1Change notes from older releases. For current info, see RELEASE-NOTES-1.37. 2 3= MediaWiki 1.36 = 4 5== MediaWiki 1.36.1 == 6 7This is a security and maintenance release of the MediaWiki 1.36 branch. 8 9=== Changes since MediaWiki 1.36.0 === 10* (T283942) DatabaseInstaller.php: Only run core schema file if specified table 11 doesn't already exist. 12* (T247223) Optimise MessageCache::isMainCacheable() for the single-message 13 case. 14* (T283244) JavaScriptMinifer: Fix handling of "delete" as object property. 15* (T284391) Fix SkinModule to correctly prepend remote path on document root 16 installs. 17* (T235554) Disable DEFER_SET_LENGTH_AND_FLUSH headers to avoid HTTP errors. 18* (T278579) Don't send headers on ob_end_clean(). 19* (T285287) MultiHttpClient: Replace PHP version check with defined(). 20* (T280226, CVE-2021-35197) SECURITY: Prevent blocked users from purging pages. 21 22== MediaWiki 1.36.0 == 23 24=== Changes since MediaWiki 1.36.0-rc.0 === 25* (T248481) rdbms: Use server time in 26 DatabaseMysqlBase::getLagFromPtHeartbeat(). 27* (T281549) WebInstaller: Don't show the announce-l subscribe checkbox for now. 28* (T264214) Follow-ups for UserGroupManager. 29* (T282280) resourceloader: Fix path-only URLs in wiki modules when script path 30 is docroot. 31* (T281972) UserIdentityValue: Introduce convenience static factory methods. 32* (T230428) Make page_is_redirect and page_is_new unsigned. 33* (T280292) Legacy feature should not load thumbnail style rules (only layout). 34* (T283247) Freenode -> Libera per wikimedia moving from freenode to libera. 35* (T280270) composer: Lock Parsoid version to specific 0.13.0 release. 36* (T142663) Add extension.json merge strategy "provide_default". 37* (T283540) HookContainer: Fix normalization of callback for static handler. 38* (T283464) registration: Fix array order for array_replace_recursive merge 39 strategy. 40* (T283539) Interwiki: Fix calling "onInterwikiLoadPrefix" hook. 41* (T282594) Timeless: Re-branch to 40eb3dad1for REL1_36. 42 43== MediaWiki 1.36.0-rc.0 == 44 45== Upgrading notes for 1.36 == 46Don't forget to always back up your database before upgrading! 47 48See the file UPGRADE for more detailed per-version upgrade instructions from the 49oldest supported upgrading version, MediaWiki 1.27. 50 51Some specific notes for MediaWiki 1.36 upgrades are below: 52* MediaWiki 1.36 now requires the PHP internationalization extension (commonly 53 referred to as Intl, ext-intl, or php-intl). 54* The MediaWiki:Autoblock_whitelist block exemption control has been moved to 55 MediaWiki:Block-autoblock-exemptionlist. If you use this feature, please move 56 the MediaWiki:Autoblock_whitelist page. 57* (T275334) $wgExtensionFunctions is sometimes used to change configuration 58 settings. This is not safe; extension functions are run relatively late, some 59 services are already initialized by that point and so they use the old 60 configuration. Changes in 1.36 make this kind of breakage even more common. 61 You can use the MediaWikiServices hook instead. (In the future there might be 62 a dedicated hook for configuration changes.) 63 64For notes on 1.35.x and older releases, see HISTORY. 65 66=== Configuration changes for system administrators in 1.36 === 67The MediaWiki update script, maintenance/update.php, used to accept `--nopurge` 68as an option to prevent clearing caches stored in the database during upgrade. 69This is no longer encouraged, and the option has been removed. 70 71==== New configuration ==== 72* (T256001) $wgManualRevertSearchRadius – This setting controls a new feature 73 that marks edits as reverts if they restore the page to an exact previous 74 state. This configuration variable sets the maximum number of revisions of a 75 page that will be checked against every new edit. Set this to 0 to disable the 76 feature entirely. 77* (T244058) $wgOldRevisionParserCacheExpireTime — This setting was added to 78 control caching of ParserOutput for old (non-current) revisions. 79* (T265263) $wgRememberMe - This setting configures the "remember me" checkbox 80 on account log-in systems via RememberMeAuthenticationRequest. 81* (T157145) $wgSkinMetaTags – This setting lets sysadmins configure skins that 82 support meta tags. These tags make sharing of MediaWiki pages on a variety of 83 social platforms more contentful and thus useful. 84* (T280944) $wgIncludejQueryMigrate - This setting lets sysadmins disable the 85 jQuery Migrate plugin. It has been enabled by default since MediaWiki 1.27. 86 In future releases it will be disabled by default. 87 88==== Changed configuration ==== 89* $wgLogos – This setting selects the logo shown on the site. The default value 90 for the site logo, which is shown in an install if you have not set one, will 91 now be the new logo of MediaWiki. 92* (T274695) $wgAjaxEditStash — This setting, to disable the edit stashing 93 feature when users start writing an edit summary, has been deprecated. In 94 future releases, this feature will always be enabled. 95* $wgUploadStashScalerBaseUrl – This setting, to enable remote on-demand media 96 scaling, was deprecated. Use the `thumbProxyUrl` setting in $wgLocalFileRepo 97 instead. 98* $wgSlaveLagWarning and $wgSlaveLagCritical – These settings have been renamed, 99 to $wgDatabaseReplicaLagWarning & $wgDatabaseReplicaLagCritical respectively. 100 The former configuration variable names are deprecated, but will be used as 101 the fall back if they are still set, and remain temporarily available for 102 extensions which try to read them. 103* $wgWANObjectCaches - The "coalesceKeys" option was removed without deprecation 104 and replaced by a new "coalesceScheme" option, set to "hash_stop" by default. 105 If you use Dynomite, then set the new "coalesceKeys" option to "hash_tag". The 106 "cluster" and "mcrouterAware" options were also removed without deprecation. 107 Use "broadcastRoutingPrefix" instead. 108 109==== Removed configuration ==== 110* $wgUseTwoButtonsSearchForm — This setting, deprecated in 1.35, has been 111 removed. 112* $wgAllowImageMoving — This setting, deprecated in 1.35, has been removed. Use 113 group permission settings instead. For example, to prevent sysops from 114 moving files, set `$wgGroupPermissions['sysop']['movefile'] = false;` 115* $wgExtNewTables, $wgExtNewFields, $wgExtNewIndexes, $wgExtPGNewFields, 116 $wgExtPGAlteredFields, $wgExtModifiedFields — These settings were removed. 117 They became obsolete after 1.17 overhauled the database updater, but were kept 118 for backwards compatibility. The LoadExtensionSchemaUpdates hook should be 119 used instead. 120* $wgParserConf - This setting, deprecated in 1.35, has been removed. The last 121 use of this setting was for pre-processor configuration, which was deprecated 122 in 1.34 and removed in 1.35. 123* $wgEnableRestAPI - This setting, ignored since 1.35, has been removed. 124* $wgPagePropsHaveSortkey – This temporary setting has been removed, along with 125 the schema change upgrade path it controlled. If your site is still using it, 126 meaning you have not yet applied the `pp_sortkey` schema change from 1.24, you 127 must now apply it before upgrading. 128* The deprecated password policies PasswordCannotMatchBlacklist and 129 PasswordNotInLargeBlacklist were removed. Please use 130 PasswordCannotMatchDefaults and PasswordNotInCommonList respectively instead. 131 132=== New user-facing features in 1.36 === 133* The logo of MediaWiki has changed. This means that the "Powered By MediaWiki" 134 button shown in the skin footer will be different. 135* All HTML5 named entities are now accepted in wikitext. 136* (T106263) The file description page's alternate sizes now include 2048px. 137 138=== New developer features in 1.36 === 139* Parser test files can now declare a dependency on a specific extension being 140 loaded, not just on the presence of a certain extension tag hook. This is a 141 better fit for extensions like TimedMediaHandler, which affect the output but 142 don't register parser hooks. Use `extension:Foo` in the `!! hooks` section of 143 your parser test file to declare a dependency on the `Foo` extension being 144 loaded. 145* To expose code previously present in SpecialBlock/SpecialUnblock to other 146 parts of the code, or to extensions, the new BlockUser and UnblockUser command 147 objects were added. Use the BlockUserFactory and UnblockUserFactory services 148 to create them. 149* The hook UsersPagerDoBatchLookupsHook takes now a \Wikimedia\Rdbms\IDatabase, 150 instead of \Wikimedia\Rdbms\DBConnRef, as the first parameter. 151* MediaHandlers can now customize the formatting of the metadata they emit by 152 over-riding MediaHandler::formatTag( $key, $value ). The default for unknown 153 tags is numeric formatting; non-EXIF tags which are non-numeric should always 154 use this method to specify the desired formatting. 155* The new 'title' type can be used to validate action API and REST API inputs. 156* The new ArticleParserOptions hook allows customizing the parser options used 157 to parse wikitext for an article, based on user preferences, title, etc. 158* The new 'raw' type can be used to validate action API inputs. It bypasses the 159 Unicode NFC normalization done on inputs of type 'string', so it more suitable 160 when the input is binary or may contain deprecated Unicode sequences or 161 characters (such as U+2001) that should be passed unmodified. 162* (T260330) A new abstraction for running shell commands has been introduced, 163 called BoxedCommand. A BoxedCommand object can be obtained with 164 MediaWikiServices::getInstance()->getCommandFactory()->createBoxed(). 165* ResourceLoader modules can now mark themselves as ES6-only by setting 166 `'es6' => true` in their module definition. ES6-only modules will not be 167 executed in browsers that don't support ES6, such as IE11. 168 169=== External library changes in 1.36 === 170 171==== New external libraries ==== 172* Added wikimedia/minify 2.2.2. 173* Added wikimedia/request-timeout 1.1.0. 174* Added wikimedia/shellbox 1.0.4. 175* Added WVUI 0.1.0. 176 177==== Changed external libraries ==== 178* Updated composer/semver from 1.5.1 to 3.2.4. 179* Updated guzzlehttp/guzzle from 6.5.4 to 7.2.0. 180* Updated jQuery from v3.4.1 to v3.6.0. 181* Updated jQuery Migrate from v3.1.0 to v3.3.2. 182* Updated jquery.client from 2.0.2 to 3.0.0. 183* Updated OOUI from 0.39.3 to 0.41.3. 184* Updated pear/mail_mime from 1.10.8 to 1.10.9. 185* Updated pear/net_smtp from 1.9.1 to 1.9.2. 186* Updated pimple/pimple from 3.3.0 to 3.3.1. 187* Updated wikimedia/at-ease from 2.0.0 to 2.1.0. 188* Updated wikimedia/cldr-plural-rule-parser from 1.0.0 to 2.0.0. 189* Updated wikimedia/common-passwords from 0.2.0 to 0.3.0. 190* Updated wikimedia/composer-merge-plugin from 1.4.1 to 2.0.1. 191* Updated wikimedia/html-formatter from 1.0.2 to 3.0.1. 192* Updated wikimedia/ip-set from 2.1.0 to 3.0.0. 193* Updated wikimedia/ip-utils from 1.0.0 to 3.0.2. 194* Updated wikimedia/less.php from 3.0.0 to 3.1.0. 195* Updated wikimedia/object-factory from 2.1.0 to 3.0.0. 196* Updated wikimedia/php-session-serializer from 1.0.7 to 2.0.0. 197* Updated wikimedia/remex-html from 2.2.0 to 2.2.2. 198* Updated wikimedia/utfnormal from 2.0.0 to 3.0.2. 199* Updated wikimedia/wait-condition-loop from 1.0.1 to 2.0.1. 200* Updated wikimedia/xmp-reader from 0.7.0 to 0.8.1. 201 202===== Changed development-only external libraries ===== 203* Updated composer/spdx-licenses from 1.5.3 to 1.5.4. 204* Updated doctrine/dbal from 2.10.2 to 3.0.0. 205* Updated doctrine/sql-formatter from 1.1.0 to 1.1.1. 206* Updated mediawiki/mediawiki-phan-config from 0.10.2 to 0.10.6. 207* Updated monolog/monolog from 1.25.3 to 2.2.0. 208* Updated nikic/php-parser from 4.4.0 to 4.10.2. 209* Updated psy/psysh from 0.10.4 to 0.10.5. 210* Updated seld/jsonlint from 1.7.1 to 1.8.3. 211* Updated symfony/yaml from ~3.4|~4.3|~5.0.5 to ~3.4|~5.1. 212* Updated wikimedia/testing-access-wrapper from 1.0.0 to 2.0.0. 213 214==== Removed external libraries ==== 215* The html5shiv library has been removed, as support for Internet Explorer 8 has 216 been dropped. 217* The wikimedia/avro suggested development-only library has been removed, as the 218 support for logging in Avro format has been dropped. 219 220=== Bug fixes in 1.36 === 221* (T190285) ApiEditPage module used to switch 'undo' and 'undoafter' parameters, 222 if it founds you reversed them (based on assumption that higher revision ID 223 indicates a later revision). The assumption is not always true, and is 224 hindering proper edit undoing in some cases, hence the logic has been removed. 225 Reversing the parameters will now lead to edit conflict or undefined behavior. 226* (T263340) In history merging, pages with a content model that does not support 227 redirects will now be recorded as deleted if no revision is being left in the 228 source page (that's if all revisions of the page have been merged to another). 229 230=== Action API changes in 1.36 === 231* (T269636) `Access-Control-Max-Age` was added to the default list of headers 232 allowed for cross-origin API requests ($wgAllowedCorsHeaders). 233* (T258108) Accounts with the 'bot' right no longer have pages automatically 234 added to the watchlist when making API edits, regardless of their preferences. 235 This is to reduce the size of the watchlist data in the database. To add API 236 bot edits to the watchlist, explicitly set the 'watch' option. 237 238=== Languages updated in 1.36 === 239MediaWiki supports over 350 languages. Many localisations are updated regularly. 240Below only new and removed languages are listed, as well as changes to languages 241because of Phabricator reports. 242 243* (T258975) Added a Latin/Cyrillic script converter for the Talysh language. 244* (T245359) Split Bali script locale from "ban" (Balinese) (ban-bali). 245* (T264582) Added language support for Madurese (mad). 246* (T259330) Added language support for Mara (mrh). 247* (T263968) Added language support for Nias (nia). 248* (T270365) Added language support for Tyap (kcg). 249* (T276745) Added language support for Wayuu (guc). 250 251=== Breaking changes in 1.36 === 252* Grade C (non-JavaScript) support for Internet Explorer 8 has been dropped. 253* (T249459) wfIsBadImage(), deprecated in 1.34, has been removed. 254* (T176526) EditPage::getContextTitle() will now throw an exception if a context 255 title was not set using setContextTitle(). Previously, this mis-use would only 256 cause a deprecation warning to be emitted. 257* The DeferredStringifier class, deprecated since 1.31, was removed. 258* Multiple methods that fell back to the $wgUser global variable were 259 individually hard deprecated previously. The following have now been removed: 260 - ApiTestCase::doLogin 261 - Article::doDeleteArticle 262 - Article::doDeleteArticleReal 263 - Article::getComment 264 - Article::getCreator 265 - Article::getUser 266 - Article::getUserText 267 - Article::insertProtectNullRevision 268 - File::delete 269 - File::recordUpload 270 - ForeignDBFile::delete 271 - ForeignDBFile::recordUpload 272 - LocalFile::delete 273 - LocalFile::deleteOld 274 - LocalFile::recordUpload 275 - PageArchive::undelete 276 - RecentChange::markPatrolled 277 - Title::getUserPermissionsErrors 278 - Title::quickUserCan 279 - Title::userCan 280 - WebRequest::getLimitOffset 281 - WikiPage::doDeleteArticle 282 - WikiPage::insertProtectNullRevision 283* The SpecialPageFactory class, deprecated in 1.32, has been removed. Use the 284 SpecialPageFactory service instead. 285* Multiple methods previously had optional User parameters, with fallbacks 286 to the $wgUser global variable. Not passing a User to those methods was 287 previously hard deprecated, and support for not passing a User has now 288 been removed: 289 - ArchivedFile::userCan 290 - File::userCan 291 - FileDeleteForm::__construct 292 - FileDeleteForm::doDelete 293 - LocalFileDeleteBatch::__construct 294 - LogEventsList::getExcludeClause (only needed for the 'user' audience) 295 - LogEventsList::userCan 296 - LogEventsList::userCanBitfield 297 - LogEventsList::userCanViewLogType 298 - LogPage::addEntry (also accepts user id instead) 299 - OldLocalFile::userCan 300 - PatrolLog::record 301 - Title::getNotificationTimestamp (though the entire method is deprecated) 302 - WikiPage::getComment (only needed for the FOR_THIS_USER audience) 303 - WikiPage::getCreator (only needed for the FOR_THIS_USER audience) 304 - WikiPage::getUser (only needed for the FOR_THIS_USER audience) 305 - WikiPage::getUserText (only needed for the FOR_THIS_USER audience) 306* The following hooks have been removed: 307 - APIQueryInfoTokens 308 - APIQueryRecentChangesTokens 309 - APIQueryRevisionsTokens 310 - APIQueryUsersTokens 311 - ApiTokensGetTokenTypes 312* LogEventsList::typeAction previously accepted an optional right parameter, and 313 checked if the context user ($wgUser) had that right. Passing a right was hard 314 deprecated in 1.35, and support for passing a right has now been removed. 315* WikiPage::doDeleteArticleReal previously accepted an optional user as its 316 fifth parameter, and fell back to $wgUser if not user was provided. The 317 signature changed to have the user as the second parameter, and the old 318 signature was hard deprecated in 1.35. Support for the old signature has now 319 been removed. 320* User::addNewUserLogEntry, deprecated since 1.27, was removed. 321* As part of refactoring the EditPage class, EditPage::setPreloadedContent, 322 which had no known callers was removed entirely. Additionally, the following 323 public methods were made private: 324 - ::extractSectionTitle 325 - ::getSummaryInputWidget 326 - ::noSuchSectionPage 327 - ::initialiseForm 328* EditPage::matchSpamRegex and ::matchSummarySpamRegex, deprecated in 1.35, 329 were removed. Use the SpamChecker service instead. 330* The global function `wfWaitForSlaves`, deprecated in 1.27 and hard-deprecated 331 in 1.35, has been removed. Use LBFactory::waitForReplication() instead. 332* Calling Action::factory() with null as the first parameter, rather than a 333 string, was deprecated in 1.35 and support was now removed. 334* Calling Action::factory() with an object that wasn't an Article as the second 335 parameter was deprecated in 1.35 and support was now removed. 336* The global variable $wgMemc, deprecated since 1.35, has been removed. Usage 337 should generally be migrated to WANObjectCache, or if you really need the 338 internal object, use ObjectCache::getLocalClusterInstance instead. 339* The preprocessDump.php maintenance script was removed. 340* CategoryFinder, which was deprecated in 1.31 and hard-deprecated in 1.35, 341 has been removed. 342* GenderCache::singleton(), which was deprecated in 1.28 and hard-deprecated 343 in 1.35, has been removed. 344* Sanitizer::escapeId(), deprecated in 1.30, has been removed. 345* Direct invocation of Parser::__construct() (instead of via a ParserFactory) 346 now throws an exception; support has also been removed for several 347 deprecated variants on the arguments passed to Parser::__construct. 348 Direct invocation of Parser::__construct was deprecated in 1.34. 349* Parser::setFunctionTagHook(), deprecated in 1.35, has been removed. 350* The following properties of Parser, deprecated in 1.35, have been made 351 private: 352 - $mTagHooks - use Parser::getTags() 353 - $mFunctionHooks - use Parser::getFunctionHooks() 354 - $mOutput - use Parser::getOutput() 355 - $mPreprocessor - use Parser::getPreprocessor() 356* The ParserBeforeTidy hook, deprecated in 1.35, has been removed. 357* The ParserBeforeTidy, ParserBeforeStrip, and ParserAfterStrip hooks, 358 deprecated in 1.35, have been removed. 359* All methods of MWTidy except for MW::tidy() have been removed. These were each 360 either marked as @internal or deprecated in 1.35. 361* (T248062) Mixins `.background-image-svg()` and `.background-image-svg-quick()` 362 (provided by mediawiki.mixins.less), which have been deprecated since 1.35, 363 have now been removed. MediaWiki no longer supports any browser which would 364 require this SVG-fallback PNG support, so you can simply use the regular CSS 365 `background-image:` declaration instead. 366* The ResourceLoader module `mediawiki.legacy.oldshared` and its file 367 'oldshared.css', deprecated since 1.35 has been removed (T248357). 368* `ResourceLoader::__construct` now requires a Config parameter. The optional 369 nature of this parameter was deprecated in 1.34. 370* The LinkBegin and LinkEnd hooks, deprecated in 1.28, have been removed. You 371 can instead use the HtmlPageLinkRendererBegin and HtmlPageLinkRendererEnd 372 hooks, respectively. 373* The EmailUser hook passes its fifth param, $error, by reference, to allow 374 hook handlers to add error messages, indicate that they have sent the email 375 instead of core, etc. Setting the parameter to something other than a 376 Status object, true, false, an empty string, an array, or a MessageSpecifier, 377 object, which had been deprecated in 1.29, is no longer supported, and now 378 results in an MWException being thrown. 379* Skin::getDynamicStylesheetQuery(), deprecated in 1.32, has been removed. You 380 should use action=raw&ctype=text/css directly. 381* Skin::makeI18nUrl(), deprecated in 1.35, has been removed. 382* The following User methods, deprecated and moved to BlockManager in 1.34, were 383 removed: 384 - ::isDnsBlacklisted 385 - ::inDnsBlacklist 386 - ::isLocallyBlockedProxy 387 - ::trackBlockWithCookie 388* Support for v1 of the parser tests file format has been removed; it was 389 deprecated in 1.35. (T174199) 390* SpecialUnblockUser::processUIUnblock() now returns a Status object instead of 391 an array of messages or a boolean value. This function was also marked as 392 @internal and is no longer safe to call it publicly. 393* mw.Title.getDotExtension() from the 'mediawiki.Title' module was removed 394 without deprecation. You should use mw.Title.getExtension() and prepend the 395 dot if need be. 396* Profiler::getTemplated and Profiler::setTemplated, deprecated in 1.34, have 397 been removed. 398* DatabaseMysqlBase now requires MySQL version 5.6.4+ when "lagDetectionMethod" 399 is set to "pt-heartbeat". 400* Removed HookContainer::getOriginalHooksForTest() without deprecation. This 401 method was introduced in 1.35 for internal use, and appears unused outside of 402 MediaWiki core. 403* ParserCache::__construct() now requires three parameters. 404* Message->getFormat(), deprecated in 1.29, has been removed. 405* Support for passing Article to ParserCache::get, deprecated in 1.35, has been 406 removed. 407* ParserCache::singleton(), deprecated in 1.30, has been removed. 408* DatabaseBlock::deleteIfExpired and ::fromMaster, deprecated in 1.35, have been 409 removed. 410* Some deprecated AbstractBlock methods have been removed: 411 - ::prevents, deprecated in 1.33 412 - ::shouldTrackWithCookie, deprecated in 1.34 413 - ::getBlocker, deprecated in 1.35 414 - ::setBlocker, deprecated in 1.35 415 - ::getBlockErrorParams, deprecated in 1.35 416* Multiple DatabaseBlock methods dealing with cookies, deprecated in 1.34, 417 have been removed: 418 - ::setCookie 419 - ::clearCookie 420 - ::getCookieValue 421 - ::getIdFromCookieValue 422 - ::shouldTrackWithCookie 423* The public static callback function SpecialUnblock::processUIUnblock has been 424 removed. This method was for internal use only, and appears unused outside of 425 MediaWiki core. 426* ChangeTags::truncateTagDescription, deprecated in 1.35, has been removed. 427* Deprecated null fallbacks in PasswordReset constructor have been removed. 428* User::isEveryoneAllowed and User::getAllRights, deprecated in 1.34, has been 429 removed. 430* The following methods of the UserGroupMembership class, deprecated in 1.35, 431 has been removed: 432 - ::initFromRow 433 - ::newFromRow - use UserGroupManager::newGroupMembershipFromRow 434 - ::selectFields - use UserGroupManager::getQueryInfo 435 - ::delete - use UserGroupManager::removeUserFromGroup 436 - ::insert - use UserGroupManager::addUserToGroup 437 - ::purgeExpired - use UserGroupManager::purgeExpired 438 - ::getMembershipsForUser - use UserGroupManager::getUserGroupMemberships 439 - ::getMembership - use UserGroupManager::getUserGroupMemberships 440* The public static callback function SpecialBlock::validateTargetField has been 441 removed. This method was for internal use only, and appears unused outside of 442 MediaWiki core. 443* The public static callback function SpecialUploadStash::tryClearStashedUploads 444 has been removed. This method was for internal use only, and appears unused 445 outside of MediaWiki core. 446* SpecialComparePages::showDiff() ::revOrTitle(), ::checkExistingTitle(), and 447 ::checkExistingRevision() were marked as @internal to allow for breaking 448 changes. They are no longer safe to call. The methods were unused outside of 449 MediaWiki core. 450* Each special page within core now uses service injection via it constructor. 451 When extending these special pages, a call to the grandparent constructor 452 (`SpecialPage::__construct()`) in the sub-class would now break the derived 453 special page, as the fallback code in the parent constructor cannot set the 454 services as needed. Be sure to call the parent constructor when extending 455 core special pages. Extending core's special pages is not part of the stable 456 interface, and should generally be avoided. 457* Language::getExtraUserToggles and ::viewPrevNext, deprecated in 1.34, have 458 been removed. 459* StreamFile::send404Message and ::parseRange, deprecated in 1.34, have been 460 removed. 461* SVGMetadataExtractor class, deprecated in 1.34, has been removed. 462* ProcessCacheLRU class, deprecated in 1.32, has been removed. 463* wfForeignMemcKey(), deprecated in 1.35, has been removed. 464* LoadBalancer::safeWaitForMasterPos(), deprecated in 1.34, has been removed. 465* JobQueue::factory() now requires its `idGenerator` option. The optional 466 nature of this option was deprecated in 1.35. 467* ApiFeedRecentChanges::getFeedObject has been changed to private, and appears 468 unused outside of MediaWiki core. 469* Skin::subPageSubtitle() has been changed to private method. Callers should 470 use Skin::prepareSubtitle(). 471* RevisionDeleter::checkRevisionExistence was removed without deprecation. 472 It had no known callers. 473* wfForeignMemcKey() and wfMemcKey(), deprecated in 1.35, have been removed. 474* MediaWiki now also requires the php-intl extension. 475* BotPassword::save() now returns a Status object for the result rather than 476 a bool. 477* The methods in CoreTagHooks have been marked @internal and type hints have 478 been added. The methods appeared to be unused outside of MediaWiki core. 479* SquidPurgeClient and SquidPurgeClientPool, deprecated since 1.35, have been 480 removed. 481* Several methods on WikiPage will now throw an exception when called on a 482 WikiPage instance that where constructed on a title that does not refer to a 483 proper page (but rather a special page or interwiki link). The behavior was 484 previously undefined and could in some cases lead to data corruption. Affected 485 methods are: getId(), insertOn(), newPageUpdater(), doUpdateRestrictions(), 486 doDeleteArticleReal(), doRollback(), and doEditContent(). 487* The ParserTestRunner no longer invokes the ParserTestTables hook. Instead, it 488 clones all database tables before running tests, like MediaWikiIntegrationTest 489 does. If an extension was mis-using the hook to *exclude* tables from the 490 clone, that will no longer occur, and tests may fail. 491* The following classes, which were only loaded for tests and had no uses found 492 in public MediaWiki-related git, were removed: 493 - MockWebRequest 494 - UserWrapper 495* Passing Title as a second parameter to RevisionStore::getPreviousRevision and 496 getNextRevision, hard deprecated since 1.31, was prohibited. 497* (T275619) Maintenance::hasOption and Maintenance::getOption now behave as 498 documented and are not altered by previous calls to these methods. 499* The internal class FirejailCommand was removed. 500* Command::execute() now returns a Shellbox\Command\UnboxedResult instead of a 501 MediaWiki\Shell\Result. Any type hints should be updated. 502* WikiPage::$mIsRedirect was removed. 503* ObjectCache::detectLocalServerCache(), deprecated in 1.35, was removed. 504* The following functions from the Title class have been removed: 505 - countRevisionsBetween 506 - getAuthorsBetween 507* The PageProps class was converted to a service. PageProps::overrideInstance 508 was removed, and MediaWikiServices::redefineService should be used 509 instead. 510* Support for creating a MediaWikiTitleCodec object without the InterwikiLookup 511 and NamespaceInfo services, deprecated in 1.34, was removed. Note that the 512 MediaWikiTitleCodec class is not @newable or @stable to create, and should 513 be retrieved from MediaWikiServices instead. 514* The $wgContLang variable, deprecated in 1.32, was removed. You can instead use 515 MediaWikiServices::getInstance()->getContentLanguage(). 516* User::clearAllNotifications(), hard deprecated in 1.35, was removed. Use 517 WatchlistManager::clearAllUserNotifications() instead. 518* DatabaseBlock::getBlocker can return any UserIdentity instance, not just User. 519* MediaWiki::triggerJobs(), deprecated in 1.34, was removed. 520* The following Article methods, deprecated in 1.35, were removed: 521 - checkFlags 522 - checkTouched 523 - clearPreparedEdit 524 - doDeleteUpdates 525 - doEditUpdates 526 - doPurge 527 - doViewUpdates 528 - exists 529 - followRedirect 530 - getAutoDeleteReason 531 - getCategories 532 - getContentHandler 533 - getContentModel 534 - getContributors 535 - getDeletionUpdates 536 - getHiddenCategories 537 - getId 538 - getLatest 539 - getLinksTimestamp 540 - getMinorEdit 541 - getOldestRevision 542 - getRedirectTarget 543 - getRedirectURL 544 - getRevision 545 - getTouched 546 - getUndoContent 547 - hasViewableContent 548 - insertOn 549 - insertRedirect 550 - insertRedirectEntry 551 - isCountable 552 - isRedirect 553 - loadFromRow 554 - loadPageData 555 - lockAndGetLatest 556 - makeParserOptions 557 - pageDataFromId 558 - pageDataFromTitle 559 - prepareContentForEdit 560 - protectDescription 561 - protectDescriptionLog 562 - replaceSectionAtRev 563 - replaceSectionContent 564 - setTimestamp 565 - shouldCheckParserCache 566 - supportsSections 567 - triggerOpportunisticLinksUpdate 568 - updateCategoryCounts 569 - updateIfNewerOn 570 - updateRedirectOn 571 - updateRevisionOn 572 - doUpdateRestrictions 573 - updateRestrictions 574 - doRollback 575 - commitRollback 576 - generateReason 577* The monolog-based logging system has dropped the Avro format. Because of this, 578 the AvroFormatter class and the AvroValidator utility class have been removed 579 without deprecation. 580* AbstractBlock::$mReason, deprecated in 1.34, was removed. 581 Use AbstractBlock::getReasonComment and AbstractBlock::setReason instead. 582 583=== Deprecations in 1.36 === 584* (T278026) The DB_MASTER constant has been deprecated in favour of DB_PRIMARY. 585* (T245963) User::getGrantName() is now hard deprecated and will be removed in 586 a subsequent release. Use MWGrants::grantName() instead. 587* wfIncrStats() is now deprecated. Use MediaWikiServices::getInstance() 588 ->getStatsdDataFactory()->updateCount() instead. 589* WikiPage::doEditContent() is now deprecated. Use 590 WikiPage::doUserEditContent() instead. Note that doEditContent() was also 591 deprecated in 1.32 for unrelated reasons and doUserEditContent() is 592 deprecated for other reasons, however, using doUserEditContent() is 593 recommended over using doEditContent(). 594* WikiPage::doUserEditContent() is now deprecated. Use 595 PageUpdater::saveRevision instead. Note that the new method expects callers 596 to take care of checking EDIT_MINOR against the minoredit right, and to apply 597 the autopatrol right as appropriate. 598* LocalFile::recordUpload2, soft deprecated in 1.35, now emits deprecation 599 warnings. Use ::recordUpload3 instead. 600* Constructing a new instance of the ParserOptions class without providing 601 a User object, which falls back to the global $wgUser, is now deprecated. 602* The User class, which was marked as @newable in 1.35, is no longer newable, 603 meaning that it is no longer safe to manually call the constructor via 604 `new User`. Instead, use the UserFactory service. Additionally, the 605 following static constructor methods were deprecated in favor of using the 606 UserFactory service: 607 - User::newFromName 608 - User::newFromId 609 - User::newFromActorId 610 - User::newFromIdentity 611 - User::newFromAnyId 612 - User::newFromConfirmationCode 613* The following User methods have been hard deprecated in favor of the new 614 UserEditTracker service: 615 - User::getFirstEditTimestamp 616 - User::getLatestEditTimestamp 617* The confusingly-named User->isLoggedIn() method has been deprecated in favour 618 of the method it wraps, User->isRegistered(). 619* Use of the `preprocessor=Preprocessor_DOM` option in parser test files has 620 been deprecated. Preprocessor_DOM was removed in 1.35. 621* ParserOptions::setTidy() has been deprecated. It has had no effect since 622 1.35. 623* Sanitizer::escapeIdReferenceList() has been deprecated; it will eventually 624 be made private to the class, as it appears to have no uses outside the 625 Sanitizer class. 626* Sanitizer::hackDocType() is deprecated; it will eventually be made private. 627* Skin::getIndicatorsHTML() is deprecated. The functionality can be retained 628 by reimplementing the method using the raw indicators data from 629 OutputPage::getIndicators. 630* Skin::makeVariablesScript() has been deprecated. Use 631 ResourceLoader::makeInlineScript() instead. 632* SpecialPageFactory::getRestrictedPages() has been deprecated. 633 Use SpecialPageFactory::getUsablePages() instead. 634* Title::nameOf() is deprecated; use Title::newFromID()->getPrefixedDBkey() 635 instead. 636* DatabaseBlock::insert, DatabaseBlock::update, DatabaseBlock::purgeExpired and 637 DatabaseBlock::delete are deprecated. Use DatabaseBlockStore::insertBlock, 638 DatabaseBlockStore::updateBlock, DatabaseBlockStore::purgeExpiredBlocks and 639 DatabaseBlockStore::deleteBlock instead. 640* SpecialBlock::getTargetAndType and AbstractBlock::parseTarget are deprecated. 641 Call BlockUtils::parseBlockTarget instead. 642* SpecialUnblock::processUnblock was deprecated - use UnblockUserFactory 643 service instead. 644* Deprecated MediaWikiIntegrationtestCase::removeTemporaryHook() in favor of 645 MediaWikiIntegrationtestCase::clearHook(). 646* Skin::getSearchLink(), also exposed as 'searchaction' option in SkinTemplate, 647 has been deprecated. Use Title or SpecialPage methods directly. 648* Skin::getAllowedSkins and ::getSkinNames have been deprecated. Use their 649 respective equivalents in SkinFactory instead. 650* The RollbackComplete hook has been deprecated, use the PageSaveComplete hook 651 instead. 652* Skin::makeUrl() has been deprecated. Title methods should be used instead. 653* Skin::privacyLink(), Skin::disclaimerLink() and Skin::aboutLink() have been 654 deprecated. Please use Skin::footerLink() instead. 655* Skin::getLogo() has been deprecated. Use ResourceLoaderSkinModule instead. 656* The module `mediawiki.toc.styles` has been replaced by 657 ResourceLoaderSkinModule. If you are having problems styling table of contents 658 ensure you have an updated skin. 659* Skin::mainPageLink() has been deprecated. Use LinkRenderer service instead. 660* BaseTemplate::getToolbox() method has been hard deprecated. The toolbox data 661 is now available in a sidebar data array which you can get from any class 662 that's extending QuickTemplate class. 663* Constructing a DefaultPreferencesFactory, LinkHolderArray or PasswordReset 664 without a $hookContainer parameter is deprecated. 665* Autopromote class, soft deprecated since 1.35, now emits deprecation warnings. 666 Use UserGroupManager instead. 667* SpecialBlock::canBlockEmail has been deprecated. Please use 668 BlockPermissionChecker::checkEmailPermissions instead. 669* SpecialBlock::checkUnblockSelf has been deprecated. Please use 670 BlockPermissionChecker::checkBlockPermissions instead. 671* SpecialBlock::parseExpiryInput was deprecated - use 672 BlockUser::parseExpiryInput instead. 673* SpecialBlock::validateTarget has been deprecated, use BlockUtils instead. 674* SpecialBlock::validateTargetField has been deprecated for external use, 675 use BlockUtils instead. 676* SpecialPage::getLanguageConverter has been deprecated, use 677 LanguageConverterFactory::getLanguageConverter() directly. 678* ParserCache::getKey has been deprecated. Use ParserCache::getMetadata and 679 ParserCache::makeParserOutputKey instead. 680* The PHPUnit4And6Compat class, used to provide compatibility with PHPUnit 4, 681 was removed. MediaWiki support for PHPUnit 4 ended with the removal of HHVM 682 support. 683* The PHPUnit6And8Compat class, used to provide compatibility with PHPUnit 6, 684 was removed without deprecation. This class was introduced during the 685 upgrade to PHPUnit 8, but never used. 686* MediaWikiIntegrationTestCase::assertType, hard-deprecated in 1.35 due to 687 incompatibility with PHPUnit 8, was removed. 688* ParserCache::getETag has been deprecated, instead build suitable etag 689 explicitly. 690* The following functions from the Language class have been hard deprecated 691 and will be removed in a subsequent release: 692 - findVariantLink 693 - convertTitle 694 - updateConversionTable 695 - commafy 696* The following functions from the Title class have been hard deprecated: 697 - getPreviousRevisionID 698 - getNextRevisionID 699 - getEarliestRevTime 700* The following functions from the User class have been hard deprecated: 701 - getDefaultOptions 702 - getDefaultOption 703* The mw.language.commafy client-side method has been deprecated, to match 704 the deprecation of Language::commafy. Use mw.language.convertNumber 705 instead. 706* The "es6-promise" module has been deprecated. Use "es6-polyfills" instead. 707* Title::isDeleted() and Title::isDeletedQuick() have been deprecated. Please 708 use Title::getDeletedEditsCount() and Title::hasDeletedEdits() instead. 709* Article::getContentObject, soft-deprecated since 1.32, was hard-deprecated. 710* WikiRevision::importUpload, soft-deprecated since 1.31, was hard-deprecated. 711* Html::infoBox() has been deprecated. There's no replacement. 712* Message::toString() without a $format parameter, soft-deprecated since 1.28, 713 was hard-deprecated. Use explicit formatting methods instead, such as 714 Message::text() and Message::escaped(). 715* BagOStuff::makeKeyInternal() usage outside of BagOStuff has been deprecated. 716* BagOStuff::setDebug() is deprecated and calls to it are ignored. Debug logs 717 are now unconditionally enabled. 718* The following global functions have been hard deprecated: 719 - wfAppendToArrayIfNotDefault 720 - wfAcceptToPrefs 721 - wfClearOutputBuffers 722 - wfConfiguredReadOnlyReason 723 - wfDebugMem 724 - wfGetPrecompiledData 725 - wfNegotiateType 726* BeforeParserFetchTemplateAndtitleHook has been deprecated; replace 727 with the new BeforeParserFetchTemplateRevisionRecord hook. (The 728 similar ParserFetchTemplateHook was deprecated in 1.35; the new hook 729 replaces both.) 730* The InterwikiLoadPrefix hook has been deprecated; it is not compatible 731 with future wikitext parsers (which need to enumerate all interwiki 732 prefixes). In test cases please use $wgInterwikiCache instead. 733* WikiPage instances should no longer be constructed for titles that do not 734 represent editable pages (e.g. special pages). WikiPages were always 735 documented to represent "MediaWiki article and history". 736* Skin::getSkinStylePath() has been deprecated. Please replace usages with 737 the direct path to the resources. 738* The second argument of EnhancedChangesList::getDiffHistLinks, $query, has 739 been deprecated. 740* The ParserTestTables hook has been deprecated; it is no longer necessary 741 after a ParserTestRunner refactoring. 742* The following classes have been hard deprecated: CachedAction, 743 SpecialCachedPage, CacheHelper, ICacheHelper. They were unused in MediaWiki 744 ecosystem, so no replacement was provided. 745* The ProtectionForm::buildForm hook has been deprecated. Please use the 746 ProtectionFormAddFormFields hook instead. 747* RevisionStore::newMutableRevisionFromArray has been hard deprecated. Instead, 748 MutableRevisionRecord should be constructed directly via constructor. 749* UserIdentity::getActorId() is deprecated. The actor ID should not be exposed 750 to application logic. Storage layer code should use the ActorNormalization 751 service for normalizing and denormalizing user names. 752* Constructing a UserIdentityValue with an actor ID as the third parameter is 753 deprecated. The parameter should be omitted. Storage layer code should use 754 the ActorNormalization service for normalizing and denormalizing user names. 755* Command::cgroup() is deprecated and no longer functional. $wgShellCgroup is 756 now implemented as an Executor option. 757* Command::restrict() is deprecated. Instead use the new separate accessors. 758* MWTidy::tidy() is deprecated. Use MediaWikiServices::getTidy()-tidy() instead. 759* TidyDriverBase::supportsValidate() is deprecated; it has always returned 760 false since 1.33. 761* WatchedItem::getUser hard-deprecated in favor of ::getUserIdentity. 762* WatchedItemStoreInterface::enqueueWatchlistExpiryJob was hard deprecated in 763 favor of the new method maybeEnqueueWatchlistExpiryJob that takes care of 764 relevant configuration checks. 765* LogEntry::getPerformer() and its implementations have been hard-deprecated, in 766 favor of ::getPerformerIdentity(). 767* AuthManager::singleton(), deprecated in 1.35, is hard deprecated. Use 768 MediaWikiServices::getAuthManager() instead. 769* User::clearNotification(), deprecated in 1.35, is hard deprecated. Use 770 WatchlistManager::clearTitleUserNotification() instead. 771* Passing string to DatabaseBlock::setBlocker was deprecated. Only UserIdentity 772 is now allowed. 773* DatabaseBlock constructor 'byText' option was deprecated in favour of 'by' 774 option, which now accepts UserIdentity. Passing user ID is deprecated. 775* Parser::getUser was deprecated. Use Parser::getUserIdentity instead. 776* DatabaseBlock::isWhitelistedFromAutoblocks was deprecated. Use 777 DatabaseBlock::isExemptedFromAutoblocks instead. 778* User::isIPRange(), deprecated in 1.35, is hard deprecated. 779 Use the UserNameUtils service or IPUtils directly. 780* BaseTemplate::getFooterIcons(), deprecated in 1.35, is hard deprecated. Read 781 footer icons from template data requested via $this->get('footericons'). 782* `box-shadow()` LESS mixin from mediawiki.mixins is deprecated due to updated 783 basic browser support. Use unprefixed property `box-shadow:` instead. 784* MergeHistory::checkPermissions was deprecated. Use ::probablyCanMerge or 785 ::authorizeMerge instead. 786* User::isValidUserName(), deprecated in 1.35, is hard deprecated. 787 Use the UserNameUtils service instead. 788* The TitleArrayFromResult hook has been deprecated. 789* The EditPageBeforeEditToolbar hook has been deprecated; it has become 790 defunct after the classic edit toolbar was removed. Use one of the many 791 other EditPage hooks instead. 792* Deprecated the class name MediaWiki\User\WatchlistNotificationManager; use 793 MediaWiki\Watchlist\WatchlistManager instead. Deprecated the method 794 MediaWikiServices->getWatchlistNotificationManager(); use 795 MediaWikiServices->getWatchlistManager() instead. 796* The "ArticleEditUpdatesDeleteFromRecentchanges" hook, deprecated in 1.35, has 797 been removed. Other hooks like "RecentChange_save" can be used instead. 798 799=== Other changes in 1.36 === 800* The 'tidy' key in ParserOptions (used in the parser cache) has been removed. 801 It has had no effect since 1.35. 802* A future release of MediaWiki will make `{{=}}` a built-in parser function, 803 for use when automatically escaping the `=` character in template arguments. 804 A tracking category and parser warning have been added to this release when 805 `{{=}}` is used and it expands to something other than `=`. 806* The implementation of TestFileReader::read has been changed to use Parsoid's 807 parser test file parser. This should be compatible with existing code, but it 808 only supports version 2 of the test file specification and may be more strict 809 when parsing invalid input, including duplicate tests. 810* BeforeParserFetchTemplateRevisionRecord, a new hook, unifies and replaces the 811 old BeforeParserFetchTemplateAndtitleHook and ParserFetchTemplateHook. 812* The SkinLessImportPaths attribute was added, allowing skins to add a directory 813 to the import path for LESS stylesheets. Skins can use this to provide a 814 custom version of mediawiki.skin.variables.less, setting skin-specific values 815 for certain LESS variables. 816* The interaction between ContentHandler::getParserOutputForIndexing() and 817 ContentHandler::getDataForSearchIndex() has been clarified (the latter should 818 only be called with the result of the former). Extensions may override 819 getParserOutputForIndexing() to skip generating HTML, which may improve 820 indexing performance. (The default implementation still generates HTML, and 821 getDataForSearchIndex() implementations can still rely on it if they do not 822 over-ride getParserOutputForIndexing().) 823* Article::fetchContentObject, ::mContentObject, ::mContentLoaded, 824 ::mRevIdFetched, all deprecated since 1.32, were removed. 825* Article::mParserOptions and ::setParserOptions were removed. 826* Article and ImagePage::getEmptyPageParserOutput, unused, were removed. 827* ParserCache's default serialization format was changed from PHP serialization 828 to JSON serialization. In case some installed extension do not support JSON 829 yet, $wgParserCacheUseJson can be used to revert back to PHP serialization. 830* PermissionManager::groupHasPermission, ::getGroupPermissions and 831 ::getGroupsWithPermission were deprecated, use GroupPermissionsLookup 832 service instead. 833* WatchedItemStoreInterface now accepts PageIdentity where it accepted 834 LinkTarget, calling with LinkTarget was deprecated. 835* 'movable' attribute has been added to the 'namespaces' property of 836 extension.json schema. Extensions that define namespaces can set it to 837 `false` to disallow moving pages in the specified namespace. Extensions 838 should either use this or NamespaceIsMovableHook, but not both. The hook 839 overrides the attribute. 840 841== Compatibility == 842 843MediaWiki 1.36 requires PHP 7.3.19 or later and the following PHP extensions: 844 845* ctype 846* dom 847* fileinfo 848* iconv 849* intl 850* json 851* mbstring 852* xml 853 854MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used, 855but support for them is somewhat less mature. 856 857The supported versions are: 858 859* MySQL 5.5.8 or later 860* PostgreSQL 9.4 or later 861* SQLite 3.8.0 or later 862 863== Online documentation == 864Documentation for both end-users and site administrators is available on 865MediaWiki.org, and is covered under the GNU Free Documentation License (except 866for pages that explicitly state that their contents are in the public domain): 867 868 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation 869 870== Mailing list == 871A mailing list is available for MediaWiki user support and discussion: 872 873 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l 874 875A low-traffic announcements-only list is also available: 876 877 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce 878 879It's highly recommended that you sign up for one of these lists if you're 880going to run a public MediaWiki, so you can be notified of security fixes. 881 882== IRC help == 883There's usually someone online in #mediawiki on irc.libera.chat. 884 885= MediaWiki 1.35 = 886 887== MediaWiki 1.35.3 == 888 889This is a security and maintenance release of the MediaWiki 1.35 branch. 890 891=== Changes since MediaWiki 1.35.2 === 892* (T259685) SQLite compatibility with ZeroConf VisualEditor was fixed in 1.35.2. 893* (T196906, T242751) Fix the test MonologSpiTest::testDefaultChannel. 894* (T279964) Parser: Trim trailing whitespace as the last step in pre-save 895 transform. 896* (T278026) rdbms: Add DB_PRIMARY to replace DB_MASTER. 897* (T252853) Update updateSearchIndex.php to 2006+ standards. 898* (T276945) Define a batch size in maintenance/manageJobs.php. 899* (T276945) Implement JobQueueDB::getAllAbandonedJobs. 900* (T269676) authevents: strval() variables passed to status when logging. 901* (T280944) $wgIncludejQueryMigrate - This setting allows the jQuery Migrate 902 plugin to be disabled. It has been enabled by default since MediaWiki 1.27. 903* (T281584) apihelp-query+iwlinks-param-prop: s/interlanguage/interwiki/. 904* (T281635) Delete maintenance/cleanupAncientTables.php. 905* (T282133) RedisConnectionPool: Suppress phan issue. 906* (T281549) WebInstaller: Don't show the announce-l subscribe 907 checkbox temporarily. 908* (T278266) Fix annoying E_NOTICE about undefined 'alt' index in 909 Skin#makeFooterIcon. 910* (T264214) UserRightsProxy::addGroup has to be allowed to update the 911 old group as well, which is used for granting interwiki rights. 912* (T269776, T278266) getFooterIcons should not return empty arrays. 913* (T274966) Skip AvroFormatterTest::testSchemaNotAvailable on PHP 8.0. 914* phpunit: fail on warnings. 915* (T283247) Freenode -> Libera per wikimedia moving from 916 freenode to libera. 917* (T243124) Make phpunit:unit accept extension*.json to populate the classes. 918* (T142663) Add extension.json merge strategy "provide_default". 919* (T283540) HookContainer: Fix normalization of callback for static handler. 920* (T283464) Fix array order for array_replace_recursive merge strategy. 921* (T247223) Optimise MessageCache::isMainCacheable() for the single-message 922 case. 923* (T278579) Don't send headers on ob_end_clean(). 924* (T280226, CVE-2021-35197) SECURITY: Prevent blocked users from purging 925 pages. 926 927== MediaWiki 1.35.2 == 928 929This is a security and maintenance release of the MediaWiki 1.35 branch. 930 931MediaWiki 1.35.2 supports Composer 2.0. It is reccommended to make sure your 932libraries are up to date on Composer 1.x, before running Composer 2.x. 933 934While normally running update.php isn't required for point releases, 935it is recommended to run it for 1.35.2 so that iwlinks.iwl_prefix is 936updated to take 32 characters. 937 938=== Changes since MediaWiki 1.35.1 === 939* (T270450) The confusingly-named User->isLoggedIn() method has been deprecated 940 in favour of the method it wraps, User->isRegistered(). 941* Upgrade pimple/pimple from 3.3.0 to 3.3.1 for PHP 8.0 support. 942* Upgrade seld/jsonlint from 1.7.1 to 1.8.3 for PHP 8.0 support. 943* Upgrade doctrine/dbal from 2.10.4 to 3.0.0 for PHP 8.0 support. 944* (T270734) Fix display of Special:Preferences URL in password reset email. 945* (T252774, T271441) resourceloader: Give SkinModule 'features' option an 946 extensible default. 947* (T271441) Unknown features shouldn't break style output. 948* (T264986) Make use of CURLMOPT_MAX_HOST_CONNECTIONS conditional on having 949 curl >= 7.30.0. 950* DefaultSettings.php: Update $wgPingback documentation. 951* Fix docs for LanguageConverter::translate. 952* (T272250) Don't rely on implicit string->int cast in comparison. 953* (T272327) Exif::isSlong: Cast input to float so PHP 8.0 abs() doesn't whine. 954* (T272328) UploadBase: Don't call MimeAnalyzer if mTempPath is null. 955* Remove nonfunctional default sampling for WANObjectCache metrics. 956* (T258851) Prevent service injection to LoadExtensionSchemaUpdates hook. 957* (T270852) Hooks: Map dash character to underscore when generating hook names. 958* (T271551, T270145) Fix fetching ipblock-exempt within 959 BlockManager::getUserBlock. 960* PHPVersionCheck: The PHP Group only supports PHP >= 7.3.0. 961* (T248925) Set empty closures in DatabaseTest to fix PHP 8 tests. 962* (T34217) rdbms: Remove outdated MySQL 4 references and fix doc URLs. 963* (T248925) Special:Contributions reports negative namespace error on PHP 8. 964* (T248925) objectcache: Fix non-numeric string check in HashBagOStuff for 965 PHP 8. 966* (T248925) Fix CacheTime::getCacheExpiry for PHP 8. 967* (T259685) Allow REST API POST handlers to opt out of mandatory SQLite locking. 968* (T91820, T259685) MWLBFactory: rename magic HTTP header for opting out of 969 SQLite write lock. 970* (T272326) Fix DeprecationHelperTest on PHP 8. 971* Upgrade wikimedia/less.php from 3.0.0 to 3.1.0 for PHP 8.0 support. 972* (T236639) OutputPage: Make $wgDebugRedirects work again. 973* (T274648) registration: Allow reusing cached metadata between wikis. 974* CdnCacheUpdate: Send full URL instead of path to Curl for purge. 975* Upgrade monolog/monolog from 1.25.3 to 2.2.0 for PHP 8.0 support. 976* FileBackend: Do not use SOCKET_ENOENT on windows. 977* (T275441) ApiQueryUserInfo: Allow all uiprops to be requested at once. 978* (T275261) Escape wikitext in the title in invalid title error messages. 979* (T275242) Extend iwlinks.iwl_prefix to VARBINARY(32) on MySQL. 980* (T246594, T270228) PHPVersionCheck: Complain about known-bad versions above 981 minimum. 982* (T275824) Upgrade wikimedia/composer-merge-plugin from 1.4.1 to 2.0.1 for 983 Composer 2.0 support. 984* (T269293) Record all used options in metadata. 985* Allow usage of Composer 2.0 to install MediaWiki's dependencies. 986* (T259872) skins: Call headElement() after getTemplateData() in SkinMustache. 987* (T277009, CVE-2021-30158) SECURITY: Allow blocked users to access 988 Special:ResetTokens. 989* (T272412) Add "Account data" section to user preferences. 990* (T268310) Add list of thumbnail urls to LocalFilePurgeThumbnails hook. 991* (T277520) registration: Allow specifying immovable namespaces in 992 extension.json. 993* (T275619) Maintenance::hasOption and Maintenance::getOption now behave as 994 documented and are not altered by previous calls to these methods. 995* (T254688) Remove page inner join from subquery in SpecialWhatLinksHere. 996* (T122124) signup: added help message for security. 997* (T278014, CVE-2021-30154) SECURITY: Escape mediastatistics-header-* messages 998 on Special:NewFiles. 999* (T278058, CVE-2021-30157) SECURITY: Escape rcfilters-filter-* messages on 1000 ChangesList pages. 1001* (T277414) HTMLFormField: Use non namespaced class name rather than 1002 static::class. 1003* (T268673) maintenance: Don't create SearchUpdate in rebuildtextindex.php 1004 for page_namespace below 0. 1005* (T246594, T270228) Mark ParserOptionsTests skipped on PHP 7.4.0-7.4.8. 1006* (T268230) Switch to new MediaWiki logo by Serhio Magpie. 1007* (T271735) Expand config-pingback-help, link to privacy policy in 1008 config-pingback. 1009* Fix documentation of user-global in $wgRateLimits. 1010* BackupDumper: Add -o as shortcode for --output. 1011* (T235554) Disable DEFER_SET_LENGTH_AND_FLUSH headers to avoid HTTP errors. 1012* (T270713, CVE-2021-30152) SECURITY: Allow user to only apply protection they 1013 have right to do so via action=protect. 1014* (T272386, CVE-2021-30159) SECURITY: Non-admin deleted enwiki page in fast 1015 double move. 1016* (T270988, CVE-2021-30155) SECURITY: ContentModelChange: Check that user can 1017 create pages. 1018* (T279451, CVE-2021-30458) SECURITY: Parsoid comment fostering allows for 1019 inserting mostly arbitrary <meta> tags. 1020 1021== MediaWiki 1.35.1 == 1022 1023This is a security and maintenance release of the MediaWiki 1.35 branch. 1024 1025While normally running update.php isn't required for point releases, 1026it is recommended to run it for 1.35.1 so that sites.site_language is 1027updated to take 35 characters. 1028 1029Watchlist Expiry is no longer considered experimental, but is off by default. 1030To enable it, set $wgWatchlistExpiry = true; in your LocalSettings.php. 1031 1032=== Changes since MediaWiki 1.35.0 === 1033* (T263929) purgeList.php Fix all-namespaces option to match one used in code. 1034* (T248719) ParserCache::get - fix wfDeprecated call. 1035* (T261430) WatchlistExpiryWidget: Move focus to expiry dropdown after hitting 1036 Tab. 1037* Preload mediawiki.watchstar.widgets before api request. 1038* (T261030) ApiEditPage: Show existing watchlist expiry if status is not being 1039 changed. 1040* (T264502) Fix PHP 8 compat with strcspn() $length parameter exceeding string. 1041* (T248925) Remove final modifier on private function. 1042* (T264683) Remove ipb_anon_only from ipb_address_unique index addition. 1043* (T261415) Add days left messages to changes-lists' clock icons. 1044* Fix order of wfDeprecated parameters in ExternalStoreDB::getSlave. 1045* (T261260) Preload class used in HeaderCallback. 1046* (T260868, T260009) Normalize WatchedItem expiry field. 1047* (T264683) Remove doTable check from (Mysql|Sqlite)Updater::indexHasFields. 1048* (T264534) ApiPageSet: Avoid infinite loop when merging redirects. 1049* (T196906) Empty Monolog loggers are now real blackholes. 1050* (T258649) WatchAction: avoid UPDATE when old and new watch period is 1051 indefinite. 1052* Parser: Adjust typehint to show that getTitle can return null. 1053* (T263592) media: Fix case of FlashPixVersion in 1054 FormatMetadata::makeFormattedData(). 1055* (T265223) BaseTemplate: Guard against passing zero arg to array_merge(). 1056* (T264965) Fix base path handling for MessagePosterModule registration. 1057* (T252183) Fix Database::getTempTableWrites for multi table DDLs. 1058* (T182546) Fix switch/case indentation per mediawiki coding conventions. 1059* Flip Yoda conditionals. 1060* (T263213) Move SkinTemplate::getFooterLinks() to Skin. 1061* build: Updating mediawiki/mediawiki-codesniffer to 33.0.0. 1062* (T267105) Make ImageBuilder::checkMissingImage public. 1063* Updating guzzlehttp/guzzle (6.5.4 => 6.5.5). 1064* (T266681) Support new style hook registration on install and update. 1065* (T266980) Fix unsetting of copyright icon in FooterIcons. 1066* upload.js: Don't assume that warnings array will include 'code' key. 1067* upload.js: Fix typo in upload API. 1068* (T264333, T190988, T266903) Pass along ignorewarnings param to all 1069 individual chunks being uploaded. 1070* (T267558) importTextFiles.php: Replace deprecated WikiRevision:setText(). 1071* (T266418) composer.json: add requirement for composer-plugin-api ^1.1. 1072* (T261431) Add ARIA attributes to watchlink and its notification. 1073* (T258877) Change invalid 'Content-Encoding: none' header. 1074* Fix trailing ; in patch-sites-site_language-35.sql. 1075* (T248852) wfAssembleUrl: Handle empty query field in URL bits. 1076* (T268846) Updating wikimedia/testing-access-wrapper (1.0.0 => 2.0.0). 1077* (T268887) migrateComments: Cast array keys back to string before passing 1078 to the DB. 1079* (T266619) Introduce new $wgThumbPath config. 1080* (T269178) MemcachedClient: Cast Resource to integer. 1081* (T263925) Use the old HookContainer to set up the post-reset services. 1082* Change "site cache" to just "cache" in the right-purge message. 1083* [UploadedFileStreamTest] Skip test with chmod. 1084* (T269710) Updating composer/semver (1.5.1 => 1.7.2). 1085* (T269710) Updating mediawiki/mediawiki-codesniffer (33.0.0 => 34.0.0). 1086* (T260631, T260633), BotPassword::save() now returns a Status object for the 1087 result rather than a bool. The length of the bot password grants and 1088 restriction fields are now validated, and an error will be thrown if it 1089 would be truncated by the database. 1090* (T265778) Fix English/*nix specific error messages in FSFileBackend. 1091* (T267543) Split dropping of image.img_user_timestamp. 1092* [FileTest] Do not assume /tmp exists on windows. 1093* Clean up temp files correctly after unit tests. 1094* Skip undo related phpunit tests when diff3 is missing. 1095* (T269964) rdbms: Remove outer parentheses in insert query for Postgres. 1096* (T263911) In MWExceptionHandler::report(), catch all throwables. 1097* (T268894, CVE-2020-35474) SECURITY: Use Html::element in 1098 ChangeListSpecialPage for sanity. 1099* (T268917) Use Xml::element in SpecialUserrights for sanity. 1100* (T268938, CVE-2020-35478, CVE-2020-35479) SECURITY: Pass escaped html 1101 to LogFormatter::makePageLink for sanity. 1102* (T268938) Fixed mixed escaping in Language::translateBlockExpiry. 1103* (T263911) UserOptionsManager: don't differentiate anons caches. 1104* (T261260) HeaderCallback: pre-cache request ID. 1105* Parsoid updated to v0.12.1. 1106* (T205908, CVE-2020-35477) SECURITY: Unable to change visibility of log 1107 entries when MediaWiki:Mainpage uses Special:MyLanguage. 1108* (T120883, CVE-2020-35480) SECURITY: Divergent behavior for contributions 1109 and user pages of hidden users and missing users. 1110* (T270145) Fix condition that can lead to using APCOND_BLOCKED in 1111 $wgAutopromote to cause an OOM in PHP. 1112 1113== MediaWiki 1.35.0 == 1114 1115=== Changes since MediaWiki 1.35.0-rc.3 === 1116* (T261258) Remove checks for ancient ImageMagick versions in BitmapHandler. 1117* (T260232) Don't include null page ids in query list for category dumps. 1118* (T260009) Check existing watchitem when saving action=watch. 1119* (T259055) Correct success messages for action=watch. 1120* mediawiki.page.ready: Simpler tablesorter/makeCollapsible call. 1121* mediawiki.page.ready: Fix skin override config flags, wrong way round. 1122* (T262175, T248512) Remove requirement for ApiWatchlistTrait to be in ApiBase. 1123* (T259053, T260434) Watchlist: Fix updateWatchLink removing css class when 1124 action=watch. 1125* (T261901, T261476) mediawiki.notification: Don't close notif when clicking 1126 <select> element. 1127* (T251506) Sanitizer: Truncate IDs to a reasonable length. 1128* (T259452) Parsoid updated to v0.12.0. 1129* (T261970) watch.ajax: Add expiry support to watchpage.mw event. 1130* (T262900) Fix failure of rebuildLocalisationCache.php due to ResourceLoader 1131 hook. 1132* (T263014) Hard deprecate File::userCan() with $user=null. 1133* (T262547) Use localized success message after watching via action=watch. 1134* (T201491) Fix typo 'Watchlst' in `apihelp-edit-param-watchlistexpiry`. 1135* (T261081) Installer: consistently reset Language objects. 1136* (T250449, T250450) Installer: consistently reset Language objects. 1137* Explicitly wrap some XML calls in libxml_disable_entity_loader(). 1138* (T262934) Ensure dropdown label is always on its own line. 1139* (T246855) resourceloader: Use a local HookRunner. 1140* (T263604) Have findBadBlobs.php require Maintenance.php rather than 1141 cleanupTable.inc. 1142* (T263606) Set fake time, to avoid flaky tests. 1143* (T261325) Add FindMissingActors script. 1144* (T262364) shell: Don't blacklist /run/firejail. 1145* (T263655) NewPagesPager: Ignore nonexistent namespaces. 1146* Update specialPageAliases and magicWords for Egyptian Arabic (arz). 1147* (T261347) ParserOutput: don't throw on bad editsection. 1148* (T232568, CVE-2020-25813) SpecialUserrights: If a viewer lacks `hideuser`, 1149 ignore hidden users. 1150* (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on 1151 Special:Contributions. 1152* (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within 1153 LogEventsList. 1154* (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking 1155 firejail's --output functionality. 1156* (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and 1157 'style' attribute. 1158* (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in 1159 mw.message( ... ).parse(). 1160* (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct 1161 database. 1162* (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used. 1163* Add Finnish special page aliases. 1164* Fix GuzzleHttpRequest request headers. 1165* Fix description for pruneFileCache.php. 1166* emptyUserGroup.php: handle more than 5000 users. 1167* Make ApiSandbox copyable URL absolute. 1168* (T261087) Add a link from a deleted page to that page's logs. 1169 1170== MediaWiki 1.35.0-rc.3 == 1171 1172=== Changes since MediaWiki 1.35.0-rc.2 === 1173* (T258662) mediawiki.visibleTimeout: Update the nextVisibleTimeoutId value. 1174* Ensure Parsoid doesn't throw when <ref> is used w/o Cite installed. 1175* Remove maintenance/createCommonPasswordCdb.php. 1176* (T260468) Increase "sites.site_global_key" to varbinary(64). 1177* (T183759) Fix shell edge-cases in Windows. 1178* (T257879) Drop PHP 7.2 support; require 7.3.19. 1179* (T251661, CVE-2020-25827) SECURITY: User::pingLimiter: add user-global 1180 rate limit type. 1181* (T246991) User: enforce pingLimiter() expiry time. 1182* (T256831) Rest: Handle Uri constructor exception. 1183* (T259094) Fix RequestFromGlobalsTest failing in Travis CI. 1184* (T256831, T261344) Rest: Use try/catch to handle URIs with embedded colon. 1185 1186== MediaWiki 1.35.0-rc.2 == 1187 1188=== Changes since MediaWiki 1.35.0-rc.1 === 1189* (T259693) uuid: Fix filenames on Windows. 1190* Remove Gruntfile.js and package-lock.json from the tarball. 1191* firejail: Strengthen by copying from Wikimedia's profile. 1192* (T260059) ResourceLoaderOOUIImageModule: loadOOUIDefinition() may return 1193 false. 1194* (T30162, T245387) The installer supports using a Postgres server running 1195 on a custom port other than 5432. 1196* (T260201) Support private wikis in Parsoid zero configuration mode. 1197* Fix bad use of `|=` PHP bit operation where `= … ||` bool is intended. 1198* (T259212) SpecialBlock: Show error if a block could not be inserted or found. 1199* (T255842) UserOptionsManager: fix options reset. 1200* (T258649) WatchAction: avoid unnecessary UPDATEs when expiry is unchanged. 1201* (T250851) Allow skins to override mediawiki.page.ready initialisation. 1202* (T250851) mediawiki.page.ready: Allow skins to disable search lazy load. 1203* (T253135, T255632) Update language in watchlist expiry. 1204* Use IPset in MWRestrictions::checkIP. 1205* (T259564) Fix race condition on edit page. 1206* (T260759) Hide watchlist expiry label in edit form. 1207* mime: Fix docs of MIME_EXTENSIONS, they're arrays, not space-seperated. 1208* (T260031) Add application/font-sfnt to MimeMap for ttf files. 1209* (T259379) WatchedItemStore: Cache single WatchedItems with preexisting expiry. 1210* Add a maintenance script to create bot passwords. 1211* (T201269) Add Traditional Chinese zh-hant as fallback for Amis (ami). 1212* Improve wfParseUrl docs. 1213* (T251038) Add multi index fields in ImageListPager for unique paginate. 1214* (T259916) Guard against 'Widget not found' error. 1215 1216== MediaWiki 1.35.0-rc.1 == 1217 1218=== Changes since MediaWiki 1.35.0-rc.0 === 1219* (T252136) Fix RecentChanges watchlist filters when WatchlistExpiry is off. 1220* (T258662) Update time period for watchlist expiry pop-up. 1221* (T258443) Fix expiry dropdown not getting disabled on edit page. 1222* (T259398) Add license information for promise-polyfill. 1223* Remove executable bit from scripts without shebang. 1224* (T256526) Fix bold of watched items on Special:RecentChangesLinked. 1225* (T259060) Edit page expiry dropdown should keep state after 1226 disabling/enabling. 1227* (T259009) Translate expiry period in pop-up message for watchlist expiry. 1228* (T258310) Add watchlist clock icon to RecentChanges. 1229* (T259362) Permit temporary table writes on replica DB connections. 1230* (T250214) Add UI support in Special:EditWatchlist for watchlist expiry. 1231* (T72470) Disable wgLegacyJavaScriptGlobals by default. 1232* (T130906) Add Edge to MediaWiki:Clearyourcache. 1233* (T257279) Add mediawiki.ui Less variable deprecation note. 1234* (T249521) Fixed reassignEdits.php to work with anonymous users. 1235* (T259448) Fix Circular dependency when creating service in 1236 DBLoadBalancerFactory. 1237* (T257259) Default to using watchlist expiry of old page when moving pages. 1238 1239== MediaWiki 1.35.0-rc.0 == 1240 1241== Upgrading notes for 1.35 == 12421.35 requires PHP 7.3.19 or above (up from 7.2.9). (T257879) 1243 12441.35 has several database changes since 1.34, and will not work without schema 1245updates. Note that due to changes to some very large tables like the revision 1246table, the schema update may take quite long (minutes on a medium sized site, 1247many hours on a large site). 1248 1249Don't forget to always back up your database before upgrading! 1250 1251MediaWiki 1.35 is the next LTS after 1.31, and will be supported for around 3 1252years. 1253 1254MediaWiki has a lot of both soft and hard deprecations, and code removed. As 1255always, make sure your versions of extensions match the MediaWiki version, 1256and updates may be required to any custom extensions. 1257 1258See the file UPGRADE for more detailed upgrade instructions, including 1259important information when upgrading from versions prior to 1.11. 1260 1261Some specific notes for MediaWiki 1.35 upgrades are below: 1262* (T259685) Zeroconf (zero-configuration) VisualEditor/Parsoid doesn't work 1263 using SQLite as the database backend for MediaWiki. This is due to the lack 1264 of write concurrency in SQLite. If you wish to use this feature, it is 1265 recommended to use MySQL/MariaDB rather than SQLite. 1266 1267For notes on 1.34.x and older releases, see HISTORY. 1268 1269=== Configuration changes for system administrators in 1.35 === 1270 1271* (T72470) $wgLegacyJavaScriptGlobals is now false by default. This feature 1272 will be completely removed in a later MediaWiki release. 1273 1274==== New configuration ==== 1275* $wgDiffEngine — This can be used to specify the difference engine to use, 1276 rather than MediaWiki choosing the first of $wgExternalDiffEngine, wikidiff2, 1277 or php that is usable. 1278* $wgSearchMatchRedirectPreference — This configuration setting controls whether 1279 users can set a new preference, search-match-redirect, which decides if search 1280 should redirect them to exact matches is available. By default, this is set to 1281 false, which maintains the previous behaviour without preference bloat. Change 1282 your site's default by setting $wgDefaultUserOptions['search-match-redirect']. 1283* $wgPoolCounterConf['SpecialContributions'] — Per-user concurrency in the use 1284 of SpecialContributions can now be limited by setting this appropriately. 1285* $wgPasswordPolicy — PasswordCannotBeSubstringInUsername is a new password 1286 policy check. Similar to the existing PasswordCannotMatchUsername check, this 1287 check ensures that a user's (case-insensitive) password cannot be a part of 1288 their username. e.g. password = MyPass, username = ThisUsersPasswordIsMyPass. 1289* $wgLogos — This new configuration setting combines the now-deprecated $wgLogo 1290 and $wgLogoHD settings into a single, associative array. It provides support 1291 for a new key, 'wordmark', for setting a horizontal wordmark to show next to 1292 the graphical logo. To do this, set 'wordmark' to an array with 'src' set to 1293 the path of the wordmark image, and 'width' and 'height' for its dimensions 1294 in pixels. $wgLogos inherits the existing support provided by its predecessor 1295 settings: '1x' mapping to the path of the logo as a 135x135px raster image 1296 (equivalent to $wgLogo), and '1.5x', '2x', and 'svg' operating as before for 1297 $wgLogoHD. If $wgLogos is unset, $wgLogo and $wgLogoHD values are read for 1298 temporary backwards compatibility. (T232140) 1299* $wgWatchlistExpiry — (EXPERIMENTAL) This enables the new watchlist expiry 1300 feature. The database table (watchlist_expiry) for this is created regardless 1301 of this setting, but all other aspects of the expiry feature are controlled 1302 by it. Enabling in production is discouraged for the time being. A future 1303 MediaWiki 1.35 release will advertise this feature once it is stable. 1304* $wgWatchlistPurgeRate — This sets the chance of expired watchlist items being 1305 purged on each page edit. Only has effect if $wgWatchlistExpiry is true. 1306* $wgWatchlistExpiryMaxDuration — This is the maximum definite relative duration 1307 for watchlist expiries. Only has effect if $wgWatchlistExpiry is true. 1308* $wgImgAuthPath – This can be used to override the path prefix used when 1309 handling img_auth.php requests. (T235357) 1310* $wgAllowedCorsHeaders — This is a list of headers which can be used in a 1311 cross-site API request. 1312* $wgHTTPMaxTimeout and $wgHTTPMaxConnectTimeout — These allow site 1313 administrators to limit the timeouts used by the HTTP client libraries. 1314 This only affects callers using HttpRequestFactory and the deprecated 1315 wrappers in the Http class. 1316* $wgCdnMaxageStale — This controls the Cache-Control s-maxage header for page 1317 views when PoolCounter lock contention indicates that a stale cache entry 1318 should be sent. 1319* $wgForceHTTPS — This makes the HTTP to HTTPS redirect be unconditional and 1320 suppresses various hacks needed to support mixed HTTP/HTTPS wikis. We 1321 recommend this be set to true on pure HTTPS wikis. 1322* $wgCookieSameSite — This setting allows login cookies to be sent with 1323 SameSite=None. This is required for cross-site CentralAuth auto-login after 1324 Chrome 84. 1325* $wgUseSameSiteLegacyCookies — This adds a compatibility hack to 1326 SameSite=None cookies for browsers which implemented an incompatible draft 1327 version of the specification. 1328 1329==== Changed configuration ==== 1330* $wgResourceLoaderMaxage (T235314) — This configuration array controls the 1331 max-age for HTTP caching through the Cache-Control header. It has uses the 1332 "versioned" key for urls that do have a version parameter, and the 1333 "unversioned" key for urls without a version parameter. The sub keys for 1334 "client" and "server" are no longer supported in MediaWiki 1.35. 1335* $wgEnableOpenSearchSuggest — This boolean variable is deprecated and no longer 1336 used. The OpenSearch API is now always enabled. 1337* $wgAuthManagerConfig and $wgAuthManagerAutoConfig — These can now use the 1338 'services' option in provider specifications. 1339* $wgVirtualRestConfig['modules']['parsoid'] — 1340 - The defaults have been updated. If you were relying on the default values, 1341 you may need to update your configuration. 1342 - The 'URL' parameter, previously allowed for backwards-compatibility, has 1343 been deprecated. Use 'url' instead. 1344* $wgXmlDumpSchemaVersion — Default is now set to XML_DUMP_SCHEMA_VERSION_11, so 1345 dumps use the new dump format per default. Consumers of XML dumps should not 1346 be affected if they ignore any unknown tags they encounter. Also, the format 1347 is effectively unchanged for revisions that only contain the main slot. The 1348 --schema-version option can be used with the dumpBackup.php script to set the 1349 dump format. (T238921) 1350* $wgParserConf — This configuration is now deprecated. It has been 1351 effectively constant since 2008, and is ignored by core code. 1352 Configure the ParserFactory service in order to customize the Parser used. 1353* $wgAutoloadAttemptLowercase — This has been deprecated, and the default value 1354 changed to false. 1355* $wgAllowImageMoving — This configuration setting is now deprecated. Instead, 1356 use $wgGroupPermissions; e.g., to revoke sysops' ability to move images use 1357 $wgGroupPermissions['sysop']['movefile'] = false. 1358* $wgAllowImageTag — This configuration is now deprecated; future parsers will 1359 not support direct use of the HTML <img> tag in wikitext. 1360* $wgUseTwoButtonsSearchForm — This has been deprecated. If you maintain a skin 1361 that relies on this and wishes to let system administrators change it, you 1362 should convert it to a config variable specific to your skin. If you're using 1363 it to configure your wiki, you should check individual skins to see whether 1364 they have local skin config for the feature and use that. 1365* $wgPasswordPolicy — The deprecated policy 'PasswordCannotBePopular' has been 1366 removed. Use PasswordNotInCommonList instead which covers many more passwords. 1367* Backwards compatibility for using an associative array 1368 (e.g. [ '127.0.0.1' => 'bad-ip' ]) for $wgProxyList has been removed. This 1369 was deprecated since 1.30. Please convert these arrays to indexed/sequential 1370 ones (e.g. [ '127.0.0.1' ]). 1371* $wgShellRestrictionMethod — This now defaults to 'autodetect', which will 1372 enable sandboxing for shell commands using firejail, if it's installed. To 1373 disable restrictions, set it to false. 1374* $wgLegacyJavaScriptGlobals – This deprecated setting now default to false, 1375 instead of true, ahead of its planned removal. 1376 1377==== Removed configuration ==== 1378* $wgSysopEmailBans — This setting, deprecated in 1.34, was removed. To let 1379 sysops block email access, use $wgGroupPermissions['sysop']['blockemail']. 1380* $wgDBWindowsAuthentication — This setting had no effect anymore after support 1381 for SQL Server was removed in 1.34. (T230418) 1382* $wgProfileOnly — This setting, deprecated in 1.23, was removed. The profiler 1383 output should instead be configured via $wgProfiler['output']. 1384* $wgProfileLimit — This setting, deprecated in 1.25, was removed. 1385 Set $wgProfiler['threshold'] instead. 1386* $wgDebugTimestamps — This setting was removed. It affected the text output 1387 produced via $wgDebugComments, if enabled. 1388* $wgSkipSkin — This setting, deprecated in 1.23, was removed. To disable a 1389 skin from being shown, use $wgSkipSkins. 1390* $wgUseSquid, $wgSquidServers, $wgSquidServersNoPurge, and $wgSquidMaxage — 1391 These, deprecated in 1.34, have been removed. Use $wgUseCdn, $wgCdnServers, 1392 $wgCdnServersNoPurge, or $wgCdnMaxAge instead. 1393* $wgDisableCounters — This, deprecated in 1.25, was removed. The feature that 1394 it controlled was already removed in 1.26, but the variable remained existent 1395 with a value of `false` for backward-compatibility. 1396* $wgMaxGeneratedPPNodeCount — This setting was removed. It only affected 1397 Preprocessor_DOM, which was deprecated in 1.34 and removed in this release. 1398* $wgFixArabicUnicode and $wgFixMalayalamUnicode — These, deprecated in 1.33, 1399 were removed. The fixes are now always enabled for their respective languages. 1400* $wgAllowTitlesInSVG — This, unused and deprecated since 1.34, was removed. 1401* $wgEnablePartialBlocks — This setting, deprecated when it was added in 1.33, 1402 was removed. Partial blocks are now always enabled. 1403* $wgLocalInterwiki — This setting, deprecated in 1.23, has been removed. 1404* $wgContentHandlerUseDB — This setting, deprecated in 1.34, has been removed. 1405* $wgMultiContentRevisionSchemaMigrationStage — This setting must no longer 1406 be set locally. If the migration stage was set to anything other than 1407 SCHEMA_COMPAT_NEW locally, update.php must be run after removing the setting. 1408 Usage of the setting in code is deprecated. The setting will be removed 1409 completely in 1.36. 1410* $wgEnableRestAPI — This setting is no longer obeyed by MediaWiki core, and 1411 should not be set set locally. Usage of the setting in code is deprecated; it 1412 is now set true by default. The setting will be removed completely in 1.36. 1413* $wgObjectCaches — The 'slaveOnly' option for SqlBagOStuff, deprecated in 1.34, 1414 was removed. Use 'replicaOnly' instead. 1415 1416=== New user-facing features in 1.35 === 1417* (T204618) Whitelisted the aria-hidden HTML attribute for all elements in 1418 wikitext. 1419* (T13456) Special:EditPage, Special:PageHistory, Special:PageInfo, and 1420 Special:Purge have been created as shortcuts for each action. 1421 Special:EditPage/Foo redirects to title=foo&action=edit, with PageHistory, 1422 PageInfo, and Purge corresponding to action= history, info, and purge 1423 respectively. When linked to, its subpage is used as the target. Otherwise, 1424 it displays a basic interface to allow the end user to specify the target 1425 manually. 1426* (T139221) The generated table of contents is now a navigation landmark role 1427 for assistive technologies. 1428* (T245931) interwiki map API doesn't report foreign language if 1429 $wgInterwikiMagic=false 1430* The form at ?action=watch has a new dropdown list to support expiry dates for 1431 watchlist items (if $wgWatchlistExpiry is true). 1432 1433=== New developer features in 1.35 === 1434* A Docker based local development develpoment environment configuration is 1435 included (T238224) and DEVELOPERS.md has been added with usage documentation 1436 and links to further help. 1437* If CSP is enabled, extensions can now add additional sources using the 1438 ContentSecurityPolicy::addDefaultSource, ::addStyleSrc and ::addScriptSrc 1439 methods (e.g. $context->getOutput()->getCSP()->addDefaultSrc( 'example.com' )) 1440* Extensions can now specify classes and namespaces to be autoloaded by the 1441 test autoloader, by setting the "TestAutoloadNamespaces" and 1442 "TestAutoloadClasses" properties in extension.json. (T196090) 1443* (T250977) extension.json now allows "SearchMappings" which maps the canonical 1444 name of the search engine (used in wgSearchType and wgSearchTypeAlternatives) 1445 to a specification using the ObjectFactory specification. This allows 1446 extensions to register Search Engines using namespaced classes. 1447* Added getters for OutputPage's robot, index and follow policies; 1448 getRobotPolicy() returns the entire policy as a string in the form 1449 <index policy>,<follow policy> while getIndexPolicy() and getFollowPolicy() 1450 return their respective policies as a string. 1451* The ResourceLoaderSiteModulePages and ResourceLoaderSiteStylesModulePages 1452 hooks were added to allow changing which wiki pages these modules contain. 1453* The SkinFactory now allows skins to be specified as an ObjectFactory spec, 1454 allowing the construction of skins with services injected. 1455* ContentHandlerFactory for most ContentHandler static methods. It has been 1456 added to the constructors for many classes to improve SOLID / GRASP. 1457* FileDeleteForm's constructor now accepts a user as the second parameter. 1458 Support for not passing a user has also been hard-deprecated and will be 1459 removed in 1.36. 1460* The ParserPreSaveTransformComplete hook was added. 1461* The ParserBeforePreprocess hook was added. 1462* The ResourceLoaderSkinModule class now has a "legacy" feature that loads 1463 the stylesheets previously part of the "mediawiki.legacy.shared" and 1464 "mediawiki.legacy.commonPrint" module. 1465 Those modules are now deprecated and no longer loaded by skins. 1466 For skins needing to retain these styles, you will need to load these 1467 styles via a module using the ResourceLoaderSkinModule class. 1468 See Vector and Monobook for examples. 1469* ParserOutput now has methods addExtraCSPStyleSrc, addExtraCSPDefaultSrc 1470 addExtraCSPScriptSrc for parser tags/functions to be able to add sources 1471 to the Content Security Policy. 1472* The HtmlCacheUpdater service was added to unify the logic of purging CDN cache 1473 and HTML file cache to simplify callers and make them more consistent. 1474* The MultiHttpClient code will fallover to non-curl if curl_multi* is blocked. 1475* Preferences which use HTMLTitlesMultiselectField can make use of 1476 MultiTitleFilter class for saving title text to/from article IDs in user 1477 preferences. 1478* OutputPage::addHtmlClasses() was added to allow injecting CSS classes on 1479 to the <html> element on page load. 1480* The SkinAddFooterLinks hook is added to allow extensions to add items to skin 1481 footers. Previously this had to be done via SkinTemplateOutputPageBeforeExec. 1482 Doing so using that hook is now hard deprecated. 1483* A new BlockPermissionChecker service was introduced for checking 1484 block-related permissions. 1485* The support of 'database' type of extensions has been added to allow 3d party 1486 databases like Percona be used as storage. See T226857, T253248. 1487* Three new return parameters have been added to the 1488 EditPageGetCheckboxesDefinition hook. Handlers of this hook are no longer 1489 restricted to defining checkboxes. See the documentation of 1490 EditPage::getCheckboxesDefinition() for more details. 1491* New flag File::RENDER_TMP was added in order to allow 1492 File::generateAndSaveThumb and File::trasform to render a thumbnail without 1493 saving it to the storage. 1494 1495=== External library changes in 1.35 === 1496 1497==== New external libraries ==== 1498* Added wikimedia/ip-utils 1.0.0. 1499* Added wikimedia/parsoid 0.12.0. 1500* Added wikimedia/services 2.0.1. 1501* Added taylorhakes/promise-polyfill v8.1.3. 1502* Added vuejs v2.6.11. 1503* Added vuex v3.1.3. 1504 1505===== New development-only external libraries ===== 1506* Added doctrine/dbal 2.10.2. 1507* Added doctrine/sql-formatter 1.1.0. 1508* Added pimple/pimple 3.3.0. 1509 1510==== Changed external libraries ==== 1511* pear/mail_mime was upgraded from 1.10.2 to 1.10.8. 1512* wikimedia/less.php was upgraded from 1.8.0 to 3.0.0. 1513* Updated oojs from 3.0.0 to 5.0.0. 1514* Updated OOUI from 0.35.1 to 0.39.3. 1515* zordius/lightncandy was upgraded from 0.23.0 to 1.2.5. 1516* Updated jQuery from v3.3.1 to v3.4.1. 1517* Updated jQuery Migrate from v3.0.1 to v3.1.0. 1518* Updated wikimedia/assert from 0.2.2 to 0.5.0. 1519* Updated pear/net_smtp from 1.8.1 from to 1.9.1. 1520* Updated psr/log from 1.0.2 to 1.1.3. 1521* Updated jquery.i18n from 1.0.5 to 1.0.7. 1522* Updated guzzlehttp/guzzle from 6.3.3 to 6.5.4. 1523* Updated wikimedia/xmp-reader from 0.6.3 to 0.7.0. 1524 Fixes error log spam with too-large XMP data, and adds support for GPano tags. 1525* Updated wikimedia/base-convert from v2.0.0 to v2.0.1. 1526* Updated composer/semver from 1.5.0 to 1.5.1. 1527* Updated wikimedia/remex-html from 2.1.0 to 2.2.0. 1528* Replaced wikimedia/password-blacklist 0.1.4 with wikimedia/common-passwords 1529 0.2.0. 1530 1531===== Changed development-only external libraries ===== 1532* Updated symfony/yaml from 3.4.28 to 5.0.5. 1533* Updated nikic/php-parser from 3.1.5 to 4.4.0. 1534* Updated php-parallel-lint/php-console-highlighter from v0.3.2 to v0.5. 1535* Updated php-parallel-lint/php-parallel-lint from v0.9.2 to v1.2.0. 1536* Updated psy/psysh from 0.9.9 to 0.10.4. 1537* Updated monolog/monolog from 1.24.0 to 1.25.2. 1538* Upgrade mediawiki-codesniffer from 28.0.0 to 30.0.0. 1539* Updated composer/spdx-licenses from 1.5.1 to 1.5.3. 1540* Updated monolog/monolog from 1.25.2 to 1.25.3. 1541* Updated qunit from 2.9.1 to 2.10.0. 1542 1543==== Removed external libraries ==== 1544* phpunit/php-invoker (dev-only). 1545 Removing this unbreaks development on Windows systems, in exchange for losing 1546 time limits in running unit tests. 1547* The jquery.getAttrs module was removed. 1548 1549=== Action API changes in 1.35 === 1550* The 'suggest' parameter of action=opensearch has been deprecated. 1551 The API behaves the same with and without this parameter. 1552 It was previously used by $wgEnableOpenSearchSuggest to partially 1553 disable the API if set to false. Specifically, it would deny internal 1554 frontend requests carrying this parameter, whilst accepting other requests. 1555* Integer-type parameters are now validated for syntax rather than being 1556 interpreted in surprising ways. For example, the following will now return a 1557 badinteger error: 1558 - "1.9" (formerly interpreted as "1") 1559 - " 1" (formerly interpreted as "1") 1560 - "1e1" (formerly interpreted as "1" or "10", depending on the PHP version) 1561 - "1foobar" (formerly interpreted as "1") 1562 - "foobar" (formerly intepreted as "0") 1563 parameters. Ranges should be assumed to be enforced. 1564* Many user-type parameters now accept a user ID, formatted like "#12345". 1565* The 'assert' parameter used by all API modules now supports the value 'anon'. 1566 When specified, the API will return the 'assertanonfailed' error if the user 1567 is logged in. 1568* action=edit now supports the 'baserevid' parameter for edit conflict 1569 detection, as an alternative to 'basetimestamp'. Note that self-conflicts 1570 will continue to be ignored if 'basetimestamp' is set, but not if only 1571 'baserevid' is set. 1572* A new module was added to change the content model of existing pages. 1573 Use action=changecontentmodel. Unlike Special:ChangeContentModel, the api 1574 module does not work for pages that do not already exist. 1575* If $wgWatchlistExpiry is true, the following API changes are made: 1576 - action=watch accepts a new 'expiry' parameter analagous to the expiry 1577 accepted by action=userrights, action=block, etc., except it must be no 1578 greater than $wgWatchlistExpiryMaxDuration, or an infinity value. 1579 - action=query&list=watchlistraw returns pages' watchlist expiry dates. 1580* (T249526) action=login will now return Failed rather than NeedToken on 1581 session loss. 1582 1583=== Action API internal changes in 1.35 === 1584* The Action API now uses the Wikimedia\ParamValidator library for parameter 1585 validation, which brings some new features and changes. For the most part 1586 existing module code should work as it did before, but see subsequent notes 1587 for changes. 1588 - The values for all ApiBase PARAM_* constants have changed. Code should have 1589 been using the constants rather than hard-coding the values. 1590 - Several ApiBase PARAM_* constants have been deprecated, see the in-class 1591 documentation for details. Use the equivalent ParamValidator constants 1592 instead. 1593 - The value returned for 'upload'-type parameters has changed from 1594 WebRequestUpload to Psr\Http\Message\UploadedFileInterface. 1595* Validation of 'user'-type parameters is more flexible. PARAM constants exist 1596 to specify the type of "user" allowed and to request UserIdentity objects 1597 rather than name strings. The default is to accept all types (name, IP, 1598 range, and interwiki) that were formerly accepted. 1599* Maximum limits are no longer ignored in "internal mode". 1600* The $paramName to ApiBase::handleParamNormalization() should now include the 1601 prefix. 1602* (T245931) meta=siteinfo&siprop=interwikimap no longer reports language or 1603 extralanglink when $wgInterwikiMagic is false. 1604 1605=== Languages updated in 1.35 === 1606MediaWiki supports over 350 languages. Many localisations are updated regularly. 1607Below only new and removed languages are listed, as well as changes to languages 1608because of Phabricator reports. 1609 1610* The default targets for the ISBN search from Special:BookSources in English 1611 have been updated for better international suppport. They will now be 1612 BetterWorldBooks.com, OpenLibrary.org and Worldcat.org. 1613* (T237672) Changed the Moroccan Arabic language (ary) to the Arabic script. 1614* (T201269) Added language support for Amis (ami). 1615* (T248299) Added language support for Inari Sami (smn). 1616* (T251369) Added language support for Ladin (lld). 1617* (T251369) Added language support for Seediq (trv), also known as Taroko. 1618 1619=== Breaking changes in 1.35 === 1620* MediaWiki no longer supports PHP 7.2; use PHP 7.3.19+ (T228346, T257879). 1621* ResourceLoader::getLessVars(), deprecated in 1.32, was removed. 1622 Use ResourceLoaderModule::getLessVars() instead. 1623* The jquery.tabIndex module, deprecated in 1.34, has been removed. 1624* The mediawiki.RegExp module alias, deprecated in 1.34, was removed. 1625 Use the mediawiki.util module instead. 1626* The easy-deflate.inflate module, unused since 1.32, was removed. 1627* The easy-deflate.deflate module was removed. Use the mediawiki.deflate 1628 module instead. 1629* The mediawiki.notify module was removed. The mw.notify() shortcut is now 1630 available by default, without any dependency. 1631* (T219604) The "jquery.ui.*" and "jquery.effects.*" module aliases, 1632 deprecated in 1.34, have been removed. Use "jquery.ui" instead. 1633* (T235457) The "user.tokens" module has been removed. 1634 Use "user.options" instead. 1635* (T251855) The mw.Map#exists method in JavaScript no longer supports checking 1636 multiple keys. This affects mw.config.exists() and mw.user.tokens.exists(). 1637* The internal variable $constructorOptions for the Parser & SpecialPageFactory, 1638 exposed only for integration purposes, are now each replaced by a const called 1639 CONSTRUCTOR_OPTIONS. This was a breaking change made without deprecation. 1640* ObjectCache::getWANInstance, deprecated in 1.34, was removed. 1641 Use MediaWikiServices::getMainWANObjectCache instead. 1642* ObjectCache::newWANCacheFromParams, deprecated in 1.34, was removed. 1643 Construct WANObjectCache directly instead, or use MediaWikiServices. 1644* (T231366) The ProfilerOutputDb class and profileinfo.php entry point, 1645 deprecated in 1.34, was removed. 1646* SiteConfiguration->localVHosts, deprecated in 1.25, was removed. 1647 Use $wgLocalVirtualHosts instead. 1648* The $wgContLanguageCode read-only variable was removed. 1649 It has been a non-configurable copy of $wgLanguageCode since MW 1.8 (2006). 1650 Use $wgLanguageCode directly instead. 1651* ApiQueryUserInfo::getBlockInfo, deprecated in 1.34, was removed. Use 1652 ApiBlockInfoTrait::getBlockDetails instead. 1653* Password::equals(), deprecated in 1.33, was removed. Use Password::verify(). 1654* QuickTemplate::setRef(), deprecated in 1.31, was removed. Use set(). 1655* The mediawiki.ui.text module, deprecated in 1.28 and unused, was removed. 1656* AbstractBlock::mReason, deprecated in 1.34, is no longer public. 1657* The GetBlockedStatus and UserIsHidden, deprecated in 1.34, has been removed. 1658 Instead, use the GetUserBlock hook. 1659* As part of work to replace the Parser, a large number of breaking changes have 1660 been made, principally in related methods and properties being removed or made 1661 private: 1662 - disableCache(), deprecated in 1.28. 1663 - serializeHalfParsedText() and the helpers unserializeHalfParsedText(), 1664 isValidHalfParsedText(), and StripState::getSubState() and 1665 StripState::merge(), all deprecated in 1.31. The helper functions 1666 LinkHolderArray::mergeForeign() and LinkHolderArray::getSubArray() 1667 were also removed. 1668 - getConverterLanguage(), deprecated in 1.32. Use getTargetLanguage() instead. 1669 - A large set of methods exposed only for historical reasons, deprecated in 1670 1.34, have now been removed or made private: 1671 - areSubpagesAllowed() 1672 - armorLinks() 1673 - createAssocArgs() 1674 - doAllQuotes() 1675 - doDoubleUnderscore() 1676 - doHeadings() 1677 - doMagicLinks() 1678 - formatHeadings() 1679 - getImageParams() 1680 - getVariableValue() 1681 - initialiseVariables() 1682 - makeKnownLinkHolder() 1683 - maybeDoSubpageLink() 1684 - parseLinkParameter() 1685 - replaceExternalLinks() 1686 - replaceInternalLinks() 1687 - replaceInternalLinks2() 1688 - replaceLinkHoldersText(). 1689 - splitWhitespace() 1690 - stripAltText() 1691 - testPreprocess() 1692 - testPst() 1693 - testSrvus() 1694 - incrementIncludeSize(), setTransparentTagHook(), replaceTransparentTags(), 1695 and $mTransparentTagHooks have been removed without deprecation. 1696 - The following constants have been made private without deprecation: 1697 - ::EXT_LINK_ADDR 1698 - ::EXT_IMAGE_REGEX 1699 - ::SPACE_NOT_NL 1700 - The following properties have been removed without deprecation: 1701 - ::$mDefaultStripList 1702 - ::$mIncludeCount 1703 - ::$mRevIdForTs 1704 - The following properties have been made private without deprecation: 1705 - ::$mFunctionSynonyms 1706 - ::$mFunctionTagHooks 1707 - ::$mStripList 1708 - ::$mVarCache 1709 - ::$mImageParams 1710 - ::$mImageParamsMagicArray 1711 - ::$mSubstWords 1712 - ::$mVariables 1713 - ::$mConf (deprecated in 1.34) 1714 - ::$mExtLinkBracketedRegex 1715 - ::$mUrlProtocols 1716 - ::$mAutonumber 1717 - ::$mLinkHolders 1718 - ::$mDefaultSort 1719 - ::$mTplRedirCache 1720 - ::$mForceTocPosition 1721 - ::$mTplDomCache 1722 - ::$mOutputType 1723 - ::$mLangLinkLanguages 1724 - ::$currentRevisionCache 1725 - ::$mProfiler 1726 - ::$mLinkRenderer 1727 - Parser::getTitle() will now throw a TypeError if $mTitle is uninitialized. 1728 This use pattern was deprecated in 1.34. 1729 - ContentHandler::makeParserOptions(), deprecated in 1.32, was removed. Use 1730 WikiPage::makeParserOptions() or ParserOptions::newCanonical() instead. 1731 - The ParserAfterUnstrip hook, believed to be unused, was removed without 1732 deprecation. 1733 - Preprocessor_DOM and related classes, deprecated in 1.34, have been removed. 1734 Consequently, the related ParserOptions::getMaxGeneratedPPNodeCount() and 1735 ::setMaxGeneratedPPNodeCount() have been removed without deprecation. 1736 - The support for the old signature for ParserFactory::__construct, which was 1737 deprecated in 1.34, has been removed. 1738 - Parser::getDefaultPreprocessorClass(), deprecated in 1.34, has been removed. 1739* MediaWikiTestCase::prepareServices(), deprecated in 1.32, has been removed 1740* The method ContentHandler::getSlotDiffRendererInternal is replaced with 1741 ContentHandler::getSlotDiffRendererWithOptions. This breaks consumers which 1742 call parent::getSlotDiffRendererInternal (no instances of which are known). 1743* TextContent::getHighlightHtml, deprecated since 1.24, has been removed. Use 1744 TextContent::getHtml instead. 1745* ExtensionRegistry::load(), deprecated in 1.34, was removed. Instead, use 1746 ExtensionRegistry::queue(). 1747* MWMessagePack class, deprecated in 1.34, was removed. 1748* The cdb.php maintenance script was removed. Use the 'cdb' command from the 1749 wikimedia/cdb library instead. 1750* User::addNewUserLogEntryAutoCreate, deprecated in 1.27, was removed. 1751* FileBasedSiteLookup class, deprecated in 1.33, was removed. 1752* The wfGlobalCacheKey global function, deprecated in 1.30, was removed. 1753* The APCBagOStuff class was removed. MediaWiki requires PHP 7.2+ (support 1754 for HHVM was dropped) and these versions of PHP only support apcu. The default 1755 "apc" entry in $wgObjectCaches now refers to APCUBagOStuff. 1756* Database::bufferResults(), deprecated in 1.34, has been removed. 1757* CannotReplaceActiveServiceException, ContainerDisabledException, 1758 DestructibleService, NoSuchServiceException, SalvageableService, 1759 ServiceAlreadyDefinedException, ServiceContainer and ServiceDisabledException 1760 in the global namespace, deprecated in 1.33, were removed. Use the classes in 1761 the MediaWiki\\Services namespace instead. 1762* The following methods in the Interwiki class were removed: ::fetch(), 1763 ::isValidInterwiki(), ::invalidateCache(), and ::getAllPrefixes(). 1764* The UsersMultiselectWidget config 'allowArbitrary' is now false by default. To 1765 accept arbitrary entries, pass in true for this config. 1766* OutputPage::parse() and OutputPage::parseInline(), deprecated in 1.32, have 1767 been removed. Use ::parseAsContent() or ::parseAsInterface(), as 1768 appropriate. 1769* WikiPage::selectFields, deprecated in 1.31, was removed. Use ::getQueryInfo. 1770* The remaining static methods for MagicWord, deprecated in 1.32, were removed. 1771 These were MagicWord::get(), ::getSubstIDs(), ::getDoubleUnderscoreArray(), 1772 ::getVariableIDs(), and ::getCacheTTL(). Instead, use MagicWordFactory (via 1773 MediaWikiServices). 1774* ApiBase::checkTitleUserPermissions no longer accepts a User as the third 1775 parameter. Passing a user was deprecated in 1.33. 1776* Sanitizer::setupAttributeWhitelist() and Sanitizer::attributeWhitelist(), 1777 deprecated in 1.34, have been removed. They should not have been public. 1778* Passing a sequential array as the second parameter to 1779 Sanitizer::validateAttributes() has been deprecated; use an associative 1780 array where keys are the allowed attributes. 1781* The $warnCallback parameter to Sanitizer::removeHTMLtags, deprecated since 1782 its introduction in 1.28, has been removed. 1783* SpecialRecentChanges::filterByCategories(), deprecated in 1.31, was removed. 1784* The `ArticleContentViewCustom` hook, deprecated in 1.32, was removed. 1785* AuthManager::callLegacyAuthPlugin, deprecated in 1.33, was removed. 1786* wfGetMessageCacheStorage was removed without deprecation. 1787* Title::moveSubpages, deprecated in 1.34, was removed. Use the MovePage class 1788 and MovePage::moveSubpages instead. 1789* Article::doEditContent, deprecated in 1.29, was removed. Instead, use 1790 WikiPage::doEditContent. 1791* CommentStore::newKey, deprecated in 1.31, was removed. 1792* EditPage::$hookError was changed from public to private. 1793* Title::isValidMoveOperation, ::moveTo, and ::isValidMoveTarget, deprecated 1794 in 1.25, were removed. Use the MovePage class and its methods instead. 1795* Title::getUserCaseDBKey(), deprecated in 1.33, was removed. Use ::getDBkey(). 1796* StringUtils::explodeMarkup() was removed without deprecation. 1797* AjaxResponse methods that were unused have been removed without deprecation: 1798 - checkLastModified 1799 - loadFromMemcached 1800 - storeInMemcached 1801 - setCacheDuration 1802 - setVary 1803* ApiDelete::delete and ::deleteFile, both of which were protected methods, 1804 have been made private to allow a signature change. 1805* HistoryPager::revLink, ::curLink, ::lastLink, and ::diffButtons, which had 1806 no visibilities defined, have been made private to allow signature changes. 1807* SpecialNewpages::revisionFromRcResult, which previously was protected, has 1808 been made private to allow a signature change. 1809* DifferenceEngine::$mOldRev and $mNewRev, deprecated for public access in 1810 1.32, have been removed. 1811* DifferenceEngine::revisionDeleteLink, which was previosuly protected, has 1812 been made private to allow a signature change. 1813* DifferenceEngine::getParserOutput, which is protected, has had a breaking 1814 signature change: the second parameter must be a RevisionRecord object, 1815 rather than a Revision object. 1816* WikiPage::setLastEdit, which was previously protected, has been made 1817 private to allow a signature change. 1818* Skin::getSkinNameMessages() deprecated in 1.34, has been removed. 1819* Skin::escapeSearchLink() deprecated in 1.34, has been removed, use 1820 Skin::getSearchLink() instead. 1821* Skin::shouldPreloadLogo() deprecated in 1.32, has been removed. 1822* Revision::loadFromId and RevisionStore::loadRevisionFromId have been 1823 removed. 1824* OutputPage::parserOptions doesn't accept an $options parameter anymore. 1825* MessageCache::getParserOptions previously did not have a visibility set. 1826 It has been made private. 1827* SpecialUndelete::showDiff previously did not have a visibilty set. It 1828 hav been made private to allow a signature change. 1829* The Skin no longer loads the "mediawiki.legacy.shared" or 1830 "mediawiki.legacy.commonPrint" modules. The legacy shared styles must now 1831 be loaded by the skin explicitly, either inherited via the 1832 "mediawiki.skinning.*" modules, or by making your skin's main styles 1833 module use the ResourceLoaderSkinModule class with the "legacy" attribute. 1834 See Vector and Monobook for examples. 1835* Passing an ApiMain to the constructor of ApiResult is no longer supported. 1836 This was deprecated in 1.25. 1837* ResourceLoaderWikiModule::invalidateModuleCache has been declared to 1838 be @internal as part of a signature change. No known uses exist outside 1839 of MediaWiki core. 1840* The ArticleAfterFetchContentObject hook, deprecated in 1.32, was removed. 1841 Use ArticleRevisionViewCustom to control output. 1842* DatabaseBlock::isValid, deprecated in 1.33, was removed. 1843* HTMLUserTextField and HTMLUsersMultiselectField previously implied 1844 required=true when exists=true. Form fields that use exists=true should also 1845 set required=true if they are required. 1846* In DatabaseUpdater, the following methods are no longer public: dropTable(), 1847 modifyTable(), modifyField(), runMaintenance(), copyFile(), appendLine(). 1848 In PostgresUpdater, the following methods are no longer public: 1849 addPgEnumValue(), addPgIndex(), addPgExtIndex(). This change was made without 1850 deprecation due to immediate danger of data corruption and loss, see T157651. 1851 Extensions should instead use dropExtensionTable(), 1852 modifyExtensionExtensionTable(), modifyExtensionField(), addExtensionUpdate(). 1853 The addExtensionUpdate() method can still be used to access any of the 1854 protected methods on DatabaseUpdater. 1855* ResourceLoader no longer provides the (always-true) variables for wgEnableAPI 1856 and wgEnableWriteAPI; they were deprecated in MediaWiki 1.31 and removed from 1857 the PHP environment in MediaWiki 1.32. 1858* The wfSetupSession global function, deprecated in 1.27, was removed. Use the 1859 persist() method of the right MediaWiki\Session\SessionManager object instead. 1860* The wfIsHHVM global function, deprecated in 1.34, was removed. 1861* GenderCache::doTitlesArray no longer accepts string values in its $titles 1862 array parameter. Use Title objects (or other LinkTarget) instead. 1863* Unused CommentStore::MAX_COMMENT_LENGTH has been removed. 1864* User::checkTemporaryPassword() and User::checkPassword(), deprecated in 1.27, 1865 were removed. Use AuthManager instead. 1866* All constants and class functions now have explicit visibility modifiers. This 1867 means, per [[mw:Stable interface policy]], that these should now be considered 1868 stable. This also helps MW align with PSR 2 and PSR 12. This was done based on 1869 audits of the corpus of skins and extensions hosted in Gerrit. If you find any 1870 that you need to be less restrictive (i.e. public or protected), please report 1871 these so that we can re-evaluate or suggest workarounds. 1872* BaseTemplate::msgWiki(), deprecated in 1.33, was removed. Use ->msg() or 1873 ->getMsg() instead. 1874* QuickTemplate::msgWiki(), deprecated in 1.33, was removed. Use ->msg() 1875 instead. 1876* WebInstaller::getErrorBox() and ::getWarningBox(), deprecated in 1.34, 1877 were removed. Use Html::errorBox() or ::warningBox() instead. 1878* SpecialVersion::getExtensionCredits() and SpecialVersion::getSkinCredits() 1879 have become private without deprecation. 1880* As part of the migration to a new hook system (T240307), the following classes 1881 now require an additional HookContainer constructor parameter: 1882 - AuthManager 1883 - BadFileLookup 1884 - BlockManager 1885 - ClassicInterwikiLookup 1886 - ContentHandlerFactory 1887 - ContentSecurityPolicy 1888 - DefaultOptionsManager 1889 - DerivedPageDataUpdater 1890 - FullSearchResultWidget 1891 - HtmlCacheUpdater 1892 - LanguageFactory 1893 - LanguageNameUtils 1894 - LinkRenderer 1895 - LinkRendererFactory 1896 - LocalisationCache 1897 - MagicWordFactory 1898 - MessageCache 1899 - NamespaceInfo 1900 - PageEditStash 1901 - PageHandlerFactory 1902 - PageUpdater 1903 - ParserFactory 1904 - PermissionManager 1905 - RevisionStore 1906 - RevisionStoreFactory 1907 - Router 1908 - SearchEngineConfig 1909 - SearchEngineFactory 1910 - SearchFormWidget 1911 - SearchNearMatcher 1912 - SessionBackend 1913 - SpecialPageFactory 1914 - UserNameUtils 1915 - UserOptionsManager 1916 - WatchedItemQueryService 1917 - WatchedItemStore 1918* The following classes now require setHookContainer() to be called after 1919 construction: 1920 - AuthenticationProvider 1921 - ResourceLoaderModule 1922 - SearchEngine 1923* The parameters to ChronologyProtector::getTouched() and 1924 ILBFactory::getChronologyProtectorTouched() were changed without backwards 1925 compatibility. 1926* The deprecated $blacklist parameter to wfIsBadImage() has been removed. 1927* SpecialBlock::checkUnblockSelf no longer accepts an integer representing 1928 an user ID as part of ongoing refactoring of SpecialBlock class. 1929* User::setInternalPassword() and User::setPassword(), deprecated in 1.27, have 1930 been removed. Use User::changeAuthenticationData() instead. 1931* User::selectFields(), deprecated in 1.31, has been removed. Use 1932 User::getQueryInfo() instead. 1933* The "legacy" serialization type in RESTBagOStuff, deprecated in 1.34, 1934 has been removed. 1935* The populateContentModel.php maintenance script was removed. It has 1936 been replaced by the populateContentTables.php script. 1937* The findHooks.php maintenance script, for the old hooks system, was removed. 1938* (T257278) Calling MediaWiki\Shell\Command::restrict() will now overwrite 1939 any previous restrictions rather than adding to them, making it possible to 1940 disable the default restrictions. 1941 1942=== Deprecations in 1.35 === 1943* The PHPUnit4And6Compat class, used to provide compatibility with PHPUnit 4, is 1944 now deprecated. MediaWiki support for PHPUnit 4 ended with the removal of HHVM 1945 support. 1946* LockManagerGroup::getDefault() and LockManagerGroup::getAny() are deprecated. 1947 They seem to be unused. Just use get() directly, and catch any exception. 1948* AbstractBlock::getPermissionsError and AbstractBlock::getBlockErrorParams are 1949 deprecated. Use BlockErrorFormatter::getMessage instead. 1950* The IP class is deprecated. Please instead use the Wikimedia\IPUtils class 1951 from the new wikimedia/ip-utils library instead. Additionally, the RE_IP_* 1952 constants are also deprecated. RE_IP_BYTE can be replaced with a class 1953 constant on the IPUtils class, while the others will eventually be made 1954 private. 1955* The following Language methods are deprecated: getFallbackFor, 1956 getFallbacksFor, getFallbacksIncludingSiteLanguage. Use the corresponding new 1957 methods on the LanguageFallback class: getFirst, getAll, and 1958 getAllIncludingSiteLanguage. 1959* FileJournal::factory is deprecated. Use the constructor directly instead. 1960* AbstractBlock methods setBlocker(), getBlocker() are deprecated and will 1961 become internal implementation of DatabaseBlock. 1962* Title::countRevisionsBetween has been deprecated and moved into RevisionStore. 1963* FileBackendGroup::singleton() is deprecated. Use MediaWikiServices instead. 1964* FileBackendGroup::destroySingleton() is deprecated. Test frameworks should 1965 instead reset MediaWikiServices between test runs. 1966 (MediaWikiIntegrationTestCase does this automatically.) 1967* GenderCache::singleton(), deprecated in 1.28, is hard deprecated. Use 1968 MediaWikiServices::getGenderCache() instead. 1969* MediaWikiIntegrationTest::setContentLang() has been deprecated. Use 1970 setMwGlobals( 'wgLanguageCode', 'xxx' ) to set a different site language 1971 code, or setService( 'ContentLanguage', $myObj ) to set a specific Language 1972 object. Service resets and $wgContLang will be handled automatically. 1973* MediaWikiIntegrationTest::assertType() has been deprecated, as part of the 1974 work to move to PHPUnit 8; PHPUnit's assertInternalType() was deprecated, and 1975 will be removed in PHPUnit 9. MediaWikiIntegrationTest::assertTypeOrValue(), 1976 a wrapper for assertType(), has been removed immediately, without deprecation. 1977* AbstractBlock::getReason is deprecated, since reasons are actually stored as 1978 CommentStoreComments, and getReason returns a string with no caller control 1979 over language or formatting. Instead use AbstractBlock::getReasonComment, 1980 which returns the CommentStoreComment. 1981* The global function wfGetRusage() is deprecated and will now always call the 1982 getrusage() function without checking for its existence. 1983* The properties User::mBlock, User::mBlockedby and User::mHideName are 1984 deprecated. Instead, use User::getBlock to get the block, then use 1985 AbstractBlock::getByName or AbstractBlock::getHideName.Use the GetUserBlock 1986 hook to set, unset or modify a block, including hiding or unhiding a user. 1987* Directly calling the MergeHistory constructor is deprecated. Instead, use the 1988 new MergeHistoryFactory class. 1989* Language::factory() and Language::getParentLanguage() are deprecated, and so 1990 is directly calling the Language constructor. Use the new LanguageFactory 1991 class instead. 1992* Language::classFromCode() is deprecated. There is no reason it should be used 1993 outside the Language class itself. 1994* Language::clearCaches() is deprecated. Instead, reset all services and set 1995 Language::$mLangObjCache = []. 1996* The following functions from Language class are deprecated in favour of 1997 respective functions in LanguageConverter: 1998 - autoConvert 1999 - autoConvertToAllVariants 2000 - convert 2001 - convertTitle 2002 - convertNamespace 2003 - hasVariants 2004 - hasVariant 2005 - convertHtml 2006 - convertCategoryKey 2007 - getVariants 2008 - getPreferredVariant 2009 - getURLVariant 2010 - findVariantLink 2011 - getExtraHashOptions 2012 - updateConversionTable 2013* Language::classFromCode() is hard deprecated and should be removed in 1.36 2014* Language::getConverter() is deprecated and should be removed in 1.36 2015* Language::MESSAGES_FALLBACKS, Language::STRICT_FALLBACKS were deprecated. 2016 Use LanguageFallback::MESSAGES and LanguageFallback::STRICT respectively 2017* Language::$mLangObjCache is deprecated and should be removed in 1.36. Use 2018 MediaWikiServices instead to get a LanguageFactory. 2019* Language::getMessagesFor(), getMessageFor(), and getMessageKeysFor() are 2020 deprecated. Use LocalisationCache's getItem(), getSubitem(), and 2021 getSubitemList() methods directly. 2022* OutputPage::getCSPNonce() is deprecated, use OutputPage::getCSP()->getNonce() 2023 instead. 2024* DerivedPageDataUpdater::prepareUpdate accepted as its second parameter an 2025 optional array of options. Specifying the value of the `oldrevision` key of 2026 the array to be a Revision object, rather than a RevisionRecord object, is 2027 hard deprecated. The same applies to the options parameter in 2028 WikiPage::doEditUpdates. 2029* Skin::makeI18nUrl() and makeNSUrl() have been deprecated, no longer used. 2030* Title::countAuthorsBetween and Title::getAuthorsBetween were hard deprecated. 2031 Use respective methods in RevisionStore instead. 2032* Remove deprecated SkinCopyrightFooter &$forContent parameter 2033* The following Language class static variables have been replaced with 2034 constants and deprecated: $mWeekdayMsgs, $mWeekdayAbbrevMsgs, $mMonthMsgs, 2035 $mMonthGenMsgs, $mMonthAbbrevMsgs, $mIranianCalendarMonthMsgs, 2036 $mHebrewCalendarMonthMsgs, $mHebrewCalendarMonthGenMsgs, 2037 $mHijriCalendarMonthMsgs and $durationIntervals. 2038* As part of dropping security support for IE 6 and IE 7, 2039 WebRequest::checkUrlExtension() has been deprecated, and now always returns 2040 true. 2041* The following ApiBase::PARAM_* constants have been deprecated in favor of 2042 equivalent ParamValidator constants: PARAM_DFLT, PARAM_ISMULTI, PARAM_TYPE, 2043 PARAM_MAX, PARAM_MAX2, PARAM_MIN, PARAM_ALLOW_DUPLICATES, PARAM_DEPRECATED, 2044 PARAM_REQUIRED, PARAM_SUBMODULE_MAP, PARAM_SUBMODULE_PARAM_PREFIX, PARAM_ALL, 2045 PARAM_EXTRA_NAMESPACES, PARAM_SENSITIVE, PARAM_DEPRECATED_VALUES, 2046 PARAM_ISMULTI_LIMIT1, PARAM_ISMULTI_LIMIT2, PARAM_MAX_BYTES, PARAM_MAX_CHARS. 2047* ApiBase::explodeMultiValue() is deprecated. Use 2048 ParamValidator::explodeMultiValue() instead. 2049* ApiBase::parseMultiValue() is deprecated. No replacement is provided; 2050 generally this sort of thing should be handled by fully validating the 2051 parameter. 2052* ApiBase::validateLimit() and ApiBase::validateTimestamp() are deprecated. 2053 Use ApiParamValidator::validateValue() with an appropriate settings array 2054 instead. 2055* ContentHandler (use ContentHandlerFactory): 2056 - getForTitle 2057 - getForContent 2058 - getForModelID 2059 - getContentModels 2060 - getAllContentFormats 2061 - protected $handler (not need anymore) 2062 - cleanupHandlersCache (not need anymore) 2063* (T212738) The $wgVersion global is deprecated; instead, use MW_VERSION. 2064* $wgMemc is deprecated, use MediaWikiServices::getLocalServerObjectCache() 2065 instead. 2066* ObjectCache::detectLocalServerCache() is deprecated, instead use 2067 MediaWikiServices::getLocalServerObjectCache() or 2068 ObjectCache::makeLocalServerCache(). 2069* ImagePage::getImageLimitsFromOptions() is deprecated. Use static function 2070 MediaFileTrait::getImageLimitsFromOptions() instead. 2071* As part of work to replace the Parser, alongside the breaking changes listed 2072 above, a large number of deprecations changes been made, to simplify the API 2073 or because they will not be supported in replacement: 2074 - Parser::doBlockLevels() (and BlockLevelPass class has been marked @internal) 2075 - Parser::setFunctionTagHook() 2076 - Parser::attributeStripCallback() 2077 - Parser::fetchTemplate() - use Parser::fetchTemplateAndTitle() instead. 2078 - Parser::enableOOUI() - use $parser->getOutput()->enableOOUI() instead. 2079 - LinkHolderArray has been deprecated for public usage and will be 2080 internal part of parser. 2081 - The following parser-related hooks have been deprecated: 2082 - InternalParseBeforeSanitize 2083 Use an alternative hook which doesn't expose internal half-parsed state, 2084 like ParserBeforeInternalParse or ParserAfterTidy 2085 - ParserFetchTemplate 2086 Use BeforeParserFetchTemplateAndTitle 2087 - ParserSectionCreate 2088 No replacement; <section> tag wrapping will be done by core in future. 2089 - BeforeParserrenderImageGallery 2090 No replacement; MediaHandler provides for customizable media rendering 2091 - ParserBeforeTidy 2092 Use ParserAfterTidy instead to avoid exposing internal half-parsed state 2093 - ParserBeforeStrip 2094 No replacement; stripping is no longer supported. 2095 - ParserAfterStrip 2096 No replacement; stripping is no longer supported. 2097 - The accessor/mutator methods Parser::Options(), Parser::OutputType(), and 2098 Parser::Title() have been deprecated; use the appropriate Parser::get* or 2099 Parser::set* methods instead. 2100 - Parser::firstCallInit() has been deprecated. The parser is initialized 2101 fully on construction and so ::firstCallInit() no longer has any effect 2102 when manually invoked. 2103 - ParserOptions::setAllowExternalImages(), ::setAllowExternalImagesFrom(), 2104 and ::setEnableImageWhitelist() have been deprecated. Future parsers 2105 will not allow per-parser configuration of image filtering; use 2106 site configuration instead. 2107 - ParserOptions::getTidy() and ParserOptions::setTidy() have been deprecated. 2108 These options no longer have any effect. 2109 - Most methods of MWTidy, except for MWTidy::tidy(), have been deprecated; 2110 tidiness is always enabled and not configurable. 2111 - Version 1 of the parserTests file format has been deprecated. You'll need to 2112 update your parser tests to version 2, which uses Remex tidy on all test 2113 output by default. Support for parser tests with Remex tidy off will later 2114 be removed entirely. 2115 - $wgParser — This global variable, soft deprecated in 1.32, has now been hard 2116 deprecated. Use MediaWikiServices::getInstance()->getParser() instead. 2117 (T160811) 2118* The signature of DefaultPreferencesFactory::__construct has been changed: 2119 - LanguageConverter $languageConverter has been added. 2120 and its usage with old arguments is hard deprecated. 2121* The public usage of the following properties of LanguageConverter have been 2122 deprecated as there is no reason they should be used outside the 2123 LanguageConverter class and will be changed from public to private: 2124 - mLangObj 2125 - mUcfirst 2126 - mConvRuleTitle 2127 - mURLVariant 2128 - mUserVariant 2129 - mHeaderVariant 2130 - mMaxDepth 2131 - mVarSeparatorPattern 2132 changed from public to protected: 2133 - mTables 2134* The ArticleEditUpdatesDeleteFromRecentchanges hook has been deprecated. Please 2135 use the RecentChange_save hook or similar instead. 2136* The ArticleEditUpdates hook has been deprecated. Please 2137 use the RevisionDataUpdates hook or similar instead. 2138* The SkinTemplatePreventOtherActiveTabs and SkinTemplateTabAction hooks have 2139 been hard deprecated. Please use the SkinTemplateNavigation__Universal hook 2140 instead. 2141* ResourceLoaderFileModule::compileLessFile() has been deprecated, use 2142 ResourceLoaderFileModule::compileLessString() instead 2143* The SquidPurgeClient and SquidPurgeClientPool classes have been deprecated. 2144 Use MultiHttpClient or HtmlCacheUpdater instead. 2145* MimeAnalyzer::getExtensionsForType() and ::getTypesForExtensions() were 2146 deprecated in favor of MimeAnalyzer::getExtensionsFromMimeType() and 2147 ::getMimeTypesFromExtension(), respectively. The new methods return arrays 2148 rather than strings. 2149* Calling Action::factory and Action constructor with WikiPage has been 2150 hard deprecated. Caller must provide an Article instance. 2151* ApiTestCase::doLogin, soft deprecated in 1.31, was hard deprecated. 2152* WebRequest::getLimitOffset is hard deprecated. Instead, use 2153 ::getLimitOffsetForUser and pass a User object. 2154* PageArchive::getPreviousRevision is hard deprecated. Instead, use the new 2155 ::getPreviousRevisionRecord method. 2156* PageArchive::getArchivedRevision is hard deprecated. Instead, use the new 2157 ::getArchivedRevisionRecord method. 2158* PageArchive::undelete is hard deprecated. Instead, use ::undeleteAsUser 2159 and pass a User object. 2160* PageArchive::getRevision is hard deprecated. 2161* EditPage::getBaseRevision was hard deprecated. Instead, use the new 2162 ::getExpectedParentRevision method. 2163* The public variable EditPage::$mBaseRevision was hard deprecated. 2164* FileDeleteForm previously did not accept a user parameter in its constructor, 2165 instead relying on the global $wgUser. A user parameter has been added, 2166 and //not// providing a user is deprecated. There are no known callers 2167 outside of mediawiki core. 2168* AuthManager::singleton() has been deprecated. Use 2169 MediaWikiServices::getInstance()->getAuthManager() instead. 2170* ContribsPager::tryToCreateValidRevision is hard deprecated. Instead, use 2171 ContribsPager::tryCreatingRevisionRecord. 2172* The following functions all accept an optional user parameter. Not passing a 2173 user is hard deprecated, and support for calling them without passing a user 2174 will be removed in 1.36: 2175 - Title::getNotificationTimestamp (note however that the method is deprecated 2176 in its entirely in favor of the new WatchlistNotificationManager service) 2177 - PatrolLog::record 2178 - LogEventsList::userCan 2179 - LogEventsList::userCanBitfield 2180 - LogEventsList::userCanViewLogType 2181 - LogPage::addEntry 2182 - FileDeleteForm::doDelete 2183 - OldLocalFile::userCan 2184 - ArchivedFile::userCan 2185 - File::userCan 2186* The following functions all accept an optional audience parameter and 2187 an optional user parameter. If the audience is FOR_THIS_USER and no 2188 user is passed, they fallback to $wgUser. Not passing a user when 2189 one is needed is deprecated 2190 - LogEventsList::getExcludeClause 2191 - WikiPage::getComment 2192 - WikiPage::getCreator 2193 - WikiPage::getUser 2194 - WikiPage::getUserText 2195* UploadBase::checkWarnings now accepts a User parameter; not providing a 2196 user is soft deprecated. 2197* Article::insertProtectNullRevision and WikiPage::insertProtectNullRevision 2198 were hard deprecated. Instead, use WikiPage::insertNullProtectionRevision. 2199* Article::doDeleteArticle, Article::doDeleteArticleReal, and 2200 WikiPage::doDeleteArticle are all deprecated. Instead, use 2201 WikiPage::doDeleteArticleReal. 2202* Article::getComment is deprecated. Instead, use WikiPage::getComment. 2203* Article::getCreator is deprecated. Instead, use WikiPage::getCreator. 2204* Article::updateRevisionOn() and ::updateIfNewerOn(), and 2205 WikiPage::updateIfNewerOn() are deprecated. Instead, use 2206 WikiPage::updateRevisionOn(). 2207* Article::getUser is deprecated. Instead, use WikiPage::getUser. 2208* Article::getUserText is deprecated. Instead, use WikiPage::getUserText. 2209* Article::prepareContentForEdit is hard deprecated. Instead, use 2210 WikiPage::prepareContentForEdit. 2211* WikiPage::prepareContentForEdit previously accepted either a Revision or a 2212 RevisionRecord object as its optional second parameter. Passing a Revision 2213 is now hard deprecated. 2214* Article::getUndoContent and WikiPage::getUndoContent are hard deprecated. 2215 Instead, use ContentHandler::getUndoContent. 2216* Passing Revision objects to ContentHandler::getUndoContent is hard deprecated. 2217 Instead, pass the associated Content objects, as well as whether the undo is 2218 from the current revision. 2219* Article::doDeleteUpdates and ::doEditUpdates are deprecated. Instead, 2220 use WikiPage::doDeleteUpdates and ::doEditUpdates. 2221* WikiPage::doEditUpdates previously accepted a Revision object as its first 2222 parameter. It now accepts RevisionRecord objects, and passing Revision 2223 objects is deprecated. 2224* Article::getRevisionFetched is deprecated. Instead, use the 2225 fetchRevisionRecord method, which has been converted from protected to 2226 public. 2227* LocalFileDeleteBatch was migrated to a new constructor signature with the 2228 user as the second parameter. Support for the old signature is hard 2229 deprecated, and once removed the user parameter will be required. At the 2230 same time, a number of file-deletion related methods were updated 2231 - File::delete is hard deprecated in favor of the new ::deleteFile 2232 - LocalFile::delete is hard deprecated in favor of the new ::deleteFile 2233 - LocalFile::deleteOld is hard deprecated in favor of the new ::deleteOldFile 2234 - ForeignDBFile::delete is hard deprecated in favor of the new ::deleteFile 2235* File::recordUpload (along with the respective methods in the LocalFile and 2236 ForeignDBFile classes) is hard deprecated, and LocalFile::recordUpload2 is 2237 soft deprecated. Use the new LocalFile::recordUpload3, which has a different 2238 signature and requires that a User parameter is passed. 2239* The SpecialPageFactory class was moved from the MediaWiki\Special namespace 2240 to the MediaWiki\SpecialPage namespace. The old location remains as a 2241 deprecated alias. 2242* Title::userCan, ::quickUserCan, and ::getUserPermissionsErrors, which 2243 were deprecated in 1.33, were hard deprecated. Instead, use 2244 PermissionManager::userCan, ::quickUserCan, and ::getPermissionErrors. 2245* All methods of the old SpecialPageFactory, deprecated in 1.32, were hard 2246 deprecated. Instead, get a SpecialPageFactory from MediaWikiServices and 2247 use its methods. 2248* User::updateNewtalk now accepts as its optional third parameter a 2249 RevisionRecord object; passing a Revision is hard deprecated. 2250* User::getNewMessageRevisionId and ::getNewMessageLinks were hard deprecated. 2251* DifferenceEngine::getRevisionHeader now accepts a RevisionRecord as its 2252 first parameter; passing a Revision is hard deprecated. 2253* WikiPage::doDeleteUpdates now accepts as its optional third parameter 2254 a RevisionRecord object; passing a Revision is hard deprecated. 2255* WikiPage::onArticleEdit now accepts as its optional second parameter 2256 a RevisionRecord object; passing a Revision is hard deprecated. 2257* Global $wgUser variable was soft deprecated. 2258* The Revision class was soft deprecated entirely in 1.31. All methods 2259 have now been individually hard deprecated: 2260 - ::__construct - create MutableRevisionRecord objects instead 2261 - ::newFromId - use RevisionLookup::getRevisionById instead 2262 - ::newFromTitle - use RevisionLookup::getRevisionByTitle instead 2263 - ::newFromPageId - use RevisionStore::getRevisionByPageId instead 2264 - ::newFromArchiveRow - use RevisionFactory::newRevisionFromArchiveRow 2265 - ::newFromRow - use RevisionStore::newRevisionFromRow instead 2266 - ::loadFromPageId - use RevisionStore::getRevisionByPageId instead 2267 - ::loadFromTitle - use RevisionStore::getRevisionByTitle instead 2268 - ::loadFromTimestamp - use RevisionStore::getRevisionByTimestamp instead 2269 - ::getQueryInfo - use RevisionStore::getQueryInfo instead 2270 - ::getArchiveQueryInfo - use RevisionStore::getArchiveQueryInfo instead 2271 - ::getParentLengths - use RevisionStore::getRevisionSizes instead 2272 - ::getRevisionRecord - no replacement 2273 - ::getId - use RevisionRecord::getId instead 2274 - ::setId - use MutableRevisionRecord::setId instead 2275 - ::setUserIdAndName - use MutableRevisionRecord::setUser instead 2276 - ::getTextId - use SlotRecord::getContentAddress for retrieving an actual 2277 content address, or RevisionRecord::hasSameContent to compare content 2278 - ::getParentId - use RevisionRecord::getParentId instead 2279 - ::getSize - use RevisionRecord::getSize instead 2280 - ::getSha1 - use RevisionRecord::getSha1 instead 2281 - ::getTitle - use RevisionRecord::getPageAsLinkTarget instead 2282 - ::setTitle - the method was previously a no-op 2283 - ::getPage - use RevisionRecord::getPageId instead 2284 - ::getUser - use RevisionRecord::getUser and then User::getId instead 2285 - ::getUserText - use RevisionRecord::getUser and then User::getName instead 2286 - ::getComment - use RevisionRecord::getComment instead 2287 - ::isMinor - use RevisionRecord::isMinor instead 2288 - ::isUnpatrolled - use RevisionStore::getRcIdIfUnpatrolled instead 2289 - ::getRecentChange - use RevisionStore::getRecentChange instead 2290 - ::isDeleted - use RevisionRecord::isDeleted instead 2291 - ::getVisibility - use RevisionRecord::getVisibility instead 2292 - ::getContent - use RevisionRecord::getContent instead 2293 - ::getSerializedData - use SlotRecord::getContent for retrieving a 2294 content object, and Content::serialize for the serialized form 2295 - ::getContentModel - use SlotRecord::getModel instead 2296 - ::getContentFormat - use SlotRecord::getFormat instead, with a fallback 2297 to ContentHandler::getDefaultFormat 2298 - ::getContentHandler - use ContentHandlerFactory::getContentHandler instead 2299 - ::getTimestamp - use RevisionRecord::getTimestamp instead 2300 - ::isCurrent - use RevisionRecord::isCurrent instead 2301 - ::getPrevious - use RevisionLookup::getPreviousRevision instead 2302 - ::getNext - use RevisionLookup::getNextRevision instead 2303 - ::getRevisionText - use RevisionRecord::getContent instead 2304 - ::compressRevisionText - use SqlBlobStore::compressData instead 2305 - ::decompressRevisionText - use SqlBlobStore::decompressData instead 2306 - ::insertOn - use RevisionStore::insertRevisionOn instead 2307 - ::base36Sha1 - use SlotRecord::base36Sha1 instead 2308 - ::newNullRevision - use RevisionStore::newNullRevision 2309 - ::userCan - use RevisionRecord::userCanBitfield instead 2310 - ::userCanBitfield - use RevisionRecord::userCanBitfield instead 2311 - ::getTimestampFromId - use RevisionStore::getTimestampFromId instead 2312 - ::countByPageId - use RevisionStore::countRevisionsByPageId instead 2313 - ::countByTitle - use RevisionStore::countRevisionsByTitle instead 2314 - ::userWasLastToEdit - use RevisionStore::userWasLastToEdit instead 2315 - ::newKnownCurrent - use RevisionStore::getKnownCurrentRevision instead 2316* The Revision method had a few methods that were previously protected and 2317 have been made private. They were: 2318 - ::getRevisionStore 2319 - ::getRevisionLookup 2320 - ::getRevisionFactory 2321 - ::getBlobStore 2322 The $mRecord variable was also changed from protected to private. 2323* Multiple hooks that include Revision objects were deprecated. The hooks, as 2324 well as suitable replacements, are noted below: 2325 - ArticleRevisionUndeleted (hard deprecated, use the RevisionUndeleted hook) 2326 - ArticleRollbackComplete (hard deprecated, use the RollbackComplete hook) 2327 - DiffRevisionTools (hard deprecated, use the DiffTools hook) 2328 - DiffViewHeader (hard deprecated, use the DifferenceEngineViewHeader hook) 2329 - HistoryRevisionTools (hard deprecated, use the HistoryTools hook) 2330 - NewRevisionFromEditComplete (hard deprecated, use the 2331 RevisionFromEditComplete hook). 2332 - PageContentInsertComplete (hard deprecated, use the PageSaveComplete hook) 2333 - PageContentSaveComplete (hard deprecated, use the PageSaveComplete hook) 2334 - RevisionInsertComplete (soft deprecated in 1.31, now hard deprecated) 2335 - TitleMoveCompleting (hard deprecated, use the PageMoveCompleting hook) 2336 - TitleMoveComplete (hard deprecated, use the PageMoveComplete hook) 2337 - UndeleteShowRevision (hard deprecated) 2338* The following RevisionStore methods were deprecated: 2339 - ::loadRevisionFromTitle 2340 - ::loadRevisionFromTimestamp 2341 - ::loadRevisionFromPageId 2342 - ::listRevisionSizes 2343* WikiPage::$mLastRevision was changed from protected to private. 2344* RecentChange::markPatrolled was deprecated. Use ::doMarkPatrolled instead. 2345* The JobRunner class has been converted to a service class. 2346 Direct construction is deprecated, use MediaWikiServices::getJobRunner. 2347* JobRunner::setLogger has been deprecated, thus using JobRunner as a 2348 LoggerAwareInterface is deprecated as well. Rely on the logger passed in the 2349 constructor instead. 2350* LogEventsList::typeAction accepts an optional right to check against as 2351 the fourth parameter. Specifying such a right is deprecated. 2352* SkinTemplate::makeArticleUrlDetails has been deprecated, no longer used. 2353* Passing a Revision object into CategoryMembershipChange constructor is 2354 deprecated. Pass a RevisionRecord instead. 2355* The "mediawiki.legacy.oldshared" module has been deprecated. 2356 Skins and extensions that are using this should copy its necessary CSS rules 2357 to their own styles module. CologneBlue and Nostalgia skins serve as examples. 2358* The "mediawiki.legacy.shared" module has been deprecated. 2359 Use the "mediawiki.skinning.*" modules, or ResourceLoaderSkinModule instead. 2360* The following hooks, soft deprecated in 1.24, have been hard deprecated: 2361 - APIQueryInfoTokens 2362 - APIQueryRecentChangesTokens 2363 - APIQueryRevisionsTokens 2364 - APIQueryUsersTokens 2365 - ApiTokensGetTokenTypes 2366* Calling Action::factory and Action constructor with any Page implementations 2367 other than Article is deprecated. 2368* Action::page property is deprecated for direct access. 2369 Use Action::getArticle or Action::getWikiPage instead. 2370* LESS `.background-image-svg()` mixin from 'mediawiki.mixins.less' is 2371 deprecated and should be removed in 1.36. 2372* LESS `.background-image-svg-quick()` mixin from 'mediawiki.mixins.less' is 2373 deprecated and should be removed in 1.36. 2374* The following methods were deprecated: 2375 - Title::getFirstRevision (hard deprecated) 2376 - Title::getEarliestRevTime 2377 - WikiPage::getOldestRevision (hard deprecated) 2378 - Article::getOldestRevision (hard deprecated) 2379 Use RevisionStore::getFirstRevision instead. 2380* WikiPage::commitRollback and ::doRollback are declared to be internal 2381 in preparation for breaking changes. Neither method has any known 2382 callers outside of MediaWiki core. Both methods modify an array passed 2383 by reference ($resultDetails) - accessing the Revision objects added to 2384 that array (using the keys `current` and `target`) is also deprecated. 2385* The following Linker methods previously accepted Revision objects as 2386 parameters. They now accept either Revision or RevisionRecord objects. 2387 Passing a Revision object is hard deprecated. 2388 - ::revUserLink 2389 - ::revUserTools 2390 - ::revComment 2391 - ::generateRollback 2392 - ::getRollbackEditCount 2393 - ::buildRollbackLink 2394 - ::getRevDeleteLink 2395* WikiPage::hasDifferencesOutsideMainSlot previously accepted Revision 2396 objects for its two parameters. It now accepts RevisionRecord objects, 2397 and passing Revision objects is hard deprecated. 2398* WikiPage::updateRevisionOn previously accepted Revision objects for its 2399 second parameter. It now accepts RevisionRecord objects, and passing 2400 Revision objects is hard deprecated. 2401* The ParserGetVariableValueVarCache hook has been deprecated. 2402* When using the ParserGetVariableValueSwitch hook, the following unusual 2403 uses have been deprecated: modifying the passed $magicWordId or failing to 2404 cache the returned value in $variableCache. The related 2405 MagicWordwgVariableIDs hook has been deprecated and renamed; use 2406 the GetMagicVariableIDs hook instead. 2407* The following Parser properties have been deprecated: 2408 - ::$mTagHooks 2409 - ::$mFunctionHooks 2410 - ::$mMarkerIndex 2411 - ::$mFirstCall 2412 - ::$mPreprocessor 2413 - ::$mOutput 2414 - ::$mStripState 2415 - ::$mLinkID 2416 - ::$mIncludeSizes 2417 - ::$mPPNodeCount 2418 - ::$mGeneratedPPNodeCount 2419 - ::$mHighestExpansionDepth 2420 - ::$mDoubleUnderscores 2421 - ::$mExpensiveFunctionCount 2422 - ::$mShowToc 2423 - ::$mUser 2424 - ::$mOptions 2425 - ::$mTitle 2426 - ::$ot 2427 - ::$mRevisionObject 2428 - ::$mRevisionId 2429 - ::$mRevisionTimestamp 2430 - ::$mRevisionUser 2431 - ::$mRevisionSize 2432 - ::$mInputSize 2433 - ::$mInParse 2434* LinksUpdate::getRevision and ::setRevision are hard deprecated in favor 2435 of the new ::getRevisionRecord and ::setRevisionRecord methods. 2436* A large number of exposed variables and methods of Article were deprecated as 2437 part of its planned removal: 2438 - Article::$mContext is deprecated; use getContext()/setContext() instead. 2439 - Article::__get(), ::__set() are hard deprecated, use the WikiPage properties 2440 instead. 2441 - These Article methods were hard deprecated; use their WikiPage equivalents: 2442 - ::checkFlags, 2443 - ::checkTouched, 2444 - ::clearPreparedEdit, 2445 - ::commitRollback, 2446 - ::doDeleteArticleReal, 2447 - ::doEditContent, 2448 - ::doPurge, 2449 - ::doRollback, 2450 - ::doUpdateRestrictions, 2451 - ::doViewUpdates, 2452 - ::exists, 2453 - ::followRedirect, 2454 - ::getContentHandler, 2455 - ::getContentModel, 2456 - ::getContributors, 2457 - ::getDeletionUpdates, 2458 - ::getHiddenCategories, 2459 - ::getId, 2460 - ::getLatest, 2461 - ::getLinksTimestamp, 2462 - ::getMinorEdit, 2463 - ::getRedirectTarget, 2464 - ::getRedirectURL, 2465 - ::getTimestamp, 2466 - ::getTouched, 2467 - ::hasViewableContent, 2468 - ::insertOn, 2469 - ::insertRedirect, 2470 - ::insertRedirectEntry, 2471 - ::isCountable, 2472 - ::isRedirect, 2473 - ::loadFromRow, 2474 - ::loadPageData, 2475 - ::lockAndGetLatest, 2476 - ::makeParserOptions, 2477 - ::pageDataFromId, 2478 - ::pageDataFromTitle, 2479 - ::prepareContentForEdit, 2480 - ::protectDescription, 2481 - ::protectDescriptionLog, 2482 - ::replaceSectionAtRev, 2483 - ::setTimestamp, 2484 - ::shouldCheckParserCache, 2485 - ::supportsSections, 2486 - ::triggerOpportunisticLinksUpdate, 2487 - ::updateCategoryCounts, and 2488 - ::updateRedirectOn. 2489 - Article::generateReason() was hard deprecated; instead, please use 2490 WikiPage::getAutoDeleteReason(). 2491 - Article::replaceSectionContent() was hard deprecated, use 2492 Article::replaceSectionAtRev() instead. 2493 - Article::getRevision and WikiPage::getRevision were hard deprecated in favor 2494 of the new WikiPage::getRevisionRecord method. 2495* A new UserNameUtils service was introduced. The following User methods 2496 were deprecated in favor of using the new service: 2497 - isIP 2498 - isIPRange 2499 - isValidUserName 2500 - isUsableName 2501 - isCreatableName 2502 - getCanonicalName 2503* The signature of WikiPage::doDeleteArticleReal was changed to make the user 2504 the second parameter, and the suppression option the third parameter. 2505 Previously, the third parameter was unused. Using the old signature is 2506 hard deprecated. 2507* ApiQueryRevisions::getRollbackToken, which has been soft deprecated since 2508 1.24, accepted as its third parameter a Revision object. It now accepts 2509 a RevisionRecord, and passing a Revision is hard deprecated. 2510* Passing Article to ParserCache::get() was deprecated 2511* ParserOptions::newCanonical() with no first parameter, or null as the first 2512 parameter, which falls back to using global $wgUser, is hard deprecated. 2513* Parser::fetchCurrentRevisionOfTitle, ::statelessFetchRevision, and 2514 ::getRevisionObject were hard deprecated in favor of the new 2515 ::fetchCurrentRevisionRecordOfTitle, ::statelessFetchRevisionRecord, 2516 and ::getRevisionRecordObject methods respectively. 2517* ParserOptions::getCurrentRevisionCallback and ::setCurrentRevisionCallback 2518 were hard deprecated in favor of the new ::getCurrentRevisionRecordCallback 2519 and ::setCurrentRevisionRecordCallback methods respectively. 2520* Parser::statelessFetchTemplate returns an array; accessing the Revision 2521 object returned (via the `revision` key to the array) is deprecated. Instead, 2522 use `revision-record` to retrieve the equivalent RevisionRecord. 2523* WikiPage::doEditContent returns an array, and PageUpdater::getStatus returns 2524 a Status object with an array value. For both of those arrays, accessing the 2525 Revision object returned (via the `revision` key to the array) is deprecated. 2526 Instead, use `revision-record` to retrieve the equivalent RevisionRecord. 2527* Page interface was deprecated. Use Article or WikiPage instead. 2528* The following DatabaseBlock methods are deprecated because they are no longer 2529 needed in core: chooseBlock, fromMaster, deleteIfExpired. 2530* wfGetScriptUrl() was deprecated. The script URL should be configured rather 2531 than detected. wfScript() can be used to get a configured script URL. 2532* Action::factory() with null $action argument is hard deprecated 2533* The following methods of the User class were deprecated: getDefaultOptions, 2534 getDefaultOption, getOptions, getOption, getBoolOption, getIntOption, 2535 setOption, listOptionKinds, getOptionKinds, resetOptions. Use corresponding 2536 methods in UserOptionsLookup or UserOptionsManager service classes instead. 2537* UserRetrieveNewTalks hook was deprecated without replacement. 2538* User::getNewtalk and ::setNewtalk were hard deprecated. Use service 2539 TalkPageNotificationManager instead. 2540* EditPage::matchSpamRegex and ::matchSummarySpamRegex were hard deprecated in 2541 favor of the new SpamChecker service. 2542* Title::getNotificationTimestamp, User::clearNotification, and 2543 User::clearAllNotifications were deprecated in favor of the new 2544 WatchlistNotificationManager service. 2545* SpecialPage::setListed() and SpecialPage::listed() were deprecated. Subclass 2546 UnlistedSpecialPage to set listed as false, and use SpecialPage::isListed() 2547 to get the value. 2548* CategoryPage::getCategoryViewerClass() and ::setCategoryViewerClass() were 2549 deprecated. 2550* MWHttpRequest and its subclasses PhpHttpRequest, CurlHttpRequest and 2551 GuzzleHttpRequest now require the timeout and connectTimeout options to 2552 always be specified, otherwise a deprecation warning will be raised. Most 2553 callers should use HttpRequestFactory which always sets these options. 2554* Linker::normaliseSpecialPage() has been deprecated, instead make use of 2555 LinkRenderer::normalizeTarget(). 2556* SkinTemplate::getPersonalToolsList() was soft deprecated. 2557* ChangeTags::truncateTagDescription() has been deprecated. 2558* The following methods of the User class are deprecated: getGroups, 2559 getGroupMemberships, getEffectiveGroups, getAutomaticGroups, 2560 addGroup, removeGroup, getFormerGroups, getAllGroups, getImplicitGroups, 2561 addAutopromoteOnceGroups. Use the new UserGroupManager service instead. 2562* The following methods of the UserGroupMembership class were deprecated: 2563 selectFields, getMembershipsForUser, getMembership, insert, delete, 2564 newFromRow, initFromRow, purgeExpired. 2565 Use the new UserGroupManager service instead. 2566* wfWaitForSlaves() has been hard deprecated. Use LBFactory::waitForReplication 2567 instead. It was soft deprecated in 1.27. 2568* BaseTemplate::getAfterPortlet and ::renderAfterPortlet have been deprecated in 2569 favor of the Skin::getAfterPortlet method. Skin::getAfterPortlet does not wrap 2570 the result in a div, callers are responsible for that. 2571 The hook BaseTemplateAfterPortlet, called by both methods has been deprecated 2572 as well and is replaced by SkinAfterPortlet. 2573* Autopromote class has been soft deprecated and it's methods moved into 2574 UserGroupManager. 2575* SkinTemplateBuildNavUrlsNav_urlsAfterPermalink hook has been deprecated. 2576 Use SidebarBeforeOutput hook and get the revision id from the OutputPage 2577 object. 2578* BaseTemplate::getToolbox() method has been soft deprecated. The toolbox data 2579 is now available in a sidebar data array which you can get from any class 2580 that's extending QuickTemplate class. The hook associated with this method, 2581 BaseTemplateToolbox, has been hard deprecated. To add items to the toolbox, 2582 use SidebarBeforeOutput hook instead. 2583* The SkinTemplateOutputPageBeforeExec hook is deprecated. 2584 The page [[mw:Manual:Hooks/SkinTemplateOutputPageBeforeExec]] and T60137 2585 for recommendations for alternative approaches based on how developers 2586 previously used this hook. 2587* SkinTemplateToolboxEnd hook has been deprecated. Use SidebarBeforeOutput hook 2588 instead. 2589* Using Skin::addToBodyAttributes() method to add body attributes has been 2590 deprecated. Use OutputPageBodyAttributes hook instead. 2591* Installer::getDBTypes has been hard deprecated in favor of 2592 InstallerDBSupport::getDatabases 2593* The hooks BeforeHttpsRedirect, CanIPUseHTTPS and UserRequiresHTTPS were 2594 deprecated, as part of a long-term plan to remove support for mixed 2595 HTTP/HTTPS wikis. 2596* Skin::generateDebugHTML() has been hard deprecated. Call 2597 MWDebug::getHTMLDebugLog() directly. 2598* ExternalStoreDB::getSlave(), soft deprecated in 1.34, was hard deprecated. 2599 Use ExternalStoreDB::getReplica() instead. 2600* Less variables in mediawiki.ui/variables.less file that don't follow the 2601 standard variable naming scheme (compare WikimediaUI Base) including 2602 `@colorGray* variables have been deprecated. New variables are in place and 2603 aliases have been set. Replace occurrences and use the new variables instead. 2604 2605=== Other changes in 1.35 === 2606* A new maintenance script is added (purgeExpiredWatchlistItems.php) with which 2607 to delete expired watchlist items. These items will also be deleted during 2608 wiki editing if $wgWatchlistPurgeRate is > 0. This maintenance script only 2609 has effect if $wgWatchlistExpiry is true. It is recommended that a cronjob or 2610 similar be set up to run it at least daily. 2611* Title::purgeSquid is deprecated. Use MediaWikiServices::getHtmlCacheUpdater. 2612* SpecialVersion::getExtLicenseFileName() has been deprecated, use 2613 MediaWiki\ExtensionInfo::getLicenseFileNames() instead. 2614* SpecialVersion::getExtAuthorsFileName() has been deprecated, use 2615 MediaWiki\ExtensionInfo::getAuthorsFileName() instead. 2616* Migration to the new content storage schema is complete, all backwards 2617 compatibility code and duplication in the database have been removed. 2618 The old schema was a 1:1 relationship modeled by 2619 revision.text_id -> text.old_id. The new schema is a n:m relationship, 2620 revision.rev_id <- slots.slot_revision_id|slots.slot_content_id -> 2621 content.content_id|content.content_address -> text.old_id. The same applies 2622 to the archive table. 2623 The following fields were removed: 2624 - revision.rev_text_id, replaced by content.content_address 2625 - revision.rev_content_model, replaced by content.content_model, 2626 referencing content_models.model_id 2627 - revision.rev_content_format, replaced by automatic detecting in 2628 ContentHandler 2629 - archive.ar_text_id, replaced by content.content_address 2630 - archive.ar_content_model, replaced by content.content_model, 2631 referencing content_models.model_id 2632 - archive.ar_content_format, replaced by automatic detecting in 2633 ContentHandler 2634* Migration to normalized storage of edit comments and user names is 2635 progressing. The following fields were unused and have been removed: 2636 - revision.rev_comment, 2637 replaced by rev_comment_id referencing comment.comment_id. 2638 - revision.rev_user and rev_user_text, 2639 replaced by rev_actor referencing actor.actor_id. 2640 Note that archive.ar_user, archive.ar_user_text, and archive.ar_comment 2641 had already been removed in previous releases. 2642* The printableversion has been marked as deprecated per T167956. 2643* (T30162, T245387) The installer supports using a Postgres server running 2644 on a custom port other than 5432. 2645 2646= MediaWiki 1.34 = 2647 2648== MediaWiki 1.34.4 == 2649 2650This is a maintenance release of the Mediawiki 1.34 branch. 2651 2652=== Changes since MediaWiki 1.34.3 === 2653* Fixed issue relating to backporting of changes for T260485. 2654 2655== MediaWiki 1.34.3 == 2656 2657This is a security and maintenance release of the MediaWiki 1.34 branch. 2658 2659=== Changes since MediaWiki 1.34.2 === 2660* In the web installer, use secure session cookies. 2661* Make UsersPager::requestedGroup public. 2662* (T257407) Split patch-drop-user-fields.sql into patch per table. 2663* (T257356) Split patch-drop-comment-fields.sql into patch per table. 2664* (T257997) Undeprecate WebInstaller::getInfoBox(). 2665* Added $wgForceHTTPS, which makes the HTTP to HTTPS redirect be unconditional 2666 and suppresses various hacks needed to support mixed HTTP/HTTPS wikis. We 2667 recommend this be set to true on pure HTTPS wikis. 2668* Added $wgCookieSameSite, which allows login cookies to be sent with 2669 SameSite=None. This is required for cross-site CentralAuth autologin after 2670 Chrome 84. 2671* Added $wgUseSameSiteLegacyCookies, which adds a compatibility hack to 2672 SameSite=None cookies for browsers which implemented an incompatible draft 2673 version of the specification. 2674* (T257207) shell: Expand documentation in firejail.profile. 2675* (T246135) Give the "remember me" checkbox a specific CSS class so skins 2676 like Minerva can only hide that checkbox. 2677* (T256287) rdbms: improve DBConnRef domain selection exception message. 2678* (T248191, T259123) phpunit: Acknowledge known dberror from 2679 SpecialPageFatalTest. 2680* (T256394, T259123) Cleanup up excess commit() call in LocalRepoTest. 2681* Fix runBatchedQuery.php for no result from select. 2682* (T130906) Add Edge to MediaWiki:Clearyourcache. 2683* (T249521) reassignEdits: Update script to use User::newFromName for anon 2684 users. 2685* (T172060) GlobalFunctions: Use php_uname instead of posix_uname. 2686* Use IPset in MWRestrictions::checkIP. 2687* (T260031) Add application/font-sfnt to MimeMap for ttf files. 2688* shell: Make ->restrict( RESTRICT_NONE ) actually work. 2689* (T183759) Fixes shell edge-cases in Windows. 2690* (T258390) Add CentralIdLookup::factoryNonLocal(). 2691* (T246991) User: Fix pingLimiter() to use makeGlobalKey() for global rate 2692 limits. 2693* (T232568, CVE-2020-25813) SECURITY: Special:UserRights exposes the existence 2694 of hidden users. 2695* (T251661, CVE-2020-25827) SECURITY: User::pingLimiter: add user-global rate 2696 limit type. 2697* (T246991) User: enforce pingLimiter() expiry time. 2698* (T260232) don't include null page ids in query list for category dumps. 2699* (T251506) Sanitizer: Truncate IDs to a reasonable length. 2700* (T262900) Fix failure of rebuildLocalisationCache.php due to RL hook. 2701* Explicitly wrap some XML calls in libxml_disable_entity_loader(). 2702* (T263455 T247285) Set EnableJavaScriptTest to true in 2703 includes/DevelopmentSettings.php. 2704* (T232568, CVE-2020-25813) SECURITY: SpecialUserrights: If a viewer lacks 2705 `hideuser`, ignore hidden users. 2706* (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on 2707 Special:Contributions. 2708* (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within 2709 LogEventsList. 2710* (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking 2711 firejail's --output functionality. 2712* (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and 2713 'style' attribute. 2714* (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in 2715 mw.message( ... ).parse(). 2716* (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct 2717 database. 2718* (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used. 2719 2720== MediaWiki 1.34.2 == 2721 2722This is a security and maintenance release of the MediaWiki 1.34 branch. 2723 2724=== Changes since MediaWiki 1.34.1 === 2725* (T247017) PasswordReset performance improvements. 2726* The MultiHttpClient code will fallover to non-curl if curl_multi* is blocked. 2727* (T250568) Work around change in SimpleXMLElement behavior introduced in PHP 2728 7.3.17. 2729* (T251789) Let $wgResourceLoaderMaxQueryLength=-1 fallback to default. 2730* Remove some rotten and out of date documentation. 2731* (T252311) Improvements to some older SQLite update patches. 2732* (T240307) Minor fixes to extension.schema.v2.json and 2733 extension.schema.v1.json. 2734* (T238043) cleanupUsersWithNoId.php: Handle missing fields. 2735* (T199474) Set rc_patrolled to 2 for autopatrolled changes in 2736 rebuildrecentchanges.php. 2737* (T229461) Update the change_tag table in rebuildrecentchanges.php. 2738* (T249730) Password Reset Updates. 2739* (T234450) Per-user concurrency in SpecialContributions can now be limited by 2740 setting $wgPoolCounterConf['SpecialContributions'] appropriately. 2741* (T248947) SECURITY: img_auth.php may leak private extension images into the 2742 public cache. 2743 2744== MediaWiki 1.34.1 == 2745 2746This is a security and maintenance release of the MediaWiki 1.34 branch. 2747 2748=== Changes since MediaWiki 1.34.0 === 2749* (T211450) User: better error message when getActorId fails. 2750* (T241340) Don't redefine MW_ENTRY_POINT in thumb.php if already defined. 2751* (T236444) User: Allow newSystemUser() to create over anonymous actors. 2752* (T238483) Fix NewPagesPager "hide registered users" option. 2753* (T245072) mediawiki.language: Rename languageData back to languageNames. 2754* Use proper SemVer comparison in CheckComposerLockUpToDate. 2755* (T212738) Add the MW_VERSION constant, global $wgVersion is soft deprecated. 2756* (T246127) Fix error when initialising updateCollation.php. 2757* Update comment about PHP versions supported by The PHP Group. 2758* (T247215) Fix output of RecountCategories::doWork(). 2759* Add check for page existence to view.php maintenance script. 2760* (T245149) Fix fetching login token from action=query&meta=tokens on private 2761 wikis. 2762* (T236509) SECURITY: Fix HTML escaping in UserGroupMembership::getLink(). 2763* (T232932) SECURITY: User content can redirect the logout button to different 2764 URL. 2765* (T246602) SECURITY: jquery.makeCollapsible allows applying event handler to 2766 any CSS selector. 2767 2768== MediaWiki 1.34.0 == 2769 2770=== Changes since MediaWiki 1.34.0-rc.1 === 2771* $wgDiffEngine (T237049) – This configuration can be used to specify which 2772 difference engine to use. MediaWiki continues to default to automatically 2773 choosing the first of $wgExternalDiffEngine, wikidiff2, or php that is 2774 usable. 2775* (T231866) SqlBlobStore no longer needs Language object. 2776* (T236735) WikiExporter: Remove unnecessary check for SCHEMA_COMPAT_WRITE_OLD 2777 flag. 2778* (T231673) Set MCR migration stage to SCHEMA_COMPAT_NEW. 2779* (T229601) Make sure DBLoadBalancerFactory service is not disabled. 2780* (T232866) Fix support for HTTP/2 in MultiHttpClient. 2781* (T231866) LocalisationCache: Don't instantiate ResourceLoader. 2782* (T227461) Stop calling deprecated Redis delete functions. 2783* (T239561) Mark options as requiring parameters in addSite.php. 2784* (T232866) Mimic CURLOPT_POST in GuzzleHttpRequest. 2785* (T239734) Replace deprecated lSize with lLen in Redis code. 2786* (T192134) SECURITY: Do not allow user scripts on Special:PasswordReset. 2787* (T239428) ApiEditPage: Test for bad redirect targets. 2788* (T233342) rdbms: Log debug message traces as 'exception.trace' instead of 2789 'trace'. 2790* (T226751) media: Log and fail gracefully on invalid EXIF coordinates. 2791* (T240924) NewPagesPager: Fix namespace query conditions. 2792* (T212067) Tests for an old PHP bug in parse_url. 2793 2794== MediaWiki 1.34.0-rc.1 == 2795 2796=== Changes since MediaWiki 1.34.0-rc.0 === 2797* (T231742) rdbms: Restore debug toolbar "Queries" feature. 2798* (T231366) The ProfilerOutputDb class, 'profiling' table, and profileinfo.php 2799 entry point had been deprecated. 2800* (T234361) localisation: Add debug message for backend of MessageCache. 2801* (T234361) session: Add debug message for the used store class. 2802* (T235559) Fix example Kask configuration in RESTBagOStuff class comment. 2803* (T235137) Don't apply styling for Special:Contributions on other pages. 2804* Upgrade mediawiki-codesniffer from 26.0.0 to 28.0.0 (dev-only). 2805* (T219604) The "jquery.ui.*" and "jquery.effects.*" modules are now 2806 deprecated as aliases for the "jquery.ui" module. 2807* (T235392) Deprecate setting Parser::mTitle to null. 2808* Supporting commits for T235392 were also backported to prevent divergence 2809 from master (MediaWiki 1.35). 2810* (T234581) The 'jquery.tabIndex' module is deprecated. 2811* Fix docs for GetUserBlock hooks. 2812* Parser: Hard deprecate getConverterLanguage. 2813* (T236810) A number of public methods of Parser were exposed only for 2814 historical reasons and have been deprecated: doMagicLinks, 2815 doDoubleUnderscore, doHeadings, doAllQuotes, replaceExternalLinks, 2816 replaceInternalLinks, replaceInternalLinks2, getVariableValue, 2817 initialiseVariables, formatHeadings, testPst, testPreprocess, testSrvus, 2818 areSubpagesAllowed, maybeDoSubpageLink, splitWhitespace, createAssocArgs, 2819 armorLinks, makeKnownLinkHolder, getImageParams, parseLinkParameter, 2820 stripAltText, replaceLinkHolders, replaceLinkHoldersText, armorLinks, 2821 makeKnownLinkHolder, getImageParams, parseLinkParameter, stripAltText. 2822* (T30798) $wgServer must now always be set in LocalSettings.php. This is most 2823 likely the case already for any wiki installed after 1.18. The autodetection 2824 system was informally deprecated since 1.18 and vulnerable to cache poisoning 2825 attacks. Older wikis may need to update their LocalSettings.php file. 2826* (T232169) Hard deprecate $wgSysopEmailBans. 2827* (T236628) Fix for ArticleRevisionViewCustom hook in DifferenceEngine.php. 2828* (T181658) Do not insert page titles into querycache.qc_value. 2829* ParamValidator has been flagged as unstable. 2830* Hard deprecate Parser::disableCache(). 2831 2832== MediaWiki 1.34.0-rc.0 == 2833 2834== Upgrading notes for 1.34 == 28351.34 has several database changes since 1.33, and will not work without schema 2836updates. Note that due to changes to some very large tables like the revision 2837table, the schema update may take quite long (minutes on a medium sized site, 2838many hours on a large site). 2839 2840Don't forget to always back up your database before upgrading! 2841 2842See the file UPGRADE for more detailed upgrade instructions, including 2843important information when upgrading from versions prior to 1.11. 2844 2845Some specific notes for MediaWiki 1.34 upgrades are below: 2846 2847* MediaWiki now requires PHP 7.2.9 or above. 2848* MediaWiki no longer supports HHVM. 2849 2850For notes on 1.33.x and older releases, see HISTORY. 2851 2852=== Configuration changes for system administrators in 1.34 === 2853 2854In an effort to enforce best practices for passwords, MediaWiki will now warn 2855users, and suggest that they change their password, if it is in the list of 2856100,000 commonly used passwords that are considered bad passwords. If you want 2857to disable this for your users, please add the following to your local settings: 2858 2859$wgPasswordPolicy['policies']['default']['PasswordNotInLargeBlacklist'] = false; 2860 2861==== New configuration ==== 2862* $wgAllowExternalReqID (T201409) - This configuration setting controls whether 2863 Mediawiki accepts the request ID set by the incoming request via the 2864 `X-Request-Id` header. If set to `true`, that value will be used throughout 2865 the code as the request identificator. Otherwise, the sent header will be 2866 ignored and the request ID will either be taken from Apache's mod_unique 2867 module or will be generated by Mediawiki itself (depending on the set-up). 2868* $wgEnableSpecialMute (T218265) - This configuration controls whether 2869 Special:Mute is available and whether to include a link to it on emails 2870 originating from Special:Email. 2871* editmyuserjsredirect user right – users without this right now cannot edit JS 2872 redirects in their userspace unless the target of the redirect is also in 2873 their userspace. By default, this right is given to everyone. 2874* (T226733) Add rate limiter to Special:ConfirmEmail. 2875* $wgDiffEngine (T237049) – This configuration can be used to specify which 2876 difference engine to use. MediaWiki continues to default to automatically 2877 choosing the first of $wgExternalDiffEngine, wikidiff2, or php that is 2878 usable. 2879 2880==== Changed configuration ==== 2881* $wgUseCdn, $wgCdnServers, $wgCdnServersNoPurge, and $wgCdnMaxAge – These four 2882 CDN-related config variables have been renamed from being specific to Squid – 2883 they were previously $wgUseSquid, $wgSquidServers, $wgSquidServersNoPurge, and 2884 $wgSquidMaxage respectively. This aligns them with the related existing 2885 variable $wgCdnMaxageLagged. The previous configuration variable names are 2886 deprecated, but will be used as the fall back if they are still set. 2887 Note that wgSquidPurgeUseHostHeader has not been renamed, as it is deprecated. 2888* (T27707) File type checks for image uploads have been relaxed to allow files 2889 containing some HTML markup in metadata. As a result, the $wgAllowTitlesInSVG 2890 setting is no longer applied and is now always true. Note that MSIE 7 may 2891 still be able to misinterpret certain malformed PNG files as HTML. 2892* (T30798) $wgServer must now always be set in LocalSettings.php. This is most 2893 likely the case already for any wiki installed after 1.18. The autodetection 2894 system was informally deprecated since 1.18 and vulnerable to cache poisoning 2895 attacks. Older wikis may need to update their LocalSettings.php file. 2896* Introduced $wgVerifyMimeTypeIE to allow disabling the MSIE 6/7 file type 2897 detection heuristic on upload, which is more conservative than the checks 2898 that were changed above. 2899* $wgExternalDiffEngine — Setting this to a string value of 'wikidiff', 2900 'wikidiff2', or 'wikidiff3' will no longer work. This legacy behaviour was 2901 deprecated in MediaWiki 1.27, 1.32, and 1.27, respectively. 2902* $wgSkipSkin — Setting this instead of $wgSkipSkins, deprecated in 1.23, is now 2903 hard-deprecated. 2904* $wgLocalInterwiki — Setting this instead of $wgLocalInterwikis, deprecated in 2905 1.23, is now hard-deprecated. 2906* $wgProfileOnly — Setting this, deprecated in 1.23, is now hard-deprecated. 2907 Instead, set the log file in $wgDebugLogGroups['profileoutput']. 2908* $wgProxyList — Setting this to an array with IP addresses in the array keys, 2909 which was deprecated in 1.30, no longer works. Instead, $wgProxyList should be 2910 an array with IP addresses as the values, or a string path to a file 2911 containing one IP address per line. 2912* $wgCookieSetOnAutoblock and $wgCookieSetOnIpBlock are now enabled by default. 2913 2914==== Removed configuration ==== 2915* $wgWikiDiff2MovedParagraphDetectionCutoff — If you still want a custom change 2916 size threshold, please specify in php.ini, using the configuration variable 2917 wikidiff2.moved_paragraph_detection_cutoff. 2918* $wgUseESI - This experimental setting, deprecated in 1.33, is now removed. 2919* $wgDebugPrintHttpHeaders - The default of including HTTP headers in the 2920 debug log channel is no longer configurable. The debug log itself remains 2921 configurable via $wgDebugLogFile. 2922* $wgMsgCacheExpiry - The MessageCache uses 24 hours as the expiry for values 2923 stored in WANObjectCache. This is no longer configurable. 2924* $wgPasswordSalt – This setting, used for migrating exceptionally old, insecure 2925 password setups and deprecated since 1.24, is now removed. 2926* $wgDBOracleDRCP - If you must use persistent connections, set DBO_PERSISTENT 2927 in the 'flags' field for servers in $wgDBServers (or $wgLBFactoryConf). 2928* $wgMemCachedDebug - Set the cache "debug" field in $wgObjectCaches instead. 2929* $wgActorTableSchemaMigrationStage has been removed. Extension code for 2930 MediaWiki 1.31+ finding it unset should treat it as being SCHEMA_COMPAT_NEW. 2931 2932=== New user-facing features in 1.34 === 2933* Special:Mute has been added as a quick way for users to block unwanted emails 2934 from other users originating from Special:EmailUser. 2935* (T207577) Special:NewSection has been created as a shortcut to creating a new 2936 section on a page. When linked to, its subpage is used as the target 2937 ([[Special:NewSection/Test]] redirects to creating a new section in "Test"). 2938 Otherwise, it displays a basic interface to allow the end user to specify 2939 the target manually. 2940* (T220447) Special:Contributions/newbies has been removed for performance and 2941 usefulness reasons. Use Special:RecentChanges?userExpLevel=newcomer instead. 2942* Special:NewFiles/newbies has been removed for performance and usefulness 2943 reasons. Use Special:RecentChanges?userExpLevel=newcomer&namespace=6 instead. 2944 2945=== New developer features in 1.34 === 2946* The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification 2947 of headers in private wikis. 2948* Language::formatTimePeriod now supports the new 'avoidhours' option to output 2949 strings like "5 days ago" instead of "5 days 13 hours ago". 2950* (T220163) Added SpecialMuteModifyFormFields hook to allow extensions 2951 to add fields to Special:Mute. 2952* (T100896) Skin authors can define custom OOUI themes using OOUIThemePaths. 2953 See <https://www.mediawiki.org/wiki/OOUI/Themes> for details. 2954* (T229035) The GetUserBlock hook was added. Use this instead of 2955 GetBlockedStatus. 2956* ObjectFactory is available as a service. When used as a service, the object 2957 specs can now specify needed DI services. 2958* (T222388) Special pages can now be specified as an ObjectFactory spec, 2959 allowing the construction of special pages that require services to be 2960 injected in their constructor. 2961* (T222388) API modules can now be specified as an ObjectFactory spec, 2962 allowing the construction of modules that require services to be injected 2963 in their constructor. 2964* (T117736) The function signature of SpecialContributions::getForm::filters 2965 has changed. It now expects definitions of additional filter fields as array 2966 rather than string. 2967 2968=== External library changes in 1.34 === 2969 2970==== Changed external libraries ==== 2971* Updated Mustache from 1.0.0 to v3.0.1. 2972* Updated OOUI from v0.31.3 to v0.34.0. 2973* Updated OOjs from v2.2.2 to v3.0.0. 2974* Updated composer/semver from 1.4.2 to 1.5.0. 2975* Updated composer/spdx-licenses from 1.4.0 to 1.5.1 (dev-only). 2976* Updated mediawiki/codesniffer from 25.0.0 to 28.0.0 (dev-only). 2977* Updated cssjanus/cssjanus from 1.2.1 to 1.3.0. 2978* Updated wikimedia/at-ease from 1.2.0 to 2.0.0. 2979* Updated wikimedia/remex-html from 2.0.1 to 2.1.0. 2980* Updated monolog/monolog from 1.22.1 to 1.24.0 (dev-only). 2981* Updated wikimedia/object-factory from 1.0.0 to 2.1.0. 2982* Updated wikimedia/timestamp from 2.2.0 to 3.0.0. 2983* Updated wikimedia/xmp-reader from 0.6.2 to 0.6.3. 2984* Updated mediawiki/mediawiki-phan-config from 0.6.0 to 0.6.1 (dev-only). 2985* Updated wikimedia/avro from 1.8.0 to 1.9.0 (dev-only). 2986 2987==== Removed external libraries ==== 2988* The jquery.async module, deprecated in 1.33, was removed. 2989 2990=== Bug fixes in 1.34 === 2991* (T222529) If a log entry or page revision is recorded in the database with an 2992 empty username, attempting to display it will log an error and return a "no 2993 username available" to the user instead of silently displaying nothing or 2994 invalid links. 2995 2996=== Action API changes in 1.34 === 2997* The 'recenteditcount' response property from action=query list=allusers, 2998 deprecated in 1.25, has been removed. 2999* (T60993) action=query list=filearchive, list=alldeletedrevisions and 3000 prop=deletedrevisions no longer require the 'deletedhistory' user right. 3001* In the response to queries that use 'prop=imageinfo', entries for 3002 non-existing files (indicated by the 'filemissing' field) now omit the 3003 following fields, since they are meaningless in this context: 3004 'timestamp', 'userhidden', 'user', 'userid', 'anon', 'size', 'width', 3005 'height', 'pagecount', 'duration', 'commenthidden', 'parsedcomment', 3006 'comment', 'thumburl', 'thumbwidth', 'thumbheight', 'thumbmime', 3007 'thumberror', 'url', 'sha1', 'metadata', 'extmetadata', 'commonmetadata', 3008 'mime', 'mediadtype', 'bitdepth'. 3009 Clients that process these fields should first check if 'filemissing' is 3010 set. Fields that are supported even if the file is missing include: 3011 'canonicaltitle', 'archivename' (deleted files only), 'descriptionurl', 3012 'descriptionshorturl'. 3013* The 'blockexpiry' result property in list=users and list=allusers will now be 3014 returned in the same format used by the rest of the API: ISO 8601 for 3015 expiring blocks, and "infinite" for non-expiring blocks. 3016 3017=== Action API internal changes in 1.34 === 3018* The exception thrown in ApiModuleManager::getModule has been changed 3019 from an MWException to an UnexpectedValueException, thrown by ObjectFactory. 3020 ApiModuleManager::getModule now also throws InvalidArgumentExceptions when 3021 ObjectFactory is presented with an invalid spec or incorrectly constructed 3022 objects. 3023* Added ApiQueryBlockInfoTrait. 3024 3025=== Languages updated in 1.34 === 3026MediaWiki supports over 350 languages. Many localisations are updated regularly. 3027Below only new and removed languages are listed, as well as changes to languages 3028because of Phabricator reports. 3029 3030* (T152908) Added language support for N'Ko (nqo). 3031 3032=== Breaking changes in 1.34 === 3033* The global functions wfSuppressWarnings and wfRestoreWarnings, deprecated in 3034 1.26, have been removed. Use Wikimedia\AtEase\AtEase::suppressWarnings() and 3035 Wikimedia\AtEase\AtEase::restoreWarnings() directly. 3036* Preferences class, deprecated in 1.31, has been removed. 3037* The following parts of code, deprecated in 1.32, were removed in favor of 3038 built-in PHP functions: 3039 * CryptRand class 3040 * CryptRand service 3041 * Functions of the MWCryptRand class: singleton(), wasStrong() and generate(). 3042* Various Special Page PHP Classes were renamed (mostly casing changes): 3043 * SpecialAncientpages => SpecialAncientPages 3044 * SpecialConfirmemail => SpecialConfirmEmail 3045 * SpecialDeadendpages => SpecialDeadendPages 3046 * SpecialFewestrevisions => SpecialFewestRevisions 3047 * SpecialListredirects => SpecialListRedirects 3048 * SpecialLonelypages => SpecialLonelyPages 3049 * SpecialLongpages => SpecialLongPages 3050 * SpecialMIMEsearch => SpecialMIMESearch 3051 * SpecialMostcategories => SpecialMostCategories 3052 * SpecialMostinterwikis => SpecialMostInterwikis 3053 * SpecialMostlinked => SpecialMostLinked 3054 * SpecialMostlinkedcategories => SpecialMostLinkedCategories 3055 * SpecialMostlinkedtemplates => SpecialMostLinkedTemplates 3056 * SpecialMostrevisions => SpecialMostRevisions 3057 * SpecialNewimages => SpecialNewFiles 3058 * SpecialShortpages => SpecialShortPages 3059 * SpecialUncategorizedcategories => SpecialUncategorizedCategories 3060 * SpecialUncategorizedimages => SpecialUncategorizedImages 3061 * SpecialUncategorizedpages => SpecialUncategorizedPages 3062 * SpecialUncategorizedtemplates => SpecialUncategorizedTemplates 3063 * SpecialUnusedcategories => SpecialUnusedCategories 3064 * SpecialUnusedimages => SpecialUnusedImages 3065 * SpecialUnusedtemplates => SpecialUnusedTemplates 3066 * SpecialUnwatchedpages => SpecialUnwatchedPages 3067 * SpecialWantedcategories => SpecialWantedCategories 3068 * SpecialWantedtemplates => SpecialWantedTemplates 3069 * SpecialWithoutinterwiki => SpecialWithoutInterwiki 3070* Language::setCode, deprecated in 1.32, was removed. Use Language::factory to 3071 create a new Language object with a different language code. 3072* MWNamespace::clearCaches() has been removed. So has the $rebuild parameter 3073 to MWNamespace::getCanonicalNamespaces(), which was deprecated since 1.31. 3074 Instead, reset services, such as by calling $this->overrideMwServices() (if 3075 your test extends MediaWikiTestCase). Services will generally not pick up 3076 configuration changes from after they were created, so you must reset 3077 services after any configuration change. Even if your code works now, it is 3078 likely to break in future versions as more code is moved to services. 3079* The ill-defined "DatabaseOraclePostInit" hook has been removed. 3080* PreferencesFormLegacy and PreferencesForm classes, deprecated in 1.32, have 3081 been removed. 3082* ObjectFactory class, deprecated in 1.31, has been removed. 3083* HWLDFWordAccumudlator class, deprecated in 1.28, has been removed. 3084* XMPInfo, XMPReader and XMPValidate, deprecated in 1.32, have been removed. 3085* The RedirectSpecialPage::execute method could sometimes return a Title object. 3086 This behavior was removed, and the method now matches the parent signature 3087 (SpecialPage::execute) which is to return HTML string or void. 3088 To obtain the destination title, use RedirectSpecialPage::getRedirect. 3089* The 'recenteditcount' response property from action API action=query 3090 list=allusers, deprecated in 1.25, has been removed. 3091* SearchEngine::userNamespaces(), SearchEngine::namespacesAsText(), 3092 SearchEngine::create(), SearchEngine::getSearchTypes() and 3093 SearchEngine::getNearMatch(), methods deprecated in 1.27, have been removed. 3094* FileRepo::streamFile(), deprecated in 1.26, has been removed. 3095* User::randomPassword() method, deprecated in 1.27, have been removed. 3096* MWNamespace::canTalk(), deprecated in 1.30, have been removed. 3097* Parser class property $mUniqPrefix, deprecated in 1.26, has been removed. 3098* wfArrayFilter() and wfArrayFilterByKey(), deprecated in 1.32, have been 3099 removed. 3100* wfMakeUrlIndexes() function, deprecated in 1.33, have been removed. 3101* Method signatures in WatchedItemQueryServiceExtension have changed from taking 3102 User objects to taking UserIdentity objects. Extensions implementing this 3103 interface need to be changed accordingly. 3104* User::getGroupPage() and ::makeGroupLinkHTML(), deprecated in 1.29, have been 3105 removed. Use UserGroupMembership::getGroupPage and ::getLink instead. 3106* User::makeGroupLinkWiki(), deprecated in 1.29, has been removed. Use 3107 UserGroupMembership::getLink() instead. 3108* SavepointPostgres, deprecated in 1.31, has been removed. 3109* OutputPage::enableSectionEditLinks(), OutputPage::sectionEditLinksEnabled(), 3110 ParserOptions::getEditSection(), ParserOptions::setEditSection(), and 3111 ParserOutput::getEditSectionTokens, ::getTOCEnabled, ::setEditSectionTokens, 3112 and ::setTOCEnabled, deprecated in 1.31, have been removed. 3113* EditPage::safeUnicodeInput() and ::safeUnicodeOutput(), deprecated in 1.30, 3114 have been removed. 3115* Four methods in OutputPage, deprecated in 1.32, have been removed. You should 3116 use OutputPage::showFatalError or throw a FatalError instead. The methods are 3117 ::showFileCopyError(), ::showFileRenameError(), ::showFileDeleteError(), and 3118 ::showFileNotFoundError(). 3119* ApiBase::truncateArray(), deprecated in 1.32, has been removed. 3120* IcuCollation::getICUVersion(), deprecated in 1.32, has been removed. Use PHP's 3121 INTL_ICU_VERSION constant directly. 3122* HTMLForm::setSubmitProgressive(), deprecated in 1.32, has been removed. 3123* ResourceLoaderStartUpModules::getStartupModules() and ::getLegacyModules(), 3124 both deprecated in 1.32, have been removed. 3125* BaseTemplate::msgHtml() and QuickTemplate::msgHtml(), deprecated in 1.32, have 3126 been removed. Use ->msg() or ->getMsg() instead. 3127* WatchAction::getUnwatchToken(), deprecated in 1.32, has been removed. Instead, 3128 use WatchAction::getWatchToken() with action 'unwatch' directly. 3129* Language::initEncoding(), ::recodeForEdit(), and recodeInput(), deprecated in 3130 1.28, have been removed. 3131* PageArchive::getTextFromRow(), ::listAllPages(), and ::getLastRevisionText(), 3132 deprecated in 1.32, have been removed. 3133* OutputPage::getModuleScripts(), ParserOutput::getModuleScripts(), deprecated 3134 in 1.33, have been removed. 3135* User::getPasswordValidity(), deprecated in 1.33, has been removed. 3136* ApiQueryBase::prepareUrlQuerySearchString(), deprecated in 1.33, has been 3137 removed. 3138* ChangeTags::purgeTagUsageCache(), deprecated in 1.33, has been removed. 3139* JobQueueGroup::pushLazyJobs(), deprecated in 1.33, has been removed. 3140* MediaWikiTestCase::stashMwGlobals(), deprecated in 1.32, has been removed. 3141* SearchEngine::transformSearchTerm(), deprecated in 1.32, has been removed. 3142* The Block typehint only refers to blocks stored in the database. It should be 3143 updated to AbstractBlock in cases where any type of block could be expected. 3144* FileRepoStatus, deprecated in 1.25, has been removed. 3145* The LegacyHookPreAuthenticationProvider class, deprecated since its creation 3146 in 1.27, has been removed. 3147* IP::isValidBlock(), deprecated in 1.30, has been removed. 3148* WikiPage::prepareContentForEdit now doesn't accept an integer for $revision, 3149 was deprecated in 1.25. 3150* The jquery.byteLength module, deprecated in 1.31, was removed. 3151 Use the mediawiki.String module instead. 3152* mw.language.specialCharacters, deprecated in 1.33, has been removed. 3153 Use require( 'mediawiki.language.specialCharacters' ) instead. 3154* The jquery.colorUtil module was removed. Use jquery.color instead. 3155* The jquery.checkboxShiftClick module was removed. The functionality 3156 is provided by mediawiki.page.ready instead (T232688). 3157* The 'jquery.accessKeyLabel' module has been removed. This jQuery 3158 plugin now ships as part of the 'mediawiki.util' module bundle. 3159* EditPage::submit(), deprecated in 1.29, has been removed. Use $this->edit() 3160 directly. 3161* HTMLForm::getErrors(), deprecated in 1.28, has been removed. Use 3162 getErrorsOrWarnings() instead. 3163* SpecialPage::getTitle(), deprecated in 1.23, has been removed. Use 3164 SpecialPage::getPageTitle() instead. 3165* jquery.ui.effect-bounce, jquery.ui.effect-explode, jquery.ui.effect-fold 3166 jquery.ui.effect-pulsate, jquery.ui.effect-slide, jquery.ui.effect-transfer, 3167 which are no longer used, have now been removed. 3168* SpecialEmailUser::validateTarget(), ::getTarget() without a sender/user 3169 specified, deprecated in 1.30, have been removed. 3170* BufferingStatsdDataFactory::getBuffer(), deprecated in 1.30, has been removed. 3171* The constant DB_SLAVE, deprecated in 1.28, has been removed. Use DB_REPLICA. 3172* The constants NS_IMAGE and NS_IMAGE_TALK, deprecated in 1.14, have been 3173 removed. Use NS_FILE and NS_FILE_TALK respectively. 3174* Replacer, DoubleReplacer, HashtableReplacer and RegexlikeReplacer 3175 (deprecated in 1.32) have been removed. Closures should be used instead. 3176* OutputPage::addWikiText(), ::addWikiTextWithTitle(), ::addWikiTextTitleTidy(), 3177 ::addWikiTextTidy(), ::addWikiTextTitle(), deprecated in 1.32, have been 3178 removed. 3179* The $wgUseKeyHeader configuration option and the OutputPage::getKeyHeader() 3180 method, deprecated in 1.32, have been removed. 3181* WebInstallerOutput::addWikiText(), deprecated in 1.32, has been removed. 3182* Parser::fetchFile(), deprecated in 1.32, has been removed. Use the method 3183 Parser::fetchFileAndTitle() instead. 3184* The global function wfBCP47, deprecated in 1.31, has been removed. 3185* wfCountDown() function, deprecated in 1.31, has been removed. Use 3186 \Maintenance::countDown() method instead. 3187* OutputPage::wrapWikiMsg() no longer accepts an options parameter. This was 3188 deprecated since 1.20. 3189* Skin::outputPage() no longer accepts a context. This was deprecated in 1.20. 3190* Linker::link() no longer accepts a string for the query array, as was 3191 deprecated in 1.20. 3192* PrefixSearch::titleSearch(), deprecated in 1.23, has been removed. Use the 3193 SearchEngine::defaultPrefixSearch or ::completionSearch() methods instead. 3194* The UserRights hook, deprecated in 1.26, has been removed. Instead, use the 3195 UserGroupsChanged hook. 3196* Skin::getDefaultInstance(), deprecated in 1.27, has been removed. Get the 3197 instance from MediaWikiServices instead. 3198* The UserLoadFromSession hook, deprecated in 1.27, has been removed. 3199* The wfResetSessionID global function, deprecated in 1.27, has been removed. 3200 Use MediaWiki\Session\SessionManager instead. 3201* The wfGetLBFactory global function, deprecated in 1.27, has been removed. 3202 Use MediaWikiServices::getInstance()->getDBLoadBalancerFactory(). 3203* The internal method OutputPage->addScriptFile() will no longer silently drop 3204 calls that use an invalid path (i.e., something other than an absolute path, 3205 protocol-relative URL, or full scheme URL), and will instead pass them to the 3206 client where they will likely 404. This usage was deprecated in 1.24. 3207* Database::reportConnectionError, deprecated in 1.32, has been removed. 3208* APIEditBeforeSave hook, deprecated in 1.28, has been removed. Please see 3209 EditFilterMergedContent hook for an alternative way to use this feature. 3210* API module methods getDescription(), getParamDescription(), & getExamples(), 3211 all deprecated in 1.25 and ignored, have been removed. 3212* The API module method getDescriptionMessage(), deprecated in 1.30, has been 3213 removed. 3214* The JavaScript global variable wgLoadScript has been removed. Use 3215 mw.util.wikiScript( 'load' ) instead. 3216* ResourceLoader no longer creates the 'mw.legacy' placeholder object. It has 3217 been unused since 1.16 and was deprecated in 1.22. To deprecate a property 3218 in JavaScript, use mw.log.deprecate() instead. 3219* The 'user.groups' module, deprecated in 1.28, was removed. 3220 Use the 'user' module instead. 3221* The ResourceLoaderContext::expandModuleNames method, deprecated in 1.33, was 3222 removed. Use ResourceLoader::expandModuleNames instead. 3223* The ability to override User::$mRights has been removed. Use 3224 PermissionManager::addTemporaryUserRights() instead. 3225* Previously, when iterating ResultWrapper with foreach() or a similar 3226 construct, the range of the index was 1..numRows. This has been fixed to be 3227 0..(numRows-1). 3228* The ChangePasswordForm hook, deprecated in 1.27, has been removed. Use the 3229 AuthChangeFormFields hook or security levels instead. 3230* WikiMap::getWikiIdFromDomain(), deprecated in 1.33, has been removed. 3231 Use WikiMap::getWikiIdFromDbDomain() instead. 3232* The config variables $wgHtml5, $wgJsMimeType, and $wgXhtmlDefaultNamespace, 3233 which were deprecated and ignored by core since 1.22, are no longer set to any 3234 value, and SkinTemplate no longer emits a 'jsmimetype' key. Any extensions not 3235 updated since 2013 to cope with this deprecation may now break. 3236* (T222637) Passing ResourceLoaderModule objects to ResourceLoader::register() 3237 or $wgResourceModules is no longer supported. 3238 Use the 'class' or 'factory' option of the array format instead. 3239* The parameter $lang of the functions generateTOC and tocList in Linker and 3240 DummyLinker must be in type Language when present. Other types are 3241 deprecated since 1.33. 3242* The static properties mw.Api.errors and mw.Api.warnings, deprecated in 1.29, 3243 have been removed. 3244* ParserOption::getSpeculativeRevIdCallback(), deprecated in 1.28, has been 3245 removed. 3246* The UploadVerification hook, deprecated in 1.28, has been removed. Instead, 3247 use the UploadVerifyFile hook. 3248* UploadBase:: and UploadFromChunks::stashFileGetKey() and stashSession(), 3249 deprecated in 1.28, have been removed. Instead, please use the getFileKey() 3250 method on the response from doStashFile(). 3251* LBFactory::setDomainPrefix() and LoadBalancer::setDomainPrefix(), deprecated 3252 in 1.33, have been removed. Use setLocalDomainPrefix() instead. 3253* IDatabase::implicitGroupby(), deprecated in 1.30, has been removed. 3254* IDatabase::doneWrites(), deprecated in 1.31, has been removed. 3255 Use IDatabase::lastDoneWrites() instead. 3256* Database::reportConnectionError(), deprecated in 1.32, has been removed. 3257* LoadBalancer::laggedSlaveUsed(), deprecated in 1.28, has been removed. 3258 Use LoadBalancer::laggedReplicaUsed() instead. 3259* Database::getProperty(), deprecated in 1.28, has been removed. 3260* IDatabase::getWikiId(), deprecated in 1.30, has been removed. 3261 Use IDatabase::getDomainID() instead. 3262* (T191231) Support for using Oracle or MSSQL as database backends has been 3263 dropped. 3264* MessageCache::destroyInstance() has been removed. Instead, call 3265 MediaWikiTestCase::resetServices(). 3266* SearchResult protected field $searchEngine is removed and no longer 3267 initialized after calling SearchResult::initFromTitle(). 3268* The UserIsBlockedFrom hook is only called if a block is found first, and 3269 should only be used to unblock a blocked user. 3270* Parameters for index.php from PATH_INFO, such as the title, are no longer 3271 written to $_GET. 3272* The selectFields() methods on classes LocalFile, ArchivedFile, OldLocalFile, 3273 DatabaseBlock, and RecentChange, deprecated in 1.31, have been removed. Use 3274 the corresponding getQueryInfo() methods instead. 3275* The following methods on Revision, deprecated since 1.31, have been removed. 3276 Use RevisionStore::getQueryInfo() or RevisionStore::getArchiveQueryInfo() 3277 instead. 3278 * Revision::userJoinCond() 3279 * Revision::pageJoinCond() 3280 * Revision::selectFields() 3281 * Revision::selectArchiveFields() 3282 * Revision::selectTextFields() 3283 * Revision::selectPageFields() 3284 * Revision::selectUserFields() 3285* User::setNewpassword(), deprecated in 1.27 has been removed. 3286* The ObjectCache::getMainWANInstance and ObjectCache::getMainStashInstance 3287 functions, deprecated since 1.28, have been removed. 3288* Language::$dataCache has been removed (without prior deprecation, for 3289 practical reasons). Use MediaWikiServices instead to get a LocalisationCache. 3290 3291=== Deprecations in 1.34 === 3292* The MWNamespace class is deprecated. Use NamespaceInfo. 3293* ExtensionRegistry->load() is deprecated, as it breaks dependency checking. 3294 Instead, use ->queue(). 3295* User::isBlocked() is deprecated since it does not tell you if the user is 3296 blocked from editing a particular page. Use User::getBlock() or 3297 PermissionManager::isBlockedFrom() or PermissionManager::userCan() instead. 3298* User::isLocallyBlockedProxy and User::inDnsBlacklist are deprecated and moved 3299 to the BlockManager as private helper methods. 3300* User::isDnsBlacklisted is deprecated. Use BlockManager::isDnsBlacklisted 3301 instead. 3302* The Config argument to ChangesListSpecialPage::checkStructuredFilterUiEnabled 3303 is deprecated. Pass only the User argument. 3304* WatchedItem::getUser is deprecated. Use getUserIdentity. 3305* Passing a Title as the first parameter to the getTimestampById method of 3306 RevisionStore is deprecated. Omit it, passing only the remaining parameters. 3307* Title::getPreviousRevisionId and Title::getNextRevisionId are deprecated. Use 3308 RevisionLookup::getPreviousRevision and RevisionLookup::getNextRevision. 3309* The Title parameter to RevisionLookup::getPreviousRevision and 3310 RevisionLookup::getNextRevision is deprecated and should be omitted. 3311* MWHttpRequest::factory is deprecated. Use HttpRequestFactory. 3312* The Http class is deprecated. For the request, get, and post methods, use 3313 HttpRequestFactory. For isValidURI, use MWHttpRequest::isValidURI. For 3314 getProxy, use (string)$wgHTTPProxy. For createMultiClient, construct a 3315 MultiHttpClient directly. 3316* Http::$httpEngine is deprecated and has no replacement. The default 'guzzle' 3317 engine will eventually be made the only engine for HTTP requests. 3318* RepoGroup::singleton(), RepoGroup::destroySingleton(), 3319 RepoGroup::setSingleton(), wfFindFile(), and wfLocalFile() are all 3320 deprecated. Use MediaWikiServices instead. 3321* The getSubjectPage, getTalkPage, and getOtherPage of Title are deprecated. 3322 Use NamespaceInfo's getSubjectPage, getTalkPage, and getAssociatedPage. 3323* MWMessagePack class, no longer used, has been deprecated in 1.34. 3324* The Block class is separated into DatabaseBlock (for blocks stored in the 3325 database), and SystemBlock (for temporary blocks created by the system). 3326 SystemBlock should be used when creating any temporary blocks. Block is 3327 a deprecated alias for DatabaseBlock. 3328* Parser::$mConf is deprecated. It will be removed entirely in a later version. 3329 Some context can be found at T224165. 3330* Constructing Parser directly is deprecated. Obtain one from ParserFactory. 3331* Title::moveSubpages is deprecated. Use MovePage::moveSubpages or 3332 MovePage::moveSubpagesIfAllowed. 3333* The MWNamespace class is deprecated. Use MediaWikiServices::getNamespaceInfo. 3334* (T62260) Hard deprecate Language::getExtraUserToggles() method. 3335* Language::viewPrevNext function is deprecated, use 3336 PrevNextNavigationRenderer::buildPrevNextNavigation instead 3337* User::trackBlockWithCookie and DatabaseBlock::clearCookie are deprecated. Use 3338 BlockManager::trackBlockWithCookie and BlockManager::clearCookie instead. 3339* DatabaseBlock::setCookie, DatabaseBlock::getCookieValue, 3340 DatabaseBlock::getIdFromCookieValue and AbstractBlock::shouldTrackWithCookie 3341 are moved to internal helper methods for BlockManager::trackBlockWithCookie. 3342* ResourceLoaderContext::getConfig and ResourceLoaderContext::getLogger have 3343 been deprecated. Inside ResourceLoaderModule subclasses, use the local methods 3344 instead. Elsewhere, use the methods from the ResourceLoader class. 3345* The Profiler::setTemplated and Profiler::getTemplated methods have been 3346 deprecated. Use Profiler::setAllowOutput and Profiler::getAllowOutput 3347 instead. 3348* The ProfilerOutputDb class, 'profiling' table, and profileinfo.php entry 3349 point had been deprecated (T231366). 3350* The Preprocessor_DOM implementation has been deprecated. It will be 3351 removed in a future release. Use the Preprocessor_Hash implementation 3352 instead. 3353* Sanitizer::attributeWhitelist() and Sanitizer::setupAttributeWhitelist() 3354 have been deprecated; they will be made private in the future. 3355* SearchResult::termMatches() method is deprecated. It was unreliable because 3356 only populated by few search engine implementations. Use 3357 SqlSearchResult::getTermMatches() if really needed. 3358* SearchResult::getTextSnippet( $terms ) the $terms param is being deprecated 3359 and should no longer be passed. Search engine implemenations should be 3360 responsible for carrying relevant information needed for highlighting with 3361 their own SearchResultSet/SearchResult sub-classes. 3362* SearchResultSet::free() method is deprecated. 3363* SearchEngine::$searchTerms protected field is deprecated. Moved to 3364 SearchDatabase. 3365* The use of the $terms param in the ShowSearchHit and ShowSearchHitTitle 3366 hooks is highly discouraged as it's only populated by SearchDatabase search 3367 engines. 3368* Skin::escapeSearchLink() is deprecated. Use Skin::getSearchLink() or the skin 3369 template option 'searchaction' instead. 3370* Skin::getRevisionId() and Skin::isRevisionCurrent() have been deprecated. 3371 Use OutputPage::getRevisionId() and OutputPage::isRevisionCurrent() instead. 3372* LoadBalancer::haveIndex() and LoadBalancer::isNonZeroLoad() have 3373 been deprecated. 3374* FileBackend::getWikiId() has been deprecated. 3375 Use FileBackend::getDomainId() instead. 3376* User::getRights() and User::$mRights have been deprecated. Use 3377 PermissionManager::getUserPermissions() instead. 3378* The LocalisationCacheRecache hook no longer allows purging of message blobs 3379 to be prevented. Modifying the $purgeBlobs parameter now has no effect. 3380* SVGMetadataExtractor::getMetadata has been deprecated. Instead, you should 3381 use SVGReader->getMetadata() directly. 3382* The following public properties on AbstractBlock are deprecated: $mReason, 3383 $mTimestamp, $mExpiry, $mHideName. Use the getters/setters instead. 3384* The following public properties on DatabaseBlock are deprecated: $mAuto, 3385 $mParentBlockId. To check for an autoblock use DatabaseBlock::getType; to 3386 check for the parent ID, use DatabaseBlock::getParentBlockId. 3387* SearchEngine::userHighlightPrefs() is deprecated, simply stop passing 3388 $contextlines and $contextchars to the SearchHighlighter methods, they will 3389 use proper defaults defined in SearchHighlighter::DEFAULT_CONTEXT_LINES and 3390 DEFAULT_CONTEXT_CHARS. 3391* SearchUpdate constructor: passing a string as the title param and or a boolean 3392 or a string as the content will produce a deprecation warning. 3393* SearchEngine::getTextFromContent() is deprecated, use getTextForSearchIndex() 3394 directly from the Content object. 3395* SearchEngine::textAlreadyUpdatedForIndex() is deprecated, given the 3396 deprecation above this method is no longer needed/called and should not be 3397 implemented by SearchEngine implementation. 3398* IDatabase::bufferResults() has been deprecated. Use query batching instead. 3399* MessageCache::singleton() is deprecated. Use 3400 MediaWikiServices::getMessageCache(). 3401* ObjectCache::getWANInstance() is deprecated. Use 3402 MediaWikiServices::getMainWANObjectCache() instead. 3403* ObjectCache::newWANCacheFromParams() is deprecated. Use 3404 MediaWikiServices::getMainWANObjectCache() instead. 3405* Constructing MovePage directly is deprecated. Use MovePageFactory. 3406* TempFSFile::factory() has been deprecated. Use TempFSFileFactory instead. 3407* wfIsBadImage() is deprecated. Use the BadFileLookup service instead. 3408* Building a new SearchResult is hard-deprecated, always call 3409 SearchResult::newFromTitle(). This class is being refactored into an abstract 3410 class. If you extend this class please be sure to override all its methods 3411 or extend RevisionSearchResult. 3412* Skin::getSkinNameMessages() is deprecated and no longer used. 3413* The mediawiki.RegExp module is deprecated; use mw.util.escapeRegExp() instead. 3414* Specifying a SpecialPage object for the list of special pages (either through 3415 the SpecialPage_initList hook or by adding to $wgSpecialPages) is now 3416 deprecated. 3417* The 'jquery.tabIndex' module is deprecated. 3418* WebInstaller::getWarningBox() and getErrorBox() are deprecated. 3419 Use Html::errorBox() or Html::warningBox() instead. 3420* Use of ActorMigration with 'ar_user', 'img_user', 'oi_user', 'fa_user', 3421 'rc_user', 'log_user', and 'ipb_by' is deprecated. Queries should be adjusted 3422 to use the corresponding actor fields directly. Note that use with 3423 'rev_user' is *not* deprecated at this time. 3424* Specifying both the class and factory parameters for 3425 ApiModuleManager::addModule is now deprecated. The ObjectFactory spec should 3426 be used instead. 3427* The UserIsHidden hook is deprecated. Use GetUserBlock instead, and add a 3428 system block that hides the user. 3429* The GetBlockedStatus hook is deprecated. Use GetUserBlock instead, to add or 3430 remove a block. 3431* $wgContentHandlerUseDB is deprecated and should always be true. 3432* StreamFile::send404Message() and StreamFile::parseRange() are now deprecated. 3433 Use HTTPFileStreamer::send404Message() and HTTPFileStreamer::parseRange() 3434 respectively instead. 3435* Global variable $wgSysopEmailBans is deprecated; to allow sysops to ban 3436 users from sending emails, use 3437 $wgGroupPermissions['sysop']['blockemail'] = true; 3438* ApiQueryBase::showHiddenUsersAddBlockInfo() is deprecated. Use 3439 ApiQueryBlockInfoTrait instead. 3440* PasswordReset is now a service, its direct instantiation is deprecated. 3441* RESTBagOStuff users should specify either "JSON" or "PHP" serialization type. 3442* The global function wfIsHHVM() is deprecated and will now always return false 3443 regardless of the runtime environment. This is part of the continuing work to 3444 remove HHVM support from MediaWiki, which started in MediaWiki 1.31. 3445* Language::getLocalisationCache() is deprecated. Use MediaWikiServices 3446 instead. 3447* The following Language methods are deprecated: isSupportedLanguage, 3448 isValidCode, isValidBuiltInCode, isKnownLanguageTag, fetchLanguageNames, 3449 fetchLanguageName, getFileName, getMessagesFileName, getJsonMessagesFileName. 3450 Use the new LanguageNameUtils class instead. (Note that fetchLanguageName(s) 3451 are called getLanguageName(s) in the new class.) 3452* Using the Parser without initializing its $mTitle property to non-null has 3453 been deprecated. In a future release Parser::getTitle() will throw a 3454 TypeError if $mTitle is uninitialized. 3455* A number of public methods of Parser were exposed only for historical 3456 reasons and have been deprecated: doMagicLinks, doDoubleUnderscore, 3457 doHeadings, doAllQuotes, replaceExternalLinks, replaceInternalLinks, 3458 replaceInternalLinks2, getVariableValue, initialiseVariables, formatHeadings, 3459 testPst, testPreprocess, testSrvus, areSubpagesAllowed, maybeDoSubpageLink, 3460 splitWhitespace, createAssocArgs, armorLinks, makeKnownLinkHolder, 3461 getImageParams, parseLinkParameter, stripAltText, replaceLinkHolders, 3462 replaceLinkHoldersText, armorLinks, makeKnownLinkHolder, getImageParams, 3463 parseLinkParameter, stripAltText. 3464 3465=== Other changes in 1.34 === 3466* Added option to specify "Various authors" as author in extension credits using 3467 "..." as the only author name. If the "author" array contains more than one 3468 entry and "..." is one of the entries in the array, "..." will be parsed as 3469 "others" (version-poweredby-others i18n message) like previously. 3470* (T232563) Browser support ("Grade C") for Internet Explorer 6 and 7 3471 was discontinued. Basic content and security features may no longer 3472 work correctly in these browsers. 3473 3474= MediaWiki 1.33 = 3475 3476== MediaWiki 1.33.4 == 3477 3478This is a security and maintenance release of the MediaWiki 1.33 branch. 3479 3480=== Changes since MediaWiki 1.33.3 === 3481* (T247017) PasswordReset performance improvements. 3482* The MultiHttpClient code will fallover to non-curl if curl_multi* is blocked. 3483* (T250568) Work around change in SimpleXMLElement behavior introduced in PHP 3484 7.3.17. 3485* Remove some rotten and out of date documentation. 3486* (T252311) Improvements to some older SQLite update patches. 3487* (T240307) Minor fixes to extension.schema.v2.json and 3488 extension.schema.v1.json. 3489* rdbms: Add callback for atomic section cancellation. 3490* (T191668) NameTableStoreTest::getCallCheckingDb simplification. 3491* Make NameTableStore use LoadBalancer::getConnectionRef(). 3492* (T224949) NameTableStore: ensure consistency upon rollback. 3493* (T199474) Set rc_patrolled to 2 for autopatrolled changes in 3494 rebuildrecentchanges.php. 3495* (T229461) Update the change_tag table in rebuildrecentchanges.php. 3496* (T234450) Per-user concurrency in SpecialContributions can now be limited by 3497 setting $wgPoolCounterConf['SpecialContributions'] appropriately. 3498* (T248947) SECURITY: img_auth.php may leak private extension images into the 3499 public cache. 3500 3501== MediaWiki 1.33.3 == 3502 3503This is a security and maintenance release of the MediaWiki 1.33 branch. 3504 3505=== Changes since MediaWiki 1.33.2 === 3506* (T245072) mediawiki.language: Rename languageData back to languageNames. 3507* Use proper SemVer comparison in CheckComposerLockUpToDate. 3508* (T212738) Add the MW_VERSION constant, global $wgVersion is soft deprecated. 3509* Update comment about PHP versions supported by The PHP Group. 3510* (T247215) Fix output of RecountCategories::doWork(). 3511* Add check for page existence to view.php maintenance script. 3512* (T236509) SECURITY: Fix HTML escaping in UserGroupMembership::getLink(). 3513* (T246602) SECURITY: jquery.makeCollapsible allows applying event handler to 3514 any CSS selector. 3515 3516== MediaWiki 1.33.2 == 3517 3518This is a security and maintenance release of the MediaWiki 1.33 branch. 3519 3520=== Changes since MediaWiki 1.33.1 === 3521* (T217831) (T200653) PopulateContentTables: compute sha1 and length if needed. 3522* Fix extra newlines in the installer. 3523* (T236628) Fix for ArticleRevisionViewCustom hook in DifferenceEngine.php. 3524* (T181658) Do not insert page titles into querycache.qc_value. 3525* (T206013) Suppress errors when reading invalid XML file properties. 3526* (T237931) Remove references to pg_attrdef.adsrc in Postgres code. 3527* Use correct value for 'sslmode' in DatabasePostgres. 3528* (T232866) Fix support for HTTP/2 in MultiHttpClient. 3529* (T227461) Stop calling deprecated Redis delete functions. 3530* (T239561) Mark options as requiring parameters in addSite.php. 3531* (T219440) Skip flaky rollback test. 3532* (T232866) Mimic CURLOPT_POST in GuzzleHttpRequest. 3533* (T239734) Replace deprecated lSize with lLen in Redis code. 3534* (T192134) SECURITY: Do not allow user scripts on Special:PasswordReset. 3535* (T239428) ApiEditPage: Test for bad redirect targets. 3536* (T233342) rdbms: Log debug message traces as 'exception.trace' instead of 3537 'trace'. 3538* (T226751) media: Log and fail gracefully on invalid EXIF coordinates. 3539* (T212067) SECURITY: Work around PHP bug in parse_url. 3540 3541== MediaWiki 1.33.1 == 3542 3543This is a security and maintenance release of the MediaWiki 1.33 branch. 3544 3545=== Changes since MediaWiki 1.33.0 === 3546* A change that kept people with a database table prefix that didn't 3547 end with an underscore from updating was reverted. 3548* (T207100) Updated LanguageTr for dotted and dotless I in PHP 7.3. 3549* The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification 3550 of headers in private wikis. 3551* (T230317) Allow upgrading from MediaWiki before 1.15 where the valid_tag table 3552 doesn't yet exist. 3553* (T208897) MessageCache: Restore 'loadedLanguages' tracking for load(). 3554* (T228555) MessageCache: Fix isMainCacheable() logic for non-content languages. 3555* (T200088) Remove title protection correctly for undeletions and imports. 3556* (T230402) SECURITY: Add permission check for suppressed account to 3557 Special:Redirect. 3558* Add helper for HTTPFileStreamer header syntax. 3559* (T227461) ObjectCache: avoid using deprecated phpredis::delete() alias. 3560* (T231386) SpecialRedirect::dispatchUser() should use a 302 http status code. 3561* (T118799) Fix XMP parser errors due to trailing nullchar. 3562* (T230618) Fix GROUP BY in ActiveUsersPager and RecentChangesUpdateJob for 3563 PostgreSQL. 3564* (T230487) Handle changed defaults in Argon2PasswordTest::testPartialConfig(). 3565* (T233119) Improve documentation for the MinimumPasswordLengthToLogin policy. 3566* (T227662) Split down patch-comment-table.sql and patch-actor-table.sql into 3567 separate files to help allieviate potential migration problems. 3568 3569=== Upgrading notes for 1.33 === 35701.33 has several database changes since 1.32, and will not work without schema 3571updates. Note that due to changes to some very large tables like the revision 3572table, the schema update may take quite long (minutes on a medium sized site, 3573many hours on a large site). 3574 3575Don't forget to always back up your database before upgrading! 3576 3577See the file UPGRADE for more detailed upgrade instructions, including 3578important information when upgrading from versions prior to 1.11. 3579 3580Some specific notes for MediaWiki 1.33 upgrades are below: 3581 3582* Some external link searches will not work correctly until update.php (or 3583 refreshExternallinksIndex.php) is run. These include searches for links using 3584 IP addresses, internationalized domain names, and possibly mailto links. 3585* If you ran migrateActors.php using an older version of MediaWiki and want to 3586 run your wiki with $wgActorTableSchemaMigrationStage SCHEMA_COMPAT_READ_OLD, 3587 note that log_search rows needed to find revision deletions by target user 3588 were incorrectly deleted. See T215464 for details. 3589* If revision deletions were performed when the wiki was configured with 3590 $wgActorTableSchemaMigrationStage SCHEMA_COMPAT_WRITE_BOTH and without 3591 migrateActors.php having been run, the log_search table may contain rows with 3592 empty values for "target_author_actor" which will prevent log searches for 3593 revision deletions by target user from finding those log entries. These rows 3594 may be corrected by (re-)running migrateActors.php. 3595 3596For notes on 1.32.x and older releases, see HISTORY. 3597 3598== MediaWiki 1.33.0 == 3599 3600=== Changes since MediaWiki 1.33.0-rc.0 === 3601* (T225558) Update installer link to PHP intl. 3602* (T225901) Only attempt to deduplicate if there is data in archive and revision 3603 tables. 3604* (T225564) Fetch tag ID before calling undefineTag(). 3605* (T225496) Detect APC for MainCacheType in CLI installer. 3606* Call unpack() with correct parameters in MimeAnalyzer.php for PHP 7.0 support. 3607* (T212613) Style change tags correctly on Special:Newpages. 3608* (T202211) Fix SQLite patch-(page|template)links-fix-pk.sql column order. 3609 3610== MediaWiki 1.33.0-rc.0 == 3611 3612=== Configuration changes for system administrators in 1.33 === 3613==== New configuration ==== 3614* $wgEnablePartialBlocks – This enables the Partial Blocks feature, which gives 3615 accounts with block permissions the ability to block users, IPs, and IP ranges 3616 from editing specific pages, while allowing them to edit the rest of the wiki. 3617 It is a temporary setting for gradual enablement, current default to `false`, 3618 and will be set to `true` and then removed once initial development completes. 3619 3620==== Changed configuration ==== 3621* $wgChangeTagsSchemaMigrationStage (T193868) — This temporary setting, added in 3622 MediaWiki 1.32, now defaults to MIGRATION_NEW instead of MIGRATION_WRITE_BOTH. 3623* $wgPasswordPolicy – There is a new password policy to check that the account's 3624 password is not in the large blacklist. This is enabled by default for the 3625 built-in user groups bureaucrat, sysop, interface-admin, and bot. To configure 3626 this for other user groups, set the `PasswordNotInLargeBlacklist` flag `true`. 3627* $wgPasswordDefault – There is a new password type configuration using Argon2 3628 password hashing (which requires PHP 7.2 and above). It's designed to resist 3629 timing attacks, and (on systems with PHP 7.3+) GPU hacking; if you configure 3630 argon2 to be used, by default, it will automatically choose the best available 3631 algorithm depending on which version of PHP you have available. To use this, 3632 you can set `$wgPasswordDefault = 'argon2';`. 3633* $wgActorTableSchemaMigrationStage now defaults to reading the new schema. 3634 update.php will back-populate the new database fields due to the changed 3635 setting, which may take some time on large wikis. You can avoid downtime by 3636 following a process like that described in T188327. 3637 3638==== Removed configuration ==== 3639* $wgTagStatisticsNewTable (T199334) — This temporary setting, added in 3640 MediaWiki 1.32, has now been removed. When loading Special:Tags, MediaWiki 3641 will now always use the `change_tag_def` instead of the `change_tag` table. 3642* $wgUseTidy, $wgTidyBin, $wgTidyConf, $wgTidyOpts, $wgTidyInternal, and 3643 $wgDebugTidy – These options, all deprecated since 1.26, have now all been 3644 removed, as MediaWiki now always tidies user output. The $wgTidyConfig setting 3645 remains only for experimental features and debugging, and should not be used. 3646* $wgEnableParserCache – This setting has been deprecated since 1.26, has now 3647 been removed. If you still desire to disable the parser cache, instead you can 3648 set `$wgParserCacheType = CACHE_NONE;`. 3649* $wgCommentTableSchemaMigrationStage – This temporary migration setting has now 3650 been removed. Code finding it unset should treat it as being MIGRATION_NEW. 3651* $wgAuth – This old setting, deprecated in 1.27, has been removed as part of 3652 the removal of AuthPlugin. 3653* $wgSitesCacheFile – This configuration was introduced in 1.25 with the intent 3654 to allow sites to configure a file in which to cache the SiteStore database 3655 table, but it was never used. SiteStore already caches its information by 3656 default using BagOStuff (e.g. Memcached or APC). 3657* $wgClockSkewFudge – This setting was used by User.php to let sites adjust by 3658 how much MediaWiki would fudge when trying to minimize the chances of a 3659 user.user_touched database update to the "current" timestamp being before the 3660 value already there (e.g. due to clock skew between different servers). This 3661 is no longer a problem, because the code now ensures the timestamp is always 3662 higher than the previous one. The writes are guarded with CAS logic (check 3663 and set), which prevents updates that would overlap. 3664* $wgDBmysql5 (T196185) - This experimental setting, deprecated in 1.31, has 3665 been removed. 3666 3667=== New user-facing features in 1.33 === 3668* (T96041) __EXPECTUNUSEDCATEGORY__ on a category page causes the category 3669 to be hidden on Special:UnusedCategories. 3670* (T210814) SVGs are now by default displayed in wiki language on image 3671 pages. 3672* Special:CreateAccount now warns the user if their chosen username has to be 3673 normalized. 3674* (T205040) Multilingual images are now be displayed in the current parse 3675 language where available. 3676* Special:ActiveUsers will no longer filter out users who became inactive since 3677 the last time the active users query cache was updated. 3678* (T215675) RecentChange and ManualLogEntry implement new Taggable interface. 3679* (T215675) Added a hook, ManualLogEntryBeforePublish, to allow extensions 3680 to modify (example: add tags) log entries. 3681 3682=== New developer features in 1.33 === 3683* The AuthManagerLoginAuthenticateAudit hook has a new parameter for 3684 additional information about the authentication event. 3685* TextContent::getText() was introduced as a replacement for 3686 Content::getNativeData() for text-based content models. 3687* (T214706) LinksUpdate::getAddedExternalLinks() and 3688 LinksUpdate::getRemovedExternalLinks() were introduced. 3689* (T213893) Added 'MaintenanceUpdateAddParams' hook 3690* (T219655) The MarkPatrolled hook has a new parameter for the tags 3691 associated with this entry in the patrol log. 3692* (T212472) Extensions can now specify platform abilities they require to work, 3693 limited to shell access for now. 3694 3695 3696=== External library changes in 1.33 === 3697==== New external libraries ==== 3698* Added wikimedia/password-blacklist 0.1.4. 3699* Added guzzlehttp/guzzle 6.3.3. 3700 3701==== Changed external libraries ==== 3702* Updated OOUI from v0.29.2 to v0.31.3. 3703* Updated OOjs Router from pre-release to v0.2.0. 3704* Updated moment from v2.19.3 to v2.24.0. 3705* Updated wikimedia/xmp-reader from 0.6.0 to 0.6.2. 3706* Updated wikimedia/scoped-callback from 2.0.0 to 3.0.0. 3707* Updated jquery-client from 2.0.1 to 2.0.2. 3708* Updated pear/net_smtp from 1.8.0 to 1.8.1. 3709* Updated cssjanus/cssjanus from 1.2.0 to 1.3.0. 3710* Updated wikimedia/php-session-serializer from 1.0.6 to 1.0.7. 3711 3712==== Removed external libraries ==== 3713* (T219403) jquery.ui.spinner, deprecated since 1.31, was removed. 3714 3715 3716=== Developer library changes in 1.33 === 3717==== New developer libraries ==== 3718* Added jakub-onderka/php-console-highlighter 0.3.2 explicitly (dev-only). 3719* Added mediawiki/mediawiki-phan-config 0.5.0 (dev-only). 3720 3721==== Changed developer libraries ==== 3722* Updated wikimedia/ip-set from 1.3.0 to 2.0.1. 3723 * The deprecated IPSet\IPSet alias was removed, Wikimedia\IPSet must be 3724 used instead. 3725* Updated psy/psysh from 0.9.6 to 0.9.9 (dev-only). 3726* Updated nikic/php-parser from 3.1.3 to 3.1.5 (dev-only). 3727* Updated mediawiki/mediawiki-codesniffer from 22.0.0 to 25.0.0 (dev-only). 3728* Updated qunitjs from 2.6.2 to 2.9.1. 3729 3730==== Removed developer libraries ==== 3731* The jetbrains/phpstorm-stubs repository was removed in favour of the minimal 3732 stubs we need, which are kept in the new `.phan/internal_stubs` directory 3733 (dev-only). 3734 3735 3736=== Bug fixes in 1.33 === 3737* (T164211) Special:UserRights could sometimes fail with a 3738 "conflict detected" error when there weren't any conflicts. 3739* (T216029) Chrome redirects to Special:BadTitle after editing a section with 3740 a non-Latin name on a page with non-Latin characters in title. 3741* (T222385) resourceloader: Use AND instead of OR for upsert conds in 3742 saveFileDependencies(). 3743 3744=== Action API changes in 1.33 === 3745* (T198913) Added 'ApiOptions' hook. 3746* The JSON formatversion=2 is no longer experimental. 3747* Internal API errors (those with code beginning "internal_api_error") will 3748 include the exception class name in a data field named "errorclass". 3749 * Class names are not guaranteed to remain stable, and in particular database 3750 exceptions will now include the "Wikimedia\Rdbms\" prefix in the class name. 3751 * The code including an exception class name is deprecated. In the future, 3752 all internal errors will use code "internal_api_error". 3753* (T212356) When using action=delete on pages with many revisions, the module 3754 may return a boolean-true 'scheduled' and no 'logid'. This signifies that the 3755 deletion will be processed via the job queue. 3756* action=setnotificationtimestamp will now update the watchlist asynchronously 3757 if entirewatchlist is set, so updates may not be visible immediately 3758* Block info will be added to "blocked" errors from more modules. 3759* (T216245) Autoblocks will now be spread by action=edit and action=move. 3760* action=query&meta=userinfo has a new uiprop, 'latestcontrib', that returns 3761 the date of user's latest contribution. 3762* (T25227) action=logout now requires to be posted and have a csrf token. 3763 3764=== Action API internal changes in 1.33 === 3765* A number of deprecated methods for API documentation, intended for overriding 3766 by extensions, are no longer called by MediaWiki, and will emit deprecation 3767 notices if your extension attempts to use them: 3768 * ApiBase::getDescription() (deprecated in 1.25) 3769 * ApiBase::getParamDescription() (deprecated in 1.25) 3770 * ApiBase::getExamples() (deprecated in 1.25) 3771 * ApiBase::getDescriptionMessage() (deprecated in 1.30) 3772 Additionally, the 'APIGetDescription' and 'APIGetParamDescription' hooks have 3773 been removed, as their only use was to let extensions override values returned 3774 by getDescription() and getParamDescription(), respectively. 3775* API error codes may only contain ASCII letters, numbers, underscore, and 3776 hyphen. Methods such as ApiBase::dieWithError() and 3777 ApiMessageTrait::setApiCode() will throw an InvalidArgumentException if 3778 passed a bad code. 3779* ApiBase::checkTitleUserPermissions() now takes an options array as its third 3780 parameter. Passing a User object or null is deprecated. 3781* The api-feature-usage log channel now has log context. The text message is 3782 deprecated and will be removed in the future. 3783 3784=== Languages updated in 1.33 === 3785MediaWiki supports over 350 languages. Many localisations are updated regularly. 3786Below only new and removed languages are listed, as well as changes to languages 3787because of Phabricator reports. 3788 3789* (T203908) Added language support for Eastern Pwo (kjp). 3790* (T213717) Fixed a translation error on Goan Konkani (gom-deva) translations 3791 for NS_TEMPLATE. 3792* (T212221) Added $digitTransformTable for Santali (sat). 3793* (T216479) Added language support for Saisiyat (xsy). 3794* (T219728) Added support for new Japanese era name "Reiwa" 3795 3796=== Breaking changes in 1.33 === 3797* The parameteter $lang in DifferenceEngine::setTextLanguage must be of type 3798 Language. Other types are deprecated since 1.32. 3799* Skin::doEditSectionLink requires type Language for the parameter $lang. 3800 The parameters $tooltip and $lang are mandatory. Omitting the parameters is 3801 deprecated since 1.32. 3802* Language::truncate(), deprecated in 1.31, has been removed. 3803* UtfNormal, deprecated in 1.25, was removed. Use UtfNormal\Validator directly 3804 instead. 3805* (T197179) In OOUI HTMLForm fields, the parameters 'notice', 'notice-messages', 3806 and 'notice-message', which were deprecated in 1.32, were removed. Instead, 3807 use 'help', 'help-message', and 'help-messages'. 3808* (T197179) HTMLFormField::getNotices(), deprecated in 1.32, was removed. 3809* The "Parsoid v1" compatibility mappings in ParsoidVirtualRESTService and 3810 RestbaseVirtualRESTService, deprecated since 1.26, have been removed. 3811 Use the RESTBase v1 or Parsoid v3 API instead. 3812* ParserOptions defaults 'tidy' to true now, since the untidy modes of the 3813 parser are being deprecated and ParserOptions::getCanonicalOverrides() 3814 has always been true at any rate. 3815* Support for disabling tidy and external tidy implementations has been removed. 3816 This was deprecated in 1.32. The pure PHP Remex tidy implementation is now 3817 used and no configuration is necessary. 3818* A number of deprecated methods for API documentation, intended for overriding 3819 by extensions, are no longer called by MediaWiki, and will emit deprecation 3820 notices if your extension attempts to use them: 3821 * ApiBase::getDescription() (deprecated in 1.25) 3822 * ApiBase::getParamDescription() (deprecated in 1.25) 3823 * ApiBase::getExamples() (deprecated in 1.25) 3824 * ApiBase::getDescriptionMessage() (deprecated in 1.30) 3825 Additionally, the 'APIGetDescription' and 'APIGetParamDescription' hooks have 3826 been removed, as their only use was to let extensions override values returned 3827 by getDescription() and getParamDescription(), respectively. 3828* The authentication hooks 'AbortAutoAccount' 'AbortNewAccount', 'AbortLogin', 3829 'LoginUserMigrated', 'UserCreateForm', and 'UserLoginForm', all deprecated by 3830 the creation of AuthManager in 1.27, have been removed. This also means that 3831 the FakeAuthTemplate and LoginForm classes are removed, that FakeAuthTemplate 3832 is no longer passed into LoginSignupSpecialPage->getFieldDefinitions(), and 3833 that LoginSignupSpecialPage->getBCFieldDefinitions() is removed. 3834* The 'jquery.localize' module, deprecated in 1.32, has been removed. Instead, 3835 use 'jquery.i18n'. 3836* The hooks LanguageGetSpecialPageAliases and LanguageGetMagic, deprecated since 3837 1.16, have now been removed. Instead, use $specialPageAliases or $magicWords 3838 respectively in a $wgExtensionMessagesFiles file. 3839* The following methods of the Preferences class, deprecated in 1.31, have been 3840 removed: 3841 * getSaveBlacklist() 3842 * loadPreferenceValues() 3843 * getOptionFromUser() 3844 * profilePreferences() 3845 * skinPreferences() 3846 * filesPreferences() 3847 * datetimePreferences() 3848 * renderingPreferences() 3849 * editingPreferences() 3850 * rcPreferences() 3851 * watchlistPreferences() 3852 * searchPreferences() 3853 * miscPreferences() 3854 * generateSkinOptions() 3855 * getDateOptions() 3856 * getImageSizes() 3857 * getThumbSizes() 3858 * validateSignature() 3859 * cleanSignature() 3860 * getTimezoneOptions() 3861 * filterIntval() 3862 * filterTimezoneInput() 3863 * getTimeZoneList() 3864* mw.util.jsMessage(), deprecated in 1.20, was removed. Use mw.notify instead. 3865* (T61113) User::EDIT_TOKEN_SUFFIX was removed. It was deprecated since 1.27. 3866* The 'mediawiki.api' module aliases, deprecated in 1.32, have been removed. 3867 Specifically: mediawiki.api.category, mediawiki.api.edit, 3868 mediawiki.api.login, mediawiki.api.options, mediawiki.api.parse, 3869 mediawiki.api.upload, mediawiki.api.user, mediawiki.api.watch, 3870 mediawiki.api.messages, and mediawiki.api.rollback. 3871* The 'jquery.byteLimit' module alias for 'jquery.lengthLimit', 3872 deprecated in 1.31, was removed. 3873* Revision::fetchRevision(), deprecated in 1.28, was removed. 3874* Class SquidUpdate, deprecated in 1.27, was removed. 3875* Title->getSquidURLs(), deprecated in 1.27, was removed. Instead, use 3876 Title->getCdnUrls(). 3877* Title::escapeFragmentForURL(), deprecated in 1.30, was removed. Use 3878 Sanitizer::escapeIdForLink() or escapeIdForExternalInterwiki() instead. 3879* Title->canTalk(), deprecated in 1.30, was removed. Instead, use 3880 Title->canHaveTalkPage(). 3881* Title's methods for site and user page related to CSS and JS, deprecated in 3882 1.31, were removed: 3883 * Title->isCssOrJsPage() — Use Title->isSiteConfigPage() 3884 * Title->isCssJsSubpage() – Use Title->isUserConfigPage() 3885 * Title->getSkinFromCssJsSubpage() – Use Title->getSkinFromConfigSubpage() 3886 * Title->isCssSubpage() – Use Title->isUserCssConfigPage() 3887 * Title->isJsSubpage() – Use Title->isUserJsConfigPage() 3888* SiteSQLStore, deprecated in 1.27 and whose only method, ::newInstance(), 3889 would return the global SiteStore instance, has been removed. You can get to 3890 this via MediaWiki\MediaWikiServices::getInstance()->getSiteStore() directly. 3891* Linker::formatSize, deprecated in 1.28, has been removed (with DummyLinker's). 3892 Instead, use Language->formatSize() with the relevant Language object. 3893* Linker::formatTemplates, deprecated in 1.28, has been removed (along with the 3894 version in DummyLinker). You can use TemplatesOnThisPageFormatter directly. 3895* EventRelayerGroup::singleton(), deprecated in 1.27, has been removed. You can 3896 use MediaWikiServices::getInstance()->getEventRelayerGroup() directly. 3897* LinkCache->addLink(), deprecated in 1.27, has been removed. It is thought to 3898 be unused, and is distinct from OutputPage->addLink(), which remains. 3899* JsonContent->getJsonData(), deprecated in 1.25, has been removed. Instead, use 3900 JsonContent->getData(). 3901* MWExceptionHandler::getLogId(), deprecated in 1.27, has been removed, as the 3902 exception ID is the same as the request ID, from WebRequest::getRequestId(). 3903* SearchEngine::getNearMatchResultSet(), deprecated in 1.27, has been removed. 3904 You can use SearchEngine::getNearMatcher() instead. 3905* EmailNotification::updateWatchlistTimestamp, deprecated in 1.27, has been 3906 removed. Instead, use WatchedItemStore::updateNotificationTimestamp directly. 3907* User::getGroupName() and ::getGroupMember(), both deprecated in 1.29, have 3908 been removed. Instead, please use UserGroupMembership::getGroupName() and 3909 UserGroupMembership::getGroupMemberName(). 3910* Backwards compatibility for setting wgSessionsInObjectCache to false or using 3911 wgSessionHandler, both of which were deprecated in 1.27 with the introduction 3912 of SessionManager, has been removed. 3913* SessionManager::autoCreateUser, deprecated in 1.27, has been removed. Use 3914 MediaWiki\Auth\AuthManager::autoCreateUser instead. 3915* The mw.libs.jpegmeta property, deprecated in 1.31, was removed. 3916 Use require( 'mediawiki.libs.jpegmeta' ) instead. 3917* The mw.user.stickyRandomId() method, deprecated in 1.32, was removed. 3918 Use mw.user.getPageviewToken() instead. 3919* Removed deprecated class property WikiRevision::$importer. 3920* ResourceLoaderFileModule::readStyleFiles() now requires its $context 3921 parameter. 3922* The ChangeList::insertArticleLink() method, that was deprecated in 1.27, has 3923 been removed. 3924* MessageBlobStore::__construct() now requires its $rl parameter. 3925* Second parameter to Sanitizer::escapeIdReferenceList() (deprecated in 1.31) 3926 has been removed. 3927* The 'jquery.xmldom' module has been removed. 3928* The 'jquery.mockjax' module has been removed. 3929* The 'jquery.hidpi' module, deprecated in 1.32, has been removed. 3930* AuthPlugin and related code, deprecated in 1.27, has been removed. Extensions 3931 should instead use AuthManager. The following no longer exist: 3932 * The AuthPlugin class itself and the related AuthPluginUser class and i18n 3933 * The AuthPluginSetup and AuthPluginAutoCreate hooks 3934 * The transitional wrapper classes AuthPluginPrimaryAuthenticationProvider, 3935 AuthManagerAuthPlugin, and AuthManagerAuthPluginUser. 3936 * The $wgAuth configuration setting and its use in Setup.php and unit tests 3937* (T217772) The 'wgAvailableSkins' mw.config key in JavaScript, was removed. 3938* Language::markNoConversion, deprecated in 1.32, has been removed. Use 3939 LanguageConverter::markNoConversion instead. 3940* BagOStuff::modifySimpleRelayEvent() method has been removed. 3941* ParserOutput::getLegacyOptions, deprecated in 1.30, has been removed. 3942 Use ParserOutput::allCacheVaryingOptions instead. 3943* CdnCacheUpdate::newSimplePurge, deprecated in 1.27, has been removed. 3944 Use CdnCacheUpdate::newFromTitles() instead. 3945* Handling of multiple arguments by the Block constructor, deprecated in 1.26, 3946 has been removed. 3947* The translation of main page in Sardinian (sc) was changed from "Pàgina Base" 3948 to "Pàgina printzipale". Existing wikis using this content language need to 3949 move the main page or change the name through MediaWiki:Mainpage page. 3950* wfSplitWikiID(), deprecated in 1.32, has been removed. 3951* MessageBlobStore::getBlob(), deprecated in 1.27, has been removed. 3952 Use ::getBlobs() instead. 3953* The .background-size() LESS mixin, deprecated in 1.27, has been removed. 3954* ReadOnlyMode::clearCache() and ConfiguredReadOnlyMode::clearCache() have been 3955 removed. Use MediaWikiTestCase::overrideMwServices() instead. 3956* Support for the 'aggregator' option of JobQueue (and thus $wgJobTypeConf) was 3957 removed. The JobQueueAggregator interface and JobQueueAggregatorRedis class 3958 have also been removed. They were experimentally developed for use by the 3959 Wikimedia Foundation, but were never used, with no known use cases. (Note that 3960 this does not affect JobQueueRedis which is still supported.) 3961 3962=== Deprecations in 1.33 === 3963* The configuration option $wgUseESI has been deprecated, and is expected 3964 to be removed in a future release. 3965* The configuration option $wgSquidPurgeUseHostHeader has been deprecated, 3966 and is expected to be removed in a future release. 3967* The configuration options $wgFixArabicUnicode and $wgFixMalayalamUnicode, 3968 introduced in MW 1.17, have been deprecated. These fixes will always be 3969 applied for Arabic and Malayalam in the future. Please enable these on 3970 your local wiki (if you have them explicitly set to false) and run 3971 maintenance/cleanupTitles.php to fix any existing page titles. 3972* The LegacyHookPreAuthenticationProvider class, deprecated since its creation 3973 in 1.27 as part of the AuthManager re-write, now emits deprecation warnings. 3974 This will help identify the issue if you added it to $wgAuthManagerConfig. 3975* wfSplitWikiId() is now deprecated. Cache key generation should have the wiki 3976 domain ID as a key component and use makeGlobalKey(). 3977* (T202094) Title::getUserCaseDBKey() is deprecated; instead, please use 3978 Title::getDBkey(), which doesn't vary case. 3979* User::getPasswordValidity() is now deprecated. User::checkPasswordValidity() 3980 returns the same information in a more useful format. 3981* For Linker::generateTOC() and Linker::tocList(), passing strings or booleans 3982 as the $lang parameter was deprecated. The same applies to DummyLinker. 3983* The PasswordPolicy 'PasswordCannotBePopular' has been deprecated. To 3984 follow best practices, it is reccommended to use 'PasswordNotInLargeBlacklist' 3985 instead which blacklists 100,000 commonly used passwords. 3986* (T208862) Action::requiresUnblock() is now called from 3987 Title::getUserPermissionsErrors() and Title::userCan(). Previously, the method 3988 was only called in Action::checkCanExecute(). Actions should ensure that their 3989 requiresUnblock() returns the proper result (the default is `true`). 3990* (T211608) The MediaWiki\Services namespace has been renamed to 3991 Wikimedia\Services. The old name is still supported, but deprecated. 3992* (T155582) Content::getNativeData has been deprecated. Please use model- 3993 specific getters, such as TextContent::getText(). 3994* The class WebInstallerOutput is now marked as @private. 3995* (T209699) The jquery.async module has been deprecated. JavaScript code that 3996 needs asynchronous behaviour should use Promises. 3997* Password::equals() is deprecated, use verify(). 3998* BaseTemplate::msgWiki() and QuickTemplate::msgWiki() will be removed. Use 3999 other means to fetch a properly escaped message string or Message object. 4000* (T126091) The 'ResourceLoaderTestModules' hook, which lets you declare QUnit 4001 testing code for your JavaScript modules, is deprecated. Instead, you can now 4002 use the new extension registration key 'QUnitTestModule'. 4003* (T213426) The jquery.throttle-debounce module has been deprecated. JavaScript 4004 code that needs this behaviour should use OO.ui.debounce/throttle. 4005* The mw.language.specialCharacters property from the 4006 'mediawiki.language.specialCharacters' module has been deprecated. 4007 Use require( 'mediawiki.language.specialCharacters' ) instead. 4008* ChangeTags::purgeTagUsageCache() has been deprecated, and is expected to be 4009 removed in a future release. 4010* Passing a User object or null as the third parameter to 4011 ApiBase::checkTitleUserPermissions() has been deprecated. Pass an array 4012 [ 'user' => $user ] instead. 4013* (T211578) Block::prevents is deprecated. Use Block::isEmailBlocked, 4014 Block::isCreateAccountBlocked and Block::isUsertalkEditAllowed to get and set 4015 block properties; use Block::appliesToRight and Block::appliesToUsertalk to 4016 check block behaviour. 4017* The api-feature-usage log channel now has log context. The text message is 4018 deprecated and will be removed in the future. 4019* The FileBasedSiteLookup class has been deprecated. For a cacheable SiteLookup 4020 implementation, use CachingSiteStore instead. 4021* Language::viewPrevNext function is deprecated, use 4022 SpecialPage::buildPrevNextNavigation instead 4023* ManualLogEntry::setTags() is deprecated, use ManualLogEntry::addTags() 4024 instead. The setTags() method was overriding the tags, addTags() doesn't 4025 override, only adds new tags. 4026* Block::isValid is deprecated, since it is no longer needed in core. 4027* Calling Maintenance::hasArg() as well as Maintenance::getArg() with no 4028 parameter has been deprecated. Please pass the argument number 0. 4029* ResourceLoaderContext::expandModuleNames has been deprecated. 4030 Use ResourceLoader::expandModuleNames instead. 4031 4032=== Other changes in 1.33 === 4033* (T201747) Html::openElement() warns if given an element name with a space 4034 in it. 4035* The implementation of buildStringCast() in Wikimedia\Rdbms\Database has 4036 changed to explicitly cast. Subclasses relying on the base-class 4037 implementation should check whether they need to override it now. 4038* BagOStuff::add is now abstract and must explicitly be defined in subclasses. 4039* LinksDeletionUpdate is now a subclass of LinksUpdate. As a consequence, 4040 the following hooks will now be triggered upon page deletion in addition 4041 to page updates: LinksUpdateConstructed, LinksUpdate, LinksUpdateComplete. 4042 LinksUpdateAfterInsert is not triggered since deletions do not cause 4043 insertions into links tables. 4044* Category::newFromID( $id )->getID() will now return $id without any 4045 validation, to avoid a mostly unnecessary DB query. 4046* On Special:Version, the name for an extension can no longer be arbitrary 4047 html when no link is specified. 4048 4049= MediaWiki 1.32 = 4050 4051== MediaWiki 1.32.6 == 4052 4053This is a security and maintenance release of the MediaWiki 1.32 branch. 4054 4055=== Changes since MediaWiki 1.32.5 === 4056* (T236628) Fix for ArticleRevisionViewCustom hook in DifferenceEngine.php. 4057* (T181658) Do not insert page titles into querycache.qc_value. 4058* (T206013) Suppress errors when reading invalid XML file properties. 4059* (T237931) Remove references to pg_attrdef.adsrc in Postgres code. 4060* Use correct value for 'sslmode' in DatabasePostgres. 4061* (T232866) Fix support for HTTP/2 in MultiHttpClient. 4062* (T227461) Stop calling deprecated Redis delete functions. 4063* (T239561) Mark options as requiring parameters in addSite.php. 4064* (T239734) Replace deprecated lSize with lLen in Redis code. 4065* (T192134) SECURITY: Do not allow user scripts on Special:PasswordReset. 4066* (T239428) ApiEditPage: Test for bad redirect targets. 4067* (T233342) rdbms: Log debug message traces as 'exception.trace' instead of 4068 'trace'. 4069* (T226751) media: Log and fail gracefully on invalid EXIF coordinates. 4070* (T212067) SECURITY: Work around PHP bug in parse_url. 4071 4072== MediaWiki 1.32.5 == 4073 4074This is a maintenance release of the MediaWiki 1.32 branch. 4075 4076=== Changes since MediaWiki 1.32.4 === 4077* Compute sha1 and length if needed in maintenance/populateContentTables.php. 4078* Fix extra newlines in the installer. 4079* Followup T230402, PermissionManager doesn't exist until 1.33, so fix the 4080 backported patches to use User::isAllowed() instead. 4081 4082== MediaWiki 1.32.4 == 4083 4084This is a security and maintenance release of the MediaWiki 1.32 branch. 4085 4086=== Changes since MediaWiki 1.32.3 === 4087* (T207100) Updated LanguageTr for dotted and dotless I in PHP 7.3. 4088* The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification 4089 of headers in private wikis. 4090* (T230402) SECURITY: Add permission check for suppressed account to 4091 Special:Redirect. 4092* (T208897) MessageCache: Restore 'loadedLanguages' tracking for load(). 4093* (T200088) Remove title protection correctly for undeletions and imports. 4094* Add helper for HTTPFileStreamer header syntax. 4095* (T118799) Fix XMP parser errors due to trailing nullchar. 4096* (T233119) Improve documentation for the MinimumPasswordLengthToLogin policy. 4097* Cache redirects from Special:Redirect. 4098* (T231386) dispatchUser() should use a 302 http status code. 4099* (T227662) Split down patch-comment-table.sql and patch-actor-table.sql into 4100 separate files to help allieviate potential migration problems. 4101* Make SQLite's patch-add-3d.sql a no-op to prevent clobbering other database 4102 updates. 4103 4104== MediaWiki 1.32.3 == 4105 4106This is a maintenance release of the MediaWiki 1.32 branch. 4107 4108=== Changes since MediaWiki 1.32.2 === 4109* (T225558) Update installer link to PHP intl. 4110* (T225496) Detect APC for MainCacheType in CLI installer. 4111* (T226766) Remove jetbrains/phpstorm-stubs from composer dev dependencies. 4112* (T202211) Fix SQLite patch-(image|page|template)links-fix-pk.sql column order. 4113 4114== MediaWiki 1.32.2 == 4115 4116This is a security and maintenance release of the MediaWiki 1.32 branch. 4117 4118=== Changes since MediaWiki 1.32.1 === 4119* (T204423) Backport support for hyphenated DB names in JobQueueGroup. 4120* (T216968) Return pageid as int in both list=iwbacklinks and 4121 list=langbacklinks. 4122* (T215169) Fix for Database::update() with IGNORE option fails on PostgreSQL. 4123* (T199474) Fix typo in rebuildrecentchanges.php resulting in rogue flags. 4124* (T218608) SECURITY: Fix an issue that prevents Extension:OAuth working when 4125 $wgBlockDisablesLogin is true. 4126* (T216029) Chrome redirects to Special:BadTitle after editing a section with 4127 a non-Latin name on a page with non-Latin characters in title. 4128* Unbreak language related maintenance scripts that use StaticArrayWriter. 4129* (T219728) Added support for new Japanese era name "Reiwa". 4130* (T25227) SECURITY: action=logout now requires to be posted and have a csrf 4131 token. 4132* Updated cssjanus/cssjanus from 1.2.0 to 1.3.0. 4133* (T221045) Remove orphaned code from ConfigRepository. 4134* (T222385) resourceloader: Use AND instead of OR for upsert conds in 4135 saveFileDependencies(). 4136* (T224374) Fix message parameters so that the message that says SQLite is 4137 out of date makes sense. 4138* (T200471) Prevent LBFactorySimple breaking ExternalStorage, when trying to 4139 connect to external server with local database name. 4140* (T197279) SECURITY: Fix reauth in Special:ChangeEmail. 4141* (T208881) SECURITY: blacklist CSS var(). 4142* (T209794) SECURITY: rate-limit and prevent blocked users from changing email. 4143* (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block. 4144* (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query. 4145* (T222036, T222038) SECURITY: Add permission check for user is permitted to 4146 view the log type. 4147* (T221739) SECURITY: resources: Patch jQuery 3.3.1 for CVE-2019-11358. 4148 4149== MediaWiki 1.32.1 == 4150 4151=== Changes since MediaWiki 1.32.0 === 4152* (T213577) rdbms: avoid transaction status errors from ping() in rollback(). 4153* rdbms: Pass required parameter. 4154* rdbms: do not treat SAVEPOINT and RELEASE SAVEPOINT as write queries. 4155* (T204531) rdbms: reduce LoadBalancer replication log spam. 4156* (T213489) Avoid session double-start in Setup.php. 4157* (T213717) Correct namespace 'Template' for gom-deva 4158* (T198054) Fix login page crash caused by unknown language via ?uselang 4159* (T215324) (T210937) list=users mistakenly reports user as missing. 4160* (T209483) Add ILBFactory::redefineLocalDomain method. This is intended for 4161use with scripts like addWiki.php to avoid mismatched domain errors. 4162* (T208871) The hard-coded Google search form on the database error page was 4163removed. 4164* (T204800) Fix Title::getFragmentForURL for bad interwiki prefix 4165* (T215566) Fix installer being unable to determine if the database exists 4166during a fresh installation. 4167 4168== MediaWiki 1.32.0 == 4169 4170=== Changes since MediaWiki 1.32.0-rc.2 === 4171* (T188327) Fix slow queries in migrateActors.php. 4172* (T102320) Fix $magicWords for the Sanskrit language. 4173 4174=== Changes since MediaWiki 1.32.0-rc.1 === 4175* Fix addition of ug_expiry column to user_groups table on MSSQL. 4176* (T210307) Fix the cache timestamp for forced updates. 4177* (T210621) User: Bypass repeatable-read when creating an actor_id. 4178* (T197535) Extensions can now specify PHP versions and PHP extensions they 4179 depend on. 4180* Updated wikimedia/ip-set from v1.2.0 to v1.3.0. 4181* (T212356) When using action=delete on pages with many revisions, the module 4182 may return a boolean-true 'scheduled' and no 'logid'. This signifies that the 4183 deletion will be processed via the job queue. 4184* (T64103) Dropped columns category.cat_hidden, site_stats.ss_admins, and 4185 recentchanges.rc_cur_time from the PostgreSQL schema. 4186 4187=== Changes since MediaWiki 1.32.0-rc.0 === 4188* (T209885) Prevent populateSearchIndex.php from breaking once actor migration 4189 has been started. 4190* (T210998) Properly set $wgLanguageCode in the generated LocalSettings.php 4191 if --lang is used with the command-line installer (install.php). 4192 4193=== Configuration changes in 1.32 === 4194 4195==== New configuration ==== 4196* $wgJpegQuality – The quality of JPEG thumbnails is now configurable through 4197 this setting. The default is 80, which matches the quality of JPEG thumbnails 4198 previously generated by ImageMagick. The quality of JPEG thumbnails generated 4199 by GD was previously 95, but now uses the $wgJpegQuality setting as well. 4200* $wgCookieSetOnIpBlock - This determines whether to set a cookie when an IP 4201 user is blocked. Doing so means that a blocked user, even after moving to a 4202 new IP address, will still be blocked. 4203* $wgRawHtmlMessages – This new configuration setting is added for listing 4204 messages which are displayed as raw HTML. 4205* $wgCSPHeader and $wgCSPReportOnlyHeader – You can now define a 4206 "Content Security Policy" for your wiki. This adds a defense-in-depth feature 4207 to stop an attacker who has found a bug in the parser allowing them to insert 4208 malicious attributes. Disabled by default. (T135963) 4209* $wgGroupPermissions – A new user group, 'interface-admin', is added for 4210 controlling access to sitewide CSS/JS (and editing other users' CSS/JS). No 4211 other group has 'editsitecss', 'editusercss', 'editsitejs' or 'edituserjs' 4212 by default. 4213* $wgGrantPermissions – A new grant group, 'editsiteconfig', is added for 4214 granting the above rights. 4215* $wgDBDefaultGroup – A default database group for use by maintenance scripts. 4216* $wgResourceLoaderEnableJSProfiler – This new configuration setting lets you 4217 enable client-side profiling of JavaScript modules; it is off by default. 4218* (T193868) $wgChangeTagsSchemaMigrationStage — This temporary configuration 4219 setting allows sysadmins to gradually migrate the database table schema for 4220 how change tags are stored. 4221* (T199334) $wgTagStatisticsNewTable — This temporary configuration setting 4222 allows sysadmins to enable the caching of Special:Tags via the new 4223 change_tag_def table. 4224 4225==== Changed configuration ==== 4226* $wgUseAjax – This setting, deprecated in 1.31, is now ignored. 4227* $wgDefaultUserOptions – The default watchlist view time (watchlistdays) has 4228 been increased from 3 to 7 days. (T194414) 4229* $wgGroupPermissions – The right to edit sitewide Javascript 4230 (e.g. MediaWiki:Common.js), CSS or JSON was separated from 'editinterface' 4231 and is available under 'editsitejs'/'editsitecss'/'editsitejson'. Having 4232 'editinterface' is still necessary to edit such pages. 4233* $wgMultiContentRevisionSchemaMigrationStage now defaults to writing both the 4234 old and the new schema, but reading the new schema, so Multi-Content Revisions 4235 (MCR) are now functional per default. The new default value of the setting is 4236 SCHEMA_COMPAT_WRITE_BOTH | SCHEMA_COMPAT_READ_NEW. 4237* $wgActorTableSchemaMigrationStage no longer accepts MIGRATION_WRITE_BOTH or 4238 MIGRATION_WRITE_NEW. It instead uses SCHEMA_COMPAT_WRITE_BOTH | 4239 SCHEMA_COMPAT_READ_OLD and SCHEMA_COMPAT_WRITE_BOTH | SCHEMA_COMPAT_READ_NEW 4240 for intermediate stages of migration. 4241* $wgDBTableOptions – The default table options now use the binary charset. The 4242 default was already overridden in the installer-generated LocalSettings.php, 4243 and so is always set to binary after the installer UI option was removed. The 4244 default value is only used when the installer installs an extension. 4245* $wgPopularPasswordFile — The location of the default popular passwords file 4246 has been moved to be in line with other non-PHP files used by libraries and 4247 classes. 4248* $wgEnableImageWhitelist is now disabled by default, as it opens up a hole for 4249 potential privacy leaks by administrators. You can check 4250 "MediaWiki:External image whitelist" on your wiki to see whether the feature 4251 was ever used, and whether it needs to be re-enabled. 4252 4253==== Removed configuration ==== 4254* $wgEnableAPI and $wgEnableWriteAPI – These settings, deprecated in 1.31, 4255 have been removed. (T115414) 4256* $wgSiteSupportPage – This setting, unused since 1.5, was removed. 4257* $wgBrowserBlacklist – This setting, deprecated in 1.30, was removed. 4258* $wgExperimentalHtmlIds – This setting, deprecated since 1.30, was removed. 4259 The 'html5-legacy' value for $wgFragmentMode is no longer accepted. 4260* $wgPasswordSenderName - This setting, ignored since 1.23 by MediaWiki and 4261 most extensions, is no longer set. Instead, you can modify the system 4262 message `emailsender`. 4263* $wgTidyConfig – The experimental Html5Internal and Html5Depurate tidy drivers 4264 were removed. RemexHtml, which is the default, should be used instead. 4265* (T181318) The $wgStyleVersion setting and its appendage to various script and 4266 style URLs in OutputPage, deprecated in 1.31, was removed. 4267* (T140807) The wgResourceLoaderLESSImportPaths configuration option was removed 4268 from ResourceLoader. Instead, use `@import` statements in LESS to import 4269 files directly from nearby directories within the same project. 4270* (T140804) The wgResourceLoaderLESSVars configuration option, deprecated 4271 since 1.30, was removed. Instead, to expose variables from PHP to LESS, use 4272 the ResourceLoaderModule::getLessVars() method. 4273* $wgResourceLoaderValidateStaticJS – This setting, unused since MediaWiki 1.18, 4274 was removed. 4275* Two temporary variables for deploying the feature of filters on change lists, 4276 $wgStructuredChangeFiltersShowPreference introduced in MediaWiki 1.30 and 4277 $wgStructuredChangeFiltersOnWatchlist in 1.31, were removed. 4278 4279=== New features in 1.32 === 4280* (T112474) Generalized the ResourceLoader mechanism for overriding modules 4281 using a particular page during edit previews. 4282* (T12331) You can now log page creation events by setting $wgPageCreationLog 4283 to true. 4284* Added 'ApiParseMakeOutputPage' hook. 4285* (T174313) Added checkbox on Special:ListUsers to display only users in 4286 temporary user groups. 4287* (T152462) A cookie can now be set when an IP user is blocked to track that 4288 user if they move to a new IP address. This is disabled by default. 4289* (T194950) Added 'ApiMaxLagInfo' hook. 4290* SpecialPage::checkLoginSecurityLevel() will now preserve POST data when 4291 reauthenticating. 4292* FormSpecialPage::execute() will now call checkLoginSecurityLevel() if 4293 getLoginSecurityLevel() returns non-false. 4294* The 'ImageBeforeProduceHTML' hook is now passed three new parameters, $parser, 4295 &$query and &$widthOption, allowing extensions even finer control over the 4296 resulting HTML code. 4297* Added new 'ArticleShowPatrolFooter' hook, which allows extensions to determine 4298 if the [mark as patrolled] link should be shown at the footer of patrollable 4299 pages. 4300* The array of hidden options ($opts) passed to the 'SpecialSearchPowerBox' hook 4301 is now passed by reference, allowing extensions to modify or even unset it. 4302* Added new 'OutputPageAfterGetHeadLinksArray' hook, allowing extensions to 4303 modify the return value of OutputPage#getHeadLinksArray in order to add, 4304 remove or otherwise alter the elements to be output in the page <head>. 4305* (T28934) The 'HistoryPageToolLinks' hook allows extensions to append 4306 additional links to the subtitle of a history page. 4307* The 'GetLinkColours' hook now receives an additional $title parameter, 4308 the Title object of the page being parsed, on which the links will be shown. 4309* (T194731) DifferenceEngine supports multiple slots. Added SlotDiffRenderer to 4310 render diffs between two Content objects, and DifferenceEngine::setRevisions() 4311 to render diffs between two custom (potentially multi-content) revisions. 4312 Added GetSlotDiffRenderer hook which works like GetDifferenceEngine for slots. 4313* Added a temporary action=mcrundo to the web UI, as the normal undo logic 4314 can't yet handle MCR and deadlines are forcing is to put off fixing that. 4315 This action should be considered deprecated and should not be used directly. 4316* Extensions overriding ContentHandler::getUndoContent() will need to be 4317 updated for the changed method signature. 4318* Added a new hook, 'UserGetRightsRemove', which can be used to remove rights 4319 from user. Unlike the 'UserGetRights' it will ensure that removed rights 4320 will not be reinserted. 4321* (T197535) Extensions can now specify PHP versions and PHP extensions they 4322 depend on. 4323 4324=== External library changes in 1.32 === 4325 4326==== New external libraries ==== 4327* Added pear/Net_SMTP v1.8.0. 4328* Added wikimedia/xmp-reader v0.6.0. 4329 4330* Added cache/integration-tests v0.16.0 (dev-only). 4331* Added giorgiosironi/eris v0.10.0 (dev-only). 4332* Added seld/jsonlint v1.7.1 (dev-only). 4333 4334* Added EasyDeflate (unversioned). 4335 4336==== Changed external libraries ==== 4337* Updated OOUI from v0.26.3 to v0.29.2. 4338* Updated wikimedia/base-convert from v1.0.1 to v2.0.0. 4339* Updated wikimedia/remex-html from v1.0.3 to v2.0.1. 4340* Updated wikimedia/scoped-callback from v1.0.0 to v2.0.0. 4341** ScopedCallback objects can no longer be serialized. 4342* Updated wikimedia/timestamp from v1.0.0 to v2.2.0. 4343* Updated wikimedia/wrappedstring from v2.3.0 to v3.0.1. 4344* oyejorge/less.php replaced with our fork wikimedia/less.php 4345* Updated wikimedia/ip-set from v1.2.0 to v1.3.0. 4346 4347* Updated composer/spdx-licenses from v1.3.0 to v1.4.0 (dev-only). 4348* Updated mediawiki/mediawiki-codesniffer from v18.0.0 to v22.0.0 (dev-only). 4349* Updated psy/psysh from v0.8.11 to v0.9.6 (dev-only). 4350 4351* Updated CLDRPluralRuleParser from v0.1.0 to v1.3.2-pre. 4352* Updated jquery from v3.2.1 to v3.3.1. 4353* Updated jquery.client from v2.0.0 to v2.0.1. 4354* Updated jquery.i18n from v1.0.4 to v1.0.5. 4355* Updated mustache.js from v0.8.2-d9aa703 to v1.0.0. 4356* Updated OOjs from v2.2.0 to v2.2.2. 4357* Updated qunitjs from v2.4.0 to v2.6.2. 4358* Updated sinonjs from v1.17.3 to v1.17.7. 4359 4360==== Removed external libraries ==== 4361* pear/mail_mime-decode was removed. 4362 4363=== Bug fixes in 1.32 === 4364* SpecialPage::execute() will now only call checkLoginSecurityLevel() if 4365 getLoginSecurityLevel() returns non-false. 4366* (T43720, T46197) Improved page display title handling for category pages 4367* (T65080) Fixed resetting options of some types via API action=options. 4368 4369=== Action API changes in 1.32 === 4370* Added templated parameters. 4371 * A module can define a templated parameter like "{fruit}-quantity", where 4372 the actual parameters recognized correspond to the values of a multi-valued 4373 parameter. Then clients can make requests like 4374 "fruits=apples|bananas&apples-quantity=1&bananas-quantity=5". 4375 * action=paraminfo will return templated parameter definitions separately 4376 from normal parameters. All parameter definitions now include an "index" 4377 key to allow clients to maintain parameter ordering when merging normal and 4378 templated parameters. 4379* It is now an error to submit too many values for a multi-valued parameter. 4380 This has generated a warning since MediaWiki 1.14. 4381* Assertion failures from the 'assert' and 'assertuser' parameters will no 4382 longer use the action module's custom response format, for the few modules 4383 that use custom formatters that handle errors. 4384* (T198935) User list preferences such as `email-blacklist` and similar 4385 extension preferences are no longer represented as arrays when returned by 4386 action=query&meta=userinfo&uiprop=options. 4387* 'missingparam' errors will now use the prefixed parameter name in the code 4388 and error text, e.g. "noxxfoo" and "The 'xxfoo' parameter must be set" rather 4389 than "nofoo" and "The 'foo' parameter must be set". 4390* action=query&prop=revisions now takes a 'rvslots' parameter to indicate the 4391 multi-content revision slots for which content should be returned. It also 4392 has a new rvprop, 'roles', to indicate which roles have slots. A deprecation 4393 warning will be issued if rvprop=content or rvprop=contentmodel are used 4394 without rvslots. 4395* The rvcontentformat parameter to action=query&prop=revisions has been 4396 deprecated. Clients should be prepared to deal with the default format for 4397 relevant models. 4398* Use of the deprecated parameters rvexpandtemplates, rvgeneratexml, rvparse, 4399 rvdiffto, rvdifftotext, rvdifftotextpst, rvcontentformat, or the deprecated 4400 rvprop=parsetree is forbidden with the new 'rvslots' parameter. 4401* action=query&prop=deletedrevisions, action=query&list=allrevisions, and 4402 action=query&list=alldeletedrevisions are changed similarly to 4403 &prop=revisions (see the three previous items). 4404* (T174032) action=compare now supports multi-content revisions. 4405 * It has a 'slots' parameter to select diffing of individual slots. The 4406 default behavior is to return one combined diff. 4407 * The 'fromtext', 'fromsection', 'fromcontentmodel', 'fromcontentformat', 4408 'totext', 'tosection', 'tocontentmodel', and 'tocontentformat' parameters 4409 are deprecated. Specify the new 'fromslots' and 'toslots' to identify which 4410 slots have text supplied and the corresponding templated parameters for 4411 each slot. 4412 * The behavior of 'fromsection' and 'tosection' of extracting one section's 4413 content is not being preserved. 'fromsection-{slot}' and 'tosection-{slot}' 4414 instead expand the given text as if for a section edit. This effectively 4415 declines T183823 in favor of T185723. 4416* (T198214) The 'disabletidy' parameter to action=parse has been 4417 deprecated; untidy output will not be supported by future wikitext 4418 parsers. 4419* Added intestactionsdetail to action=query&prop=info to allow retrieving the 4420 reasons an action is not allowed. 4421* Deprecated action=query&prop=info inprop=readable in favor of 4422 intestactions=read. 4423* (T212356) When using action=delete on pages with many revisions, the module 4424 may return a boolean-true 'scheduled' and no 'logid'. This signifies that the 4425 deletion will be processed via the job queue. 4426 4427=== Action API internal changes in 1.32 === 4428* Added 'ApiParseMakeOutputPage' hook. 4429* Parameter names may no longer contain '{' or '}', as these are now used for 4430 templated parameters. 4431* (T194950) Added 'ApiMaxLagInfo' hook. 4432* The following methods now take a RevisionRecord rather than a Revision. No 4433 external callers are known. 4434 * ApiFeedContributions::feedItemAuthor() 4435 * ApiFeedContributions::feedItemDesc() 4436 * ApiQueryRevisionsBase::extractRevisionInfo() 4437* The following deprecated methods have been removed: 4438 * ApiBase::profileIn() (deprecated in 1.25) 4439 * ApiBase::profileOut() (deprecated in 1.25) 4440 * ApiBase::safeProfileOut() (deprecated in 1.25) 4441 * ApiBase::profileDBIn() (deprecated in 1.25) 4442 * ApiBase::profileDBOut() (deprecated in 1.25) 4443 * ApiBase::dieUsage() (deprecated in 1.29) 4444 * ApiBase::dieUsageMsg() (deprecated in 1.29) 4445 * ApiBase::dieUsageMsgOrDebug() (deprecated in 1.29) 4446 * ApiBase::getErrorFromStatus() (deprecated in 1.29) 4447 * ApiBase::parseMsg() (deprecated in 1.29) 4448 * ApiBase::setWarning() (deprecated in 1.29) 4449 * ApiPageSet::getInvalidTitles() (deprecated in 1.26) 4450 * ApiQueryLogEvents::addLogParams() (deprecated in 1.25) 4451 * ApiUsageException::getCodeString() (deprecated in 1.29) 4452 * ApiUsageException::getMessageArray() (deprecated in 1.29) 4453* Class UsageException, deprecated in 1.29, has been removed. 4454* ApiErrorFormatter: Added getFormat() and newWithFormat(). In particular, you 4455 can now easily test $formatter->getFormat() === 'bc', and then call 4456 $formatter->newWithFormat( 'plaintext' ) to get a non-BC formatter. 4457 4458=== Languages updated in 1.32 === 4459MediaWiki supports over 350 languages. Many localisations are updated regularly. 4460Below only new and removed languages are listed, as well as changes to languages 4461because of Phabricator reports. 4462 4463* (T193566) Added language support for Ambonese Malay (abs). 4464* (T194047) Added language support for Shawiya, Latin script (shy-latn). 4465* (T195940) Added language support for Batak Mandailing (btm). 4466* (T137491) Added language support for Standard Moroccan Amazigh (zgh). 4467* (T198132) Added language support for Manipuri (mni). 4468* (T201276) Added language support for Western Armenian (hyw). 4469* (T201583) Added language support for Mon (mnw). 4470 4471=== Breaking changes in 1.32 === 4472* $wgRequestTime, deprecated in 1.25, was removed. Use 4473 $_SERVER['REQUEST_TIME_FLOAT'] or WebRequest::getElapsedTime() instead. 4474* The MediaWikiI18N class, deprecated in 1.31, was removed. 4475* QuickTemplate::setTranslator(), deprecated in 1.31, was removed. Use 4476 Skin::msg() instead. 4477* wfInitShellLocale(), deprecated in 1.30, was removed. 4478* wfShellExecDisabled(), deprecated in 1.30, was removed. 4479* The type string for the parameter $lang of DateFormatter::getInstance, 4480 deprecated in 1.31, was removed. 4481* The EDIT_TOKEN_SUFFIX constant deprecated in 1.27, was removed. Use 4482 MediaWiki\Session\Token::SUFFIX instead. 4483* EditPage::isOouiEnabled() deprecated in 1.30, was removed. 4484* mw.util.wikiGetlink(), deprecated in 1.23, was removed. Use mw.util.getUrl() 4485 instead. 4486* (T61113) The following methods and constants from the Revision class, which 4487 were deprecated in 1.25, have now been removed: 4488 * Revision::getRawUser() 4489 * Revision::getRawUserText() 4490 * Revision::getRawComment() 4491* window.gM() from mediawiki.jqueryMsg, deprecated in 1.23, was removed. Use 4492 mw.msg() or mw.message() instead. 4493* mw.util.escapeId(), deprecated in 1.30, was removed. Use 4494 mw.util.escapeIdForAttribute or mw.util.escapeIdForLink instead. 4495* mw.util.updateTooltipAccessKeys(), deprecated in 1.24, was removed. Use 4496 jquery.accessKeyLabel instead. 4497* The SqlDataUpdate class, deprecated in 1.28, has been removed. 4498* The Html5Internal and Html5Depurate tidy driver classes were removed, along 4499 with the Balancer tidy implementation. Both implementations were experimental, 4500 and were replaced by RemexHtml. 4501* (T179624) Job::insert() and ::batchInsert(), deprecated in 1.21, were both 4502 removed. Use JobQueueGroup::singleton()->push() instead. 4503* The jquery.footHovzer module, for mediawiki.debug, was removed. 4504* The es5-shim module, empty and deprecated since 1.29, was removed. 4505* the dom-level2-shim module, empty and deprecated since 1.29, was removed. 4506* the json module, empty and deprecated since 1.29, was removed. 4507* The mediawiki.widgets.visibleByteLimit module alias, deprecated in 1.32, was 4508 removed. Use mediawiki.widgets.visibleLengthLimit instead. 4509* The jquery.farbtastic module, unused since 1.18, was removed. 4510* The 'jquery.expandableField' module, unused since 1.22, was removed. 4511* The hooks 'PreferencesFormPreSave' and 'PreferencesGetLegend' may provide 4512 any HTMLForm object rather than PreferencesForm. 4513* The non namespaced TimestampException class, deprecated in 1.29, was removed. 4514 Use Wikimedia\Timestamp\TimestampException instead. 4515* The global functions codepointToUtf8, hexSequenceToUtf8, utf8ToHexSequence, 4516 utf8ToCodepoint, and escapeSingleString (deprecated in 1.25) were removed. 4517 The UtfNormal\Utils class from the utfnormal library should be used instead. 4518* The deprecated UTF8_ and UNICODE_ constants were removed. The class constants 4519 from the UtfNormal\Constants class from the utfnormal library should be used 4520* The protected methods PHPSessionHandler::returnSuccess() and returnFailure(), 4521 only needed for PHP5 compatibility, have been removed. It now uses the boolean 4522 values `true` and `false` respectively. 4523* The $parserMemc global and wfGetParserCacheStorage(), deprecated since 1.30, 4524 were removed. Use the ParserCache class instead. 4525* ScopedCallback (deprecated in 1.28) was removed. Use Wikimedia\ScopedCallback 4526 instead. 4527* Support for ResourceLoaderModule::getModifiedTime() and getModifiedHash(), 4528 deprecated since 1.26, was removed. Use getDefinitionSummary() instead. 4529* (T195256) Skins are recommended not to rely on JavaScript for the "mw-jump" 4530 and "jump-to-nav" accessibility links. To this end, the "jquery.mw-jump" 4531 is no longer loaded by default. The Vector and MonoBook skins have made a 4532 minor change to implement the toggle feature with CSS instead. To restore 4533 prior functionality, either explicitly load "jquery.mw-jump" in your skin 4534 or refer to T195256 for details on how to make the same change. 4535* Hook 'EditPageBeforeEditChecks' was removed; 4536 use 'EditPageGetCheckboxesDefinition' instead. 4537* Linker::getLinkColour() and DummyLinker::getLinkColour(), deprecated since 4538 1.28, were removed. LinkRenderer::getLinkClasses() should be used instead. 4539* Wikimedia\Rdbms\LoadBalancer::getLaggedSlaveMode(), deprecated in 1.28, has 4540 been removed. Use Wikimedia\Rdbms\LoadBalancer::getLaggedReplicaMode() 4541 instead. 4542* mw.widgets.CategoryMultiselectWidget now uses TagMultiselectWidget instead of 4543 CapsuleMultiselectWidget. The following methods may no longer be used: 4544 * setItemsFromData: Use setValue instead 4545 * getItemsData: Use getItems instead and get the data property 4546* Two OutputPage methods, addMetadataLink() and getMetadataAttribute(), were 4547 removed. Use addLink() instead. 4548* Another two OutputPage methods, setPageTitleActionText() and 4549 getPageTitleActionText(), were removed. They did nothing since 1.15 (almost 4550 ten years). Use setHTMLTitle() directly. 4551* The return value of OutputPage::adaptCdnTTL() has been removed. The 4552 value returned was misleading and probably not what any caller would 4553 have wanted. 4554* All MagicWord static member variables have been removed. Use appropriate 4555 hooks or MagicWordFactory methods instead. 4556* MagicWord::clearCache() has been removed. Instead, create a new 4557 MagicWordFactory, such as by calling 4558 resetServiceForTesting( 'MagicWordFactory' ) on a MediaWikiServices. 4559* mw.util.init() has been removed. This function is not needed anymore and was 4560 a no-op function since 1.30. 4561* SpecialPageFactory::resetList() is a no-op. Call overrideMwServices() 4562 instead. 4563* MediaWiki no longer supports a StartProfiler.php file. Instead, you can set 4564 $wgProfiler and $wgEnableProfileInfo. 4565* The mw.loader.addSource() is now considered a private method, and no longer 4566 supports the `id, url` signature. Use the `Object` parameter instead. 4567* The backwards-compatibility code in HTMLForm to add a drop-down control to an 4568 option that is not set to be a drop-down if the "mw-chosen" class is present, 4569 is now removed. 4570* Several collations were removed. They were workarounds for bugs in the ICU 4571 library and they are no longer needed (as of ICU 57.1): 4572 * 'uppercase-se' (NorthernSamiUppercaseCollation) - use 'uca-se' instead 4573 * 'xx-uca-et' (CollationEt) - use 'uca-et' instead 4574 * 'xx-uca-fa' (CollationFa) - use 'uca-fa' instead 4575* LanguageCode::bcp47() now always returns a valid BCP 47 code. This means 4576 that some MediaWiki-specific language codes, such as `simple`, are mapped 4577 into valid BCP 47 codes (eg `en-simple`). 4578* The hooks 'SpecialRecentChangesFilters' & 'SpecialWatchlistFilters' deprecated 4579 in 1.23 were removed. Instead, use 'ChangesListSpecialPageStructuredFilters'. 4580 The ChangesListSpecialPage code for these legacy hooks, and their use in 4581 SpecialRecentchanges.php and SpecialWatchlist, was also removed: 4582 * ChangesListSpecialPage->getCustomFilters() 4583 * ChangesListSpecialPage->getFilterGroupDefinitionFromLegacyCustomFilters() 4584 * ChangesListSpecialPage::customFilters 4585* The global function wfUseMW, deprecated since 1.26, has now been removed. Use 4586 the "requires" property of static extension registration instead. 4587* $wgSpecialPages no longer accepts array syntax, deprecated since 1.18. 4588* The MailAddress constructor can no longer be called with a User object, 4589 behaviour which has been deprecated since 1.24. 4590* LBFactory, deprecated since 1.28, has been removed. Instead, use 4591 Wikimedia\Rdbms\LBFactory. 4592* The MimeMagic class, deprecated since 1.28 has been removed. Get a 4593 MimeAnalyzer instance from MediaWikiServices instead. 4594* The '--tidy' option to maintenance/parse.php has been removed. Tidying 4595 the output is now the default. Use '--no-tidy' to bypass the tidy 4596 phase. 4597* The global function wfErrorLog, deprecated since 1.25, has now been removed. 4598 Use MWLoggerLegacyLogger::emit or UDPTransport. 4599* The hooks 'SpecialRecentChangesQuery' & 'SpecialWatchlistQuery', deprecated in 4600 1.23, were removed. Instead, use ChangesListSpecialPageStructuredFilters or 4601 ChangesListSpecialPageQuery. 4602* The global function wfUsePHP, deprecated since 1.30, has now been removed. To 4603 assert a newer version of PHP than MediaWiki does, use extension registration. 4604* The hook 'ChangesListSpecialPageFilters', deprecated in 1.29, has now been 4605 removed. Use the 'ChangesListSpecialPageStructuredFilters' hook instead. 4606* DeferredUpdates::setImmediateMode(), deprecated since 1.29, has been removed. 4607* File / MediaHandler::getStreamHeaders(), deprecated since 1.30, was removed. 4608* The hook 'DoEditSectionLink', deprecated since 1.25, has been removed. Use 4609 the hook 'SkinEditSectionLinks' instead. 4610* The hook 'UserGetImplicitGroups', deprecated since 1.25, has been removed. 4611* The global function wfRunHooks, deprecated since 1.25, has now been removed. 4612 Use Hooks::run(). 4613* The hook 'UnknownAction', deprecated since 1.19, has now been removed. 4614* The hook 'ParserLimitReport', deprecated since 1.22, has been removed. Use 4615 the hooks 'ParserLimitReportPrepare' and 'ParserLimitReportFormat' instead. 4616* The following deprecated API methods have been removed: 4617 * ApiBase::profileIn() (deprecated in 1.25) 4618 * ApiBase::profileOut() (deprecated in 1.25) 4619 * ApiBase::safeProfileOut() (deprecated in 1.25) 4620 * ApiBase::profileDBIn() (deprecated in 1.25) 4621 * ApiBase::profileDBOut() (deprecated in 1.25) 4622 * ApiBase::dieUsage() (deprecated in 1.29) 4623 * ApiBase::dieUsageMsg() (deprecated in 1.29) 4624 * ApiBase::dieUsageMsgOrDebug() (deprecated in 1.29) 4625 * ApiBase::getErrorFromStatus() (deprecated in 1.29) 4626 * ApiBase::parseMsg() (deprecated in 1.29) 4627 * ApiBase::setWarning() (deprecated in 1.29) 4628 * ApiPageSet::getInvalidTitles() (deprecated in 1.26) 4629 * ApiQueryLogEvents::addLogParams() (deprecated in 1.25) 4630 * ApiUsageException::getCodeString() (deprecated in 1.29) 4631 * ApiUsageException::getMessageArray() (deprecated in 1.29) 4632* Class UsageException, deprecated in 1.29, has been removed. 4633* MediaWiki no longer has a 'JavaScript-powered' wikitext toolbar built in. The 4634 old "bulletin board style toolbar", known as "the 2006 wikitext editor", has 4635 been removed, and instead sysadmins will be required to choose one (or more) 4636 of the several extensions available for this purpose if they need the 4637 functionality. The MediaWiki "tarball" releases have included the replacement 4638 extension for this, the WikiEditor extension aka "the 2010 wikitext editor", 4639 for many years now. As part of this, several parts of MediaWiki have been 4640 removed or simplified: 4641 * The user option 'showtoolbar' (shown as "Show edit toolbar") is no longer 4642 available; if an extension adds a toolbar via the EditPageBeforeEditToolbar 4643 hook, it will be shown; extensions should provide a specific user preference 4644 to disable themselves as needed. 4645 * The public methods Language::getImageFile() and ::getImageFiles(), and the 4646 related specification of $imageFiles within individual languages' code file, 4647 as well as the referenced static media assets, all of which were only used 4648 inside MediaWiki itself for providing the icons for the old toolbar, have 4649 been removed without explicit deprecation. 4650 * The internal ResourceLoader module "mediawiki.toolbar", which is unused 4651 except by MediaWiki itself and back-compatibility code, has been removed. 4652 * The internal ResourceLoaderEditToolbarModule class has been removed. 4653 4654=== Deprecations in 1.32 === 4655* HTMLForm::setSubmitProgressive() is deprecated. No need to call it. Submit 4656 button is already marked as progressive. 4657* Skin::setupSkinUserCss() is deprecated. Adding of modules to load 4658 has been centralised to Skin::getDefaultModules(), which is now capable 4659 of queueing style modules as well. 4660* OutputPage::addModuleScripts() and ParserOutput::addModuleScripts are 4661 deprecated. Use addModules() instead. 4662* Overriding SearchEngine::{searchText,searchTitle,searchArchiveTitle} 4663 in extending classes is deprecated. Extend related doSearch* methods 4664 instead. 4665* The following 'mediawiki.api' plugin modules were merged into mediawiki.api 4666 and deprecated: mediawiki.api.category, mediawiki.api.edit, 4667 mediawiki.api.login, mediawiki.api.options, mediawiki.api.parse, 4668 mediawiki.api.upload, mediawiki.api.user, mediawiki.api.watch, 4669 mediawiki.api.messages, and mediawiki.api.rollback. 4670* ApiBase::truncateArray() is deprecated. No replacement, as nothing is known 4671 to use it. 4672* WatchAction::getUnwatchToken is deprecated. Use WatchAction::getWatchToken 4673 with the 'unwatch' action parameter instead. 4674* IcuCollation::getICUVersion() is deprecated, as you can just use the PHP 4675 constant INTL_ICU_VERSION directly in all versions that MediaWiki supports. 4676* Parser::fetchFile() is deprecated. Use ::fetchFileAndTitle() instead. 4677* The ApiQueryContributions class has been renamed to ApiQueryUserContribs. 4678* The XMPInfo, XMPReader, and XMPValidate classes have been deprecated in favor 4679 of the namespaced classes provided by the wikimedia/xmp-reader library. 4680* SearchResultSet::{next,rewind} are deprecated. Calling code should 4681 use foreach on the SearchResultSet, or the extractResults method. Extending 4682 code should override extractResults. 4683* Instantiating SearchResultSet directly is deprecated. SearchEngine 4684 implementations must subclass SearchResultSet for their purposes. 4685* SearchResult::setExtensionData argument has been changed from accepting an 4686 array to accepting a Closure that returns the array when called. 4687* Class CryptRand, everything in MWCryptRand except generateHex() and function 4688 MediaWikiServices::getInstance()->getCryptRand() are deprecated, use 4689 random_bytes() to generate cryptographically secure random byte sequences. 4690* Parser::getConverterLanguage() is deprecated. Use ::getTargetLanguage() 4691 instead. 4692* Language::markNoConversion() is deprecated. It confused readers because 4693 it had unexpected behavior (only marking text if it looked like a URL) 4694 and was only used in a single place in the code. Use 4695 LanguageConverter::markNoConversion() instead. 4696* (T197492) Language::truncate() was soft deprecated in 1.31 and is 4697 hard deprecated in this release. It has been split into two similar 4698 methods, Language::truncateForVisual() and Language::truncateForDatabase(), 4699 which measure length in characters and bytes, respectively. Use 4700 Language::truncateForVisual() when possible to provide equity to users 4701 of multibyte scripts. 4702* (T176526) EditPage::getContextTitle() falling back to $wgTitle when the 4703 context title is unset is now deprecated; anything creating an EditPage 4704 instance should set the context title via ::setContextTitle(). 4705* The 'jquery.hidpi' module (polyfill for IMG srcset) is deprecated. 4706* ResourceLoaderStartUpModule::getStartupModules() and ::getLegacyModules() 4707 are deprecated. These concepts are obsolete and have no replacement. 4708* String type for $lang of DifferenceEngine::setTextLanguage is deprecated. 4709* The following methods of OutputPage are now deprecated in favour 4710 of using showFatalError directly: OutputPage::showFileDeleteError() 4711 OutputPage::showFileNotFoundError(), OutputPage::showFileRenameError() 4712 OutputPage::showFileCopyError() and OutputPage::showUnexpectedValueError(). 4713* The Replacer, DoubleReplacer, HashtableReplacer, and RegexlikeReplacer 4714 classes are now deprecated. Use a Closure instead. 4715* (T194263) ContentHandler::makeParserOptions() is deprecated. Use 4716 WikiPage::makeParserOptions() or ParserOptions::newCanonical() instead. 4717* (T100681) Use of the Parsoid v1 API with the VirtualRESTService, deprecated in 4718 MediaWiki 1.26, is now hard-deprecated. All known clients were converted to 4719 the Parsoid v3 API in May 2015. 4720* $input is deprecated in hook 'LogEventsListGetExtraInputs'. Use 4721 $formDescriptor instead. 4722* SearchEngine::transformSearchTerm( $term ) should no longer be called prior 4723 to running searchText. This method was mainly implemented to support the 4724 'prefix' URI param in SpecialSearch, but there are no reasons to expose this 4725 logic as it should be handled internally by SearchEngine implementations 4726 supporting this feature. SearchEngine implementations should no longer 4727 override this methods. 4728* SearchEngine::replacePrefixes( $query ) should no longer be called prior 4729 to running searchText/searchTitle. 4730* (T199657) Messages for $wgFilterLogTypes labels should be no longer be in the 4731 'log-show-hide-[type]' format. Instead use 'logeventslist-[type]-log'. 4732* Global functions wfArrayFilter() and wfArrayFilterByKey() are deprecated. 4733 use array_filter() directly. 4734* The $wgShowSQLErrors global is deprecated and nonfunctional. 4735 Set $wgShowExceptionDetails and/or $wgShowHostnames instead. 4736* The $wgShowDBErrorBacktrace global is deprecated and nonfunctional. 4737 Set $wgShowExceptionDetails instead. 4738* Public access to the DifferenceEngine properties mOldid, mNewid, mOldRev, 4739 mNewRev, mOldPage, mNewPage, mOldContent, mNewContent, mRevisionsLoaded, 4740 mTextLoaded and mCacheHit is deprecated. Use getOldid() / getNewid() / 4741 getOldRevision() / getNewRevision() for the first four (note that the 4742 revision ones return a RevisionRecord, not a Revision), do your own lookup 4743 for page/content. 4744* The $wgExternalDiffEngine value 'wikidiff2' is deprecated. To use wikidiff2 4745 just enable the PHP extension, and it will be autodetected. 4746* (T194731) DifferenceEngine properties mOldContent and mNewContent and methods 4747 setContent(), generateContentDiffBody(), generateTextDiffBody() and textDiff() 4748 are deprecated. To interact with a single slot, use a SlotDiffRenderer (and 4749 subclass it to customize diff rendering); to diff custom (e.g. unsaved) 4750 content, use setRevisions(). Subclassing DifferenceEngine should only be done 4751 to customize page-level diff properties (such as the navigation header). 4752* The wfUseMW function, soft-deprecated in 1.26, is now hard deprecated. 4753* All MagicWord static methods are now deprecated. Use the MagicWordFactory 4754 methods instead. 4755* PasswordFactory::init is deprecated. To get a password factory with the 4756 standard configuration, use 4757 MediaWikiServices::getInstance()->getPasswordFactory. 4758* $wgContLang is deprecated, use 4759 MediaWikiServices::getInstance()->getContentLanguage() instead. 4760* $wgParser is deprecated, use MediaWikiServices::getInstance()->getParser() 4761 instead. 4762* wfGetMainCache() is deprecated, use ObjectCache::getLocalClusterInstance() 4763 instead. 4764* wfGetCache() is deprecated, use ObjectCache::getInstance() instead. 4765* All SpecialPageFactory static methods are deprecated. Instead, call the 4766 methods on a SpecialPageFactory instance, which may be obtained from 4767 MediaWikiServices. 4768* mw.user.stickyRandomId was renamed to the more explicit 4769 mw.user.getPageviewToken to better capture its function. 4770* Passing Revision objects to ContentHandler::getUndoContent() is deprecated, 4771 Content object should be passed instead. 4772* (T197179) Parameters 'notice', 'notice-messages', 'notice-message', 4773 previously used by OOUI HTMLForm fields, are now deprecated. Use 4774 'help', 'help-message', 'help-messages' instead. 4775* (T197179) HTMLFormField::getNotices() is now deprecated. 4776* The jquery.localize module is now deprecated. Use jquery.i18n instead. 4777* The SecondaryDataUpdates hook was deprecated in favor of RevisionDataUpdates, 4778 or overriding ContentHandler::getSecondaryDataUpdates (T194038). 4779* The WikiPageDeletionUpdates hook was deprecated in favor of 4780 PageDeletionDataUpdates, or overriding ContentHandler::getDeletionDataUpdates 4781 (T194038). 4782* Content::getSecondaryDataUpdates has been deprecated in favor of 4783 ContentHandler::getSecondaryDataUpdates() for overriding by extensions 4784 (T194038). 4785 Application logic should call WikiPage::doSecondaryDataUpdates() (T194037). 4786* Content::getDeletionUpdates has been deprecated in favor of 4787 ContentHandler::getDeletionUpdates() for overriding by extensions (T194038). 4788 Application logic should call WikiPage::doSecondaryDataUpdates() (T194037). 4789* (T198214) Old Tidy-related configuration settings, which were soft-deprecated 4790 in MediaWiki 1.26, have now been hard deprecated. This affects $wgUseTidy, 4791 $wgTidyBin, $wgTidyConf, $wgTidyOpts, $wgTidyInternal, and $wgDebugTidy. Use 4792 $wgTidyConfig instead. 4793* All Tidy configurations other than Remex have been hard deprecated; 4794 future parsers will not emit compatible output for these configurations. 4795 In particular, running MediaWiki with tidy disabled has been deprecated. 4796* (T198214) OutputPage::addWikiText(), OutputPage::addWikiTextWithTitle(), 4797 and OutputPage::addWikiTextTitle() have been deprecated, since they 4798 can result in untidy output. In addition OutputPage::addWikiTextTidy() 4799 and OutputPage::addWikiTextTitleTidy() was deprecated to make naming new 4800 methods consistent. Use OutputPage::addWikiTextAsInterface() or 4801 OutputPage::addWikiTextAsContent() instead, which ensures the output is 4802 tidy and clarifies whether content-language specific postprocessing should 4803 be done on the text. 4804* OutputPage::parse() and OutputPage::parseInline() have been deprecated 4805 due to untidy output and inconsistent handling of wrapper divs and 4806 interface/content language defaults. Use OutputPage::parseAsContent(), 4807 OutputPage::parseAsInterface(), or OutputPage::parseInlineAsInterface() 4808 as appropriate. 4809* QuickTemplate::msgHtml() and BaseTemplate::msgHtml() have been deprecated 4810 as they promote bad practises. I18n messages should always be properly 4811 escaped. 4812* Skin::getDynamicStylesheetQuery() has been deprecated. It always 4813 returns action=raw&ctype=text/css which callers should use directly. 4814* Class LegacyFormatter is deprecated. 4815* Use of CommentStore::insertWithTempTable() with 'img_description' is 4816 deprecated. Use CommentStore::insert() instead. 4817* Language::setCode is deprecated as public function. Use Language::factory 4818 to create a new Language object with a different language code. 4819* Several classes have been moved from the MediaWiki\Storage\ namespace to the 4820 MediaWiki\Revision\ namespace. The old class names are aliased for 4821 compatibility, but are deprecated. Classes are IncompleteRevisionException, 4822 MutableRevisionRecord, MutableRevisionSlots, RevisionAccessException, 4823 RevisionArchiveRecord, RevisionFactory, RevisionLookup, RevisionRecord, 4824 RevisionSlots, RevisionStore, RevisionStoreRecord, SlotRecord, and 4825 SuppressedDataException. 4826* When using OOUI HTMLForm containing an 'info' field which uses the 'rawrow' 4827 option, it is now deprecated to give its contents (the 'default' option) 4828 as a string. They should be given as a OOUI\FieldLayout object instead. 4829 Notably, this affects fields defined in the 'GetPreferences' hook, because 4830 Special:Preferences uses an OOUI form now. (If possible, don't use 'rawrow'.) 4831* In Skin::doEditSectionLink omitting the parameters $tooltip and $lang is 4832 deprecated. For the $lang parameter, types other than Language are 4833 deprecated. 4834* The $wgUseKeyHeader configuration option and the 4835 OutputPage::getKeyHeader() method have been deprecated; the relevant 4836 draft IETF spec expired without becoming a standard. 4837* Deprecated API action=query&prop=info inprop=readable in favor of 4838 intestactions=read. 4839 4840=== Other changes in 1.32 === 4841* (T198811) The following tables have had their UNIQUE indexes turned into 4842 proper PRIMARY KEYs for increased maintainability: interwiki, page_props, 4843 protected_titles and site_identifiers. 4844* OOUI HTMLForm will now display help text inline after the input field, 4845 rather than in a popup. Previous behavior can be restored by using 4846 `'help-inline' => false`. 4847* The archive table's ar_rev_id field is now unique. 4848* Special:BotPasswords now requires reauthentication. 4849* (T174023) Multi-Content Revision (MCR) capabilities were introduced into the 4850 storage layer and have basic support for display. No user interface exists 4851 yet for creating or managing content in slots beides the main slot. See 4852 <https://www.mediawiki.org/wiki/Multi-Content_Revisions> for more 4853 information. 4854* The image_comment_temp database table has been removed. Since all access 4855 should be mediated by the CommentStore class, this change shouldn't affect 4856 external code. 4857* (T206147) Database::close() will no longer commit any open transactions. 4858* (T64103) Dropped columns category.cat_hidden, site_stats.ss_admins, and 4859 recentchanges.rc_cur_time from the PostgreSQL schema. 4860 4861= MediaWiki 1.31 = 4862 4863== MediaWiki 1.31.15 == 4864 4865This is a security and maintenance release of the MediaWiki 1.31 branch. 4866 4867=== Changes since MediaWiki 1.31.14 === 4868* (T270988) Fixup issues in SpecialChangeContentModel.php. 4869* (T278026) rdbms: Add DB_PRIMARY to replace DB_MASTER. 4870* (T276945) Define a batch size in maintenance/manageJobs.php. 4871* (T276945) Implement JobQueueDB::getAllAbandonedJobs. 4872* (T281549) WebInstaller: Don't show the announce-l subscribe 4873 checkbox temporarily. 4874* (T283247) Freenode -> Libera per wikimedia moving from 4875 freenode to libera. 4876* (T280226, CVE-2021-35197) SECURITY: Prevent blocked users from 4877 purging pages. 4878 4879== MediaWiki 1.31.14 == 4880 4881This is a maintenance release of the MediaWiki 1.31 branch. 4882 4883=== Changes since MediaWiki 1.31.13 === 4884* Make Title implement IDBAccessObject. 4885 4886== MediaWiki 1.31.13 == 4887 4888This is a security and maintenance release of the MediaWiki 1.31 branch. 4889 4890=== Changes since MediaWiki 1.31.12 === 4891* (T115436) resourceloader: CSSMin::getLocalFileReferences now strips 4892 anchors. 4893* Updating php-parallel-lint/php-parallel-lint (0.9.2 => 1.0.0). 4894* Updating mediawiki/codesniffer (19.1.0 => 19.4.0). 4895* DefaultSettings.php: Update $wgPingback documentation. 4896* PHPVersionCheck: The PHP Group only supports PHP >= 7.3.0. 4897* (T275261) Escape wikitext in the title in invalid title error messages. 4898* (T277009, CVE-2021-30158) SECURITY: Allow blocked users to access 4899 Special:ResetTokens. 4900* pageExist.php: Output trailing newlines. 4901* (T278058, CVE-2021-30157) SECURITY: Escape rcfilters-filter-* messages 4902 on ChangesList pages. 4903* (T277414) HTMLFormField: Use non namespaced class name rather than 4904 static::class. 4905* (T268230) Switch to new MediaWiki logo by Serhio Magpie. 4906* (T271735) Expand config-pingback-help, link to privacy policy in 4907 config-pingback. 4908* Fix documentation of user-global in $wgRateLimits. 4909* BackupDumper: Add -o as shortcode for --output. 4910* (T278014, CVE-2021-30154) SECURITY: Escape mediastatistics-header-* 4911 messages on Special:NewFiles. 4912* (T270713, CVE-2021-30152) SECURITY: Allow user to only apply protection 4913 they have right to do so via action=protect. 4914* (T272386, CVE-2021-30159) SECURITY: Non-admin deleted enwiki page in 4915 fast double move. 4916* (T270988, CVE-2021-30155) SECURITY: ContentModelChange: Check that user 4917 can create pages. 4918* (T276843, CVE-2021-20270, CVE-2021-27291) SECURITY: 4919 SyntaxHighlight_GeSHi: Various lexers have been disabled due to DoS 4920 vectors. 4921 4922== MediaWiki 1.31.12 == 4923 4924This is a maintenance release of the MediaWiki 1.31 branch. 4925 4926=== Changes since MediaWiki 1.31.11 === 4927* Fixed issues relating to User::isRegistered() not existing in 1.31. 4928 4929== MediaWiki 1.31.11 == 4930 4931This is a security and maintenance release of the MediaWiki 1.31 branch. 4932 4933=== Changes since MediaWiki 1.31.10 === 4934* Fix undefined $wgRedirectOnLogin. 4935* (T251661, T265313) CentralIdLookup::factoryNonLocal can return null. 4936* (T263592) media: Fix case of FlashPixVersion in 4937 FormatMetadata::makeFormattedData(). 4938* (T265223) BaseTemplate: Guard against passing zero arg to array_merge(). 4939* (T266418) composer.json: add requirement for composer-plugin-api ^1.1. 4940* (T260631, T260633), BotPassword::save() now returns a Status object for the 4941 result rather than a bool. The length of the bot password grants and 4942 restriction fields are now validated, and an error will be thrown if it 4943 would be truncated by the database. 4944* (T264536, T233012) SectionProfiler: Do not attempt to use null values as 4945 arrays. 4946* (T269178) MemcachedClient: Cast Resource to integer. 4947* (T268917, CVE-2020-35475) SECURITY: Use Xml::element in SpecialUserrights for 4948 sanity. 4949* (T268938, CVE-2020-35479) SECURITY: BlockLogFormatter can output raw html. 4950* (T205908, CVE-2020-35477) SECURITY: Unable to change visibility of log entries 4951 when MediaWiki:Mainpage uses Special:MyLanguage. 4952* (T120883, CVE-2020-35480) SECURITY: Divergent behavior for contributions and 4953 user pages of hidden users and missing users. 4954 4955== MediaWiki 1.31.10 == 4956 4957This is a maintenance release of the MediaWiki 1.31 branch. 4958 4959=== Changes since MediaWiki 1.31.9 === 4960* Fixed issues relating to backporting of changes for T260485. 4961 4962== MediaWiki 1.31.9 == 4963 4964This is a security and maintenance release of the MediaWiki 1.31 branch. 4965 4966=== Changes since MediaWiki 1.31.8 === 4967* In the web installer, use secure session cookies. 4968* (T257207) shell: Expand documentation in firejail.profile. 4969* Added $wgForceHTTPS, which makes the HTTP to HTTPS redirect be unconditional 4970 and suppresses various hacks needed to support mixed HTTP/HTTPS wikis. We 4971 recommend this be set to true on pure HTTPS wikis. 4972* Added $wgCookieSameSite, which allows login cookies to be sent with 4973 SameSite=None. This is required for cross-site CentralAuth autologin after 4974 Chrome 84. 4975* Added $wgUseSameSiteLegacyCookies, which adds a compatibility hack to 4976 SameSite=None cookies for browsers which implemented an incompatible draft 4977 version of the specification. 4978* (T191537) Disable WebResponse setters for post-send processing. 4979* (T198525) WebReponse: Use values altered in 'WebResponseSetCookie' hook. 4980* Fix runBatchedQuery.php for no result from select. 4981* (T130906) Add Edge to MediaWiki:Clearyourcache. 4982* Use IPset in MWRestrictions::checkIP. 4983* (T260031) Add application/font-sfnt to MimeMap for ttf files. 4984* shell: Make ->restrict( RESTRICT_NONE ) actually work. 4985* (T183759) Fixes shell edge-cases in Windows. 4986* (T258390) Add CentralIdLookup::factoryNonLocal(). 4987* (T246991) User: Fix pingLimiter() to use makeGlobalKey() for global rate 4988 limits. 4989* (T251661, CVE-2020-25827) SECURITY: User::pingLimiter: add user-global rate 4990 limit type. 4991* (T246991) User: enforce pingLimiter() expiry time. 4992* (T260232) don't include null page ids in query list for category dumps. 4993* (T251506) Sanitizer: Truncate IDs to a reasonable length. 4994* Explicitly wrap some XML calls in libxml_disable_entity_loader(). 4995* (T263455 T247285) Set EnableJavaScriptTest to true in 4996 includes/DevelopmentSettings.php. 4997* (T232568, CVE-2020-25813) SECURITY: Special:UserRights exposes the existence 4998 of hidden users. 4999* (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking 5000 firejail's --output functionality. 5001* (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and 5002 'style' attribute. 5003* (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in 5004 mw.message( ... ).parse(). 5005* (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct 5006 database. 5007* (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used. 5008 5009== MediaWiki 1.31.8 == 5010 5011This is a security and maintenance release of the MediaWiki 1.31 branch. 5012 5013=== Changes since MediaWiki 1.31.7 === 5014* (T199809) Don't invalidate BotPasswords if a password reset email is sent. 5015* (T247017) PasswordReset performance improvements. 5016* (T250568) Work around change in SimpleXMLElement behavior introduced in PHP 5017 7.3.17. 5018* Remove some rotten and out of date documentation. 5019* (T252311) Improvements to some older SQLite update patches. 5020* (T240307) Minor fixes to extension.schema.v2.json and 5021 extension.schema.v1.json. 5022* (T199474) Set rc_patrolled to 2 for autopatrolled changes in 5023 rebuildrecentchanges.php. 5024* (T229461) Update the change_tag table in rebuildrecentchanges.php. 5025* (T206476) Call ob_start() before running tests. 5026* (T234450) Per-user concurrency in SpecialContributions can now be limited by 5027 setting $wgPoolCounterConf['SpecialContributions'] appropriately. 5028* (T248947) SECURITY: img_auth.php may leak private extension images into the 5029 public cache. 5030 5031== MediaWiki 1.31.7 == 5032 5033This is a security and maintenance release of the MediaWiki 1.31 branch. 5034 5035=== Changes since MediaWiki 1.31.6 === 5036* (T193565, T234022) Re-add DB domain sanity checks to LoadBalancer. 5037* Use proper SemVer comparison in CheckComposerLockUpToDate. 5038* (T212738) Add the MW_VERSION constant, global $wgVersion is soft deprecated. 5039* Update comment about PHP versions supported by The PHP Group. 5040* (T247215) Fix output of RecountCategories::doWork(). 5041* Add check for page existence to view.php maintenance script. 5042* (T247580) Disable some broken Selenium tests. 5043* (T236509) SECURITY: Fix HTML escaping in UserGroupMembership::getLink(). 5044* (T246602) SECURITY: jquery.makeCollapsible allows applying event handler to 5045 any CSS selector. 5046 5047== MediaWiki 1.31.6 == 5048 5049This is a security and maintenance release of the MediaWiki 1.31 branch. 5050 5051=== Changes since MediaWiki 1.31.5 === 5052* (T181658) Do not insert page titles into querycache.qc_value. 5053* (T206013) Suppress errors when reading invalid XML file properties. 5054* (T237931) Remove references to pg_attrdef.adsrc in Postgres code. 5055* Use correct value for 'sslmode' in DatabasePostgres. 5056* (T232866) Fix support for HTTP/2 in MultiHttpClient. 5057* (T227461) Stop calling deprecated Redis delete functions. 5058* (T239561) Mark options as requiring parameters in addSite.php. 5059* (T239734) Replace deprecated lSize with lLen in Redis code. 5060* (T192134) SECURITY: Do not allow user scripts on Special:PasswordReset. 5061* (T239428) ApiEditPage: Test for bad redirect targets. 5062* (T233342) rdbms: Log debug message traces as 'exception.trace' instead of 5063 'trace'. 5064* (T226751) media: Log and fail gracefully on invalid EXIF coordinates. 5065* (T212067) Work around PHP bug in parse_url. 5066 5067== MediaWiki 1.31.5 == 5068 5069This is a maintenance release of the MediaWiki 1.31 branch. 5070 5071=== Changes since MediaWiki 1.31.4 === 5072* Fix extra newlines in installer. 5073* Followup T230402, PermissionManager doesn't exist until 1.33, so fix the 5074 backported patches to use User::isAllowed() instead. 5075 5076== MediaWiki 1.31.4 == 5077 5078This is a security and maintenance release of the MediaWiki 1.31 branch. 5079 5080=== Changes since MediaWiki 1.31.3 === 5081* (T207100) Updated LanguageTr for dotted and dotless I in PHP 7.3. 5082* The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification 5083 of headers in private wikis. 5084* (T230402) SECURITY: Add permission check for suppressed account to 5085 Special:Redirect. 5086* Add helper for HTTPFileStreamer header syntax. 5087* (T118799) Fix XMP parser errors due to trailing nullchar. 5088* (T233119) Improve documentation for the MinimumPasswordLengthToLogin policy. 5089* (T202183) Give more specific error messages on Special:Redirect. 5090* Cache redirects from Special:Redirect. 5091* (T231386) dispatchUser() should use a 302 http status code. 5092* (T227662) Split down patch-comment-table.sql and patch-actor-table.sql into 5093 separate files to help allieviate potential migration problems. 5094* Make SQLite's patch-add-3d.sql a no-op to prevent clobbering other database 5095 updates. 5096 5097== MediaWiki 1.31.3 == 5098 5099This is a maintenance release of the MediaWiki 1.31 branch. 5100 5101=== Changes since MediaWiki 1.31.2 === 5102* (T225558) Update installer link to PHP intl. 5103* (T225496) Detect APC for MainCacheType in CLI installer. 5104* (T226766) Remove jetbrains/phpstorm-stubs from composer dev dependencies. 5105* (T202211) Fix SQLite patch-(image|page|template)links-fix-pk.sql column order. 5106 5107== MediaWiki 1.31.2 == 5108 5109This is a security and maintenance release of the MediaWiki 1.31 branch. 5110 5111Required PHP version has been increased from 7.0.0 to 7.0.13. 5112 5113=== Changes since MediaWiki 1.31.1 === 5114* (T204729) WatchedItemStore::countVisitingWatchersMultiple() shouldn't query 5115 all titles when asked for none. 5116* (T205967) Fix syntax error typo in postgres database upgrade file. 5117* (T200254) Add pear/Net_SMTP 1.7.3 to composer dependencies. 5118* (T206765) Load installer i18n when running update.php. 5119* (T109121) Remove deprecated pear/mail_mime-decode from composer suggested 5120 libraries. 5121 [Also in the bundled composer /vendor directory.] 5122* Various PHP 7.2 and 7.3 compatibility fixes: 5123 * (T200595, T206974) Fix PHP 7.3 warnings of using "continue" in some 5124 scenarios instead of "break". 5125 * (T206976, T206977) Also in the bundled LocalisationUpdate and 5126 ParserFunctions extensions. 5127 * (T206979) Fix PHP 7.3 warnings of using "compact()" when some variables may 5128 not be set. 5129 * (T215632) FormatMetadata and UploadStash regexes fixed to be PHP 5130 7.3-compatible. 5131 * Fix PHP warnings "preg_replace(): [...] invalid range in character class. 5132 * Avoid PHP 7.2 warnings in DBConRefTest about count() on non-Countable. 5133 * Suppress "Headers already sent" in PHP 7.2 too. 5134 * (T206476) Output only to stderr in unit tests. 5135 * (T207112) Add session_write_close() calls to SessionManager tests. 5136 * oyejorge/less.php replaced with our fork wikimedia/less.php 5137 * (T209756) Updated wikimedia/ip-set from 1.2.0 to 1.3.0. 5138 * (T213489) Avoid session double-start in Setup.php. 5139 * (T206975) Switch to our fork of less.php. 5140* (T207540) Include IP address in "Login for $1 succeeded" log entry. 5141* (T201781) Database: Allow selectFieldValues() to accept SQL fragments. 5142* (T205765) installer: Don't link to the obsolete "Extension Matrix" page. 5143* (T206013) Update ImportableUploadRevisionImporter for interwiki usernames. 5144* (T207541) Pass an email address, not a MailAddress, to mail(). 5145* (T207603) SECURITY: User JS may no longer be loaded with mime type 5146 text/javascript if there is no account associated with the username. 5147* (T112937, T113042) SECURITY: Do not allow loading pages raw with a 5148 text/javascript MIME 5149 type if non-admins can edit the page. 5150* (T17491) <ins>/<del> elements can be phrasing or flow. 5151* (T200827) RemexCompatMunger: Don't call endTag() in case B/b 5152* (T207088) Upgrade wikimedia/remex-html to 2.0.1. 5153 [Also in the bundled composer /vendor directory.] 5154* (T194052) Updated wikimedia/base-convert from 1.0.1 to 2.0.0. 5155 [Also in the bundled composer /vendor directory.] 5156* (T199494) Fix notices in maintenance/removeUnusuedAccounts.php. 5157* Require ext-fileinfo in composer.json, per PHPVersionCheck. 5158* (T176390) Bundled LocalisationUpdate extension: Handle exceptions from 5159 GitHubFetcher. 5160* (T208255) Completion search should not change the search query. 5161* (T209870) Fix SQL syntax error in MS-SQL initialisation file for new wikis. 5162* (T185049) LogFormatter: Fail softer when trying to link an invalid titles. 5163* (T210998) Properly set $wgLanguageCode in the generated LocalSettings.php 5164 if --lang is used with the command-line installer (install.php). 5165* (T211061) ImageListPager: Actor migration for buildQueryConds(). 5166* (T209335) Clarify the default sidebar 'Help' link is about MediaWiki itself. 5167* Fix addition of ug_expiry column to user_groups table on MSSQL. 5168* (T204767) Add join conditions to ActiveUsersPager. 5169* (T210621) User: Bypass repeatable-read when creating an actor_id. 5170* (T204531) rdbms: reduce LoadBalancer replication log spam. 5171* (T195525) Fix db error outage page. 5172* (T208871) The hard-coded Google search form on the database error page was 5173 removed. 5174* (T176097) Fix flaky MessageBlobStoreTest assertion failures. 5175* (T209423) Update required PHP version to 7.0.13. 5176* (T209885) Prevent populateSearchIndex.php from breaking once actor migration 5177 has been started. 5178* (T216968) Return pageid as int in both list=iwbacklinks and 5179 list=langbacklinks. 5180* (T215169) Fix for Database::update() with IGNORE option fails on PostgreSQL. 5181* (T204423) Backport support for hyphenated DB names in JobQueueGroup. 5182* (T199474) Fix typo in rebuildrecentchanges.php resulting in rogue flags. 5183* (T218608) SECURITY: Fix an issue that prevents Extension:OAuth working when 5184 $wgBlockDisablesLogin is true. 5185* (T216029) Chrome redirects to Special:BadTitle after editing a section with 5186 a non-Latin name on a page with non-Latin characters in title. 5187* (T219728) Added support for new Japanese era name "Reiwa". 5188* (T25227) SECURITY: action=logout now requires to be posted and have a csrf 5189 token. 5190* Updated cssjanus/cssjanus from 1.2.0 to 1.3.0. 5191* (T222385) resourceloader: Use AND instead of OR for upsert conds in 5192 saveFileDependencies(). 5193* (T224374) Fix message parameters so that the message that says SQLite is out 5194 of date makes sense. 5195* SpecialPage::checkLoginSecurityLevel() will now preserve POST data when 5196 reauthenticating. 5197* FormSpecialPage::execute() will now call checkLoginSecurityLevel() if 5198 getLoginSecurityLevel() returns non-false. 5199* (T197279) SECURITY: Fix reauth in Special:ChangeEmail. 5200* (T208881) SECURITY: blacklist CSS var(). 5201* (T209794) SECURITY: rate-limit and prevent blocked users from changing email. 5202* (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block. 5203* (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query. 5204* (T222036, T222038) SECURITY: Add permission check for user is permitted to 5205 view the log type. 5206* (T221739) SECURITY: resources: Patch jQuery 3.2.1 for CVE-2019-11358. 5207 5208== MediaWiki 1.31.1 == 5209 5210This is a security and maintenance release of the MediaWiki 1.31 branch. 5211 5212=== Changes since MediaWiki 1.31.0 === 5213* (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides 5214 'newbie'. 5215* (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's 5216 account lock. 5217* (T199029, CVE-2018-13258) SECURITY: Tarball was missing .htaccess files. 5218* (T197229) Bundle Nuke extension, it was accidentally omitted. 5219* (T193995) Fix undefined patchPath() method call in parser tests. 5220* (T198687) Fix various selectFields methods to use the string 'NULL', not null. 5221* Special:BotPasswords now requires reauthentication. 5222* (T191608, T187638) Add 'logid' parameter to Special:Log. 5223* (T193829) Indicate when a Bot Password needs reset. 5224* (T198037) GitInfo: Don't try shelling out if it's disabled. 5225* (T151415) Log email changes. 5226* (T197206) Fix performance regression when multiple DB used without caching. 5227* (T197030) PHPSessionHandler: Suppress headers warnings in initialize(). 5228* (T182377, T196793) Exif: Guard against uncountable tag values. 5229* (T200861) Fix total breakage of SQLite web upgrade. 5230* (T200864) Fix pingback over-reporting on non-MySQL databases 5231* (T202550) Unbreak SpecialListusersHeaderForm and SpecialListusersHeader 5232 hooks. 5233 5234== MediaWiki 1.31.0 == 5235 5236=== Changes since MediaWiki 1.31.0-rc.2 === 5237* (T195783) Initialize PSR-4 namespaces at same stage as normal autoloader. 5238* (T196092) Hide MySQL binary/utf-8 charset option in the installer. 5239* (T196185) Don't allow setting $wgDBmysql5 in the installer. 5240* (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported. 5241* (T182366) UploadBase::checkXMLEncodingMissmatch() now works on PHP 7.1+ 5242* (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete 5243 hook. 5244* (T196672) The mtime of extension.json files is now able to be zero 5245* (T180403) Validate $length in padleft/padright parser functions. 5246* (T143790) Make $wgEmailConfirmToEdit only affect edit actions. 5247 5248=== Changes since MediaWiki 1.31.0-rc.0 === 5249* (T33223) Drop archive.ar_text and ar_flags. 5250* Add default edit rate limit of 90 edits/minute for all users. 5251* (T187645) Use codepoint as tiebreaker when getting first-letters in 5252 IcuCollation. 5253* (T191947) Don't shell during the installer if shelling out is disabled. 5254* (T194319) Improve duplicate config setting exception as part of extension 5255 registration. 5256* (T195211) Don't require trailing slash in PSR-4 autoloader directory. 5257* (T186565) Fix PHP Notice from `ob_end_flush()` in `FileRepo::streamFile()`. 5258* Do not incorrectly hide namespace input field in the installer. 5259* (T186456) Refactor checks looking for PEAR maik libraries to be clearer. 5260 5261=== Important pre-upgrade notes for 1.31 === 5262* If you're using MySQL, SQLite, or MSSQL, are not using update.php to apply 5263 schema changes, and cannot have downtime to run migrateArchiveText.php and 5264 apply patch-drop-ar_text.sql manually, you'll have to apply a default value 5265 to the ar_text and ar_flags columns of the archive table or make those 5266 columns nullable before upgrading to MediaWiki 1.31. 5267 maintenance/archives/patch-nullable-ar_text.sql shows how to do this for 5268 MySQL. 5269 5270=== Configuration changes in 1.31 === 5271* $wgEnableAPI and $wgEnableWriteAPI are now deprecated and will be removed in 5272 a future version. The API is now considered to be stable, secure and 5273 essential. 5274* $wgUsejQueryThree was removed, as it is now the default. This was documented 5275 as a temporary variable during the migration period, deprecated since 1.29. 5276* $wgLogoHD has been updated to support svg images and uses $wgLogo where 5277 possible for fallback images such as png. 5278* (T44246) $wgFilterLogTypes will no longer ignore 'patrol' when user does not 5279 have the right to mark things patrolled. 5280* Wikis that contain imported revisions or CentralAuth global blocks should run 5281 maintenance/cleanupUsersWithNoId.php. 5282* The configuration settings $wgResourceLoaderMinifierStatementsOnOwnLine and 5283 $wgResourceLoaderMinifierMaxLineLength, deprecated since 1.27, were removed. 5284* (T180921) $wgReferrerPolicy now supports having fallbacks for browsers that 5285 are not using the latest version of the Referrer Policy specification. 5286* $wgFragmentMode is now set to [ 'legacy', 'html5' ] by default. This is a 5287 first step of migration to human-readable section IDs that will later result 5288 in 'html5' being the default mode. 5289* CACHE_ACCEL now only supports APC(u) or WinCache. XCache support was removed 5290 as upstream is inactive and has no plans to move to PHP 7. 5291* The old CategorizedRecentChanges feature, including its related configuration 5292 option $wgAllowCategorizedRecentChanges, has been removed. 5293* (T188472) The 'comma' value for $wgArticleCountMethod is no longer supported 5294 for performance reasons, and installations with this setting will now work as 5295 if it was configured with 'any'. 5296* (T185753) MediaWiki now defaults to using RemexHtml to tidy up user input, 5297 rather than being off by default. If you wish to disable HTML tidying 5298 entirely, set $wgTidyConfig to null; if you wish to use the old, deprecated 5299 Tidy external binary, both set $wgTidyConfig to null and $wgUseTidy to true. 5300* $wgLogAutopatrol now defaults to false instead of true. 5301* $wgValidateAllHtml was removed and will be ignored. 5302* $wgScriptExtension, deprecated and ignored since 1.25, was removed. See the 5303 1.25 release notes for more information. 5304* $wgUseAjax is now marked as deprecated, just like the deprecated AJAX 5305 framework that it enables. Some extensions mistakenly used this to check 5306 whether any AJAX functionality at all should be enabled, further making this 5307 problematic to retain. 5308* $wgDBmysql5 is now deprecated, and will be removed in a future version. It 5309 has been marked as experimental ever since it was introduced. 5310 5311=== New features in 1.31 === 5312* (T76554) User sub-pages named ….json are now protected in the same way that 5313 ….js and ….css pages are, so that configuration options can safely be placed 5314 there. 5315* Wikimedia\Rdbms\IDatabase->select() and similar methods now support joins 5316 with parentheses for grouping. 5317* As a first pass in standardizing dialog boxes across the MediaWiki product, 5318 Html class now provides helper methods for messageBox, successBox, errorBox 5319 and warningBox generation. 5320* (T9240) Imports will now record unknown (and, optionally, known) usernames in 5321 a format like "iw>Example". 5322* (T20209) Linker (used on history pages, log pages, and so on) will display 5323 usernames formed like "iw>Example" as interwiki links, as if by wikitext like 5324 [[iw:User:Example|iw>Example]]. 5325* (T111605) The 'ImportHandleUnknownUser' hook allows extensions to auto-create 5326 users during an import. 5327* Added a hook, ParserOutputPostCacheTransform, to allow extensions to affect 5328 the ParserOutput::getText() post-cache transformations. 5329* Added a hook, UploadForm:getInitialPageText, to allow extensions to alter the 5330 initial page text for file uploads. 5331* (T181651) The info page for File pages now displays the file's base-16 SHA1 5332 hash value in the table of basic information. 5333* Style tags with a 'data-mw-deduplicate' attribute will be deduplicated as a 5334 ParserOutput::getText() post-cache transformation. This may be disabled by 5335 passing 'deduplicateStyles' => false to that method. 5336* The identity of the logged-in or IP "actor" for logged actions is being moved 5337 into a new actor table, with the rows in tables such as revision and logging 5338 referring to the actor ID instead of storing the user ID and name/IP in 5339 every row. 5340 * This is currently gated by $wgActorTableSchemaMigrationStage. Most wikis 5341 can set this to MIGRATION_NEW and run maintenance/migrateActors.php as 5342 soon as any necessary extensions are updated. 5343 * Most code accessing rows for logged actions from the database should use 5344 the relevant getQueryInfo() methods to get the information needed to build 5345 the SQL query. The ActorMigration class may also be used to get feature 5346 -flagged information needed to access actor-related fields during the 5347 migration period. 5348* Added Wikimedia\Rdbms\IDatabase::cancelAtomic(), to roll back an atomic 5349 section without having to roll back the whole transaction. 5350* Wikimedia\Rdbms\IDatabase::doAtomicSection(), non-native ::insertSelect(), 5351 and non-MySQL ::replace() and ::upsert() no longer roll back the whole 5352 transaction on failure. 5353* (T189785) Added a monthly heartbeat ping to the pingback feature. 5354* The CLI installer (maintenance/install.php) learned to detect and include 5355 extensions. Pass --with-extensions to enable that feature. 5356* (T184791) rc_patrolled now has three states: "0" for unpatrolled, 5357 "1" for manually patrolled and "2" for autopatrolled actions. 5358* Extensions can now set their type to "editor" if they provide an editor or 5359 enhance the editing experience. 5360* Extensions can use a PSR-4 autoloader by setting an "AutoloadNamespaces" 5361 property in extension.json. See the documentation at 5362 <https://mediawiki.org/wiki/Manual:Extension.json/Schema#AutoloadNamespaces> 5363 for more details and an example. 5364* (T19099) Tabs which link to pages that don't exist (like those to uncreated 5365 discussion pages) now have a tooltip to indicate state, not just colour. 5366 5367=== External library changes in 1.31 === 5368* pear/mail, pear/mail_mime and pear/mail_mime-decode have been moved from 5369 suggested to required. These packages now must be installed via composer 5370 and not via PEAR itself. 5371 5372==== Upgraded external libraries ==== 5373* Updated jquery.chosen from v0.9.14 to v1.8.2. 5374* Updated composer/spdx-licenses from 1.1.4 to 1.3.0 (development dependency). 5375* Updated nikic/php-parser from 2.1.0 to 3.1.3 (development dependency). 5376* Updated wikimedia/ip-set from 1.1.0 to 1.2.0. 5377* Updated wikimedia/relpath from 2.0.0 to 2.1.1. 5378* Updated wikimedia/running-stat from 1.1.0 to 1.2.0. 5379* Updated wikimedia/wrappedstring from 2.2.0 to 2.3.0. 5380* Updated mediawiki/at-ease from 1.1.0 to 1.2.0. 5381* Updated wikimedia/php-session-serializer from 1.0.4 to 1.0.6. 5382* Updated wikimedia/remex-html from 1.0.2 to 1.0.3. 5383* Updated wikimedia/html-formatter from 1.0.1 to 1.0.2. 5384 5385==== New external libraries ==== 5386* Added wikimedia/object-factory 1.0.0 5387 5388==== Removed and replaced external libraries ==== 5389* (T17845) The deprecated 'jquery.badge' module was removed. 5390* The deprecated 'jquery.autoEllipsis' module was removed. Use the CSS 5391 text-overflow property instead. 5392* The deprecated 'jquery.placeholder' module was removed. 5393* The deprecated 'jquery.appear' module was removed. Use the 5394 'mediawiki.viewport' module instead. 5395* mediawiki/at-ease was replaced with wikimedia/at-ease. 5396 5397=== Bug fixes in 1.31 === 5398* (T90902) Non-breaking space in header ID breaks anchor. 5399* (T189375) CSSMin now allows quoted urls in `url()` syntax to start with a 5400 space. 5401* (T2087, T10897, T87753, T174639) Whitespace created by category and language 5402 links is now stripped rather than leaving blank lines in odd places. 5403* (T3780) Uploads with UTF-8 names now work on PHP7.1+ on Windows servers. 5404* (T182366) UploadBase::checkXMLEncodingMissmatch() now works on PHP 7.1+ 5405 5406=== Action API changes in 1.31 === 5407* (T185058) The 'name' value to tgprop for action=query&list=tags has been 5408 removed. It has never made a difference in the output, the name was always 5409 returned regardless. 5410* The 'watch' and 'unwatch' parameters for action=move have been removed. They 5411 were deprecated and also accidentally nonfunctional since 1.17 in 2010. Use 5412 'watchlist' instead. 5413 5414=== Action API internal changes in 1.31 === 5415* ApiBase::getProfileDBTime, deprecated since 1.25, was removed. 5416* ApiBase::getModuleProfileName, deprecated since 1.25, was removed. 5417* ApiBase::getProfileTime, deprecated since 1.25, was removed. 5418 5419=== Languages updated in 1.31 === 5420MediaWiki supports over 350 languages. Many localisations are updated 5421regularly. Below only new and removed languages are listed, as well as 5422changes to languages because of Phabricator reports. 5423 5424* (T180052) Mirandese (mwl) now supports gendered NS_USER/NS_USER_TALK. 5425* (T182305) New language support: Nyungar (nys). 5426* (T186359) New language support: Siberian Tatar [себертатар] (sty). 5427* (T186635) New language support: Guianan Creole (gcr). 5428* (T186647) New language support: Kumyk [къумукъ] (kum). 5429* (T187750) New language support: Spanish formal address (es-formal). 5430* (T187824) New language support: Hungarian formal address (hu-formal). 5431* (T189127) New language support: Gorontalo (gor). 5432 5433=== Breaking changes in 1.31 === 5434* MessageBlobStore::insertMessageBlob(), deprecated in 1.27, was removed. 5435* The OutputPage class constructor now requires a context parameter. 5436 Instantiating without context was deprecated in 1.18. 5437* The mw.page JavaScript singleton, deprecated in 1.30, was removed. 5438* Article::getLastPurgeTimestamp(), WikiPage::getLastPurgeTimestamp(), and the 5439 related WikiPage::PURGE_* constants, deprecated in 1.29, were removed. 5440* The Article::selectFields(), ::onArticleCreate(), ::onArticleDelete(), and 5441 ::onArticleEdit() methods, deprecated in 1.24, were removed. 5442* Installer::locateExecutable() and ::locateExecutableInDefaultPaths() were 5443 removed. Use ExecutableFinder::findInDefaultPaths() instead. 5444* The deprecated MW_DIFF_VERSION constant was removed. 5445 DifferenceEngine::MW_DIFF_VERSION should be used instead. 5446* Due to significant refactoring, method ContribsPager::getUserCond() that had 5447 no access restriction has been removed. 5448* The Block class will no longer accept usable-but-missing usernames for 5449 'byText' or ->setBlocker(). Callers should either ensure the blocker exists 5450 locally or use a new interwiki-format username like "iw>Example". 5451* The following methods and constants from the WatchedItem class, which were 5452 deprecated in 1.27, have been removed: 5453 * WatchedItem::getTitle() 5454 * WatchedItem::fromUserTitle() 5455 * WatchedItem::addWatch() 5456 * WatchedItem::removeWatch() 5457 * WatchedItem::isWatched() 5458 * WatchedItem::duplicateEntries() 5459 * WatchedItem::IGNORE_USER_RIGHTS 5460 * WatchedItem::CHECK_USER_RIGHTS 5461 * WatchedItem::DEPRECATED_USAGE_TIMESTAMP 5462* The $statementsOnOwnLine parameter of JavaScriptMinifier::minify was removed. 5463 $wgResourceLoaderMinifierStatementsOnOwnLine, the corresponding configuration 5464 variable, has been deprecated since 1.27 and was removed as well. 5465* The $maxLineLength parameter of JavaScriptMinifier::minify was removed. 5466 $wgResourceLoaderMinifierMaxLineLength, the corresponding configuration 5467 variable, has been deprecated since 1.27 and was removed as well. 5468* The HtmlFormatter class, deprecated in 1.27, was removed. The namespaced 5469 HtmlFormatter\HtmlFormatter class should be used instead. 5470* The driver 'mysql' for MySQL, deprecated in MediaWiki 1.30, has been removed. 5471 The driver has been deprecated since PHP 5.5 and was removed in PHP 7.0. The 5472 default driver for MySQL has been 'mysqli' since MediaWiki 1.22. 5473* The following properties of PreparedEdit were deprecated in 1.21 and have 5474 been removed: 5475 * PreparedEdit->newText 5476 * PreparedEdit->oldText 5477 * PreparedEdit->pst 5478* ParserOutput objects which are generated using a non-default value for 5479 ParserOptions::setWrapOutputClass() can no longer be added to the parser 5480 cache. 5481* The following deprecated methods from the OutputPage class have been removed: 5482 * OutputPage::addExtensionStyle(); deprecated in 1.27 5483 * OutputPage::getExtStyle(); deprecated in 1.27 5484 * OutputPage::setETag(); deprecated in 1.28 (obsolete no-op) 5485 * OutputPage::setSquidMaxage(); deprecated in 1.27 5486 * OutputPage::readOnlyPage(); deprecated in 1.25 5487 * OutputPage::rateLimited(); deprecated in 1.25 5488 * Additionally, the protected OutputPage::$mExtStyles array, only accessed 5489 through the above and with no known uses, was removed. 5490* The no-op method Skin::showIPinHeader(), deprecated in 1.27, was removed. 5491* The following variables and methods in EditPage, deprecated in MediaWiki 1.30, 5492 were removed: 5493 * $isCssJsSubpage — use ::isUserConfigPage() 5494 * $isCssSubpage — use ::isUserCssConfigPage() 5495 * $isJsSubpage — use ::isUserJsConfigPage() 5496 * $isWrongCaseCssJsPage – use ::isWrongCaseUserConfigPage() 5497 * ::getSummaryInput() – use ::getSummaryInputWidget() 5498 * ::getSummaryInputOOUI() – use ::getSummaryInputWidget() 5499 * ::getCheckboxes() – use ::getCheckboxesWidget() or 5500 ::getCheckboxesDefinition() 5501 * ::getCheckboxesOOUI() – use ::getCheckboxesWidget() or 5502 ::getCheckboxesDefinition() 5503* ResourceLoaderModule::getPosition(), deprecated in 1.29, has been removed. 5504* In User, the cookie-related methods which were wrappers for the functions on 5505 the response object, and were deprecated in 1.27, have been removed: 5506 * ::setCookie() 5507 * ::clearCookie() 5508 * ::setExtendedLoginCookie() 5509 Note that User::setCookies() remains, and is not deprecated. 5510* Also in User, some auth-related methods which were deprecated in 1.27 have 5511 been removed: 5512 * ::getEditTokenTimestamp() – use MediaWiki\Session\Token::getTimestamp() 5513 * ::getPasswordFactory() – create a PasswordFactory directly 5514 * ::passwordChangeInputAttribs() 5515* The global functions wfProfileIn and wfProfileOut, deprecated in 1.25, have 5516 been removed. 5517* SpecialPageFactory::getList(), deprecated in 1.24, has been removed. You can 5518 use ::getNames() instead. 5519* OpenSearch::getOpenSearchTemplate(), deprecated in 1.25, has been removed. You 5520 can use ApiOpenSearch::getOpenSearchTemplate() instead. 5521* The global function wfBaseConvert, deprecated in 1.27, has been removed. Use 5522 Wikimedia\base_convert() directly. 5523* Calling Database::begin() explicitly during an implicit transaction or when 5524 DBO_TRX is set results in an exception. Calling Database::commit() explicitly 5525 for an implicit transaction also results in an exception. Previously these 5526 were logged as errors. The startAtomic() and endAtomic() methods, or 5527 AtomicSectionUpdate should be used instead. 5528* The global function wfOutputHandler() was removed, use the its replacement 5529 MediaWiki\OutputHandler::handle() instead. The global function was only 5530 sometimes defined. Its replacement is always available via the autoloader. 5531* ChangeTags::listExtensionActivatedTags and ::listExtensionDefinedTags, 5532 deprecated in 1.28, have been removed. Use ::listSoftwareActivatedTags() and 5533 ::listSoftwareDefinedTags() instead. 5534* Title::getTitleInvalidRegex(), deprecated in 1.25, has been removed. You can 5535 use MediaWikiTitleCodec::getTitleInvalidRegex() instead. 5536* HTMLForm & VFormHTMLForm::isVForm(), deprecated in 1.25, have been removed. 5537* The ProfileSection class, deprecated in 1.25 and unused, has been removed. 5538* The ResourceLoaderGetLessVars hook, deprecated in 1.30, has been removed. Use 5539 ResourceLoaderModule::getLessVars() to expose local variables instead of 5540 global ones. 5541* As part of work to modernise user-generated content clean-up, a config option 5542 and some methods related to HTML validity were removed without deprecation. 5543 The public methods MWTidy::checkErrors() and the path through which it was 5544 called, TidyDriverBase::validate(), are removed, as are the testing methods 5545 MediaWikiTestCase::assertValidHtmlSnippet() and ::assertValidHtmlDocument(). 5546 The $wgValidateAllHtml configuration option is removed and will be ignored. 5547* Execution of external programs using MediaWiki\Shell\Command now applies 5548 the RESTRICT_DEFAULT Firejail restriction by default. 5549* The ResourceLoaderModule::getHashMtime() and ::getDefinitionMtime() methods, 5550 deprecated in 1.26, were removed. 5551* The deprecated 'mediawiki.widgets.CategorySelector' module alias was removed. 5552 Use the 'mediawiki.widgets.CategoryMultiselectWidget' module directly. 5553 5554=== Deprecations in 1.31 === 5555* The Revision class was deprecated in favor of RevisionStore, BlobStore, and 5556 RevisionRecord and its subclasses. 5557* The global function wfBCP47 is deprecated in favour of LanguageCode::bcp47. 5558* The global function wfCountDown is now deprecated in favor of 5559 Maintenance::countDown. 5560* Several methods for returning lists of fields to select from the database 5561 have been deprecated in favor of similar methods that also return the tables 5562 to select from and the join conditions for those tables. 5563 * Block::selectFields() → Block::getQueryInfo() 5564 * RecentChange::selectFields() → RecentChange::getQueryInfo() 5565 * ArchivedFile::selectFields() → ArchivedFile::getQueryInfo() 5566 * LocalFile::selectFields() → LocalFile::getQueryInfo() 5567 * LocalFile::getCacheFields() with a prefix no longer works 5568 * LocalFile::getLazyCacheFields() with a prefix no longer works 5569 * OldLocalFile::selectFields() → OldLocalFile::getQueryInfo() 5570 * RecentChange::selectFields() → RecentChange::getQueryInfo() 5571 * Revision::userJoinCond() → Revision::getQueryInfo( [ 'user' ] ) 5572 * Revision::selectUserFields() → Revision::getQueryInfo( [ 'user' ] ) 5573 * Revision::pageJoinCond() → Revision::getQueryInfo( [ 'page' ] ) 5574 * Revision::selectPageFields() → Revision::getQueryInfo( [ 'page' ] ) 5575 * Revision::selectTextFields() → Revision::getQueryInfo( [ 'text' ] ) 5576 * Revision::selectFields() → Revision::getQueryInfo() 5577 * Revision::selectArchiveFields() → Revision::getArchiveQueryInfo() 5578 * User::selectFields() → User::getQueryInfo() 5579 * WikiPage::selectFields() → WikiPage::getQueryInfo() 5580* Revision::setUserIdAndName() was deprecated. 5581* Access to TitleValue class properties was deprecated, the relevant getters 5582 should be used instead. 5583* DifferenceEngine::getDiffBodyCacheKey() is deprecated. Subclasses should 5584 override DifferenceEngine::getDiffBodyCacheKeyParams() instead. 5585* Use of Maintenance::error( $err, $die ) to exit script was deprecated. Use 5586 Maintenance::fatalError() instead. 5587* Passing a ParserOptions object to OutputPage::parserOptions() is deprecated. 5588* The RevisionInsertComplete hook is now deprecated; use instead the hook 5589 RevisionRecordInserted. RevisionInsertComplete is still called, but the second 5590 and third parameter will always be null. Hard deprecation is scheduled for 5591 1.32. 5592* The following methods that get and set ParserOutput state are deprecated. 5593 Callers should use the new stateless $options parameter to 5594 ParserOutput::getText() instead. 5595 * ParserOptions::getEditSection() 5596 * ParserOptions::setEditSection() 5597 * ParserOutput::getEditSectionTokens() 5598 * ParserOutput::setEditSectionTokens() 5599 * ParserOutput::getTOCEnabled() 5600 * ParserOutput::setTOCEnabled() 5601 * OutputPage::enableSectionEditLinks() 5602 * OutputPage::sectionEditLinksEnabled() 5603 * The public ParserOutput state fields $mTOCEnabled and $mEditSectionTokens 5604 are also deprecated. 5605* License::getLicenses has been deprecated; use License::getLines instead. 5606* QuickTemplate::setRef() was deprecated in favour of QuickTemplate::set(). 5607 Setting template variables by reference allowed violating the principle of 5608 data being immutable once added to the skin template. In practice, this method 5609 was not being used for that. Rather, setRef() existed as memory optimisation 5610 for PHP 4. 5611* QuickTemplate::setTranslator() and MediaWikiI18N::set() were deprecated in 5612 favour of Skin::msg() parameters. 5613* MediaWikiI18N::translate() was deprecated in favour of Skin::msg() or 5614 wfMessage(). 5615* Passing false to ParserOptions::setWrapOutputClass() is deprecated. Use the 5616 'unwrap' transform to ParserOutput::getText() instead. 5617* \ObjectFactory (no namespace) is deprecated, the namespaced class 5618 \Wikimedia\ObjectFactory from the wikimedia/object-factory library should be 5619 used instead. 5620* CommentStore::newKey is deprecated. Instead, get an instance from 5621 MediaWikiServices. 5622* The following CommentStore methods have had their signatures changed to 5623 introduce a $key parameter, usage of the methods on instances retrieved from 5624 CommentStore::newKey will remain unchanged but deprecated: 5625 * CommentStore::getFields 5626 * CommentStore::getJoin 5627 * CommentStore::getComment 5628 * CommentStore::getCommentLegacy 5629 * CommentStore::insert 5630 * CommentStore::insertWithTemplate 5631* The following methods in Title have been renamed, and the old ones are 5632 deprecated: 5633 * Title::getSkinFromCssJsSubpage – use ::getSkinFromConfigSubpage 5634 * Title::isCssOrJsPage – use ::isSiteConfigPage 5635 * Title::isCssJsSubpage – use ::isUserConfigPage 5636 * Title::isCssSubpage – use ::isUserCssConfigPage 5637 * Title::isJsSubpage – use ::isUserJsConfigPage 5638* The following methods related to caching of half-parsed HTML were deprecated: 5639 * Parser::serializeHalfParsedText() 5640 * Parser::unserializeHalfParsedText() 5641 * Parser::isValidHalfParsedText() 5642 * StripState::getSubState() 5643 * StripState::merge() 5644* The DeferredStringifier class is deprecated, use Message::listParam() instead. 5645* The type string for the parameter $lang of DateFormatter::getInstance is 5646 deprecated. 5647* Wikimedia\Rdbms\SavepointPostgres is deprecated. 5648* The DO_MAINTENANCE constant is deprecated. RUN_MAINTENANCE_IF_MAIN should be 5649 used instead. 5650* The function wfShellWikiCmd() has been deprecated, use 5651 MediaWiki\Shell::makeScriptCommand(). 5652* In the future, the hooks 'PreferencesFormPreSave' and 'PreferencesGetLegend' 5653 will be allowed to provide any HTMLForm object rather than PreferencesForm. 5654 5655=== Other changes in 1.31 === 5656* Browser support for Internet Explorer 10 was lowered from Grade A to Grade C. 5657* Browser support for Opera 12 and older was dropped entirely. Opera 15+ 5658 continues at Grade A. 5659* Multi-content-revision capability was introduced into the storage layer. See 5660 <https://mediawiki.org/wiki/Requests_for_comment/Multi-Content_Revisions>. 5661* The "free" CSS class is now only applied to unbracketed URLs in wikitext. 5662 Links written using square brackets will get the class "text" not "free". 5663* RFC 157418: Whitespace is trimmed from wikitext headings, wikitext list items, 5664 wikitext table captions, wikitext table headings, wikitext table cells. HTML 5665 headings, HTML list items, HTML table captions, HTML table headings, HTML 5666 table cells will not have this trimming behavior. 5667 5668== Compatibility == 5669MediaWiki 1.31 requires PHP 7.0.0 or later. Although HHVM 3.18.5 or later is 5670supported, it is generally advised to use PHP 7.0.0 or later for long term 5671support. 5672 5673MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used, 5674but support for them is somewhat less mature. There is experimental support for 5675Oracle and Microsoft SQL Server. 5676 5677The supported versions are: 5678 5679* MySQL 5.5.8 or later 5680* PostgreSQL 9.2 or later 5681* SQLite 3.3.7 or later 5682* Oracle 9.0.1 or later 5683* Microsoft SQL Server 2005 (9.00.1399) 5684 5685== Upgrading == 56861.31 has several database changes since 1.30, and will not work without schema 5687updates. Note that due to changes to some very large tables like the revision 5688table, the schema update may take quite long (minutes on a medium sized site, 5689many hours on a large site). 5690 5691Don't forget to always back up your database before upgrading! 5692 5693See the file UPGRADE for more detailed upgrade instructions, including 5694important information when upgrading from versions prior to 1.11. 5695 5696For notes on 1.30.x and older releases, see HISTORY. 5697 5698== Online documentation == 5699Documentation for both end-users and site administrators is available on 5700MediaWiki.org, and is covered under the GNU Free Documentation License (except 5701for pages that explicitly state that their contents are in the public domain): 5702 5703 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation 5704 5705== Mailing list == 5706A mailing list is available for MediaWiki user support and discussion: 5707 5708 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l 5709 5710A low-traffic announcements-only list is also available: 5711 5712 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce 5713 5714It's highly recommended that you sign up for one of these lists if you're 5715going to run a public MediaWiki, so you can be notified of security fixes. 5716 5717== IRC help == 5718There's usually someone online in #mediawiki on irc.freenode.net. 5719 5720 5721= MediaWiki 1.30 = 5722 5723== MediaWiki 1.30.2 == 5724 5725This is a security and maintenance release of the MediaWiki 1.30 branch. 5726 5727=== Changes since MediaWiki 1.30.1 === 5728* (T204729) WatchedItemStore::countVisitingWatchersMultiple() shouldn't query 5729 all titles when asked for none. 5730* (T109121) Remove deprecated pear/mail_mime-decode from composer suggested 5731 libraries. 5732* (T207540) Include IP address in "Login for $1 succeeded" log entry. 5733* (T205765) Don't link to the obsolete "Extension Matrix" page in installer. 5734* (T207603) SECURITY: User JS may no longer be loaded with mime type 5735 text/javascript if there is no account associated with the username. 5736* (T113042) SECURITY: Do not allow loading pages raw with a text/javascript MIME 5737 type if non-admins can edit the page. 5738* (T207541) Pass email address to mail(). 5739* Fix addition of ug_expiry column to user_groups table on MSSQL. 5740* (T204531) rdbms: reduce LoadBalancer replication log spam. 5741* (T213489) Avoid session double-start in Setup.php. 5742* (T195525) Fix db error outage page. 5743* (T208871) The hard-coded Google search form on the database error page was 5744 removed. 5745* (T216968) Return pageid as int in both list=iwbacklinks and 5746 list=langbacklinks. 5747* (T218608) SECURITY: Fix an issue that prevents Extension:OAuth working when 5748 $wgBlockDisablesLogin is true. 5749* (T25227) SECURITY: action=logout now requires to be posted and have a csrf 5750 token. 5751* (T222385) resourceloader: Use AND instead of OR for upsert conds in 5752 saveFileDependencies(). 5753* (T224374) Fix message parameters so that the message that says SQLite is out 5754 of date makes sense. 5755* SpecialPage::checkLoginSecurityLevel() will now preserve POST data when 5756 reauthenticating. 5757* FormSpecialPage::execute() will now call checkLoginSecurityLevel() if 5758 getLoginSecurityLevel() returns non-false. 5759* (T197279) SECURITY: Fix reauth in Special:ChangeEmail. 5760* (T208881) SECURITY: blacklist CSS var(). 5761* (T209794) SECURITY: rate-limit and prevent blocked users from changing email. 5762* (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block. 5763* (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query. 5764* (T222036, T222038) SECURITY: Add permission check for user is permitted to 5765 view the log type. 5766* (T221739) SECURITY: resources: Patch jQuery 1.11.3 for CVE-2019-11358. 5767 5768== MediaWiki 1.30.1 == 5769 5770This is a security and maintenance release of the MediaWiki 1.30 branch. 5771 5772=== Changes since MediaWiki 1.30.0 === 5773* (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides 5774 'newbie'. 5775* (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's 5776 account lock. 5777* (T87572) Make FormatMetadata::flattenArrayReal() work for an associative 5778 array. 5779* Updated composer/spdx-licenses from 1.1.4 to 1.3.0 (development dependency). 5780* (T189567) the CLI installer (maintenance/install.php) learned to detect and 5781 include extensions. Pass --with-extensions to enable that feature. 5782* (T190503) Let built-in web server (maintenance/dev) handle .php requests. 5783* (T167507) selenium: Run Chrome headlessly. 5784* selenium: Pass -no-sandbox to Chrome under Docker. 5785* (T179190) selenium: Move logic for running tests from package.json to 5786 selenium.sh 5787* (T192584) Stop incorrectly passing USE INDEX to RecentChange::newFromConds(). 5788* Add default edit rate limit of 90 edits/minute for all users. 5789* (T186565) Fix PHP Notice from `ob_end_flush()` in `FileRepo::streamFile()`. 5790* oojs/oojs-ui updated to remove an unnecessary dependancy. 5791* (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported. 5792* (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete 5793 hook. 5794* (T196672) The mtime of extension.json files is now able to be zero 5795* (T180403) Validate $length in padleft/padright parser functions. 5796* (T143790) Make $wgEmailConfirmToEdit only affect edit actions. 5797* (T193995) Fix undefined patchPath() method call in parser tests. 5798* Special:BotPasswords now requires reauthentication. 5799* (T191608, T187638) Add 'logid' parameter to Special:Log. 5800* (T193829) Indicate when a Bot Password needs reset. 5801* (T151415) Log email changes. 5802* (T200861) Fix total breakage of SQLite web upgrade. 5803* (T202550) Unbreak SpecialListusersHeaderForm and SpecialListusersHeader 5804 hooks. 5805* (T190539) Explicitly require Postgres 9.1. 5806* (T118420) Unbreak Oracle installer. 5807 5808== MediaWiki 1.30.0 == 5809 5810=== Changes since MediaWiki 1.30.0-rc.0 === 5811* Upgraded Moment.js from v2.15.0 to v2.19.3. 5812* Add ip_changes to postgres/tables.sql. 5813* Skip null shell parameters. 5814* Add wfWaitForSlaves() to maintenance/migrateComments.php. 5815* (T182245) Fix join conditions in ImageListPager. 5816* (T178626) Revert #contentSub and #jump-to-nav margin changes. 5817 5818=== MySQL version requirement in 1.30 === 5819As of 1.30, MediaWiki now requires MySQL 5.5.8 or higher (see Compatibility 5820section). 5821 5822=== Configuration changes in 1.30 === 5823* The "C.UTF-8" locale should be used for $wgShellLocale, if available, to avoid 5824 unexpected behavior when code uses locale-sensitive string comparisons. For 5825 example, the Scribunto extension considers "bar" < "Foo" in most locales 5826 since it ignores case. 5827* $wgShellLocale now affects LC_ALL rather than only LC_CTYPE. See 5828 documentation of $wgShellLocale for details. 5829* $wgShellLocale is now applied for all requests. wfInitShellLocale() is 5830 deprecated and a no-op, as it is no longer needed. 5831* $wgJobClasses may now specify callback functions as an alternative to plain 5832 class names. This is intended for extensions that want control over the 5833 instantiation of their jobs, to allow for proper dependency injection. 5834* $wgResourceModules may now specify callback functions as an alternative 5835 to plain class names, using the 'factory' key in the module description 5836 array. This allows dependency injection to be used for ResourceLoader modules. 5837* $wgExceptionHooks has been removed. 5838* (T163562) $wgRangeContributionsCIDRLimit was introduced to control the size 5839 of IP ranges that can be queried at Special:Contributions. 5840* (T45547) $wgUsePigLatinVariant added (off by default). 5841* (T152540) MediaWiki now supports a section ID escaping style that allows to 5842 display non-Latin characters verbatim on many modern browsers. This is 5843 controlled by the new configuration setting, $wgFragmentMode. 5844* $wgExperimentalHtmlIds is now deprecated and will be removed in a future 5845 version, use $wgFragmentMode to migrate off it to a modern alternative. 5846* $wgExternalInterwikiFragmentMode was introduced to control how fragments in 5847 sinterwikis going outside of current wiki farm are encoded. 5848* (T120333) Soft-deprecated the use of PHP extension 'mysql' in favor of 5849 'mysqli'. This PHP extension was deprecated in PHP 5.5 and removed in PHP 7.0. 5850 MediaWiki auto-selects the 'mysqli' driver since MediaWiki 1.22, except if 5851 explicitly requested through the configuration parameter $wgDBservers. 5852* $wgOOUIEditPage was removed, as it is now the default. This was documented as 5853 a temporary variable during the migration period. 5854 5855=== New features in 1.30 === 5856* (T37247) Output from Parser::parse() will now be wrapped in a div with 5857 class="mw-parser-output" by default. This may be changed or disabled using 5858 ParserOptions::setWrapOutputClass(). 5859* (T163562) Added ability to search for contributions within an IP ranges 5860 at Special:Contributions. 5861* Added 'ChangeTagsAllowedAdd' hook, enabling extensions to allow software- 5862 specific tags to be added by users. 5863* Added a 'ParserOptionsRegister' hook to allow extensions to register 5864 additional parser options. 5865* (T45547) Included Pig Latin, a language game in English, as a 5866 LanguageConverter variant. This allows English-speaking developers 5867 to develop and test LanguageConverter more easily. Pig Latin can be 5868 enabled by setting $wgUsePigLatinVariant to true. 5869* Added RecentChangesPurgeRows hook to allow extensions to purge data that 5870 depends on the recentchanges table. 5871* Added JS config values wgDiffOldId/wgDiffNewId to the output of diff pages. 5872* (T2424) Added direct unwatch links to entries in Special:Watchlist (if the 5873 'watchlistunwatchlinks' preference option is enabled). With JavaScript 5874 enabled, these links toggle so the user can also re-watch pages that have 5875 just been unwatched. 5876* Added $wgParserTestMediaHandlers, where mock media handlers can be passed to 5877 MediaHandlerFactory for parser tests. 5878* Edit summaries, block reasons, and other "comments" are now stored in a 5879 separate database table. Use the CommentFormatter class to access them. 5880** This is currently gated by $wgCommentTableSchemaMigrationStage. Most wikis 5881 can set this to MIGRATION_NEW and run maintenance/migrateComments.php as 5882 soon as any necessary extensions are updated. 5883* (T138166) Added ability for users to prohibit other users from sending them 5884 emails with Special:Emailuser. Can be enabled by setting 5885 $wgEnableUserEmailBlacklist to true. 5886* (T67297) $wgBrowserBlacklist is deprecated, and changing it will have no 5887 effect. Instead, users using browsers that do not support Unicode will be 5888 unable to edit and should upgrade to a modern browser instead. 5889 5890=== External library changes in 1.30 === 5891 5892==== Upgraded external libraries ==== 5893* Updated justinrainbow/json-schema from v3.0 to v5.2. 5894* Updated mediawiki/mediawiki-codesniffer from v0.7.2 to v0.12.0. 5895* Updated wikimedia/composer-merge-plugin from v1.4.0 to v1.4.1. 5896* Updated wikimedia/relpath from v1.0.3 to v2.0.0. 5897* Updated OOjs from v2.0.0 to v2.1.0. 5898* Updated OOUI from v0.21.1 to v0.23.0. 5899* Updated QUnit from v1.23.1 to v2.4.0. 5900* Updated phpunit/phpunit from v4.8.35 to v4.8.36. 5901* Upgraded Moment.js from v2.15.0 to v2.19.3. 5902 5903==== New external libraries ==== 5904* The class \TestingAccessWrapper has been moved to the external library 5905 wikimedia/testing-access-wrapper and renamed \Wikimedia\TestingAccessWrapper. 5906* Purtle, a fast, lightweight RDF generator. 5907 5908=== Bug fixes in 1.30 === 5909* (T151633) Ordered list items use now Devanagari digits in Nepalese 5910 (thanks to Sfic) 5911 5912=== Action API changes in 1.30 === 5913* (T37247) action=parse output will be wrapped in a div with 5914 class="mw-parser-output" by default. This may be changed or disabled using 5915 the new 'wrapoutputclass' parameter. 5916* When errorformat is not 'bc', abort reasons from action=login will be 5917 formatted as specified by the error formatter parameters. 5918* action=compare can now handle arbitrary text, deleted revisions, and 5919 returning users and edit comments. 5920* (T164106) The 'rvdifftotext', 'rvdifftotextpst', 'rvdiffto', 5921 'rvexpandtemplates', 'rvgeneratexml', 'rvparse', and 'rvprop=parsetree' 5922 parameters to prop=revisions are deprecated, as are the similarly named 5923 parameters to prop=deletedrevisions, list=allrevisions, and 5924 list=alldeletedrevisions. Use action=compare, action=parse, or 5925 action=expandtemplates instead. 5926 5927=== Action API internal changes in 1.30 === 5928* ApiBase::getDescriptionMessage() and the "apihelp-*-description" messages are 5929 deprecated. The existing message should be split between "apihelp-*-summary" 5930 and "apihelp-*-extended-description". 5931* (T123931) Individual values of multi-valued parameters can now be marked as 5932 deprecated. 5933 5934=== Languages updated in 1.30 === 5935MediaWiki supports over 350 languages. Many localisations are updated 5936regularly. Below only new and removed languages are listed, as well as 5937changes to languages because of Phabricator reports. 5938 5939* Added: kbp (Kabɩyɛ / Kabiyè) 5940* Added: skr (Saraiki, سرائیکی) 5941* Added: tay (Tayal / Atayal) 5942* Removed: tokipona (Toki Pona) 5943 5944==== Pig Latin added ==== 5945* (T45547) Added Pig Latin, a made-up English variant (en-x-piglatin), 5946 for easier variant development and testing. Disabled by default. It can be 5947 enabled by setting $wgUsePigLatinVariant to true. 5948 5949=== Other changes in 1.30 === 5950* The use of an associative array for $wgProxyList, where the IP address is in 5951 the key instead of the value, is deprecated (e.g. [ '127.0.0.1' => 'value' ]). 5952 Please convert these arrays to indexed/sequential ones (e.g. [ '127.0.0.1' ]). 5953* mw.user.bucket (deprecated in 1.23) was removed. 5954* LoadBalancer::getServerInfo() and LoadBalancer::setServerInfo() are 5955 deprecated. There are no known callers. 5956* File::getStreamHeaders() was deprecated. 5957* MediaHandler::getStreamHeaders() was deprecated. 5958* Title::canTalk() was deprecated. The new Title::canHaveTalkPage() should be 5959 used instead. 5960* MWNamespace::canTalk() was deprecated. The new MWNamespace::hasTalkNamespace() 5961 should be used instead. 5962* The ExtractThumbParameters hook (deprecated in 1.21) was removed. 5963* The OutputPage::addParserOutputNoText and ::getHeadLinks methods (both 5964 deprecated in 1.24) were removed. 5965* wfMemcKey() and wfGlobalCacheKey() were deprecated. BagOStuff::makeKey() and 5966 BagOStuff::makeGlobalKey() should be used instead. 5967* (T146304) Preprocessor handling of LanguageConverter markup has been improved. 5968 As a result of the new uniform handling, '-{' may need to be escaped 5969 (for example, as '-<nowiki/>{') where it occurs inside template arguments 5970 or wikilinks. 5971* (T163966) Page moves are now counted as edits for the purposes of 5972 autopromotion, i.e., they increment the user_editcount field in the database. 5973* Two new hooks, LogEventsListLineEnding and NewPagesLineEnding, were added for 5974 manipulating Special:Log and Special:NewPages lines. 5975* The OldChangesListRecentChangesLine, EnhancedChangesListModifyLineData, 5976 PageHistoryLineEnding, ContributionsLineEnding and 5977 DeletedContributionsLineEnding hooks have an additional parameter, for 5978 manipulating HTML data attributes of RC/history lines. 5979 EnhancedChangesListModifyBlockLineData can do that via the 5980 $data['attribs'] subarray. 5981* (T130632) The OutputPage::enableTOC() method was removed. 5982* WikiPage::getParserOutput() will now throw an exception if passed 5983 ParserOptions that would pollute the parser cache. Callers should use 5984 WikiPage::makeParserOptions() to create the ParserOptions object and only 5985 change options that affect the parser cache key. 5986* Article::viewRedirect() is deprecated. 5987* IP::isValidBlock() was deprecated. Use the equivalent IP::isValidRange(). 5988* DeprecatedGlobal no longer supports passing in a direct value, it requires a 5989 callable factory function or a class name. 5990* The $parserMemc global, wfGetParserCacheStorage(), and 5991 ParserCache::singleton() are all deprecated. The main ParserCache instance 5992 should be obtained from MediaWikiServices instead. Access to the underlying 5993 BagOStuff is possible through the new ParserCache::getCacheStorage() method. 5994* .mw-ui-constructive CSS class (deprecated in 1.27) was removed. 5995* Sanitizer::escapeId() was deprecated, use escapeIdForAttribute(), 5996 escapeIdForLink() or escapeIdForExternalInterwiki() instead. 5997* Title::escapeFragmentForURL() was deprecated, use one of the aforementioned 5998 Sanitizer functions or, if possible, Title::getFragmentForURL(). 5999* Second parameter to Sanitizer::escapeIdReferenceList() ($options) now does 6000 nothing and is deprecated. 6001* mw.util.escapeId() was deprecated, use escapeIdForAttribute() or 6002 escapeIdForLink(). 6003* MagicWord::replaceMultiple() (deprecated in 1.25) was removed. 6004* WikiImporter now requires the second parameter to be an instance of the 6005 Config, class. Prior to that, the Config parameter was optional (a behavior 6006 deprecated in 1.25). 6007* Removed 'jquery.mwExtension' module. (deprecated since 1.26) 6008* mediawiki.ui: Deprecate greys, which are not part of WikimediaUI color palette 6009 any more. 6010* CdbReader, CdbWriter, CdbException classes (deprecated in 1.25) were removed. 6011 The namespaced classes in the Cdb namespace should be used instead. 6012* IPSet class (deprecated in 1.26) was removed. The namespaced IPSet\IPSet 6013 should be used instead. 6014* RunningStat class (deprecated in 1.27) was removed. The namespaced 6015 RunningStat\RunningStat should be used instead. 6016* MWMemcached and MemCachedClientforWiki classes (deprecated in 1.27) were 6017 removed. 6018 The MemcachedClient class should be used instead. 6019* EditPage underwent some refactoring and deprecations: 6020 * EditPage::isOouiEnabled() is deprecated and will always return true. 6021 * EditPage::getSummaryInput() and ::getSummaryInputOOUI() are deprecated. 6022 Please use ::getSummaryInputWidget() instead. 6023 * EditPage::getCheckboxes() and ::getCheckboxesOOUI() are deprecated. Please 6024 use ::getCheckboxesWidget() instead. 6025 * Creating an EditPage instance without calling EditPage::setContextTitle() 6026 should be avoided and will be deprecated in a future release. 6027 * EditPage::safeUnicodeInput() and ::safeUnicodeOutput() are deprecated and 6028 no-ops. 6029 * EditPage::$isCssJsSubpage, ::$isCssSubpage, and ::$isJsSubpage are 6030 deprecated. The corresponding methods from Title should be used instead. 6031 * EditPage::$isWrongCaseCssJsPage is deprecated. There is no replacement. 6032 * EditPage::$mArticle and ::$mTitle are deprecated for public usage. The 6033 getters ::getArticle() and ::getTitle() should be used instead. 6034 * Trying to control or fake EditPage context by overriding $wgUser, 6035 $wgRequest, $wgOut, and $wgLang is no longer supported and won't work. The 6036 IContextSource returned from EditPage::getContext() must be modified 6037 instead. 6038* Parser::getRandomString() (deprecated in 1.26) was removed. 6039* Parser::uniqPrefix() (deprecated in 1.26) was removed. 6040* Parser::extractTagsAndParams() now only accepts three arguments. The fourth, 6041 $uniq_prefix was deprecated in 1.26 and has now been removed. 6042* (T172514) The following tables have had their UNIQUE indexes turned into 6043 proper PRIMARY KEYs for increased maintainability: categorylinks, imagelinks, 6044 iwlinks, langlinks, log_search, module_deps, objectcache, pagelinks, 6045 query_cache, site_stats, templatelinks, text, transcache, user_former_groups, 6046 user_properties. 6047* IDatabase::nextSequenceValue() is no longer needed by any database backends 6048 (formerly it was needed by PostgreSQL and Oracle), and is now deprecated. 6049* (T146591) The lc_lang_key index on the l10n_cache table has been changed into 6050 a PRIMARY KEY. 6051* (T157227) bot_password.bp_user, change_tag.ct_log_id, change_tag.ct_rev_id, 6052 page_restrictions.pr_user, tag_summary.ts_log_id, tag_summary.ts_rev_id and 6053 user_properties.up_user have all been made unsigned on MySQL. 6054* DB_SLAVE is deprecated. DB_REPLICA should be used instead. 6055* wfUsePHP() is deprecated. 6056* wfFixSessionID() was removed. 6057* wfShellExec() and related functions are deprecated, use Shell::command(). This 6058 also slightly changes the behavior of how execution time limits are calculated 6059 when only some of defaults are overridden per-call. When in doubt, always 6060 override both wall clock and CPU time. 6061* (T138166) SpecialEmailUser::getTarget() now requires a second argument, the 6062 sending user object. Using the method without the second argument is 6063 deprecated. 6064* (T67297) Browsers that don't support Unicode will have their edits rejected. 6065* (T178450) The module 'jquery.badge' is deprecated and will be removed in a 6066 future release. For notifying the user of an event, the Notifications ("Echo") 6067 system should be used instead. 6068* (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and 6069 browser sends non-standard url escaping. 6070* (T165846) SECURITY: BotPassword login attempts weren't throttled. 6071 6072= MediaWiki 1.29 = 6073 6074== MediaWiki 1.29.3 == 6075 6076This is a security and maintenance release of the MediaWiki 1.29 branch. 6077 6078=== Changes since 1.29.2 === 6079* (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides 6080 'newbie'. 6081* (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's 6082 account lock. 6083* (T180551) Fix LanguageSrTest for language converter 6084* (T180552) Fix language converter parser test with self-close tags 6085* (T180537) Remove $wgAuth usage from wrapOldPasswords.php 6086* (T180485) InputBox: Have inputbox langconvert certain attributes 6087* (T161732, T181547) Upgraded Moment.js from v2.15.0 to v2.19.3. 6088* (T172927) Drop vendor from MW release branch 6089* (T87572) Make FormatMetadata::flattenArrayReal() work for an associative array 6090* Updated composer/spdx-licenses from 1.1.4 to 1.3.0 (development dependency). 6091* (T189567) the CLI installer (maintenance/install.php) learned to detect and 6092 include extensions. Pass --with-extensions to enable that feature. 6093* (T182381) Mask deprecated call in WatchedItemUnitTest 6094* (T190503) Let built-in web server (maintenance/dev) handle .php requests. 6095* The karma qunit tests would fail on some configuration due to headers already 6096 sent. Check headers_sent() before sending cpPosTime headers 6097* (T167507) selenium: Run Chrome headlessly. 6098* selenium: Pass -no-sandbox to Chrome under Docker 6099* (T191247) Use MediaWiki\SuppressWarnings around trigger_error('') instead @ 6100* (T75174, T161041) Unit test ChangesListSpecialPageTest::testFilterUserExpLevel 6101 fails under SQLite. 6102* (T192584) Stop incorrectly passing USE INDEX to RecentChange::newFromConds(). 6103* (T179190) selenium: Move test running logic from package.json to selenium.sh. 6104* (T117839, T193200) PDFHandler: Fix for pdfinfo changes in poppler-utils 0.48. 6105* Add default edit rate limit of 90 edits/minute for all users. 6106* (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported. 6107* (T196672) The mtime of extension.json files is now able to be zero 6108* (T180403) Validate $length in padleft/padright parser functions. 6109* (T143790) Make $wgEmailConfirmToEdit only affect edit actions. 6110* (T194237) Special:BotPasswords now requires reauthentication. 6111* (T191608, T187638) Add 'logid' parameter to Special:Log. 6112* (T176097) resourceloader: Disable a flaky MessageBlobStoreTest case 6113* (T193829) Indicate when a Bot Password needs reset. 6114* (T151415) Log email changes. 6115* (T118420) Unbreak Oracle installer. 6116 6117== MediaWiki 1.29.2 == 6118 6119This is a security and maintenance release of the MediaWiki 1.29 branch. 6120 6121=== Changes since 1.29.1 === 6122* (T166757) Avoid scoped lock errors in Category::refreshCounts() due to 6123 nesting. 6124* (T175439) Unbreak Postgres Updater when setting defaults for a column. 6125* (T160298) Remove use of implicitGroupBy() in ActiveUsersPager. 6126* Fixed login button label to accept RawMessage. 6127* Fixed case of SpecialRecentChanges class usage. 6128* (T174255) Declare uploadCount property in importDump.php. 6129* (T163646) Pass a string not an int to mysql_real_escape_string(). 6130* (T180143) Bump justinrainbow/json-schema development dependency to ~5.2. 6131* Updated dev dependancy phpunit/phpunit from v4.8.35 to v4.8.36. 6132* (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and 6133 browser sends non-standard url escaping. 6134* (T165846) SECURITY: BotPassword login attempts weren't throttled. 6135* (T128209) SECURITY: Reflected File Download from api.php. 6136* (T134100) SECURITY: Do not reveal if user exists during login failure. 6137* (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS. 6138* (T125163) SECURITY: Make anchor for headlines escape > and <. 6139* (T180237) SECURITY: Protect vendor folder with .htaccess. 6140* (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in 6141 update.php. 6142* (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit. 6143* (T119158) SECURITY: Handle -{}- syntax in attributes safely. 6144* (T180488) (T125177) "api.log contains passwords in plaintext" wasn't correctly 6145 fixed in all branches in the previous security release. 6146 6147== MediaWiki 1.29.1 == 6148 6149This is a maintenance release of the MediaWiki 1.29 branch. 6150 6151The SpamBlacklist and PdfHandler extensions were missing from the generated 6152packages. 6153 6154=== Changes since 1.29.1 === 6155* (T164999) Define mw.Upload.Dialog.static.name in mediawiki.Upload.Dialog.js. 6156* (T172061) Fix fatal when passing a category to refreshLinks.php. 6157 6158== MediaWiki 1.29.0 == 6159 6160=== Configuration changes in 1.29 === 6161* Default cookie expiration time has been reduced to 30 days. Login cookie 6162 expiration time is kept at 180 days. 6163* A new configuration variable has been added: $wgCookieSetOnAutoblock. This 6164 determines whether to set a cookie when a user is autoblocked. Doing so means 6165 that a blocked user, even after logging out and moving to a new IP address, 6166 will still be blocked. 6167* The resetpassword right and associated password reset capture feature has 6168 been removed. 6169* The $error parameter to the EmailUser hook should be set to a Status object 6170 or boolean false. This should be compatible with at least MediaWiki 1.23 if 6171 not earlier. Returning a raw HTML string is now deprecated. 6172* The $message parameter to the ApiCheckCanExecute hook should be set to an 6173 ApiMessage. This is compatible with MediaWiki 1.27 and later. Returning a 6174 code for ApiBase::parseMsg() will no longer work. 6175* ApiBase::$messageMap is no longer public. Code attempting to access it will 6176 result in a PHP fatal error. 6177* $wgUserEmailUseReplyTo is now true by default to work around restrictive DMARC 6178 policies. 6179* Subpages are now enabled by default in the Template namespace. Set 6180 $wgNamespacesWithSubpages[NS_TEMPLATE] to false to keep the old behavior. 6181* $wgRunJobsAsync is now false by default (T142751). This change only affects 6182 wikis with $wgJobRunRate > 0. 6183* (T158474) "Unknown user" has been added to $wgReservedUsernames. 6184* (T156983) $wgRateLimitsExcludedIPs now accepts CIDR ranges as well as single 6185 IPs. 6186* $wgDummyLanguageCodes is deprecated. Additional language code mappings may be 6187 added to $wgExtraLanguageCodes instead. 6188* (T161453) LocalisationCache will no longer use the temporary directory in it's 6189 fallback chain when trying to work out where to write the cache. 6190* The user right 'editusercssjs' (deprecated in 1.16) was removed. Use 6191 'editusercss' and 'edituserjs' in $wgGroupPermissions and elsewhere instead. 6192 6193=== New features in 1.29 === 6194* (T5233) A cookie can now be set when a user is autoblocked, to track that user 6195 if they move to a new IP address. This is disabled by default. 6196* Added ILocalizedException interface to standardize the use of localized 6197 exceptions, largely so the API can handle them more sensibly. 6198* Blocks created automatically by MediaWiki, such as for configured proxies or 6199 dnsbls, are now indicated as such and use a new i18n message when displayed. 6200* Added new $wgHTTPImportTimeout setting. Sets timeout for 6201 downloading the XML dump during a transwiki import in seconds. 6202* Parser limit report is now available in machine-readable format to JavaScript 6203 via mw.config.get('wgPageParseReport'). 6204* Added $wgSoftBlockRanges, to allow for automatically blocking anonymous edits 6205 from certain IP ranges (e.g. private IPs). 6206* (T59603) Added new magic word {{PAGELANGUAGE}} which returns the language code 6207 of the page being parsed. 6208* HTML5 form validation attributes will no longer be suppressed. Originally 6209 browsers had poor support for them, but modern browsers handle them fine. 6210 This might affect some forms that used them and only worked because the 6211 attributes were not actually being set. 6212* Expiry times can now be specified when users are added to user groups. 6213* Completely new user interface for the RecentChanges page, which 6214 structures filters into user-friendly groups. This has corresponding 6215 changes to how filters are registered by core and extensions. 6216* The edit form now uses pretty OOjs UI buttons, checkboxes and summary input. 6217 Because this change can cause problems for extensions and on-wiki 6218 scripts depending on the exact HTML, the old version is still available 6219 and can be used by setting $wgOOUIEditPage = false; in LocalSettings.php. 6220 This will be removed later and OOjs UI will become the only option. 6221 To make testing easier, users can also force either mode by adding 6222 &ooui=true or &ooui=false to the action=edit URL. 6223 6224=== External library changes in 1.29 === 6225 6226==== Upgraded external libraries ==== 6227* Updated QUnit from v1.22.0 to v1.23.1. 6228* Updated cssjanus from v1.1.2 to v1.2.0. 6229* Updated psr/log from v1.0.0 to v1.0.2. 6230* Update Moment.js from v2.8.4 to v2.15.0. 6231* Updated oyejorge/less.php from v1.7.0.10 to v1.7.0.14. 6232* Updated monolog from v1.18.2 to 1.22.1. 6233* Updated wikimedia/composer-merge-plugin from v1.3.1 to v1.4.0. 6234* Updated OOjs from v1.1.10 to v2.0.0. 6235* Updated jQuery from v1.11.3 to v3.2.1 (including jQuery Migrate v3.0.0). 6236 6237==== New external libraries ==== 6238* Added wikimedia/timestamp v1.0.0. 6239* Added wikimedia/remex-html v1.0.1. 6240 6241==== Removed and replaced external libraries ==== 6242 6243=== Bug fixes in 1.29 === 6244* (T62604) Core parser functions returning a number now format the number 6245 according to the page content language, not wiki content language. 6246* (T27187) Search suggestions based on jquery.suggestions will now correctly 6247 only highlight prefix matches in the results. 6248* (T157035) "new mw.Uri()" was ignoring options when using default URI. 6249* Special:Allpages can no longer be filtered by redirect in miser mode. 6250* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is 6251 installed. 6252* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow 6253 redirect to interwiki links. 6254* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when 6255 $wgAdvancedSearchHighlighting is true. 6256* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep 6257 their values out of the logs. 6258* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a 6259 CSRF token. 6260* (T156184) SECURITY: Escape content model/format url parameter in message. 6261* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD 6262 declaration. 6263* (T161453) SECURITY: LocalisationCache will no longer use the temporary 6264 directory in it's fallback chain when trying to work out where to write the 6265 cache. 6266* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file 6267 inclusion syntax's link parameter. 6268* (T108138) SECURITY: Sysops can undelete pages, although the page is protected 6269 against it. 6270 6271=== Action API changes in 1.29 === 6272* Submitting sensitive authentication request parameters to action=login, 6273 action=clientlogin, action=createaccount, action=linkaccount, and 6274 action=changeauthenticationdata in the query string is now an error. They 6275 should be submitted in the POST body instead. 6276* The capture option for action=resetpassword has been removed 6277* action=clearhasmsg now requires a POST. 6278* (T47843) API errors and warnings may be requested in non-English languages 6279 using the new 'errorformat', 'errorlang', and 'errorsuselocal' parameters. 6280* API error codes may have changed. Most notably, errors from modules using 6281 parameter prefixes (e.g. all query submodules) will no longer be prefixed. 6282* ApiPageSet-using modules will report the 'invalidreason' using the specified 6283 'errorformat'. 6284* action=emailuser may return a "Warnings" status, and now returns 'warnings' 6285 and 'errors' subelements (as applicable) instead of 'message'. 6286* action=imagerotate returns an 'errors' subelement rather than 'errormessage'. 6287* action=move now reports errors when moving the talk page as an array under 6288 key 'talkmove-errors', rather than using 'talkmove-error-code' and 6289 'talkmove-error-info'. The format for subpage move errors has also changed. 6290* action=revisiondelete no longer includes a "rendered" property on warnings 6291 and errors for each item. Use errorformat=wikitext if you're wanting parsed 6292 output. 6293* action=rollback no longer returns a "messageHtml" property. Use 6294 errorformat=html if you're wanting HTML formatting of error messages. 6295* action=upload now reports optional stash failures as an array under key 6296 'stasherrors' rather than a 'stashfailed' text string. 6297* action=watch reports 'errors' and 'warnings' instead of a single 'error', and 6298 no longer returns a 'message' on success. 6299* Added action=validatepassword to validate passwords for the account creation 6300 and password change forms. 6301* action=purge now requires a POST. 6302* There is a new `languagevariants` siprop for action=query&meta=siteinfo, 6303 which returns a list of languages with active LanguageConverter instances. 6304* action=query&query=allpages will no longer filter redirects using a database 6305 query in miser mode. This may result in less results being returned than were 6306 requested. 6307 6308=== Action API internal changes in 1.29 === 6309* New methods were added to ApiBase to handle errors and warnings using i18n 6310 keys. Methods for using hard-coded English messages were deprecated: 6311 * ApiBase::dieUsage() was deprecated 6312 * ApiBase::dieUsageMsg() was deprecated 6313 * ApiBase::dieUsageMsgOrDebug() was deprecated 6314 * ApiBase::getErrorFromStatus() was deprecated 6315 * ApiBase::parseMsg() was deprecated 6316 * ApiBase::setWarning() was deprecated 6317* ApiBase::$messageMap is no longer public. Code attempting to access it will 6318 result in a PHP fatal error. 6319* The $message parameter to the ApiCheckCanExecute hook should be set to an 6320 ApiMessage. This is compatible with MediaWiki 1.27 and later. Returning a 6321 code for ApiBase::parseMsg() will no longer work. 6322* UsageException is deprecated in favor of ApiUsageException. For the time 6323 being ApiUsageException is a subclass of UsageException to allow things that 6324 catch only UsageException to still function properly. 6325* If, for some strange reason, code was using an ApiErrorFormatter instead of 6326 ApiErrorFormatter_BackCompat, note that the result format has changed and 6327 various methods now take a module path rather than a module name. 6328* ApiMessageTrait::getApiCode() now strips 'apierror-' and 'apiwarn-' prefixes 6329 from the message key, and maps some message keys for backwards compatibility. 6330* API parameters may now be marked as "sensitive" to keep their values out of 6331 the logs. 6332 6333=== Languages updated in 1.29 === 6334 6335MediaWiki supports over 350 languages. Many localisations are updated 6336regularly. Below only new and removed languages are listed, as well as 6337changes to languages because of Phabricator reports. 6338 6339* Based as always on linguistic studies on intelligibility and language 6340 knowledge by geography, language fallbacks have been expanded. When a 6341 translation is missing in the user's preferred interface language, the 6342 corresponding translation for the fallback language will be used instead. 6343 English will only be used as last resort when there are no translations. 6344 Some configurations (such as date formats and gender namespaces) have also 6345 been updated when using the fallback language's configuration was inadequate. 6346 The new or reinstated language fallbacks are (after cs ↔ sk in 1.28): 6347 ca ↔ oc; hsb ↔ dsb; io → eo; mdf → ru; pnt → el; roa-tara → it; rup → ro; 6348 sh → bs, sr-el, hr. 6349* (T137376) New language support: Atikamekw (atj). 6350* (T163600) New language support: Dinka (din). 6351* (T155957) Talk Namespaces for Javanese language (jv) have been updated. 6352 6353==== No fallback for Ukrainian ==== 6354* (T39314) The fallback from Ukrainian to Russian was removed. The Ukrainian 6355 language will now use the default fallback language: English. When a 6356 translation to Ukrainian is not available, an English string will be shown. 6357 6358=== Other changes in 1.29 === 6359* Database::getSearchEngine() (deprecated in 1.28) was removed. Use 6360 SearchEngineFactory::getSearchEngineClass() instead. 6361* $wgSessionsInMemcached (deprecated in 1.20) was removed. No replacement is 6362 required as all sessions are stored in Object Cache now. 6363* MWHttpRequest::execute() should be considered to return a StatusValue; the 6364 Status return type is deprecated. 6365* User::edits() (deprecated in 1.21) was removed. 6366* Xml::escapeJsString() (deprecated in 1.21) was removed. 6367* Article::getText() and Article::prepareTextForEdit() (deprecated in 1.21) 6368 were removed. 6369* Article::getAutosummary() and WikiPage::getAutosummary() (deprecated in 1.21) 6370 were removed. 6371* Hook ArticleViewCustom (deprecated in 1.21) was removed. Use 6372 ArticleContentViewCustom instead. 6373* Hooks EditPageGetDiffText and ShowRawCssJs (deprecated in 1.21) were removed. 6374* Class RevisiondeleteAction (deprecated in 1.25) was removed. 6375* WikiPage::prepareTextForEdit() (deprecated in 1.21) was removed. 6376* WikiPage::getText() (deprecated in 1.21) was removed. 6377* Article::fetchContent() (deprecated in 1.21) was removed. 6378* User::getPassword() (deprecated in 1.27) was removed. 6379* User::getTemporaryPassword() (deprecated in 1.27) was removed. 6380* User::isPasswordReminderThrottled() (deprecated in 1.27) was removed. 6381* Class FSRepo (deprecated in 1.19) was removed. 6382* WebRequest::checkSessionCookie() (deprecated in 1.27) was removed. Use 6383 \MediaWiki\Session\SessionManager::singleton()->getPersistedSessionId() 6384 instead. 6385* Class ImageGallery (deprecated in 1.22) was removed. 6386 Use ImageGalleryBase::factory instead. 6387* Title::moveNoAuth() (deprecated in 1.25) was removed. Use MovePage class 6388 instead. 6389* Hook UnknownAction (deprecated in 1.19) was actually deprecated (it will now 6390 emit warnings). Create a subclass of Action and add it to $wgActions instead. 6391* WikiRevision::getText() (deprecated since 1.21) is no longer marked 6392 deprecated. 6393* Linker::getInterwikiLinkAttributes() (deprecated since 1.25) was removed. 6394* Linker::getInternalLinkAttributes() (deprecated since 1.25) was removed. 6395* Linker::getInternalLinkAttributesObj() (deprecated since 1.25) was removed. 6396* Linker::getLinkAttributesInternal() (deprecated since 1.25) was removed. 6397* RedisConnectionPool::handleException (deprecated since 1.23) was removed. 6398* The static properties mw.Api.errors and mw.Api.warnings, containing incomplete 6399 and outdated lists of errors/warnings returned by the API, are now deprecated. 6400* wiki.phtml entry point was removed. Refer to index.php instead. If you want 6401 "wiki.phtml" URLs to continue to work, set up redirects. In Apache, this can 6402 be done by enabling mod_rewrite and adding the following rules to your 6403 configuration: 6404 6405 RewriteEngine On 6406 RewriteBase / 6407 RewriteRule ^/w/wiki\.phtml$ /w/index.php [R=301,L] 6408* Hook ArticleAfterFetchContent (deprecated in 1.21) was removed. 6409 Use ArticleAfterFetchContentObject instead. 6410* Hook ArticleInsertComplete (deprecated in 1.21) was removed. 6411 Use PageContentInsertComplete instead. 6412* Hook ArticleSave (deprecated in 1.21) was removed. 6413 Use PageContentSave instead. 6414* Hook ArticleSaveComplete (deprecated in 1.21) was removed. 6415 Use PageContentSaveComplete instead. 6416* Hook EditFilterMerged (deprecated in 1.21) was removed. 6417 Use EditFilterMergedContent instead. 6418* Hook EditPageGetPreviewText (deprecated in 1.21) was removed. 6419 Use EditPageGetPreviewContent instead. 6420* Hook TitleIsCssOrJsPage (deprecated in 1.21) was removed. 6421 Use ContentHandlerDefaultModelFor instead. 6422* Hook TitleIsWikitextPage (deprecated in 1.21) was removed. 6423 Use ContentHandlerDefaultModelFor instead. 6424* Article::getContent() (deprecated in 1.21) was removed. 6425* Revision::getText() (deprecated in 1.21) was removed. 6426* Article::doEdit() and WikiPage::doEdit() (deprecated in 1.21) were removed. 6427* Parser::replaceUnusualEscapes() (deprecated in 1.24) was removed. 6428* Article::doEditContent() was marked as deprecated, to be removed in 1.30 6429 or later. 6430* ContentHandler::runLegacyHooks() was removed. 6431* refreshLinks.php now can be limited to a particular category with 6432 --category=... or a tracking category with --tracking-category=... 6433* User-like objects that are passed to SpecialUserRights and its subclasses are 6434 now required to have a getGroupMemberships() method. See UserRightsProxy for 6435 an example. 6436* User::$mGroups (instance variable) was marked private. Use User::getGroups() 6437 instead. 6438* User::getGroupName(), User::getGroupMember(), User:getGroupPage(), 6439 User::makeGroupLinkHTML(), and User::makeGroupLinkWiki() were deprecated. 6440 Use equivalent methods on the UserGroupMembership class. 6441* Maintenance scripts and tests that call User::addGroup() must now ensure that 6442 User objects have been added to the database prior to calling addGroup(). 6443* Protected function UsersPager::getGroups() was removed, and protected function 6444 UsersPager::buildGroupLink() was changed from a static to an instance method. 6445* The third parameter ($cache) to the UsersPagerDoBatchLookups hook was changed; 6446 see docs/hooks.txt. 6447* User::crypt() (deprecated in 1.24) was removed. 6448* User::comparePasswords() (deprecated in 1.24) was removed. 6449* ArchivedFile::getUserText() (deprecated in 1.23) was removed. 6450* HTMLFileCache::newFromTitle() (deprecated in 1.24) was removed. 6451* BREAKING CHANGE: Internal signature changes to ChangesListSpecialPage 6452 and subclasses. It should only break if you call buildMainQueryConds 6453 (changed to buildQuery with new signature) or doMainQuery (new 6454 signature). Subclasses are likely to call at least doMainQuery 6455 (possibly both), but other classes might too, because they were 6456 public. 6457 Also, some related hooks were deprecated, but this is not yet a 6458 breaking change. 6459* Removed 'jquery.arrowSteps' module. (deprecated since 1.28) 6460* The 'jquery.autoEllipsis' ResourceLoader module is now deprecated. 6461* WikiRevision::$fileIsTemp was deprecated. 6462* WikiRevision::$importer was deprecated. 6463* WikiRevision::$user was deprecated. 6464* Article::getLastPurgeTimestamp(), WikiPage::getLastPurgeTimestamp(), and the 6465 WikiPage::PURGE_* constants are deprecated, and the functions will always 6466 return false. They were a hack for an issue that has since been fixed. 6467* Hook 'EditPageBeforeEditChecks' is now deprecated. Instead use the new hook 6468 'EditPageGetCheckboxesDefinition', or 'EditPage::showStandardInputs:options' 6469 if you don't actually care about checkboxes and just want to add some HTML 6470 to the page. 6471* Selflinks are now rendered as href-less <a> tags with the class mw-selflink 6472 rather than <strong> tags. The old class name, "selflink", was deprecated 6473 and will be removed in a future release. (T160480) 6474* (T156184) $wgRawHtml will no longer apply to internationalization messages. 6475* Browser support for non-ES5 JavaScript browsers, including Android 2, 6476 Opera <12.10, and Internet Explorer 9, was lowered from Grade A to Grade C. 6477* Removed wikibits global methods deprecated since MediaWiki 1.17 (T122755): 6478 is_gecko, is_chrome_mac, is_chrome, webkit_version, is_safari_win, is_safari, 6479 webkit_match, is_ff2, ff2_bugs, is_ff2_win, is_ff2_x11, opera95_bugs, 6480 opera7_bugs, opera6_bugs, is_opera_95, is_opera_preseven, is_opera, 6481 ie6_bugs, clientPC, changeText, killEvt, addHandler, hookEvent, 6482 addClickHandler, removeHandler, getElementsByClassName, getInnerText, 6483 setupCheckboxShiftClick, addCheckboxClickHandlers, mwEditButtons, 6484 mwCustomEditButtons, injectSpinner, removeSpinner, escapeQuotes, 6485 escapeQuotesHTML, jsMsg, addPortletLink, appendCSS, tooltipAccessKeyPrefix, 6486 tooltipAccessKeyRegexp, updateTooltipAccessKeys. 6487* The ID of the <li> element containing the login link has changed from 6488 'pt-login' to 'pt-login-private' in private wikis. 6489* The old, neglected "bulletin board style toolbar" in the edit form is now 6490 deprecated (T30856). This old code dates from 2006, and was replaced in the 6491 MediaWiki release tarball and in Wikimedia production by the WikiEditor 6492 extension in 2010. It is only shown to users if no other editor was 6493 installed, and leads to confusion. 6494* (T92459) Loading ResourceLoader modules containing JavaScript through 6495 addModuleStyles() is deprecated and will log a warning server-side. 6496 6497= MediaWiki 1.28 = 6498 6499== MediaWiki 1.28.3 == 6500 6501This is a security and maintenance release of the MediaWiki 1.28 branch. 6502 6503=== Changes since 1.28.2 == 6504* (T168856) Allow SVGs created by Dia to be uploaded. 6505* (T157545) Add missing doUpdates() call to refreshLinks.php. 6506* (T165714) (T100085) Better handling of jobs execution in post-connection 6507 shutdown. 6508* (T154425) (T154438) (T157679) Use AutoCommitUpdate instead of 6509 Database->onTransactionIdle. 6510* (T154425) Make DeferredUpdates detect LBFactory transaction rounds. 6511* (T149454) Restore erroneously removed realTableName call from 6512 DatabasePostgres. 6513* (T167798) Fix phrase search and highlighting for phrase queries. 6514* (T151136) Provide credits information to callbacks in extension registration. 6515* (T160462) Allow namespaces defined in extension.json to be overwritten 6516 locally. 6517* (T168337) Fix ErrorPageError to work from non-UI contexts. 6518* (T143788) Backports for PHP 7.0 and 7.1 support. 6519* (T175439) Unbreak Postgres Updater when setting defaults for a column. 6520* (T160298) Remove use of implicitGroupBy() in ActiveUsersPager. 6521* (T174255) Declare uploadCount property in importDump.php. 6522* (T180231) SECURITY: Updated dev dependancy phpunit/phpunit from v4.8.24 to 6523 v4.8.36. 6524* (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and 6525 browser sends non-standard url escaping. 6526* (T165846) SECURITY: BotPassword login attempts weren't throttled. 6527* (T128209) SECURITY: Reflected File Download from api.php. 6528* (T134100) SECURITY: Do not reveal if user exists during login failure. 6529* (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS. 6530* (T125163) SECURITY: Make anchor for headlines escape > and <. 6531* (T180237) SECURITY: Protect vendor folder with .htaccess. 6532* (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in 6533 update.php. 6534* (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit. 6535* (T119158) SECURITY: Handle -{}- syntax in attributes safely. 6536 6537== MediaWiki 1.28.2 == 6538 6539Due to a packaging error, the wrong version of the SyntaxHighlight extension was 6540included in the tarball version of MediaWiki 1.28.1. The version included had a 6541serious security issue in it (T158689). There was also some minor code fixes in 6542MediaWiki itself since 1.28.1, but none of them were security relevant. 6543 6544== MediaWiki 1.28.1 == 6545 6546This is a security and maintenance release of the MediaWiki 1.28 branch. 6547 6548=== Changes since 1.28.0 === 6549 6550* $wgRunJobsAsync is now false by default (T142751). This change only affects 6551 wikis with $wgJobRunRate > 0. 6552* Fix fatal from "WaitConditionLoop" not being found, experienced when a wiki 6553 has more than one database server setup. 6554* (T152717) Better escaping for PHP mail() command, 6555* (T154670) A missing method causing the MySQL installer to fatal in rare 6556 circumstances was restored. 6557* (T154672) Un-deprecate ArticleAfterFetchContentObject hook. 6558* (T158766) Avoid SQL error on MSSQL when using selectRowCount(). 6559* (T145635) Fix too long index error when installing with MSSQL. 6560* (T156184) $wgRawHtml will no longer apply to internationalization messages. 6561* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is 6562 installed. 6563* (T154872) Fix incorrect ar_usertext_timestamp index names in new 1.28 6564 installs. 6565* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow 6566 redirect to interwiki links. 6567* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when 6568 $wgAdvancedSearchHighlighting is true. 6569* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep 6570 their values out of the logs. 6571* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a 6572 CSRF token. 6573* (T156184) SECURITY: Escape content model/format url parameter in message. 6574* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD 6575 declaration. 6576* (T161453) SECURITY: LocalisationCache will no longer use the temporary 6577 directory in it's fallback chain when trying to work out where to write the 6578 cache. 6579* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file 6580 inclusion syntax's link parameter. 6581* (T108138) SECURITY: Sysops can undelete pages, although the page is protected 6582 against it. 6583 6584== MediaWiki 1.28 == 6585 6586=== Changes since 1.28.0-rc1 === 6587* (T148957) Replace wgShowExceptionDetails with wgShowDBErrorBacktrace on db 6588 errors. 6589* (T148956) Only apply wgDBschema to postgres/mssql. 6590* (T145991) Introduce separate log action for deleting pages on move. 6591* (T141474) (T110464) Bypass login page if no user input is required. 6592 6593=== Changes since 1.28.0-rc0 === 6594* (T142210) The changes to move the parser "NewPP limit report" from a HTML 6595 comment to a machine-readable JavaScript config option 'wgPageParseReport' 6596 have been undone. They caused the human-readable limit report to be shown 6597 incompletely or not at all. ParserOutput::setLimitReportData() and 6598 getLimitReportData() behave as they did in MediaWiki 1.27 again. 6599* (T149510) Value of {{DISPLAYTITLE:}} parser function will not be used for 6600 the text of subheadings on a category page when creating it. This wasn't 6601 working correctly. 6602* (T106793) MediaWiki will no longer try to perform a HTTP redirect to the 6603 canonical pretty URL when a non-pretty URL is used. It resulted in redirect 6604 loops in some clients and in some server configurations. This undoes a change 6605 made in MediaWiki 1.26. 6606* (T149759) manifest_version: 2 was removed. 6607 6608=== Configuration changes in 1.28 === 6609* $wgSend404Code now affects status code of action=history if the page is not 6610 there. 6611* BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests 6612 made by MediaWiki via a proxy. Relying on the http_proxy environment 6613 variable is no longer supported. 6614* The load.php entry point now enforces the existing policy of not allowing 6615 access to session data, which includes the session user and the session 6616 user's language. If such access is attempted, an exception will be thrown. 6617* The number of internal PBKDF2 iterations used to derive the session secret 6618 is configurable via $wgSessionPbkdf2Iterations. 6619* Upload dialog's file upload log comment can now be configured separately for 6620 local and foreign uploads. 6621* $wgForeignUploadTargets now defaults to `[ 'local' ]`, where `'local'` 6622 signifies local uploads. A value of `[]` (empty array) now means that 6623 no upload targets are allowed, effectively disabling the upload dialog. 6624* The deprecated $wgEditEncoding variable has been removed; it was only used 6625 for Esperanto language character conversion. You are now recommended to use 6626 input methods provided by the UniversalLanguageSelector extension. 6627* When $wgPingback is true, MediaWiki will periodically ping 6628 https://www.mediawiki.org/beacon with basic information about the local 6629 MediaWiki installation. This data includes, for example, the type of system, 6630 PHP version, and chosen database backend. This behavior is off by default. 6631* When $wgEditSubmitButtonLabelPublish is true, MediaWiki will label the button 6632 to store-to-database-and-show-to-others as "Publish page"/"Publish changes"; 6633 if false, the default, they will be "Save page"/"Save changes". 6634* The 'editcontentmodel' permission is now granted to all logged-in users 6635 ('user'). 6636 instead of just administrators ('sysop'). Documentation for this feature is 6637 available at <https://www.mediawiki.org/wiki/Help:ChangeContentModel>. 6638* $wgRevisionCacheExpiry is now set to one week by default instead of being 6639 disabled. 6640* Magic links are now disabled by default, and can be re-enabled by modifying 6641 the value of $wgEnableMagicLinks. Their usage is discouraged, but if they are 6642 manually enabled, a tracking category will be added to help identify usage and 6643 make it easier to migrate away from. If you depend upon magic link 6644 functionality, it is requested that you comment on 6645 <https://www.mediawiki.org/wiki/Requests_for_comment/Future_of_magic_links> 6646 and explain your use case(s). 6647* New config variable $wgCSPFalsePositiveUrls to control what URLs to ignore 6648 in upcoming Content-Security-Policy feature's reporting. 6649 6650=== New features in 1.28 === 6651* User::isBot() method for checking if an account is a bot role account. 6652* Added a new 'slideshow' mode for galleries. 6653* Added a new hook, 'UserIsBot', to aid in determining if a user is a bot. 6654* Added a new hook, 'ApiMakeParserOptions', to allow extensions to better 6655 interact with API parsing. 6656* Added a new hook, 'UploadVerifyUpload', which can be used to reject a file 6657 upload. Unlike 'UploadVerifyFile' it provides information about upload comment 6658 and the file description page, but does not run for uploads to stash. 6659* (T141604) Extensions can now provide a better error message when their 6660 maintenance scripts are run without the extension being installed. 6661* (T8948) Numeric sorting in categories is now supported by setting 6662 $wgCategoryCollation to 'uca-default-u-kn' or 'uca-<langcode>-u-kn'. If you 6663 can't use UCA collations, a 'numeric' collation is also available. If 6664 migrating from another collation, you will need to run the updateCollation.php 6665 maintenance script. 6666* Two new codes have been added to #time parser function: "xit" for days in 6667 current month, and "xiz" for days passed in the year, both in Iranian 6668 calendar. 6669* mw.Api has a new option, useUS, to use U+001F (Unit Separator) when 6670 appropriate for sending multi-valued parameters. This defaults to true when 6671 the mw.Api instance seems to be for the local wiki. 6672* After a client performs an action which alters a database that has replica 6673 databases, MediaWiki will wait for the replica databases to synchronize with 6674 the master database while it renders the HTML output. However, if the output 6675 is a redirect to another wiki on the wiki farm with a different domain, 6676 MediaWiki will instead alter the redirect URL to include a ?cpPosTime 6677 parameter that triggers the database synchronization when the URL is followed 6678 by the client. The same-domain case uses a new cpPosTime cookie. 6679* Added new hooks, 'ApiQueryBaseBeforeQuery', 'ApiQueryBaseAfterQuery', and 6680 'ApiQueryBaseProcessRow', to make it easier for extensions to add 'prop' and 6681 'show' parameters to existing API query modules. 6682 6683=== External library changes in 1.28 === 6684 6685==== Upgraded external libraries ==== 6686* Updated es5-shim from v4.1.5 to v4.5.8 6687* Updated composer/semver from v1.4.1 to v1.4.2 6688* Updated wikimedia/php-session-serializer from v1.0.3 to v1.0.4 6689 6690==== New external libraries ==== 6691* Added wikimedia/scoped-callback v1.0.0 6692* Added wikimedia/wait-condition-loop v1.0.1 6693 6694=== Bug fixes in 1.28 === 6695* (T146496) action=history pages should return 404 HTTP error code if the page 6696 does not exist 6697* (T137264) SECURITY: XSS in unclosed internal links 6698* (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks 6699* (T133147) SECURITY: Require login to preview user CSS pages 6700* (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is 6701 the top file 6702* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in 6703 permissions 6704* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true 6705* (T139670) Move 'UserGetRights' call before application of 6706 Session::getAllowedUserRights() 6707 6708=== Action API changes in 1.28 === 6709* Added 'maxarticlesize' property to action=query&meta=siteinfo which contains 6710 the value of $wgMaxArticleSize. 6711* Property 'modulemessages' from action=parse&prop=modules was removed 6712 (deprecated since 1.26). 6713* The following response properties from action=login, deprecated in 1.27, are 6714 now removed: lgtoken, cookieprefix, sessionid. Clients should handle cookies 6715 to properly manage session state. 6716* Submitting the lgtoken and lgpassword parameters in the query string to 6717 action=login is now deprecated and outputs a warning. They should be submitted 6718 in the POST body instead. 6719* Submitting sensitive authentication request parameters to action=clientlogin, 6720 action=createaccount, action=linkaccount, and action=changeauthenticationdata 6721 in the query string is now deprecated and outputs a warning. They should be 6722 submitted in the POST body instead. 6723* (T141960) Multi-valued parameters may now be separated using U+001F 6724 (Unit Separator) instead of the pipe character. This will be useful if some of 6725 the multiple values need to contain pipes, e.g. for action=options. 6726* The API will now warn if input is not NFC-normalized Unicode or if it 6727 contains invalid characters. 6728* The 'normalized' list output by action=query and other modules that use 6729 ApiPageSet may contain entries where the 'from' value is percent-encoded as 6730 the raw value cannot be represented in a valid API response. These are 6731 indicated by a 'fromencoded' boolean alongside the existing 'from' parameter. 6732* (T28680) action=paraminfo can now return info about all submodules of a 6733 module without listing them all explicitly. 6734* (T146770) It is now possible to assert that the current user is a specific 6735 named user, using the 'assertuser' parameter. 6736* (T141963) Added a 'known' property when missing-but-known titles (e.g. from 6737 the 'TitleIsAlwaysKnown' hook) are output in various modules. 6738 6739=== Action API internal changes in 1.28 === 6740* Added a new hook, 'ApiMakeParserOptions', to allow extensions to better 6741 interact with ApiParse and ApiExpandTemplates. 6742* (T139565) SECURITY: API: Generate head items in the context of the given title 6743* (T115333) SECURITY: Check read permission when loading page content in 6744 ApiParse 6745* ApiBase::getResultData() was removed (deprecated since 1.25) 6746* ApiBase::makeHelpArrayToString() was removed (deprecated since 1.25) 6747* ApiBase::makeHelpMsgParameters() was removed (deprecated since 1.25) 6748* ApiBase::makeHelpMsg() was removed (deprecated since 1.25) 6749* ApiFormatBase::formatHTML() was removed (deprecated since 1.25) 6750* ApiFormatBase::getNeedsRawData() was removed (deprecated since 1.25) 6751* ApiFormatBase::getWantsHelp() was removed (deprecated since 1.25) 6752* ApiFormatBase::setBufferResult() was removed (deprecated since 1.25) 6753* ApiFormatBase::setHelp() was removed (deprecated since 1.25) 6754* ApiFormatBase::setUnescapeAmps() was removed (deprecated since 1.25) 6755* ApiMain::makeHelpMsgHeader() was removed (deprecated since 1.25) 6756* ApiMain::reallyMakeHelpMsg() was removed (deprecated since 1.25) 6757* ApiMain::setHelp() was removed (deprecated since 1.25) 6758* ApiResult::beginContinuation() was removed (deprecated since 1.25) 6759* ApiResult::cleanUpUTF8() was removed (deprecated since 1.25) 6760* ApiResult::convertStatusToArray() was removed (deprecated since 1.25) 6761* ApiResult::disableSizeCheck() was removed (deprecated since 1.24) 6762* ApiResult::enableSizeCheck() was removed (deprecated since 1.24) 6763* ApiResult::endContinuation() was removed (deprecated since 1.25) 6764* ApiResult::getData() was removed (deprecated since 1.25) 6765* ApiResult::getIsRawMode() was removed (deprecated since 1.25) 6766* ApiResult::setContent() was removed (deprecated since 1.25) 6767* ApiResult::setContinueParam() was removed (deprecated since 1.25) 6768* ApiResult::setElement() was removed (deprecated since 1.25) 6769* ApiResult::setGeneratorContinueParam() was removed (deprecated since 1.25) 6770* ApiResult::setIndexedTagName_internal() was removed (deprecated since 1.25) 6771* ApiResult::setIndexedTagName_recursive() was removed (deprecated since 1.25) 6772* ApiResult::setMainForContinuation() was removed (deprecated since 1.25) 6773* ApiResult::setParsedLimit() was removed (deprecated since 1.25) 6774* ApiResult::setRawMode() was removed (deprecated since 1.25) 6775* ApiResult::size() was removed (deprecated since 1.25) 6776* Added new hooks, 'ApiQueryBaseBeforeQuery', 'ApiQueryBaseAfterQuery', and 6777 'ApiQueryBaseProcessRow', to make it easier for extensions to add 'prop' and 6778 'show' parameters to existing API query modules. A query module can enable 6779 these hooks by passing an array for $hookData to ApiQueryBase::select() and 6780 by calling ApiQueryBase->processRow() before adding a row's data to the 6781 result. 6782 6783=== Languages updated in 1.28 === 6784 6785MediaWiki supports over 375 languages. Many localisations are updated 6786regularly. Below only new and removed languages are listed, as well as 6787changes to languages because of Phabricator reports. 6788 6789* (T137411) ban (Balinese), thanks to translators Adi Mayndra, Andru, 6790 BASAbali, M. Adiputra, Naval Scene, Nemo bis, NoiX180, and 아라. 6791* (T135867) shn (Shan), thanks to translators Khun Sar, Piangpha, 6792 Saiddzone Saimawnkham, Saosukham, and Sengwan. 6793* Czech (cs) and Slovak (sk) set as reciprocal fallbacks. 6794* (T146744) Livvi-Karelian (olo) namespace messages created thanks to translator 6795 Ilja.mos. 6796 6797=== Other changes in 1.28 === 6798* (T128697) Improved handling of large diffs. 6799* [BREAKING CHANGE] $wgExtendedLoginCookies has been removed. You can 6800 use or update a custom session provider if needed. 6801* Deprecated APIEditBeforeSave hook in favor of EditFilterMergedContent. 6802* The 'UploadVerification' hook is deprecated. Use 'UploadVerifyFile' instead. 6803* SiteConfiguration::isLocalVHost() was removed (deprecated since 1.25). 6804* The 'UserLoginComplete' hook has a new parameter to differentiate between 6805 actual login and visiting the login page while already logged in. 6806* ResourceLoader::makeLoaderURL() was removed (deprecated since 1.24). 6807* $.fn.liveAndTestAtStart was removed (deprecated since 1.24). 6808* mw.util.tooltipAccessKeyPrefix was removed (deprecated since 1.24). 6809* mw.util.tooltipAccessKeyRegexp was removed (deprecated since 1.24). 6810* Linker::link() and Linker::linkKnown() were deprecated; please instead use 6811 MediaWiki\Linker\LinkRenderer. In addition, the LinkBegin and LinkEnd hooks 6812 were replaced by HtmlPageLinkRendererBegin and HtmlPageLinkRendererEnd 6813 respectively. See docs/hooks.txt for the specific changes needed for those 6814 hooks. 6815* Linker::formatSize() was deprecated. Use Language::formatSize() directly. 6816* Aliases for Linker methods, deprecated since 1.21, were removed from Skin: 6817 * Skin::commentBlock() (use Linker::commentBlock() instead) 6818 * Skin::generateRollback() (use Linker::generateRollback() instead) 6819 * Skin::link() (use MediaWiki\Linker\LinkRenderer instead) 6820 * Skin::linkKnown() (use MediaWiki\Linker\LinkRenderer instead) 6821 * Skin::userLink() (use Linker::userLink() instead) 6822 * Skin::userToolLinks() (use Linker::userToolLinks() instead) 6823* Disabled "bug 2702" HTML tidying of parsed UI messages on wikis where Tidy is 6824 disabled. 6825* DifferenceEngine::generateDiffBody() was removed (deprecated since 1.21). 6826* UploadBase::stashFileGetKey() and UploadBase::stashSession() were deprecated. 6827 Use ...->stashFile()->getFileKey() instead. 6828* "Public domain" was removed as a wiki license option from the installer, in 6829 favour of CC-0. 6830* AuthenticationRequest::$required is now changed from REQUIRED to 6831 PRIMARY_REQUIRED on requests needed by primary providers even if all primaries 6832 need them. 6833 Primary providers are discouraged from returning multiple REQUIRED requests. 6834* OOjs UI PHP widgets constructed with the `'infusable' => true` config option 6835 will no longer be automatically infused. You should call `OO.ui.infuse()` 6836 on them yourself from your JavaScript code. 6837* parserTests.php has moved to tests/parser/parserTests.php 6838* The command line options specific to parser tests have been removed from 6839 phpunit.php: --regex and --keep-uploads. Instead of --regex, use --filter. 6840 Instead of --keep-uploads, use the same option to parserTests.php, but you 6841 must specify a directory with --upload-dir. 6842* The 'jquery.arrowSteps' ResourceLoader module is now deprecated. 6843* IP::isConfiguredProxy() and IP::isTrustedProxy() were removed. Callers should 6844 migrate to using the same functions on a ProxyLookup instance, obtainable from 6845 MediaWikiServices. 6846* The ArticleAfterFetchContent, ArticleInsertComplete, ArticleSave, 6847 ArticleSaveComplete, ArticleViewCustom, EditFilterMerged, EditPageGetDiffText, 6848 EditPageGetPreviewText and ShowRawCssJs hooks will now emit deprecation 6849 warnings if used. 6850* (T68404) CSS3 attr() function with url type is no longer allowed 6851 in inline styles. 6852* Database::getSearchEngine() is deprecated, use 6853 SearchEngineFactory::getSearchEngineClass instead. 6854 6855== Compatibility == 6856 6857MediaWiki 1.28 requires PHP 5.5.9 or later. There is experimental support for 6858HHVM 3.6.5 or later. 6859 6860MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but 6861support for them is somewhat less mature. There is experimental support for 6862Oracle and Microsoft SQL Server. 6863 6864The supported versions are: 6865 6866* MySQL 5.0.3 or later 6867* PostgreSQL 8.3 or later 6868* SQLite 3.3.7 or later 6869* Oracle 9.0.1 or later 6870* Microsoft SQL Server 2005 (9.00.1399) 6871 6872== Upgrading == 6873 68741.28 has several database changes since 1.27, and will not work without schema 6875updates. Note that due to changes to some very large tables like the revision 6876table, the schema update may take quite long (minutes on a medium sized site, 6877many hours on a large site). 6878 6879If upgrading from before 1.11, and you are using a wiki as a commons 6880repository, make sure that it is updated as well. Otherwise, errors may arise 6881due to database schema changes. 6882 6883If upgrading from before 1.7, you may want to run refreshLinks.php to ensure 6884new database fields are filled with data. 6885 6886If you are upgrading from MediaWiki 1.4.x or earlier, you should upgrade to 68871.5 first. The upgrade script maintenance/upgrade1_5.php has been removed 6888with MediaWiki 1.21. 6889 6890Don't forget to always back up your database before upgrading! 6891 6892See the file UPGRADE for more detailed upgrade instructions. 6893 6894For notes on 1.27.x and older releases, see HISTORY. 6895 6896== Online documentation == 6897 6898Documentation for both end-users and site administrators is available on 6899MediaWiki.org, and is covered under the GNU Free Documentation License (except 6900for pages that explicitly state that their contents are in the public domain): 6901 6902 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation 6903 6904== Mailing list == 6905 6906A mailing list is available for MediaWiki user support and discussion: 6907 6908 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l 6909 6910A low-traffic announcements-only list is also available: 6911 6912 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce 6913 6914It's highly recommended that you sign up for one of these lists if you're 6915going to run a public MediaWiki, so you can be notified of security fixes. 6916 6917== IRC help == 6918 6919There's usually someone online in #mediawiki on irc.freenode.net. 6920 6921= MediaWiki 1.27 = 6922 6923== MediaWiki 1.27.7 == 6924 6925This is a maintenance release of the MediaWiki 1.27 branch. 6926 6927=== Changes since MediaWiki 1.27.6 === 6928* Add missing `use MediaWiki\MediaWikiServices;` to LogEventsList.php. 6929* Remove broken tests from ApiBlockTest.php. 6930 6931== MediaWiki 1.27.6 == 6932 6933This is a security and maintenance release of the MediaWiki 1.27 branch. 6934 6935=== Changes since MediaWiki 1.27.5 === 6936* (T204729) WatchedItemStore::countVisitingWatchersMultiple() shouldn't query 6937 all titles when asked for none. 6938* (T109121) Remove deprecated pear/mail_mime-decode from composer suggested 6939 libraries. 6940* (T207241) Augment precision of updatelist time. 6941* (T207540) Include IP address in "Login for $1 succeeded" log entry. 6942* (T205765) Don't link to the obsolete "Extension Matrix" page in installer. 6943* (T207603) SECURITY: User JS may no longer be loaded with mime type 6944 text/javascript if there is no account associated with the username. 6945* (T113042) SECURITY: Do not allow loading pages raw with a text/javascript MIME 6946 type if non-admins can edit the page. 6947* (T207541) Pass email address to mail(). 6948* (T209335) Clarify the default sidebar 'Help' link is about MediaWiki itself. 6949* (T213359) Update mediawiki/mediawiki-codesniffer to 0.8.1. 6950* (T208871) The hard-coded Google search form on the database error page was 6951 removed. 6952* (T216968) Return pageid as int in both list=iwbacklinks and 6953 list=langbacklinks. 6954* (T218608) Fix an issue that prevents Extension:OAuth working when 6955 $wgBlockDisablesLogin is true. 6956* (T219728) Added support for new Japanese era name "Reiwa". 6957* (T25227) SECURITY: action=logout now requires to be posted and have a csrf 6958 token. 6959* SpecialPage::checkLoginSecurityLevel() will now preserve POST data when 6960 reauthenticating. 6961* FormSpecialPage::execute() will now call checkLoginSecurityLevel() if 6962 getLoginSecurityLevel() returns non-false. 6963* (T197279) SECURITY: Fix reauth in Special:ChangeEmail. 6964* (T208881) SECURITY: blacklist CSS var(). 6965* (T209794) SECURITY: rate-limit and prevent blocked users from changing email. 6966* (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block. 6967* (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query. 6968* (T222036, T222038) SECURITY: Add permission check for user is permitted to 6969 view the log type. 6970* (T221739) SECURITY: resources: Patch jQuery 1.11.3 for CVE-2019-11358. 6971 6972== MediaWiki 1.27.5 == 6973 6974This is a security and maintenance release of the MediaWiki 1.27 branch. 6975 6976=== Changes since 1.27.4 === 6977* (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides 6978 'newbie'. 6979* (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's 6980 account lock. 6981* Upgraded Moment.js from v2.8.4 to v2.19.3. 6982* (T160298) Fixed Special:ActiveUsers due to bad backport. 6983* (T87572) Make FormatMetadata::flattenArrayReal() work for an associative 6984 array. 6985* Updated list of SPDX licenses for extensions. 6986* (T189567) the CLI installer (maintenance/install.php) learned to detect and 6987 include extensions. Pass --with-extensions to enable that feature. 6988* (T192584) Stop incorrectly passing USE INDEX to RecentChange::newFromConds(). 6989* Add default edit rate limit of 90 edits/minute for all users. 6990* (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported. 6991* (T196672) The mtime of extension.json files is now able to be zero. 6992* (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete 6993 hook. 6994* (T180403) Validate $length in padleft/padright parser functions. 6995* (T143790) Make $wgEmailConfirmToEdit only affect edit actions. 6996* Special:BotPasswords now requires reauthentication. 6997* (T191608, T187638) Add 'logid' parameter to Special:Log. 6998* (T193829) Indicate when a Bot Password needs reset. 6999* (T151415) Log email changes. 7000* (T118420) Unbreak Oracle installer. 7001 7002== MediaWiki 1.27.4 == 7003This is a security and maintenance release of the MediaWiki 1.27 branch. 7004 7005=== Changes since 1.27.3 === 7006* (T100085) Better handling of jobs execution in post-connection shutdown. 7007* (T141604) Support conditionally registered namespaces. 7008* (T167798) Fix highlighting for phrase queries and phrase search. 7009* (T151136) Provide credits information to callbacks. 7010* (T160462) Allow namespaces defined in extension.json to be overwritten 7011 locally. 7012* (T168856) Allow SVGs created by Dia to be uploaded. 7013* (T144705) (T148662) Password reset link is no longer shown when no reset 7014 options are available. 7015* (T143788) (T174262) Various backports for PHP 7.0 and 7.1 support. 7016* (T66795) $wgUserEmailUseReplyTo is now true by default to work around 7017 restrictive DMARC policies. 7018* DB_REPLICA constant added from REL1_28+ to ease backports to extensions and 7019 core. 7020* (T175439) Unbreak Postgres Updater when setting defaults for a column. 7021* (T160298) Remove use of implicitGroupBy() in ActiveUsersPager. 7022* (T142304) Allow putting the app ID in the password for bot passwords. 7023* Updated dev dependancy phpunit/phpunit from v4.8.24 to v4.8.36. 7024* (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and 7025 browser sends non-standard url escaping. 7026* (T165846) SECURITY: BotPassword login attempts weren't throttled. 7027* (T128209) SECURITY: Reflected File Download from api.php. 7028* (T134100) SECURITY: Do not reveal if user exists during login failure. 7029* (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS. 7030* (T125163) SECURITY: Make anchor for headlines escape > and <. 7031* (T180237) SECURITY: Protect vendor folder with .htaccess. 7032* (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in 7033 update.php. 7034* (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit. 7035* (T119158) SECURITY: Handle -{}- syntax in attributes safely. 7036 7037== MediaWiki 1.27.3 == 7038Due to a packaging error, the wrong version of the SyntaxHighlight extension was 7039included in the tarball version of MediaWiki 1.27.2. The version included had a 7040serious security issue in it (T158689). There was also some minor code fixes in 7041MediaWiki itself since 1.27.2, but none of them were security relevant. 7042 7043=== Changes since 1.27.2 === 7044* (T145664) Fix broken wincache merge() implementation 7045* (T163434) Add wikimedia/testing-access-wrapper for forwards compatibility 7046* (T153505) Fix php warnings on php 7.1 due to use of &$this 7047 7048== MediaWiki 1.27.2 == 7049This is a security and maintenance release of the MediaWiki 1.27 branch. 7050 7051ApiCreateAccount was removed in 1.27.0. It was incorrectly still marked as 7052deprecated (rather than already removed) in the RELEASE-NOTES at the point 70531.27.0 was released. 7054 7055=== Changes since 1.27.1 === 7056 7057* (T68404) CSS3 attr() function with url type argument is no longer allowed 7058 in inline styles. 7059* $wgRunJobsAsync is now false by default (T142751). This change only affects 7060 wikis with $wgJobRunRate > 0. 7061* (T152717) Better escaping for PHP mail() command 7062* Submitting the lgtoken and lgpassword parameters in the query string to 7063 action=login is now deprecated and outputs a warning. They should be submitted 7064 in the POST body instead. 7065* Submitting sensitive authentication request parameters to action=clientlogin, 7066 action=createaccount, action=linkaccount, and action=changeauthenticationdata 7067 in the query string is now deprecated and outputs a warning. They should be 7068 submitted in the POST body instead. 7069* (T158766) Avoid SQL error on MSSQL when using selectRowCount() 7070* (T145635) Fix too long index error when installing with MSSQL. 7071* (T156184) $wgRawHtml will no longer apply to internationalization messages. 7072* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is 7073 installed. 7074* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow 7075 redirect to interwiki links. 7076* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when 7077 $wgAdvancedSearchHighlighting is true. 7078* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep 7079 their values out of the logs. 7080* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a 7081 CSRF token. 7082* (T156184) SECURITY: Escape content model/format url parameter in message. 7083* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD 7084 declaration. 7085* (T161453) SECURITY: LocalisationCache will no longer use the temporary 7086 directory in it's fallback chain when trying to work out where to write the 7087 cache. 7088* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file 7089 inclusion syntax's link parameter. 7090* (T108138) SECURITY: Sysops can undelete pages, although the page is protected 7091 against it. 7092 7093== MediaWiki 1.27.1 == 7094 7095This is a maintenance release of the MediaWiki 1.27 branch. 7096 7097=== Changes since 1.27.0 === 7098* BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests 7099 made by MediaWiki via a proxy. Relying on the http_proxy environment 7100 variable is no longer supported. 7101* (T139565) SECURITY: API: Generate head items in the context of the given title 7102* (T137264) SECURITY: XSS in unclosed internal links 7103* (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks 7104* (T133147) SECURITY: Require login to preview user CSS pages 7105* (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is 7106 the top file 7107* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in 7108 permissions 7109* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true 7110* (T115333) SECURITY: Check read permission when loading page content in 7111 ApiParse 7112* (T57548) Remove support for $wgWellFormedXml = false, all output is now well 7113 formed 7114* (T139670) Move 'UserGetRights' call before application of 7115 Session::getAllowedUserRights() 7116 7117== MediaWiki 1.27.0 == 7118 7119=== PHP version requirement in 1.27 === 7120As of 1.27, MediaWiki now requires PHP 5.5.9 or higher (see Compatibility 7121section). Additionally, the following PHP extensions are required: 7122* ctype 7123* iconv 7124* json 7125* mbstring (new requirement in 1.27) 7126* xml 7127The following PHP extensions are strongly recommended: 7128* openssl 7129 7130=== Configuration changes in 1.27 === 7131* $wgAllowMicrodataAttributes and $wgAllowRdfaAttributes were removed, 7132 now always enabled. If you use RDFa on your wiki, you now have to explicitly 7133 set $wgHtml5Version to 'HTML+RDFa 1.0' or 'XHTML+RDFa 1.0'. 7134* $wgUseLinkNamespaceDBFields was removed. 7135* Deprecated $wgResourceLoaderMinifierStatementsOnOwnLine and 7136 $wgResourceLoaderMinifierMaxLineLength, because there was little value in 7137 making the behavior configurable. The default values (`false` for the former, 7138 1000 for the latter) are now hard-coded. 7139* $wgDebugDumpSqlLength was removed (deprecated in 1.24). 7140* $wgDebugDBTransactions was removed (deprecated in 1.20). 7141* $wgUseXVO has been removed, as it provides functionality only used by 7142 custom Wikimedia patches against Squid 2.x that probably noone uses in 7143 production anymore. There is now $wgUseKeyHeader that provides similar 7144 functionality but instead of the MediaWiki-specific X-Vary-Options header, 7145 uses the draft Key header standard. 7146* $wgScriptExtension (and support for '.php5' entry points) was removed. See the 7147 deprecation notice in the release notes for version 1.25 for advice on how to 7148 preserve support for '.php5' entry points via URL rewriting. 7149* Password handling via the User object has been deprecated and partially 7150 removed, pending the future introduction of AuthManager. In particular: 7151** expirePassword(), getPasswordExpireDate(), resetPasswordExpiration(), and 7152 getPasswordExpired() have been removed. They were unused outside of core. 7153** The mPassword, mNewpassword, mNewpassTime, and mPasswordExpires fields are 7154 now private and will be removed in the future. 7155** The getPassword() and getTemporaryPassword() methods now throw 7156 BadMethodCallException and will be removed in the future. 7157** The ability to pass 'password' and 'newpassword' to createNew() has been 7158 removed. The only users of it seem to have been using it to set invalid 7159 passwords, and so shouldn't be greatly affected. 7160** setPassword(), setInternalPassword(), and setNewpassword() have been 7161 deprecated, pending the introduction of AuthManager. 7162** User::randomPassword() is deprecated in favor of a new method 7163 PasswordFactory::generateRandomPasswordString() 7164** User::getPasswordFactory() is deprecated, callers should just create a 7165 PasswordFactory themselves. 7166** A new constructor, User::newSystemUser(), has been added to simplify the 7167 creation of passwordless "system" users for logged actions. 7168* $wgMaxSquidPurgeTitles was removed. 7169* $wgAjaxWatch was removed. This is now enabled by default. 7170* $wgUseInstantCommons now hotlinks Commons images by default instead of 7171 downloading originals and thumbnailing them locally. This allows wikis to save 7172 on CPU and bandwidth while reducing time to first byte for pages, even without 7173 a thumbnail handler. See $wgForeignFileRepos documentation for tweaks. 7174* (T27397) WebP is enabled by default as an uploadable filetype. 7175* (T48998) $wgArticlePath must now be either a full url, or start with a "/". 7176* $wgRateLimitLog was removed; use $wgDebugLogGroups['ratelimit'] instead. 7177* Deprecated API formats dbg, txt, and yaml have been removed. 7178* CLDRPluralRule* classes have been replaced with 7179 wikimedia/cldr-plural-rule-parser. 7180* Removed $wgProfilePerHost, $wgUDPProfilerHost, $wgUDPProfilerPort, 7181 $wgUDPProfilerFormatString, $wgStatsMethod, $wgAggregateStatsID, 7182 $wgStatsFormatString, and $wgProfileCallTree (deprecated since 1.20). 7183* For proper operation of LocalIdLookup with shared user tables, ensure that 7184 $wgSharedDB and $wgSharedTables are properly set even on the "central" wiki 7185 that all others are sharing from and that $wgLocalDatabases is set to the 7186 full list of sharing wikis on all those wikis. 7187* Massive overhaul to session handling: 7188** $wgSessionsInObjectCache is no longer supported and must be true, due to 7189 MediaWiki\Session\SessionManager. $wgSessionHandler is similarly no longer 7190 used. 7191** ObjectCacheSessionHandler is removed, replaced with 7192 MediaWiki\Session\PhpSessionHandler. 7193** PHP session handling in general ($_SESSION, session_id(), and so on) is 7194 deprecated. Use MediaWiki\Session\SessionManager instead. A new config 7195 variable, $wgPHPSessionHandling, is available to cause use of $_SESSION to 7196 issue a deprecation warning or to cause most PHP session handling to throw 7197 exceptions. 7198** Deprecated UserSetCookies hook. Session-handling extensions should generally 7199 be creating a custom subclass of CookieSessionProvider. Other extensions 7200 messing with cookies can no longer count on user data being saved in cookies 7201 versus other methods. 7202** Deprecated UserLoadFromSession hook, extensions should create a 7203 MediaWiki\Session\SessionProvider. 7204** The User cannot be loaded from session until after Setup.php completes. 7205 Attempts to do so will be ignored and the User will remain unloaded. 7206** CSRF tokens may be fetched from the MediaWiki\Session\Session, which uses 7207 the MediaWiki\Session\Token class. 7208* MediaWiki will now auto-create users as necessary, removing the need for 7209 extensions to do so. An 'autocreateaccount' right is added to allow 7210 auto-creation when 'createaccount' is not granted to all users. 7211* Deprecated AuthPluginAutoCreate hook in favor of LocalUserCreated. 7212* Most cookie-handling methods in User are deprecated. 7213* $wgAllowAsyncCopyUploads and $CopyUploadAsyncTimeout were removed. This was an 7214 experimental feature that has never worked. 7215* Login and createaccount tokens now vary by timestamp. 7216* LoginForm::getLoginToken() and LoginForm::getCreateaccountToken() 7217 return a MediaWiki\Session\Token, and tokens must be checked using that 7218 class's methods. 7219* $wgEnotifUseJobQ was removed and the job queue is always used. 7220* The functionality of the ApiSandbox extension has been merged into core. The 7221 extension should no longer be used. 7222* $wgPreloadJavaScriptMwUtil was removed (deprecated in 1.26). 7223 Extensions, skins, gadgets and scripts that use the mediawiki.util module must 7224 express a dependency on it. 7225* $wgIncludeLegacyJavaScript, deprecated in MediaWiki 1.26, now defaults false. 7226 Extensions, skins, gadgets and scripts that need the mediawiki.legacy.wikibits 7227 module should express a dependency on it. 7228* Removed configuration option $wgCopyrightIcon (deprecated since 1.18). Use 7229 $wgFooterIcons['copyright']['copyright'] instead. 7230* If the openssl and mcrypt PHP extensions are both unavailable, secure 7231 session storage (used for login) will raise an exception. This exception may 7232 be bypassed by setting $wgSessionInsecureSecrets = true. 7233* Massive overhaul to authentication: 7234** AuthPlugin and AuthPluginUser are deprecated. 7235** LoginForm and associated templates are deprecated. Extensions which called 7236 static LoginForm methods should be converted into authentication providers. 7237** The following hooks are deprecated: 7238*** AbortAutoAccount (create a MediaWiki\Auth\PreAuthenticationProvider instead) 7239*** AbortLogin (create a MediaWiki\Auth\PreAuthenticationProvider instead) 7240*** AbortNewAccount (create a MediaWiki\Auth\PreAuthenticationProvider instead) 7241*** AddNewAccount (use LocalUserCreated instead) 7242*** AuthPluginSetup (create a MediaWiki\Auth\PrimaryAuthenticationProvider 7243 instead) 7244*** ChangePasswordForm (use AuthChangeFormFields instead, or security levels) 7245*** LoginUserMigrated (create a MediaWiki\Auth\PreAuthenticationProvider 7246 instead) 7247*** UserCreateForm (create a MediaWiki\Auth\AuthenticationProvider of some type 7248 instead) 7249*** UserLoginForm (create a MediaWiki\Auth\AuthenticationProvider of some type 7250 instead) 7251** The following hooks are removed: 7252*** AbortChangePassword 7253*** LoginPasswordResetMessage 7254*** PrefsPasswordAudit 7255** The UserLoginComplete hook will no longer be called for all logins, only for 7256 those via the web UI. Use UserLoggedIn if you need to do something on all 7257 logins. 7258** $wgRequirePasswordforEmailChange is removed. 7259 7260=== New features in 1.27 === 7261* $wgDataCenterUpdateStickTTL was also added. This decides how long a user 7262 sticks to the primary DC (via cookies) after they make changes to the site. 7263* Added a new hook, 'UserMailerTransformContent', to transform the contents 7264 of an email. This is similar to the EmailUser hook but applies to all mail 7265 sent via UserMailer. 7266* Added a new hook, 'UserMailerTransformMessage', to transform the contents 7267 of an emai after MIME encoding. 7268* Added a new hook, 'UserMailerSplitTo', to control which users have to be 7269 emailed separately (ie. there is a single address in the To: field) so 7270 user-specific changes to the email can be applied safely. 7271* $wgCdnMaxageLagged was added, which limits the CDN cache TTL 7272 when any load balancer uses a DB that is lagged beyond the 'max lag' 7273 setting in the relevant section of $wgLBFactoryConf. 7274* User::newSystemUser() may be used to simplify the creation of passwordless 7275 "system" users for logged actions from scripts and extensions. 7276* Extensions can now return detailed error information via the API when 7277 preventing user actions using 'getUserPermissionsErrors' and similar hooks 7278 by using ApiMessage instances instead of strings for the $result value. 7279* $wgAPIMaxLagThreshold was added to limit bot changes when databases lag 7280 becomes too high. 7281* Skins and extensions can now use FlexBox mixins (.flex-display(@display: flex) 7282 and .flex(@grow: 1, @shrink: 1, @width: auto, @order: 1)) in Less to create 7283 cross-browser-compatible FlexBox rules. Users will still need to add fallback 7284 float rules or the like for compatibility with IE9- separately. 7285* Added MWTimestamp::getTimezoneString() which returns the localized timezone 7286 string, if available. To localize this string, see the comments of 7287 $wgLocaltimezone in includes/DefaultSettings.php. 7288* Added CentralIdLookup, a service that allows extensions needing a concept of 7289 "central" users to get that without having to know about specific central 7290 authentication extensions. 7291* $wgMaxUserDBWriteDuration added to limit huge user-generated transactions. 7292 Regular web request transactions that takes longer than this are aborted. 7293* Added a new hook, 'TitleMoveCompleting', which runs before a page move is 7294 committed. 7295* $wgCdnReboundPurgeDelay was added to provide secondary delayed purges of URLs 7296 from CDN to mitigate DB replication lag and WAN cache purge lag. 7297* (T49162) Installer will default to setting CACHE_ACCEL as the main cache type 7298 if it is available. 7299* It is now possible to patrol file uploads (both for new files and new versions 7300 of existing files). Special:NewFiles has gained an option to filter by patrol 7301 status. This functionality can be disabled using $wgUseFilePatrol. 7302* MediaWiki\Session infrastructure allows for easier use of session mechanisms 7303 other than the usual cookies. 7304** SessionMetadata and SessionCheckInfo hooks allow for setting and checking 7305 custom session metadata. 7306* Added MWGrants and associated configuration settings $wgGrantPermissions and 7307 $wgGrantPermissionGroups to hold configuration for authentication features 7308 such as OAuth that want to allow restricting the user rights a user may make 7309 use of. 7310** If you're already using the OAuth extension, these new variables are 7311 identical to (and will replace) $wgMWOAuthGrantPermissions and 7312 $wgMWOAuthGrantPermissionGroups. 7313* Added MWRestrictions as a class to check restrictions on a WebRequest, e.g. 7314 to assert that the request comes from a particular IP range. 7315* Added bot passwords, a rights-restricted login mechanism for API-using bots. 7316* Whitelisted the following HTML attributes for all elements in wikitext: 7317 aria-describedby, aria-flowto, aria-label, aria-labelledby, aria-owns. 7318* Removed "presentation" restriction on the HTML role attribute in wikitext. 7319 All values are now allowed for the role attribute. 7320* $wgContentHandlers now also supports callbacks to create an instance of the 7321 appropriate ContentHandler subclass. 7322* Added $wgAuthenticationTokenVersion, which if non-null prevents the 7323 user_token database field from being exposed in cookies. Setting this would 7324 be a good idea, but will log out all current sessions. 7325* $wgEventRelayerConfig was added, for managing PubSub event relay 7326 configuration, specifically for reliable CDN url purges. 7327* Requests have unique IDs, equal to the UNIQUE_ID environment variable (when 7328 MediaWiki is behind Apache+mod_unique_id or something similar) or a randomly- 7329 generated 24-character string. This request ID is used to annotate log records 7330 and error messages. It is available client-side via 7331 mw.config.get( 'wgRequestId' ). 7332 The request ID supplants exception IDs. Accordingly, 7333 MWExceptionHandler::getLogId() is deprecated. 7334* (T33313) Add a preference for watching uploads by default, also applies 7335 to API-based upload tools. 7336* $wgJpegPixelFormat was added to override chroma subsampling for JPEG image 7337 thumbnails created via ImageMagick. Defaults to 'yuv420', providing bandwidth 7338 savings versus the previous behavior on many files. 7339* MediaWiki\Auth infrastructure (called "AuthManager") allows for more flexible 7340 configuration of multiple authentication pieces that was possible with 7341 AuthPlugin. For example, it's now easy to plug in second-factor 7342 authentication, or add additional checks to the login process, or to support 7343 multiple login methods at once, or to support non-password-based login 7344 methods. 7345** Providers are configured via the global setting $wgAuthManagerConfig. 7346** A global, $wgDisableAuthManager, is temporarily available to disable 7347 AuthManager until extensions are ready to support it. 7348** New hook, AuthChangeFormFields, to adjust the form fields on 7349 AuthManager-related special pages. 7350** New hook, AuthManagerLoginAuthenticateAudit, for additional logging of 7351 AuthManager-related authentication requests. 7352** New hook, ChangeAuthenticationDataAudit, for additional logging of 7353 AuthManager-related authentication data changes. 7354** New hook, SecuritySensitiveOperationStatus, to work with the new mechanism 7355 for requiring a recent login before taking security-sensitive operations 7356 like changing a password. 7357** Two new globals, $wgChangeCredentialsBlacklist and 7358 $wgRemoveCredentialsBlacklist can be used to prevent the web UI and the API 7359 changing certain authentication data. 7360* The file upload dialog (available if you install WikiEditor or VisualEditor) 7361 can now be configured using $wgUploadDialog. 7362 7363=== External library changes in 1.27 === 7364 7365==== Upgraded external libraries ==== 7366* Updated oojs/oojs-ui from v0.12.12 to v0.13.3. 7367* Updated composer/semver from v1.0.0 to v1.2.0. 7368* Updated liuggio/statsd-php-client to 1.0.18. 7369* Updated QUnit from v1.18.0 to v1.22.0. 7370 7371==== New external libraries ==== 7372* Added wikimedia/base-convert v1.0.1. 7373* Added wikimedia/cldr-plural-rule-parser v1.0.0. 7374* Added wikimedia/relpath v1.0.3. 7375* Added wikimedia/running-stat v1.1.0. 7376* Added wikimedia/php-session-serializer v1.0.3. 7377 7378==== Removed and replaced external libraries ==== 7379 7380=== Bug fixes in 1.27 === 7381* Special:Upload will now display correct maximum allowed file size when running 7382 under HHVM (T116347). 7383* (T54077) The APIEditBeforeSave hook will once again give only the content of 7384 the section being edited, rather than the whole revision. This reverts the 7385 change made in MediaWiki 1.22. 7386 7387=== Action API changes in 1.27 === 7388* Added list=allrevisions. 7389* generator=recentchanges now has the option to generate revids. 7390* ApiPageSet::setRedirectMergePolicy() was added. This allows generator 7391 modules to define how generator data for a redirect source gets merged 7392 into the redirect destination. 7393* prop=imageinfo&iiprop=uploadwarning will no longer include the possibility of 7394 "was-deleted" warning. 7395* Added difftotextpst to query=revisions which preforms a pre-save transform on 7396 the text before diffing it. 7397* Deprecated formats dbg, txt, and yaml have been removed. 7398* (T47988) The protect log event details now use new-style formatting. 7399* The following response properties from action=login are deprecated, and may 7400 be removed in the future: lgtoken, cookieprefix, sessionid. Clients should 7401 handle cookies to properly manage session state. 7402* action=login transparently allows login using bot passwords. Clients should 7403 merely need to change the username and password used after setting up a bot 7404 password. 7405* action=upload no longer understands statuskey, asyncdownload or leavemessage. 7406* Several changes when $wgDisableAuthManager is false: 7407** action=login is deprecated for uses other than bot passwords. 7408** list=users can now indicate if a missing username is creatable. 7409** action=createaccount is changed in a non-backwards-compatible manner. 7410** Added action=query&meta=authmanagerinfo. 7411** Added action=clientlogin to be used to log into the main account instead of 7412 action=login. 7413** Added action=linkaccount. 7414** Added action=unlinkaccount. 7415** Added action=changeauthenticationdata. 7416** Added action=removeauthenticationdata. 7417** Added action=resetpassword. 7418 7419=== Action API internal changes in 1.27 === 7420* ApiQueryORM removed. 7421* The following classes have been removed: 7422** ApiFormatDbg 7423** ApiFormatTxt 7424** ApiFormatYaml 7425* ApiBase::addTokenProperties() was removed (deprecated since 1.24). 7426* ApiBase::getFinalPossibleErrors() was removed (deprecated since 1.24). 7427* ApiBase::getFinalResultProperties() was removed (deprecated since 1.24). 7428* ApiBase::getRequireAtLeastOneParameterErrorMessages() was removed (deprecated 7429 since 1.24). 7430* ApiBase::getPossibleErrors() was removed (deprecated since 1.24). 7431* ApiBase::getRequireMaxOneParameterErrorMessages() was removed (deprecated 7432 since 1.24). 7433* ApiBase::getRequireOnlyOneParameterErrorMessages() was removed (deprecated 7434 since 1.24). 7435* ApiBase::getResultProperties() was removed (deprecated since 1.24). 7436* ApiBase::getTitleOrPageIdErrorMessage() was removed (deprecated since 1.24). 7437* ApiBase::parseErrors() was removed (deprecated since 1.24). 7438* ApiQueryBase::titleToKey(), ApiQueryBase::keyToTitle() and 7439 ApiQueryBase::keyPartToTitle() all removed (deprecated since 1.24). 7440* ApiQueryBase::checkRowCount() was removed (deprecated since 1.24). 7441* ApiQueryBase::getDirectionDescription() was removed (deprecated since 1.25). 7442* ApiQuery::getGenerators() was removed (deprecated since 1.21). 7443* ApiQuery::getModules() was removed (deprecated since 1.21). 7444* ApiQuery::getModuleType() was removed (deprecated since 1.21). 7445* ApiQuery::setGeneratorContinue() was removed (deprecated since 1.24). 7446* ApiMain::getModules() was removed (deprecated since 1.21). 7447* ApiBase::getVersion() was removed (deprecated since 1.21). 7448* ApiMain::getShowVersions() was removed (deprecated in 1.21). 7449* ApiMain::addModule() was removed (deprecated in 1.21). 7450* ApiMain::addFormat() was removed (deprecated in 1.21). 7451* ApiMain::getFormats() was removed (deprecated in 1.21). 7452* ApiPageSet::finishPageSetGeneration() was removed (deprecated in 1.21). 7453* ApiCreateAccount was removed. 7454 7455=== Languages updated in 1.27 === 7456 7457MediaWiki supports over 350 languages. Many localisations are updated 7458regularly. Below only new and removed languages are listed, as well as 7459changes to languages because of Phabricator reports. 7460 7461* (T113688) Change default numerals from Gurmukhi to Arabic for Punjabi locale. 7462* (T116020) Aliases of magic words in MessagesXx.php are sorted by usage. 7463 7464=== Other changes in 1.27 === 7465* Added dependency injection (DI) infrastructure, see docs/injection.txt for 7466 details. 7467 It is planned to incrementally move MediaWiki code towards using DI, using the 7468 service locator (SL) pattern as a stepping stone. 7469* ProfilerOutputUdp was removed. Note that there is a ProfilerOutputStats class. 7470* WikiPage::doDeleteArticleReal() and WikiPage::doDeleteArticle() now 7471 ignore the 2nd and 3rd arguments (formerly $id and $commit). 7472* Removed "loaderScripts" option from ResourceLoaderFileModule class. 7473* Removed ORM-like wrapper added in 1.20. 7474* LinkCache::getGoodLinks and LinkCache::getBadLinks were removed 7475 (deprecated in 1.26). 7476* WikiPage::doQuickEdit() was removed (deprecated since 1.21). 7477* Removed SiteObject and SiteArray classes (deprecated in 1.21). 7478* MessageBlobStore::getInstance() was removed (deprecated since 1.25). 7479* (T84937) Free external links ("autolinked" urls) will now be terminated 7480 by and HTML entity encodings of  , <, and >. 7481* (T36948) The default file revert message's timestamp is now in 7482 $wgLocaltimezone, instead of UTC. 7483* The default name of the 'suppress' group page has been changed from 7484 'Project:Oversight' to 'Project:Suppress'. 7485* DatabaseBase::resultObject() is now protected (use outside Database classes 7486 not necessary since 1.11). 7487* Calling ResourceLoaderFileModule::readStyleFiles() without a 7488 ResourceLoaderContext instance is deprecated. 7489* ResourceLoader::getLessCompiler() now takes an optional parameter of 7490 additional LESS variables to set for the compiler. 7491* wfBaseConvert() marked as deprecated, use Wikimedia\base_convert() directly 7492 instead. 7493* Obsolete maintenance scripts clearCacheStats.php and showCacheStats.php 7494 were removed. The underlying data is sent to StatsD (see $wgStatsdServer). 7495* Removed msg_resource_links database table and associated code. 7496* Removed msg_resource database table and associated code. 7497* Skin::getNamespaceNotice() was removed. 7498* wfIsConfiguredProxy() was removed (deprecated since 1.24). 7499* wfDebugTimer() was removed (deprecated since 1.25). 7500* wfIsTrustedProxy() was removed (deprecated since 1.24). 7501* wfGetIP() was removed (deprecated since 1.19). 7502* MWHookException was removed. 7503* OutputPage::appendSubtitle() was removed (deprecated since 1.19). 7504* OutputPage::loginToUse() was removed (deprecated since 1.19). 7505* Article::loadContent() was removed (deprecated since 1.19). 7506* User::editToken() was removed (deprecated since 1.19). 7507* Removed --force-normal option of dumpBackup.php, as it no longer served 7508 any useful purpose since 1.22. 7509* The functions processOption() and processArgs() on the BackupDumper and 7510 TextPassDumper classes have been removed. 7511* The maintenance/backupTextPass.inc file was deleted. You should include 7512 maintenance/dumpTextPass.php instead. 7513* WikiPage::getUsedTemplates() was removed (deprecated since 1.19). 7514* wfEmptyMsg() was removed (deprecated since 1.18). 7515* OutputPage::permissionRequired() was removed (deprecated since 1.18). 7516* OutputPage::blockedPage() was removed (deprecated since 1.18). 7517* User::getSkin() was removed (deprecated since 1.18). 7518* OutputPage::includeJQuery() was removed (deprecated since 1.17). 7519* WikiPage::updateRestrictions() was removed (deprecated since 1.19). 7520* WikiPage::testPreSaveTransform() was removed (deprecated since 1.19). 7521* LogPage::logName() was removed (deprecated since 1.19). 7522* LogPage::logHeader() was removed (deprecated since 1.19). 7523* wfCheckLimits() was removed (deprecated since 1.24). 7524* Linker::makeKnownLinkObj() was removed (deprecated since 1.16). 7525* Linker::makeLinkObj() was removed (deprecated since 1.16). 7526* wfMsgForContentNoTrans() was removed (deprecated since 1.18). 7527* ChangesList::usePatrol was removed (deprecated since 1.22). 7528* wfMsgNoTrans() was removed (deprecated since 1.18). 7529* Linker::makeImageLink2 was removed (deprecated since 1.20). 7530* Title::userIsWatching() was removed (deprecated since 1.20). 7531* Removed WaitForSlave maintenance script; use SELECT MASTER_POS_WAIT() 7532 database function directly instead. 7533* wfMsg() was removed (deprecated since 1.18). 7534* wfMsgForContent() was removed (deprecated since 1.18). 7535* wfMsgReal() was removed (deprecated since 1.18). 7536* wfMsgGetKey() was removed (deprecated since 1.18). 7537* wfMsgHtml() was removed (deprecated since 1.18). 7538* wfMsgWikiHtml() was removed (deprecated since 1.18). 7539* wfMsgExt() was removed (deprecated since 1.18). 7540* Language::armourMath() was removed (deprecated since 1.22). 7541* LanguageConverter::armourMath() was removed (deprecated since 1.22). 7542* FakeConverter::armourMath() was removed (deprecated since 1.22). 7543* The unused jquery.validate ResourceLoader module was removed. 7544* FileRepo::getRootUrl() was removed (deprecated since 1.20). 7545* User::generateToken() was removed (deprecated since 1.20). 7546* WikiPage::getRawText() was removed (deprecated since 1.21). 7547* ParserOutput::hasCustomDataUpdates() was removed (deprecated since 1.25). 7548* ParserOutput::addSecondaryDataUpdate() was removed (deprecated since 1.25). 7549* ParserOutput::getSecondaryDataUpdates() was removed (deprecated since 1.25). 7550* Gallery images with multiple caption pipes no longer concatenate them all 7551 together but instead pick the final one, similar to image syntax. 7552* XML-like parser tags (such as <gallery>), when unclosed, will be left unparsed 7553 rather than consume everything until the end of the page. 7554* New maintenance script resetUserEmail.php allows sysadmins to reset user 7555 emails in case a user forgot password/account was stolen. 7556* wfCheckEntropy() was removed (deprecated in 1.27). 7557* Browser support for Internet Explorer 8 lowered from Grade A to Grade C. 7558* ContentHandler::supportsCategories method added. Default is true. 7559 CategoryMembershipChangeJob updates are skipped for content that 7560 does not support categories. 7561* wikidiff difference engine is no longer supported, anyone still using it are 7562 encouraged to upgrade to wikidiff2 which is actively maintained and has better 7563 package availability. 7564* Database logic was removed from WatchedItem and a WatchedItemStore was 7565 created: 7566** WatchedItem::IGNORE_USER_RIGHTS and WatchedItem::CHECK_USER_RIGHTS were 7567 deprecated. User::IGNORE_USER_RIGHTS and User::CHECK_USER_RIGHTS were 7568 introduced. 7569** WatchedItem::fromUserTitle was deprecated in favour of the constructor. 7570** WatchedItem::resetNotificationTimestamp was deprecated. 7571** WatchedItem::batchAddWatch was deprecated. 7572** WatchedItem::addWatch was deprecated. 7573** WatchedItem::removeWatch was deprecated. 7574** WatchedItem::isWatched was deprecated. 7575** WatchedItem::duplicateEntries was deprecated. 7576** EmailNotification::updateWatchlistTimestamp was deprecated. 7577** User::getWatchedItem was removed. 7578* Unit tests don't work with external PHPUnit anymore, Composer is now the only 7579 supported way. Run `composer install` to install it and other dev dependencies 7580 to run unit tests. 7581* wl_id field added to the watchlist table. 7582* Revision::getRawText() was removed (deprecated since 1.21). 7583* WikiPage::replaceSection() was removed (deprecated since 1.21). 7584* Article::replaceSection() was removed (deprecated since 1.21). 7585* Language::getLangObj() was removed (deprecated since 1.24). 7586* Language::getLanguageName() was removed (deprecated since 1.20). 7587* Language::getLanguageNames() was removed (deprecated since 1.20). 7588* Language::getTranslatedLanguageNames() was removed (deprecated since 1.20). 7589* Language::specialPage() was removed (deprecated since 1.24). 7590* MediaWikiTestCase::assertException() was removed (deprecated since 1.22). 7591* OutputPage::getHeadItems() was removed (deprecated since 1.24). 7592* OutputPage::getScript() was removed (deprecated since 1.24). 7593* OutputPage::out() was removed (deprecated since 1.22). 7594* OutputPage::setAllowedModules() was removed (deprecated since 1.24). 7595* UserrightsPage::makeGroupNameListForLog() was removed (deprecated since 1.21). 7596* MediaWikiSite::newFromGlobalId() was removed (deprecated since 1.21). 7597* Title::newFromRedirect() was removed (deprecated since 1.21). 7598* Skin::commonPrintStylesheet() was removed (deprecated since 1.22). 7599* Skin::getCommonStylePath() was removed (deprecated since 1.24). 7600* Skin::newFromKey() was removed (deprecated since 1.24). 7601* Skin::getUsableSkins() was removed (deprecated since 1.23). 7602* LoadBalancer::pickRandom() was removed (deprecated in 1.21). 7603* Article::getUndoText() and WikiPage::getUndoText were removed (deprecated 7604 since 1.21). 7605* DifferenceEngine::setText() was removed (deprecated in 1.21). 7606* Title::newFromRedirectArray() was removed (deprecated in 1.21). 7607* UserMailer::send() no longer accepts $replyto as the 5th argument and 7608 $contentType as the 6th. These must be passed in the options array now. 7609* Title::newFromRedirectRecurse() was removed (deprecated in 1.21). 7610* Skin::accesskey was removed (deprecated since 1.21). 7611* Skin::blockLink was removed (deprecated since 1.21). 7612* Skin::buildRollbackLink was removed (deprecated since 1.21). 7613* Skin::emailLink was removed (deprecated since 1.21). 7614* Skin::formatComment was removed (deprecated since 1.21). 7615* Skin::formatHiddenCategories was removed (deprecated since 1.21). 7616* Skin::formatLinksInComment was removed (deprecated since 1.21). 7617* Skin::formatRevisionSize was removed (deprecated since 1.21). 7618* Skin::formatSize was removed (deprecated since 1.21). 7619* Skin::formatTemplates was removed (deprecated since 1.21). 7620* Skin::generateTOC was removed (deprecated since 1.21). 7621* Skin::getInternalLinkAttributes was removed (deprecated since 1.21). 7622* Skin::getInternalLinkAttributesObj was removed (deprecated since 1.21). 7623* Skin::getInterwikiLinkAttributes was removed (deprecated since 1.21). 7624* Skin::getInvalidTitleDescription was removed (deprecated since 1.21). 7625* Skin::getLinkColour was removed (deprecated since 1.21). 7626* Skin::getRevDeleteLink was removed (deprecated since 1.21). 7627* Skin::getRollbackEditCount was removed (deprecated since 1.21). 7628* Skin::makeBrokenImageLinkObj was removed (deprecated since 1.21). 7629* Skin::makeCommentLink was removed (deprecated since 1.21). 7630* Skin::makeExternalImage was removed (deprecated since 1.21). 7631* Skin::makeExternalLink was removed (deprecated since 1.21). 7632* Skin::makeHeadline was removed (deprecated since 1.21). 7633* Skin::makeImageLink was removed (deprecated since 1.21). 7634* Skin::makeMediaLinkFile was removed (deprecated since 1.21). 7635* Skin::makeMediaLinkObj was removed (deprecated since 1.21). 7636* Skin::makeSelfLinkObj was removed (deprecated since 1.21). 7637* Skin::makeThumbLink2 was removed (deprecated since 1.21). 7638* Skin::makeThumbLinkObj was removed (deprecated since 1.21). 7639* Skin::normaliseSpecialPage was removed (deprecated since 1.21). 7640* Skin::normalizeSubpageLink was removed (deprecated since 1.21). 7641* Skin::processResponsiveImages was removed (deprecated since 1.21). 7642* Skin::revComment was removed (deprecated since 1.21). 7643* Skin::revDeleteLink was removed (deprecated since 1.21). 7644* Skin::revDeleteLinkDisabled was removed (deprecated since 1.21). 7645* Skin::revUserLink was removed (deprecated since 1.21). 7646* Skin::revUserTools was removed (deprecated since 1.21). 7647* Skin::specialLink was removed (deprecated since 1.21). 7648* Skin::splitTrail was removed (deprecated since 1.21). 7649* Skin::titleAttrib was removed (deprecated since 1.21). 7650* Skin::tocIndent was removed (deprecated since 1.21). 7651* Skin::tocLine was removed (deprecated since 1.21). 7652* Skin::tocLineEnd was removed (deprecated since 1.21). 7653* Skin::tocList was removed (deprecated since 1.21). 7654* Skin::tocUnindent was removed (deprecated since 1.21). 7655* Skin::tooltip was removed (deprecated since 1.21). 7656* Skin::tooltipAndAccesskeyAttribs was removed (deprecated since 1.21). 7657* Skin::userTalkLink was removed (deprecated since 1.21). 7658* Skin::userToolLinksRedContribs was removed (deprecated since 1.21). 7659* wikidiff3 is now the default and only PHP diff engine. It provides improved 7660 diff performance on complex changes. $wgExternalDiffEngine = 'wikidiff3' 7661 therefore makes no difference now. Users are still recommended to use 7662 wikidiff2 if possible, though. 7663* User::addNewUserLogEntry() was deprecated. 7664* User::addNewUserLogEntryAutoCreate() was deprecated. 7665* User::isPasswordReminderThrottled() was deprecated. 7666* Bot-oriented parameters to Special:UserLogin (wpCookieCheck, 7667 wpSkipCookieCheck) were removed. 7668* Installer can now be customized without patching MediaWiki code, see 7669 mw-config/overrides/README for details. 7670 7671=== Compatibility === 7672 7673MediaWiki 1.27 requires PHP 5.5.9 or later. There is experimental support for 7674HHVM 3.6.5 or later. 7675 7676MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but 7677support for them is somewhat less mature. There is experimental support for 7678Oracle and Microsoft SQL Server. 7679 7680The supported versions are: 7681 7682* MySQL 5.0.3 or later 7683* PostgreSQL 8.3 or later 7684* SQLite 3.3.7 or later 7685* Oracle 9.0.1 or later 7686* Microsoft SQL Server 2005 (9.00.1399) 7687 7688=== Upgrading === 7689 76901.27 has several database changes since 1.26, and will not work without schema 7691updates. Note that due to changes to some very large tables like the revision 7692table, the schema update may take quite long (minutes on a medium sized site, 7693many hours on a large site). 7694 7695If upgrading from before 1.11, and you are using a wiki as a commons 7696repository, make sure that it is updated as well. Otherwise, errors may arise 7697due to database schema changes. 7698 7699If upgrading from before 1.7, you may want to run refreshLinks.php to ensure 7700new database fields are filled with data. 7701 7702If you are upgrading from MediaWiki 1.4.x or earlier, you should upgrade to 77031.5 first. The upgrade script maintenance/upgrade1_5.php has been removed 7704with MediaWiki 1.21. 7705 7706Don't forget to always back up your database before upgrading! 7707 7708See the file UPGRADE for more detailed upgrade instructions. 7709 7710For notes on 1.26.x and older releases, see HISTORY. 7711 7712 7713= MediaWiki 1.26 = 7714 7715== MediaWiki 1.26.4 == 7716 7717This is a maintenance release of the MediaWiki 1.26 branch. 7718 7719=== Changes since 1.26.3 === 7720* BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests 7721 made by MediaWiki via a proxy. Relying on the http_proxy environment 7722 variable is no longer supported. 7723* (T124163) Fixed fatal error in DifferenceEngine under HHVM. 7724* (T139565) SECURITY: API: Generate head items in the context of the given title 7725* (T137264) SECURITY: XSS in unclosed internal links 7726* (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks 7727* (T133147) SECURITY: Require login to preview user CSS pages 7728* (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is 7729 the top file 7730* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in 7731 permissions 7732* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true 7733* (T115333) SECURITY: Check read permission when loading page content in 7734 ApiParse 7735* Remove support for $wgWellFormedXml = false, all output is now well formed 7736 7737== MediaWiki 1.26.3 == 7738 7739This is a maintenance release of the MediaWiki 1.26 branch. 7740 7741=== Changes since 1.26.2 === 7742* (T116266) Fixed undefined property notices in DairikiDiff under HHVM. 7743* (T123166) Fix fatal error when importing pages to titles which cannot be 7744 created, such as invalid titles or titles the user is not allowed to edit. 7745* (T122056) Old tokens are remaining valid within a new session 7746* (T127114) Login throttle can be tricked using non-canonicalized usernames 7747* (T123653) Cross-domain policy regexp is too narrow 7748* (T123071) Incorrectly identifying http link in a's href attributes, due to 7749 m modifier in regex 7750* (T129506) MediaWiki:Gadget-popups.js isn't renderable 7751* (T125283) Users occasionally logged in as different users after 7752 SessionManager deployment 7753* (T103239) Patrol allows click catching and patrolling of any page 7754* (T122807) [tracking] Check php crypto primatives 7755* (T98313) Graphs can leak tokens, leading to CSRF 7756* (T130947) Diff generation should use PoolCounter 7757* (T133507) Careless use of $wgExternalLinkTarget is insecure 7758* (T132874) API action=move is not rate limited 7759* (T110143) strip markers can be used to get around html attribute escaping in 7760 (many?) parser tags 7761* (T116030) Increase pbkdf2 parameter strengths 7762* (T127420) Pbkdf2Password does not check if hash_pbkdf2() succeeded 7763* (T126685) Globally throttle password attempts 7764 7765== MediaWiki 1.26.2 == 7766 7767This is a maintenance release of the MediaWiki 1.26 branch. 7768 7769=== Changes since 1.26.1 === 7770* (T121892) Fix fatal error on some Special pages, introduced in 1.26.1. 7771 7772== MediaWiki 1.26.1 == 7773 7774This is a maintenance release of the MediaWiki 1.26 branch. 7775 7776=== Changes since 1.26.0 === 7777* (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths 7778 that do not begin with a slash. This enabled trivial XSS attacks. 7779 Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are 7780 "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an 7781 error. 7782* (T119309) SECURITY: Use hash_compare() for edit token comparison 7783* (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting 7784 with '@' as file uploads 7785* (T115522) SECURITY: Passwords generated by User::randomPassword() can no 7786 longer be shorter than $wgMinimalPasswordLength 7787* (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could 7788 result in improper blocks being issued 7789* (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions 7790 and related pages no longer use HTTP redirects and are now redirected by 7791 MediaWiki 7792* Fixed ConfigException in ExpandTemplates due to AlwaysUseTidy. 7793* Fixed stray literal \n in Special:Search. 7794* Fix issue that breaks HHVM Repo Authorative mode. 7795* (T120267) Work around APCu memory corruption bug 7796 7797== MediaWiki 1.26.0 == 7798 7799=== Configuration changes in 1.26 === 7800* $wgPasswordResetRoutes['email'] = true by default. 7801* $wgEnableParserCache was deprecated, set $wgParserCacheType to CACHE_NONE 7802 instead if you want to disable the parser cache. 7803* New-style continuation is now the default for API action=continue. Clients may 7804 use the 'rawcontinue' parameter to receive raw query-continue data, but the 7805 new style is encouraged as it's harder to implement incorrectly. 7806* Deprecated API formats dump and wddx have been completely removed. 7807* (T7645) The "Signature" button on the edit toolbar is now hidden by default 7808 in non-talk namespaces. A new configuration variable, 7809 $wgExtraSignatureNamespaces, controls in which subject (non-talk) namespaces 7810 the "Signature" button on the edit toolbar will be displayed. 7811* $wgResourceLoaderUseESI was deprecated and removed. This was an experimental 7812 feature that was never enabled by default. 7813* $wgResourceLoaderExperimentalAsyncLoading was deprecated and removed. 7814 This experimental feature was never enabled by default and is obsolete as of 7815 MediaWiki 1.26, in where ResourceLoader became fully asynchronous. 7816* $wgMasterWaitTimeout was removed (deprecated in 1.24). 7817* Fields in ParserOptions are now private. Use the accessors instead. 7818* Custom LESS functions (defined via $wgResourceLoaderLESSFunctions or 7819 in extension.json) have been removed, after being deprecated in 1.24. 7820* $wgAlwaysUseTidy has been removed. 7821* ResetSessionID hook has been removed. Nothing seems to use it. 7822* Certain AuthPlugin methods are deprecated in favor of new hooks: 7823** AuthPlugin::initUser() is replaced by LocalUserCreated. 7824** AuthPlugin::updateUser() is replaced by UserLoggedIn. 7825** AuthPlugin::updateExternalDB() is replaced by the existing UserSaveSettings. 7826** AuthPlugin::updateExternalDBGroups() is replaced by UserGroupsChanged. 7827** AuthPluginUser::isHidden() is replaced by UserIsHidden. 7828** AuthPluginUser::isLocked() is replaced by UserIsLocked. 7829* The UserRights hook is deprecated in favor of the new UserGroupsChanged hook. 7830* AuthPlugin::initUser() and AuthPlugin::updateUser() should no longer replace 7831 the passed User object. 7832* $wgBlockAllowsUTEdit is now set to true by default. This allows 7833 blocked users to edit their talk pages unless explicitly disabled 7834 when they are being blocked. 7835 7836=== New features in 1.26 === 7837* (T51506) Now action=info gives estimates of actual watchers for a page. 7838 See $wgRCMaxAge, $wgWatchersMaxAge and $wgUnwatchedPageSecret 7839 to learn how to configure if needed. 7840* Change tags can now be hidden in the interface by disabling the associated 7841 "tag-<id>" interface message. 7842* ':' (colon) is now invalid in usernames for new accounts. Existing accounts 7843 are not affected. 7844* Added a new hook, 'LogException', to log exceptions in nonstandard ways. 7845* Revive the 'SpecialSearchResultsAppend' hook which occurs after the list of 7846 search results are rendered. The initial use case is to append a "give us 7847 feedback" link beneath the search results. 7848* Added a new hook, 'RejectParserCacheValue', which allows extensions to 7849 reject an otherwise-successful parser cache lookup. The intent is to allow 7850 extensions to manage the eviction of archaic HTML output from the cache. 7851* (T68699) The expiration of the UserID and Token login cookies 7852 ($wgExtendedLoginCookieExpiration) can be configured independently of the 7853 expiration of all other cookies ($wgCookieExpiration). 7854* (T50519) Support for generating JPEG/PNG thumbnails from WebP images added 7855 if ImageMagick is used as image scaler ($wgUseImageMagick = true). Uploading 7856 of WebP images still disabled by default. Add $wgFileExtensions[] = 7857 'webp'; to LocalSettings.php to enable uploading of WebP images. 7858* Added new hooks 'EnhancedChangesListModifyLineData' & 7859 'EnhancedChangesListModifyBlockLineData', to modify the data used to build 7860 lines in enhanced recentchanges and watchlist. 7861* Caches that need purging ability now use the WANObjectCache interface. 7862 This corresponds to a new $wgMainWANCache setting, which defaults to using 7863 the $wgMainCacheType settings. 7864* Callers needing fast light-weight data stores use $wgMainStash to select 7865 the store type from $wgObjectCaches. The default is the local database. 7866* Interface message overrides in the MediaWiki namespace will now be cached in 7867 memcached and APC (if available), rather than memcached and local files. 7868* Added a new hook, 'RandomPageQuery', to allow modification of the query used 7869 by Special:Random to select random pages. 7870* $wgTransactionalTimeLimit was added, which controls the request time limit 7871 for potentially slow POST requests that need to be as atomic as possible. 7872* ResourceLoader now loads all scripts asynchronously. The top-queue and 7873 startup modules are no longer synchronously loaded. 7874* 'mediawiki.ui.button' styles are no longer unconditionally loaded on every 7875 page. During the deprecation period, the styles will only be loaded on pages 7876 which contain 'mw-ui-button' in their HTML. Starting in 1.28, the styles will 7877 only be loaded if explicitly required. 7878* If search returns zero results and current search engine has a "did you mean" 7879 suggestion, results for suggestion will be shown. Can be disabled by setting 7880 $wgSearchRunSuggestedQuery to false. 7881* Added several JavaScript libraries for uploading files to MediaWiki 7882 from the client-side. See documentation for mw.Upload and its 7883 subclasses for more information. 7884* Added OOUI dialogs and layout for file upload interfaces. See 7885 documentation for mw.Upload.Dialog, mw.Upload.BookletLayout and its 7886 subclasses for more information. 7887 7888=== extension.json changes in 1.26 === 7889* (T99344) The extension.json schema is now versioned. All extensions 7890 and skins should set a "manifest_version" property corresponding to 7891 the schema version they were written for. The only supported version 7892 currently is "1". 7893* (T102523) The error message if a non-array attribute is set was improved. 7894* (T107646) Configuration settings can now specify how they should be merged, 7895 which is necessary for arrays using integer keys. 7896* (T110389) Adding namespaces through extension.json now actually works 7897* $wgNamespaceProtection can now be set in extension.json. 7898* $wgCapitalLinkOverrides can now be set in extension.json. 7899* (T97186) Extensions using a custom prefix for their configuration settings 7900 can now set a "_prefix" key to override the default of "wg". 7901* (T99084) Extensions can now specify what MediaWiki core versions they 7902 depend upon. 7903* (T105236) The extension.json schema now validates custom classes in 7904 the "ResourceModules" property properly. 7905 7906=== External library changes in 1.26 === 7907==== Upgraded external libraries ==== 7908* Updated es5-shim from v4.0.0 to v4.1.5. 7909* Updated json2 from revision 2014-02-04 to 2015-05-03. 7910* Updated Sinon.JS from 1.10.3 to 1.15.4. 7911* Updated jQuery Client from v1.0.0 to v2.0.0. 7912* Updated QUnit from v1.17.1 to v1.18.0. 7913* Updated liuggio/statsd-php-client from v1.0.12 to v1.0.16. 7914* Updated oojs/oojs-ui from v0.11.3 to v0.12.12. 7915* Updated wikimedia/cdb from v1.0.1 to v1.3.0. 7916* Updated wikimedia/utfnormal from v1.0.2 to v1.0.3. 7917* Updated wikimedia/composer-merge-plugin from v1.0.0 to v1.3.0. 7918* Updated zordius/lightncandy from v0.18 to v0.21. 7919 7920==== New external libraries ==== 7921* Added composer/semver v1.0.0. 7922* Added mediawiki/at-ease v1.1.0. 7923* Added wikimedia/assert v0.2.2. 7924* Added wikimedia/ip-set v1.0.1. 7925* Added wikimedia/wrappedstring v2.0.0. 7926 7927==== Removed and replaced external libraries ==== 7928* Replaced leafo/lessphp v0.5.0 with oyejorge/less.php v1.7.0.9. 7929 7930=== Bug fixes in 1.26 === 7931* (T53283) load.php sometimes sends 304 response without full headers 7932* (T65198) Talk page tabs now have a "rel=discussion" attribute 7933* (T98841) {{msgnw:}} now preserves comments even when subst: is not used. 7934* (T104142) $wgEmergencyContact and $wgPasswordSender now use their default 7935 value if set to an empty string. 7936 7937=== Action API changes in 1.26 === 7938* New-style continuation is now the default for action=continue. Clients may 7939 use the 'rawcontinue' parameter to receive raw query-continue data, but the 7940 new style is encouraged as it's harder to implement incorrectly. 7941* Deprecated API formats dump and wddx have been completely removed. 7942* API action=query&list=tags: The displayname can now be boolean false if the 7943 tag is meant to be hidden from user interfaces. 7944* action=import no longer allows both the namespace= and rootpage= parameters 7945 to be set. If they are both set, the value of rootpage= will be ignored. 7946* prop=revision output in enum mode is now sorted by timestamp rather than 7947 revision ID. This usually won't make any difference. 7948* (T102645) Namespace list from meta=siteinfo&siprop=namespaces is now an array 7949 with formatversion=2. 7950* Various other output from meta=siteinfo will now always be arrays instead of 7951 sometimes being numerically-indexed objects with formatversion=2. 7952* When errors about users being blocked are returned, they now include 7953 information about the relevant block. 7954* (T99926) list=random has higher limits, in line with other API modules. 7955* list=random's rnredirect parameter is deprecated in favor of a new 7956 rnfilterredir parameter that also allows for listing both redirects and 7957 non-redirects. 7958* list=random now supports continuation. 7959* API responses to GET requests may now include ETag and Last-Modified headers, 7960 and will honor corresponding If-None-Match and If-Modified-Since on such 7961 requests. 7962 7963=== Action API internal changes in 1.26 === 7964* New metadata item ApiResult::META_KVP_MERGE to allow for merging the KVP key 7965 into the value when the value is an assoc. 7966* API action modules may now provide values for the RFC 7232 ETag and 7967 Last-Modified headers. The API will check these against If-None-Match and 7968 If-Modified-Since request headers on GET requests and avoid executing the 7969 module when appropriate. 7970 7971=== Languages updated in 1.26 === 7972 7973MediaWiki supports over 350 languages. Many localisations are updated 7974regularly. Below only new and removed languages are listed, as well as 7975changes to languages because of Phabricator reports. 7976 7977* Languages added: 7978** ase (American sign language), thanks to translator Icemandeaf 7979** dty (डोटेली/Doteli), thanks to translators जनक राज भट्ट, बिप्लब आनन्द, 7980 मेश सिंह बोहरा, and राम प्रसाद जोशी 7981** luz (لئری دوٙمینی / Southern Luri) 7982** olo (Livvinкarjala / Livvi-Karelian), thanks to translators Denö, Hiloin 7983 Natoi, Ilja.mos, and Mashoi7 7984 7985=== Other changes in 1.26 === 7986* ChangeTags::tagDescription() will return false if the interface message 7987 for the tag is disabled. 7988* Added PageHistoryPager::doBatchLookups hook. 7989* Added $wikiId parameter to FormatAutocomments hook. 7990* Added ParserCacheSaveComplete to ParserCache 7991* supportsDirectEditing and supportsDirectApiEditing methods added to 7992 ContentHandler, to provide a way for ApiEditPage and EditPage to check 7993 if direct editing of content is allowed. These methods return false, 7994 by default for the ContentHandler base class and true for TextContentHandler 7995 and it's derivative classes (everything in core). For Content types that 7996 do not support direct editing, an alternative mechanism should be provided 7997 for editing, such as action overrides or specific api modules. 7998* mediaWiki.confirmCloseWindow now returns an object of functions, instead of 7999 one function. The callback can't be called directly any more. The callback 8000 function is replaced with confirmCloseWindow.release(). 8001* BREAKING CHANGE: Added an optional ResouceLoaderContext parameter to 8002 ResourceLoaderModule::getDependencies(). Extension classes that override that 8003 method should be updated. If they aren't updated, PHP Strict standards 8004 warnings will appear when E_STRICT error reporting is enabled. Note: in the 8005 near future, this parameter will probably become non-optional. 8006* Removed maintenance script deleteImageMemcached.php. 8007* MWFunction::newObj() was removed (deprecated in 1.25). 8008 ObjectFactory::getObjectFromSpec() should be used instead. 8009* The parser will no longer randomize the string it uses to mark the place of 8010 items that were stripped during parsing. It will use a fixed string instead. 8011 This causes the parser to re-use the regular expressions it uses to search 8012 and replace markers rather than generate novel expressions on each parse. 8013 Re-using regular expressions will improve performance on HHVM and the 8014 forthcoming PHP 7. The interfaces changes accompanying this change are: 8015 - Parser::getRandomString() and Parser::uniqPrefix() have been deprecated. 8016 - The $uniq_prefix argument for Parser::extractTagsAndParams() and the 8017 $prefix argument for StripState::_construct() are deprecated and their 8018 value is ignored. 8019* wfSuppressWarnings() and wfRestoreWarnings() were split into a separate 8020 library, mediawiki/at-ease, and are now deprecated. Callers should use 8021 MediaWiki\suppressWarnings() and MediaWiki\restoreWarnings() directly. 8022* The Block class constructor now takes an associative array of parameters 8023 instead of many optional positional arguments. Calling the constructor the old 8024 way will issue a deprecation warning. 8025* The jquery.mwExtension module was deprecated. 8026* $wgSpecialPageGroups was removed (deprecated in 1.21). 8027* SpecialPageFactory::setGroup was removed (deprecated in 1.21). 8028* SpecialPageFactory::getGroup was removed (deprecated in 1.21). 8029* DatabaseBase::ignoreErrors() is now protected. 8030* BREAKING CHANGE: mediawiki.legacy.ajax has been removed, following 8031 a lengthy deprecation period. 8032* The ScopedPHPTimeout class was removed. 8033* Removed maintenance script fixSlaveDesync.php. 8034* Watchlist tokens, SpecialResetTokens, and User::getTokenFromOption() 8035 are deprecated. Applications using those can work via the OAuth 8036 extension instead. New tokens types should not be added. 8037* DatabaseBase::errorCount() was removed (unused). 8038* $wgDeferredUpdateList was removed. 8039* DeferredUpdates::addHTMLCacheUpdate() was removed. 8040 8041= MediaWiki 1.25 = 8042 8043== MediaWiki 1.25.6 == 8044 8045This is a maintenance release of the MediaWiki 1.25 branch. 8046 8047=== Changes since 1.25.5 === 8048* (T123166) Fix fatal error when importing pages to titles which cannot be 8049 created, such as invalid titles or titles the user is not allowed to edit. 8050* (T122056) Old tokens are remaining valid within a new session 8051* (T127114) Login throttle can be tricked using non-canonicalized usernames 8052* (T123653) Cross-domain policy regexp is too narrow 8053* (T123071) Incorrectly identifying http link in a's href attributes, due to 8054 m modifier in regex 8055* (T129506) MediaWiki:Gadget-popups.js isn't renderable 8056* (T125283) Users occasionally logged in as different users after 8057 SessionManager deployment 8058* (T103239) Patrol allows click catching and patrolling of any page 8059* (T122807) [tracking] Check php crypto primatives 8060* (T98313) Graphs can leak tokens, leading to CSRF 8061* (T130947) Diff generation should use PoolCounter 8062* (T133507) Careless use of $wgExternalLinkTarget is insecure 8063* (T132874) API action=move is not rate limited 8064* (T110143) strip markers can be used to get around html attribute escaping in 8065 (many?) parser tags 8066* (T116030) Increase pbkdf2 parameter strengths 8067* (T127420) Pbkdf2Password does not check if hash_pbkdf2() succeeded 8068* (T126685) Globally throttle password attempts 8069 8070== MediaWiki 1.25.5 == 8071 8072This is a maintenance release of the MediaWiki 1.25 branch. 8073 8074=== Changes since 1.25.4 === 8075* (T121892) Fix fatal error on some Special pages, introduced in 1.25.4. 8076 8077== MediaWiki 1.25.4 == 8078 8079This is a security and maintenance release of the MediaWiki 1.25 branch. 8080 8081=== Changes since 1.25.3 === 8082* (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths 8083 that do not begin with a slash. This enabled trivial XSS attacks. 8084 Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are 8085 "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an 8086 error. 8087* (T119309) SECURITY: Use hash_compare() for edit token comparison 8088* (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting 8089 with '@' as file uploads 8090* (T115522) SECURITY: Passwords generated by User::randomPassword() can no 8091 longer be shorter than $wgMinimalPasswordLength 8092* (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could 8093 result in improper blocks being issued 8094* (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions 8095 and related pages no longer use HTTP redirects and are now redirected by 8096 MediaWiki 8097* (T103237) $wgUseGzip had no effect when using file cache. 8098* (T114606) mw.notify was not correctly fixed to the page if 8099 initialized while not at the top of the page. 8100* Fix issue that breaks HHVM Repo Authorative mode. 8101 8102== MediaWiki 1.25.3 == 8103 8104This is a security and maintenance release of the MediaWiki 1.25 branch. 8105 8106=== Changes since 1.25.2 === 8107 8108* (T98975) Fix having multiple callbacks for a single hook. 8109* (T107632) maintenance/refreshLinks.php did not always remove all links 8110 pointing to nonexistent pages. 8111* (T104142) $wgEmergencyContact and $wgPasswordSender now use their default 8112 value if set to an empty string. 8113* (T62174) Provide fallbacks for use of mb_convert_encoding() in 8114 HtmlFormatter. It was causing an error when accessing the api help page 8115 if the mbstring PHP extension was not installed. 8116* (T105896) Confirmation emails would sometimes contain invalid codes. 8117* (T105597) Fixed edit stash inclusion queries. 8118* (T91850) SECURITY: Add throttle check in ApiUpload and SpecialUpload 8119* (T91203, T91205) SECURITY: API: Improve validation in chunked uploading 8120* (T95589) SECURITY: RevDel: Check all revisions for suppression, not just the 8121 first 8122* (T108616) SECURITY: Avoid exposure of local path in PNG thumbnails 8123 8124== MediaWiki 1.25.2 == 8125 8126This is a security and maintenance release of the MediaWiki 1.25 branch. 8127 8128=== Changes since 1.25.1 === 8129 8130* (T94116) SECURITY: Compare API watchlist token in constant time 8131* (T97391) SECURITY: Escape error message strings in thumb.php 8132* (T106893) SECURITY: Don't leak autoblocked IP addresses on 8133 Special:DeletedContributions 8134* (T102562) Fix InstantCommons parameters to handle the new HTTPS-only 8135 policy of Wikimedia Commons. 8136* (T100767) Setting a configuration setting for skin or extension to 8137 false in LocalSettings.php was not working. 8138* (T100635) API action=opensearch json output no longer breaks when 8139 $wgDebugToolbar is enabled. 8140* (T102522) Using an extension.json or skin.json file which has 8141 a "manifest_version" property for 1.26 compatability will no longer 8142 trigger warnings. 8143* (T86156) Running updateSearchIndex.php will not throw an error as 8144 page_restrictions has been added to the locked table list. 8145* Special:Version would throw notices if using SVN due to an incorrectly 8146 named variable. Add an additional check that an index is defined. 8147 8148== MediaWiki 1.25.1 == 8149 8150This is a bug fix release of the MediaWiki 1.25 branch. 8151 8152=== Changes since 1.25 === 8153* (T100351) Fix syntax errors in extension.json of ConfirmEdit extension 8154 8155== MediaWiki 1.25.0 == 8156 8157=== Configuration changes in 1.25 === 8158* $wgPageShowWatchingUsers was removed. 8159* $wgLocalVirtualHosts has been added to replace $wgConf->localVHosts. 8160* $wgAntiLockFlags was removed. 8161* $wgJavaScriptTestConfig was removed. 8162* Edit tokens returned from User::getEditToken may change on every call. Token 8163 validity must be checked by passing the user-supplied token to 8164 User::matchEditToken rather than by testing for equality with a 8165 newly-generated token. 8166* (T74951) The UserGetLanguageObject hook may be passed any IContextSource 8167 for its $context parameter. Formerly it was documented as receiving a 8168 RequestContext specifically. 8169* Profiling was restructured and $wgProfiler now requires an 'output' parameter. 8170 See StartProfiler.sample for details. 8171* $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that 8172 might be a flash policy directive configurable. 8173* ApiOpenSearch now supports XML output. The OpenSearchXml extension should no 8174 longer be used. If extracts and page images are desired, the TextExtracts and 8175 PageImages extensions are required. 8176* $wgOpenSearchTemplate is deprecated in favor of $wgOpenSearchTemplates. 8177* Edits are now prepared via AJAX as users type edit summaries. This behavior 8178 can be disabled via $wgAjaxEditStash. 8179* (T46740) The temporary option $wgIncludejQueryMigrate was removed, along 8180 with the jQuery Migrate library, as indicated when this option was provided in 8181 MediaWiki 1.24. 8182* ProfilerStandard and ProfilerSimpleTrace were removed. Make sure that any 8183 StartProfiler.php config is updated to reflect this. Xhprof is available 8184 for zend/hhvm. Also, for hhvm, one can consider using its xenon profiler. 8185* Default value of $wgSVGConverters['rsvg'] now uses the 'rsvg-convert' binary 8186 rather than 'rsvg'. 8187* Default value of $wgSVGConverters['ImageMagick'] now uses transparent 8188 background with white fallback color, rather than just white background. 8189 * MediaWikiBagOStuff class removed, make sure any object cache config 8190 uses SqlBagOStuff instead. 8191* The 'daemonized' flag must be set to true in $wgJobTypeConf for any redis 8192 job queues. This means that mediawiki/services/jobrunner service has to 8193 be installed and running for any such queues to work. 8194* $wgAutopromoteOnce no longer supports the 'view' event. For keeping some 8195 compatibility, any 'view' event triggers will still trigger on 'edit'. 8196* $wgExtensionDirectory was added for when your extensions directory is 8197 somewhere other than $IP/extensions (as $wgStyleDirectory does with the skins 8198 directory). 8199 8200=== New features in 1.25 === 8201* (T64861) Updated plural rules to CLDR 26. Includes incompatible changes 8202 for plural forms in Russian, Prussian, Tagalog, Manx and several languages 8203 that fall back to Russian. 8204* (T60139) ResourceLoaderFileModule now supports language fallback 8205 for 'languageScripts'. 8206* Added a new hook, "ContentAlterParserOutput", to allow extensions to modify 8207 the parser output for a content object before links update. 8208* (T37785) Enhanced recent changes and extended watchlist are now default. 8209 Documentation: https://meta.wikimedia.org/wiki/Help:Enhanced_recent_changes 8210 and https://www.mediawiki.org/wiki/Manual:$wgDefaultUserOptions 8211* (T69341) SVG images will no longer be base64-encoded when being embedded 8212 in CSS. This results in slight size increase before gzip compression (due to 8213 percent-encoding), but up to 20% decrease after it. 8214* Update jStorage to v0.4.12. 8215* MediaWiki now natively supports page status indicators: icons (or short text 8216 snippets) usually displayed in the top-right corner of the page. They have 8217 been in use on Wikipedia for a long time, implemented using templates and CSS 8218 absolute positioning. 8219 - Basic wikitext syntax: 8220 <indicator name="foo">[[File:Foo.svg|20px]]</indicator> 8221 - Usage instructions: 8222 https://www.mediawiki.org/wiki/Help:Page_status_indicators 8223 - Adjusting custom skins to support indicators: 8224 https://www.mediawiki.org/wiki/Manual:Skinning#Page_status_indicators 8225* Edit tokens may now be time-limited: passing a maximum age to 8226 User::matchEditToken will reject any older tokens. 8227* The debug logging internals have been overhauled, and are now using the 8228 PSR-3 interfaces. 8229* Update CSSJanus to v1.1.1. 8230* Update lessphp to v0.5.0. 8231* Added a hook, "ApiOpenSearchSuggest", to allow extensions to provide extracts 8232 and images for ApiOpenSearch output. The semantics are identical to the 8233 "OpenSearchXml" hook provided by the OpenSearchXml extension. 8234* PrefixSearchBackend hook now has an $offset parameter. Combined with $limit, 8235 this allows for pagination of prefix results. Extensions using this hook 8236 should implement supporting behavior. Not doing so can result in undefined 8237 behavior from API clients trying to continue through prefix results. 8238* Update jQuery from v1.11.1 to v1.11.3. 8239* External libraries installed via composer will now be displayed 8240 on Special:Version in their own section. Extensions or skins that are 8241 installed via composer will not be shown in this section as it is assumed 8242 they will add the proper credits to the skins or extensions section. They 8243 can also be accessed through the API via the new siprop=libraries to 8244 ApiQuerySiteinfo. 8245* Update QUnit from v1.14.0 to v1.16.0. 8246* Update Moment.js from v2.8.3 to v2.8.4. 8247* Special:Tags now allows for manipulating the list of user-modifiable change 8248 tags. 8249* Added 'managetags' user right and 'ChangeTagCanCreate', 'ChangeTagCanDelete', 8250 and 'ChangeTagCanCreate' hooks to allow for managing user-modifiable change 8251 tags. 8252* Added 'ChangeTagsListActive' hook, to separate the concepts of "defined" and 8253 "active" formerly conflated by the 'ListDefinedTags' hook. 8254* Added TemplateParser class that provides a server-side interface to cachable 8255 dynamically-compiled Mustache templates (currently uses lightncandy library). 8256* Clickable anchors for each section heading in the content are now generated 8257 and appear in the gutter on hovering over the heading. 8258* Added 'CategoryViewer::doCategoryQuery' and 'CategoryViewer::generateLink' 8259 hooks to allow extensions to override how links to pages are rendered within 8260 NS_CATEGORY 8261* (T19665) Special:WantedPages only lists page which having at least one red 8262 link pointing to it. 8263* New hooks 'ApiMain::moduleManager' and 'ApiQuery::moduleManager', can be 8264 used for conditional registration of API modules. 8265* New hook 'EnhancedChangesList::getLogText' to alter, remove or add to the 8266 links of a group of changes in EnhancedChangesList. 8267* A full interface for StatsD metric reporting has been added to the context 8268 interface, reachable via IContextSource::getStats(). 8269* Move the jQuery Client library from being mastered in MediaWiki as v0.1.0 to a 8270 proper, published library, which is now tagged as v1.0.0. 8271* A new message (defaulting to blank), 'editnotice-notext', can be shown to 8272 users when they are editing if no edit notices apply to the page being edited. 8273* (T94536) You can now make the sitenotice appear to logged-in users only by 8274 editing MediaWiki:Anonnotice and replacing its content with "". Setting it to 8275 "-" (default) will continue disable it and fallback to MediaWiki:Sitenotice. 8276* Modifying the tagging of a revision or log entry is now available via 8277 Special:EditTags, generally accessed via the revision-deletion-like interface 8278 on history pages and Special:Log is likely to be more useful. 8279* Added 'applychangetags' and 'changetags' user rights. 8280* (T35235) LogFormatter subclasses are now responsible for formatting the 8281 parameters for API log event output. Extensions should implement the new 8282 getParametersForApi() method in their log formatters. 8283 8284==== External libraries ==== 8285* MediaWiki now requires certain external libraries to be installed. In the past 8286 these were bundled inside the Git repository of MediaWiki core, but now they 8287 need to be installed separately. For users using the tarball, this will be 8288 taken care of and no action will be required. Users using Git will either need 8289 to use composer to fetch dependencies or use the mediawiki/vendor repository 8290 which includes all dependencies for MediaWiki core and ones used in Wikimedia 8291 deployment. Detailed instructions can be found at: 8292 https://www.mediawiki.org/wiki/Download_from_Git#Fetch_external_libraries 8293* The following libraries are now required: 8294** psr/log 8295 This library provides the interfaces set by the PSR-3 standard 8296 (http://www.php-fig.org/psr/psr-3/) which are used by MediaWiki internally 8297 via the MediaWiki\Logger\LoggerFactory class. 8298 See the structured logging RfC 8299 <https://www.mediawiki.org/wiki/Requests_for_comment/Structured_logging> 8300 for more background information. 8301** cssjanus/cssjanus 8302 This library was formerly bundled with MediaWiki core and has been removed. 8303 It automatically flips CSS for RTL support. 8304** leafo/lessphp 8305 This library was formerly bundled with MediaWiki core and has been removed. 8306 It compiles LESS files into CSS. 8307** wikimedia/cdb 8308 This library was formerly a part of MediaWiki core, and has been moved into a 8309 separate library. It provides CDB functions which are used in the Interwiki 8310 and Localization caches. More information about the library can be found at 8311 https://www.mediawiki.org/wiki/CDB. 8312** liuggio/statsd-php-client 8313 This library provides a StatsD client API for logging application metrics to 8314 a remote server. 8315 8316=== Bug fixes in 1.25 === 8317* (T73003) No additional code will be generated to try to load CSS-embedded 8318 SVG images in Internet Explorer 6 and 7, as they don't support them anyway. 8319* (T69021) On Special:BookSources, corrected validation of ISBNs (both 8320 10- and 13-digit forms) containing "X". 8321* Page moving was refactored into a MovePage class. As part of that: 8322** The AbortMove hook was removed. 8323** MovePageIsValidMove is for extensions to specify whether a page 8324 cannot be moved for technical reasons, and should not be overridden. 8325** MovePageCheckPermissions is for checking whether the given user is 8326 allowed to make the move. 8327** Title::moveNoAuth() was deprecated. Use the MovePage class instead. 8328** Title::moveTo() was deprecated. Use the MovePage class instead. 8329** Title::isValidMoveOperation() broken down into MovePage::isValidMove() 8330 and MovePage::checkPermissions(). 8331* (T18530) Multiple autocomments are now formatted in an edit summary. 8332* (T70361) Autocomments containing "/*" are parsed correctly. 8333* The Special:WhatLinksHere page linked from 'Number of redirects to this page' 8334 on action=info about a file page does not list file links anymore. 8335* (T78637) Search bar is not autofocused unless it is empty so that proper 8336 scrolling using arrow keys is possible. 8337* (T50853) Database::makeList() modified to handle 'NULL' separately when 8338 building IN clause 8339* (T85192) Captcha position modified in Usercreate template. As a result: 8340** extrafields parameter added to Usercreate.php to insert additional data 8341** 'extend' method added to QuickTemplate to append additional values to any 8342 field of data array 8343* (T86974) Several Title methods now load from the database when necessary 8344 (instead of returning incorrect results) even when the page ID is known. 8345* (T74070) Duplicate search for archived files on file upload now omits the 8346 extension. 8347 This requires the fa_sha1 field being populated. 8348* Removed rel="archives" from the "View history" link, as it did not pass 8349 HTML validation. 8350* $wgUseTidy is now set when parserTests are run with the tidy option to match 8351 output on wiki. 8352* (T37472) update.php will purge ResourceLoader cache unless --nopurge is passed 8353 to it. 8354* (T72109) mediawiki.language should respect $wgTranslateNumerals in 8355 convertNumber(). 8356 8357=== Action API changes in 1.25 === 8358* (T67403) XML tag highlighting is now only performed for formats 8359 "xmlfm" and "wddxfm". 8360* action=paraminfo supports generalized submodules (modules=query+value), 8361 querymodules and formatmodules are deprecated 8362* action=paraminfo no longer outputs descriptions and other help text by 8363 default. If needed, it may be requested using the new 'helpformat' parameter. 8364* action=help has been completely rewritten, and outputs help in HTML 8365 rather than plain text. 8366* Hitting api.php without specifying an action now displays only the help for 8367 the main module, with links to submodule help. 8368* API help is no longer displayed on errors. 8369* 'uselang' is now a recognized API parameter; "uselang=user" may be used to 8370 explicitly select the language from the current user's preferences, and 8371 "uselang=content" may be used to select the wiki's content language. 8372* Default output format for the API is now jsonfm. 8373* Simplified continuation will return a "batchcomplete" property in the result 8374 when a batch of pages is complete. 8375* Pretty-printed HTML output now has nicer formatting and (if available) 8376 better syntax highlighting. 8377* Deprecated list=deletedrevs in favor of newly-added prop=deletedrevisions and 8378 list=alldeletedrevisions. 8379* prop=revisions will gracefully continue when given too many revids or titles, 8380 rather than just ignoring the extras. 8381* prop=revisions will no longer die if rvcontentformat doesn't match a 8382 revision's content model; it will instead warn and omit the content. 8383* If the user has the 'deletedhistory' right, action=query's revids parameter 8384 will now recognize deleted revids. 8385* prop=revisions may be used as a generator, generating revids. 8386* (T68776) format=json results will no longer be corrupted when 8387 $wgMangleFlashPolicy is in effect. format=php results will cleanly return an 8388 error instead of returning invalid serialized data. 8389* Generators may now return data for the generated pages when used with 8390 action=query. 8391* Query page data for generator=search and generator=prefixsearch will now 8392 include an "index" field, which may be used by the client for sorting the 8393 search results. 8394* ApiOpenSearch now supports XML output. 8395* ApiOpenSearch will now output descriptions and URLs as array indexes 2 and 3 8396 in JSON format. 8397* (T76051) list=tags will now continue correctly. 8398* (T76052) list=tags can now indicate whether a tag is defined. 8399* (T75522) list=prefixsearch now supports continuation 8400* (T78737) action=expandtemplates can now return page properties. 8401* (T78690) list=allimages now accepts multiple pipe-separated values 8402 for the 'aimime' parameter. 8403* prop=info with inprop=protections will now return applicable protection types 8404 with the 'restrictiontypes' key. 8405* (T85417) When resolving redirects, ApiPageSet will now add the targets of 8406 interwiki redirects to the list of interwiki titles. 8407* (T85417) When outputting the list of redirect titles, a 'tointerwiki' 8408 property (like the existing 'tofragment' property) will be set. 8409* Added action=managetags to allow for managing the list of 8410 user-modifiable change tags. Actually modifying the tagging of a revision or 8411 log entry is not implemented yet. 8412* list=tags has additional properties to indicate 'active' status and tag 8413 sources. 8414* siprop=libraries was added to ApiQuerySiteinfo to list installed external 8415 libraries. 8416* (T88010) Added action=checktoken, to test a CSRF token's validity. 8417* (T88010) Added intestactions to prop=info, to allow querying of 8418 Title::userCan() via the API. 8419* Default type param for query list=watchlist and list=recentchanges has 8420 been changed from all types (e.g. including 'external') to 'edit|new|log'. 8421* Added formatversion to format=json. Still "experimental" as further changes 8422 to the output formatting might still be made. 8423* (T73020) Log event details are now always under a 'params' subkey for 8424 list=logevents, and a 'logparams' subkey for list=watchlist and 8425 list=recentchanges. 8426* Log event details are changing formatting: 8427 * block events now report flags as an array rather than as a comma-separated 8428 list. 8429 * patrol events now report the 'auto' flag as a boolean (absent/empty string 8430 for BC formats) rather than as an integer. 8431 * rights events now report the old and new group lists as arrays rather than 8432 as comma-separated lists. 8433 * merge events use new-style formatting. 8434 * delete/event and delete/revision events use new-style formatting. 8435* The root node and various other nodes will now always be an object in formats 8436 such as json that distinguish between arrays and objects. 8437 * Except for action=opensearch where the spec requires an array. 8438 8439=== Action API internal changes in 1.25 === 8440* ApiHelp has been rewritten to support i18n and paginated HTML output. 8441 Most existing modules should continue working without changes, but should do 8442 the following: 8443 * Add an i18n message "apihelp-{$moduleName}-description" to replace 8444 getDescription(). 8445 * Add i18n messages "apihelp-{$moduleName}-param-{$param}" for each parameter 8446 to replace getParamDescription(). If necessary, the settings array returned 8447 by getParams() can use the new ApiBase::PARAM_HELP_MSG key to override the 8448 message. 8449 * Implement getExamplesMessages() to replace getExamples(). 8450* Modules with submodules (like action=query) must have their submodules 8451 override ApiBase::getParent() to return the correct parent object. 8452* The 'APIGetDescription' and 'APIGetParamDescription' hooks are deprecated, 8453 and will have no effect for modules using i18n messages. Use 8454 'APIGetDescriptionMessages' and 'APIGetParamDescriptionMessages' instead. 8455* Api formatters will no longer be asked to display the help screen on errors. 8456* ApiMain::getCredits() was removed. The credits are available in the 8457 'api-credits' i18n message. 8458* ApiFormatBase has been changed to support i18n and syntax highlighting via 8459 extensions with the new 'ApiFormatHighlight' hook. Core syntax highlighting 8460 has been removed. 8461* ApiFormatBase now always buffers. Output is done when 8462 ApiFormatBase::closePrinter is called. 8463* Much of the logic in ApiQueryRevisions has been split into 8464 ApiQueryRevisionsBase. 8465* The 'revids' parameter supplied by ApiPageSet will now count deleted 8466 revisions as "good" if the user has the 'deletedhistory' right. New methods 8467 ApiPageSet::getLiveRevisionIDs() and ApiPageSet::getDeletedRevisionIDs() are 8468 provided to access just the live or just the deleted revids. 8469* Added ApiPageSet::setGeneratorData() and ApiPageSet::populateGeneratorData() 8470 to allow generators to include data in the action=query result. 8471* New hooks 'ApiMain::moduleManager' and 'ApiQuery::moduleManager', can be 8472 used for conditional registration of API modules. 8473* Added ApiBase::lacksSameOriginSecurity() to allow modules to easily check if 8474 the current request was sent with the 'callback' parameter (or any future 8475 method that breaks the same-origin policy). 8476* Profiling methods in ApiBase are deprecated and no longer need to be called. 8477* ApiResult was greatly overhauled. See inline documentation for details. 8478* ApiResult will automatically convert objects to strings or arrays (depending 8479 on whether a __toString() method exists on the object), and will refuse to 8480 add unsupported value types. 8481 * An informal interface, ApiSerializable, exists to override the default 8482 object conversion. 8483* ApiResult/ApiFormatBase "raw mode" is deprecated. 8484* ApiFormatXml now assumes defaults and so on instead of throwing errors when 8485 metadata isn't set. 8486* (T35235) LogFormatter subclasses are now responsible for formatting log event 8487 parameters for the API. 8488* Many modules have changed result data formats. While this shouldn't affect 8489 clients not using the experimental formatversion=2, code using 8490 ApiResult::getResultData() without the transformations for backwards 8491 compatibility may need updating, as will code that wasn't following the old 8492 conventions for API boolean output. 8493* The following methods have been deprecated and may be removed in a future 8494 release: 8495 * ApiBase::getDescription 8496 * ApiBase::getParamDescription 8497 * ApiBase::getExamples 8498 * ApiBase::makeHelpMsg 8499 * ApiBase::makeHelpArrayToString 8500 * ApiBase::makeHelpMsgParameters 8501 * ApiBase::getModuleProfileName 8502 * ApiBase::profileIn 8503 * ApiBase::profileOut 8504 * ApiBase::safeProfileOut 8505 * ApiBase::getProfileTime 8506 * ApiBase::profileDBIn 8507 * ApiBase::profileDBOut 8508 * ApiBase::getProfileDBTime 8509 * ApiBase::getResultData 8510 * ApiFormatBase::setUnescapeAmps 8511 * ApiFormatBase::getWantsHelp 8512 * ApiFormatBase::setHelp 8513 * ApiFormatBase::formatHTML 8514 * ApiFormatBase::setBufferResult 8515 * ApiFormatBase::getDescription 8516 * ApiFormatBase::getNeedsRawData 8517 * ApiMain::setHelp 8518 * ApiMain::reallyMakeHelpMsg 8519 * ApiMain::makeHelpMsgHeader 8520 * ApiResult::setRawMode 8521 * ApiResult::getIsRawMode 8522 * ApiResult::getData 8523 * ApiResult::setElement 8524 * ApiResult::setContent 8525 * ApiResult::setIndexedTagName_recursive 8526 * ApiResult::setIndexedTagName_internal 8527 * ApiResult::setParsedLimit 8528 * ApiResult::beginContinuation 8529 * ApiResult::setContinueParam 8530 * ApiResult::setGeneratorContinueParam 8531 * ApiResult::endContinuation 8532 * ApiResult::size 8533 * ApiResult::convertStatusToArray 8534 * ApiQueryImageInfo::getPropertyDescriptions 8535 * ApiQueryLogEvents::addLogParams 8536* The following classes have been deprecated and may be removed in a future 8537 release: 8538 * ApiQueryDeletedrevs 8539 8540=== Languages updated in 1.25 === 8541 8542MediaWiki supports over 350 languages. Many localisations are updated 8543regularly. Below only new and removed languages are listed, as well as 8544changes to languages because of Bugzilla reports. 8545 8546* Languages added: 8547** awa (अवधी / Awadhi), thanks to translator 1AnuraagPandey; 8548** bgn (بلوچی رخشانی / Western Balochi), thanks to translators 8549 Baloch Afghanistan, Ibrahim khashrowdi and Rachitrali; 8550** ses (Koyraboro Senni), thanks to translator Songhay. 8551* (T66440) Kazakh (kk) wikis should no longer forcefully reset the user's 8552 interface language to kk where unexpected. 8553* The Chinese conversion table was substantially updated to fix a lot of 8554 bugs and ensure better reading experience for different variants. 8555 8556=== Other changes in 1.25 === 8557* (T45591) Links to MediaWiki.org translatable help were added to indicators, 8558 mostly in special pages. Local custom target titles can be placed in the 8559 relevant '(namespace-X|action name|special page name)-helppage' system 8560 message. Extensions can use the addHelpLink() function to do the same. 8561* The skin autodiscovery mechanism, deprecated in MediaWiki 1.23, has been 8562 removed. See https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery for 8563 migration guide for creators and users of custom skins that relied on it. 8564* Javascript variables 'wgFileCanRotate' and 'wgFileExtensions' now only 8565 available on Special:Upload. 8566* (T58257) Set site logo from mediawiki.skinning.interface module instead of 8567 inline styles in the HTML. 8568* Removed ApiQueryUsers::getAutoGroups(). (deprecated since 1.20) 8569* Removed XmlDumpWriter::schemaVersion(). (deprecated since 1.20) 8570* Removed LogEventsList::getDisplayTitle(). (deprecated since 1.20) 8571* Removed Preferences::trySetUserEmail(). (deprecated since 1.20) 8572* Removed mw.user.name() and mw.user.anonymous() methods. (deprecated since 8573 1.20) 8574* Removed 'ok' and 'err' parameters in the mediawiki.api modules. (deprecated 8575 since 1.20) 8576* Removed 'async' parameter from the mw.Api#getCategories() method. (deprecated 8577 since 1.20) 8578* Removed 'jquery.json' module. (deprecated since 1.24) 8579 Use the 'json' module and global JSON object instead. 8580* Deprecated OutputPage::readOnlyPage() and OutputPage::rateLimited(). 8581 Also, the former will now throw an MWException if called with one or more 8582 arguments. 8583* Removed hitcounters and associated code. 8584* The "temp" zone of the upload respository is now considered private. If it 8585 already exists (such as under the images/ directory), please make sure that 8586 the directory is not web readable (e.g. via a .htaccess file). 8587* BREAKING CHANGE: In the XML dump format used by Special:Export and 8588 dumpBackup.php, the <model> and <format> tags now apprear before the <text> 8589 tag, instead of after the <text> and <sha1> tags. 8590 The new schema version is 0.10, the new schema URI is: 8591 https://www.mediawiki.org/xml/export-0.10.xsd 8592* MWFunction::call() and MWFunction::callArray() were removed, having being 8593 deprecated in 1.22. 8594* Deprecated the getInternalLinkAttributes, getInternalLinkAttributesObj, 8595 and getInternalLinkAttributes methods in Linker, and removed 8596 getExternalLinkAttributes method, which was deprecated in MediaWiki 1.18. 8597* Removed Sites class, which was deprecated in 1.21 and replaced by 8598 SiteSQLStore. 8599* Added wgRelevantArticleId to the client-side config, for use on special pages. 8600* Deprecated the TitleIsCssOrJsPage hook. Superseded by the 8601 ContentHandlerDefaultModelFor hook since MediaWiki 1.21. 8602* Deprecated the TitleIsWikitextPage hook. Superseded by the 8603 ContentHandlerDefaultModelFor hook since MediaWiki 1.21. 8604* Changed parsing of variables in schema (.sql) files: 8605** The substituted values are no longer parsed. (Formerly, several passes 8606 were made for each variable, so depending on the order in which variables 8607 were defined, variables might have been found inside encoded values. This 8608 is no longer the case.) 8609** Variables are no longer string encoded when the /*$var*/ syntax is used. 8610 If string encoding is necessary, use the '{$var}' syntax instead. 8611** Variable names must only consist of one or more of the characters 8612 "A-Za-z0-9_". 8613** In source text of the form '{$A}'{$B}' or `{$A}`{$B}`, where variable A 8614 does not exist yet variable B does, the latter may not be replaced. 8615 However, this difference is unlikely to arise in practice. 8616* (T67278) RFC, PMID, and ISBN "magic links" must be surrounded by non-word 8617 characters on both sides. 8618* The FormatAutocomments hook will now receive $pre and $post as booleans, 8619 rather than as strings that must be prepended or appended to $comment. 8620* (T30950, T31025) RFC, PMID, and ISBN "magic links" can no longer contain 8621 newlines; but they can contain and other non-newline whitespace. 8622* The 'mediawiki.action.edit' ResourceLoader module no longer generates the edit 8623 toolbar, which has been moved to a separate 'mediawiki.toolbar' module. If you 8624 relied on this behavior, update your scripts' dependencies. 8625* HTMLForm's 'vform' display style has been separated to a subclass. Therefore: 8626 * HTMLForm::isVForm() is now deprecated. 8627 * You can no longer do this: 8628 $form = new HTMLForm( … ); 8629 $form->setDisplayFormat( 'vform' ); // throws exception 8630 Instead, do this: 8631 $form = HTMLForm::factory( 'vform', … ); 8632* Deprecated Revision methods getRawUser(), getRawUserText() and 8633 getRawComment(). 8634* BREAKING CHANGE: mediawiki.user.generateRandomSessionId: 8635 The alphabet of the prior string returned was A-Za-z0-9 and now it is 0-9A-F 8636* (T87504) Avoid serving SVG background-images in CSS for Opera 12, which 8637 renders them incorrectly when combined with border-radius or background-size. 8638* Removed maintenance script dumpSisterSites.php. 8639* DatabaseBase class constructors must be called using the array argument style. 8640 Ideally, DatabaseBase:factory() should be used instead in most cases. 8641* Deprecated ParserOutput::addSecondaryDataUpdate and 8642 ParserOutput::getSecondaryDataUpdates. 8643 This is a hard deprecation, with getSecondaryDataUpdates returning an empty 8644 array and addSecondaryDataUpdate throwing an exception. These functions will 8645 be removed in 1.26, since they interfere with caching of ParserOutput objects. 8646* Introduced new hook 'SecondaryDataUpdates' that allows extensions to inject 8647 custom updates. 8648* Introduced new hook 'OpportunisticLinksUpdate' that allows extensions to 8649 perform updates when a page is re-rendered. 8650* EditPage::attemptSave has been modified not to call handleStatus itself and 8651 instead just returns the Status object. Extension calling it should be aware 8652 of this. 8653* Removed class DBObject. (unused since 1.10) 8654* wfDiff() is deprecated. 8655* The -m (maximum replication lag) option of refreshLinks.php was removed. 8656 It had no effect since MediaWiki 1.18 and should be removed from any cron 8657 jobs or similar scripts you may have set up. 8658* (T85864) The following messages no longer support raw html: redirectto, 8659 thisisdeleted, viewdeleted, editlink, retrievedfrom, version-poweredby-others, 8660 retrievedfrom, thisisdeleted, viewsourcelink, lastmodifiedat, laggedslavemode, 8661 protect-summary-cascade 8662* All BloomCache related code has been removed. This was largely experimental. 8663* $wgResourceModuleSkinStyles no longer supports per-module local or remote 8664 paths. They can only be set for the entire skin. 8665* Removed global function swap(). (deprecated since 1.24) 8666* Deprecated the ".php5" file extension entry points and the $wgScriptExtension 8667 configuration variable. Refer to the ".php" files instead. If you want 8668 ".php5" URLs to continue to work, set up redirects. In Apache, this can be 8669 done by enabling mod_rewrite and adding the following rules to your 8670 configuration: 8671 8672 RewriteEngine On 8673 RewriteBase / 8674 RewriteRule ^(.*)\.php5 $1.php [R=301,L] 8675 8676* The global importScriptURI and importStylesheetURI functions, as well as the 8677 loadedScripts object, from wikibits.js (deprecated since 1.17) now emit 8678 warnings through mw.log.warn when accessed. 8679 8680= MediaWiki 1.24 = 8681 8682== MediaWiki 1.24.6 == 8683 8684This is a maintenance release of the MediaWiki 1.24 branch. 8685 8686=== Changes since 1.24.5 === 8687* (T121892) Fix fatal error on some Special pages, introduced in 1.24.5. 8688 8689== MediaWiki 1.24.5 == 8690 8691This is a security and maintenance release of the MediaWiki 1.23 branch. 8692 8693=== Changes since 1.24.4 === 8694* (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths 8695 that do not begin with a slash. This enabled trivial XSS attacks. 8696 Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are 8697 "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an 8698 error. 8699* (T119309) SECURITY: Use hash_compare() for edit token comparison 8700* (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting 8701 with '@' as file uploads 8702* (T115522) SECURITY: Passwords generated by User::randomPassword() can no 8703 longer be shorter than $wgMinimalPasswordLength 8704* (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could 8705 result in improper blocks being issued 8706* (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions 8707 and related pages no longer use HTTP redirects and are now redirected by 8708 MediaWiki 8709* (T103237) $wgUseGzip had no effect when using file cache. 8710 8711== MediaWiki 1.24.4 == 8712 8713This is a security and maintenance release of the MediaWiki 1.24 branch. 8714 8715=== Changes since 1.24.3 === 8716 8717* (T91653) Minimal PSR-3 debug logger to support backports from 1.25+. 8718* (T68650) Fix indexing of moved pages with PostgreSQL. Requires running 8719 update.php to fix. 8720* (T91850) SECURITY: Add throttle check in ApiUpload and SpecialUpload 8721* (T91203, T91205) SECURITY: API: Improve validation in chunked uploading 8722* (T95589) SECURITY: RevDel: Check all revisions for suppression, not just the 8723 first 8724* (T108616) SECURITY: Avoid exposure of local path in PNG thumbnails 8725 8726== MediaWiki 1.24.3 == 8727 8728This is a security and maintenance release of the MediaWiki 1.24 branch. 8729 8730=== Changes since 1.24.2 === 8731 8732* (T94116) SECURITY: Compare API watchlist token in constant time 8733* (T97391) SECURITY: Escape error message strings in thumb.php 8734* (T106893) SECURITY: Don't leak autoblocked IP addresses on 8735 Special:DeletedContributions 8736* Update jQuery from v1.11.2 to v1.11.3. 8737* (T102562) Fix InstantCommons parameters to handle the new HTTPS-only 8738 policy of Wikimedia Commons. 8739 8740== MediaWiki 1.24.2 == 8741 8742This is a security and maintenance release of the MediaWiki 1.24 branch. 8743 8744=== Changes since 1.24.1 === 8745 8746* (T85848, T71210) SECURITY: Don't parse XMP blocks that contain XML entities, 8747 to prevent various DoS attacks. 8748* (T85848) SECURITY: Don't allow directly calling Xml::isWellFormed, to reduce 8749 likelihood of DoS. 8750* (T88310) SECURITY: Always expand xml entities when checking SVG's. 8751* (T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS. 8752* (T85855) SECURITY: Don't execute another user's CSS or JS on preview. 8753* (T64685) SECURITY: Allow setting maximal password length to prevent DoS when 8754 using PBKDF2. 8755* (T85349, T85850, T86711) SECURITY: Multiple issues fixed in SVG filtering to 8756 prevent XSS and protect viewer's privacy. 8757* Fix case of SpecialAllPages/SpecialAllMessages in SpecialPageFactory to fix 8758 loading these special pages when $wgAutoloadAttemptLowercase is false. 8759* (bug T70087) Fix Special:ActiveUsers page for installations using 8760 PostgreSQL. 8761* (bug T76254) Fix deleting of pages with PostgreSQL. Requires a schema change 8762 and running update.php to fix. 8763 8764== MediaWiki 1.24.1 == 8765 8766This is a security and maintenance release of the MediaWiki 1.24 branch. 8767 8768=== Changes since 1.24.0 === 8769 8770* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which 8771 could lead to xss. Permission to edit MediaWiki namespace is required to 8772 exploit this. 8773* (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in 8774 $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as 8775 part of its name. 8776* (bug T74222) The original patch for T74222 was reverted as unnecessary. 8777* Fixed a couple of entries in RELEASE-NOTES-1.24. 8778* (bug T76168) OutputPage: Add accessors for some protected properties. 8779* (bug T74834) Make 1.24 branch directly installable under PostgreSQL. 8780 8781== MediaWiki 1.24.0 == 8782 8783=== Configuration changes in 1.24 === 8784* MediaWiki will no longer run if register_globals is enabled. It has been 8785 deprecated for 5 years now, and was removed in PHP 5.4. For more information 8786 about why, see <https://www.mediawiki.org/wiki/register_globals>. 8787* MediaWiki now requires PHP's iconv extension. openSUSE users may need to 8788 install the php5-iconv package. Users of other systems may need to add 8789 extension=iconv.so to php.ini or recompile PHP without --without-iconv. 8790* MediaWiki will no longer function if magic quotes are enabled. It has 8791 been deprecated for 5 years now, and was removed in PHP 5.4. 8792* The server's canonical hostname is available as $wgServerName, which is 8793 exposed in both mw.config and ApiQuerySiteinfo. 8794* Introduced $wgPagePropsHaveSortkey as a backwards-compatibility switch, 8795 for using the old schema of the page_props table, in case the respective 8796 schema update was not applied. 8797* $wgSearchEverythingOnlyLoggedIn was removed as the 'searcheverything' 8798 user option was removed. Use $wgNamespacesToBeSearchedDefault instead or 8799 if you used to have $wgDefaultUserOptions['searcheverything'] = 1. 8800* $wgMasterWaitTimeout has been deprecated. 8801* $wgDBClusterTimeout has been removed. 8802* $wgProxyKey has been removed. It is no longer used by MediaWiki core. 8803 Ensure $wgSecretKey is set in LocalSettings.php. 8804* $wgExtraInterlanguageLinkPrefixes is a new configuration variable that 8805 contains an array of interwiki prefixes that should be treated as language 8806 prefixes (i.e. turned into interlanguage links when $wgInterwikiMagic is set 8807 to true). 8808* $wgParserTestRemote has been removed. 8809* $wgCountTotalSearchHits has been removed. If you're concerned about efficiency 8810 of search, you should use something like CirrusSearch instead of built in 8811 search. 8812* Users in the 'sysop' group have access to Special:MergeHistory by default. 8813* $wgFileStore was removed after having been deprecated in 1.17. Alternative 8814 configurations are $wgDeletedDirectory and $wgHashedUploadDirectory. 8815* The deprecated $wgUseCommaCount variable has been removed. 8816* $wgEnableSorbs and $wgSorbsUrl have been removed. 8817* The UserCryptPassword and UserComparePassword hooks are no longer called. 8818 Any extensions using them must be updated to use the Password Hashing API. 8819* $wgCompiledFiles has been removed. 8820* $wgSortSpecialPages was removed, the listing on Special:SpecialPages is 8821 now always sorted. 8822* $wgSpecialPages may now use callback functions as an alternative to plain 8823 class names. This allows more control over constructor parameters. 8824* $wgHTCPMulticastAddress, $wgHTCPMulticastRouting and $wgHTCPPort were removed. 8825* $wgRC2UDPAddress, $wgRC2UDPInterwikiPrefix, $wgRC2UDPOmitBots, $wgRC2UDPPort 8826 and $wgRC2UDPPrefix have been removed. 8827* The default password type for MediaWiki has been changed from MD5 to PBKDF2. 8828 Password hashes will automatically be updated as users log in. If necessary, 8829 the old MD5 hashing can be restored by changing $wgPasswordDefault to 'B'. 8830 In addition, there is a maintenance script wrapOldPassword.php that can wrap 8831 all passwords in PBKDF2 (or the hashing algorithm of your choice) if you don't 8832 want to wait for your users to log in. 8833* $wgImportSources can now either be a regular array, or an associative map 8834 specifying subprojects on the interwiki map of the target wiki, or a mix of 8835 the two. Existing configurations will still work. 8836* Users must be able to edit through a page's protection to be able to delete 8837 it. 8838* The default thumb size ($wgDefaultUserOptions['thumbsize']) is now 300px, up 8839 from 180px. If you have altered the number of entries in $wgThumbLimits for 8840 your wiki, you may need to adjust your default user settings to compensate for 8841 the index change. 8842* $wgDeferredUpdateList is now deprecated, you should use 8843 DeferredUpdates::addUpdate() instead. 8844* $wgCanonicalLanguageLinks has been removed. Per Google recommendations, we 8845 will not send a rel=canonical pointing to a variant-neutral page, however 8846 we will send rel=alternate. 8847* $wgResourceLoaderLESSFunctions has been deprecated and will be removed in the 8848 future. 8849* $wgGoToEdit has been removed. Use the SpecialSearchNogomatch hook for similar 8850 functionality. 8851 8852=== New features in 1.24 === 8853* Added new hook WatchlistEditorBeforeFormRender, allowing subscribers to 8854 manipulate the list of pages and/or preload lots of data at once. 8855* Added new argument &$link in hook WatchlistEditorBuildRemoveLine, allowing the 8856 link to the title to be changed. 8857* Added a new hook, "WhatLinksHereProps", to allow extensions to annotate 8858 WhatLinksHere entries. 8859* Added a new hook, "ContentGetParserOutput", to customize parser output for 8860 a given content object. 8861* Deprecated the hook "ShowRawCssJs", use "ContentGetParserOutput" instead. 8862* HTMLForm's HTMLTextField now supports the 'url' type. 8863* HTMLForm fields may now be dynamically hidden based on the values of other 8864 fields in the form. 8865* HTMLForm now supports multiple copies of an input field or set of input 8866 fields, e.g. the form may request "one or more usernames" without having to 8867 have the user enter delimited list of names into a text field. 8868* Added a new hook, "SidebarBeforeOutput", to allow to edit the structure of 8869 the sidebar just before its display. 8870* (bug 49156) Added the mediawiki.cookie ResourceLoader module, which wraps 8871 jquery.cookie so that getting/setting a cookie is syntactically and 8872 functionally similar to using the WebRequest::getCookie() and 8873 WebResponse::setcookie() methods. 8874* (bug 44740) jQuery upgraded from 1.8.3 to 1.11.1. A new configuration option, 8875 $wgIncludejQueryMigrate, also loads the jQuery Migrate hack to let extensions 8876 and gadgets use the long-deprecated functions that were removed in jQuery 1.9. 8877 This option is turned off by default, and will be removed in MediaWiki 1.25. 8878* (bug 47076) jQuery UI upgraded from 1.8.24 to 1.9.2. 8879* Changes to content typography (fonts, etc.). See 8880 https://www.mediawiki.org/wiki/Typography_refresh for further information. 8881* WikitextContent will now render redirects with the expected "redirect" 8882 header, rather than as an ordered list. Code calling Article::viewRedirect 8883 can probably be changed to no longer special-case redirects. 8884* Header font set to a serif font stack. See 8885 https://www.mediawiki.org/wiki/Typography_refresh for further information. 8886* (bug 65567) Added a new hook, "BeforeHttpsRedirect", to allow cancellation of 8887 the HTTP to HTTPS redirect due to forceHTTPS cookie, userRequires, etc. This 8888 is only for page views, since this hook doesn't affect UserLogin, OAuth, 8889 CentralAuth, etc. ATTENTION: This hook is likely to be removed soon due to 8890 overall design of the system. 8891* (bug 17367) It is now possible to add pages to your watchlist from 8892 Special:UnwatchedPages without reloading the special page. 8893* New methods setVolatile and isVolatile are added to PPFrame, so that 8894 extensions such as Cite.php can mark that their output is volatile and 8895 shouldn't be cached. 8896* (bug 52817) Advanced search options are now saved on the search page itself, 8897 rather than in a dedicated pane in the preferences panel. 8898* (bug 44591) The dropdown actions menu (little triangle next to page tabs) in 8899 the Vector skin has gained a label that should make it more discoverable. 8900* MWCryptHKDF added for fast, cryptographically secure random number generation 8901 that won't deplete openssl's entropy pool. 8902* ResourceLoader: File modules can now provide a skip function that uses an 8903 inline feature test to bypass loading of the module. 8904* (bug 20210) Special pages may now provide autocompletion of their subpage 8905 names in search suggestions. Right now the only useful implementation is in 8906 Special:Log, but more are to come. 8907* Special:MostLinkedTemplates is no longer limited to transclusions from the 8908 Template namespace. 8909* Skins can now use 'remoteSkinPath' when defining ResourceLoader modules. 8910 This works the same as 'remoteExtPath' but is relative to the skins/ folder 8911 instead of the extensions/ folder. 8912* Added the json2.js polyfill for the ES5 JSON.stringify and JSON.parse methods. 8913 Exposed as module "json" with a skip function to optimise loading. 8914* Extensions and skins may now use 'namemsg' in $wgExtensionCredits in addition 8915 to 'name', to allow for the name to be localizable. 'name' should still be 8916 specified for backwards-compatibility and to define the path Special:Version 8917 uses to find extension license information. 8918* Browser tests are now included to verify basic wiki functionality in developer 8919 environments. For details on running tests, see 8920 tests/browser/README.mediawiki. 8921* Upgrade jStorage to v0.4.10. 8922* {{!}} is now a magic word that produces the | character. This removes the need 8923 for Template:! for purposes such as passing pipes inside of parameters. 8924* (bug 20790) The block log snippet on Special:Contributions and while 8925 editing user and user talk pages now works for IP range blocks. 8926* (bug 9360) Added ability to change the page language for MediaWiki pages using 8927 Special:PageLanguage. All pages are set to wiki language by default. 8928 The feature needs to be enabled with $wgPageLanguageUseDB=true and 8929 permission needs to be set for 'pagelang'. 8930* Upgrade Moment.js to v2.8.3. 8931* (bug 67042) Added support for the HTML5 <rtc> tag for East Asian typography. 8932* Upgrade Sinon.JS to 1.10.3. 8933* Added the es5-shim polyfill for older or non-compliant javascript engines. 8934* Upgrade jQuery Cookie to v1.3.1. 8935* (bug 20476) Add a "viewsuppressed" user right to be able to view 8936 suppressed content but not suppress it ("suppressrevision" right). 8937* (bug 66440) The MediaWiki web installer will now allow you to choose the skins 8938 to enable (from the ones included in download tarball) and decide which one 8939 should be the default. 8940* (bug 68085, 68802) Links like [[localInterwikiPrefix:languageCode:pageTitle]], 8941 where localInterwikiPrefix is a member of the $wgLocalInterwikis array, will 8942 no longer be displayed in the sidebar when $wgInterwikiMagic is true. In a 8943 similar way, links like [[localInterwikiPrefix:File:Image.png]] and 8944 [[localInterwikiPrefix:Category:Hello]] will now render as regular links, and 8945 will not include the file or add the page to the category. 8946* New special page, MyLanguage, to redirect users to subpages with localised 8947 versions of a page. (Integrated from Extension:Translate) 8948* MediaWiki now supports multiple password types, including bcrypt and PBKDF2. 8949 The default type can be changed with $wgPasswordDefault and the type 8950 configurations can be changed with $wgPasswordConfig. 8951* Skins can now define custom styles for default ResourceLoader modules using 8952 the $wgResourceModuleSkinStyles global. See the Vector skin for examples. 8953* (bug 4488) There is now a preference to watch pages where the user has 8954 rollbacked an edit by default. 8955* (bug 15484) Users will now be redirected to the login page when they need to 8956 log in, rather than being shown a page asking them to log in and having to 8957 click another link to actually get to the login page. 8958* A JsonContent and JsonContentHandler were added for extensions to extend. 8959* (bug 35045) Redirects to sections will now update the URL in browser's address 8960 bar using the HTML5 History API. When [[Dog]] redirects to [[Animals#Dog]], 8961 the user will now see "Animals#Dog" in their browser instead of "Dog#Dog". 8962* API token handling has been rewritten. Any API module using tokens will need 8963 to be updated. See the entry below under "Action API internal changes". 8964* Added HTMLAutoCompleteSelectField. 8965* Added a new hook, "SkinPreloadExistence", to allow extensions to add titles to 8966 link existence cache before the page is rendered. 8967* Config::set() was moved to its own interface, MutableConfig. 8968 GlobalVarConfig::set() is now deprecated, does not implement MutableConfig. 8969* A MutableConfig named HashConfig was added, that stores an array of 8970 configuration settings. 8971* (bug 69418) A MultiConfig implementation was added that supports fallback 8972 to multiple Config instances. 8973* Update CSSJanus to v1.1.0. 8974* Added FormatJson::parse() returning status with result or localized error 8975 message 8976* Added DeletedContribsPager::reallyDoQuery hook allowing extensions to data to 8977 Special:DeletedContributions 8978* Added DeletedContributionsLineEnding hook allowing extensions to format 8979 Special:DeletedContributions lines 8980* (T69525) You can now make MediaWiki speed up its thumbnail rendering by using 8981 intermediary thumbnails. $wgThumbnailBuckets must be set to a list of target 8982 thumbnail widths; when a new thumbnail needs to be rendered, MediaWiki will 8983 find the smallest bucket smaller than the original but larger than the target 8984 width + $wgThumbnailMinimumBucketDistance, and it will scale that thumbnail, 8985 rather than the original, down to the target size at greater speed in return 8986 for minor loss of fidelity. 8987 8988=== Bug fixes in 1.24 === 8989* (bug 50572) MediaWiki:Blockip should support gender 8990* (bug 49116) Footer copyright notice is now always displayed in user language 8991 rather than content language (same as copyright notice for editing interface). 8992* (bug 62258) A bug was fixed in File::getUnscaledThumb when a height 8993 restriction was present in the parameters. Images with both the "frame" 8994 option and a size specification set will now always ignore the provided 8995 size and display an unscaled image, as the documentation has always 8996 claimed it would. 8997* (bug 39035) Improved Vector skin performance by removing collapsibleNav, 8998 which used to collapse some sidebar elements by default. 8999 This removes -list id suffixes like p-lang-list: instead of using things like 9000 #p-lang-list, you can do #p-lang .body ul. 9001* (bug 890) Links in Special:RecentChanges and Special:Watchlist no longer 9002 follow redirects to their target pages. 9003* Parser now dies early if called recursively, instead of producing subtle bugs. 9004* (bug 14323) Redirect pages, when viewed with redirect=no, no longer hide the 9005 remaining page content. 9006* (bug 52587) Maintenance script deleteBatch.php no longer follows redirects 9007 in the file namespace and delete the file on the target page. It will still 9008 however delete the redirect page. 9009* (bug 22683) {{msgnw:}} and other uses of PPFrame::RECOVER_ORIG will correctly 9010 recover the original code of extension tags. 9011* (bug 65757) MSSQL: Update script drops unnamed constraints to be prepared 9012 for future updates. Because it's doing so heuristically, it may fail or drop 9013 wrong constraints. 9014* (bug 67870) wfShellExec() cuts off stdout at multiples of 8192 bytes. 9015* $wgRunJobsAsync now works with private wikis (e.g. read requires login). 9016* (bugs 57238, 65206) Blank pages can now be directly created. 9017* (bug 69789) Title::getContentModel() now loads from the database when 9018 necessary instead of incorrectly returning the default content model. 9019* (bug 69249) wfBaseConvert() now works around PHP Bug #50175 when using GMP. 9020* (bug 57909) URLs in the externallinks table will no longer have certain 9021 characters decoded in the query string. 9022* (bug 67368) LESS mixins like .background-image() correctly flip image 9023 references for RTL stylesheets now. 9024 9025=== Action API changes in 1.24 === 9026* action=parse API now supports prop=modules, which provides the list of 9027 ResourceLoader modules that should be used to enhance the parsed content. 9028* action=query&meta=siteinfo&siprop=interwikimap returns a new "protorel" 9029 field which is true if protocol-relative urls can be used to access 9030 a particular interwiki map entry. 9031* list=logevents now provides logpage, which is the page ID from the 9032 logging table, if ids are requested and the user has the permissions. 9033* action=edit now requires that appendtext, prependtext, or section=new be used 9034 when using the 'redirect' parameter, to prevent clients accidentally 9035 overwriting the target page with the content of the redirect. 9036* list=logevents will now return an error if both letitle and leprefix are 9037 specified. 9038* list=logevents has a new parameter, lenamespace, to allow filtering by 9039 namespace. 9040* action=expandtemplates has a new parameter, prop, and a new output format. 9041 The old format is still used if prop isn't provided, but this is deprecated. 9042* meta=userinfo can now return the count of unread pages on the watchlist. 9043* list=watchlist can now filter by unread status. 9044* The deprecated action=parse&prop=languageshtml has been removed. 9045* (bug 48071) action=setnotificationtimestamp no longer throws PHP or database 9046 errors when no pages are given. 9047* (bug 60734) Actions that use ApiPageSet (e.g. purge, watch, 9048 setnotificationtimestamp) will now include continuation information when 9049 using a generator. 9050* Removed 'props' and 'errors' from action=paraminfo, as they have extremely 9051 limited use and are generally inaccurate, unmaintained, and impossible to 9052 properly maintain. 9053* Formats dbg, dump, txt, wddx, and yaml are now deprecated. 9054* action=paraminfo now indicates when a parameter is specifying a submodule. 9055* The iwurl parameter to prop=iwlinks is deprecated in favor of iwprop=url, for 9056 parallelism with prop=langlinks. 9057* All tokens should be fetched from action=query&meta=tokens; all other methods 9058 of fetching tokens are deprecated. The value needed for meta=tokens's 'type' 9059 parameter for each module is documented in the action=help output and is 9060 returned from action=paraminfo. 9061* New action ClearHasMsg that can be used to clear HasMsg flag. 9062* The cmstartsortkey and cmendsortkey parameters to list=categorymembers are 9063 deprecated in favor of cmstarthexsortkey and cmendhexsortkey. 9064* (bug 63326) Add blockedtimestamp field to output of blockinfo property for 9065 the list=allusers and list=users modules. 9066* prop=imageinfo no longer requires iiurlwidth to be set when using iiurlparam. 9067* Added prop=linkshere, prop=fileusage, and prop=transcludedin, which are 9068 roughly equivalent to list=backlinks, list=imageusage, and list=embeddedin 9069 but can work on a list of titles (including titles from a generator). 9070* prop=redirects can now filter returned redirects by namespace. 9071 9072=== Action API internal changes in 1.24 === 9073* Methods for handling continuation are added to ApiResult, so actions other 9074 than query that use generators can easily support continuation. 9075* $wgAPIModules (and the related $wgAPIFormatModules, $wgAPIMetaModules, 9076 $wgAPIPropModules, and $wgAPIListModules settings) now allow API modules 9077 to be specified using a "module spec" array instead of a plain class name. 9078 A "module spec" is an associative array containing at least the 'class' key 9079 for the module's class, and optionally a 'factory' key for the factory 9080 function to use for the module. This is intended for extensions that want 9081 control over the instantiation of their API modules, to allow for proper 9082 dependency injection. 9083* A new param type 'submodule' is available. Parameters of this type will take 9084 the list of valid values from the module's ApiModuleManager for the group 9085 corresponding to the parameter name. 9086* The 'APIGetPossibleErrors' and 'APIGetResultProperties' hooks are no longer 9087 used. 9088* API token handling has been rewritten. Any API module using tokens will need 9089 to be updated: 9090 * ApiBase::needsToken now returns a token type instead of boolean true when a 9091 token is needed. Returning true will throw an exception. See documentation 9092 of that method for details. 9093 * Information for the 'token' parameter is automatically set by ApiBase 9094 getFinalParams and getFinalParamDescription. 9095 * ApiBase::getTokenSalt has been removed. 9096 * The hooks APIQueryInfoTokens, APIQueryRevisionsTokens, 9097 APIQueryRecentChangesTokens, APIQueryUsersTokens, and 9098 ApiTokensGetTokenTypes are deprecated, but are still called to support 9099 backwards-compatible token access. 9100* ApiBase::validateLimit and ApiBase::validateTimestamp are now protected. 9101* ApiQueryRedirects was removed; prop=redirects is now implemented by 9102 ApiQueryBacklinksProp along with the newly-added prop modules. 9103* The following methods have been deprecated and may be removed in a future 9104 release: 9105 * ApiBase::getResultProperties 9106 * ApiBase::getFinalResultProperties 9107 * ApiBase::addTokenProperties 9108 * ApiBase::getRequireOnlyOneParameterErrorMessages 9109 * ApiBase::getRequireMaxOneParameterErrorMessages 9110 * ApiBase::getRequireAtLeastOneParameterErrorMessages 9111 * ApiBase::getTitleOrPageIdErrorMessage 9112 * ApiBase::getPossibleErrors 9113 * ApiBase::getFinalPossibleErrors 9114 * ApiBase::parseErrors 9115 * ApiQuery::setGeneratorContinue 9116 * ApiQueryBase::checkRowCount 9117 * ApiQueryBase::titleToKey 9118 * ApiQueryBase::keyToTitle 9119 * ApiQueryBase::keyPartToTitle 9120 * ApiQueryInfo::getTokenFunctions 9121 * ApiQueryInfo::resetTokenCache 9122 * ApiQueryInfo::getEditToken 9123 * ApiQueryInfo::getDeleteToken 9124 * ApiQueryInfo::getProtectToken 9125 * ApiQueryInfo::getMoveToken 9126 * ApiQueryInfo::getBlockToken 9127 * ApiQueryInfo::getUnblockToken 9128 * ApiQueryInfo::getEmailToken 9129 * ApiQueryInfo::getImportToken 9130 * ApiQueryInfo::getWatchToken 9131 * ApiQueryInfo::getOptionsToken 9132 * ApiQueryRecentChanges::getTokenFunctions 9133 * ApiQueryRecentChanges::getPatrolToken 9134 * ApiQueryRevisions::getTokenFunctions 9135 * ApiQueryRevisions::getRollbackToken 9136 * ApiQueryUsers::getTokenFunctions 9137 * ApiQueryUsers::getUserrightsToken 9138* The following classes have been deprecated and may be removed in a future 9139 release: 9140 * ApiFormatDbg 9141 * ApiFormatDump 9142 * ApiFormatTxt 9143 * ApiFormatWddx 9144 * ApiFormatYaml 9145 * ApiTokens 9146* The following class constants have been deprecated and may be removed in a 9147 future release: 9148 * ApiBase::PROP_ROOT 9149 * ApiBase::PROP_LIST 9150 * ApiBase::PROP_TYPE 9151 * ApiBase::PROP_NULLABLE 9152 9153=== Languages updated in 1.24 === 9154 9155MediaWiki supports over 350 languages. Many localisations are updated 9156regularly. Below only new and removed languages are listed, as well as 9157changes to languages because of Bugzilla reports. 9158 9159=== Other changes in 1.24 === 9160* The deprecated jquery.delayedBind ResourceLoader module was removed. 9161* The deprecated function mw.util.toggleToc was removed. 9162* The Special:Search hooks SpecialSearchGo and SpecialSearchResultsAppend 9163 were removed as they were unused. 9164* (bug 65477) User::pingLimiter() now has an additional profile point varying 9165 by action being used. 9166* mediawiki.util.$content no longer supports old versions of the Vector, 9167 Monobook, Modern and CologneBlue skins that don't yet implement the "mw-body" 9168 and/or "mw-body-primary" class name in their html. 9169* Added pp_sortkey column to page_props table, so pages can be efficiently 9170 queried and sorted by property value (bug 58032). 9171 See $wgPagePropsHaveSortkey if you want to postpone the schema change. 9172* BREAKING CHANGE: All four built-in MediaWiki skins (Vector, MonoBook, Modern 9173 and Cologne Blue) were moved out of MediaWiki core to their own respective 9174 repositories. They will be installed with the release tarball, but you must 9175 install them separately if installing MediaWiki from source code. A warning 9176 message displayed until you do it should guide you through the process. See 9177 also <https://www.mediawiki.org/wiki/Manual:Skin_configuration>. 9178* BREAKING CHANGE: Skins built for MediaWiki 1.15 and earlier that do not use 9179 the "headelement" template key are no longer supported. Setting 9180 $useHeadElement = false; is no longer supported and will not cause old keys 9181 like "headlinks", "skinnameclass", etc. to be defined. 9182* BREAKING CHANGE: The files commonElements.css, commonContent.css and 9183 commonInterface.css (in skins/common/) have been removed. Skins may no longer 9184 rely on their presence and include them in their style modules. ResourceLoader 9185 modules introduced in MediaWiki 1.23 should be loaded instead: 9186 - skins/common/commonElements.css → 'mediawiki.skinning.elements' module 9187 - skins/common/commonContent.css → 'mediawiki.skinning.content' module 9188 - skins/common/commonInterface.css → 'mediawiki.skinning.interface' module 9189* The deprecated 'SpecialVersionExtensionTypes' hook was removed. 9190* (bug 63891) Add 'X-Robots-Tag: noindex' header in action=render pages. 9191* SpecialPage no longer supports the syntax for invoking wfSpecial*() functions. 9192 Special pages should subclass SpecialPage and implement the execute() method. 9193* (bug 63755) The deprecated constants RC_MOVE and RC_MOVE_OVER_REDIRECT were 9194 removed. 9195* Special:MostLinkedTemplates has been renamed to Special:MostTranscludedPages. 9196* The skin autodiscovery mechanism has been deprecated and will be removed in 9197 MediaWiki 1.25. See https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery 9198 for migration guide for creators and users of custom skins that relied on it. 9199* ResourceLoaderFileModule#getAllStyleFiles now returns all style files and all 9200 skin style files used by the module. 9201* Removed getLang() from IContextSource and subclasses. (deprecated since 1.19) 9202* Removed setLang() from subclasses of IContextSource. (deprecated since 1.19) 9203* Removed WebRequest::escapeAppendQuery(). (deprecated since 1.20) 9204* Removed info(), purge(), revert() and rollback() from the Article class; they 9205 have since become subclasses of the Action class. (deprecated since 1.19) 9206* SearchEngineReplacePrefixesComplete hook was removed. 9207* The "jquery.json" module has been deprecated. Use the "json" module instead. 9208* Removed HTMLForm::addJS(). (deprecated since 1.18) 9209* Removed LogEventsList::showHeader(). (deprecated since 1.19) 9210* Removed ImageGalleryBase::useSkin(). (deprecated since 1.18) 9211* Removed DatabaseMysqlBase::getLagFromProcesslist(). (deprecated since 1.19) 9212* Removed LoadBalancer::closeConnecton(). (deprecated since 1.18) 9213* Removed ApiBase::createContext(). (deprecated since 1.19) 9214* BREAKING CHANGE: The undocumented Special{$this->getName()}BeforeFormDisplay 9215 set of hooks has been removed and replaced by a single new hook 9216 SpecialPageBeforeFormDisplay. 9217* (bug 65781) Removed block warning on included {{Special:Contributions}} 9218* Removed Skin::makeGlobalVariablesScript(). (deprecated since 1.19) 9219* Removed MWNamespace::isMain(). (deprecated since 1.19) 9220* Removed Preferences::loadOldSearchNs(). (deprecated since 1.19) 9221* Removed OutputPage::getStatusMessage(). (deprecated since 1.18) 9222* Removed OutputPage::isUserJsAllowed(). (deprecated since 1.18) 9223* Removed Title::updateTitleProtection(). (deprecated since 1.19) 9224* Removed ParserOptions::setSkin(). (deprecated since 1.19) 9225* Removed Title::escapeCanonicalURL(). (deprecated since 1.19) 9226* Removed Title::escapeLocalURL(). (deprecated since 1.19) 9227* Removed Title::escapeFullURL(). (deprecated since 1.19) 9228* Removed User::isValidEmailAddr(). (deprecated since 1.18) 9229* Removed Title::getEscapedText(). (deprecated since 1.19) 9230* Removed Language::getFallbackLanguageCode(). (deprecated since 1.19) 9231* Removed WikiPage::isBigDeletion(). (deprecated since 1.19) 9232* Removed MWInit class which contained functions related to a now discontinued 9233 PHP compiler called hphpc. (deprecated since 1.22) 9234* ApiResult::enableSizeCheck() and disableSizeCheck() are now obsolete. 9235* Removed ResourceLoaderGetStartupModules hook. (deprecated since 1.23) 9236* Removed getFormFields(), onSubmit() and onSuccess() from FormlessAction, as 9237 these were meant specifically for FormAction instead. 9238* Removed Action::execute(). 9239* Removed AjaxAddScript which has been obsolete since ResourceLoader and 9240 is unused by any modern extension. 9241* Removed maintenance/nextJobDB.php; no longer in use. 9242* Removed global function wfViewPrevNext(). (deprecated since 1.19) 9243* Removed global function xmlsafe() from Export.php. (moved to OAIRepo 9244 extension) 9245* Removed Title::userCanRead(). (deprecated since 1.19) 9246* Removed maintenance script importTextFile.php. Use edit.php script instead. 9247* A _from_namespace field has been added to the templatelinks, pagelinks, 9248 and filelinks tables. Run update.php to apply this change to the schema. 9249* Removed File::sha1Base36(). (deprecated since 1.19) 9250* Removed File::getPropsFromPath(). (deprecated since 1.19) 9251* Removed functions blockedPage(), noCreatePermission(), readOnlyPage() and 9252 userNotLoggedInPage() from EditPage.php. (deprecated since 1.19) 9253* Removed functions getContent(), getPreloadedText(), mergeChangesInto() and 9254 setPreloadedText() from EditPage.php. (deprecated since 1.21) 9255* Removed global functions wfArrayLookup(), wfArrayMerge(), 9256 wfDebugDieBacktrace() and wfTime(). (deprecated since 1.22) 9257* Browser support for Internet Explorer 6 and 7 lowered from Grade A to Grade C, 9258 meaning that JavaScript is no longer executed in these browser versions. 9259* Browser support for Opera 11 lowered from Grade A to Grade C. 9260* Removed IEFixes module which existed purely to provide support for MSIE 9261 versions below 7 (conditionally loaded only for those browsers). 9262* Deprecated SpecialPageFactory::getList() in favor of 9263 SpecialPageFactory::getNames() 9264* Action::checkCanExecute() no longer has a return value. 9265* Removed cleanupForIRC(), loadFromCurRow(), newFromCurRow(), notifyRC2UDP() 9266 and sendToUDP() from RecentChange.php. (deprecated since 1.22) 9267* Removed EnhancedChangesList::arrow(), sideArrow(), downArrow(), spacerArrow(). 9268* Removed Xml::namespaceSelector(). (deprecated since 1.19) 9269* Removed WikiPage::estimateRevisionCount(). (deprecated since 1.19) 9270* MYSQL: Enum item added to "major MIME type" columns. 9271 Running update.php on MySQL < v5.1 may result in heavy processing. 9272* RSS and Atom feeds generated by MediaWiki no longer include a fallback 9273 stylesheet. It was ignored by most browsers these days anyway. 9274* SpecialSearchNoResults hook has been removed. SpecialSearchResults is now 9275 called unconditionally. 9276* TablePager::getBody() is now 'final' and can't be overridden in subclasses. 9277* TablePager::getBody() is deprecated, use getBodyOutput() or getFullOutput(). 9278* Added $outputPage parameter to the SkinTemplateGetLanguageLink hook. 9279* log_page for move log entries store the original page ID, rather than that 9280 of the new redirect page. This is not retroactive. 9281* LCStoreAccel was removed. $wgLocalisationCacheConf can no longer be set to 9282 use this store class. 9283* Html::infoBox() no longer accepts paths relative to skins/common/images/. 9284* Deprecated defunct Skin::getCommonStylePath(). 9285* Some extensions had their ResourceLoader modules depend on the "mediawiki" 9286 and "jquery" modules. In the past, this behavior was undefined, now it will 9287 throw an error. 9288* Removed BagOStuff::replace(). (deprecated since 1.23) 9289* In Linker.php, link(), linkText() and makeBrokenImageLinkObj() now display 9290 warnings if their first parameter is not a Title object. Also makeImageLink() 9291 now requires a Parser as its first parameter. 9292* (bug 67368) LESS functions embed() and embeddable(), added in MediaWiki 1.23 9293 and broken by design, have been removed. Use appropriate LESS mixins instead. 9294* Removed cssjanus.py from maintenance directory as it was unused. 9295* Removed maintenance/purgeOldText.inc and the PurgeRedundantText() function 9296 it contained (superseded by Maintenance::purgeRedundantText() in 1.16). 9297 The purgeOldText.php maintenance script has been retained. 9298* PHPUnit tests can be found by directory discovery, by adding the directory 9299 path from your UnitTestsList callback. Older versions of MediaWiki core will 9300 barf at this usage. 9301 9302==== Renamed classes ==== 9303* CLDRPluralRuleConverter_Expression to CLDRPluralRuleConverterExpression 9304* CLDRPluralRuleConverter_Fragment to CLDRPluralRuleConverterFragment 9305* CLDRPluralRuleConverter_Operator to CLDRPluralRuleConverterOperator 9306* CLDRPluralRuleEvaluator_Range to CLDRPluralRuleEvaluatorRange 9307* CSSJanus_Tokenizer to CSSJanusTokenizer 9308* MediaWiki_I18N to MediaWikiI18N 9309* Parser_DiffTest to ParserDiffTest 9310* RevDel_ArchiveItem to RevDelArchiveItem 9311* RevDel_ArchiveList to RevDelArchiveList 9312* RevDel_ArchivedFileItem to RevDelArchivedFileItem 9313* RevDel_ArchivedFileList to RevDelArchivedFileList 9314* RevDel_ArchivedRevisionItem to RevDelArchivedRevisionItem 9315* RevDel_FileItem to RevDelFileItem 9316* RevDel_FileList to RevDelFileList 9317* RevDel_Item to RevDelItem 9318* RevDel_List to RevDelList 9319* RevDel_LogItem to RevDelLogItem 9320* RevDel_LogList to RevDelLogList 9321* RevDel_RevisionItem to RevDelRevisionItem 9322* RevDel_RevisionList to RevDelRevisionList 9323* WebInstaller_Complete to WebInstallerComplete 9324* WebInstaller_Copying to WebInstallerCopying 9325* WebInstaller_DBConnect to WebInstallerDBConnect 9326* WebInstaller_DBSettings to WebInstallerDBSettings 9327* WebInstaller_Document to WebInstallerDocument 9328* WebInstaller_ExistingWiki to WebInstallerExistingWiki 9329* WebInstaller_Install to WebInstallerInstall 9330* WebInstaller_Language to WebInstallerLanguage 9331* WebInstaller_Name to WebInstallerName 9332* WebInstaller_Options to WebInstallerOptions 9333* WebInstaller_Readme to WebInstallerReadme 9334* WebInstaller_ReleaseNotes to WebInstallerReleaseNotes 9335* WebInstaller_Restart to WebInstallerRestart 9336* WebInstaller_Upgrade to WebInstallerUpgrade 9337* WebInstaller_UpgradeDoc to WebInstallerUpgradeDoc 9338* WebInstaller_Welcome to WebInstallerWelcome 9339 9340==== Removed classes ==== 9341* IPBlockForm - Use SpecialBlock directly 9342* WatchlistEditor - Use SpecialEditWatchlist directly 9343* FormatExif - Use FormatMetadata directly 9344* RevertFileAction - Use RevertAction directly 9345* HistoryPage - Use HistoryAction directly 9346* RawPage - Use RawAction directly 9347* StubContLang - Use Language::factory() instead 9348* XMLReader2 - Use XMLReader directly 9349* ResourceLoaderLESSFunctions - No longer in use, not intended for public usage 9350 9351==== Removed files ==== 9352The skins/common/ directory, previously containing some assets intended to be 9353used by skins and a number of legacy styles and scripts, has been removed. Its 9354contents have been deleted or relocated into the resources/ directory. Full list 9355of files that are no longer available follows. 9356 9357* skins/common/ajax.js 9358* skins/common/commonContent.css 9359* skins/common/commonElements.css 9360* skins/common/commonInterface.css 9361* skins/common/commonPrint.css 9362* skins/common/config-cc.css 9363* skins/common/config.css 9364* skins/common/config.js 9365* skins/common/feed.css 9366* skins/common/IEFixes.js 9367* skins/common/oldshared.css 9368* skins/common/protect.js 9369* skins/common/shared.css 9370* skins/common/upload.js 9371* skins/common/wikibits.js 9372* skins/common/images/add.png 9373* skins/common/images/ajax-loader.gif 9374* skins/common/images/arrow_disabled_first_25.png 9375* skins/common/images/arrow_disabled_last_25.png 9376* skins/common/images/arrow_disabled_left_25.png 9377* skins/common/images/arrow_disabled_right_25.png 9378* skins/common/images/arrow_first_25.png 9379* skins/common/images/arrow_last_25.png 9380* skins/common/images/arrow_left_25.png 9381* skins/common/images/arrow_right_25.png 9382* skins/common/images/Arr_.png 9383* skins/common/images/Arr_d.png 9384* skins/common/images/Arr_l.png 9385* skins/common/images/Arr_r.png 9386* skins/common/images/Arr_u.png 9387* skins/common/images/bullet.gif 9388* skins/common/images/button_bold.png 9389* skins/common/images/button_extlink.png 9390* skins/common/images/button_headline.png 9391* skins/common/images/button_hr.png 9392* skins/common/images/button_image.png 9393* skins/common/images/button_italic.png 9394* skins/common/images/button_link.png 9395* skins/common/images/button_media.png 9396* skins/common/images/button_nowiki.png 9397* skins/common/images/button_sig.png 9398* skins/common/images/button_template.png 9399* skins/common/images/cc-0.png 9400* skins/common/images/cc-by-nc-sa.png 9401* skins/common/images/cc-by-sa.png 9402* skins/common/images/cc-by.png 9403* skins/common/images/Checker-16x16.png 9404* skins/common/images/closewindow.png 9405* skins/common/images/closewindow19x19.png 9406* skins/common/images/critical-32.png 9407* skins/common/images/diffunderline.gif 9408* skins/common/images/download-32.png 9409* skins/common/images/feed-icon.png 9410* skins/common/images/feed-icon.svg 9411* skins/common/images/gnu-fdl.png 9412* skins/common/images/help-question-hover.gif 9413* skins/common/images/help-question.gif 9414* skins/common/images/info-32.png 9415* skins/common/images/link_icon.gif 9416* skins/common/images/magnify-clip-rtl.png 9417* skins/common/images/magnify-clip.png 9418* skins/common/images/mediawiki.png 9419* skins/common/images/nextredirectltr.png 9420* skins/common/images/nextredirectrtl.png 9421* skins/common/images/poweredby_mediawiki_88x31.png 9422* skins/common/images/public-domain.png 9423* skins/common/images/question-small.png 9424* skins/common/images/question.svg 9425* skins/common/images/redirectltr.png 9426* skins/common/images/redirectrtl.png 9427* skins/common/images/remove.png 9428* skins/common/images/spinner.gif 9429* skins/common/images/tick-32.png 9430* skins/common/images/tipsy-arrow.gif 9431* skins/common/images/tooltip_icon.png 9432* skins/common/images/warning-32.png 9433* skins/common/images/wiki.png 9434* skins/common/images/Zoom_sans.gif 9435* skins/common/images/ar/button_bold.png 9436* skins/common/images/ar/button_headline.png 9437* skins/common/images/ar/button_italic.png 9438* skins/common/images/ar/button_link.png 9439* skins/common/images/ar/button_nowiki.png 9440* skins/common/images/be-tarask/button_bold.png 9441* skins/common/images/be-tarask/button_italic.png 9442* skins/common/images/be-tarask/button_link.png 9443* skins/common/images/cyrl/button_bold.png 9444* skins/common/images/cyrl/button_italic.png 9445* skins/common/images/cyrl/button_link.png 9446* skins/common/images/de/button_bold.png 9447* skins/common/images/de/button_italic.png 9448* skins/common/images/fa/button_bold.png 9449* skins/common/images/fa/button_headline.png 9450* skins/common/images/fa/button_italic.png 9451* skins/common/images/fa/button_link.png 9452* skins/common/images/fa/button_nowiki.png 9453* skins/common/images/icons/fileicon-c.png 9454* skins/common/images/icons/fileicon-cpp.png 9455* skins/common/images/icons/fileicon-deb.png 9456* skins/common/images/icons/fileicon-djvu.png 9457* skins/common/images/icons/fileicon-djvu.xcf 9458* skins/common/images/icons/fileicon-dvi.png 9459* skins/common/images/icons/fileicon-exe.png 9460* skins/common/images/icons/fileicon-h.png 9461* skins/common/images/icons/fileicon-html.png 9462* skins/common/images/icons/fileicon-iso.png 9463* skins/common/images/icons/fileicon-java.png 9464* skins/common/images/icons/fileicon-mid.png 9465* skins/common/images/icons/fileicon-mov.png 9466* skins/common/images/icons/fileicon-o.png 9467* skins/common/images/icons/fileicon-ogg.png 9468* skins/common/images/icons/fileicon-ogg.xcf 9469* skins/common/images/icons/fileicon-pdf.png 9470* skins/common/images/icons/fileicon-ps.png 9471* skins/common/images/icons/fileicon-psd.png 9472* skins/common/images/icons/fileicon-rm.png 9473* skins/common/images/icons/fileicon-rpm.png 9474* skins/common/images/icons/fileicon-svg.png 9475* skins/common/images/icons/fileicon-tar.png 9476* skins/common/images/icons/fileicon-tex.png 9477* skins/common/images/icons/fileicon-ttf.png 9478* skins/common/images/icons/fileicon-txt.png 9479* skins/common/images/icons/fileicon.png 9480* skins/common/images/ksh/button_S_italic.png 9481 9482= MediaWiki 1.23 = 9483 9484== MediaWiki 1.23.17 == 9485 9486=== Changes since 1.23.16 === <!--T:69--> 9487* Fix syntax errors introduced in 1.23.16 when running PHP 5.3. 9488 9489== MediaWiki 1.23.16 == 9490This is a security and maintenance release of the MediaWiki 1.23 branch. 9491 9492=== Changes since 1.23.15 === 9493* (T68404) CSS3 attr() function with url type is no longer allowed 9494 in inline styles. 9495* (T156184) $wgRawHtml will no longer apply to internationalization messages. 9496* Submitting the lgtoken and lgpassword parameters in the query string to 9497 action=login is now deprecated and outputs a warning. They should be submitted 9498 in the POST body instead. 9499* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow 9500 redirect to interwiki links. 9501* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when 9502 $wgAdvancedSearchHighlighting is true. 9503* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep 9504 their values out of the logs. 9505* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a 9506 CSRF token. 9507* (T156184) SECURITY: Escape content model/format url parameter in message. 9508* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD 9509 declaration. 9510* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file 9511 inclusion syntax's link parameter. 9512* (T108138) SECURITY: Sysops can undelete pages, although the page is protected 9513 against it. 9514 9515== MediaWiki 1.23.15 == 9516 9517This is a maintenance release of the MediaWiki 1.23 branch. 9518 9519=== Changes since 1.23.14 === 9520* BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests 9521 made by MediaWiki via a proxy. Relying on the http_proxy environment 9522 variable is no longer supported. 9523* (T139565) SECURITY: API: Generate head items in the context of the given title 9524* (T137264) SECURITY: XSS in unclosed internal links 9525* (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks 9526* (T133147) SECURITY: Require login to preview user CSS pages 9527* (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is 9528 the top file 9529* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in 9530 permissions 9531* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true 9532* (T115333) SECURITY: Check read permission when loading page content in 9533 ApiParse 9534* Remove support for $wgWellFormedXml = false, all output is now well formed 9535 9536== MediaWiki 1.23.13 == 9537 9538This is a maintenance release of the MediaWiki 1.23 branch. 9539 9540=== Changes since 1.23.12 === 9541* (T121892) Fix fatal errors on some Special pages, introduced in 1.23.12. 9542 9543== MediaWiki 1.23.12 == 9544 9545This is a security and maintenance release of the MediaWiki 1.23 branch. 9546 9547=== Changes since 1.23.11 === 9548* (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths 9549 that do not begin with a slash. This enabled trivial XSS attacks. 9550 Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are 9551 "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an 9552 error. 9553* (T119309) SECURITY: Use hash_compare() for edit token comparison 9554* (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting 9555 with '@' as file uploads 9556* (T115522) SECURITY: Passwords generated by User::randomPassword() can no 9557 longer be shorter than $wgMinimalPasswordLength 9558* (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could 9559 result in improper blocks being issued 9560* (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions 9561 and related pages no longer use HTTP redirects and are now redirected by 9562 MediaWiki 9563 9564== MediaWiki 1.23.11 == 9565 9566This is a security and maintenance release of the MediaWiki 1.23 branch. 9567 9568=== Changes since 1.23.10 === 9569 9570* (T91850) SECURITY: Add throttle check in ApiUpload and SpecialUpload 9571* (T91203, T91205) SECURITY: API: Improve validation in chunked uploading 9572* (T108616) SECURITY: Avoid exposure of local path in PNG thumbnails 9573 9574== MediaWiki 1.23.10 == 9575 9576This is a security and maintenance release of the MediaWiki 1.23 branch. 9577 9578=== Changes since 1.23.9 === 9579 9580* (T94116) SECURITY: Compare API watchlist token in constant time 9581* (T97391) SECURITY: Escape error message strings in thumb.php 9582* (T106893) SECURITY: Don't leak autoblocked IP addresses on 9583 Special:DeletedContributions 9584* (bug 67644) Make AutoLoaderTest handle namespaces 9585* (T91653) Minimal PSR-3 debug logger to support backports from 1.25+. 9586* (T102562) Fix InstantCommons parameters to handle the new HTTPS-only 9587 policy of Wikimedia Commons. 9588 9589== MediaWiki 1.23.9 == 9590 9591This is a security and maintenance release of the MediaWiki 1.23 branch. 9592 9593=== Changes since 1.23.8 === 9594 9595* (T85848, T71210) SECURITY: Don't parse XMP blocks that contain XML entities, 9596 to prevent various DoS attacks. 9597* (T85848) SECURITY: Don't allow directly calling Xml::isWellFormed, to reduce 9598 likelihood of DoS. 9599* (T88310) SECURITY: Always expand xml entities when checking SVG's. 9600* (T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS. 9601* (T85855) SECURITY: Don't execute another user's CSS or JS on preview. 9602* (T85349, T85850, T86711) SECURITY: Multiple issues fixed in SVG filtering to 9603 prevent XSS and protect viewer's privacy. 9604* (bug T68650) Fix indexing of moved pages with PostgreSQL. Requires running 9605 update.php to fix. 9606* (bug T70087) Fix Special:ActiveUsers page for installations using 9607 PostgreSQL. 9608 9609== MediaWiki 1.23.8 == 9610 9611This is a security and maintenance release of the MediaWiki 1.23 branch. 9612 9613=== Changes since 1.23.7 === 9614 9615* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which 9616 could lead to xss. Permission to edit MediaWiki namespace is required to 9617 exploit this. 9618* (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in 9619 $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as 9620 part of its name. 9621* (bug T74222) The original patch for T74222 was reverted as unnecessary. 9622 9623== MediaWiki 1.23.7 == 9624 9625This is a security and maintenance release of the MediaWiki 1.23 branch. 9626 9627=== Changes since 1.23.6 === 9628 9629* (bugs 66776, 71478) SECURITY: User PleaseStand reported a way to inject code 9630 into API clients that used format=php to process pages that underwent flash 9631 policy mangling. This was fixed along with improving how the mangling was done 9632 for format=json, and allowing sites to disable the mangling using 9633 $wgMangleFlashPolicy. 9634* (bug 70901) SECURITY: User Jackmcbarn reported that the ability to update 9635 the content model for a page could allow an unprivileged attacker to edit 9636 another user's common.js under certain circumstances. The user right 9637 "editcontentmodel" was added, and is needed to change a revision's content 9638 model. 9639* (bug 71111) SECURITY: User PleaseStand reported that on wikis that allow raw 9640 HTML, it is not safe to preview wikitext coming from an untrusted source such 9641 as a cross-site request. Thus add an edit token to the form, and when raw HTML 9642 is allowed, ensure the token is provided before showing the preview. This 9643 check is not performed on wikis that both allow raw HTML and anonymous 9644 editing, since there are easier ways to exploit that scenario. 9645* (bug 72222) SECURITY: Do not show log action when the entry is revdeleted with 9646 DELETED_ACTION. NOTICE: this may be reverted in a future release pending a 9647 public RFC about the desired functionality. This issue was reported by user 9648 Bawolff. 9649* (bug 71621) Make allowing site-wide styles on restricted special pages a 9650 config option. 9651* (bug 42723) Added updated version history from 1.19.2 to 1.22.13 9652* $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that 9653 might be a flash policy directive configurable. 9654 9655== MediaWiki 1.23.6 == 9656 9657This is a maintenance release of the MediaWiki 1.23 branch. 9658 9659=== Changes since 1.23.5 === 9660* (Bug 72274) Job queue not running (HTTP 411) due to missing 9661 Content-Length: header 9662* (Bug 67440) Allow classes to be registered properly from installer 9663 9664== MediaWiki 1.23.5 == 9665 9666This is a security release of the MediaWiki 1.23 branch. 9667 9668=== Changes since 1.23.4 === 9669* (bug 70672) SECURITY: OutputPage: Remove separation of css and js module 9670 allowance. 9671 9672== MediaWiki 1.23.4 == 9673 9674This is a security and maintenance release of the MediaWiki 1.23 branch. 9675 9676=== Changes since 1.23.3 === 9677 9678* (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style> 9679 elements; normalize style elements and attributes before filtering; add 9680 checks for attributes that contain css; add unit tests for html5sec and 9681 reported bugs. 9682* (bug 65998) Make MySQLi work with non-standard socket. 9683* (bug 66986) GlobalVarConfig shouldn't throw exceptions for null-valued config 9684 settings. 9685 9686== MediaWiki 1.23.3 == 9687 9688This is a maintenance release of the MediaWiki 1.23 branch. 9689 9690=== Changes since 1.23.2 === 9691 9692* (bug 68501) Correctly handle incorrect namespace in cleanupTitles.php. 9693* (bug 64970) Fix support for blobs on DatabaseOracle::update. 9694* (bug 66574) Display MediaWiki:Loginprompt on the login page. 9695* (bug 67870) wfShellExec() cuts off stdout at multiples of 8192 bytes. 9696* (bug 60629) Handle invalid language code gracefully in 9697 Language::fetchLanguageNames. 9698* (bug 62017) Restore the number of rows shown on Special:Watchlist. 9699* Check for boolean false result from database query in SqlBagOStuff. 9700 9701== MediaWiki 1.23.2 == 9702 9703This is a security and maintenance release of the MediaWiki 1.23 branch. 9704 9705=== Changes since 1.23.1 === 9706 9707* (bug 68187) SECURITY: Prepend jsonp callback with comment. 9708* (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used 9709 for loading a new page in Javascript,instead of relying on the URL in the link 9710 that has been clicked. 9711* (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and 9712 ParserOutput. 9713* (bug 68313) Preferences: Turn stubthreshold back into a combo box. 9714* (bug 65214) Fix initSiteStats.php maintenance script. 9715* (bug 67594) Special:ActiveUsers: Fix to work with PostgreSQL. 9716 9717== MediaWiki 1.23.1 == 9718 9719This is a security and maintenance release of the MediaWiki 1.23 branch. 9720 9721=== Changes since 1.23.0 === 9722 9723* (bug 65839) SECURITY: Prevent external resources in SVG files. 9724* (bug 67025) Special:Watchlist: Don't try to render empty row. 9725* (bug 66922) Don't allow some E_NOTICE messages to end up in the 9726 LocalSettings.php. 9727* (bug 66467) FileBackend: Avoid using popen() when "parallelize" is disabled. 9728* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects 9729 like only extracting the tail of the file partially or not at all. 9730* (bug 66182) Removed -x flag on some php files. 9731 9732== MediaWiki 1.23.0 == 9733 9734=== Configuration changes in 1.23 === 9735* (bug 13250) Restored method for clearing a watchlist in web UI 9736 so that users with large watchlists don't have to perform 9737 contortions to clear them. 9738* When $wgJobRunRate is higher than zero, jobs are now executed via an 9739 asynchronous HTTP request to a MediaWiki entry point. This may require 9740 increasing the number of server worker threads. $wgRunJobsAsync has been 9741 added to disable this feature if needed, falling back to executing the job 9742 on the same process but making the execution synchronously. 9743* $wgDebugLogGroups values may be set to an associative array with a 9744 'destination' key specifying the log destination. The array may also contain 9745 a 'sample' key with a positive integer value N indicating that the log group 9746 should be sampled by dispatching one in every N messages on average. The 9747 sampling is random. 9748* In addition to the current exception log format, MediaWiki now serializes 9749 exception metadata to JSON and logs it to the 'exception-json' log group. 9750 This makes MediaWiki easier to integrate with log aggregation and analysis 9751 tools. 9752* $wgSquidServersNoPurge now supports the use of Classless Inter-Domain 9753 Routing (CIDR) notation to specify contiguous blocks of IPv4 and/or IPv6 9754 addresses that should be trusted to provide X-Forwarded-For headers. 9755* Preferences 'watchcreations', 'watchdefault', 'enotifwatchlistpages' ("Add 9756 pages I create and files I upload to my watchlist", "Add pages and files I 9757 edit to my watchlist", "Email me when a page or file on my watchlist is 9758 changed") are now enabled by default. In addition new user accounts' personal 9759 and talk pages are now watched by them by default. 9760* $wgLBFactoryConf: Class names have had underscores removed. The configuration 9761 should be updated if LBFactory_Simple or LBFactory_Multi is configured. 9762* $wgPasswordSenderName has been removed and is no longer functional. To set a 9763 custom mailer name, the system message 'emailsender' should be modified 9764 (default: "{{SITENAME}}"). 9765* (bug 63269) Email notifications were not correctly handling the 9766 [[MediaWiki:Helppage]] message being set to a full URL (the default). 9767 If you customized [[MediaWiki:Enotif body]] (the text of email notifications), 9768 you'll need to edit it locally to include the URL via the new variable 9769 $HELPPAGE instead of the parser functions fullurl and canonicalurl; otherwise 9770 you don't have to do anything. 9771* $wgDBAhandler was removed as the only class using it was also removed 9772* The 'max threads' setting was removed from $wgDBservers. 9773* Support for AdminSettings.php has been completely removed. All configuration 9774 belongs in LocalSettings.php. 9775* $wgSkipSkin, which has been replaceable by $wgSkipSkins since 2005 (r9249), is 9776 now formally deprecated. 9777* Removed deprecated $wgDisabledActions as it is hardly used anywhere. 9778* $wgRateLimitLog has been deprecated and replaced by 9779 $wgDebugLogGroup['ratelimit']. 9780* $wgLocalInterwikis is an array containing multiple local interwiki prefixes 9781 (interwiki prefixes that point back to the current wiki). This effectively 9782 allows more than one value of $wgLocalInterwiki to be specified and 9783 understood by the parser. The value of $wgLocalInterwiki is automatically 9784 prepended to the start of this array. 9785* $wgQueryPages has been removed. Query Pages should be added to by using the 9786 wgQueryPages hook. 9787* $wgHttpOnlyBlacklist has been removed. 9788* $wgLicenseTerms has been removed as it was unused. 9789* $wgProfileOnly is now deprecated; set the log file in 9790 $wgDebugLogGroups['profileoutput'] to replace it. 9791* $wgMaxBacklinksInvalidate was removed; use $wgJobBackoffThrottling instead 9792* Deprecated ResourceLoaderGetStartupModules hook. 9793 9794=== New features in 1.23 === 9795* ResourceLoader can utilize the Web Storage API to cache modules client-side. 9796 Compared to the browser cache, caching in Web Storage allows ResourceLoader 9797 to be more granular about evicting stale modules from the cache while 9798 retaining the ability to retrieve multiple modules in a single HTTP request. 9799 This capability can be enabled by setting $wgResourceLoaderStorageEnabled to 9800 true. This feature is currently considered experimental and should only be 9801 enabled with care. 9802* (bug 6092) Add expensive parser functions {{REVISIONID:}}, {{REVISIONUSER:}} 9803 and {{REVISIONTIMESTAMP:}} (with friends). 9804* Add "wgRelevantUserName" to mw.config containing the current 9805 Skin::getRelevantUser value. 9806* (bug 56033) Add content model to the page information. 9807* Added Article::MissingArticleConditions hook to give extensions a chance to 9808 hide their (unrelated) log entries. 9809* Added LonelyPagesQuery hook to let extensions modify the query used to 9810 generate Special:LonelyPages. 9811* Added $wgOpenSearchDefaultLimit defining the default number of entries to show 9812 on action=opensearch API call. 9813* For namespaces with $wgNamespaceProtection (including the MediaWiki 9814 namespace), the "protect" tab will be shown only if there are restriction 9815 levels available that would restrict editing beyond what 9816 $wgNamespaceProtection already applies. The protection form will offer only 9817 those protection levels. 9818* Added $wgAPIFormatModules, allowing extensions to add additional output 9819 formatting modules for the API. 9820* (bug 47812) The MediaWiki:Group-user.{css,js} pages can now be used to add 9821 custom CSS or JavaScript enabled only for registered users. 9822* (bug 52005) Special pages RecentChanges, RecentChangesLinked and Watchlist 9823 now include a legend describing the symbols used in lists of changes. 9824* Improved the accessibility of the tabs in Special:Preferences. 9825* Added ApiBeforeMain hook, roughly equivalent to the BeforeInitialize hook: 9826 it's called after everything is set up but before any major processing 9827 happens. 9828* The jquery.client module now performs a component-wise version comparison in 9829 its #test method when strings are used in the browser map: version '1.10' is 9830 now correctly considered larger than '1.2'. Using numbers in the version map 9831 is not affected. 9832* All API modules now support an assert parameter, which can either be 9833 'user' or 'bot'. The API will throw an error if the user is not logged 9834 in (user) or does not have the 'bot' userright (bot). Based off of the 9835 AssertEdit extension by Steve Sanbeg. 9836* [[Special:Diff]] was added, allowing users to create internal links to 9837 revision comparison pages using syntax such as [[Special:Diff/12345]], 9838 [[Special:Diff/12345/prev]] or [[Special:Diff/12345/98765]]. 9839* New user accounts' personal and talk pages are now watched by them by default. 9840* Added SkinTemplateGetLanguageLink hook to allow changing the html of language 9841 links. 9842* Added MessageCache::get hook as a new way to customize messages across 9843 multiple sites. 9844* Added jquery.throttle-debounce ResourceLoader module to limit the number of 9845 callbacks for frequently occurring events. 9846* Special:ProtectedPages shows now a table. The timestamp, the reason and 9847 the protecting user are also shown. 9848* Added experimental support for using Microsoft SQL Server as the database 9849 backend. 9850** Added new Microsoft SQL Server-specific configuration variable 9851 $wgDBWindowsAuthentication, which makes the web server authenticate against 9852 the database server using Integrated Windows Authentication instead of 9853 $wgDBuser/$wgDBpassword. 9854* HTMLForm 'select', 'selectandother', 'selectorother', 'multiselect', and 9855 'radio' fields can now use message keys as labels via the 'options-messages' 9856 parameter, which overrides the 'options' parameter. 9857* Admins can expire users passwords manually, or on a schedule using the 9858 $wgPasswordExpirationDays configuration setting. 9859* Add new hook SendWatchlistEmailNotification, this will be used to determine 9860 whether to send a watchlist email notification. 9861* (bug 42026) Special:Contributions now includes an option to filter page 9862 creations, similar to the topOnly option. 9863* Add mediawiki.ui.button styling to all pages so wiki content can use styled 9864 buttons. 9865* Special:UserLogin/signup now does AJAX checks for invalid and taken usernames, 9866 displaying the error live. 9867* Added BaseTemplateAfterPortlet hook to allow injecting html after portlets in 9868 skins. 9869* Support has been added for a JSON based localisation file format. The 9870 installer has been updated to use it. 9871* Changes to content typography (colors, line-height etc.). See 9872 https://www.mediawiki.org/wiki/Typography_refresh for further information. 9873* The Vector skin's visual treatment of external links has been simplified to a 9874 single icon (from nine). This should not affect local rules unless they were 9875 re-using these icons, which have now been deleted. 9876* ResourceLoader: mw.loader.using() now implements a Promise interface. 9877* Add new hook ChangesListInitRows accessed via 9878 ChangesList::initChangesListRows. 9879 If called by the ChangesList consumer this gives extensions a chance to batch 9880 process the result set prior to rendering. 9881* A PoolCounterRedis class was added which can be make use of in 9882 $wgPoolCounterConf. This requires at least one Redis 2.6+ server. 9883* $wgProfileToDatabase was removed. Set $wgProfiler to ProfilerSimpleDB 9884 in StartProfiler.php instead of using this. 9885* (bug 63444) Made it possible to change the indent string (default: 4 spaces) 9886 used by FormatJson::encode(). 9887 9888=== Bug fixes in 1.23 === 9889* (bug 41759) The "updated since last visit" markers (on history pages, recent 9890 changes and watchlist) and the talk page message indicator are now correctly 9891 updated when the user is viewing old revisions of pages, instead of always 9892 acting as if the latest revision was being viewed. 9893* (bug 56443) Special:ConfirmEmail no longer shows a "Mail a confirmation code" 9894 when the email address is already confirmed. Also, consistently use 9895 "confirmed", rather than "authenticated", when messaging whether or not the 9896 user has confirmed an email address. 9897* (bug 19415) action=render no longer shows section edit links. This affects 9898 behavior of several other features where (bogus) section edit links will 9899 disappear, such as file description pages loaded via $wgUseInstantCommons or 9900 pages transcluded cross-wiki via $wgEnableScaryTranscluding. 9901* (bug 56912) Show correct link color on cached result of Special:DeadendPages. 9902* Classes TitleListDependency and TitleDependency have been removed, as they 9903 have been found unused in core and extensions for a long time. 9904* (bug 57098) SpecialPasswordReset now obeys returnto parameter 9905* (bug 37812) ResourceLoader will notice when a module's definition changes and 9906 recompile it accordingly. 9907* (bug 57201) SpecialRecentChangesFilters hook is now executed for feeds. 9908* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages 9909 to appear blank or with missing text. 9910* (bug 56931) Updated the plural rules to CLDR 24. They are in new format 9911 which is detailed in UTS 35 Rev 33. The PHP parser and evaluator as well as 9912 the JavaScript evaluator were updated to support the new format. Plural rules 9913 for some languages have changed, most notably Russian. Affected software 9914 messages have been updated and marked for review at translatewiki.net. 9915* (bug 23542) imagelinks now stores both the redirect and target (as 9916 templatelinks does). 9917* (bug 58167) The web installer no longer throws an exception when PHP is 9918 compiled without support for MySQL yet with support for another DBMS. 9919* (bug 56199) Raw option of parser functions must now match complete word, 9920 to take effect. 9921* (bug 60543) Special:PrefixIndex forgot stripprefix=1 for "Next page" link 9922* (bug 29762) Undoing an already-undone edit will now display an appropriate 9923 message instead of leading the user to make a null edit. 9924* (bug 52659) mediawiki.notification: Notification area remained visible when 9925 empty and thus was stealing pointer events from links on the page. 9926* (bug 26811) When a DBUnexpectedError occurs, DB server hostnames are now 9927 hidden unless $wgShowExceptionDetails is true, and $wgShowDBErrorBacktrace 9928 no longer applies in such cases. 9929* (bug 60960) Avoid doing file_exist() checks on data: URIs, as they cause 9930 warnings to be printed on Windows due to large path length. 9931* (bug 48084) Fixed a bug in the installer that could cause $wgLogo to hold 9932 the wrong path to the placeholder logo (skins/common/images/wiki.png). 9933* (bug 64289) jquery.textSelection: Don't throw errors on empty collections. 9934 9935=== Web API changes in 1.23 === 9936* (bug 54884) action=parse&prop=categories now indicates hidden and missing 9937 categories. 9938* action=query&meta=filerepoinfo now returns additional information for each 9939 repo. 9940* action=parse&prop=languageshtml was deprecated in 1.18 and will be removed in 9941 MediaWiki 1.24. 9942* action=parse now has disabletoc flag to disable table of contents in output. 9943* (bug 25702) list=allcategories, list=allimages, list=alllinks, list=allpages, 9944 list=deletedrevs and list=filearchive did not handle case-sensitivity 9945 properly for all parameters. 9946* ApiQueryBase::titlePartToKey allows an extra parameter that indicates the 9947 namespace in order to properly capitalize the title part. 9948* (bug 57874) action=feedcontributions no longer has one item more than limit. 9949* All API modules now support an assert parameter. See the new features section 9950 for more details. 9951* Added prop=contributors to fetch the list of contributors to the page. 9952* The following API modules will now return entries where fields have been 9953 revision-deleted: list=deletedrevs, list=filearchive, list=recentchanges, 9954 list=watchlist. "hidden" indicators will be included, in the same style as is 9955 already done for prop=revisions. 9956* The following API modules will now return the content of revision-deleted 9957 fields, in addition to the "hidden" indicators, if the querying user has the 9958 necessary rights: list=logevents, list=usercontribs, prop=imageinfo, 9959 prop=revisions. 9960* The above modules, where applicable, will now return entries filtered by 9961 revision-deleted fields if the querying user has the necessary rights. For 9962 example, prop=revisions with rvuser or rvexcludeuser will no longer skip 9963 revisions where the user was revision-deleted if the current user has the 9964 deletedhistory right. 9965* The 'hideuser' right, used when blocking, is no longer necessary or 9966 sufficient for seeing contributions with revision-deleted in 9967 list=usercontribs. 9968* list=watchlist now uses the querying user's rights rather than the wlowner's 9969 rights when checking whether wlprop=patrol is allowed. 9970* (bug 32151) ApiWatch now has pageset capabilities (titles/pageids/generators). 9971 Title parameter is now deprecated. 9972* (bug 23005) Added action=revisiondelete. 9973* Added siprop=restrictions to API action=query&meta=siteinfo for querying 9974 possible page restriction (protection) levels and types. 9975* Added prop 'limitreportdata' and 'limitreporthtml' to action=parse. 9976* (bug 58627) Provide language names on action=parse&prop=langlinks. 9977* Deprecated llurl= in favour of llprop=url for action=query&prop=langlinks. 9978* Added llprop=langname and llprop=autonym for action=query&prop=langlinks. 9979* prop=redirects is added, to return redirects to the pages in the query. 9980* list=allredirects is added, to list all redirects pointing to a namespace. 9981* (bug 42026) Added ucshow={new,!new,top,!top} to list=usercontribs. 9982 Also added newonly to action=feedcontributions. 9983* (bug 42026) Deprecated uctoponly in favor of ucshow=top. 9984* list=search no longer has a "srredirects" parameter. Redirects are now 9985 included in all searches. 9986* Added list=prefixsearch that works like action=opensearch but can be used as 9987 a generator. 9988* (bug 24782) Various modules will now use unique continuation parameters. 9989* (bug 63249) Cache RecentChanges Atom feed in varnish for 15 seconds. 9990 9991=== Languages updated in 1.23 === 9992 9993MediaWiki supports over 350 languages. Many localisations are updated 9994regularly. Below only new and removed languages are listed, as well as 9995changes to languages because of Bugzilla reports. 9996 9997* Support was added for Algerian Spoken Arabic (arq). 9998* Support was added for Riograndenser Hunsrückisch (hrx). 9999* Support was added for Northern Luri (lrc). 10000 10001=== Other changes in 1.23 === 10002* The rc_type field in the recentchanges table has been superseded by a new 10003 rc_source field. The rc_source field is a string representation of the 10004 change type where rc_type was a numeric constant. This field is not yet 10005 queried but will be in a future release. 10006** Utilize update.php to create and populate this new field. On larger wikis 10007 which do not wish to update recentchanges table in one large update please 10008 review the SQL and comments in maintenance/archives/patch-rc_source.sql. 10009** The rc_type field of recentchanges will be deprecated in a future release. 10010* The global variable $wgArticle has been removed after a lengthy deprecation. 10011* The global functions addButton and insertTags (for mw.toolbar.addButton and 10012 mw.toolbar.insertTags) now emits mw.log.warn when accessed. 10013* The ExpandTemplates extension has been moved into MediaWiki core. 10014* (bug 52812) Removed "Disable search suggestions" from Preference. 10015* (bug 52809) Removed "Disable browser page caching" from Preference. 10016* Three new modules intended for use by custom skins were added: 10017 'mediawiki.skinning.elements', 'mediawiki.skinning.content', and 10018 'mediawiki.skinning.interface', representing three levels of standard 10019 MediaWiki styling. Previously skin creators wishing to use them had to refer 10020 to the file names of appropriate files directly, which is now discouraged. 10021* The modules 'skins.vector' and 'skins.monobook' have been renamed to 10022 'skins.vector.styles' and 'skins.monobook.styles', respectively, 10023 and their definition was changed not to include the common*.css files; 10024 the two skins now load the 'mediawiki.skinning.interface' module instead. 10025* A page_links_updated field has been added to the page table. 10026* SpecialPage::getTitle has been deprecated in favor of 10027 SpecialPage::getPageTitle. 10028* BREAKING CHANGE: Two potentially backwards-incompatible changes have been made 10029 to the 'SpecialWatchlistQuery' hook's last parameter (array $values) to make 10030 the hook more consistent with the 'SpecialRecentChangesQuery' one: 10031** Several array keys have been renamed: hideMinor → hideminor, 10032 hideBots → hidebots, hideAnons → hideanons, hideLiu → hideliu, 10033 hidePatrolled → hidepatrolled, hideOwn → hidemyself. 10034** The parameter value is now a FormOptions object, not a plain array (array 10035 access operators should continue to work, as it implements the ArrayAccess 10036 interface). 10037* Option to mark hooks as deprecated has been added. 10038* (bug 52811) Preference "Enable section editing via [edit] links" was removed. 10039* (bug 52813) Preference "Show table of contents (for pages with more than 10040 3 headings)" was removed. 10041* (bug 52810) Preference "Justify paragraphs" was removed. 10042* OutputPage::showErrorPage raises a notice if arguments are incoherent. 10043* Thumbnails that keep failing to render in thumb.php will be rate-limited 10044 against further render attempts for 1 hour. $wgAttemptFailureEpoch can be 10045 altered to reset all rate-limited thumbnails at once. 10046* (bug 56572) Builds of the OOjs and OOjs UI libraries are now available. 10047* mw.loader.go and mw.loader.version have been removed. 10048* (bug 52815) Preference "Enable simplified search bar (Vector skin only)" 10049 was removed. 10050* A user_password_expires column has been added to the user table. The User 10051 object expects this column to exist. Use update.php to create this new field. 10052* The jquery.delayedBind ResourceLoader module was deprecated in favor of the 10053 jquery.throttle-debounce module. It will be removed in MediaWiki 1.24. 10054* mw.user.bucket has been deprecated. 10055* On Special:PrefixIndex, a table#mw-prefixindex-list-table was changed to 10056 table.mw-prefixindex-list-table to avoid duplicate ids when the special page 10057 is transcluded. 10058* (bug 62198) window.$j has been deprecated. 10059* Preference "Disable link title conversion" was removed. 10060* SpecialRecentChanges no longer includes any functionality for generating feeds 10061 - it has been factored out to ApiFeedRecentChanges. Old URLs redirect to new 10062 ones. 10063* RecentChange::mExtra['lang'] is no longer set and should no longer be used. 10064 Extensions should read from other configuration variables, including 10065 $wgLocalInterwikis, to identify the current wiki. 10066* Sections in the parser test framework have been renamed and the old 10067 section names are deprecated. Please use "!!wikitext" and "!!html" 10068 (or "!!html/php") instead of "!!input" and "!!result". This allows 10069 us to extend parser tests to accommodate additional input/output 10070 pairs, such as "!!html/parsoid" (for the output of the Parsoid 10071 parser, where it differs from the PHP parser). 10072* Special:Search no longer has an "include redirects" option on the advanced 10073 tab. Redirects are now included in all searches. 10074* mediawiki.api.category's getCategories() 'async' parameter was deprecated. 10075* The locations of resources have been split between upstream libraries, now in 10076 resources/lib/, local libaries in resources/src/, and local forks of upstream 10077 libraries, also in resources/src/. 10078* BREAKING CHANGE: The automatically-generated function closure with which 10079 ResourceLoader wraps all modules' JavaScript code now binds the identifier 10080 names 'jQuery' and '$' to the jQuery object of the version of jQuery that is 10081 bundled with MediaWiki. If you bind these names to other objects in global 10082 scope (like Zepto.js or document.querySelectorAll, for example) you will need 10083 to use different names to or re-bind them at the top of each 10084 ResourceLoader-loaded module. 10085* (bug 52342) Preference "Remember my login" was removed. 10086* The skin autodiscovery mechanism has been deprecated and will be removed in 10087 MediaWiki 1.25. See https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery 10088 for migration guide for creators and users of custom skins that relied on it. 10089 10090==== Removed classes ==== 10091* FakeMemCachedClient (deprecated in 1.18) 10092* RdfMetaData (unused) 10093* TitleDependency (unused) 10094* TitleListDependency (unused) 10095* WikiError (deprecated in 1.17) 10096* WikiXmlError (deprecated in 1.17) 10097* WikiErrorMsg (deprecated in 1.17) 10098 10099==== Renamed classes ==== 10100* CdbReader_DBA to CdbReaderDBA 10101* CdbReader_PHP to CdbReaderPHP 10102* CdbWriter_DBA to CdbWriterDBA 10103* CdbWriter_PHP to CdbWriterPHP 10104* DiffOp_Add to DiffOpAdd 10105* DiffOp_Change to DiffOpChange 10106* DiffOp_Copy to DiffOpCopy 10107* DiffOp_Delete to DiffOpDelete 10108* HWLDF_WordAccumulator to HWLDFWordAccumulator 10109* LBFactory_Fake to LBFactoryFake 10110* LBFactory_Multi to LBFactoryMulti 10111* LBFactory_Simple to LBFactorySimple 10112* LBFactory_Single to LBFactorySingle 10113* LCStore_Accel to LCStoreAccel 10114* LCStore_CDB to LCStoreCDB 10115* LCStore_DB to LCStoreDB 10116* LCStore_Null to LCStoreNull 10117* LoadBalancer_Single to LoadBalancerSingle 10118* LoadMonitor_MySQL to LoadMonitorMySQL 10119* LoadMonitor_Null to LoadMonitorNull 10120* LocalisationCache_BulkLoad to LocalisationCacheBulkLoad 10121* csvStatsOutput to CsvStatsOutput 10122* extensionLanguages to ExtensionLanguages 10123* languages to Languages 10124* statsOutput to StatsOutput 10125* textStatsOutput to TextStatsOutput 10126* wikiStatsOutput to WikiStatsOutput 10127 10128==== Removed methods ==== 10129* ApiBase::getValidNamespaces() (deprecated in 1.17) 10130* ApiMain::setCachePrivate() (deprecated in 1.17) 10131* ApiMain::setVaryCookie (deprecated in 1.17) 10132* Article::doRedirect() (deprecated in 1.18) 10133* Article::doUnwatch() (deprecated in 1.18) 10134* Article::doWatch() (deprecated in 1.18) 10135* Article::forUpdate() (deprecated in 1.18) 10136* Article::markpatrolled() (deprecated in 1.18) 10137* Article::unwatch() (deprecated in 1.18) 10138* Article::watch() (deprecated in 1.18) 10139* Block::clear() (deprecated in 1.18) 10140* Block::decodeExpiry() (deprecated in 1.18) 10141* Block::encodeExpiry() (deprecated in 1.18) 10142* Block::forUpdate() (deprecated in 1.18) 10143* Block::infinity() (deprecated in 1.18) 10144* Block::load() (deprecated in 1.18) 10145* Block::newFromDB() (deprecated in 1.18) 10146* Block::normaliseRange() (deprecated in 1.18) 10147* Block::parseExpiryInput() (deprecated in 1.18) 10148* CategoryViewer::addSubcategory() (deprecated in 1.17) 10149* EditPage::spamPage() (deprecated since 1.17) 10150* Exif::getFormattedData() (deprecated in 1.18) 10151* Exif::makeFormattedData() (deprecated in 1.18) 10152* in_string (deprecated in 1.21) 10153* Language::convertLinkToAllVariants() (deprecated in 1.17) 10154* LanguageConverter::convertLinkToAllVariants() (deprecated in 1.17) 10155* Linker::makeBrokenLink() (deprecated in 1.16) 10156* Linker::makeBrokenLinkObj() (deprecated in 1.16) 10157* Linker::makeColouredLinkObj() (deprecated in 1.16) 10158* Linker::makeSizeLinkObj() (deprecated in 1.17) 10159* MediaWiki::articleFromTitle() (deprecated in 1.18) 10160* ParserOptions::getkin() (deprecated 1.18) 10161* ProfilerSimple::getCpuTime (deprecated in 1.20) 10162* Revision::revText() (deprecated in 1.17) 10163* SkinTemplate::jstext() (deprecated in 1.21) 10164* SpecialPage::__call() (deprecated in 1.17) 10165* SpecialPage::executePath() (deprecated in 1.18) 10166* SpecialPage::exists() (deprecated in 1.18) 10167* SpecialPage::file() (deprecated in 1.18) 10168* SpecialPage::func() (deprecated in 1.18) 10169* SpecialPage::getGroup() (deprecated in 1.18) 10170* SpecialPage::getPage() (deprecated in 1.18) 10171* SpecialPage::getPageByAlias() (deprecated in 1.18) 10172* SpecialPage::getLocalNameFor() (deprecated in 1.18) 10173* SpecialPage::getRegularPages() (deprecated in 1.18) 10174* SpecialPage::getRestrictedPages() (deprecated in 1.18) 10175* SpecialPage::getTitleForAlias() (deprecated in 1.18) 10176* SpecialPage::getUsablePages() (deprecated in 1.18) 10177* SpecialPage::includable() (deprecated in 1.18) 10178* SpecialPage::init() 10179* SpecialPage::initAliasList() (deprecated in 1.18) 10180* SpecialPage::initList() (deprecated in 1.18) 10181* SpecialPage::name() (deprecated in 1.18) 10182* SpecialPage::removePage() (deprecated in 1.18) 10183* SpecialPage::resolveAlias() (deprecated in 1.18) 10184* SpecialPage::resolveAliasWithSubpage() (deprecated in 1.18) 10185* SpecialPage::restriction() (deprecated in 1.18) 10186* SpecialPage::setGroup() (deprecated in 1.18) 10187* SpecialRecentChanges::feedSetup() 10188* SpecialRevisionDelete::extractBitField() (deprecated in 1.22) 10189* User::getPageRenderingHash() (deprecated in 1.17) 10190* WebRequest::getFileSize() (deprecated in 1.17) 10191* WebRequest::isPathInfoBad() (deprecated in 1.17) 10192* wfGenerateToken (deprecated in 1.20) 10193* wfStreamFile (deprecated in 1.19) 10194* wfUILang (deprecated in 1.18) 10195* WikiPage::createUpdates() (deprecated in 1.18) 10196* WikiPage::quickEdit() (deprecated in 1.18) 10197* WikiPage::useParserCache() (deprecated in 1.18) 10198* WikiPage::viewUpdates() (deprecated in 1.18) 10199 10200==== Removed globals ==== 10201* $wgBetterDirectionality (deprecated in 1.18) 10202 10203= MediaWiki 1.22 = 10204 10205== MediaWiki 1.22.15 == 10206 10207This is a security and maintenance release of the MediaWiki 1.22 branch. 10208 10209=== Changes since 1.22.14 === 10210 10211* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which 10212 could lead to xss. Permission to edit MediaWiki namespace is required to 10213 exploit this. 10214* (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in 10215 $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as 10216 part of its name. 10217* (bug T74222) The original patch for T74222 was reverted as unnecessary. 10218 10219== MediaWiki 1.22.14 == 10220 10221This is a security and maintenance release of the MediaWiki 1.22 branch. 10222 10223=== Changes since 1.22.13 === 10224 10225* (bugs 66776, 71478) SECURITY: User PleaseStand reported a way to inject code 10226 into API clients that used format=php to process pages that underwent flash 10227 policy mangling. This was fixed along with improving how the mangling was done 10228 for format=json, and allowing sites to disable the mangling using 10229 $wgMangleFlashPolicy. 10230* (bug 70901) SECURITY: User Jackmcbarn reported that the ability to update 10231 the content model for a page could allow an unprivileged attacker to edit 10232 another user's common.js under certain circumstances. The user right 10233 "editcontentmodel" was added, and is needed to change a revision's content 10234 model. 10235* (bug 72222) SECURITY: Do not show log action when the entry is revdeleted with 10236 DELETED_ACTION. NOTICE: this may be reverted in a future release pending a 10237 public RFC about the desired functionality. This issue was reported by user 10238 Bawolff. 10239* (bug 71621) Make allowing site-wide styles on restricted special pages a 10240 config option. 10241* $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that 10242 might be a flash policy directive configurable. 10243 10244== MediaWiki 1.22.13 == 10245This is a maintenance release of the MediaWiki 1.22 branch. 10246 10247=== Changes since 1.22.12 === 10248* (bug 67440) Allow classes to be registered properly from installer 10249 10250== MediaWiki 1.22.12 == 10251This is a security release of the MediaWiki 1.22 branch. 10252 10253=== Changes since 1.22.11 === 10254* (bug 70672) SECURITY: OutputPage: Remove separation of css and js module 10255 allowance. 10256 10257== MediaWiki 1.22.11 == 10258This is a security release of the MediaWiki 1.22 branch. 10259 10260=== Changes since 1.22.10 === 10261* (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style> 10262 elements; normalize style elements and attributes before filtering; add checks 10263 for attributes that contain css; add unit tests for html5sec and reported 10264 bugs. 10265 10266== MediaWiki 1.22.10 == 10267This is a maintenance release of the MediaWiki 1.22 branch. 10268 10269=== Changes since 1.22.9 === 10270* (bug 64970) Fix support for blobs on DatabaseOracle::update 10271* (bug 60719) In MediaWiki 1.22, the job queue execution on each page request 10272 was changed (Gerrit change 59797) so, instead of executing the job inside the 10273 same PHP process that's rendering the page, a new PHP cli command is spawned 10274 to execute runJobs.php in the background. It will only work if $wgPhpCli is 10275 set to an actual path or safe mode is off, otherwise, the old method will be 10276 used. See 10277 https://www.mediawiki.org/wiki/Manual:Job_queue#Changes_in_MediaWiki_1.22 10278 for more information. This change was in earlier releases of 1.22 but was not 10279 noted here until now. 10280 10281== MediaWiki 1.22.9 == 10282This is a security and maintenance release of the MediaWiki 1.22 branch. 10283 10284=== Changes since 1.22.8 === 10285* (bug 68187) SECURITY: Prepend jsonp callback with comment. 10286* (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used 10287 for loading a new page in Javascript,instead of relying on the URL in the 10288 link that has been clicked. 10289* (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and 10290 ParserOutput. 10291* (bug 59147) The img_metadata field was not being decoded from bytea into text. 10292 10293== MediaWiki 1.22.8 == 10294This is a security and maintenance release of the MediaWiki 1.22 branch. 10295 10296=== Changes since 1.22.7 === 10297* (bug 65839) SECURITY: Prevent external resources in SVG files. 10298* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like 10299 only extracting the tail of the file partially or not at all. 10300 10301== MediaWiki 1.22.7 == 10302This is a security and maintenance release of the MediaWiki 1.22 branch. 10303 10304=== Changes since 1.22.6 === 10305* (bug 65501) SECURITY: Don't parse usernames as wikitext on 10306 Special:PasswordReset. 10307* (bug 36356) Add space between two feed links. 10308* (bug 63269) Email notifications were not correctly handling the 10309 MediaWiki:Helppage message being set to a full URL. This is a regression from 10310 the 1.22.5 point release, which made the default value for it a URL. If you 10311 customized MediaWiki:Enotif body (the text of email notifications), you'll 10312 need to edit it locally to include the URL via the new variable $HELPPAGE 10313 instead of the parser functions fullurl and canonicalurl; otherwise you don't 10314 have to do anything. 10315* Add missing uploadstash.us_props for PostgreSQL. 10316* (bug 56047) Fixed stream wrapper in PhpHttpRequest. 10317 10318== MediaWiki 1.22.6 == 10319This is a security release of the MediaWiki 1.22 branch. 10320 10321=== Changes since 1.22.5 === 10322* (bug 63251) SECURITY: Escape sortKey in pageInfo. 10323 10324== MediaWiki 1.22.5 == 10325This is a security and maintenance release of the MediaWiki 1.22 branch. 10326 10327=== Changes since 1.22.4 === 10328* (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword. 10329* (bug 62467) Set a title for the context during import on the cli. 10330* Fix custom local MediaWiki:Helppage values. 10331* mediawiki.js: Fix documentation breakage. 10332* (bug 58153) Make MySQLi work with non standard port. 10333* (bug 53887) Reintroduced a link to help pages in the default sidebar, that any 10334 sysop can customize by editing MediaWiki:Sidebar locally. The link now points 10335 to a mediawiki.org page which is guaranteed to exist. Nothing needs to be done 10336 on your end, but remember to adjust MediaWiki:Sidebar for the needs of your 10337 wikis. Everyone can help with the shared documentation by translating: 10338 https://www.mediawiki.org/wiki/Special:Translate/agg-Help_pages . 10339* (bug 53888) Corrected a regression in 1.22 which introduced red links on the 10340 login page. If you previously installed 1.22.x and have created a local page 10341 to make the red link blue, write its title as in MediaWiki:helplogin-url if 10342 you didn't already. Otherwise, you don't need to do anything, but you can 10343 translate the help page at <https://www.mediawiki.org/wiki/Help:Logging_in>. 10344 10345== MediaWiki 1.22.4 == 10346This is a maintenance release of the MediaWiki 1.22 branch. 10347 10348=== Changes since 1.22.3 === 10349* Use the correct branch of the extensions' git repositories. 10350 10351== MediaWiki 1.22.3 == 10352This is a security and bugfix release of the MediaWiki 1.22 branch. 10353 10354=== Changes since 1.22.2 === 10355* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted 10356 namespaces. Also disallow iframe elements. * User will get an error including 10357 the namespace name if they use a non- whitelisted namespace. 10358* (bug 61346) SECURITY: Make token comparison use constant time. It seems like 10359 our token comparison would be vulnerable to timing attacks. This will take 10360 constant time. 10361* (bug 61362) SECURITY: API: Don't find links in the middle of api.php links. 10362* (bug 53710) Add sequence support for upsert in DatabaseOracle in the same way 10363 as in selectInsert 10364* (bug 60231, bug 58719) Various fixes to job running code in Wiki.php: Make it 10365 async on Windows. Fixed possible "invalid filename" errors on Windows. 10366 Redirect output to dev/null to avoid hanging PHP. 10367* (bug 60083) Correct sequence name for fresh Postgres installation. Spotted by 10368 gebhkla 10369* (bug 60531) Avoid variable naming conflicts in 10370 DatabasePostgres::selectSQLText. Spotted by gebhkla 10371* (bug 60094) Fix rebuildall.php fatal error with PostgreSQL. 10372* (bug 43817) Add error handling if descriptionmsg isn't defined for extension. 10373* (bug 60543) Special:PrefixIndex omits stripprefix=1 for "Next page" link. 10374 10375== MediaWiki 1.22.2 == 10376This is a security and bugfix release of the MediaWiki 1.22 branch. 10377 10378=== Changes since 1.22.1 === 10379* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media 10380 formats 10381* (bug 58253) Check for very old PCRE versions in installer and updater 10382* (bug 60054) Make WikiPage::$mPreparedEdit public 10383 10384== MediaWiki 1.22.1 == 10385This is a security and maintenance release of the MediaWiki 1.22 branch. 10386 10387=== Changes since 1.22.0 === 10388* (bug 57550) SECURITY: Disallow stylesheets in SVG Uploads 10389* (bug 58088) SECURITY: Don't normalize U+FF3C to \ in CSS Checks 10390* (bug 58472) SECURITY: Disallow -o-link in styles 10391* (bug 58553) SECURITY: Return error on invalid XML for SVG Uploads 10392* (bug 58699) SECURITY: Fix RevDel log entry information leaks 10393* (bug 58178) Restore compatibility with curl < 7.16.2. 10394* (bug 56931) Updated the plural rules to CLDR 24. They are in new format which 10395 is detailed in UTS 35 Rev 33. The PHP parser and evaluator as well as the 10396 JavaScript evaluator were updated to support the new format. Plural rules for 10397 some languages have changed, most notably Russian. Affected software messages 10398 have been updated and marked for review at translatewiki.net. This change is 10399 backported from the development branch of MediaWiki 1.23. 10400* (bug 58434) The broken installer for database backend Oracle was fixed. 10401* (bug 58167) The web installer no longer throws an exception when PHP is 10402 compiled without support for MySQL yet with support for another DBMS. 10403* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to 10404 appear blank or with missing text. 10405* (bug 47055) Changed FOR UPDATE handling in Postgresql 10406* (bug 57026) Avoid extra parsing in prepareContentForEdit() 10407 10408== MediaWiki 1.22.0 == 10409 10410=== Configuration changes in 1.22 === 10411* $wgRedirectScript was removed. It was unused. 10412* Removed $wgLocalMessageCacheSerialized, it is now always true. 10413* $wgVectorUseIconWatch is now enabled by default. 10414* $wgCascadingRestrictionLevels was added. 10415* ftps, ssh, sftp, xmpp, sip, sips, tel, sms, bitcoin, magnet, urn, and geo 10416 have been whitelisted inside of $wgUrlProtocols. 10417* $wgDocType and $wgDTD have been removed and are no longer used for the 10418 DOCTYPE. 10419* $wgHtml5 is no longer used by core. Setting it to false will no longer disable 10420 HTML5. It is still set to true for extension compatibility but doing so in 10421 extensions is deprecated. 10422* $wgXhtmlDefaultNamespace is no longer used by core. Setting it will no longer 10423 change the xmlns used by MediaWiki. Reliance on this variable by extensions 10424 is deprecated. 10425* $wgHandheldStyle was removed. 10426* $wgHandheldForIPhone was removed. 10427* $wgJsMimeType is no longer used by core. Most usage has been removed since 10428 HTML output is now exclusively HTML5. 10429* $wgDBOracleDRCP added. True enables persistent connection with DRCP on Oracle. 10430* $wgLogAutopatrol added to allow disabling logging of autopatrol edits in the 10431 logging table. 10432 Default for $wgLogAutopatrol is true. 10433* The 'edit' right no longer allows for editing a user's own CSS and JS. 10434* New rights 'editmyusercss', 'editmyuserjs', 'viewmywatchlist', 10435 'editmywatchlist', 'viewmyprivateinfo', 'editmyprivateinfo', and 10436 'editmyoptions' restrict actions that were formerly allowed by default. They 10437 have been added to the default for $wgGroupPermissions['*']. 10438* The 'editprotected' right no longer allows bypassing of all page protection 10439 restrictions. Any group using it for this purpose will now need to have all 10440 the individual rights listed in $wgRestrictionTypes for the same effect. 10441* The 'protect' and 'autoconfirmed' rights are no longer used for the default 10442 page protection levels. The rights 'editprotected' and 'editsemiprotected' 10443 are now used for this purpose instead. 10444* (bug 40866) wgOldChangeTagsIndex removed. 10445* $wgNoFollowDomainExceptions now only matches entire domains. For example, 10446 an entry for 'bar.com' will still match 'foo.bar.com' but not 'foobar.com'. 10447* $wgCopyUploadTimeout and $wgCopyUploadAsyncTimeout added to change the timeout 10448 times for fetching the file during upload by url. 10449* New key added to $wgGalleryOptions - $wgGalleryOptions['mode'] to set 10450 default gallery mode. 10451* New hook 'GalleryGetModes' to allow extensions to make new gallery modes. 10452* The checkbox for staying in HTTPS displayed on the login form when 10453 $wgSecureLogin is enabled has been removed. Instead, whether the user stays in 10454 HTTPS will be determined 10455 based on the user's preferences, and whether they came from HTTPS or not. 10456* $wgRC2UDPAddress, $wgRC2UDPInterwikiPrefix, $wgRC2UDPOmitBots, $wgRC2UDPPort, 10457 and $wgRC2UDPPrefix configuration options have been deprecated in favor of a 10458 $wgRCFeeds configuration array. $wgRCFeeds makes both the format and 10459 destination of recent change notifications customizable, and allows for 10460 multiple destinations to be specified. 10461* (bug 53862) portal-url, currentevents-url and helppage have been removed from 10462 the default Sidebar. 10463* The 'vector-simplesearch' preference is now enabled by default. Previously 10464 it was only enabled if the Vector extension was installed. 10465* The precise format of metric datagrams produced by the UDP profiler and stats 10466 counter may now be specified as $wgUDPProfilerFormatString and 10467 $wgStatsFormatString, respectively. 10468* (bug 54597) $wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath, and 10469 $wgProxyMemcExpiry have been removed, along with the open proxy scanner 10470 script they were added for. 10471* Default value of $wgMaxShellMemory has been tripled (it's now 300 MB). 10472 10473=== New features in 1.22 === 10474* You can now install extensions using Composer. 10475 See https://www.mediawiki.org/wiki/Composer 10476* (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and 10477 attributes. 10478* (bug 33454) Language::sprintfDate now has a timezone parameter, and supports 10479 the "eIOPTZ" formatting characters. 10480* EditWarning: A warning is shown when an editor leaves the edit form without 10481 saving (enabled by default, users can opt-out via the 'useeditwarning' 10482 preference). This feature was moved from the Vector extension, and is now part 10483 of core for all skins. Take care when upgrading that you don't use an older 10484 version of the Vector extension as this feature may conflict. 10485* New 'mediawiki.ui' CSS module providing mw-ui-* styles for buttons and a 10486 compact vertical form layout. 10487* HTMLForm supports a new display format 'vform' which applies this compact 10488 vertical 10489 layout and button styling. Special:PasswordReset uses this format. 10490* New versions of login (Special:UserLogin) and create account 10491 (Special:UserLogin/signup) forms using the "vform" compact vertical form 10492 layout. These forms use new messages that assume a "Help logging in" link, see 10493 https://www.mediawiki.org/wiki/Manual:Page_customizations; 10494 https://www.mediawiki.org/wiki/Account_creation_user_experience/Strings lists 10495 the message key changes. 10496* (bug 23343) Implemented ability to apply IP blocks to the contents of 10497 X-Forwarded-For headers by adding a new configuration variable 10498 $wgApplyIpBlocksToXff (disabled by default). 10499* The new hook 'APIGetPossibleErrors' to modify the list of possible errors was 10500 added. 10501* (bug 25592) LogEventsList::showLogExtract() will now ignore various 10502 Pager-related WebRequest parameters by default, as this is overwhelmingly 10503 likely to be what was intended by users of the method. If any caller wishes 10504 to use these parameters, the new param 'useRequestParams' may be set to true. 10505* mw.util.addPortletLink: Tooltip is no longer required to be plain (without 10506 an accesskey in it already). As such it now rountrips. Creating a link with a 10507 message as tooltip, grabbing the title attribute and using it to create 10508 another portlet will work as expected. 10509* (bug 6747) {{ROOTPAGENAME}} introduced, contains the name of the topmost 10510 page without namespace. 10511* BREAKING CHANGE: (bug 41729) Display editsection links next to headings. Also 10512 change their class name from .editsection to .mw-editsection and place them at 10513 the end of the heading element instead of the beginning. Client-side code and 10514 screen-scrapers will have to be adjusted to handle both cases (old HTML will 10515 still be visible on cached page renders until they are purged); extensions 10516 using the DoEditSectionLink or EditSectionLink hooks might need adjustments as 10517 well. 10518* (bug 45535) introduced the new 'LanguageLinks' hook for manipulating the 10519 language links associated with a page before display. 10520* Chosen (http://harvesthq.github.io/chosen/) was added as module 10521 'jquery.chosen' 10522* HTMLForm will turn multiselect checkboxes into a Chosen interface when setting 10523 cssclass 'mw-chosen' 10524* rebuildLocalisationCache learned --lang option. Let you rebuild l10n caches 10525 of the specified languages instead of all of them. 10526* New GetNewMessagesAlert hook allowing extensions to disable or modify the new 10527 messages alert 10528* New wgUserNewMsgRevisionId JS global for logged in users. This will be null 10529 if the user has no new talk page messages. Otherwise it will be set to the 10530 revision ID of the oldest new talk page message. This will allow gadgets and 10531 extensions to create their own new message alerts on the client side. 10532* mediawiki.log: Added log.warn wrapper (uses console.warn and console.trace). 10533* mediawiki.log: Implemented log.deprecate. This method defines a property and 10534 uses ES5 getter/setter to emit a warning when they are used. 10535* $wgCascadingRestrictionLevels was added, allowing one to specify restriction 10536 levels which can be cascading (previously 'sysop' was hard-coded as the only 10537 one). 10538* XHTML5 support has been improved. If you set 10539 $wgMimeType = 'application/xhtml+xml' MediaWiki will try outputting markup 10540 according to XHTML5 rules. 10541* Altered hook 'ProtectionForm::save', adding the reason page protection is 10542 changed as third parameter. 10543* New hook 'TitleSquidURLs' for manipulating the list of URLs to be purged from 10544 HTTP caches when a page is changed. 10545* Changed the patrolling system to always show the link for patrolling in case 10546 the current revision is patrollable. This also removed the usage of the rcid 10547 URI parameters. 10548* Oracle DB backend now supports Database Resident Connection Pooling (DRCP). 10549 Can be enabled by setting $wgDBOracleDRCP=true. 10550 Requires Oracle DB 11gR1 or above, enabled DRCP inside the DB itself and a 10551 propper connect string. 10552 More about DRCP can be found at: 10553 https://oracle-base.com/articles/11g/database-resident-connection-pool-11gr1 10554* Add a new parameter $patrolFooterShown to hook ArticleViewFooter so the hook 10555 handlers can take further action based on the status of the patrol footer 10556* A new hook TitleQuickPermissions was added to allow overriding of quick 10557 permissions in the Title class. 10558* LinkCache singleton can now be altered or cleared, letting one to specify 10559 another instance that does not rely on a database backend. 10560* MediaWiki's PHPUnit tests can now use PHPUnit installed using composer --dev. 10561* (bug 43689) The lists of templates used on the page and hidden categories it 10562 is a member of, shown below the edit form, are now collapsible (and collapsed 10563 by default). 10564* Parser profiling data, formerly only available in the "NewPP limit report" 10565 HTML comment, is now also displayed at the bottom of page previews. 10566* Added ParserLimitReportPrepare and ParserLimitReportFormat hooks, deprecated 10567 ParserLimitReport hook. 10568* New user rights have been added to increase granularity in rights management 10569 for extensions such as OAuth: 10570** editmyusercss controls whether a user may edit their own CSS subpages. 10571** editmyuserjs controls whether a user may edit their own JS subpages. 10572** viewmywatchlist controls whether a user may view their watchlist. 10573** editmywatchlist controls whether a user may edit their watchlist. 10574** viewmyprivateinfo controls whether a user may access their private 10575 information (e.g. registered email address, real name). 10576** editmyprivateinfo controls whether a user may change their private 10577 information. 10578** editmyoptions controls whether a user may change their preferences. 10579* Add new hook AbortTalkPageEmailNotification, this will be used to determine 10580 whether to send the regular talk page email notification 10581* Action classes registered in $wgActions are now also supported in the form of 10582 a callback (which returns an instance of Action) instead of providing the name 10583 of a subclass of Action. 10584* (bug 46513) Vector: Add the collapsibleTabs script from the Vector extension. 10585* Added $wgRecentChangesFlags for defining new flags for RecentChanges and 10586 watchlists. 10587* (bug 40518) mw.toolbar: Implemented mw.toolbar.addButtons for adding multiple 10588 button objects in one call. 10589* Rights used for the default protection levels ('sysop' and 'autoconfirmed') 10590 are now used just for that purpose, instead of overloading other rights. This 10591 allows easy granting of the ability to edit sysop-protected pages without 10592 also granting the ability to protect and unprotect. 10593* (bug 48256) Make brackets in section edit links accessible to CSS. 10594 They are now wrapped in <span class="mw-editsection-bracket" />. 10595* (bug 8480) Allow handler specific parameters in galleries (like page number) 10596* jquery.client: Add detection for Opera 15 and Internet Explorer 11. 10597* Change tags (used by the AbuseFilter extension) are now shown on diff pages. 10598* Change tag lists (shown on recent changes, watchlist, user contributions, 10599 history pages, diff pages) now include a link to Special:Tags to distinguish 10600 them from edit summaries. 10601* Added a new method and hook, User::isEveryoneAllowed() and 10602 UserIsEveryoneAllowed, for use in situations where a "does everyone have this 10603 right?" check is used to avoid more expensive checks. 10604* (bug 14431) Display "(No difference)" instead of an empty diff (when comparing 10605 revisions in the history or when previewing changes while editing). 10606* New hook 'IsUploadAllowedFromUrl' is added which can be used to intercept 10607 uploads by URL, useful for blacklisting specific URLs 10608* (bug 21912) Watchlist token implementation has been refactored and 10609 Special:ResetTokens was added to allow users to reset their tokens 10610 instead of presenting them in Preferences. 10611* Special:PrefixIndex now lets you strip the searched prefix from the displayed 10612 titles. Given a list of articles named Bug1, Bug2, you can now transclude the 10613 list of bug numbers using: {{Special:PrefixIndex/Bug|stripprefix=1}}. 10614 The special page form received a new checkbox matching that option. 10615* (bug 23580) Implement javascript callback interface "mw.hook". 10616* (bug 30713) New mw.hook "wikipage.content". 10617* (bug 40430) jquery.placeholder gets a new parameter to set the attribute value 10618 to be used. 10619* $wgHTCPMulticastRouting renamed $wgHTCPRouting since it accepts unicast. 10620* $wgHTCPRouting rules can now be passed an array of hosts/ports to send purge 10621 too. Can be used whenever several multicast group could be interested by a 10622 specific purge. 10623* (bug 25931) Add Special:RandomInCategory. 10624* mediawiki.util: addPortletLink now supports passing a jQuery object as 10625 nextnode. 10626* <wbr> can now be used inside WikiText. 10627* WebResponse::setcookie is much more featureful. Callers using PHP's 10628 setcookie() or setrawcookie() should begin using this instead. 10629* New hook WebResponseSetCookie, called from WebResponse::setcookie(). 10630* New hook ResetSessionID, called when the session id is reset. 10631* Add a mode parameter to <gallery> tag with potential options of "traditional", 10632 "nolines", "packed", "packed-overlay", or "packed-hover". 10633* (bug 47399) A success message is now displayed after changing the password. 10634* Make thumb.php give HTTP redirects for file redirects 10635* (bug 30607) Special:ListFiles can now show old versions of files. Additionally 10636 Special:AllMyUploads was introduced so the user can get a list of all things 10637 they have ever uploaded, even if it was subsequently overridden. 10638* Introduced Special:MyFiles and Special:AllMyFiles as an alias for 10639 Special:MyUploads and Special:AllMyUploads respectively. 10640* IPv6 addresses in X-Forwarded-For headers are now normalised before checking 10641 against allowed proxy lists. 10642* Add deferrable update support for callback/closure. 10643* Add TitleMove hook before page renames. 10644* Revision deletion backend code is moved out of SpecialRevisiondelete 10645* Added {{REVISIONSIZE}} variable to get the current size of a revision. 10646* Add support for the LESS stylesheet language to ResourceLoader. LESS is a 10647 stylesheet language that compiles into CSS. ResourceLoader file modules may 10648 include LESS style files; ResourceLoader will compile these files into CSS 10649 before sending them to the client. 10650** The $wgResourceLoaderLESSVars configuration variable is an associative array 10651 mapping variable names to string CSS values. These variables are considered 10652 declared for all LESS files. Additional variables may be registered by 10653 adding keys to the array. 10654** $wgResourceLoaderLESSFunctions is an associative array of custom LESS 10655 function names to PHP callables. See 10656 <http://leafo.net/lessphp/docs/#custom_functions> 10657 for more details regarding custom functions. 10658** $wgResourceLoaderLESSImportPaths is an array of file system paths. Files 10659 referenced in LESS '@import' statements are looked up here first. 10660* ResourceLoader supports hashes as module cache invalidation trigger (instead 10661 of or in addition to timestamps). 10662* Added $wgExtensionEntryPointListFiles for use in mergeMessageFileList.php. 10663* Added a hook, APIQuerySiteInfoStatisticsInfo, to allow extensions to modify 10664 the output of the API query meta=siteinfo&siprop=statistics 10665* Primary keys have been added to both the archive table and the externallinks 10666 tables. 10667* Added $wgEnableParserLimitReporting to control whether the NewPP limit report 10668 is output in a HTML comment. 10669* The 'UnwatchArticle' and 'WatchArticle' hooks now support a Status object 10670 instead of just a boolean return value to abort the hook. 10671* Added a hook, SpecialWatchlistGetNonRevisionTypes, to allow extensions 10672 with custom recentchanges entries to hook into the Watchlist without 10673 clobbering each other. 10674* A hidden, empty input field was added to the edit form, and any edit that 10675 fills it in will be rejected. This prevents against the simplest form of 10676 spambots. Previously in the "SimpleAntiSpam" extension by Ryan Schmidt. 10677* populateRevisionLength.php maintenance script updated to also populate 10678 archive.ar_len field. 10679* (bug 43571) DatabaseMySQLBase learned to list views, optionally filtered by a 10680 prefix. Also fixed PHPUnit test suite when using a MySQL backend containing 10681 views. 10682 10683=== Bug fixes in 1.22 === 10684* (bug 47271) $wgContentHandlerUseDB should be set to false during the upgrade 10685* Disable Special:PasswordReset when $wgEnableEmail is false. Previously one 10686 could still navigate to the page by entering the URL directly. 10687* (bug 47138) Fixed a fatal error when a blocked user tries to automatically 10688 create an account on login due external authentication in some circumstances. 10689* (bug 23393) HTML <hN> headings containing line breaks are now handled 10690 correctly. 10691* (bug 45803) Whitespace within == Headline == syntax and within <hN> headings 10692 is now non-significant and not preserved in the HTML output. 10693* (bug 47218) Special:BlockList now handles correctly user names with spaces 10694 when passed as subpage. 10695* Pager's properly validate which fields are allowed to be sorted on. 10696* mw.util.tooltipAccessKeyRegexp: The regex now matches "option-" as well. 10697 Support for Mac "option" was added in 1.16, but the regex was never updated. 10698* (bug 46768) Usernames of blocking users now display correctly, even if 10699 numeric. 10700* (bug 39590) Self-transclusions now show the most up to date result always 10701 after save instead of being a revision behind. 10702* A bias in wfRandomString() toward digits 1-7 has been corrected. Generated 10703 strings will now start with digits 0 and 8-f as often as they should. 10704* (bug 45371) Removed Parser_LinkHooks and CoreLinkFunctions classes. 10705* (bug 41545) Allow <kbd>, <samp>, and <var> to be nested like allowed in html. 10706* PLURAL magic word no longer causes a PHP notice when no matching form exists. 10707* (bug 36641) Patrol page links no longer show on non-existent revisions. 10708* (bug 35810) Pages not linked from Special:RecentChanges or Special:NewPages 10709 are patrollable now. 10710* (bug 30213) JavaScript for search suggestions is now disabled when the API 10711 is disabled, and AJAX patrolling and watching are now disabled when use of 10712 the write API is not allowed. 10713* (bug 48294) API: Fix chunk upload async mode. 10714* (bug 46749) Broken files tracking category removed from pages if an image 10715 with that name is uploaded. 10716* (bug 14176) System messages that are empty were previously incorrectly treated 10717 as non-existent, causing a fallback to the default. This stopped users from 10718 overriding system messages to make them blank. 10719* (bug 48319) action=parse no longer returns an error if passed none of 'oldid', 10720 'pageid', 'page', 'title', and 'text' (e.g. if only passed 'summary'). A 10721 warning will instead be issued if 'title' is non-default, unless no props are 10722 requested. 10723* Special:Recentchangeslinked will now include upload log entries 10724* (bug 41281) Fixed ugly output if file size could not be extracted for 10725 multi-page media. 10726* (bug 50315) list=logevents API module will now output log entries by anonymous 10727 users. 10728* (bug 38911) Handle headers with rowspan in jquery.tablesorter 10729* (bug 658) Converted the table of contents on wiki pages from <table> to <div> 10730 and adjusted skin CSS accordingly. The CSS was carefully crafted to be 10731 backwards-compatible in all reasonable cases (uses of the __TOC__ magic word, 10732 the #toc CSS id and the .toc CSS class). However, particularly bad abuse of 10733 the id or the class can possibly break. 10734* CSSJanus now supports rgb, hsl, rgba, and hsla color syntaxes. 10735* Special:Listfiles can no longer be sorted by image name when filtering 10736 by user in miser mode. 10737* (bug 49074) CSSJanus: Handle values of border-radius correctly. 10738* Handle relative inclusions ({{../name}}) in main namespace with subpages 10739 enabled correctly (previously MediaWiki tried to include Template:Parent/name 10740 instead of just Parent/name). 10741* Added $wgAPIUselessQueryPages to allow extensions to flag their query pages 10742 for non-inclusion in ApiQueryQueryPages. 10743* (bug 50870) mediawiki.notification: Notification area should remain visible 10744 when scrolled down. 10745* (bug 13438) Special:MIMESearch no longer an expensive special page. 10746* (bug 48342) Fixed a fatal error when $wgValidateAllHtml is set to true and 10747 the function apache_request_headers() function is not available. 10748* (bug 33399) LivePreview: Re-run wikipage content handlers 10749 (jquery.makeCollapsible, jquery.tablesorter) after preview content is loaded. 10750* (bug 51891) Fixed PHP notice on Special:PagesWithProp when no properties 10751 are defined. 10752* (bug 52006) Corrected documentation of $wgTranscludeCacheExpiry. 10753* (bug 52077) The APIEditBeforeSave hook is giving the content of the whole 10754 revision as second argument now, rather than just the current section. 10755* (bug 49694) $wgSpamRegex is now also applied on the new section headline text 10756 adding a new topic on a page 10757* (bug 41756) Improve treatment of multiple comments on a blank line. 10758* (bug 51064) Purge upstream caches when deleting file assets. 10759* (bug 39012) File types with a mime that we do not know the extension for 10760 can no longer be uploaded as an extension that we do know the mime type 10761 for. 10762* (bug 51742) Add data-sort-value for better sorting of hitcounts Special:Tags 10763* (bug 26811) On DB error pages, server hostnames are now hidden when both 10764 $wgShowHostnames and $wgShowSQLErrors are false. 10765* (bug 6200) line breaks in <blockquote> are handled like they are in <div> 10766* (bug 14931) Default character set now set to 'utf8' when a new MySQL 10767 database is created. 10768* (bug 47191) Fixed "Column 'si_title' cannot be part of FULLTEXT index" 10769 MySQL error when installing using the binary character set option. 10770* (bug 45288) Support mysqli PHP extension 10771* (bug 55818) BREAKING CHANGE: Removed undocumented 'Debug' hook in wfDebug. 10772 This resolves an infinite loop when using $wgDebugFunctionEntry = true. 10773* (bug 56707) Correct tooltip of "Next n results" on query special pages. 10774* (bug 56770) mw.util.addPortletLink: Check length before access array index. 10775 10776=== API changes in 1.22 === 10777* (bug 25553) The JSON output formatter now leaves forward slashes unescaped 10778 to improve human readability of URLs and similar strings. Also, a "utf8" 10779 option is now provided to use UTF-8 encoding instead of hex escape codes 10780 for most non-ASCII characters. 10781* (bug 46626) xmldoublequote parameter was removed. Because of a bug, the 10782 parameter has had no effect since MediaWiki 1.16, and so its removal is 10783 unlikely to impact existing clients. 10784* (bug 47216) action=query&meta=siteinfo&siprop=skins will now indicate which 10785 skin is the default and which are unusable (e.g. listed in $wgSkipSkins). 10786* (bug 25325) Added support for wlshow filtering (bots/anon/minor/patrolled) 10787 to action=feedwatchlist. 10788* WDDX formatted output will actually be formatted (and normal output will no 10789 longer be), and will no longer choke on booleans. 10790* action=opensearch no longer silently ignores the format parameter. 10791* action=opensearch now supports format=jsonfm. 10792* list=usercontribs&ucprop=ids will now include the parent revision id. 10793* BREAKING CHANGE: action=parse no longer returns all langlinks for the page 10794 with prop=langlinks by default. The new effectivelanglinks parameter will 10795 request that the LanguageLinks hook be called to determine the effective 10796 language links. 10797* BREAKING CHANGE: list=allpages, list=langbacklinks, and prop=langlinks do not 10798 apply the new LanguageLinks hook, and thus only consider language links 10799 stored in the database. 10800* (bug 47219) Allow specifying change type of Wikipedia feed items 10801* prop=imageinfo now allows setting iiurlheight without setting iiurlwidth 10802* prop=info now adds the content model and page language of the title. 10803* New upload log entries will now contain information on the relevant 10804 image (sha1 and timestamp). 10805* (bug 49239) action=parse now can parse in preview and section preview modes. 10806* (bug 49259) action=patrol now accepts revision ids. 10807* (bug 48129) list=blocks&bkip= now correctly handles IPv6 CIDR ranges and 10808 honors $wgBlockCIDRLimit. Note any clients passing invalid values to bkip 10809 will now receive an error, rather than the previous behavior listing all 10810 user blocks. 10811* (bug 48201) action=parse&text=foo now assumes wikitext if no title is given, 10812 rather than using the content model of the page "API". 10813* action=watch no longer silently ignores hook abort. 10814* (bug 50785) action=purge with forcelinkupdate=1 no longer queues refreshLinks 10815 jobs in the job queue for link table updates of pages that use the given page 10816 as a template. Instead, forcerecursivelinkupdate=1 is introduced and should 10817 be used if that behaviour is desirable. 10818* The 'debugLog' property (enabled by $wgDebugToolbar) no longer sets the log 10819 entry values through ApiResult::content but directly. This changes the JSON 10820 output from an array of objects with content in '*' to an array of strings 10821 with the content. 10822* (bug 51342) prop=imageinfo iicontinue now contains the dbkey, not the text 10823 version of the title. 10824* (bug 52538) action=edit will now use empty text instead of the contents 10825 of section 0 when passed prependtext or appendtext with section=new. 10826* Support for the 'gettoken' parameter to action=block and action=unblock, 10827 deprecated since 1.20, has been removed. 10828* (bug 49090) Token-getting functions will fail when using jsonp callbacks. 10829* (bug 52699) action=upload returns normalized file name on warning 10830 "exists-normalized" instead of filename to be uploaded to. 10831* (bug 53884) action=edit will now return an error when the specified section 10832 does not exist in the page. 10833* Added meta=filerepoinfo API module for getting information about foreign 10834 file repositories, and related ForeignAPIRepo methods getInfo and getApiUrl. 10835* The new query module list=allfileusages to enumerate file usages was added. 10836 10837=== Languages updated in 1.22 === 10838 10839MediaWiki supports over 350 languages. Many localisations are updated 10840regularly. Below only new and removed languages are listed, as well as 10841changes to languages because of Bugzilla reports. 10842 10843* Batak Toba (bbc-latn) added. 10844* (bug 46751) Made Buryat (Russia) (буряад) (bxr) fallback to Russian. 10845 10846=== Other changes in 1.22 === 10847* BREAKING CHANGE: Implementation of MediaWiki's JS and JSON value encoding 10848 has changed: 10849** MediaWiki no longer supports PHP installations in which the native JSON 10850 extension is missing or disabled. 10851** XmlJsCode objects can no longer be nested inside objects or arrays. 10852 (For Xml::encodeJsCall(), this individually applies to each argument.) 10853** The sets of characters escaped by default, along with the precise escape 10854 sequences used, have changed (except for the Xml::escapeJsString() 10855 function, which is now deprecated). 10856* BREAKING CHANGE: The Services_JSON class has been removed. If necessary, 10857 be sure to upgrade affected extensions at the same time (e.g. Collection). 10858* redirect.php was removed. It was unused. 10859* ClickTracking integration was dropped from the mediaWiki.user.bucket 10860 JavaScript function. The 'tracked' option is now ignored. 10861* BREAKING CHANGE: Legacy skins Simple, MySkin, Chick, Standard and Nostalgia 10862 were all removed. (Nostalgia was moved to an extension.) The SkinLegacy and 10863 LegacyTemplate classes that supported them were removed as well and are now a 10864 part of the Nostalgia extension. 10865* Event namespace used by jquery.makeCollapsible has been changed from 10866 'mw-collapse' to 'mw-collapsible' for consistency with the module name. 10867* BREAKING CHANGE: The "ExternalAuth" authentication subsystem was removed, 10868 along with its associated globals of $wgExternalAuthType, $wgExternalAuthConf, 10869 $wgAutocreatePolicy and $wgAllowPrefChange. Affected users are encouraged to 10870 use AuthPlugin for external authentication/authorization needs. 10871* The Quickbar feature of the legacy skin model and the last remnants of it 10872 throughout the code base have been removed. 10873* Externaledit/externaldiff preference was removed. Very few users used this 10874 feature, and improper configuration can actually prevent a user from editing 10875* Calling Linker methods using a skin will now output deprecation warnings. 10876* (bug 46680) "Return to" links are no longer tagged with rel="next". 10877* BREAKING CHANGE: mw.util.tooltipAccessKeyRegexp: The match group for the 10878 accesskey character is now $6 instead of $5. 10879* HipHop compiler (hphpc) support was removed. HipHop VM support (hhvm) was 10880 added. 10881* A new Special:Redirect page was added, providing lookup by revision ID, 10882 user ID, or file name. The old Special:Filepath page was reimplemented 10883 to redirect through Special:Redirect. 10884* Monobook: Removed the old conditional stylesheets for Opera 6, 7 and 9. 10885* Support for XHTML 1.0 has been removed. MediaWiki now only outputs (X)HTML5. 10886* wikibits: User-agent related globals have been deprecated. The following 10887 properties now default to false and emit mw.log.warn: is_gecko, is_chrome_mac, 10888 is_chrome, webkit_version, is_safari_win, is_safari, webkit_match, is_ff2, 10889 ff2_bugs, is_ff2_win, is_ff2_x11, opera95_bugs, opera7_bugs, opera6_bugs, 10890 is_opera_95, is_opera_preseven, is_opera, and ie6_bugs. 10891* (bug 48276) MediaWiki will now flash a confirmation message upon successfully 10892 editing a page. 10893* (bug 40785) mediawiki.legacy.ajax has been marked as deprecated. The following 10894 properties now emit mw.log.warn when accessed: sajax_debug, sajax_init_object, 10895 sajax_do_call and wfSupportsAjax. 10896* BREAKING CHANGE: meta keywords are no longer supported. A 10897 <meta name="keywords" will no longer be output and OutputPage::addKeyword no 10898 longer exists. 10899* Methods Title::userCanEditCssSubpage and Title::userCanEditJsSubpage, 10900 deprecated since 1.19, have been removed. 10901* (bug 50134) Hook functions are no longer required to return a value. When a 10902 hook function does not return a value (or when it returns an explicit null), 10903 processing continues. To abort the hook, a hook function must return an 10904 explicit, boolean false or a string error message. Other falsey values are 10905 tantamount to a 'return true' in earlier versions of MediaWiki. 10906* BREAKING CHANGE: The EditSectionLink hook was removed after being 10907 deprecated since MediaWiki 1.14. Use DoEditSectionLink instead. 10908* (bug 48256) The 'editsection-brackets' optional message was removed. 10909 Section edit links' brackets can now be customized using CSS by 10910 styling span.mw-editsection-bracket. 10911* The usePatrol function in ChangesList has been marked as deprecated. 10912* (bug 50785) A "null edit", that is, a save action in which no changes to the 10913 page text are made and no revision recorded, will no longer send refreshLinks 10914 jobs to the job table to update pages which use the edited page as a template. 10915* The LivePreviewPrepare and LivePreviewDone events triggered on "jQuery( mw )" 10916 have been deprecated in favour of using mw.hook. 10917* The 'showjumplinks' user preference has been removed, jump links are now 10918 always included. 10919* Methods RecentChange::notifyRC2UDP, RecentChange::sendToUDP, and 10920 RecentChange::cleanupForIRC have been deprecated, as it is now the 10921 responsibility of classes implementing the RCFeedFormatter and RCFeedEngine 10922 interfaces to implement the formatting and delivery for recent change 10923 notifications. 10924* SpecialPrefixindex methods namespacePrefixForm() and showPrefixChunk() have 10925 been made protected. They were accepting form variance arguments, this is now 10926 using properties in the SpecialPrefixindex class. 10927* (bug 50310) BREAKING CHANGE: wikibits: Drop support for mwCustomEditButtons. 10928 It defaults to an empty array and emits mw.log.warn when accessed. 10929* BREAKING CHANGE: Special:Disambiguations has been removed from MediaWiki core. 10930 Functions related to disambiguation pages are now handled by the Disambiguator 10931 extension (https://www.mediawiki.org/wiki/Extension:Disambiguator) (bug 10932 35981). 10933* BREAKING CHANGE: The 'mediawiki.legacy.wikiprintable' module has been removed. 10934 The skins/common/wikiprintable.css file no longer exists. Return value of 10935 Skin#commonPrintStylesheet is ignored. Please use the 10936 'mediawiki.legacy.commonPrint' module instead or base your skin on 10937 SkinTemplate. 10938* (bug 49629) The hook ExtractThumbParameters has been deprecated in favour 10939 of media handler overriding MediaHandler::parseParamString. 10940* (bug 46512) The collapsibleNav feature from the Vector extension has been 10941 moved to the Vector skin in core. 10942* SpecialRecentChanges::addRecentChangesJS() function has been renamed 10943 to addModules() and made protected. 10944* Methods WatchAction::doWatch and WatchAction::doUnwatch now return a Status 10945 object instead of a boolean. 10946* Information boxes (CSS classes errorbox, warningbox, successbox) have been 10947 made more subtle. 10948* BREAKING CHANGE: The module 'mediawiki.legacy.IEFixes' has been removed as it 10949 was unused. The file skins/common/IEFixes.js remains but is only used by 10950 wikibits. The file never contained any re-usable components. To use it in a 10951 skin, load 'mediawiki.legacy.wikibits' (which IEFixes depends on) and that 10952 will import IEFixes automatically if user agent conditions are met. 10953* Code specific to the Math extension was marked as deprecated. 10954* mediawiki.util: mw.util.wikiGetlink has been renamed to getUrl. (The old name 10955 still works, but is deprecated.) 10956 10957= MediaWiki 1.21 = 10958 10959== MediaWiki 1.21.11 == 10960This is a security and maintenance release of the MediaWiki 1.21 branch. 10961 10962=== Changes since 1.21.10 === 10963* (bug 65839) SECURITY: Prevent external resources in SVG files. 10964* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like 10965 only extracting the tail of the file partially or not at all. 10966 10967== MediaWiki 1.21.10 == 10968This is a security and maintenance release of the MediaWiki 1.21 branch. 10969 10970=== Changes since 1.21.9 === 10971* (bug 65501) SECURITY: Don't parse usernames as wikitext on 10972 Special:PasswordReset. 10973* (bug 36356) Add space between two feed links. 10974 10975== MediaWiki 1.21.9 == 10976This is a security and maintenance release of the MediaWiki 1.21 branch. 10977 10978=== Changes since 1.21.8 === 10979* (bug 63251) SECURITY: Escape sortKey in pageInfo. 10980* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to 10981 appear blank or with missing text. 10982 10983== MediaWiki 1.21.8 == 10984This is a security and maintenance release of the MediaWiki 1.21 branch. 10985 10986=== Changes since 1.21.7 === 10987* (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword. 10988* (bug 62467) Set a title for the context during import on the cli. 10989 10990== MediaWiki 1.21.7 == 10991This is a maintenance release of the MediaWiki 1.21 branch. 10992 10993=== Changes since 1.21.6 === 10994* Use the correct branch of the extensions' git repositories. 10995 10996== MediaWiki 1.21.6 == 10997This is a security release of the MediaWiki 1.21 branch. 10998 10999=== Changes since 1.21.5 === 11000* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted 11001 namespaces. Also disallow iframe elements. 11002* User will get an error including the namespace name if they use a 11003 non-whitelisted namespace. 11004* (bug 61346) SECURITY: Make token comparison use constant time. It seems like 11005 our token comparison would be vulnerable to timing attacks. This will take 11006 constant time. 11007* (bug 61362) SECURITY: API: Don't find links in the middle of api.php links. 11008 11009== MediaWiki 1.21.5 == 11010This is a security release of the MediaWiki 1.21 branch. 11011 11012=== Changes since 1.21.4 === 11013* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media 11014 formats 11015 11016== MediaWiki 1.21.4 == 11017This is a security release of the MediaWiki 1.21 branch. 11018 11019=== Changes since 1.21.3 === 11020* (bug 57550) SECURITY: Disallow stylesheets in SVG Uploads 11021* (bug 58088) SECURITY: Don't normalize U+FF3C to \ in CSS Checks 11022* (bug 58472) SECURITY: Disallow -o-link in styles 11023* (bug 58553) SECURITY: Return error on invalid XML for SVG Uploads 11024* (bug 58699) SECURITY: Fix RevDel log entry information leaks 11025 11026== MediaWiki 1.21.3 == 11027This is a security and maintenance release of the MediaWiki 1.21 branch. 11028 11029=== Changes since 1.21.2 === 11030* (bug 53032) SECURITY: Don't cache when a call could autocreate 11031* (bug 55332) SECURITY: Improve css javascript detection 11032* (bug 49717) Fix behaviour $wgVerifyMimeType = false; in Upload 11033* Fix comma errors in various js files 11034* Translations 11035 11036== MediaWiki 1.21.2 == 11037This is a security and maintenance release of the MediaWiki 1.21 branch. 11038 11039=== Changes since 1.21.1 === 11040* SECURITY: Fix extension detection with 2 .'s 11041* SECURITY: Support for the 'gettoken' parameter to action=block and 11042 action=unblock, deprecated since 1.20, has been removed. 11043* SECURITY: Sanitize ResourceLoader exception messages 11044* Purge upstream caches when deleting file assets. 11045* Unit test suite now runs the AutoLoader tests. Also fixed the autoloading 11046 entry for the PageORMTableForTesting class though it had no impact. 11047 11048== MediaWiki 1.21.1 == 11049This is a maintenance release of the MediaWiki 1.21 branch. 11050 11051=== Changes since 1.21.0 === 11052* An incorrect version number was used for 1.21.0. 1.21.1 has the correct 11053 number. 11054* A problem with the Oracle SQL table creation was fixed. 11055* (PdfHandler extension) Fix warning if pdfinfo fails but pdftext succeeds. 11056 11057== MediaWiki 1.21.0 == 11058 11059=== Configuration changes in 1.21 === 11060* (bug 29374) $wgVectorUseSimpleSearch is now enabled by default. 11061* Deprecated $wgAllowRealName is removed. Use $wgHiddenPrefs[] = 'realname' 11062 instead. 11063* (bug 39957) Added $wgUnwatchedPageThreshold, specifying minimum count 11064 of page watchers required for the number to be accessible to users 11065 without the unwatchedpages permission. 11066* $wgBug34832TransitionalRollback has been removed. 11067* (bug 29472) $wgUseDynamicDates has been removed and its functionality 11068 disabled. 11069 11070=== New features in 1.21 === 11071* (bug 38110) Schema changes (adding or dropping tables, indices and 11072 fields) can be now be done separately from other changes that 11073 update.php makes. This is useful in environments that use database 11074 permissions to restrict schema changes but allow the DB user that 11075 MediaWiki normally runs as to perform other changes that update.php 11076 makes. Schema changes can be run separately. See the file UPGRADE 11077 for more information. 11078* (bug 34876) jquery.makeCollapsible has been improved in performance. 11079* Added ContentHandler facility to allow extensions to support other content 11080 than wikitext. See docs/contenthandler.txt for details. 11081* New feature was developed for showing high-DPI thumbnails for high-DPI mobile 11082 and desktop displays (configurable with $wgResponsiveImages). 11083* Added new backend to represent and store information about sites and site 11084 specific configuration. 11085* jQuery upgraded from 1.8.2 to 1.8.3. 11086* jQuery UI upgraded from 1.8.23 to 1.8.24. 11087* Added separate fa_sha1 field to filearchive table. This allows sha1 11088 searches with the api in miser mode for deleted files. 11089* Add initial and programmatic sorting for tablesorter. 11090* Add the event "sortEnd.tablesorter", triggered after sorting has completed. 11091* The Job system was refactored to allow for different backing stores for 11092 queues as well as cross-wiki access to queues, among other things. The schema 11093 for the DB queue was changed to support better concurrency and reduce 11094 deadlock errors. 11095* Added ApiQueryORM class to facilitate creation of query API modules based on 11096 tables that have a corresponding ORMTable class. 11097* (bug 40876) Icon for PSD (Adobe Photoshop) file types. 11098* (bug 40641) Implemented Special:Version/Credits with a list of contributors. 11099* (bug 7851) Implemented one-click AJAX patrolling. 11100* The <data>, <time>, <meta>, and <link> elements are allowed within WikiText 11101 for use with Microdata. 11102* The HTML5 <mark> tag has been whitelisted. 11103* Added ParserCloned hook for when the Parser object is cloned. 11104* Added AlternateEditPreview hook to allow extensions to replace the page 11105 preview from the edit page. 11106* Added EditPage::showStandardInputs:options hook to allow extensions to add 11107 new fields to the "editOptions" area of the edit form. 11108* Upload stash DB schema altered to improve upload performance. 11109* The following global functions are now reporting deprecated warnings in 11110 debug mode: wfMsg, wfMsgNoTrans, wfMsgForContent, wfMsgForContentNoTrans, 11111 wfMsgReal, wfMsgGetKey, wfMsgHtml, wfMsgWikiHtml, wfMsgExt, wfEmptyMsg. Use 11112 the Message class, or the global method wfMessage. 11113* Added $wgEnableCanonicalServerLink, off by default. If enabled, a 11114 <link rel=canonical> tag is added to every page indicating the correct server 11115 to use. 11116* Debug message emitted by wfDebugLog() will now be prefixed with the group 11117 name when its logged to the default log file. That is the case whenever the 11118 group has no key in wgDebugLogGroups, that will help triage the default log. 11119* (bug 24620) Add types to LogFormatter. 11120* jQuery JSON upgraded from 2.3 to 2.4.0. 11121* Added GetDoubleUnderscoreIDs hook, for modifying the list of magic words. 11122* DatabaseUpdater class has two new methods to ease extensions schema changes: 11123 dropExtensionIndex and renameExtensionIndex. 11124* New preference type - 'api'. Preferences of this type are not shown on 11125 Special:Preferences, but are still available via the action=options API. 11126* (bug 39397) Hide rollback link if a user is the only contributor of the page. 11127* $wgPageInfoTransclusionLimit limits the list size of transcluded articles 11128 on the info action. Default is 50. 11129* Added action=createaccount to allow user account creation. 11130* (bug 40124) action=options API also allows for setting of arbitrary 11131 preferences, provided that their names are prefixed with 'userjs-'. This 11132 officially reenables the feature that was undocumented and defective 11133 in MW 1.20 (saving preferences using Special:Preferences cleared any 11134 additional fields) and which has been disabled in 1.20.1 as a part of 11135 a security fix (bug 42202). 11136* Added option to specify "others" as author in extension credits using 11137 "..." as author name. 11138* Added the ability to limit the wall clock time used by shell processes, 11139 as well as the CPU time. Configurable with $wgMaxShellWallClockTime. 11140* Allow memory of shell subprocesses to be limited using Linux cgroups 11141 instead of ulimit -v, which tends to cause deadlocks in recent versions 11142 of ImageMagick. Configurable with $wgShellCgroup. 11143* Added $wgWhitelistReadRegexp for regex whitelisting. 11144* (bug 5346) Categories that are redirects will be displayed italic in 11145 the category links section at the bottom of a page. 11146* (bug 43915) New maintenance script deleteEqualMessages.php. 11147* You can now create checkbox option matrices through the HTMLCheckMatrix 11148 subclass in HTMLForm. 11149* WikiText now permits the use of WAI-ARIA's role="presentation" inside of 11150 html elements and tables. This allows presentational markup, especially 11151 tables. To be marked up as such. 11152* maintenance/sql.php learned the --cluster option. Let you run the script 11153 on some external cluster instead of the primary cluster for a given wiki. 11154* (bug 20281) test the parsing of inline URLs. 11155* Added Special:PagesWithProp, which lists pages using a particular page 11156 property. 11157* Implemented language-specific collations for category sorting for 67 languages 11158 based in latin, greek and cyrillic alphabets. This allows one to *finally* get 11159 articles to be correctly sorted on category pages. They are named 11160 'uca-<langcode>', where <langcode> is one of: af, ast, az, be, bg, br, bs, ca, 11161 co, cs, cy, da, de, dsb, el, en, eo, es, et, eu, fi, fo, fr, fur, fy, ga, gd, 11162 gl, hr, hsb, hu, is, it, kk, kl, ku, ky, la, lb, lt, lv, mk, mo, mt, nl, no, 11163 oc, pl, pt, rm, ro, ru, rup, sco, sk, sl, smn, sq, sr, sv, tk, tl, tr, tt, uk, 11164 uz, vi. 11165* Added 'CategoryAfterPageAdded' and 'CategoryAfterPageRemoved' hooks. 11166* Added 'HistoryRevisionTools' and 'DiffRevisionTools' hooks. 11167* Added 'SpecialSearchResultsPrepend' and 'SpecialSearchResultsAppend' hooks. 11168* (bug 33186) Add image rotation api "imagerotate" 11169* (bug 34040) Add "User rights management" link on user page toolbox. 11170* (bug 45526) Add QUnit assertion helper "QUnit.assert.htmlEqual" for asserting 11171 structual equality of HTML (ignoring insignificant differences like 11172 quotmarks, order and whitespace in the attribute list). 11173* (bug 23393) HTML <hN> headings containing line breaks are now handled 11174 correctly. 11175* (bug 45803) Whitespace within == Headline == syntax and within <hN> headings 11176 is now non-significant and not preserved in the HTML output. 11177 11178=== Bug fixes in 1.21 === 11179* (bug 40353) SpecialDoubleRedirect should support interwiki redirects. 11180* (bug 40352) fixDoubleRedirects.php should support interwiki redirects. 11181* (bug 9237) SpecialBrokenRedirect should not list interwiki redirects. 11182* (bug 34960) Drop unused fields rc_moved_to_ns and rc_moved_to_title from 11183 recentchanges table. 11184* (bug 32951) Do not register internal externals with absolute protocol, 11185 when server has relative protocol. 11186* (bug 39005) When purging proxies listed in $wgSquidServers using HTTP PURGE 11187 method requests, we now send a Host header by default, for Varnish 11188 compatibility. This also works with Squid in reverse-proxy mode. If you wish 11189 to support Squid configured in forward-proxy mode, set 11190 $wgSquidPurgeUseHostHeader to false. 11191* (bug 37020) sql.php with readline eats semicolon. 11192* (bug 11748) Properly handle optionally-closed HTML tags when Tidy is 11193 disabled, and don't wrap HTML-syntax definition lists in paragraphs. 11194* (bug 41409) Diffs while editing an old revision should again diff against the 11195 current revision. 11196* (bug 41494) Honor $wgLogExceptionBacktrace when logging non-API exceptions 11197 caught during API execution. 11198* (bug 37963) Fixed loading process for user options. 11199* (bug 26995) Update filename field on Upload page after having sanitized it. 11200* (bug 41793) Contribution links to users with 0 edits on Special:ListUsers 11201 didn't show up red. 11202* (bug 41899) A PHP notice no longer occurs when using the "rvcontinue" API 11203 parameter. 11204* (bug 42036) Account creation emails now contain canonical (not 11205 protocol-relative) URLs. 11206* (bug 41990) Fix regression: API edit with redirect=true and lacking 11207 starttimestamp and basetimestamp should not cause an edit conflict. 11208* (bug 41706) EditPage: Preloaded page should be converted if possible and 11209 needed. 11210* (bug 41886) Rowspans are no longer exploded by tablesorter until the table is 11211 actually sorted. 11212* (bug 2865) User interface HTML elements don't use lang attribute. 11213 (completed the fix by adding the lang attribute to firstHeading). 11214* (bug 42173) Removed namespace prefixes on Special:UncategorizedCategories. 11215* (bug 36053) Log in "returnto" feature forgets query parameters if no 11216 title parameter was specified. 11217* (bug 42410) API action=edit now returns correct timestamp for the new edit. 11218* (bug 14901) Email notification mistakes log action for new page creation. 11219 Enotif no longer sends "page has been created" notifications for some log 11220 actions. The following events now have a correct message: page creation, 11221 deletion, move, restore (undeletion), change (edit). Parameter 11222 $CHANGEDORCREATED is deprecated in 'enotif_body' and scheduled for removal in 11223 MediaWiki 1.23. 11224* (bug 457) In the sidebar of Vector, CologneBlue, Monobook, and Monobook-based 11225 skins, the heading levels have been changed from (variously per skin) 11226 <h4>, <h5> or <h6> to only <h3>s, with a <h2> hidden heading above them. 11227 If you are styling or scripting the headings in a custom way, this change 11228 will require updates to your site's CSS or JS. 11229* (bug 41342) jquery.suggestions should cancel any active (async) fetches 11230 before it triggers another fetch. 11231* (bug 42184) $wgUploadSizeWarning missing second variable. 11232* (bug 34581) removeUnusedAccounts.php maintenance script now ignores newuser 11233 log when determining whether an account is used. 11234* (bug 43379) Gracefully fail if rev_len is unavailable for a revision on the 11235 History page. 11236* (bug 42949) API no longer assumes all exceptions are MWException. 11237* (bug 41733) Hide "New user message" (.usermessage) element from printable 11238 view. 11239* (bug 39062) Special:Contributions will display changes that don't have 11240 a parent id instead of just an empty bullet item. 11241* (bug 37209) "LinkCache doesn't currently know about this title" error fixed. 11242* wfMerge() now works if $wgDiff3 contains spaces 11243* (bug 43052) mediawiki.action.view.dblClickEdit.dblClickEdit should trigger 11244 ca-edit click instead opening URL directly. 11245* (bug 43964) Invalid value of "link" parameter in <gallery> no longer produces 11246 a fatal error. 11247* (bug 44775) The username field is not pre-filled when creating an account. 11248* (bug 45069) wfParseUrl() no longer produces a PHP notice if passed a "mailto:" 11249 URL without address 11250* (bug 45012) Creating an account by e-mail can no longer show a 11251 "password mismatch" error. 11252* (bug 44599) On Special:Version, HEADs for submodule checkouts (e.g. for 11253 extensions) performed using Git 1.7.8+ should now appear. 11254* (bug 42184) $wgUploadSizeWarning missing second variable 11255* (bug 40326) Check if files exist with a different extension during uploading 11256* (bug 34798) Updated CSS for Atom/RSS recent changes feeds to match on-wiki 11257 diffs. 11258* (bug 42430) Calling numRows on MySQL no longer propagates unrelated errors. 11259* (bug 44719) Removed mention of non-existing maintenance/migrateCurStubs.php 11260 script in includes/DefaultSettings.php 11261* (bug 45143) jquery.badge: Treat non-Latin variants of zero as zero as well. 11262* (bug 46151) mwdocgen.php should not ignore exit code of doxygen command. 11263* (bug 41889) Fix $.tablesorter rowspan exploding for complex cases. 11264 11265=== API changes in 1.21 === 11266* prop=revisions can now report the contentmodel and contentformat. 11267 See docs/contenthandler.txt. 11268* action=edit and action=parse now support contentmodel and contentformat 11269 parameters to control the interpretation of page content. 11270 See docs/contenthandler.txt for details. 11271* (bug 35693) ApiQueryImageInfo now suppresses errors when unserializing 11272 metadata. 11273* (bug 40111) Disable minor edit for page/section creation by API. 11274* (bug 41042) Revert change to action=parse&page=... behavior when the page 11275 does not exist. 11276* (bug 27202) Add timestamp sort to list=allimages. 11277* (bug 43137) Don't return the sha1 of revisions through the API if the content 11278 is revision-deleted. 11279* ApiQueryImageInfo now also returns imageinfo for redirects. 11280* list=alltransclusions added to enumerate every instance of page embedding 11281* list=alllinks & alltransclusions now allow both 'from' and 'continue' in 11282 the same query. When both are present, 'from' is simply ignored. 11283* list=alllinks & alltransclusions now allow 'unique' in generators, to yield 11284 a list of all link/template target pages instead of source pages. 11285* BREAKING CHANGE: list=logevents output format changed for details of some log 11286 types. Specifically, details that were formerly reported under a key like 11287 "4::foo" will now be reported under a key of simply "foo". 11288* BREAKING CHANGE: '??_badcontinue' error code was changed to '??badcontinue' 11289 for all query modules. 11290* ApiQueryBase adds 'badcontinue' error code if module has 'continue' parameter. 11291* (bug 35885) Removed version parameter and all getVersion() methods. 11292* action=options now takes a "resetkinds" option, which allows only resetting 11293 certain types of preferences when the "reset" option is set. 11294* (bug 36751) ApiQueryImageInfo now returns imageinfo for the redirect target 11295 when queried with &redirects=. 11296* (bug 31849) ApiQueryImageInfo no longer gets confused when asked for info on 11297 a redirect and its target. 11298* (bug 43849) ApiQueryImageInfo no longer throws exceptions with ForeignDBRepo 11299 redirects. 11300* On error, any warnings generated before that error will be shown in the 11301 result. 11302* action=help supports generalized submodules (modules=query+value), 11303 querymodules obsolete 11304* ApiQueryImageInfo continuation is more reliable. The only major change is 11305 that the imagerepository property will no longer be set on page objects not 11306 processed in the current query (i.e. non-images or those skipped due to 11307 iicontinue). 11308* Add supports for all pageset capabilities - generators, redirects, 11309 converttitles to action=purge and action=setnotificationtimestamp. 11310* (bug 43251) prop=pageprops&ppprop= now accepts multiple props to query. 11311* ApiQueryImageInfo will now limit the number of calls to File::transform made 11312 in any one query. If there are too many, iicontinue will be returned. 11313* action=query&meta=siteinfo&siprop=general will now return the regexes used for 11314 link trails and link prefixes. Added for Parsoid support. 11315* Added an API query module list=pageswithprop, which lists pages using a 11316 particular page property. 11317* Added an API query module list=pagepropnames, which lists all page prop names 11318 currently in use on the wiki. 11319* (bug 44921) ApiMain::execute() will now return after the CORS check for an 11320 HTTP OPTIONS request. 11321* (bug 44923) action=upload works correctly if the entire file is uploaded in 11322 the first chunk. 11323* Added 'continue=' parameter to streamline client iteration over complex query 11324 results 11325* (bug 44909) API parameters may now be marked as type "upload", which is now 11326 used for action=upload's 'file' and 'chunk' parameters. This type will raise 11327 an error during parameter validation if the parameter is given but not 11328 recognized as an uploaded file. 11329* (bug 44244) prop=info may now return the number of people watching each page. 11330* (bug 33304) list=allpages will no longer return duplicate entries when 11331 querying protection. 11332* (bug 33304) list=allpages will now find really old indefinite protections. 11333* (bug 45937) meta=allmessages will report a syntactically invalid lang as a 11334 proper error instead of as an uncaught exception. 11335* (bug 25325) added support for wlshow filtering (bots/anon/minor/patrolled) 11336 to action=feedwatchlist 11337* WDDX formatted output will actually be formatted (and normal output will no 11338 longer be), and will no longer choke on booleans. 11339 11340=== API internal changes in 1.21 === 11341* For debugging only, a new global $wgDebugAPI removes many API restrictions 11342 when true. 11343 Never use on the production servers, as this flag introduces security holes. 11344 Whenever enabled, a warning will also be added to all output. 11345* ApiModuleManager now handles all submodules (actions,props,lists) and 11346 instantiation 11347* Query stores prop/list/meta as submodules 11348* ApiPageSet can now be used in any action to process titles/pageids/revids or 11349 any generator. 11350* BREAKING CHANGE: ApiPageSet constructor now has two params instead of three, 11351 with only the first one keeping its meaning. ApiPageSet is now derived from 11352 ApiBase. 11353* BREAKING CHANGE: ApiQuery::newGenerator() and executeGeneratorModule() were 11354 deleted. 11355* ApiQueryGeneratorBase::setGeneratorMode() now requires a pageset param. 11356* $wgAPIGeneratorModules is now obsolete and will be ignored. 11357* Added flags ApiResult::OVERRIDE and ADD_ON_TOP to setElement() and addValue() 11358* Internal API calls will now include <warnings> in case of unused parameters 11359 11360=== Languages updated in 1.21 === 11361 11362MediaWiki supports over 350 languages. Many localisations are updated 11363regularly. Below only new and removed languages are listed, as well as 11364changes to languages because of Bugzilla reports. 11365 11366* South Azerbaijani (azb) added. 11367* (bug 30040) Autonym for nds-nl is now 'Nedersaksies' (was 'Nedersaksisch'). 11368* (bug 45436) Autonym for pi (Pali) is now 'पालि' (was ''पाळि'). 11369* (bug 34977) Now formatted numbers in Spanish use space as separator 11370 for thousands, as mandated by the Real Academia Española. 11371* (bug 35031) Kurdish formatted numbers now use period and comma 11372 as separators for thousands and decimals respectively. 11373 11374=== Other changes in 1.21 === 11375* BREAKING CHANGE: (bug 44385) Removed the jquery.collapsibleTabs module and 11376 moved it to the Vector extension. It was entirely Vector-extension-specific, 11377 deeply interconnected with the extension, and this functionality really 11378 belongs to the extension instead of the skin anyway. In the unlikely case you 11379 were using it, you have to either copy it to your extension, or install the 11380 Vector extension (and possibly disable its features using config settings if 11381 you don't want them). 11382* Experimental IBM DB2 support was removed due to lack of interest and 11383 maintainership 11384* BREAKING CHANGE: Filenames of maintenance scripts were standardized into 11385 lowerCamelCase format, and made more explicit: 11386 - clear_stats.php -> clearCacheStats.php 11387 - clear_interwiki_cache.php -> clearInterwikiCache.php 11388 - initStats.php -> initSiteStats.php 11389 - proxy_check.php -> proxyCheck.php 11390 - stats.php -> showCacheStats.php 11391 - showStats.php -> showSiteStats.php. 11392 Class names were renamed accordingly: 11393 - clear_stats -> ClearCacheStats 11394 - InitStats -> InitSiteStats 11395 - CacheStats -> ShowCacheStats 11396 - ShowStats -> ShowSiteStats. 11397* BREAKING CHANGE: (bug 38244) Removed the mediawiki.api.titleblacklist module 11398 and moved it to the TitleBlacklist extension. 11399 11400= MediaWiki 1.20 = 11401 11402== MediaWiki 1.20.8 == 11403This is a security release of the MediaWiki 1.20 branch. 11404 11405=== Changes since 1.20.7 === 11406* (bug 53032) SECURITY: Don't cache when a call could autocreate 11407* (bug 55332) SECURITY: Improve css javascript detection 11408* (bug 49717) Fix behaviour $wgVerifyMimeType = false; in Upload 11409* Fix comma errors in various js files 11410* Translations 11411 11412== MediaWiki 1.20.7 == 11413This is a security release of the MediaWiki 1.20 branch. 11414 11415=== Changes since 1.20.6 === 11416* SECURITY: Fix extension detection with 2 .'s 11417* SECURITY: Token-getting functions will fail when using jsonp callbacks. 11418* SECURITY: Sanitize ResourceLoader exception messages 11419* Purge upstream caches when deleting file assets. 11420 11421== MediaWiki 1.20.6 == 11422This is a security and maintenance release of the MediaWiki 1.20 branch. 11423 11424=== Changes since 1.20.5 === 11425* (bug 48306) SECURITY: Run file validation checks on chunked uploads, and 11426 chunks of upload, during the upload process. 11427* (bug 44327) mediawiki.user: Use session ID instead of 1-year cross-session 11428 cookies 11429* (bug 47202) wikibits: FF2Fixes.css should not be loaded in Firefox 20. 11430* (bug 31044) Make ResourceLoader behave in read-only mode 11431 11432== MediaWiki 1.20.5 == 11433This is a security and maintenance release of the MediaWiki 1.20 branch. 11434 11435=== Changes since 1.20.4 === 11436* (bug 46590) Add hook AbortChangePassword to Special:ChangePassword 11437* (bug 47304) SECURITY: Check SVG xml encoding against whitelist 11438* Localisation updates from http://translatewiki.net. 11439* mwdocgen.php: Implement --version option. 11440* Remove svnstat stuff used in Doxygen generation 11441* (bug 43594) Correctly suppress warnings that were missed after the upstream 11442* PHP change to E_STRICT being included in E_ALL. 11443 11444== MediaWiki 1.20.4 == 11445This is a security release of the MediaWiki 1.20 branch. 11446 11447=== Changes since 1.20.3 === 11448* (bug 47251) SECURITY: Disable external entities in Import 11449* (bug 46859) SECURITY: Disable external entities in XMLReader 11450* (bug 46084) SECURITY: Sanitize $limitReport before outputting 11451 11452== MediaWiki 1.20.3 == 11453This is a security and maintenance release of the MediaWiki 1.20 branch. 11454 11455=== Changes since MediaWiki 1.20.2 === 11456* New preference type - 'api'. Preferences of this type are not shown on 11457 Special:Preferences, but are still available via the action=options API. 11458 (Unbreaks MLEB.) 11459* (bug 44010) Context is passed to UserGetLanguageObject. 11460* The recursion guard on RequestContext::getLanguage() was weakened. 11461* (bug 40585) Don't drop 'step="any"' in HTML input fields. 11462* (bug 44024) Fixed problems in ObjectCache when using XCache. 11463* (bug 44010) FauxRequest leaked cookie data from primary request. 11464* (bug 44135/bug 42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST 11465* (bug 43518) API action=unblock should return the user name, not the full user 11466 object 11467* (bug 45355) Prevent read of arbitrary files through mwdoc-filter.php 11468 11469== MediaWiki 1.20.2 == 11470This is a maintenance release of the MediaWiki 1.20 branch 11471 11472=== Changes since MediaWiki 1.20.1 === 11473* (bug 42638) Fix API action=options&reset=1 & unit tests. 11474* (bug 42370) Fixed backport of 60cc060 to use mDoneWrites — caused 11475* (bug 42592) User rights, preferences and other things are not saving in 11476 1.20.1. 11477 11478== MediaWiki 1.20.1 == 11479This is a security release of the MediaWiki 1.20 branch 11480 11481=== Changes since 1.20.0 === 11482* (bug 42202) Validate options to prevent html injection 11483* (bug 40995) Prevent session fixation in Special:UserLogin (CVE-2012-5391) 11484* (bug 41400) Prevent linker regex from exceeding PCRE backtrack limit 11485* Javscript Lint fixes 11486* (bug 40632) Remove CleanupPresentationalAttributes feature 11487* [Database] Fixed case where trx idle callbacks might be lost. 11488 11489== MediaWiki 1.20.0 == 11490 11491=== PHP 5.3 now required === 11492Since 1.20, the lowest supported version of PHP is now 5.3.2. Please 11493upgrade PHP if you have not done so prior to upgrading MediaWiki. 11494 11495=== Configuration changes in 1.20 === 11496* $wgGitRepositoryViewers defines a mapping from Git remote repository to the 11497 Gitweb instance URL used in Special:Version. 11498* `$wgUsePathInfo = true;` is no longer needed to make $wgArticlePath work on 11499 servers using like nginx, lighttpd, and apache over fastcgi. MediaWiki now 11500 always extracts path info from REQUEST_URI if it's available. 11501* The user right 'upload_by_url' is no longer given to sysops by default. 11502 This only affects installations which have $wgAllowCopyUploads set to true. 11503* Removed f-prot support from $wgAntivirusSetup. 11504* New variable $wgDBerrorLogTZ to provide dates in the error log in a 11505 different timezone than the wiki timezone set by $wgLocaltimezone. 11506* New variables $wgDBssl and $wgDBcompress to enable SSL and compression for 11507 database connections, if either are available for the selected DB type. 11508* $wgUseCombinedLoginLink now defaults to false, making MediaWiki output 11509 separate login and create account links by default. 11510 11511=== New features in 1.20 === 11512* Added TitleIsAlwaysKnown hook which gets called when determining if a page 11513 exists. 11514* Added NamespaceIsMovable hook which gets called when determining if pages in a 11515 certain namespace can be moved. 11516* Added SpecialPageBeforeExecute hook which gets called before 11517 SpecialPage::execute. 11518* Added SpecialPageAfterExecute hook which gets called after 11519 SpecialPage::execute. 11520* Added ORMTable, ORMRow and ORMResult classes for additional abstraction of 11521 database interaction. 11522* Added CacheHelper and associated SpecialCachedPage and CachedAction helper 11523 classes. 11524* (bug 32341) Add upload by URL domain limitation. 11525* &useskin=default will now always display the default skin. Useful for users 11526 with a preference for the non-default skin to look at something using the 11527 default skin. 11528* (bug 27619) Remove preference option to display broken links as link? 11529* (bug 34896) jQuery JSON plugin upgraded to v2.3 (2011-09-17). 11530* (bug 34302) Add CSS classes to email fields in user preferences. 11531* Introduced $wgDebugDBTransactions to trace transaction status (currently 11532 PostgreSQL only). 11533* (bug 23795) Add parser itself to ParserMakeImageParams hook. 11534* Introduce a cryptographic random number generator source api for use when 11535 generating various tokens. 11536* (bug 30963) Option on Special:Prefixindex and Special:Allpages to not show 11537 redirects. 11538* (bug 18062) New message when edit or create the local page of a shared file. 11539* (bug 22870) Separate interface message when creating a page. 11540* (bug 17615) nosummary option should be reassigned on preview/captcha. 11541* (bug 34355) Add a variable and parser function for the namespace number. 11542* (bug 35649) Special:Version now shows hashes of extensions checked out from 11543 git. 11544* (bug 35728) Git revisions are now linked on Special:Version. 11545* "Show Changes" on default messages shows now diff against default message text 11546* (bug 23006) create #speciale parser function. 11547* generateSitemap can now optionally skip redirect pages. 11548* (bug 27757) New API command just for retrieving tokens (not page-based). 11549* Added GitViewers hook for extensions using external git repositories to have a 11550 web-based repository viewer linked to from Special:Version. 11551* Memcached debug logs can now be sent to their own file logs by setting 11552 $wgDebugLogFile['memcached'] to some filepath. 11553* (bug 35685) api.php URL and other entry point URLs are now listed on 11554 Special:Version 11555* Edit notices can now be translated. 11556* jQuery upgraded to 1.8.2. 11557* jQuery UI upgraded to 1.8.23. 11558* QUnit upgraded from v1.2.0 to v1.10.0. 11559* (bug 37604) jquery.cookie upgraded to 2011 version. 11560* (bug 22887) Add warning and tracking category for preprocessor errors 11561* (bug 31704) Allow selection of associated namespace on the watchlist 11562* (bug 5445) Now remove autoblocks when a user is unblocked. 11563* Added $wgLogExceptionBacktrace, on by default, to allow logging of exception 11564 backtraces. 11565* Added device detection for determining device capabilities. 11566* QUnit.newMwEnvironment now supports passing a custom setup and/or teardown 11567 function. Arguments signature has changed. First arguments is now an options 11568 object of which 'config' can be a property. Previously 'config' itself was the 11569 first and only argument. 11570* New getCreator and getOldestRevision methods added to WikiPage class 11571* (bug 4220) the XML dump format schema now have unique identity constraints 11572 for page and revision identifiers. Patch by Elvis Stansvik. 11573* cleanupSpam.php now can delete spam pages if --delete was specified instead of 11574 blanking them. 11575* Added new hook ChangePasswordForm to allow adding of additional fields in 11576 Special:ChangePassword 11577* Added new function getDomain to AuthPlugin for getting a user's domain 11578* (bug 23427) New magic word {{PAGEID}} which gives the current page ID. 11579 Will be null on previewing a page being created. 11580* (bug 37627) UserNotLoggedIn() exception to show a generic error page whenever 11581 a user is not logged in. 11582* Watched status in changes lists are no longer indicated by <strong></strong> 11583 tags with class "mw-watched". Instead, each line now has a class 11584 "mw-changeslist-line-watched" or "mw-changeslist-line-not-watched", and the 11585 title itself is surrounded by <span></span> tags with class "mw-title". 11586* Added ContribsPager::reallyDoQuery hook allowing extensions to data to 11587 MyContribs 11588* Added new hook ParserAfterParse to allow extensions to affect parsed output 11589 after the parse is complete but before block level processing, link holder 11590 replacement, and so on. 11591* (bug 34678) Added InternalParseBeforeSanitize hook which gets called during 11592 Parser's internalParse method just before the parser removes 11593 unwanted/dangerous HTML tags. 11594* Added new hook AfterFinalPageOutput to allow modifications to buffered page 11595 output before sent to the client. 11596* (bug 36783) Implement jQuery Promise interface in mediawiki.api module. 11597* Make dates in sortable tables sort according to the page content language 11598 instead of the site content language 11599* (bug 37926) Deleterevision will no longer allow users to delete log entries, 11600 the new deletelogentry permission is required for this. 11601* (bug 14237) Allow PAGESINCATEGORY to distinguish between 'all', 'pages', 11602 'files' and 'subcats' 11603* (bug 38362) Make Special:Listuser includeable on wiki pages. 11604* Added support in jquery.localize for placeholder attributes. 11605* (bug 38151) Implemented mw.user.getRights for getting and caching the current 11606 user's user rights. 11607* Session storage can now configured independently of general object cache 11608 storage, by using $wgSessionCacheType. $wgSessionsInMemcached has been 11609 renamed to $wgSessionsInObjectCache, with the old name retained for backwards 11610 compatibility. When this feature is enabled, the expiry time can now be 11611 configured with $wgObjectCacheSessionExpiry. 11612* Added a Redis client for object caching. 11613* Implemented mw.user.getGroups for getting and caching user groups. 11614* (bug 37830) Added $wgRequirePasswordforEmailChange to control whether password 11615 confirmation is required for changing an email address or not. 11616* HTMLForm mutators can now be chained (they return $this) 11617* A new message, "api-error-filetype-banned-type", is available for formatting 11618 API upload errors due to the file extension blacklist. 11619* New hook 'ParserTestGlobals' allows to set globals before running parser 11620 tests. 11621* Allow importing pages as subpage. 11622* Add lang and hreflang attributes to language links on Login page. 11623* (bug 22749) Create Special:MostInterwikis. 11624* Show change tags when transclude Special:Recentchanges(linked) or 11625 Special:Newpages. 11626* (bug 23226) Add |class= parameter to image links in order to add class(es) to 11627 HTML img tag. 11628* (bug 39431) SVG animated status is now shown in long description. 11629* (bug 39376) jquery.form upgraded to 3.14. 11630* SVG files will now show the actual width in the SVG's specified units 11631 in the metadata box. 11632* Added ResourceLoader module "jquery.jStorage" (v0.3.0, http://jStorage.info/). 11633* (bug 39273) Added AJAX support for "Show changes" (diff) in LivePreview. 11634* Added ResourceLoader module "jquery.badge". 11635* mw.util.$content now points to the overall content area in the skin rather 11636 than just page text content area. If you need the old behavior please use 11637 $( '#mw-content-text'). 11638* jsMessage has been replaced with a floating bubble notification system 11639 complete with auto-hide, multi-message support, and message replacement tags. 11640* jquery.messageBox which appears to be unused by both core and extensions has 11641 been removed. 11642* (bug 34939) Made link parsing insensitive ([HttP://]). 11643* (bug 40072) Add CSS classes to items in output of ChangesList pages. 11644* Added $wgCopyUploadProxy global to define which proxy to use for copy 11645 uploads. 11646* (bug 40448) mediawiki.legacy.mwsuggest has been replaced with a new module, 11647 mediawiki.searchSuggest, based on SimpleSearch from Extension:Vector. 11648 11649=== Known issues in 1.20.0 === 11650These are issues that we're targeting to be fixed in a later release 11651in the 1.20 series. Issues may be added or removed from this list as 11652we see fit. For now, it is comprised of those bugs on the 1.20.0 11653milestone in Bugzilla. 11654 11655* (bug 35894): Reports of secret key generation "hanging" on windows 11656 This is probably a bug that has been fixed in PHP. If you run 11657 into this, try upgrading your PHP. 11658* (bug 38334): PHP Notice: Undefined index: href in /www/w/skins/Vector.php on 11659 line 416 11660 We think this is a problem in some extension. If you see this, 11661 try disabling your extensions and check out the logging patch on 11662 this bug. Or try this patch: 11663 <https://gerrit.wikimedia.org/r/#/c/27937/1/skins/Vector.php> 11664* (bug 39268): [Regression] Toolbar inserts in main textarea only (instead of 11665 the focussed textarea) 11666 This should only be an issue if you are using the ProofreadPage 11667 extension. 11668* (bug 40641): Clicking "others" in Special:Version asks to download a file 11669 If you encounter this, you can tell your webserver to serve the 11670 CREDITS file with text/plain MIME type to fix it. 11671 11672=== Bug fixes in 1.20 === 11673* (bug 40939): [Regression] InfoAction: Call to a member function getUserText() 11674 on a non-object 11675* (bug 40780): searchsuggest-containing line ("containing...") doesn't include 11676 the entered text 11677* (bug 37714): [Regression] Incomplete log entries 11678* (bug 27202): API: Add timestamp sort to list=allimages 11679* (bug 30245) Use the correct way to construct a log page title. 11680* (bug 34237) Regenerate an empty user_token and save to the database 11681 when we try to set the user's cookies for login. 11682* (bug 32210) New edit emails for watched pages always provide a link to the 11683 edit which triggered the mail. 11684* (bug 12021) Added user talk link on Special:Listusers. 11685* (bug 34445) section edit and TOC hide/show links are excluded from selection 11686 and copy/paste on supporting browsers. 11687* (bug 34428) Fixed incorrect hash mismatch errors in the DiffHistoryBlob 11688 history compression method. 11689* (bug 34702) Localised parentheses are now used in more special pages. 11690* (bug 34723) When editing a script page on a RTL wiki the textbox should be 11691 LTR. 11692* (bug 34762) Calling close() on a DatabaseBase object now clears the 11693 connection. 11694* (bug 34863) Show deletion log extract on non-existent file pages if 11695 applicable. 11696* (bug 28019) Let ?preloadtitle=foo be passed on to target of 11697 Special:MyPage and Special:MyTalk. 11698* (bug 34929) Show the correct diff when a section edit is rejected by the spam 11699 filter. 11700* (bug 15816) Add a switch for SETting the search_path (Postgres). 11701* (bug 34521) Returning to the previous page after logging in loses any array- 11702 valued parameters in the query string. 11703* (bug 34735) Updated compressOld.php documentation to mention the different 11704 usages of -s and -n parameters depending on compression type. 11705* (bug 13896) Rendering of devanagari numbers in automatic '#' number lists. 11706* (bug 33689) Upgrade to 1.19 on Postgres fails due to incomplete query when 11707 trying to defer foreign key for externallinks. 11708* (bug 32748) Printer friendly version of article decode Unicode chars as a 11709 pretty IRI in footer. 11710* Removed white border around thumbnails in galleries. 11711* (bug 31236) "Next" and "Previous" buttons are shown incorrectly in 11712 an RTL environment. 11713* (bug 35749) Updated maintenance/checkSyntax.php to use Git instead of 11714 Subversion when invoked with the --modified option. 11715* (bug 35069) On history pages, the " . . " separator after the number of 11716 characters changed in a revision is now suppressed if no text would follow. 11717* (bug 18704) Add a unique CSS class or ID to the tagfilter table row at 11718 RecentChanges 11719* (bug 33564) transwiki import sometimes result in invalid title. 11720* (bug 35572) Blocks appear to succeed even if query fails due to wrong DB 11721 structure 11722* (bug 31757) Add a word-separator between help-messages in HTMLForm 11723* (bug 30410) Removed deprecated $wgFilterCallback and the 'filtered' API error. 11724* (bug 32604) Some messages needs escaping of wikitext inside username. 11725* (bug 36537) Rename wfArrayToCGI to wfArrayToCgi for consistency with 11726 wfCgiToArray. 11727* (bug 25946) The message on the top of Special:RecentChanges is now displayed 11728 in user language instead of content language. 11729* (bug 35264) Wrong type used for <ns> in export.xsd 11730* (bug 24985) Use $wgTmpDirectory as the default temp directory so that people 11731 who don't have access to /tmp can specify an alternative. 11732* (bug 27283) SqlBagOStuff breaks PostgreSQL transactions. 11733* (bug 35727) mw.Api ajax() should put token parameter last. 11734* (bug 37708) mw.Uri.clone() should make a deep copy. 11735* (bug 38024) ResourceLoader should not create empty stylesheets for modules 11736 that don't have stylesheets. 11737* (bug 36812) Special:ActiveUsers "Hide bots" should hide users from any group 11738 having the "bot" user right, instead of just the default "bot" user group. 11739* (bug 35082) mw.util.addPortletLink incorrectly adds link to mutiple <ul> tags. 11740* (bug 36991) jquery.tablesorter should extract date sort format from date 11741 string instead of global config. Dates like "April 1 2012" and "1 April 2012" 11742 now sort correctly regardless of the content language's DefaultDateFormat. 11743* (bug 31895) mw.loader mode now correct when triggered from a $.fn.ready 11744 handler that is bound before mediawiki.js's handler (e.g. browser-userscripts 11745 like greasemonkey). 11746* (bug 38152) jquery.tablesorter: Use .data() instead of .attr(), so that live 11747 values are used instead of just the fixed values from when the tablesorter 11748 was initialized. 11749* (bug 38093) Gender of changed user groups missing in Special:Log/rights 11750* (bug 35893) Special:Block needs to load mediawiki.special.block.js. 11751* (bug 37331) ResourceLoader modules sometimes execute twice in Firefox 11752* (bug 31644) GlobalUsage, CentralAuth and AbuseLog extensions should not use 11753 insecure links to foreign wikis in the WikiMap. 11754* (bug 36073) Avoid duplicate element IDs on File pages. 11755* (bug 25095) Special:Categories should also include the first relevant item 11756 when "from" is filled. 11757* (bug 35526) jquery.tablesorter now uses a stable sort. 11758* (bug 38953) --memory-limit switch not working for runJobs.php. 11759* (bug 33037) Make subpage of Special:newfiles control how many files 11760 are returned, like in previous versions. 11761* (bug 36524) "Show" options on Special:RecentChanges and 11762 Special:RecentChangesLinked are now remembered between successive clicks. 11763* (bug 26069) Page title is no longer "Error" for all error pages. 11764* (bug 39297) Show warning if thumbnail of animated image will not be animated. 11765* (bug 38249) Parser will throw an exception instead of outputting gibberish if 11766 PCRE is compiled without support for unicode properties. 11767* (bug 30390) Suggested file name on Special:Upload should not contain 11768 illegal characters. 11769* EXIF below sea level GPS altitude data is now shown correctly. 11770* (bug 39284) jquery.tablesorter should not consider "."" or "?"" to be a 11771 currency. 11772* (bug 39273) "Show changes" should not be incorrectly displayed in the Live 11773 Preview state. 11774* Made body-content lang attribute honor the variant language when it is set. 11775* (bug 36761) "Mark pages as visited" now submits previously established filter 11776 options. 11777* (bug 39635) PostgreSQL LOCK IN SHARE MODE option is a syntax error. 11778* (bug 36329) Accesskey tooltips for Firefox 14 on Mac should use "ctrl-option-" 11779 prefix. 11780* (bug 32552) Drop unused database field cat_hidden from table category. 11781* (bug 24502) Do not allow multiple language links to the same language. 11782* (bug 40214) Category pages no longer use deprecated "width" HTML attribute. 11783* (bug 39941) Add missing stylesheets to the installer pages 11784* In HTML5 mode, allow new input element types values (such as color, range..) 11785* (bug 36151) mw.Title: Don't limit extension in title parsing. 11786* (bug 38158) jquery.byteLimit sometimes causes an unexpected 0 maxLength being 11787 enforced. 11788* (bug 38163) jquery.byteLimit incorrectly limits input when using methods other 11789 than basic per-char typing. 11790* (bug 34495) patrol log now credit the user patrolling (instead of patrolled 11791 user). 11792* (bug 31676) ResourceLoader should work around IE stylesheet limit. 11793* (bug 40498) ResourceLoader should not output an empty "@media print { }" 11794 block. 11795* (bug 40500) ResourceLoader should not ignore media-type for urls in debug 11796 mode. 11797* (bug 40660) ResourceLoaderWikiModule should not convert " " to a space 11798 for pages from the MediaWiki-namespace. 11799* (bug 40329) (bug 40632) Removed CleanupPresentationalAttributes feature. 11800 11801=== API changes in 1.20 === 11802* (bug 34316) Add ability to retrieve maximum upload size from MediaWiki API. 11803* (bug 34313) MediaWiki API intro message about "HTML format" should mention 11804 the format parameter. 11805* (bug 32384) Allow descending order for list=watchlistraw. 11806* (bug 31883) Limit of bkusers of list=blocks and titles of action=query is 11807 not documented in API help. 11808* (bug 32492) API now allows editing using pageid. 11809* (bug 32497) API now allows changing of protection level using pageid. 11810* (bug 32498) API now allows comparing pages using pageids. 11811* (bug 30975) API import of pages with invalid characters in this wiki leads to 11812 Fatal Error. 11813* (bug 30488) API now allows listing of backlinks/embeddedin/imageusage per 11814 pageid. 11815* (bug 34927) Output media_type for list=filearchive. 11816* (bug 28814) add properties to output of action=parse. 11817* (bug 33224) add variants of content language to meta=siteinfo. 11818* (bug 32643) action=purge with forcelinkupdate no longer crashes when ratelimit 11819 is reached. 11820* The paraminfo module now also contains result properties for most modules. 11821* (bug 32348) Allow descending order for list=alllinks. 11822* (bug 31777) Upload unknown error ``fileexists-forbidden''. 11823* (bug 32382) Allow descending order for list=iwbacklinks. 11824* (bug 32381) Allow descending order for list=backlinks, list=embeddedin and 11825 list=imageusage. 11826* (bug 32383) Allow descending order for list=langbacklinks. 11827* API meta=siteinfo can now return the list of known variable IDs. 11828* (bug 35980) list=deletedrevs now honors drdir correctly in "all" mode 11829 (mode #3). 11830* (bug 29290) API avoids mangling fields in continuation parameters 11831* (bug 36987) API avoids mangling fields in continuation parameters 11832* (bug 30836) siteinfo prop=specialpagealiases will no longer return nonexistent 11833 special pages 11834* (bug 38190) Add "required" flag to some token params for hint in api docs. 11835* (bug 27567) Add file repo support to prop=duplicatefiles. 11836* (bug 27610) Add archivename for non-latest image version to list=filearchive 11837* (bug 38231) Add xml parse tree to action=parse. 11838* Watchlist notification timestamp may be queried by page and may be updated via 11839 the API. 11840* (bug 38904) prop=revisions&rvstart=... no longer blows up when continuing. 11841* (bug 39032) ApiQuery generates help in constructor. 11842* (bug 11142) Improve file extension blacklist error reporting in API upload. 11843* (bug 39665) List of query generators is now not built using reflection, 11844 instead it is defined in code. 11845* (bug 35993) Deprecated gettoken parameter - support will be removed in 1.22. 11846 11847=== Languages updated in 1.20 === 11848 11849MediaWiki supports over 350 languages. Many localisations are updated 11850regularly. Below only new and removed languages are listed, as well as 11851changes to languages because of Bugzilla reports. 11852 11853* Emilian (egl) added. 11854* Tornedalen Finnish (fit) added. 11855* Mizo (lus) added. 11856* Santali (sat) added. 11857* (bug 34192) Namespace gender aliases for Albanian languages (sq & aln). 11858* (bug 35541) Namespace gender aliases for Croatian (hr). 11859* (bug 36012) Space in $separatorTransformTable should be non-breaking in 11860 Portuguese, Esperanto and Udmurt. 11861* Turoyo (tru) added. 11862* Cyrillic-Latin language converter added for Uzbek (uz). 11863 11864=== Other changes in 1.20 === 11865* The user_token field is now left empty until a user attempts to login and 11866 cookies need to be set. It is also now possible to reset every user's 11867 user_token simply by clearing the values in the user_token column. 11868* Removed ./tests/qunit/index.html from core. It wasn't actively maintained and 11869 has been made obsolete when [[Special:JavaScriptTest/qunit]] was introduced, 11870 which actually uses ResourceLoader, LocalSettings and the Skin. 11871* Removed $wgDBtransactions global. This was only checked in one class 11872 and only applies to MyISAM or similar DBs. Those should only be used 11873 for archived sites anyway. We can't get edit conflicts on such sites, 11874 so the WikiPage code wasn't useful there either. 11875* Deprecated mw.user.name in favour of mw.user.getName. 11876* Deprecated mw.user.anonymous in favour of mw.user.isAnon. 11877* Deprecated DatabaseBase functions newFromParams(), newFromType(), set(), 11878 quote_ident(), and escapeLike() were removed. 11879* Use of __DIR__ instead of dirname( __FILE__ ). 11880* OutputPage::wrapWikiMsg() no longer supports the 'options' parameter. It was 11881 not used and complicated migration to Message class. 11882* Live preview functionality has been improved and moved into the 11883 'mediawiki.action.edit.preview' module. The old 'mediawiki.legacy.preview' 11884 module has been removed. 11885* (bug 40448) Removed mediawiki.legacy.mwsuggest module, and removed the 11886 following that has become obsolete: 11887 - globals $wgEnableMWSuggest and $wgMWSuggestTemplate. 11888 - mw.config.values wgMWSuggestTemplate and wgSearchNamespaces. 11889 - method SearchEngine::getMWSuggestTemplate(). 11890 11891== MediaWiki 1.19 == 11892 11893== MediaWiki 1.19.24 == 11894 11895This is a security and maintenance release of the MediaWiki 1.19 branch. 11896 11897=== Changes since 1.19.23 === 11898 11899* ({{bug|T85848}}, {{bug|T71210}}) SECURITY: Don't parse XMP blocks that 11900contain XML entities, to prevent various DoS attacks. 11901* ({{bug|T88310}}) SECURITY: Always expand xml entities when checking SVG's. 11902* ({{bug|T73394}}) SECURITY: Escape > in Html::expandAttributes to prevent XSS. 11903* ({{bug|T85855}}) SECURITY: Don't execute another user's CSS or JS on preview. 11904* ({{bug|T85349}}, {{bug|T85850}}, {{bug|T86711}}) SECURITY: Multiple issues 11905fixed in SVG filtering to prevent XSS and protect viewer's privacy. 11906 11907== MediaWiki 1.19.23 == 11908 11909This is a security and maintenance release of the MediaWiki 1.19 branch. 11910 11911=== Changes since 1.19.22 === 11912 11913* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which 11914could lead to xss. Permission to edit MediaWiki namespace is required to 11915exploit this. 11916* (bug T74222) The original patch for T74222 was reverted as unnecessary. 11917* Add missing $ in front of variable in OutputPage.php 11918 11919== MediaWiki 1.19.22 == 11920 11921This is a security and maintenance release of the MediaWiki 1.19 branch. 11922 11923=== Changes since 1.19.21 === 11924 11925* ({{bug|66776}}, {{bug|71478}}) SECURITY: User PleaseStand reported a way to 11926inject code into API clients that used format=php to process pages that 11927underwent flash policy mangling. This was fixed along with improving how the 11928mangling was done for format=json, and allowing sites to disable the mangling 11929using $wgMangleFlashPolicy. 11930* ({{bug|72222}}) SECURITY: Do not show log action when the entry is revdeleted 11931with DELETED_ACTION. NOTICE: this may be reverted in a future release pending a 11932public RFC about the desired functionality. This issue was reported by user 11933Bawolff. 11934* ({{bug|71621}}) Make allowing site-wide styles on restricted special pages a 11935config option. 11936* $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that 11937might be a flash policy directive configurable. 11938 11939== MediaWiki 1.19.21 == 11940This is a maintenance release of the MediaWiki 1.19 branch. 11941 11942=== Changes since 1.19.20 === 11943* (bug 67440) Allow classes to be registered properly from installer. 11944* (bug 47281) Fixed a dumpBackup.php error with --uploads 11945 --include-filesoptions: Unable to find the wrapper "mwstore". 11946* System administrators are encouraged to upgrade to this release or 1.22+ and 11947 produce a full data dump. 11948 https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Backing_up_a_wiki 11949* (bug 63049) Removed anonymous functions from ApiFormatBase, added in1.19.13 as 11950 part of the fix for bug 61362, for PHP 5.2 compatibility. 11951 11952== MediaWiki 1.19.20 == 11953This is a security release of the MediaWiki 1.19 branch. 11954 11955=== Changes since 1.19.19 === 11956* (bug 70672) SECURITY: OutputPage: Remove separation of css and js module 11957 allowance. 11958 11959== MediaWiki 1.19.19 == 11960This is a security release of the MediaWiki 1.19 branch. 11961 11962=== Changes since 1.19.18 === 11963* (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style> 11964 elements; normalize style elements and attributes before filtering; add checks 11965 for attributes that contain css; add unit tests for html5sec and reported 11966 bugs. 11967 11968== MediaWiki 1.19.18 == 11969This is a security release of the MediaWiki 1.19 branch. 11970 11971=== Changes since 1.19.17 === 11972* (bug 68187) SECURITY: Prepend jsonp callback with comment. 11973* (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and 11974 ParserOutput. 11975 11976== MediaWiki 1.19.17 == 11977This is a security and maintenance release of the MediaWiki 1.19 branch. 11978 11979=== Changes since 1.19.16 === 11980* (bug 65839) SECURITY: Prevent external resources in SVG files. 11981* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like 11982 only extracting the tail of the file partially or not at all. 11983 11984== MediaWiki 1.19.16 == 11985This is a security release of the MediaWiki 1.19 branch. 11986 11987=== Changes since 1.19.15 === 11988* (bug 65501) SECURITY: Don't parse usernames as wikitext on 11989 Special:PasswordReset. 11990 11991== MediaWiki 1.19.15 == 11992This is a security and maintenance release of the MediaWiki 1.19 branch. 11993 11994=== Changes since 1.19.14 === 11995Fixed resetting passwords. 11996* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to 11997 appear blank or with missing text. 11998 11999== MediaWiki 1.19.14 == 12000This is a security and maintenance release of the MediaWiki 1.19 branch. 12001 12002=== Changes since 1.19.13 === 12003* (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword. 12004* (bug 62467) Set a title for the context during import on the cli. 12005 12006== MediaWiki 1.19.13 == 12007This is a security and maintenance release of the MediaWiki 1.19 branch. 12008 12009=== Changes since 1.19.12 === 12010* (bug 61362) SECURITY: API: Don't find links in the middle of api.php links. 12011* Use the correct branch of the extensions' git repositories. 12012 12013== MediaWiki 1.19.12 == 12014This is a security release of the MediaWiki 1.19 branch. 12015 12016=== Changes since 1.19.11 === 12017* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted 12018 namespaces. Also disallow iframe elements. * User will get an error including 12019 the namespace name if they use a non- whitelisted namespace. 12020* (bug 61346) SECURITY: Make token comparison use constant time. It seems like 12021 our token comparison would be vulnerable to timing attacks. This will take 12022 constant time. 12023 12024== MediaWiki 1.19.11 == 12025This is a security release of the MediaWiki 1.19 branch. 12026 12027=== Changes since 1.19.10 === 12028* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media 12029 formats 12030 12031== MediaWiki 1.19.10 == 12032This is a security release of the MediaWiki 1.19 branch. 12033 12034=== Changes since 1.19.9 === 12035* (bug 57550) SECURITY: Disallow stylesheets in SVG Uploads 12036* (bug 58088) SECURITY: Don't normalize U+FF3C to \ in CSS Checks 12037* (bug 58472) SECURITY: Disallow -o-link in styles 12038* (bug 58553) SECURITY: Return error on invalid XML for SVG Uploads 12039* (bug 58699) SECURITY: Fix RevDel log entry information leaks 12040 12041== MediaWiki 1.19.9 == 12042This is a security and maintenance release of the MediaWiki 1.19 branch. 12043 12044=== Changes since 1.19.8 === 12045* (bug 53032) SECURITY: Don't cache when a call could autocreate 12046* (bug 55332) SECURITY: Improve css javascript detection 12047* (bug 49717) Fix behaviour $wgVerifyMimeType = false; in Upload 12048* Translations 12049 12050== MediaWiki 1.19.8 == 120512013-09-03 12052 12053This is a security and maintenance release of the MediaWiki 1.19 branch. 12054 12055=== Changes since 1.19.7 === 12056* SECURITY: Sanitize ResourceLoader exception messages 12057* SECURITY: Token-getting functions will fail when using jsonp callbacks. 12058* SECURITY: Fix extension detection with 2 .'s 12059* Allow a string other than '*' as condition for DatabaseBase::delete() 12060* Purge upstream caches when deleting file assets. 12061* jquery.tablesorter: Add missing dependency on jquery.mwExtension 12062 12063== MediaWiki 1.19.7 == 120642013-05-21 12065 12066This is a security release of the MediaWiki 1.19 branch 12067 12068=== Changes since 1.19.6 === 12069* (bug 48306) SECURITY: Run file validation checks on chunked uploads, and 12070 chunks of upload, during the upload process. 12071 12072== MediaWiki 1.19.6 == 120732013-04-30 12074 12075This is a security and maintenance release of the MediaWiki 1.19 branch 12076 12077=== Changes since 1.19.5 === 12078* (bug 47304) SECURITY: Check SVG xml encoding against whitelist 12079* (bug 46590) Added AbortChangePassword hook to allow extensions to abort 12080 password changes from Special:ChangePassword 12081* Localisation updates from http://translatewiki.net. 12082* mwdocgen.php: Implement --version option. 12083* Remove svnstat stuff used in Doxygen generation 12084* E_USER_DEPRECATED undefined prior to php 5.3 12085 12086== MediaWiki 1.19.5 == 120872013-04-15 12088 12089This is a security and maintenance release of the MediaWiki 1.19 branch 12090 12091=== Changes since 1.19.4 === 12092* (bug 47251) SECURITY: Disable external entities in Import 12093* (bug 46859) SECURITY: Disable external entities in XMLReader 12094* (bug 46084) SECURITY: Sanitize $limitReport before outputting 12095* (bug 43594) Fix notices displayed on PHP 5.4 12096* (bug 40585) Don't drop 'step="any"' in HTML input fields. 12097 12098== MediaWiki 1.19.4 == 120992013-03-04 12100 12101This is a security release of the MediaWiki 1.19 branch 12102 12103=== Changes since 1.19.3 === 12104* New preference type - 'api'. Preferences of this type are not shown on 12105 Special:Preferences, but are still available via the action=options API. 12106* (bug 44010) Context is passed to UserGetLanguageObject. 12107* The recursion guard on RequestContext::getLanguage() was weakened. 12108* (bug 44135/bug 42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST 12109* (bug 43518) API action=unblock should return the user name, not the full user 12110 object 12111 12112== MediaWiki 1.19.3 == 121132012-11-30 12114 12115This is a security release of the MediaWiki 1.19 branch 12116 12117=== Changes since 1.19.2 === 12118* (bug 40995) Prevent session fixation in Special:UserLogin (CVE-2012-5391) 12119* (bug 41400) Prevent linker regex from exceeding PCRE backtrack limit 12120* Increase permitted runtime for testParserTest (only used for continuous 12121 integration). 12122* Updated messages translations from http://translatewiki.net/ 12123 12124== MediaWiki 1.19.2 == 12125 12126This is a security release of the MediaWiki 1.19 branch 12127 12128=== Changes since 1.19.1 === 12129* (bug 39700) File: link to non-existing file can inject html 12130* (bug 39823) Hidden block text leaking to admins 12131* (bug 39184) LDAP password leakage 12132* (bug 39180) Disallow framing of api results 12133* (bug 37587) Enforce language codes to be html safe 12134* (bug 39824) Check global blocks on account creation 12135 12136== MediaWiki 1.19 == 12137 12138MediaWiki 1.19 is a large release that contains many new features and bug 12139fixes. This is a summary of the major changes of interest to users. 12140You can consult the RELEASE-NOTES-1.19 file for the full list of changes in 12141this version. 12142 12143Our thanks go to everyone who helped to improve MediaWiki by testing the beta 12144release and submitting bug reports. 12145 12146=== Changes since 1.19.1 === 12147* (bug 38406) Properly quote table names in DatabaseBase::tableName() 12148* (bug 38249) Parser will throw an exception instead of outputting gibberish if 12149 PCRE is compiled without support for unicode properties. 12150 12151=== Changes since 1.19.0 === 12152* (bug 36568) Fixed "Illegal string offset 'LIMIT'" warnings in updater 12153* (bug 36938) Correctly escape uselang attribute to prevent xss 12154* Expanded Blacklist for SVG Files 12155 12156=== Changes since 1.19 beta 2 === 12157* Special:Watchlist no longer sets links to feed when the user is anonymous. 12158* (bug 35961) Hash comparison should always be strict. 12159* Fix broken email confirmation expiration caused by MWCryptRand changes. 12160* (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php 12161 on line 598. 12162* (bug 36042) 'show' causes a fatal in blocks API. 12163 12164=== Changes since 1.19 beta 1 === 12165* (bug 35014) Including a special page no longer sets the page's title to the 12166 included page 12167* (bug 35019) Edit summaries are no longer transformed in notification e-mails 12168* (bug 35152) Help message for e-mail is shown again in user preferences 12169* (bug 34887) $3 and $4 parameters are now substituted correctly in message 12170 "movepage-moved" 12171* (bug 34841) Edit links are no longer displayed when display old page versions 12172* (bug 34889) User name should be normalized on Special:Contributions 12173* (bug 35051) If heading has a trailing space after == then its name is not 12174 preloaded into edit summary on section edit 12175* (bug 31417) New ID mw-content-text around the actual page text, without 12176 categories, contentSub, ... The same div often also contains the class 12177 mw-content-ltr/rtl. 12178* (bug 35303) Proxy and DNS blacklist blocking works again 12179* (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in 12180 core parser functions which operate on strings, such as padleft. 12181* (bug 18295) Don't expose strip markers when a tag appears inside a link 12182 inside a heading. 12183* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token 12184 parameter present. 12185* (bug 34907) Fixed exposure of tokens through load.php that could have 12186 facilitated CSRF attacks. 12187* (bug 35317) CSRF in Special:Upload. 12188 12189=== Configuration changes in 1.19 === 12190* Removed SkinTemplateSetupPageCss hook; use BeforePageDisplay instead. 12191* (bug 27132) movefile right granted by default to registered users. 12192* Default cookie lifetime ($wgCookieExpiration) is increased to 180 days. 12193* (bug 31204) Removed old user.user_options. 12194* $wgMaxImageArea now applies to jpeg files if they are not scaled with 12195 ImageMagick. 12196* Introduced $wgQueryPageDefaultLimit (defaults to 50) for the number of 12197 items to show by default on query pages (special pages such as Whatlinkshere). 12198* (bug 32470) Increase the length of ug_group. 12199* (bug 32239) Removed $wgEnableTooltipsAndAccesskeys. 12200* Removed $wgVectorShowVariantName. 12201* Removed $wgExtensionAliasesFiles. Use $wgExtensionMessagesFiles. 12202* Removed $wgResourceLoaderInlinePrivateModules , now always enabled. 12203 12204=== New features in 1.19 === 12205* (bug 19838) Add ability to get all interwiki prefixes also if the interwiki 12206 cache is used. 12207* $wgDnsBlacklistUrls now accepts an array with url and key as the 12208 elements to work with DNSBLs that require keys, such as 12209 Project Honeypot. 12210* (bug 30022) Add support for custom loadScript sources to ResourceLoader. 12211* (bug 19052) Unicode space separator characters (Zs) now terminates external 12212 links and images links. 12213* (bug 30160) Add public method to mw.loader to get module names from registry. 12214* (bug 15558) Parameters to special pages included in wikitext can now be passed 12215 as with templates. 12216* Installer now issues a warning if mod_security is present. 12217* (bug 29455) Add support for a filter callback function in jQuery byteLimit 12218 plugin. 12219* Added two new GetLocalURL hooks to better serve extensions working on a 12220 limited type of titles. 12221* Added a --no-updates flag to importDump.php that skips updating the links 12222 tables. 12223* Most presentational html attributes like valign are now converted to inline 12224 css style rules. These attributes were removed from html5 and so we clean 12225 them up when $wgHtml5 is enabled. This can be disabled using 12226 $wgCleanupPresentationalAttributes. 12227* Magic words (time and number-formatting ones, plus DIRECTIONMARK, but not 12228 NAMESPACE) now depend on the page content language instead of the site 12229 language. In theory this sets the right magic words in system messages, 12230 although they are not used there. 12231* (bug 30451) Add page_props to RefreshLinks::deleteLinksFromNonexistent. 12232* (bug 30450) Clear page_props table on page deletion. 12233* Hook added to check for exempt from account creation throttle. 12234* (bug 30344) Add configuration variable for setting custom priorities when 12235 generating sitemaps. 12236* (bug 96170) Add array support for space-separated list attributes (like 12237 'class') in the Html helper class. 12238* (bug 26470) Add checkered background image on hover on files pages. 12239* (bug 30774) mediawiki.html: Add support for numbers and booleans in the 12240 attribute values and element contents. 12241* Conversion script between Tifinagh and Latin for the Tachelhit language. 12242* (bug 16755) Add options 'noreplace' and 'noerror' to {{DEFAULTSORT:...}} 12243 to stop it from replace an already existing default sort, and suppress error. 12244* (bug 18578) Rewrote revision delete related messages to allow better 12245 localisation. 12246* (bug 30364) LanguageConverter now depends on the page content language 12247 instead of the wiki content language. 12248* Jump links will now be usable in CSS-capable browsers instead of only 12249 in outdated text browsers. 12250* New common*.css files usable by skins instead of having to copy piles 12251 of generic styles from MonoBook or Vector's css. 12252* Some deprecated presentational html attributes will now be automatically 12253 converted to css. 12254* (bug 31297) Add support for namespaces in Special:RecentChanges subpage filter 12255 syntax. 12256* The default user signature now contains a talk link in addition to the user 12257 link. 12258* (bug 25306) Add link of old page title to MediaWiki:Delete_and_move_reason. 12259* Added hook BitmapHandlerCheckImageArea. 12260* (bug 30062) Add $wgDBprefix option to cli installer. 12261* getUserPermissionsErrors and getUserPermissionsErrorsExpensive hooks are now 12262 also called when checking for 'read' permission. 12263* Introduce $wgEnableSearchContributorsByIP which controls whether searching 12264 for an IP address redirects to the contributions list for that IP. 12265* (bug 8859) Database::update should take array of tables too. 12266* (bug 19698) Add "Inverse namespaces" option to Special:Contributions. 12267* (bug 24037) Add byte length of revision to Special:Contributions. 12268* (bug 1672) Added $wgDisableUploadScriptChecks to allow uploading of files 12269 containing HTML or JS. DISABLING THESE CHECKS IS VERY DANGEROUS. 12270* New path mappings can be added using the WebRequestPathInfoRouter hook 12271 and adding paths to the PathRouter. 12272* (bug 32666) Special:ActiveUsers now allows a subpage to be used as value for 12273 the "target" query parameter (eg. Special:ActiveUsers/Username). 12274* New JavaScript variable wgPageContentLanguage. 12275* Added new debugging toolbar, enabled with $wgDebugToolbar. 12276* Differences in the history page now uses slightly better colors for people 12277 perceiving colors differently. 12278* (bug 32879) Upgrade jQuery to 1.7.1. 12279* jQuery UI upgraded to 1.8.17. 12280* Extensions can use the 'Language::getMessagesFileName' hook to define new 12281 languages using messages files outside of core. 12282* (bug 32512) Add 'Associated namespace' checkbox to Special:Contributions. 12283* Added $wgSend404Code, true by default, which can be set to false to send a 12284 200 status code instead of 404 for nonexistent articles. 12285* (bug 33447) Link to the broken image tracking category from 12286 Special:Wantedfiles. 12287* (bug 27724) Add timestamp to job queue. 12288* (bug 30339) Implement SpecialPage for running javascript tests. Disabled by 12289 default, due to tests potentially being harmful, not to be run on a production 12290 wiki. Enable by setting $wgEnableJavaScriptTest to true. 12291* Extensions can use the RequestContextCreateSkin hook to override what skin is 12292 loaded in some contexts. 12293* (bug 33456) Show $wgQueryCacheLimit on cached query pages. 12294* (bug 10574) Add an option to allow all pages to be exported by Special:Export. 12295* mediawiki.js Message object constructor is now publicly available as 12296 mw.Message. 12297* (bug 29309) Allow CSS class per tooltip (tipsy). 12298* (bug 33565) Add accesskey/tooltip to submit buttons on Special:EditWatchlist. 12299* (bug 17959) Inline rendering/thumbnailing for Gimp XCF images. 12300* (bug 27775) Namespace has it's own XML tag in the XML dump file. 12301* (bug 30513) Redirect tag is now resolved in XML dump file. 12302* sha1 xml tag added to XML dump file. 12303* (bug 33646) Badtitle error page now emits a 400 HTTP status. 12304* Special:MovePage now has a dropdown menu for namespaces. 12305* (bug 34420) Special:Version now shows git HEAD sha1 when available. 12306* (bug 33952) Refactor mw.toolbar to allow dynamic additions at any time. 12307 12308=== Bug fixes in 1.19 === 12309* $wgUploadNavigationUrl should be used for file redlinks if. 12310 $wgUploadMissingFileUrl is not set. The first was used for this 12311 until the second was introduced in 1.17. 12312* BREAKING CHANGE: Style rules for wikitable are now more specific and prevent 12313 inheritance to nested tables which caused various issues (bug 30485 and bug 12314 33434). If your wiki has overridden rules for ".wikitable", please revise them 12315 and adjust where necessary. For comparison, use the "table.wikitable" section 12316 in skins/common/shared.css as base. 12317* $wgUploadNavigationUrl is now used for file redlinks if 12318 $wgUploadMissingFileUrl is not set. The former was used for this until the 12319 second was introduced in 1.17. 12320* (bug 27894) Move 'editondblclick' event listener down from body to 12321 div#bodyContent. 12322* (bug 30172) The check for posix_isatty() in maintenance scripts did not detect 12323 when the function exists but is disabled. Introduced 12324 Maintenance::posix_isatty(). 12325* (bug 30264) Changed installer-generated LocalSettings.php to use 12326 require_once() instead require() for included extensions. 12327* Do not convert text in the user interface language to another script. 12328* (bug 26283) Previewing user JS/CSS pages didn't load other user JS/CSS pages. 12329* (bug 26486) ResourceLoader modules with paths to nonexistent files cause PHP 12330 warnings/notices to be thrown. 12331* (bug 30335) Fix for HTMLForms using GET that were breaking when non-friendly 12332 URLs are used. 12333* (bug 28649) Preventing half truncated multi-byte unicode characters when 12334 truncating log comments. 12335* Show --batch-size option in help of maintenance scripts that support it. 12336* (bug 4381) Magic quotes cleaning was not comprehensive, key strings were not 12337 unescaped. 12338* (bug 23057) Importers no longer can 'edit' or 'create' a fully-protected page 12339 by importing a new revision into it. 12340* Allow moving the associated talk pages of subpages even if the base page 12341 has no subpage. 12342* Per page edit-notices now work in namespaces without subpages enabled. 12343* (bug 31081) $wgEnotifUseJobQ is no longer unconditionally enqueueing jobs. 12344* (bug 30202) File names are now restricted on upload to 240 bytes, because of 12345 restrictions on some of the database fields. 12346* Timezones are now recognised in user preferences when offset is different 12347 due to DST. 12348* (bug 31692) "summary" parameter now also works when undoing revisions. 12349* (bug 18823) "move succeeded" text displayed bluelinks even when redirect was 12350 suppressed. 12351* (bug 19186) Special:UserLogin's title on Special:SpecialPages now says 12352 "create account" when the user cannot create an account. 12353* (bug 31818) 'usercreated' message now supports GENDER. 12354* (bug 32022) Our phpunit.php script can now be executed from another directory. 12355* (bug 26020) Setting $wgEmailConfirmToEdit to true no longer removes diffs 12356 from recent changes feeds. 12357* (bug 30232) add current time to message wlnote on Special:Watchlist. 12358* (bug 29110) $wgFeedDiffCutoff did not affect new pages. 12359* (bug 32168) Add wfRemoveDotSegments for use in wfExpandUrl. 12360* (bug 32358) Do not display "No higher resolution available" for dimensionless 12361 files (like audio files). 12362* (bug 32168) Add wfAssembleUrl for use in wfExpandUrl. 12363* (bug 32168) fixed - wfExpandUrl expands dot segments now. 12364* (bug 31535) Upload comments now truncated properly, and don't have brackets. 12365* (bug 32086) Special:PermanentLink now shows an error message when no subpage 12366 was specified. 12367* (bug 30368) Special:Newpages now shows the new page name for moved pages. 12368* (bug 1697) The way to search blocked usernames in block log should be clearer. 12369* (bug 29747) eAccelerator shared memory caching has been removed since it is 12370 now disabled by default and is buggy. APC, XCache and WinCache are not 12371 affected. 12372* Installer now refuses to install if php was not compiled with Ctype support. 12373* (bug 29475) Remove "trackback" feature entirely from core. 12374* (bug 32665) Special:BlockList prefills the username in the input field if 12375 using the Special:BlockList/username URL. 12376* (bug 27721) Make JavaScript variables wgSeparatorTransformTable and 12377 wgDigitTransformTable depend on page content language so the sort script 12378 sorts correctly more often. 12379* (bug 32230) Expose wgRedirectedFrom in JavaScript. 12380* (bug 31212) History tab not collapsed when the screen is narrow. 12381* (bug 15521) Use new section summary when the action of adding a new section 12382 also happens to create the page. 12383* (bug 32960) Remove EmailAuthenticationTimestamp from database when a 12384 email address is removed. 12385* (bug 32414) Empty page get a empty bytes attribute in Export/Dump. 12386* (bug 33101) Viewing a User or User talk of username resembling IP ending 12387 with .xxx causes Internal error. 12388* Warning about undefined index in certain situations when $wgLogRestrictions 12389 causes the first log type requested to be removed but not the others. 12390* Use separate message ('prefixindex-namespace') for title of 12391 Special:PrefixIndex rather then re-using Special:AllPages's allinnamespace. 12392* (bug 33156) Special:Block now allows you to confirm you want to block yourself 12393 when using non-normalized username. 12394* (bug 33246) News icon shown for news:// URLs but not for news: URLs. 12395* (bug 33305) Make mw.util.addCSS resistant to IE's @font-face bug by setting 12396 cssText after DOM insertion. 12397* (bug 30711) When adding a new section to a page with section=new, the text is 12398 now always added to the current version of the page. 12399* (bug 31719) Fix uploads of SVGs exported by Adobe Illustrator by expanding 12400 XML entities correctly. 12401* (bug 30914) Embeddable ResourceLoader modules (user.options, user.tokens) 12402 should be loaded in <head> for proper dependency resolution. 12403* (bug 32702) Removed method Skin::makeGlobalVariablesScript() has been readded 12404 for backward compatibility. 12405* (bug 31469) Make sure tracking category messages expand variables like 12406 {{NAMESPACE}} relative to correct title. 12407* (bug 33454) ISO-8601 week-based year number (format character 'o') is now 12408 calculated correctly with respect to timezone. 12409* (bug 32219) InstantCommons now fetches content from Wikimedia Commons using 12410 HTTPS when the local wiki is served over HTTPS. 12411* (bug 33525) clearTagHooks doesn't clear function hooks. 12412* (bug 33523) Function tag hooks don't appear on Special:Version. 12413* Files with IPTC blocks we can't read no longer prevent extraction of exif 12414 or other metadata. 12415* (bug 33587) Remove action "historysubmit" from history pages. 12416* (bug 25800) mw.config wgAction should contain the actually performed action 12417 instead of whatever the query value contains. 12418* (bug 4438) Add CSS hook for current WikiPage action. 12419* (bug 33703) Common border-bottom color for <abbr> should inherit default 12420 (text) color. 12421* (bug 33819) Display file sizes in appropriate units. 12422* (bug 32948) {{REVISIONID}} and related variables are no longer blank after 12423 doing a null edit. 12424* (bug 33880) $wgUsersNotifiedOnAllChanges should not send e-mail to user who 12425 made the edit. 12426* (bug 33902) Decoding %2B with mw.Uri.decode results in ' ' instead of +. 12427* (bug 33762) QueryPage-based special pages no longer misses *-summary message. 12428* Other sizes links are no longer generated for wikis without a 404 thumbnail 12429 handler. 12430* (bug 29454) Enforce byteLimit for page title input on Special:MovePage. 12431* (bug 34114) CSSMin::remap() doesn't respect its $embed parameter. 12432* Special:Contributions/newbies now shows the contributions for the user 12433 "newbies". New user contributions are obtained using the form or using 12434 ?contribs=newbie in URL. 12435* It is now possible to delete images that have no corresponding description 12436 pages. 12437* (bug 33165) GlobalFunctions.php line 1312: Call to a member function 12438 getText() on a non-object. 12439* (bug 31676) Group dynamically inserted CSS into a single <style> tag, to work 12440 around a bug where not all styles were applied in Internet Explorer. 12441* (bug 28936, bug 5280) Broken or invalid titles can't be removed from 12442 watchlist. 12443* (bug 34600) Older skins using useHeadElement=false were broken in 1.18. 12444* (bug 34604) [mw.config] wgActionPaths should be an object instead of a numeral 12445 array. 12446* (bug 12262) Indents and lists are now aligned 12447* (bug 29753) mw.util.tooltipAccessKeyPrefix should be alt-shift for Chrome 12448 on Windows 12449* (bug 25095) Special:Categories should also include the first relevant item 12450 when "from" is filled. 12451* (bug 34972) An error occurred while changing your watchlist settings for 12452 [[Special:WhatLinksHere/Example]] 12453 12454=== API changes in 1.19 === 12455* Made action=edit less likely to return "unknownerror", by returning the actual 12456 error message (which may have come from a hook call or similar). 12457* (bug 19838) siprop=interwikimap can now use the interwiki cache. 12458* (bug 29748) Add API search prefix support. 12459* (bug 29684) Set forgotten parameter types in ApiQueryIWLinks. 12460* (bug 29685) do not output NULL parentid with list=deletedrevs&drprop=parentid. 12461* siprop=interwikimap and siprop=languages can use silanguagecode to have 12462 a best effort language name translation. Use CLDR extension for best result. 12463* (bug 30230) action=expandtemplates should not silently override invalid title 12464 inputs. 12465* (bug 18634) Create API to fetch MediaWiki's language fallback tree structure. 12466* (bug 26885) Allow show/hide of account blocks, temporary blocks and single IP 12467 address blocks for list=blocks. 12468* (bug 30591) Add support to only return keys in ApiAllMessages. 12469* The API now respects $wgShowHostnames and won't share the hostname in 12470 servedby if it's set to false. 12471* wlexcludeuser parameter added to ApiFeedWatchlist. 12472* (bug 7304) Links on redirect pages no longer cause the redirect page to show 12473 up as a redirect to the linked page on Special:Whatlinkshere. 12474* (bug 32609) API: Move captchaid/captchaword of action=edit from core 12475 to Captcha extension(s). 12476* Added 'APIGetDescription' hook. 12477* (bug 32688) Paraminfo for parameter "generator" of the query module shows too 12478 many types. 12479* (bug 32415) Empty page get no size attribute in API output. 12480* (bug 31759) Undefined property notice in querypages API. 12481* (bug 32495) API should allow purge by pageids. 12482* (bug 33147) API examples should explain what they do. 12483* (bug 33482) Api incorrectly calls ApiBase::parseMultiValue if allowed 12484 values is given as an array. 12485* (bug 32948) {{REVISIONID}} and related variables are no longer blank after 12486 calling action=purge&forcelinkupdate. 12487* (bug 34377) action=watch now parses messages using the correct title instead 12488 of "API". 12489* (bug 35036) WikiLove messages were not automatically updated in JavaScript 12490 after having been changed on-wiki due to a bug in core 12491 12492=== Languages updated in 1.19 === 12493 12494MediaWiki supports over 350 languages. Many localisations are updated 12495regularly. Below only new and removed languages are listed, as well as 12496changes to languages because of Bugzilla reports. 12497 12498* Canadian English (en-ca) (new). 12499* Norwegian (bokmål) (nb) (renamed from no). 12500* Uighur (Latin) (ug-latn) was incorrectly marked as right-to-left language. 12501* (bug 30217) Make pt-br a fallback of pt. 12502* (bug 31193) Set fallback language of Assamese from Bengali to English. 12503* Update date format for dsb and hsb: month names need the genitive. 12504* (bug 28643) Serbian variant conversion improvements (Nikola Smolenski). 12505* (bug 29405, bug 30809) Lower diacritics are invisible in titles in Indic 12506 languages Assamese, Bengali, Hindi, Malyalam and Odiya. 12507* (bug 32826) Titles in indic languages are partially cut. 12508* (bug 33367) Gendered namespaces for Czech. 12509* (bug 33014) Language::formatSize()/formatBitrate() should be able to deal 12510 with larger numbers (tera-yotta). 12511 12512=== Other changes in 1.19 === 12513* BREAKING CHANGE: Legacy global array 'ta' and global function 'akeytt' have 12514 been removed from wikibits.js. 12515* jquery.mwPrototypes module was renamed to jquery.mwExtension. 12516* The maintenance script populateSha1.php was renamed to the more concise 12517 populateImageSha1.php. 12518* The Client-IP header is no longer checked for when trying to resolve a 12519 client's real IP address. 12520* (bug 22096) Although IE5.x and below was already unsupported officially, 12521 stylesheets existing exclusively for IE5.0 and IE5.5 have now been removed 12522 (which were in skins 'chick' and 'monobook'). 12523* The constructor for CategoryView has changed, the second parameter is now a 12524 Context source and is required. 12525* The Title::escape{Local,Full,Canonical}URL methods are deprecated, please use 12526 proper html building methods to escape the normal get{...}URL methods instead. 12527* The $variant arguments in the Title::get{Local,Full,Link,Canonical}URL methods 12528 have been replaced with a secondary query argument. 12529* The $variant argument in the hooks for the 12530 Title::get{Local,Full,Link,Canonical}URL methods have been removed, the 12531 variant is now part of the $query argument. 12532* Removed Title::isValidCssJsSubpage(), deprecated since 1.17 in favor of 12533 using Title::isCssJsSubpage() or checking Title::isWrongCaseCssJsPage(). 12534* Support for the deprecated hook MagicWordMagicWords was removed. 12535* The Xml::namespaceSelector method has been deprecated, please use 12536 Html::namespaceSelector instead (note that the parameters have changed also). 12537* (bug 33746) Preload popular ResourceLoader modules (mediawiki.util) as 12538 stop-gap for scripts missing dependencies. 12539 New configuration variable $wgPreloadJavaScriptMwUtil has been introduced for 12540 this (set to false by default for new installations). Set to true if your wiki 12541 has a large amount of user/site scripts that are lacking dependency 12542 information. In the short to medium term these user/site scripts should be 12543 fixed by adding the used modules to the dependencies in the module registry 12544 and/or wrapping them in a callback to mw.loader.using. 12545 12546== MediaWiki 1.18 == 12547 12548== MediaWiki 1.18.6 == 125492012-11-29 12550 12551This is a maintenance and security release of the MediaWiki 1.18 branch 12552 12553=== Changes since 1.18.5 === 12554* ([[bugzilla:40995|bug 40995]]) Prevent session fixation in Special:UserLogin 12555(CVE-2012-5391) 12556* ([[bugzilla:41400|bug 41400]]) Prevent linker regex from exceeding PCRE 12557backtrack limit 12558* Localisation updates 12559* Increase permitted runtime for testParserTest 12560* ([[bugzilla:36179|bug 36179]]) Unquote 'null' for PostgreSQL. 12561 12562== MediaWiki 1.18.5 == 125632012-08-30 12564 12565This is a security release of the MediaWiki 1.18 branch 12566 12567=== Changes since 1.18.4 === 12568* (bug 39700) File: link to non-existing file can inject html 12569* (bug 39823) Hidden block text leaking to admins 12570* (bug 39184) LDAP password leakage 12571* (bug 39180) Disallow framing of api results 12572* (bug 37587) Enforce language codes to be html safe 12573* (bug 39824) Check global blocks on account creation 12574 12575== MediaWiki 1.18.4 == 125762012-06-12 12577 12578This is a security release of the MediaWiki 1.18 branch. 12579 12580=== Changes since 1.18.3 === 12581* (bug 36938) Correctly escape uselang attribute to prevent xss 12582* Expanded Blacklist for SVG Files 12583 12584== MediaWiki 1.18.3 == 125852012-04-25 12586 12587This is a maintenance release of the MediaWiki 1.18 branch. 12588 12589=== Changes since 1.18.2 === 12590* (bug 35446) Using "{{nse:}}" with an invalid namespace name no longer throws 12591 a PHP warning. 12592* (bug 35567) The whole password reminder e-mail is now sent in the same 12593 language. 12594* (bug 35961) Hash comparison should always be strict. 12595* (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php 12596 on line 598. 12597* Fix broken email confirmation expiration caused by MWCryptRand changes. 12598 12599== MediaWiki 1.18.2 == 126002012-03-21 12601 12602This is a maintenance and security release of the MediaWiki 1.18 branch. 12603 12604=== Changes since 1.18.1 === 12605* (bug 33686) could not get a list of contributors for an article when using 12606 a SQLite database. 12607* (Bug 33865) Exception thrown in action=parse when attempting to use the title 12608 parameter without setting the text parameter. 12609* UserMailer could potentially throw a fatal error when a MailAddress object had 12610 an empty email address. 12611* (Bug 33087) Exchange server rejected mail sent by MediaWiki 12612* (bug 34528) Edit section tooltips show correction section name again 12613* (bug 34246) MediaWiki:Whatlinkshere-summary message is displayed again in 12614 Special:Whatlinkshere 12615* (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in 12616 core parser functions which operate on strings, such as formatnum. 12617* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token 12618 parameter present. 12619* (bug 34907) Fixed exposure of tokens through load.php that could have 12620 facilitated CSRF attacks. 12621* (bug 35317) CSRF in Special:Upload. 12622 12623== MediaWiki 1.18.1 == 126242012-01-11 12625 12626This a maintenance and security release of the MediaWiki 1.18 branch. 12627 12628=== Changes since 1.18.0 === 12629* (bug 32712) Fix for search indexing of pages with certain unicode chars 12630 following URL. 12631* (bug 3901) Lang, hreflang attribs added to sidebar interlanguage links for 12632 screen readers. 12633* (bug 30774) mediawiki.html: Add support for numbers and booleans in the 12634 attribute values and element contents. 12635* (bug 32473) [[Special:PasswordReset]] can not be used on private wiki. 12636* (bug 32853) Fixed CACHE_DBA object cache type. 12637* (bug 32786) Backward compatibility for extension using 1.17's 12638 Database::newFromType(). 12639* Fixed exception when using Special:WhatLinksHere on a Media: file. 12640* (bug 32709) Private Wiki users were always taken to Special:Badtitle on login. 12641* (bug 33240) Sort images are missing but referenced in css. 12642* (bug 31921) Magic words REVISIONDAY, REVISIONMONTH and REVISIONYEAR were 12643 not showing their values on preview. 12644* (bug 32702) Removed method Skin::makeGlobalVariablesScript() has been readded 12645 for backward compatibility. 12646* (bug 30172) The check for posix_isatty() in maintenance scripts did not detect 12647 when the function exists but is disabled. Introduced 12648 Maintenance::posix_isatty(). 12649* (bug 33305) Make mw.util.addCSS resistant to IE's @font-face bug by setting 12650 cssText after DOM insertion. 12651* (bug 29102) Upgrades no longer fail with the error "Unknown character set: 12652 'mysql4'. 12653* (bug 25355) Parser generates edit section links for special pages. 12654* (bug 33321) Adding a line to MediaWiki:Sidebar that contains a pipe, but 12655 doesn't have any pipes after being transformed by MessageCache, causes 12656 exception on all pages. 12657* Fixed recentchanges FK violation on page delete and cache purge error in 12658 updater for Oracle DB. 12659* (bug 33117) prop=revisions allows deleted text to be exposed through cache 12660 pollution. 12661 12662== MediaWiki 1.18.0 == 126632011-11-24 12664 12665This is the first stable release of the MediaWiki 1.18 branch. 12666 12667=== Summary of selected changes in 1.18 === 12668 12669Selected changes since MediaWiki 1.17 that may be of interest: 12670 12671* Some of the more commonly used MediaWiki extensions are now included in the 12672 release tarball. These extensions are ConfirmEdit, Gadgets, Nuke, 12673 ParserFunctions, Renameuser, Vector and WikiEditor. 12674 12675* Gender support has been improved, meaning user pages can display the correct 12676 gender variant of "User" can now be used. 12677 12678* MediaWiki can now detect the camera orientation of an image from the Exif 12679 metadata, and can rotate the image thumbnail appropriately. Metadata support 12680 has been generally improved, and can now extract IPTC and XMP metadata. 12681 12682* Improved directionality support in 1.18 means that MediaWiki is better to use 12683 for RTL users. 12684 12685* MediaWiki now supports protocol - relative URLs in links, interwiki targets 12686 and $wgServer 12687 12688* Math support has been removed from core 12689 12690=== Changes since 1.18.0rc1 === 12691* (bug 32228) regression in Special:Search which did not conserve profile on 12692 new search 12693* (bug 32460) Categories were improperly aligned in Simple and CologneBlue 12694* (bug 32412) TOC links on [[Special:EditWatchlist]] points to the fieldsets 12695* (bug 32582) Fix TOC show/hide link regression on IE 8 12696 12697=== Changes since 1.18 beta 1 === 12698* (bug 31886) Wrong titles redirecting to Special:Badtitle in the 1.18 12699 deployment. 12700* (bug 32051) Fix description for wlprop=sizes. 12701* (bug 31913) Special:MostLinkedTemplates had an incorrect GROUP BY clause 12702 under Microsoft SQL. 12703* (bug 32100) installer complains about suhosin GET limit. 12704* (bug 31933) fix 1.18 regression in Monobook sidebar: huge spacing between 12705 portlets on IE 7 and IE 8/9 in compatibility view. 12706* (bug 32126) Fix 1.18 regression in watchlist editor when items already removed 12707 from watchlist. 12708* (bug 32183) remove the client-* classes added from user-agent-sniffing onto 12709 the <html> element. 12710* (bug 29912) Unit tests break if parsertest tables are still present. 12711* (bug 31694) During installation, tabbing order (cursor focus) goes to logo 12712 instead of 'continue'. 12713* (bug 29102) Upgrade fails "Unknown character set: 'mysql4". 12714* (bug 31990) justify paragraphs pref adds extra space to category listing. 12715* (bug 20148) Better title for [[Special:Disambiguations]] page. 12716* (bug 31502) TOC is missing on Special:EditWatchlist. 12717* (bug 32256) API list=search stops at first invalid result. 12718* (bug 32047) jquery.tablesorter.js: thead is before caption. 12719* (bug 29854) Store protocol-relative links twice in the externallinks table, 12720 one with http: in el_index and once with https. 12721* (bug 31822) Error during upgrade due to output buffer reset in stdout. 12722 12723=== Configuration changes in 1.18 === 12724* The WantedPages::getSQL hook has been removed and replaced with 12725 WantedPages::getQueryInfo. This may break older extensions. 12726* The SkinTemplateBuildContentActionUrlsAfterSpecialPage, 12727 SkinTemplateContentActions and SkinTemplateTabs hooks have been removed in 12728 favor of SkinTemplateNavigation and SkinTemplateNavigation::SpecialPage. 12729* $wgUseCombinedLoginLink controls whether to output a combined 12730 login / create account link in the personal bar, or to output separate login 12731 and create account links. 12732* Skin names are no longer created based on a ucfirst version of the key in 12733 $wgValidSkinNames but now the value. This means for 12734 $wgValidSkinNames["monobook"] = "MonoBook"; the skin loader will no longer try 12735 loading SkinMonobook and will instead load SkinMonoBook. 12736* $wgMaxUploadSize may now be set to an array to specify the upload size limit 12737 per upload type. 12738* $wgAPICacheHelp added in 1.16 is now removed. To disable API help caching, set 12739 $wgAPICacheHelpTimeout = 0; 12740* OutputPage::isUserJsAllowed() no longer returns false when scripts are allowed 12741 by the page, but $wgAllowUserJs is set to false. 12742* Pure "Skin" class based custom skins are no longer supported, all custom skins 12743 should be put together using SkinTemplate and BaseTemplate or QuickTemplate. 12744* The transliteration for passwords in case they were migrated from an old 12745 Latin-1 install (previous to MediaWiki 1.5) is now only done for wikis with 12746 $wgLegacyEncoding set. 12747* (bug 27508) Add $wgSVGMetadataCutoff to limit the maximum amount of an SVG we 12748 look at when finding metadata to prevent excessive resource usage. 12749* $wgSysopUserBans and $wgSysopRangeBans (deprecated in 1.17) are now removed. 12750 Use $wgBlockCIDRLimit = array( 'IPv4' => 43, 'IPv6' => 128 ) to achieve the 12751 same functionality as $wgSysopRangeBans; you can use the BlockIp hook to 12752 replicate $wgSysopUserBans functionality. 12753* The options on the block form have been standardised such that checking a box 12754 makes the block 'more serious'; so while "check to prevent account creation" 12755 and "check to enable autoblock" remain the same, "check to allow user-talk 12756 edit" is reversed to "check to *disable* user-talk edit", and "check to block 12757 anon-only" becomes "check to block logged-in users too". The default settings 12758 remain the same. 12759* Most of the field names on the Special:Block form have been changed, which 12760 will probably break screen-scraping bots. 12761* (bug 26866) The 'trackback' right is no longer granted to sysops by default. 12762 $wgUseTrackbacks is already false by default. 12763* (bug 17009) the hiddenStructure CSS class, a highly hackish way of at least 12764 *appearing* to hide article elements, has been removed. Use the 12765 ParserFunctions extension to actually remove unwanted elements from the 12766 output. 12767* (bug 14202) $wgUseTeX has been superseded by the Math extension. To re-enable 12768 math conversion after upgrading, obtain the Math extension from SVN or from 12769 https://www.mediawiki.org/wiki/Extension:Math and add to LocalSettings.php: 12770 require_once "$IP/extensions/Math/Math.php"; 12771* $wgProfiler is now a configuration array, see StartProfiler.sample for 12772 details. 12773* $wgProfiling has been removed. 12774* The spyc library is now no longer included in phase3. 12775* (bug 28343) Unused preferences contextlines/contextchars have been removed 12776* $wgSkinExtensionFunctions has been removed. Use $wgExtensionFunctions instead. 12777* $wgProto has been removed. You now only need to set $wgServer to change the 12778 URL protocol. 12779* $wgRateLimitsExcludedGroups (deprecated in 1.13) has been removed. 12780* $wgInputEncoding and $wgOutputEncoding (deprecated in 1.5) have now been 12781 removed. 12782* $wgAllowUserSkin (deprecated in 1.16) has now been removed. 12783* $wgExtraRandompageSQL (deprecated in 1.16) has now been removed. 12784* LogReader and LogViewer classes (deprecated in 1.14) have now been removed. 12785* (bug 26033) Added $wgArticleCountMethod to select the method to use to say 12786 whether a page is an article or not. $wgUseCommaCount is now deprecated. 12787* $wgEnableDublinCoreRdf and $wgEnableCreativeCommonsRdf no longer work in core, 12788 and the functionality has been moved to the relevant extensions. See 12789 https://www.mediawiki.org/wiki/Extension:DublinCoreRdf and 12790 https://www.mediawiki.org/wiki/Extension:CreativeCommonsRdf as appropriate. 12791* (bug 21107) Split error "customcssjsprotected" into separate messages for JS 12792 and CSS 12793* Removed $wgCheckCopyrightUpload from DefaultSettings, since the relevant 12794 feature was removed in about 1.5. 12795* LogPageValidTypes, LogPageLogName, LogPageLogHeader and LogPageActionText 12796 hooks have been removed. 12797* New hook "Collation::factory" to allow extensions to create custom 12798 category collations. 12799* $wgGroupPermissions now supports per namespace permissions. 12800* $wgEnableAutoRotation enables or disables auto-rotation. Leaving it set to 12801 null will cause MediaWiki to determine if auto-rotation is available. 12802 12803=== New features in 1.18 === 12804* BREAKING CHANGE: action=watch / action=unwatch now requires a token. 12805* BREAKING CHANGE: Article class hierarchy split into WikiPage (backend) 12806 and Article (frontend) hierarchies. Several hooks now pass a WikiPage object 12807 instead of an Article object. These hooks all use an $article parameter as 12808 documented in hooks.txt. Extensions should be updated to account for this, 12809 though most won't require any changes. 12810* (bug 27860) Minor edit after clicking 'new section' tab 12811 Now the "This is a minor edit" checkbox is not available when you 12812 create a page or new section. 12813* (bug 8130) Query pages should limit to content namespaces, not just main 12814 namespace. 12815* Special:Contribs now redirects to Special:Contributions. 12816* (bug 6672) Images are now autorotated according to their EXIF orientation. 12817 This only affects thumbnails; the source remains unrotated. 12818* (bug 25708) Update case mappings and normalization to Unicode 6.0.0. 12819* New hook ArticlePrepareTextForEdit added, called when preparing text to be 12820 saved. 12821* New parser option PreSaveTransform added, allows the pre-save transformation 12822 to be selectively disabled. 12823* Alternative to $wgHooks implemented, using the new Hooks class. 12824* Add width parameter to Special:Filepath to allow getting the file path of a 12825 thumbnail. 12826* (bug 26870) Add size to {{filepath:}}. 12827* Upload warnings now show a thumbnail of the uploaded file. 12828* Introduced the edittools-upload message, which will be inserted under the 12829 upload form instead of edittools if available. 12830* (bug 26285) Extensions will be automatically generated on upload if the user 12831 specified a filename without extension. 12832* (bug 26851) Special:UserRights now allows to prefill the reason field 12833* New maintenance script to fix double redirects 12834 (maintenance/fixDoubleRedirects.php). 12835* (bug 23315) New body classes to allow easier styling of special pages. 12836* (bug 27159) Make email confirmation code expiration time configurable. 12837* (bug 29047) CSS/JS for each user group is imported from 12838 MediaWiki:Group-sysop.js, MediaWiki:Group-autoconfirmed.css, etc. 12839* (bug 24230) Uploads of ZIP types, such as MS Office or OpenOffice can now be 12840 safely enabled. A ZIP file reader was added which can scan a ZIP file for 12841 potentially dangerous Java applets. This allows applets to be blocked 12842 specifically, rather than all ZIP files being blocked. 12843* (bug 2429) Allow selection of associated namespace in recent changes. 12844* (bug 26217) File size is now checked before uploading in HTML5 browsers. 12845* CSS stylesheet MediaWiki:Noscript.css is now loaded for users with JavaScript 12846 disabled (enclosed in the head in a <noscript> tag). 12847* Added UserGetLanguageObject hook to change the language used in $wgLang. 12848* (bug 14645) When $wgMiserMode is on, expensive special pages are styled 12849 differently (italicized by default) on Special:SpecialPages. 12850* Added $wgAggregateStatsID, which allows UDP stats to be aggregated over 12851 several wikis. 12852* When $wgAllowMicrodataAttributes is true, all itemtypes are allowed, not just 12853 the three that were defined in the original specification. 12854* (bug 14706) Added support for the Imagick PHP extension. 12855* (bug 18691) Added support for SVG rasterization using the Imagick PHP 12856 extension. 12857* (bug 2581, bug 6834) Added links to thumbnail in several resolutions to the 12858 file description page. The sizes are set by $wgImageLimits. 12859* (bug 28031) Add pageCount support to ArchivedFile. 12860* (bug 27924) PhpHttpRequest doesn't return response body if HTTP != 200. 12861* Added hook BitmapHandlerTransform to allow extension to transform a file 12862 without overriding the entire handler. 12863* The parser now attempts to output markers for editsection tokens and defer the 12864 rendering of them post-cache to reduce parser cache fragmentation and ensure 12865 skin customizability of edit section links. 12866* (bug 24755) AuthPlugin auto-creation of local accounts can now be aborted by 12867 other extensions by handling the 'AbortAutoAccount' hook, similar to the 12868 'AbortNewAccount' triggered by explicit account creations. (They are separate 12869 to avoid loops and confusion; auth plugins like CentralAuth need to handle 12870 AbortNewAccount separately. 12871* Special:ListFiles is now transcludable. 12872* (bug 13879) Special:Emailuser asks for suitable target user if called without. 12873* (bug 16956) IPTC and XMP metadata now extracted from images. 12874* (bug 23816) A tracking category is now added for any pages with broken images. 12875* (bug 23495) Allow createAndPromote.php to create non-sysop users. 12876* (bug 28916) A way to to toggle mw.config legacy globals settings from 12877 LocalSettings.php has been created by introducing $wgLegacyJavaScriptGlobals. 12878* (bug 28503) Support for ircs:// URL protocols. 12879* (bug 26033) It is now possible to count all non-redirect pages in content 12880 namespaces as articles. 12881* Images can now be embedded in an XML dump stream using backupDump.php 12882 --include-files and can be imported using importDump.php --uploads; 12883 furthermore, it can import files from the filesystem using --image-base-path. 12884* Three new hooks in Special:Undelete, 'UndeleteForm::showHistory', 12885 'UndeleteForm::showRevision' and 'UndeleteForm::undelete', so that extensions 12886 may override the usage of PageArchive class and replace it with their own 12887 class that extends PageArchive. 12888* (bug 28915) Implement QUnit test suite for MediaWiki JavaScript. 12889 Also built-in support for distribution through a TestSwarm instance. 12890* (bug 29036) For cascade-protected pages, the mw-textarea-cprotected class is 12891 added to the textarea on the edit form. 12892* mw.util.wikiScript has been implemented (like wfScript in GlobalFunctions.php) 12893* (bug 29067) Expose user.tokens (like we do user.options) in ResourceLoader. 12894* New 'Debug' hook used by wfDebug() and wfDebugLog(). 12895* (bug 27655) Require token for watching/unwatching pages) 12896* (bug 28904) (bug 29773) Update jQuery version from 1.4.4 to 1.6.2 (the latest 12897 version) 12898* (bug 29441) Expose CapitalLinks config in JS to allow modules to properly 12899 handle titles on case-sensitive wikis. 12900* (bug 29397) Implement mw.Title module in core. 12901* In MySQL 4.1.9+ with replication enabled, fetch the slave lag from SHOW SLAVE 12902 STATUS instead of SHOW PROCESSLIST. This ensures that lag is reported 12903 correctly in the case where there are no write events occurring. Note that 12904 the DB user now needs to have the REPLICATION CLIENT privilege if you are 12905 using replication. 12906* Language codes in $wgDummyLanguageCodes are now excluded on localization 12907 statistics (maintenance/language/transstat.php). 12908* (bug 29586) Make the (next 200) links on categories link directly to 12909 the relevant section of the category. 12910* (bug 29109) Allow the automatic edit summary for redirect creation 12911 show the first bit of the new redirect page. 12912* (bug 29723) mw.util.wikiGetlink() now defaults to wgPageName. 12913* (bug 29680) Add GetDefaultSortkey hook to override the default sortkey. 12914* (bug 16699) {{#language:}} accepts second parameter to specify the language in 12915 which the language name is wanted. Coverage depends on the cldr extension. 12916* (bug 15802) An easy way to look up messages: language qqx which returns 12917 the message keys. 12918* (bug 29868) Add support for passing parameters to mw.msg in jquery.localize. 12919* (bug 29558) $wgMiserMode now disables update.php by default. 12920* AjaxCategories: Easily add, edit or delete categories on article pages. 12921 Suggests possible categories when typing, all saves are done via AJAX. 12922 Supports editing of multiple categories and then saving them in one batch. 12923* $wgAutopromoteOnce was added, allowing for users to be automatically promoted 12924 to explicit usergroups. If a group is removed from a user via 12925 Special:UserRights, it will not automatically be re-added. Configuration is 12926 similar to $wgAutopromote (see DefaultSettings.php). 12927* The PerformRetroactiveAutoblock hook was added to allow overriding or 12928 complementing retroactive autoblock handling. This runs when blocking a user 12929 with the 'autoblock' option. 12930* MediaWiki now supports using protocol-relative URLs in links, interwiki 12931 targets and $wgServer. 12932* Introduced $wgVaryOnXFPForAPI which will cause the API to send 12933 Vary: X-Forwarded-Proto headers. 12934* New maintenance script to refresh image metadata 12935 (maintenance/refreshImageMetadata.php). 12936* (bug 16428) Include permalink in printable version. 12937* (bug 30722) Add an identity collation that sorts things based on what the 12938 unicode code point is (aka pre-1.17 behavior). 12939* (bug 30940) Add a hook in User:getDefaultOptions. 12940 To give extensions a better and more flexible way of providing default 12941 values for preferences a hook has been introduced in User:getDefaultOptions(). 12942 Setting preferences in $wgDefaultUserOptions still work fine, but when reading 12943 them (i.e. with array_keys) to get a list of all preferences, then 12944 $wgDefaultUserOptions should no longer be used as it will contain those set 12945 via User:getDefaultOptions(). 12946* (bug 30497) Add client-nojs and client-js classes on document element 12947 to let styles easily hide or show things based on general JS availability. 12948* (bug 31293) If Special:Userlogin is loaded over HTTPS, display 12949 MediaWiki:loginend-https instead of MediaWiki:loginend, if it's not empty. 12950 Same for signupend on the account creation page. 12951* (bug 31233) New OutputPage::addJsConfigVars() method to make the output page 12952 specific mw.config map extendable. 12953* mw.util.wikiScript has been implemented (like wfScript in 12954 GlobalFunctions.php). 12955 12956=== Bug fixes in 1.18 === 12957* (bug 27860) Minor edit after clicking 'new section' tab. 12958* (bug 23119) WikiError class and subclasses are now marked as deprecated. 12959* (bug 10871) Javascript and CSS pages in MediaWiki namespace are no longer 12960 treated as wikitext on preview. 12961* (bug 22753) Output from update.php is more clear when things changed, entries 12962 indicating nothing changed are now all prefixed by "...". 12963* Page existence is now not revealed (in the colour of the tabs) to users who 12964 cannot read the page in question. 12965* (bug 19006) {{REVISIONUSER}} no longer acts like {{CURRENTUSER}} in some 12966 cases. 12967* (bug 16019) $wgArticlePath = "/$1" no longer breaks API edit/watch actions. 12968* (bug 18372) File types blacklisted by $wgFileBlacklist will no longer be shown 12969 as "Permitted file types" on the upload form. 12970* (bug 26379) importImages.php gives more descriptive error message on failure. 12971* (bug 26410) + signs are no longer treated as spaces in internal links if 12972 link has a % sign in it. 12973* (bug 26412) Search results headers no longer show a bogus edit link. 12974* (bug 26540) Fixed wrong call to applyPatch in MysqlUpdater. 12975* (bug 26574) Added 'upload' to $wgRestrictionTypes, allowing upload protected 12976 pages to be queried via the API and Special:ProtectedPages, and allowing 12977 disabling upload protection by removing it from $wgRestrictionTypes. 12978* If an edit summary exceeds 250 bytes and is truncated, add an ellipse. 12979* (bug 26638) Database error pages display correctly in RTL languages. 12980* (bug 26187) Confirmrecreate no longer parses the edit summary. 12981* (bug 26208) Mark directionality of some interlanguage links. 12982* (bug 26034) Make the "View / Read" tab in content_navigation style tabs remain 12983 selected when the action is "purge". 12984* (bug 14267) Support a MediaWiki:Mainpage-nstab override for the subject 12985 namespace tab on the mainpage of a wiki. 12986* (bug 10158) Do not mention allowing others to contact you when the feature 12987 is disabled ($wgEnableUserEmail=false). 12988* (bug 26733) Wrap initial table creation in transaction. 12989* (bug 26729) Category pages should return 404 if they do not exist and have no 12990 members. 12991* (bug 2585) Image pages should send 404 if no image, no shared image and no 12992 description page. 12993* Custom editintro's using the editintro url parameter will no longer show 12994 <noinclude> sections on pages they are included on. 12995* (bug 26449) Keep underlines from headings outside of tables and thumbs by 12996 adding overflow:hidden to h1,h2,h3,h4,h5,h6 (also fixes editsection bunching). 12997* (bug 26708) Remove background-color:white from tables in Monobook and Vector. 12998* (bug 28422) Remove color:black from tables in Monobook and Vector. And add it 12999 to table.wikitable instead. 13000* (bug 26781) {{PAGENAME}} and related parser functions escape their output 13001 better. 13002* (bug 26716) Provide link to instructions for external editor related 13003 preferences and add a comment to the ini control file explaining what is 13004 going on. 13005* Trying to upload a file with no extension or with a disallowed MIME type now 13006 gives the right message instead of complaining about a MIME/extension 13007 mismatch. 13008* (bug 26809) Uploading files with multiple extensions where one of the 13009 extensions is blacklisted now gives the proper extension in the error message. 13010* (bug 26961) Hide anon edits in watchlist preference now actually works. 13011* (bug 19751) Filesystem is now checked during image undeletion. 13012* Send last modified headers for Special:Recentchanges when RC patrol is 13013 enabled, but user cannot see rc patrol links. 13014* (bug 26548) ForeignAPIRepo (InstantCommons) now works with PDF files 13015 and other multi-paged file formats. 13016* Files with a mime type that does not match the extension are now properly 13017 thumbnailed. 13018* (bug 27201) Special:WhatLinksHere output no longer contains duplicate IDs. 13019* (bug 15905) Nostalgia skin could become more usable by including a Talk: 13020 link at the top of the page. 13021* (bug 27560) Search queries no longer fail in Walloon language. 13022* (bug 27679) Broken embedded files with special characters are no longer 13023 double HTML escaped. 13024* (bug 27700) The upload protection can now also be set for files that do not 13025 exist. 13026* (bug 27763) Article::getParserOutput() no longer throws a fatal given when an 13027 incorrect revision ID is passed. 13028* Trim the form field for uploading by url to remove extra spaces which could 13029 cause confusing error messages. 13030* (bug 27854) Http::isValidURI is way too lax. 13031* Do not show enotifminoredits preference, if disabled by $wgEnotifMinorEdits. 13032* AbortLogin returning "ABORTED" now handled. Also allows message identifier 13033 for "ABORTED" reason to be returned and displayed to user. 13034* (bug 28034) uploading file to local wiki when file exists on shared repository 13035 (commons) gives spurious info in the warning message. 13036* Usernames get lost when selecting different sorts on Special:listfiles. 13037* (bug 14005) editing section 0 of an existing but empty page gives no such 13038 section error. 13039* (bug 26939) Installer does not set $wgMetaNamespace. 13040* (bug 28166) UploadBase assumes that 'edit' and 'upload' rights are not per 13041 page restrictions. 13042* Make truncate function automatically consider length of '...' string, 13043 since length can vary by localization. 13044* (bug 28242) Make redirects generated by urls containing a local interwiki 13045 prefix be a 301 instead of a 302. 13046* (bug 15641) blocked administrators are now prevented from deleting or 13047 protecting their own talk page; and all blocked users are more 13048 comprehensively prevented from performing other actions. 13049* (bug 27893) Edit-on-doubleclick now applies only on view and purge actions; 13050 no longer triggers unexpectedly on delete, history etc. 13051* (bug 28417) Fix PHP notice when importing revision without a listed id. 13052* (bug 28430) Make html and TeX output of <math> always be left-to-right. 13053* (bug 28306) Fix exposure of suppressed usernames in ForeignDBRepo. 13054* (bug 28372) Fix bogus link to suppressed file versions in ForeignDBRepo. 13055* (bug 27473) Fix regression: bold, italic no longer interfere with linktrail 13056 for ca, kaa. 13057* (bug 28444) Fix regression: edit-on-doubleclick retains revision id again. 13058* ' character entity is now allowed in wikitext. 13059* UtfNormal::cleanUp on an invalid utf-8 sequence no longer returns false if 13060 intl installed. 13061* (bug 28561) The css class small will no longer make nested elements even 13062 smaller. 13063* (bug 13172) Array type exif data (like GPS) was not being extracted from 13064 images. 13065* (bug 28532) wfMsgExt() and wfMsgWikiHtml() use $wgOut->parse(). 13066* (bug 16129) Transcluded special pages expose strip markers when they output 13067 parsed messages. 13068* (bug 27249) "Installed software" table in Special:Version should always be 13069 left-to-right. 13070* (bug 28719) Do not call mLinkHolders __destruct explicitly. 13071* (bug 21196) Article::getContributors() no longer fails on PostgreSQL. 13072* (bug 28752) XCache doesn't work in CLI mode. 13073* (bug 28076) Thumbnail height limited to 360 pixels on Special:Listfiles. 13074* (bug 22227) Special:Listfiles no longer throws an error on bogus file entries. 13075* (bug 19408) user_properties.up_property: 32 bytes is not enough. 13076* (bug 25262) Fix for minification of hardcoded data: URIs in CSS. 13077* (bug 29263) Add LTR class to the shared CSS to be used for left-to-right text 13078 such as SQL queries shown in dberrortext and similar messages in RTL 13079 environments. 13080* (bug 14977) Fixed $wgServer detection in cases where an IPv6 address is used 13081 as the server name. 13082* The View X deleted revisions is now shown again on Special:Upload. 13083* (bug 29071) mediawiki.action.watch.ajax.js should pass uselang to API. 13084* (bug 28868) Show total pages in the subtitle of an image on the 13085 file description page for multi-paged documents. 13086* (bug 28883) Message names for different compression types commonly 13087 used in Tiff files. 13088* When transcluding a special page, do not let it interpret url parameters. 13089* (bug 28887) Special page classes are no longer re-used during 1 request. 13090* (bug 28888) Searching for something starting with a # sign no longer tells 13091 the user a page named [[:]] already exists. 13092* (bug 23002) Imagelinks table not updated after imagemove. 13093* (bug 27864) Transcluding {{Special:Prefix}} with empty prefix now lists all 13094 pages. 13095* (bug 18803) JPEG2000 images should not be uploadable as .jpg files. 13096* (bug 11868) If using links to count articles, the checking will now be based 13097 on the real presence of an internal link instead of the "[[" string. 13098* (bug 28287) The "your changes" box for edit conflicts is now read-only. 13099* (bug 28940) When making a thumb of an SVG, and only specifying the height 13100 make the width be the max SVG size, not the natrual width of the SVG. 13101* (bug 1780) Uploading files with non-ascii characters are now forbidden on 13102 Windows. 13103* (bug 23464) File: prefixes are now chopped off during uploading. 13104* (bug 28174) Message config-logo-help amended to not explicitly assume any 13105 LTR/RTL screen layout. 13106* (bug 28992) Revision numbers in the patrol log are transformed in the user 13107 language. 13108* (bug 27073) ResourceLoaderDynamicStyles marker should be dynamically appended 13109 to the document head if it doesn't exist. 13110* (bug 27023) After the document is ready, mw.loader is broken (calls callback 13111 before module is parsed). 13112* (bug 4330) External URLs without a custom title should be treated as LTR, 13113 even in RTL text. 13114* (bug 29055) Make "don't send email on minor edits" preference apply to 13115 changes to talk page in addition to watchlist edits. 13116* (bug 28272) Special:AllMessages should have only one "Go" button. 13117* (bug 29101) Special:FileDuplicateSearch no longer shows silly message. 13118* (bug 29048) jQuery.tabIndex: firstTabIndex() should not output the same 13119 as lastTabIndex(). 13120* (bug 29332) Warn if user requests mediawiki-announce subscription but does not 13121 enter an e-mail address. 13122* (bug 25375) Add canonical namespaces to "wgNamespaceIds" in mw.config. 13123* The class JpegOrTiffHandler was renamed ExifBitmapHandler. 13124* (bug 29443) Special:Undelete should use JavaScript to invert all checkboxes 13125 instead of reloading the page. 13126* (bug 29325) Setting $wgStrictFileExtensions to false no longer gives incorrect 13127 warning. 13128* (bug 29437) Multiple apostrophes in deleted article title cause odd rendering. 13129* (bug 29485) RSS feed of Special:RecentChange grouped together multiple 13130 consecutive edits by same user in included diff, but then linked to 13131 a single ungrouped diff. 13132* Do not try to group together a page creation and edit in the RSS feed of RC. 13133* (bug 29342) Patrol preferences shouldn't be visible to users who don't have 13134 patrol permissions. 13135* (bug 29471) Exception no longer thrown for files with invalid date in 13136 metadata. 13137* (bug 29492) Long-running steps in the installer (such as Upgrade and Install) 13138 no longer cause timeouts. 13139* (bug 29507) Change 'image link' to 'file link' in Special:Whatlinkshere. 13140* If the db is really screwed up, and doesn't have a recentchanges table, 13141 make the updater throw an exception instead of a fatal. 13142* wfArrayToCGI() and wfCgiToArray() now handle nested and associative arrays 13143 correctly. 13144* (bug 29567) mw.util.addPortletLink should only wrap link in <span> for 13145 "vectorTabs" portlets. 13146* (bug 8556) Incorrect session failure warning on preview-on-open 13147 namespaces (categories) when combined with $wgRawHtml. 13148* Use content language in formatting of dates in revertpage message 13149 (rollback revert edit summary) and do not adjust for user timezone. 13150* (bug 29277) MediaWiki:Filepage.css is also shown on the local wiki 13151* Make sure Backlink cache does not retrieve interwiki redirects when looking 13152 for redirects to a local page. 13153* (bug 6100) Allow different directionality (LTR/RTL) for user interface 13154 and wiki content, along with many other RTL and directionality improvements 13155 (such as bugs 28030, 12406, 28349). 13156* (bug 29712) Removed broken defaultUserOptionOverrides in MessagesXx files and 13157 unneeded CSS flipping of quickbar. Instead, introduce option 5 which sets 13158 left/right according to the directionality of your interface language. 13159* (bug 19514) Unordered list list-style-image should be IE6-compatible (8-bit). 13160* (bug 27410) The tag filter on a history page is now within a <label> element. 13161* (bug 29779) DairikiDiff/WikiDiff <ins> and <del> should undo browser default 13162 styling (strike/underline). 13163* (bug 28630) Add iwlinks, langlinks, redirect to 13164 RefreshLinks::deleteLinksFromNonexistent. 13165* (bug 29797) Error: "Tried to load block with invalid type" when subpages 13166 are disabled for user pages. 13167* (bug 12205) Bidirectional names in action=credits are split and displayed 13168 incorrectly when wrapped to the next line. 13169* (bug 20781) Move 'mainpagetext' messages to installer's .i18n file. 13170* (bug 29737) "MediaWiki:Qbsettings-directionality" should refer to script, 13171 not language. 13172* (bug 26360) $wgSessionHandler was overriding system settings unconditionally. 13173* Removed AjaxFunctions.php. The last remaining function js_unescape() was moved 13174 to the FCKEditor extension. 13175* (bug 28762) Resizing to specified height broken for very thin images. 13176* (bug 29959) Installer fatal when cURL and allow_url_fopen is disabled and user 13177 tries to subscribe to mediawiki-announce. 13178* (bug 27427) mw.util.getParamValue shouldn't return value from hash even if 13179 param is only present in hash. 13180* Installer checked for magic_quotes_runtime instead of register_globals. 13181* (bug 30131) XCache with variable caching disabled no longer used for variable 13182 caching (CACHE_ACCEL) 13183* $wgSVGMaxSize is now applied to the smaller of width or height, making very 13184 wide pano/timeline/diagram SVGs renderable at saner sizes. 13185* (bug 30219) The page shown when LocalSettings.php does not exist was broken on 13186 Windows servers. 13187* (bug 30074) Moving user JS subpages resulted in JS errors because 13188 #REDIRECT [[Foo]] is invalid JS. 13189* (bug 30335) Fix for HTMLForms using GET breaking when non-friendly URLs 13190 are used. 13191* (bug 30264) Changed installer-generated LocalSettings.php to use 13192 require_once() instead of require() for included extensions. 13193* Tracking categories are no longer shown in footer for special pages. 13194* (bug 30684) Fix bad escaping in mw.message for inexistent messages (i.e. 13195 <key>). 13196* $wgOverrideSiteFeed no longer double escapes urls. 13197* The preprocessor no longer fails with a PHP warning about XML_PARSE_HUGE when 13198 processing complex pages using newer versions of libxml2. 13199* (bug 30907) Special:Unusedcategories should sort ascendingly. 13200* (bug 28545) When using the uca-default collation, sortkey's starting with a 13201 space (U+20) will sort under an invisible header like in 1.16 rather than a 13202 U+6DE. 13203* (bug 30192) Thumbnails of archived files are now deleted. 13204* (bug 30843) mediawiki.Title should not convert extensions (anything after the 13205 last full stop) to lower case). 13206* (bug 31213) Exception thrown when trying to move file cross-namespace. 13207* (bug 18424) Special:Prefixindex and Special:Allpages paging links are 13208 really small, and somewhat inconsistent with each other. 13209* (bug 30466) Entries in iwlinks table are now cleared when moving a page over 13210 redirect. 13211* (bug 31674) Can't edit watchlist if it contains special pages. 13212* (bug 32100) Installer complains about Suhosin GET limit even if it is 13213 already set above 1024 bytes. 13214 13215=== API changes in 1.18 === 13216* BREAKING CHANGE: action=watch now requires POST and token. 13217* (bug 26339) Throw warning when truncating an overlarge API result. 13218* (bug 14869) Add API module for accessing QueryPage-based special pages. 13219* (bug 14020) API for Special:Unwatchedpages. 13220* (bug 24287) Wrap API Help output at 100 characters. 13221* Add a realname uiprop option to query=userinfo so a user's realname can be 13222 extracted. 13223* Add a &watchuser option to ApiBlock. 13224* (bug 26541) Generator-ise ApiQueryRecentChanges. 13225* action=parse now correctly returns an error for nonexistent pages. 13226* (bug 25767) Add userrights properties to allusers and users query lists. 13227* (bug 26558) list=allusers auprop=groups does not list groups a user is 13228 automatically a member of. 13229* (bug 26559) list=allusers auprop=rights does not match 13230 list=users usprop=rights. 13231* (bug 26560) On allusers if limit < total number of users, last user gets 13232 duplicate. 13233* (bug 25135) add "normalized" to action=parse. 13234* (bug 26460) Add support for listing category members by category pageid. 13235* (bug 26482) add a imimages param to prop=images. 13236* (bug 26498) allow LinksUpdate with API. 13237* (bug 26485) add a elextlinks param to prop=extlinks. 13238* (bug 26483) add a iwtitles param to prop=iwlinks. 13239* (bug 26484) add a lltitles param to prop=langlinks. 13240* (bug 26480) add a pppageprops param to prop=pageprops. 13241* (bug 26650) Remove $wgAPICacheHelp in favour of $wgAPICacheHelpTimeout. 13242* (bug 24650) Fix API to work with categorylinks changes. 13243* Expose list of skins in meta=siteinfo. 13244* (bug 26548) Add iiurlparam param to query=imageinfo and query=stashimageinfo. 13245* (bug 27205) aiprop=metadata and aiprop=parsedcomment need help text. 13246* Add a amtitle param to meta=allmessages. 13247* (bug 25832) query=allimages now outputs ns/title as well. 13248* (bug 27199) Thumbnail urls can be fetched for old files as well. 13249* (bug 27376) when using ApiBase::PARAM_TYPE => 'integer' without a min or 13250 max value, API doesn't validate the input is actually an integer. 13251* (bug 27479) API error when using both prop=pageprops and 13252 prop=info&inprop=displaytitle. 13253* (bug 27554) Update API information text to reflect change in bug 26125. 13254* (bug 27611) list=blocks: Use ipb_by_text instead of join with user table. 13255* (bug 27616) Add userid of blocked user and blocker to list=blocks. 13256* (bug 27688) Simplify queries to list user block information. 13257* (bug 27708) list=users does not have a property to return user id. 13258* (bug 27715) imageinfo didn't respect revdelete. 13259* (bug 27862) Useremail module didn't properly return success on success. 13260* (bug 27590) prop=imageinfo now allows querying the media type. 13261* (bug 27587) list=filearchive now outputs full title info. 13262* (bug 27018) Added action=filerevert to revert files to an old version. 13263* (bug 27897) list=allusers and list=users list hidden users. 13264* (bug 27717) API's exturlusage module does not respect $wgMiserMode. 13265* (bug 27588) list=filearchive&faprop=sha1 returns empty attribute. 13266* (bug 28010) Passing a non existent user to list=users gives internal error. 13267* (bug 27549) action=query&list=users&usprop=groups doesn't show implicit 13268 groups if a user doesn't have explicit groups. 13269* (bug 27670) Ordering by timestamp (and usage of start and end) isn't as clear 13270 in auto generated document, as it is on mediawiki.org. 13271* (bug 27182) API: Add filter by prefix for meta=allmessages. 13272* (bug 27183) API: Add filter by customisation state for meta=allmessages. 13273* (bug 27340) API: Allow listing of "small" categories. 13274* (bug 27342) Add audir param to list=allusers. 13275* (bug 27203) add fato param to list=filearchive. 13276* (bug 27341) Add drto param to list=deletedrevs. 13277* (bug 26630) Add API for Special:ActiveUsers. 13278* (bug 27020) API: Allow title prefix search of logevents (only when not in 13279 miser mode). 13280* (bug 26629) add Special:MIMESearch to API. 13281* (bug 27585) add pagecount to list=filearchive. 13282* (bug 28104) Namespace for local pages in interwiki backlinks (iwbacklinks) 13283 is missing. 13284* (bug 27343) Add parseddescription to list=filearchive. 13285* (bug 27469) label implicit groups in list=allusers&auprop=groups/ 13286 list=users&usprop=groups. 13287* Addition of APIQuerySiteInfoGeneralInfo hook to add extra information to 13288 the general site info results. 13289* (bug 16288) API: consider making closure status of wikis more clear 13290 with meta=siteinfo. 13291* (bug 27589) list=allimages&aiprop=archivename is useless. 13292* (bug 27586) Remove duplication of props in ApiQueryStashImageInfo 13293 by using ApiQueryImageInfo. 13294* (bug 28226) prop=extlinks&eloffset should be an integer. 13295* (bug 28070) Fix watchlist RSS for databases that store timestamps in a 13296 real timestamp field. 13297* API upload errors may now return the parameter that needs to be changed and 13298 a sessionkey to fix the error. 13299* (bug 28249) allow dupes in meta=allmessages&amargs. 13300* (bug 28263) cannot import xml with the API, when have not "import" user 13301 right, but "importupload". 13302* (bug 28365) Added description for uiprop=preferencestoken in meta=userinfo. 13303* (bug 28394) Set forgotten parameters types in ApiUnblock. 13304* (bug 28395) Set forgotten parameters types in ApiParse. 13305* (bug 28368) add hint for multipart/form-data to API information of 13306 action=import&xml=. 13307* (bug 28391) action=feedwatchlist&allrev should be a bool. 13308* (bug 28364) add registration date to meta=userinfo. 13309* (bug 28254) action=paraminfo: Extract type from PARAM_DFLT if 13310 PARAM_TYPE is not set. 13311* (bug 27712) add parent_id to list=deletedrevs. 13312* (bug 28455) Add 'toponly' to recentchanges API module. 13313* (bug 26873) API: Add 'toponly' filter in usercontribs module. 13314* (bug 28586) YAML: strings that are the same as boolean literals. 13315* (bug 28591) Update/replace/supplement spyc (YAML parsing library). 13316* YAML API output is now 1.2 compliant, using JSON as the formatter. 13317* (bug 28672) give information about misermode on API. 13318* (bug 28558) Add iw_api and iw_wikiid to meta=siteinfo&siprop=interwikimap 13319* (bug 26882) Allow listing of indefinite protections with the API. 13320* (bug 27344) add drprefix param to list=deletedrevs. 13321* (bug 28560) list=deletedrevs should die, if combination of param is invalid. 13322* (bug 28238) paraminfo: output both limits for multi param. 13323* (bug 27179) API: List of extension tags through meta=siteinfo. 13324* Get a list of function hooks through meta=siteinfo. 13325* Get a list of all subscribed hooks, and those subscribers. 13326* (bug 28225) Allow hiding of user groups in list=allusers. 13327* (bug 27185) API: Add Special:ComparePages. 13328* (bug 28265) allow outputting of comments for action=expandtemplates. 13329* (bug 27790) Add query type for querymodules to output of ApiParamInfo. 13330* (bug 28963) Add langbacklinks query module to the api. 13331* (bug 27593) API should return error message when sha1/sha1base36 is invalid. 13332* (bug 28578) API's parse module should not silently override invalid 13333 title inputs. 13334* (bug 20699) Watchlist API should list log-events. 13335* (bug 29070) Require a token in API action=watch. 13336* (bug 29221) Expose oldrevid in ApiQueryWatchlist output. 13337* (bug 29267) Always give the servername for meta=siteinfo&siprop=dbrepllag. 13338* (bug 28897) rvparse now respects rvsection for action=query&prop=revisions. 13339* (bug 25734) API: Possible issue with revids validation. 13340* (bug 28002) Internal error in ApiFormatRaw::getMimeType. 13341* (bug 29237) ApiQuery now has an option to output the "iwurl" attribute. 13342* (bug 28392) Mark action=undelete×tamps as type "timestamp". 13343* (bug 21346) Make deleted images searchable by hash (disabled in Miser Mode). 13344* (bug 27595) sha1 search of list=filearchive does not work. 13345* (bug 26763) Make RSS/Atom of user contributions more visible. 13346* (bug 25133) Allow redirects also for action=parse&pageid. 13347* (bug 29745) Fatal error in API search. 13348* (bug 29476) API returns page title instead of sectiontitle for 13349 srprop=sectiontitle. 13350* Correct the documentation of srprop properties. 13351* (bug 28817) Add reference help page link to API Modules. 13352* (bug 29935) Improve formatting of examples in ApiParamInfo. 13353* (bug 29938) list=users&usprop=rights shows rights the user doesn't have. 13354* (bug 24781) The API will include an XML namespace if the includexmlnamespace 13355 parameter is set. 13356* (bug 29392) Setting the start or end parameter now works with lists blocks, 13357 categorymembers, deletedrevs, logevents, protectedtitles, usercontributions 13358 and watchlist in Postgres. 13359 13360=== Languages updated in 1.18 === 13361 13362MediaWiki supports over 330 languages. Many localisations are updated 13363regularly. Below only new and removed languages are listed, as well as 13364changes to languages because of Bugzilla reports. 13365 13366* Angika (anp) (new). 13367* Brahui (brh) (new). 13368* Central Dusun (dtp) (new). 13369* Jamaican Creole English (jam) (new). 13370* Khowar (khw) (new). 13371* Liv (liv) (new). 13372* Kichwa (qug) (new). 13373* Tokipona (tp) (removed) 'tokipona' is still valid. 13374* (bug 17160) Gender specific display text for User namespace. 13375* Link trail added for sl and sh. 13376* (bug 27633) Add characters to linkTrail for Portuguese (pt and pt-br). 13377* (bug 27426) Set $namespaceGenderAliases for Arabic (ar). 13378* (bug 27385) Set Polish $namespaceGenderAliases. 13379* (bug 27681) Set $namespaceGenderAliases for Portuguese (pt and pt-br). 13380* (bug 27785) Fallback language for Kabardian (kbd) is English now. 13381* (bug 27825) Raw watchlist edit message now uses formatted numbers. 13382* (bug 28040) Turkish: properly lower case 'I' to 'i' (dotless i) and 13383 uppercase 'i' to 'I' (dotted i). 13384* Conversion script between Syllabics and Latin for the Inuktitut language. 13385* Date formats for Indonesian (id) updated. 13386* Bhojpuri (bho) (renamed from "bh"). 13387* (bug 29031) When translating block log entries, indefinite, infinite, and 13388 infinity are now considered the same. 13389* Aromanian (rup) (renamed from "rua-rup"). 13390* Kashmiri (ks) split into Kashmiri (Perso-Arabic) (ks-arab) and Kashmiri 13391 (Devanagari) (ks-deva). Defaults to ks-arab. 13392* (bug 30864) Use bengali numerals for <ol> for Assamese. 13393* (bug 30817) Restored linktrail for kk (Kazakh). 13394* (bug 27398) Add $wgExtraGenderNamespaces for configured gendered namespaces. 13395* (bug 30846) New LanguageOs class. 13396 13397=== Other changes in 1.18 === 13398* Removed legacy wgAjaxWatch javascript global object, no longer in use. 13399* (bug 28556) Upload support for MacBinary files has been removed (Used by 13400 Internet Explorer 5 for Mac OS 9). 13401* On wiki farm setups using $wgConf, 'wgCanonicalServer' is now expected to be 13402 set for all wikis. This was already the case for 'wgServer'. 13403 13404== MediaWiki 1.17 == 13405 13406== MediaWiki 1.17.5 == 134072012-06-12 13408 13409This is a security release of the MediaWiki 1.17 branch. 13410 13411=== Summary of selected changes in 1.17 === 13412 13413Selected changes since MediaWiki 1.16 that may be of interest: 13414 13415* A new installer has been introduced. It has a wizard-style interface which is 13416 translated into many languages. Many shortcomings in the old installer were 13417 addressed with this rewrite. Note that it is no longer required for the config 13418 directory to be made writable by the webserver. Instead the generated 13419 LocalSettings.php file is offered as a download, which you must then upload 13420 to the wiki's base directory. 13421 13422* ResourceLoader, a new framework for delivering client-side resources such as 13423 JavaScript and CSS, has been introduced. These resources are now delivered 13424 through the new entry point script "load.php", instead of as static files 13425 served directly by the web server. This allows minification, compression and 13426 client-side caching to be used more effectively, which should provide a net 13427 performance improvement for most users. 13428 13429* Category sorting has been improved. 13430** Sorting is now case insensitive. 13431** Sub-categories, pages and files can now be paged separately. 13432** When several pages are given the same sort key, they sort by their 13433 names instead of randomly. 13434 13435* The lowest supported version of PHP is now 5.2.3. If necessary, please 13436 upgrade PHP prior to upgrading MediaWiki. 13437 13438=== Changes since 1.17.4 === 13439 13440* (bug 36938) Correctly escape uselang attribute to prevent xss 13441* Expanded Blacklist for SVG Files 13442 13443=== Changes since 1.17.3 === 13444 13445* (bug 35961) Hash comparison should always be strict. 13446* Fix broken email confirmation expiration caused by MWCryptRand changes. 13447* (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php 13448 on line 598. 13449 13450=== Changes since 1.17.2 === 13451 13452* (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in 13453 core parser functions which operate on strings, such as padleft. 13454* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token 13455 parameter present. 13456* (bug 34907) Fixed exposure of tokens through load.php that could have 13457 facilitated CSRF attacks. 13458* (bug 35317) CSRF in Special:Upload. 13459 13460=== Changes since 1.17.1 === 13461* (bug 33117) prop=revisions allows deleted text to be exposed through cache 13462 pollution. 13463* (bug 32709) Private Wiki users were always taken to Special:Badtitle on login. 13464 13465=== Changes since 1.17.0 === 13466 13467* (bug 29535) Added missing Creative Commons CC0 icon. 13468* (bug 29726) Fixed failure to load internationalization messages in 13469 client-side scripts on WebKit-based browsers. 13470* Fixed a bug in message transformation where the previous language could leak 13471 into later transformations in the UI language. 13472* (bug 29091) Fixed form of native name for Ossetic language (Иронау -> Ирон) 13473* Fixed maintenance scripts upgrade1_5.php and rebuildImages.php, they did not 13474 work at all since 1.17 beta 1. 13475* (bug 29531) Fixed img_auth.php for thumbnails and other filenames with 13476 multiple dots, was broken by the fix for bug 28840. 13477* In the maintenance script purgeList.php, fixed a fatal error when a page 13478 title is given, instead of a URL. 13479* (bug 19514) Unordered list list-style-image should be IE6-compatible (8-bit). 13480* Installer checked for magic_quotes_runtime instead of register_globals. 13481* $wgSVGMaxSize is now applied to the smaller of width or height, making very 13482 wide pano/timeline/diagram SVGs renderable at saner sizes. 13483* (bug 29959) Installer fatal when cURL and allow_url_fopen is disabled and user 13484 tries to subscribe to mediawiki-announce. 13485* Installer checked for magic_quotes_runtime instead of register_globals 13486* (bug 30131) XCache with variable caching disabled no longer used for variable 13487 caching (CACHE_ACCEL) 13488* (bug 30264) Changed installer-generated LocalSettings.php to use 13489 require_once() instead require() for included extensions. 13490* (bug 26486) ResourceLoader modules with paths to nonexistent files cause PHP 13491 warnings/notices to be thrown 13492* (bug 30907) Special:Unusedcategories should sort ascendingly. 13493* (bug 30219) The page shown when LocalSettings.php does not exist was broken on 13494 Windows servers. 13495* Hardcoded NLS_NUMERIC_CHARACTERS for Oracle DB to prevent type conversion 13496 errors. 13497* Fixed recentchanges FK violation on page delete and cache purge error in 13498 updater for Oracle DB. 13499* (bug 32276) Skins were generating output using the internal page title which 13500 would allow anonymous users to determine whether a page exists, potentially 13501 leaking private data. In fact, the curid and oldid request parameters would 13502 allow page titles to be enumerated even when they are not guessable. 13503* (bug 32616) action=ajax requests were dispatched to the relevant internal 13504 functions without any read permission checks being done. This could lead to 13505 data leakage on private wikis. 13506 13507=== Changes since 1.17.0rc1 === 13508 13509* Fixed syntax error in generated LocalSettings.php when a non-default user 13510 rights profile is chosen. 13511* (bug 29399) Fixed PostgreSQL installation when the DB user for installation 13512 is the same as the one for web access. 13513* (bug 29233) Fixed failover for DB slave servers. When a DB slave went down, 13514 an error was immediately shown to the user, instead of trying another slave. 13515 Was broken since 1.17 beta 1. 13516* (bug 29278) Fixed PHP fatal error when attempting to add text to a page via a 13517 redirect. 13518* (bug 29408) Fixed uploads of files with MIME types that aren't detected by 13519 MediaWiki. 13520* Removed DEFAULT '' NOT NULL field definitions from Oracle DB schema because 13521 using the DEFAULT value ('') in DML broke Oracle backend as it treats an 13522 empty VARCHAR2 value as NULL. Indexes on Oracle do not require NOT NULL 13523 fields. 13524 13525=== Changes since 1.17 beta 1 === 13526 13527* Fixed warning about missing file "password.js". 13528* When installing on MySQL, don't attempt to create a new database user if the 13529 same user is used for installation and web access. 13530* Fixed SQL query errors in queries with table aliases. 13531* (bug 27891) Fixed the "chronology protector", broken since 1.17beta1, which 13532 ensures that when database replication is used, the new version is seen by 13533 the user immediately after they create or edit an article. 13534* (bug 28845) Allow PostgreSQL installation using a non-root user account which 13535 has role creation abilities. 13536* When installing on PostgreSQL and the install account is the same as the web 13537 account, check to make sure that the account has suitable privileges in the 13538 mediawiki schema. 13539* (bug 28172) Fixed error in PostgreSQL installation when creating the wiki 13540 sysop account. 13541* Fixed an issue with the Oracle installer in cases where the user is different 13542 to the database name. 13543* Added "unblockself" to the list of available rights. 13544* In the installer, fixed the "user rights profile" option, it never worked. 13545* (bug 29117) Fixed Hebrew localisation of the installer. 13546* (bug 28840) Reduce the collateral damage caused by the fix for bug 28235 (XSS 13547 on Internet Explorer 6 due to a file extension in the query string) by 13548 reducing the number of URLs that are blocked, and by redirecting the request 13549 to a safer URL where possible instead of blocking it. 13550* (bug 28812) Fixed documentation of API action=parse. 13551* (bug 28979) Fixed styling of <abbr> and <acronym>. 13552* Fixed the error message displayed when you try to create an account by email, 13553 but an email address is not given. 13554* Fixed JS error due to missing dependency for jquery.suggestions. 13555* Exposed $wgExtensionAssetsPath in JavaScript. 13556* (bug 28738) Made ResourceLoader support environments with small URL length 13557 limits. The length limit can be configured via 13558 $wgResourceLoaderMaxQueryLength, and this is set automatically in the 13559 generated LocalSettings.php when the php.ini variable 13560 "suhosin.get.max_value_length" is set. When a URL exceeds this limit, the 13561 request is split up. Also, reduced the average length of load.php URLs by 13562 using a more compact parameter format. 13563* (bug 25262) Fix for minification of hardcoded data: URIs in CSS. 13564* (bug 25124) Respect $wgStyleDirectory in ResourceLoader. 13565* Allow installation when no HTTP client is available, don't throw an exception. 13566* (bug 27465) Fix metadata extraction for SVG files using unusual namespace 13567 names. 13568* (bug 29174) Fix regression in upload-by-URL: uploading files larger than the 13569 PHP memory limit should work again. 13570* Fixed the display of comments in the new user log. 13571* (bug 28237) When installing extensions using the web-based installer, create 13572 any necessary database tables. 13573* (bug 28983) Fixed automated installation of extensions that overwrite $path. 13574* Fixed error caused by missing magic words. 13575* Fixed breakage of article editing in PostgreSQL due to text search 13576 configuration errors. 13577* Fixed the HTTPS client used when Curl is not available. This avoids an error 13578 during install about failure of the mediawiki-announce subscription. 13579* (bug 28162) When installing to PostgreSQL, respect the "database port" input, 13580 it was ignored. 13581 13582=== Configuration changes in 1.17 === 13583 13584* $wgLogAutocreatedAccounts controls whether autocreation of accounts is logged 13585 to new users log. 13586* (bug 22858) $wgLocalStylePath is by default set to the same value as 13587 $wgStylePath but should never point to a different domain than the site is 13588 on, allowing skins to use .htc files which are not cross-domain friendly. 13589* $wgFileStore has been deprecated. The only usage $wgFileStore['deleted'] has 13590 been turned into $wgDeletedDirectory. 13591* $wgDeletedDirectory has been added to specify what directory to place deleted 13592 uploads in. 13593* IBM DB2 database no longer uses the db specific $wgDBport_db2 variable but the 13594 normal $wgDBport. 13595* $wgCategoryPrefixedDefaultSortkey was removed and is now always false. This 13596 provides more sensible sorting behavior for categories. 13597* Removed unused globals: $wgEnableSerializedMessages, $wgCheckSerialized, 13598 $wgUseMemCached, $wgDisableSearchContext, $wgColorErrors, $wgUseZhdaemon, 13599 $wgZhdaemonHost and $wgZhdaemonPort. 13600* (bug 24408) The include_path is not modified in the default LocalSettings.php 13601* $wgVectorExtraStyles was removed, and is no longer in use. 13602* Removed $wgUpdates for database updates; extensions should use 13603 DatabaseUpdater::addExtensionUpdate() via the LoadExtensionSchemaUpdates hook. 13604* Removed $wgServerName. It doesn't need to be set anymore and is no longer 13605 available as input for other configuration items, either. 13606* It's no longer necessary for LocalSettings.php to include DefaultSettings.php. 13607* It's no longer necessary to set $wgCacheEpoch to the file modification time 13608 of LocalSettings.php, in LocalSettings.php itself. Instead, this is done 13609 automatically if $wgInvalidateCacheOnLocalSettingsChange is true (which is 13610 the default). 13611* $wgCopyrightIcon is deprecated and $wgFooterIcons['copyright']['copyright'] 13612 should be used instead. 13613* $wgSysopUserBans is deprecated, and will be made permanently true in 1.18. 13614 If you need this functionality, you should use the BlockIp hook to filter and 13615 reject such blocks. 13616* $wgSysopRangeBans is deprecated, you should set $wgBlockCIDRLimit to maximum 13617 (32 for IPv4, 128 for IPv6), equivalent to allowing rangeblocks of only 1 13618 address at a time. 13619 13620=== New features in 1.17 === 13621 13622* (bug 10183) Users can now add personal styles and scripts to all skins via 13623 User:<name>/common.css and /common.js (if user css/js is enabled). 13624* (bug 22748) Add anchors on Special:ListGroupRights. 13625* (bug 21981) Add parameter 'showfilename' to <gallery> to automatically 13626 apply the names of the individual files within the gallery. 13627* Future-proof redirection to fragments in Gecko, so things work a little nicer 13628 if they fix <https://bugzilla.mozilla.org/show_bug.cgi?id=516293>. 13629* Support git:// and mms:// protocols by default for external links. 13630* (bug 15810) Blocked admins can no longer unblock themselves without the 13631 'unblockself' permission (which they have by default). 13632* (bug 18499) Added "enhanced" URL parameter to switch between old and enhanced 13633 changes list. 13634* (bug 22925) "sp-contributions-blocked-notice-anon" message now displayed when 13635 viewing contributions of a blocked IP address. 13636* (bug 22474) {{urlencode:}} now takes an optional second parameter for type of 13637 escaping. 13638* Special:Listfiles now supports a username parameter. 13639* Special:Random carries over query string parameters. 13640* (bug 23206) Add Special::Search hook for detecting successful "Go". 13641* When visiting a "red link" of a deleted file, a deletion and move log excerpt 13642 is provided on the Upload form. 13643* (bug 22647) Add category details in search results. 13644* (bug 23276) Add hook to Special:NewPages to modify query. 13645* Add accesskey 's' and tooltip to 'Save' button at Special:Preferences. 13646* Add accesskey 'b' and tooltip to the summary field of edit mode. 13647* (bug 20186) Allow filtering Special:Contributions for RevisionDeleted edits. 13648* ajaxwatch now uses the API and JQuery, and can be used to animate arbitrary 13649 watch links, not just to watch the page the link is on. 13650* (bug 20976) "searchmenu-new-nocreate" message now displayed when there 13651 is no title match in search and the user has no rights to create pages. 13652* (bug 23429) Added new hook WatchlistEditorBuildRemoveLine. 13653* (bug 22844) Added support for WinCache object caching (for IIS). 13654* (bug 23580) Add two new events to LivePreview so that scripts can be notified 13655 about the beginning and finishing of LivePreview actions. 13656* (bug 21278) Now the sidebar allows inclusion of wiki markup. 13657* (bug 23733) Add IDs to messages used on CSS/JS pages. 13658* Show validity period of the login cookie in Special:UserLogin and 13659 Special:Preferences. 13660* Interlanguage links display the page title in their tooltip. 13661* (bug 23621) New Special:ComparePages to compare (diff) two articles. 13662* (bug 4597) Provide support in Special:Contributions to show only "current" 13663 contributions 13664* (bug 17857) {{anchorencode}} acts more like how the parser creates section ids 13665* (bug 21477) \& can now be used in <math> 13666* (bug 11641) \dotsc \dotsm \dotsi \dotso can now be used in <math> 13667* (bug 21475) \mathtt and \textsf can now be used in <math> 13668* texvc is now run via ulimit4.sh, to limit execution time. 13669* SQLite now supports $wgSharedDB. 13670* (bug 8507) Group file links by namespace:title on image pages. 13671* Stop emitting named entities, so we can use <!DOCTYPE html> while still being 13672 well-formed XML. 13673* texvc now supports \bcancel and \xcancel in addition to \cancel and \cancelto 13674* Added scriptExtension setting to $wgForeignFileRepos. 13675* ForeignApiRepo uses scriptDirUrl if apiBase not set. 13676* (bug 24212) Added MediaWiki:Filepage.css which is also included on foreign 13677 client wikis. 13678* (bug 14685) Double underscore magic word usage is now tracked in the 13679 page_props table, as well as the behavioral magic words {{DEFAULTSORT}} and 13680 {{DISPLAYTITLE}} 13681* (bug 24045) MediaWiki:Ipb-needreblock is now wrapped in a div with class 13682 "mw-ipb-needreblock" 13683* Non-file pages can no longer be moved to the file namespace, nor vice versa. 13684* (bug 671) The <dfn>, <kbd> and <samp> elements have been whitelisted in user 13685 input. 13686* (bug 21503) There's now a "reason" field when creating account for other 13687 users. 13688* (bug 24418) action=markpatrolled now requires a token. 13689* A variety of category sort-related fixes, including: 13690** (bug 164) In English, lowercase and uppercase letters now sort the same. 13691** (bug 1211) Subcategories, ordinary pages, and files now page separately. 13692** When several pages are given the same sort key, they sort by their names 13693 instead of randomly. 13694* (bug 23848) Add {{ARTICLEPATH}} Magic Word. 13695* (bug 8140) Add dedicated CSS classes to Special:Newpages elements. 13696* (bug 11005) Add CSS class to empty pages in Special:Newpages. 13697* The parser cache is now shared amongst users whose different settings aren't 13698 used in the page. 13699* Any attribute beginning with "data-" can now be used in wikitext, per HTML5. 13700* (bug 24007) Diff pages now mention the number of users having edited 13701 intermediate revisions. 13702* Added new hook GetIP. 13703* Special:Version now displays whether a SQLite database supports full-text 13704 search. 13705* TS_ISO_8691_BASIC was added as a time format, which is used by ResourceLoader 13706 for versioning. 13707* Maintenance scripts get a --memory-limit option to override defaults (which 13708 is usually to set it to -1 to disable the limit). 13709* (bug 25397) Allow uploading (not displaying) of WebP images, disabled 13710 by default. 13711* (bug 23194) Special:ListFiles now has thumbnails. 13712* Use hreflang to specify canonical and alternate links, search engine friendly 13713 when a wiki has multiple variant languages. 13714* (bug 19593) Specifying --server in now works for all maintenance scripts. 13715* Now rebuildtextindex.php warns if SQLite doesn't support full-text search. 13716* (bug 10541) Front/backend separation of installation/upgrade code. 13717* (bug 10596) Allow installer to enable extensions already in extensions folder. 13718* (bug 20627) Installer should be in languages other than English. 13719* Support for metadata in SVG files (title, description). 13720* Special:Search: Add CSS classes to 'none found' and 'create link' messages. 13721* Add CSS classes (including namespace and pagename) to the enhanced recent 13722 changes/watchlist entries. 13723* (bug 22463) Add hook 'SkinGetPoweredBy' to make 'powered by' icon/text 13724 customizable. 13725* Added CSS print pagination to the print stylesheets. 13726* (bug 25960) Add <link rel=canonical"> for File pages of shared/foreign 13727 file repositories. 13728* When viewing a redirect, the redirect arrow and redirection target are both 13729 wrapped in a div that has the class "redirectMsg" so that the redirection 13730 arrow can be customized with CSS. 13731* (bug 21911) Hard coded limit for long page warning removed. New message 13732 [[MediaWiki:Longpage-hint]] (empty per default) can be used instead. 13733 Parameters: $1 shows the formatted textsize in Byte/KB/MB, $2 is the raw 13734 number of the textsize in Byte. 13735* (bug 3276) Give image <gallery>s fluid width. 13736* Added uploads link to page subtitle in Special:Contributions. 13737* Added Special:Myuploads special page that redirects to Special:Listfiles. 13738* The footerlinks used in Monobook/Vector/Modern are now part of common skin 13739 code, SkinTemplateOutputPageBeforeExec can be used to customize the list. 13740* Special wrapping setups can now define MW_CONFIG_FILE to load a config file 13741 other than LocalSettings.php. This is like MW_CONFIG_CALLBACK but works in 13742 some cases where MW_CONFIG_CALLBACK will not work. 13743* (bug 26574) Added 'upload' to $wgRestrictionTypes, allowing upload protected 13744 pages to be queried via the API and Special:ProtectedPages, and allowing 13745 disabling upload protection by removing it from $wgRestrictionTypes. 13746* The name attribute of HTMLForm fields can now be overridden by passing a 13747 'name' key in the descriptor array. Hidden field names are now treated 13748 consistently with other fields and, by default, prefixed with 'wp'. 13749* (bug 27402) Add support for disabling MWSuggest. 13750* (bug 26563) Add bytes changed per revision for stub and full article dumps. 13751* (bug 27508) Add $wgSVGMetadataCutoff to limit the maximum amount of an svg we 13752 look at when finding metadata to prevent excessive resource usage. 13753* (bug 198) $wgUpgradeKey allows unlocking the web installer for upgrades 13754 without having to move LocalSettings.php 13755* Added $wgAllowImageTag, which can be set to true to whitelist the <img> tag 13756 in wikitext. 13757* (bug 12797) Add $wgGalleryOptions for adjusting of default gallery display 13758 options. 13759* Added the $wgAllowUserCssPrefs option which allows disabling CSS-based 13760 preferences; which can improve page loading speed. 13761* Added $wgSQLMode for setting database SQL modes - either performance (null) 13762 or other reasons (such as enabling stricter checks). 13763* (bug 20193) Added $wgVectorShowVariantName global configuration variable 13764 which causes Vector to render the variants drop-down menu with a label 13765 showing the current variant name. This is off by default, pending further 13766 research into its user experience implications. 13767* The upload link for missing files can now be set separately from the 13768 navigation link with $wgUploadMissingFileUrl. 13769* $wgAdditionalMailParams added to allow setting extra options to mail() calls. 13770* Added $wgSecureLogin to optionally login using HTTPS. 13771* (bug 25728) Added $wgPasswordSenderName to make the name associated 13772 with $wgPasswordSender configurable. 13773* (bug 22463) $wgFooterIcons added to allow configuration of the icons shown in 13774 the footers of skins. 13775* $wgFileCacheDepth can be used to set the depth of the subdirectory hierarchy 13776 used for the file cache. Default value is 2, which matches former behavior. 13777 13778=== Bug fixes in 1.17 === 13779 13780* (bug 17560) Half-broken deletion moved image files to deletion archive 13781 without updating database. 13782* (bug 22666) Submitting user block form with an invalid user name no longer 13783 throws an error. 13784* (bug 22665, bug 22667) User '0' can now be unblocked and have its block 13785 settings changed. 13786* (bug 22606) The body of e-mail address confirmation message is now different 13787 when the address changed. 13788* (bug 22664) Special:Userrights now accepts '0' as a valid user name. 13789* (bug 5210) Preload parser now parses <noinclude>, <includeonly> and 13790 redirects. 13791* (bug 22709) IIS7 mishandles redirects generated by OutputPage::output() when 13792 the URL contains a colon. 13793* (bug 22353) Categorised recent changes now works again. 13794* (bug 22747) "Reveal my e-mail address in notification e-mails" preference is 13795 now only displayed when relevant. 13796* (bug 22772) {{#special:}} parser function now works with subpages. 13797* (bug 18664) Relative URIs in interwiki links cause failed redirects. 13798* (bug 19270) Relative URIs in interwiki links break interwiki transclusion. 13799* (bug 22903) Revdelete log entries now show in the user preferred language. 13800* (bug 22905) Correctly handle <abbr> followed by ISBN. 13801* (bug 22940) Namespace aliases pointing to main namespace don't work. 13802* (bug 15810) Blocked admins can no longer block/unblock other users. 13803* (bug 22876) Avoid possible PHP Notice if $wgDefaultUserOptions is not 13804 correctly set. 13805* (bug 14952) Page titles are renormalized after html entities are removed so 13806 that links with non-NFC character references work correctly. 13807* (bug 22991) wgUserGroups JavaScript variable now reports * group for 13808 anonymous users instead of null. 13809* (bug 22627) Remove PHP notice when deleting a page only hidden users edited. 13810* (bug 21520) Anonymous previews now also gives a warning about not being 13811 logged in (anonpreviewwarning). 13812* (bug 22935) image/x-ms-bmp mime type added for BMP files. 13813* (bug 23024) Special:ListFiles now escapes file names correctly. 13814* (bug 22867) "View source" tab is now only displayed if there's source text. 13815* (bug 19393) Feeds now format dates in user language rather than content 13816 language. 13817* (bug 22852) "Served in" comment is now the time used to cache a single page 13818 when using rebuildFileCache.php 13819* (bug 22496) Viewing diff of a redirect page without specifying "oldid" 13820 parameter no longer makes the page displayed as being the redirect target. 13821* (bug 22918) Feed cache keys now use $wgRenderHashAppend. 13822* (bug 21916) Last-Modified header is now correct when outputting cached feed. 13823* (bug 20049) Fixed PHP notice in search highlighter that occurs in some cases. 13824* (bug 23017) Special:Disambiguations now list pages in content namespaces 13825 rather than only main namespace. 13826* (bug 23063) $wgMaxAnimatedGifArea is checked against the total size of all 13827 frames, and $wgMaxImageArea against the size of the first frame, rather than 13828 the other way around. Both now default to 12.5 megapixels. Also, images 13829 exceeding $wgMaxImageArea can still be embedded at original size. 13830* (bug 23078) "All public logs" option on Special:Log is now always the first 13831 item. 13832* (bug 16817) Group names in user rights log are now singular and in lowercase. 13833* Special:Preferences no longer crashes if the wiki default date formatting 13834 style is not valid for the user's interface language. 13835* (bug 23167) Check the watch checkbox by default if the watchcreations 13836 preference is set. 13837* Maintenance script cleanupTitles is now able to fix titles stored 13838 in a negative namespace (which is invalid). 13839* (bug 19858) Removed obsolete <big> in interface messages. 13840* (bug 21456) "Bad title" error when showing non-local interwiki pages no longer 13841 displays incorrect tabs. 13842* (bug 23190) Improved math representation for text browsers. 13843* (bug 22015) Improved upload-by-url error handling and error display. 13844* (bug 17941) $wgMaxUploadSize is now honored by all upload sources. 13845* (bug 23080) New usernames now limited to 235 bytes so that custom skin files 13846 work. 13847* (bug 23075) Correct MediaTransformError default width in gallery. 13848* (bug 16487) The Anonymous user account used on Postgres is no longer 13849 displayed on Special:Listusers. 13850* (bug 23313) Move watchlisthidepatrolled above token in watchlist preferences 13851 to enhance preference grouping. 13852* (bug 23298) Interwiki links with prefix only in log summaries now link to the 13853 correct link. 13854* (bug 23284) Times are now rounded correctly. 13855* (bug 23375) Added ogv, oga, spx as extensions for ogg files. 13856* (bug 18408) All required permissions for uploading (upload, edit, create) 13857 are now checked when loading Special:Upload. Toolbar link for Special:Upload 13858 is no longer shown if the user does not have the required permissions. 13859* (bug 23397) texvc in html mode renders \sim as ˜ not ∼ 13860* (bug 23241) License selector should be disabled during upload of a new 13861 version. 13862* (bug 23240) Add ID to namespace selector form on Special:Watchlist. 13863* The pipe | character in urls is now escaped. 13864* (bug 23422) mp3 files can now be moved. 13865* (bug 23448) MediaWiki:Summary-preview is now displayed instead of 13866 MediaWiki:Subject-preview when previewing summary. 13867* (bug 23426) The {{REVISIONMONTH}} variable is now zero-padded and added 13868 new variable {{REVISIONMONTH1}} when unpadded version is needed. 13869* Special:Userrights didn't recognize user as changing his/her own rights if 13870 user did not capitalize first letter of username. 13871* (bug 23507) Add styles for printing wikitables. 13872* (bug 19586) Avoid JS errors in mwsuggest when using old browsers such 13873 as Opera 8. 13874* (bug 23563) Old skins now support $wgUploadNavigationUrl and take into 13875 account upload rights. 13876* (bug 1347) Render \phi in math using images, in order to create consistent 13877 and correct render results. 13878* (bug 16573) Render \epsilon in math using images, in order to create 13879 consistent and correct render results. 13880* (bug 22541) Support image redirects when using ForeignAPIRepo. 13881* (bug 22967) Make edit summary length cut-off behave correctly for multibyte 13882 characters. 13883* (bug 8689) Long numeric lines no longer kill the parser. 13884* (bug 23740) Article::doRedirect() now use $extraQuery parameter correctly if 13885 the $noRedir parameter is set to true. 13886* (bug 23688) Correct mime types for Office 2007 OpenXML documents. 13887* (bug 23787) Corrected $wgDefaultSkin's comment in DefaultSettings.php. 13888* (bug 23797) Xml::input() now allows '0' for the value parameter. 13889* (bug 23747) Make sure that on History pages, the RevDel button is not 13890 accidentally activated when hitting enter. 13891* (bug 23845) Special:ListFiles now uses correct file names without underscores. 13892* Ask for permanent login in Special:Preferences only if $wgCookieExpiration > 13893 0. 13894* (bug 16356) Repair dumpInterwiki.inc to use proper normalization. 13895* (bug 24006) deleteArchivedRevisions.php maintenance script now longer throws 13896 a fatal error. 13897* (bug 23465) Don't ignore the predefined destination filename on 13898 Special:Upload after following a red link. 13899* (bug 23642) Recognize mime types of MS OpenXML documents. 13900* (bug 22784) Normalise underscores and spaces in autocomments. 13901* (bug 19910) Headings of the form ===+\s+ are now displayed as valid headings. 13902* (bug 24022) Only check file extensions on the uploadpage when needed. 13903* (bug 24076) Recognize Office 2003 files with OpenXML trailers. 13904* (bug 24244) Updated comments in DefaultSettings.php to reflect 13905 Image: --> File: namespace rename. 13906* Make wfTimestamp recognize negative unix timestamp values. 13907* (bug 24401) SimpleSearch: No button/text indicating 'Search' if image is 13908 disabled. 13909* (bug 23293) Do not show change tags when Special:RecentChanges(linked) or 13910 Special:Newpages is transcluded into another page as it messes up the page. 13911* (bug 24517) LocalFile::newFromKey() and OldLocalFile::newFromKey() no longer 13912 throw fatal errors. 13913* (bug 23380) Uploaded files that are larger than allowed by PHP now show a 13914 useful error message. 13915* Uploading to a protected title will allow the user to choose a new name 13916 instead of showing an error page. 13917* (bug 24425) Use Database::replace instead of delete/insert in 13918 SqlBagOStuff::set to avoid query errors about duplicate keynames. 13919* (bug 15470) First letters of filenames are always capitalized by upload JS. 13920* (bug 21215) NoLocalSettings.php doesn't tolerate rewrite rules. 13921* (bug 21052) Fix link color for stubs in NewPages. 13922* (bug 24714) Usage of {{#dateformat: }} in wikis without $wgUseDynamicDates no 13923 longer pollutes the parser cache. 13924* (bug 17031) Correct which characters the parser allows in tag attributes (a 13925 letter, colon or underscore followed by 0 or more letters, numbers, colons, 13926 underscores, hyphens, and/or periods). 13927* Save 200 useless queries on each category page view. 13928* Shell commands will now work on Linux in filesystems mounted noexec. 13929* (bug 24804) Corrected commafying in Polish and Ukrainian. 13930* "Difference between pages" is now displayed instead of "Difference between 13931 revisions" on diffs when appropriate. 13932* (bug 23703) ForeignAPIRepo fails on findBySha1() when using a 1.14 install as 13933 a repository due to missing 'name' attribute from the API list=allimages. 13934* (bug 24898) MediaWiki uses /tmp even if a vHost-specific tempdir is set, also 13935 make wfTempDir() return a sane value for Windows on worst-case. 13936* (bug 24824) Support ImageMagick 6.5.6-2+ JPEG decoder size hint, to reduce 13937 memory usage when such an ImageMagick is used for scaling. 13938* Disable multithreaded behavior in recent ImageMagick, to avoid a deadlock 13939 when a resource limit such as $wgMaxShellMemory is hit. 13940* (bug 24981) Allow extensions to access SpecialUpload variables again. 13941* (bug 20744) Wiki forgets about an uploaded file. 13942* (bug 17913) Don't show "older edit" when no older edit available. 13943* (bug 6204) TOC not properly rendered when using $wgMaxTocLevel. 13944* (bug 24977) The accesskey in history page now lead directly to the diff 13945 instead of alternating focus between the two buttons. 13946* (bug 24987) Special:ListUsers does not take external groups into account. 13947* (bug 20633) update.php has mixed language output. 13948* SQLite system table names are now never prefixed. 13949* (bug 25292) SkinSubPageSubtitle hook now passes the Skin object as second 13950 parameter. 13951* (bug 25167) Correctly load JS fixes for IE6 (fixing a regression in 1.16). 13952* (bug 25367) wfShellExec() is more explicit when failing due to disabled 13953 passthru(). 13954* (bug 25462) Fix double-escaping for section edit link tooltips. 13955* action=raw was removed for Special:Statistics. This information is still 13956 available via the API. 13957* (bug 23934) Groups defined in $wgRevokePermissions but not in 13958 $wgGroupPermissions now appear on Special:ListGroupRights. 13959* (bug 23923) Special:Prefixindex no longer shows results if nothing was 13960 requested. 13961* (bug 22308) Search now finds text in default main page immediately after 13962 setup. 13963* (bug 25697) Make sure empty lines render in diff view. 13964* Use an actual minus sign in diff views, instead of a hyphen. 13965* (bug 23732) Clarified "n links" message on Special:MostLinkedFiles. 13966* (bug 23731) Clarified "n links" message on Special:MostLinkedTemplates. 13967* (bug 25642) A exception is now thrown instead of a fatal error when using 13968 $wgSMTP without PEAR mail package. 13969* (bug 19633) When possible, Upscale small SVGs when creating thumbnails. 13970* (bug 11013) Database driver detection needs rewriting for robustness. 13971* (bug 13409) Installer prompts could use clarification--now has help boxes. 13972* (bug 16902) Installer spews warnings when exec() and dl() are not available. 13973* (bug 19129) Only show MyISAM/InnoDB when supported. 13974* (bug 17762) Only show other e-mail options when e-mail is globally enabled. 13975* Cache multiple sizes of InstantCommons thumbnails. 13976* (bug 25488) Disallowing anonymous users to read pages no longer throws error 13977 on discussion pages with vector as default skin. 13978* (bug 24833) Files name in includes/diff/ are now less confusing. 13979* (bug 25713) SpecialPage::resolveAlias() now normalise spaces to underscores. 13980* (bug 25829) Special:Mypage and Special:Mytalk now forward oldid, diff and dir 13981 parameters. 13982* (bug 25175) HTML file cache now honor $wgCacheDirectory if 13983 $wgFileCacheDirectory is not set. 13984* (bug 13353) Diff3 version checks were too strict, did not detect working 13985 diff3. 13986* (bug 25843) Links to special pages using link= attribute on images are now 13987 normalised like normal links to special pages. 13988* (bug 21364) External links using link= attribute on images now respect 13989 $wgExternalLinkTarget. 13990* (bug 17789) Added a note to the total views on Special:Statistics saying that 13991 is doesn't count non-existing pages and special pages. 13992* (bug 17996) HTTP redirects are now combined when requesting a special page. 13993* (bug 19944) Link on image thumbnails no longer link to "Media:" namespace in 13994 some cases. 13995* (bug 25670) wfFindFile() now checks the namespace of the given title, only 13996 "File" and "Media" are allowed now. 13997* (bug 25872) Rename the HttpRequest class to MWHttpRequest to avoid conflict 13998 with php extension that defines same class. 13999* (bug 20591) There's now a different message on Special:MovePage when 14000 $wgFixDoubleRedirects is set to false. 14001* Fixed PHP warnings when updating a broken MySQL database. 14002* (bug 26023) Corrected deleteBacth.php's documentation. 14003* (bug 25451) Improved datetime representation in 32 bit php >= 5.2. 14004* Show "skin does not exist error" only when the skin is inputted in the wrong 14005 case. 14006* (bug 26164) Potential html injection when the database server isn't available. 14007* (bug 26160) Upload description set by extensions are not propagated. 14008* (bug 9675) generateSitemap.php now takes an --urlpath parameter to allow 14009 absolute URLs in the sitemap index (as required e.g. by Google). 14010* Partial workaround for bug 6220: at least make files on shared repositories 14011 show up as (struck-out) bluelinks instead of redlinks on Special:WantedFiles. 14012* rebuildFileCache.php no longer creates inappropriate cache files for 14013 redirects. 14014* (bug 25512) Subcategory list should not include category prefix for members. 14015* (bug 10871) Javascript and CSS pages in MediaWiki namespace are no longer 14016 treated as wikitext on preview. 14017* Page existence is now not revealed (in the colour of the tabs) to users who 14018 cannot read the page in question. 14019* (bug 22753) Output from update.php is more clear when things changed, entries 14020 indicating nothing changed are now all prefixed by "..." 14021* (bug 16019) $wgArticlePath = "/$1" no longer breaks API edit/watch actions. 14022* (bug 18372) File types blacklisted by $wgFileBlacklist will no longer be shown 14023 as "Permitted file types" on the upload form. 14024* (bug 26540) Fixed wrong call to applyPatch in MysqlUpdater. 14025* (bug 26034) Make the "View / Read" tab in content_navigation style tabs remain 14026 selected when the action is "purge". 14027* (bug 26733) Wrap initial table creation in transaction. 14028* (bug 26208) Mark directionality of some interlanguage links. 14029* (bug 26716) Provide link to instructions for external editor related 14030 preferences. 14031* (bug 26961) Hide anon edits in watchlist preference now actually works. 14032* (bug 1379) Installer directory conflicts with some hosts' configuration panel. 14033* (bug 27781) Installer does not warn about 5.1.x. Added a compatibility 14034 function for array_key_exists(). 14035* Fix XML well-formedness on a few pages when $wgHtml5 is true (the default). 14036* (bug 28069) MediaWiki fails streaming files when mod_deflate and ob_gzhandler 14037 are also set. 14038* (bug 26223) Concurrently moving an article to different titles leaks a 14039 redirect revision with no page. 14040* (bug 15641) Fixed permissions checks in Special:Import which allowed users 14041 without the 'import' permission to import pages from configured import 14042 sources. 14043* (bug 26449) Keep underlines from headings outside of tables and thumbs by 14044 adding overflow:hidden to h1,h2,h3,h4,h5,h6 (also fixes editsection bunching). 14045* (bug 26708) Remove background-color:white from tables in Monobook and Vector. 14046* (bug 26781) {{PAGENAME}} and related parser functions escape their output 14047 better. 14048* (bug 26716) Provide link to instructions for external editor related 14049 preferences and add a comment to the ini control file explaining what is going 14050 on. 14051* (bug 28422) Remove color:black from tables in Monobook and Vector. And add it 14052 to table.wikitable instead. 14053* (bug 27560) Search queries no longer fail in walloon language. 14054* (bug 27700) The upload protection can now also be set for files that do not 14055 exist. 14056* (bug 28034) uploading file to local wiki when file exists on shared repository 14057 (commons) gives spurious info in the warning message. 14058* Usernames get lost when selecting different sorts on Special:listfiles. 14059* (bug 28166) UploadBase assumes that 'edit' and 'upload' rights are not per 14060 page restrictions. 14061* (bug 28242) Make redirects generated by urls containing a local interwiki 14062 prefix be a 301 instead of a 302. 14063* (bug 28568) Entries in the iwlinks table are now removed on page deletion. 14064* (bug 28306) Fix exposure of suppressed usernames in ForeignDBRepo. 14065* (bug 28444) Fix regression: edit-on-doubleclick retains revision id again. 14066* UtfNormal::cleanUp on an invalid utf-8 sequence no longer returns false if 14067 intl installed. 14068* (bug 26729) Category pages should return 404 if they do not exist and have no 14069 members. 14070* (bug 28214) When page not found, sends malformed HTTP/1.x instead of HTTP/1.1 14071 in header of response. 14072* (bug 27634) TOC title appears in wrong language. 14073* (bug 27761) Fix regression: pages with Esperanto titles containing convertible 14074 character sequences became unreachable. 14075* (bug 27508) SVGMetadataExtractor takes too much resources on huge svgs. 14076* (bug 27465) SVG thumbnail generation. 14077* (bug 27467) preload can leave UNIQ. 14078* (bug 27539) Allow attributes beginning with a digit in wikitext tag 14079 parameters. 14080* (bug 27328) using relative paths in CSS imports in MediaWiki:Common.css broken 14081 in 1.17. 14082* (bug 27333) Fix repetitive last-seen time queries on page history. 14083* (bug 26250, bug 23817) Fix wfObjectToArray() to descend into arrays; fixes 14084 processing of JSON return values for ForeignAPIRepo when native json module 14085 not present. 14086* (bug 25675) Fix search suggestions for Special: pages with spaces. 14087* (bug 25571) Xml::encodeJsVar now passes floats natively instead of converting 14088 to strings. 14089* (bug 27338) Gallery in 1.17 breaks for audio/video + ogghandler. 14090* (bug 27302) Don't append the current timestamp for user/site modules when no 14091 user/site JS/CSS is present. 14092* (bug 27016) dumpTextPass.php now consider the "output" parameter. 14093* (bug 22606) don't send the "someone registred an account" message when setting 14094 email address (i.e. old one empty) in user preferences. 14095* (bug 26458) Section edit links appear on pages that user does not have right 14096 to edit. 14097* (bug 28611) Don't die in SqlBagOStuff::incr() if there's a race condition. 14098* (bug 16886) Sister projects box moves down the extract of the first result 14099 in IE 7. 14100* (bug 17398) Fixed "link" parameter in image links with "thumb" or "frame" 14101 parameter. 14102 14103=== API changes in 1.17 === 14104 14105* BREAKING CHANGE: action=patrol now requires POST. 14106* BREAKING CHANGE: patrol token is no longer the same as edit token. 14107* BREAKING CHANGE: Session keys returned by ApiUpload are now strings instead 14108 of integers. 14109* BREAKING CHANGE: (bug 25303) Fix API parameter integer validation to actually 14110 enforce validation on the input values in addition to giving a warning. 14111 Also add flag to enforce (die) if integer out of range. 14112* (bug 24650) Fix API to work with categorylinks changes. 14113* action=parse now correctly returns an error for nonexistent pages. 14114* (bug 27201) Special:WhatLinksHere output no longer contains duplicate IDs. 14115* (bug 26560) On allusers if limit < total number of users, last user gets 14116 duplicated. 14117* (bug 27715) imageinfo didn't respect revdelete. 14118* (bug 27479) API error when using both prop=pageprops and 14119 prop=info&inprop=displaytitle. 14120* (bug 27862) Useremail module didn't properly return success on success. 14121* (bug 27590) prop=imageinfo now allows querying the media type. 14122* (bug 27587) list=filearchive now outputs full title info. 14123* (bug 27897) list=allusers and list=users list hidden users. 14124* (bug 22738) Allow filtering by action type on query=logevent. 14125* (bug 22764) uselang parameter for action=parse. 14126* (bug 22944) API: watchlist options are inconsistent. 14127* (bug 22868) don't list infinite block expiry date as "now" in API logevents. 14128* (bug 22290) prop=revisions now outputs "comment" field even when comment 14129 is empty, for consistency with list=recentchanges. 14130* (bug 19721) API action=help should have a way to just list for a specific 14131 module. 14132* (bug 23458) Add support for pageid parameter to action=parse requests. 14133* (bug 23460) Parse action should have a section option. 14134* (bug 21346) Make deleted images searchable by hash. 14135* (bug 23461) Normalise usage of parameter names in parameter descriptions. 14136* (bug 23548) Allow access of another users watchlist through watchlistraw 14137 using token and username. 14138* (bug 23524) Api Modules as followup to bug 14473 (Add iwlinks table to 14139 track inline interwiki link usage). 14140* Add pltitles and tltemplates to prop=links and prop=templates respectively, 14141 similar to prop=categories's clcategories. 14142* (bug 23834) Invalid "thumbwidth" and "thumbheight" in "imageinfo" query when 14143 thumbnailing larger than original image. 14144* (bug 23835) Need "thumbmime" result in "imageinfo" query. 14145* (bug 23851) Repair diff for file redirect pages. 14146* (bug 24009) Include implicit groups in action=query&list=users&usprop=groups. 14147* (bug 24016) API: Handle parameters specified in simple string syntax 14148 ( 'paramname' => 'defaultval' ) correctly when outputting help. 14149* (bug 24089) Logevents causes PHP Notice if leprop=title isn't supplied. 14150* (bug 23473) Give description of properties on all modules. 14151* (bug 24136) unknownerror when adding new section without summary, but 14152 forceditsummary. 14153* (bug 22339) Added srwhat=nearmatch to list=search to get a "go" result. 14154* (bug 24303) Added new &servedby parameter to all actions which adds the 14155 hostname that served the request to the result. It is also added 14156 unconditionally on error. 14157* (bug 24185) Titles in the Media and Special namespace are now supported for 14158 title normalization in action=query. Special pages have their name resolved 14159 to the local alias. 14160* (bug 24296) Added converttitles parameter to convert titles to their 14161 canonical language variant. 14162* (bug 23936) Add "displaytitle" to query/info API. 14163* (bug 24485) Make iwbacklinks a generator, optionally display iwprefix and 14164 iwtitle. 14165* (bug 24564) Fix fatal errors when using list=deletedrevs, prop=revisions or 14166 one of the backlinks generators with limit=max. 14167* (bug 24656) API's parse module needs option to disable PP report. 14168* PARAM_REQUIRED parameter flag added. If this flag is set, and the end user 14169 does not set the parameter, the API will automatically throw an error. 14170* (bug 24665) When starttimestamp is not specified, fake it by setting it to 14171 NOW, not to the timestamp of the last edit. 14172* (bug 24677) axto= parameters added to allcategories, allimages, alllinks, 14173 allmessages, allpages, and allusers. 14174* (bug 24236) Add add, remove, add-self, remove-self tags to 14175 meta=siteinfo&siprop=usergroups. 14176* (bug 24484) Add prop=pageprops module. 14177* (bug 24330) Add &redirect parameter to ?action=edit. 14178* (bug 24722) For list=allusers&auprop=blockinfo, only show blockedby and 14179 blockreason if the user is actually blocked. 14180* Add format=dump and format=dumpfm, outputs results in PHP's var_dump() format. 14181* For required string parameters, if '' is provided, this is now classed as 14182 missing. 14183* (bug 24724) list=allusers is out by 1 (shows total users - 1). 14184* (bug 24166) API error when using rvprop=tags. 14185* Introduced "asynchronous download" mode for upload-by-url. Requires 14186 $wgAllowAsyncCopyUploads to be true. 14187* sinumberingroup correctly gives size of 'user' group, and omits size of 14188 implicit groups rather than showing 0. 14189* (bug 25248) API: paraminfo errors with certain modules. 14190* (bug 24792) API help for action=purge sometimes wrongly stated whether a 14191 POST request was needed due to cache pollution. 14192* Added iiprop=parsedcomment to prop=imageinfo, similar to prop=revisions. 14193* Added rvparse to parse revisions. For performance reasons if this option is 14194 used, rvlimit is enforced to 1. 14195* (bug 25748) If a action=parse request provides an oldid that is actually the 14196 current revision id, try the parser cache, and save it to it if necessary. 14197* (bug 25463) Export header should not be shown if no pages were requested, to 14198 reduce confusion. 14199* (bug 25648) API discovery information has been added as RSD link in page 14200 <head> and by providing an API module action=rsd. Added hook 14201 ApiRsdServiceApis for extensions to add their own service to the services 14202 list. 14203* The HTML of diff output markers has changed. Hyphens are now minus signs, 14204 empty markers are now filled with non-breaking-space characters. 14205* (bug 25741) Add more data to list=search's srprop. 14206* (bug 25760) counter property still reported by the API when 14207 $wgDisableCounters enabled. 14208* (bug 25987) prop=info&inprop=watched now also works for missing pages. 14209* (bug 26006) prop=langlinks now allows obtaining full URL. 14210* (bug 26075) ApiDelete.php now calls correctly ArticleDelete hook. 14211* (bug 26089) add block expiration to blockinfo. 14212* (bug 26125) prop=imageinfo&iiprop=size now returns the page count if the 14213 file is a multi-page file. 14214* (bug 10268) Added linktodiffs parameter on action=feedwatchlist. 14215* (bug 26219) Show API limits for multi values in description. 14216* (bug 28070) Fix watchlist RSS for databases that store timestamps in a 14217 real timestamp field. 14218* (bug 27722) list=filearchive now supports revdel. 14219 14220=== Language support changes in 1.17 === 14221 14222MediaWiki supports over 330 languages. Many localizations are updated regularly. 14223 14224The following languages were added: 14225 14226* Moroccan Spoken Arabic (ary) 14227* Banjar (bjn) 14228* Kabardian (kbd) 14229* Kabardian (Cyrillic) (kbd-cyrl) 14230* Latgalian (ltg) 14231* Minangkabau (min) 14232* Dutch (informal) (nl-informal) 14233* Rusyn (rue) 14234 14235Other significant changes to MediaWiki's language support: 14236 14237* Fiji Hindi (Devangari script) was removed. 14238* Removed deprecated language code "dk" (Danish), use "da" instead. 14239* Link trail added for sl and sh. 14240* (bug 27633) Add characters to linkTrail for Portuguese (pt and pt-br). 14241* (bug 23156) Commafy and search normalization updated for Belarusian 14242 (Taraškievica). 14243* (bug 23283) Native name for Old English -> Ænglisc. 14244* (bug 23364) Native name for Azerbaijani -> Azərbaycanca. 14245* (bug 24593) Native name for Sorani now uses only Arabic script. 14246* (bug 24628) Generic translations for NS_USER/NS_USER_TALK for Esperanto. 14247* (bug 24917) Polish as fallback for Kashubia. 14248* (bug 24794) Tatar link trail updated. 14249* Esperanto date format corrected. 14250* (bug 28159) Change interwiki name of language kbd to Къэбэрдеибзэ / 14251 Qabardjajəbza. 14252* (bug 28184) Namespaces for the Latgalian Wikipedia. 14253* (bug 25010) Bashkir-language interwikis: linktext change from Башҡорт 14254 to Башҡортса. 14255* (bug 26395) Change name of Cornish language to Kernowek. 14256 14257=== Other changes in 1.17 === 14258 14259* DatabaseFunctions.php that was needed for compatibility with pre-1.3 14260 extensions has been removed. 14261* XmlFunctions.php has been removed. Use the Xml or Html classes as appropriate. 14262* The FailFunction "error handling" method has now been removed 14263* Sysops now have the "suppressredirect" right by default 14264* Removed $wgRemoteUploads. It was not well supported and superseded by 14265 $wgUploadNavigationUrl. 14266* (bug 26253) $wgPostCommitUpdateList has been removed 14267* The PHPUnit test suite has been removed from this release due to serious 14268 issues which should be resolved by the 1.18 release. 14269* Oracle DB now uses the __destruct function to commit/close connection as it 14270 doesn't commit on close if transation is triggered in OCI. 14271 14272== MediaWiki 1.16 == 14273 14274== MediaWiki 1.16.5 == 14275=== Changes since 1.16.4 === 14276 14277* (bug 28534) Fixed XSS vulnerability for IE 6 clients. This is the third 14278 attempt at fixing bug 28235. 14279* (bug 28639) Fixed potential privilege escalation when $wgBlockDisablesLogin 14280 is enabled. 14281 14282== MediaWiki 1.16.4 == 14283=== Changes since 1.16.3 === 14284 14285* (bug 28507) The change we made in 1.16.3 to fix bug 28235 (XSS for IE 6 14286 clients) was not actually sufficient to fix that bug. This release contains 14287 a second attempt, hopefully we have fixed it this time. 14288 14289== MediaWiki 1.16.3 == 14290=== Changes since 1.16.2 === 14291 14292* (bug 28449) Fixed permissions checks in Special:Import which allowed users 14293 without the 'import' permission to import pages from the configured import 14294 sources. 14295* (bug 28235) Fixed XSS affecting IE 6 and earlier clients only, due to those 14296 browsers looking for a file extension in the query string of the URL, and 14297 ignoring the Content-Type header if one is found. 14298* (bug 28450) Fixed a CSS validation issue involving escaped comments, which 14299 led to XSS for Internet Explorer clients and privacy loss for other clients. 14300 14301== MediaWiki 1.16.2 == 14302=== Changes since 1.16.1 === 14303 14304* (bug 26642) Fixed incorrect translated namespace due to a regression in the 14305 language converter. 14306* The interface translations were updated. 14307* (bug 27093, CVE-2011-0047): Fixed CSS injection vulnerability. 14308* (bug 27094) Fixed server-side arbitrary script inclusion vulnerability. 14309 Affects Windows servers only. A malicious file with extension ".php" must 14310 exist on the server for the exploit to be effective. 14311 14312== MediaWiki 1.16.1 == 14313=== Changes since 1.16.0 === 14314 14315* (bug 24981) Allow extensions to access SpecialUpload variables again 14316* (bug 24724) list=allusers was out by 1 (shows total users - 1) 14317* (bug 24166) Fixed API error when using rvprop=tags 14318* For wikis using French as a content language, Special:Téléchargement works 14319 again as an alias for Special:Upload. 14320* (bug 25167) Correctly load JS fixes for IE6 (fixing a regression in 1.16.0) 14321* (bug 25248) Fixed paraminfo errors in certain API modules. 14322* The installer now has improved handling for situations where safe_mode is 14323 active or exec() and similar functions are disabled. 14324* (bug 19593) Specifying --server in now works for all maintenance scripts. 14325* Fixed $wgLicenseTerms register globals. 14326* (bug 26561) Fixed clickjacking vulnerabilities by introducing support for 14327 X-Frame-Options. The header value can be configured using $wgBreakFrames and 14328 $wgEditPageFrameOptions. 14329 14330== MediaWiki 1.16.0 == 14331=== Changes since 1.16 beta 3 === 14332 14333* (bug 23769) Disabled HTML 5 client-side form validation. Was introduced in 14334 1.16 beta 1, but is currently poorly supported by browsers. 14335* (bug 23175) Re-added window.ta variable for backwards compatibility. 14336* (bug 23264) Fixed breakage of various command line scripts due to extra line 14337 endings being inserted by Maintenance::output(). 14338* Fixed HTTP client functionality with safe_mode=On. 14339* Fixed parser tests broken in 1.16 beta 3. 14340* For Oracle DB backend: fixed parser tests and table prefix feature. 14341* (bug 23767) Fixed PHP warning when REQUEST_URI is blank (IIS issue). 14342* Fixed plural function for Northern Sami (se) 14343* (bug 23597) Fixed conflicts between ID attributes in the Vector skin and 14344 parser-generated heading IDs. Renamed head, panel, head-base and page-base. 14345* Disabled $wgHitcounterUpdateFreq>1 feature on SQLite, does not work yet. 14346* (bug 23465) Don't ignore the predefined destination filename on 14347 Special:Upload after following a red link to a file. 14348* In SQLite full-text search feature: fixed "move page" feature, was non- 14349 functional. 14350* (bug 24565) Fixed Cache-Control headers sent from API modules, to protect 14351 user privacy in the case where an attacker can access the wiki through the 14352 same HTTP proxy as a logged-in user. 14353* Fixed an XSS vulnerability in profileinfo.php for installations with 14354 $wgEnableProfileInfo = true (false by default) 14355* Fixed a case where an X-Vary-Options header was sent despite $wgUseXVO being 14356 false. Fixed a minor header parsing issue when $wgUseXVO = true. 14357* Fixed a register_globals arbitrary inclusion vulnerability in 14358 MediaWikiParserTest.php, introduced in 1.16 beta 1. 14359 14360=== Changes since 1.16 beta 2 === 14361 14362* Fixed bugs in the [[Special:Userlogin]] and [[Special:Emailuser]] handling of 14363 invalid usernames. 14364* Fixed sorting in [[Special:Allmessages]] 14365* (bug 23113) Fixed title in the show/hide links on diff pages 14366* (bug 23117) Fixed API rollback, was returning "badtoken" for valid requests 14367* (bug 23127) Re-added missing $1 parameter to the uploadtext message 14368* Fixed a bug in the Vector skin where personal tools display behind the logo 14369* (bug 23139) Fixed a bug in edit conflict resolution, where both textboxes 14370 showed the same text. 14371* (bug 23115, bug 23124) Fixed various problems with <title> and <h1> elements 14372 in page views and previews when the language converter is enabled. 14373* (bug 23148) Fixed a local path disclosure vulnerability in ImageMagick image 14374 scaling, which was introduced in 1.16 beta 1. 14375* Improved error checking on installer. 14376* (bug 22970) Fixed a JavaScript error in the upload destination conflict 14377 check. 14378* (bug 23167) Check the watch checkbox by default if the watchcreations 14379 preference is set. 14380* (bug 23171) Improve IE6 version check to avoid false positives. 14381* (bug 23176) Fixed upload warning override feature "upload new version", 14382 broken in 1.16 beta 1. 14383* Fixed regression in unwatch links sent out in notification emails. When the 14384 mailing job was deferred via the job queue, the title was incorrect. 14385* (bug 23534) Fixed SQL query error in API list=allusers. 14386* Fixed a bug in uploads for non-JavaScript clients. An empty string was used 14387 as the default destination filename, instead of the source filename as 14388 expected. 14389* (bug 23371) Fixed CSRF vulnerability in "e-mail me my password", "create 14390 account" and "create by e-mail" features of [[Special:Userlogin]] 14391* (bug 23687) Fixed XSS vulnerability affecting IE clients only, due to a CSS 14392 validation issue. 14393* Fixed a DoS vulnerability in ImageMagick image scaling. ImageMagick 14394 expanded wildcard characters "?" and "*" in image filenames, potentially 14395 causing large numbers of images to be scaled in response to a single request. 14396 The fix for this involves breaking the scaling of such image filenames until 14397 ImageMagick 6.6.1-5 or later is deployed, see bug 23361 for more details. 14398* (bug 23608) Fixed invalid HTML in diff pages. 14399 14400=== Changes since 1.16 beta 1 === 14401 14402* Fixed errors in maintenance/patchSql.php 14403* (bug 19627) Fix regression from r57867 where HTMLForm would output 14404 <element classes="foo bar"> rather than <element class="foo bar"> 14405* Fixed broken "-r" option to maintenance/lag.php 14406* (bug 23076) Fixed login CSRF vulnerability. Logins now require a token to 14407 be submitted along with the user name and password. 14408 14409=== Configuration changes in 1.16 === 14410 14411* (bug 18222) $wgMinimalPasswordLength default is now 1 14412* $wgSessionHandler can be used to configure session.save_handler 14413* $wgLocalFileRepo/$wgForeignFileRepos now have a 'fileMode' parameter to 14414 be used when uploading/moving files 14415* (bug 18761) $wgHiddenPrefs is a new array for specifying preferences not 14416 to be shown to users 14417* $wgAllowRealName and $wgAllowUserSkin were deprecated in favor of 14418 $wgHiddenPrefs[] = 'realname', but the former are still retained 14419 for backwards-compatibility 14420* (bug 9257) $wgRCMaxAge now defaults to three months 14421* $wgDevelopmentWarnings can be set to true to show warnings about deprecated 14422 functions and other potential errors when developing. 14423* Subpages are now enabled in the MediaWiki namespace by default. This is 14424 mainly a cosmetic change, and does not in any way affect the MessageCache, 14425 which was already effectively treating the namespace as if it had subpages. 14426* Oracle: maintenance/ora/user.sql script for creating DB user on oracle with 14427 appropriate privileges. Creating this user with web-install page requires 14428 oci8.privileged_connect set to On in php.ini. 14429* Removed UserrightsChangeableGroups hook introduced in 1.14 14430* Added $wgCacheDirectory, to replace $wgFileCacheDirectory, 14431 $wgLocalMessageCache, and any other local caches which need a place to put 14432 files. 14433* $wgFileCacheDirectory is no longer set to anything by default, and so either 14434 needs to be set explicitly, or $wgCacheDirectory needs to be set instead. 14435* $wgLocalMessageCache has been removed. Instead, set $wgUseLocalMessageCache 14436 to true 14437* Removed $wgEnableSerializedMessages and $wgCheckSerialized. Similar 14438 functionality is now available via $wgLocalisationCacheConf. 14439* $wgMessageCache->addMessages() is deprecated. Messages added via this 14440 interface will not appear in Special:AllMessages. 14441* $wgRegisterInternalExternals can be used to record external links pointing 14442 to same server 14443* (bug 19907) $wgCrossSiteAJAXdomains and $wgCrossSiteAJAXdomainExceptions added 14444 to control which external domains may access the API via cross-site AJAX. 14445* $wgMaintenanceScripts for extensions to add their scripts to the default list 14446* $wgMemoryLimit has been added, default value '50M' 14447* $wgExtraRandompageSQL is deprecated, the SpecialRandomGetRandomTitle hook 14448 should be used instead 14449* (bug 20489) $wgIllegalFileChars added to override the default list of illegal 14450 characters in file names. 14451* (bug 19646) $wgImgAuthDetails added to display reason access to uploaded file 14452 was denied to users(img_auth only) 14453* (bug 19646) $wgImgAuthPublicTest added to test to see if img_auth set up 14454 correctly (img_auth only) 14455* $wgUploadMaintenance added to disable file deletions and restorations during 14456 maintenance 14457* $wgCapitalLinkOverrides added to configure per-namespace capitalization 14458* (bug 21172) $wgSorbsUrl can now be an array with multiple DNSBL and renamed 14459 to $wgDnsBlacklistUrls (backward compatibility kept) 14460* $wgEnableHtmlDiff has been removed 14461* (bug 3340) $wgBlockCIDRLimit added (default: 16) to configure the low end of 14462 CIDR ranges for blocking 14463* $wgUseInstantCommons added for quick and easy enabling of Commons as a remote 14464 file repository 14465* $wgDBAhandler added to choose a DBA handler when using CACHE_DBA 14466* $wgPreviewOnOpenNamespaces for extensions that create namespaces that behave 14467 similarly to the category namespace. 14468* $wgEnableSorbs renamed to $wgDnsBlacklistUrls ($wgEnableSorbs kept for 14469 backward compatibility) 14470* $wgUploadNavigationUrl now also affects inline images that do not 14471 exist. In that case the URL will get (?|&)wpDestFile=<filename> appended to 14472 it as appropriate. 14473* If $wgLocaltimezone is null, use the server's timezone as the default for 14474 signatures. This was always the behavior documented in DefaultSettings.php 14475 but has not been the actual behavior for some time: instead, UTC was used 14476 by default. 14477* Added $wgExtensionAssetsPath, to decouple assets serving from $wgScriptPath. 14478 If not specified it will default to $wgScriptPath/extensions 14479* Added $wgCountTotalSearchHits to make search UI display total number of hits 14480 with some search engines. 14481* Added $wgAdvertisedFeedTypes to decide what feed types (RSS, Atom, both, or 14482 neither) MediaWiki advertises. Default is array( 'atom' ), so RSS is no 14483 longer advertised by default (but it still works). 14484* Added $wgMemCachedTimeout, controls how long to wait for data from the 14485 memcached servers. 14486* New configuration variables $wgDebugTimestamps and $wgDebugPrintHttpHeaders 14487 for controlling debug output. 14488* New $wgBlockDisablesLogin when set to true disallows blocked users from 14489 logging in. 14490* (bug 8790) Metadata edition ($wgUseMetadataEdit) has been moved to a separate 14491 extension "MetadataEdit". 14492 14493=== New features in 1.16 === 14494 14495* Add CSS defintion of the 'wikitable' class to shared.css 14496* (bug 17163) Added MediaWiki:Talkpageheader which will be displayed when 14497 viewing talk pages 14498* Superfluous border="0" removed from images 14499* Added new hook 'MessageCacheReplace' into MessageCache.php. For instance 14500 to allow extensions to update caches in similar way as MediaWiki invalidates 14501 a cached MonoBook sidebar 14502* Special:AllPages: Move hardcoded styles from code to CSS 14503* (bug 18529) New hook: SoftwareInfo for adding information about the software 14504 to Special:Version 14505* Added $wgExtPGAlteredFields to allow extensions to easily alter the data 14506 type of columns when using the Postgres backend. 14507* (bug 16950) Show move log when viewing/creating a deleted page 14508* (bug 18242) Show the Subversion revision number per extensions in 14509 Special:Version 14510* (bug 18420) Missing file revisions are handled gracefully now 14511* (bug 9219) Auth plugins can control editing RealName/Email/Nick preferences 14512* (bug 18466) Add note or warning when overruling a move (semi-)protection 14513* (bug 18342) insertTags works in edit summary box 14514* (bug 18411) The upload form also checks post_max_size 14515* Watchlist now has a specialized <div> tag that contains a unique class for 14516 each page 14517* Added Minguo calendar support for the Taiwan Chinese language 14518* Database: unionQueries function to be used for UNION sql construction, so 14519 it can be overloaded on DB abstraction level for DB specific functionality 14520* (bug 18849) Implement Japanese and North Korean calendars 14521* (bug 5755) Introduce {{CURRENTMONTH1}} and {{LOCALMONTH1}} to display the 14522 month number without the leading zero 14523* (bug 13456) categoriespagetext supports PLURAL 14524* (bug 18860) Blocks of IPs affecting registered users can now block email 14525* (bug 17093) Date and time are separate parameters in Special:BlockList 14526* (bug 11484) Added ISO speed rating to default collapsed EXIF metadata view 14527* (bug 14866) Messages 'recentchangeslinked-toolbox' and 14528 'recentchangeslinked-toolbox' were added to allow more fine grained 14529 customisation of the user interface 14530* DISPLAYTITLE now accepts a limited amount of wiki markup (the single-quote 14531 items) 14532* Special:Search now could search terms in all variant-forms. ONLY apply on 14533 wikis enabled LanguageConverter. 14534* Add autopromote condition APCOND_BLOCKED to autopromote blocked users to 14535 various user groups. 14536* Add $wgRevokePermissions as a means of restricting a group's rights. The 14537 syntax is identical to $wgGroupPermissions, but users in these groups will 14538 have these rights stripped from them. 14539* Added a PHP port of CDB (constant database), for improved local caching when 14540 the DBA extension is not available. 14541* Introduced a new system for localisation caching. The system is based around 14542 fast fetches of individual messages, minimising memory overhead and startup 14543 time in the typical case. The database backend will be used by default, but 14544 set $wgCacheDirectory to get a faster CDB-based implementation. 14545* Expanded the number of variables which can be set in the extension messages 14546 files. 14547* Added a feature to allow per-article process pool size control for the parsing 14548 task, to limit resource usage when the cache for a heavily-viewed article is 14549 invalidated. Requires an external daemon. 14550* (bug 19576) Moved the id attributes from the anchors accompanying section 14551 headers to the <span class="mw-headline"> elements within the section headers, 14552 removing the redundant anchor elements. 14553* Parser::setFunctionTagHook now can be used to add a new tag which is parsed at 14554 preprocesor level. 14555* Added $wgShowArchiveThumbnails, allowing sysadmins to disable thumbnail 14556 display for old versions of images. 14557* In watchlists and Special:RecentChanges, the difference in page size now 14558 appears in dark green if bytes were added and dark red if bytes were removed. 14559* Added FSRepo configuration properties thumbUrl and thumbDir, to allow the 14560 thumbnails to be stored in a separate location to the source images. 14561* If config/ directory is not executable, the command to make it executable 14562 now asks the user to cd to the correct directory 14563* Add experimental new external authentication framework, ExternalAuth 14564* (bug 18768) Remove AdminSettings requirements. Maintenance environment 14565 will still load it if it exists, but it's not required for anything 14566* (bug 19900) The "listgrouprights-key" message is now wrapped in a div with 14567 class "mw-listgrouprights-key" 14568* (bug 471) Allow RSS feeds for watchlist, using an opt-in security token 14569* (bug 10812) Interwiki links can have names and descriptions, fetched from 14570 message 'interwiki-desc-PREFIX', not really used anywhere yet though 14571* (bug 9691) Add type (signup or login) parameter to 14572 AuthPlugin::ModifyUITemplate() 14573* (bug 14454) "Member of group(s)" in Special:Preferences causes language 14574 difficulties 14575* (bug 16697) Unicode combining characters are difficult to edit in some 14576 browsers 14577* Parser test supports uploading results to remote CodeReview instance 14578* (bug 20013) Added CSS class "mw-version-ext-version" is wrapped on the 14579 extension version in Special:Version 14580* (bug 20014) Added CSS class "mw-listgrouprights-right-name" is wrapped on the 14581 right name in Special:ListGroupRights 14582* (bug 12920) New CoreParserFunction {{nse:...}} as an url-friendly equivalent 14583 to {{ns:...}} 14584* (bug 16322) Allow maintenance scripts to accept DB user/pass over input or 14585 params 14586* (bug 18566) Maintenance script to un/protect pages 14587* (bug 671) The HTML <abbr> tag is now permitted. 14588* RecentChanges now has a legend to explain what the Nmb! flags mean, and the 14589 flags have tooltips. 14590* (bug 15209) New hook BeforeInitialize called after everything has been setup 14591 but before Mediawiki::performRequestForTitle() 14592* wgMainPageTitle variable now available to JavaScript code to identify the main 14593 page link, so it doesn't have to be extracted from the link URLs. 14594* (bug 16836) Display preview of signature in user preferences and describe its 14595 use 14596* The default output format is now HTML 5 instead of XHTML 1.0 Transitional. 14597 This can be disabled by setting $wgHtml5 = false;. Specific features enabled 14598 if HTML 5 is used: 14599** Some extra inputs will be autofocused, in supporting browsers. 14600** The summary attribute has been removed from tables of contents. summary is 14601 obsolete in HTML 5 and wasn't useful here anyway. 14602** Unnecessary type="" attribute removed for CSS and JS. 14603** If $wgWellFormedXml is set to false, some bytes will be shaved off of HTML 14604 output by omitting some things like quotation marks where HTML 5 allows. 14605** (bug 16921) maxlength enabled for page move comments 14606* The description message in $wgExtensionCredits can be an array with parameters 14607* New hook SpecialRandomGetRandomTitle allows extensions to modify the selection 14608 criteria used by Special:Random and subclasses, or substitute a custom result, 14609 deprecating the $wgExtraRandompageSQL config variable 14610* (bug 20318) Distinct CSS classes for ISBN/RFC/PMID special links added 14611* (bug 20404) Custom fields in the user creation form template can now have 14612 detail labels in prefsectiontip divs. 14613* MakeSysop and MakeBot are now aliases for Special:UserRights 14614* IndexPager->mLimitsShown can now be an associative array of limit => text-to- 14615 display-in-limit-form. 14616* (bug 18880) LogEventsList::showLogExtract() can now take a string-by-reference 14617 and add its HTML to it, rather than having to go straight to $wgOut. 14618* Added $wgShowDBErrorBacktrace, to allow users to easily gather backtraces for 14619 database connection and query errors. 14620* Show change block / unblock link on Special:Contributions if user is blocked 14621* Display note on Special:Contributions if the user is blocked, and provide an 14622 excerpt from the block log. 14623* (bug 19646) New hook: ImgAuthBeforeStream for tests and functionality before 14624 file is streamed to user, but only when using img_auth 14625* Note on non-existing user and user talk pages if user does not exist 14626* New hook ShowMissingArticle so extensions can modify the output for 14627 non-existent pages. 14628* Admins could disable some variants using $wgDisabledVariants now. ONLY apply 14629 on wikis enabled LanguageConverter. 14630* (bug 16310) Credits page now lists IP addresses rather than saying the number 14631 of anonymous users that edited the page 14632* New permission 'sendemail' added. Default right for all registered users. Can 14633 for example be used to prevent new accounts from sending spam. 14634* (bug 16979) Tracking categories for __INDEX__ and __NOINDEX__ 14635* Two new hooks, ConfirmEmailComplete and InvalidateEmailComplete, which are 14636 called after a user's email has been successfully confirmed or invalidated. 14637* (bug 19741) Moved the XCF files out of the main MediaWiki distribution, for 14638 a smaller subversion checkout. 14639* (bug 13750) First letter capitalization can now be a per-namespace setting 14640* (bug 21073) "User does not exist" message no longer displayed on sub-sub-pages 14641 of existing users 14642* (bug 21095) Tracking categories produced by the parser (expensive parser 14643 function limit exceeded, __NOINDEX__ tracking, etc) can now be disabled by 14644 setting the system message ([[MediaWiki:expensive-parserfunction-category]] 14645 etc) to "-". 14646* Added maintenance script sqlite.php for SQLite-specific maintenance tasks. 14647* Rewrote Special:Upload to allow easier extension. 14648* Upload errors that can be solved by changing the filename now do not require 14649 reuploading. 14650* Added $wgRateLimitsExcludedIPs, to allow specific IPs to be whitelisted from 14651 rate limits. 14652* (bug 21222) When $wgUseTeX is not enabled, <math> is no longer registered with 14653 the parser so extensions are free to implement their own <math> tag 14654* (bug 21047) Wrap 'cannotdelete' into a div with the generic 'error' class and 14655 an own 'mw-error-cannotdelete' class 14656* New hook AbortNewAccountAuto, called before account creation from AuthPlugin- 14657 or ExtUser-driven requests. 14658* (bug 3480) The warning saying that the page has a history when deleting it now 14659 contains the number of revisions in the history 14660* $wgStylePath and $wgLogo are now set in the default LocalSettings.php file. 14661* (bug 20186) Allow filtering history for revision deletion. 14662* New hook OtherBlockLogLink, called in Special:IPBlockList and Special:Block 14663 to show links to block logs of other blocking extensions, i.e. GlobalBlocking 14664* Added search capabilities to SQLite backend 14665* rebuildtextindex.php maintenance script now supports databases other than 14666 MySQL 14667* upgrade1_5.php now requires to be run --update option to prevent confusion 14668* (bug 17662) Customizable default preload/editintro for new sections in the 14669 respective addsection-preload and addsection-editintro messages 14670* Added maintenance script checkSyntax.php that checks for PHP syntax errors 14671 and common coding mistakes 14672* Updated Unicode normalization tables 14673* (bug 21604) Spellcheck attribute for editsummary 14674* New wgCategories JavaScript global variable for userscripts. 14675* (bug 20717) Added checkboxes to hide users with bot and/or sysop group 14676 membership in SpecialActiveusers 14677* Allow \pagecolor and \definecolor in texvc 14678* $wgTexvcBackgroundColor contains background color for texvc call 14679* (bug 21574) Redirects can now have "303 See Other" HTTP status 14680* EditPage refactored to allow extensions to derive new edit modes much easier. 14681* (bug 21826) Subsections of Special:Version now also have anchors 14682* (bug 19791) Add URL of file source as comment to thumbs (for ImageMagick) 14683* (bug 21946) Sorted wikitables do not properly handle minus signs 14684* (bug 18885) Red links for media files do not support shared repositories 14685* Added $wgFixArabicUnicode, to convert deprecated presentation forms in 14686 Arabic text to their modern equivalents, and $wgFixMalayalamUnicode, to 14687 convert ZWJ-based chillu sequences in Malayalam text to their Unicode 5.1 14688 equivalents. 14689* (bug 22051) Returing false in SpecialContributionsBeforeMainOutput hook now 14690 stops normal output 14691* Send new password e-mail in users preference language 14692* LanguageConverter now support nested using of manual convert syntax like 14693 "-{-{}-}-" 14694* Upload license preview now uses the API instead of action=ajax 14695* (bug 7346) Add <guid> to RSS to avoid duplicates 14696* (bug 19996) Added new hooks for Special:Search, which allow to further 14697 restrict/expand it. 14698* (bug 21936) When a revision has been patrolled, there's now a link back to the 14699 article 14700* (bug 22315) SpecialRecentChangesQuery hook now pass $query_options and checks 14701 the return value 14702* Separate unit test suites under t/ and tests/ were merged and moved to 14703 maintenance/tests/. 14704* importImages.php maintenance script can now use the original uploader and 14705comment from another wiki. 14706* Support for Turck MMCache was removed 14707* (bug 14592) Warn users when they try to move their user page that their 14708 account will not be renamed 14709* Show block log on non-existing user (talk) pages of currently blocked users 14710 14711=== Bug fixes in 1.16 === 14712 14713* (bug 18031) Make namespace selector on Special:Export remember the previous 14714 selection 14715* The svn-version version numbers on Special:Version have been removed 14716* (bug 17374) Special:Export no longer exports two copies of the same page 14717* (bug 18190) Proper parsing in MediaWiki:Sharedupload message 14718* (bug 17617) HTML cleanup for ImagePage 14719* (bug 17964) namespaceDupes.php no longer fails on an empty interwiki table 14720* Improved error handling for image moving 14721* (bug 17974) On Special:SpecialPages, restricted special pages are now marked 14722 with <strong> tags, helps with text-based browsers 14723* (bug 18259) Special:DeletedContributions now also uses 14724 MediaWiki:Sp-contributions-logs for the link to Special:Log 14725* Don't add empty title="" attributes to links to anchors on the current page 14726* (bug 18291) rebuildrecentchanges.php failed to add deletion log entries 14727* (bug 18304) rebuildrecentchanges.php got size changes wrong 14728* (bug 18170) Fixed a PHP warning in Parser::preSaveTransform() in PHP 5.3 14729* (bug 18289) Database connection error page now returns correct HTML 14730* "successbox", "errorbox" and related CSS classes are now available in all 14731 skins 14732* (bug 18316) Removed superfluous name="fulltext" from Special:Search 14733* (bug 18331) MediaWiki:Undelete-revision can now have wikitext 14734* The "noautoblock" flag is no longer displayed in the block log when blocking 14735 an IP address 14736* (bug 18009) $wgHooks and $wgExtensionFunctions now support closures 14737* (bug 17948) Maintenance scripts now exit(0) or exit(1) as appropriate 14738* (bug 18377) Time in Enhanced ChangesList lacking localisation 14739* (bug 12998) Allow <sup>, <sub>, etc. in DISPLAYTITLE 14740* (bug 1553) Lowercase navigation headings in German 14741* (bug 7830) Pending transactions failed to commit on loginToUse() error 14742* (bug 11613) session.save_handler being over-ridden 14743* (bug 11381) session.save_handler being set twice (causes error) 14744* (bug 17835) ForeignAPIRepo throwing error on first page load for file 14745* (bug 18115) ForeignAPIRepo cache isn't working 14746* Fixed a bug caused by LanguageConverter.php, which brings an abnormal '}-' 14747 after some parsed math syntax. 14748* (bug 18441) rebuildrecentchanges.inc no longer ignores $wgLogRestrictions 14749* (bug 18317) Bolded selections in 1 | 3 | etc days on RecentChanges now use 14750 <strong> instead of hardcoded styles 14751* (bug 18449) Fixed items number per column on category pages when the total is 14752 divisible by 3 14753* (bug 18121) maintenance/deleteArchivedRevisions.php no longer deletes 14754 revisions when --delete is not passed 14755* (bug 13172) GPS coordinates in image Exif data are now actually displayed 14756* Overhaul of preferences system, includes the following bug fixes: 14757** (bug 5363) Changes to default preferences now impact registered users. 14758** (bug 14806) Hook to enable putting preferences in existing tabs. 14759** (bug 17191) Registration date now listed on preferences page. 14760** The user_properties table (now used for storing preferences) has been added 14761 to $wgSharedTables. 14762** Note that this change will break some extensions which have not been adapted 14763 for it. 14764* (bug 17020) Adding fallback encodings for Traditional and Simplified Chinese 14765 languages while the text is typed as URLs. 14766* (bug 17614) Prev / Next links are not shown if all results are shown 14767* (bug 18207) Strange spacing before [[irc:...]] links 14768* Removed float from the user login form in RTL interface - caused display 14769 problems in FF2 14770* (bug 15008) Redirect images are now subject to Bad image list rules 14771* (bug 6802) profileinfo.php now also work on other database servers than MySQL 14772* (bug 16925) Diffs no longer fail when $wgExternalDiffEngine is set to 14773 'wikidiff' or 'wikidiff2' but extension is not installed 14774* (bug 18326) Chmod errors in file repos have been hidden 14775* (bug 18718) Comma after a } create a error in IE 14776* (bug 18716) Removed redundant class in Modern skin CSS for category links and 14777 tweaked spacing. 14778* (bug 18656) Use proper directory separators in wfMkdirParents() 14779* (bug 18549) Make Special:Blockip respect $wgEnableUserEmail and 14780 $wgSysopEmailBans 14781* (bug 16912) Tooltips on images with link= disappear 14782* (bug 18389) Localise numbers in EXIF data 14783* (bug 18522) Wrap MediaWiki:Protect-cascadeon in a div for identification 14784* (bug 18438) Tweak HTML for preview bar for consistency and accessibility 14785* (bug 18432) Updated documentation for dumpBackup.php 14786* Fix array logic in Sanitizer::removeHTMLtags so that it doesn't strip good 14787 tags that were redundantly defined. 14788* (bug 14118) SpecialPage::getTitleFor does not return a localised name 14789* (bug 18698) Renaming non entry point maintenance scripts from .inc.php to 14790 .inc 14791* Deprecated methods Title::getInterwikiLink, Title::userCanCreate(), 14792 Title::userCanEdit() and Title::userCanMove() have been removed 14793* Only show upload links on file description if $wgEnableUploads = true 14794 and user can upload 14795* Don't say "You need to log in to upload/move", because it's possible that 14796 uploading/moving is disabled for registered users as well (e.g. only sysops) 14797* (bug 18943) Handle invalid titles gracefully at Special:Mostlinked 14798* (bug 8873) Enable variant conversion in text on 'alt' and 'title' attributes 14799* (bug 10837) Introducing the StubUserVariant class to determine the variant 14800 variable instead of using this to overrule the user language preference. 14801* (bug 19014) If user had deletedhistory right, but not undeleted right, then 14802 show "view" instead of "view/restore" on logs. 14803* (bug 19017) TOC level calculation error in an odd case 14804* (bug 18999) CSS update for RTL interwiki links 14805* (bug 18925) history.js removes class names of list elements on initialization 14806* Multiple whitespace in TOC anchors is now stripped, for consistency with the 14807 link from the edit comment 14808* (bug 19112) Preferences now respects $wgUseExternalEditor 14809* (bug 18173) MediaWiki now fails when unable to determine a client IP 14810* (bug 19170) Special:Version should follow the content language direction 14811* (bug 19160) maintenance/purgeOldText.inc is now compatible with PostgreSQL 14812* Fixed performance regression in "bad image list" feature 14813* Show user preference 'Use live preview' if $wgLivePreview is enabled only 14814* (bug 17014) Blocked users can no longer use Special:UserRights unless they 14815 can add/remove *all* groups (have 'userrights' permission). 14816* (bug 19294) Always show Sp-contributions-footer(-anon) 14817* Attempts to restrict reading of pages while anonymous viewing is allowed 14818 via extensions not using the userCan hook and via $wgRevokePermissions now 14819 work. 14820* (bug 8445) Multiple-character search terms are now handled properly for 14821 Chinese 14822* (bug 19450) Use formatNum for "Number of edits" in Special:Preferences 14823* (bug 11242) Check for MySQL storage engines during installation now checks 14824 whether the engines are actually available 14825* (bug 19390) Omit the "printable version" link on the printable version 14826* (bug 18394) img_auth.php now respects userCan 14827* (bug 19509) Uploading to a file named '0' previously treated it as null input 14828 and attempted to upload with the source name. Now warns about not having an 14829 extension (since 0.ext is perfectly valid) 14830* (bug 19468) Enotif preferences are now only displayed when they are turned on 14831* (bug 19442) Show/hide options on watchlist only work once 14832* (bug 19602) PubMed Magic links now use updated NIH url 14833* (bug 19637) externallinks have links to self 14834* Don't load Opera 9.5 RTL fixes for Opera 9.6 14835* Remove five-year-old KHTMLFixes.css, which is unlikely to be relevant anymore 14836 and was causing problems. 14837* Removed repetition of URIs in the title attributes of external links. 14838* (bug 19693) User name is now escaped in "Contributions for ..." link on 14839 Special:BlockIP 14840* (bug 19571) Override buildConcat for SQLite. 14841* Log in and log out links no longer return to page view when clicked from 14842 history view, edit page, or something similar 14843* (bug 19513) RTL fixes for new Search UI 14844* (bug 16497) Special:Allmessages is paginated 14845* (bug 18708) CSS plainlinks class now available to all skins 14846* (bug 19590) Database error messages no longer have "MySQL" hardcoded as the 14847 database type 14848* (bug 19759) successbox on Special:Preferences now correctly aligned on 14849 standard, nostalgia and cologneblue skin 14850* (bug 19814) interwiki links from file links ([[File:Foo.jpg|link=de:Test]]) 14851 are no longer recorded in the pagelinks table 14852* (bug 19784) date option "ISO 8601" produced illegal id 14853* (bug 19761) Removed autogenerated <meta keywords> tag with link data. 14854 Keyword set was not useful, and is ignored by modern search engines anyway. 14855* (bug 19827) Special:SpecialPages title is "Upload file 14856* (bug 19355) Added .xhtml, .xht to upload file extension blacklist 14857* (bug 19287) Workaround for lag on history page in Firefox 3.5 14858* (bug 19564) Updated docs/hooks.txt 14859* (bug 18751) Fix for buggage in profiling setup for some extensions on PHP 5.1 14860* (bug 17139) ts_resortTable inconsistent trimming makes date sorting fragile 14861* (bug 19445) Change oldimage table to use ON UPDATE CASCADE for FK to image 14862 table. 14863* (bug 14080) Short notation links to subpages didn't work in edit summaries 14864* (bug 17374) Special:Export no longer exports multiple copies of pages 14865* (bug 19818) Edits to user CSS/JS subpages can now be marked as patrolled by 14866 users who can't edit them 14867* (bug 19839) Comments in log items are no more double escaped 14868* (bug 18161) Fix inconsistent separators in watchlist link toolbars with 14869 "enhanced recent changes" 14870* (bug 16877) Moving a page over a redirect no longer leaves an orphan entry in 14871 the recentchanges table 14872* (bug 16009) Limit selection forms based on Pager now links to the correct page 14873 when using long urls 14874* The display of the language list on the preferences is more comply with the 14875 BCP 47 standards. 14876* (bug 19849) Custom X-Vary-Options header now disabled unless $wgUseXVO is set 14877* (bug 19301) Duplicate entries in $wgAddGroups, $wgRemoveGroups, 14878 $wgGroupsAddToSelf and $wgGroupsRemoveFromSelf are no more displayed on 14879 Special:ListGroupRights 14880* (bug 18799) Special:Userlogin now handles correctly the returnto parameter 14881 to not link back to Special:Userlogout when user's language isn't the same as 14882 content's language 14883* (bug 19479) Show proper error message when unable to connect to PostgreSQL 14884 database with username/password in MediaWiki's setup 14885* (bugs 18407, 18409) Special:Upload is now listed on Special:Specialpages only 14886 if uploads are enabled and the user can access it 14887* (bug 17988) Spaces before [[Category:]] links are no longer ignored 14888* (bug 19957) All known-failing tests now marked disabled; added --run-disabled 14889 option to parser test suite to run disabled tests if desired. 14890* (bug 16311) Make recent change flags (n/m/b) <abbr>s instead of <span>s 14891* (bug 15680) Split the edit tip message of user CSS/JS subpage into 14892 "usercssyoucanpreview" and "userjsyoucanpreview" respectively. 14893* (bug 12110) Split the rights for editing users' CSS/JS subpage from 14894 "editusercssjs" into "editusercss" and "edituserjs" respectively. 14895* (bug 19394) RecentChanges feed URLs for log items with no revisions 14896 (eg Newuser, Userrights) are no longer broken 14897* (bug 17395) Remote file descriptions use user language ($wgLang), not wiki 14898 language ($wgContLang) 14899* (bug 11867) Lock error on redirect table when running orphans.php 14900* (bug 18930) initStats.php now refreshes active users count 14901* (bug 18699) Using the nosummary URL option no longer triggers the "You have 14902 not provided a summary" warning for those who activated it in their 14903 preferences 14904* (bug 18855) commandLine.inc and Maintenance.php are now properly included 14905 using the full path 14906* (bug 18497) Fixed broken style sheets in Opera fullscreen mode 14907* (bug 16084) Default memory limit has be increased to 50M, see $wgMemoryLimit 14908* (bug 17864/19519) Added proper input normalization in Special:UserRights 14909* (bug 20086) Add Hook to add extra statistics at the end of Special:Statistics 14910* (bug 19289) importDump.php can now handle bzip2 and 7zip 14911* (bug 20131) Fixed a PHP notice for users having the "rollback" right on 14912 Special:RecentChangesLinked 14913* Do not transform EXIF fields with pure text to avoid results like 14914 foo,bar@example,com 14915* (bug 20176) Fix login/logout links in skin CologneBlue 14916* (bug 20203) "Powered by Mediawiki" now has height/width on image tag 14917* (bug 20273) Fix broken output when no pages are found in the content 14918 namespaces 14919* (bug 20265) Make AncientPages and UnusedFiles work on SQLite 14920* Fixed XSS vulnerability for Internet Explorer clients (only pre-release 14921 versions of MediaWiki were affected). 14922* (bug 14817) Moving a page to a subpage of itself moves it twice 14923* (bug 20289) $wgMaximumMovedPages should only count pages actually moved 14924* (bug 15248) Non-breaking spaces and certain other Unicode space characters 14925 are now normalized to ordinary spaces in titles; if your wiki has existing 14926 titles with such characters, run cleanupTitles.php and/or cleanupImages.php 14927* (bug 11143) Links containing invalid UTF-8 percent-code sequences are now 14928 cleanly disabled instead of breaking parsing entirely on PHP 5.2. 14929* (bug 20296) Fixed an PHP warning in Language::getMagic() in PHP 5.3 14930* (bug 20358) Unprotect tab was missing accesskey; now same as protect tab. 14931* (bug 20317) Cleaned up default main page link accesskey settings 14932* (bug 20362) Special:Statistics now produces valid HTML when view counters are 14933 enabled 14934* (bug 19857) maintenance/deleteRevision.php on last revision no longer breaks 14935 target page 14936* (bug 20365) Page name with c/g/h/j/s/u + x are now correctly handled in 14937 Special:MovePage with Esperanto as content language 14938* (bug 20364) Fixed regression in GIF metadata loading 14939* (bug 20299) MediaWiki:Move-subpages and MediaWiki:Move-talk-subpages can now 14940 use wikitext 14941* (bug 15475) DatabaseBase::setFlag(), DatabaseBase::clearFlag() and 14942 DatabaseBase::getFlag() now have documentation 14943* (bug 19966) MediaWiki:License-header is now used for the licensing header in 14944 the file description page instead of MediaWiki:License 14945* (bug 20380) Links to history/deleted edits at the top of 14946 Special:RevisionDelete are no more displayed when doing log suppression 14947* (bug 8143) Localised parser function names are now correctly case insensitive 14948 if they contain non-ASCII characters 14949* (bug 19055) maintenance/rebuildrecentchanges.php now purges 14950 Special:Recentchanges's RSS and Atom feed cache 14951* The installer will now try to bypass PHP's max_execution_time 14952* (bug 20260) SQLite no longer tries to automatically create the database at 14953 execution time, this now happens only at install time; if it is not available 14954 at script execution, it now throws an exception 14955* Fixed EditFilterMerged hook so the hookError parameter serves a purpose 14956 (analogous to EditFilter hook) 14957* (bug 2257) Tag extensions can expand template parameters provided to the tag, 14958 by using a new parameter added to the recursiveTagParse function 14959* (bug 14900) __INDEX__ and __NOINDEX__ no longer override site config set in 14960 $wgArticleRobotPolicies. 14961* (bug 20466) Hidden categories are no more displayed when printing 14962* (bug 20446) When changing user rights with User@remotewiki and remotewiki is 14963 the local wiki, the user is now treated as the local user 14964* (bug 20494) OutputPage::getArticleBodyOnly() no longer requires an useless 14965 argument 14966* (bug 20136) Protection form JavaScript now synchronizes the expiry boxes on 14967 any change, in addition to onkeyup. 14968* Don't link to "edit this page" on MediaWiki:Noarticletext if user is not 14969 allowed to create page. Done via new message 14970 MediaWiki:Noarticletext-nopermission 14971* Improved compatibility between the Vector skin and addPortletLink() from 14972 wikibits.js: empty portlets are now present but hidden, adding an element to a 14973 portlet unhides it 14974* (bug 19531) addPortletLink() now wraps inserted labels in a <span> element to 14975 be compatible with the CSS for the Vector skin 14976* (bug 20578) Wrong localized image metadata - duplicated string? 14977* (bug 20556) Stub threshold's "other" <input> in Special:Preferences now has a 14978 correct type="text" parameter 14979* (bug 482) Don't include TOC in the printable version if it has been hidden 14980* Adjust the time according to the user configuration on Special:Revisiondelete 14981* (bug 20624) Installation no longer allows "qqq" as the chosen language 14982* (bug 20634) The installer-created database user will now have all rights on 14983 the database so that upgrades will go more smoothly. 14984* (bug 18180) Special:Export ignores limit, dir, offset parameters 14985* User::getBlockedStatus() works for all kinds of user objects and doesn't 14986 assume the user object is equal to the current-user object ($wgUser) 14987* (bug 20517) Cancel link from edit page now returns to the old version when 14988 editing an old version 14989* (bug 16902) Installer no longer shows warnings when exec() has been disabled 14990 by disable_functions 14991* (bug 20726) Title::getLatestRevID's documentation now says that the function 14992 returns false if the page doesn't exist 14993* (bug 20751) ForeignApiRepo now urldecodes filenames when saving to local cache 14994* (bug 20730) Fix to Special:Version ViewVC link for branch checkouts 14995* (bug 20353) wfShellExec() was adding extra quotes on Windows Vista, causing 14996 command line scripts to fail 14997* (bug 20702) Parser functions can now be used correctly in 14998 MediaWiki:Missing-article 14999* (bug 14117) "redirected from" is now also shown on foreign file redirects 15000* (bug 17747) Only display thumbnail column in file history if the image can 15001 be rendered. 15002* (bug 3421) Live preview no longer breaks user CSS/JS previews 15003* (bug 11264) The file logo on a file description page for documents (PDF, ...) 15004 now links to the file rather than the file description page 15005* Password fields built with HTMLForm now still have the type="password" 15006 attribute if $wgHtml5=false. 15007* (bug 20836) Preload now works for MediaWiki namespace 15008* (bug 20885) Search box no longer suggests unavailable special pages 15009* (bug 20948) "Create this page" on Special:Search is no longer displayed when 15010 searching for special pages 15011* (bug 20524) Hideuser: Show nice error when trying to block hidden user without 15012 hideuser right 15013* (bug 21026) Fixed file redirects on shared repos on non-English client wikis 15014* (bug 21030) Fixed schema choices from being overwritten by defining unique 15015 field names per driver. 15016* (bug 21115) wgCanonicalSpecialPageName javascript variable is now always 15017 false on non-special pages 15018* (bug 21113) "Other statistics" header on Special:Statistics is no more 15019 displayed when there isn't any entry in it 15020* (bug 21114) Special:Contributions no longer shows diff links for new 15021 revisions 15022* (bug 21116) MediaWiki:Templatesused, MediaWiki:Templatesusedpreview and 15023 MediaWiki:Templatesusedsection now support plural 15024* (bug 21079) There is no more line wrapping between label and field in 15025 Special:Log 15026* (bug 20256) Fixed SQL errors on Special:Recentchanges and 15027 Special:Recentchangeslinked on SQLite backend 15028* (bug 20880) Fixed updater failure on SQLite backend 15029* (bug 21182) Fixed invalid HTML in Special:Listgrouprights 15030* (bug 20242) Installer no longer promts for user credentials for SQLite 15031 databases 15032* (bug 20911) Installer failed to create a SQLite database 15033* (bug 20847) Deprecated deprecated akeytt() removed in wikibits.js leaving 15034 dummy 15035* (bug 21161) Changing $wgCacheEpoch now always invalidates file cache 15036* (bug 20268) Fixed row count estimation on SQLite backend 15037* (bug 20275) Fixed LIKE queries on SQLite backend 15038* (bug 21234) Moving subpages of titles containing \\ now works properly 15039* (bug 21006) maintenance/updateArticleCount.php now works again on PostgreSQL 15040* (bug 19319) Add activeusers-intro message at top of SpecialActiveUsers page 15041* (bug 21255) Fixed hostname construction for DNSBL checking 15042* (bug 18019) Users are now warned when moving a file to a name in use on a 15043 shared repository and only users with the 'reupload-shared' permission can 15044 complete the move. 15045* (bug 18909) Add missing Postgres INSERT SELECT wrapper 15046* User::isValidPassword now only returns boolean results, 15047 User::getPasswordValidity can be used to get an error message string 15048* The error message shown in Special:ChangePassword now parses wiki markup 15049* (bug 19859) Removed experimental HTMLDiff feature 15050* Removed section edit links in edit conflict form 15051* Allow SpecialActiveusers to work on non-MySQL databases 15052* (bug 6579) Fixed protecting images from uploading only 15053* (bug 18609) Search index was empty for some pages 15054* (bug 13453) rebuildrecentchanges maintenance script works on PG again 15055* (bug 16583) Reduce false positives when checking for PHP (on upload, etc.) 15056* (bug 20112) Bitrotted tests in the t/ directory were failing. 15057* (bug 21470) MediaWiki:Sp-contributions-explain is now wrapped in a <p> with 15058 id "mw-sp-contributions-explain" 15059* (bug 19159) Fixed \overleftrightarrow in texvc 15060* (bug 19391) Fix caching for Recent ChangesFeed. 15061* (bug 21455) Fixed "Watch this page" checkbox appearing on some special pages 15062 even to non-logged in users 15063* (bug 21551) Rewrote the Squid purge HTTP client to provide a more robust and 15064 general implementation of HTTP, allowing it to purge non-Squid caches such as 15065 Varnish. 15066* Fixed corruption of long UDP debug log messages by using socket_sendto() 15067 instead of fsockopen() with fwrite(). 15068* (bug 16884) Fixed feed links in sidebar not complying with URL parameters 15069 of the displayed page 15070* (bug 21403) memcached class renamed to MWMemecached to avoid conflict with 15071 PHP's memcached extension 15072* (bug 21650) Both calls to SkinTemplateTabs hook are now compatible 15073* (bug 21672) Add missing Accept-Language to both Vary and XVO headers 15074* (bug 21679) "Edit block reasons" link at the bottom of Special:Blockip is now 15075 only displayed to the users that have "editinterface" right 15076* (bug 21740) Attempting to protect a page that doesn't exist (salting) returns 15077 "unknown error" 15078* (bug 18762) both redirects and links get fixed one after another if 15079 redirects-only switch is not present 15080* (bug 20159) thumbnails rerendered if older than $wgThumbnailEpoch 15081* Fixed a bug which in some situations causes the job queue to grow forever, 15082 due to an infinite loop of job requeues. 15083* (bug 21523) File that can have multiple pages (djvu, pdf, ...) no longer have 15084 the page selector when they have only one page 15085* (bug 21559) "logempty" message is now wrapped in a div with class 15086 "mw-warning-logempty" when used in log extract 15087* (bug 20549) Parser tests were broken on SQLite backend 15088* (bug 21776) Interwiki urls like http://en.wikibooks.org/wiki/cs: should give 15089 a redirect instead of a baderror. 15090* (bug 21803) Special:MyContributions now keeps the query string parameters 15091* Redirecting special pages now keep query string parameters set to "0" (e.g. 15092 for namespace) 15093* (bug 20765) Special:ListGroupRights no longer misses addables and removables 15094 groups if there are duplicate entries 15095* (bug 21814) Message shown when rolling back an edit with a deleted username 15096 now shows '(username deleted)' instead of broken user tool links 15097* (bug 21536) Fixed JavaScript error on Special:Search caused by an incorrect ID 15098* (bug 21535) RecentChanges RSS feed now always recognises the namespace filter, 15099 previously it sometimes didn't due to caching. 15100* (bug 20388) ProfilerSimpleText no longer outputs comment on action=raw 15101* refreshLinks.php now purges orphaned redirect table rows 15102* (bug 2971) Swap links of hist & diff location on Special:Contributions for 15103 consistency with RC/WL 15104* (bug 21986) Special page names are now capitalized by content language 15105* If two log types have the same description, they're now both displayed in the 15106 type selector on Special:Log 15107* (bug 20115) Special:Userlogin title says "Log in / create account" even if the 15108 user can't create an account 15109* (bug 2658) Don't attempt to set the TZ environment variable. 15110* (bug 9794) User rights log entries for foreign user now links to the foreign 15111 user's page if possible 15112* (bug 14717) Don't load nonexistent CSS fix files for non-Monobook skins 15113* (bug 22034) Use wfClientAcceptsGzip() in wfGzipHandler instead of 15114 reimplementing it. 15115* (bug 19226) First line renders differently on many UI messages. 15116* (bug 21303) Comments are no longer stripped from MediaWiki:Common.js and 15117 skin-specific JS pages 15118* (bug 5061) Use the more precise thumbcaption thumbimage and thumbinner classes 15119 for image divs. 15120* (bug 22096) IE50Fixes.css and IE55Fixes.css have been dropped from the 15121 Monobook and Chick skins 15122* Fixed bug involving unclosed "-{" markup in the language converter 15123* (bug 21870) No longer include Google logo from an external server on wiki 15124 error. 15125* (bug 22181) Do not truncate if the ellipsis actually make the string longer 15126* (bug 16039) Text disappearing after a bad image 15127* (bug 18784) Internal links like [[File:Foo|caption]] should read 'caption', 15128 not 'File:Foo' when Foo is not an image 15129* (bug 21518) Special:UserRights no longer displays the user name box for users 15130 that can only change their rights 15131* (bug 21593) Special:UserRights now lists automatic groups membership 15132* (bug 22364) Setting $wgUseExternalEditor to false no longer hides the reupload 15133 link from file pages 15134* Fix bug introduced in MediaWiki 1.12: The author field in 15135 $wgExtensionCredits is no longer sorted with sort() but rather used 15136 as it appears in extensions as was the case before r30117 where it 15137 was unintentionally sorted along with other fields. 15138* (bug 19334) Textarea no longer jumps when editing longer articles in IE8 15139* Truncate summary of page moves in revision comment field to avoid broken 15140 multibyte characters 15141* (bug 22540) ForeignApiRepos no longer try to store thumbnails that don't exist 15142* (bug 22551) Special:Resetpass now has a "Cancel" button that sends the user to 15143 the page set in the &returnto parameter. 15144* (bug 19194) Search box in Modern skin doesn't focus with Safari/Chrome 15145* (bug 17790) Users instantly logged off on HughesNet 15146* (bug 21549) Make foreign key constraints DEFERRABLE INITIALLY DEFERRED 15147 when using Postgres as the database backend. 15148 15149== API changes in 1.16 == 15150 15151* Added uiprop=changeablegroups to meta=userinfo 15152* Added usprop=gender to list=users 15153* (bug 18311) action=purge now works for images too 15154* Add parentid to prop=revisions output 15155* (bug 17832) action=delete returns 'unknownerror' instead of 'permissiondenied' 15156 when the user is blocked 15157* (bug 18546) Added timestamp of new revision to action=edit output 15158* (bug 18554) Also list hidden revisions in list=usercontribs for privileged 15159 users 15160* (bug 13049) "API must be accessed from the primary script entry point" error 15161* (bug 16422) Don't display help for format=jsonfm unless specifically requested 15162* Added PHP and database version to meta=siteinfo output 15163* (bug 18533) Add readonly message to meta=siteinfo output 15164* (bug 18518) Add clprop=hidden to prop=categories 15165* (bug 18710) Fixed internal error with empty parameter in action=paraminfo 15166* (bug 18709) Missing descriptions for some parameters in action=paraminfo 15167 output 15168* (bug 18731) Show correct SVN links for extension modules in api.php?version 15169* (bug 18730) Add version information to action=paraminfo output 15170* (bug 18743) Add ucprop=size to list=usercontribs 15171* (bug 18749) Add generator flag to action=paraminfo output 15172* Make action=block respect $wgEnableUserEmail and $wgSysopEmailBans 15173* Made deleting file description pages without files possible 15174* (bug 18773) Add content flag to siprop=namespaces output 15175* (bug 18785) Add siprop=languages to meta=siteinfo 15176* (bug 14200) Added user and excludeuser parameters to list=watchlist and 15177 list=recentchanges 15178* Added index, fromtitle and byteoffset fields to action=parse&prop=sections 15179 output 15180* (bug 19313) action=rollback returns wrong revid on master/slave setups 15181* (bug 19323) action=parse doesn't return section tree on pages with Cite 15182 warnings 15183* (bug 18720) Add anchor field to action=parse&prop=sections output 15184* (bug 19423) The initial file description page used caption in user lang 15185 rather than UI lang 15186* (bug 17809) Add number of users in user groups to meta=siteinfo 15187* (bug 18533) Add readonly reason to readonly exception 15188* (bug 19528) Added XSLT parameter to API queries in format=xml 15189* (bug 19040) Fix prependtext and appendtext in combination with section 15190 parameter in action=edit 15191* (bug 19090) Added watchlist parameter, deprecated watch and unwatch 15192 parameter in action=edit 15193* Added fields to list=search output: size, wordcount, timestamp, snippet 15194* Where supported by backend, list=search adds a 'searchinfo' element with 15195 optional info: 'totalhits' count and 'suggestion' alternate query term 15196* (bug 19907) $wgCrossSiteAJAXdomains added to allow specified (or all) 15197 external domains to access api.php via AJAX, if the browser supports the 15198 Access-Control-Allow-Origin HTTP header 15199* (bug 19999) Made metadata and properties of search results optional. Added 15200 srprop and srinfo. 15201* (bug 20700) Add amprop=default to meta=allmessages to list default value for 15202 customized messages 15203* Don't parse magic words in meta=allmessages, output messages unparsed 15204* (bug 21105) list=usercontribs can now list contribs for User:0 15205* (bug 21085) list=deletedrevs no longer returns only one revision when 15206 drcontinue param is passed 15207* (bug 21106) Deprecated parameters now tagged in action=paraminfo 15208* (bug 19004) Added support for tags 15209* (bug 21083) list=allusers no longer returns current timestamp for users 15210 without registration date 15211* (bug 20967) action=edit allows creation of invalid titles 15212* (bug 19523) Add inprop=watched to prop=info 15213* (bug 21589) API: Separate summary and initial page text for uploads 15214* (bug 21817) list=usercontribs returns empty result for empty ucuser 15215* (bug 21441) meta=userinfo&uiprop=options no longer returns default options 15216 for logged-in users under certain circumstances 15217* (bug 21945) Add chomp control in YAML 15218* Expand the thumburl to an absolute url to make it consistent with url and 15219 descriptionurl 15220* (bug 20233) ApiLogin::execute() doesn't handle LoginForm :: RESET_PASS 15221* (bug 22061) API: add prop=headitems to action=parse 15222* (bug 22240) API: include time in siteinfo 15223* (bug 22241) Quick edit is still using the deprecated watch parameter (API: 15224 Setting default for watch/unwatch wrongly set) 15225* (bug 22245) blfilterredirect=nonredirects in blredirect mode wrongly filtering 15226* (bug 22248) Output extension URLs in meta=siteinfo&siprop=extensions 15227* Support key-params arrays in 'descriptionmsg' in 15228 meta=siteinfo&siprop=extensions 15229* (bug 21922) YAML output should quote asterisk when used as key 15230* (bug 22297) safesubst: to allow substitution without breaking transclusion 15231* (bug 18758) API read of watchlist's wl_notificationtimestamp 15232* (bug 20809) Expose EditFormPreloadText via the API 15233* (bug 18427) Comment (edit summary) parser option for API 15234* (bug 18608) API should provide list of CSS styles to apply to rendered output 15235* (bug 18771) List possible errors in action=paraminfo 15236 15237=== Languages updated in 1.16 === 15238 15239MediaWiki supports over 300 languages. Many localisations are updated 15240regularly. Below only new and removed languages are listed, as well as 15241changes to languages because of Bugzilla reports. 15242 15243* Capiznon (cps) (new) 15244* North Frisian (frr) (new) 15245* Kirmanjki (kiu) (new) 15246* Komi-Permyak (koi) (new) 15247* Karachay-Balkar (krc) (new) 15248* Hill Mari (mrj) (new) 15249* Prussian (prg) (new) 15250* Romagnol (rgn) (new) 15251* Lower Silesian (sli) (new) 15252* Picard (pcd) (new) 15253* Uyghur (Arabic script) (ug-arab) (new) 15254* Upper Franconian (vmf) (new) 15255* Votic (vot) (new) 15256* Eastern Yiddish (ydd) (removed) 15257* Iriga Bicolano (bto) (removed) 15258* Ladin (lld) (removed) 15259* Laz (lzz) (removed) 15260* Palembang (plm) (removed) 15261* Megleno-Romanian (Greek script) (ruq-grek) (removed) 15262* Tamazight (tzm) (removed) 15263* Laz (lzz) (new) 15264 15265* (bug 18474) Sorani (ckb - Central Kurdish) (renamed from ku-arab) 15266* Add PLURAL function for Scots Gaelic (gd) 15267* Add Estonian letters äöõšüž to linktrail (et) 15268* (bug 18776) Native name of Burmese language (my) 15269* (bug 18806) Use correct unicode characters in spelling of native Chuvash 15270 (Чӑвашла) 15271* (bug 18864) Updated autonym for Zhuang language 15272* (bug 18308) Updated date formatting in Occitan (oc) 15273* (bug 19080) Added ăâîşţșțĂÂÎŞŢȘȚ to Romanion (ro) linktrail 15274* (bug 19286) Correct commafying function in Polish (pl) 15275* (bug 19441) Updated date formatting for Lithuanian 15276* (bug 19630) Added ÄäÇçĞğŇňÖöŞşÜüÝýŽž to Turkmen (tk) linktrail 15277* (bug 19949) New linktrail for Greek (el) 15278* (bug 19809) Korean (North Korea) (ko-kp) (new) 15279* (bug 19968) Fixed "Project talk" namespace name for Maltese (mt) 15280* (bug 21168) Added áâãàéêçíóôõúü to Portuguese (pt) linktrail 15281* (bug 21596) Change interwiki link for Kurdish (ku) 15282* (bug 23767) PHP warning/error when REQUEST_URI returns blank (IIS issue). 15283 15284== MediaWiki 1.15 == 15285 15286== MediaWiki 1.15.5 == 15287=== Changes since 1.15.4 === 15288 15289* (bug 24565) Fixed Cache-Control headers sent from API modules, to protect 15290 user privacy in the case where an attacker can access the wiki through the 15291 same HTTP proxy as a logged-in user. 15292* Fixed a minor cookie header parsing issue causing incorrect Cache-Control 15293 headers to be sent. 15294* Fixed an XSS vulnerability in profileinfo.php for installations with 15295 $wgEnableProfileInfo = true (false by default) 15296* For backwards compatibility with extensions from 1.14.x or before, restored 15297 the original function ApiMain::requestWriteMode(). 15298* In API login "need token" responses, added the cookieprefix and sessionid 15299 fields, as in MediaWiki 1.16.x. This is an improvement to the CSRF fix 15300 introduced in 1.15.3. 15301 15302== MediaWiki 1.15.4 == 15303=== Changes since 1.15.3 === 15304 15305* (bug 23534) Fixed SQL query error in API list=allusers. 15306* (bug 23371) Fixed CSRF vulnerability in "e-mail me my password", "create 15307 account" and "create by e-mail" features of [[Special:Userlogin]] 15308* (bug 23687) Fixed XSS vulnerability affecting IE clients only, due to a CSS 15309 validation issue. 15310 15311== MediaWiki 1.15.3 == 15312=== Changes since 1.15.2 === 15313 15314* (bug 22828) Fixed deletion on SQLite. 15315* (bug 23076) Fixed login CSRF vulnerability. Logins now require a token to 15316 be submitted along with the user name and password. 15317 15318== MediaWiki 1.15.2 == 15319=== Changes since 1.15.1 === 15320 15321* The installer now includes a check for a data corruption issue with certain 15322 versions of libxml2 2.7 and PHP earlier than 5.2.9, and also for a PHP bug 15323 present in the official release of PHP 5.3.1. 15324* (bug 20239) MediaWiki:Imagemaxsize does not contain anymore a <br /> tag which 15325 was displayed to the user 15326* (bug 21150) SQLite no longer raise an error when deleting files 15327* (bug 20880) Fixed updater failure on SQLite backend 15328* upgrade1_5.php now requires to be run --update option to prevent confusion 15329* Fixed a CSS validation issue which allowed external images to be included 15330 into wikis where that is disallowed by configuration. 15331* Fixed a data leakage vulnerability for private wikis using img_auth.php or 15332 similar image access authentication schemes. Check user permissions before 15333 streaming out scaled images from thumb.php. 15334 15335== MediaWiki 1.15.1 == 15336=== Changes since 1.15.0 === 15337* Fixed fatal errors for unusual file repository configurations, such as 15338 ForeignAPIRepo. 15339* Fixed the "change password" link on Special:Preferences to have the correct 15340 returnto parameter. 15341* (bug 19693) Fixed cross-site scripting vulnerability in Special:Block 15342 15343== MediaWiki 1.15.0 == 15344=== Changes since 1.15.0rc1 === 15345 15346* Removed category redirect feature, implementation was incomplete. 15347* (bug 18846) Remove update_password_format(), unnecessary, destroys all 15348 passwords if a wiki with $wgPasswordSalt=false is upgraded with the web 15349 installer. 15350* (bug 19127) Documentation warning for PostgreSQL users who run update.php: 15351 use the same user in AdminSettings.php as in LocalSettings.php. 15352* Fixed possible web invocation of some maintenance scripts, due to the use of 15353 include() instead of require(). A full exploit would require a very strange 15354 web server configuration. 15355* Localisation updates. 15356 15357=== Configuration changes in 1.15 === 15358 15359* Added $wgNewPasswordExpiry, to specify an expiry time (in seconds) to 15360 temporary passwords 15361* Added $wgUseTwoButtonsSearchForm to choose the Search form behavior/look 15362* Added $wgNoFollowDomainExceptions to allow exempting particular domain names 15363 from rel="nofollow" on external links 15364* (bug 12970) Brought back $wgUseImageResize. 15365* Added $wgRedirectOnLogin to allow specifying a specific page to redirect users 15366 to upon logging in (ex: "Main Page") 15367* Add $wgExportFromNamespaces for enabling/disabling the "export all from 15368 namespace" option (disabled by default) 15369 15370=== New features in 1.15 === 15371 15372* (bug 2242) Add an expiry time to temporary passwords 15373* (bug 9947) Add PROTECTIONLEVEL parser function to return the protection level 15374 for the current page for a given action 15375* (bug 17002) Add &minor= and &summary= as parameters in the url when editing, 15376 to automatically add a summary or a minor edit. 15377* (bug 16852) padleft and padright now accept multiletter pad characters 15378* When using 'UserCreateForm' hook to add new checkboxes into 15379 Special:UserLogin/signup, the messages can now contain HTML to allow 15380 hyperlinking to the site's Terms of Service page, for example 15381* Add new hook 'UserLoadFromDatabase' that is called while loading a user 15382 from the database. 15383* (bug 17045) Options on the block form are prefilled with the options of the 15384 existing block when modifying an existing block. 15385* (bug 17055) "(show/hide)" links to Special:RevisionDelete now use a CSS class 15386 rather than hardcoded HTML tags 15387* Added new hook 'WantedPages::getSQL' into SpecialWantedpages.php to allow 15388 extensions to alter the SQL query which is used to get the list of wanted 15389 pages 15390* (bugs 16957/16969) Add show/hide to preferences for RC patrol options on 15391 specialpages 15392* (bug 11443) Auto-noindex user/user talk pages for blocked user 15393* (bug 11644) Add $wgMaxRedirects variable to control how many redirects are 15394 recursed through until the "destination" page is reached. 15395* Add $wgInvalidRedirectTargets variable to prevent redirects to certain 15396 special pages. 15397* Use HTML5 rel attributes for some links, where appropriate 15398* Added optional alternative Search form look - Go button & Advanced search 15399 link instead of Go button & Search button 15400* (bug 2314) Add links to user custom CSS and JS to Special:Preferences 15401* More helpful error message on raw page access if PHP_SELF isn't set 15402* (bug 13040) Gender switch in user preferences 15403* (bug 13040) {{GENDER:}} magic word for interface messages 15404* (bug 3301) Optionally sort user list according to account creation time 15405* Remote description pages for foreign file repos are now fetched in the 15406 content language. 15407* (bug 17180) If $wgUseFileCache is enabled, $wgShowIPinHeader is automatically 15408 set to false. 15409* (bug 16604) Mark non-patrolled edits in feeds with "!" 15410* (bug 16604) Show title/rev in IRC for patrol log 15411* (bug 16854) Whether a page is being parsed as a preview or section preview 15412 can now be determined and set with ParserOptions. 15413* Wrap message 'confirmemail_pending' into a div with CSS classes "error" and 15414 "mw-confirmemail-pending" 15415* (bug 8249) The magic words for namespaces and pagenames can now be used as 15416 parser functions to return the desired namespace or normalized title/title 15417 part for a given title. 15418* (bug 17110) Styled #mw-data-after-content in cologneblue.css to match the 15419 rest of the font 15420* (bug 7556) Time zone names in signatures lack i18n 15421* (bug 3311) Automatic category redirects 15422* (bug 17236) Suppress 'watch user page link' for IP range blocks 15423* Wrap message 'searchresulttext' (Special:Search) into a div with 15424 class "mw-searchresult" 15425* (bug 15283) Interwiki imports can now fetch included templates 15426* Treat svn:// URLs as external links by default 15427* New function to convert namespace text for display (only applies on wiki with 15428 LanguageConverter class) 15429* (bug 17379) Contributions-title is now parsed for magic words. 15430* Preprocessor output now cached in memcached. 15431* (bug 14468) Lines in classic RecentChanges and Watchlist have classes 15432 "mw-line-odd" and "mw-line-even" to make styling using css possible. 15433* (bug 17311) Add a note beside the gender selection menu to tell users that 15434 this information will be public 15435* Localize time zone regions in Special:Preferences 15436* Add NUMBEROFACTIVEUSERS magic word, which is like NUMBEROFUSERS, but uses 15437 the active users data from site_stats. 15438* Add a <link rel="canonical"> tag on redirected page views 15439* Replace hardcoded '...' as indication of a truncation with the 15440 'ellipsis' message 15441* Wrap warning message 'editinginterface' into a div with class 15442 'mw-editinginterface' 15443* (bug 17497) Oasis opendocument added to mime.types 15444* Remove the link to Special:FileDuplicateSearch from the "file history" section 15445 of image description pages as the list of duplicated files is shown in the 15446 next section anyway. 15447* Added $wgRateLimitsExcludedIPs, to allow specific IPs to be whitelisted from 15448 rate limits. 15449* (bug 14981) Shared repositories can now have display names, located at 15450 Mediawiki:Shared-repo-name-REPONAME, where REPONAME is the name in 15451 $wgForeignFileRepos 15452* Special:ListUsers: Sort list of usergroups by alphabet 15453* (bug 16762) Special:Movepage now shows a list of subpages when possible 15454* (bug 17585) Hide legend on Special:Specialpages from non-privileged users 15455* Added $wgUseTagFilter to control enabling of filter-by-change-tag 15456* (bug 17291) MediaWiki:Nocontribs now has an optional $1 parameter for the 15457 username 15458* Wrap special page summary message '$specialPageName-summary' into a div 15459 with class 'mw-specialpage-summary' 15460* $wgSummarySpamRegex added to handle edit summary spam. This is used *instead* 15461 of $wgSpamRegex for edit summary checks. Text checks still use $wgSpamRegex. 15462* New function to convert content text to specified language (only applies on 15463 wiki with LanguageConverter class) 15464* (bug 17844) Redirect users to a specific page when they log in, see 15465 $wgRedirectOnLogin 15466* Added a link to Special:UserRights on Special:Contributions for privileged 15467 users 15468* (bug 10336) Added new magic word {{REVISIONUSER}}, which displays the editor 15469 of the displayed revision 15470* LinkerMakeExternalLink now has an $attribs parameter for link attributes and 15471 a $linkType parameter for the type of external link being made 15472* (bug 17785) Dynamic dates surrounded with a <span> tag, fixing sortable tables 15473 with dynamic dates. 15474* (bug 4582) Provide preference-based autoformatting of unlinked dates with the 15475 dateformat parser function. 15476* (bug 17886) Special:Export now allows you to export a whole namespace (limited 15477 to 5000 pages) 15478* (bug 17714) Limited TIFF upload support now built in if 'tif' extension is 15479 enabled. Image width and height are now recognized, and when using 15480 ImageMagick, optional flattening to PNG or JPEG for inline display can be 15481 enabled by setting $wgTiffThumbnailType 15482* Renamed two input IDs on Special:Log from 'page' and 'user' to 'mw-log-page' 15483 and 'mw-log-user', respectively 15484* Added $wgInvalidUsernameCharacters to disallow certain characters in 15485 usernames during registration (such as "@") 15486* Added $wgUserrightsInterwikiDelimiter to allow changing the delimiter 15487 used in Special:UserRights to denote the user should be searched for 15488 on a different database 15489* Add a class if 'missingsummary' is triggered to allow styling of the summary 15490 line 15491* Title attributes are now always blank on framed and thumbnailed images, and 15492 default to blank on inline images instead of defaulting to the image's 15493 filename. Additionally, the alt attribute now defaults to the filename on 15494 framed and thumbnailed images if no caption or alt attribute is specified. 15495 15496=== Bug fixes in 1.15 === 15497* (bug 16968) Special:Upload no longer throws useless warnings. 15498* (bug 17000) Special:RevisionDelete now checks if the database is locked 15499 before trying to delete the edit. 15500* (bug 16852) padleft and padright now handle multibyte characters correctly 15501* (bug 17010) maintenance/namespaceDupes.php now add the suffix recursively if 15502 the destination page exists 15503* (bug 17035) Special:Upload now fails gracefully if PHP's file_uploads has 15504 been disabled 15505* Fixing the caching issue by using -{T|xxx}- syntax (only applies on wiki with 15506 LanguageConverter class) 15507* Improving the efficiency by using -{A|xxx}- syntax (only applies on wiki with 15508 LanguageConverter class) 15509* (bug 17054) Added more descriptive errors in Special:RevisionDelete 15510* (bug 11527) Diff on page with one revision shows "Next" link to same diff 15511* (bug 8065) Fix summary forcing for new pages 15512* (bug 10569) redirects to Special:Mypage and Special:Mytalk are no longer 15513 allowed by default. Change $wgInvalidRedirectTargets to re-enable. 15514* (bug 3043) Feed links of given page are now preceded by standard feed icon 15515* (bug 17150) escapeLike now escapes literal \ properly 15516* Inconsistent use of sysop, admin, administrator in system messages changed 15517 to 'administrator' 15518* (bug 14423) Check block flag validity for block logging 15519* DB transaction and slave-lag avoidance tweaks for Email Notifications 15520* (bug 17104) Removed [Mark as patrolled] link for already patrolled revisions 15521* (bug 17106) Added 'redirect=no' and 'mw-redirect' class to redirects at 15522 "user contributions" 15523* Rollback links on new pages removed from "user contributions" 15524* (bug 15811) Re-upload form tweaks: license fields removed, destination locked, 15525 comment label uses better message 15526* Whole HTML validation ($wgValidateAllHtml) now works with external tidy 15527* Parser tests no longer fail when $wgExternalLinkTarget is set in 15528 LocalSettings 15529* (bug 15391) catch DBQueryErrors on external storage insertion. This avoids 15530 error messages on save were the edit in fact is saved. 15531* (bug 17184) Remove duplicate "z" accesskey in MonoBook 15532* Parser tests no longer fail when $wgAlwaysUseTidy is set in LocalSettings.php 15533* Removed redundant dupe warnings on reupload for the same title. Dupe warnings 15534 for identical files at different titles are still given. 15535* Add 'change tagging' facility, where changes can be tagged internally with 15536 certain designations, which are displayed on various summaries of changes, 15537 and the entries can be styled with CSS. 15538* (bug 17207) Fix regression breaking category page display on PHP 5.1 15539* Categoryfinder utility class no longer fails on invalid input or gives wrong 15540 results for category names that include pseudo-namespaces 15541* (bug 17252) Galician numbering format 15542* (bug 17146) Fix for UTF-8 and short word search for some possible MySQL 15543 configs 15544* (bug 7480) Internationalize database error message 15545* (bug 16555) Number of links to mediawiki.org scaled back on post-installation 15546* (bug 14938) Removing a section no longer leaves excess whitespace 15547* (bug 17304) Fixed fatal error when thumbnails couldn't be generated for file 15548 history 15549* (bug 17283) Remove double URL escaping in show/hide links for log entries 15550 and RevisionDeleteForm::__construct 15551* (bug 17105) Numeric table sorting broken 15552* (bug 17231) Transcluding special pages on wikis using language conversion no 15553 longer affects the page title 15554* (bug 6702) Default system messages updated/improved 15555* (bug 17190) User ID on preference page no longer has delimeters 15556* (bug 17341) "Powered by MediaWiki" should be on the left on RTL wikis 15557* (bug 17404) "userrights-interwiki" right was missing in User::$mCoreRights 15558* (bug 7509) Separation strings should be configurable 15559* (bug 17420) Send the correct content type from action=raw when the HTML file 15560 cache is enabled. 15561* (bug 12746) Do not allow new password e-mails when wiki is in read-only mode 15562* (bug 17478) Fixed a PHP Strict standards error in 15563 maintenance/cleanupWatchlist.php 15564* (bug 17488) RSS/Atom links in left toolbar are now localized in classic skin 15565* (bug 17472) use print <<<EOF in maintenance/importTextFile.php 15566* Special:PrefixIndex: Move table styling to shared.css, add CSS IDs to tables 15567 use correct message 'allpagesprefix' for input form label, replace _ with ' ' 15568 in next page link 15569* (bug 17506) Exceptions within exceptions now respect $wgShowExceptionDetails 15570* Fixed excessive job queue utilisation 15571* File dupe messages for remote repos are now shown only once. 15572* (bug 14980) Messages 'shareduploadwiki' and 'shareduploadwiki-desc' are now 15573 used as a parameter in 'sharedupload' for easier styling and customization. 15574* (bug 17482) Formatting error in Special:Preferences#Misc (Opera) 15575* (bug 17556) <link> parameters in Special:Contributions feeds (RSS and Atom) 15576 now point to the actual contributors' feed. 15577* ForeignApiRepos now fetch MIME types, rather than trying to figure it locally 15578* Special:Import: Do not show input field for import depth if 15579 $wgExportMaxLinkDepth == 0 15580* (bug 17570) $wgMaxRedirects is now correctly respected when following 15581 redirects (was previously one more than $wgMaxRedirects) 15582* (bug 16335) __NONEWSECTIONLINK__ magic word to suppress new section link. 15583* (bug 17581) Wrong index name in PostgreSQL's updater: was rc_timestamp_nobot, 15584 changed to rc_timestamp_bot 15585* (bug 17437) Fixed incorrect link to web-based installer 15586* (bug 17538) Use shorter URLs in <link> elements 15587* (bug 13778) Hidden input added to the search form so that using the Enter key 15588 on IE will do a fulltext search like clicking the button does 15589* (bug 1061) CSS-added icons next to links display through the text and makes 15590 it unreadable in RTL 15591* Special:Wantedtemplates now works on PostgreSQL 15592* (bug 14414) maintenance/updateSpecialPages.php no longer throws error with 15593 PostgreSQL 15594* (bug 17546) Correct Tongan language native name is "lea faka-Tonga" 15595* (bug 17621) Special:WantedFiles has no link to Special:Whatlinkshere 15596* (bug 17460) Client ecoding is now correctly set for PostgreSQL 15597* (bug 17648) Prevent floats from intruding into edit area in previews if no 15598 toolbar present 15599* (bug 17692) Added (list of members) link to 'user' in Special:Listgrouprights 15600* (bug 17707) Show file destination as plain text if &wpForReUpload=1 15601* (bug 10172) Moved setting of "changed since last visit" flags out of the job 15602 queue 15603* (bug 17761) "show/hide" link in page history in now works for the first 15604 displayed revision if it's not the current one 15605* (bug 17722) Fix regression where users are unable to change temporary 15606 passwords 15607* (bug 17799) Special:Random no longer throws a database error when a non- 15608 namespace is given, silently falls back to NS_MAIN 15609* (bug 17751) The message for bad titles in WantedPages is now localized 15610* (bug 17860) Moving a page in the "MediaWiki" namespace using SuppressRedirect 15611 no longer corrupts the message cache 15612* (bug 17900) Fixed User Groups interface log display after saving groups. 15613* (bug 17897) Fixed string offset error in <pre> tags 15614* (bug 17778) MediaWiki:Catseparator can now have HTML entities 15615* (bug 17676) Error on Special:ListFiles when using Postgres 15616* Special:Export doesn't use raw SQL queries anymore 15617* (bug 14771) Thumbnail links to individual DjVu pages no longer have 15618 two "page" parameters 15619* (bug 17972) Special:FileDuplicateSearch form now works correctly on wikis that 15620 don't use PathInfo or short urls 15621* (bug 17990) trackback.php now has a trackback.php5 alias and works with 15622 $wgScriptExtension 15623* (bug 14990) Parser tests works again with PostgreSQL 15624* (bug 11487) Special:Protectedpages doesn't list protections with pr_expiry 15625 IS NULL 15626* (bug 18018) Deleting a file redirect leaves behind a malfunctioning redirect 15627* (bug 17537) Disable bad zlib.output_compression output on HTTP 304 responses 15628* (bug 11213) [edit] section links in printable version no longer appear when 15629 you cut-and-paste article text 15630* (bug 17405) "Did you mean" to mirror Go/Search behavior of original request 15631* (bug 18116) 'edittools' is now output identically on edit and upload pages 15632* (bug 17241) The diffonly URI parameter should cascade to "Next edit" and 15633 "Previous edit" diff links 15634* (bug 16823) Sidebar search form should not use Special:Search view URL as 15635 target 15636* (bug 16343) Non-existing, but in use, category pages can be "go" match hits 15637* Fixed a CSS validation issue which allowed external images to be included 15638 into wikis where that is disallowed by configuration. 15639* Fixed a data leakage vulnerability for private wikis using img_auth.php or 15640 similar image access authentication schemes. Check user permissions before 15641 streaming out scaled images from thumb.php. 15642 15643== API changes in 1.15 == 15644* (bug 16858) Revamped list=deletedrevs to make listing deleted contributions 15645 and listing all deleted pages possible 15646* (bug 16844) Added clcategories parameter to prop=categories 15647* (bug 17025) Add "fileextension" parameter to meta=siteinfo&siprop= 15648* (bug 17048) Show the 'new' flag in list=usercontribs for the revision that 15649 created the page, even if it's not the top revision 15650* (bug 17069) Added ucshow=patrolled|!patrolled to list=usercontribs 15651* action=delete respects $wgDeleteRevisionsLimit and the bigdelete user right 15652* (bug 15949) Add undo functionality to action=edit 15653* (bug 16483) Kill filesort in ApiQueryBacklinks caused by missing parentheses. 15654 Building query properly now using makeList() 15655* (bug 17182) Fix pretty printer so URLs with parentheses in them are 15656 autolinked correctly 15657* (bug 17224) Added siprop=rightsinfo to meta=siteinfo 15658* (bug 17239) Added prop=displaytitle to action=parse 15659* (bug 17317) Added watch parameter to action=protect 15660* (bug 17007) Added export and exportnowrap parameters to action=query 15661* (bug 17326) BREAKING CHANGE: Changed output format for iiprop=metadata 15662* (bug 17355) Added auwitheditsonly parameter to list=allusers 15663* (bug 17007) Added action=import 15664* BREAKING CHANGE: Removed rctitles parameter from list=recentchanges because 15665 of performance concerns 15666* Listing (semi-)deleted revisions and log entries as well in prop=revisions 15667 and list=logevents 15668* (bug 11430) BREAKING CHANGE: Modules may return fewer results than the 15669 limit and still set a query-continue in some cases 15670* (bug 17357) Added movesubpages parameter to action=move 15671* (bug 17433) Added bot flag to list=watchlist&wlprop=flags output 15672* (bug 16740) Added list=protectedtitles 15673* Added mainmodule and pagesetmodule parameters to action=paraminfo 15674* (bug 17502) meta=siteinfo&siprop=namespacealiases no longer lists namespace 15675 aliases already listed in siprop=namespaces 15676* (bug 17529) rvend ignored when rvstartid is specified 15677* (bug 17626) Added uiprop=email to list=userinfo 15678* (bug 13209) Added rvdiffto parameter to prop=revisions 15679* Manual language conversion improve: Now we can include both ";" and ":" in 15680 conversion rules 15681* (bug 17795) Don't report views count on meta=siteinfo if $wgDisableCounters 15682 is set 15683* (bug 17774) Don't hide read-restricted modules like action=query from users 15684 without read rights, but throw an error when they try to use them. 15685* Don't hide write modules when $wgEnableWriteAPI is false, but throw an error 15686 when someone tries to use them 15687* BREAKING CHANGE: action=purge requires write rights and, for anonymous users, 15688 a POST request 15689* (bug 18099) Using appendtext to edit a non-existent page causes an interface 15690 message to be included in the page text 15691* Fixed the circular template inclusion check, was broken when the loop 15692 involved redirects. Without this, infinite recursion within the parser is 15693 possible. 15694* (bug 18601) generator=backlinks returns invalid continue parameter 15695* (bug 18597) Internal error with empty generator= parameter 15696* (bug 18617) Add xml:space="preserve" attribute to relevant tags in XML output 15697* (bug 17611) Provide a sensible error message on install when the SQLite data 15698 directory is wrong. 15699 15700=== Languages updated in 1.15 === 15701 15702MediaWiki supports over 300 languages. Many localisations are updated 15703regularly. Below only new and removed languages are listed, as well as 15704changes to languages because of Bugzilla reports. 15705 15706* Austrian German (de-at) (new) 15707* Swiss Standard German (de-ch) (new) 15708* Simplified Gan Chinese (gan-hans) (new) 15709* Traditional Gan Chinese (gan-hant) (new) 15710* Literary Chinese (lzh) (new) 15711* Uyghur (Latin script) (ug-latn) (renamed from 'ug') 15712* Veps (vep) (new) 15713* Võro (vro) (renamed from fiu-vro) 15714* (bug 17151) Add magic word alias for #redirect for Vietnamese 15715* (bug 17288) Messages improved for default language (English) 15716* (bug 12937) Update native name for Afar 15717* (bug 16909) 'histlegend' now reuses messages instead of copying them 15718* (bug 17832) action=delete returns 'unknownerror' instead of 'permissiondenied' 15719 when the user is blocked 15720* Traditional/Simplified Gan Chinese conversion support 15721 15722== MediaWiki 1.14 == 15723 15724== MediaWiki 1.14.1 == 15725=== Changes since 1.14.0 === 15726 15727* (bug 17737) Fixed russian URLs for Special:BookSources 15728* (bug 17713) Using links with only an anchor no longer add an dummy entry in 15729 the pagelinks table 15730* (bug 17897) Fixed string offset error in <pre> tags 15731* (bug 17832) Fixed action=delete returning 'unknownerror' instead of 15732 'permissiondenied' when the user is blocked 15733* Fixed performance regression when accessing deleted (archived) files 15734* (bug 19693) Fixed cross-site scripting vulnerability in Special:Block 15735 15736== MediaWiki 1.14.0 == 15737=== Changes since 1.14.0rc1 === 15738 15739* Fixed the performance of the backlinks API module 15740* (bug 17420) Send the correct content type from action=raw when the HTML file 15741 cache is enabled. 15742* (bug 17437) Fixed incorrect link to web-based installer 15743* (bug 17527) Fixed missing MySQL-specific options in installer 15744 15745=== Configuration changes in 1.14 === 15746 15747* $wgExemptFromUserRobotsControl is an array of namespaces to be exempt from 15748 the effect of the new __INDEX__/__NOINDEX__ magic words. (Default: null, ex- 15749 empt all content namespaces.) 15750* $wgForwardSearchUrl has been removed entirely. Documented setting since 1.4 15751 has been $wgSearchForwardUrl. 15752* (bug 15080) $wgOverrideSiteFeed has been added. Setting either 15753 $wgSiteFeed['rss'] or 'atom' to a URL will override the default Recent 15754 Changes feed that appears on all pages. 15755* $wgSQLiteDataDirMode has been introduced as the default directory mode for 15756 SQLite data directories on creation. Note that this setting is separate from 15757 $wgDirectoryMode, which applies to all normal dirs created by MediaWiki. 15758* $wgGroupsAddToSelf and $wgGroupsRemoveFromSelf now work more like 15759 $wgAddGroups and $wgRemoveGroups, where the user must belong to a specified 15760 group in order to add or remove those groups from themselves. 15761 Backwards compatibility is maintained. 15762* $wgRestrictDisplayTitle controls if the use of the {{DISPLAYTITLE}} magic 15763 word is restricted to titles equivalent to the actual page title. This 15764 is true per default, but can be set to false to allow any title. 15765* $wgSpamRegex may now be an array of multiple regular expressions. 15766* $wgAjaxSearch has been removed; use $wgEnableMWSuggest instead. 15767* Editing the MediaWiki namespace is now unconditionally restricted to people 15768 with the editinterface right, configuring this in $wgNamespaceProtection 15769 is not required. 15770* $wgAllowExternalImagesFrom may now be an array of multiple strings. 15771* Introduced $wgEnableImageWhitelist to toggle the on-wiki external image 15772 whitelist on or off. 15773* Added $wgRenderHashAppend to append some string to the parser cache and the 15774 sitenotice cache keys. 15775* $wgRCChangedSizeThreshold is now a positive integer by default, 15776* (bug 16006) $wgEnableWriteAPI is now true by default. Authorized can perform 15777 write actions using the API. 15778* Added $wgRC2UDPInterwikiPrefix which adds an interwiki prefix 15779 ($wgLocalInterwiki) onto the page names in the UDP feed. 15780* Added $wgAllowUserSkin to let the wiki's owner disable user selectable skins 15781 on the wiki. If it's set to false, then the skin used will *always* be 15782 $wgDefaultSkin. 15783* Added $wgEnotifUseRealName, which allows UserMailer to send out e-mails based 15784 on the user's real name if one is set. Defaults to false (use the username) 15785* Removed the 'apiThumbCacheDir' option from $wgForeignFileRepos (only used in 15786 ForeignAPIRepo) 15787* (bug 44) Image namespace and accompanying talk namespace renamed to File. 15788 For backward compatibility purposes, Image still works. External tools may 15789 need to be updated. 15790* The constants NS_FILE and NS_FILE_TALK can now be used instead of NS_IMAGE and 15791 NS_IMAGE_TALK. The old constants are retained as aliases for compatibility, 15792 and should still be used in code meant to be compatible with v1.13 or older. 15793* MediaWiki can be forced to use private IPs forwarded by a proxy server by 15794 using $wgUsePrivateIPs. 15795* The 'BeforeWatchlist' hook has been removed due to internal changes in 15796 Special:Watchlist. 'SpecialWatchlistQuery' should now be used by extensions 15797 to customize the watchlist database query. 15798 15799=== Migrated extensions === 15800The following extensions are migrated into MediaWiki 1.14: 15801 15802* Special:DeletedContributions to show deleted user contributions (was 15803 extension DeletedContributions) 15804* Special:Log/newusers recording new users (was extension Newuserlog) 15805* Special:LinkSearch to search for external links (was extension LinkSearch) 15806* RenderHash 15807* NoMoveUserPages 15808* UniversalEditButton 15809 15810=== New features in 1.14 === 15811 15812* New URL syntaxes for Special:ListUsers - 'Special:ListUsers/USER' and 15813 'Special:ListUsers/GROUP/USER', in addition to the older syntax 15814 'Special:ListUsers/GROUP' where GROUP is a valid group name. 15815* Configurable per-namespace and per-page notices for the edit form, 15816 respectively MediaWiki:Editnotice-# where # is the namespace number, and 15817 MediaWiki:Editnotice-#-PAGENAME where # is the page's namespace number and 15818 PAGENAME is the page name minus the namespace prefix. 15819* (bug 8068) New __INDEX__ and __NOINDEX__ magic words allow user control of 15820 search engine indexing on a per-article basis. 15821* Handheld stylesheet options 15822* Added 'DoEditSectionLink' hook as a cleaner unified version of the old 15823 'EditSectionLink' and 'EditSectionLinkForOther' hooks. Note that the 15824 'EditSectionLinkForOther' hook has been removed, but 'EditSectionLink' is 15825 run in all cases instead, so extensions using the old hooks should still work 15826 if they ran roughly the same code for both hooks (as is almost certain). 15827* Signature (~~~~) "cleaning", i.e. template removal, can be disabled with 15828 $wgCleanSignatures=false 15829* Extensions can use the SkinBuildSidebar hook to modify the content of the 15830 sidebar and add custom portlets to it 15831* Added 'MakeGlobalVariablesScript' hook for extensions to be able to add vari- 15832 ables into the output of Skin::makeVariablesScript 15833* (bug 13846) Added $wgAddGroups and $wgRemoveGroups display on 15834 Special:ListGroupRights 15835* (bug 14377) Add a date selector to history pages 15836* (bug 15007) New 'pagetitle-view-mainpage' message allows the HTML <title> of 15837 the main page to be customized 15838* Added $wgDisableTitleConversion to disabling the conversion for all pages on 15839 the wiki 15840* Added 'noconvertlink' toggle that can be set per user preferences, also 15841 added 'convertlink=no|yes' on GET requests whether have the link titles 15842 being converted or not 15843* (bug 14921) Special:Contributions/: add user name to <title> 15844 Patch by Emufarmers 15845* Unescape more "safe" characters when producing URLs, for added prettiness 15846* Introduced a new hook 'SkinAfterContent' that allows extensions to add text 15847 after the page content and article metadata. Updated all skins and skin 15848 templates to work with that hook. 15849* (bug 14929) removeUnusedAccounts.php now supports 'ignore-touched' and 15850 'ignore-groups'. Patch by Louperivois 15851* (bug 15127) Work around minor display glitch in Opera. 15852* By default, reject file uploads that look like ZIP files, to avoid the 15853 so-called GIFAR vulnerability. 15854* (bug 15141) Give ability to only list protected pages with the cascading 15855 option enabled on Special:ProtectedPages 15856* (bug 15157) Special:Watchlist has the same options as Special:Watchlist: 15857 Show/Hide logged in users, Show/Hide anonymous, Invert namespace selection 15858* Added hook 'UserrightsChangeableGroups' to allow modification of what 15859 groups may be added or removed via the Special:UserRights interface. 15860* HTML entities like now work (are not escaped) in edit summaries. 15861* (bug 13815) In the comment for page moves, use the colon-separator message 15862 instead of a hardcoded colon. 15863* Allow <gallery> to accept image names without an Image: prefix 15864* Add tooltips to rollback and undo links 15865* BMP images are now displayed as PNG 15866* (bug 13471) Added NUMBERINGROUP magic word 15867* (bug 11884) Now support Flash EXIF attribute 15868* Show thumbnails in the file history list, patch by User:Agbad 15869* Added support of piped wikilinks using double-width brackets 15870* Added an on-wiki external image whitelist. Items in this whitelist are 15871 treated as regular expression fragments to match for when possibly 15872 displaying an external image inline. 15873* (bugs 15405, 15436) Sort more currency types correctly in sortable tables 15874* (bug 15422) Sort more different types of numbers in sortable tables 15875* (bug 2889) MediaWiki:Print.css applies to the printable version 15876* Category counts (e.g. from {{PAGESINCATEGORY:}}) should be more accurate for 15877 small categories 15878* After logging in, automatically redirect to wherever you logged in from 15879* (bug 5619) Break messages used in Special:Statistics down further 15880* (bug 11029) Add link to Special:Listusers?group=sysop etc at 15881 Special:Statistics 15882* (bug 15514) Setting $wgRightsText without $wgRightsUrl now produces a 15883 plaintext copyright notice. Patch by Juliano F. Ravasi. 15884* (bug 15551) Deletion log excerpt is now shown whenever a user vists a 15885 deleted page, even if they are unable to edit it. 15886* Added Wantedfiles special pages, allowing users to find image links with no 15887 image. 15888* (bug 12650) It is now possible to set different expiration times for 15889 different restriction types on the protection form. 15890* (bug 8440) Allow preventing blocked users from editing their talk pages 15891* Improved upload file type detection for OpenDocument formats 15892* Added the ability to set the target attribute on external links with 15893 $wgExternalLinkTarget 15894* api.php now sends "Retry-After" and "X-Database-Lag" HTTP headers if the 15895 maxlag check fails, just like index.php does 15896* Added "link" parameter to image links, to allow images to link to an 15897 arbitrary title or URL. This should replace inaccessible and incomplete 15898 solutions such as CSS-based overlays and ImageMap. 15899* (bug 368) Don't use caption for alt attribute; allow manual specification 15900 using new "alt=" parameter for images 15901* (bug 44) The {{ns:}} core parser function now also accepts localized 15902 namespace names and aliases; also, its output now uses spaces instead of 15903 underscores to match the behavior of the {{NAMESPACE}} magic word 15904* Added the ability to display user edit counts in Special:ListUsers. Off by 15905 default, enabled with $wgEdititis = true (named after the medical condition 15906 marked by unhealthy obsession with edit counts). 15907* Added a file cache to the parser to improve page rendering time on pages with 15908 several uses of the same image. 15909* (bug 1250) Users can still use "show preview" and "show changes" even if the 15910 wiki is set to read-only mode. 15911* Added a call to the 'UnwatchArticleComplete' hook to the watchlist editor. 15912 This should make it so that ALL user-accessible methods of removing a page 15913 from a watchlist lead to this hook being called (it was previously only 15914 called from within Article.php 15915* Maximum execution time for shell processes on linux is now configured with 15916 $wgMaxShellTime (180 seconds by default) 15917* (bug 1306) 'Email user' link no longer shown on user page when emailing 15918 is not available due to lack of confirmed address or disabled preference 15919* Special:Wanted templates special page added to display missing templates 15920 linked from articles 15921* Make search matches bold only, not red as well 15922* (bug 10080) Blocks can be modified without unblocking first 15923* (bug 15820) Special:BlockIP shows a notice if the user being blocked is 15924 already directly blocked 15925* (bug 13710) Allow to force "watch this" checkbox via URL using parameter 15926 "watchthis" 15927* (bug 15125) Add Public Domain to default options when installing. Patch by 15928 Nathan Larson. 15929* Set a special temporary directory for ImageMagick with $wgImageMagickTempDir 15930* (bug 16113) Show/hide for redirects in Special:NewPages 15931* (bug 15903) Upload link was added to Nostalgia skin 15932* (bug 15761) Add user toggle to omit diff after rollback 15933* Added the BitmapHandler_ClientOnly media handler, which allows server-side 15934 image scaling to be completely disabled for specific media types, via the 15935 $wgMediaHandlers configuration variable. 15936* New 'AbortDiffCache' hook can be used to cancel the caching of a diff 15937* (bug 15835) Added Content-Style-Type meta tag 15938* (bug 11027) Add parameter to MW:Randompage-nopages so that user can see the 15939 namespace. 15940* Add id="mw-user-domain-section" to <tr> tag in Userlogin.php template so that 15941 admins with a single domain can hide the domain section using CSS 15942* Dropped old Paser_OldPP class. Only new parser with preprocessor is used. 15943* Moved password reset form from Special:Preferences to Special:ResetPass 15944* Added Special:ChangePassword as a special page alias for Special:ResetPass 15945* Added complementary function for addHandler() called removeHandler() for 15946 removing events 15947* Improved security of file uploads for IE clients, using a reverse-engineered 15948 algorithm very similar to IE's content detection algorithm. 15949* Cascading protection no longer requires that both edit and move are restricted 15950 to sysop, just edit=sysop is enough 15951* (bug 2391) A warning is now shown for invalid ISBN numbers on 15952 Special:Booksources. 15953* Installer has been updated to reflect the release of the GFDL 1.3. The URL for 15954 1.2 has been updated, and the 1.3 URL has been given. 1.2 is still 15955 Wikipedia-compatible. RightsCode was changed from 'gfdl' to 'gfdl1_2', so we 15956 can now support 1.2 as well as 1.3 (gfdl1_3). 15957* (bug 16293) PD URL was changed to the CreativeCommons site on PD (which 15958 auto-detects your language) instead of Wikipedia. 15959* (bug 16635) The "view and edit watchlist" page (Special:Watchlist/edit) now 15960 includes a table of contents 15961* File objects returned by wfFindFile() are now cached by default 15962* (bug 7492) Rights can now be assigned to specific IP addresses and ranges by 15963 using $wgAutopromote (new defines: APCOND_ISIP and APCOND_IPINRANGE) 15964* Add a 'change block' link to Special:IPBlockList and Special:Log 15965* (bug 16459) Use native getElementsByClassName where possible, for better 15966 performance in modern browsers 15967* Enable \cancel and \cancelto in texvc (recompile required) 15968* Added 'UserCryptPassword' and 'UserComparePasswords' hooks to allow extensions 15969 to implement their own password hashing methods. 15970* (bug 16760) Add CSS-class to action links of Special:Log 15971* (bug 505) Time zones can now be specified by location in user preferences, 15972 avoiding the need to manually update for DST. Patch by Brad Jorsch. 15973* (bug 2585) HTTP 404 return code is now given for a page view if the page 15974 does not exist, allowing spiders and link checkers to detect broken links. 15975* Special:Log: Add 'change protection' link for unprotected pages too 15976* Special:Log: Add log type specific CSS classes 'mw-logline-$logtype' to 15977 'li' elements 15978* (bug 16754) Making arbitrary rows of sortable tables sticky: 15979 |- class="unsortable" 15980* Show subversion too even if a "normal" version number is available 15981* (bug 16121) Add a note that a page move was without creating a redirect in the 15982 move log 15983* Image moving is now enabled for sysops by default 15984* Make "Did you mean" search feature more noticeable 15985* (bug 16720) Transcluded Special:NewPages processes "/username=" 15986 15987=== Bug fixes in 1.14 === 15988 15989* (bug 14907) DatabasePostgres::fieldType now defined. 15990* (bug 14659) Passing the default limit param to Special:Recentchanges no more 15991 falls back to the user option 15992* (bug 14954) Fix regression in Modern and Simple skins 15993* Recursion loop check added to Categoryfinder class 15994* Fixed few performance troubles of large job queue processing 15995* Not setting various parameters in Foreign Repos now fails more gracefully 15996* (bug 2333) Redirects are properly rendered when previewing an edit. 15997* (bug 14972) Use localized alias of Special:Search on all search forms 15998* (bug 11035) Special:Search should have descriptive <title> 15999* Special pages are now not subject to special handling for "self-links" 16000* (bug 15053) Syntactically incorrect redirects with another link in them 16001 no longer redirect to the second link 16002* (bug 15049) Fix for CheckUser extension's log search: usernames containing 16003 a "-" were incorrectly turned into bogus IP range searches. 16004 Patch by Max Semenik. 16005* (bug 15055) Talk page notifications no longer attempt to send mail when 16006 user's e-mail address is invalid or unconfirmed 16007* (bug 12370) Add throttle on password attempts. Defaults to max 5 attempts in 16008 5 minutes. 16009* (bug 15016) 'Templates used on this page' list in view source should be 16010 wrapped in a div with class "templatesUsed" 16011* (bug 14868) Setting $wgFeedDiffCutoff to 0 now disables generation of the 16012 diff entirely, not just the display of it. 16013* (bug 6387) Introduced new setting $wgCategoryPrefixedDefaultSortkey which 16014 allows having the unprefixed page title as the default category sortkey 16015* (bug 15079) Add class="ns-talk" / "ns-subject" to <body>. Also added 16016 ns-special to special pages. 16017* (bug 15052) Skins should add their name as a class in <body> 16018* (bug 14165, bug 14294) Wikimedia specific configuration in convertGrammar() 16019 for several languages was removed. The settings have been put in extension 16020 WikimediaMessages. Patch for Czech by Danny B. 16021* (bug 15101) Displaying only bots edits in Special:Recentchanges now works 16022 again 16023* (bug 13770) Fixed incorrect detection of PHP's DOM module 16024* (bug 14790) Export of category pages when using Category: prefix now actually 16025 gives results 16026* Avoid recursive crazy expansions in section edit comments for pages which 16027 contain '/*' in the title 16028* Fix excessive memory usage when parsing pages with lots of links 16029* $wgSpamRegex now matches the edit summary and page move descriptions in 16030 addition to body text. 16031* Navigation links to images available from a shared repository (like Commons) 16032 from their local talk pages no longer appear as redlinks 16033* Action=purge on ForeignApiFiles now works (purges their thumbnails and 16034 description pages). 16035* (bug 15303) Title conversion for templates wasn't working in some cases. 16036* (bug 15264) Underscores in Special:Search/Foo_bar parameters were taken 16037 literally; now converting them to spaces per expectation. 16038* (bug 15342) "Invert" checkbox now works correctly when selecting main 16039 namespace in Special:Watchlist 16040* (bug 15172) 'Go' button of Special:Recentchanges now on the same line as the 16041 last input element (like Special:Watchlist too) 16042* (bug 15351) Fix fatal error for invalid section fragments in autocomments 16043* Fixed intermittent deadlock errors involving objectcache table queries. 16044 Use a separate database connection for the objectcache table to avoid 16045 long-lasting locks on that table. 16046* Respect file restrictions in the file history list 16047* (bug 15399) Odd/even classes on sortable tables' rows could be slow for large 16048 tables, and have been disabled by default. 16049* (bug 15482) Special:Recentchangeslinked has no longer two submit buttons 16050* (bug 15292) New message notification for unregistred users now works again 16051* (bug 14398) mwsuggest.js: Let width of container be configurable 16052* (bug 15543) Only include user touched timestamp to generated CSS 16053* (bug 15497) Removed encoding attribute from <?xml ?> tag 16054* (bug 12284) Special:Preferences now sets a returnto parameter on the link to 16055 Special:UserLogin. Patch by Marooned. 16056* Fixed the HTTP accept language string detection length in 16057 LanguageConverter.php, instead of the fixed length language codes. 16058* Special:RecentChangesLinked no longer shows outgoing links for nonexistent 16059 pages even if there are broken link records with source article id 0 in the 16060 database 16061* (bug 15598) Special:Newpages default limit uses user preference for 16062 recentchanges limit instead of hardcoded 50. 16063* (bug 15617) $wgFeedClassesOutputPage::getHeadLinks() respects $wgFeedClasses, 16064 instead of hardcoding rss and atom. Patch by Juliano F. Ravasi. 16065* (bug 14638) Special:Blockip now provides a link to the block log if the user 16066 has been blocked more than 10 times. Patch by Matt Johnston. 16067* (bug 12678) Skins don't show Upload link if the user isn't allowed to upload. 16068* Fixed incorrect usage of DB_LAST in Special:Export. Deprecated DB_LAST. 16069* (bug 15642) Blocked sysops can no longer block other users 16070* Http::request() now respects $wgHTTPtimeout when not using cURL 16071* (bug 15158) Userinvalidcssjstitle not shown on preview 16072* (bug 15196) Free external links should be numbered in a localised manner 16073* (bug 15388) Title of Special:PrefixIndex 16074* Links with no title but a curid parameter now use the curid to pick a page 16075* (bug 10323) Special:Undelete should have "inverse selection" button 16076* (bug 15831) Modern skin RTL support is bugous 16077* (bug 15869) Nostalgia skin does not show page title in printable mode 16078* (bug 15795) Special:Userrights is now listed on Special:SpecialPages when the 16079 user can only change his rights 16080* (bug 15846) Categories "leak" from older revisions in certain circumstances 16081* (bug 15928) Special pages dropdown should be inline in non-MonoBook skins 16082* (bug 14178) Some uses of UserLoadFromSession hook cause segfault 16083* (bug 15925) Postitive bytes added on recentchanges and watchlists are now 16084 bolded if above the threshold, previously it only worked for negatives 16085* Specify apple-touch-icon before favicon in HTML head section to make the 16086 Konqueror browser correctly use the latter 16087* (bug 15717) Set $separatorTransformTable for language 'eu' 16088* (bug 15605) Enabled $datePreferences for language 'hr'. Added standard date 16089 preferences. 16090* (bug 13701) {{NUMBEROFVIEWS}} magic word to show number of total views. 16091* (bug 5101) Image from Commons doesn't show up when searched in Wikipedia 16092 search box 16093* (bug 14609) User's namespaces to be searched default not updated after adding 16094 new namespace 16095* Purge form uses valid XHTML 16096* (bug 12764) Special:LonelyPages shows transcluded pages 16097* (bug 16073) Enhanced RecentChanges uses onclick handler with better fallback 16098 if JavaScript is disabled 16099* (bug 4253) Recentchanges IRC messages no longer include title in diff URLs 16100* Allow '0' to be an accesskey. 16101* (bug 8063) Use language-dependent sorting in client-side sortable tables 16102* (bug 16160) Suggestions box should be resized from left for RTL wikis 16103* (bug 11533) Fixed insane slowdown when in read-only mode for long periods 16104 of time with CACHE_NONE (default objectcache table configuration). 16105* Trying to set two different default category sort keys for one page now 16106 produces a warning 16107* (bug 16143) Fix redirect loop on special pages starting with lower case 16108 letters 16109* (bug 15737) Fix notices while expanding using PPCustomFrame 16110* (bug 15544) Non-index entry points cause the "Wiki not set up" message to 16111 have corrupt URLs 16112* (bug 5101) Image from Commons doesn't show up when searched in Wikipedia 16113 search box 16114* (bug 4362) [[MediaWiki:History copyright]] no more used with most recent 16115 revision when passing oldid parameter in the url 16116* (bug 16265) When caching thumbs with the ForeignApiRepo, we now use the same 16117 filename as the remote site. 16118* (bug 8345) Don't autosummarize where a redirect was left unchanged 16119* Made thumb caching in ForeignApiFile objects integrated with normal thumb 16120 path naming (/thumbs/hash/file), retired 'apiThumbCacheDir' as a result. 16121* (bug 5530) Consistency between character encoding in {{PAGENAMEE}}, 16122 {{SUBPAGENAMEE}} and {{FULLPAGENAMEE}} 16123* Safer handling of non-MediaWiki exceptions -- now obeys our settings for 16124 formatting and path exposure. 16125* Less verbose errors from profileinfo.php when not configured 16126* Blacklist redirects via Special:Filepath, hard to use. 16127* Improved input validation on Special:Import form 16128* Add a .htaccess to deleted images directory for additional protection 16129 against exposure of deleted files with known SHA-1 hashes on default 16130 installations. 16131* Improved scripting safety heuristics for IE 5/6 content-type detection. 16132* Improved scripting safety heuristics on SVG uploads. 16133* (bug 11728) Unify layout of enhanced watchlist/recent changes 16134* (bug 8702) Properly update stats when running nukePage maintenance script 16135* (bug 7726) Searches for words less than 4 characters now work without 16136 requiring customization of MySQL server settings 16137* Honour unchecked "Leave a redirect behind" for moved subpages 16138* (bug 16440) Broken 0-byte math renderings are now deleted and re-rendered 16139 when page is re-parsed. 16140* (bug 6100) Unicode BiDi embedding/override characters (U+202A - U+202E) are 16141 now automatically removed from titles; these characters can accidentally end 16142 up in copy-and-pasted titles, and, by overriding normal bidirectional text 16143 handling, can lead to annoying behavior such as text rendering backwards 16144* Fixed minor bug where the memcached value for how many accounts an IP had 16145 created that day would be increased even if $wgAccountCreationThrottle was 16146 hit. This meant if an IP hit the throttle and then the throttle was raised 16147 later that day, the IP still couldn't create another account, because it 16148 had marked them as having created another account, when their last account 16149 creation had actually failed. 16150* (bug 12647) Allow autogenerated edit summary messages to be blanked with '-' 16151* (bug 16026) 'Revision-info' and 'revision-info-current' both accept wiki 16152 markup now. 16153* (bug 16529) Fix for search suggestions with some third-party JS libraries 16154* (bug 13342) importScript() generates more consistent URI encoding 16155* (bug 16577) When a blocked user tries to rollback a page, the block message 16156 is now only displayed once 16157* (bug 14268) SVG image sizes now extracted with proper XML parser 16158* (bug 14365) RepoGroup::findFiles() no longer crashes if passed an invalid 16159 title via the API 16160* (bug 4253, bug 16586) Revision ID is now given instead of title in URLs for 16161 new pages in the recent changes IRC feed 16162* Ugly tooltips in Special:Statistics were phased out in favor of more direct 16163 information. Went ahead and rewrote SpecialStatistics to subclass SpecialPage 16164* (bug 5506) Links to files on foreign repositories are now shown consistently 16165 as bluelinks e.g. in logs and edit summaries 16166* (bug 16623) Add missing </p> tag in Special:LockDB 16167* (bug 15849) Special:Movepage now throws a more specific error when trying to 16168 move a title to an interwiki target 16169* (bug 16638) 8-bit URL fallback encoding now set on additional languages using 16170 Arabic script (Persian, Urdu, Sindhi, Punjabi) 16171* (bug 16656) cleanupTitles and friends should now work in load-balanced 16172 DB environments when $wgDBserver isn't set. 16173* (bug 3691) Aspect ratio from viewBox attribute is now preserved for SVG 16174 images which do not specify width and height attributes. 16175* (bug 15027) Internet domain names and IP addresses can now be indexed and 16176 searched sensibly with the default MySQL search backend. 16177* (bug 11733) Fixed parameter validation in importTextFile.php 16178* (bug 16712) Special:NewFiles updated to use "newer"/"older" paging messages 16179 for clarity over "previous/next" 16180* (bug 16612) Fixed "noprint" class for Modern skin print style 16181* Section anchors now have an "id" attribute as well as a "name" attribute, 16182 even when Tidy is not used 16183* (bug 16026) revision-info, revision-info-current, cannotdelete, 16184 redirectedfrom, historywarning and difference messages now use Wiki text 16185 rather than raw HTML markup 16186* (bug 13835) Fix rendering of {{filepath:Wiki.png|nowiki}} 16187* (bug 16772) Special:Upload now correctly rejects files with spaces in the 16188 file extension (e.g. Foo. jpg). 16189* Image moving over an existing file no longer throws a database error 16190* (bug 16786) Restored "redundant" links recently removed from Classic sidebar 16191* (bug 16850) $wgActionPaths can have query strings now, previously, this broke 16192 local URLs 16193* (bug 16376) Mention in deleteBatch.php and moveBatch.php maintenance scripts 16194 that STDIN can be used for page list 16195* (bug 16560) Special:Random returns a page from ContentNamespaces, and no 16196 longer from NS_MAIN 16197 16198=== API changes in 1.14 === 16199 16200* Registration time of users registered before the DB field was created is now 16201 shown as empty instead of the current time. 16202* API search now falls back to fulltext search by default when using Lucene 16203 or other engine which doesn't support a separate title search function. 16204 This means you can use API search on Wikipedia without explicitly adding 16205 &srwhat=text to the query. 16206* Added iiprop=bitdepth to imageinfo and aiprop=bitdepth to allimages 16207* (bug 14713) API-specific permissions (such as 'writeapi' and 'apihighlimits' 16208 are now listed on action=help 16209* (bug 15044) Added requestid parameter to api.php to facilitate distinguishing 16210 between requests 16211* (bug 15048) Added limit field for multivalue parameters to action=paraminfo 16212 output. 16213* When the limit on multivalue parameters is exceeded, a warning is issued 16214* list=search doesn't list missing pages any more 16215* (bug 15178) Added clshow to prop=categories to allow filtering for hidden/ 16216 non-hidden categories 16217* (bug 15228) Combining revids= and redirects now throws a warning instead of 16218 an error, and still resolves redirects generated by the generator. 16219* list={backlinks,embeddedin,imageusage} now return arrays with keys 0, 1, 2, 16220 etc. (AKA lists) instead of arrays with pageIDs as keys (AKA hash tables) 16221 for consistency with other list modules. 16222* Added action=watch 16223* (bug 15275) apprefix and related parameters ignore spaces at the end 16224* action=edit no longer throws unknown error 228 when trying to create an 16225 empty section with section=new 16226* Database replication lag doesn't cause all action=edit requests to return the 16227 nochange flag any more 16228* (bug 15392) ApiFormatBase::formatHTML now uses $wgUrlProtocols. 16229* (bug 15444) action=edit returns "Unknown error: ``AS_END''" where it should 16230 return just "Unknown error" 16231* (bug 15448) YAML output returns empty values instead of 0 16232* (bug 15445) Added action=patrol 16233* (bug 15466) Added action=purge 16234* (bug 15486) action=block ignores autoblock parameter 16235* (bug 15492) added rcprop=loginfo to list=recentchanges 16236* (bug 15527) action=rollback can now revert anonymous editors 16237* (bug 15535) prop=info&inprop=protection doesn't list pre-1.10 protections 16238 if the page is also protected otherwise (1.10+ style or cascading) 16239* list=random now has rnredirect parameter, to get random redirects. 16240* Added APIAfterExecute, APIQueryAfterExecute and APIQueryGeneratorAfterExecute 16241 hooks which allow for extending core modules in a cleaner way 16242* action=protect checks for invalid protection types and levels 16243* (bug 15673) Added indentation to format=wddxfm output and improved built-in 16244 WDDX formatter to resemble PHP's more 16245* (bug 15706) Empty values for apprtype and apprlevel are now silently ignored 16246 rather than causing an exception 16247* Added uiprop=preferencestoken to meta=userinfo 16248* (bug 15609) Add inprop=url and inprop=readable to prop=info 16249* Add ApiDisabled and ApiQueryDisabled classes so individual modules can 16250 be disabled in LocalSettings.php 16251* (bug 15653) Add prop=duplicatefiles 16252* (bug 15768) Add list=watchlistraw 16253* (bug 15647) action=edit with basetimestamp fails if the page has been deleted 16254 and undeleted since the last edit 16255* (bug 15785) Allow for different expiry times for different protections in 16256 action=protect 16257* Added allowsduplicates attribute to action=paraminfo output 16258* (bug 15767) apfilterlanglinks returns duplicate results 16259* (bug 15845) Added pageid/fromid parameter to action=delete/move, making 16260 manipulation of legacy pages with invalid titles possible 16261* (bug 15881) Empty or invalid parameters cause database errors 16262* The maxage and smaxage parameters are now properly validated 16263* (bug 15945) list=recentchanges doesn't check $wgUseRCPatrol, $wgUseNPPatrol 16264 and patrolmarks right 16265* (bug 15985) acfrom and aifrom parameters didn't work when sorting in 16266 descending order. 16267* (bug 15995) Add cmstartsortkey and cmendsortkey parameters to 16268 list=categorymembers 16269* (bug 16017) list=categorymembers sets invalid continue parameters for 16270 sortkeys containing pipes 16271* (bug 16018) Added uccontinue parameter to list=usercontribs so paging 16272 works properly when multiple users are queried or a userprefix is used 16273* (bug 16047) Added activeusers attribute to meta=siteinfo&siprop=statistics 16274 output 16275* Added redirect resolution to action=parse 16276* (bug 16074) rvprop=content combined with a generator with a high limit causes 16277 an error 16278* (bug 16105) Image metadata attributes containing spaces result in invalid XML 16279* (bug 16126) Added siprop=magicwords to meta=siteinfo 16280* (bug 16159) Added wlshow=patrolled|!patrolled to list=watchlist 16281* (bug 16225) Titles like Talk:Talk:Foo broke apfrom and friends 16282* meta=siteinfo&siprop=interwikimap no longer throws an exception for empty 16283 sifilter parameter. 16284* (bug 12760) meta=userinfo&uiprop=ratelimits doesn't list group-specific rate 16285 limits 16286* (bug 16398) meta=userinfo&uiprop=rights lists some rights twice in some cases 16287* (bug 16408) Added rvgeneratexml to prop=revisions 16288* (bug 16421) Made list=logevents's leuser accept user names with underscores 16289 instead of spaces 16290* (bug 16516) Made rvsection=T-2 work 16291* (bug 16526) Added usprop=emailable to list=users 16292* (bug 16548) list=search threw errors with an invalid error code 16293* (bug 16515) Added pst and onlypst parameters to action=parse 16294* (bug 16541) Added block expiry timestamp to list=logevents output 16295* (bug 16613) action=protect doesn't tell when &cascade was set but cascading 16296 protection wasn't allowed 16297* (bug 16626) action=delete now correctly handles empty "reason" param 16298* (bug 15579) clshow considers all categories !hidden 16299* (bug 16647) list=allcategories, prop=categories don't return "hidden" 16300 property for hidden categories 16301* New siprop parameter of 'extensions' to list all installed extensions 16302* (bug 16672) Include canonical namespace name in 16303 meta=siteinfo&siprop=namespaces. 16304* (bug 16726) siprop=namespacealiases should also list localized aliases 16305* (bug 16730) Added apprfiltercascade parameter to list=allpages to filter 16306 cascade-protected pages 16307 16308=== Languages updated in 1.14 === 16309 16310MediaWiki supports over 300 languages. Many localisations are updated 16311regularly. Below only new and removed languages are listed. 16312 16313* Bakhtiari (bqi) (new) 16314* Fiji Hindi (Devanagari script) (hif-deva) (new) 16315* Krio (kri) (new) 16316* Lezghian (lez) (new) 16317* Laz (lzz) (new) 16318* Eastern Mari (mhr) (new) 16319* Niuean (niu) (new) 16320* Oromo (om) (new) 16321* Plautdietsch (pdt) (new) 16322* Western Punjabi (pnb) (new) 16323* Tarantino (roa-tara) (new) 16324* Serbo-Croatian (sh) (new) 16325* Tulu (tcy) (new) 16326 16327 16328== MediaWiki 1.13 == 16329 16330== MediaWiki 1.13.5 == 16331 16332February 22, 2009 16333 16334This is a maintenance update to the Summer 2008 snapshot release of MediaWiki. 16335 16336MediaWiki is now using a "continuous integration" development model with 16337quarterly snapshot releases. The latest development code is always kept 16338"ready to run", and in fact runs our own sites on Wikipedia. 16339 16340Release branches will continue to receive security updates for about a year 16341from first release, but nonessential bugfixes and feature developments 16342will be made on the development trunk and appear in the next quarterly release. 16343 16344Those wishing to use the latest code instead of a branch release can obtain 16345it from source control: http://www.mediawiki.org/wiki/Download_from_SVN 16346 16347== Changes since 1.13.4 == 16348 16349* (bug 17449) Fixed PostgreSQL installation 16350* (bug 17527) Fixed missing MySQL-specific options in installer 16351 16352== Changes since 1.13.3 == 16353 16354A number of cross-site scripting (XSS) security vulnerabilities were discovered 16355in the web-based installer (config/index.php). These vulnerabilities all 16356require a live installer -- once the installer has been used to install a wiki, 16357it is deactivated. 16358 16359Note that cross-site scripting vulnerabilities can be used to attack any website 16360in the same cookie domain. So if you have an uninstalled copy of MediaWiki on 16361the same site as an active web service, MediaWiki could be used to attack the 16362active service. 16363 16364If you are hosting an old copy of MediaWiki that you have never installed, you 16365are advised to remove it from the web. 16366 16367== Changes since 1.13.2 == 16368 16369David Remahl of Apple's Product Security team has identified a number of 16370security issues in previous releases of MediaWiki. Subsequent analysis by the 16371MediaWiki development team expanded the scope of these vulnerabilities. The 16372issues with a significant impact are as follows: 16373 16374* An XSS vulnerability affecting all MediaWiki installations between 1.13.0 and 16375 1.13.2. [CVE-2008-5249] 16376* A local script injection vulnerability affecting Internet Explorer clients for 16377 all MediaWiki installations with uploads enabled. [CVE-2008-5250] 16378* A local script injection vulnerability affecting clients with SVG scripting 16379 capability (such as Firefox 1.5+), for all MediaWiki installations with SVG 16380 uploads enabled. [CVE-2008-5250] 16381* A CSRF vulnerability affecting the Special:Import feature, for all MediaWiki 16382 installations since the feature was introduced in 1.3.0. [CVE-2008-5252] 16383 16384XSS (cross-site scripting) vulnerabilities allow an attacker to steal an 16385authorised user's login session, and to act as that user on the wiki. The 16386authorised user must visit a web page controlled by the attacker in order to 16387activate the attack. Intranet wikis are vulnerable if the attacker can 16388determine the intranet URL. 16389 16390Local script injection vulnerabilities are like XSS vulnerabilities, except 16391that the attacker must have an account on the local wiki, and there is no 16392external site involved. The attacker uploads a script to the wiki, which another 16393user is tricked into executing, with the effect that the attacker is able to act 16394as the privileged user. 16395 16396CSRF vulnerabilities allow an attacker to act as an authorised user on the wiki, 16397but unlike an XSS vulnerability, the attacker can only act as the user in a 16398specific and restricted way. The present CSRF vulnerability allows pages to be 16399edited, with forged revision histories. Like an XSS vulnerability, the 16400authorised user must visit the malicious web page to activate the attack. 16401 16402These four vulnerabilities are all fixed in this release. 16403 16404David Remahl also reminded us of some security-related configuration issues: 16405 16406* By default, MediaWiki stores a backup of deleted images in the images/deleted 16407 directory. If you do not want these images to be publically accessible, make 16408 sure this directory is not accessible from the web. MediaWiki takes some steps 16409 to avoid leaking these images, but these measures are not perfect. 16410* Set display_errors=off in your php.ini to avoid path disclosure via PHP fatal 16411 errors. This is the default on most shared web hosts. 16412* Enabling MediaWiki's debugging features, such as $wgShowExceptionDetails, may 16413 lead to path disclosure. 16414 16415Other changes in this release: 16416 16417* Avoid fatal error in profileinfo.php when not configured. 16418* Add a .htaccess to deleted images directory for additional protection against 16419 exposure of deleted files with known SHA-1 hashes on default installations. 16420* Avoid streaming uploaded files to the user via index.php. This allows 16421 security-conscious users to serve uploaded files via a different domain, and 16422 thus client-side scripts executed from that domain cannot access the login 16423 cookies. Affects Special:Undelete, img_auth.php and thumb.php. 16424* When streaming files via index.php, use the MIME type detected from the 16425 file extension, not from the data. This reduces the XSS attack surface. 16426* Blacklist redirects via Special:Filepath. Such redirects exacerbate any 16427 XSS vulnerabilities involving uploads of files containing scripts. 16428* Internationalisation updates. 16429 16430== Changes since 1.13.1 == 16431 16432* Security: Work around misconfiguration by requiring strict comparisons for 16433 in_array in User::isAllowed(). 16434* (bug 14944) Added $wgShellLocale for configuration of an appropriate locale 16435 to use for LC_CTYPE during shell invocation. For servers that don't have 16436 en_US.utf8. Also added locale detection during install. 16437* Localisation updates 16438* Security: Fixed XSS vulnerability in useskin parameter. 16439 16440== Changes since 1.13.0 == 16441 16442* (bug 15460) Fixed intermittent deadlock errors and poor concurrent 16443 performance for installations without memcached. 16444* (bug 13770) Fixed DOM module detection for installations with both dom 16445 and domxml. 16446* (bug 15148) Fixed Special:BlockIP for PostgreSQL 16447* Fixed SQLite support for non-memcached installations 16448* Localisation updates, Achinese (ace) added. 16449 16450== Changes since 1.13.0rc2 == 16451 16452* (bug 13770) Fixed incorrect detection of PHP's DOM module 16453* Fix regression from r37834: accesskey tooltip hint should be given for the 16454 minor edit and watch labels on the edit page. 16455* Updated Chinese simplified/traditional conversion tables 16456 16457== Changes since 1.13.0rc1 == 16458 16459* $wgForwardSearchUrl has been removed entirely. Documented setting since 1.4 16460 has been $wgSearchForwardUrl. 16461* (bug 14907) DatabasePostgres::fieldType now defined. 16462* (bug 14966) Fix SearchEngineDummy class for silently non-functional search 16463 on Sqlite instead of horribly fatal error breaky one. 16464* (bug 14987) Only fix double redirects on page move when the checkbox is 16465 checked 16466* (bug 13376) Use $wgPasswordSender, not $wgEmergencyContact, as return 16467 address for page update notification mails. 16468* API: Registration time of users registered before the DB field was created is 16469 now shown as empty instead of the current time. 16470* (bug 14904): fragments were lost when redirects were fixed. 16471* Added magic word __STATICREDIRECT__ to suppress the redirect fixer 16472* (bug 15035) Revert English linkTrail to /^([a-z]+)(.*)$/sD, as it was before 16473 r36253. Multiple reports of breakage due to old (pre-5.0) PCRE libraries, 16474 both bundled with PHP and packaged with distros such as RHEL. 16475* (bug 14944) Shell invocation of external programs such as ImageMagick convert 16476 was broken in PHP 5.2.6, if the server had a non-UTF-8 locale. 16477 16478 16479=== Configuration changes in 1.13 === 16480 16481* New option $wgFeed can be set false to turn off syndication feeds 16482* (bug 5745) Special:Whatlinkshere now shows up to $wgMaxRedirectLinksRetrieved 16483 links through each redirect instead of hardcoded 500 16484* Set $wgUploadSizeWarning to false by default 16485* Added $wgLBFactoryConf, for generic configuration of multi-master wiki farms 16486* Removed $wgAlternateMaster, use $wgLBFactoryConf 16487* (bug 13562) Misspelled option $wgUserNotifedOnAllChanges changed to 16488 $wgUserNotifiedOnAllChanges 16489* (bug 12860) New option $wgSitemapNamespaces allows sitemaps to be generated 16490 for only some namespaces 16491* Removed the emailconfirmed implicit group by default. To re-add it, use: 16492 $wgAutopromote['emailconfirmed'] = APCOND_EMAILCONFIRMED; 16493 in your LocalSettings.php. 16494* (bug 2396) New shared database configuration variables. $wgSharedPrefix allows 16495 you to use a shared database with a different prefix. Or you can now use a 16496 local database and use prefixes to separate wiki and the shared tables. And 16497 the new $wgSharedTables variable allows you to specify a list of tables to 16498 share. 16499* Automatic edit summaries can be disabled with $wgUseAutomaticEditSummaries 16500* Duplicates of images are now shown on the image page 16501* $wgRCFilterByAge allows for the list of dates in recent changes special pages 16502 to be filtered to only those within the range of $wgRCMaxAge 16503* $wgRCLinkLimits and $wgRCLinkDays allow for customization of the list and 16504 limits displayed on the recent changes special pages 16505* The "createpage" permission is no longer required when uploading if the target 16506 image page already exists 16507* $wgMaximumMovedPages restricts the number of pages that can be moved at once 16508 (default 100) with the new subpage-move functionality of Special:Movepage 16509* Hooks display in Special:Version is now disabled by default, use 16510 $wgSpecialVersionShowHooks = true; to enable it. 16511* $wgActiveUserEditCount sets the number of edits that must be performed over 16512 a certain number of days to be considered active 16513* $wgActiveUserDays is that number of days 16514* $wgRateLimitsExcludedGroups has been deprecated in favor of 16515 $wgGroupPermissions[]['noratelimit']. The former still works, however. 16516* New $wgGroupPermissions option 'move-subpages' added to control bulk-moving 16517 subpages along with pages. Assigned to 'user' and 'sysop' by default. 16518* New $wgRC2UDPOmitBots allows user to omit bot edits from UDP output. 16519 Default: false 16520* Removed $wgEnableCascadingProtection option. Disabling cascading protection 16521 is no longer possible. 16522* $wgMessageCacheType defines now the type of cache used by the MessageCache 16523 class, previously it was choosen based on $wgParserCacheType 16524* $wgExtensionAliasesFiles option to simplify adding aliases to special pages 16525 provided by extensions, in a similar way to $wgExtensionMessagesFiles 16526* Added $wgXMLMimeTypes, an array of XML mimetypes we can check for 16527 with MimeMagic. 16528* Added $wgDirectoryMode, which allows for setting the default CHMOD value when 16529 creating new directories. 16530* (bug 14843) $wgCookiePrefix can be set by LocalSettings now, false defaults 16531 current behavior. 16532 16533=== New features in 1.13 === 16534 16535* __HIDDENCAT__ on a category page causes the category to be hidden on the 16536 article page 16537* Do not show edit permissions errors on a red link click, just redirect to the 16538 article. This is so that readers who don't know what a red link is are not 16539 confused when they are told they are range-blocked. 16540* Add a new hook ImageBeforeProduceHTML to allow extensions to modify wikitext 16541 image syntax output 16542* (bug 13100) Added 'preloadtitle' parameter to action=edit§ion=new that 16543 pre-fills the section title field 16544* (bug 13112) Added Special:RelatedChanges alias to Special:RecentChangesLinked 16545* (bug 13130) Moved edit token and autosummary fields above edit tools to 16546 reduce broken form submissions 16547* Add --old-redirects-only option to maintenance/refreshLinks.php, to add old 16548 redirects to the redirect table 16549* Add links to page and file deletion forms to edit predefined delete reasons 16550* (bug 13269) Added MediaWiki:Uploadfooter to the bottom of Special:Upload 16551* (bug 2815) Search results for media now use thumbnail instead of text extract 16552* When a page doesn't exist, the tab should say "create", not "edit" 16553* (bug 12882) Added a span with class "patrollink" around "Mark as patrolled" 16554 link on diffs 16555* Magic word formatnum can now take raw suffix to undo formatting 16556* Add updatelog table to reliably permit updates that don't change the schema 16557* Add category table to allow better tracking of category membership counts 16558** (bug 1212) Give correct membership counts on the pages of large categories 16559** Use category table for more efficient display of Special:Categories 16560* (bug 1459) Search for duplicate files by hash: Special:FileDuplicateSearch 16561* (bug 9447) Added hooks for search result headings 16562* Image redirects are now enabled by default 16563* (bug 13450) Email confirmation can now be canceled before the expiration 16564* (bug 13490) Show upload/file size limit on upload form 16565* Redesign of Special:UserRights 16566* Make rev_deleted log entries more intelligible 16567* (bug 6943) Added PAGESINCATEGORY: magic word 16568* (bug 13604) Added Special:ListGroupRights 16569* (bug 6332, 8617) Added message 'mainpage-description' as duplicate of 16570 'mainpage' and added it to message 'sidebar' 16571* Automatically add old redirects to the redirect table when needed 16572* (bug 6934) Allow inclusions, links, redirects to be separately toggled on or 16573 off on Special:WhatLinksHere 16574* Cache image redirects 16575* (bug 10457) Organize Special:SpecialPages into sections 16576* Add a new hook EditPageBeforeConflictDiff to allow extensions like FCKeditor 16577 to modify the output for edit conflicts 16578* Add class="nested" for <fieldset>s so fieldsets inside fieldsets get 16579 a slightly less huge margin and padding 16580* (bug 13527) Use sitemaps.org format 0.9 instead of a Google-specific format 16581* Allow \C and \Q as TeX commands to match \R, \N, \Z 16582* On Special:UserRights, when you can add a group you can't remove or remove 16583 one you can't add, a notice is printed to warn you 16584* (bug 12698) Create PAGESIZE parser function, to return the size of a page 16585* Allow the "log in / create account" link in the toolbar to have different 16586 text from Special:UserLogin title (new message 'nav-login-createaccount') 16587* Say "log in / create account" if an anonymous user can create an account, 16588 otherwise just "log in", consistently across skins 16589* Special:Shortpages and Special:Longpages now returns pages in all content 16590 namespaces, not just NS_MAIN. 16591* (bug 889) Improve conflict-handling between shared upload repository 16592 and local one 16593* Update documentation links in auto-generated LocalSettings.php 16594* (bug 13584) The new hook SkinTemplateToolboxEnd was added. 16595* (bug 709) Cannot rename/move images and other media files [EXPERIMENTAL] 16596* Custom rollback summaries now accept the same arguments as the default message 16597* (bug 12542) Added hooks for expansion of Special:Listusers 16598* Drop-down AJAX search suggestions (turn on $wgEnableMWSuggest) 16599* More relevant search snippets (turn on $wgAdvancedSearchHighlighting) 16600* (bug 13950) Allow users to watch the user/talk pages of users they block. 16601* (bug 13970) Allow MonoBook-based skins to specify their own print stylesheet 16602* Show image links on Special:Whatlinkshere 16603* Use rel="start", "prev", "next" appropriately on Pager-based pages 16604* Add support for SQLite 16605* AutoAuthenticate hook renamed to UserLoadFromSession 16606* (bug 13232) importScript(), importStylesheet() funcs available to custom JS 16607* (bug 13095) Search by first letters or digits in [[Special:Categories]] 16608* Users moving a page can now move all subpages automatically as well 16609* (bug 14259) Localisation message for upload button on Special:Import is now 16610 'import-upload' instead of 'upload' 16611* Add information about user group membership to Special:Preferences 16612* (bug 14146) Wrap usage section on imagepages into <div>s. 16613* New layout for Special:Specialpages. Restricted pages are marked but not 16614 separated from other pages in their group. 16615* (bug 14263) Show a diff of the revert on rollback notification page. 16616* (bug 13434) Show a warning when hash identical files exist 16617* Sidebar is now cached for all languages 16618* The User class now contains a public function called isActiveEditor. Figures 16619 out if a user is active based on at least $wgActiveUserEditCount number of 16620 edits in the last $wgActiveUserDays days. 16621* SpecialSearchResults hook now passes results by reference, so they can be 16622 changed by extensions. 16623* Add a new hook LinkerMakeExternalLink to allow extensions to modify the output 16624 of external links. 16625* (bug 14132) Allow user to disable bot edits from being output to UDP. 16626* (bug 14328) jsMsg() within Wikibits now accepts a DOM object, not just a 16627 string 16628* (bug 14558) New system message (emailuserfooter) is now added to the footer of 16629 e-mails sent with Special:Emailuser 16630* Add support for Hijri (Islamic) calendar 16631* Add a new hook LinkerMakeExternalImage to allow extensions to modify the 16632 output of external (hotlinked) images. 16633* (bug 14604) Introduced the following features for the LanguageConverter: 16634 Multi-tag support, single conversion flag, remove conversion flag on a single 16635 page, description flag, variant name, multi-variant fallbacks. 16636* Add zh-mo and zh-my variants for the zh language 16637* (bugs 4832, 9481, 12890) Special:Recentchangeslinked now has all options that 16638 are in Special:Recentchanges 16639* Allow an $error message to be passed to ArticleDelete hook 16640* Allow extensions to modify the user creation form by calling addInputItem(); 16641* Add meta generator tag to HTML output 16642* MediawikiPerformAction hook is now passed the Mediawiki object 16643* Added blank special page Special:BlankPage for benchmarking, etc. 16644* Foreign repo file descriptions and thumbnails are now cached. 16645* (bug 11732) Allow localisation of edit button images 16646* Allow the search box, toolbox and languages box in the Monobook sidebar to be 16647 moved around arbitrarily using special sections in [[MediaWiki:Sidebar]]: 16648 SEARCH, TOOLBOX and LANGUAGES 16649* Add a new hook NormalizeMessageKey to allow extensions to replace messages 16650 before the database is potentially queried 16651* (bug 9736) Redirects on Special:Fewestrevisions are now marked as such. 16652* New date/time formats in Cs localization according to ČSN and PČP. 16653* Special:Recentchangeslinked now includes changes to transcluded pages and 16654 displayed images; also, the "Show changes to pages linked" checkbox now works 16655 on category pages too, showing all links that are not categorizations 16656* (bug 4578) Automatically fix redirects broken by a page move 16657 16658=== Bug fixes in 1.13 === 16659 16660* (bug 10677) Add link to the file description page on the shared repository 16661* (bug 13084) Increase size of source/destination filename fields in upload form 16662* (bug 13115) rebuildrecentchanges should print the current value of $wgRCMaxAge 16663* (bug 13140) Show parent categories in category namespace 16664* (bug 13149) Correctly format 'fileexists' message on Upload page 16665* Make the default filepageexists message accurate 16666* (bug 12988) $wgMinimalPasswordLength no longer breaks create user by email 16667* (bug 13022) Fix upload from URL on PHP 5.0.x 16668* (bug 13132) Unable to unprotect pages protected with earlier versions of 16669 MediaWiki 16670* (bug 12723) OpenSearch description name now uses more compact language code 16671 to avoid passing the length limit as often, is customizable per site via 16672 'opensearch-desc' message. 16673* (bug 13135) Special:Userrights now passes IDs through form submission 16674 to allow functionality on not-quite-right usernames 16675* (bug 12575) Prevent duplicate patrol log entries from being created 16676* (bug 13174) __HIDDENCAT__ now applies only to category pages 16677* (bug 13031) Add links to user pages in e-mail form 16678* (bug 13147) Description for categoriespagetext (used in Special:Categories) 16679 reworded 16680* (bug 11561) Fix fatal error when calling action=revert to non-image page 16681* (bug 12430) Fix call to private method LinkFilter::makeRegex fatal error in 16682 maintenance/cleanupSpam.php 16683* All skins should have the "mediawiki" class on the body element 16684* (bug 13019) Message cache for some extensions not loaded at time of editing 16685* (bug 13247) Prettified ISBN links 16686* maintenance/refreshLinks.php did not fix page_id 1 with the --new-only option 16687* (bug 13110) Don't show "Permission error" page if the edit is already rolled 16688 back when using rollback 16689* (bug 13012) Use content messages for block options when generating the 16690 recentchanges entry 16691* (bug 13274) Change links for messages to ucfirst 16692* (bug 13273) Un-hardcode some punctuation (add new messages colon-separator, 16693 autocomment-prefix) 16694* Parse MediaWiki message translations with a correct language setting on 16695 preview 16696* (bug 13281) Treat X-Forwarded-For, Client-ip and User-Agent headers as 16697 case-insensitive names. 16698* Adding the fix for lists in RTL wikis to more skins, and fixing the image toc 16699* (bug 8157) Remove redirects from Special:Unusedtemplates. Patch by WebBoy. 16700* (bug 10721) Duplicate section anchors with differing case now disambiguated 16701 for Internet Explorer's sake and standards compliance 16702* (bug 13298) Tighter limits on Special:Newpages limits when embedding 16703* Email subject in content language instead of sending user's UI language 16704* (bug 13251) Allow maintenance rebuild scripts to work with Postgres 16705* (bug 2084) Fixed incorrect regex to match redirects 16706* (bug 3131) Manually-specified upload destination filename is no longer 16707 overwritten by browsing for a file after you wrote it. 16708* (bug 7251) Sidebars generated by MediaWiki:Sidebar now have the class 16709 'generated-sidebar'. 16710* (bug 13265) Media handler is missing 'image/x-bmp' 16711* (bug 13407) MediaWiki:Powersearch is used in two places 16712* (bug 13403) Fix cache invalidation of history pages when old revisions change 16713* (bug 11563) Deprecated SearchMySQL4 class; merged code to SearchMySQL 16714* (bug 12801) Fix link in subtitle message in AJAX search 16715* (bug 13428) Fix regression in protection form layout HTML validity 16716* (bug 9403) Sanitize newlines from search term input 16717* (bug 13429) Separate date and time in message sp-newimages-showfrom 16718* (bug 13137) Allow setting 'editprotected' right separately from 'protect', 16719 so groups may optionally edit protected pages without having 'protect' perms 16720* Disallow deletion of big pages by means of moving a page to its title and 16721 using the "delete and move" option. 16722* (bug 13466, 13632) White space differences not shown in diffs 16723* (bug 1953) Search form now honors namespace selections more reliably 16724* (bug 12294) Namespace class renamed to MWNamespace for PHP 5.3 compatibility 16725* PHP 5.3 compatibility fix for wfRunHooks() called with no parameters 16726* (bug 6447) Trackbacks now work with transactional tables, if enabled 16727* (bug 6892, 7147) Trackback error handling, optional fields more robust 16728* (bug 6813) Don't break HTML validator when using trackbacks 16729* Fix for size checks on SVG images with global 'stroke-width' attribute 16730* (bug 11874) Inline CSS with !important no longer borken 16731* (bug 1600) Strip extra == section markup == in new-comment field 16732* (bug 11325) Wrapped page titles in MonoBook skin spaced more nicely 16733* (bug 12077) Fix HTML nesting for TOC 16734* (bug 344) Purge cache for talk/article pages when deleting the other tab 16735* (bug 13436) Treat image captions correctly when they include option keywords 16736 (like ending with "px" or starting with "upright") 16737* Trackback display formatting fixed 16738* Don't die when single-element arrays are passed to SQL query constructors 16739 that have an array index other than 0 16740* (bug 13522) Fix fatal error in Parser::extractTagsAndParams 16741* (bug 13532) Use proper timestamp call when reverting images 16742* (bug 13543) Updated FAQ link in the installer sidebar 16743* (bug 13540) Date format in confirmation e-mail now matches message language 16744* (bug 13554) PHP Notice in old pre-processor when list item is empty. 16745* (bug 13556) Don't show a blank form if no image is attached in Special:Upload 16746* (bug 13576) maintenance/rebuildrecentchanges.php fails 16747* (bug 13441) Allow Special:Recentchanges to show bots only 16748* (bug 13431) Show true message source in Special:Allmessages&ot=php / xml 16749* (bug 13463) Login successful page doesn't use user's preferred interface 16750 language 16751* (bug 13630) Fixed warnings for pass by reference at call time in 16752 Special:Revisiondelete when generating the log entry. 16753* (bug 12064) BeforePageDisplay hook is now called for all skins 16754* (bug 13624) Fix regression with manual thumb= parameter on images 16755* (bug 11039) Add missing labels on protection form 16756* (bug 13458) Preview/edit toolbar spacing now works consistently 16757* (bug 13433) Fix action=render on Image: pages 16758* (bug 13678) Fix CSS validation for Monobook 16759* (bug 13684) Links in Special:ListGroupRights should be in content language 16760* (bug 13690) Fix PHP notice on accessing some URLs 16761* Hide (undo) link if user isn't able to edit page 16762* Invalidate cache of pages that includes images via redirects on upload 16763* (bug 13705) Don't show rollback link in page history on incorrect revisions 16764* (bug 13708) Don't set "Search results" title when loading Special:Search 16765 without query 16766* (bug 13736) Don't show MediaWiki:Anontalkpagetext on non-existent IP addresses 16767* (bug 13728) Don't trim initial whitespace during section edits 16768* (bug 13727) Don't delete log entries from recentchanges on page deletion 16769* (bug 13752) Redirects to sections now work again 16770* (bug 13725) Upload form watch checkbox state set correctly with wpDestFile 16771* (bug 13756) Don't show the form and navigation links of Special:Newpages if 16772 the page is included 16773* When hiding things on WhatLinksHere, generated URLs should hide them too 16774* Properly escape search terms with regex chars so they appear highlighted in 16775 search results 16776* (bug 13768) pt_title field encoding fixed 16777* Do not display empty columns on Special:UserRights if all groups are 16778 changeable or all unchangeable 16779* Fix fatal error on calling PAGESINCATEGORY with invalid category name 16780* (bug 13793) Special:Whatlinkshere filters wrong - after paginating instead of 16781 before 16782* (bug 13796) Show links to parent pages even if some of them are missing 16783* (bug 13816) Filter by main namespace doesn't work on WhatLinksHere 16784* (bug 13822) Fatal error on some pages when calculating subpage subtitle 16785* (bug 13824) AJAX search suggestion now works with non-SkinTemplate skins 16786* Added 'application/x-dia-diagram' MediaWiki's known MIME types 16787* (bug 13866) skins/common/shared.css - invalid attribute fixing 16788* Hide edit section links on Special:Undelete 16789* (bug 13860) Fix "Justify paragraphs" option for Modern skin 16790* (bug 13168) accessibility links in Modern skin link to wrong anchor id 16791* (bug 13185) No line break after 'subpages' class in Modern skin 16792* (bug 13583) No "poweredby" in Modern skin 16793* (bug 13880) "Printable" link in Modern skin now formats as print mode 16794* (bug 13885) Bump default $wgSVGMaxSize from 1024 to 2048 pixels 16795* (bug 13891) Show categories box even if all categories are hidden and user has 16796 "show hidden categories" option on 16797* (bug 13915) Undefined variable $wltsfield in includes/SpecialWatchlist.php 16798* (bug 13913) Special:Whatlinkshere now has correct HTML markup 16799* (bug 13905) Blacklist Mac IE from HttpOnly cookies; it eats them sometimes 16800* (bug 13922) Fix bad HTML on empty Special:Prefixindex and Special:Allpages 16801* (bug 13924) Fix bad HTML on power search form 16802* (bug 13820) Fix updater for rev_parent_id population 16803* (bug 13925) Fix bad HTML on search results list 16804* (bug 13934) Fixing the link to GNU General Public License Version 2 16805* Show correct accesskey prefix for Firefox 3 beta (Alt-Shift-, not Alt-) 16806* (bug 13949) Special:PrefixIndex/AllPages paging links contain invalid XML 16807* (bug 13770) Use Preprocessor_Hash by default to avoid missing DOM module 16808 errors 16809* (bug 13982) Disable ccmeonemails preference when user-to-user mails disabled 16810* (bug 13615) Update case mappings and normalization to Unicode 5.1.0 16811 Note that case mappings will only be used if mbstring extension is not 16812 present. 16813* (bug 14044) Don't increment page view counters on views from bot users 16814* (bug 14042) Calling Database::limitResult() misplaced the comment in the log 16815 file 16816* (bug 14047) Fix regression in installer which hid DB-specific options 16817 Also makes SQLite path configurable in the installer. 16818* (bug 13546) Follow image redirects on image page 16819* (bug 12644) Template list on edit page now sorted on preview 16820* (bug 14058) Support pipe trick for namespaces and interwikis with "-" 16821* Message name filter on Special:Allmessages now case-insensitive 16822* (bug 13943) Fix image redirect behavior on image pages 16823* (bug 14093) Do 'sysop' => 'protect' magic in Title::isValidMoveOperation 16824* (bug 14063) Power search form missing <label> for redirects check 16825* (bug 14111) Similar filename warning links now lead to correct page 16826* (bug 14082) Fix for complex text input vs AJAX suggestions on some browsers 16827* (bug 13693) Categories sometimes claim to have a negative number of members 16828* (bug 1701) Korean Hangul syllables now broken down properly in Category lists 16829 even if the wiki's overall content language is not Korean 16830* (bug 12773) addOnloadHook() now calls functions immediately when scripts are 16831 loaded after the primary page completion, instead of dropping them 16832* (bug 14199) Fix deletion form for image redirect pages 16833* (bug 14220) Disabling $wgCheckFileExtensions now works without also 16834 disabling $wgStrictFileExtensions 16835* (bug 14241) Pages can no longer be protected to levels you are not in 16836* (bug 14296) Fix local name of ang: (Anglo-Saxon) 16837* (bug 4871) Hardcoded superscript in time zone preferences moved to message 16838* (bug 6957) E-mail confirmation links now using English special page name 16839 for better compatibility and keeping the links shorter. Avoids problem 16840 with corrupt links in Gmail on IE 6. 16841* (bug 14273) Fix for HTTP Accept header parsing with spaces as from Konqueror 16842* (bug 14312) Update LanguageKaa.php for handling transform issues with i to İ 16843 and I to ı 16844* (bug 13826) MediaWiki:Defaultns accepts Wikicode 16845* (bug 14324) Creating an account is again possible with $wgEmailConfirmToEdit 16846 set to true 16847* (bug 13034) Interwiki pages can now be reached using Go search button 16848* (bug 14362) Change interwiki names of Erzya and Moksha Wikipedias 16849* (bug 14370) When a grouppage-x message does not exist the entry on the 16850 ListGroupRights special page now links to the project namespace page for it, 16851 not the main namespace page. 16852* (bug 11659) Urldecode image names in galleries 16853* (bug 14258, 14368) Fix for subpage renames in replication environments 16854* (bug 14367) Failed block no longer adds phantom watchlist entry 16855* (bug 14385) "Move subpages" option no longer tries to move to invalid titles 16856* (bug 14386) Fix subpage namespace oddity when moving a talk page 16857* (bug 11771) Signup form now not shown if in read-only mode. 16858* (bug 12859) $wgRateLimitsExcludedGroups has been deprecated in favor of 16859 $wgGroupPermissions[]['noratelimit']. 16860* (Bug 13828) Split parameter $1 of MediaWiki:Missingarticle into $1 (=title) 16861 and $2 (=revision numbers) 16862* (bug 14401) Fix Safari access key tooltips for Windows and >3.1 Mac versions 16863* (bug 14432) Fix notice regression in Special:Newpages feed mode 16864* (bug 11951) EditPage::getEditToolbar() is now static. 16865* (bug 14392) Fix regression breaking table prefix in installer 16866* (bug 11084) $wgDBprefix replacement for updater SQL will now work for 16867 extension tables using uppercase letters or digits in their names. 16868* (bug 12311) Fix regression with lists at start of undeletion preview 16869* (bug 14496) Fix regression with parseinline on Special:Upload. 16870* We no longer just give up on a missing upload base directory; it's now 16871 created automatically if we have sufficient permissions! 16872* (bug 14479) MediaWiki:upload-maxfilesize should have a div id wrapper 16873* (bug 14497) Throw visible errors in installer scripts when SQL files 16874 fail due to database permission or other error 16875* (bug 14500) Site feed (Recentchanges) no longer shows up on the actual 16876 recent changes page. 16877* (bug 14511) MediaWiki:Delete-legend is no longer double escaped 16878* Generate correct section anchors for numeric headers 16879* (bug 14520) Don't load nonexistent CSS files for Chick/Myskin/Simple skins 16880* (bug 14551) Cancel upload no longer automatically suppresses warnings 16881* (bug 13878) Deprecate Article::getDB() in favor of direct wfGetDB() calls 16882* (bug 4977) Fix for possible squid purging errors when using HTTP purges 16883 and multiple servers 16884* (bug 14572) Redirects listed on file links on image pages no longer redirect. 16885* (bug 14537) Change interwiki name for Old Church Slavonic (cu) 16886* (bug 14583) Fix regression in recent changes "limit to certain categories." 16887* (bug 14515) HTML nesting cleanup on edit form 16888* (bug 14647) Removed unused 'townBox' CSS classes 16889* (bug 14687) OutputPage::addStyle() now adds type="text/css" like it should. 16890* OpenSearch cleanup; Firefox now sends you to the search page for empty 16891 searches instead of the domain root (which may not even be a wiki). 16892* (bug 3481) Pages moved shortly after creation are shown at their new title 16893 on Special:Newpages. 16894* (bug 12716) Trying to unprotect a title that isn't protected no longer 16895 generates a log entry. 16896* (bug 14088) Excessively long block expiry times are rejected as invalid, 16897 keeps the log page from being distorted. 16898* (bug 14708) Emulate INSERT...IGNORE with standard SQL for Postgres backend. 16899* (bug 14646) Fix some double-escaping of HTML in feed output 16900* (bug 14709) Fix login success message formatting when using cookie check 16901* (bug 14710) Remove "donate" link from default sidebar 16902* (bug 14745) Image moving works on sites that transform thumbnails via 404 16903* (bug 2186) Document.write() in wikibits caused failures when using 16904 application/xhtml+xml. The calls to this have been removed. 16905* (bug 14764) Fix regression in from Article::lastModified(), failed to work 16906 on non-mySQL schemas. 16907* (bug 14763) Child classes of Database (DatabasePostgres and DatabaseOracle) 16908 had strict standards issues with setFakeSlaveLag() and setFakeMaster(). 16909* (bug 451) Improve the phrase mappings of the Chinese converter arrays. 16910* (bug 12487) Rights log is not fully internationalized 16911* (bug 10837) Language variants no longer override other languages than base 16912* (bug 14778) 'limit' parameter now applies to history feeds as well as 16913 history pages 16914* (bug 14845) Bug in prefs javascript: Calling an array item without checking 16915 its existance. 16916* Accesskeys for minor edit/watch checkboxes on edit now work in Firefox 3 16917* (bug 12384) Comments in maintenance/*php 16918* (bug 12441) ./maintenance/generateSitemap.php fix -fspath requiring 16919 a trailing slash. 16920* (bug 12568) configuration script now produce valid XHTML. 16921* The accesskey to edit a page is now disabled when editing the page, to pre- 16922 vent conflicts with Safari shortcuts. 16923 16924=== API changes in 1.13 === 16925 16926* Fixing main page display in meta=siteinfo 16927* (bug 13128) Added patrolled flag to list=recentchanges 16928* Implemented {bl,ei,iu}redirect (lists links through redirects as well) 16929* (bug 13154) Introduced subpages flag to meta=siteinfo&siprop=namespaces 16930* (bug 13157) Added ucuserprefix parameter to list=usercontribs 16931* (bug 12394) Added rctitles parameter to list=recentchanges, making rcid 16932 retrieval easier 16933* (bug 13218) Fix inclusion of " character in hyperlinks 16934* Added watch and unwatch parameters to action=delete and action=move 16935* Added action=edit 16936* (bug 11401) Added xmldoublequote to xml formatter 16937* Added rvsection parameter to prop=revisions to allow fetching the content of 16938 a certain section only 16939* Introduced list=allimages 16940* (bug 13371) Build page set from image hashes 16941* Mark non-existent messages in meta=allmessages as missing 16942* (bug 13390) One invalid title no longer kills an entire API query 16943* (bug 13419) Fix gblredirect so it actually works 16944* (bug 13418) Disable eiredirect because it's useless 16945* (bug 13395) list=allcategories should use category table 16946* (bug 13442) Missing pages in prop=langlinks and prop=extlinks are now 16947 handled properly. 16948* (bug 13444) Add description to list=watchlist 16949* (bug 13482) Disabled search types handled properly 16950* Added inprop=talkid,subjectid to prop=info 16951* Added help text message that specifies whether a module is POST-only 16952* Added createonly parameter to action=edit 16953* Replaced $wgAPIUCUserPrefixMinLength by the more generic $wgAPIMaxDBRows 16954* (bug 11719) Remove trailing blanks in YAML output. 16955* (bug 13541) Added siprop=specialpagealiases to meta=siteinfo 16956* Added fallback8bitEncoding and readonly fields to 16957 meta=siteinfo&siprop=general output 16958* (bug 13544) Added prop=revid to action=parse 16959* (bug 13603) Added siprop=usergroups to meta=siteinfo 16960* Cleaned up redirect resolution 16961* Added possibility to obtain all external links through list=exturlusage 16962* (bug 13606) Added archivename to iiprop 16963* (bug 11633) Explicitly convert redirect titles to strings due to PHP's 16964 very weak typing on array keys. 16965* (bug 12136) Extend allowed characters in JSON callback to ][.'"_A-Za-z0-9 16966* (bug 11673) Return error 'unknown_action' in specified format 16967* (bug 13618) Added rcprop=redirect and rcshow=redirect to list=recentchanges 16968* (bug 13544) Added oldid parameter to action=parse to allow for parsing of old 16969 revisions 16970* (bug 13718) Return the proper continue parameter for cmsort=timestamp 16971* action=login now returns the correct waiting time in the details property 16972* (bug 13792) Broken titles are now silently skipped in search results. 16973* (bug 13819) exturlusage paging skipped an item 16974* Fixed handling of usernames containing spaces in list=block 16975* (bug 13836) Fixed fatal errors resulting from combining iiprop=metadata with 16976 format=xml 16977* (bug 13735) Added prop=categoryinfo module 16978* (bug 13945) Retrieve cascading protection sources via inprop=protection 16979* (bug 13965) Hardcoded 51 limit on titles is too limiting 16980* (bug 13993) apfrom doesn't work with apdir=descending 16981* (bug 14018) Introduced alcontinue to list=alllinks to improve paging 16982* (bug 14013) Added rcshow=patrolled to list=recentchanges 16983* (bug 14028) Added language attribute to interwiki map in meta=siteinfo 16984* (bug 14022) Added usprop=registration and auprop=blockinfo 16985* (bug 14021) Removed titles= support from list=backlinks (has been obsolete 16986 for ages) 16987* (bug 13829) Expose parse tree via action=expandtemplates 16988* (bug 13606) Allow deletion of images 16989* Added iiprop=mime and aiprop=metadata 16990* Handled unrecognized values for parameters more gracefully 16991* Handled requesting disallowed tokens more gracefully 16992* (bug 14140) URL-encoded page titles are now decoded in edit summaries 16993* (bug 14243) Only accept post requests in action=edit; patch by HardDisk 16994* action=block now returns an ISO8601 timestamp, like all other modules do 16995* Added md5 parameter to action=edit 16996* (bug 14335) Logging in to unified account using API not possible 16997* Added action=emailuser to send an email to a user 16998* (bug 14471) Use HTMLTidy and generate limit report in action=parse 16999* (bug 14459) Added prependtext and appendtext parameters to action=edit 17000* (bug 14526) Unescaped SQL in list=backlinks 17001* Added 'hidden' flag to list=allcategories and prop=categoryinfo output 17002* Added nocreate parameter to action=edit 17003* (bug 14402) Added maxage and smaxage parameters to api.php 17004* Added bkip parameter to list=blocks 17005* (bug 14651) apprefix and similar parameters are now canonicalized 17006* Added clprop=timestamp to prop=categories 17007* (bug 14678) API errors now respects $wgShowExceptionDetails and 17008 $wgShowSQLErrors 17009* (bug 14723) Added time zone and writing direction to meta=siteinfo 17010* Added APIQueryInfoTokens and APIQueryRevisionsTokens hooks so extensions 17011 can add their own tokens 17012* Added block and unblock tokens to prop=info as well 17013* Added paging (limit and continue parameters) to 17014 prop={links,templatelinks,langlinks,extlinks,categories,images} 17015* Added flag "top" to list=usercontribs if the user is the last contributor to 17016 the page 17017* list=exturlusage in "list all links" mode can now filter by protocol 17018 17019== MediaWiki 1.12 == 17020 17021== MediaWiki 1.12.4 == 17022 17023February 7, 2009 17024 17025A number of cross-site scripting (XSS) security vulnerabilities were discovered 17026in the web-based installer (config/index.php). These vulnerabilities all 17027require a live installer -- once the installer has been used to install a wiki, 17028it is deactivated. 17029 17030Note that cross-site scripting vulnerabilities can be used to attack any 17031website in the same cookie domain. So if you have an uninstalled copy of 17032MediaWiki on the same site as an active web service, MediaWiki could be used to 17033attack the active service. 17034 17035If you are hosting an old copy of MediaWiki that you have never installed, you 17036are advised to remove it from the web. 17037 17038== MediaWiki 1.12.3 == 17039 17040* Fixed packaging/distribution error. Many files were missing from the 17041distributed tarball. 17042 17043== MediaWiki 1.12.2 == 17044 17045David Remahl of Apple's Product Security team has identified a number of 17046security issues in previous releases of MediaWiki. Subsequent analysis by the 17047MediaWiki development team expanded the scope of these vulnerabilities. The 17048issues with a significant impact are as follows: 17049 17050* A local script injection vulnerability affecting Internet Explorer clients 17051for all MediaWiki installations with uploads enabled. [CVE-2008-5250] 17052* A local script injection vulnerability affecting clients with SVG scripting 17053capability (such as Firefox 1.5+), for all MediaWiki installations with SVG 17054uploads enabled. [CVE-2008-5250] 17055* A CSRF vulnerability affecting the Special:Import feature, for all MediaWiki 17056installations since the feature was introduced in 1.3.0. [CVE-2008-5252] 17057 17058A local script injection vulnerability allows an attacker with a wiki account 17059to steal another user's login session, and to act as that user on the wiki. The 17060attacker uploads a malicious script file, and tricks the victim into executing 17061it. 17062 17063CSRF vulnerabilities allow an attacker to act as an authorised user on the 17064wiki, but unlike an XSS vulnerability, the attacker can only act as the user in 17065a specific and restricted way. The present CSRF vulnerability allows pages to 17066be edited, with forged revision histories. Like an XSS vulnerability, the 17067authorised user must visit the malicious web page to activate the attack. 17068 17069These three vulnerabilities are all fixed in this release. 17070 17071David Remahl also reminded us of some security-related configuration issues: 17072 17073* By default, MediaWiki stores a backup of deleted images in the images/deleted 17074directory. If you do not want these images to be publically accessible, make 17075sure this directory is not accessible from the web. MediaWiki takes some steps 17076to avoid leaking these images, but these measures are not perfect. 17077* Set display_errors=off in your php.ini to avoid path disclosure via PHP fatal 17078errors. This is the default on most shared web hosts. 17079* Enabling MediaWiki's debugging features, such as $wgShowExceptionDetails, may 17080lead to path disclosure. 17081 17082Other changes in this release: 17083 17084* Avoid fatal error in profileinfo.php when not configured. 17085* Add a .htaccess to deleted images directory for additional protection against 17086exposure of deleted files with known SHA-1 hashes on default installations. 17087* Avoid streaming uploaded files to the user via index.php. This allows 17088security-conscious users to serve uploaded files via a different domain, and 17089thus client-side scripts executed from that domain cannot access the login 17090cookies. Affects Special:Undelete, img_auth.php and thumb.php. 17091* When streaming files via index.php, use the MIME type detected from the file 17092extension, not from the data. This reduces the XSS attack surface. 17093* Blacklist redirects via Special:Filepath. Such redirects exacerbate any XSS 17094vulnerabilities involving uploads of files containing scripts. 17095* Internationalisation updates. 17096 17097== MediaWiki 1.12.1 == 17098 17099Changes since 1.12.0: 17100* (bug [[bugzilla:13522|13522]]) Fix fatal error in Parser::extractTagsAndParams 17101* (bug [[bugzilla:12077|12077]]) Fix HTML nesting for TOC 17102* (bug [[bugzilla:13532|13532]]) Use proper timestamp call when reverting images 17103* (bug [[bugzilla:13649|13649]], [[bugzilla:14084|14084]]) Bad call to 17104wfTimestamp() 17105* (bug [[bugzilla:13770|13770]]) Use Preprocessor_Hash by default to avoid 17106missing DOM module errors 17107* (bug [[bugzilla:13442|13442]]) API: Missing pages in prop=langlinks and 17108prop=extlinks are now handled properly. 17109* (bug [[bugzilla:13482|13482]]) API: Disabled search types handled properly 17110* (bug [[bugzilla:13836|13836]]) API: Fixed fatal errors resulting from 17111combining iiprop=metadata with format=xml 17112* (bug [[bugzilla:11633|11633]]) API: Explicitly convert redirect titles to 17113strings due to PHP's very weak typing on array keys. 17114* API: Fixing main page display in meta=siteinfo 17115* (bug [[bugzilla:11719|11719]]) API: Remove trailing blanks in YAML output. 17116* (bug [[bugzilla:13718|13718]]) API: Return the proper continue parameter for 17117cmsort=timestamp 17118* Security: Work around misconfiguration by requiring strict comparisons for 17119in_array in User::isAllowed(). 17120* Security: Fixed XSS vulnerability in useskin parameter. 17121 17122== MediaWiki 1.12.0 == 17123 17124This is the quarterly branch release of [[MediaWiki]] for Winter 2008. 17125 17126MediaWiki is now using a "continuous integration" development model with 17127quarterly snapshot releases. The latest development code is always kept "ready 17128to run", and in fact runs our own sites on [[wikipedia:|Wikipedia]]. 17129 17130Release branches will continue to receive security updates for about a year 17131from first release, but nonessential bugfixes and feature developments will be 17132made on the development trunk and appear in the next quarterly release. 17133 17134Those wishing to use the latest code instead of a branch release can obtain it 17135from source control: [[Download from SVN]]. 17136 17137Changes since 1.12.0rc1: 17138*(bug [[bugzilla:13359|13359]]) Double-escaping in [[Special:Allpages]]. 17139*Localization updates. 17140 17141== MediaWiki 1.12.0rc1 == 17142 17143This is a release candidate of the Winter 2008 quarterly snapshot release of 17144[[MediaWiki]]. 17145 17146MediaWiki is now using a "continuous integration" development model with 17147quarterly snapshot releases. The latest development code is always kept "ready 17148to run", and in fact runs our own sites on [[wikipedia:|Wikipedia]]. 17149 17150Release branches will continue to receive security updates for about a year 17151from first release, but nonessential bugfixes and feature developments will be 17152made on the development trunk and appear in the next quarterly release. 17153 17154Those wishing to use the latest code instead of a branch release can obtain it 17155from source control: [[Download from SVN]]. 17156 17157This is the Winter 2007 quarterly release. 17158 17159MediaWiki is now using a "continuous integration" development model with 17160quarterly snapshot releases. The latest development code is always kept 17161"ready to run", and in fact runs our own sites on Wikipedia. 17162 17163Release branches will continue to receive security updates for about a year 17164from first release, but nonessential bugfixes and feature developments 17165will be made on the development trunk and appear in the next quarterly release. 17166 17167Those wishing to use the latest code instead of a branch release can obtain 17168it from source control: https://www.mediawiki.org/wiki/Download_from_SVN 17169 17170=== Configuration changes in 1.12 === 17171* Marking edits as bot edits with Special:Contributions?bot=1 now requires the 17172 markbotedit permission, rather than the rollback permission previously used. 17173 This permission is assigned by default to the sysop group. 17174* MediaWiki now checks if serialized files are out of date. New configuration 17175 variable $wgCheckSerialized can be set to false to enable old behavior (i.e. 17176 to not check and assume they are always up to date) 17177* The rollback permission can now be rate-limited using the normal mechanism. 17178* New configuration variable $wgExtraLanguageNames 17179* Behavior of $wgAddGroups and $wgRemoveGroups changed. New behavior: 17180* * Granting the userrights privilege allows arbitrary changing of rights. 17181* * Without the userrights privilege, a user will be able to add and/or 17182 remove the groups specified in $wgAddGroups and $wgRemoveGroups for 17183 any groups they are in. 17184* New permission userrights-interwiki for changing user rights on foreign wikis. 17185* $wgImplicitGroups for groups that are hidden from Special:Listusers, etc. 17186* $wgAutopromote: automatically promote users who match specified criteria 17187* $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf: allow users to add or remove 17188 themselves from specified groups via Special:Userrights. 17189* When $wgUseTidy has been enabled, PHP's Tidy module is now used if it is 17190 present, in preference to an external Tidy executable which may or may not 17191 be present. To force use of external Tidy even when the PHP module is 17192 available, set $wgTidyInternal to false. 17193 17194 17195=== New features in 1.12 === 17196* (bug 10735) Add a warning for non-descriptive filenames at Special:Upload 17197* Add {{filepath:}} parser function to get full path to an uploaded file, 17198 complementing {{fullurl:}} for pages. 17199* (bug 11136) If using Postgres, search path is explicitly set if wgDBmwschema 17200 is not set to 'mediawiki', allowing multiple mediawiki instances per user. 17201* (bug 11151) Add descriptive <title> to revision history page 17202* (bug 5412) Add feed links for the site to all pages 17203* (bug 11353) Add ability to retrieve raw section content via action=raw 17204* (bug 6909) Show relevant deletion log lines when uploading a previously 17205 deleted file 17206* On SkinTemplate based skins (like MonoBook), omit confusing "edit"/"view 17207 source" tab entirely if the page doesn't exist and the user isn't allowed to 17208 create it 17209* Clarify instructions given when an exception is thrown 17210* AuthPlugin added strictUserAuth() method to allow per-user override 17211 of the strict() authentication behavior. 17212* (bug 7872) Deleted revisions can now be viewed as diffs showing changes 17213 against the previous revision, whether currently deleted or live. 17214* Added tooltips for the "Go" and "Search" buttons 17215* (bug 11649) Show input form when Special:Whatlinkshere has no parameters 17216* isValidEmailAddr hook added to User method of that name, to allow, e.g., re- 17217 stricting e-mail addresses to a specific domain 17218* Removed "Clear" link in watchlist editor tools, as people were afraid to 17219 click it. Existing clear links will fall back to the raw editor, which is 17220 very easy to clear your watchlist with. 17221* (bug 1405) Add wgUseNPPatrol option to control patroling for new articles 17222 on Special:Newpages 17223* LogLine hook added to allow formatting custom entries in Special:Log. 17224* Support for Iranian calendar 17225* (bug 1401) Allow hiding logged-in users, bots and patrolled pages on 17226 Special:Newpages 17227* ChangesListInsertArticleLink hook added for adding extra article info to RC. 17228* MediaWikiPerformAction hook added for diverting control after the main 17229 globals have been set up but before any actions have been taken. 17230* BeforeWatchlist hook added for filtering or replacing watchlist. 17231* SkinTemplateTabAction hook added for altering the properties of tab links. 17232* OutputPage::getRedirect public method added. 17233* (bug 11848, 12506) Allow URL parameters 'section', 'editintro' and 'preload' 17234 in Special:Mypage and Special:Mytalk 17235* Add ot=raw to Special:Allmessages 17236* Support for Hebrew calendar 17237* Support for Hebrew numerals in dates and times 17238* (bug 11315) Signatures can be configured in [[MediaWiki:Signature]] and 17239 [[MediaWiki:Signature-anon]] 17240* Signatures for anonymous users link to Special:Contributions page rather than 17241 user page 17242* Added --override switch for disabled pages in updateSpecialPages.php 17243* Provide a unique message (ipb_blocked_as_range) if unblock of a single IP 17244 fails 17245 because it is part of a blocked range. 17246* (bug 3973) Use a separate message for the email content when an account is 17247 created by another user 17248* dumpTextPass.php can spawn fetchText.php as a subprocess, which should restart 17249 cleanly if database connections fail unpleasantly. 17250* (bug 12028) Add Special:Listbots as shortcut for Special:Listusers/bot 17251* (bug 9633) Add a predefined list of delete reasons to the deletion form 17252* Show a warning message when creating/editing a user (talk) page but the user 17253 does not exists 17254* (bug 8396) Ignore out-of-date serialised message caches 17255* (bug 12195) Undeleting pages now requires 'undelete' permission 17256* (bug 11810) Localize displayed semicolons 17257* (bug 11657) Support for Thai solar calendar 17258* (bug 943) RSS feed for Recentchangeslinked 17259* Introduced AbortMove hook 17260* (bug 2919) Protection of nonexistent pages with regular protection interface. 17261* Special:Upload now lists permitted/prohibited file extensions. 17262* Split ambiguous filetype-badtype message into two new messages, 17263 filetype-unwanted-type and filetype-banned-type. 17264* Added link to the old title in Special:Movepage 17265* On Special:Movepage, errors are now more noticeable. 17266* It is now possible to change rights on other local wikis without the MakeSysop 17267 extension 17268* Add HTML ID's mw-read-only-warning and mw-anon-edit-warning to warnings when 17269 editing to allow CSS styling. 17270* Parser now returns list of sections 17271* When a user is prohibited from creating a page, a title of "View source" 17272 makes no sense, and there should be no "Return to [[Page]]" link. 17273* (bug 12486) Protected titles now give a warning for privileged editors. 17274* (bug 9939) Special:Search now sets focus to search input box when no existing 17275 search is active 17276* For Special:Userrights, use GET instead of POST to search for users. 17277* Allow subpage syntax for Special:Userrights, i.e., Special:Userrights/Name. 17278* When submitting changes on Special:Userrights, show the full form again, not 17279 just the search box. 17280* Added exception hooks 17281* (bug 12574) Allow bots to specify whether an edit should be marked as a bot 17282 edit, via the parameter 'bot'. (Default: '1') 17283* (bug 12536) User should be able to get MediaWiki version from any page 17284* (bug 12622) A JavaScript constant to declare whether api.php is available 17285* Add caching to the AJAX search 17286* Add APCOND_INGROUPS 17287* Add DBA caching to installer 17288* (bug 12585) Added a bunch of parameters to the revertpage message 17289* Support redirects in image namespace 17290* (bug 10049) Prefix index search and namespaces in Special:Withoutinterwiki 17291* (bug 12668) Support for custom iPhone bookmark icon via $wgAppleTouchIcon 17292* Add option to include templates in Special:Export. 17293* (bug 12655) Added $wgUserEmailUseReplyTo config option to put sender 17294 address in Reply-To instead of From for user-to-user emails. 17295 This protects against SPF problems and privacy-leaking bounce messages 17296 when using mailers that set the envelope sender to the From header value. 17297* (bug 11897) Add alias [[Special:CreateAccount]] & [[Special:Userlogin/signup]] 17298 for Special:Userlogin?type=signup 17299* (bug 12214) Add a predefined list of delete reasons to the file deletion form 17300* Merged backends for OpenSearch suggestions and AJAX search. 17301 Both now accept namespace prefixes, handle 'Media:' and 'Special:' pages, 17302 and reject interwiki prefixes. PrefixSearch class centralizes this code, 17303 and the backend part can be overridden by the PrefixSearchBackend hook. 17304* (bug 10365) Localization of Special:Version 17305* When installing using Postgres, the Pl/Pgsql language is now checked for 17306 and installed when at the superuser level. 17307* The default robot policy for the entire wiki is now configurable via the 17308 $wgDefaultRobotPolicy setting. 17309* (bug 12239) Use different separators for autocomments 17310* (bug 12857) Patrol link on new pages should clear floats 17311* (bug 12968) Render redirect wikilinks in a redirect class for customization 17312 via user/site CSS. 17313* EditPageBeforeEditButtons hook added for altering the edit buttons below the 17314 edit box 17315 17316=== Bug fixes in 1.12 === 17317 17318* Subpages are now indexed for searching properly when using PostgreSQL 17319* (bug 3846) Suppress warnings from, e.g. open_basedir when scanning for 17320 ImageMagick, diff3 et al. during installation [patch by Jan Reininghaus] 17321* (bug 7027) Shift handling of deletion permissions-checking to 17322 getUserPermissionsErrors. 17323* Login and signup forms are now more correct for right-to-left languages. 17324* (bug 5387) Block log items on RecentChanges don't make use of possible 17325 translations 17326* (bug 11211) Pass, as a parameter to the protectedpagetext interface 17327 message, the level of protection. 17328* (bug 9611) Supply the blocker and reason for the cantcreateaccounttext 17329 message. 17330* (bug 8759) Fixed bug where rollback was allowed on protected pages for wikis 17331 where rollback is given to non-sysops. 17332* (bug 8834) Split off permission for editing user JavaScript and CSS from 17333 editinterface to a new permission key editusercssjs. 17334* (bug 11266) Set fallback language for Fulfulde (ff) to French 17335* (bug 11179) Include image version deletion comment in public log 17336* Fixed notice when accessing special page without read permission and whitelist 17337 is not defined 17338* (bug 9252) Fix for tidy funkiness when using editintro mode 17339* (bug 4021) Fix for MySQL wildcard search 17340* (bug 10699) Fix for MySQL phrase search 17341* (bug 11321) Fix width of gallerybox when option "width=xxx" is used 17342* (bug 7890) Special:BrokenRedirects links deleted redirects to a non-existent 17343 page 17344* Fix initial statistics when installing: add correct values 17345* (bug 11342) Fix several 'returnto' links in permissions/error pages which 17346 linked to the main page instead of targetted page 17347* Strike the link to the redirect rather than using an asterisk in 17348 Special:Listredirects 17349* (bug 11355) Fix false positives in Safe Mode and other config detection 17350 when boolean settings are disabled with 'Off' via php_admin_value/php_value 17351* (bug 11292) Fixed unserialize errors with Postgres by creating special Blob 17352 object. 17353* (bug 11363) Make all metadata fields bytea when using Postgres. 17354* (bug 11331) Add buildConcat() and use CASE not IF for DB compatibility. Make 17355 oldimage cascade delete via image table for Postgres, change fa_storage_key 17356 TEXT. 17357* (bug 11438) Live Preview chops returned text 17358* Show the right message on account creation when the user is blocked 17359* (bug 11450) Fix creation of objectcache table on upgrade 17360* Fix namespace selection after submit of Special:Newpages 17361* Make input form of Special:Newpages nicer for RTL wikis 17362* (bug 11462) Fix typo in LanguageGetSpecialPageAliases hook name 17363* (bug 11474) Fix unintentional fall-through in math error handling 17364* (bug 11478) Fix undefined method call in file deletion interface 17365* (bug 278) Search results no longer highlight incorrect partial word matches 17366* Compatibility with incorrectly detected old-style DJVU mime types 17367* (bug 11560) Fix broken HTML output from weird link nesting in edit comments. 17368 Nested links (as in image caption text) still don't work _right_ but they're 17369 less wrong 17370* (bug 9718) Remove unnecessary css from main.css causing spacing issues on 17371 some browsers. 17372* (bug 11574) Add an interface message loginstart, which, similarly to loginend, 17373 appears just before the login form. Patch by MinuteElectron. 17374* Do not cache category pages if using 'from' or 'until' 17375* Created new hook getUserPermissionsErrors, to go with userCan changes. 17376* Diff pages did not properly display css/js pages. 17377* (bug 11620) Add call to User::isValidEmailAddr during accout creation. 17378* (bug 11629) If $wgEmailConfirmToEdit is true, require people to supply an 17379 email address when registering. 17380* (bug 11612) Days to show in recent changes cannot be larger than 7 17381* (bug 11131) Change filearchive width/height columns to int for Postgres 17382* Support plural in undeleted{revisions,revisions-files,files} 17383* (bug 11343) If the database is read-only, ensure that undelete fails. 17384* (bug 11690) Show revert link for page moves in Special:Log to allowed users 17385 only 17386* Initial-lowercase prefix checks in namespaceDupes.php now actually work. 17387* Fix regression in LinkBatch.php breaking PHP 5.0 17388* (bug 11452) wfMsgExt uses sometimes wrong language object for parsing magic 17389 words when called with options ''parsemag'' or ''content''. 17390* (bug 11727) Support plural in 'historysize' message 17391* (bug 11744) Incorrect return value from Title::getParentCategories() 17392* (bug 11762) Fix native language name of Akan (ak) 17393* (bug 11722) Fix inconsistent case in unprotect tabs 17394* (bug 11795) Be more paranoid about confirming accept-encoding header is 17395 present 17396* (bug 11809) Use formatNum() for more numbers 17397* (bug 11818) Fix native language name of Inuktitut (iu) 17398* Remove all commas when parsing float numbers in sorted tables 17399* Limit text field of deletion, protection and user rights changes reasons to 17400 255 characters (already restricted in the database) 17401* In the deletion default reasons, calculate how much text to get from the 17402 article text, rather than getting 150 characters (which may be too much) 17403* Add two messages for Special:Blockme which were used but undefined 17404* (bug 11921) Support plural in message number_of_watching_users_pageview 17405* If an IP address is blocked as part of a rangeblock, attempting to unblock 17406 the single IP should not unblock the entire range. 17407* (bug 6695) Fix native language name of Southern Sotho (Sesotho) (st) 17408* Make action=render follow redirects by default 17409* If restricted read access was enabled, whitelist didn't work with special 17410 pages which had spaces in theirs names 17411* If restricted read access was enabled, requests for non-existing special pages 17412 threw an exception 17413* Feeds for recent changes now provide correct URLs for the change, not just 17414 the page 17415* Check for if IP is blocked as part of a range when unblocking (see above bug- 17416 fix) was faulty. Now fixed. 17417* Fixed wpReason URL parameter to action=delete. 17418* Do not force a password for account creation by email 17419* Ensure that rate-limiting is applied to rollbacks. 17420* Make a better rate-limiting error message (i.e. a normal MW error, 17421 rather than an "Internal Server Error"). 17422* Do not present an image bigger than the source when 'frameless' option is used 17423 (to be consistent with the 'thumb' option now) 17424* Support {{PLURAL}} for import log 17425* Make sure that the correct log entries are shown on Special:Userrights even 17426 for users with special characters in their names 17427* The number of watching users in watchlists was always reported as 1 17428* namespaceDupes.php no longer dies when coming across an illegal title 17429* (bug 12143) Do not show a link to patrol new pages for non existent pages 17430* (bug 12166) Fix XHTML validity for Special:Emailuser 17431* (bug 11346) Users who cannot edit a page can now no longer unprotect it. 17432* (bug 451) Add a generic Traditional / Simplified Chinese conversion table, 17433 instead of a Traditional conversion with Taiwan variant, and a Simplified 17434 conversion with China variant. 17435* (bug 12178) Fix wpReason parameter to action=delete, again. 17436* Graceful behavior for updateRestrictions.php if a page already has records 17437 in the page_restrictions matching its old page_restrictions field. 17438 May help with odd upgrade issues or race condition. 17439* (bug 11993) Remove contentsub "revision history" 17440* (bug 11952) Ensure we quote_ident() all schema names as needed 17441 inside of the DatabasePostgres.php file. 17442* (bug 12184) Exceptions now sent to stderr instead of stdout for command-line 17443 scripts, making for cleaner reporting during batch jobs. PHP errors will also 17444 be redirected in most cases on PHP 5.2.4 and later, switching 'display_errors' 17445 to 'stderr' at runtime. 17446* (bug 12148) Text highlight wasn't applied to cleanly deleted and added 17447 lines in diff output 17448* (bug 10166) Fix a PHP warning in Language::getMagic 17449* Only mark rollback edits as minor if the user can normally mark edits minor 17450* Escape page names in the move successful page (e.g. for pages with two 17451 apostrophes). 17452* (bug 12145) Add localized names of kk-variants 17453* (bug 12259) Localize the numbers in deleted pages on the sysop view 17454* Set proper page title for successful file deletion 17455* (bug 11221) Do not show 'Compare selected versions' button for a history page 17456 with one revision only 17457* (bug 12267) Set the default date format to Thai solar calender for the Thai 17458 language 17459* (bug 10184) Extensions' stylesheets and scripts should be loaded before 17460 user-customized ones (like Common.css, Common.js) 17461* (bug 12283) Special:Newpages forgets parameters 17462* (bug 12031) All namespaces doesn't work in Special:Newpages 17463* (bug 585) Only create searchindex replica table for parser tests if db is 17464 MySQL 17465* Allow --record option if parserTests.php to work when using Postgres 17466* (bug 12296) Simplify cache epoch in default LocalSettings.php 17467* (bug 12346) XML fix when body double-click and click handlers are present 17468* Fix regression -- missing feed links in sidebar on Special:Recentchanges 17469* (bug 12371) Handle more namespace case variants in namespaceDupes.php 17470* (bug 12380) Bot-friendly EditPage::spamPage 17471* (bug 8066) Spaces can't be entered in special page aliases 17472* Hide undo link if user can't edit article 17473* (bug 12416) Fix password setting for createAndPromote.php 17474* (bug 3097) Inconsistently usable titles containing HTML character entities 17475 are now forbidden. A run of cleanupTitles.php will fix up existing pages. 17476* (bug 12446) Permissions check fix for undelete link 17477* (bug 12451) AJAX title normalization tweaks 17478* When a user creating a page is not allowed to either create the page nor edit 17479 it, all applicable reasons are now shown. 17480* (bug 11428) Allow $wgScript inside $wgArticlePath when emulating PATH_INFO 17481 Fixes 'root'-style rewrite configurations 17482* (bug 12493) Removed hardcoded MAX_FILE_SIZE from Special:Import upload form 17483* (bug 12489) Special:Userrights listed in restricted section again 17484* (bug 12553) Fixed invalid XHTML in edit conflict screen 17485* (bug 12505) Fixed section=0 with action=raw 17486* (bug 12614) Do not log user rights change that didn't change anything 17487* (bug 12584) Don't reset cl_timestamp when auto-updating sort key on move 17488* (bug 12588) Fix selection in namespace selector on Special:Newpages 17489* Use only default options when generating RSS and Atom syndication links. 17490 This should help prevent infinite link loops that some software may follow, 17491 and will generally keep feed behavior cleaner. 17492* (bug 12608) Unifying the spelling of getDBkey() in the code. 17493* (bug 12611) Bot flag ignored in recent changes 17494* (bug 12617) Decimal and thousands separators for Romanian 17495* (bug 12567) Fix for misformatted read-only messages on edit, protect. 17496 Also added proper read-only checks to several special pages. 17497 Have removed read-only checks from the general user permission framework. 17498* Creating a site with a name containing '#' is no longer permitted, since the 17499 name will not work (but $wgSiteName is not checked if manually set). 17500* (bug 12695) Suppress dvips verbiage from web server error log 17501* (bug 12716) Unprotecting a non-protected page leaves a log entry 17502* Log username blocks with canonical form of name instead of input form 17503* (bug 11593, 12719) Fixes for overzealous invocation of thumb.php. 17504 Non-image handlers and full-size images may now decline it, fixing 17505 mystery failures when using $wgThumbnailScriptPath. 17506* (bug 12327) Comma in username no longer disrupts mail headers 17507* (bug 6436) Localization of Special:Import XML parser Error message(s). 17508* Security fix for API on MSIE 17509* (bug 12768) Database query syntax error in maintenance/storage/compressOld.inc 17510* (bug 12753) Empty captions in MediaWiki:Sidebar result in PHP errors 17511* (bug 12790) Page protection is not logged when edit-protection is used 17512 and move-protection is not 17513* (bug 12793) Fix for restricted namespaces/pages in Special:Export 17514* Fix for Special:Export so it doesn't ignore the page named '0' 17515* Don't display rollback link if the user doesn't have all required permissions 17516* The comment of a time-limited protection now contains the date in the default 17517 format 17518* (bug 12880) wfLoadExtensionMessages does not use $fallback from MessagesXx.php 17519* (bug 12885) Correction for Russian convertPlural function 17520* (bug 12768) Make DatabasePostgres->hasContraint() schema aware. 17521* (bug 12735) Truncate usernames in comments using mb_ functions. 17522* (bug 12892) Poor tab indexing on "delete file" form 17523* (bug 12660) When creating an account by e-mail, do not send the creator's IP 17524 address 17525* (bug 12931) Fix wrong global variable in SpecialVersion 17526* (bug 12919) Use 'deletedrevision' message as content when deleting an old file 17527 version 17528* (bug 12952) Using Nosuchusershort instead of Nosuchuser when account creation 17529 is disabled 17530* (bug 12869) Magnify icon alignment should be adjusted using linked CSS 17531* Fixing message cache updates for MediaWiki messages moves 17532* (bug 12815) Signature timestamps were always in UTC, even if the timezone code 17533 in parentheses after them claimed otherwise 17534* (bug 12732) Fix installer and searching to handle built-in tsearch2 for 17535 Postgres. 17536* (bug 12784) Change "bool" types to smallint to handle Postgres 8.3 strictness. 17537* (bug 12301) Allow maintenance/findhooks.php to search hooks in multiple 17538 directories. 17539* (bug 7681, 11559) Cookie values no longer override GET and POST variables. 17540* (bug 5262) Fully-qualified $wgStylePath no longer corrupted on XML feeds 17541* (bug 3269) Inaccessible titles ending in '/.' or '/..' now forbidden. 17542* (bug 12935, 12981) Fully-qualify archive URLs in delete, revert messages 17543* (bug 12938) Fix template expansion and 404 returns for action=raw with section 17544* (bug 11567) Fix error checking for PEAR::Mail. UserMailer::send() now returns 17545 true-or-WikiError, which seems to be the calling convention expected by half 17546 its callers already 17547* (bug 12846) IE rtl.css issue in RTL wikis special:Preferences when selecting 17548 an LTR user language 17549* (bug 13005) DISPLAYTITLE does not work on preview 17550* (bug 13004) Fix error on Postgres searches that return too many results. 17551 17552== Parser changes in 1.12 == 17553 17554For help with migration to the MediaWiki 1.12 parser, please visit: 17555 17556http://meta.wikimedia.org/wiki/Migration_to_the_new_preprocessor 17557 17558The parser pass order has changed from 17559 17560 * Extension tag strip and render 17561 * HTML normalisation and security 17562 * Template expansion 17563 * Main section... 17564 17565to 17566 17567 * Template and extension tag parse to intermediate representation 17568 * Template expansion and extension rendering 17569 * HTML normalisation and security 17570 * Main section... 17571 17572The main effect of this for the user is that the rules for uncovered syntax 17573have changed. 17574 17575Uncovered main-pass syntax, such as HTML tags, are now generally valid, whereas 17576previously in some cases they were escaped. For example, you could have "<ta" in 17577one template, and "ble>" in another template, and put them together to make a 17578valid <table> tag. Previously the result would have been "<table>". 17579 17580Uncovered preprocessor syntax is generally not recognised. For example, if you 17581have "{{a" in Template:A and "b}}" in Template:B, then "{{a}}{{b}}" will be 17582converted to a literal "{{ab}}" rather than the contents of Template:Ab. This 17583was the case previously in HTML output mode, and is now uniformly the case in 17584the other modes as well. HTML-style comments uncovered by template expansion 17585will not be recognised by the preprocessor and hence will not prevent template 17586expansion within them, but they will be stripped by the following HTML security 17587pass. 17588 17589Bug 5678 has been fixed. This has a number of user-visible effects related to 17590the removal of this double-parse. Please see the wiki page for examples. 17591 17592Message transformation mode has been removed, and replaced with "preprocess" 17593mode. This means that some MediaWiki namespace messages may need to be updated, 17594especially ones which took advantage of the terribly counterintuitive behavior 17595of the former message mode. 17596 17597The header identification routines for section edit and for numbering section 17598edit links have been merged. This removes a significant failure mode and fixes a 17599whole category of bugs (tracked by bug #4899). Wikitext headings uncovered by 17600template expansion will still be rendered into a heading tag, and will get an 17601entry in the TOC, but will not have a section edit link. HTML-style headings 17602will also not have a section edit link. Valid wikitext headings present in the 17603template source text will get a template section edit link. This is a major 17604break from previous behavior, but I believe the effects are almost entirely 17605beneficial. 17606 17607The main motivation for making these changes was performance. The new two-pass 17608preprocessor can skip "dead branches" in template expansion, such as unfollowed 17609#switch cases and unused defaults for template arguments. This provides a 17610significant performance improvement in template-heavy test cases taken from 17611Wikipedia. Parser function hooks can participate in this performance improvement 17612by using the new SFH_OBJECT_ARGS flag during registration. 17613 17614The pre-expand include size limit has been removed, since there's no efficient 17615way to calculate such a figure, and it would now be meaningless for performance 17616anyway. The "preprocessor node count" takes its place, with a generous default 17617limit. 17618 17619The context in which XML-style extension tags are called has changed, so 17620extensions which make use of the parser state may need compatibility changes. 17621 17622The new preprocessor syntax has been documented in Backus-Naur Form at: 17623 17624https://www.mediawiki.org/wiki/Preprocessor_ABNF 17625 17626The ExpandTemplates extension now has the ability to generate an XML parse 17627tree from wikitext source. This parse tree corresponds closely to the grammar 17628documented on that page. 17629 17630=== API changes in 1.12 === 17631 17632Full API documentation is available at https://www.mediawiki.org/wiki/API 17633 17634* (bug 11275) Enable descending sort in categorymembers 17635* (bug 11308) Allow the API to output the image metadata 17636* (bug 11296) Temporary fix for escaping of ampersands inside links in 17637 pretty-printed 17638 help document. 17639* (bug 11405) Expand templates implementation in the API 17640* (bug 11218) Add option to feedwatchlist to display multiple revisions for each 17641 page. 17642* (bug 11404) Provide name of exception caught in error code field of internal 17643 api error messages. 17644* (bug 11534) rvendid doesn't work 17645* Fixed rvlimit of the revisions query to only enforce the lower query limit if 17646 revision content is requested. 17647* Include svn revision number (if install is checked-out from svn) in siteinfo 17648 query. 17649* (bug 11173) Allow limited wikicode rendering via api.php 17650* (bug 11572) API should provide interface for expanding templates 17651* (bug 11569) Login should return the cookie prefix 17652* (bug 11632) Breaking change: Specify the type of a change in the recentchanges 17653 list as 'edit', 'new', 'log' instead of 0, 1, 2, respectively. 17654* Compatibility fix for PHP 5.0.x. 17655* Add rctype parameter to list=recentchanges that filters by type 17656* Add apprtype and apprlevel parameters to filter list=allpages by protection 17657 types and levels 17658* Add apdir parameter to enable listing all pages from Z to A 17659* (bug 11721) Use a different title for results than for the help page. 17660* (bug 11562) Added a user_registration parameter/field to the list=allusers 17661 query. 17662* (bug 11588) Preserve document structure for empty dataset in backlinks query. 17663* Outputting list of all user preferences rather than having to request them by 17664 name 17665* (bug 11206) api.php should honor maxlag 17666* Make prop=info check for restrictions in the old format too. 17667* Add apihighlimits permission, default for sysops and bots 17668* Add limit=max to use maximal limit 17669* Add action=parse to render parser output. Use it instead of action=render 17670 which has been removed 17671* Add rvtoken=rollback to prop=revisions 17672* Add meta=allmessages to get messages from site's messages cache. 17673* Use bold and italics highlighting only in API help 17674* Added action={block,delete,move,protect,rollback,unblock,undelete} and 17675 list={blocks,deletedrevs} 17676* Fixed sessionid attribute in action=login 17677* Standardized limits. Revisions and Deletedrevisions formerly using 17678 200 / 10000, now 500 / 5000, in line with other modules. 17679* Added list=allcategories module 17680* (bug 12321) API list=blocks reveals private data 17681* Fix output of wfSajaxSearch 17682* (bug 12413) meta=userinfo missing <query> tag 17683* Add list of sections to action=parse output 17684* Added action=logout 17685* Added cascade flag to prop=info&inprop=protections 17686* Added wlshow parameter to list=watchlist, similar to rcshow 17687 (list=recentchanges) 17688* Added support for image thumbnailing to prop=imageinfo 17689* action={login,block,delete,move,protect,rollback,unblock,undelete} now must be 17690 POSTed 17691* prop=imageinfo interface changed: iihistory replaced by iilimit, iistart and 17692 iiend parameters 17693* Added amlang parameter to meta=allmessages 17694* Added apfilterlanglinks parameter to list=allpages, replacing 17695 query.php?what=nolanglinks 17696* (bug 12718) Added action=paraminfo module that provides information about API 17697 modules and their parameters 17698* Added iiurlwidth and iiurlheight parameters to prop=imageinfo 17699* Added format=txt and format=dbg, imported from query.php 17700* Added uiprop=editcount to meta=userinfo 17701* Added list=users which fetches user information 17702* Added list=random which fetches a list of random pages 17703* Added page parameter to action=parse to facilitate parsing of existing pages 17704* Added uiprop=ratelimits to meta=userinfo 17705* Added siprop=namespacealiases to meta=siteinfo 17706* Made multiple values for ucuser possible in list=usercontribs 17707* (bug 12944) Added cmstart and cmend parameters to list=categorymembers 17708* Allow queries to have a where range that does not match the range field 17709 17710== MediaWiki 1.11 == 17711 17712== MediaWiki 1.11.2 == 17713 17714March 2, 2008 17715 17716This is a security release of the Fall 2007 snapshot release of MediaWiki. 17717Possible cross-site information leaks using the callback parameter for 17718JSON-formatted results in the API are prevented by dropping user credentials. 17719 17720MediaWiki release versions prior to 1.11 are not vulnerable, as they do not 17721include the callback feature which allows client-side JavaScript on other sites 17722to reach API data. 17723 17724Changes in this release: 17725 17726* User credentials are dropped for API JSON requests using a callback 17727* Edit tokens are not reported for API JSON requests using a callback 17728 17729== MediaWiki 1.11.1 == 17730 17731January 23, 2008 17732 17733This is a security and bugfix release of the Fall 2007 snapshot release of 17734 MediaWiki. A potential XSS injection vector affecting api.php only for 17735 Microsoft Internet Explorer users has been closed. 17736 17737Changes in this release: 17738* (bug [[bugzilla:11450|11450]]) Fix creation of objectcache table on upgrade 17739* (bug [[bugzilla:11462|11462]]) Fix typo in LanguageGetSpecialPageAliases hook 17740name 17741* Fix regression in LinkBatch.php breaking PHP 5.0 17742* Security fix for API on MSIE 17743 17744To work around the vulnerability without upgrading, you may disable the API if 17745you don't need it: 17746:[[Manual:$wgEnableAPI|$wgEnableAPI]] = false; 17747 17748Not vulnerable versions: 17749* 1.12 or later 17750* 1.11 >= 1.11.1 17751* 1.10 >= 1.10.3 17752* 1.9 >= 1.9.5 17753* 1.8 any version (if $wgEnableAPI has been left off) 17754 17755Vulnerable versions: 17756* 1.11 <= 1.11.0rc1 17757* 1.10 <= 1.10.2 17758* 1.9 <= 1.9.4 17759* 1.8 any version (if $wgEnableAPI has been switched on) 17760 17761MediaWiki 1.7 and below are not affected as they do not include the API 17762functionality, however the BotQuery extension is similarly vulnerable unless 17763updated to the latest SVN version. 17764 17765== MediaWiki 1.11.0 == 17766 17767September 10, 2007 17768 17769This is the Fall 2007 snapshot release of MediaWiki. 17770 17771MediaWiki is now using a "continuous integration" development model with 17772quarterly snapshot releases. The latest development code is always kept "ready 17773to run", and in fact runs our own sites on Wikipedia. 17774 17775Release branches will continue to receive security updates for about a year 17776from first release, but nonessential bugfixes and feature developments will be 17777made on the development trunk and appear in the next quarterly release. 17778 17779Those wishing to use the latest code instead of a branch release can obtain it 17780from source control: [[Download from SVN]] 17781 17782This is the Summer 2007 branch release of MediaWiki. 17783 17784MediaWiki is now using a "continuous integration" development model with 17785quarterly snapshot releases. The latest development code is always kept 17786"ready to run", and in fact runs our own sites on Wikipedia. 17787 17788Release branches will continue to receive security updates for about a year 17789from first release, but nonessential bugfixes and feature developments 17790will be made on the development trunk and appear in the next quarterly release. 17791 17792Those wishing to use the latest code instead of a branch release can obtain 17793it from source control: https://www.mediawiki.org/wiki/Download_from_SVN 17794 17795== Changes since 1.11.0rc1 == 17796 17797A possible HTML/XSS injection vector in the API pretty-printing mode has been 17798found and fixed. 17799 17800The vulnerability may be worked around in an unfixed version by simply 17801disabling the API interface if it is not in use, by adding this to 17802[[Manual:LocalSettings.php|LocalSettings.php]]:<br /> 17803<code>[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;</code> <br /> 17804(This is the default setting in 1.8.x.) 17805 17806Not vulnerable versions: 17807* 1.11 >= 1.11.0 17808* 1.10 >= 1.10.2 17809* 1.9 >= 1.9.4 17810* 1.8 >= 1.8.5 17811 17812Vulnerable versions: 17813* 1.11 <= 1.11.0rc1 17814* 1.10 <= 1.10.1 17815* 1.9 <= 1.9.3 17816* 1.8 <= 1.8.4 (if [[Manual:$wgEnableAPI|$wgEnableAPI]] has been switched on) 17817 17818MediaWiki 1.7 and below are not affected as they do not include the faulty 17819function, however the [[Extension:BotQuery|BotQuery extension]] is similarly 17820vulnerable unless updated to the latest SVN version. 17821 17822== Configuration changes since 1.10 == 17823 17824* $wgThumbUpright - Adjust width of upright images when parameter 'upright' is 17825 used 17826* $wgAddGroups, $wgRemoveGroups - Finer control over who can assign which 17827 usergroups 17828* $wgEnotifImpersonal, $wgEnotifUseJobQ - Bulk mail options for large sites 17829* $wgShowHostnames - Expose server host names through the API and HTML comments 17830* $wgSaveDeletedFiles has been removed, the feature is now enabled 17831unconditionally 17832 17833== New features since 1.10 == 17834 17835* (bug 8868) Separate "blocked" message for autoblocks 17836* Adding expiry of block to block messages 17837* Links to redirect pages in categories are wrapped in 17838 <span class="redirect-in-category"></span> 17839* Introduced 'ImageOpenShowImageInlineBefore' hook; see docs/hooks.txt for 17840 more information 17841* (bug 9628) Show warnings about slave lag on Special:Contributions, 17842 Special:Watchlist 17843* (bug 8818) Expose "wpDestFile" as parameter $1 to "uploaddisabledtext" 17844* Introducing new image keyword 'upright' and corresponding variable 17845 $wgThumbUpright. This allows better proportional view of upright images 17846 related to landscape images on a page without nailing the width of upright 17847 images to a fix value which makes views for anon unproportional and user 17848 preferences useless 17849* (bug 6072) Introducing 'border' keyword to the [[Image:]] syntax 17850* Introducing 'frameless' keyword to [[Image:]] syntax which respects the 17851 user preferences for image width like 'thumb' but without a frame. 17852* (bug 7960) Link to "what links here" for each "what links here" entry 17853* Added support for configuration of an arbitrary number of commons-style 17854 file repositories. 17855* Added a Content-Disposition header to thumb.php output 17856* Improved thumb.php error handling 17857* Display file history on local image description pages of shared images 17858* Added $wgArticleRobotPolicies 17859* (bug 10076) Additional parameter $7 added to MediaWiki:Blockedtext 17860 containing, the ip, ip range, or username whose block is affecting the 17861* (bug 7691) Show relevant lines from the deletion log when re-creating a 17862 previously deleted article 17863* Added variables 'wgRestrictionEdit' and 'wgRestrictionMove' for JS to header 17864* (bug 9898) Allow viewing all namespaces in Special:Newpages 17865* (bug 10139) Introduce 'EditSectionLink' and 'EditSectionLinkForOther' hooks; 17866 see docs/hooks.txt for details 17867* (bug 9769) Provide "watch this page" toggle on protection form 17868* (bug 9886) Provide clear example "stub link" in Special:Preferences 17869* (bug 10055) Populate email address and real name properties of User objects 17870 passed to the 'AbortNewAccount' hook 17871* Show result of Special:Booksources in wiki content language always, it's 17872 normally better maintained than the generic list from the standard message 17873 files 17874* (bug 7997) Allow users to be blocked from using Special:Emailuser 17875* (bug 8989) Blacklist 'mhtml' and 'mht' files from upload 17876* (bug 8760) Allow wiki links in "protectexpiry" message 17877* (bug 5908) Add "DEFAULTSORTKEY" and "DEFAULTCATEGORYSORT" aliases for 17878 "DEFAULTSORT" magic word 17879* (bug 10181) Support the XCache object caching mechanism 17880* (bug 9058) Introduce '--aconf' option for all maintenance scripts, to provide 17881 a path to the AdminSettings.php file 17882* (bug 8781) Remind users to check file permissions for LocalSettings.php 17883 post-installation 17884* Use shared.css for all skins and oldshared.css in place of common.css for 17885 pre-Monobook skins. As always, modifications should go in-wiki to MediaWiki: 17886 Common.css and MediaWiki:Monobook.css. 17887* (bug 8869) Introduce Special:Uncategorizedtemplates 17888* (bug 8734) Different log message when article protection level is changed 17889* (bug 8458, 10338) Limit custom signature length to $wgMaxSigChars Unicode 17890 characters 17891* (bug 10096) Added an ability to query interwiki map table 17892* On reupload, add a null revision to the image description page 17893* Group log output by date 17894* Kurdish interface latin/arabic writing system with transliteration 17895* Support wiki text in all query page headers 17896* Add 'Orphanedpages' as an alias to Special:Lonelypages 17897* (bug 9328) Use "revision-info-current" message in place of "revision-info" 17898 when viewing the current revision of a page, if available 17899* (bug 8890) Enable wiki text for "license" message 17900* Throw a showstopper exception when a hook function fails to return a value. 17901 Forgetting to give a 'true' return value is a very common error which tends 17902 to cause hard-to-track-down interactions between extensions. 17903* Use $wgJobClasses to determine the correct Job to instantiate for a particular 17904 queued task; allows extensions to introduce custom jobs 17905* (bug 10326) AJAX-based page watching and unwatching has been cleaned up and 17906 enabled by default. 17907* Added option to install to MyISAM 17908* (bug 9250) Remove hardcoded minimum image name length of three characters 17909* Fixed DISPLAYTITLE behavior to reject titles which don't normalise to the 17910 same title as the current page, and enabled per default 17911* Wrap site CSS and JavaScript in a <pre> tag, like user JS/CSS 17912* (bug 10196) Add classes and dir="ltr" to the <pre>s on CSS and JS pages (new 17913 classes: mw-code, mw-css, mw-js) 17914* (bug 6711) Add $wgAddGroups and $wgRemoveGroups to allow finer control over 17915 usergroup assignment. 17916* Introduce 'UserEffectiveGroups' hook; see docs/hooks.txt for more information 17917* (bug 10387) Detect and handle '.php5' extension environments at install time 17918* Introduce 'ShowRawCssJs' hook; see docs/hooks.txt for more information 17919* (bug 10404) Show rights log for the selected user in Special:Userrights 17920* New javascript for upload page that will show a warning if a file with the 17921 "destination filename" already exists. 17922* Add 'editsection-brackets' message to allow localization (or removal) of the 17923 brackets in the "[edit]" link for sections 17924* (bug 10437) Move texvc styling to shared.css 17925* Introduce "raw editing" mode for the watchlist, to allow bulk additions, 17926 removals, and convenient exporting of watchlist contents 17927* Show "undo" links in page histories 17928* Option to jump to specified time period in user contributions 17929* Improved feedback on "rollback success" page 17930* Show distinct 'namespaceprotected' message to users when namespace protection 17931 prevents page editing 17932* (bug 9936) Per-edit suppression of preview-on-first edit with "preview=no" 17933* Allow showing a one-off preview on first edit with "preview=yes" 17934* (bug 9151) Remove timed redirects on "Return to X" pages for accessibility. 17935* Link to user logs in toolbox when viewing a user page 17936* (bug 10508) Allow HTML attributes on <gallery> 17937* (bug 1962) Allow HTML attributes on <math> 17938* (bug 10530) Introduce optional "sp-contributions-explain" message for 17939 additional explanation in Special:Contributions 17940* (bug 10520) Preview licences during upload via AJAX (toggle with 17941 $wgAjaxLicensePreview) 17942* New Parser::setTransparentTagHook for parser extension and template 17943 compatibility 17944* Introduced 'ContributionsToolLinks' hook; see docs/hooks.txt for more 17945 information 17946* Add a message if category is empty 17947* Add CSS compatibility for Opera 9.5 17948* Remove largely untested handheld stylesheet, which was causing more trouble 17949 than good. Proper handheld support will be added at a future date. For now, 17950 display should be acceptable either with CSS turned off or when using a so- 17951 phisticated handheld browser. 17952* (bug 3173) Option to offer exported pages as a download, rather than 17953 displaying inline, as in most browsers 17954* Pass the user as an argument to 'isValidPassword' hook callbacks; see 17955 docs/hooks.txt for more information 17956* Introduce 'UserGetRights' hook; see docs/hooks.txt for more information 17957* (bug 9595) Pass new Revision to the 'ArticleInsertComplete' and 17958 'ArticleSaveComplete' hooks; see docs/hooks.txt for more information 17959* (bug 9575) Accept upload description from GET parameters 17960* Skip the difference engine cache when 'action=purge' is used while requesting 17961 a difference page, to allow refreshing the cache in case of errors 17962* (bug 10701) Link to Special:Listusers in default Special:Statistics messages 17963* Improved file history presentation 17964* (bug 10739) Users can now enter comments when reverting files 17965* Improved handling of permissions errors 17966* (bug 10793) "Mark patrolled" links will now be shown for users with 17967 patrol permissions on all eligible diff pages 17968* (bug 10655) Show standard tool links for blocked users in block log messages 17969* Show standard tool links for blocked users in Special:Ipblocklist 17970* Miscellaneous aesthetic improvements to Special:Ipblocklist 17971* (bug 10826) Added link trail with Cyrillic characters for Mongolian language 17972* (bug 10859) Introduce 'UserGetImplicitGroups' hook; see docs/hooks.txt for 17973 more information 17974* (bug 10832) Include user information when viewing a deleted revision 17975* (bug 10872) Fall back to sane defaults when generating protection selector 17976 labels for custom restriction levels 17977* Show edit count in user preferences 17978* Improved support for audio/video extensions 17979* (bug 10937) Distinguish overwritten files in upload log 17980* Introduce 'ArticleUpdateBeforeRedirect' hook; see docs/hooks.txt for more 17981 information 17982* Confirmation is now required when deleting old versions of files 17983* (bug 7535) Users can now enter comments when deleting old versions of files 17984* (bug 11001) Submit Special:Newpages as a GET, rather than a POST request 17985* The <strong></strong> around links to watched pages in change lists now 17986 has a class - "mw-watched" 17987* (bug 9002) Provide a "view/restore deleted edits" link on Special:Upload 17988 when a destination filename is provided that corresponds with previous 17989 deleted files 17990* Make the "invalid special page" message clearer 17991* Add accesskey 's' and tooltip to 'upload file' button at Special:Upload 17992* Introduced 'SkinAfterBottomScripts' hook; see docs/hooks.txt for 17993 more information 17994* (bug 11095) Honour "preview on first edit" preference when preloading 17995 text for a non-existent page 17996* (bug 11022) Use a more accurate page title for Special:Whatlinkshere and 17997 Special:Recentchangeslinked 17998* Add link to user contributions in normal watchlist edit mode 17999* (bug 9426) Add 'newsectionheaderdefaultlevel' message to allow 18000 modification of the heading formatting for new sections when section=new 18001 argument is supplied 18002* (bug 10836) Add 'newsectionsummary' message to allow modification of the 18003 text that prefixes a new section link in Recent Changes 18004 18005== Bugfixes since 1.10 == 18006 18007* (bug 9712) Use Arabic comma in date/time formats for Arabic and Farsi 18008* (bug 9670) Follow redirects when render edit section links to transcluded 18009 templates. 18010* (bug 6204) Fix incorrect unindentation with $wgMaxTocLevel 18011* (bug 3431) Suppress "next page" link in Special:Search at end of results 18012* Don't show unblock form if the user doesn't have permission to use it 18013 (cosmetic change, no vulnerabilities existed) 18014* Subtitle success message when unblocking a block ID instead of a pseudo link 18015 like [[User:#123|#123]] 18016* Use the standard HTTP fetch functions when retrieving remote wiki pages 18017 through transwiki, so we can take advantage of cURL goodies if available 18018* Disable user JavaScript on Special:Userlogin, Special:Resetpass and 18019 Special:Preferences, to avoid a compromised script sniffing passwords, etc. 18020* (bug 9854, 3770) Clip overflow text in gallery boxes for visual cleanliness 18021 instead of letting it flow outside the box or trigger ugly scroll bars. 18022* Tooltips for print version and permalink 18023* Links to the MediaWiki namespace for system messages having their default 18024 values are no longer shown as nonexistent (e.g., in red) 18025* Special:Ipblocklist differentiates between empty list and no search results. 18026* (bug 5375) profiling does not respect read-only mode. 18027* (bug 7070) monobook/user.gif has antialias artifacts 18028* (bug 9123) Safer way when applying $wgLocalTZoffset 18029* (bug 9896) Documentation for $wgSquidServers and X-FORWARDED-FOR 18030* (bug 9417) Uploading new versions of images when using Postgres no longer 18031 throws warnings. 18032* (bug 9908) Using tsearch2 with Postgres 8.1 no longer gives an error. 18033* (bug 1438) Fix for diff table layout on very wide lines. 18034 Diff style rules have been broken out to common/diff.css, 18035 and the dupes removed from the default skin files. 18036 Skins can still override the default rules. 18037* (bug 1229) Balance columns in diff display evenly 18038* Right-align diff line numbers in RTL language display 18039* (bug 9332) Fix instructions in tests/README 18040* (bug 9813) Reject usernames containing '#' to avoid silent truncation 18041 of fragments during the normalisation process 18042* (bug 7989) RSS feeds content now use black text when using white background. 18043* (bug 9971) Typo in a french language message. 18044* (bug 9973) Changed size was shown in advanced recentchanges collapsible items 18045 with $wgRCShowChangedSized = false. 18046* Fix PHP strict standards warning in enhanced recent changes. 18047* (bug 5850) Added hexadecimal html entities comments for $digitTransformTable 18048 entries. 18049* (bug 7432) Change language name for Aromanian (roa-rup) 18050* (bug 908) Unexistent special pages now generate a red link. 18051* (bug 7899) Added \hline and \vline to the list of allowed TeX commands 18052* (bug 7993) support mathematical symbol classes 18053* (bug 10007) Allow Block IP to work with Postgrs again. 18054* Add Google Wireless Transcoder to the Unicode editing blacklist 18055* (bug 10083) Fix for Special:Version breakage on PHP 5.2 with some hooks 18056* (bug 3624) TeX: \ker, \hom, \arg, \dim treated like \sin & \cos 18057* (bug 10132, 10134) Restore back-compatibility Image::imageUrl() function 18058* (bug 10113) Fix double-click for view source on protected pages 18059* (bug 10117) Special:Wantedpages doesn't handle invalid titles in result 18060 set [now prints out a warning] 18061* (bug 10118) Introduced Special:Mostlinkedtemplates, report which lists 18062 templates with a high number of inclusion links 18063* (bug 10104) Fixed Database::getLag() for PostgreSQL and Oracle 18064* (bug 9820) session.save_path check no longer halts installation, but 18065 warns of possible bad values 18066* (bug 9978) Fixed session.save_path validation when using extended 18067 configuration format, e.g. "5;/tmp" 18068* Don't generate a diff link in the patrol log if the page doesn't exist 18069* (bug 10067) Translations for former skins removed from message files 18070* (bug 9993) Force $wgShowExceptionDetails on during installation 18071* (bug 9980) Validate administrator username and password during 18072 installation 18073* (bug 9383) Don't set a default value for BLOB column in rc-deleted 18074 database patch 18075* (bug 10149) Don't show full template list on section-0 edit 18076* (bug 9909) Ensure access to binary fields in the math table use encodeBlob() 18077 and decodeBlob() 18078* (bug 6743) Don't link broken image links to the upload form when uploads 18079 are disabled 18080* (bug 9679) Improve documentation for $wgSiteNotice 18081* (bug 10215) Show custom editing introduction when editing existing pages 18082* (bug 10223) Fix edit link in noarticletext localizations for fr, oc 18083* (bug 10247) Fix IP address regex to avoid false positive IPv6 matches 18084* (bug 9948) Workaround for diff regression with old Mozilla versions 18085* (bug 10265) Fix regression in category image gallery paging 18086* (bug 8577) Fix some weird misapplications of time zones. 18087 {{CURRENT*}} functions now consistently use UTC as intended, while 18088 {{LOCAL*}} functions return local time per server config or $wgLocaltimezone. 18089 Signature dates for Japanese and other languages including weekday now show 18090 the correct day to match the rest of the time in local time. 18091* Escape the output of magic variables that return page name or part of it 18092* (bug 10309) Initialise parser state properly in extractSections(), fixes 18093 some cases where section edits broke because tags were improperly stripped 18094* Avoid PHP notice errors when doing HTTP proxy purges for an empty list 18095* As intended, *skip* the HTTP proxy purges when doing HTCP purges 18096* (bug 9696) Fix handling of brace transformations in "pagemovedtext" 18097* (bug 10325) Fix regression in form action on Special:Listusers 18098* Fixed installation on MyISAM or old InnoDB with charset=utf8, was giving 18099 overlong key errors. 18100* Fixed zero-padding issues with MySQL 5 binary schema 18101* (bug 10344) Don't follow a redirect after changing its protection level 18102* (bug 10333) Correct date format in Slovenian 18103* (bug 10160) Show error message for unknown namespace on Special:Allpages and 18104 Special:Prefixindex; making forms prettier for RTL wikis. 18105* (bug 10334) Replace normal spaces before percent (%) signs with non-breaking 18106 spaces 18107* (bug 10372) namespaceDupes.php no longer ignores namespace aliases 18108* (bug 10198) namespaceDupes.php no longer ignores interwiki prefixes 18109* namespaceDupes.php should work better for initial-lowercase wikis 18110* (bug 10377) "Permanent links" to revisions still work if the page is moved 18111 and the redirect deleted 18112* (bug 7071) Properly handle an 'oldid' passed to view or edit that doesn't 18113 match the given title. Fixes inconsistencies with talk, history, edit links. 18114* (bug 10397) Fix AJAX watch error fallback when we receive a bogus result 18115* (bug 10396) Fix AJAX error when $wgScriptPath/index.php is not valid; 18116 using $wgScript now included in JS info 18117* Use native XMLHttpRequest class in preference to ActiveX on IE 7; this 18118 avoids the "ActiveX "Do you want to allow ActiveX?" prompt when something 18119 security settings are cranked this way and AJAX-y gets used. 18120* Delay AJAX watch initialization until click so IE 6 with ugly security 18121 settings doesn't prompt you until you use the link. 18122* (bug 10401) Provide non-redirecting link to original title in Special:Movepage 18123* Fix broken handling of log views for page titles consisting of one 18124 or more zeros, e.g. "0", "00" etc. 18125* Fix read permission check for special pages with subpage parameters, e.g. 18126 Special:Confirmemail 18127* Fix read permission check for unreadable page titles which are numerically 18128 equivalent to a whitelisted title 18129* '?>' closing tag removed from all files to help avoid problems with extraneous 18130 whitespace (broken XML feeds, etc.) 18131* Don't use garbled parser cache output when viewing custom CSS or JavaScript 18132 pages 18133* (bug 10406) Fix Special:Listusers filter form for non-ASCII localizations 18134* Fix empty message checks for message names containing & 18135 This corrects some odd behavior with sidebar items and custom namespaces 18136 containing ampersands. 18137* (bug 10375) Change thousands separator character to for Latin (la) 18138* (bug 10477) Fix AJAX watch for Farsi on Firefox: JavaScript encoding tweak 18139* (bug 10496) Fix broken DISTINCT option logic in database backend 18140* Fix CSS media declaration for "screen, projection"; was causing some 18141 validation issues 18142* (bug 10495) $wgMemcachedDebug set twice in includes/DefaultSettings.php 18143* (bug 10316) Prevent inconsistent cached skin settings in gen=js by setting 18144 the intended skin directly in the URL. 18145* (bug 9903) Don't mark redirects in categories as stubs 18146* (bug 6965) Cannot include "Template:R" with {{R}} (magic word conflict) 18147* Padding parser functions now work with strings like '0' that evaluate to false 18148* (bug 10332) Title->userCan( 'edit' ) may return false positive 18149* Fix bug with <nowiki> in front of links for wikis where linkPrefixExtension is 18150 true 18151* (bug 10552) Suppress rollback link in history for single-revision pages 18152* (bug 10538) Gracefully handle invalid input on move success page 18153* Fix for Esperanto double-x-encoding in move success page 18154* (bug 10526) Fix toolbar/insertTags behavior for IE 6/7 and Opera (8+) 18155 Now matches the selection behavior on Mozilla / Safari. 18156 Patch by Alex Smotrov. 18157* Don't show non-functional toolbar buttons on Opera 7 anymore 18158* (bug 9151) Fix relative subpage links with section fragments 18159* (bug 10560) Adding a space between category letter heading and "continues" 18160* (bug 4650) Keep impossibly large/small counts off Special:Statistics 18161* (bug 10608) PHP notice when installing with PostgreSQL 18162* (bug 10615) Fix for transwiki import when CURL not available 18163* (bug 8054) Return search page for empty search requests with ugly URLs 18164* (bug 10572) Force refresh after clearing visitation timestamps on watchlist 18165* (bug 10631) Warn when illegal characters are removed from filename at upload 18166* Fix several JavaScript bugs under MSIE 5/Macintosh 18167* (bug 10591) Use Arabic numerals (0,1,2...) for the Malayam language 18168* (bug 10642) Fix shift-click checkbox behavior for Opera 9.0+ and 6.0 18169* Work around Safari bug with pages ending in ".gz" or ".tgz" 18170* Removed obsolete maintenance/changeuser.sql script; use RenameUser extension 18171* (bug 2735) "Preview" shown in title bar for action=submit on special pages 18172* Removed "restore" links from the deletion log embedded in Special:Undelete 18173* Improved error reporting and robustness for file delete/undelete. 18174* Improved speed of file delete by storing the SHA-1 hash in image/oldimage 18175* Fixed leading zero in base 36 SHA-1 hash 18176* Protection form no longer produces JavaScript errors 18177* (bug 10741) File histories show "delete" links for non-sysops 18178* (bug 10744) Treat "noarticletext" and "noarticletextanon" as wiki text when 18179 used on a non-existent page with "action=info" 18180* Fix escaping of raw message text when used on a non-existent page with 18181 "action=info" 18182* (bug 10683) Fix inconsistent handling of URL-encoded titles in links 18183 used in redirects (i.e. they now work) 18184* (bug 8878) Changes to $dateFormats in German localization (removing unused, 18185 nonexistent formats, putting time after date) 18186* (bug 10769) Database::update() should return boolean result 18187* Fix preference checkbox display for right-to-left languages which caused 18188 them to be hidden in IE in some cases 18189* Fix upload form display in right-to-left languages 18190* Fixed regression in blocking of username '0' 18191* (bug 9437) Don't overwrite edit form submission handler when setting up 18192 edit box scroll position preserve/restore behavior 18193* (bug 10805) Fix "undo" link when viewing the diff of the most recent 18194 change to a page using "diff=0" 18195* (bug 10765) img_auth.php will now refuse logged-out requests where 18196 $wgWhitelistRead is undefined, instead of (incorrectly) honouring them 18197* Fixed img_auth.php file name extraction for whitelist checking 18198* Tweak spacing of email preference display 18199* Table sorting JavaScript prefers textContent over innerText to allow hidden 18200 sort keys to work on Safari 18201* (bug 4530) Fix local name of Kurdish language 18202* (bug 10830) Fix local name of Haitian Creole language 18203* Fix invalid XHTML in Special:Protectedpages 18204* Fix comments in contributions and log pages for right-to-left languages 18205* Make installer include_path-independent, so it should work on hosts which 18206 disable user setting of PHP include_path setting 18207* glob() is horribly unreliable and doesn't work on some systems, including 18208 free.fr shared hosting. No longer using it in Language::getLanguageNames() 18209* (bug 10763) Fix multi-insert logic for PostgreSQL 18210* Fix invalid XHTML when viewing a deleted revision 18211* Fix syntax error in translations of magic words in Romanian language 18212* (bug 8737) Fix warnings caused by incorrect use of `/dev/null` when piping 18213 process error output under Windows 18214* (bug 7890) Don't list redirects to special pages in Special:BrokenRedirects 18215* (bug 10783) Resizing PNG-24 images with GD no longer causes all alpha 18216 channel transparency to be lost and transparent pixels to be turned black 18217* (bug 9339) General error pages were transforming messages and their parameters 18218 in the wrong order 18219* (bug 9026) Incorrect heading numbering when viewing Special:Statistics with 18220 "auto-numbered headings" enabled 18221* Fixed invalid XHTML in Special:Upload 18222* (bug 11013) Make sure dl() is available before attempting to use it to check 18223 available databases in installer 18224* Resizing transparent GIF images with GD now retains transparency by skipping 18225 resampling 18226* (bug 11065) Fix regression in handling of wiki-formatted EXIF metadata 18227* Double encoding broke Special:Newpages for some languages 18228* Adding a newline before the statistics footer, to prevent parsing problems 18229* Preventing the TOC from appearing in Special:Statistics 18230* (bug 11082) Fix check for fully-specced table names in Database::tableName 18231* (bug 11067) Fix regression in upload conflict thumbnail display 18232* (bug 10985) Resolved cached entries on Special:DoubleRedirects were being 18233 suppressed, breaking paging - now strikes out "fixed" results 18234* (bug 8393) <sup> and <sub> need to be preserved (without attributes) for 18235 entries in the table of contents 18236* (bug 11114) Fix regression in read-only mode error display during editing 18237* Force non-MySQL databases to use an ORDER BY in SpecialAllpages to ensure 18238 that the first page_title is truly the first page title. 18239* (bug 10836) Change the summary on creating of new section 18240* Inclusion of Special:Wantedpages now works again 18241 18242== API changes since 1.10 == 18243 18244Full API documentation is available at https://www.mediawiki.org/wiki/API 18245 18246* New properties: links, templates, images, langlinks, categories, external 18247 links 18248* Breaking Change: imagelinks renamed into imageusage (il->iu) 18249* Bug fix: incorrect generator behavior in some cases 18250* JSON format allows an optional callback function to wrap the result. 18251* Login module disabled until a more secure solution can be implemented 18252* (bug 9938) Querying by revision identifier returns the most recent revision 18253 for the corresponding page, rather than the requested revision 18254* (bug 8772) Filter page revision queries by user 18255* (bug 9927) User contributions queries do not accept IP addresses 18256* Watchlist feed now reports a proper feed item when the user is not logged in 18257* Watchlist feed date bug fixed - automatically shows one last day 18258* Watchlist feed now allows to specify number of hours to monitor 18259* list=allpages now returns a list instead of a map in JSON format 18260* Breaking Change: in json, revisions are now returned as a list, not as a map. 18261* Add: prop=info can show page is new flag, current page length, and visit 18262 counter. 18263* Change: Query watchlist now shows flags only when explicitly requested with 18264 wlparam=flags 18265* rc_this_oldid (textid) is no longer accessible from query watchlist 18266* action=usercontribs: additional filtering by ucshow=; selection of needed 18267 fields with ucprop=; the textid (rev_text_id) is no longer being exposed 18268* (bug 9970) Breaking Change: backlinks, embeddedin and imageusage now return 18269 lists in JSON instead of a map, and do not return anything when titles do 18270 not exist 18271* (bug 9121) Introduced indexpageids query parameter to list the page_id 18272 values of all returned page items 18273* (bug 10147) Now interwiki titles are not processed but added to a separate 18274 "interwiki" section of the output. 18275* Added categorymembers list to query for pages in a category. 18276* (bug 10260) Show page protection status 18277* (bug 10392) Include MediaWiki version details in version output 18278* (bug 10411) Site language in meta=siteinfo 18279* (bug 10391) action=help doesn't return help if format is fancy markup 18280* backlinks, embeddedin and imageusage lists should use (bl|ei|iu)title 18281 parameter instead of titles. Titles for these lists is obsolete and might stop 18282 working soon. 18283* Added prop=imageinfo - gets image properties and upload history 18284* (bug 10211) Added db server replication lag information in meta=siteinfo 18285* Added external url search within wiki pages (list=exturlusage) 18286* Added link enumeration (list=alllinks) 18287* Added registered users enumeration (list=allusers) 18288* Added full text search in titles and content (list=search) 18289* (bug 10684) Expanded list=allusers functionality 18290* Possible breaking change: prop=revisions no longer includes pageid for 18291 rvprop=ids 18292* Added rvprop=size to prop=revisions (The size will not be shown if it is NULL 18293 in the database) 18294* list=allpages now allows to filter by article min/max size and protection 18295 status 18296* Added site statistics (siprop=statistics for meta=siteinfo) 18297* (bug 10902) Unable to fetch user contributions from IP addresses 18298* `list=usercontribs` no longer requires that the user exist 18299* (bug 10971) `aufrom` parameter doesn't work with spaces 18300* Fix username handling issue with `auprefix` parameter 18301* Treat underscores as spaces for `aufrom` and `auprefix` parameters 18302* Added edit/delete/... token retrieval to prop=info 18303* Added meta=userinfo - logged-in user information, group membership, rights 18304* (bug 11072) Fix regression in API image history query 18305* (bug 11115) Adding SHA1 hash to imageinfo query 18306* (bug 10898) API does not return an edit token for non-existent pages 18307* (bug 10890) Timestamp support for categorymembers query 18308* (bug 10980) Add exclude redirects on backlinks 18309* IPv6 titles in User namespace are normalized (run cleanupTitles.php to fix any 18310 old stray pages) 18311 18312== Maintenance script changes since 1.10 == 18313 18314* Add support for wgMaxTocLevel option in parserTests 18315* (bug 6823) Disable article view counter in maintenance/dumpHTML.php 18316* Fix maintenance/importImages.php so it doesn't barf PHP errors when no 18317 suitable files are found, and make the list of extensions an option (defaults 18318 to $wgFileExtensions) 18319* Add option to maintenance/createAndPromote.php to give the user bureaucrat 18320 permissions (--bureaucrat) 18321* Allow overwriting existing files with a conflicting name using 18322 maintenance/importImages.php 18323* (bug 10266) Use native newlines when rebuilding a messages file. 18324 18325== Languages updated since 1.10 == 18326 18327* Afrikaans (af) 18328* Arabic (ar) 18329* Bikol (bcl) 18330* Bulgarian (bg) 18331* Catalan (ca) 18332* Danish (da) 18333* German (de) 18334* Greek (el) 18335* Esperanto (eo) 18336* Spanish (es) 18337* Estonian (et) 18338* Extremaduran (ext) 18339* Farsi (fa) 18340* Finnish (fi) 18341* Vöro (fiu-vro) 18342* French (fr) 18343* Français Cadien (frc) (new) 18344* Franco-Provençal/Arpetan (frp) 18345* Galician (gl) 18346* Hakka (hak) 18347* Hebrew (he) 18348* Upper Sorbian (hsb) 18349* Haitian (ht) 18350* Indonesian (id) 18351* Icelandic (is) 18352* Italian (it) 18353* Japanese (ja) 18354* Georgian (ka) 18355* Kabyle (kab) 18356* Kazakh (kk) 18357* Korean (ko) 18358* Kinaray-a (krj) (new) 18359* Kurdish (ku) 18360* Latin (la) 18361* Lao (lo) 18362* Lithuanian (lt) 18363* Latviešu (lv) 18364* Malayalam (ml) 18365* Bahasa Melayu (ms) 18366* Burmese (my) 18367* Low German (nds) 18368* Dutch (nl) 18369* Norwegian (no) 18370* Occitan (oc) 18371* Punjabi (Gurmukhi) (pa) 18372* Polish (pl) 18373* Piedmontese (pms) 18374* Portuguese (pt) 18375* Romani (rmy) 18376* Romanian (ro) 18377* Aromanian (roa-rup) 18378* Russian (ru) 18379* Sakha (sah) 18380* Sango (se) (new) 18381* Slovak (sk) 18382* Slovenian (sl) 18383* Shona (sn) 18384* Somali (so) 18385* Albanian (sq) 18386* Sundanese (su) 18387* Swedish (sv) 18388* Tamil (ta) 18389* Thai (th) 18390* Tigrinya (ti) 18391* Setswana (tn) 18392* Tok Pisin (tpi) 18393* Uyghur (ug) 18394* Volapük (vo) 18395* Winaray (war) (new) 18396* Yiddish (yi) 18397* Old Chinese / Late Middle Chinese (zh-classical) 18398* Chinese (PRC) (zh-cn) 18399* Chinese (Taiwan) (zh-tw) 18400* Cantonese (zh-yue) 18401 18402== MediaWiki 1.10 == 18403 18404== MediaWiki 1.10.4 == 18405 18406March 2, 2008 18407 18408* Correction for API path fix, broken in 1.10.3 18409 18410== MediaWiki 1.10.3 == 18411 18412January 23, 2008 18413 18414This is a security update to the Winter 2007 quarterly release. A potential 18415XSS injection vector affecting api.php only for Microsoft Internet Explorer 18416users has been closed. 18417 18418 18419To work around the vulnerability without upgrading, you may disable the API if 18420you don't need it: 18421 18422:[[Manual:$wgEnableAPI|$wgEnableAPI]] = false; 18423 18424Not vulnerable versions: 18425* 1.12 or later 18426* 1.11 >= 1.11.1 18427* 1.10 >= 1.10.3 18428* 1.9 >= 1.9.5 18429* 1.8 any version (if $wgEnableAPI has been left off) 18430 18431Vulnerable versions: 18432* 1.11 <= 1.11.0rc1 18433* 1.10 <= 1.10.2 18434* 1.9 <= 1.9.4 18435* 1.8 any version (if $wgEnableAPI has been switched on) 18436 18437MediaWiki 1.7 and below are not affected as they do not include the API 18438functionality, however the BotQuery extension is similarly vulnerable unless 18439updated to the latest SVN version. 18440 18441== MediaWiki 1.10.2 == 18442September 10, 2007 18443 18444This is a security fix update to the Spring 2007 quarterly release snapshot. A 18445possible HTML/XSS injection vector in the API pretty-printing mode has been 18446found and fixed. 18447 18448The vulnerability may be worked around in an unfixed version by simply 18449disabling the API interface if it is not in use, by adding this to 18450LocalSettings.php: 18451:[[Manual:$wgEnableAPI|$wgEnableAPI]] = false; 18452 18453Not vulnerable versions: 18454* 1.11 >= 1.11.0 18455* 1.10 >= 1.10.2 18456* 1.9 >= 1.9.4 18457* 1.8 >= 1.8.5 18458 18459Vulnerable versions: 18460* 1.11 <= 1.11.0rc1 18461* 1.10 <= 1.10.1 18462* 1.9 <= 1.9.3 18463* 1.8 <= 1.8.4 (if $wgEnableAPI has been switched on) 18464 18465MediaWiki 1.7 and below are not affected as they do not include the faulty 18466function, however the BotQuery extension is similarly vulnerable unless updated 18467to the latest SVN version. 18468 18469== MediaWiki 1.10.1 == 18470July 13, 2007 18471 18472This is a bugfix update to the Spring 2007 quarterly release snapshot. A number 18473of fixes to improve compatibility with PostgreSQL, some versions of MySQL, and 18474some PHP configurations are included. 18475 18476Changes since 1.10.0: 18477 18478* (bug [[bugzilla:9417|9417]]) Uploading new versions of images when using 18479Postgres no longer throws warnings. 18480* (bug [[bugzilla:9908|9908]]) Using tsearch2 with Postgres 8.1 no longer gives 18481an error. 18482* (bug [[bugzilla:9973|9973]]) Changed size was shown in advanced recentchanges 18483collapsible items with $wgRCShowChangedSized = false. 18484* Fixed installation on MyISAM or old InnoDB with charset=utf8, was giving 18485overlong key errors. 18486* Fixed zero-padding issues with MySQL 5 binary schema 18487* (bug [[bugzilla:9820|9820]]) session.save_path check no longer halts 18488installation, but warns of possible bad values 18489* (bug [[bugzilla:9978|9978]]) Fixed session.save_path validation when using 18490extended configuration format, e.g. "5;/tmp" 18491 18492== MediaWiki 1.10.0 == 18493May 9, 2007 18494 18495This is the quarterly release snapshot for Spring 2007. See below for a full 18496list of changes since the 1.9.x series. 18497 18498Changes since 1.10.0rc2: 18499 18500* (bug [[bugzilla:9808|9808]]) Fix regression that ignored user 'rclimit' 18501option for Special:Contributions 18502 18503== MediaWiki 1.10.0rc2 == 18504May 4, 2007 18505 18506THIS IS A RELEASE CANDIDATE MADE AVAILABLE FOR TESTING! 18507A FINAL 1.10.0 RELEASE WILL APPEAR WITHIN A FEW DAYS. 18508 18509Changes since 1.10.0rc1: 18510* Various l10n fixes and updates 18511* Fix for upgrade of page_restrictions table 18512* (bug [[bugzilla:9780|9780]]) Fix normalization of titles with initial colon 18513followed by whitespace 18514* Fix for regression in upload: wrong size info saved into image table 18515* Avoid cyclic stub problems when authorization hooks do funny things with the 18516user and the database at load time 18517 18518== MediaWiki 1.10.0rc1 == 18519This is the Spring 2007 branch release of MediaWiki. 18520 18521MediaWiki is now using a "continuous integration" development model with 18522quarterly snapshot releases. The latest development code is always kept 18523"ready to run", and in fact runs our own sites on Wikipedia. 18524 18525Release branches will continue to receive security updates for about a year 18526from first release, but nonessential bugfixes and feature developments 18527will be made on the development trunk and appear in the next quarterly release. 18528 18529Those wishing to use the latest code instead of a branch release can obtain 18530it from source control: https://www.mediawiki.org/wiki/Download_from_SVN 18531 18532== Configuration changes == 18533 18534* A new switch $wgCommandLineDarkBg used by maintenance scripts 18535 (parserTests.php). It lets you specify if your terminal use a dark background, 18536 the colorized output will be made lighter making things easier to read. 18537* The minimum permissions needed to edit a page in each namespace can now be 18538 customized via the $wgNamespaceProtection array. By default, editing pages in 18539 the MediaWiki namespace requires "editinterface" permission, as before. 18540* Allow restriction of autoconfirmed permission by edit count. New global 18541 setting $wgAutoConfirmCount (defaulting to zero, naturally). 18542* Added rate limiter for Special:Emailuser 18543* Private logs can now be created using $wgLogRestrictions 18544* (Bug 8590) limited HTML is now always enabled ($wgUserHtml = true). 18545* Deprecated $wgUseImageResize, thumbnailing will be enabled unconditionally. 18546 18547== New features since 1.9 == 18548 18549* (bug 6937) Introduce "statistics-footer" message, appended to 18550 Special:Statistics 18551* (bug 6638) List block flags in block log entries 18552* (bugs 5051, 5376) Tooltips and accesskeys no longer require JavaScript 18553* Added SkinTemplateOutputPageBeforeExec hook before SkinTemplate::outputPage() 18554 starts page output 18555 (http://lists.wikimedia.org/pipermail/wikitech-l/2007-January/028554.html) 18556* Introduce "cascading protection" -- implicit protection on pages transcluded 18557 into a page protected with this option enabled 18558* (bug 8567) Added hook RawPageViewBeforeOutput just before the text is blown 18559 out in action=raw, so extensions might influence the output. 18560* (bug 3446) Add user preference to hide page content below diffs, can be 18561 overridden by adding diffonly=1 or diffonly=0 to the URL of the diff page 18562* Add 'purge' privilege to replace the hardcoded check for login state in 18563 determining whether action=purge can be done via GET. Switching the 18564 permission on for anons can be helpful for benchmarking. 18565* (bug 7842) Link back to deleted revision list from deleted revision preview 18566* (bug 8619) Add user-aware "unblock" link to Special:Blockip 18567* (bug 8522) Provide a "delete" link on Special:Brokenredirects for users with 18568 the appropriate permission 18569* (bug 8628) Add user-aware block list link to Special:Blockip 18570* (bug 8621) Log revisions marked as patrolled 18571* Introduce "BookInformation" hook; see docs/hooks.txt for more details 18572* Add title prefix search for Special:Undelete 18573* Remove full-archive list from Special:Undelete 18574* (bug 8136) Introduce 'ArticleUndelete' hook; see docs/hooks.txt for more info 18575* (bug 8712) Expose user groups as a JavaScript global 18576* Introduce 'CustomEditor' hook; see docs/hooks.txt for more information 18577* New special page, Special:Protectedpages, which shows all protected pages 18578 and their protection status (full protection status is not pulled out due 18579 to performance considerations, so it just shows "full protected" or 18580 "semi protected". 18581* (bug 4133) Allow page protections to be made with an expiry date, in the same 18582 format as block expiry dates. Existing protections are assumed to be infinite, 18583 as are protections made with the new field left blank. 18584* (bug 8535) Allow certain vertical alignment attributes to be used as image 18585 keywords 18586* (bug 6987) Allow perrow, widths, and heights attributes for <gallery> 18587* (bug 3678) Allow disabling MediaWiki:Aboutsite in the same way as 18588 MediaWiki:Disclaimers; Also means that if any of the footer links are 18589 disabled in the wiki's default language (by setting to "-"), they'll also 18590 be disabled in other languages too (e.g. if the user specifies uselang=fr). 18591* Sort log types in Special:Log 18592* Added a classname ("mw-toolbar-editbutton") and unique IDs to the edit 18593 toolbar buttons 18594* Hide irrelevant block options in Special:Blockip based on whether an 18595 IP address/range or username is listed. (Dynamic using JS.) 18596* (bug 9032) Make quickbarSettings localizable through Special:Allmessages 18597* (bug 7782) Standardisation of file info at image description pages. 18598* (bug 1035) View contributions / recentchanges for an IP range. 18599* (bug 8747) When unwatching pages from Special:Watchlist/edit, put the 18600 confirmation messages in a proper list with a CSS class and id. 18601* (bug 9118) Show relevant log fragments on deletion confirmatio page 18602* (bug 9009) Add username entry field to Special:Contributions 18603* (bug 1723) Article size in history 18604* (bug 9223) Disallow magic tilde sequences in page titles and usernames 18605* (bug 6997) Link from Special:log/block to unblock form 18606* (bug 9117) Link from Special:log/delete to undelete form 18607* Link from Special:log/protect to change protection form 18608* (bug 1196) Add IPv6 support added to blocks, more consistancy for IPv6 18609 contribs 18610* (bug 3984) Searching in logs by title% 18611* Show thumbnail of existing image if image exists already under this filename 18612* (bug 5546) Watchlist reflects logged actions like move, protection, undelete 18613* Support protocols other than HTTP in LinkFilter, use $wgUrlProtocols 18614* (bug 3069) Warning on upload of scaled down images 18615* Warning on upload of images with uppercase extension if image with lowercase 18616 extension exists 18617* (bug 4624) Namespace selection for Special:Whatlinkshere 18618* Introduce PageHistoryBeforeList and PageHistoryLineEnding hooks; see 18619 docs/hooks.txt for more information 18620* (bug 9397) Introduce "sp-contributions-footer" and 18621 "sp-contributions-footer-anon" messages, shown at the end of 18622 Special:Contributions as appropriate for the target 18623* (bug 8421) Expose current action in JavaScript globals (as 'wgAction') 18624* (bug 9069) Use galleries in query pages dedicated to images 18625* (bug 9177) Installer now warns of various conditions affecting 18626 session.save_path which can lead to broken session storage 18627* (bug 9046) Special page to list pages without language links 18628* (bug 9508) Special page to list articles with the fewest revisions 18629* Introduce 'FileUpload' hook; see docs/hooks.txt for more information 18630* Introduce 'SearchUpdate' hook; see docs/hooks.txt for more information 18631* Introduce 'mywatchlist' message; used on personal menu to link to watchlist 18632 page 18633* Introduce magic word {{NUMBEROFEDITS}} 18634* Introduced media handlers for file-type specific operations. 18635* Improved error reporting for image thumbnailing 18636* Added sharpening option for ImageMagick thumbnailing 18637* (bug 9656) Autosummaries will be generated for deletion of pages longer than 18638 500 characters 18639* Predefined block reasons added to Special:Blockip 18640* (bug 9196) Installer now check that zend.ze1_compatibility_mode is off 18641* (bug 9697) Introduce 'InternalParseBeforeLinks' hook; see docs/hooks.txt for 18642 more information 18643* 'contribsub' message changed to 'contribsub2' with two parameters to permit 18644 better localization. Change is reverse-compatible and can be ignored for 18645 most wikis. 18646* Adding a 'reason' field to Special:Userrights 18647 18648== Bugfixes since 1.9 == 18649 18650* (bug 7292) Fix site statistics when moving pages in/out of content namespaces 18651* (bug 8531) Correct local name of Lingála 18652* Made the PLURAL: parser function return singular on -1 per default 18653* Fixed up the AjaxSearch 18654* Fix SpecialVersion->formatCredits input. Version and Url parameters should be 18655 null to be treated properly with isset. 18656* Page restrictions moved into a new, dedicated table 18657* Correct tooltip accesskey hint for Opera on the Macintosh 18658 (uses Shift-Esc-, not Ctrl-). 18659* (bug 8002) Math should render left-to-right even in right-to-left wikis 18660* Pass e-mail and real name fields to AuthPlugin::addUser, as additional 18661 optional fields, which may be considered useful at registration time. 18662* PostgreSQL upgrade scripts fixed and updated 18663* (bug 8613) Fix error when viewing "Recent Changes" and using Postgres. 18664* Initialise site_stats table at upgrade time if data was missing 18665* (bug 7250) Updated Unicode normalization tables to Unicode 5.0 18666* Unmaintained Oracle support files have been removed. 18667* Use browser default for printing size, don't force to 11pt 18668* (bug 8632) Fix regression in page protection null edit update 18669* (bug 8407) Disallow indexing of "printable" versions 18670* (bug 8643) Correctly escape the page-specific CSS class for non-Monobook skins 18671* (bug 8629) Document $wgFilterCallback 18672* (bug 1000) Clarify warning about memory_limit in installer 18673* Suppress PHP warning about set_time_limit in installer when safe mode is on 18674* (bug 3000) Fall back to SCRIPT_NAME plus QUERY_STRING when REQUEST_URI is 18675 not available, as on IIS with PHP-CGI 18676* Missing interwiki row for English Wikipedia restored (as "wikipedia:") 18677* use configured cache servers for mctest.php 18678* bucket details in mcc.php 18679* fix input validation and remove debugging code in compressOld 18680* full ID range for moveToExternal 18681* fix resolveStubs.php for compatibility with older serialized data 18682* maximum line length for bar graphs in getLagTimes.php 18683* recognize specieswiki in rebuildInterwiki.inc 18684* profile unicode cleanup in Xml 18685* log slow parses in Article.php 18686* profile wfMsgReal 18687* log mkdir failures 18688* profile AutoLoader 18689* rebuild empty DjVu metadata containing '' 18690* security fix for DjVu metadata retrieval 18691* Undelete page list can use plural marker 18692* (bug 8638) Fix update from 1.4 and earlier 18693* (bug 8641) Fix order of updates to ipblocks table 18694* (bug 8678) Fix detection of self-links for numeric titles in Parser 18695* (bug 6171) Magically close tags in tables when not using Tidy. 18696* Sanitizer now correctly escapes lonely '>' occurring before the first wikitag. 18697* Ignore self closing on closing tags ( '</div />' now gives '</div>') 18698* (bug 8673) Minor fix for web service API content-type header 18699* Fix API revision list on PHP 5.2.1; bad reference assignment 18700* (bug 8688) Handle underscores/spaces in Special:Blockip and 18701 Special:Ipblocklist in a consistent manner 18702* (bug 8701) Check database lock status when blocking/unblocking users 18703* ParserOptions and ParserOutput classes are now in their own files 18704* (bug 8708) Namespace translations for Zealandic language 18705* Renamed constructor methods to PHP 5 __construct reserved name 18706* (bug 8715) Warn users when editing an interface message whether or not the 18707 message page exists 18708* ar: fix the 'create a new page' on search page when no exact match found 18709* (bug 8703) Corrected talk and image namespace name for Limburgish (li) 18710* (bug 8671) Expose "wpDestFile" as a parameter to "uploadtext" 18711* (bug 8403) Respect bad image list exceptions in galleries on wiki pages 18712* Allow sending per-user contribution requests to "contributions" query group 18713* (bug 3717) Update user count for AuthPlugin account autocreation 18714* (bug 8719) Firefox release notes lie! Fix tooltips for Firefox 2 on x11; 18715 accesskeys default settings appear to be same as Windows. 18716* Added an option to make Linker::userToolLinks() show the contribs link 18717 red when the user has no edits. Linker::userToolLinksRedContribs() is an 18718 alias to that which should be used to make it more self documentating. 18719* (bug 8749) Bring MySQL 5 table defs back into sync 18720* (bug 8751) Set session cookies to HTTPS-only to match other cookies 18721* (bug 8652) Catch exceptions generated by malformed XML in multipage media 18722* (bug 8782) Help text in Makefile 18723* (bug 8777) Suppress 'previous' link on Special:Allpages when at first page 18724* (bug 8774) Fix path for GNU FDL rights icon on new installs 18725* Fix multipage selector drop-down for DjVu images to work when title 18726 is passed as a query string parameter; we have to pass the title as 18727 a form parameter or it gets dropped from the form submission URL 18728* (bug 8819) Fix full path disclosure in with skins dependencies 18729* Fixed bug affecting HTML formatting in sortable table column titles 18730* Merged table sorting code into wikibits.js 18731* (bug 8711) Stop floats in previews from spilling into edit area 18732* (bug 8858) Safer handling when $wgImageLimits is changed. Added a note 18733 in DefaultSettings to make it clear. 18734* (bug 4268) Fixed data-loss bug in compressOld batch text compression 18735 affecting pages which had null edits (move, protect, etc) as second 18736 edit in a batch group. Isolated and patched by Travis Derouin. 18737* Fix for paths in 1.4->1.5 special-case updater script 18738* (bug 8789) AJAX search: IE users can now use the return key 18739* (bug 6844) Use <ins> and <del> tags to emphase the differences 18740* (bug 6684) Fix improper javascript array iteration 18741* (bug 4347) use MailAddress object for reply-to 18742* Add AlphabeticPager abstract class 18743* Use faster AlphabeticPager for Special:Categories 18744* (bug 8875) Show printable link in MonoBook sidebar for locally nonexistent 18745 pages; perhaps useful for categories and shared images 18746* Clean up session checks to better handle the case where the session was 18747 opened during the current request. May help with some caching corner 18748 cases. 18749* (bug 8897) Fix whitespace removal for interlanguage links with link prefix 18750* Add 'ParserTestTables' hook to expand the list of temporary tables copied 18751 by the parser test harness; use for extensions which require the presence 18752 of other tables while they work. 18753* Message names changed for AlphabeticPager introduced with r19758 18754 for better localisations. 18755* (bug 8944) The deprecated is_a() function is used in StubObjects.php 18756* (bug 8992) Fix a remaining raw use of REQUEST_URI in history 18757* (bug 8999) User.php gives "undefined user editcount" PHP notice. 18758* (bug 8984) Fix a database error in Special:Recentchangeslinked 18759 when using the Postgres database. 18760* Moved the main ob_start() from the default LocalSettings.php to WebStart.php. 18761 The ob_start() section should preferably be removed from older 18762 LocalSettings.php files. 18763* Give Content-Length header for HTTP/1.0 clients. 18764* Partial support for Flash cross-domain-policy filtering. 18765* Lazy-initialize site_stats row on load when empty. Somewhat kinder to 18766 dump-based installations, avoiding PHP warnings when NUMBEROFARTICLES 18767 and such are used. 18768* Add 'charset' to Content-Type headers on various HTTP error responses 18769 to forestall additional UTF-7-autodetect XSS issues. PHP sends only 18770 'text/html' by default when the script didn't specify more details, 18771 which some inconsiderate browsers consider a license to autodetect 18772 the deadly, hard-to-escape UTF-7. 18773 This fixes an issue with the Ajax interface error message on MSIE when 18774 $wgUseAjax is enabled (not default configuration); this UTF-7 variant 18775 on a previously fixed attack vector was discovered by Moshe BA from BugSec: 18776 http://www.bugsec.com/articles.php?Security=24 18777* Trackback responses now specify XML content type 18778* (bug 9044) Send a comment with action=raw pages in CSS/JS output mode 18779 to work around IE/Mac bug where empty pages time out verrrrryyyyy slowly, 18780 particularly with new keepalive-friendly HTTP on Wikipedia 18781* (bug 8919) Suppress paging links and related messages where there are no 18782 rows to list for query pages 18783* (bug 9057) Standardize MediaWiki: namespace for oc 18784* (bug 8132) Suppress "Pages in this category" heading in categories when 18785 there are none 18786* (bug 8958) Handle search operators better when using tsearch2 (Postgres) 18787* (bug 8799) Use redirect table for Special:BrokenRedirects and 18788 Special:DoubleRedirects 18789* (bug 8918) Enable PLURAL option for MediaWiki:showingresults and 18790 MediaWiki:showingresultsnum 18791* (bug 9122) Fix minor display issue in RTL with section edit link margin 18792* (bug 5805) Enable PLURAL option for some messages of watchlist and statistic 18793* (bug 3953) Work around poor display of parenthesis in the in other 18794 languages section of MonoBook skin 18795* (bug 8539) Enable PLURAL option for another message of recentchanges. 18796* (bug 8728) MediaWiki:Badfiletype split into 3 messages 18797* (bug 9131) Allow SpecialContributions to work with Postgres 18798* (bug 9155) Allow footer info to wrap in Monobook 18799* (bug 8847) Strip spurious #fragments from request URI to fix redirect 18800 loops on some server configurations 18801* (bug 9097) column "pr_pagetype" does not exist 18802* (bug 9217) Balance wfProfile calls in Skin::outputPage 18803* (bug 9222) PostgreSQL updater should not be version-specific 18804* Fix fallback implementation of mb_strlen so it works and isn't insanely 18805 slow for large strings, since it's used for page edit lengths 18806* (bug 8815) Setting password in initUser() breaks LdapAuthentication plugin 18807* (bug 9256) Add a quick note to index.php header comments 18808* Make Special:Listusers caseinsensitive for first letter 18809* Default tidy.conf has been moved from extensions module into includes. 18810* Ignore lonely ''''' 18811* (bug 9244) When calling edit page for nonexistent section, generate error 18812 inside of just discarding edits, since edit links sometimes go to the wrong 18813 place. 18814* (bug 9019) No warning during upload if image description page exists, but no 18815 image 18816* (bug 8582) Allow thumbnailing when imagesize has a space. 18817* (bug 8716) Change math_inputhash and math_outputhash to bytea for Postgres 18818* (bug 9343) Correct internal name for Wolof language 18819* (bug 9363) Fix Postgres error on Recentchangeslinked 18820* (bug 5142) Fixed call of hook ArticleViewHeader 18821* (bug 4777) Separate prev/next messages for Special:Whatlinkshere 18822* Merge approx 15 missing Wikipedia language codes into wikipedia-interwiki.sql 18823 based on Jeff Merkey's mediawiki-1.9.3.WG-20070316.tar.gz.bz2 archive. 18824* (bug 9411) Fix for shared image descriptions using query-string titles 18825* (bug 4756) Add user tool links for self created accounts at special:log 18826 instead of sometimes broken block links from newuserlog extension 18827* (bug 5817) Special:Recentchangeslinked now shows red link for nonexistent 18828 target page instead of silently redirecting 18829* (bug 8914) Don't transform colons in {{anchorencode:}} 18830* (bug 9241) Handle edit section links and include size links for cached 18831 templates the same as the first transclusion. 18832* (bug 9466) "Rollback failed" page doesn't format edit comment 18833* (bug 9472) Invalid XHTML on cached special pages 18834* (bug 9472) Invalid XHTML on Special:Newpages 18835* (bug 4764) "My contributions" not bold when viewing own contributions 18836* (bug 9194) Add {{PLURAL:...}} to navigation bar of Special:Whatlinkshere 18837* (bug 9033) Use a more specific error message when users are not able/allowed 18838 to edit page protection levels due to a block, database lock or permissions 18839* Fixed $wgFeedLimit 18840* (bug 9270) Corrected help namespace name for Dutch Lower Saxon (nds-nl) 18841* (bug 929, 4215) Expose "rcdays" user preference in Special:Preferences 18842* (bug 9554) Extension-provided group name messages not used 18843* (bug 9565) Translate template namespace name for Hindi (hi) 18844* (bug 8599) Correct localized names of zh-variants 18845* (bug 3366) Require skins based on SkinTemplate to override the skinname 18846 property. 18847* (bug 9220) Removed obsoletes functions in install-utils.inc. 18848* Removed obsoletes Title::getRelatedCache and Title:touchArray 18849* (bug 7285) Check MySQL username length during install 18850* (bug 6910) Correct date/time formats in Vietnamese (vi) 18851* (bug 9608) Correctly use ORDER BY in dumpLinks.php 18852* (bug 9609) Correctly use ORDER BY in SpecialWhatlinkshere.php 18853* Special:Random and Special:Randomredirect now try harder to send the user to 18854 a random page, and will give an error message if none really can be found 18855 instead of sending the user to the main page like they used to 18856* Fix object variable used for displaying "not-patrolled" CSS class on list 18857* Fixed interaction of page parameter to ImagePage with the HTML file cache 18858* Fixed MIME type for SVG files, will be silently changed from image/svg 18859 to image/svg+xml after loading from the database. 18860* Workaround for djvutoxml bug #1704049 (poor performance). Use djvudump 18861 instead. 18862* Fixed odd behavior in ImagePage on DjVu thumbnailing errors 18863* (bug 5439) "Go" title search will now jump to shared/foreign Image: and 18864 MediaWiki: pages that have not been locally edited. 18865* (bug 9630) Limits links in Whatlinkshere forgot about namespace filter 18866* Fixed upgrade for the non-standard MySQL schemas 18867* Disable MySQL's strict mode at session start for MySQL 4.1+, to avoid the 18868 various problems that occur when it is on. 18869* (bug 9585) Fix regression in tidy usage in Special:Undelete previews 18870* (bug 3826) Normalize some invalid cookie name characters when setting 18871 up $wgCookiePrefix. Completes application of patch by Anders Kaseorg. 18872* (bug 9649) Fix RTL form alignment for Special:Movepage 18873* (bug 9582) Members of bot group now mark edits patrolled by default 18874* (bug 9669) Fix limit ordering for rebuildrecentchanges; broken since 18875 converted from 1.4 to 1.5 schema 18876* (bug 9682) Revert PHP 5.1 dependency on warning suppression for SVN info 18877* (bug 5959) Anchors dropped from stub links 18878* (bug 3348) Some additional weak password checks: password which is same 18879 as username will now be rejected. 18880* (bug 8602) Converted Special:Contributions to use an IndexPager. The 18881 interpretation of the offset parameter has changed, and the go parameter 18882 has been removed. 18883* (bug 6204) Fixes for indentation with $wgMaxTocLevel: 18884 - don't emit too many list close tags after an invisible header 18885 - don't emit too many final list close tags if last header is invisible 18886 - don't emit TOC when there are no visible headers 18887* (bug 7629) Fix $wgBrowserBlackList to avoid false positive on MSIE 18888 when certain plugins are present which alter the user agent 18889 18890 18891== Maintenance == 18892 18893* New script maintenance/language/checkExtensioni18n.php used to check i18n 18894 progress in the extension repository. 18895* Running maintenance/parserTests.php with '--record' option, will now 18896 automatically attempt to create the required tables 18897* --purge option to do additional parser-cache purging for purgeList.php 18898* Fix hardcoded background color in parserTests.php 18899* parserTests.php : removed the 'light' option for --color argument, replacing 18900 it with a new global switch : $wgCommandLineDarkBg 18901* (bug 8780) Clarify message for command-line scripts if LocalSettings.php 18902 exists but is not readable 18903* dumpBackup / importDump now work with PostgreSQL 18904* (bug 8975) Use "Maintenance script" as the default username for 18905 importImages.php and importTextFile.php scripts 18906* (bug 8933) Fix maintenance/reassignEdits.php script 18907* (bug 9440) Added "mediawikiwiki" interwiki prefix to MediaWiki.org 18908* (bug 2979) Import now gracefully skips invalid titles with a warning 18909* Restore '--norc' option for maintenance/importTextFile.php 18910* Help information for maintenance/importTextFile.php now easier to read on 18911 consoles 18912* Doxygen documentation now show the revision number of each file, generate 18913 graphs using dot and include a search engine. 18914 18915 18916== Languages updated == 18917 18918* Arabic (ar) 18919* Aramaic (arc) 18920* Aymara (ay) 18921* Belarusian normative (be) 18922* Belarusian alternative (be-x-old) 18923* Bulgarian (bg) 18924* Bihara (bh) 18925* Breton (br) 18926* Catalan (ca) 18927* Czech (cs) 18928* Danish (da) 18929* German (de) 18930* Greek (el) 18931* Esperanto (eo) 18932* Spanish (es) 18933* Estonian (et) 18934* Basque (eu) 18935* Finnish (fi) 18936* Võro (fiu-vro) 18937* French (fr) 18938* Hebrew (he) 18939* Hindi (hi) 18940* Upper Sorbian (hsb) 18941* Hungarian (hu) 18942* Armenian (hy) 18943* Indonesian (id) 18944* Italian (it) 18945* Japanese (ja) 18946* Javanese (jv) 18947* Georgian (ka) 18948* Kabyle (kab) 18949* Kazakh (kk) 18950* Korean (ko) 18951* Kashmiri (ks) 18952* Ripuarian (ksh) 18953* Latin (la) 18954* Luganda (lg) 18955* Limburgish (li) 18956* Lithuanian (lt) 18957* Latvian (lv) 18958* Marathi (mr) 18959* Low Saxon (nds) 18960* Dutch Lower Saxon (nds-nl) 18961* Nepali (ne) 18962* Nepal Bhasa (new) 18963* Dutch (nl) 18964* Occitan (oc) 18965* Pali (pi) 18966* Polish (pl) 18967* Romanian (ro) 18968* Russian (ru) 18969* Sanskrit (sa) 18970* Sicilian (scn) 18971* Slovak (sk) 18972* Sundanese (su) 18973* Swedish (sv) 18974* Tahitian (ty) 18975* Ukrainian (uk) 18976* Urdu (ur) 18977* Uzbek (uz) 18978* Vietnamese (vi) 18979* Zealandic (zea) 18980* Old Chinese / Late Middle Chinese (zh-classical) 18981* Chinese (PRC) (zh-cn) 18982* Chinese (Taiwan) (zh-tw) 18983* Cantonese (zh-yue) 18984 18985== Compatibility == 18986 18987MediaWiki 1.10 requires PHP 5 (5.1 recommended). PHP 4 is no longer supported. 18988 18989PHP 5.0.x fails on 64-bit systems due to serious bugs with array processing: 18990http://bugs.php.net/bug.php?id=34879 18991Upgrade affected systems to PHP 5.1 or higher. 18992 18993MySQL 3.23.x is no longer supported; some older hosts may need to upgrade. 18994At this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases. 18995 18996 18997== Upgrading == 18998 189991.10 has several database changes since 1.9, and will not work without schema 19000updates. 19001 19002If upgrading from before 1.7, you may want to run refreshLinks.php to ensure 19003new database fields are filled with data. 19004 19005If you are upgrading from MediaWiki 1.4.x or earlier, some major database 19006changes are made, and there is a slightly higher chance that things could 19007break. Don't forget to always back up your database before upgrading! 19008 19009See the file UPGRADE for more detailed upgrade instructions. 19010 19011= MediaWiki release notes = 19012Security reminder: MediaWiki does not require PHP's register_globals 19013setting since version 1.2.0. If you have it on, turn it *off* if you can. 19014 19015= MediaWiki 1.9 = 19016 19017== MediaWiki 1.9.6 == 19018 19019March 2, 2008 19020 19021* Correction for API path fix, broken in 1.9.5 19022 19023== MediaWiki 1.9.5 == 19024 19025January 23, 2008 19026 19027This is a security update to the Winter 2007 quarterly release. A potential XSS 19028injection vector affecting api.php only for Microsoft Internet Explorer users 19029has been closed. 19030 19031 19032To work around the vulnerability without upgrading, you may disable the API if 19033you don't need it: 19034 19035:[[Manual:$wgEnableAPI|$wgEnableAPI]] = false; 19036 19037Not vulnerable versions: 19038* 1.12 or later 19039* 1.11 >= 1.11.1 19040* 1.10 >= 1.10.3 19041* 1.9 >= 1.9.5 19042* 1.8 any version (if $wgEnableAPI has been left off) 19043 19044Vulnerable versions: 19045* 1.11 <= 1.11.0rc1 19046* 1.10 <= 1.10.2 19047* 1.9 <= 1.9.4 19048* 1.8 any version (if $wgEnableAPI has been switched on) 19049 19050MediaWiki 1.7 and below are not affected as they do not include the API 19051functionality, however the BotQuery extension is similarly vulnerable unless 19052updated to the latest SVN version. 19053 19054== MediaWiki 1.9.4 == 19055 19056September 10, 2007 19057 19058This is a security and bug fix update to the Winter 2007 quarterly release. 19059Minor compatibility fixes for IIS 5 are included. 19060 19061* (bug [[bugzilla:8847|8847]]) Strip spurious #fragments from request URI to 19062fix redirect loops on some server configurations 19063* A possible HTML/XSS injection vector in the API pretty-printing mode has been 19064found and fixed. 19065 19066The vulnerability may be worked around in an unfixed version by simply 19067disabling the API interface if it is not in use, by adding this to 19068LocalSettings.php: 19069 19070:[[Manual:$wgEnableAPI|$wgEnableAPI]] = false; 19071 19072Not vulnerable versions: 19073* 1.11 >= 1.11.0 19074* 1.10 >= 1.10.2 19075* 1.9 >= 1.9.4 19076* 1.8 >= 1.8.5 19077 19078Vulnerable versions: 19079* 1.11 <= 1.11.0rc1 19080* 1.10 <= 1.10.1 19081* 1.9 <= 1.9.3 19082* 1.8 <= 1.8.4 (if $wgEnableAPI has been switched on) 19083 19084MediaWiki 1.7 and below are not affected as they do not include the faulty 19085function, however the BotQuery extension is similarly vulnerable unless updated 19086to the latest SVN version. 19087 19088== MediaWiki 1.9.3 == 19089 19090February 20, 2007 19091 19092This is a security and bug-fix update to the Winter 2007 quarterly release. 19093Minor compatibility fixes for IIS and PostgreSQL are included. 19094 19095An XSS injection vulnerability based on Microsoft Internet Explorer's UTF-7 19096charset autodetection was located in the AJAX support module, affecting MSIE 19097users on MediaWiki 1.6.x and up when the optional setting $wgUseAjax is enabled. 19098 19099If you are using an extension based on the optional Ajax module, either disable 19100it or upgrade to a version containing the fix: 19101 19102* 1.9: fixed in 1.9.3 19103* 1.8: fixed in 1.8.4 19104* 1.7: fixed in 1.7.3 19105* 1.6: fixed in 1.6.10 19106 19107There is no known danger in the default configuration, with ''$wgUseAjax'' off. 19108 19109* ([[mediazilla:8992|8992]]) Fix a remaining raw use of REQUEST_URI in history 19110* ([[mediazilla:8984|8984]]) Fix a database error in 19111Special:Recentchangeslinked when using the PostgreSQL database. 19112* Add ''charset'' to Content-Type headers on various HTTP error responses to 19113forestall additional UTF-7-autodetect XSS issues. PHP sends only ''text/html'' 19114by default when the script didn't specify more details, which some 19115inconsiderate browsers consider a license to autodetect the deadly, 19116hard-to-escape UTF-7. This fixes an issue with the Ajax interface error message 19117on MSIE when ''$wgUseAjax'' is enabled (not default configuration); this UTF-7 19118variant on a previously fixed attack vector was discovered by Moshe BA from 19119BugSec: [http://www.bugsec.com/articles.php?Security=24 19120http://www.bugsec.com/articles.php?Security=24] 19121* Trackback responses now specify XML content type 19122 19123== MediaWiki 1.9.2 == 19124 19125February 4, 2007 19126 19127This is a bug-fix update that fixes some installation and other minor issues 19128with the 1.9.1 release as well as a security issue which was introduced in the 191291.9 branch. 19130 19131JavaScript code which regenerated the "sortable tables" feature did not 19132properly sanitize input, leading to an HTML injection vulnerability. 19133 19134* ([[mediazilla:8774|8774]]) Fix path for GNU FDL rights icon on new installs 19135* ([[mediazilla:8819|8819]]) Fix full path disclosure with skins dependencies 19136* ([[mediazilla:8819|8819]]) Fixed data-loss bug in compressOld batch text 19137compression affecting pages which had null edits (move, protect, etc) as second 19138edit in a batch group. Isolated and patched by Travis Derouin. 19139* Security fix for sortable tables JavaScript 19140 19141== MediaWiki 1.9.1 == 19142 19143January 24, 2007 19144 19145This is a bug-fix update that fixes some installation and upgrade issues with 19146the original 1.9.0 release. 19147 19148* ([[mediazilla:3000|3000]]) Fall back to SCRIPT_NAME plus QUERY_STRING when 19149REQUEST_URI is not available, as on IIS with PHP-CGI 19150* Security fix for DjVu images. (Only affects servers where .djvu file uploads 19151are enabled and ''$wgDjvuToXML'' is set.) 19152* ([[mediazilla:8638|8638]]) Fix update from 1.4 and earlier 19153* ([[mediazilla:8641|8641]]) Fix order of updates to ipblocks table for updates 19154from <=1.7 19155* ([[mediazilla:8673|8673]]) Minor fix for web service API content-type header 19156* Fix API revision list on PHP 5.2.1; bad reference assignment 19157* Fixed up the AjaxSearch 19158* Exclude settings files when generating documentation. That could expose the 19159database user and password to remote users. 19160* ar: fix the 'create a new page' on search page when no exact match found 19161* Correct tooltip accesskey hint for Opera on the Macintosh (uses Shift-Esc-, 19162not Ctrl-). 19163* ([[mediazilla:8719|8719]]) Firefox release notes lie! Fix tooltips for 19164Firefox 2 on x11; accesskeys default settings appear to be same as Windows. 19165 19166== Changes since 1.8 == 19167 19168* (bug 8200) Make category lists sorted by name when using Postgres. 19169* (bug 7841) Support 'IGNORE' inserts for Postgres, fixes watchlist 19170 adding problem. 19171* (bug 6835) Removing the includes/Parser.php::getTemplateArgs() function, 19172 because it seems to be unused. 19173* (bug 7139) Increasing the visual width of the edit summary field on larger 19174 screen sizes, for the default monobook skin. 19175* Fix PHP notice and estimates for dumpBackup.php and friends 19176* Improved register_globals paranoia checks 19177* (bug 7545) Fix PHP version check on install 19178* Disable PHP exception backtrace printing unless $wgShowExceptionDetails 19179 is set. Backtraces may contain sensitive information in function call 19180 parameters. 19181* (bug 6164) Avoid smashing Cite state if message transformation triggers 19182 during bad image list check, by skipping message transformation. 19183 This isn't a good permanent fix. 19184* (bug 6918) Stopped borders and backgrounds from showing through floated 19185 tables in Monobook 19186* (bug 6868) Un-hardcode section edit link style 19187* (bug 3205) Stop right floats from stacking horizontally in non-Monobook skins 19188* Added global $wgStyleVersion to centralize bumping CSS and JS file versions 19189 for cache-friendly style and script updating 19190* (bug 7562) Fix non-ASCII namespaces on Windows/XAMPP servers 19191* Friendlier check for PHP 5 in command-line scripts; it's common for parallel 19192 PHP 4 and 5 installations to interfere on the command-line. 19193* Fix regression in autoconfirm permission check 19194* (bug 3015) Add CSS ids to subcategory and page sections on category pages 19195* (bug 7587) Fix erroneous id for specialpage tab, enabling informative popup 19196* (bug 7599) Fix thumbnail purging, PHP notices on HTCP image page purge 19197* (bug 7581) Update language name for cbk-zam 19198* (bug 7444) Update namespace translations for Telugu (te), kept old values as 19199 alias for compatibility 19200* (bug 4525) Move section links down visually to same level as headings 19201 (editsection links are now inside the heading elements) 19202* Workaround for http://bugs.php.net/bug.php?id=31892 , PATH_INFO and hence 19203 URLs of the style /index.php/Main_Page were broken on some CGI installations. 19204* (bug 7623) Validate custom HTML id's correctly in Monobook interface 19205* (bug 2241) Fix collision of 'w' and 'd' accesskeys 19206* (bug 5795) CSS class added to body based on page name for page-specific 19207 styling 19208* (bug 6276) Stopped search field from getting too large in Cologne Blue 19209* (bug 7644) User creations that are aborted by hooks shouldn't be counted 19210 against account creations per day limit 19211* (bug 7636) Show Firefox 2 users correct accesskey prefix 19212* (bug 6427) Block blocked IPs from using the mail password function 19213 to allow blocking of flooders 19214* Include common.css from classic-style skins in main HTML with the bump URL 19215* (bug 7607) Add Karakalpak (kaa) to Names.php and stub message file for 19216 linktrail 19217* (bug 7582) Add 'tog-nolangconversion' to MessagesEn.php. 19218 This key is need for languages with variants (zh, sr, kk) 19219* (bug 7606) MediaWiki messages for "rss" and "atom" missing 19220* (bug 7609) Add some more '*-summary' messages to MessagesEn.php with empty 19221 strings to allow better localisation via Special:Allmessages. Mark this new 19222 messages as optional for localisation. 19223* Fix user_newpass upgrade for prefixed tables (reported by Fyren) 19224* (bug 7663) Include language variant switcher links on Nostalgia skin 19225* (bug 6531) Fix PHP fatal error on installation page with bad username input. 19226* (bug 6977) Remove 404 link for autogenerated database documentation. 19227* (bug 7369) Allow "Show Changes" without requiring edit token. 19228* (bug 7687) Fix movetalk box checks itself when confirming a delete and move. 19229* (bug 7684) Obey watchcreated preference for Special:Upload watch checkbox 19230* (bug 7686) Include id attribute on delete form confirmation button 19231* Allow compound interwiki prefixes in $wgImportSources 19232* (bug 7304) Added redirect table to store redirect targets. 19233* Added querycachetwo table (similar to querycache but has two titles) 19234* PageArchive can now return a Revision object for more convenient processing 19235 of deleted revision data 19236* Added 'UndeleteShowRevision' hook in Special:Undelete 19237* Error message on attempt to view invalid or missing deleted revisions 19238* Remove unsightly "_" from namespace in Special:Allpages, Special:Prefixindex 19239* (bug 3224) Allow minor edits by bots to skip new message notification on 19240 user talk pages. This can be disabled by adjusting the 'nominornewtalk' 19241 permission. Patch by Werdna. 19242* (bug 7741) MATH: fixed broken syntax of underbrace etc. Fixed arrays 19243* Fix purging for updated SVG files 19244* (bug 7745) Add id attribute to search button in Monobook 19245* (bug 7749) MATH: added some more LaTeX symbols, e.g. parallel, diamond, ast... 19246* (bug 7304) Added code in Article.php to keep redirect table up to date. 19247* Made special page names case-insensitive and localisable. Care has been taken 19248 to maintain backwards compatibility. 19249* Used special page subpages in a few more places, instead of query parameters. 19250* (bug 7758) Added wrapper span to "templates used" explanation to allow CSS 19251 styling (class="mw-templatesUsedExplanation"). 19252* Added {{#special:}} parser function, to give the local default title for 19253 special pages 19254* (bug 7766) Remove redundant / from AJAX requests, can break some servers 19255* Add tab links from extensions to classic-based skins (SkinTemplateTab hook) 19256 Provides better cross-skin compatibility for extensions using the modern 19257 skin hooks, such as Oversight 19258* Moved variant language links on Cologne Blue and Nostalgia to before the 19259 login/logout link 19260* Fix for parser tests with MySQL 5 in strict mode 19261* Added block option "enable autoblocks" 19262* Amend Special:Ipblocklist to note when a block has autoblock DISABLED. 19263* (bug 7780) Fix regression in editing redirects 19264* Add whitespace above "templates included on this page" using CSS, not 19265 hardcoded line break. 19266* Remove entries from redirect table on article deletion 19267* (bug 7788) Force section headers in new section links for users who have 19268 'prompt for blank edit summaries' on. 19269* (bug 1133) Special:Emailuser: add an option to send yourself a copy of your 19270 mail. 19271* (bug 461) Allow "Categories:" link at bottom of pages to be customized via 19272 pagecategorieslink message. 19273* Sort the list of skins in "My Preferences" -> Skins by alphabetical order. 19274* (bug 7785) Postgres compatibility for timestamps in RC feeds 19275* (bug 7550) Normalize user parameter normally on Special:Log 19276* (bug 7294) Fix PATH search for diff3 on install 19277* Various fixes related to the blocking change re: autoblocks. On inserting 19278 an IP block, the ipb_enable_autoblock field is now automagically blanked, 19279 because it doesn't make any sense for an IP. Additionally, IP blocks 19280 without the ipb_enable_autoblock option no longer show up as "autoblock 19281 disabled" on Special:Ipblocklist. 19282* (bug 7774) MATH: aded more amstex functions 19283* (bug 1182) MATH: fixed inconsistent rendering of upper case Greek letters in 19284 TeX 19285* Fix regression in streaming page dump generation 19286* (bug 7801) Add support for parser function hooks in parser tests 19287* checkUsernames.php now uses wfDebugLog instead of hardcoded path to log 19288* (bug 7810) Update talk namespaces for Occitan 19289* Allow case-sensitive URLs to be used for uploading from URLs. 19290* (bug 1109) Correct fix for compressed 304 responses when additional output 19291 buffers have been installed within the compression handler 19292* (bug 7819) Move automatic redirect edit summary after pre-save transform 19293 to work properly with subst: fun 19294* (bug 7826) Fix typos in two English messages. 19295* (bug 5365) Stop users being prompted to enter an edit summary for null edits, 19296 if they have selected that option in preferences. 19297* (bug 5936) Show an 'm' to the left of the edit summary on diff pages for minor 19298 edits. 19299* (bug 7820) Improve error reporting for uploads via URL. 19300* (bug 5149) When autoblocks are enabled, retroactively apply an autoblock to 19301 the most recently used IP of a user when they are blocked. 19302* Add an index on (rc_user_text,rc_timestamp) on the recentchanges table. This 19303 will make CheckUser.php and the new retroactive autoblock functionality 19304 faster. 19305* Fix regression in Special:Undelete for revisions deleted under MediaWiki 1.4 19306 with compression or legacy encoding 19307* (bug 6737) Fixes for MySQL 5 schema in strict mode 19308* Approximate height for client-side scaling fallback instead of passing -1 19309 into the HTML output. 19310* Make the DNSBL to check for proxy blocking configurable via $wgSorbsUrl 19311* Add experimental recording/reporting mode to parser tests runner, to 19312 compare changes against the previous run. 19313 Additional tables 'testrun' and 'testitem' are in maintenance/testRunner.sql, 19314 source this and pass --record option to parserTests.php 19315* Make the set of default parser test input files extensible via 19316 $wgParserTestFiles. This can now be appended to by extensions or local 19317 configuration files so that extension or custom tests can be automatically 19318 run along with the main batch. 19319* Run PHP install version checks on update.php so command-line updaters see 19320 new version requirements 19321* Do a check for the PHP 5.0.x 64-bit bug, since this is much more disruptive 19322 as of MW 1.8 than it used to be. Install or upgrade now aborts with a 19323 warning and a request to upgrade. 19324* (bug 6440) Updated indexes to improve backlinking queries (links, templates, 19325 images) 19326* Switched 'anon-only' block mode to default for IP blocks 19327* (bug 3687, 7892) Add distinct heading for media files in category display, 19328 with count. 19329* (bug 1578) Add different icons for external links to audio, video, or PDF in 19330 Monobook. 19331* Made autoblocks block account creation if the user block has that option 19332 enabled. 19333* Add auto-summaries to blankings and large removals without summaries. 19334* (bug 7811) Allow preview of edit summaries. 19335* (bug 6839) Wikibits.js minor changes to make JS-lint happier. 19336* (bug 7932) Make sure that edit toolbar clears floats so it appears correctly. 19337* (bug 6873) When viewing old revisions, add link to diff to current version. 19338* (bug 3315) Provide rollback link directly on history page. 19339* Replace 'old-revision-navigation' message with 'revision-info' and 19340 'revision-nav' messages, wrapped in divs with appropriate id's. 19341* (bug 4178) MediaWiki:Common.js will now be included for all users if 19342 $wgUseSiteJs is enabled, in addition to (if applicable) MediaWiki:Monobook.js 19343 and user JS subpages. 19344* (bug 7918) "Templates used on this page" changes during preview to reflect 19345 any added or removed templates, and works as expected for section edits. 19346* (bug 7919) "Templates used on this page" is now shown for read-only pages. 19347* (bug 7688) When viewing diff, section anchors in autosummary jump to section 19348 on current page instead of loading the latest version. 19349* (bug 7970) Use current connection explicitly on Database::getServerVersion 19350* (bug 2001) Tables with class="sortable" can now be dynamically sorted via 19351 JavaScript. 19352* Added autosummary for new pages with 500 or less characters, and refactor 19353 the autosummary code so it's all done in one function. doEdit is getting too 19354 big! 19355* (bug 7554) The correct MIME type for SVG images is now displayed on the 19356 image page (image/svg+xml, not image/svg). 19357* (bug 7883) Added autoblock whitelisting feature, using which specific ranges 19358 can be protected from autoblocking. These ranges are specified, in list 19359 format, in the autoblock_whitelist system message. 19360* Added placeholders for text injection by hooks to EditPage.php 19361* (bug 8009) Automatic edit summary for redirects is not filled for edits in 19362 existing pages 19363* Installer support for experimental MySQL 4.1/5.0 binary-safe schema 19364* Use INSERT IGNORE for db-based BagOStuff add/insert, for more memcache-like 19365 behavior when keys already exist on add (instead of dying with an error...) 19366* Add a hook 'UploadForm:initial' before the upload form is generated, and two 19367 member variable for text injection into the form, which can be filled by the 19368 hooks. 19369* (bug 6295) Add a "revision patching" functionality, where an edit can be 19370 undone 19371 (with a functionality similar to diff rev1 rev2 | patch -R rev3 -o rev3). 19372 This is triggered by including &undo=revid in an edit URL. A link to a URL 19373 that will undo a given edit is shown on NEW revision headers on diff pages. 19374 The link leads to a "Show Changes" page showing what will be done to undo the 19375 edit. 19376* Fix display of link in "already rolled back" message for image/category pages 19377* (bug 6016) Left-aligned images should stack vertically, like right-aligned 19378 images, not horizontally. 19379* Patch from LeonWP: added UploadForm:BeforeProcessing hook in SpecialUpload.php 19380* Add AuthPluginSetup hook to override $wgAuth after configuration 19381* Fix regression in authentication hook auto-creation on login 19382* (bug 8110) Allow spaces in ISBNs 19383* (bug 8024) Introduce "send me copies of emails I send to others" preference 19384* Added 'EditPage::attemptSave' hook before an article is saved. 19385* (bug 8083) Applied patch for sk localisation 19386* Add a backslash character to the edit token, to prevent edits via certain 19387 broken proxies that mangle such characters in form submissions 19388* (bug 7461) Allow overwriting pages using importTextFile.php 19389* (bug 7946) importTextFile.php doesn't perform pre-save transform 19390* (bug 8117) {{REVISIONTIMESTAMP}} showed weird default if $wgLocalTZoffset set; 19391 now uses current time for previews and if timestamp can't be loaded from DB 19392* {{REVISIONTIMESTAMP}} now uses site local timezone instead of user timezone 19393 to ensure consistent behavior 19394* {{REVISIONTIMESTAMP}} and friends should now work on non-MySQL backends 19395* (bug 7671) Observe canonical media namespace prefix in Linker::formatComment 19396* Added js variable wgCurRevisionId to the output 19397* (bug 8141) Cleanup of Parser::doTableStuff, patch by AzaTht 19398* (bug 8042) Make miser mode caching limits settable via $wgQueryCacheLimit 19399 instead of hardcoding to 1000 19400* Enable QueryPage classes to override list formatting 19401* (bug 5485) Show number of intervening revisions in diff view 19402* (bug 8100) Fix XHTML validity in Taiwanese localization 19403* Added redirect to section feature. Use it wisely. 19404* Added a configuration variable allowing the "break out of framesets" feature 19405 to be switched on and off ($wgBreakFrames). Off by default. 19406* Allow Xml::check() $attribs parameter to override 'value' attribute 19407* DB schema change: added two columns (rc_old_len and rc_new_len) to the 19408 recentchanges table to store the text lengths before and after the edit 19409* (bug 1085) Made Special:Recentchanges show the character difference between 19410 the changed revisions 19411* Removed a redundant <strong> tag from diff pages that was causing display 19412 issues for some users 19413* (bug 8203) The keyboard shortcut for "log out" was removed, because users 19414 were pressing it when they intended to press the shortcut for "preview". 19415* (bug 8148) Handle non-removable output buffers gracefully when cleaning 19416 buffers for HTTP 304 responses, StreamFile, and Special:Export. 19417 Duplicated code merged into wfResetOutputBuffers() and wfClearOutputBuffers() 19418* Special:AllPages : 'next page' link now point to the first title of the next 19419 chunk instead of pointing to the last title of current chunk. 19420* (bug 4673) Special:AllPages : add a 'previous' link (new message 'prevpage') 19421* (bug 8121) wfRandom() was not between 0 and 1 19422* Add static method Parser::createAssocArgs($args), so parser functions can 19423 use the same code to parse arguments as the templates do. 19424* Change behavior of logins using the temporary e-mailed password (as stored 19425 in user_newpassword hash field). Instead of just logging in silently and 19426 leaving the previous user_password field in place indefinitely, the user 19427 is now prompted to set a new password. 19428 19429 The password-changing form is at Special:Resetpass; currently it's only 19430 usable for changing from the temporary password during login, but it 19431 could perhaps be generalized, replacing the subform in preferences. 19432 19433 Once the new password is set successfully, the temporary password is wiped 19434 so it cannot be used to login a second time, and the login process 19435 is completed. 19436* Suppress 'mail new password' button on login form if $wgAuth forbids 19437 changing user passwords; it wouldn't work very well... 19438* Consolidate password length checks and $wgAuth manipulation into 19439 User::setPassword() to avoid duplicate code in different places 19440 that set passwords. 19441* User::setPassword() now throws PasswordError exceptions if the password 19442 is illegal or cannot be set via $wgAuth. These can be caught and a human- 19443 readable error message displayed by UI code. 19444* Added Title::isSubpage() 19445* (bug 8241) Don't consider user pages of User:Foo.css to be CSS subpages 19446* Set an explicit class on framed thumbnail inner divs and images, changed some 19447 CSS to use these instead of using descendent selectors. 19448* Accept null parameter to User::setPassword() as indicating the password 19449 field should be cleared to an unusable state. Login will only be possible 19450 after the password is reset, for instance by e-mail. 19451* (bug 6394) Invalidate the password set for "by e-mail" account creations 19452 to avoid accidental empty password creations. 19453* Made the show change size function work on page moves, page creations, and 19454 log entries. Also fixed it in the javascript recentchanges. 19455* (bug 8239) correctly get 50 new contributions when clicking '(50 next)' 19456* (bug 2259) Fix old regression where e-mail addresses were no longer 19457 confirmed on login with mailed password. 19458* Add a notification about the confirmation mail sent during account 19459 creation, so people don't immediately go off to request a second one. 19460* Add a warning on Special:Confirmemail if a code was already sent and has 19461 not yet expired. 19462* Add user_editcount field to provide data for heuristics on account use. 19463 Incremented on edit, with lazy initialization from past revision data. 19464 Can batch-initialize with maintenance/initEditCount.php (not yet friendly 19465 to replication environments, this will do all accounts in one query). 19466* Allow raw SQL subsections in Database::update() SET portion as well as 19467 for WHERE portion. Handy for increments and such. 19468* User::getOption now accept a default value to override default user values 19469 this makes it consistent with WebRequest::get* methods. Corrected code in 19470 various places accordingly. 19471* (bug 8264) Fix JavaScript global vars for XHTML mode 19472* Make $wgSiteNotice value wikitext again, for consistency with editable 19473 MediaWiki:Sitenotice and MediaWiki:Anonnotice. 19474* (bug 8044) When redirecting from the canonical name of the special page 19475 to the localised one, parameters/subpages are omitted 19476* (bug 8164) Special:Booksources should use GET for form submission 19477* Rewrite Special:Booksources to clean up interface and remove redundant code 19478* (bug 7925) Change Special:Allmessages message name filter javascript to be 19479 a bit more responsive and easier on the CPU 19480* (bug 4488) Support watching pages on deletion; introduces new user preference 19481* Minor restructuring of Special:Preferences; "watch pages I edit" and "watch 19482 pages I create" options now accessible under "Watchlist" options 19483* (bug 8153) <nowiki> doesn't work in site notice 19484* (bug 6690) wfMsgNoTrans() transforms messages 19485* (bug 8274) Wrap edit tools in a <div> with a specified class 19486* Detect PHP 5.0.x 64-bit bug and abort in WebStart.php; too many things break 19487 mysteriously otherwise (detection code copied from install-utils.inc) 19488* (bug 8295) Change handling of <center> tags in doBlockLevels() to match that 19489 of <div> 19490* (bug 8110) Make magic ISBN linking stricter: only match ten-digit sequences 19491 (plus optional ISBN-13 prefix) with no immediately following alphanumeric 19492 character, disallow multiple consecutive internal redirects 19493* (bug 2785) Accept optional colon prefix in links when formatting comments 19494* Don't show "you can view and copy the source of this page" message for 19495 pages which don't exist 19496* (bug 8310) Blank line added to top of 'post' when page is blank 19497* (bug 8109) Template parameters ignored in "recentchangestext" 19498* Gracefully skip redirect-to-fragment on WebKit versions less than 420; 19499 it messes up on current versions of Safari but is ok in the latest 19500 nightlies. Checking the version number will allow it to automatically 19501 work when new releases of Safari appear. 19502* Fix regression in thumb styles; size and padding didn't match with 19503 new arrangement. 19504* (bug 8333) Fix quick user data update on login password change on 19505 replication database setups. User data is now pulled from master 19506 instead of slave in User::loadFromDatabase, ensuring that it is 19507 fresh and accurate when read and then saved back into cache. 19508 This was breaking with the Special:Rename operation which 19509 automatically logs the user in with the new password after changing 19510 it; pulling from slave meant the record was often not the updated 19511 one. 19512* (bug 8335) Set image width to the first valid parameter found. 19513* (bug 8350) Fix watchlist viewing bug when using Postgres. 19514* (bug 6603) When warning about invalid file extensions, output the bit 19515 of the extension we actually checked 19516* (bug 7669) Drop defaults on BLOB/TEXT columns for better compatibility 19517 with MySQL's strict mode, often enabled by the Windows installer. 19518 The defaults are ignored anyway when strict mode is off... 19519* (bug 7685) Use explicit values for ar_text and ar_flags when deleting, 19520 for better compatibility with MySQL's strict mode 19521* Update default interwiki values to reflect changed location of ursine: 19522* (bug 5411) Remove autopatrol preference 19523* Users who have the "autopatrol" permission will have their edits marked as 19524 patrolled automatically 19525* Users who do not have the "autopatrol" permission will no longer be able 19526 to mark their own edits as patrolled 19527* Introduce 'PingLimiter' hook; see docs/hooks.txt for more information 19528* (bug 532) Tweaked alt text for some interface messages 19529* (bug 8231) Gave useful alt text to the main <img> on image pages 19530* (bug 371) Remove alt text for "Enlarge" icon on thumbnails 19531* Initialize user_editcount to 0 instead of NULL for newly created accounts 19532* (bug 3696) Strip LRM and RLM characters from titles to work around the 19533 problem some people have where titles cut-and-pasted from lists include 19534 the bidi override characters appended to the lists. 19535 A more thorough blacklist for forbidden and translatable characters would 19536 be wise, though, as might a cleaner method for the lists in the first place. 19537* Fix regression in email password resets on read-restricted sites 19538* Set tabindex on fields in deletion form so you don't have to tab through 19539 the links in the sitenotice 19540* (bug 8271) Show full time and date on viewer for individual deleted 19541 revisions 19542* (bug 8214) Output file size limit and actual file size in appropriate units 19543 on Special:Upload 19544* (bug 8016) Purge objectcache table during upgrade processes - use the 19545 --nopurge option to prevent this when running maintenance/update.php 19546* (bug 7612) Remove superfluous link to Special:Categories from result items 19547 on Special:Mostcategories 19548* {{PLURAL:}} now handles formatted numbers correctly 19549* (bug 8331) Added the change size value to watchlists; therefore made 19550 watchlists use RecentChange::newFromRow() instead of newFromCurRow() 19551* (bug 8351) Fix undo for simple reverts 19552* (bug 6856) User::clearNotification() does not respect read-only mode 19553* (bug 6853) Use a checkbox on the installer form to indicate that a superuser 19554 account should be used; this is clearer than the old check which relied on 19555 the password never being an obscure value 19556* Remove old unused watchlist cache, which was a leftover from the old schema 19557 where watchlists were more expensive to generate 19558* Minor cosmetic changes to Special:Userrights 19559* Added wgCanonicalSpecialPageName to JavaScript variables 19560* Fix image deleting when using Postgres. 19561* Output both source and destination titles in maintenance/moveBatch.php 19562* Added basic parser tests for language variants 19563* Enable selflinks and categories to be written in some of the language variants 19564* Prevent conversion of JavaScript code in language variants 19565* Output software version number in maintenance/parserTests.php 19566* (bug 7169) Use Ajax to watch/unwatch articles if enabled 19567* Make variant table caching a little more robust, using main language code 19568 in cache key. Probably this is still a bit wonky, though. Was breaking 19569 parser tests when Chinese tables were getting loaded into Serbian code. 19570* (bug 8380) Be nicer about blank lines in deleteBatch.php 19571* (bug 8401) Fix regression in SORBS lookup for some DNS setups 19572* Use raw file descriptor in posix_isatty() check to avoid warning on 19573 Linux systems with at least some versions of PHP 19574* (bug 5908) Allow overriding the default category sort key for all items on 19575 a page using {{DEFAULTSORT}} 19576* (bug 6449) Throw a more definitive error message when installation fails 19577 due to an invalid database name 19578* (bug 5827) Use full text for option link labels on Special:Watchlist 19579* (bug 8018) Allow hiding minor edits from the watchlist 19580* (bug 8427) MonoBook RTL IE 7.0 tweaks failed when sidebar's navigation 19581 section is renamed; no longer relies on first section name 19582* Stabilize client-side table sorting even if the underlying Javascript sort() 19583 implementation is unstable 19584* Add hook for extensions to add user information to the panel in preferences, 19585 next to the user name and ID. 19586* (bug 8392) Display protection status of transcluded pages in the edit page 19587 template list. Patch by Fyren, with i18n naming tweak. 19588* Fix for interwiki transclusion where target wiki uses query string for title 19589* Resolve namespaces on interwiki Title objects using canonical namespace names 19590 if possible (should not happen, though, outside interwiki transclusion... and 19591 maybe not even then, but it does) 19592* (bug 8447) Fix SQL typo breaking non-default $wgHitcounterUpdateFreq 19593* Do not allow previews of deleted images to be cached 19594* Add global variable $wgDefaultLanguageVariant used to set the default language 19595 variant of a wiki to something different than the main language code 19596* Add 'variant' option to parserTests - runs test with the given variant as 19597 preferred, utilize it for more parser tests of language variants code 19598* (bug 6503) Fix bug that stopped certain irrelevant links from being hidden 19599 for printing 19600* Avoid PHP warning in Creative Commons metadata when a creative commons 19601 license is not actually set up 19602* (bug 8463) Don't print external link icons for Monobook 19603* (bug 8461) Support watching pages on move 19604* (bug 8041) Work around bug with debug_backtrace when Zend Optimizer is 19605 loaded by skipping the function. Use wfDebugBacktrace() wrapper function. 19606* Reduce config file clutter by setting various script and upload paths 19607 based on $IP or $wgScriptPath in Setup.php. They can still be explicitly 19608 overridden in LocalSettings.php if desired... 19609* Attempt to detect redirect loops for the canonical title redirect, and 19610 give some hints to the poor confused administrator. 19611* Introduce new flag 'R' - raw output for language variant escape tags 19612* Advise users when updates for a query page have been disabled using 19613 $wgDisableQueryPageUpdate 19614* (bug 8413) Improve comments for $wgNamespaceRobotPolicies 19615* (bug 8330) Show "bytes" suffix on recent changes diff counter 19616 optionally... if set in rc-changes-size message (default empty for now) 19617* (bug 8489) Support basic links in <gallery> caption attribute 19618* (bug 8485) Correct Lingala number formatting 19619* The MediaWiki namespace is no longer pre-filled with default messages on 19620 install. All default messages will be removed from the MediaWiki namespace 19621 on upgrade. 19622* Recentchanges RSS/Atom feeds now use a separate message for the description 19623 to avoid cluttering it with useless wiki formatting 19624* (bug 8417) Handle EXIF unknown dates 19625* (bug 8372) Return nothing on empty <math> tags. 19626* New maintenance script to show the cached statistics : showStats.php. 19627* Count deleted edits when regenerating total edits in maintenance/initStats.php 19628* (bug 3706) Allow users to be exempted from IP blocks. The ipblock-exempt 19629 permission key has been added to enable this behavior, by default assigned to 19630 sysops. 19631* (bug 7948) importDump.php now warn that Recentchanges need to be rebuild. 19632* (bug 7667) allow XHTML namespaces customization 19633* (bug 8531) Correct local name of Lingála (patch by Raymond) 19634* Fix regression with default lock file and cache directories; threw visible 19635 warning with open_basedir 19636 19637 19638== 1.8 Compatibility changes == 19639 19640=== Zend Optimizer === 19641 19642A bug in some versions of PHP 5 and Zend Optimizer which was triggered under 19643MediaWiki 1.8.x has been worked around by disabling some internal debugging 19644features when Zend Optimizer is loaded. This should solve some common 19645"blank page" problems. 19646 19647=== PHP 5.0 64-bit === 19648 19649MediaWiki now checks for a condition where PHP 5.0.x corrupts array data 19650on 64-bit systems and warns you to upgrade PHP to solve the problem. This 19651bug causes Special: pages to fail on affected systems under MediaWiki 1.8 19652and higher, and subtler data corruption on earlier versions. 19653 19654The only known workaround is to upgrade PHP to 5.1 or later, which you 19655probably should do anyway for security reasons! 19656 19657=== MySQL 5 === 19658 19659MediaWiki should now install and run correctly on MySQL 5.0 and higher when 19660MySQL's "strict mode" is enabled. (This is now the default for many Windows 19661installations, though it seems to remain off by default on Unix.) 19662 19663This fixes errors about "cannot default default value for BLOB/TEXT fields". 19664 19665=== ImageMagick === 19666 19667Note that ImageMagick older than 6.x may no longer work for image resizing 19668due to use of the -thumbnail option. 19669 19670 19671== 1.8 Behavior changes == 19672 19673=== Localized special pages === 19674 19675The names of Special: pages can now be localized, so links and URLs to them 19676are more legible in languages that aren't English. 19677 19678Not all languages have included localized names yet. 19679 19680=== E-mail password === 19681 19682Users are now required to set a new password for themselves when they first 19683log in with a newly generated e-mailed password. 19684 19685Requesting passwords frequently is prevented to reduce abusive mailbombing. 19686 19687=== Undo revision === 19688 19689An "undo" link now appears in diff view for easier reverting of older edits. 19690When GNU diff3 is available for edit conflict merging, this can make it much 19691easier to "undo" the changes of an older edit when there are surrounding 19692changes elsewhere in the page. 19693 19694The changes must be manually reviewed and approved, as with conventional 19695full-revision reverts. 19696 19697=== Blocking === 19698 19699User blocks can be set to disable the automatic blocking of IP addresses the 19700account logs in with. 19701 19702 19703== 1.8 Database changes == 19704 19705* new 'redirect' table stores data on page redirects 19706* new 'querycachetwo' table used for some cached special pages 19707* 'ipblocks' table adds 'ipb_enable_autoblock' 19708* 'recentchanges' table adds 'rc_old_len', 'rc_new_len' for size tracking 19709* 'user' table has added 'user_newpass_time' and 'user_editcount' fields 19710* some indexes have been updated on 'recentchanges' 19711 19712== 1.8 Configuration changes == 19713 19714Several configuration options have changed since 1.8: 19715 19716=== $wgEnableAPI === 19717 19718The experimental machine API interface is now enabled by default, read-only. 19719You can disable it by setting $wgEnableAPI = false; in LocalSettings.php. 19720 19721=== $wgPathInfo === 19722 19723The use of PATH_INFO (the text after the script name in 'index.php/Blah') 19724is controlled by the $wgUsePathInfo setting. This is now explicitly disabled 19725for CGI, apache2filter, and ISAPI configurations of PHP, for more consistency 19726with the autodetection from the installer. 19727 19728In some rarer configurations you may have to switch $wgUsePathInfo from false 19729to true or, perhaps, from true to false to make things work properly if bad 19730PATH_INFO data comes through the server. 19731 19732The wiki now tries to detect this condition and should show you an error 19733message describing what to change instead of sending the browser into an 19734infinite redirect loop. 19735 19736=== $wgScript and other path settings === 19737 19738The following configuration variables are now automatically set in Setup.php 19739if they are not overridden in LocalSettings.php: 19740 19741from $wgScriptPath: 19742 + $wgScript 19743 | \- $wgArticlePath 19744 + $wgRedirectScript 19745 + $wgStylePath 19746 + $wgUploadPath 19747 \- $wgLogo 19748 + $wgMathPath 19749 19750from $IP: 19751 - $wgStyleDirectory 19752 + $wgUploadDirectory 19753 \- $wgMathDirectory 19754 + $wgTmpDirectory 19755 19756Newly generated configuration files will by default include only $wgScriptPath 19757(hardcoded from the installer) and $IP (detected at runtime). 19758 19759Old configuration files which specify all these values explicitly should 19760continue to work just fine, but if you use the defaults you can remove them 19761to reduce clutter. 19762 19763=== $wgGroupPermissions === 19764 19765The sysop group now holds the "autopatrol" and "ipblock-exempt" rights by 19766default. 19767 19768"autopatrol" replaces the preference for marking ones own edits patrolled 19769by default; users holding this permission will automatically have their 19770edits patrolled, while others cannot mark their own edits as patrolled 19771even if they have patrolling rights. 19772 19773"ipblock-exempt" excludes the user from IP blocks; accounts which are blocked 19774explicitly by name will still be blocked, however. This is given to sysops 19775to minimize annoyance from accidental "collateral damage"; remember that a 19776sysop will be able to lift the block if they desire. 19777 19778The bot group now holds the "nominornewtalk" right. A user with this right 19779will not trigger new message notifications when making minor edits to user 19780talk pages. This is meant to minimize annoyance from maintenance bot 19781processes. 19782 19783=== $wgUseWatchlistCache === 19784 19785Watchlist caching has been removed. The feature was not maintained, and has 19786been unnecessary since switching to the 'recentchanges' database table 19787reduced server pressure for Wikipedia's watchlists. 19788 19789=== $wgBreakFrames === 19790 19791MediaWiki in the past attempted to detect when it was embedded in a frameset 19792and "break out" of it, assuming it to be hostile. 19793 19794This behavior is now disabled by default, but can be reenabled by setting 19795$wgBreakFrames to true in LocalSettings.php. 19796 19797 19798== 1.8 New settings == 19799 19800=== $wgVariantArticlePath === 19801 19802For languages with script variant support (Chinese, Serbian, and others), 19803it's possible to use alternate URL paths to select the variant for article 19804display, setting $wgVariantArticlePath. 19805 19806Documentation for this setting would be useful. 19807 19808=== $wgMaxMsgCacheEntrySize === 19809 19810The message cache can now skip items larger than a given size; this allows 19811it to better handle the primary caching case when large CSS and JS blobs are 19812present. 19813 19814=== $wgStyleVersion === 19815 19816When making significant changes to skin stylesheets and JavaScript files, 19817you can append a string to this variable to tweak the generated URLs, 19818forcing newly rendered pages to bring in a fresh version despite server- 19819or browser-side caching. 19820 19821Normally this will be set in the course of MediaWiki development, but 19822if doing development on a custom skin you may wish to poke it as well. 19823 19824=== $wgRCShowChangedSize === 19825 19826Special:Recentchanges and Special:Watchlist now show the number of bytes 19827added or removed to an article to give an idea of the size of the edit. 19828This information was previously available only in the IRC update feeds. 19829 19830To disable this site-wide, set $wgRCShowChangedSize to false. 19831(Individual users can suppress the data in custom CSS.) 19832 19833Adjust $wgRCChangedSizeThreshold to trigger highlighting of particularly 19834large changes. 19835 19836The formatting of the size figure can be adjusted through the 19837[[MediaWiki:Rc-change-size]] message. 19838 19839=== $wgQueryCacheLimit === 19840 19841The number of rows stored for "expensive" special pages in miser mode 19842can now be adjusted up or down from the default 1000. 19843 19844=== $wgDisableQueryPageUpdate === 19845 19846Individual "expensive" special pages can be skipped in processing by 19847updateSpecialPages if added to this list. 19848 19849=== $wgSorbsUrl === 19850 19851The base hostname for the DNS-based proxy blacklist can now be overridden 19852when $wgEnableSorbs is set, to use a different blacklist instead of SORBS. 19853The blacklist would need to respond the same was as SORBS; any positive 19854response will be taken as a proxy. 19855 19856=== $wgAjaxWatch === 19857 19858Experimental AJAX mode for the watch/unwatch tabs to execute inline. 19859Does not include the UI messages describing how to reach the watchlist, 19860so you may not want it on a general-audience site just yet. 19861 19862=== $wgParserTestFiles === 19863 19864MediaWiki's parser test suite can now be expanded with additional test 19865files. Custom extensions can add their test files to this array, and 19866they will be run along with the main tests by maintenance/parserTests.php 19867 19868= MediaWiki 1.8= 19869 19870== MediaWiki 1.8.5 == 19871 19872September 10, 2007 19873 19874This is a security fix update to the Fall 2006 quarterly release snapshot. A 19875possible HTML/XSS injection vector in the API pretty-printing mode has been 19876found and fixed. 19877 19878The vulnerability may be worked around in an unfixed version by simply 19879disabling the API interface if it is not in use, by adding this to 19880LocalSettings.php: 19881 19882:[[Manual:$wgEnableAPI|$wgEnableAPI]] = false; 19883 19884(This is the default setting in 1.8.x.) 19885 19886Not vulnerable versions: 19887* 1.11 >= 1.11.0 19888* 1.10 >= 1.10.2 19889* 1.9 >= 1.9.4 19890* 1.8 >= 1.8.5 19891 19892Vulnerable versions: 19893* 1.11 <= 1.11.0rc1 19894* 1.10 <= 1.10.1 19895* 1.9 <= 1.9.3 19896* 1.8 <= 1.8.4 (if $wgEnableAPI has been switched on) 19897 19898MediaWiki 1.7 and below are not affected as they do not include the faulty 19899function, however the BotQuery extension is similarly vulnerable unless updated 19900to the latest SVN version. 19901 19902== MediaWiki 1.8.4 == 19903 19904February 20, 2007 19905 19906This is a security and bug-fix update to the Fall 2006 quarterly release. 19907 19908An XSS injection vulnerability based on Microsoft Internet Explorer's UTF-7 19909charset autodetection was located in the AJAX support module, affecting MSIE 19910users on MediaWiki 1.6.x and up when the optional setting 19911[[Manual:$wgUseAjax|$wgUseAjax]] is enabled. 19912 19913If you are using an extension based on the optional Ajax module, either disable 19914it or upgrade to a version containing the fix: 19915* 1.9: fixed in 1.9.3 19916* 1.8: fixed in 1.8.4 19917* 1.7: fixed in 1.7.3 19918* 1.6: fixed in 1.6.10 19919 19920There is no known danger in the default configuration, with $wgUseAjax off. 19921 19922* (bug [[bugzilla:8819|8819]]) Fix full path disclosure with skins dependencies 19923* Add 'charset' to Content-Type headers on various HTTP error responses to 19924forestall additional UTF-7-autodetect XSS issues. PHP sends only 'text/html' by 19925default when the script didn't specify more details, which some inconsiderate 19926browsers consider a license to autodetect the deadly, hard-to-escape UTF-7. 19927This fixes an issue with the Ajax interface error message on MSIE when 19928[[Manual:$wgUseAjax|$wgUseAjax]] is enabled (not default configuration); this 19929UTF-7 variant on a previously fixed attack vector was discovered by Moshe BA 19930from BugSec: http://www.bugsec.com/articles.php?Security=24 19931* Trackback responses now specify XML content type 19932 19933== MediaWiki 1.8.3 == 19934 19935January 9, 2007 19936 19937MediaWiki 1.8.3 fixes several issues in the Fall 2006 snapshot release: 19938 19939* ([[mediazilla:7831|7831]]) Regression in AutoAuthenticate hook 19940* Run PHP install version checks on update.php so command-line updaters see new 19941version requirements 19942* Do a check for the PHP 5.0.x 64-bit bug, since this is much more disruptive 19943as of MW 1.8 than it used to be. Install or upgrade now aborts with a warning 19944and a request to upgrade. 19945* XSS fix in AJAX module 19946 19947An XSS injection vulnerability was located in the AJAX support module, 19948affecting MediaWiki 1.6.x and up when the optional setting $wgUseAjax is 19949enabled. 19950 19951There is no danger in the default configuration, with $wgUseAjax off. 19952 19953If you are using an extension based on the optional AJAX module, either disable 19954it or upgrade to a version containing the fix: 19955 19956== MediaWiki 1.8.2 == 19957 19958October 13, 2006 19959 19960MediaWiki 1.8.2 fixes several issues in the Fall 2006 snapshot release: 19961 19962* ([[mediazilla:7565|7565]]) Fixed typos in German localisation 19963* ([[mediazilla:7562|7562]]) Fix non-ASCII namespaces on Windows/XAMPP servers 19964 19965== MediaWiki 1.8.1 == 19966 19967October 11, 2006 19968 19969MediaWiki 1.8.1 fixes several issues in the Fall 2006 snapshot release: 19970 19971* Fix PHP notice and estimates for dumpBackup.php and friends 19972* Improved register_globals paranoia checks 19973* ([[mediazilla:7545|7545]]) Fix PHP version check on install 19974* Experimental web API disabled by default 19975* Disable PHP exception backtrace printing unless $wgShowExceptionDetails is 19976set. Backtraces may contain sensitive information in function call parameters. 19977 19978== MediaWiki 1.8.0 == 19979 19980October 10, 2006 19981 19982This is the quarterly release snapshot for Fall 2006. While the code has been 19983running on Wikipedia for some time, installation and upgrade bits may be less 19984well tested. Bug fix releases may follow in the coming days or weeks. 19985 19986MediaWiki is now using a "continuous integration" development model with 19987quarterly snapshot releases. The latest development code is always kept "ready 19988to run", and in fact runs our own sites on Wikipedia. 19989 19990Release branches will continue to receive security updates for about a year 19991from first release, but nonessential bugfixes and feature development happen 19992will be made on the development trunk and appear in the next quarterly release. 19993 19994Those wishing to use the latest code instead of a branch release can obtain it 19995from source control: [[Download from SVN]] 19996 19997== Configuration changes == 19998* $wgUseETag, to enable/disable sending of HTTP ETag headers (default: disabled) 19999* $wgLegalTitleChars now includes '+' by default for better compatibility with 20000importing data dumps from Wikipedia 20001* $wgDefaultUserOptions now includes all default option settings instead of 20002only overrides. 20003 20004== Major new features == 20005* ([[mediazilla:7098|7098]]) Add an option to disable/enable sending of HTTP 20006ETag headers, as it seems to result in broken behaviour in combination with 20007Squid 2.6 (disabled by default). 20008* ([[mediazilla:550|550]]) Allow blocks on anonymous users only. 20009* ([[mediazilla:6420|6420]]) Render thumbnails for DJVU images, support 20010multipage DJVU display on image pages. Added new 'page=' thumbnail option to 20011select a page from a multipage djvu for thumbnail generation. 20012* Full Postgres support is now enabled. It requires version 8.1 or better, and 20013needs to have both plpgsql and tsearch2 already installed. 20014* ([[mediazilla:6386|6386]]) fix grammatical errors in danish naming of talk 20015namespaces. 20016 20017== Changes since 1.7 == 20018 20019* Introduced AjaxResponse object, superceding AjaxCachePolicy 20020* Changes to sajax_do_call: optionally accept an element to fill instead of a 20021 callback function; take the target function or element as a third parameter; 20022 pass the full XMLHttpRequest object to the handler function, instead of just 20023 the resultText value; use HTTP response codes to report errors. 20024* (bug 6562) Removed unmaintained ParserXml.php for now 20025* History paging overlap bug fixed 20026* (bug 6586) Regression in "unblocked" subtitle 20027* Don't put empty-page message into view-source when page text is blank 20028* (bug 6587) Remove redundant "allnonarticles" message 20029* Block improvements: Allow blocks on anonymous users only. Optionally allow 20030 or disallow account creation from blocked IP addresses. Prevent duplicate 20031 blocks. Fixed the problem of expiry and unblocking erroneously affecting 20032 multiple blocks. Fixed confusing lack of error message when a blocked user 20033 attempts to create an account. Fixed inefficiency of Special:Ipblocklist in 20034 the presence of large numbers of blocks; added indexes and implemented an 20035 indexed pager. 20036* (bug 6448) Allow filtering of Special:Newpages according to username 20037* (bug 6618) Improve permissions/error detection in Special:Lockdb 20038* Quick hack for extension testing: parser test doesn't create new message 20039 cache object. 20040* (bug 6299) Maintain parser's revision ID across recursive calls to fix 20041 {{REVISIONID}} when Cite extension is used 20042* (bug 6622) Removed deprecated function Image::newFromTitle 20043* (bug 6627) Fix regression in Special:Ipblocklist with table prefix 20044* Removed forced dereferencements (new() returns a reference in PHP5) 20045* Note about $wgUploadSizeWarning using byte 20046* (bug 6592) Add most viewed pages summary to Special:Statistics 20047* Pre-strip characters ignored in IDNs from URLs so they can't be used 20048 to break the blacklists for regular URLs 20049* Fix regression in blocking of user accounts 20050* (bug 6635) Fix regression searching for range blocks on Ipblocklist 20051* Fix regression searching Ipblocklist with ugly URLs 20052* (bug 6639) Use a consistent default for upload directories 20053* Preserve entered reason when reporting unconfirmed lock on Special:Lockdb 20054* (bug 6642) Don't offer to unlock the database when it isn't locked 20055* cleanupTitles.php changed from --dry-run option to --fix, so default 20056 behavior is now a non-invasive check as with namespaceDupes.php 20057* (bug 6660) Fix behavior of EditPage::blockedPage() when the article does 20058 not exist; now doesn't show the source box if the user hasn't provided it 20059 (blocked mid-edit) and the page doesn't exist 20060* Improve default value of "blockedtext" 20061* (bug 6680) Added localisation for Dutch bookstore list (nl) 20062* Renamed maintainace script redundanttrans.php to unusedMessages.php - clearer 20063 usage 20064* Fix regression which allowed some blocked users to create additional accounts 20065* (bug 6657) Fix Hungarian linktrail 20066* (bug 6751) Fix preview of blanked section with edit on first preview option 20067* (bug 5456) Separate MediaWiki:Search into messages for both noun and verb, 20068 introduced 'MediaWiki:Searchbutton' 20069* Made lines from initialiseMessages() appear as list items during installation 20070* Moved the bulk of the localisation data from the Language*.php files to the 20071 Messages*.php files. Deleted most of the Languages*.php files. 20072* Introduced "stub global" framework to provide deferred initialisation of core 20073 modules. 20074* Removed placeholder values for $wgTitle and $wgArticle, these variables will 20075 now be null during the initialisation process, until they are set by index.php 20076 or another entry point. 20077* Added DBA cache type, for BDB-style caches. 20078* Removed custom date format functions, replacing them with a format string in 20079 the style of PHP's date(). Used string identifiers instead of integer 20080 identifiers, in both the language files and user preferences. Migration should 20081 be transparent in most cases. 20082* Simplified the initialisation API for LoadBalancer objects. 20083* Removed the broken altencoding feature. 20084* Moved default user options and toggles from Language to User. Language objects 20085 are still able to define default preference overrides and extra user toggles, 20086 via a slightly different interface. 20087* Don't include the date option in the parser cache rendering hash unless 20088 $wgUseDynamicDates is enabled. 20089* Merged LanguageUtf8 with Language. Removed LanguageUtf8.php. 20090* Removed inclusion of language files from the bottom of Language.php. This is 20091 now consistently done from Language::factory(). 20092* Add the name of the executing maintenance script to the debug log. Start the 20093 profiler during maintenance scripts. 20094* Added "serialized" directory, for storing precompiled data in serialized form. 20095* Fix regression in auto-set NS_PROJECT_TALK namespace 20096* Fix regression in ordering of namespaces 20097* (bug 6806, 6030) Added several global JS variables for article path, user 20098 name, page title, etc. 20099* hooks registered with addOnloadHook are now called at the one of the html body 20100 by all skins. 20101* Split ajax aided search from core ajax framework. Use wgUseAjax to enable the 20102 framework and wgAjaxSearch to enable the suggest feature for the search box. 20103* Added experimental installer for extensions. 20104 See maintenance/installExtension.php 20105* Added Tajic (tg) language file. 20106* (bug 6903) Added Cantonese localisation (zh-yue) 20107* Fix regression in Korean and Japanese date formatting (day of week) 20108* (bug 6919) Add English alias magic words for Tatar (tt) language file. 20109* (bug 6753) Fixed broken Kazakh linktrail (kk) 20110* (bug 6700) Added Kazakh language variants to Names.php 20111* (bug 6827) some i18n specific maintenance scripts fails after merge of 20112 localisation-work branch 20113* Throwed an exception for the deprecated functions OutputPage::sysopRequired 20114 and OutputPage::developerRequired - use OutputPage::permissionRequired 20115 instead. 20116* Removed the deprecated functions User::isSysop, User::isBureaucrat and 20117 User::isDeveloper - use User::isAllowed instead. 20118* (bug 769) OutputPage::permissionRequired() should suggest groups with the 20119 needed permission 20120* (bug 6971) Fix regression in Special:Export history view 20121* Revamped Special:Imagelist 20122* (bug 7000) updated MessagesPl.php 20123* (bug 6946) Fix unexpected behavior change with GET hits to Special:Export 20124* (bug 1866) Improve navigation on Special:Listusers; user now a starting 20125 point as with Special:Allpages, rather than a pure limit. 20126* Clean up tab order on Special:Blockip 20127* (bug 5969) Clean up tab order on Special:Userlogin forms 20128* (bug 3512) namespaceDupes now handles spaces and initial caps properly 20129* (bug 7037) Fix regression in login tab order 20130* (bug 7031) Report missing email on 'email password' instead of false success 20131* (bug 7010) Don't send email notifications for watched talk pages when user 20132 has selected to receive only updates for their own talk page 20133* Added {{CURRENTHOUR}} 20134* Added [[:Image:Foo.png]] style links to the pagelinks table 20135* Avoid duplicate revision imports with Special:Import 20136* (bug 7054) Validate email address before sending email confirmation message 20137* (bug 7061) Format title on "from (page)" links on Special:Allpages 20138* (bug 7044) Introduce "padleft" and "padright" colon functions 20139* Pass page title as parameters to "linkshere" and "nolinkshere" and update 20140 default message text 20141* Allows to upload from publicy accessible URL. Set $wgAllowCopyUploads = true; 20142 in LocalSettings.php 20143 Limited to $wgMaxUploadSize (default:100MB); URL upload is limited to sysops 20144 by default, and displayed as a second line if appropriate 20145* (bug 832) Return to user page after emailing a user 20146* (bug 366) Add local-system-timezone equivalents for date/time variables 20147* (bug 7109) Fix Atom feed version number in header links 20148* (bug 7075) List registered parser function hooks on Special:Version 20149* (bug 7059) Introduce "anchorencode" colon function 20150* Include SVN revision number in {{CURRENTVERSION}} output, where applicable 20151* Fix bug in wfRunHooks which caused corruption of objects in the hook list 20152* (bug 4979) Use simplified email addresses when running on Windows 20153* (bug 4434) Show block log fragment on Special:Blockip 20154* [[MediaWiki:Disambiguationspage]] may optionally contain wiki links to any 20155 number of disambiguation templates. 20156* [[Special:Disambiguations]] now shows pages in NS:0 that link to any pages 20157 that embed any of the templates listed at [[MediaWiki:Disambiguationspage]]. 20158* Fix formatting of titles on Special:Undelete 20159* (bug 7026) Fix action=raw&templates=expand 20160* (bug 6976) Add namespace and direction classes to classic skins 20161* (bug 7144) Don't "return to main" from OutputPage::loginToUse() if the user 20162 can't read the main page in the first place 20163* (bug 7188) Fix minor borkage in HTMLForm 20164* (bug 6675) Replaced message 'watchthis' with new message 'watchthisupload in 20165 Special:Upload 20166* Add a quickie script dumpSisterSites.php for generating a page list in the 20167 format for WSR-1 SisterSites support 20168* (bug 7223) Monobook.js is used for site content, should not be localized 20169* Set default disabled values for DjVu render options 20170* Added Xml::option() for generating <option>s easily 20171* Localized page numbers in drop-down for DjVu page selection 20172* Fixed linktrail for vi 20173* (bug 6893) "Call to a member function exists() on a non-object" on 20174 trackback.php with bad input 20175* (bug 6886) PHP undefined offset on bad input to Special:Revisiondelete 20176* (bug 6887) PHP error for call to getId() on bad input to 20177 Special:Revisiondelete 20178* (bug 6888) PHP error for call to getTimestamp() on bad input to 20179 Special:Revisiondelete 20180* (bug 7252) Use dvipng support in texvc math rastrization. dvipng is required 20181 if texvc is rebuilt. 20182* (bug 7279) Use wfBaseName in place of basename() in more places 20183* Clear newtalk marker on diff links with explicit current revision number 20184* (bug 7064) Replace hard-coded empty message checks with wfEmptyMsg calls 20185* (bug 6777) Remove some PHP 4 compat cruft 20186* Add --user, --comment, and --license options to importImages.php 20187* (bug 6216) The immobile namespace message does not mention the source page 20188* (bug 7299) Normalize username filter on Special:Newpages 20189* (bug 7306) RTL text in an LTR wiki breaks appearance of Special:Recentchanges 20190* (bug 7312) Don't emit SET NAMES utf8 if connection failed 20191* (bug 7305) Proper compare for bot check on RC notify, should fix overrides 20192 that force edits by non-bot users to bot mode 20193* Set Vary: Cookie on action=raw generated CSS and JS, to ensure that user 20194 preferences don't get stuck in proxy caches for other people 20195* (bug 7324) Fix error message for failure of Database::sourceFile() 20196* (bug 7309) Plurals: use singular form for zero in French and Brazilian 20197 Portuguese 20198* Add page_no_title_convert field to support language variant conversion 20199 for page titles which shouldn't be converted on display/linking 20200* Lazy extraction of text chunks in Revision objects, may reduce hits to 20201 external storage when actual text content is not used 20202* Added experimental $wgRevisionCacheExpiry to cache extracted revision text 20203 in $wgMemc, to further reduce hits to external storage. 20204 Set to 0 (disabled) by default. 20205* Minor changes to the installer. 20206* Remove ":" for 'youremail' and 'yourrealname' in 20207 includes/templates/Userlogin.php so that ":" could be used in i18n for 20208 Special:Preferences (like 'username' and 'uid'). 20209* Fix layout for Special:Preferences->Date and Time (position for 20210 'timezonetext'). 20211* Updates to language variant code for Serbian et al 20212* (bug 6756) Enabling RTL direction for kk-cn 20213* (bug 6701) Kazakh language variants in MessagesEn.php 20214* (bug 7335) SVN revision check in Special:Version fails on SVN 1.4 working copy 20215* (bug 6518) Replaced 'lastmodified' with 'lastmodifiedat' and 'lastmodifiedby' 20216 with 'lastmodifiedatby' with separated parameters for date and time to allow 20217 better localisation. Updated all message files to display the old format for 20218 compatibility. 20219* (bug 7357) Make supposedly static methods of Skin actually static 20220* Added info text to Special:Deadendpages and Special:Lonelypages 20221* Fix regression in cachability of generated CSS and JS for MonoBook skin, 20222 while avoiding clobbering of different users' cached data 20223* (bug 6849) Block @ from usernames; interferes with multi-database tools and 20224 was meant to be banned years ago... For now existing accounts will not be 20225 prevented fromm login. 20226* (bug 6092) Introduce magic words {{REVISIONDAY}}, {{REVISIONDAY2}, 20227 {{REVISIONMONTH}}, {{REVISIONYEAR}} and {{REVISIONTIMESTAMP}} 20228* (bug 7425) Preceeding whitespace in [[...]] breaks subpages 20229* Try to reconnect after transitory database errors in dumpTextPass.php 20230* (bug 6023) Fixed mismatch of 0/NULL for wl_notificationtimestamp; now 20231 notification mails are working after 'Mark all pages visited' button on 20232 Special:Watchlist is clicked 20233* Made {{INT:}} a core parser function instead of a special case. The syntax 20234 and behavior is largely unchanged. 20235* (bug 7448) Fixing the native name for Ewe (ee) 20236* (bug 6864) Replace message 'editing' with new message 'editinguser' in 20237 Special:Userrights to allow better localisation 20238* Add '*-summary' for special pages to MessagesEn.php to allow 20239 customizing/translation directly through Special:Allmessages 20240* (bug 6130, bug 5818) Replaced message 'go' with the new message 20241 'searcharticle' in skins to allow better localisation 20242* Add + to $wgLegalTitleChars by default. Some sites may have occasional 20243 problems with hard-to-reach pages, but it should be less trouble than 20244 "I can't import dumps from Wikipedia" complaints 20245* (bug 7460) Revert broken patch for bug 7226 which slows down 20246 Special:Allmessages by a factor of 16 20247* Committed a bunch of live hacks from Wikimedia servers 20248* (bug 6889) PHP notices in thumb.php with missing params 20249* Cleaner error behavior on thumb.php with invalid page selection 20250* (bug 6617) Validate timestamps on Special:Undelete 20251* Do fewer unnecessary full writes of user rows; only update user_touched 20252 for watch/unwatch, group membership change, and login operations 20253* Restructured the languages directory, to avoid problems when people 20254 untar MW 1.8 over the top of a 1.7 installation. 20255* (bug 6890) SQL query error on bad input to Pager lists 20256 due to negative LIMIT clause, caused by integer wraparound. 20257* Fixed various bugs related to table prefixes, especially the interaction 20258 between table prefixes and memcached, which was formerly completely broken. 20259* (bug 7004) PHP iconv() notice on bad password input to Special:Userlogin. 20260* (bug 6826) Extend pre-save transform context link ("pipe trick") 20261 syntax to pages with commas in title 20262* Use ImageMagick -thumbnail option instead of -resize to avoid including 20263 excessive metadata in thumbs (requires ImageMagick 6.0.0 or newer). 20264* (bug 7499) Corrections to Swedish talk namespace names 20265* (bug 7508) Added option to compress HTML pages by dumpHTML.php 20266* (bug 7519) Add plural in SpecialWatchlist 20267* (bug 7459) Magic word variables are always case sensitive 20268* Replaced {{SERVER}}{{localurl:xxx}} with {{fullurl:xxx}} in localisation files 20269* Fix regression in Special:Watchlist text header 20270* (bug 7510) Update article counts etc on undelete 20271* (bug 7520) Update article counts on XML import 20272* (bug 7526) Make $wgDefaultUserOptions work again 20273* (bug 7472) Localize Help namespace for Basque 20274* (bug 7529) Including a non-existent category in an article places that article 20275 in the category 20276* (bug 4528) Lack of important LaTeX functions stackrel, rightleftharpoon 20277* (bug 6721) missing symbols ulcorner, urcorner, llcorner, lrcorner, 20278 twoheadrightarrow, twoheadleftarrow 20279* (bug 7367) Hyphens sometimes erroneously appended to equations when not 20280 converted to PNG 20281* Add "title" to the opensearch link to allow automatic adding of the search 20282 engine in Firefox 2 20283* (bug 7537) Add php5 to $wgFileBlacklist 20284* (bug 6929) Restore AutoAuthenticate hook 20285 20286== Languages updated == 20287* Albanian (sq) 20288* Bashkir (ba) 20289* Bavarian (bar) stub file 20290* Belarusian (be) 20291* Bishnupriya (bpy) stub file 20292* Brazilian Portuguese (pt-br) 20293* Cantonese (zh-yue) 20294* Catalan (ca) 20295* Czech (cs) 20296* Dutch (nl) 20297* English (en) 20298* Finnish (fi) 20299* French (fr) 20300* Georgian (ka) 20301* German (de) 20302* Hebrew (he) 20303* Hungarian (hu) 20304* Indonesian (id) 20305* Japanese (ja) 20306* Korean (ko) 20307* Latin (la) 20308* Lojban (jbo) 20309* Macedonian (mk) 20310* Mazandarani (mzn) 20311* Polish (pl) 20312* Portuguese (pt) 20313* Ripuarian (ksh) 20314* Romani (rmy) 20315* Russian (ru) 20316* Slovak (sk) 20317* Spanish (es) 20318* Tajic (tg) 20319* Tatar (tt) 20320* Telugu (te) 20321* Uzbek (uz) 20322* Yiddish (yi) 20323 20324== Compatibility == 20325MediaWiki 1.8 requires PHP 5 (5.1 recommended). PHP 4 is no longer supported. 20326 20327MySQL 3.23.x is no longer supported; some older hosts may need to upgrade. At 20328this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases. 20329 20330== Upgrading == 20331Some minor database changes have been made since 1.7: 20332* new fields and indexes on ipblocks 20333* index change on recentchanges 20334 20335Several changes from 1.5 and 1.6 do require updates to be run on upgrade. To 20336ensure that these tables are filled with data, run refreshLinks.php after the 20337upgrade. 20338 20339If you are upgrading from MediaWiki 1.4.x or earlier, some major database 20340changes are made, and there is a slightly higher chance that things could 20341break. Don't forget to always back up your database before upgrading! 20342 20343=== Caveats === 20344Some output, particularly involving user-supplied inline HTML, may not produce 20345100% valid or well-formed XHTML output. Testers are welcome to set $wgMimeType 20346= "application/xhtml+xml"; to test for remaining problem cases, but this is not 20347recommended on live sites. (This must be set for MathML to display properly in 20348Mozilla.) 20349 20350= MediaWiki 1.7= 20351 20352== MediaWiki 1.7.3 == 20353 20354February 20, 2007 20355 20356This is a security and bug-fix update to the Summer 2006 quarterly release. 20357 20358An XSS injection vulnerability based on Microsoft Internet Explorer's UTF-7 20359charset autodetection was located in the AJAX support module, affecting MSIE 20360users on MediaWiki 1.6.x and up when the optional setting 20361[[Manual:$wgUseAjax|$wgUseAjax]] is enabled. 20362 20363If you are using an extension based on the optional Ajax module, either disable 20364it or upgrade to a version containing the fix: 20365 20366* 1.9: fixed in 1.9.3 20367* 1.8: fixed in 1.8.4 20368* 1.7: fixed in 1.7.3 20369* 1.6: fixed in 1.6.10 20370 20371There is no known danger in the default configuration, with 20372[[Manual:$wgUseAjax|$wgUseAjax]] off. 20373 20374* Add 'charset' to Content-Type headers on various HTTP error responses to 20375forestall additional UTF-7-autodetect XSS issues. PHP sends only 'text/html' by 20376default when the script didn't specify more details, which some inconsiderate 20377browsers consider a license to autodetect the deadly, hard-to-escape UTF-7. 20378This fixes an issue with the Ajax interface error message on MSIE when 20379[[Manual:$wgUseAjax|$wgUseAjax]] is enabled (not default configuration); this 20380UTF-7 variant on a previously fixed attack vector was discovered by Moshe BA 20381from BugSec: http://www.bugsec.com/articles.php?Security=24 20382* Trackback responses now specify XML content type 20383 20384== MediaWiki 1.7.2 == 20385 20386January 9, 2007 20387 20388* Note about $wgUploadSizeWarning using byte 20389* Update to German bookstore list (de) 20390* (bug [[bugzilla:6680|6680]]) Added localisation for Dutch bookstore list (nl) 20391* (bug [[bugzilla:6708|6708]]) Minor updates to Russian translation (ru) 20392* (bug [[bugzilla:6730|6730]]) Clearer usage of message 'titlematch' in German 20393translation (de) 20394* Added direction mark to Special:Listredirects 20395* XSS fix in AJAX module 20396 20397An XSS injection vulnerability was located in the AJAX support module, 20398affecting MediaWiki 1.6.x and up when the optional setting 20399[[Manual:$wgUseAjax|$wgUseAjax]] is enabled. 20400 20401There is no danger in the default configuration, with 20402[[Manual:$wgUseAjax|$wgUseAjax]] off. 20403 20404If you are using an extension based on the optional AJAX module, either disable 20405it or upgrade to a version containing the fix: 20406 20407* 1.9: fixed in 1.9.0rc2 20408* 1.8: fixed in 1.8.3 20409* 1.7: fixed in 1.7.2 20410* 1.6: fixed in 1.6.9 20411 20412 20413== MediaWiki 1.7.1 == 20414 20415July 8, 2006 20416 20417MediaWiki 1.7.1 is a security and bugfix maintenance release of the Summer 2006 20418snapshot: 20419 20420A potential HTML/JavaScript-injection vulnerability in a debugging script has 20421been fixed. Only versions and configurations of PHP vulnerable to the $GLOBALS 20422overwrite vulnerability are affected. 20423 20424As a workaround for existing installs, profileinfo.php may simply be deleted if 20425it's not being used. 20426 20427* Fix for 'emailconfirmed' implicit user group 20428* Fix for upgrades on some versions of MySQL 4.0.x 20429* Fixed potential XSS in profileinfo.php 20430* Installer now shows clear error message about old PHP versions rather than a 20431confusing parse error 20432 20433== MediaWiki 1.7.0 == 20434July 6, 2006 20435 20436This is the quarterly release snapshot for Summer 2006. While the code 20437has been running on Wikipedia for some time, installation and upgrade 20438bits may be less well tested. Bug fix releases may follow in the coming 20439days or weeks. 20440 20441MediaWiki is now using a "[[w:en:Continuous_integration|continuous 20442integration]]" development model with 20443quarterly snapshot releases. The latest development code is always kept 20444"ready to run", and in fact runs our own sites on Wikipedia. 20445 20446Release branches will continue to receive security updates for about a year 20447from first release, but nonessential bugfixes and feature development happen 20448will be made on the development trunk and appear in the next quarterly release. 20449 20450Those wishing to use the latest code instead of a branch release can obtain 20451it from source control: [[Download from SVN]] 20452 20453== Changes since 1.6 == 20454 20455* (bug 5458) Fix double-URL encoding in block log link in contribs and contribs 20456 link in block log 20457* (bug 5462) Bogus missing patch warning in updater 20458* (bug 5461) Use of deprecated "showhideminor" in Special:Recentchangeslinked 20459* PHP warning when allow_call_time_pass_reference is off 20460* Update to Finnish localization 20461* (bug 5467) Link to page histories in watchlist edit mode 20462* Further additions to Hebrew localisation 20463* (bug 5476) Invalid xhtml in German localization 20464* (bug 5479) Id translation for preferences tabs caption 20465* (bug 5493) Id translation for special pages 20466* Added skinname and style path parameters to CBT version of MonoBook 20467* Include subversion revision number in Special:Version if available 20468* (bug 5344) Fix regression that broke slashes in extension tag parameters 20469* Improve Special:Log performance on big log sets 20470* (bug 5507) Changed mediawiki:logouttext from plain to wikitext 20471* (bug 4760) Prevent creation of entries in protection log when protection 20472 levels haven't changed 20473* (bug 861) Show page protection/unprotection events in histories 20474* (bug 5499) Don't clear the tag strip state when asked not to clear state. 20475 Fixes regression with use of <ref> in a template breaking <nowiki> etc. 20476* Minor improvements to English language files 20477* Display the anon talk page info message on anon talk pages again 20478 (moved outside the parser cache) 20479* Optional {{DISPLAYTITLE|title with markup}} magic word 20480 Deactivated by default, set "$wgAllowDisplayTitle = true" in LocalSettings.php 20481 to activate 20482* Cleaned SpecialContributions a bit 20483* Added a table to track interlanguage links 20484* (bug 5544) Fix redirect arrow in Special:Listredirects for right-to-left 20485 languages 20486* Replace "doubleredirectsarrow" with a content language check that picks the 20487 appropriate arrow 20488* (bug 5537) Add stub language file for Samogitian (bat-smg); inherits 20489 Lithuanian (lt) 20490* Don't force edit summaries when a user is editing their own user/talk page 20491* (bug 5510) Warning produced when using {{SUBPAGENAME}} in some namespaces 20492* (bug 385) Installer support for PostgreSQL, fixes for PG compatibility 20493* PersistentObject removed; it doesn't do anything and was broken besides. 20494 All extensions using it have been corrected. 20495* Propagate ISBN number for Booksources in LanguageNo.php 20496* (bug 5548) Improvements to Indonesian localisation [patch: Ivan Lanin] 20497* Add TALKSPACE, SUBJECTSPACE, TALKPAGENAME, SUBJECTPAGENAME (and encoded forms 20498 for all) magic words 20499* (bug 5403) Fix Special:Newpages RSS/Atom feeds 20500* Reject malformed addresses in X-Forwarded-For entries 20501* (bug 3359) Add hooks on completion of file upload 20502* (bug 5559) Improve detection of ImageMagick [patch: Greg Turnquist] 20503* (bug 5475) New pages feeds ignore "limit" argument 20504* (bug 5184) CSS misapplied to elements in Special:Allmessages due to 20505 conflicting anchor identifiers 20506* (bug 5519) Allow sidebar cache to be disabled; disable it by default. 20507* Maintenance script to import the contents of a text file into a wiki page 20508* Add $wgReservedUsernames configuration directive to block account creation/use 20509* (bug 5576) Remove debugging hack in session check 20510* (bug 5426) Lowercase treatment of titles in rights log leads to broken links 20511 on Special:Log 20512* Minor improvements to French localisation files 20513* (bug 5181) Update "nogomatch" for Slovak 20514* (bug 5594) Id translation up to # Login and logout pages section 20515* (bug 5536) Use content language for editing help link 20516* Improvements to German localisation files 20517* (bug 5570) Problems using <special page>/parameter link form for long titles 20518* (bug 3884) Add $user parameter to AddNewUser hook, call it for by-email 20519 registrations as well as self-registrations. 20520* (bug 4327) Report age of cached data sets in query pages 20521* (bug 4662) Fix Safari check in wikibits.js 20522* (bug 4663) Edit toolbar enabled in compatible versions of Safari 20523* (bug 5572) Edit toolbar enabled in compatible versions of Konqueror (3.5+) 20524* (bug 5235) Edit toolbar tooltips no longer show JavaScript junk in Opera 20525* Edit toolbar now works in pure XHTML mode (application/xhtml+xml) 20526* Add watchlist clear function to allow quick purging of all items 20527* (bug 5625) Additional namespace translations for Welsh 20528* Add meta tag and JavaScript variables to cached special pages which provides 20529 the timestamp of the last update, in YYYYMMDDHHMMSS format. 20530* (bug 5628) More translations for MessagesHr.php 20531* (bug 5595) Localisation for Bosnian language (bs) 20532* (bug 2910) Default view preferences for watchlists 20533* Add "hide bot edits from the watchlist" user preference 20534* (bug 5250) Introduce Special:Unusedtemplates 20535* Add user preference setting for an extended watchlist, showing all recent 20536 edits up to a certain edit, and not just the latest edit. 20537* Made MessageRo.php more general 20538* (bug 5640) Indonesian localisation improvements 20539* (bug 5592) Actions are logged with the default language for the 20540 wiki, not the language of the user performing the operation. 20541* (bug 5644) Error in LanguageBs.php file 20542* (bug 5646) Compare for identical types in wfElement() 20543* (bug 5472) Language::userAdjust()->minDiff not initialized on else condition 20544* (bug 5386) LanguageMk.php: updated namespaces translations 20545* (bug 5422) Stub for Romani (rmy) language which extends ro 20546* Fix linktrail for LanguageSr 20547* (bug 5664) Fix Bosnian linktrail 20548* (bug 3825) Namespace filtering on Special:Newpages 20549* (bug 1922) When Special:Wantedpages is cached, mark links to pages 20550 which have since been created 20551* (bug 5659) Change grammar hacks for Bosnian Wikimedia namespaces. 20552 This sort of special casing should be removed and fixed properly. 20553* Remove useless whitespace from Special:Brokenredirects header 20554* Treat "allmessagesnotsupporteddb" as wikitext when echoing; change default 20555 text 20556* (bug 5497) Regression in HTML normalization in 1.6 (unclosed <li>,<dd>,<dt>) 20557* (bug 5709) Allow customisation of separator for categories 20558* (bug 5684) Introduce Special:Randomredirect 20559* (bug 5611) Add a name attribute to the text box containing source text in 20560 read-only pages 20561* Indicate when a protected page is an interface message ("protectedinterface") 20562* (bug 4259) Indicate when a protected page being edited is an interface message 20563 ("editinginterface") 20564* (bug 4834) Fix XHTML output when using $wgMaxTocLevel 20565* Pass login link to "whitelistedittext" containing 'returnto' parameter 20566* (bug 5728): mVersion missing from User::__sleep() leading to constant cache 20567 miss 20568* Updated maintenance/transstat.php so it can show duplicate messages 20569* Improvements to update scripts; print out the version, check for superuser 20570 credentials before attempting a connection, and produce a friendlier error if 20571 the connection fails 20572* (bug 5005) Fix XHTML <gallery> output. 20573* (bug 5315) "Expires: -1" HTTP header made strictly valid (using 1970 date). 20574* (bug 4825) note in DefaultSettings.php about 'profiling' table creation 20575* Remove unneeded extra whitespace at top of Special:Categories 20576* (bug 5679) time units are now using local numerals 20577* (bug 5751) Updates to Portuguese localisation files 20578* (bug 5741) Introduce {{NUMBEROFUSERS}} magic word 20579* (bug 93) <nowiki> tags and tildes in templates 20580* The returnto parameter is now actually used by SpecialUserlogin.php 20581* Parser can now know that it is parsing an interface message 20582* (bug 4737) MediaWiki:Viewcount supports {{PLURAL}} now 20583* Fix bug in wfMsgExt under PHP 5.1.2 20584* (bug 5761) Project talk namespace broken in Xal, Os, Udm and Cv 20585* Rewrite reassignEdits script to be more efficient; support optional updates to 20586 recent changes table; add reporting and silent modes 20587* Cleaned up formatNum usage in langfiles 20588* (bug 5716) Warn when a user tries to upload a file which was previously 20589 deleted 20590* (bug 5565) Add a class attribute to the table on Special:Allpages 20591* "lang=xx" option for parser test cases to set content language 20592* (bug 5764) Friulian translation updated 20593* (bug 5757) Fix premature cutoff in LanguageConverter with extra end markers 20594* (bug 5516) Show appropriate "return to" link on blocked page 20595* (bug 5377) Do not auto-login when creating an account as another user 20596* (bug 5284) Special redirect pages should remember parameters 20597* Suppress 7za output on dumpBackup 20598* (bug 5338) Reject extra initial colons in title 20599* (bug 5487) Escape self-closed HTML pair tags 20600* Add "raw suffix" magic word for some magic words, e.g. {{NUMBEROFUSERS|R}} 20601 will produce a count minus formatting 20602* Fix Parser::cleanSig() to use Parser::startExternalParse() and choose an 20603 appropriate output format given the scope of the clean 20604* (bug 5593) Change "bureaucrat log" to "rights log" 20605* Show a boilerplate "(none)" in place of a blank within the log action text for 20606 user rights 20607* (bug 137) Commented out translations for copyrightwarning which mention GNU 20608 FDL 20609* (bug 5723) Don't count pages linked to from the MediaWiki namespace as 20610 "wanted" 20611* (bug 5696) Add a third parameter, $3, to "rcnote", passing the current time 20612 formatted according to the current user's settings 20613* (bug 5780) Thousands and decimal separators for Norwegian 20614* Updated initStats maintenance script 20615* (bug 5767) Fix date formats in Vietnamese locale 20616* (bug 361) URL in URL, they were almost fixed. Now they are. 20617* (bug 4876) Add __NEWSECTIONLINK__ magic word to force the "new section" 20618 link/tab to show up on specific pages on demand 20619* Bidi-aid on list pages 20620* (bug 5782) Allow entries in the bad image list to use canonical namespace 20621 names 20622* (bug 5789) Treat "loginreqpagetext" as wikitext 20623* Sanitizer: now handles nested <li> in <ul> or <ol> 20624* (bug 5796) We require MySQL >=4.0.14 20625* Add 'EmailConfirmed' hook 20626* New findhooks.php script to find undocumented hooks. 20627* Silently ignore errors on profiling table update. 20628* (bug 5801) Correct handling of underscores in Special:Listusers 20629* Clean up Special:Listusers; add an "(all)" label to the group selection box 20630* (bug 5812) Use appropriate link colour in Special:Mostlinked 20631* (bug 5802) {{CURRENTMONTHNAME}} variable broken in Vietnamese locale 20632* (bug 5817) Appropriate handling for Special:Recentchangeslinked where the 20633 target page doesn't exist 20634* Special:Randompage now additionally accepts English namespace name as 20635 parameter 20636* (bug 2981) Really fixed linktrail for Tamil (ta) 20637* Disallow substituting Special pages when included into a page 20638* (bug 5587) Clean up the languages from references to the Groups special page 20639* Added new group-X and group-X-member messages 20640* Rewritten removeUnusedAccounts to be more efficient, print names of inactive 20641 accounts 20642* Redirect Special:Userlist to Special:Listusers 20643* Introduce $wgAllowTitlesInSVG, which allows the <title> attribute in uploaded 20644 files bearing the image/svg MIME type. Disabled by default due to the vast 20645 majority of web servers being hideously misconfigured. See DefaultSettings.php 20646 for more details. 20647* Changed default LocalSettings.php to append the previous include path when 20648 setting it 20649* (bug 5837) Use "members" for the value descriptor in Special:Categories, 20650 Special:Wantedcategories and Special:Mostlinkedcategories. 20651* (bug 3309) Allow comments when undeleting pages 20652* Clean up Special:Undelete a bit 20653* (bug 5805) messages nbytes, ncategories can now use {{plural:}} 20654* Clean up Special:Imagelist a bit 20655* (bug 5838) Namespace names for Nds-NL 20656* (bug 5749) Added Tyvan language files 20657* (bug 5791) Fix SQL syntax in Special:BrokenRedirects, was causing incorrect 20658 data to show 20659* (bug 5839) Prevent access to Special:Confirmemail for logged-out users 20660* (bug 5853) Update for Portuguese messages (pt) 20661* (bug 5851) Use Cyrillic for Kirghiz language name 20662* (bug 5841) Allow the 'EditFilter' hook to return a non-fatal error message 20663* (bug 5846) Link to individual group description pages in Special:Listusers 20664* (bug 5857) Update for German localisation (de) 20665* (bug 5858) Update for Russian language (ru) 20666* (bug 5860) Update for Indonesian language (id) 20667* (bug 1120) Update for Czech language (Cs) 20668* Added many missing formatNum calls 20669* Added grammar function to Belarusian (be) 20670* (bug 5819) Add 'PersonalUrls' hook 20671* (bug 5862) Update of Belarusian language (be) 20672* (bug 5886) Update for Portuguese messages (pt) 20673* (bug 5586) <gallery> treated text as links 20674* (bug 5878) Update for Indonesian language (id) 20675* (bug 5697) Update for Malay language (ms) 20676* (bug 5890) Update for German language (de) 20677* (bug 5889) Name for Sindhi language should appear as سنڌي 20678* --force-normal parameter on dump scripts to force check for ICU extension 20679* (bug 5895) Update for Dutch language (nl) 20680* (bug 5891) Linktrail for Polish language (pl) 20681* User::isBureaucrat , User::isDeveloper , User::isSysop deprecated in 20682 v1.6 now die with a backtrace. They will be removed in v1.8 20683* dumpTextPass now skips goes to database for entries that were blank in the 20684 previous dump, as this may indicate a broken dump. 20685* dumpTextPass progress includes percentage of items prefetched 20686* dumpTextPass can now use 7zip files for prefetch 20687* (bug 5915) Update to Indonesian localisation (id) 20688* (bug 5913) Update for German localisation (de) 20689* (bug 5905) Plural support for Bosnian localisation (bs) 20690* Groups which won't hit the rate limiter now configurable with 20691 $wgRateLimitsExcludedGroups 20692* (bug 5806) {{plural:}} support instead of "twin" MediaWiki messages 20693* (bug 5931) Update for Polish language (pl) 20694* Ignore the user and user talk namespaces on Special:Wantedpages 20695* Introduce NUMBEROFPAGES magic word 20696* (bug 5833) Introduce CURRENTVERSION magic word 20697* (bug 5370) Allow throttling of password reminder requests with the rate 20698 limiter 20699* (bug 5683) Respect parser output marked as uncacheable when saving 20700* (bug 5918) Links autonumbering now work for all defined protocols 20701* (bug 5935) Improvement to German localisation (de) 20702* (bug 5937) Register links from gallery captions with the parent parser output 20703 object so that link tables receive those updates too 20704* (bug 5845) Introduce BASEPAGENAME and BASEPAGENAMEE magic words 20705* (bug 5941) Use content language when getting the administrator page title for 20706 Special:Statistics 20707* (bug 5949) Update to Indonesian localisation (id) 20708* (bug 5862) Update of Belarusian translation (be) 20709* (bug 5950) Improvements to French localisation 20710* (bug 5805) {{plural:}} support for counters in some special pages 20711* (bug 5952) Improvement to German localisation (de) 20712* Rename conflicting metadata help message to "metadata_help" (was "metadata") 20713 and treat it as wiki text 20714* Improve preferences input filtering 20715* Maintenance script to import multiple files into the wiki 20716* (bug 5957) Update for Hebrew language (he) 20717* (bug 5962) Update for Italian language (it) 20718* (bug 5961) Update for Portuguese localisation (pt) 20719* (bug 5849) Remove some hard-coded references to "Wikipedia" in messages 20720* (bug 5967) Improvement to German localisation (de) 20721* (bug 5962) Update for Italian language (it) 20722* Suppress images in galleries which appear on the bad image list (when 20723 rendering for a wiki page; galleries in special pages and categories are 20724 unaffected) 20725* Maintenance script to remove orphaned revisions from the database 20726* (bug 5991) Update for Russian language (ru) 20727* (bug 6001) PAGENAMEE and FULLPAGENAMEE don't work in FULLURL and LOCALURL 20728 magic words 20729* (bug 5958) Switch Uzbek language name to use latin script 20730* (bug 839) Add URLENCODE magic word 20731* (bug 6004) Update for Polish language (pl) 20732* (bug 5971) Improvement to German localisation (de) 20733* (bug 4873) Don't overwrite the subtitle navigation when viewing a redirect 20734 page that isn't current 20735* (bug 2203) Namespace updates for Thai 20736* Fix breakage in parser test suite which caused incorrect reporting of the 20737 failure of {{NUMBEROFFILES}}. Now initialises the site_stats table with some 20738 dumb data. Updated the expected output for {{NUMBEROFARTICLES}} to reflect 20739 this. 20740* (bug 6009) Use {{ns:project}} in messages where appropriate 20741* (bug 6012) Update to Indonesian localisation (id) 20742* (bug 6017) Update list of bookstores in German localisation files 20743* (bug 5187) Allow programmatically bypassing username validation, for scripts 20744* (bug 6025) SpecialImport: wrong message when no file selected 20745* (bug 6015) EditPage: add spacing in the boxes "edit is minor" and "watch this" 20746* (bug 6018) Userrights: new message when no user specified ('nouserspecified') 20747* (bug 2015) Add "\sim" to ~ conversion for HTML rendering 20748* (bug 6029) Improvement to German localisation (de) 20749* (bug 5015) Update be: magic words 20750* (bug 3974) Add parameter for site URL to "passwordremindertext" 20751* (bug 6039) Update for Portuguese localisation (pt) 20752* (bug 764) Add CREATE TEMPORARY TABLES to default database permissions 20753* Big update to Swedish localisation (sv) 20754* Use appropriate HTML functions to create the tool links on image pages, so 20755 they don't look garbled when tidy isn't on 20756* (bug 5511) Fix URL-encoding of usernames in links on Special:Ipblocklist 20757* (bug 6046) Update to Indonesian localisation (id) #15 20758* (bug 5523) $wgNoFollowNsExceptions to allow disabling rel="nofollow" in 20759 specially-selected namespaces. 20760* (bug 6055) Fix for HTML/JS injection bug in variable handler (found by Nick 20761 Jenkins) 20762* Reordered wiki table handling and __TOC__ extraction in the parser to better 20763 handle some overlapping tag cases. 20764* Only the first __TOC__ is now turned into a TOC 20765* (bug 4610) Indicate patrolled status on watchlists and allow users to mark 20766 changes as patrolled using the diff links there 20767* Add 'DiffViewHeader' hook called before diff page output 20768* (bug 6051) Improvement to German localisation (de) 20769* (bug 6054) Update to Indonesian localisation (id) #16 20770* Add {{CURRENTTIMESTAMP}} magic word 20771* (bug 6061) Improper escaping in some html forms 20772* (bug 6065) Remove underscore when using NAMESPACE and TALKSPACE magics. 20773* (bug 6074) Correct squid purging of offsite upload URLs 20774* To simplify the lives of extension developers, the logging type arrays 20775 can now be appended to directly by an extension setup function. It is 20776 no longer necessary to write four separate functions just to add a 20777 custom log type. 20778* (bug 6057) Count "licenses" as a message (and show it in Special:Allmessages) 20779* Added $wgGrammarForms global 20780* Fixed hardcoded 'done.' when removing watchlist entries. 20781* (bug 5962) Update for Italian language (it) 20782* (bug 6086) Remove vestigial attempt to call Article::validate() 20783* wfHostname() function for consistent server hostname use in debug messages 20784* Send thumbnailing error messages to 'thumbnail' log group 20785* wfShellexec() now accepts an optional parameter to receive the exit code 20786* Failed, but not zero-length, thumbnail renderings are now removed. 20787 Should help clean up when rsvg fails in weird ways. 20788* (bug 6081) Change description for Turkmen language 20789* Increase robustness of parser placeholders; fixes some glitches when 20790 adjacent to identifier-ish constructs such as URLs. 20791* Shut up the parser test whining about files in a temp directory. 20792* (bug 6098) Add Aragonese language support (an) 20793* (bug 6101) Update for Russian language (ru) 20794* Add $wgIgnoreImageErrors to suppress error messages for thumbnail rendering 20795 problems. If errors are transitory, this should reduce annoying messages 20796 making it into cached display. 20797* (bug 6103) Wrap self-links in a CSS class ("selflink") 20798* (bug 6102) For consistency with other markup, normalize all HTML-encoded 20799 character entities in URLs, not just ampersands. This allows use of eg 20800 = when making URLs for template parameters. 20801* Markup anality: escape </ as <\/ in toolbar javascript for pure correctness 20802 under HTML-compatible browsers. 20803* (bug 5077) Added hook 'BeforePageDisplay' to SkinTemplate::outputPage 20804* Replace fatally changed 'uploadnewversion' with 'uploadnewversion-linktext' 20805* (bug 472) Syndication feeds for the last few edits of page history 20806* Format edit comments in Recent Changes feed 20807* Switch incorrectly ordered column headers on Recent Changes feed diffs 20808* (bug 6117) Use message for history feed description, add German localization 20809* (bug 1017) fixed thumbnails of animated gifs. 20810* Add APC as object caching option 20811* Update to Albanian localization (sq) 20812* (bug 6099) Introduce {{DIRECTIONMARK}} magic word (with {{DIRMARK}} as an 20813 alias) 20814* Use optimized php5-only microtime() 20815* Add possibility to store local message cache as PHP executable script 20816* Fix profiling table definition 20817* (bug 6040) Run pre-save transform before calculating the diff. when doing a 20818 "show changes" operation in the editor 20819* (bug 4033) Respect $wgStyleDirectory when checking available skins 20820* Remove hideous backslashes from MessagesBr.php 20821* Fix APC object cache issues, add functionality to installer 20822* (bug 6133) Update strip state as we work. This mostly fixes extensions 20823 used in Cite.php <ref> tags when Tidy is on. 20824* (bug 6139) Workaround for transclusion oddities in Vietnamese upload text 20825* (bug 6136) Update to Catalan language (ca) 20826* Update to Japanese localization (ja) 20827* Add /usr/local/bin to the diff3 search paths in the installer 20828* (bug 6106) Update to Indonesian localisation (id) #17 20829* (bug 6125) Add links to edit old versions to diff views 20830* (bug 5127) Auto edit summary when creating/editing redirect page 20831* (bug 3926) Introduce {{#language:}} magic word 20832* Fix section links from edit comments for [[:Image:Bla.jpg]] in section titles 20833* (bug 6126) Allow fallback to customized primary language when user language 20834 message contains '-'; fixes licenses selector on Commons configuration after 20835 recent addition of the message to Messages.php 20836* (bug 5527) Batch up job queue insertions for, hopefully, better survivability 20837 of lock contention etc. Duplicates are now removed at pop time instead of 20838 at insert time. 20839* When showing the "blah has been undeleted" page, make sure it's a blue link 20840* parserTests.php accepts a --file parameter to run an alternate test sutie 20841* parser tests can now test extensions using !!hooks sections 20842* Fix oddity with open tag parameters getting stuck on </li> 20843* (bug 5384) Fix <!-- comments --> in <ref> extension 20844* Nesting of different tag extensions and comments should now work more 20845 consistently and more safely. A cleaner, one-pass tag strip lets the 20846 'outer' tag either take source (<nowiki>-style) or pass it down to 20847 further parsing (<ref>-style). There should no longer be surprise 20848 expansion of foreign extensions inside HTML output, or differences 20849 in behavior based on the order tags are loaded. 20850* (bug 885) Pre-save transform no longer silently appends close tags 20851* Pre-save transform no longer changes the case of close tags 20852* (bug 6164) Fix regression with <gallery> resetting <ref> state 20853* Hackaround for IE 7 wrapping bug in MonoBook footer 20854* New message sp-newimages-showfrom replaces rclistfrom on special:newimages 20855* Improve handling of ;: definition list construct with overlapping or 20856 nested HTML tags 20857* (bug 6171) Fix sanitizing of HTML-elements with an optional closing 20858 tag. The sanitizer still needs to learn how to make well-formed XML 20859 in this case. 20860* Fix fatal error when specifying illegal name for manual thumbnail 20861* (bug 6184) Use shinier Linker::userLink() to make user links in 20862 Special:Undelete 20863* (bug 6170) Update for Kashubian translation (csb) 20864* (bug 6191) Update to Indonesian translation (id) #18 20865* (bug 6114) Update to Walloon localization (wa) 20866* Added $wgNamespaceRobotPolicies to allow customisation of robot policies on a 20867 per-namespace basis. 20868* Add <ol> to the list of block elements for doBlockLevels; avoids <p>s being 20869 interspersed into your ordered lists. 20870* (bug 5021) Transcluding the same special page twice now works 20871* Add 'SiteNoticeBefore' and 'SiteNoticeAfter' hooks 20872* (bug 6182) Date passed in "sp-newimages-showfrom" not adjusted to user time 20873 preferences 20874* (bug 2587) Fix for section editing with comment prefix 20875* (bug 2607) Fix for section editing with mix of wiki and HTML headings 20876* (bug 3342) Fix for section editing with headings wrapped in <noinclude> 20877* (bug 3476) Fix for section editing with faux headings in extensions 20878* (bug 5272) Fix for section editing with HTML-heading subsections 20879* Fix for bogus wiki headings improperly detected with following text 20880* Fix for HTML headings improperly not detected with preceding/following text 20881* Section extraction and replacement functions merged into one implementation 20882 on the Parser object, so they can't get out of sync with each other. 20883* Edit security precautions in raw HTML mode, etc 20884* (bug 6197) Update to Indonesian translation (id) #19 20885* (bug 6175) Improvement to German translation (de) 20886* Redirect Special:Logs to Special:Log 20887* (bug 6206) Linktrail for Swedish localization (se) 20888* (bug 3202) Attributes now allowed on <pre> tags 20889* Sanitizer::validateTagAttributes now available to discard illegal/unsafe 20890 attribute values from an array. 20891* (bug 3837) Leave <center> as is instead of doing an unsafe text replacement 20892 to <div class="center">. <center> is perfectly valid in the target doctype 20893 (XHTML 1.0 Transitional), while the replacement didn't catch all cases and 20894 could even result in invalid output from valid input. 20895* (bug 4280) Use 'noindex,nofollow' instead of 'noindex,follow' for default 20896 meta robots tag on diff view and special pages. Should reduce impact of 20897 robots on scrolling special pages, diffs etc on sites where robots.txt 20898 doesn't forbid access. 20899* Regression fix: suppress warning about session failure when clicking to 20900 edit with 'preview on first edit' enabled. 20901* (bug 6230) Regression fix: <nowiki> in [URL link text] 20902* Added AutoLoader.php, which loads classes without need of require_once() 20903* (bug 5981) Add plural function Slovenian (sl) 20904* (bug 5945) Introduce {{CONTENTLANGUAGE}} magic word 20905* {{PLURAL}} can now take up to five forms 20906* (bug 6243) Fix email for usernames containing dots when using PEAR::Mail 20907* Remove a number of needless {{ns:project}}-type transforms from messages 20908 files. These usages already have separate label text. Such transforms are 20909 wasteful on each page view. 20910* Update to Yiddish localization (yi) 20911* (bug 6254) Update to Indonesian translation (id) #20 20912* (bug 6255) Fix transclusions starting with "#" or "*" in HTML attributes 20913* Whitespace now normalized more or less properly in HTML attributes 20914* Fix regression(?) in behavior of initial-whitespace-pre in <center> 20915* (bug 6260) Update to Interlingua localization (ia) 20916* Update to Vlax Romany localization (rmy) 20917* Update to Latin translation (la) 20918* Update to Dutch translation (nl) 20919* Avoid some notices in page history with bad input 20920* Use double quoted consistently on attributes in linker output; preparing 20921 for new normalization code when tidy not in use 20922* Replace "nogomatch" with "noexactmatch" and place the magic colon in the 20923 messages themselves. Some minor tweaks to the actual message content. 20924* Introduce $wgContentNamespaces which allows for articles to exist in 20925 namespaces other than the main namespace, and still be counted as valid 20926 content in the site statistics. 20927* (bug 5932) Introduce {{PAGESINNAMESPACE}} magic word 20928* Disable $wgAllowExternalImages by default. 20929* (bug 2700) Nice things like link completion and signatures now work in 20930 <gallery> tags. 20931* Cancel output buffering in StreamFile; when used inside gzip buffering this 20932 could cause funny timeout behavior as the Content-Length was wrong. 20933* Return correct content-type header with 304 responses for StreamFile; 20934 it confuses Safari if you let it return "text/html". 20935* (bug 6280) Correct GRAMMAR for Slovenian localisation (sl) 20936* (bug 6162) Change date format for Dutch Low Saxon (nds-nl) 20937* (bug 6296) Update to Indonesian localisation (id) #21 20938* Introduce EditFormPreloadText hook, see docs/hooks.txt for more information 20939* (bug 4054) Add "boteditletter" to recent changes flags 20940* Update to Catalan localization (ca) 20941* (bug 2099) Deleted image files can now be archived and undeleted. 20942 Set $wgSaveDeletedFiles on and an appropriate directory path in 20943 $wgFileStore['deleted']['directory'] 20944* (bug 6324) Fix regression in enhanced RC alignment 20945* Introduce {{NUMBEROFADMINS}} magic word 20946* Update to Slovak translation (sk) 20947* Update to Alemannic localization (gsw) 20948* (bug 6300) Bug fixes for sr: variants 20949* namespaceDupes.php can now accept an arbitrary prefix, for checking rogue 20950 interwikis and such. Not yet fully automated. 20951* (bug 6344) Add Special:Uncategorizedimages page 20952* (bug 6357) Update to Russian translation (ru) 20953* Workaround possible bug in Firefox nightlies by properly removing the 20954 Content-Encoding header instead of sending explicit 'identity' value 20955 in StreamFile 20956* (bug 6304) Show timestamp for current revision in diff pages 20957* Vertically align current version with old version header in diff display 20958* (bug 6174) Remove redundant "emailforlost" message 20959* (bug 6189) Show an error to an unprivileged user trying to create account 20960* (bug 6365) Show user information in the "old revision" navigation links 20961* Introduce 'FetchChangesList' hook; see docs/hooks.txt for more information 20962* (bug 6345) Update to Indonesian localisation (id) #22 20963* (bug 6279) Add genitive month names to Slovenian localisation 20964* (bug 6351) Update to German translation (de) 20965* Respect language directionality when displaying arrow in 20966 Special:Brokenredirects 20967* Remove unused "validation" table definitions from the schema files 20968* (bug 6398) Work around apparent PCRE bug breaking section editing when 20969 massively-indented preformatted text immediately followed a header 20970* (bug 6392) Fix misbehaving <br /> in preferences form 20971* Add translated magic words to Hebrew localization 20972* (bug 6396) Change name for Chuvash language 20973* Introduce optional (off by default) language selector bar for user login 20974 and registration. Customisable via the "loginlanguagelinks" message, the 20975 links will preserve "returnto" values. If the user creates an account while 20976 using such a link, then the language in use will be saved as their language 20977 preference. 20978* Make sure '~~~' '~~~~' '~~~~~' are removed in Nickname preference. 20979* Rename "ipusuccess" to "unblocked", change the format (now wiki text) 20980* (bug 2316) Add "caption" attribute to <gallery> tag 20981* Allow setting the skin object that ImageGallery will use; needed during parse 20982 operations (the skin must come from the ParserOptions, not $wgUser) 20983* Fix notice in MacBinary detection debug data for files of certain lengths 20984* (bug 6131) Add type detection for DjVu files, allowing them to be uploaded 20985 with validity checking and size detection. No inline thumbnailing yet, 20986 but could be added in the future. 20987* (bug 6423) Don't update newtalk flag if page content didn't change (null edits 20988 were causing the newtalk flag to trigger inappropriately) 20989* Parser functions are now set using magic words. 20990* (bug 6428) Incorrect form action URL on Special:Newimages with hidebots = 0 20991 set 20992* (bug 4990) Show page source to blocked users on edits, or their modified 20993 version if blocked during an edit 20994* (bug 5903) When requesting the raw source of a non-existent message page, 20995 return blank content (as opposed to the message key) 20996* Improve default blank content of MediaWiki:Common.css and 20997 MediaWiki:Monobook.css 20998* (bug 6434) Allow customisation of submit button text on Special:Export 20999* (bug 6314) Add user tool links on page histories 21000* Fix display of file-type icons in galleries when $wgIgnoreImageErrors is off 21001* (bug 6438) Update to Indonesian translation (id) #23 21002* Adding the language code parameter to the hook "LanguageGetMagic", to allow 21003 localizble extensions magic words. 21004* Update to Romanian translation (ro) 21005* Update to Esperanto translation (eo) 21006* Check for preg_match() existence when installing and die out whining about 21007 PCRE if it's not there, instead of throwing a fatal error 21008* (bug 672) Add MathAfterTexvc hook 21009* Update to Piedmontese localization (pms) 21010* dumpBackup can optionally compress via dbzip2 21011* (bug 2483) Run link updates on change via XML import 21012* (bug 2481) List imported pages during Special:Import 21013* (bug 2482) Log and RC entries for Special:Import events 21014* Allow fetching all revisions from transwiki Special:Import 21015* Allow fetching all revisions from Special:Export GET request 21016* Disable output buffering on Special:Export; should help with streaming 21017 large numbers of history items. 21018* Allow setting a maximum number of revisions for history Special:Export; 21019 pages with more than $wgExportMaxHistory revisions are excluded from 21020 export when history is requested. 21021* Fix transwiki import of pages with space in name 21022* Save null edit when importing pages through Special:Import 21023* Update to Korean translation (ko) 21024* Show a more specific message when an anonymous user tries to access 21025 Special:Watchlist 21026* (bug 3278) Paging links in Special:Prefixindex 21027* Added Latvian localization (lv) 21028* (bug 6472) Fix regression in Special:Export with multiple pages 21029* Update to Macedonian translation (mk) 21030* Allow page moves over historyless self-redirects. Such are usually created 21031 as part of namespace rearrangements, and it's easier to clean them up if 21032 we can move over them. 21033* Show some error results in moveBatch.php 21034* (bug 6479) Allow specification of the skin to use during HTML dumps 21035* (bug 6461) Link to page histories in Special:Newpages 21036* (bug 6484) Don't do message transformations when preloading messages for 21037 editing 21038* (bug 6201) Treat spaces as underscores in parameters to {{ns:}} 21039* (bug 6006) Allow hiding the password change fields using an authentication 21040 plugin 21041* (bug 6489) Use appropriate link colour on Special:Shortpages 21042* Added formatnum magic word 21043* Added Javanese localization (jv) 21044* (bug 6491) Apply bad image list in category galleries 21045* (bug 6488) Show relevant log fragment in Special:Movepage 21046* Fix potential PHP notice in Special:Blockme when $wgBlockOpenProxies is true 21047* Use mysql_real_escape_string instead of addslashes for string escaping in 21048 the MySQL Database class. This may fix some rare breakage with binary fields. 21049 Note that MediaWiki does not support the multibyte character sets where a 21050 "dumb" byte replacement can be actively dangerous; UTF-8 is always safe 21051 in this regard due to the bit patterns which make head and tail bytes 21052 distinct. 21053* (bug 6497) Use $wgMetaNamespaceTalk for Esperanto if set 21054* (bug 6498) Use localized forms for image size in Special:Undelete 21055* (bug 6485) Update to Indonesian translation (id) #24 21056* Extension messages translation is now possible. 21057* Add target namespace override selector for transwiki imports. 21058 $wgImportTargetNamespace specifies the default, to be used for 21059 Wiktionary's 'Transwiki:' namespace etc. 21060* (bug 6506) Update to German localisation (de) 21061* (bug 502) Avoid silly tabs on bad title by using virtual special page 21062* (bug 6511) Add diff links to old revision navigation bar 21063* (bug 6511) Replace 'oldrevisionnavigation' message with 21064 'old-revision-navigation' 21065* Fix regression in Polish genitive month forms 21066* (bug 4037) Make input handling in Special:Allpages and Special:Prefixindex 21067 more consistent: Accept just a namespace prefix and a colon, reject input 21068 with interwiki prefixes, otherwise do what Title::makeTitleSafe() does. 21069* (bug 6516) Update to Russian translation 21070* New 'allpagesbadtitle' message for Special:Allpages, based on 'badtitletext'. 21071* Rename "searchquery" to "searchsubtitle" and support wiki text in it 21072* Introduce updateArticleCount maintenance script which uses a better check that 21073 reflects what Article::isCountable() tests for 21074* Introduce 'BadImage' hook; see docs/hooks.txt for more information 21075* Add "searchsubtitleinvalid" message for searches that are not valid titles. 21076* (bug 5962) Update to Italian localisation 21077* (bug 6530) Update to Indonesian localisation (id) #25 21078* (bug 6523) Fix SVG issue in rebuildImages.php 21079* (bug 6512) Link to page-specific logs on page histories 21080* (bug 6504) Allow configuring session name with $wgSessionName 21081* (bug 6185) Add standard user tool links to log page views 21082* Update to Venetian translation (vec) 21083* Update to Slovenian translation (sl) 21084* Add standard user tool links to deleted revision list 21085* Separate out EditPage's getContent bits from regular Article getContent. 21086 Cleans up read-only-mode warning on empty pages and neats up some code. 21087* (bug 6565) Strict JavaScript writing 21088* (bug 6570) Update to Indonesian localisation (id) #26 21089* Added Telugu translation (te) 21090* Update to Catalan translation (ca) 21091* (bug 6560) Avoid PHP notice when trimming ISBN whitespace 21092* Added namespace translation to Kannada (ka) 21093* (bug 6566) Improve input validation on timestamp conversion 21094* Implicit group "emailconfirmed" for all users whose email addresses are 21095 confirmed 21096* (bug 6577) Avoid multiline parser breakage on <pre> with newline in attribute 21097* (bug 6771) Make old revisions of MediaWiki pages available with action=raw 21098 21099 21100== Compatibility == 21101MediaWiki 1.7 requires PHP 5 (5.1 recommended). PHP 4 is no longer supported. 21102 21103If you are unable to run PHP 5, you may have to stick with 1.6 for now. 21104 21105MySQL 3.23.x is no longer supported; some older hosts may need to upgrade. 21106At this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases. 21107 21108Experimental Oracle support has been dropped as it is unmaintained. 21109 21110== Upgrading == 21111Several changes to the database have been made from 1.6: 21112 21113* A new "langlinks" table tracks interlanguage links 21114* A new "filearchive" table stores information on deleted files 21115* A new "querycache_info" table stores information on query page updates 21116 21117To ensure that these tables are filled with data, run refreshLinks.php after 21118the upgrade. 21119 21120If you are upgrading from MediaWiki 1.4.x or earlier, some major database 21121changes are made, and there is a slightly higher chance that things could 21122break. Don't forget to always back up your database before upgrading! 21123 21124== Configuration changes == 21125 21126Some configuration options have changed: 21127* $wgAllowExternalImages now defaults to off for increased security. 21128* $wgLocalTZoffset was in hours, it is now using minutes. 21129* Extensions may register special pages via the $wgSpecialPages array without 21130forcing an early load of the SpecialPage.php class file. 21131 21132== Major new features == 21133 21134* Deleted files can now be archived and undeleted, if you set up an appropriate 21135non-web-accessible directory. Set $wgSaveDeletedFiles on and an appropriate 21136directory path in $wgFileStore['deleted']['directory'] 21137* Experimental PostgreSQL support has been updated. It may or may not be in 21138usable shape; those interested in PostgreSQL are encouraged to follow 1.8 21139development. 21140 21141=== Caveats === 21142Some output, particularly involving user-supplied inline HTML, may not 21143produce 100% valid or well-formed XHTML output. Testers are welcome to 21144set $wgMimeType = "application/xhtml+xml"; to test for remaining problem 21145cases, but this is not recommended on live sites. (This must be set for 21146MathML to display properly in Mozilla.) 21147 21148= MediaWiki 1.6 = 21149 21150== MediaWiki 1.6.12 == 21151 21152February 7, 2009 21153 21154This is a security update to the Spring 2006 quarterly release. 21155 21156A number of cross-site scripting (XSS) security vulnerabilities were discovered 21157in the web-based installer (config/index.php). These vulnerabilities all 21158require a live installer -- once the installer has been used to install a 21159wiki, it is deactivated. 21160 21161Note that cross-site scripting vulnerabilities can be used to attack any 21162website in the same cookie domain. So if you have an uninstalled copy of 21163MediaWiki on the same site as an active web service, MediaWiki could be used to 21164attack the active service. 21165 21166If you are hosting an old copy of MediaWiki that you have never installed, you 21167are advised to remove it from the web. 21168 21169== MediaWiki 1.6.11 == 21170 21171December 15, 2008 21172 21173This is a security update to the Spring 2006 quarterly release. 21174 21175David Remahl of Apple's Product Security team has identified a number of 21176security issues in previous releases of MediaWiki. Subsequent analysis by the 21177MediaWiki development team expanded the scope of these vulnerabilities. The 21178issues with a significant impact are as follows: 21179 21180* An XSS vulnerability affecting Internet Explorer clients for all MediaWiki 21181installations with uploads enabled. [CVE-2008-5250] 21182* An XSS vulnerability affecting clients with SVG scripting capability (such as 21183Firefox 1.5+), for all MediaWiki installations with SVG uploads enabled. 21184[CVE-2008-5250] 21185* A CSRF vulnerability affecting the Special:Import feature, for all MediaWiki 21186installations since the feature was introduced in 1.3.0. [CVE-2008-5252] 21187 21188XSS (cross-site scripting) vulnerabilities allow an attacker to steal an 21189authorised user's login session, and to act as that user on the wiki. The 21190authorised user must visit a web page controlled by the attacker in order to 21191activate the attack. Intranet wikis are vulnerable if the attacker can 21192determine the intranet URL, even if the attacker cannot access it. 21193 21194CSRF vulnerabilities allow an attacker to act as an authorised user on the 21195wiki, but unlike an XSS vulnerability, the attacker can only act as the user in 21196a specific and restricted way. The present CSRF vulnerability allows pages to 21197be edited, with forged revision histories. Like an XSS vulnerability, the 21198authorised user must visit the malicious web page to activate the attack. 21199 21200Rather than backport our SVG validation code to this ancient branch, we have 21201instead disabled SVG uploads. To enable SVG uploads, please upgrade to 21202MediaWiki 1.13.3 or later. 21203 21204The other two issues have been fixed. 21205 21206== MediaWiki 1.6.10 == 21207 21208February 20, 2007 21209 21210This is a security and bug-fix update to the Spring 2006 quarterly release. 21211 21212An XSS injection vulnerability based on Microsoft Internet Explorer's UTF-7 21213charset autodetection was located in the AJAX support module, affecting MSIE 21214users on MediaWiki 1.6.x and up when the optional setting $wgUseAjax is enabled. 21215 21216If you are using an extension based on the optional Ajax module, either disable 21217it or upgrade to a version containing the fix: 21218 21219* 1.9: fixed in 1.9.3 21220* 1.8: fixed in 1.8.4 21221* 1.7: fixed in 1.7.3 21222* 1.6: fixed in 1.6.10 21223 21224There is no known danger in the default configuration, with $wgUseAjax off. 21225 21226* ([[mediazilla:8819|bug 8819]]) Fix full path disclosure with skins 21227dependencies 21228* Add 'charset' to Content-Type headers on various HTTP error responses to 21229forestall additional UTF-7-autodetect XSS issues. PHP sends only 'text/html' by 21230default when the script didn't specify more details, which some inconsiderate 21231browsers consider a license to autodetect the deadly, hard-to-escape UTF-7. 21232This fixes an issue with the Ajax interface error message on MSIE when 21233$wgUseAjax is enabled (not default configuration); this UTF-7 variant on a 21234previously fixed attack vector was discovered by Moshe BA from BugSec: 21235http://www.bugsec.com/articles.php?Security=24 21236* Trackback responses now specify XML content type 21237 21238== MediaWiki 1.6.9 == 21239 21240January 9, 2007 21241 21242* ([[mediazilla:6621|bug 6621]]) Backported German translation for 21243'eauthentsent' 21244 21245* ([[mediazilla:6680|bug 6680]]) Added localisation for Dutch bookstore list 21246(nl) 21247* ([[mediazilla:6730|bug 6730]]) Clearer usage of message 'titlematch' in 21248German translation (de) 21249* XSS fix in AJAX module 21250 21251An XSS injection vulnerability was located in the AJAX support module, 21252affecting MediaWiki 1.6.x and up when the optional setting $wgUseAjax is 21253enabled. 21254 21255There is no danger in the default configuration, with $wgUseAjax off. 21256 21257If you are using an extension based on the optional AJAX module, either disable 21258it or upgrade to a version containing the fix: 21259 21260* 1.9: fixed in 1.9.0rc2 21261* 1.8: fixed in 1.8.3 21262* 1.7: fixed in 1.7.2 21263* 1.6: fixed in 1.6.9 21264 21265== MediaWiki 1.6.8 == 21266 21267July 8, 2006 21268 21269MediaWiki 1.6.8 is a security and bugfix maintenance release of the Spring 2006 21270snapshot: 21271 21272A potential HTML/JavaScript-injection vulnerability in a debugging script has 21273been fixed. Only versions and configurations of PHP vulnerable to the $GLOBALS 21274overwrite vulnerability are affected. 21275 21276As a workaround for existing installs, profileinfo.php may simply be deleted if 21277it's not being used. 21278 21279* ([[mediazilla:5957|bug 5957]]) Updates to Hebrew translation (he) 21280* Respect language directionality when displaying arrow in 21281Special:Brokenredirects 21282* ([[mediazilla:6415|bug 6415]]) Typo in Parser.php 21283* Fixed potential XSS in profileinfo.php 21284 21285== MediaWiki 1.6.7 == 21286 21287June 6, 2006 21288 21289MediaWiki 1.6.7 is a security and bugfix maintenance release of the Spring 2006 21290snapshot: 21291 21292An HTML/JavaScript-injection vulnerability in the edit form has been closed. 21293This vulnerability was new in 1.6.0; MediaWiki versions 1.5.x or earlier are 21294not affected. 21295 21296Extensions, comments, and <nowiki><nowiki></nowiki> sections are now handled in 21297a one-pass way which is more reliable and safer. Under earlier versions of 21298MediaWiki, certain extensions could be abused to inject HTML/JavaScript into 21299the page. 21300 21301Additional precautions are made against offsite form submissions when the 21302restricted raw HTML mode is enabled. 21303 21304Some small localization and user interface updates are also included. 21305 21306*([[MediaZilla:6051|bug 6051]]) Improvement to German localisation (de) 21307*([[MediaZilla:6017|bug 6017]]) Update bookstore list for German language (de) 21308*([[MediaZilla:6138|bug 6138]]) Minor grammar tweak in "loginreqlink" 21309*([[MediaZilla:5957|bug 5957]]) Update for Hebrew language (he) 21310*Increase robustness of parser placeholders; fixes some glitches when adjacent 21311to identifier-ish constructs such as URLs. 21312*([[MediaZilla:5384|bug 5384]]) Fix <nowiki><!-- comments --> in <ref></nowiki> 21313extension 21314*Nesting of different tag extensions and comments should now work more 21315consistently and more safely. A cleaner, one-pass tag strip lets the 'outer' 21316tag either take source (<nowiki><nowiki></nowiki>-style) or pass it down to 21317further parsing (<nowiki><ref></nowiki>-style). There should no longer be 21318surprise expansion of foreign extensions inside HTML output, or differences in 21319behavior based on the order tags are loaded. 21320*([[MediaZilla:885|bug 885]]) Pre-save transform no longer silently appends 21321close tags 21322*Pre-save transform no longer changes the case of close tags 21323*Edit security precautions in raw HTML mode, etc 21324 21325== MediaWiki 1.6.6 == 21326 21327May 23, 2006 21328 21329MediaWiki 1.6.6 is a security and bugfix maintenance release. 21330 21331An XSS injection vector in brace replacement has been fixed, as have some 21332potential problems with table parsing. Upgrading is strongly recommended for 21333all users of 1.6. MediaWiki versions 1.5 and earlier are not affected. 21334 21335Additionally some localization and user interface updates are included. 21336 21337* Correct "revertpage" message in English 21338* ([[MediaZilla:5507|bug 5507]]) Logouttext now uses wiki markup 21339* (bugs [[MediaZilla:5857|5857]], [[MediaZilla:5957|5957]]) Update for German 21340localisation (de) 21341* ([[MediaZilla:5586|bug 5586]]) <nowiki><gallery></nowiki> treated text as 21342links 21343* ([[MediaZilla:5957|bug 5957]]) Update for Hebrew language (he) 21344* ([[MediaZilla:6025|bug 6025]]) SpecialImport: wrong message when no file 21345selected 21346* ([[MediaZilla:6015|bug 6015]]) EditPage: add spacing in the boxes "edit is 21347minor" and "watch this" 21348* ([[MediaZilla:6018|bug 6018]]) Userrights: new message when no user specified 21349('nouserspecified') 21350* ([[MediaZilla:6055|bug 6055]]) Fix for HTML/JS injection bug in variable 21351handler (found by Nick Jenkins) 21352* Reordered wiki table handling and <nowiki>__TOC__</nowiki> extraction in the 21353parser to better handle some overlapping tag cases. 21354* Only the first <nowiki>__TOC__</nowiki> is now turned into a TOC. 21355* ([[MediaZilla:361|bug 361]]) URL in URL, they were almost fixed. Now they are. 21356 21357== MediaWiki 1.6.5 == 21358 21359May 2, 2006 21360 21361* Rolled back the buggy patch for [[MediaZilla:5497|bug 5497]]. 21362 21363== MediaWiki 1.6.4 == 21364 21365May 2, 2006 21366 21367* Further improvements to Hebrew localisation 21368* ([[MediaZilla:5544|bug 5544]]) Fix redirect arrow in Special:Listredirects 21369for right-to-left languages 21370* Replace "doubleredirectsarrow" with a content language check that picks the 21371appropriate arrow 21372* Remove live debugging hack which caused errors with certain database names 21373* ([[MediaZilla:5510|bug 5510]]) Warning produced when using 21374<nowiki>{{SUBPAGENAME}}</nowiki> in some namespaces 21375* ([[MediaZilla:5548|bug 5548]]) Improvements to Indonesian localisation 21376[patch: Ivan Lanin] 21377* ([[MediaZilla:5403|bug 5403]]) Fix Special:Newpages RSS/Atom feeds 21378* ([[MediaZilla:3359|bug 3359]]) Add hooks on completion of file upload 21379* ([[MediaZilla:5184|bug 5184]]) CSS misapplied to elements in 21380Special:Allmessages due to conflicting anchor identifiers 21381* ([[MediaZilla:5519|bug 5519]]) Allow sidebar cache to be disabled; disable it 21382by default. 21383* Add $wgReservedUsernames configuration directive to block account creation/use 21384* ([[MediaZilla:5576|bug 5576]]) Remove debugging hack in session check 21385* ([[MediaZilla:5181|bug 5181]]) Update "nogomatch" for Slovak 21386* ([[MediaZilla:5594|bug 5594]]) Id translation up to '# Login and logout 21387pages' section 21388* ([[MediaZilla:5536|bug 5536]]) Use content language for editing help link 21389* Minor improvements to English language files 21390* Improvements to German localisation files 21391* ([[MediaZilla:5628|bug 5628]]) Translations for MessagesHr.php 21392* (bugs [[MediaZilla:5595|5595]], [[MediaZilla:5644|5644]]) Localisation for 21393Bosnian language (bs) 21394* ([[MediaZilla:5592|bug 5592]]) Actions are logged with the default language 21395for the wiki, not the language of the user performing the operation. 21396* ([[MediaZilla:5646|bug 5646]]) Compare for identical types in wfElement() 21397* Fix for concurrency problem in job queue (image description page invalidation) 21398* ([[MediaZilla:5497|bug 5497]]) regeression in HTML normalization in 1.6 21399(unclosed <nowiki><li>,<dd>,<dt></nowiki>) 21400* ([[MediaZilla:5709|bug 5709]]) Allow customisation of separator for categories 21401* ([[MediaZilla:4834|bug 4834]]) Fix XHTML output when using $wgMaxTocLevel 21402* Improvements to update scripts; print out the version, check for superuser 21403credentials before attempting a connection, and produce a friendlier error if 21404the connection fails 21405* ([[MediaZilla:5005|bug 5005]]): Fix XHTML <nowiki><gallery></nowiki> output. 21406* ([[MediaZilla:5315|bug 5315]]) "Expires: -1" HTTP header made strictly valid 21407(using 1970 date). 21408* ([[MediaZilla:4825|bug 4825]]): note in DefaultSettings.php about 'profiling' 21409table creation 21410* Remove unneeded extra whitespace at top of Special:Categories 21411* Rewrite reassignEdits script to be more efficient; support optional updates 21412to recent changes table; add reporting and silent modes 21413* Updated initStats maintenance script 21414* ([[MediaZilla:5723|bug 5723]]) Don't count pages linked to from the MediaWiki 21415namespace as "wanted" 21416* ([[MediaZilla:5789|bug 5789]]) Treat "loginreqpagetext" as wikitext 21417* ([[MediaZilla:5796|bug 5796]]) We require MySQL >=4.0.14 21418 21419== MediaWiki 1.6.3 == 21420 21421April 10, 2006 21422 21423* Fix disappearing red-linked items in the watchlist editing view 21424* ([[MediaZilla:5512|bug 5512]]) Spacing in "page has a history" deletion 21425warning 21426* ([[MediaZilla:5508|bug 5508]]) Switch ENGINE in table statements back to 21427TYPE; fixes regression where some versions of MySQL 4.0.x wouldn't work 21428* Added note about [[Manual:$wgUrlProtocols|$wgUrlProtocols]] format change 21429 21430== MediaWiki 1.6.2 == 21431 21432April 8, 2006 21433 21434* Further improvements to Hebrew localisation 21435* Fix 'copyright' message for Romanian 21436* ([[MediaZilla:5476|bug 5476]]) Invalid xhtml in German localization 21437* ([[MediaZilla:5479|bug 5479]]) Id translation for preferences tabs caption 21438* ([[MediaZilla:5493|bug 5493]]) Id translation for special pages 21439* Additional path fixes in the updater 21440* ([[MediaZilla:5344|bug 5344]]) Fix regression that broke slashes in extension 21441tag parameters 21442 21443== MediaWiki 1.6.1 == 21444 21445April 5, 2006 21446 21447Some minor issues in the 1.6.0 release have been corrected: 21448* ([[MediaZilla:5458|bug 5458]]) Fix double-URL encoding in block log link in 21449contribs and contribs link in block log 21450* ([[MediaZilla:5462|bug 5462]]) Bogus missing patch warning in updater 21451* ([[MediaZilla:5461|bug 5461]]) Use of deprecated "showhideminor" in 21452Special:Recentchangeslinked 21453* PHP warning when allow_call_time_pass_reference is off 21454* Update to Finnish localization 21455 21456== MediaWiki 1.6.0 == 21457 21458April 5, 2006 21459 21460MediaWiki is now using a "continuous integration" development model with 21461quarterly snapshot releases. The latest development code is always kept "ready 21462to run", and in fact runs our own sites on Wikipedia. 21463 21464Release branches will continue to receive security updates for about a year 21465from first release, but nonessential bugfixes and feature development will take 21466place on the development trunk and will appear in the next quarterly release. 21467 21468Those wishing to use the latest code instead of a branch release can [[Download 21469from SVN|obtain it from source control]]. 21470 21471=== What's new in 1.6 === 21472 21473'''User interface:''' 21474* The account creation form has been separated from the user login form. 21475* Page protection/unprotection uses a new, expanded form 21476 21477'''Templates:''' 21478* Categories and "what links here" now update as expected when adding or 21479removing links in a template. 21480* Template parameters can now have default values, as <nowiki>{{{name|default 21481value}}}</nowiki> 21482 21483'''Uploads:''' 21484* Optional support for rasterizing SVG images to PNG for inline display 21485 21486'''Feeds:''' 21487* Feed generation upgraded to Atom 1.0 21488* Diffs in RSS and Atom feeds are now colored for improved readability. 21489 21490'''Database:''' 21491* MySQL 3.23.x support dropped; 4.0 or later required 21492* Experimental support for Unicode mode of MySQL 4.1/5.0 (moderately tested) 21493* Experimental Oracle support (not well tested!) 21494 21495'''Anti-spam extension support:''' 21496* [[meta:SpamBlacklist extension|SpamBlacklist extension]] now has support for 21497automated cleanup. 21498* Support for a [[meta:ConfirmEdit extension|captcha extension]] to restrict 21499automated spam edits. 21500 21501Numerous bug fixes and other behind-the-scenes changes have been made; see the 21502file HISTORY for a complete change list. 21503 21504== Changes since 1.5 == 21505 21506* (bug 2885) More PHP 5.1 fixes: skin, search, log, undelete 21507 21508Code quality: 21509* Use strval() to make sure we don't accidentally get null on bad revision 21510 text loads or other fields mucking up XML export output 21511* Clean up duplicate code for selection of changeslist style 21512* Correct blob caching to reduce redundant blob loads on backups 21513* (bug 3182) Clear link cache during import to prevent memory leak 21514* Fixed possible infinite loop in formatComment 21515* Wrap message page insertions in a transaction to speed up installation 21516* Avoid notice warning on edit with no User-Agent header 21517* (bug 3649) Remove obsolete, broken moveCustomMessages script 21518* Avoid numerous redundant latest-revision lookups in history 21519* Require PHP 4.3.2 or higher strictly now. 21520* Tweak infinite-template-handling loop for PHP 5.1.1 string handling change 21521* Remove unused OutputPage::addCookie() 21522* Fix for short_open_tag off again; please don't break this, guys 21523* (bug 4507) Adjust FULLPAGENAMEE escaping to standard form 21524* (bug 5302) Merge the two #p-search .pBody statements in monobook css. 21525 21526Database: 21527* Finally dropped MySQL 3.23.x support 21528* Oracle support 21529* (bug 3056) MySQL 3 compatibility fix: USE INDEX instead of FORCE INDEX 21530* Update all stats fields on recount.sql 21531* (bug 3227) Fix SQL injection introduced in experimental code 21532* Fix table prefix usage in Block::enumBlocks 21533* (bug 3448) Set page_len on undelete 21534* (bug 3506) Avoid MySQL error when Listusers returns no results 21535* Skip update of disused 'rc_cur_time' field (todo: discard the field) 21536* (bug 3735) Fix to run under MySQL 5's strict mode 21537* (bug 3786) Experimental support for MySQL 4.1/5.0 utf8 charset mode 21538 NOTE: Enabling this may break existing wikis, and still doesn't 21539 work for all Unicode characters due to MySQL limitations. 21540* MySQL 5.0 strict mode fix for moving unwatched pages 21541* Ability to set the table name for external storage servers 21542* Update ipblocks table in MySQL 5 table defs 21543* Removed FulltextStoplist.php, no longer used (was for MySQL 3.x workaround) 21544* Added templatelinks table, to track template inclusions. User-visible effects 21545 will be: 21546 * (inclusion) tag for inclusions in Special:Whatlinkshere 21547 * More accurate list of used templates on the edit page 21548 * More reliable cache invalidation when templates outside the template 21549 namespace are changed 21550* Respect database prefix in dumpHTML.inc 21551* Removed read-only check from Database::query() 21552* Added externallinks table, to track links to arbitrary URLs 21553* Added job table, for deferred processing of jobs. The immediate application is 21554 to complete the link table refresh operation when templates are changed. 21555* Don't change the password of the MySQL root user. 21556 21557Documentation: 21558* (bug 3306) Document $wgLocalTZoffset 21559 21560Hooks: 21561(list not complete) 21562* Move ArticleSave hook execution into Article insert/update functions, 21563 so they get called on non-EditPage actions that use these functions 21564 to create or update pages. 21565* Added EditFilter hook, and output callback on EditPage::showEditForm() 21566 for a place to add in captcha-type extensions in the edit flow 21567* (bug 3684) Fix typo in fatal error backtraces in Hooks.php 21568* Fix for hook callbacks on objects containing no fields 21569* Add a hook for additional user creation throttle / limiter extensions 21570* Use $wgOut->parse() in wfGetSiteNotice() instead of creating a new parser 21571 instance. This allows use of extension hooks if required. 21572* Added AutoAuthenticate hook for external User object suppliers 21573* Added 'PageRenderingHash' hook for changing the parser cache hash key 21574 from an extension that changes rendering based on nonstandard options. 21575* Add 'GetInternalURL' hook to match the GetFullURL and GetLocalURL ones 21576* (bug 4456) Add hook for marking article patrolled 21577* Add UserRights hook, fires after a user's group memberships are changed 21578 21579Images: 21580* Support SVG rendering with rsvg 21581* Cap arbitrary SVG renders to given image size or $wgSVGMaxSize pixels wide 21582* (bug 3127) Render large SVGs at image page size correctly 21583* Fix scaling of non-integer SVG unit sizes 21584* (bug 2800) Don't scale up small images on |thumb| without explicit size 21585* Use the real file link instead of the default-size rasterized version for 21586 large SVG images on image description page 21587* Include the file name/type/size line for non-resized images 21588* (bug 3489) PHP 5.1 compat problem with captioned images 21589* (bug 3643) Fix image page display of large images with resizing disabled 21590* Added a limit to the size of image files which can be thumbnailed 21591* (bug 3806) Gracefully fall back to client-side scaling on |thumb| image 21592 that passes $wgMaxImageArea 21593* (bug 153) Adjust thumbnail size calculations to match consistently; 21594 patch by David Benbennick 21595* (bug 4162) Add $wgThumbnailEpoch timestamp to force old thumbs to 21596 be rerendered on demand, sitewide 21597* (bug 1850) Additional fixes so existing local and remote images 21598 get a blue link even if there's no local description page 21599* Avoid FATAL ERROR when creating thumbnail of non-existing image 21600* (bug 4207) Wrong image size when using 100x200px syntax to scale image up 21601 patch by David Benbennick 21602* Don't delete thumbnails when refreshing exif metadata. This caused thumbs 21603 to vanish mysteriously from time to time for files that didn't have metadata. 21604* (bug 4426) Add link to user_talk page on image pages 21605* Support a custom convert command for thumbnailing. See DefaultSettings.php 21606 and the comments for $wgCustomConvertCommand, for more information. 21607* UserCan hook now allows advisory return values, rather than mandatory ones. 21608 21609Installer: 21610* (bug 3782) Throw fatal installation warning if mbstring.func_overload on. 21611 Why do people invent these crazy options that change language semantics? 21612* Fixed installer bugs 921 and 3914 (issues with using root and so forth) 21613* (bug 4258) Use ugly urls for ISAPI by default 21614 patch by Rob Church 21615* Improve installer 21616 * Use a superuser account (such as root), if specifed, to create tables 21617 * Don't overwrite conservative permissions on the mySQL user with ALL 21618 permissions, if said user exists 21619 * Changes to some of the wording of explanations for fields 21620* (bug 1734) granting db permissions failed with db usernames containg '-' 21621* Add basic check for session support in PHP and die if not present 21622 21623Maintenance: 21624* Fix problem reported on mailing list where re-initialising stats didn't work 21625 (can't insert duplicate rows with the same id field) 21626* Added --conf option to command line scripts, allowing the user to specify a 21627 different LocalSettings.php. 21628* Maintenance script to delete unused text records 21629* Maintenance script to delete non-current revisions 21630* Maintenance script to wipe a page and all revisions from the database 21631* Maintenance script to reassign edits from one user to another 21632* Maintenance script to find and remove links to a given domain 21633 (cleanupSpam.php) 21634* Fix --report interval option for dumpTextPass 21635 21636i18n / Languages: 21637* Partial support for Basque language (from wikipedia and meta) 21638* (bug 3141) Partial support for Breton language (thanks Fulup). 21639* Support for venitian language 21640* (bug 1334) LanguageGa.php update 21641* Finnish date format was hardcoded, now implemented properly 21642* (bug 3190) Added some date format choices for language sr 21643* (bug 2753) Some namespaces were not translated in LanguageTa.php (Tamil) 21644* (bug 3204) Fix typo breaking special pages in fy localization 21645* (bug 3177) Estonian date formats not implemented in LanguageEt.php 21646* (bug 1020) Changing user interface language does not work immediately 21647* (bug 3271) Updated LanguageNn.php for HEAD 21648* Experimental feature to allow translation of block expiry times 21649 Implementation only for Finnish currently 21650* (bug 3304) Language file for Croatian (LanguageHr.php) 21651* (bug 2143) Update Vietnamese interface 21652* (bug 3063) Remove some hardcodings from Hebrew localisation 21653* (bug 3408) Bulgarian formatNum corrected 21654* (bug 1512) Disable x-code interp on Esperanto URLs for now, it does more 21655 harm than good under current system by breaking incoming URLs with "ux". 21656 (Editing is not affected, just URLs.) 21657* (bug 1423) LanguageJa.php update 21658* Fix language name for dv 21659* (bug 3503) Update LanguageSq.php from sq.wikipedia.org messages 21660* (bug 3629) Fix date & time format for Frisian 21661* (bug 3334) Namespace changes for Polish 21662* (bug 3580) Change default Dutch language file to more neutral 21663* (bug 3656) LanguageHr.php - added convertPlural 21664* (bug 3414) LanguageBe.php - added convertPlural 21665* (bug 3163) Full translation of LanguageBr 21666* (bug 3617) Update for portuguese language (pt) 21667* Namespaces hacks on LanguagePl 21668* (bug 3682) LanguageSr.php - added convertPlural 21669* (bug 3694) LanguageTr.php update 21670* (bug 3711) Removed invisible unicode characters from LanguageHu 21671* (bug 2981) Linktrail for Tamil (ta) 21672* (bug 3722) Update of Arabic language (ar) Namespace changes 21673* Removed hardcoded Norwegian (no) project namespaces 21674* (bug 2324) image for redirects should be without text and oriented according 21675 to content language 21676* (bug 3666) Don't spew PHP warnings in prefs on unrecognized site language 21677* (bug 3817) Use localized date formats in preferences; 'no preference' option 21678 localizable as 'datedefault' message. Tweaked lots of languages files... 21679* (bug 2721) Regression: Use European number separators for vi: wikis 21680* (bug 3961) minor languageDe changes 21681* (bug 1984) LanguageKo.php (Korean) update 21682* (bug 3804) update of LanguageWa.php file 21683* (bug 3886) Update for Portuguese language (pt) 21684* (bug 4020) Update namespaces for ms 21685* (bug 3922) bidi embedding overrides on category links 21686* (bug 4061) Update of Slovene namespace names (LanguageSl.php) 21687* (bug 4064) LanguageDe comma changes 21688* (bug 3922) Further tweaks to bidi overrides in category list for old 21689 versions of Safari and Konqueror 21690* Fix custom namespaces on wikis set for Portuguese 21691* (bug 4153) Fix block length localizations in Greek 21692* (bug 3844) ab: av: ba: ce: & kv: now inherit from LanguageRu.php 21693 ii: & za: now inherit from LanguageZn_cn.php 21694* (bug 4165) Correct validation for user language selection (data taint) 21695* (bug 4192) Remove silly 'The Free Encyclopedia' default sitesubtitle 21696* Use content-lang for sitenotice 21697* (bug 4233) Update LanguageJa.php 21698* (bug 4279) Small correction to LanguageDa.php 21699* (bug 4108, 4336) Remove trailing whitespace from various messages, which 21700 mucks up message updating to create dupe entries 21701* (bug 4389) Fix math options on zh-hk and zh-tw (but not localized) 21702* (bug 4392) Update of LanguageSr.php 21703* (bug 4382) Frisian numeric format 21704* (bug 4424) Update for Spanish language (es) 100% messages translated 21705* (bug 4425) Typos in Polish translation 21706* (bug 4436) Update for Turkish language (tr) 21707* (bug 4413) Update of Farsi language file (LanguageFa.php) 21708* Update for LanguageSr (Serbian): magic words 21709* (bug 137) MediaWiki:Copyrightwarning hardcoding 21710* (bug 4457) Update for Portuguese language (pt) 21711* convertPlural breakage fixed a little 21712* (bug 4144) Support for Sudanese language (Basa Sunda) 21713* Big cleanup: 21714 - Removed obsolote, badly or untranslated messages 21715 - Removed references to wikipedia/wikimedia etc in messages 21716 - Other cleanup, like removing html and javascript and extension calls 21717 - Removed hardcoded namespaces: Tt, Ms, Ia, Ga, Fo, Bn, Csb, He, Nv, Oc, Tlh 21718 - Removed some useless backwards compatibility hacks 21719 - Fixed formatnum on many languages 21720* wgAmericanDates check produced incorrect results in languages that don't have 21721 a such distinction 21722* (bug 4548) Update for Portuguese language (pt): time format 21723* (bug 4530) Use consistent name for Kurdish 21724* Tweak default "upload disabled" text 21725* (bug 4504) Use site language for namespace name resolution 21726* (bug 4510) Correct Barnes & Noble bookstore URLs 21727* (bug 3991) Allow the operation of wikicode on Protect move only text 21728* (bug 4267) Switch dv sd ug ks arc languages to RTL 21729* Default main page content improved per bug 4690 21730* (bug 4615) Update for Portuguese language (pt) 21731* Separated MessagesSl.php as the other languages. 21732* (bug 4960) Add additional namespaces variants to Yiddish for compatibility 21733* (bug 4805) Removed more wikipedia-references from MessagesUk.php 21734* (bug 5015) Update magic words translation in LanguageBe.php 21735* (bug 4859) Update for Portuguese messages (pt) 21736* (bug 4788) One string for MessagesPl 21737* Restriction types now use restriction-* messages instead of ui messages 21738* (bug 4685) Slovenian LanguageSl.php hardcodes project namespace 21739* (bug 5097) Fix Hungarian language (hu): thousands separator 21740* (bug 5098) Update for Portuguese messages (pt) 21741* (bug 5113) Spelling error in French language file 21742* (bug 5105) Magic words for LanguageAr.php 21743* (bug 3993) Variants for Serbian language 21744* Typo in English messages file 21745* (bug 4114) Spacing in watchlist rows (in editing mode) 21746* Update default "exporttext" to reflect that Special:Import exists 21747* (bug 4960) Add additional namespaces variants to Yi projects: Yiddish Wikinews 21748 fix 21749* (bug 5357) Add the icon near the user name also in RTL interfaces 21750* (bug 5156) Update for Hebrew language (he) 21751* (bug 4497,4704,5010) Added some new language codes. 21752* (bug 5362) Piedmontese added 21753* (bug 5349) Update for Portuguese messages (pt) 21754* (bug 3573) Finished full Greek translation: namespaces 21755* (bug 5288) Initial localisation for Az 21756* (bug 4361) Fix "allmessagesnotsupportedui" so it doesn't refer to nonexisting 21757 page 21758* Tweak wording of "allmessagesnotsupporteddb" 21759 21760Parser: 21761* (bug 2522) {{CURRENTDAY2}} now shows the current day number with two digits 21762* (bug 3210) Fix Media: links with remote image URL path 21763* (bug 3405) Don't use raw letters as aliases of MSGNW: and SUBST: 21764* (bug 3412) Clean up date format handling so ~~~~-sigs work with default 21765 format as designed. Documentation comments updated. 21766* Fix Parser::unstrip on PHP 5.1.0RC4 21767* (bug 3797) Don't expand variables and sigs in comments 21768* Allow parser cache on redirect targets 21769* Run wikitext-escaping on plaintext sigs (no wiki markup, just name) 21770* Check for unbalanced HTML tags on raw sigs (markup allowed, but show 21771 a warning in prefs and use default sig if not balanced) 21772* Respect <noinclude> and <includeonly> during {{subst:}} expansion as well as 21773 ordinary templates. 21774* Support <includeonly> in templates loaded through preload= parameter 21775* (bug 3979) Save correct {{REVISIONID}} into parser cache on edit 21776* Substitute {{REVISIONID}} correctly in diff display 21777* (bug 1850) Allow red-links on image pages linked with [[:image:foo]] 21778* Fix XML validity checks in parser tests on PHP 5.1 21779* (bug 4377) "[" is not valid in URLs 21780* (bug 4453) fix for __TOC__ dollar-number breakage 21781* Convert unnecessary URL escape codes in external links to their equivalent 21782 character before doing anything with them. This prevents certain kinds of 21783 spam filter evasion. 21784* (bug 4783) : Fix for "{{ns:0}} does not render" 21785* Improved support for interwiki transclusion 21786* (bug 1850) Image link to nonexistent file fixed. 21787* (bug 5167) Add {{SUBPAGENAME}} and {{SUBPAGENAMEE}} variables 21788* (bug 4949) Missing : in "addedwatchtext" for English and Spanish 21789* Allow user-defined functions, which work in a similar way to {{GRAMMAR:}} 21790 etc. Registered via an interface similar to tag hooks. 21791 21792Upload: 21793* (bug 2527) Always set destination filename when new file is selected 21794* (bug 3076) Support MacBinary-encoded uploads from IE/Mac 21795* (bug 2554) Tell users they are uploading too large file 21796* Support for a license selection box on Special:Upload, configurable from 21797 MediaWiki:Licenses 21798* Add 'reupload' and 'reupload-shared' permission keys to restrict new uploads 21799 overwriting existing files; default is the old behavior (allowed). 21800 21801Security: 21802* (bug 3244) Fix remote image loading hack, JavaScript injection on MSIE 21803* (bug 3280) Respect 'move' group permission on page moves 21804* (bug 2613) Clear saved passwords from the form 21805* IP privacy fix for blocklist search on autoblocks 21806* Security fix for <math> 21807* Security fix for tables 21808* Security fix for Special:Upload license selection list 21809* Add UploadVerification hook for custom file upload validation/security checks 21810* Blacklist additional MSIE CSS safety tricks 21811* Fix meta robots tag on Special:Version again to avoid listing vulnerable 21812 versions for convenient harvesting by automated worms 21813* Sanitizer CSS comment processing order fix 21814* Forbid usernames that can be interpreted as titles with namespaces, as that 21815 leads to hard-to-manage names. 21816* (bug 4071) Generate passwords long enough for $wgMinimalPasswordLength 21817* Add createpage and createtalk permission keys, allowing a quick 21818 switch to disable page creation for anonymous users. 21819* (bug 675) Add page protection level for unregistered/new accounts 21820* User::isNewbie now uses the registration date and $wgAutoconfirmAge 21821* Add 'deletedhistory' permission key for ability to view deleted history 21822 list via Special:Undelete. Default is off, replicating the 1.5 behavior, 21823 but it can be turned back on for random users to replicate the previous 21824 1.6 dev behavior. 21825* Set cookies to secure mode based on use of HTTPS or $wgCookieSecure 21826* (bug 4371) Disallow tilde character in signatures 21827* Removed broken wgAllowAnonymousMinor and added new group right minoredit 21828* Added detection for WMF files (application/x-msmetafile), added this 21829 MIME type to the default blacklist. Prevented inline display of images 21830 which are not of known image types. This is in response to 21831 http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability 21832* Blocked users can no longer roll back, change the protection of, or 21833 delete/undelete pages 21834* Protect against spoofing of X-Forwarded-For header 21835* XSS issue : now sanitize search query input (fixed in 1.5rc3) 21836* Remove deprecated $wgOnlySysopsCanPatrol references; use 21837 User::isAllowed( 'patrol' ) 21838 per bug 5282. Patch by Alan Harder. 21839* Prevent registration/login with the username "MediaWiki default" 21840 21841Special Pages: 21842* Rearranged Special:Movepage form to reduce confusion between destination 21843 title and reason input boxes 21844* (bug 1956) Hide bot uploads from Special:Newimages 21845* (bug 3220) Fix escaping of block URLs in Recentchanges 21846* (bug 3284) Ipblocklist paging, substring search 21847* Allow filtering of robot edits in Special:Watchlist by setting 21848 $wgFilterRobotsWL = true. 21849* Fix interlanguage links on special pages when extra namespaces configured 21850* (bug 3475) anon contrib links on Special:Newpages 21851* Special:Import/importDump fixes: report XML parse errors, accept <minor/> 21852* (bug 2369) Add separate message for input box on Special:Prefixindex 21853* (bug 3798) DoubleRedirects no longer has hard coded arrows 21854* (bug 3803) Fix links on Special:Wantedcategories with miser mode off 21855* Fix Special:BrokenRedirects on MySQL 5.0 21856* (bug 3807) Fix 'all' in namespaces drop-down on contribs, rc 21857* Fail gracefully on invalid namespace in Special:Newpages 21858* (bug 3762) Define missing Special:Import UI messages 21859* (bug 3761) Avoid deprecation warnings in Special:Import 21860* (bug 2894) Enhanced Recent Changes link fixes 21861* (bug 4059) fix 'hide minor edits' on Recentchangeslinked 21862* (bug 146) List number of category members in Special:Categories 21863 (patch by Joel Nothman) 21864* (bug 4090) Fix diff links in Special:Recentchangeslinked 21865* (bug 4093) '&bot=1' in Special:Contributions now propagate to other links 21866* Fix display of old recentchanges records for page moves 21867* (bug 360) Let Whatlinkshere track [[:image:foo]] links 21868* (bug 3073) Keep search parameter on paging in Special:Newimages 21869* Removed Special:Validate, it's been superseded by the Review extension 21870* (bug 4359) red [[user:#id]] links generated in [[special:Log]] 21871* (bug 1996) Special page to list redirects 21872* (bug 4334) Add "watch" links to Special:Unwatchedpages 21873* Generate target user page links in Special:Ipblocklist where appropriate 21874 (i.e. not an autoblock) 21875* Generate link to talk page of the blocker in Special:Ipblocklist, move 21876 contribs. link of the target next to their name 21877* (bug 2714) Backlink from special:whatlinkshere was hard set as 'existing' 21878* Move parentheses out of <a> link in Special:Contributions 21879* (bug 3192): properly check 'limit' parameter on Special:Contributions 21880* (bug 3187) watchlist text refer to unexistent "Stop watching" action 21881* Add block, block log and general log links to Special:Contributions 21882* Add contributions link to block log items 21883* Added optional "hide own edits" feature to Special:Recentchanges 21884* (bug 5018) Anchors for each message in Special:Allmessages 21885* Introduce $wgWantedPagesThreshold per bug 5011; Special:Wantedpages will not 21886 list pages with less than this number of links. Defaults to 1. 21887* (bug 4319) Don't show a "create account" link on the login form when 21888 account creation is disabled. 21889* JavaScript filter for Special:Allmessages 21890* (bug 3047) Don't mention talk pages on Special:Movepage when there isn't one 21891* Show links to user page, talk page and contributions page on Special:Newpages 21892* Special:Export can now export a list of all contributors to an article (off by 21893 default) 21894* (bug 5372) Add number of files to Special:Statistics 21895* (bug 2871) Links to talk pages in watchlist editing view 21896* (bug 5385) Allow hiding anonymous edits on Special:Recentchanges 21897* (bug 2544) Illogical error reporting order in Special:Userlogin 21898* (bug 5409) Hide "show/hide patrolled edits" in Special:Recentchanges if 21899 patrolling is disabled 21900* (bug 5447) Convert first letter of username to uppercase before searching in 21901 Special:Listusers 21902* (bug 759) Wrap redirects on the watchlist editing page in a span, class 21903 "watchlistredir" 21904* (bug 1862) Namespace filtering in watchlists 21905 21906Misc.: 21907* PHP 4.1 compatibility fix: don't use new_link parameter to mysql_connect 21908 if running prior to 4.2.0 as it causes the call to fail 21909* (bug 3117) Fix display of upload size and type with tidy on 21910* (bug 2323) Remove "last" tabindex from history page 21911* (bug 3116) Division by zero on [[Image:Foo.png|123x123px|]] 21912* Fix display of read-only lockfile message 21913* Include software-visible client IP address in Special:Version comment 21914 as a proxy debugging aid 21915* (bug 3170) Page Title failed to obey MediaWiki:Pagetitle. 21916 wikititlesuffix was removed 21917* Add ability to break off certain debug topics into additional log files; 21918 use $wgDebugLogGroups to configure and wfDebugLog() to log. 21919* Edit conflict on recreation of deleted page 21920* (bug 3216) Don't show empty warning page when no warnings. 21921* (bug 3218) Use proper quoting on history Compare Revisions button 21922* Fix upgrade from 1.4 due to version number check breakage [for rc future] 21923* Fix upgrade from 1.4 with no old revisions 21924* Remove "info" editing toolbar that was shown in browsers which do not 21925fully support the editing toolbar, but was found to be too confusing. 21926* Don't override edit conflict suppression on section edits; section merging 21927 should provide the expected transparency here and fits usage patterns better. 21928* (bug 3292) Fix move-over-redirect test when current entries are not plaintext 21929* (bug 2078) Don't hide watch tab on preview 21930* Fix regressions in ChangesList traditional layout 21931* Fix edit on double-click for move-protected pages in Classic skin 21932* (bug 3485) Fix bogus warning about filename capitalization when off 21933* (bug 2570) Add 'watch this page' checkbox on uploads, watch uploads 21934 by default when 'watchdefault' option is on 21935* Add options to dumpBackup.php for making split/partial dumps by page id 21936* Added filter options, compression piping, and multiple output streams for 21937 dumpBackup.php 21938* (bug 3595) Warn and abort if importDump.php called in read-only mode. 21939* (bug 3598) Update message cache on message page deletion, patch by Tietew 21940* Added separate noarticletext and newarticletext messages for logged in and 21941 anon users. 21942* (bug 3332) Installation now uses Monobook, validates, plus usability 21943 improvements. 21944* (bug 3660) Update diff3 detection to work with Windows/Cygwin 21945* (bug 2330) Don't do funny thinks with "links" in MediaWiki:Undeletedtext 21946* Two-pass data dump for friendliness to the DB (--stub, then dumpTextPass.php) 21947* Data dump 'prefetch' mode to read normalized text from a prior dump 21948 (requires PHP 5, XMLReader extension) 21949* (bug 2773) Print style sheet no longer overrides RTL text direction 21950* (bug 2938) Update MediaWiki:Exporttext to be more general 21951* Various fixes 21952* Fix wfMsg*() replacements; args containing literal $[2-9] were wiped 21953* Added @import for [[MediaWiki:Common.css]] to all skins 21954* Edit box now remembers scrollbar position on preview 21955* (bug 3816) Throw edit conflict instead of fatal error when a page is 21956 moved or deleted during section edit 21957* (bug 3771) Handle internal functions in backtrace in wfAbruptExit() 21958* (bug 3291) 'last' diff link for last history line when not at end 21959* (bug 3667) Add missing global in page move code 21960* (bug 2885) Remove unnecessary reference parameter which broke classic skin 21961 talk notification on PHP 5.0.5 21962* (bug 3852) "Redirected from" link no longer obscured on double-redirects 21963* changed directory hierarchy in images/math/. System upgrades from old to 21964 new hierarchy on the fly. 21965* (bug 3487) Fix category edit preview with preview-on-bottom 21966* (bug 918) Search index incorrectly joined words at == headings == 21967* (bug 3877) Render math images into temp directory, then move to hashed 21968 subdir so you can render new math images and have them work 21969* (bug 2392) Fix Atom items content type, upgrade to Atom 1.0 21970* Allow $wgFeedCacheTimeout of 0 to disable feed caching 21971* Fix WebRequest::getRequestURL() to strip off the host bits squid prepends 21972* Require POST for action=purge, to stop bots from purging the cache 21973* Added local message cache feature ($wgLocalMessageCache), to reduce bandwidth 21974 requirements to the memcached server. 21975* (bug 3562) for go search, try Caps-Variants-Broken-At-Non-Whitespace 21976* (bug 2569) Use PATH_SEPARATOR instead of trying to guess based on 21977 DIRECTORY_SEPARATOR (was wrong on NetWare) 21978* (bug 2740) Accept image deletions on 'enter' submit from MSIE 21979* (bug 3939) Don't try to load text for interwiki redirect target 21980* (bug 3948) Avoid notice warning in debug statement in bad search 21981* Recognize Special:Search consistently so read whitelist works 21982* (bug 3999) Change atom 1.0 feed id; had been unnecessarily complex due to 21983 unclear language in the spec. Now using the URL, same as the permalink, 21984 which someone else will probably whine about because it's not 'perma' 21985 enough or something. 21986* (bug 4014) Fix include mode for Allpages on small page sets 21987* (bug 3996) Fix text for new entries in RC RSS/Atom feed 21988* (bug 3065) Update both watched namespaces when renaming pages 21989* Changed mail form to have a bigger message entry box (like for editing 21990 a page 21991* Fix ulimit parameters for wfShellExec when memory_limit is specified in 'm' 21992* (bug 2111) Collapsable exif metadata table, clean up display 21993* Reduce fractions in display of exif exposure time 21994* (bug 4048) Optional footer link to site privacy policy 21995* Don't die() when update.php reaches the end of the warning count 21996* (bug 1915) Fix edit links when 'direction' used with 'oldid'; 21997 using revision ID reported via OutputPage; Skin::editUrlOptions() 21998* Remove obsolete 'redirect=no' on some edit links 21999* Include oldid for the second revision on edit link on diff view 22000* (bug 4035) Fix prev/next revision links on edit page 22001* (bug 4100, 3049) Add 'edittools' message to hold edit tools, put it 22002 on Special:Upload as well as edit, rearrange edit page pieces a bit. 22003 Copyright warning now above the buttons to ensure it's visible, 22004 template list at the bottom so it can grow. 22005* Optional summary parameter to action=rollback, for user javascript 22006* (bug 4167) Fix regression caused by patch for bug 153 22007* (bug 4169) Use $wgLegalTitleChars in pipe trick conversions 22008* (bug 4170) Decode HTML character escapes in sort key 22009* (bug 4201) Fix user-talk mode for Enotif, and general code cleanup 22010* (bug 4214) Skip redundant action text inserts into the HTML <title> 22011* (bug 4212) Skip redundant meta-robots tag for default settings 22012* Fix regression: old version missing from edit links in Nostalgia skin 22013* (bug 1600) Trigger edit conflict on duplicate section=new submissions 22014* (bug 4001) Use local variables properly in wikibits.js akeytt() 22015* Fix regression: old version missing from edit links on CSS/JS pages 22016* (bug 3211) Include Date, To mail headers when using PEAR::Mail 22017* (bug 3407) Fix encoding of subject and from/to headers on notification 22018 mails; userMailer() now takes a MailAddress wrapper object instead of 22019 a raw string to abstract things a level. 22020* Fixed --server override on dumpTextPass.php 22021* Added plugin interface for dumpBackup, so additional filters and output 22022 sink types can be registered at runtime from an extension 22023* (bug 349) Fix for some numeric differences not being highlighted 22024 patch by Andrius Ramanauskas 22025* (bug 4298) Include rc_id on enhanced RC singleton diff links for patrolling 22026* Did some refactoring on ChangesList.php merging dupe code 22027* (bug 1586) Fix interwiki generator for wikimedia obscure domains 22028* (bug 3493) Mark edits patrolled when they are reverted 22029 patch by Leon Planken 22030* Removed experimental Amethyst skin from default set 22031* Upgrade old skin preferences properly at Special:Preferences 22032 (used to spontaneously switch to Classic skin for old numeric pref records) 22033* (bug 3424) Update page_touched for category members on category page creation 22034* Log views show message when no matches 22035* Fix raw sitenotice display on database error 22036* Fix autoconfirm check for old accounts 22037* (bug 4368) Don't show useless empty preview on new section creation 22038* Don't show useless empty preview on new page creation 22039* (bug 4411) Fix messages diff link for classic skin 22040* (bug 4385) Separate parser cache entries for non-editing users, so section 22041 edit links don't vanish / appear unwanted on protected pages 22042* (bug 2726, 3397) Fix [[Special:]] and [[:Image]] links in action=render 22043* (bug 4419) Remove obsolete magnify.png.old 22044* Removed $wgUseCategoryMagic option, categories are now enabled unconditionally 22045* (bug 3318) UI workarounds for disabled items in license selector 22046 MSIE/Win: items now grayed out, JS will revert to 'non selected' if clicked 22047 Safari: JS will revert to 'non selected' if clicked (but not gray) 22048 MSIE/Mac: indented items now visible (JS hack) 22049* (bug 714) "plainlinks" class issues in IE, Opera 22050* (bug 4317) Inconsistent "broken redirects" messages 22051* Default interface text for "selflinks" tweaked 22052* (bug 3194) default implementation of translateBlockExpiry 22053 which uses ipboptions 22054* (bug 4446) $wgExportAllowHistory option to explicitly disable history in 22055 Special:Export form, 'exportnohistory' message to translate live hack. 22056* Maintenance script to delete unused user accounts 22057* (bug 912) Search box easier to reach in text browsers (lynx, links) 22058* $wgParserCacheExpireTime added 22059* Skip loading of RecentChange.php except where needed 22060* Enforce $wgSVGMaxSize when rendering, even for SVGs with a very large source 22061 size. This is necessary to limit server memory usage. 22062* Cleanup and error checking on Special:Listredirects 22063* Clear up some instances of old OutputPage::sysopRequired() function usage 22064* Improve "upload disabled" notice 22065* Move parts of index.php to include/Wiki.php in an attempt to both cleanup 22066 index.php and create a MediaWiki-class mediaWiki base object 22067* (bug 4104) Added OutputPageBeforeHTML hook for tweaking primary wiki output 22068 HTML on final output (cached or not) 22069* Avoid PHP notice on command-line scripts if empty argument is passed ('') 22070* (bug 4571) Partial fix hack for {{fulllurl:}} in action=render 22071* (bug 3502) Bowtie symbol for TeX 22072* (bug 4000) Support for \textstyle et al. in <math> 22073* (bug 1663) support color in TeX formulas 22074* (bug 2026) missing glue around \not= (TeX) 22075* (bug 4576) Missing '>' broke license selector's first option in IE, Opera 22076* Override $wgLocaltimezone in parser tests for us outside Iceland and UK 22077* Fix extra whitespace at end of Wiki.php, DESTROYS XML OUTPUT 22078* Remove redundant 'echo' statements from MonoBook.php 22079* (bug 1103) Fix up redirect handling for images, categories 22080 Redirects are now followed from the top-level, outside of the Article 22081 content loading and viewing, for clarity and consistency. 22082* (bug 4104) 'OutputPageBeforeHTML' hook to postprocess article HTML on 22083 page view (comes after parser cache, if used). Patch by ThomasV. 22084* Linker::formatComment corrupted the passed title object on PHP 5 22085 if the comment included a section link. Use clone() to make a safe copy. 22086* Add wfClone() wrapper since we're still using PHP 4 on some servers. 22087* Remove obsolete killthread.php 22088* Added wfDie() wrapper, and some manual die(-1), to force the return code 22089 to the shell to return nonzero when we crap out with an error. 22090* Allow input of the stub from a compressed file instead of stdin 22091 for dumpTextPass.php; easier to get errors back on the shell 22092* Added an attractive space on the namespace selector on contribs 22093* Move PHP 5-friendly XHTML doctype hack to Sanitizer, use for sig checks. 22094 Fixes use of named entities in sigs on PHP 5 22095* (bug 4482) Include move comment on the null edit as well as the redirect 22096* (bug 3990) Use existing session name if session.auto_start is on 22097 Fixes checks for open sessions, such as the cookie warning on login. 22098 Patch by Zbigniew Braniecki. 22099* Add cache-safe alternate sitenotice for anonymous users. 22100 (MediaWiki:Anonnotice) This is displayed instead of the regular sitenotice, 22101 if it exists. If not, the regular sitenotice shows. If that doesn't exist, 22102 the value of $wgSiteNotice is used, and if that's null, then nothing is shown. 22103* Spit the generated LocalSettings code out during the installer as an aid 22104 to debugging issues. (Keep this?) 22105* Use __FILE__ to form path in new LocalSettings.php, so it stays accurate 22106 when the directory is relocated for typical usage. 22107* Auto-update $wgCacheEpoch when LocalSettings.php changes on new installs. 22108 For typical usage this will be a light burden and should reduce confusion 22109 when the configuration is edited. 22110* Fix $wgCacheEpoch's effect on client-side caching. 22111* (bug 1122) gray out 'older revision' when viewing first article revision. 22112* Clearer message in DefaultSettings.php: edit LocalSettings.php instead 22113* MonoBook skin top link id changed from "contentTop" to "top" (shared with 22114 name attribute) 22115* (bug 3350) Missing label for move talk page checkbox. 22116* (bug 2108) Sort entries when using category browser 22117* (bug 2393) Fix MIME type for Atom feeds ( application/rss+atom ) 22118* Add ".deps.php" include-file preloaders for some dynamically-loaded 22119 language and skin classes. Should help with the broken base-class 22120 problem under PHP 5 with APC as opcode cache. See details: 22121 http://mail.wikipedia.org/pipermail/wikitech-l/2006-January/033660.html 22122* Small changes to tabs in Monobook skin c/o Chris Ware 22123* (bug 4679) Work around buggy basename() function in PHP5, which breaks 22124 uploads of files starting with multibyte characters on Linux. 22125 wfBaseName() doesn't suffer this bug, and understands backslash on 22126 both Unix and Windows. 22127* (bug 3603) headscripts variable not hooked up to MonoBook skin 22128* Allow local cdb-based interwiki cache 22129* Use the "block", not the "protect" permission, when determining whether to 22130 show a "block user" link in the toolbox 22131* Fix backup dump text prefetch for XMLReader constant changes in PHP 5.1 22132* Suppress useless percentage indicator on output from 7za during dumps 22133* (bug 4633) Add (previous 200) (next 200) also above catlinks 22134* (bug 4686) Fix regression where ?diff=0&oldid=0 caused fatal error on 22135 pages with only one revision. Fixes message diff link on first edit. 22136* Fix dependence on hardcoded UNIQ_PREFIX in LanguageConverter.php 22137* Do not check lag on external storage servers 22138* Do not tidy interface messages (unless full tidy is set) 22139* Do not trust equality propagation and give more hints to MySQL 22140 optimizer for revision fetches (avoids index scans) 22141* Use revision rate for ETA in dump generation; it tends to be more stable 22142 than the per-page count for full-history dumps. 22143* Include timestamp in wfDebugLog breakouts 22144* (bug 4469) Namespace-specific notice to be displayed below site-notice 22145 Edit messages like "MediaWiki:Namespacenotice-" plus namespace name 22146 which is blank for main namespace, or like e.g. "User_talk" 22147* Adjust user login/creation form hooks to work with a captcha plugin 22148* (bug 1284) Inline styles for diffs in Recent Changes RSS/Atom feeds 22149* (bug 4824) IE7 beta 2 broke compatibility with PNG logo workarounds, 22150 and seems to work ok with other bits. No longer including the IE 22151 workarounds JavaScript for IE 7 and above. 22152* Fix extra namespace for Bulgarian 22153* (bug 4303) Add $wgFavicon to change the shorticon icon link from 22154 the default /favicon.ico or disable it (if set to false) 22155* (bug 3347) strip linebreaks in math error source 22156* (bug 4841) Warning for non-logged-in edits 22157* (bug 4867) Leave invalid EXIF date fields unformatted instead of 22158 showing a bogus current timestamp 22159* Reset $wgActionPaths during parser test; corrects some false failures 22160 in the automated test report. 22161* (bug 4875) Define a div containing the shared image description 22162* (bug 4860) Expose Title->userCan() as Hooks 22163* (bug 4828) Fix genitive month-name variable for cs, pl, uk 22164* (bug 4842) Fix 'show number of watching users' with enhanced RC 22165* (bug 4889) Fix image talk namespace for Tamil 22166* (bug 4147) Added cleanupWatchlist.php to clear out bogus watchlist entries 22167* (partial bug 3456) Disable auto redirect to Main Page after account creation 22168* (bug 4824) Separate out IE7 CSS compat hacks, fix for RTL pages 22169* Added support for wikidiff2 and similar external diff engines. 22170* Allow cookies to be shared between multiple wikis with a shared user database 22171* Blocking some Unicode whitespace characters in usernames. Should check 22172 if some or all should be blocked from all page titles. 22173* Unknown log types no longer throw notices everywhere in RecentChanges 22174* (bug 4502, 5017) Don't render potentially hostile deleted page contents 22175 on Special:Undelete by default; show source, with an optional preview. 22176 The revisions list no longer shows the latest text by default, so it can 22177 still be operated if the text is hostile. 22178* (bug 5013) Check for existence on "return to" links 22179* Removed trailing whitespace on a bunch more messages. 22180* Fix missing bad title check in Special:Booksources 22181* Remove empty booksources string in fy 22182* Avoid corrupting <gallery> inside <!-- comment --> 22183* Remove legacy PHPTal code, hasn't been maintained in ages. 22184* Tweak Userlogin include order for APC issue 22185* Don't try to link to current page on protection tab 22186* More exact checking in Title::equals() to fox moves of numerically similar 22187 page titles. (Odd hex title bug on 64-bit.) 22188* Fix explicit s-maxage=0 on raw pages; should help with proxy issues in 22189 generated stylesheets... hopefully... 22190* (bug 4685) More fixes for Slovenian project namespace 22191* Fixed and enhanced a little the Live Preview, which had been broken for some 22192 time 22193* Added article size limit, $wgMaxArticleSize 22194* (bug 4974) Don't follow redirected talk page on "new messages" link 22195* (bug 4970) Make category paging limits configurable 22196* (bug 4535) Warn user when editing CSS or JS subpage of a skin that doesn't 22197 exist 22198* Make Live Preview an user preference, still controllable by the global 22199 variable 22200* Rename the stub LanguageAls / LanguageGem_alsation to LanguageGsw to follow 22201 updated language code assignments 22202* (bug 5081) Remove bogus fix for invalid characters in links which simply 22203 broke use of legitimate multiple whitespace characters in bracketed link. 22204* (bug 4838) Add relative oldids (prev, next, cur) for raw pages 22205 Patch by Lupin 22206* (bug 5086) Force image resize dimensions on ImageMagick, as for instance 22207 "-resize 100x35!"; some thumbs were off due to differences in rounding and 22208 would be generated smaller than expected. 22209* (bug 5062) Width sometimes one pixel short when using maximum heights 22210* Purge thumbnails and metadata cache for action=purge on an image page 22211* (bug 4273) Bounce back with a message when attempting to submit a new comment 22212 with an empty main textbox (user probably hit Enter in subject field) 22213* (bug 5141) Gracefully handle the new account link when createaccount off 22214* (bug 5150 and related) Fix missing ID attribute in HTML namespace selector 22215* (bug 5152) Proper HTML escaping on subpage breadcrumbs 22216* (bug 4855) Section edit links now have the section name in the title 22217 attribute. 22218* (bug 2115) Support shift-selecting multiple checkboxes with JavaScript. 22219* (bug 5161) Don't try to load template list for nonexistent pages 22220* (bug 5228) Workaround for broken LanguageConverter title overrides; avoid 22221 unnecessary hidden UI work when watch/unwatch is performed on edit 22222* Fixed bogus master fallback in external storage 22223* (bug 5246) Add speak:none to "hiddenStructure" class in main.css 22224* Further work on rev_deleted; changed to a bitfield with several data-hiding 22225 options. Not yet ready for production use; Special:Revisiondelete is 22226 incomplete, and the flags are not preserved across page deletion/undeletion. 22227 To try it; add the 'deleterevision' permission to a privileged group. 22228* (bug 5270) Fix broken linktrail for br, cv, fr, hr, nn, oc, ta, wa 22229* Add a clickable contribs link in user tool links (rc, watchlist, diff view) 22230 to see how people like it. (There was one in the old hacked-up diff view.) 22231* (bug 5236) Load wikibits.js before site-customized javascript 22232* (bug 4119) Workaround for <nowiki> following link in Walloon; remove capitals 22233 from linktrail, as they're not used anywhere else. 22234* (bug 4781) Output links with the percent-encoding they're supplied with; 22235 save the normalization for internal link storage. The normalization is a bit 22236 buggy and can make incorrect foldings in the query string and such, so isn't 22237 reliable beyond the hostname where it's used for the spam bulk checker. 22238* Don't URL-decode in the title attribute for URL links; it can produce false 22239 results that don't code back to their original values. 22240* (bug 4611) Add user preference (default on) to add new pages to creators's 22241 watchlist 22242* (bug 5286) Fix regression in display of missing/bad revision IDs 22243* (bug 4729) Add user preference that marks a user's edits as patrolled if user 22244 is able to 22245* (bug 4630) Add user preference to prompt users when entering blank edit 22246 summaries 22247* Added optional suggest feature for the search box. Set wgUseAjax to true to 22248 enable it. 22249* (bug 5277) Use audio/midi rather that audio/mid 22250* (bug 5410) Use namespace name when a custom namespace's nstab-NS message is 22251 nonexistent 22252* (bug 5432) Fix inconsistencies in cookie names when using table prefixes 22253* Additional protections against HTML breakage in table parsing 22254* (bug 5355) Include skin name and style JS settings in page source; 22255 fixes regression where Opera 6/7 and KHTML CSS fixes weren't applied 22256 when wikibits.js was moved up before user JS inclusion. 22257* Added $wgColorErrors: if set, database error messages will be highlighted 22258 when running command-line scripts in a Unix terminal. 22259* (bug 5195) rebuildrecentchanges.php works again; Database::insertSelect now 22260 has a parameter for select options. 22261* Fix updateSearchIndex.php for new schema 22262* Fix bogus "filename too short" error when uploading files with a period in the 22263 base name, e.g. "Mr. Zee.png" 22264* (bug 2139) Show page title in subtitle when viewing "read only" page 22265* (bug 5452) Update language name for Cree 22266 22267== Compatibility == 22268 22269Older PHP 4.2 and 4.1 releases are no longer supported; PHP 4 users must 22270upgrade to 4.3 or later. 22271 22272MediaWiki 1.6 is the last major version to support PHP 4; future versions will 22273require PHP 5. 22274 22275MySQL 3.23.x is no longer supported; some older hosts may need to upgrade. 22276At this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases. 22277 22278== Upgrading == 22279 22280Several changes to the database have been made from 1.5; these are relatively 22281minor but do require that the update process be run before the new code will 22282work properly: 22283 22284* A new "templatelinks" table tracks template inclusions. 22285* A new "externallinks" table tracks URL links; this can be used by a mass 22286spam-cleanup tool in the SpamBlacklist extension. 22287* A new "jobs" table stores a queue of pages to update in the background; this 22288is used to update links in including pages when templates are edited. 22289 22290To ensure that these tables are filled with data, run refreshLinks.php after 22291the upgrade. 22292 22293If you are upgrading from MediaWiki 1.4.x or earlier, some major database 22294changes are made, and there is a slightly higher chance that things could 22295break. Don't forget to always back up your database before upgrading! 22296 22297=== Caveats === 22298 22299Some output, particularly involving user-supplied inline HTML, may not produce 22300100% valid or well-formed XHTML output. Testers are welcome to set $wgMimeType 22301= "application/xhtml+xml"; to test for remaining problem cases, but this is not 22302recommended on live sites. (This must be set for MathML to display properly in 22303Mozilla.) 22304 22305 22306= MediaWiki 1.5 = 22307 22308== MediaWiki 1.5.9 == 22309* (bug 3359) Add hooks on completion of file upload 22310 22311== MediaWiki 1.5.8 == 22312 22313March 26, 2006 22314 22315MediaWiki 1.5.8 is a security and bugfix maintenance release. 22316 22317A bug in decoding of certain encoded links could allow injection of raw 22318HTML into page output; this could potentially lead to XSS attacks. 22319 22320Some minor UI fixes were also made, see the change log at the bottom of 22321this file. 22322 22323 22324== MediaWiki 1.5.7 == 22325 22326March 2, 2006 22327 22328MediaWiki 1.5.7 is a bugfix maintenance release. 22329 22330Most importantly, a security issue in the installer has been fixed. The bug 22331affects new installations of 1.5.6 only. If the user specified the MySQL root 22332password, to allow the installer to create an unprivileged account, the 22333installer would not only create the new account but also change the root 22334password to be equal to the password of the new account. 22335 22336Anyone affected by this bug will need to change the root password back 22337manually. For information about how to change passwords in MySQL please see: 22338http://dev.mysql.com/doc/refman/5.1/en/passwords.html 22339 22340This version includes fixes for compatibility with Internet Explorer 7 22341beta 2, and various other bugs; see the full changelog at the end of 22342the release notes. 22343 22344 22345== MediaWiki 1.5.6 == 22346 22347January 19, 2006 22348 22349MediaWiki 1.5.6 is a security and bugfix maintenance release. 22350 22351A bug in edit comment formatting could send PHP into an infinite loop 22352if certain malformed links were included. In most installations, this 22353would cause the script to fail after PHP's 30-second failsafe timeout. 22354 22355Some improvements have been made to the installer which should make 22356installation possible on a system with a broken MySQL "root" account. 22357 22358For several other minor fixes, see the complete changelog at the end 22359of this file. 22360 22361 22362== MediaWiki 1.5.5 == 22363 22364January 5, 2006 22365 22366MediaWiki 1.5.5 is a security and bugfix maintenance release. 22367 22368Detection for uploads of Windows Metafile (.wmf) images has been added 22369to help protect against a client-side vulnerability in unpatched Microsoft 22370Windows operating systems. 22371 22372Sites which have enabled uploads and added non-standard file types 22373(such as .ogg, .doc, or .pdf) should upgrade to this release to ensure 22374that malicious .wmf files can't be uploaded with a fake extension; 22375such files could put visitors to the site at risk. 22376 22377For more details on this, see: 22378http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability 22379 22380Additionally, a maintenance script removeUnusedAccounts.php has been added; 22381this replaces an older Perl script which had not been updated for the new 22382schema in 1.5. 22383 22384 22385== MediaWiki 1.5.4 == 22386 22387December 21, 2005 22388 22389MediaWiki 1.5.4 is a security and bugfix maintenance release. 22390 22391A hardcoded internal placeholder string has been replaced with a random 22392one. This closes a hole where security checks in inline style attributes 22393could be bypassed, injecting JavaScript code that could execute in 22394Microsoft Internet Explorer. 22395 22396Other browsers would not be vulnerable. 22397 22398Several minor fixes are included in this release, most notably a fix 22399to clear the "you have new messages" flag properly for usernames 22400containing spaces when e-mail notification is enabled. 22401 22402See the changelog at the end of the release notes for a full list of 22403fixes. 22404 22405 22406== MediaWiki 1.5.3 == 22407 22408December 4, 2005 22409 22410MediaWiki 1.5.3 is a security and bugfix maintenance release. 22411 22412Validation of the user language option was broken by a code change in 22413May 2005, opening the possibility of remote code execution as this 22414parameter is used in forming a class name dynamically created with 22415eval(). 22416 22417The validation has been corrected in this version. All prior 1.5 release 22418and prelease versions are affected; 1.4 and earlier and not affected. 22419 22420Additionally several bugs have been fixed; see the changelog later in 22421this file for a complete list. 22422 22423 22424== MediaWiki 1.5.2 == 22425 22426November 2, 2005 22427 22428MediaWiki 1.5.2 is a bugfix maintenance release. 22429 22430A change in PHP 4.4.1 and PHP 5.1.0RC broke handling of extension and 22431<pre> sections, causing garbage data to be inserted in output and saved 22432edits. This version works around the change. 22433 22434Several other glitches with MySQL 5.0 and PHP 5.0.5 were also fixed; 22435see the change log below for a complete list. 22436 22437 22438== MediaWiki 1.5.1 == 22439 22440October 26, 2005 22441 22442MediaWiki 1.5.1 is a bugfix and security maintenance release, and is a 22443recommended upgrade for all installations. 22444 22445This release includes further corrections to the inline CSS style sanitation 22446which works around a JavaScript "feature" on Microsoft Internet Explorer. 22447Users of Microsoft Internet Explorer for Windows may be vulnerable to 22448XSS injections on prior versions; users of standards-compliant browsers 22449are not vulnerable. 22450 22451Major fixes include: 22452* Image pages work again with resizing disabled 22453* Works in MySQL 5.0 strict mode 22454 22455There is experimental support in this release for explicitly declaring 22456the UTF-8 charset in the database; this has been tested with MySQL 5.0.15 22457but should work on 4.1 as well. 22458 22459IMPORTANT: Changing this setting on an existing wiki may produce interesting 22460data corruption, depending on server configuration. Page contents should, 22461usually, be unaffected, but page titles and other items may be. Limitations 22462in MySQL's Unicode support mean that characters outside the BMP cannot be used 22463in page titles or various other fields when using this mode. 22464 22465Table definitions are in maintenance/mysql5/tables.sql, and the runtime 22466option to send 'SET NAMES utf8' is set by $wgDBmysql5 = true. 22467 22468(MySQL 3.23.x and 4.0.x do not support character set declarations; on these 22469versions MediaWiki simply works with UTF-8 data and MySQL is blissfully 22470unaware of it.) 22471 22472 22473 22474== MediaWiki 1.5.0 final == 22475 22476October 5, 2005 22477 22478MediaWiki 1.5.0 is the new stable release branch of MediaWiki, and is 22479recommended for all new installations. 22480 22481Any wikis running a 1.5 beta or release candidate are strongly recommended 22482to upgrade to the final release, which includes a number of bug fixes and 22483a security fix for CSS bugs in Microsoft Internet Explorer. 22484 22485IMPORTANT: Running a 1.3 or 1.4 wiki and don't want to jump to 1.5 yet? 22486Be sure to upgrade to 1.3.17 or 1.4.11, also released today. Versions 22487prior to 1.3.16 and 1.4.10 have a serious data corruption bug which is 22488triggered by a spambot known to operate in the wild. 22489 22490 22491=== What's new in 1.5? === 22492 22493Schema: 22494 The core table schema has changed significantly. This should make better 22495 use of the database's cache and disk I/O, and make significantly speed up 22496 rename and delete operations on pages with very long edit histories. 22497 22498 Unfortunately this does mean upgrading a wiki of size from 1.4 will require 22499 some downtime for the schema restructuring, but future storage backend 22500 changes should be able to integrate into the new system more easily. 22501 22502Permalinks: 22503 The current revision of a page now has a permanent 'oldid' number assigned 22504 immediately, and the id numbers are now preserved across deletion/undeletion. 22505 A permanent reference to the current revision of a page is now just a matter 22506 of going to the 'history' tab and copying the first link in the list. 22507 22508Page move log: 22509 Renames of pages are now recorded in Special:Log and the page history. 22510 A handy revert link is available from the log for sysops. 22511 22512Editing diff: 22513 Ever lost track of what you'd done so far during an edit? A 'Show diff' 22514 button on the edit page now makes it easy to remember. 22515 22516Uploads: 22517 It's now possible to specify the final filename of an upload distinct 22518 from the original filename on your disk. 22519 22520 An image link for a missing file will now take you straight to the upload 22521 page. 22522 22523 More metadata is pre-extracted from uploaded images, which will ease pressure 22524 on disk or NFS volumes used to store images. EXIF metadata is displayed on 22525 the image description page if PHP is configured with the necessary module. 22526 22527 If .svg files are added to the upload whitelist, you can choose to render 22528 them to rasterized .png images for inline display using one of several 22529 external helper programs. See DefaultSettings.php for SVG options. 22530 22531User accounts: 22532 There are some changes to the user permissions system, with assignable 22533 groups. Note that this does *not* allow you to make pages which are only 22534 accessible to certain groups. 22535 22536 For details see: https://www.mediawiki.org/wiki/Manual:User_rights 22537 22538E-mail: 22539 User-to-user e-mail can now be restricted to require a mail-back confirmation 22540 first to reduce potential for abuse with false addresses. 22541 22542 Updates to user talk pages and watchlist entries can optionally send e-mail 22543 notifications. 22544 22545External hooks: 22546 A somewhat experimental interface for hooking in an external editor 22547 application is included. 22548 22549And... 22550 A bunch of stuff we forgot to mention. 22551 22552 22553=== What's gone? === 22554 22555Latin-1: 22556 Wikis must now be encoded in Unicode UTF-8; this has been the default for 22557 some time, but some languages could optionally be installed in Latin-1 mode. 22558 This is no longer supported. 22559 22560 You can check if your current wiki is in Latin-1 mode by using your browser's 22561 "view source"; look for a line like this: 22562 22563 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 22564 22565 If it says charset=utf-8, you're ready. If it says charset=iso8859-1, 22566 you may need to convert your data. (English-language wikis avoiding 22567 any accented characters may be able to get away without conversion.) 22568 22569MySQL 3.x: 22570 Some optimization hacks for MySQL 3.x have been removed as part of the schema 22571 clean-up (specifically, the inverse_timestamp fields). 22572 22573 MediaWiki 1.5 may still run on 3.x, but wikis of non-trivial size should 22574 very seriously consider upgrading to a more modern release. MySQL 3.x support 22575 will probably be entirely dropped in the next major release. 22576 22577Special:Maintenance 22578 These tools were, ironically enough, not really maintained. This special 22579 page has been removed; insofar as some of its pieces were useful and haven't 22580 already been supplanted by other special pages they should be rewritten in 22581 an efficient and safe manner in the future. 22582 22583 22584=== Caveats === 22585 22586Upgrade: 22587 Wikis in Latin-1 encoding are no longer supported; only Unicode UTF-8. 22588 A new option $wgLegacyEncoding is provided to allow on-the-fly recoding of 22589 old page text entries, but other metadata fields (titles, comments etc) need 22590 to be pre-converted. The standard upgrade process does not yet fully automate 22591 this, but you can try the alternate partial-upgrader in upgrade1_5.php. 22592 22593 The upgrade from 1.4 to 1.5 schema has not been tested for all cases, so 22594 it's possible you may experience problems in some combinations. 22595 22596Backups: 22597 The text entries of deleted pages are no longer removed from the main 22598 text table on deletion. If you provide public backup dumps of your databases, 22599 you will probably want to use the new XML-format dump generator, available 22600 as maintenance/dumpBackup.php. 22601 22602 For more information on how we run our own public data dumps at Wikimedia, 22603 see http://meta.wikimedia.org/wiki/Data_dumps 22604 22605PostgreSQL: 22606 The table definitions for PostgreSQL install are out of date. PostgreSQL 22607 support may return in later releases, pending appropriate patches. 22608 22609MySQL 4.1+: 22610 Some users may encounter installation problems with MySQL 4.1 or higher 22611 due to strange charset encoding / collation configurations. Try setting 22612 to 'latin1' or 'utf8' if you encounter problems. 22613 22614 22615 22616== MediaWiki 1.5 release candidate 4 == 22617 22618August 29, 2005 22619 22620MediaWiki 1.5rc4 is a preview release of the new 1.5 release series. 22621It fixes compatibility with PHP 5.1, and corrects two cross-site scripting 22622security bugs: 22623 22624* <math> tags were handled incorrectly when TeX rendering support is off, 22625 as in the default configuration. 22626* Extension or <nowiki> sections in Wiki table syntax could bypass HTML 22627 style attribute restrictions for cross-site scripting attacks against 22628 Microsoft Internet Explorer 22629 22630Wikis where the optional math support has been *enabled* are not vulnerable 22631to the first, but are vulnerable to the second. 22632 22633 22634 22635== MediaWiki 1.5 release candidate 3 == 22636 22637August 24, 2005 22638 22639MediaWiki 1.5rc3 is a preview release of the new 1.5 release series. 22640It fixes several major problems in 1.5rc2: 22641 22642* Fixed a cross-site scripting injection in the search form 22643 (broken since 1.5beta1) 22644 22645* Fixed upgrades from 1.4 database schema 22646 (broken since 1.5rc2) 22647 226481.3 and 1.4 releases are not vulnerable to the XSS bug, but anyone 22649running an earlier 1.5 beta or release candidate should upgrade 22650immediately. 22651 22652 22653== MediaWiki 1.5 release candidate 2 == 22654 22655August 23, 2005 22656 22657MediaWiki 1.5rc2 is a preview release of the new 1.5 release series. 22658Numerous bug fixes since last beta, plus a security fix; see change 22659log below for full details. 22660 22661A flaw in the interaction between extensions and HTML attribute 22662sanitization was discovered which could allow unauthorized use 22663of offsite resources in style sheets, and possible exploitation 22664of a JavaScript injection feature on Microsoft Internet Explorer. 22665 22666This version expands the returned text and properly checks it 22667before output. 22668 22669A 1.5rc1 release was mistakenly made from the incorrect source code 22670branch; 1.5rc2 is identical to the actual 1.5rc1 in revision control 22671except for version number. 22672 22673 22674== MediaWiki 1.5 beta 4 == 22675 22676July 30, 2005 22677 22678MediaWiki 1.5 beta 4 is a preview release of the new 1.5 release series. 22679A number of bugs have been fixed since beta 3; see the full changelist below. 22680 22681 22682== MediaWiki 1.5 beta 3 == 22683 22684July 7, 2005 22685 22686MediaWiki 1.5 beta 3 is a preview release of the new 1.5 release 22687series, with a security update over beta 2. 22688 22689Incorrect escaping of a parameter in the page move template could 22690be used to inject JavaScript code by getting a victim to visit a 22691maliciously constructed URL. Users of vulnerable releases are 22692recommended to upgrade to this release. 22693 22694Vulnerable versions: 22695* 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3 22696* 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6 22697* 1.3 legacy series: not vulnerable 22698 22699This release also includes several bug fixes and localization updates. 22700See the changelog at the end of this file for a detailed list. 22701 22702 22703 22704== MediaWiki 1.5 beta 2 == 22705 22706July 5, 2005 22707 22708MediaWiki 1.5 beta 2 is a preview release of the new 1.5 release series. 22709While most exciting new bugs should have been ironed out at this point, 22710third-party wiki operators should probably not run this beta release 22711on a public site without closely following additional development. 22712 22713Anyone who _has_ been running beta 1 is very very strongly advised to 22714upgrade to beta 2, as it fixes many bugs from the previous beta including 22715a couple of HTML and SQL injections. 22716 22717This release should be followed by one or two release candidates and 22718a 1.5.0 final within the next few weeks. 22719 22720Beta upgraders, note there are some minor database changes. For upgrades 22721from 1.4, see the file UPGRADE for details on significant database and 22722configuration file changes. 22723 22724Beta 2 includes a preliminary command-line XML wiki dump importer tool, 22725maintenance/importDump.php, paired with maintenance/dumpBackup.php. 22726These use the same format as Special:Export and Special:Import, able 22727to package a wiki's entire page set independent of the backend database 22728and compression format. 22729 22730 22731== MediaWiki 1.5 beta 1 == 22732 22733June 26, 2005 22734 22735MediaWiki 1.5 beta 1 is a preview release, pretty much feature complete, 22736of the new 1.5 release series. There are several known and likely a number 22737of unknown bugs; it is not recommended to use this release in a production 22738environment but would be recommended for testing in mind of an upcoming 22739deployment. 22740 22741A number of significant changes have been made since the alpha releases, 22742including database changes and a reworking of the user permissions settings. 22743See the file UPGRADE for details of upgrading and changing your prior 22744configuration settings for the new system. 22745 22746 22747 22748== MediaWiki 1.5 alpha 2 == 22749 22750June 3, 2005 22751 22752MediaWiki 1.5 alpha 2 includes a lot of bug fixes, feature merges, 22753and a security update. 22754 22755Incorrect handling of page template inclusions made it possible to 22756inject JavaScript code into HTML attributes, which could lead to 22757cross-site scripting attacks on a publicly editable wiki. 22758 22759Vulnerable releases and fix: 22760* 1.5 prerelease: fixed in 1.5alpha2 22761* 1.4 stable series: fixed in 1.4.5 22762* 1.3 legacy series: fixed in 1.3.13 22763* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended 22764 22765 22766== MediaWiki 1.5 alpha 1 == 22767 22768May 3, 2005 22769 22770This is a testing preview release, being put out mainly to aid testers in 22771finding installation bugs and other major problems. It is strongly recommended 22772NOT to run a live production web site on this alpha release. 22773 22774** WARNING: USE OF THIS ALPHA RELEASE MAY INFEST YOUR HOUSE WITH ** 22775** TERMITES, ROT YOUR TEETH, GROW HAIR ON YOUR PALMS, AND PASTE ** 22776** INNUENDO INTO YOUR C.V. RIGHT BEFORE A JOB INTERVIEW! ** 22777** DON'T SAY WE DIDN'T WARN YOU, MAN. WE TOTALLY DID RIGHT HERE. ** 22778 22779 22780=== Smaller changes since 1.4 === 22781 22782Various bugfixes, small features, and a few experimental things: 22783 22784* 'live preview' reduces preview reload burden on supported browsers 22785* support for external editors for files and wiki pages: 22786 https://www.mediawiki.org/wiki/Manual:External_editors 22787* Schema reworking: 22788 https://www.mediawiki.org/wiki/Proposed_Database_Schema_Changes/October_2004 22789* (bug 15) Allow editors to view diff of their change before actually submitting 22790 an edit 22791* (bug 190) Hide your own edits on the watchlist 22792* (bug 510): Special:Randompage now works for other namespaces than NS_MAIN. 22793* (bug 1015) support for the full wikisyntax in <gallery> captions. 22794* (bug 1105) A "Destination filename" (save as) added to Special:Upload Upload. 22795* (bug 1352) Images on description pages now get thumbnailed regardless of 22796 whether the thumbnail is larger than the original. 22797* (bug 1662) A new magicword, {{CURRENTMONTHABBREV}} returns the abbreviation of 22798 the current month 22799* (bug 1668) 'Date format' supported for other languages than English, see: 22800 http://mail.wikipedia.org/pipermail/wikitech-l/2005-March/028364.html 22801* (bug 1739) A new magicword, {{REVISIONID}} give you the article or diff 22802 database revision id, useful for proper citation. 22803* (bug 1998) Updated the Russian translation. 22804* (bug 2064) Configurable JavaScript mimetype with $wgJsMimeType 22805* (bug 2084) Fixed a regular expression in includes/Title.php that was accepting 22806 invalid syntax like #REDIRECT [[foo] in redirects 22807* It's now possible to invert the namespace selection at Special:Allpages and 22808 Special:Contributions 22809* No longer using sorbs.net to check for open proxies by default. 22810* What was $wgDisableUploads is now $wgEnableUploads, and should be set to true 22811 if one wishes to enable uploads. 22812* Supplying a reason for a block is no longer mandatory 22813* Language conversion support for category pages 22814* $wgStyleSheetDirectory is no longer an alias for $wgStyleDirectory; 22815* Special:Movepage can now take parameters like Special:Movepage/Page_to_move 22816 (used to just be able to take parameters via a GET request like 22817 index.php?title=Special:Movepage&target=Page_to_move) 22818* (bug 2151) The delete summary now includes editor name, if only one has edited 22819 the article. 22820* (bug 2105) Fixed from argument to the PHP mail() function. A missing space 22821 could prevent sending mail with some versions of sendmail. 22822* (bug 2228) Updated the Slovak translation 22823* ...and more! 22824 22825 22826=== Changes since 1.5alpha1 === 22827 22828* (bug 73) Category sort key is set to file name when adding category to 22829 file description from upload page (previously it would be set to 22830 "Special:Upload", causing problems with category paging) 22831* (bug 419) The contents of the navigation toolbar are now editable through 22832 the MediaWiki namespace on the MediaWiki:navbar page. 22833* (bug 498) The Views heading in MonoBook.php is now localizable 22834* (bug 898) The wiki can now do advanced sanity check on uploaded files 22835 including virus checks using external programs. 22836* (bug 1692) Fix margin on unwatch tab 22837* (bug 1906) Generalize project namespace for Latin localization, update 22838 namespaces 22839* (bug 1975) The name for Limburgish (li) changed from "Lèmburgs" to "Limburgs 22840* (bug 2019) Wrapped the output of Special:Version in <div dir='ltr'> in order 22841 to preserve the correct flow of text on RTL wikis. 22842* (bug 2067) Fixed crash on empty quoted HTML attribute 22843* (bug 2075) Corrected namespace definitions in Tamil localization 22844* (bug 2079) Removed links to Special:Maintenance from movepagetext message 22845* (bug 2094) Multiple use of a template produced wrong results in some cases 22846* (bug 2095) Triple-closing-bracket thing partly fixed 22847* (bug 2110) "noarticletext" should not display on Image page for "sharedupload" 22848 media 22849* (bug 2150) Fix tab indexes on edit form 22850* (bug 2152) Add missing bgcolor to attribute whitelist for <td> and <th> 22851* (bug 2176) Section edit 'show changes' button works correctly now 22852* (bug 2178) Use temp dir from environment in parser tests 22853* (bug 2217) Negative ISO years were incorrectly converted to BC notation 22854* (bug 2234) allow special chars in database passwords during install 22855* Deprecated the {{msg:template}} syntax for referring to templates, {{msg: is 22856 now the wikisyntax representation of wfMsgForContent() 22857* Fix for reading incorrectly re-gzipped HistoryBlob entries 22858* HistoryBlobStub: the last-used HistoryBlob is kept open to speed up 22859 multiple-revision pulls 22860* Add $wgLegacySchemaConversion update-time option to reduce amount of 22861 copying during the schema upgrade: creates HistoryBlobCurStub reference 22862 records in text instead of copying all the cur_text fields. Requires 22863 that the cur table be left in place until/unless such fields are migrated 22864 into the main text store. 22865* Special:Export now includes page, revision, and user id numbers by 22866 default (previously this was disabled for no particular reason) 22867* dumpBackup.php can dump the full database to Export XML, with current 22868 revisions only or complete histories. 22869* The group table was renamed to groups because "group" is a reserved word in 22870 SQL which caused some inconveniances. 22871* New fileicons for c, cpp, deb, dvi, exe, h, html, iso, java, mid, mov, o, 22872 ogg, pdf, ps, rm, rpm, tar, tex, ttf and txt files based on the KDE 22873 crystalsvg theme. 22874* Fixed a bug in Special:Newimages that made it impossible to search for '0' 22875* Added language variant support for Icelandic, now supports "Íslenzka" 22876* The #p-nav id in MonoBook is now #p-navigation 22877* Putting $4 in msg:userstatstext will now give the percentage of 22878 admnistrators out of normal users. 22879* links and brokenlinks tables merged to pagelinks; this will reduce pain 22880 dealing with moves and deletes of widely-linked pages. 22881* Add validate table and val_ip column through the updater. 22882* Simple rate limiter for edits and page moves; set $wgRateLimits 22883 (somewhat experimental; currently needs memcached) 22884* (bug 2262) Hide math preferences when TeX is not enabled 22885* (bug 2267) Don't generate thumbnail at the same size as the source image. 22886* Fix rebuildtextindex.inc for new schema 22887* Remove linkscc table code, no longer used. 22888* (bug 2271) Use faster text-only link replacement in image alt text 22889 instead of rerunning expensive link lookup and HTML generation. 22890* Only build the HTML attribute whitelist tree once. 22891* Replace wfMungeToUtf8 and do_html_entity_decode with a single function 22892 that does both numeric and named chars: Sanitizer::decodeCharReferences 22893* Removed some obsolete UTF-8 converter functions 22894* Fix function comment in debug dump of SQL statements 22895* (bug 2275) Update search index more or less right on page move 22896* (bug 2053) Move comment whitespace trimming from edit page to save; 22897 leaves the whitespace from the section comment there on preview. 22898* (bug 2274) Respect stub threshold in category page list 22899* (bug 2173) Fatal error when removing an article with an empty title from the 22900 watchlist 22901* Removed -f parameter from mail() usage, likely to cause failures and bounces. 22902* (bug 2130) Fixed interwiki links with fragments 22903* (bug 684) Accept an attribute parameter array on parser hook tags 22904* (bug 814) Integrate AuthPlugin changes to support Ryan Lane's external 22905 LDAP authentication plugin 22906* (bug 2034) Armor HTML attributes against template inclusion and links munging 22907 22908=== Changes since 1.5alpha2 === 22909 22910* (bug 2319) Fix parse hook tag matching 22911* (bug 2329) Fix title formatting in several special pages 22912* (bug 2223) Add unique index on user_name field to prevent duplicate accounts 22913* (bug 1976) fix shared user database with a table prefix set 22914* (bug 2334) Accept null for attribs in wfElement without PHP warning 22915* (bug 2309) Allow templates and template parameters in HTML attribute zone, 22916 with proper validation checks. (regression from fix for 2304) 22917* Disallow close tags and enforce empty tags for <hr> and <br> 22918* Changed user_groups format quite a bit. 22919* (bug 2368) Avoid fatally breaking PHP 4.1.2 in a debug line 22920* (bug 2367) Insert correct redirect link record on page move 22921* (bug 2372) Fix rendering of empty-title inline interwiki links 22922* (bug 2384) Fix typo in regex for IP address checking 22923* (bug 650) Prominently link MySQL 4.1 help page in installer if a possible 22924 version conflict is detected 22925* (bug 2394) Undo incompatible breakage to {{msg:}} compatibility includes 22926* (bug 1322) Use a shorter cl_sortkey field to avoid breaking on MySQL 4.1 22927 when the default charset is set to utf8 22928* (bug 2400) don't send confirmation mail on account creation if 22929 $wgEmailAuthentication is false. 22930* (bug 2172) Fix problem with nowiki beeing replaced by marker strings 22931 when a template with a gallery was used. 22932* Guard Special:Userrights against form submission forgery 22933* (bug 2408) page_is_new was inverted (whoops!) 22934* Added wfMsgHtml() function for escaping messages and leaving params intact 22935* Fix ordering of Special:Listusers; fix groups list so it shows all groups 22936 when searching for a specific group and can't be split across pages 22937* (bug 1702) Display a handy upload link instead of a useless blank link 22938 for [[media:]] links to nonexistent files. 22939* (bug 873) Fix usage of createaccount permission; replaces $wgWhitelistAccount 22940* (bug 1805) Initialise $wgContLang before $wgUser 22941* (bug 2277) Added Friulian language file 22942* (bug 2457) The "Special page" href now links to the current special page 22943 rather than to "". 22944* (bug 1120) Updated the Czech translation 22945* A new magic word, {{SCRIPTPATH}}, returns $wgScriptPath 22946* A new magic word, {{SERVERNAME}}, returns $wgServerName 22947* A new magic word, {{NUMBEROFFILES}}, returns the number of rows in the image 22948 table 22949* Special:Imagelist displays titles with " " instead of "_" 22950* Less gratuitous munging of content sample in delete summary 22951* badaccess/badaccesstext to supercede sysop*, developer* messages 22952* Changed $wgGroupPermissions to more cut-n-paste-friendly format 22953* 'developer' group deprecated by default 22954* Special:Upload now uses 'upload' permission instead of hardcoding login check 22955* Add 'importupload' permission to disable direct uploads to Special:Import 22956* (bug 2459) Correct escaping in Special:Log prev/next links 22957* (bug 2462 etc) Taking out the experimental dash conversion; it broke too many 22958 things for the current parser to handle cleanly 22959* (bug 2467) Added a Turkish language file 22960* Fixed a bug in Special:Contributions that caused the namespace selection to 22961 be forgotten between submits 22962* Special:Watchlist/edit now has namespace subheadings 22963* (bug 1714) the "Save page" button now has right margin to separate it from 22964 "Show preview" and "Show changes" 22965* Special:Statistics now supports action=raw, useful for bots designed to 22966 harwest e.g. article counts from multiple wikis. 22967* The copyright confirmation box at Special:Upload is now turned off by default 22968 and can be turned back on by setting $wgCopyrightAffirmation to a true value. 22969* Restored prior text for password reminder button and e-mail, replacing 22970 the factually inaccurate text that was there. 22971* (bug 2178) Fix temp dir check again 22972* (bug 2488) Format 'deletedtext' message as wikitext 22973* (bug 750) Keep line endings consistent in LocalSettings.php 22974* (bug 1577) Add 'printable version' tab in MonoBook for people who don't 22975 realize you can just hit print to get a nicely formatted printable page. 22976* Trim whitespace from option values to weather line-ending corruption problems 22977* Fixed a typo in the Romanian language file (NS_MESIA => NS_MEDIA) 22978* (bug 2504) Updated the Finnish translation 22979* (bug 2506, 2512) Updated the Nynorsk translation 22980* (bug 996) Replace $wgWhitelistEdit with 'edit' permission; fixup UPGRADE 22981 documentation about edit and read whitelists. 22982* (bug 2515) Fix incremental link table update 22983* Removed some wikipedia-specifica from LanguageXx.php's 22984* (bug 2496) Allow MediaWiki:edithelppage to point to external page 22985* Added a versionRequired() function to OutputPage, useful for extension 22986 writers that want to control what version of MediaWiki their extension 22987 can be used with. 22988* Serialized user objects now checked for versioning 22989* Fix for interwiki link regression 22990* Printable link shorter in monobook 22991* Experimental Latin-1-and-replication-friendly upgrader script 22992* (bug 2520) Don't show enotif options when disabled 22993 22994== Changes since 1.5beta1 == 22995 22996* (bug 2531) Changed the interwiki name for sh (Serbocroatian) to 22997 Srpskohrvatski/Српскохрватски (was Српскохрватски (Srbskohrvatski)) 22998* Nonzero return code for command-line scripts on wfDebugDieBacktrace() 22999* Conversion fix for empty old table in upgrade1_5.php 23000* Try reading revisions from master if no result on slave 23001* (bug 2538) Suppress notice on user serialized checks 23002* Fix paging on Special:Contributions 23003* (bug 2541) Fix unprotect tab 23004* (bug 1242) category list now show on edit page 23005* Skip sidebar entries where link text is '-' 23006* Convert non-UTF-8 URL parameters even if referer is local 23007* (bug 2460) <img> width & height properly filled when resizing image 23008* (bug 2273) deletion log comment used user interface language 23009* Try reading revision _text_ from master if no result on slave 23010* Use content-language message cache for raw view of message pages 23011* (bug 2530) Not displaying talk pages on Special:Watchlist/edit 23012* Fixed a bug that would occour if $wgCapitalLinks was set to false, a user 23013 agent could create a username that began with a lower case letter that was 23014 not in the ASCII character set ( now user $wgContLang->ucfirst() instead of 23015 PHP ucfirst() ) 23016* Moved the user name / password validity checking from 23017 LoginForm::addNewAccountInternal() to two new functions, 23018 User::isValidUserName() and User::isValidPassword(), extensions can now do 23019 these checks without rewriting code. 23020* Fix $wgSiteNotice when MediaWiki:Sitenotice is set to default '-' 23021* Fixed a bug where the watchlist count without talk pages would be off by a 23022 factor of two. 23023* upgrade1_5.php uses insert ignore, allows to skip image info initialization 23024* Fix namespaces in category list. 23025* Add rebuildImages.php to update image metadata fields 23026* Special:Ancientpages is expensive in new schema for now 23027* (bug 2568) Fixed a logic error in the Special:Statistics code which caused 23028 the displayed percentage of admins to be totally off. 23029* (bug 2560) Don't show blank width/height attributes for missing size 23030* Don't show bogus messages about watchlist notifications when disabled 23031* Don't show old debug messages in watchlist 23032* (bug 2576) Fix recording of transclusion links 23033* (bug 2577) Allow sysops to enter non-standard block times 23034* Fixed a bug where Special:Contributions wouldn't remember the 'invert' 23035 status between next/previous buttons. 23036* Move MonoBook printable link from tab to sidebar 23037* (bug 2567) Fix HTML escaping on category titles in list 23038* (bug 2562) Show rollback link for current revisions on diff pages 23039* (bug 2583) Add --missinig option on rebuildImages.php to add db entries 23040 for uploaded files that don't have them 23041* (bug 2572) Fix edit conflict handling 23042* (bug 2595) Show "Earlier" and "Latest" links on history go to the first/last 23043 page in the article history pager. 23044* Don't show empty-page text in 'Show changes' on new page 23045* (bug 2591) Check for end, fix limits on Whatlinkshere 23046* (bug 2584) Fix output of subcategory list 23047* (bug 2597) Don't crash when undeleting an image description page 23048* (bug 2564) Don't show "editingold" warning for recent revision 23049* Various code cleanup and HTML escaping fixlets 23050* Copy IRC-over-UDP update option from REL1_4 23051* (bug 2548) Keep summary on 'show changes' of section edit 23052* Move center on toc to title part to avoid breaking .toc style usage 23053* HTML sanitizer: correct multiple attributes by keeping last, not first 23054* (bug 2614) Fix section edit links on diff-to-current with oldid set 23055 Also fix navigation links on current-with-oldid view. 23056* (bug 2620) Return to prior behavior for some more things (such as 23057 subpage parent links) on current-diff view. 23058* (bug 2618) Fix regression from another fix; show initial preview for 23059 categories only if the page does not exist. 23060* (bug 2625) Keep group & user settings when paging in Listusers 23061* (bug 2627) Fix regression: diff radio button initial selection 23062* Copy fix for old search URLs with Lucene search plugin from REL1_4 23063* (bug 619) Don't use incompatible diff3 executable on non-Linux systems. 23064* (bug 2631) Fix Hebrew namespaces. 23065* (bug 2630) Indicate no-longer-valid cached entries in BrokenRedirects list 23066* (bug 2644, 2645) "cur" diff links in page history, watchlist and 23067 recentchanges should specify current ID explicitly. 23068* (bug 2609) Fix text justification preferenced with MonoBook skin. 23069* (bug 2594) Display article tab as red for non-existent articles. 23070* (bug 2656) Fix regression: prevent blocked users from reverting images 23071* (bug 2629) Automatically capitalize usernames again instead of 23072 rejecting lowercase with a useless error message 23073* (bug 2661) Fix link generation in contribs 23074* Add support for &preload=Page_name (load text of an existing page into 23075edit area) and &editintro=Page_name (load text of an existing page instead 23076of MediaWiki:Newpagetext) to &action=edit, if page is new. 23077* (bugs 2633, 2672, 2685, 2695) Fix Estonian, Portuguese, Italian, Finnish and 23078 Spanish numeric formatting 23079* Fixed Swedish numeric formatting 23080* (bug 2658) Fix signature time, localtime to match timezone offset again 23081* Files from shared repositories (e.g. commons) now display with their 23082 image description pages when viewed on local wikis. 23083* Restore compatibility namespace aliases for French Wikipedia 23084* Fix diff order on Enhanced RC 'changes' link 23085* (bug 2650) Fix national date type display on wikis that don't support 23086 dynamic date conversion. 23087* FiveUpgrade: large table hacks, install iw_trans update before links 23088* (bug 2648) Rename namespaces in Afrikaanse 23089* Special:Booksources checks if custom list page exists before using it 23090* (bug 1170) Fixed linktrail for da: and ru: 23091* (bug 2683) Really fix apostrophe escaping for toolbox tips 23092* (bug 923) Fix title and subtitle for rclinked special page 23093* (bug 2642) watchdetails message in several languages used <a></a> instead of 23094 [ ] 23095* (bug 2181) basic CSB language localisation by Tomasz G. Sienicki (thanks for 23096 the patch) 23097* Fix correct use of escaping in edit toolbar bits 23098* Removed language conversion support from Icelandic 23099* (bug 2616) Fix proportional image scaling, giving correct height 23100* (bug 2640) Include width and height attributes on unscaled images 23101* Workaround for mysterious problem with bogus epoch If-Last-Modified reqs 23102* (bug 1109) Suppress compressed output on 304 responses 23103* (bug 2674) Include some site configuration info in export data: 23104 namespaces definitions, case-sensitivity, site name, version. 23105* Use xml:space="preserve" hint on export <text> elements 23106* Make language variant selection work again for zh 23107 23108== Changes since 1.5beta2 == 23109 23110* Escaped & correctly in Special:Contributions 23111* (bug 2534) Hide edit sections with CSS to make right click to edit section 23112 work 23113* (bug 2708) Avoid undefined notice on cookieless login attempt 23114* (bug 2188) Correct template namespace for Greek localization 23115* Fixed number formatting for Dutch 23116* (bug 1355) add class noprint to commonPrint.css 23117* (bug 2350) Massive update for Limburgish (li) language using Wikipédia 23118* Massive update for Arab (ar) language using Wikipédia 23119* (bug 1560) Massive update for Kurdish (ku) language using Wikipédia 23120* (bug 2709) Some messages were not read from database 23121* (bug 2416) Don't allow search engine robots to index or follow nonexisting 23122 articles 23123* Fix escaping in page move template. 23124* (bug 153) Discrepancy between thumbnail size and <img> height attribute 23125 23126== Changes since 1.5beta3 == 23127 23128* Fix talk page move handling 23129* (bug 2721) New language file for Vietnamese with the Vietnamese number 23130 notation 23131* (bug 2749) would appear as a literal in image galleries for Cs, Fr, 23132 Fur, Pl and Sv 23133* (bug 787) external links being rendered when they only have one slash 23134* Fixed a missing typecast in Language::dateFormat() that would cause some 23135 interesting errors with signitures. 23136* (bug 2764) Number format for Nds 23137* (bug 1553) Stop forcing lowercase in Monobook skin for German language. 23138* (bug 1064) Implements Special:Unusedcategories 23139* (bug 2311) New language file for Macedonian 23140* Fix nohistory message on empty page history 23141* Fix fatal error in history when validation on 23142* Cleaned up email notification message formatting 23143* Finally fixed Special:Disambiguations that was broke since SCHEMA_WORK 23144* (bug 2761) fix capitalization of "i" in Turkish 23145* (bug 2789) memcached image metadata now cleared after deletion 23146* Add serialized version number to image metadata cache records 23147* (bug 2780) Fix thumbnail generation with GD for new image schema 23148* (bug 2791) Slovene numeric format 23149* (bug 655) Provide empty search form when searching for nothing 23150* Nynorsk numeric format fix 23151* (bug 2825) Fix regression in newtalk notifications for anons w/ enotif off 23152* (bug 2833) Fix bug in previous fix 23153* With $wgCapitalLinks off, accept off-by-first-letter-case in 'go' match 23154* Optional parameters for [[Special:Listusers]] 23155* (bug 2832) [[Special:Listadmins]] redirects to [[Special:Listusers/sysop]] 23156* (bug 785) Parser did not get out of <pre> with list elements 23157* Some shared upload fixes 23158* (bug 2768) section=new on nonexistent talk page does not add heading 23159* support preload= parameter for section=new 23160* show comment subject in preview when using section=new 23161* use comment form when creating a new talk page 23162* (bug 460) Properly handle <center> tags as a block. 23163* Undo inconsistent editing behavior change 23164* (bug 2835) Back out fix for bug 2802, caused regressions in category sort 23165* PHP 4.1.2 compatibility fix: define floatval() equivalent if missing 23166* (bug 2901) Number format for Catalan 23167* Special:Allpages performance hacks: index memcached caching, removed 23168 inverse checkbox, use friendlier relative offsets in index build 23169* Bring back "Chick" skin for mobile devices. It needs testing. 23170* Fix spelling of $wgForwardSearchUrl in DefaultSettings.php 23171* Specify USE INDEX on Allpages chunk queries, sometimes gets lost 23172 due to bogus optimization 23173* (bug 275) Section duplication fix 23174* Remove unused use of undefined variable in UserMailer 23175* Fix notice on search index update due to non-array 23176* (bug 2885) Fix fatal errors and notices in PHP 5.1.0beta3 23177* (bug 2931) Fix additional notices on reference use in PHP 4.4.0 23178* (bug 2774) Add three new $wgHooks to LogPage which enable extensions to add 23179 their own logtypes, see extensions/Renameuser/SpecialRenameuser.php for an 23180 example of this. 23181* (bug 740) Messages from extensions now appear in Special:Allmessages 23182* (bug 2857) fixed parsing of lists in <pre> sections 23183* (bug 796) Trackback support 23184* Fix 1.5 regression: weird, backwards diff links on new pages in enhanced RC 23185 are now suppressed as before. 23186* New skin: Simple 23187* "uselang" and "useskin" URL parameters can now be used in the URL when 23188 viewing a page, to change the language and skin of a page respectively. 23189* Skins can now be previewed in preferences 23190* (bug 2943) AuthPlugin::getCanonicalName() name canonicalization hook, 23191 patch from robla 23192* Wrap revision insert & page update in a transaction, rollback on late 23193 edit conflict. 23194* (bug 2953) 'other' didn't work in Special:Blockip when localized 23195* (bug 2958) Rollback and delete auto-summary should be in the project's 23196 content language 23197* Removed useless protectreason message 23198* Spelling fix: $wgUrlProtcols -> $wgUrlProtocols 23199* Switch Moldovan local name to cyrillic 23200* Fix typo in undefined array index access prevention 23201* (bug 2947) Update namespaces for sr localization 23202* (bug 2952) Added Asturian language file with translated namespaces 23203* (bug 2676) Apply a protective transformation on editing input/output 23204 for browsers that hit the Unicode blacklist. Patch by plugwash. 23205* (bug 2999) Fix encoding conversion of pl_title in upgrade1_5.php 23206* compressOld.php disabled, as it's known to be broken. 23207 23208 23209=== Changes since 1.5beta4 === 23210 23211* Fix Special:Allmessages under PHP 5 23212* (bug 2911) Special:Watchlist allowed only one type of limit at a time 23213* (bug 693) Special:Allmessages is excessively wide and redundant 23214* (bug 3001) Updated and applied live hack for recentchanges-based watchlist 23215* (bug 145) Finish 'exclude redirect' implementation in search form 23216* Rearranged Special:Movepage form to reduce confusion between destination 23217 title and reason input boxes 23218* (bug 2527) Always set destination filename when new file is selected 23219* (bug 3056) MySQL 3 compatibility fix: USE INDEX instead of FORCE INDEX 23220* PHP 4.1 compatibility fix: don't use new_link parameter to mysql_connect 23221 if running prior to 4.2.0 as it causes the call to fail 23222* (bug 3117) Fix display of upload size and type with tidy on 23223* (bug 1487) invalid html on empty list in banlist 23224* (bug 3017) Hotkey conflict for delete and show changes 23225* made pixel unit translateable and blocklistline now eats infiniteblock 23226 and expiringblock 23227* (bug 3092) Wrong numerical separator for big numbers in Serbian. 23228* (bug 2855) Credit for a uniq author showed its realname even with 23229 $wgAllowRealName=false. 23230* New special page: SpecialMostlinked 23231* (bug 2393) Fix MIME type for Atom feeds ( application/rss+atom ) 23232* Fix display of read-only lockfile message 23233* Added a new hook, 'AddNewAccount', which is run after account creation 23234* Update all stats fields on recount.sql 23235* Include software-visible client IP address in Special:Version comment 23236 as a proxy debugging aid 23237* (bug 3162) Fix 'undefined property page_is_new' error on watchlist 23238* (bug 1734) granting db permissions failed with db usernames containg '-' 23239* (bug 3170) wikititlesuffix was removed, use pagetitle instead 23240* (bug 3187) watchlist text refer to unexistent "Stop watching" action 23241* (bug 3190) Added some date format choices for language sr 23242* (bug 1334) LanguageGa.php update 23243* (bug 1020) Changing user interface language does not work immediately 23244* (bug 2753) Some namespaces were not translated in LanguageTa.php (Tamil) 23245* (bug 3204) Fix typo breaking special pages in fy localization 23246* (bug 3210) Fix Media: links with remote image URL path 23247* (bug 3220) Fix escaping of block URLs in Recentchanges 23248* (bug 3238): Updated LanguageNn.php for 1_5 branch 23249* (bug 3192): properly check 'limit' parameter on Special:Contributions 23250* (bug 3244) Fix remote image loading hack, JavaScript injection on MSIE 23251* Fix URL sanitization in HTML attributes, which broke in this branch 23252* (bug 3475) anon contrib links on Special:Newpages 23253 23254 23255=== Changes since 1.5rc2 === 23256 23257* Fix upgrade from 1.4 due to version number check breakage 23258* Fix upgrade from 1.4 with no old revisions 23259* (bug 2108) Sort entries when using category browser 23260* XSS issue : now sanitize search query input 23261 23262 23263=== Changes since 1.5rc3 === 23264 23265* (bug 3280) Respect 'move' group permission on page moves 23266* (bug 2885) More PHP 5.1 fixes: skin, search, log, undelete 23267* Security fix for <math> 23268* Security fix for tables 23269 23270 23271=== Changes since 1.5rc4 === 23272 23273* (bug 3292) Fix move-over-redirect test when current entries are not plaintext 23274* (bug 2078) Don't hide watch tab on preview 23275* (bug 3306) Document $wgLocalTZoffset 23276* Support SVG rendering with rsvg 23277* Cap arbitrary SVG renders to given image size or $wgSVGMaxSize pixels wide 23278* (bug 3127) Render large SVGs at image page size correctly 23279* (bug 3448) Set page_len on undelete 23280* (bug 2800) Don't scale up small iamges on |thumb| without explicit size 23281* Use the real file link instead of the default-size rasterized version for 23282 large SVG images on image description page 23283* Include the file name/type/size line for non-resized images 23284* (bug 3412) Clean up date format handling so ~~~~-sigs work with default 23285 format as designed. Documentation comments updated. 23286* (bug 1423) LanguageJa.php update 23287* (bug 3405) Don't use raw letters as aliases of MSGNW: and SUBST: 23288* (bug 3485) Fix bogus warning about filename capitalization when off 23289* (bug 2792) Update rebuildrecentchanges.inc for new schema 23290* Special:Import/importDump fixes: report XML parse errors, accept <minor/> 23291* (bug 3489) PHP 5.1 compat problem with captioned images 23292* (bug 3350) Missing label for move talk page checkbox. 23293* (bug 2570) Add 'watch this page' checkbox on uploads, watch uploads 23294 by default when 'watchdefault' option is on 23295* (bug 3182) Clear link cache during import to prevent memory leak 23296* (bug 3573) Full Greek Translation 23297* (bug 3595) Warn and abort if importDump.php called in read-only mode. 23298* (bug 3598) Update message cache on message page deletion, patch by Tietew 23299* Blacklist additional MSIE CSS safety tricks 23300 23301 23302=== Changes since 1.5.0 === 23303 23304* (bug 3629) Fix date & time format for Frisian 23305* (bug 3641) Fix handling of unrecognized file uploads with known extensions 23306* (bug 3643) Fix image page display of large images with resizing disabled 23307* Fix meta robots tag on Special:Version again to avoid listing vulnerable 23308 versions for convenient harvesting by automated worms 23309* (bug 3684) Fix typo in fatal error backtraces in Hooks.php 23310* Backport fix for reference usage notice in Special:Search on PHP 4.4.0 23311* Backport database connect error display fix from HEAD 23312* (bug 2773) Print style sheet no longer overrides RTL text direction 23313* MonoBook skin top link id changed from "contentTop" to "top" (shared with 23314 name attribute) 23315* Wrap message page insertions in a transaction to speed up installation 23316* Fix Special:MovePage invalid HTML attribute for reason textarea 23317* Avoid notice warning on edit with no User-Agent header 23318* (bug 3734) Swapped out obsolete recount.sql with initStats.php 23319* (bug 3735) Fix to run under MySQL 5's strict mode 23320* (bug 3786) Experimental support for MySQL 4.1/5.0 utf8 charset mode 23321 NOTE: Enabling this may break existing wikis, and still doesn't 23322 work for all Unicode characters due to MySQL limitations. 23323* Sanitizer CSS comment processing order fix 23324 23325 23326=== Changes since 1.5.1 === 23327 23328* Fix Special:BrokenRedirects on MySQL 5.0 23329* (bug 3809) Backport fix for detecting diff3 failure 23330* MySQL 5.0 strict mode fix for moving unwatched pages 23331* (bug 3782) Throw fatal installation warning if mbstring.func_overload on. 23332 Why do people invent these crazy options that change language semantics? 23333* (bug 3762) Define missing Special:Import UI messages 23334* (bug 3771) Handle internal functions in backtrace in wfAbruptExit() 23335* (bug 3649) Remove obsolete, broken moveCustomMessages script 23336* (bug 3667) Add missing global in page move code 23337* (bug 3761) Avoid deprecation warnings in Special:Import 23338* (bug 2885) Remove unnecessary reference parameter which broke classic skin 23339 talk notification on PHP 5.0.5 23340* (bug 3845) Update attribute.php for 1.5 schema 23341* Fix Parser::unstrip on PHP 4.4.1 and PHP 5.1.0RC4 23342 23343 23344=== Changes since 1.5.2 === 23345 23346* (bug 3612) Remove old broken version of maintenance/compressOld.php 23347 The working version is in maintenance/storage/compressOld.php 23348* (bug 2740) Accept image deletions on 'enter' submit from MSIE 23349* (bug 3933) specify XML namespace for Atom 0.3 feeds 23350* (bug 3939) Don't try to load text for interwiki redirect target 23351* (bug 3948) Avoid notice warning in debug statement in bad search 23352* Recognize Special:Search consistently so read whitelist works 23353* (bug 4013) typo in fr 23354* (bug 3996) Fix text for new entries in RC RSS/Atom feed 23355* (bug 2894) Enhanced Recent Changes link fixes 23356* (bug 3065) Update both watched namespaces when renaming pages 23357* Move parentheses out of <a> link in Special:Contributions 23358* (bug 4071) Generate passwords long enough for $wgMinimalPasswordLength 23359* (bug 4035) Fix prev/next revision links on edit page 23360* (bug 4165) Correct validation for user language selection (data taint) 23361* Clearer message in DefaultSettings.php: edit LocalSettings.php instead 23362 23363 23364=== Changes since 1.5.3 === 23365 23366* (bug 3805) Clear 'new messages' flag properly in enotif mode 23367 for usernames containing spaces 23368* (bug 2714) Backlink from special:whatlinkshere was hard set as 'existing' 23369* (bug 4249) Typo in entities2literals.pl 23370* (bug 4233) Update for japanese language 23371* (bug 4279) Small correction to LanguageDa.php 23372* (bug 4267) Switch dv sd ug ks arc languages to RTL 23373* (bug 3991) Allow the operation of wikicode on Protect move only text 23374* Added AutoAuthenticate hook for external User object suppliers 23375* Parser internal placeholder string now fully randomized for safety 23376 23377=== Changes since 1.5.4 === 23378 23379* Maintenance script to delete unused user accounts 23380* Added detection for WMF files (application/x-msmetafile), added this 23381 MIME type to the default blacklist. Prevented inline display of images 23382 which are not of known image types. This is in response to 23383 http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability 23384 23385=== Changes since 1.5.5 === 23386 23387* (bug 4258) When installing under IIS, $wgArticlePath = "$wgScript?title=$1" 23388 should be set 23389* (bug 4510) Correct Barnes & Noble bookstore URLs 23390* (bug 4504) Use site language for namespace name resolution 23391* Installer fixes from HEAD backported; now uses a more sensible method of 23392 establishing which mySQL user to use, which clears up bug 921 et al. Minor 23393 changes to installer. 23394* Fix problem reported on mailing list where re-initialising stats didn't work 23395 (can't insert duplicate rows with the same id field) 23396* (bug 1122) gray out 'older revision' when viewing first article revision. 23397* Respect database prefix in dumpHTML.inc 23398* Minor improvements to removeUnusedAccounts.php maintenance script 23399* Fix for single-digit week numbers from {{CURRENTWEEK}}, broken by PHP 4.4.1 23400* Removed read-only check from Database::query() 23401* Added --conf option to command line scripts, allowing the user to specify a 23402 different LocalSettings.php. 23403 23404=== Changes since 1.5.6 === 23405 23406* Default main page content improved per bug 4690 23407* Fix dependence on hardcoded UNIQ_PREFIX in LanguageConverter.php 23408* Fixed Special:Unlockdb 23409* Maintenance script to delete unused text records 23410* Maintenance script to delete non-current revisions 23411* Maintenance script to wipe a page and all revisions from the database 23412* (bug 4768) Wrong Russian translation (typo) 23413* Performance bugfix: propagate equality manually for Revision fetches 23414* (bug 4773) PHP fatal error when invalid title passed to Special:Export 23415* Added missing table defs. for transcache to installer schemas 23416* (bug 4824) IE7 beta 2 broke compatibility with PNG logo workarounds, 23417 and seems to work ok with other bits. No longer including the IE 23418 workarounds JavaScript for IE 7 and above. 23419* (bug 2532) Image directory structure migration bug 23420* (bug 4881) Correction to the fix for 1487; Ipblocklist showed 'no blocks' 23421 message at the end of the list even if there were blocks. 23422* (bug 4805) Removed more wikipedia-references from LanguageUk.php 23423* Introduce $wgWantedPagesThreshold per bug 5011; Special:Wantedpages will not 23424 list pages with less than this number of links. Defaults to 1. 23425* Allow customisation of paging limits for items in categories using the 23426 $wgCategoryPagingLimit global, per bug 4970. 23427* Improve "nogomatch" text to make it more obvious that a page can be created. 23428* (bug 5113) Spelling error in French language file 23429* Don't change the password of the MySQL root user. 23430 23431=== Changes since 1.5.7 === 23432 23433* (bug 5180) User login page shows inappropriate email blurb 23434* Add the "AbortNewAccount" hook on account creation; see hooks.txt for more 23435 info. 23436* Update default "exporttext" to reflect that Special:Import exists 23437* Add links to useful material to the default main page content 23438* Fix fragment HTML injection 23439 23440=== Changes since 1.5.8 === 23441 23442* Fixed obvious mistakes in Finnish (fi) translation 23443* Fixed obvious mistakes in Kurdish (ku) translation 23444* Merge two #p-search .pBody statements i monobook/main.css 23445* (bug 5156) Update for Hebrew language (he) translation 23446* Add the "UserRights" hook on user group changes; see hooks.txt for more info. 23447* Translated "listingcontinuesabbrev" for German 23448 23449=== Caveats === 23450 23451Some output, particularly involving user-supplied inline HTML, may not 23452produce 100% valid or well-formed XHTML output. Testers are welcome to 23453set $wgMimeType = "application/xhtml+xml"; to test for remaining problem 23454cases, but this is not recommended on live sites. (This must be set for 23455MathML to display properly in Mozilla.) 23456 23457= MediaWiki 1.4 = 23458 23459== MediaWiki 1.4.15 == 23460 23461(released March 26, 2006) MediaWiki 1.4.15 is a security maintenance release. A 23462bug in decoding of certain encoded links could allow injection of raw HTML into 23463page output; this could potentially lead to XSS attacks. Additionally, this 23464release may display more correctly in IE7 betas. 23465 23466== MediaWiki 1.4.14 == 23467(released January 19, 2006) MediaWiki 1.4.14 is a security and bugfix 23468maintenance release. A bug in edit comment formatting could send PHP into an 23469infinite loop if certain malformed links were included. In most installations, 23470this would cause the script to fail after PHP's 30-second failsafe timeout. For 23471several other minor fixes, see the complete changelog at the end of this file. 23472 23473== MediaWiki 1.4.13 == 23474(released January 5, 2006) MediaWiki 1.4.13 is a security maintenance 23475release.Detection for uploads of Windows Metafile (.wmf) images has been added 23476to help protect against a client-side vulnerability in unpatched Microsoft 23477Windows operating systems. Sites which have enabled uploads and added 23478non-standard file types (such as .ogg, .doc, or .pdf) should upgrade to this 23479release to ensure that malicious .wmf files can't be uploaded with a fake 23480extension; such files could put visitors to the site at risk. For more details 23481on this, see: http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability 23482 23483== MediaWiki 1.4.12 == 23484(released 2005-11-02) MediaWiki 1.4.12 is a bugfix and security maintenance 23485release. A change in PHP 4.4.1 broke handling of extension and 23486<nowiki><pre></nowiki> sections, causing garbage data to be inserted in output 23487and saved edits. This version works around the change. This release includes 23488further corrections to the inline CSS style sanitation which works around a 23489JavaScript "feature" on Microsoft Internet Explorer. Users of Microsoft 23490Internet Explorer for Windows may be vulnerable to XSS injections on prior 1.4 23491releases; users of standards-compliant browsers are not vulnerable. 23492 23493== MediaWiki 1.4.11 == 23494(released 2005-10-05) MediaWiki 1.4.11 is a security maintenance release. 23495Unsafe handling of CSS by Microsoft Internet Explorer could be exploited to 23496produce cross-site scripting attacks by JavaScript injection to clients running 23497that browser. This release blacklists several additional variants from use in 23498HTML inline style attributes. All publicly accessible wikis are recommended to 23499upgrade to reduce the risk to visitors using Microsoft web browsers. Note: the 23500MediaWiki 1.4.x series is not compatible with PHP 5.0.5 or higher. Upgrade to 23501the 1.5.0 release if you require this version of PHP 5. 23502 23503== MediaWiki 1.4.10 == 23504(released 2005-09-21) MediaWiki 1.4.10 is a security maintenance release. A bug 23505in edit submission handling could cause corruption of the previous revision in 23506the database if an abnormal URL was used, such as those used by some spambots. 23507Affected releases: 23508* 1.4.x <= 1.4.9; fixed in 1.4.10 23509* 1.3.x <= 1.3.15; fixed in 1.3.16 235101.5 release candidates are not affected by this problem. All publicly editable 23511wikis are strongly recommended to upgrade immediately. 235121.4 releases can be manually patched by changing this bit in EditPage.php: 23513 23514<syntaxhighlight lang="php"> 23515function importFormData( &$request ) { 23516 if( $request->wasPosted() ) { 23517</syntaxhighlight> 23518to: 23519<syntaxhighlight lang="php"> 23520 function importFormData( &$request ) { 23521 if( $request->getVal( 'action' ) == 'submit' && $request->wasPosted() ) 23522 { 23523</syntaxhighlight> 23524== MediaWiki 1.4.9 == 23525(released 2005-08-29) MediaWiki 1.4.9 is a security maintenance release. It 23526corrects two cross-site scripting security bugs: 23527* <nowiki><math></nowiki> tags were handled incorrectly when TeX rendering 23528support is off, as in the default configuration. 23529* Extension or <nowiki><nowiki></nowiki> sections in Wiki table syntax could 23530bypass HTML style attribute restrictions for cross-site scripting attacks 23531against Microsoft Internet Explorer Wikis where the optional math support has 23532been *enabled* are not vulnerable to the first, but are vulnerable to the 23533second. 23534 23535== MediaWiki 1.4.8 == 23536(released 2005-08-23) MediaWiki 1.4.8 is a bug fix and security maintenance 23537release. A flaw in the interaction between extensions and HTML attribute 23538sanitization was discovered which could allow unauthorized use of offsite 23539resources in style sheets, and possible exploitation of a JavaScript injection 23540feature on Microsoft Internet Explorer. This version expands the returned text 23541and properly checks it before output. Additionally, an update to 23542skins/MonoBook.php ensures that sites using the default MonoBook skin will 23543display correctly in the Internet Explorer 7 beta. (1.3 and 1.5 are not 23544affected by this bug.) 23545 23546== MediaWiki 1.4.7 == 23547(released 2005-07-16) 23548MediaWiki 1.4.7 is a bug fix release. Those affected by the following problems 23549in 1.4.6 should upgrade: 23550* Watchlist breakage on MySQL 3.23.x and with table prefix enabled 23551* Possible breakage in watchlist, some image resizing modes on PHP 4.1.2 1.4.6 23552included a fix for a cross-site scripting vulnerability, so anyone running 23553older 1.4 releases is very strongly encouraged to upgrade as well. Note to 23554upgraders: this version of MediaWiki is known to produce a large number of 23555notice-level warnings under the newly released PHP 4.4.0. These appear however 23556to be harmless; if you encounter them add this to your LocalSettings.php to 23557suppress the notices: error_reporting( E_ALL & ~E_NOTICE ); PHP 5.1.0beta3 is 23558known to be incompatible at this time. 23559 23560== MediaWiki 1.4.6 == 23561(released 2005-07-07) MediaWiki 1.4.6 is a bug fix and security update release. 23562Incorrect escaping of a parameter in the page move template could 23563be used to inject JavaScript code by getting a victim to visit a maliciously 23564constructed URL. Users of vulnerable releases are recommended to upgrade to 23565this release. Vulnerable versions: 23566* 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3 23567* 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6 23568* 1.3 legacy series: not vulnerable This release also includes fixes for some 23569rare bug annoying HTTP errors, a PHP 4.1.2 breakage bug, and works around some 23570template limitations introduced in 1.4.5. See the changelog at the end of this 23571file for a detailed list of bugs fixed. 23572 23573== MediaWiki 1.4.5 == 23574(released 2005-06-03) MediaWiki 1.4.5 is a security update and bugfix release. 23575Incorrect handling of page template inclusions made it possible to inject 23576JavaScript code into HTML attributes, which could lead to cross-site scripting 23577attacks on a publicly editable wiki. Vulnerable releases and fix: 23578* 1.5 prerelease: fixed in 1.5alpha2 23579* 1.4 stable series: fixed in 1.4.5 23580* 1.3 legacy series: fixed in 1.3.13 23581* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended This 23582release also includes a number of bug fixes (see changelog below) and merges 23583some large-server load balancing patches from Wikipedia. An experimental rate 23584limiter for page edits and moves can be enabled with global, per-IP, 23585per-subnet, or per-user bases. See configuration options in 23586includes/DefaultSettings.php 23587 23588== MediaWiki 1.4.4 == 23589(released 2005-05-04) MediaWiki 1.4.4 is a bugfix release for the 1.4 stable 23590release series. Some bugs in the installer/updater and refreshLinks maintenance 23591script were introduced in the last release and have been corrected. 23592 23593== MediaWiki 1.4.3 == 23594 23595(released 2005-04-28) 23596 23597MediaWiki 1.4.3 is a bugfix release for the 1.4 stable release series. 23598 23599Chiefly, this fixes a compatibility problem with PHP 5 and a minor link 23600table corruption bug on initial page save. 23601 23602 23603== MediaWiki 1.4.2 == 23604 23605(released 2005-04-20) 23606 23607MediaWiki 1.4.2 is a security and bug fix release for the 1.4 stable release 23608series. 23609 23610A cross-site scripting injection vulnerability was discovered, which 23611affects only MSIE clients and is only open if MediaWiki has been 23612manually configured to run output through HTML Tidy ($wgUseTidy). 23613 23614Several other bugs are fixed in this release, see the changelog below. 23615 23616All new installations are highly recommended to use 1.4.2 instead of 236171.3.x; 1.3.x users should consider upgrading for bug fixes and new 23618features. Ealier 1.4.x release and beta users should upgrade to this 23619release for relevant bug fixes; see the changelog later in this file. 23620 23621 23622If you have trouble, remember to read this whole file and the online FAQ page 23623before asking for help: 23624 23625https://www.mediawiki.org/wiki/Manual:FAQ 23626 23627 23628=== READ THIS FIRST: Upgrading === 23629 23630If upgrading from an older release, see the notes in the file UPGRADE. 23631There are a couple of minor database changes from the beta releases, 23632and somewhat larger changes from 1.3.x. 23633 23634Upgrading from a previous 1.4.x stable release installation should 23635generally only require copying the new files over the old ones. 23636 23637 23638==== READ THIS FIRST, TOO: MySQL 4.1 AND 5.0 ==== 23639 23640MySQL 5.0 is a beta release, not yet ready for production use. If you 23641are using it, the notes below about 4.1 apply to you too. 23642 23643If you have the choice of MySQL 4.0 or MySQL 4.1 and don't need 4.1 for 23644some other application, you should consider sticking with 4.0 for the 23645moment. 4.1 may require you to do extra fiddling to get things to work 23646due to changes that aren't fully backwards-compatible. 23647 23648MySQL 4.1 has changed the authentication protocol in an incompatible 23649way; many PHP installations still use the older client libraries and 23650CANNOT CONNECT TO THE SERVER WITH A PASSWORD without some changes. 23651 23652See: http://dev.mysql.com/doc/mysql/en/Old_client.html 23653 23654If MySQL is set with utf-8 as the default character set, installation 23655may fail with "key too long" errors. Set the default charset to 'latin1' 23656for installation and it should work. 23657 23658The mysqldump backup generator now applies an automatic conversion to 23659UTF-8, which may irretrivably corrupt your data. Pass the -charset option 23660with the original default charset (eg 'latin1') to skip the conversion. 23661 23662 23663==== READ THIS FIRST IF RUNNING ON A WINDOWS SERVER ==== 23664 23665MediaWiki is tested and deployed primarily under the Apache web server 23666on Linux Unix systems. There are known to be problems running on 23667Microsoft's IIS which are not fully resolved. If you have a choice, 23668try running under Apache on Windows, or on a Unix/Linux box instead. 23669 23670If you're having trouble with blank pages on IIS and can't switch, 23671try the workaround suggested in this bug report: 23672http://bugzilla.wikimedia.org/show_bug.cgi?id=1763 23673 23674 23675=== New features === 23676 23677* 'Recentchanges Patrol' to mark new edits that haven't yet been viewed. 23678* New, searchable deletion/upload/protection logs 23679* Image gallery generation (Special:Newimages and <gallery> tag) 23680* SVG rasterization support (requires external support tools) 23681* Users can select from the available localizations to override the 23682 default user interface language. 23683* Traditional/Simplified Chinese conversion support 23684* rel="nofollow" support to combat linkspam 23685 23686The current implementation adds this attribute to _all_ external URL 23687links in wiki text (but not internal [[wiki links]] or interwiki links). 23688To disable the attribute for _all_ external links, add this line to your 23689LocalSettings.php: 23690 23691 $wgNoFollowLinks = false 23692 23693For background information on nofollow see: 23694 23695 http://www.google.com/googleblog/2005/01/preventing-comment-spam.html 23696 23697 23698=== Installation and compatibility === 23699 23700* The default MonoBook theme now works with PHP 5.0 23701* Installation on systems with PHP's safe mode or other oddities 23702 should work more reliably, as MonoBook no longer needs to 23703 create a compiled template file for the wiki to run. 23704* A table prefix may be specified, to avoid conflicts with other 23705 web applications forced to share a database. 23706* More thorough UTF-8 input validation; fixes non-ASCII uploaded 23707 filenames from Safari. 23708* Command-line database upgrade script. 23709 23710 23711=== Customizability === 23712 23713* Default user options can now be overridden in LocalSettings. 23714* Skins system more modular: templates and CSS are now in /skins/ 23715 New skins can be dropped into this directory and used immediately. 23716* More extension hooks have been added. 23717* Authentication plugin hook. 23718* More internal code documentation, generated with phpdoc: 23719 https://doc.wikimedia.org/mediawiki-core/master/php/html/ 23720 23721 23722=== Optimization === 23723 23724* For many operations, MediaWiki 1.4 should run faster and use 23725 less memory than MediaWiki 1.3. Page rendering is up to twice 23726 as fast. (Use a PHP accelerator such as Turck MMCache for best 23727 results with any PHP application, though!) 23728* The parser cache no longer requires memcached, and is enabled 23729 by default. This avoids a lot of re-rendering of pages that 23730 have been shown recently, greatly speeding longer page views. 23731* Support for compiled PHP modules to speed up page diff and 23732 Unicode validation/normalization. (Requires ability to compile 23733 and load PHP extensions). 23734 23735 23736=== What isn't ready yet === 23737 23738* A new user/groups permissions scheme has been held back to 1.5. 23739* An experimental SOAP interface will be made available as an extension 23740* PostgreSQL support is largely working, minus search and the installer. 23741 You can perform a manual installation. 23742* E-mail notification of watched page changes and verification of 23743 user-submitted e-mail addresses is not yet included. 23744* Log pages are not automatically imported into the new log table 23745 at upgrade time. A script to import old text log entries is 23746 incomplete, but may be available in later point releases. 23747* Some localizations are still incomplete. 23748 23749 23750 23751== Changelog == 23752 23753=== Important security updates === 23754 23755A security audit found and fixed a number of problems. Users of MediaWiki 237561.3.10 and earlier should upgrade to 1.3.11; users of 1.4 beta releases 23757prior to 1.4rc1 should upgrade immediately. 23758 23759==== Cross-site scripting vulnerability ==== 23760 23761XSS injection points can be used to hijack session and authentication 23762cookies as well as more serious attacks. 23763 23764* Media: links output raw text into an attribute value, potentially 23765 abusable for JavaScript injection. This has been corrected. 23766* Additional checks added to file upload to protect against MSIE and 23767 Safari MIME-type autodetection bugs. 23768 23769As of 1.3.10/1.4beta6, per-user customized CSS and JavaScript is disabled 23770by default as a general precaution. Sites which want this ability may set 23771$wgAllowUserCss and $wgAllowUserJs in LocalSettings.php. 23772 23773 23774==== Cross-site request forgery ==== 23775 23776An attacker could use JavaScript-submitted forms to perform various 23777restricted actions by tricking an authenticated user into visiting 23778a malicious web page. A fix for page editing in 1.3.10/1.4beta6 has 23779been expanded in this release to other forms and functions. 23780 23781Authors of bot tools may need to update their code to include the 23782additional fields. 23783 23784 23785==== Directory traversal ==== 23786 23787An unchecked parameter in image deletion could allow an authenticated 23788administrator to delete arbitary files in directories writable by the 23789web server, and confirm existence of files not deletable. 23790 23791 23792==== Older issues ==== 23793 23794Note that 1.4 beta releases prior to beta 5 include an input validation 23795error which could lead to execution of arbitrary PHP code on the server. 23796Users of older betas should upgrade immediately to the current version. 23797 23798 23799Beta 6 also introduces the use of rel="nofollow" attributes on external 23800links in wiki pages to reduce the effectiveness of wiki spam. This will 23801cause participating search engines to ignore external URL links from wiki 23802pages for purposes of page relevancy ranking. 23803 23804 23805=== Misc bugs fixed in beta 1 === 23806 23807* (bug 95) Templates no longer limited to 5 inclusions per page 23808* New user preference for limiting the image size for images on image 23809 description pages 23810* (bug 530) Allow user to preview article on first edit 23811* (bug 479) [[RFC 1234]] will now make an internal link 23812* (bug 511) PhpTal skins shown bogus 'What links here' etc on special pages 23813* (bug 770) Adding filter and username exact search match for Special:Listusers 23814* (bug 733) Installer die if it can not write LocalSettings.php 23815* (bug 705) Various special pages no more show the rss/atom feed links 23816* (bug 114) use category backlinks in Special:Recentchangeslinked 23817 23818=== Beta 2 fixes === 23819 23820* (bug 987) Reverted bogus fix for bug 502 23821* (bug 992) Fix enhanced recent changes in PHP5 23822* (bug 1009) Fix Special:Makesysop when using table prefixes 23823* (bug 1010) fix broken Commons image link on Classic & Cologne Blue 23824* (bug 985) Fix auto-summary for section edits 23825* (bug 995) Close <a> tag 23826* (bug 1004) renamed norsk language links (twice) 23827* Login works again when using an old-style default skin 23828* Fix for load balancing mode, notify if using old settings format 23829* (bug 1014) Missing image size option on old accounts handled gracefully 23830* (bug 1027) Fix page moves with table prefix 23831* (bug 1018) Some pages fail with stub threshold enabled 23832* (bug 1024) Fix link to high-res image version on Image: pages 23833* (bug 1016) Fix handling of lines omitting Image: in a <gallery> tag 23834* security fix for image galleries 23835* (bug 1039) Avoid error message in certain message cache failure modes 23836* Fix string escaping with PostgreSQL 23837* (bug 1015) [partial] -- use comment formatter on image gallery text 23838* Allow customization of all UI languages 23839* use $wgForceUIMsgAsContentMsg to make regular UI messages act as content 23840* new user option for zh users to disable language conversion 23841* Defer message cache initialization, shaving a few ms off file cache hits 23842* Fixed Special:Allmessages when using table prefixes 23843* (bug 996) Fix $wgWhitelistRead to work again 23844* (bug 1028) fix page move over redirect to not fail on the unique index 23845 23846=== Beta 3 fixes === 23847 23848* Hide RC patrol markers when patrol is disabled or not allowed to patrol. 23849* Fix language selection for upgraded accounts 23850* (bug 1076) navigation links in QueryPage should be translated by wgContLang. 23851* (bug 922) bogus DOS line endings in LanguageEl.php 23852* Fix index usage in contribs 23853* Caching and load limiting options for Recentchanges RSS/Atom feed 23854* (bug 1074) Add stock icons for non-image files in gallery/Newimages 23855* Add width and height attributes on thumbs in gallery/Newimages 23856* Enhance upload extension blacklist to protect against vulnerable 23857 Apache configurations 23858 23859=== Beta 4 fixes === 23860 23861* (bug 1090) Fix sitesupport links in CB/classic skins 23862* Gracefully ignore non-legal titles in a <gallery> 23863* Fix message page caching behavior when $wgCapitalLinks is turned off 23864 after installation and the wiki is subsequently upgraded 23865* Database error messages include the database server name/address 23866* Paging support for large categories 23867* Fix image page scaling when thumbnail generation is disabled 23868* Select the content language in prefs when bogus interface language is set 23869* Fix interwiki links in edit comments 23870* Fix crash on banned user visit 23871* Avoid PHP warning messages when thumbnail not generated 23872* (bug 1157) List unblocks correctly in Special:Log 23873* Fix fatal errors in LanguageLi.php 23874* Undo overly bright, difficult to read colors in Cologne Blue 23875* (bug 1162) fix five-tilde date inserter 23876* Add raw signatures option for those who simply must have cute sigs 23877* (bug 1164) Let wikitext be used in Loginprompt and Loginend messages 23878* Add the dreaded <span> to the HTML whitelist 23879* (bug 1170) Fix Russian linktrail 23880* (bug 1168) Missing text on the bureaucrat log 23881* (bug 1180) Fix Makesysop on shared-user-table sites 23882* (bug 1178) Fix previous diff link when using 'oldid=0' 23883* (bug 1173) Stop blocked accounts from reverting/deleting images 23884* Keep generated stylesheets cache-separated for each user 23885* (bug 1175) Fix "preview on first edit" mode 23886* Fix revert bug caused by bug 1175 fix 23887* Fix CSS classes on minor, new, unpatrolled markers in enhanced RC 23888* Set MySQL 4 boolean search back to 'and' mode by default 23889* (bug 1193) Fix move-only page protection mode 23890* Fix zhtable Makefile to include the traditional manual table 23891* Add memcache timeout for the zh conversion tables 23892* Allow user customization of the zh conversion tables through 23893 Mediawiki:zhconversiontable 23894* Add zh-min-man (back) to language names list 23895* Ported $wgCopyrightIcon setting from REL1_3A 23896* (bug 1218) Show the original image on image pages if the thumbnail would be 23897 bigger than the original image 23898* (bug 1213) i18n of Special:Log labels 23899* (bug 1013) Fix jbo, minnan in language names list 23900* Added magic word MAG_NOTITLECONVERT to indicate that the title of the page 23901 do not need to be converted. Useful in zh: 23902* (bug 1224) Use proper date messages for date reformatter 23903* (bug 1241) Don't show 'cont.' for first entry of the category list 23904* (bug 1240) Special:Preferences was broken in Slovenian locale when 23905 $wgUseDynamicDates is enabled 23906* Added magic word MAG_NOCONTENTCONVERT to suppress the conversion of the 23907 content of an article. Useful in zh: 23908* write-lock for updating the zh conversion tables in memcache 23909* recursively parse subpages of MediaWiki:Zhconversiontable 23910* (bug 1144) Fix export for fy language 23911* make removal of an entry from zhconversiontable work 23912* (bug 752) Don't insert newline in link title for url with %0a 23913* Fix missing search box contents in MonoBook skin 23914* Add option to forward search directly to an external URL (eg google) 23915* Correctly highlight the fallback language variant when the selected 23916 variant is disabled. Used in zh: only for now. 23917 23918=== Beta 5 fixes === 23919 23920* (bug 1124) Fix ImageGallery XHTML compliance 23921* (bug 1186) news: in the middle of a word 23922* (bug 1283) Use underlining and borders to highlight additions/deletions 23923 in diff-view 23924* Use user's local timezone in Special:Log display 23925* Show filename for images in gallery by default (restore beta 3 behavior) 23926* (bug 1201) Double-escaping in brokenlinks, imagelinks, categorylinks, 23927 searchindex 23928* When using squid reverse proxy, cache the redirect to the Main_Page 23929* (bug 1302) Fix Norwegian language file 23930* (bug 1205) Fix broken article saving in PHP 5.1 23931* (bug 1206) Implement CURRENTWEEK and CURRENTDOW magic keyword (will give 23932 number of the week and number of the day). 23933* (bug 1204) Blocks do not expire automatically 23934* (bug 1184) expiry time of indefinite blocks shown as the current time 23935* (bug 1317) Fix external links in image captions 23936* (bug 1084) Fix logo not rendering centrally in IE 23937* (bug 288) Fix tabs wrapping in IE6 23938* (bug 119) Fix full-width tabs with RTL text in IE 23939* (bug 1323) Fix logo rendering off-screen in IE with RTL language 23940* Show "block" link in Special:Recentchanges for logged in users, too, if 23941 wgUserSysopBans is true. 23942* (bug 1326) Use content language for '1movedto2' in edit history 23943* zh: Fix warning when HTTP_ACCEPT_LANGUAGE is not set 23944* zh: Fix double conversion for zh-sg and zh-hk 23945* (bug 1132) Fix concatenation of link lists in refreshLinks 23946* (bug 1101) Fix memory leak in refreshLinks 23947* (bug 1339) Fix order of @imports in Cologne Blue CSS 23948* Don't try to create links without namespaces ([[Category:]] link bug) 23949* Memcached data compression fixes 23950* Several valid XHTML fixes 23951* (bug 624) Fix IE freezing rendering whilst waiting for CSS with MonoBook 23952* (bug 211) Fix tabbed preferences with XHTML MIME type 23953* Fix for script execution vulnerability. 23954 23955=== Beta 6 fixes === 23956 23957* (bug 1335) implement 'tooltip-watch' in Language.php 23958* Fix linktrail for nn: language 23959* (bug 1214) Fix prev/next links in Special:Log 23960* (bug 1354) Fix linktrail for fo: language 23961* (bug 512) Reload generated CSS on preference change 23962* (bug 63) Fix displaying as if logged in after logout 23963* Set default MediaWiki:Sitenotice to '-', avoiding extra database hits 23964* Skip message cache initialization on raw page view (quick hack) 23965* Fix notice errors in wfDebugDieBacktrace() in XML callbacks 23966* Suppress notice error on bogus timestamp input (returns epoch as before) 23967* Remove unnecessary initialization and double-caching of parser variables 23968* Call-tree output mode for profiling 23969* (bug 730) configurable $wgRCMaxAge; don't try to update purged RC entries 23970* Add $wgNoFollowLinks option to add rel="nofollow" on external links 23971 (on by default) 23972* (bug 1130) Show actual title when moving page instead of encoded one. 23973* (bug 925) Fix headings containing <math> 23974* (bug 1131) Fix headings containing interwiki links 23975* (bug 1380) Update Nynorsk language file 23976* (bug 1232) Fix sorting of cached Special:Wantedpages in miser mode 23977* (bug 1217) Image within an image caption broke rendering 23978* (bug 1384) Make patrol signs have the same width for page moves as for edits 23979* (bug 1364) fix "clean up whitespace" in Title:SecureAndSplit 23980* (bug 1389) i18n for proxyblocker message 23981* Add fur/Furlan/Friulian to language names list 23982* Add TitleMoveComplete hook on page renames 23983* Allow simple comments for each translation rules in MW:Zhconversiontable 23984* (bug 1402) Make link color of tab subject page link on talk page indicate 23985 whether article exists 23986* (bug 1368) Fix SQL error on stopword/short word search w/ MySQL 3.x 23987* Translated Hebrew namespace names 23988* (bug 1429) Stop double-escaping of block comments; fix formatting 23989* (bug 829) Fix URL-escaping on block success 23990* (bug 1228) Fix double-escaping on & sequences in [enclosed] URLs 23991* (bug 1435) Fixed many CSS errors 23992* (bug 1457) Fix XHTML validation on category column list 23993* (bug 1458) Don't save if edit form submission is incomplete 23994* Logged-in edits and preview of user CSS/JS are now locked to a session token. 23995* Per-user CSS and JavaScript subpage customizations now disabled by default. 23996 They can be re-enabled via $wgAllowUserJs and $wgAllowUserCss. 23997* Removed .ogg from the default uploads whitelist as an extra precaution. 23998 If your web server is configured to serve Ogg files with the correct 23999 Content-Type header, you can re-add it in LocalSettings.php: 24000 $wgFileExtensions[] = 'ogg'; 24001 24002=== RC1 fixes === 24003 24004* Fix notice error on nonexistent template in wikitext system message 24005* (bug 1469) add missing <ul> tags on Special:Log 24006* (bug 1470) remove extra <ul> tags from Danish log messages 24007* Fix notice on purge w/ squid mode off 24008* (bug 1477) hide details of SQL error messages by default 24009 Set $wgShowSQLErrors = true for debugging. 24010* (bug 1430) Don't check for template data when editing page that doesn't exist 24011* Recentchanges table purging fixed when using table prefix 24012* (bug 1431) Avoid redundant objectcache garbage collection 24013* (bug 1474) Switch to better-cached index for statistics page count 24014* Run Unicode normalization on all input fields 24015* Fix translation for allpagesformtext2 in LanguageZh_cn and LanguageZh_tw 24016* Block image revert without valid login 24017* (bug 1446) stub Bambara (bm) language file using French messages 24018* (bug 1432) Update Estonian localization 24019* (bug 1471) unclosed <p> tag in Danish messages 24020* convertLinks script fixes 24021* Corrections to template loop detection 24022* XHTML encoding fix for usernames containing & in Special:Emailuser 24023* (for zh) Search for variant links even when conversion is turned off, 24024 to help prevent duplicate articles. 24025* Disallow ISO 8859-1 C1 characters and "no-break space" in user names 24026 on Latin-1 wikis. 24027* Correct the name of the main page it LanguageIt 24028* Allow Special:Makesysop to work for usernames containing SQL special 24029 characters. 24030* Fix annoying blue line in Safari on scaled-down images on description page 24031* Increase upload sanity checks 24032* Fix XSS bug in Media: links 24033* Add cross-site form submission protection to various actions 24034* Fix fatal error on some dubious page titles 24035* Stub threshold displays correctly again 24036 24037 24038=== 1.4.0 final fixes === 24039 24040* (bug 65) Fix broken interwiki link encoding on Latin-1 wikis; force to UTF-8 24041* (bug 563) Fix UTF-8 interwiki URL redirects via Latin-1 wikis 24042* (bug 1536) Fix page info 24043* Support os (Ossetic) as language code, using Russian localization base 24044* (bug 1610) Support non (Old Norse) as language code, using Icelandic 24045 localization base 24046* (bug 1618) Properly list custom namespaces in Special:Allpages 24047* (bug 1622) Remove trailing' >' when using category browser 24048* (bug 1570) Fix php 4.2.x error on conflict merging 24049* (bug 1585) Fix page title on post-login redirection page 24050* Run UTF-8 validation on old text in Recentchanges RSS diffs 24051* (bug 1642) fix a mime type typo in img_auth.php 24052* Automated interwiki redirects only for local interwikis 24053* Respect read-only mode on block removals 24054* Trim old illegal characters from syndication feeds 24055* Reduce message cache outage recovery delay from 1 day to 5 minutes 24056* (bug 1403) Update Finnish localization 24057* (bug 1478) Punjabi localization 24058* (bug 1667) Update script 5 second countdown. 24059* (bug 1057) Fix logging table encoding (error on MySQL 4.1) 24060* (bug 1680) Fix linktrail for fo 24061* (bug 1653) Removing hardcoded messages in Special:Allmessages 24062* (bug 1594) Render a hyphen in a formula as − in HTML 24063* (bug 1495) Fall back to default language MediaWiki: for custom messages 24064* (bug 1617) Show different error messages for "user does not 24065 exist" and "wrong password" when using AuthPlugin 24066* (bug 1532), (bug 1544) Changed language names for 24067 'bn', 'bo', 'dv', 'dz', 'ht', 'ii', 'li', 'lo', 'ng', 'or', 'pa', 'si', 24068 'ti', 've' 24069* Fix editing on non-Esperanto wiki with user language pref set to Esperanto 24070* Make conversion table for zh-sg default to zh-cn, and zh-hk default to zh-tw 24071* Fix PHP notice in MonoBook when counters disabled 24072* (bug 1696) Update namespaces, dates in uk localization 24073* (bug 551) Installer warns about magic_quotes_runtime and magic_quotes_sybase 24074 instead of trying to install with corrupt table files 24075* Installer no longer tries to move non-default MediaWiki: pages into Template: 24076* User-to-user email disabled by default ($wgEnableUserEmail) 24077 24078 24079=== 1.4.1 fixes === 24080 24081* (bug 1720) fix genitive month names for uk 24082* (bug 1704) fixed untranslateable string in Special:Log 24083* (bug 1638) Added Belrusian language file 24084* (bug 1736) typo in SpecialValidate.php 24085* (bug 73) Upload doesn't run edit updates on description page (links, 24086 search index and categories) 24087* (bug 646) <math> fails to recognize \ll and \gg 24088* (bug 926) \div element from TeX not supported in <math> element 24089* (bug 1147) add \checkmark to whitelist in texutil.ml 24090* (bug 937) \limits function from LaTeX not supported in <math> element 24091* Support for manually converting article title to different Chinese 24092 variants (for zh) 24093* (bug 1488, bug 1744) Fix encoding for preferences, dates in Latin-1 mode 24094* (bug 1042) Fix UTF-8 case conversion for PHP <4.3 with mbstring extension 24095* Fix code typo that broke article credits display 24096* Installation fixes for running under IIS 24097* (bug 1556) login page tab order. "remember" checkbox now come after password. 24098* SQL debug log fixlets 24099* (bug 1815) Fix namespace in old revision display with mismatched title 24100* (bug 1788) Fix link duplication when edit/upload comment includes newlines 24101* Change default on $wgSysopUserBans and $wgSysopRangeBans to true 24102* Fix link conversion for URL request 24103* (bug 1851) Updated download URL for the SCIM packages used by zhtable 24104* (bug 1853) Try stripping quotes from term for 'go' title match 24105* Fix missing function in Latin1 mode 24106* (bug 1860) Anchors of interwiki links did not get normalized 24107* (bug 1847) accept lowercase x in ISBN, do not accept invalid A-W,Y,Z 24108* Fix link conversion for URL request, hopefully without breaking the wiki 24109* (bug 1849) New option allows to consider categorized images as used on 24110 Special:Unusedimages 24111* Localized category namespace for ka (Georgian) 24112* (bug 1107) Work around includes problem in installer when parent dir is not 24113 readable by the web server 24114* (bug 1927) Incorrect escaping on wikitext message in Blockip 24115 24116 24117=== 1.4.2 fixes === 24118 24119* Fix math options in Finnish localization 24120* Use in-process Tidy extension if available when $wgUseTidy is on 24121* (bug 1933) Fix PATH_INFO usage under IIS with PHP ISAPI module 24122* (bug 1188) <nowiki> in {{subst:}} includes fixed 24123* (bug 1936) <!-- comments --> in {{subst:}} includes fixed 24124* Fix a potential MSIE JavaScript injection vector in Tidy mode 24125 24126 24127=== 1.4.3 fixes === 24128 24129* (bug 1636) Refs like ţ were misinterpreted as octal in some places 24130* (bug 1163) Special:Undelete showed oldest revision instead of newest 24131* (bug 1938) Fix escaping of illegal character references in link text 24132* (bug 1997) Fix for error on display of renamed items in Recentchanges on PHP5 24133* (bug 1949) Profiling typo in rare error case 24134* (bug 1963) Fix deletion log link when $wgCapitalLinks is off 24135* (bug 1970) Don't show move tab for immobile pages 24136* (bug 1770) Page creation recorded links from the 'newarticletext' message 24137* Optional change to the site_stats table. When applied, this removes the need 24138 for expensive queries in Special:Statistics. 24139 24140 24141=== 1.4.4 fixes === 24142 24143* (bug 725) Let dir="ltr" attribute work again in MonoBook on RTL languages 24144* (bug 2024) Skip JavaScript error for custom skins where .js message not set 24145* (bug 2025) Updated Indonesian localization 24146* (bug 2039) Updated Lithuanian localization 24147 24148 24149=== Caveats === 24150 24151Some output, particularly involving user-supplied inline HTML, may not 24152produce 100% valid or well-formed XHTML output. Testers are welcome to 24153set $wgMimeType = "application/xhtml+xml"; to test for remaining problem 24154cases, but this is not recommended on live sites. (This must be set for 24155MathML to display properly in Mozilla.) 24156 24157 24158For notes on 1.3.x and older releases, see HISTORY. 24159 24160 24161=== Online documentation === 24162 24163Documentation for both end-users and site administrators is currently being 24164built up on MediaWiki.org, and is covered under the GNU Free Documentation 24165License: 24166 24167 https://www.mediawiki.org/ 24168 24169 24170=== Mailing list === 24171 24172A MediaWiki-l mailing list has been set up distinct from the Wikipedia 24173wikitech-l list: 24174 24175 http://lists.wikimedia.org/mailman/listinfo/mediawiki-l 24176 24177A low-traffic announcements-only list is also available: 24178 http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce 24179 24180It's highly recommended that you sign up for one of these lists if you're 24181going to run a public MediaWiki, so you can be notified of security fixes. 24182 24183 24184=== IRC help === 24185 24186There's usually someone online in #mediawiki on irc.freenode.net 24187 24188=MediaWiki 1.3= 24189 24190== MediaWiki 1.3.18 == 24191(released 2005-11-02) 24192MediaWiki 1.3.18 is a bugfix and security maintenance release. A change in PHP 241934.4.1 broke handling of extension and <nowiki><pre></nowiki> sections, causing 24194garbage data to be inserted in output and saved edits. This version works 24195around the change. This release includes further corrections to the inline CSS 24196style sanitation which works around a JavaScript "feature" on Microsoft 24197Internet Explorer. Users of Microsoft Internet Explorer for Windows may be 24198vulnerable to XSS injections on prior 1.3 releases; users of 24199standards-compliant browsers are not vulnerable. 24200 24201== MediaWiki 1.3.17 == 24202(released 2005-10-05) 24203MediaWiki 1.3.17 is a security maintenance release. Unsafe handling of CSS by 24204Microsoft Internet Explorer could be exploited to produce cross-site scripting 24205attacks by JavaScript injection to clients running that browser. This release 24206blacklists several additional variants from use in HTML inline style 24207attributes. All publicly accessible wikis are recommended to upgrade to reduce 24208the risk to visitors using Microsoft web browsers.Note: the MediaWiki 1.3.x 24209series is not compatible with PHP 5.0.5 or higher. Upgrade to the 1.5.0 release 24210if you require this version of PHP 5. 24211 24212== MediaWiki 1.3.16 == 24213(released 2005-09-21) 24214MediaWiki 1.3.16 is a security maintenance release. A bug in edit submission 24215handling could cause corruption of the previous revision in the database if an 24216abnormal URL was used, such as those used by some spambots. Affected releases: 24217* 1.4.x <= 1.4.9; fixed in 1.4.10 24218* 1.3.x <= 1.3.15; fixed in 1.3.16 242191.5 release candidates are not affected by this problem. All publicly editable 24220wikis are strongly recommended to upgrade immediately. 242211.3 releases can be manually patched by changing this bit in 24222{{manual|EditPage.php}}: 24223<syntaxhighlight lang="php"> 24224 if( $this->tokenOk( $request ) ) { 24225 $this->save = $request->wasPosted() && !$this->preview; 24226 } else { 24227</syntaxhighlight> 24228to: 24229<syntaxhighlight lang="php"> 24230 if( $this->tokenOk( $request ) ) { 24231 $this->save = $request->getVal( 'action' ) == 'submit' && 24232 $request->wasPosted() && !$this->preview; 24233 } else { 24234</syntaxhighlight> 24235 24236== MediaWiki 1.3.15, 2005-08-29 == 24237MediaWiki 1.3.15 is a security maintenance release. It corrects across-site 24238scripting security bug: 24239* <nowiki><math></nowiki> tags were handled incorrectly when TeX rendering 24240support is off, as in the default configuration. Wikis where the optional math 24241support has been *enabled* are not vulnerable. The 1.3.x series is no longer 24242maintained except for security fixes; new users and those seeking bug fixes 24243should upgrade to 1.4.9 or 1.5.0. 24244 24245== MediaWiki 1.3.14, 2005-08-23 == 24246MediaWiki 1.3.14 is a security maintenance release. A flaw in the interaction 24247between extensions and HTML attribute sanitization was discovered which could 24248allow unauthorized use of offsite resources in style sheets, and possible 24249exploitation of a JavaScript injection feature on Microsoft Internet Explorer. 24250The 1.3.x series is no longer maintained except for security fixes; new users 24251and those seeking bug fixes should upgrade to 1.4.8 or 1.5.0. Existing 1.3.x 24252installations not willing to upgrade to the current stable release should apply 24253the change manually: 24254In includes/Parser.php, function {{code|inline=y|lang=php|fixTagAttributes()}} 24255add: 24256<syntaxhighlight lang="php"> 24257 # Any placeholder items should have been unstripped already before 24258 # we got to this point. Raw text inserted later could be dangerous. 24259 if( strpos( $t, UNIQ_PREFIX ) !== false ) { 24260 wfDebug( "Parser::fixTagAttributes found stripped data placeholder; 24261 dropping attributes\n" ); 24262 $t = ''; 24263 } 24264</syntaxhighlight> 24265If you are actively using extensions to generate HTML attribute values, upgrade 24266to 1.4 or 1.5 for a more thorough fix. 24267 24268== MediaWiki 1.3.13, 2005-06-03 == 24269MediaWiki 1.3.13 is a security maintenance release. Incorrect handling of page 24270template inclusions made it possible to inject JavaScript code into HTML 24271attributes, which could lead to cross-site scripting attacks on a publicly 24272editable wiki. Vulnerable releases and fix: 24273* 1.5 prerelease: fixed in 1.5alpha2 24274* 1.4 stable series: fixed in 1.4.5 24275* 1.3 legacy series: fixed in 1.3.13 24276* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended The 242771.3.x series is no longer maintained except for security fixes; new users and 24278those seeking general bug fixes should install 1.4.5. Existing 1.3.x 24279installations not willing or able to upgrade to the current stable relase 24280should update the installation to 1.3.13; only includes/Parser.php has changed 24281from 1.3.12. 24282 24283== MediaWiki 1.3.12, 2005-02-20 == 24284MediaWiki 1.3.12 is a security maintenance release. A cross-site scripting 24285injection vulnerability was discovered, which affects only MSIE clients and is 24286only open if MediaWiki has been manually configured to run output through HTML 24287Tidy ($wgUseTidy). The 1.3.x series is no longer maintained except for security 24288fixes; new users and those seeking bug fixes should upgrade to 1.4.2. Existing 242891.3.x installations using Tidy not willing to upgrade to the current stable 24290relase should either turn off Tidy or update the installation to 1.3.12. 24291 24292== MediaWiki 1.3.11, 2005-02-20 == 24293MediaWiki 1.3.11 is a security release. 24294A security audit found and fixed a number of problems. Users of MediaWiki 242951.3.10 and earlier should upgrade to 1.3.11; users of 1.4 beta releases should 24296upgrade to 1.4rc1. 24297 24298=== Cross-site scripting vulnerability === 24299XSS injection points can be used to hijack session and authentication cookies 24300as well as more serious attacks. 24301* Media: links output raw text into an attribute value, potentially abusable 24302for JavaScript injection. This has been corrected. 24303* Additional checks added to file upload to protect against MSIE and Safari 24304MIME-type autodetection bugs. 24305As of <code>1.3.10/1.4beta6</code>, per-user customized CSS and JavaScript is 24306disabled by default as a general precaution. Sites which want this ability may 24307set {{wg|AllowUserCss}} and {{wg|AllowUserJs}} in LocalSettings.php. 24308 24309=== Cross-site request forgery === 24310An attacker could use JavaScript-submitted forms to perform various restricted 24311actions by tricking an authenticated user into visiting a malicious web page. A 24312fix for page editing in 1.3.10/1.4beta6 has been expanded in this release to 24313other forms and functions. Authors of bot tools may need to update their code 24314to include the additional fields. 24315 24316=== Directory traversal === 24317An unchecked parameter in image deletion could allow an authenticated 24318administrator to delete arbitary files in directories writable by the web 24319server, and confirm existence of files not deletable. 24320 24321== MediaWiki 1.3.10, 2005-02-03 == 24322MediaWiki 1.3.10 is a security release. 24323An attacker could craft a URL which, when visited by a particular logged-in 24324user, would execute arbitrary JavaScript code on the user's browser in the 24325wiki's site context. This attack has been blocked, and as an extra precaution 24326the user CSS and JavaScript subpage support is now disabled by default. Sites 24327which want this ability may set {{wg|AllowUserCss}} and {{wg|AllowUserJs}} in 24328{{manual|LocalSettings.php}}. Additional protections have been added against 24329off-site form submissions 24330hijacking user credentials. Authors of bot tools may need to update their code 24331to include additional fields. All wikis running 1.3.x are strongly urged to 24332upgrade to 1.3.10. 24333Changes from 1.3.9: 24334* Logged-in edits and preview of user CSS/JS are now locked to a session token. 24335* Per-user CSS and JavaScript subpage customizations now disabled by default. 24336They can be re-enabled via {{wg|AllowUserJs}} and {{wg|AllowUserCss}}. 24337* Removed .ogg from the default uploads whitelist as an extra precaution. If 24338your web server is configured to serve Ogg files with the correct Content-Type 24339header, you can re-add it in LocalSettings.php: {{wg|FileExtensions}}<code>[] = 24340'ogg'</code> 24341 24342== MediaWiki 1.3.9, 2004-12-12 == 24343MediaWiki 1.3.9 is a security and bug fix release. 24344A flaw in upload handling has been found which may allow upload and execution 24345of arbitrary scripts with the permissions of the web server. Only wikis that 24346have enabled uploads and have a vulnerable Apache configuration will be 24347affected, but to be safe all wikis should upgrade. Wikis with uploads available 24348should either disable uploads or upgrade to 1.3.9 immediately; if other files 24349are customized and require merging changes, 24350includes/{{manual|SpecialUpload.php}} may be replaced individually to add the 24351fix. (It is also recommended to configure your web server to disable script 24352execution in the 'images' subdirectory where uploads are placed, which prevents 24353most attacks even if the wiki fails.) 24354Changes from 1.3.8: 24355* Backported "Templates used in this page"-feature of EditPage 24356* Allow "MySkin" as a default skin. 24357* ({{bugzilla|938}}) Parse namespaces correctly on self-interwiki links 24358* ({{bugzilla|1010}}) fix broken Commons image link on [[Skin:Classic|Classic]] 24359& [[Skin:Cologne Blue|Cologne Blue]] 24360* ({{bugzilla|1004}}) Norsk language names for interwiki links changed, Nauruan 24361language name changed 24362* Enhance upload extension blacklist to protect against vulnerable Apache 24363configurations 24364 24365== MediaWiki 1.3.8, 2004-11-15 == 24366MediaWiki 1.3.8 is a bugfix release. Those running wikis with uploads enabled 24367are strongly recommended to upgrade as this fixes several problems with 24368overwriting previously-uploaded files. 24369Changes from 1.3.7: 24370* ({{bugzilla|506}}) fix {{code|inline=y|lang=html|array_key_exists()}} warning 24371for IIS servers using ISAPI mode 24372* ({{bugzilla|718}}) fix bad charset in (file) cached pages 24373* use local numerals in category page (for Hindi et al) 24374* alias month abbreviations to month names in Hindi 24375* add localized numerals for Gujarati and Kannada 24376* fix Category and project namespaces for Hindi 24377* Don't output bogus timestamp on [[Special:RecentChanges]] if no entries 24378* Correct template include path which broke some but not all Windows installs 24379* Fix edit form submission problem with some PHP versions 24380* Disallow unreachable titles with %XX hex codes 24381* Allow page [[0]] to be renamed 24382* ({{bugzilla|774}}) when saving with <code>section=new</code>, return to the 24383anchor as with existing numbered section edits 24384* Experimental shared upload overlay area (disabled by default) 24385* ({{bugzilla|806}}) Removed some "Wikipedia" hardcoding in German localization 24386* User option localization fix for some extensions 24387* ({{bugzilla|809}}) now try to load the mysql php extension if it isn't loaded 24388* ({{bugzilla|848}}) fix error message in [[Special:Newpages]] RSS and Atom 24389feeds 24390* ({{bugzilla|26}}) fix cache headers on anon talk page notification 24391* ({{bugzilla|874}}) added 'cgi' to {{wg|FileBlacklist}} 24392* ({{bugzilla|862}}) localize date and time format for Finnish 24393* ({{bugzilla|548}}) Don't overwrite images until the user confirms it 24394 24395== MediaWiki 1.3.7, 2004-10-18 == 24396Changes from 1.3.6: 24397* Fix protected-page related security issue. 24398 24399== MediaWiki 1.3.6, 2004-10-14 == 24400Changes from 1.3.5: 24401* ({{bugzilla|296}}) Variables in user interface messages are no longer 24402substituted at install time, so changes to the site name etc should be easier 24403to make 24404* ({{bugzilla|149}}) [[Special:RecentChanges]] "changes from" link preserves 24405limit 24406* ({{bugzilla|433}}) tooltip for "Undelete" tab now labeled correctly 24407* ({{bugzilla|439}}) unclickable "Move" tab no longer displays on protected 24408pages 24409* ({{bugzilla|484}}) graceful deletion of images where the actual file is 24410missing 24411* ({{bugzilla|686}}) fixed [[plural]]s in Catalan localization 24412* Fixed potential HTML/JavaScript injection attack in the 24413[[Extension:UnicodeConverter|UnicodeConverter]] extension. (This extension is 24414not enabled by default.) 24415* Fixed potential HTML/JavaScript injection attack via raw page views to a 24416maliciously crafted wiki page. 24417* ({{bugzilla|187}}, {{bugzilla|669}}) Fixed centered thumbnails, using 24418{{code|inline=y|lang=html|<div>}} instead of {{code|inline=y|lang=html|<span>}}. 24419* catch MySQL error 2000 during installation. 24420* ({{bugzilla|704}}) Removed misleading LocalSettings.sample 24421* Fix cross site scripting bugs in [[Special:Ipblocklist]], 24422[[Special:EmailUser]] 24423* Fix SQL injection and cross site scripting bugs in Special:Maintenance 24424* Fix cross site scripting bugs and possible filename validation vulnerability 24425in ImagePage. 24426* and more of that sort 24427 24428== MediaWiki 1.3.5, 2004-09-30 == 24429Changes from 1.3.4: 24430* Clean up input validation in 'raw' page output mode which was a potential 24431cross-site scripting opportunity. 24432 24433== MediaWiki 1.3.4, 2004-09-28 == 24434=== SECURITY NOTE === 24435As of 1.3.4, MediaWiki performs some screening of newly uploaded files for 24436validity. (Some) corrupt image files, and HTML files mistakenly or maliciously 24437masquerading as images, should now be rejected. These checks protect against 24438Internet Explorer security holes relating to type autodetection which are a 24439potential cross-site scripting attack vector, and also rejects at least one 24440known version of the "JPEG virus" which might attack unpatched clients. If you 24441already have invalid files uploaded this will not protect against them. If you 24442have expanded the <code>filetype</code> whitelist or disabled the strict type 24443checking, other dangerous file types may still get through. You should always 24444be careful when allowing uploads! 24445Changes from 1.3.3: 24446* Fixed lots of template-related bugs, esp. for cases where template variables 24447are used for links, images, etc. 24448* Fixed transformation of page messages when viewing [[Special:Allmessages]] 24449* Handle "ISBN ISBN 1234" correctly 24450* Fixed warning on Category pages 24451* Fixed some bad error messages on login page 24452* Fixed history entry for initial main page on install 24453* Removed problematic <code>{</code> and <code>}</code> from legal title 24454characters 24455* Strip leading blank from output in preformatted text. 24456* Fixed problem when moving pages to titles with '#' in 24457* Optional {{wg|RawHtml}} for raw {{code|inline=y|lang=html|<html>}} sections. 24458Use only on limited- participation 'trusted' wikis, as it does not protect 24459against cross-site scripting attacks. For security, this option can only be 24460enabled if in {{wg|WhitelistEdit}} mode. 24461* Fixed problem where pages which were created as a redirect following a move 24462never showed on [[Special:Randompage]]. 24463* Fixed line spacing on printed table of contents 24464* Allow links to pages with names of the form [[RFC 1234]] 24465* Fixed broken edit links being shown for sections from included templates 24466* Verify that uploaded image files are of the claimed type. 24467 24468== MediaWiki 1.3.3, 2004-09-09 == 24469Changes from 1.3.2: 24470* Fix for long numeric page titles 24471* Fix Go search for "0", numeric almost-self-links 24472* Avoid caching of pages with "You have new messages" headers 24473* Fix for upgrades as non-root users from 1.2 command-line installs. 24474* Fix for {{wg|DebugDumpSql}} debug mode. 24475* {{wg|ExtraNamespaces}} setting for configuring additional namespaces (see 24476note in {{manual|DefaultSettings.php}}) 24477* 'recache' on query pages now disabled when miser mode is on; special case the 24478global settings in your {{manual|LocalSettings.php}} to do automatic updates. 24479* Don't block UTF-8 titles containing byte 0xA0 (bug added in 1.3.2) 24480* Watch/unwatch tabs now shown on edit pages in MonoBook. 24481* Fix default skin in Irish localization (ga) 24482* Add Traditional Chinese localization (zh-tw) 24483* Changed default sortkey of subcategories. Don't include "Category:"-prefix 24484any longer 24485* More helpful info on spam catcher. 24486* Allow larger offsets for queries such as [[Special:Listusers]] 24487* Semicolon (;) added to French non-break space rules 24488* Possible fix for some install errors with path names permission problems. 24489* Removed [[Project:All system messages]], which has been superseded by the 24490much faster [[Special:Allmessages]]. This speeds up installation considerably. 24491 24492== MediaWiki 1.3.2, 2004-08-30 == 24493Changes from 1.3.1: 24494* Fix namespaced page creation links when no go match 24495* When cookies are disabled, don't show login screen twice 24496* Install should no longer die when PHP is pre-configured to compress output 24497* Fixed bug that caused long Japanese pages to time out with Tidy active 24498* When session.handler is set incorrectly, try automatic override to 'files' 24499* Watch/Unwatch links back to the affected page instead of Main Page 24500* Upload link no longer displayed on Monobook if uploading is disabled 24501* Special:Allmessages faster, shows correct original text, works in safe mode 24502 24503== MediaWiki 1.3.1, 2004-08-14 == 24504Changes from 1.3.0: 24505* Watchlist parameters now work with register_globals off 24506* Fixed parsing of ''italics'' and '''bold''' mark-up (again) 24507* Special:Allpages display is more sensible on smaller wikis 24508* Fixed XHTML parsing error in classic skins 24509* Moved pages update watchlist correctly 24510* Fixed rebuildall.php on case-sensitive Unix filesystems 24511* Disabled file cache compression by default due to incompatibility with output 24512buffer compression (ob_gzhandler) 24513* New magic word {{code|inline=y|PAGENAMEE}} (URL-escaped version of 24514{{code|inline=y|PAGENAME}}) 24515* Installation avoids blank username; better message on missing XML module 24516* {{wg|WhitelistAccount}} no longer breaks all logins. 24517 24518== MediaWiki 1.3.0, 2004-08-11 == 24519Look & layout: 24520* New default layout '[[Skin:MonoBook|MonoBook]]' (available on PHP4 only 24521currently) 24522* Print stylesheet now built-in to every page 24523* More or less correct XHTML 1.0 (served as text/html by default) 24524Wiki features: 24525* Image captions can now include links and other basic formatting 24526* Image bounding box can be specified instead of width, e.g. as 100x100px, 24527making the image not wider than 100px and not higher than 100px, keeping aspect 24528ratio. 24529* Templates have been expanded with parameters, and separated from the 24530MediaWiki: localization scheme. 24531* Categories more or less work 24532* added a special page for listing users with sysop rights. 24533Editing: 24534* Automatic merging of edit conflicts that don't directly interfere 24535* Edit summaries can now include basic formatting and links 24536Metadata and output: 24537* Linked Creative Commons copyright metadata (optional) 24538* RSS 2.0 & Atom 0.3 feeds for Recent Changes, New Pages 24539Optional modules: 24540* WikiHiero hieroglyphic module can be added (separate download) 24541* Timeline module can be added (separate download). Requires ploticus. 24542* TeX now has an experimental MathML output mode (incomplete!) 24543Installation and upgrading: 24544* The old install.php and update.php have been removed. In-place installation 24545introduced in 1.2 is now the standard installation and upgrade method, see 24546INSTALL and UPGRADE for directions. 24547Database: 24548* The links table has been changed to use a cur_id for l_from. The link tables 24549must be converted on upgrade, which may entail some downtime. 24550Code and compatibility: 24551* Should now run clean with error reporting set to E_ALL. 24552* register_globals hack from 1.2 has been replaced with safer code 24553* Bundled PHPTAL 0.7.0 from http://phptal.sourceforge.net/ (with some patches) 24554* Most image-related code moved to Image.php 24555* More fixes for PHP 4.1.2 (thanks to Asheesh Laroia) 24556* URL encoding fix for anchors 24557* All languages now available in UTF-8 mode 24558* Various other fixes 24559 24560=== Caveats === 24561Some output, particularly involving user-supplied inline HTML, may not produce 24562100% valid or well-formed XHTML output. Testers are welcome to set $wgMimeType 24563= "application/xhtml+xml"; to test for remaining problem cases, but this is not 24564recommended on live sites. (This must be set for MathML to display properly in 24565Mozilla.) The new 'MonoBook' skin is not compatible with PHP 5 due to bugs in 24566the underlying PHPTAL library. It will be automatically disabled when running 24567on PHP5; the older look and feel will be used instead. 24568
