X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=RELEASE-NOTES-1.27;h=35ce6c2a80a7658013defcc4c5db7f2fc2229600;hb=69c71cc45eba02fb0cbe3a46b2892f4e9dc0cb5d;hp=3be3e21703cb8744be65a4945db5631036a1eb0d;hpb=c50fb5444ee41c3e5591da7424621a0c843ca261;p=lhc%2Fweb%2Fwiklou.git diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27 index 3be3e21703..35ce6c2a80 100644 --- a/RELEASE-NOTES-1.27 +++ b/RELEASE-NOTES-1.27 @@ -81,16 +81,24 @@ production. MediaWiki\Session\SessionProvider. ** The User cannot be loaded from session until after Setup.php completes. Attempts to do so will be ignored and the User will remain unloaded. +** CSRF tokens may be fetched from the MediaWiki\Session\Session, which uses + the MediaWiki\Session\Token class. * MediaWiki will now auto-create users as necessary, removing the need for extensions to do so. An 'autocreateaccount' right is added to allow auto-creation when 'createaccount' is not granted to all users. * Deprecated AuthPluginAutoCreate hook in favor of LocalUserCreated. * Most cookie-handling methods in User are deprecated. +* $wgAllowAsyncCopyUploads and $CopyUploadAsyncTimeout were removed. This was an + experimental feature that has never worked. +* Login and createaccount tokens now vary by timestamp. +* LoginForm::getLoginToken() and LoginForm::getCreateaccountToken() + return a MediaWiki\Session\Token, and tokens must be checked using that + class's methods. +* $wgEnotifUseJobQ was removed and the job queue is always used. === New features in 1.27 === -* $wgDataCenterId and $wgDataCenterRoles where added, which will serve as - basic configuration settings needed for multi-datacenter setups. - $wgDataCenterUpdateStickTTL was also added. +* $wgDataCenterUpdateStickTTL was also added. This decides how long a user + sticks to the primary DC (via cookies) after they make changes to the site. * Added a new hook, 'UserMailerTransformContent', to transform the contents of an email. This is similar to the EmailUser hook but applies to all mail sent via UserMailer. @@ -144,6 +152,10 @@ production. * Added MWRestrictions as a class to check restrictions on a WebRequest, e.g. to assert that the request comes from a particular IP range. * Added bot passwords, a rights-restricted login mechanism for API-using bots. +* Whitelisted the following HTML attributes for all elements in wikitext: + aria-describedby, aria-flowto, aria-label, aria-labelledby, aria-owns. +* Removed "presentation" restriction on the HTML role attribute in wikitext. + All values are now allowed for the role attribute. === External library changes in 1.27 === @@ -183,6 +195,7 @@ production. * action=login transparently allows login using bot passwords. Clients should merely need to change the username and password used after setting up a bot password. +* action=upload no longer understands statuskey, asyncdownload or leavemessage. === Action API internal changes in 1.27 === * ApiQueryORM removed. @@ -285,6 +298,12 @@ changes to languages because of Phabricator reports. * User::generateToken() was removed (deprecated since 1.20). * WikiPage::getRawText() was removed (deprecated since 1.21). * ParserOutput::hasCustomDataUpdates() was removed (deprecated since 1.25). +* ParserOutput::addSecondaryDataUpdate() was removed (deprecated since 1.25). +* ParserOutput::getSecondaryDataUpdates() was removed (deprecated since 1.25). +* Gallery images with multiple caption pipes no longer concatenate them all + together but instead pick the final one, similar to image syntax. +* XML-like parser tags (such as ), when unclosed, will be left unparsed + rather than consume everything until the end of the page. == Compatibility ==