6de7de4adcfd88dd5b9f68c07cf0fe57cf7125ec
[lhc/web/wiklou.git] / HISTORY
1 Change notes from older releases. For current info see RELEASE-NOTES-1.28.
2
3 = MediaWiki 1.27 =
4
5 == MediaWiki 1.27.0 ==
6
7 === PHP version requirement in 1.27 ===
8 As of 1.27, MediaWiki now requires PHP 5.5.9 or higher (see Compatibility
9 section). Additionally, the following PHP extensions are required:
10 * ctype
11 * iconv
12 * json
13 * mbstring (new requirement in 1.27)
14 * xml
15 The following PHP extensions are strongly recommended:
16 * openssl
17
18 === Configuration changes in 1.27 ===
19 * $wgAllowMicrodataAttributes and $wgAllowRdfaAttributes were removed,
20 now always enabled. If you use RDFa on your wiki, you now have to explicitly
21 set $wgHtml5Version to 'HTML+RDFa 1.0' or 'XHTML+RDFa 1.0'.
22 * $wgUseLinkNamespaceDBFields was removed.
23 * Deprecated $wgResourceLoaderMinifierStatementsOnOwnLine and
24 $wgResourceLoaderMinifierMaxLineLength, because there was little value in
25 making the behavior configurable. The default values (`false` for the former,
26 1000 for the latter) are now hard-coded.
27 * $wgDebugDumpSqlLength was removed (deprecated in 1.24).
28 * $wgDebugDBTransactions was removed (deprecated in 1.20).
29 * $wgUseXVO has been removed, as it provides functionality only used by
30 custom Wikimedia patches against Squid 2.x that probably noone uses in
31 production anymore. There is now $wgUseKeyHeader that provides similar
32 functionality but instead of the MediaWiki-specific X-Vary-Options header,
33 uses the draft Key header standard.
34 * $wgScriptExtension (and support for '.php5' entry points) was removed. See the
35 deprecation notice in the release notes for version 1.25 for advice on how to
36 preserve support for '.php5' entry points via URL rewriting.
37 * Password handling via the User object has been deprecated and partially
38 removed, pending the future introduction of AuthManager. In particular:
39 ** expirePassword(), getPasswordExpireDate(), resetPasswordExpiration(), and
40 getPasswordExpired() have been removed. They were unused outside of core.
41 ** The mPassword, mNewpassword, mNewpassTime, and mPasswordExpires fields are
42 now private and will be removed in the future.
43 ** The getPassword() and getTemporaryPassword() methods now throw
44 BadMethodCallException and will be removed in the future.
45 ** The ability to pass 'password' and 'newpassword' to createNew() has been
46 removed. The only users of it seem to have been using it to set invalid
47 passwords, and so shouldn't be greatly affected.
48 ** setPassword(), setInternalPassword(), and setNewpassword() have been
49 deprecated, pending the introduction of AuthManager.
50 ** User::randomPassword() is deprecated in favor of a new method
51 PasswordFactory::generateRandomPasswordString()
52 ** User::getPasswordFactory() is deprecated, callers should just create a
53 PasswordFactory themselves.
54 ** A new constructor, User::newSystemUser(), has been added to simplify the
55 creation of passwordless "system" users for logged actions.
56 * $wgMaxSquidPurgeTitles was removed.
57 * $wgAjaxWatch was removed. This is now enabled by default.
58 * $wgUseInstantCommons now hotlinks Commons images by default instead of
59 downloading originals and thumbnailing them locally. This allows wikis to save
60 on CPU and bandwidth while reducing time to first byte for pages, even without
61 a thumbnail handler. See $wgForeignFileRepos documentation for tweaks.
62 * (T27397) WebP is enabled by default as an uploadable filetype.
63 * (T48998) $wgArticlePath must now be either a full url, or start with a "/".
64 * $wgRateLimitLog was removed; use $wgDebugLogGroups['ratelimit'] instead.
65 * Deprecated API formats dbg, txt, and yaml have been removed.
66 * CLDRPluralRule* classes have been replaced with
67 wikimedia/cldr-plural-rule-parser.
68 * Removed $wgProfilePerHost, $wgUDPProfilerHost, $wgUDPProfilerPort,
69 $wgUDPProfilerFormatString, $wgStatsMethod, $wgAggregateStatsID,
70 $wgStatsFormatString, and $wgProfileCallTree (deprecated since 1.20).
71 * For proper operation of LocalIdLookup with shared user tables, ensure that
72 $wgSharedDB and $wgSharedTables are properly set even on the "central" wiki
73 that all others are sharing from and that $wgLocalDatabases is set to the
74 full list of sharing wikis on all those wikis.
75 * Massive overhaul to session handling:
76 ** $wgSessionsInObjectCache is no longer supported and must be true, due to
77 MediaWiki\Session\SessionManager. $wgSessionHandler is similarly no longer
78 used.
79 ** ObjectCacheSessionHandler is removed, replaced with
80 MediaWiki\Session\PhpSessionHandler.
81 ** PHP session handling in general ($_SESSION, session_id(), and so on) is
82 deprecated. Use MediaWiki\Session\SessionManager instead. A new config
83 variable, $wgPHPSessionHandling, is available to cause use of $_SESSION to
84 issue a deprecation warning or to cause most PHP session handling to throw
85 exceptions.
86 ** Deprecated UserSetCookies hook. Session-handling extensions should generally
87 be creating a custom subclass of CookieSessionProvider. Other extensions
88 messing with cookies can no longer count on user data being saved in cookies
89 versus other methods.
90 ** Deprecated UserLoadFromSession hook, extensions should create a
91 MediaWiki\Session\SessionProvider.
92 ** The User cannot be loaded from session until after Setup.php completes.
93 Attempts to do so will be ignored and the User will remain unloaded.
94 ** CSRF tokens may be fetched from the MediaWiki\Session\Session, which uses
95 the MediaWiki\Session\Token class.
96 * MediaWiki will now auto-create users as necessary, removing the need for
97 extensions to do so. An 'autocreateaccount' right is added to allow
98 auto-creation when 'createaccount' is not granted to all users.
99 * Deprecated AuthPluginAutoCreate hook in favor of LocalUserCreated.
100 * Most cookie-handling methods in User are deprecated.
101 * $wgAllowAsyncCopyUploads and $CopyUploadAsyncTimeout were removed. This was an
102 experimental feature that has never worked.
103 * Login and createaccount tokens now vary by timestamp.
104 * LoginForm::getLoginToken() and LoginForm::getCreateaccountToken()
105 return a MediaWiki\Session\Token, and tokens must be checked using that
106 class's methods.
107 * $wgEnotifUseJobQ was removed and the job queue is always used.
108 * The functionality of the ApiSandbox extension has been merged into core. The
109 extension should no longer be used.
110 * $wgPreloadJavaScriptMwUtil was removed (deprecated in 1.26).
111 Extensions, skins, gadgets and scripts that use the mediawiki.util module must
112 express a dependency on it.
113 * $wgIncludeLegacyJavaScript, deprecated in MediaWiki 1.26, now defaults false.
114 Extensions, skins, gadgets and scripts that need the mediawiki.legacy.wikibits
115 module should express a dependency on it.
116 * Removed configuration option $wgCopyrightIcon (deprecated since 1.18). Use
117 $wgFooterIcons['copyright']['copyright'] instead.
118 * If the openssl and mcrypt PHP extensions are both unavailable, secure
119 session storage (used for login) will raise an exception. This exception may
120 be bypassed by setting $wgSessionInsecureSecrets = true.
121 * Massive overhaul to authentication:
122 ** AuthPlugin and AuthPluginUser are deprecated.
123 ** LoginForm and associated templates are deprecated. Extensions which called
124 static LoginForm methods should be converted into authentication providers.
125 ** The following hooks are deprecated:
126 *** AbortAutoAccount (create a MediaWiki\Auth\PreAuthenticationProvider instead)
127 *** AbortLogin (create a MediaWiki\Auth\PreAuthenticationProvider instead)
128 *** AbortNewAccount (create a MediaWiki\Auth\PreAuthenticationProvider instead)
129 *** AddNewAccount (use LocalUserCreated instead)
130 *** AuthPluginSetup (create a MediaWiki\Auth\PrimaryAuthenticationProvider instead)
131 *** ChangePasswordForm (use AuthChangeFormFields instead, or security levels)
132 *** LoginUserMigrated (create a MediaWiki\Auth\PreAuthenticationProvider instead)
133 *** UserCreateForm (create a MediaWiki\Auth\AuthenticationProvider of some type instead)
134 *** UserLoginForm (create a MediaWiki\Auth\AuthenticationProvider of some type instead)
135 ** The following hooks are removed:
136 *** AbortChangePassword
137 *** LoginPasswordResetMessage
138 *** PrefsPasswordAudit
139 ** The UserLoginComplete hook will no longer be called for all logins, only for
140 those via the web UI. Use UserLoggedIn if you need to do something on all
141 logins.
142 ** $wgRequirePasswordforEmailChange is removed.
143
144 === New features in 1.27 ===
145 * $wgDataCenterUpdateStickTTL was also added. This decides how long a user
146 sticks to the primary DC (via cookies) after they make changes to the site.
147 * Added a new hook, 'UserMailerTransformContent', to transform the contents
148 of an email. This is similar to the EmailUser hook but applies to all mail
149 sent via UserMailer.
150 * Added a new hook, 'UserMailerTransformMessage', to transform the contents
151 of an emai after MIME encoding.
152 * Added a new hook, 'UserMailerSplitTo', to control which users have to be
153 emailed separately (ie. there is a single address in the To: field) so
154 user-specific changes to the email can be applied safely.
155 * $wgCdnMaxageLagged was added, which limits the CDN cache TTL
156 when any load balancer uses a DB that is lagged beyond the 'max lag'
157 setting in the relevant section of $wgLBFactoryConf.
158 * User::newSystemUser() may be used to simplify the creation of passwordless
159 "system" users for logged actions from scripts and extensions.
160 * Extensions can now return detailed error information via the API when
161 preventing user actions using 'getUserPermissionsErrors' and similar hooks
162 by using ApiMessage instances instead of strings for the $result value.
163 * $wgAPIMaxLagThreshold was added to limit bot changes when databases lag
164 becomes too high.
165 * Skins and extensions can now use FlexBox mixins (.flex-display(@display: flex)
166 and .flex(@grow: 1, @shrink: 1, @width: auto, @order: 1)) in Less to create
167 cross-browser-compatible FlexBox rules. Users will still need to add fallback
168 float rules or the like for compatibility with IE9- separately.
169 * Added MWTimestamp::getTimezoneString() which returns the localized timezone
170 string, if available. To localize this string, see the comments of
171 $wgLocaltimezone in includes/DefaultSettings.php.
172 * Added CentralIdLookup, a service that allows extensions needing a concept of
173 "central" users to get that without having to know about specific central
174 authentication extensions.
175 * $wgMaxUserDBWriteDuration added to limit huge user-generated transactions.
176 Regular web request transactions that takes longer than this are aborted.
177 * Added a new hook, 'TitleMoveCompleting', which runs before a page move is
178 committed.
179 * $wgCdnReboundPurgeDelay was added to provide secondary delayed purges of URLs
180 from CDN to mitigate DB replication lag and WAN cache purge lag.
181 * (T49162) Installer will default to setting CACHE_ACCEL as the main cache type
182 if it is available.
183 * It is now possible to patrol file uploads (both for new files and new versions
184 of existing files). Special:NewFiles has gained an option to filter by patrol
185 status. This functionality can be disabled using $wgUseFilePatrol.
186 * MediaWiki\Session infrastructure allows for easier use of session mechanisms
187 other than the usual cookies.
188 ** SessionMetadata and SessionCheckInfo hooks allow for setting and checking
189 custom session metadata.
190 * Added MWGrants and associated configuration settings $wgGrantPermissions and
191 $wgGrantPermissionGroups to hold configuration for authentication features
192 such as OAuth that want to allow restricting the user rights a user may make
193 use of.
194 ** If you're already using the OAuth extension, these new variables are
195 identical to (and will replace) $wgMWOAuthGrantPermissions and
196 $wgMWOAuthGrantPermissionGroups.
197 * Added MWRestrictions as a class to check restrictions on a WebRequest, e.g.
198 to assert that the request comes from a particular IP range.
199 * Added bot passwords, a rights-restricted login mechanism for API-using bots.
200 * Whitelisted the following HTML attributes for all elements in wikitext:
201 aria-describedby, aria-flowto, aria-label, aria-labelledby, aria-owns.
202 * Removed "presentation" restriction on the HTML role attribute in wikitext.
203 All values are now allowed for the role attribute.
204 * $wgContentHandlers now also supports callbacks to create an instance of the
205 appropriate ContentHandler subclass.
206 * Added $wgAuthenticationTokenVersion, which if non-null prevents the
207 user_token database field from being exposed in cookies. Setting this would
208 be a good idea, but will log out all current sessions.
209 * $wgEventRelayerConfig was added, for managing PubSub event relay configuration,
210 specifically for reliable CDN url purges.
211 * Requests have unique IDs, equal to the UNIQUE_ID environment variable (when
212 MediaWiki is behind Apache+mod_unique_id or something similar) or a randomly-
213 generated 24-character string. This request ID is used to annotate log records
214 and error messages. It is available client-side via mw.config.get( 'wgRequestId' ).
215 The request ID supplants exception IDs. Accordingly, MWExceptionHandler::getLogId()
216 is deprecated.
217 * (T33313) Add a preference for watching uploads by default, also applies
218 to API-based upload tools.
219 * $wgJpegPixelFormat was added to override chroma subsampling for JPEG image
220 thumbnails created via ImageMagick. Defaults to 'yuv420', providing bandwidth
221 savings versus the previous behavior on many files.
222 * MediaWiki\Auth infrastructure (called "AuthManager") allows for more flexible
223 configuration of multiple authentication pieces that was possible with
224 AuthPlugin. For example, it's now easy to plug in second-factor
225 authentication, or add additional checks to the login process, or to support
226 multiple login methods at once, or to support non-password-based login methods.
227 ** Providers are configured via the global setting $wgAuthManagerConfig.
228 ** A global, $wgDisableAuthManager, is temporarily available to disable
229 AuthManager until extensions are ready to support it.
230 ** New hook, AuthChangeFormFields, to adjust the form fields on
231 AuthManager-related special pages.
232 ** New hook, AuthManagerLoginAuthenticateAudit, for additional logging of
233 AuthManager-related authentication requests.
234 ** New hook, ChangeAuthenticationDataAudit, for additional logging of
235 AuthManager-related authentication data changes.
236 ** New hook, SecuritySensitiveOperationStatus, to work with the new mechanism
237 for requiring a recent login before taking security-sensitive operations
238 like changing a password.
239 ** Two new globals, $wgChangeCredentialsBlacklist and $wgRemoveCredentialsBlacklist
240 can be used to prevent the web UI and the API changing certain authentication data.
241 * The file upload dialog (available if you install WikiEditor or VisualEditor)
242 can now be configured using $wgUploadDialog.
243
244 === External library changes in 1.27 ===
245
246 ==== Upgraded external libraries ====
247 * Updated oojs/oojs-ui from v0.12.12 to v0.13.3.
248 * Updated composer/semver from v1.0.0 to v1.2.0.
249 * Updated liuggio/statsd-php-client to 1.0.18.
250 * Updated QUnit from v1.18.0 to v1.22.0.
251
252 ==== New external libraries ====
253 * Added wikimedia/base-convert v1.0.1.
254 * Added wikimedia/cldr-plural-rule-parser v1.0.0.
255 * Added wikimedia/relpath v1.0.3.
256 * Added wikimedia/running-stat v1.1.0.
257 * Added wikimedia/php-session-serializer v1.0.3.
258
259 ==== Removed and replaced external libraries ====
260
261 === Bug fixes in 1.27 ===
262 * Special:Upload will now display correct maximum allowed file size when running
263 under HHVM (T116347).
264 * (T54077) The APIEditBeforeSave hook will once again give only the content of
265 the section being edited, rather than the whole revision. This reverts the
266 change made in MediaWiki 1.22.
267
268 === Action API changes in 1.27 ===
269 * Added list=allrevisions.
270 * generator=recentchanges now has the option to generate revids.
271 * ApiPageSet::setRedirectMergePolicy() was added. This allows generator
272 modules to define how generator data for a redirect source gets merged
273 into the redirect destination.
274 * prop=imageinfo&iiprop=uploadwarning will no longer include the possibility of
275 "was-deleted" warning.
276 * Added difftotextpst to query=revisions which preforms a pre-save transform on
277 the text before diffing it.
278 * Deprecated formats dbg, txt, and yaml have been removed.
279 * (T47988) The protect log event details now use new-style formatting.
280 * The following response properties from action=login are deprecated, and may
281 be removed in the future: lgtoken, cookieprefix, sessionid. Clients should
282 handle cookies to properly manage session state.
283 * action=login transparently allows login using bot passwords. Clients should
284 merely need to change the username and password used after setting up a bot
285 password.
286 * action=upload no longer understands statuskey, asyncdownload or leavemessage.
287 * Several changes when $wgDisableAuthManager is false:
288 ** action=login is deprecated for uses other than bot passwords.
289 ** list=users can now indicate if a missing username is creatable.
290 ** action=createaccount is changed in a non-backwards-compatible manner.
291 ** Added action=query&meta=authmanagerinfo.
292 ** Added action=clientlogin to be used to log into the main account instead of
293 action=login.
294 ** Added action=linkaccount.
295 ** Added action=unlinkaccount.
296 ** Added action=changeauthenticationdata.
297 ** Added action=removeauthenticationdata.
298 ** Added action=resetpassword.
299
300 === Action API internal changes in 1.27 ===
301 * ApiQueryORM removed.
302 * The following classes have been removed:
303 ** ApiFormatDbg
304 ** ApiFormatTxt
305 ** ApiFormatYaml
306 * ApiBase::addTokenProperties() was removed (deprecated since 1.24).
307 * ApiBase::getFinalPossibleErrors() was removed (deprecated since 1.24).
308 * ApiBase::getFinalResultProperties() was removed (deprecated since 1.24).
309 * ApiBase::getRequireAtLeastOneParameterErrorMessages() was removed (deprecated since 1.24).
310 * ApiBase::getPossibleErrors() was removed (deprecated since 1.24).
311 * ApiBase::getRequireMaxOneParameterErrorMessages() was removed (deprecated since 1.24).
312 * ApiBase::getRequireOnlyOneParameterErrorMessages() was removed (deprecated since 1.24).
313 * ApiBase::getResultProperties() was removed (deprecated since 1.24).
314 * ApiBase::getTitleOrPageIdErrorMessage() was removed (deprecated since 1.24).
315 * ApiBase::parseErrors() was removed (deprecated since 1.24).
316 * ApiQueryBase::titleToKey(), ApiQueryBase::keyToTitle() and
317 ApiQueryBase::keyPartToTitle() all removed (deprecated since 1.24).
318 * ApiQueryBase::checkRowCount() was removed (deprecated since 1.24).
319 * ApiQueryBase::getDirectionDescription() was removed (deprecated since 1.25).
320 * ApiQuery::getGenerators() was removed (deprecated since 1.21).
321 * ApiQuery::getModules() was removed (deprecated since 1.21).
322 * ApiQuery::getModuleType() was removed (deprecated since 1.21).
323 * ApiQuery::setGeneratorContinue() was removed (deprecated since 1.24).
324 * ApiMain::getModules() was removed (deprecated since 1.21).
325 * ApiBase::getVersion() was removed (deprecated since 1.21).
326 * ApiMain::getShowVersions() was removed (deprecated in 1.21).
327 * ApiMain::addModule() was removed (deprecated in 1.21).
328 * ApiMain::addFormat() was removed (deprecated in 1.21).
329 * ApiMain::getFormats() was removed (deprecated in 1.21).
330 * ApiPageSet::finishPageSetGeneration() was removed (deprecated in 1.21).
331 * ApiCreateAccount is deprecated, and will be removed soon.
332
333 === Languages updated in 1.27 ===
334
335 MediaWiki supports over 350 languages. Many localisations are updated
336 regularly. Below only new and removed languages are listed, as well as
337 changes to languages because of Phabricator reports.
338
339 * (T113688) Change default numerals from Gurmukhi to Arabic for Punjabi locale.
340 * (T116020) Aliases of magic words in MessagesXx.php are sorted by usage.
341
342 === Other changes in 1.27 ===
343 * Added dependency injection (DI) infrastructure, see docs/injection.txt for details.
344 It is planned to incrementally move MediaWiki code towards using DI, using the
345 service locator (SL) pattern as a stepping stone.
346 * ProfilerOutputUdp was removed. Note that there is a ProfilerOutputStats class.
347 * WikiPage::doDeleteArticleReal() and WikiPage::doDeleteArticle() now
348 ignore the 2nd and 3rd arguments (formerly $id and $commit).
349 * Removed "loaderScripts" option from ResourceLoaderFileModule class.
350 * Removed ORM-like wrapper added in 1.20.
351 * LinkCache::getGoodLinks and LinkCache::getBadLinks were removed
352 (deprecated in 1.26).
353 * WikiPage::doQuickEdit() was removed (deprecated since 1.21).
354 * Removed SiteObject and SiteArray classes (deprecated in 1.21).
355 * MessageBlobStore::getInstance() was removed (deprecated since 1.25).
356 * (T84937) Free external links ("autolinked" urls) will now be terminated
357 by &nbsp; and HTML entity encodings of &nbsp, <, and >.
358 * (T36948) The default file revert message's timestamp is now in
359 $wgLocaltimezone, instead of UTC.
360 * The default name of the 'suppress' group page has been changed from
361 'Project:Oversight' to 'Project:Suppress'.
362 * DatabaseBase::resultObject() is now protected (use outside Database classes
363 not necessary since 1.11).
364 * Calling ResourceLoaderFileModule::readStyleFiles() without a
365 ResourceLoaderContext instance is deprecated.
366 * ResourceLoader::getLessCompiler() now takes an optional parameter of
367 additional LESS variables to set for the compiler.
368 * wfBaseConvert() marked as deprecated, use Wikimedia\base_convert() directly
369 instead.
370 * Obsolete maintenance scripts clearCacheStats.php and showCacheStats.php
371 were removed. The underlying data is sent to StatsD (see $wgStatsdServer).
372 * Removed msg_resource_links database table and associated code.
373 * Removed msg_resource database table and associated code.
374 * Skin::getNamespaceNotice() was removed.
375 * wfIsConfiguredProxy() was removed (deprecated since 1.24).
376 * wfDebugTimer() was removed (deprecated since 1.25).
377 * wfIsTrustedProxy() was removed (deprecated since 1.24).
378 * wfGetIP() was removed (deprecated since 1.19).
379 * MWHookException was removed.
380 * OutputPage::appendSubtitle() was removed (deprecated since 1.19).
381 * OutputPage::loginToUse() was removed (deprecated since 1.19).
382 * Article::loadContent() was removed (deprecated since 1.19).
383 * User::editToken() was removed (deprecated since 1.19).
384 * Removed --force-normal option of dumpBackup.php, as it no longer served
385 any useful purpose since 1.22.
386 * The functions processOption() and processArgs() on the BackupDumper and
387 TextPassDumper classes have been removed.
388 * The maintenance/backupTextPass.inc file was deleted. You should include
389 maintenance/dumpTextPass.php instead.
390 * WikiPage::getUsedTemplates() was removed (deprecated since 1.19).
391 * wfEmptyMsg() was removed (deprecated since 1.18).
392 * OutputPage::permissionRequired() was removed (deprecated since 1.18).
393 * OutputPage::blockedPage() was removed (deprecated since 1.18).
394 * User::getSkin() was removed (deprecated since 1.18).
395 * OutputPage::includeJQuery() was removed (deprecated since 1.17).
396 * WikiPage::updateRestrictions() was removed (deprecated since 1.19).
397 * WikiPage::testPreSaveTransform() was removed (deprecated since 1.19).
398 * LogPage::logName() was removed (deprecated since 1.19).
399 * LogPage::logHeader() was removed (deprecated since 1.19).
400 * wfCheckLimits() was removed (deprecated since 1.24).
401 * Linker::makeKnownLinkObj() was removed (deprecated since 1.16).
402 * Linker::makeLinkObj() was removed (deprecated since 1.16).
403 * wfMsgForContentNoTrans() was removed (deprecated since 1.18).
404 * ChangesList::usePatrol was removed (deprecated since 1.22).
405 * wfMsgNoTrans() was removed (deprecated since 1.18).
406 * Linker::makeImageLink2 was removed (deprecated since 1.20).
407 * Title::userIsWatching() was removed (deprecated since 1.20).
408 * Removed WaitForSlave maintenance script; use SELECT MASTER_POS_WAIT()
409 database function directly instead.
410 * wfMsg() was removed (deprecated since 1.18).
411 * wfMsgForContent() was removed (deprecated since 1.18).
412 * wfMsgReal() was removed (deprecated since 1.18).
413 * wfMsgGetKey() was removed (deprecated since 1.18).
414 * wfMsgHtml() was removed (deprecated since 1.18).
415 * wfMsgWikiHtml() was removed (deprecated since 1.18).
416 * wfMsgExt() was removed (deprecated since 1.18).
417 * Language::armourMath() was removed (deprecated since 1.22).
418 * LanguageConverter::armourMath() was removed (deprecated since 1.22).
419 * FakeConverter::armourMath() was removed (deprecated since 1.22).
420 * The unused jquery.validate ResourceLoader module was removed.
421 * FileRepo::getRootUrl() was removed (deprecated since 1.20).
422 * User::generateToken() was removed (deprecated since 1.20).
423 * WikiPage::getRawText() was removed (deprecated since 1.21).
424 * ParserOutput::hasCustomDataUpdates() was removed (deprecated since 1.25).
425 * ParserOutput::addSecondaryDataUpdate() was removed (deprecated since 1.25).
426 * ParserOutput::getSecondaryDataUpdates() was removed (deprecated since 1.25).
427 * Gallery images with multiple caption pipes no longer concatenate them all
428 together but instead pick the final one, similar to image syntax.
429 * XML-like parser tags (such as <gallery>), when unclosed, will be left unparsed
430 rather than consume everything until the end of the page.
431 * New maintenance script resetUserEmail.php allows sysadmins to reset user emails in case
432 a user forgot password/account was stolen.
433 * wfCheckEntropy() was removed (deprecated in 1.27).
434 * Browser support for Internet Explorer 8 lowered from Grade A to Grade C.
435 * ContentHandler::supportsCategories method added. Default is true.
436 CategoryMembershipChangeJob updates are skipped for content that
437 does not support categories.
438 * wikidiff difference engine is no longer supported, anyone still using it are encouraged
439 to upgrade to wikidiff2 which is actively maintained and has better package availability.
440 * Database logic was removed from WatchedItem and a WatchedItemStore was created:
441 ** WatchedItem::IGNORE_USER_RIGHTS and WatchedItem::CHECK_USER_RIGHTS were deprecated.
442 User::IGNORE_USER_RIGHTS and User::CHECK_USER_RIGHTS were introduced.
443 ** WatchedItem::fromUserTitle was deprecated in favour of the constructor.
444 ** WatchedItem::resetNotificationTimestamp was deprecated.
445 ** WatchedItem::batchAddWatch was deprecated.
446 ** WatchedItem::addWatch was deprecated.
447 ** WatchedItem::removeWatch was deprecated.
448 ** WatchedItem::isWatched was deprecated.
449 ** WatchedItem::duplicateEntries was deprecated.
450 ** EmailNotification::updateWatchlistTimestamp was deprecated.
451 ** User::getWatchedItem was removed.
452 * Unit tests don't work with external PHPUnit anymore, Composer is now the only supported
453 way. Run `composer install` to install it and other dev dependencies to run unit tests.
454 * wl_id field added to the watchlist table.
455 * Revision::getRawText() was removed (deprecated since 1.21).
456 * WikiPage::replaceSection() was removed (deprecated since 1.21).
457 * Article::replaceSection() was removed (deprecated since 1.21).
458 * Language::getLangObj() was removed (deprecated since 1.24).
459 * Language::getLanguageName() was removed (deprecated since 1.20).
460 * Language::getLanguageNames() was removed (deprecated since 1.20).
461 * Language::getTranslatedLanguageNames() was removed (deprecated since 1.20).
462 * Language::specialPage() was removed (deprecated since 1.24).
463 * MediaWikiTestCase::assertException() was removed (deprecated since 1.22).
464 * OutputPage::getHeadItems() was removed (deprecated since 1.24).
465 * OutputPage::getScript() was removed (deprecated since 1.24).
466 * OutputPage::out() was removed (deprecated since 1.22).
467 * OutputPage::setAllowedModules() was removed (deprecated since 1.24).
468 * UserrightsPage::makeGroupNameListForLog() was removed (deprecated since 1.21).
469 * MediaWikiSite::newFromGlobalId() was removed (deprecated since 1.21).
470 * Title::newFromRedirect() was removed (deprecated since 1.21).
471 * Skin::commonPrintStylesheet() was removed (deprecated since 1.22).
472 * Skin::getCommonStylePath() was removed (deprecated since 1.24).
473 * Skin::newFromKey() was removed (deprecated since 1.24).
474 * Skin::getUsableSkins() was removed (deprecated since 1.23).
475 * LoadBalancer::pickRandom() was removed (deprecated in 1.21).
476 * Article::getUndoText() and WikiPage::getUndoText were removed (deprecated since
477 1.21).
478 * DifferenceEngine::setText() was removed (deprecated in 1.21).
479 * Title::newFromRedirectArray() was removed (deprecated in 1.21).
480 * UserMailer::send() no longer accepts $replyto as the 5th argument and $contentType
481 as the 6th. These must be passed in the options array now.
482 * Title::newFromRedirectRecurse() was removed (deprecated in 1.21).
483 * Skin::accesskey was removed (deprecated since 1.21).
484 * Skin::blockLink was removed (deprecated since 1.21).
485 * Skin::buildRollbackLink was removed (deprecated since 1.21).
486 * Skin::emailLink was removed (deprecated since 1.21).
487 * Skin::formatComment was removed (deprecated since 1.21).
488 * Skin::formatHiddenCategories was removed (deprecated since 1.21).
489 * Skin::formatLinksInComment was removed (deprecated since 1.21).
490 * Skin::formatRevisionSize was removed (deprecated since 1.21).
491 * Skin::formatSize was removed (deprecated since 1.21).
492 * Skin::formatTemplates was removed (deprecated since 1.21).
493 * Skin::generateTOC was removed (deprecated since 1.21).
494 * Skin::getInternalLinkAttributes was removed (deprecated since 1.21).
495 * Skin::getInternalLinkAttributesObj was removed (deprecated since 1.21).
496 * Skin::getInterwikiLinkAttributes was removed (deprecated since 1.21).
497 * Skin::getInvalidTitleDescription was removed (deprecated since 1.21).
498 * Skin::getLinkColour was removed (deprecated since 1.21).
499 * Skin::getRevDeleteLink was removed (deprecated since 1.21).
500 * Skin::getRollbackEditCount was removed (deprecated since 1.21).
501 * Skin::makeBrokenImageLinkObj was removed (deprecated since 1.21).
502 * Skin::makeCommentLink was removed (deprecated since 1.21).
503 * Skin::makeExternalImage was removed (deprecated since 1.21).
504 * Skin::makeExternalLink was removed (deprecated since 1.21).
505 * Skin::makeHeadline was removed (deprecated since 1.21).
506 * Skin::makeImageLink was removed (deprecated since 1.21).
507 * Skin::makeMediaLinkFile was removed (deprecated since 1.21).
508 * Skin::makeMediaLinkObj was removed (deprecated since 1.21).
509 * Skin::makeSelfLinkObj was removed (deprecated since 1.21).
510 * Skin::makeThumbLink2 was removed (deprecated since 1.21).
511 * Skin::makeThumbLinkObj was removed (deprecated since 1.21).
512 * Skin::normaliseSpecialPage was removed (deprecated since 1.21).
513 * Skin::normalizeSubpageLink was removed (deprecated since 1.21).
514 * Skin::processResponsiveImages was removed (deprecated since 1.21).
515 * Skin::revComment was removed (deprecated since 1.21).
516 * Skin::revDeleteLink was removed (deprecated since 1.21).
517 * Skin::revDeleteLinkDisabled was removed (deprecated since 1.21).
518 * Skin::revUserLink was removed (deprecated since 1.21).
519 * Skin::revUserTools was removed (deprecated since 1.21).
520 * Skin::specialLink was removed (deprecated since 1.21).
521 * Skin::splitTrail was removed (deprecated since 1.21).
522 * Skin::titleAttrib was removed (deprecated since 1.21).
523 * Skin::tocIndent was removed (deprecated since 1.21).
524 * Skin::tocLine was removed (deprecated since 1.21).
525 * Skin::tocLineEnd was removed (deprecated since 1.21).
526 * Skin::tocList was removed (deprecated since 1.21).
527 * Skin::tocUnindent was removed (deprecated since 1.21).
528 * Skin::tooltip was removed (deprecated since 1.21).
529 * Skin::tooltipAndAccesskeyAttribs was removed (deprecated since 1.21).
530 * Skin::userTalkLink was removed (deprecated since 1.21).
531 * Skin::userToolLinksRedContribs was removed (deprecated since 1.21).
532 * wikidiff3 is now the default and only PHP diff engine. It provides improved diff
533 performance on complex changes. $wgExternalDiffEngine = 'wikidiff3' therefore
534 makes no difference now. Users are still recommended to use wikidiff2 if possible,
535 though.
536 * User::addNewUserLogEntry() was deprecated.
537 * User::addNewUserLogEntryAutoCreate() was deprecated.
538 * User::isPasswordReminderThrottled() was deprecated.
539 * Bot-oriented parameters to Special:UserLogin (wpCookieCheck, wpSkipCookieCheck)
540 were removed.
541 * Installer can now be customized without patching MediaWiki code, see
542 mw-config/overrides/README for details.
543
544 === Compatibility ===
545
546 MediaWiki 1.27 requires PHP 5.5.9 or later. There is experimental support for
547 HHVM 3.6.5 or later.
548
549 MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but
550 support for them is somewhat less mature. There is experimental support for
551 Oracle and Microsoft SQL Server.
552
553 The supported versions are:
554
555 * MySQL 5.0.3 or later
556 * PostgreSQL 8.3 or later
557 * SQLite 3.3.7 or later
558 * Oracle 9.0.1 or later
559 * Microsoft SQL Server 2005 (9.00.1399)
560
561 === Upgrading ===
562
563 1.27 has several database changes since 1.26, and will not work without schema
564 updates. Note that due to changes to some very large tables like the revision
565 table, the schema update may take quite long (minutes on a medium sized site,
566 many hours on a large site).
567
568 If upgrading from before 1.11, and you are using a wiki as a commons
569 repository, make sure that it is updated as well. Otherwise, errors may arise
570 due to database schema changes.
571
572 If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
573 new database fields are filled with data.
574
575 If you are upgrading from MediaWiki 1.4.x or earlier, you should upgrade to
576 1.5 first. The upgrade script maintenance/upgrade1_5.php has been removed
577 with MediaWiki 1.21.
578
579 Don't forget to always back up your database before upgrading!
580
581 See the file UPGRADE for more detailed upgrade instructions.
582
583 For notes on 1.26.x and older releases, see HISTORY.
584
585
586 = MediaWiki 1.26 =
587
588 == MediaWiki 1.26.2 ==
589
590 This is a maintenance release of the MediaWiki 1.26 branch.
591
592 === Changes since 1.26.1 ===
593 * (T121892) Fix fatal error on some Special pages, introduced in 1.26.1.
594
595 == MediaWiki 1.26.1 ==
596
597 This is a maintenance release of the MediaWiki 1.26 branch.
598
599 === Changes since 1.26.0 ===
600 * (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths
601 that do not begin with a slash. This enabled trivial XSS attacks.
602 Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are
603 "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an
604 error.
605 * (T119309) SECURITY: Use hash_compare() for edit token comparison
606 * (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting
607 with '@' as file uploads
608 * (T115522) SECURITY: Passwords generated by User::randomPassword() can no
609 longer be shorter than $wgMinimalPasswordLength
610 * (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could
611 result in improper blocks being issued
612 * (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions
613 and related pages no longer use HTTP redirects and are now redirected by
614 MediaWiki
615 * Fixed ConfigException in ExpandTemplates due to AlwaysUseTidy.
616 * Fixed stray literal \n in Special:Search.
617 * Fix issue that breaks HHVM Repo Authorative mode.
618 * (T120267) Work around APCu memory corruption bug
619
620 == MediaWiki 1.26.0 ==
621
622 === Configuration changes in 1.26 ===
623 * $wgPasswordResetRoutes['email'] = true by default.
624 * $wgEnableParserCache was deprecated, set $wgParserCacheType to CACHE_NONE
625 instead if you want to disable the parser cache.
626 * New-style continuation is now the default for API action=continue. Clients may
627 use the 'rawcontinue' parameter to receive raw query-continue data, but the
628 new style is encouraged as it's harder to implement incorrectly.
629 * Deprecated API formats dump and wddx have been completely removed.
630 * (T7645) The "Signature" button on the edit toolbar is now hidden by default
631 in non-talk namespaces. A new configuration variable,
632 $wgExtraSignatureNamespaces, controls in which subject (non-talk) namespaces
633 the "Signature" button on the edit toolbar will be displayed.
634 * $wgResourceLoaderUseESI was deprecated and removed. This was an experimental
635 feature that was never enabled by default.
636 * $wgResourceLoaderExperimentalAsyncLoading was deprecated and removed.
637 This experimental feature was never enabled by default and is obsolete as of
638 MediaWiki 1.26, in where ResourceLoader became fully asynchronous.
639 * $wgMasterWaitTimeout was removed (deprecated in 1.24).
640 * Fields in ParserOptions are now private. Use the accessors instead.
641 * Custom LESS functions (defined via $wgResourceLoaderLESSFunctions or
642 in extension.json) have been removed, after being deprecated in 1.24.
643 * $wgAlwaysUseTidy has been removed.
644 * ResetSessionID hook has been removed. Nothing seems to use it.
645 * Certain AuthPlugin methods are deprecated in favor of new hooks:
646 ** AuthPlugin::initUser() is replaced by LocalUserCreated.
647 ** AuthPlugin::updateUser() is replaced by UserLoggedIn.
648 ** AuthPlugin::updateExternalDB() is replaced by the existing UserSaveSettings.
649 ** AuthPlugin::updateExternalDBGroups() is replaced by UserGroupsChanged.
650 ** AuthPluginUser::isHidden() is replaced by UserIsHidden.
651 ** AuthPluginUser::isLocked() is replaced by UserIsLocked.
652 * The UserRights hook is deprecated in favor of the new UserGroupsChanged hook.
653 * AuthPlugin::initUser() and AuthPlugin::updateUser() should no longer replace
654 the passed User object.
655 * $wgBlockAllowsUTEdit is now set to true by default. This allows
656 blocked users to edit their talk pages unless explicitly disabled
657 when they are being blocked.
658
659 === New features in 1.26 ===
660 * (T51506) Now action=info gives estimates of actual watchers for a page.
661 See $wgRCMaxAge, $wgWatchersMaxAge and $wgUnwatchedPageSecret
662 to learn how to configure if needed.
663 * Change tags can now be hidden in the interface by disabling the associated
664 "tag-<id>" interface message.
665 * ':' (colon) is now invalid in usernames for new accounts. Existing accounts
666 are not affected.
667 * Added a new hook, 'LogException', to log exceptions in nonstandard ways.
668 * Revive the 'SpecialSearchResultsAppend' hook which occurs after the list of
669 search results are rendered. The initial use case is to append a "give us
670 feedback" link beneath the search results.
671 * Added a new hook, 'RejectParserCacheValue', which allows extensions to
672 reject an otherwise-successful parser cache lookup. The intent is to allow
673 extensions to manage the eviction of archaic HTML output from the cache.
674 * (T68699) The expiration of the UserID and Token login cookies
675 ($wgExtendedLoginCookieExpiration) can be configured independently of the
676 expiration of all other cookies ($wgCookieExpiration).
677 * (T50519) Support for generating JPEG/PNG thumbnails from WebP images added
678 if ImageMagick is used as image scaler ($wgUseImageMagick = true). Uploading
679 of WebP images still disabled by default. Add $wgFileExtensions[] =
680 'webp'; to LocalSettings.php to enable uploading of WebP images.
681 * Added new hooks 'EnhancedChangesListModifyLineData' &
682 'EnhancedChangesListModifyBlockLineData', to modify the data used to build
683 lines in enhanced recentchanges and watchlist.
684 * Caches that need purging ability now use the WANObjectCache interface.
685 This corresponds to a new $wgMainWANCache setting, which defaults to using
686 the $wgMainCacheType settings.
687 * Callers needing fast light-weight data stores use $wgMainStash to select
688 the store type from $wgObjectCaches. The default is the local database.
689 * Interface message overrides in the MediaWiki namespace will now be cached in
690 memcached and APC (if available), rather than memcached and local files.
691 * Added a new hook, 'RandomPageQuery', to allow modification of the query used
692 by Special:Random to select random pages.
693 * $wgTransactionalTimeLimit was added, which controls the request time limit
694 for potentially slow POST requests that need to be as atomic as possible.
695 * ResourceLoader now loads all scripts asynchronously. The top-queue and
696 startup modules are no longer synchronously loaded.
697 * 'mediawiki.ui.button' styles are no longer unconditionally loaded on every
698 page. During the deprecation period, the styles will only be loaded on pages
699 which contain 'mw-ui-button' in their HTML. Starting in 1.28, the styles will
700 only be loaded if explicitly required.
701 * If search returns zero results and current search engine has a "did you mean"
702 suggestion, results for suggestion will be shown. Can be disabled by setting
703 $wgSearchRunSuggestedQuery to false.
704 * Added several JavaScript libraries for uploading files to MediaWiki
705 from the client-side. See documentation for mw.Upload and its
706 subclasses for more information.
707 * Added OOUI dialogs and layout for file upload interfaces. See
708 documentation for mw.Upload.Dialog, mw.Upload.BookletLayout and its
709 subclasses for more information.
710
711 === extension.json changes in 1.26 ===
712 * (T99344) The extension.json schema is now versioned. All extensions
713 and skins should set a "manifest_version" property corresponding to
714 the schema version they were written for. The only supported version
715 currently is "1".
716 * (T102523) The error message if a non-array attribute is set was improved.
717 * (T107646) Configuration settings can now specify how they should be merged,
718 which is necessary for arrays using integer keys.
719 * (T110389) Adding namespaces through extension.json now actually works
720 * $wgNamespaceProtection can now be set in extension.json.
721 * $wgCapitalLinkOverrides can now be set in extension.json.
722 * (T97186) Extensions using a custom prefix for their configuration settings
723 can now set a "_prefix" key to override the default of "wg".
724 * (T99084) Extensions can now specify what MediaWiki core versions they
725 depend upon.
726 * (T105236) The extension.json schema now validates custom classes in
727 the "ResourceModules" property properly.
728
729 === External library changes in 1.26 ===
730 ==== Upgraded external libraries ====
731 * Updated es5-shim from v4.0.0 to v4.1.5.
732 * Updated json2 from revision 2014-02-04 to 2015-05-03.
733 * Updated Sinon.JS from 1.10.3 to 1.15.4.
734 * Updated jQuery Client from v1.0.0 to v2.0.0.
735 * Updated QUnit from v1.17.1 to v1.18.0.
736 * Updated liuggio/statsd-php-client from v1.0.12 to v1.0.16.
737 * Updated oojs/oojs-ui from v0.11.3 to v0.12.12.
738 * Updated wikimedia/cdb from v1.0.1 to v1.3.0.
739 * Updated wikimedia/utfnormal from v1.0.2 to v1.0.3.
740 * Updated wikimedia/composer-merge-plugin from v1.0.0 to v1.3.0.
741 * Updated zordius/lightncandy from v0.18 to v0.21.
742
743 ==== New external libraries ====
744 * Added composer/semver v1.0.0.
745 * Added mediawiki/at-ease v1.1.0.
746 * Added wikimedia/assert v0.2.2.
747 * Added wikimedia/ip-set v1.0.1.
748 * Added wikimedia/wrappedstring v2.0.0.
749
750 ==== Removed and replaced external libraries ====
751 * Replaced leafo/lessphp v0.5.0 with oyejorge/less.php v1.7.0.9.
752
753 === Bug fixes in 1.26 ===
754 * (T53283) load.php sometimes sends 304 response without full headers
755 * (T65198) Talk page tabs now have a "rel=discussion" attribute
756 * (T98841) {{msgnw:}} now preserves comments even when subst: is not used.
757 * (T104142) $wgEmergencyContact and $wgPasswordSender now use their default
758 value if set to an empty string.
759
760 === Action API changes in 1.26 ===
761 * New-style continuation is now the default for action=continue. Clients may
762 use the 'rawcontinue' parameter to receive raw query-continue data, but the
763 new style is encouraged as it's harder to implement incorrectly.
764 * Deprecated API formats dump and wddx have been completely removed.
765 * API action=query&list=tags: The displayname can now be boolean false if the
766 tag is meant to be hidden from user interfaces.
767 * action=import no longer allows both the namespace= and rootpage= parameters
768 to be set. If they are both set, the value of rootpage= will be ignored.
769 * prop=revision output in enum mode is now sorted by timestamp rather than
770 revision ID. This usually won't make any difference.
771 * (T102645) Namespace list from meta=siteinfo&siprop=namespaces is now an array
772 with formatversion=2.
773 * Various other output from meta=siteinfo will now always be arrays instead of
774 sometimes being numerically-indexed objects with formatversion=2.
775 * When errors about users being blocked are returned, they now include
776 information about the relevant block.
777 * (T99926) list=random has higher limits, in line with other API modules.
778 * list=random's rnredirect parameter is deprecated in favor of a new
779 rnfilterredir parameter that also allows for listing both redirects and
780 non-redirects.
781 * list=random now supports continuation.
782 * API responses to GET requests may now include ETag and Last-Modified headers,
783 and will honor corresponding If-None-Match and If-Modified-Since on such
784 requests.
785
786 === Action API internal changes in 1.26 ===
787 * New metadata item ApiResult::META_KVP_MERGE to allow for merging the KVP key
788 into the value when the value is an assoc.
789 * API action modules may now provide values for the RFC 7232 ETag and
790 Last-Modified headers. The API will check these against If-None-Match and
791 If-Modified-Since request headers on GET requests and avoid executing the
792 module when appropriate.
793
794 === Languages updated in 1.26 ===
795
796 MediaWiki supports over 350 languages. Many localisations are updated
797 regularly. Below only new and removed languages are listed, as well as
798 changes to languages because of Phabricator reports.
799
800 * Languages added:
801 ** ase (American sign language), thanks to translator Icemandeaf
802 ** dty (डोटेली/Doteli), thanks to translators जनक राज भट्ट, बिप्लब आनन्द,
803 मेश सिंह बोहरा, and राम प्रसाद जोशी
804 ** luz (لئری دوٙمینی / Southern Luri)
805 ** olo (Livvinкarjala / Livvi-Karelian), thanks to translators Denö, Hiloin Natoi,
806 Ilja.mos, and Mashoi7
807
808 === Other changes in 1.26 ===
809 * ChangeTags::tagDescription() will return false if the interface message
810 for the tag is disabled.
811 * Added PageHistoryPager::doBatchLookups hook.
812 * Added $wikiId parameter to FormatAutocomments hook.
813 * Added ParserCacheSaveComplete to ParserCache
814 * supportsDirectEditing and supportsDirectApiEditing methods added to
815 ContentHandler, to provide a way for ApiEditPage and EditPage to check
816 if direct editing of content is allowed. These methods return false,
817 by default for the ContentHandler base class and true for TextContentHandler
818 and it's derivative classes (everything in core). For Content types that
819 do not support direct editing, an alternative mechanism should be provided
820 for editing, such as action overrides or specific api modules.
821 * mediaWiki.confirmCloseWindow now returns an object of functions, instead of
822 one function. The callback can't be called directly any more. The callback
823 function is replaced with confirmCloseWindow.release().
824 * BREAKING CHANGE: Added an optional ResouceLoaderContext parameter to
825 ResourceLoaderModule::getDependencies(). Extension classes that override that
826 method should be updated. If they aren't updated, PHP Strict standards
827 warnings will appear when E_STRICT error reporting is enabled. Note: in the
828 near future, this parameter will probably become non-optional.
829 * Removed maintenance script deleteImageMemcached.php.
830 * MWFunction::newObj() was removed (deprecated in 1.25).
831 ObjectFactory::getObjectFromSpec() should be used instead.
832 * The parser will no longer randomize the string it uses to mark the place of
833 items that were stripped during parsing. It will use a fixed string instead.
834 This causes the parser to re-use the regular expressions it uses to search
835 and replace markers rather than generate novel expressions on each parse.
836 Re-using regular expressions will improve performance on HHVM and the
837 forthcoming PHP 7. The interfaces changes accompanying this change are:
838 - Parser::getRandomString() and Parser::uniqPrefix() have been deprecated.
839 - The $uniq_prefix argument for Parser::extractTagsAndParams() and the
840 $prefix argument for StripState::_construct() are deprecated and their
841 value is ignored.
842 * wfSuppressWarnings() and wfRestoreWarnings() were split into a separate library,
843 mediawiki/at-ease, and are now deprecated. Callers should use
844 MediaWiki\suppressWarnings() and MediaWiki\restoreWarnings() directly.
845 * The Block class constructor now takes an associative array of parameters
846 instead of many optional positional arguments. Calling the constructor the old
847 way will issue a deprecation warning.
848 * The jquery.mwExtension module was deprecated.
849 * $wgSpecialPageGroups was removed (deprecated in 1.21).
850 * SpecialPageFactory::setGroup was removed (deprecated in 1.21).
851 * SpecialPageFactory::getGroup was removed (deprecated in 1.21).
852 * DatabaseBase::ignoreErrors() is now protected.
853 * BREAKING CHANGE: mediawiki.legacy.ajax has been removed, following
854 a lengthy deprecation period.
855 * The ScopedPHPTimeout class was removed.
856 * Removed maintenance script fixSlaveDesync.php.
857 * Watchlist tokens, SpecialResetTokens, and User::getTokenFromOption()
858 are deprecated. Applications using those can work via the OAuth
859 extension instead. New tokens types should not be added.
860 * DatabaseBase::errorCount() was removed (unused).
861 * $wgDeferredUpdateList was removed.
862 * DeferredUpdates::addHTMLCacheUpdate() was removed.
863
864 = MediaWiki 1.25 =
865
866 == MediaWiki 1.25.5 ==
867
868 This is a maintenance release of the MediaWiki 1.25 branch.
869
870 === Changes since 1.25.4 ===
871 * (T121892) Fix fatal error on some Special pages, introduced in 1.25.4.
872
873 == MediaWiki 1.25.4 ==
874
875 This is a security and maintenance release of the MediaWiki 1.25 branch.
876
877 === Changes since 1.25.3 ===
878 * (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths
879 that do not begin with a slash. This enabled trivial XSS attacks.
880 Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are
881 "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an
882 error.
883 * (T119309) SECURITY: Use hash_compare() for edit token comparison
884 * (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting
885 with '@' as file uploads
886 * (T115522) SECURITY: Passwords generated by User::randomPassword() can no
887 longer be shorter than $wgMinimalPasswordLength
888 * (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could
889 result in improper blocks being issued
890 * (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions
891 and related pages no longer use HTTP redirects and are now redirected by
892 MediaWiki
893 * (T103237) $wgUseGzip had no effect when using file cache.
894 * (T114606) mw.notify was not correctly fixed to the page if
895 initialized while not at the top of the page.
896 * Fix issue that breaks HHVM Repo Authorative mode.
897
898 == MediaWiki 1.25.3 ==
899
900 This is a security and maintenance release of the MediaWiki 1.25 branch.
901
902 === Changes since 1.25.2 ===
903
904 * (T98975) Fix having multiple callbacks for a single hook.
905 * (T107632) maintenance/refreshLinks.php did not always remove all links
906 pointing to nonexistent pages.
907 * (T104142) $wgEmergencyContact and $wgPasswordSender now use their default
908 value if set to an empty string.
909 * (T62174) Provide fallbacks for use of mb_convert_encoding() in
910 HtmlFormatter. It was causing an error when accessing the api help page
911 if the mbstring PHP extension was not installed.
912 * (T105896) Confirmation emails would sometimes contain invalid codes.
913 * (T105597) Fixed edit stash inclusion queries.
914 * (T91850) SECURITY: Add throttle check in ApiUpload and SpecialUpload
915 * (T91203, T91205) SECURITY: API: Improve validation in chunked uploading
916 * (T95589) SECURITY: RevDel: Check all revisions for suppression, not just the
917 first
918 * (T108616) SECURITY: Avoid exposure of local path in PNG thumbnails
919
920 == MediaWiki 1.25.2 ==
921
922 This is a security and maintenance release of the MediaWiki 1.25 branch.
923
924 === Changes since 1.25.1 ===
925
926 * (T94116) SECURITY: Compare API watchlist token in constant time
927 * (T97391) SECURITY: Escape error message strings in thumb.php
928 * (T106893) SECURITY: Don't leak autoblocked IP addresses on
929 Special:DeletedContributions
930 * (T102562) Fix InstantCommons parameters to handle the new HTTPS-only
931 policy of Wikimedia Commons.
932 * (T100767) Setting a configuration setting for skin or extension to
933 false in LocalSettings.php was not working.
934 * (T100635) API action=opensearch json output no longer breaks when
935 $wgDebugToolbar is enabled.
936 * (T102522) Using an extension.json or skin.json file which has
937 a "manifest_version" property for 1.26 compatability will no longer
938 trigger warnings.
939 * (T86156) Running updateSearchIndex.php will not throw an error as
940 page_restrictions has been added to the locked table list.
941 * Special:Version would throw notices if using SVN due to an incorrectly
942 named variable. Add an additional check that an index is defined.
943
944 == MediaWiki 1.25.1 ==
945
946 This is a bug fix release of the MediaWiki 1.25 branch.
947
948 === Changes since 1.25 ===
949 * (T100351) Fix syntax errors in extension.json of ConfirmEdit extension
950
951 == MediaWiki 1.25.0 ==
952
953 === Configuration changes in 1.25 ===
954 * $wgPageShowWatchingUsers was removed.
955 * $wgLocalVirtualHosts has been added to replace $wgConf->localVHosts.
956 * $wgAntiLockFlags was removed.
957 * $wgJavaScriptTestConfig was removed.
958 * Edit tokens returned from User::getEditToken may change on every call. Token
959 validity must be checked by passing the user-supplied token to
960 User::matchEditToken rather than by testing for equality with a
961 newly-generated token.
962 * (T74951) The UserGetLanguageObject hook may be passed any IContextSource
963 for its $context parameter. Formerly it was documented as receiving a
964 RequestContext specifically.
965 * Profiling was restructured and $wgProfiler now requires an 'output' parameter.
966 See StartProfiler.sample for details.
967 * $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that
968 might be a flash policy directive configurable.
969 * ApiOpenSearch now supports XML output. The OpenSearchXml extension should no
970 longer be used. If extracts and page images are desired, the TextExtracts and
971 PageImages extensions are required.
972 * $wgOpenSearchTemplate is deprecated in favor of $wgOpenSearchTemplates.
973 * Edits are now prepared via AJAX as users type edit summaries. This behavior
974 can be disabled via $wgAjaxEditStash.
975 * (T46740) The temporary option $wgIncludejQueryMigrate was removed, along
976 with the jQuery Migrate library, as indicated when this option was provided in
977 MediaWiki 1.24.
978 * ProfilerStandard and ProfilerSimpleTrace were removed. Make sure that any
979 StartProfiler.php config is updated to reflect this. Xhprof is available
980 for zend/hhvm. Also, for hhvm, one can consider using its xenon profiler.
981 * Default value of $wgSVGConverters['rsvg'] now uses the 'rsvg-convert' binary
982 rather than 'rsvg'.
983 * Default value of $wgSVGConverters['ImageMagick'] now uses transparent
984 background with white fallback color, rather than just white background.
985 * MediaWikiBagOStuff class removed, make sure any object cache config
986 uses SqlBagOStuff instead.
987 * The 'daemonized' flag must be set to true in $wgJobTypeConf for any redis
988 job queues. This means that mediawiki/services/jobrunner service has to
989 be installed and running for any such queues to work.
990 * $wgAutopromoteOnce no longer supports the 'view' event. For keeping some
991 compatibility, any 'view' event triggers will still trigger on 'edit'.
992 * $wgExtensionDirectory was added for when your extensions directory is somewhere
993 other than $IP/extensions (as $wgStyleDirectory does with the skins directory).
994
995 === New features in 1.25 ===
996 * (T64861) Updated plural rules to CLDR 26. Includes incompatible changes
997 for plural forms in Russian, Prussian, Tagalog, Manx and several languages
998 that fall back to Russian.
999 * (T60139) ResourceLoaderFileModule now supports language fallback
1000 for 'languageScripts'.
1001 * Added a new hook, "ContentAlterParserOutput", to allow extensions to modify the
1002 parser output for a content object before links update.
1003 * (T37785) Enhanced recent changes and extended watchlist are now default.
1004 Documentation: https://meta.wikimedia.org/wiki/Special:MyLanguage/Help:Enhanced_recent_changes
1005 and https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:$wgDefaultUserOptions.
1006 * (T69341) SVG images will no longer be base64-encoded when being embedded
1007 in CSS. This results in slight size increase before gzip compression (due to
1008 percent-encoding), but up to 20% decrease after it.
1009 * Update jStorage to v0.4.12.
1010 * MediaWiki now natively supports page status indicators: icons (or short text
1011 snippets) usually displayed in the top-right corner of the page. They have
1012 been in use on Wikipedia for a long time, implemented using templates and CSS
1013 absolute positioning.
1014 - Basic wikitext syntax: <indicator name="foo">[[File:Foo.svg|20px]]</indicator>
1015 - Usage instructions: https://www.mediawiki.org/wiki/Help:Page_status_indicators
1016 - Adjusting custom skins to support indicators:
1017 https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Skinning#Page_status_indicators
1018 * Edit tokens may now be time-limited: passing a maximum age to
1019 User::matchEditToken will reject any older tokens.
1020 * The debug logging internals have been overhauled, and are now using the
1021 PSR-3 interfaces.
1022 * Update CSSJanus to v1.1.1.
1023 * Update lessphp to v0.5.0.
1024 * Added a hook, "ApiOpenSearchSuggest", to allow extensions to provide extracts
1025 and images for ApiOpenSearch output. The semantics are identical to the
1026 "OpenSearchXml" hook provided by the OpenSearchXml extension.
1027 * PrefixSearchBackend hook now has an $offset parameter. Combined with $limit,
1028 this allows for pagination of prefix results. Extensions using this hook
1029 should implement supporting behavior. Not doing so can result in undefined
1030 behavior from API clients trying to continue through prefix results.
1031 * Update jQuery from v1.11.1 to v1.11.3.
1032 * External libraries installed via composer will now be displayed
1033 on Special:Version in their own section. Extensions or skins that are
1034 installed via composer will not be shown in this section as it is assumed
1035 they will add the proper credits to the skins or extensions section. They
1036 can also be accessed through the API via the new siprop=libraries to
1037 ApiQuerySiteInfo.
1038 * Update QUnit from v1.14.0 to v1.16.0.
1039 * Update Moment.js from v2.8.3 to v2.8.4.
1040 * Special:Tags now allows for manipulating the list of user-modifiable change
1041 tags.
1042 * Added 'managetags' user right and 'ChangeTagCanCreate', 'ChangeTagCanDelete',
1043 and 'ChangeTagCanCreate' hooks to allow for managing user-modifiable change
1044 tags.
1045 * Added 'ChangeTagsListActive' hook, to separate the concepts of "defined" and
1046 "active" formerly conflated by the 'ListDefinedTags' hook.
1047 * Added TemplateParser class that provides a server-side interface to cachable
1048 dynamically-compiled Mustache templates (currently uses lightncandy library).
1049 * Clickable anchors for each section heading in the content are now generated
1050 and appear in the gutter on hovering over the heading.
1051 * Added 'CategoryViewer::doCategoryQuery' and 'CategoryViewer::generateLink' hooks
1052 to allow extensions to override how links to pages are rendered within NS_CATEGORY
1053 * (T19665) Special:WantedPages only lists page which having at least one red link
1054 pointing to it.
1055 * New hooks 'ApiMain::moduleManager' and 'ApiQuery::moduleManager', can be
1056 used for conditional registration of API modules.
1057 * New hook 'EnhancedChangesList::getLogText' to alter, remove or add to the
1058 links of a group of changes in EnhancedChangesList.
1059 * A full interface for StatsD metric reporting has been added to the context
1060 interface, reachable via IContextSource::getStats().
1061 * Move the jQuery Client library from being mastered in MediaWiki as v0.1.0 to a
1062 proper, published library, which is now tagged as v1.0.0.
1063 * A new message (defaulting to blank), 'editnotice-notext', can be shown to users
1064 when they are editing if no edit notices apply to the page being edited.
1065 * (T94536) You can now make the sitenotice appear to logged-in users only by
1066 editing MediaWiki:Anonnotice and replacing its content with "". Setting it to
1067 "-" (default) will continue disable it and fallback to MediaWiki:Sitenotice.
1068 * Modifying the tagging of a revision or log entry is now available via
1069 Special:EditTags, generally accessed via the revision-deletion-like interface
1070 on history pages and Special:Log is likely to be more useful.
1071 * Added 'applychangetags' and 'changetags' user rights.
1072 * (T35235) LogFormatter subclasses are now responsible for formatting the
1073 parameters for API log event output. Extensions should implement the new
1074 getParametersForApi() method in their log formatters.
1075
1076 ==== External libraries ====
1077 * MediaWiki now requires certain external libraries to be installed. In the past
1078 these were bundled inside the Git repository of MediaWiki core, but now they
1079 need to be installed separately. For users using the tarball, this will be taken
1080 care of and no action will be required. Users using Git will either need to use
1081 composer to fetch dependencies or use the mediawiki/vendor repository which includes
1082 all dependencies for MediaWiki core and ones used in Wikimedia deployment. Detailed
1083 instructions can be found at:
1084 https://www.mediawiki.org/wiki/Download_from_Git#Fetch_external_libraries
1085 * The following libraries are now required:
1086 ** psr/log
1087 This library provides the interfaces set by the PSR-3 standard (http://www.php-fig.org/psr/psr-3/)
1088 which are used by MediaWiki internally via the
1089 MediaWiki\Logger\LoggerFactory class.
1090 See the structured logging RfC (https://www.mediawiki.org/wiki/Special:MyLanguage/Requests_for_comment/Structured_logging)
1091 for more background information.
1092 ** cssjanus/cssjanus
1093 This library was formerly bundled with MediaWiki core and has been removed.
1094 It automatically flips CSS for RTL support.
1095 ** leafo/lessphp
1096 This library was formerly bundled with MediaWiki core and has been removed.
1097 It compiles LESS files into CSS.
1098 ** wikimedia/cdb
1099 This library was formerly a part of MediaWiki core, and has been moved into a separate library.
1100 It provides CDB functions which are used in the Interwiki and Localization caches.
1101 More information about the library can be found at https://www.mediawiki.org/wiki/Special:MyLanguage/CDB.
1102 ** liuggio/statsd-php-client
1103 This library provides a StatsD client API for logging application metrics to a remote server.
1104
1105 === Bug fixes in 1.25 ===
1106 * (T73003) No additional code will be generated to try to load CSS-embedded
1107 SVG images in Internet Explorer 6 and 7, as they don't support them anyway.
1108 * (T69021) On Special:BookSources, corrected validation of ISBNs (both
1109 10- and 13-digit forms) containing "X".
1110 * Page moving was refactored into a MovePage class. As part of that:
1111 ** The AbortMove hook was removed.
1112 ** MovePageIsValidMove is for extensions to specify whether a page
1113 cannot be moved for technical reasons, and should not be overridden.
1114 ** MovePageCheckPermissions is for checking whether the given user is
1115 allowed to make the move.
1116 ** Title::moveNoAuth() was deprecated. Use the MovePage class instead.
1117 ** Title::moveTo() was deprecated. Use the MovePage class instead.
1118 ** Title::isValidMoveOperation() broken down into MovePage::isValidMove()
1119 and MovePage::checkPermissions().
1120 * (T18530) Multiple autocomments are now formatted in an edit summary.
1121 * (T70361) Autocomments containing "/*" are parsed correctly.
1122 * The Special:WhatLinksHere page linked from 'Number of redirects to this page'
1123 on action=info about a file page does not list file links anymore.
1124 * (T78637) Search bar is not autofocused unless it is empty so that proper scrolling using arrow keys is possible.
1125 * (T50853) Database::makeList() modified to handle 'NULL' separately when building IN clause
1126 * (T85192) Captcha position modified in Usercreate template. As a result:
1127 ** extrafields parameter added to Usercreate.php to insert additional data
1128 ** 'extend' method added to QuickTemplate to append additional values to any field of data array
1129 * (T86974) Several Title methods now load from the database when necessary
1130 (instead of returning incorrect results) even when the page ID is known.
1131 * (T74070) Duplicate search for archived files on file upload now omits the extension.
1132 This requires the fa_sha1 field being populated.
1133 * Removed rel="archives" from the "View history" link, as it did not pass
1134 HTML validation.
1135 * $wgUseTidy is now set when parserTests are run with the tidy option to match
1136 output on wiki.
1137 * (T37472) update.php will purge ResourceLoader cache unless --nopurge is passed to it.
1138 * (T72109) mediawiki.language should respect $wgTranslateNumerals in convertNumber().
1139
1140 === Action API changes in 1.25 ===
1141 * (T67403) XML tag highlighting is now only performed for formats
1142 "xmlfm" and "wddxfm".
1143 * action=paraminfo supports generalized submodules (modules=query+value),
1144 querymodules and formatmodules are deprecated
1145 * action=paraminfo no longer outputs descriptions and other help text by
1146 default. If needed, it may be requested using the new 'helpformat' parameter.
1147 * action=help has been completely rewritten, and outputs help in HTML
1148 rather than plain text.
1149 * Hitting api.php without specifying an action now displays only the help for
1150 the main module, with links to submodule help.
1151 * API help is no longer displayed on errors.
1152 * 'uselang' is now a recognized API parameter; "uselang=user" may be used to
1153 explicitly select the language from the current user's preferences, and
1154 "uselang=content" may be used to select the wiki's content language.
1155 * Default output format for the API is now jsonfm.
1156 * Simplified continuation will return a "batchcomplete" property in the result
1157 when a batch of pages is complete.
1158 * Pretty-printed HTML output now has nicer formatting and (if available)
1159 better syntax highlighting.
1160 * Deprecated list=deletedrevs in favor of newly-added prop=deletedrevisions and
1161 list=alldeletedrevisions.
1162 * prop=revisions will gracefully continue when given too many revids or titles,
1163 rather than just ignoring the extras.
1164 * prop=revisions will no longer die if rvcontentformat doesn't match a
1165 revision's content model; it will instead warn and omit the content.
1166 * If the user has the 'deletedhistory' right, action=query's revids parameter
1167 will now recognize deleted revids.
1168 * prop=revisions may be used as a generator, generating revids.
1169 * (T68776) format=json results will no longer be corrupted when
1170 $wgMangleFlashPolicy is in effect. format=php results will cleanly return an
1171 error instead of returning invalid serialized data.
1172 * Generators may now return data for the generated pages when used with
1173 action=query.
1174 * Query page data for generator=search and generator=prefixsearch will now
1175 include an "index" field, which may be used by the client for sorting the
1176 search results.
1177 * ApiOpenSearch now supports XML output.
1178 * ApiOpenSearch will now output descriptions and URLs as array indexes 2 and 3
1179 in JSON format.
1180 * (T76051) list=tags will now continue correctly.
1181 * (T76052) list=tags can now indicate whether a tag is defined.
1182 * (T75522) list=prefixsearch now supports continuation
1183 * (T78737) action=expandtemplates can now return page properties.
1184 * (T78690) list=allimages now accepts multiple pipe-separated values
1185 for the 'aimime' parameter.
1186 * prop=info with inprop=protections will now return applicable protection types
1187 with the 'restrictiontypes' key.
1188 * (T85417) When resolving redirects, ApiPageSet will now add the targets of
1189 interwiki redirects to the list of interwiki titles.
1190 * (T85417) When outputting the list of redirect titles, a 'tointerwiki'
1191 property (like the existing 'tofragment' property) will be set.
1192 * Added action=managetags to allow for managing the list of
1193 user-modifiable change tags. Actually modifying the tagging of a revision or
1194 log entry is not implemented yet.
1195 * list=tags has additional properties to indicate 'active' status and tag
1196 sources.
1197 * siprop=libraries was added to ApiQuerySiteInfo to list installed external libraries.
1198 * (T88010) Added action=checktoken, to test a CSRF token's validity.
1199 * (T88010) Added intestactions to prop=info, to allow querying of
1200 Title::userCan() via the API.
1201 * Default type param for query list=watchlist and list=recentchanges has
1202 been changed from all types (e.g. including 'external') to 'edit|new|log'.
1203 * Added formatversion to format=json. Still "experimental" as further changes
1204 to the output formatting might still be made.
1205 * (T73020) Log event details are now always under a 'params' subkey for
1206 list=logevents, and a 'logparams' subkey for list=watchlist and
1207 list=recentchanges.
1208 * Log event details are changing formatting:
1209 * block events now report flags as an array rather than as a comma-separated
1210 list.
1211 * patrol events now report the 'auto' flag as a boolean (absent/empty string
1212 for BC formats) rather than as an integer.
1213 * rights events now report the old and new group lists as arrays rather than
1214 as comma-separated lists.
1215 * merge events use new-style formatting.
1216 * delete/event and delete/revision events use new-style formatting.
1217 * The root node and various other nodes will now always be an object in formats
1218 such as json that distinguish between arrays and objects.
1219 * Except for action=opensearch where the spec requires an array.
1220
1221 === Action API internal changes in 1.25 ===
1222 * ApiHelp has been rewritten to support i18n and paginated HTML output.
1223 Most existing modules should continue working without changes, but should do
1224 the following:
1225 * Add an i18n message "apihelp-{$moduleName}-description" to replace getDescription().
1226 * Add i18n messages "apihelp-{$moduleName}-param-{$param}" for each parameter
1227 to replace getParamDescription(). If necessary, the settings array returned
1228 by getParams() can use the new ApiBase::PARAM_HELP_MSG key to override the
1229 message.
1230 * Implement getExamplesMessages() to replace getExamples().
1231 * Modules with submodules (like action=query) must have their submodules
1232 override ApiBase::getParent() to return the correct parent object.
1233 * The 'APIGetDescription' and 'APIGetParamDescription' hooks are deprecated,
1234 and will have no effect for modules using i18n messages. Use
1235 'APIGetDescriptionMessages' and 'APIGetParamDescriptionMessages' instead.
1236 * Api formatters will no longer be asked to display the help screen on errors.
1237 * ApiMain::getCredits() was removed. The credits are available in the
1238 'api-credits' i18n message.
1239 * ApiFormatBase has been changed to support i18n and syntax highlighting via
1240 extensions with the new 'ApiFormatHighlight' hook. Core syntax highlighting
1241 has been removed.
1242 * ApiFormatBase now always buffers. Output is done when
1243 ApiFormatBase::closePrinter is called.
1244 * Much of the logic in ApiQueryRevisions has been split into ApiQueryRevisionsBase.
1245 * The 'revids' parameter supplied by ApiPageSet will now count deleted
1246 revisions as "good" if the user has the 'deletedhistory' right. New methods
1247 ApiPageSet::getLiveRevisionIDs() and ApiPageSet::getDeletedRevisionIDs() are
1248 provided to access just the live or just the deleted revids.
1249 * Added ApiPageSet::setGeneratorData() and ApiPageSet::populateGeneratorData()
1250 to allow generators to include data in the action=query result.
1251 * New hooks 'ApiMain::moduleManager' and 'ApiQuery::moduleManager', can be
1252 used for conditional registration of API modules.
1253 * Added ApiBase::lacksSameOriginSecurity() to allow modules to easily check if
1254 the current request was sent with the 'callback' parameter (or any future
1255 method that breaks the same-origin policy).
1256 * Profiling methods in ApiBase are deprecated and no longer need to be called.
1257 * ApiResult was greatly overhauled. See inline documentation for details.
1258 * ApiResult will automatically convert objects to strings or arrays (depending
1259 on whether a __toString() method exists on the object), and will refuse to
1260 add unsupported value types.
1261 * An informal interface, ApiSerializable, exists to override the default
1262 object conversion.
1263 * ApiResult/ApiFormatBase "raw mode" is deprecated.
1264 * ApiFormatXml now assumes defaults and so on instead of throwing errors when
1265 metadata isn't set.
1266 * (T35235) LogFormatter subclasses are now responsible for formatting log event
1267 parameters for the API.
1268 * Many modules have changed result data formats. While this shouldn't affect
1269 clients not using the experimental formatversion=2, code using
1270 ApiResult::getResultData() without the transformations for backwards
1271 compatibility may need updating, as will code that wasn't following the old
1272 conventions for API boolean output.
1273 * The following methods have been deprecated and may be removed in a future
1274 release:
1275 * ApiBase::getDescription
1276 * ApiBase::getParamDescription
1277 * ApiBase::getExamples
1278 * ApiBase::makeHelpMsg
1279 * ApiBase::makeHelpArrayToString
1280 * ApiBase::makeHelpMsgParameters
1281 * ApiBase::getModuleProfileName
1282 * ApiBase::profileIn
1283 * ApiBase::profileOut
1284 * ApiBase::safeProfileOut
1285 * ApiBase::getProfileTime
1286 * ApiBase::profileDBIn
1287 * ApiBase::profileDBOut
1288 * ApiBase::getProfileDBTime
1289 * ApiBase::getResultData
1290 * ApiFormatBase::setUnescapeAmps
1291 * ApiFormatBase::getWantsHelp
1292 * ApiFormatBase::setHelp
1293 * ApiFormatBase::formatHTML
1294 * ApiFormatBase::setBufferResult
1295 * ApiFormatBase::getDescription
1296 * ApiFormatBase::getNeedsRawData
1297 * ApiMain::setHelp
1298 * ApiMain::reallyMakeHelpMsg
1299 * ApiMain::makeHelpMsgHeader
1300 * ApiResult::setRawMode
1301 * ApiResult::getIsRawMode
1302 * ApiResult::getData
1303 * ApiResult::setElement
1304 * ApiResult::setContent
1305 * ApiResult::setIndexedTagName_recursive
1306 * ApiResult::setIndexedTagName_internal
1307 * ApiResult::setParsedLimit
1308 * ApiResult::beginContinuation
1309 * ApiResult::setContinueParam
1310 * ApiResult::setGeneratorContinueParam
1311 * ApiResult::endContinuation
1312 * ApiResult::size
1313 * ApiResult::convertStatusToArray
1314 * ApiQueryImageInfo::getPropertyDescriptions
1315 * ApiQueryLogEvents::addLogParams
1316 * The following classes have been deprecated and may be removed in a future
1317 release:
1318 * ApiQueryDeletedrevs
1319
1320 === Languages updated in 1.25 ===
1321
1322 MediaWiki supports over 350 languages. Many localisations are updated
1323 regularly. Below only new and removed languages are listed, as well as
1324 changes to languages because of Bugzilla reports.
1325
1326 * Languages added:
1327 ** awa (अवधी / Awadhi), thanks to translator 1AnuraagPandey;
1328 ** bgn (بلوچی رخشانی / Western Balochi), thanks to translators
1329 Baloch Afghanistan, Ibrahim khashrowdi and Rachitrali;
1330 ** ses (Koyraboro Senni), thanks to translator Songhay.
1331 * (T66440) Kazakh (kk) wikis should no longer forcefully reset the user's
1332 interface language to kk where unexpected.
1333 * The Chinese conversion table was substantially updated to fix a lot of
1334 bugs and ensure better reading experience for different variants.
1335
1336 === Other changes in 1.25 ===
1337 * (T45591) Links to MediaWiki.org translatable help were added to indicators,
1338 mostly in special pages. Local custom target titles can be placed in the
1339 relevant '(namespace-X|action name|special page name)-helppage' system
1340 message. Extensions can use the addHelpLink() function to do the same.
1341 * The skin autodiscovery mechanism, deprecated in MediaWiki 1.23, has been
1342 removed. See https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery for
1343 migration guide for creators and users of custom skins that relied on it.
1344 * Javascript variables 'wgFileCanRotate' and 'wgFileExtensions' now only
1345 available on Special:Upload.
1346 * (T58257) Set site logo from mediawiki.skinning.interface module instead of
1347 inline styles in the HTML.
1348 * Removed ApiQueryUsers::getAutoGroups(). (deprecated since 1.20)
1349 * Removed XmlDumpWriter::schemaVersion(). (deprecated since 1.20)
1350 * Removed LogEventsList::getDisplayTitle(). (deprecated since 1.20)
1351 * Removed Preferences::trySetUserEmail(). (deprecated since 1.20)
1352 * Removed mw.user.name() and mw.user.anonymous() methods. (deprecated since 1.20)
1353 * Removed 'ok' and 'err' parameters in the mediawiki.api modules. (deprecated
1354 since 1.20)
1355 * Removed 'async' parameter from the mw.Api#getCategories() method. (deprecated
1356 since 1.20)
1357 * Removed 'jquery.json' module. (deprecated since 1.24)
1358 Use the 'json' module and global JSON object instead.
1359 * Deprecated OutputPage::readOnlyPage() and OutputPage::rateLimited().
1360 Also, the former will now throw an MWException if called with one or more
1361 arguments.
1362 * Removed hitcounters and associated code.
1363 * The "temp" zone of the upload respository is now considered private. If it
1364 already exists (such as under the images/ directory), please make sure that
1365 the directory is not web readable (e.g. via a .htaccess file).
1366 * BREAKING CHANGE: In the XML dump format used by Special:Export and
1367 dumpBackup.php, the <model> and <format> tags now apprear before the <text>
1368 tag, instead of after the <text> and <sha1> tags.
1369 The new schema version is 0.10, the new schema URI is:
1370 https://www.mediawiki.org/xml/export-0.10.xsd
1371 * MWFunction::call() and MWFunction::callArray() were removed, having being
1372 deprecated in 1.22.
1373 * Deprecated the getInternalLinkAttributes, getInternalLinkAttributesObj,
1374 and getInternalLinkAttributes methods in Linker, and removed
1375 getExternalLinkAttributes method, which was deprecated in MediaWiki 1.18.
1376 * Removed Sites class, which was deprecated in 1.21 and replaced by SiteSQLStore.
1377 * Added wgRelevantArticleId to the client-side config, for use on special pages.
1378 * Deprecated the TitleIsCssOrJsPage hook. Superseded by the
1379 ContentHandlerDefaultModelFor hook since MediaWiki 1.21.
1380 * Deprecated the TitleIsWikitextPage hook. Superseded by the
1381 ContentHandlerDefaultModelFor hook since MediaWiki 1.21.
1382 * Changed parsing of variables in schema (.sql) files:
1383 ** The substituted values are no longer parsed. (Formerly, several passes
1384 were made for each variable, so depending on the order in which variables
1385 were defined, variables might have been found inside encoded values. This
1386 is no longer the case.)
1387 ** Variables are no longer string encoded when the /*$var*/ syntax is used.
1388 If string encoding is necessary, use the '{$var}' syntax instead.
1389 ** Variable names must only consist of one or more of the characters
1390 "A-Za-z0-9_".
1391 ** In source text of the form '{$A}'{$B}' or `{$A}`{$B}`, where variable A
1392 does not exist yet variable B does, the latter may not be replaced.
1393 However, this difference is unlikely to arise in practice.
1394 * (T67278) RFC, PMID, and ISBN "magic links" must be surrounded by non-word
1395 characters on both sides.
1396 * The FormatAutocomments hook will now receive $pre and $post as booleans,
1397 rather than as strings that must be prepended or appended to $comment.
1398 * (T30950, T31025) RFC, PMID, and ISBN "magic links" can no longer contain
1399 newlines; but they can contain &nbsp; and other non-newline whitespace.
1400 * The 'mediawiki.action.edit' ResourceLoader module no longer generates the edit
1401 toolbar, which has been moved to a separate 'mediawiki.toolbar' module. If you
1402 relied on this behavior, update your scripts' dependencies.
1403 * HTMLForm's 'vform' display style has been separated to a subclass. Therefore:
1404 * HTMLForm::isVForm() is now deprecated.
1405 * You can no longer do this:
1406 $form = new HTMLForm( … );
1407 $form->setDisplayFormat( 'vform' ); // throws exception
1408 Instead, do this:
1409 $form = HTMLForm::factory( 'vform', … );
1410 * Deprecated Revision methods getRawUser(), getRawUserText() and getRawComment().
1411 * BREAKING CHANGE: mediawiki.user.generateRandomSessionId:
1412 The alphabet of the prior string returned was A-Za-z0-9 and now it is 0-9A-F
1413 * (T87504) Avoid serving SVG background-images in CSS for Opera 12, which
1414 renders them incorrectly when combined with border-radius or background-size.
1415 * Removed maintenance script dumpSisterSites.php.
1416 * DatabaseBase class constructors must be called using the array argument style.
1417 Ideally, DatabaseBase:factory() should be used instead in most cases.
1418 * Deprecated ParserOutput::addSecondaryDataUpdate and ParserOutput::getSecondaryDataUpdates.
1419 This is a hard deprecation, with getSecondaryDataUpdates returning an empty array and
1420 addSecondaryDataUpdate throwing an exception. These functions will be removed in 1.26,
1421 since they interfere with caching of ParserOutput objects.
1422 * Introduced new hook 'SecondaryDataUpdates' that allows extensions to inject custom updates.
1423 * Introduced new hook 'OpportunisticLinksUpdate' that allows extensions to perform
1424 updates when a page is re-rendered.
1425 * EditPage::attemptSave has been modified not to call handleStatus itself and
1426 instead just returns the Status object. Extension calling it should be aware of
1427 this.
1428 * Removed class DBObject. (unused since 1.10)
1429 * wfDiff() is deprecated.
1430 * The -m (maximum replication lag) option of refreshLinks.php was removed.
1431 It had no effect since MediaWiki 1.18 and should be removed from any cron
1432 jobs or similar scripts you may have set up.
1433 * (T85864) The following messages no longer support raw html: redirectto,
1434 thisisdeleted, viewdeleted, editlink, retrievedfrom, version-poweredby-others,
1435 retrievedfrom, thisisdeleted, viewsourcelink, lastmodifiedat, laggedslavemode,
1436 protect-summary-cascade
1437 * All BloomCache related code has been removed. This was largely experimental.
1438 * $wgResourceModuleSkinStyles no longer supports per-module local or remote paths. They
1439 can only be set for the entire skin.
1440 * Removed global function swap(). (deprecated since 1.24)
1441 * Deprecated the ".php5" file extension entry points and the $wgScriptExtension
1442 configuration variable. Refer to the ".php" files instead. If you want
1443 ".php5" URLs to continue to work, set up redirects. In Apache, this can be
1444 done by enabling mod_rewrite and adding the following rules to your
1445 configuration:
1446
1447 RewriteEngine On
1448 RewriteBase /
1449 RewriteRule ^(.*)\.php5 $1.php [R=301,L]
1450
1451 * The global importScriptURI and importStylesheetURI functions, as well as the
1452 loadedScripts object, from wikibits.js (deprecated since 1.17) now emit
1453 warnings through mw.log.warn when accessed.
1454
1455 = MediaWiki 1.24 =
1456
1457 == MediaWiki 1.24.6 ==
1458
1459 This is a maintenance release of the MediaWiki 1.24 branch.
1460
1461 === Changes since 1.24.5 ===
1462 * (T121892) Fix fatal error on some Special pages, introduced in 1.24.5.
1463
1464 == MediaWiki 1.24.5 ==
1465
1466 This is a security and maintenance release of the MediaWiki 1.23 branch.
1467
1468 === Changes since 1.24.4 ===
1469 * (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths
1470 that do not begin with a slash. This enabled trivial XSS attacks.
1471 Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are
1472 "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an
1473 error.
1474 * (T119309) SECURITY: Use hash_compare() for edit token comparison
1475 * (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting
1476 with '@' as file uploads
1477 * (T115522) SECURITY: Passwords generated by User::randomPassword() can no
1478 longer be shorter than $wgMinimalPasswordLength
1479 * (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could
1480 result in improper blocks being issued
1481 * (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions
1482 and related pages no longer use HTTP redirects and are now redirected by
1483 MediaWiki
1484 * (T103237) $wgUseGzip had no effect when using file cache.
1485
1486 == MediaWiki 1.24.4 ==
1487
1488 This is a security and maintenance release of the MediaWiki 1.24 branch.
1489
1490 === Changes since 1.24.3 ===
1491
1492 * (T91653) Minimal PSR-3 debug logger to support backports from 1.25+.
1493 * (T68650) Fix indexing of moved pages with PostgreSQL. Requires running
1494 update.php to fix.
1495 * (T91850) SECURITY: Add throttle check in ApiUpload and SpecialUpload
1496 * (T91203, T91205) SECURITY: API: Improve validation in chunked uploading
1497 * (T95589) SECURITY: RevDel: Check all revisions for suppression, not just the
1498 first
1499 * (T108616) SECURITY: Avoid exposure of local path in PNG thumbnails
1500
1501 == MediaWiki 1.24.3 ==
1502
1503 This is a security and maintenance release of the MediaWiki 1.24 branch.
1504
1505 === Changes since 1.24.2 ===
1506
1507 * (T94116) SECURITY: Compare API watchlist token in constant time
1508 * (T97391) SECURITY: Escape error message strings in thumb.php
1509 * (T106893) SECURITY: Don't leak autoblocked IP addresses on
1510 Special:DeletedContributions
1511 * Update jQuery from v1.11.2 to v1.11.3.
1512 * (T102562) Fix InstantCommons parameters to handle the new HTTPS-only
1513 policy of Wikimedia Commons.
1514
1515 == MediaWiki 1.24.2 ==
1516
1517 This is a security and maintenance release of the MediaWiki 1.24 branch.
1518
1519 === Changes since 1.24.1 ===
1520
1521 * (T85848, T71210) SECURITY: Don't parse XMP blocks that contain XML entities,
1522 to prevent various DoS attacks.
1523 * (T85848) SECURITY: Don't allow directly calling Xml::isWellFormed, to reduce
1524 likelihood of DoS.
1525 * (T88310) SECURITY: Always expand xml entities when checking SVG's.
1526 * (T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS.
1527 * (T85855) SECURITY: Don't execute another user's CSS or JS on preview.
1528 * (T64685) SECURITY: Allow setting maximal password length to prevent DoS when
1529 using PBKDF2.
1530 * (T85349, T85850, T86711) SECURITY: Multiple issues fixed in SVG filtering to
1531 prevent XSS and protect viewer's privacy.
1532 * Fix case of SpecialAllPages/SpecialAllMessages in SpecialPageFactory to fix
1533 loading these special pages when $wgAutoloadAttemptLowercase is false.
1534 * (bug T70087) Fix Special:ActiveUsers page for installations using
1535 PostgreSQL.
1536 * (bug T76254) Fix deleting of pages with PostgreSQL. Requires a schema change
1537 and running update.php to fix.
1538
1539 == MediaWiki 1.24.1 ==
1540
1541 This is a security and maintenance release of the MediaWiki 1.24 branch.
1542
1543 === Changes since 1.24.0 ===
1544
1545 * (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which
1546 could lead to xss. Permission to edit MediaWiki namespace is required to
1547 exploit this.
1548 * (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in
1549 $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as
1550 part of its name.
1551 * (bug T74222) The original patch for T74222 was reverted as unnecessary.
1552 * Fixed a couple of entries in RELEASE-NOTES-1.24.
1553 * (bug T76168) OutputPage: Add accessors for some protected properties.
1554 * (bug T74834) Make 1.24 branch directly installable under PostgreSQL.
1555
1556 == MediaWiki 1.24.0 ==
1557
1558 === Configuration changes in 1.24 ===
1559 * MediaWiki will no longer run if register_globals is enabled. It has been
1560 deprecated for 5 years now, and was removed in PHP 5.4. For more information
1561 about why, see <https://www.mediawiki.org/wiki/register_globals>.
1562 * MediaWiki now requires PHP's iconv extension. openSUSE users may need to
1563 install the php5-iconv package. Users of other systems may need to add
1564 extension=iconv.so to php.ini or recompile PHP without --without-iconv.
1565 * MediaWiki will no longer function if magic quotes are enabled. It has
1566 been deprecated for 5 years now, and was removed in PHP 5.4.
1567 * The server's canonical hostname is available as $wgServerName, which is
1568 exposed in both mw.config and ApiQuerySiteInfo.
1569 * Introduced $wgPagePropsHaveSortkey as a backwards-compatibility switch,
1570 for using the old schema of the page_props table, in case the respective
1571 schema update was not applied.
1572 * $wgSearchEverythingOnlyLoggedIn was removed as the 'searcheverything'
1573 user option was removed. Use $wgNamespacesToBeSearchedDefault instead or
1574 if you used to have $wgDefaultUserOptions['searcheverything'] = 1.
1575 * $wgMasterWaitTimeout has been deprecated.
1576 * $wgDBClusterTimeout has been removed.
1577 * $wgProxyKey has been removed. It is no longer used by MediaWiki core.
1578 Ensure $wgSecretKey is set in LocalSettings.php.
1579 * $wgExtraInterlanguageLinkPrefixes is a new configuration variable that
1580 contains an array of interwiki prefixes that should be treated as language
1581 prefixes (i.e. turned into interlanguage links when $wgInterwikiMagic is set
1582 to true).
1583 * $wgParserTestRemote has been removed.
1584 * $wgCountTotalSearchHits has been removed. If you're concerned about efficiency
1585 of search, you should use something like CirrusSearch instead of built in
1586 search.
1587 * Users in the 'sysop' group have access to Special:MergeHistory by default.
1588 * $wgFileStore was removed after having been deprecated in 1.17. Alternative
1589 configurations are $wgDeletedDirectory and $wgHashedUploadDirectory.
1590 * The deprecated $wgUseCommaCount variable has been removed.
1591 * $wgEnableSorbs and $wgSorbsUrl have been removed.
1592 * The UserCryptPassword and UserComparePassword hooks are no longer called.
1593 Any extensions using them must be updated to use the Password Hashing API.
1594 * $wgCompiledFiles has been removed.
1595 * $wgSortSpecialPages was removed, the listing on Special:SpecialPages is
1596 now always sorted.
1597 * $wgSpecialPages may now use callback functions as an alternative to plain class names.
1598 This allows more control over constructor parameters.
1599 * $wgHTCPMulticastAddress, $wgHTCPMulticastRouting and $wgHTCPPort were removed.
1600 * $wgRC2UDPAddress, $wgRC2UDPInterwikiPrefix, $wgRC2UDPOmitBots, $wgRC2UDPPort
1601 and $wgRC2UDPPrefix have been removed.
1602 * The default password type for MediaWiki has been changed from MD5 to PBKDF2.
1603 Password hashes will automatically be updated as users log in. If necessary, the
1604 old MD5 hashing can be restored by changing $wgPasswordDefault to 'B'. In addition,
1605 there is a maintenance script wrapOldPassword.php that can wrap all passwords in
1606 PBKDF2 (or the hashing algorithm of your choice) if you don't want to wait for your
1607 users to log in.
1608 * $wgImportSources can now either be a regular array, or an associative map
1609 specifying subprojects on the interwiki map of the target wiki, or a mix of
1610 the two. Existing configurations will still work.
1611 * Users must be able to edit through a page's protection to be able to delete it.
1612 * The default thumb size ($wgDefaultUserOptions['thumbsize']) is now 300px, up from
1613 180px. If you have altered the number of entries in $wgThumbLimits for your wiki, you
1614 may need to adjust your default user settings to compensate for the index change.
1615 * $wgDeferredUpdateList is now deprecated, you should use DeferredUpdates::addUpdate()
1616 instead.
1617 * $wgCanonicalLanguageLinks has been removed. Per Google recommendations, we
1618 will not send a rel=canonical pointing to a variant-neutral page, however
1619 we will send rel=alternate.
1620 * $wgResourceLoaderLESSFunctions has been deprecated and will be removed in the future.
1621 * $wgGoToEdit has been removed. Use the SpecialSearchNogomatch hook for similar
1622 functionality.
1623
1624 === New features in 1.24 ===
1625 * Added new hook WatchlistEditorBeforeFormRender, allowing subscribers to
1626 manipulate the list of pages and/or preload lots of data at once.
1627 * Added new argument &$link in hook WatchlistEditorBuildRemoveLine, allowing the
1628 link to the title to be changed.
1629 * Added a new hook, "WhatLinksHereProps", to allow extensions to annotate
1630 WhatLinksHere entries.
1631 * Added a new hook, "ContentGetParserOutput", to customize parser output for
1632 a given content object.
1633 * Deprecated the hook "ShowRawCssJs", use "ContentGetParserOutput" instead.
1634 * HTMLForm's HTMLTextField now supports the 'url' type.
1635 * HTMLForm fields may now be dynamically hidden based on the values of other
1636 fields in the form.
1637 * HTMLForm now supports multiple copies of an input field or set of input
1638 fields, e.g. the form may request "one or more usernames" without having to
1639 have the user enter delimited list of names into a text field.
1640 * Added a new hook, "SidebarBeforeOutput", to allow to edit the structure of
1641 the sidebar just before its display.
1642 * (bug 49156) Added the mediawiki.cookie ResourceLoader module, which wraps
1643 jquery.cookie so that getting/setting a cookie is syntactically and
1644 functionally similar to using the WebRequest::getCookie() and
1645 WebResponse::setcookie() methods.
1646 * (bug 44740) jQuery upgraded from 1.8.3 to 1.11.1. A new configuration option,
1647 $wgIncludejQueryMigrate, also loads the jQuery Migrate hack to let extensions
1648 and gadgets use the long-deprecated functions that were removed in jQuery 1.9.
1649 This option is turned off by default, and will be removed in MediaWiki 1.25.
1650 * (bug 47076) jQuery UI upgraded from 1.8.24 to 1.9.2.
1651 * Changes to content typography (fonts, etc.). See
1652 https://www.mediawiki.org/wiki/Typography_refresh for further information.
1653 * WikitextContent will now render redirects with the expected "redirect"
1654 header, rather than as an ordered list. Code calling Article::viewRedirect
1655 can probably be changed to no longer special-case redirects.
1656 * Header font set to a serif font stack. See
1657 https://www.mediawiki.org/wiki/Typography_refresh for further information.
1658 * (bug 65567) Added a new hook, "BeforeHttpsRedirect", to allow cancellation of
1659 the HTTP to HTTPS redirect due to forceHTTPS cookie, userRequires, etc. This
1660 is only for page views, since this hook doesn't affect UserLogin, OAuth,
1661 CentralAuth, etc. ATTENTION: This hook is likely to be removed soon due to
1662 overall design of the system.
1663 * (bug 17367) It is now possible to add pages to your watchlist from
1664 Special:UnwatchedPages without reloading the special page.
1665 * New methods setVolatile and isVolatile are added to PPFrame, so that
1666 extensions such as Cite.php can mark that their output is volatile and
1667 shouldn't be cached.
1668 * (bug 52817) Advanced search options are now saved on the search page itself,
1669 rather than in a dedicated pane in the preferences panel.
1670 * (bug 44591) The dropdown actions menu (little triangle next to page tabs) in
1671 the Vector skin has gained a label that should make it more discoverable.
1672 * MWCryptHKDF added for fast, cryptographically secure random number generation
1673 that won't deplete openssl's entropy pool.
1674 * ResourceLoader: File modules can now provide a skip function that uses an
1675 inline feature test to bypass loading of the module.
1676 * (bug 20210) Special pages may now provide autocompletion of their subpage
1677 names in search suggestions. Right now the only useful implementation is in
1678 Special:Log, but more are to come.
1679 * Special:MostLinkedTemplates is no longer limited to transclusions from the
1680 Template namespace.
1681 * Skins can now use 'remoteSkinPath' when defining ResourceLoader modules.
1682 This works the same as 'remoteExtPath' but is relative to the skins/ folder
1683 instead of the extensions/ folder.
1684 * Added the json2.js polyfill for the ES5 JSON.stringify and JSON.parse methods.
1685 Exposed as module "json" with a skip function to optimise loading.
1686 * Extensions and skins may now use 'namemsg' in $wgExtensionCredits in addition
1687 to 'name', to allow for the name to be localizable. 'name' should still be
1688 specified for backwards-compatibility and to define the path Special:Version
1689 uses to find extension license information.
1690 * Browser tests are now included to verify basic wiki functionality in developer
1691 environments. For details on running tests, see tests/browser/README.mediawiki.
1692 * Upgrade jStorage to v0.4.10.
1693 * {{!}} is now a magic word that produces the | character. This removes the need
1694 for Template:! for purposes such as passing pipes inside of parameters.
1695 * (bug 20790) The block log snippet on Special:Contributions and while
1696 editing user and user talk pages now works for IP range blocks.
1697 * (bug 9360) Added ability to change the page language for MediaWiki pages using
1698 Special:PageLanguage. All pages are set to wiki language by default.
1699 The feature needs to be enabled with $wgPageLanguageUseDB=true and
1700 permission needs to be set for 'pagelang'.
1701 * Upgrade Moment.js to v2.8.3.
1702 * (bug 67042) Added support for the HTML5 <rtc> tag for East Asian typography.
1703 * Upgrade Sinon.JS to 1.10.3.
1704 * Added the es5-shim polyfill for older or non-compliant javascript engines.
1705 * Upgrade jQuery Cookie to v1.3.1.
1706 * (bug 20476) Add a "viewsuppressed" user right to be able to view
1707 suppressed content but not suppress it ("suppressrevision" right).
1708 * (bug 66440) The MediaWiki web installer will now allow you to choose the skins
1709 to enable (from the ones included in download tarball) and decide which one
1710 should be the default.
1711 * (bug 68085, 68802) Links like [[localInterwikiPrefix:languageCode:pageTitle]],
1712 where localInterwikiPrefix is a member of the $wgLocalInterwikis array, will
1713 no longer be displayed in the sidebar when $wgInterwikiMagic is true. In a
1714 similar way, links like [[localInterwikiPrefix:File:Image.png]] and
1715 [[localInterwikiPrefix:Category:Hello]] will now render as regular links, and
1716 will not include the file or add the page to the category.
1717 * New special page, MyLanguage, to redirect users to subpages with localised
1718 versions of a page. (Integrated from Extension:Translate)
1719 * MediaWiki now supports multiple password types, including bcrypt and PBKDF2.
1720 The default type can be changed with $wgPasswordDefault and the type
1721 configurations can be changed with $wgPasswordConfig.
1722 * Skins can now define custom styles for default ResourceLoader modules using
1723 the $wgResourceModuleSkinStyles global. See the Vector skin for examples.
1724 * (bug 4488) There is now a preference to watch pages where the user has
1725 rollbacked an edit by default.
1726 * (bug 15484) Users will now be redirected to the login page when they need to
1727 log in, rather than being shown a page asking them to log in and having to click
1728 another link to actually get to the login page.
1729 * A JsonContent and JsonContentHandler were added for extensions to extend.
1730 * (bug 35045) Redirects to sections will now update the URL in browser's address
1731 bar using the HTML5 History API. When [[Dog]] redirects to [[Animals#Dog]],
1732 the user will now see "Animals#Dog" in their browser instead of "Dog#Dog".
1733 * API token handling has been rewritten. Any API module using tokens will need
1734 to be updated. See the entry below under "Action API internal changes".
1735 * Added HTMLAutoCompleteSelectField.
1736 * Added a new hook, "SkinPreloadExistence", to allow extensions to add titles to
1737 link existence cache before the page is rendered.
1738 * Config::set() was moved to its own interface, MutableConfig. GlobalVarConfig::set()
1739 is now deprecated, does not implement MutableConfig.
1740 * A MutableConfig named HashConfig was added, that stores an array of configuration
1741 settings.
1742 * (bug 69418) A MultiConfig implementation was added that supports fallback
1743 to multiple Config instances.
1744 * Update CSSJanus to v1.1.0.
1745 * Added FormatJson::parse() returning status with result or localized error message
1746 * Added DeletedContribsPager::reallyDoQuery hook allowing extensions to data to
1747 Special:DeletedContributions
1748 * Added DeletedContributionsLineEnding hook allowing extensions to format
1749 Special:DeletedContributions lines
1750 * (T69525) You can now make MediaWiki speed up its thumbnail rendering by using
1751 intermediary thumbnails. $wgThumbnailBuckets must be set to a list of target
1752 thumbnail widths; when a new thumbnail needs to be rendered, MediaWiki will
1753 find the smallest bucket smaller than the original but larger than the target
1754 width + $wgThumbnailMinimumBucketDistance, and it will scale that thumbnail,
1755 rather than the original, down to the target size at greater speed in return
1756 for minor loss of fidelity.
1757
1758 === Bug fixes in 1.24 ===
1759 * (bug 50572) MediaWiki:Blockip should support gender
1760 * (bug 49116) Footer copyright notice is now always displayed in user language
1761 rather than content language (same as copyright notice for editing interface).
1762 * (bug 62258) A bug was fixed in File::getUnscaledThumb when a height
1763 restriction was present in the parameters. Images with both the "frame"
1764 option and a size specification set will now always ignore the provided
1765 size and display an unscaled image, as the documentation has always
1766 claimed it would.
1767 * (bug 39035) Improved Vector skin performance by removing collapsibleNav,
1768 which used to collapse some sidebar elements by default.
1769 This removes -list id suffixes like p-lang-list: instead of using things like
1770 #p-lang-list, you can do #p-lang .body ul.
1771 * (bug 890) Links in Special:RecentChanges and Special:Watchlist no longer
1772 follow redirects to their target pages.
1773 * Parser now dies early if called recursively, instead of producing subtle bugs.
1774 * (bug 14323) Redirect pages, when viewed with redirect=no, no longer hide the
1775 remaining page content.
1776 * (bug 52587) Maintenance script deleteBatch.php no longer follows redirects
1777 in the file namespace and delete the file on the target page. It will still
1778 however delete the redirect page.
1779 * (bug 22683) {{msgnw:}} and other uses of PPFrame::RECOVER_ORIG will correctly
1780 recover the original code of extension tags.
1781 * (bug 65757) MSSQL: Update script drops unnamed constraints to be prepared
1782 for future updates. Because it's doing so heuristically, it may fail or drop
1783 wrong constraints.
1784 * (bug 67870) wfShellExec() cuts off stdout at multiples of 8192 bytes.
1785 * $wgRunJobsAsync now works with private wikis (e.g. read requires login).
1786 * (bugs 57238, 65206) Blank pages can now be directly created.
1787 * (bug 69789) Title::getContentModel() now loads from the database when
1788 necessary instead of incorrectly returning the default content model.
1789 * (bug 69249) wfBaseConvert() now works around PHP Bug #50175 when using GMP.
1790 * (bug 57909) URLs in the externallinks table will no longer have certain
1791 characters decoded in the query string.
1792 * (bug 67368) LESS mixins like .background-image() correctly flip image
1793 references for RTL stylesheets now.
1794
1795 === Action API changes in 1.24 ===
1796 * action=parse API now supports prop=modules, which provides the list of
1797 ResourceLoader modules that should be used to enhance the parsed content.
1798 * action=query&meta=siteinfo&siprop=interwikimap returns a new "protorel"
1799 field which is true if protocol-relative urls can be used to access
1800 a particular interwiki map entry.
1801 * list=logevents now provides logpage, which is the page ID from the
1802 logging table, if ids are requested and the user has the permissions.
1803 * action=edit now requires that appendtext, prependtext, or section=new be used
1804 when using the 'redirect' parameter, to prevent clients accidentally
1805 overwriting the target page with the content of the redirect.
1806 * list=logevents will now return an error if both letitle and leprefix are
1807 specified.
1808 * list=logevents has a new parameter, lenamespace, to allow filtering by
1809 namespace.
1810 * action=expandtemplates has a new parameter, prop, and a new output format.
1811 The old format is still used if prop isn't provided, but this is deprecated.
1812 * meta=userinfo can now return the count of unread pages on the watchlist.
1813 * list=watchlist can now filter by unread status.
1814 * The deprecated action=parse&prop=languageshtml has been removed.
1815 * (bug 48071) action=setnotificationtimestamp no longer throws PHP or database
1816 errors when no pages are given.
1817 * (bug 60734) Actions that use ApiPageSet (e.g. purge, watch,
1818 setnotificationtimestamp) will now include continuation information when
1819 using a generator.
1820 * Removed 'props' and 'errors' from action=paraminfo, as they have extremely
1821 limited use and are generally inaccurate, unmaintained, and impossible to
1822 properly maintain.
1823 * Formats dbg, dump, txt, wddx, and yaml are now deprecated.
1824 * action=paraminfo now indicates when a parameter is specifying a submodule.
1825 * The iwurl parameter to prop=iwlinks is deprecated in favor of iwprop=url, for
1826 parallelism with prop=langlinks.
1827 * All tokens should be fetched from action=query&meta=tokens; all other methods
1828 of fetching tokens are deprecated. The value needed for meta=tokens's 'type'
1829 parameter for each module is documented in the action=help output and is
1830 returned from action=paraminfo.
1831 * New action ClearHasMsg that can be used to clear HasMsg flag.
1832 * The cmstartsortkey and cmendsortkey parameters to list=categorymembers are
1833 deprecated in favor of cmstarthexsortkey and cmendhexsortkey.
1834 * (bug 63326) Add blockedtimestamp field to output of blockinfo property for
1835 the list=allusers and list=users modules.
1836 * prop=imageinfo no longer requires iiurlwidth to be set when using iiurlparam.
1837 * Added prop=linkshere, prop=fileusage, and prop=transcludedin, which are
1838 roughly equivalent to list=backlinks, list=imageusage, and list=embeddedin
1839 but can work on a list of titles (including titles from a generator).
1840 * prop=redirects can now filter returned redirects by namespace.
1841
1842 === Action API internal changes in 1.24 ===
1843 * Methods for handling continuation are added to ApiResult, so actions other
1844 than query that use generators can easily support continuation.
1845 * $wgAPIModules (and the related $wgAPIFormatModules, $wgAPIMetaModules,
1846 $wgAPIPropModules, and $wgAPIListModules settings) now allow API modules
1847 to be specified using a "module spec" array instead of a plain class name.
1848 A "module spec" is an associative array containing at least the 'class' key
1849 for the module's class, and optionally a 'factory' key for the factory function
1850 to use for the module. This is intended for extensions that want control over
1851 the instantiation of their API modules, to allow for proper dependency
1852 injection.
1853 * A new param type 'submodule' is available. Parameters of this type will take
1854 the list of valid values from the module's ApiModuleManager for the group
1855 corresponding to the parameter name.
1856 * The 'APIGetPossibleErrors' and 'APIGetResultProperties' hooks are no longer used.
1857 * API token handling has been rewritten. Any API module using tokens will need
1858 to be updated:
1859 * ApiBase::needsToken now returns a token type instead of boolean true when a
1860 token is needed. Returning true will throw an exception. See documentation
1861 of that method for details.
1862 * Information for the 'token' parameter is automatically set by ApiBase
1863 getFinalParams and getFinalParamDescription.
1864 * ApiBase::getTokenSalt has been removed.
1865 * The hooks APIQueryInfoTokens, APIQueryRevisionsTokens,
1866 APIQueryRecentChangesTokens, APIQueryUsersTokens, and
1867 ApiTokensGetTokenTypes are deprecated, but are still called to support
1868 backwards-compatible token access.
1869 * ApiBase::validateLimit and ApiBase::validateTimestamp are now protected.
1870 * ApiQueryRedirects was removed; prop=redirects is now implemented by
1871 ApiQueryBacklinksProp along with the newly-added prop modules.
1872 * The following methods have been deprecated and may be removed in a future
1873 release:
1874 * ApiBase::getResultProperties
1875 * ApiBase::getFinalResultProperties
1876 * ApiBase::addTokenProperties
1877 * ApiBase::getRequireOnlyOneParameterErrorMessages
1878 * ApiBase::getRequireMaxOneParameterErrorMessages
1879 * ApiBase::getRequireAtLeastOneParameterErrorMessages
1880 * ApiBase::getTitleOrPageIdErrorMessage
1881 * ApiBase::getPossibleErrors
1882 * ApiBase::getFinalPossibleErrors
1883 * ApiBase::parseErrors
1884 * ApiQuery::setGeneratorContinue
1885 * ApiQueryBase::checkRowCount
1886 * ApiQueryBase::titleToKey
1887 * ApiQueryBase::keyToTitle
1888 * ApiQueryBase::keyPartToTitle
1889 * ApiQueryInfo::getTokenFunctions
1890 * ApiQueryInfo::resetTokenCache
1891 * ApiQueryInfo::getEditToken
1892 * ApiQueryInfo::getDeleteToken
1893 * ApiQueryInfo::getProtectToken
1894 * ApiQueryInfo::getMoveToken
1895 * ApiQueryInfo::getBlockToken
1896 * ApiQueryInfo::getUnblockToken
1897 * ApiQueryInfo::getEmailToken
1898 * ApiQueryInfo::getImportToken
1899 * ApiQueryInfo::getWatchToken
1900 * ApiQueryInfo::getOptionsToken
1901 * ApiQueryRecentChanges::getTokenFunctions
1902 * ApiQueryRecentChanges::getPatrolToken
1903 * ApiQueryRevisions::getTokenFunctions
1904 * ApiQueryRevisions::getRollbackToken
1905 * ApiQueryUsers::getTokenFunctions
1906 * ApiQueryUsers::getUserrightsToken
1907 * The following classes have been deprecated and may be removed in a future
1908 release:
1909 * ApiFormatDbg
1910 * ApiFormatDump
1911 * ApiFormatTxt
1912 * ApiFormatWddx
1913 * ApiFormatYaml
1914 * ApiTokens
1915 * The following class constants have been deprecated and may be removed in a
1916 future release:
1917 * ApiBase::PROP_ROOT
1918 * ApiBase::PROP_LIST
1919 * ApiBase::PROP_TYPE
1920 * ApiBase::PROP_NULLABLE
1921
1922 === Languages updated in 1.24 ===
1923
1924 MediaWiki supports over 350 languages. Many localisations are updated
1925 regularly. Below only new and removed languages are listed, as well as
1926 changes to languages because of Bugzilla reports.
1927
1928 === Other changes in 1.24 ===
1929 * The deprecated jquery.delayedBind ResourceLoader module was removed.
1930 * The deprecated function mw.util.toggleToc was removed.
1931 * The Special:Search hooks SpecialSearchGo and SpecialSearchResultsAppend
1932 were removed as they were unused.
1933 * (bug 65477) User::pingLimiter() now has an additional profile point varying
1934 by action being used.
1935 * mediawiki.util.$content no longer supports old versions of the Vector,
1936 Monobook, Modern and CologneBlue skins that don't yet implement the "mw-body"
1937 and/or "mw-body-primary" class name in their html.
1938 * Added pp_sortkey column to page_props table, so pages can be efficiently
1939 queried and sorted by property value (bug 58032).
1940 See $wgPagePropsHaveSortkey if you want to postpone the schema change.
1941 * BREAKING CHANGE: All four built-in MediaWiki skins (Vector, MonoBook, Modern
1942 and Cologne Blue) were moved out of MediaWiki core to their own respective
1943 repositories. They will be installed with the release tarball, but you must
1944 install them separately if installing MediaWiki from source code. A warning
1945 message displayed until you do it should guide you through the process. See
1946 also <https://www.mediawiki.org/wiki/Manual:Skin_configuration>.
1947 * BREAKING CHANGE: Skins built for MediaWiki 1.15 and earlier that do not use
1948 the "headelement" template key are no longer supported. Setting
1949 $useHeadElement = false; is no longer supported and will not cause old keys
1950 like "headlinks", "skinnameclass", etc. to be defined.
1951 * BREAKING CHANGE: The files commonElements.css, commonContent.css and
1952 commonInterface.css (in skins/common/) have been removed. Skins may no longer
1953 rely on their presence and include them in their style modules. ResourceLoader
1954 modules introduced in MediaWiki 1.23 should be loaded instead:
1955 - skins/common/commonElements.css → 'mediawiki.skinning.elements' module
1956 - skins/common/commonContent.css → 'mediawiki.skinning.content' module
1957 - skins/common/commonInterface.css → 'mediawiki.skinning.interface' module
1958 * The deprecated 'SpecialVersionExtensionTypes' hook was removed.
1959 * (bug 63891) Add 'X-Robots-Tag: noindex' header in action=render pages.
1960 * SpecialPage no longer supports the syntax for invoking wfSpecial*() functions.
1961 Special pages should subclass SpecialPage and implement the execute() method.
1962 * (bug 63755) The deprecated constants RC_MOVE and RC_MOVE_OVER_REDIRECT were
1963 removed.
1964 * Special:MostLinkedTemplates has been renamed to Special:MostTranscludedPages.
1965 * The skin autodiscovery mechanism has been deprecated and will be removed in
1966 MediaWiki 1.25. See https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery
1967 for migration guide for creators and users of custom skins that relied on it.
1968 * ResourceLoaderFileModule#getAllStyleFiles now returns all style files and all
1969 skin style files used by the module.
1970 * Removed getLang() from IContextSource and subclasses. (deprecated since 1.19)
1971 * Removed setLang() from subclasses of IContextSource. (deprecated since 1.19)
1972 * Removed WebRequest::escapeAppendQuery(). (deprecated since 1.20)
1973 * Removed info(), purge(), revert() and rollback() from the Article class; they
1974 have since become subclasses of the Action class. (deprecated since 1.19)
1975 * SearchEngineReplacePrefixesComplete hook was removed.
1976 * The "jquery.json" module has been deprecated. Use the "json" module instead.
1977 * Removed HTMLForm::addJS(). (deprecated since 1.18)
1978 * Removed LogEventsList::showHeader(). (deprecated since 1.19)
1979 * Removed ImageGalleryBase::useSkin(). (deprecated since 1.18)
1980 * Removed DatabaseMysqlBase::getLagFromProcesslist(). (deprecated since 1.19)
1981 * Removed LoadBalancer::closeConnecton(). (deprecated since 1.18)
1982 * Removed ApiBase::createContext(). (deprecated since 1.19)
1983 * BREAKING CHANGE: The undocumented Special{$this->getName()}BeforeFormDisplay
1984 set of hooks has been removed and replaced by a single new hook
1985 SpecialPageBeforeFormDisplay.
1986 * (bug 65781) Removed block warning on included {{Special:Contributions}}
1987 * Removed Skin::makeGlobalVariablesScript(). (deprecated since 1.19)
1988 * Removed MWNamespace::isMain(). (deprecated since 1.19)
1989 * Removed Preferences::loadOldSearchNs(). (deprecated since 1.19)
1990 * Removed OutputPage::getStatusMessage(). (deprecated since 1.18)
1991 * Removed OutputPage::isUserJsAllowed(). (deprecated since 1.18)
1992 * Removed Title::updateTitleProtection(). (deprecated since 1.19)
1993 * Removed ParserOptions::setSkin(). (deprecated since 1.19)
1994 * Removed Title::escapeCanonicalURL(). (deprecated since 1.19)
1995 * Removed Title::escapeLocalURL(). (deprecated since 1.19)
1996 * Removed Title::escapeFullURL(). (deprecated since 1.19)
1997 * Removed User::isValidEmailAddr(). (deprecated since 1.18)
1998 * Removed Title::getEscapedText(). (deprecated since 1.19)
1999 * Removed Language::getFallbackLanguageCode(). (deprecated since 1.19)
2000 * Removed WikiPage::isBigDeletion(). (deprecated since 1.19)
2001 * Removed MWInit class which contained functions related to a now discontinued
2002 PHP compiler called hphpc. (deprecated since 1.22)
2003 * ApiResult::enableSizeCheck() and disableSizeCheck() are now obsolete.
2004 * Removed ResourceLoaderGetStartupModules hook. (deprecated since 1.23)
2005 * Removed getFormFields(), onSubmit() and onSuccess() from FormlessAction, as
2006 these were meant specifically for FormAction instead.
2007 * Removed Action::execute().
2008 * Removed AjaxAddScript which has been obsolete since ResourceLoader and
2009 is unused by any modern extension.
2010 * Removed maintenance/nextJobDB.php; no longer in use.
2011 * Removed global function wfViewPrevNext(). (deprecated since 1.19)
2012 * Removed global function xmlsafe() from Export.php. (moved to OAIRepo extension)
2013 * Removed Title::userCanRead(). (deprecated since 1.19)
2014 * Removed maintenance script importTextFile.php. Use edit.php script instead.
2015 * A _from_namespace field has been added to the templatelinks, pagelinks,
2016 and filelinks tables. Run update.php to apply this change to the schema.
2017 * Removed File::sha1Base36(). (deprecated since 1.19)
2018 * Removed File::getPropsFromPath(). (deprecated since 1.19)
2019 * Removed functions blockedPage(), noCreatePermission(), readOnlyPage() and
2020 userNotLoggedInPage() from EditPage.php. (deprecated since 1.19)
2021 * Removed functions getContent(), getPreloadedText(), mergeChangesInto() and
2022 setPreloadedText() from EditPage.php. (deprecated since 1.21)
2023 * Removed global functions wfArrayLookup(), wfArrayMerge(), wfDebugDieBacktrace()
2024 and wfTime(). (deprecated since 1.22)
2025 * Browser support for Internet Explorer 6 and 7 lowered from Grade A to Grade C,
2026 meaning that JavaScript is no longer executed in these browser versions.
2027 * Browser support for Opera 11 lowered from Grade A to Grade C.
2028 * Removed IEFixes module which existed purely to provide support for MSIE versions
2029 below 7 (conditionally loaded only for those browsers).
2030 * Deprecated SpecialPageFactory::getList() in favor of
2031 SpecialPageFactory::getNames()
2032 * Action::checkCanExecute() no longer has a return value.
2033 * Removed cleanupForIRC(), loadFromCurRow(), newFromCurRow(), notifyRC2UDP()
2034 and sendToUDP() from RecentChange.php. (deprecated since 1.22)
2035 * Removed EnhancedChangesList::arrow(), sideArrow(), downArrow(), spacerArrow().
2036 * Removed Xml::namespaceSelector(). (deprecated since 1.19)
2037 * Removed WikiPage::estimateRevisionCount(). (deprecated since 1.19)
2038 * MYSQL: Enum item added to "major MIME type" columns.
2039 Running update.php on MySQL < v5.1 may result in heavy processing.
2040 * RSS and Atom feeds generated by MediaWiki no longer include a fallback
2041 stylesheet. It was ignored by most browsers these days anyway.
2042 * SpecialSearchNoResults hook has been removed. SpecialSearchResults is now
2043 called unconditionally.
2044 * TablePager::getBody() is now 'final' and can't be overridden in subclasses.
2045 * TablePager::getBody() is deprecated, use getBodyOutput() or getFullOutput().
2046 * Added $outputPage parameter to the SkinTemplateGetLanguageLink hook.
2047 * log_page for move log entries store the original page ID, rather than that
2048 of the new redirect page. This is not retroactive.
2049 * LCStoreAccel was removed. $wgLocalisationCacheConf can no longer be set to
2050 use this store class.
2051 * Html::infoBox() no longer accepts paths relative to skins/common/images/.
2052 * Deprecated defunct Skin::getCommonStylePath().
2053 * Some extensions had their ResourceLoader modules depend on the "mediawiki"
2054 and "jquery" modules. In the past, this behavior was undefined, now it will
2055 throw an error.
2056 * Removed BagOStuff::replace(). (deprecated since 1.23)
2057 * In Linker.php, link(), linkText() and makeBrokenImageLinkObj() now display
2058 warnings if their first parameter is not a Title object. Also makeImageLink()
2059 now requires a Parser as its first parameter.
2060 * (bug 67368) LESS functions embed() and embeddable(), added in MediaWiki 1.23
2061 and broken by design, have been removed. Use appropriate LESS mixins instead.
2062 * Removed cssjanus.py from maintenance directory as it was unused.
2063 * Removed maintenance/purgeOldText.inc and the PurgeRedundantText() function
2064 it contained (superseded by Maintenance::purgeRedundantText() in 1.16).
2065 The purgeOldText.php maintenance script has been retained.
2066 * PHPUnit tests can be found by directory discovery, by adding the directory
2067 path from your UnitTestsList callback. Older versions of MediaWiki core will
2068 barf at this usage.
2069
2070 ==== Renamed classes ====
2071 * CLDRPluralRuleConverter_Expression to CLDRPluralRuleConverterExpression
2072 * CLDRPluralRuleConverter_Fragment to CLDRPluralRuleConverterFragment
2073 * CLDRPluralRuleConverter_Operator to CLDRPluralRuleConverterOperator
2074 * CLDRPluralRuleEvaluator_Range to CLDRPluralRuleEvaluatorRange
2075 * CSSJanus_Tokenizer to CSSJanusTokenizer
2076 * MediaWiki_I18N to MediaWikiI18N
2077 * Parser_DiffTest to ParserDiffTest
2078 * RevDel_ArchiveItem to RevDelArchiveItem
2079 * RevDel_ArchiveList to RevDelArchiveList
2080 * RevDel_ArchivedFileItem to RevDelArchivedFileItem
2081 * RevDel_ArchivedFileList to RevDelArchivedFileList
2082 * RevDel_ArchivedRevisionItem to RevDelArchivedRevisionItem
2083 * RevDel_FileItem to RevDelFileItem
2084 * RevDel_FileList to RevDelFileList
2085 * RevDel_Item to RevDelItem
2086 * RevDel_List to RevDelList
2087 * RevDel_LogItem to RevDelLogItem
2088 * RevDel_LogList to RevDelLogList
2089 * RevDel_RevisionItem to RevDelRevisionItem
2090 * RevDel_RevisionList to RevDelRevisionList
2091 * WebInstaller_Complete to WebInstallerComplete
2092 * WebInstaller_Copying to WebInstallerCopying
2093 * WebInstaller_DBConnect to WebInstallerDBConnect
2094 * WebInstaller_DBSettings to WebInstallerDBSettings
2095 * WebInstaller_Document to WebInstallerDocument
2096 * WebInstaller_ExistingWiki to WebInstallerExistingWiki
2097 * WebInstaller_Install to WebInstallerInstall
2098 * WebInstaller_Language to WebInstallerLanguage
2099 * WebInstaller_Name to WebInstallerName
2100 * WebInstaller_Options to WebInstallerOptions
2101 * WebInstaller_Readme to WebInstallerReadme
2102 * WebInstaller_ReleaseNotes to WebInstallerReleaseNotes
2103 * WebInstaller_Restart to WebInstallerRestart
2104 * WebInstaller_Upgrade to WebInstallerUpgrade
2105 * WebInstaller_UpgradeDoc to WebInstallerUpgradeDoc
2106 * WebInstaller_Welcome to WebInstallerWelcome
2107
2108 ==== Removed classes ====
2109 * IPBlockForm - Use SpecialBlock directly
2110 * WatchlistEditor - Use SpecialEditWatchlist directly
2111 * FormatExif - Use FormatMetadata directly
2112 * RevertFileAction - Use RevertAction directly
2113 * HistoryPage - Use HistoryAction directly
2114 * RawPage - Use RawAction directly
2115 * StubContLang - Use Language::factory() instead
2116 * XMLReader2 - Use XMLReader directly
2117 * ResourceLoaderLESSFunctions - No longer in use, not intended for public usage
2118
2119 ==== Removed files ====
2120 The skins/common/ directory, previously containing some assets intended to be
2121 used by skins and a number of legacy styles and scripts, has been removed. Its
2122 contents have been deleted or relocated into the resources/ directory. Full list
2123 of files that are no longer available follows.
2124
2125 * skins/common/ajax.js
2126 * skins/common/commonContent.css
2127 * skins/common/commonElements.css
2128 * skins/common/commonInterface.css
2129 * skins/common/commonPrint.css
2130 * skins/common/config-cc.css
2131 * skins/common/config.css
2132 * skins/common/config.js
2133 * skins/common/feed.css
2134 * skins/common/IEFixes.js
2135 * skins/common/oldshared.css
2136 * skins/common/protect.js
2137 * skins/common/shared.css
2138 * skins/common/upload.js
2139 * skins/common/wikibits.js
2140 * skins/common/images/add.png
2141 * skins/common/images/ajax-loader.gif
2142 * skins/common/images/arrow_disabled_first_25.png
2143 * skins/common/images/arrow_disabled_last_25.png
2144 * skins/common/images/arrow_disabled_left_25.png
2145 * skins/common/images/arrow_disabled_right_25.png
2146 * skins/common/images/arrow_first_25.png
2147 * skins/common/images/arrow_last_25.png
2148 * skins/common/images/arrow_left_25.png
2149 * skins/common/images/arrow_right_25.png
2150 * skins/common/images/Arr_.png
2151 * skins/common/images/Arr_d.png
2152 * skins/common/images/Arr_l.png
2153 * skins/common/images/Arr_r.png
2154 * skins/common/images/Arr_u.png
2155 * skins/common/images/bullet.gif
2156 * skins/common/images/button_bold.png
2157 * skins/common/images/button_extlink.png
2158 * skins/common/images/button_headline.png
2159 * skins/common/images/button_hr.png
2160 * skins/common/images/button_image.png
2161 * skins/common/images/button_italic.png
2162 * skins/common/images/button_link.png
2163 * skins/common/images/button_media.png
2164 * skins/common/images/button_nowiki.png
2165 * skins/common/images/button_sig.png
2166 * skins/common/images/button_template.png
2167 * skins/common/images/cc-0.png
2168 * skins/common/images/cc-by-nc-sa.png
2169 * skins/common/images/cc-by-sa.png
2170 * skins/common/images/cc-by.png
2171 * skins/common/images/Checker-16x16.png
2172 * skins/common/images/closewindow.png
2173 * skins/common/images/closewindow19x19.png
2174 * skins/common/images/critical-32.png
2175 * skins/common/images/diffunderline.gif
2176 * skins/common/images/download-32.png
2177 * skins/common/images/feed-icon.png
2178 * skins/common/images/feed-icon.svg
2179 * skins/common/images/gnu-fdl.png
2180 * skins/common/images/help-question-hover.gif
2181 * skins/common/images/help-question.gif
2182 * skins/common/images/info-32.png
2183 * skins/common/images/link_icon.gif
2184 * skins/common/images/magnify-clip-rtl.png
2185 * skins/common/images/magnify-clip.png
2186 * skins/common/images/mediawiki.png
2187 * skins/common/images/nextredirectltr.png
2188 * skins/common/images/nextredirectrtl.png
2189 * skins/common/images/poweredby_mediawiki_88x31.png
2190 * skins/common/images/public-domain.png
2191 * skins/common/images/question-small.png
2192 * skins/common/images/question.svg
2193 * skins/common/images/redirectltr.png
2194 * skins/common/images/redirectrtl.png
2195 * skins/common/images/remove.png
2196 * skins/common/images/spinner.gif
2197 * skins/common/images/tick-32.png
2198 * skins/common/images/tipsy-arrow.gif
2199 * skins/common/images/tooltip_icon.png
2200 * skins/common/images/warning-32.png
2201 * skins/common/images/wiki.png
2202 * skins/common/images/Zoom_sans.gif
2203 * skins/common/images/ar/button_bold.png
2204 * skins/common/images/ar/button_headline.png
2205 * skins/common/images/ar/button_italic.png
2206 * skins/common/images/ar/button_link.png
2207 * skins/common/images/ar/button_nowiki.png
2208 * skins/common/images/be-tarask/button_bold.png
2209 * skins/common/images/be-tarask/button_italic.png
2210 * skins/common/images/be-tarask/button_link.png
2211 * skins/common/images/cyrl/button_bold.png
2212 * skins/common/images/cyrl/button_italic.png
2213 * skins/common/images/cyrl/button_link.png
2214 * skins/common/images/de/button_bold.png
2215 * skins/common/images/de/button_italic.png
2216 * skins/common/images/fa/button_bold.png
2217 * skins/common/images/fa/button_headline.png
2218 * skins/common/images/fa/button_italic.png
2219 * skins/common/images/fa/button_link.png
2220 * skins/common/images/fa/button_nowiki.png
2221 * skins/common/images/icons/fileicon-c.png
2222 * skins/common/images/icons/fileicon-cpp.png
2223 * skins/common/images/icons/fileicon-deb.png
2224 * skins/common/images/icons/fileicon-djvu.png
2225 * skins/common/images/icons/fileicon-djvu.xcf
2226 * skins/common/images/icons/fileicon-dvi.png
2227 * skins/common/images/icons/fileicon-exe.png
2228 * skins/common/images/icons/fileicon-h.png
2229 * skins/common/images/icons/fileicon-html.png
2230 * skins/common/images/icons/fileicon-iso.png
2231 * skins/common/images/icons/fileicon-java.png
2232 * skins/common/images/icons/fileicon-mid.png
2233 * skins/common/images/icons/fileicon-mov.png
2234 * skins/common/images/icons/fileicon-o.png
2235 * skins/common/images/icons/fileicon-ogg.png
2236 * skins/common/images/icons/fileicon-ogg.xcf
2237 * skins/common/images/icons/fileicon-pdf.png
2238 * skins/common/images/icons/fileicon-ps.png
2239 * skins/common/images/icons/fileicon-psd.png
2240 * skins/common/images/icons/fileicon-rm.png
2241 * skins/common/images/icons/fileicon-rpm.png
2242 * skins/common/images/icons/fileicon-svg.png
2243 * skins/common/images/icons/fileicon-tar.png
2244 * skins/common/images/icons/fileicon-tex.png
2245 * skins/common/images/icons/fileicon-ttf.png
2246 * skins/common/images/icons/fileicon-txt.png
2247 * skins/common/images/icons/fileicon.png
2248 * skins/common/images/ksh/button_S_italic.png
2249
2250 = MediaWiki 1.23 =
2251
2252 == MediaWiki 1.23.13 ==
2253
2254 This is a maintenance release of the MediaWiki 1.23 branch.
2255
2256 === Changes since 1.23.12 ===
2257 * (T121892) Fix fatal errors on some Special pages, introduced in 1.23.12.
2258
2259 == MediaWiki 1.23.12 ==
2260
2261 This is a security and maintenance release of the MediaWiki 1.23 branch.
2262
2263 === Changes since 1.23.11 ===
2264 * (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths
2265 that do not begin with a slash. This enabled trivial XSS attacks.
2266 Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are
2267 "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an
2268 error.
2269 * (T119309) SECURITY: Use hash_compare() for edit token comparison
2270 * (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting
2271 with '@' as file uploads
2272 * (T115522) SECURITY: Passwords generated by User::randomPassword() can no
2273 longer be shorter than $wgMinimalPasswordLength
2274 * (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could
2275 result in improper blocks being issued
2276 * (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions
2277 and related pages no longer use HTTP redirects and are now redirected by
2278 MediaWiki
2279
2280 == MediaWiki 1.23.11 ==
2281
2282 This is a security and maintenance release of the MediaWiki 1.23 branch.
2283
2284 === Changes since 1.23.10 ===
2285
2286 * (T91850) SECURITY: Add throttle check in ApiUpload and SpecialUpload
2287 * (T91203, T91205) SECURITY: API: Improve validation in chunked uploading
2288 * (T108616) SECURITY: Avoid exposure of local path in PNG thumbnails
2289
2290 == MediaWiki 1.23.10 ==
2291
2292 This is a security and maintenance release of the MediaWiki 1.23 branch.
2293
2294 === Changes since 1.23.9 ===
2295
2296 * (T94116) SECURITY: Compare API watchlist token in constant time
2297 * (T97391) SECURITY: Escape error message strings in thumb.php
2298 * (T106893) SECURITY: Don't leak autoblocked IP addresses on
2299 Special:DeletedContributions
2300 * (bug 67644) Make AutoLoaderTest handle namespaces
2301 * (T91653) Minimal PSR-3 debug logger to support backports from 1.25+.
2302 * (T102562) Fix InstantCommons parameters to handle the new HTTPS-only
2303 policy of Wikimedia Commons.
2304
2305 == MediaWiki 1.23.9 ==
2306
2307 This is a security and maintenance release of the MediaWiki 1.23 branch.
2308
2309 === Changes since 1.23.8 ===
2310
2311 * (T85848, T71210) SECURITY: Don't parse XMP blocks that contain XML entities,
2312 to prevent various DoS attacks.
2313 * (T85848) SECURITY: Don't allow directly calling Xml::isWellFormed, to reduce
2314 likelihood of DoS.
2315 * (T88310) SECURITY: Always expand xml entities when checking SVG's.
2316 * (T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS.
2317 * (T85855) SECURITY: Don't execute another user's CSS or JS on preview.
2318 * (T85349, T85850, T86711) SECURITY: Multiple issues fixed in SVG filtering to
2319 prevent XSS and protect viewer's privacy.
2320 * (bug T68650) Fix indexing of moved pages with PostgreSQL. Requires running
2321 update.php to fix.
2322 * (bug T70087) Fix Special:ActiveUsers page for installations using
2323 PostgreSQL.
2324
2325 == MediaWiki 1.23.8 ==
2326
2327 This is a security and maintenance release of the MediaWiki 1.23 branch.
2328
2329 === Changes since 1.23.7 ===
2330
2331 * (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which
2332 could lead to xss. Permission to edit MediaWiki namespace is required to
2333 exploit this.
2334 * (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in
2335 $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as
2336 part of its name.
2337 * (bug T74222) The original patch for T74222 was reverted as unnecessary.
2338
2339 == MediaWiki 1.23.7 ==
2340
2341 This is a security and maintenance release of the MediaWiki 1.23 branch.
2342
2343 === Changes since 1.23.6 ===
2344
2345 * (bugs 66776, 71478) SECURITY: User PleaseStand reported a way to inject code
2346 into API clients that used format=php to process pages that underwent flash
2347 policy mangling. This was fixed along with improving how the mangling was done
2348 for format=json, and allowing sites to disable the mangling using
2349 $wgMangleFlashPolicy.
2350 * (bug 70901) SECURITY: User Jackmcbarn reported that the ability to update
2351 the content model for a page could allow an unprivileged attacker to edit
2352 another user's common.js under certain circumstances. The user right
2353 "editcontentmodel" was added, and is needed to change a revision's content
2354 model.
2355 * (bug 71111) SECURITY: User PleaseStand reported that on wikis that allow raw
2356 HTML, it is not safe to preview wikitext coming from an untrusted source such
2357 as a cross-site request. Thus add an edit token to the form, and when raw HTML
2358 is allowed, ensure the token is provided before showing the preview. This
2359 check is not performed on wikis that both allow raw HTML and anonymous
2360 editing, since there are easier ways to exploit that scenario.
2361 * (bug 72222) SECURITY: Do not show log action when the entry is revdeleted with
2362 DELETED_ACTION. NOTICE: this may be reverted in a future release pending a
2363 public RFC about the desired functionality. This issue was reported by user
2364 Bawolff.
2365 * (bug 71621) Make allowing site-wide styles on restricted special pages a
2366 config option.
2367 * (bug 42723) Added updated version history from 1.19.2 to 1.22.13
2368 * $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that
2369 might be a flash policy directive configurable.
2370
2371 == MediaWiki 1.23.6 ==
2372
2373 This is a maintenance release of the MediaWiki 1.23 branch.
2374
2375 === Changes since 1.23.5 ===
2376 * (Bug 72274) Job queue not running (HTTP 411) due to missing
2377 Content-Length: header
2378 * (Bug 67440) Allow classes to be registered properly from installer
2379
2380 == MediaWiki 1.23.5 ==
2381
2382 This is a security release of the MediaWiki 1.23 branch.
2383
2384 === Changes since 1.23.4 ===
2385 * (bug 70672) SECURITY: OutputPage: Remove separation of css and js module
2386 allowance.
2387
2388 == MediaWiki 1.23.4 ==
2389
2390 This is a security and maintenance release of the MediaWiki 1.23 branch.
2391
2392 === Changes since 1.23.3 ===
2393
2394 * (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style>
2395 elements; normalize style elements and attributes before filtering; add
2396 checks for attributes that contain css; add unit tests for html5sec and
2397 reported bugs.
2398 * (bug 65998) Make MySQLi work with non-standard socket.
2399 * (bug 66986) GlobalVarConfig shouldn't throw exceptions for null-valued config
2400 settings.
2401
2402 == MediaWiki 1.23.3 ==
2403
2404 This is a maintenance release of the MediaWiki 1.23 branch.
2405
2406 === Changes since 1.23.2 ===
2407
2408 * (bug 68501) Correctly handle incorrect namespace in cleanupTitles.php.
2409 * (bug 64970) Fix support for blobs on DatabaseOracle::update.
2410 * (bug 66574) Display MediaWiki:Loginprompt on the login page.
2411 * (bug 67870) wfShellExec() cuts off stdout at multiples of 8192 bytes.
2412 * (bug 60629) Handle invalid language code gracefully in
2413 Language::fetchLanguageNames.
2414 * (bug 62017) Restore the number of rows shown on Special:Watchlist.
2415 * Check for boolean false result from database query in SqlBagOStuff.
2416
2417 == MediaWiki 1.23.2 ==
2418
2419 This is a security and maintenance release of the MediaWiki 1.23 branch.
2420
2421 === Changes since 1.23.1 ===
2422
2423 * (bug 68187) SECURITY: Prepend jsonp callback with comment.
2424 * (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used
2425 for loading a new page in Javascript,instead of relying on the URL in the link
2426 that has been clicked.
2427 * (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and
2428 ParserOutput.
2429 * (bug 68313) Preferences: Turn stubthreshold back into a combo box.
2430 * (bug 65214) Fix initSiteStats.php maintenance script.
2431 * (bug 67594) Special:ActiveUsers: Fix to work with PostgreSQL.
2432
2433 == MediaWiki 1.23.1 ==
2434
2435 This is a security and maintenance release of the MediaWiki 1.23 branch.
2436
2437 === Changes since 1.23.0 ===
2438
2439 * (bug 65839) SECURITY: Prevent external resources in SVG files.
2440 * (bug 67025) Special:Watchlist: Don't try to render empty row.
2441 * (bug 66922) Don't allow some E_NOTICE messages to end up in the LocalSettings.php.
2442 * (bug 66467) FileBackend: Avoid using popen() when "parallelize" is disabled.
2443 * (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects
2444 like only extracting the tail of the file partially or not at all.
2445 * (bug 66182) Removed -x flag on some php files.
2446
2447 == MediaWiki 1.23.0 ==
2448
2449 === Configuration changes in 1.23 ===
2450 * (bug 13250) Restored method for clearing a watchlist in web UI
2451 so that users with large watchlists don't have to perform
2452 contortions to clear them.
2453 * When $wgJobRunRate is higher than zero, jobs are now executed via an
2454 asynchronous HTTP request to a MediaWiki entry point. This may require
2455 increasing the number of server worker threads. $wgRunJobsAsync has been
2456 added to disable this feature if needed, falling back to executing the job
2457 on the same process but making the execution synchronously.
2458 * $wgDebugLogGroups values may be set to an associative array with a
2459 'destination' key specifying the log destination. The array may also contain
2460 a 'sample' key with a positive integer value N indicating that the log group
2461 should be sampled by dispatching one in every N messages on average. The
2462 sampling is random.
2463 * In addition to the current exception log format, MediaWiki now serializes
2464 exception metadata to JSON and logs it to the 'exception-json' log group.
2465 This makes MediaWiki easier to integrate with log aggregation and analysis
2466 tools.
2467 * $wgSquidServersNoPurge now supports the use of Classless Inter-Domain
2468 Routing (CIDR) notation to specify contiguous blocks of IPv4 and/or IPv6
2469 addresses that should be trusted to provide X-Forwarded-For headers.
2470 * Preferences 'watchcreations', 'watchdefault', 'enotifwatchlistpages' ("Add
2471 pages I create and files I upload to my watchlist", "Add pages and files I
2472 edit to my watchlist", "Email me when a page or file on my watchlist is
2473 changed") are now enabled by default. In addition new user accounts' personal
2474 and talk pages are now watched by them by default.
2475 * $wgLBFactoryConf: Class names have had underscores removed. The configuration
2476 should be updated if LBFactory_Simple or LBFactory_Multi is configured.
2477 * $wgPasswordSenderName has been removed and is no longer functional. To set a
2478 custom mailer name, the system message 'emailsender' should be modified
2479 (default: "{{SITENAME}}").
2480 * (bug 63269) Email notifications were not correctly handling the
2481 [[MediaWiki:Helppage]] message being set to a full URL (the default).
2482 If you customized [[MediaWiki:Enotif body]] (the text of email notifications),
2483 you'll need to edit it locally to include the URL via the new variable
2484 $HELPPAGE instead of the parser functions fullurl and canonicalurl; otherwise
2485 you don't have to do anything.
2486 * $wgDBAhandler was removed as the only class using it was also removed
2487 * The 'max threads' setting was removed from $wgDBservers.
2488 * Support for AdminSettings.php has been completely removed. All configuration
2489 belongs in LocalSettings.php.
2490 * $wgSkipSkin, which has been replaceable by $wgSkipSkins since 2005 (r9249), is
2491 now formally deprecated.
2492 * Removed deprecated $wgDisabledActions as it is hardly used anywhere.
2493 * $wgRateLimitLog has been deprecated and replaced by
2494 $wgDebugLogGroup['ratelimit'].
2495 * $wgLocalInterwikis is an array containing multiple local interwiki prefixes
2496 (interwiki prefixes that point back to the current wiki). This effectively
2497 allows more than one value of $wgLocalInterwiki to be specified and
2498 understood by the parser. The value of $wgLocalInterwiki is automatically
2499 prepended to the start of this array.
2500 * $wgQueryPages has been removed. Query Pages should be added to by using the
2501 wgQueryPages hook.
2502 * $wgHttpOnlyBlacklist has been removed.
2503 * $wgLicenseTerms has been removed as it was unused.
2504 * $wgProfileOnly is now deprecated; set the log file in
2505 $wgDebugLogGroups['profileoutput'] to replace it.
2506 * $wgMaxBacklinksInvalidate was removed; use $wgJobBackoffThrottling instead
2507 * Deprecated ResourceLoaderGetStartupModules hook.
2508
2509 === New features in 1.23 ===
2510 * ResourceLoader can utilize the Web Storage API to cache modules client-side.
2511 Compared to the browser cache, caching in Web Storage allows ResourceLoader
2512 to be more granular about evicting stale modules from the cache while
2513 retaining the ability to retrieve multiple modules in a single HTTP request.
2514 This capability can be enabled by setting $wgResourceLoaderStorageEnabled to
2515 true. This feature is currently considered experimental and should only be
2516 enabled with care.
2517 * (bug 6092) Add expensive parser functions {{REVISIONID:}}, {{REVISIONUSER:}}
2518 and {{REVISIONTIMESTAMP:}} (with friends).
2519 * Add "wgRelevantUserName" to mw.config containing the current
2520 Skin::getRelevantUser value.
2521 * (bug 56033) Add content model to the page information.
2522 * Added Article::MissingArticleConditions hook to give extensions a chance to
2523 hide their (unrelated) log entries.
2524 * Added LonelyPagesQuery hook to let extensions modify the query used to
2525 generate Special:LonelyPages.
2526 * Added $wgOpenSearchDefaultLimit defining the default number of entries to show
2527 on action=opensearch API call.
2528 * For namespaces with $wgNamespaceProtection (including the MediaWiki
2529 namespace), the "protect" tab will be shown only if there are restriction
2530 levels available that would restrict editing beyond what
2531 $wgNamespaceProtection already applies. The protection form will offer only
2532 those protection levels.
2533 * Added $wgAPIFormatModules, allowing extensions to add additional output
2534 formatting modules for the API.
2535 * (bug 47812) The MediaWiki:Group-user.{css,js} pages can now be used to add
2536 custom CSS or JavaScript enabled only for registered users.
2537 * (bug 52005) Special pages RecentChanges, RecentChangesLinked and Watchlist
2538 now include a legend describing the symbols used in lists of changes.
2539 * Improved the accessibility of the tabs in Special:Preferences.
2540 * Added ApiBeforeMain hook, roughly equivalent to the BeforeInitialize hook:
2541 it's called after everything is set up but before any major processing
2542 happens.
2543 * The jquery.client module now performs a component-wise version comparison in
2544 its #test method when strings are used in the browser map: version '1.10' is
2545 now correctly considered larger than '1.2'. Using numbers in the version map
2546 is not affected.
2547 * All API modules now support an assert parameter, which can either be
2548 'user' or 'bot'. The API will throw an error if the user is not logged
2549 in (user) or does not have the 'bot' userright (bot). Based off of the
2550 AssertEdit extension by Steve Sanbeg.
2551 * [[Special:Diff]] was added, allowing users to create internal links to
2552 revision comparison pages using syntax such as [[Special:Diff/12345]],
2553 [[Special:Diff/12345/prev]] or [[Special:Diff/12345/98765]].
2554 * New user accounts' personal and talk pages are now watched by them by default.
2555 * Added SkinTemplateGetLanguageLink hook to allow changing the html of language
2556 links.
2557 * Added MessageCache::get hook as a new way to customize messages across
2558 multiple sites.
2559 * Added jquery.throttle-debounce ResourceLoader module to limit the number of
2560 callbacks for frequently occurring events.
2561 * Special:ProtectedPages shows now a table. The timestamp, the reason and
2562 the protecting user are also shown.
2563 * Added experimental support for using Microsoft SQL Server as the database
2564 backend.
2565 ** Added new Microsoft SQL Server-specific configuration variable
2566 $wgDBWindowsAuthentication, which makes the web server authenticate against
2567 the database server using Integrated Windows Authentication instead of
2568 $wgDBuser/$wgDBpassword.
2569 * HTMLForm 'select', 'selectandother', 'selectorother', 'multiselect', and
2570 'radio' fields can now use message keys as labels via the 'options-messages'
2571 parameter, which overrides the 'options' parameter.
2572 * Admins can expire users passwords manually, or on a schedule using the
2573 $wgPasswordExpirationDays configuration setting.
2574 * Add new hook SendWatchlistEmailNotification, this will be used to determine
2575 whether to send a watchlist email notification.
2576 * (bug 42026) Special:Contributions now includes an option to filter page
2577 creations, similar to the topOnly option.
2578 * Add mediawiki.ui.button styling to all pages so wiki content can use styled
2579 buttons.
2580 * Special:UserLogin/signup now does AJAX checks for invalid and taken usernames,
2581 displaying the error live.
2582 * Added BaseTemplateAfterPortlet hook to allow injecting html after portlets in skins.
2583 * Support has been added for a JSON based localisation file format. The
2584 installer has been updated to use it.
2585 * Changes to content typography (colors, line-height etc.). See
2586 https://www.mediawiki.org/wiki/Typography_refresh for further information.
2587 * The Vector skin's visual treatment of external links has been simplified to a
2588 single icon (from nine). This should not affect local rules unless they were
2589 re-using these icons, which have now been deleted.
2590 * ResourceLoader: mw.loader.using() now implements a Promise interface.
2591 * Add new hook ChangesListInitRows accessed via ChangesList::initChangesListRows.
2592 If called by the ChangesList consumer this gives extensions a chance to batch
2593 process the result set prior to rendering.
2594 * A PoolCounterRedis class was added which can be make use of in $wgPoolCounterConf.
2595 This requires at least one Redis 2.6+ server.
2596 * $wgProfileToDatabase was removed. Set $wgProfiler to ProfilerSimpleDB
2597 in StartProfiler.php instead of using this.
2598 * (bug 63444) Made it possible to change the indent string (default: 4 spaces)
2599 used by FormatJson::encode().
2600
2601 === Bug fixes in 1.23 ===
2602 * (bug 41759) The "updated since last visit" markers (on history pages, recent
2603 changes and watchlist) and the talk page message indicator are now correctly
2604 updated when the user is viewing old revisions of pages, instead of always
2605 acting as if the latest revision was being viewed.
2606 * (bug 56443) Special:ConfirmEmail no longer shows a "Mail a confirmation code"
2607 when the email address is already confirmed. Also, consistently use
2608 "confirmed", rather than "authenticated", when messaging whether or not the
2609 user has confirmed an email address.
2610 * (bug 19415) action=render no longer shows section edit links. This affects
2611 behavior of several other features where (bogus) section edit links will
2612 disappear, such as file description pages loaded via $wgUseInstantCommons or
2613 pages transcluded cross-wiki via $wgEnableScaryTranscluding.
2614 * (bug 56912) Show correct link color on cached result of Special:DeadendPages.
2615 * Classes TitleListDependency and TitleDependency have been removed, as they
2616 have been found unused in core and extensions for a long time.
2617 * (bug 57098) SpecialPasswordReset now obeys returnto parameter
2618 * (bug 37812) ResourceLoader will notice when a module's definition changes and
2619 recompile it accordingly.
2620 * (bug 57201) SpecialRecentChangesFilters hook is now executed for feeds.
2621 * (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages
2622 to appear blank or with missing text.
2623 * (bug 56931) Updated the plural rules to CLDR 24. They are in new format
2624 which is detailed in UTS 35 Rev 33. The PHP parser and evaluator as well as
2625 the JavaScript evaluator were updated to support the new format. Plural rules
2626 for some languages have changed, most notably Russian. Affected software
2627 messages have been updated and marked for review at translatewiki.net.
2628 * (bug 23542) imagelinks now stores both the redirect and target (as
2629 templatelinks does).
2630 * (bug 58167) The web installer no longer throws an exception when PHP is
2631 compiled without support for MySQL yet with support for another DBMS.
2632 * (bug 56199) Raw option of parser functions must now match complete word,
2633 to take effect.
2634 * (bug 60543) Special:PrefixIndex forgot stripprefix=1 for "Next page" link
2635 * (bug 29762) Undoing an already-undone edit will now display an appropriate
2636 message instead of leading the user to make a null edit.
2637 * (bug 52659) mediawiki.notification: Notification area remained visible when
2638 empty and thus was stealing pointer events from links on the page.
2639 * (bug 26811) When a DBUnexpectedError occurs, DB server hostnames are now
2640 hidden unless $wgShowExceptionDetails is true, and $wgShowDBErrorBacktrace
2641 no longer applies in such cases.
2642 * (bug 60960) Avoid doing file_exist() checks on data: URIs, as they cause
2643 warnings to be printed on Windows due to large path length.
2644 * (bug 48084) Fixed a bug in the installer that could cause $wgLogo to hold
2645 the wrong path to the placeholder logo (skins/common/images/wiki.png).
2646 * (bug 64289) jquery.textSelection: Don't throw errors on empty collections.
2647
2648 === Web API changes in 1.23 ===
2649 * (bug 54884) action=parse&prop=categories now indicates hidden and missing
2650 categories.
2651 * action=query&meta=filerepoinfo now returns additional information for each
2652 repo.
2653 * action=parse&prop=languageshtml was deprecated in 1.18 and will be removed in
2654 MediaWiki 1.24.
2655 * action=parse now has disabletoc flag to disable table of contents in output.
2656 * (bug 25702) list=allcategories, list=allimages, list=alllinks, list=allpages,
2657 list=deletedrevs and list=filearchive did not handle case-sensitivity
2658 properly for all parameters.
2659 * ApiQueryBase::titlePartToKey allows an extra parameter that indicates the
2660 namespace in order to properly capitalize the title part.
2661 * (bug 57874) action=feedcontributions no longer has one item more than limit.
2662 * All API modules now support an assert parameter. See the new features section
2663 for more details.
2664 * Added prop=contributors to fetch the list of contributors to the page.
2665 * The following API modules will now return entries where fields have been
2666 revision-deleted: list=deletedrevs, list=filearchive, list=recentchanges,
2667 list=watchlist. "hidden" indicators will be included, in the same style as is
2668 already done for prop=revisions.
2669 * The following API modules will now return the content of revision-deleted
2670 fields, in addition to the "hidden" indicators, if the querying user has the
2671 necessary rights: list=logevents, list=usercontribs, prop=imageinfo,
2672 prop=revisions.
2673 * The above modules, where applicable, will now return entries filtered by
2674 revision-deleted fields if the querying user has the necessary rights. For
2675 example, prop=revisions with rvuser or rvexcludeuser will no longer skip
2676 revisions where the user was revision-deleted if the current user has the
2677 deletedhistory right.
2678 * The 'hideuser' right, used when blocking, is no longer necessary or
2679 sufficient for seeing contributions with revision-deleted in
2680 list=usercontribs.
2681 * list=watchlist now uses the querying user's rights rather than the wlowner's
2682 rights when checking whether wlprop=patrol is allowed.
2683 * (bug 32151) ApiWatch now has pageset capabilities (titles/pageids/generators).
2684 Title parameter is now deprecated.
2685 * (bug 23005) Added action=revisiondelete.
2686 * Added siprop=restrictions to API action=query&meta=siteinfo for querying
2687 possible page restriction (protection) levels and types.
2688 * Added prop 'limitreportdata' and 'limitreporthtml' to action=parse.
2689 * (bug 58627) Provide language names on action=parse&prop=langlinks.
2690 * Deprecated llurl= in favour of llprop=url for action=query&prop=langlinks.
2691 * Added llprop=langname and llprop=autonym for action=query&prop=langlinks.
2692 * prop=redirects is added, to return redirects to the pages in the query.
2693 * list=allredirects is added, to list all redirects pointing to a namespace.
2694 * (bug 42026) Added ucshow={new,!new,top,!top} to list=usercontribs.
2695 Also added newonly to action=feedcontributions.
2696 * (bug 42026) Deprecated uctoponly in favor of ucshow=top.
2697 * list=search no longer has a "srredirects" parameter. Redirects are now
2698 included in all searches.
2699 * Added list=prefixsearch that works like action=opensearch but can be used as
2700 a generator.
2701 * (bug 24782) Various modules will now use unique continuation parameters.
2702 * (bug 63249) Cache RecentChanges Atom feed in varnish for 15 seconds.
2703
2704 === Languages updated in 1.23 ===
2705
2706 MediaWiki supports over 350 languages. Many localisations are updated
2707 regularly. Below only new and removed languages are listed, as well as
2708 changes to languages because of Bugzilla reports.
2709
2710 * Support was added for Algerian Spoken Arabic (arq).
2711 * Support was added for Riograndenser Hunsrückisch (hrx).
2712 * Support was added for Northern Luri (lrc).
2713
2714 === Other changes in 1.23 ===
2715 * The rc_type field in the recentchanges table has been superseded by a new
2716 rc_source field. The rc_source field is a string representation of the
2717 change type where rc_type was a numeric constant. This field is not yet
2718 queried but will be in a future release.
2719 ** Utilize update.php to create and populate this new field. On larger wikis
2720 which do not wish to update recentchanges table in one large update please
2721 review the SQL and comments in maintenance/archives/patch-rc_source.sql.
2722 ** The rc_type field of recentchanges will be deprecated in a future release.
2723 * The global variable $wgArticle has been removed after a lengthy deprecation.
2724 * The global functions addButton and insertTags (for mw.toolbar.addButton and
2725 mw.toolbar.insertTags) now emits mw.log.warn when accessed.
2726 * The ExpandTemplates extension has been moved into MediaWiki core.
2727 * (bug 52812) Removed "Disable search suggestions" from Preference.
2728 * (bug 52809) Removed "Disable browser page caching" from Preference.
2729 * Three new modules intended for use by custom skins were added:
2730 'mediawiki.skinning.elements', 'mediawiki.skinning.content', and
2731 'mediawiki.skinning.interface', representing three levels of standard
2732 MediaWiki styling. Previously skin creators wishing to use them had to refer
2733 to the file names of appropriate files directly, which is now discouraged.
2734 * The modules 'skins.vector' and 'skins.monobook' have been renamed to
2735 'skins.vector.styles' and 'skins.monobook.styles', respectively,
2736 and their definition was changed not to include the common*.css files;
2737 the two skins now load the 'mediawiki.skinning.interface' module instead.
2738 * A page_links_updated field has been added to the page table.
2739 * SpecialPage::getTitle has been deprecated in favor of
2740 SpecialPage::getPageTitle.
2741 * BREAKING CHANGE: Two potentially backwards-incompatible changes have been made
2742 to the 'SpecialWatchlistQuery' hook's last parameter (array $values) to make
2743 the hook more consistent with the 'SpecialRecentChangesQuery' one:
2744 ** Several array keys have been renamed: hideMinor → hideminor,
2745 hideBots → hidebots, hideAnons → hideanons, hideLiu → hideliu,
2746 hidePatrolled → hidepatrolled, hideOwn → hidemyself.
2747 ** The parameter value is now a FormOptions object, not a plain array (array
2748 access operators should continue to work, as it implements the ArrayAccess
2749 interface).
2750 * Option to mark hooks as deprecated has been added.
2751 * (bug 52811) Preference "Enable section editing via [edit] links" was removed.
2752 * (bug 52813) Preference "Show table of contents (for pages with more than
2753 3 headings)" was removed.
2754 * (bug 52810) Preference "Justify paragraphs" was removed.
2755 * OutputPage::showErrorPage raises a notice if arguments are incoherent.
2756 * Thumbnails that keep failing to render in thumb.php will be rate-limited
2757 against further render attempts for 1 hour. $wgAttemptFailureEpoch can be
2758 altered to reset all rate-limited thumbnails at once.
2759 * (bug 56572) Builds of the OOjs and OOjs UI libraries are now available.
2760 * mw.loader.go and mw.loader.version have been removed.
2761 * (bug 52815) Preference "Enable simplified search bar (Vector skin only)"
2762 was removed.
2763 * A user_password_expires column has been added to the user table. The User
2764 object expects this column to exist. Use update.php to create this new field.
2765 * The jquery.delayedBind ResourceLoader module was deprecated in favor of the
2766 jquery.throttle-debounce module. It will be removed in MediaWiki 1.24.
2767 * mw.user.bucket has been deprecated.
2768 * On Special:PrefixIndex, a table#mw-prefixindex-list-table was changed to
2769 table.mw-prefixindex-list-table to avoid duplicate ids when the special page
2770 is transcluded.
2771 * (bug 62198) window.$j has been deprecated.
2772 * Preference "Disable link title conversion" was removed.
2773 * SpecialRecentChanges no longer includes any functionality for generating feeds
2774 - it has been factored out to ApiFeedRecentChanges. Old URLs redirect to new
2775 ones.
2776 * RecentChange::mExtra['lang'] is no longer set and should no longer be used.
2777 Extensions should read from other configuration variables, including
2778 $wgLocalInterwikis, to identify the current wiki.
2779 * Sections in the parser test framework have been renamed and the old
2780 section names are deprecated. Please use "!!wikitext" and "!!html"
2781 (or "!!html/php") instead of "!!input" and "!!result". This allows
2782 us to extend parser tests to accommodate additional input/output
2783 pairs, such as "!!html/parsoid" (for the output of the Parsoid
2784 parser, where it differs from the PHP parser).
2785 * Special:Search no longer has an "include redirects" option on the advanced
2786 tab. Redirects are now included in all searches.
2787 * mediawiki.api.category's getCategories() 'async' parameter was deprecated.
2788 * The locations of resources have been split between upstream libraries, now in
2789 resources/lib/, local libaries in resources/src/, and local forks of upstream
2790 libraries, also in resources/src/.
2791 * BREAKING CHANGE: The automatically-generated function closure with which
2792 ResourceLoader wraps all modules' JavaScript code now binds the identifier
2793 names 'jQuery' and '$' to the jQuery object of the version of jQuery that is
2794 bundled with MediaWiki. If you bind these names to other objects in global
2795 scope (like Zepto.js or document.querySelectorAll, for example) you will need
2796 to use different names to or re-bind them at the top of each
2797 ResourceLoader-loaded module.
2798 * (bug 52342) Preference "Remember my login" was removed.
2799 * The skin autodiscovery mechanism has been deprecated and will be removed in
2800 MediaWiki 1.25. See https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery
2801 for migration guide for creators and users of custom skins that relied on it.
2802
2803 ==== Removed classes ====
2804 * FakeMemCachedClient (deprecated in 1.18)
2805 * RdfMetaData (unused)
2806 * TitleDependency (unused)
2807 * TitleListDependency (unused)
2808 * WikiError (deprecated in 1.17)
2809 * WikiXmlError (deprecated in 1.17)
2810 * WikiErrorMsg (deprecated in 1.17)
2811
2812 ==== Renamed classes ====
2813 * CdbReader_DBA to CdbReaderDBA
2814 * CdbReader_PHP to CdbReaderPHP
2815 * CdbWriter_DBA to CdbWriterDBA
2816 * CdbWriter_PHP to CdbWriterPHP
2817 * DiffOp_Add to DiffOpAdd
2818 * DiffOp_Change to DiffOpChange
2819 * DiffOp_Copy to DiffOpCopy
2820 * DiffOp_Delete to DiffOpDelete
2821 * HWLDF_WordAccumulator to HWLDFWordAccumulator
2822 * LBFactory_Fake to LBFactoryFake
2823 * LBFactory_Multi to LBFactoryMulti
2824 * LBFactory_Simple to LBFactorySimple
2825 * LBFactory_Single to LBFactorySingle
2826 * LCStore_Accel to LCStoreAccel
2827 * LCStore_CDB to LCStoreCDB
2828 * LCStore_DB to LCStoreDB
2829 * LCStore_Null to LCStoreNull
2830 * LoadBalancer_Single to LoadBalancerSingle
2831 * LoadMonitor_MySQL to LoadMonitorMySQL
2832 * LoadMonitor_Null to LoadMonitorNull
2833 * LocalisationCache_BulkLoad to LocalisationCacheBulkLoad
2834 * csvStatsOutput to CsvStatsOutput
2835 * extensionLanguages to ExtensionLanguages
2836 * languages to Languages
2837 * statsOutput to StatsOutput
2838 * textStatsOutput to TextStatsOutput
2839 * wikiStatsOutput to WikiStatsOutput
2840
2841 ==== Removed methods ====
2842 * ApiBase::getValidNamespaces() (deprecated in 1.17)
2843 * ApiMain::setCachePrivate() (deprecated in 1.17)
2844 * ApiMain::setVaryCookie (deprecated in 1.17)
2845 * Article::doRedirect() (deprecated in 1.18)
2846 * Article::doUnwatch() (deprecated in 1.18)
2847 * Article::doWatch() (deprecated in 1.18)
2848 * Article::forUpdate() (deprecated in 1.18)
2849 * Article::markpatrolled() (deprecated in 1.18)
2850 * Article::unwatch() (deprecated in 1.18)
2851 * Article::watch() (deprecated in 1.18)
2852 * Block::clear() (deprecated in 1.18)
2853 * Block::decodeExpiry() (deprecated in 1.18)
2854 * Block::encodeExpiry() (deprecated in 1.18)
2855 * Block::forUpdate() (deprecated in 1.18)
2856 * Block::infinity() (deprecated in 1.18)
2857 * Block::load() (deprecated in 1.18)
2858 * Block::newFromDB() (deprecated in 1.18)
2859 * Block::normaliseRange() (deprecated in 1.18)
2860 * Block::parseExpiryInput() (deprecated in 1.18)
2861 * CategoryViewer::addSubcategory() (deprecated in 1.17)
2862 * EditPage::spamPage() (deprecated since 1.17)
2863 * Exif::getFormattedData() (deprecated in 1.18)
2864 * Exif::makeFormattedData() (deprecated in 1.18)
2865 * in_string (deprecated in 1.21)
2866 * Language::convertLinkToAllVariants() (deprecated in 1.17)
2867 * LanguageConverter::convertLinkToAllVariants() (deprecated in 1.17)
2868 * Linker::makeBrokenLink() (deprecated in 1.16)
2869 * Linker::makeBrokenLinkObj() (deprecated in 1.16)
2870 * Linker::makeColouredLinkObj() (deprecated in 1.16)
2871 * Linker::makeSizeLinkObj() (deprecated in 1.17)
2872 * MediaWiki::articleFromTitle() (deprecated in 1.18)
2873 * ParserOptions::getkin() (deprecated 1.18)
2874 * ProfilerSimple::getCpuTime (deprecated in 1.20)
2875 * Revision::revText() (deprecated in 1.17)
2876 * SkinTemplate::jstext() (deprecated in 1.21)
2877 * SpecialPage::__call() (deprecated in 1.17)
2878 * SpecialPage::executePath() (deprecated in 1.18)
2879 * SpecialPage::exists() (deprecated in 1.18)
2880 * SpecialPage::file() (deprecated in 1.18)
2881 * SpecialPage::func() (deprecated in 1.18)
2882 * SpecialPage::getGroup() (deprecated in 1.18)
2883 * SpecialPage::getPage() (deprecated in 1.18)
2884 * SpecialPage::getPageByAlias() (deprecated in 1.18)
2885 * SpecialPage::getLocalNameFor() (deprecated in 1.18)
2886 * SpecialPage::getRegularPages() (deprecated in 1.18)
2887 * SpecialPage::getRestrictedPages() (deprecated in 1.18)
2888 * SpecialPage::getTitleForAlias() (deprecated in 1.18)
2889 * SpecialPage::getUsablePages() (deprecated in 1.18)
2890 * SpecialPage::includable() (deprecated in 1.18)
2891 * SpecialPage::init()
2892 * SpecialPage::initAliasList() (deprecated in 1.18)
2893 * SpecialPage::initList() (deprecated in 1.18)
2894 * SpecialPage::name() (deprecated in 1.18)
2895 * SpecialPage::removePage() (deprecated in 1.18)
2896 * SpecialPage::resolveAlias() (deprecated in 1.18)
2897 * SpecialPage::resolveAliasWithSubpage() (deprecated in 1.18)
2898 * SpecialPage::restriction() (deprecated in 1.18)
2899 * SpecialPage::setGroup() (deprecated in 1.18)
2900 * SpecialRecentChanges::feedSetup()
2901 * SpecialRevisionDelete::extractBitField() (deprecated in 1.22)
2902 * User::getPageRenderingHash() (deprecated in 1.17)
2903 * WebRequest::getFileSize() (deprecated in 1.17)
2904 * WebRequest::isPathInfoBad() (deprecated in 1.17)
2905 * wfGenerateToken (deprecated in 1.20)
2906 * wfStreamFile (deprecated in 1.19)
2907 * wfUILang (deprecated in 1.18)
2908 * WikiPage::createUpdates() (deprecated in 1.18)
2909 * WikiPage::quickEdit() (deprecated in 1.18)
2910 * WikiPage::useParserCache() (deprecated in 1.18)
2911 * WikiPage::viewUpdates() (deprecated in 1.18)
2912
2913 ==== Removed globals ====
2914 * $wgBetterDirectionality (deprecated in 1.18)
2915
2916 = MediaWiki 1.22 =
2917
2918 == MediaWiki 1.22.15 ==
2919
2920 This is a security and maintenance release of the MediaWiki 1.22 branch.
2921
2922 === Changes since 1.22.14 ===
2923
2924 * (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which
2925 could lead to xss. Permission to edit MediaWiki namespace is required to
2926 exploit this.
2927 * (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in
2928 $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as
2929 part of its name.
2930 * (bug T74222) The original patch for T74222 was reverted as unnecessary.
2931
2932 == MediaWiki 1.22.14 ==
2933
2934 This is a security and maintenance release of the MediaWiki 1.22 branch.
2935
2936 === Changes since 1.22.13 ===
2937
2938 * (bugs 66776, 71478) SECURITY: User PleaseStand reported a way to inject code
2939 into API clients that used format=php to process pages that underwent flash
2940 policy mangling. This was fixed along with improving how the mangling was done
2941 for format=json, and allowing sites to disable the mangling using
2942 $wgMangleFlashPolicy.
2943 * (bug 70901) SECURITY: User Jackmcbarn reported that the ability to update
2944 the content model for a page could allow an unprivileged attacker to edit
2945 another user's common.js under certain circumstances. The user right
2946 "editcontentmodel" was added, and is needed to change a revision's content
2947 model.
2948 * (bug 72222) SECURITY: Do not show log action when the entry is revdeleted with
2949 DELETED_ACTION. NOTICE: this may be reverted in a future release pending a
2950 public RFC about the desired functionality. This issue was reported by user
2951 Bawolff.
2952 * (bug 71621) Make allowing site-wide styles on restricted special pages a
2953 config option.
2954 * $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that
2955 might be a flash policy directive configurable.
2956
2957 == MediaWiki 1.22.13 ==
2958 This is a maintenance release of the MediaWiki 1.22 branch.
2959
2960 === Changes since 1.22.12 ===
2961 * (bug 67440) Allow classes to be registered properly from installer
2962
2963 == MediaWiki 1.22.12 ==
2964 This is a security release of the MediaWiki 1.22 branch.
2965
2966 === Changes since 1.22.11 ===
2967 * (bug 70672) SECURITY: OutputPage: Remove separation of css and js module allowance.
2968
2969 == MediaWiki 1.22.11 ==
2970 This is a security release of the MediaWiki 1.22 branch.
2971
2972 === Changes since 1.22.10 ===
2973 * (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style> elements; normalize style elements and attributes before filtering; add checks for attributes that contain css; add unit tests for html5sec and reported bugs.
2974
2975 == MediaWiki 1.22.10 ==
2976 This is a maintenance release of the MediaWiki 1.22 branch.
2977
2978 === Changes since 1.22.9 ===
2979 * (bug 64970) Fix support for blobs on DatabaseOracle::update
2980 * (bug 60719) In MediaWiki 1.22, the job queue execution on each page request was changed (Gerrit change 59797) so, instead of executing the job inside the same PHP process that's rendering the page, a new PHP cli command is spawned to execute runJobs.php in the background. It will only work if $wgPhpCli is set to an actual path or safe mode is off, otherwise, the old method will be used. https://www.mediawiki.org/wiki/Manual:Job_queue#Changes_introduced_in_MediaWiki_1.22 for more infomation. This change was in earlier releases of 1.22 but was not noted here until now.
2981
2982 == MediaWiki 1.22.9 ==
2983 This is a security and maintenance release of the MediaWiki 1.22 branch.
2984
2985 === Changes since 1.22.8 ===
2986 * (bug 68187) SECURITY: Prepend jsonp callback with comment.
2987 * (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used for loading a new page in Javascript,instead of relying on the URL in the link that has been clicked.
2988 * (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and ParserOutput.
2989 * (bug 59147) The img_metadata field was not being decoded from bytea into text.
2990
2991 == MediaWiki 1.22.8 ==
2992 This is a security and maintenance release of the MediaWiki 1.22 branch.
2993
2994 === Changes since 1.22.7 ===
2995 * (bug 65839) SECURITY: Prevent external resources in SVG files.
2996 * (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like only extracting the tail of the file partially or not at all.
2997
2998 == MediaWiki 1.22.7 ==
2999 This is a security and maintenance release of the MediaWiki 1.22 branch.
3000
3001 === Changes since 1.22.6 ===
3002 * (bug 65501) SECURITY: Don't parse usernames as wikitext on Special:PasswordReset.
3003 * (bug 36356) Add space between two feed links.
3004 * (bug 63269) Email notifications were not correctly handling the MediaWiki:Helppage message being set to a full URL. This is a regression from the 1.22.5 point release, which made the default value for it a URL. If you customized MediaWiki:Enotif body (the text of email notifications), you'll need to edit it locally to include the URL via the new variable $HELPPAGE instead of the parser functions fullurl and canonicalurl; otherwise you don't have to do anything.
3005 Add missing uploadstash.us_props for PostgreSQL.
3006 * (bug 56047) Fixed stream wrapper in PhpHttpRequest.
3007
3008 == MediaWiki 1.22.6 ==
3009 This is a security release of the MediaWiki 1.22 branch.
3010
3011 === Changes since 1.22.5 ===
3012 * (bug 63251) SECURITY: Escape sortKey in pageInfo.
3013
3014 == MediaWiki 1.22.5 ==
3015 This is a security and maintenance release of the MediaWiki 1.22 branch.
3016
3017 === Changes since 1.22.4 ===
3018 * (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword.
3019 * (bug 62467) Set a title for the context during import on the cli.
3020 * Fix custom local MediaWiki:Helppage values.
3021 * mediawiki.js: Fix documentation breakage.
3022 * (bug 58153) Make MySQLi work with non standard port.
3023 * (bug 53887) Reintroduced a link to help pages in the default sidebar, that any sysop can customize by editing MediaWiki:Sidebar locally. The link now points to a mediawiki.org page which is guaranteed to exist. Nothing needs to be done on your end, but remember to adjust MediaWiki:Sidebar for the needs of your wikis. Everyone can help with the shared documentation by translating: https://www.mediawiki.org/wiki/Special:Translate/agg-Help_pages .
3024 * (bug 53888) Corrected a regression in 1.22 which introduced red links on the login page. If you previously installed 1.22.x and have created a local page to make the red link blue, write its title as in MediaWiki:helplogin-url if you didn't already. Otherwise, you don't need to do anything, but you can translate the help page at https://www.mediawiki.org/wiki/Help:Logging_in .
3025
3026 == MediaWiki 1.22.4 ==
3027 This is a maintenance release of the MediaWiki 1.22 branch.
3028
3029 === Changes since 1.22.3 ===
3030 * Use the correct branch of the extensions' git repositories.
3031
3032 == MediaWiki 1.22.3 ==
3033 This is a security and bugfix release of the MediaWiki 1.22 branch.
3034
3035 === Changes since 1.22.2 ===
3036 * (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. * User will get an error including the namespace name if they use a non- whitelisted namespace.
3037 * (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time.
3038 * (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.
3039 * (bug 53710) Add sequence support for upsert in DatabaseOracle in the same way as in selectInsert
3040 * (bug 60231, bug 58719) Various fixes to job running code in Wiki.php: Make it async on Windows. Fixed possible "invalid filename" errors on Windows. Redirect output to dev/null to avoid hanging PHP.
3041 * (bug 60083) Correct sequence name for fresh Postgres installation. Spotted by gebhkla
3042 * (bug 60531) Avoid variable naming conflicts in DatabasePostgres::selectSQLText. Spotted by gebhkla
3043 * (bug 60094) Fix rebuildall.php fatal error with PostgreSQL.
3044 * (bug 43817) Add error handling if descriptionmsg isn't defined for extension.
3045 * (bug 60543) Special:PrefixIndex omits stripprefix=1 for "Next page" link.
3046
3047 == MediaWiki 1.22.2 ==
3048 This is a security and bugfix release of the MediaWiki 1.22 branch.
3049
3050 === Changes since 1.22.1 ===
3051 * (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media formats
3052 * (bug 58253) Check for very old PCRE versions in installer and updater
3053 * (bug 60054) Make WikiPage::$mPreparedEdit public
3054
3055 == MediaWiki 1.22.1 ==
3056 This is a security and maintenance release of the MediaWiki 1.22 branch.
3057
3058 === Changes since 1.22.0 ===
3059 * (bug 57550) SECURITY: Disallow stylesheets in SVG Uploads
3060 * (bug 58088) SECURITY: Don't normalize U+FF3C to \ in CSS Checks
3061 * (bug 58472) SECURITY: Disallow -o-link in styles
3062 * (bug 58553) SECURITY: Return error on invalid XML for SVG Uploads
3063 * (bug 58699) SECURITY: Fix RevDel log entry information leaks
3064 * (bug 58178) Restore compatibility with curl < 7.16.2.
3065 * (bug 56931) Updated the plural rules to CLDR 24. They are in new format which is detailed in UTS 35 Rev 33. The PHP parser and evaluator as well as the JavaScript evaluator were updated to support the new format. Plural rules for some languages have changed, most notably Russian. Affected software messages have been updated and marked for review at translatewiki.net. This change is backported from the development branch of MediaWiki 1.23.
3066 * (bug 58434) The broken installer for database backend Oracle was fixed.
3067 * (bug 58167) The web installer no longer throws an exception when PHP is compiled without support for MySQL yet with support for another DBMS.
3068 * (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to appear blank or with missing text.
3069 * (bug 47055) Changed FOR UPDATE handling in Postgresql
3070 * (bug 57026) Avoid extra parsing in prepareContentForEdit()
3071
3072 == MediaWiki 1.22.0 ==
3073
3074 === Configuration changes in 1.22 ===
3075 * $wgRedirectScript was removed. It was unused.
3076 * Removed $wgLocalMessageCacheSerialized, it is now always true.
3077 * $wgVectorUseIconWatch is now enabled by default.
3078 * $wgCascadingRestrictionLevels was added.
3079 * ftps, ssh, sftp, xmpp, sip, sips, tel, sms, bitcoin, magnet, urn, and geo
3080 have been whitelisted inside of $wgUrlProtocols.
3081 * $wgDocType and $wgDTD have been removed and are no longer used for the DOCTYPE.
3082 * $wgHtml5 is no longer used by core. Setting it to false will no longer disable HTML5.
3083 It is still set to true for extension compatibility but doing so in extensions is deprecated.
3084 * $wgXhtmlDefaultNamespace is no longer used by core. Setting it will no longer change the
3085 xmlns used by MediaWiki. Reliance on this variable by extensions is deprecated.
3086 * $wgHandheldStyle was removed.
3087 * $wgHandheldForIPhone was removed.
3088 * $wgJsMimeType is no longer used by core. Most usage has been removed since
3089 HTML output is now exclusively HTML5.
3090 * $wgDBOracleDRCP added. True enables persistent connection with DRCP on Oracle.
3091 * $wgLogAutopatrol added to allow disabling logging of autopatrol edits in the logging table.
3092 Default for $wgLogAutopatrol is true.
3093 * The 'edit' right no longer allows for editing a user's own CSS and JS.
3094 * New rights 'editmyusercss', 'editmyuserjs', 'viewmywatchlist',
3095 'editmywatchlist', 'viewmyprivateinfo', 'editmyprivateinfo', and
3096 'editmyoptions' restrict actions that were formerly allowed by default. They
3097 have been added to the default for $wgGroupPermissions['*'].
3098 * The 'editprotected' right no longer allows bypassing of all page protection
3099 restrictions. Any group using it for this purpose will now need to have all
3100 the individual rights listed in $wgRestrictionTypes for the same effect.
3101 * The 'protect' and 'autoconfirmed' rights are no longer used for the default
3102 page protection levels. The rights 'editprotected' and 'editsemiprotected'
3103 are now used for this purpose instead.
3104 * (bug 40866) wgOldChangeTagsIndex removed.
3105 * $wgNoFollowDomainExceptions now only matches entire domains. For example,
3106 an entry for 'bar.com' will still match 'foo.bar.com' but not 'foobar.com'.
3107 * $wgCopyUploadTimeout and $wgCopyUploadAsyncTimeout added to change the timeout times for
3108 fetching the file during upload by url.
3109 * New key added to $wgGalleryOptions - $wgGalleryOptions['mode'] to set
3110 default gallery mode.
3111 * New hook 'GalleryGetModes' to allow extensions to make new gallery modes.
3112 * The checkbox for staying in HTTPS displayed on the login form when $wgSecureLogin is
3113 enabled has been removed. Instead, whether the user stays in HTTPS will be determined
3114 based on the user's preferences, and whether they came from HTTPS or not.
3115 * $wgRC2UDPAddress, $wgRC2UDPInterwikiPrefix, $wgRC2UDPOmitBots, $wgRC2UDPPort,
3116 and $wgRC2UDPPrefix configuration options have been deprecated in favor of a
3117 $wgRCFeeds configuration array. $wgRCFeeds makes both the format and
3118 destination of recent change notifications customizable, and allows for
3119 multiple destinations to be specified.
3120 * (bug 53862) portal-url, currentevents-url and helppage have been removed from the
3121 default Sidebar.
3122 * The 'vector-simplesearch' preference is now enabled by default. Previously
3123 it was only enabled if the Vector extension was installed.
3124 * The precise format of metric datagrams produced by the UDP profiler and stats counter
3125 may now be specified as $wgUDPProfilerFormatString and $wgStatsFormatString,
3126 respectively.
3127 * (bug 54597) $wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath, and
3128 $wgProxyMemcExpiry have been removed, along with the open proxy scanner
3129 script they were added for.
3130 * Default value of $wgMaxShellMemory has been tripled (it's now 300 MB).
3131
3132 === New features in 1.22 ===
3133 * You can now install extensions using Composer.
3134 See https://www.mediawiki.org/wiki/Composer
3135 * (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and attributes.
3136 * (bug 33454) Language::sprintfDate now has a timezone parameter, and supports
3137 the "eIOPTZ" formatting characters.
3138 * EditWarning: A warning is shown when an editor leaves the edit form without
3139 saving (enabled by default, users can opt-out via the 'useeditwarning'
3140 preference). This feature was moved from the Vector extension, and is now part
3141 of core for all skins. Take care when upgrading that you don't use an older
3142 version of the Vector extension as this feature may conflict.
3143 * New 'mediawiki.ui' CSS module providing mw-ui-* styles for buttons and a
3144 compact vertical form layout.
3145 * HTMLForm supports a new display format 'vform' which applies this compact vertical
3146 layout and button styling. Special:PasswordReset uses this format.
3147 * New versions of login (Special:UserLogin) and create account
3148 (Special:UserLogin/signup) forms using the "vform" compact vertical form layout.
3149 These forms use new messages that assume a "Help logging in" link, see
3150 https://www.mediawiki.org/wiki/Manual:Page_customizations;
3151 https://www.mediawiki.org/wiki/Account_creation_user_experience/Strings lists the
3152 message key changes.
3153 * (bug 23343) Implemented ability to apply IP blocks to the contents of X-Forwarded-For headers
3154 by adding a new configuration variable $wgApplyIpBlocksToXff (disabled by default).
3155 * The new hook 'APIGetPossibleErrors' to modify the list of possible errors was
3156 added.
3157 * (bug 25592) LogEventsList::showLogExtract() will now ignore various
3158 Pager-related WebRequest parameters by default, as this is overwhelmingly
3159 likely to be what was intended by users of the method. If any caller wishes
3160 to use these parameters, the new param 'useRequestParams' may be set to true.
3161 * mw.util.addPortletLink: Tooltip is no longer required to be plain (without
3162 an accesskey in it already). As such it now rountrips. Creating a link with a
3163 message as tooltip, grabbing the title attribute and using it to create
3164 another portlet will work as expected.
3165 * (bug 6747) {{ROOTPAGENAME}} introduced, contains the name of the topmost
3166 page without namespace.
3167 * BREAKING CHANGE: (bug 41729) Display editsection links next to headings. Also
3168 change their class name from .editsection to .mw-editsection and place them at
3169 the end of the heading element instead of the beginning. Client-side code and
3170 screen-scrapers will have to be adjusted to handle both cases (old HTML will
3171 still be visible on cached page renders until they are purged); extensions
3172 using the DoEditSectionLink or EditSectionLink hooks might need adjustments as
3173 well.
3174 * (bug 45535) introduced the new 'LanguageLinks' hook for manipulating the
3175 language links associated with a page before display.
3176 * Chosen (http://harvesthq.github.io/chosen/) was added as module 'jquery.chosen'
3177 * HTMLForm will turn multiselect checkboxes into a Chosen interface when setting cssclass 'mw-chosen'
3178 * rebuildLocalisationCache learned --lang option. Let you rebuild l10n caches
3179 of the specified languages instead of all of them.
3180 * New GetNewMessagesAlert hook allowing extensions to disable or modify the new
3181 messages alert
3182 * New wgUserNewMsgRevisionId JS global for logged in users. This will be null
3183 if the user has no new talk page messages. Otherwise it will be set to the
3184 revision ID of the oldest new talk page message. This will allow gadgets and
3185 extensions to create their own new message alerts on the client side.
3186 * mediawiki.log: Added log.warn wrapper (uses console.warn and console.trace).
3187 * mediawiki.log: Implemented log.deprecate. This method defines a property and
3188 uses ES5 getter/setter to emit a warning when they are used.
3189 * $wgCascadingRestrictionLevels was added, allowing one to specify restriction levels
3190 which can be cascading (previously 'sysop' was hard-coded as the only one).
3191 * XHTML5 support has been improved. If you set $wgMimeType = 'application/xhtml+xml'
3192 MediaWiki will try outputting markup according to XHTML5 rules.
3193 * Altered hook 'ProtectionForm::save', adding the reason page protection is
3194 changed as third parameter.
3195 * New hook 'TitleSquidURLs' for manipulating the list of URLs to be purged from
3196 HTTP caches when a page is changed.
3197 * Changed the patrolling system to always show the link for patrolling in case the
3198 current revision is patrollable. This also removed the usage of the rcid URI parameters.
3199 * Oracle DB backend now supports Database Resident Connection Pooling (DRCP).
3200 Can be enabled by setting $wgDBOracleDRCP=true.
3201 Requires Oracle DB 11gR1 or above, enabled DRCP inside the DB itself and a
3202 propper connect string.
3203 More about DRCP can be found at:
3204 http://www.oracle-base.com/articles/11g/database-resident-connection-pool-11gr1.php
3205 * Add a new parameter $patrolFooterShown to hook ArticleViewFooter so the hook
3206 handlers can take further action based on the status of the patrol footer
3207 * A new hook TitleQuickPermissions was added to allow overriding of quick
3208 permissions in the Title class.
3209 * LinkCache singleton can now be altered or cleared, letting one to specify
3210 another instance that does not rely on a database backend.
3211 * MediaWiki's PHPUnit tests can now use PHPUnit installed using composer --dev.
3212 * (bug 43689) The lists of templates used on the page and hidden categories it
3213 is a member of, shown below the edit form, are now collapsible (and collapsed
3214 by default).
3215 * Parser profiling data, formerly only available in the "NewPP limit report"
3216 HTML comment, is now also displayed at the bottom of page previews.
3217 * Added ParserLimitReportPrepare and ParserLimitReportFormat hooks, deprecated
3218 ParserLimitReport hook.
3219 * New user rights have been added to increase granularity in rights management
3220 for extensions such as OAuth:
3221 ** editmyusercss controls whether a user may edit their own CSS subpages.
3222 ** editmyuserjs controls whether a user may edit their own JS subpages.
3223 ** viewmywatchlist controls whether a user may view their watchlist.
3224 ** editmywatchlist controls whether a user may edit their watchlist.
3225 ** viewmyprivateinfo controls whether a user may access their private
3226 information (e.g. registered email address, real name).
3227 ** editmyprivateinfo controls whether a user may change their private
3228 information.
3229 ** editmyoptions controls whether a user may change their preferences.
3230 * Add new hook AbortTalkPageEmailNotification, this will be used to determine
3231 whether to send the regular talk page email notification
3232 * Action classes registered in $wgActions are now also supported in the form of
3233 a callback (which returns an instance of Action) instead of providing the name
3234 of a subclass of Action.
3235 * (bug 46513) Vector: Add the collapsibleTabs script from the Vector extension.
3236 * Added $wgRecentChangesFlags for defining new flags for RecentChanges and
3237 watchlists.
3238 * (bug 40518) mw.toolbar: Implemented mw.toolbar.addButtons for adding multiple
3239 button objects in one call.
3240 * Rights used for the default protection levels ('sysop' and 'autoconfirmed')
3241 are now used just for that purpose, instead of overloading other rights. This
3242 allows easy granting of the ability to edit sysop-protected pages without
3243 also granting the ability to protect and unprotect.
3244 * (bug 48256) Make brackets in section edit links accessible to CSS.
3245 They are now wrapped in <span class="mw-editsection-bracket" />.
3246 * (bug 8480) Allow handler specific parameters in galleries (like page number)
3247 * jquery.client: Add detection for Opera 15 and Internet Explorer 11.
3248 * Change tags (used by the AbuseFilter extension) are now shown on diff pages.
3249 * Change tag lists (shown on recent changes, watchlist, user contributions,
3250 history pages, diff pages) now include a link to Special:Tags to distinguish
3251 them from edit summaries.
3252 * Added a new method and hook, User::isEveryoneAllowed() and
3253 UserIsEveryoneAllowed, for use in situations where a "does everyone have this
3254 right?" check is used to avoid more expensive checks.
3255 * (bug 14431) Display "(No difference)" instead of an empty diff (when comparing
3256 revisions in the history or when previewing changes while editing).
3257 * New hook 'IsUploadAllowedFromUrl' is added which can be used to intercept uploads by
3258 URL, useful for blacklisting specific URLs
3259 * (bug 21912) Watchlist token implementation has been refactored and
3260 Special:ResetTokens was added to allow users to reset their tokens
3261 instead of presenting them in Preferences.
3262 * Special:PrefixIndex now lets you strip the searched prefix from the displayed
3263 titles. Given a list of articles named Bug1, Bug2, you can now transclude the
3264 list of bug numbers using: {{Special:PrefixIndex/Bug|stripprefix=1}}.
3265 The special page form received a new checkbox matching that option.
3266 * (bug 23580) Implement javascript callback interface "mw.hook".
3267 * (bug 30713) New mw.hook "wikipage.content".
3268 * (bug 40430) jquery.placeholder gets a new parameter to set the attribute value
3269 to be used.
3270 * $wgHTCPMulticastRouting renamed $wgHTCPRouting since it accepts unicast.
3271 * $wgHTCPRouting rules can now be passed an array of hosts/ports to send purge
3272 too. Can be used whenever several multicast group could be interested by a
3273 specific purge.
3274 * (bug 25931) Add Special:RandomInCategory.
3275 * mediawiki.util: addPortletLink now supports passing a jQuery object as nextnode.
3276 * <wbr> can now be used inside WikiText.
3277 * WebResponse::setcookie is much more featureful. Callers using PHP's
3278 setcookie() or setrawcookie() should begin using this instead.
3279 * New hook WebResponseSetCookie, called from WebResponse::setcookie().
3280 * New hook ResetSessionID, called when the session id is reset.
3281 * Add a mode parameter to <gallery> tag with potential options of "traditional",
3282 "nolines", "packed", "packed-overlay", or "packed-hover".
3283 * (bug 47399) A success message is now displayed after changing the password.
3284 * Make thumb.php give HTTP redirects for file redirects
3285 * (bug 30607) Special:ListFiles can now show old versions of files. Additionally
3286 Special:AllMyUploads was introduced so the user can get a list of all things
3287 they have ever uploaded, even if it was subsequently overridden.
3288 * Introduced Special:MyFiles and Special:AllMyFiles as an alias for Special:MyUploads
3289 and Special:AllMyUploads respectively.
3290 * IPv6 addresses in X-Forwarded-For headers are now normalised before checking
3291 against allowed proxy lists.
3292 * Add deferrable update support for callback/closure.
3293 * Add TitleMove hook before page renames.
3294 * Revision deletion backend code is moved out of SpecialRevisiondelete
3295 * Added {{REVISIONSIZE}} variable to get the current size of a revision.
3296 * Add support for the LESS stylesheet language to ResourceLoader. LESS is a
3297 stylesheet language that compiles into CSS. ResourceLoader file modules may
3298 include LESS style files; ResourceLoader will compile these files into CSS
3299 before sending them to the client.
3300 ** The $wgResourceLoaderLESSVars configuration variable is an associative array
3301 mapping variable names to string CSS values. These variables are considered
3302 declared for all LESS files. Additional variables may be registered by
3303 adding keys to the array.
3304 ** $wgResourceLoaderLESSFunctions is an associative array of custom LESS
3305 function names to PHP callables. See <http://leafo.net/lessphp/docs/#custom_functions>
3306 for more details regarding custom functions.
3307 ** $wgResourceLoaderLESSImportPaths is an array of file system paths. Files
3308 referenced in LESS '@import' statements are looked up here first.
3309 * ResourceLoader supports hashes as module cache invalidation trigger (instead
3310 of or in addition to timestamps).
3311 * Added $wgExtensionEntryPointListFiles for use in mergeMessageFileList.php.
3312 * Added a hook, APIQuerySiteInfoStatisticsInfo, to allow extensions to modify
3313 the output of the API query meta=siteinfo&siprop=statistics
3314 * Primary keys have been added to both the archive table and the externallinks
3315 tables.
3316 * Added $wgEnableParserLimitReporting to control whether the NewPP limit report is
3317 output in a HTML comment.
3318 * The 'UnwatchArticle' and 'WatchArticle' hooks now support a Status object
3319 instead of just a boolean return value to abort the hook.
3320 * Added a hook, SpecialWatchlistGetNonRevisionTypes, to allow extensions
3321 with custom recentchanges entries to hook into the Watchlist without
3322 clobbering each other.
3323 * A hidden, empty input field was added to the edit form, and any edit that fills
3324 it in will be rejected. This prevents against the simplest form of spambots.
3325 Previously in the "SimpleAntiSpam" extension by Ryan Schmidt.
3326 * populateRevisionLength.php maintenance script updated to also populate
3327 archive.ar_len field.
3328 * (bug 43571) DatabaseMySQLBase learned to list views, optionally filtered by a
3329 prefix. Also fixed PHPUnit test suite when using a MySQL backend containing
3330 views.
3331
3332 === Bug fixes in 1.22 ===
3333 * (bug 47271) $wgContentHandlerUseDB should be set to false during the upgrade
3334 * Disable Special:PasswordReset when $wgEnableEmail is false. Previously one
3335 could still navigate to the page by entering the URL directly.
3336 * (bug 47138) Fixed a fatal error when a blocked user tries to automatically
3337 create an account on login due external authentication in some circumstances.
3338 * (bug 23393) HTML <hN> headings containing line breaks are now handled
3339 correctly.
3340 * (bug 45803) Whitespace within == Headline == syntax and within <hN> headings
3341 is now non-significant and not preserved in the HTML output.
3342 * (bug 47218) Special:BlockList now handles correctly user names with spaces
3343 when passed as subpage.
3344 * Pager's properly validate which fields are allowed to be sorted on.
3345 * mw.util.tooltipAccessKeyRegexp: The regex now matches "option-" as well.
3346 Support for Mac "option" was added in 1.16, but the regex was never updated.
3347 * (bug 46768) Usernames of blocking users now display correctly, even if numeric.
3348 * (bug 39590) Self-transclusions now show the most up to date result always
3349 after save instead of being a revision behind.
3350 * A bias in wfRandomString() toward digits 1-7 has been corrected. Generated
3351 strings will now start with digits 0 and 8-f as often as they should.
3352 * (bug 45371) Removed Parser_LinkHooks and CoreLinkFunctions classes.
3353 * (bug 41545) Allow <kbd>, <samp>, and <var> to be nested like allowed in html.
3354 * PLURAL magic word no longer causes a PHP notice when no matching form exists.
3355 * (bug 36641) Patrol page links no longer show on non-existent revisions.
3356 * (bug 35810) Pages not linked from Special:RecentChanges or Special:NewPages
3357 are patrollable now.
3358 * (bug 30213) JavaScript for search suggestions is now disabled when the API
3359 is disabled, and AJAX patrolling and watching are now disabled when use of
3360 the write API is not allowed.
3361 * (bug 48294) API: Fix chunk upload async mode.
3362 * (bug 46749) Broken files tracking category removed from pages if an image
3363 with that name is uploaded.
3364 * (bug 14176) System messages that are empty were previously incorrectly treated
3365 as non-existent, causing a fallback to the default. This stopped users from
3366 overriding system messages to make them blank.
3367 * (bug 48319) action=parse no longer returns an error if passed none of 'oldid',
3368 'pageid', 'page', 'title', and 'text' (e.g. if only passed 'summary'). A
3369 warning will instead be issued if 'title' is non-default, unless no props are
3370 requested.
3371 * Special:Recentchangeslinked will now include upload log entries
3372 * (bug 41281) Fixed ugly output if file size could not be extracted for multi-page media.
3373 * (bug 50315) list=logevents API module will now output log entries by anonymous users.
3374 * (bug 38911) Handle headers with rowspan in jquery.tablesorter
3375 * (bug 658) Converted the table of contents on wiki pages from <table> to <div>
3376 and adjusted skin CSS accordingly. The CSS was carefully crafted to be
3377 backwards-compatible in all reasonable cases (uses of the __TOC__ magic word,
3378 the #toc CSS id and the .toc CSS class). However, particularly bad abuse of
3379 the id or the class can possibly break.
3380 * CSSJanus now supports rgb, hsl, rgba, and hsla color syntaxes.
3381 * Special:Listfiles can no longer be sorted by image name when filtering
3382 by user in miser mode.
3383 * (bug 49074) CSSJanus: Handle values of border-radius correctly.
3384 * Handle relative inclusions ({{../name}}) in main namespace with subpages
3385 enabled correctly (previously MediaWiki tried to include Template:Parent/name
3386 instead of just Parent/name).
3387 * Added $wgAPIUselessQueryPages to allow extensions to flag their query pages
3388 for non-inclusion in ApiQueryQueryPages.
3389 * (bug 50870) mediawiki.notification: Notification area should remain visible
3390 when scrolled down.
3391 * (bug 13438) Special:MIMESearch no longer an expensive special page.
3392 * (bug 48342) Fixed a fatal error when $wgValidateAllHtml is set to true and
3393 the function apache_request_headers() function is not available.
3394 * (bug 33399) LivePreview: Re-run wikipage content handlers
3395 (jquery.makeCollapsible, jquery.tablesorter) after preview content is loaded.
3396 * (bug 51891) Fixed PHP notice on Special:PagesWithProp when no properties
3397 are defined.
3398 * (bug 52006) Corrected documentation of $wgTranscludeCacheExpiry.
3399 * (bug 52077) The APIEditBeforeSave hook is giving the content of the whole
3400 revision as second argument now, rather than just the current section.
3401 * (bug 49694) $wgSpamRegex is now also applied on the new section headline text
3402 adding a new topic on a page
3403 * (bug 41756) Improve treatment of multiple comments on a blank line.
3404 * (bug 51064) Purge upstream caches when deleting file assets.
3405 * (bug 39012) File types with a mime that we do not know the extension for
3406 can no longer be uploaded as an extension that we do know the mime type
3407 for.
3408 * (bug 51742) Add data-sort-value for better sorting of hitcounts Special:Tags
3409 * (bug 26811) On DB error pages, server hostnames are now hidden when both
3410 $wgShowHostnames and $wgShowSQLErrors are false.
3411 * (bug 6200) line breaks in <blockquote> are handled like they are in <div>
3412 * (bug 14931) Default character set now set to 'utf8' when a new MySQL
3413 database is created.
3414 * (bug 47191) Fixed "Column 'si_title' cannot be part of FULLTEXT index"
3415 MySQL error when installing using the binary character set option.
3416 * (bug 45288) Support mysqli PHP extension
3417 * (bug 55818) BREAKING CHANGE: Removed undocumented 'Debug' hook in wfDebug.
3418 This resolves an infinite loop when using $wgDebugFunctionEntry = true.
3419 * (bug 56707) Correct tooltip of "Next n results" on query special pages.
3420 * (bug 56770) mw.util.addPortletLink: Check length before access array index.
3421
3422 === API changes in 1.22 ===
3423 * (bug 25553) The JSON output formatter now leaves forward slashes unescaped
3424 to improve human readability of URLs and similar strings. Also, a "utf8"
3425 option is now provided to use UTF-8 encoding instead of hex escape codes
3426 for most non-ASCII characters.
3427 * (bug 46626) xmldoublequote parameter was removed. Because of a bug, the
3428 parameter has had no effect since MediaWiki 1.16, and so its removal is
3429 unlikely to impact existing clients.
3430 * (bug 47216) action=query&meta=siteinfo&siprop=skins will now indicate which
3431 skin is the default and which are unusable (e.g. listed in $wgSkipSkins).
3432 * (bug 25325) Added support for wlshow filtering (bots/anon/minor/patrolled)
3433 to action=feedwatchlist.
3434 * WDDX formatted output will actually be formatted (and normal output will no
3435 longer be), and will no longer choke on booleans.
3436 * action=opensearch no longer silently ignores the format parameter.
3437 * action=opensearch now supports format=jsonfm.
3438 * list=usercontribs&ucprop=ids will now include the parent revision id.
3439 * BREAKING CHANGE: action=parse no longer returns all langlinks for the page
3440 with prop=langlinks by default. The new effectivelanglinks parameter will
3441 request that the LanguageLinks hook be called to determine the effective
3442 language links.
3443 * BREAKING CHANGE: list=allpages, list=langbacklinks, and prop=langlinks do not
3444 apply the new LanguageLinks hook, and thus only consider language links
3445 stored in the database.
3446 * (bug 47219) Allow specifying change type of Wikipedia feed items
3447 * prop=imageinfo now allows setting iiurlheight without setting iiurlwidth
3448 * prop=info now adds the content model and page language of the title.
3449 * New upload log entries will now contain information on the relevant
3450 image (sha1 and timestamp).
3451 * (bug 49239) action=parse now can parse in preview and section preview modes.
3452 * (bug 49259) action=patrol now accepts revision ids.
3453 * (bug 48129) list=blocks&bkip= now correctly handles IPv6 CIDR ranges and
3454 honors $wgBlockCIDRLimit. Note any clients passing invalid values to bkip
3455 will now receive an error, rather than the previous behavior listing all
3456 user blocks.
3457 * (bug 48201) action=parse&text=foo now assumes wikitext if no title is given,
3458 rather than using the content model of the page "API".
3459 * action=watch no longer silently ignores hook abort.
3460 * (bug 50785) action=purge with forcelinkupdate=1 no longer queues refreshLinks
3461 jobs in the job queue for link table updates of pages that use the given page
3462 as a template. Instead, forcerecursivelinkupdate=1 is introduced and should
3463 be used if that behaviour is desirable.
3464 * The 'debugLog' property (enabled by $wgDebugToolbar) no longer sets the log
3465 entry values through ApiResult::content but directly. This changes the JSON
3466 output from an array of objects with content in '*' to an array of strings
3467 with the content.
3468 * (bug 51342) prop=imageinfo iicontinue now contains the dbkey, not the text
3469 version of the title.
3470 * (bug 52538) action=edit will now use empty text instead of the contents
3471 of section 0 when passed prependtext or appendtext with section=new.
3472 * Support for the 'gettoken' parameter to action=block and action=unblock,
3473 deprecated since 1.20, has been removed.
3474 * (bug 49090) Token-getting functions will fail when using jsonp callbacks.
3475 * (bug 52699) action=upload returns normalized file name on warning
3476 "exists-normalized" instead of filename to be uploaded to.
3477 * (bug 53884) action=edit will now return an error when the specified section
3478 does not exist in the page.
3479 * Added meta=filerepoinfo API module for getting information about foreign
3480 file repositories, and related ForeignAPIRepo methods getInfo and getApiUrl.
3481 * The new query module list=allfileusages to enumerate file usages was added.
3482
3483 === Languages updated in 1.22 ===
3484
3485 MediaWiki supports over 350 languages. Many localisations are updated
3486 regularly. Below only new and removed languages are listed, as well as
3487 changes to languages because of Bugzilla reports.
3488
3489 * Batak Toba (bbc-latn) added.
3490 * (bug 46751) Made Buryat (Russia) (буряад) (bxr) fallback to Russian.
3491
3492 === Other changes in 1.22 ===
3493 * BREAKING CHANGE: Implementation of MediaWiki's JS and JSON value encoding
3494 has changed:
3495 ** MediaWiki no longer supports PHP installations in which the native JSON
3496 extension is missing or disabled.
3497 ** XmlJsCode objects can no longer be nested inside objects or arrays.
3498 (For Xml::encodeJsCall(), this individually applies to each argument.)
3499 ** The sets of characters escaped by default, along with the precise escape
3500 sequences used, have changed (except for the Xml::escapeJsString()
3501 function, which is now deprecated).
3502 * BREAKING CHANGE: The Services_JSON class has been removed. If necessary,
3503 be sure to upgrade affected extensions at the same time (e.g. Collection).
3504 * redirect.php was removed. It was unused.
3505 * ClickTracking integration was dropped from the mediaWiki.user.bucket
3506 JavaScript function. The 'tracked' option is now ignored.
3507 * BREAKING CHANGE: Legacy skins Simple, MySkin, Chick, Standard and Nostalgia
3508 were all removed. (Nostalgia was moved to an extension.) The SkinLegacy and
3509 LegacyTemplate classes that supported them were removed as well and are now a
3510 part of the Nostalgia extension.
3511 * Event namespace used by jquery.makeCollapsible has been changed from
3512 'mw-collapse' to 'mw-collapsible' for consistency with the module name.
3513 * BREAKING CHANGE: The "ExternalAuth" authentication subsystem was removed, along
3514 with its associated globals of $wgExternalAuthType, $wgExternalAuthConf,
3515 $wgAutocreatePolicy and $wgAllowPrefChange. Affected users are encouraged to
3516 use AuthPlugin for external authentication/authorization needs.
3517 * The Quickbar feature of the legacy skin model and the last remnants of it
3518 throughout the code base have been removed.
3519 * Externaledit/externaldiff preference was removed. Very few users used this
3520 feature, and improper configuration can actually prevent a user from editing
3521 * Calling Linker methods using a skin will now output deprecation warnings.
3522 * (bug 46680) "Return to" links are no longer tagged with rel="next".
3523 * BREAKING CHANGE: mw.util.tooltipAccessKeyRegexp: The match group for the
3524 accesskey character is now $6 instead of $5.
3525 * HipHop compiler (hphpc) support was removed. HipHop VM support (hhvm) was
3526 added.
3527 * A new Special:Redirect page was added, providing lookup by revision ID,
3528 user ID, or file name. The old Special:Filepath page was reimplemented
3529 to redirect through Special:Redirect.
3530 * Monobook: Removed the old conditional stylesheets for Opera 6, 7 and 9.
3531 * Support for XHTML 1.0 has been removed. MediaWiki now only outputs (X)HTML5.
3532 * wikibits: User-agent related globals have been deprecated. The following
3533 properties now default to false and emit mw.log.warn: is_gecko, is_chrome_mac,
3534 is_chrome, webkit_version, is_safari_win, is_safari, webkit_match, is_ff2,
3535 ff2_bugs, is_ff2_win, is_ff2_x11, opera95_bugs, opera7_bugs, opera6_bugs,
3536 is_opera_95, is_opera_preseven, is_opera, and ie6_bugs.
3537 * (bug 48276) MediaWiki will now flash a confirmation message upon successfully
3538 editing a page.
3539 * (bug 40785) mediawiki.legacy.ajax has been marked as deprecated. The following
3540 properties now emit mw.log.warn when accessed: sajax_debug, sajax_init_object,
3541 sajax_do_call and wfSupportsAjax.
3542 * BREAKING CHANGE: meta keywords are no longer supported. A <meta name="keywords"
3543 will no longer be output and OutputPage::addKeyword no longer exists.
3544 * Methods Title::userCanEditCssSubpage and Title::userCanEditJsSubpage,
3545 deprecated since 1.19, have been removed.
3546 * (bug 50134) Hook functions are no longer required to return a value. When a
3547 hook function does not return a value (or when it returns an explicit null),
3548 processing continues. To abort the hook, a hook function must return an
3549 explicit, boolean false or a string error message. Other falsey values are
3550 tantamount to a 'return true' in earlier versions of MediaWiki.
3551 * BREAKING CHANGE: The EditSectionLink hook was removed after being
3552 deprecated since MediaWiki 1.14. Use DoEditSectionLink instead.
3553 * (bug 48256) The 'editsection-brackets' optional message was removed.
3554 Section edit links' brackets can now be customized using CSS by
3555 styling span.mw-editsection-bracket.
3556 * The usePatrol function in ChangesList has been marked as deprecated.
3557 * (bug 50785) A "null edit", that is, a save action in which no changes to the
3558 page text are made and no revision recorded, will no longer send refreshLinks
3559 jobs to the job table to update pages which use the edited page as a template.
3560 * The LivePreviewPrepare and LivePreviewDone events triggered on "jQuery( mw )"
3561 have been deprecated in favour of using mw.hook.
3562 * The 'showjumplinks' user preference has been removed, jump links are now
3563 always included.
3564 * Methods RecentChange::notifyRC2UDP, RecentChange::sendToUDP, and
3565 RecentChange::cleanupForIRC have been deprecated, as it is now the
3566 responsibility of classes implementing the RCFeedFormatter and RCFeedEngine
3567 interfaces to implement the formatting and delivery for recent change
3568 notifications.
3569 * SpecialPrefixindex methods namespacePrefixForm() and showPrefixChunk() have
3570 been made protected. They were accepting form variance arguments, this is now
3571 using properties in the SpecialPrefixindex class.
3572 * (bug 50310) BREAKING CHANGE: wikibits: Drop support for mwCustomEditButtons.
3573 It defaults to an empty array and emits mw.log.warn when accessed.
3574 * BREAKING CHANGE: Special:Disambiguations has been removed from MediaWiki core.
3575 Functions related to disambiguation pages are now handled by the Disambiguator
3576 extension (https://www.mediawiki.org/wiki/Extension:Disambiguator) (bug
3577 35981).
3578 * BREAKING CHANGE: The 'mediawiki.legacy.wikiprintable' module has been removed.
3579 The skins/common/wikiprintable.css file no longer exists. Return value of
3580 Skin#commonPrintStylesheet is ignored. Please use the 'mediawiki.legacy.commonPrint'
3581 module instead or base your skin on SkinTemplate.
3582 * (bug 49629) The hook ExtractThumbParameters has been deprecated in favour
3583 of media handler overriding MediaHandler::parseParamString.
3584 * (bug 46512) The collapsibleNav feature from the Vector extension has been moved
3585 to the Vector skin in core.
3586 * SpecialRecentChanges::addRecentChangesJS() function has been renamed
3587 to addModules() and made protected.
3588 * Methods WatchAction::doWatch and WatchAction::doUnwatch now return a Status
3589 object instead of a boolean.
3590 * Information boxes (CSS classes errorbox, warningbox, successbox) have been
3591 made more subtle.
3592 * BREAKING CHANGE: The module 'mediawiki.legacy.IEFixes' has been removed as it was
3593 unused. The file skins/common/IEFixes.js remains but is only used by wikibits.
3594 The file never contained any re-usable components. To use it in a skin, load
3595 'mediawiki.legacy.wikibits' (which IEFixes depends on) and that will import
3596 IEFixes automatically if user agent conditions are met.
3597 * Code specific to the Math extension was marked as deprecated.
3598 * mediawiki.util: mw.util.wikiGetlink has been renamed to getUrl. (The old name
3599 still works, but is deprecated.)
3600
3601 = MediaWiki 1.21 =
3602
3603 == MediaWiki 1.21.11 ==
3604 This is a security and maintenance release of the MediaWiki 1.21 branch.
3605
3606 === Changes since 1.21.10 ===
3607 * (bug 65839) SECURITY: Prevent external resources in SVG files.
3608 * (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like only extracting the tail of the file partially or not at all.
3609
3610 == MediaWiki 1.21.10 ==
3611 This is a security and maintenance release of the MediaWiki 1.21 branch.
3612
3613 === Changes since 1.21.9 ===
3614 * (bug 65501) SECURITY: Don't parse usernames as wikitext on Special:PasswordReset.
3615 * (bug 36356) Add space between two feed links.
3616
3617 == MediaWiki 1.21.9 ==
3618 This is a security and maintenance release of the MediaWiki 1.21 branch.
3619
3620 === Changes since 1.21.8 ===
3621 * (bug 63251) SECURITY: Escape sortKey in pageInfo.
3622 * (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to appear blank or with missing text.
3623
3624 == MediaWiki 1.21.8 ==
3625 This is a security and maintenance release of the MediaWiki 1.21 branch.
3626
3627 === Changes since 1.21.7 ===
3628 * (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword.
3629 * (bug 62467) Set a title for the context during import on the cli.
3630
3631 == MediaWiki 1.21.7 ==
3632 This is a maintenance release of the MediaWiki 1.21 branch.
3633
3634 === Changes since 1.21.6 ===
3635 * Use the correct branch of the extensions' git repositories.
3636
3637 == MediaWiki 1.21.6 ==
3638 This is a security release of the MediaWiki 1.21 branch.
3639
3640 === Changes since 1.21.5 ===
3641 * (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. * User will get an error including the namespace name if they use a non- whitelisted namespace.
3642 * (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time.
3643 * (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.
3644
3645 == MediaWiki 1.21.5 ==
3646 This is a security release of the MediaWiki 1.21 branch.
3647
3648 === Changes since 1.21.4 ===
3649 * (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media formats
3650
3651 == MediaWiki 1.21.4 ==
3652 This is a security release of the MediaWiki 1.21 branch.
3653
3654 === Changes since 1.21.3 ===
3655 * (bug 57550) SECURITY: Disallow stylesheets in SVG Uploads
3656 * (bug 58088) SECURITY: Don't normalize U+FF3C to \ in CSS Checks
3657 * (bug 58472) SECURITY: Disallow -o-link in styles
3658 * (bug 58553) SECURITY: Return error on invalid XML for SVG Uploads
3659 * (bug 58699) SECURITY: Fix RevDel log entry information leaks
3660
3661 == MediaWiki 1.21.3 ==
3662 This is a security and maintenance release of the MediaWiki 1.21 branch.
3663
3664 === Changes since 1.21.2 ===
3665 * (bug 53032) SECURITY: Don't cache when a call could autocreate
3666 * (bug 55332) SECURITY: Improve css javascript detection
3667 * (bug 49717) Fix behaviour $wgVerifyMimeType = false; in Upload
3668 * Fix comma errors in various js files
3669 * Translations
3670
3671 == MediaWiki 1.21.2 ==
3672 This is a security and maintenance release of the MediaWiki 1.21 branch.
3673
3674 === Changes since 1.21.1 ===
3675 * SECURITY: Fix extension detection with 2 .'s
3676 * SECURITY: Support for the 'gettoken' parameter to action=block and action=unblock, deprecated since 1.20, has been removed.
3677 * SECURITY: Sanitize ResourceLoader exception messages
3678 * Purge upstream caches when deleting file assets.
3679 * Unit test suite now runs the AutoLoader tests. Also fixed the autoloading entry for the PageORMTableForTesting class though it had no impact.
3680
3681 == MediaWiki 1.21.1 ==
3682 This is a maintenance release of the MediaWiki 1.21 branch.
3683
3684 === Changes since 1.21.0 ===
3685 * An incorrect version number was used for 1.21.0. 1.21.1 has the correct number.
3686 * A problem with the Oracle SQL table creation was fixed.
3687 * (PdfHandler extension) Fix warning if pdfinfo fails but pdftext succeeds.
3688
3689 == MediaWiki 1.21.0 ==
3690
3691 === Configuration changes in 1.21 ===
3692 * (bug 29374) $wgVectorUseSimpleSearch is now enabled by default.
3693 * Deprecated $wgAllowRealName is removed. Use $wgHiddenPrefs[] = 'realname'
3694 instead.
3695 * (bug 39957) Added $wgUnwatchedPageThreshold, specifying minimum count
3696 of page watchers required for the number to be accessible to users
3697 without the unwatchedpages permission.
3698 * $wgBug34832TransitionalRollback has been removed.
3699 * (bug 29472) $wgUseDynamicDates has been removed and its functionality
3700 disabled.
3701
3702 === New features in 1.21 ===
3703 * (bug 38110) Schema changes (adding or dropping tables, indices and
3704 fields) can be now be done separately from other changes that
3705 update.php makes. This is useful in environments that use database
3706 permissions to restrict schema changes but allow the DB user that
3707 MediaWiki normally runs as to perform other changes that update.php
3708 makes. Schema changes can be run separately. See the file UPGRADE
3709 for more information.
3710 * (bug 34876) jquery.makeCollapsible has been improved in performance.
3711 * Added ContentHandler facility to allow extensions to support other content
3712 than wikitext. See docs/contenthandler.txt for details.
3713 * New feature was developed for showing high-DPI thumbnails for high-DPI mobile
3714 and desktop displays (configurable with $wgResponsiveImages).
3715 * Added new backend to represent and store information about sites and site
3716 specific configuration.
3717 * jQuery upgraded from 1.8.2 to 1.8.3.
3718 * jQuery UI upgraded from 1.8.23 to 1.8.24.
3719 * Added separate fa_sha1 field to filearchive table. This allows sha1
3720 searches with the api in miser mode for deleted files.
3721 * Add initial and programmatic sorting for tablesorter.
3722 * Add the event "sortEnd.tablesorter", triggered after sorting has completed.
3723 * The Job system was refactored to allow for different backing stores for
3724 queues as well as cross-wiki access to queues, among other things. The schema
3725 for the DB queue was changed to support better concurrency and reduce
3726 deadlock errors.
3727 * Added ApiQueryORM class to facilitate creation of query API modules based on
3728 tables that have a corresponding ORMTable class.
3729 * (bug 40876) Icon for PSD (Adobe Photoshop) file types.
3730 * (bug 40641) Implemented Special:Version/Credits with a list of contributors.
3731 * (bug 7851) Implemented one-click AJAX patrolling.
3732 * The <data>, <time>, <meta>, and <link> elements are allowed within WikiText
3733 for use with Microdata.
3734 * The HTML5 <mark> tag has been whitelisted.
3735 * Added ParserCloned hook for when the Parser object is cloned.
3736 * Added AlternateEditPreview hook to allow extensions to replace the page
3737 preview from the edit page.
3738 * Added EditPage::showStandardInputs:options hook to allow extensions to add
3739 new fields to the "editOptions" area of the edit form.
3740 * Upload stash DB schema altered to improve upload performance.
3741 * The following global functions are now reporting deprecated warnings in
3742 debug mode: wfMsg, wfMsgNoTrans, wfMsgForContent, wfMsgForContentNoTrans,
3743 wfMsgReal, wfMsgGetKey, wfMsgHtml, wfMsgWikiHtml, wfMsgExt, wfEmptyMsg. Use
3744 the Message class, or the global method wfMessage.
3745 * Added $wgEnableCanonicalServerLink, off by default. If enabled, a
3746 <link rel=canonical> tag is added to every page indicating the correct server
3747 to use.
3748 * Debug message emitted by wfDebugLog() will now be prefixed with the group
3749 name when its logged to the default log file. That is the case whenever the
3750 group has no key in wgDebugLogGroups, that will help triage the default log.
3751 * (bug 24620) Add types to LogFormatter.
3752 * jQuery JSON upgraded from 2.3 to 2.4.0.
3753 * Added GetDoubleUnderscoreIDs hook, for modifying the list of magic words.
3754 * DatabaseUpdater class has two new methods to ease extensions schema changes:
3755 dropExtensionIndex and renameExtensionIndex.
3756 * New preference type - 'api'. Preferences of this type are not shown on
3757 Special:Preferences, but are still available via the action=options API.
3758 * (bug 39397) Hide rollback link if a user is the only contributor of the page.
3759 * $wgPageInfoTransclusionLimit limits the list size of transcluded articles
3760 on the info action. Default is 50.
3761 * Added action=createaccount to allow user account creation.
3762 * (bug 40124) action=options API also allows for setting of arbitrary
3763 preferences, provided that their names are prefixed with 'userjs-'. This
3764 officially reenables the feature that was undocumented and defective
3765 in MW 1.20 (saving preferences using Special:Preferences cleared any
3766 additional fields) and which has been disabled in 1.20.1 as a part of
3767 a security fix (bug 42202).
3768 * Added option to specify "others" as author in extension credits using
3769 "..." as author name.
3770 * Added the ability to limit the wall clock time used by shell processes,
3771 as well as the CPU time. Configurable with $wgMaxShellWallClockTime.
3772 * Allow memory of shell subprocesses to be limited using Linux cgroups
3773 instead of ulimit -v, which tends to cause deadlocks in recent versions
3774 of ImageMagick. Configurable with $wgShellCgroup.
3775 * Added $wgWhitelistReadRegexp for regex whitelisting.
3776 * (bug 5346) Categories that are redirects will be displayed italic in
3777 the category links section at the bottom of a page.
3778 * (bug 43915) New maintenance script deleteEqualMessages.php.
3779 * You can now create checkbox option matrices through the HTMLCheckMatrix
3780 subclass in HTMLForm.
3781 * WikiText now permits the use of WAI-ARIA's role="presentation" inside of
3782 html elements and tables. This allows presentational markup, especially
3783 tables. To be marked up as such.
3784 * maintenance/sql.php learned the --cluster option. Let you run the script
3785 on some external cluster instead of the primary cluster for a given wiki.
3786 * (bug 20281) test the parsing of inline URLs.
3787 * Added Special:PagesWithProp, which lists pages using a particular page property.
3788 * Implemented language-specific collations for category sorting for 67 languages
3789 based in latin, greek and cyrillic alphabets. This allows one to *finally* get
3790 articles to be correctly sorted on category pages. They are named
3791 'uca-<langcode>', where <langcode> is one of: af, ast, az, be, bg, br, bs, ca,
3792 co, cs, cy, da, de, dsb, el, en, eo, es, et, eu, fi, fo, fr, fur, fy, ga, gd,
3793 gl, hr, hsb, hu, is, it, kk, kl, ku, ky, la, lb, lt, lv, mk, mo, mt, nl, no,
3794 oc, pl, pt, rm, ro, ru, rup, sco, sk, sl, smn, sq, sr, sv, tk, tl, tr, tt, uk,
3795 uz, vi.
3796 * Added 'CategoryAfterPageAdded' and 'CategoryAfterPageRemoved' hooks.
3797 * Added 'HistoryRevisionTools' and 'DiffRevisionTools' hooks.
3798 * Added 'SpecialSearchResultsPrepend' and 'SpecialSearchResultsAppend' hooks.
3799 * (bug 33186) Add image rotation api "imagerotate"
3800 * (bug 34040) Add "User rights management" link on user page toolbox.
3801 * (bug 45526) Add QUnit assertion helper "QUnit.assert.htmlEqual" for asserting
3802 structual equality of HTML (ignoring insignificant differences like
3803 quotmarks, order and whitespace in the attribute list).
3804 * (bug 23393) HTML <hN> headings containing line breaks are now handled
3805 correctly.
3806 * (bug 45803) Whitespace within == Headline == syntax and within <hN> headings
3807 is now non-significant and not preserved in the HTML output.
3808
3809 === Bug fixes in 1.21 ===
3810 * (bug 40353) SpecialDoubleRedirect should support interwiki redirects.
3811 * (bug 40352) fixDoubleRedirects.php should support interwiki redirects.
3812 * (bug 9237) SpecialBrokenRedirect should not list interwiki redirects.
3813 * (bug 34960) Drop unused fields rc_moved_to_ns and rc_moved_to_title from
3814 recentchanges table.
3815 * (bug 32951) Do not register internal externals with absolute protocol,
3816 when server has relative protocol.
3817 * (bug 39005) When purging proxies listed in $wgSquidServers using HTTP PURGE
3818 method requests, we now send a Host header by default, for Varnish
3819 compatibility. This also works with Squid in reverse-proxy mode. If you wish
3820 to support Squid configured in forward-proxy mode, set
3821 $wgSquidPurgeUseHostHeader to false.
3822 * (bug 37020) sql.php with readline eats semicolon.
3823 * (bug 11748) Properly handle optionally-closed HTML tags when Tidy is
3824 disabled, and don't wrap HTML-syntax definition lists in paragraphs.
3825 * (bug 41409) Diffs while editing an old revision should again diff against the
3826 current revision.
3827 * (bug 41494) Honor $wgLogExceptionBacktrace when logging non-API exceptions
3828 caught during API execution.
3829 * (bug 37963) Fixed loading process for user options.
3830 * (bug 26995) Update filename field on Upload page after having sanitized it.
3831 * (bug 41793) Contribution links to users with 0 edits on Special:ListUsers
3832 didn't show up red.
3833 * (bug 41899) A PHP notice no longer occurs when using the "rvcontinue" API
3834 parameter.
3835 * (bug 42036) Account creation emails now contain canonical (not
3836 protocol-relative) URLs.
3837 * (bug 41990) Fix regression: API edit with redirect=true and lacking
3838 starttimestamp and basetimestamp should not cause an edit conflict.
3839 * (bug 41706) EditPage: Preloaded page should be converted if possible and
3840 needed.
3841 * (bug 41886) Rowspans are no longer exploded by tablesorter until the table is
3842 actually sorted.
3843 * (bug 2865) User interface HTML elements don't use lang attribute.
3844 (completed the fix by adding the lang attribute to firstHeading).
3845 * (bug 42173) Removed namespace prefixes on Special:UncategorizedCategories.
3846 * (bug 36053) Log in "returnto" feature forgets query parameters if no
3847 title parameter was specified.
3848 * (bug 42410) API action=edit now returns correct timestamp for the new edit.
3849 * (bug 14901) Email notification mistakes log action for new page creation.
3850 Enotif no longer sends "page has been created" notifications for some log
3851 actions. The following events now have a correct message: page creation,
3852 deletion, move, restore (undeletion), change (edit). Parameter
3853 $CHANGEDORCREATED is deprecated in 'enotif_body' and scheduled for removal in
3854 MediaWiki 1.23.
3855 * (bug 457) In the sidebar of Vector, CologneBlue, Monobook, and Monobook-based
3856 skins, the heading levels have been changed from (variously per skin)
3857 <h4>, <h5> or <h6> to only <h3>s, with a <h2> hidden heading above them.
3858 If you are styling or scripting the headings in a custom way, this change
3859 will require updates to your site's CSS or JS.
3860 * (bug 41342) jquery.suggestions should cancel any active (async) fetches
3861 before it triggers another fetch.
3862 * (bug 42184) $wgUploadSizeWarning missing second variable.
3863 * (bug 34581) removeUnusedAccounts.php maintenance script now ignores newuser
3864 log when determining whether an account is used.
3865 * (bug 43379) Gracefully fail if rev_len is unavailable for a revision on the
3866 History page.
3867 * (bug 42949) API no longer assumes all exceptions are MWException.
3868 * (bug 41733) Hide "New user message" (.usermessage) element from printable view.
3869 * (bug 39062) Special:Contributions will display changes that don't have
3870 a parent id instead of just an empty bullet item.
3871 * (bug 37209) "LinkCache doesn't currently know about this title" error fixed.
3872 * wfMerge() now works if $wgDiff3 contains spaces
3873 * (bug 43052) mediawiki.action.view.dblClickEdit.dblClickEdit should trigger
3874 ca-edit click instead opening URL directly.
3875 * (bug 43964) Invalid value of "link" parameter in <gallery> no longer produces
3876 a fatal error.
3877 * (bug 44775) The username field is not pre-filled when creating an account.
3878 * (bug 45069) wfParseUrl() no longer produces a PHP notice if passed a "mailto:"
3879 URL without address
3880 * (bug 45012) Creating an account by e-mail can no longer show a
3881 "password mismatch" error.
3882 * (bug 44599) On Special:Version, HEADs for submodule checkouts (e.g. for
3883 extensions) performed using Git 1.7.8+ should now appear.
3884 * (bug 42184) $wgUploadSizeWarning missing second variable
3885 * (bug 40326) Check if files exist with a different extension during uploading
3886 * (bug 34798) Updated CSS for Atom/RSS recent changes feeds to match on-wiki diffs.
3887 * (bug 42430) Calling numRows on MySQL no longer propagates unrelated errors.
3888 * (bug 44719) Removed mention of non-existing maintenance/migrateCurStubs.php
3889 script in includes/DefaultSettings.php
3890 * (bug 45143) jquery.badge: Treat non-Latin variants of zero as zero as well.
3891 * (bug 46151) mwdocgen.php should not ignore exit code of doxygen command.
3892 * (bug 41889) Fix $.tablesorter rowspan exploding for complex cases.
3893
3894 === API changes in 1.21 ===
3895 * prop=revisions can now report the contentmodel and contentformat.
3896 See docs/contenthandler.txt.
3897 * action=edit and action=parse now support contentmodel and contentformat
3898 parameters to control the interpretation of page content.
3899 See docs/contenthandler.txt for details.
3900 * (bug 35693) ApiQueryImageInfo now suppresses errors when unserializing metadata.
3901 * (bug 40111) Disable minor edit for page/section creation by API.
3902 * (bug 41042) Revert change to action=parse&page=... behavior when the page
3903 does not exist.
3904 * (bug 27202) Add timestamp sort to list=allimages.
3905 * (bug 43137) Don't return the sha1 of revisions through the API if the content is
3906 revision-deleted.
3907 * ApiQueryImageInfo now also returns imageinfo for redirects.
3908 * list=alltransclusions added to enumerate every instance of page embedding
3909 * list=alllinks & alltransclusions now allow both 'from' and 'continue' in
3910 the same query. When both are present, 'from' is simply ignored.
3911 * list=alllinks & alltransclusions now allow 'unique' in generators, to yield
3912 a list of all link/template target pages instead of source pages.
3913 * BREAKING CHANGE: list=logevents output format changed for details of some log
3914 types. Specifically, details that were formerly reported under a key like
3915 "4::foo" will now be reported under a key of simply "foo".
3916 * BREAKING CHANGE: '??_badcontinue' error code was changed to '??badcontinue'
3917 for all query modules.
3918 * ApiQueryBase adds 'badcontinue' error code if module has 'continue' parameter.
3919 * (bug 35885) Removed version parameter and all getVersion() methods.
3920 * action=options now takes a "resetkinds" option, which allows only resetting
3921 certain types of preferences when the "reset" option is set.
3922 * (bug 36751) ApiQueryImageInfo now returns imageinfo for the redirect target
3923 when queried with &redirects=.
3924 * (bug 31849) ApiQueryImageInfo no longer gets confused when asked for info on
3925 a redirect and its target.
3926 * (bug 43849) ApiQueryImageInfo no longer throws exceptions with ForeignDBRepo
3927 redirects.
3928 * On error, any warnings generated before that error will be shown in the result.
3929 * action=help supports generalized submodules (modules=query+value), querymodules obsolete
3930 * ApiQueryImageInfo continuation is more reliable. The only major change is
3931 that the imagerepository property will no longer be set on page objects not
3932 processed in the current query (i.e. non-images or those skipped due to
3933 iicontinue).
3934 * Add supports for all pageset capabilities - generators, redirects, converttitles to
3935 action=purge and action=setnotificationtimestamp.
3936 * (bug 43251) prop=pageprops&ppprop= now accepts multiple props to query.
3937 * ApiQueryImageInfo will now limit the number of calls to File::transform made
3938 in any one query. If there are too many, iicontinue will be returned.
3939 * action=query&meta=siteinfo&siprop=general will now return the regexes used for
3940 link trails and link prefixes. Added for Parsoid support.
3941 * Added an API query module list=pageswithprop, which lists pages using a
3942 particular page property.
3943 * Added an API query module list=pagepropnames, which lists all page prop names
3944 currently in use on the wiki.
3945 * (bug 44921) ApiMain::execute() will now return after the CORS check for an
3946 HTTP OPTIONS request.
3947 * (bug 44923) action=upload works correctly if the entire file is uploaded in
3948 the first chunk.
3949 * Added 'continue=' parameter to streamline client iteration over complex query results
3950 * (bug 44909) API parameters may now be marked as type "upload", which is now
3951 used for action=upload's 'file' and 'chunk' parameters. This type will raise
3952 an error during parameter validation if the parameter is given but not
3953 recognized as an uploaded file.
3954 * (bug 44244) prop=info may now return the number of people watching each page.
3955 * (bug 33304) list=allpages will no longer return duplicate entries when
3956 querying protection.
3957 * (bug 33304) list=allpages will now find really old indefinite protections.
3958 * (bug 45937) meta=allmessages will report a syntactically invalid lang as a
3959 proper error instead of as an uncaught exception.
3960 * (bug 25325) added support for wlshow filtering (bots/anon/minor/patrolled)
3961 to action=feedwatchlist
3962 * WDDX formatted output will actually be formatted (and normal output will no
3963 longer be), and will no longer choke on booleans.
3964
3965 === API internal changes in 1.21 ===
3966 * For debugging only, a new global $wgDebugAPI removes many API restrictions when true.
3967 Never use on the production servers, as this flag introduces security holes.
3968 Whenever enabled, a warning will also be added to all output.
3969 * ApiModuleManager now handles all submodules (actions,props,lists) and instantiation
3970 * Query stores prop/list/meta as submodules
3971 * ApiPageSet can now be used in any action to process titles/pageids/revids or any generator.
3972 * BREAKING CHANGE: ApiPageSet constructor now has two params instead of three, with only the
3973 first one keeping its meaning. ApiPageSet is now derived from ApiBase.
3974 * BREAKING CHANGE: ApiQuery::newGenerator() and executeGeneratorModule() were deleted.
3975 * ApiQueryGeneratorBase::setGeneratorMode() now requires a pageset param.
3976 * $wgAPIGeneratorModules is now obsolete and will be ignored.
3977 * Added flags ApiResult::OVERRIDE and ADD_ON_TOP to setElement() and addValue()
3978 * Internal API calls will now include <warnings> in case of unused parameters
3979
3980 === Languages updated in 1.21 ===
3981
3982 MediaWiki supports over 350 languages. Many localisations are updated
3983 regularly. Below only new and removed languages are listed, as well as
3984 changes to languages because of Bugzilla reports.
3985
3986 * South Azerbaijani (azb) added.
3987 * (bug 30040) Autonym for nds-nl is now 'Nedersaksies' (was 'Nedersaksisch').
3988 * (bug 45436) Autonym for pi (Pali) is now 'पालि' (was ''पाळि').
3989 * (bug 34977) Now formatted numbers in Spanish use space as separator
3990 for thousands, as mandated by the Real Academia Española.
3991 * (bug 35031) Kurdish formatted numbers now use period and comma
3992 as separators for thousands and decimals respectively.
3993
3994 === Other changes in 1.21 ===
3995 * BREAKING CHANGE: (bug 44385) Removed the jquery.collapsibleTabs module and
3996 moved it to the Vector extension. It was entirely Vector-extension-specific,
3997 deeply interconnected with the extension, and this functionality really
3998 belongs to the extension instead of the skin anyway. In the unlikely case you
3999 were using it, you have to either copy it to your extension, or install the
4000 Vector extension (and possibly disable its features using config settings if
4001 you don't want them).
4002 * Experimental IBM DB2 support was removed due to lack of interest and maintainership
4003 * BREAKING CHANGE: Filenames of maintenance scripts were standardized into
4004 lowerCamelCase format, and made more explicit:
4005 - clear_stats.php -> clearCacheStats.php
4006 - clear_interwiki_cache.php -> clearInterwikiCache.php
4007 - initStats.php -> initSiteStats.php
4008 - proxy_check.php -> proxyCheck.php
4009 - stats.php -> showCacheStats.php
4010 - showStats.php -> showSiteStats.php.
4011 Class names were renamed accordingly:
4012 - clear_stats -> ClearCacheStats
4013 - InitStats -> InitSiteStats
4014 - CacheStats -> ShowCacheStats
4015 - ShowStats -> ShowSiteStats.
4016 * BREAKING CHANGE: (bug 38244) Removed the mediawiki.api.titleblacklist module
4017 and moved it to the TitleBlacklist extension.
4018
4019 = MediaWiki 1.20 =
4020
4021 == MediaWiki 1.20.8 ==
4022 This is a security release of the MediaWiki 1.20 branch.
4023
4024 === Changes since 1.20.7 ===
4025 * (bug 53032) SECURITY: Don't cache when a call could autocreate
4026 * (bug 55332) SECURITY: Improve css javascript detection
4027 * (bug 49717) Fix behaviour $wgVerifyMimeType = false; in Upload
4028 * Fix comma errors in various js files
4029 * Translations
4030
4031 == MediaWiki 1.20.7 ==
4032 This is a security release of the MediaWiki 1.20 branch.
4033
4034 === Changes since 1.20.6 ===
4035 * SECURITY: Fix extension detection with 2 .'s
4036 * SECURITY: Token-getting functions will fail when using jsonp callbacks.
4037 * SECURITY: Sanitize ResourceLoader exception messages
4038 * Purge upstream caches when deleting file assets.
4039
4040 == MediaWiki 1.20.6 ==
4041 This is a security and maintenance release of the MediaWiki 1.20 branch.
4042
4043 === Changes since 1.20.5 ===
4044 * (bug 48306) SECURITY: Run file validation checks on chunked uploads, and chunks of upload, during the upload process.
4045 * (bug 44327) mediawiki.user: Use session ID instead of 1-year cross-session cookies
4046 * (bug 47202) wikibits: FF2Fixes.css should not be loaded in Firefox 20.
4047 * (bug 31044) Make ResourceLoader behave in read-only mode
4048
4049 == MediaWiki 1.20.5 ==
4050 This is a security and maintenance release of the MediaWiki 1.20 branch.
4051
4052 === Changes since 1.20.4 ===
4053 * (bug 46590) Add hook AbortChangePassword to Special:ChangePassword
4054 * (bug 47304) SECURITY: Check SVG xml encoding against whitelist
4055 * Localisation updates from http://translatewiki.net.
4056 * mwdocgen.php: Implement --version option.
4057 * Remove svnstat stuff used in Doxygen generation
4058 * (bug 43594) Correctly supress warnings that were missed after the upstream
4059 * PHP change to E_STRICT being included in E_ALL.
4060
4061 == MediaWiki 1.20.4 ==
4062 This is a security release of the MediaWiki 1.20 branch.
4063
4064 === Changes since 1.20.3 ===
4065 * (bug 47251) SECURITY: Disable external entities in Import
4066 * (bug 46859) SECURITY: Disable external entities in XMLReader
4067 * (bug 46084) SECURITY: Sanitize $limitReport before outputting
4068
4069 == MediaWiki 1.20.3 ==
4070 This is a security and maintenance release of the MediaWiki 1.20 branch.