Allow passing detailed permission errors data to API

[lhc/web/wiklou.git] / RELEASE-NOTES-1.27

Security reminder: If you have PHP's register_globals option set, you must
turn it off. MediaWiki will not work with it enabled.

== MediaWiki 1.27 ==

THIS IS NOT A RELEASE YET

MediaWiki 1.27 is an alpha-quality branch and is not recommended for use in
production.

=== Configuration changes in 1.27 ===
* $wgUseLinkNamespaceDBFields was removed.
* Deprecated $wgResourceLoaderMinifierStatementsOnOwnLine and
  $wgResourceLoaderMinifierMaxLineLength, because there was little value in
  making the behavior configurable. The default values (`false` for the former,
  1000 for the latter) are now hard-coded.
* $wgDebugDumpSqlLength was removed (deprecated in 1.24).
* $wgDebugDBTransactions was removed (deprecated in 1.20).
* $wgUseXVO has been removed, as it provides functionality only used by
  custom Wikimedia patches against Squid 2.x that probably noone uses in
  production anymore. There is now $wgUseKeyHeader that provides similar
  functionality but instead of the MediaWiki-specific X-Vary-Options header,
  uses the draft Key header standard.
* $wgScriptExtension (and support for '.php5' entry points) was removed. See the
  deprecation notice in the release notes for version 1.25 for advice on how to
  preserve support for '.php5' entry points via URL rewriting.
* Password handling via the User object has been deprecated and partially
  removed, pending the future introduction of AuthManager. In particular:
** expirePassword(), getPasswordExpireDate(), resetPasswordExpiration(), and
   getPasswordExpired() have been removed. They were unused outside of core.
** The mPassword, mNewpassword, mNewpassTime, and mPasswordExpires fields are
   now private and will be removed in the future.
** The getPassword() and getTemporaryPassword() methods now throw
   BadMethodCallException and will be removed in the future.
** The ability to pass 'password' and 'newpassword' to createNew() has been
   removed. The only users of it seem to have been using it to set invalid
   passwords, and so shouldn't be greatly affected.
** setPassword(), setInternalPassword(), and setNewpassword() have been
   deprecated, pending the introduction of AuthManager.
** User::randomPassword() is deprecated in favor of a new method
   PasswordFactory::generateRandomPasswordString()
** User::getPasswordFactory() is deprecated, callers should just create a
   PasswordFactory themselves.
** A new constructor, User::newSystemUser(), has been added to simplify the
   creation of passwordless "system" users for logged actions.
* $wgMaxSquidPurgeTitles was removed.
* $wgAjaxWatch was removed. This is now enabled by default.
* (T27397) WebP is enabled by default as an uploadable filetype

=== New features in 1.27 ===
* $wgDataCenterId and $wgDataCenterRoles where added, which will serve as
  basic configuration settings needed for multi-datacenter setups.
  $wgDataCenterUpdateStickTTL was also added.
* Added a new hook, 'UserMailerTransformContent', to transform the contents
  of an email. This is similar to the EmailUser hook but applies to all mail
  sent via UserMailer.
* Added a new hook, 'UserMailerTransformMessage', to transform the contents
  of an emai after MIME encoding.
* Added a new hook, 'UserMailerSplitTo', to control which users have to be
  emailed separately (ie. there is a single address in the To: field) so
  user-specific changes to the email can be applied safely.
* $wgCdnMaxageLagged was added, which limits the CDN cache TTL
  when any load balancer uses a DB that is lagged beyond the 'max lag'
  setting in the relevant section of $wgLBFactoryConf.
* User::newSystemUser() may be used to simplify the creation of passwordless
  "system" users for logged actions from scripts and extensions.
* Extensions can now return detailed error information via the API when
  preventing user actions using 'getUserPermissionsErrors' and similar hooks
  by using ApiMessage instances instead of strings for the $result value.

==== External libraries ====

=== Bug fixes in 1.27 ===

=== Action API changes in 1.27 ===
* Added list=allrevisions.
* generator=recentchanges now has the option to generate revids.
* ApiPageSet::setRedirectMergePolicy() was added. This allows generator
  modules to define how generator data for a redirect source gets merged
  into the redirect destination.
* prop=imageinfo&iiprop=uploadwarning will no longer include the possibility of
  "was-deleted" warning.
* Added difftotextpst to query=revisions which preforms a pre-save transform on
  the text before diffing it.

=== Action API internal changes in 1.27 ===
* ApiQueryORM removed.

=== Languages updated in 1.27 ===

MediaWiki supports over 350 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Bugzilla reports.

=== Other changes in 1.27 ===
* ProfilerOutputUdp was removed. Note that there is a ProfilerOutputStats class.
* WikiPage::doDeleteArticleReal() and WikiPage::doDeleteArticle() now
  ignore the 2nd and 3rd arguments (formerly $id and $commit).
* Removed "loaderScripts" option from ResourceLoaderFileModule class.
* Removed ORM-like wrapper added in 1.20.

== Compatibility ==

MediaWiki 1.27 requires PHP 5.3.3 or later. There is experimental support for
HHVM 3.3.0.

MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but
support for them is somewhat less mature. There is experimental support for
Oracle and Microsoft SQL Server.

The supported versions are:

* MySQL 5.0.3 or later
* PostgreSQL 8.3 or later
* SQLite 3.3.7 or later
* Oracle 9.0.1 or later
* Microsoft SQL Server 2005 (9.00.1399)

== Upgrading ==

1.27 has several database changes since 1.26, and will not work without schema
updates. Note that due to changes to some very large tables like the revision
table, the schema update may take quite long (minutes on a medium sized site,
many hours on a large site).

If upgrading from before 1.11, and you are using a wiki as a commons
repository, make sure that it is updated as well. Otherwise, errors may arise
due to database schema changes.

If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
new database fields are filled with data.

If you are upgrading from MediaWiki 1.4.x or earlier, you should upgrade to
1.5 first. The upgrade script maintenance/upgrade1_5.php has been removed
with MediaWiki 1.21.

Don't forget to always back up your database before upgrading!

See the file UPGRADE for more detailed upgrade instructions.

For notes on 1.26.x and older releases, see HISTORY.

== Online documentation ==

Documentation for both end-users and site administrators is available on
MediaWiki.org, and is covered under the GNU Free Documentation License (except
for pages that explicitly state that their contents are in the public domain):

       https://www.mediawiki.org/wiki/Documentation

== Mailing list ==

A mailing list is available for MediaWiki user support and discussion:

       https://lists.wikimedia.org/mailman/listinfo/mediawiki-l

A low-traffic announcements-only list is also available:

       https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce

It's highly recommended that you sign up for one of these lists if you're
going to run a public MediaWiki, so you can be notified of security fixes.

== IRC help ==

There's usually someone online in #mediawiki on irc.freenode.net.