element to
+ be compatible with the CSS for the Vector skin
+* (bug 20578) Wrong localized image metadata - duplicated string?
+* (bug 20556) Stub threshold's "other" in Special:Preferences now has a
+ correct type="text" parameter
+* (bug 482) Don't include TOC in the printable version if it has been hidden
+* Adjust the time according to the user configuration on Special:Revisiondelete
+* (bug 20624) Installation no longer allows "qqq" as the chosen language
+* (bug 20634) The installer-created database user will now have all rights on
+ the database so that upgrades will go more smoothly.
+* (bug 18180) Special:Export ignores limit, dir, offset parameters
+* User::getBlockedStatus() works for all kinds of user objects and doesn't
+ assume the user object is equal to the current-user object ($wgUser)
+* (bug 20517) Cancel link from edit page now returns to the old version when
+ editing an old version
+* (bug 16902) Installer no longer shows warnings when exec() has been disabled
+ by disable_functions
+* (bug 20726) Title::getLatestRevID's documentation now says that the function
+ returns false if the page doesn't exist
+* (bug 20751) ForeignApiRepo now urldecodes filenames when saving to local cache
+* (bug 20730) Fix to Special:Version ViewVC link for branch checkouts
+* (bug 20353) wfShellExec() was adding extra quotes on Windows Vista, causing
+ command line scripts to fail
+* (bug 20702) Parser functions can now be used correctly in
+ MediaWiki:Missing-article
+* (bug 14117) "redirected from" is now also shown on foreign file redirects
+* (bug 17747) Only display thumbnail column in file history if the image can
+ be rendered.
+* (bug 3421) Live preview no longer breaks user CSS/JS previews
+* (bug 11264) The file logo on a file description page for documents (PDF, ...)
+ now links to the file rather than the file description page
+* Password fields built with HTMLForm now still have the type="password"
+ attribute if $wgHtml5=false.
+* (bug 20836) Preload now works for MediaWiki namespace
+* (bug 20885) Search box no longer suggests unavailable special pages
+* (bug 20948) "Create this page" on Special:Search is no longer displayed when
+ searching for special pages
+* (bug 20524) Hideuser: Show nice error when trying to block hidden user without
+ hideuser right
+* (bug 21026) Fixed file redirects on shared repos on non-English client wikis
+* (bug 21030) Fixed schema choices from being overwritten by defining unique
+ field names per driver.
+* (bug 21115) wgCanonicalSpecialPageName javascript variable is now always
+ false on non-special pages
+* (bug 21113) "Other statistics" header on Special:Statistics is no more
+ displayed when there isn't any entry in it
+* (bug 21114) Special:Contributions no longer shows diff links for new
+ revisions
+* (bug 21116) MediaWiki:Templatesused, MediaWiki:Templatesusedpreview and
+ MediaWiki:Templatesusedsection now support plural
+* (bug 21079) There is no more line wrapping between label and field in
+ Special:Log
+* (bug 20256) Fixed SQL errors on Special:Recentchanges and
+ Special:Recentchangeslinked on SQLite backend
+* (bug 20880) Fixed updater failure on SQLite backend
+* (bug 21182) Fixed invalid HTML in Special:Listgrouprights
+* (bug 20242) Installer no longer promts for user credentials for SQLite
+ databases
+* (bug 20911) Installer failed to create a SQLite database
+* (bug 20847) Deprecated deprecated akeytt() removed in wikibits.js leaving
+ dummy
+* (bug 21161) Changing $wgCacheEpoch now always invalidates file cache
+* (bug 20268) Fixed row count estimation on SQLite backend
+* (bug 20275) Fixed LIKE queries on SQLite backend
+* (bug 21234) Moving subpages of titles containing \\ now works properly
+* (bug 21006) maintenance/updateArticleCount.php now works again on PostgreSQL
+* (bug 19319) Add activeusers-intro message at top of SpecialActiveUsers page
+* (bug 21255) Fixed hostname construction for DNSBL checking
+* (bug 18019) Users are now warned when moving a file to a name in use on a
+ shared repository and only users with the 'reupload-shared' permission can
+ complete the move.
+* (bug 18909) Add missing Postgres INSERT SELECT wrapper
+* User::isValidPassword now only returns boolean results,
+ User::getPasswordValidity can be used to get an error message string
+* The error message shown in Special:ChangePassword now parses wiki markup
+* (bug 19859) Removed experimental HTMLDiff feature
+* Removed section edit links in edit conflict form
+* Allow SpecialActiveusers to work on non-MySQL databases
+* (bug 6579) Fixed protecting images from uploading only
+* (bug 18609) Search index was empty for some pages
+* (bug 13453) rebuildrecentchanges maintenance script works on PG again
+* (bug 16583) Reduce false positives when checking for PHP (on upload, etc.)
+* (bug 20112) Bitrotted tests in the t/ directory were failing.
+* (bug 21470) MediaWiki:Sp-contributions-explain is now wrapped in a with
+ id "mw-sp-contributions-explain"
+* (bug 19159) Fixed \overleftrightarrow in texvc
+* (bug 19391) Fix caching for Recent ChangesFeed.
+* (bug 21455) Fixed "Watch this page" checkbox appearing on some special pages
+ even to non-logged in users
+* (bug 21551) Rewrote the Squid purge HTTP client to provide a more robust and
+ general implementation of HTTP, allowing it to purge non-Squid caches such as
+ Varnish.
+* Fixed corruption of long UDP debug log messages by using socket_sendto()
+ instead of fsockopen() with fwrite().
+* (bug 16884) Fixed feed links in sidebar not complying with URL parameters
+ of the displayed page
+* (bug 21403) memcached class renamed to MWMemecached to avoid conflict with
+ PHP's memcached extension
+* (bug 21650) Both calls to SkinTemplateTabs hook are now compatible
+* (bug 21672) Add missing Accept-Language to both Vary and XVO headers
+* (bug 21679) "Edit block reasons" link at the bottom of Special:Blockip is now
+ only displayed to the users that have "editinterface" right
+* (bug 21740) Attempting to protect a page that doesn't exist (salting) returns
+ "unknown error"
+* (bug 18762) both redirects and links get fixed one after another if
+ redirects-only switch is not present
+* (bug 20159) thumbnails rerendered if older that $wgThumbnailEpoch
+* Fixed a bug which in some situations causes the job queue to grow forever,
+ due to an infinite loop of job requeues.
+* (bug 21523) File that can have multiple pages (djvu, pdf, ...) no longer have
+ the page selector when they have only one page
+* (bug 21559) "logempty" message is now wrapped in a div with class
+ "mw-warning-logempty" when used in log extract
+* (bug 20549) Parser tests were broken on SQLite backend
+* (bug 21776) Interwiki urls like http://en.wikibooks.org/wiki/cs: should give
+ a redirect instead of a baderror.
+* (bug 21803) Special:MyContributions now keeps the query string parameters
+* Redirecting special pages now keep query string paramters set to "0" (e.g.
+ for namespace)
+* (bug 20765) Special:ListGroupRights no longer misses addables and removables
+ groups if there are duplicate entries
+* (bug 21814) Message shown when rolling back an edit with a deleted username
+ now shows '(username deleted)' instead of broken user tool links
+* (bug 21536) Fixed JavaScript error on Special:Search caused by an incorrect ID
+* (bug 21535) RecentChanges RSS feed now always recognises the namespace filter,
+ previously it sometimes didn't due to caching.
+* (bug 20388) ProfilerSimpleText no longer outputs comment on action=raw
+* refreshLinks.php now purges orphaned redirect table rows
+* (bug 2971) Swap links of hist & diff location on Special:Contributions for
+ consistency with RC/WL
+* (bug 21986) Special page names were are now capitalized by content language
+* If two log type have the same description, they're now both displayed in the
+ type selector on Special:Log
+* (bug 20115) Special:Userlogin title says "Log in / create account" even if the
+ user can't create an account
+* (bug 2658) Don't attempt to set the TZ environment variable.
+* (bug 9794) User rights log entries for foreign user now links to the foreign
+ user's page if possible
+* (bug 14717) Don't load nonexistent CSS fix files for non-Monobook skins
+* (bug 22034) Use wfClientAcceptsGzip() in wfGzipHandler instead of
+ reimplementing it.
+* (bug 19226) First line renders differently on many UI messages.
+* (bug 21303) Comments are no longer stripped from MediaWiki:Common.js and
+ skin-specific JS pages
+* (bug 5061) Use the more precise thumbcaption thumbimage and thumbinner classes
+ for image divs.
+* (bug 22096) IE50Fixes.css and IE55Fixes.css have been dropped from the Monobook
+ and Chick skins
+* Fixed bug involving unclosed "-{" markup in the language converter
+* (bug 21870) No longer include Google logo from an external server on wiki error.
+* (bug 22181) Do not truncate if the ellipsis actually make the string longer
+* (bug 16039) Text disappearing after a bad image
+* (bug 18784) Internal links like [[File:Foo|caption]] should read 'caption',
+ not 'File:Foo' when Foo is not an image
+* (bug 21518) Special:UserRights no longer displays the user name box for users
+ that can only change their rights
+* (bug 21593) Special:UserRights now lists automatic groups membership
+* (bug 22364) Setting $wgUseExternalEditor to false no longer hides the reupload
+ link from file pages
+* Fix bug introduced in MediaWiki 1.12: The author field in
+ $wgExtensionCredits is no longer sorted with sort() but rather used
+ as it appears in extensions as was the case before r30117 where it
+ was unintentionally sorted along with other fields.
+* (bug 19334) Textarea no longer jumps when editing longer articles in IE8
+* Truncate summary of page moves in revision comment field to avoid broken
+ multibyte characters
+* (bug 22540) ForeignApiRepos no longer try to store thumbnails that don't exist
+* (bug 22551) Special:Resetpass now has a "Cancel" button that sends the user to
+ the page set in the &returnto parameter.
+* (bug 19194) Search box in Modern skin doesn't focus with Safari/Chrome
+* (bug 17790) Users instantly logged off on HughesNet
+* (bug 21549) Make foreign key constraints DEFERRABLE INITIALLY DEFERRED
+ when using Postgres as the database backend.
+
+== API changes in 1.16 ==
+
+* Added uiprop=changeablegroups to meta=userinfo
+* Added usprop=gender to list=users
+* (bug 18311) action=purge now works for images too
+* Add parentid to prop=revisions output
+* (bug 17832) action=delete returns 'unknownerror' instead of 'permissiondenied'
+ when the user is blocked
+* (bug 18546) Added timestamp of new revision to action=edit output
+* (bug 18554) Also list hidden revisions in list=usercontribs for privileged
+ users
+* (bug 13049) "API must be accessed from the primary script entry point" error
+* (bug 16422) Don't display help for format=jsonfm unless specifically requested
+* Added PHP and database version to meta=siteinfo output
+* (bug 18533) Add readonly message to meta=siteinfo output
+* (bug 18518) Add clprop=hidden to prop=categories
+* (bug 18710) Fixed internal error with empty parameter in action=paraminfo
+* (bug 18709) Missing descriptions for some parameters in action=paraminfo
+ output
+* (bug 18731) Show correct SVN links for extension modules in api.php?version
+* (bug 18730) Add version information to action=paraminfo output
+* (bug 18743) Add ucprop=size to list=usercontribs
+* (bug 18749) Add generator flag to action=paraminfo output
+* Make action=block respect $wgEnableUserEmail and $wgSysopEmailBans
+* Made deleting file description pages without files possible
+* (bug 18773) Add content flag to siprop=namespaces output
+* (bug 18785) Add siprop=languages to meta=siteinfo
+* (bug 14200) Added user and excludeuser parameters to list=watchlist and
+ list=recentchanges
+* Added index, fromtitle and byteoffset fields to action=parse&prop=sections
+ output
+* (bug 19313) action=rollback returns wrong revid on master/slave setups
+* (bug 19323) action=parse doesn't return section tree on pages with Cite
+ warnings
+* (bug 18720) Add anchor field to action=parse&prop=sections output
+* (bug 19423) The initial file description page used caption in user lang
+ rather than UI lang
+* (bug 17809) Add number of users in user groups to meta=siteinfo
+* (bug 18533) Add readonly reason to readonly exception
+* (bug 19528) Added XSLT parameter to API queries in format=xml
+* (bug 19040) Fix prependtext and appendtext in combination with section
+ parameter in action=edit
+* (bug 19090) Added watchlist parameter, deprecated watch and unwatch
+ parameter in action=edit
+* Added fields to list=search output: size, wordcount, timestamp, snippet
+* Where supported by backend, list=search adds a 'searchinfo' element with
+ optional info: 'totalhits' count and 'suggestion' alternate query term
+* (bug 19907) $wgCrossSiteAJAXdomains added to allow specified (or all)
+ external domains to access api.php via AJAX, if the browser supports the
+ Access-Control-Allow-Origin HTTP header
+* (bug 19999) Made metadata and properties of search results optional. Added
+ srprop and srinfo.
+* (bug 20700) Add amprop=default to meta=allmessages to list default value for
+ customized messages
+* Don't parse magic words in meta=allmessages, output messages unparsed
+* (bug 21105) list=usercontribs can now list contribs for User:0
+* (bug 21085) list=deletedrevs no longer returns only one revision when
+ drcontinue param is passed
+* (bug 21106) Deprecated parameters now tagged in action=paraminfo
+* (bug 19004) Added support for tags
+* (bug 21083) list=allusers no longer returns current timestamp for users
+ without registration date
+* (bug 20967) action=edit allows creation of invalid titles
+* (bug 19523) Add inprop=watched to prop=info
+* (bug 21589) API: Separate summary and initial page text for uploads
+* (bug 21817) list=usercontribs returns empty result for empty ucuser
+* (bug 21441) meta=userinfo&uiprop=options no longer returns default options
+ for logged-in users under certain circumstances
+* (bug 21945) Add chomp control in YAML
+* Expand the thumburl to an absolute url to make it consistent with url and
+ descriptionurl
+* (bug 20233) ApiLogin::execute() doesn't handle LoginForm :: RESET_PASS
+* (bug 22061) API: add prop=headitems to action=parse
+* (bug 22240) API: include time in siteinfo
+* (bug 22241) Quick edit is still using the deprecated watch parameter (API: Setting default for watch/unwatch wrongly set)
+* (bug 22245) blfilterredirect=nonredirects in blredirect mode wrongly filtering
+* (bug 22248) Output extension URLs in meta=siteinfo&siprop=extensions
+* Support key-params arrays in 'descriptionmsg' in meta=siteinfo&siprop=extensions
+* (bug 21922) YAML output should quote asterisk when used as key
+* (bug 22297) safesubst: to allow substitution without breaking transclusion
+* (bug 18758) API read of watchlist's wl_notificationtimestamp
+* (bug 20809) Expose EditFormPreloadText via the API
+* (bug 18427) Comment (edit summary) parser option for API
+* (bug 18608) API should provide list of CSS styles to apply to rendered output
+* (bug 18771) List possible errors in action=paraminfo
+
+=== Languages updated in 1.16 ===
+
+MediaWiki supports over 300 languages. Many localisations are updated
+regularly. Below only new and removed languages are listed, as well as
+changes to languages because of Bugzilla reports.
+
+* Capiznon (cps) (new)
+* North Frisian (frr) (new)
+* Kirmanjki (kiu) (new)
+* Komi-Permyak (koi) (new)
+* Karachay-Balkar (krc) (new)
+* Hill Mari (mrj) (new)
+* Prussian (prg) (new)
+* Romagnol (rgn) (new)
+* Lower Silesian (sli) (new)
+* Picard (pcd) (new)
+* Uyghur (Arabic script) (ug-arab) (new)
+* Upper Franconian (vmf) (new)
+* Votic (vot) (new)
+* Eastern Yiddish (ydd) (removed)
+* Iriga Bicolano (bto) (removed)
+* Ladin (lld) (removed)
+* Laz (lzz) (removed)
+* Palembang (plm) (removed)
+* Megleno-Romanian (Greek script) (ruq-grek) (removed)
+* Tamazight (tzm) (removed)
+* Laz (lzz) (new)
+
+* (bug 18474) Sorani (ckb - Central Kurdish) (renamed from ku-arab)
+* Add PLURAL function for Scots Gaelic (gd)
+* Add Estonian letters äöõšüž to linktrail (et)
+* (bug 18776) Native name of Burmese language (my)
+* (bug 18806) Use correct unicode characters in spelling of native Chuvash
+ (ЧÓваÑла)
+* (bug 18864) Updated autonym for Zhuang language
+* (bug 18308) Updated date formatting in Occitan (oc)
+* (bug 19080) Added ÄâîÅÅ£ÈÈÄÃÃÅÅ¢ÈÈ to Romanion (ro) linktrail
+* (bug 19286) Correct commafying function in Polish (pl)
+* (bug 19441) Updated date formatting for Lithuanian
+* (bug 19630) Added ÃäÃçÄÄÅÅÃöÅÅÃüÃýŽž to Turkmen (tk) linktrail
+* (bug 19949) New linktrail for Greek (el)
+* (bug 19809) Korean (North Korea) (ko-kp) (new)
+* (bug 19968) Fixed "Project talk" namespace name for Maltese (mt)
+* (bug 21168) Added áâãà éêçÃóôõúü to Portuguese (pt) linktrail
+* (bug 21596) Change interwiki link for Kurdish (ku)
+* (bug 23767) PHP warning/error when REQUEST_URI returns blank (IIS issue).
== MediaWiki 1.15 ==
@@ -12,7 +1477,7 @@ Change notes from older releases. For current info see RELEASE-NOTES.
* (bug 12970) Brought back $wgUseImageResize.
* Added $wgRedirectOnLogin to allow specifying a specifc page to redirect users
to upon logging in (ex: "Main Page")
-* Add $wgExportFromNamespaces for enabling/disabling the "export all from
+* Add $wgExportFromNamespaces for enabling/disabling the "export all from
namespace" option (disabled by default)
=== New features in 1.15 ===
@@ -90,12 +1555,12 @@ Change notes from older releases. For current info see RELEASE-NOTES.
'mw-editinginterface'
* (bug 17497) Oasis opendocument added to mime.types
* Remove the link to Special:FileDuplicateSearch from the "file history" section
- of image description pages as the list of duplicated files is shown in the
+ of image description pages as the list of duplicated files is shown in the
next section anyway.
* Added $wgRateLimitsExcludedIPs, to allow specific IPs to be whitelisted from
rate limits.
* (bug 14981) Shared repositories can now have display names, located at
- Mediawiki:Shared-repo-name-REPONAME, where REPONAME is the name in
+ Mediawiki:Shared-repo-name-REPONAME, where REPONAME is the name in
$wgForeignFileRepos
* Special:ListUsers: Sort list of usergroups by alphabet
* (bug 16762) Special:Movepage now shows a list of subpages when possible
@@ -109,12 +1574,12 @@ Change notes from older releases. For current info see RELEASE-NOTES.
of $wgSpamRegex for edit summary checks. Text checks still use $wgSpamRegex.
* New function to convert content text to specified language (only applies on wiki with
LanguageConverter class)
-* (bug 17844) Redirect users to a specific page when they log in, see
+* (bug 17844) Redirect users to a specific page when they log in, see
$wgRedirectOnLogin
* Added a link to Special:UserRights on Special:Contributions for privileged users
* (bug 10336) Added new magic word {{REVISIONUSER}}, which displays the editor
of the displayed revision's author user name
-* LinkerMakeExternalLink now has an $attribs parameter for link attributes and
+* LinkerMakeExternalLink now has an $attribs parameter for link attributes and
a $linkType parameter for the type of external link being made
* (bug 17785) Dynamic dates surrounded with a tag, fixing sortable tables with
dynamic dates.
@@ -202,7 +1667,7 @@ Change notes from older releases. For current info see RELEASE-NOTES.
* (bug 17341) "Powered by MediaWiki" should be on the left on RTL wikis
* (bug 17404) "userrights-interwiki" right was missing in User::$mCoreRights
* (bug 7509) Separation strings should be configurable
-* (bug 17420) Send the correct content type from action=raw when the HTML file
+* (bug 17420) Send the correct content type from action=raw when the HTML file
cache is enabled.
* (bug 12746) Do not allow new password e-mails when wiki is in read-only mode
* (bug 17478) Fixed a PHP Strict standards error in
@@ -263,7 +1728,7 @@ Change notes from older releases. For current info see RELEASE-NOTES.
two "page" parameters
* (bug 17972) Special:FileDuplicateSearch form now works correctly on wikis that
don't use PathInfo or short urls
-* (bug 17990) trackback.php now has a trackback.php5 alias and works with
+* (bug 17990) trackback.php now has a trackback.php5 alias and works with
$wgScriptExtension
* (bug 14990) Parser tests works again with PostgreSQL
* (bug 11487) Special:Protectedpages doesn't list protections with pr_expiry
@@ -276,6 +1741,11 @@ Change notes from older releases. For current info see RELEASE-NOTES.
* (bug 17241) The diffonly URI parameter should cascade to "Next edit" and "Previous edit" diff links
* (bug 16823) 'Sidebar search form should not use Special:Search view URL as target'
* (bug 16343) Non-existing, but in use, category pages can be "go" match hits
+* Fixed a CSS validation issue which allowed external images to be included
+ into wikis where that is disallowed by configuration.
+* Fixed a data leakage vulnerability for private wikis using img_auth.php or
+ similar image access authentication schemes. Check user permissions before
+ streaming out scaled images from thumb.php.
== API changes in 1.15 ==
* (bug 16858) Revamped list=deletedrevs to make listing deleted contributions
@@ -315,7 +1785,7 @@ Change notes from older releases. For current info see RELEASE-NOTES.
* (bug 13209) Added rvdiffto parameter to prop=revisions
* Manual language conversion improve: Now we can include both ";" and ":" in
conversion rules
-* (bug 17795) Don't report views count on meta=siteinfo if $wgDisableCounters
+* (bug 17795) Don't report views count on meta=siteinfo if $wgDisableCounters
is set
* (bug 17774) Don't hide read-restricted modules like action=query from users
without read rights, but throw an error when they try to use them.
@@ -325,7 +1795,7 @@ Change notes from older releases. For current info see RELEASE-NOTES.
a POST request
* (bug 18099) Using appendtext to edit a non-existent page causes an interface
message to be included in the page text
-* Fixed the circular template inclusion check, was broken when the loop
+* Fixed the circular template inclusion check, was broken when the loop
involved redirects. Without this, infinite recursion within the parser is
possible.
* (bug 18601) generator=backlinks returns invalid continue parameter
@@ -338,7 +1808,7 @@ Change notes from older releases. For current info see RELEASE-NOTES.
MediaWiki supports over 300 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
-changes to languages because of MediaZilla reports.
+changes to languages because of Bugzilla reports.
* Austrian German (de-at) (new)
* Swiss Standard German (de-ch) (new)
@@ -943,31 +2413,31 @@ regularly. Below only new and removed languages are listed.
== Changes since 1.13.2 ==
-David Remahl of Apple's Product Security team has identified a number of
+David Remahl of Apple's Product Security team has identified a number of
security issues in previous releases of MediaWiki. Subsequent analysis by the
MediaWiki development team expanded the scope of these vulnerabilities. The
issues with a significant impact are as follows:
* An XSS vulnerability affecting all MediaWiki installations between 1.13.0 and
1.13.2. [CVE-2008-5249]
-* A local script injection vulnerability affecting Internet Explorer clients for
+* A local script injection vulnerability affecting Internet Explorer clients for
all MediaWiki installations with uploads enabled. [CVE-2008-5250]
-* A local script injection vulnerability affecting clients with SVG scripting
- capability (such as Firefox 1.5+), for all MediaWiki installations with SVG
+* A local script injection vulnerability affecting clients with SVG scripting
+ capability (such as Firefox 1.5+), for all MediaWiki installations with SVG
uploads enabled. [CVE-2008-5250]
-* A CSRF vulnerability affecting the Special:Import feature, for all MediaWiki
+* A CSRF vulnerability affecting the Special:Import feature, for all MediaWiki
installations since the feature was introduced in 1.3.0. [CVE-2008-5252]
XSS (cross-site scripting) vulnerabilities allow an attacker to steal an
authorised user's login session, and to act as that user on the wiki. The
authorised user must visit a web page controlled by the attacker in order to
-activate the attack. Intranet wikis are vulnerable if the attacker can
+activate the attack. Intranet wikis are vulnerable if the attacker can
determine the intranet URL.
-Local script injection vulnerabilities are like XSS vulnerabilities, except
-that the attacker must have an account on the local wiki, and there is no
+Local script injection vulnerabilities are like XSS vulnerabilities, except
+that the attacker must have an account on the local wiki, and there is no
external site involved. The attacker uploads a script to the wiki, which another
-user is tricked into executing, with the effect that the attacker is able to act
+user is tricked into executing, with the effect that the attacker is able to act
as the privileged user.
CSRF vulnerabilities allow an attacker to act as an authorised user on the wiki,
@@ -986,21 +2456,21 @@ David Remahl also reminded us of some security-related configuration issues:
to avoid leaking these images, but these measures are not perfect.
* Set display_errors=off in your php.ini to avoid path disclosure via PHP fatal
errors. This is the default on most shared web hosts.
-* Enabling MediaWiki's debugging features, such as $wgShowExceptionDetails, may
+* Enabling MediaWiki's debugging features, such as $wgShowExceptionDetails, may
lead to path disclosure.
Other changes in this release:
* Avoid fatal error in profileinfo.php when not configured.
-* Add a .htaccess to deleted images directory for additional protection against
- exposure of deleted files with known SHA-1 hashes on default installations.
-* Avoid streaming uploaded files to the user via index.php. This allows
+* Add a .htaccess to deleted images directory for additional protection against
+ exposure of deleted files with known SHA-1 hashes on default installations.
+* Avoid streaming uploaded files to the user via index.php. This allows
security-conscious users to serve uploaded files via a different domain, and
thus client-side scripts executed from that domain cannot access the login
cookies. Affects Special:Undelete, img_auth.php and thumb.php.
-* When streaming files via index.php, use the MIME type detected from the
+* When streaming files via index.php, use the MIME type detected from the
file extension, not from the data. This reduces the XSS attack surface.
-* Blacklist redirects via Special:Filepath. Such redirects exacerbate any
+* Blacklist redirects via Special:Filepath. Such redirects exacerbate any
XSS vulnerabilities involving uploads of files containing scripts.
* Internationalisation updates.
@@ -1008,17 +2478,17 @@ Other changes in this release:
* Security: Work around misconfiguration by requiring strict comparisons for
in_array in User::isAllowed().
-* (bug 14944) Added $wgShellLocale for configuration of an appropriate locale
- to use for LC_CTYPE during shell invocation. For servers that don't have
+* (bug 14944) Added $wgShellLocale for configuration of an appropriate locale
+ to use for LC_CTYPE during shell invocation. For servers that don't have
en_US.utf8. Also added locale detection during install.
* Localisation updates
* Security: Fixed XSS vulnerability in useskin parameter.
== Changes since 1.13.0 ==
-* (bug 15460) Fixed intermittent deadlock errors and poor concurrent
+* (bug 15460) Fixed intermittent deadlock errors and poor concurrent
performance for installations without memcached.
-* (bug 13770) Fixed DOM module detection for installations with both dom
+* (bug 13770) Fixed DOM module detection for installations with both dom
and domxml.
* (bug 15148) Fixed Special:BlockIP for PostgreSQL
* Fixed SQLite support for non-memcached installations
@@ -1027,7 +2497,7 @@ Other changes in this release:
== Changes since 1.13.0rc2 ==
* (bug 13770) Fixed incorrect detection of PHP's DOM module
-* Fix regression from r37834: accesskey tooltip hint should be given for the
+* Fix regression from r37834: accesskey tooltip hint should be given for the
minor edit and watch labels on the edit page.
* Updated Chinese simplified/traditional conversion tables
@@ -1046,10 +2516,10 @@ Other changes in this release:
shown as empty instead of the current time.
* (bug 14904): fragments were lost when redirects were fixed.
* Added magic word __STATICREDIRECT__ to suppress the redirect fixer
-* (bug 15035) Revert English linkTrail to /^([a-z]+)(.*)$/sD, as it was before
- r36253. Multiple reports of breakage due to old (pre-5.0) PCRE libraries,
- both bundled with PHP and packaged with distros such as RHEL.
-* (bug 14944) Shell invocation of external programs such as ImageMagick convert
+* (bug 15035) Revert English linkTrail to /^([a-z]+)(.*)$/sD, as it was before
+ r36253. Multiple reports of breakage due to old (pre-5.0) PCRE libraries,
+ both bundled with PHP and packaged with distros such as RHEL.
+* (bug 14944) Shell invocation of external programs such as ImageMagick convert
was broken in PHP 5.2.6, if the server had a non-UTF-8 locale.
@@ -1072,7 +2542,7 @@ Other changes in this release:
you to use a shared database with a different prefix. Or you can now use a local
database and use prefixes to separate wiki and the shared tables. And the new
$wgSharedTables variable allows you to specify a list of tables to share.
-* Automatic edit summaries can be disabled with $wgUseAutomaticEditSummaries
+* Automatic edit summaries can be disabled with $wgUseAutomaticEditSummaries
* Duplicates of images are now shown on the image page
* $wgRCFilterByAge allows for the list of dates in recent changes special pages to
be filtered to only those within the range of $wgRCMaxAge
@@ -1082,19 +2552,19 @@ Other changes in this release:
image page already exists
* $wgMaximumMovedPages restricts the number of pages that can be moved at once
(default 100) with the new subpage-move functionality of Special:Movepage
-* Hooks display in Special:Version is now disabled by default, use
+* Hooks display in Special:Version is now disabled by default, use
$wgSpecialVersionShowHooks = true; to enable it.
* $wgActiveUserEditCount sets the number of edits that must be performed over
a certain number of days to be considered active
* $wgActiveUserDays is that number of days
-* $wgRateLimitsExcludedGroups has been deprecated in favor of
+* $wgRateLimitsExcludedGroups has been deprecated in favor of
$wgGroupPermissions[]['noratelimit']. The former still works, however.
* New $wgGroupPermissions option 'move-subpages' added to control bulk-moving
subpages along with pages. Assigned to 'user' and 'sysop' by default.
-* New $wgRC2UDPOmitBots allows user to omit bot edits from UDP output.
+* New $wgRC2UDPOmitBots allows user to omit bot edits from UDP output.
Default: false
* Removed $wgEnableCascadingProtection option. Disabling cascading protection
- is no longer possible.
+ is no longer possible.
* $wgMessageCacheType defines now the type of cache used by the MessageCache class,
previously it was choosen based on $wgParserCacheType
* $wgExtensionAliasesFiles option to simplify adding aliases to special pages
@@ -1103,7 +2573,7 @@ Other changes in this release:
with MimeMagic.
* Added $wgDirectoryMode, which allows for setting the default CHMOD value when
creating new directories.
-* (bug 14843) $wgCookiePrefix can be set by LocalSettings now, false defaults
+* (bug 14843) $wgCookiePrefix can be set by LocalSettings now, false defaults
current behavior.
=== New features in 1.13 ===
@@ -1122,7 +2592,7 @@ Other changes in this release:
reduce broken form submissions
* Add --old-redirects-only option to maintenance/refreshLinks.php, to add old
redirects to the redirect table
-* Add links to page and file deletion forms to edit predefined delete reasons
+* Add links to page and file deletion forms to edit predefined delete reasons
* (bug 13269) Added MediaWiki:Uploadfooter to the bottom of Special:Upload
* (bug 2815) Search results for media now use thumbnail instead of text extract
* When a page doesn't exist, the tab should say "create", not "edit"
@@ -1162,7 +2632,7 @@ Other changes in this release:
text from Special:UserLogin title (new message 'nav-login-createaccount')
* Say "log in / create account" if an anonymous user can create an account,
otherwise just "log in", consistently across skins
-* Special:Shortpages and Special:Longpages now returns pages in all content
+* Special:Shortpages and Special:Longpages now returns pages in all content
namespaces, not just NS_MAIN.
* (bug 889) Improve conflict-handling between shared upload repository
and local one
@@ -1171,7 +2641,7 @@ Other changes in this release:
* (bug 709) Cannot rename/move images and other media files [EXPERIMENTAL]
* Custom rollback summaries now accept the same arguments as the default message
* (bug 12542) Added hooks for expansion of Special:Listusers
-* Drop-down AJAX search suggestions (turn on $wgEnableMWSuggest)
+* Drop-down AJAX search suggestions (turn on $wgEnableMWSuggest)
* More relevant search snippets (turn on $wgAdvancedSearchHighlighting)
* (bug 13950) Allow users to watch the user/talk pages of users they block.
* (bug 13970) Allow MonoBook-based skins to specify their own print stylesheet
@@ -1198,9 +2668,9 @@ Other changes in this release:
changed by extensions.
* Add a new hook LinkerMakeExternalLink to allow extensions to modify the output of
external links.
-* (bug 14132) Allow user to disable bot edits from being output to UDP.
-* (bug 14328) jsMsg() within Wikibits now accepts a DOM object, not just a string
-* (bug 14558) New system message (emailuserfooter) is now added to the footer of
+* (bug 14132) Allow user to disable bot edits from being output to UDP.
+* (bug 14328) jsMsg() within Wikibits now accepts a DOM object, not just a string
+* (bug 14558) New system message (emailuserfooter) is now added to the footer of
e-mails sent with Special:Emailuser
* Add support for Hijri (Islamic) calendar
* Add a new hook LinkerMakeExternalImage to allow extensions to modify the output
@@ -1219,7 +2689,7 @@ Other changes in this release:
* Foreign repo file descriptions and thumbnails are now cached.
* (bug 11732) Allow localisation of edit button images
* Allow the search box, toolbox and languages box in the Monobook sidebar to be
- moved around arbitrarily using special sections in [[MediaWiki:Sidebar]]:
+ moved around arbitrarily using special sections in [[MediaWiki:Sidebar]]:
SEARCH, TOOLBOX and LANGUAGES
* Add a new hook NormalizeMessageKey to allow extensions to replace messages before
the database is potentially queried
@@ -1228,7 +2698,7 @@ Other changes in this release:
* Special:Recentchangeslinked now includes changes to transcluded pages and
displayed images; also, the "Show changes to pages linked" checkbox now works on
category pages too, showing all links that are not categorizations
-* (bug 4578) Automatically fix redirects broken by a page move
+* (bug 4578) Automatically fix redirects broken by a page move
=== Bug fixes in 1.13 ===
@@ -1287,7 +2757,7 @@ Other changes in this release:
* (bug 13428) Fix regression in protection form layout HTML validity
* (bug 9403) Sanitize newlines from search term input
* (bug 13429) Separate date and time in message sp-newimages-showfrom
-* (bug 13137) Allow setting 'editprotected' right separately from 'protect',
+* (bug 13137) Allow setting 'editprotected' right separately from 'protect',
so groups may optionally edit protected pages without having 'protect' perms
* Disallow deletion of big pages by means of moving a page to its title and
using the "delete and move" option.
@@ -1423,7 +2893,7 @@ Other changes in this release:
* (bug 14386) Fix subpage namespace oddity when moving a talk page
* (bug 11771) Signup form now not shown if in read-only mode.
* (bug 12859) $wgRateLimitsExcludedGroups has been deprecated in favor of
- $wgGroupPermissions[]['noratelimit'].
+ $wgGroupPermissions[]['noratelimit'].
* (Bug 13828) Split parameter $1 of MediaWiki:Missingarticle into $1 (=title)
and $2 (=revision numbers)
* (bug 14401) Fix Safari access key tooltips for Windows and >3.1 Mac versions
@@ -1458,7 +2928,7 @@ Other changes in this release:
searches instead of the domain root (which may not even be a wiki).
* (bug 3481) Pages moved shortly after creation are shown at their new title
on Special:Newpages.
-* (bug 12716) Trying to unprotect a title that isn't protected no longer
+* (bug 12716) Trying to unprotect a title that isn't protected no longer
generates a log entry.
* (bug 14088) Excessively long block expiry times are rejected as invalid,
keeps the log page from being distorted.
@@ -1510,7 +2980,7 @@ Other changes in this release:
* (bug 13419) Fix gblredirect so it actually works
* (bug 13418) Disable eiredirect because it's useless
* (bug 13395) list=allcategories should use category table
-* (bug 13442) Missing pages in prop=langlinks and prop=extlinks are now
+* (bug 13442) Missing pages in prop=langlinks and prop=extlinks are now
handled properly.
* (bug 13444) Add description to list=watchlist
* (bug 13482) Disabled search types handled properly
@@ -1520,7 +2990,7 @@ Other changes in this release:
* Replaced $wgAPIUCUserPrefixMinLength by the more generic $wgAPIMaxDBRows
* (bug 11719) Remove trailing blanks in YAML output.
* (bug 13541) Added siprop=specialpagealiases to meta=siteinfo
-* Added fallback8bitEncoding and readonly fields to
+* Added fallback8bitEncoding and readonly fields to
meta=siteinfo&siprop=general output
* (bug 13544) Added prop=revid to action=parse
* (bug 13603) Added siprop=usergroups to meta=siteinfo
@@ -1549,7 +3019,7 @@ Other changes in this release:
* (bug 14013) Added rcshow=patrolled to list=recentchanges
* (bug 14028) Added language attribute to interwiki map in meta=siteinfo
* (bug 14022) Added usprop=registration and auprop=blockinfo
-* (bug 14021) Removed titles= support from list=backlinks (has been obsolete
+* (bug 14021) Removed titles= support from list=backlinks (has been obsolete
for ages)
* (bug 13829) Expose parse tree via action=expandtemplates
* (bug 13606) Allow deletion of images
@@ -1571,7 +3041,7 @@ Other changes in this release:
* Added bkip parameter to list=blocks
* (bug 14651) apprefix and similar parameters are now canonicalized
* Added clprop=timestamp to prop=categories
-* (bug 14678) API errors now respects $wgShowExceptionDetails and
+* (bug 14678) API errors now respects $wgShowExceptionDetails and
$wgShowSQLErrors
* (bug 14723) Added time zone and writing direction to meta=siteinfo
* Added APIQueryInfoTokens and APIQueryRevisionsTokens hooks so extensions
@@ -1735,7 +3205,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
and reject interwiki prefixes. PrefixSearch class centralizes this code,
and the backend part can be overridden by the PrefixSearchBackend hook.
* (bug 10365) Localization of Special:Version
-* When installing using Postgres, the Pl/Pgsql language is now checked for
+* When installing using Postgres, the Pl/Pgsql language is now checked for
and installed when at the superuser level.
* The default robot policy for the entire wiki is now configurable via the
$wgDefaultRobotPolicy setting.
@@ -2017,21 +3487,21 @@ expansion within them, but they will be stripped by the following HTML security
pass.
Bug 5678 has been fixed. This has a number of user-visible effects related to
-the removal of this double-parse. Please see the wiki page for examples.
+the removal of this double-parse. Please see the wiki page for examples.
Message transformation mode has been removed, and replaced with "preprocess"
mode. This means that some MediaWiki namespace messages may need to be updated,
especially ones which took advantage of the terribly counterintuitive behaviour
-of the former message mode.
+of the former message mode.
The header identification routines for section edit and for numbering section
edit links have been merged. This removes a significant failure mode and fixes a
whole category of bugs (tracked by bug #4899). Wikitext headings uncovered by
-template expansion will still be rendered into a heading tag, and will get an
-entry in the TOC, but will not have a section edit link. HTML-style headings
-will also not have a section edit link. Valid wikitext headings present in the
-template source text will get a template section edit link. This is a major
-break from previous behaviour, but I believe the effects are almost entirely
+template expansion will still be rendered into a heading tag, and will get an
+entry in the TOC, but will not have a section edit link. HTML-style headings
+will also not have a section edit link. Valid wikitext headings present in the
+template source text will get a template section edit link. This is a major
+break from previous behaviour, but I believe the effects are almost entirely
beneficial.
The main motivation for making these changes was performance. The new two-pass
@@ -2053,7 +3523,7 @@ The new preprocessor syntax has been documented in Backus-Naur Form at:
http://www.mediawiki.org/wiki/Preprocessor_ABNF
-The ExpandTemplates extension now has the ability to generate an XML parse
+The ExpandTemplates extension now has the ability to generate an XML parse
tree from wikitext source. This parse tree corresponds closely to the grammar
documented on that page.
@@ -2188,7 +3658,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
* Improved thumb.php error handling
* Display file history on local image description pages of shared images
* Added $wgArticleRobotPolicies
-* (bug 10076) Additional parameter $7 added to MediaWiki:Blockedtext
+* (bug 10076) Additional parameter $7 added to MediaWiki:Blockedtext
containing, the ip, ip range, or username whose block is affecting the
* (bug 7691) Show relevant lines from the deletion log when re-creating a
previously deleted article
@@ -2328,12 +3798,12 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
* (bug 11022) Use a more accurate page title for Special:Whatlinkshere and
Special:Recentchangeslinked
* Add link to user contributions in normal watchlist edit mode
-* (bug 9426) Add 'newsectionheaderdefaultlevel' message to allow
- modification of the heading formatting for new sections when section=new
+* (bug 9426) Add 'newsectionheaderdefaultlevel' message to allow
+ modification of the heading formatting for new sections when section=new
argument is supplied
-* (bug 10836) Add 'newsectionsummary' message to allow modification of the
+* (bug 10836) Add 'newsectionsummary' message to allow modification of the
text that prefixes a new section link in Recent Changes
-
+
== Bugfixes since 1.10 ==
* (bug 9712) Use Arabic comma in date/time formats for Arabic and Farsi
@@ -2359,7 +3829,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
* (bug 7070) monobook/user.gif has antialias artifacts
* (bug 9123) Safer way when applying $wgLocalTZoffset
* (bug 9896) Documentation for $wgSquidServers and X-FORWARDED-FOR
-* (bug 9417) Uploading new versions of images when using Postgres no longer
+* (bug 9417) Uploading new versions of images when using Postgres no longer
throws warnings.
* (bug 9908) Using tsearch2 with Postgres 8.1 no longer gives an error.
* (bug 1438) Fix for diff table layout on very wide lines.
@@ -2405,7 +3875,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
* (bug 9383) Don't set a default value for BLOB column in rc-deleted
database patch
* (bug 10149) Don't show full template list on section-0 edit
-* (bug 9909) Ensure access to binary fields in the math table use encodeBlob()
+* (bug 9909) Ensure access to binary fields in the math table use encodeBlob()
and decodeBlob()
* (bug 6743) Don't link broken image links to the upload form when uploads
are disabled
@@ -2427,7 +3897,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
* As intended, *skip* the HTTP proxy purges when doing HTCP purges
* (bug 9696) Fix handling of brace transformations in "pagemovedtext"
* (bug 10325) Fix regression in form action on Special:Listusers
-* Fixed installation on MyISAM or old InnoDB with charset=utf8, was giving
+* Fixed installation on MyISAM or old InnoDB with charset=utf8, was giving
overlong key errors.
* Fixed zero-padding issues with MySQL 5 binary schema
* (bug 10344) Don't follow a redirect after changing its protection level
@@ -2565,7 +4035,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
* (bug 8393) and need to be preserved (without attributes) for
entries in the table of contents
* (bug 11114) Fix regression in read-only mode error display during editing
-* Force non-MySQL databases to use an ORDER BY in SpecialAllpages to ensure
+* Force non-MySQL databases to use an ORDER BY in SpecialAllpages to ensure
that the first page_title is truly the first page title.
* (bug 10836) Change the summary on creating of new section
* Inclusion of Special:Wantedpages now works again
@@ -2734,7 +4204,7 @@ quarterly snapshot releases. The latest development code is always kept
"ready to run", and in fact runs our own sites on Wikipedia.
Release branches will continue to receive security updates for about a year
-from first release, but nonessential bugfixes and feature developments
+from first release, but nonessential bugfixes and feature developments
will be made on the development trunk and appear in the next quarterly release.
Those wishing to use the latest code instead of a branch release can obtain
@@ -2745,7 +4215,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
* A new switch $wgCommandLineDarkBg used by maintenance scripts (parserTests.php).
It lets you specify if your terminal use a dark background, the colorized
output will be made lighter making things easier to read.
-* The minimum permissions needed to edit a page in each namespace can now be
+* The minimum permissions needed to edit a page in each namespace can now be
customized via the $wgNamespaceProtection array. By default, editing pages in
the MediaWiki namespace requires "editinterface" permission, as before.
* Allow restriction of autoconfirmed permission by edit count. New global setting
@@ -2757,7 +4227,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
== New features since 1.9 ==
-* (bug 6937) Introduce "statistics-footer" message, appended to
+* (bug 6937) Introduce "statistics-footer" message, appended to
Special:Statistics
* (bug 6638) List block flags in block log entries
* (bugs 5051, 5376) Tooltips and accesskeys no longer require JavaScript
@@ -2791,7 +4261,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
"semi protected".
* (bug 4133) Allow page protections to be made with an expiry date, in the same
format as block expiry dates. Existing protections are assumed to be infinite,
- as are protections made with the new field left blank.
+ as are protections made with the new field left blank.
* (bug 8535) Allow certain vertical alignment attributes to be used as image
keywords
* (bug 6987) Allow perrow, widths, and heights attributes for
@@ -2901,7 +4371,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
* (bug 8678) Fix detection of self-links for numeric titles in Parser
* (bug 6171) Magically close tags in tables when not using Tidy.
* Sanitizer now correctly escapes lonely '>' occurring before the first wikitag.
-* Ignore self closing on closing tags ( '