33117) prop=revisions allows deleted text to be exposed through cache 10601 pollution. 10602* (bug 32709) Private Wiki users were always taken to Special:Badtitle on login. 10603 10604=== Changes since 1.17.0 === 10605 10606* (bug 29535) Added missing Creative Commons CC0 icon. 10607* (bug 29726) Fixed failure to load internationalization messages in 10608 client-side scripts on WebKit-based browsers. 10609* Fixed a bug in message transformation where the previous language could leak 10610 into later transformations in the UI language. 10611* (bug 29091) Fixed form of native name for Ossetic language (Иронау -> Ирон) 10612* Fixed maintenance scripts upgrade1_5.php and rebuildImages.php, they did not 10613 work at all since 1.17 beta 1. 10614* (bug 29531) Fixed img_auth.php for thumbnails and other filenames with 10615 multiple dots, was broken by the fix for bug 28840. 10616* In the maintenance script purgeList.php, fixed a fatal error when a page 10617 title is given, instead of a URL. 10618* (bug 19514) Unordered list list-style-image should be IE6-compatible (8-bit). 10619* Installer checked for magic_quotes_runtime instead of register_globals. 10620* $wgSVGMaxSize is now applied to the smaller of width or height, making very 10621 wide pano/timeline/diagram SVGs renderable at saner sizes. 10622* (bug 29959) Installer fatal when cURL and allow_url_fopen is disabled and user 10623 tries to subscribe to mediawiki-announce. 10624* Installer checked for magic_quotes_runtime instead of register_globals 10625* (bug 30131) XCache with variable caching disabled no longer used for variable 10626 caching (CACHE_ACCEL) 10627* (bug 30264) Changed installer-generated LocalSettings.php to use 10628 require_once() instead require() for included extensions. 10629* (bug 26486) ResourceLoader modules with paths to nonexistent files cause PHP 10630 warnings/notices to be thrown 10631* (bug 30907) Special:Unusedcategories should sort ascendingly. 10632* (bug 30219) The page shown when LocalSettings.php does not exist was broken on 10633 Windows servers. 10634* Hardcoded NLS_NUMERIC_CHARACTERS for Oracle DB to prevent type conversion 10635 errors. 10636* Fixed recentchanges FK violation on page delete and cache purge error in 10637 updater for Oracle DB. 10638* (bug 32276) Skins were generating output using the internal page title which 10639 would allow anonymous users to determine whether a page exists, potentially 10640 leaking private data. In fact, the curid and oldid request parameters would 10641 allow page titles to be enumerated even when they are not guessable. 10642* (bug 32616) action=ajax requests were dispatched to the relevant internal 10643 functions without any read permission checks being done. This could lead to 10644 data leakage on private wikis. 10645 10646=== Changes since 1.17.0rc1 === 10647 10648* Fixed syntax error in generated LocalSettings.php when a non-default user 10649 rights profile is chosen. 10650* (bug 29399) Fixed PostgreSQL installation when the DB user for installation 10651 is the same as the one for web access. 10652* (bug 29233) Fixed failover for DB slave servers. When a DB slave went down, 10653 an error was immediately shown to the user, instead of trying another slave. 10654 Was broken since 1.17 beta 1. 10655* (bug 29278) Fixed PHP fatal error when attempting to add text to a page via a 10656 redirect. 10657* (bug 29408) Fixed uploads of files with MIME types that aren't detected by 10658 MediaWiki. 10659* Removed DEFAULT '' NOT NULL field definitions from Oracle DB schema because 10660 using the DEFAULT value ('') in DML broke Oracle backend as it treats an 10661 empty VARCHAR2 value as NULL. Indexes on Oracle do not require NOT NULL 10662 fields. 10663 10664=== Changes since 1.17 beta 1 === 10665 10666* Fixed warning about missing file "password.js". 10667* When installing on MySQL, don't attempt to create a new database user if the 10668 same user is used for installation and web access. 10669* Fixed SQL query errors in queries with table aliases. 10670* (bug 27891) Fixed the "chronology protector", broken since 1.17beta1, which 10671 ensures that when database replication is used, the new version is seen by 10672 the user immediately after they create or edit an article. 10673* (bug 28845) Allow PostgreSQL installation using a non-root user account which 10674 has role creation abilities. 10675* When installing on PostgreSQL and the install account is the same as the web 10676 account, check to make sure that the account has suitable privileges in the 10677 mediawiki schema. 10678* (bug 28172) Fixed error in PostgreSQL installation when creating the wiki 10679 sysop account. 10680* Fixed an issue with the Oracle installer in cases where the user is different 10681 to the database name. 10682* Added "unblockself" to the list of available rights. 10683* In the installer, fixed the "user rights profile" option, it never worked. 10684* (bug 29117) Fixed Hebrew localisation of the installer. 10685* (bug 28840) Reduce the collateral damage caused by the fix for bug 28235 (XSS 10686 on Internet Explorer 6 due to a file extension in the query string) by 10687 reducing the number of URLs that are blocked, and by redirecting the request 10688 to a safer URL where possible instead of blocking it. 10689* (bug 28812) Fixed documentation of API action=parse. 10690* (bug 28979) Fixed styling of <abbr> and <acronym>. 10691* Fixed the error message displayed when you try to create an account by email, 10692 but an email address is not given. 10693* Fixed JS error due to missing dependency for jquery.suggestions. 10694* Exposed $wgExtensionAssetsPath in JavaScript. 10695* (bug 28738) Made ResourceLoader support environments with small URL length 10696 limits. The length limit can be configured via 10697 $wgResourceLoaderMaxQueryLength, and this is set automatically in the 10698 generated LocalSettings.php when the php.ini variable 10699 "suhosin.get.max_value_length" is set. When a URL exceeds this limit, the 10700 request is split up. Also, reduced the average length of load.php URLs by 10701 using a more compact parameter format. 10702* (bug 25262) Fix for minification of hardcoded data: URIs in CSS. 10703* (bug 25124) Respect $wgStyleDirectory in ResourceLoader. 10704* Allow installation when no HTTP client is available, don't throw an exception. 10705* (bug 27465) Fix metadata extraction for SVG files using unusual namespace 10706 names. 10707* (bug 29174) Fix regression in upload-by-URL: uploading files larger than the 10708 PHP memory limit should work again. 10709* Fixed the display of comments in the new user log. 10710* (bug 28237) When installing extensions using the web-based installer, create 10711 any necessary database tables. 10712* (bug 28983) Fixed automated installation of extensions that overwrite $path. 10713* Fixed error caused by missing magic words. 10714* Fixed breakage of article editing in PostgreSQL due to text search 10715 configuration errors. 10716* Fixed the HTTPS client used when Curl is not available. This avoids an error 10717 during install about failure of the mediawiki-announce subscription. 10718* (bug 28162) When installing to PostgreSQL, respect the "database port" input, 10719 it was ignored. 10720 10721=== Configuration changes in 1.17 === 10722 10723* $wgLogAutocreatedAccounts controls whether autocreation of accounts is logged 10724 to new users log. 10725* (bug 22858) $wgLocalStylePath is by default set to the same value as 10726 $wgStylePath but should never point to a different domain than the site is 10727 on, allowing skins to use .htc files which are not cross-domain friendly. 10728* $wgFileStore has been deprecated. The only usage $wgFileStore['deleted'] has 10729 been turned into $wgDeletedDirectory. 10730* $wgDeletedDirectory has been added to specify what directory to place deleted 10731 uploads in. 10732* IBM DB2 database no longer uses the db specific $wgDBport_db2 variable but the 10733 normal $wgDBport. 10734* $wgCategoryPrefixedDefaultSortkey was removed and is now always false. This 10735 provides more sensible sorting behavior for categories. 10736* Removed unused globals: $wgEnableSerializedMessages, $wgCheckSerialized, 10737 $wgUseMemCached, $wgDisableSearchContext, $wgColorErrors, $wgUseZhdaemon, 10738 $wgZhdaemonHost and $wgZhdaemonPort. 10739* (bug 24408) The include_path is not modified in the default LocalSettings.php 10740* $wgVectorExtraStyles was removed, and is no longer in use. 10741* Removed $wgUpdates for database updates; extensions should use 10742 DatabaseUpdater::addExtensionUpdate() via the LoadExtensionSchemaUpdates hook. 10743* Removed $wgServerName. It doesn't need to be set anymore and is no longer 10744 available as input for other configuration items, either. 10745* It's no longer necessary for LocalSettings.php to include DefaultSettings.php. 10746* It's no longer necessary to set $wgCacheEpoch to the file modification time 10747 of LocalSettings.php, in LocalSettings.php itself. Instead, this is done 10748 automatically if $wgInvalidateCacheOnLocalSettingsChange is true (which is 10749 the default). 10750* $wgCopyrightIcon is deprecated and $wgFooterIcons['copyright']['copyright'] 10751 should be used instead. 10752* $wgSysopUserBans is deprecated, and will be made permanently true in 1.18. 10753 If you need this functionality, you should use the BlockIp hook to filter and 10754 reject such blocks. 10755* $wgSysopRangeBans is deprecated, you should set $wgBlockCIDRLimit to maximum 10756 (32 for IPv4, 128 for IPv6), equivalent to allowing rangeblocks of only 1 10757 address at a time. 10758 10759=== New features in 1.17 === 10760 10761* (bug 10183) Users can now add personal styles and scripts to all skins via 10762 User:<name>/common.css and /common.js (if user css/js is enabled). 10763* (bug 22748) Add anchors on Special:ListGroupRights. 10764* (bug 21981) Add parameter 'showfilename' to <gallery> to automatically 10765 apply the names of the individual files within the gallery. 10766* Future-proof redirection to fragments in Gecko, so things work a little nicer 10767 if they fix <https://bugzilla.mozilla.org/show_bug.cgi?id=516293>. 10768* Support git:// and mms:// protocols by default for external links. 10769* (bug 15810) Blocked admins can no longer unblock themselves without the 10770 'unblockself' permission (which they have by default). 10771* (bug 18499) Added "enhanced" URL parameter to switch between old and enhanced 10772 changes list. 10773* (bug 22925) "sp-contributions-blocked-notice-anon" message now displayed when 10774 viewing contributions of a blocked IP address. 10775* (bug 22474) {{urlencode:}} now takes an optional second parameter for type of 10776 escaping. 10777* Special:Listfiles now supports a username parameter. 10778* Special:Random carries over query string parameters. 10779* (bug 23206) Add Special::Search hook for detecting successful "Go". 10780* When visiting a "red link" of a deleted file, a deletion and move log excerpt 10781 is provided on the Upload form. 10782* (bug 22647) Add category details in search results. 10783* (bug 23276) Add hook to Special:NewPages to modify query. 10784* Add accesskey 's' and tooltip to 'Save' button at Special:Preferences. 10785* Add accesskey 'b' and tooltip to the summary field of edit mode. 10786* (bug 20186) Allow filtering Special:Contributions for RevisionDeleted edits. 10787* ajaxwatch now uses the API and JQuery, and can be used to animate arbitrary 10788 watch links, not just to watch the page the link is on. 10789* (bug 20976) "searchmenu-new-nocreate" message now displayed when there 10790 is no title match in search and the user has no rights to create pages. 10791* (bug 23429) Added new hook WatchlistEditorBuildRemoveLine. 10792* (bug 22844) Added support for WinCache object caching (for IIS). 10793* (bug 23580) Add two new events to LivePreview so that scripts can be notified 10794 about the beginning and finishing of LivePreview actions. 10795* (bug 21278) Now the sidebar allows inclusion of wiki markup. 10796* (bug 23733) Add IDs to messages used on CSS/JS pages. 10797* Show validity period of the login cookie in Special:UserLogin and 10798 Special:Preferences. 10799* Interlanguage links display the page title in their tooltip. 10800* (bug 23621) New Special:ComparePages to compare (diff) two articles. 10801* (bug 4597) Provide support in Special:Contributions to show only "current" 10802 contributions 10803* (bug 17857) {{anchorencode}} acts more like how the parser creates section ids 10804* (bug 21477) \& can now be used in <math> 10805* (bug 11641) \dotsc \dotsm \dotsi \dotso can now be used in <math> 10806* (bug 21475) \mathtt and \textsf can now be used in <math> 10807* texvc is now run via ulimit4.sh, to limit execution time. 10808* SQLite now supports $wgSharedDB. 10809* (bug 8507) Group file links by namespace:title on image pages. 10810* Stop emitting named entities, so we can use <!DOCTYPE html> while still being 10811 well-formed XML. 10812* texvc now supports \bcancel and \xcancel in addition to \cancel and \cancelto 10813* Added scriptExtension setting to $wgForeignFileRepos. 10814* ForeignApiRepo uses scriptDirUrl if apiBase not set. 10815* (bug 24212) Added MediaWiki:Filepage.css which is also included on foreign 10816 client wikis. 10817* (bug 14685) Double underscore magic word usage is now tracked in the 10818 page_props table, as well as the behavioral magic words {{DEFAULTSORT}} and 10819 {{DISPLAYTITLE}} 10820* (bug 24045) MediaWiki:Ipb-needreblock is now wrapped in a div with class 10821 "mw-ipb-needreblock" 10822* Non-file pages can no longer be moved to the file namespace, nor vice versa. 10823* (bug 671) The <dfn>, <kbd> and <samp> elements have been whitelisted in user 10824 input. 10825* (bug 21503) There's now a "reason" field when creating account for other 10826 users. 10827* (bug 24418) action=markpatrolled now requires a token. 10828* A variety of category sort-related fixes, including: 10829** (bug 164) In English, lowercase and uppercase letters now sort the same. 10830** (bug 1211) Subcategories, ordinary pages, and files now page separately. 10831** When several pages are given the same sort key, they sort by their names 10832 instead of randomly. 10833* (bug 23848) Add {{ARTICLEPATH}} Magic Word. 10834* (bug 8140) Add dedicated CSS classes to Special:Newpages elements. 10835* (bug 11005) Add CSS class to empty pages in Special:Newpages. 10836* The parser cache is now shared amongst users whose different settings aren't 10837 used in the page. 10838* Any attribute beginning with "data-" can now be used in wikitext, per HTML5. 10839* (bug 24007) Diff pages now mention the number of users having edited 10840 intermediate revisions. 10841* Added new hook GetIP. 10842* Special:Version now displays whether a SQLite database supports full-text 10843 search. 10844* TS_ISO_8691_BASIC was added as a time format, which is used by ResourceLoader 10845 for versioning. 10846* Maintenance scripts get a --memory-limit option to override defaults (which 10847 is usually to set it to -1 to disable the limit). 10848* (bug 25397) Allow uploading (not displaying) of WebP images, disabled 10849 by default. 10850* (bug 23194) Special:ListFiles now has thumbnails. 10851* Use hreflang to specify canonical and alternate links, search engine friendly 10852 when a wiki has multiple variant languages. 10853* (bug 19593) Specifying --server in now works for all maintenance scripts. 10854* Now rebuildtextindex.php warns if SQLite doesn't support full-text search. 10855* (bug 10541) Front/backend separation of installation/upgrade code. 10856* (bug 10596) Allow installer to enable extensions already in extensions folder. 10857* (bug 20627) Installer should be in languages other than English. 10858* Support for metadata in SVG files (title, description). 10859* Special:Search: Add CSS classes to 'none found' and 'create link' messages. 10860* Add CSS classes (including namespace and pagename) to the enhanced recent 10861 changes/watchlist entries. 10862* (bug 22463) Add hook 'SkinGetPoweredBy' to make 'powered by' icon/text 10863 customizable. 10864* Added CSS print pagination to the print stylesheets. 10865* (bug 25960) Add <link rel=canonical"> for File pages of shared/foreign 10866 file repositories. 10867* When viewing a redirect, the redirect arrow and redirection target are both 10868 wrapped in a div that has the class "redirectMsg" so that the redirection 10869 arrow can be customized with CSS. 10870* (bug 21911) Hard coded limit for long page warning removed. New message 10871 [[MediaWiki:Longpage-hint]] (empty per default) can be used instead. 10872 Parameters: $1 shows the formatted textsize in Byte/KB/MB, $2 is the raw 10873 number of the textsize in Byte. 10874* (bug 3276) Give image <gallery>s fluid width. 10875* Added uploads link to page subtitle in Special:Contributions. 10876* Added Special:Myuploads special page that redirects to Special:Listfiles. 10877* The footerlinks used in Monobook/Vector/Modern are now part of common skin 10878 code, SkinTemplateOutputPageBeforeExec can be used to customize the list. 10879* Special wrapping setups can now define MW_CONFIG_FILE to load a config file 10880 other than LocalSettings.php. This is like MW_CONFIG_CALLBACK but works in 10881 some cases where MW_CONFIG_CALLBACK will not work. 10882* (bug 26574) Added 'upload' to $wgRestrictionTypes, allowing upload protected 10883 pages to be queried via the API and Special:ProtectedPages, and allowing 10884 disabling upload protection by removing it from $wgRestrictionTypes. 10885* The name attribute of HTMLForm fields can now be overridden by passing a 10886 'name' key in the descriptor array. Hidden field names are now treated 10887 consistently with other fields and, by default, prefixed with 'wp'. 10888* (bug 27402) Add support for disabling MWSuggest. 10889* (bug 26563) Add bytes changed per revision for stub and full article dumps. 10890* (bug 27508) Add $wgSVGMetadataCutoff to limit the maximum amount of an svg we 10891 look at when finding metadata to prevent excessive resource usage. 10892* (bug 198) $wgUpgradeKey allows unlocking the web installer for upgrades 10893 without having to move LocalSettings.php 10894* Added $wgAllowImageTag, which can be set to true to whitelist the <img> tag 10895 in wikitext. 10896* (bug 12797) Add $wgGalleryOptions for adjusting of default gallery display 10897 options. 10898* Added the $wgAllowUserCssPrefs option which allows disabling CSS-based 10899 preferences; which can improve page loading speed. 10900* Added $wgSQLMode for setting database SQL modes - either performance (null) 10901 or other reasons (such as enabling stricter checks). 10902* (bug 20193) Added $wgVectorShowVariantName global configuration variable 10903 which causes Vector to render the variants drop-down menu with a label 10904 showing the current variant name. This is off by default, pending further 10905 research into its user experience implications. 10906* The upload link for missing files can now be set separately from the 10907 navigation link with $wgUploadMissingFileUrl. 10908* $wgAdditionalMailParams added to allow setting extra options to mail() calls. 10909* Added $wgSecureLogin to optionally login using HTTPS. 10910* (bug 25728) Added $wgPasswordSenderName to make the name associated 10911 with $wgPasswordSender configurable. 10912* (bug 22463) $wgFooterIcons added to allow configuration of the icons shown in 10913 the footers of skins. 10914* $wgFileCacheDepth can be used to set the depth of the subdirectory hierarchy 10915 used for the file cache. Default value is 2, which matches former behavior. 10916 10917=== Bug fixes in 1.17 === 10918 10919* (bug 17560) Half-broken deletion moved image files to deletion archive 10920 without updating database. 10921* (bug 22666) Submitting user block form with an invalid user name no longer 10922 throws an error. 10923* (bug 22665, bug 22667) User '0' can now be unblocked and have its block 10924 settings changed. 10925* (bug 22606) The body of e-mail address confirmation message is now different 10926 when the address changed. 10927* (bug 22664) Special:Userrights now accepts '0' as a valid user name. 10928* (bug 5210) Preload parser now parses <noinclude>, <includeonly> and 10929 redirects. 10930* (bug 22709) IIS7 mishandles redirects generated by OutputPage::output() when 10931 the URL contains a colon. 10932* (bug 22353) Categorised recent changes now works again. 10933* (bug 22747) "Reveal my e-mail address in notification e-mails" preference is 10934 now only displayed when relevant. 10935* (bug 22772) {{#special:}} parser function now works with subpages. 10936* (bug 18664) Relative URIs in interwiki links cause failed redirects. 10937* (bug 19270) Relative URIs in interwiki links break interwiki transclusion. 10938* (bug 22903) Revdelete log entries now show in the user preferred language. 10939* (bug 22905) Correctly handle <abbr> followed by ISBN. 10940* (bug 22940) Namespace aliases pointing to main namespace don't work. 10941* (bug 15810) Blocked admins can no longer block/unblock other users. 10942* (bug 22876) Avoid possible PHP Notice if $wgDefaultUserOptions is not 10943 correctly set. 10944* (bug 14952) Page titles are renormalized after html entities are removed so 10945 that links with non-NFC character references work correctly. 10946* (bug 22991) wgUserGroups JavaScript variable now reports * group for 10947 anonymous users instead of null. 10948* (bug 22627) Remove PHP notice when deleting a page only hidden users edited. 10949* (bug 21520) Anonymous previews now also gives a warning about not being 10950 logged in (anonpreviewwarning). 10951* (bug 22935) image/x-ms-bmp mime type added for BMP files. 10952* (bug 23024) Special:ListFiles now escapes file names correctly. 10953* (bug 22867) "View source" tab is now only displayed if there's source text. 10954* (bug 19393) Feeds now format dates in user language rather than content 10955 language. 10956* (bug 22852) "Served in" comment is now the time used to cache a single page 10957 when using rebuildFileCache.php 10958* (bug 22496) Viewing diff of a redirect page without specifying "oldid" 10959 parameter no longer makes the page displayed as being the redirect target. 10960* (bug 22918) Feed cache keys now use $wgRenderHashAppend. 10961* (bug 21916) Last-Modified header is now correct when outputting cached feed. 10962* (bug 20049) Fixed PHP notice in search highlighter that occurs in some cases. 10963* (bug 23017) Special:Disambiguations now list pages in content namespaces 10964 rather than only main namespace. 10965* (bug 23063) $wgMaxAnimatedGifArea is checked against the total size of all 10966 frames, and $wgMaxImageArea against the size of the first frame, rather than 10967 the other way around. Both now default to 12.5 megapixels. Also, images 10968 exceeding $wgMaxImageArea can still be embedded at original size. 10969* (bug 23078) "All public logs" option on Special:Log is now always the first 10970 item. 10971* (bug 16817) Group names in user rights log are now singular and in lowercase. 10972* Special:Preferences no longer crashes if the wiki default date formatting 10973 style is not valid for the user's interface language. 10974* (bug 23167) Check the watch checkbox by default if the watchcreations 10975 preference is set. 10976* Maintenance script cleanupTitles is now able to fix titles stored 10977 in a negative namespace (which is invalid). 10978* (bug 19858) Removed obsolete <big> in interface messages. 10979* (bug 21456) "Bad title" error when showing non-local interwiki pages no longer 10980 displays incorrect tabs. 10981* (bug 23190) Improved math representation for text browsers. 10982* (bug 22015) Improved upload-by-url error handling and error display. 10983* (bug 17941) $wgMaxUploadSize is now honored by all upload sources. 10984* (bug 23080) New usernames now limited to 235 bytes so that custom skin files 10985 work. 10986* (bug 23075) Correct MediaTransformError default width in gallery. 10987* (bug 16487) The Anonymous user account used on Postgres is no longer 10988 displayed on Special:Listusers. 10989* (bug 23313) Move watchlisthidepatrolled above token in watchlist preferences 10990 to enhance preference grouping. 10991* (bug 23298) Interwiki links with prefix only in log summaries now link to the 10992 correct link. 10993* (bug 23284) Times are now rounded correctly. 10994* (bug 23375) Added ogv, oga, spx as extensions for ogg files. 10995* (bug 18408) All required permissions for uploading (upload, edit, create) 10996 are now checked when loading Special:Upload. Toolbar link for Special:Upload 10997 is no longer shown if the user does not have the required permissions. 10998* (bug 23397) texvc in html mode renders \sim as ˜ not ∼ 10999* (bug 23241) License selector should be disabled during upload of a new 11000 version. 11001* (bug 23240) Add ID to namespace selector form on Special:Watchlist. 11002* The pipe | character in urls is now escaped. 11003* (bug 23422) mp3 files can now be moved. 11004* (bug 23448) MediaWiki:Summary-preview is now displayed instead of 11005 MediaWiki:Subject-preview when previewing summary. 11006* (bug 23426) The {{REVISIONMONTH}} variable is now zero-padded and added 11007 new variable {{REVISIONMONTH1}} when unpadded version is needed. 11008* Special:Userrights didn't recognize user as changing his/her own rights if 11009 user did not capitalize first letter of username. 11010* (bug 23507) Add styles for printing wikitables. 11011* (bug 19586) Avoid JS errors in mwsuggest when using old browsers such 11012 as Opera 8. 11013* (bug 23563) Old skins now support $wgUploadNavigationUrl and take into 11014 account upload rights. 11015* (bug 1347) Render \phi in math using images, in order to create consistent 11016 and correct render results. 11017* (bug 16573) Render \epsilon in math using images, in order to create 11018 consistent and correct render results. 11019* (bug 22541) Support image redirects when using ForeignAPIRepo. 11020* (bug 22967) Make edit summary length cut-off behave correctly for multibyte 11021 characters. 11022* (bug 8689) Long numeric lines no longer kill the parser. 11023* (bug 23740) Article::doRedirect() now use $extraQuery parameter correctly if 11024 the $noRedir parameter is set to true. 11025* (bug 23688) Correct mime types for Office 2007 OpenXML documents. 11026* (bug 23787) Corrected $wgDefaultSkin's comment in DefaultSettings.php. 11027* (bug 23797) Xml::input() now allows '0' for the value parameter. 11028* (bug 23747) Make sure that on History pages, the RevDel button is not 11029 accidentally activated when hitting enter. 11030* (bug 23845) Special:ListFiles now uses correct file names without underscores. 11031* Ask for permanent login in Special:Preferences only if $wgCookieExpiration > 11032 0. 11033* (bug 16356) Repair dumpInterwiki.inc to use proper normalization. 11034* (bug 24006) deleteArchivedRevisions.php maintenance script now longer throws 11035 a fatal error. 11036* (bug 23465) Don't ignore the predefined destination filename on 11037 Special:Upload after following a red link. 11038* (bug 23642) Recognize mime types of MS OpenXML documents. 11039* (bug 22784) Normalise underscores and spaces in autocomments. 11040* (bug 19910) Headings of the form ===+\s+ are now displayed as valid headings. 11041* (bug 24022) Only check file extensions on the uploadpage when needed. 11042* (bug 24076) Recognize Office 2003 files with OpenXML trailers. 11043* (bug 24244) Updated comments in DefaultSettings.php to reflect 11044 Image: --> File: namespace rename. 11045* Make wfTimestamp recognize negative unix timestamp values. 11046* (bug 24401) SimpleSearch: No button/text indicating 'Search' if image is 11047 disabled. 11048* (bug 23293) Do not show change tags when Special:RecentChanges(linked) or 11049 Special:Newpages is transcluded into another page as it messes up the page. 11050* (bug 24517) LocalFile::newFromKey() and OldLocalFile::newFromKey() no longer 11051 throw fatal errors. 11052* (bug 23380) Uploaded files that are larger than allowed by PHP now show a 11053 useful error message. 11054* Uploading to a protected title will allow the user to choose a new name 11055 instead of showing an error page. 11056* (bug 24425) Use Database::replace instead of delete/insert in 11057 SqlBagOStuff::set to avoid query errors about duplicate keynames. 11058* (bug 15470) First letters of filenames are always capitalized by upload JS. 11059* (bug 21215) NoLocalSettings.php doesn't tolerate rewrite rules. 11060* (bug 21052) Fix link color for stubs in NewPages. 11061* (bug 24714) Usage of {{#dateformat: }} in wikis without $wgUseDynamicDates no 11062 longer pollutes the parser cache. 11063* (bug 17031) Correct which characters the parser allows in tag attributes (a 11064 letter, colon or underscore followed by 0 or more letters, numbers, colons, 11065 underscores, hyphens, and/or periods). 11066* Save 200 useless queries on each category page view. 11067* Shell commands will now work on Linux in filesystems mounted noexec. 11068* (bug 24804) Corrected commafying in Polish and Ukrainian. 11069* "Difference between pages" is now displayed instead of "Difference between 11070 revisions" on diffs when appropriate. 11071* (bug 23703) ForeignAPIRepo fails on findBySha1() when using a 1.14 install as 11072 a repository due to missing 'name' attribute from the API list=allimages. 11073* (bug 24898) MediaWiki uses /tmp even if a vHost-specific tempdir is set, also 11074 make wfTempDir() return a sane value for Windows on worst-case. 11075* (bug 24824) Support ImageMagick 6.5.6-2+ JPEG decoder size hint, to reduce 11076 memory usage when such an ImageMagick is used for scaling. 11077* Disable multithreaded behavior in recent ImageMagick, to avoid a deadlock 11078 when a resource limit such as $wgMaxShellMemory is hit. 11079* (bug 24981) Allow extensions to access SpecialUpload variables again. 11080* (bug 20744) Wiki forgets about an uploaded file. 11081* (bug 17913) Don't show "older edit" when no older edit available. 11082* (bug 6204) TOC not properly rendered when using $wgMaxTocLevel. 11083* (bug 24977) The accesskey in history page now lead directly to the diff 11084 instead of alternating focus between the two buttons. 11085* (bug 24987) Special:ListUsers does not take external groups into account. 11086* (bug 20633) update.php has mixed language output. 11087* SQLite system table names are now never prefixed. 11088* (bug 25292) SkinSubPageSubtitle hook now passes the Skin object as second 11089 parameter. 11090* (bug 25167) Correctly load JS fixes for IE6 (fixing a regression in 1.16). 11091* (bug 25367) wfShellExec() is more explicit when failing due to disabled 11092 passthru(). 11093* (bug 25462) Fix double-escaping for section edit link tooltips. 11094* action=raw was removed for Special:Statistics. This information is still 11095 available via the API. 11096* (bug 23934) Groups defined in $wgRevokePermissions but not in 11097 $wgGroupPermissions now appear on Special:ListGroupRights. 11098* (bug 23923) Special:Prefixindex no longer shows results if nothing was 11099 requested. 11100* (bug 22308) Search now finds text in default main page immediately after 11101 setup. 11102* (bug 25697) Make sure empty lines render in diff view. 11103* Use an actual minus sign in diff views, instead of a hyphen. 11104* (bug 23732) Clarified "n links" message on Special:MostLinkedFiles. 11105* (bug 23731) Clarified "n links" message on Special:MostLinkedTemplates. 11106* (bug 25642) A exception is now thrown instead of a fatal error when using 11107 $wgSMTP without PEAR mail package. 11108* (bug 19633) When possible, Upscale small SVGs when creating thumbnails. 11109* (bug 11013) Database driver detection needs rewriting for robustness. 11110* (bug 13409) Installer prompts could use clarification--now has help boxes. 11111* (bug 16902) Installer spews warnings when exec() and dl() are not available. 11112* (bug 19129) Only show MyISAM/InnoDB when supported. 11113* (bug 17762) Only show other e-mail options when e-mail is globally enabled. 11114* Cache multiple sizes of InstantCommons thumbnails. 11115* (bug 25488) Disallowing anonymous users to read pages no longer throws error 11116 on discussion pages with vector as default skin. 11117* (bug 24833) Files name in includes/diff/ are now less confusing. 11118* (bug 25713) SpecialPage::resolveAlias() now normalise spaces to underscores. 11119* (bug 25829) Special:Mypage and Special:Mytalk now forward oldid, diff and dir 11120 parameters. 11121* (bug 25175) HTML file cache now honor $wgCacheDirectory if 11122 $wgFileCacheDirectory is not set. 11123* (bug 13353) Diff3 version checks were too strict, did not detect working 11124 diff3. 11125* (bug 25843) Links to special pages using link= attribute on images are now 11126 normalised like normal links to special pages. 11127* (bug 21364) External links using link= attribute on images now respect 11128 $wgExternalLinkTarget. 11129* (bug 17789) Added a note to the total views on Special:Statistics saying that 11130 is doesn't count non-existing pages and special pages. 11131* (bug 17996) HTTP redirects are now combined when requesting a special page. 11132* (bug 19944) Link on image thumbnails no longer link to "Media:" namespace in 11133 some cases. 11134* (bug 25670) wfFindFile() now checks the namespace of the given title, only 11135 "File" and "Media" are allowed now. 11136* (bug 25872) Rename the HttpRequest class to MWHttpRequest to avoid conflict 11137 with php extension that defines same class. 11138* (bug 20591) There's now a different message on Special:MovePage when 11139 $wgFixDoubleRedirects is set to false. 11140* Fixed PHP warnings when updating a broken MySQL database. 11141* (bug 26023) Corrected deleteBacth.php's documentation. 11142* (bug 25451) Improved datetime representation in 32 bit php >= 5.2. 11143* Show "skin does not exist error" only when the skin is inputted in the wrong 11144 case. 11145* (bug 26164) Potential html injection when the database server isn't available. 11146* (bug 26160) Upload description set by extensions are not propagated. 11147* (bug 9675) generateSitemap.php now takes an --urlpath parameter to allow 11148 absolute URLs in the sitemap index (as required e.g. by Google). 11149* Partial workaround for bug 6220: at least make files on shared repositories 11150 show up as (struck-out) bluelinks instead of redlinks on Special:WantedFiles. 11151* rebuildFileCache.php no longer creates inappropriate cache files for 11152 redirects. 11153* (bug 25512) Subcategory list should not include category prefix for members. 11154* (bug 10871) Javascript and CSS pages in MediaWiki namespace are no longer 11155 treated as wikitext on preview. 11156* Page existence is now not revealed (in the colour of the tabs) to users who 11157 cannot read the page in question. 11158* (bug 22753) Output from update.php is more clear when things changed, entries 11159 indicating nothing changed are now all prefixed by "..." 11160* (bug 16019) $wgArticlePath = "/$1" no longer breaks API edit/watch actions. 11161* (bug 18372) File types blacklisted by $wgFileBlacklist will no longer be shown 11162 as "Permitted file types" on the upload form. 11163* (bug 26540) Fixed wrong call to applyPatch in MysqlUpdater. 11164* (bug 26034) Make the "View / Read" tab in content_navigation style tabs remain 11165 selected when the action is "purge". 11166* (bug 26733) Wrap initial table creation in transaction. 11167* (bug 26208) Mark directionality of some interlanguage links. 11168* (bug 26716) Provide link to instructions for external editor related 11169 preferences. 11170* (bug 26961) Hide anon edits in watchlist preference now actually works. 11171* (bug 1379) Installer directory conflicts with some hosts' configuration panel. 11172* (bug 27781) Installer does not warn about 5.1.x. Added a compatibility 11173 function for array_key_exists(). 11174* Fix XML well-formedness on a few pages when $wgHtml5 is true (the default). 11175* (bug 28069) MediaWiki fails streaming files when mod_deflate and ob_gzhandler 11176 are also set. 11177* (bug 26223) Concurrently moving an article to different titles leaks a 11178 redirect revision with no page. 11179* (bug 15641) Fixed permissions checks in Special:Import which allowed users 11180 without the 'import' permission to import pages from configured import 11181 sources. 11182* (bug 26449) Keep underlines from headings outside of tables and thumbs by 11183 adding overflow:hidden to h1,h2,h3,h4,h5,h6 (also fixes editsection bunching). 11184* (bug 26708) Remove background-color:white from tables in Monobook and Vector. 11185* (bug 26781) {{PAGENAME}} and related parser functions escape their output 11186 better. 11187* (bug 26716) Provide link to instructions for external editor related 11188 preferences and add a comment to the ini control file explaining what is going 11189 on. 11190* (bug 28422) Remove color:black from tables in Monobook and Vector. And add it 11191 to table.wikitable instead. 11192* (bug 27560) Search queries no longer fail in walloon language. 11193* (bug 27700) The upload protection can now also be set for files that do not 11194 exist. 11195* (bug 28034) uploading file to local wiki when file exists on shared repository 11196 (commons) gives spurious info in the warning message. 11197* Usernames get lost when selecting different sorts on Special:listfiles. 11198* (bug 28166) UploadBase assumes that 'edit' and 'upload' rights are not per 11199 page restrictions. 11200* (bug 28242) Make redirects generated by urls containing a local interwiki 11201 prefix be a 301 instead of a 302. 11202* (bug 28568) Entries in the iwlinks table are now removed on page deletion. 11203* (bug 28306) Fix exposure of suppressed usernames in ForeignDBRepo. 11204* (bug 28444) Fix regression: edit-on-doubleclick retains revision id again. 11205* UtfNormal::cleanUp on an invalid utf-8 sequence no longer returns false if 11206 intl installed. 11207* (bug 26729) Category pages should return 404 if they do not exist and have no 11208 members. 11209* (bug 28214) When page not found, sends malformed HTTP/1.x instead of HTTP/1.1 11210 in header of response. 11211* (bug 27634) TOC title appears in wrong language. 11212* (bug 27761) Fix regression: pages with Esperanto titles containing convertible 11213 character sequences became unreachable. 11214* (bug 27508) SVGMetadataExtractor takes too much resources on huge svgs. 11215* (bug 27465) SVG thumbnail generation. 11216* (bug 27467) preload can leave UNIQ. 11217* (bug 27539) Allow attributes beginning with a digit in wikitext tag 11218 parameters. 11219* (bug 27328) using relative paths in CSS imports in MediaWiki:Common.css broken 11220 in 1.17. 11221* (bug 27333) Fix repetitive last-seen time queries on page history. 11222* (bug 26250, bug 23817) Fix wfObjectToArray() to descend into arrays; fixes 11223 processing of JSON return values for ForeignAPIRepo when native json module 11224 not present. 11225* (bug 25675) Fix search suggestions for Special: pages with spaces. 11226* (bug 25571) Xml::encodeJsVar now passes floats natively instead of converting 11227 to strings. 11228* (bug 27338) Gallery in 1.17 breaks for audio/video + ogghandler. 11229* (bug 27302) Don't append the current timestamp for user/site modules when no 11230 user/site JS/CSS is present. 11231* (bug 27016) dumpTextPass.php now consider the "output" parameter. 11232* (bug 22606) don't send the "someone registred an account" message when setting 11233 email address (i.e. old one empty) in user preferences. 11234* (bug 26458) Section edit links appear on pages that user does not have right 11235 to edit. 11236* (bug 28611) Don't die in SqlBagOStuff::incr() if there's a race condition. 11237* (bug 16886) Sister projects box moves down the extract of the first result 11238 in IE 7. 11239* (bug 17398) Fixed "link" parameter in image links with "thumb" or "frame" 11240 parameter. 11241 11242=== API changes in 1.17 === 11243 11244* BREAKING CHANGE: action=patrol now requires POST. 11245* BREAKING CHANGE: patrol token is no longer the same as edit token. 11246* BREAKING CHANGE: Session keys returned by ApiUpload are now strings instead 11247 of integers. 11248* BREAKING CHANGE: (bug 25303) Fix API parameter integer validation to actually 11249 enforce validation on the input values in addition to giving a warning. 11250 Also add flag to enforce (die) if integer out of range. 11251* (bug 24650) Fix API to work with categorylinks changes. 11252* action=parse now correctly returns an error for nonexistent pages. 11253* (bug 27201) Special:WhatLinksHere output no longer contains duplicate IDs. 11254* (bug 26560) On allusers if limit < total number of users, last user gets 11255 duplicated. 11256* (bug 27715) imageinfo didn't respect revdelete. 11257* (bug 27479) API error when using both prop=pageprops and 11258 prop=info&inprop=displaytitle. 11259* (bug 27862) Useremail module didn't properly return success on success. 11260* (bug 27590) prop=imageinfo now allows querying the media type. 11261* (bug 27587) list=filearchive now outputs full title info. 11262* (bug 27897) list=allusers and list=users list hidden users. 11263* (bug 22738) Allow filtering by action type on query=logevent. 11264* (bug 22764) uselang parameter for action=parse. 11265* (bug 22944) API: watchlist options are inconsistent. 11266* (bug 22868) don't list infinite block expiry date as "now" in API logevents. 11267* (bug 22290) prop=revisions now outputs "comment" field even when comment 11268 is empty, for consistency with list=recentchanges. 11269* (bug 19721) API action=help should have a way to just list for a specific 11270 module. 11271* (bug 23458) Add support for pageid parameter to action=parse requests. 11272* (bug 23460) Parse action should have a section option. 11273* (bug 21346) Make deleted images searchable by hash. 11274* (bug 23461) Normalise usage of parameter names in parameter descriptions. 11275* (bug 23548) Allow access of another users watchlist through watchlistraw 11276 using token and username. 11277* (bug 23524) Api Modules as followup to bug 14473 (Add iwlinks table to 11278 track inline interwiki link usage). 11279* Add pltitles and tltemplates to prop=links and prop=templates respectively, 11280 similar to prop=categories's clcategories. 11281* (bug 23834) Invalid "thumbwidth" and "thumbheight" in "imageinfo" query when 11282 thumbnailing larger than original image. 11283* (bug 23835) Need "thumbmime" result in "imageinfo" query. 11284* (bug 23851) Repair diff for file redirect pages. 11285* (bug 24009) Include implicit groups in action=query&list=users&usprop=groups. 11286* (bug 24016) API: Handle parameters specified in simple string syntax 11287 ( 'paramname' => 'defaultval' ) correctly when outputting help. 11288* (bug 24089) Logevents causes PHP Notice if leprop=title isn't supplied. 11289* (bug 23473) Give description of properties on all modules. 11290* (bug 24136) unknownerror when adding new section without summary, but 11291 forceditsummary. 11292* (bug 22339) Added srwhat=nearmatch to list=search to get a "go" result. 11293* (bug 24303) Added new &servedby parameter to all actions which adds the 11294 hostname that served the request to the result. It is also added 11295 unconditionally on error. 11296* (bug 24185) Titles in the Media and Special namespace are now supported for 11297 title normalization in action=query. Special pages have their name resolved 11298 to the local alias. 11299* (bug 24296) Added converttitles parameter to convert titles to their 11300 canonical language variant. 11301* (bug 23936) Add "displaytitle" to query/info API. 11302* (bug 24485) Make iwbacklinks a generator, optionally display iwprefix and 11303 iwtitle. 11304* (bug 24564) Fix fatal errors when using list=deletedrevs, prop=revisions or 11305 one of the backlinks generators with limit=max. 11306* (bug 24656) API's parse module needs option to disable PP report. 11307* PARAM_REQUIRED parameter flag added. If this flag is set, and the end user 11308 does not set the parameter, the API will automatically throw an error. 11309* (bug 24665) When starttimestamp is not specified, fake it by setting it to 11310 NOW, not to the timestamp of the last edit. 11311* (bug 24677) axto= parameters added to allcategories, allimages, alllinks, 11312 allmessages, allpages, and allusers. 11313* (bug 24236) Add add, remove, add-self, remove-self tags to 11314 meta=siteinfo&siprop=usergroups. 11315* (bug 24484) Add prop=pageprops module. 11316* (bug 24330) Add &redirect parameter to ?action=edit. 11317* (bug 24722) For list=allusers&auprop=blockinfo, only show blockedby and 11318 blockreason if the user is actually blocked. 11319* Add format=dump and format=dumpfm, outputs results in PHP's var_dump() format. 11320* For required string parameters, if '' is provided, this is now classed as 11321 missing. 11322* (bug 24724) list=allusers is out by 1 (shows total users - 1). 11323* (bug 24166) API error when using rvprop=tags. 11324* Introduced "asynchronous download" mode for upload-by-url. Requires 11325 $wgAllowAsyncCopyUploads to be true. 11326* sinumberingroup correctly gives size of 'user' group, and omits size of 11327 implicit groups rather than showing 0. 11328* (bug 25248) API: paraminfo errors with certain modules. 11329* (bug 24792) API help for action=purge sometimes wrongly stated whether a 11330 POST request was needed due to cache pollution. 11331* Added iiprop=parsedcomment to prop=imageinfo, similar to prop=revisions. 11332* Added rvparse to parse revisions. For performance reasons if this option is 11333 used, rvlimit is enforced to 1. 11334* (bug 25748) If a action=parse request provides an oldid that is actually the 11335 current revision id, try the parser cache, and save it to it if necessary. 11336* (bug 25463) Export header should not be shown if no pages were requested, to 11337 reduce confusion. 11338* (bug 25648) API discovery information has been added as RSD link in page 11339 <head> and by providing an API module action=rsd. Added hook 11340 ApiRsdServiceApis for extensions to add their own service to the services 11341 list. 11342* The HTML of diff output markers has changed. Hyphens are now minus signs, 11343 empty markers are now filled with non-breaking-space characters. 11344* (bug 25741) Add more data to list=search's srprop. 11345* (bug 25760) counter property still reported by the API when 11346 $wgDisableCounters enabled. 11347* (bug 25987) prop=info&inprop=watched now also works for missing pages. 11348* (bug 26006) prop=langlinks now allows obtaining full URL. 11349* (bug 26075) ApiDelete.php now calls correctly ArticleDelete hook. 11350* (bug 26089) add block expiration to blockinfo. 11351* (bug 26125) prop=imageinfo&iiprop=size now returns the page count if the 11352 file is a multi-page file. 11353* (bug 10268) Added linktodiffs parameter on action=feedwatchlist. 11354* (bug 26219) Show API limits for multi values in description. 11355* (bug 28070) Fix watchlist RSS for databases that store timestamps in a 11356 real timestamp field. 11357* (bug 27722) list=filearchive now supports revdel. 11358 11359=== Language support changes in 1.17 === 11360 11361MediaWiki supports over 330 languages. Many localizations are updated regularly. 11362 11363The following languages were added: 11364 11365* Moroccan Spoken Arabic (ary) 11366* Banjar (bjn) 11367* Kabardian (kbd) 11368* Kabardian (Cyrillic) (kbd-cyrl) 11369* Latgalian (ltg) 11370* Minangkabau (min) 11371* Dutch (informal) (nl-informal) 11372* Rusyn (rue) 11373 11374Other significant changes to MediaWiki's language support: 11375 11376* Fiji Hindi (Devangari script) was removed. 11377* Removed deprecated language code "dk" (Danish), use "da" instead. 11378* Link trail added for sl and sh. 11379* (bug 27633) Add characters to linkTrail for Portuguese (pt and pt-br). 11380* (bug 23156) Commafy and search normalization updated for Belarusian 11381 (Taraškievica). 11382* (bug 23283) Native name for Old English -> Ænglisc. 11383* (bug 23364) Native name for Azerbaijani -> Azərbaycanca. 11384* (bug 24593) Native name for Sorani now uses only Arabic script. 11385* (bug 24628) Generic translations for NS_USER/NS_USER_TALK for Esperanto. 11386* (bug 24917) Polish as fallback for Kashubia. 11387* (bug 24794) Tatar link trail updated. 11388* Esperanto date format corrected. 11389* (bug 28159) Change interwiki name of language kbd to Къэбэрдеибзэ / 11390 Qabardjajəbza. 11391* (bug 28184) Namespaces for the Latgalian Wikipedia. 11392* (bug 25010) Bashkir-language interwikis: linktext change from Башҡорт 11393 to Башҡортса. 11394* (bug 26395) Change name of Cornish language to Kernowek. 11395 11396=== Other changes in 1.17 === 11397 11398* DatabaseFunctions.php that was needed for compatibility with pre-1.3 11399 extensions has been removed. 11400* XmlFunctions.php has been removed. Use the Xml or Html classes as appropriate. 11401* The FailFunction "error handling" method has now been removed 11402* Sysops now have the "suppressredirect" right by default 11403* Removed $wgRemoteUploads. It was not well supported and superseded by 11404 $wgUploadNavigationUrl. 11405* (bug 26253) $wgPostCommitUpdateList has been removed 11406* The PHPUnit test suite has been removed from this release due to serious 11407 issues which should be resolved by the 1.18 release. 11408* Oracle DB now uses the __destruct function to commit/close connection as it 11409 doesn't commit on close if transation is triggered in OCI. 11410 11411== MediaWiki 1.16 == 11412 11413== MediaWiki 1.16.5 == 11414=== Changes since 1.16.4 === 11415 11416* (bug 28534) Fixed XSS vulnerability for IE 6 clients. This is the third 11417 attempt at fixing bug 28235. 11418* (bug 28639) Fixed potential privilege escalation when $wgBlockDisablesLogin 11419 is enabled. 11420 11421== MediaWiki 1.16.4 == 11422=== Changes since 1.16.3 === 11423 11424* (bug 28507) The change we made in 1.16.3 to fix bug 28235 (XSS for IE 6 11425 clients) was not actually sufficient to fix that bug. This release contains 11426 a second attempt, hopefully we have fixed it this time. 11427 11428== MediaWiki 1.16.3 == 11429=== Changes since 1.16.2 === 11430 11431* (bug 28449) Fixed permissions checks in Special:Import which allowed users 11432 without the 'import' permission to import pages from the configured import 11433 sources. 11434* (bug 28235) Fixed XSS affecting IE 6 and earlier clients only, due to those 11435 browsers looking for a file extension in the query string of the URL, and 11436 ignoring the Content-Type header if one is found. 11437* (bug 28450) Fixed a CSS validation issue involving escaped comments, which 11438 led to XSS for Internet Explorer clients and privacy loss for other clients. 11439 11440== MediaWiki 1.16.2 == 11441=== Changes since 1.16.1 === 11442 11443* (bug 26642) Fixed incorrect translated namespace due to a regression in the 11444 language converter. 11445* The interface translations were updated. 11446* (bug 27093, CVE-2011-0047): Fixed CSS injection vulnerability. 11447* (bug 27094) Fixed server-side arbitrary script inclusion vulnerability. 11448 Affects Windows servers only. A malicious file with extension ".php" must 11449 exist on the server for the exploit to be effective. 11450 11451== MediaWiki 1.16.1 == 11452=== Changes since 1.16.0 === 11453 11454* (bug 24981) Allow extensions to access SpecialUpload variables again 11455* (bug 24724) list=allusers was out by 1 (shows total users - 1) 11456* (bug 24166) Fixed API error when using rvprop=tags 11457* For wikis using French as a content language, Special:Téléchargement works 11458 again as an alias for Special:Upload. 11459* (bug 25167) Correctly load JS fixes for IE6 (fixing a regression in 1.16.0) 11460* (bug 25248) Fixed paraminfo errors in certain API modules. 11461* The installer now has improved handling for situations where safe_mode is 11462 active or exec() and similar functions are disabled. 11463* (bug 19593) Specifying --server in now works for all maintenance scripts. 11464* Fixed $wgLicenseTerms register globals. 11465* (bug 26561) Fixed clickjacking vulnerabilities by introducing support for 11466 X-Frame-Options. The header value can be configured using $wgBreakFrames and 11467 $wgEditPageFrameOptions. 11468 11469== MediaWiki 1.16.0 == 11470=== Changes since 1.16 beta 3 === 11471 11472* (bug 23769) Disabled HTML 5 client-side form validation. Was introduced in 11473 1.16 beta 1, but is currently poorly supported by browsers. 11474* (bug 23175) Re-added window.ta variable for backwards compatibility. 11475* (bug 23264) Fixed breakage of various command line scripts due to extra line 11476 endings being inserted by Maintenance::output(). 11477* Fixed HTTP client functionality with safe_mode=On. 11478* Fixed parser tests broken in 1.16 beta 3. 11479* For Oracle DB backend: fixed parser tests and table prefix feature. 11480* (bug 23767) Fixed PHP warning when REQUEST_URI is blank (IIS issue). 11481* Fixed plural function for Northern Sami (se) 11482* (bug 23597) Fixed conflicts between ID attributes in the Vector skin and 11483 parser-generated heading IDs. Renamed head, panel, head-base and page-base. 11484* Disabled $wgHitcounterUpdateFreq>1 feature on SQLite, does not work yet. 11485* (bug 23465) Don't ignore the predefined destination filename on 11486 Special:Upload after following a red link to a file. 11487* In SQLite full-text search feature: fixed "move page" feature, was non- 11488 functional. 11489* (bug 24565) Fixed Cache-Control headers sent from API modules, to protect 11490 user privacy in the case where an attacker can access the wiki through the 11491 same HTTP proxy as a logged-in user. 11492* Fixed an XSS vulnerability in profileinfo.php for installations with 11493 $wgEnableProfileInfo = true (false by default) 11494* Fixed a case where an X-Vary-Options header was sent despite $wgUseXVO being 11495 false. Fixed a minor header parsing issue when $wgUseXVO = true. 11496* Fixed a register_globals arbitrary inclusion vulnerability in 11497 MediaWikiParserTest.php, introduced in 1.16 beta 1. 11498 11499=== Changes since 1.16 beta 2 === 11500 11501* Fixed bugs in the [[Special:Userlogin]] and [[Special:Emailuser]] handling of 11502 invalid usernames. 11503* Fixed sorting in [[Special:Allmessages]] 11504* (bug 23113) Fixed title in the show/hide links on diff pages 11505* (bug 23117) Fixed API rollback, was returning "badtoken" for valid requests 11506* (bug 23127) Re-added missing $1 parameter to the uploadtext message 11507* Fixed a bug in the Vector skin where personal tools display behind the logo 11508* (bug 23139) Fixed a bug in edit conflict resolution, where both textboxes 11509 showed the same text. 11510* (bug 23115, bug 23124) Fixed various problems with <title> and <h1> elements 11511 in page views and previews when the language converter is enabled. 11512* (bug 23148) Fixed a local path disclosure vulnerability in ImageMagick image 11513 scaling, which was introduced in 1.16 beta 1. 11514* Improved error checking on installer. 11515* (bug 22970) Fixed a JavaScript error in the upload destination conflict 11516 check. 11517* (bug 23167) Check the watch checkbox by default if the watchcreations 11518 preference is set. 11519* (bug 23171) Improve IE6 version check to avoid false positives. 11520* (bug 23176) Fixed upload warning override feature "upload new version", 11521 broken in 1.16 beta 1. 11522* Fixed regression in unwatch links sent out in notification emails. When the 11523 mailing job was deferred via the job queue, the title was incorrect. 11524* (bug 23534) Fixed SQL query error in API list=allusers. 11525* Fixed a bug in uploads for non-JavaScript clients. An empty string was used 11526 as the default destination filename, instead of the source filename as 11527 expected. 11528* (bug 23371) Fixed CSRF vulnerability in "e-mail me my password", "create 11529 account" and "create by e-mail" features of [[Special:Userlogin]] 11530* (bug 23687) Fixed XSS vulnerability affecting IE clients only, due to a CSS 11531 validation issue. 11532* Fixed a DoS vulnerability in ImageMagick image scaling. ImageMagick 11533 expanded wildcard characters "?" and "*" in image filenames, potentially 11534 causing large numbers of images to be scaled in response to a single request. 11535 The fix for this involves breaking the scaling of such image filenames until 11536 ImageMagick 6.6.1-5 or later is deployed, see bug 23361 for more details. 11537* (bug 23608) Fixed invalid HTML in diff pages. 11538 11539=== Changes since 1.16 beta 1 === 11540 11541* Fixed errors in maintenance/patchSql.php 11542* (bug 19627) Fix regression from r57867 where HTMLForm would output 11543 <element classes="foo bar"> rather than <element class="foo bar"> 11544* Fixed broken "-r" option to maintenance/lag.php 11545* (bug 23076) Fixed login CSRF vulnerability. Logins now require a token to 11546 be submitted along with the user name and password. 11547 11548=== Configuration changes in 1.16 === 11549 11550* (bug 18222) $wgMinimalPasswordLength default is now 1 11551* $wgSessionHandler can be used to configure session.save_handler 11552* $wgLocalFileRepo/$wgForeignFileRepos now have a 'fileMode' parameter to 11553 be used when uploading/moving files 11554* (bug 18761) $wgHiddenPrefs is a new array for specifying preferences not 11555 to be shown to users 11556* $wgAllowRealName and $wgAllowUserSkin were deprecated in favor of 11557 $wgHiddenPrefs[] = 'realname', but the former are still retained 11558 for backwards-compatibility 11559* (bug 9257) $wgRCMaxAge now defaults to three months 11560* $wgDevelopmentWarnings can be set to true to show warnings about deprecated 11561 functions and other potential errors when developing. 11562* Subpages are now enabled in the MediaWiki namespace by default. This is 11563 mainly a cosmetic change, and does not in any way affect the MessageCache, 11564 which was already effectively treating the namespace as if it had subpages. 11565* Oracle: maintenance/ora/user.sql script for creating DB user on oracle with 11566 appropriate privileges. Creating this user with web-install page requires 11567 oci8.privileged_connect set to On in php.ini. 11568* Removed UserrightsChangeableGroups hook introduced in 1.14 11569* Added $wgCacheDirectory, to replace $wgFileCacheDirectory, 11570 $wgLocalMessageCache, and any other local caches which need a place to put 11571 files. 11572* $wgFileCacheDirectory is no longer set to anything by default, and so either 11573 needs to be set explicitly, or $wgCacheDirectory needs to be set instead. 11574* $wgLocalMessageCache has been removed. Instead, set $wgUseLocalMessageCache 11575 to true 11576* Removed $wgEnableSerializedMessages and $wgCheckSerialized. Similar 11577 functionality is now available via $wgLocalisationCacheConf. 11578* $wgMessageCache->addMessages() is deprecated. Messages added via this 11579 interface will not appear in Special:AllMessages. 11580* $wgRegisterInternalExternals can be used to record external links pointing 11581 to same server 11582* (bug 19907) $wgCrossSiteAJAXdomains and $wgCrossSiteAJAXdomainExceptions added 11583 to control which external domains may access the API via cross-site AJAX. 11584* $wgMaintenanceScripts for extensions to add their scripts to the default list 11585* $wgMemoryLimit has been added, default value '50M' 11586* $wgExtraRandompageSQL is deprecated, the SpecialRandomGetRandomTitle hook 11587 should be used instead 11588* (bug 20489) $wgIllegalFileChars added to override the default list of illegal 11589 characters in file names. 11590* (bug 19646) $wgImgAuthDetails added to display reason access to uploaded file 11591 was denied to users(img_auth only) 11592* (bug 19646) $wgImgAuthPublicTest added to test to see if img_auth set up 11593 correctly (img_auth only) 11594* $wgUploadMaintenance added to disable file deletions and restorations during 11595 maintenance 11596* $wgCapitalLinkOverrides added to configure per-namespace capitalization 11597* (bug 21172) $wgSorbsUrl can now be an array with multiple DNSBL and renamed 11598 to $wgDnsBlacklistUrls (backward compatibility kept) 11599* $wgEnableHtmlDiff has been removed 11600* (bug 3340) $wgBlockCIDRLimit added (default: 16) to configure the low end of 11601 CIDR ranges for blocking 11602* $wgUseInstantCommons added for quick and easy enabling of Commons as a remote 11603 file repository 11604* $wgDBAhandler added to choose a DBA handler when using CACHE_DBA 11605* $wgPreviewOnOpenNamespaces for extensions that create namespaces that behave 11606 similarly to the category namespace. 11607* $wgEnableSorbs renamed to $wgDnsBlacklistUrls ($wgEnableSorbs kept for 11608 backward compatibility) 11609* $wgUploadNavigationUrl now also affects inline images that do not 11610 exist. In that case the URL will get (?|&)wpDestFile=<filename> appended to 11611 it as appropriate. 11612* If $wgLocaltimezone is null, use the server's timezone as the default for 11613 signatures. This was always the behavior documented in DefaultSettings.php 11614 but has not been the actual behavior for some time: instead, UTC was used 11615 by default. 11616* Added $wgExtensionAssetsPath, to decouple assets serving from $wgScriptPath. 11617 If not specified it will default to $wgScriptPath/extensions 11618* Added $wgCountTotalSearchHits to make search UI display total number of hits 11619 with some search engines. 11620* Added $wgAdvertisedFeedTypes to decide what feed types (RSS, Atom, both, or 11621 neither) MediaWiki advertises. Default is array( 'atom' ), so RSS is no 11622 longer advertised by default (but it still works). 11623* Added $wgMemCachedTimeout, controls how long to wait for data from the 11624 memcached servers. 11625* New configuration variables $wgDebugTimestamps and $wgDebugPrintHttpHeaders 11626 for controlling debug output. 11627* New $wgBlockDisablesLogin when set to true disallows blocked users from 11628 logging in. 11629* (bug 8790) Metadata edition ($wgUseMetadataEdit) has been moved to a separate 11630 extension "MetadataEdit". 11631 11632=== New features in 1.16 === 11633 11634* Add CSS defintion of the 'wikitable' class to shared.css 11635* (bug 17163) Added MediaWiki:Talkpageheader which will be displayed when 11636 viewing talk pages 11637* Superfluous border="0" removed from images 11638* Added new hook 'MessageCacheReplace' into MessageCache.php. For instance 11639 to allow extensions to update caches in similar way as MediaWiki invalidates 11640 a cached MonoBook sidebar 11641* Special:AllPages: Move hardcoded styles from code to CSS 11642* (bug 18529) New hook: SoftwareInfo for adding information about the software 11643 to Special:Version 11644* Added $wgExtPGAlteredFields to allow extensions to easily alter the data 11645 type of columns when using the Postgres backend. 11646* (bug 16950) Show move log when viewing/creating a deleted page 11647* (bug 18242) Show the Subversion revision number per extensions in 11648 Special:Version 11649* (bug 18420) Missing file revisions are handled gracefully now 11650* (bug 9219) Auth plugins can control editing RealName/Email/Nick preferences 11651* (bug 18466) Add note or warning when overruling a move (semi-)protection 11652* (bug 18342) insertTags works in edit summary box 11653* (bug 18411) The upload form also checks post_max_size 11654* Watchlist now has a specialized <div> tag that contains a unique class for 11655 each page 11656* Added Minguo calendar support for the Taiwan Chinese language 11657* Database: unionQueries function to be used for UNION sql construction, so 11658 it can be overloaded on DB abstraction level for DB specific functionality 11659* (bug 18849) Implement Japanese and North Korean calendars 11660* (bug 5755) Introduce {{CURRENTMONTH1}} and {{LOCALMONTH1}} to display the 11661 month number without the leading zero 11662* (bug 13456) categoriespagetext supports PLURAL 11663* (bug 18860) Blocks of IPs affecting registered users can now block email 11664* (bug 17093) Date and time are separate parameters in Special:BlockList 11665* (bug 11484) Added ISO speed rating to default collapsed EXIF metadata view 11666* (bug 14866) Messages 'recentchangeslinked-toolbox' and 11667 'recentchangeslinked-toolbox' were added to allow more fine grained 11668 customisation of the user interface 11669* DISPLAYTITLE now accepts a limited amount of wiki markup (the single-quote 11670 items) 11671* Special:Search now could search terms in all variant-forms. ONLY apply on 11672 wikis enabled LanguageConverter. 11673* Add autopromote condition APCOND_BLOCKED to autopromote blocked users to 11674 various user groups. 11675* Add $wgRevokePermissions as a means of restricting a group's rights. The 11676 syntax is identical to $wgGroupPermissions, but users in these groups will 11677 have these rights stripped from them. 11678* Added a PHP port of CDB (constant database), for improved local caching when 11679 the DBA extension is not available. 11680* Introduced a new system for localisation caching. The system is based around 11681 fast fetches of individual messages, minimising memory overhead and startup 11682 time in the typical case. The database backend will be used by default, but 11683 set $wgCacheDirectory to get a faster CDB-based implementation. 11684* Expanded the number of variables which can be set in the extension messages 11685 files. 11686* Added a feature to allow per-article process pool size control for the parsing 11687 task, to limit resource usage when the cache for a heavily-viewed article is 11688 invalidated. Requires an external daemon. 11689* (bug 19576) Moved the id attributes from the anchors accompanying section 11690 headers to the <span class="mw-headline"> elements within the section headers, 11691 removing the redundant anchor elements. 11692* Parser::setFunctionTagHook now can be used to add a new tag which is parsed at 11693 preprocesor level. 11694* Added $wgShowArchiveThumbnails, allowing sysadmins to disable thumbnail 11695 display for old versions of images. 11696* In watchlists and Special:RecentChanges, the difference in page size now 11697 appears in dark green if bytes were added and dark red if bytes were removed. 11698* Added FSRepo configuration properties thumbUrl and thumbDir, to allow the 11699 thumbnails to be stored in a separate location to the source images. 11700* If config/ directory is not executable, the command to make it executable 11701 now asks the user to cd to the correct directory 11702* Add experimental new external authentication framework, ExternalAuth 11703* (bug 18768) Remove AdminSettings requirements. Maintenance environment 11704 will still load it if it exists, but it's not required for anything 11705* (bug 19900) The "listgrouprights-key" message is now wrapped in a div with 11706 class "mw-listgrouprights-key" 11707* (bug 471) Allow RSS feeds for watchlist, using an opt-in security token 11708* (bug 10812) Interwiki links can have names and descriptions, fetched from 11709 message 'interwiki-desc-PREFIX', not really used anywhere yet though 11710* (bug 9691) Add type (signup or login) parameter to 11711 AuthPlugin::ModifyUITemplate() 11712* (bug 14454) "Member of group(s)" in Special:Preferences causes language 11713 difficulties 11714* (bug 16697) Unicode combining characters are difficult to edit in some 11715 browsers 11716* Parser test supports uploading results to remote CodeReview instance 11717* (bug 20013) Added CSS class "mw-version-ext-version" is wrapped on the 11718 extension version in Special:Version 11719* (bug 20014) Added CSS class "mw-listgrouprights-right-name" is wrapped on the 11720 right name in Special:ListGroupRights 11721* (bug 12920) New CoreParserFunction {{nse:...}} as an url-friendly equivalent 11722 to {{ns:...}} 11723* (bug 16322) Allow maintenance scripts to accept DB user/pass over input or 11724 params 11725* (bug 18566) Maintenance script to un/protect pages 11726* (bug 671) The HTML <abbr> tag is now permitted. 11727* RecentChanges now has a legend to explain what the Nmb! flags mean, and the 11728 flags have tooltips. 11729* (bug 15209) New hook BeforeInitialize called after everything has been setup 11730 but before Mediawiki::performRequestForTitle() 11731* wgMainPageTitle variable now available to JavaScript code to identify the main 11732 page link, so it doesn't have to be extracted from the link URLs. 11733* (bug 16836) Display preview of signature in user preferences and describe its 11734 use 11735* The default output format is now HTML 5 instead of XHTML 1.0 Transitional. 11736 This can be disabled by setting $wgHtml5 = false;. Specific features enabled 11737 if HTML 5 is used: 11738** Some extra inputs will be autofocused, in supporting browsers. 11739** The summary attribute has been removed from tables of contents. summary is 11740 obsolete in HTML 5 and wasn't useful here anyway. 11741** Unnecessary type="" attribute removed for CSS and JS. 11742** If $wgWellFormedXml is set to false, some bytes will be shaved off of HTML 11743 output by omitting some things like quotation marks where HTML 5 allows. 11744** (bug 16921) maxlength enabled for page move comments 11745* The description message in $wgExtensionCredits can be an array with parameters 11746* New hook SpecialRandomGetRandomTitle allows extensions to modify the selection 11747 criteria used by Special:Random and subclasses, or substitute a custom result, 11748 deprecating the $wgExtraRandompageSQL config variable 11749* (bug 20318) Distinct CSS classes for ISBN/RFC/PMID special links added 11750* (bug 20404) Custom fields in the user creation form template can now have 11751 detail labels in prefsectiontip divs. 11752* MakeSysop and MakeBot are now aliases for Special:UserRights 11753* IndexPager->mLimitsShown can now be an associative array of limit => text-to- 11754 display-in-limit-form. 11755* (bug 18880) LogEventsList::showLogExtract() can now take a string-by-reference 11756 and add its HTML to it, rather than having to go straight to $wgOut. 11757* Added $wgShowDBErrorBacktrace, to allow users to easily gather backtraces for 11758 database connection and query errors. 11759* Show change block / unblock link on Special:Contributions if user is blocked 11760* Display note on Special:Contributions if the user is blocked, and provide an 11761 excerpt from the block log. 11762* (bug 19646) New hook: ImgAuthBeforeStream for tests and functionality before 11763 file is streamed to user, but only when using img_auth 11764* Note on non-existing user and user talk pages if user does not exist 11765* New hook ShowMissingArticle so extensions can modify the output for 11766 non-existent pages. 11767* Admins could disable some variants using $wgDisabledVariants now. ONLY apply 11768 on wikis enabled LanguageConverter. 11769* (bug 16310) Credits page now lists IP addresses rather than saying the number 11770 of anonymous users that edited the page 11771* New permission 'sendemail' added. Default right for all registered users. Can 11772 for example be used to prevent new accounts from sending spam. 11773* (bug 16979) Tracking categories for __INDEX__ and __NOINDEX__ 11774* Two new hooks, ConfirmEmailComplete and InvalidateEmailComplete, which are 11775 called after a user's email has been successfully confirmed or invalidated. 11776* (bug 19741) Moved the XCF files out of the main MediaWiki distribution, for 11777 a smaller subversion checkout. 11778* (bug 13750) First letter capitalization can now be a per-namespace setting 11779* (bug 21073) "User does not exist" message no longer displayed on sub-sub-pages 11780 of existing users 11781* (bug 21095) Tracking categories produced by the parser (expensive parser 11782 function limit exceeded, __NOINDEX__ tracking, etc) can now be disabled by 11783 setting the system message ([[MediaWiki:expensive-parserfunction-category]] 11784 etc) to "-". 11785* Added maintenance script sqlite.php for SQLite-specific maintenance tasks. 11786* Rewrote Special:Upload to allow easier extension. 11787* Upload errors that can be solved by changing the filename now do not require 11788 reuploading. 11789* Added $wgRateLimitsExcludedIPs, to allow specific IPs to be whitelisted from 11790 rate limits. 11791* (bug 21222) When $wgUseTeX is not enabled, <math> is no longer registered with 11792 the parser so extensions are free to implement their own <math> tag 11793* (bug 21047) Wrap 'cannotdelete' into a div with the generic 'error' class and 11794 an own 'mw-error-cannotdelete' class 11795* New hook AbortNewAccountAuto, called before account creation from AuthPlugin- 11796 or ExtUser-driven requests. 11797* (bug 3480) The warning saying that the page has a history when deleting it now 11798 contains the number of revisions in the history 11799* $wgStylePath and $wgLogo are now set in the default LocalSettings.php file. 11800* (bug 20186) Allow filtering history for revision deletion. 11801* New hook OtherBlockLogLink, called in Special:IPBlockList and Special:Block 11802 to show links to block logs of other blocking extensions, i.e. GlobalBlocking 11803* Added search capabilities to SQLite backend 11804* rebuildtextindex.php maintenance script now supports databases other than 11805 MySQL 11806* upgrade1_5.php now requires to be run --update option to prevent confusion 11807* (bug 17662) Customizable default preload/editintro for new sections in the 11808 respective addsection-preload and addsection-editintro messages 11809* Added maintenance script checkSyntax.php that checks for PHP syntax errors 11810 and common coding mistakes 11811* Updated Unicode normalization tables 11812* (bug 21604) Spellcheck attribute for editsummary 11813* New wgCategories JavaScript global variable for userscripts. 11814* (bug 20717) Added checkboxes to hide users with bot and/or sysop group 11815 membership in SpecialActiveusers 11816* Allow \pagecolor and \definecolor in texvc 11817* $wgTexvcBackgroundColor contains background color for texvc call 11818* (bug 21574) Redirects can now have "303 See Other" HTTP status 11819* EditPage refactored to allow extensions to derive new edit modes much easier. 11820* (bug 21826) Subsections of Special:Version now also have anchors 11821* (bug 19791) Add URL of file source as comment to thumbs (for ImageMagick) 11822* (bug 21946) Sorted wikitables do not properly handle minus signs 11823* (bug 18885) Red links for media files do not support shared repositories 11824* Added $wgFixArabicUnicode, to convert deprecated presentation forms in 11825 Arabic text to their modern equivalents, and $wgFixMalayalamUnicode, to 11826 convert ZWJ-based chillu sequences in Malayalam text to their Unicode 5.1 11827 equivalents. 11828* (bug 22051) Returing false in SpecialContributionsBeforeMainOutput hook now 11829 stops normal output 11830* Send new password e-mail in users preference language 11831* LanguageConverter now support nested using of manual convert syntax like 11832 "-{-{}-}-" 11833* Upload license preview now uses the API instead of action=ajax 11834* (bug 7346) Add <guid> to RSS to avoid duplicates 11835* (bug 19996) Added new hooks for Special:Search, which allow to further 11836 restrict/expand it. 11837* (bug 21936) When a revision has been patrolled, there's now a link back to the 11838 article 11839* (bug 22315) SpecialRecentChangesQuery hook now pass $query_options and checks 11840 the return value 11841* Separate unit test suites under t/ and tests/ were merged and moved to 11842 maintenance/tests/. 11843* importImages.php maintenance script can now use the original uploader and 11844comment from another wiki. 11845* Support for Turck MMCache was removed 11846* (bug 14592) Warn users when they try to move their user page that their 11847 account will not be renamed 11848* Show block log on non-existing user (talk) pages of currently blocked users 11849 11850=== Bug fixes in 1.16 === 11851 11852* (bug 18031) Make namespace selector on Special:Export remember the previous 11853 selection 11854* The svn-version version numbers on Special:Version have been removed 11855* (bug 17374) Special:Export no longer exports two copies of the same page 11856* (bug 18190) Proper parsing in MediaWiki:Sharedupload message 11857* (bug 17617) HTML cleanup for ImagePage 11858* (bug 17964) namespaceDupes.php no longer fails on an empty interwiki table 11859* Improved error handling for image moving 11860* (bug 17974) On Special:SpecialPages, restricted special pages are now marked 11861 with <strong> tags, helps with text-based browsers 11862* (bug 18259) Special:DeletedContributions now also uses 11863 MediaWiki:Sp-contributions-logs for the link to Special:Log 11864* Don't add empty title="" attributes to links to anchors on the current page 11865* (bug 18291) rebuildrecentchanges.php failed to add deletion log entries 11866* (bug 18304) rebuildrecentchanges.php got size changes wrong 11867* (bug 18170) Fixed a PHP warning in Parser::preSaveTransform() in PHP 5.3 11868* (bug 18289) Database connection error page now returns correct HTML 11869* "successbox", "errorbox" and related CSS classes are now available in all 11870 skins 11871* (bug 18316) Removed superfluous name="fulltext" from Special:Search 11872* (bug 18331) MediaWiki:Undelete-revision can now have wikitext 11873* The "noautoblock" flag is no longer displayed in the block log when blocking 11874 an IP address 11875* (bug 18009) $wgHooks and $wgExtensionFunctions now support closures 11876* (bug 17948) Maintenance scripts now exit(0) or exit(1) as appropriate 11877* (bug 18377) Time in Enhanced ChangesList lacking localisation 11878* (bug 12998) Allow <sup>, <sub>, etc. in DISPLAYTITLE 11879* (bug 1553) Lowercase navigation headings in German 11880* (bug 7830) Pending transactions failed to commit on loginToUse() error 11881* (bug 11613) session.save_handler being over-ridden 11882* (bug 11381) session.save_handler being set twice (causes error) 11883* (bug 17835) ForeignAPIRepo throwing error on first page load for file 11884* (bug 18115) ForeignAPIRepo cache isn't working 11885* Fixed a bug caused by LanguageConverter.php, which brings an abnormal '}-' 11886 after some parsed math syntax. 11887* (bug 18441) rebuildrecentchanges.inc no longer ignores $wgLogRestrictions 11888* (bug 18317) Bolded selections in 1 | 3 | etc days on RecentChanges now use 11889 <strong> instead of hardcoded styles 11890* (bug 18449) Fixed items number per column on category pages when the total is 11891 divisible by 3 11892* (bug 18121) maintenance/deleteArchivedRevisions.php no longer deletes 11893 revisions when --delete is not passed 11894* (bug 13172) GPS coordinates in image Exif data are now actually displayed 11895* Overhaul of preferences system, includes the following bug fixes: 11896** (bug 5363) Changes to default preferences now impact registered users. 11897** (bug 14806) Hook to enable putting preferences in existing tabs. 11898** (bug 17191) Registration date now listed on preferences page. 11899** The user_properties table (now used for storing preferences) has been added 11900 to $wgSharedTables. 11901** Note that this change will break some extensions which have not been adapted 11902 for it. 11903* (bug 17020) Adding fallback encodings for Traditional and Simplified Chinese 11904 languages while the text is typed as URLs. 11905* (bug 17614) Prev / Next links are not shown if all results are shown 11906* (bug 18207) Strange spacing before [[irc:...]] links 11907* Removed float from the user login form in RTL interface - caused display 11908 problems in FF2 11909* (bug 15008) Redirect images are now subject to Bad image list rules 11910* (bug 6802) profileinfo.php now also work on other database servers than MySQL 11911* (bug 16925) Diffs no longer fail when $wgExternalDiffEngine is set to 11912 'wikidiff' or 'wikidiff2' but extension is not installed 11913* (bug 18326) Chmod errors in file repos have been hidden 11914* (bug 18718) Comma after a } create a error in IE 11915* (bug 18716) Removed redundant class in Modern skin CSS for category links and 11916 tweaked spacing. 11917* (bug 18656) Use proper directory separators in wfMkdirParents() 11918* (bug 18549) Make Special:Blockip respect $wgEnableUserEmail and 11919 $wgSysopEmailBans 11920* (bug 16912) Tooltips on images with link= disappear 11921* (bug 18389) Localise numbers in EXIF data 11922* (bug 18522) Wrap MediaWiki:Protect-cascadeon in a div for identification 11923* (bug 18438) Tweak HTML for preview bar for consistency and accessibility 11924* (bug 18432) Updated documentation for dumpBackup.php 11925* Fix array logic in Sanitizer::removeHTMLtags so that it doesn't strip good 11926 tags that were redundantly defined. 11927* (bug 14118) SpecialPage::getTitleFor does not return a localised name 11928* (bug 18698) Renaming non entry point maintenance scripts from .inc.php to 11929 .inc 11930* Deprecated methods Title::getInterwikiLink, Title::userCanCreate(), 11931 Title::userCanEdit() and Title::userCanMove() have been removed 11932* Only show upload links on file description if $wgEnableUploads = true 11933 and user can upload 11934* Don't say "You need to log in to upload/move", because it's possible that 11935 uploading/moving is disabled for registered users as well (e.g. only sysops) 11936* (bug 18943) Handle invalid titles gracefully at Special:Mostlinked 11937* (bug 8873) Enable variant conversion in text on 'alt' and 'title' attributes 11938* (bug 10837) Introducing the StubUserVariant class to determine the variant 11939 variable instead of using this to overrule the user language preference. 11940* (bug 19014) If user had deletedhistory right, but not undeleted right, then 11941 show "view" instead of "view/restore" on logs. 11942* (bug 19017) TOC level calculation error in an odd case 11943* (bug 18999) CSS update for RTL interwiki links 11944* (bug 18925) history.js removes class names of list elements on initialization 11945* Multiple whitespace in TOC anchors is now stripped, for consistency with the 11946 link from the edit comment 11947* (bug 19112) Preferences now respects $wgUseExternalEditor 11948* (bug 18173) MediaWiki now fails when unable to determine a client IP 11949* (bug 19170) Special:Version should follow the content language direction 11950* (bug 19160) maintenance/purgeOldText.inc is now compatible with PostgreSQL 11951* Fixed performance regression in "bad image list" feature 11952* Show user preference 'Use live preview' if $wgLivePreview is enabled only 11953* (bug 17014) Blocked users can no longer use Special:UserRights unless they 11954 can add/remove *all* groups (have 'userrights' permission). 11955* (bug 19294) Always show Sp-contributions-footer(-anon) 11956* Attempts to restrict reading of pages while anonymous viewing is allowed 11957 via extensions not using the userCan hook and via $wgRevokePermissions now 11958 work. 11959* (bug 8445) Multiple-character search terms are now handled properly for 11960 Chinese 11961* (bug 19450) Use formatNum for "Number of edits" in Special:Preferences 11962* (bug 11242) Check for MySQL storage engines during installation now checks 11963 whether the engines are actually available 11964* (bug 19390) Omit the "printable version" link on the printable version 11965* (bug 18394) img_auth.php now respects userCan 11966* (bug 19509) Uploading to a file named '0' previously treated it as null input 11967 and attempted to upload with the source name. Now warns about not having an 11968 extension (since 0.ext is perfectly valid) 11969* (bug 19468) Enotif preferences are now only displayed when they are turned on 11970* (bug 19442) Show/hide options on watchlist only work once 11971* (bug 19602) PubMed Magic links now use updated NIH url 11972* (bug 19637) externallinks have links to self 11973* Don't load Opera 9.5 RTL fixes for Opera 9.6 11974* Remove five-year-old KHTMLFixes.css, which is unlikely to be relevant anymore 11975 and was causing problems. 11976* Removed repetition of URIs in the title attributes of external links. 11977* (bug 19693) User name is now escaped in "Contributions for ..." link on 11978 Special:BlockIP 11979* (bug 19571) Override buildConcat for SQLite. 11980* Log in and log out links no longer return to page view when clicked from 11981 history view, edit page, or something similar 11982* (bug 19513) RTL fixes for new Search UI 11983* (bug 16497) Special:Allmessages is paginated 11984* (bug 18708) CSS plainlinks class now available to all skins 11985* (bug 19590) Database error messages no longer have "MySQL" hardcoded as the 11986 database type 11987* (bug 19759) successbox on Special:Preferences now correctly aligned on 11988 standard, nostalgia and cologneblue skin 11989* (bug 19814) interwiki links from file links ([[File:Foo.jpg|link=de:Test]]) 11990 are no longer recorded in the pagelinks table 11991* (bug 19784) date option "ISO 8601" produced illegal id 11992* (bug 19761) Removed autogenerated <meta keywords> tag with link data. 11993 Keyword set was not useful, and is ignored by modern search engines anyway. 11994* (bug 19827) Special:SpecialPages title is "Upload file 11995* (bug 19355) Added .xhtml, .xht to upload file extension blacklist 11996* (bug 19287) Workaround for lag on history page in Firefox 3.5 11997* (bug 19564) Updated docs/hooks.txt 11998* (bug 18751) Fix for buggage in profiling setup for some extensions on PHP 5.1 11999* (bug 17139) ts_resortTable inconsistent trimming makes date sorting fragile 12000* (bug 19445) Change oldimage table to use ON UPDATE CASCADE for FK to image 12001 table. 12002* (bug 14080) Short notation links to subpages didn't work in edit summaries 12003* (bug 17374) Special:Export no longer exports multiple copies of pages 12004* (bug 19818) Edits to user CSS/JS subpages can now be marked as patrolled by 12005 users who can't edit them 12006* (bug 19839) Comments in log items are no more double escaped 12007* (bug 18161) Fix inconsistent separators in watchlist link toolbars with 12008 "enhanced recent changes" 12009* (bug 16877) Moving a page over a redirect no longer leaves an orphan entry in 12010 the recentchanges table 12011* (bug 16009) Limit selection forms based on Pager now links to the correct page 12012 when using long urls 12013* The display of the language list on the preferences is more comply with the 12014 BCP 47 standards. 12015* (bug 19849) Custom X-Vary-Options header now disabled unless $wgUseXVO is set 12016* (bug 19301) Duplicate entries in $wgAddGroups, $wgRemoveGroups, 12017 $wgGroupsAddToSelf and $wgGroupsRemoveFromSelf are no more displayed on 12018 Special:ListGroupRights 12019* (bug 18799) Special:Userlogin now handles correctly the returnto parameter 12020 to not link back to Special:Userlogout when user's language isn't the same as 12021 content's language 12022* (bug 19479) Show proper error message when unable to connect to PostgreSQL 12023 database with username/password in MediaWiki's setup 12024* (bugs 18407, 18409) Special:Upload is now listed on Special:Specialpages only 12025 if uploads are enabled and the user can access it 12026* (bug 17988) Spaces before [[Category:]] links are no longer ignored 12027* (bug 19957) All known-failing tests now marked disabled; added --run-disabled 12028 option to parser test suite to run disabled tests if desired. 12029* (bug 16311) Make recent change flags (n/m/b) <abbr>s instead of <span>s 12030* (bug 15680) Split the edit tip message of user CSS/JS subpage into 12031 "usercssyoucanpreview" and "userjsyoucanpreview" respectively. 12032* (bug 12110) Split the rights for editing users' CSS/JS subpage from 12033 "editusercssjs" into "editusercss" and "edituserjs" respectively. 12034* (bug 19394) RecentChanges feed URLs for log items with no revisions 12035 (eg Newuser, Userrights) are no longer broken 12036* (bug 17395) Remote file descriptions use user language ($wgLang), not wiki 12037 language ($wgContLang) 12038* (bug 11867) Lock error on redirect table when running orphans.php 12039* (bug 18930) initStats.php now refreshes active users count 12040* (bug 18699) Using the nosummary URL option no longer triggers the "You have 12041 not provided a summary" warning for those who activated it in their 12042 preferences 12043* (bug 18855) commandLine.inc and Maintenance.php are now properly included 12044 using the full path 12045* (bug 18497) Fixed broken style sheets in Opera fullscreen mode 12046* (bug 16084) Default memory limit has be increased to 50M, see $wgMemoryLimit 12047* (bug 17864/19519) Added proper input normalization in Special:UserRights 12048* (bug 20086) Add Hook to add extra statistics at the end of Special:Statistics 12049* (bug 19289) importDump.php can now handle bzip2 and 7zip 12050* (bug 20131) Fixed a PHP notice for users having the "rollback" right on 12051 Special:RecentChangesLinked 12052* Do not transform EXIF fields with pure text to avoid results like 12053 foo,bar@example,com 12054* (bug 20176) Fix login/logout links in skin CologneBlue 12055* (bug 20203) "Powered by Mediawiki" now has height/width on image tag 12056* (bug 20273) Fix broken output when no pages are found in the content 12057 namespaces 12058* (bug 20265) Make AncientPages and UnusedFiles work on SQLite 12059* Fixed XSS vulnerability for Internet Explorer clients (only pre-release 12060 versions of MediaWiki were affected). 12061* (bug 14817) Moving a page to a subpage of itself moves it twice 12062* (bug 20289) $wgMaximumMovedPages should only count pages actually moved 12063* (bug 15248) Non-breaking spaces and certain other Unicode space characters 12064 are now normalized to ordinary spaces in titles; if your wiki has existing 12065 titles with such characters, run cleanupTitles.php and/or cleanupImages.php 12066* (bug 11143) Links containing invalid UTF-8 percent-code sequences are now 12067 cleanly disabled instead of breaking parsing entirely on PHP 5.2. 12068* (bug 20296) Fixed an PHP warning in Language::getMagic() in PHP 5.3 12069* (bug 20358) Unprotect tab was missing accesskey; now same as protect tab. 12070* (bug 20317) Cleaned up default main page link accesskey settings 12071* (bug 20362) Special:Statistics now produces valid HTML when view counters are 12072 enabled 12073* (bug 19857) maintenance/deleteRevision.php on last revision no longer breaks 12074 target page 12075* (bug 20365) Page name with c/g/h/j/s/u + x are now correctly handled in 12076 Special:MovePage with Esperanto as content language 12077* (bug 20364) Fixed regression in GIF metadata loading 12078* (bug 20299) MediaWiki:Move-subpages and MediaWiki:Move-talk-subpages can now 12079 use wikitext 12080* (bug 15475) DatabaseBase::setFlag(), DatabaseBase::clearFlag() and 12081 DatabaseBase::getFlag() now have documentation 12082* (bug 19966) MediaWiki:License-header is now used for the licensing header in 12083 the file description page instead of MediaWiki:License 12084* (bug 20380) Links to history/deleted edits at the top of 12085 Special:RevisionDelete are no more displayed when doing log suppression 12086* (bug 8143) Localised parser function names are now correctly case insensitive 12087 if they contain non-ASCII characters 12088* (bug 19055) maintenance/rebuildrecentchanges.php now purges 12089 Special:Recentchanges's RSS and Atom feed cache 12090* The installer will now try to bypass PHP's max_execution_time 12091* (bug 20260) SQLite no longer tries to automatically create the database at 12092 execution time, this now happens only at install time; if it is not available 12093 at script execution, it now throws an exception 12094* Fixed EditFilterMerged hook so the hookError parameter serves a purpose 12095 (analogous to EditFilter hook) 12096* (bug 2257) Tag extensions can expand template parameters provided to the tag, 12097 by using a new parameter added to the recursiveTagParse function 12098* (bug 14900) __INDEX__ and __NOINDEX__ no longer override site config set in 12099 $wgArticleRobotPolicies. 12100* (bug 20466) Hidden categories are no more displayed when printing 12101* (bug 20446) When changing user rights with User@remotewiki and remotewiki is 12102 the local wiki, the user is now treated as the local user 12103* (bug 20494) OutputPage::getArticleBodyOnly() no longer requires an useless 12104 argument 12105* (bug 20136) Protection form JavaScript now synchronizes the expiry boxes on 12106 any change, in addition to onkeyup. 12107* Don't link to "edit this page" on MediaWiki:Noarticletext if user is not 12108 allowed to create page. Done via new message 12109 MediaWiki:Noarticletext-nopermission 12110* Improved compatibility between the Vector skin and addPortletLink() from 12111 wikibits.js: empty portlets are now present but hidden, adding an element to a 12112 portlet unhides it 12113* (bug 19531) addPortletLink() now wraps inserted labels in a <span> element to 12114 be compatible with the CSS for the Vector skin 12115* (bug 20578) Wrong localized image metadata - duplicated string? 12116* (bug 20556) Stub threshold's "other" <input> in Special:Preferences now has a 12117 correct type="text" parameter 12118* (bug 482) Don't include TOC in the printable version if it has been hidden 12119* Adjust the time according to the user configuration on Special:Revisiondelete 12120* (bug 20624) Installation no longer allows "qqq" as the chosen language 12121* (bug 20634) The installer-created database user will now have all rights on 12122 the database so that upgrades will go more smoothly. 12123* (bug 18180) Special:Export ignores limit, dir, offset parameters 12124* User::getBlockedStatus() works for all kinds of user objects and doesn't 12125 assume the user object is equal to the current-user object ($wgUser) 12126* (bug 20517) Cancel link from edit page now returns to the old version when 12127 editing an old version 12128* (bug 16902) Installer no longer shows warnings when exec() has been disabled 12129 by disable_functions 12130* (bug 20726) Title::getLatestRevID's documentation now says that the function 12131 returns false if the page doesn't exist 12132* (bug 20751) ForeignApiRepo now urldecodes filenames when saving to local cache 12133* (bug 20730) Fix to Special:Version ViewVC link for branch checkouts 12134* (bug 20353) wfShellExec() was adding extra quotes on Windows Vista, causing 12135 command line scripts to fail 12136* (bug 20702) Parser functions can now be used correctly in 12137 MediaWiki:Missing-article 12138* (bug 14117) "redirected from" is now also shown on foreign file redirects 12139* (bug 17747) Only display thumbnail column in file history if the image can 12140 be rendered. 12141* (bug 3421) Live preview no longer breaks user CSS/JS previews 12142* (bug 11264) The file logo on a file description page for documents (PDF, ...) 12143 now links to the file rather than the file description page 12144* Password fields built with HTMLForm now still have the type="password" 12145 attribute if $wgHtml5=false. 12146* (bug 20836) Preload now works for MediaWiki namespace 12147* (bug 20885) Search box no longer suggests unavailable special pages 12148* (bug 20948) "Create this page" on Special:Search is no longer displayed when 12149 searching for special pages 12150* (bug 20524) Hideuser: Show nice error when trying to block hidden user without 12151 hideuser right 12152* (bug 21026) Fixed file redirects on shared repos on non-English client wikis 12153* (bug 21030) Fixed schema choices from being overwritten by defining unique 12154 field names per driver. 12155* (bug 21115) wgCanonicalSpecialPageName javascript variable is now always 12156 false on non-special pages 12157* (bug 21113) "Other statistics" header on Special:Statistics is no more 12158 displayed when there isn't any entry in it 12159* (bug 21114) Special:Contributions no longer shows diff links for new 12160 revisions 12161* (bug 21116) MediaWiki:Templatesused, MediaWiki:Templatesusedpreview and 12162 MediaWiki:Templatesusedsection now support plural 12163* (bug 21079) There is no more line wrapping between label and field in 12164 Special:Log 12165* (bug 20256) Fixed SQL errors on Special:Recentchanges and 12166 Special:Recentchangeslinked on SQLite backend 12167* (bug 20880) Fixed updater failure on SQLite backend 12168* (bug 21182) Fixed invalid HTML in Special:Listgrouprights 12169* (bug 20242) Installer no longer promts for user credentials for SQLite 12170 databases 12171* (bug 20911) Installer failed to create a SQLite database 12172* (bug 20847) Deprecated deprecated akeytt() removed in wikibits.js leaving 12173 dummy 12174* (bug 21161) Changing $wgCacheEpoch now always invalidates file cache 12175* (bug 20268) Fixed row count estimation on SQLite backend 12176* (bug 20275) Fixed LIKE queries on SQLite backend 12177* (bug 21234) Moving subpages of titles containing \\ now works properly 12178* (bug 21006) maintenance/updateArticleCount.php now works again on PostgreSQL 12179* (bug 19319) Add activeusers-intro message at top of SpecialActiveUsers page 12180* (bug 21255) Fixed hostname construction for DNSBL checking 12181* (bug 18019) Users are now warned when moving a file to a name in use on a 12182 shared repository and only users with the 'reupload-shared' permission can 12183 complete the move. 12184* (bug 18909) Add missing Postgres INSERT SELECT wrapper 12185* User::isValidPassword now only returns boolean results, 12186 User::getPasswordValidity can be used to get an error message string 12187* The error message shown in Special:ChangePassword now parses wiki markup 12188* (bug 19859) Removed experimental HTMLDiff feature 12189* Removed section edit links in edit conflict form 12190* Allow SpecialActiveusers to work on non-MySQL databases 12191* (bug 6579) Fixed protecting images from uploading only 12192* (bug 18609) Search index was empty for some pages 12193* (bug 13453) rebuildrecentchanges maintenance script works on PG again 12194* (bug 16583) Reduce false positives when checking for PHP (on upload, etc.) 12195* (bug 20112) Bitrotted tests in the t/ directory were failing. 12196* (bug 21470) MediaWiki:Sp-contributions-explain is now wrapped in a <p> with 12197 id "mw-sp-contributions-explain" 12198* (bug 19159) Fixed \overleftrightarrow in texvc 12199* (bug 19391) Fix caching for Recent ChangesFeed. 12200* (bug 21455) Fixed "Watch this page" checkbox appearing on some special pages 12201 even to non-logged in users 12202* (bug 21551) Rewrote the Squid purge HTTP client to provide a more robust and 12203 general implementation of HTTP, allowing it to purge non-Squid caches such as 12204 Varnish. 12205* Fixed corruption of long UDP debug log messages by using socket_sendto() 12206 instead of fsockopen() with fwrite(). 12207* (bug 16884) Fixed feed links in sidebar not complying with URL parameters 12208 of the displayed page 12209* (bug 21403) memcached class renamed to MWMemecached to avoid conflict with 12210 PHP's memcached extension 12211* (bug 21650) Both calls to SkinTemplateTabs hook are now compatible 12212* (bug 21672) Add missing Accept-Language to both Vary and XVO headers 12213* (bug 21679) "Edit block reasons" link at the bottom of Special:Blockip is now 12214 only displayed to the users that have "editinterface" right 12215* (bug 21740) Attempting to protect a page that doesn't exist (salting) returns 12216 "unknown error" 12217* (bug 18762) both redirects and links get fixed one after another if 12218 redirects-only switch is not present 12219* (bug 20159) thumbnails rerendered if older than $wgThumbnailEpoch 12220* Fixed a bug which in some situations causes the job queue to grow forever, 12221 due to an infinite loop of job requeues. 12222* (bug 21523) File that can have multiple pages (djvu, pdf, ...) no longer have 12223 the page selector when they have only one page 12224* (bug 21559) "logempty" message is now wrapped in a div with class 12225 "mw-warning-logempty" when used in log extract 12226* (bug 20549) Parser tests were broken on SQLite backend 12227* (bug 21776) Interwiki urls like http://en.wikibooks.org/wiki/cs: should give 12228 a redirect instead of a baderror. 12229* (bug 21803) Special:MyContributions now keeps the query string parameters 12230* Redirecting special pages now keep query string parameters set to "0" (e.g. 12231 for namespace) 12232* (bug 20765) Special:ListGroupRights no longer misses addables and removables 12233 groups if there are duplicate entries 12234* (bug 21814) Message shown when rolling back an edit with a deleted username 12235 now shows '(username deleted)' instead of broken user tool links 12236* (bug 21536) Fixed JavaScript error on Special:Search caused by an incorrect ID 12237* (bug 21535) RecentChanges RSS feed now always recognises the namespace filter, 12238 previously it sometimes didn't due to caching. 12239* (bug 20388) ProfilerSimpleText no longer outputs comment on action=raw 12240* refreshLinks.php now purges orphaned redirect table rows 12241* (bug 2971) Swap links of hist & diff location on Special:Contributions for 12242 consistency with RC/WL 12243* (bug 21986) Special page names are now capitalized by content language 12244* If two log types have the same description, they're now both displayed in the 12245 type selector on Special:Log 12246* (bug 20115) Special:Userlogin title says "Log in / create account" even if the 12247 user can't create an account 12248* (bug 2658) Don't attempt to set the TZ environment variable. 12249* (bug 9794) User rights log entries for foreign user now links to the foreign 12250 user's page if possible 12251* (bug 14717) Don't load nonexistent CSS fix files for non-Monobook skins 12252* (bug 22034) Use wfClientAcceptsGzip() in wfGzipHandler instead of 12253 reimplementing it. 12254* (bug 19226) First line renders differently on many UI messages. 12255* (bug 21303) Comments are no longer stripped from MediaWiki:Common.js and 12256 skin-specific JS pages 12257* (bug 5061) Use the more precise thumbcaption thumbimage and thumbinner classes 12258 for image divs. 12259* (bug 22096) IE50Fixes.css and IE55Fixes.css have been dropped from the 12260 Monobook and Chick skins 12261* Fixed bug involving unclosed "-{" markup in the language converter 12262* (bug 21870) No longer include Google logo from an external server on wiki 12263 error. 12264* (bug 22181) Do not truncate if the ellipsis actually make the string longer 12265* (bug 16039) Text disappearing after a bad image 12266* (bug 18784) Internal links like [[File:Foo|caption]] should read 'caption', 12267 not 'File:Foo' when Foo is not an image 12268* (bug 21518) Special:UserRights no longer displays the user name box for users 12269 that can only change their rights 12270* (bug 21593) Special:UserRights now lists automatic groups membership 12271* (bug 22364) Setting $wgUseExternalEditor to false no longer hides the reupload 12272 link from file pages 12273* Fix bug introduced in MediaWiki 1.12: The author field in 12274 $wgExtensionCredits is no longer sorted with sort() but rather used 12275 as it appears in extensions as was the case before r30117 where it 12276 was unintentionally sorted along with other fields. 12277* (bug 19334) Textarea no longer jumps when editing longer articles in IE8 12278* Truncate summary of page moves in revision comment field to avoid broken 12279 multibyte characters 12280* (bug 22540) ForeignApiRepos no longer try to store thumbnails that don't exist 12281* (bug 22551) Special:Resetpass now has a "Cancel" button that sends the user to 12282 the page set in the &returnto parameter. 12283* (bug 19194) Search box in Modern skin doesn't focus with Safari/Chrome 12284* (bug 17790) Users instantly logged off on HughesNet 12285* (bug 21549) Make foreign key constraints DEFERRABLE INITIALLY DEFERRED 12286 when using Postgres as the database backend. 12287 12288== API changes in 1.16 == 12289 12290* Added uiprop=changeablegroups to meta=userinfo 12291* Added usprop=gender to list=users 12292* (bug 18311) action=purge now works for images too 12293* Add parentid to prop=revisions output 12294* (bug 17832) action=delete returns 'unknownerror' instead of 'permissiondenied' 12295 when the user is blocked 12296* (bug 18546) Added timestamp of new revision to action=edit output 12297* (bug 18554) Also list hidden revisions in list=usercontribs for privileged 12298 users 12299* (bug 13049) "API must be accessed from the primary script entry point" error 12300* (bug 16422) Don't display help for format=jsonfm unless specifically requested 12301* Added PHP and database version to meta=siteinfo output 12302* (bug 18533) Add readonly message to meta=siteinfo output 12303* (bug 18518) Add clprop=hidden to prop=categories 12304* (bug 18710) Fixed internal error with empty parameter in action=paraminfo 12305* (bug 18709) Missing descriptions for some parameters in action=paraminfo 12306 output 12307* (bug 18731) Show correct SVN links for extension modules in api.php?version 12308* (bug 18730) Add version information to action=paraminfo output 12309* (bug 18743) Add ucprop=size to list=usercontribs 12310* (bug 18749) Add generator flag to action=paraminfo output 12311* Make action=block respect $wgEnableUserEmail and $wgSysopEmailBans 12312* Made deleting file description pages without files possible 12313* (bug 18773) Add content flag to siprop=namespaces output 12314* (bug 18785) Add siprop=languages to meta=siteinfo 12315* (bug 14200) Added user and excludeuser parameters to list=watchlist and 12316 list=recentchanges 12317* Added index, fromtitle and byteoffset fields to action=parse&prop=sections 12318 output 12319* (bug 19313) action=rollback returns wrong revid on master/slave setups 12320* (bug 19323) action=parse doesn't return section tree on pages with Cite 12321 warnings 12322* (bug 18720) Add anchor field to action=parse&prop=sections output 12323* (bug 19423) The initial file description page used caption in user lang 12324 rather than UI lang 12325* (bug 17809) Add number of users in user groups to meta=siteinfo 12326* (bug 18533) Add readonly reason to readonly exception 12327* (bug 19528) Added XSLT parameter to API queries in format=xml 12328* (bug 19040) Fix prependtext and appendtext in combination with section 12329 parameter in action=edit 12330* (bug 19090) Added watchlist parameter, deprecated watch and unwatch 12331 parameter in action=edit 12332* Added fields to list=search output: size, wordcount, timestamp, snippet 12333* Where supported by backend, list=search adds a 'searchinfo' element with 12334 optional info: 'totalhits' count and 'suggestion' alternate query term 12335* (bug 19907) $wgCrossSiteAJAXdomains added to allow specified (or all) 12336 external domains to access api.php via AJAX, if the browser supports the 12337 Access-Control-Allow-Origin HTTP header 12338* (bug 19999) Made metadata and properties of search results optional. Added 12339 srprop and srinfo. 12340* (bug 20700) Add amprop=default to meta=allmessages to list default value for 12341 customized messages 12342* Don't parse magic words in meta=allmessages, output messages unparsed 12343* (bug 21105) list=usercontribs can now list contribs for User:0 12344* (bug 21085) list=deletedrevs no longer returns only one revision when 12345 drcontinue param is passed 12346* (bug 21106) Deprecated parameters now tagged in action=paraminfo 12347* (bug 19004) Added support for tags 12348* (bug 21083) list=allusers no longer returns current timestamp for users 12349 without registration date 12350* (bug 20967) action=edit allows creation of invalid titles 12351* (bug 19523) Add inprop=watched to prop=info 12352* (bug 21589) API: Separate summary and initial page text for uploads 12353* (bug 21817) list=usercontribs returns empty result for empty ucuser 12354* (bug 21441) meta=userinfo&uiprop=options no longer returns default options 12355 for logged-in users under certain circumstances 12356* (bug 21945) Add chomp control in YAML 12357* Expand the thumburl to an absolute url to make it consistent with url and 12358 descriptionurl 12359* (bug 20233) ApiLogin::execute() doesn't handle LoginForm :: RESET_PASS 12360* (bug 22061) API: add prop=headitems to action=parse 12361* (bug 22240) API: include time in siteinfo 12362* (bug 22241) Quick edit is still using the deprecated watch parameter (API: 12363 Setting default for watch/unwatch wrongly set) 12364* (bug 22245) blfilterredirect=nonredirects in blredirect mode wrongly filtering 12365* (bug 22248) Output extension URLs in meta=siteinfo&siprop=extensions 12366* Support key-params arrays in 'descriptionmsg' in 12367 meta=siteinfo&siprop=extensions 12368* (bug 21922) YAML output should quote asterisk when used as key 12369* (bug 22297) safesubst: to allow substitution without breaking transclusion 12370* (bug 18758) API read of watchlist's wl_notificationtimestamp 12371* (bug 20809) Expose EditFormPreloadText via the API 12372* (bug 18427) Comment (edit summary) parser option for API 12373* (bug 18608) API should provide list of CSS styles to apply to rendered output 12374* (bug 18771) List possible errors in action=paraminfo 12375 12376=== Languages updated in 1.16 === 12377 12378MediaWiki supports over 300 languages. Many localisations are updated 12379regularly. Below only new and removed languages are listed, as well as 12380changes to languages because of Bugzilla reports. 12381 12382* Capiznon (cps) (new) 12383* North Frisian (frr) (new) 12384* Kirmanjki (kiu) (new) 12385* Komi-Permyak (koi) (new) 12386* Karachay-Balkar (krc) (new) 12387* Hill Mari (mrj) (new) 12388* Prussian (prg) (new) 12389* Romagnol (rgn) (new) 12390* Lower Silesian (sli) (new) 12391* Picard (pcd) (new) 12392* Uyghur (Arabic script) (ug-arab) (new) 12393* Upper Franconian (vmf) (new) 12394* Votic (vot) (new) 12395* Eastern Yiddish (ydd) (removed) 12396* Iriga Bicolano (bto) (removed) 12397* Ladin (lld) (removed) 12398* Laz (lzz) (removed) 12399* Palembang (plm) (removed) 12400* Megleno-Romanian (Greek script) (ruq-grek) (removed) 12401* Tamazight (tzm) (removed) 12402* Laz (lzz) (new) 12403 12404* (bug 18474) Sorani (ckb - Central Kurdish) (renamed from ku-arab) 12405* Add PLURAL function for Scots Gaelic (gd) 12406* Add Estonian letters äöõšüž to linktrail (et) 12407* (bug 18776) Native name of Burmese language (my) 12408* (bug 18806) Use correct unicode characters in spelling of native Chuvash 12409 (Чӑвашла) 12410* (bug 18864) Updated autonym for Zhuang language 12411* (bug 18308) Updated date formatting in Occitan (oc) 12412* (bug 19080) Added ăâîşţșțĂÂÎŞŢȘȚ to Romanion (ro) linktrail 12413* (bug 19286) Correct commafying function in Polish (pl) 12414* (bug 19441) Updated date formatting for Lithuanian 12415* (bug 19630) Added ÄäÇçĞğŇňÖöŞşÜüÝýŽž to Turkmen (tk) linktrail 12416* (bug 19949) New linktrail for Greek (el) 12417* (bug 19809) Korean (North Korea) (ko-kp) (new) 12418* (bug 19968) Fixed "Project talk" namespace name for Maltese (mt) 12419* (bug 21168) Added áâãàéêçíóôõúü to Portuguese (pt) linktrail 12420* (bug 21596) Change interwiki link for Kurdish (ku) 12421* (bug 23767) PHP warning/error when REQUEST_URI returns blank (IIS issue). 12422 12423== MediaWiki 1.15 == 12424 12425== MediaWiki 1.15.5 == 12426=== Changes since 1.15.4 === 12427 12428* (bug 24565) Fixed Cache-Control headers sent from API modules, to protect 12429 user privacy in the case where an attacker can access the wiki through the 12430 same HTTP proxy as a logged-in user. 12431* Fixed a minor cookie header parsing issue causing incorrect Cache-Control 12432 headers to be sent. 12433* Fixed an XSS vulnerability in profileinfo.php for installations with 12434 $wgEnableProfileInfo = true (false by default) 12435* For backwards compatibility with extensions from 1.14.x or before, restored 12436 the original function ApiMain::requestWriteMode(). 12437* In API login "need token" responses, added the cookieprefix and sessionid 12438 fields, as in MediaWiki 1.16.x. This is an improvement to the CSRF fix 12439 introduced in 1.15.3. 12440 12441== MediaWiki 1.15.4 == 12442=== Changes since 1.15.3 === 12443 12444* (bug 23534) Fixed SQL query error in API list=allusers. 12445* (bug 23371) Fixed CSRF vulnerability in "e-mail me my password", "create 12446 account" and "create by e-mail" features of [[Special:Userlogin]] 12447* (bug 23687) Fixed XSS vulnerability affecting IE clients only, due to a CSS 12448 validation issue. 12449 12450== MediaWiki 1.15.3 == 12451=== Changes since 1.15.2 === 12452 12453* (bug 22828) Fixed deletion on SQLite. 12454* (bug 23076) Fixed login CSRF vulnerability. Logins now require a token to 12455 be submitted along with the user name and password. 12456 12457== MediaWiki 1.15.2 == 12458=== Changes since 1.15.1 === 12459 12460* The installer now includes a check for a data corruption issue with certain 12461 versions of libxml2 2.7 and PHP earlier than 5.2.9, and also for a PHP bug 12462 present in the official release of PHP 5.3.1. 12463* (bug 20239) MediaWiki:Imagemaxsize does not contain anymore a <br /> tag which 12464 was displayed to the user 12465* (bug 21150) SQLite no longer raise an error when deleting files 12466* (bug 20880) Fixed updater failure on SQLite backend 12467* upgrade1_5.php now requires to be run --update option to prevent confusion 12468* Fixed a CSS validation issue which allowed external images to be included 12469 into wikis where that is disallowed by configuration. 12470* Fixed a data leakage vulnerability for private wikis using img_auth.php or 12471 similar image access authentication schemes. Check user permissions before 12472 streaming out scaled images from thumb.php. 12473 12474== MediaWiki 1.15.1 == 12475=== Changes since 1.15.0 === 12476* Fixed fatal errors for unusual file repository configurations, such as 12477 ForeignAPIRepo. 12478* Fixed the "change password" link on Special:Preferences to have the correct 12479 returnto parameter. 12480* (bug 19693) Fixed cross-site scripting vulnerability in Special:Block 12481 12482== MediaWiki 1.15.0 == 12483=== Changes since 1.15.0rc1 === 12484 12485* Removed category redirect feature, implementation was incomplete. 12486* (bug 18846) Remove update_password_format(), unnecessary, destroys all 12487 passwords if a wiki with $wgPasswordSalt=false is upgraded with the web 12488 installer. 12489* (bug 19127) Documentation warning for PostgreSQL users who run update.php: 12490 use the same user in AdminSettings.php as in LocalSettings.php. 12491* Fixed possible web invocation of some maintenance scripts, due to the use of 12492 include() instead of require(). A full exploit would require a very strange 12493 web server configuration. 12494* Localisation updates. 12495 12496=== Configuration changes in 1.15 === 12497 12498* Added $wgNewPasswordExpiry, to specify an expiry time (in seconds) to 12499 temporary passwords 12500* Added $wgUseTwoButtonsSearchForm to choose the Search form behavior/look 12501* Added $wgNoFollowDomainExceptions to allow exempting particular domain names 12502 from rel="nofollow" on external links 12503* (bug 12970) Brought back $wgUseImageResize. 12504* Added $wgRedirectOnLogin to allow specifying a specific page to redirect users 12505 to upon logging in (ex: "Main Page") 12506* Add $wgExportFromNamespaces for enabling/disabling the "export all from 12507 namespace" option (disabled by default) 12508 12509=== New features in 1.15 === 12510 12511* (bug 2242) Add an expiry time to temporary passwords 12512* (bug 9947) Add PROTECTIONLEVEL parser function to return the protection level 12513 for the current page for a given action 12514* (bug 17002) Add &minor= and &summary= as parameters in the url when editing, 12515 to automatically add a summary or a minor edit. 12516* (bug 16852) padleft and padright now accept multiletter pad characters 12517* When using 'UserCreateForm' hook to add new checkboxes into 12518 Special:UserLogin/signup, the messages can now contain HTML to allow 12519 hyperlinking to the site's Terms of Service page, for example 12520* Add new hook 'UserLoadFromDatabase' that is called while loading a user 12521 from the database. 12522* (bug 17045) Options on the block form are prefilled with the options of the 12523 existing block when modifying an existing block. 12524* (bug 17055) "(show/hide)" links to Special:RevisionDelete now use a CSS class 12525 rather than hardcoded HTML tags 12526* Added new hook 'WantedPages::getSQL' into SpecialWantedpages.php to allow 12527 extensions to alter the SQL query which is used to get the list of wanted 12528 pages 12529* (bugs 16957/16969) Add show/hide to preferences for RC patrol options on 12530 specialpages 12531* (bug 11443) Auto-noindex user/user talk pages for blocked user 12532* (bug 11644) Add $wgMaxRedirects variable to control how many redirects are 12533 recursed through until the "destination" page is reached. 12534* Add $wgInvalidRedirectTargets variable to prevent redirects to certain 12535 special pages. 12536* Use HTML5 rel attributes for some links, where appropriate 12537* Added optional alternative Search form look - Go button & Advanced search 12538 link instead of Go button & Search button 12539* (bug 2314) Add links to user custom CSS and JS to Special:Preferences 12540* More helpful error message on raw page access if PHP_SELF isn't set 12541* (bug 13040) Gender switch in user preferences 12542* (bug 13040) {{GENDER:}} magic word for interface messages 12543* (bug 3301) Optionally sort user list according to account creation time 12544* Remote description pages for foreign file repos are now fetched in the 12545 content language. 12546* (bug 17180) If $wgUseFileCache is enabled, $wgShowIPinHeader is automatically 12547 set to false. 12548* (bug 16604) Mark non-patrolled edits in feeds with "!" 12549* (bug 16604) Show title/rev in IRC for patrol log 12550* (bug 16854) Whether a page is being parsed as a preview or section preview 12551 can now be determined and set with ParserOptions. 12552* Wrap message 'confirmemail_pending' into a div with CSS classes "error" and 12553 "mw-confirmemail-pending" 12554* (bug 8249) The magic words for namespaces and pagenames can now be used as 12555 parser functions to return the desired namespace or normalized title/title 12556 part for a given title. 12557* (bug 17110) Styled #mw-data-after-content in cologneblue.css to match the 12558 rest of the font 12559* (bug 7556) Time zone names in signatures lack i18n 12560* (bug 3311) Automatic category redirects 12561* (bug 17236) Suppress 'watch user page link' for IP range blocks 12562* Wrap message 'searchresulttext' (Special:Search) into a div with 12563 class "mw-searchresult" 12564* (bug 15283) Interwiki imports can now fetch included templates 12565* Treat svn:// URLs as external links by default 12566* New function to convert namespace text for display (only applies on wiki with 12567 LanguageConverter class) 12568* (bug 17379) Contributions-title is now parsed for magic words. 12569* Preprocessor output now cached in memcached. 12570* (bug 14468) Lines in classic RecentChanges and Watchlist have classes 12571 "mw-line-odd" and "mw-line-even" to make styling using css possible. 12572* (bug 17311) Add a note beside the gender selection menu to tell users that 12573 this information will be public 12574* Localize time zone regions in Special:Preferences 12575* Add NUMBEROFACTIVEUSERS magic word, which is like NUMBEROFUSERS, but uses 12576 the active users data from site_stats. 12577* Add a <link rel="canonical"> tag on redirected page views 12578* Replace hardcoded '...' as indication of a truncation with the 12579 'ellipsis' message 12580* Wrap warning message 'editinginterface' into a div with class 12581 'mw-editinginterface' 12582* (bug 17497) Oasis opendocument added to mime.types 12583* Remove the link to Special:FileDuplicateSearch from the "file history" section 12584 of image description pages as the list of duplicated files is shown in the 12585 next section anyway. 12586* Added $wgRateLimitsExcludedIPs, to allow specific IPs to be whitelisted from 12587 rate limits. 12588* (bug 14981) Shared repositories can now have display names, located at 12589 Mediawiki:Shared-repo-name-REPONAME, where REPONAME is the name in 12590 $wgForeignFileRepos 12591* Special:ListUsers: Sort list of usergroups by alphabet 12592* (bug 16762) Special:Movepage now shows a list of subpages when possible 12593* (bug 17585) Hide legend on Special:Specialpages from non-privileged users 12594* Added $wgUseTagFilter to control enabling of filter-by-change-tag 12595* (bug 17291) MediaWiki:Nocontribs now has an optional $1 parameter for the 12596 username 12597* Wrap special page summary message '$specialPageName-summary' into a div 12598 with class 'mw-specialpage-summary' 12599* $wgSummarySpamRegex added to handle edit summary spam. This is used *instead* 12600 of $wgSpamRegex for edit summary checks. Text checks still use $wgSpamRegex. 12601* New function to convert content text to specified language (only applies on 12602 wiki with LanguageConverter class) 12603* (bug 17844) Redirect users to a specific page when they log in, see 12604 $wgRedirectOnLogin 12605* Added a link to Special:UserRights on Special:Contributions for privileged 12606 users 12607* (bug 10336) Added new magic word {{REVISIONUSER}}, which displays the editor 12608 of the displayed revision 12609* LinkerMakeExternalLink now has an $attribs parameter for link attributes and 12610 a $linkType parameter for the type of external link being made 12611* (bug 17785) Dynamic dates surrounded with a <span> tag, fixing sortable tables 12612 with dynamic dates. 12613* (bug 4582) Provide preference-based autoformatting of unlinked dates with the 12614 dateformat parser function. 12615* (bug 17886) Special:Export now allows you to export a whole namespace (limited 12616 to 5000 pages) 12617* (bug 17714) Limited TIFF upload support now built in if 'tif' extension is 12618 enabled. Image width and height are now recognized, and when using 12619 ImageMagick, optional flattening to PNG or JPEG for inline display can be 12620 enabled by setting $wgTiffThumbnailType 12621* Renamed two input IDs on Special:Log from 'page' and 'user' to 'mw-log-page' 12622 and 'mw-log-user', respectively 12623* Added $wgInvalidUsernameCharacters to disallow certain characters in 12624 usernames during registration (such as "@") 12625* Added $wgUserrightsInterwikiDelimiter to allow changing the delimiter 12626 used in Special:UserRights to denote the user should be searched for 12627 on a different database 12628* Add a class if 'missingsummary' is triggered to allow styling of the summary 12629 line 12630* Title attributes are now always blank on framed and thumbnailed images, and 12631 default to blank on inline images instead of defaulting to the image's 12632 filename. Additionally, the alt attribute now defaults to the filename on 12633 framed and thumbnailed images if no caption or alt attribute is specified. 12634 12635=== Bug fixes in 1.15 === 12636* (bug 16968) Special:Upload no longer throws useless warnings. 12637* (bug 17000) Special:RevisionDelete now checks if the database is locked 12638 before trying to delete the edit. 12639* (bug 16852) padleft and padright now handle multibyte characters correctly 12640* (bug 17010) maintenance/namespaceDupes.php now add the suffix recursively if 12641 the destination page exists 12642* (bug 17035) Special:Upload now fails gracefully if PHP's file_uploads has 12643 been disabled 12644* Fixing the caching issue by using -{T|xxx}- syntax (only applies on wiki with 12645 LanguageConverter class) 12646* Improving the efficiency by using -{A|xxx}- syntax (only applies on wiki with 12647 LanguageConverter class) 12648* (bug 17054) Added more descriptive errors in Special:RevisionDelete 12649* (bug 11527) Diff on page with one revision shows "Next" link to same diff 12650* (bug 8065) Fix summary forcing for new pages 12651* (bug 10569) redirects to Special:Mypage and Special:Mytalk are no longer 12652 allowed by default. Change $wgInvalidRedirectTargets to re-enable. 12653* (bug 3043) Feed links of given page are now preceded by standard feed icon 12654* (bug 17150) escapeLike now escapes literal \ properly 12655* Inconsistent use of sysop, admin, administrator in system messages changed 12656 to 'administrator' 12657* (bug 14423) Check block flag validity for block logging 12658* DB transaction and slave-lag avoidance tweaks for Email Notifications 12659* (bug 17104) Removed [Mark as patrolled] link for already patrolled revisions 12660* (bug 17106) Added 'redirect=no' and 'mw-redirect' class to redirects at 12661 "user contributions" 12662* Rollback links on new pages removed from "user contributions" 12663* (bug 15811) Re-upload form tweaks: license fields removed, destination locked, 12664 comment label uses better message 12665* Whole HTML validation ($wgValidateAllHtml) now works with external tidy 12666* Parser tests no longer fail when $wgExternalLinkTarget is set in 12667 LocalSettings 12668* (bug 15391) catch DBQueryErrors on external storage insertion. This avoids 12669 error messages on save were the edit in fact is saved. 12670* (bug 17184) Remove duplicate "z" accesskey in MonoBook 12671* Parser tests no longer fail when $wgAlwaysUseTidy is set in LocalSettings.php 12672* Removed redundant dupe warnings on reupload for the same title. Dupe warnings 12673 for identical files at different titles are still given. 12674* Add 'change tagging' facility, where changes can be tagged internally with 12675 certain designations, which are displayed on various summaries of changes, 12676 and the entries can be styled with CSS. 12677* (bug 17207) Fix regression breaking category page display on PHP 5.1 12678* Categoryfinder utility class no longer fails on invalid input or gives wrong 12679 results for category names that include pseudo-namespaces 12680* (bug 17252) Galician numbering format 12681* (bug 17146) Fix for UTF-8 and short word search for some possible MySQL 12682 configs 12683* (bug 7480) Internationalize database error message 12684* (bug 16555) Number of links to mediawiki.org scaled back on post-installation 12685* (bug 14938) Removing a section no longer leaves excess whitespace 12686* (bug 17304) Fixed fatal error when thumbnails couldn't be generated for file 12687 history 12688* (bug 17283) Remove double URL escaping in show/hide links for log entries 12689 and RevisionDeleteForm::__construct 12690* (bug 17105) Numeric table sorting broken 12691* (bug 17231) Transcluding special pages on wikis using language conversion no 12692 longer affects the page title 12693* (bug 6702) Default system messages updated/improved 12694* (bug 17190) User ID on preference page no longer has delimeters 12695* (bug 17341) "Powered by MediaWiki" should be on the left on RTL wikis 12696* (bug 17404) "userrights-interwiki" right was missing in User::$mCoreRights 12697* (bug 7509) Separation strings should be configurable 12698* (bug 17420) Send the correct content type from action=raw when the HTML file 12699 cache is enabled. 12700* (bug 12746) Do not allow new password e-mails when wiki is in read-only mode 12701* (bug 17478) Fixed a PHP Strict standards error in 12702 maintenance/cleanupWatchlist.php 12703* (bug 17488) RSS/Atom links in left toolbar are now localized in classic skin 12704* (bug 17472) use print <<<EOF in maintenance/importTextFile.php 12705* Special:PrefixIndex: Move table styling to shared.css, add CSS IDs to tables 12706 use correct message 'allpagesprefix' for input form label, replace _ with ' ' 12707 in next page link 12708* (bug 17506) Exceptions within exceptions now respect $wgShowExceptionDetails 12709* Fixed excessive job queue utilisation 12710* File dupe messages for remote repos are now shown only once. 12711* (bug 14980) Messages 'shareduploadwiki' and 'shareduploadwiki-desc' are now 12712 used as a parameter in 'sharedupload' for easier styling and customization. 12713* (bug 17482) Formatting error in Special:Preferences#Misc (Opera) 12714* (bug 17556) <link> parameters in Special:Contributions feeds (RSS and Atom) 12715 now point to the actual contributors' feed. 12716* ForeignApiRepos now fetch MIME types, rather than trying to figure it locally 12717* Special:Import: Do not show input field for import depth if 12718 $wgExportMaxLinkDepth == 0 12719* (bug 17570) $wgMaxRedirects is now correctly respected when following 12720 redirects (was previously one more than $wgMaxRedirects) 12721* (bug 16335) __NONEWSECTIONLINK__ magic word to suppress new section link. 12722* (bug 17581) Wrong index name in PostgreSQL's updater: was rc_timestamp_nobot, 12723 changed to rc_timestamp_bot 12724* (bug 17437) Fixed incorrect link to web-based installer 12725* (bug 17538) Use shorter URLs in <link> elements 12726* (bug 13778) Hidden input added to the search form so that using the Enter key 12727 on IE will do a fulltext search like clicking the button does 12728* (bug 1061) CSS-added icons next to links display through the text and makes 12729 it unreadable in RTL 12730* Special:Wantedtemplates now works on PostgreSQL 12731* (bug 14414) maintenance/updateSpecialPages.php no longer throws error with 12732 PostgreSQL 12733* (bug 17546) Correct Tongan language native name is "lea faka-Tonga" 12734* (bug 17621) Special:WantedFiles has no link to Special:Whatlinkshere 12735* (bug 17460) Client ecoding is now correctly set for PostgreSQL 12736* (bug 17648) Prevent floats from intruding into edit area in previews if no 12737 toolbar present 12738* (bug 17692) Added (list of members) link to 'user' in Special:Listgrouprights 12739* (bug 17707) Show file destination as plain text if &wpForReUpload=1 12740* (bug 10172) Moved setting of "changed since last visit" flags out of the job 12741 queue 12742* (bug 17761) "show/hide" link in page history in now works for the first 12743 displayed revision if it's not the current one 12744* (bug 17722) Fix regression where users are unable to change temporary 12745 passwords 12746* (bug 17799) Special:Random no longer throws a database error when a non- 12747 namespace is given, silently falls back to NS_MAIN 12748* (bug 17751) The message for bad titles in WantedPages is now localized 12749* (bug 17860) Moving a page in the "MediaWiki" namespace using SuppressRedirect 12750 no longer corrupts the message cache 12751* (bug 17900) Fixed User Groups interface log display after saving groups. 12752* (bug 17897) Fixed string offset error in <pre> tags 12753* (bug 17778) MediaWiki:Catseparator can now have HTML entities 12754* (bug 17676) Error on Special:ListFiles when using Postgres 12755* Special:Export doesn't use raw SQL queries anymore 12756* (bug 14771) Thumbnail links to individual DjVu pages no longer have 12757 two "page" parameters 12758* (bug 17972) Special:FileDuplicateSearch form now works correctly on wikis that 12759 don't use PathInfo or short urls 12760* (bug 17990) trackback.php now has a trackback.php5 alias and works with 12761 $wgScriptExtension 12762* (bug 14990) Parser tests works again with PostgreSQL 12763* (bug 11487) Special:Protectedpages doesn't list protections with pr_expiry 12764 IS NULL 12765* (bug 18018) Deleting a file redirect leaves behind a malfunctioning redirect 12766* (bug 17537) Disable bad zlib.output_compression output on HTTP 304 responses 12767* (bug 11213) [edit] section links in printable version no longer appear when 12768 you cut-and-paste article text 12769* (bug 17405) "Did you mean" to mirror Go/Search behavior of original request 12770* (bug 18116) 'edittools' is now output identically on edit and upload pages 12771* (bug 17241) The diffonly URI parameter should cascade to "Next edit" and 12772 "Previous edit" diff links 12773* (bug 16823) Sidebar search form should not use Special:Search view URL as 12774 target 12775* (bug 16343) Non-existing, but in use, category pages can be "go" match hits 12776* Fixed a CSS validation issue which allowed external images to be included 12777 into wikis where that is disallowed by configuration. 12778* Fixed a data leakage vulnerability for private wikis using img_auth.php or 12779 similar image access authentication schemes. Check user permissions before 12780 streaming out scaled images from thumb.php. 12781 12782== API changes in 1.15 == 12783* (bug 16858) Revamped list=deletedrevs to make listing deleted contributions 12784 and listing all deleted pages possible 12785* (bug 16844) Added clcategories parameter to prop=categories 12786* (bug 17025) Add "fileextension" parameter to meta=siteinfo&siprop= 12787* (bug 17048) Show the 'new' flag in list=usercontribs for the revision that 12788 created the page, even if it's not the top revision 12789* (bug 17069) Added ucshow=patrolled|!patrolled to list=usercontribs 12790* action=delete respects $wgDeleteRevisionsLimit and the bigdelete user right 12791* (bug 15949) Add undo functionality to action=edit 12792* (bug 16483) Kill filesort in ApiQueryBacklinks caused by missing parentheses. 12793 Building query properly now using makeList() 12794* (bug 17182) Fix pretty printer so URLs with parentheses in them are 12795 autolinked correctly 12796* (bug 17224) Added siprop=rightsinfo to meta=siteinfo 12797* (bug 17239) Added prop=displaytitle to action=parse 12798* (bug 17317) Added watch parameter to action=protect 12799* (bug 17007) Added export and exportnowrap parameters to action=query 12800* (bug 17326) BREAKING CHANGE: Changed output format for iiprop=metadata 12801* (bug 17355) Added auwitheditsonly parameter to list=allusers 12802* (bug 17007) Added action=import 12803* BREAKING CHANGE: Removed rctitles parameter from list=recentchanges because 12804 of performance concerns 12805* Listing (semi-)deleted revisions and log entries as well in prop=revisions 12806 and list=logevents 12807* (bug 11430) BREAKING CHANGE: Modules may return fewer results than the 12808 limit and still set a query-continue in some cases 12809* (bug 17357) Added movesubpages parameter to action=move 12810* (bug 17433) Added bot flag to list=watchlist&wlprop=flags output 12811* (bug 16740) Added list=protectedtitles 12812* Added mainmodule and pagesetmodule parameters to action=paraminfo 12813* (bug 17502) meta=siteinfo&siprop=namespacealiases no longer lists namespace 12814 aliases already listed in siprop=namespaces 12815* (bug 17529) rvend ignored when rvstartid is specified 12816* (bug 17626) Added uiprop=email to list=userinfo 12817* (bug 13209) Added rvdiffto parameter to prop=revisions 12818* Manual language conversion improve: Now we can include both ";" and ":" in 12819 conversion rules 12820* (bug 17795) Don't report views count on meta=siteinfo if $wgDisableCounters 12821 is set 12822* (bug 17774) Don't hide read-restricted modules like action=query from users 12823 without read rights, but throw an error when they try to use them. 12824* Don't hide write modules when $wgEnableWriteAPI is false, but throw an error 12825 when someone tries to use them 12826* BREAKING CHANGE: action=purge requires write rights and, for anonymous users, 12827 a POST request 12828* (bug 18099) Using appendtext to edit a non-existent page causes an interface 12829 message to be included in the page text 12830* Fixed the circular template inclusion check, was broken when the loop 12831 involved redirects. Without this, infinite recursion within the parser is 12832 possible. 12833* (bug 18601) generator=backlinks returns invalid continue parameter 12834* (bug 18597) Internal error with empty generator= parameter 12835* (bug 18617) Add xml:space="preserve" attribute to relevant tags in XML output 12836* (bug 17611) Provide a sensible error message on install when the SQLite data 12837 directory is wrong. 12838 12839=== Languages updated in 1.15 === 12840 12841MediaWiki supports over 300 languages. Many localisations are updated 12842regularly. Below only new and removed languages are listed, as well as 12843changes to languages because of Bugzilla reports. 12844 12845* Austrian German (de-at) (new) 12846* Swiss Standard German (de-ch) (new) 12847* Simplified Gan Chinese (gan-hans) (new) 12848* Traditional Gan Chinese (gan-hant) (new) 12849* Literary Chinese (lzh) (new) 12850* Uyghur (Latin script) (ug-latn) (renamed from 'ug') 12851* Veps (vep) (new) 12852* Võro (vro) (renamed from fiu-vro) 12853* (bug 17151) Add magic word alias for #redirect for Vietnamese 12854* (bug 17288) Messages improved for default language (English) 12855* (bug 12937) Update native name for Afar 12856* (bug 16909) 'histlegend' now reuses messages instead of copying them 12857* (bug 17832) action=delete returns 'unknownerror' instead of 'permissiondenied' 12858 when the user is blocked 12859* Traditional/Simplified Gan Chinese conversion support 12860 12861== MediaWiki 1.14 == 12862 12863== MediaWiki 1.14.1 == 12864=== Changes since 1.14.0 === 12865 12866* (bug 17737) Fixed russian URLs for Special:BookSources 12867* (bug 17713) Using links with only an anchor no longer add an dummy entry in 12868 the pagelinks table 12869* (bug 17897) Fixed string offset error in <pre> tags 12870* (bug 17832) Fixed action=delete returning 'unknownerror' instead of 12871 'permissiondenied' when the user is blocked 12872* Fixed performance regression when accessing deleted (archived) files 12873* (bug 19693) Fixed cross-site scripting vulnerability in Special:Block 12874 12875== MediaWiki 1.14.0 == 12876=== Changes since 1.14.0rc1 === 12877 12878* Fixed the performance of the backlinks API module 12879* (bug 17420) Send the correct content type from action=raw when the HTML file 12880 cache is enabled. 12881* (bug 17437) Fixed incorrect link to web-based installer 12882* (bug 17527) Fixed missing MySQL-specific options in installer 12883 12884=== Configuration changes in 1.14 === 12885 12886* $wgExemptFromUserRobotsControl is an array of namespaces to be exempt from 12887 the effect of the new __INDEX__/__NOINDEX__ magic words. (Default: null, ex- 12888 empt all content namespaces.) 12889* $wgForwardSearchUrl has been removed entirely. Documented setting since 1.4 12890 has been $wgSearchForwardUrl. 12891* (bug 15080) $wgOverrideSiteFeed has been added. Setting either 12892 $wgSiteFeed['rss'] or 'atom' to a URL will override the default Recent 12893 Changes feed that appears on all pages. 12894* $wgSQLiteDataDirMode has been introduced as the default directory mode for 12895 SQLite data directories on creation. Note that this setting is separate from 12896 $wgDirectoryMode, which applies to all normal dirs created by MediaWiki. 12897* $wgGroupsAddToSelf and $wgGroupsRemoveFromSelf now work more like 12898 $wgAddGroups and $wgRemoveGroups, where the user must belong to a specified 12899 group in order to add or remove those groups from themselves. 12900 Backwards compatibility is maintained. 12901* $wgRestrictDisplayTitle controls if the use of the {{DISPLAYTITLE}} magic 12902 word is restricted to titles equivalent to the actual page title. This 12903 is true per default, but can be set to false to allow any title. 12904* $wgSpamRegex may now be an array of multiple regular expressions. 12905* $wgAjaxSearch has been removed; use $wgEnableMWSuggest instead. 12906* Editing the MediaWiki namespace is now unconditionally restricted to people 12907 with the editinterface right, configuring this in $wgNamespaceProtection 12908 is not required. 12909* $wgAllowExternalImagesFrom may now be an array of multiple strings. 12910* Introduced $wgEnableImageWhitelist to toggle the on-wiki external image 12911 whitelist on or off. 12912* Added $wgRenderHashAppend to append some string to the parser cache and the 12913 sitenotice cache keys. 12914* $wgRCChangedSizeThreshold is now a positive integer by default, 12915* (bug 16006) $wgEnableWriteAPI is now true by default. Authorized can perform 12916 write actions using the API. 12917* Added $wgRC2UDPInterwikiPrefix which adds an interwiki prefix 12918 ($wgLocalInterwiki) onto the page names in the UDP feed. 12919* Added $wgAllowUserSkin to let the wiki's owner disable user selectable skins 12920 on the wiki. If it's set to false, then the skin used will *always* be 12921 $wgDefaultSkin. 12922* Added $wgEnotifUseRealName, which allows UserMailer to send out e-mails based 12923 on the user's real name if one is set. Defaults to false (use the username) 12924* Removed the 'apiThumbCacheDir' option from $wgForeignFileRepos (only used in 12925 ForeignAPIRepo) 12926* (bug 44) Image namespace and accompanying talk namespace renamed to File. 12927 For backward compatibility purposes, Image still works. External tools may 12928 need to be updated. 12929* The constants NS_FILE and NS_FILE_TALK can now be used instead of NS_IMAGE and 12930 NS_IMAGE_TALK. The old constants are retained as aliases for compatibility, 12931 and should still be used in code meant to be compatible with v1.13 or older. 12932* MediaWiki can be forced to use private IPs forwarded by a proxy server by 12933 using $wgUsePrivateIPs. 12934* The 'BeforeWatchlist' hook has been removed due to internal changes in 12935 Special:Watchlist. 'SpecialWatchlistQuery' should now be used by extensions 12936 to customize the watchlist database query. 12937 12938=== Migrated extensions === 12939The following extensions are migrated into MediaWiki 1.14: 12940 12941* Special:DeletedContributions to show deleted user contributions (was 12942 extension DeletedContributions) 12943* Special:Log/newusers recording new users (was extension Newuserlog) 12944* Special:LinkSearch to search for external links (was extension LinkSearch) 12945* RenderHash 12946* NoMoveUserPages 12947* UniversalEditButton 12948 12949=== New features in 1.14 === 12950 12951* New URL syntaxes for Special:ListUsers - 'Special:ListUsers/USER' and 12952 'Special:ListUsers/GROUP/USER', in addition to the older syntax 12953 'Special:ListUsers/GROUP' where GROUP is a valid group name. 12954* Configurable per-namespace and per-page notices for the edit form, 12955 respectively MediaWiki:Editnotice-# where # is the namespace number, and 12956 MediaWiki:Editnotice-#-PAGENAME where # is the page's namespace number and 12957 PAGENAME is the page name minus the namespace prefix. 12958* (bug 8068) New __INDEX__ and __NOINDEX__ magic words allow user control of 12959 search engine indexing on a per-article basis. 12960* Handheld stylesheet options 12961* Added 'DoEditSectionLink' hook as a cleaner unified version of the old 12962 'EditSectionLink' and 'EditSectionLinkForOther' hooks. Note that the 12963 'EditSectionLinkForOther' hook has been removed, but 'EditSectionLink' is 12964 run in all cases instead, so extensions using the old hooks should still work 12965 if they ran roughly the same code for both hooks (as is almost certain). 12966* Signature (~~~~) "cleaning", i.e. template removal, can be disabled with 12967 $wgCleanSignatures=false 12968* Extensions can use the SkinBuildSidebar hook to modify the content of the 12969 sidebar and add custom portlets to it 12970* Added 'MakeGlobalVariablesScript' hook for extensions to be able to add vari- 12971 ables into the output of Skin::makeVariablesScript 12972* (bug 13846) Added $wgAddGroups and $wgRemoveGroups display on 12973 Special:ListGroupRights 12974* (bug 14377) Add a date selector to history pages 12975* (bug 15007) New 'pagetitle-view-mainpage' message allows the HTML <title> of 12976 the main page to be customized 12977* Added $wgDisableTitleConversion to disabling the conversion for all pages on 12978 the wiki 12979* Added 'noconvertlink' toggle that can be set per user preferences, also 12980 added 'convertlink=no|yes' on GET requests whether have the link titles 12981 being converted or not 12982* (bug 14921) Special:Contributions/: add user name to <title> 12983 Patch by Emufarmers 12984* Unescape more "safe" characters when producing URLs, for added prettiness 12985* Introduced a new hook 'SkinAfterContent' that allows extensions to add text 12986 after the page content and article metadata. Updated all skins and skin 12987 templates to work with that hook. 12988* (bug 14929) removeUnusedAccounts.php now supports 'ignore-touched' and 12989 'ignore-groups'. Patch by Louperivois 12990* (bug 15127) Work around minor display glitch in Opera. 12991* By default, reject file uploads that look like ZIP files, to avoid the 12992 so-called GIFAR vulnerability. 12993* (bug 15141) Give ability to only list protected pages with the cascading 12994 option enabled on Special:ProtectedPages 12995* (bug 15157) Special:Watchlist has the same options as Special:Watchlist: 12996 Show/Hide logged in users, Show/Hide anonymous, Invert namespace selection 12997* Added hook 'UserrightsChangeableGroups' to allow modification of what 12998 groups may be added or removed via the Special:UserRights interface. 12999* HTML entities like now work (are not escaped) in edit summaries. 13000* (bug 13815) In the comment for page moves, use the colon-separator message 13001 instead of a hardcoded colon. 13002* Allow <gallery> to accept image names without an Image: prefix 13003* Add tooltips to rollback and undo links 13004* BMP images are now displayed as PNG 13005* (bug 13471) Added NUMBERINGROUP magic word 13006* (bug 11884) Now support Flash EXIF attribute 13007* Show thumbnails in the file history list, patch by User:Agbad 13008* Added support of piped wikilinks using double-width brackets 13009* Added an on-wiki external image whitelist. Items in this whitelist are 13010 treated as regular expression fragments to match for when possibly 13011 displaying an external image inline. 13012* (bugs 15405, 15436) Sort more currency types correctly in sortable tables 13013* (bug 15422) Sort more different types of numbers in sortable tables 13014* (bug 2889) MediaWiki:Print.css applies to the printable version 13015* Category counts (e.g. from {{PAGESINCATEGORY:}}) should be more accurate for 13016 small categories 13017* After logging in, automatically redirect to wherever you logged in from 13018* (bug 5619) Break messages used in Special:Statistics down further 13019* (bug 11029) Add link to Special:Listusers?group=sysop etc at 13020 Special:Statistics 13021* (bug 15514) Setting $wgRightsText without $wgRightsUrl now produces a 13022 plaintext copyright notice. Patch by Juliano F. Ravasi. 13023* (bug 15551) Deletion log excerpt is now shown whenever a user vists a 13024 deleted page, even if they are unable to edit it. 13025* Added Wantedfiles special pages, allowing users to find image links with no 13026 image. 13027* (bug 12650) It is now possible to set different expiration times for 13028 different restriction types on the protection form. 13029* (bug 8440) Allow preventing blocked users from editing their talk pages 13030* Improved upload file type detection for OpenDocument formats 13031* Added the ability to set the target attribute on external links with 13032 $wgExternalLinkTarget 13033* api.php now sends "Retry-After" and "X-Database-Lag" HTTP headers if the 13034 maxlag check fails, just like index.php does 13035* Added "link" parameter to image links, to allow images to link to an 13036 arbitrary title or URL. This should replace inaccessible and incomplete 13037 solutions such as CSS-based overlays and ImageMap. 13038* (bug 368) Don't use caption for alt attribute; allow manual specification 13039 using new "alt=" parameter for images 13040* (bug 44) The {{ns:}} core parser function now also accepts localized 13041 namespace names and aliases; also, its output now uses spaces instead of 13042 underscores to match the behavior of the {{NAMESPACE}} magic word 13043* Added the ability to display user edit counts in Special:ListUsers. Off by 13044 default, enabled with $wgEdititis = true (named after the medical condition 13045 marked by unhealthy obsession with edit counts). 13046* Added a file cache to the parser to improve page rendering time on pages with 13047 several uses of the same image. 13048* (bug 1250) Users can still use "show preview" and "show changes" even if the 13049 wiki is set to read-only mode. 13050* Added a call to the 'UnwatchArticleComplete' hook to the watchlist editor. 13051 This should make it so that ALL user-accessible methods of removing a page 13052 from a watchlist lead to this hook being called (it was previously only 13053 called from within Article.php 13054* Maximum execution time for shell processes on linux is now configured with 13055 $wgMaxShellTime (180 seconds by default) 13056* (bug 1306) 'Email user' link no longer shown on user page when emailing 13057 is not available due to lack of confirmed address or disabled preference 13058* Special:Wanted templates special page added to display missing templates 13059 linked from articles 13060* Make search matches bold only, not red as well 13061* (bug 10080) Blocks can be modified without unblocking first 13062* (bug 15820) Special:BlockIP shows a notice if the user being blocked is 13063 already directly blocked 13064* (bug 13710) Allow to force "watch this" checkbox via URL using parameter 13065 "watchthis" 13066* (bug 15125) Add Public Domain to default options when installing. Patch by 13067 Nathan Larson. 13068* Set a special temporary directory for ImageMagick with $wgImageMagickTempDir 13069* (bug 16113) Show/hide for redirects in Special:NewPages 13070* (bug 15903) Upload link was added to Nostalgia skin 13071* (bug 15761) Add user toggle to omit diff after rollback 13072* Added the BitmapHandler_ClientOnly media handler, which allows server-side 13073 image scaling to be completely disabled for specific media types, via the 13074 $wgMediaHandlers configuration variable. 13075* New 'AbortDiffCache' hook can be used to cancel the caching of a diff 13076* (bug 15835) Added Content-Style-Type meta tag 13077* (bug 11027) Add parameter to MW:Randompage-nopages so that user can see the 13078 namespace. 13079* Add id="mw-user-domain-section" to <tr> tag in Userlogin.php template so that 13080 admins with a single domain can hide the domain section using CSS 13081* Dropped old Paser_OldPP class. Only new parser with preprocessor is used. 13082* Moved password reset form from Special:Preferences to Special:ResetPass 13083* Added Special:ChangePassword as a special page alias for Special:ResetPass 13084* Added complementary function for addHandler() called removeHandler() for 13085 removing events 13086* Improved security of file uploads for IE clients, using a reverse-engineered 13087 algorithm very similar to IE's content detection algorithm. 13088* Cascading protection no longer requires that both edit and move are restricted 13089 to sysop, just edit=sysop is enough 13090* (bug 2391) A warning is now shown for invalid ISBN numbers on 13091 Special:Booksources. 13092* Installer has been updated to reflect the release of the GFDL 1.3. The URL for 13093 1.2 has been updated, and the 1.3 URL has been given. 1.2 is still 13094 Wikipedia-compatible. RightsCode was changed from 'gfdl' to 'gfdl1_2', so we 13095 can now support 1.2 as well as 1.3 (gfdl1_3). 13096* (bug 16293) PD URL was changed to the CreativeCommons site on PD (which 13097 auto-detects your language) instead of Wikipedia. 13098* (bug 16635) The "view and edit watchlist" page (Special:Watchlist/edit) now 13099 includes a table of contents 13100* File objects returned by wfFindFile() are now cached by default 13101* (bug 7492) Rights can now be assigned to specific IP addresses and ranges by 13102 using $wgAutopromote (new defines: APCOND_ISIP and APCOND_IPINRANGE) 13103* Add a 'change block' link to Special:IPBlockList and Special:Log 13104* (bug 16459) Use native getElementsByClassName where possible, for better 13105 performance in modern browsers 13106* Enable \cancel and \cancelto in texvc (recompile required) 13107* Added 'UserCryptPassword' and 'UserComparePasswords' hooks to allow extensions 13108 to implement their own password hashing methods. 13109* (bug 16760) Add CSS-class to action links of Special:Log 13110* (bug 505) Time zones can now be specified by location in user preferences, 13111 avoiding the need to manually update for DST. Patch by Brad Jorsch. 13112* (bug 2585) HTTP 404 return code is now given for a page view if the page 13113 does not exist, allowing spiders and link checkers to detect broken links. 13114* Special:Log: Add 'change protection' link for unprotected pages too 13115* Special:Log: Add log type specific CSS classes 'mw-logline-$logtype' to 13116 'li' elements 13117* (bug 16754) Making arbitrary rows of sortable tables sticky: 13118 |- class="unsortable" 13119* Show subversion too even if a "normal" version number is available 13120* (bug 16121) Add a note that a page move was without creating a redirect in the 13121 move log 13122* Image moving is now enabled for sysops by default 13123* Make "Did you mean" search feature more noticeable 13124* (bug 16720) Transcluded Special:NewPages processes "/username=" 13125 13126=== Bug fixes in 1.14 === 13127 13128* (bug 14907) DatabasePostgres::fieldType now defined. 13129* (bug 14659) Passing the default limit param to Special:Recentchanges no more 13130 falls back to the user option 13131* (bug 14954) Fix regression in Modern and Simple skins 13132* Recursion loop check added to Categoryfinder class 13133* Fixed few performance troubles of large job queue processing 13134* Not setting various parameters in Foreign Repos now fails more gracefully 13135* (bug 2333) Redirects are properly rendered when previewing an edit. 13136* (bug 14972) Use localized alias of Special:Search on all search forms 13137* (bug 11035) Special:Search should have descriptive <title> 13138* Special pages are now not subject to special handling for "self-links" 13139* (bug 15053) Syntactically incorrect redirects with another link in them 13140 no longer redirect to the second link 13141* (bug 15049) Fix for CheckUser extension's log search: usernames containing 13142 a "-" were incorrectly turned into bogus IP range searches. 13143 Patch by Max Semenik. 13144* (bug 15055) Talk page notifications no longer attempt to send mail when 13145 user's e-mail address is invalid or unconfirmed 13146* (bug 12370) Add throttle on password attempts. Defaults to max 5 attempts in 13147 5 minutes. 13148* (bug 15016) 'Templates used on this page' list in view source should be 13149 wrapped in a div with class "templatesUsed" 13150* (bug 14868) Setting $wgFeedDiffCutoff to 0 now disables generation of the 13151 diff entirely, not just the display of it. 13152* (bug 6387) Introduced new setting $wgCategoryPrefixedDefaultSortkey which 13153 allows having the unprefixed page title as the default category sortkey 13154* (bug 15079) Add class="ns-talk" / "ns-subject" to <body>. Also added 13155 ns-special to special pages. 13156* (bug 15052) Skins should add their name as a class in <body> 13157* (bug 14165, bug 14294) Wikimedia specific configuration in convertGrammar() 13158 for several languages was removed. The settings have been put in extension 13159 WikimediaMessages. Patch for Czech by Danny B. 13160* (bug 15101) Displaying only bots edits in Special:Recentchanges now works 13161 again 13162* (bug 13770) Fixed incorrect detection of PHP's DOM module 13163* (bug 14790) Export of category pages when using Category: prefix now actually 13164 gives results 13165* Avoid recursive crazy expansions in section edit comments for pages which 13166 contain '/*' in the title 13167* Fix excessive memory usage when parsing pages with lots of links 13168* $wgSpamRegex now matches the edit summary and page move descriptions in 13169 addition to body text. 13170* Navigation links to images available from a shared repository (like Commons) 13171 from their local talk pages no longer appear as redlinks 13172* Action=purge on ForeignApiFiles now works (purges their thumbnails and 13173 description pages). 13174* (bug 15303) Title conversion for templates wasn't working in some cases. 13175* (bug 15264) Underscores in Special:Search/Foo_bar parameters were taken 13176 literally; now converting them to spaces per expectation. 13177* (bug 15342) "Invert" checkbox now works correctly when selecting main 13178 namespace in Special:Watchlist 13179* (bug 15172) 'Go' button of Special:Recentchanges now on the same line as the 13180 last input element (like Special:Watchlist too) 13181* (bug 15351) Fix fatal error for invalid section fragments in autocomments 13182* Fixed intermittent deadlock errors involving objectcache table queries. 13183 Use a separate database connection for the objectcache table to avoid 13184 long-lasting locks on that table. 13185* Respect file restrictions in the file history list 13186* (bug 15399) Odd/even classes on sortable tables' rows could be slow for large 13187 tables, and have been disabled by default. 13188* (bug 15482) Special:Recentchangeslinked has no longer two submit buttons 13189* (bug 15292) New message notification for unregistred users now works again 13190* (bug 14398) mwsuggest.js: Let width of container be configurable 13191* (bug 15543) Only include user touched timestamp to generated CSS 13192* (bug 15497) Removed encoding attribute from <?xml ?> tag 13193* (bug 12284) Special:Preferences now sets a returnto parameter on the link to 13194 Special:UserLogin. Patch by Marooned. 13195* Fixed the HTTP accept language string detection length in 13196 LanguageConverter.php, instead of the fixed length language codes. 13197* Special:RecentChangesLinked no longer shows outgoing links for nonexistent 13198 pages even if there are broken link records with source article id 0 in the 13199 database 13200* (bug 15598) Special:Newpages default limit uses user preference for 13201 recentchanges limit instead of hardcoded 50. 13202* (bug 15617) $wgFeedClassesOutputPage::getHeadLinks() respects $wgFeedClasses, 13203 instead of hardcoding rss and atom. Patch by Juliano F. Ravasi. 13204* (bug 14638) Special:Blockip now provides a link to the block log if the user 13205 has been blocked more than 10 times. Patch by Matt Johnston. 13206* (bug 12678) Skins don't show Upload link if the user isn't allowed to upload. 13207* Fixed incorrect usage of DB_LAST in Special:Export. Deprecated DB_LAST. 13208* (bug 15642) Blocked sysops can no longer block other users 13209* Http::request() now respects $wgHTTPtimeout when not using cURL 13210* (bug 15158) Userinvalidcssjstitle not shown on preview 13211* (bug 15196) Free external links should be numbered in a localised manner 13212* (bug 15388) Title of Special:PrefixIndex 13213* Links with no title but a curid parameter now use the curid to pick a page 13214* (bug 10323) Special:Undelete should have "inverse selection" button 13215* (bug 15831) Modern skin RTL support is bugous 13216* (bug 15869) Nostalgia skin does not show page title in printable mode 13217* (bug 15795) Special:Userrights is now listed on Special:SpecialPages when the 13218 user can only change his rights 13219* (bug 15846) Categories "leak" from older revisions in certain circumstances 13220* (bug 15928) Special pages dropdown should be inline in non-MonoBook skins 13221* (bug 14178) Some uses of UserLoadFromSession hook cause segfault 13222* (bug 15925) Postitive bytes added on recentchanges and watchlists are now 13223 bolded if above the threshold, previously it only worked for negatives 13224* Specify apple-touch-icon before favicon in HTML head section to make the 13225 Konqueror browser correctly use the latter 13226* (bug 15717) Set $separatorTransformTable for language 'eu' 13227* (bug 15605) Enabled $datePreferences for language 'hr'. Added standard date 13228 preferences. 13229* (bug 13701) {{NUMBEROFVIEWS}} magic word to show number of total views. 13230* (bug 5101) Image from Commons doesn't show up when searched in Wikipedia 13231 search box 13232* (bug 14609) User's namespaces to be searched default not updated after adding 13233 new namespace 13234* Purge form uses valid XHTML 13235* (bug 12764) Special:LonelyPages shows transcluded pages 13236* (bug 16073) Enhanced RecentChanges uses onclick handler with better fallback 13237 if JavaScript is disabled 13238* (bug 4253) Recentchanges IRC messages no longer include title in diff URLs 13239* Allow '0' to be an accesskey. 13240* (bug 8063) Use language-dependent sorting in client-side sortable tables 13241* (bug 16160) Suggestions box should be resized from left for RTL wikis 13242* (bug 11533) Fixed insane slowdown when in read-only mode for long periods 13243 of time with CACHE_NONE (default objectcache table configuration). 13244* Trying to set two different default category sort keys for one page now 13245 produces a warning 13246* (bug 16143) Fix redirect loop on special pages starting with lower case 13247 letters 13248* (bug 15737) Fix notices while expanding using PPCustomFrame 13249* (bug 15544) Non-index entry points cause the "Wiki not set up" message to 13250 have corrupt URLs 13251* (bug 5101) Image from Commons doesn't show up when searched in Wikipedia 13252 search box 13253* (bug 4362) [[MediaWiki:History copyright]] no more used with most recent 13254 revision when passing oldid parameter in the url 13255* (bug 16265) When caching thumbs with the ForeignApiRepo, we now use the same 13256 filename as the remote site. 13257* (bug 8345) Don't autosummarize where a redirect was left unchanged 13258* Made thumb caching in ForeignApiFile objects integrated with normal thumb 13259 path naming (/thumbs/hash/file), retired 'apiThumbCacheDir' as a result. 13260* (bug 5530) Consistency between character encoding in {{PAGENAMEE}}, 13261 {{SUBPAGENAMEE}} and {{FULLPAGENAMEE}} 13262* Safer handling of non-MediaWiki exceptions -- now obeys our settings for 13263 formatting and path exposure. 13264* Less verbose errors from profileinfo.php when not configured 13265* Blacklist redirects via Special:Filepath, hard to use. 13266* Improved input validation on Special:Import form 13267* Add a .htaccess to deleted images directory for additional protection 13268 against exposure of deleted files with known SHA-1 hashes on default 13269 installations. 13270* Improved scripting safety heuristics for IE 5/6 content-type detection. 13271* Improved scripting safety heuristics on SVG uploads. 13272* (bug 11728) Unify layout of enhanced watchlist/recent changes 13273* (bug 8702) Properly update stats when running nukePage maintenance script 13274* (bug 7726) Searches for words less than 4 characters now work without 13275 requiring customization of MySQL server settings 13276* Honour unchecked "Leave a redirect behind" for moved subpages 13277* (bug 16440) Broken 0-byte math renderings are now deleted and re-rendered 13278 when page is re-parsed. 13279* (bug 6100) Unicode BiDi embedding/override characters (U+202A - U+202E) are 13280 now automatically removed from titles; these characters can accidentally end 13281 up in copy-and-pasted titles, and, by overriding normal bidirectional text 13282 handling, can lead to annoying behavior such as text rendering backwards 13283* Fixed minor bug where the memcached value for how many accounts an IP had 13284 created that day would be increased even if $wgAccountCreationThrottle was 13285 hit. This meant if an IP hit the throttle and then the throttle was raised 13286 later that day, the IP still couldn't create another account, because it 13287 had marked them as having created another account, when their last account 13288 creation had actually failed. 13289* (bug 12647) Allow autogenerated edit summary messages to be blanked with '-' 13290* (bug 16026) 'Revision-info' and 'revision-info-current' both accept wiki 13291 markup now. 13292* (bug 16529) Fix for search suggestions with some third-party JS libraries 13293* (bug 13342) importScript() generates more consistent URI encoding 13294* (bug 16577) When a blocked user tries to rollback a page, the block message 13295 is now only displayed once 13296* (bug 14268) SVG image sizes now extracted with proper XML parser 13297* (bug 14365) RepoGroup::findFiles() no longer crashes if passed an invalid 13298 title via the API 13299* (bug 4253, bug 16586) Revision ID is now given instead of title in URLs for 13300 new pages in the recent changes IRC feed 13301* Ugly tooltips in Special:Statistics were phased out in favor of more direct 13302 information. Went ahead and rewrote SpecialStatistics to subclass SpecialPage 13303* (bug 5506) Links to files on foreign repositories are now shown consistently 13304 as bluelinks e.g. in logs and edit summaries 13305* (bug 16623) Add missing </p> tag in Special:LockDB 13306* (bug 15849) Special:Movepage now throws a more specific error when trying to 13307 move a title to an interwiki target 13308* (bug 16638) 8-bit URL fallback encoding now set on additional languages using 13309 Arabic script (Persian, Urdu, Sindhi, Punjabi) 13310* (bug 16656) cleanupTitles and friends should now work in load-balanced 13311 DB environments when $wgDBserver isn't set. 13312* (bug 3691) Aspect ratio from viewBox attribute is now preserved for SVG 13313 images which do not specify width and height attributes. 13314* (bug 15027) Internet domain names and IP addresses can now be indexed and 13315 searched sensibly with the default MySQL search backend. 13316* (bug 11733) Fixed parameter validation in importTextFile.php 13317* (bug 16712) Special:NewFiles updated to use "newer"/"older" paging messages 13318 for clarity over "previous/next" 13319* (bug 16612) Fixed "noprint" class for Modern skin print style 13320* Section anchors now have an "id" attribute as well as a "name" attribute, 13321 even when Tidy is not used 13322* (bug 16026) revision-info, revision-info-current, cannotdelete, 13323 redirectedfrom, historywarning and difference messages now use Wiki text 13324 rather than raw HTML markup 13325* (bug 13835) Fix rendering of {{filepath:Wiki.png|nowiki}} 13326* (bug 16772) Special:Upload now correctly rejects files with spaces in the 13327 file extension (e.g. Foo. jpg). 13328* Image moving over an existing file no longer throws a database error 13329* (bug 16786) Restored "redundant" links recently removed from Classic sidebar 13330* (bug 16850) $wgActionPaths can have query strings now, previously, this broke 13331 local URLs 13332* (bug 16376) Mention in deleteBatch.php and moveBatch.php maintenance scripts 13333 that STDIN can be used for page list 13334* (bug 16560) Special:Random returns a page from ContentNamespaces, and no 13335 longer from NS_MAIN 13336 13337=== API changes in 1.14 === 13338 13339* Registration time of users registered before the DB field was created is now 13340 shown as empty instead of the current time. 13341* API search now falls back to fulltext search by default when using Lucene 13342 or other engine which doesn't support a separate title search function. 13343 This means you can use API search on Wikipedia without explicitly adding 13344 &srwhat=text to the query. 13345* Added iiprop=bitdepth to imageinfo and aiprop=bitdepth to allimages 13346* (bug 14713) API-specific permissions (such as 'writeapi' and 'apihighlimits' 13347 are now listed on action=help 13348* (bug 15044) Added requestid parameter to api.php to facilitate distinguishing 13349 between requests 13350* (bug 15048) Added limit field for multivalue parameters to action=paraminfo 13351 output. 13352* When the limit on multivalue parameters is exceeded, a warning is issued 13353* list=search doesn't list missing pages any more 13354* (bug 15178) Added clshow to prop=categories to allow filtering for hidden/ 13355 non-hidden categories 13356* (bug 15228) Combining revids= and redirects now throws a warning instead of 13357 an error, and still resolves redirects generated by the generator. 13358* list={backlinks,embeddedin,imageusage} now return arrays with keys 0, 1, 2, 13359 etc. (AKA lists) instead of arrays with pageIDs as keys (AKA hash tables) 13360 for consistency with other list modules. 13361* Added action=watch 13362* (bug 15275) apprefix and related parameters ignore spaces at the end 13363* action=edit no longer throws unknown error 228 when trying to create an 13364 empty section with section=new 13365* Database replication lag doesn't cause all action=edit requests to return the 13366 nochange flag any more 13367* (bug 15392) ApiFormatBase::formatHTML now uses $wgUrlProtocols. 13368* (bug 15444) action=edit returns "Unknown error: ``AS_END''" where it should 13369 return just "Unknown error" 13370* (bug 15448) YAML output returns empty values instead of 0 13371* (bug 15445) Added action=patrol 13372* (bug 15466) Added action=purge 13373* (bug 15486) action=block ignores autoblock parameter 13374* (bug 15492) added rcprop=loginfo to list=recentchanges 13375* (bug 15527) action=rollback can now revert anonymous editors 13376* (bug 15535) prop=info&inprop=protection doesn't list pre-1.10 protections 13377 if the page is also protected otherwise (1.10+ style or cascading) 13378* list=random now has rnredirect parameter, to get random redirects. 13379* Added APIAfterExecute, APIQueryAfterExecute and APIQueryGeneratorAfterExecute 13380 hooks which allow for extending core modules in a cleaner way 13381* action=protect checks for invalid protection types and levels 13382* (bug 15673) Added indentation to format=wddxfm output and improved built-in 13383 WDDX formatter to resemble PHP's more 13384* (bug 15706) Empty values for apprtype and apprlevel are now silently ignored 13385 rather than causing an exception 13386* Added uiprop=preferencestoken to meta=userinfo 13387* (bug 15609) Add inprop=url and inprop=readable to prop=info 13388* Add ApiDisabled and ApiQueryDisabled classes so individual modules can 13389 be disabled in LocalSettings.php 13390* (bug 15653) Add prop=duplicatefiles 13391* (bug 15768) Add list=watchlistraw 13392* (bug 15647) action=edit with basetimestamp fails if the page has been deleted 13393 and undeleted since the last edit 13394* (bug 15785) Allow for different expiry times for different protections in 13395 action=protect 13396* Added allowsduplicates attribute to action=paraminfo output 13397* (bug 15767) apfilterlanglinks returns duplicate results 13398* (bug 15845) Added pageid/fromid parameter to action=delete/move, making 13399 manipulation of legacy pages with invalid titles possible 13400* (bug 15881) Empty or invalid parameters cause database errors 13401* The maxage and smaxage parameters are now properly validated 13402* (bug 15945) list=recentchanges doesn't check $wgUseRCPatrol, $wgUseNPPatrol 13403 and patrolmarks right 13404* (bug 15985) acfrom and aifrom parameters didn't work when sorting in 13405 descending order. 13406* (bug 15995) Add cmstartsortkey and cmendsortkey parameters to 13407 list=categorymembers 13408* (bug 16017) list=categorymembers sets invalid continue parameters for 13409 sortkeys containing pipes 13410* (bug 16018) Added uccontinue parameter to list=usercontribs so paging 13411 works properly when multiple users are queried or a userprefix is used 13412* (bug 16047) Added activeusers attribute to meta=siteinfo&siprop=statistics 13413 output 13414* Added redirect resolution to action=parse 13415* (bug 16074) rvprop=content combined with a generator with a high limit causes 13416 an error 13417* (bug 16105) Image metadata attributes containing spaces result in invalid XML 13418* (bug 16126) Added siprop=magicwords to meta=siteinfo 13419* (bug 16159) Added wlshow=patrolled|!patrolled to list=watchlist 13420* (bug 16225) Titles like Talk:Talk:Foo broke apfrom and friends 13421* meta=siteinfo&siprop=interwikimap no longer throws an exception for empty 13422 sifilter parameter. 13423* (bug 12760) meta=userinfo&uiprop=ratelimits doesn't list group-specific rate 13424 limits 13425* (bug 16398) meta=userinfo&uiprop=rights lists some rights twice in some cases 13426* (bug 16408) Added rvgeneratexml to prop=revisions 13427* (bug 16421) Made list=logevents's leuser accept user names with underscores 13428 instead of spaces 13429* (bug 16516) Made rvsection=T-2 work 13430* (bug 16526) Added usprop=emailable to list=users 13431* (bug 16548) list=search threw errors with an invalid error code 13432* (bug 16515) Added pst and onlypst parameters to action=parse 13433* (bug 16541) Added block expiry timestamp to list=logevents output 13434* (bug 16613) action=protect doesn't tell when &cascade was set but cascading 13435 protection wasn't allowed 13436* (bug 16626) action=delete now correctly handles empty "reason" param 13437* (bug 15579) clshow considers all categories !hidden 13438* (bug 16647) list=allcategories, prop=categories don't return "hidden" 13439 property for hidden categories 13440* New siprop parameter of 'extensions' to list all installed extensions 13441* (bug 16672) Include canonical namespace name in 13442 meta=siteinfo&siprop=namespaces. 13443* (bug 16726) siprop=namespacealiases should also list localized aliases 13444* (bug 16730) Added apprfiltercascade parameter to list=allpages to filter 13445 cascade-protected pages 13446 13447=== Languages updated in 1.14 === 13448 13449MediaWiki supports over 300 languages. Many localisations are updated 13450regularly. Below only new and removed languages are listed. 13451 13452* Bakhtiari (bqi) (new) 13453* Fiji Hindi (Devanagari script) (hif-deva) (new) 13454* Krio (kri) (new) 13455* Lezghian (lez) (new) 13456* Laz (lzz) (new) 13457* Eastern Mari (mhr) (new) 13458* Niuean (niu) (new) 13459* Oromo (om) (new) 13460* Plautdietsch (pdt) (new) 13461* Western Punjabi (pnb) (new) 13462* Tarantino (roa-tara) (new) 13463* Serbo-Croatian (sh) (new) 13464* Tulu (tcy) (new) 13465 13466 13467== MediaWiki 1.13 == 13468 13469== MediaWiki 1.13.5 == 13470 13471February 22, 2009 13472 13473This is a maintenance update to the Summer 2008 snapshot release of MediaWiki. 13474 13475MediaWiki is now using a "continuous integration" development model with 13476quarterly snapshot releases. The latest development code is always kept 13477"ready to run", and in fact runs our own sites on Wikipedia. 13478 13479Release branches will continue to receive security updates for about a year 13480from first release, but nonessential bugfixes and feature developments 13481will be made on the development trunk and appear in the next quarterly release. 13482 13483Those wishing to use the latest code instead of a branch release can obtain 13484it from source control: http://www.mediawiki.org/wiki/Download_from_SVN 13485 13486== Changes since 1.13.4 == 13487 13488* (bug 17449) Fixed PostgreSQL installation 13489* (bug 17527) Fixed missing MySQL-specific options in installer 13490 13491== Changes since 1.13.3 == 13492 13493A number of cross-site scripting (XSS) security vulnerabilities were discovered 13494in the web-based installer (config/index.php). These vulnerabilities all 13495require a live installer -- once the installer has been used to install a wiki, 13496it is deactivated. 13497 13498Note that cross-site scripting vulnerabilities can be used to attack any website 13499in the same cookie domain. So if you have an uninstalled copy of MediaWiki on 13500the same site as an active web service, MediaWiki could be used to attack the 13501active service. 13502 13503If you are hosting an old copy of MediaWiki that you have never installed, you 13504are advised to remove it from the web. 13505 13506== Changes since 1.13.2 == 13507 13508David Remahl of Apple's Product Security team has identified a number of 13509security issues in previous releases of MediaWiki. Subsequent analysis by the 13510MediaWiki development team expanded the scope of these vulnerabilities. The 13511issues with a significant impact are as follows: 13512 13513* An XSS vulnerability affecting all MediaWiki installations between 1.13.0 and 13514 1.13.2. [CVE-2008-5249] 13515* A local script injection vulnerability affecting Internet Explorer clients for 13516 all MediaWiki installations with uploads enabled. [CVE-2008-5250] 13517* A local script injection vulnerability affecting clients with SVG scripting 13518 capability (such as Firefox 1.5+), for all MediaWiki installations with SVG 13519 uploads enabled. [CVE-2008-5250] 13520* A CSRF vulnerability affecting the Special:Import feature, for all MediaWiki 13521 installations since the feature was introduced in 1.3.0. [CVE-2008-5252] 13522 13523XSS (cross-site scripting) vulnerabilities allow an attacker to steal an 13524authorised user's login session, and to act as that user on the wiki. The 13525authorised user must visit a web page controlled by the attacker in order to 13526activate the attack. Intranet wikis are vulnerable if the attacker can 13527determine the intranet URL. 13528 13529Local script injection vulnerabilities are like XSS vulnerabilities, except 13530that the attacker must have an account on the local wiki, and there is no 13531external site involved. The attacker uploads a script to the wiki, which another 13532user is tricked into executing, with the effect that the attacker is able to act 13533as the privileged user. 13534 13535CSRF vulnerabilities allow an attacker to act as an authorised user on the wiki, 13536but unlike an XSS vulnerability, the attacker can only act as the user in a 13537specific and restricted way. The present CSRF vulnerability allows pages to be 13538edited, with forged revision histories. Like an XSS vulnerability, the 13539authorised user must visit the malicious web page to activate the attack. 13540 13541These four vulnerabilities are all fixed in this release. 13542 13543David Remahl also reminded us of some security-related configuration issues: 13544 13545* By default, MediaWiki stores a backup of deleted images in the images/deleted 13546 directory. If you do not want these images to be publically accessible, make 13547 sure this directory is not accessible from the web. MediaWiki takes some steps 13548 to avoid leaking these images, but these measures are not perfect. 13549* Set display_errors=off in your php.ini to avoid path disclosure via PHP fatal 13550 errors. This is the default on most shared web hosts. 13551* Enabling MediaWiki's debugging features, such as $wgShowExceptionDetails, may 13552 lead to path disclosure. 13553 13554Other changes in this release: 13555 13556* Avoid fatal error in profileinfo.php when not configured. 13557* Add a .htaccess to deleted images directory for additional protection against 13558 exposure of deleted files with known SHA-1 hashes on default installations. 13559* Avoid streaming uploaded files to the user via index.php. This allows 13560 security-conscious users to serve uploaded files via a different domain, and 13561 thus client-side scripts executed from that domain cannot access the login 13562 cookies. Affects Special:Undelete, img_auth.php and thumb.php. 13563* When streaming files via index.php, use the MIME type detected from the 13564 file extension, not from the data. This reduces the XSS attack surface. 13565* Blacklist redirects via Special:Filepath. Such redirects exacerbate any 13566 XSS vulnerabilities involving uploads of files containing scripts. 13567* Internationalisation updates. 13568 13569== Changes since 1.13.1 == 13570 13571* Security: Work around misconfiguration by requiring strict comparisons for 13572 in_array in User::isAllowed(). 13573* (bug 14944) Added $wgShellLocale for configuration of an appropriate locale 13574 to use for LC_CTYPE during shell invocation. For servers that don't have 13575 en_US.utf8. Also added locale detection during install. 13576* Localisation updates 13577* Security: Fixed XSS vulnerability in useskin parameter. 13578 13579== Changes since 1.13.0 == 13580 13581* (bug 15460) Fixed intermittent deadlock errors and poor concurrent 13582 performance for installations without memcached. 13583* (bug 13770) Fixed DOM module detection for installations with both dom 13584 and domxml. 13585* (bug 15148) Fixed Special:BlockIP for PostgreSQL 13586* Fixed SQLite support for non-memcached installations 13587* Localisation updates, Achinese (ace) added. 13588 13589== Changes since 1.13.0rc2 == 13590 13591* (bug 13770) Fixed incorrect detection of PHP's DOM module 13592* Fix regression from r37834: accesskey tooltip hint should be given for the 13593 minor edit and watch labels on the edit page. 13594* Updated Chinese simplified/traditional conversion tables 13595 13596== Changes since 1.13.0rc1 == 13597 13598* $wgForwardSearchUrl has been removed entirely. Documented setting since 1.4 13599 has been $wgSearchForwardUrl. 13600* (bug 14907) DatabasePostgres::fieldType now defined. 13601* (bug 14966) Fix SearchEngineDummy class for silently non-functional search 13602 on Sqlite instead of horribly fatal error breaky one. 13603* (bug 14987) Only fix double redirects on page move when the checkbox is 13604 checked 13605* (bug 13376) Use $wgPasswordSender, not $wgEmergencyContact, as return 13606 address for page update notification mails. 13607* API: Registration time of users registered before the DB field was created is 13608 now shown as empty instead of the current time. 13609* (bug 14904): fragments were lost when redirects were fixed. 13610* Added magic word __STATICREDIRECT__ to suppress the redirect fixer 13611* (bug 15035) Revert English linkTrail to /^([a-z]+)(.*)$/sD, as it was before 13612 r36253. Multiple reports of breakage due to old (pre-5.0) PCRE libraries, 13613 both bundled with PHP and packaged with distros such as RHEL. 13614* (bug 14944) Shell invocation of external programs such as ImageMagick convert 13615 was broken in PHP 5.2.6, if the server had a non-UTF-8 locale. 13616 13617 13618=== Configuration changes in 1.13 === 13619 13620* New option $wgFeed can be set false to turn off syndication feeds 13621* (bug 5745) Special:Whatlinkshere now shows up to $wgMaxRedirectLinksRetrieved 13622 links through each redirect instead of hardcoded 500 13623* Set $wgUploadSizeWarning to false by default 13624* Added $wgLBFactoryConf, for generic configuration of multi-master wiki farms 13625* Removed $wgAlternateMaster, use $wgLBFactoryConf 13626* (bug 13562) Misspelled option $wgUserNotifedOnAllChanges changed to 13627 $wgUserNotifiedOnAllChanges 13628* (bug 12860) New option $wgSitemapNamespaces allows sitemaps to be generated 13629 for only some namespaces 13630* Removed the emailconfirmed implicit group by default. To re-add it, use: 13631 $wgAutopromote['emailconfirmed'] = APCOND_EMAILCONFIRMED; 13632 in your LocalSettings.php. 13633* (bug 2396) New shared database configuration variables. $wgSharedPrefix allows 13634 you to use a shared database with a different prefix. Or you can now use a 13635 local database and use prefixes to separate wiki and the shared tables. And 13636 the new $wgSharedTables variable allows you to specify a list of tables to 13637 share. 13638* Automatic edit summaries can be disabled with $wgUseAutomaticEditSummaries 13639* Duplicates of images are now shown on the image page 13640* $wgRCFilterByAge allows for the list of dates in recent changes special pages 13641 to be filtered to only those within the range of $wgRCMaxAge 13642* $wgRCLinkLimits and $wgRCLinkDays allow for customization of the list and 13643 limits displayed on the recent changes special pages 13644* The "createpage" permission is no longer required when uploading if the target 13645 image page already exists 13646* $wgMaximumMovedPages restricts the number of pages that can be moved at once 13647 (default 100) with the new subpage-move functionality of Special:Movepage 13648* Hooks display in Special:Version is now disabled by default, use 13649 $wgSpecialVersionShowHooks = true; to enable it. 13650* $wgActiveUserEditCount sets the number of edits that must be performed over 13651 a certain number of days to be considered active 13652* $wgActiveUserDays is that number of days 13653* $wgRateLimitsExcludedGroups has been deprecated in favor of 13654 $wgGroupPermissions[]['noratelimit']. The former still works, however. 13655* New $wgGroupPermissions option 'move-subpages' added to control bulk-moving 13656 subpages along with pages. Assigned to 'user' and 'sysop' by default. 13657* New $wgRC2UDPOmitBots allows user to omit bot edits from UDP output. 13658 Default: false 13659* Removed $wgEnableCascadingProtection option. Disabling cascading protection 13660 is no longer possible. 13661* $wgMessageCacheType defines now the type of cache used by the MessageCache 13662 class, previously it was choosen based on $wgParserCacheType 13663* $wgExtensionAliasesFiles option to simplify adding aliases to special pages 13664 provided by extensions, in a similar way to $wgExtensionMessagesFiles 13665* Added $wgXMLMimeTypes, an array of XML mimetypes we can check for 13666 with MimeMagic. 13667* Added $wgDirectoryMode, which allows for setting the default CHMOD value when 13668 creating new directories. 13669* (bug 14843) $wgCookiePrefix can be set by LocalSettings now, false defaults 13670 current behavior. 13671 13672=== New features in 1.13 === 13673 13674* __HIDDENCAT__ on a category page causes the category to be hidden on the 13675 article page 13676* Do not show edit permissions errors on a red link click, just redirect to the 13677 article. This is so that readers who don't know what a red link is are not 13678 confused when they are told they are range-blocked. 13679* Add a new hook ImageBeforeProduceHTML to allow extensions to modify wikitext 13680 image syntax output 13681* (bug 13100) Added 'preloadtitle' parameter to action=edit§ion=new that 13682 pre-fills the section title field 13683* (bug 13112) Added Special:RelatedChanges alias to Special:RecentChangesLinked 13684* (bug 13130) Moved edit token and autosummary fields above edit tools to 13685 reduce broken form submissions 13686* Add --old-redirects-only option to maintenance/refreshLinks.php, to add old 13687 redirects to the redirect table 13688* Add links to page and file deletion forms to edit predefined delete reasons 13689* (bug 13269) Added MediaWiki:Uploadfooter to the bottom of Special:Upload 13690* (bug 2815) Search results for media now use thumbnail instead of text extract 13691* When a page doesn't exist, the tab should say "create", not "edit" 13692* (bug 12882) Added a span with class "patrollink" around "Mark as patrolled" 13693 link on diffs 13694* Magic word formatnum can now take raw suffix to undo formatting 13695* Add updatelog table to reliably permit updates that don't change the schema 13696* Add category table to allow better tracking of category membership counts 13697** (bug 1212) Give correct membership counts on the pages of large categories 13698** Use category table for more efficient display of Special:Categories 13699* (bug 1459) Search for duplicate files by hash: Special:FileDuplicateSearch 13700* (bug 9447) Added hooks for search result headings 13701* Image redirects are now enabled by default 13702* (bug 13450) Email confirmation can now be canceled before the expiration 13703* (bug 13490) Show upload/file size limit on upload form 13704* Redesign of Special:UserRights 13705* Make rev_deleted log entries more intelligible 13706* (bug 6943) Added PAGESINCATEGORY: magic word 13707* (bug 13604) Added Special:ListGroupRights 13708* (bug 6332, 8617) Added message 'mainpage-description' as duplicate of 13709 'mainpage' and added it to message 'sidebar' 13710* Automatically add old redirects to the redirect table when needed 13711* (bug 6934) Allow inclusions, links, redirects to be separately toggled on or 13712 off on Special:WhatLinksHere 13713* Cache image redirects 13714* (bug 10457) Organize Special:SpecialPages into sections 13715* Add a new hook EditPageBeforeConflictDiff to allow extensions like FCKeditor 13716 to modify the output for edit conflicts 13717* Add class="nested" for <fieldset>s so fieldsets inside fieldsets get 13718 a slightly less huge margin and padding 13719* (bug 13527) Use sitemaps.org format 0.9 instead of a Google-specific format 13720* Allow \C and \Q as TeX commands to match \R, \N, \Z 13721* On Special:UserRights, when you can add a group you can't remove or remove 13722 one you can't add, a notice is printed to warn you 13723* (bug 12698) Create PAGESIZE parser function, to return the size of a page 13724* Allow the "log in / create account" link in the toolbar to have different 13725 text from Special:UserLogin title (new message 'nav-login-createaccount') 13726* Say "log in / create account" if an anonymous user can create an account, 13727 otherwise just "log in", consistently across skins 13728* Special:Shortpages and Special:Longpages now returns pages in all content 13729 namespaces, not just NS_MAIN. 13730* (bug 889) Improve conflict-handling between shared upload repository 13731 and local one 13732* Update documentation links in auto-generated LocalSettings.php 13733* (bug 13584) The new hook SkinTemplateToolboxEnd was added. 13734* (bug 709) Cannot rename/move images and other media files [EXPERIMENTAL] 13735* Custom rollback summaries now accept the same arguments as the default message 13736* (bug 12542) Added hooks for expansion of Special:Listusers 13737* Drop-down AJAX search suggestions (turn on $wgEnableMWSuggest) 13738* More relevant search snippets (turn on $wgAdvancedSearchHighlighting) 13739* (bug 13950) Allow users to watch the user/talk pages of users they block. 13740* (bug 13970) Allow MonoBook-based skins to specify their own print stylesheet 13741* Show image links on Special:Whatlinkshere 13742* Use rel="start", "prev", "next" appropriately on Pager-based pages 13743* Add support for SQLite 13744* AutoAuthenticate hook renamed to UserLoadFromSession 13745* (bug 13232) importScript(), importStylesheet() funcs available to custom JS 13746* (bug 13095) Search by first letters or digits in [[Special:Categories]] 13747* Users moving a page can now move all subpages automatically as well 13748* (bug 14259) Localisation message for upload button on Special:Import is now 13749 'import-upload' instead of 'upload' 13750* Add information about user group membership to Special:Preferences 13751* (bug 14146) Wrap usage section on imagepages into <div>s. 13752* New layout for Special:Specialpages. Restricted pages are marked but not 13753 separated from other pages in their group. 13754* (bug 14263) Show a diff of the revert on rollback notification page. 13755* (bug 13434) Show a warning when hash identical files exist 13756* Sidebar is now cached for all languages 13757* The User class now contains a public function called isActiveEditor. Figures 13758 out if a user is active based on at least $wgActiveUserEditCount number of 13759 edits in the last $wgActiveUserDays days. 13760* SpecialSearchResults hook now passes results by reference, so they can be 13761 changed by extensions. 13762* Add a new hook LinkerMakeExternalLink to allow extensions to modify the output 13763 of external links. 13764* (bug 14132) Allow user to disable bot edits from being output to UDP. 13765* (bug 14328) jsMsg() within Wikibits now accepts a DOM object, not just a 13766 string 13767* (bug 14558) New system message (emailuserfooter) is now added to the footer of 13768 e-mails sent with Special:Emailuser 13769* Add support for Hijri (Islamic) calendar 13770* Add a new hook LinkerMakeExternalImage to allow extensions to modify the 13771 output of external (hotlinked) images. 13772* (bug 14604) Introduced the following features for the LanguageConverter: 13773 Multi-tag support, single conversion flag, remove conversion flag on a single 13774 page, description flag, variant name, multi-variant fallbacks. 13775* Add zh-mo and zh-my variants for the zh language 13776* (bugs 4832, 9481, 12890) Special:Recentchangeslinked now has all options that 13777 are in Special:Recentchanges 13778* Allow an $error message to be passed to ArticleDelete hook 13779* Allow extensions to modify the user creation form by calling addInputItem(); 13780* Add meta generator tag to HTML output 13781* MediawikiPerformAction hook is now passed the Mediawiki object 13782* Added blank special page Special:BlankPage for benchmarking, etc. 13783* Foreign repo file descriptions and thumbnails are now cached. 13784* (bug 11732) Allow localisation of edit button images 13785* Allow the search box, toolbox and languages box in the Monobook sidebar to be 13786 moved around arbitrarily using special sections in [[MediaWiki:Sidebar]]: 13787 SEARCH, TOOLBOX and LANGUAGES 13788* Add a new hook NormalizeMessageKey to allow extensions to replace messages 13789 before the database is potentially queried 13790* (bug 9736) Redirects on Special:Fewestrevisions are now marked as such. 13791* New date/time formats in Cs localization according to ČSN and PČP. 13792* Special:Recentchangeslinked now includes changes to transcluded pages and 13793 displayed images; also, the "Show changes to pages linked" checkbox now works 13794 on category pages too, showing all links that are not categorizations 13795* (bug 4578) Automatically fix redirects broken by a page move 13796 13797=== Bug fixes in 1.13 === 13798 13799* (bug 10677) Add link to the file description page on the shared repository 13800* (bug 13084) Increase size of source/destination filename fields in upload form 13801* (bug 13115) rebuildrecentchanges should print the current value of $wgRCMaxAge 13802* (bug 13140) Show parent categories in category namespace 13803* (bug 13149) Correctly format 'fileexists' message on Upload page 13804* Make the default filepageexists message accurate 13805* (bug 12988) $wgMinimalPasswordLength no longer breaks create user by email 13806* (bug 13022) Fix upload from URL on PHP 5.0.x 13807* (bug 13132) Unable to unprotect pages protected with earlier versions of 13808 MediaWiki 13809* (bug 12723) OpenSearch description name now uses more compact language code 13810 to avoid passing the length limit as often, is customizable per site via 13811 'opensearch-desc' message. 13812* (bug 13135) Special:Userrights now passes IDs through form submission 13813 to allow functionality on not-quite-right usernames 13814* (bug 12575) Prevent duplicate patrol log entries from being created 13815* (bug 13174) __HIDDENCAT__ now applies only to category pages 13816* (bug 13031) Add links to user pages in e-mail form 13817* (bug 13147) Description for categoriespagetext (used in Special:Categories) 13818 reworded 13819* (bug 11561) Fix fatal error when calling action=revert to non-image page 13820* (bug 12430) Fix call to private method LinkFilter::makeRegex fatal error in 13821 maintenance/cleanupSpam.php 13822* All skins should have the "mediawiki" class on the body element 13823* (bug 13019) Message cache for some extensions not loaded at time of editing 13824* (bug 13247) Prettified ISBN links 13825* maintenance/refreshLinks.php did not fix page_id 1 with the --new-only option 13826* (bug 13110) Don't show "Permission error" page if the edit is already rolled 13827 back when using rollback 13828* (bug 13012) Use content messages for block options when generating the 13829 recentchanges entry 13830* (bug 13274) Change links for messages to ucfirst 13831* (bug 13273) Un-hardcode some punctuation (add new messages colon-separator, 13832 autocomment-prefix) 13833* Parse MediaWiki message translations with a correct language setting on 13834 preview 13835* (bug 13281) Treat X-Forwarded-For, Client-ip and User-Agent headers as 13836 case-insensitive names. 13837* Adding the fix for lists in RTL wikis to more skins, and fixing the image toc 13838* (bug 8157) Remove redirects from Special:Unusedtemplates. Patch by WebBoy. 13839* (bug 10721) Duplicate section anchors with differing case now disambiguated 13840 for Internet Explorer's sake and standards compliance 13841* (bug 13298) Tighter limits on Special:Newpages limits when embedding 13842* Email subject in content language instead of sending user's UI language 13843* (bug 13251) Allow maintenance rebuild scripts to work with Postgres 13844* (bug 2084) Fixed incorrect regex to match redirects 13845* (bug 3131) Manually-specified upload destination filename is no longer 13846 overwritten by browsing for a file after you wrote it. 13847* (bug 7251) Sidebars generated by MediaWiki:Sidebar now have the class 13848 'generated-sidebar'. 13849* (bug 13265) Media handler is missing 'image/x-bmp' 13850* (bug 13407) MediaWiki:Powersearch is used in two places 13851* (bug 13403) Fix cache invalidation of history pages when old revisions change 13852* (bug 11563) Deprecated SearchMySQL4 class; merged code to SearchMySQL 13853* (bug 12801) Fix link in subtitle message in AJAX search 13854* (bug 13428) Fix regression in protection form layout HTML validity 13855* (bug 9403) Sanitize newlines from search term input 13856* (bug 13429) Separate date and time in message sp-newimages-showfrom 13857* (bug 13137) Allow setting 'editprotected' right separately from 'protect', 13858 so groups may optionally edit protected pages without having 'protect' perms 13859* Disallow deletion of big pages by means of moving a page to its title and 13860 using the "delete and move" option. 13861* (bug 13466, 13632) White space differences not shown in diffs 13862* (bug 1953) Search form now honors namespace selections more reliably 13863* (bug 12294) Namespace class renamed to MWNamespace for PHP 5.3 compatibility 13864* PHP 5.3 compatibility fix for wfRunHooks() called with no parameters 13865* (bug 6447) Trackbacks now work with transactional tables, if enabled 13866* (bug 6892, 7147) Trackback error handling, optional fields more robust 13867* (bug 6813) Don't break HTML validator when using trackbacks 13868* Fix for size checks on SVG images with global 'stroke-width' attribute 13869* (bug 11874) Inline CSS with !important no longer borken 13870* (bug 1600) Strip extra == section markup == in new-comment field 13871* (bug 11325) Wrapped page titles in MonoBook skin spaced more nicely 13872* (bug 12077) Fix HTML nesting for TOC 13873* (bug 344) Purge cache for talk/article pages when deleting the other tab 13874* (bug 13436) Treat image captions correctly when they include option keywords 13875 (like ending with "px" or starting with "upright") 13876* Trackback display formatting fixed 13877* Don't die when single-element arrays are passed to SQL query constructors 13878 that have an array index other than 0 13879* (bug 13522) Fix fatal error in Parser::extractTagsAndParams 13880* (bug 13532) Use proper timestamp call when reverting images 13881* (bug 13543) Updated FAQ link in the installer sidebar 13882* (bug 13540) Date format in confirmation e-mail now matches message language 13883* (bug 13554) PHP Notice in old pre-processor when list item is empty. 13884* (bug 13556) Don't show a blank form if no image is attached in Special:Upload 13885* (bug 13576) maintenance/rebuildrecentchanges.php fails 13886* (bug 13441) Allow Special:Recentchanges to show bots only 13887* (bug 13431) Show true message source in Special:Allmessages&ot=php / xml 13888* (bug 13463) Login successful page doesn't use user's preferred interface 13889 language 13890* (bug 13630) Fixed warnings for pass by reference at call time in 13891 Special:Revisiondelete when generating the log entry. 13892* (bug 12064) BeforePageDisplay hook is now called for all skins 13893* (bug 13624) Fix regression with manual thumb= parameter on images 13894* (bug 11039) Add missing labels on protection form 13895* (bug 13458) Preview/edit toolbar spacing now works consistently 13896* (bug 13433) Fix action=render on Image: pages 13897* (bug 13678) Fix CSS validation for Monobook 13898* (bug 13684) Links in Special:ListGroupRights should be in content language 13899* (bug 13690) Fix PHP notice on accessing some URLs 13900* Hide (undo) link if user isn't able to edit page 13901* Invalidate cache of pages that includes images via redirects on upload 13902* (bug 13705) Don't show rollback link in page history on incorrect revisions 13903* (bug 13708) Don't set "Search results" title when loading Special:Search 13904 without query 13905* (bug 13736) Don't show MediaWiki:Anontalkpagetext on non-existent IP addresses 13906* (bug 13728) Don't trim initial whitespace during section edits 13907* (bug 13727) Don't delete log entries from recentchanges on page deletion 13908* (bug 13752) Redirects to sections now work again 13909* (bug 13725) Upload form watch checkbox state set correctly with wpDestFile 13910* (bug 13756) Don't show the form and navigation links of Special:Newpages if 13911 the page is included 13912* When hiding things on WhatLinksHere, generated URLs should hide them too 13913* Properly escape search terms with regex chars so they appear highlighted in 13914 search results 13915* (bug 13768) pt_title field encoding fixed 13916* Do not display empty columns on Special:UserRights if all groups are 13917 changeable or all unchangeable 13918* Fix fatal error on calling PAGESINCATEGORY with invalid category name 13919* (bug 13793) Special:Whatlinkshere filters wrong - after paginating instead of 13920 before 13921* (bug 13796) Show links to parent pages even if some of them are missing 13922* (bug 13816) Filter by main namespace doesn't work on WhatLinksHere 13923* (bug 13822) Fatal error on some pages when calculating subpage subtitle 13924* (bug 13824) AJAX search suggestion now works with non-SkinTemplate skins 13925* Added 'application/x-dia-diagram' MediaWiki's known MIME types 13926* (bug 13866) skins/common/shared.css - invalid attribute fixing 13927* Hide edit section links on Special:Undelete 13928* (bug 13860) Fix "Justify paragraphs" option for Modern skin 13929* (bug 13168) accessibility links in Modern skin link to wrong anchor id 13930* (bug 13185) No line break after 'subpages' class in Modern skin 13931* (bug 13583) No "poweredby" in Modern skin 13932* (bug 13880) "Printable" link in Modern skin now formats as print mode 13933* (bug 13885) Bump default $wgSVGMaxSize from 1024 to 2048 pixels 13934* (bug 13891) Show categories box even if all categories are hidden and user has 13935 "show hidden categories" option on 13936* (bug 13915) Undefined variable $wltsfield in includes/SpecialWatchlist.php 13937* (bug 13913) Special:Whatlinkshere now has correct HTML markup 13938* (bug 13905) Blacklist Mac IE from HttpOnly cookies; it eats them sometimes 13939* (bug 13922) Fix bad HTML on empty Special:Prefixindex and Special:Allpages 13940* (bug 13924) Fix bad HTML on power search form 13941* (bug 13820) Fix updater for rev_parent_id population 13942* (bug 13925) Fix bad HTML on search results list 13943* (bug 13934) Fixing the link to GNU General Public License Version 2 13944* Show correct accesskey prefix for Firefox 3 beta (Alt-Shift-, not Alt-) 13945* (bug 13949) Special:PrefixIndex/AllPages paging links contain invalid XML 13946* (bug 13770) Use Preprocessor_Hash by default to avoid missing DOM module 13947 errors 13948* (bug 13982) Disable ccmeonemails preference when user-to-user mails disabled 13949* (bug 13615) Update case mappings and normalization to Unicode 5.1.0 13950 Note that case mappings will only be used if mbstring extension is not 13951 present. 13952* (bug 14044) Don't increment page view counters on views from bot users 13953* (bug 14042) Calling Database::limitResult() misplaced the comment in the log 13954 file 13955* (bug 14047) Fix regression in installer which hid DB-specific options 13956 Also makes SQLite path configurable in the installer. 13957* (bug 13546) Follow image redirects on image page 13958* (bug 12644) Template list on edit page now sorted on preview 13959* (bug 14058) Support pipe trick for namespaces and interwikis with "-" 13960* Message name filter on Special:Allmessages now case-insensitive 13961* (bug 13943) Fix image redirect behavior on image pages 13962* (bug 14093) Do 'sysop' => 'protect' magic in Title::isValidMoveOperation 13963* (bug 14063) Power search form missing <label> for redirects check 13964* (bug 14111) Similar filename warning links now lead to correct page 13965* (bug 14082) Fix for complex text input vs AJAX suggestions on some browsers 13966* (bug 13693) Categories sometimes claim to have a negative number of members 13967* (bug 1701) Korean Hangul syllables now broken down properly in Category lists 13968 even if the wiki's overall content language is not Korean 13969* (bug 12773) addOnloadHook() now calls functions immediately when scripts are 13970 loaded after the primary page completion, instead of dropping them 13971* (bug 14199) Fix deletion form for image redirect pages 13972* (bug 14220) Disabling $wgCheckFileExtensions now works without also 13973 disabling $wgStrictFileExtensions 13974* (bug 14241) Pages can no longer be protected to levels you are not in 13975* (bug 14296) Fix local name of ang: (Anglo-Saxon) 13976* (bug 4871) Hardcoded superscript in time zone preferences moved to message 13977* (bug 6957) E-mail confirmation links now using English special page name 13978 for better compatibility and keeping the links shorter. Avoids problem 13979 with corrupt links in Gmail on IE 6. 13980* (bug 14273) Fix for HTTP Accept header parsing with spaces as from Konqueror 13981* (bug 14312) Update LanguageKaa.php for handling transform issues with i to İ 13982 and I to ı 13983* (bug 13826) MediaWiki:Defaultns accepts Wikicode 13984* (bug 14324) Creating an account is again possible with $wgEmailConfirmToEdit 13985 set to true 13986* (bug 13034) Interwiki pages can now be reached using Go search button 13987* (bug 14362) Change interwiki names of Erzya and Moksha Wikipedias 13988* (bug 14370) When a grouppage-x message does not exist the entry on the 13989 ListGroupRights special page now links to the project namespace page for it, 13990 not the main namespace page. 13991* (bug 11659) Urldecode image names in galleries 13992* (bug 14258, 14368) Fix for subpage renames in replication environments 13993* (bug 14367) Failed block no longer adds phantom watchlist entry 13994* (bug 14385) "Move subpages" option no longer tries to move to invalid titles 13995* (bug 14386) Fix subpage namespace oddity when moving a talk page 13996* (bug 11771) Signup form now not shown if in read-only mode. 13997* (bug 12859) $wgRateLimitsExcludedGroups has been deprecated in favor of 13998 $wgGroupPermissions[]['noratelimit']. 13999* (Bug 13828) Split parameter $1 of MediaWiki:Missingarticle into $1 (=title) 14000 and $2 (=revision numbers) 14001* (bug 14401) Fix Safari access key tooltips for Windows and >3.1 Mac versions 14002* (bug 14432) Fix notice regression in Special:Newpages feed mode 14003* (bug 11951) EditPage::getEditToolbar() is now static. 14004* (bug 14392) Fix regression breaking table prefix in installer 14005* (bug 11084) $wgDBprefix replacement for updater SQL will now work for 14006 extension tables using uppercase letters or digits in their names. 14007* (bug 12311) Fix regression with lists at start of undeletion preview 14008* (bug 14496) Fix regression with parseinline on Special:Upload. 14009* We no longer just give up on a missing upload base directory; it's now 14010 created automatically if we have sufficient permissions! 14011* (bug 14479) MediaWiki:upload-maxfilesize should have a div id wrapper 14012* (bug 14497) Throw visible errors in installer scripts when SQL files 14013 fail due to database permission or other error 14014* (bug 14500) Site feed (Recentchanges) no longer shows up on the actual 14015 recent changes page. 14016* (bug 14511) MediaWiki:Delete-legend is no longer double escaped 14017* Generate correct section anchors for numeric headers 14018* (bug 14520) Don't load nonexistent CSS files for Chick/Myskin/Simple skins 14019* (bug 14551) Cancel upload no longer automatically suppresses warnings 14020* (bug 13878) Deprecate Article::getDB() in favor of direct wfGetDB() calls 14021* (bug 4977) Fix for possible squid purging errors when using HTTP purges 14022 and multiple servers 14023* (bug 14572) Redirects listed on file links on image pages no longer redirect. 14024* (bug 14537) Change interwiki name for Old Church Slavonic (cu) 14025* (bug 14583) Fix regression in recent changes "limit to certain categories." 14026* (bug 14515) HTML nesting cleanup on edit form 14027* (bug 14647) Removed unused 'townBox' CSS classes 14028* (bug 14687) OutputPage::addStyle() now adds type="text/css" like it should. 14029* OpenSearch cleanup; Firefox now sends you to the search page for empty 14030 searches instead of the domain root (which may not even be a wiki). 14031* (bug 3481) Pages moved shortly after creation are shown at their new title 14032 on Special:Newpages. 14033* (bug 12716) Trying to unprotect a title that isn't protected no longer 14034 generates a log entry. 14035* (bug 14088) Excessively long block expiry times are rejected as invalid, 14036 keeps the log page from being distorted. 14037* (bug 14708) Emulate INSERT...IGNORE with standard SQL for Postgres backend. 14038* (bug 14646) Fix some double-escaping of HTML in feed output 14039* (bug 14709) Fix login success message formatting when using cookie check 14040* (bug 14710) Remove "donate" link from default sidebar 14041* (bug 14745) Image moving works on sites that transform thumbnails via 404 14042* (bug 2186) Document.write() in wikibits caused failures when using 14043 application/xhtml+xml. The calls to this have been removed. 14044* (bug 14764) Fix regression in from Article::lastModified(), failed to work 14045 on non-mySQL schemas. 14046* (bug 14763) Child classes of Database (DatabasePostgres and DatabaseOracle) 14047 had strict standards issues with setFakeSlaveLag() and setFakeMaster(). 14048* (bug 451) Improve the phrase mappings of the Chinese converter arrays. 14049* (bug 12487) Rights log is not fully internationalized 14050* (bug 10837) Language variants no longer override other languages than base 14051* (bug 14778) 'limit' parameter now applies to history feeds as well as 14052 history pages 14053* (bug 14845) Bug in prefs javascript: Calling an array item without checking 14054 its existance. 14055* Accesskeys for minor edit/watch checkboxes on edit now work in Firefox 3 14056* (bug 12384) Comments in maintenance/*php 14057* (bug 12441) ./maintenance/generateSitemap.php fix -fspath requiring 14058 a trailing slash. 14059* (bug 12568) configuration script now produce valid XHTML. 14060* The accesskey to edit a page is now disabled when editing the page, to pre- 14061 vent conflicts with Safari shortcuts. 14062 14063=== API changes in 1.13 === 14064 14065* Fixing main page display in meta=siteinfo 14066* (bug 13128) Added patrolled flag to list=recentchanges 14067* Implemented {bl,ei,iu}redirect (lists links through redirects as well) 14068* (bug 13154) Introduced subpages flag to meta=siteinfo&siprop=namespaces 14069* (bug 13157) Added ucuserprefix parameter to list=usercontribs 14070* (bug 12394) Added rctitles parameter to list=recentchanges, making rcid 14071 retrieval easier 14072* (bug 13218) Fix inclusion of " character in hyperlinks 14073* Added watch and unwatch parameters to action=delete and action=move 14074* Added action=edit 14075* (bug 11401) Added xmldoublequote to xml formatter 14076* Added rvsection parameter to prop=revisions to allow fetching the content of 14077 a certain section only 14078* Introduced list=allimages 14079* (bug 13371) Build page set from image hashes 14080* Mark non-existent messages in meta=allmessages as missing 14081* (bug 13390) One invalid title no longer kills an entire API query 14082* (bug 13419) Fix gblredirect so it actually works 14083* (bug 13418) Disable eiredirect because it's useless 14084* (bug 13395) list=allcategories should use category table 14085* (bug 13442) Missing pages in prop=langlinks and prop=extlinks are now 14086 handled properly. 14087* (bug 13444) Add description to list=watchlist 14088* (bug 13482) Disabled search types handled properly 14089* Added inprop=talkid,subjectid to prop=info 14090* Added help text message that specifies whether a module is POST-only 14091* Added createonly parameter to action=edit 14092* Replaced $wgAPIUCUserPrefixMinLength by the more generic $wgAPIMaxDBRows 14093* (bug 11719) Remove trailing blanks in YAML output. 14094* (bug 13541) Added siprop=specialpagealiases to meta=siteinfo 14095* Added fallback8bitEncoding and readonly fields to 14096 meta=siteinfo&siprop=general output 14097* (bug 13544) Added prop=revid to action=parse 14098* (bug 13603) Added siprop=usergroups to meta=siteinfo 14099* Cleaned up redirect resolution 14100* Added possibility to obtain all external links through list=exturlusage 14101* (bug 13606) Added archivename to iiprop 14102* (bug 11633) Explicitly convert redirect titles to strings due to PHP's 14103 very weak typing on array keys. 14104* (bug 12136) Extend allowed characters in JSON callback to ][.'"_A-Za-z0-9 14105* (bug 11673) Return error 'unknown_action' in specified format 14106* (bug 13618) Added rcprop=redirect and rcshow=redirect to list=recentchanges 14107* (bug 13544) Added oldid parameter to action=parse to allow for parsing of old 14108 revisions 14109* (bug 13718) Return the proper continue parameter for cmsort=timestamp 14110* action=login now returns the correct waiting time in the details property 14111* (bug 13792) Broken titles are now silently skipped in search results. 14112* (bug 13819) exturlusage paging skipped an item 14113* Fixed handling of usernames containing spaces in list=block 14114* (bug 13836) Fixed fatal errors resulting from combining iiprop=metadata with 14115 format=xml 14116* (bug 13735) Added prop=categoryinfo module 14117* (bug 13945) Retrieve cascading protection sources via inprop=protection 14118* (bug 13965) Hardcoded 51 limit on titles is too limiting 14119* (bug 13993) apfrom doesn't work with apdir=descending 14120* (bug 14018) Introduced alcontinue to list=alllinks to improve paging 14121* (bug 14013) Added rcshow=patrolled to list=recentchanges 14122* (bug 14028) Added language attribute to interwiki map in meta=siteinfo 14123* (bug 14022) Added usprop=registration and auprop=blockinfo 14124* (bug 14021) Removed titles= support from list=backlinks (has been obsolete 14125 for ages) 14126* (bug 13829) Expose parse tree via action=expandtemplates 14127* (bug 13606) Allow deletion of images 14128* Added iiprop=mime and aiprop=metadata 14129* Handled unrecognized values for parameters more gracefully 14130* Handled requesting disallowed tokens more gracefully 14131* (bug 14140) URL-encoded page titles are now decoded in edit summaries 14132* (bug 14243) Only accept post requests in action=edit; patch by HardDisk 14133* action=block now returns an ISO8601 timestamp, like all other modules do 14134* Added md5 parameter to action=edit 14135* (bug 14335) Logging in to unified account using API not possible 14136* Added action=emailuser to send an email to a user 14137* (bug 14471) Use HTMLTidy and generate limit report in action=parse 14138* (bug 14459) Added prependtext and appendtext parameters to action=edit 14139* (bug 14526) Unescaped SQL in list=backlinks 14140* Added 'hidden' flag to list=allcategories and prop=categoryinfo output 14141* Added nocreate parameter to action=edit 14142* (bug 14402) Added maxage and smaxage parameters to api.php 14143* Added bkip parameter to list=blocks 14144* (bug 14651) apprefix and similar parameters are now canonicalized 14145* Added clprop=timestamp to prop=categories 14146* (bug 14678) API errors now respects $wgShowExceptionDetails and 14147 $wgShowSQLErrors 14148* (bug 14723) Added time zone and writing direction to meta=siteinfo 14149* Added APIQueryInfoTokens and APIQueryRevisionsTokens hooks so extensions 14150 can add their own tokens 14151* Added block and unblock tokens to prop=info as well 14152* Added paging (limit and continue parameters) to 14153 prop={links,templatelinks,langlinks,extlinks,categories,images} 14154* Added flag "top" to list=usercontribs if the user is the last contributor to 14155 the page 14156* list=exturlusage in "list all links" mode can now filter by protocol 14157 14158== MediaWiki 1.12 == 14159 14160== MediaWiki 1.12.4 == 14161 14162February 7, 2009 14163 14164A number of cross-site scripting (XSS) security vulnerabilities were discovered 14165in the web-based installer (config/index.php). These vulnerabilities all 14166require a live installer -- once the installer has been used to install a wiki, 14167it is deactivated. 14168 14169Note that cross-site scripting vulnerabilities can be used to attack any 14170website in the same cookie domain. So if you have an uninstalled copy of 14171MediaWiki on the same site as an active web service, MediaWiki could be used to 14172attack the active service. 14173 14174If you are hosting an old copy of MediaWiki that you have never installed, you 14175are advised to remove it from the web. 14176 14177== MediaWiki 1.12.3 == 14178 14179* Fixed packaging/distribution error. Many files were missing from the 14180distributed tarball. 14181 14182== MediaWiki 1.12.2 == 14183 14184David Remahl of Apple's Product Security team has identified a number of 14185security issues in previous releases of MediaWiki. Subsequent analysis by the 14186MediaWiki development team expanded the scope of these vulnerabilities. The 14187issues with a significant impact are as follows: 14188 14189* A local script injection vulnerability affecting Internet Explorer clients 14190for all MediaWiki installations with uploads enabled. [CVE-2008-5250] 14191* A local script injection vulnerability affecting clients with SVG scripting 14192capability (such as Firefox 1.5+), for all MediaWiki installations with SVG 14193uploads enabled. [CVE-2008-5250] 14194* A CSRF vulnerability affecting the Special:Import feature, for all MediaWiki 14195installations since the feature was introduced in 1.3.0. [CVE-2008-5252] 14196 14197A local script injection vulnerability allows an attacker with a wiki account 14198to steal another user's login session, and to act as that user on the wiki. The 14199attacker uploads a malicious script file, and tricks the victim into executing 14200it. 14201 14202CSRF vulnerabilities allow an attacker to act as an authorised user on the 14203wiki, but unlike an XSS vulnerability, the attacker can only act as the user in 14204a specific and restricted way. The present CSRF vulnerability allows pages to 14205be edited, with forged revision histories. Like an XSS vulnerability, the 14206authorised user must visit the malicious web page to activate the attack. 14207 14208These three vulnerabilities are all fixed in this release. 14209 14210David Remahl also reminded us of some security-related configuration issues: 14211 14212* By default, MediaWiki stores a backup of deleted images in the images/deleted 14213directory. If you do not want these images to be publically accessible, make 14214sure this directory is not accessible from the web. MediaWiki takes some steps 14215to avoid leaking these images, but these measures are not perfect. 14216* Set display_errors=off in your php.ini to avoid path disclosure via PHP fatal 14217errors. This is the default on most shared web hosts. 14218* Enabling MediaWiki's debugging features, such as $wgShowExceptionDetails, may 14219lead to path disclosure. 14220 14221Other changes in this release: 14222 14223* Avoid fatal error in profileinfo.php when not configured. 14224* Add a .htaccess to deleted images directory for additional protection against 14225exposure of deleted files with known SHA-1 hashes on default installations. 14226* Avoid streaming uploaded files to the user via index.php. This allows 14227security-conscious users to serve uploaded files via a different domain, and 14228thus client-side scripts executed from that domain cannot access the login 14229cookies. Affects Special:Undelete, img_auth.php and thumb.php. 14230* When streaming files via index.php, use the MIME type detected from the file 14231extension, not from the data. This reduces the XSS attack surface. 14232* Blacklist redirects via Special:Filepath. Such redirects exacerbate any XSS 14233vulnerabilities involving uploads of files containing scripts. 14234* Internationalisation updates. 14235 14236== MediaWiki 1.12.1 == 14237 14238Changes since 1.12.0: 14239* (bug [[bugzilla:13522|13522]]) Fix fatal error in Parser::extractTagsAndParams 14240* (bug [[bugzilla:12077|12077]]) Fix HTML nesting for TOC 14241* (bug [[bugzilla:13532|13532]]) Use proper timestamp call when reverting images 14242* (bug [[bugzilla:13649|13649]], [[bugzilla:14084|14084]]) Bad call to 14243wfTimestamp() 14244* (bug [[bugzilla:13770|13770]]) Use Preprocessor_Hash by default to avoid 14245missing DOM module errors 14246* (bug [[bugzilla:13442|13442]]) API: Missing pages in prop=langlinks and 14247prop=extlinks are now handled properly. 14248* (bug [[bugzilla:13482|13482]]) API: Disabled search types handled properly 14249* (bug [[bugzilla:13836|13836]]) API: Fixed fatal errors resulting from 14250combining iiprop=metadata with format=xml 14251* (bug [[bugzilla:11633|11633]]) API: Explicitly convert redirect titles to 14252strings due to PHP's very weak typing on array keys. 14253* API: Fixing main page display in meta=siteinfo 14254* (bug [[bugzilla:11719|11719]]) API: Remove trailing blanks in YAML output. 14255* (bug [[bugzilla:13718|13718]]) API: Return the proper continue parameter for 14256cmsort=timestamp 14257* Security: Work around misconfiguration by requiring strict comparisons for 14258in_array in User::isAllowed(). 14259* Security: Fixed XSS vulnerability in useskin parameter. 14260 14261== MediaWiki 1.12.0 == 14262 14263This is the quarterly branch release of [[MediaWiki]] for Winter 2008. 14264 14265MediaWiki is now using a "continuous integration" development model with 14266quarterly snapshot releases. The latest development code is always kept "ready 14267to run", and in fact runs our own sites on [[wikipedia:|Wikipedia]]. 14268 14269Release branches will continue to receive security updates for about a year 14270from first release, but nonessential bugfixes and feature developments will be 14271made on the development trunk and appear in the next quarterly release. 14272 14273Those wishing to use the latest code instead of a branch release can obtain it 14274from source control: [[Download from SVN]]. 14275 14276Changes since 1.12.0rc1: 14277*(bug [[bugzilla:13359|13359]]) Double-escaping in [[Special:Allpages]]. 14278*Localization updates. 14279 14280== MediaWiki 1.12.0rc1 == 14281 14282This is a release candidate of the Winter 2008 quarterly snapshot release of 14283[[MediaWiki]]. 14284 14285MediaWiki is now using a "continuous integration" development model with 14286quarterly snapshot releases. The latest development code is always kept "ready 14287to run", and in fact runs our own sites on [[wikipedia:|Wikipedia]]. 14288 14289Release branches will continue to receive security updates for about a year 14290from first release, but nonessential bugfixes and feature developments will be 14291made on the development trunk and appear in the next quarterly release. 14292 14293Those wishing to use the latest code instead of a branch release can obtain it 14294from source control: [[Download from SVN]]. 14295 14296This is the Winter 2007 quarterly release. 14297 14298MediaWiki is now using a "continuous integration" development model with 14299quarterly snapshot releases. The latest development code is always kept 14300"ready to run", and in fact runs our own sites on Wikipedia. 14301 14302Release branches will continue to receive security updates for about a year 14303from first release, but nonessential bugfixes and feature developments 14304will be made on the development trunk and appear in the next quarterly release. 14305 14306Those wishing to use the latest code instead of a branch release can obtain 14307it from source control: https://www.mediawiki.org/wiki/Download_from_SVN 14308 14309=== Configuration changes in 1.12 === 14310* Marking edits as bot edits with Special:Contributions?bot=1 now requires the 14311 markbotedit permission, rather than the rollback permission previously used. 14312 This permission is assigned by default to the sysop group. 14313* MediaWiki now checks if serialized files are out of date. New configuration 14314 variable $wgCheckSerialized can be set to false to enable old behavior (i.e. 14315 to not check and assume they are always up to date) 14316* The rollback permission can now be rate-limited using the normal mechanism. 14317* New configuration variable $wgExtraLanguageNames 14318* Behavior of $wgAddGroups and $wgRemoveGroups changed. New behavior: 14319* * Granting the userrights privilege allows arbitrary changing of rights. 14320* * Without the userrights privilege, a user will be able to add and/or 14321 remove the groups specified in $wgAddGroups and $wgRemoveGroups for 14322 any groups they are in. 14323* New permission userrights-interwiki for changing user rights on foreign wikis. 14324* $wgImplicitGroups for groups that are hidden from Special:Listusers, etc. 14325* $wgAutopromote: automatically promote users who match specified criteria 14326* $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf: allow users to add or remove 14327 themselves from specified groups via Special:Userrights. 14328* When $wgUseTidy has been enabled, PHP's Tidy module is now used if it is 14329 present, in preference to an external Tidy executable which may or may not 14330 be present. To force use of external Tidy even when the PHP module is 14331 available, set $wgTidyInternal to false. 14332 14333 14334=== New features in 1.12 === 14335* (bug 10735) Add a warning for non-descriptive filenames at Special:Upload 14336* Add {{filepath:}} parser function to get full path to an uploaded file, 14337 complementing {{fullurl:}} for pages. 14338* (bug 11136) If using Postgres, search path is explicitly set if wgDBmwschema 14339 is not set to 'mediawiki', allowing multiple mediawiki instances per user. 14340* (bug 11151) Add descriptive <title> to revision history page 14341* (bug 5412) Add feed links for the site to all pages 14342* (bug 11353) Add ability to retrieve raw section content via action=raw 14343* (bug 6909) Show relevant deletion log lines when uploading a previously 14344 deleted file 14345* On SkinTemplate based skins (like MonoBook), omit confusing "edit"/"view 14346 source" tab entirely if the page doesn't exist and the user isn't allowed to 14347 create it 14348* Clarify instructions given when an exception is thrown 14349* AuthPlugin added strictUserAuth() method to allow per-user override 14350 of the strict() authentication behavior. 14351* (bug 7872) Deleted revisions can now be viewed as diffs showing changes 14352 against the previous revision, whether currently deleted or live. 14353* Added tooltips for the "Go" and "Search" buttons 14354* (bug 11649) Show input form when Special:Whatlinkshere has no parameters 14355* isValidEmailAddr hook added to User method of that name, to allow, e.g., re- 14356 stricting e-mail addresses to a specific domain 14357* Removed "Clear" link in watchlist editor tools, as people were afraid to 14358 click it. Existing clear links will fall back to the raw editor, which is 14359 very easy to clear your watchlist with. 14360* (bug 1405) Add wgUseNPPatrol option to control patroling for new articles 14361 on Special:Newpages 14362* LogLine hook added to allow formatting custom entries in Special:Log. 14363* Support for Iranian calendar 14364* (bug 1401) Allow hiding logged-in users, bots and patrolled pages on 14365 Special:Newpages 14366* ChangesListInsertArticleLink hook added for adding extra article info to RC. 14367* MediaWikiPerformAction hook added for diverting control after the main 14368 globals have been set up but before any actions have been taken. 14369* BeforeWatchlist hook added for filtering or replacing watchlist. 14370* SkinTemplateTabAction hook added for altering the properties of tab links. 14371* OutputPage::getRedirect public method added. 14372* (bug 11848, 12506) Allow URL parameters 'section', 'editintro' and 'preload' 14373 in Special:Mypage and Special:Mytalk 14374* Add ot=raw to Special:Allmessages 14375* Support for Hebrew calendar 14376* Support for Hebrew numerals in dates and times 14377* (bug 11315) Signatures can be configured in [[MediaWiki:Signature]] and 14378 [[MediaWiki:Signature-anon]] 14379* Signatures for anonymous users link to Special:Contributions page rather than 14380 user page 14381* Added --override switch for disabled pages in updateSpecialPages.php 14382* Provide a unique message (ipb_blocked_as_range) if unblock of a single IP 14383 fails 14384 because it is part of a blocked range. 14385* (bug 3973) Use a separate message for the email content when an account is 14386 created by another user 14387* dumpTextPass.php can spawn fetchText.php as a subprocess, which should restart 14388 cleanly if database connections fail unpleasantly. 14389* (bug 12028) Add Special:Listbots as shortcut for Special:Listusers/bot 14390* (bug 9633) Add a predefined list of delete reasons to the deletion form 14391* Show a warning message when creating/editing a user (talk) page but the user 14392 does not exists 14393* (bug 8396) Ignore out-of-date serialised message caches 14394* (bug 12195) Undeleting pages now requires 'undelete' permission 14395* (bug 11810) Localize displayed semicolons 14396* (bug 11657) Support for Thai solar calendar 14397* (bug 943) RSS feed for Recentchangeslinked 14398* Introduced AbortMove hook 14399* (bug 2919) Protection of nonexistent pages with regular protection interface. 14400* Special:Upload now lists permitted/prohibited file extensions. 14401* Split ambiguous filetype-badtype message into two new messages, 14402 filetype-unwanted-type and filetype-banned-type. 14403* Added link to the old title in Special:Movepage 14404* On Special:Movepage, errors are now more noticeable. 14405* It is now possible to change rights on other local wikis without the MakeSysop 14406 extension 14407* Add HTML ID's mw-read-only-warning and mw-anon-edit-warning to warnings when 14408 editing to allow CSS styling. 14409* Parser now returns list of sections 14410* When a user is prohibited from creating a page, a title of "View source" 14411 makes no sense, and there should be no "Return to [[Page]]" link. 14412* (bug 12486) Protected titles now give a warning for privileged editors. 14413* (bug 9939) Special:Search now sets focus to search input box when no existing 14414 search is active 14415* For Special:Userrights, use GET instead of POST to search for users. 14416* Allow subpage syntax for Special:Userrights, i.e., Special:Userrights/Name. 14417* When submitting changes on Special:Userrights, show the full form again, not 14418 just the search box. 14419* Added exception hooks 14420* (bug 12574) Allow bots to specify whether an edit should be marked as a bot 14421 edit, via the parameter 'bot'. (Default: '1') 14422* (bug 12536) User should be able to get MediaWiki version from any page 14423* (bug 12622) A JavaScript constant to declare whether api.php is available 14424* Add caching to the AJAX search 14425* Add APCOND_INGROUPS 14426* Add DBA caching to installer 14427* (bug 12585) Added a bunch of parameters to the revertpage message 14428* Support redirects in image namespace 14429* (bug 10049) Prefix index search and namespaces in Special:Withoutinterwiki 14430* (bug 12668) Support for custom iPhone bookmark icon via $wgAppleTouchIcon 14431* Add option to include templates in Special:Export. 14432* (bug 12655) Added $wgUserEmailUseReplyTo config option to put sender 14433 address in Reply-To instead of From for user-to-user emails. 14434 This protects against SPF problems and privacy-leaking bounce messages 14435 when using mailers that set the envelope sender to the From header value. 14436* (bug 11897) Add alias [[Special:CreateAccount]] & [[Special:Userlogin/signup]] 14437 for Special:Userlogin?type=signup 14438* (bug 12214) Add a predefined list of delete reasons to the file deletion form 14439* Merged backends for OpenSearch suggestions and AJAX search. 14440 Both now accept namespace prefixes, handle 'Media:' and 'Special:' pages, 14441 and reject interwiki prefixes. PrefixSearch class centralizes this code, 14442 and the backend part can be overridden by the PrefixSearchBackend hook. 14443* (bug 10365) Localization of Special:Version 14444* When installing using Postgres, the Pl/Pgsql language is now checked for 14445 and installed when at the superuser level. 14446* The default robot policy for the entire wiki is now configurable via the 14447 $wgDefaultRobotPolicy setting. 14448* (bug 12239) Use different separators for autocomments 14449* (bug 12857) Patrol link on new pages should clear floats 14450* (bug 12968) Render redirect wikilinks in a redirect class for customization 14451 via user/site CSS. 14452* EditPageBeforeEditButtons hook added for altering the edit buttons below the 14453 edit box 14454 14455=== Bug fixes in 1.12 === 14456 14457* Subpages are now indexed for searching properly when using PostgreSQL 14458* (bug 3846) Suppress warnings from, e.g. open_basedir when scanning for 14459 ImageMagick, diff3 et al. during installation [patch by Jan Reininghaus] 14460* (bug 7027) Shift handling of deletion permissions-checking to 14461 getUserPermissionsErrors. 14462* Login and signup forms are now more correct for right-to-left languages. 14463* (bug 5387) Block log items on RecentChanges don't make use of possible 14464 translations 14465* (bug 11211) Pass, as a parameter to the protectedpagetext interface 14466 message, the level of protection. 14467* (bug 9611) Supply the blocker and reason for the cantcreateaccounttext 14468 message. 14469* (bug 8759) Fixed bug where rollback was allowed on protected pages for wikis 14470 where rollback is given to non-sysops. 14471* (bug 8834) Split off permission for editing user JavaScript and CSS from 14472 editinterface to a new permission key editusercssjs. 14473* (bug 11266) Set fallback language for Fulfulde (ff) to French 14474* (bug 11179) Include image version deletion comment in public log 14475* Fixed notice when accessing special page without read permission and whitelist 14476 is not defined 14477* (bug 9252) Fix for tidy funkiness when using editintro mode 14478* (bug 4021) Fix for MySQL wildcard search 14479* (bug 10699) Fix for MySQL phrase search 14480* (bug 11321) Fix width of gallerybox when option "width=xxx" is used 14481* (bug 7890) Special:BrokenRedirects links deleted redirects to a non-existent 14482 page 14483* Fix initial statistics when installing: add correct values 14484* (bug 11342) Fix several 'returnto' links in permissions/error pages which 14485 linked to the main page instead of targetted page 14486* Strike the link to the redirect rather than using an asterisk in 14487 Special:Listredirects 14488* (bug 11355) Fix false positives in Safe Mode and other config detection 14489 when boolean settings are disabled with 'Off' via php_admin_value/php_value 14490* (bug 11292) Fixed unserialize errors with Postgres by creating special Blob 14491 object. 14492* (bug 11363) Make all metadata fields bytea when using Postgres. 14493* (bug 11331) Add buildConcat() and use CASE not IF for DB compatibility. Make 14494 oldimage cascade delete via image table for Postgres, change fa_storage_key 14495 TEXT. 14496* (bug 11438) Live Preview chops returned text 14497* Show the right message on account creation when the user is blocked 14498* (bug 11450) Fix creation of objectcache table on upgrade 14499* Fix namespace selection after submit of Special:Newpages 14500* Make input form of Special:Newpages nicer for RTL wikis 14501* (bug 11462) Fix typo in LanguageGetSpecialPageAliases hook name 14502* (bug 11474) Fix unintentional fall-through in math error handling 14503* (bug 11478) Fix undefined method call in file deletion interface 14504* (bug 278) Search results no longer highlight incorrect partial word matches 14505* Compatibility with incorrectly detected old-style DJVU mime types 14506* (bug 11560) Fix broken HTML output from weird link nesting in edit comments. 14507 Nested links (as in image caption text) still don't work _right_ but they're 14508 less wrong 14509* (bug 9718) Remove unnecessary css from main.css causing spacing issues on 14510 some browsers. 14511* (bug 11574) Add an interface message loginstart, which, similarly to loginend, 14512 appears just before the login form. Patch by MinuteElectron. 14513* Do not cache category pages if using 'from' or 'until' 14514* Created new hook getUserPermissionsErrors, to go with userCan changes. 14515* Diff pages did not properly display css/js pages. 14516* (bug 11620) Add call to User::isValidEmailAddr during accout creation. 14517* (bug 11629) If $wgEmailConfirmToEdit is true, require people to supply an 14518 email address when registering. 14519* (bug 11612) Days to show in recent changes cannot be larger than 7 14520* (bug 11131) Change filearchive width/height columns to int for Postgres 14521* Support plural in undeleted{revisions,revisions-files,files} 14522* (bug 11343) If the database is read-only, ensure that undelete fails. 14523* (bug 11690) Show revert link for page moves in Special:Log to allowed users 14524 only 14525* Initial-lowercase prefix checks in namespaceDupes.php now actually work. 14526* Fix regression in LinkBatch.php breaking PHP 5.0 14527* (bug 11452) wfMsgExt uses sometimes wrong language object for parsing magic 14528 words when called with options ''parsemag'' or ''content''. 14529* (bug 11727) Support plural in 'historysize' message 14530* (bug 11744) Incorrect return value from Title::getParentCategories() 14531* (bug 11762) Fix native language name of Akan (ak) 14532* (bug 11722) Fix inconsistent case in unprotect tabs 14533* (bug 11795) Be more paranoid about confirming accept-encoding header is 14534 present 14535* (bug 11809) Use formatNum() for more numbers 14536* (bug 11818) Fix native language name of Inuktitut (iu) 14537* Remove all commas when parsing float numbers in sorted tables 14538* Limit text field of deletion, protection and user rights changes reasons to 14539 255 characters (already restricted in the database) 14540* In the deletion default reasons, calculate how much text to get from the 14541 article text, rather than getting 150 characters (which may be too much) 14542* Add two messages for Special:Blockme which were used but undefined 14543* (bug 11921) Support plural in message number_of_watching_users_pageview 14544* If an IP address is blocked as part of a rangeblock, attempting to unblock 14545 the single IP should not unblock the entire range. 14546* (bug 6695) Fix native language name of Southern Sotho (Sesotho) (st) 14547* Make action=render follow redirects by default 14548* If restricted read access was enabled, whitelist didn't work with special 14549 pages which had spaces in theirs names 14550* If restricted read access was enabled, requests for non-existing special pages 14551 threw an exception 14552* Feeds for recent changes now provide correct URLs for the change, not just 14553 the page 14554* Check for if IP is blocked as part of a range when unblocking (see above bug- 14555 fix) was faulty. Now fixed. 14556* Fixed wpReason URL parameter to action=delete. 14557* Do not force a password for account creation by email 14558* Ensure that rate-limiting is applied to rollbacks. 14559* Make a better rate-limiting error message (i.e. a normal MW error, 14560 rather than an "Internal Server Error"). 14561* Do not present an image bigger than the source when 'frameless' option is used 14562 (to be consistent with the 'thumb' option now) 14563* Support {{PLURAL}} for import log 14564* Make sure that the correct log entries are shown on Special:Userrights even 14565 for users with special characters in their names 14566* The number of watching users in watchlists was always reported as 1 14567* namespaceDupes.php no longer dies when coming across an illegal title 14568* (bug 12143) Do not show a link to patrol new pages for non existent pages 14569* (bug 12166) Fix XHTML validity for Special:Emailuser 14570* (bug 11346) Users who cannot edit a page can now no longer unprotect it. 14571* (bug 451) Add a generic Traditional / Simplified Chinese conversion table, 14572 instead of a Traditional conversion with Taiwan variant, and a Simplified 14573 conversion with China variant. 14574* (bug 12178) Fix wpReason parameter to action=delete, again. 14575* Graceful behavior for updateRestrictions.php if a page already has records 14576 in the page_restrictions matching its old page_restrictions field. 14577 May help with odd upgrade issues or race condition. 14578* (bug 11993) Remove contentsub "revision history" 14579* (bug 11952) Ensure we quote_ident() all schema names as needed 14580 inside of the DatabasePostgres.php file. 14581* (bug 12184) Exceptions now sent to stderr instead of stdout for command-line 14582 scripts, making for cleaner reporting during batch jobs. PHP errors will also 14583 be redirected in most cases on PHP 5.2.4 and later, switching 'display_errors' 14584 to 'stderr' at runtime. 14585* (bug 12148) Text highlight wasn't applied to cleanly deleted and added 14586 lines in diff output 14587* (bug 10166) Fix a PHP warning in Language::getMagic 14588* Only mark rollback edits as minor if the user can normally mark edits minor 14589* Escape page names in the move successful page (e.g. for pages with two 14590 apostrophes). 14591* (bug 12145) Add localized names of kk-variants 14592* (bug 12259) Localize the numbers in deleted pages on the sysop view 14593* Set proper page title for successful file deletion 14594* (bug 11221) Do not show 'Compare selected versions' button for a history page 14595 with one revision only 14596* (bug 12267) Set the default date format to Thai solar calender for the Thai 14597 language 14598* (bug 10184) Extensions' stylesheets and scripts should be loaded before 14599 user-customized ones (like Common.css, Common.js) 14600* (bug 12283) Special:Newpages forgets parameters 14601* (bug 12031) All namespaces doesn't work in Special:Newpages 14602* (bug 585) Only create searchindex replica table for parser tests if db is 14603 MySQL 14604* Allow --record option if parserTests.php to work when using Postgres 14605* (bug 12296) Simplify cache epoch in default LocalSettings.php 14606* (bug 12346) XML fix when body double-click and click handlers are present 14607* Fix regression -- missing feed links in sidebar on Special:Recentchanges 14608* (bug 12371) Handle more namespace case variants in namespaceDupes.php 14609* (bug 12380) Bot-friendly EditPage::spamPage 14610* (bug 8066) Spaces can't be entered in special page aliases 14611* Hide undo link if user can't edit article 14612* (bug 12416) Fix password setting for createAndPromote.php 14613* (bug 3097) Inconsistently usable titles containing HTML character entities 14614 are now forbidden. A run of cleanupTitles.php will fix up existing pages. 14615* (bug 12446) Permissions check fix for undelete link 14616* (bug 12451) AJAX title normalization tweaks 14617* When a user creating a page is not allowed to either create the page nor edit 14618 it, all applicable reasons are now shown. 14619* (bug 11428) Allow $wgScript inside $wgArticlePath when emulating PATH_INFO 14620 Fixes 'root'-style rewrite configurations 14621* (bug 12493) Removed hardcoded MAX_FILE_SIZE from Special:Import upload form 14622* (bug 12489) Special:Userrights listed in restricted section again 14623* (bug 12553) Fixed invalid XHTML in edit conflict screen 14624* (bug 12505) Fixed section=0 with action=raw 14625* (bug 12614) Do not log user rights change that didn't change anything 14626* (bug 12584) Don't reset cl_timestamp when auto-updating sort key on move 14627* (bug 12588) Fix selection in namespace selector on Special:Newpages 14628* Use only default options when generating RSS and Atom syndication links. 14629 This should help prevent infinite link loops that some software may follow, 14630 and will generally keep feed behavior cleaner. 14631* (bug 12608) Unifying the spelling of getDBkey() in the code. 14632* (bug 12611) Bot flag ignored in recent changes 14633* (bug 12617) Decimal and thousands separators for Romanian 14634* (bug 12567) Fix for misformatted read-only messages on edit, protect. 14635 Also added proper read-only checks to several special pages. 14636 Have removed read-only checks from the general user permission framework. 14637* Creating a site with a name containing '#' is no longer permitted, since the 14638 name will not work (but $wgSiteName is not checked if manually set). 14639* (bug 12695) Suppress dvips verbiage from web server error log 14640* (bug 12716) Unprotecting a non-protected page leaves a log entry 14641* Log username blocks with canonical form of name instead of input form 14642* (bug 11593, 12719) Fixes for overzealous invocation of thumb.php. 14643 Non-image handlers and full-size images may now decline it, fixing 14644 mystery failures when using $wgThumbnailScriptPath. 14645* (bug 12327) Comma in username no longer disrupts mail headers 14646* (bug 6436) Localization of Special:Import XML parser Error message(s). 14647* Security fix for API on MSIE 14648* (bug 12768) Database query syntax error in maintenance/storage/compressOld.inc 14649* (bug 12753) Empty captions in MediaWiki:Sidebar result in PHP errors 14650* (bug 12790) Page protection is not logged when edit-protection is used 14651 and move-protection is not 14652* (bug 12793) Fix for restricted namespaces/pages in Special:Export 14653* Fix for Special:Export so it doesn't ignore the page named '0' 14654* Don't display rollback link if the user doesn't have all required permissions 14655* The comment of a time-limited protection now contains the date in the default 14656 format 14657* (bug 12880) wfLoadExtensionMessages does not use $fallback from MessagesXx.php 14658* (bug 12885) Correction for Russian convertPlural function 14659* (bug 12768) Make DatabasePostgres->hasContraint() schema aware. 14660* (bug 12735) Truncate usernames in comments using mb_ functions. 14661* (bug 12892) Poor tab indexing on "delete file" form 14662* (bug 12660) When creating an account by e-mail, do not send the creator's IP 14663 address 14664* (bug 12931) Fix wrong global variable in SpecialVersion 14665* (bug 12919) Use 'deletedrevision' message as content when deleting an old file 14666 version 14667* (bug 12952) Using Nosuchusershort instead of Nosuchuser when account creation 14668 is disabled 14669* (bug 12869) Magnify icon alignment should be adjusted using linked CSS 14670* Fixing message cache updates for MediaWiki messages moves 14671* (bug 12815) Signature timestamps were always in UTC, even if the timezone code 14672 in parentheses after them claimed otherwise 14673* (bug 12732) Fix installer and searching to handle built-in tsearch2 for 14674 Postgres. 14675* (bug 12784) Change "bool" types to smallint to handle Postgres 8.3 strictness. 14676* (bug 12301) Allow maintenance/findhooks.php to search hooks in multiple 14677 directories. 14678* (bug 7681, 11559) Cookie values no longer override GET and POST variables. 14679* (bug 5262) Fully-qualified $wgStylePath no longer corrupted on XML feeds 14680* (bug 3269) Inaccessible titles ending in '/.' or '/..' now forbidden. 14681* (bug 12935, 12981) Fully-qualify archive URLs in delete, revert messages 14682* (bug 12938) Fix template expansion and 404 returns for action=raw with section 14683* (bug 11567) Fix error checking for PEAR::Mail. UserMailer::send() now returns 14684 true-or-WikiError, which seems to be the calling convention expected by half 14685 its callers already 14686* (bug 12846) IE rtl.css issue in RTL wikis special:Preferences when selecting 14687 an LTR user language 14688* (bug 13005) DISPLAYTITLE does not work on preview 14689* (bug 13004) Fix error on Postgres searches that return too many results. 14690 14691== Parser changes in 1.12 == 14692 14693For help with migration to the MediaWiki 1.12 parser, please visit: 14694 14695http://meta.wikimedia.org/wiki/Migration_to_the_new_preprocessor 14696 14697The parser pass order has changed from 14698 14699 * Extension tag strip and render 14700 * HTML normalisation and security 14701 * Template expansion 14702 * Main section... 14703 14704to 14705 14706 * Template and extension tag parse to intermediate representation 14707 * Template expansion and extension rendering 14708 * HTML normalisation and security 14709 * Main section... 14710 14711The main effect of this for the user is that the rules for uncovered syntax 14712have changed. 14713 14714Uncovered main-pass syntax, such as HTML tags, are now generally valid, whereas 14715previously in some cases they were escaped. For example, you could have "<ta" in 14716one template, and "ble>" in another template, and put them together to make a 14717valid <table> tag. Previously the result would have been "<table>". 14718 14719Uncovered preprocessor syntax is generally not recognised. For example, if you 14720have "{{a" in Template:A and "b}}" in Template:B, then "{{a}}{{b}}" will be 14721converted to a literal "{{ab}}" rather than the contents of Template:Ab. This 14722was the case previously in HTML output mode, and is now uniformly the case in 14723the other modes as well. HTML-style comments uncovered by template expansion 14724will not be recognised by the preprocessor and hence will not prevent template 14725expansion within them, but they will be stripped by the following HTML security 14726pass. 14727 14728Bug 5678 has been fixed. This has a number of user-visible effects related to 14729the removal of this double-parse. Please see the wiki page for examples. 14730 14731Message transformation mode has been removed, and replaced with "preprocess" 14732mode. This means that some MediaWiki namespace messages may need to be updated, 14733especially ones which took advantage of the terribly counterintuitive behavior 14734of the former message mode. 14735 14736The header identification routines for section edit and for numbering section 14737edit links have been merged. This removes a significant failure mode and fixes a 14738whole category of bugs (tracked by bug #4899). Wikitext headings uncovered by 14739template expansion will still be rendered into a heading tag, and will get an 14740entry in the TOC, but will not have a section edit link. HTML-style headings 14741will also not have a section edit link. Valid wikitext headings present in the 14742template source text will get a template section edit link. This is a major 14743break from previous behavior, but I believe the effects are almost entirely 14744beneficial. 14745 14746The main motivation for making these changes was performance. The new two-pass 14747preprocessor can skip "dead branches" in template expansion, such as unfollowed 14748#switch cases and unused defaults for template arguments. This provides a 14749significant performance improvement in template-heavy test cases taken from 14750Wikipedia. Parser function hooks can participate in this performance improvement 14751by using the new SFH_OBJECT_ARGS flag during registration. 14752 14753The pre-expand include size limit has been removed, since there's no efficient 14754way to calculate such a figure, and it would now be meaningless for performance 14755anyway. The "preprocessor node count" takes its place, with a generous default 14756limit. 14757 14758The context in which XML-style extension tags are called has changed, so 14759extensions which make use of the parser state may need compatibility changes. 14760 14761The new preprocessor syntax has been documented in Backus-Naur Form at: 14762 14763https://www.mediawiki.org/wiki/Preprocessor_ABNF 14764 14765The ExpandTemplates extension now has the ability to generate an XML parse 14766tree from wikitext source. This parse tree corresponds closely to the grammar 14767documented on that page. 14768 14769=== API changes in 1.12 === 14770 14771Full API documentation is available at https://www.mediawiki.org/wiki/API 14772 14773* (bug 11275) Enable descending sort in categorymembers 14774* (bug 11308) Allow the API to output the image metadata 14775* (bug 11296) Temporary fix for escaping of ampersands inside links in 14776 pretty-printed 14777 help document. 14778* (bug 11405) Expand templates implementation in the API 14779* (bug 11218) Add option to feedwatchlist to display multiple revisions for each 14780 page. 14781* (bug 11404) Provide name of exception caught in error code field of internal 14782 api error messages. 14783* (bug 11534) rvendid doesn't work 14784* Fixed rvlimit of the revisions query to only enforce the lower query limit if 14785 revision content is requested. 14786* Include svn revision number (if install is checked-out from svn) in siteinfo 14787 query. 14788* (bug 11173) Allow limited wikicode rendering via api.php 14789* (bug 11572) API should provide interface for expanding templates 14790* (bug 11569) Login should return the cookie prefix 14791* (bug 11632) Breaking change: Specify the type of a change in the recentchanges 14792 list as 'edit', 'new', 'log' instead of 0, 1, 2, respectively. 14793* Compatibility fix for PHP 5.0.x. 14794* Add rctype parameter to list=recentchanges that filters by type 14795* Add apprtype and apprlevel parameters to filter list=allpages by protection 14796 types and levels 14797* Add apdir parameter to enable listing all pages from Z to A 14798* (bug 11721) Use a different title for results than for the help page. 14799* (bug 11562) Added a user_registration parameter/field to the list=allusers 14800 query. 14801* (bug 11588) Preserve document structure for empty dataset in backlinks query. 14802* Outputting list of all user preferences rather than having to request them by 14803 name 14804* (bug 11206) api.php should honor maxlag 14805* Make prop=info check for restrictions in the old format too. 14806* Add apihighlimits permission, default for sysops and bots 14807* Add limit=max to use maximal limit 14808* Add action=parse to render parser output. Use it instead of action=render 14809 which has been removed 14810* Add rvtoken=rollback to prop=revisions 14811* Add meta=allmessages to get messages from site's messages cache. 14812* Use bold and italics highlighting only in API help 14813* Added action={block,delete,move,protect,rollback,unblock,undelete} and 14814 list={blocks,deletedrevs} 14815* Fixed sessionid attribute in action=login 14816* Standardized limits. Revisions and Deletedrevisions formerly using 14817 200 / 10000, now 500 / 5000, in line with other modules. 14818* Added list=allcategories module 14819* (bug 12321) API list=blocks reveals private data 14820* Fix output of wfSajaxSearch 14821* (bug 12413) meta=userinfo missing <query> tag 14822* Add list of sections to action=parse output 14823* Added action=logout 14824* Added cascade flag to prop=info&inprop=protections 14825* Added wlshow parameter to list=watchlist, similar to rcshow 14826 (list=recentchanges) 14827* Added support for image thumbnailing to prop=imageinfo 14828* action={login,block,delete,move,protect,rollback,unblock,undelete} now must be 14829 POSTed 14830* prop=imageinfo interface changed: iihistory replaced by iilimit, iistart and 14831 iiend parameters 14832* Added amlang parameter to meta=allmessages 14833* Added apfilterlanglinks parameter to list=allpages, replacing 14834 query.php?what=nolanglinks 14835* (bug 12718) Added action=paraminfo module that provides information about API 14836 modules and their parameters 14837* Added iiurlwidth and iiurlheight parameters to prop=imageinfo 14838* Added format=txt and format=dbg, imported from query.php 14839* Added uiprop=editcount to meta=userinfo 14840* Added list=users which fetches user information 14841* Added list=random which fetches a list of random pages 14842* Added page parameter to action=parse to facilitate parsing of existing pages 14843* Added uiprop=ratelimits to meta=userinfo 14844* Added siprop=namespacealiases to meta=siteinfo 14845* Made multiple values for ucuser possible in list=usercontribs 14846* (bug 12944) Added cmstart and cmend parameters to list=categorymembers 14847* Allow queries to have a where range that does not match the range field 14848 14849== MediaWiki 1.11 == 14850 14851== MediaWiki 1.11.2 == 14852 14853March 2, 2008 14854 14855This is a security release of the Fall 2007 snapshot release of MediaWiki. 14856Possible cross-site information leaks using the callback parameter for 14857JSON-formatted results in the API are prevented by dropping user credentials. 14858 14859MediaWiki release versions prior to 1.11 are not vulnerable, as they do not 14860include the callback feature which allows client-side JavaScript on other sites 14861to reach API data. 14862 14863Changes in this release: 14864 14865* User credentials are dropped for API JSON requests using a callback 14866* Edit tokens are not reported for API JSON requests using a callback 14867 14868== MediaWiki 1.11.1 == 14869 14870January 23, 2008 14871 14872This is a security and bugfix release of the Fall 2007 snapshot release of 14873 MediaWiki. A potential XSS injection vector affecting api.php only for 14874 Microsoft Internet Explorer users has been closed. 14875 14876Changes in this release: 14877* (bug [[bugzilla:11450|11450]]) Fix creation of objectcache table on upgrade 14878* (bug [[bugzilla:11462|11462]]) Fix typo in LanguageGetSpecialPageAliases hook 14879name 14880* Fix regression in LinkBatch.php breaking PHP 5.0 14881* Security fix for API on MSIE 14882 14883To work around the vulnerability without upgrading, you may disable the API if 14884you don't need it: 14885:[[Manual:$wgEnableAPI|$wgEnableAPI]] = false; 14886 14887Not vulnerable versions: 14888* 1.12 or later 14889* 1.11 >= 1.11.1 14890* 1.10 >= 1.10.3 14891* 1.9 >= 1.9.5 14892* 1.8 any version (if $wgEnableAPI has been left off) 14893 14894Vulnerable versions: 14895* 1.11 <= 1.11.0rc1 14896* 1.10 <= 1.10.2 14897* 1.9 <= 1.9.4 14898* 1.8 any version (if $wgEnableAPI has been switched on) 14899 14900MediaWiki 1.7 and below are not affected as they do not include the API 14901functionality, however the BotQuery extension is similarly vulnerable unless 14902updated to the latest SVN version. 14903 14904== MediaWiki 1.11.0 == 14905 14906September 10, 2007 14907 14908This is the Fall 2007 snapshot release of MediaWiki. 14909 14910MediaWiki is now using a "continuous integration" development model with 14911quarterly snapshot releases. The latest development code is always kept "ready 14912to run", and in fact runs our own sites on Wikipedia. 14913 14914Release branches will continue to receive security updates for about a year 14915from first release, but nonessential bugfixes and feature developments will be 14916made on the development trunk and appear in the next quarterly release. 14917 14918Those wishing to use the latest code instead of a branch release can obtain it 14919from source control: [[Download from SVN]] 14920 14921This is the Summer 2007 branch release of MediaWiki. 14922 14923MediaWiki is now using a "continuous integration" development model with 14924quarterly snapshot releases. The latest development code is always kept 14925"ready to run", and in fact runs our own sites on Wikipedia. 14926 14927Release branches will continue to receive security updates for about a year 14928from first release, but nonessential bugfixes and feature developments 14929will be made on the development trunk and appear in the next quarterly release. 14930 14931Those wishing to use the latest code instead of a branch release can obtain 14932it from source control: https://www.mediawiki.org/wiki/Download_from_SVN 14933 14934== Changes since 1.11.0rc1 == 14935 14936A possible HTML/XSS injection vector in the API pretty-printing mode has been 14937found and fixed. 14938 14939The vulnerability may be worked around in an unfixed version by simply 14940disabling the API interface if it is not in use, by adding this to 14941[[Manual:LocalSettings.php|LocalSettings.php]]:<br /> 14942<code>[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;</code> <br /> 14943(This is the default setting in 1.8.x.) 14944 14945Not vulnerable versions: 14946* 1.11 >= 1.11.0 14947* 1.10 >= 1.10.2 14948* 1.9 >= 1.9.4 14949* 1.8 >= 1.8.5 14950 14951Vulnerable versions: 14952* 1.11 <= 1.11.0rc1 14953* 1.10 <= 1.10.1 14954* 1.9 <= 1.9.3 14955* 1.8 <= 1.8.4 (if [[Manual:$wgEnableAPI|$wgEnableAPI]] has been switched on) 14956 14957MediaWiki 1.7 and below are not affected as they do not include the faulty 14958function, however the [[Extension:BotQuery|BotQuery extension]] is similarly 14959vulnerable unless updated to the latest SVN version. 14960 14961== Configuration changes since 1.10 == 14962 14963* $wgThumbUpright - Adjust width of upright images when parameter 'upright' is 14964 used 14965* $wgAddGroups, $wgRemoveGroups - Finer control over who can assign which 14966 usergroups 14967* $wgEnotifImpersonal, $wgEnotifUseJobQ - Bulk mail options for large sites 14968* $wgShowHostnames - Expose server host names through the API and HTML comments 14969* $wgSaveDeletedFiles has been removed, the feature is now enabled 14970unconditionally 14971 14972== New features since 1.10 == 14973 14974* (bug 8868) Separate "blocked" message for autoblocks 14975* Adding expiry of block to block messages 14976* Links to redirect pages in categories are wrapped in 14977 <span class="redirect-in-category"></span> 14978* Introduced 'ImageOpenShowImageInlineBefore' hook; see docs/hooks.txt for 14979 more information 14980* (bug 9628) Show warnings about slave lag on Special:Contributions, 14981 Special:Watchlist 14982* (bug 8818) Expose "wpDestFile" as parameter $1 to "uploaddisabledtext" 14983* Introducing new image keyword 'upright' and corresponding variable 14984 $wgThumbUpright. This allows better proportional view of upright images 14985 related to landscape images on a page without nailing the width of upright 14986 images to a fix value which makes views for anon unproportional and user 14987 preferences useless 14988* (bug 6072) Introducing 'border' keyword to the [[Image:]] syntax 14989* Introducing 'frameless' keyword to [[Image:]] syntax which respects the 14990 user preferences for image width like 'thumb' but without a frame. 14991* (bug 7960) Link to "what links here" for each "what links here" entry 14992* Added support for configuration of an arbitrary number of commons-style 14993 file repositories. 14994* Added a Content-Disposition header to thumb.php output 14995* Improved thumb.php error handling 14996* Display file history on local image description pages of shared images 14997* Added $wgArticleRobotPolicies 14998* (bug 10076) Additional parameter $7 added to MediaWiki:Blockedtext 14999 containing, the ip, ip range, or username whose block is affecting the 15000* (bug 7691) Show relevant lines from the deletion log when re-creating a 15001 previously deleted article 15002* Added variables 'wgRestrictionEdit' and 'wgRestrictionMove' for JS to header 15003* (bug 9898) Allow viewing all namespaces in Special:Newpages 15004* (bug 10139) Introduce 'EditSectionLink' and 'EditSectionLinkForOther' hooks; 15005 see docs/hooks.txt for details 15006* (bug 9769) Provide "watch this page" toggle on protection form 15007* (bug 9886) Provide clear example "stub link" in Special:Preferences 15008* (bug 10055) Populate email address and real name properties of User objects 15009 passed to the 'AbortNewAccount' hook 15010* Show result of Special:Booksources in wiki content language always, it's 15011 normally better maintained than the generic list from the standard message 15012 files 15013* (bug 7997) Allow users to be blocked from using Special:Emailuser 15014* (bug 8989) Blacklist 'mhtml' and 'mht' files from upload 15015* (bug 8760) Allow wiki links in "protectexpiry" message 15016* (bug 5908) Add "DEFAULTSORTKEY" and "DEFAULTCATEGORYSORT" aliases for 15017 "DEFAULTSORT" magic word 15018* (bug 10181) Support the XCache object caching mechanism 15019* (bug 9058) Introduce '--aconf' option for all maintenance scripts, to provide 15020 a path to the AdminSettings.php file 15021* (bug 8781) Remind users to check file permissions for LocalSettings.php 15022 post-installation 15023* Use shared.css for all skins and oldshared.css in place of common.css for 15024 pre-Monobook skins. As always, modifications should go in-wiki to MediaWiki: 15025 Common.css and MediaWiki:Monobook.css. 15026* (bug 8869) Introduce Special:Uncategorizedtemplates 15027* (bug 8734) Different log message when article protection level is changed 15028* (bug 8458, 10338) Limit custom signature length to $wgMaxSigChars Unicode 15029 characters 15030* (bug 10096) Added an ability to query interwiki map table 15031* On reupload, add a null revision to the image description page 15032* Group log output by date 15033* Kurdish interface latin/arabic writing system with transliteration 15034* Support wiki text in all query page headers 15035* Add 'Orphanedpages' as an alias to Special:Lonelypages 15036* (bug 9328) Use "revision-info-current" message in place of "revision-info" 15037 when viewing the current revision of a page, if available 15038* (bug 8890) Enable wiki text for "license" message 15039* Throw a showstopper exception when a hook function fails to return a value. 15040 Forgetting to give a 'true' return value is a very common error which tends 15041 to cause hard-to-track-down interactions between extensions. 15042* Use $wgJobClasses to determine the correct Job to instantiate for a particular 15043 queued task; allows extensions to introduce custom jobs 15044* (bug 10326) AJAX-based page watching and unwatching has been cleaned up and 15045 enabled by default. 15046* Added option to install to MyISAM 15047* (bug 9250) Remove hardcoded minimum image name length of three characters 15048* Fixed DISPLAYTITLE behavior to reject titles which don't normalise to the 15049 same title as the current page, and enabled per default 15050* Wrap site CSS and JavaScript in a <pre> tag, like user JS/CSS 15051* (bug 10196) Add classes and dir="ltr" to the <pre>s on CSS and JS pages (new 15052 classes: mw-code, mw-css, mw-js) 15053* (bug 6711) Add $wgAddGroups and $wgRemoveGroups to allow finer control over 15054 usergroup assignment. 15055* Introduce 'UserEffectiveGroups' hook; see docs/hooks.txt for more information 15056* (bug 10387) Detect and handle '.php5' extension environments at install time 15057* Introduce 'ShowRawCssJs' hook; see docs/hooks.txt for more information 15058* (bug 10404) Show rights log for the selected user in Special:Userrights 15059* New javascript for upload page that will show a warning if a file with the 15060 "destination filename" already exists. 15061* Add 'editsection-brackets' message to allow localization (or removal) of the 15062 brackets in the "[edit]" link for sections 15063* (bug 10437) Move texvc styling to shared.css 15064* Introduce "raw editing" mode for the watchlist, to allow bulk additions, 15065 removals, and convenient exporting of watchlist contents 15066* Show "undo" links in page histories 15067* Option to jump to specified time period in user contributions 15068* Improved feedback on "rollback success" page 15069* Show distinct 'namespaceprotected' message to users when namespace protection 15070 prevents page editing 15071* (bug 9936) Per-edit suppression of preview-on-first edit with "preview=no" 15072* Allow showing a one-off preview on first edit with "preview=yes" 15073* (bug 9151) Remove timed redirects on "Return to X" pages for accessibility. 15074* Link to user logs in toolbox when viewing a user page 15075* (bug 10508) Allow HTML attributes on <gallery> 15076* (bug 1962) Allow HTML attributes on <math> 15077* (bug 10530) Introduce optional "sp-contributions-explain" message for 15078 additional explanation in Special:Contributions 15079* (bug 10520) Preview licences during upload via AJAX (toggle with 15080 $wgAjaxLicensePreview) 15081* New Parser::setTransparentTagHook for parser extension and template 15082 compatibility 15083* Introduced 'ContributionsToolLinks' hook; see docs/hooks.txt for more 15084 information 15085* Add a message if category is empty 15086* Add CSS compatibility for Opera 9.5 15087* Remove largely untested handheld stylesheet, which was causing more trouble 15088 than good. Proper handheld support will be added at a future date. For now, 15089 display should be acceptable either with CSS turned off or when using a so- 15090 phisticated handheld browser. 15091* (bug 3173) Option to offer exported pages as a download, rather than 15092 displaying inline, as in most browsers 15093* Pass the user as an argument to 'isValidPassword' hook callbacks; see 15094 docs/hooks.txt for more information 15095* Introduce 'UserGetRights' hook; see docs/hooks.txt for more information 15096* (bug 9595) Pass new Revision to the 'ArticleInsertComplete' and 15097 'ArticleSaveComplete' hooks; see docs/hooks.txt for more information 15098* (bug 9575) Accept upload description from GET parameters 15099* Skip the difference engine cache when 'action=purge' is used while requesting 15100 a difference page, to allow refreshing the cache in case of errors 15101* (bug 10701) Link to Special:Listusers in default Special:Statistics messages 15102* Improved file history presentation 15103* (bug 10739) Users can now enter comments when reverting files 15104* Improved handling of permissions errors 15105* (bug 10793) "Mark patrolled" links will now be shown for users with 15106 patrol permissions on all eligible diff pages 15107* (bug 10655) Show standard tool links for blocked users in block log messages 15108* Show standard tool links for blocked users in Special:Ipblocklist 15109* Miscellaneous aesthetic improvements to Special:Ipblocklist 15110* (bug 10826) Added link trail with Cyrillic characters for Mongolian language 15111* (bug 10859) Introduce 'UserGetImplicitGroups' hook; see docs/hooks.txt for 15112 more information 15113* (bug 10832) Include user information when viewing a deleted revision 15114* (bug 10872) Fall back to sane defaults when generating protection selector 15115 labels for custom restriction levels 15116* Show edit count in user preferences 15117* Improved support for audio/video extensions 15118* (bug 10937) Distinguish overwritten files in upload log 15119* Introduce 'ArticleUpdateBeforeRedirect' hook; see docs/hooks.txt for more 15120 information 15121* Confirmation is now required when deleting old versions of files 15122* (bug 7535) Users can now enter comments when deleting old versions of files 15123* (bug 11001) Submit Special:Newpages as a GET, rather than a POST request 15124* The <strong></strong> around links to watched pages in change lists now 15125 has a class - "mw-watched" 15126* (bug 9002) Provide a "view/restore deleted edits" link on Special:Upload 15127 when a destination filename is provided that corresponds with previous 15128 deleted files 15129* Make the "invalid special page" message clearer 15130* Add accesskey 's' and tooltip to 'upload file' button at Special:Upload 15131* Introduced 'SkinAfterBottomScripts' hook; see docs/hooks.txt for 15132 more information 15133* (bug 11095) Honour "preview on first edit" preference when preloading 15134 text for a non-existent page 15135* (bug 11022) Use a more accurate page title for Special:Whatlinkshere and 15136 Special:Recentchangeslinked 15137* Add link to user contributions in normal watchlist edit mode 15138* (bug 9426) Add 'newsectionheaderdefaultlevel' message to allow 15139 modification of the heading formatting for new sections when section=new 15140 argument is supplied 15141* (bug 10836) Add 'newsectionsummary' message to allow modification of the 15142 text that prefixes a new section link in Recent Changes 15143 15144== Bugfixes since 1.10 == 15145 15146* (bug 9712) Use Arabic comma in date/time formats for Arabic and Farsi 15147* (bug 9670) Follow redirects when render edit section links to transcluded 15148 templates. 15149* (bug 6204) Fix incorrect unindentation with $wgMaxTocLevel 15150* (bug 3431) Suppress "next page" link in Special:Search at end of results 15151* Don't show unblock form if the user doesn't have permission to use it 15152 (cosmetic change, no vulnerabilities existed) 15153* Subtitle success message when unblocking a block ID instead of a pseudo link 15154 like [[User:#123|#123]] 15155* Use the standard HTTP fetch functions when retrieving remote wiki pages 15156 through transwiki, so we can take advantage of cURL goodies if available 15157* Disable user JavaScript on Special:Userlogin, Special:Resetpass and 15158 Special:Preferences, to avoid a compromised script sniffing passwords, etc. 15159* (bug 9854, 3770) Clip overflow text in gallery boxes for visual cleanliness 15160 instead of letting it flow outside the box or trigger ugly scroll bars. 15161* Tooltips for print version and permalink 15162* Links to the MediaWiki namespace for system messages having their default 15163 values are no longer shown as nonexistent (e.g., in red) 15164* Special:Ipblocklist differentiates between empty list and no search results. 15165* (bug 5375) profiling does not respect read-only mode. 15166* (bug 7070) monobook/user.gif has antialias artifacts 15167* (bug 9123) Safer way when applying $wgLocalTZoffset 15168* (bug 9896) Documentation for $wgSquidServers and X-FORWARDED-FOR 15169* (bug 9417) Uploading new versions of images when using Postgres no longer 15170 throws warnings. 15171* (bug 9908) Using tsearch2 with Postgres 8.1 no longer gives an error. 15172* (bug 1438) Fix for diff table layout on very wide lines. 15173 Diff style rules have been broken out to common/diff.css, 15174 and the dupes removed from the default skin files. 15175 Skins can still override the default rules. 15176* (bug 1229) Balance columns in diff display evenly 15177* Right-align diff line numbers in RTL language display 15178* (bug 9332) Fix instructions in tests/README 15179* (bug 9813) Reject usernames containing '#' to avoid silent truncation 15180 of fragments during the normalisation process 15181* (bug 7989) RSS feeds content now use black text when using white background. 15182* (bug 9971) Typo in a french language message. 15183* (bug 9973) Changed size was shown in advanced recentchanges collapsible items 15184 with $wgRCShowChangedSized = false. 15185* Fix PHP strict standards warning in enhanced recent changes. 15186* (bug 5850) Added hexadecimal html entities comments for $digitTransformTable 15187 entries. 15188* (bug 7432) Change language name for Aromanian (roa-rup) 15189* (bug 908) Unexistent special pages now generate a red link. 15190* (bug 7899) Added \hline and \vline to the list of allowed TeX commands 15191* (bug 7993) support mathematical symbol classes 15192* (bug 10007) Allow Block IP to work with Postgrs again. 15193* Add Google Wireless Transcoder to the Unicode editing blacklist 15194* (bug 10083) Fix for Special:Version breakage on PHP 5.2 with some hooks 15195* (bug 3624) TeX: \ker, \hom, \arg, \dim treated like \sin & \cos 15196* (bug 10132, 10134) Restore back-compatibility Image::imageUrl() function 15197* (bug 10113) Fix double-click for view source on protected pages 15198* (bug 10117) Special:Wantedpages doesn't handle invalid titles in result 15199 set [now prints out a warning] 15200* (bug 10118) Introduced Special:Mostlinkedtemplates, report which lists 15201 templates with a high number of inclusion links 15202* (bug 10104) Fixed Database::getLag() for PostgreSQL and Oracle 15203* (bug 9820) session.save_path check no longer halts installation, but 15204 warns of possible bad values 15205* (bug 9978) Fixed session.save_path validation when using extended 15206 configuration format, e.g. "5;/tmp" 15207* Don't generate a diff link in the patrol log if the page doesn't exist 15208* (bug 10067) Translations for former skins removed from message files 15209* (bug 9993) Force $wgShowExceptionDetails on during installation 15210* (bug 9980) Validate administrator username and password during 15211 installation 15212* (bug 9383) Don't set a default value for BLOB column in rc-deleted 15213 database patch 15214* (bug 10149) Don't show full template list on section-0 edit 15215* (bug 9909) Ensure access to binary fields in the math table use encodeBlob() 15216 and decodeBlob() 15217* (bug 6743) Don't link broken image links to the upload form when uploads 15218 are disabled 15219* (bug 9679) Improve documentation for $wgSiteNotice 15220* (bug 10215) Show custom editing introduction when editing existing pages 15221* (bug 10223) Fix edit link in noarticletext localizations for fr, oc 15222* (bug 10247) Fix IP address regex to avoid false positive IPv6 matches 15223* (bug 9948) Workaround for diff regression with old Mozilla versions 15224* (bug 10265) Fix regression in category image gallery paging 15225* (bug 8577) Fix some weird misapplications of time zones. 15226 {{CURRENT*}} functions now consistently use UTC as intended, while 15227 {{LOCAL*}} functions return local time per server config or $wgLocaltimezone. 15228 Signature dates for Japanese and other languages including weekday now show 15229 the correct day to match the rest of the time in local time. 15230* Escape the output of magic variables that return page name or part of it 15231* (bug 10309) Initialise parser state properly in extractSections(), fixes 15232 some cases where section edits broke because tags were improperly stripped 15233* Avoid PHP notice errors when doing HTTP proxy purges for an empty list 15234* As intended, *skip* the HTTP proxy purges when doing HTCP purges 15235* (bug 9696) Fix handling of brace transformations in "pagemovedtext" 15236* (bug 10325) Fix regression in form action on Special:Listusers 15237* Fixed installation on MyISAM or old InnoDB with charset=utf8, was giving 15238 overlong key errors. 15239* Fixed zero-padding issues with MySQL 5 binary schema 15240* (bug 10344) Don't follow a redirect after changing its protection level 15241* (bug 10333) Correct date format in Slovenian 15242* (bug 10160) Show error message for unknown namespace on Special:Allpages and 15243 Special:Prefixindex; making forms prettier for RTL wikis. 15244* (bug 10334) Replace normal spaces before percent (%) signs with non-breaking 15245 spaces 15246* (bug 10372) namespaceDupes.php no longer ignores namespace aliases 15247* (bug 10198) namespaceDupes.php no longer ignores interwiki prefixes 15248* namespaceDupes.php should work better for initial-lowercase wikis 15249* (bug 10377) "Permanent links" to revisions still work if the page is moved 15250 and the redirect deleted 15251* (bug 7071) Properly handle an 'oldid' passed to view or edit that doesn't 15252 match the given title. Fixes inconsistencies with talk, history, edit links. 15253* (bug 10397) Fix AJAX watch error fallback when we receive a bogus result 15254* (bug 10396) Fix AJAX error when $wgScriptPath/index.php is not valid; 15255 using $wgScript now included in JS info 15256* Use native XMLHttpRequest class in preference to ActiveX on IE 7; this 15257 avoids the "ActiveX "Do you want to allow ActiveX?" prompt when something 15258 security settings are cranked this way and AJAX-y gets used. 15259* Delay AJAX watch initialization until click so IE 6 with ugly security 15260 settings doesn't prompt you until you use the link. 15261* (bug 10401) Provide non-redirecting link to original title in Special:Movepage 15262* Fix broken handling of log views for page titles consisting of one 15263 or more zeros, e.g. "0", "00" etc. 15264* Fix read permission check for special pages with subpage parameters, e.g. 15265 Special:Confirmemail 15266* Fix read permission check for unreadable page titles which are numerically 15267 equivalent to a whitelisted title 15268* '?>' closing tag removed from all files to help avoid problems with extraneous 15269 whitespace (broken XML feeds, etc.) 15270* Don't use garbled parser cache output when viewing custom CSS or JavaScript 15271 pages 15272* (bug 10406) Fix Special:Listusers filter form for non-ASCII localizations 15273* Fix empty message checks for message names containing & 15274 This corrects some odd behavior with sidebar items and custom namespaces 15275 containing ampersands. 15276* (bug 10375) Change thousands separator character to for Latin (la) 15277* (bug 10477) Fix AJAX watch for Farsi on Firefox: JavaScript encoding tweak 15278* (bug 10496) Fix broken DISTINCT option logic in database backend 15279* Fix CSS media declaration for "screen, projection"; was causing some 15280 validation issues 15281* (bug 10495) $wgMemcachedDebug set twice in includes/DefaultSettings.php 15282* (bug 10316) Prevent inconsistent cached skin settings in gen=js by setting 15283 the intended skin directly in the URL. 15284* (bug 9903) Don't mark redirects in categories as stubs 15285* (bug 6965) Cannot include "Template:R" with {{R}} (magic word conflict) 15286* Padding parser functions now work with strings like '0' that evaluate to false 15287* (bug 10332) Title->userCan( 'edit' ) may return false positive 15288* Fix bug with <nowiki> in front of links for wikis where linkPrefixExtension is 15289 true 15290* (bug 10552) Suppress rollback link in history for single-revision pages 15291* (bug 10538) Gracefully handle invalid input on move success page 15292* Fix for Esperanto double-x-encoding in move success page 15293* (bug 10526) Fix toolbar/insertTags behavior for IE 6/7 and Opera (8+) 15294 Now matches the selection behavior on Mozilla / Safari. 15295 Patch by Alex Smotrov. 15296* Don't show non-functional toolbar buttons on Opera 7 anymore 15297* (bug 9151) Fix relative subpage links with section fragments 15298* (bug 10560) Adding a space between category letter heading and "continues" 15299* (bug 4650) Keep impossibly large/small counts off Special:Statistics 15300* (bug 10608) PHP notice when installing with PostgreSQL 15301* (bug 10615) Fix for transwiki import when CURL not available 15302* (bug 8054) Return search page for empty search requests with ugly URLs 15303* (bug 10572) Force refresh after clearing visitation timestamps on watchlist 15304* (bug 10631) Warn when illegal characters are removed from filename at upload 15305* Fix several JavaScript bugs under MSIE 5/Macintosh 15306* (bug 10591) Use Arabic numerals (0,1,2...) for the Malayam language 15307* (bug 10642) Fix shift-click checkbox behavior for Opera 9.0+ and 6.0 15308* Work around Safari bug with pages ending in ".gz" or ".tgz" 15309* Removed obsolete maintenance/changeuser.sql script; use RenameUser extension 15310* (bug 2735) "Preview" shown in title bar for action=submit on special pages 15311* Removed "restore" links from the deletion log embedded in Special:Undelete 15312* Improved error reporting and robustness for file delete/undelete. 15313* Improved speed of file delete by storing the SHA-1 hash in image/oldimage 15314* Fixed leading zero in base 36 SHA-1 hash 15315* Protection form no longer produces JavaScript errors 15316* (bug 10741) File histories show "delete" links for non-sysops 15317* (bug 10744) Treat "noarticletext" and "noarticletextanon" as wiki text when 15318 used on a non-existent page with "action=info" 15319* Fix escaping of raw message text when used on a non-existent page with 15320 "action=info" 15321* (bug 10683) Fix inconsistent handling of URL-encoded titles in links 15322 used in redirects (i.e. they now work) 15323* (bug 8878) Changes to $dateFormats in German localization (removing unused, 15324 nonexistent formats, putting time after date) 15325* (bug 10769) Database::update() should return boolean result 15326* Fix preference checkbox display for right-to-left languages which caused 15327 them to be hidden in IE in some cases 15328* Fix upload form display in right-to-left languages 15329* Fixed regression in blocking of username '0' 15330* (bug 9437) Don't overwrite edit form submission handler when setting up 15331 edit box scroll position preserve/restore behavior 15332* (bug 10805) Fix "undo" link when viewing the diff of the most recent 15333 change to a page using "diff=0" 15334* (bug 10765) img_auth.php will now refuse logged-out requests where 15335 $wgWhitelistRead is undefined, instead of (incorrectly) honouring them 15336* Fixed img_auth.php file name extraction for whitelist checking 15337* Tweak spacing of email preference display 15338* Table sorting JavaScript prefers textContent over innerText to allow hidden 15339 sort keys to work on Safari 15340* (bug 4530) Fix local name of Kurdish language 15341* (bug 10830) Fix local name of Haitian Creole language 15342* Fix invalid XHTML in Special:Protectedpages 15343* Fix comments in contributions and log pages for right-to-left languages 15344* Make installer include_path-independent, so it should work on hosts which 15345 disable user setting of PHP include_path setting 15346* glob() is horribly unreliable and doesn't work on some systems, including 15347 free.fr shared hosting. No longer using it in Language::getLanguageNames() 15348* (bug 10763) Fix multi-insert logic for PostgreSQL 15349* Fix invalid XHTML when viewing a deleted revision 15350* Fix syntax error in translations of magic words in Romanian language 15351* (bug 8737) Fix warnings caused by incorrect use of `/dev/null` when piping 15352 process error output under Windows 15353* (bug 7890) Don't list redirects to special pages in Special:BrokenRedirects 15354* (bug 10783) Resizing PNG-24 images with GD no longer causes all alpha 15355 channel transparency to be lost and transparent pixels to be turned black 15356* (bug 9339) General error pages were transforming messages and their parameters 15357 in the wrong order 15358* (bug 9026) Incorrect heading numbering when viewing Special:Statistics with 15359 "auto-numbered headings" enabled 15360* Fixed invalid XHTML in Special:Upload 15361* (bug 11013) Make sure dl() is available before attempting to use it to check 15362 available databases in installer 15363* Resizing transparent GIF images with GD now retains transparency by skipping 15364 resampling 15365* (bug 11065) Fix regression in handling of wiki-formatted EXIF metadata 15366* Double encoding broke Special:Newpages for some languages 15367* Adding a newline before the statistics footer, to prevent parsing problems 15368* Preventing the TOC from appearing in Special:Statistics 15369* (bug 11082) Fix check for fully-specced table names in Database::tableName 15370* (bug 11067) Fix regression in upload conflict thumbnail display 15371* (bug 10985) Resolved cached entries on Special:DoubleRedirects were being 15372 suppressed, breaking paging - now strikes out "fixed" results 15373* (bug 8393) <sup> and <sub> need to be preserved (without attributes) for 15374 entries in the table of contents 15375* (bug 11114) Fix regression in read-only mode error display during editing 15376* Force non-MySQL databases to use an ORDER BY in SpecialAllpages to ensure 15377 that the first page_title is truly the first page title. 15378* (bug 10836) Change the summary on creating of new section 15379* Inclusion of Special:Wantedpages now works again 15380 15381== API changes since 1.10 == 15382 15383Full API documentation is available at https://www.mediawiki.org/wiki/API 15384 15385* New properties: links, templates, images, langlinks, categories, external 15386 links 15387* Breaking Change: imagelinks renamed into imageusage (il->iu) 15388* Bug fix: incorrect generator behavior in some cases 15389* JSON format allows an optional callback function to wrap the result. 15390* Login module disabled until a more secure solution can be implemented 15391* (bug 9938) Querying by revision identifier returns the most recent revision 15392 for the corresponding page, rather than the requested revision 15393* (bug 8772) Filter page revision queries by user 15394* (bug 9927) User contributions queries do not accept IP addresses 15395* Watchlist feed now reports a proper feed item when the user is not logged in 15396* Watchlist feed date bug fixed - automatically shows one last day 15397* Watchlist feed now allows to specify number of hours to monitor 15398* list=allpages now returns a list instead of a map in JSON format 15399* Breaking Change: in json, revisions are now returned as a list, not as a map. 15400* Add: prop=info can show page is new flag, current page length, and visit 15401 counter. 15402* Change: Query watchlist now shows flags only when explicitly requested with 15403 wlparam=flags 15404* rc_this_oldid (textid) is no longer accessible from query watchlist 15405* action=usercontribs: additional filtering by ucshow=; selection of needed 15406 fields with ucprop=; the textid (rev_text_id) is no longer being exposed 15407* (bug 9970) Breaking Change: backlinks, embeddedin and imageusage now return 15408 lists in JSON instead of a map, and do not return anything when titles do 15409 not exist 15410* (bug 9121) Introduced indexpageids query parameter to list the page_id 15411 values of all returned page items 15412* (bug 10147) Now interwiki titles are not processed but added to a separate 15413 "interwiki" section of the output. 15414* Added categorymembers list to query for pages in a category. 15415* (bug 10260) Show page protection status 15416* (bug 10392) Include MediaWiki version details in version output 15417* (bug 10411) Site language in meta=siteinfo 15418* (bug 10391) action=help doesn't return help if format is fancy markup 15419* backlinks, embeddedin and imageusage lists should use (bl|ei|iu)title 15420 parameter instead of titles. Titles for these lists is obsolete and might stop 15421 working soon. 15422* Added prop=imageinfo - gets image properties and upload history 15423* (bug 10211) Added db server replication lag information in meta=siteinfo 15424* Added external url search within wiki pages (list=exturlusage) 15425* Added link enumeration (list=alllinks) 15426* Added registered users enumeration (list=allusers) 15427* Added full text search in titles and content (list=search) 15428* (bug 10684) Expanded list=allusers functionality 15429* Possible breaking change: prop=revisions no longer includes pageid for 15430 rvprop=ids 15431* Added rvprop=size to prop=revisions (The size will not be shown if it is NULL 15432 in the database) 15433* list=allpages now allows to filter by article min/max size and protection 15434 status 15435* Added site statistics (siprop=statistics for meta=siteinfo) 15436* (bug 10902) Unable to fetch user contributions from IP addresses 15437* `list=usercontribs` no longer requires that the user exist 15438* (bug 10971) `aufrom` parameter doesn't work with spaces 15439* Fix username handling issue with `auprefix` parameter 15440* Treat underscores as spaces for `aufrom` and `auprefix` parameters 15441* Added edit/delete/... token retrieval to prop=info 15442* Added meta=userinfo - logged-in user information, group membership, rights 15443* (bug 11072) Fix regression in API image history query 15444* (bug 11115) Adding SHA1 hash to imageinfo query 15445* (bug 10898) API does not return an edit token for non-existent pages 15446* (bug 10890) Timestamp support for categorymembers query 15447* (bug 10980) Add exclude redirects on backlinks 15448* IPv6 titles in User namespace are normalized (run cleanupTitles.php to fix any 15449 old stray pages) 15450 15451== Maintenance script changes since 1.10 == 15452 15453* Add support for wgMaxTocLevel option in parserTests 15454* (bug 6823) Disable article view counter in maintenance/dumpHTML.php 15455* Fix maintenance/importImages.php so it doesn't barf PHP errors when no 15456 suitable files are found, and make the list of extensions an option (defaults 15457 to $wgFileExtensions) 15458* Add option to maintenance/createAndPromote.php to give the user bureaucrat 15459 permissions (--bureaucrat) 15460* Allow overwriting existing files with a conflicting name using 15461 maintenance/importImages.php 15462* (bug 10266) Use native newlines when rebuilding a messages file. 15463 15464== Languages updated since 1.10 == 15465 15466* Afrikaans (af) 15467* Arabic (ar) 15468* Bikol (bcl) 15469* Bulgarian (bg) 15470* Catalan (ca) 15471* Danish (da) 15472* German (de) 15473* Greek (el) 15474* Esperanto (eo) 15475* Spanish (es) 15476* Estonian (et) 15477* Extremaduran (ext) 15478* Farsi (fa) 15479* Finnish (fi) 15480* Vöro (fiu-vro) 15481* French (fr) 15482* Français Cadien (frc) (new) 15483* Franco-Provençal/Arpetan (frp) 15484* Galician (gl) 15485* Hakka (hak) 15486* Hebrew (he) 15487* Upper Sorbian (hsb) 15488* Haitian (ht) 15489* Indonesian (id) 15490* Icelandic (is) 15491* Italian (it) 15492* Japanese (ja) 15493* Georgian (ka) 15494* Kabyle (kab) 15495* Kazakh (kk) 15496* Korean (ko) 15497* Kinaray-a (krj) (new) 15498* Kurdish (ku) 15499* Latin (la) 15500* Lao (lo) 15501* Lithuanian (lt) 15502* Latviešu (lv) 15503* Malayalam (ml) 15504* Bahasa Melayu (ms) 15505* Burmese (my) 15506* Low German (nds) 15507* Dutch (nl) 15508* Norwegian (no) 15509* Occitan (oc) 15510* Punjabi (Gurmukhi) (pa) 15511* Polish (pl) 15512* Piedmontese (pms) 15513* Portuguese (pt) 15514* Romani (rmy) 15515* Romanian (ro) 15516* Aromanian (roa-rup) 15517* Russian (ru) 15518* Sakha (sah) 15519* Sango (se) (new) 15520* Slovak (sk) 15521* Slovenian (sl) 15522* Shona (sn) 15523* Somali (so) 15524* Albanian (sq) 15525* Sundanese (su) 15526* Swedish (sv) 15527* Tamil (ta) 15528* Thai (th) 15529* Tigrinya (ti) 15530* Setswana (tn) 15531* Tok Pisin (tpi) 15532* Uyghur (ug) 15533* Volapük (vo) 15534* Winaray (war) (new) 15535* Yiddish (yi) 15536* Old Chinese / Late Middle Chinese (zh-classical) 15537* Chinese (PRC) (zh-cn) 15538* Chinese (Taiwan) (zh-tw) 15539* Cantonese (zh-yue) 15540 15541== MediaWiki 1.10 == 15542 15543== MediaWiki 1.10.4 == 15544 15545March 2, 2008 15546 15547* Correction for API path fix, broken in 1.10.3 15548 15549== MediaWiki 1.10.3 == 15550 15551January 23, 2008 15552 15553This is a security update to the Winter 2007 quarterly release. A potential 15554XSS injection vector affecting api.php only for Microsoft Internet Explorer 15555users has been closed. 15556 15557 15558To work around the vulnerability without upgrading, you may disable the API if 15559you don't need it: 15560 15561:[[Manual:$wgEnableAPI|$wgEnableAPI]] = false; 15562 15563Not vulnerable versions: 15564* 1.12 or later 15565* 1.11 >= 1.11.1 15566* 1.10 >= 1.10.3 15567* 1.9 >= 1.9.5 15568* 1.8 any version (if $wgEnableAPI has been left off) 15569 15570Vulnerable versions: 15571* 1.11 <= 1.11.0rc1 15572* 1.10 <= 1.10.2 15573* 1.9 <= 1.9.4 15574* 1.8 any version (if $wgEnableAPI has been switched on) 15575 15576MediaWiki 1.7 and below are not affected as they do not include the API 15577functionality, however the BotQuery extension is similarly vulnerable unless 15578updated to the latest SVN version. 15579 15580== MediaWiki 1.10.2 == 15581September 10, 2007 15582 15583This is a security fix update to the Spring 2007 quarterly release snapshot. A 15584possible HTML/XSS injection vector in the API pretty-printing mode has been 15585found and fixed. 15586 15587The vulnerability may be worked around in an unfixed version by simply 15588disabling the API interface if it is not in use, by adding this to 15589LocalSettings.php: 15590:[[Manual:$wgEnableAPI|$wgEnableAPI]] = false; 15591 15592Not vulnerable versions: 15593* 1.11 >= 1.11.0 15594* 1.10 >= 1.10.2 15595* 1.9 >= 1.9.4 15596* 1.8 >= 1.8.5 15597 15598Vulnerable versions: 15599* 1.11 <= 1.11.0rc1 15600* 1.10 <= 1.10.1 15601* 1.9 <= 1.9.3 15602* 1.8 <= 1.8.4 (if $wgEnableAPI has been switched on) 15603 15604MediaWiki 1.7 and below are not affected as they do not include the faulty 15605function, however the BotQuery extension is similarly vulnerable unless updated 15606to the latest SVN version. 15607 15608== MediaWiki 1.10.1 == 15609July 13, 2007 15610 15611This is a bugfix update to the Spring 2007 quarterly release snapshot. A number 15612of fixes to improve compatibility with PostgreSQL, some versions of MySQL, and 15613some PHP configurations are included. 15614 15615Changes since 1.10.0: 15616 15617* (bug [[bugzilla:9417|9417]]) Uploading new versions of images when using 15618Postgres no longer throws warnings. 15619* (bug [[bugzilla:9908|9908]]) Using tsearch2 with Postgres 8.1 no longer gives 15620an error. 15621* (bug [[bugzilla:9973|9973]]) Changed size was shown in advanced recentchanges 15622collapsible items with $wgRCShowChangedSized = false. 15623* Fixed installation on MyISAM or old InnoDB with charset=utf8, was giving 15624overlong key errors. 15625* Fixed zero-padding issues with MySQL 5 binary schema 15626* (bug [[bugzilla:9820|9820]]) session.save_path check no longer halts 15627installation, but warns of possible bad values 15628* (bug [[bugzilla:9978|9978]]) Fixed session.save_path validation when using 15629extended configuration format, e.g. "5;/tmp" 15630 15631== MediaWiki 1.10.0 == 15632May 9, 2007 15633 15634This is the quarterly release snapshot for Spring 2007. See below for a full 15635list of changes since the 1.9.x series. 15636 15637Changes since 1.10.0rc2: 15638 15639* (bug [[bugzilla:9808|9808]]) Fix regression that ignored user 'rclimit' 15640option for Special:Contributions 15641 15642== MediaWiki 1.10.0rc2 == 15643May 4, 2007 15644 15645THIS IS A RELEASE CANDIDATE MADE AVAILABLE FOR TESTING! 15646A FINAL 1.10.0 RELEASE WILL APPEAR WITHIN A FEW DAYS. 15647 15648Changes since 1.10.0rc1: 15649* Various l10n fixes and updates 15650* Fix for upgrade of page_restrictions table 15651* (bug [[bugzilla:9780|9780]]) Fix normalization of titles with initial colon 15652followed by whitespace 15653* Fix for regression in upload: wrong size info saved into image table 15654* Avoid cyclic stub problems when authorization hooks do funny things with the 15655user and the database at load time 15656 15657== MediaWiki 1.10.0rc1 == 15658This is the Spring 2007 branch release of MediaWiki. 15659 15660MediaWiki is now using a "continuous integration" development model with 15661quarterly snapshot releases. The latest development code is always kept 15662"ready to run", and in fact runs our own sites on Wikipedia. 15663 15664Release branches will continue to receive security updates for about a year 15665from first release, but nonessential bugfixes and feature developments 15666will be made on the development trunk and appear in the next quarterly release. 15667 15668Those wishing to use the latest code instead of a branch release can obtain 15669it from source control: https://www.mediawiki.org/wiki/Download_from_SVN 15670 15671== Configuration changes == 15672 15673* A new switch $wgCommandLineDarkBg used by maintenance scripts 15674 (parserTests.php). It lets you specify if your terminal use a dark background, 15675 the colorized output will be made lighter making things easier to read. 15676* The minimum permissions needed to edit a page in each namespace can now be 15677 customized via the $wgNamespaceProtection array. By default, editing pages in 15678 the MediaWiki namespace requires "editinterface" permission, as before. 15679* Allow restriction of autoconfirmed permission by edit count. New global 15680 setting $wgAutoConfirmCount (defaulting to zero, naturally). 15681* Added rate limiter for Special:Emailuser 15682* Private logs can now be created using $wgLogRestrictions 15683* (Bug 8590) limited HTML is now always enabled ($wgUserHtml = true). 15684* Deprecated $wgUseImageResize, thumbnailing will be enabled unconditionally. 15685 15686== New features since 1.9 == 15687 15688* (bug 6937) Introduce "statistics-footer" message, appended to 15689 Special:Statistics 15690* (bug 6638) List block flags in block log entries 15691* (bugs 5051, 5376) Tooltips and accesskeys no longer require JavaScript 15692* Added SkinTemplateOutputPageBeforeExec hook before SkinTemplate::outputPage() 15693 starts page output 15694 (http://lists.wikimedia.org/pipermail/wikitech-l/2007-January/028554.html) 15695* Introduce "cascading protection" -- implicit protection on pages transcluded 15696 into a page protected with this option enabled 15697* (bug 8567) Added hook RawPageViewBeforeOutput just before the text is blown 15698 out in action=raw, so extensions might influence the output. 15699* (bug 3446) Add user preference to hide page content below diffs, can be 15700 overridden by adding diffonly=1 or diffonly=0 to the URL of the diff page 15701* Add 'purge' privilege to replace the hardcoded check for login state in 15702 determining whether action=purge can be done via GET. Switching the 15703 permission on for anons can be helpful for benchmarking. 15704* (bug 7842) Link back to deleted revision list from deleted revision preview 15705* (bug 8619) Add user-aware "unblock" link to Special:Blockip 15706* (bug 8522) Provide a "delete" link on Special:Brokenredirects for users with 15707 the appropriate permission 15708* (bug 8628) Add user-aware block list link to Special:Blockip 15709* (bug 8621) Log revisions marked as patrolled 15710* Introduce "BookInformation" hook; see docs/hooks.txt for more details 15711* Add title prefix search for Special:Undelete 15712* Remove full-archive list from Special:Undelete 15713* (bug 8136) Introduce 'ArticleUndelete' hook; see docs/hooks.txt for more info 15714* (bug 8712) Expose user groups as a JavaScript global 15715* Introduce 'CustomEditor' hook; see docs/hooks.txt for more information 15716* New special page, Special:Protectedpages, which shows all protected pages 15717 and their protection status (full protection status is not pulled out due 15718 to performance considerations, so it just shows "full protected" or 15719 "semi protected". 15720* (bug 4133) Allow page protections to be made with an expiry date, in the same 15721 format as block expiry dates. Existing protections are assumed to be infinite, 15722 as are protections made with the new field left blank. 15723* (bug 8535) Allow certain vertical alignment attributes to be used as image 15724 keywords 15725* (bug 6987) Allow perrow, widths, and heights attributes for <gallery> 15726* (bug 3678) Allow disabling MediaWiki:Aboutsite in the same way as 15727 MediaWiki:Disclaimers; Also means that if any of the footer links are 15728 disabled in the wiki's default language (by setting to "-"), they'll also 15729 be disabled in other languages too (e.g. if the user specifies uselang=fr). 15730* Sort log types in Special:Log 15731* Added a classname ("mw-toolbar-editbutton") and unique IDs to the edit 15732 toolbar buttons 15733* Hide irrelevant block options in Special:Blockip based on whether an 15734 IP address/range or username is listed. (Dynamic using JS.) 15735* (bug 9032) Make quickbarSettings localizable through Special:Allmessages 15736* (bug 7782) Standardisation of file info at image description pages. 15737* (bug 1035) View contributions / recentchanges for an IP range. 15738* (bug 8747) When unwatching pages from Special:Watchlist/edit, put the 15739 confirmation messages in a proper list with a CSS class and id. 15740* (bug 9118) Show relevant log fragments on deletion confirmatio page 15741* (bug 9009) Add username entry field to Special:Contributions 15742* (bug 1723) Article size in history 15743* (bug 9223) Disallow magic tilde sequences in page titles and usernames 15744* (bug 6997) Link from Special:log/block to unblock form 15745* (bug 9117) Link from Special:log/delete to undelete form 15746* Link from Special:log/protect to change protection form 15747* (bug 1196) Add IPv6 support added to blocks, more consistancy for IPv6 15748 contribs 15749* (bug 3984) Searching in logs by title% 15750* Show thumbnail of existing image if image exists already under this filename 15751* (bug 5546) Watchlist reflects logged actions like move, protection, undelete 15752* Support protocols other than HTTP in LinkFilter, use $wgUrlProtocols 15753* (bug 3069) Warning on upload of scaled down images 15754* Warning on upload of images with uppercase extension if image with lowercase 15755 extension exists 15756* (bug 4624) Namespace selection for Special:Whatlinkshere 15757* Introduce PageHistoryBeforeList and PageHistoryLineEnding hooks; see 15758 docs/hooks.txt for more information 15759* (bug 9397) Introduce "sp-contributions-footer" and 15760 "sp-contributions-footer-anon" messages, shown at the end of 15761 Special:Contributions as appropriate for the target 15762* (bug 8421) Expose current action in JavaScript globals (as 'wgAction') 15763* (bug 9069) Use galleries in query pages dedicated to images 15764* (bug 9177) Installer now warns of various conditions affecting 15765 session.save_path which can lead to broken session storage 15766* (bug 9046) Special page to list pages without language links 15767* (bug 9508) Special page to list articles with the fewest revisions 15768* Introduce 'FileUpload' hook; see docs/hooks.txt for more information 15769* Introduce 'SearchUpdate' hook; see docs/hooks.txt for more information 15770* Introduce 'mywatchlist' message; used on personal menu to link to watchlist 15771 page 15772* Introduce magic word {{NUMBEROFEDITS}} 15773* Introduced media handlers for file-type specific operations. 15774* Improved error reporting for image thumbnailing 15775* Added sharpening option for ImageMagick thumbnailing 15776* (bug 9656) Autosummaries will be generated for deletion of pages longer than 15777 500 characters 15778* Predefined block reasons added to Special:Blockip 15779* (bug 9196) Installer now check that zend.ze1_compatibility_mode is off 15780* (bug 9697) Introduce 'InternalParseBeforeLinks' hook; see docs/hooks.txt for 15781 more information 15782* 'contribsub' message changed to 'contribsub2' with two parameters to permit 15783 better localization. Change is reverse-compatible and can be ignored for 15784 most wikis. 15785* Adding a 'reason' field to Special:Userrights 15786 15787== Bugfixes since 1.9 == 15788 15789* (bug 7292) Fix site statistics when moving pages in/out of content namespaces 15790* (bug 8531) Correct local name of Lingála 15791* Made the PLURAL: parser function return singular on -1 per default 15792* Fixed up the AjaxSearch 15793* Fix SpecialVersion->formatCredits input. Version and Url parameters should be 15794 null to be treated properly with isset. 15795* Page restrictions moved into a new, dedicated table 15796* Correct tooltip accesskey hint for Opera on the Macintosh 15797 (uses Shift-Esc-, not Ctrl-). 15798* (bug 8002) Math should render left-to-right even in right-to-left wikis 15799* Pass e-mail and real name fields to AuthPlugin::addUser, as additional 15800 optional fields, which may be considered useful at registration time. 15801* PostgreSQL upgrade scripts fixed and updated 15802* (bug 8613) Fix error when viewing "Recent Changes" and using Postgres. 15803* Initialise site_stats table at upgrade time if data was missing 15804* (bug 7250) Updated Unicode normalization tables to Unicode 5.0 15805* Unmaintained Oracle support files have been removed. 15806* Use browser default for printing size, don't force to 11pt 15807* (bug 8632) Fix regression in page protection null edit update 15808* (bug 8407) Disallow indexing of "printable" versions 15809* (bug 8643) Correctly escape the page-specific CSS class for non-Monobook skins 15810* (bug 8629) Document $wgFilterCallback 15811* (bug 1000) Clarify warning about memory_limit in installer 15812* Suppress PHP warning about set_time_limit in installer when safe mode is on 15813* (bug 3000) Fall back to SCRIPT_NAME plus QUERY_STRING when REQUEST_URI is 15814 not available, as on IIS with PHP-CGI 15815* Missing interwiki row for English Wikipedia restored (as "wikipedia:") 15816* use configured cache servers for mctest.php 15817* bucket details in mcc.php 15818* fix input validation and remove debugging code in compressOld 15819* full ID range for moveToExternal 15820* fix resolveStubs.php for compatibility with older serialized data 15821* maximum line length for bar graphs in getLagTimes.php 15822* recognize specieswiki in rebuildInterwiki.inc 15823* profile unicode cleanup in Xml 15824* log slow parses in Article.php 15825* profile wfMsgReal 15826* log mkdir failures 15827* profile AutoLoader 15828* rebuild empty DjVu metadata containing '' 15829* security fix for DjVu metadata retrieval 15830* Undelete page list can use plural marker 15831* (bug 8638) Fix update from 1.4 and earlier 15832* (bug 8641) Fix order of updates to ipblocks table 15833* (bug 8678) Fix detection of self-links for numeric titles in Parser 15834* (bug 6171) Magically close tags in tables when not using Tidy. 15835* Sanitizer now correctly escapes lonely '>' occurring before the first wikitag. 15836* Ignore self closing on closing tags ( '</div />' now gives '</div>') 15837* (bug 8673) Minor fix for web service API content-type header 15838* Fix API revision list on PHP 5.2.1; bad reference assignment 15839* (bug 8688) Handle underscores/spaces in Special:Blockip and 15840 Special:Ipblocklist in a consistent manner 15841* (bug 8701) Check database lock status when blocking/unblocking users 15842* ParserOptions and ParserOutput classes are now in their own files 15843* (bug 8708) Namespace translations for Zealandic language 15844* Renamed constructor methods to PHP 5 __construct reserved name 15845* (bug 8715) Warn users when editing an interface message whether or not the 15846 message page exists 15847* ar: fix the 'create a new page' on search page when no exact match found 15848* (bug 8703) Corrected talk and image namespace name for Limburgish (li) 15849* (bug 8671) Expose "wpDestFile" as a parameter to "uploadtext" 15850* (bug 8403) Respect bad image list exceptions in galleries on wiki pages 15851* Allow sending per-user contribution requests to "contributions" query group 15852* (bug 3717) Update user count for AuthPlugin account autocreation 15853* (bug 8719) Firefox release notes lie! Fix tooltips for Firefox 2 on x11; 15854 accesskeys default settings appear to be same as Windows. 15855* Added an option to make Linker::userToolLinks() show the contribs link 15856 red when the user has no edits. Linker::userToolLinksRedContribs() is an 15857 alias to that which should be used to make it more self documentating. 15858* (bug 8749) Bring MySQL 5 table defs back into sync 15859* (bug 8751) Set session cookies to HTTPS-only to match other cookies 15860* (bug 8652) Catch exceptions generated by malformed XML in multipage media 15861* (bug 8782) Help text in Makefile 15862* (bug 8777) Suppress 'previous' link on Special:Allpages when at first page 15863* (bug 8774) Fix path for GNU FDL rights icon on new installs 15864* Fix multipage selector drop-down for DjVu images to work when title 15865 is passed as a query string parameter; we have to pass the title as 15866 a form parameter or it gets dropped from the form submission URL 15867* (bug 8819) Fix full path disclosure in with skins dependencies 15868* Fixed bug affecting HTML formatting in sortable table column titles 15869* Merged table sorting code into wikibits.js 15870* (bug 8711) Stop floats in previews from spilling into edit area 15871* (bug 8858) Safer handling when $wgImageLimits is changed. Added a note 15872 in DefaultSettings to make it clear. 15873* (bug 4268) Fixed data-loss bug in compressOld batch text compression 15874 affecting pages which had null edits (move, protect, etc) as second 15875 edit in a batch group. Isolated and patched by Travis Derouin. 15876* Fix for paths in 1.4->1.5 special-case updater script 15877* (bug 8789) AJAX search: IE users can now use the return key 15878* (bug 6844) Use <ins> and <del> tags to emphase the differences 15879* (bug 6684) Fix improper javascript array iteration 15880* (bug 4347) use MailAddress object for reply-to 15881* Add AlphabeticPager abstract class 15882* Use faster AlphabeticPager for Special:Categories 15883* (bug 8875) Show printable link in MonoBook sidebar for locally nonexistent 15884 pages; perhaps useful for categories and shared images 15885* Clean up session checks to better handle the case where the session was 15886 opened during the current request. May help with some caching corner 15887 cases. 15888* (bug 8897) Fix whitespace removal for interlanguage links with link prefix 15889* Add 'ParserTestTables' hook to expand the list of temporary tables copied 15890 by the parser test harness; use for extensions which require the presence 15891 of other tables while they work. 15892* Message names changed for AlphabeticPager introduced with r19758 15893 for better localisations. 15894* (bug 8944) The deprecated is_a() function is used in StubObjects.php 15895* (bug 8992) Fix a remaining raw use of REQUEST_URI in history 15896* (bug 8999) User.php gives "undefined user editcount" PHP notice. 15897* (bug 8984) Fix a database error in Special:Recentchangeslinked 15898 when using the Postgres database. 15899* Moved the main ob_start() from the default LocalSettings.php to WebStart.php. 15900 The ob_start() section should preferably be removed from older 15901 LocalSettings.php files. 15902* Give Content-Length header for HTTP/1.0 clients. 15903* Partial support for Flash cross-domain-policy filtering. 15904* Lazy-initialize site_stats row on load when empty. Somewhat kinder to 15905 dump-based installations, avoiding PHP warnings when NUMBEROFARTICLES 15906 and such are used. 15907* Add 'charset' to Content-Type headers on various HTTP error responses 15908 to forestall additional UTF-7-autodetect XSS issues. PHP sends only 15909 'text/html' by default when the script didn't specify more details, 15910 which some inconsiderate browsers consider a license to autodetect 15911 the deadly, hard-to-escape UTF-7. 15912 This fixes an issue with the Ajax interface error message on MSIE when 15913 $wgUseAjax is enabled (not default configuration); this UTF-7 variant 15914 on a previously fixed attack vector was discovered by Moshe BA from BugSec: 15915 http://www.bugsec.com/articles.php?Security=24 15916* Trackback responses now specify XML content type 15917* (bug 9044) Send a comment with action=raw pages in CSS/JS output mode 15918 to work around IE/Mac bug where empty pages time out verrrrryyyyy slowly, 15919 particularly with new keepalive-friendly HTTP on Wikipedia 15920* (bug 8919) Suppress paging links and related messages where there are no 15921 rows to list for query pages 15922* (bug 9057) Standardize MediaWiki: namespace for oc 15923* (bug 8132) Suppress "Pages in this category" heading in categories when 15924 there are none 15925* (bug 8958) Handle search operators better when using tsearch2 (Postgres) 15926* (bug 8799) Use redirect table for Special:BrokenRedirects and 15927 Special:DoubleRedirects 15928* (bug 8918) Enable PLURAL option for MediaWiki:showingresults and 15929 MediaWiki:showingresultsnum 15930* (bug 9122) Fix minor display issue in RTL with section edit link margin 15931* (bug 5805) Enable PLURAL option for some messages of watchlist and statistic 15932* (bug 3953) Work around poor display of parenthesis in the in other 15933 languages section of MonoBook skin 15934* (bug 8539) Enable PLURAL option for another message of recentchanges. 15935* (bug 8728) MediaWiki:Badfiletype split into 3 messages 15936* (bug 9131) Allow SpecialContributions to work with Postgres 15937* (bug 9155) Allow footer info to wrap in Monobook 15938* (bug 8847) Strip spurious #fragments from request URI to fix redirect 15939 loops on some server configurations 15940* (bug 9097) column "pr_pagetype" does not exist 15941* (bug 9217) Balance wfProfile calls in Skin::outputPage 15942* (bug 9222) PostgreSQL updater should not be version-specific 15943* Fix fallback implementation of mb_strlen so it works and isn't insanely 15944 slow for large strings, since it's used for page edit lengths 15945* (bug 8815) Setting password in initUser() breaks LdapAuthentication plugin 15946* (bug 9256) Add a quick note to index.php header comments 15947* Make Special:Listusers caseinsensitive for first letter 15948* Default tidy.conf has been moved from extensions module into includes. 15949* Ignore lonely ''''' 15950* (bug 9244) When calling edit page for nonexistent section, generate error 15951 inside of just discarding edits, since edit links sometimes go to the wrong 15952 place. 15953* (bug 9019) No warning during upload if image description page exists, but no 15954 image 15955* (bug 8582) Allow thumbnailing when imagesize has a space. 15956* (bug 8716) Change math_inputhash and math_outputhash to bytea for Postgres 15957* (bug 9343) Correct internal name for Wolof language 15958* (bug 9363) Fix Postgres error on Recentchangeslinked 15959* (bug 5142) Fixed call of hook ArticleViewHeader 15960* (bug 4777) Separate prev/next messages for Special:Whatlinkshere 15961* Merge approx 15 missing Wikipedia language codes into wikipedia-interwiki.sql 15962 based on Jeff Merkey's mediawiki-1.9.3.WG-20070316.tar.gz.bz2 archive. 15963* (bug 9411) Fix for shared image descriptions using query-string titles 15964* (bug 4756) Add user tool links for self created accounts at special:log 15965 instead of sometimes broken block links from newuserlog extension 15966* (bug 5817) Special:Recentchangeslinked now shows red link for nonexistent 15967 target page instead of silently redirecting 15968* (bug 8914) Don't transform colons in {{anchorencode:}} 15969* (bug 9241) Handle edit section links and include size links for cached 15970 templates the same as the first transclusion. 15971* (bug 9466) "Rollback failed" page doesn't format edit comment 15972* (bug 9472) Invalid XHTML on cached special pages 15973* (bug 9472) Invalid XHTML on Special:Newpages 15974* (bug 4764) "My contributions" not bold when viewing own contributions 15975* (bug 9194) Add {{PLURAL:...}} to navigation bar of Special:Whatlinkshere 15976* (bug 9033) Use a more specific error message when users are not able/allowed 15977 to edit page protection levels due to a block, database lock or permissions 15978* Fixed $wgFeedLimit 15979* (bug 9270) Corrected help namespace name for Dutch Lower Saxon (nds-nl) 15980* (bug 929, 4215) Expose "rcdays" user preference in Special:Preferences 15981* (bug 9554) Extension-provided group name messages not used 15982* (bug 9565) Translate template namespace name for Hindi (hi) 15983* (bug 8599) Correct localized names of zh-variants 15984* (bug 3366) Require skins based on SkinTemplate to override the skinname 15985 property. 15986* (bug 9220) Removed obsoletes functions in install-utils.inc. 15987* Removed obsoletes Title::getRelatedCache and Title:touchArray 15988* (bug 7285) Check MySQL username length during install 15989* (bug 6910) Correct date/time formats in Vietnamese (vi) 15990* (bug 9608) Correctly use ORDER BY in dumpLinks.php 15991* (bug 9609) Correctly use ORDER BY in SpecialWhatlinkshere.php 15992* Special:Random and Special:Randomredirect now try harder to send the user to 15993 a random page, and will give an error message if none really can be found 15994 instead of sending the user to the main page like they used to 15995* Fix object variable used for displaying "not-patrolled" CSS class on list 15996* Fixed interaction of page parameter to ImagePage with the HTML file cache 15997* Fixed MIME type for SVG files, will be silently changed from image/svg 15998 to image/svg+xml after loading from the database. 15999* Workaround for djvutoxml bug #1704049 (poor performance). Use djvudump 16000 instead. 16001* Fixed odd behavior in ImagePage on DjVu thumbnailing errors 16002* (bug 5439) "Go" title search will now jump to shared/foreign Image: and 16003 MediaWiki: pages that have not been locally edited. 16004* (bug 9630) Limits links in Whatlinkshere forgot about namespace filter 16005* Fixed upgrade for the non-standard MySQL schemas 16006* Disable MySQL's strict mode at session start for MySQL 4.1+, to avoid the 16007 various problems that occur when it is on. 16008* (bug 9585) Fix regression in tidy usage in Special:Undelete previews 16009* (bug 3826) Normalize some invalid cookie name characters when setting 16010 up $wgCookiePrefix. Completes application of patch by Anders Kaseorg. 16011* (bug 9649) Fix RTL form alignment for Special:Movepage 16012* (bug 9582) Members of bot group now mark edits patrolled by default 16013* (bug 9669) Fix limit ordering for rebuildrecentchanges; broken since 16014 converted from 1.4 to 1.5 schema 16015* (bug 9682) Revert PHP 5.1 dependency on warning suppression for SVN info 16016* (bug 5959) Anchors dropped from stub links 16017* (bug 3348) Some additional weak password checks: password which is same 16018 as username will now be rejected. 16019* (bug 8602) Converted Special:Contributions to use an IndexPager. The 16020 interpretation of the offset parameter has changed, and the go parameter 16021 has been removed. 16022* (bug 6204) Fixes for indentation with $wgMaxTocLevel: 16023 - don't emit too many list close tags after an invisible header 16024 - don't emit too many final list close tags if last header is invisible 16025 - don't emit TOC when there are no visible headers 16026* (bug 7629) Fix $wgBrowserBlackList to avoid false positive on MSIE 16027 when certain plugins are present which alter the user agent 16028 16029 16030== Maintenance == 16031 16032* New script maintenance/language/checkExtensioni18n.php used to check i18n 16033 progress in the extension repository. 16034* Running maintenance/parserTests.php with '--record' option, will now 16035 automatically attempt to create the required tables 16036* --purge option to do additional parser-cache purging for purgeList.php 16037* Fix hardcoded background color in parserTests.php 16038* parserTests.php : removed the 'light' option for --color argument, replacing 16039 it with a new global switch : $wgCommandLineDarkBg 16040* (bug 8780) Clarify message for command-line scripts if LocalSettings.php 16041 exists but is not readable 16042* dumpBackup / importDump now work with PostgreSQL 16043* (bug 8975) Use "Maintenance script" as the default username for 16044 importImages.php and importTextFile.php scripts 16045* (bug 8933) Fix maintenance/reassignEdits.php script 16046* (bug 9440) Added "mediawikiwiki" interwiki prefix to MediaWiki.org 16047* (bug 2979) Import now gracefully skips invalid titles with a warning 16048* Restore '--norc' option for maintenance/importTextFile.php 16049* Help information for maintenance/importTextFile.php now easier to read on 16050 consoles 16051* Doxygen documentation now show the revision number of each file, generate 16052 graphs using dot and include a search engine. 16053 16054 16055== Languages updated == 16056 16057* Arabic (ar) 16058* Aramaic (arc) 16059* Aymara (ay) 16060* Belarusian normative (be) 16061* Belarusian alternative (be-x-old) 16062* Bulgarian (bg) 16063* Bihara (bh) 16064* Breton (br) 16065* Catalan (ca) 16066* Czech (cs) 16067* Danish (da) 16068* German (de) 16069* Greek (el) 16070* Esperanto (eo) 16071* Spanish (es) 16072* Estonian (et) 16073* Basque (eu) 16074* Finnish (fi) 16075* Võro (fiu-vro) 16076* French (fr) 16077* Hebrew (he) 16078* Hindi (hi) 16079* Upper Sorbian (hsb) 16080* Hungarian (hu) 16081* Armenian (hy) 16082* Indonesian (id) 16083* Italian (it) 16084* Japanese (ja) 16085* Javanese (jv) 16086* Georgian (ka) 16087* Kabyle (kab) 16088* Kazakh (kk) 16089* Korean (ko) 16090* Kashmiri (ks) 16091* Ripuarian (ksh) 16092* Latin (la) 16093* Luganda (lg) 16094* Limburgish (li) 16095* Lithuanian (lt) 16096* Latvian (lv) 16097* Marathi (mr) 16098* Low Saxon (nds) 16099* Dutch Lower Saxon (nds-nl) 16100* Nepali (ne) 16101* Nepal Bhasa (new) 16102* Dutch (nl) 16103* Occitan (oc) 16104* Pali (pi) 16105* Polish (pl) 16106* Romanian (ro) 16107* Russian (ru) 16108* Sanskrit (sa) 16109* Sicilian (scn) 16110* Slovak (sk) 16111* Sundanese (su) 16112* Swedish (sv) 16113* Tahitian (ty) 16114* Ukrainian (uk) 16115* Urdu (ur) 16116* Uzbek (uz) 16117* Vietnamese (vi) 16118* Zealandic (zea) 16119* Old Chinese / Late Middle Chinese (zh-classical) 16120* Chinese (PRC) (zh-cn) 16121* Chinese (Taiwan) (zh-tw) 16122* Cantonese (zh-yue) 16123 16124== Compatibility == 16125 16126MediaWiki 1.10 requires PHP 5 (5.1 recommended). PHP 4 is no longer supported. 16127 16128PHP 5.0.x fails on 64-bit systems due to serious bugs with array processing: 16129http://bugs.php.net/bug.php?id=34879 16130Upgrade affected systems to PHP 5.1 or higher. 16131 16132MySQL 3.23.x is no longer supported; some older hosts may need to upgrade. 16133At this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases. 16134 16135 16136== Upgrading == 16137 161381.10 has several database changes since 1.9, and will not work without schema 16139updates. 16140 16141If upgrading from before 1.7, you may want to run refreshLinks.php to ensure 16142new database fields are filled with data. 16143 16144If you are upgrading from MediaWiki 1.4.x or earlier, some major database 16145changes are made, and there is a slightly higher chance that things could 16146break. Don't forget to always back up your database before upgrading! 16147 16148See the file UPGRADE for more detailed upgrade instructions. 16149 16150= MediaWiki release notes = 16151Security reminder: MediaWiki does not require PHP's register_globals 16152setting since version 1.2.0. If you have it on, turn it *off* if you can. 16153 16154= MediaWiki 1.9 = 16155 16156== MediaWiki 1.9.6 == 16157 16158March 2, 2008 16159 16160* Correction for API path fix, broken in 1.9.5 16161 16162== MediaWiki 1.9.5 == 16163 16164January 23, 2008 16165 16166This is a security update to the Winter 2007 quarterly release. A potential XSS 16167injection vector affecting api.php only for Microsoft Internet Explorer users 16168has been closed. 16169 16170 16171To work around the vulnerability without upgrading, you may disable the API if 16172you don't need it: 16173 16174:[[Manual:$wgEnableAPI|$wgEnableAPI]] = false; 16175 16176Not vulnerable versions: 16177* 1.12 or later 16178* 1.11 >= 1.11.1 16179* 1.10 >= 1.10.3 16180* 1.9 >= 1.9.5 16181* 1.8 any version (if $wgEnableAPI has been left off) 16182 16183Vulnerable versions: 16184* 1.11 <= 1.11.0rc1 16185* 1.10 <= 1.10.2 16186* 1.9 <= 1.9.4 16187* 1.8 any version (if $wgEnableAPI has been switched on) 16188 16189MediaWiki 1.7 and below are not affected as they do not include the API 16190functionality, however the BotQuery extension is similarly vulnerable unless 16191updated to the latest SVN version. 16192 16193== MediaWiki 1.9.4 == 16194 16195September 10, 2007 16196 16197This is a security and bug fix update to the Winter 2007 quarterly release. 16198Minor compatibility fixes for IIS 5 are included. 16199 16200* (bug [[bugzilla:8847|8847]]) Strip spurious #fragments from request URI to 16201fix redirect loops on some server configurations 16202* A possible HTML/XSS injection vector in the API pretty-printing mode has been 16203found and fixed. 16204 16205The vulnerability may be worked around in an unfixed version by simply 16206disabling the API interface if it is not in use, by adding this to 16207LocalSettings.php: 16208 16209:[[Manual:$wgEnableAPI|$wgEnableAPI]] = false; 16210 16211Not vulnerable versions: 16212* 1.11 >= 1.11.0 16213* 1.10 >= 1.10.2 16214* 1.9 >= 1.9.4 16215* 1.8 >= 1.8.5 16216 16217Vulnerable versions: 16218* 1.11 <= 1.11.0rc1 16219* 1.10 <= 1.10.1 16220* 1.9 <= 1.9.3 16221* 1.8 <= 1.8.4 (if $wgEnableAPI has been switched on) 16222 16223MediaWiki 1.7 and below are not affected as they do not include the faulty 16224function, however the BotQuery extension is similarly vulnerable unless updated 16225to the latest SVN version. 16226 16227== MediaWiki 1.9.3 == 16228 16229February 20, 2007 16230 16231This is a security and bug-fix update to the Winter 2007 quarterly release. 16232Minor compatibility fixes for IIS and PostgreSQL are included. 16233 16234An XSS injection vulnerability based on Microsoft Internet Explorer's UTF-7 16235charset autodetection was located in the AJAX support module, affecting MSIE 16236users on MediaWiki 1.6.x and up when the optional setting $wgUseAjax is enabled. 16237 16238If you are using an extension based on the optional Ajax module, either disable 16239it or upgrade to a version containing the fix: 16240 16241* 1.9: fixed in 1.9.3 16242* 1.8: fixed in 1.8.4 16243* 1.7: fixed in 1.7.3 16244* 1.6: fixed in 1.6.10 16245 16246There is no known danger in the default configuration, with ''$wgUseAjax'' off. 16247 16248* ([[mediazilla:8992|8992]]) Fix a remaining raw use of REQUEST_URI in history 16249* ([[mediazilla:8984|8984]]) Fix a database error in 16250Special:Recentchangeslinked when using the PostgreSQL database. 16251* Add ''charset'' to Content-Type headers on various HTTP error responses to 16252forestall additional UTF-7-autodetect XSS issues. PHP sends only ''text/html'' 16253by default when the script didn't specify more details, which some 16254inconsiderate browsers consider a license to autodetect the deadly, 16255hard-to-escape UTF-7. This fixes an issue with the Ajax interface error message 16256on MSIE when ''$wgUseAjax'' is enabled (not default configuration); this UTF-7 16257variant on a previously fixed attack vector was discovered by Moshe BA from 16258BugSec: [http://www.bugsec.com/articles.php?Security=24 16259http://www.bugsec.com/articles.php?Security=24] 16260* Trackback responses now specify XML content type 16261 16262== MediaWiki 1.9.2 == 16263 16264February 4, 2007 16265 16266This is a bug-fix update that fixes some installation and other minor issues 16267with the 1.9.1 release as well as a security issue which was introduced in the 162681.9 branch. 16269 16270JavaScript code which regenerated the "sortable tables" feature did not 16271properly sanitize input, leading to an HTML injection vulnerability. 16272 16273* ([[mediazilla:8774|8774]]) Fix path for GNU FDL rights icon on new installs 16274* ([[mediazilla:8819|8819]]) Fix full path disclosure with skins dependencies 16275* ([[mediazilla:8819|8819]]) Fixed data-loss bug in compressOld batch text 16276compression affecting pages which had null edits (move, protect, etc) as second 16277edit in a batch group. Isolated and patched by Travis Derouin. 16278* Security fix for sortable tables JavaScript 16279 16280== MediaWiki 1.9.1 == 16281 16282January 24, 2007 16283 16284This is a bug-fix update that fixes some installation and upgrade issues with 16285the original 1.9.0 release. 16286 16287* ([[mediazilla:3000|3000]]) Fall back to SCRIPT_NAME plus QUERY_STRING when 16288REQUEST_URI is not available, as on IIS with PHP-CGI 16289* Security fix for DjVu images. (Only affects servers where .djvu file uploads 16290are enabled and ''$wgDjvuToXML'' is set.) 16291* ([[mediazilla:8638|8638]]) Fix update from 1.4 and earlier 16292* ([[mediazilla:8641|8641]]) Fix order of updates to ipblocks table for updates 16293from <=1.7 16294* ([[mediazilla:8673|8673]]) Minor fix for web service API content-type header 16295* Fix API revision list on PHP 5.2.1; bad reference assignment 16296* Fixed up the AjaxSearch 16297* Exclude settings files when generating documentation. That could expose the 16298database user and password to remote users. 16299* ar: fix the 'create a new page' on search page when no exact match found 16300* Correct tooltip accesskey hint for Opera on the Macintosh (uses Shift-Esc-, 16301not Ctrl-). 16302* ([[mediazilla:8719|8719]]) Firefox release notes lie! Fix tooltips for 16303Firefox 2 on x11; accesskeys default settings appear to be same as Windows. 16304 16305== Changes since 1.8 == 16306 16307* (bug 8200) Make category lists sorted by name when using Postgres. 16308* (bug 7841) Support 'IGNORE' inserts for Postgres, fixes watchlist 16309 adding problem. 16310* (bug 6835) Removing the includes/Parser.php::getTemplateArgs() function, 16311 because it seems to be unused. 16312* (bug 7139) Increasing the visual width of the edit summary field on larger 16313 screen sizes, for the default monobook skin. 16314* Fix PHP notice and estimates for dumpBackup.php and friends 16315* Improved register_globals paranoia checks 16316* (bug 7545) Fix PHP version check on install 16317* Disable PHP exception backtrace printing unless $wgShowExceptionDetails 16318 is set. Backtraces may contain sensitive information in function call 16319 parameters. 16320* (bug 6164) Avoid smashing Cite state if message transformation triggers 16321 during bad image list check, by skipping message transformation. 16322 This isn't a good permanent fix. 16323* (bug 6918) Stopped borders and backgrounds from showing through floated 16324 tables in Monobook 16325* (bug 6868) Un-hardcode section edit link style 16326* (bug 3205) Stop right floats from stacking horizontally in non-Monobook skins 16327* Added global $wgStyleVersion to centralize bumping CSS and JS file versions 16328 for cache-friendly style and script updating 16329* (bug 7562) Fix non-ASCII namespaces on Windows/XAMPP servers 16330* Friendlier check for PHP 5 in command-line scripts; it's common for parallel 16331 PHP 4 and 5 installations to interfere on the command-line. 16332* Fix regression in autoconfirm permission check 16333* (bug 3015) Add CSS ids to subcategory and page sections on category pages 16334* (bug 7587) Fix erroneous id for specialpage tab, enabling informative popup 16335* (bug 7599) Fix thumbnail purging, PHP notices on HTCP image page purge 16336* (bug 7581) Update language name for cbk-zam 16337* (bug 7444) Update namespace translations for Telugu (te), kept old values as 16338 alias for compatibility 16339* (bug 4525) Move section links down visually to same level as headings 16340 (editsection links are now inside the heading elements) 16341* Workaround for http://bugs.php.net/bug.php?id=31892 , PATH_INFO and hence 16342 URLs of the style /index.php/Main_Page were broken on some CGI installations. 16343* (bug 7623) Validate custom HTML id's correctly in Monobook interface 16344* (bug 2241) Fix collision of 'w' and 'd' accesskeys 16345* (bug 5795) CSS class added to body based on page name for page-specific 16346 styling 16347* (bug 6276) Stopped search field from getting too large in Cologne Blue 16348* (bug 7644) User creations that are aborted by hooks shouldn't be counted 16349 against account creations per day limit 16350* (bug 7636) Show Firefox 2 users correct accesskey prefix 16351* (bug 6427) Block blocked IPs from using the mail password function 16352 to allow blocking of flooders 16353* Include common.css from classic-style skins in main HTML with the bump URL 16354* (bug 7607) Add Karakalpak (kaa) to Names.php and stub message file for 16355 linktrail 16356* (bug 7582) Add 'tog-nolangconversion' to MessagesEn.php. 16357 This key is need for languages with variants (zh, sr, kk) 16358* (bug 7606) MediaWiki messages for "rss" and "atom" missing 16359* (bug 7609) Add some more '*-summary' messages to MessagesEn.php with empty 16360 strings to allow better localisation via Special:Allmessages. Mark this new 16361 messages as optional for localisation. 16362* Fix user_newpass upgrade for prefixed tables (reported by Fyren) 16363* (bug 7663) Include language variant switcher links on Nostalgia skin 16364* (bug 6531) Fix PHP fatal error on installation page with bad username input. 16365* (bug 6977) Remove 404 link for autogenerated database documentation. 16366* (bug 7369) Allow "Show Changes" without requiring edit token. 16367* (bug 7687) Fix movetalk box checks itself when confirming a delete and move. 16368* (bug 7684) Obey watchcreated preference for Special:Upload watch checkbox 16369* (bug 7686) Include id attribute on delete form confirmation button 16370* Allow compound interwiki prefixes in $wgImportSources 16371* (bug 7304) Added redirect table to store redirect targets. 16372* Added querycachetwo table (similar to querycache but has two titles) 16373* PageArchive can now return a Revision object for more convenient processing 16374 of deleted revision data 16375* Added 'UndeleteShowRevision' hook in Special:Undelete 16376* Error message on attempt to view invalid or missing deleted revisions 16377* Remove unsightly "_" from namespace in Special:Allpages, Special:Prefixindex 16378* (bug 3224) Allow minor edits by bots to skip new message notification on 16379 user talk pages. This can be disabled by adjusting the 'nominornewtalk' 16380 permission. Patch by Werdna. 16381* (bug 7741) MATH: fixed broken syntax of underbrace etc. Fixed arrays 16382* Fix purging for updated SVG files 16383* (bug 7745) Add id attribute to search button in Monobook 16384* (bug 7749) MATH: added some more LaTeX symbols, e.g. parallel, diamond, ast... 16385* (bug 7304) Added code in Article.php to keep redirect table up to date. 16386* Made special page names case-insensitive and localisable. Care has been taken 16387 to maintain backwards compatibility. 16388* Used special page subpages in a few more places, instead of query parameters. 16389* (bug 7758) Added wrapper span to "templates used" explanation to allow CSS 16390 styling (class="mw-templatesUsedExplanation"). 16391* Added {{#special:}} parser function, to give the local default title for 16392 special pages 16393* (bug 7766) Remove redundant / from AJAX requests, can break some servers 16394* Add tab links from extensions to classic-based skins (SkinTemplateTab hook) 16395 Provides better cross-skin compatibility for extensions using the modern 16396 skin hooks, such as Oversight 16397* Moved variant language links on Cologne Blue and Nostalgia to before the 16398 login/logout link 16399* Fix for parser tests with MySQL 5 in strict mode 16400* Added block option "enable autoblocks" 16401* Amend Special:Ipblocklist to note when a block has autoblock DISABLED. 16402* (bug 7780) Fix regression in editing redirects 16403* Add whitespace above "templates included on this page" using CSS, not 16404 hardcoded line break. 16405* Remove entries from redirect table on article deletion 16406* (bug 7788) Force section headers in new section links for users who have 16407 'prompt for blank edit summaries' on. 16408* (bug 1133) Special:Emailuser: add an option to send yourself a copy of your 16409 mail. 16410* (bug 461) Allow "Categories:" link at bottom of pages to be customized via 16411 pagecategorieslink message. 16412* Sort the list of skins in "My Preferences" -> Skins by alphabetical order. 16413* (bug 7785) Postgres compatibility for timestamps in RC feeds 16414* (bug 7550) Normalize user parameter normally on Special:Log 16415* (bug 7294) Fix PATH search for diff3 on install 16416* Various fixes related to the blocking change re: autoblocks. On inserting 16417 an IP block, the ipb_enable_autoblock field is now automagically blanked, 16418 because it doesn't make any sense for an IP. Additionally, IP blocks 16419 without the ipb_enable_autoblock option no longer show up as "autoblock 16420 disabled" on Special:Ipblocklist. 16421* (bug 7774) MATH: aded more amstex functions 16422* (bug 1182) MATH: fixed inconsistent rendering of upper case Greek letters in 16423 TeX 16424* Fix regression in streaming page dump generation 16425* (bug 7801) Add support for parser function hooks in parser tests 16426* checkUsernames.php now uses wfDebugLog instead of hardcoded path to log 16427* (bug 7810) Update talk namespaces for Occitan 16428* Allow case-sensitive URLs to be used for uploading from URLs. 16429* (bug 1109) Correct fix for compressed 304 responses when additional output 16430 buffers have been installed within the compression handler 16431* (bug 7819) Move automatic redirect edit summary after pre-save transform 16432 to work properly with subst: fun 16433* (bug 7826) Fix typos in two English messages. 16434* (bug 5365) Stop users being prompted to enter an edit summary for null edits, 16435 if they have selected that option in preferences. 16436* (bug 5936) Show an 'm' to the left of the edit summary on diff pages for minor 16437 edits. 16438* (bug 7820) Improve error reporting for uploads via URL. 16439* (bug 5149) When autoblocks are enabled, retroactively apply an autoblock to 16440 the most recently used IP of a user when they are blocked. 16441* Add an index on (rc_user_text,rc_timestamp) on the recentchanges table. This 16442 will make CheckUser.php and the new retroactive autoblock functionality 16443 faster. 16444* Fix regression in Special:Undelete for revisions deleted under MediaWiki 1.4 16445 with compression or legacy encoding 16446* (bug 6737) Fixes for MySQL 5 schema in strict mode 16447* Approximate height for client-side scaling fallback instead of passing -1 16448 into the HTML output. 16449* Make the DNSBL to check for proxy blocking configurable via $wgSorbsUrl 16450* Add experimental recording/reporting mode to parser tests runner, to 16451 compare changes against the previous run. 16452 Additional tables 'testrun' and 'testitem' are in maintenance/testRunner.sql, 16453 source this and pass --record option to parserTests.php 16454* Make the set of default parser test input files extensible via 16455 $wgParserTestFiles. This can now be appended to by extensions or local 16456 configuration files so that extension or custom tests can be automatically 16457 run along with the main batch. 16458* Run PHP install version checks on update.php so command-line updaters see 16459 new version requirements 16460* Do a check for the PHP 5.0.x 64-bit bug, since this is much more disruptive 16461 as of MW 1.8 than it used to be. Install or upgrade now aborts with a 16462 warning and a request to upgrade. 16463* (bug 6440) Updated indexes to improve backlinking queries (links, templates, 16464 images) 16465* Switched 'anon-only' block mode to default for IP blocks 16466* (bug 3687, 7892) Add distinct heading for media files in category display, 16467 with count. 16468* (bug 1578) Add different icons for external links to audio, video, or PDF in 16469 Monobook. 16470* Made autoblocks block account creation if the user block has that option 16471 enabled. 16472* Add auto-summaries to blankings and large removals without summaries. 16473* (bug 7811) Allow preview of edit summaries. 16474* (bug 6839) Wikibits.js minor changes to make JS-lint happier. 16475* (bug 7932) Make sure that edit toolbar clears floats so it appears correctly. 16476* (bug 6873) When viewing old revisions, add link to diff to current version. 16477* (bug 3315) Provide rollback link directly on history page. 16478* Replace 'old-revision-navigation' message with 'revision-info' and 16479 'revision-nav' messages, wrapped in divs with appropriate id's. 16480* (bug 4178) MediaWiki:Common.js will now be included for all users if 16481 $wgUseSiteJs is enabled, in addition to (if applicable) MediaWiki:Monobook.js 16482 and user JS subpages. 16483* (bug 7918) "Templates used on this page" changes during preview to reflect 16484 any added or removed templates, and works as expected for section edits. 16485* (bug 7919) "Templates used on this page" is now shown for read-only pages. 16486* (bug 7688) When viewing diff, section anchors in autosummary jump to section 16487 on current page instead of loading the latest version. 16488* (bug 7970) Use current connection explicitly on Database::getServerVersion 16489* (bug 2001) Tables with class="sortable" can now be dynamically sorted via 16490 JavaScript. 16491* Added autosummary for new pages with 500 or less characters, and refactor 16492 the autosummary code so it's all done in one function. doEdit is getting too 16493 big! 16494* (bug 7554) The correct MIME type for SVG images is now displayed on the 16495 image page (image/svg+xml, not image/svg). 16496* (bug 7883) Added autoblock whitelisting feature, using which specific ranges 16497 can be protected from autoblocking. These ranges are specified, in list 16498 format, in the autoblock_whitelist system message. 16499* Added placeholders for text injection by hooks to EditPage.php 16500* (bug 8009) Automatic edit summary for redirects is not filled for edits in 16501 existing pages 16502* Installer support for experimental MySQL 4.1/5.0 binary-safe schema 16503* Use INSERT IGNORE for db-based BagOStuff add/insert, for more memcache-like 16504 behavior when keys already exist on add (instead of dying with an error...) 16505* Add a hook 'UploadForm:initial' before the upload form is generated, and two 16506 member variable for text injection into the form, which can be filled by the 16507 hooks. 16508* (bug 6295) Add a "revision patching" functionality, where an edit can be 16509 undone 16510 (with a functionality similar to diff rev1 rev2 | patch -R rev3 -o rev3). 16511 This is triggered by including &undo=revid in an edit URL. A link to a URL 16512 that will undo a given edit is shown on NEW revision headers on diff pages. 16513 The link leads to a "Show Changes" page showing what will be done to undo the 16514 edit. 16515* Fix display of link in "already rolled back" message for image/category pages 16516* (bug 6016) Left-aligned images should stack vertically, like right-aligned 16517 images, not horizontally. 16518* Patch from LeonWP: added UploadForm:BeforeProcessing hook in SpecialUpload.php 16519* Add AuthPluginSetup hook to override $wgAuth after configuration 16520* Fix regression in authentication hook auto-creation on login 16521* (bug 8110) Allow spaces in ISBNs 16522* (bug 8024) Introduce "send me copies of emails I send to others" preference 16523* Added 'EditPage::attemptSave' hook before an article is saved. 16524* (bug 8083) Applied patch for sk localisation 16525* Add a backslash character to the edit token, to prevent edits via certain 16526 broken proxies that mangle such characters in form submissions 16527* (bug 7461) Allow overwriting pages using importTextFile.php 16528* (bug 7946) importTextFile.php doesn't perform pre-save transform 16529* (bug 8117) {{REVISIONTIMESTAMP}} showed weird default if $wgLocalTZoffset set; 16530 now uses current time for previews and if timestamp can't be loaded from DB 16531* {{REVISIONTIMESTAMP}} now uses site local timezone instead of user timezone 16532 to ensure consistent behavior 16533* {{REVISIONTIMESTAMP}} and friends should now work on non-MySQL backends 16534* (bug 7671) Observe canonical media namespace prefix in Linker::formatComment 16535* Added js variable wgCurRevisionId to the output 16536* (bug 8141) Cleanup of Parser::doTableStuff, patch by AzaTht 16537* (bug 8042) Make miser mode caching limits settable via $wgQueryCacheLimit 16538 instead of hardcoding to 1000 16539* Enable QueryPage classes to override list formatting 16540* (bug 5485) Show number of intervening revisions in diff view 16541* (bug 8100) Fix XHTML validity in Taiwanese localization 16542* Added redirect to section feature. Use it wisely. 16543* Added a configuration variable allowing the "break out of framesets" feature 16544 to be switched on and off ($wgBreakFrames). Off by default. 16545* Allow Xml::check() $attribs parameter to override 'value' attribute 16546* DB schema change: added two columns (rc_old_len and rc_new_len) to the 16547 recentchanges table to store the text lengths before and after the edit 16548* (bug 1085) Made Special:Recentchanges show the character difference between 16549 the changed revisions 16550* Removed a redundant <strong> tag from diff pages that was causing display 16551 issues for some users 16552* (bug 8203) The keyboard shortcut for "log out" was removed, because users 16553 were pressing it when they intended to press the shortcut for "preview". 16554* (bug 8148) Handle non-removable output buffers gracefully when cleaning 16555 buffers for HTTP 304 responses, StreamFile, and Special:Export. 16556 Duplicated code merged into wfResetOutputBuffers() and wfClearOutputBuffers() 16557* Special:AllPages : 'next page' link now point to the first title of the next 16558 chunk instead of pointing to the last title of current chunk. 16559* (bug 4673) Special:AllPages : add a 'previous' link (new message 'prevpage') 16560* (bug 8121) wfRandom() was not between 0 and 1 16561* Add static method Parser::createAssocArgs($args), so parser functions can 16562 use the same code to parse arguments as the templates do. 16563* Change behavior of logins using the temporary e-mailed password (as stored 16564 in user_newpassword hash field). Instead of just logging in silently and 16565 leaving the previous user_password field in place indefinitely, the user 16566 is now prompted to set a new password. 16567 16568 The password-changing form is at Special:Resetpass; currently it's only 16569 usable for changing from the temporary password during login, but it 16570 could perhaps be generalized, replacing the subform in preferences. 16571 16572 Once the new password is set successfully, the temporary password is wiped 16573 so it cannot be used to login a second time, and the login process 16574 is completed. 16575* Suppress 'mail new password' button on login form if $wgAuth forbids 16576 changing user passwords; it wouldn't work very well... 16577* Consolidate password length checks and $wgAuth manipulation into 16578 User::setPassword() to avoid duplicate code in different places 16579 that set passwords. 16580* User::setPassword() now throws PasswordError exceptions if the password 16581 is illegal or cannot be set via $wgAuth. These can be caught and a human- 16582 readable error message displayed by UI code. 16583* Added Title::isSubpage() 16584* (bug 8241) Don't consider user pages of User:Foo.css to be CSS subpages 16585* Set an explicit class on framed thumbnail inner divs and images, changed some 16586 CSS to use these instead of using descendent selectors. 16587* Accept null parameter to User::setPassword() as indicating the password 16588 field should be cleared to an unusable state. Login will only be possible 16589 after the password is reset, for instance by e-mail. 16590* (bug 6394) Invalidate the password set for "by e-mail" account creations 16591 to avoid accidental empty password creations. 16592* Made the show change size function work on page moves, page creations, and 16593 log entries. Also fixed it in the javascript recentchanges. 16594* (bug 8239) correctly get 50 new contributions when clicking '(50 next)' 16595* (bug 2259) Fix old regression where e-mail addresses were no longer 16596 confirmed on login with mailed password. 16597* Add a notification about the confirmation mail sent during account 16598 creation, so people don't immediately go off to request a second one. 16599* Add a warning on Special:Confirmemail if a code was already sent and has 16600 not yet expired. 16601* Add user_editcount field to provide data for heuristics on account use. 16602 Incremented on edit, with lazy initialization from past revision data. 16603 Can batch-initialize with maintenance/initEditCount.php (not yet friendly 16604 to replication environments, this will do all accounts in one query). 16605* Allow raw SQL subsections in Database::update() SET portion as well as 16606 for WHERE portion. Handy for increments and such. 16607* User::getOption now accept a default value to override default user values 16608 this makes it consistent with WebRequest::get* methods. Corrected code in 16609 various places accordingly. 16610* (bug 8264) Fix JavaScript global vars for XHTML mode 16611* Make $wgSiteNotice value wikitext again, for consistency with editable 16612 MediaWiki:Sitenotice and MediaWiki:Anonnotice. 16613* (bug 8044) When redirecting from the canonical name of the special page 16614 to the localised one, parameters/subpages are omitted 16615* (bug 8164) Special:Booksources should use GET for form submission 16616* Rewrite Special:Booksources to clean up interface and remove redundant code 16617* (bug 7925) Change Special:Allmessages message name filter javascript to be 16618 a bit more responsive and easier on the CPU 16619* (bug 4488) Support watching pages on deletion; introduces new user preference 16620* Minor restructuring of Special:Preferences; "watch pages I edit" and "watch 16621 pages I create" options now accessible under "Watchlist" options 16622* (bug 8153) <nowiki> doesn't work in site notice 16623* (bug 6690) wfMsgNoTrans() transforms messages 16624* (bug 8274) Wrap edit tools in a <div> with a specified class 16625* Detect PHP 5.0.x 64-bit bug and abort in WebStart.php; too many things break 16626 mysteriously otherwise (detection code copied from install-utils.inc) 16627* (bug 8295) Change handling of <center> tags in doBlockLevels() to match that 16628 of <div> 16629* (bug 8110) Make magic ISBN linking stricter: only match ten-digit sequences 16630 (plus optional ISBN-13 prefix) with no immediately following alphanumeric 16631 character, disallow multiple consecutive internal redirects 16632* (bug 2785) Accept optional colon prefix in links when formatting comments 16633* Don't show "you can view and copy the source of this page" message for 16634 pages which don't exist 16635* (bug 8310) Blank line added to top of 'post' when page is blank 16636* (bug 8109) Template parameters ignored in "recentchangestext" 16637* Gracefully skip redirect-to-fragment on WebKit versions less than 420; 16638 it messes up on current versions of Safari but is ok in the latest 16639 nightlies. Checking the version number will allow it to automatically 16640 work when new releases of Safari appear. 16641* Fix regression in thumb styles; size and padding didn't match with 16642 new arrangement. 16643* (bug 8333) Fix quick user data update on login password change on 16644 replication database setups. User data is now pulled from master 16645 instead of slave in User::loadFromDatabase, ensuring that it is 16646 fresh and accurate when read and then saved back into cache. 16647 This was breaking with the Special:Rename operation which 16648 automatically logs the user in with the new password after changing 16649 it; pulling from slave meant the record was often not the updated 16650 one. 16651* (bug 8335) Set image width to the first valid parameter found. 16652* (bug 8350) Fix watchlist viewing bug when using Postgres. 16653* (bug 6603) When warning about invalid file extensions, output the bit 16654 of the extension we actually checked 16655* (bug 7669) Drop defaults on BLOB/TEXT columns for better compatibility 16656 with MySQL's strict mode, often enabled by the Windows installer. 16657 The defaults are ignored anyway when strict mode is off... 16658* (bug 7685) Use explicit values for ar_text and ar_flags when deleting, 16659 for better compatibility with MySQL's strict mode 16660* Update default interwiki values to reflect changed location of ursine: 16661* (bug 5411) Remove autopatrol preference 16662* Users who have the "autopatrol" permission will have their edits marked as 16663 patrolled automatically 16664* Users who do not have the "autopatrol" permission will no longer be able 16665 to mark their own edits as patrolled 16666* Introduce 'PingLimiter' hook; see docs/hooks.txt for more information 16667* (bug 532) Tweaked alt text for some interface messages 16668* (bug 8231) Gave useful alt text to the main <img> on image pages 16669* (bug 371) Remove alt text for "Enlarge" icon on thumbnails 16670* Initialize user_editcount to 0 instead of NULL for newly created accounts 16671* (bug 3696) Strip LRM and RLM characters from titles to work around the 16672 problem some people have where titles cut-and-pasted from lists include 16673 the bidi override characters appended to the lists. 16674 A more thorough blacklist for forbidden and translatable characters would 16675 be wise, though, as might a cleaner method for the lists in the first place. 16676* Fix regression in email password resets on read-restricted sites 16677* Set tabindex on fields in deletion form so you don't have to tab through 16678 the links in the sitenotice 16679* (bug 8271) Show full time and date on viewer for individual deleted 16680 revisions 16681* (bug 8214) Output file size limit and actual file size in appropriate units 16682 on Special:Upload 16683* (bug 8016) Purge objectcache table during upgrade processes - use the 16684 --nopurge option to prevent this when running maintenance/update.php 16685* (bug 7612) Remove superfluous link to Special:Categories from result items 16686 on Special:Mostcategories 16687* {{PLURAL:}} now handles formatted numbers correctly 16688* (bug 8331) Added the change size value to watchlists; therefore made 16689 watchlists use RecentChange::newFromRow() instead of newFromCurRow() 16690* (bug 8351) Fix undo for simple reverts 16691* (bug 6856) User::clearNotification() does not respect read-only mode 16692* (bug 6853) Use a checkbox on the installer form to indicate that a superuser 16693 account should be used; this is clearer than the old check which relied on 16694 the password never being an obscure value 16695* Remove old unused watchlist cache, which was a leftover from the old schema 16696 where watchlists were more expensive to generate 16697* Minor cosmetic changes to Special:Userrights 16698* Added wgCanonicalSpecialPageName to JavaScript variables 16699* Fix image deleting when using Postgres. 16700* Output both source and destination titles in maintenance/moveBatch.php 16701* Added basic parser tests for language variants 16702* Enable selflinks and categories to be written in some of the language variants 16703* Prevent conversion of JavaScript code in language variants 16704* Output software version number in maintenance/parserTests.php 16705* (bug 7169) Use Ajax to watch/unwatch articles if enabled 16706* Make variant table caching a little more robust, using main language code 16707 in cache key. Probably this is still a bit wonky, though. Was breaking 16708 parser tests when Chinese tables were getting loaded into Serbian code. 16709* (bug 8380) Be nicer about blank lines in deleteBatch.php 16710* (bug 8401) Fix regression in SORBS lookup for some DNS setups 16711* Use raw file descriptor in posix_isatty() check to avoid warning on 16712 Linux systems with at least some versions of PHP 16713* (bug 5908) Allow overriding the default category sort key for all items on 16714 a page using {{DEFAULTSORT}} 16715* (bug 6449) Throw a more definitive error message when installation fails 16716 due to an invalid database name 16717* (bug 5827) Use full text for option link labels on Special:Watchlist 16718* (bug 8018) Allow hiding minor edits from the watchlist 16719* (bug 8427) MonoBook RTL IE 7.0 tweaks failed when sidebar's navigation 16720 section is renamed; no longer relies on first section name 16721* Stabilize client-side table sorting even if the underlying Javascript sort() 16722 implementation is unstable 16723* Add hook for extensions to add user information to the panel in preferences, 16724 next to the user name and ID. 16725* (bug 8392) Display protection status of transcluded pages in the edit page 16726 template list. Patch by Fyren, with i18n naming tweak. 16727* Fix for interwiki transclusion where target wiki uses query string for title 16728* Resolve namespaces on interwiki Title objects using canonical namespace names 16729 if possible (should not happen, though, outside interwiki transclusion... and 16730 maybe not even then, but it does) 16731* (bug 8447) Fix SQL typo breaking non-default $wgHitcounterUpdateFreq 16732* Do not allow previews of deleted images to be cached 16733* Add global variable $wgDefaultLanguageVariant used to set the default language 16734 variant of a wiki to something different than the main language code 16735* Add 'variant' option to parserTests - runs test with the given variant as 16736 preferred, utilize it for more parser tests of language variants code 16737* (bug 6503) Fix bug that stopped certain irrelevant links from being hidden 16738 for printing 16739* Avoid PHP warning in Creative Commons metadata when a creative commons 16740 license is not actually set up 16741* (bug 8463) Don't print external link icons for Monobook 16742* (bug 8461) Support watching pages on move 16743* (bug 8041) Work around bug with debug_backtrace when Zend Optimizer is 16744 loaded by skipping the function. Use wfDebugBacktrace() wrapper function. 16745* Reduce config file clutter by setting various script and upload paths 16746 based on $IP or $wgScriptPath in Setup.php. They can still be explicitly 16747 overridden in LocalSettings.php if desired... 16748* Attempt to detect redirect loops for the canonical title redirect, and 16749 give some hints to the poor confused administrator. 16750* Introduce new flag 'R' - raw output for language variant escape tags 16751* Advise users when updates for a query page have been disabled using 16752 $wgDisableQueryPageUpdate 16753* (bug 8413) Improve comments for $wgNamespaceRobotPolicies 16754* (bug 8330) Show "bytes" suffix on recent changes diff counter 16755 optionally... if set in rc-changes-size message (default empty for now) 16756* (bug 8489) Support basic links in <gallery> caption attribute 16757* (bug 8485) Correct Lingala number formatting 16758* The MediaWiki namespace is no longer pre-filled with default messages on 16759 install. All default messages will be removed from the MediaWiki namespace 16760 on upgrade. 16761* Recentchanges RSS/Atom feeds now use a separate message for the description 16762 to avoid cluttering it with useless wiki formatting 16763* (bug 8417) Handle EXIF unknown dates 16764* (bug 8372) Return nothing on empty <math> tags. 16765* New maintenance script to show the cached statistics : showStats.php. 16766* Count deleted edits when regenerating total edits in maintenance/initStats.php 16767* (bug 3706) Allow users to be exempted from IP blocks. The ipblock-exempt 16768 permission key has been added to enable this behavior, by default assigned to 16769 sysops. 16770* (bug 7948) importDump.php now warn that Recentchanges need to be rebuild. 16771* (bug 7667) allow XHTML namespaces customization 16772* (bug 8531) Correct local name of Lingála (patch by Raymond) 16773* Fix regression with default lock file and cache directories; threw visible 16774 warning with open_basedir 16775 16776 16777== 1.8 Compatibility changes == 16778 16779=== Zend Optimizer === 16780 16781A bug in some versions of PHP 5 and Zend Optimizer which was triggered under 16782MediaWiki 1.8.x has been worked around by disabling some internal debugging 16783features when Zend Optimizer is loaded. This should solve some common 16784"blank page" problems. 16785 16786=== PHP 5.0 64-bit === 16787 16788MediaWiki now checks for a condition where PHP 5.0.x corrupts array data 16789on 64-bit systems and warns you to upgrade PHP to solve the problem. This 16790bug causes Special: pages to fail on affected systems under MediaWiki 1.8 16791and higher, and subtler data corruption on earlier versions. 16792 16793The only known workaround is to upgrade PHP to 5.1 or later, which you 16794probably should do anyway for security reasons! 16795 16796=== MySQL 5 === 16797 16798MediaWiki should now install and run correctly on MySQL 5.0 and higher when 16799MySQL's "strict mode" is enabled. (This is now the default for many Windows 16800installations, though it seems to remain off by default on Unix.) 16801 16802This fixes errors about "cannot default default value for BLOB/TEXT fields". 16803 16804=== ImageMagick === 16805 16806Note that ImageMagick older than 6.x may no longer work for image resizing 16807due to use of the -thumbnail option. 16808 16809 16810== 1.8 Behavior changes == 16811 16812=== Localized special pages === 16813 16814The names of Special: pages can now be localized, so links and URLs to them 16815are more legible in languages that aren't English. 16816 16817Not all languages have included localized names yet. 16818 16819=== E-mail password === 16820 16821Users are now required to set a new password for themselves when they first 16822log in with a newly generated e-mailed password. 16823 16824Requesting passwords frequently is prevented to reduce abusive mailbombing. 16825 16826=== Undo revision === 16827 16828An "undo" link now appears in diff view for easier reverting of older edits. 16829When GNU diff3 is available for edit conflict merging, this can make it much 16830easier to "undo" the changes of an older edit when there are surrounding 16831changes elsewhere in the page. 16832 16833The changes must be manually reviewed and approved, as with conventional 16834full-revision reverts. 16835 16836=== Blocking === 16837 16838User blocks can be set to disable the automatic blocking of IP addresses the 16839account logs in with. 16840 16841 16842== 1.8 Database changes == 16843 16844* new 'redirect' table stores data on page redirects 16845* new 'querycachetwo' table used for some cached special pages 16846* 'ipblocks' table adds 'ipb_enable_autoblock' 16847* 'recentchanges' table adds 'rc_old_len', 'rc_new_len' for size tracking 16848* 'user' table has added 'user_newpass_time' and 'user_editcount' fields 16849* some indexes have been updated on 'recentchanges' 16850 16851== 1.8 Configuration changes == 16852 16853Several configuration options have changed since 1.8: 16854 16855=== $wgEnableAPI === 16856 16857The experimental machine API interface is now enabled by default, read-only. 16858You can disable it by setting $wgEnableAPI = false; in LocalSettings.php. 16859 16860=== $wgPathInfo === 16861 16862The use of PATH_INFO (the text after the script name in 'index.php/Blah') 16863is controlled by the $wgUsePathInfo setting. This is now explicitly disabled 16864for CGI, apache2filter, and ISAPI configurations of PHP, for more consistency 16865with the autodetection from the installer. 16866 16867In some rarer configurations you may have to switch $wgUsePathInfo from false 16868to true or, perhaps, from true to false to make things work properly if bad 16869PATH_INFO data comes through the server. 16870 16871The wiki now tries to detect this condition and should show you an error 16872message describing what to change instead of sending the browser into an 16873infinite redirect loop. 16874 16875=== $wgScript and other path settings === 16876 16877The following configuration variables are now automatically set in Setup.php 16878if they are not overridden in LocalSettings.php: 16879 16880from $wgScriptPath: 16881 + $wgScript 16882 | \- $wgArticlePath 16883 + $wgRedirectScript 16884 + $wgStylePath 16885 + $wgUploadPath 16886 \- $wgLogo 16887 + $wgMathPath 16888 16889from $IP: 16890 - $wgStyleDirectory 16891 + $wgUploadDirectory 16892 \- $wgMathDirectory 16893 + $wgTmpDirectory 16894 16895Newly generated configuration files will by default include only $wgScriptPath 16896(hardcoded from the installer) and $IP (detected at runtime). 16897 16898Old configuration files which specify all these values explicitly should 16899continue to work just fine, but if you use the defaults you can remove them 16900to reduce clutter. 16901 16902=== $wgGroupPermissions === 16903 16904The sysop group now holds the "autopatrol" and "ipblock-exempt" rights by 16905default. 16906 16907"autopatrol" replaces the preference for marking ones own edits patrolled 16908by default; users holding this permission will automatically have their 16909edits patrolled, while others cannot mark their own edits as patrolled 16910even if they have patrolling rights. 16911 16912"ipblock-exempt" excludes the user from IP blocks; accounts which are blocked 16913explicitly by name will still be blocked, however. This is given to sysops 16914to minimize annoyance from accidental "collateral damage"; remember that a 16915sysop will be able to lift the block if they desire. 16916 16917The bot group now holds the "nominornewtalk" right. A user with this right 16918will not trigger new message notifications when making minor edits to user 16919talk pages. This is meant to minimize annoyance from maintenance bot 16920processes. 16921 16922=== $wgUseWatchlistCache === 16923 16924Watchlist caching has been removed. The feature was not maintained, and has 16925been unnecessary since switching to the 'recentchanges' database table 16926reduced server pressure for Wikipedia's watchlists. 16927 16928=== $wgBreakFrames === 16929 16930MediaWiki in the past attempted to detect when it was embedded in a frameset 16931and "break out" of it, assuming it to be hostile. 16932 16933This behavior is now disabled by default, but can be reenabled by setting 16934$wgBreakFrames to true in LocalSettings.php. 16935 16936 16937== 1.8 New settings == 16938 16939=== $wgVariantArticlePath === 16940 16941For languages with script variant support (Chinese, Serbian, and others), 16942it's possible to use alternate URL paths to select the variant for article 16943display, setting $wgVariantArticlePath. 16944 16945Documentation for this setting would be useful. 16946 16947=== $wgMaxMsgCacheEntrySize === 16948 16949The message cache can now skip items larger than a given size; this allows 16950it to better handle the primary caching case when large CSS and JS blobs are 16951present. 16952 16953=== $wgStyleVersion === 16954 16955When making significant changes to skin stylesheets and JavaScript files, 16956you can append a string to this variable to tweak the generated URLs, 16957forcing newly rendered pages to bring in a fresh version despite server- 16958or browser-side caching. 16959 16960Normally this will be set in the course of MediaWiki development, but 16961if doing development on a custom skin you may wish to poke it as well. 16962 16963=== $wgRCShowChangedSize === 16964 16965Special:Recentchanges and Special:Watchlist now show the number of bytes 16966added or removed to an article to give an idea of the size of the edit. 16967This information was previously available only in the IRC update feeds. 16968 16969To disable this site-wide, set $wgRCShowChangedSize to false. 16970(Individual users can suppress the data in custom CSS.) 16971 16972Adjust $wgRCChangedSizeThreshold to trigger highlighting of particularly 16973large changes. 16974 16975The formatting of the size figure can be adjusted through the 16976[[MediaWiki:Rc-change-size]] message. 16977 16978=== $wgQueryCacheLimit === 16979 16980The number of rows stored for "expensive" special pages in miser mode 16981can now be adjusted up or down from the default 1000. 16982 16983=== $wgDisableQueryPageUpdate === 16984 16985Individual "expensive" special pages can be skipped in processing by 16986updateSpecialPages if added to this list. 16987 16988=== $wgSorbsUrl === 16989 16990The base hostname for the DNS-based proxy blacklist can now be overridden 16991when $wgEnableSorbs is set, to use a different blacklist instead of SORBS. 16992The blacklist would need to respond the same was as SORBS; any positive 16993response will be taken as a proxy. 16994 16995=== $wgAjaxWatch === 16996 16997Experimental AJAX mode for the watch/unwatch tabs to execute inline. 16998Does not include the UI messages describing how to reach the watchlist, 16999so you may not want it on a general-audience site just yet. 17000 17001=== $wgParserTestFiles === 17002 17003MediaWiki's parser test suite can now be expanded with additional test 17004files. Custom extensions can add their test files to this array, and 17005they will be run along with the main tests by maintenance/parserTests.php 17006 17007= MediaWiki 1.8= 17008 17009== MediaWiki 1.8.5 == 17010 17011September 10, 2007 17012 17013This is a security fix update to the Fall 2006 quarterly release snapshot. A 17014possible HTML/XSS injection vector in the API pretty-printing mode has been 17015found and fixed. 17016 17017The vulnerability may be worked around in an unfixed version by simply 17018disabling the API interface if it is not in use, by adding this to 17019LocalSettings.php: 17020 17021:[[Manual:$wgEnableAPI|$wgEnableAPI]] = false; 17022 17023(This is the default setting in 1.8.x.) 17024 17025Not vulnerable versions: 17026* 1.11 >= 1.11.0 17027* 1.10 >= 1.10.2 17028* 1.9 >= 1.9.4 17029* 1.8 >= 1.8.5 17030 17031Vulnerable versions: 17032* 1.11 <= 1.11.0rc1 17033* 1.10 <= 1.10.1 17034* 1.9 <= 1.9.3 17035* 1.8 <= 1.8.4 (if $wgEnableAPI has been switched on) 17036 17037MediaWiki 1.7 and below are not affected as they do not include the faulty 17038function, however the BotQuery extension is similarly vulnerable unless updated 17039to the latest SVN version. 17040 17041== MediaWiki 1.8.4 == 17042 17043February 20, 2007 17044 17045This is a security and bug-fix update to the Fall 2006 quarterly release. 17046 17047An XSS injection vulnerability based on Microsoft Internet Explorer's UTF-7 17048charset autodetection was located in the AJAX support module, affecting MSIE 17049users on MediaWiki 1.6.x and up when the optional setting 17050[[Manual:$wgUseAjax|$wgUseAjax]] is enabled. 17051 17052If you are using an extension based on the optional Ajax module, either disable 17053it or upgrade to a version containing the fix: 17054* 1.9: fixed in 1.9.3 17055* 1.8: fixed in 1.8.4 17056* 1.7: fixed in 1.7.3 17057* 1.6: fixed in 1.6.10 17058 17059There is no known danger in the default configuration, with $wgUseAjax off. 17060 17061* (bug [[bugzilla:8819|8819]]) Fix full path disclosure with skins dependencies 17062* Add 'charset' to Content-Type headers on various HTTP error responses to 17063forestall additional UTF-7-autodetect XSS issues. PHP sends only 'text/html' by 17064default when the script didn't specify more details, which some inconsiderate 17065browsers consider a license to autodetect the deadly, hard-to-escape UTF-7. 17066This fixes an issue with the Ajax interface error message on MSIE when 17067[[Manual:$wgUseAjax|$wgUseAjax]] is enabled (not default configuration); this 17068UTF-7 variant on a previously fixed attack vector was discovered by Moshe BA 17069from BugSec: http://www.bugsec.com/articles.php?Security=24 17070* Trackback responses now specify XML content type 17071 17072== MediaWiki 1.8.3 == 17073 17074January 9, 2007 17075 17076MediaWiki 1.8.3 fixes several issues in the Fall 2006 snapshot release: 17077 17078* ([[mediazilla:7831|7831]]) Regression in AutoAuthenticate hook 17079* Run PHP install version checks on update.php so command-line updaters see new 17080version requirements 17081* Do a check for the PHP 5.0.x 64-bit bug, since this is much more disruptive 17082as of MW 1.8 than it used to be. Install or upgrade now aborts with a warning 17083and a request to upgrade. 17084* XSS fix in AJAX module 17085 17086An XSS injection vulnerability was located in the AJAX support module, 17087affecting MediaWiki 1.6.x and up when the optional setting $wgUseAjax is 17088enabled. 17089 17090There is no danger in the default configuration, with $wgUseAjax off. 17091 17092If you are using an extension based on the optional AJAX module, either disable 17093it or upgrade to a version containing the fix: 17094 17095== MediaWiki 1.8.2 == 17096 17097October 13, 2006 17098 17099MediaWiki 1.8.2 fixes several issues in the Fall 2006 snapshot release: 17100 17101* ([[mediazilla:7565|7565]]) Fixed typos in German localisation 17102* ([[mediazilla:7562|7562]]) Fix non-ASCII namespaces on Windows/XAMPP servers 17103 17104== MediaWiki 1.8.1 == 17105 17106October 11, 2006 17107 17108MediaWiki 1.8.1 fixes several issues in the Fall 2006 snapshot release: 17109 17110* Fix PHP notice and estimates for dumpBackup.php and friends 17111* Improved register_globals paranoia checks 17112* ([[mediazilla:7545|7545]]) Fix PHP version check on install 17113* Experimental web API disabled by default 17114* Disable PHP exception backtrace printing unless $wgShowExceptionDetails is 17115set. Backtraces may contain sensitive information in function call parameters. 17116 17117== MediaWiki 1.8.0 == 17118 17119October 10, 2006 17120 17121This is the quarterly release snapshot for Fall 2006. While the code has been 17122running on Wikipedia for some time, installation and upgrade bits may be less 17123well tested. Bug fix releases may follow in the coming days or weeks. 17124 17125MediaWiki is now using a "continuous integration" development model with 17126quarterly snapshot releases. The latest development code is always kept "ready 17127to run", and in fact runs our own sites on Wikipedia. 17128 17129Release branches will continue to receive security updates for about a year 17130from first release, but nonessential bugfixes and feature development happen 17131will be made on the development trunk and appear in the next quarterly release. 17132 17133Those wishing to use the latest code instead of a branch release can obtain it 17134from source control: [[Download from SVN]] 17135 17136== Configuration changes == 17137* $wgUseETag, to enable/disable sending of HTTP ETag headers (default: disabled) 17138* $wgLegalTitleChars now includes '+' by default for better compatibility with 17139importing data dumps from Wikipedia 17140* $wgDefaultUserOptions now includes all default option settings instead of 17141only overrides. 17142 17143== Major new features == 17144* ([[mediazilla:7098|7098]]) Add an option to disable/enable sending of HTTP 17145ETag headers, as it seems to result in broken behaviour in combination with 17146Squid 2.6 (disabled by default). 17147* ([[mediazilla:550|550]]) Allow blocks on anonymous users only. 17148* ([[mediazilla:6420|6420]]) Render thumbnails for DJVU images, support 17149multipage DJVU display on image pages. Added new 'page=' thumbnail option to 17150select a page from a multipage djvu for thumbnail generation. 17151* Full Postgres support is now enabled. It requires version 8.1 or better, and 17152needs to have both plpgsql and tsearch2 already installed. 17153* ([[mediazilla:6386|6386]]) fix grammatical errors in danish naming of talk 17154namespaces. 17155 17156== Changes since 1.7 == 17157 17158* Introduced AjaxResponse object, superceding AjaxCachePolicy 17159* Changes to sajax_do_call: optionally accept an element to fill instead of a 17160 callback function; take the target function or element as a third parameter; 17161 pass the full XMLHttpRequest object to the handler function, instead of just 17162 the resultText value; use HTTP response codes to report errors. 17163* (bug 6562) Removed unmaintained ParserXml.php for now 17164* History paging overlap bug fixed 17165* (bug 6586) Regression in "unblocked" subtitle 17166* Don't put empty-page message into view-source when page text is blank 17167* (bug 6587) Remove redundant "allnonarticles" message 17168* Block improvements: Allow blocks on anonymous users only. Optionally allow 17169 or disallow account creation from blocked IP addresses. Prevent duplicate 17170 blocks. Fixed the problem of expiry and unblocking erroneously affecting 17171 multiple blocks. Fixed confusing lack of error message when a blocked user 17172 attempts to create an account. Fixed inefficiency of Special:Ipblocklist in 17173 the presence of large numbers of blocks; added indexes and implemented an 17174 indexed pager. 17175* (bug 6448) Allow filtering of Special:Newpages according to username 17176* (bug 6618) Improve permissions/error detection in Special:Lockdb 17177* Quick hack for extension testing: parser test doesn't create new message 17178 cache object. 17179* (bug 6299) Maintain parser's revision ID across recursive calls to fix 17180 {{REVISIONID}} when Cite extension is used 17181* (bug 6622) Removed deprecated function Image::newFromTitle 17182* (bug 6627) Fix regression in Special:Ipblocklist with table prefix 17183* Removed forced dereferencements (new() returns a reference in PHP5) 17184* Note about $wgUploadSizeWarning using byte 17185* (bug 6592) Add most viewed pages summary to Special:Statistics 17186* Pre-strip characters ignored in IDNs from URLs so they can't be used 17187 to break the blacklists for regular URLs 17188* Fix regression in blocking of user accounts 17189* (bug 6635) Fix regression searching for range blocks on Ipblocklist 17190* Fix regression searching Ipblocklist with ugly URLs 17191* (bug 6639) Use a consistent default for upload directories 17192* Preserve entered reason when reporting unconfirmed lock on Special:Lockdb 17193* (bug 6642) Don't offer to unlock the database when it isn't locked 17194* cleanupTitles.php changed from --dry-run option to --fix, so default 17195 behavior is now a non-invasive check as with namespaceDupes.php 17196* (bug 6660) Fix behavior of EditPage::blockedPage() when the article does 17197 not exist; now doesn't show the source box if the user hasn't provided it 17198 (blocked mid-edit) and the page doesn't exist 17199* Improve default value of "blockedtext" 17200* (bug 6680) Added localisation for Dutch bookstore list (nl) 17201* Renamed maintainace script redundanttrans.php to unusedMessages.php - clearer 17202 usage 17203* Fix regression which allowed some blocked users to create additional accounts 17204* (bug 6657) Fix Hungarian linktrail 17205* (bug 6751) Fix preview of blanked section with edit on first preview option 17206* (bug 5456) Separate MediaWiki:Search into messages for both noun and verb, 17207 introduced 'MediaWiki:Searchbutton' 17208* Made lines from initialiseMessages() appear as list items during installation 17209* Moved the bulk of the localisation data from the Language*.php files to the 17210 Messages*.php files. Deleted most of the Languages*.php files. 17211* Introduced "stub global" framework to provide deferred initialisation of core 17212 modules. 17213* Removed placeholder values for $wgTitle and $wgArticle, these variables will 17214 now be null during the initialisation process, until they are set by index.php 17215 or another entry point. 17216* Added DBA cache type, for BDB-style caches. 17217* Removed custom date format functions, replacing them with a format string in 17218 the style of PHP's date(). Used string identifiers instead of integer 17219 identifiers, in both the language files and user preferences. Migration should 17220 be transparent in most cases. 17221* Simplified the initialisation API for LoadBalancer objects. 17222* Removed the broken altencoding feature. 17223* Moved default user options and toggles from Language to User. Language objects 17224 are still able to define default preference overrides and extra user toggles, 17225 via a slightly different interface. 17226* Don't include the date option in the parser cache rendering hash unless 17227 $wgUseDynamicDates is enabled. 17228* Merged LanguageUtf8 with Language. Removed LanguageUtf8.php. 17229* Removed inclusion of language files from the bottom of Language.php. This is 17230 now consistently done from Language::factory(). 17231* Add the name of the executing maintenance script to the debug log. Start the 17232 profiler during maintenance scripts. 17233* Added "serialized" directory, for storing precompiled data in serialized form. 17234* Fix regression in auto-set NS_PROJECT_TALK namespace 17235* Fix regression in ordering of namespaces 17236* (bug 6806, 6030) Added several global JS variables for article path, user 17237 name, page title, etc. 17238* hooks registered with addOnloadHook are now called at the one of the html body 17239 by all skins. 17240* Split ajax aided search from core ajax framework. Use wgUseAjax to enable the 17241 framework and wgAjaxSearch to enable the suggest feature for the search box. 17242* Added experimental installer for extensions. 17243 See maintenance/installExtension.php 17244* Added Tajic (tg) language file. 17245* (bug 6903) Added Cantonese localisation (zh-yue) 17246* Fix regression in Korean and Japanese date formatting (day of week) 17247* (bug 6919) Add English alias magic words for Tatar (tt) language file. 17248* (bug 6753) Fixed broken Kazakh linktrail (kk) 17249* (bug 6700) Added Kazakh language variants to Names.php 17250* (bug 6827) some i18n specific maintenance scripts fails after merge of 17251 localisation-work branch 17252* Throwed an exception for the deprecated functions OutputPage::sysopRequired 17253 and OutputPage::developerRequired - use OutputPage::permissionRequired 17254 instead. 17255* Removed the deprecated functions User::isSysop, User::isBureaucrat and 17256 User::isDeveloper - use User::isAllowed instead. 17257* (bug 769) OutputPage::permissionRequired() should suggest groups with the 17258 needed permission 17259* (bug 6971) Fix regression in Special:Export history view 17260* Revamped Special:Imagelist 17261* (bug 7000) updated MessagesPl.php 17262* (bug 6946) Fix unexpected behavior change with GET hits to Special:Export 17263* (bug 1866) Improve navigation on Special:Listusers; user now a starting 17264 point as with Special:Allpages, rather than a pure limit. 17265* Clean up tab order on Special:Blockip 17266* (bug 5969) Clean up tab order on Special:Userlogin forms 17267* (bug 3512) namespaceDupes now handles spaces and initial caps properly 17268* (bug 7037) Fix regression in login tab order 17269* (bug 7031) Report missing email on 'email password' instead of false success 17270* (bug 7010) Don't send email notifications for watched talk pages when user 17271 has selected to receive only updates for their own talk page 17272* Added {{CURRENTHOUR}} 17273* Added [[:Image:Foo.png]] style links to the pagelinks table 17274* Avoid duplicate revision imports with Special:Import 17275* (bug 7054) Validate email address before sending email confirmation message 17276* (bug 7061) Format title on "from (page)" links on Special:Allpages 17277* (bug 7044) Introduce "padleft" and "padright" colon functions 17278* Pass page title as parameters to "linkshere" and "nolinkshere" and update 17279 default message text 17280* Allows to upload from publicy accessible URL. Set $wgAllowCopyUploads = true; 17281 in LocalSettings.php 17282 Limited to $wgMaxUploadSize (default:100MB); URL upload is limited to sysops 17283 by default, and displayed as a second line if appropriate 17284* (bug 832) Return to user page after emailing a user 17285* (bug 366) Add local-system-timezone equivalents for date/time variables 17286* (bug 7109) Fix Atom feed version number in header links 17287* (bug 7075) List registered parser function hooks on Special:Version 17288* (bug 7059) Introduce "anchorencode" colon function 17289* Include SVN revision number in {{CURRENTVERSION}} output, where applicable 17290* Fix bug in wfRunHooks which caused corruption of objects in the hook list 17291* (bug 4979) Use simplified email addresses when running on Windows 17292* (bug 4434) Show block log fragment on Special:Blockip 17293* [[MediaWiki:Disambiguationspage]] may optionally contain wiki links to any 17294 number of disambiguation templates. 17295* [[Special:Disambiguations]] now shows pages in NS:0 that link to any pages 17296 that embed any of the templates listed at [[MediaWiki:Disambiguationspage]]. 17297* Fix formatting of titles on Special:Undelete 17298* (bug 7026) Fix action=raw&templates=expand 17299* (bug 6976) Add namespace and direction classes to classic skins 17300* (bug 7144) Don't "return to main" from OutputPage::loginToUse() if the user 17301 can't read the main page in the first place 17302* (bug 7188) Fix minor borkage in HTMLForm 17303* (bug 6675) Replaced message 'watchthis' with new message 'watchthisupload in 17304 Special:Upload 17305* Add a quickie script dumpSisterSites.php for generating a page list in the 17306 format for WSR-1 SisterSites support 17307* (bug 7223) Monobook.js is used for site content, should not be localized 17308* Set default disabled values for DjVu render options 17309* Added Xml::option() for generating <option>s easily 17310* Localized page numbers in drop-down for DjVu page selection 17311* Fixed linktrail for vi 17312* (bug 6893) "Call to a member function exists() on a non-object" on 17313 trackback.php with bad input 17314* (bug 6886) PHP undefined offset on bad input to Special:Revisiondelete 17315* (bug 6887) PHP error for call to getId() on bad input to 17316 Special:Revisiondelete 17317* (bug 6888) PHP error for call to getTimestamp() on bad input to 17318 Special:Revisiondelete 17319* (bug 7252) Use dvipng support in texvc math rastrization. dvipng is required 17320 if texvc is rebuilt. 17321* (bug 7279) Use wfBaseName in place of basename() in more places 17322* Clear newtalk marker on diff links with explicit current revision number 17323* (bug 7064) Replace hard-coded empty message checks with wfEmptyMsg calls 17324* (bug 6777) Remove some PHP 4 compat cruft 17325* Add --user, --comment, and --license options to importImages.php 17326* (bug 6216) The immobile namespace message does not mention the source page 17327* (bug 7299) Normalize username filter on Special:Newpages 17328* (bug 7306) RTL text in an LTR wiki breaks appearance of Special:Recentchanges 17329* (bug 7312) Don't emit SET NAMES utf8 if connection failed 17330* (bug 7305) Proper compare for bot check on RC notify, should fix overrides 17331 that force edits by non-bot users to bot mode 17332* Set Vary: Cookie on action=raw generated CSS and JS, to ensure that user 17333 preferences don't get stuck in proxy caches for other people 17334* (bug 7324) Fix error message for failure of Database::sourceFile() 17335* (bug 7309) Plurals: use singular form for zero in French and Brazilian 17336 Portuguese 17337* Add page_no_title_convert field to support language variant conversion 17338 for page titles which shouldn't be converted on display/linking 17339* Lazy extraction of text chunks in Revision objects, may reduce hits to 17340 external storage when actual text content is not used 17341* Added experimental $wgRevisionCacheExpiry to cache extracted revision text 17342 in $wgMemc, to further reduce hits to external storage. 17343 Set to 0 (disabled) by default. 17344* Minor changes to the installer. 17345* Remove ":" for 'youremail' and 'yourrealname' in 17346 includes/templates/Userlogin.php so that ":" could be used in i18n for 17347 Special:Preferences (like 'username' and 'uid'). 17348* Fix layout for Special:Preferences->Date and Time (position for 17349 'timezonetext'). 17350* Updates to language variant code for Serbian et al 17351* (bug 6756) Enabling RTL direction for kk-cn 17352* (bug 6701) Kazakh language variants in MessagesEn.php 17353* (bug 7335) SVN revision check in Special:Version fails on SVN 1.4 working copy 17354* (bug 6518) Replaced 'lastmodified' with 'lastmodifiedat' and 'lastmodifiedby' 17355 with 'lastmodifiedatby' with separated parameters for date and time to allow 17356 better localisation. Updated all message files to display the old format for 17357 compatibility. 17358* (bug 7357) Make supposedly static methods of Skin actually static 17359* Added info text to Special:Deadendpages and Special:Lonelypages 17360* Fix regression in cachability of generated CSS and JS for MonoBook skin, 17361 while avoiding clobbering of different users' cached data 17362* (bug 6849) Block @ from usernames; interferes with multi-database tools and 17363 was meant to be banned years ago... For now existing accounts will not be 17364 prevented fromm login. 17365* (bug 6092) Introduce magic words {{REVISIONDAY}}, {{REVISIONDAY2}, 17366 {{REVISIONMONTH}}, {{REVISIONYEAR}} and {{REVISIONTIMESTAMP}} 17367* (bug 7425) Preceeding whitespace in [[...]] breaks subpages 17368* Try to reconnect after transitory database errors in dumpTextPass.php 17369* (bug 6023) Fixed mismatch of 0/NULL for wl_notificationtimestamp; now 17370 notification mails are working after 'Mark all pages visited' button on 17371 Special:Watchlist is clicked 17372* Made {{INT:}} a core parser function instead of a special case. The syntax 17373 and behavior is largely unchanged. 17374* (bug 7448) Fixing the native name for Ewe (ee) 17375* (bug 6864) Replace message 'editing' with new message 'editinguser' in 17376 Special:Userrights to allow better localisation 17377* Add '*-summary' for special pages to MessagesEn.php to allow 17378 customizing/translation directly through Special:Allmessages 17379* (bug 6130, bug 5818) Replaced message 'go' with the new message 17380 'searcharticle' in skins to allow better localisation 17381* Add + to $wgLegalTitleChars by default. Some sites may have occasional 17382 problems with hard-to-reach pages, but it should be less trouble than 17383 "I can't import dumps from Wikipedia" complaints 17384* (bug 7460) Revert broken patch for bug 7226 which slows down 17385 Special:Allmessages by a factor of 16 17386* Committed a bunch of live hacks from Wikimedia servers 17387* (bug 6889) PHP notices in thumb.php with missing params 17388* Cleaner error behavior on thumb.php with invalid page selection 17389* (bug 6617) Validate timestamps on Special:Undelete 17390* Do fewer unnecessary full writes of user rows; only update user_touched 17391 for watch/unwatch, group membership change, and login operations 17392* Restructured the languages directory, to avoid problems when people 17393 untar MW 1.8 over the top of a 1.7 installation. 17394* (bug 6890) SQL query error on bad input to Pager lists 17395 due to negative LIMIT clause, caused by integer wraparound. 17396* Fixed various bugs related to table prefixes, especially the interaction 17397 between table prefixes and memcached, which was formerly completely broken. 17398* (bug 7004) PHP iconv() notice on bad password input to Special:Userlogin. 17399* (bug 6826) Extend pre-save transform context link ("pipe trick") 17400 syntax to pages with commas in title 17401* Use ImageMagick -thumbnail option instead of -resize to avoid including 17402 excessive metadata in thumbs (requires ImageMagick 6.0.0 or newer). 17403* (bug 7499) Corrections to Swedish talk namespace names 17404* (bug 7508) Added option to compress HTML pages by dumpHTML.php 17405* (bug 7519) Add plural in SpecialWatchlist 17406* (bug 7459) Magic word variables are always case sensitive 17407* Replaced {{SERVER}}{{localurl:xxx}} with {{fullurl:xxx}} in localisation files 17408* Fix regression in Special:Watchlist text header 17409* (bug 7510) Update article counts etc on undelete 17410* (bug 7520) Update article counts on XML import 17411* (bug 7526) Make $wgDefaultUserOptions work again 17412* (bug 7472) Localize Help namespace for Basque 17413* (bug 7529) Including a non-existent category in an article places that article 17414 in the category 17415* (bug 4528) Lack of important LaTeX functions stackrel, rightleftharpoon 17416* (bug 6721) missing symbols ulcorner, urcorner, llcorner, lrcorner, 17417 twoheadrightarrow, twoheadleftarrow 17418* (bug 7367) Hyphens sometimes erroneously appended to equations when not 17419 converted to PNG 17420* Add "title" to the opensearch link to allow automatic adding of the search 17421 engine in Firefox 2 17422* (bug 7537) Add php5 to $wgFileBlacklist 17423* (bug 6929) Restore AutoAuthenticate hook 17424 17425== Languages updated == 17426* Albanian (sq) 17427* Bashkir (ba) 17428* Bavarian (bar) stub file 17429* Belarusian (be) 17430* Bishnupriya (bpy) stub file 17431* Brazilian Portuguese (pt-br) 17432* Cantonese (zh-yue) 17433* Catalan (ca) 17434* Czech (cs) 17435* Dutch (nl) 17436* English (en) 17437* Finnish (fi) 17438* French (fr) 17439* Georgian (ka) 17440* German (de) 17441* Hebrew (he) 17442* Hungarian (hu) 17443* Indonesian (id) 17444* Japanese (ja) 17445* Korean (ko) 17446* Latin (la) 17447* Lojban (jbo) 17448* Macedonian (mk) 17449* Mazandarani (mzn) 17450* Polish (pl) 17451* Portuguese (pt) 17452* Ripuarian (ksh) 17453* Romani (rmy) 17454* Russian (ru) 17455* Slovak (sk) 17456* Spanish (es) 17457* Tajic (tg) 17458* Tatar (tt) 17459* Telugu (te) 17460* Uzbek (uz) 17461* Yiddish (yi) 17462 17463== Compatibility == 17464MediaWiki 1.8 requires PHP 5 (5.1 recommended). PHP 4 is no longer supported. 17465 17466MySQL 3.23.x is no longer supported; some older hosts may need to upgrade. At 17467this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases. 17468 17469== Upgrading == 17470Some minor database changes have been made since 1.7: 17471* new fields and indexes on ipblocks 17472* index change on recentchanges 17473 17474Several changes from 1.5 and 1.6 do require updates to be run on upgrade. To 17475ensure that these tables are filled with data, run refreshLinks.php after the 17476upgrade. 17477 17478If you are upgrading from MediaWiki 1.4.x or earlier, some major database 17479changes are made, and there is a slightly higher chance that things could 17480break. Don't forget to always back up your database before upgrading! 17481 17482=== Caveats === 17483Some output, particularly involving user-supplied inline HTML, may not produce 17484100% valid or well-formed XHTML output. Testers are welcome to set $wgMimeType 17485= "application/xhtml+xml"; to test for remaining problem cases, but this is not 17486recommended on live sites. (This must be set for MathML to display properly in 17487Mozilla.) 17488 17489= MediaWiki 1.7= 17490 17491== MediaWiki 1.7.3 == 17492 17493February 20, 2007 17494 17495This is a security and bug-fix update to the Summer 2006 quarterly release. 17496 17497An XSS injection vulnerability based on Microsoft Internet Explorer's UTF-7 17498charset autodetection was located in the AJAX support module, affecting MSIE 17499users on MediaWiki 1.6.x and up when the optional setting 17500[[Manual:$wgUseAjax|$wgUseAjax]] is enabled. 17501 17502If you are using an extension based on the optional Ajax module, either disable 17503it or upgrade to a version containing the fix: 17504 17505* 1.9: fixed in 1.9.3 17506* 1.8: fixed in 1.8.4 17507* 1.7: fixed in 1.7.3 17508* 1.6: fixed in 1.6.10 17509 17510There is no known danger in the default configuration, with 17511[[Manual:$wgUseAjax|$wgUseAjax]] off. 17512 17513* Add 'charset' to Content-Type headers on various HTTP error responses to 17514forestall additional UTF-7-autodetect XSS issues. PHP sends only 'text/html' by 17515default when the script didn't specify more details, which some inconsiderate 17516browsers consider a license to autodetect the deadly, hard-to-escape UTF-7. 17517This fixes an issue with the Ajax interface error message on MSIE when 17518[[Manual:$wgUseAjax|$wgUseAjax]] is enabled (not default configuration); this 17519UTF-7 variant on a previously fixed attack vector was discovered by Moshe BA 17520from BugSec: http://www.bugsec.com/articles.php?Security=24 17521* Trackback responses now specify XML content type 17522 17523== MediaWiki 1.7.2 == 17524 17525January 9, 2007 17526 17527* Note about $wgUploadSizeWarning using byte 17528* Update to German bookstore list (de) 17529* (bug [[bugzilla:6680|6680]]) Added localisation for Dutch bookstore list (nl) 17530* (bug [[bugzilla:6708|6708]]) Minor updates to Russian translation (ru) 17531* (bug [[bugzilla:6730|6730]]) Clearer usage of message 'titlematch' in German 17532translation (de) 17533* Added direction mark to Special:Listredirects 17534* XSS fix in AJAX module 17535 17536An XSS injection vulnerability was located in the AJAX support module, 17537affecting MediaWiki 1.6.x and up when the optional setting 17538[[Manual:$wgUseAjax|$wgUseAjax]] is enabled. 17539 17540There is no danger in the default configuration, with 17541[[Manual:$wgUseAjax|$wgUseAjax]] off. 17542 17543If you are using an extension based on the optional AJAX module, either disable 17544it or upgrade to a version containing the fix: 17545 17546* 1.9: fixed in 1.9.0rc2 17547* 1.8: fixed in 1.8.3 17548* 1.7: fixed in 1.7.2 17549* 1.6: fixed in 1.6.9 17550 17551 17552== MediaWiki 1.7.1 == 17553 17554July 8, 2006 17555 17556MediaWiki 1.7.1 is a security and bugfix maintenance release of the Summer 2006 17557snapshot: 17558 17559A potential HTML/JavaScript-injection vulnerability in a debugging script has 17560been fixed. Only versions and configurations of PHP vulnerable to the $GLOBALS 17561overwrite vulnerability are affected. 17562 17563As a workaround for existing installs, profileinfo.php may simply be deleted if 17564it's not being used. 17565 17566* Fix for 'emailconfirmed' implicit user group 17567* Fix for upgrades on some versions of MySQL 4.0.x 17568* Fixed potential XSS in profileinfo.php 17569* Installer now shows clear error message about old PHP versions rather than a 17570confusing parse error 17571 17572== MediaWiki 1.7.0 == 17573July 6, 2006 17574 17575This is the quarterly release snapshot for Summer 2006. While the code 17576has been running on Wikipedia for some time, installation and upgrade 17577bits may be less well tested. Bug fix releases may follow in the coming 17578days or weeks. 17579 17580MediaWiki is now using a "[[w:en:Continuous_integration|continuous 17581integration]]" development model with 17582quarterly snapshot releases. The latest development code is always kept 17583"ready to run", and in fact runs our own sites on Wikipedia. 17584 17585Release branches will continue to receive security updates for about a year 17586from first release, but nonessential bugfixes and feature development happen 17587will be made on the development trunk and appear in the next quarterly release. 17588 17589Those wishing to use the latest code instead of a branch release can obtain 17590it from source control: [[Download from SVN]] 17591 17592== Changes since 1.6 == 17593 17594* (bug 5458) Fix double-URL encoding in block log link in contribs and contribs 17595 link in block log 17596* (bug 5462) Bogus missing patch warning in updater 17597* (bug 5461) Use of deprecated "showhideminor" in Special:Recentchangeslinked 17598* PHP warning when allow_call_time_pass_reference is off 17599* Update to Finnish localization 17600* (bug 5467) Link to page histories in watchlist edit mode 17601* Further additions to Hebrew localisation 17602* (bug 5476) Invalid xhtml in German localization 17603* (bug 5479) Id translation for preferences tabs caption 17604* (bug 5493) Id translation for special pages 17605* Added skinname and style path parameters to CBT version of MonoBook 17606* Include subversion revision number in Special:Version if available 17607* (bug 5344) Fix regression that broke slashes in extension tag parameters 17608* Improve Special:Log performance on big log sets 17609* (bug 5507) Changed mediawiki:logouttext from plain to wikitext 17610* (bug 4760) Prevent creation of entries in protection log when protection 17611 levels haven't changed 17612* (bug 861) Show page protection/unprotection events in histories 17613* (bug 5499) Don't clear the tag strip state when asked not to clear state. 17614 Fixes regression with use of <ref> in a template breaking <nowiki> etc. 17615* Minor improvements to English language files 17616* Display the anon talk page info message on anon talk pages again 17617 (moved outside the parser cache) 17618* Optional {{DISPLAYTITLE|title with markup}} magic word 17619 Deactivated by default, set "$wgAllowDisplayTitle = true" in LocalSettings.php 17620 to activate 17621* Cleaned SpecialContributions a bit 17622* Added a table to track interlanguage links 17623* (bug 5544) Fix redirect arrow in Special:Listredirects for right-to-left 17624 languages 17625* Replace "doubleredirectsarrow" with a content language check that picks the 17626 appropriate arrow 17627* (bug 5537) Add stub language file for Samogitian (bat-smg); inherits 17628 Lithuanian (lt) 17629* Don't force edit summaries when a user is editing their own user/talk page 17630* (bug 5510) Warning produced when using {{SUBPAGENAME}} in some namespaces 17631* (bug 385) Installer support for PostgreSQL, fixes for PG compatibility 17632* PersistentObject removed; it doesn't do anything and was broken besides. 17633 All extensions using it have been corrected. 17634* Propagate ISBN number for Booksources in LanguageNo.php 17635* (bug 5548) Improvements to Indonesian localisation [patch: Ivan Lanin] 17636* Add TALKSPACE, SUBJECTSPACE, TALKPAGENAME, SUBJECTPAGENAME (and encoded forms 17637 for all) magic words 17638* (bug 5403) Fix Special:Newpages RSS/Atom feeds 17639* Reject malformed addresses in X-Forwarded-For entries 17640* (bug 3359) Add hooks on completion of file upload 17641* (bug 5559) Improve detection of ImageMagick [patch: Greg Turnquist] 17642* (bug 5475) New pages feeds ignore "limit" argument 17643* (bug 5184) CSS misapplied to elements in Special:Allmessages due to 17644 conflicting anchor identifiers 17645* (bug 5519) Allow sidebar cache to be disabled; disable it by default. 17646* Maintenance script to import the contents of a text file into a wiki page 17647* Add $wgReservedUsernames configuration directive to block account creation/use 17648* (bug 5576) Remove debugging hack in session check 17649* (bug 5426) Lowercase treatment of titles in rights log leads to broken links 17650 on Special:Log 17651* Minor improvements to French localisation files 17652* (bug 5181) Update "nogomatch" for Slovak 17653* (bug 5594) Id translation up to # Login and logout pages section 17654* (bug 5536) Use content language for editing help link 17655* Improvements to German localisation files 17656* (bug 5570) Problems using <special page>/parameter link form for long titles 17657* (bug 3884) Add $user parameter to AddNewUser hook, call it for by-email 17658 registrations as well as self-registrations. 17659* (bug 4327) Report age of cached data sets in query pages 17660* (bug 4662) Fix Safari check in wikibits.js 17661* (bug 4663) Edit toolbar enabled in compatible versions of Safari 17662* (bug 5572) Edit toolbar enabled in compatible versions of Konqueror (3.5+) 17663* (bug 5235) Edit toolbar tooltips no longer show JavaScript junk in Opera 17664* Edit toolbar now works in pure XHTML mode (application/xhtml+xml) 17665* Add watchlist clear function to allow quick purging of all items 17666* (bug 5625) Additional namespace translations for Welsh 17667* Add meta tag and JavaScript variables to cached special pages which provides 17668 the timestamp of the last update, in YYYYMMDDHHMMSS format. 17669* (bug 5628) More translations for MessagesHr.php 17670* (bug 5595) Localisation for Bosnian language (bs) 17671* (bug 2910) Default view preferences for watchlists 17672* Add "hide bot edits from the watchlist" user preference 17673* (bug 5250) Introduce Special:Unusedtemplates 17674* Add user preference setting for an extended watchlist, showing all recent 17675 edits up to a certain edit, and not just the latest edit.. 17676* Made MessageRo.php more general 17677* (bug 5640) Indonesian localisation improvements 17678* (bug 5592) Actions are logged with the default language for the 17679 wiki, not the language of the user performing the operation. 17680* (bug 5644) Error in LanguageBs.php file 17681* (bug 5646) Compare for identical types in wfElement() 17682* (bug 5472) Language::userAdjust()->minDiff not initialized on else condition 17683* (bug 5386) LanguageMk.php: updated namespaces translations 17684* (bug 5422) Stub for Romani (rmy) language which extends ro 17685* Fix linktrail for LanguageSr 17686* (bug 5664) Fix Bosnian linktrail 17687* (bug 3825) Namespace filtering on Special:Newpages 17688* (bug 1922) When Special:Wantedpages is cached, mark links to pages 17689 which have since been created 17690* (bug 5659) Change grammar hacks for Bosnian Wikimedia namespaces. 17691 This sort of special casing should be removed and fixed properly. 17692* Remove useless whitespace from Special:Brokenredirects header 17693* Treat "allmessagesnotsupporteddb" as wikitext when echoing; change default 17694 text 17695* (bug 5497) Regression in HTML normalization in 1.6 (unclosed <li>,<dd>,<dt>) 17696* (bug 5709) Allow customisation of separator for categories 17697* (bug 5684) Introduce Special:Randomredirect 17698* (bug 5611) Add a name attribute to the text box containing source text in 17699 read-only pages 17700* Indicate when a protected page is an interface message ("protectedinterface") 17701* (bug 4259) Indicate when a protected page being edited is an interface message 17702 ("editinginterface") 17703* (bug 4834) Fix XHTML output when using $wgMaxTocLevel 17704* Pass login link to "whitelistedittext" containing 'returnto' parameter 17705* (bug 5728): mVersion missing from User::__sleep() leading to constant cache 17706 miss 17707* Updated maintenance/transstat.php so it can show duplicate messages 17708* Improvements to update scripts; print out the version, check for superuser 17709 credentials before attempting a connection, and produce a friendlier error if 17710 the connection fails 17711* (bug 5005) Fix XHTML <gallery> output. 17712* (bug 5315) "Expires: -1" HTTP header made strictly valid (using 1970 date). 17713* (bug 4825) note in DefaultSettings.php about 'profiling' table creation 17714* Remove unneeded extra whitespace at top of Special:Categories 17715* (bug 5679) time units are now using local numerals 17716* (bug 5751) Updates to Portuguese localisation files 17717* (bug 5741) Introduce {{NUMBEROFUSERS}} magic word 17718* (bug 93) <nowiki> tags and tildes in templates 17719* The returnto parameter is now actually used by SpecialUserlogin.php 17720* Parser can now know that it is parsing an interface message 17721* (bug 4737) MediaWiki:Viewcount supports {{PLURAL}} now 17722* Fix bug in wfMsgExt under PHP 5.1.2 17723* (bug 5761) Project talk namespace broken in Xal, Os, Udm and Cv 17724* Rewrite reassignEdits script to be more efficient; support optional updates to 17725 recent changes table; add reporting and silent modes 17726* Cleaned up formatNum usage in langfiles 17727* (bug 5716) Warn when a user tries to upload a file which was previously 17728 deleted 17729* (bug 5565) Add a class attribute to the table on Special:Allpages 17730* "lang=xx" option for parser test cases to set content language 17731* (bug 5764) Friulian translation updated 17732* (bug 5757) Fix premature cutoff in LanguageConverter with extra end markers 17733* (bug 5516) Show appropriate "return to" link on blocked page 17734* (bug 5377) Do not auto-login when creating an account as another user 17735* (bug 5284) Special redirect pages should remember parameters 17736* Suppress 7za output on dumpBackup 17737* (bug 5338) Reject extra initial colons in title 17738* (bug 5487) Escape self-closed HTML pair tags 17739* Add "raw suffix" magic word for some magic words, e.g. {{NUMBEROFUSERS|R}} 17740 will produce a count minus formatting 17741* Fix Parser::cleanSig() to use Parser::startExternalParse() and choose an 17742 appropriate output format given the scope of the clean 17743* (bug 5593) Change "bureaucrat log" to "rights log" 17744* Show a boilerplate "(none)" in place of a blank within the log action text for 17745 user rights 17746* (bug 137) Commented out translations for copyrightwarning which mention GNU 17747 FDL 17748* (bug 5723) Don't count pages linked to from the MediaWiki namespace as 17749 "wanted" 17750* (bug 5696) Add a third parameter, $3, to "rcnote", passing the current time 17751 formatted according to the current user's settings 17752* (bug 5780) Thousands and decimal separators for Norwegian 17753* Updated initStats maintenance script 17754* (bug 5767) Fix date formats in Vietnamese locale 17755* (bug 361) URL in URL, they were almost fixed. Now they are. 17756* (bug 4876) Add __NEWSECTIONLINK__ magic word to force the "new section" 17757 link/tab to show up on specific pages on demand 17758* Bidi-aid on list pages 17759* (bug 5782) Allow entries in the bad image list to use canonical namespace 17760 names 17761* (bug 5789) Treat "loginreqpagetext" as wikitext 17762* Sanitizer: now handles nested <li> in <ul> or <ol> 17763* (bug 5796) We require MySQL >=4.0.14 17764* Add 'EmailConfirmed' hook 17765* New findhooks.php script to find undocumented hooks. 17766* Silently ignore errors on profiling table update. 17767* (bug 5801) Correct handling of underscores in Special:Listusers 17768* Clean up Special:Listusers; add an "(all)" label to the group selection box 17769* (bug 5812) Use appropriate link colour in Special:Mostlinked 17770* (bug 5802) {{CURRENTMONTHNAME}} variable broken in Vietnamese locale 17771* (bug 5817) Appropriate handling for Special:Recentchangeslinked where the 17772 target page doesn't exist 17773* Special:Randompage now additionally accepts English namespace name as 17774 parameter 17775* (bug 2981) Really fixed linktrail for Tamil (ta) 17776* Disallow substituting Special pages when included into a page 17777* (bug 5587) Clean up the languages from references to the Groups special page 17778* Added new group-X and group-X-member messages 17779* Rewritten removeUnusedAccounts to be more efficient, print names of inactive 17780 accounts 17781* Redirect Special:Userlist to Special:Listusers 17782* Introduce $wgAllowTitlesInSVG, which allows the <title> attribute in uploaded 17783 files bearing the image/svg MIME type. Disabled by default due to the vast 17784 majority of web servers being hideously misconfigured. See DefaultSettings.php 17785 for more details. 17786* Changed default LocalSettings.php to append the previous include path when 17787 setting it 17788* (bug 5837) Use "members" for the value descriptor in Special:Categories, 17789 Special:Wantedcategories and Special:Mostlinkedcategories. 17790* (bug 3309) Allow comments when undeleting pages 17791* Clean up Special:Undelete a bit 17792* (bug 5805) messages nbytes, ncategories can now use {{plural:}} 17793* Clean up Special:Imagelist a bit 17794* (bug 5838) Namespace names for Nds-NL 17795* (bug 5749) Added Tyvan language files 17796* (bug 5791) Fix SQL syntax in Special:BrokenRedirects, was causing incorrect 17797 data to show 17798* (bug 5839) Prevent access to Special:Confirmemail for logged-out users 17799* (bug 5853) Update for Portuguese messages (pt) 17800* (bug 5851) Use Cyrillic for Kirghiz language name 17801* (bug 5841) Allow the 'EditFilter' hook to return a non-fatal error message 17802* (bug 5846) Link to individual group description pages in Special:Listusers 17803* (bug 5857) Update for German localisation (de) 17804* (bug 5858) Update for Russian language (ru) 17805* (bug 5860) Update for Indonesian language (id) 17806* (bug 1120) Update for Czech language (Cs) 17807* Added many missing formatNum calls 17808* Added grammar function to Belarusian (be) 17809* (bug 5819) Add 'PersonalUrls' hook 17810* (bug 5862) Update of Belarusian language (be) 17811* (bug 5886) Update for Portuguese messages (pt) 17812* (bug 5586) <gallery> treated text as links 17813* (bug 5878) Update for Indonesian language (id) 17814* (bug 5697) Update for Malay language (ms) 17815* (bug 5890) Update for German language (de) 17816* (bug 5889) Name for Sindhi language should appear as سنڌي 17817* --force-normal parameter on dump scripts to force check for ICU extension 17818* (bug 5895) Update for Dutch language (nl) 17819* (bug 5891) Linktrail for Polish language (pl) 17820* User::isBureaucrat , User::isDeveloper , User::isSysop deprecated in 17821 v1.6 now die with a backtrace. They will be removed in v1.8 17822* dumpTextPass now skips goes to database for entries that were blank in the 17823 previous dump, as this may indicate a broken dump. 17824* dumpTextPass progress includes percentage of items prefetched 17825* dumpTextPass can now use 7zip files for prefetch 17826* (bug 5915) Update to Indonesian localisation (id) 17827* (bug 5913) Update for German localisation (de) 17828* (bug 5905) Plural support for Bosnian localisation (bs) 17829* Groups which won't hit the rate limiter now configurable with 17830 $wgRateLimitsExcludedGroups 17831* (bug 5806) {{plural:}} support instead of "twin" MediaWiki messages 17832* (bug 5931) Update for Polish language (pl) 17833* Ignore the user and user talk namespaces on Special:Wantedpages 17834* Introduce NUMBEROFPAGES magic word 17835* (bug 5833) Introduce CURRENTVERSION magic word 17836* (bug 5370) Allow throttling of password reminder requests with the rate 17837 limiter 17838* (bug 5683) Respect parser output marked as uncacheable when saving 17839* (bug 5918) Links autonumbering now work for all defined protocols 17840* (bug 5935) Improvement to German localisation (de) 17841* (bug 5937) Register links from gallery captions with the parent parser output 17842 object so that link tables receive those updates too 17843* (bug 5845) Introduce BASEPAGENAME and BASEPAGENAMEE magic words 17844* (bug 5941) Use content language when getting the administrator page title for 17845 Special:Statistics 17846* (bug 5949) Update to Indonesian localisation (id) 17847* (bug 5862) Update of Belarusian translation (be) 17848* (bug 5950) Improvements to French localisation 17849* (bug 5805) {{plural:}} support for counters in some special pages 17850* (bug 5952) Improvement to German localisation (de) 17851* Rename conflicting metadata help message to "metadata_help" (was "metadata") 17852 and treat it as wiki text 17853* Improve preferences input filtering 17854* Maintenance script to import multiple files into the wiki 17855* (bug 5957) Update for Hebrew language (he) 17856* (bug 5962) Update for Italian language (it) 17857* (bug 5961) Update for Portuguese localisation (pt) 17858* (bug 5849) Remove some hard-coded references to "Wikipedia" in messages 17859* (bug 5967) Improvement to German localisation (de) 17860* (bug 5962) Update for Italian language (it) 17861* Suppress images in galleries which appear on the bad image list (when 17862 rendering for a wiki page; galleries in special pages and categories are 17863 unaffected) 17864* Maintenance script to remove orphaned revisions from the database 17865* (bug 5991) Update for Russian language (ru) 17866* (bug 6001) PAGENAMEE and FULLPAGENAMEE don't work in FULLURL and LOCALURL 17867 magic words 17868* (bug 5958) Switch Uzbek language name to use latin script 17869* (bug 839) Add URLENCODE magic word 17870* (bug 6004) Update for Polish language (pl) 17871* (bug 5971) Improvement to German localisation (de) 17872* (bug 4873) Don't overwrite the subtitle navigation when viewing a redirect 17873 page that isn't current 17874* (bug 2203) Namespace updates for Thai 17875* Fix breakage in parser test suite which caused incorrect reporting of the 17876 failure of {{NUMBEROFFILES}}. Now initialises the site_stats table with some 17877 dumb data. Updated the expected output for {{NUMBEROFARTICLES}} to reflect 17878 this. 17879* (bug 6009) Use {{ns:project}} in messages where appropriate 17880* (bug 6012) Update to Indonesian localisation (id) 17881* (bug 6017) Update list of bookstores in German localisation files 17882* (bug 5187) Allow programmatically bypassing username validation, for scripts 17883* (bug 6025) SpecialImport: wrong message when no file selected 17884* (bug 6015) EditPage: add spacing in the boxes "edit is minor" and "watch this" 17885* (bug 6018) Userrights: new message when no user specified ('nouserspecified') 17886* (bug 2015) Add "\sim" to ~ conversion for HTML rendering 17887* (bug 6029) Improvement to German localisation (de) 17888* (bug 5015) Update be: magic words 17889* (bug 3974) Add parameter for site URL to "passwordremindertext" 17890* (bug 6039) Update for Portuguese localisation (pt) 17891* (bug 764) Add CREATE TEMPORARY TABLES to default database permissions 17892* Big update to Swedish localisation (sv) 17893* Use appropriate HTML functions to create the tool links on image pages, so 17894 they don't look garbled when tidy isn't on 17895* (bug 5511) Fix URL-encoding of usernames in links on Special:Ipblocklist 17896* (bug 6046) Update to Indonesian localisation (id) #15 17897* (bug 5523) $wgNoFollowNsExceptions to allow disabling rel="nofollow" in 17898 specially-selected namespaces. 17899* (bug 6055) Fix for HTML/JS injection bug in variable handler (found by Nick 17900 Jenkins) 17901* Reordered wiki table handling and __TOC__ extraction in the parser to better 17902 handle some overlapping tag cases. 17903* Only the first __TOC__ is now turned into a TOC 17904* (bug 4610) Indicate patrolled status on watchlists and allow users to mark 17905 changes as patrolled using the diff links there 17906* Add 'DiffViewHeader' hook called before diff page output 17907* (bug 6051) Improvement to German localisation (de) 17908* (bug 6054) Update to Indonesian localisation (id) #16 17909* Add {{CURRENTTIMESTAMP}} magic word 17910* (bug 6061) Improper escaping in some html forms 17911* (bug 6065) Remove underscore when using NAMESPACE and TALKSPACE magics. 17912* (bug 6074) Correct squid purging of offsite upload URLs 17913* To simplify the lives of extension developers, the logging type arrays 17914 can now be appended to directly by an extension setup function. It is 17915 no longer necessary to write four separate functions just to add a 17916 custom log type. 17917* (bug 6057) Count "licenses" as a message (and show it in Special:Allmessages) 17918* Added $wgGrammarForms global 17919* Fixed hardcoded 'done.' when removing watchlist entries. 17920* (bug 5962) Update for Italian language (it) 17921* (bug 6086) Remove vestigial attempt to call Article::validate() 17922* wfHostname() function for consistent server hostname use in debug messages 17923* Send thumbnailing error messages to 'thumbnail' log group 17924* wfShellexec() now accepts an optional parameter to receive the exit code 17925* Failed, but not zero-length, thumbnail renderings are now removed. 17926 Should help clean up when rsvg fails in weird ways. 17927* (bug 6081) Change description for Turkmen language 17928* Increase robustness of parser placeholders; fixes some glitches when 17929 adjacent to identifier-ish constructs such as URLs. 17930* Shut up the parser test whining about files in a temp directory. 17931* (bug 6098) Add Aragonese language support (an) 17932* (bug 6101) Update for Russian language (ru) 17933* Add $wgIgnoreImageErrors to suppress error messages for thumbnail rendering 17934 problems. If errors are transitory, this should reduce annoying messages 17935 making it into cached display. 17936* (bug 6103) Wrap self-links in a CSS class ("selflink") 17937* (bug 6102) For consistency with other markup, normalize all HTML-encoded 17938 character entities in URLs, not just ampersands. This allows use of eg 17939 = when making URLs for template parameters. 17940* Markup anality: escape </ as <\/ in toolbar javascript for pure correctness 17941 under HTML-compatible browsers. 17942* (bug 5077) Added hook 'BeforePageDisplay' to SkinTemplate::outputPage 17943* Replace fatally changed 'uploadnewversion' with 'uploadnewversion-linktext' 17944* (bug 472) Syndication feeds for the last few edits of page history 17945* Format edit comments in Recent Changes feed 17946* Switch incorrectly ordered column headers on Recent Changes feed diffs 17947* (bug 6117) Use message for history feed description, add German localization 17948* (bug 1017) fixed thumbnails of animated gifs. 17949* Add APC as object caching option 17950* Update to Albanian localization (sq) 17951* (bug 6099) Introduce {{DIRECTIONMARK}} magic word (with {{DIRMARK}} as an 17952 alias) 17953* Use optimized php5-only microtime() 17954* Add possibility to store local message cache as PHP executable script 17955* Fix profiling table definition 17956* (bug 6040) Run pre-save transform before calculating the diff. when doing a 17957 "show changes" operation in the editor 17958* (bug 4033) Respect $wgStyleDirectory when checking available skins 17959* Remove hideous backslashes from MessagesBr.php 17960* Fix APC object cache issues, add functionality to installer 17961* (bug 6133) Update strip state as we work. This mostly fixes extensions 17962 used in Cite.php <ref> tags when Tidy is on. 17963* (bug 6139) Workaround for transclusion oddities in Vietnamese upload text 17964* (bug 6136) Update to Catalan language (ca) 17965* Update to Japanese localization (ja) 17966* Add /usr/local/bin to the diff3 search paths in the installer 17967* (bug 6106) Update to Indonesian localisation (id) #17 17968* (bug 6125) Add links to edit old versions to diff views 17969* (bug 5127) Auto edit summary when creating/editing redirect page 17970* (bug 3926) Introduce {{#language:}} magic word 17971* Fix section links from edit comments for [[:Image:Bla.jpg]] in section titles 17972* (bug 6126) Allow fallback to customized primary language when user language 17973 message contains '-'; fixes licenses selector on Commons configuration after 17974 recent addition of the message to Messages.php 17975* (bug 5527) Batch up job queue insertions for, hopefully, better survivability 17976 of lock contention etc. Duplicates are now removed at pop time instead of 17977 at insert time. 17978* When showing the "blah has been undeleted" page, make sure it's a blue link 17979* parserTests.php accepts a --file parameter to run an alternate test sutie 17980* parser tests can now test extensions using !!hooks sections 17981* Fix oddity with open tag parameters getting stuck on </li> 17982* (bug 5384) Fix <!-- comments --> in <ref> extension 17983* Nesting of different tag extensions and comments should now work more 17984 consistently and more safely. A cleaner, one-pass tag strip lets the 17985 'outer' tag either take source (<nowiki>-style) or pass it down to 17986 further parsing (<ref>-style). There should no longer be surprise 17987 expansion of foreign extensions inside HTML output, or differences 17988 in behavior based on the order tags are loaded. 17989* (bug 885) Pre-save transform no longer silently appends close tags 17990* Pre-save transform no longer changes the case of close tags 17991* (bug 6164) Fix regression with <gallery> resetting <ref> state 17992* Hackaround for IE 7 wrapping bug in MonoBook footer 17993* New message sp-newimages-showfrom replaces rclistfrom on special:newimages 17994* Improve handling of ;: definition list construct with overlapping or 17995 nested HTML tags 17996* (bug 6171) Fix sanitizing of HTML-elements with an optional closing 17997 tag. The sanitizer still needs to learn how to make well-formed XML 17998 in this case. 17999* Fix fatal error when specifying illegal name for manual thumbnail 18000* (bug 6184) Use shinier Linker::userLink() to make user links in 18001 Special:Undelete 18002* (bug 6170) Update for Kashubian translation (csb) 18003* (bug 6191) Update to Indonesian translation (id) #18 18004* (bug 6114) Update to Walloon localization (wa) 18005* Added $wgNamespaceRobotPolicies to allow customisation of robot policies on a 18006 per-namespace basis. 18007* Add <ol> to the list of block elements for doBlockLevels; avoids <p>s being 18008 interspersed into your ordered lists. 18009* (bug 5021) Transcluding the same special page twice now works 18010* Add 'SiteNoticeBefore' and 'SiteNoticeAfter' hooks 18011* (bug 6182) Date passed in "sp-newimages-showfrom" not adjusted to user time 18012 preferences 18013* (bug 2587) Fix for section editing with comment prefix 18014* (bug 2607) Fix for section editing with mix of wiki and HTML headings 18015* (bug 3342) Fix for section editing with headings wrapped in <noinclude> 18016* (bug 3476) Fix for section editing with faux headings in extensions 18017* (bug 5272) Fix for section editing with HTML-heading subsections 18018* Fix for bogus wiki headings improperly detected with following text 18019* Fix for HTML headings improperly not detected with preceding/following text 18020* Section extraction and replacement functions merged into one implementation 18021 on the Parser object, so they can't get out of sync with each other. 18022* Edit security precautions in raw HTML mode, etc 18023* (bug 6197) Update to Indonesian translation (id) #19 18024* (bug 6175) Improvement to German translation (de) 18025* Redirect Special:Logs to Special:Log 18026* (bug 6206) Linktrail for Swedish localization (se) 18027* (bug 3202) Attributes now allowed on <pre> tags 18028* Sanitizer::validateTagAttributes now available to discard illegal/unsafe 18029 attribute values from an array. 18030* (bug 3837) Leave <center> as is instead of doing an unsafe text replacement 18031 to <div class="center">. <center> is perfectly valid in the target doctype 18032 (XHTML 1.0 Transitional), while the replacement didn't catch all cases and 18033 could even result in invalid output from valid input. 18034* (bug 4280) Use 'noindex,nofollow' instead of 'noindex,follow' for default 18035 meta robots tag on diff view and special pages. Should reduce impact of 18036 robots on scrolling special pages, diffs etc on sites where robots.txt 18037 doesn't forbid access. 18038* Regression fix: suppress warning about session failure when clicking to 18039 edit with 'preview on first edit' enabled. 18040* (bug 6230) Regression fix: <nowiki> in [URL link text] 18041* Added AutoLoader.php, which loads classes without need of require_once() 18042* (bug 5981) Add plural function Slovenian (sl) 18043* (bug 5945) Introduce {{CONTENTLANGUAGE}} magic word 18044* {{PLURAL}} can now take up to five forms 18045* (bug 6243) Fix email for usernames containing dots when using PEAR::Mail 18046* Remove a number of needless {{ns:project}}-type transforms from messages 18047 files. These usages already have separate label text. Such transforms are 18048 wasteful on each page view. 18049* Update to Yiddish localization (yi) 18050* (bug 6254) Update to Indonesian translation (id) #20 18051* (bug 6255) Fix transclusions starting with "#" or "*" in HTML attributes 18052* Whitespace now normalized more or less properly in HTML attributes 18053* Fix regression(?) in behavior of initial-whitespace-pre in <center> 18054* (bug 6260) Update to Interlingua localization (ia) 18055* Update to Vlax Romany localization (rmy) 18056* Update to Latin translation (la) 18057* Update to Dutch translation (nl) 18058* Avoid some notices in page history with bad input 18059* Use double quoted consistently on attributes in linker output; preparing 18060 for new normalization code when tidy not in use 18061* Replace "nogomatch" with "noexactmatch" and place the magic colon in the 18062 messages themselves. Some minor tweaks to the actual message content. 18063* Introduce $wgContentNamespaces which allows for articles to exist in 18064 namespaces other than the main namespace, and still be counted as valid 18065 content in the site statistics. 18066* (bug 5932) Introduce {{PAGESINNAMESPACE}} magic word 18067* Disable $wgAllowExternalImages by default. 18068* (bug 2700) Nice things like link completion and signatures now work in 18069 <gallery> tags. 18070* Cancel output buffering in StreamFile; when used inside gzip buffering this 18071 could cause funny timeout behavior as the Content-Length was wrong. 18072* Return correct content-type header with 304 responses for StreamFile; 18073 it confuses Safari if you let it return "text/html". 18074* (bug 6280) Correct GRAMMAR for Slovenian localisation (sl) 18075* (bug 6162) Change date format for Dutch Low Saxon (nds-nl) 18076* (bug 6296) Update to Indonesian localisation (id) #21 18077* Introduce EditFormPreloadText hook, see docs/hooks.txt for more information 18078* (bug 4054) Add "boteditletter" to recent changes flags 18079* Update to Catalan localization (ca) 18080* (bug 2099) Deleted image files can now be archived and undeleted. 18081 Set $wgSaveDeletedFiles on and an appropriate directory path in 18082 $wgFileStore['deleted']['directory'] 18083* (bug 6324) Fix regression in enhanced RC alignment 18084* Introduce {{NUMBEROFADMINS}} magic word 18085* Update to Slovak translation (sk) 18086* Update to Alemannic localization (gsw) 18087* (bug 6300) Bug fixes for sr: variants 18088* namespaceDupes.php can now accept an arbitrary prefix, for checking rogue 18089 interwikis and such. Not yet fully automated. 18090* (bug 6344) Add Special:Uncategorizedimages page 18091* (bug 6357) Update to Russian translation (ru) 18092* Workaround possible bug in Firefox nightlies by properly removing the 18093 Content-Encoding header instead of sending explicit 'identity' value 18094 in StreamFile 18095* (bug 6304) Show timestamp for current revision in diff pages 18096* Vertically align current version with old version header in diff display 18097* (bug 6174) Remove redundant "emailforlost" message 18098* (bug 6189) Show an error to an unprivileged user trying to create account 18099* (bug 6365) Show user information in the "old revision" navigation links 18100* Introduce 'FetchChangesList' hook; see docs/hooks.txt for more information 18101* (bug 6345) Update to Indonesian localisation (id) #22 18102* (bug 6279) Add genitive month names to Slovenian localisation 18103* (bug 6351) Update to German translation (de) 18104* Respect language directionality when displaying arrow in 18105 Special:Brokenredirects 18106* Remove unused "validation" table definitions from the schema files 18107* (bug 6398) Work around apparent PCRE bug breaking section editing when 18108 massively-indented preformatted text immediately followed a header 18109* (bug 6392) Fix misbehaving <br /> in preferences form 18110* Add translated magic words to Hebrew localization 18111* (bug 6396) Change name for Chuvash language 18112* Introduce optional (off by default) language selector bar for user login 18113 and registration. Customisable via the "loginlanguagelinks" message, the 18114 links will preserve "returnto" values. If the user creates an account while 18115 using such a link, then the language in use will be saved as their language 18116 preference. 18117* Make sure '~~~' '~~~~' '~~~~~' are removed in Nickname preference. 18118* Rename "ipusuccess" to "unblocked", change the format (now wiki text) 18119* (bug 2316) Add "caption" attribute to <gallery> tag 18120* Allow setting the skin object that ImageGallery will use; needed during parse 18121 operations (the skin must come from the ParserOptions, not $wgUser) 18122* Fix notice in MacBinary detection debug data for files of certain lengths 18123* (bug 6131) Add type detection for DjVu files, allowing them to be uploaded 18124 with validity checking and size detection. No inline thumbnailing yet, 18125 but could be added in the future. 18126* (bug 6423) Don't update newtalk flag if page content didn't change (null edits 18127 were causing the newtalk flag to trigger inappropriately) 18128* Parser functions are now set using magic words. 18129* (bug 6428) Incorrect form action URL on Special:Newimages with hidebots = 0 18130 set 18131* (bug 4990) Show page source to blocked users on edits, or their modified 18132 version if blocked during an edit 18133* (bug 5903) When requesting the raw source of a non-existent message page, 18134 return blank content (as opposed to the message key) 18135* Improve default blank content of MediaWiki:Common.css and 18136 MediaWiki:Monobook.css 18137* (bug 6434) Allow customisation of submit button text on Special:Export 18138* (bug 6314) Add user tool links on page histories 18139* Fix display of file-type icons in galleries when $wgIgnoreImageErrors is off 18140* (bug 6438) Update to Indonesian translation (id) #23 18141* Adding the language code parameter to the hook "LanguageGetMagic", to allow 18142 localizble extensions magic words. 18143* Update to Romanian translation (ro) 18144* Update to Esperanto translation (eo) 18145* Check for preg_match() existence when installing and die out whining about 18146 PCRE if it's not there, instead of throwing a fatal error 18147* (bug 672) Add MathAfterTexvc hook 18148* Update to Piedmontese localization (pms) 18149* dumpBackup can optionally compress via dbzip2 18150* (bug 2483) Run link updates on change via XML import 18151* (bug 2481) List imported pages during Special:Import 18152* (bug 2482) Log and RC entries for Special:Import events 18153* Allow fetching all revisions from transwiki Special:Import 18154* Allow fetching all revisions from Special:Export GET request 18155* Disable output buffering on Special:Export; should help with streaming 18156 large numbers of history items. 18157* Allow setting a maximum number of revisions for history Special:Export; 18158 pages with more than $wgExportMaxHistory revisions are excluded from 18159 export when history is requested. 18160* Fix transwiki import of pages with space in name 18161* Save null edit when importing pages through Special:Import 18162* Update to Korean translation (ko) 18163* Show a more specific message when an anonymous user tries to access 18164 Special:Watchlist 18165* (bug 3278) Paging links in Special:Prefixindex 18166* Added Latvian localization (lv) 18167* (bug 6472) Fix regression in Special:Export with multiple pages 18168* Update to Macedonian translation (mk) 18169* Allow page moves over historyless self-redirects. Such are usually created 18170 as part of namespace rearrangements, and it's easier to clean them up if 18171 we can move over them. 18172* Show some error results in moveBatch.php 18173* (bug 6479) Allow specification of the skin to use during HTML dumps 18174* (bug 6461) Link to page histories in Special:Newpages 18175* (bug 6484) Don't do message transformations when preloading messages for 18176 editing 18177* (bug 6201) Treat spaces as underscores in parameters to {{ns:}} 18178* (bug 6006) Allow hiding the password change fields using an authentication 18179 plugin 18180* (bug 6489) Use appropriate link colour on Special:Shortpages 18181* Added formatnum magic word 18182* Added Javanese localization (jv) 18183* (bug 6491) Apply bad image list in category galleries 18184* (bug 6488) Show relevant log fragment in Special:Movepage 18185* Fix potential PHP notice in Special:Blockme when $wgBlockOpenProxies is true 18186* Use mysql_real_escape_string instead of addslashes for string escaping in 18187 the MySQL Database class. This may fix some rare breakage with binary fields. 18188 Note that MediaWiki does not support the multibyte character sets where a 18189 "dumb" byte replacement can be actively dangerous; UTF-8 is always safe 18190 in this regard due to the bit patterns which make head and tail bytes 18191 distinct. 18192* (bug 6497) Use $wgMetaNamespaceTalk for Esperanto if set 18193* (bug 6498) Use localized forms for image size in Special:Undelete 18194* (bug 6485) Update to Indonesian translation (id) #24 18195* Extension messages translation is now possible. 18196* Add target namespace override selector for transwiki imports. 18197 $wgImportTargetNamespace specifies the default, to be used for 18198 Wiktionary's 'Transwiki:' namespace etc. 18199* (bug 6506) Update to German localisation (de) 18200* (bug 502) Avoid silly tabs on bad title by using virtual special page 18201* (bug 6511) Add diff links to old revision navigation bar 18202* (bug 6511) Replace 'oldrevisionnavigation' message with 18203 'old-revision-navigation' 18204* Fix regression in Polish genitive month forms 18205* (bug 4037) Make input handling in Special:Allpages and Special:Prefixindex 18206 more consistent: Accept just a namespace prefix and a colon, reject input 18207 with interwiki prefixes, otherwise do what Title::makeTitleSafe() does. 18208* (bug 6516) Update to Russian translation 18209* New 'allpagesbadtitle' message for Special:Allpages, based on 'badtitletext'. 18210* Rename "searchquery" to "searchsubtitle" and support wiki text in it 18211* Introduce updateArticleCount maintenance script which uses a better check that 18212 reflects what Article::isCountable() tests for 18213* Introduce 'BadImage' hook; see docs/hooks.txt for more information 18214* Add "searchsubtitleinvalid" message for searches that are not valid titles. 18215* (bug 5962) Update to Italian localisation 18216* (bug 6530) Update to Indonesian localisation (id) #25 18217* (bug 6523) Fix SVG issue in rebuildImages.php 18218* (bug 6512) Link to page-specific logs on page histories 18219* (bug 6504) Allow configuring session name with $wgSessionName 18220* (bug 6185) Add standard user tool links to log page views 18221* Update to Venetian translation (vec) 18222* Update to Slovenian translation (sl) 18223* Add standard user tool links to deleted revision list 18224* Separate out EditPage's getContent bits from regular Article getContent. 18225 Cleans up read-only-mode warning on empty pages and neats up some code. 18226* (bug 6565) Strict JavaScript writing 18227* (bug 6570) Update to Indonesian localisation (id) #26 18228* Added Telugu translation (te) 18229* Update to Catalan translation (ca) 18230* (bug 6560) Avoid PHP notice when trimming ISBN whitespace 18231* Added namespace translation to Kannada (ka) 18232* (bug 6566) Improve input validation on timestamp conversion 18233* Implicit group "emailconfirmed" for all users whose email addresses are 18234 confirmed 18235* (bug 6577) Avoid multiline parser breakage on <pre> with newline in attribute 18236* (bug 6771) Make old revisions of MediaWiki pages available with action=raw 18237 18238 18239== Compatibility == 18240MediaWiki 1.7 requires PHP 5 (5.1 recommended). PHP 4 is no longer supported. 18241 18242If you are unable to run PHP 5, you may have to stick with 1.6 for now. 18243 18244MySQL 3.23.x is no longer supported; some older hosts may need to upgrade. 18245At this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases. 18246 18247Experimental Oracle support has been dropped as it is unmaintained. 18248 18249== Upgrading == 18250Several changes to the database have been made from 1.6: 18251 18252* A new "langlinks" table tracks interlanguage links 18253* A new "filearchive" table stores information on deleted files 18254* A new "querycache_info" table stores information on query page updates 18255 18256To ensure that these tables are filled with data, run refreshLinks.php after 18257the upgrade. 18258 18259If you are upgrading from MediaWiki 1.4.x or earlier, some major database 18260changes are made, and there is a slightly higher chance that things could 18261break. Don't forget to always back up your database before upgrading! 18262 18263== Configuration changes == 18264 18265Some configuration options have changed: 18266* $wgAllowExternalImages now defaults to off for increased security. 18267* $wgLocalTZoffset was in hours, it is now using minutes. 18268* Extensions may register special pages via the $wgSpecialPages array without 18269forcing an early load of the SpecialPage.php class file. 18270 18271== Major new features == 18272 18273* Deleted files can now be archived and undeleted, if you set up an appropriate 18274non-web-accessible directory. Set $wgSaveDeletedFiles on and an appropriate 18275directory path in $wgFileStore['deleted']['directory'] 18276* Experimental PostgreSQL support has been updated. It may or may not be in 18277usable shape; those interested in PostgreSQL are encouraged to follow 1.8 18278development. 18279 18280=== Caveats === 18281Some output, particularly involving user-supplied inline HTML, may not 18282produce 100% valid or well-formed XHTML output. Testers are welcome to 18283set $wgMimeType = "application/xhtml+xml"; to test for remaining problem 18284cases, but this is not recommended on live sites. (This must be set for 18285MathML to display properly in Mozilla.) 18286 18287= MediaWiki 1.6 = 18288 18289== MediaWiki 1.6.12 == 18290 18291February 7, 2009 18292 18293This is a security update to the Spring 2006 quarterly release. 18294 18295A number of cross-site scripting (XSS) security vulnerabilities were discovered 18296in the web-based installer (config/index.php). These vulnerabilities all 18297require a live installer -- once the installer has been used to install a 18298wiki, it is deactivated. 18299 18300Note that cross-site scripting vulnerabilities can be used to attack any 18301website in the same cookie domain. So if you have an uninstalled copy of 18302MediaWiki on the same site as an active web service, MediaWiki could be used to 18303attack the active service. 18304 18305If you are hosting an old copy of MediaWiki that you have never installed, you 18306are advised to remove it from the web. 18307 18308== MediaWiki 1.6.11 == 18309 18310December 15, 2008 18311 18312This is a security update to the Spring 2006 quarterly release. 18313 18314David Remahl of Apple's Product Security team has identified a number of 18315security issues in previous releases of MediaWiki. Subsequent analysis by the 18316MediaWiki development team expanded the scope of these vulnerabilities. The 18317issues with a significant impact are as follows: 18318 18319* An XSS vulnerability affecting Internet Explorer clients for all MediaWiki 18320installations with uploads enabled. [CVE-2008-5250] 18321* An XSS vulnerability affecting clients with SVG scripting capability (such as 18322Firefox 1.5+), for all MediaWiki installations with SVG uploads enabled. 18323[CVE-2008-5250] 18324* A CSRF vulnerability affecting the Special:Import feature, for all MediaWiki 18325installations since the feature was introduced in 1.3.0. [CVE-2008-5252] 18326 18327XSS (cross-site scripting) vulnerabilities allow an attacker to steal an 18328authorised user's login session, and to act as that user on the wiki. The 18329authorised user must visit a web page controlled by the attacker in order to 18330activate the attack. Intranet wikis are vulnerable if the attacker can 18331determine the intranet URL, even if the attacker cannot access it. 18332 18333CSRF vulnerabilities allow an attacker to act as an authorised user on the 18334wiki, but unlike an XSS vulnerability, the attacker can only act as the user in 18335a specific and restricted way. The present CSRF vulnerability allows pages to 18336be edited, with forged revision histories. Like an XSS vulnerability, the 18337authorised user must visit the malicious web page to activate the attack. 18338 18339Rather than backport our SVG validation code to this ancient branch, we have 18340instead disabled SVG uploads. To enable SVG uploads, please upgrade to 18341MediaWiki 1.13.3 or later. 18342 18343The other two issues have been fixed. 18344 18345== MediaWiki 1.6.10 == 18346 18347February 20, 2007 18348 18349This is a security and bug-fix update to the Spring 2006 quarterly release. 18350 18351An XSS injection vulnerability based on Microsoft Internet Explorer's UTF-7 18352charset autodetection was located in the AJAX support module, affecting MSIE 18353users on MediaWiki 1.6.x and up when the optional setting $wgUseAjax is enabled. 18354 18355If you are using an extension based on the optional Ajax module, either disable 18356it or upgrade to a version containing the fix: 18357 18358* 1.9: fixed in 1.9.3 18359* 1.8: fixed in 1.8.4 18360* 1.7: fixed in 1.7.3 18361* 1.6: fixed in 1.6.10 18362 18363There is no known danger in the default configuration, with $wgUseAjax off. 18364 18365* ([[mediazilla:8819|bug 8819]]) Fix full path disclosure with skins 18366dependencies 18367* Add 'charset' to Content-Type headers on various HTTP error responses to 18368forestall additional UTF-7-autodetect XSS issues. PHP sends only 'text/html' by 18369default when the script didn't specify more details, which some inconsiderate 18370browsers consider a license to autodetect the deadly, hard-to-escape UTF-7. 18371This fixes an issue with the Ajax interface error message on MSIE when 18372$wgUseAjax is enabled (not default configuration); this UTF-7 variant on a 18373previously fixed attack vector was discovered by Moshe BA from BugSec: 18374http://www.bugsec.com/articles.php?Security=24 18375* Trackback responses now specify XML content type 18376 18377== MediaWiki 1.6.9 == 18378 18379January 9, 2007 18380 18381* ([[mediazilla:6621|bug 6621]]) Backported German translation for 18382'eauthentsent' 18383 18384* ([[mediazilla:6680|bug 6680]]) Added localisation for Dutch bookstore list 18385(nl) 18386* ([[mediazilla:6730|bug 6730]]) Clearer usage of message 'titlematch' in 18387German translation (de) 18388* XSS fix in AJAX module 18389 18390An XSS injection vulnerability was located in the AJAX support module, 18391affecting MediaWiki 1.6.x and up when the optional setting $wgUseAjax is 18392enabled. 18393 18394There is no danger in the default configuration, with $wgUseAjax off. 18395 18396If you are using an extension based on the optional AJAX module, either disable 18397it or upgrade to a version containing the fix: 18398 18399* 1.9: fixed in 1.9.0rc2 18400* 1.8: fixed in 1.8.3 18401* 1.7: fixed in 1.7.2 18402* 1.6: fixed in 1.6.9 18403 18404== MediaWiki 1.6.8 == 18405 18406July 8, 2006 18407 18408MediaWiki 1.6.8 is a security and bugfix maintenance release of the Spring 2006 18409snapshot: 18410 18411A potential HTML/JavaScript-injection vulnerability in a debugging script has 18412been fixed. Only versions and configurations of PHP vulnerable to the $GLOBALS 18413overwrite vulnerability are affected. 18414 18415As a workaround for existing installs, profileinfo.php may simply be deleted if 18416it's not being used. 18417 18418* ([[mediazilla:5957|bug 5957]]) Updates to Hebrew translation (he) 18419* Respect language directionality when displaying arrow in 18420Special:Brokenredirects 18421* ([[mediazilla:6415|bug 6415]]) Typo in Parser.php 18422* Fixed potential XSS in profileinfo.php 18423 18424== MediaWiki 1.6.7 == 18425 18426June 6, 2006 18427 18428MediaWiki 1.6.7 is a security and bugfix maintenance release of the Spring 2006 18429snapshot: 18430 18431An HTML/JavaScript-injection vulnerability in the edit form has been closed. 18432This vulnerability was new in 1.6.0; MediaWiki versions 1.5.x or earlier are 18433not affected. 18434 18435Extensions, comments, and <nowiki><nowiki></nowiki> sections are now handled in 18436a one-pass way which is more reliable and safer. Under earlier versions of 18437MediaWiki, certain extensions could be abused to inject HTML/JavaScript into 18438the page. 18439 18440Additional precautions are made against offsite form submissions when the 18441restricted raw HTML mode is enabled. 18442 18443Some small localization and user interface updates are also included. 18444 18445*([[MediaZilla:6051|bug 6051]]) Improvement to German localisation (de) 18446*([[MediaZilla:6017|bug 6017]]) Update bookstore list for German language (de) 18447*([[MediaZilla:6138|bug 6138]]) Minor grammar tweak in "loginreqlink" 18448*([[MediaZilla:5957|bug 5957]]) Update for Hebrew language (he) 18449*Increase robustness of parser placeholders; fixes some glitches when adjacent 18450to identifier-ish constructs such as URLs. 18451*([[MediaZilla:5384|bug 5384]]) Fix <nowiki><!-- comments --> in <ref></nowiki> 18452extension 18453*Nesting of different tag extensions and comments should now work more 18454consistently and more safely. A cleaner, one-pass tag strip lets the 'outer' 18455tag either take source (<nowiki><nowiki></nowiki>-style) or pass it down to 18456further parsing (<nowiki><ref></nowiki>-style). There should no longer be 18457surprise expansion of foreign extensions inside HTML output, or differences in 18458behavior based on the order tags are loaded. 18459*([[MediaZilla:885|bug 885]]) Pre-save transform no longer silently appends 18460close tags 18461*Pre-save transform no longer changes the case of close tags 18462*Edit security precautions in raw HTML mode, etc 18463 18464== MediaWiki 1.6.6 == 18465 18466May 23, 2006 18467 18468MediaWiki 1.6.6 is a security and bugfix maintenance release. 18469 18470An XSS injection vector in brace replacement has been fixed, as have some 18471potential problems with table parsing. Upgrading is strongly recommended for 18472all users of 1.6. MediaWiki versions 1.5 and earlier are not affected. 18473 18474Additionally some localization and user interface updates are included. 18475 18476* Correct "revertpage" message in English 18477* ([[MediaZilla:5507|bug 5507]]) Logouttext now uses wiki markup 18478* (bugs [[MediaZilla:5857|5857]], [[MediaZilla:5957|5957]]) Update for German 18479localisation (de) 18480* ([[MediaZilla:5586|bug 5586]]) <nowiki><gallery></nowiki> treated text as 18481links 18482* ([[MediaZilla:5957|bug 5957]]) Update for Hebrew language (he) 18483* ([[MediaZilla:6025|bug 6025]]) SpecialImport: wrong message when no file 18484selected 18485* ([[MediaZilla:6015|bug 6015]]) EditPage: add spacing in the boxes "edit is 18486minor" and "watch this" 18487* ([[MediaZilla:6018|bug 6018]]) Userrights: new message when no user specified 18488('nouserspecified') 18489* ([[MediaZilla:6055|bug 6055]]) Fix for HTML/JS injection bug in variable 18490handler (found by Nick Jenkins) 18491* Reordered wiki table handling and <nowiki>__TOC__</nowiki> extraction in the 18492parser to better handle some overlapping tag cases. 18493* Only the first <nowiki>__TOC__</nowiki> is now turned into a TOC. 18494* ([[MediaZilla:361|bug 361]]) URL in URL, they were almost fixed. Now they are. 18495 18496== MediaWiki 1.6.5 == 18497 18498May 2, 2006 18499 18500* Rolled back the buggy patch for [[MediaZilla:5497|bug 5497]]. 18501 18502== MediaWiki 1.6.4 == 18503 18504May 2, 2006 18505 18506* Further improvements to Hebrew localisation 18507* ([[MediaZilla:5544|bug 5544]]) Fix redirect arrow in Special:Listredirects 18508for right-to-left languages 18509* Replace "doubleredirectsarrow" with a content language check that picks the 18510appropriate arrow 18511* Remove live debugging hack which caused errors with certain database names 18512* ([[MediaZilla:5510|bug 5510]]) Warning produced when using 18513<nowiki>{{SUBPAGENAME}}</nowiki> in some namespaces 18514* ([[MediaZilla:5548|bug 5548]]) Improvements to Indonesian localisation 18515[patch: Ivan Lanin] 18516* ([[MediaZilla:5403|bug 5403]]) Fix Special:Newpages RSS/Atom feeds 18517* ([[MediaZilla:3359|bug 3359]]) Add hooks on completion of file upload 18518* ([[MediaZilla:5184|bug 5184]]) CSS misapplied to elements in 18519Special:Allmessages due to conflicting anchor identifiers 18520* ([[MediaZilla:5519|bug 5519]]) Allow sidebar cache to be disabled; disable it 18521by default. 18522* Add $wgReservedUsernames configuration directive to block account creation/use 18523* ([[MediaZilla:5576|bug 5576]]) Remove debugging hack in session check 18524* ([[MediaZilla:5181|bug 5181]]) Update "nogomatch" for Slovak 18525* ([[MediaZilla:5594|bug 5594]]) Id translation up to '# Login and logout 18526pages' section 18527* ([[MediaZilla:5536|bug 5536]]) Use content language for editing help link 18528* Minor improvements to English language files 18529* Improvements to German localisation files 18530* ([[MediaZilla:5628|bug 5628]]) Translations for MessagesHr.php 18531* (bugs [[MediaZilla:5595|5595]], [[MediaZilla:5644|5644]]) Localisation for 18532Bosnian language (bs) 18533* ([[MediaZilla:5592|bug 5592]]) Actions are logged with the default language 18534for the wiki, not the language of the user performing the operation. 18535* ([[MediaZilla:5646|bug 5646]]) Compare for identical types in wfElement() 18536* Fix for concurrency problem in job queue (image description page invalidation) 18537* ([[MediaZilla:5497|bug 5497]]) regeression in HTML normalization in 1.6 18538(unclosed <nowiki><li>,<dd>,<dt></nowiki>) 18539* ([[MediaZilla:5709|bug 5709]]) Allow customisation of separator for categories 18540* ([[MediaZilla:4834|bug 4834]]) Fix XHTML output when using $wgMaxTocLevel 18541* Improvements to update scripts; print out the version, check for superuser 18542credentials before attempting a connection, and produce a friendlier error if 18543the connection fails 18544* ([[MediaZilla:5005|bug 5005]]): Fix XHTML <nowiki><gallery></nowiki> output. 18545* ([[MediaZilla:5315|bug 5315]]) "Expires: -1" HTTP header made strictly valid 18546(using 1970 date). 18547* ([[MediaZilla:4825|bug 4825]]): note in DefaultSettings.php about 'profiling' 18548table creation 18549* Remove unneeded extra whitespace at top of Special:Categories 18550* Rewrite reassignEdits script to be more efficient; support optional updates 18551to recent changes table; add reporting and silent modes 18552* Updated initStats maintenance script 18553* ([[MediaZilla:5723|bug 5723]]) Don't count pages linked to from the MediaWiki 18554namespace as "wanted" 18555* ([[MediaZilla:5789|bug 5789]]) Treat "loginreqpagetext" as wikitext 18556* ([[MediaZilla:5796|bug 5796]]) We require MySQL >=4.0.14 18557 18558== MediaWiki 1.6.3 == 18559 18560April 10, 2006 18561 18562* Fix disappearing red-linked items in the watchlist editing view 18563* ([[MediaZilla:5512|bug 5512]]) Spacing in "page has a history" deletion 18564warning 18565* ([[MediaZilla:5508|bug 5508]]) Switch ENGINE in table statements back to 18566TYPE; fixes regression where some versions of MySQL 4.0.x wouldn't work 18567* Added note about [[Manual:$wgUrlProtocols|$wgUrlProtocols]] format change 18568 18569== MediaWiki 1.6.2 == 18570 18571April 8, 2006 18572 18573* Further improvements to Hebrew localisation 18574* Fix 'copyright' message for Romanian 18575* ([[MediaZilla:5476|bug 5476]]) Invalid xhtml in German localization 18576* ([[MediaZilla:5479|bug 5479]]) Id translation for preferences tabs caption 18577* ([[MediaZilla:5493|bug 5493]]) Id translation for special pages 18578* Additional path fixes in the updater 18579* ([[MediaZilla:5344|bug 5344]]) Fix regression that broke slashes in extension 18580tag parameters 18581 18582== MediaWiki 1.6.1 == 18583 18584April 5, 2006 18585 18586Some minor issues in the 1.6.0 release have been corrected: 18587* ([[MediaZilla:5458|bug 5458]]) Fix double-URL encoding in block log link in 18588contribs and contribs link in block log 18589* ([[MediaZilla:5462|bug 5462]]) Bogus missing patch warning in updater 18590* ([[MediaZilla:5461|bug 5461]]) Use of deprecated "showhideminor" in 18591Special:Recentchangeslinked 18592* PHP warning when allow_call_time_pass_reference is off 18593* Update to Finnish localization 18594 18595== MediaWiki 1.6.0 == 18596 18597April 5, 2006 18598 18599MediaWiki is now using a "continuous integration" development model with 18600quarterly snapshot releases. The latest development code is always kept "ready 18601to run", and in fact runs our own sites on Wikipedia. 18602 18603Release branches will continue to receive security updates for about a year 18604from first release, but nonessential bugfixes and feature development will take 18605place on the development trunk and will appear in the next quarterly release. 18606 18607Those wishing to use the latest code instead of a branch release can [[Download 18608from SVN|obtain it from source control]]. 18609 18610=== What's new in 1.6 === 18611 18612'''User interface:''' 18613* The account creation form has been separated from the user login form. 18614* Page protection/unprotection uses a new, expanded form 18615 18616'''Templates:''' 18617* Categories and "what links here" now update as expected when adding or 18618removing links in a template. 18619* Template parameters can now have default values, as <nowiki>{{{name|default 18620value}}}</nowiki> 18621 18622'''Uploads:''' 18623* Optional support for rasterizing SVG images to PNG for inline display 18624 18625'''Feeds:''' 18626* Feed generation upgraded to Atom 1.0 18627* Diffs in RSS and Atom feeds are now colored for improved readability. 18628 18629'''Database:''' 18630* MySQL 3.23.x support dropped; 4.0 or later required 18631* Experimental support for Unicode mode of MySQL 4.1/5.0 (moderately tested) 18632* Experimental Oracle support (not well tested!) 18633 18634'''Anti-spam extension support:''' 18635* [[meta:SpamBlacklist extension|SpamBlacklist extension]] now has support for 18636automated cleanup. 18637* Support for a [[meta:ConfirmEdit extension|captcha extension]] to restrict 18638automated spam edits. 18639 18640Numerous bug fixes and other behind-the-scenes changes have been made; see the 18641file HISTORY for a complete change list. 18642 18643== Changes since 1.5 == 18644 18645* (bug 2885) More PHP 5.1 fixes: skin, search, log, undelete 18646 18647Code quality: 18648* Use strval() to make sure we don't accidentally get null on bad revision 18649 text loads or other fields mucking up XML export output 18650* Clean up duplicate code for selection of changeslist style 18651* Correct blob caching to reduce redundant blob loads on backups 18652* (bug 3182) Clear link cache during import to prevent memory leak 18653* Fixed possible infinite loop in formatComment 18654* Wrap message page insertions in a transaction to speed up installation 18655* Avoid notice warning on edit with no User-Agent header 18656* (bug 3649) Remove obsolete, broken moveCustomMessages script 18657* Avoid numerous redundant latest-revision lookups in history 18658* Require PHP 4.3.2 or higher strictly now. 18659* Tweak infinite-template-handling loop for PHP 5.1.1 string handling change 18660* Remove unused OutputPage::addCookie() 18661* Fix for short_open_tag off again; please don't break this, guys 18662* (bug 4507) Adjust FULLPAGENAMEE escaping to standard form 18663* (bug 5302) Merge the two #p-search .pBody statements in monobook css. 18664 18665Database: 18666* Finally dropped MySQL 3.23.x support 18667* Oracle support 18668* (bug 3056) MySQL 3 compatibility fix: USE INDEX instead of FORCE INDEX 18669* Update all stats fields on recount.sql 18670* (bug 3227) Fix SQL injection introduced in experimental code 18671* Fix table prefix usage in Block::enumBlocks 18672* (bug 3448) Set page_len on undelete 18673* (bug 3506) Avoid MySQL error when Listusers returns no results 18674* Skip update of disused 'rc_cur_time' field (todo: discard the field) 18675* (bug 3735) Fix to run under MySQL 5's strict mode 18676* (bug 3786) Experimental support for MySQL 4.1/5.0 utf8 charset mode 18677 NOTE: Enabling this may break existing wikis, and still doesn't 18678 work for all Unicode characters due to MySQL limitations. 18679* MySQL 5.0 strict mode fix for moving unwatched pages 18680* Ability to set the table name for external storage servers 18681* Update ipblocks table in MySQL 5 table defs 18682* Removed FulltextStoplist.php, no longer used (was for MySQL 3.x workaround) 18683* Added templatelinks table, to track template inclusions. User-visible effects 18684 will be: 18685 * (inclusion) tag for inclusions in Special:Whatlinkshere 18686 * More accurate list of used templates on the edit page 18687 * More reliable cache invalidation when templates outside the template 18688 namespace are changed 18689* Respect database prefix in dumpHTML.inc 18690* Removed read-only check from Database::query() 18691* Added externallinks table, to track links to arbitrary URLs 18692* Added job table, for deferred processing of jobs. The immediate application is 18693 to complete the link table refresh operation when templates are changed. 18694* Don't change the password of the MySQL root user. 18695 18696Documentation: 18697* (bug 3306) Document $wgLocalTZoffset 18698 18699Hooks: 18700(list not complete) 18701* Move ArticleSave hook execution into Article insert/update functions, 18702 so they get called on non-EditPage actions that use these functions 18703 to create or update pages. 18704* Added EditFilter hook, and output callback on EditPage::showEditForm() 18705 for a place to add in captcha-type extensions in the edit flow 18706* (bug 3684) Fix typo in fatal error backtraces in Hooks.php 18707* Fix for hook callbacks on objects containing no fields 18708* Add a hook for additional user creation throttle / limiter extensions 18709* Use $wgOut->parse() in wfGetSiteNotice() instead of creating a new parser 18710 instance. This allows use of extension hooks if required. 18711* Added AutoAuthenticate hook for external User object suppliers 18712* Added 'PageRenderingHash' hook for changing the parser cache hash key 18713 from an extension that changes rendering based on nonstandard options. 18714* Add 'GetInternalURL' hook to match the GetFullURL and GetLocalURL ones 18715* (bug 4456) Add hook for marking article patrolled 18716* Add UserRights hook, fires after a user's group memberships are changed 18717 18718Images: 18719* Support SVG rendering with rsvg 18720* Cap arbitrary SVG renders to given image size or $wgSVGMaxSize pixels wide 18721* (bug 3127) Render large SVGs at image page size correctly 18722* Fix scaling of non-integer SVG unit sizes 18723* (bug 2800) Don't scale up small images on |thumb| without explicit size 18724* Use the real file link instead of the default-size rasterized version for 18725 large SVG images on image description page 18726* Include the file name/type/size line for non-resized images 18727* (bug 3489) PHP 5.1 compat problem with captioned images 18728* (bug 3643) Fix image page display of large images with resizing disabled 18729* Added a limit to the size of image files which can be thumbnailed 18730* (bug 3806) Gracefully fall back to client-side scaling on |thumb| image 18731 that passes $wgMaxImageArea 18732* (bug 153) Adjust thumbnail size calculations to match consistently; 18733 patch by David Benbennick 18734* (bug 4162) Add $wgThumbnailEpoch timestamp to force old thumbs to 18735 be rerendered on demand, sitewide 18736* (bug 1850) Additional fixes so existing local and remote images 18737 get a blue link even if there's no local description page 18738* Avoid FATAL ERROR when creating thumbnail of non-existing image 18739* (bug 4207) Wrong image size when using 100x200px syntax to scale image up 18740 patch by David Benbennick 18741* Don't delete thumbnails when refreshing exif metadata. This caused thumbs 18742 to vanish mysteriously from time to time for files that didn't have metadata. 18743* (bug 4426) Add link to user_talk page on image pages 18744* Support a custom convert command for thumbnailing. See DefaultSettings.php 18745 and the comments for $wgCustomConvertCommand, for more information. 18746* UserCan hook now allows advisory return values, rather than mandatory ones. 18747 18748Installer: 18749* (bug 3782) Throw fatal installation warning if mbstring.func_overload on. 18750 Why do people invent these crazy options that change language semantics? 18751* Fixed installer bugs 921 and 3914 (issues with using root and so forth) 18752* (bug 4258) Use ugly urls for ISAPI by default 18753 patch by Rob Church 18754* Improve installer 18755 * Use a superuser account (such as root), if specifed, to create tables 18756 * Don't overwrite conservative permissions on the mySQL user with ALL 18757 permissions, if said user exists 18758 * Changes to some of the wording of explanations for fields 18759* (bug 1734) granting db permissions failed with db usernames containg '-' 18760* Add basic check for session support in PHP and die if not present 18761 18762Maintenance: 18763* Fix problem reported on mailing list where re-initialising stats didn't work 18764 (can't insert duplicate rows with the same id field) 18765* Added --conf option to command line scripts, allowing the user to specify a 18766 different LocalSettings.php. 18767* Maintenance script to delete unused text records 18768* Maintenance script to delete non-current revisions 18769* Maintenance script to wipe a page and all revisions from the database 18770* Maintenance script to reassign edits from one user to another 18771* Maintenance script to find and remove links to a given domain 18772 (cleanupSpam.php) 18773* Fix --report interval option for dumpTextPass 18774 18775i18n / Languages: 18776* Partial support for Basque language (from wikipedia and meta) 18777* (bug 3141) Partial support for Breton language (thanks Fulup). 18778* Support for venitian language 18779* (bug 1334) LanguageGa.php update 18780* Finnish date format was hardcoded, now implemented properly 18781* (bug 3190) Added some date format choices for language sr 18782* (bug 2753) Some namespaces were not translated in LanguageTa.php (Tamil) 18783* (bug 3204) Fix typo breaking special pages in fy localization 18784* (bug 3177) Estonian date formats not implemented in LanguageEt.php 18785* (bug 1020) Changing user interface language does not work immediately 18786* (bug 3271) Updated LanguageNn.php for HEAD 18787* Experimental feature to allow translation of block expiry times 18788 Implementation only for Finnish currently 18789* (bug 3304) Language file for Croatian (LanguageHr.php) 18790* (bug 2143) Update Vietnamese interface 18791* (bug 3063) Remove some hardcodings from Hebrew localisation 18792* (bug 3408) Bulgarian formatNum corrected 18793* (bug 1512) Disable x-code interp on Esperanto URLs for now, it does more 18794 harm than good under current system by breaking incoming URLs with "ux". 18795 (Editing is not affected, just URLs.) 18796* (bug 1423) LanguageJa.php update 18797* Fix language name for dv 18798* (bug 3503) Update LanguageSq.php from sq.wikipedia.org messages 18799* (bug 3629) Fix date & time format for Frisian 18800* (bug 3334) Namespace changes for Polish 18801* (bug 3580) Change default Dutch language file to more neutral 18802* (bug 3656) LanguageHr.php - added convertPlural 18803* (bug 3414) LanguageBe.php - added convertPlural 18804* (bug 3163) Full translation of LanguageBr 18805* (bug 3617) Update for portuguese language (pt) 18806* Namespaces hacks on LanguagePl 18807* (bug 3682) LanguageSr.php - added convertPlural 18808* (bug 3694) LanguageTr.php update 18809* (bug 3711) Removed invisible unicode characters from LanguageHu 18810* (bug 2981) Linktrail for Tamil (ta) 18811* (bug 3722) Update of Arabic language (ar) Namespace changes 18812* Removed hardcoded Norwegian (no) project namespaces 18813* (bug 2324) image for redirects should be without text and oriented according 18814 to content language 18815* (bug 3666) Don't spew PHP warnings in prefs on unrecognized site language 18816* (bug 3817) Use localized date formats in preferences; 'no preference' option 18817 localizable as 'datedefault' message. Tweaked lots of languages files... 18818* (bug 2721) Regression: Use European number separators for vi: wikis 18819* (bug 3961) minor languageDe changes 18820* (bug 1984) LanguageKo.php (Korean) update 18821* (bug 3804) update of LanguageWa.php file 18822* (bug 3886) Update for Portuguese language (pt) 18823* (bug 4020) Update namespaces for ms 18824* (bug 3922) bidi embedding overrides on category links 18825* (bug 4061) Update of Slovene namespace names (LanguageSl.php) 18826* (bug 4064) LanguageDe comma changes 18827* (bug 3922) Further tweaks to bidi overrides in category list for old 18828 versions of Safari and Konqueror 18829* Fix custom namespaces on wikis set for Portuguese 18830* (bug 4153) Fix block length localizations in Greek 18831* (bug 3844) ab: av: ba: ce: & kv: now inherit from LanguageRu.php 18832 ii: & za: now inherit from LanguageZn_cn.php 18833* (bug 4165) Correct validation for user language selection (data taint) 18834* (bug 4192) Remove silly 'The Free Encyclopedia' default sitesubtitle 18835* Use content-lang for sitenotice 18836* (bug 4233) Update LanguageJa.php 18837* (bug 4279) Small correction to LanguageDa.php 18838* (bug 4108, 4336) Remove trailing whitespace from various messages, which 18839 mucks up message updating to create dupe entries 18840* (bug 4389) Fix math options on zh-hk and zh-tw (but not localized) 18841* (bug 4392) Update of LanguageSr.php 18842* (bug 4382) Frisian numeric format 18843* (bug 4424) Update for Spanish language (es) 100% messages translated 18844* (bug 4425) Typos in Polish translation 18845* (bug 4436) Update for Turkish language (tr) 18846* (bug 4413) Update of Farsi language file (LanguageFa.php) 18847* Update for LanguageSr (Serbian): magic words 18848* (bug 137) MediaWiki:Copyrightwarning hardcoding 18849* (bug 4457) Update for Portuguese language (pt) 18850* convertPlural breakage fixed a little 18851* (bug 4144) Support for Sudanese language (Basa Sunda) 18852* Big cleanup: 18853 - Removed obsolote, badly or untranslated messages 18854 - Removed references to wikipedia/wikimedia etc in messages 18855 - Other cleanup, like removing html and javascript and extension calls 18856 - Removed hardcoded namespaces: Tt, Ms, Ia, Ga, Fo, Bn, Csb, He, Nv, Oc, Tlh 18857 - Removed some useless backwards compatibility hacks 18858 - Fixed formatnum on many languages 18859* wgAmericanDates check produced incorrect results in languages that don't have 18860 a such distinction 18861* (bug 4548) Update for Portuguese language (pt): time format 18862* (bug 4530) Use consistent name for Kurdish 18863* Tweak default "upload disabled" text 18864* (bug 4504) Use site language for namespace name resolution 18865* (bug 4510) Correct Barnes & Noble bookstore URLs 18866* (bug 3991) Allow the operation of wikicode on Protect move only text 18867* (bug 4267) Switch dv sd ug ks arc languages to RTL 18868* Default main page content improved per bug 4690 18869* (bug 4615) Update for Portuguese language (pt) 18870* Separated MessagesSl.php as the other languages. 18871* (bug 4960) Add additional namespaces variants to Yiddish for compatibility 18872* (bug 4805) Removed more wikipedia-references from MessagesUk.php 18873* (bug 5015) Update magic words translation in LanguageBe.php 18874* (bug 4859) Update for Portuguese messages (pt) 18875* (bug 4788) One string for MessagesPl 18876* Restriction types now use restriction-* messages instead of ui messages 18877* (bug 4685) Slovenian LanguageSl.php hardcodes project namespace 18878* (bug 5097) Fix Hungarian language (hu): thousands separator 18879* (bug 5098) Update for Portuguese messages (pt) 18880* (bug 5113) Spelling error in French language file 18881* (bug 5105) Magic words for LanguageAr.php 18882* (bug 3993) Variants for Serbian language 18883* Typo in English messages file 18884* (bug 4114) Spacing in watchlist rows (in editing mode) 18885* Update default "exporttext" to reflect that Special:Import exists 18886* (bug 4960) Add additional namespaces variants to Yi projects: Yiddish Wikinews 18887 fix 18888* (bug 5357) Add the icon near the user name also in RTL interfaces 18889* (bug 5156) Update for Hebrew language (he) 18890* (bug 4497,4704,5010) Added some new language codes. 18891* (bug 5362) Piedmontese added 18892* (bug 5349) Update for Portuguese messages (pt) 18893* (bug 3573) Finished full Greek translation: namespaces 18894* (bug 5288) Initial localisation for Az 18895* (bug 4361) Fix "allmessagesnotsupportedui" so it doesn't refer to nonexisting 18896 page 18897* Tweak wording of "allmessagesnotsupporteddb" 18898 18899Parser: 18900* (bug 2522) {{CURRENTDAY2}} now shows the current day number with two digits 18901* (bug 3210) Fix Media: links with remote image URL path 18902* (bug 3405) Don't use raw letters as aliases of MSGNW: and SUBST: 18903* (bug 3412) Clean up date format handling so ~~~~-sigs work with default 18904 format as designed. Documentation comments updated. 18905* Fix Parser::unstrip on PHP 5.1.0RC4 18906* (bug 3797) Don't expand variables and sigs in comments 18907* Allow parser cache on redirect targets 18908* Run wikitext-escaping on plaintext sigs (no wiki markup, just name) 18909* Check for unbalanced HTML tags on raw sigs (markup allowed, but show 18910 a warning in prefs and use default sig if not balanced) 18911* Respect <noinclude> and <includeonly> during {{subst:}} expansion as well as 18912 ordinary templates. 18913* Support <includeonly> in templates loaded through preload= parameter 18914* (bug 3979) Save correct {{REVISIONID}} into parser cache on edit 18915* Substitute {{REVISIONID}} correctly in diff display 18916* (bug 1850) Allow red-links on image pages linked with [[:image:foo]] 18917* Fix XML validity checks in parser tests on PHP 5.1 18918* (bug 4377) "[" is not valid in URLs 18919* (bug 4453) fix for __TOC__ dollar-number breakage 18920* Convert unnecessary URL escape codes in external links to their equivalent 18921 character before doing anything with them. This prevents certain kinds of 18922 spam filter evasion. 18923* (bug 4783) : Fix for "{{ns:0}} does not render" 18924* Improved support for interwiki transclusion 18925* (bug 1850) Image link to nonexistent file fixed. 18926* (bug 5167) Add {{SUBPAGENAME}} and {{SUBPAGENAMEE}} variables 18927* (bug 4949) Missing : in "addedwatchtext" for English and Spanish 18928* Allow user-defined functions, which work in a similar way to {{GRAMMAR:}} 18929 etc. Registered via an interface similar to tag hooks. 18930 18931Upload: 18932* (bug 2527) Always set destination filename when new file is selected 18933* (bug 3076) Support MacBinary-encoded uploads from IE/Mac 18934* (bug 2554) Tell users they are uploading too large file 18935* Support for a license selection box on Special:Upload, configurable from 18936 MediaWiki:Licenses 18937* Add 'reupload' and 'reupload-shared' permission keys to restrict new uploads 18938 overwriting existing files; default is the old behavior (allowed). 18939 18940Security: 18941* (bug 3244) Fix remote image loading hack, JavaScript injection on MSIE 18942* (bug 3280) Respect 'move' group permission on page moves 18943* (bug 2613) Clear saved passwords from the form 18944* IP privacy fix for blocklist search on autoblocks 18945* Security fix for <math> 18946* Security fix for tables 18947* Security fix for Special:Upload license selection list 18948* Add UploadVerification hook for custom file upload validation/security checks 18949* Blacklist additional MSIE CSS safety tricks 18950* Fix meta robots tag on Special:Version again to avoid listing vulnerable 18951 versions for convenient harvesting by automated worms 18952* Sanitizer CSS comment processing order fix 18953* Forbid usernames that can be interpreted as titles with namespaces, as that 18954 leads to hard-to-manage names. 18955* (bug 4071) Generate passwords long enough for $wgMinimalPasswordLength 18956* Add createpage and createtalk permission keys, allowing a quick 18957 switch to disable page creation for anonymous users. 18958* (bug 675) Add page protection level for unregistered/new accounts 18959* User::isNewbie now uses the registration date and $wgAutoconfirmAge 18960* Add 'deletedhistory' permission key for ability to view deleted history 18961 list via Special:Undelete. Default is off, replicating the 1.5 behavior, 18962 but it can be turned back on for random users to replicate the previous 18963 1.6 dev behavior. 18964* Set cookies to secure mode based on use of HTTPS or $wgCookieSecure 18965* (bug 4371) Disallow tilde character in signatures 18966* Removed broken wgAllowAnonymousMinor and added new group right minoredit 18967* Added detection for WMF files (application/x-msmetafile), added this 18968 MIME type to the default blacklist. Prevented inline display of images 18969 which are not of known image types. This is in response to 18970 http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability 18971* Blocked users can no longer roll back, change the protection of, or 18972 delete/undelete pages 18973* Protect against spoofing of X-Forwarded-For header 18974* XSS issue : now sanitize search query input (fixed in 1.5rc3) 18975* Remove deprecated $wgOnlySysopsCanPatrol references; use 18976 User::isAllowed( 'patrol' ) 18977 per bug 5282. Patch by Alan Harder. 18978* Prevent registration/login with the username "MediaWiki default" 18979 18980Special Pages: 18981* Rearranged Special:Movepage form to reduce confusion between destination 18982 title and reason input boxes 18983* (bug 1956) Hide bot uploads from Special:Newimages 18984* (bug 3220) Fix escaping of block URLs in Recentchanges 18985* (bug 3284) Ipblocklist paging, substring search 18986* Allow filtering of robot edits in Special:Watchlist by setting 18987 $wgFilterRobotsWL = true. 18988* Fix interlanguage links on special pages when extra namespaces configured 18989* (bug 3475) anon contrib links on Special:Newpages 18990* Special:Import/importDump fixes: report XML parse errors, accept <minor/> 18991* (bug 2369) Add separate message for input box on Special:Prefixindex 18992* (bug 3798) DoubleRedirects no longer has hard coded arrows 18993* (bug 3803) Fix links on Special:Wantedcategories with miser mode off 18994* Fix Special:BrokenRedirects on MySQL 5.0 18995* (bug 3807) Fix 'all' in namespaces drop-down on contribs, rc 18996* Fail gracefully on invalid namespace in Special:Newpages 18997* (bug 3762) Define missing Special:Import UI messages 18998* (bug 3761) Avoid deprecation warnings in Special:Import 18999* (bug 2894) Enhanced Recent Changes link fixes 19000* (bug 4059) fix 'hide minor edits' on Recentchangeslinked 19001* (bug 146) List number of category members in Special:Categories 19002 (patch by Joel Nothman) 19003* (bug 4090) Fix diff links in Special:Recentchangeslinked 19004* (bug 4093) '&bot=1' in Special:Contributions now propagate to other links 19005* Fix display of old recentchanges records for page moves 19006* (bug 360) Let Whatlinkshere track [[:image:foo]] links 19007* (bug 3073) Keep search parameter on paging in Special:Newimages 19008* Removed Special:Validate, it's been superseded by the Review extension 19009* (bug 4359) red [[user:#id]] links generated in [[special:Log]] 19010* (bug 1996) Special page to list redirects 19011* (bug 4334) Add "watch" links to Special:Unwatchedpages 19012* Generate target user page links in Special:Ipblocklist where appropriate 19013 (i.e. not an autoblock) 19014* Generate link to talk page of the blocker in Special:Ipblocklist, move 19015 contribs. link of the target next to their name 19016* (bug 2714) Backlink from special:whatlinkshere was hard set as 'existing' 19017* Move parentheses out of <a> link in Special:Contributions 19018* (bug 3192): properly check 'limit' parameter on Special:Contributions 19019* (bug 3187) watchlist text refer to unexistent "Stop watching" action 19020* Add block, block log and general log links to Special:Contributions 19021* Add contributions link to block log items 19022* Added optional "hide own edits" feature to Special:Recentchanges 19023* (bug 5018) Anchors for each message in Special:Allmessages 19024* Introduce $wgWantedPagesThreshold per bug 5011; Special:Wantedpages will not 19025 list pages with less than this number of links. Defaults to 1. 19026* (bug 4319) Don't show a "create account" link on the login form when 19027 account creation is disabled. 19028* JavaScript filter for Special:Allmessages 19029* (bug 3047) Don't mention talk pages on Special:Movepage when there isn't one 19030* Show links to user page, talk page and contributions page on Special:Newpages 19031* Special:Export can now export a list of all contributors to an article (off by 19032 default) 19033* (bug 5372) Add number of files to Special:Statistics 19034* (bug 2871) Links to talk pages in watchlist editing view 19035* (bug 5385) Allow hiding anonymous edits on Special:Recentchanges 19036* (bug 2544) Illogical error reporting order in Special:Userlogin 19037* (bug 5409) Hide "show/hide patrolled edits" in Special:Recentchanges if 19038 patrolling is disabled 19039* (bug 5447) Convert first letter of username to uppercase before searching in 19040 Special:Listusers 19041* (bug 759) Wrap redirects on the watchlist editing page in a span, class 19042 "watchlistredir" 19043* (bug 1862) Namespace filtering in watchlists 19044 19045Misc.: 19046* PHP 4.1 compatibility fix: don't use new_link parameter to mysql_connect 19047 if running prior to 4.2.0 as it causes the call to fail 19048* (bug 3117) Fix display of upload size and type with tidy on 19049* (bug 2323) Remove "last" tabindex from history page 19050* (bug 3116) Division by zero on [[Image:Foo.png|123x123px|]] 19051* Fix display of read-only lockfile message 19052* Include software-visible client IP address in Special:Version comment 19053 as a proxy debugging aid 19054* (bug 3170) Page Title failed to obey MediaWiki:Pagetitle. 19055 wikititlesuffix was removed 19056* Add ability to break off certain debug topics into additional log files; 19057 use $wgDebugLogGroups to configure and wfDebugLog() to log. 19058* Edit conflict on recreation of deleted page 19059* (bug 3216) Don't show empty warning page when no warnings. 19060* (bug 3218) Use proper quoting on history Compare Revisions button 19061* Fix upgrade from 1.4 due to version number check breakage [for rc future] 19062* Fix upgrade from 1.4 with no old revisions 19063* Remove "info" editing toolbar that was shown in browsers which do not 19064fully support the editing toolbar, but was found to be too confusing. 19065* Don't override edit conflict suppression on section edits; section merging 19066 should provide the expected transparency here and fits usage patterns better. 19067* (bug 3292) Fix move-over-redirect test when current entries are not plaintext 19068* (bug 2078) Don't hide watch tab on preview 19069* Fix regressions in ChangesList traditional layout 19070* Fix edit on double-click for move-protected pages in Classic skin 19071* (bug 3485) Fix bogus warning about filename capitalization when off 19072* (bug 2570) Add 'watch this page' checkbox on uploads, watch uploads 19073 by default when 'watchdefault' option is on 19074* Add options to dumpBackup.php for making split/partial dumps by page id 19075* Added filter options, compression piping, and multiple output streams for 19076 dumpBackup.php 19077* (bug 3595) Warn and abort if importDump.php called in read-only mode. 19078* (bug 3598) Update message cache on message page deletion, patch by Tietew 19079* Added separate noarticletext and newarticletext messages for logged in and 19080 anon users. 19081* (bug 3332) Installation now uses Monobook, validates, plus usability 19082 improvements. 19083* (bug 3660) Update diff3 detection to work with Windows/Cygwin 19084* (bug 2330) Don't do funny thinks with "links" in MediaWiki:Undeletedtext 19085* Two-pass data dump for friendliness to the DB (--stub, then dumpTextPass.php) 19086* Data dump 'prefetch' mode to read normalized text from a prior dump 19087 (requires PHP 5, XMLReader extension) 19088* (bug 2773) Print style sheet no longer overrides RTL text direction 19089* (bug 2938) Update MediaWiki:Exporttext to be more general 19090* Various fixes 19091* Fix wfMsg*() replacements; args containing literal $[2-9] were wiped 19092* Added @import for [[MediaWiki:Common.css]] to all skins 19093* Edit box now remembers scrollbar position on preview 19094* (bug 3816) Throw edit conflict instead of fatal error when a page is 19095 moved or deleted during section edit 19096* (bug 3771) Handle internal functions in backtrace in wfAbruptExit() 19097* (bug 3291) 'last' diff link for last history line when not at end 19098* (bug 3667) Add missing global in page move code 19099* (bug 2885) Remove unnecessary reference parameter which broke classic skin 19100 talk notification on PHP 5.0.5 19101* (bug 3852) "Redirected from" link no longer obscured on double-redirects 19102* changed directory hierarchy in images/math/. System upgrades from old to 19103 new hierarchy on the fly. 19104* (bug 3487) Fix category edit preview with preview-on-bottom 19105* (bug 918) Search index incorrectly joined words at == headings == 19106* (bug 3877) Render math images into temp directory, then move to hashed 19107 subdir so you can render new math images and have them work 19108* (bug 2392) Fix Atom items content type, upgrade to Atom 1.0 19109* Allow $wgFeedCacheTimeout of 0 to disable feed caching 19110* Fix WebRequest::getRequestURL() to strip off the host bits squid prepends 19111* Require POST for action=purge, to stop bots from purging the cache 19112* Added local message cache feature ($wgLocalMessageCache), to reduce bandwidth 19113 requirements to the memcached server. 19114* (bug 3562) for go search, try Caps-Variants-Broken-At-Non-Whitespace 19115* (bug 2569) Use PATH_SEPARATOR instead of trying to guess based on 19116 DIRECTORY_SEPARATOR (was wrong on NetWare) 19117* (bug 2740) Accept image deletions on 'enter' submit from MSIE 19118* (bug 3939) Don't try to load text for interwiki redirect target 19119* (bug 3948) Avoid notice warning in debug statement in bad search 19120* Recognize Special:Search consistently so read whitelist works 19121* (bug 3999) Change atom 1.0 feed id; had been unnecessarily complex due to 19122 unclear language in the spec. Now using the URL, same as the permalink, 19123 which someone else will probably whine about because it's not 'perma' 19124 enough or something. 19125* (bug 4014) Fix include mode for Allpages on small page sets 19126* (bug 3996) Fix text for new entries in RC RSS/Atom feed 19127* (bug 3065) Update both watched namespaces when renaming pages 19128* Changed mail form to have a bigger message entry box (like for editing 19129 a page 19130* Fix ulimit parameters for wfShellExec when memory_limit is specified in 'm' 19131* (bug 2111) Collapsable exif metadata table, clean up display 19132* Reduce fractions in display of exif exposure time 19133* (bug 4048) Optional footer link to site privacy policy 19134* Don't die() when update.php reaches the end of the warning count 19135* (bug 1915) Fix edit links when 'direction' used with 'oldid'; 19136 using revision ID reported via OutputPage; Skin::editUrlOptions() 19137* Remove obsolete 'redirect=no' on some edit links 19138* Include oldid for the second revision on edit link on diff view 19139* (bug 4035) Fix prev/next revision links on edit page 19140* (bug 4100, 3049) Add 'edittools' message to hold edit tools, put it 19141 on Special:Upload as well as edit, rearrange edit page pieces a bit. 19142 Copyright warning now above the buttons to ensure it's visible, 19143 template list at the bottom so it can grow. 19144* Optional summary parameter to action=rollback, for user javascript 19145* (bug 4167) Fix regression caused by patch for bug 153 19146* (bug 4169) Use $wgLegalTitleChars in pipe trick conversions 19147* (bug 4170) Decode HTML character escapes in sort key 19148* (bug 4201) Fix user-talk mode for Enotif, and general code cleanup 19149* (bug 4214) Skip redundant action text inserts into the HTML <title> 19150* (bug 4212) Skip redundant meta-robots tag for default settings 19151* Fix regression: old version missing from edit links in Nostalgia skin 19152* (bug 1600) Trigger edit conflict on duplicate section=new submissions 19153* (bug 4001) Use local variables properly in wikibits.js akeytt() 19154* Fix regression: old version missing from edit links on CSS/JS pages 19155* (bug 3211) Include Date, To mail headers when using PEAR::Mail 19156* (bug 3407) Fix encoding of subject and from/to headers on notification 19157 mails; userMailer() now takes a MailAddress wrapper object instead of 19158 a raw string to abstract things a level. 19159* Fixed --server override on dumpTextPass.php 19160* Added plugin interface for dumpBackup, so additional filters and output 19161 sink types can be registered at runtime from an extension 19162* (bug 349) Fix for some numeric differences not being highlighted 19163 patch by Andrius Ramanauskas 19164* (bug 4298) Include rc_id on enhanced RC singleton diff links for patrolling 19165* Did some refactoring on ChangesList.php merging dupe code 19166* (bug 1586) Fix interwiki generator for wikimedia obscure domains 19167* (bug 3493) Mark edits patrolled when they are reverted 19168 patch by Leon Planken 19169* Removed experimental Amethyst skin from default set 19170* Upgrade old skin preferences properly at Special:Preferences 19171 (used to spontaneously switch to Classic skin for old numeric pref records) 19172* (bug 3424) Update page_touched for category members on category page creation 19173* Log views show message when no matches 19174* Fix raw sitenotice display on database error 19175* Fix autoconfirm check for old accounts 19176* (bug 4368) Don't show useless empty preview on new section creation 19177* Don't show useless empty preview on new page creation 19178* (bug 4411) Fix messages diff link for classic skin 19179* (bug 4385) Separate parser cache entries for non-editing users, so section 19180 edit links don't vanish / appear unwanted on protected pages 19181* (bug 2726, 3397) Fix [[Special:]] and [[:Image]] links in action=render 19182* (bug 4419) Remove obsolete magnify.png.old 19183* Removed $wgUseCategoryMagic option, categories are now enabled unconditionally 19184* (bug 3318) UI workarounds for disabled items in license selector 19185 MSIE/Win: items now grayed out, JS will revert to 'non selected' if clicked 19186 Safari: JS will revert to 'non selected' if clicked (but not gray) 19187 MSIE/Mac: indented items now visible (JS hack) 19188* (bug 714) "plainlinks" class issues in IE, Opera 19189* (bug 4317) Inconsistent "broken redirects" messages 19190* Default interface text for "selflinks" tweaked 19191* (bug 3194) default implementation of translateBlockExpiry 19192 which uses ipboptions 19193* (bug 4446) $wgExportAllowHistory option to explicitly disable history in 19194 Special:Export form, 'exportnohistory' message to translate live hack. 19195* Maintenance script to delete unused user accounts 19196* (bug 912) Search box easier to reach in text browsers (lynx, links) 19197* $wgParserCacheExpireTime added 19198* Skip loading of RecentChange.php except where needed 19199* Enforce $wgSVGMaxSize when rendering, even for SVGs with a very large source 19200 size. This is necessary to limit server memory usage. 19201* Cleanup and error checking on Special:Listredirects 19202* Clear up some instances of old OutputPage::sysopRequired() function usage 19203* Improve "upload disabled" notice 19204* Move parts of index.php to include/Wiki.php in an attempt to both cleanup 19205 index.php and create a MediaWiki-class mediaWiki base object 19206* (bug 4104) Added OutputPageBeforeHTML hook for tweaking primary wiki output 19207 HTML on final output (cached or not) 19208* Avoid PHP notice on command-line scripts if empty argument is passed ('') 19209* (bug 4571) Partial fix hack for {{fulllurl:}} in action=render 19210* (bug 3502) Bowtie symbol for TeX 19211* (bug 4000) Support for \textstyle et al. in <math> 19212* (bug 1663) support color in TeX formulas 19213* (bug 2026) missing glue around \not= (TeX) 19214* (bug 4576) Missing '>' broke license selector's first option in IE, Opera 19215* Override $wgLocaltimezone in parser tests for us outside Iceland and UK 19216* Fix extra whitespace at end of Wiki.php, DESTROYS XML OUTPUT 19217* Remove redundant 'echo' statements from MonoBook.php 19218* (bug 1103) Fix up redirect handling for images, categories 19219 Redirects are now followed from the top-level, outside of the Article 19220 content loading and viewing, for clarity and consistency. 19221* (bug 4104) 'OutputPageBeforeHTML' hook to postprocess article HTML on 19222 page view (comes after parser cache, if used). Patch by ThomasV. 19223* Linker::formatComment corrupted the passed title object on PHP 5 19224 if the comment included a section link. Use clone() to make a safe copy. 19225* Add wfClone() wrapper since we're still using PHP 4 on some servers. 19226* Remove obsolete killthread.php 19227* Added wfDie() wrapper, and some manual die(-1), to force the return code 19228 to the shell to return nonzero when we crap out with an error. 19229* Allow input of the stub from a compressed file instead of stdin 19230 for dumpTextPass.php; easier to get errors back on the shell 19231* Added an attractive space on the namespace selector on contribs 19232* Move PHP 5-friendly XHTML doctype hack to Sanitizer, use for sig checks. 19233 Fixes use of named entities in sigs on PHP 5 19234* (bug 4482) Include move comment on the null edit as well as the redirect 19235* (bug 3990) Use existing session name if session.auto_start is on 19236 Fixes checks for open sessions, such as the cookie warning on login. 19237 Patch by Zbigniew Braniecki. 19238* Add cache-safe alternate sitenotice for anonymous users. 19239 (MediaWiki:Anonnotice) This is displayed instead of the regular sitenotice, 19240 if it exists. If not, the regular sitenotice shows. If that doesn't exist, 19241 the value of $wgSiteNotice is used, and if that's null, then nothing is shown. 19242* Spit the generated LocalSettings code out during the installer as an aid 19243 to debugging issues. (Keep this?) 19244* Use __FILE__ to form path in new LocalSettings.php, so it stays accurate 19245 when the directory is relocated for typical usage. 19246* Auto-update $wgCacheEpoch when LocalSettings.php changes on new installs. 19247 For typical usage this will be a light burden and should reduce confusion 19248 when the configuration is edited. 19249* Fix $wgCacheEpoch's effect on client-side caching. 19250* (bug 1122) gray out 'older revision' when viewing first article revision. 19251* Clearer message in DefaultSettings.php: edit LocalSettings.php instead 19252* MonoBook skin top link id changed from "contentTop" to "top" (shared with 19253 name attribute) 19254* (bug 3350) Missing label for move talk page checkbox. 19255* (bug 2108) Sort entries when using category browser 19256* (bug 2393) Fix MIME type for Atom feeds ( application/rss+atom ) 19257* Add ".deps.php" include-file preloaders for some dynamically-loaded 19258 language and skin classes. Should help with the broken base-class 19259 problem under PHP 5 with APC as opcode cache. See details: 19260 http://mail.wikipedia.org/pipermail/wikitech-l/2006-January/033660.html 19261* Small changes to tabs in Monobook skin c/o Chris Ware 19262* (bug 4679) Work around buggy basename() function in PHP5, which breaks 19263 uploads of files starting with multibyte characters on Linux. 19264 wfBaseName() doesn't suffer this bug, and understands backslash on 19265 both Unix and Windows. 19266* (bug 3603) headscripts variable not hooked up to MonoBook skin 19267* Allow local cdb-based interwiki cache 19268* Use the "block", not the "protect" permission, when determining whether to 19269 show a "block user" link in the toolbox 19270* Fix backup dump text prefetch for XMLReader constant changes in PHP 5.1 19271* Suppress useless percentage indicator on output from 7za during dumps 19272* (bug 4633) Add (previous 200) (next 200) also above catlinks 19273* (bug 4686) Fix regression where ?diff=0&oldid=0 caused fatal error on 19274 pages with only one revision. Fixes message diff link on first edit. 19275* Fix dependence on hardcoded UNIQ_PREFIX in LanguageConverter.php 19276* Do not check lag on external storage servers 19277* Do not tidy interface messages (unless full tidy is set) 19278* Do not trust equality propagation and give more hints to MySQL 19279 optimizer for revision fetches (avoids index scans) 19280* Use revision rate for ETA in dump generation; it tends to be more stable 19281 than the per-page count for full-history dumps. 19282* Include timestamp in wfDebugLog breakouts 19283* (bug 4469) Namespace-specific notice to be displayed below site-notice 19284 Edit messages like "MediaWiki:Namespacenotice-" plus namespace name 19285 which is blank for main namespace, or like e.g. "User_talk" 19286* Adjust user login/creation form hooks to work with a captcha plugin 19287* (bug 1284) Inline styles for diffs in Recent Changes RSS/Atom feeds 19288* (bug 4824) IE7 beta 2 broke compatibility with PNG logo workarounds, 19289 and seems to work ok with other bits. No longer including the IE 19290 workarounds JavaScript for IE 7 and above. 19291* Fix extra namespace for Bulgarian 19292* (bug 4303) Add $wgFavicon to change the shorticon icon link from 19293 the default /favicon.ico or disable it (if set to false) 19294* (bug 3347) strip linebreaks in math error source 19295* (bug 4841) Warning for non-logged-in edits 19296* (bug 4867) Leave invalid EXIF date fields unformatted instead of 19297 showing a bogus current timestamp 19298* Reset $wgActionPaths during parser test; corrects some false failures 19299 in the automated test report. 19300* (bug 4875) Define a div containing the shared image description 19301* (bug 4860) Expose Title->userCan() as Hooks 19302* (bug 4828) Fix genitive month-name variable for cs, pl, uk 19303* (bug 4842) Fix 'show number of watching users' with enhanced RC 19304* (bug 4889) Fix image talk namespace for Tamil 19305* (bug 4147) Added cleanupWatchlist.php to clear out bogus watchlist entries 19306* (partial bug 3456) Disable auto redirect to Main Page after account creation 19307* (bug 4824) Separate out IE7 CSS compat hacks, fix for RTL pages 19308* Added support for wikidiff2 and similar external diff engines. 19309* Allow cookies to be shared between multiple wikis with a shared user database 19310* Blocking some Unicode whitespace characters in usernames. Should check 19311 if some or all should be blocked from all page titles. 19312* Unknown log types no longer throw notices everywhere in RecentChanges 19313* (bug 4502, 5017) Don't render potentially hostile deleted page contents 19314 on Special:Undelete by default; show source, with an optional preview. 19315 The revisions list no longer shows the latest text by default, so it can 19316 still be operated if the text is hostile. 19317* (bug 5013) Check for existence on "return to" links 19318* Removed trailing whitespace on a bunch more messages. 19319* Fix missing bad title check in Special:Booksources 19320* Remove empty booksources string in fy 19321* Avoid corrupting <gallery> inside <!-- comment --> 19322* Remove legacy PHPTal code, hasn't been maintained in ages. 19323* Tweak Userlogin include order for APC issue 19324* Don't try to link to current page on protection tab 19325* More exact checking in Title::equals() to fox moves of numerically similar 19326 page titles. (Odd hex title bug on 64-bit.) 19327* Fix explicit s-maxage=0 on raw pages; should help with proxy issues in 19328 generated stylesheets... hopefully... 19329* (bug 4685) More fixes for Slovenian project namespace 19330* Fixed and enhanced a little the Live Preview, which had been broken for some 19331 time 19332* Added article size limit, $wgMaxArticleSize 19333* (bug 4974) Don't follow redirected talk page on "new messages" link 19334* (bug 4970) Make category paging limits configurable 19335* (bug 4535) Warn user when editing CSS or JS subpage of a skin that doesn't 19336 exist 19337* Make Live Preview an user preference, still controllable by the global 19338 variable 19339* Rename the stub LanguageAls / LanguageGem_alsation to LanguageGsw to follow 19340 updated language code assignments 19341* (bug 5081) Remove bogus fix for invalid characters in links which simply 19342 broke use of legitimate multiple whitespace characters in bracketed link. 19343* (bug 4838) Add relative oldids (prev, next, cur) for raw pages 19344 Patch by Lupin 19345* (bug 5086) Force image resize dimensions on ImageMagick, as for instance 19346 "-resize 100x35!"; some thumbs were off due to differences in rounding and 19347 would be generated smaller than expected. 19348* (bug 5062) Width sometimes one pixel short when using maximum heights 19349* Purge thumbnails and metadata cache for action=purge on an image page 19350* (bug 4273) Bounce back with a message when attempting to submit a new comment 19351 with an empty main textbox (user probably hit Enter in subject field) 19352* (bug 5141) Gracefully handle the new account link when createaccount off 19353* (bug 5150 and related) Fix missing ID attribute in HTML namespace selector 19354* (bug 5152) Proper HTML escaping on subpage breadcrumbs 19355* (bug 4855) Section edit links now have the section name in the title 19356 attribute. 19357* (bug 2115) Support shift-selecting multiple checkboxes with JavaScript. 19358* (bug 5161) Don't try to load template list for nonexistent pages 19359* (bug 5228) Workaround for broken LanguageConverter title overrides; avoid 19360 unnecessary hidden UI work when watch/unwatch is performed on edit 19361* Fixed bogus master fallback in external storage 19362* (bug 5246) Add speak:none to "hiddenStructure" class in main.css 19363* Further work on rev_deleted; changed to a bitfield with several data-hiding 19364 options. Not yet ready for production use; Special:Revisiondelete is 19365 incomplete, and the flags are not preserved across page deletion/undeletion. 19366 To try it; add the 'deleterevision' permission to a privileged group. 19367* (bug 5270) Fix broken linktrail for br, cv, fr, hr, nn, oc, ta, wa 19368* Add a clickable contribs link in user tool links (rc, watchlist, diff view) 19369 to see how people like it. (There was one in the old hacked-up diff view.) 19370* (bug 5236) Load wikibits.js before site-customized javascript 19371* (bug 4119) Workaround for <nowiki> following link in Walloon; remove capitals 19372 from linktrail, as they're not used anywhere else. 19373* (bug 4781) Output links with the percent-encoding they're supplied with; 19374 save the normalization for internal link storage. The normalization is a bit 19375 buggy and can make incorrect foldings in the query string and such, so isn't 19376 reliable beyond the hostname where it's used for the spam bulk checker. 19377* Don't URL-decode in the title attribute for URL links; it can produce false 19378 results that don't code back to their original values. 19379* (bug 4611) Add user preference (default on) to add new pages to creators's 19380 watchlist 19381* (bug 5286) Fix regression in display of missing/bad revision IDs 19382* (bug 4729) Add user preference that marks a user's edits as patrolled if user 19383 is able to 19384* (bug 4630) Add user preference to prompt users when entering blank edit 19385 summaries 19386* Added optional suggest feature for the search box. Set wgUseAjax to true to 19387 enable it. 19388* (bug 5277) Use audio/midi rather that audio/mid 19389* (bug 5410) Use namespace name when a custom namespace's nstab-NS message is 19390 nonexistent 19391* (bug 5432) Fix inconsistencies in cookie names when using table prefixes 19392* Additional protections against HTML breakage in table parsing 19393* (bug 5355) Include skin name and style JS settings in page source; 19394 fixes regression where Opera 6/7 and KHTML CSS fixes weren't applied 19395 when wikibits.js was moved up before user JS inclusion. 19396* Added $wgColorErrors: if set, database error messages will be highlighted 19397 when running command-line scripts in a Unix terminal. 19398* (bug 5195) rebuildrecentchanges.php works again; Database::insertSelect now 19399 has a parameter for select options. 19400* Fix updateSearchIndex.php for new schema 19401* Fix bogus "filename too short" error when uploading files with a period in the 19402 base name, e.g. "Mr. Zee.png" 19403* (bug 2139) Show page title in subtitle when viewing "read only" page 19404* (bug 5452) Update language name for Cree 19405 19406== Compatibility == 19407 19408Older PHP 4.2 and 4.1 releases are no longer supported; PHP 4 users must 19409upgrade to 4.3 or later. 19410 19411MediaWiki 1.6 is the last major version to support PHP 4; future versions will 19412require PHP 5. 19413 19414MySQL 3.23.x is no longer supported; some older hosts may need to upgrade. 19415At this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases. 19416 19417== Upgrading == 19418 19419Several changes to the database have been made from 1.5; these are relatively 19420minor but do require that the update process be run before the new code will 19421work properly: 19422 19423* A new "templatelinks" table tracks template inclusions. 19424* A new "externallinks" table tracks URL links; this can be used by a mass 19425spam-cleanup tool in the SpamBlacklist extension. 19426* A new "jobs" table stores a queue of pages to update in the background; this 19427is used to update links in including pages when templates are edited. 19428 19429To ensure that these tables are filled with data, run refreshLinks.php after 19430the upgrade. 19431 19432If you are upgrading from MediaWiki 1.4.x or earlier, some major database 19433changes are made, and there is a slightly higher chance that things could 19434break. Don't forget to always back up your database before upgrading! 19435 19436=== Caveats === 19437 19438Some output, particularly involving user-supplied inline HTML, may not produce 19439100% valid or well-formed XHTML output. Testers are welcome to set $wgMimeType 19440= "application/xhtml+xml"; to test for remaining problem cases, but this is not 19441recommended on live sites. (This must be set for MathML to display properly in 19442Mozilla.) 19443 19444 19445= MediaWiki 1.5 = 19446 19447== MediaWiki 1.5.9 == 19448* (bug 3359) Add hooks on completion of file upload 19449 19450== MediaWiki 1.5.8 == 19451 19452March 26, 2006 19453 19454MediaWiki 1.5.8 is a security and bugfix maintenance release. 19455 19456A bug in decoding of certain encoded links could allow injection of raw 19457HTML into page output; this could potentially lead to XSS attacks. 19458 19459Some minor UI fixes were also made, see the change log at the bottom of 19460this file. 19461 19462 19463== MediaWiki 1.5.7 == 19464 19465March 2, 2006 19466 19467MediaWiki 1.5.7 is a bugfix maintenance release. 19468 19469Most importantly, a security issue in the installer has been fixed. The bug 19470affects new installations of 1.5.6 only. If the user specified the MySQL root 19471password, to allow the installer to create an unprivileged account, the 19472installer would not only create the new account but also change the root 19473password to be equal to the password of the new account. 19474 19475Anyone affected by this bug will need to change the root password back 19476manually. For information about how to change passwords in MySQL please see: 19477http://dev.mysql.com/doc/refman/5.1/en/passwords.html 19478 19479This version includes fixes for compatibility with Internet Explorer 7 19480beta 2, and various other bugs; see the full changelog at the end of 19481the release notes. 19482 19483 19484== MediaWiki 1.5.6 == 19485 19486January 19, 2006 19487 19488MediaWiki 1.5.6 is a security and bugfix maintenance release. 19489 19490A bug in edit comment formatting could send PHP into an infinite loop 19491if certain malformed links were included. In most installations, this 19492would cause the script to fail after PHP's 30-second failsafe timeout. 19493 19494Some improvements have been made to the installer which should make 19495installation possible on a system with a broken MySQL "root" account. 19496 19497For several other minor fixes, see the complete changelog at the end 19498of this file. 19499 19500 19501== MediaWiki 1.5.5 == 19502 19503January 5, 2006 19504 19505MediaWiki 1.5.5 is a security and bugfix maintenance release. 19506 19507Detection for uploads of Windows Metafile (.wmf) images has been added 19508to help protect against a client-side vulnerability in unpatched Microsoft 19509Windows operating systems. 19510 19511Sites which have enabled uploads and added non-standard file types 19512(such as .ogg, .doc, or .pdf) should upgrade to this release to ensure 19513that malicious .wmf files can't be uploaded with a fake extension; 19514such files could put visitors to the site at risk. 19515 19516For more details on this, see: 19517http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability 19518 19519Additionally, a maintenance script removeUnusedAccounts.php has been added; 19520this replaces an older Perl script which had not been updated for the new 19521schema in 1.5. 19522 19523 19524== MediaWiki 1.5.4 == 19525 19526December 21, 2005 19527 19528MediaWiki 1.5.4 is a security and bugfix maintenance release. 19529 19530A hardcoded internal placeholder string has been replaced with a random 19531one. This closes a hole where security checks in inline style attributes 19532could be bypassed, injecting JavaScript code that could execute in 19533Microsoft Internet Explorer. 19534 19535Other browsers would not be vulnerable. 19536 19537Several minor fixes are included in this release, most notably a fix 19538to clear the "you have new messages" flag properly for usernames 19539containing spaces when e-mail notification is enabled. 19540 19541See the changelog at the end of the release notes for a full list of 19542fixes. 19543 19544 19545== MediaWiki 1.5.3 == 19546 19547December 4, 2005 19548 19549MediaWiki 1.5.3 is a security and bugfix maintenance release. 19550 19551Validation of the user language option was broken by a code change in 19552May 2005, opening the possibility of remote code execution as this 19553parameter is used in forming a class name dynamically created with 19554eval(). 19555 19556The validation has been corrected in this version. All prior 1.5 release 19557and prelease versions are affected; 1.4 and earlier and not affected. 19558 19559Additionally several bugs have been fixed; see the changelog later in 19560this file for a complete list. 19561 19562 19563== MediaWiki 1.5.2 == 19564 19565November 2, 2005 19566 19567MediaWiki 1.5.2 is a bugfix maintenance release. 19568 19569A change in PHP 4.4.1 and PHP 5.1.0RC broke handling of extension and 19570<pre> sections, causing garbage data to be inserted in output and saved 19571edits. This version works around the change. 19572 19573Several other glitches with MySQL 5.0 and PHP 5.0.5 were also fixed; 19574see the change log below for a complete list. 19575 19576 19577== MediaWiki 1.5.1 == 19578 19579October 26, 2005 19580 19581MediaWiki 1.5.1 is a bugfix and security maintenance release, and is a 19582recommended upgrade for all installations. 19583 19584This release includes further corrections to the inline CSS style sanitation 19585which works around a JavaScript "feature" on Microsoft Internet Explorer. 19586Users of Microsoft Internet Explorer for Windows may be vulnerable to 19587XSS injections on prior versions; users of standards-compliant browsers 19588are not vulnerable. 19589 19590Major fixes include: 19591* Image pages work again with resizing disabled 19592* Works in MySQL 5.0 strict mode 19593 19594There is experimental support in this release for explicitly declaring 19595the UTF-8 charset in the database; this has been tested with MySQL 5.0.15 19596but should work on 4.1 as well. 19597 19598IMPORTANT: Changing this setting on an existing wiki may produce interesting 19599data corruption, depending on server configuration. Page contents should, 19600usually, be unaffected, but page titles and other items may be. Limitations 19601in MySQL's Unicode support mean that characters outside the BMP cannot be used 19602in page titles or various other fields when using this mode. 19603 19604Table definitions are in maintenance/mysql5/tables.sql, and the runtime 19605option to send 'SET NAMES utf8' is set by $wgDBmysql5 = true. 19606 19607(MySQL 3.23.x and 4.0.x do not support character set declarations; on these 19608versions MediaWiki simply works with UTF-8 data and MySQL is blissfully 19609unaware of it.) 19610 19611 19612 19613== MediaWiki 1.5.0 final == 19614 19615October 5, 2005 19616 19617MediaWiki 1.5.0 is the new stable release branch of MediaWiki, and is 19618recommended for all new installations. 19619 19620Any wikis running a 1.5 beta or release candidate are strongly recommended 19621to upgrade to the final release, which includes a number of bug fixes and 19622a security fix for CSS bugs in Microsoft Internet Explorer. 19623 19624IMPORTANT: Running a 1.3 or 1.4 wiki and don't want to jump to 1.5 yet? 19625Be sure to upgrade to 1.3.17 or 1.4.11, also released today. Versions 19626prior to 1.3.16 and 1.4.10 have a serious data corruption bug which is 19627triggered by a spambot known to operate in the wild. 19628 19629 19630=== What's new in 1.5? === 19631 19632Schema: 19633 The core table schema has changed significantly. This should make better 19634 use of the database's cache and disk I/O, and make significantly speed up 19635 rename and delete operations on pages with very long edit histories. 19636 19637 Unfortunately this does mean upgrading a wiki of size from 1.4 will require 19638 some downtime for the schema restructuring, but future storage backend 19639 changes should be able to integrate into the new system more easily. 19640 19641Permalinks: 19642 The current revision of a page now has a permanent 'oldid' number assigned 19643 immediately, and the id numbers are now preserved across deletion/undeletion. 19644 A permanent reference to the current revision of a page is now just a matter 19645 of going to the 'history' tab and copying the first link in the list. 19646 19647Page move log: 19648 Renames of pages are now recorded in Special:Log and the page history. 19649 A handy revert link is available from the log for sysops. 19650 19651Editing diff: 19652 Ever lost track of what you'd done so far during an edit? A 'Show diff' 19653 button on the edit page now makes it easy to remember. 19654 19655Uploads: 19656 It's now possible to specify the final filename of an upload distinct 19657 from the original filename on your disk. 19658 19659 An image link for a missing file will now take you straight to the upload 19660 page. 19661 19662 More metadata is pre-extracted from uploaded images, which will ease pressure 19663 on disk or NFS volumes used to store images. EXIF metadata is displayed on 19664 the image description page if PHP is configured with the necessary module. 19665 19666 If .svg files are added to the upload whitelist, you can choose to render 19667 them to rasterized .png images for inline display using one of several 19668 external helper programs. See DefaultSettings.php for SVG options. 19669 19670User accounts: 19671 There are some changes to the user permissions system, with assignable 19672 groups. Note that this does *not* allow you to make pages which are only 19673 accessible to certain groups. 19674 19675 For details see: https://www.mediawiki.org/wiki/Manual:User_rights 19676 19677E-mail: 19678 User-to-user e-mail can now be restricted to require a mail-back confirmation 19679 first to reduce potential for abuse with false addresses. 19680 19681 Updates to user talk pages and watchlist entries can optionally send e-mail 19682 notifications. 19683 19684External hooks: 19685 A somewhat experimental interface for hooking in an external editor 19686 application is included. 19687 19688And... 19689 A bunch of stuff we forgot to mention. 19690 19691 19692=== What's gone? === 19693 19694Latin-1: 19695 Wikis must now be encoded in Unicode UTF-8; this has been the default for 19696 some time, but some languages could optionally be installed in Latin-1 mode. 19697 This is no longer supported. 19698 19699 You can check if your current wiki is in Latin-1 mode by using your browser's 19700 "view source"; look for a line like this: 19701 19702 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 19703 19704 If it says charset=utf-8, you're ready. If it says charset=iso8859-1, 19705 you may need to convert your data. (English-language wikis avoiding 19706 any accented characters may be able to get away without conversion.) 19707 19708MySQL 3.x: 19709 Some optimization hacks for MySQL 3.x have been removed as part of the schema 19710 clean-up (specifically, the inverse_timestamp fields). 19711 19712 MediaWiki 1.5 may still run on 3.x, but wikis of non-trivial size should 19713 very seriously consider upgrading to a more modern release. MySQL 3.x support 19714 will probably be entirely dropped in the next major release. 19715 19716Special:Maintenance 19717 These tools were, ironically enough, not really maintained. This special 19718 page has been removed; insofar as some of its pieces were useful and haven't 19719 already been supplanted by other special pages they should be rewritten in 19720 an efficient and safe manner in the future. 19721 19722 19723=== Caveats === 19724 19725Upgrade: 19726 Wikis in Latin-1 encoding are no longer supported; only Unicode UTF-8. 19727 A new option $wgLegacyEncoding is provided to allow on-the-fly recoding of 19728 old page text entries, but other metadata fields (titles, comments etc) need 19729 to be pre-converted. The standard upgrade process does not yet fully automate 19730 this, but you can try the alternate partial-upgrader in upgrade1_5.php. 19731 19732 The upgrade from 1.4 to 1.5 schema has not been tested for all cases, so 19733 it's possible you may experience problems in some combinations. 19734 19735Backups: 19736 The text entries of deleted pages are no longer removed from the main 19737 text table on deletion. If you provide public backup dumps of your databases, 19738 you will probably want to use the new XML-format dump generator, available 19739 as maintenance/dumpBackup.php. 19740 19741 For more information on how we run our own public data dumps at Wikimedia, 19742 see http://meta.wikimedia.org/wiki/Data_dumps 19743 19744PostgreSQL: 19745 The table definitions for PostgreSQL install are out of date. PostgreSQL 19746 support may return in later releases, pending appropriate patches. 19747 19748MySQL 4.1+: 19749 Some users may encounter installation problems with MySQL 4.1 or higher 19750 due to strange charset encoding / collation configurations. Try setting 19751 to 'latin1' or 'utf8' if you encounter problems. 19752 19753 19754 19755== MediaWiki 1.5 release candidate 4 == 19756 19757August 29, 2005 19758 19759MediaWiki 1.5rc4 is a preview release of the new 1.5 release series. 19760It fixes compatibility with PHP 5.1, and corrects two cross-site scripting 19761security bugs: 19762 19763* <math> tags were handled incorrectly when TeX rendering support is off, 19764 as in the default configuration. 19765* Extension or <nowiki> sections in Wiki table syntax could bypass HTML 19766 style attribute restrictions for cross-site scripting attacks against 19767 Microsoft Internet Explorer 19768 19769Wikis where the optional math support has been *enabled* are not vulnerable 19770to the first, but are vulnerable to the second. 19771 19772 19773 19774== MediaWiki 1.5 release candidate 3 == 19775 19776August 24, 2005 19777 19778MediaWiki 1.5rc3 is a preview release of the new 1.5 release series. 19779It fixes several major problems in 1.5rc2: 19780 19781* Fixed a cross-site scripting injection in the search form 19782 (broken since 1.5beta1) 19783 19784* Fixed upgrades from 1.4 database schema 19785 (broken since 1.5rc2) 19786 197871.3 and 1.4 releases are not vulnerable to the XSS bug, but anyone 19788running an earlier 1.5 beta or release candidate should upgrade 19789immediately. 19790 19791 19792== MediaWiki 1.5 release candidate 2 == 19793 19794August 23, 2005 19795 19796MediaWiki 1.5rc2 is a preview release of the new 1.5 release series. 19797Numerous bug fixes since last beta, plus a security fix; see change 19798log below for full details. 19799 19800A flaw in the interaction between extensions and HTML attribute 19801sanitization was discovered which could allow unauthorized use 19802of offsite resources in style sheets, and possible exploitation 19803of a JavaScript injection feature on Microsoft Internet Explorer. 19804 19805This version expands the returned text and properly checks it 19806before output. 19807 19808A 1.5rc1 release was mistakenly made from the incorrect source code 19809branch; 1.5rc2 is identical to the actual 1.5rc1 in revision control 19810except for version number. 19811 19812 19813== MediaWiki 1.5 beta 4 == 19814 19815July 30, 2005 19816 19817MediaWiki 1.5 beta 4 is a preview release of the new 1.5 release series. 19818A number of bugs have been fixed since beta 3; see the full changelist below. 19819 19820 19821== MediaWiki 1.5 beta 3 == 19822 19823July 7, 2005 19824 19825MediaWiki 1.5 beta 3 is a preview release of the new 1.5 release 19826series, with a security update over beta 2. 19827 19828Incorrect escaping of a parameter in the page move template could 19829be used to inject JavaScript code by getting a victim to visit a 19830maliciously constructed URL. Users of vulnerable releases are 19831recommended to upgrade to this release. 19832 19833Vulnerable versions: 19834* 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3 19835* 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6 19836* 1.3 legacy series: not vulnerable 19837 19838This release also includes several bug fixes and localization updates. 19839See the changelog at the end of this file for a detailed list. 19840 19841 19842 19843== MediaWiki 1.5 beta 2 == 19844 19845July 5, 2005 19846 19847MediaWiki 1.5 beta 2 is a preview release of the new 1.5 release series. 19848While most exciting new bugs should have been ironed out at this point, 19849third-party wiki operators should probably not run this beta release 19850on a public site without closely following additional development. 19851 19852Anyone who _has_ been running beta 1 is very very strongly advised to 19853upgrade to beta 2, as it fixes many bugs from the previous beta including 19854a couple of HTML and SQL injections. 19855 19856This release should be followed by one or two release candidates and 19857a 1.5.0 final within the next few weeks. 19858 19859Beta upgraders, note there are some minor database changes. For upgrades 19860from 1.4, see the file UPGRADE for details on significant database and 19861configuration file changes. 19862 19863Beta 2 includes a preliminary command-line XML wiki dump importer tool, 19864maintenance/importDump.php, paired with maintenance/dumpBackup.php. 19865These use the same format as Special:Export and Special:Import, able 19866to package a wiki's entire page set independent of the backend database 19867and compression format. 19868 19869 19870== MediaWiki 1.5 beta 1 == 19871 19872June 26, 2005 19873 19874MediaWiki 1.5 beta 1 is a preview release, pretty much feature complete, 19875of the new 1.5 release series. There are several known and likely a number 19876of unknown bugs; it is not recommended to use this release in a production 19877environment but would be recommended for testing in mind of an upcoming 19878deployment. 19879 19880A number of significant changes have been made since the alpha releases, 19881including database changes and a reworking of the user permissions settings. 19882See the file UPGRADE for details of upgrading and changing your prior 19883configuration settings for the new system. 19884 19885 19886 19887== MediaWiki 1.5 alpha 2 == 19888 19889June 3, 2005 19890 19891MediaWiki 1.5 alpha 2 includes a lot of bug fixes, feature merges, 19892and a security update. 19893 19894Incorrect handling of page template inclusions made it possible to 19895inject JavaScript code into HTML attributes, which could lead to 19896cross-site scripting attacks on a publicly editable wiki. 19897 19898Vulnerable releases and fix: 19899* 1.5 prerelease: fixed in 1.5alpha2 19900* 1.4 stable series: fixed in 1.4.5 19901* 1.3 legacy series: fixed in 1.3.13 19902* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended 19903 19904 19905== MediaWiki 1.5 alpha 1 == 19906 19907May 3, 2005 19908 19909This is a testing preview release, being put out mainly to aid testers in 19910finding installation bugs and other major problems. It is strongly recommended 19911NOT to run a live production web site on this alpha release. 19912 19913** WARNING: USE OF THIS ALPHA RELEASE MAY INFEST YOUR HOUSE WITH ** 19914** TERMITES, ROT YOUR TEETH, GROW HAIR ON YOUR PALMS, AND PASTE ** 19915** INNUENDO INTO YOUR C.V. RIGHT BEFORE A JOB INTERVIEW! ** 19916** DON'T SAY WE DIDN'T WARN YOU, MAN. WE TOTALLY DID RIGHT HERE. ** 19917 19918 19919=== Smaller changes since 1.4 === 19920 19921Various bugfixes, small features, and a few experimental things: 19922 19923* 'live preview' reduces preview reload burden on supported browsers 19924* support for external editors for files and wiki pages: 19925 https://www.mediawiki.org/wiki/Manual:External_editors 19926* Schema reworking: 19927 https://www.mediawiki.org/wiki/Proposed_Database_Schema_Changes/October_2004 19928* (bug 15) Allow editors to view diff of their change before actually submitting 19929 an edit 19930* (bug 190) Hide your own edits on the watchlist 19931* (bug 510): Special:Randompage now works for other namespaces than NS_MAIN. 19932* (bug 1015) support for the full wikisyntax in <gallery> captions. 19933* (bug 1105) A "Destination filename" (save as) added to Special:Upload Upload. 19934* (bug 1352) Images on description pages now get thumbnailed regardless of 19935 whether the thumbnail is larger than the original. 19936* (bug 1662) A new magicword, {{CURRENTMONTHABBREV}} returns the abbreviation of 19937 the current month 19938* (bug 1668) 'Date format' supported for other languages than English, see: 19939 http://mail.wikipedia.org/pipermail/wikitech-l/2005-March/028364.html 19940* (bug 1739) A new magicword, {{REVISIONID}} give you the article or diff 19941 database revision id, useful for proper citation. 19942* (bug 1998) Updated the Russian translation. 19943* (bug 2064) Configurable JavaScript mimetype with $wgJsMimeType 19944* (bug 2084) Fixed a regular expression in includes/Title.php that was accepting 19945 invalid syntax like #REDIRECT [[foo] in redirects 19946* It's now possible to invert the namespace selection at Special:Allpages and 19947 Special:Contributions 19948* No longer using sorbs.net to check for open proxies by default. 19949* What was $wgDisableUploads is now $wgEnableUploads, and should be set to true 19950 if one wishes to enable uploads. 19951* Supplying a reason for a block is no longer mandatory 19952* Language conversion support for category pages 19953* $wgStyleSheetDirectory is no longer an alias for $wgStyleDirectory; 19954* Special:Movepage can now take parameters like Special:Movepage/Page_to_move 19955 (used to just be able to take parameters via a GET request like 19956 index.php?title=Special:Movepage&target=Page_to_move) 19957* (bug 2151) The delete summary now includes editor name, if only one has edited 19958 the article. 19959* (bug 2105) Fixed from argument to the PHP mail() function. A missing space 19960 could prevent sending mail with some versions of sendmail. 19961* (bug 2228) Updated the Slovak translation 19962* ...and more! 19963 19964 19965=== Changes since 1.5alpha1 === 19966 19967* (bug 73) Category sort key is set to file name when adding category to 19968 file description from upload page (previously it would be set to 19969 "Special:Upload", causing problems with category paging) 19970* (bug 419) The contents of the navigation toolbar are now editable through 19971 the MediaWiki namespace on the MediaWiki:navbar page. 19972* (bug 498) The Views heading in MonoBook.php is now localizable 19973* (bug 898) The wiki can now do advanced sanity check on uploaded files 19974 including virus checks using external programs. 19975* (bug 1692) Fix margin on unwatch tab 19976* (bug 1906) Generalize project namespace for Latin localization, update 19977 namespaces 19978* (bug 1975) The name for Limburgish (li) changed from "Lèmburgs" to "Limburgs 19979* (bug 2019) Wrapped the output of Special:Version in <div dir='ltr'> in order 19980 to preserve the correct flow of text on RTL wikis. 19981* (bug 2067) Fixed crash on empty quoted HTML attribute 19982* (bug 2075) Corrected namespace definitions in Tamil localization 19983* (bug 2079) Removed links to Special:Maintenance from movepagetext message 19984* (bug 2094) Multiple use of a template produced wrong results in some cases 19985* (bug 2095) Triple-closing-bracket thing partly fixed 19986* (bug 2110) "noarticletext" should not display on Image page for "sharedupload" 19987 media 19988* (bug 2150) Fix tab indexes on edit form 19989* (bug 2152) Add missing bgcolor to attribute whitelist for <td> and <th> 19990* (bug 2176) Section edit 'show changes' button works correctly now 19991* (bug 2178) Use temp dir from environment in parser tests 19992* (bug 2217) Negative ISO years were incorrectly converted to BC notation 19993* (bug 2234) allow special chars in database passwords during install 19994* Deprecated the {{msg:template}} syntax for referring to templates, {{msg: is 19995 now the wikisyntax representation of wfMsgForContent() 19996* Fix for reading incorrectly re-gzipped HistoryBlob entries 19997* HistoryBlobStub: the last-used HistoryBlob is kept open to speed up 19998 multiple-revision pulls 19999* Add $wgLegacySchemaConversion update-time option to reduce amount of 20000 copying during the schema upgrade: creates HistoryBlobCurStub reference 20001 records in text instead of copying all the cur_text fields. Requires 20002 that the cur table be left in place until/unless such fields are migrated 20003 into the main text store. 20004* Special:Export now includes page, revision, and user id numbers by 20005 default (previously this was disabled for no particular reason) 20006* dumpBackup.php can dump the full database to Export XML, with current 20007 revisions only or complete histories. 20008* The group table was renamed to groups because "group" is a reserved word in 20009 SQL which caused some inconveniances. 20010* New fileicons for c, cpp, deb, dvi, exe, h, html, iso, java, mid, mov, o, 20011 ogg, pdf, ps, rm, rpm, tar, tex, ttf and txt files based on the KDE 20012 crystalsvg theme. 20013* Fixed a bug in Special:Newimages that made it impossible to search for '0' 20014* Added language variant support for Icelandic, now supports "Íslenzka" 20015* The #p-nav id in MonoBook is now #p-navigation 20016* Putting $4 in msg:userstatstext will now give the percentage of 20017 admnistrators out of normal users. 20018* links and brokenlinks tables merged to pagelinks; this will reduce pain 20019 dealing with moves and deletes of widely-linked pages. 20020* Add validate table and val_ip column through the updater. 20021* Simple rate limiter for edits and page moves; set $wgRateLimits 20022 (somewhat experimental; currently needs memcached) 20023* (bug 2262) Hide math preferences when TeX is not enabled 20024* (bug 2267) Don't generate thumbnail at the same size as the source image. 20025* Fix rebuildtextindex.inc for new schema 20026* Remove linkscc table code, no longer used. 20027* (bug 2271) Use faster text-only link replacement in image alt text 20028 instead of rerunning expensive link lookup and HTML generation. 20029* Only build the HTML attribute whitelist tree once. 20030* Replace wfMungeToUtf8 and do_html_entity_decode with a single function 20031 that does both numeric and named chars: Sanitizer::decodeCharReferences 20032* Removed some obsolete UTF-8 converter functions 20033* Fix function comment in debug dump of SQL statements 20034* (bug 2275) Update search index more or less right on page move 20035* (bug 2053) Move comment whitespace trimming from edit page to save; 20036 leaves the whitespace from the section comment there on preview. 20037* (bug 2274) Respect stub threshold in category page list 20038* (bug 2173) Fatal error when removing an article with an empty title from the 20039 watchlist 20040* Removed -f parameter from mail() usage, likely to cause failures and bounces. 20041* (bug 2130) Fixed interwiki links with fragments 20042* (bug 684) Accept an attribute parameter array on parser hook tags 20043* (bug 814) Integrate AuthPlugin changes to support Ryan Lane's external 20044 LDAP authentication plugin 20045* (bug 2034) Armor HTML attributes against template inclusion and links munging 20046 20047=== Changes since 1.5alpha2 === 20048 20049* (bug 2319) Fix parse hook tag matching 20050* (bug 2329) Fix title formatting in several special pages 20051* (bug 2223) Add unique index on user_name field to prevent duplicate accounts 20052* (bug 1976) fix shared user database with a table prefix set 20053* (bug 2334) Accept null for attribs in wfElement without PHP warning 20054* (bug 2309) Allow templates and template parameters in HTML attribute zone, 20055 with proper validation checks. (regression from fix for 2304) 20056* Disallow close tags and enforce empty tags for <hr> and <br> 20057* Changed user_groups format quite a bit. 20058* (bug 2368) Avoid fatally breaking PHP 4.1.2 in a debug line 20059* (bug 2367) Insert correct redirect link record on page move 20060* (bug 2372) Fix rendering of empty-title inline interwiki links 20061* (bug 2384) Fix typo in regex for IP address checking 20062* (bug 650) Prominently link MySQL 4.1 help page in installer if a possible 20063 version conflict is detected 20064* (bug 2394) Undo incompatible breakage to {{msg:}} compatibility includes 20065* (bug 1322) Use a shorter cl_sortkey field to avoid breaking on MySQL 4.1 20066 when the default charset is set to utf8 20067* (bug 2400) don't send confirmation mail on account creation if 20068 $wgEmailAuthentication is false. 20069* (bug 2172) Fix problem with nowiki beeing replaced by marker strings 20070 when a template with a gallery was used. 20071* Guard Special:Userrights against form submission forgery 20072* (bug 2408) page_is_new was inverted (whoops!) 20073* Added wfMsgHtml() function for escaping messages and leaving params intact 20074* Fix ordering of Special:Listusers; fix groups list so it shows all groups 20075 when searching for a specific group and can't be split across pages 20076* (bug 1702) Display a handy upload link instead of a useless blank link 20077 for [[media:]] links to nonexistent files. 20078* (bug 873) Fix usage of createaccount permission; replaces $wgWhitelistAccount 20079* (bug 1805) Initialise $wgContLang before $wgUser 20080* (bug 2277) Added Friulian language file 20081* (bug 2457) The "Special page" href now links to the current special page 20082 rather than to "". 20083* (bug 1120) Updated the Czech translation 20084* A new magic word, {{SCRIPTPATH}}, returns $wgScriptPath 20085* A new magic word, {{SERVERNAME}}, returns $wgServerName 20086* A new magic word, {{NUMBEROFFILES}}, returns the number of rows in the image 20087 table 20088* Special:Imagelist displays titles with " " instead of "_" 20089* Less gratuitous munging of content sample in delete summary 20090* badaccess/badaccesstext to supercede sysop*, developer* messages 20091* Changed $wgGroupPermissions to more cut-n-paste-friendly format 20092* 'developer' group deprecated by default 20093* Special:Upload now uses 'upload' permission instead of hardcoding login check 20094* Add 'importupload' permission to disable direct uploads to Special:Import 20095* (bug 2459) Correct escaping in Special:Log prev/next links 20096* (bug 2462 etc) Taking out the experimental dash conversion; it broke too many 20097 things for the current parser to handle cleanly 20098* (bug 2467) Added a Turkish language file 20099* Fixed a bug in Special:Contributions that caused the namespace selection to 20100 be forgotten between submits 20101* Special:Watchlist/edit now has namespace subheadings 20102* (bug 1714) the "Save page" button now has right margin to separate it from 20103 "Show preview" and "Show changes" 20104* Special:Statistics now supports action=raw, useful for bots designed to 20105 harwest e.g. article counts from multiple wikis. 20106* The copyright confirmation box at Special:Upload is now turned off by default 20107 and can be turned back on by setting $wgCopyrightAffirmation to a true value. 20108* Restored prior text for password reminder button and e-mail, replacing 20109 the factually inaccurate text that was there. 20110* (bug 2178) Fix temp dir check again 20111* (bug 2488) Format 'deletedtext' message as wikitext 20112* (bug 750) Keep line endings consistent in LocalSettings.php 20113* (bug 1577) Add 'printable version' tab in MonoBook for people who don't 20114 realize you can just hit print to get a nicely formatted printable page. 20115* Trim whitespace from option values to weather line-ending corruption problems 20116* Fixed a typo in the Romanian language file (NS_MESIA => NS_MEDIA) 20117* (bug 2504) Updated the Finnish translation 20118* (bug 2506, 2512) Updated the Nynorsk translation 20119* (bug 996) Replace $wgWhitelistEdit with 'edit' permission; fixup UPGRADE 20120 documentation about edit and read whitelists. 20121* (bug 2515) Fix incremental link table update 20122* Removed some wikipedia-specifica from LanguageXx.php's 20123* (bug 2496) Allow MediaWiki:edithelppage to point to external page 20124* Added a versionRequired() function to OutputPage, useful for extension 20125 writers that want to control what version of MediaWiki their extension 20126 can be used with. 20127* Serialized user objects now checked for versioning 20128* Fix for interwiki link regression 20129* Printable link shorter in monobook 20130* Experimental Latin-1-and-replication-friendly upgrader script 20131* (bug 2520) Don't show enotif options when disabled 20132 20133== Changes since 1.5beta1 == 20134 20135* (bug 2531) Changed the interwiki name for sh (Serbocroatian) to 20136 Srpskohrvatski/Српскохрватски (was Српскохрватски (Srbskohrvatski)) 20137* Nonzero return code for command-line scripts on wfDebugDieBacktrace() 20138* Conversion fix for empty old table in upgrade1_5.php 20139* Try reading revisions from master if no result on slave 20140* (bug 2538) Suppress notice on user serialized checks 20141* Fix paging on Special:Contributions 20142* (bug 2541) Fix unprotect tab 20143* (bug 1242) category list now show on edit page 20144* Skip sidebar entries where link text is '-' 20145* Convert non-UTF-8 URL parameters even if referer is local 20146* (bug 2460) <img> width & height properly filled when resizing image 20147* (bug 2273) deletion log comment used user interface language 20148* Try reading revision _text_ from master if no result on slave 20149* Use content-language message cache for raw view of message pages 20150* (bug 2530) Not displaying talk pages on Special:Watchlist/edit 20151* Fixed a bug that would occour if $wgCapitalLinks was set to false, a user 20152 agent could create a username that began with a lower case letter that was 20153 not in the ASCII character set ( now user $wgContLang->ucfirst() instead of 20154 PHP ucfirst() ) 20155* Moved the user name / password validity checking from 20156 LoginForm::addNewAccountInternal() to two new functions, 20157 User::isValidUserName() and User::isValidPassword(), extensions can now do 20158 these checks without rewriting code. 20159* Fix $wgSiteNotice when MediaWiki:Sitenotice is set to default '-' 20160* Fixed a bug where the watchlist count without talk pages would be off by a 20161 factor of two. 20162* upgrade1_5.php uses insert ignore, allows to skip image info initialization 20163* Fix namespaces in category list. 20164* Add rebuildImages.php to update image metadata fields 20165* Special:Ancientpages is expensive in new schema for now 20166* (bug 2568) Fixed a logic error in the Special:Statistics code which caused 20167 the displayed percentage of admins to be totally off. 20168* (bug 2560) Don't show blank width/height attributes for missing size 20169* Don't show bogus messages about watchlist notifications when disabled 20170* Don't show old debug messages in watchlist 20171* (bug 2576) Fix recording of transclusion links 20172* (bug 2577) Allow sysops to enter non-standard block times 20173* Fixed a bug where Special:Contributions wouldn't remember the 'invert' 20174 status between next/previous buttons. 20175* Move MonoBook printable link from tab to sidebar 20176* (bug 2567) Fix HTML escaping on category titles in list 20177* (bug 2562) Show rollback link for current revisions on diff pages 20178* (bug 2583) Add --missinig option on rebuildImages.php to add db entries 20179 for uploaded files that don't have them 20180* (bug 2572) Fix edit conflict handling 20181* (bug 2595) Show "Earlier" and "Latest" links on history go to the first/last 20182 page in the article history pager. 20183* Don't show empty-page text in 'Show changes' on new page 20184* (bug 2591) Check for end, fix limits on Whatlinkshere 20185* (bug 2584) Fix output of subcategory list 20186* (bug 2597) Don't crash when undeleting an image description page 20187* (bug 2564) Don't show "editingold" warning for recent revision 20188* Various code cleanup and HTML escaping fixlets 20189* Copy IRC-over-UDP update option from REL1_4 20190* (bug 2548) Keep summary on 'show changes' of section edit 20191* Move center on toc to title part to avoid breaking .toc style usage 20192* HTML sanitizer: correct multiple attributes by keeping last, not first 20193* (bug 2614) Fix section edit links on diff-to-current with oldid set 20194 Also fix navigation links on current-with-oldid view. 20195* (bug 2620) Return to prior behavior for some more things (such as 20196 subpage parent links) on current-diff view. 20197* (bug 2618) Fix regression from another fix; show initial preview for 20198 categories only if the page does not exist. 20199* (bug 2625) Keep group & user settings when paging in Listusers 20200* (bug 2627) Fix regression: diff radio button initial selection 20201* Copy fix for old search URLs with Lucene search plugin from REL1_4 20202* (bug 619) Don't use incompatible diff3 executable on non-Linux systems. 20203* (bug 2631) Fix Hebrew namespaces. 20204* (bug 2630) Indicate no-longer-valid cached entries in BrokenRedirects list 20205* (bug 2644, 2645) "cur" diff links in page history, watchlist and 20206 recentchanges should specify current ID explicitly. 20207* (bug 2609) Fix text justification preferenced with MonoBook skin. 20208* (bug 2594) Display article tab as red for non-existent articles. 20209* (bug 2656) Fix regression: prevent blocked users from reverting images 20210* (bug 2629) Automatically capitalize usernames again instead of 20211 rejecting lowercase with a useless error message 20212* (bug 2661) Fix link generation in contribs 20213* Add support for &preload=Page_name (load text of an existing page into 20214edit area) and &editintro=Page_name (load text of an existing page instead 20215of MediaWiki:Newpagetext) to &action=edit, if page is new. 20216* (bugs 2633, 2672, 2685, 2695) Fix Estonian, Portuguese, Italian, Finnish and 20217 Spanish numeric formatting 20218* Fixed Swedish numeric formatting 20219* (bug 2658) Fix signature time, localtime to match timezone offset again 20220* Files from shared repositories (e.g. commons) now display with their 20221 image description pages when viewed on local wikis. 20222* Restore compatibility namespace aliases for French Wikipedia 20223* Fix diff order on Enhanced RC 'changes' link 20224* (bug 2650) Fix national date type display on wikis that don't support 20225 dynamic date conversion. 20226* FiveUpgrade: large table hacks, install iw_trans update before links 20227* (bug 2648) Rename namespaces in Afrikaanse 20228* Special:Booksources checks if custom list page exists before using it 20229* (bug 1170) Fixed linktrail for da: and ru: 20230* (bug 2683) Really fix apostrophe escaping for toolbox tips 20231* (bug 923) Fix title and subtitle for rclinked special page 20232* (bug 2642) watchdetails message in several languages used <a></a> instead of 20233 [ ] 20234* (bug 2181) basic CSB language localisation by Tomasz G. Sienicki (thanks for 20235 the patch) 20236* Fix correct use of escaping in edit toolbar bits 20237* Removed language conversion support from Icelandic 20238* (bug 2616) Fix proportional image scaling, giving correct height 20239* (bug 2640) Include width and height attributes on unscaled images 20240* Workaround for mysterious problem with bogus epoch If-Last-Modified reqs 20241* (bug 1109) Suppress compressed output on 304 responses 20242* (bug 2674) Include some site configuration info in export data: 20243 namespaces definitions, case-sensitivity, site name, version. 20244* Use xml:space="preserve" hint on export <text> elements 20245* Make language variant selection work again for zh 20246 20247== Changes since 1.5beta2 == 20248 20249* Escaped & correctly in Special:Contributions 20250* (bug 2534) Hide edit sections with CSS to make right click to edit section 20251 work 20252* (bug 2708) Avoid undefined notice on cookieless login attempt 20253* (bug 2188) Correct template namespace for Greek localization 20254* Fixed number formatting for Dutch 20255* (bug 1355) add class noprint to commonPrint.css 20256* (bug 2350) Massive update for Limburgish (li) language using Wikipédia 20257* Massive update for Arab (ar) language using Wikipédia 20258* (bug 1560) Massive update for Kurdish (ku) language using Wikipédia 20259* (bug 2709) Some messages were not read from database 20260* (bug 2416) Don't allow search engine robots to index or follow nonexisting 20261 articles 20262* Fix escaping in page move template. 20263* (bug 153) Discrepancy between thumbnail size and <img> height attribute 20264 20265== Changes since 1.5beta3 == 20266 20267* Fix talk page move handling 20268* (bug 2721) New language file for Vietnamese with the Vietnamese number 20269 notation 20270* (bug 2749) would appear as a literal in image galleries for Cs, Fr, 20271 Fur, Pl and Sv 20272* (bug 787) external links being rendered when they only have one slash 20273* Fixed a missing typecast in Language::dateFormat() that would cause some 20274 interesting errors with signitures. 20275* (bug 2764) Number format for Nds 20276* (bug 1553) Stop forcing lowercase in Monobook skin for German language. 20277* (bug 1064) Implements Special:Unusedcategories 20278* (bug 2311) New language file for Macedonian 20279* Fix nohistory message on empty page history 20280* Fix fatal error in history when validation on 20281* Cleaned up email notification message formatting 20282* Finally fixed Special:Disambiguations that was broke since SCHEMA_WORK 20283* (bug 2761) fix capitalization of "i" in Turkish 20284* (bug 2789) memcached image metadata now cleared after deletion 20285* Add serialized version number to image metadata cache records 20286* (bug 2780) Fix thumbnail generation with GD for new image schema 20287* (bug 2791) Slovene numeric format 20288* (bug 655) Provide empty search form when searching for nothing 20289* Nynorsk numeric format fix 20290* (bug 2825) Fix regression in newtalk notifications for anons w/ enotif off 20291* (bug 2833) Fix bug in previous fix 20292* With $wgCapitalLinks off, accept off-by-first-letter-case in 'go' match 20293* Optional parameters for [[Special:Listusers]] 20294* (bug 2832) [[Special:Listadmins]] redirects to [[Special:Listusers/sysop]] 20295* (bug 785) Parser did not get out of <pre> with list elements 20296* Some shared upload fixes 20297* (bug 2768) section=new on nonexistent talk page does not add heading 20298* support preload= parameter for section=new 20299* show comment subject in preview when using section=new 20300* use comment form when creating a new talk page 20301* (bug 460) Properly handle <center> tags as a block. 20302* Undo inconsistent editing behavior change 20303* (bug 2835) Back out fix for bug 2802, caused regressions in category sort 20304* PHP 4.1.2 compatibility fix: define floatval() equivalent if missing 20305* (bug 2901) Number format for Catalan 20306* Special:Allpages performance hacks: index memcached caching, removed 20307 inverse checkbox, use friendlier relative offsets in index build 20308* Bring back "Chick" skin for mobile devices. It needs testing. 20309* Fix spelling of $wgForwardSearchUrl in DefaultSettings.php 20310* Specify USE INDEX on Allpages chunk queries, sometimes gets lost 20311 due to bogus optimization 20312* (bug 275) Section duplication fix 20313* Remove unused use of undefined variable in UserMailer 20314* Fix notice on search index update due to non-array 20315* (bug 2885) Fix fatal errors and notices in PHP 5.1.0beta3 20316* (bug 2931) Fix additional notices on reference use in PHP 4.4.0 20317* (bug 2774) Add three new $wgHooks to LogPage which enable extensions to add 20318 their own logtypes, see extensions/Renameuser/SpecialRenameuser.php for an 20319 example of this. 20320* (bug 740) Messages from extensions now appear in Special:Allmessages 20321* (bug 2857) fixed parsing of lists in <pre> sections 20322* (bug 796) Trackback support 20323* Fix 1.5 regression: weird, backwards diff links on new pages in enhanced RC 20324 are now suppressed as before. 20325* New skin: Simple 20326* "uselang" and "useskin" URL parameters can now be used in the URL when 20327 viewing a page, to change the language and skin of a page respectively. 20328* Skins can now be previewed in preferences 20329* (bug 2943) AuthPlugin::getCanonicalName() name canonicalization hook, 20330 patch from robla 20331* Wrap revision insert & page update in a transaction, rollback on late 20332 edit conflict. 20333* (bug 2953) 'other' didn't work in Special:Blockip when localized 20334* (bug 2958) Rollback and delete auto-summary should be in the project's 20335 content language 20336* Removed useless protectreason message 20337* Spelling fix: $wgUrlProtcols -> $wgUrlProtocols 20338* Switch Moldovan local name to cyrillic 20339* Fix typo in undefined array index access prevention 20340* (bug 2947) Update namespaces for sr localization 20341* (bug 2952) Added Asturian language file with translated namespaces 20342* (bug 2676) Apply a protective transformation on editing input/output 20343 for browsers that hit the Unicode blacklist. Patch by plugwash. 20344* (bug 2999) Fix encoding conversion of pl_title in upgrade1_5.php 20345* compressOld.php disabled, as it's known to be broken. 20346 20347 20348=== Changes since 1.5beta4 === 20349 20350* Fix Special:Allmessages under PHP 5 20351* (bug 2911) Special:Watchlist allowed only one type of limit at a time 20352* (bug 693) Special:Allmessages is excessively wide and redundant 20353* (bug 3001) Updated and applied live hack for recentchanges-based watchlist 20354* (bug 145) Finish 'exclude redirect' implementation in search form 20355* Rearranged Special:Movepage form to reduce confusion between destination 20356 title and reason input boxes 20357* (bug 2527) Always set destination filename when new file is selected 20358* (bug 3056) MySQL 3 compatibility fix: USE INDEX instead of FORCE INDEX 20359* PHP 4.1 compatibility fix: don't use new_link parameter to mysql_connect 20360 if running prior to 4.2.0 as it causes the call to fail 20361* (bug 3117) Fix display of upload size and type with tidy on 20362* (bug 1487) invalid html on empty list in banlist 20363* (bug 3017) Hotkey conflict for delete and show changes 20364* made pixel unit translateable and blocklistline now eats infiniteblock 20365 and expiringblock 20366* (bug 3092) Wrong numerical separator for big numbers in Serbian. 20367* (bug 2855) Credit for a uniq author showed its realname even with 20368 $wgAllowRealName=false. 20369* New special page: SpecialMostlinked 20370* (bug 2393) Fix MIME type for Atom feeds ( application/rss+atom ) 20371* Fix display of read-only lockfile message 20372* Added a new hook, 'AddNewAccount', which is run after account creation 20373* Update all stats fields on recount.sql 20374* Include software-visible client IP address in Special:Version comment 20375 as a proxy debugging aid 20376* (bug 3162) Fix 'undefined property page_is_new' error on watchlist 20377* (bug 1734) granting db permissions failed with db usernames containg '-' 20378* (bug 3170) wikititlesuffix was removed, use pagetitle instead 20379* (bug 3187) watchlist text refer to unexistent "Stop watching" action 20380* (bug 3190) Added some date format choices for language sr 20381* (bug 1334) LanguageGa.php update 20382* (bug 1020) Changing user interface language does not work immediately 20383* (bug 2753) Some namespaces were not translated in LanguageTa.php (Tamil) 20384* (bug 3204) Fix typo breaking special pages in fy localization 20385* (bug 3210) Fix Media: links with remote image URL path 20386* (bug 3220) Fix escaping of block URLs in Recentchanges 20387* (bug 3238): Updated LanguageNn.php for 1_5 branch 20388* (bug 3192): properly check 'limit' parameter on Special:Contributions 20389* (bug 3244) Fix remote image loading hack, JavaScript injection on MSIE 20390* Fix URL sanitization in HTML attributes, which broke in this branch 20391* (bug 3475) anon contrib links on Special:Newpages 20392 20393 20394=== Changes since 1.5rc2 === 20395 20396* Fix upgrade from 1.4 due to version number check breakage 20397* Fix upgrade from 1.4 with no old revisions 20398* (bug 2108) Sort entries when using category browser 20399* XSS issue : now sanitize search query input 20400 20401 20402=== Changes since 1.5rc3 === 20403 20404* (bug 3280) Respect 'move' group permission on page moves 20405* (bug 2885) More PHP 5.1 fixes: skin, search, log, undelete 20406* Security fix for <math> 20407* Security fix for tables 20408 20409 20410=== Changes since 1.5rc4 === 20411 20412* (bug 3292) Fix move-over-redirect test when current entries are not plaintext 20413* (bug 2078) Don't hide watch tab on preview 20414* (bug 3306) Document $wgLocalTZoffset 20415* Support SVG rendering with rsvg 20416* Cap arbitrary SVG renders to given image size or $wgSVGMaxSize pixels wide 20417* (bug 3127) Render large SVGs at image page size correctly 20418* (bug 3448) Set page_len on undelete 20419* (bug 2800) Don't scale up small iamges on |thumb| without explicit size 20420* Use the real file link instead of the default-size rasterized version for 20421 large SVG images on image description page 20422* Include the file name/type/size line for non-resized images 20423* (bug 3412) Clean up date format handling so ~~~~-sigs work with default 20424 format as designed. Documentation comments updated. 20425* (bug 1423) LanguageJa.php update 20426* (bug 3405) Don't use raw letters as aliases of MSGNW: and SUBST: 20427* (bug 3485) Fix bogus warning about filename capitalization when off 20428* (bug 2792) Update rebuildrecentchanges.inc for new schema 20429* Special:Import/importDump fixes: report XML parse errors, accept <minor/> 20430* (bug 3489) PHP 5.1 compat problem with captioned images 20431* (bug 3350) Missing label for move talk page checkbox. 20432* (bug 2570) Add 'watch this page' checkbox on uploads, watch uploads 20433 by default when 'watchdefault' option is on 20434* (bug 3182) Clear link cache during import to prevent memory leak 20435* (bug 3573) Full Greek Translation 20436* (bug 3595) Warn and abort if importDump.php called in read-only mode. 20437* (bug 3598) Update message cache on message page deletion, patch by Tietew 20438* Blacklist additional MSIE CSS safety tricks 20439 20440 20441=== Changes since 1.5.0 === 20442 20443* (bug 3629) Fix date & time format for Frisian 20444* (bug 3641) Fix handling of unrecognized file uploads with known extensions 20445* (bug 3643) Fix image page display of large images with resizing disabled 20446* Fix meta robots tag on Special:Version again to avoid listing vulnerable 20447 versions for convenient harvesting by automated worms 20448* (bug 3684) Fix typo in fatal error backtraces in Hooks.php 20449* Backport fix for reference usage notice in Special:Search on PHP 4.4.0 20450* Backport database connect error display fix from HEAD 20451* (bug 2773) Print style sheet no longer overrides RTL text direction 20452* MonoBook skin top link id changed from "contentTop" to "top" (shared with 20453 name attribute) 20454* Wrap message page insertions in a transaction to speed up installation 20455* Fix Special:MovePage invalid HTML attribute for reason textarea 20456* Avoid notice warning on edit with no User-Agent header 20457* (bug 3734) Swapped out obsolete recount.sql with initStats.php 20458* (bug 3735) Fix to run under MySQL 5's strict mode 20459* (bug 3786) Experimental support for MySQL 4.1/5.0 utf8 charset mode 20460 NOTE: Enabling this may break existing wikis, and still doesn't 20461 work for all Unicode characters due to MySQL limitations. 20462* Sanitizer CSS comment processing order fix 20463 20464 20465=== Changes since 1.5.1 === 20466 20467* Fix Special:BrokenRedirects on MySQL 5.0 20468* (bug 3809) Backport fix for detecting diff3 failure 20469* MySQL 5.0 strict mode fix for moving unwatched pages 20470* (bug 3782) Throw fatal installation warning if mbstring.func_overload on. 20471 Why do people invent these crazy options that change language semantics? 20472* (bug 3762) Define missing Special:Import UI messages 20473* (bug 3771) Handle internal functions in backtrace in wfAbruptExit() 20474* (bug 3649) Remove obsolete, broken moveCustomMessages script 20475* (bug 3667) Add missing global in page move code 20476* (bug 3761) Avoid deprecation warnings in Special:Import 20477* (bug 2885) Remove unnecessary reference parameter which broke classic skin 20478 talk notification on PHP 5.0.5 20479* (bug 3845) Update attribute.php for 1.5 schema 20480* Fix Parser::unstrip on PHP 4.4.1 and PHP 5.1.0RC4 20481 20482 20483=== Changes since 1.5.2 === 20484 20485* (bug 3612) Remove old broken version of maintenance/compressOld.php 20486 The working version is in maintenance/storage/compressOld.php 20487* (bug 2740) Accept image deletions on 'enter' submit from MSIE 20488* (bug 3933) specify XML namespace for Atom 0.3 feeds 20489* (bug 3939) Don't try to load text for interwiki redirect target 20490* (bug 3948) Avoid notice warning in debug statement in bad search 20491* Recognize Special:Search consistently so read whitelist works 20492* (bug 4013) typo in fr 20493* (bug 3996) Fix text for new entries in RC RSS/Atom feed 20494* (bug 2894) Enhanced Recent Changes link fixes 20495* (bug 3065) Update both watched namespaces when renaming pages 20496* Move parentheses out of <a> link in Special:Contributions 20497* (bug 4071) Generate passwords long enough for $wgMinimalPasswordLength 20498* (bug 4035) Fix prev/next revision links on edit page 20499* (bug 4165) Correct validation for user language selection (data taint) 20500* Clearer message in DefaultSettings.php: edit LocalSettings.php instead 20501 20502 20503=== Changes since 1.5.3 === 20504 20505* (bug 3805) Clear 'new messages' flag properly in enotif mode 20506 for usernames containing spaces 20507* (bug 2714) Backlink from special:whatlinkshere was hard set as 'existing' 20508* (bug 4249) Typo in entities2literals.pl 20509* (bug 4233) Update for japanese language 20510* (bug 4279) Small correction to LanguageDa.php 20511* (bug 4267) Switch dv sd ug ks arc languages to RTL 20512* (bug 3991) Allow the operation of wikicode on Protect move only text 20513* Added AutoAuthenticate hook for external User object suppliers 20514* Parser internal placeholder string now fully randomized for safety 20515 20516=== Changes since 1.5.4 === 20517 20518* Maintenance script to delete unused user accounts 20519* Added detection for WMF files (application/x-msmetafile), added this 20520 MIME type to the default blacklist. Prevented inline display of images 20521 which are not of known image types. This is in response to 20522 http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability 20523 20524=== Changes since 1.5.5 === 20525 20526* (bug 4258) When installing under IIS, $wgArticlePath = "$wgScript?title=$1" 20527 should be set 20528* (bug 4510) Correct Barnes & Noble bookstore URLs 20529* (bug 4504) Use site language for namespace name resolution 20530* Installer fixes from HEAD backported; now uses a more sensible method of 20531 establishing which mySQL user to use, which clears up bug 921 et al. Minor 20532 changes to installer. 20533* Fix problem reported on mailing list where re-initialising stats didn't work 20534 (can't insert duplicate rows with the same id field) 20535* (bug 1122) gray out 'older revision' when viewing first article revision. 20536* Respect database prefix in dumpHTML.inc 20537* Minor improvements to removeUnusedAccounts.php maintenance script 20538* Fix for single-digit week numbers from {{CURRENTWEEK}}, broken by PHP 4.4.1 20539* Removed read-only check from Database::query() 20540* Added --conf option to command line scripts, allowing the user to specify a 20541 different LocalSettings.php. 20542 20543=== Changes since 1.5.6 === 20544 20545* Default main page content improved per bug 4690 20546* Fix dependence on hardcoded UNIQ_PREFIX in LanguageConverter.php 20547* Fixed Special:Unlockdb 20548* Maintenance script to delete unused text records 20549* Maintenance script to delete non-current revisions 20550* Maintenance script to wipe a page and all revisions from the database 20551* (bug 4768) Wrong Russian translation (typo) 20552* Performance bugfix: propagate equality manually for Revision fetches 20553* (bug 4773) PHP fatal error when invalid title passed to Special:Export 20554* Added missing table defs. for transcache to installer schemas 20555* (bug 4824) IE7 beta 2 broke compatibility with PNG logo workarounds, 20556 and seems to work ok with other bits. No longer including the IE 20557 workarounds JavaScript for IE 7 and above. 20558* (bug 2532) Image directory structure migration bug 20559* (bug 4881) Correction to the fix for 1487; Ipblocklist showed 'no blocks' 20560 message at the end of the list even if there were blocks. 20561* (bug 4805) Removed more wikipedia-references from LanguageUk.php 20562* Introduce $wgWantedPagesThreshold per bug 5011; Special:Wantedpages will not 20563 list pages with less than this number of links. Defaults to 1. 20564* Allow customisation of paging limits for items in categories using the 20565 $wgCategoryPagingLimit global, per bug 4970. 20566* Improve "nogomatch" text to make it more obvious that a page can be created. 20567* (bug 5113) Spelling error in French language file 20568* Don't change the password of the MySQL root user. 20569 20570=== Changes since 1.5.7 === 20571 20572* (bug 5180) User login page shows inappropriate email blurb 20573* Add the "AbortNewAccount" hook on account creation; see hooks.txt for more 20574 info. 20575* Update default "exporttext" to reflect that Special:Import exists 20576* Add links to useful material to the default main page content 20577* Fix fragment HTML injection 20578 20579=== Changes since 1.5.8 === 20580 20581* Fixed obvious mistakes in Finnish (fi) translation 20582* Fixed obvious mistakes in Kurdish (ku) translation 20583* Merge two #p-search .pBody statements i monobook/main.css 20584* (bug 5156) Update for Hebrew language (he) translation 20585* Add the "UserRights" hook on user group changes; see hooks.txt for more info. 20586* Translated "listingcontinuesabbrev" for German 20587 20588=== Caveats === 20589 20590Some output, particularly involving user-supplied inline HTML, may not 20591produce 100% valid or well-formed XHTML output. Testers are welcome to 20592set $wgMimeType = "application/xhtml+xml"; to test for remaining problem 20593cases, but this is not recommended on live sites. (This must be set for 20594MathML to display properly in Mozilla.) 20595 20596= MediaWiki 1.4 = 20597 20598== MediaWiki 1.4.15 == 20599 20600(released March 26, 2006) MediaWiki 1.4.15 is a security maintenance release. A 20601bug in decoding of certain encoded links could allow injection of raw HTML into 20602page output; this could potentially lead to XSS attacks. Additionally, this 20603release may display more correctly in IE7 betas. 20604 20605== MediaWiki 1.4.14 == 20606(released January 19, 2006) MediaWiki 1.4.14 is a security and bugfix 20607maintenance release. A bug in edit comment formatting could send PHP into an 20608infinite loop if certain malformed links were included. In most installations, 20609this would cause the script to fail after PHP's 30-second failsafe timeout. For 20610several other minor fixes, see the complete changelog at the end of this file. 20611 20612== MediaWiki 1.4.13 == 20613(released January 5, 2006) MediaWiki 1.4.13 is a security maintenance 20614release.Detection for uploads of Windows Metafile (.wmf) images has been added 20615to help protect against a client-side vulnerability in unpatched Microsoft 20616Windows operating systems. Sites which have enabled uploads and added 20617non-standard file types (such as .ogg, .doc, or .pdf) should upgrade to this 20618release to ensure that malicious .wmf files can't be uploaded with a fake 20619extension; such files could put visitors to the site at risk. For more details 20620on this, see: http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability 20621 20622== MediaWiki 1.4.12 == 20623(released 2005-11-02) MediaWiki 1.4.12 is a bugfix and security maintenance 20624release. A change in PHP 4.4.1 broke handling of extension and 20625<nowiki><pre></nowiki> sections, causing garbage data to be inserted in output 20626and saved edits. This version works around the change. This release includes 20627further corrections to the inline CSS style sanitation which works around a 20628JavaScript "feature" on Microsoft Internet Explorer. Users of Microsoft 20629Internet Explorer for Windows may be vulnerable to XSS injections on prior 1.4 20630releases; users of standards-compliant browsers are not vulnerable. 20631 20632== MediaWiki 1.4.11 == 20633(released 2005-10-05) MediaWiki 1.4.11 is a security maintenance release. 20634Unsafe handling of CSS by Microsoft Internet Explorer could be exploited to 20635produce cross-site scripting attacks by JavaScript injection to clients running 20636that browser. This release blacklists several additional variants from use in 20637HTML inline style attributes. All publicly accessible wikis are recommended to 20638upgrade to reduce the risk to visitors using Microsoft web browsers. Note: the 20639MediaWiki 1.4.x series is not compatible with PHP 5.0.5 or higher. Upgrade to 20640the 1.5.0 release if you require this version of PHP 5. 20641 20642== MediaWiki 1.4.10 == 20643(released 2005-09-21) MediaWiki 1.4.10 is a security maintenance release. A bug 20644in edit submission handling could cause corruption of the previous revision in 20645the database if an abnormal URL was used, such as those used by some spambots. 20646Affected releases: 20647* 1.4.x <= 1.4.9; fixed in 1.4.10 20648* 1.3.x <= 1.3.15; fixed in 1.3.16 206491.5 release candidates are not affected by this problem. All publicly editable 20650wikis are strongly recommended to upgrade immediately. 206511.4 releases can be manually patched by changing this bit in EditPage.php: 20652 20653<syntaxhighlight lang="php"> 20654function importFormData( &$request ) { 20655 if( $request->wasPosted() ) { 20656</syntaxhighlight> 20657to: 20658<syntaxhighlight lang="php"> 20659 function importFormData( &$request ) { 20660 if( $request->getVal( 'action' ) == 'submit' && $request->wasPosted() ) 20661 { 20662</syntaxhighlight> 20663== MediaWiki 1.4.9 == 20664(released 2005-08-29) MediaWiki 1.4.9 is a security maintenance release. It 20665corrects two cross-site scripting security bugs: 20666* <nowiki><math></nowiki> tags were handled incorrectly when TeX rendering 20667support is off, as in the default configuration. 20668* Extension or <nowiki><nowiki></nowiki> sections in Wiki table syntax could 20669bypass HTML style attribute restrictions for cross-site scripting attacks 20670against Microsoft Internet Explorer Wikis where the optional math support has 20671been *enabled* are not vulnerable to the first, but are vulnerable to the 20672second. 20673 20674== MediaWiki 1.4.8 == 20675(released 2005-08-23) MediaWiki 1.4.8 is a bug fix and security maintenance 20676release. A flaw in the interaction between extensions and HTML attribute 20677sanitization was discovered which could allow unauthorized use of offsite 20678resources in style sheets, and possible exploitation of a JavaScript injection 20679feature on Microsoft Internet Explorer. This version expands the returned text 20680and properly checks it before output. Additionally, an update to 20681skins/MonoBook.php ensures that sites using the default MonoBook skin will 20682display correctly in the Internet Explorer 7 beta. (1.3 and 1.5 are not 20683affected by this bug.) 20684 20685== MediaWiki 1.4.7 == 20686(released 2005-07-16) 20687MediaWiki 1.4.7 is a bug fix release. Those affected by the following problems 20688in 1.4.6 should upgrade: 20689* Watchlist breakage on MySQL 3.23.x and with table prefix enabled 20690* Possible breakage in watchlist, some image resizing modes on PHP 4.1.2 1.4.6 20691included a fix for a cross-site scripting vulnerability, so anyone running 20692older 1.4 releases is very strongly encouraged to upgrade as well. Note to 20693upgraders: this version of MediaWiki is known to produce a large number of 20694notice-level warnings under the newly released PHP 4.4.0. These appear however 20695to be harmless; if you encounter them add this to your LocalSettings.php to 20696suppress the notices: error_reporting( E_ALL & ~E_NOTICE ); PHP 5.1.0beta3 is 20697known to be incompatible at this time. 20698 20699== MediaWiki 1.4.6 == 20700(released 2005-07-07) MediaWiki 1.4.6 is a bug fix and security update release. 20701Incorrect escaping of a parameter in the page move template could 20702be used to inject JavaScript code by getting a victim to visit a maliciously 20703constructed URL. Users of vulnerable releases are recommended to upgrade to 20704this release. Vulnerable versions: 20705* 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3 20706* 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6 20707* 1.3 legacy series: not vulnerable This release also includes fixes for some 20708rare bug annoying HTTP errors, a PHP 4.1.2 breakage bug, and works around some 20709template limitations introduced in 1.4.5. See the changelog at the end of this 20710file for a detailed list of bugs fixed. 20711 20712== MediaWiki 1.4.5 == 20713(released 2005-06-03) MediaWiki 1.4.5 is a security update and bugfix release. 20714Incorrect handling of page template inclusions made it possible to inject 20715JavaScript code into HTML attributes, which could lead to cross-site scripting 20716attacks on a publicly editable wiki. Vulnerable releases and fix: 20717* 1.5 prerelease: fixed in 1.5alpha2 20718* 1.4 stable series: fixed in 1.4.5 20719* 1.3 legacy series: fixed in 1.3.13 20720* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended This 20721release also includes a number of bug fixes (see changelog below) and merges 20722some large-server load balancing patches from Wikipedia. An experimental rate 20723limiter for page edits and moves can be enabled with global, per-IP, 20724per-subnet, or per-user bases. See configuration options in 20725includes/DefaultSettings.php 20726 20727== MediaWiki 1.4.4 == 20728(released 2005-05-04) MediaWiki 1.4.4 is a bugfix release for the 1.4 stable 20729release series. Some bugs in the installer/updater and refreshLinks maintenance 20730script were introduced in the last release and have been corrected. 20731 20732== MediaWiki 1.4.3 == 20733 20734(released 2005-04-28) 20735 20736MediaWiki 1.4.3 is a bugfix release for the 1.4 stable release series. 20737 20738Chiefly, this fixes a compatibility problem with PHP 5 and a minor link 20739table corruption bug on initial page save. 20740 20741 20742== MediaWiki 1.4.2 == 20743 20744(released 2005-04-20) 20745 20746MediaWiki 1.4.2 is a security and bug fix release for the 1.4 stable release 20747series. 20748 20749A cross-site scripting injection vulnerability was discovered, which 20750affects only MSIE clients and is only open if MediaWiki has been 20751manually configured to run output through HTML Tidy ($wgUseTidy). 20752 20753Several other bugs are fixed in this release, see the changelog below. 20754 20755All new installations are highly recommended to use 1.4.2 instead of 207561.3.x; 1.3.x users should consider upgrading for bug fixes and new 20757features. Ealier 1.4.x release and beta users should upgrade to this 20758release for relevant bug fixes; see the changelog later in this file. 20759 20760 20761If you have trouble, remember to read this whole file and the online FAQ page 20762before asking for help: 20763 20764https://www.mediawiki.org/wiki/Manual:FAQ 20765 20766 20767=== READ THIS FIRST: Upgrading === 20768 20769If upgrading from an older release, see the notes in the file UPGRADE. 20770There are a couple of minor database changes from the beta releases, 20771and somewhat larger changes from 1.3.x. 20772 20773Upgrading from a previous 1.4.x stable release installation should 20774generally only require copying the new files over the old ones. 20775 20776 20777==== READ THIS FIRST, TOO: MySQL 4.1 AND 5.0 ==== 20778 20779MySQL 5.0 is a beta release, not yet ready for production use. If you 20780are using it, the notes below about 4.1 apply to you too. 20781 20782If you have the choice of MySQL 4.0 or MySQL 4.1 and don't need 4.1 for 20783some other application, you should consider sticking with 4.0 for the 20784moment. 4.1 may require you to do extra fiddling to get things to work 20785due to changes that aren't fully backwards-compatible. 20786 20787MySQL 4.1 has changed the authentication protocol in an incompatible 20788way; many PHP installations still use the older client libraries and 20789CANNOT CONNECT TO THE SERVER WITH A PASSWORD without some changes. 20790 20791See: http://dev.mysql.com/doc/mysql/en/Old_client.html 20792 20793If MySQL is set with utf-8 as the default character set, installation 20794may fail with "key too long" errors. Set the default charset to 'latin1' 20795for installation and it should work. 20796 20797The mysqldump backup generator now applies an automatic conversion to 20798UTF-8, which may irretrivably corrupt your data. Pass the -charset option 20799with the original default charset (eg 'latin1') to skip the conversion. 20800 20801 20802==== READ THIS FIRST IF RUNNING ON A WINDOWS SERVER ==== 20803 20804MediaWiki is tested and deployed primarily under the Apache web server 20805on Linux Unix systems. There are known to be problems running on 20806Microsoft's IIS which are not fully resolved. If you have a choice, 20807try running under Apache on Windows, or on a Unix/Linux box instead. 20808 20809If you're having trouble with blank pages on IIS and can't switch, 20810try the workaround suggested in this bug report: 20811http://bugzilla.wikimedia.org/show_bug.cgi?id=1763 20812 20813 20814=== New features === 20815 20816* 'Recentchanges Patrol' to mark new edits that haven't yet been viewed. 20817* New, searchable deletion/upload/protection logs 20818* Image gallery generation (Special:Newimages and <gallery> tag) 20819* SVG rasterization support (requires external support tools) 20820* Users can select from the available localizations to override the 20821 default user interface language. 20822* Traditional/Simplified Chinese conversion support 20823* rel="nofollow" support to combat linkspam 20824 20825The current implementation adds this attribute to _all_ external URL 20826links in wiki text (but not internal [[wiki links]] or interwiki links). 20827To disable the attribute for _all_ external links, add this line to your 20828LocalSettings.php: 20829 20830 $wgNoFollowLinks = false 20831 20832For background information on nofollow see: 20833 20834 http://www.google.com/googleblog/2005/01/preventing-comment-spam.html 20835 20836 20837=== Installation and compatibility === 20838 20839* The default MonoBook theme now works with PHP 5.0 20840* Installation on systems with PHP's safe mode or other oddities 20841 should work more reliably, as MonoBook no longer needs to 20842 create a compiled template file for the wiki to run. 20843* A table prefix may be specified, to avoid conflicts with other 20844 web applications forced to share a database. 20845* More thorough UTF-8 input validation; fixes non-ASCII uploaded 20846 filenames from Safari. 20847* Command-line database upgrade script. 20848 20849 20850=== Customizability === 20851 20852* Default user options can now be overridden in LocalSettings. 20853* Skins system more modular: templates and CSS are now in /skins/ 20854 New skins can be dropped into this directory and used immediately. 20855* More extension hooks have been added. 20856* Authentication plugin hook. 20857* More internal code documentation, generated with phpdoc: 20858 https://doc.wikimedia.org/mediawiki-core/master/php/html/ 20859 20860 20861=== Optimization === 20862 20863* For many operations, MediaWiki 1.4 should run faster and use 20864 less memory than MediaWiki 1.3. Page rendering is up to twice 20865 as fast. (Use a PHP accelerator such as Turck MMCache for best 20866 results with any PHP application, though!) 20867* The parser cache no longer requires memcached, and is enabled 20868 by default. This avoids a lot of re-rendering of pages that 20869 have been shown recently, greatly speeding longer page views. 20870* Support for compiled PHP modules to speed up page diff and 20871 Unicode validation/normalization. (Requires ability to compile 20872 and load PHP extensions). 20873 20874 20875=== What isn't ready yet === 20876 20877* A new user/groups permissions scheme has been held back to 1.5. 20878* An experimental SOAP interface will be made available as an extension 20879* PostgreSQL support is largely working, minus search and the installer. 20880 You can perform a manual installation. 20881* E-mail notification of watched page changes and verification of 20882 user-submitted e-mail addresses is not yet included. 20883* Log pages are not automatically imported into the new log table 20884 at upgrade time. A script to import old text log entries is 20885 incomplete, but may be available in later point releases. 20886* Some localizations are still incomplete. 20887 20888 20889 20890== Changelog == 20891 20892=== Important security updates === 20893 20894A security audit found and fixed a number of problems. Users of MediaWiki 208951.3.10 and earlier should upgrade to 1.3.11; users of 1.4 beta releases 20896prior to 1.4rc1 should upgrade immediately. 20897 20898==== Cross-site scripting vulnerability ==== 20899 20900XSS injection points can be used to hijack session and authentication 20901cookies as well as more serious attacks. 20902 20903* Media: links output raw text into an attribute value, potentially 20904 abusable for JavaScript injection. This has been corrected. 20905* Additional checks added to file upload to protect against MSIE and 20906 Safari MIME-type autodetection bugs. 20907 20908As of 1.3.10/1.4beta6, per-user customized CSS and JavaScript is disabled 20909by default as a general precaution. Sites which want this ability may set 20910$wgAllowUserCss and $wgAllowUserJs in LocalSettings.php. 20911 20912 20913==== Cross-site request forgery ==== 20914 20915An attacker could use JavaScript-submitted forms to perform various 20916restricted actions by tricking an authenticated user into visiting 20917a malicious web page. A fix for page editing in 1.3.10/1.4beta6 has 20918been expanded in this release to other forms and functions. 20919 20920Authors of bot tools may need to update their code to include the 20921additional fields. 20922 20923 20924==== Directory traversal ==== 20925 20926An unchecked parameter in image deletion could allow an authenticated 20927administrator to delete arbitary files in directories writable by the 20928web server, and confirm existence of files not deletable. 20929 20930 20931==== Older issues ==== 20932 20933Note that 1.4 beta releases prior to beta 5 include an input validation 20934error which could lead to execution of arbitrary PHP code on the server. 20935Users of older betas should upgrade immediately to the current version. 20936 20937 20938Beta 6 also introduces the use of rel="nofollow" attributes on external 20939links in wiki pages to reduce the effectiveness of wiki spam. This will 20940cause participating search engines to ignore external URL links from wiki 20941pages for purposes of page relevancy ranking. 20942 20943 20944=== Misc bugs fixed in beta 1 === 20945 20946* (bug 95) Templates no longer limited to 5 inclusions per page 20947* New user preference for limiting the image size for images on image 20948 description pages 20949* (bug 530) Allow user to preview article on first edit 20950* (bug 479) [[RFC 1234]] will now make an internal link 20951* (bug 511) PhpTal skins shown bogus 'What links here' etc on special pages 20952* (bug 770) Adding filter and username exact search match for Special:Listusers 20953* (bug 733) Installer die if it can not write LocalSettings.php 20954* (bug 705) Various special pages no more show the rss/atom feed links 20955* (bug 114) use category backlinks in Special:Recentchangeslinked 20956 20957=== Beta 2 fixes === 20958 20959* (bug 987) Reverted bogus fix for bug 502 20960* (bug 992) Fix enhanced recent changes in PHP5 20961* (bug 1009) Fix Special:Makesysop when using table prefixes 20962* (bug 1010) fix broken Commons image link on Classic & Cologne Blue 20963* (bug 985) Fix auto-summary for section edits 20964* (bug 995) Close <a> tag 20965* (bug 1004) renamed norsk language links (twice) 20966* Login works again when using an old-style default skin 20967* Fix for load balancing mode, notify if using old settings format 20968* (bug 1014) Missing image size option on old accounts handled gracefully 20969* (bug 1027) Fix page moves with table prefix 20970* (bug 1018) Some pages fail with stub threshold enabled 20971* (bug 1024) Fix link to high-res image version on Image: pages 20972* (bug 1016) Fix handling of lines omitting Image: in a <gallery> tag 20973* security fix for image galleries 20974* (bug 1039) Avoid error message in certain message cache failure modes 20975* Fix string escaping with PostgreSQL 20976* (bug 1015) [partial] -- use comment formatter on image gallery text 20977* Allow customization of all UI languages 20978* use $wgForceUIMsgAsContentMsg to make regular UI messages act as content 20979* new user option for zh users to disable language conversion 20980* Defer message cache initialization, shaving a few ms off file cache hits 20981* Fixed Special:Allmessages when using table prefixes 20982* (bug 996) Fix $wgWhitelistRead to work again 20983* (bug 1028) fix page move over redirect to not fail on the unique index 20984 20985=== Beta 3 fixes === 20986 20987* Hide RC patrol markers when patrol is disabled or not allowed to patrol. 20988* Fix language selection for upgraded accounts 20989* (bug 1076) navigation links in QueryPage should be translated by wgContLang. 20990* (bug 922) bogus DOS line endings in LanguageEl.php 20991* Fix index usage in contribs 20992* Caching and load limiting options for Recentchanges RSS/Atom feed 20993* (bug 1074) Add stock icons for non-image files in gallery/Newimages 20994* Add width and height attributes on thumbs in gallery/Newimages 20995* Enhance upload extension blacklist to protect against vulnerable 20996 Apache configurations 20997 20998=== Beta 4 fixes === 20999 21000* (bug 1090) Fix sitesupport links in CB/classic skins 21001* Gracefully ignore non-legal titles in a <gallery> 21002* Fix message page caching behavior when $wgCapitalLinks is turned off 21003 after installation and the wiki is subsequently upgraded 21004* Database error messages include the database server name/address 21005* Paging support for large categories 21006* Fix image page scaling when thumbnail generation is disabled 21007* Select the content language in prefs when bogus interface language is set 21008* Fix interwiki links in edit comments 21009* Fix crash on banned user visit 21010* Avoid PHP warning messages when thumbnail not generated 21011* (bug 1157) List unblocks correctly in Special:Log 21012* Fix fatal errors in LanguageLi.php 21013* Undo overly bright, difficult to read colors in Cologne Blue 21014* (bug 1162) fix five-tilde date inserter 21015* Add raw signatures option for those who simply must have cute sigs 21016* (bug 1164) Let wikitext be used in Loginprompt and Loginend messages 21017* Add the dreaded <span> to the HTML whitelist 21018* (bug 1170) Fix Russian linktrail 21019* (bug 1168) Missing text on the bureaucrat log 21020* (bug 1180) Fix Makesysop on shared-user-table sites 21021* (bug 1178) Fix previous diff link when using 'oldid=0' 21022* (bug 1173) Stop blocked accounts from reverting/deleting images 21023* Keep generated stylesheets cache-separated for each user 21024* (bug 1175) Fix "preview on first edit" mode 21025* Fix revert bug caused by bug 1175 fix 21026* Fix CSS classes on minor, new, unpatrolled markers in enhanced RC 21027* Set MySQL 4 boolean search back to 'and' mode by default 21028* (bug 1193) Fix move-only page protection mode 21029* Fix zhtable Makefile to include the traditional manual table 21030* Add memcache timeout for the zh conversion tables 21031* Allow user customization of the zh conversion tables through 21032 Mediawiki:zhconversiontable 21033* Add zh-min-man (back) to language names list 21034* Ported $wgCopyrightIcon setting from REL1_3A 21035* (bug 1218) Show the original image on image pages if the thumbnail would be 21036 bigger than the original image 21037* (bug 1213) i18n of Special:Log labels 21038* (bug 1013) Fix jbo, minnan in language names list 21039* Added magic word MAG_NOTITLECONVERT to indicate that the title of the page 21040 do not need to be converted. Useful in zh: 21041* (bug 1224) Use proper date messages for date reformatter 21042* (bug 1241) Don't show 'cont.' for first entry of the category list 21043* (bug 1240) Special:Preferences was broken in Slovenian locale when 21044 $wgUseDynamicDates is enabled 21045* Added magic word MAG_NOCONTENTCONVERT to suppress the conversion of the 21046 content of an article. Useful in zh: 21047* write-lock for updating the zh conversion tables in memcache 21048* recursively parse subpages of MediaWiki:Zhconversiontable 21049* (bug 1144) Fix export for fy language 21050* make removal of an entry from zhconversiontable work 21051* (bug 752) Don't insert newline in link title for url with %0a 21052* Fix missing search box contents in MonoBook skin 21053* Add option to forward search directly to an external URL (eg google) 21054* Correctly highlight the fallback language variant when the selected 21055 variant is disabled. Used in zh: only for now. 21056 21057=== Beta 5 fixes === 21058 21059* (bug 1124) Fix ImageGallery XHTML compliance 21060* (bug 1186) news: in the middle of a word 21061* (bug 1283) Use underlining and borders to highlight additions/deletions 21062 in diff-view 21063* Use user's local timezone in Special:Log display 21064* Show filename for images in gallery by default (restore beta 3 behavior) 21065* (bug 1201) Double-escaping in brokenlinks, imagelinks, categorylinks, 21066 searchindex 21067* When using squid reverse proxy, cache the redirect to the Main_Page 21068* (bug 1302) Fix Norwegian language file 21069* (bug 1205) Fix broken article saving in PHP 5.1 21070* (bug 1206) Implement CURRENTWEEK and CURRENTDOW magic keyword (will give 21071 number of the week and number of the day). 21072* (bug 1204) Blocks do not expire automatically 21073* (bug 1184) expiry time of indefinite blocks shown as the current time 21074* (bug 1317) Fix external links in image captions 21075* (bug 1084) Fix logo not rendering centrally in IE 21076* (bug 288) Fix tabs wrapping in IE6 21077* (bug 119) Fix full-width tabs with RTL text in IE 21078* (bug 1323) Fix logo rendering off-screen in IE with RTL language 21079* Show "block" link in Special:Recentchanges for logged in users, too, if 21080 wgUserSysopBans is true. 21081* (bug 1326) Use content language for '1movedto2' in edit history 21082* zh: Fix warning when HTTP_ACCEPT_LANGUAGE is not set 21083* zh: Fix double conversion for zh-sg and zh-hk 21084* (bug 1132) Fix concatenation of link lists in refreshLinks 21085* (bug 1101) Fix memory leak in refreshLinks 21086* (bug 1339) Fix order of @imports in Cologne Blue CSS 21087* Don't try to create links without namespaces ([[Category:]] link bug) 21088* Memcached data compression fixes 21089* Several valid XHTML fixes 21090* (bug 624) Fix IE freezing rendering whilst waiting for CSS with MonoBook 21091* (bug 211) Fix tabbed preferences with XHTML MIME type 21092* Fix for script execution vulnerability. 21093 21094=== Beta 6 fixes === 21095 21096* (bug 1335) implement 'tooltip-watch' in Language.php 21097* Fix linktrail for nn: language 21098* (bug 1214) Fix prev/next links in Special:Log 21099* (bug 1354) Fix linktrail for fo: language 21100* (bug 512) Reload generated CSS on preference change 21101* (bug 63) Fix displaying as if logged in after logout 21102* Set default MediaWiki:Sitenotice to '-', avoiding extra database hits 21103* Skip message cache initialization on raw page view (quick hack) 21104* Fix notice errors in wfDebugDieBacktrace() in XML callbacks 21105* Suppress notice error on bogus timestamp input (returns epoch as before) 21106* Remove unnecessary initialization and double-caching of parser variables 21107* Call-tree output mode for profiling 21108* (bug 730) configurable $wgRCMaxAge; don't try to update purged RC entries 21109* Add $wgNoFollowLinks option to add rel="nofollow" on external links 21110 (on by default) 21111* (bug 1130) Show actual title when moving page instead of encoded one. 21112* (bug 925) Fix headings containing <math> 21113* (bug 1131) Fix headings containing interwiki links 21114* (bug 1380) Update Nynorsk language file 21115* (bug 1232) Fix sorting of cached Special:Wantedpages in miser mode 21116* (bug 1217) Image within an image caption broke rendering 21117* (bug 1384) Make patrol signs have the same width for page moves as for edits 21118* (bug 1364) fix "clean up whitespace" in Title:SecureAndSplit 21119* (bug 1389) i18n for proxyblocker message 21120* Add fur/Furlan/Friulian to language names list 21121* Add TitleMoveComplete hook on page renames 21122* Allow simple comments for each translation rules in MW:Zhconversiontable 21123* (bug 1402) Make link color of tab subject page link on talk page indicate 21124 whether article exists 21125* (bug 1368) Fix SQL error on stopword/short word search w/ MySQL 3.x 21126* Translated Hebrew namespace names 21127* (bug 1429) Stop double-escaping of block comments; fix formatting 21128* (bug 829) Fix URL-escaping on block success 21129* (bug 1228) Fix double-escaping on & sequences in [enclosed] URLs 21130* (bug 1435) Fixed many CSS errors 21131* (bug 1457) Fix XHTML validation on category column list 21132* (bug 1458) Don't save if edit form submission is incomplete 21133* Logged-in edits and preview of user CSS/JS are now locked to a session token. 21134* Per-user CSS and JavaScript subpage customizations now disabled by default. 21135 They can be re-enabled via $wgAllowUserJs and $wgAllowUserCss. 21136* Removed .ogg from the default uploads whitelist as an extra precaution. 21137 If your web server is configured to serve Ogg files with the correct 21138 Content-Type header, you can re-add it in LocalSettings.php: 21139 $wgFileExtensions[] = 'ogg'; 21140 21141=== RC1 fixes === 21142 21143* Fix notice error on nonexistent template in wikitext system message 21144* (bug 1469) add missing <ul> tags on Special:Log 21145* (bug 1470) remove extra <ul> tags from Danish log messages 21146* Fix notice on purge w/ squid mode off 21147* (bug 1477) hide details of SQL error messages by default 21148 Set $wgShowSQLErrors = true for debugging. 21149* (bug 1430) Don't check for template data when editing page that doesn't exist 21150* Recentchanges table purging fixed when using table prefix 21151* (bug 1431) Avoid redundant objectcache garbage collection 21152* (bug 1474) Switch to better-cached index for statistics page count 21153* Run Unicode normalization on all input fields 21154* Fix translation for allpagesformtext2 in LanguageZh_cn and LanguageZh_tw 21155* Block image revert without valid login 21156* (bug 1446) stub Bambara (bm) language file using French messages 21157* (bug 1432) Update Estonian localization 21158* (bug 1471) unclosed <p> tag in Danish messages 21159* convertLinks script fixes 21160* Corrections to template loop detection 21161* XHTML encoding fix for usernames containing & in Special:Emailuser 21162* (for zh) Search for variant links even when conversion is turned off, 21163 to help prevent duplicate articles. 21164* Disallow ISO 8859-1 C1 characters and "no-break space" in user names 21165 on Latin-1 wikis. 21166* Correct the name of the main page it LanguageIt 21167* Allow Special:Makesysop to work for usernames containing SQL special 21168 characters. 21169* Fix annoying blue line in Safari on scaled-down images on description page 21170* Increase upload sanity checks 21171* Fix XSS bug in Media: links 21172* Add cross-site form submission protection to various actions 21173* Fix fatal error on some dubious page titles 21174* Stub threshold displays correctly again 21175 21176 21177=== 1.4.0 final fixes === 21178 21179* (bug 65) Fix broken interwiki link encoding on Latin-1 wikis; force to UTF-8 21180* (bug 563) Fix UTF-8 interwiki URL redirects via Latin-1 wikis 21181* (bug 1536) Fix page info 21182* Support os (Ossetic) as language code, using Russian localization base 21183* (bug 1610) Support non (Old Norse) as language code, using Icelandic 21184 localization base 21185* (bug 1618) Properly list custom namespaces in Special:Allpages 21186* (bug 1622) Remove trailing' >' when using category browser 21187* (bug 1570) Fix php 4.2.x error on conflict merging 21188* (bug 1585) Fix page title on post-login redirection page 21189* Run UTF-8 validation on old text in Recentchanges RSS diffs 21190* (bug 1642) fix a mime type typo in img_auth.php 21191* Automated interwiki redirects only for local interwikis 21192* Respect read-only mode on block removals 21193* Trim old illegal characters from syndication feeds 21194* Reduce message cache outage recovery delay from 1 day to 5 minutes 21195* (bug 1403) Update Finnish localization 21196* (bug 1478) Punjabi localization 21197* (bug 1667) Update script 5 second countdown. 21198* (bug 1057) Fix logging table encoding (error on MySQL 4.1) 21199* (bug 1680) Fix linktrail for fo 21200* (bug 1653) Removing hardcoded messages in Special:Allmessages 21201* (bug 1594) Render a hyphen in a formula as − in HTML 21202* (bug 1495) Fall back to default language MediaWiki: for custom messages 21203* (bug 1617) Show different error messages for "user does not 21204 exist" and "wrong password" when using AuthPlugin 21205* (bug 1532), (bug 1544) Changed language names for 21206 'bn', 'bo', 'dv', 'dz', 'ht', 'ii', 'li', 'lo', 'ng', 'or', 'pa', 'si', 21207 'ti', 've' 21208* Fix editing on non-Esperanto wiki with user language pref set to Esperanto 21209* Make conversion table for zh-sg default to zh-cn, and zh-hk default to zh-tw 21210* Fix PHP notice in MonoBook when counters disabled 21211* (bug 1696) Update namespaces, dates in uk localization 21212* (bug 551) Installer warns about magic_quotes_runtime and magic_quotes_sybase 21213 instead of trying to install with corrupt table files 21214* Installer no longer tries to move non-default MediaWiki: pages into Template: 21215* User-to-user email disabled by default ($wgEnableUserEmail) 21216 21217 21218=== 1.4.1 fixes === 21219 21220* (bug 1720) fix genitive month names for uk 21221* (bug 1704) fixed untranslateable string in Special:Log 21222* (bug 1638) Added Belrusian language file 21223* (bug 1736) typo in SpecialValidate.php 21224* (bug 73) Upload doesn't run edit updates on description page (links, 21225 search index and categories) 21226* (bug 646) <math> fails to recognize \ll and \gg 21227* (bug 926) \div element from TeX not supported in <math> element 21228* (bug 1147) add \checkmark to whitelist in texutil.ml 21229* (bug 937) \limits function from LaTeX not supported in <math> element 21230* Support for manually converting article title to different Chinese 21231 variants (for zh) 21232* (bug 1488, bug 1744) Fix encoding for preferences, dates in Latin-1 mode 21233* (bug 1042) Fix UTF-8 case conversion for PHP <4.3 with mbstring extension 21234* Fix code typo that broke article credits display 21235* Installation fixes for running under IIS 21236* (bug 1556) login page tab order. "remember" checkbox now come after password. 21237* SQL debug log fixlets 21238* (bug 1815) Fix namespace in old revision display with mismatched title 21239* (bug 1788) Fix link duplication when edit/upload comment includes newlines 21240* Change default on $wgSysopUserBans and $wgSysopRangeBans to true 21241* Fix link conversion for URL request 21242* (bug 1851) Updated download URL for the SCIM packages used by zhtable 21243* (bug 1853) Try stripping quotes from term for 'go' title match 21244* Fix missing function in Latin1 mode 21245* (bug 1860) Anchors of interwiki links did not get normalized 21246* (bug 1847) accept lowercase x in ISBN, do not accept invalid A-W,Y,Z 21247* Fix link conversion for URL request, hopefully without breaking the wiki 21248* (bug 1849) New option allows to consider categorized images as used on 21249 Special:Unusedimages 21250* Localized category namespace for ka (Georgian) 21251* (bug 1107) Work around includes problem in installer when parent dir is not 21252 readable by the web server 21253* (bug 1927) Incorrect escaping on wikitext message in Blockip 21254 21255 21256=== 1.4.2 fixes === 21257 21258* Fix math options in Finnish localization 21259* Use in-process Tidy extension if available when $wgUseTidy is on 21260* (bug 1933) Fix PATH_INFO usage under IIS with PHP ISAPI module 21261* (bug 1188) <nowiki> in {{subst:}} includes fixed 21262* (bug 1936) <!-- comments --> in {{subst:}} includes fixed 21263* Fix a potential MSIE JavaScript injection vector in Tidy mode 21264 21265 21266=== 1.4.3 fixes === 21267 21268* (bug 1636) Refs like ţ were misinterpreted as octal in some places 21269* (bug 1163) Special:Undelete showed oldest revision instead of newest 21270* (bug 1938) Fix escaping of illegal character references in link text 21271* (bug 1997) Fix for error on display of renamed items in Recentchanges on PHP5 21272* (bug 1949) Profiling typo in rare error case 21273* (bug 1963) Fix deletion log link when $wgCapitalLinks is off 21274* (bug 1970) Don't show move tab for immobile pages 21275* (bug 1770) Page creation recorded links from the 'newarticletext' message 21276* Optional change to the site_stats table. When applied, this removes the need 21277 for expensive queries in Special:Statistics. 21278 21279 21280=== 1.4.4 fixes === 21281 21282* (bug 725) Let dir="ltr" attribute work again in MonoBook on RTL languages 21283* (bug 2024) Skip JavaScript error for custom skins where .js message not set 21284* (bug 2025) Updated Indonesian localization 21285* (bug 2039) Updated Lithuanian localization 21286 21287 21288=== Caveats === 21289 21290Some output, particularly involving user-supplied inline HTML, may not 21291produce 100% valid or well-formed XHTML output. Testers are welcome to 21292set $wgMimeType = "application/xhtml+xml"; to test for remaining problem 21293cases, but this is not recommended on live sites. (This must be set for 21294MathML to display properly in Mozilla.) 21295 21296 21297For notes on 1.3.x and older releases, see HISTORY. 21298 21299 21300=== Online documentation === 21301 21302Documentation for both end-users and site administrators is currently being 21303built up on MediaWiki.org, and is covered under the GNU Free Documentation 21304License: 21305 21306 https://www.mediawiki.org/ 21307 21308 21309=== Mailing list === 21310 21311A MediaWiki-l mailing list has been set up distinct from the Wikipedia 21312wikitech-l list: 21313 21314 http://lists.wikimedia.org/mailman/listinfo/mediawiki-l 21315 21316A low-traffic announcements-only list is also available: 21317 http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce 21318 21319It's highly recommended that you sign up for one of these lists if you're 21320going to run a public MediaWiki, so you can be notified of security fixes. 21321 21322 21323=== IRC help === 21324 21325There's usually someone online in #mediawiki on irc.freenode.net 21326 21327=MediaWiki 1.3= 21328 21329== MediaWiki 1.3.18 == 21330(released 2005-11-02) 21331MediaWiki 1.3.18 is a bugfix and security maintenance release. A change in PHP 213324.4.1 broke handling of extension and <nowiki><pre></nowiki> sections, causing 21333garbage data to be inserted in output and saved edits. This version works 21334around the change. This release includes further corrections to the inline CSS 21335style sanitation which works around a JavaScript "feature" on Microsoft 21336Internet Explorer. Users of Microsoft Internet Explorer for Windows may be 21337vulnerable to XSS injections on prior 1.3 releases; users of 21338standards-compliant browsers are not vulnerable. 21339 21340== MediaWiki 1.3.17 == 21341(released 2005-10-05) 21342MediaWiki 1.3.17 is a security maintenance release. Unsafe handling of CSS by 21343Microsoft Internet Explorer could be exploited to produce cross-site scripting 21344attacks by JavaScript injection to clients running that browser. This release 21345blacklists several additional variants from use in HTML inline style 21346attributes. All publicly accessible wikis are recommended to upgrade to reduce 21347the risk to visitors using Microsoft web browsers.Note: the MediaWiki 1.3.x 21348series is not compatible with PHP 5.0.5 or higher. Upgrade to the 1.5.0 release 21349if you require this version of PHP 5. 21350 21351== MediaWiki 1.3.16 == 21352(released 2005-09-21) 21353MediaWiki 1.3.16 is a security maintenance release. A bug in edit submission 21354handling could cause corruption of the previous revision in the database if an 21355abnormal URL was used, such as those used by some spambots. Affected releases: 21356* 1.4.x <= 1.4.9; fixed in 1.4.10 21357* 1.3.x <= 1.3.15; fixed in 1.3.16 213581.5 release candidates are not affected by this problem. All publicly editable 21359wikis are strongly recommended to upgrade immediately. 213601.3 releases can be manually patched by changing this bit in 21361{{manual|EditPage.php}}: 21362<syntaxhighlight lang="php"> 21363 if( $this->tokenOk( $request ) ) { 21364 $this->save = $request->wasPosted() && !$this->preview; 21365 } else { 21366</syntaxhighlight> 21367to: 21368<syntaxhighlight lang="php"> 21369 if( $this->tokenOk( $request ) ) { 21370 $this->save = $request->getVal( 'action' ) == 'submit' && 21371 $request->wasPosted() && !$this->preview; 21372 } else { 21373</syntaxhighlight> 21374 21375== MediaWiki 1.3.15, 2005-08-29 == 21376MediaWiki 1.3.15 is a security maintenance release. It corrects across-site 21377scripting security bug: 21378* <nowiki><math></nowiki> tags were handled incorrectly when TeX rendering 21379support is off, as in the default configuration. Wikis where the optional math 21380support has been *enabled* are not vulnerable. The 1.3.x series is no longer 21381maintained except for security fixes; new users and those seeking bug fixes 21382should upgrade to 1.4.9 or 1.5.0. 21383 21384== MediaWiki 1.3.14, 2005-08-23 == 21385MediaWiki 1.3.14 is a security maintenance release. A flaw in the interaction 21386between extensions and HTML attribute sanitization was discovered which could 21387allow unauthorized use of offsite resources in style sheets, and possible 21388exploitation of a JavaScript injection feature on Microsoft Internet Explorer. 21389The 1.3.x series is no longer maintained except for security fixes; new users 21390and those seeking bug fixes should upgrade to 1.4.8 or 1.5.0. Existing 1.3.x 21391installations not willing to upgrade to the current stable release should apply 21392the change manually: 21393In includes/Parser.php, function {{code|inline=y|lang=php|fixTagAttributes()}} 21394add: 21395<syntaxhighlight lang="php"> 21396 # Any placeholder items should have been unstripped already before 21397 # we got to this point. Raw text inserted later could be dangerous. 21398 if( strpos( $t, UNIQ_PREFIX ) !== false ) { 21399 wfDebug( "Parser::fixTagAttributes found stripped data placeholder; 21400 dropping attributes\n" ); 21401 $t = ''; 21402 } 21403</syntaxhighlight> 21404If you are actively using extensions to generate HTML attribute values, upgrade 21405to 1.4 or 1.5 for a more thorough fix. 21406 21407== MediaWiki 1.3.13, 2005-06-03 == 21408MediaWiki 1.3.13 is a security maintenance release. Incorrect handling of page 21409template inclusions made it possible to inject JavaScript code into HTML 21410attributes, which could lead to cross-site scripting attacks on a publicly 21411editable wiki. Vulnerable releases and fix: 21412* 1.5 prerelease: fixed in 1.5alpha2 21413* 1.4 stable series: fixed in 1.4.5 21414* 1.3 legacy series: fixed in 1.3.13 21415* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended The 214161.3.x series is no longer maintained except for security fixes; new users and 21417those seeking general bug fixes should install 1.4.5. Existing 1.3.x 21418installations not willing or able to upgrade to the current stable relase 21419should update the installation to 1.3.13; only includes/Parser.php has changed 21420from 1.3.12. 21421 21422== MediaWiki 1.3.12, 2005-02-20 == 21423MediaWiki 1.3.12 is a security maintenance release. A cross-site scripting 21424injection vulnerability was discovered, which affects only MSIE clients and is 21425only open if MediaWiki has been manually configured to run output through HTML 21426Tidy ($wgUseTidy). The 1.3.x series is no longer maintained except for security 21427fixes; new users and those seeking bug fixes should upgrade to 1.4.2. Existing 214281.3.x installations using Tidy not willing to upgrade to the current stable 21429relase should either turn off Tidy or update the installation to 1.3.12. 21430 21431== MediaWiki 1.3.11, 2005-02-20 == 21432MediaWiki 1.3.11 is a security release. 21433A security audit found and fixed a number of problems. Users of MediaWiki 214341.3.10 and earlier should upgrade to 1.3.11; users of 1.4 beta releases should 21435upgrade to 1.4rc1. 21436 21437=== Cross-site scripting vulnerability === 21438XSS injection points can be used to hijack session and authentication cookies 21439as well as more serious attacks. 21440* Media: links output raw text into an attribute value, potentially abusable 21441for JavaScript injection. This has been corrected. 21442* Additional checks added to file upload to protect against MSIE and Safari 21443MIME-type autodetection bugs. 21444As of <code>1.3.10/1.4beta6</code>, per-user customized CSS and JavaScript is 21445disabled by default as a general precaution. Sites which want this ability may 21446set {{wg|AllowUserCss}} and {{wg|AllowUserJs}} in LocalSettings.php. 21447 21448=== Cross-site request forgery === 21449An attacker could use JavaScript-submitted forms to perform various restricted 21450actions by tricking an authenticated user into visiting a malicious web page. A 21451fix for page editing in 1.3.10/1.4beta6 has been expanded in this release to 21452other forms and functions. Authors of bot tools may need to update their code 21453to include the additional fields. 21454 21455=== Directory traversal === 21456An unchecked parameter in image deletion could allow an authenticated 21457administrator to delete arbitary files in directories writable by the web 21458server, and confirm existence of files not deletable. 21459 21460== MediaWiki 1.3.10, 2005-02-03 == 21461MediaWiki 1.3.10 is a security release. 21462An attacker could craft a URL which, when visited by a particular logged-in 21463user, would execute arbitrary JavaScript code on the user's browser in the 21464wiki's site context. This attack has been blocked, and as an extra precaution 21465the user CSS and JavaScript subpage support is now disabled by default. Sites 21466which want this ability may set {{wg|AllowUserCss}} and {{wg|AllowUserJs}} in 21467{{manual|LocalSettings.php}}. Additional protections have been added against 21468off-site form submissions 21469hijacking user credentials. Authors of bot tools may need to update their code 21470to include additional fields. All wikis running 1.3.x are strongly urged to 21471upgrade to 1.3.10. 21472Changes from 1.3.9: 21473* Logged-in edits and preview of user CSS/JS are now locked to a session token. 21474* Per-user CSS and JavaScript subpage customizations now disabled by default. 21475They can be re-enabled via {{wg|AllowUserJs}} and {{wg|AllowUserCss}}. 21476* Removed .ogg from the default uploads whitelist as an extra precaution. If 21477your web server is configured to serve Ogg files with the correct Content-Type 21478header, you can re-add it in LocalSettings.php: {{wg|FileExtensions}}<code>[] = 21479'ogg'</code> 21480 21481== MediaWiki 1.3.9, 2004-12-12 == 21482MediaWiki 1.3.9 is a security and bug fix release. 21483A flaw in upload handling has been found which may allow upload and execution 21484of arbitrary scripts with the permissions of the web server. Only wikis that 21485have enabled uploads and have a vulnerable Apache configuration will be 21486affected, but to be safe all wikis should upgrade. Wikis with uploads available 21487should either disable uploads or upgrade to 1.3.9 immediately; if other files 21488are customized and require merging changes, 21489includes/{{manual|SpecialUpload.php}} may be replaced individually to add the 21490fix. (It is also recommended to configure your web server to disable script 21491execution in the 'images' subdirectory where uploads are placed, which prevents 21492most attacks even if the wiki fails.) 21493Changes from 1.3.8: 21494* Backported "Templates used in this page"-feature of EditPage 21495* Allow "MySkin" as a default skin. 21496* ({{bugzilla|938}}) Parse namespaces correctly on self-interwiki links 21497* ({{bugzilla|1010}}) fix broken Commons image link on [[Skin:Classic|Classic]] 21498& [[Skin:Cologne Blue|Cologne Blue]] 21499* ({{bugzilla|1004}}) Norsk language names for interwiki links changed, Nauruan 21500language name changed 21501* Enhance upload extension blacklist to protect against vulnerable Apache 21502configurations 21503 21504== MediaWiki 1.3.8, 2004-11-15 == 21505MediaWiki 1.3.8 is a bugfix release. Those running wikis with uploads enabled 21506are strongly recommended to upgrade as this fixes several problems with 21507overwriting previously-uploaded files. 21508Changes from 1.3.7: 21509* ({{bugzilla|506}}) fix {{code|inline=y|lang=html|array_key_exists()}} warning 21510for IIS servers using ISAPI mode 21511* ({{bugzilla|718}}) fix bad charset in (file) cached pages 21512* use local numerals in category page (for Hindi et al) 21513* alias month abbreviations to month names in Hindi 21514* add localized numerals for Gujarati and Kannada 21515* fix Category and project namespaces for Hindi 21516* Don't output bogus timestamp on [[Special:RecentChanges]] if no entries 21517* Correct template include path which broke some but not all Windows installs 21518* Fix edit form submission problem with some PHP versions 21519* Disallow unreachable titles with %XX hex codes 21520* Allow page [[0]] to be renamed 21521* ({{bugzilla|774}}) when saving with <code>section=new</code>, return to the 21522anchor as with existing numbered section edits 21523* Experimental shared upload overlay area (disabled by default) 21524* ({{bugzilla|806}}) Removed some "Wikipedia" hardcoding in German localization 21525* User option localization fix for some extensions 21526* ({{bugzilla|809}}) now try to load the mysql php extension if it isn't loaded 21527* ({{bugzilla|848}}) fix error message in [[Special:Newpages]] RSS and Atom 21528feeds 21529* ({{bugzilla|26}}) fix cache headers on anon talk page notification 21530* ({{bugzilla|874}}) added 'cgi' to {{wg|FileBlacklist}} 21531* ({{bugzilla|862}}) localize date and time format for Finnish 21532* ({{bugzilla|548}}) Don't overwrite images until the user confirms it 21533 21534== MediaWiki 1.3.7, 2004-10-18 == 21535Changes from 1.3.6: 21536* Fix protected-page related security issue. 21537 21538== MediaWiki 1.3.6, 2004-10-14 == 21539Changes from 1.3.5: 21540* ({{bugzilla|296}}) Variables in user interface messages are no longer 21541substituted at install time, so changes to the site name etc should be easier 21542to make 21543* ({{bugzilla|149}}) [[Special:RecentChanges]] "changes from" link preserves 21544limit 21545* ({{bugzilla|433}}) tooltip for "Undelete" tab now labeled correctly 21546* ({{bugzilla|439}}) unclickable "Move" tab no longer displays on protected 21547pages 21548* ({{bugzilla|484}}) graceful deletion of images where the actual file is 21549missing 21550* ({{bugzilla|686}}) fixed [[plural]]s in Catalan localization 21551* Fixed potential HTML/JavaScript injection attack in the 21552[[Extension:UnicodeConverter|UnicodeConverter]] extension. (This extension is 21553not enabled by default.) 21554* Fixed potential HTML/JavaScript injection attack via raw page views to a 21555maliciously crafted wiki page. 21556* ({{bugzilla|187}}, {{bugzilla|669}}) Fixed centered thumbnails, using 21557{{code|inline=y|lang=html|<div>}} instead of {{code|inline=y|lang=html|<span>}}. 21558* catch MySQL error 2000 during installation. 21559* ({{bugzilla|704}}) Removed misleading LocalSettings.sample 21560* Fix cross site scripting bugs in [[Special:Ipblocklist]], 21561[[Special:EmailUser]] 21562* Fix SQL injection and cross site scripting bugs in Special:Maintenance 21563* Fix cross site scripting bugs and possible filename validation vulnerability 21564in ImagePage. 21565* and more of that sort 21566 21567== MediaWiki 1.3.5, 2004-09-30 == 21568Changes from 1.3.4: 21569* Clean up input validation in 'raw' page output mode which was a potential 21570cross-site scripting opportunity. 21571 21572== MediaWiki 1.3.4, 2004-09-28 == 21573=== SECURITY NOTE === 21574As of 1.3.4, MediaWiki performs some screening of newly uploaded files for 21575validity. (Some) corrupt image files, and HTML files mistakenly or maliciously 21576masquerading as images, should now be rejected. These checks protect against 21577Internet Explorer security holes relating to type autodetection which are a 21578potential cross-site scripting attack vector, and also rejects at least one 21579known version of the "JPEG virus" which might attack unpatched clients. If you 21580already have invalid files uploaded this will not protect against them. If you 21581have expanded the <code>filetype</code> whitelist or disabled the strict type 21582checking, other dangerous file types may still get through. You should always 21583be careful when allowing uploads! 21584Changes from 1.3.3: 21585* Fixed lots of template-related bugs, esp. for cases where template variables 21586are used for links, images, etc. 21587* Fixed transformation of page messages when viewing [[Special:Allmessages]] 21588* Handle "ISBN ISBN 1234" correctly 21589* Fixed warning on Category pages 21590* Fixed some bad error messages on login page 21591* Fixed history entry for initial main page on install 21592* Removed problematic <code>{</code> and <code>}</code> from legal title 21593characters 21594* Strip leading blank from output in preformatted text. 21595* Fixed problem when moving pages to titles with '#' in 21596* Optional {{wg|RawHtml}} for raw {{code|inline=y|lang=html|<html>}} sections. 21597Use only on limited- participation 'trusted' wikis, as it does not protect 21598against cross-site scripting attacks. For security, this option can only be 21599enabled if in {{wg|WhitelistEdit}} mode. 21600* Fixed problem where pages which were created as a redirect following a move 21601never showed on [[Special:Randompage]]. 21602* Fixed line spacing on printed table of contents 21603* Allow links to pages with names of the form [[RFC 1234]] 21604* Fixed broken edit links being shown for sections from included templates 21605* Verify that uploaded image files are of the claimed type. 21606 21607== MediaWiki 1.3.3, 2004-09-09 == 21608Changes from 1.3.2: 21609* Fix for long numeric page titles 21610* Fix Go search for "0", numeric almost-self-links 21611* Avoid caching of pages with "You have new messages" headers 21612* Fix for upgrades as non-root users from 1.2 command-line installs. 21613* Fix for {{wg|DebugDumpSql}} debug mode. 21614* {{wg|ExtraNamespaces}} setting for configuring additional namespaces (see 21615note in {{manual|DefaultSettings.php}}) 21616* 'recache' on query pages now disabled when miser mode is on; special case the 21617global settings in your {{manual|LocalSettings.php}} to do automatic updates. 21618* Don't block UTF-8 titles containing byte 0xA0 (bug added in 1.3.2) 21619* Watch/unwatch tabs now shown on edit pages in MonoBook. 21620* Fix default skin in Irish localization (ga) 21621* Add Traditional Chinese localization (zh-tw) 21622* Changed default sortkey of subcategories. Don't include "Category:"-prefix 21623any longer 21624* More helpful info on spam catcher. 21625* Allow larger offsets for queries such as [[Special:Listusers]] 21626* Semicolon (;) added to French non-break space rules 21627* Possible fix for some install errors with path names permission problems. 21628* Removed [[Project:All system messages]], which has been superseded by the 21629much faster [[Special:Allmessages]]. This speeds up installation considerably. 21630 21631== MediaWiki 1.3.2, 2004-08-30 == 21632Changes from 1.3.1: 21633* Fix namespaced page creation links when no go match 21634* When cookies are disabled, don't show login screen twice 21635* Install should no longer die when PHP is pre-configured to compress output 21636* Fixed bug that caused long Japanese pages to time out with Tidy active 21637* When session.handler is set incorrectly, try automatic override to 'files' 21638* Watch/Unwatch links back to the affected page instead of Main Page 21639* Upload link no longer displayed on Monobook if uploading is disabled 21640* Special:Allmessages faster, shows correct original text, works in safe mode 21641 21642== MediaWiki 1.3.1, 2004-08-14 == 21643Changes from 1.3.0: 21644* Watchlist parameters now work with register_globals off 21645* Fixed parsing of ''italics'' and '''bold''' mark-up (again) 21646* Special:Allpages display is more sensible on smaller wikis 21647* Fixed XHTML parsing error in classic skins 21648* Moved pages update watchlist correctly 21649* Fixed rebuildall.php on case-sensitive Unix filesystems 21650* Disabled file cache compression by default due to incompatibility with output 21651buffer compression (ob_gzhandler) 21652* New magic word {{code|inline=y|PAGENAMEE}} (URL-escaped version of 21653{{code|inline=y|PAGENAME}}) 21654* Installation avoids blank username; better message on missing XML module 21655* {{wg|WhitelistAccount}} no longer breaks all logins. 21656 21657== MediaWiki 1.3.0, 2004-08-11 == 21658Look & layout: 21659* New default layout '[[Skin:MonoBook|MonoBook]]' (available on PHP4 only 21660currently) 21661* Print stylesheet now built-in to every page 21662* More or less correct XHTML 1.0 (served as text/html by default) 21663Wiki features: 21664* Image captions can now include links and other basic formatting 21665* Image bounding box can be specified instead of width, e.g. as 100x100px, 21666making the image not wider than 100px and not higher than 100px, keeping aspect 21667ratio. 21668* Templates have been expanded with parameters, and separated from the 21669MediaWiki: localization scheme. 21670* Categories more or less work 21671* added a special page for listing users with sysop rights. 21672Editing: 21673* Automatic merging of edit conflicts that don't directly interfere 21674* Edit summaries can now include basic formatting and links 21675Metadata and output: 21676* Linked Creative Commons copyright metadata (optional) 21677* RSS 2.0 & Atom 0.3 feeds for Recent Changes, New Pages 21678Optional modules: 21679* WikiHiero hieroglyphic module can be added (separate download) 21680* Timeline module can be added (separate download). Requires ploticus. 21681* TeX now has an experimental MathML output mode (incomplete!) 21682Installation and upgrading: 21683* The old install.php and update.php have been removed. In-place installation 21684introduced in 1.2 is now the standard installation and upgrade method, see 21685INSTALL and UPGRADE for directions. 21686Database: 21687* The links table has been changed to use a cur_id for l_from. The link tables 21688must be converted on upgrade, which may entail some downtime. 21689Code and compatibility: 21690* Should now run clean with error reporting set to E_ALL. 21691* register_globals hack from 1.2 has been replaced with safer code 21692* Bundled PHPTAL 0.7.0 from http://phptal.sourceforge.net/ (with some patches) 21693* Most image-related code moved to Image.php 21694* More fixes for PHP 4.1.2 (thanks to Asheesh Laroia) 21695* URL encoding fix for anchors 21696* All languages now available in UTF-8 mode 21697* Various other fixes 21698 21699=== Caveats === 21700Some output, particularly involving user-supplied inline HTML, may not produce 21701100% valid or well-formed XHTML output. Testers are welcome to set $wgMimeType 21702= "application/xhtml+xml"; to test for remaining problem cases, but this is not 21703recommended on live sites. (This must be set for MathML to display properly in 21704Mozilla.) The new 'MonoBook' skin is not compatible with PHP 5 due to bugs in 21705the underlying PHPTAL library. It will be automatically disabled when running 21706on PHP5; the older look and feel will be used instead. 21707
