| blob | fa7d9ca0b7a047bd9a96815cd3c5d03cbed96479 |
1 == MediaWiki 1.28 ==
3 THIS IS NOT A RELEASE YET
5 MediaWiki 1.28 is an alpha-quality branch and is not recommended for use in
6 production.
8 === Configuration changes in 1.28 ===
9 * BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests
10 made by MediaWiki via a proxy. Relying on the http_proxy environment
11 variable is no longer supported.
12 * The load.php entry point now enforces the existing policy of not allowing
13 access to session data, which includes the session user and the session
14 user's language. If such access is attempted, an exception will be thrown.
15 * The number of internal PBKDF2 iterations used to derive the session secret
16 is configurable via $wgSessionPbkdf2Iterations.
17 * Upload dialog's file upload log comment can now be configured separately for
18 local and foreign uploads.
19 * $wgForeignUploadTargets now defaults to `[ 'local' ]`, where `'local'`
20 signifies local uploads. A value of `[]` (empty array) now means that
21 no upload targets are allowed, effectively disabling the upload dialog.
22 * The deprecated $wgEditEncoding variable has been removed; it was only used
23 for Esperanto language character conversion. You are now recommended to use
24 input methods provided by the UniversalLanguageSelector extension.
25 * When $wgPingback is true, MediaWiki will periodically ping
26 https://www.mediawiki.org/beacon with basic information about the local
27 MediaWiki installation. This data includes, for example, the type of system,
28 PHP version, and chosen database backend. This behavior is off by default.
29 * When $EditSubmitButtonLabelPublish is true, MediaWiki will label the button
30 to store-to-database-and-show-to-others as "Publish page"/"Publish changes";
31 if false, the default, they will be "Save page"/"Save changes".
33 === New features in 1.28 ===
34 * User::isBot() method for checking if an account is a bot role account.
35 * Added a new 'slideshow' mode for galleries.
36 * Added a new hook, 'UserIsBot', to aid in determining if a user is a bot.
37 * Added a new hook, 'ApiMakeParserOptions', to allow extensions to better
38 interact with API parsing.
39 * Added a new hook, 'UploadVerifyUpload', which can be used to reject a file
40 upload. Unlike 'UploadVerifyFile' it provides information about upload comment
41 and the file description page, but does not run for uploads to stash.
42 * (T141604) Extensions can now provide a better error message when their
43 maintenance scripts are run without the extension being installed.
44 * (T8948) Numeric sorting in categories is now supported by setting $wgCategoryCollation
45 to 'uca-default-u-kn' or 'uca-<langcode>-u-kn'. If you can't use UCA collations,
46 a 'numeric' collation is also available. If migrating from another
47 collation, you will need to run the updateCollation.php maintenance script.
48 * Two new codes have been added to #time parser function: "xit" for days in current
49 month, and "xiz" for days passed in the year, both in Iranian calendar.
50 * mw.Api has a new option, useUS, to use U+001F (Unit Separator) when
51 appropriate for sending multi-valued parameters. This defaults to true when
52 the mw.Api instance seems to be for the local wiki.
54 === External library changes in 1.28 ===
56 ==== Upgraded external libraries ====
57 * Updated es5-shim from v4.1.5 to v4.5.8
59 ==== New external libraries ====
61 ==== Removed and replaced external libraries ====
63 === Bug fixes in 1.28 ===
64 * (T137264) SECURITY: XSS in unclosed internal links
65 * (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks
66 * (T133147) SECURITY: Require login to preview user CSS pages
67 * (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is
68 the top file
69 * (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
70 permissions
71 * (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true
72 * (T139670) Move 'UserGetRights' call before application of
73 Session::getAllowedUserRights()
75 === Action API changes in 1.28 ===
76 * Added 'maxarticlesize' property to action=query&meta=siteinfo which contains
77 the value of $wgMaxArticleSize.
78 * Property 'modulemessages' from action=parse&prop=modules was removed
79 (deprecated since 1.26).
80 * The following response properties from action=login, deprecated in 1.27, are
81 now removed: lgtoken, cookieprefix, sessionid. Clients should handle cookies
82 to properly manage session state.
83 * Submitting the lgtoken and lgpassword parameters in the query string to
84 action=login is now deprecated and outputs a warning. They should be submitted
85 in the POST body instead.
86 * Submitting sensitive authentication request parameters to action=clientlogin,
87 action=createaccount, action=linkaccount, and action=changeauthenticationdata
88 in the query string is now deprecated and outputs a warning. They should be
89 submitted in the POST body instead.
90 * (T141960) Multi-valued parameters may now be separated using U+001F (Unit Separator)
91 instead of the pipe character. This will be useful if some of the multiple
92 values need to contain pipes, e.g. for action=options.
93 * The API will now warn if input is not NFC-normalized Unicode or if it
94 contains invalid characters.
95 * The 'normalized' list output by action=query and other modules that use
96 ApiPageSet may contain entries where the 'from' value is percent-encoded as
97 the raw value cannot be represented in a valid API response. These are
98 indicated by a 'fromencoded' boolean alongside the existing 'from' parameter.
99 * (T28680) action=paraminfo can now return info about all submodules of a
100 module without listing them all explicitly.
102 === Action API internal changes in 1.28 ===
103 * Added a new hook, 'ApiMakeParserOptions', to allow extensions to better
104 interact with ApiParse and ApiExpandTemplates.
105 * (T139565) SECURITY: API: Generate head items in the context of the given title
106 * (T115333) SECURITY: Check read permission when loading page content in ApiParse
108 === Languages updated in 1.28 ===
110 MediaWiki supports over 350 languages. Many localisations are updated
111 regularly. Below only new and removed languages are listed, as well as
112 changes to languages because of Phabricator reports.
114 * (T137411) ban (Balinese), thanks to translators Adi Mayndra, Andru,
115 BASAbali, M. Adiputra, Naval Scene, Nemo bis, NoiX180, and 아라.
116 * (T135867) shn (Shan), thanks to translators Khun Sar, Piangpha,
117 Saiddzone Saimawnkham, Saosukham, and Sengwan.
118 * Czech (cs) and Slovak (sk) set as reciprocal fallbacks
120 === Other changes in 1.28 ===
121 * (T128697) Improved handling of large diffs.
122 * [BREAKING CHANGE] $wgExtendedLoginCookies has been removed. You can
123 use or update a custom session provider if needed.
124 * Deprecated APIEditBeforeSave hook in favor of EditFilterMergedContent.
125 * The 'UploadVerification' hook is deprecated. Use 'UploadVerifyFile' instead.
126 * SiteConfiguration::isLocalVHost() was removed (deprecated since 1.25).
127 * The 'UserLoginComplete' hook has a new parameter to differentiate between actual
128 login and visiting the login page while already logged in.
129 * ResourceLoader::makeLoaderURL() was removed (deprecated since 1.24).
130 * $.fn.liveAndTestAtStart was removed (deprecated since 1.24).
131 * mw.util.tooltipAccessKeyPrefix was removed (deprecated since 1.24).
132 * mw.util.tooltipAccessKeyRegexp was removed (deprecated since 1.24).
133 * Linker::link() and Linker::linkKnown() were deprecated; please instead use
134 MediaWiki\Linker\LinkRenderer. In addition, the LinkBegin and LinkEnd hooks
135 were replaced by HtmlPageLinkRendererBegin and HtmlPageLinkRendererEnd
136 respectively. See docs/hooks.txt for the specific changes needed for those hooks.
137 * Aliases for Linker methods, deprecated since 1.21, were removed from Skin:
138 * Skin::commentBlock() (use Linker::commentBlock() instead)
139 * Skin::generateRollback() (use Linker::generateRollback() instead)
140 * Skin::link() (use MediaWiki\Linker\LinkRenderer instead)
141 * Skin::linkKnown() (use MediaWiki\Linker\LinkRenderer instead)
142 * Skin::userLink() (use Linker::userLink() instead)
143 * Skin::userToolLinks() (use Linker::userToolLinks() instead)
144 * The 'ParserLimitReportFormat' hook was removed.
145 * Disabled "bug 2702" HTML tidying of parsed UI messages on wikis where Tidy is
146 disabled.
147 * DifferenceEngine::generateDiffBody() was removed (deprecated since 1.21).
148 * UploadBase::stashFileGetKey() and UploadBase::stashSession() were deprecated.
149 Use ...->stashFile()->getFileKey() instead.
150 * "Public domain" was removed as a wiki license option from the installer, in
151 favour of CC-0.
152 * AuthenticationRequest::$required is now changed from REQUIRED to PRIMARY_REQUIRED
153 on requests needed by primary providers even if all primaries need them.
154 Primary providers are discouraged from returning multiple REQUIRED requests.
155 * OOjs UI PHP widgets constructed with the `'infusable' => true` config option
156 will no longer be automatically infused. You should call `OO.ui.infuse()`
157 on them yourself from your JavaScript code.
159 == Compatibility ==
161 MediaWiki 1.28 requires PHP 5.5.9 or later. There is experimental support for
162 HHVM 3.6.5 or later.
164 MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but
165 support for them is somewhat less mature. There is experimental support for
166 Oracle and Microsoft SQL Server.
168 The supported versions are:
170 * MySQL 5.0.3 or later
171 * PostgreSQL 8.3 or later
172 * SQLite 3.3.7 or later
173 * Oracle 9.0.1 or later
174 * Microsoft SQL Server 2005 (9.00.1399)
176 == Upgrading ==
178 1.28 has several database changes since 1.27, and will not work without schema
179 updates. Note that due to changes to some very large tables like the revision
180 table, the schema update may take quite long (minutes on a medium sized site,
181 many hours on a large site).
183 If upgrading from before 1.11, and you are using a wiki as a commons
184 repository, make sure that it is updated as well. Otherwise, errors may arise
185 due to database schema changes.
187 If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
188 new database fields are filled with data.
190 If you are upgrading from MediaWiki 1.4.x or earlier, you should upgrade to
191 1.5 first. The upgrade script maintenance/upgrade1_5.php has been removed
192 with MediaWiki 1.21.
194 Don't forget to always back up your database before upgrading!
196 See the file UPGRADE for more detailed upgrade instructions.
198 For notes on 1.27.x and older releases, see HISTORY.
200 == Online documentation ==
202 Documentation for both end-users and site administrators is available on
203 MediaWiki.org, and is covered under the GNU Free Documentation License (except
204 for pages that explicitly state that their contents are in the public domain):
206 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
208 == Mailing list ==
210 A mailing list is available for MediaWiki user support and discussion:
212 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
214 A low-traffic announcements-only list is also available:
216 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
218 It's highly recommended that you sign up for one of these lists if you're
219 going to run a public MediaWiki, so you can be notified of security fixes.
221 == IRC help ==
223 There's usually someone online in #mediawiki on irc.freenode.net.