X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=RELEASE-NOTES-1.32;h=cce5cec2693040cafeb1e325eb3b81d8a3921aae;hb=5453894d7198f0fae405c65cd241a67336a82fed;hp=eca17564cf21d9fefb977b21bffdeaee5af12a7a;hpb=6b8a5a137d3f449b4056e3de82fa6747b45f1f9a;p=lhc%2Fweb%2Fwiklou.git diff --git a/RELEASE-NOTES-1.32 b/RELEASE-NOTES-1.32 index eca17564cf..cce5cec269 100644 --- a/RELEASE-NOTES-1.32 +++ b/RELEASE-NOTES-1.32 @@ -17,6 +17,10 @@ production. 'html5-legacy' value for $wgFragmentMode is no longer accepted. * The experimental Html5Internal and Html5Depurate tidy drivers were removed. RemexHtml, which is the default, should be used instead. +* (T135963) You can now define a Content Security Policy for your wiki. This + adds a defense-in-depth feature to stop an attacker who has found a bug in + the parser allowing them to insert malicious attributes. Disabled by default, + you can configure this via $wgCSPHeader and $wgCSPReportOnlyHeader. === New features in 1.32 === * (T112474) Generalized the ResourceLoader mechanism for overriding modules @@ -39,10 +43,20 @@ production. * … === Action API changes in 1.32 === -* … +* Added templated parameters. + * A module can define a templated parameter like "{fruit}-quantity", where + the actual parameters recognized correspond to the values of a multi-valued + parameter. Then clients can make requests like + "fruits=apples|bananas&apples-quantity=1&bananas-quantity=5". + * action=paraminfo will return templated parameter definitions separately + from normal parameters. All parameter definitions now include an "index" + key to allow clients to maintain parameter ordering when merging normal and + templated parameters. === Action API internal changes in 1.32 === * Added 'ApiParseMakeOutputPage' hook. +* Parameter names may no longer contain '{' or '}', as these are now used for + templated parameters. === Languages updated in 1.32 === MediaWiki supports over 350 languages. Many localisations are updated regularly. @@ -92,6 +106,9 @@ because of Phabricator reports. of queueing style modules as well. * OutputPage::addModuleScripts() and ParserOutput::addModuleScripts are deprecated. Use addModules() instead. +* Overriding SearchEngine::{searchText,searchTitle,searchArchiveTitle} + in extending classes is deprecated. Extend related doSearch* methods + instead. === Other changes in 1.32 === * Soft hyphens (U+00AD) are now automatically removed from titles; these