forked from wikimedia/mediawiki
-
Notifications
You must be signed in to change notification settings - Fork 0
/
HISTORY
10580 lines (9893 loc) · 568 KB
/
HISTORY
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Change notes from older releases. For current info see RELEASE-NOTES-1.21.
== MediaWiki 1.20 ==
=== PHP 5.3 now required ===
Since 1.20, the lowest supported version of PHP is now 5.3.2. Please
upgrade PHP if you have not done so prior to upgrading MediaWiki.
=== Configuration changes in 1.20 ===
* $wgGitRepositoryViewers defines a mapping from Git remote repository to the
Gitweb instance URL used in Special:Version.
* `$wgUsePathInfo = true;` is no longer needed to make $wgArticlePath work on servers
using like nginx, lighttpd, and apache over fastcgi. MediaWiki now always extracts
path info from REQUEST_URI if it's available.
* The user right 'upload_by_url' is no longer given to sysops by default.
This only affects installations which have $wgAllowCopyUploads set to true.
* Removed f-prot support from $wgAntivirusSetup.
* New variable $wgDBerrorLogTZ to provide dates in the error log in a
different timezone than the wiki timezone set by $wgLocaltimezone.
* New variables $wgDBssl and $wgDBcompress to enable SSL and compression for database
connections, if either are available for the selected DB type.
* $wgUseCombinedLoginLink now defaults to false, making MediaWiki output separate
login and create account links by default.
=== New features in 1.20 ===
* Added TitleIsAlwaysKnown hook which gets called when determining if a page exists.
* Added NamespaceIsMovable hook which gets called when determining if pages in a
certain namespace can be moved.
* Added SpecialPageBeforeExecute hook which gets called before SpecialPage::execute.
* Added SpecialPageAfterExecute hook which gets called after SpecialPage::execute.
* Added ORMTable, ORMRow and ORMResult classes for additional abstraction of
database interaction.
* Added CacheHelper and associated SpecialCachedPage and CachedAction helper classes.
* (bug 32341) Add upload by URL domain limitation.
* &useskin=default will now always display the default skin. Useful for users with a
preference for the non-default skin to look at something using the default skin.
* (bug 27619) Remove preference option to display broken links as link?
* (bug 34896) jQuery JSON plugin upgraded to v2.3 (2011-09-17).
* (bug 34302) Add CSS classes to email fields in user preferences.
* Introduced $wgDebugDBTransactions to trace transaction status (currently PostgreSQL only).
* (bug 23795) Add parser itself to ParserMakeImageParams hook.
* Introduce a cryptographic random number generator source api for use when
generating various tokens.
* (bug 30963) Option on Special:Prefixindex and Special:Allpages to not show redirects.
* (bug 18062) New message when edit or create the local page of a shared file.
* (bug 22870) Separate interface message when creating a page.
* (bug 17615) nosummary option should be reassigned on preview/captcha.
* (bug 34355) Add a variable and parser function for the namespace number.
* (bug 35649) Special:Version now shows hashes of extensions checked out from git.
* (bug 35728) Git revisions are now linked on Special:Version.
* "Show Changes" on default messages shows now diff against default message text
* (bug 23006) create #speciale parser function.
* generateSitemap can now optionally skip redirect pages.
* (bug 27757) New API command just for retrieving tokens (not page-based).
* Added GitViewers hook for extensions using external git repositories to have a web-based
repository viewer linked to from Special:Version.
* Memcached debug logs can now be sent to their own file logs by setting
$wgDebugLogFile['memcached'] to some filepath.
* (bug 35685) api.php URL and other entry point URLs are now listed on
Special:Version
* Edit notices can now be translated.
* jQuery upgraded to 1.8.2.
* jQuery UI upgraded to 1.8.23.
* QUnit upgraded from v1.2.0 to v1.10.0.
* (bug 37604) jquery.cookie upgraded to 2011 version.
* (bug 22887) Add warning and tracking category for preprocessor errors
* (bug 31704) Allow selection of associated namespace on the watchlist
* (bug 5445) Now remove autoblocks when a user is unblocked.
* Added $wgLogExceptionBacktrace, on by default, to allow logging of exception
backtraces.
* Added device detection for determining device capabilities.
* QUnit.newMwEnvironment now supports passing a custom setup and/or teardown function.
Arguments signature has changed. First arguments is now an options object of which
'config' can be a property. Previously 'config' itself was the first and only argument.
* New getCreator and getOldestRevision methods added to WikiPage class
* (bug 4220) the XML dump format schema now have unique identity constraints
for page and revision identifiers. Patch by Elvis Stansvik.
* cleanupSpam.php now can delete spam pages if --delete was specified instead of blanking
them.
* Added new hook ChangePasswordForm to allow adding of additional fields in Special:ChangePassword
* Added new function getDomain to AuthPlugin for getting a user's domain
* (bug 23427) New magic word {{PAGEID}} which gives the current page ID.
Will be null on previewing a page being created.
* (bug 37627) UserNotLoggedIn() exception to show a generic error page whenever
a user is not logged in.
* Watched status in changes lists are no longer indicated by <strong></strong>
tags with class "mw-watched". Instead, each line now has a class
"mw-changeslist-line-watched" or "mw-changeslist-line-not-watched", and the
title itself is surrounded by <span></span> tags with class "mw-title".
* Added ContribsPager::reallyDoQuery hook allowing extensions to data to MyContribs
* Added new hook ParserAfterParse to allow extensions to affect parsed output
after the parse is complete but before block level processing, link holder
replacement, and so on.
* (bug 34678) Added InternalParseBeforeSanitize hook which gets called during Parser's
internalParse method just before the parser removes unwanted/dangerous HTML tags.
* Added new hook AfterFinalPageOutput to allow modifications to buffered page output before sent
to the client.
* (bug 36783) Implement jQuery Promise interface in mediawiki.api module.
* Make dates in sortable tables sort according to the page content language
instead of the site content language
* (bug 37926) Deleterevision will no longer allow users to delete log entries,
the new deletelogentry permission is required for this.
* (bug 14237) Allow PAGESINCATEGORY to distinguish between 'all', 'pages', 'files'
and 'subcats'
* (bug 38362) Make Special:Listuser includeable on wiki pages.
* Added support in jquery.localize for placeholder attributes.
* (bug 38151) Implemented mw.user.getRights for getting and caching the current
user's user rights.
* Session storage can now configured independently of general object cache
storage, by using $wgSessionCacheType. $wgSessionsInMemcached has been
renamed to $wgSessionsInObjectCache, with the old name retained for backwards
compatibility. When this feature is enabled, the expiry time can now be
configured with $wgObjectCacheSessionExpiry.
* Added a Redis client for object caching.
* Implemented mw.user.getGroups for getting and caching user groups.
* (bug 37830) Added $wgRequirePasswordforEmailChange to control whether password
confirmation is required for changing an email address or not.
* HTMLForm mutators can now be chained (they return $this)
* A new message, "api-error-filetype-banned-type", is available for formatting
API upload errors due to the file extension blacklist.
* New hook 'ParserTestGlobals' allows to set globals before running parser tests.
* Allow importing pages as subpage.
* Add lang and hreflang attributes to language links on Login page.
* (bug 22749) Create Special:MostInterwikis.
* Show change tags when transclude Special:Recentchanges(linked) or Special:Newpages.
* (bug 23226) Add |class= parameter to image links in order to add class(es) to HTML img tag.
* (bug 39431) SVG animated status is now shown in long description.
* (bug 39376) jquery.form upgraded to 3.14.
* SVG files will now show the actual width in the SVG's specified units
in the metadata box.
* Added ResourceLoader module "jquery.jStorage" (v0.3.0, http://jStorage.info/).
* (bug 39273) Added AJAX support for "Show changes" (diff) in LivePreview.
* Added ResourceLoader module "jquery.badge".
* mw.util.$content now points to the overall content area in the skin rather than just
page text content area. If you need the old behaviour please use $( '#mw-content-text').
* jsMessage has been replaced with a floating bubble notification system complete
with auto-hide, multi-message support, and message replacement tags.
* jquery.messageBox which appears to be unused by both core and extensions has
been removed.
* (bug 34939) Made link parsing insensitive ([HttP://]).
* (bug 40072) Add CSS classes to items in output of ChangesList pages.
* Added $wgCopyUploadProxy global to define which proxy to use for copy
uploads.
* (bug 40448) mediawiki.legacy.mwsuggest has been replaced with a new module,
mediawiki.searchSuggest, based on SimpleSeach from Extension:Vector.
=== Known issues in 1.20.0 ===
These are issues that we're targeting to be fixed in a later release
in the 1.20 series. Issues may be added or removed from this list as
we see fit. For now, it is comprised of those bugs on the 1.20.0
milestone in Bugzilla.
* (bug 35894): Reports of secret key generation "hanging" on windows
This is probably a bug that has been fixed in PHP. If you run
into this, try upgrading your PHP.
* (bug 38334): PHP Notice: Undefined index: href in /www/w/skins/Vector.php on line 416
We think this is a problem in some extension. If you see this,
try disabling your extensions and check out the logging patch on
this bug. Or try this patch:
<https://gerrit.wikimedia.org/r/#/c/27937/1/skins/Vector.php>
* (bug 39268): [Regression] Toolbar inserts in main textarea only (instead of the focussed textarea)
This should only be an issue if you are using the ProofreadPage
extension.
* (bug 40641): Clicking "others" in Special:Version asks to download a file
If you encounter this, you can tell your webserver to serve the
CREDITS file with text/plain MIME type to fix it.
=== Bug fixes in 1.20 ===
* (bug 40939): [Regression] InfoAction: Call to a member function getUserText() on a non-object
* (bug 40780): searchsuggest-containing line ("containing...") doesn't include the entered text
* (bug 37714): [Regression] Incomplete log entries
* (bug 27202): API: Add timestamp sort to list=allimages
* (bug 30245) Use the correct way to construct a log page title.
* (bug 34237) Regenerate an empty user_token and save to the database
when we try to set the user's cookies for login.
* (bug 32210) New edit emails for watched pages always provide a link to the
edit which triggered the mail.
* (bug 12021) Added user talk link on Special:Listusers.
* (bug 34445) section edit and TOC hide/show links are excluded from selection and
copy/paste on supporting browsers.
* (bug 34428) Fixed incorrect hash mismatch errors in the DiffHistoryBlob
history compression method.
* (bug 34702) Localised parentheses are now used in more special pages.
* (bug 34723) When editing a script page on a RTL wiki the textbox should be LTR.
* (bug 34762) Calling close() on a DatabaseBase object now clears the connection.
* (bug 34863) Show deletion log extract on non-existent file pages if applicable.
* (bug 28019) Let ?preloadtitle=foo be passed on to target of
Special:MyPage and Special:MyTalk.
* (bug 34929) Show the correct diff when a section edit is rejected by the spam
filter.
* (bug 15816) Add a switch for SETting the search_path (Postgres).
* (bug 34521) Returning to the previous page after logging in loses any array-
valued parameters in the query string.
* (bug 34735) Updated compressOld.php documentation to mention the different
usages of -s and -n parameters depending on compression type.
* (bug 13896) Rendering of devanagari numbers in automatic '#' number lists.
* (bug 33689) Upgrade to 1.19 on Postgres fails due to incomplete query when.
trying to defer foreign key for externallinks.
* (bug 32748) Printer friendly version of article decode Unicode chars as a
pretty IRI in footer.
* Removed white border around thumbnails in galleries.
* (bug 31236) "Next" and "Previous" buttons are shown incorrectly in
an RTL environment.
* (bug 35749) Updated maintenance/checkSyntax.php to use Git instead of
Subversion when invoked with the --modified option.
* (bug 35069) On history pages, the " . . " separator after the number of
characters changed in a revision is now suppressed if no text would follow.
* (bug 18704) Add a unique CSS class or ID to the tagfilter table row at RecentChanges
* (bug 33564) transwiki import sometimes result in invalid title.
* (bug 35572) Blocks appear to succeed even if query fails due to wrong DB structure
* (bug 31757) Add a word-separator between help-messages in HTMLForm
* (bug 30410) Removed deprecated $wgFilterCallback and the 'filtered' API error.
* (bug 32604) Some messages needs escaping of wikitext inside username.
* (bug 36537) Rename wfArrayToCGI to wfArrayToCgi for consistency with wfCgiToArray.
* (bug 25946) The message on the top of Special:RecentChanges is now displayed.
in user language instead of content language.
* (bug 35264) Wrong type used for <ns> in export.xsd
* (bug 24985) Use $wgTmpDirectory as the default temp directory so that people
who don't have access to /tmp can specify an alternative.
* (bug 27283) SqlBagOStuff breaks PostgreSQL transactions.
* (bug 35727) mw.Api ajax() should put token parameter last.
* (bug 37708) mw.Uri.clone() should make a deep copy.
* (bug 38024) ResourceLoader should not create empty stylesheets for modules
that don't have stylesheets.
* (bug 36812) Special:ActiveUsers "Hide bots" should hide users from any group
having the "bot" user right, instead of just the default "bot" user group.
* (bug 35082) mw.util.addPortletLink incorrectly adds link to mutiple <ul> tags.
* (bug 36991) jquery.tablesorter should extract date sort format from date
string instead of global config. Dates like "April 1 2012" and "1 April 2012"
now sort correctly regardless of the content language's DefaultDateFormat.
* (bug 31895) mw.loader mode now correct when triggered from a $.fn.ready
handler that is bound before mediawiki.js's handler (e.g. browser-userscripts
like greasemonkey).
* (bug 38152) jquery.tablesorter: Use .data() instead of .attr(), so that live
values are used instead of just the fixed values from when the tablesorter
was initialized.
* (bug 38093) Gender of changed user groups missing in Special:Log/rights
* (bug 35893) Special:Block needs to load mediawiki.special.block.js.
* (bug 37331) ResourceLoader modules sometimes execute twice in Firefox
* (bug 31644) GlobalUsage, CentralAuth and AbuseLog extensions should not use
insecure links to foreign wikis in the WikiMap.
* (bug 36073) Avoid duplicate element IDs on File pages.
* (bug 25095) Special:Categories should also include the first relevant item
when "from" is filled.
* (bug 35526) jquery.tablesorter now uses a stable sort.
* (bug 38953) --memory-limit switch not working for runJobs.php.
* (bug 33037) Make subpage of Special:newfiles control how many files
are returned, like in previous versions.
* (bug 36524) "Show" options on Special:RecentChanges and Special:RecentChangesLinked
are now remembered between successive clicks.
* (bug 26069) Page title is no longer "Error" for all error pages.
* (bug 39297) Show warning if thumbnail of animated image will not be animated.
* (bug 38249) Parser will throw an exception instead of outputting gibberish if
PCRE is compiled without support for unicode properties.
* (bug 30390) Suggested file name on Special:Upload should not contain
illegal characters.
* EXIF below sea level GPS altitude data is now shown correctly.
* (bug 39284) jquery.tablesorter should not consider "."" or "?"" to be a currency.
* (bug 39273) "Show changes" should not be incorrectly displayed in the Live Preview state.
* Made body-content lang attribute honor the variant language when it is set.
* (bug 36761) "Mark pages as visited" now submits previously established filter options.
* (bug 39635) PostgreSQL LOCK IN SHARE MODE option is a syntax error.
* (bug 36329) Accesskey tooltips for Firefox 14 on Mac should use "ctrl-option-" prefix.
* (bug 32552) Drop unused database field cat_hidden from table category.
* (bug 24502) Do not allow multiple language links to the same language.
* (bug 40214) Category pages no longer use deprecated "width" HTML attribute.
* (bug 39941) Add missing stylesheets to the installer pages
* In HTML5 mode, allow new input element types values (such as color, range..)
* (bug 36151) mw.Title: Don't limit extension in title parsing.
* (bug 38158) jquery.byteLimit sometimes causes an unexpected 0 maxLength being enforced.
* (bug 38163) jquery.byteLimit incorrectly limits input when using methods other than
basic per-char typing.
* (bug 34495) patrol log now credit the user patrolling (instead of patrolled
user).
* (bug 31676) ResourceLoader should work around IE stylesheet limit.
* (bug 40498) ResourceLoader should not output an empty "@media print { }" block.
* (bug 40500) ResourceLoader should not ignore media-type for urls in debug mode.
* (bug 40660) ResourceLoaderWikiModule should not convert " " to a space
for pages from the MediaWiki-namespace.
* (bug 40329) (bug 40632) Removed CleanupPresentationalAttributes feature.
=== API changes in 1.20 ===
* (bug 34316) Add ability to retrieve maximum upload size from MediaWiki API.
* (bug 34313) MediaWiki API intro message about "HTML format" should mention
the format parameter.
* (bug 32384) Allow descending order for list=watchlistraw.
* (bug 31883) Limit of bkusers of list=blocks and titles of action=query is
not documented in API help.
* (bug 32492) API now allows editing using pageid.
* (bug 32497) API now allows changing of protection level using pageid.
* (bug 32498) API now allows comparing pages using pageids.
* (bug 30975) API import of pages with invalid characters in this wiki leads to Fatal Error.
* (bug 30488) API now allows listing of backlinks/embeddedin/imageusage per pageid.
* (bug 34927) Output media_type for list=filearchive.
* (bug 28814) add properties to output of action=parse.
* (bug 33224) add variants of content language to meta=siteinfo.
* (bug 32643) action=purge with forcelinkupdate no longer crashes when ratelimit is reached.
* The paraminfo module now also contains result properties for most modules.
* (bug 32348) Allow descending order for list=alllinks.
* (bug 31777) Upload unknown error ``fileexists-forbidden''.
* (bug 32382) Allow descending order for list=iwbacklinks.
* (bug 32381) Allow descending order for list=backlinks, list=embeddedin and list=imageusage.
* (bug 32383) Allow descending order for list=langbacklinks.
* API meta=siteinfo can now return the list of known variable IDs.
* (bug 35980) list=deletedrevs now honors drdir correctly in "all" mode (mode #3).
* (bug 29290) API avoids mangling fields in continuation parameters
* (bug 36987) API avoids mangling fields in continuation parameters
* (bug 30836) siteinfo prop=specialpagealiases will no longer return nonexistent special pages
* (bug 38190) Add "required" flag to some token params for hint in api docs.
* (bug 27567) Add file repo support to prop=duplicatefiles.
* (bug 27610) Add archivename for non-latest image version to list=filearchive
* (bug 38231) Add xml parse tree to action=parse.
* Watchlist notification timestamp may be queried by page and may be updated via the API.
* (bug 38904) prop=revisions&rvstart=... no longer blows up when continuing.
* (bug 39032) ApiQuery generates help in constructor.
* (bug 11142) Improve file extension blacklist error reporting in API upload.
* (bug 39665) List of query generators is now not built using reflection, instead it is
defined in code.
=== Languages updated in 1.20 ===
MediaWiki supports over 350 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Bugzilla reports.
* Emilian (egl) added.
* Tornedalen Finnish (fit) added.
* Mizo (lus) added.
* Santali (sat) added.
* (bug 34192) Namespace gender aliases for Albanian languages (sq & aln).
* (bug 35541) Namespace gender aliases for Croatian (hr).
* (bug 36012) Space in $separatorTransformTable should be non-breaking in
Portuguese, Esperanto and Udmurt.
* Turoyo (tru) added.
* Cyrillic-Latin language converter added for Uzbek (uz).
=== Other changes in 1.20 ===
* The user_token field is now left empty until a user attempts to login and
cookies need to be set. It is also now possible to reset every user's
user_token simply by clearing the values in the user_token column.
* Removed ./tests/qunit/index.html from core. It wasn't actively maintained and
has been made obsolete when [[Special:JavaScriptTest/qunit]] was introduced,
which actually uses ResourceLoader, LocalSettings and the Skin.
* Removed $wgDBtransactions global. This was only checked in one class
and only applies to MyISAM or similar DBs. Those should only be used
for archived sites anyway. We can't get edit conflicts on such sites,
so the WikiPage code wasn't useful there either.
* Deprecated mw.user.name in favour of mw.user.getName.
* Deprecated mw.user.anonymous in favour of mw.user.isAnon.
* Deprecated DatabaseBase functions newFromParams(), newFromType(), set(),
quote_ident(), and escapeLike() were removed.
* Use of __DIR__ instead of dirname( __FILE__ ).
* OutputPage::wrapWikiMsg() no longer supports the 'options' parameter. It was
not used and complicated migration to Message class.
* Live preview functionality has been improved and moved into the
'mediawiki.action.edit.preview' module. The old 'mediawiki.legacy.preview' module
has been removed.
* (bug 40448) Removed mediawiki.legacy.mwsuggest module, and removed the
following that has become obsolete:
- globals $wgEnableMWSuggest and $wgMWSuggestTemplate.
- mw.config.values wgMWSuggestTemplate and wgSearchNamespaces.
- method SearchEngine::getMWSuggestTemplate().
== MediaWiki 1.19 ==
== MediaWiki 1.19.2 ==
This is a security release of the MediaWiki 1.19 branch
=== Changes since 1.19.1 ===
* (bug 39700) File: link to non-existing file can inject html
* (bug 39823) Hidden block text leaking to admins
* (bug 39184) LDAP password leakage
* (bug 39180) Disallow framing of api results
* (bug 37587) Enforce language codes to be html safe
* (bug 39824) Check global blocks on account creation
== MediaWiki 1.19 ==
MediaWiki 1.19 is a large release that contains many new features and bug
fixes. This is a summary of the major changes of interest to users.
You can consult the RELEASE-NOTES-1.19 file for the full list of changes in
this version.
Our thanks go to everyone who helped to improve MediaWiki by testing the beta
release and submitting bug reports.
=== Changes since 1.19.1 ===
* (bug 38406) Properly quote table names in DatabaseBase::tableName()
* (bug 38249) Parser will throw an exception instead of outputting gibberish if
PCRE is compiled without support for unicode properties.
=== Changes since 1.19.0 ===
* (bug 36568) Fixed "Illegal string offset 'LIMIT'" warnings in updater
* (bug 36938) Correctly escape uselang attribute to prevent xss
* Expanded Blacklist for SVG Files
=== Changes since 1.19 beta 2 ===
* Special:Watchlist no longer sets links to feed when the user is anonymous.
* (bug 35961) Hash comparison should always be strict.
* Fix broken email confirmation expiration caused by MWCryptRand changes.
* (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php
on line 598.
* (bug 36042) 'show' causes a fatal in blocks API.
=== Changes since 1.19 beta 1 ===
* (bug 35014) Including a special page no longer sets the page's title to the
included page
* (bug 35019) Edit summaries are no longer transformed in notification e-mails
* (bug 35152) Help message for e-mail is shown again in user preferences
* (bug 34887) $3 and $4 parameters are now substituted correctly in message
"movepage-moved"
* (bug 34841) Edit links are no longer displayed when display old page versions
* (bug 34889) User name should be normalized on Special:Contributions
* (bug 35051) If heading has a trailing space after == then its name is not
preloaded into edit summary on section edit
* (bug 31417) New ID mw-content-text around the actual page text, without categories,
contentSub, ... The same div often also contains the class mw-content-ltr/rtl.
* (bug 35303) Proxy and DNS blacklist blocking works again
* (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in
core parser functions which operate on strings, such as padleft.
* (bug 18295) Don't expose strip markers when a tag appears inside a link
inside a heading.
* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token
parameter present.
* (bug 34907) Fixed exposure of tokens through load.php that could have facilitated
CSRF attacks.
* (bug 35317) CSRF in Special:Upload.
=== Configuration changes in 1.19 ===
* Removed SkinTemplateSetupPageCss hook; use BeforePageDisplay instead.
* (bug 27132) movefile right granted by default to registered users.
* Default cookie lifetime ($wgCookieExpiration) is increased to 180 days.
* (bug 31204) Removed old user.user_options.
* $wgMaxImageArea now applies to jpeg files if they are not scaled with
ImageMagick.
* Introduced $wgQueryPageDefaultLimit (defaults to 50) for the number of
items to show by default on query pages (special pages such as Whatlinkshere).
* (bug 32470) Increase the length of ug_group.
* (bug 32239) Removed $wgEnableTooltipsAndAccesskeys.
* Removed $wgVectorShowVariantName.
* Removed $wgExtensionAliasesFiles. Use $wgExtensionMessagesFiles.
* Removed $wgResourceLoaderInlinePrivateModules , now always enabled.
=== New features in 1.19 ===
* (bug 19838) Add ability to get all interwiki prefixes also if the interwiki
cache is used.
* $wgDnsBlacklistUrls now accepts an array with url and key as the
elements to work with DNSBLs that require keys, such as
Project Honeypot.
* (bug 30022) Add support for custom loadScript sources to ResourceLoader.
* (bug 19052) Unicode space separator characters (Zs) now terminates external
links and images links.
* (bug 30160) Add public method to mw.loader to get module names from registry.
* (bug 15558) Parameters to special pages included in wikitext can now be passed
as with templates.
* Installer now issues a warning if mod_security is present.
* (bug 29455) Add support for a filter callback function in jQuery byteLimit
plugin.
* Added two new GetLocalURL hooks to better serve extensions working on a
limited type of titles.
* Added a --no-updates flag to importDump.php that skips updating the links
tables.
* Most presentational html attributes like valign are now converted to inline
css style rules. These attributes were removed from html5 and so we clean
them up when $wgHtml5 is enabled. This can be disabled using
$wgCleanupPresentationalAttributes.
* Magic words (time and number-formatting ones, plus DIRECTIONMARK, but not
NAMESPACE) now depend on the page content language instead of the site
language. In theory this sets the right magic words in system messages,
although they are not used there.
* (bug 30451) Add page_props to RefreshLinks::deleteLinksFromNonexistent.
* (bug 30450) Clear page_props table on page deletion.
* Hook added to check for exempt from account creation throttle.
* (bug 30344) Add configuration variable for setting custom priorities when
generating sitemaps.
* (bug 96170) Add array support for space-separated list attributes (like
'class') in the Html helper class.
* (bug 26470) Add checkered background image on hover on files pages.
* (bug 30774) mediawiki.html: Add support for numbers and booleans in the
attribute values and element contents.
* Conversion script between Tifinagh and Latin for the Tachelhit language.
* (bug 16755) Add options 'noreplace' and 'noerror' to {{DEFAULTSORT:...}}
to stop it from replace an already existing default sort, and suppress error.
* (bug 18578) Rewrote revision delete related messages to allow better
localisation.
* (bug 30364) LanguageConverter now depends on the page content language
instead of the wiki content language.
* Jump links will now be usable in CSS-capable browsers instead of only
in outdated text browsers.
* New common*.css files usable by skins instead of having to copy piles
of generic styles from MonoBook or Vector's css.
* Some deprecated presentational html attributes will now be automatically
converted to css.
* (bug 31297) Add support for namespaces in Special:RecentChanges subpage filter
syntax.
* The default user signature now contains a talk link in addition to the user link.
* (bug 25306) Add link of old page title to MediaWiki:Delete_and_move_reason.
* Added hook BitmapHandlerCheckImageArea.
* (bug 30062) Add $wgDBprefix option to cli installer.
* getUserPermissionsErrors and getUserPermissionsErrorsExpensive hooks are now
also called when checking for 'read' permission.
* Introduce $wgEnableSearchContributorsByIP which controls whether searching
for an IP address redirects to the contributions list for that IP.
* (bug 8859) Database::update should take array of tables too.
* (bug 19698) Add "Inverse namespaces" option to Special:Contributions.
* (bug 24037) Add byte length of revision to Special:Contributions.
* (bug 1672) Added $wgDisableUploadScriptChecks to allow uploading of files
containing HTML or JS. DISABLING THESE CHECKS IS VERY DANGEROUS.
* New path mappings can be added using the WebRequestPathInfoRouter hook
and adding paths to the PathRouter.
* (bug 32666) Special:ActiveUsers now allows a subpage to be used as value for the
"target" query parameter (eg. Special:ActiveUsers/Username).
* New JavaScript variable wgPageContentLanguage.
* Added new debugging toolbar, enabled with $wgDebugToolbar.
* Differences in the history page now uses slightly better colors for people
perceiving colors differently.
* (bug 32879) Upgrade jQuery to 1.7.1.
* jQuery UI upgraded to 1.8.17.
* Extensions can use the 'Language::getMessagesFileName' hook to define new
languages using messages files outside of core.
* (bug 32512) Add 'Associated namespace' checkbox to Special:Contributions.
* Added $wgSend404Code, true by default, which can be set to false to send a
200 status code instead of 404 for nonexistent articles.
* (bug 33447) Link to the broken image tracking category from Special:Wantedfiles.
* (bug 27724) Add timestamp to job queue.
* (bug 30339) Implement SpecialPage for running javascript tests. Disabled by default, due to
tests potentially being harmful, not to be run on a production wiki.
Enable by setting $wgEnableJavaScriptTest to true.
* Extensions can use the RequestContextCreateSkin hook to override what skin is
loaded in some contexts.
* (bug 33456) Show $wgQueryCacheLimit on cached query pages.
* (bug 10574) Add an option to allow all pages to be exported by Special:Export.
* mediawiki.js Message object constructor is now publicly available as mw.Message.
* (bug 29309) Allow CSS class per tooltip (tipsy).
* (bug 33565) Add accesskey/tooltip to submit buttons on Special:EditWatchlist.
* (bug 17959) Inline rendering/thumbnailing for Gimp XCF images.
* (bug 27775) Namespace has it's own XML tag in the XML dump file.
* (bug 30513) Redirect tag is now resolved in XML dump file.
* sha1 xml tag added to XML dump file.
* (bug 33646) Badtitle error page now emits a 400 HTTP status.
* Special:MovePage now has a dropdown menu for namespaces.
* (bug 34420) Special:Version now shows git HEAD sha1 when available.
* (bug 33952) Refactor mw.toolbar to allow dynamic additions at any time.
=== Bug fixes in 1.19 ===
* $wgUploadNavigationUrl should be used for file redlinks if.
$wgUploadMissingFileUrl is not set. The first was used for this
until the second was introduced in 1.17.
* BREAKING CHANGE: Style rules for wikitable are now more specific and prevent
inheritance to nested tables which caused various issues (bug 30485 and bug
33434). If your wiki has overriden rules for ".wikitable", please revise them and
adjust where neccecary. For comparison, use the "table.wikitable" section in
skins/common/shared.css as base.
* $wgUploadNavigationUrl is now used for file redlinks if
$wgUploadMissingFileUrl is not set. The former was used for this until the
second was introduced in 1.17.
* (bug 27894) Move 'editondblclick' event listener down from body to
div#bodyContent.
* (bug 30172) The check for posix_isatty() in maintenance scripts did not detect
when the function exists but is disabled. Introduced
Maintenance::posix_isatty().
* (bug 30264) Changed installer-generated LocalSettings.php to use
require_once() instead require() for included extensions.
* Do not convert text in the user interface language to another script.
* (bug 26283) Previewing user JS/CSS pages didn't load other user JS/CSS pages.
* (bug 26486) ResourceLoader modules with paths to nonexistent files cause PHP
warnings/notices to be thrown.
* (bug 30335) Fix for HTMLForms using GET that were breaking when non-friendly
URLs are used.
* (bug 28649) Preventing half truncated multi-byte unicode characters when
truncating log comments.
* Show --batch-size option in help of maintenance scripts that support it.
* (bug 4381) Magic quotes cleaning was not comprehensive, key strings were not
unescaped.
* (bug 23057) Importers no longer can 'edit' or 'create' a fully-protected page by
importing a new revision into it.
* Allow moving the associated talk pages of subpages even if the base page
has no subpage.
* Per page edit-notices now work in namespaces without subpages enabled.
* (bug 31081) $wgEnotifUseJobQ is no longer unconditionally enqueueing jobs.
* (bug 30202) File names are now restricted on upload to 240 bytes, because of
restrictions on some of the database fields.
* Timezones are now recognised in user preferences when offset is different
due to DST.
* (bug 31692) "summary" parameter now also works when undoing revisions.
* (bug 18823) "move succeeded" text displayed bluelinks even when redirect was
suppressed.
* (bug 19186) Special:UserLogin's title on Special:SpecialPages now says
"create account" when the user cannot create an account.
* (bug 31818) 'usercreated' message now supports GENDER.
* (bug 32022) Our phpunit.php script can now be executed from another directory.
* (bug 26020) Setting $wgEmailConfirmToEdit to true no longer removes diffs.
from recent changes feeds.
* (bug 30232) add current time to message wlnote on Special:Watchlist.
* (bug 29110) $wgFeedDiffCutoff did not affect new pages.
* (bug 32168) Add wfRemoveDotSegments for use in wfExpandUrl.
* (bug 32358) Do not display "No higher resolution available" for dimensionless
files (like audio files).
* (bug 32168) Add wfAssembleUrl for use in wfExpandUrl.
* (bug 32168) fixed - wfExpandUrl expands dot segments now.
* (bug 31535) Upload comments now truncated properly, and don't have brackets.
* (bug 32086) Special:PermanentLink now show an error message when no subpage
was specified.
* (bug 30368) Special:Newpages now shows the new page name for moved pages.
* (bug 1697) The way to search blocked usernames in block log should be clearer.
* (bug 29747) eAccelerator shared memory caching has been removed since it is
now disabled by default and is buggy. APC, XCache and WinCache are not affected.
* Installer now refuses to install if php was not compiled with Ctype support.
* (bug 29475) Remove "trackback" feature entirely from core.
* (bug 32665) Special:BlockList prefills the username in the input field if
using the Special:BlockList/username URL.
* (bug 27721) Make JavaScript variables wgSeparatorTransformTable and
wgDigitTransformTable depend on page content language so the sort script
sorts correctly more often.
* (bug 32230) Expose wgRedirectedFrom in JavaScript.
* (bug 31212) History tab not collapsed when the screen is narrow.
* (bug 15521) Use new section summary when the action of adding a new section
also happens to create the page.
* (bug 32960) Remove EmailAuthenticationTimestamp from database when a
email address is removed.
* (bug 32414) Empty page get a empty bytes attribute in Export/Dump.
* (bug 33101) Viewing a User or User talk of username resembling IP ending
with .xxx causes Internal error.
* Warning about undefined index in certain situations when $wgLogRestrictions
causes the first log type requested to be removed but not the others.
* Use separate message ('prefixindex-namespace') for title of
Special:PrefixIndex rather then re-using Special:AllPages's allinnamespace.
* (bug 33156) Special:Block now allows you to confirm you want to block yourself
when using non-normalized username.
* (bug 33246) News icon shown for news:// URLs but not for news: URLs.
* (bug 33305) Make mw.util.addCSS resistant to IE's @font-face bug by setting
cssText after DOM insertion.
* (bug 30711) When adding a new section to a page with section=new, the text is
now always added to the current version of the page.
* (bug 31719) Fix uploads of SVGs exported by Adobe Illustrator by expanding
XML entities correctly.
* (bug 30914) Embeddable ResourceLoader modules (user.options, user.tokens)
should be loaded in <head> for proper dependency resolution.
* (bug 32702) Removed method Skin::makeGlobalVariablesScript() has been readded
for backward compatibility.
* (bug 31469) Make sure tracking category messages expand variables like
{{NAMESPACE}} relative to correct title.
* (bug 33454) ISO-8601 week-based year number (format character 'o') is now
calculated correctly with respect to timezone.
* (bug 32219) InstantCommons now fetches content from Wikimedia Commons using
HTTPS when the local wiki is served over HTTPS.
* (bug 33525) clearTagHooks doesn't clear function hooks.
* (bug 33523) Function tag hooks don't appear on Special:Version.
* Files with IPTC blocks we can't read no longer prevent extraction of exif
or other metadata.
* (bug 33587) Remove action "historysubmit" from history pages.
* (bug 25800) mw.config wgAction should contain the actually performed action instead
of whatever the query value contains.
* (bug 4438) Add CSS hook for current WikiPage action.
* (bug 33703) Common border-bottom color for <abbr> should inherit default (text) color.
* (bug 33819) Display file sizes in appropriate units.
* (bug 32948) {{REVISIONID}} and related variables are no longer blank after doing
a null edit.
* (bug 33880) $wgUsersNotifiedOnAllChanges should not send e-mail to user who made
the edit.
* (bug 33902) Decoding %2B with mw.Uri.decode results in ' ' instead of +.
* (bug 33762) QueryPage-based special pages no longer misses *-summary message.
* Other sizes links are no longer generated for wikis without a 404 thumbnail handler.
* (bug 29454) Enforce byteLimit for page title input on Special:MovePage.
* (bug 34114) CSSMin::remap() doesn't respect its $embed parameter.
* Special:Contributions/newbies now shows the contributions for the user "newbies".
New user contributions are obtained using the form or using ?contribs=newbie in URL.
* It is now possible to delete images that have no corresponding description pages.
* (bug 33165) GlobalFunctions.php line 1312: Call to a member function
getText() on a non-object.
* (bug 31676) Group dynamically inserted CSS into a single <style> tag, to work
around a bug where not all styles were applied in Internet Explorer.
* (bug 28936, bug 5280) Broken or invalid titles can't be removed from watchlist.
* (bug 34600) Older skins using useHeadElement=false were broken in 1.18.
* (bug 34604) [mw.config] wgActionPaths should be an object instead of a numeral
array.* (bug 12262) Indents and lists are now aligned
* (bug 29753) mw.util.tooltipAccessKeyPrefix should be alt-shift for Chrome
on Windows
* (bug 25095) Special:Categories should also include the first relevant item
when "from" is filled.
* (bug 34972) An error occurred while changing your watchlist settings for
[[Special:WhatLinksHere/Example]]
=== API changes in 1.19 ===
* Made action=edit less likely to return "unknownerror", by returning the actual error
message (which may have come from a hook call or similar).
* (bug 19838) siprop=interwikimap can now use the interwiki cache.
* (bug 29748) Add API search prefix support.
* (bug 29684) Set forgotten parameter types in ApiQueryIWLinks.
* (bug 29685) do not output NULL parentid with list=deletedrevs&drprop=parentid.
* siprop=interwikimap and siprop=languages can use silanguagecode to have
a best effort language name translation. Use CLDR extension for best result.
* (bug 30230) action=expandtemplates should not silently override invalid title
inputs.
* (bug 18634) Create API to fetch MediaWiki's language fallback tree structure.
* (bug 26885) Allow show/hide of account blocks, temporary blocks and single IP
address blocks for list=blocks.
* (bug 30591) Add support to only return keys in ApiAllMessages.
* The API now respects $wgShowHostnames and won't share the hostname in
severedby if it's set to false.
* wlexcludeuser parameter added to ApiFeedWatchlist.
* (bug 7304) Links on redirect pages no longer cause the redirect page to show
up as a redirect to the linked page on Special:Whatlinkshere.
* (bug 32609) API: Move captchaid/captchaword of action=edit from core
to Captcha extension(s).
* Added 'APIGetDescription' hook.
* (bug 32688) Paraminfo for parameter "generator" of the query module shows too
many types.
* (bug 32415) Empty page get no size attribute in API output.
* (bug 31759) Undefined property notice in querypages API.
* (bug 32495) API should allow purge by pageids.
* (bug 33147) API examples should explain what they do.
* (bug 33482) Api incorrectly calls ApiBase::parseMultiValue if allowed
values is given as an array.
* (bug 32948) {{REVISIONID}} and related variables are no longer blank after
calling action=purge&forcelinkupdate.
* (bug 34377) action=watch now parses messages using the correct title instead
of "API".
* (bug 35036) WikiLove messages were not automatically updated in JavaScript
after having been changed on-wiki due to a bug in core
=== Languages updated in 1.19 ===
MediaWiki supports over 350 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Bugzilla reports.
* Canadian English (en-ca) (new).
* Norwegian (bokmål) (nb) (renamed from no).
* Uighur (Latin) (ug-latn) was incorrectly marked as right-to-left language.
* (bug 30217) Make pt-br a fallback of pt.
* (bug 31193) Set fallback language of Assamese from Bengali to English.
* Update date format for dsb and hsb: month names need the genitive.
* (bug 28643) Serbian variant conversion improvements (Nikola Smolenski).
* (bug 29405, bug 30809) Lower diacritics are invisible in titles in Indic
languages Assamese, Bengali, Hindi, Malyalam and Odiya.
* (bug 32826) Titles in indic languages are partially cut.
* (bug 33367) Gendered namespaces for Czech.
* (bug 33014) Language::formatSize()/formatBitrate() should be able to deal
with larger numbers (tera-yotta).
=== Other changes in 1.19 ===
* BREAKING CHANGE: Legacy global array 'ta' and global function 'akeytt' have
been removed from wikibits.js.
* jquery.mwPrototypes module was renamed to jquery.mwExtension.
* The maintenance script populateSha1.php was renamed to the more concise
populateImageSha1.php.
* The Client-IP header is no longer checked for when trying to resolve a client's
real IP address.
* (bug 22096) Although IE5.x and below was already unsupported officially, stylesheets
existing exclusively for IE5.0 and IE5.5 have now been removed (which were in skins
'chick' and 'monobook').
* The constructor for CategoryView has changed, the second parameter is now a
Context source and is required.
* The Title::escape{Local,Full,Canonical}URL methods are deprecated, please use
proper html building methods to escape the normal get{...}URL methods instead.
* The $variant arguments in the Title::get{Local,Full,Link,Canonical}URL methods
have been replaced with a secondary query argument.
* The $variant argument in the hooks for the Title::get{Local,Full,Link,Canonical}URL
methods have been removed, the variant is now part of the $query argument.
* Removed Title::isValidCssJsSubpage(), deprecated since 1.17 in favor of
using Title::isCssJsSubpage() or checking Title::isWrongCaseCssJsPage().
* Support for the deprecated hook MagicWordMagicWords was removed.
* The Xml::namespaceSelector method has been deprecated, please use
Html::namespaceSelector instead (note that the parameters have changed also).
* (bug 33746) Preload popular ResourceLoader modules (mediawiki.util) as stop-gap
for scripts missing dependencies.
New configuration variable $wgPreloadJavaScriptMwUtil has been introduced for this
(set to false by default for new installations). Set to true if your wiki has a large
amount of user/site scripts that are lacking dependency information. In the short to
medium term these user/site scripts should be fixed by adding the used modules to the
dependencies in the module registry and/or wrapping them in a callback to mw.loader.using.
== MediaWiki 1.18 ==
== MediaWiki 1.18.5 ==
2012-08-30
This is a security release of the MediaWiki 1.18 branch
=== Changes since 1.18.4 ===
* (bug 39700) File: link to non-existing file can inject html
* (bug 39823) Hidden block text leaking to admins
* (bug 39184) LDAP password leakage
* (bug 39180) Disallow framing of api results
* (bug 37587) Enforce language codes to be html safe
* (bug 39824) Check global blocks on account creation
== MediaWiki 1.18.4 ==
2012-06-12
This is a security release of the MediaWiki 1.18 branch.
=== Changes since 1.18.3 ===
* (bug 36938) Correctly escape uselang attribute to prevent xss
* Expanded Blacklist for SVG Files
== MediaWiki 1.18.3 ==
2012-04-25
This is a maintenance release of the MediaWiki 1.18 branch.
=== Changes since 1.18.2 ===
* (bug 35446) Using "{{nse:}}" with an invalid namespace name no longer throws
a PHP warning.
* (bug 35567) The whole password reminder e-mail is now sent in the same language.
* (bug 35961) Hash comparison should always be strict.
* (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php
on line 598.
* Fix broken email confirmation expiration caused by MWCryptRand changes.
== MediaWiki 1.18.2 ==
2012-03-21
This is a maintenance and security release of the MediaWiki 1.18 branch.
=== Changes since 1.18.1 ===
* (bug 33686) could not get a list of contributor for an article when using
a SQLite database.
* (Bug 33865) Exception thrown in action=parse when attempting to use the title
parameter without setting the text parameter.
* UserMailer could potentially throw a fatal error when a MailAddress object had
an empty email address.
* (Bug 33087) Exchange server rejected mail sent by MediaWiki
* (bug 34528) Edit section tooltips show correction section name again
* (bug 34246) MediaWiki:Whatlinkshere-summary message is displayed again in
Special:Whatlinkshere
* (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in
core parser functions which operate on strings, such as formatnum.
* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token
parameter present.
* (bug 34907) Fixed exposure of tokens through load.php that could have facilitated
CSRF attacks.
* (bug 35317) CSRF in Special:Upload.
== MediaWiki 1.18.1 ==
2012-01-11
This a maintenance and security release of the MediaWiki 1.18 branch.
=== Changes since 1.18.0 ===
* (bug 32712) Fix for search indexing of pages with certain unicode chars following URL.
* (bug 3901) Lang, hreflang attribs added to sidebar interlanguage links for screen readers.
* (bug 30774) mediawiki.html: Add support for numbers and booleans in the
attribute values and element contents.
* (bug 32473) [[Special:PasswordReset]] can not be used on private wiki.
* (bug 32853) Fixed CACHE_DBA object cache type.
* (bug 32786) Backward compatibility for extension using 1.17's Database::newFromType().
* Fixed exception when using Special:WhatLinksHere on a Media: file.
* (bug 32709) Private Wiki users were always taken to Special:Badtitle on login.
* (bug 33240) Sort images are missing but referenced in css.
* (bug 31921) Magic words REVISIONDAY, REVISIONMONTH and REVISIONYEAR were
not showing their values on preview.
* (bug 32702) Removed method Skin::makeGlobalVariablesScript() has been readded
for backward compatibility.
* (bug 30172) The check for posix_isatty() in maintenance scripts did not detect
when the function exists but is disabled. Introduced Maintenance::posix_isatty().
* (bug 33305) Make mw.util.addCSS resistant to IE's @font-face bug by setting
cssText after DOM insertion.
* (bug 29102) Upgrades no longer fail with the error "Unknown character set: 'mysql4'.
* (bug 25355) Parser generates edit section links for special pages.
* (bug 33321) Adding a line to MediaWiki:Sidebar that contains a pipe, but doesn't
have any pipes after being transformed by MessageCache, causes exception on
all pages.
* Fixed recentchanges FK violation on page delete and cache purge error in updater
for Oracle DB.
* (bug 33117) prop=revisions allows deleted text to be exposed through cache pollution.
== MediaWiki 1.18.0 ==
2011-11-24
This is the first stable release of the MediaWiki 1.18 branch.
=== Summary of selected changes in 1.18 ===
Selected changes since MediaWiki 1.17 that may be of interest:
* Some of the more commonly used MediaWiki extensions are now included in the
release tarball. These extensions are ConfirmEdit, Gadgets, Nuke, ParserFunctions,
Renameuser, Vector and WikiEditor.
* Gender support has been improved, meaning user pages can display the correct gender
variant of "User" can now be used.
* MediaWiki can now detect the camera orientation of an image from the Exif metadata, and
can rotate the image thumbnail appropriately. Metadata support has been generally
improved, and can now extract IPTC and XMP metadata.
* Improved directionality support in 1.18 means that MediaWiki is better to use for
RTL users.
* MediaWiki now supports protocol - relative URLs in links, interwiki targets and $wgServer
* Math support has been removed from core
=== Changes since 1.18.0rc1 ===
* (bug 32228) regression in Special:Search which did not conserve profile on new search
* (bug 32460) Categories were improperly aligned in Simple and CologneBlue
* (bug 32412) TOC links on [[Special:EditWatchlist]] points to the fieldsets
* (bug 32582) Fix TOC show/hide link regression on IE 8
=== Changes since 1.18 beta 1 ===
* (bug 31886) Wrong titles redirecting to Special:Badtitle in the 1.18 deployment.
* (bug 32051) Fix description for wlprop=sizes.
* (bug 31913) Special:MostLinkedTemplates had an incorrect GROUP BY clause
under Microsoft SQL.
* (bug 32100) installer complains about suhosin GET limit.
* (bug 31933) fix 1.18 regression in Monobook sidebar: huge spacing between portlets
on IE 7 and IE 8/9 in compatibility view.
* (bug 32126) Fix 1.18 regression in watchlist editor when items already removed
from watchlist.
* (bug 32183) remove the client-* classes added from user-agent-sniffing onto
the <html> element.
* (bug 29912) Unit tests break if parsertest tables are still present.
* (bug 31694) During installation, tabbing order (cursor focus) goes to logo
instead of 'continue'.
* (bug 29102) Upgrade fails "Unknown character set: 'mysql4".
* (bug 31990) justify paragraphs pref adds extra space to category listing.
* (bug 20148) Better title for [[Special:Disambiguations]] page.
* (bug 31502) TOC is missing on Special:EditWatchlist.
* (bug 32256) API list=search stops at first invalid result.
* (bug 32047) jquery.tablesorter.js: thead is before caption.
* (bug 29854) Store protocol-relative links twice in the externallinks table,
one with http: in el_index and once with https.
* (bug 31822) Error during upgrade due to output buffer reset in stdout.
=== Configuration changes in 1.18 ===
* The WantedPages::getSQL hook has been removed and replaced with
WantedPages::getQueryInfo. This may break older extensions.
* The SkinTemplateBuildContentActionUrlsAfterSpecialPage,
SkinTemplateContentActions and SkinTemplateTabs hooks have been removed in
favor of SkinTemplateNavigation and SkinTemplateNavigation::SpecialPage.
* $wgUseCombinedLoginLink controls whether to output a combined
login / create account link in the personal bar, or to output separate login
and create account links.
* Skin names are no longer created based on a ucfirst version of the key in
$wgValidSkinNames but now the value. This means for
$wgValidSkinNames["monobook"] = "MonoBook"; the skin loader will no longer try
loading SkinMonobook and will instead load SkinMonoBook.
* $wgMaxUploadSize may now be set to an array to specify the upload size limit
per upload type.
* $wgAPICacheHelp added in 1.16 is now removed. To disable API help caching, set
$wgAPICacheHelpTimeout = 0;
* OutputPage::isUserJsAllowed() no longer returns false when scripts are allowed
by the page, but $wgAllowUserJs is set to false.
* Pure "Skin" class based custom skins are no longer supported, all custom skins
should be put together using SkinTemplate and BaseTemplate or QuickTemplate.
* The transliteration for passwords in case they were migrated from an old
Latin-1 install (previous to MediaWiki 1.5) is now only done for wikis with
$wgLegacyEncoding set.
* (bug 27508) Add $wgSVGMetadataCutoff to limit the maximum amount of an SVG we
look at when finding metadata to prevent excessive resource usage.
* $wgSysopUserBans and $wgSysopRangeBans (deprecated in 1.17) are now removed.
Use $wgBlockCIDRLimit = array( 'IPv4' => 43, 'IPv6' => 128 ) to achieve the
same functionality as $wgSysopRangeBans; you can use the BlockIp hook to
replicate $wgSysopUserBans functionality.
* The options on the block form have been standardised such that checking a box
makes the block 'more serious'; so while "check to prevent account creation"
and "check to enable autoblock" remain the same, "check to allow user-talk
edit" is reversed to "check to *disable* user-talk edit", and "check to block
anon-only" becomes "check to block logged-in users too". The default settings
remain the same.
* Most of the field names on the Special:Block form have been changed, which
will probably break screen-scraping bots.
* (bug 26866) The 'trackback' right is no longer granted to sysops by default.
$wgUseTrackbacks is already false by default.
* (bug 17009) the hiddenStructure CSS class, a highly hackish way of at least
*appearing* to hide article elements, has been removed. Use the
ParserFunctions extension to actually remove unwanted elements from the
output.
* (bug 14202) $wgUseTeX has been superseded by the Math extension. To re-enable
math conversion after upgrading, obtain the Math extension from SVN or from
http://www.mediawiki.org/wiki/Extension:Math and add to LocalSettings.php:
require_once "$IP/extensions/Math/Math.php";
* $wgProfiler is now a configuration array, see StartProfiler.sample for
details.
* $wgProfiling has been removed.
* The spyc library is now no longer included in phase3.
* (bug 28343) Unused preferences contextlines/contextchars have been removed
* $wgSkinExtensionFunctions has been removed. Use $wgExtensionFunctions instead.
* $wgProto has been removed. You now only need to set $wgServer to change the
URL protocol.
* $wgRateLimitsExcludedGroups (deprecated in 1.13) has been removed.
* $wgInputEncoding and $wgOutputEncoding (deprecated in 1.5) have now been removed.
* $wgAllowUserSkin (deprecated in 1.16) has now been removed.
* $wgExtraRandompageSQL (deprecated in 1.16) has now been removed.
* LogReader and LogViewer classes (deprecated in 1.14) have now been removed.
* (bug 26033) Added $wgArticleCountMethod to select the method to use to say
whether a page is an article or not. $wgUseCommaCount is now deprecated.
* $wgEnableDublinCoreRdf and $wgEnableCreativeCommonsRdf no longer work in core,
and the functionality has been moved to the relevant extensions. See
http://www.mediawiki.org/wiki/Extension:DublinCoreRdf and
http://www.mediawiki.org/wiki/Extension:CreativeCommonsRdf as appropriate.
* (bug 21107) Split error "customcssjsprotected" into separate messages for JS and CSS
* Removed $wgCheckCopyrightUpload from DefaultSettings, since the relevant feature
was removed in about 1.5.
* LogPageValidTypes, LogPageLogName, LogPageLogHeader and LogPageActionText
hooks have been removed.
* New hook "Collation::factory" to allow extensions to create custom