X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=RELEASE-NOTES-1.27;h=d9b6dd54dac83191c457d790f9e16a573b7aa5f3;hb=1159454506b6809c340d999461be8cf1a7e39d4f;hp=b9ffb330470f23fccdab80cebdfe08e77c77436e;hpb=9e954ed2fcff249d1dc19301446fb4719b726529;p=lhc%2Fweb%2Fwiklou.git diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27 index b9ffb33047..d9b6dd54da 100644 --- a/RELEASE-NOTES-1.27 +++ b/RELEASE-NOTES-1.27 @@ -81,11 +81,19 @@ production. MediaWiki\Session\SessionProvider. ** The User cannot be loaded from session until after Setup.php completes. Attempts to do so will be ignored and the User will remain unloaded. +** CSRF tokens may be fetched from the MediaWiki\Session\Session, which uses + the MediaWiki\Session\Token class. * MediaWiki will now auto-create users as necessary, removing the need for extensions to do so. An 'autocreateaccount' right is added to allow auto-creation when 'createaccount' is not granted to all users. * Deprecated AuthPluginAutoCreate hook in favor of LocalUserCreated. * Most cookie-handling methods in User are deprecated. +* $wgAllowAsyncCopyUploads and $CopyUploadAsyncTimeout were removed. This was an + experimental feature that has never worked. +* Login and createaccount tokens now vary by timestamp. +* LoginForm::getLoginToken() and LoginForm::getCreateaccountToken() + return a MediaWiki\Session\Token, and tokens must be checked using that + class's methods. === New features in 1.27 === * $wgDataCenterId and $wgDataCenterRoles where added, which will serve as @@ -144,6 +152,10 @@ production. * Added MWRestrictions as a class to check restrictions on a WebRequest, e.g. to assert that the request comes from a particular IP range. * Added bot passwords, a rights-restricted login mechanism for API-using bots. +* Whitelisted the following HTML attributes for all elements in wikitext: + aria-describedby, aria-flowto, aria-label, aria-labelledby, aria-owns. +* Removed "presentation" restriction on the HTML role attribute in wikitext. + All values are now allowed for the role attribute. === External library changes in 1.27 === @@ -183,6 +195,7 @@ production. * action=login transparently allows login using bot passwords. Clients should merely need to change the username and password used after setting up a bot password. +* action=upload no longer understands statuskey, asyncdownload or leavemessage. === Action API internal changes in 1.27 === * ApiQueryORM removed. @@ -281,6 +294,16 @@ changes to languages because of Phabricator reports. * LanguageConverter::armourMath() was removed (deprecated since 1.22). * FakeConverter::armourMath() was removed (deprecated since 1.22). * The unused jquery.validate ResourceLoader module was removed. +* FileRepo::getRootUrl() was removed (deprecated since 1.20). +* User::generateToken() was removed (deprecated since 1.20). +* WikiPage::getRawText() was removed (deprecated since 1.21). +* ParserOutput::hasCustomDataUpdates() was removed (deprecated since 1.25). +* ParserOutput::addSecondaryDataUpdate() was removed (deprecated since 1.25). +* ParserOutput::getSecondaryDataUpdates() was removed (deprecated since 1.25). +* Gallery images with multiple caption pipes no longer concatenate them all + together but instead pick the final one, similar to image syntax. +* XML-like parser tags (such as ), when unclosed, will be left unparsed + rather than consume everything until the end of the page. == Compatibility ==