setting since version 1.2.0. If you have it on, turn it *off* if you can.
+== MediaWiki 1.5 alpha 2 ==
+
+June 3, 2005
+
+MediaWiki 1.5 alpha 2 includes a lot of bug fixes, feature merges,
+and a security update.
+
+Incorrect handling of page template inclusions made it possible to
+inject JavaScript code into HTML attributes, which could lead to
+cross-site scripting attacks on a publicly editable wiki.
+
+Vulnerable releases and fix:
+* 1.5 prerelease: fixed in 1.5alpha2
+* 1.4 stable series: fixed in 1.4.5
+* 1.3 legacy series: fixed in 1.3.13
+* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended
+
+
== MediaWiki 1.5 alpha 1 ==
May 3, 2005
* (bug 2067) Fixed crash on empty quoted HTML attribute
* (bug 2075) Corrected namespace definitions in Tamil localization
* (bug 2079) Removed links to Special:Maintenance from movepagetext message
+* (bug 2094) Multiple use of a template produced wrong results in some cases
* (bug 2095) Triple-closing-bracket thing partly fixed
* (bug 2110) "noarticletext" should not display on Image page for "sharedupload" media
* (bug 2150) Fix tab indexes on edit form
* (bug 2176) Section edit 'show changes' button works correctly now
* (bug 2178) Use temp dir from environment in parser tests
* (bug 2217) Negative ISO years were incorrectly converted to BC notation
+* (bug 2234) allow special chars in database passwords during install
* Deprecated the {{msg:template}} syntax for referring to templates, {{msg: is
now the wikisyntax representation of wfMsgForContent()
* Fix for reading incorrectly re-gzipped HistoryBlob entries
* The #p-nav id in MonoBook is now #p-navigation
* Putting $4 in msg:userstatstext will now give the percentage of
admnistrators out of normal users.
+* links and brokenlinks tables merged to pagelinks; this will reduce pain
+ dealing with moves and deletes of widely-linked pages.
+* Add validate table and val_ip column through the updater.
+* Simple rate limiter for edits and page moves; set $wgRateLimits
+ (somewhat experimental; currently needs memcached)
+* (bug 2262) Hide math preferences when TeX is not enabled
+* (bug 2267) Don't generate thumbnail at the same size as the source image.
+* Fix rebuildtextindex.inc for new schema
+* Remove linkscc table code, no longer used.
+* (bug 2271) Use faster text-only link replacement in image alt text
+ instead of rerunning expensive link lookup and HTML generation.
+* Only build the HTML attribute whitelist tree once.
+* Replace wfMungeToUtf8 and do_html_entity_decode with a single function
+ that does both numeric and named chars: Sanitizer::decodeCharReferences
+* Removed some obsolete UTF-8 converter functions
+* Fix function comment in debug dump of SQL statements
+* (bug 2275) Update search index more or less right on page move
+* (bug 2053) Move comment whitespace trimming from edit page to save;
+ leaves the whitespace from the section comment there on preview.
+* (bug 2274) Respect stub threshold in category page list
+* (bug 2173) Fatal error when removing an article with an empty title from the watchlist
+* Removed -f parameter from mail() usage, likely to cause failures and bounces.
+* (bug 2130) Fixed interwiki links with fragments
+* (bug 684) Accept an attribute parameter array on parser hook tags
+* (bug 814) Integrate AuthPlugin changes to support Ryan Lane's external
+ LDAP authentication plugin
+* (bug 2034) Armor HTML attributes against template inclusion and links munging
+
+=== Changes since 1.5alpha2 ===
+
+* (bug 2319) Fix parse hook tag matching
+* (bug 2329) Fix title formatting in several special pages
+* (bug 2223) Add unique index on user_name field to prevent duplicate accounts
+* (bug 1976) fix shared user database with a table prefix set
+* (bug 2334) Accept null for attribs in wfElement without PHP warning
+* (bug 2309) Allow templates and template parameters in HTML attribute zone,
+ with proper validation checks. (regression from fix for 2304)
+* Disallow close tags and enforce empty tags for <hr> and <br>
+* Changed user_groups format quite a bit.
+* (bug 2368) Avoid fatally breaking PHP 4.1.2 in a debug line
+* (bug 2367) Insert correct redirect link record on page move
+* (bug 2372) Fix rendering of empty-title inline interwiki links
+* (bug 2384) Fix typo in regex for IP address checking
+* (bug 650) Prominently link MySQL 4.1 help page in installer if a possible
+ version conflict is detected
+* (bug 2394) Undo incompatible breakage to {{msg:}} compatiblity includes
+* (bug 1322) Use a shorter cl_sortkey field to avoid breaking on MySQL 4.1
+ when the default charset is set to utf8
+* (bug 2400) don't send confirmation mail on account creation if
+ $wgEmailAuthentication is false.
+* (bug 2172) Fix problem with nowiki beeing replaced by marker strings
+ when a template with a gallery was used.
+* Guard Special:Userrights against form submission forgery
+* (bug 2408) page_is_new was inverted (whoops!)
+* Added wfMsgHtml() function for escaping messages and leaving params intact
+* Fix ordering of Special:Listusers; fix groups list so it shows all groups
+ when searching for a specific group and can't be split across pages
+* (bug 1702) Display a handy upload link instead of a useless blank link
+ for [[media:]] links to nonexistent files.
+* (bug 873) Fix usage of createaccount permission; replaces $wgWhitelistAccount
+* (bug 1805) Initialise $wgContLang before $wgUser
+* (bug 2277) Added Friulian language file
+* Less gratuitous munging of content sample in delete summary
+
=== Caveats ===
dépôts / lhc / web / wiklou.git / blobdiff