-Change notes from older releases. For current info see RELEASE-NOTES-1.33.
+Change notes from older releases. For current info see RELEASE-NOTES-1.34.
= MediaWiki 1.32 =
+== MediaWiki 1.32.2 ==
+
+This is a security and maintenance release of the MediaWiki 1.32 branch.
+
+=== Changes since MediaWiki 1.32.1 ===
+* (T204423) Backport support for hyphenated DB names in JobQueueGroup.
+* (T216968) Return pageid as int in both list=iwbacklinks and
+ list=langbacklinks.
+* (T215169) Fix for Database::update() with IGNORE option fails on PostgreSQL.
+* (T199474) Fix typo in rebuildrecentchanges.php resulting in rogue flags.
+* (T218608) SECURITY: Fix an issue that prevents Extension:OAuth working when
+ $wgBlockDisablesLogin is true.
+* (T216029) Chrome redirects to Special:BadTitle after editing a section with
+ a non-Latin name on a page with non-Latin characters in title.
+* Unbreak language related maintenance scripts that use StaticArrayWriter.
+* (T219728) Added support for new Japanese era name "Reiwa".
+* (T25227) SECURITY: action=logout now requires to be posted and have a csrf
+ token.
+* Updated cssjanus/cssjanus from 1.2.0 to 1.3.0.
+* (T221045) Remove orphaned code from ConfigRepository.
+* (T222385) resourceloader: Use AND instead of OR for upsert conds in
+ saveFileDependencies().
+* (T224374) Fix message parameters so that the message that says SQLite is
+ out of date makes sense.
+* (T200471) Prevent LBFactorySimple breaking ExternalStorage, when trying to
+ connect to external server with local database name.
+* (T197279) SECURITY: Fix reauth in Special:ChangeEmail.
+* (T208881) SECURITY: blacklist CSS var().
+* (T209794) SECURITY: rate-limit and prevent blocked users from changing email.
+* (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
+* (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
+* (T222036, T222038) SECURITY: Add permission check for user is permitted to
+ view the log type.
+* (T221739) SECURITY: resources: Patch jQuery 3.3.1 for CVE-2019-11358.
+
== MediaWiki 1.32.1 ==
=== Changes since MediaWiki 1.32.0 ===
= MediaWiki 1.31 =
+== MediaWiki 1.31.2 ==
+
+This is a security and maintenance release of the MediaWiki 1.31 branch.
+
+Required PHP version has been increased from 7.0.0 to 7.0.13.
+
+=== Changes since MediaWiki 1.31.1 ===
+* (T204729) WatchedItemStore::countVisitingWatchersMultiple() shouldn't query
+ all titles when asked for none.
+* (T205967) Fix syntax error typo in postgres database upgrade file.
+* (T200254) Add pear/Net_SMTP 1.7.3 to composer dependencies.
+* (T206765) Load installer i18n when running update.php.
+* (T109121) Remove deprecated pear/mail_mime-decode from composer suggested
+ libraries.
+ [Also in the bundled composer /vendor directory.]
+* Various PHP 7.2 and 7.3 compatibility fixes:
+ * (T200595, T206974) Fix PHP 7.3 warnings of using "continue" in some
+ scenarios instead of "break".
+ * (T206976, T206977) Also in the bundled LocalisationUpdate and
+ ParserFunctions extensions.
+ * (T206979) Fix PHP 7.3 warnings of using "compact()" when some variables may
+ not be set.
+ * (T215632) FormatMetadata and UploadStash regexes fixed to be PHP
+ 7.3-compatible.
+ * Fix PHP warnings "preg_replace(): [...] invalid range in character class.
+ * Avoid PHP 7.2 warnings in DBConRefTest about count() on non-Countable.
+ * Suppress "Headers already sent" in PHP 7.2 too.
+ * (T206476) Output only to stderr in unit tests.
+ * (T207112) Add session_write_close() calls to SessionManager tests.
+ * oyejorge/less.php replaced with our fork wikimedia/less.php
+ * (T209756) Updated wikimedia/ip-set from 1.2.0 to 1.3.0.
+ * (T213489) Avoid session double-start in Setup.php.
+ * (T206975) Switch to our fork of less.php.
+* (T207540) Include IP address in "Login for $1 succeeded" log entry.
+* (T201781) Database: Allow selectFieldValues() to accept SQL fragments.
+* (T205765) installer: Don't link to the obsolete "Extension Matrix" page.
+* (T206013) Update ImportableUploadRevisionImporter for interwiki usernames.
+* (T207541) Pass an email address, not a MailAddress, to mail().
+* (T207603) SECURITY: User JS may no longer be loaded with mime type
+ text/javascript if there is no account associated with the username.
+* (T112937, T113042) SECURITY: Do not allow loading pages raw with a
+ text/javascript MIME
+ type if non-admins can edit the page.
+* (T17491) <ins>/<del> elements can be phrasing or flow.
+* (T200827) RemexCompatMunger: Don't call endTag() in case B/b
+* (T207088) Upgrade wikimedia/remex-html to 2.0.1.
+ [Also in the bundled composer /vendor directory.]
+* (T194052) Updated wikimedia/base-convert from 1.0.1 to 2.0.0.
+ [Also in the bundled composer /vendor directory.]
+* (T199494) Fix notices in maintenance/removeUnusuedAccounts.php.
+* Require ext-fileinfo in composer.json, per PHPVersionCheck.
+* (T176390) Bundled LocalisationUpdate extension: Handle exceptions from
+ GitHubFetcher.
+* (T208255) Completion search should not change the search query.
+* (T209870) Fix SQL syntax error in MS-SQL initialisation file for new wikis.
+* (T185049) LogFormatter: Fail softer when trying to link an invalid titles.
+* (T210998) Properly set $wgLanguageCode in the generated LocalSettings.php
+ if --lang is used with the command-line installer (install.php).
+* (T211061) ImageListPager: Actor migration for buildQueryConds().
+* (T209335) Clarify the default sidebar 'Help' link is about MediaWiki itself.
+* Fix addition of ug_expiry column to user_groups table on MSSQL.
+* (T204767) Add join conditions to ActiveUsersPager.
+* (T210621) User: Bypass repeatable-read when creating an actor_id.
+* (T204531) rdbms: reduce LoadBalancer replication log spam.
+* (T195525) Fix db error outage page.
+* (T208871) The hard-coded Google search form on the database error page was
+ removed.
+* (T176097) Fix flaky MessageBlobStoreTest assertion failures.
+* (T209423) Update required PHP version to 7.0.13.
+* (T209885) Prevent populateSearchIndex.php from breaking once actor migration
+ has been started.
+* (T216968) Return pageid as int in both list=iwbacklinks and
+ list=langbacklinks.
+* (T215169) Fix for Database::update() with IGNORE option fails on PostgreSQL.
+* (T204423) Backport support for hyphenated DB names in JobQueueGroup.
+* (T199474) Fix typo in rebuildrecentchanges.php resulting in rogue flags.
+* (T218608) SECURITY: Fix an issue that prevents Extension:OAuth working when
+ $wgBlockDisablesLogin is true.
+* (T216029) Chrome redirects to Special:BadTitle after editing a section with
+ a non-Latin name on a page with non-Latin characters in title.
+* (T219728) Added support for new Japanese era name "Reiwa".
+* (T25227) SECURITY: action=logout now requires to be posted and have a csrf
+ token.
+* Updated cssjanus/cssjanus from 1.2.0 to 1.3.0.
+* (T222385) resourceloader: Use AND instead of OR for upsert conds in
+ saveFileDependencies().
+* (T224374) Fix message parameters so that the message that says SQLite is out
+ of date makes sense.
+* SpecialPage::checkLoginSecurityLevel() will now preserve POST data when
+ reauthenticating.
+* FormSpecialPage::execute() will now call checkLoginSecurityLevel() if
+ getLoginSecurityLevel() returns non-false.
+* (T197279) SECURITY: Fix reauth in Special:ChangeEmail.
+* (T208881) SECURITY: blacklist CSS var().
+* (T209794) SECURITY: rate-limit and prevent blocked users from changing email.
+* (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
+* (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
+* (T222036, T222038) SECURITY: Add permission check for user is permitted to
+ view the log type.
+* (T221739) SECURITY: resources: Patch jQuery 3.2.1 for CVE-2019-11358.
+
== MediaWiki 1.31.1 ==
This is a security and maintenance release of the MediaWiki 1.31 branch.
* (T196185) Don't allow setting $wgDBmysql5 in the installer.
* (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported.
* (T182366) UploadBase::checkXMLEncodingMissmatch() now works on PHP 7.1+
-* (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete hook.
+* (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete
+ hook.
* (T196672) The mtime of extension.json files is now able to be zero
* (T180403) Validate $length in padleft/padright parser functions.
* (T143790) Make $wgEmailConfirmToEdit only affect edit actions.
apply patch-drop-ar_text.sql manually, you'll have to apply a default value
to the ar_text and ar_flags columns of the archive table or make those
columns nullable before upgrading to MediaWiki 1.31.
- maintenance/archives/patch-nullable-ar_text.sql shows how to do this for MySQL.
+ maintenance/archives/patch-nullable-ar_text.sql shows how to do this for
+ MySQL.
=== Configuration changes in 1.31 ===
* $wgEnableAPI and $wgEnableWriteAPI are now deprecated and will be removed in
* Passing a ParserOptions object to OutputPage::parserOptions() is deprecated.
* The RevisionInsertComplete hook is now deprecated; use instead the hook
RevisionRecordInserted. RevisionInsertComplete is still called, but the second
- and third parameter will always be null. Hard deprecation is scheduled for 1.32.
+ and third parameter will always be null. Hard deprecation is scheduled for
+ 1.32.
* The following methods that get and set ParserOutput state are deprecated.
Callers should use the new stateless $options parameter to
ParserOutput::getText() instead.
= MediaWiki 1.30 =
+== MediaWiki 1.30.2 ==
+
+This is a security and maintenance release of the MediaWiki 1.30 branch.
+
+=== Changes since MediaWiki 1.30.1 ===
+* (T204729) WatchedItemStore::countVisitingWatchersMultiple() shouldn't query
+ all titles when asked for none.
+* (T109121) Remove deprecated pear/mail_mime-decode from composer suggested
+ libraries.
+* (T207540) Include IP address in "Login for $1 succeeded" log entry.
+* (T205765) Don't link to the obsolete "Extension Matrix" page in installer.
+* (T207603) SECURITY: User JS may no longer be loaded with mime type
+ text/javascript if there is no account associated with the username.
+* (T113042) SECURITY: Do not allow loading pages raw with a text/javascript MIME
+ type if non-admins can edit the page.
+* (T207541) Pass email address to mail().
+* Fix addition of ug_expiry column to user_groups table on MSSQL.
+* (T204531) rdbms: reduce LoadBalancer replication log spam.
+* (T213489) Avoid session double-start in Setup.php.
+* (T195525) Fix db error outage page.
+* (T208871) The hard-coded Google search form on the database error page was
+ removed.
+* (T216968) Return pageid as int in both list=iwbacklinks and
+ list=langbacklinks.
+* (T218608) SECURITY: Fix an issue that prevents Extension:OAuth working when
+ $wgBlockDisablesLogin is true.
+* (T25227) SECURITY: action=logout now requires to be posted and have a csrf
+ token.
+* (T222385) resourceloader: Use AND instead of OR for upsert conds in
+ saveFileDependencies().
+* (T224374) Fix message parameters so that the message that says SQLite is out
+ of date makes sense.
+* SpecialPage::checkLoginSecurityLevel() will now preserve POST data when
+ reauthenticating.
+* FormSpecialPage::execute() will now call checkLoginSecurityLevel() if
+ getLoginSecurityLevel() returns non-false.
+* (T197279) SECURITY: Fix reauth in Special:ChangeEmail.
+* (T208881) SECURITY: blacklist CSS var().
+* (T209794) SECURITY: rate-limit and prevent blocked users from changing email.
+* (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
+* (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
+* (T222036, T222038) SECURITY: Add permission check for user is permitted to
+ view the log type.
+* (T221739) SECURITY: resources: Patch jQuery 1.11.3 for CVE-2019-11358.
+
== MediaWiki 1.30.1 ==
This is a security and maintenance release of the MediaWiki 1.30 branch.
'newbie'.
* (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's
account lock.
-* (T87572) Make FormatMetadata::flattenArrayReal() work for an associative array.
+* (T87572) Make FormatMetadata::flattenArrayReal() work for an associative
+ array.
* Updated composer/spdx-licenses from 1.1.4 to 1.3.0 (development dependency).
* (T189567) the CLI installer (maintenance/install.php) learned to detect and
include extensions. Pass --with-extensions to enable that feature.
* (T190503) Let built-in web server (maintenance/dev) handle .php requests.
* (T167507) selenium: Run Chrome headlessly.
* selenium: Pass -no-sandbox to Chrome under Docker.
-* (T179190) selenium: Move logic for running tests from package.json to selenium.sh
+* (T179190) selenium: Move logic for running tests from package.json to
+ selenium.sh
* (T192584) Stop incorrectly passing USE INDEX to RecentChange::newFromConds().
* Add default edit rate limit of 90 edits/minute for all users.
* (T186565) Fix PHP Notice from `ob_end_flush()` in `FileRepo::streamFile()`.
* oojs/oojs-ui updated to remove an unnecessary dependancy.
* (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported.
-* (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete hook.
+* (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete
+ hook.
* (T196672) The mtime of extension.json files is now able to be zero
* (T180403) Validate $length in padleft/padright parser functions.
* (T143790) Make $wgEmailConfirmToEdit only affect edit actions.
* (T163562) $wgRangeContributionsCIDRLimit was introduced to control the size
of IP ranges that can be queried at Special:Contributions.
* (T45547) $wgUsePigLatinVariant added (off by default).
-* (T152540) MediaWiki now supports a section ID escaping style that allows to display
- non-Latin characters verbatim on many modern browsers. This is controlled by the
- new configuration setting, $wgFragmentMode.
-* $wgExperimentalHtmlIds is now deprecated and will be removed in a future version,
- use $wgFragmentMode to migrate off it to a modern alternative.
+* (T152540) MediaWiki now supports a section ID escaping style that allows to
+ display non-Latin characters verbatim on many modern browsers. This is
+ controlled by the new configuration setting, $wgFragmentMode.
+* $wgExperimentalHtmlIds is now deprecated and will be removed in a future
+ version, use $wgFragmentMode to migrate off it to a modern alternative.
* $wgExternalInterwikiFragmentMode was introduced to control how fragments in
sinterwikis going outside of current wiki farm are encoded.
-* (T120333) Soft-deprecated the use of PHP extension 'mysql' in favor of 'mysqli'.
- This PHP extension was deprecated in PHP 5.5 and removed in PHP 7.0. MediaWiki
- auto-selects the 'mysqli' driver since MediaWiki 1.22, except if explicitly
- requested through the configuration parameter $wgDBservers.
-* $wgOOUIEditPage was removed, as it is now the default. This was documented as a
- temporary variable during the migration period.
+* (T120333) Soft-deprecated the use of PHP extension 'mysql' in favor of
+ 'mysqli'. This PHP extension was deprecated in PHP 5.5 and removed in PHP 7.0.
+ MediaWiki auto-selects the 'mysqli' driver since MediaWiki 1.22, except if
+ explicitly requested through the configuration parameter $wgDBservers.
+* $wgOOUIEditPage was removed, as it is now the default. This was documented as
+ a temporary variable during the migration period.
=== New features in 1.30 ===
* (T37247) Output from Parser::parse() will now be wrapped in a div with
* (T138166) Added ability for users to prohibit other users from sending them
emails with Special:Emailuser. Can be enabled by setting
$wgEnableUserEmailBlacklist to true.
-* (T67297) $wgBrowserBlacklist is deprecated, and changing it will have no effect.
- Instead, users using browsers that do not support Unicode will be unable to edit
- and should upgrade to a modern browser instead.
+* (T67297) $wgBrowserBlacklist is deprecated, and changing it will have no
+ effect. Instead, users using browsers that do not support Unicode will be
+ unable to edit and should upgrade to a modern browser instead.
=== External library changes in 1.30 ===
* Two new hooks, LogEventsListLineEnding and NewPagesLineEnding, were added for
manipulating Special:Log and Special:NewPages lines.
* The OldChangesListRecentChangesLine, EnhancedChangesListModifyLineData,
- PageHistoryLineEnding, ContributionsLineEnding and DeletedContributionsLineEnding
- hooks have an additional parameter, for manipulating HTML data attributes of
- RC/history lines. EnhancedChangesListModifyBlockLineData can do that via the
+ PageHistoryLineEnding, ContributionsLineEnding and
+ DeletedContributionsLineEnding hooks have an additional parameter, for
+ manipulating HTML data attributes of RC/history lines.
+ EnhancedChangesListModifyBlockLineData can do that via the
$data['attribs'] subarray.
* (T130632) The OutputPage::enableTOC() method was removed.
* WikiPage::getParserOutput() will now throw an exception if passed
* IP::isValidBlock() was deprecated. Use the equivalent IP::isValidRange().
* DeprecatedGlobal no longer supports passing in a direct value, it requires a
callable factory function or a class name.
-* The $parserMemc global, wfGetParserCacheStorage(), and ParserCache::singleton()
- are all deprecated. The main ParserCache instance should be obtained from
- MediaWikiServices instead. Access to the underlying BagOStuff is possible
- through the new ParserCache::getCacheStorage() method.
+* The $parserMemc global, wfGetParserCacheStorage(), and
+ ParserCache::singleton() are all deprecated. The main ParserCache instance
+ should be obtained from MediaWikiServices instead. Access to the underlying
+ BagOStuff is possible through the new ParserCache::getCacheStorage() method.
* .mw-ui-constructive CSS class (deprecated in 1.27) was removed.
* Sanitizer::escapeId() was deprecated, use escapeIdForAttribute(),
escapeIdForLink() or escapeIdForExternalInterwiki() instead.
* mw.util.escapeId() was deprecated, use escapeIdForAttribute() or
escapeIdForLink().
* MagicWord::replaceMultiple() (deprecated in 1.25) was removed.
-* WikiImporter now requires the second parameter to be an instance of the Config,
- class. Prior to that, the Config parameter was optional (a behavior deprecated in
- 1.25).
+* WikiImporter now requires the second parameter to be an instance of the
+ Config, class. Prior to that, the Config parameter was optional (a behavior
+ deprecated in 1.25).
* Removed 'jquery.mwExtension' module. (deprecated since 1.26)
* mediawiki.ui: Deprecate greys, which are not part of WikimediaUI color palette
any more.
should be used instead.
* RunningStat class (deprecated in 1.27) was removed. The namespaced
RunningStat\RunningStat should be used instead.
-* MWMemcached and MemCachedClientforWiki classes (deprecated in 1.27) were removed.
+* MWMemcached and MemCachedClientforWiki classes (deprecated in 1.27) were
+ removed.
The MemcachedClient class should be used instead.
* EditPage underwent some refactoring and deprecations:
* EditPage::isOouiEnabled() is deprecated and will always return true.
- * EditPage::getSummaryInput() and ::getSummaryInputOOUI() are deprecated. Please
- use ::getSummaryInputWidget() instead.
+ * EditPage::getSummaryInput() and ::getSummaryInputOOUI() are deprecated.
+ Please use ::getSummaryInputWidget() instead.
* EditPage::getCheckboxes() and ::getCheckboxesOOUI() are deprecated. Please
use ::getCheckboxesWidget() instead.
- * Creating an EditPage instance without calling EditPage::setContextTitle() should
- be avoided and will be deprecated in a future release.
- * EditPage::safeUnicodeInput() and ::safeUnicodeOutput() are deprecated and no-ops.
- * EditPage::$isCssJsSubpage, ::$isCssSubpage, and ::$isJsSubpage are deprecated. The
- corresponding methods from Title should be used instead.
+ * Creating an EditPage instance without calling EditPage::setContextTitle()
+ should be avoided and will be deprecated in a future release.
+ * EditPage::safeUnicodeInput() and ::safeUnicodeOutput() are deprecated and
+ no-ops.
+ * EditPage::$isCssJsSubpage, ::$isCssSubpage, and ::$isJsSubpage are
+ deprecated. The corresponding methods from Title should be used instead.
* EditPage::$isWrongCaseCssJsPage is deprecated. There is no replacement.
- * EditPage::$mArticle and ::$mTitle are deprecated for public usage. The getters
- ::getArticle() and ::getTitle() should be used instead.
- * Trying to control or fake EditPage context by overriding $wgUser, $wgRequest, $wgOut,
- and $wgLang is no longer supported and won't work. The IContextSource returned from
- EditPage::getContext() must be modified instead.
+ * EditPage::$mArticle and ::$mTitle are deprecated for public usage. The
+ getters ::getArticle() and ::getTitle() should be used instead.
+ * Trying to control or fake EditPage context by overriding $wgUser,
+ $wgRequest, $wgOut, and $wgLang is no longer supported and won't work. The
+ IContextSource returned from EditPage::getContext() must be modified
+ instead.
* Parser::getRandomString() (deprecated in 1.26) was removed.
* Parser::uniqPrefix() (deprecated in 1.26) was removed.
* Parser::extractTagsAndParams() now only accepts three arguments. The fourth,
$uniq_prefix was deprecated in 1.26 and has now been removed.
-* (T172514) The following tables have had their UNIQUE indexes turned into proper
- PRIMARY KEYs for increased maintainability: categorylinks, imagelinks, iwlinks,
- langlinks, log_search, module_deps, objectcache, pagelinks, query_cache, site_stats,
- templatelinks, text, transcache, user_former_groups, user_properties.
+* (T172514) The following tables have had their UNIQUE indexes turned into
+ proper PRIMARY KEYs for increased maintainability: categorylinks, imagelinks,
+ iwlinks, langlinks, log_search, module_deps, objectcache, pagelinks,
+ query_cache, site_stats, templatelinks, text, transcache, user_former_groups,
+ user_properties.
* IDatabase::nextSequenceValue() is no longer needed by any database backends
(formerly it was needed by PostgreSQL and Oracle), and is now deprecated.
-* (T146591) The lc_lang_key index on the l10n_cache table has been changed into a
- PRIMARY KEY.
+* (T146591) The lc_lang_key index on the l10n_cache table has been changed into
+ a PRIMARY KEY.
* (T157227) bot_password.bp_user, change_tag.ct_log_id, change_tag.ct_rev_id,
page_restrictions.pr_user, tag_summary.ts_log_id, tag_summary.ts_rev_id and
user_properties.up_user have all been made unsigned on MySQL.
* DB_SLAVE is deprecated. DB_REPLICA should be used instead.
* wfUsePHP() is deprecated.
* wfFixSessionID() was removed.
-* wfShellExec() and related functions are deprecated, use Shell::command(). This also
- slightly changes the behavior of how execution time limits are calculated when only
- some of defaults are overridden per-call. When in doubt, always override both wall
- clock and CPU time.
-* (T138166) SpecialEmailUser::getTarget() now requires a second argument, the sending
- user object. Using the method without the second argument is deprecated.
+* wfShellExec() and related functions are deprecated, use Shell::command(). This
+ also slightly changes the behavior of how execution time limits are calculated
+ when only some of defaults are overridden per-call. When in doubt, always
+ override both wall clock and CPU time.
+* (T138166) SpecialEmailUser::getTarget() now requires a second argument, the
+ sending user object. Using the method without the second argument is
+ deprecated.
* (T67297) Browsers that don't support Unicode will have their edits rejected.
-* (T178450) The module 'jquery.badge' is deprecated and will be removed in a future
- release. For notifying the user of an event, the Notifications ("Echo") system
- should be used instead.
-* (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and browser
- sends non-standard url escaping.
+* (T178450) The module 'jquery.badge' is deprecated and will be removed in a
+ future release. For notifying the user of an event, the Notifications ("Echo")
+ system should be used instead.
+* (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and
+ browser sends non-standard url escaping.
* (T165846) SECURITY: BotPassword login attempts weren't throttled.
= MediaWiki 1.29 =
This is a security and maintenance release of the MediaWiki 1.29 branch.
=== Changes since 1.29.1 ===
-* (T166757) Avoid scoped lock errors in Category::refreshCounts() due to nesting.
+* (T166757) Avoid scoped lock errors in Category::refreshCounts() due to
+ nesting.
* (T175439) Unbreak Postgres Updater when setting defaults for a column.
* (T160298) Remove use of implicitGroupBy() in ActiveUsersPager.
* Fixed login button label to accept RawMessage.
* (T163646) Pass a string not an int to mysql_real_escape_string().
* (T180143) Bump justinrainbow/json-schema development dependency to ~5.2.
* Updated dev dependancy phpunit/phpunit from v4.8.35 to v4.8.36.
-* (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and browser
- sends non-standard url escaping.
+* (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and
+ browser sends non-standard url escaping.
* (T165846) SECURITY: BotPassword login attempts weren't throttled.
* (T128209) SECURITY: Reflected File Download from api.php.
* (T134100) SECURITY: Do not reveal if user exists during login failure.
* (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
* (T125163) SECURITY: Make anchor for headlines escape > and <.
* (T180237) SECURITY: Protect vendor folder with .htaccess.
-* (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in update.php.
+* (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in
+ update.php.
* (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit.
* (T119158) SECURITY: Handle -{}- syntax in attributes safely.
-* (T180488) (T125177) "api.log contains passwords in plaintext" wasn't correctly fixed in all
- branches in the previous security release.
+* (T180488) (T125177) "api.log contains passwords in plaintext" wasn't correctly
+ fixed in all branches in the previous security release.
== MediaWiki 1.29.1 ==
* $wgRunJobsAsync is now false by default (T142751). This change only affects
wikis with $wgJobRunRate > 0.
* (T158474) "Unknown user" has been added to $wgReservedUsernames.
-* (T156983) $wgRateLimitsExcludedIPs now accepts CIDR ranges as well as single IPs.
+* (T156983) $wgRateLimitsExcludedIPs now accepts CIDR ranges as well as single
+ IPs.
* $wgDummyLanguageCodes is deprecated. Additional language code mappings may be
added to $wgExtraLanguageCodes instead.
* (T161453) LocalisationCache will no longer use the temporary directory in it's
==== Removed and replaced external libraries ====
=== Bug fixes in 1.29 ===
-* (T62604) Core parser functions returning a number now format the number according
- to the page content language, not wiki content language.
-* (T27187) Search suggestions based on jquery.suggestions will now correctly only
- highlight prefix matches in the results.
+* (T62604) Core parser functions returning a number now format the number
+ according to the page content language, not wiki content language.
+* (T27187) Search suggestions based on jquery.suggestions will now correctly
+ only highlight prefix matches in the results.
* (T157035) "new mw.Uri()" was ignoring options when using default URI.
* Special:Allpages can no longer be filtered by redirect in miser mode.
-* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is installed.
-* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow redirect
- to interwiki links.
+* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is
+ installed.
+* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow
+ redirect to interwiki links.
* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
$wgAdvancedSearchHighlighting is true.
* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
their values out of the logs.
-* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a CSRF
- token.
+* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a
+ CSRF token.
* (T156184) SECURITY: Escape content model/format url parameter in message.
* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
declaration.
-* (T161453) SECURITY: LocalisationCache will no longer use the temporary directory
- in it's fallback chain when trying to work out where to write the cache.
-* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file inclusion
- syntax's link parameter.
-* (T108138) SECURITY: Sysops can undelete pages, although the page is protected against
- it.
+* (T161453) SECURITY: LocalisationCache will no longer use the temporary
+ directory in it's fallback chain when trying to work out where to write the
+ cache.
+* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
+ inclusion syntax's link parameter.
+* (T108138) SECURITY: Sysops can undelete pages, although the page is protected
+ against it.
=== Action API changes in 1.29 ===
* Submitting sensitive authentication request parameters to action=login,
parameter prefixes (e.g. all query submodules) will no longer be prefixed.
* ApiPageSet-using modules will report the 'invalidreason' using the specified
'errorformat'.
-* action=emailuser may return a "Warnings" status, and now returns 'warnings' and
- 'errors' subelements (as applicable) instead of 'message'.
+* action=emailuser may return a "Warnings" status, and now returns 'warnings'
+ and 'errors' subelements (as applicable) instead of 'message'.
* action=imagerotate returns an 'errors' subelement rather than 'errormessage'.
* action=move now reports errors when moving the talk page as an array under
key 'talkmove-errors', rather than using 'talkmove-error-code' and
==== No fallback for Ukrainian ====
* (T39314) The fallback from Ukrainian to Russian was removed. The Ukrainian
- language will now use the default fallback language: English. When a translation
- to Ukrainian is not available, an English string will be shown.
+ language will now use the default fallback language: English. When a
+ translation to Ukrainian is not available, an English string will be shown.
=== Other changes in 1.29 ===
* Database::getSearchEngine() (deprecated in 1.28) was removed. Use
were removed.
* Article::getAutosummary() and WikiPage::getAutosummary() (deprecated in 1.21)
were removed.
-* Hook ArticleViewCustom (deprecated in 1.21) was removed. Use ArticleContentViewCustom
- instead.
+* Hook ArticleViewCustom (deprecated in 1.21) was removed. Use
+ ArticleContentViewCustom instead.
* Hooks EditPageGetDiffText and ShowRawCssJs (deprecated in 1.21) were removed.
* Class RevisiondeleteAction (deprecated in 1.25) was removed.
* WikiPage::prepareTextForEdit() (deprecated in 1.21) was removed.
* User::isPasswordReminderThrottled() (deprecated in 1.27) was removed.
* Class FSRepo (deprecated in 1.19) was removed.
* WebRequest::checkSessionCookie() (deprecated in 1.27) was removed. Use
- \MediaWiki\Session\SessionManager::singleton()->getPersistedSessionId() instead.
+ \MediaWiki\Session\SessionManager::singleton()->getPersistedSessionId()
+ instead.
* Class ImageGallery (deprecated in 1.22) was removed.
Use ImageGalleryBase::factory instead.
-* Title::moveNoAuth() (deprecated in 1.25) was removed. Use MovePage class instead.
+* Title::moveNoAuth() (deprecated in 1.25) was removed. Use MovePage class
+ instead.
* Hook UnknownAction (deprecated in 1.19) was actually deprecated (it will now
emit warnings). Create a subclass of Action and add it to $wgActions instead.
-* WikiRevision::getText() (deprecated since 1.21) is no longer marked deprecated.
+* WikiRevision::getText() (deprecated since 1.21) is no longer marked
+ deprecated.
* Linker::getInterwikiLinkAttributes() (deprecated since 1.25) was removed.
* Linker::getInternalLinkAttributes() (deprecated since 1.25) was removed.
* Linker::getInternalLinkAttributesObj() (deprecated since 1.25) was removed.
* RedisConnectionPool::handleException (deprecated since 1.23) was removed.
* The static properties mw.Api.errors and mw.Api.warnings, containing incomplete
and outdated lists of errors/warnings returned by the API, are now deprecated.
-* wiki.phtml entry point was removed. Refer to index.php instead. If you want "wiki.phtml"
- URLs to continue to work, set up redirects. In Apache, this can be done by enabling
- mod_rewrite and adding the following rules to your configuration:
+* wiki.phtml entry point was removed. Refer to index.php instead. If you want
+ "wiki.phtml" URLs to continue to work, set up redirects. In Apache, this can
+ be done by enabling mod_rewrite and adding the following rules to your
+ configuration:
RewriteEngine On
RewriteBase /
* Article::doEditContent() was marked as deprecated, to be removed in 1.30
or later.
* ContentHandler::runLegacyHooks() was removed.
-* refreshLinks.php now can be limited to a particular category with --category=...
- or a tracking category with --tracking-category=...
+* refreshLinks.php now can be limited to a particular category with
+ --category=... or a tracking category with --tracking-category=...
* User-like objects that are passed to SpecialUserRights and its subclasses are
now required to have a getGroupMemberships() method. See UserRightsProxy for
an example.
=== Changes since 1.28.2 ==
* (T168856) Allow SVGs created by Dia to be uploaded.
* (T157545) Add missing doUpdates() call to refreshLinks.php.
-* (T165714) (T100085) Better handling of jobs execution in post-connection shutdown.
-* (T154425) (T154438) (T157679) Use AutoCommitUpdate instead of Database->onTransactionIdle.
+* (T165714) (T100085) Better handling of jobs execution in post-connection
+ shutdown.
+* (T154425) (T154438) (T157679) Use AutoCommitUpdate instead of
+ Database->onTransactionIdle.
* (T154425) Make DeferredUpdates detect LBFactory transaction rounds.
-* (T149454) Restore erroneously removed realTableName call from DatabasePostgres.
+* (T149454) Restore erroneously removed realTableName call from
+ DatabasePostgres.
* (T167798) Fix phrase search and highlighting for phrase queries.
* (T151136) Provide credits information to callbacks in extension registration.
-* (T160462) Allow namespaces defined in extension.json to be overwritten locally.
+* (T160462) Allow namespaces defined in extension.json to be overwritten
+ locally.
* (T168337) Fix ErrorPageError to work from non-UI contexts.
* (T143788) Backports for PHP 7.0 and 7.1 support.
* (T175439) Unbreak Postgres Updater when setting defaults for a column.
* (T160298) Remove use of implicitGroupBy() in ActiveUsersPager.
* (T174255) Declare uploadCount property in importDump.php.
-* (T180231) SECURITY: Updated dev dependancy phpunit/phpunit from v4.8.24 to v4.8.36.
-* (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and browser
- sends non-standard url escaping.
+* (T180231) SECURITY: Updated dev dependancy phpunit/phpunit from v4.8.24 to
+ v4.8.36.
+* (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and
+ browser sends non-standard url escaping.
* (T165846) SECURITY: BotPassword login attempts weren't throttled.
* (T128209) SECURITY: Reflected File Download from api.php.
* (T134100) SECURITY: Do not reveal if user exists during login failure.
* (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
* (T125163) SECURITY: Make anchor for headlines escape > and <.
* (T180237) SECURITY: Protect vendor folder with .htaccess.
-* (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in update.php.
+* (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in
+ update.php.
* (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit.
* (T119158) SECURITY: Handle -{}- syntax in attributes safely.
* $wgRunJobsAsync is now false by default (T142751). This change only affects
wikis with $wgJobRunRate > 0.
-* Fix fatal from "WaitConditionLoop" not being found, experienced when a wiki has
- more than one database server setup.
+* Fix fatal from "WaitConditionLoop" not being found, experienced when a wiki
+ has more than one database server setup.
* (T152717) Better escaping for PHP mail() command,
* (T154670) A missing method causing the MySQL installer to fatal in rare
circumstances was restored.
* (T158766) Avoid SQL error on MSSQL when using selectRowCount().
* (T145635) Fix too long index error when installing with MSSQL.
* (T156184) $wgRawHtml will no longer apply to internationalization messages.
-* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is installed.
-* (T154872) Fix incorrect ar_usertext_timestamp index names in new 1.28 installs.
-* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow redirect
- to interwiki links.
+* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is
+ installed.
+* (T154872) Fix incorrect ar_usertext_timestamp index names in new 1.28
+ installs.
+* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow
+ redirect to interwiki links.
* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
$wgAdvancedSearchHighlighting is true.
* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
their values out of the logs.
-* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a CSRF
- token.
+* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a
+ CSRF token.
* (T156184) SECURITY: Escape content model/format url parameter in message.
* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
declaration.
-* (T161453) SECURITY: LocalisationCache will no longer use the temporary directory
- in it's fallback chain when trying to work out where to write the cache.
-* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file inclusion
- syntax's link parameter.
-* (T108138) SECURITY: Sysops can undelete pages, although the page is protected against
- it.
+* (T161453) SECURITY: LocalisationCache will no longer use the temporary
+ directory in it's fallback chain when trying to work out where to write the
+ cache.
+* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
+ inclusion syntax's link parameter.
+* (T108138) SECURITY: Sysops can undelete pages, although the page is protected
+ against it.
== MediaWiki 1.28 ==
* (T149759) manifest_version: 2 was removed.
=== Configuration changes in 1.28 ===
-* $wgSend404Code now affects status code of action=history if the page is not there.
+* $wgSend404Code now affects status code of action=history if the page is not
+ there.
* BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests
made by MediaWiki via a proxy. Relying on the http_proxy environment
variable is no longer supported.
* When $wgEditSubmitButtonLabelPublish is true, MediaWiki will label the button
to store-to-database-and-show-to-others as "Publish page"/"Publish changes";
if false, the default, they will be "Save page"/"Save changes".
-* The 'editcontentmodel' permission is now granted to all logged-in users ('user').
+* The 'editcontentmodel' permission is now granted to all logged-in users
+ ('user').
instead of just administrators ('sysop'). Documentation for this feature is
available at <https://www.mediawiki.org/wiki/Help:ChangeContentModel>.
-* $wgRevisionCacheExpiry is now set to one week by default instead of being disabled.
-* Magic links are now disabled by default, and can be re-enabled by modifying the value
- of $wgEnableMagicLinks. Their usage is discouraged, but if they are manually enabled,
- a tracking category will be added to help identify usage and make it easier to migrate
- away from. If you depend upon magic link functionality, it is requested that you comment
- on <https://www.mediawiki.org/wiki/Requests_for_comment/Future_of_magic_links> and
- explain your use case(s).
+* $wgRevisionCacheExpiry is now set to one week by default instead of being
+ disabled.
+* Magic links are now disabled by default, and can be re-enabled by modifying
+ the value of $wgEnableMagicLinks. Their usage is discouraged, but if they are
+ manually enabled, a tracking category will be added to help identify usage and
+ make it easier to migrate away from. If you depend upon magic link
+ functionality, it is requested that you comment on
+ <https://www.mediawiki.org/wiki/Requests_for_comment/Future_of_magic_links>
+ and explain your use case(s).
* New config variable $wgCSPFalsePositiveUrls to control what URLs to ignore
in upcoming Content-Security-Policy feature's reporting.
and the file description page, but does not run for uploads to stash.
* (T141604) Extensions can now provide a better error message when their
maintenance scripts are run without the extension being installed.
-* (T8948) Numeric sorting in categories is now supported by setting $wgCategoryCollation
- to 'uca-default-u-kn' or 'uca-<langcode>-u-kn'. If you can't use UCA collations,
- a 'numeric' collation is also available. If migrating from another
- collation, you will need to run the updateCollation.php maintenance script.
-* Two new codes have been added to #time parser function: "xit" for days in current
- month, and "xiz" for days passed in the year, both in Iranian calendar.
+* (T8948) Numeric sorting in categories is now supported by setting
+ $wgCategoryCollation to 'uca-default-u-kn' or 'uca-<langcode>-u-kn'. If you
+ can't use UCA collations, a 'numeric' collation is also available. If
+ migrating from another collation, you will need to run the updateCollation.php
+ maintenance script.
+* Two new codes have been added to #time parser function: "xit" for days in
+ current month, and "xiz" for days passed in the year, both in Iranian
+ calendar.
* mw.Api has a new option, useUS, to use U+001F (Unit Separator) when
appropriate for sending multi-valued parameters. This defaults to true when
the mw.Api instance seems to be for the local wiki.
-* After a client performs an action which alters a database that has replica databases,
- MediaWiki will wait for the replica databases to synchronize with the master database
- while it renders the HTML output. However, if the output is a redirect to another wiki
- on the wiki farm with a different domain, MediaWiki will instead alter the redirect
- URL to include a ?cpPosTime parameter that triggers the database synchronization when
- the URL is followed by the client. The same-domain case uses a new cpPosTime cookie.
+* After a client performs an action which alters a database that has replica
+ databases, MediaWiki will wait for the replica databases to synchronize with
+ the master database while it renders the HTML output. However, if the output
+ is a redirect to another wiki on the wiki farm with a different domain,
+ MediaWiki will instead alter the redirect URL to include a ?cpPosTime
+ parameter that triggers the database synchronization when the URL is followed
+ by the client. The same-domain case uses a new cpPosTime cookie.
* Added new hooks, 'ApiQueryBaseBeforeQuery', 'ApiQueryBaseAfterQuery', and
'ApiQueryBaseProcessRow', to make it easier for extensions to add 'prop' and
'show' parameters to existing API query modules.
* Added wikimedia/wait-condition-loop v1.0.1
=== Bug fixes in 1.28 ===
-* (T146496) action=history pages should return 404 HTTP error code if the page does not exist
+* (T146496) action=history pages should return 404 HTTP error code if the page
+ does not exist
* (T137264) SECURITY: XSS in unclosed internal links
* (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks
* (T133147) SECURITY: Require login to preview user CSS pages
action=createaccount, action=linkaccount, and action=changeauthenticationdata
in the query string is now deprecated and outputs a warning. They should be
submitted in the POST body instead.
-* (T141960) Multi-valued parameters may now be separated using U+001F (Unit Separator)
- instead of the pipe character. This will be useful if some of the multiple
- values need to contain pipes, e.g. for action=options.
+* (T141960) Multi-valued parameters may now be separated using U+001F
+ (Unit Separator) instead of the pipe character. This will be useful if some of
+ the multiple values need to contain pipes, e.g. for action=options.
* The API will now warn if input is not NFC-normalized Unicode or if it
contains invalid characters.
* The 'normalized' list output by action=query and other modules that use
* Added a new hook, 'ApiMakeParserOptions', to allow extensions to better
interact with ApiParse and ApiExpandTemplates.
* (T139565) SECURITY: API: Generate head items in the context of the given title
-* (T115333) SECURITY: Check read permission when loading page content in ApiParse
+* (T115333) SECURITY: Check read permission when loading page content in
+ ApiParse
* ApiBase::getResultData() was removed (deprecated since 1.25)
* ApiBase::makeHelpArrayToString() was removed (deprecated since 1.25)
* ApiBase::makeHelpMsgParameters() was removed (deprecated since 1.25)
* (T135867) shn (Shan), thanks to translators Khun Sar, Piangpha,
Saiddzone Saimawnkham, Saosukham, and Sengwan.
* Czech (cs) and Slovak (sk) set as reciprocal fallbacks.
-* (T146744) Livvi-Karelian (olo) namespace messages created thanks to translator Ilja.mos.
+* (T146744) Livvi-Karelian (olo) namespace messages created thanks to translator
+ Ilja.mos.
=== Other changes in 1.28 ===
* (T128697) Improved handling of large diffs.
* Deprecated APIEditBeforeSave hook in favor of EditFilterMergedContent.
* The 'UploadVerification' hook is deprecated. Use 'UploadVerifyFile' instead.
* SiteConfiguration::isLocalVHost() was removed (deprecated since 1.25).
-* The 'UserLoginComplete' hook has a new parameter to differentiate between actual
- login and visiting the login page while already logged in.
+* The 'UserLoginComplete' hook has a new parameter to differentiate between
+ actual login and visiting the login page while already logged in.
* ResourceLoader::makeLoaderURL() was removed (deprecated since 1.24).
* $.fn.liveAndTestAtStart was removed (deprecated since 1.24).
* mw.util.tooltipAccessKeyPrefix was removed (deprecated since 1.24).
* Linker::link() and Linker::linkKnown() were deprecated; please instead use
MediaWiki\Linker\LinkRenderer. In addition, the LinkBegin and LinkEnd hooks
were replaced by HtmlPageLinkRendererBegin and HtmlPageLinkRendererEnd
- respectively. See docs/hooks.txt for the specific changes needed for those hooks.
+ respectively. See docs/hooks.txt for the specific changes needed for those
+ hooks.
* Linker::formatSize() was deprecated. Use Language::formatSize() directly.
* Aliases for Linker methods, deprecated since 1.21, were removed from Skin:
* Skin::commentBlock() (use Linker::commentBlock() instead)
Use ...->stashFile()->getFileKey() instead.
* "Public domain" was removed as a wiki license option from the installer, in
favour of CC-0.
-* AuthenticationRequest::$required is now changed from REQUIRED to PRIMARY_REQUIRED
- on requests needed by primary providers even if all primaries need them.
+* AuthenticationRequest::$required is now changed from REQUIRED to
+ PRIMARY_REQUIRED on requests needed by primary providers even if all primaries
+ need them.
Primary providers are discouraged from returning multiple REQUIRED requests.
* OOjs UI PHP widgets constructed with the `'infusable' => true` config option
will no longer be automatically infused. You should call `OO.ui.infuse()`
* IP::isConfiguredProxy() and IP::isTrustedProxy() were removed. Callers should
migrate to using the same functions on a ProxyLookup instance, obtainable from
MediaWikiServices.
-* The ArticleAfterFetchContent, ArticleInsertComplete, ArticleSave, ArticleSaveComplete,
- ArticleViewCustom, EditFilterMerged, EditPageGetDiffText, EditPageGetPreviewText and
- ShowRawCssJs hooks will now emit deprecation warnings if used.
+* The ArticleAfterFetchContent, ArticleInsertComplete, ArticleSave,
+ ArticleSaveComplete, ArticleViewCustom, EditFilterMerged, EditPageGetDiffText,
+ EditPageGetPreviewText and ShowRawCssJs hooks will now emit deprecation
+ warnings if used.
* (T68404) CSS3 attr() function with url type is no longer allowed
in inline styles.
-* Database::getSearchEngine() is deprecated, use SearchEngineFactory::getSearchEngineClass
- instead.
+* Database::getSearchEngine() is deprecated, use
+ SearchEngineFactory::getSearchEngineClass instead.
== Compatibility ==
= MediaWiki 1.27 =
+== MediaWiki 1.27.7 ==
+
+This is a maintenance release of the MediaWiki 1.27 branch.
+
+=== Changes since MediaWiki 1.27.6 ===
+* Add missing `use MediaWiki\MediaWikiServices;` to LogEventsList.php.
+* Remove broken tests from ApiBlockTest.php.
+
+== MediaWiki 1.27.6 ==
+
+This is a security and maintenance release of the MediaWiki 1.27 branch.
+
+=== Changes since MediaWiki 1.27.5 ===
+* (T204729) WatchedItemStore::countVisitingWatchersMultiple() shouldn't query
+ all titles when asked for none.
+* (T109121) Remove deprecated pear/mail_mime-decode from composer suggested
+ libraries.
+* (T207241) Augment precision of updatelist time.
+* (T207540) Include IP address in "Login for $1 succeeded" log entry.
+* (T205765) Don't link to the obsolete "Extension Matrix" page in installer.
+* (T207603) SECURITY: User JS may no longer be loaded with mime type
+ text/javascript if there is no account associated with the username.
+* (T113042) SECURITY: Do not allow loading pages raw with a text/javascript MIME
+ type if non-admins can edit the page.
+* (T207541) Pass email address to mail().
+* (T209335) Clarify the default sidebar 'Help' link is about MediaWiki itself.
+* (T213359) Update mediawiki/mediawiki-codesniffer to 0.8.1.
+* (T208871) The hard-coded Google search form on the database error page was
+ removed.
+* (T216968) Return pageid as int in both list=iwbacklinks and
+ list=langbacklinks.
+* (T218608) Fix an issue that prevents Extension:OAuth working when
+ $wgBlockDisablesLogin is true.
+* (T219728) Added support for new Japanese era name "Reiwa".
+* (T25227) SECURITY: action=logout now requires to be posted and have a csrf
+ token.
+* SpecialPage::checkLoginSecurityLevel() will now preserve POST data when
+ reauthenticating.
+* FormSpecialPage::execute() will now call checkLoginSecurityLevel() if
+ getLoginSecurityLevel() returns non-false.
+* (T197279) SECURITY: Fix reauth in Special:ChangeEmail.
+* (T208881) SECURITY: blacklist CSS var().
+* (T209794) SECURITY: rate-limit and prevent blocked users from changing email.
+* (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
+* (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
+* (T222036, T222038) SECURITY: Add permission check for user is permitted to
+ view the log type.
+* (T221739) SECURITY: resources: Patch jQuery 1.11.3 for CVE-2019-11358.
+
== MediaWiki 1.27.5 ==
This is a security and maintenance release of the MediaWiki 1.27 branch.
account lock.
* Upgraded Moment.js from v2.8.4 to v2.19.3.
* (T160298) Fixed Special:ActiveUsers due to bad backport.
-* (T87572) Make FormatMetadata::flattenArrayReal() work for an associative array.
+* (T87572) Make FormatMetadata::flattenArrayReal() work for an associative
+ array.
* Updated list of SPDX licenses for extensions.
* (T189567) the CLI installer (maintenance/install.php) learned to detect and
include extensions. Pass --with-extensions to enable that feature.
* Add default edit rate limit of 90 edits/minute for all users.
* (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported.
* (T196672) The mtime of extension.json files is now able to be zero.
-* (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete hook.
+* (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete
+ hook.
* (T180403) Validate $length in padleft/padright parser functions.
* (T143790) Make $wgEmailConfirmToEdit only affect edit actions.
* Special:BotPasswords now requires reauthentication.
* (T141604) Support conditionally registered namespaces.
* (T167798) Fix highlighting for phrase queries and phrase search.
* (T151136) Provide credits information to callbacks.
-* (T160462) Allow namespaces defined in extension.json to be overwritten locally.
+* (T160462) Allow namespaces defined in extension.json to be overwritten
+ locally.
* (T168856) Allow SVGs created by Dia to be uploaded.
-* (T144705) (T148662) Password reset link is no longer shown when no reset options are
- available.
+* (T144705) (T148662) Password reset link is no longer shown when no reset
+ options are available.
* (T143788) (T174262) Various backports for PHP 7.0 and 7.1 support.
-* (T66795) $wgUserEmailUseReplyTo is now true by default to work around restrictive DMARC
- policies.
-* DB_REPLICA constant added from REL1_28+ to ease backports to extensions and core.
+* (T66795) $wgUserEmailUseReplyTo is now true by default to work around
+ restrictive DMARC policies.
+* DB_REPLICA constant added from REL1_28+ to ease backports to extensions and
+ core.
* (T175439) Unbreak Postgres Updater when setting defaults for a column.
* (T160298) Remove use of implicitGroupBy() in ActiveUsersPager.
* (T142304) Allow putting the app ID in the password for bot passwords.
* Updated dev dependancy phpunit/phpunit from v4.8.24 to v4.8.36.
-* (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and browser
- sends non-standard url escaping.
+* (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and
+ browser sends non-standard url escaping.
* (T165846) SECURITY: BotPassword login attempts weren't throttled.
* (T128209) SECURITY: Reflected File Download from api.php.
* (T134100) SECURITY: Do not reveal if user exists during login failure.
* (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
* (T125163) SECURITY: Make anchor for headlines escape > and <.
* (T180237) SECURITY: Protect vendor folder with .htaccess.
-* (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in update.php.
+* (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in
+ update.php.
* (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit.
* (T119158) SECURITY: Handle -{}- syntax in attributes safely.
This is a security and maintenance release of the MediaWiki 1.27 branch.
ApiCreateAccount was removed in 1.27.0. It was incorrectly still marked as
-deprecated (rather than already removed) in the RELEASE-NOTES at the point 1.27.0
-was released.
+deprecated (rather than already removed) in the RELEASE-NOTES at the point
+1.27.0 was released.
=== Changes since 1.27.1 ===
* (T158766) Avoid SQL error on MSSQL when using selectRowCount()
* (T145635) Fix too long index error when installing with MSSQL.
* (T156184) $wgRawHtml will no longer apply to internationalization messages.
-* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is installed.
-* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow redirect
- to interwiki links.
+* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is
+ installed.
+* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow
+ redirect to interwiki links.
* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
$wgAdvancedSearchHighlighting is true.
* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
their values out of the logs.
-* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a CSRF
- token.
+* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a
+ CSRF token.
* (T156184) SECURITY: Escape content model/format url parameter in message.
* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
declaration.
-* (T161453) SECURITY: LocalisationCache will no longer use the temporary directory
- in it's fallback chain when trying to work out where to write the cache.
-* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file inclusion
- syntax's link parameter.
-* (T108138) SECURITY: Sysops can undelete pages, although the page is protected against
- it.
+* (T161453) SECURITY: LocalisationCache will no longer use the temporary
+ directory in it's fallback chain when trying to work out where to write the
+ cache.
+* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
+ inclusion syntax's link parameter.
+* (T108138) SECURITY: Sysops can undelete pages, although the page is protected
+ against it.
== MediaWiki 1.27.1 ==
* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
permissions
* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true
-* (T115333) SECURITY: Check read permission when loading page content in ApiParse
-* (T57548) Remove support for $wgWellFormedXml = false, all output is now well formed
-* (T139670) Move 'UserGetRights' call before application of Session::getAllowedUserRights()
+* (T115333) SECURITY: Check read permission when loading page content in
+ ApiParse
+* (T57548) Remove support for $wgWellFormedXml = false, all output is now well
+ formed
+* (T139670) Move 'UserGetRights' call before application of
+ Session::getAllowedUserRights()
== MediaWiki 1.27.0 ==
*** AbortLogin (create a MediaWiki\Auth\PreAuthenticationProvider instead)
*** AbortNewAccount (create a MediaWiki\Auth\PreAuthenticationProvider instead)
*** AddNewAccount (use LocalUserCreated instead)
-*** AuthPluginSetup (create a MediaWiki\Auth\PrimaryAuthenticationProvider instead)
+*** AuthPluginSetup (create a MediaWiki\Auth\PrimaryAuthenticationProvider
+ instead)
*** ChangePasswordForm (use AuthChangeFormFields instead, or security levels)
-*** LoginUserMigrated (create a MediaWiki\Auth\PreAuthenticationProvider instead)
-*** UserCreateForm (create a MediaWiki\Auth\AuthenticationProvider of some type instead)
-*** UserLoginForm (create a MediaWiki\Auth\AuthenticationProvider of some type instead)
+*** LoginUserMigrated (create a MediaWiki\Auth\PreAuthenticationProvider
+ instead)
+*** UserCreateForm (create a MediaWiki\Auth\AuthenticationProvider of some type
+ instead)
+*** UserLoginForm (create a MediaWiki\Auth\AuthenticationProvider of some type
+ instead)
** The following hooks are removed:
*** AbortChangePassword
*** LoginPasswordResetMessage
* Added $wgAuthenticationTokenVersion, which if non-null prevents the
user_token database field from being exposed in cookies. Setting this would
be a good idea, but will log out all current sessions.
-* $wgEventRelayerConfig was added, for managing PubSub event relay configuration,
- specifically for reliable CDN url purges.
+* $wgEventRelayerConfig was added, for managing PubSub event relay
+ configuration, specifically for reliable CDN url purges.
* Requests have unique IDs, equal to the UNIQUE_ID environment variable (when
MediaWiki is behind Apache+mod_unique_id or something similar) or a randomly-
generated 24-character string. This request ID is used to annotate log records
- and error messages. It is available client-side via mw.config.get( 'wgRequestId' ).
- The request ID supplants exception IDs. Accordingly, MWExceptionHandler::getLogId()
- is deprecated.
+ and error messages. It is available client-side via
+ mw.config.get( 'wgRequestId' ).
+ The request ID supplants exception IDs. Accordingly,
+ MWExceptionHandler::getLogId() is deprecated.
* (T33313) Add a preference for watching uploads by default, also applies
to API-based upload tools.
* $wgJpegPixelFormat was added to override chroma subsampling for JPEG image
configuration of multiple authentication pieces that was possible with
AuthPlugin. For example, it's now easy to plug in second-factor
authentication, or add additional checks to the login process, or to support
- multiple login methods at once, or to support non-password-based login methods.
+ multiple login methods at once, or to support non-password-based login
+ methods.
** Providers are configured via the global setting $wgAuthManagerConfig.
** A global, $wgDisableAuthManager, is temporarily available to disable
AuthManager until extensions are ready to support it.
** New hook, SecuritySensitiveOperationStatus, to work with the new mechanism
for requiring a recent login before taking security-sensitive operations
like changing a password.
-** Two new globals, $wgChangeCredentialsBlacklist and $wgRemoveCredentialsBlacklist
- can be used to prevent the web UI and the API changing certain authentication data.
+** Two new globals, $wgChangeCredentialsBlacklist and
+ $wgRemoveCredentialsBlacklist can be used to prevent the web UI and the API
+ changing certain authentication data.
* The file upload dialog (available if you install WikiEditor or VisualEditor)
can now be configured using $wgUploadDialog.
* ApiBase::addTokenProperties() was removed (deprecated since 1.24).
* ApiBase::getFinalPossibleErrors() was removed (deprecated since 1.24).
* ApiBase::getFinalResultProperties() was removed (deprecated since 1.24).
-* ApiBase::getRequireAtLeastOneParameterErrorMessages() was removed (deprecated since 1.24).
+* ApiBase::getRequireAtLeastOneParameterErrorMessages() was removed (deprecated
+ since 1.24).
* ApiBase::getPossibleErrors() was removed (deprecated since 1.24).
-* ApiBase::getRequireMaxOneParameterErrorMessages() was removed (deprecated since 1.24).
-* ApiBase::getRequireOnlyOneParameterErrorMessages() was removed (deprecated since 1.24).
+* ApiBase::getRequireMaxOneParameterErrorMessages() was removed (deprecated
+ since 1.24).
+* ApiBase::getRequireOnlyOneParameterErrorMessages() was removed (deprecated
+ since 1.24).
* ApiBase::getResultProperties() was removed (deprecated since 1.24).
* ApiBase::getTitleOrPageIdErrorMessage() was removed (deprecated since 1.24).
* ApiBase::parseErrors() was removed (deprecated since 1.24).
* (T116020) Aliases of magic words in MessagesXx.php are sorted by usage.
=== Other changes in 1.27 ===
-* Added dependency injection (DI) infrastructure, see docs/injection.txt for details.
+* Added dependency injection (DI) infrastructure, see docs/injection.txt for
+ details.
It is planned to incrementally move MediaWiki code towards using DI, using the
service locator (SL) pattern as a stepping stone.
* ProfilerOutputUdp was removed. Note that there is a ProfilerOutputStats class.
together but instead pick the final one, similar to image syntax.
* XML-like parser tags (such as <gallery>), when unclosed, will be left unparsed
rather than consume everything until the end of the page.
-* New maintenance script resetUserEmail.php allows sysadmins to reset user emails in case
- a user forgot password/account was stolen.
+* New maintenance script resetUserEmail.php allows sysadmins to reset user
+ emails in case a user forgot password/account was stolen.
* wfCheckEntropy() was removed (deprecated in 1.27).
* Browser support for Internet Explorer 8 lowered from Grade A to Grade C.
* ContentHandler::supportsCategories method added. Default is true.
CategoryMembershipChangeJob updates are skipped for content that
does not support categories.
-* wikidiff difference engine is no longer supported, anyone still using it are encouraged
- to upgrade to wikidiff2 which is actively maintained and has better package availability.
-* Database logic was removed from WatchedItem and a WatchedItemStore was created:
-** WatchedItem::IGNORE_USER_RIGHTS and WatchedItem::CHECK_USER_RIGHTS were deprecated.
- User::IGNORE_USER_RIGHTS and User::CHECK_USER_RIGHTS were introduced.
+* wikidiff difference engine is no longer supported, anyone still using it are
+ encouraged to upgrade to wikidiff2 which is actively maintained and has better
+ package availability.
+* Database logic was removed from WatchedItem and a WatchedItemStore was
+ created:
+** WatchedItem::IGNORE_USER_RIGHTS and WatchedItem::CHECK_USER_RIGHTS were
+ deprecated. User::IGNORE_USER_RIGHTS and User::CHECK_USER_RIGHTS were
+ introduced.
** WatchedItem::fromUserTitle was deprecated in favour of the constructor.
** WatchedItem::resetNotificationTimestamp was deprecated.
** WatchedItem::batchAddWatch was deprecated.
** WatchedItem::duplicateEntries was deprecated.
** EmailNotification::updateWatchlistTimestamp was deprecated.
** User::getWatchedItem was removed.
-* Unit tests don't work with external PHPUnit anymore, Composer is now the only supported
- way. Run `composer install` to install it and other dev dependencies to run unit tests.
+* Unit tests don't work with external PHPUnit anymore, Composer is now the only
+ supported way. Run `composer install` to install it and other dev dependencies
+ to run unit tests.
* wl_id field added to the watchlist table.
* Revision::getRawText() was removed (deprecated since 1.21).
* WikiPage::replaceSection() was removed (deprecated since 1.21).
* Skin::newFromKey() was removed (deprecated since 1.24).
* Skin::getUsableSkins() was removed (deprecated since 1.23).
* LoadBalancer::pickRandom() was removed (deprecated in 1.21).
-* Article::getUndoText() and WikiPage::getUndoText were removed (deprecated since
- 1.21).
+* Article::getUndoText() and WikiPage::getUndoText were removed (deprecated
+ since 1.21).
* DifferenceEngine::setText() was removed (deprecated in 1.21).
* Title::newFromRedirectArray() was removed (deprecated in 1.21).
-* UserMailer::send() no longer accepts $replyto as the 5th argument and $contentType
- as the 6th. These must be passed in the options array now.
+* UserMailer::send() no longer accepts $replyto as the 5th argument and
+ $contentType as the 6th. These must be passed in the options array now.
* Title::newFromRedirectRecurse() was removed (deprecated in 1.21).
* Skin::accesskey was removed (deprecated since 1.21).
* Skin::blockLink was removed (deprecated since 1.21).
* Skin::tooltipAndAccesskeyAttribs was removed (deprecated since 1.21).
* Skin::userTalkLink was removed (deprecated since 1.21).
* Skin::userToolLinksRedContribs was removed (deprecated since 1.21).
-* wikidiff3 is now the default and only PHP diff engine. It provides improved diff
- performance on complex changes. $wgExternalDiffEngine = 'wikidiff3' therefore
- makes no difference now. Users are still recommended to use wikidiff2 if possible,
- though.
+* wikidiff3 is now the default and only PHP diff engine. It provides improved
+ diff performance on complex changes. $wgExternalDiffEngine = 'wikidiff3'
+ therefore makes no difference now. Users are still recommended to use
+ wikidiff2 if possible, though.
* User::addNewUserLogEntry() was deprecated.
* User::addNewUserLogEntryAutoCreate() was deprecated.
* User::isPasswordReminderThrottled() was deprecated.
-* Bot-oriented parameters to Special:UserLogin (wpCookieCheck, wpSkipCookieCheck)
- were removed.
+* Bot-oriented parameters to Special:UserLogin (wpCookieCheck,
+ wpSkipCookieCheck) were removed.
* Installer can now be customized without patching MediaWiki code, see
mw-config/overrides/README for details.
* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
permissions
* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true
-* (T115333) SECURITY: Check read permission when loading page content in ApiParse
+* (T115333) SECURITY: Check read permission when loading page content in
+ ApiParse
* Remove support for $wgWellFormedXml = false, all output is now well formed
== MediaWiki 1.26.3 ==
** dty (डोटेली/Doteli), thanks to translators जनक राज भट्ट, बिप्लब आनन्द,
मेश सिंह बोहरा, and राम प्रसाद जोशी
** luz (لئری دوٙمینی / Southern Luri)
-** olo (Livvinкarjala / Livvi-Karelian), thanks to translators Denö, Hiloin Natoi,
- Ilja.mos, and Mashoi7
+** olo (Livvinкarjala / Livvi-Karelian), thanks to translators Denö, Hiloin
+ Natoi, Ilja.mos, and Mashoi7
=== Other changes in 1.26 ===
* ChangeTags::tagDescription() will return false if the interface message
- The $uniq_prefix argument for Parser::extractTagsAndParams() and the
$prefix argument for StripState::_construct() are deprecated and their
value is ignored.
-* wfSuppressWarnings() and wfRestoreWarnings() were split into a separate library,
- mediawiki/at-ease, and are now deprecated. Callers should use
+* wfSuppressWarnings() and wfRestoreWarnings() were split into a separate
+ library, mediawiki/at-ease, and are now deprecated. Callers should use
MediaWiki\suppressWarnings() and MediaWiki\restoreWarnings() directly.
* The Block class constructor now takes an associative array of parameters
instead of many optional positional arguments. Calling the constructor the old
be installed and running for any such queues to work.
* $wgAutopromoteOnce no longer supports the 'view' event. For keeping some
compatibility, any 'view' event triggers will still trigger on 'edit'.
-* $wgExtensionDirectory was added for when your extensions directory is somewhere
- other than $IP/extensions (as $wgStyleDirectory does with the skins directory).
+* $wgExtensionDirectory was added for when your extensions directory is
+ somewhere other than $IP/extensions (as $wgStyleDirectory does with the skins
+ directory).
=== New features in 1.25 ===
* (T64861) Updated plural rules to CLDR 26. Includes incompatible changes
that fall back to Russian.
* (T60139) ResourceLoaderFileModule now supports language fallback
for 'languageScripts'.
-* Added a new hook, "ContentAlterParserOutput", to allow extensions to modify the
- parser output for a content object before links update.
+* Added a new hook, "ContentAlterParserOutput", to allow extensions to modify
+ the parser output for a content object before links update.
* (T37785) Enhanced recent changes and extended watchlist are now default.
- Documentation: https://meta.wikimedia.org/wiki/Special:MyLanguage/Help:Enhanced_recent_changes
- and https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:$wgDefaultUserOptions.
+ Documentation: https://meta.wikimedia.org/wiki/Help:Enhanced_recent_changes
+ and https://www.mediawiki.org/wiki/Manual:$wgDefaultUserOptions
* (T69341) SVG images will no longer be base64-encoded when being embedded
in CSS. This results in slight size increase before gzip compression (due to
percent-encoding), but up to 20% decrease after it.
snippets) usually displayed in the top-right corner of the page. They have
been in use on Wikipedia for a long time, implemented using templates and CSS
absolute positioning.
- - Basic wikitext syntax: <indicator name="foo">[[File:Foo.svg|20px]]</indicator>
- - Usage instructions: https://www.mediawiki.org/wiki/Help:Page_status_indicators
+ - Basic wikitext syntax:
+ <indicator name="foo">[[File:Foo.svg|20px]]</indicator>
+ - Usage instructions:
+ https://www.mediawiki.org/wiki/Help:Page_status_indicators
- Adjusting custom skins to support indicators:
- https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Skinning#Page_status_indicators
+ https://www.mediawiki.org/wiki/Manual:Skinning#Page_status_indicators
* Edit tokens may now be time-limited: passing a maximum age to
User::matchEditToken will reject any older tokens.
* The debug logging internals have been overhauled, and are now using the
dynamically-compiled Mustache templates (currently uses lightncandy library).
* Clickable anchors for each section heading in the content are now generated
and appear in the gutter on hovering over the heading.
-* Added 'CategoryViewer::doCategoryQuery' and 'CategoryViewer::generateLink' hooks
- to allow extensions to override how links to pages are rendered within NS_CATEGORY
-* (T19665) Special:WantedPages only lists page which having at least one red link
- pointing to it.
+* Added 'CategoryViewer::doCategoryQuery' and 'CategoryViewer::generateLink'
+ hooks to allow extensions to override how links to pages are rendered within
+ NS_CATEGORY
+* (T19665) Special:WantedPages only lists page which having at least one red
+ link pointing to it.
* New hooks 'ApiMain::moduleManager' and 'ApiQuery::moduleManager', can be
used for conditional registration of API modules.
* New hook 'EnhancedChangesList::getLogText' to alter, remove or add to the
interface, reachable via IContextSource::getStats().
* Move the jQuery Client library from being mastered in MediaWiki as v0.1.0 to a
proper, published library, which is now tagged as v1.0.0.
-* A new message (defaulting to blank), 'editnotice-notext', can be shown to users
- when they are editing if no edit notices apply to the page being edited.
+* A new message (defaulting to blank), 'editnotice-notext', can be shown to
+ users when they are editing if no edit notices apply to the page being edited.
* (T94536) You can now make the sitenotice appear to logged-in users only by
editing MediaWiki:Anonnotice and replacing its content with "". Setting it to
"-" (default) will continue disable it and fallback to MediaWiki:Sitenotice.
==== External libraries ====
* MediaWiki now requires certain external libraries to be installed. In the past
these were bundled inside the Git repository of MediaWiki core, but now they
- need to be installed separately. For users using the tarball, this will be taken
- care of and no action will be required. Users using Git will either need to use
- composer to fetch dependencies or use the mediawiki/vendor repository which includes
- all dependencies for MediaWiki core and ones used in Wikimedia deployment. Detailed
- instructions can be found at:
+ need to be installed separately. For users using the tarball, this will be
+ taken care of and no action will be required. Users using Git will either need
+ to use composer to fetch dependencies or use the mediawiki/vendor repository
+ which includes all dependencies for MediaWiki core and ones used in Wikimedia
+ deployment. Detailed instructions can be found at:
https://www.mediawiki.org/wiki/Download_from_Git#Fetch_external_libraries
* The following libraries are now required:
** psr/log
- This library provides the interfaces set by the PSR-3 standard (http://www.php-fig.org/psr/psr-3/)
- which are used by MediaWiki internally via the
- MediaWiki\Logger\LoggerFactory class.
- See the structured logging RfC (https://www.mediawiki.org/wiki/Special:MyLanguage/Requests_for_comment/Structured_logging)
+ This library provides the interfaces set by the PSR-3 standard
+ (http://www.php-fig.org/psr/psr-3/) which are used by MediaWiki internally
+ via the MediaWiki\Logger\LoggerFactory class.
+ See the structured logging RfC
+ <https://www.mediawiki.org/wiki/Requests_for_comment/Structured_logging>
for more background information.
** cssjanus/cssjanus
This library was formerly bundled with MediaWiki core and has been removed.
This library was formerly bundled with MediaWiki core and has been removed.
It compiles LESS files into CSS.
** wikimedia/cdb
- This library was formerly a part of MediaWiki core, and has been moved into a separate library.
- It provides CDB functions which are used in the Interwiki and Localization caches.
- More information about the library can be found at https://www.mediawiki.org/wiki/Special:MyLanguage/CDB.
+ This library was formerly a part of MediaWiki core, and has been moved into a
+ separate library. It provides CDB functions which are used in the Interwiki
+ and Localization caches. More information about the library can be found at
+ https://www.mediawiki.org/wiki/CDB.
** liuggio/statsd-php-client
- This library provides a StatsD client API for logging application metrics to a remote server.
+ This library provides a StatsD client API for logging application metrics to
+ a remote server.
=== Bug fixes in 1.25 ===
* (T73003) No additional code will be generated to try to load CSS-embedded
* (T70361) Autocomments containing "/*" are parsed correctly.
* The Special:WhatLinksHere page linked from 'Number of redirects to this page'
on action=info about a file page does not list file links anymore.
-* (T78637) Search bar is not autofocused unless it is empty so that proper scrolling using arrow keys is possible.
-* (T50853) Database::makeList() modified to handle 'NULL' separately when building IN clause
+* (T78637) Search bar is not autofocused unless it is empty so that proper
+ scrolling using arrow keys is possible.
+* (T50853) Database::makeList() modified to handle 'NULL' separately when
+ building IN clause
* (T85192) Captcha position modified in Usercreate template. As a result:
** extrafields parameter added to Usercreate.php to insert additional data
-** 'extend' method added to QuickTemplate to append additional values to any field of data array
+** 'extend' method added to QuickTemplate to append additional values to any
+ field of data array
* (T86974) Several Title methods now load from the database when necessary
(instead of returning incorrect results) even when the page ID is known.
-* (T74070) Duplicate search for archived files on file upload now omits the extension.
+* (T74070) Duplicate search for archived files on file upload now omits the
+ extension.
This requires the fa_sha1 field being populated.
* Removed rel="archives" from the "View history" link, as it did not pass
HTML validation.
* $wgUseTidy is now set when parserTests are run with the tidy option to match
output on wiki.
-* (T37472) update.php will purge ResourceLoader cache unless --nopurge is passed to it.
-* (T72109) mediawiki.language should respect $wgTranslateNumerals in convertNumber().
+* (T37472) update.php will purge ResourceLoader cache unless --nopurge is passed
+ to it.
+* (T72109) mediawiki.language should respect $wgTranslateNumerals in
+ convertNumber().
=== Action API changes in 1.25 ===
* (T67403) XML tag highlighting is now only performed for formats
log entry is not implemented yet.
* list=tags has additional properties to indicate 'active' status and tag
sources.
-* siprop=libraries was added to ApiQuerySiteInfo to list installed external libraries.
+* siprop=libraries was added to ApiQuerySiteInfo to list installed external
+ libraries.
* (T88010) Added action=checktoken, to test a CSRF token's validity.
* (T88010) Added intestactions to prop=info, to allow querying of
Title::userCan() via the API.
* ApiHelp has been rewritten to support i18n and paginated HTML output.
Most existing modules should continue working without changes, but should do
the following:
- * Add an i18n message "apihelp-{$moduleName}-description" to replace getDescription().
+ * Add an i18n message "apihelp-{$moduleName}-description" to replace
+ getDescription().
* Add i18n messages "apihelp-{$moduleName}-param-{$param}" for each parameter
to replace getParamDescription(). If necessary, the settings array returned
by getParams() can use the new ApiBase::PARAM_HELP_MSG key to override the
has been removed.
* ApiFormatBase now always buffers. Output is done when
ApiFormatBase::closePrinter is called.
-* Much of the logic in ApiQueryRevisions has been split into ApiQueryRevisionsBase.
+* Much of the logic in ApiQueryRevisions has been split into
+ ApiQueryRevisionsBase.
* The 'revids' parameter supplied by ApiPageSet will now count deleted
revisions as "good" if the user has the 'deletedhistory' right. New methods
ApiPageSet::getLiveRevisionIDs() and ApiPageSet::getDeletedRevisionIDs() are
* Removed XmlDumpWriter::schemaVersion(). (deprecated since 1.20)
* Removed LogEventsList::getDisplayTitle(). (deprecated since 1.20)
* Removed Preferences::trySetUserEmail(). (deprecated since 1.20)
-* Removed mw.user.name() and mw.user.anonymous() methods. (deprecated since 1.20)
+* Removed mw.user.name() and mw.user.anonymous() methods. (deprecated since
+ 1.20)
* Removed 'ok' and 'err' parameters in the mediawiki.api modules. (deprecated
since 1.20)
* Removed 'async' parameter from the mw.Api#getCategories() method. (deprecated
* Deprecated the getInternalLinkAttributes, getInternalLinkAttributesObj,
and getInternalLinkAttributes methods in Linker, and removed
getExternalLinkAttributes method, which was deprecated in MediaWiki 1.18.
-* Removed Sites class, which was deprecated in 1.21 and replaced by SiteSQLStore.
+* Removed Sites class, which was deprecated in 1.21 and replaced by
+ SiteSQLStore.
* Added wgRelevantArticleId to the client-side config, for use on special pages.
* Deprecated the TitleIsCssOrJsPage hook. Superseded by the
ContentHandlerDefaultModelFor hook since MediaWiki 1.21.
$form->setDisplayFormat( 'vform' ); // throws exception
Instead, do this:
$form = HTMLForm::factory( 'vform', … );
-* Deprecated Revision methods getRawUser(), getRawUserText() and getRawComment().
+* Deprecated Revision methods getRawUser(), getRawUserText() and
+ getRawComment().
* BREAKING CHANGE: mediawiki.user.generateRandomSessionId:
The alphabet of the prior string returned was A-Za-z0-9 and now it is 0-9A-F
* (T87504) Avoid serving SVG background-images in CSS for Opera 12, which
* Removed maintenance script dumpSisterSites.php.
* DatabaseBase class constructors must be called using the array argument style.
Ideally, DatabaseBase:factory() should be used instead in most cases.
-* Deprecated ParserOutput::addSecondaryDataUpdate and ParserOutput::getSecondaryDataUpdates.
- This is a hard deprecation, with getSecondaryDataUpdates returning an empty array and
- addSecondaryDataUpdate throwing an exception. These functions will be removed in 1.26,
- since they interfere with caching of ParserOutput objects.
-* Introduced new hook 'SecondaryDataUpdates' that allows extensions to inject custom updates.
-* Introduced new hook 'OpportunisticLinksUpdate' that allows extensions to perform
- updates when a page is re-rendered.
+* Deprecated ParserOutput::addSecondaryDataUpdate and
+ ParserOutput::getSecondaryDataUpdates.
+ This is a hard deprecation, with getSecondaryDataUpdates returning an empty
+ array and addSecondaryDataUpdate throwing an exception. These functions will
+ be removed in 1.26, since they interfere with caching of ParserOutput objects.
+* Introduced new hook 'SecondaryDataUpdates' that allows extensions to inject
+ custom updates.
+* Introduced new hook 'OpportunisticLinksUpdate' that allows extensions to
+ perform updates when a page is re-rendered.
* EditPage::attemptSave has been modified not to call handleStatus itself and
- instead just returns the Status object. Extension calling it should be aware of
- this.
+ instead just returns the Status object. Extension calling it should be aware
+ of this.
* Removed class DBObject. (unused since 1.10)
* wfDiff() is deprecated.
* The -m (maximum replication lag) option of refreshLinks.php was removed.
retrievedfrom, thisisdeleted, viewsourcelink, lastmodifiedat, laggedslavemode,
protect-summary-cascade
* All BloomCache related code has been removed. This was largely experimental.
-* $wgResourceModuleSkinStyles no longer supports per-module local or remote paths. They
- can only be set for the entire skin.
+* $wgResourceModuleSkinStyles no longer supports per-module local or remote
+ paths. They can only be set for the entire skin.
* Removed global function swap(). (deprecated since 1.24)
* Deprecated the ".php5" file extension entry points and the $wgScriptExtension
configuration variable. Refer to the ".php" files instead. If you want
* $wgCompiledFiles has been removed.
* $wgSortSpecialPages was removed, the listing on Special:SpecialPages is
now always sorted.
-* $wgSpecialPages may now use callback functions as an alternative to plain class names.
- This allows more control over constructor parameters.
+* $wgSpecialPages may now use callback functions as an alternative to plain
+ class names. This allows more control over constructor parameters.
* $wgHTCPMulticastAddress, $wgHTCPMulticastRouting and $wgHTCPPort were removed.
* $wgRC2UDPAddress, $wgRC2UDPInterwikiPrefix, $wgRC2UDPOmitBots, $wgRC2UDPPort
and $wgRC2UDPPrefix have been removed.
* The default password type for MediaWiki has been changed from MD5 to PBKDF2.
- Password hashes will automatically be updated as users log in. If necessary, the
- old MD5 hashing can be restored by changing $wgPasswordDefault to 'B'. In addition,
- there is a maintenance script wrapOldPassword.php that can wrap all passwords in
- PBKDF2 (or the hashing algorithm of your choice) if you don't want to wait for your
- users to log in.
+ Password hashes will automatically be updated as users log in. If necessary,
+ the old MD5 hashing can be restored by changing $wgPasswordDefault to 'B'.
+ In addition, there is a maintenance script wrapOldPassword.php that can wrap
+ all passwords in PBKDF2 (or the hashing algorithm of your choice) if you don't
+ want to wait for your users to log in.
* $wgImportSources can now either be a regular array, or an associative map
specifying subprojects on the interwiki map of the target wiki, or a mix of
the two. Existing configurations will still work.
-* Users must be able to edit through a page's protection to be able to delete it.
-* The default thumb size ($wgDefaultUserOptions['thumbsize']) is now 300px, up from
- 180px. If you have altered the number of entries in $wgThumbLimits for your wiki, you
- may need to adjust your default user settings to compensate for the index change.
-* $wgDeferredUpdateList is now deprecated, you should use DeferredUpdates::addUpdate()
- instead.
+* Users must be able to edit through a page's protection to be able to delete
+ it.
+* The default thumb size ($wgDefaultUserOptions['thumbsize']) is now 300px, up
+ from 180px. If you have altered the number of entries in $wgThumbLimits for
+ your wiki, you may need to adjust your default user settings to compensate for
+ the index change.
+* $wgDeferredUpdateList is now deprecated, you should use
+ DeferredUpdates::addUpdate() instead.
* $wgCanonicalLanguageLinks has been removed. Per Google recommendations, we
will not send a rel=canonical pointing to a variant-neutral page, however
we will send rel=alternate.
-* $wgResourceLoaderLESSFunctions has been deprecated and will be removed in the future.
+* $wgResourceLoaderLESSFunctions has been deprecated and will be removed in the
+ future.
* $wgGoToEdit has been removed. Use the SpecialSearchNogomatch hook for similar
functionality.
specified for backwards-compatibility and to define the path Special:Version
uses to find extension license information.
* Browser tests are now included to verify basic wiki functionality in developer
- environments. For details on running tests, see tests/browser/README.mediawiki.
+ environments. For details on running tests, see
+ tests/browser/README.mediawiki.
* Upgrade jStorage to v0.4.10.
* {{!}} is now a magic word that produces the | character. This removes the need
for Template:! for purposes such as passing pipes inside of parameters.
* (bug 4488) There is now a preference to watch pages where the user has
rollbacked an edit by default.
* (bug 15484) Users will now be redirected to the login page when they need to
- log in, rather than being shown a page asking them to log in and having to click
- another link to actually get to the login page.
+ log in, rather than being shown a page asking them to log in and having to
+ click another link to actually get to the login page.
* A JsonContent and JsonContentHandler were added for extensions to extend.
* (bug 35045) Redirects to sections will now update the URL in browser's address
bar using the HTML5 History API. When [[Dog]] redirects to [[Animals#Dog]],
* Added HTMLAutoCompleteSelectField.
* Added a new hook, "SkinPreloadExistence", to allow extensions to add titles to
link existence cache before the page is rendered.
-* Config::set() was moved to its own interface, MutableConfig. GlobalVarConfig::set()
- is now deprecated, does not implement MutableConfig.
-* A MutableConfig named HashConfig was added, that stores an array of configuration
- settings.
+* Config::set() was moved to its own interface, MutableConfig.
+ GlobalVarConfig::set() is now deprecated, does not implement MutableConfig.
+* A MutableConfig named HashConfig was added, that stores an array of
+ configuration settings.
* (bug 69418) A MultiConfig implementation was added that supports fallback
to multiple Config instances.
* Update CSSJanus to v1.1.0.
-* Added FormatJson::parse() returning status with result or localized error message
+* Added FormatJson::parse() returning status with result or localized error
+ message
* Added DeletedContribsPager::reallyDoQuery hook allowing extensions to data to
Special:DeletedContributions
* Added DeletedContributionsLineEnding hook allowing extensions to format
$wgAPIPropModules, and $wgAPIListModules settings) now allow API modules
to be specified using a "module spec" array instead of a plain class name.
A "module spec" is an associative array containing at least the 'class' key
- for the module's class, and optionally a 'factory' key for the factory function
- to use for the module. This is intended for extensions that want control over
- the instantiation of their API modules, to allow for proper dependency
- injection.
+ for the module's class, and optionally a 'factory' key for the factory
+ function to use for the module. This is intended for extensions that want
+ control over the instantiation of their API modules, to allow for proper
+ dependency injection.
* A new param type 'submodule' is available. Parameters of this type will take
the list of valid values from the module's ApiModuleManager for the group
corresponding to the parameter name.
-* The 'APIGetPossibleErrors' and 'APIGetResultProperties' hooks are no longer used.
+* The 'APIGetPossibleErrors' and 'APIGetResultProperties' hooks are no longer
+ used.
* API token handling has been rewritten. Any API module using tokens will need
to be updated:
* ApiBase::needsToken now returns a token type instead of boolean true when a
is unused by any modern extension.
* Removed maintenance/nextJobDB.php; no longer in use.
* Removed global function wfViewPrevNext(). (deprecated since 1.19)
-* Removed global function xmlsafe() from Export.php. (moved to OAIRepo extension)
+* Removed global function xmlsafe() from Export.php. (moved to OAIRepo
+ extension)
* Removed Title::userCanRead(). (deprecated since 1.19)
* Removed maintenance script importTextFile.php. Use edit.php script instead.
* A _from_namespace field has been added to the templatelinks, pagelinks,
userNotLoggedInPage() from EditPage.php. (deprecated since 1.19)
* Removed functions getContent(), getPreloadedText(), mergeChangesInto() and
setPreloadedText() from EditPage.php. (deprecated since 1.21)
-* Removed global functions wfArrayLookup(), wfArrayMerge(), wfDebugDieBacktrace()
- and wfTime(). (deprecated since 1.22)
+* Removed global functions wfArrayLookup(), wfArrayMerge(),
+ wfDebugDieBacktrace() and wfTime(). (deprecated since 1.22)
* Browser support for Internet Explorer 6 and 7 lowered from Grade A to Grade C,
meaning that JavaScript is no longer executed in these browser versions.
* Browser support for Opera 11 lowered from Grade A to Grade C.
-* Removed IEFixes module which existed purely to provide support for MSIE versions
- below 7 (conditionally loaded only for those browsers).
+* Removed IEFixes module which existed purely to provide support for MSIE
+ versions below 7 (conditionally loaded only for those browsers).
* Deprecated SpecialPageFactory::getList() in favor of
SpecialPageFactory::getNames()
* Action::checkCanExecute() no longer has a return value.
* Submitting the lgtoken and lgpassword parameters in the query string to
action=login is now deprecated and outputs a warning. They should be submitted
in the POST body instead.
-* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow redirect
- to interwiki links.
+* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow
+ redirect to interwiki links.
* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
$wgAdvancedSearchHighlighting is true.
* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
their values out of the logs.
-* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a CSRF
- token.
+* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a
+ CSRF token.
* (T156184) SECURITY: Escape content model/format url parameter in message.
* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
declaration.
-* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file inclusion
- syntax's link parameter.
-* (T108138) SECURITY: Sysops can undelete pages, although the page is protected against
- it.
+* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
+ inclusion syntax's link parameter.
+* (T108138) SECURITY: Sysops can undelete pages, although the page is protected
+ against it.
== MediaWiki 1.23.15 ==
* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
permissions
* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true
-* (T115333) SECURITY: Check read permission when loading page content in ApiParse
+* (T115333) SECURITY: Check read permission when loading page content in
+ ApiParse
* Remove support for $wgWellFormedXml = false, all output is now well formed
== MediaWiki 1.23.13 ==
* (bug 65839) SECURITY: Prevent external resources in SVG files.
* (bug 67025) Special:Watchlist: Don't try to render empty row.
-* (bug 66922) Don't allow some E_NOTICE messages to end up in the LocalSettings.php.
+* (bug 66922) Don't allow some E_NOTICE messages to end up in the
+ LocalSettings.php.
* (bug 66467) FileBackend: Avoid using popen() when "parallelize" is disabled.
* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects
like only extracting the tail of the file partially or not at all.
buttons.
* Special:UserLogin/signup now does AJAX checks for invalid and taken usernames,
displaying the error live.
-* Added BaseTemplateAfterPortlet hook to allow injecting html after portlets in skins.
+* Added BaseTemplateAfterPortlet hook to allow injecting html after portlets in
+ skins.
* Support has been added for a JSON based localisation file format. The
installer has been updated to use it.
* Changes to content typography (colors, line-height etc.). See
single icon (from nine). This should not affect local rules unless they were
re-using these icons, which have now been deleted.
* ResourceLoader: mw.loader.using() now implements a Promise interface.
-* Add new hook ChangesListInitRows accessed via ChangesList::initChangesListRows.
+* Add new hook ChangesListInitRows accessed via
+ ChangesList::initChangesListRows.
If called by the ChangesList consumer this gives extensions a chance to batch
process the result set prior to rendering.
-* A PoolCounterRedis class was added which can be make use of in $wgPoolCounterConf.
- This requires at least one Redis 2.6+ server.
+* A PoolCounterRedis class was added which can be make use of in
+ $wgPoolCounterConf. This requires at least one Redis 2.6+ server.
* $wgProfileToDatabase was removed. Set $wgProfiler to ProfilerSimpleDB
in StartProfiler.php instead of using this.
* (bug 63444) Made it possible to change the indent string (default: 4 spaces)
This is a security release of the MediaWiki 1.22 branch.
=== Changes since 1.22.11 ===
-* (bug 70672) SECURITY: OutputPage: Remove separation of css and js module allowance.
+* (bug 70672) SECURITY: OutputPage: Remove separation of css and js module
+ allowance.
== MediaWiki 1.22.11 ==
This is a security release of the MediaWiki 1.22 branch.
=== Changes since 1.22.10 ===
-* (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style> elements; normalize style elements and attributes before filtering; add checks for attributes that contain css; add unit tests for html5sec and reported bugs.
+* (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style>
+ elements; normalize style elements and attributes before filtering; add checks
+ for attributes that contain css; add unit tests for html5sec and reported
+ bugs.
== MediaWiki 1.22.10 ==
This is a maintenance release of the MediaWiki 1.22 branch.
=== Changes since 1.22.9 ===
* (bug 64970) Fix support for blobs on DatabaseOracle::update
-* (bug 60719) In MediaWiki 1.22, the job queue execution on each page request was changed (Gerrit change 59797) so, instead of executing the job inside the same PHP process that's rendering the page, a new PHP cli command is spawned to execute runJobs.php in the background. It will only work if $wgPhpCli is set to an actual path or safe mode is off, otherwise, the old method will be used. https://www.mediawiki.org/wiki/Manual:Job_queue#Changes_introduced_in_MediaWiki_1.22 for more information. This change was in earlier releases of 1.22 but was not noted here until now.
+* (bug 60719) In MediaWiki 1.22, the job queue execution on each page request
+ was changed (Gerrit change 59797) so, instead of executing the job inside the
+ same PHP process that's rendering the page, a new PHP cli command is spawned
+ to execute runJobs.php in the background. It will only work if $wgPhpCli is
+ set to an actual path or safe mode is off, otherwise, the old method will be
+ used. See
+ https://www.mediawiki.org/wiki/Manual:Job_queue#Changes_in_MediaWiki_1.22
+ for more information. This change was in earlier releases of 1.22 but was not
+ noted here until now.
== MediaWiki 1.22.9 ==
This is a security and maintenance release of the MediaWiki 1.22 branch.
=== Changes since 1.22.8 ===
* (bug 68187) SECURITY: Prepend jsonp callback with comment.
-* (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used for loading a new page in Javascript,instead of relying on the URL in the link that has been clicked.
-* (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and ParserOutput.
+* (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used
+ for loading a new page in Javascript,instead of relying on the URL in the
+ link that has been clicked.
+* (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and
+ ParserOutput.
* (bug 59147) The img_metadata field was not being decoded from bytea into text.
== MediaWiki 1.22.8 ==
=== Changes since 1.22.7 ===
* (bug 65839) SECURITY: Prevent external resources in SVG files.
-* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like only extracting the tail of the file partially or not at all.
+* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like
+ only extracting the tail of the file partially or not at all.
== MediaWiki 1.22.7 ==
This is a security and maintenance release of the MediaWiki 1.22 branch.
=== Changes since 1.22.6 ===
-* (bug 65501) SECURITY: Don't parse usernames as wikitext on Special:PasswordReset.
+* (bug 65501) SECURITY: Don't parse usernames as wikitext on
+ Special:PasswordReset.
* (bug 36356) Add space between two feed links.
-* (bug 63269) Email notifications were not correctly handling the MediaWiki:Helppage message being set to a full URL. This is a regression from the 1.22.5 point release, which made the default value for it a URL. If you customized MediaWiki:Enotif body (the text of email notifications), you'll need to edit it locally to include the URL via the new variable $HELPPAGE instead of the parser functions fullurl and canonicalurl; otherwise you don't have to do anything.
-Add missing uploadstash.us_props for PostgreSQL.
+* (bug 63269) Email notifications were not correctly handling the
+ MediaWiki:Helppage message being set to a full URL. This is a regression from
+ the 1.22.5 point release, which made the default value for it a URL. If you
+ customized MediaWiki:Enotif body (the text of email notifications), you'll
+ need to edit it locally to include the URL via the new variable $HELPPAGE
+ instead of the parser functions fullurl and canonicalurl; otherwise you don't
+ have to do anything.
+* Add missing uploadstash.us_props for PostgreSQL.
* (bug 56047) Fixed stream wrapper in PhpHttpRequest.
== MediaWiki 1.22.6 ==
* Fix custom local MediaWiki:Helppage values.
* mediawiki.js: Fix documentation breakage.
* (bug 58153) Make MySQLi work with non standard port.
-* (bug 53887) Reintroduced a link to help pages in the default sidebar, that any sysop can customize by editing MediaWiki:Sidebar locally. The link now points to a mediawiki.org page which is guaranteed to exist. Nothing needs to be done on your end, but remember to adjust MediaWiki:Sidebar for the needs of your wikis. Everyone can help with the shared documentation by translating: https://www.mediawiki.org/wiki/Special:Translate/agg-Help_pages .
-* (bug 53888) Corrected a regression in 1.22 which introduced red links on the login page. If you previously installed 1.22.x and have created a local page to make the red link blue, write its title as in MediaWiki:helplogin-url if you didn't already. Otherwise, you don't need to do anything, but you can translate the help page at https://www.mediawiki.org/wiki/Help:Logging_in .
+* (bug 53887) Reintroduced a link to help pages in the default sidebar, that any
+ sysop can customize by editing MediaWiki:Sidebar locally. The link now points
+ to a mediawiki.org page which is guaranteed to exist. Nothing needs to be done
+ on your end, but remember to adjust MediaWiki:Sidebar for the needs of your
+ wikis. Everyone can help with the shared documentation by translating:
+ https://www.mediawiki.org/wiki/Special:Translate/agg-Help_pages .
+* (bug 53888) Corrected a regression in 1.22 which introduced red links on the
+ login page. If you previously installed 1.22.x and have created a local page
+ to make the red link blue, write its title as in MediaWiki:helplogin-url if
+ you didn't already. Otherwise, you don't need to do anything, but you can
+ translate the help page at <https://www.mediawiki.org/wiki/Help:Logging_in>.
== MediaWiki 1.22.4 ==
This is a maintenance release of the MediaWiki 1.22 branch.
This is a security and bugfix release of the MediaWiki 1.22 branch.
=== Changes since 1.22.2 ===
-* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. * User will get an error including the namespace name if they use a non- whitelisted namespace.
-* (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time.
+* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted
+ namespaces. Also disallow iframe elements. * User will get an error including
+ the namespace name if they use a non- whitelisted namespace.
+* (bug 61346) SECURITY: Make token comparison use constant time. It seems like
+ our token comparison would be vulnerable to timing attacks. This will take
+ constant time.
* (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.
-* (bug 53710) Add sequence support for upsert in DatabaseOracle in the same way as in selectInsert
-* (bug 60231, bug 58719) Various fixes to job running code in Wiki.php: Make it async on Windows. Fixed possible "invalid filename" errors on Windows. Redirect output to dev/null to avoid hanging PHP.
-* (bug 60083) Correct sequence name for fresh Postgres installation. Spotted by gebhkla
-* (bug 60531) Avoid variable naming conflicts in DatabasePostgres::selectSQLText. Spotted by gebhkla
+* (bug 53710) Add sequence support for upsert in DatabaseOracle in the same way
+ as in selectInsert
+* (bug 60231, bug 58719) Various fixes to job running code in Wiki.php: Make it
+ async on Windows. Fixed possible "invalid filename" errors on Windows.
+ Redirect output to dev/null to avoid hanging PHP.
+* (bug 60083) Correct sequence name for fresh Postgres installation. Spotted by
+ gebhkla
+* (bug 60531) Avoid variable naming conflicts in
+ DatabasePostgres::selectSQLText. Spotted by gebhkla
* (bug 60094) Fix rebuildall.php fatal error with PostgreSQL.
* (bug 43817) Add error handling if descriptionmsg isn't defined for extension.
* (bug 60543) Special:PrefixIndex omits stripprefix=1 for "Next page" link.
This is a security and bugfix release of the MediaWiki 1.22 branch.
=== Changes since 1.22.1 ===
-* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media formats
+* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media
+ formats
* (bug 58253) Check for very old PCRE versions in installer and updater
* (bug 60054) Make WikiPage::$mPreparedEdit public
* (bug 58553) SECURITY: Return error on invalid XML for SVG Uploads
* (bug 58699) SECURITY: Fix RevDel log entry information leaks
* (bug 58178) Restore compatibility with curl < 7.16.2.
-* (bug 56931) Updated the plural rules to CLDR 24. They are in new format which is detailed in UTS 35 Rev 33. The PHP parser and evaluator as well as the JavaScript evaluator were updated to support the new format. Plural rules for some languages have changed, most notably Russian. Affected software messages have been updated and marked for review at translatewiki.net. This change is backported from the development branch of MediaWiki 1.23.
+* (bug 56931) Updated the plural rules to CLDR 24. They are in new format which
+ is detailed in UTS 35 Rev 33. The PHP parser and evaluator as well as the
+ JavaScript evaluator were updated to support the new format. Plural rules for
+ some languages have changed, most notably Russian. Affected software messages
+ have been updated and marked for review at translatewiki.net. This change is
+ backported from the development branch of MediaWiki 1.23.
* (bug 58434) The broken installer for database backend Oracle was fixed.
-* (bug 58167) The web installer no longer throws an exception when PHP is compiled without support for MySQL yet with support for another DBMS.
-* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to appear blank or with missing text.
+* (bug 58167) The web installer no longer throws an exception when PHP is
+ compiled without support for MySQL yet with support for another DBMS.
+* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to
+ appear blank or with missing text.
* (bug 47055) Changed FOR UPDATE handling in Postgresql
* (bug 57026) Avoid extra parsing in prepareContentForEdit()
* $wgCascadingRestrictionLevels was added.
* ftps, ssh, sftp, xmpp, sip, sips, tel, sms, bitcoin, magnet, urn, and geo
have been whitelisted inside of $wgUrlProtocols.
-* $wgDocType and $wgDTD have been removed and are no longer used for the DOCTYPE.
-* $wgHtml5 is no longer used by core. Setting it to false will no longer disable HTML5.
- It is still set to true for extension compatibility but doing so in extensions is deprecated.
-* $wgXhtmlDefaultNamespace is no longer used by core. Setting it will no longer change the
- xmlns used by MediaWiki. Reliance on this variable by extensions is deprecated.
+* $wgDocType and $wgDTD have been removed and are no longer used for the
+ DOCTYPE.
+* $wgHtml5 is no longer used by core. Setting it to false will no longer disable
+ HTML5. It is still set to true for extension compatibility but doing so in
+ extensions is deprecated.
+* $wgXhtmlDefaultNamespace is no longer used by core. Setting it will no longer
+ change the xmlns used by MediaWiki. Reliance on this variable by extensions
+ is deprecated.
* $wgHandheldStyle was removed.
* $wgHandheldForIPhone was removed.
* $wgJsMimeType is no longer used by core. Most usage has been removed since
HTML output is now exclusively HTML5.
* $wgDBOracleDRCP added. True enables persistent connection with DRCP on Oracle.
-* $wgLogAutopatrol added to allow disabling logging of autopatrol edits in the logging table.
+* $wgLogAutopatrol added to allow disabling logging of autopatrol edits in the
+ logging table.
Default for $wgLogAutopatrol is true.
* The 'edit' right no longer allows for editing a user's own CSS and JS.
* New rights 'editmyusercss', 'editmyuserjs', 'viewmywatchlist',
* (bug 40866) wgOldChangeTagsIndex removed.
* $wgNoFollowDomainExceptions now only matches entire domains. For example,
an entry for 'bar.com' will still match 'foo.bar.com' but not 'foobar.com'.
-* $wgCopyUploadTimeout and $wgCopyUploadAsyncTimeout added to change the timeout times for
- fetching the file during upload by url.
+* $wgCopyUploadTimeout and $wgCopyUploadAsyncTimeout added to change the timeout
+ times for fetching the file during upload by url.
* New key added to $wgGalleryOptions - $wgGalleryOptions['mode'] to set
default gallery mode.
* New hook 'GalleryGetModes' to allow extensions to make new gallery modes.
-* The checkbox for staying in HTTPS displayed on the login form when $wgSecureLogin is
- enabled has been removed. Instead, whether the user stays in HTTPS will be determined
+* The checkbox for staying in HTTPS displayed on the login form when
+ $wgSecureLogin is enabled has been removed. Instead, whether the user stays in
+ HTTPS will be determined
based on the user's preferences, and whether they came from HTTPS or not.
* $wgRC2UDPAddress, $wgRC2UDPInterwikiPrefix, $wgRC2UDPOmitBots, $wgRC2UDPPort,
and $wgRC2UDPPrefix configuration options have been deprecated in favor of a
$wgRCFeeds configuration array. $wgRCFeeds makes both the format and
destination of recent change notifications customizable, and allows for
multiple destinations to be specified.
-* (bug 53862) portal-url, currentevents-url and helppage have been removed from the
- default Sidebar.
+* (bug 53862) portal-url, currentevents-url and helppage have been removed from
+ the default Sidebar.
* The 'vector-simplesearch' preference is now enabled by default. Previously
it was only enabled if the Vector extension was installed.
-* The precise format of metric datagrams produced by the UDP profiler and stats counter
- may now be specified as $wgUDPProfilerFormatString and $wgStatsFormatString,
- respectively.
+* The precise format of metric datagrams produced by the UDP profiler and stats
+ counter may now be specified as $wgUDPProfilerFormatString and
+ $wgStatsFormatString, respectively.
* (bug 54597) $wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath, and
$wgProxyMemcExpiry have been removed, along with the open proxy scanner
script they were added for.
=== New features in 1.22 ===
* You can now install extensions using Composer.
See https://www.mediawiki.org/wiki/Composer
-* (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and attributes.
+* (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and
+ attributes.
* (bug 33454) Language::sprintfDate now has a timezone parameter, and supports
the "eIOPTZ" formatting characters.
* EditWarning: A warning is shown when an editor leaves the edit form without
version of the Vector extension as this feature may conflict.
* New 'mediawiki.ui' CSS module providing mw-ui-* styles for buttons and a
compact vertical form layout.
-* HTMLForm supports a new display format 'vform' which applies this compact vertical
+* HTMLForm supports a new display format 'vform' which applies this compact
+ vertical
layout and button styling. Special:PasswordReset uses this format.
* New versions of login (Special:UserLogin) and create account
- (Special:UserLogin/signup) forms using the "vform" compact vertical form layout.
- These forms use new messages that assume a "Help logging in" link, see
+ (Special:UserLogin/signup) forms using the "vform" compact vertical form
+ layout. These forms use new messages that assume a "Help logging in" link, see
https://www.mediawiki.org/wiki/Manual:Page_customizations;
- https://www.mediawiki.org/wiki/Account_creation_user_experience/Strings lists the
- message key changes.
-* (bug 23343) Implemented ability to apply IP blocks to the contents of X-Forwarded-For headers
- by adding a new configuration variable $wgApplyIpBlocksToXff (disabled by default).
+ https://www.mediawiki.org/wiki/Account_creation_user_experience/Strings lists
+ the message key changes.
+* (bug 23343) Implemented ability to apply IP blocks to the contents of
+ X-Forwarded-For headers by adding a new configuration variable
+ $wgApplyIpBlocksToXff (disabled by default).
* The new hook 'APIGetPossibleErrors' to modify the list of possible errors was
added.
* (bug 25592) LogEventsList::showLogExtract() will now ignore various
well.
* (bug 45535) introduced the new 'LanguageLinks' hook for manipulating the
language links associated with a page before display.
-* Chosen (http://harvesthq.github.io/chosen/) was added as module 'jquery.chosen'
-* HTMLForm will turn multiselect checkboxes into a Chosen interface when setting cssclass 'mw-chosen'
+* Chosen (http://harvesthq.github.io/chosen/) was added as module
+ 'jquery.chosen'
+* HTMLForm will turn multiselect checkboxes into a Chosen interface when setting
+ cssclass 'mw-chosen'
* rebuildLocalisationCache learned --lang option. Let you rebuild l10n caches
of the specified languages instead of all of them.
* New GetNewMessagesAlert hook allowing extensions to disable or modify the new
* mediawiki.log: Added log.warn wrapper (uses console.warn and console.trace).
* mediawiki.log: Implemented log.deprecate. This method defines a property and
uses ES5 getter/setter to emit a warning when they are used.
-* $wgCascadingRestrictionLevels was added, allowing one to specify restriction levels
- which can be cascading (previously 'sysop' was hard-coded as the only one).
-* XHTML5 support has been improved. If you set $wgMimeType = 'application/xhtml+xml'
- MediaWiki will try outputting markup according to XHTML5 rules.
+* $wgCascadingRestrictionLevels was added, allowing one to specify restriction
+ levels which can be cascading (previously 'sysop' was hard-coded as the only
+ one).
+* XHTML5 support has been improved. If you set
+ $wgMimeType = 'application/xhtml+xml' MediaWiki will try outputting markup
+ according to XHTML5 rules.
* Altered hook 'ProtectionForm::save', adding the reason page protection is
changed as third parameter.
* New hook 'TitleSquidURLs' for manipulating the list of URLs to be purged from
HTTP caches when a page is changed.
-* Changed the patrolling system to always show the link for patrolling in case the
- current revision is patrollable. This also removed the usage of the rcid URI parameters.
+* Changed the patrolling system to always show the link for patrolling in case
+ the current revision is patrollable. This also removed the usage of the rcid
+ URI parameters.
* Oracle DB backend now supports Database Resident Connection Pooling (DRCP).
Can be enabled by setting $wgDBOracleDRCP=true.
Requires Oracle DB 11gR1 or above, enabled DRCP inside the DB itself and a
propper connect string.
More about DRCP can be found at:
- http://www.oracle-base.com/articles/11g/database-resident-connection-pool-11gr1.php
+ https://oracle-base.com/articles/11g/database-resident-connection-pool-11gr1
* Add a new parameter $patrolFooterShown to hook ArticleViewFooter so the hook
handlers can take further action based on the status of the patrol footer
* A new hook TitleQuickPermissions was added to allow overriding of quick
right?" check is used to avoid more expensive checks.
* (bug 14431) Display "(No difference)" instead of an empty diff (when comparing
revisions in the history or when previewing changes while editing).
-* New hook 'IsUploadAllowedFromUrl' is added which can be used to intercept uploads by
- URL, useful for blacklisting specific URLs
+* New hook 'IsUploadAllowedFromUrl' is added which can be used to intercept
+ uploads by URL, useful for blacklisting specific URLs
* (bug 21912) Watchlist token implementation has been refactored and
Special:ResetTokens was added to allow users to reset their tokens
instead of presenting them in Preferences.
too. Can be used whenever several multicast group could be interested by a
specific purge.
* (bug 25931) Add Special:RandomInCategory.
-* mediawiki.util: addPortletLink now supports passing a jQuery object as nextnode.
+* mediawiki.util: addPortletLink now supports passing a jQuery object as
+ nextnode.
* <wbr> can now be used inside WikiText.
* WebResponse::setcookie is much more featureful. Callers using PHP's
setcookie() or setrawcookie() should begin using this instead.
* (bug 30607) Special:ListFiles can now show old versions of files. Additionally
Special:AllMyUploads was introduced so the user can get a list of all things
they have ever uploaded, even if it was subsequently overridden.
-* Introduced Special:MyFiles and Special:AllMyFiles as an alias for Special:MyUploads
- and Special:AllMyUploads respectively.
+* Introduced Special:MyFiles and Special:AllMyFiles as an alias for
+ Special:MyUploads and Special:AllMyUploads respectively.
* IPv6 addresses in X-Forwarded-For headers are now normalised before checking
against allowed proxy lists.
* Add deferrable update support for callback/closure.
declared for all LESS files. Additional variables may be registered by
adding keys to the array.
** $wgResourceLoaderLESSFunctions is an associative array of custom LESS
- function names to PHP callables. See <http://leafo.net/lessphp/docs/#custom_functions>
+ function names to PHP callables. See
+ <http://leafo.net/lessphp/docs/#custom_functions>
for more details regarding custom functions.
** $wgResourceLoaderLESSImportPaths is an array of file system paths. Files
referenced in LESS '@import' statements are looked up here first.
the output of the API query meta=siteinfo&siprop=statistics
* Primary keys have been added to both the archive table and the externallinks
tables.
-* Added $wgEnableParserLimitReporting to control whether the NewPP limit report is
- output in a HTML comment.
+* Added $wgEnableParserLimitReporting to control whether the NewPP limit report
+ is output in a HTML comment.
* The 'UnwatchArticle' and 'WatchArticle' hooks now support a Status object
instead of just a boolean return value to abort the hook.
* Added a hook, SpecialWatchlistGetNonRevisionTypes, to allow extensions
with custom recentchanges entries to hook into the Watchlist without
clobbering each other.
-* A hidden, empty input field was added to the edit form, and any edit that fills
- it in will be rejected. This prevents against the simplest form of spambots.
- Previously in the "SimpleAntiSpam" extension by Ryan Schmidt.
+* A hidden, empty input field was added to the edit form, and any edit that
+ fills it in will be rejected. This prevents against the simplest form of
+ spambots. Previously in the "SimpleAntiSpam" extension by Ryan Schmidt.
* populateRevisionLength.php maintenance script updated to also populate
archive.ar_len field.
* (bug 43571) DatabaseMySQLBase learned to list views, optionally filtered by a
* Pager's properly validate which fields are allowed to be sorted on.
* mw.util.tooltipAccessKeyRegexp: The regex now matches "option-" as well.
Support for Mac "option" was added in 1.16, but the regex was never updated.
-* (bug 46768) Usernames of blocking users now display correctly, even if numeric.
+* (bug 46768) Usernames of blocking users now display correctly, even if
+ numeric.
* (bug 39590) Self-transclusions now show the most up to date result always
after save instead of being a revision behind.
* A bias in wfRandomString() toward digits 1-7 has been corrected. Generated
warning will instead be issued if 'title' is non-default, unless no props are
requested.
* Special:Recentchangeslinked will now include upload log entries
-* (bug 41281) Fixed ugly output if file size could not be extracted for multi-page media.
-* (bug 50315) list=logevents API module will now output log entries by anonymous users.
+* (bug 41281) Fixed ugly output if file size could not be extracted for
+ multi-page media.
+* (bug 50315) list=logevents API module will now output log entries by anonymous
+ users.
* (bug 38911) Handle headers with rowspan in jquery.tablesorter
* (bug 658) Converted the table of contents on wiki pages from <table> to <div>
and adjusted skin CSS accordingly. The CSS was carefully crafted to be
part of the Nostalgia extension.
* Event namespace used by jquery.makeCollapsible has been changed from
'mw-collapse' to 'mw-collapsible' for consistency with the module name.
-* BREAKING CHANGE: The "ExternalAuth" authentication subsystem was removed, along
- with its associated globals of $wgExternalAuthType, $wgExternalAuthConf,
+* BREAKING CHANGE: The "ExternalAuth" authentication subsystem was removed,
+ along with its associated globals of $wgExternalAuthType, $wgExternalAuthConf,
$wgAutocreatePolicy and $wgAllowPrefChange. Affected users are encouraged to
use AuthPlugin for external authentication/authorization needs.
* The Quickbar feature of the legacy skin model and the last remnants of it
* (bug 40785) mediawiki.legacy.ajax has been marked as deprecated. The following
properties now emit mw.log.warn when accessed: sajax_debug, sajax_init_object,
sajax_do_call and wfSupportsAjax.
-* BREAKING CHANGE: meta keywords are no longer supported. A <meta name="keywords"
- will no longer be output and OutputPage::addKeyword no longer exists.
+* BREAKING CHANGE: meta keywords are no longer supported. A
+ <meta name="keywords" will no longer be output and OutputPage::addKeyword no
+ longer exists.
* Methods Title::userCanEditCssSubpage and Title::userCanEditJsSubpage,
deprecated since 1.19, have been removed.
* (bug 50134) Hook functions are no longer required to return a value. When a
35981).
* BREAKING CHANGE: The 'mediawiki.legacy.wikiprintable' module has been removed.
The skins/common/wikiprintable.css file no longer exists. Return value of
- Skin#commonPrintStylesheet is ignored. Please use the 'mediawiki.legacy.commonPrint'
- module instead or base your skin on SkinTemplate.
+ Skin#commonPrintStylesheet is ignored. Please use the
+ 'mediawiki.legacy.commonPrint' module instead or base your skin on
+ SkinTemplate.
* (bug 49629) The hook ExtractThumbParameters has been deprecated in favour
of media handler overriding MediaHandler::parseParamString.
-* (bug 46512) The collapsibleNav feature from the Vector extension has been moved
- to the Vector skin in core.
+* (bug 46512) The collapsibleNav feature from the Vector extension has been
+ moved to the Vector skin in core.
* SpecialRecentChanges::addRecentChangesJS() function has been renamed
to addModules() and made protected.
* Methods WatchAction::doWatch and WatchAction::doUnwatch now return a Status
object instead of a boolean.
* Information boxes (CSS classes errorbox, warningbox, successbox) have been
made more subtle.
-* BREAKING CHANGE: The module 'mediawiki.legacy.IEFixes' has been removed as it was
- unused. The file skins/common/IEFixes.js remains but is only used by wikibits.
- The file never contained any re-usable components. To use it in a skin, load
- 'mediawiki.legacy.wikibits' (which IEFixes depends on) and that will import
- IEFixes automatically if user agent conditions are met.
+* BREAKING CHANGE: The module 'mediawiki.legacy.IEFixes' has been removed as it
+ was unused. The file skins/common/IEFixes.js remains but is only used by
+ wikibits. The file never contained any re-usable components. To use it in a
+ skin, load 'mediawiki.legacy.wikibits' (which IEFixes depends on) and that
+ will import IEFixes automatically if user agent conditions are met.
* Code specific to the Math extension was marked as deprecated.
* mediawiki.util: mw.util.wikiGetlink has been renamed to getUrl. (The old name
still works, but is deprecated.)
=== Changes since 1.21.10 ===
* (bug 65839) SECURITY: Prevent external resources in SVG files.
-* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like only extracting the tail of the file partially or not at all.
+* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like
+ only extracting the tail of the file partially or not at all.
== MediaWiki 1.21.10 ==
This is a security and maintenance release of the MediaWiki 1.21 branch.
=== Changes since 1.21.9 ===
-* (bug 65501) SECURITY: Don't parse usernames as wikitext on Special:PasswordReset.
+* (bug 65501) SECURITY: Don't parse usernames as wikitext on
+ Special:PasswordReset.
* (bug 36356) Add space between two feed links.
== MediaWiki 1.21.9 ==
=== Changes since 1.21.8 ===
* (bug 63251) SECURITY: Escape sortKey in pageInfo.
-* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to appear blank or with missing text.
+* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to
+ appear blank or with missing text.
== MediaWiki 1.21.8 ==
This is a security and maintenance release of the MediaWiki 1.21 branch.
This is a security release of the MediaWiki 1.21 branch.
=== Changes since 1.21.5 ===
-* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. * User will get an error including the namespace name if they use a non- whitelisted namespace.
-* (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time.
+* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted
+ namespaces. Also disallow iframe elements.
+* User will get an error including the namespace name if they use a
+ non-whitelisted namespace.
+* (bug 61346) SECURITY: Make token comparison use constant time. It seems like
+ our token comparison would be vulnerable to timing attacks. This will take
+ constant time.
* (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.
== MediaWiki 1.21.5 ==
This is a security release of the MediaWiki 1.21 branch.
=== Changes since 1.21.4 ===
-* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media formats
+* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media
+ formats
== MediaWiki 1.21.4 ==
This is a security release of the MediaWiki 1.21 branch.
=== Changes since 1.21.1 ===
* SECURITY: Fix extension detection with 2 .'s
-* SECURITY: Support for the 'gettoken' parameter to action=block and action=unblock, deprecated since 1.20, has been removed.
+* SECURITY: Support for the 'gettoken' parameter to action=block and
+ action=unblock, deprecated since 1.20, has been removed.
* SECURITY: Sanitize ResourceLoader exception messages
* Purge upstream caches when deleting file assets.
-* Unit test suite now runs the AutoLoader tests. Also fixed the autoloading entry for the PageORMTableForTesting class though it had no impact.
+* Unit test suite now runs the AutoLoader tests. Also fixed the autoloading
+ entry for the PageORMTableForTesting class though it had no impact.
== MediaWiki 1.21.1 ==
This is a maintenance release of the MediaWiki 1.21 branch.
=== Changes since 1.21.0 ===
-* An incorrect version number was used for 1.21.0. 1.21.1 has the correct number.
+* An incorrect version number was used for 1.21.0. 1.21.1 has the correct
+ number.
* A problem with the Oracle SQL table creation was fixed.
* (PdfHandler extension) Fix warning if pdfinfo fails but pdftext succeeds.
* maintenance/sql.php learned the --cluster option. Let you run the script
on some external cluster instead of the primary cluster for a given wiki.
* (bug 20281) test the parsing of inline URLs.
-* Added Special:PagesWithProp, which lists pages using a particular page property.
+* Added Special:PagesWithProp, which lists pages using a particular page
+ property.
* Implemented language-specific collations for category sorting for 67 languages
based in latin, greek and cyrillic alphabets. This allows one to *finally* get
articles to be correctly sorted on category pages. They are named
* (bug 43379) Gracefully fail if rev_len is unavailable for a revision on the
History page.
* (bug 42949) API no longer assumes all exceptions are MWException.
-* (bug 41733) Hide "New user message" (.usermessage) element from printable view.
+* (bug 41733) Hide "New user message" (.usermessage) element from printable
+ view.
* (bug 39062) Special:Contributions will display changes that don't have
a parent id instead of just an empty bullet item.
* (bug 37209) "LinkCache doesn't currently know about this title" error fixed.
extensions) performed using Git 1.7.8+ should now appear.
* (bug 42184) $wgUploadSizeWarning missing second variable
* (bug 40326) Check if files exist with a different extension during uploading
-* (bug 34798) Updated CSS for Atom/RSS recent changes feeds to match on-wiki diffs.
+* (bug 34798) Updated CSS for Atom/RSS recent changes feeds to match on-wiki
+ diffs.
* (bug 42430) Calling numRows on MySQL no longer propagates unrelated errors.
* (bug 44719) Removed mention of non-existing maintenance/migrateCurStubs.php
script in includes/DefaultSettings.php
* action=edit and action=parse now support contentmodel and contentformat
parameters to control the interpretation of page content.
See docs/contenthandler.txt for details.
-* (bug 35693) ApiQueryImageInfo now suppresses errors when unserializing metadata.
+* (bug 35693) ApiQueryImageInfo now suppresses errors when unserializing
+ metadata.
* (bug 40111) Disable minor edit for page/section creation by API.
* (bug 41042) Revert change to action=parse&page=... behavior when the page
does not exist.
* (bug 27202) Add timestamp sort to list=allimages.
-* (bug 43137) Don't return the sha1 of revisions through the API if the content is
- revision-deleted.
+* (bug 43137) Don't return the sha1 of revisions through the API if the content
+ is revision-deleted.
* ApiQueryImageInfo now also returns imageinfo for redirects.
* list=alltransclusions added to enumerate every instance of page embedding
* list=alllinks & alltransclusions now allow both 'from' and 'continue' in
a redirect and its target.
* (bug 43849) ApiQueryImageInfo no longer throws exceptions with ForeignDBRepo
redirects.
-* On error, any warnings generated before that error will be shown in the result.
-* action=help supports generalized submodules (modules=query+value), querymodules obsolete
+* On error, any warnings generated before that error will be shown in the
+ result.
+* action=help supports generalized submodules (modules=query+value),
+ querymodules obsolete
* ApiQueryImageInfo continuation is more reliable. The only major change is
that the imagerepository property will no longer be set on page objects not
processed in the current query (i.e. non-images or those skipped due to
iicontinue).
-* Add supports for all pageset capabilities - generators, redirects, converttitles to
- action=purge and action=setnotificationtimestamp.
+* Add supports for all pageset capabilities - generators, redirects,
+ converttitles to action=purge and action=setnotificationtimestamp.
* (bug 43251) prop=pageprops&ppprop= now accepts multiple props to query.
* ApiQueryImageInfo will now limit the number of calls to File::transform made
in any one query. If there are too many, iicontinue will be returned.
HTTP OPTIONS request.
* (bug 44923) action=upload works correctly if the entire file is uploaded in
the first chunk.
-* Added 'continue=' parameter to streamline client iteration over complex query results
+* Added 'continue=' parameter to streamline client iteration over complex query
+ results
* (bug 44909) API parameters may now be marked as type "upload", which is now
used for action=upload's 'file' and 'chunk' parameters. This type will raise
an error during parameter validation if the parameter is given but not
longer be), and will no longer choke on booleans.
=== API internal changes in 1.21 ===
-* For debugging only, a new global $wgDebugAPI removes many API restrictions when true.
+* For debugging only, a new global $wgDebugAPI removes many API restrictions
+ when true.
Never use on the production servers, as this flag introduces security holes.
Whenever enabled, a warning will also be added to all output.
-* ApiModuleManager now handles all submodules (actions,props,lists) and instantiation
+* ApiModuleManager now handles all submodules (actions,props,lists) and
+ instantiation
* Query stores prop/list/meta as submodules
-* ApiPageSet can now be used in any action to process titles/pageids/revids or any generator.
-* BREAKING CHANGE: ApiPageSet constructor now has two params instead of three, with only the
- first one keeping its meaning. ApiPageSet is now derived from ApiBase.
-* BREAKING CHANGE: ApiQuery::newGenerator() and executeGeneratorModule() were deleted.
+* ApiPageSet can now be used in any action to process titles/pageids/revids or
+ any generator.
+* BREAKING CHANGE: ApiPageSet constructor now has two params instead of three,
+ with only the first one keeping its meaning. ApiPageSet is now derived from
+ ApiBase.
+* BREAKING CHANGE: ApiQuery::newGenerator() and executeGeneratorModule() were
+ deleted.
* ApiQueryGeneratorBase::setGeneratorMode() now requires a pageset param.
* $wgAPIGeneratorModules is now obsolete and will be ignored.
* Added flags ApiResult::OVERRIDE and ADD_ON_TOP to setElement() and addValue()
were using it, you have to either copy it to your extension, or install the
Vector extension (and possibly disable its features using config settings if
you don't want them).
-* Experimental IBM DB2 support was removed due to lack of interest and maintainership
+* Experimental IBM DB2 support was removed due to lack of interest and
+ maintainership
* BREAKING CHANGE: Filenames of maintenance scripts were standardized into
lowerCamelCase format, and made more explicit:
- clear_stats.php -> clearCacheStats.php
This is a security and maintenance release of the MediaWiki 1.20 branch.
=== Changes since 1.20.5 ===
-* (bug 48306) SECURITY: Run file validation checks on chunked uploads, and chunks of upload, during the upload process.
-* (bug 44327) mediawiki.user: Use session ID instead of 1-year cross-session cookies
+* (bug 48306) SECURITY: Run file validation checks on chunked uploads, and
+ chunks of upload, during the upload process.
+* (bug 44327) mediawiki.user: Use session ID instead of 1-year cross-session
+ cookies
* (bug 47202) wikibits: FF2Fixes.css should not be loaded in Firefox 20.
* (bug 31044) Make ResourceLoader behave in read-only mode
This is a security and maintenance release of the MediaWiki 1.20 branch.
=== Changes since MediaWiki 1.20.2 ===
-* New preference type - 'api'. Preferences of this type are not shown on Special:Preferences, but are still available via the action=options API. (Unbreaks MLEB.)
+* New preference type - 'api'. Preferences of this type are not shown on
+ Special:Preferences, but are still available via the action=options API.
+ (Unbreaks MLEB.)
* (bug 44010) Context is passed to UserGetLanguageObject.
* The recursion guard on RequestContext::getLanguage() was weakened.
* (bug 40585) Don't drop 'step="any"' in HTML input fields.
* (bug 44024) Fixed problems in ObjectCache when using XCache.
* (bug 44010) FauxRequest leaked cookie data from primary request.
* (bug 44135/bug 42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST
-* (bug 43518) API action=unblock should return the user name, not the full user object
+* (bug 43518) API action=unblock should return the user name, not the full user
+ object
* (bug 45355) Prevent read of arbitrary files through mwdoc-filter.php
== MediaWiki 1.20.2 ==
=== Changes since MediaWiki 1.20.1 ===
* (bug 42638) Fix API action=options&reset=1 & unit tests.
-* (bug 42370) Fixed backport of 60cc060 to use mDoneWrites — caused * (bug 42592) User rights, preferences and other things are not saving in 1.20.1.
+* (bug 42370) Fixed backport of 60cc060 to use mDoneWrites — caused
+* (bug 42592) User rights, preferences and other things are not saving in
+ 1.20.1.
== MediaWiki 1.20.1 ==
This is a security release of the MediaWiki 1.20 branch
=== Configuration changes in 1.20 ===
* $wgGitRepositoryViewers defines a mapping from Git remote repository to the
Gitweb instance URL used in Special:Version.
-* `$wgUsePathInfo = true;` is no longer needed to make $wgArticlePath work on servers
- using like nginx, lighttpd, and apache over fastcgi. MediaWiki now always extracts
- path info from REQUEST_URI if it's available.
+* `$wgUsePathInfo = true;` is no longer needed to make $wgArticlePath work on
+ servers using like nginx, lighttpd, and apache over fastcgi. MediaWiki now
+ always extracts path info from REQUEST_URI if it's available.
* The user right 'upload_by_url' is no longer given to sysops by default.
This only affects installations which have $wgAllowCopyUploads set to true.
* Removed f-prot support from $wgAntivirusSetup.
* New variable $wgDBerrorLogTZ to provide dates in the error log in a
different timezone than the wiki timezone set by $wgLocaltimezone.
-* New variables $wgDBssl and $wgDBcompress to enable SSL and compression for database
- connections, if either are available for the selected DB type.
-* $wgUseCombinedLoginLink now defaults to false, making MediaWiki output separate
- login and create account links by default.
+* New variables $wgDBssl and $wgDBcompress to enable SSL and compression for
+ database connections, if either are available for the selected DB type.
+* $wgUseCombinedLoginLink now defaults to false, making MediaWiki output
+ separate login and create account links by default.
=== New features in 1.20 ===
-* Added TitleIsAlwaysKnown hook which gets called when determining if a page exists.
+* Added TitleIsAlwaysKnown hook which gets called when determining if a page
+ exists.
* Added NamespaceIsMovable hook which gets called when determining if pages in a
certain namespace can be moved.
-* Added SpecialPageBeforeExecute hook which gets called before SpecialPage::execute.
-* Added SpecialPageAfterExecute hook which gets called after SpecialPage::execute.
+* Added SpecialPageBeforeExecute hook which gets called before
+ SpecialPage::execute.
+* Added SpecialPageAfterExecute hook which gets called after
+ SpecialPage::execute.
* Added ORMTable, ORMRow and ORMResult classes for additional abstraction of
database interaction.
-* Added CacheHelper and associated SpecialCachedPage and CachedAction helper classes.
+* Added CacheHelper and associated SpecialCachedPage and CachedAction helper
+ classes.
* (bug 32341) Add upload by URL domain limitation.
-* &useskin=default will now always display the default skin. Useful for users with a
- preference for the non-default skin to look at something using the default skin.
+* &useskin=default will now always display the default skin. Useful for users
+ with a preference for the non-default skin to look at something using the
+ default skin.
* (bug 27619) Remove preference option to display broken links as link?
* (bug 34896) jQuery JSON plugin upgraded to v2.3 (2011-09-17).
* (bug 34302) Add CSS classes to email fields in user preferences.
-* Introduced $wgDebugDBTransactions to trace transaction status (currently PostgreSQL only).
+* Introduced $wgDebugDBTransactions to trace transaction status (currently
+ PostgreSQL only).
* (bug 23795) Add parser itself to ParserMakeImageParams hook.
* Introduce a cryptographic random number generator source api for use when
generating various tokens.
-* (bug 30963) Option on Special:Prefixindex and Special:Allpages to not show redirects.
+* (bug 30963) Option on Special:Prefixindex and Special:Allpages to not show
+ redirects.
* (bug 18062) New message when edit or create the local page of a shared file.
* (bug 22870) Separate interface message when creating a page.
* (bug 17615) nosummary option should be reassigned on preview/captcha.
* (bug 34355) Add a variable and parser function for the namespace number.
-* (bug 35649) Special:Version now shows hashes of extensions checked out from git.
+* (bug 35649) Special:Version now shows hashes of extensions checked out from
+ git.
* (bug 35728) Git revisions are now linked on Special:Version.
* "Show Changes" on default messages shows now diff against default message text
* (bug 23006) create #speciale parser function.
* generateSitemap can now optionally skip redirect pages.
* (bug 27757) New API command just for retrieving tokens (not page-based).
-* Added GitViewers hook for extensions using external git repositories to have a web-based
- repository viewer linked to from Special:Version.
+* Added GitViewers hook for extensions using external git repositories to have a
+ web-based repository viewer linked to from Special:Version.
* Memcached debug logs can now be sent to their own file logs by setting
$wgDebugLogFile['memcached'] to some filepath.
* (bug 35685) api.php URL and other entry point URLs are now listed on
* Added $wgLogExceptionBacktrace, on by default, to allow logging of exception
backtraces.
* Added device detection for determining device capabilities.
-* QUnit.newMwEnvironment now supports passing a custom setup and/or teardown function.
- Arguments signature has changed. First arguments is now an options object of which
- 'config' can be a property. Previously 'config' itself was the first and only argument.
+* QUnit.newMwEnvironment now supports passing a custom setup and/or teardown
+ function. Arguments signature has changed. First arguments is now an options
+ object of which 'config' can be a property. Previously 'config' itself was the
+ first and only argument.
* New getCreator and getOldestRevision methods added to WikiPage class
* (bug 4220) the XML dump format schema now have unique identity constraints
for page and revision identifiers. Patch by Elvis Stansvik.
-* cleanupSpam.php now can delete spam pages if --delete was specified instead of blanking
- them.
-* Added new hook ChangePasswordForm to allow adding of additional fields in Special:ChangePassword
+* cleanupSpam.php now can delete spam pages if --delete was specified instead of
+ blanking them.
+* Added new hook ChangePasswordForm to allow adding of additional fields in
+ Special:ChangePassword
* Added new function getDomain to AuthPlugin for getting a user's domain
* (bug 23427) New magic word {{PAGEID}} which gives the current page ID.
Will be null on previewing a page being created.
tags with class "mw-watched". Instead, each line now has a class
"mw-changeslist-line-watched" or "mw-changeslist-line-not-watched", and the
title itself is surrounded by <span></span> tags with class "mw-title".
-* Added ContribsPager::reallyDoQuery hook allowing extensions to data to MyContribs
+* Added ContribsPager::reallyDoQuery hook allowing extensions to data to
+ MyContribs
* Added new hook ParserAfterParse to allow extensions to affect parsed output
after the parse is complete but before block level processing, link holder
replacement, and so on.
-* (bug 34678) Added InternalParseBeforeSanitize hook which gets called during Parser's
- internalParse method just before the parser removes unwanted/dangerous HTML tags.
-* Added new hook AfterFinalPageOutput to allow modifications to buffered page output before sent
- to the client.
+* (bug 34678) Added InternalParseBeforeSanitize hook which gets called during
+ Parser's internalParse method just before the parser removes
+ unwanted/dangerous HTML tags.
+* Added new hook AfterFinalPageOutput to allow modifications to buffered page
+ output before sent to the client.
* (bug 36783) Implement jQuery Promise interface in mediawiki.api module.
* Make dates in sortable tables sort according to the page content language
instead of the site content language
* (bug 37926) Deleterevision will no longer allow users to delete log entries,
the new deletelogentry permission is required for this.
-* (bug 14237) Allow PAGESINCATEGORY to distinguish between 'all', 'pages', 'files'
- and 'subcats'
+* (bug 14237) Allow PAGESINCATEGORY to distinguish between 'all', 'pages',
+ 'files' and 'subcats'
* (bug 38362) Make Special:Listuser includeable on wiki pages.
* Added support in jquery.localize for placeholder attributes.
* (bug 38151) Implemented mw.user.getRights for getting and caching the current
* HTMLForm mutators can now be chained (they return $this)
* A new message, "api-error-filetype-banned-type", is available for formatting
API upload errors due to the file extension blacklist.
-* New hook 'ParserTestGlobals' allows to set globals before running parser tests.
+* New hook 'ParserTestGlobals' allows to set globals before running parser
+ tests.
* Allow importing pages as subpage.
* Add lang and hreflang attributes to language links on Login page.
* (bug 22749) Create Special:MostInterwikis.
-* Show change tags when transclude Special:Recentchanges(linked) or Special:Newpages.
-* (bug 23226) Add |class= parameter to image links in order to add class(es) to HTML img tag.
+* Show change tags when transclude Special:Recentchanges(linked) or
+ Special:Newpages.
+* (bug 23226) Add |class= parameter to image links in order to add class(es) to
+ HTML img tag.
* (bug 39431) SVG animated status is now shown in long description.
* (bug 39376) jquery.form upgraded to 3.14.
* SVG files will now show the actual width in the SVG's specified units
* Added ResourceLoader module "jquery.jStorage" (v0.3.0, http://jStorage.info/).
* (bug 39273) Added AJAX support for "Show changes" (diff) in LivePreview.
* Added ResourceLoader module "jquery.badge".
-* mw.util.$content now points to the overall content area in the skin rather than just
- page text content area. If you need the old behavior please use $( '#mw-content-text').
-* jsMessage has been replaced with a floating bubble notification system complete
- with auto-hide, multi-message support, and message replacement tags.
+* mw.util.$content now points to the overall content area in the skin rather
+ than just page text content area. If you need the old behavior please use
+ $( '#mw-content-text').
+* jsMessage has been replaced with a floating bubble notification system
+ complete with auto-hide, multi-message support, and message replacement tags.
* jquery.messageBox which appears to be unused by both core and extensions has
been removed.
* (bug 34939) Made link parsing insensitive ([HttP://]).
* (bug 35894): Reports of secret key generation "hanging" on windows
This is probably a bug that has been fixed in PHP. If you run
into this, try upgrading your PHP.
-* (bug 38334): PHP Notice: Undefined index: href in /www/w/skins/Vector.php on line 416
+* (bug 38334): PHP Notice: Undefined index: href in /www/w/skins/Vector.php on
+ line 416
We think this is a problem in some extension. If you see this,
try disabling your extensions and check out the logging patch on
this bug. Or try this patch:
<https://gerrit.wikimedia.org/r/#/c/27937/1/skins/Vector.php>
-* (bug 39268): [Regression] Toolbar inserts in main textarea only (instead of the focussed textarea)
+* (bug 39268): [Regression] Toolbar inserts in main textarea only (instead of
+ the focussed textarea)
This should only be an issue if you are using the ProofreadPage
extension.
* (bug 40641): Clicking "others" in Special:Version asks to download a file
CREDITS file with text/plain MIME type to fix it.
=== Bug fixes in 1.20 ===
-* (bug 40939): [Regression] InfoAction: Call to a member function getUserText() on a non-object
-* (bug 40780): searchsuggest-containing line ("containing...") doesn't include the entered text
+* (bug 40939): [Regression] InfoAction: Call to a member function getUserText()
+ on a non-object
+* (bug 40780): searchsuggest-containing line ("containing...") doesn't include
+ the entered text
* (bug 37714): [Regression] Incomplete log entries
* (bug 27202): API: Add timestamp sort to list=allimages
* (bug 30245) Use the correct way to construct a log page title.
* (bug 32210) New edit emails for watched pages always provide a link to the
edit which triggered the mail.
* (bug 12021) Added user talk link on Special:Listusers.
-* (bug 34445) section edit and TOC hide/show links are excluded from selection and
- copy/paste on supporting browsers.
+* (bug 34445) section edit and TOC hide/show links are excluded from selection
+ and copy/paste on supporting browsers.
* (bug 34428) Fixed incorrect hash mismatch errors in the DiffHistoryBlob
history compression method.
* (bug 34702) Localised parentheses are now used in more special pages.
-* (bug 34723) When editing a script page on a RTL wiki the textbox should be LTR.
-* (bug 34762) Calling close() on a DatabaseBase object now clears the connection.
-* (bug 34863) Show deletion log extract on non-existent file pages if applicable.
+* (bug 34723) When editing a script page on a RTL wiki the textbox should be
+ LTR.
+* (bug 34762) Calling close() on a DatabaseBase object now clears the
+ connection.
+* (bug 34863) Show deletion log extract on non-existent file pages if
+ applicable.
* (bug 28019) Let ?preloadtitle=foo be passed on to target of
Special:MyPage and Special:MyTalk.
* (bug 34929) Show the correct diff when a section edit is rejected by the spam
Subversion when invoked with the --modified option.
* (bug 35069) On history pages, the " . . " separator after the number of
characters changed in a revision is now suppressed if no text would follow.
-* (bug 18704) Add a unique CSS class or ID to the tagfilter table row at RecentChanges
+* (bug 18704) Add a unique CSS class or ID to the tagfilter table row at
+ RecentChanges
* (bug 33564) transwiki import sometimes result in invalid title.
-* (bug 35572) Blocks appear to succeed even if query fails due to wrong DB structure
+* (bug 35572) Blocks appear to succeed even if query fails due to wrong DB
+ structure
* (bug 31757) Add a word-separator between help-messages in HTMLForm
* (bug 30410) Removed deprecated $wgFilterCallback and the 'filtered' API error.
* (bug 32604) Some messages needs escaping of wikitext inside username.
-* (bug 36537) Rename wfArrayToCGI to wfArrayToCgi for consistency with wfCgiToArray.
+* (bug 36537) Rename wfArrayToCGI to wfArrayToCgi for consistency with
+ wfCgiToArray.
* (bug 25946) The message on the top of Special:RecentChanges is now displayed
in user language instead of content language.
* (bug 35264) Wrong type used for <ns> in export.xsd
* (bug 38953) --memory-limit switch not working for runJobs.php.
* (bug 33037) Make subpage of Special:newfiles control how many files
are returned, like in previous versions.
-* (bug 36524) "Show" options on Special:RecentChanges and Special:RecentChangesLinked
- are now remembered between successive clicks.
+* (bug 36524) "Show" options on Special:RecentChanges and
+ Special:RecentChangesLinked are now remembered between successive clicks.
* (bug 26069) Page title is no longer "Error" for all error pages.
* (bug 39297) Show warning if thumbnail of animated image will not be animated.
* (bug 38249) Parser will throw an exception instead of outputting gibberish if
* (bug 30390) Suggested file name on Special:Upload should not contain
illegal characters.
* EXIF below sea level GPS altitude data is now shown correctly.
-* (bug 39284) jquery.tablesorter should not consider "."" or "?"" to be a currency.
-* (bug 39273) "Show changes" should not be incorrectly displayed in the Live Preview state.
+* (bug 39284) jquery.tablesorter should not consider "."" or "?"" to be a
+ currency.
+* (bug 39273) "Show changes" should not be incorrectly displayed in the Live
+ Preview state.
* Made body-content lang attribute honor the variant language when it is set.
-* (bug 36761) "Mark pages as visited" now submits previously established filter options.
+* (bug 36761) "Mark pages as visited" now submits previously established filter
+ options.
* (bug 39635) PostgreSQL LOCK IN SHARE MODE option is a syntax error.
-* (bug 36329) Accesskey tooltips for Firefox 14 on Mac should use "ctrl-option-" prefix.
+* (bug 36329) Accesskey tooltips for Firefox 14 on Mac should use "ctrl-option-"
+ prefix.
* (bug 32552) Drop unused database field cat_hidden from table category.
* (bug 24502) Do not allow multiple language links to the same language.
* (bug 40214) Category pages no longer use deprecated "width" HTML attribute.
* (bug 39941) Add missing stylesheets to the installer pages
* In HTML5 mode, allow new input element types values (such as color, range..)
* (bug 36151) mw.Title: Don't limit extension in title parsing.
-* (bug 38158) jquery.byteLimit sometimes causes an unexpected 0 maxLength being enforced.
-* (bug 38163) jquery.byteLimit incorrectly limits input when using methods other than
- basic per-char typing.
+* (bug 38158) jquery.byteLimit sometimes causes an unexpected 0 maxLength being
+ enforced.
+* (bug 38163) jquery.byteLimit incorrectly limits input when using methods other
+ than basic per-char typing.
* (bug 34495) patrol log now credit the user patrolling (instead of patrolled
user).
* (bug 31676) ResourceLoader should work around IE stylesheet limit.
-* (bug 40498) ResourceLoader should not output an empty "@media print { }" block.
-* (bug 40500) ResourceLoader should not ignore media-type for urls in debug mode.
+* (bug 40498) ResourceLoader should not output an empty "@media print { }"
+ block.
+* (bug 40500) ResourceLoader should not ignore media-type for urls in debug
+ mode.
* (bug 40660) ResourceLoaderWikiModule should not convert " " to a space
for pages from the MediaWiki-namespace.
* (bug 40329) (bug 40632) Removed CleanupPresentationalAttributes feature.
* (bug 32492) API now allows editing using pageid.
* (bug 32497) API now allows changing of protection level using pageid.
* (bug 32498) API now allows comparing pages using pageids.
-* (bug 30975) API import of pages with invalid characters in this wiki leads to Fatal Error.
-* (bug 30488) API now allows listing of backlinks/embeddedin/imageusage per pageid.
+* (bug 30975) API import of pages with invalid characters in this wiki leads to
+ Fatal Error.
+* (bug 30488) API now allows listing of backlinks/embeddedin/imageusage per
+ pageid.
* (bug 34927) Output media_type for list=filearchive.
* (bug 28814) add properties to output of action=parse.
* (bug 33224) add variants of content language to meta=siteinfo.
-* (bug 32643) action=purge with forcelinkupdate no longer crashes when ratelimit is reached.
+* (bug 32643) action=purge with forcelinkupdate no longer crashes when ratelimit
+ is reached.
* The paraminfo module now also contains result properties for most modules.
* (bug 32348) Allow descending order for list=alllinks.
* (bug 31777) Upload unknown error ``fileexists-forbidden''.
* (bug 32382) Allow descending order for list=iwbacklinks.
-* (bug 32381) Allow descending order for list=backlinks, list=embeddedin and list=imageusage.
+* (bug 32381) Allow descending order for list=backlinks, list=embeddedin and
+ list=imageusage.
* (bug 32383) Allow descending order for list=langbacklinks.
* API meta=siteinfo can now return the list of known variable IDs.
-* (bug 35980) list=deletedrevs now honors drdir correctly in "all" mode (mode #3).
+* (bug 35980) list=deletedrevs now honors drdir correctly in "all" mode
+ (mode #3).
* (bug 29290) API avoids mangling fields in continuation parameters
* (bug 36987) API avoids mangling fields in continuation parameters
-* (bug 30836) siteinfo prop=specialpagealiases will no longer return nonexistent special pages
+* (bug 30836) siteinfo prop=specialpagealiases will no longer return nonexistent
+ special pages
* (bug 38190) Add "required" flag to some token params for hint in api docs.
* (bug 27567) Add file repo support to prop=duplicatefiles.
* (bug 27610) Add archivename for non-latest image version to list=filearchive
* (bug 38231) Add xml parse tree to action=parse.
-* Watchlist notification timestamp may be queried by page and may be updated via the API.
+* Watchlist notification timestamp may be queried by page and may be updated via
+ the API.
* (bug 38904) prop=revisions&rvstart=... no longer blows up when continuing.
* (bug 39032) ApiQuery generates help in constructor.
* (bug 11142) Improve file extension blacklist error reporting in API upload.
-* (bug 39665) List of query generators is now not built using reflection, instead it is
- defined in code.
+* (bug 39665) List of query generators is now not built using reflection,
+ instead it is defined in code.
* (bug 35993) Deprecated gettoken parameter - support will be removed in 1.22.
=== Languages updated in 1.20 ===
* OutputPage::wrapWikiMsg() no longer supports the 'options' parameter. It was
not used and complicated migration to Message class.
* Live preview functionality has been improved and moved into the
- 'mediawiki.action.edit.preview' module. The old 'mediawiki.legacy.preview' module
- has been removed.
+ 'mediawiki.action.edit.preview' module. The old 'mediawiki.legacy.preview'
+ module has been removed.
* (bug 40448) Removed mediawiki.legacy.mwsuggest module, and removed the
following that has become obsolete:
- globals $wgEnableMWSuggest and $wgMWSuggestTemplate.
=== Changes since 1.19.20 ===
* (bug 67440) Allow classes to be registered properly from installer.
-* (bug 47281) Fixed a dumpBackup.php error with --uploads --include-filesoptions: Unable to find the wrapper "mwstore". * System administrators are encouraged to upgrade to this release or 1.22+ and produce a full data dump. https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Backing_up_a_wiki
-* (bug 63049) Removed anonymous functions from ApiFormatBase, added in1.19.13 as part of the fix for bug 61362, for PHP 5.2 compatibility.
+* (bug 47281) Fixed a dumpBackup.php error with --uploads
+ --include-filesoptions: Unable to find the wrapper "mwstore".
+* System administrators are encouraged to upgrade to this release or 1.22+ and
+ produce a full data dump.
+ https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Backing_up_a_wiki
+* (bug 63049) Removed anonymous functions from ApiFormatBase, added in1.19.13 as
+ part of the fix for bug 61362, for PHP 5.2 compatibility.
== MediaWiki 1.19.20 ==
This is a security release of the MediaWiki 1.19 branch.
=== Changes since 1.19.19 ===
-* (bug 70672) SECURITY: OutputPage: Remove separation of css and js module allowance.
+* (bug 70672) SECURITY: OutputPage: Remove separation of css and js module
+ allowance.
== MediaWiki 1.19.19 ==
This is a security release of the MediaWiki 1.19 branch.
=== Changes since 1.19.18 ===
-* (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style> elements; normalize style elements and attributes before filtering; add checks for attributes that contain css; add unit tests for html5sec and reported bugs.
+* (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style>
+ elements; normalize style elements and attributes before filtering; add checks
+ for attributes that contain css; add unit tests for html5sec and reported
+ bugs.
== MediaWiki 1.19.18 ==
This is a security release of the MediaWiki 1.19 branch.
=== Changes since 1.19.17 ===
* (bug 68187) SECURITY: Prepend jsonp callback with comment.
-* (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and ParserOutput.
+* (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and
+ ParserOutput.
== MediaWiki 1.19.17 ==
This is a security and maintenance release of the MediaWiki 1.19 branch.
=== Changes since 1.19.16 ===
* (bug 65839) SECURITY: Prevent external resources in SVG files.
-* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like only extracting the tail of the file partially or not at all.
+* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like
+ only extracting the tail of the file partially or not at all.
== MediaWiki 1.19.16 ==
This is a security release of the MediaWiki 1.19 branch.
=== Changes since 1.19.15 ===
-* (bug 65501) SECURITY: Don't parse usernames as wikitext on Special:PasswordReset.
+* (bug 65501) SECURITY: Don't parse usernames as wikitext on
+ Special:PasswordReset.
== MediaWiki 1.19.15 ==
This is a security and maintenance release of the MediaWiki 1.19 branch.
=== Changes since 1.19.14 ===
Fixed resetting passwords.
-* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to appear blank or with missing text.
+* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to
+ appear blank or with missing text.
== MediaWiki 1.19.14 ==
This is a security and maintenance release of the MediaWiki 1.19 branch.
This is a security release of the MediaWiki 1.19 branch.
=== Changes since 1.19.11 ===
-* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. * User will get an error including the namespace name if they use a non- whitelisted namespace.
-* (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time.
+* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted
+ namespaces. Also disallow iframe elements. * User will get an error including
+ the namespace name if they use a non- whitelisted namespace.
+* (bug 61346) SECURITY: Make token comparison use constant time. It seems like
+ our token comparison would be vulnerable to timing attacks. This will take
+ constant time.
== MediaWiki 1.19.11 ==
This is a security release of the MediaWiki 1.19 branch.
=== Changes since 1.19.10 ===
-* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media formats
+* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media
+ formats
== MediaWiki 1.19.10 ==
This is a security release of the MediaWiki 1.19 branch.
This is a security release of the MediaWiki 1.19 branch
=== Changes since 1.19.6 ===
-* (bug 48306) SECURITY: Run file validation checks on chunked uploads, and chunks of upload, during the upload process.
+* (bug 48306) SECURITY: Run file validation checks on chunked uploads, and
+ chunks of upload, during the upload process.
== MediaWiki 1.19.6 ==
2013-04-30
=== Changes since 1.19.5 ===
* (bug 47304) SECURITY: Check SVG xml encoding against whitelist
-* (bug 46590) Added AbortChangePassword hook to allow extensions to abort password changes from Special:ChangePassword
+* (bug 46590) Added AbortChangePassword hook to allow extensions to abort
+ password changes from Special:ChangePassword
* Localisation updates from http://translatewiki.net.
* mwdocgen.php: Implement --version option.
* Remove svnstat stuff used in Doxygen generation
This is a security release of the MediaWiki 1.19 branch
=== Changes since 1.19.3 ===
-* New preference type - 'api'. Preferences of this type are not shown on Special:Preferences, but are still available via the action=options API.
+* New preference type - 'api'. Preferences of this type are not shown on
+ Special:Preferences, but are still available via the action=options API.
* (bug 44010) Context is passed to UserGetLanguageObject.
* The recursion guard on RequestContext::getLanguage() was weakened.
* (bug 44135/bug 42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST
-* (bug 43518) API action=unblock should return the user name, not the full user object
+* (bug 43518) API action=unblock should return the user name, not the full user
+ object
== MediaWiki 1.19.3 ==
2012-11-30
=== Changes since 1.19.2 ===
* (bug 40995) Prevent session fixation in Special:UserLogin (CVE-2012-5391)
* (bug 41400) Prevent linker regex from exceeding PCRE backtrack limit
-* Increase permitted runtime for testParserTest (only used for continuous integration).
+* Increase permitted runtime for testParserTest (only used for continuous
+ integration).
* Updated messages translations from http://translatewiki.net/
== MediaWiki 1.19.2 ==
* (bug 34889) User name should be normalized on Special:Contributions
* (bug 35051) If heading has a trailing space after == then its name is not
preloaded into edit summary on section edit
-* (bug 31417) New ID mw-content-text around the actual page text, without categories,
- contentSub, ... The same div often also contains the class mw-content-ltr/rtl.
+* (bug 31417) New ID mw-content-text around the actual page text, without
+ categories, contentSub, ... The same div often also contains the class
+ mw-content-ltr/rtl.
* (bug 35303) Proxy and DNS blacklist blocking works again
* (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in
core parser functions which operate on strings, such as padleft.
inside a heading.
* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token
parameter present.
-* (bug 34907) Fixed exposure of tokens through load.php that could have facilitated
- CSRF attacks.
+* (bug 34907) Fixed exposure of tokens through load.php that could have
+ facilitated CSRF attacks.
* (bug 35317) CSRF in Special:Upload.
=== Configuration changes in 1.19 ===
converted to css.
* (bug 31297) Add support for namespaces in Special:RecentChanges subpage filter
syntax.
-* The default user signature now contains a talk link in addition to the user link.
+* The default user signature now contains a talk link in addition to the user
+ link.
* (bug 25306) Add link of old page title to MediaWiki:Delete_and_move_reason.
* Added hook BitmapHandlerCheckImageArea.
* (bug 30062) Add $wgDBprefix option to cli installer.
containing HTML or JS. DISABLING THESE CHECKS IS VERY DANGEROUS.
* New path mappings can be added using the WebRequestPathInfoRouter hook
and adding paths to the PathRouter.
-* (bug 32666) Special:ActiveUsers now allows a subpage to be used as value for the
- "target" query parameter (eg. Special:ActiveUsers/Username).
+* (bug 32666) Special:ActiveUsers now allows a subpage to be used as value for
+ the "target" query parameter (eg. Special:ActiveUsers/Username).
* New JavaScript variable wgPageContentLanguage.
* Added new debugging toolbar, enabled with $wgDebugToolbar.
* Differences in the history page now uses slightly better colors for people
* (bug 32512) Add 'Associated namespace' checkbox to Special:Contributions.
* Added $wgSend404Code, true by default, which can be set to false to send a
200 status code instead of 404 for nonexistent articles.
-* (bug 33447) Link to the broken image tracking category from Special:Wantedfiles.
+* (bug 33447) Link to the broken image tracking category from
+ Special:Wantedfiles.
* (bug 27724) Add timestamp to job queue.
-* (bug 30339) Implement SpecialPage for running javascript tests. Disabled by default, due to
- tests potentially being harmful, not to be run on a production wiki.
- Enable by setting $wgEnableJavaScriptTest to true.
+* (bug 30339) Implement SpecialPage for running javascript tests. Disabled by
+ default, due to tests potentially being harmful, not to be run on a production
+ wiki. Enable by setting $wgEnableJavaScriptTest to true.
* Extensions can use the RequestContextCreateSkin hook to override what skin is
loaded in some contexts.
* (bug 33456) Show $wgQueryCacheLimit on cached query pages.
* (bug 10574) Add an option to allow all pages to be exported by Special:Export.
-* mediawiki.js Message object constructor is now publicly available as mw.Message.
+* mediawiki.js Message object constructor is now publicly available as
+ mw.Message.
* (bug 29309) Allow CSS class per tooltip (tipsy).
* (bug 33565) Add accesskey/tooltip to submit buttons on Special:EditWatchlist.
* (bug 17959) Inline rendering/thumbnailing for Gimp XCF images.
until the second was introduced in 1.17.
* BREAKING CHANGE: Style rules for wikitable are now more specific and prevent
inheritance to nested tables which caused various issues (bug 30485 and bug
- 33434). If your wiki has overridden rules for ".wikitable", please revise them and
- adjust where necessary. For comparison, use the "table.wikitable" section in
- skins/common/shared.css as base.
+ 33434). If your wiki has overridden rules for ".wikitable", please revise them
+ and adjust where necessary. For comparison, use the "table.wikitable" section
+ in skins/common/shared.css as base.
* $wgUploadNavigationUrl is now used for file redlinks if
$wgUploadMissingFileUrl is not set. The former was used for this until the
second was introduced in 1.17.
* Show --batch-size option in help of maintenance scripts that support it.
* (bug 4381) Magic quotes cleaning was not comprehensive, key strings were not
unescaped.
-* (bug 23057) Importers no longer can 'edit' or 'create' a fully-protected page by
- importing a new revision into it.
+* (bug 23057) Importers no longer can 'edit' or 'create' a fully-protected page
+ by importing a new revision into it.
* Allow moving the associated talk pages of subpages even if the base page
has no subpage.
* Per page edit-notices now work in namespaces without subpages enabled.
* (bug 30368) Special:Newpages now shows the new page name for moved pages.
* (bug 1697) The way to search blocked usernames in block log should be clearer.
* (bug 29747) eAccelerator shared memory caching has been removed since it is
- now disabled by default and is buggy. APC, XCache and WinCache are not affected.
+ now disabled by default and is buggy. APC, XCache and WinCache are not
+ affected.
* Installer now refuses to install if php was not compiled with Ctype support.
* (bug 29475) Remove "trackback" feature entirely from core.
* (bug 32665) Special:BlockList prefills the username in the input field if
* Files with IPTC blocks we can't read no longer prevent extraction of exif
or other metadata.
* (bug 33587) Remove action "historysubmit" from history pages.
-* (bug 25800) mw.config wgAction should contain the actually performed action instead
- of whatever the query value contains.
+* (bug 25800) mw.config wgAction should contain the actually performed action
+ instead of whatever the query value contains.
* (bug 4438) Add CSS hook for current WikiPage action.
-* (bug 33703) Common border-bottom color for <abbr> should inherit default (text) color.
+* (bug 33703) Common border-bottom color for <abbr> should inherit default
+ (text) color.
* (bug 33819) Display file sizes in appropriate units.
-* (bug 32948) {{REVISIONID}} and related variables are no longer blank after doing
- a null edit.
-* (bug 33880) $wgUsersNotifiedOnAllChanges should not send e-mail to user who made
- the edit.
+* (bug 32948) {{REVISIONID}} and related variables are no longer blank after
+ doing a null edit.
+* (bug 33880) $wgUsersNotifiedOnAllChanges should not send e-mail to user who
+ made the edit.
* (bug 33902) Decoding %2B with mw.Uri.decode results in ' ' instead of +.
* (bug 33762) QueryPage-based special pages no longer misses *-summary message.
-* Other sizes links are no longer generated for wikis without a 404 thumbnail handler.
+* Other sizes links are no longer generated for wikis without a 404 thumbnail
+ handler.
* (bug 29454) Enforce byteLimit for page title input on Special:MovePage.
* (bug 34114) CSSMin::remap() doesn't respect its $embed parameter.
-* Special:Contributions/newbies now shows the contributions for the user "newbies".
- New user contributions are obtained using the form or using ?contribs=newbie in URL.
-* It is now possible to delete images that have no corresponding description pages.
+* Special:Contributions/newbies now shows the contributions for the user
+ "newbies". New user contributions are obtained using the form or using
+ ?contribs=newbie in URL.
+* It is now possible to delete images that have no corresponding description
+ pages.
* (bug 33165) GlobalFunctions.php line 1312: Call to a member function
getText() on a non-object.
* (bug 31676) Group dynamically inserted CSS into a single <style> tag, to work
around a bug where not all styles were applied in Internet Explorer.
-* (bug 28936, bug 5280) Broken or invalid titles can't be removed from watchlist.
+* (bug 28936, bug 5280) Broken or invalid titles can't be removed from
+ watchlist.
* (bug 34600) Older skins using useHeadElement=false were broken in 1.18.
* (bug 34604) [mw.config] wgActionPaths should be an object instead of a numeral
array.
[[Special:WhatLinksHere/Example]]
=== API changes in 1.19 ===
-* Made action=edit less likely to return "unknownerror", by returning the actual error
- message (which may have come from a hook call or similar).
+* Made action=edit less likely to return "unknownerror", by returning the actual
+ error message (which may have come from a hook call or similar).
* (bug 19838) siprop=interwikimap can now use the interwiki cache.
* (bug 29748) Add API search prefix support.
* (bug 29684) Set forgotten parameter types in ApiQueryIWLinks.
* jquery.mwPrototypes module was renamed to jquery.mwExtension.
* The maintenance script populateSha1.php was renamed to the more concise
populateImageSha1.php.
-* The Client-IP header is no longer checked for when trying to resolve a client's
- real IP address.
-* (bug 22096) Although IE5.x and below was already unsupported officially, stylesheets
- existing exclusively for IE5.0 and IE5.5 have now been removed (which were in skins
- 'chick' and 'monobook').
+* The Client-IP header is no longer checked for when trying to resolve a
+ client's real IP address.
+* (bug 22096) Although IE5.x and below was already unsupported officially,
+ stylesheets existing exclusively for IE5.0 and IE5.5 have now been removed
+ (which were in skins 'chick' and 'monobook').
* The constructor for CategoryView has changed, the second parameter is now a
Context source and is required.
* The Title::escape{Local,Full,Canonical}URL methods are deprecated, please use
proper html building methods to escape the normal get{...}URL methods instead.
* The $variant arguments in the Title::get{Local,Full,Link,Canonical}URL methods
have been replaced with a secondary query argument.
-* The $variant argument in the hooks for the Title::get{Local,Full,Link,Canonical}URL
- methods have been removed, the variant is now part of the $query argument.
+* The $variant argument in the hooks for the
+ Title::get{Local,Full,Link,Canonical}URL methods have been removed, the
+ variant is now part of the $query argument.
* Removed Title::isValidCssJsSubpage(), deprecated since 1.17 in favor of
using Title::isCssJsSubpage() or checking Title::isWrongCaseCssJsPage().
* Support for the deprecated hook MagicWordMagicWords was removed.
* The Xml::namespaceSelector method has been deprecated, please use
Html::namespaceSelector instead (note that the parameters have changed also).
-* (bug 33746) Preload popular ResourceLoader modules (mediawiki.util) as stop-gap
- for scripts missing dependencies.
- New configuration variable $wgPreloadJavaScriptMwUtil has been introduced for this
- (set to false by default for new installations). Set to true if your wiki has a large
- amount of user/site scripts that are lacking dependency information. In the short to
- medium term these user/site scripts should be fixed by adding the used modules to the
- dependencies in the module registry and/or wrapping them in a callback to mw.loader.using.
+* (bug 33746) Preload popular ResourceLoader modules (mediawiki.util) as
+ stop-gap for scripts missing dependencies.
+ New configuration variable $wgPreloadJavaScriptMwUtil has been introduced for
+ this (set to false by default for new installations). Set to true if your wiki
+ has a large amount of user/site scripts that are lacking dependency
+ information. In the short to medium term these user/site scripts should be
+ fixed by adding the used modules to the dependencies in the module registry
+ and/or wrapping them in a callback to mw.loader.using.
== MediaWiki 1.18 ==
=== Changes since 1.18.2 ===
* (bug 35446) Using "{{nse:}}" with an invalid namespace name no longer throws
a PHP warning.
-* (bug 35567) The whole password reminder e-mail is now sent in the same language.
+* (bug 35567) The whole password reminder e-mail is now sent in the same
+ language.
* (bug 35961) Hash comparison should always be strict.
* (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php
on line 598.
core parser functions which operate on strings, such as formatnum.
* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token
parameter present.
-* (bug 34907) Fixed exposure of tokens through load.php that could have facilitated
- CSRF attacks.
+* (bug 34907) Fixed exposure of tokens through load.php that could have
+ facilitated CSRF attacks.
* (bug 35317) CSRF in Special:Upload.
== MediaWiki 1.18.1 ==
This a maintenance and security release of the MediaWiki 1.18 branch.
=== Changes since 1.18.0 ===
-* (bug 32712) Fix for search indexing of pages with certain unicode chars following URL.
-* (bug 3901) Lang, hreflang attribs added to sidebar interlanguage links for screen readers.
+* (bug 32712) Fix for search indexing of pages with certain unicode chars
+ following URL.
+* (bug 3901) Lang, hreflang attribs added to sidebar interlanguage links for
+ screen readers.
* (bug 30774) mediawiki.html: Add support for numbers and booleans in the
attribute values and element contents.
* (bug 32473) [[Special:PasswordReset]] can not be used on private wiki.
* (bug 32853) Fixed CACHE_DBA object cache type.
-* (bug 32786) Backward compatibility for extension using 1.17's Database::newFromType().
+* (bug 32786) Backward compatibility for extension using 1.17's
+ Database::newFromType().
* Fixed exception when using Special:WhatLinksHere on a Media: file.
* (bug 32709) Private Wiki users were always taken to Special:Badtitle on login.
* (bug 33240) Sort images are missing but referenced in css.
* (bug 32702) Removed method Skin::makeGlobalVariablesScript() has been readded
for backward compatibility.
* (bug 30172) The check for posix_isatty() in maintenance scripts did not detect
- when the function exists but is disabled. Introduced Maintenance::posix_isatty().
+ when the function exists but is disabled. Introduced
+ Maintenance::posix_isatty().
* (bug 33305) Make mw.util.addCSS resistant to IE's @font-face bug by setting
cssText after DOM insertion.
-* (bug 29102) Upgrades no longer fail with the error "Unknown character set: 'mysql4'.
+* (bug 29102) Upgrades no longer fail with the error "Unknown character set:
+ 'mysql4'.
* (bug 25355) Parser generates edit section links for special pages.
-* (bug 33321) Adding a line to MediaWiki:Sidebar that contains a pipe, but doesn't
- have any pipes after being transformed by MessageCache, causes exception on
- all pages.
-* Fixed recentchanges FK violation on page delete and cache purge error in updater
- for Oracle DB.
-* (bug 33117) prop=revisions allows deleted text to be exposed through cache pollution.
+* (bug 33321) Adding a line to MediaWiki:Sidebar that contains a pipe, but
+ doesn't have any pipes after being transformed by MessageCache, causes
+ exception on all pages.
+* Fixed recentchanges FK violation on page delete and cache purge error in
+ updater for Oracle DB.
+* (bug 33117) prop=revisions allows deleted text to be exposed through cache
+ pollution.
== MediaWiki 1.18.0 ==
2011-11-24
Selected changes since MediaWiki 1.17 that may be of interest:
* Some of the more commonly used MediaWiki extensions are now included in the
- release tarball. These extensions are ConfirmEdit, Gadgets, Nuke, ParserFunctions,
- Renameuser, Vector and WikiEditor.
+ release tarball. These extensions are ConfirmEdit, Gadgets, Nuke,
+ ParserFunctions, Renameuser, Vector and WikiEditor.
-* Gender support has been improved, meaning user pages can display the correct gender
- variant of "User" can now be used.
+* Gender support has been improved, meaning user pages can display the correct
+ gender variant of "User" can now be used.
-* MediaWiki can now detect the camera orientation of an image from the Exif metadata, and
- can rotate the image thumbnail appropriately. Metadata support has been generally
- improved, and can now extract IPTC and XMP metadata.
+* MediaWiki can now detect the camera orientation of an image from the Exif
+ metadata, and can rotate the image thumbnail appropriately. Metadata support
+ has been generally improved, and can now extract IPTC and XMP metadata.
-* Improved directionality support in 1.18 means that MediaWiki is better to use for
- RTL users.
+* Improved directionality support in 1.18 means that MediaWiki is better to use
+ for RTL users.
-* MediaWiki now supports protocol - relative URLs in links, interwiki targets and $wgServer
+* MediaWiki now supports protocol - relative URLs in links, interwiki targets
+ and $wgServer
* Math support has been removed from core
=== Changes since 1.18.0rc1 ===
-* (bug 32228) regression in Special:Search which did not conserve profile on new search
+* (bug 32228) regression in Special:Search which did not conserve profile on
+ new search
* (bug 32460) Categories were improperly aligned in Simple and CologneBlue
* (bug 32412) TOC links on [[Special:EditWatchlist]] points to the fieldsets
* (bug 32582) Fix TOC show/hide link regression on IE 8
=== Changes since 1.18 beta 1 ===
-* (bug 31886) Wrong titles redirecting to Special:Badtitle in the 1.18 deployment.
+* (bug 31886) Wrong titles redirecting to Special:Badtitle in the 1.18
+ deployment.
* (bug 32051) Fix description for wlprop=sizes.
* (bug 31913) Special:MostLinkedTemplates had an incorrect GROUP BY clause
under Microsoft SQL.
* (bug 32100) installer complains about suhosin GET limit.
-* (bug 31933) fix 1.18 regression in Monobook sidebar: huge spacing between portlets
- on IE 7 and IE 8/9 in compatibility view.
+* (bug 31933) fix 1.18 regression in Monobook sidebar: huge spacing between
+ portlets on IE 7 and IE 8/9 in compatibility view.
* (bug 32126) Fix 1.18 regression in watchlist editor when items already removed
from watchlist.
* (bug 32183) remove the client-* classes added from user-agent-sniffing onto
* $wgProto has been removed. You now only need to set $wgServer to change the
URL protocol.
* $wgRateLimitsExcludedGroups (deprecated in 1.13) has been removed.
-* $wgInputEncoding and $wgOutputEncoding (deprecated in 1.5) have now been removed.
+* $wgInputEncoding and $wgOutputEncoding (deprecated in 1.5) have now been
+ removed.
* $wgAllowUserSkin (deprecated in 1.16) has now been removed.
* $wgExtraRandompageSQL (deprecated in 1.16) has now been removed.
* LogReader and LogViewer classes (deprecated in 1.14) have now been removed.
and the functionality has been moved to the relevant extensions. See
https://www.mediawiki.org/wiki/Extension:DublinCoreRdf and
https://www.mediawiki.org/wiki/Extension:CreativeCommonsRdf as appropriate.
-* (bug 21107) Split error "customcssjsprotected" into separate messages for JS and CSS
-* Removed $wgCheckCopyrightUpload from DefaultSettings, since the relevant feature
- was removed in about 1.5.
+* (bug 21107) Split error "customcssjsprotected" into separate messages for JS
+ and CSS
+* Removed $wgCheckCopyrightUpload from DefaultSettings, since the relevant
+ feature was removed in about 1.5.
* LogPageValidTypes, LogPageLogName, LogPageLogHeader and LogPageActionText
hooks have been removed.
* New hook "Collation::factory" to allow extensions to create custom
=== New features in 1.18 ===
* BREAKING CHANGE: action=watch / action=unwatch now requires a token.
* BREAKING CHANGE: Article class hierarchy split into WikiPage (backend)
- and Article (frontend) hierarchies. Several hooks now pass a WikiPage object instead
- of an Article object. These hooks all use an $article parameter as documented in hooks.txt.
- Extensions should be updated to account for this, though most won't require any changes.
+ and Article (frontend) hierarchies. Several hooks now pass a WikiPage object
+ instead of an Article object. These hooks all use an $article parameter as
+ documented in hooks.txt. Extensions should be updated to account for this,
+ though most won't require any changes.
* (bug 27860) Minor edit after clicking 'new section' tab
Now the "This is a minor edit" checkbox is not available when you
create a page or new section.
(maintenance/fixDoubleRedirects.php).
* (bug 23315) New body classes to allow easier styling of special pages.
* (bug 27159) Make email confirmation code expiration time configurable.
-* (bug 29047) CSS/JS for each user group is imported from MediaWiki:Group-sysop.js,
- MediaWiki:Group-autoconfirmed.css, etc.
+* (bug 29047) CSS/JS for each user group is imported from
+ MediaWiki:Group-sysop.js, MediaWiki:Group-autoconfirmed.css, etc.
* (bug 24230) Uploads of ZIP types, such as MS Office or OpenOffice can now be
safely enabled. A ZIP file reader was added which can scan a ZIP file for
potentially dangerous Java applets. This allows applets to be blocked
* (bug 29067) Expose user.tokens (like we do user.options) in ResourceLoader.
* New 'Debug' hook used by wfDebug() and wfDebugLog().
* (bug 27655) Require token for watching/unwatching pages)
-* (bug 28904) (bug 29773) Update jQuery version from 1.4.4 to 1.6.2 (the latest version)
+* (bug 28904) (bug 29773) Update jQuery version from 1.4.4 to 1.6.2 (the latest
+ version)
* (bug 29441) Expose CapitalLinks config in JS to allow modules to properly
handle titles on case-sensitive wikis.
* (bug 29397) Implement mw.Title module in core.
Suggests possible categories when typing, all saves are done via AJAX.
Supports editing of multiple categories and then saving them in one batch.
* $wgAutopromoteOnce was added, allowing for users to be automatically promoted
- to explicit usergroups. If a group is removed from a user via Special:UserRights,
- it will not automatically be re-added. Configuration is similar to
- $wgAutopromote (see DefaultSettings.php).
-* The PerformRetroactiveAutoblock hook was added to allow overriding or complementing
- retroactive autoblock handling. This runs when blocking a user with the 'autoblock' option.
+ to explicit usergroups. If a group is removed from a user via
+ Special:UserRights, it will not automatically be re-added. Configuration is
+ similar to $wgAutopromote (see DefaultSettings.php).
+* The PerformRetroactiveAutoblock hook was added to allow overriding or
+ complementing retroactive autoblock handling. This runs when blocking a user
+ with the 'autoblock' option.
* MediaWiki now supports using protocol-relative URLs in links, interwiki
targets and $wgServer.
* Introduced $wgVaryOnXFPForAPI which will cause the API to send
Vary: X-Forwarded-Proto headers.
-* New maintenance script to refresh image metadata (maintenance/refreshImageMetadata.php).
+* New maintenance script to refresh image metadata
+ (maintenance/refreshImageMetadata.php).
* (bug 16428) Include permalink in printable version.
* (bug 30722) Add an identity collation that sorts things based on what the
unicode code point is (aka pre-1.17 behavior).
values for preferences a hook has been introduced in User:getDefaultOptions().
Setting preferences in $wgDefaultUserOptions still work fine, but when reading
them (i.e. with array_keys) to get a list of all preferences, then
- $wgDefaultUserOptions should no longer be used as it will contain those set via
- User:getDefaultOptions().
+ $wgDefaultUserOptions should no longer be used as it will contain those set
+ via User:getDefaultOptions().
* (bug 30497) Add client-nojs and client-js classes on document element
to let styles easily hide or show things based on general JS availability.
* (bug 31293) If Special:Userlogin is loaded over HTTPS, display
MediaWiki:loginend-https instead of MediaWiki:loginend, if it's not empty.
Same for signupend on the account creation page.
-* (bug 31233) New OutputPage::addJsConfigVars() method to make the output page specific
- mw.config map extendable.
-* mw.util.wikiScript has been implemented (like wfScript in GlobalFunctions.php).
+* (bug 31233) New OutputPage::addJsConfigVars() method to make the output page
+ specific mw.config map extendable.
+* mw.util.wikiScript has been implemented (like wfScript in
+ GlobalFunctions.php).
=== Bug fixes in 1.18 ===
* (bug 27860) Minor edit after clicking 'new section' tab.
LTR/RTL screen layout.
* (bug 28992) Revision numbers in the patrol log are transformed in the user
language.
-* (bug 27073) ResourceLoaderDynamicStyles marker should be dynamically appended to
- the document head if it doesn't exist.
+* (bug 27073) ResourceLoaderDynamicStyles marker should be dynamically appended
+ to the document head if it doesn't exist.
* (bug 27023) After the document is ready, mw.loader is broken (calls callback
before module is parsed).
* (bug 4330) External URLs without a custom title should be treated as LTR,
* The class JpegOrTiffHandler was renamed ExifBitmapHandler.
* (bug 29443) Special:Undelete should use JavaScript to invert all checkboxes
instead of reloading the page.
-* (bug 29325) Setting $wgStrictFileExtensions to false no longer gives incorrect warning.
+* (bug 29325) Setting $wgStrictFileExtensions to false no longer gives incorrect
+ warning.
* (bug 29437) Multiple apostrophes in deleted article title cause odd rendering.
* (bug 29485) RSS feed of Special:RecentChange grouped together multiple
consecutive edits by same user in included diff, but then linked to
* Do not try to group together a page creation and edit in the RSS feed of RC.
* (bug 29342) Patrol preferences shouldn't be visible to users who don't have
patrol permissions.
-* (bug 29471) Exception no longer thrown for files with invalid date in metadata.
+* (bug 29471) Exception no longer thrown for files with invalid date in
+ metadata.
* (bug 29492) Long-running steps in the installer (such as Upgrade and Install)
no longer cause timeouts.
* (bug 29507) Change 'image link' to 'file link' in Special:Whatlinkshere.
* Use content language in formatting of dates in revertpage message
(rollback revert edit summary) and do not adjust for user timezone.
* (bug 29277) MediaWiki:Filepage.css is also shown on the local wiki
-* Make sure Backlink cache does not retrieve interwiki redirects when looking for
- redirects to a local page.
+* Make sure Backlink cache does not retrieve interwiki redirects when looking
+ for redirects to a local page.
* (bug 6100) Allow different directionality (LTR/RTL) for user interface
and wiki content, along with many other RTL and directionality improvements
(such as bugs 28030, 12406, 28349).
* Installer checked for magic_quotes_runtime instead of register_globals.
* (bug 30131) XCache with variable caching disabled no longer used for variable
caching (CACHE_ACCEL)
-* $wgSVGMaxSize is now applied to the smaller of width or height, making very wide
- pano/timeline/diagram SVGs renderable at saner sizes.
+* $wgSVGMaxSize is now applied to the smaller of width or height, making very
+ wide pano/timeline/diagram SVGs renderable at saner sizes.
* (bug 30219) The page shown when LocalSettings.php does not exist was broken on
Windows servers.
* (bug 30074) Moving user JS subpages resulted in JS errors because
#REDIRECT [[Foo]] is invalid JS.
* (bug 30335) Fix for HTMLForms using GET breaking when non-friendly URLs
are used.
-* (bug 30264) Changed installer-generated LocalSettings.php to use require_once()
- instead of require() for included extensions.
+* (bug 30264) Changed installer-generated LocalSettings.php to use
+ require_once() instead of require() for included extensions.
* Tracking categories are no longer shown in footer for special pages.
-* (bug 30684) Fix bad escaping in mw.message for inexistent messages (i.e. <key>).
+* (bug 30684) Fix bad escaping in mw.message for inexistent messages (i.e.
+ <key>).
* $wgOverrideSiteFeed no longer double escapes urls.
* The preprocessor no longer fails with a PHP warning about XML_PARSE_HUGE when
processing complex pages using newer versions of libxml2.
* (bug 30907) Special:Unusedcategories should sort ascendingly.
* (bug 28545) When using the uca-default collation, sortkey's starting with a
- space (U+20) will sort under an invisible header like in 1.16 rather than a U+6DE.
+ space (U+20) will sort under an invisible header like in 1.16 rather than a
+ U+6DE.
* (bug 30192) Thumbnails of archived files are now deleted.
* (bug 30843) mediawiki.Title should not convert extensions (anything after the
last full stop) to lower case).
core parser functions which operate on strings, such as padleft.
* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token
parameter present.
-* (bug 34907) Fixed exposure of tokens through load.php that could have facilitated
- CSRF attacks.
+* (bug 34907) Fixed exposure of tokens through load.php that could have
+ facilitated CSRF attacks.
* (bug 35317) CSRF in Special:Upload.
=== Changes since 1.17.1 ===
-* (bug 33117) prop=revisions allows deleted text to be exposed through cache pollution.
+* (bug 33117) prop=revisions allows deleted text to be exposed through cache
+ pollution.
* (bug 32709) Private Wiki users were always taken to Special:Badtitle on login.
=== Changes since 1.17.0 ===
* Installer checked for magic_quotes_runtime instead of register_globals
* (bug 30131) XCache with variable caching disabled no longer used for variable
caching (CACHE_ACCEL)
-* (bug 30264) Changed installer-generated LocalSettings.php to use require_once()
- instead require() for included extensions.
+* (bug 30264) Changed installer-generated LocalSettings.php to use
+ require_once() instead require() for included extensions.
* (bug 26486) ResourceLoader modules with paths to nonexistent files cause PHP
warnings/notices to be thrown
* (bug 30907) Special:Unusedcategories should sort ascendingly.
* (bug 30219) The page shown when LocalSettings.php does not exist was broken on
Windows servers.
-* Hardcoded NLS_NUMERIC_CHARACTERS for Oracle DB to prevent type conversion errors.
-* Fixed recentchanges FK violation on page delete and cache purge error in updater
- for Oracle DB.
+* Hardcoded NLS_NUMERIC_CHARACTERS for Oracle DB to prevent type conversion
+ errors.
+* Fixed recentchanges FK violation on page delete and cache purge error in
+ updater for Oracle DB.
* (bug 32276) Skins were generating output using the internal page title which
would allow anonymous users to determine whether a page exists, potentially
leaking private data. In fact, the curid and oldid request parameters would
* Fixed JS error due to missing dependency for jquery.suggestions.
* Exposed $wgExtensionAssetsPath in JavaScript.
* (bug 28738) Made ResourceLoader support environments with small URL length
- limits. The length limit can be configured via $wgResourceLoaderMaxQueryLength,
- and this is set automatically in the generated LocalSettings.php when the
- php.ini variable "suhosin.get.max_value_length" is set. When a URL exceeds
- this limit, the request is split up. Also, reduced the average length of
- load.php URLs by using a more compact parameter format.
+ limits. The length limit can be configured via
+ $wgResourceLoaderMaxQueryLength, and this is set automatically in the
+ generated LocalSettings.php when the php.ini variable
+ "suhosin.get.max_value_length" is set. When a URL exceeds this limit, the
+ request is split up. Also, reduced the average length of load.php URLs by
+ using a more compact parameter format.
* (bug 25262) Fix for minification of hardcoded data: URIs in CSS.
* (bug 25124) Respect $wgStyleDirectory in ResourceLoader.
* Allow installation when no HTTP client is available, don't throw an exception.
* Non-file pages can no longer be moved to the file namespace, nor vice versa.
* (bug 671) The <dfn>, <kbd> and <samp> elements have been whitelisted in user
input.
-* (bug 21503) There's now a "reason" field when creating account for other users.
+* (bug 21503) There's now a "reason" field when creating account for other
+ users.
* (bug 24418) action=markpatrolled now requires a token.
* A variety of category sort-related fixes, including:
** (bug 164) In English, lowercase and uppercase letters now sort the same.
* (bug 23747) Make sure that on History pages, the RevDel button is not
accidentally activated when hitting enter.
* (bug 23845) Special:ListFiles now uses correct file names without underscores.
-* Ask for permanent login in Special:Preferences only if $wgCookieExpiration > 0.
+* Ask for permanent login in Special:Preferences only if $wgCookieExpiration >
+ 0.
* (bug 16356) Repair dumpInterwiki.inc to use proper normalization.
* (bug 24006) deleteArchivedRevisions.php maintenance script now longer throws
a fatal error.
$wgGroupPermissions now appear on Special:ListGroupRights.
* (bug 23923) Special:Prefixindex no longer shows results if nothing was
requested.
-* (bug 22308) Search now finds text in default main page immediately after setup.
+* (bug 22308) Search now finds text in default main page immediately after
+ setup.
* (bug 25697) Make sure empty lines render in diff view.
* Use an actual minus sign in diff views, instead of a hyphen.
* (bug 23732) Clarified "n links" message on Special:MostLinkedFiles.
parameters.
* (bug 25175) HTML file cache now honor $wgCacheDirectory if
$wgFileCacheDirectory is not set.
-* (bug 13353) Diff3 version checks were too strict, did not detect working diff3.
+* (bug 13353) Diff3 version checks were too strict, did not detect working
+ diff3.
* (bug 25843) Links to special pages using link= attribute on images are now
normalised like normal links to special pages.
* (bug 21364) External links using link= attribute on images now respect
absolute URLs in the sitemap index (as required e.g. by Google).
* Partial workaround for bug 6220: at least make files on shared repositories
show up as (struck-out) bluelinks instead of redlinks on Special:WantedFiles.
-* rebuildFileCache.php no longer creates inappropriate cache files for redirects.
+* rebuildFileCache.php no longer creates inappropriate cache files for
+ redirects.
* (bug 25512) Subcategory list should not include category prefix for members.
* (bug 10871) Javascript and CSS pages in MediaWiki namespace are no longer
treated as wikitext on preview.
* (bug 22753) Output from update.php is more clear when things changed, entries
indicating nothing changed are now all prefixed by "..."
* (bug 16019) $wgArticlePath = "/$1" no longer breaks API edit/watch actions.
-* (bug 18372) File types blacklisted by $wgFileBlacklist will no longer be shown as
- "Permitted file types" on the upload form.
+* (bug 18372) File types blacklisted by $wgFileBlacklist will no longer be shown
+ as "Permitted file types" on the upload form.
* (bug 26540) Fixed wrong call to applyPatch in MysqlUpdater.
* (bug 26034) Make the "View / Read" tab in content_navigation style tabs remain
selected when the action is "purge".
* (bug 26733) Wrap initial table creation in transaction.
* (bug 26208) Mark directionality of some interlanguage links.
-* (bug 26716) Provide link to instructions for external editor related preferences.
+* (bug 26716) Provide link to instructions for external editor related
+ preferences.
* (bug 26961) Hide anon edits in watchlist preference now actually works.
* (bug 1379) Installer directory conflicts with some hosts' configuration panel.
-* (bug 27781) Installer does not warn about 5.1.x. Added a compatibility function
- for array_key_exists().
+* (bug 27781) Installer does not warn about 5.1.x. Added a compatibility
+ function for array_key_exists().
* Fix XML well-formedness on a few pages when $wgHtml5 is true (the default).
* (bug 28069) MediaWiki fails streaming files when mod_deflate and ob_gzhandler
are also set.
* (bug 26223) Concurrently moving an article to different titles leaks a
redirect revision with no page.
* (bug 15641) Fixed permissions checks in Special:Import which allowed users
- without the 'import' permission to import pages from configured import sources.
+ without the 'import' permission to import pages from configured import
+ sources.
* (bug 26449) Keep underlines from headings outside of tables and thumbs by
adding overflow:hidden to h1,h2,h3,h4,h5,h6 (also fixes editsection bunching).
* (bug 26708) Remove background-color:white from tables in Monobook and Vector.
-* (bug 26781) {{PAGENAME}} and related parser functions escape their output better.
-* (bug 26716) Provide link to instructions for external editor related preferences
- and add a comment to the ini control file explaining what is going on.
+* (bug 26781) {{PAGENAME}} and related parser functions escape their output
+ better.
+* (bug 26716) Provide link to instructions for external editor related
+ preferences and add a comment to the ini control file explaining what is going
+ on.
* (bug 28422) Remove color:black from tables in Monobook and Vector. And add it
to table.wikitable instead.
* (bug 27560) Search queries no longer fail in walloon language.
* (bug 27508) SVGMetadataExtractor takes too much resources on huge svgs.
* (bug 27465) SVG thumbnail generation.
* (bug 27467) preload can leave UNIQ.
-* (bug 27539) Allow attributes beginning with a digit in wikitext tag parameters.
+* (bug 27539) Allow attributes beginning with a digit in wikitext tag
+ parameters.
* (bug 27328) using relative paths in CSS imports in MediaWiki:Common.css broken
in 1.17.
* (bug 27333) Fix repetitive last-seen time queries on page history.
* Removed $wgRemoteUploads. It was not well supported and superseded by
$wgUploadNavigationUrl.
* (bug 26253) $wgPostCommitUpdateList has been removed
-* The PHPUnit test suite has been removed from this release due to serious issues
- which should be resolved by the 1.18 release.
+* The PHPUnit test suite has been removed from this release due to serious
+ issues which should be resolved by the 1.18 release.
* Oracle DB now uses the __destruct function to commit/close connection as it
doesn't commit on close if transation is triggered in OCI.
skin-specific JS pages
* (bug 5061) Use the more precise thumbcaption thumbimage and thumbinner classes
for image divs.
-* (bug 22096) IE50Fixes.css and IE55Fixes.css have been dropped from the Monobook
- and Chick skins
+* (bug 22096) IE50Fixes.css and IE55Fixes.css have been dropped from the
+ Monobook and Chick skins
* Fixed bug involving unclosed "-{" markup in the language converter
-* (bug 21870) No longer include Google logo from an external server on wiki error.
+* (bug 21870) No longer include Google logo from an external server on wiki
+ error.
* (bug 22181) Do not truncate if the ellipsis actually make the string longer
* (bug 16039) Text disappearing after a bad image
* (bug 18784) Internal links like [[File:Foo|caption]] should read 'caption',
* (bug 20233) ApiLogin::execute() doesn't handle LoginForm :: RESET_PASS
* (bug 22061) API: add prop=headitems to action=parse
* (bug 22240) API: include time in siteinfo
-* (bug 22241) Quick edit is still using the deprecated watch parameter (API: Setting default for watch/unwatch wrongly set)
+* (bug 22241) Quick edit is still using the deprecated watch parameter (API:
+ Setting default for watch/unwatch wrongly set)
* (bug 22245) blfilterredirect=nonredirects in blredirect mode wrongly filtering
* (bug 22248) Output extension URLs in meta=siteinfo&siprop=extensions
-* Support key-params arrays in 'descriptionmsg' in meta=siteinfo&siprop=extensions
+* Support key-params arrays in 'descriptionmsg' in
+ meta=siteinfo&siprop=extensions
* (bug 21922) YAML output should quote asterisk when used as key
* (bug 22297) safesubst: to allow substitution without breaking transclusion
* (bug 18758) API read of watchlist's wl_notificationtimestamp
with class 'mw-specialpage-summary'
* $wgSummarySpamRegex added to handle edit summary spam. This is used *instead*
of $wgSpamRegex for edit summary checks. Text checks still use $wgSpamRegex.
-* New function to convert content text to specified language (only applies on wiki with
- LanguageConverter class)
+* New function to convert content text to specified language (only applies on
+ wiki with LanguageConverter class)
* (bug 17844) Redirect users to a specific page when they log in, see
$wgRedirectOnLogin
-* Added a link to Special:UserRights on Special:Contributions for privileged users
+* Added a link to Special:UserRights on Special:Contributions for privileged
+ users
* (bug 10336) Added new magic word {{REVISIONUSER}}, which displays the editor
of the displayed revision
* LinkerMakeExternalLink now has an $attribs parameter for link attributes and
a $linkType parameter for the type of external link being made
-* (bug 17785) Dynamic dates surrounded with a <span> tag, fixing sortable tables with
- dynamic dates.
-* (bug 4582) Provide preference-based autoformatting of unlinked dates with the dateformat
- parser function.
-* (bug 17886) Special:Export now allows you to export a whole namespace (limited to 5000 pages)
+* (bug 17785) Dynamic dates surrounded with a <span> tag, fixing sortable tables
+ with dynamic dates.
+* (bug 4582) Provide preference-based autoformatting of unlinked dates with the
+ dateformat parser function.
+* (bug 17886) Special:Export now allows you to export a whole namespace (limited
+ to 5000 pages)
* (bug 17714) Limited TIFF upload support now built in if 'tif' extension is
- enabled. Image width and height are now recognized, and when using ImageMagick,
- optional flattening to PNG or JPEG for inline display can be enabled by setting
- $wgTiffThumbnailType
-* Renamed two input IDs on Special:Log from 'page' and 'user' to 'mw-log-page' and
- 'mw-log-user', respectively
+ enabled. Image width and height are now recognized, and when using
+ ImageMagick, optional flattening to PNG or JPEG for inline display can be
+ enabled by setting $wgTiffThumbnailType
+* Renamed two input IDs on Special:Log from 'page' and 'user' to 'mw-log-page'
+ and 'mw-log-user', respectively
* Added $wgInvalidUsernameCharacters to disallow certain characters in
usernames during registration (such as "@")
* Added $wgUserrightsInterwikiDelimiter to allow changing the delimiter
on a different database
* Add a class if 'missingsummary' is triggered to allow styling of the summary
line
-* Title attributes are now always blank on framed and thumbnailed images, and default to blank
- on inline images instead of defaulting to the image's filename. Additionally, the alt
- attribute now defaults to the filename on framed and thumbnailed images if no caption or alt
- attribute is specified.
+* Title attributes are now always blank on framed and thumbnailed images, and
+ default to blank on inline images instead of defaulting to the image's
+ filename. Additionally, the alt attribute now defaults to the filename on
+ framed and thumbnailed images if no caption or alt attribute is specified.
=== Bug fixes in 1.15 ===
* (bug 16968) Special:Upload no longer throws useless warnings.
queue
* (bug 17761) "show/hide" link in page history in now works for the first
displayed revision if it's not the current one
-* (bug 17722) Fix regression where users are unable to change temporary passwords
+* (bug 17722) Fix regression where users are unable to change temporary
+ passwords
* (bug 17799) Special:Random no longer throws a database error when a non-
namespace is given, silently falls back to NS_MAIN
* (bug 17751) The message for bad titles in WantedPages is now localized
IS NULL
* (bug 18018) Deleting a file redirect leaves behind a malfunctioning redirect
* (bug 17537) Disable bad zlib.output_compression output on HTTP 304 responses
-* (bug 11213) [edit] section links in printable version no longer appear when you cut-and-paste article text
+* (bug 11213) [edit] section links in printable version no longer appear when
+ you cut-and-paste article text
* (bug 17405) "Did you mean" to mirror Go/Search behavior of original request
* (bug 18116) 'edittools' is now output identically on edit and upload pages
-* (bug 17241) The diffonly URI parameter should cascade to "Next edit" and "Previous edit" diff links
-* (bug 16823) 'Sidebar search form should not use Special:Search view URL as target'
+* (bug 17241) The diffonly URI parameter should cascade to "Next edit" and
+ "Previous edit" diff links
+* (bug 16823) Sidebar search form should not use Special:Search view URL as
+ target
* (bug 16343) Non-existing, but in use, category pages can be "go" match hits
* Fixed a CSS validation issue which allowed external images to be included
into wikis where that is disallowed by configuration.
* (bug 17288) Messages improved for default language (English)
* (bug 12937) Update native name for Afar
* (bug 16909) 'histlegend' now reuses messages instead of copying them
-* (bug 17832) action=delete returns 'unknownerror' instead of 'permissiondenied' when
- the user is blocked
+* (bug 17832) action=delete returns 'unknownerror' instead of 'permissiondenied'
+ when the user is blocked
* Traditional/Simplified Gan Chinese conversion support
== MediaWiki 1.14 ==
* Dropped old Paser_OldPP class. Only new parser with preprocessor is used.
* Moved password reset form from Special:Preferences to Special:ResetPass
* Added Special:ChangePassword as a special page alias for Special:ResetPass
-* Added complementary function for addHandler() called removeHandler() for removing events
+* Added complementary function for addHandler() called removeHandler() for
+ removing events
* Improved security of file uploads for IE clients, using a reverse-engineered
algorithm very similar to IE's content detection algorithm.
* Cascading protection no longer requires that both edit and move are restricted
to sysop, just edit=sysop is enough
-* (bug 2391) A warning is now shown for invalid ISBN numbers on Special:Booksources.
-* Installer has been updated to reflect the release of the GFDL 1.3. The URL for 1.2
- has been updated, and the 1.3 URL has been given. 1.2 is still Wikipedia-compatible.
- RightsCode was changed from 'gfdl' to 'gfdl1_2', so we can now support 1.2 as well
- as 1.3 (gfdl1_3).
-* (bug 16293) PD URL was changed to the CreativeCommons site on PD (which auto-detects
- your language) instead of Wikipedia.
+* (bug 2391) A warning is now shown for invalid ISBN numbers on
+ Special:Booksources.
+* Installer has been updated to reflect the release of the GFDL 1.3. The URL for
+ 1.2 has been updated, and the 1.3 URL has been given. 1.2 is still
+ Wikipedia-compatible. RightsCode was changed from 'gfdl' to 'gfdl1_2', so we
+ can now support 1.2 as well as 1.3 (gfdl1_3).
+* (bug 16293) PD URL was changed to the CreativeCommons site on PD (which
+ auto-detects your language) instead of Wikipedia.
* (bug 16635) The "view and edit watchlist" page (Special:Watchlist/edit) now
includes a table of contents
* File objects returned by wfFindFile() are now cached by default
* (bug 16459) Use native getElementsByClassName where possible, for better
performance in modern browsers
* Enable \cancel and \cancelto in texvc (recompile required)
-* Added 'UserCryptPassword' and 'UserComparePasswords' hooks to allow extensions to implement
- their own password hashing methods.
+* Added 'UserCryptPassword' and 'UserComparePasswords' hooks to allow extensions
+ to implement their own password hashing methods.
* (bug 16760) Add CSS-class to action links of Special:Log
* (bug 505) Time zones can now be specified by location in user preferences,
avoiding the need to manually update for DST. Patch by Brad Jorsch.
checked
* (bug 13376) Use $wgPasswordSender, not $wgEmergencyContact, as return
address for page update notification mails.
-* API: Registration time of users registered before the DB field was created is now
- shown as empty instead of the current time.
+* API: Registration time of users registered before the DB field was created is
+ now shown as empty instead of the current time.
* (bug 14904): fragments were lost when redirects were fixed.
* Added magic word __STATICREDIRECT__ to suppress the redirect fixer
* (bug 15035) Revert English linkTrail to /^([a-z]+)(.*)$/sD, as it was before
$wgAutopromote['emailconfirmed'] = APCOND_EMAILCONFIRMED;
in your LocalSettings.php.
* (bug 2396) New shared database configuration variables. $wgSharedPrefix allows
- you to use a shared database with a different prefix. Or you can now use a local
- database and use prefixes to separate wiki and the shared tables. And the new
- $wgSharedTables variable allows you to specify a list of tables to share.
+ you to use a shared database with a different prefix. Or you can now use a
+ local database and use prefixes to separate wiki and the shared tables. And
+ the new $wgSharedTables variable allows you to specify a list of tables to
+ share.
* Automatic edit summaries can be disabled with $wgUseAutomaticEditSummaries
* Duplicates of images are now shown on the image page
-* $wgRCFilterByAge allows for the list of dates in recent changes special pages to
- be filtered to only those within the range of $wgRCMaxAge
-* $wgRCLinkLimits and $wgRCLinkDays allow for customization of the list and limits
- displayed on the recent changes special pages
+* $wgRCFilterByAge allows for the list of dates in recent changes special pages
+ to be filtered to only those within the range of $wgRCMaxAge
+* $wgRCLinkLimits and $wgRCLinkDays allow for customization of the list and
+ limits displayed on the recent changes special pages
* The "createpage" permission is no longer required when uploading if the target
image page already exists
* $wgMaximumMovedPages restricts the number of pages that can be moved at once
Default: false
* Removed $wgEnableCascadingProtection option. Disabling cascading protection
is no longer possible.
-* $wgMessageCacheType defines now the type of cache used by the MessageCache class,
- previously it was choosen based on $wgParserCacheType
+* $wgMessageCacheType defines now the type of cache used by the MessageCache
+ class, previously it was choosen based on $wgParserCacheType
* $wgExtensionAliasesFiles option to simplify adding aliases to special pages
provided by extensions, in a similar way to $wgExtensionMessagesFiles
* Added $wgXMLMimeTypes, an array of XML mimetypes we can check for
'import-upload' instead of 'upload'
* Add information about user group membership to Special:Preferences
* (bug 14146) Wrap usage section on imagepages into <div>s.
-* New layout for Special:Specialpages. Restricted pages are marked but not separated
- from other pages in their group.
+* New layout for Special:Specialpages. Restricted pages are marked but not
+ separated from other pages in their group.
* (bug 14263) Show a diff of the revert on rollback notification page.
* (bug 13434) Show a warning when hash identical files exist
* Sidebar is now cached for all languages
edits in the last $wgActiveUserDays days.
* SpecialSearchResults hook now passes results by reference, so they can be
changed by extensions.
-* Add a new hook LinkerMakeExternalLink to allow extensions to modify the output of
- external links.
+* Add a new hook LinkerMakeExternalLink to allow extensions to modify the output
+ of external links.
* (bug 14132) Allow user to disable bot edits from being output to UDP.
-* (bug 14328) jsMsg() within Wikibits now accepts a DOM object, not just a string
+* (bug 14328) jsMsg() within Wikibits now accepts a DOM object, not just a
+ string
* (bug 14558) New system message (emailuserfooter) is now added to the footer of
e-mails sent with Special:Emailuser
* Add support for Hijri (Islamic) calendar
-* Add a new hook LinkerMakeExternalImage to allow extensions to modify the output
- of external (hotlinked) images.
+* Add a new hook LinkerMakeExternalImage to allow extensions to modify the
+ output of external (hotlinked) images.
* (bug 14604) Introduced the following features for the LanguageConverter:
Multi-tag support, single conversion flag, remove conversion flag on a single
page, description flag, variant name, multi-variant fallbacks.
* Allow the search box, toolbox and languages box in the Monobook sidebar to be
moved around arbitrarily using special sections in [[MediaWiki:Sidebar]]:
SEARCH, TOOLBOX and LANGUAGES
-* Add a new hook NormalizeMessageKey to allow extensions to replace messages before
- the database is potentially queried
+* Add a new hook NormalizeMessageKey to allow extensions to replace messages
+ before the database is potentially queried
* (bug 9736) Redirects on Special:Fewestrevisions are now marked as such.
* New date/time formats in Cs localization according to ČSN and PČP.
* Special:Recentchangeslinked now includes changes to transcluded pages and
- displayed images; also, the "Show changes to pages linked" checkbox now works on
- category pages too, showing all links that are not categorizations
+ displayed images; also, the "Show changes to pages linked" checkbox now works
+ on category pages too, showing all links that are not categorizations
* (bug 4578) Automatically fix redirects broken by a page move
=== Bug fixes in 1.13 ===
* Make the default filepageexists message accurate
* (bug 12988) $wgMinimalPasswordLength no longer breaks create user by email
* (bug 13022) Fix upload from URL on PHP 5.0.x
-* (bug 13132) Unable to unprotect pages protected with earlier versions of MediaWiki
+* (bug 13132) Unable to unprotect pages protected with earlier versions of
+ MediaWiki
* (bug 12723) OpenSearch description name now uses more compact language code
to avoid passing the length limit as often, is customizable per site via
'opensearch-desc' message.
* (bug 12575) Prevent duplicate patrol log entries from being created
* (bug 13174) __HIDDENCAT__ now applies only to category pages
* (bug 13031) Add links to user pages in e-mail form
-* (bug 13147) Description for categoriespagetext (used in Special:Categories) reworded
+* (bug 13147) Description for categoriespagetext (used in Special:Categories)
+ reworded
* (bug 11561) Fix fatal error when calling action=revert to non-image page
* (bug 12430) Fix call to private method LinkFilter::makeRegex fatal error in
maintenance/cleanupSpam.php
* (bug 13274) Change links for messages to ucfirst
* (bug 13273) Un-hardcode some punctuation (add new messages colon-separator,
autocomment-prefix)
-* Parse MediaWiki message translations with a correct language setting on preview
+* Parse MediaWiki message translations with a correct language setting on
+ preview
* (bug 13281) Treat X-Forwarded-For, Client-ip and User-Agent headers as
case-insensitive names.
* Adding the fix for lists in RTL wikis to more skins, and fixing the image toc
* (bug 13576) maintenance/rebuildrecentchanges.php fails
* (bug 13441) Allow Special:Recentchanges to show bots only
* (bug 13431) Show true message source in Special:Allmessages&ot=php / xml
-* (bug 13463) Login successful page doesn't use user's preferred interface language
+* (bug 13463) Login successful page doesn't use user's preferred interface
+ language
* (bug 13630) Fixed warnings for pass by reference at call time in
Special:Revisiondelete when generating the log entry.
* (bug 12064) BeforePageDisplay hook is now called for all skins
* Do not display empty columns on Special:UserRights if all groups are
changeable or all unchangeable
* Fix fatal error on calling PAGESINCATEGORY with invalid category name
-* (bug 13793) Special:Whatlinkshere filters wrong - after paginating instead of before
+* (bug 13793) Special:Whatlinkshere filters wrong - after paginating instead of
+ before
* (bug 13796) Show links to parent pages even if some of them are missing
* (bug 13816) Filter by main namespace doesn't work on WhatLinksHere
* (bug 13822) Fatal error on some pages when calculating subpage subtitle
* (bug 13934) Fixing the link to GNU General Public License Version 2
* Show correct accesskey prefix for Firefox 3 beta (Alt-Shift-, not Alt-)
* (bug 13949) Special:PrefixIndex/AllPages paging links contain invalid XML
-* (bug 13770) Use Preprocessor_Hash by default to avoid missing DOM module errors
+* (bug 13770) Use Preprocessor_Hash by default to avoid missing DOM module
+ errors
* (bug 13982) Disable ccmeonemails preference when user-to-user mails disabled
* (bug 13615) Update case mappings and normalization to Unicode 5.1.0
- Note that case mappings will only be used if mbstring extension is not present.
+ Note that case mappings will only be used if mbstring extension is not
+ present.
* (bug 14044) Don't increment page view counters on views from bot users
-* (bug 14042) Calling Database::limitResult() misplaced the comment in the log file
+* (bug 14042) Calling Database::limitResult() misplaced the comment in the log
+ file
* (bug 14047) Fix regression in installer which hid DB-specific options
Also makes SQLite path configurable in the installer.
* (bug 13546) Follow image redirects on image page
* (bug 12857) Patrol link on new pages should clear floats
* (bug 12968) Render redirect wikilinks in a redirect class for customization
via user/site CSS.
-* EditPageBeforeEditButtons hook added for altering the edit buttons below the edit box
+* EditPageBeforeEditButtons hook added for altering the edit buttons below the
+ edit box
=== Bug fixes in 1.12 ===
* Fixing message cache updates for MediaWiki messages moves
* (bug 12815) Signature timestamps were always in UTC, even if the timezone code
in parentheses after them claimed otherwise
-* (bug 12732) Fix installer and searching to handle built-in tsearch2 for Postgres.
+* (bug 12732) Fix installer and searching to handle built-in tsearch2 for
+ Postgres.
* (bug 12784) Change "bool" types to smallint to handle Postgres 8.3 strictness.
-* (bug 12301) Allow maintenance/findhooks.php to search hooks in multiple directories.
+* (bug 12301) Allow maintenance/findhooks.php to search hooks in multiple
+ directories.
* (bug 7681, 11559) Cookie values no longer override GET and POST variables.
* (bug 5262) Fully-qualified $wgStylePath no longer corrupted on XML feeds
* (bug 3269) Inaccessible titles ending in '/.' or '/..' now forbidden.
* (bug 11567) Fix error checking for PEAR::Mail. UserMailer::send() now returns
true-or-WikiError, which seems to be the calling convention expected by half
its callers already
-* (bug 12846) IE rtl.css issue in RTL wikis special:Preferences when selecting an
- LTR user language
+* (bug 12846) IE rtl.css issue in RTL wikis special:Preferences when selecting
+ an LTR user language
* (bug 13005) DISPLAYTITLE does not work on preview
* (bug 13004) Fix error on Postgres searches that return too many results.
than good. Proper handheld support will be added at a future date. For now,
display should be acceptable either with CSS turned off or when using a so-
phisticated handheld browser.
-* (bug 3173) Option to offer exported pages as a download, rather than displaying
- inline, as in most browsers
+* (bug 3173) Option to offer exported pages as a download, rather than
+ displaying inline, as in most browsers
* Pass the user as an argument to 'isValidPassword' hook callbacks; see
docs/hooks.txt for more information
* Introduce 'UserGetRights' hook; see docs/hooks.txt for more information
* (bug 6965) Cannot include "Template:R" with {{R}} (magic word conflict)
* Padding parser functions now work with strings like '0' that evaluate to false
* (bug 10332) Title->userCan( 'edit' ) may return false positive
-* Fix bug with <nowiki> in front of links for wikis where linkPrefixExtension is true
+* Fix bug with <nowiki> in front of links for wikis where linkPrefixExtension is
+ true
* (bug 10552) Suppress rollback link in history for single-revision pages
* (bug 10538) Gracefully handle invalid input on move success page
* Fix for Esperanto double-x-encoding in move success page
* (bug 10392) Include MediaWiki version details in version output
* (bug 10411) Site language in meta=siteinfo
* (bug 10391) action=help doesn't return help if format is fancy markup
-* backlinks, embeddedin and imageusage lists should use (bl|ei|iu)title parameter
- instead of titles. Titles for these lists is obsolete and might stop working soon.
+* backlinks, embeddedin and imageusage lists should use (bl|ei|iu)title
+ parameter instead of titles. Titles for these lists is obsolete and might stop
+ working soon.
* Added prop=imageinfo - gets image properties and upload history
* (bug 10211) Added db server replication lag information in meta=siteinfo
* Added external url search within wiki pages (list=exturlusage)
* Added registered users enumeration (list=allusers)
* Added full text search in titles and content (list=search)
* (bug 10684) Expanded list=allusers functionality
-* Possible breaking change: prop=revisions no longer includes pageid for rvprop=ids
-* Added rvprop=size to prop=revisions (The size will not be shown if it is NULL in the database)
-* list=allpages now allows to filter by article min/max size and protection status
+* Possible breaking change: prop=revisions no longer includes pageid for
+ rvprop=ids
+* Added rvprop=size to prop=revisions (The size will not be shown if it is NULL
+ in the database)
+* list=allpages now allows to filter by article min/max size and protection
+ status
* Added site statistics (siprop=statistics for meta=siteinfo)
* (bug 10902) Unable to fetch user contributions from IP addresses
* `list=usercontribs` no longer requires that the user exist
* (bug 10898) API does not return an edit token for non-existent pages
* (bug 10890) Timestamp support for categorymembers query
* (bug 10980) Add exclude redirects on backlinks
-* IPv6 titles in User namespace are normalized (run cleanupTitles.php to fix any old stray pages)
+* IPv6 titles in User namespace are normalized (run cleanupTitles.php to fix any
+ old stray pages)
== Maintenance script changes since 1.10 ==
== Configuration changes ==
-* A new switch $wgCommandLineDarkBg used by maintenance scripts (parserTests.php).
- It lets you specify if your terminal use a dark background, the colorized
- output will be made lighter making things easier to read.
+* A new switch $wgCommandLineDarkBg used by maintenance scripts
+ (parserTests.php). It lets you specify if your terminal use a dark background,
+ the colorized output will be made lighter making things easier to read.
* The minimum permissions needed to edit a page in each namespace can now be
customized via the $wgNamespaceProtection array. By default, editing pages in
the MediaWiki namespace requires "editinterface" permission, as before.
-* Allow restriction of autoconfirmed permission by edit count. New global setting
- $wgAutoConfirmCount (defaulting to zero, naturally).
+* Allow restriction of autoconfirmed permission by edit count. New global
+ setting $wgAutoConfirmCount (defaulting to zero, naturally).
* Added rate limiter for Special:Emailuser
* Private logs can now be created using $wgLogRestrictions
* (Bug 8590) limited HTML is now always enabled ($wgUserHtml = true).
* (bug 6997) Link from Special:log/block to unblock form
* (bug 9117) Link from Special:log/delete to undelete form
* Link from Special:log/protect to change protection form
-* (bug 1196) Add IPv6 support added to blocks, more consistancy for IPv6 contribs
+* (bug 1196) Add IPv6 support added to blocks, more consistancy for IPv6
+ contribs
* (bug 3984) Searching in logs by title%
* Show thumbnail of existing image if image exists already under this filename
* (bug 5546) Watchlist reflects logged actions like move, protection, undelete
* Warning on upload of images with uppercase extension if image with lowercase
extension exists
* (bug 4624) Namespace selection for Special:Whatlinkshere
-* Introduce PageHistoryBeforeList and PageHistoryLineEnding hooks; see docs/hooks.txt
- for more information
-* (bug 9397) Introduce "sp-contributions-footer" and "sp-contributions-footer-anon"
- messages, shown at the end of Special:Contributions as appropriate for the target
+* Introduce PageHistoryBeforeList and PageHistoryLineEnding hooks; see
+ docs/hooks.txt for more information
+* (bug 9397) Introduce "sp-contributions-footer" and
+ "sp-contributions-footer-anon" messages, shown at the end of
+ Special:Contributions as appropriate for the target
* (bug 8421) Expose current action in JavaScript globals (as 'wgAction')
* (bug 9069) Use galleries in query pages dedicated to images
-* (bug 9177) Installer now warns of various conditions affecting session.save_path
- which can lead to broken session storage
+* (bug 9177) Installer now warns of various conditions affecting
+ session.save_path which can lead to broken session storage
* (bug 9046) Special page to list pages without language links
* (bug 9508) Special page to list articles with the fewest revisions
* Introduce 'FileUpload' hook; see docs/hooks.txt for more information
* Introduce 'SearchUpdate' hook; see docs/hooks.txt for more information
-* Introduce 'mywatchlist' message; used on personal menu to link to watchlist page
+* Introduce 'mywatchlist' message; used on personal menu to link to watchlist
+ page
* Introduce magic word {{NUMBEROFEDITS}}
* Introduced media handlers for file-type specific operations.
* Improved error reporting for image thumbnailing
500 characters
* Predefined block reasons added to Special:Blockip
* (bug 9196) Installer now check that zend.ze1_compatibility_mode is off
-* (bug 9697) Introduce 'InternalParseBeforeLinks' hook; see docs/hooks.txt for more information
+* (bug 9697) Introduce 'InternalParseBeforeLinks' hook; see docs/hooks.txt for
+ more information
* 'contribsub' message changed to 'contribsub2' with two parameters to permit
better localization. Change is reverse-compatible and can be ignored for
most wikis.
* Ignore self closing on closing tags ( '</div />' now gives '</div>')
* (bug 8673) Minor fix for web service API content-type header
* Fix API revision list on PHP 5.2.1; bad reference assignment
-* (bug 8688) Handle underscores/spaces in Special:Blockip and Special:Ipblocklist
- in a consistent manner
+* (bug 8688) Handle underscores/spaces in Special:Blockip and
+ Special:Ipblocklist in a consistent manner
* (bug 8701) Check database lock status when blocking/unblocking users
* ParserOptions and ParserOutput classes are now in their own files
* (bug 8708) Namespace translations for Zealandic language
* (bug 8780) Clarify message for command-line scripts if LocalSettings.php
exists but is not readable
* dumpBackup / importDump now work with PostgreSQL
-* (bug 8975) Use "Maintenance script" as the default username for importImages.php
- and importTextFile.php scripts
+* (bug 8975) Use "Maintenance script" as the default username for
+ importImages.php and importTextFile.php scripts
* (bug 8933) Fix maintenance/reassignEdits.php script
* (bug 9440) Added "mediawikiwiki" interwiki prefix to MediaWiki.org
* (bug 2979) Import now gracefully skips invalid titles with a warning
* (bug 6427) Block blocked IPs from using the mail password function
to allow blocking of flooders
* Include common.css from classic-style skins in main HTML with the bump URL
-* (bug 7607) Add Karakalpak (kaa) to Names.php and stub message file for linktrail
+* (bug 7607) Add Karakalpak (kaa) to Names.php and stub message file for
+ linktrail
* (bug 7582) Add 'tog-nolangconversion' to MessagesEn.php.
This key is need for languages with variants (zh, sr, kk)
* (bug 7606) MediaWiki messages for "rss" and "atom" missing
* (bug 7741) MATH: fixed broken syntax of underbrace etc. Fixed arrays
* Fix purging for updated SVG files
* (bug 7745) Add id attribute to search button in Monobook
-* (bug 7749) MATH: added some more LaTeX symbols, e.g. parallel, diamond, ast, ...
+* (bug 7749) MATH: added some more LaTeX symbols, e.g. parallel, diamond, ast...
* (bug 7304) Added code in Article.php to keep redirect table up to date.
* Made special page names case-insensitive and localisable. Care has been taken
to maintain backwards compatibility.
* Remove entries from redirect table on article deletion
* (bug 7788) Force section headers in new section links for users who have
'prompt for blank edit summaries' on.
-* (bug 1133) Special:Emailuser: add an option to send yourself a copy of your mail.
+* (bug 1133) Special:Emailuser: add an option to send yourself a copy of your
+ mail.
* (bug 461) Allow "Categories:" link at bottom of pages to be customized via
pagecategorieslink message.
* Sort the list of skins in "My Preferences" -> Skins by alphabetical order.
without the ipb_enable_autoblock option no longer show up as "autoblock
disabled" on Special:Ipblocklist.
* (bug 7774) MATH: aded more amstex functions
-* (bug 1182) MATH: fixed inconsistent rendering of upper case Greek letters in TeX
+* (bug 1182) MATH: fixed inconsistent rendering of upper case Greek letters in
+ TeX
* Fix regression in streaming page dump generation
* (bug 7801) Add support for parser function hooks in parser tests
* checkUsernames.php now uses wfDebugLog instead of hardcoded path to log
* (bug 7826) Fix typos in two English messages.
* (bug 5365) Stop users being prompted to enter an edit summary for null edits,
if they have selected that option in preferences.
-* (bug 5936) Show an 'm' to the left of the edit summary on diff pages for minor edits.
+* (bug 5936) Show an 'm' to the left of the edit summary on diff pages for minor
+ edits.
* (bug 7820) Improve error reporting for uploads via URL.
-* (bug 5149) When autoblocks are enabled, retroactively apply an autoblock to the most
- recently used IP of a user when they are blocked.
-* Add an index on (rc_user_text,rc_timestamp) on the recentchanges table. This will
- make CheckUser.php and the new retroactive autoblock functionality faster.
+* (bug 5149) When autoblocks are enabled, retroactively apply an autoblock to
+ the most recently used IP of a user when they are blocked.
+* Add an index on (rc_user_text,rc_timestamp) on the recentchanges table. This
+ will make CheckUser.php and the new retroactive autoblock functionality
+ faster.
* Fix regression in Special:Undelete for revisions deleted under MediaWiki 1.4
with compression or legacy encoding
* (bug 6737) Fixes for MySQL 5 schema in strict mode
* Do a check for the PHP 5.0.x 64-bit bug, since this is much more disruptive
as of MW 1.8 than it used to be. Install or upgrade now aborts with a
warning and a request to upgrade.
-* (bug 6440) Updated indexes to improve backlinking queries (links, templates, images)
+* (bug 6440) Updated indexes to improve backlinking queries (links, templates,
+ images)
* Switched 'anon-only' block mode to default for IP blocks
* (bug 3687, 7892) Add distinct heading for media files in category display,
with count.
* (bug 1578) Add different icons for external links to audio, video, or PDF in
Monobook.
-* Made autoblocks block account creation if the user block has that option enabled.
+* Made autoblocks block account creation if the user block has that option
+ enabled.
* Add auto-summaries to blankings and large removals without summaries.
* (bug 7811) Allow preview of edit summaries.
* (bug 6839) Wikibits.js minor changes to make JS-lint happier.
* (bug 7554) The correct MIME type for SVG images is now displayed on the
image page (image/svg+xml, not image/svg).
* (bug 7883) Added autoblock whitelisting feature, using which specific ranges
- can be protected from autoblocking. These ranges are specified, in list format,
- in the autoblock_whitelist system message.
+ can be protected from autoblocking. These ranges are specified, in list
+ format, in the autoblock_whitelist system message.
* Added placeholders for text injection by hooks to EditPage.php
-* (bug 8009) Automatic edit summary for redirects is not filled for edits in existing pages
+* (bug 8009) Automatic edit summary for redirects is not filled for edits in
+ existing pages
* Installer support for experimental MySQL 4.1/5.0 binary-safe schema
* Use INSERT IGNORE for db-based BagOStuff add/insert, for more memcache-like
behavior when keys already exist on add (instead of dying with an error...)
* Add a hook 'UploadForm:initial' before the upload form is generated, and two
- member variable for text injection into the form, which can be filled by the hooks.
-* (bug 6295) Add a "revision patching" functionality, where an edit can be undone
+ member variable for text injection into the form, which can be filled by the
+ hooks.
+* (bug 6295) Add a "revision patching" functionality, where an edit can be
+ undone
(with a functionality similar to diff rev1 rev2 | patch -R rev3 -o rev3).
This is triggered by including &undo=revid in an edit URL. A link to a URL
that will undo a given edit is shown on NEW revision headers on diff pages.
* Added a configuration variable allowing the "break out of framesets" feature
to be switched on and off ($wgBreakFrames). Off by default.
* Allow Xml::check() $attribs parameter to override 'value' attribute
-* DB schema change: added two columns (rc_old_len and rc_new_len) to the recentchanges table to store
- the text lengths before and after the edit
-* (bug 1085) Made Special:Recentchanges show the character difference between the changed revisions
-* Removed a redundant <strong> tag from diff pages that was causing display issues for some users
-* (bug 8203) The keyboard shortcut for "log out" was removed, because users were pressing it
- when they intended to press the shortcut for "preview".
+* DB schema change: added two columns (rc_old_len and rc_new_len) to the
+ recentchanges table to store the text lengths before and after the edit
+* (bug 1085) Made Special:Recentchanges show the character difference between
+ the changed revisions
+* Removed a redundant <strong> tag from diff pages that was causing display
+ issues for some users
+* (bug 8203) The keyboard shortcut for "log out" was removed, because users
+ were pressing it when they intended to press the shortcut for "preview".
* (bug 8148) Handle non-removable output buffers gracefully when cleaning
buffers for HTTP 304 responses, StreamFile, and Special:Export.
Duplicated code merged into wfResetOutputBuffers() and wfClearOutputBuffers()
revisions
* (bug 8214) Output file size limit and actual file size in appropriate units
on Special:Upload
-* (bug 8016) Purge objectcache table during upgrade processes - use the --nopurge
- option to prevent this when running maintenance/update.php
+* (bug 8016) Purge objectcache table during upgrade processes - use the
+ --nopurge option to prevent this when running maintenance/update.php
* (bug 7612) Remove superfluous link to Special:Categories from result items
on Special:Mostcategories
* {{PLURAL:}} now handles formatted numbers correctly
* (bug 8372) Return nothing on empty <math> tags.
* New maintenance script to show the cached statistics : showStats.php.
* Count deleted edits when regenerating total edits in maintenance/initStats.php
-* (bug 3706) Allow users to be exempted from IP blocks. The ipblock-exempt permission
- key has been added to enable this behavior, by default assigned to sysops.
+* (bug 3706) Allow users to be exempted from IP blocks. The ipblock-exempt
+ permission key has been added to enable this behavior, by default assigned to
+ sysops.
* (bug 7948) importDump.php now warn that Recentchanges need to be rebuild.
* (bug 7667) allow XHTML namespaces customization
* (bug 8531) Correct local name of Lingála (patch by Raymond)
(blocked mid-edit) and the page doesn't exist
* Improve default value of "blockedtext"
* (bug 6680) Added localisation for Dutch bookstore list (nl)
-* Renamed maintainace script redundanttrans.php to unusedMessages.php - clearer usage
+* Renamed maintainace script redundanttrans.php to unusedMessages.php - clearer
+ usage
* Fix regression which allowed some blocked users to create additional accounts
* (bug 6657) Fix Hungarian linktrail
* (bug 6751) Fix preview of blanked section with edit on first preview option
* Added "serialized" directory, for storing precompiled data in serialized form.
* Fix regression in auto-set NS_PROJECT_TALK namespace
* Fix regression in ordering of namespaces
-* (bug 6806, 6030) Added several global JS variables for article path, user name,
- page title, etc.
+* (bug 6806, 6030) Added several global JS variables for article path, user
+ name, page title, etc.
* hooks registered with addOnloadHook are now called at the one of the html body
by all skins.
* Split ajax aided search from core ajax framework. Use wgUseAjax to enable the
* (bug 6919) Add English alias magic words for Tatar (tt) language file.
* (bug 6753) Fixed broken Kazakh linktrail (kk)
* (bug 6700) Added Kazakh language variants to Names.php
-* (bug 6827) some i18n specific maintenance scripts fails after merge of localisation-work branch
-* Throwed an exception for the deprecated functions OutputPage::sysopRequired and
- OutputPage::developerRequired - use OutputPage::permissionRequired instead.
-* Removed the deprecated functions User::isSysop, User::isBureaucrat and User::isDeveloper -
- use User::isAllowed instead.
-* (bug 769) OutputPage::permissionRequired() should suggest groups with the needed permission
+* (bug 6827) some i18n specific maintenance scripts fails after merge of
+ localisation-work branch
+* Throwed an exception for the deprecated functions OutputPage::sysopRequired
+ and OutputPage::developerRequired - use OutputPage::permissionRequired
+ instead.
+* Removed the deprecated functions User::isSysop, User::isBureaucrat and
+ User::isDeveloper - use User::isAllowed instead.
+* (bug 769) OutputPage::permissionRequired() should suggest groups with the
+ needed permission
* (bug 6971) Fix regression in Special:Export history view
* Revamped Special:Imagelist
* (bug 7000) updated MessagesPl.php
* (bug 7044) Introduce "padleft" and "padright" colon functions
* Pass page title as parameters to "linkshere" and "nolinkshere" and update
default message text
-* Allows to upload from publicy accessible URL. Set $wgAllowCopyUploads = true ; in LocalSettings.php
- Limited to $wgMaxUploadSize (default:100MB); URL upload is limited to sysops by default, and displayed as a second line if appropriate
+* Allows to upload from publicy accessible URL. Set $wgAllowCopyUploads = true;
+ in LocalSettings.php
+ Limited to $wgMaxUploadSize (default:100MB); URL upload is limited to sysops
+ by default, and displayed as a second line if appropriate
* (bug 832) Return to user page after emailing a user
* (bug 366) Add local-system-timezone equivalents for date/time variables
* (bug 7109) Fix Atom feed version number in header links
* Fix bug in wfRunHooks which caused corruption of objects in the hook list
* (bug 4979) Use simplified email addresses when running on Windows
* (bug 4434) Show block log fragment on Special:Blockip
-* [[MediaWiki:Disambiguationspage]] may optionally contain wiki links to any number
- of disambiguation templates.
-* [[Special:Disambiguations]] now shows pages in NS:0 that link to any pages that embed
- any of the templates listed at [[MediaWiki:Disambiguationspage]].
+* [[MediaWiki:Disambiguationspage]] may optionally contain wiki links to any
+ number of disambiguation templates.
+* [[Special:Disambiguations]] now shows pages in NS:0 that link to any pages
+ that embed any of the templates listed at [[MediaWiki:Disambiguationspage]].
* Fix formatting of titles on Special:Undelete
* (bug 7026) Fix action=raw&templates=expand
* (bug 6976) Add namespace and direction classes to classic skins
-* (bug 7144) Don't "return to main" from OutputPage::loginToUse() if the user can't
- read the main page in the first place
+* (bug 7144) Don't "return to main" from OutputPage::loginToUse() if the user
+ can't read the main page in the first place
* (bug 7188) Fix minor borkage in HTMLForm
-* (bug 6675) Replaced message 'watchthis' with new message 'watchthisupload in Special:Upload
+* (bug 6675) Replaced message 'watchthis' with new message 'watchthisupload in
+ Special:Upload
* Add a quickie script dumpSisterSites.php for generating a page list in the
format for WSR-1 SisterSites support
* (bug 7223) Monobook.js is used for site content, should not be localized
* Added Xml::option() for generating <option>s easily
* Localized page numbers in drop-down for DjVu page selection
* Fixed linktrail for vi
-* (bug 6893) "Call to a member function exists() on a non-object" on trackback.php with bad input
+* (bug 6893) "Call to a member function exists() on a non-object" on
+ trackback.php with bad input
* (bug 6886) PHP undefined offset on bad input to Special:Revisiondelete
-* (bug 6887) PHP error for call to getId() on bad input to Special:Revisiondelete
-* (bug 6888) PHP error for call to getTimestamp() on bad input to Special:Revisiondelete
-* (bug 7252) Use dvipng support in texvc math rastrization. dvipng is required if texvc is rebuilt.
+* (bug 6887) PHP error for call to getId() on bad input to
+ Special:Revisiondelete
+* (bug 6888) PHP error for call to getTimestamp() on bad input to
+ Special:Revisiondelete
+* (bug 7252) Use dvipng support in texvc math rastrization. dvipng is required
+ if texvc is rebuilt.
* (bug 7279) Use wfBaseName in place of basename() in more places
* Clear newtalk marker on diff links with explicit current revision number
* (bug 7064) Replace hard-coded empty message checks with wfEmptyMsg calls
* Set Vary: Cookie on action=raw generated CSS and JS, to ensure that user
preferences don't get stuck in proxy caches for other people
* (bug 7324) Fix error message for failure of Database::sourceFile()
-* (bug 7309) Plurals: use singular form for zero in French and Brazilian Portuguese
+* (bug 7309) Plurals: use singular form for zero in French and Brazilian
+ Portuguese
* Add page_no_title_convert field to support language variant conversion
for page titles which shouldn't be converted on display/linking
* Lazy extraction of text chunks in Revision objects, may reduce hits to
in $wgMemc, to further reduce hits to external storage.
Set to 0 (disabled) by default.
* Minor changes to the installer.
-* Remove ":" for 'youremail' and 'yourrealname' in includes/templates/Userlogin.php
- so that ":" could be used in i18n for Special:Preferences (like 'username' and 'uid').
-* Fix layout for Special:Preferences->Date and Time (position for 'timezonetext').
+* Remove ":" for 'youremail' and 'yourrealname' in
+ includes/templates/Userlogin.php so that ":" could be used in i18n for
+ Special:Preferences (like 'username' and 'uid').
+* Fix layout for Special:Preferences->Date and Time (position for
+ 'timezonetext').
* Updates to language variant code for Serbian et al
* (bug 6756) Enabling RTL direction for kk-cn
* (bug 6701) Kazakh language variants in MessagesEn.php
* (bug 7335) SVN revision check in Special:Version fails on SVN 1.4 working copy
-* (bug 6518) Replaced 'lastmodified' with 'lastmodifiedat' and 'lastmodifiedby' with 'lastmodifiedatby'
- with separated parameters for date and time to allow better localisation. Updated all message files
- to display the old format for compatibility.
+* (bug 6518) Replaced 'lastmodified' with 'lastmodifiedat' and 'lastmodifiedby'
+ with 'lastmodifiedatby' with separated parameters for date and time to allow
+ better localisation. Updated all message files to display the old format for
+ compatibility.
* (bug 7357) Make supposedly static methods of Skin actually static
* Added info text to Special:Deadendpages and Special:Lonelypages
* Fix regression in cachability of generated CSS and JS for MonoBook skin,
* (bug 6849) Block @ from usernames; interferes with multi-database tools and
was meant to be banned years ago... For now existing accounts will not be
prevented fromm login.
-* (bug 6092) Introduce magic words {{REVISIONDAY}}, {{REVISIONDAY2}, {{REVISIONMONTH}},
- {{REVISIONYEAR}} and {{REVISIONTIMESTAMP}}
+* (bug 6092) Introduce magic words {{REVISIONDAY}}, {{REVISIONDAY2},
+ {{REVISIONMONTH}}, {{REVISIONYEAR}} and {{REVISIONTIMESTAMP}}
* (bug 7425) Preceeding whitespace in [[...]] breaks subpages
* Try to reconnect after transitory database errors in dumpTextPass.php
-* (bug 6023) Fixed mismatch of 0/NULL for wl_notificationtimestamp; now notification
- mails are working after 'Mark all pages visited' button on Special:Watchlist is clicked
+* (bug 6023) Fixed mismatch of 0/NULL for wl_notificationtimestamp; now
+ notification mails are working after 'Mark all pages visited' button on
+ Special:Watchlist is clicked
* Made {{INT:}} a core parser function instead of a special case. The syntax
and behavior is largely unchanged.
* (bug 7448) Fixing the native name for Ewe (ee)
-* (bug 6864) Replace message 'editing' with new message 'editinguser' in Special:Userrights
- to allow better localisation
-* Add '*-summary' for special pages to MessagesEn.php to allow customizing/translation
- directly through Special:Allmessages
-* (bug 6130, bug 5818) Replaced message 'go' with the new message 'searcharticle' in skins
- to allow better localisation
+* (bug 6864) Replace message 'editing' with new message 'editinguser' in
+ Special:Userrights to allow better localisation
+* Add '*-summary' for special pages to MessagesEn.php to allow
+ customizing/translation directly through Special:Allmessages
+* (bug 6130, bug 5818) Replaced message 'go' with the new message
+ 'searcharticle' in skins to allow better localisation
* Add + to $wgLegalTitleChars by default. Some sites may have occasional
problems with hard-to-reach pages, but it should be less trouble than
"I can't import dumps from Wikipedia" complaints
* (bug 7520) Update article counts on XML import
* (bug 7526) Make $wgDefaultUserOptions work again
* (bug 7472) Localize Help namespace for Basque
-* (bug 7529) Including a non-existent category in an article places that article in the category
+* (bug 7529) Including a non-existent category in an article places that article
+ in the category
* (bug 4528) Lack of important LaTeX functions stackrel, rightleftharpoon
-* (bug 6721) missing symbols ulcorner, urcorner, llcorner, lrcorner, twoheadrightarrow, twoheadleftarrow
-* (bug 7367) Hyphens sometimes erroneously appended to equations when not converted to PNG
-* Add "title" to the opensearch link to allow automatic adding of the search engine in Firefox 2
+* (bug 6721) missing symbols ulcorner, urcorner, llcorner, lrcorner,
+ twoheadrightarrow, twoheadleftarrow
+* (bug 7367) Hyphens sometimes erroneously appended to equations when not
+ converted to PNG
+* Add "title" to the opensearch link to allow automatic adding of the search
+ engine in Firefox 2
* (bug 7537) Add php5 to $wgFileBlacklist
* (bug 6929) Restore AutoAuthenticate hook
* (bug 5593) Change "bureaucrat log" to "rights log"
* Show a boilerplate "(none)" in place of a blank within the log action text for
user rights
-* (bug 137) Commented out translations for copyrightwarning which mention GNU FDL
-* (bug 5723) Don't count pages linked to from the MediaWiki namespace as "wanted"
+* (bug 137) Commented out translations for copyrightwarning which mention GNU
+ FDL
+* (bug 5723) Don't count pages linked to from the MediaWiki namespace as
+ "wanted"
* (bug 5696) Add a third parameter, $3, to "rcnote", passing the current time
formatted according to the current user's settings
* (bug 5780) Thousands and decimal separators for Norwegian
* Updated initStats maintenance script
* (bug 5767) Fix date formats in Vietnamese locale
* (bug 361) URL in URL, they were almost fixed. Now they are.
-* (bug 4876) Add __NEWSECTIONLINK__ magic word to force the "new section" link/tab to
- show up on specific pages on demand
+* (bug 4876) Add __NEWSECTIONLINK__ magic word to force the "new section"
+ link/tab to show up on specific pages on demand
* Bidi-aid on list pages
-* (bug 5782) Allow entries in the bad image list to use canonical namespace names
+* (bug 5782) Allow entries in the bad image list to use canonical namespace
+ names
* (bug 5789) Treat "loginreqpagetext" as wikitext
* Sanitizer: now handles nested <li> in <ul> or <ol>
* (bug 5796) We require MySQL >=4.0.14
* Clean up Special:Listusers; add an "(all)" label to the group selection box
* (bug 5812) Use appropriate link colour in Special:Mostlinked
* (bug 5802) {{CURRENTMONTHNAME}} variable broken in Vietnamese locale
-* (bug 5817) Appropriate handling for Special:Recentchangeslinked where the target
- page doesn't exist
-* Special:Randompage now additionally accepts English namespace name as parameter
+* (bug 5817) Appropriate handling for Special:Recentchangeslinked where the
+ target page doesn't exist
+* Special:Randompage now additionally accepts English namespace name as
+ parameter
* (bug 2981) Really fixed linktrail for Tamil (ta)
* Disallow substituting Special pages when included into a page
* (bug 5587) Clean up the languages from references to the Groups special page
* Rewritten removeUnusedAccounts to be more efficient, print names of inactive
accounts
* Redirect Special:Userlist to Special:Listusers
-* Introduce $wgAllowTitlesInSVG, which allows the <title> attribute in uploaded files
- bearing the image/svg MIME type. Disabled by default due to the vast majority of
- web servers being hideously misconfigured. See DefaultSettings.php for more details.
-* Changed default LocalSettings.php to append the previous include path when setting it
+* Introduce $wgAllowTitlesInSVG, which allows the <title> attribute in uploaded
+ files bearing the image/svg MIME type. Disabled by default due to the vast
+ majority of web servers being hideously misconfigured. See DefaultSettings.php
+ for more details.
+* Changed default LocalSettings.php to append the previous include path when
+ setting it
* (bug 5837) Use "members" for the value descriptor in Special:Categories,
Special:Wantedcategories and Special:Mostlinkedcategories.
* (bug 3309) Allow comments when undeleting pages
* Clean up Special:Imagelist a bit
* (bug 5838) Namespace names for Nds-NL
* (bug 5749) Added Tyvan language files
-* (bug 5791) Fix SQL syntax in Special:BrokenRedirects, was causing incorrect data to show
+* (bug 5791) Fix SQL syntax in Special:BrokenRedirects, was causing incorrect
+ data to show
* (bug 5839) Prevent access to Special:Confirmemail for logged-out users
* (bug 5853) Update for Portuguese messages (pt)
* (bug 5851) Use Cyrillic for Kirghiz language name
* Ignore the user and user talk namespaces on Special:Wantedpages
* Introduce NUMBEROFPAGES magic word
* (bug 5833) Introduce CURRENTVERSION magic word
-* (bug 5370) Allow throttling of password reminder requests with the rate limiter
+* (bug 5370) Allow throttling of password reminder requests with the rate
+ limiter
* (bug 5683) Respect parser output marked as uncacheable when saving
* (bug 5918) Links autonumbering now work for all defined protocols
* (bug 5935) Improvement to German localisation (de)
* (bug 5849) Remove some hard-coded references to "Wikipedia" in messages
* (bug 5967) Improvement to German localisation (de)
* (bug 5962) Update for Italian language (it)
-* Suppress images in galleries which appear on the bad image list (when rendering
- for a wiki page; galleries in special pages and categories are unaffected)
+* Suppress images in galleries which appear on the bad image list (when
+ rendering for a wiki page; galleries in special pages and categories are
+ unaffected)
* Maintenance script to remove orphaned revisions from the database
* (bug 5991) Update for Russian language (ru)
-* (bug 6001) PAGENAMEE and FULLPAGENAMEE don't work in FULLURL and LOCALURL magic
- words
+* (bug 6001) PAGENAMEE and FULLPAGENAMEE don't work in FULLURL and LOCALURL
+ magic words
* (bug 5958) Switch Uzbek language name to use latin script
* (bug 839) Add URLENCODE magic word
* (bug 6004) Update for Polish language (pl)
* (bug 5971) Improvement to German localisation (de)
-* (bug 4873) Don't overwrite the subtitle navigation when viewing a redirect page
- that isn't current
+* (bug 4873) Don't overwrite the subtitle navigation when viewing a redirect
+ page that isn't current
* (bug 2203) Namespace updates for Thai
-* Fix breakage in parser test suite which caused incorrect reporting of the failure of
- {{NUMBEROFFILES}}. Now initialises the site_stats table with some dumb data. Updated
- the expected output for {{NUMBEROFARTICLES}} to reflect this.
+* Fix breakage in parser test suite which caused incorrect reporting of the
+ failure of {{NUMBEROFFILES}}. Now initialises the site_stats table with some
+ dumb data. Updated the expected output for {{NUMBEROFARTICLES}} to reflect
+ this.
* (bug 6009) Use {{ns:project}} in messages where appropriate
* (bug 6012) Update to Indonesian localisation (id)
* (bug 6017) Update list of bookstores in German localisation files
* (bug 6039) Update for Portuguese localisation (pt)
* (bug 764) Add CREATE TEMPORARY TABLES to default database permissions
* Big update to Swedish localisation (sv)
-* Use appropriate HTML functions to create the tool links on image pages, so they don't
- look garbled when tidy isn't on
+* Use appropriate HTML functions to create the tool links on image pages, so
+ they don't look garbled when tidy isn't on
* (bug 5511) Fix URL-encoding of usernames in links on Special:Ipblocklist
* (bug 6046) Update to Indonesian localisation (id) #15
* (bug 5523) $wgNoFollowNsExceptions to allow disabling rel="nofollow" in
specially-selected namespaces.
-* (bug 6055) Fix for HTML/JS injection bug in variable handler (found by Nick Jenkins)
+* (bug 6055) Fix for HTML/JS injection bug in variable handler (found by Nick
+ Jenkins)
* Reordered wiki table handling and __TOC__ extraction in the parser to better
handle some overlapping tag cases.
* Only the first __TOC__ is now turned into a TOC
* (bug 1017) fixed thumbnails of animated gifs.
* Add APC as object caching option
* Update to Albanian localization (sq)
-* (bug 6099) Introduce {{DIRECTIONMARK}} magic word (with {{DIRMARK}} as an alias)
+* (bug 6099) Introduce {{DIRECTIONMARK}} magic word (with {{DIRMARK}} as an
+ alias)
* Use optimized php5-only microtime()
* Add possibility to store local message cache as PHP executable script
* Fix profiling table definition
* (bug 5945) Introduce {{CONTENTLANGUAGE}} magic word
* {{PLURAL}} can now take up to five forms
* (bug 6243) Fix email for usernames containing dots when using PEAR::Mail
-* Remove a number of needless {{ns:project}}-type transforms from messages files. These
- usages already have separate label text. Such transforms are wasteful on each page view.
+* Remove a number of needless {{ns:project}}-type transforms from messages
+ files. These usages already have separate label text. Such transforms are
+ wasteful on each page view.
* Update to Yiddish localization (yi)
* (bug 6254) Update to Indonesian translation (id) #20
* (bug 6255) Fix transclusions starting with "#" or "*" in HTML attributes
* Avoid some notices in page history with bad input
* Use double quoted consistently on attributes in linker output; preparing
for new normalization code when tidy not in use
-* Replace "nogomatch" with "noexactmatch" and place the magic colon in the messages
- themselves. Some minor tweaks to the actual message content.
-* Introduce $wgContentNamespaces which allows for articles to exist in namespaces other
- than the main namespace, and still be counted as valid content in the site statistics.
+* Replace "nogomatch" with "noexactmatch" and place the magic colon in the
+ messages themselves. Some minor tweaks to the actual message content.
+* Introduce $wgContentNamespaces which allows for articles to exist in
+ namespaces other than the main namespace, and still be counted as valid
+ content in the site statistics.
* (bug 5932) Introduce {{PAGESINNAMESPACE}} magic word
* Disable $wgAllowExternalImages by default.
-* (bug 2700) Nice things like link completion and signatures now work in <gallery> tags.
+* (bug 2700) Nice things like link completion and signatures now work in
+ <gallery> tags.
* Cancel output buffering in StreamFile; when used inside gzip buffering this
could cause funny timeout behavior as the Content-Length was wrong.
* Return correct content-type header with 304 responses for StreamFile;
* (bug 6345) Update to Indonesian localisation (id) #22
* (bug 6279) Add genitive month names to Slovenian localisation
* (bug 6351) Update to German translation (de)
-* Respect language directionality when displaying arrow in Special:Brokenredirects
+* Respect language directionality when displaying arrow in
+ Special:Brokenredirects
* Remove unused "validation" table definitions from the schema files
* (bug 6398) Work around apparent PCRE bug breaking section editing when
massively-indented preformatted text immediately followed a header
* (bug 6423) Don't update newtalk flag if page content didn't change (null edits
were causing the newtalk flag to trigger inappropriately)
* Parser functions are now set using magic words.
-* (bug 6428) Incorrect form action URL on Special:Newimages with hidebots = 0 set
-* (bug 4990) Show page source to blocked users on edits, or their modified version
- if blocked during an edit
+* (bug 6428) Incorrect form action URL on Special:Newimages with hidebots = 0
+ set
+* (bug 4990) Show page source to blocked users on edits, or their modified
+ version if blocked during an edit
* (bug 5903) When requesting the raw source of a non-existent message page,
return blank content (as opposed to the message key)
-* Improve default blank content of MediaWiki:Common.css and MediaWiki:Monobook.css
+* Improve default blank content of MediaWiki:Common.css and
+ MediaWiki:Monobook.css
* (bug 6434) Allow customisation of submit button text on Special:Export
* (bug 6314) Add user tool links on page histories
* Fix display of file-type icons in galleries when $wgIgnoreImageErrors is off
localizble extensions magic words.
* Update to Romanian translation (ro)
* Update to Esperanto translation (eo)
-* Check for preg_match() existence when installing and die out whining about PCRE
- if it's not there, instead of throwing a fatal error
+* Check for preg_match() existence when installing and die out whining about
+ PCRE if it's not there, instead of throwing a fatal error
* (bug 672) Add MathAfterTexvc hook
* Update to Piedmontese localization (pms)
* dumpBackup can optionally compress via dbzip2
* Fix transwiki import of pages with space in name
* Save null edit when importing pages through Special:Import
* Update to Korean translation (ko)
-* Show a more specific message when an anonymous user tries to access Special:Watchlist
+* Show a more specific message when an anonymous user tries to access
+ Special:Watchlist
* (bug 3278) Paging links in Special:Prefixindex
* Added Latvian localization (lv)
* (bug 6472) Fix regression in Special:Export with multiple pages
* Show some error results in moveBatch.php
* (bug 6479) Allow specification of the skin to use during HTML dumps
* (bug 6461) Link to page histories in Special:Newpages
-* (bug 6484) Don't do message transformations when preloading messages for editing
+* (bug 6484) Don't do message transformations when preloading messages for
+ editing
* (bug 6201) Treat spaces as underscores in parameters to {{ns:}}
-* (bug 6006) Allow hiding the password change fields using an authentication plugin
+* (bug 6006) Allow hiding the password change fields using an authentication
+ plugin
* (bug 6489) Use appropriate link colour on Special:Shortpages
* Added formatnum magic word
* Added Javanese localization (jv)
* (bug 6506) Update to German localisation (de)
* (bug 502) Avoid silly tabs on bad title by using virtual special page
* (bug 6511) Add diff links to old revision navigation bar
-* (bug 6511) Replace 'oldrevisionnavigation' message with 'old-revision-navigation'
+* (bug 6511) Replace 'oldrevisionnavigation' message with
+ 'old-revision-navigation'
* Fix regression in Polish genitive month forms
* (bug 4037) Make input handling in Special:Allpages and Special:Prefixindex
more consistent: Accept just a namespace prefix and a colon, reject input
* (bug 6560) Avoid PHP notice when trimming ISBN whitespace
* Added namespace translation to Kannada (ka)
* (bug 6566) Improve input validation on timestamp conversion
-* Implicit group "emailconfirmed" for all users whose email addresses are confirmed
+* Implicit group "emailconfirmed" for all users whose email addresses are
+ confirmed
* (bug 6577) Avoid multiline parser breakage on <pre> with newline in attribute
* (bug 6771) Make old revisions of MediaWiki pages available with action=raw
* Add basic check for session support in PHP and die if not present
Maintenance:
-* Fix problem reported on mailing list where re-initialising stats didn't work (can't insert
- duplicate rows with the same id field)
+* Fix problem reported on mailing list where re-initialising stats didn't work
+ (can't insert duplicate rows with the same id field)
* Added --conf option to command line scripts, allowing the user to specify a
different LocalSettings.php.
* Maintenance script to delete unused text records
* Maintenance script to delete non-current revisions
* Maintenance script to wipe a page and all revisions from the database
* Maintenance script to reassign edits from one user to another
-* Maintenance script to find and remove links to a given domain (cleanupSpam.php)
+* Maintenance script to find and remove links to a given domain
+ (cleanupSpam.php)
* Fix --report interval option for dumpTextPass
i18n / Languages:
* (bug 2981) Linktrail for Tamil (ta)
* (bug 3722) Update of Arabic language (ar) Namespace changes
* Removed hardcoded Norwegian (no) project namespaces
-* (bug 2324) image for redirects should be without text and oriented according to content language
+* (bug 2324) image for redirects should be without text and oriented according
+ to content language
* (bug 3666) Don't spew PHP warnings in prefs on unrecognized site language
* (bug 3817) Use localized date formats in preferences; 'no preference' option
localizable as 'datedefault' message. Tweaked lots of languages files...
* Typo in English messages file
* (bug 4114) Spacing in watchlist rows (in editing mode)
* Update default "exporttext" to reflect that Special:Import exists
-* (bug 4960) Add additional namespaces variants to Yi projects: Yiddish Wikinews fix
+* (bug 4960) Add additional namespaces variants to Yi projects: Yiddish Wikinews
+ fix
* (bug 5357) Add the icon near the user name also in RTL interfaces
* (bug 5156) Update for Hebrew language (he)
* (bug 4497,4704,5010) Added some new language codes.
* (bug 2527) Always set destination filename when new file is selected
* (bug 3076) Support MacBinary-encoded uploads from IE/Mac
* (bug 2554) Tell users they are uploading too large file
-* Support for a license selection box on Special:Upload, configurable from MediaWiki:Licenses
+* Support for a license selection box on Special:Upload, configurable from
+ MediaWiki:Licenses
* Add 'reupload' and 'reupload-shared' permission keys to restrict new uploads
overwriting existing files; default is the old behavior (allowed).
MIME type to the default blacklist. Prevented inline display of images
which are not of known image types. This is in response to
http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability
-* Blocked users can no longer roll back, change the protection of, or delete/undelete pages
+* Blocked users can no longer roll back, change the protection of, or
+ delete/undelete pages
* Protect against spoofing of X-Forwarded-For header
* XSS issue : now sanitize search query input (fixed in 1.5rc3)
-* Remove deprecated $wgOnlySysopsCanPatrol references; use User::isAllowed( 'patrol' )
+* Remove deprecated $wgOnlySysopsCanPatrol references; use
+ User::isAllowed( 'patrol' )
per bug 5282. Patch by Alan Harder.
* Prevent registration/login with the username "MediaWiki default"
* JavaScript filter for Special:Allmessages
* (bug 3047) Don't mention talk pages on Special:Movepage when there isn't one
* Show links to user page, talk page and contributions page on Special:Newpages
-* Special:Export can now export a list of all contributors to an article (off by default)
+* Special:Export can now export a list of all contributors to an article (off by
+ default)
* (bug 5372) Add number of files to Special:Statistics
* (bug 2871) Links to talk pages in watchlist editing view
* (bug 5385) Allow hiding anonymous edits on Special:Recentchanges
* (bug 2544) Illogical error reporting order in Special:Userlogin
-* (bug 5409) Hide "show/hide patrolled edits" in Special:Recentchanges if patrolling
- is disabled
-* (bug 5447) Convert first letter of username to uppercase before searching in Special:Listusers
-* (bug 759) Wrap redirects on the watchlist editing page in a span, class "watchlistredir"
+* (bug 5409) Hide "show/hide patrolled edits" in Special:Recentchanges if
+ patrolling is disabled
+* (bug 5447) Convert first letter of username to uppercase before searching in
+ Special:Listusers
+* (bug 759) Wrap redirects on the watchlist editing page in a span, class
+ "watchlistredir"
* (bug 1862) Namespace filtering in watchlists
Misc.:
dumpBackup.php
* (bug 3595) Warn and abort if importDump.php called in read-only mode.
* (bug 3598) Update message cache on message page deletion, patch by Tietew
-* Added separate noarticletext and newarticletext messages for logged in and anon users.
-* (bug 3332) Installation now uses Monobook, validates, plus usability improvements.
+* Added separate noarticletext and newarticletext messages for logged in and
+ anon users.
+* (bug 3332) Installation now uses Monobook, validates, plus usability
+ improvements.
* (bug 3660) Update diff3 detection to work with Windows/Cygwin
* (bug 2330) Don't do funny thinks with "links" in MediaWiki:Undeletedtext
* Two-pass data dump for friendliness to the DB (--stub, then dumpTextPass.php)
* Cleanup and error checking on Special:Listredirects
* Clear up some instances of old OutputPage::sysopRequired() function usage
* Improve "upload disabled" notice
-* Move parts of index.php to include/Wiki.php in an attempt to both cleanup index.php
- and create a MediaWiki-class mediaWiki base object
+* Move parts of index.php to include/Wiki.php in an attempt to both cleanup
+ index.php and create a MediaWiki-class mediaWiki base object
* (bug 4104) Added OutputPageBeforeHTML hook for tweaking primary wiki output
HTML on final output (cached or not)
* Avoid PHP notice on command-line scripts if empty argument is passed ('')
* (bug 3990) Use existing session name if session.auto_start is on
Fixes checks for open sessions, such as the cookie warning on login.
Patch by Zbigniew Braniecki.
-* Add cache-safe alternate sitenotice for anonymous users. (MediaWiki:Anonnotice)
- This is displayed instead of the regular sitenotice, if it exists. If not, the
- regular sitenotice shows. If that doesn't exist, the value of $wgSiteNotice is used,
- and if that's null, then nothing is shown.
+* Add cache-safe alternate sitenotice for anonymous users.
+ (MediaWiki:Anonnotice) This is displayed instead of the regular sitenotice,
+ if it exists. If not, the regular sitenotice shows. If that doesn't exist,
+ the value of $wgSiteNotice is used, and if that's null, then nothing is shown.
* Spit the generated LocalSettings code out during the installer as an aid
to debugging issues. (Keep this?)
* Use __FILE__ to form path in new LocalSettings.php, so it stays accurate
* Fix explicit s-maxage=0 on raw pages; should help with proxy issues in
generated stylesheets... hopefully...
* (bug 4685) More fixes for Slovenian project namespace
-* Fixed and enhanced a little the Live Preview, which had been broken for some time
+* Fixed and enhanced a little the Live Preview, which had been broken for some
+ time
* Added article size limit, $wgMaxArticleSize
* (bug 4974) Don't follow redirected talk page on "new messages" link
* (bug 4970) Make category paging limits configurable
-* (bug 4535) Warn user when editing CSS or JS subpage of a skin that doesn't exist
-* Make Live Preview an user preference, still controllable by the global variable
+* (bug 4535) Warn user when editing CSS or JS subpage of a skin that doesn't
+ exist
+* Make Live Preview an user preference, still controllable by the global
+ variable
* Rename the stub LanguageAls / LanguageGem_alsation to LanguageGsw to follow
updated language code assignments
* (bug 5081) Remove bogus fix for invalid characters in links which simply
* (bug 5141) Gracefully handle the new account link when createaccount off
* (bug 5150 and related) Fix missing ID attribute in HTML namespace selector
* (bug 5152) Proper HTML escaping on subpage breadcrumbs
-* (bug 4855) Section edit links now have the section name in the title attribute.
+* (bug 4855) Section edit links now have the section name in the title
+ attribute.
* (bug 2115) Support shift-selecting multiple checkboxes with JavaScript.
* (bug 5161) Don't try to load template list for nonexistent pages
* (bug 5228) Workaround for broken LanguageConverter title overrides; avoid
reliable beyond the hostname where it's used for the spam bulk checker.
* Don't URL-decode in the title attribute for URL links; it can produce false
results that don't code back to their original values.
-* (bug 4611) Add user preference (default on) to add new pages to creators's watchlist
+* (bug 4611) Add user preference (default on) to add new pages to creators's
+ watchlist
* (bug 5286) Fix regression in display of missing/bad revision IDs
-* (bug 4729) Add user preference that marks a user's edits as patrolled if user is able to
-* (bug 4630) Add user preference to prompt users when entering blank edit summaries
+* (bug 4729) Add user preference that marks a user's edits as patrolled if user
+ is able to
+* (bug 4630) Add user preference to prompt users when entering blank edit
+ summaries
* Added optional suggest feature for the search box. Set wgUseAjax to true to
enable it.
* (bug 5277) Use audio/midi rather that audio/mid
-* (bug 5410) Use namespace name when a custom namespace's nstab-NS message is nonexistent
+* (bug 5410) Use namespace name when a custom namespace's nstab-NS message is
+ nonexistent
* (bug 5432) Fix inconsistencies in cookie names when using table prefixes
* Additional protections against HTML breakage in table parsing
* (bug 5355) Include skin name and style JS settings in page source;
* (bug 5195) rebuildrecentchanges.php works again; Database::insertSelect now
has a parameter for select options.
* Fix updateSearchIndex.php for new schema
-* Fix bogus "filename too short" error when uploading files with a period in the base
- name, e.g. "Mr. Zee.png"
+* Fix bogus "filename too short" error when uploading files with a period in the
+ base name, e.g. "Mr. Zee.png"
* (bug 2139) Show page title in subtitle when viewing "read only" page
* (bug 5452) Update language name for Cree
It's now possible to specify the final filename of an upload distinct
from the original filename on your disk.
- An image link for a missing file will now take you straight to the upload page.
+ An image link for a missing file will now take you straight to the upload
+ page.
More metadata is pre-extracted from uploaded images, which will ease pressure
on disk or NFS volumes used to store images. EXIF metadata is displayed on
* 'live preview' reduces preview reload burden on supported browsers
* support for external editors for files and wiki pages:
https://www.mediawiki.org/wiki/Manual:External_editors
-* Schema reworking: https://www.mediawiki.org/wiki/Proposed_Database_Schema_Changes/October_2004
-* (bug 15) Allow editors to view diff of their change before actually submitting an edit
+* Schema reworking:
+ https://www.mediawiki.org/wiki/Proposed_Database_Schema_Changes/October_2004
+* (bug 15) Allow editors to view diff of their change before actually submitting
+ an edit
* (bug 190) Hide your own edits on the watchlist
* (bug 510): Special:Randompage now works for other namespaces than NS_MAIN.
* (bug 1015) support for the full wikisyntax in <gallery> captions.
* (bug 1105) A "Destination filename" (save as) added to Special:Upload Upload.
-* (bug 1352) Images on description pages now get thumbnailed regardless of whether the thumbnail is larger than the original.
-* (bug 1662) A new magicword, {{CURRENTMONTHABBREV}} returns the abbreviation of the current month
+* (bug 1352) Images on description pages now get thumbnailed regardless of
+ whether the thumbnail is larger than the original.
+* (bug 1662) A new magicword, {{CURRENTMONTHABBREV}} returns the abbreviation of
+ the current month
* (bug 1668) 'Date format' supported for other languages than English, see:
http://mail.wikipedia.org/pipermail/wikitech-l/2005-March/028364.html
-* (bug 1739) A new magicword, {{REVISIONID}} give you the article or diff database
- revision id, useful for proper citation.
+* (bug 1739) A new magicword, {{REVISIONID}} give you the article or diff
+ database revision id, useful for proper citation.
* (bug 1998) Updated the Russian translation.
* (bug 2064) Configurable JavaScript mimetype with $wgJsMimeType
-* (bug 2084) Fixed a regular expression in includes/Title.php that was accepting invalid syntax like #REDIRECT [[foo] in redirects
-* It's now possible to invert the namespace selection at Special:Allpages and Special:Contributions
+* (bug 2084) Fixed a regular expression in includes/Title.php that was accepting
+ invalid syntax like #REDIRECT [[foo] in redirects
+* It's now possible to invert the namespace selection at Special:Allpages and
+ Special:Contributions
* No longer using sorbs.net to check for open proxies by default.
-* What was $wgDisableUploads is now $wgEnableUploads, and should be set to true if one wishes to enable uploads.
+* What was $wgDisableUploads is now $wgEnableUploads, and should be set to true
+ if one wishes to enable uploads.
* Supplying a reason for a block is no longer mandatory
* Language conversion support for category pages
* $wgStyleSheetDirectory is no longer an alias for $wgStyleDirectory;
* Special:Movepage can now take parameters like Special:Movepage/Page_to_move
- (used to just be able to take parameters via a GET request like index.php?title=Special:Movepage&target=Page_to_move)
-* (bug 2151) The delete summary now includes editor name, if only one has edited the article.
-* (bug 2105) Fixed from argument to the PHP mail() function. A missing space could prevent sending mail with some versions of sendmail.
+ (used to just be able to take parameters via a GET request like
+ index.php?title=Special:Movepage&target=Page_to_move)
+* (bug 2151) The delete summary now includes editor name, if only one has edited
+ the article.
+* (bug 2105) Fixed from argument to the PHP mail() function. A missing space
+ could prevent sending mail with some versions of sendmail.
* (bug 2228) Updated the Slovak translation
* ...and more!
* (bug 898) The wiki can now do advanced sanity check on uploaded files
including virus checks using external programs.
* (bug 1692) Fix margin on unwatch tab
-* (bug 1906) Generalize project namespace for Latin localization, update namespaces
+* (bug 1906) Generalize project namespace for Latin localization, update
+ namespaces
* (bug 1975) The name for Limburgish (li) changed from "Lèmburgs" to "Limburgs
* (bug 2019) Wrapped the output of Special:Version in <div dir='ltr'> in order
to preserve the correct flow of text on RTL wikis.
* (bug 2079) Removed links to Special:Maintenance from movepagetext message
* (bug 2094) Multiple use of a template produced wrong results in some cases
* (bug 2095) Triple-closing-bracket thing partly fixed
-* (bug 2110) "noarticletext" should not display on Image page for "sharedupload" media
+* (bug 2110) "noarticletext" should not display on Image page for "sharedupload"
+ media
* (bug 2150) Fix tab indexes on edit form
* (bug 2152) Add missing bgcolor to attribute whitelist for <td> and <th>
* (bug 2176) Section edit 'show changes' button works correctly now
* (bug 2053) Move comment whitespace trimming from edit page to save;
leaves the whitespace from the section comment there on preview.
* (bug 2274) Respect stub threshold in category page list
-* (bug 2173) Fatal error when removing an article with an empty title from the watchlist
+* (bug 2173) Fatal error when removing an article with an empty title from the
+ watchlist
* Removed -f parameter from mail() usage, likely to cause failures and bounces.
* (bug 2130) Fixed interwiki links with fragments
* (bug 684) Accept an attribute parameter array on parser hook tags
* (bug 1120) Updated the Czech translation
* A new magic word, {{SCRIPTPATH}}, returns $wgScriptPath
* A new magic word, {{SERVERNAME}}, returns $wgServerName
-* A new magic word, {{NUMBEROFFILES}}, returns the number of rows in the image table
+* A new magic word, {{NUMBEROFFILES}}, returns the number of rows in the image
+ table
* Special:Imagelist displays titles with " " instead of "_"
* Less gratuitous munging of content sample in delete summary
* badaccess/badaccesstext to supercede sysop*, developer* messages
* (bug 1170) Fixed linktrail for da: and ru:
* (bug 2683) Really fix apostrophe escaping for toolbox tips
* (bug 923) Fix title and subtitle for rclinked special page
-* (bug 2642) watchdetails message in several languages used <a></a> instead of [ ]
-* (bug 2181) basic CSB language localisation by Tomasz G. Sienicki (thanks for the patch)
+* (bug 2642) watchdetails message in several languages used <a></a> instead of
+ [ ]
+* (bug 2181) basic CSB language localisation by Tomasz G. Sienicki (thanks for
+ the patch)
* Fix correct use of escaping in edit toolbar bits
* Removed language conversion support from Icelandic
* (bug 2616) Fix proportional image scaling, giving correct height
== Changes since 1.5beta2 ==
* Escaped & correctly in Special:Contributions
-* (bug 2534) Hide edit sections with CSS to make right click to edit section work
+* (bug 2534) Hide edit sections with CSS to make right click to edit section
+ work
* (bug 2708) Avoid undefined notice on cookieless login attempt
* (bug 2188) Correct template namespace for Greek localization
* Fixed number formatting for Dutch
* Massive update for Arab (ar) language using Wikipédia
* (bug 1560) Massive update for Kurdish (ku) language using Wikipédia
* (bug 2709) Some messages were not read from database
-* (bug 2416) Don't allow search engine robots to index or follow nonexisting articles
+* (bug 2416) Don't allow search engine robots to index or follow nonexisting
+ articles
* Fix escaping in page move template.
* (bug 153) Discrepancy between thumbnail size and <img> height attribute
== Changes since 1.5beta3 ==
* Fix talk page move handling
-* (bug 2721) New language file for Vietnamese with the Vietnamese number notation
-* (bug 2749) would appear as a literal in image galleries for Cs, Fr, Fur, Pl and Sv
+* (bug 2721) New language file for Vietnamese with the Vietnamese number
+ notation
+* (bug 2749) would appear as a literal in image galleries for Cs, Fr,
+ Fur, Pl and Sv
* (bug 787) external links being rendered when they only have one slash
* Fixed a missing typecast in Language::dateFormat() that would cause some
interesting errors with signitures.
=== Changes since 1.5.7 ===
* (bug 5180) User login page shows inappropriate email blurb
-* Add the "AbortNewAccount" hook on account creation; see hooks.txt for more info.
+* Add the "AbortNewAccount" hook on account creation; see hooks.txt for more
+ info.
* Update default "exporttext" to reflect that Special:Import exists
* Add links to useful material to the default main page content
* Fix fragment HTML injection
=== Misc bugs fixed in beta 1 ===
* (bug 95) Templates no longer limited to 5 inclusions per page
-* New user preference for limiting the image size for images on image description
- pages
+* New user preference for limiting the image size for images on image
+ description pages
* (bug 530) Allow user to preview article on first edit
* (bug 479) [[RFC 1234]] will now make an internal link
* (bug 511) PhpTal skins shown bogus 'What links here' etc on special pages
in diff-view
* Use user's local timezone in Special:Log display
* Show filename for images in gallery by default (restore beta 3 behavior)
-* (bug 1201) Double-escaping in brokenlinks, imagelinks, categorylinks, searchindex
+* (bug 1201) Double-escaping in brokenlinks, imagelinks, categorylinks,
+ searchindex
* When using squid reverse proxy, cache the redirect to the Main_Page
* (bug 1302) Fix Norwegian language file
* (bug 1205) Fix broken article saving in PHP 5.1
* Add fur/Furlan/Friulian to language names list
* Add TitleMoveComplete hook on page renames
* Allow simple comments for each translation rules in MW:Zhconversiontable
-* (bug 1402) Make link color of tab subject page link on talk page indicate whether article exists
+* (bug 1402) Make link color of tab subject page link on talk page indicate
+ whether article exists
* (bug 1368) Fix SQL error on stopword/short word search w/ MySQL 3.x
* Translated Hebrew namespace names
* (bug 1429) Stop double-escaping of block comments; fix formatting
* (bug 563) Fix UTF-8 interwiki URL redirects via Latin-1 wikis
* (bug 1536) Fix page info
* Support os (Ossetic) as language code, using Russian localization base
-* (bug 1610) Support non (Old Norse) as language code, using Icelandic localization base
+* (bug 1610) Support non (Old Norse) as language code, using Icelandic
+ localization base
* (bug 1618) Properly list custom namespaces in Special:Allpages
* (bug 1622) Remove trailing' >' when using category browser
* (bug 1570) Fix php 4.2.x error on conflict merging
Mozilla.) The new 'MonoBook' skin is not compatible with PHP 5 due to bugs in
the underlying PHPTAL library. It will be automatically disabled when running
on PHP5; the older look and feel will be used instead.
-
-= MediaWiki 1.2 =
-
-== MediaWiki 1.2.6, 2004-05-24 ==
-* Spam blocker ({{wg|SpamRegex}} - refuses to save edits that match)
-* Updated documentation about {{wg|WhitelistRead}}
-* Ensure that searchindex table is created as MyISAM
-* Interwiki cache timeout (memcached)
-* Fix uploads on Windows with magic_quotes_gpc
-* Some config fixes for Windows (slashes etc)
-* Local interwiki URL redirects
-* Fixed obscure deletion problem in squid mode on corrupt entries
-* Language files updated to remove more hard-coded "Wikipedia" strings
-
-== MediaWiki 1.2.5, 2004-05-03 ==
-* Fixed install problem with blank root password
-* Fixed Special:Emailuser/Username links
-* Fixed main-page edit links on fuzzy search results
-* Fixed wikipedia-interwiki.sql
-* Fixed install with apache2filter (ugly URLs)
-* IP in 'go' search brings up contributions
-* Switch from broken & to ? on top-level wiki URL hack
-* Fix for moved pages in enhanced Recentchanges
-* Initial main page on new installs links to the online documentation
-
-== MediaWiki 1.2.4, 2004-04-13 ==
-* Fixed edit toolbar in Mozilla
-* Diff links in Contributions for 'top' edits
-* Fixed Nostalgia skin drop-down for register_globals off
-* Backported optional open proxy blocker
-* Backported {{wg|WhitelistRead}}
-* {{wg|CapitalLinks}} option to force full case sensitivity in titles
-* Cleaned up error handling when can't talk to database
-* Disabled unsafe command-line installer (remove the <code>die()</code> call to
-use)
-
-== MediaWiki 1.2.3, 2004-04-02 ==
-* Fixed an in-place install bug with non-root MySQL user
-* Fixed history diff checkboxes bug on titles with ampersands
-* Fixed printable link bug on special pages with parameters
-* Fixed bug that broke IP blocking w/o memcached
-* Turns off E_NOTICE warnings if PHP settings have them on (you can grope in
-and turn this off if you like to debug)
-
-== MediaWiki 1.2.2, 2004-03-28 ==
-* Fixed an upgrade bug introduced in 1.2.1.
-* Disabled {{wg|UseCategoryMagic}}, which feature is incomplete broken
-
-== MediaWiki 1.2.1, 2004-03-27 ==
-Installation, compatibility, security fixlets:
-* Detect use of PHP as CGI and disable <code>index.php/Title</code> URLs
-* Try to auto-create math tmp & output directories if not present
-* Disable Asksql in default install ({{wg|AllowSysopQueries}})
-* Better handling of <code>get_magic_quotes_gpc</code> (apostrophe problems)
-* French localisation no longer hard-codes "Wikipedia" name
-
-== MediaWiki 1.2.0, 2004-03-24 ==
-This is the new production release; it is more or less in sync with what is
-running on Wikipedia right now. However this software is provided with NO
-WARRANTY of fitness for any purpose; there may be some interesting bugs, it may
-eat all your data, and documentation may not be up to date. New features in 1.2:
-* In-place web-based installation [experimental!] Note that maintenance
-functions are not yet available through the web install script.
-* Image resizing/thumbnail generation
-* Stricter upload file extension blacklist and whitelist options
-* More flexible blocking system; time period may be set
-* Handier sysop account management. An account marked "bureaucrat" may assign
-sysop access to other accounts via Special:Makesysop. (The exact details of
-this may change in the future)
-* Support for a squid cache with explicit purging of cached anon pages
-* Optional compression of old revision text (requires zlib support)
-* Fuzzy title search (experimental, requires memcached)
-* Page rendering cache (experimental)
-* Editing toolbar to demonstrate wiki syntax to newbies (off by default in user
-preferences)
-* Support for authenticated SMTP outgoing e-mail (experimental)
-* It's now possible to assign sysop accounts from within the wiki. An account
-with this ability must be labeled with the "bureaucrat" privilege, such as the
-'Developer' account created by the install. Fixes and tweaks:
-* Now works with register_globals off!
-* Should work out of the box on MySQL 3.2.x again. On 4.x set
-{{wg|EnablePersistentLC}}<code> = true;</code> to turn on the link cache table
-for a slight rendering speed boost.
-* Should work on PHP 5.0 beta (not thoroughly tested)
-* Works with short tags disabled.
-* rebuildMessages.php can now selectively update new messages, or overwrite
-everything.
-* Some layout fixes for RTL languages.
-* Now includes arrow icons for enhanced recent changes.
-* Various bug fixes.
-
-=== Behavior changes ===
-* wiki.phtml and redirect.phtml are now renamed to index.php and redirect.php
-The old names are provided too for compatibility, but make sure they don't
-conflict if you've been putting other files in your wiki.
-* Uploaded filenames are more strictly checked than before. See bits in
-DefaultSettings.php to tweak this behavior to your needs.
-* Database messages are now enabled by default, so the interface messages can
-be tweaked through the wiki with a sysop account. Disable this if you don't
-want the performance hit.
-
-=== Database changes ===
-An index was added to recentchanges table to speed up Newpages
-(patch-rc-newindex.sql for manual updaters). Expiration date field has been
-added to ipblocks table ({{manual|patch-ipb_expiry.sql}} for manual updaters).
-The links tables have slightly stricter indexes. ('links' and 'brokenlinks' are
-not changed on existing installations.)
-
-=== Known problems ===
-The version 1.1.0 LocalSettings.sample file included the setting
-{{wg|CategoryMagic}}<code> = true;</code> this setting is for an experimental
-feature that _does not work correctly_. If you have it left over, turn it off
-or you'll see mysterious problems with vanishing links. There may be problems
-with session handling on some systems. Checking the "remember my password" box
-may help as a temporary workaround. If you receive "Cannot load input file"
-errors when trying to get at the wiki after installation, make the following
-changes:
- in LocalSettings.php change the line something like this:
- {{wg|ArticlePath}} = "/wiki/index.php/$1";
- to:
- {{wg|ArticlePath}} = "/wiki/index.php?title=$1";
- in index.php, remove these lines:
- if( isset( $_SERVER['PATH_INFO'] ) ) {
- $title = substr( $_SERVER['PATH_INFO'], 1 );
- } else {
- $title = $_REQUEST['title'];
- }
-
-= MediaWiki 1.1 =
-
-== MediaWiki 1.1.0, 2003-12-08 ==
-
-This is the new production release. Any following 1.1.x releases are expected
-to contain only bug fixes; developments of new features will go towards a 1.2.0
-release.
-New features in 1.1:
-* New wiki table syntax:
-http://meta.wikipedia.org/wiki/MediaWiki_User%27s_Guide:_Using_tables
-* User-editable interface messages:
-http://meta.wikipedia.org/wiki/MediaWiki_namespace
-* XML-wrapped page source export with optional history:
-http://meta.wikipedia.org/wiki/XML_import_and_export (There is not yet an
-import function!)
-* "Magic words" Fixes and tweaks:
-* linkscc table caches link data for rendering; faster
-{{manual|rebuildlinks.php}}
-* Numerous bugs in [[skin:Cologne Blue|Cologne Blue]] skin fixed
-* Login gives warning about missing cookies
-* Block log, protection log added; deletion log now includes undeletions
-* Deletion & upload logs now escape comment text properly
-* Problems with <nowiki><nowiki></nowiki> segments in section titles etc
-mitigated
-* Contributions offset and minor edit bugs fixed
-* Whatlinkshere now sorted alphabetically
-* Various exciting new profiling options.
-* Debug log is off by default.
-* Various small bugs fixed. Internal changes:
-* wfQuery has had a second parameter inserted, DB_READ or DB_WRITE. This value
-is not actually used so far.
-* Partial code for categories and Smarty template-based skins is in the tree
-but disabled.
-* Parts of Article.php have been moved to {{manual|EditPage.php}} and
-{{manual|ImagePage.php}}. New translations:
-* fi - Finnish
-* ia - Interlingua
-* no - Norwegian
-* sk - Slovak
-* ta - Tamil
-
-=== Database changes ===
-"linkscc" table added. If upgrading manually (rather than with
-{{manual|update.php}}), run maintenance/archives/patch-linkscc.sql to create
-the table. Older releases were dated snapshots from the old 'stable' branch:
-
-= pre-MediaWiki 1.1.0 =
-
-== Mediawiki-20031118 ==
-* Image deletion fixed.
-* Deletion of image old revisions now restricted to sysops (this is an
-irreversible action and not well logged)
-* Fixed maintenance scripts broken by last release's security fix
-* Many errors in {{manual|rebuildlinks.php|rebuildlinks}} script fixed.
-
-== Mediawiki-20031117 ==
-* SECURITY FIX: stricter checking of include path
-* Fixed user contributions next/prev bug
-* Login cookies now have the database name prefixed to allow wikis to coexist
-in the same domain. This will invalidate any old saved password cookies.
-* Update cache timestamp when talk pages are created
-* Saving the login form in Mozilla no longer blanks password in prefs.
-* Check existence of source page before performing a move.
-* Detect invalid titles in Special:Allpages
-* Q-encode headers on outgoing inter-user e-mail
-* Updates to some translations.
-* Added table of contents border/bg to Cologne Blue, Nostalgia skins
-* Protected pages no longer appear unprotected when visited via redirect
-* Swapped old Wikipedia logo for the MediaWiki sunflower logo
-* install.php, update.php print warning on old PHP versions, added
-compatibility functions that might or might not help No database changes since
-20031107; upgrading should be clean.
-
-== Mediawiki-20031107 ==
-* Fixed various bugs!
-* Some speed improvements from tweaks to the table indexes
-* Limited support for memcached (see below)
-* New translations (see below)
-* Interwiki link data now kept in database for flexibility
-* Friendlier read-only source view if asked to edit a page when the db is
-locked or the page is protected.
-* Normal IP blocks auto-expire after 24 hours
-* Optional support for blocking usernames
-* Uploads disabled by default (see below)
-
-== Mediawiki-20030829 ==
-First release under MediaWiki name.
-
-=== Security note ===
-Uploads are now disabled by default. If you've set up a secure configuration
-you can reenable uploads by putting: $wgDisableUploads = false;
-into LocalSettings.php. Earlier versions of MediaWiki included a bug that
-potentially allows logged- in users to delete arbitrary files in directories
-writable by the web server user by manually feeding false form data; this is
-now fixed. As a reminder, disable PHP script execution in the upload directory!
-You may also wish to serve HTML pages as plaintext to prevent cookie- stealing
-JavaScript attacks. Example Apache config fragment:
-<pre>
-<Directory "/Library/MediaWiki/web/upload">
- # Ignore .htaccess files
- AllowOverride None
-
- # Serve HTML as plaintext
- AddType text/plain .html .htm .shtml
-
- # Don't run arbitrary PHP code.
- php_admin_flag engine off
-
- # If you've other scripting languages, disable them too.
-</Directory>
-</pre>
-
-=== Database updates ===
-If you're using {{manual|update.php}}, the necessary database changes should be
-made automatically. To manually upgrade your database from the 2003-08-29
-release, run the following SQL scripts from the maintenance subdirectory:
-archives/patch-ipblocks.sql archives/patch-interwiki.sql
-archives/patch-indexes.sql interwiki.sql To copy in the Wikipedia
-language-prefix interwikis as well, add: wikipedia-interwiki.sql
-
-=== Translations ===
-New interface localization files are included for:
-*fy - Frisian
-*ro - Romanian
-*sl - Slovene
-*sq - Albanian
-*sr - Serbian
-
-=== Memcached ===
-Memcached is a distributed cache system. See http://www.danga.com/memcached/
-MediaWiki can optionally use memcached to store some data between calls to
-reduce load on the database. Currently this is limited to user and talk page
-notification data, interwiki prefix/URL matches, and the UTF-8 conversion
-tables. MediaWiki includes version 1.0.10 of the (GPL'd) PHP memcached client
-by Ryan Gilfether; if memcached is disabled it acts as a dummy object with
-minimal overhead. To use memcached you'll need PHP installed with sockets
-support (this is not in the default configure options). See docs/memcached for
-some more details. Additionally, you can store login session data in memcached
-instead of the local filesystem, which can help to enable load-balancing by
-letting login sessions transparently work on multiple front-end web servers.
-(The primary other issue is with uploads, which requires some care in
-handling.) To enable this, set $wgSessionsInMemcached = true; and set
-$wgCookieDomain appropriately if exposing multiple hostnames. This system is
-new and may be volatile; login sessions will fail dramatically if memcached is
-unavailable when this option is turned on.
-
-=== Online documentation ===
-Documentation for both end-users and site administrators is currently being
-built up on Meta-Wikipedia, and is covered under the GNU Free Documentation
-License: http://meta.wikipedia.org/wiki/MediaWiki_User%27s_Guide
-
-=== Mailing list ===
-A MediaWiki-l mailing list has been set up distinct from the Wikipedia
-wikitech-l list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
-
-=== UseModWiki import script ===
-A stripped-down UseModWiki import script is available in the maintenance
-subdirectory. It is incomplete and requires a lot of manual clean-up, but does
-function for the brave and pure of heart.
-
-=== Test suite removed ===
-The unmaintained Java-based test suite has been removed from the tarball
-release. If you really want it you can check it out from CVS.
dépôts / lhc / web / wiklou.git / blobdiff