1 Change notes from older releases. For current info, see RELEASE-NOTES-1.42.
5 PHP 8.0 workboard: https://phabricator.wikimedia.org/tag/php_8.0_support/
6 PHP 8.1 workboard: https://phabricator.wikimedia.org/tag/php_8.1_support/
7 PHP 8.2 workboard: https://phabricator.wikimedia.org/tag/php_8.2_support/
8 PHP 8.3 workboard: https://phabricator.wikimedia.org/tag/php_8.3_support/
10 == MediaWiki 1.41.0 ==
12 === Changes since MediaWiki 1.41.0-rc.0 ===
13 * Localisation updates.
14 * Update wikimedia/parsoid to 0.18.0.
15 * (T351758) DEVELOPERS.md: reword WSL instructions to include best practices.
16 * (T350615) PoolCounterConnectionManager: Add support for ipv6.
17 * (T321234) Make MagicWordArray not fail on old revs with broken UTF-8.
18 * thumb: Fix "PHP Deprecated: strlen(): Passing null to parameter".
19 * (T344971) Maintenance: Fix RebuildTextIndex.
20 * (T327007) htmlform: Correct validation for file input field.
22 == MediaWiki 1.41.0-rc.0 ==
24 == Upgrading notes for 1.41 ==
25 Don't forget to always back up your database before upgrading!
27 See the file UPGRADE for more detailed per-version upgrade instructions from the
28 oldest supported upgrading version, MediaWiki 1.35.
30 Some specific notes for MediaWiki 1.41 upgrades are below:
31 * (T178356) MediaWiki now requires browsers to support ES6 for them to receive
32 JavaScript, up from ES5. In practice, this primarily means that users of
33 Internet Explorer 11 (EOL in 2022) will no longer get JavaScript tools.
35 For notes on 1.40.x and older releases, see HISTORY.
37 === Configuration changes for system administrators in 1.41 ===
38 * $wgGroupPermissions: The 'purge' permission is now considered an
39 implicit right that can be rate limited, but not revoked. This has
40 effectively already been the case for a long time, see T291316.
42 ==== New configuration ====
43 * $wgPrivilegedGroups – Users belonging in some of the listed groups will be
44 audited more aggressively.
45 * $wgPageLinksSchemaMigrationStage – This temporary flag lets you control the
46 migration stage for converting the pagelinks database table into normal form.
47 * $wgExternalLinksDomainGaps – Can be used by large wikis to optimize certain
48 external link queries.
49 * $wgResourceLoaderEnableSourceMapLinks - Add a SourceMap header to
50 ResourceLoader responses for JavaScript modules (T47514).
51 * $wgVirtualDomainsMapping - Mapping of virtual domains to other dbs. It's
52 useful to get connection to the external cluster.
54 ==== Changed configuration ====
55 * $wgAuthManagerAutoConfig – When using this setting to modify the
56 authentication system in MediaWiki, the classes
57 TemporaryPasswordPrimaryAuthenticationProvider,
58 LocalPasswordPrimaryAuthenticationProvider and
59 EmailNotificationSecondaryAuthenticationProvider now require
60 DBLoadBalancerFactory, not DBLoadBalancer, as a service.
61 * $wgUseFileCache is no longer used for ResourceLoader module caching.
62 * $wgLBFactoryConf['secret'] has been replaced by $wgChronologyProtectorSecret.
64 ==== Removed configuration ====
65 * $wgCommentTempTableSchemaMigrationStage – This temporary flag did let you
66 control the migration stage for the temporary comment database table, from
68 * $wgExternalLinksSchemaMigrationStage – This temporary flag did let you
69 control the migration stage for the externallinks database table.
70 * $wgParserOutputHooks - This array interacted with
71 ParserOutput::addOutputHook(), which has been deprecated since 1.38 and was
72 removed in this release.
74 === New user-facing features in 1.41 ===
75 * Special:RandomPage can now take multiple namespaces in its URL, split by ','.
76 * The aria-level HTML attribute is now allowed in wikitext by the Sanitizer.
78 === New features for sysadmins in 1.41 ===
79 * $wgDBssl can now enabled in the installer when the database type is
80 Postgres or MariaDB/MySQL (T335828).
81 * MWHttpRequest will forward 'tracestate' and/or 'traceparent' headers when
82 those are present in the original request and $wgAllowExternalReqID is set
84 * MultiHttpClient will send X-Request-Id header and additionally will forward
85 'tracestate' and/or 'traceparent' headers when those are present in the
86 original request and $wgAllowExternalReqID is set to true.
88 === New developer features in 1.41 ===
89 * Added ForeignResourcesDir extension.json / skin.json attribute, which should
90 point to the directory holding your foreign-resources.yaml file. See
91 https://www.mediawiki.org/wiki/Foreign_resources for background.
92 * Added PrivilegedGroups attribute for extension.json / skin.json, which lets
93 you add any new user groups you define to wgPrivilegedGroups (see above).
94 * Added a .gitmessage commit template. To use it, run:
95 `git config commit.template .gitmessage`
96 * A new hook, TextSlotDiffRendererTablePrefixHook, has been added to allow
97 extensions to add content within #mw-content-text but after the
98 DifferenceEngineViewHeader or DifferenceEngineShowDiffPage hooks have been
99 run. The new hook is used to add elements within a horizontal display area,
100 where their order can be explicitly set. Examples of uses for this include
101 adding the VisualEditor diff-type switch, and the legend for inline diffs that
102 is displayed if Wikidiff2 is installed.
103 * validation callbacks for HTMLForm fields can now return Status objects.
104 HTMLForm::validate will convert good Status instances to true and Status
105 instances to a string containing a list with the errors.
106 * ?action=rollback, if successful, will fire core's postEdit JavaScript hook;
107 for now, we do *not* display a success message to the user via mw.notify(),
108 as the RollbackAction form's success page is already shown
109 * MultiHttpClient constructor will accept `headers` property which defines a
110 set of headers attached to every request performed by the client.
111 * New `Wikimedia/Http/TelemetryHeadersInterface` interface that provides a
112 telemetry information which could be attached to HTTP Requests
113 * Wikimedia/Http/TelemetryHeadersInterface can be passed to MultiHttpClient
114 via 'telemetry' option.
115 * UserRegistrationLookup adds support for multiple kinds of registration dates
116 Extensions providing support for wiki-farm can use this to provide a global
117 registration date (across all wikis), for example.
118 * When $wgUseXssLanguage is set to true (enabled by default in
119 DevelopmentSettings.php), ?uselang=x-xss can be used to easily test
120 whether all messages are being escaped correctly.
121 * Html::noticeBox accepts new optional parameters, 'heading' & 'iconClassName'.
122 'heading' allows to pass an string as title; 'iconClassName' overwrites the
125 === External library changes in 1.41 ===
127 ==== New external libraries ====
128 * Added pinia at v2.0.16.
129 * Added symfony/polyfill-php81 at v1.28.0.
130 * Added symfony/polyfill-php82 at v1.28.0.
131 * Added symfony/polyfill-php83 at v1.28.0.
133 ==== Changed external libraries ====
134 * Updated codex, codex-design-tokens and codex-icons
135 from v0.6.2 to v1.0.0.
136 * Updated guzzlehttp/guzzle from 7.5.0 to 7.5.3.
137 * Updated jQuery from v3.6.1 to v3.7.0.
138 * Updated justinrainbow/json-schema from 5.2.12 to v5.2.13.
139 * Updated Mustache from 3.0.1 to 4.2.0.
140 * Updated OOjs from 6.0.0 to 7.0.1.
141 * Updated OOUI from v0.46.3 to v0.48.1.
142 * Updated pear/mail from 1.5.0 to 1.5.1.
143 * Updated symfony/polyfill-php82 from v1.27.0 to v1.28.0.
144 * Updated symfony/yaml from v5.4.17 to v5.4.23.
145 * Updated wikimedia/bcp-47-code from 1.0.0 to 2.0.0.
146 * Updated wikimedia/common-passwords from 0.4.0 to 0.5.0.
147 * Updated wikimedia/composer-merge-plugin from 2.0.1 to 2.1.0.
148 * Updated wikimedia/html-formatter from 3.0.1 to 4.0.3.
149 * Updated wikimedia/ip-utils from 4.0.0 to 5.0.0.
150 * Updated wikimedia/less.php from 4.0.0 to 4.1.1.
151 * Updated wikimedia/minify from 2.3.0 to 2.5.1.
152 * Updated wikimedia/remex-html from 3.0.3 to 4.0.1.
153 * Updated wikimedia/timestamp from 4.1.0 to 4.1.1.
154 * Updated wikimedia/utfnormal from 3.0.2 to 4.0.0.
156 ===== Changed development-only external libraries =====
157 * Updated mediawiki/mediawiki-codesniffer from 41.0.0 to 42.0.0.
158 * Updated mediawiki/mediawiki-phan-config from 0.12.1 to 0.13.0.
160 ==== Removed external libraries ====
161 * jquery.hoverIntent was removed.
162 * codex-search was removed, it's part of codex now.
163 * wikimedia/ip-set was removed, it's part of wikimedia/ip-utils now.
164 * jquery.color was removed.
165 * jquery.fullscreen was removed.
166 * jquery.form was removed.
168 === Action API changes in 1.41 ===
169 * (T322944) `Authorization` was added to the default list of headers
170 allowed for cross-origin API requests ($wgAllowedCorsHeaders).
172 === Languages updated in 1.41 ===
173 MediaWiki supports over 350 languages. Many localisations are updated regularly.
174 Below only new and removed languages are listed, as well as changes to languages
175 because of Phabricator reports.
177 * (T345807) Added language support for Karekare (kai).
178 * (T333765) Removed language support for Akan (Ak).
179 * (T332113) Added language support for Northern Hindko (hno).
180 * (T333425) Added language support for Iraqi (Mesopotamian) Arabic (acm).
181 * (T336919) Added language support for Crimean Tatar (Romania) (crh-ro).
182 * (T338416) Added language support for Betawi (bew).
183 * (T341545) Added language support for West Coast Bajau (a.k.a. Sama; bdr).
184 * (T332118) Namespace translations for Angika (anp) were added
185 * (T341942) The autonym of the Buginese language is changed to the Latin-script
186 name "Basa Ugi", and the localization in the language code "bug" is now only
187 in the Latin script. It's possible to add localization in the Lontara script
188 in translatewiki under the code "bug-bugi".
189 * (T341943) Main Page name translation was changed from "Leppa Indoë"
190 to "Watangpola". If you manage a wiki in this language, make sure that
191 links to the main page are correctly updated. See
192 https://translatewiki.net/w/i.php?title=Support&oldid=11723654#Change_MediaWiki:Mainpage/bug
194 === Breaking changes in 1.41 ===
195 * Article::doDelete(), deprecated since 1.37, has been removed.
196 * CommentStore::getStore(), deprecated since 1.31, has been removed.
197 * Article::getRedirectHeaderHtml() no longer accepts an array as $target.
198 Passing an array was deprecated in 1.39. (The method itself has also
200 * BagOStuff::addBusyCallback(), deprecated since 1.39, has been removed.
201 * IExpiringStore has been removed, use either ExpirationAwareness or
202 StorageAwareness constants instead.
203 * IDatabase::wasErrorReissuable(), deprecated since 1.40, has been removed.
204 * IDatabase::lastQuery and IReadableDatabase::lastQuery, deprecated in 1.40,
206 * Database::queryMulti(), unused, has been removed without deprecation.
207 The protected Database::doMultiStatementQuery method was removed, and the
208 protected Database::executeQuery method signature was changed to take
209 Query object as argument instead of a raw SQL string.
210 * Database::unionConditionPermutations(), unused, has been removed without
212 * SimpleSearchResultSetWidget and SimpleSearchResultWidget classes, deprecated
213 in 1.31, have been removed.
214 * Database::factory(), deprecated in 1.39, has been removed.
215 * Calling IDatabase::delete() or IDatabase::update() with empty conditions
216 has been deprecated since 1.35. This now throws an error.
217 * Maintenance::shutdown() has been moved over into the MaintenanceRunner class
219 * The following DatabasePostgres methods were unused and have been removed:
220 - ::currentSequenceValue()
223 * The following IDatabase methods were unused and removed without deprecation:
225 - ::wasConnectionLoss()
226 * Database::getTempTableWrites(), previously protected, is now private.
227 * DatabasePostgres class parameter "keywordTableMap", deprecated since 1.37,
229 * Database::doUpsert() and ::doReplace() have been removed without deprecation.
230 Subclasses should override ::upsert() or ::replace() respectively.
231 * SelectQueryBuilder::lockForUpdate(), deprecated in 1.40 and unused,
232 has been removed without hard deprecation.
233 * TransactionProfiler::setSilenced() deprecated in 1.40, has been removed.
234 * ILoadBalancer::closeConnection, unused, has been removed without deprecation.
235 * ILoadBalancer::waitFor, unused, has been removed without deprecation.
236 * ILBFactory::resolveDomainID and ::getChronologyProtectorTouched, unused,
237 have been removed without deprecation.
238 * The following methods have been moved from ILoadBalancer to
239 ILoadBalancerForOwner:
240 - ::redefineLocalDomain()
241 - ::hasPrimaryConnection()
242 - ::setIndexAliases()
243 * LBFactory::makeCookieValueFromCPIndex() and ::getCPInfoFromCookieValue()
244 has been moved to ChronologyProtector class without backward compatability
245 as they are not supposed to be used outside of core.
246 * MWHttpRequest::factory(), deprecated since 1.34, has been removed.
247 * The Http class, deprecated since 1.34, with the functions ::request(),
248 ::get(), ::post(), ::userAgent(), ::isValidURI(), ::getProxy(),
249 ::createMultiClient() have been removed.
250 * WikiPage::factory(), ::newFromID() and ::newFromRow, deprecated in 1.36,
252 * Maintenance::$mArgList, ::shouldExecute(), ::setAgentAndTriggers(),
253 ::adjustMemoryLimit(), ::globals(), and ::loadSettings() have been removed.
254 * The GenericArrayObject class, deprecated in 1.40,
256 * The $replace parameter has been removed from HookContainer::scopedRegister.
257 This parameter was unused outside core, and the functionality was intended
259 * PrevNextNavigationRenderer class, deprecated in 1.39,
261 * class alias MediaWiki\User\WatchlistNotificationManager, deprecated in 1.36,
263 * MediaWikiServices::getWatchlistNotificationManager(), deprecated in 1.36,
265 * Interface MediaWiki\Hook\ParserTestTablesHook, deprecated in 1.36,
267 * The NewPagesLineEndingHook now takes NewPagesPager instead of
268 SpecialNewpages as first argument.
269 * The following methods in the Title class, deprecated since 1.37, have been
271 - ::areCascadeProtectionSourcesLoaded()
272 - ::areRestrictionsCascading()
273 - ::areRestrictionsLoaded()
274 - ::getAllRestrictions()
275 - ::getCascadeProtectionSources()
276 - ::getFilteredRestrictionTypes()
277 - ::getRestrictionExpiry()
278 - ::getRestrictionTypes()
279 - ::getRestrictions()
280 - ::isCascadeProtected()
282 - ::isSemiProtected()
283 - ::loadRestrictionsFromRows()
284 * Global function wfShowingResults, deprecated in 1.40, has been removed.
285 * Global function wfClearOutputBuffers, deprecated in 1.36, has been removed.
286 * LinkBatch::__construct() now requires that all parameters be passed. The
287 fallback to MediaWikiServices emitted deprecation notices since 1.35.
288 * The methods IndexPager::getPagingLinks(), IndexPager::getLimitLinks() and
289 IndexPager::buildPrevNextNavigation(), deprecated in 1.39,
291 * Overriding the method IndexPager::makeLink(), deprecated in 1.39,
292 is no longer possible.
293 * MagicWordFactory::getCacheTime() is deprecated and returns -1.
294 * Various mediawiki.less mediawiki.ui variables, deprecated in 1.35, have been
295 removed. See also below that the remaining mediawiki.ui variables are now also
297 * Calling getId() on an AbstractBlock from the wrong wiki, deprecated since
298 1.38, now throws an exception.
299 * SQLite no longer supports raw MySQL queries.
300 * The following functions from the mediawiki.mixins Less import, deprecated
301 since 1.37, have been removed: .transition(), .transition-transform(),
302 .transform() and .transform-origin().
303 * Support was dropped for skins with paths relative to core which has been
304 sending deprecation notices since 1.37. The skin `templateDirectory` key
305 should now always be relative to the skin.
306 * The Skin public thisquery property was removed without deprecation. Only
307 one skin was known to use it and that has been patched accordingly.
308 * The jquery.tipsy module, deprecated since 1.28, has now been removed.
309 * NamespaceInfo::getRestrictionLevels(), deprecated in 1.34, has been removed.
310 Use PermissionManager::getNamespaceRestrictionLevels() instead.
311 * Proto-relative external links are now stored and indexed only as HTTPS
312 instead of two rows, one for HTTP and one for HTTPS.
313 * MediaWikiIntegrationTestCase::getTestUser(), ::getTestSysop(), and
314 ::getMutableTestUser() have been made protected and non-static.
315 * MediaWikiIntegrationTestCase::$supportedDBs has been changed to a private
317 * MediaWikiIntegrationTestCase::addCoreDBData() has been deprecated. The method
318 is now a no-op and is no longer called. Tests should create the fixtures
320 * Saving preferences for a temporary user now throws an error (e.g. via
321 UserOptionsManager::saveOptions)
322 * ApiQuery::getNamedDB() and ApiQueryBase::selectNamedDB(), deprecated in
323 1.39, have been removed.
324 * ChangeTags::addTagsAccompanyingChangeWithChecks() and
325 ChangeTags::undefineTag() unused everywhere, have been removed without
327 * Usage of MediaWiki::preOutputCommit() with the $postCommitWork arg has been
328 dropped. It's no longer used.
329 * SkinTemplateNavigation and SkinTemplateNavigation::SpecialPage hooks,
330 deprecated in 1.39, have been removed.
331 * The PersonalUrls hook, deprecated in 1.39, has been removed.
332 * OutputPage::getCSPNonce(), soft deprecated in 1.35, now emits deprecation
334 * Support of the third parameter of LogEventsListGetExtraInputs hook,
335 deprecated since 1.32, has been removed.
336 * JobSpecification::getTitle(), deprecated in 1.37, has been removed.
337 * The module mw.ui.anchor has been removed. Projects that need it should
338 maintain a local copy or use the Codex link mixin. More information
340 * ParsoidCachePrewarmJob::newSpec() now requires a PageRecord as the second
341 parameter instead of a page ID.
342 * Public access to the DifferenceEngine properties mOldid, mNewid, mOldRev,
343 mNewRev, mOldPage, mNewPage, mOldContent, mNewContent, mRevisionsLoaded,
344 mTextLoaded and mCacheHit, deprecated in 1.32, was removed.
345 * SearchDatabase::db, deprecated since 1.38, has been removed.
346 * SearchDatabase::lb has been removed without deprecation, use ::dbProvider
348 * StreamFile::STREAM_HEADLESS and StreamFile::STREAM_ALLOW_OB, deprecated
349 in 1.34, have been removed.
350 * AbstractAuthenticationProvider::setLogger(), ::setManager(), ::setConfig()
351 and ::setHookContainer() have been removed and also from it's related
352 interface, AuthenticationProvider. The corresponding properties are set in
353 AbstractAuthenticationProvider::init(). For side effects, you can override
354 AbstractAuthenticationProvider::postInitSetup().
355 * Title::newFromTitleValue(), deprecated since 1.34, has been removed.
356 * Parser::OT_MSG, related to OT_MSG(3) MediaWiki constant, parameter for
357 starting external parse has been dropped. This was kept since 2008 for B/C
358 only and no longer used. Use instead Parser::OT_PREPROCESS as the
360 * SpecialPageAction has been removed without deprecation. There were no known
361 uses outside of core.
362 * ConfigRepository::getValueOf() has been removed without deprecation. This
363 method was introduced and never used for a long time now.
364 * BacklinkCache::get(), ::getLinks(), ::getCascadeProtectedLinks() which
365 emitted deprecation warnings has no usage left. It has been removed.
366 * The following constants and methods in the Language class, hard deprecated
367 since 1.40, have been removed:
370 - ::MESSAGES_FALLBACKS
373 - ::isSupportedLanguage()
374 - ::isWellFormedLanguageTag()
376 - ::isValidBuiltInCode()
377 - ::isKnownLanguageTag()
378 - ::getLocalisationCache()
379 - ::fetchLanguageNames()
380 - ::fetchLanguageName()
383 - ::autoConvertToAllVariants()
385 - ::convertNamespace()
389 - ::convertCategoryKey()
391 - ::getPreferredVariant()
392 - ::getDefaultVariant()
394 - ::getExtraHashOptions()
395 - ::getParentLanguage()
397 - ::getMessagesFileName()
398 - ::getJsonMessagesFileName()
400 - ::getFallbacksFor()
401 - ::getFallbacksIncludingSiteLanguage()
404 - ::getMessageKeysFor()
405 - ::getConvRuleTitle()
406 * The parameter noSeparators to Language::formatNum, deprecated since 1.36,
407 has been removed. Use Language::formatNumNoSeparators instead.
408 * The following methods in the ParserOutput class, deprecated since 1.38, have
411 - ::addTrackingCategory()
413 - ::getCategoryLinks()
417 - ::hasDynamicContent()
419 - ::preventClickjacking()
420 - ::setCategoryLinks()
423 * OutputPage::allowClickjacking() and ::preventClickjacking(), deprecated
424 since 1.38, have been removed.
425 * ResourceFileCache has been removed without deprecation. There were no known
426 uses outside of core.
427 * Many LocalisationCache constants, properties and methods that have no known
428 usage outside of the class have been made private without deprecation.
429 * User::idFromName(), deprecated in 1.37, has been removed. Instead, you should
430 use UserIdentityLookup::getUserIdentityByName().
431 * User::incEditCount(), deprecated in 1.37, has been removed. Instead, use
432 UserEditTracker::incrementUserEditCount().
433 * Article::getTimestamp(), deprecated in 1.35, has been removed. Use WikiPage's
434 or RevisionRecord's version of this method instead.
435 * ActionFactory::actionExists(), deprecated since 1.38, has been dropped.
436 * Action::exists(), deprecated since 1.38, has been dropped.
437 * ContentHandler::getForTitle(), deprecated since 1.35, has been dropped.
438 * LockManagerGroup::getDefault() and ::getAny(), deprecated since 1.35, have
440 * BaseTemplate::getToolbox(), deprecated since 1.35, has been dropped. To add
441 items to the toolbox, use the SidebarBeforeOutput hook. To get the toolbox,
442 subclasses can use $this->data['sidebar']['TOOLBOX'].
443 * IndexPager::getHookContainer(), deprecated since 1.40, has been removed. You
444 should instead inject a HookContainer into your code.
445 * Not specifying a manifest_version in your extension.json or skin.json file,
446 deprecated since 1.26 and emitting warnings since 1.29, is no longer supported
447 with a fallback; it will now have unspecified behaviour.
448 * RecentChange::getEngine(), deprecated since 1.29, has been removed. Use
449 RCFeed::factory() instead.
450 * EditPage::showEditForm() no longer respects the $formCallback parameter, which
451 was deprecated in 1.25. Use the EditPage::showEditForm:fields hook instead.
452 * The following properties in EditPage, deprecated in 1.38, were made private:
463 * EditPage::addNewLineAtEnd(), deprecated since 1.38, was removed.
464 * AuthManager::checkAccountCreatePermissions(), deprecated in 1.39, has been
465 removed. Use authorizeCreateAccount() or probablyCanCreateAccount() instead.
466 * LinkCache::addGoodLinkObj(), deprecated in 1.37, has been removed. You should
467 use ::addGoodLinkObjFromRow().
468 * Constructing TextConflictHelper without a ContentHandlerFactory, deprecated
469 since 1.35, will now trigger a type error.
470 * JobQueue::getWiki(), deprecated in 1.33, has been removed.
471 * ManualLogEntry::setTags(), deprecated in 1.33, has been removed.
472 * WikiPage::getDeletionUpdates(), deprecated in 1.37, has been removed.
473 * ResourceLoader\Context::getConfig(), deprecated in 1.34, has been removed.
474 * When creating a SearchUpdate instance, passing a non-Content string or Boolean
475 as the $c parameter, deprecated since 1.34, will now trigger type errors.
476 * SkinTemplate::getNameSpaceKey(), deprecated in 1.35, has been dropped. Instead
477 you should use Title::getNamespaceKey().
478 * The AddNewAccount hook, deprecated since 1.27, will now trigger deprecation
479 warnings. You should use the LocalUserCreated hook instead.
480 * The PrefixSearchBackend hook, deprecated since 1.27, will now trigger
481 deprecation warnings. Override SearchEngine::completionSearchBackend instead.
482 * PrefixSearch::validateNamespaces(), completely unused everywhere, has been
483 removed without deprecation.
484 * BaseTemplate::getTrail() and ::printTrail(), deprecated since 1.39, have been
486 * Passing a second query parameter to Title::getFullURL(), Title::getLocalURL(),
487 Title::getInternalURL(), or Title::getCanonicalURL(), each deprecated in 1.19,
488 is now not supported. Pass it as a key,value pair in the first parameter array
490 * Title::getBacklinkCache(), deprecated since 1.37, has been dropped. Instead,
491 use BacklinkCacheFactory::getBacklinkCache().
492 * Title::newFromIDs and TitleFactory::newFromIDs, deprecated in 1.38, have been
493 dropped; use a PageStore QueryBuilder instead.
494 * Title::getSelectFields(), deprecated since 1.36, has been dropped. You can use
495 PageStore::newSelectQueryBuilder() instead.
496 * Title::getTouched() will now trigger an error if you pass it an instance of
497 IDatabase rather than a READ_XXX constant. This legacy behaviour has been
498 deprecated since 1.38.
499 * User::getGroupPermissions(), getGroupsWithPermission() & groupHasPermission(),
500 all of which were deprecated since 1.34, have been removed. Instead, use the
501 GroupPermissionsLookup service.
502 * Similarly, PermissionManager::getGroupPermissions(), getGroupsWithPermission()
503 & groupHasPermission(), all of which were deprecated since 1.36, have also
504 been removed. Instead, use the GroupPermissionsLookup service.
505 * The following old, deprecated aliases for classes in the RDBMS layer, have now
507 - DBConnRef (use Wikimedia\Rdbms\DBConnRef)
508 - Database (use Wikimedia\Rdbms\Database)
509 - DatabaseBase (use Wikimedia\Rdbms\Database)
510 - DatabaseMysqlBase (use Wikimedia\Rdbms\DatabaseMySQL)
511 - DatabaseMysqli (use Wikimedia\Rdbms\DatabaseMySQL)
512 - DatabasePostgres (use Wikimedia\Rdbms\DatabasePostgres)
513 - DatabaseSqlite (use Wikimedia\Rdbms\DatabaseSqlite)
514 - IDatabase (use Wikimedia\Rdbms\IDatabase)
515 - FakeResultWrapper (use Wikimedia\Rdbms\FakeResultWrapper)
516 - ResultWrapper (use Wikimedia\Rdbms\ResultWrapper)
517 * The following old, deprecated aliases for classes have now been removed:
518 - MediaWiki\Rest\Handler\HtmlInputTransformHelper
519 - MediaWiki\Rest\Handler\HtmlMessageOutputHelper
520 - MediaWiki\Rest\Handler\HtmlOutputRendererHelper
521 - MediaWiki\Rest\Handler\PageContentHelper
522 - MediaWiki\Rest\Handler\PageRestHelperFactory
523 - MediaWiki\Rest\Handler\ParsoidFormatHelper
524 - MediaWiki\Rest\Handler\RevisionContentHelper
525 (use the classes from namespace MediaWiki\Rest\Handler\Helper)
526 - SearchNearMatcher (use MediaWiki\Search\TitleMatcher)
527 * $CHANGEDORCREATED argument of 'enotif_body' message was removed.
528 It wasn't used in the default messages since 1.21.
529 * The AbstractBlock and DatabaseBlock public properties mExpiry, mHideName,
530 mTimestamp, mAuto and mParentBlockId, deprecated since 1.34, have been
532 * WikiPage::doDeleteUpdates() and ::getDeletionUpdates(), deprecated in 1.37,
534 * The User public properties mOptions, mBlock, mBlockedby and mHideName,
535 deprecated since 1.35, were removed.
536 * User::CHECK_USER_RIGHTS and User::IGNORE_USER_RIGHTS were removed. They were
537 flags passed to methods which were previously removed.
538 * All public properties of LinksUpdate, deprecated in 1.38, were removed.
539 * The class Wikimedia\Rdbms\MySQLMasterPos, deprecated in 1.37, has been
540 removed. Use Wikimedia\Rdbms\MySQLPrimaryPos instead.
541 * The class GetBlockErrorMessageKey, deprecated in 1.40, has been removed.
542 * The ability to set Parser::mTitle to null, deprecated in 1.34, was removed.
543 * The following MagicWord methods have been removed without deprecation. There
546 - ::compareStringLength
548 - ::getVariableStartToEndRegex
551 - ::matchVariableStartToEnd
552 - ::pregRemoveAndRecord
553 - ::substituteCallback
554 * The following MagicWordArray methods have been removed or made private without
555 deprecation. There were no known uses outside of the class.
557 - ::getRegex, already marked as @internal, now private
558 - ::getRegexStart, already marked as @internal, now private
559 - ::getVariableRegex, deprecated since 1.36
560 - ::getVariableStartToEndRegex, already marked as @internal, now private
561 - ::parseMatch, now private
562 * AbstractContent::getRedirectChain() and ::getUltimateRedirectTarget(), both
563 deprecated in 1.38, have been removed.
565 === Deprecations in 1.41 ===
566 * The MessageCache::get hook is deprecated for performance reasons. Use
567 MessageCacheFetchOverrides instead.
568 * EtcdConfig::setLogger() is deprecated as it was unused and could not be
569 used correctly. As a standalone class, its warnings now surface
570 unconditionally via the native PHP error log.
571 * The interface for hook ParserModifyImageHTML have been renamed from
572 ParserModifyImageHTML to ParserModifyImageHTMLHook,
573 the old name is deprecated.
574 * (T178356) The es6-polyfills module is deprecated and is now a no-op.
575 * SerializedValueContainer::newUnified() is unused and now emits deprecation
577 * Profiler::setProfileID() and ::getAllowOutput() are now deprecated and also
578 emit deprecation warnings. For ::setProfileID(), override the related class
579 member directly in sub-class.
580 * (T166010) All PHP code in MediaWiki is slowly being moved to be in a class
581 namespace as appropriate, so that we can use PSR-4 auto-loading, which will
582 speed up general code loading of MediaWiki. The old global namespace class
583 names are being left behind as deprecated aliases.
585 In this release of MediaWiki, 1661 classes now have a namespace and 972 do
586 not yet (63% done, up from 54% in MediaWiki 1.40.0). The following have newly
593 - EtcdConfigParseError
599 - MediaWiki\EventRelayer:
603 - MediaWiki\Installer:
613 - AllMessagesTablePager
618 - DeletedContribsPager
628 - ProtectedPagesPager
629 - ProtectedTitlesPager
630 - RangeChronologicalPager
631 - ReverseChronologicalPager
639 - MediaWiki\SiteStats:
642 - MediaWiki\Specials:
645 - SpecialAncientPages
648 - SpecialAutoblockList
653 - SpecialBotPasswords
654 - SpecialBrokenRedirects
656 - SpecialChangeContentModel
657 - SpecialChangeCredentials
659 - SpecialChangePassword
660 - SpecialComparePages
661 - SpecialConfirmEmail
663 - SpecialContributions
664 - SpecialCreateAccount
665 - SpecialDeadendPages
667 - SpecialDeletedContributions
669 - SpecialDoubleRedirects
672 - SpecialEditWatchlist
673 - SpecialEmailInvalidate
675 - SpecialExpandTemplates
677 - SpecialFewestRevisions
678 - SpecialFileDuplicateSearch
680 - SpecialGoToInterwiki
682 - SpecialJavaScriptTest
683 - SpecialLinkAccounts
685 - SpecialListDuplicatedFiles
688 - SpecialListGroupRights
689 - SpecialListRedirects
696 - SpecialMediaStatistics
697 - SpecialMergeHistory
698 - SpecialMostCategories
699 - SpecialMostInterwikis
701 - SpecialMostLinkedCategories
702 - SpecialMostLinkedTemplates
703 - SpecialMostRevisions
707 - SpecialNewPages (and capitalisation corrected)
712 - SpecialPageLanguage
713 - SpecialPagesWithProp
714 - SpecialPasswordPolicies
715 - SpecialPasswordReset
716 - SpecialPermanentLink
718 - SpecialPrefixIndex (and capitalisation corrected)
719 - SpecialProtectedPages (and capitalisation corrected)
720 - SpecialProtectedTitles (and capitalisation corrected)
723 - SpecialRandomInCategory
725 - SpecialRandomRedirect
726 - SpecialRandomRootPage
727 - SpecialRecentChanges
728 - SpecialRecentChangesLinked
730 - SpecialRedirectToSpecial
731 - SpecialRemoveCredentials
732 - SpecialRenameUser (and capitalisation corrected)
734 - SpecialRevisionDelete
738 - SpecialSpecialPages (and capitalisation corrected)
741 - SpecialTrackingCategories
743 - SpecialUncategorizedCategories
744 - SpecialUncategorizedImages
745 - SpecialUncategorizedPages
746 - SpecialUncategorizedTemplates
748 - SpecialUnlinkAccounts
750 - SpecialUnusedCategories
751 - SpecialUnusedImages
752 - SpecialUnusedTemplates
753 - SpecialUnwatchedPages
759 - SpecialWantedCategories
760 - SpecialWantedTemplates
762 - SpecialWhatLinksHere
763 - SpecialWithoutInterwiki
764 - MediaWiki\Specials\Redirects:
765 - SpecialAllMyUploads
768 - SpecialMycontributions
773 - MediaWiki\SpecialPage:
774 - AuthManagerSpecialPage
775 - ChangesListSpecialPage
776 - DisabledSpecialPage
779 - IncludableSpecialPage
780 - LoginSignupSpecialPage
783 - RedirectSpecialArticle
784 - RedirectSpecialPage
786 - SpecialRedirectToSpecial
787 - SpecialRedirectWithAction
788 - UnlistedSpecialPage
794 - ForeignTitleFactory
796 - MalformedTitleException
797 - MediaWikiTitleCodec
798 - NaiveForeignTitleFactory
799 - NaiveImportTitleFactory
800 - NamespaceAwareForeignTitleFactory
801 - NamespaceImportTitleFactory
803 - SubpageImportTitleFactory
814 - UserArrayFromResult
815 - UserGroupMembership
817 - MediaWiki\User\CentralId:
823 - ExtensionInfo (previously under MediaWiki\ExtensionInfo)
825 - ConfiguredReadOnlyMode
827 * Various mediawiki.ui variables have been deprecated in favor of
828 'mediawiki.skin.variables.less' Codex design tokens featuring replacements.
829 * Hook handlers must now be specified either as a PHP callable, or as a PHP
830 object that has a method matching the hook name. Other ways to specify
831 the handler are deprecated and will soon be removed. Deprecated ways to
832 specify a hook handler include callables wrapped in an array. Handlers
833 defined using a "HookHandlers" entry in extension.json are not affected.
834 * TitleArray::newFromResult() has been deprecated and now emits deprecation
835 warnings, use TitleArrayFromResults instead.
836 * The MediaWikiIntegrationTestCase::$users has been deprecated. Use Authority
837 if possible, or call ::getTestUser() or ::getTestSysop() directly.
838 * WebRequest::isSafeRequest() and ::markAsSafeRequest() has been deprecated
839 and now emits deprecation warnings. Use ::hasSafeMethod() instead.
840 * The tests/phpunit/phpunit.php entrypoint has been deprecated. PHPUnit
841 tests should be run with composer, for example with the
842 `composer phpunit:entrypoint` command.
843 * The unnamespace UserNamePrefixSearch class, deprecated in 1.36, now emits
844 deprecation warnings. Use the MediaWiki\User\UserNamePrefixSearch service.
845 * The jquery.cookie ResourceLoader module has been merged into the existing
846 mediawiki.cookie module; jquery.cookie remains but is deprecated.
847 * Passing a database to DatabaseBlockStore::insertBlock() is deprecated.
848 DatabaseBlockStoreFactory should be used to fetch a correct
849 DatabaseBlockStore instead.
850 * The global function wfGetLangObj is deprecated and emits deprecation
851 warnings. Use MediaWiki\Languages\LanguageFactory::getLanguage instead.
852 * The SwiftVirtualRESTService class is deprecated in 1.41 and now emits
853 deprecation warnings.
854 * SqlBagOStuff::expireAll() is deprecated and now emits deprecation warnings,
855 use SqlBagOStuff::deleteObjectsExpiringBefore() instead.
856 * SqlBagOStuff::deleteAll() is deprecated and now emits deprecation warnings.
857 * Passing an actor id to the UserIdentityValue constructor is now emits
858 deprecation warnings, it is deprecated since 1.36.
859 * UserGroupMembership::getGroupName(), deprecated in 1.38, and
860 UserGroupMembership::getGroupMemberName(), deprecated in 1.40, now emit
861 deprecation warnings.
862 * UserGroupMembership::getLink() has been deprecated in favour of
863 ::getLinkHTML() and ::getLinkWiki().
864 * Linker::formatComment(), ::formatLinksInComment(), ::commentBlock() and
865 ::revComment(), deprecated in 1.38, now emit deprecation warnings.
866 * PageArchive::listRevisions(), ::getRevisionRecordByTimestamp(),
867 ::getArchivedRevisionRecord(), ::getPreviousRevisionRecord(),
868 ::getLastRevisionId() and ::isDeleted(), deprecated in 1.38,
869 now emit deprecation warnings.
870 * SearchResultThumbnail::getSize() has been deprecated to be dropped in the
871 future as it is resource intensive and degrades performance.
872 * The EmailUserPermissionsErrors and UserCanSendEmail hooks have been
873 deprecated in favour of the EmailUserAuthorizeSend hook.
874 * The EmailUser hook has been deprecated in favour of the EmailUserSendEmail
876 * The InterwikiLoadPrefix hook now emits deprecation warnings. Resetting the
877 $wgInterwikiCache setting instead.
878 * SiteConfiguration::getConfig() now emits deprecation warnings, Use ::get()
880 * SiteConfiguration::extractVar() and ::extractGlobal() have been deprecated
881 and also emit deprecation warnings.
882 * JobQueueGroup::waitForBackups() is deprecated. JobQueue::waitForBackups()
883 should be used instead.
884 * Hooks::isRegistered(), ::getHandlers(), ::run() and ::runWithoutAbort(),
885 deprecated in 1.35, now emit deprecation warnings.
886 * VirtualRESTService class and its subclasses now emit deprecation warnings
887 in 1.41 and as a replacement we can use MultiHttpClient.
888 * Calling the MediaWikiServices::getVirtualRESTServiceClient() function
889 which creates the VirtualRESTServiceClient now emits deprecation warnings.
890 * Language::getMessage and Language::getAllMessages are deprecated. Use
891 LocalisationCache or MessageCache as appropriate.
892 * VirtualRESTService class is deprecated in 1.41 and as a replacement
893 we can use MultiHttpClient.
894 * MediaWikiServices::getConfiguredReadOnlyMode() is deprecated. Use
895 ::getReadOnlyMode() instead. ReadOnlyMode::getConfiguredReason()
896 and ::isConfiguredReadOnly() has been added to support that.
897 * UploadBase::isThrottled() has been deprecated and is emitting deprecation
898 warnings. Rate limits are enforced by UploadBase::verifyTitlePermissions(),
899 since rate limit checks are now implicit in permission checks.
900 * JobSpecification::toSerializableArray() now emits deprecation warnings.
901 * The following skin methods were deprecated:
902 - Skin::makeSpecialUrl (use Title or Special class instead)
903 - Skin::makeSpecialUrlSubpage (use Title or Special class instead)
904 * mw.jqueryMsg.parser, deprecated in 1.31, now emits deprecation warnings.
905 * ResourceLoader (T127268): The targets system is deprecated. Modules that
906 have been marked as desktop or mobile only are no longer supported and
907 will send deprecation warnings.
908 * TextSlotDiffRenderer::setLanguage() is deprecated, and calling it will
909 have no effect. Use ContentHandler::getSlotDiffRenderer(), or in subclasses,
910 ContentHandler::createTextSlotDiffRenderer(), to correctly inject
911 dependencies into TextSlotDiffRenderer.
912 * The static methods encodeJsVar() and encodeJsCall() have been moved from the
913 Xml class to the more appropriate MediaWiki\Html\Html one, and the old ones
915 * Some work to rename classes was done in previous releases, but the renaming
916 was not noted at the time. The old aliases work for now but are deprecated;
917 this is now explicitly noted:
919 - Category -> MediaWiki\Category\Category
920 - CategoriesRdf -> MediaWiki\Category\CategoriesRdf
921 - CategoryViewer -> MediaWiki\Category\CategoryViewer
922 - TrackingCategories -> MediaWiki\Category\TrackingCategories
923 - CommentStore -> MediaWiki\CommentStore\CommentStore
924 - CommentStoreComment -> MediaWiki\CommentStore\CommentStoreComment
925 - EditPage -> MediaWiki\EditPage\EditPage
926 - TemplatesOnThisPageFormatter
927 -> MediaWiki\EditPage\TemplatesOnThisPageFormatter
928 - LinkFilter -> MediaWiki\ExternalLinks\LinkFilter
929 - AtomFeed -> MediaWiki\Feed\AtomFeed
930 - ChannelFeed -> MediaWiki\Feed\ChannelFeed
931 - FeedItem -> MediaWiki\Feed\FeedItem
932 - FeedUtils -> MediaWiki\Feed\FeedUtils
933 - RSSFeed -> MediaWiki\Feed\RSSFeed
934 - Html -> MediaWiki\Html\Html
935 - FormOptions -> MediaWiki\Html\FormOptions
936 - HtmlHelper -> MediaWiki\Html\HtmlHelper
937 - ListToggle -> MediaWiki\Html\ListToggle
938 - TemplateParser -> MediaWiki\Html\TemplateParser
939 - RawMessage -> MediaWiki\Language\RawMessage
940 - FileDeleteForm -> MediaWiki\Page\File\FileDeleteForm
941 - MergeHistory -> MediaWiki\Page\File\MergeHistory
942 - MovePage -> MediaWiki\Page\File\MovePage
943 - ProtectionForm -> MediaWiki\Page\File\ProtectionForm
944 - MediaWiki\BadFileLookup -> MediaWiki\Page\File\BadFileLookup
945 - PageProps -> MediaWiki\Page\PageProps
946 - MagicWord -> MediaWiki\Parser\MagicWord
947 - MagicWordArray -> MediaWiki\Parser\MagicWordArray
948 - MagicWordFactory -> MediaWiki\Parser\MagicWordFactory
949 - Linker -> MediaWiki\Linker\Linker
950 - DummyLinker -> MediaWiki\Linker\DummyLinker
951 - ForkController -> MediaWiki\Maintenance\ForkController
952 - OrderedStreamingForkController
953 -> MediaWiki\Maintenance\OrderedStreamingForkController
954 - ContentSecurityPolicy -> MediaWiki\Request\ContentSecurityPolicy
955 - DerivativeRequest -> MediaWiki\Request\DerivativeRequest
956 - FauxRequest -> MediaWiki\Request\FauxRequest
957 - FauxRequestUpload -> MediaWiki\Request\FauxRequestUpload
958 - PathRouter -> MediaWiki\Request\PathRouter
959 - WebRequestUpload -> MediaWiki\Request\WebRequestUpload
960 - FauxResponse -> MediaWiki\Request\FauxResponse
961 - WebResponse -> MediaWiki\Request\WebResponse
962 - MediaWiki\HeaderCallback -> MediaWiki\Request\HeaderCallback
963 - StubObject -> MediaWiki\StubObject\StubObject
964 - DeprecatedGlobal -> MediaWiki\StubObject\DeprecatedGlobal
965 - StubGlobalUser -> MediaWiki\StubObject\StubGlobalUser
966 - StubUserLang -> MediaWiki\StubObject\StubUserLang
967 - Title -> MediaWiki\Title\Title
968 - TitleArray -> MediaWiki\Title\TitleArray
969 - TitleArrayFromResult -> MediaWiki\Title\TitleArrayFromResult
970 - TitleFactory -> MediaWiki\Title\TitleFactory
971 - ActorMigration -> MediaWiki\User\ActorMigration
972 - ActorMigrationBase -> MediaWiki\User\ActorMigrationBase
973 - WikiMap -> MediaWiki\WikiMap\WikiMap
974 - WikiReference -> MediaWiki\WikiMap\WikiReference
976 - ResourceLoader -> MediaWiki\ResourceLoader\ResourceLoader
978 - IMaintainableDatabase -> Wikimedia\Rdbms\IMaintainableDatabase
979 * The WebRequest::getRequestId() and WebRequest::overrideRequestId() are
980 deprecated. Use methods from MediaWiki\Http\Telemetry class instead.
981 * The XmlJsCode wrapper class has been renamed to MediaWiki\Html\HtmlJsCode,
982 and the old name is now deprecated.
983 * The use of non-serializable arguments to ParserOutput::addWarningMsg() has
984 been deprecated and will emit deprecation warnings.
985 * Class UserRightsProxy, deprecated since 1.38, now emits
986 deprecation warnings from its factory functions.
987 * MediaWiki\ResourceLoader\Module::getDeprecationInformation() is deprecated.
988 Use ::getDeprecationWarning() instead.
989 * Passing a Message to OutputPage::setPageTitle() is deprecated.
990 Use ::setPageTitleMsg() instead (which escapes HTML metacharacters).
991 * Passing arguments to OutputPage::prepareErrorPage() is deprecated.
992 Use explicit calls to OutputPage::setPageTitleMsg() and ::setHTMLTitle()
994 * Returning a string from Action::getPageTitle() is deprecated;
995 return a Message instead, which will be formatted using FORMAT_ESCAPED.
996 * Returning a string from SpecialPage::getDescription() is deprecated;
997 return a Message instead, which will be formatted using FORMAT_ESCAPED.
998 * MediaWiki\Block\AbstractBlock::getReason(), deprecated since 1.35, now emits
999 deprecation warnings. Use ::getReasonComment() instead.
1000 * User::getGroups(), ::addGroup(), ::removeGroup(), ::getGroupMemberships(),
1001 ::getAllGroups(), ::getImplicitGroups(), deprecated since 1.35, now emit
1002 deprecation warnings.
1003 * The global function wfReportTime(), deprecated since 1.40, now emits
1004 deprecation warnings. The SkinTemplate parameter 'reporttime' is deprecated.
1005 * RevisionStore::getQueryInfo() and RevisionFactory::getQueryInfo() have been
1006 deprecated. Use ::newSelectQueryBuilder() instead.
1007 * Following methods in rdbms library have been made internal:
1008 - IDatabase::getLBInfo()
1009 - IDatabase::setLBInfo()
1010 - IDatabase::insert() Use InsertQueryBuilder instead.
1011 - IDatabase::update() Use UpdateQueryBuilder instead.
1012 - IDatabase::replace() Use ReplaceQueryBuilder instead.
1013 - IDatabase::upsert() Use InsertQueryBuilder instead.
1014 - IDatabase::delete() Use DeleteQueryBuilder instead.
1015 - IReadableDatabase::selectField() Use SelectQueryBuilder instead.
1016 - IReadableDatabase::selectFieldValues() Use SelectQueryBuilder instead.
1017 - IReadableDatabase::select() Use SelectQueryBuilder instead.
1018 - IReadableDatabase::selectRow() Use SelectQueryBuilder instead.
1019 - IReadableDatabase::estimateRowCount() Use SelectQueryBuilder instead.
1020 - IReadableDatabase::selectRowCount() Use SelectQueryBuilder instead.
1021 - ISQLPlatform::unionQueries() Use UnionQueryBuilder instead.
1022 * The core Wikimedia\Rdbms\DatabaseMysqlBase class has been renamed to reflect
1023 the earlier merger of Mysqli into it; it's now Wikimedia\Rdbms\DatabaseMySQL.
1024 * The following methods in SpecialEmailUser have been deprecated:
1025 - SpecialEmailUser::validateTarget(), use EmailUser::validateTarget()
1026 - SpecialEmailUser::getPermissionsError(), use EmailUser::canSend() or
1027 EmailUser::authorizeSend()
1028 - SpecialEmailUser::submit(), use EmailUser::sendEmailUnsafe()
1029 * User::isBlockedFromEmailuser() has been deprecated. EmailUser::canSend()
1030 checks blocks amongst other things. If you only need this check, use
1031 User::getBlock()->appliesToRight( 'sendemail' ).
1032 * User::canSendEmail() has been deprecated. Use EmailUser::canSend() instead.
1033 * The following methods, previously deprecated, now emit deprecation warnings:
1034 - ConfigFactory::getDefaultInstance(), deprecated since 1.27
1035 - AbstractContent::getNativeData(), deprecated since 1.33
1036 - TablePager::getBody(), deprecated since 1.24
1037 - ContentHandler::getSlotDiffRendererInternal(), deprecated since 1.35
1038 - ParserOutput::getCategories(), deprecated since 1.40
1039 - PasswordFactory::init(), deprecated since 1.32
1040 * WikitextContent::getRedirectTargetAndText has been deprecated, use
1041 WikitextContentHandler::extractRedirectTargetAndText instead.
1042 * WikiPage::doDeleteArticleBatched, deprecated in 1.37, now emits deprecation
1044 * WikiPage::getPageIsRedirectField() is now deprecated.
1045 * WikiPage::insertRedirect() is now deprecated.
1046 * Parser::getFreshParser(), deprecated since 1.39, now emits deprecation
1048 * The legacy MediaWiki UI ResourceLoader modules, such as `mediawiki.ui`, are
1049 all now emitting deprecation warnings in the JavaScript console. Please use
1050 Codex CSS components instead.
1051 * Article::getRedirectHeaderHtml() has been deprecated and emits deprecation
1052 warnings, use LinkRenderer::makeRedirectHeader() instead.
1053 * SpecialBlock::getTargetAndType(), deprecated since 1.36, now emits deprecation
1055 * ApiBase::checkTitleUserPermissions() now type-forces a PageIdentity instead of
1056 a LinkTarget. Passing a LinkTarget has been deprecated since 1.36.
1057 * Passing a User to ApiBase::checkUserRightsAny() in the second parameter, which
1058 was deprecated in 1.36, is no longer read. Instead, it will use the request
1059 context's set Authority via IContextSource::getAuthority().
1060 * Sanitizer::escapeIdReferenceList(), deprecated since 1.36, has been dropped.
1061 * RecentChange::getPerformer(), deprecated since 1.36, has been dropped.
1062 * SpecialPage::getLanguageConverter(), deprecated since 1.36, has been dropped.
1063 Use LanguageConverterFactory::getLanguageConverter() directly.
1064 * SpecialBlock::checkUnblockSelf(), deprecated since 1.36, has been dropped. Use
1065 BlockPermissionChecker instead.
1066 * DifferenceEngine::localiseLineNumbers() has been deprecated in favor of
1067 BaseTextDiffer::localizeLineNumbers(). Subclasses such as PhpTextDiffer may
1068 make this available via a ::localize() method.
1069 * ChangeTags::modifyDisplayQuery() and ChangeTagsStore::modifyDisplayQuery()
1070 have been deprecated in favor of ChangeTagsStore::modifyDisplayQueryBuilder()
1071 * Calling SpecialRandomPage::__construct without services as parameters is
1072 deprecated and emit deprecation warnings.
1074 === Other changes in 1.41 ===
1075 * ExternalLinksLookup::getExternalLinksForPage() now exists to centralize
1076 logic of looking up externallinks rows.
1077 * The update script no longer accepts the --skip-compat-checks option.
1078 * Use of the deprecated "Pragma: no-cache" HTTP response header on uncachable
1079 responses has been removed in favour of "Cache-Control: no-cache" (T345420).
1080 * Type hints were added to:
1081 - The return value of WebRequest:: and DerivativeRequest::getSession()
1082 - The return value of WebRequest:: and DerivativeRequest::getIP()
1083 - The return value of User::getTitleKey()
1084 - The return value of User::getRequest()
1085 - The `$key` parameter to Skin::normalizeKey()
1086 None of the methods whose return value was updated belongs to a class
1087 stable to extend, and adding type hints to parameters is backwards
1088 compatible. Therefore, this is not considered a breaking change.
1089 * The mergeMessageFileList script now only works for extensions and skins
1090 supporting extension registration (using extension.json or skin.json).
1091 It will no longer attempt to load PHP entry points.
1092 * Parser will no longer fall back to $wgTitle if a null is provided as a
1093 Title or PageReference. To change the relevant title used for methods
1094 that do not offer an option to set the page, call Parser::setPage.
1095 This affects the methods cleanSig, getSection and replaceSection.
1096 * (T347726, CVE-2023-PENDING) SECURITY: logging: Fix non-escaped messages
1101 MediaWiki 1.41 requires PHP 7.4.3 or later and the following PHP extensions:
1112 MariaDB is the recommended database software. MySQL, PostgreSQL, or SQLite can
1113 be used instead, but support for them is somewhat less mature.
1115 The supported versions are:
1117 * MariaDB 10.3 or higher
1118 * MySQL 5.7.0 or higher
1119 * PostgreSQL 10 or later
1120 * SQLite 3.8.0 or later
1122 == Online documentation ==
1123 Documentation for both end-users and site administrators is available on
1124 MediaWiki.org, and is covered under the GNU Free Documentation License (except
1125 for pages that explicitly state that their contents are in the public domain):
1127 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
1130 A mailing list is available for MediaWiki user support and discussion:
1132 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
1134 A low-traffic announcements-only list is also available:
1136 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
1138 It's highly recommended that you sign up for one of these lists if you're
1139 going to run a public MediaWiki, so you can be notified of security fixes.
1142 There's usually someone online in #mediawiki on irc.libera.chat.
1146 PHP 8.0 workboard: https://phabricator.wikimedia.org/tag/php_8.0_support/
1147 PHP 8.1 workboard: https://phabricator.wikimedia.org/tag/php_8.1_support/
1148 PHP 8.2 workboard: https://phabricator.wikimedia.org/tag/php_8.2_support/
1149 PHP 8.3 workboard: https://phabricator.wikimedia.org/tag/php_8.3_support/
1151 == MediaWiki 1.40.1 ==
1153 This is a security and maintenance release of the MediaWiki 1.40 branch.
1155 === Changes since MediaWiki 1.40.0 ===
1156 * Localisation updates.
1157 * (T333050, CVE-2023-45363) SECURITY: Fix infinite loop for self-redirects
1158 with variants conversion.
1159 * docs: Fix a few typos in MainConfigSchema.
1160 * (T290464) Add DiscussionTools bundling to release notes.
1161 * (T309714) mime: Add support for 'font/sfnt' mime type.
1162 * (T341434) WikiImporter: Improve error message output.
1163 * (T341737) ApiBase: Cast $id to string in filterIDs.
1164 * (T286291, T296188) Merge zh and zh-tw namespace translations back to zh-hans,
1165 zh-hant, zh-hk respectively.
1166 * (T337875) WRStats: Round up SequenceSpec::hardExpiry to the nearest integer.
1167 * (T237898) installer: Check MariaDB version in updater/installer.
1168 * (T342632) ApiComparePages: Add help url.
1169 * (T326182, T324903) EditPage: Add #[AllowDynamicProperties].
1170 * (T342351) rdbms: Fix postgres db function call.
1171 * (T343675) user: Use {@} to escape annotation when writting about annotation.
1172 * (T343797) LanguageWa: Fix double timezone adjustment.
1173 * (T343669) skins: Avoid function call on array.
1174 * (T326454) Update pear/mail to 1.5.1.
1175 * (T343622) docs: Set the <comment> tag back to optional.
1176 * (T330528) Upgrade wikimedia/html-formatter from 3.0.1 to 4.0.3.
1177 * Updated jQuery from v3.6.1 to v3.7.1.
1178 * (T337463) wdio-mediawiki: await saveScreenshot.
1179 * (T208477) $wgPrivilegedGroups – Users belonging in some of the listed groups
1180 will be audited more aggressively.
1181 * doc: Improve description of "type" in extension.schema.v2.json.
1182 * Added PrivilegedGroups attribute for extension.json / skin.json, which lets
1183 you add any new user groups you define to wgPrivilegedGroups (see above).
1184 * (T288624) MultiHttpClient: Unset $this->cmh after closing it.
1185 * (T345039) Do not run SkinAfterBottomScripts hook twice unconditionally.
1186 * (T265734) API Help: Note that parameters may be inherited from other context.
1187 * (T285545) i18n: Split apihelp for standard dir parameter.
1188 * (T285545) i18n: Split apihelp for redirects/linkshere/transcludedin/fileusage
1190 * (T285545) i18n: Split apihelp for parameter list=deletedrevs&drprop=.
1191 * (T285545) i18n: Split apihelp for parameter list=allpages&apprexpiry=.
1192 * (T285545) i18n: Split apihelp for parameter action=opensearch&redirects=.
1193 * (T285545) i18n: Split apihelp for parameter action=managetags&operation=.
1194 * (T285545) api: Add message for list=watchlist&wlprop=expiry.
1195 * (T334011) ApiComparePages: expose 'difftype' param if wikidiff2 is installed.
1196 * (T342633) api: Add message for action=compare&prop=timestamp.
1197 * API: revids=… does not necessarily return the queried revisions.
1198 * (T235207) Get correct main page in API call examples.
1199 * doc: Make extension.schema.v2.json a valid JSON schema.
1200 * (T326696) Add since tag to UserOptionsManager::MAX_BYTES_OPTION_VALUE.
1201 * updateSpecialPages.php: Avoid implicit float conversion on modulo.
1202 * (T347227) ImportReporter: Make callback functions public.
1203 * (T346898) importDump: Unconditionally call $importer->setUsernamePrefix().
1204 * doc: Improve description of type in extension.schema.v1.json.
1205 * (T340217, CVE-2023-45359) SECURITY: Vector 2022: Numerous unescaped messages
1206 leading to potential XSS.
1207 * (T340220, CVE-2023-45361) SECURITY: Vector 2022: vector-intro-page message
1208 is assumed to yield a valid title.
1209 * (T340221, CVE-2023-45360) SECURITY: XSS via 'youhavenewmessagesmanyusers'
1210 and 'youhavenewmessages' messages.
1211 * (T341529, CVE-2023-45362) SECURITY: diff-multi-sameuser ("X intermediate
1212 revisions by the same user not shown") ignores username suppression.
1213 * (T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted
1214 XML file to Special:Upload (non standard configuration).
1216 == MediaWiki 1.40.0 ==
1218 === Changes since MediaWiki 1.40.0-rc.0 ===
1219 * Localisation updates.
1220 * (T330464) Work around argument corruption bug in XMLReader::open.
1221 * build: Updating mediawiki/mediawiki-phan-config to 0.12.1.
1222 * Fix frame and frameless rdfa depending on file existing.
1223 * (T329214) Pass whether current rev of file exists to
1224 Linker::makeBrokenImageLinkObj.
1225 * (T334659) Handle thumb errors when !$enableLegacyMediaDOM.
1226 * A manualthumb that doesn't exist should be considered a thumb error.
1227 * (T313157) IndexPager: Also protect against $offset being 0.
1228 * (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker.
1230 == MediaWiki 1.40.0-rc.0 ==
1232 == Upgrading notes for 1.40 ==
1233 Don't forget to always back up your database before upgrading!
1235 See the file UPGRADE for more detailed per-version upgrade instructions from the
1236 oldest supported upgrading version, MediaWiki 1.35.
1238 Some specific notes for MediaWiki 1.40 upgrades are below:
1239 * Maintenance scripts should now be executed using maintenance/run.php, e.g.
1240 maintenance/run.php update not maintenance/update.php as before.
1241 * Five extensions have now been bundled with MediaWiki:
1242 * The DiscussionTools extension, which provides a forum-like editing
1243 experience for wikitext-based discussion pages.
1244 * The Echo extension, which provides a system of user notifications.
1245 * The Linter extension, which warns about use of deprecated wikitext.
1246 * The LoginNotify extension, which warns users about failed attempted logins.
1247 * The Thanks extension, which lets users thank editors for edits.
1248 * The Renameuser extension has been moved to MediaWiki core. It is now possible
1249 to rename users without installing an extension. The extension had already
1250 been bundled with MediaWiki since 1.18.
1252 For notes on 1.39.x and older releases, see HISTORY.
1254 === Configuration changes for system administrators in 1.40 ===
1255 * When computing PBKDF2 password hashes, MediaWiki now detects and uses OpenSSL
1256 support if available, unless $wgPasswordConfig['pbkdf2']['class'] is set in
1257 LocalSettings.php. OpenSSL is more efficient, so if that setting is present,
1258 you should remove it (or set it to 'Pbkdf2PasswordUsingOpenSSL' if possible).
1259 If users get an internal error when trying to log in, you can try setting it
1260 to 'Pbkdf2PasswordUsingHashExtension'. In particular, this would be necessary
1261 if existing PBKDF2 password hashes were computed using a hash algorithm other
1262 than "sha512" or "sha256" (the current and prior defaults).
1263 * You should configure your webserver to return the http header
1264 'X-Content-Type-Options: nosniff' for the /images directory. This will
1265 instruct browsers to not apply content sniffing when accessing the files.
1266 MediaWiki before 1.40 shipped with a content sniffer which disallowed
1267 potentially dangerous files at upload time, but this protection has now been
1268 removed in favor of this 'X-Content-Type-Options: nosniff' header and the
1269 installer will return a warning when it is not in place.
1270 * Support for MW_USE_LEGACY_DEFAULT_SETTINGS has been removed, setting this
1271 constant will not have any effect. Use of MW_USE_LEGACY_DEFAULT_SETTINGS
1272 had been deprecated since 1.39.
1274 ==== New configuration ====
1275 * $wgThumbnailNamespaces - This setting lets you define the namespaces for which
1276 image thumbnails (or a placeholder in the absence of a thumbnail) will be
1277 displayed on Special:Search.
1278 * $wgResourceLoaderClientPreferences – This experimental flag lets you enable
1279 client-side preferences for logged-out users.
1280 * $wgExternalLinksSchemaMigrationStage – This temporary flag lets you control
1281 the migration stage for the new schema for the external links database table.
1282 Ignore it unless you have a large wiki farm with complex migration needs.
1283 * $wgCommentTempTableSchemaMigrationStage – This temporary flag lets you control
1284 the migration stage for the temporary comment database table, from revision.
1285 Ignore it unless you have a large wiki farm with complex migration needs.
1286 * $wgSpecialContributeSkinsEnabled – This setting lets you list skins on which
1287 Special:Contribute is available, for where others don't work for the feature.
1288 * $wgPrivilegedGroups – Users belonging in some of the listed groups will be
1289 audited more aggressively.
1291 ==== Changed configuration ====
1292 * $wgPasswordPolicies – This setting, which controls what makes for a valid
1293 password for wiki accounts, has been adjusted to raise the minimal password
1294 length from 1 to 8 characters. The initial limit of 1 has been in place since
1295 MediaWiki 1.26. If you wish to allow shorter passwords, you can over-ride it
1296 in your LocalSettings following the guidance on MediaWiki.org.
1297 * (T254045) New accounts can no longer use an equals sign (=) in their
1298 usernames because of issues it causes in wikitext syntax. This can be
1299 adjusted by changing the value of $wgInvalidUsernameCharacters.
1300 * (T314318) $wgParserEnableLegacyMediaDOM – This setting has been changed, so
1301 the alternative modern HTML structure for media is now the default. You can
1302 disable it for now by over-riding this back to `true` in LocalSettings, but
1303 this configuration will be removed in future versions of MediaWiki. For more
1304 details, see the documentation at:
1305 https://www.mediawiki.org/wiki/Parsoid/Parser_Unification/Media_structure/FAQ
1306 * $wgWatchlistExpiryMaxDuration – This setting, which controls the maximum
1307 allowed duration for users to set their temporary watchlist entries for expiry
1308 if that feature is enabled, has been increased from 6 months to 1 year.
1310 ==== Removed configuration ====
1311 * $wgShellboxUrl – This setting, deprecated in 1.37, has now been removed; use
1312 $wgShellboxUrls instead.
1313 * $wgMainWANCache and $wgWANObjectCaches – These never-used settings have been
1314 removed. To inject WANObjectCache parameters, use $wgWANObjectCache instead.
1315 These variables were introduced for multi-DC wiki farms to add a separate
1316 memcached proxy for cross-DC relaying of purges but never used because
1317 WANObjectCache works based on route prefixes, which can be transparently
1318 handled by the main memcached proxy.
1319 * $wgParserTestFiles – This setting, deprecated in 1.30, has now been removed;
1320 extensions can place their parser test files in `tests/parser` instead.
1321 * (T231412) $wgAutoloadAttemptLowercase – This setting, deprecated in 1.35, no
1322 longer has any effect. If you run into difficulties, fix the names of miscased
1324 * (T309787) $wgVerifyMimeTypeIE – This setting, to provide extra security checks
1325 for very old versions of Internet Explorer clients, was removed. These user
1326 agents aren't used in practice, and haven't been served JavaScript content for
1329 === New user-facing features in 1.40 ===
1330 * Special:Search can now show thumbnails for results for titles outside NS_FILE.
1331 This is controlled via the new onSearchResultProvideThumbnail hook.
1332 * A new preference ('search-thumbnail-extra-namespaces') to allow users to
1333 control whether to show more thumbnails (per $wgThumbnailNamespaces)
1334 * (T324910) On pages using multi-content revisions, the raw content of a
1335 specific slot can be retrieved using the action=raw&slot=<role-name> query
1337 * (T313804) The preferences page now provides a search bar to find preferences,
1338 regardless of the tab on which they appear.
1340 === New developer features in 1.40 ===
1341 * The MediaWiki-Docker development environment is now configured to
1342 run on PHP 8.1 by default, up from PHP 7.4 now that that's EOL.
1343 * Vue development mode is enabled by default in DevelopmentSettings.php
1344 * (T277618) The @noVarDump annotation from the DebugInfoTrait tool can now be
1345 added to references to stop them from being expanded when their object is
1346 passed to var_dump(), to make its use for debugging more feasible.
1347 * The ApiSandbox will now by default request responses in the latest API format,
1348 rather than the original format. Users can set `formatversion` to a different
1350 * A new hook, GetBlockErrorMessageKeyHook, allows extensions' block error
1351 messages to be received and displayed by BlockErrorFormatter.
1352 * A new hook, SpecialCreateAccountBenefits, lets extensions and local code set
1353 custom content on the signup page about the benefits of using an account.
1354 * (T321412) A new 'PageUndeleteComplete' hook has been added for more thorough
1355 information about a page post restoration than the 'PageUndelete' hook passes.
1356 This provides similar functionality to the 'PageDeleteComplete' hook.
1357 * The Linker::specialLink() method can now link to a Special page's with a sub-
1358 page or action parameter set, e.g. [[Special:Contributions/JohnDoe]].
1359 * The PHPUnit entrypoints (tests/phpunit/phpunit.php and vendor/bin/phpunit)
1360 now check if composer dependencies are up-to-date, like update.php, using
1361 CheckComposerLockUpToDate. To disable this check, use
1362 MW_SKIP_EXTERNAL_DEPENDENCIES=1 environment flag when running PHPUnit.
1363 * ManualLogEntry::setForceBotFlag() has been added to allow the forcing of the
1364 bot flag for log entries which are inserted to the recent changes.
1366 === External library changes in 1.40 ===
1368 ==== New external libraries ====
1369 * Added codex-design-tokens at v0.6.2.
1370 * Added symfony/polyfill-php81 at v1.27.0.
1371 * Added wikimedia/bcp-47-code at v1.0.0.
1373 ===== New development-only external libraries =====
1374 * Added wikimedia/langconv at v0.4.2.
1376 ==== Changed external libraries ====
1377 * Updated OOUI from v0.44.3 to v0.46.3.
1378 * Updated codex, codex-search, and codex-icons from v0.2.2 to v0.6.2.
1379 * Updated cssjanus/cssjanus from 2.1.0 to 2.1.1.
1380 * Updated guzzlehttp/guzzle 7.4.5 to 7.5.0.
1381 * Updated justinrainbow/json-schema from 5.2.11 to 5.2.12.
1382 * Updated pear/mail from 1.4.1 to 1.5.1.
1383 * Updated pear/net_smtp from 0.10.0 to 0.10.1.
1384 * Updated psr/container from 1.1.1 to 1.1.2.
1385 * Updated symfony/polyfill-php80 from 1.26.0 to 1.27.0.
1386 * Updated symfony/yaml from 5.4.10 to 5.4.17.
1387 * Updated wikimedia/html-formatter from 3.0.1 to 4.0.3.
1388 * Updated wikimedia/less.php from 3.1.0 to 4.0.0.
1389 * Updated wikimedia/object-factory from 4.0.0 to 5.0.1.
1390 * Updated wikimedia/parsoid from 0.16.0 to 0.17.0.
1391 * Updated wikimedia/remex-html from 3.0.2 to 3.0.3.
1392 * Updated wikimedia/shellbox from 3.0.0 to 4.0.0.
1393 * Updated wikimedia/timestamp from 4.0.0 to 4.1.0.
1394 * Updated wikimedia/xmp-reader from 0.8.4 to 0.9.1.
1396 ===== Changed development-only external libraries =====
1397 * Updated QUnit from 2.18.2 to 2.19.4.
1398 * Updated api-testing from 1.5.0 to 1.5.1.
1399 * Updated composer/spdx-licenses from 1.5.6 to 1.5.7.
1400 * Updated eslint-config-wikimedia from 0.22.1 to 0.24.0.
1401 * Updated giorgiosironi/eris from ^0.10.0 to ^0.13.0.
1402 * Updated grunt from 1.5.2 to 1.6.1.
1403 * Updated grunt-banana-checker from 0.9.0 to 0.10.0.
1404 * Updated grunt-eslint from 24.0.0 to 24.0.1.
1405 * Updated karma from 6.3.15 to 6.4.1.
1406 * Updated mediawiki/mediawiki-codesniffer from 38.0.0 to 41.0.0.
1407 * Updated mediawiki/mediawiki-phan-config from 0.11.1 to 0.12.1.
1408 * Updated php-parallel-lint/php-console-highlighter from 0.5 to 1.0.0.
1409 * Updated php-parallel-lint/php-parallel-lint from 1.3.1 to 1.3.2.
1410 * Updated phpunit/phpunit from 8.5.28 to 9.5.28.
1411 * Updated stylelint-config-wikimedia from 0.13.0 to 0.13.1.
1412 * Updated wikimedia/alea from 0.9.3 to 1.0.0.
1414 ==== Removed external libraries ====
1415 * jquery.throttle-debounce, deprecated since MediaWiki 1.33.
1416 * WVUI, deprecated since MediaWiki 1.39.
1418 === Action API changes in 1.40 ===
1419 * New `cancreateaccount` parameter on action=query&meta=userinfo that allows
1420 you to check if the user can create an account. Some of the errors that have
1421 previously been returned by action=query&list=users&usprop=cancreate are now
1424 === Languages updated in 1.40 ===
1425 MediaWiki supports over 400 languages. Many localisations are updated regularly.
1426 Below only new and removed languages are listed, as well as changes to languages
1427 because of Phabricator reports.
1429 * (T300378) Added language support for Toki Pona (tok).
1430 * (T320465) Added language support for Magahi (mag).
1431 * (T320912) Added language support for Arakanese (rki).
1432 * (T323971) Added language support for Khakas (kjh).
1433 * (T326526) Added language support for Igala (igl).
1434 * (T329476) Added language support for Kusaal (kus).
1435 * (T330266) Added language support for Southern Dagaare (dga).
1436 * (T331596) Added language support for Obolo (ann).
1437 * (T331597) Added language support for Nogai (nog).
1438 * (T331599) Added language support for Wolaytta (wal).
1439 * (T295637) Add no to fallback chain of nb and nn.
1441 === Breaking changes in 1.40 ===
1442 * OutputPage::enableClientCache no longer accepts a parameter, nor does it
1443 return the current value. It simply sets the OutputPage::mEnableClientCache
1444 to true. Use OutputPage::disableClientCache to disable client side caching
1446 * ResourceLoader::makeMessageSetScript, unused since 1.26, has been removed
1447 without deprecation.
1449 - The internal protected method Skin::getFooterLinks() was removed.
1450 It had no known usages. Different from SkinTemplate::getFooterLinks.
1451 - The internal public method Skin::getSiteFooterLinks() was removed.
1452 It had no known usages.
1453 * The 'oojs-router' module has been removed without deprecation in favour
1454 of the 'mediawiki.router' wrapper module.
1455 * BagOStuff::makeKeyInternal(), deprecated for public use in 1.36, is now a
1456 protected method of MediumSpecificBagOStuff.
1457 * WANObjectCache::reap() and WANObjectCache::reapCheckKey(), deprecated since
1458 1.39, have been removed.
1459 * The EnqueueJob class, unused since 1.31, has been removed without
1461 * JobQueueGroup::singleton() and ::destroySingletons(), deprecated since 1.37,
1463 * JobRunner no longer supports manually calling the constructor,
1464 use MediaWikiServices::getInstance()->getJobRunner() instead.
1465 * JobRunner::setLogger, deprecated since 1.35, has been removed.
1466 * ContextSource::getStats, deprecated since 1.27, has been removed.
1467 * The following public properties of Parser, deprecated in 1.35,
1468 have been made private: Parser::$mLinkId, Parser::$mIncludeSizes,
1469 Parser::$mDoubleUnderscore, Parser::$mShowToc, Parser::$mRevisionId,
1470 Parser::$mRevisionTimestamp, Parser::$mRevisionUser, Parser::$mRevisionSize,
1471 Parser::$mInputSize, Parser::$mInParse, Parser::$mFirstCall,
1472 Parser::$mGeneratedPPNodeCount
1473 * The MWGrants class, deprecated since 1.38, has been removed.
1474 * PageProps::getInstance(), deprecated since 1.38, has been removed.
1475 * Global functions wfReadOnly and wfReadOnlyReason, deprecated since 1.38, have
1477 * Global function wfQueriesMustScale, deprecated since 1.39, has been removed.
1478 * Global function wfLogProfilingData, deprecated since 1.38, has been removed.
1479 * The HTMLCacheUpdate class, deprecated since 1.34, has been removed.
1480 * Linker::normaliseSpecialPage(), deprecated since 1.35, has been removed.
1481 * MWTimestamp::getHumanTimestamp(), deprecated since 1.26, has been removed.
1482 * Collation::singleton() and ::factory(), deprecated since 1.37, have been
1484 * SpecialVersion::listToText() and SpecialVersion::arrayToString()
1485 have become private or internal without deprecation.
1486 * The 'ParserTestFiles' key in the schema for extension.json has been removed.
1487 This was deprecated in 1.30 and the corresponding $wgParserTestFiles
1488 configuration variable has also been removed in this release. Extensions
1489 can put parser test files in their `tests/parser` directory to have them
1491 * DBLockManager, MySqlLockManager, and PostgreSqlLockManager have been
1492 removed without deprecation.
1493 * MediaWikiTestCaseTrait::checkPHPExtension() has been removed without
1494 deprecation. Use PHPUnit @requires annotations instead.
1495 * EditPage::getCopywarn(), deprecated since 1.38, has been removed.
1496 * EditPage::getCopyrightWarning() now requires a MessageLocalizer parameter.
1497 Use of other parameter types or omitting it was deprecated since 1.38.
1498 * Action constructor now requires Article and IContextSource parameters.
1499 Use of other parameter types or omitting them was deprecated since 1.35.
1500 * Article::viewRedirect(), deprecated since 1.30, has been removed.
1501 * Title::getNotificationTimestamp(), deprecated since 1.35, has been removed.
1502 * WikiRevision::$fileIsTemp property, deprecated since 1.29, has been removed.
1503 * Use of CommentStore::insertWithTempTable() with 'img_description' is no
1504 longer supported, it was deprecated since 1.32. Use CommentStore::insert()
1506 * Return values in the parameter $pageLang of the PageContentLanguage hook with
1507 other types than a Language object, deprecated since 1.33 & emitting warnings
1508 since 1.38, now throws an exception.
1509 * FormatMetadata::flattenArrayContentLang(), deprecated since 1.36, has been
1511 * WikiRevision::downloadSource() and ::importUpload(), deprecated since 1.31,
1513 * DataUpdate::runUpdates(), deprecated since 1.28, has been removed.
1514 * CdnCacheUpdate::newFromTitles(), deprecated since 1.35, has been removed.
1515 * HtmlFileCacheUpdate::newFromTitles(), deprecated since 1.37, has been
1517 * BaseTemplate::renderAfterPortlet() and ::getAfterPortlet(), has been removed.
1518 Use the corresponding methods in Skin class.
1519 * DifferenceEngine::textDiff(), deprecated since 1.32, has been removed.
1520 * Skin::getSearchPageTitle() and Skin::setSearchPageTitle(), deprecated since
1521 1.38, have been removed.
1522 * DifferenceEngine::getDiffBodyCacheKey(), deprecated since 1.31, has been
1524 * ForeignDBViaLBRepo::getMasterDB(), LocalRepo::getMasterDB(), and
1525 JobQueueDB::getMasterDB(), deprecated since 1.37, have been removed.
1526 * Clarified that the InitializeArticleMaybeRedirect hook should not change
1527 its $article parameter; the behavior when doing so was previously
1529 * IDatabase::ping()'s $rtt parameter was removed without deprecation.
1530 * IDatabase::setBigSelects(), unused, was removed without deprecation.
1531 * IDatabase::attributesFromType(), unused, was removed without deprecation.
1532 * IMaintainableDatabase::deadlockLoop() was removed without deprecation.
1533 * DatabasePostgres::remappedTableName(), deprecated since 1.37, has been
1535 * ILBFactory::getChronologyProtectorClientId and ::commitAll, unused, were
1536 removed without deprecation.
1537 * LoadBalancer::haveIndex() and ::isNonZeroLoad(), deprecated in 1.34,
1539 * LoadBalancer::getLazyConnectionRef(), deprecated in 1.38, has been removed.
1540 * ILBFactory::forEachLB(), deprecated in 1.39, has been removed.
1541 * LoadBalancer::getTransactionRoundStage and ::commitAll, unused, were
1542 removed without deprecation.
1543 * ILoadBalancer::getLaggedReplicaMode, unused, was removed without
1544 deprecation. Use ILBFactory::laggedReplicaUsed() instead.
1545 * Optional parameters of ILoadBalancer::waitForPrimaryPos(), $pos and $timeout
1546 have been removed without deprecation as they are unused.
1547 * LoadMonitorMysql was removed without deprecation. Use LoadMonitor instead.
1548 * IDatabase::selectDB(), deprecated since 1.32, has been removed.
1549 Use IDatabase::selectDomain() instead.
1550 * The following deprecated hooks have been removed:
1551 - BaseTemplateAfterPortlet, deprecated in 1.35
1552 - BeforeParserFetchTemplateAndtitle, deprecated in 1.36
1553 - BeforeParserrenderImageGallery, deprecated in 1.35
1554 - InternalParseBeforeSanitize, deprecated in 1.35
1555 - LinksUpdateConstructed, deprecated in 1.38
1556 - LinksUpdateAfterInsert, deprecated in 1.38
1557 - ParserSectionCreate, deprecated in 1.35
1558 - ResourceLoaderTestModules, deprecated in 1.33
1559 - SpecialMuteSubmit, deprecated in 1.35
1560 - UserLoadFromDatabase, deprecated in 1.37
1561 - UserSetCookies, deprecated in 1.27
1562 * RemexDriver::__construct() now only accepts a ServiceOptions instance as
1563 the only argument. Passing an array was deprecated since 1.36.
1564 * TidyDriverBase::supportsValidate(), deprecated since 1.36, has been removed.
1565 * RevDelList::reloadFromMaster(), deprecated since 1.37, has been removed.
1566 * ExternalStoreDB::getMaster(), deprecated since 1.37, has been removed.
1567 * DeletePage::deletionWasScheduled(), deprecated since 1.38, has been removed.
1568 * The SearchResultProvideThumbnailHook (which was unstable) and now no longer
1569 used, has been removed. Use SearchResultProvideThumbnailHook in the search
1570 namespace: MediaWiki\Search\Hook\SearchResultProvideThumbnailHook.
1571 * Command::cgroup(), deprecated since 1.36, has been removed.
1572 * When running tests, the serialize_precision INI setting is now set to -1
1573 (current PHP default) instead of 17. Extension tests may need to be adjusted
1574 accordingly; string representations of floating-point numbers in serialized
1575 or JSON-encoded data may change.
1576 * WikiRevision::$sha1base36 is now private.
1577 * IcuCollation::getUnicodeVersionForICU() was removed without deprecation.
1578 * LinkFilter::supportsIDN() was removed without deprecation.
1579 * The ability to pass null for the errorData parameter of HttpException and
1580 LocalizedHttpException was removed without deprecation.
1581 * ApiQueryExtLinksUsage::getProtocolPrefix() and ::prepareProtocols() have
1582 been moved to LinkFilter with the same name.
1583 * .box-sizing() Less mixin, deprecated since 1.37, has been removed.
1584 Use CSS box-sizing now.
1585 * MimeAnalyzer::getIEMimeTypes() and IEContentAnalyzer were removed.
1586 * Language::commafy and mw.language.commafy, deprecated since 1.36, has been
1588 * BagOStuff::decr(), deprecated since 1.28, has been removed.
1589 * BagOStuff::incr(), deprecated since 1.28, has been removed.
1591 === Deprecations in 1.40 ===
1593 - The public Skin::footerLink is deprecated.
1594 Use SkinComponentMenuLink::getTemplateData instead.
1595 It now emits deprecation warnings.
1596 - The protected Skin::lastModified is deprecated, and marked for @internal use
1597 and now emits deprecation warnings.
1598 * Manipulating $wgHooks after initialization is deprecated.
1599 HookContainer::register() or HookContainer::scopedRegister() should be
1600 used instead. During initialization, SettingsBuilder::registerHookHandlers
1601 can be used. For backwards compatibility, $wgHooks is replaced by a fake
1602 array that calls methods on HookContainer. $wgHooks can still be used as a
1603 configuration variable, only dynamic manipulation is deprecated.
1604 * ParserOptions::{get,set}ExternalLinkTarget() and
1605 ParserOptions::{get,set}MaxTemplateDepth() have been deprecated and marked
1606 for @internal use only.
1607 * ParserOutput::getCategories() has been deprecated; use ::getCategoryNames()
1608 and ::getCategorySortKey() instead.
1609 * ParserOutput::{get,set}TOCHTML() has been deprecated; use
1610 ::{get,set}TOCData() instead.
1611 * TransactionProfiler::setSilenced() is deprecated.
1612 Use TransactionProfiler::silenceForScope() instead.
1613 * The following methods in the Title class, deprecated since 1.37, emits
1614 deprecations warnings:
1615 - ::areCascadeProtectionSourcesLoaded()
1616 - ::areRestrictionsCascading()
1617 - ::areRestrictionsLoaded()
1618 - ::getAllRestrictions()
1619 - ::getCascadeProtectionSources()
1620 - ::getFilteredRestrictionTypes()
1621 - ::getRestrictionExpiry()
1622 - ::getRestrictionTypes()
1623 - ::getRestrictions()
1624 - ::isCascadeProtected()
1626 - ::isSemiProtected()
1627 - ::loadRestrictionsFromRows()
1628 * The class Pbkdf2Password was renamed to Pbkdf2PasswordUsingHashExtension,
1629 and the old name is now deprecated.
1630 * WikiPage::factory(), ::newFromID() and ::newFromRow, deprecated in 1.36, now
1631 emit deprecation warnings.
1632 * Manually constructing a LinkBatch object, deprecated in 1.35, now emits
1633 deprecation warnings. Use LinkBatchFactory instead.
1634 * Calling MediaWikiSite::getFileUrl() without a $path argument is deprecated.
1635 If you need the "generic" full file path, with $1 not replaced by anything,
1636 call $site->getPath( MediaWikiSite::PATH_FILE ) directly.
1637 * In SessionConsistentConnectionManager, the methods
1638 getReadConnectionRef() and getWriteConnectionRef() are deprecated;
1639 the ConnectionManager methods they override had been deprecated already.
1640 * Database::wasErrorReissuable() is deprecated.
1641 * MimeAnalyzer::isPHPImageType was not used and will now emit deprecation
1643 * GenericArrayObject, originally developed for Wikibase and SiteList, has been
1644 deprecated. Use built-in ArrayObject directly instead.
1645 * Parser::getFunctionLang() has been deprecated; use
1646 Parser::getTargetLanguage() instead.
1647 * MagicWordArray::getVariableRegex(), deprecated in 1.36, now emits deprecation
1649 * AbstractBlock::getId() now emits deprecation warnings in case of cross-wiki
1650 access. This use was deprecated in 1.38.
1651 * CommentStore::getStore, deprecated in 1.31, now emits deprecation warnings.
1652 * BacklinkCache::get(), ::getLinks() and ::getCascadeProtectedLinks(),
1653 deprecated in 1.37, now emit deprecation warnings.
1654 * LanguageConverterFactory::isTitleConversionDisabled(), deprecated in 1.36,
1655 now emits deprecation warnings.
1656 * Language::getFileName(), ::getMessagesFileName() and
1657 ::getJsonMessagesFileName(), deprecated in 1.34,
1658 now emit deprecation warnings.
1659 * Language::getLocalisationCache(), deprecated in 1.34, also
1660 Language::getMessagesFor(), ::getMessageFor() and ::getMessageKeysFor(),
1661 deprecated in 1.35, now emit deprecation warnings.
1662 * User::incEditCount(), deprecated in 1.37, now emits deprecation warnings.
1663 * User::idFromName(), deprecated in 1.37, now emits deprecation warnings.
1664 * The ability to override and use User::$mRights, deprecated in 1.34, now emits
1665 deprecation warnings.
1666 * IndexPager::getHookContainer is deprecated and emits deprecation warnings.
1667 Inject a HookContainer instead.
1668 * User::getGroupPermissions(), ::getGroupsWithPermission() and
1669 ::groupHasPermission(), deprecated in 1.34, now emit deprecation warnings.
1670 * PermissionManager::getGroupPermissions(), ::getGroupsWithPermission() and
1671 ::groupHasPermission(), deprecated in 1.36, now emit deprecation warnings.
1672 * Global function wfShowingResults is deprecated and emits deprecation warnings.
1673 * UserGroupMembership::getGroupMemberName is deprecated, the deprecation of
1674 UserGroupMembership::getGroupName in 1.38 missed a release note.
1675 Use Language::getGroupMemberName or ::getGroupName instead.
1676 * AbstractBlock::getPermissionsError(), deprecated in 1.35, now emits
1677 deprecation warnings.
1678 * SearchEngine::getNearMatcher() and ::getDefaultMatcher() have been deprecated
1679 in favor of MediaWikiServices::getInstance()->getTitleMatcher().
1680 * SearchNearMatcher class has been deprecated in 1.40 in favor of TitleMatcher.
1681 * The following functions are deprecated: User::isBlockedGlobally and
1682 User::getGlobalBlock. Use User::getBlock instead.
1683 * The UserIsBlockedGlobally hook is deprecated.
1684 Use GetUserBlock hook instead.
1685 * The SystemBlock type global-block is deprecated.
1686 GlobalBlocks are now added into CompositeBlocks via the GetUserBlock hook.
1687 * Language::isWellFormedLanguageTag(), deprecated in 1.39, now emits deprecation
1688 notices. Please use LanguageCode::isWellFormedLanguageTag() instead.
1689 * Language::fetchLanguageNames() and ::fetchLanguageName(), deprecated in 1.34,
1690 now emit deprecation warnings.
1691 * Language::getFallbackFor(), ::getFallbacksIncludingSiteLanguage() and
1692 ::getFallbacksFor(), deprecated in 1.35, now emit deprecation warnings.
1693 * Language::isSupportedLanguage(), ::isValidCode(), ::isValidBuiltInCode() and
1694 ::isKnownLanguageTag(), deprecated in 1.34, now emit deprecation warnings.
1695 * Language::getConverter(), ::autoConvert(), ::autoConvertToAllVariants(),
1696 ::convert(), ::convertNamespace(), ::convertHtml(), ::convertCategoryKey(),
1697 ::getVariants(), ::hasVariants(), ::hasVariant(), ::getDefaultVariant(),
1698 ::getURLVariant(), ::getExtraHashOptions(), ::getConvRuleTitle(),
1699 deprecated in 1.35, now emit deprecation warnings.
1700 * Language::factory() and ::getParentLanguage(), deprecated in 1.35, now emit
1701 deprecation warnings.
1702 * Executing maintenance scripts directly is deprecated. The maintenance/run.php
1703 entry point should be used instead.
1704 * MWHttpRequest::factory, deprecated in 1.34, now emits deprecation warnings.
1705 * Job::factory is deprecated, use JobFactory::newJob instead.
1706 * Http::request(), ::get(), ::post(), ::userAgent() and ::isValidURI(),
1707 deprecated in 1.34, now emit deprecation warnings.
1708 * Title.js's confusingly-named getName() and getNameText() methods, for using
1709 media files' pages, have been renamed to getFileNameWithoutExtension() and
1710 getFileNameTextWithoutExtension() respectively. The old names are deprecated.
1711 * Command::whitelistPaths() should now emit deprecation warnings. Make use of
1712 Command::allowPaths/disallowPaths() instead.
1713 * When manually creating an HTMLFormField (i.e. not via HTMLForm::factory),
1714 it is deprecated to not include the "parent" field as one of the parameters.
1715 * The MWException class is deprecated. Use native exceptions, either directly
1717 * SelectQueryBuilder::lockForUpdate() is deprecated. Use ::forUpdate() with
1718 ::fetchRowCount() or ::acquireRowLocks() instead.
1719 * ArticleUndelete hook is deprecated. Use PageUndeleteComplete hook instead.
1720 * The global function wfReportTime() is now deprecated.
1721 * PrevNextNavigationRenderer, deprecated in 1.39, now emits deprecation
1723 * PagerNavigationBuilder::setMakeLinkCallback(), deprecated in 1.39, now emits
1724 deprecation warnings.
1725 * IndexPager::getPagingLinks(), IndexPager::getLimitLinks() and
1726 IndexPager::buildPrevNextNavigation(), deprecated in 1.39, now emit
1727 deprecation warnings.
1728 * Overriding the method IndexPager::makeLink(), deprecated in 1.39, now emits
1729 deprecation warnings.
1730 * The following class names were namespaced (and, for the special pages,
1731 also renamed), and the old class names are now deprecated:
1732 - MostimagesPage -> MediaWiki\Specials\SpecialMostImages
1733 - MovePageForm -> MediaWiki\Specials\SpecialMovePage
1734 - UserrightsPage -> MediaWiki\Specials\SpecialUserRights
1735 - WantedFilesPage -> MediaWiki\Specials\SpecialWantedFiles
1736 - WantedPagesPage -> MediaWiki\Specials\SpecialWantedPages
1737 - DerivativeRequest -> MediaWiki\Request\DerivativeRequest
1738 - FauxRequest -> MediaWiki\Request\FauxRequest
1739 - FauxRequestUpload -> MediaWiki\Request\FauxRequestUpload
1740 - PathRouter -> MediaWiki\Request\PathRouter
1741 - WebRequestUpload -> MediaWiki\Request\WebRequestUpload
1742 - HeaderCallback -> MediaWiki\Request\HeaderCallback
1743 - FauxResponse -> MediaWiki\Request\FauxResponse
1744 - WebResponse -> MediaWiki\Request\WebResponse
1745 - ForeignResourceManager ->
1746 MediaWiki\ResourceLoader\ForeignResourceManager
1747 - DummyLinker -> MediaWiki\Linker\DummyLinker
1748 - Linker -> MediaWiki\Linker\Linker
1749 - PageProps -> MediaWiki\Page\PageProps
1750 - MagicWord -> MediaWiki\Parser\MagicWord
1751 - MagicWordArray -> MediaWiki\Parser\MagicWordArray
1752 - MagicWordFactory -> MediaWiki\Parser\MagicWordFactory
1753 - RawMessage -> MediaWiki\Language\RawMessage
1754 - ActorMigration -> MediaWiki\User\ActorMigration
1755 - ActorMigrationBase -> MediaWiki\User\ActorMigrationBase
1756 - CategoriesRdf -> MediaWiki\Category\CategoriesRdf
1757 - Category -> MediaWiki\Category\Category
1758 - CategoryViewer -> MediaWiki\Category\CategoryViewer
1759 - TrackingCategories -> MediaWiki\Category\TrackingCategories
1760 - EditPage -> MediaWiki\EditPage\EditPage
1761 - TemplatesOnThisPageFormatter ->
1762 MediaWiki\EditPage\TemplatesOnThisPageFormatter
1763 - ContentSecurityPolicy -> MediaWiki\Request\ContentSecurityPolicy
1764 - FormOptions -> MediaWiki\Html\FormOptions
1765 - Html -> MediaWiki\Html\Html
1766 - HtmlHelper -> MediaWiki\Html\HtmlHelper
1767 - TemplateParser -> MediaWiki\Html\TemplateParser
1768 - FormOptions -> MediaWiki\Html\FormOptions
1769 - WikiMap -> MediaWiki\WikiMap\WikiMap
1770 - WikiReference -> MediaWiki\WikiMap\WikiReference
1771 - MediaWiki\BadFileLookup -> MediaWiki\Page\File\BadFileLookup
1772 - FileDeleteForm -> MediaWiki\Page\File\FileDeleteForm
1773 - MergeHistory -> MediaWiki\Page\MergeHistory
1774 - MovePage -> MediaWiki\Page\MovePage
1775 - ProtectionForm -> MediaWiki\Page\ProtectionForm
1776 - LinkFilter -> MediaWiki\ExternalLinks\LinkFilter
1777 - TitleArray -> MediaWiki\Title\TitleArray
1778 - TitleArrayFromResult -> MediaWiki\Title\TitleArrayFromResult
1779 - TitleFactory -> MediaWiki\Title\TitleFactory
1780 - Title -> MediaWiki\Title\Title
1781 - ForkController -> MediaWiki\Maintenance\ForkController
1782 - OrderedStreamingForkController ->
1783 MediaWiki\Maintenance\OrderedStreamingForkController
1784 - AtomFeed -> MediaWiki\Feed\AtomFeed
1785 - ChannelFeed -> MediaWiki\Feed\ChannelFeed
1786 - FeedItem -> MediaWiki\Feed\FeedItem
1787 - FeedUtils -> MediaWiki\Feed\FeedUtils
1788 - RSSFeed -> MediaWiki\Feed\RSSFeed
1789 - DeprecatedGlobal -> MediaWiki\StubObject\DeprecatedGlobal
1790 - StubGlobalUser -> MediaWiki\StubObject\StubGlobalUser
1791 - StubObject -> MediaWiki\StubObject\StubObject
1792 - StubUserLang -> MediaWiki\StubObject\StubUserLang
1793 * ContentHandler::getParserOutputForIndexing() and ::getDataForSearchIndex()
1794 now take an optional RevisionRecord parameter.
1795 * The SearchDataForIndex hook is deprecated in favor of SearchDataForIndex2
1796 * IDatabase::lastQuery and IReadableDatabase::lastQuery are deprecated without
1797 without replacement.
1799 === Other changes in 1.40 ===
1800 * Calling RecentChange::doMarkPatrolled() with $auto = true has no effect and
1801 logs a warning. Since 1.31, it would mark the change as manually patrolled,
1802 but would not log it as such in patrol log and would still require
1803 'autopatrol' right (not 'patrol'). Generally, whether a change should become
1804 autopatrolled, is usually determined before it's inserted in the database.
1805 * In versions of MediaWiki before 1.39, the table of contents location
1806 was marked internally with <mw:toc>...</mw:toc>; in version 1.39
1807 this was changed to an empty tag <mw:tocplace />. In 1.40 this has
1808 been changed a final time to use an empty <meta> tag for future
1809 Parsoid compatibility (see Parser::TOC_PLACEHOLDER). This may
1810 affect you if stale content is left in the ParserCache or if your
1811 skin did manual ToC replacement without using the recommended
1812 Parser::replaceTableOfContentsMarker() function.
1813 * Skins can now choose which Codex theme should be loaded by setting the
1814 SkinCodexThemes attribute in their skin.json file.
1815 * The parser test framework has been updated, and the 'pst', 'ill', 'cat'
1816 and 'showflags' options have slight differences in their output. These
1817 options are not much used outside core, but third parties may need to
1818 update parser tests.
1819 * (T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter.
1823 MediaWiki 1.40 requires PHP 7.4.3 or later and the following PHP extensions:
1834 MariaDB is the recommended database software. MySQL, PostgreSQL, or SQLite can
1835 be used instead, but support for them is somewhat less mature.
1837 The supported versions are:
1839 * MariaDB 10.3 or higher
1840 * MySQL 5.7.0 or higher
1841 * PostgreSQL 10 or later
1842 * SQLite 3.8.0 or later
1844 == Online documentation ==
1845 Documentation for both end-users and site administrators is available on
1846 MediaWiki.org, and is covered under the GNU Free Documentation License (except
1847 for pages that explicitly state that their contents are in the public domain):
1849 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
1852 A mailing list is available for MediaWiki user support and discussion:
1854 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
1856 A low-traffic announcements-only list is also available:
1858 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
1860 It's highly recommended that you sign up for one of these lists if you're
1861 going to run a public MediaWiki, so you can be notified of security fixes.
1864 There's usually someone online in #mediawiki on irc.libera.chat.
1868 PHP 8.0 workboard: https://phabricator.wikimedia.org/tag/php_8.0_support/
1869 PHP 8.1 workboard: https://phabricator.wikimedia.org/tag/php_8.1_support/
1870 PHP 8.2 workboard: https://phabricator.wikimedia.org/tag/php_8.2_support/
1871 PHP 8.3 workboard: https://phabricator.wikimedia.org/tag/php_8.3_support/
1873 == MediaWiki 1.39.5 ==
1875 This is a security and maintenance release of the MediaWiki 1.39 branch.
1877 === Changes since MediaWiki 1.39.4 ===
1878 * Localisation updates.
1879 * (T333050, CVE-2023-45363) SECURITY: Fix infinite loop for self-redirects
1880 with variants conversion.
1881 * docs: Fix a few typos in MainConfigSchema.
1882 * (T309714) mime: Add support for 'font/sfnt' mime type.
1883 * (T341434) WikiImporter: Improve error message output.
1884 * (T317255) VueComponentParser: Use Zest's getElementsByTagName() rather than
1886 * (T341737) ApiBase: Cast $id to string in filterIDs.
1887 * (T286291, T296188) Merge zh and zh-tw namespace translations back to zh-hans,
1888 zh-hant, zh-hk respectively.
1889 * (T337875) WRStats: Round up SequenceSpec::hardExpiry to the nearest integer.
1890 * (T237898) installer: Check MariaDB version in updater/installer.
1891 * (T342632) ApiComparePages: Add help url.
1892 * (T326182, T324903) EditPage: Add #[AllowDynamicProperties].
1893 * (T342351) rdbms: Fix postgres db function call.
1894 * (T343675) user: Use {@} to escape annotation when writting about annotation.
1895 * (T343797) LanguageWa: Fix double timezone adjustment.
1896 * (T326454) Update pear/mail to 1.5.1.
1897 * (T343622) docs: Set the <comment> tag back to optional.
1898 * (T330528) Upgrade wikimedia/html-formatter from 3.0.1 to 4.0.3.
1899 * (T337463) wdio-mediawiki: await saveScreenshot.
1900 * (T274041) Include core PSR-4 classes in the generated classmap.
1901 * (T208477) $wgPrivilegedGroups – Users belonging in some of the listed groups
1902 will be audited more aggressively.
1903 * doc: Improve description of "type" in extension.schema.v2.json.
1904 * Added PrivilegedGroups attribute for extension.json / skin.json, which lets
1905 you add any new user groups you define to wgPrivilegedGroups (see above).
1906 * HTMLForm: Fix E_NOTICE when hide-if is used with setFormIdentifier.
1907 * (T288624) MultiHttpClient: Unset $this->cmh after closing it.
1908 * (T345039) Do not run SkinAfterBottomScripts hook twice unconditionally.
1909 * (T265734) API Help: Note that parameters may be inherited from other context.
1910 * API: Make continue parameter help description more specific.
1911 * (T285545) i18n: Split apihelp for standard dir parameter.
1912 * (T285545) i18n: Split apihelp for redirects/linkshere/transcludedin/fileusage
1914 * (T285545) i18n: Split apihelp for parameter list=deletedrevs&drprop=.
1915 * (T285545) i18n: Split apihelp for parameter list=allpages&apprexpiry=.
1916 * (T285545) i18n: Split apihelp for parameter action=opensearch&redirects=.
1917 * (T285545) i18n: Split apihelp for parameter action=managetags&operation=.
1918 * (T285545) api: Add message for list=watchlist&wlprop=expiry.
1919 * (T334011) ApiComparePages: expose 'difftype' param if wikidiff2 is installed.
1920 * (T342633) api: Add message for action=compare&prop=timestamp.
1921 * API: revids=… does not necessarily return the queried revisions.
1922 * (T326696) user: Truncate option value in UserOptionsManager.
1923 * (T326696) ApiOptions: Give warning if the value is too long.
1924 * API i18n: Add {{PLURAL:}} for byte count messages.
1925 * (T235207) Get correct main page in API call examples.
1926 * doc: Make extension.schema.v2.json a valid JSON schema.
1927 * updateSpecialPages.php: Avoid implicit float conversion on modulo.
1928 * (T347227) ImportReporter: Make callback functions public.
1929 * (T346898) importDump: Unconditionally call $importer->setUsernamePrefix().
1930 * doc: Improve description of type in extension.schema.v1.json.
1931 * (T340217, CVE-2023-45359) SECURITY: Vector 2022: Numerous unescaped
1932 messages leading to potential XSS.
1933 * (T340220, CVE-2023-45361) SECURITY: Vector 2022: vector-intro-page
1934 message is assumed to yield a valid title.
1935 * (T340221, CVE-2023-45360) SECURITY: XSS via
1936 'youhavenewmessagesmanyusers' and 'youhavenewmessages' messages.
1937 * (T341529, CVE-2023-45362) SECURITY: diff-multi-sameuser
1938 ("X intermediate revisions by the same user not shown") ignores
1939 username suppression.
1940 * (T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted
1941 XML file to Special:Upload (non-standard configuration).
1943 == MediaWiki 1.39.4 ==
1945 This is a security and maintenance release of the MediaWiki 1.39 branch.
1947 === Changes since MediaWiki 1.39.3 ===
1948 * Localisation updates.
1949 * (T333990) composer.json: Explicitly pin psr/http-message to 1.0.1.
1950 * (T335203, CVE-2023-29197) SECURITY: Upgrading guzzlehttp/psr7
1952 * (T333776) {{ACTIVEUSERS}} wasn't being updated without updateSpecialPages.php.
1953 * (T258860) Prevent LogicCache exception from message cache during IO errors
1955 * (T336868) Improve idempotency of postgres index upgrades.
1956 * (T322944) Add Authorization to default $wgAllowedCorsHeaders.
1957 * (T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter.
1958 * A fake MessageLocalizer for use in unit tests.
1959 * (T338114) Title: Add forward alias.
1960 * composer: Add symfony/polyfill-php81 like symfony/polyfill-php80.
1961 * (T330464) Work around argument corruption bug in XMLReader::open.
1962 * Fix frame and frameless rdfa depending on file existing.
1963 * Fixes for the phan upgrade, part 1.
1964 * Fixes for the phan upgrade, part 2.
1965 * (T298571) build: Update mediawiki/mediawiki-phan-config to 0.12.0.
1966 * build: Updating mediawiki/mediawiki-phan-config to 0.12.1.
1967 * (T329214) Pass whether current rev of file exists to
1968 Linker::makeBrokenImageLinkObj.
1969 * (T334659) Handle thumb errors when !$enableLegacyMediaDOM.
1970 * A manualthumb that doesn't exist should be considered a thumb error.
1971 * (T313157) IndexPager: Also protect against $offset being 0.
1972 * (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker.
1974 == MediaWiki 1.39.3 ==
1976 This is a security and maintenance release of the MediaWiki 1.39 branch.
1978 === Changes since MediaWiki 1.39.2 ===
1979 * Localisation updates.
1980 * (T328477) LinksUpdate: Use DB key for category links table.
1981 * GlobalFunctions: Remove check for MEDIAWIKI constant.
1982 * (T329484) API: Fix query+allimages user parameter description.
1983 * (T330529) SpecialEditTags: Set default of '' for wpReason.
1984 * (T330382) postgres: Make the upgrade ignore dropping indexes that
1986 * (T330526) htmlform: Handle null from HTMLFormField::getDefault in
1988 * (T291753) rdbms: escape backslashes in makeConnectionString for PostgreSQL.
1989 * (T325529) Fix total breakage of wgCanonicalServer fallback.
1990 * (T318103) mediawiki.storage: Disable async GC during integration test.
1991 * (T332461, T332397) TempFSFile: Keep the WeakMap alive.
1992 * (T332902) page: fix InvalidArgumentException in SQLPlatform::makeList.
1993 * (T285159, CVE-2023-29141) SECURITY: Do not apply autoblocks to untrusted
1996 == MediaWiki 1.39.2 ==
1998 This is a maintenance release of the MediaWiki 1.39 branch.
2000 === Changes since MediaWiki 1.39.1 ===
2001 * Localisation updates.
2002 * (T325872) ChangeTags: Remove table name from condition.
2003 * (T324895) MWCallbackStream: Add explicit $stream property.
2004 * (T297031, T326039) PostgresUpdater: Move setDefault ahead of
2005 changeNullableField.
2006 * (T321319) Produce HTML for invalid JSON.
2007 * (T215466, T326071) MigrateActors: Write to revision table (Follow-up 24115a8).
2008 * (T223027) ReservedUsernames config: Add reserved names from maintenance
2010 * (T325000, T324896, T307631) Updated OOUI from v0.44.3 to v0.44.5.
2011 * Remove /images .htaccess rules that are no longer relevant.
2012 * Disable php in .htaccess of images directory as a hardening measure.
2013 * (T322583) Include missing message parameter in message.
2014 * LocalFileTest: use encodeBlob/decodeBlob for img_metadata.
2015 * DatabaseSqlite: fix null blobs.
2016 * rdbms: avoid pg_escape_bytea() call-style deprecation notices.
2017 * (T322278) Improve LocalisationCache post-merge validation check.
2018 * (T324408, T326367) Updated wikimedia/remex-html from 3.0.2 to 3.0.3.
2019 * (T322278) Fix the remaining Phan failures on PHP 8.1.
2020 * (T322278, T326367) Respond to some messages from Phan on PHP 8.1.
2021 * Fix phan error when Excimer is enabled.
2022 * (T326021) Add matrix: to $wgUrlProtocols.
2023 * (T314099) stream wrapper: Declare $context class property.
2024 * (T314099) libs\jsminplus: Declare JSNode::$expression.
2025 * (T314096) composer.json: Updated composer/spdx-licenses from 1.5.6 to 1.5.7.
2026 * (T326472) Upgrading cssjanus/cssjanus (v2.1.0 => v2.1.1).
2027 * (T308536) rdbms: Remove deprecation mark for $wgSharedDB.
2028 * (T215466, T326071) installer: Split drop action out of the SQL patch for actor
2030 * (T322603) SqliteMaintenance.php: Fix fatally broken instanceof check.
2031 * (T326377) rdbms: Use DBConnRef in SelectQueryBuilder.
2032 * api/en.json: api-help-datatype-expiry add missing 'may'.
2033 * (T317329) OutputPage: Fix undefined ['host'] in ImagePreconnect code.
2034 * (T328222) Pass empty string to strlen() if schema is null for
2036 * (T289926) SpecialRevisionDelete: Set default of '' for wpReason.
2037 * (T155582, T328503) Fix XML dumps for content types with non-string
2039 * (T326886) PoolCounterRedis: Fix wrong cast, locks weren't being released.
2040 * (T314099) revisiondelete: Replace dynamic property Status::$itemStatuses
2041 * (T327821) skin: Restore default 'value' attribute in makeSearchButton().
2042 * (T329198) ParamValidator: Improve paramvalidator-help-multi-max message.
2043 * (T329415) Clear the statsd data buffer regardless of StatsdServer config.
2044 * (T292348) WikiImporter: do not fail if upload entry in dump lacks 'text' tag.
2045 * (T330049) UnregisteredLocalFile: Don't call MimeAnalyzer if no path.
2046 * (T324894 TempFSFile: Use a WeakMap for reference tracking if available.
2047 * (T295637) Add no to fallback chain of nb and nn.
2049 == MediaWiki 1.39.1 ==
2051 This is a security and maintenance release of the MediaWiki 1.39 branch.
2053 === Changes since MediaWiki 1.39.0 ===
2054 * Localisation updates.
2055 * PostgresUpdater: Remove trailing space from 'user_id ' column.
2056 * (T304515) LCStoreStaticArray: atomically replace the cache file.
2057 * (T324516) postgres: Fix upgrade for templatelinks primary key.
2058 * (T324890, T324891, T324901) Parser: Allow dynamic properties on PHP 8.2.
2059 * (T324513) uuid\GlobalIdGenerator: Check if getmyuid() exists.
2060 * (T314099) OutputPage: Remove unused dynamic property ParserOptions->isBogus.
2061 * (T314099) api: Remove use of undeclared property in action=comparepages.
2062 * Upgrading wikimedia/xmp-reader (0.8.5 => 0.8.6).
2063 * (T324489) Upgrading wikimedia/parsoid (v0.16.0 => v0.16.1).
2064 * Updated pear/mail (v1.4.1 => v1.5.0).
2065 * Removed wikimedia/dodo (v0.4.0).
2066 * (T324910) On pages using multi-content revisions, the raw content of a
2067 specific slot can be retrieved using the action=raw&slot=<role-name> query
2069 * (T322637) SECURITY: sqlite should not create DB file world-readable.
2071 == MediaWiki 1.39.0 ==
2073 === Changes since MediaWiki 1.39.0-rc.1 ===
2074 * Localisation updates.
2075 * exception: Tolerate no service container when trying DB rollback.
2076 * (T320282) Upgrading wikimedia/xmp-reader (0.8.3 => 0.8.4).
2077 * objectcache: Deprecate WANObjectCache::reap() and ::reapCheckKey().
2078 * (T320864) When calling mail(), use an array for headers.
2079 * Upgrading wikimedia/xmp-reader (0.8.4 => 0.8.5).
2080 * (T321154) Call setFormIdentifier() on LogEventsList form.
2081 * When importing revision with same timestamp as latest revision, treat
2082 it as the new latest.
2083 * (T320726) RandomImageGenerator::getImageSpec: Don't pass a float to mt_rand(),
2085 * (T298485, T322360) WikiExporter: Avoid calling reload in processing every row.
2086 * (T321551) pager: Fix null used for foreach in Pager::getNavigationBar.
2087 * (T321551) pager: Remove unused AlphabeticPager::getOrderTypeMessages()
2089 * pager: Remove unused PagerNavigationBuilder::setExtra().
2090 * PagerNavigationBuilder: Document that nulls in setLinkQuery() etc. are
2092 * (T322335) ApiQueryRevisionsBase: Fix 'rvdiffto' parameter handling on PHP 8.0.
2093 * (T314096) TestFileEditor: Fix string interpolation.
2094 * (T289926) api: Fix minor PHP 8.1 incompatibility in ApiOptions.
2095 * (T322803) SpecialBotPasswords: Don't pass null to trim().
2096 * (T289926) Fix incomplete ITextFormatter mocks.
2097 * Language: Handle ronna and quetta.
2098 * (T72510) rdbms: make SqlitePlatform::tableName() apply double quotes.
2099 * (T323373) Parser: Fix extractSections() behavior for PHP >= 8.0.
2100 * .gitattributes: Ship docker-compose.yml to the tarball.
2102 == MediaWiki 1.39.0-rc.1 ==
2104 === Changes since MediaWiki 1.39.0-rc.0 ===
2105 * Localisation updates.
2106 * (T318481) composer: Drop symfony/php73-polyfill.
2107 * (T318460) SpecialChangeEmail: Set default for returntoquery.
2108 * (T318307) HTMLFormField::validate(): Update docs to permit all data types
2109 * (T306802) docker: update to latest published images.
2110 * (T318754) WebInstallerOptions::addPersonalizationOptions(): Close fieldset.
2111 * (T227047) Soft-deprecate the remainder of ActorMigration.
2112 * (T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results
2113 in an IP range check on Special:Contributions.
2114 * (T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence
2116 * (T307278, CVE-2022-41766) SECURITY: On action=rollback the message
2117 "alreadyrolled" can leak revision deleted user name.
2118 * (T319186) .phan/config.php: Update minimum_target_php_version.
2119 * Tests: Explicit cast to int in RandomImageGenerator test (php8 warnings).
2120 * (T319186) .phan/config.php: Update minimum_target_php_version.
2121 * (T310243) Deprecate use of 'wvui-search' package.
2122 * utils: Fix return doc about false/null for UrlUtils::expand.
2123 * (T319000) WebInstaller: Don't try and run trim() on null.
2124 * In the event of preg failure in MagicWordArray throw exception.
2125 * (T318753) Installer: Disable logo dropper for now.
2127 == MediaWiki 1.39.0-rc.0 ==
2129 == Upgrading notes for 1.39 ==
2130 Don't forget to always back up your database before upgrading!
2132 See the file UPGRADE for more detailed per-version upgrade instructions from the
2133 oldest supported upgrading version, MediaWiki 1.31.
2135 Some specific notes for MediaWiki 1.39 upgrades are below:
2136 * (T278139) Drop PHP 7.3 support in MediaWiki 1.39; require 7.4.3 or higher.
2138 For notes on 1.38.x and older releases, see HISTORY.
2140 === Configuration changes for system administrators in 1.39 ===
2142 ==== New configuration ====
2143 * $wgAutoCreateTempUser – This configures automatic user creation on page save.
2144 * $wgCopyUploadAllowOnWikiDomainConfig – This configures if administrators can
2145 use the MediaWiki:Copyupload-allowed-domains system message to define which
2146 domains can be used with the upload-by-url tool.
2147 * $wgCdnMatchParameterOrder – This can be set to false if MediaWiki is behind a
2148 CDN that re-orders query parameters. This will make the code that matches
2149 request URLs to canonical CDN URLs insensitive to parameter order.
2150 * $wgMultiShardSiteStats – This allows you to split site_stats across multiple
2151 rows. Only useful for very large, heavily edited wikis. (T306589)
2152 * $wgPrivilegedGroups – Users belonging in some of the listed groups will be
2153 audited more aggressively.
2155 ==== Changed configuration ====
2156 * $wgInvalidUsernameCharacters – This setting now contains the char '>', which
2157 is now the reserved delimiter for external user names.
2158 * $wgLocalFileRepo – The default serialization method for file meta-data has
2159 been changed to JSON. You can revert it to PHP by setting the property
2160 'useJsonMetadata' to false.
2161 * $wgLBFactoryConf – The 'configCallback' flag can now be set to a callback
2162 function that returns an array with keys to update in $wgLBFactoryConf. This
2163 can be used to update the database configuration on the fly, e.g. to take
2164 replica hosts out of rotation.
2165 * $wgDBservers and $wgLBFactoryConf – The DBO_SSL flag in has been deprecated in
2166 favour of a boolean "ssl" parameter.
2167 * $wgObjectCaches – The 'globalKeyLB' and 'localKeyLB' flags are no longer
2170 ==== Removed configuration ====
2171 * $wgMultiContentRevisionSchemaMigrationStage - This transition flag, deprecated
2172 since MediaWiki 1.35, has been removed; the data migration is over.
2173 * $wgActorTableSchemaMigrationStage - This transition flag has been removed; the
2174 data migration is over.
2175 * $wgWikiFarmSiteDetector – This experimental setting has been removed without
2176 replacement. Use the MW_WIKI_NAME environment variable to specifiy the name of
2177 the site for which to load configuration. Using the WIKI_NAME environment
2178 variable for this purpose is deprecated.
2179 * $wgParserCacheUseJson - The ParserCache now always uses JSON serialization.
2180 Reading old non-JSON cache entries is still supported. The setting had been
2181 deprecated since 1.36.
2182 * $wgAllowJavaUploads - To allow uploads of JAR files, remove application/java
2183 from $wgMimeTypeExclusions.
2184 * $wgMaxRedirects – This broken feature was removed, as it never worked as
2186 * $wgElementTiming – This experimental, default-disabled feature has been
2187 removed without replacement.
2188 * $wgPriorityHints and $wgPriorityHintsRatio – The related experimental feature
2189 has been removed without replacement.
2190 * $wgIncludeLegacyJavaScript – This flag has been removed, without loss of any
2191 functionality in this release. Most former "wikibits" functions were removed
2192 after deprecation in previous releases. The remaining functions, such as
2193 importScript, are now available unconditionally.
2194 * $wgLegacySchemaConversion - This unused setting has been removed.
2195 * $wgInterwikiPrefixDisplayTypes - This unused setting has been removed.
2196 * $wgMangleFlashPolicy – This is no longer functional, and is now deprecated.
2197 Users who are somehow still using Flash as a browser extension will be exposed
2198 to CSRF vulnerabilities.
2200 === New user-facing features in 1.39 ===
2201 * Optional automatic user creation on page save ($wgAutoCreateTempUser)
2202 * Administrators now have the option to delete/undelete the associated "Talk"
2203 page when they are (un)deleting a given page. `deletetalk` and `undeletetalk`
2204 options were added to the 'delete' and 'undelete' action APIs in MW 1.38.
2205 * `{{=}}` is now a wikitext built-in magic word, expanding to `=`. This is
2206 conventionally used as an escape mechanism to allow the use of `=` in
2207 unnamed template arguments. Defining [[Template:=]] to expand to something
2208 other than `=` has been deprecated since 1.36, with affected pages put into
2209 a special tracking category for migration.
2210 * (T284020) Bot passwords are now supported when using the REST API.
2212 === New developer features in 1.39 ===
2213 * Added optional $size param to SearchResultProvideThumbnail hook.
2214 * SearchResultProvideThumbnail hook interface moved from MediaWiki\Rest\Hook
2215 namespace to MediaWiki\Search\Hook.
2216 * JsonValidateSaveHook has been added to allow extensions to set additional
2217 pre-save validations for specific JSON pages (T313254)
2218 * Added 'PermissionErrorAudit' hook, enabling extensions to audit permission
2219 errors on specfic actions. For instance account registration failed attempts
2220 due to a block (T306018).
2222 === External library changes in 1.39 ===
2224 ==== New external libraries ====
2225 * Added Codex v0.1.1. This replaces the now deprecated wvui library.
2226 * Added symfony/polyfill-php81.
2228 ===== New development-only external libraries =====
2229 * Updated QUnit from 2.18.0 to 2.18.2.
2231 ==== Changed external libraries ====
2232 * Updated jQuery from v3.6.0 to v3.6.1.
2233 * Updated OOUI from v0.43.2 to v0.44.5.
2234 * Updated composer/semver from 3.2.6 to 3.3.2.
2235 * Updated cssjanus/cssjanus fromv2.1.0 to v2.1.1.
2236 * Updated pear/mail from v1.4.1 to v1.5.1.
2237 * Updated symfony/polyfill-php73 from 1.25.0 to 1.26.0.
2238 * Updated symfony/polyfill-php80 from 1.25.0 to 1.26.0.
2239 * Updated symfony/yaml from 5.4.3 to 5.4.10.
2240 * Updated vue/compat from 3.2.23 to 3.2.37.
2241 * Updated wikimedia/base-convert from 2.0.1 to 2.0.2.
2242 * Updated wikimedia/html-formatter from 3.0.1 to 4.0.3.
2243 * Updated wikimedia/ip-set from 3.0.0 to 3.1.0.
2244 * Updated wikimedia/minify from 2.2.6 to 2.3.0.
2245 * Updated wikimedia/php-session-serializer from 2.0.0 to 2.0.1.
2246 * Updated wikimedia/remex-html from 3.0.2 to 3.0.3.
2247 * Updated wikimedia/running-stat from 1.2.1 to 2.1.0.
2248 * Updated wikimedia/scoped-callback from 3.0.0 to 4.0.0.
2249 * Updated wikimedia/services from 2.0.1 to 3.0.0.
2250 * Updated wikimedia/timestamp from 3.0.0 to 4.0.0.
2251 * Updated wikimedia/xmp-reader from 0.8.1 to 0.8.6.
2253 ===== Changed development-only external libraries =====
2254 * Updated composer/spdx-licenses from 1.5.5 to 1.5.7.
2255 * Updated doctrine/dbal for PHP < 7.3 from 2.13.6 to 2.13.9.
2256 * Updated doctrine/dbal for PHP >= 7.3 from 3.1.5 to 3.4.2.
2257 * Updated mediawiki/mediawiki-phan-config from 0.11.1 to 0.12.1.
2259 ==== Removed external libraries ====
2260 * Removed wikimedia/dodo (v0.4.0).
2262 === Bug fixes in 1.39 ===
2263 * (T314013) $wgExtraNamespaces no longer overrides canonical namespace names
2264 specified in extension.json files. While this setting can still be used to
2265 rename extension-defined namespaces, system administrators may need to run
2266 namespaceDupes.php after upgrading.
2268 === Action API changes in 1.39 ===
2269 * New `undeletetalk` parameter on action=undelete that allows you to restore
2270 all revisions of the associated talk page.
2272 === Languages updated in 1.39 ===
2273 MediaWiki supports over 350 languages. Many localisations are updated regularly.
2274 Below only new and removed languages are listed, as well as changes to languages
2275 because of Phabricator reports.
2277 * Actual localization was added for several languages, which were already
2278 in Names.php and even used for a Wikipedia:
2279 ** (T313200) Added language support for Rundi (Kirundi, rn).
2280 ** (T310976) Added language support for Tumbuka (ChiTumbuka, tum).
2281 ** (T314270) Added language support for Kanuri (kr).
2282 * (T313199) Added language support for Sylheti (syl).
2283 * (T311975) Added language support for Ghanaian Pidgin (gpe).
2284 * (T307080) Added language support for Okinawan (ryu).
2285 * (T307887) Added language support for Mooré (mos).
2286 * (T308813) Added language support for Nigerian Pidgin (pcm).
2287 * (T309763) Added language support for Tai Nüa (tdd).
2288 * (T310040) Added language support for Fante (fat).
2289 * (T311034) Added language support for Campidanese Sardinian (sro).
2290 * (T315406) Fix the autonym of the Iñupiaq language to "Iñupiatun".
2291 * (T315677) Removed French fallback from the Fula language (ff).
2292 * (T304920) In Swahili, The "Media" namespace is now "Media", as in English,
2293 and the "File" namespace is now "Faili". The old name of the "File" namespace
2294 was "Picha", and it's kept for backwards compatibility. If you manage a wiki
2295 in Swahili, and you use "Faili:" as a namespace anywhere in wikitext, and
2296 you mean to use it as "Media:", these need to be replaced to "Media:".
2297 * (T309866) Some namespace translations were updated for Kyrgyz (ky). The old
2298 ones are retained as aliases for backwards compatibility.
2299 * (T117845) Started the renaming of the language codes for Serbian from sr-ec
2300 and sr-el to sr-cyrl and sr-latn.
2301 * (T295637) Add no to fallback chain of nb and nn.
2303 === Breaking changes in 1.39 ===
2304 * Basic non-JavaScript (Grade C) support has been dropped for Internet Explorer
2305 9-10, Firefox 27-38, and Android 4.3-4.4.
2306 * The following methods, deprecated since 1.37, have been removed from IDatabase
2311 * Title::getDefaultNamespace(), deprecated since 1.37, has been removed.
2312 * The DBPrimaryPos class alias 'DBMasterPos' has been removed.
2313 * The global function wfGetLB(), deprecated since 1.27, has been removed.
2314 * Passing a db to BlockRestrictionStore::loadByBlockId() is no longer supported.
2315 BlockRestrictionStoreFactory should be used to fetch a correct
2316 BlockRestrictionStore instead. This was deprecated since 1.38.
2317 * The global function wfGetCache(), deprecated since 1.32, has been removed. You
2318 can use ObjectCache::getInstance() instead.
2319 * The global function wfGetMainCache(), deprecated since 1.32, has been removed.
2320 You can use ObjectCache::getLocalClusterInstance() instead.
2321 * MovePage::__construct() now requires that all parameters be passed. The
2322 fallback to MediaWikiServices emitted deprecation notices since 1.37.
2323 * WikiPage::doEditContent(), deprecated since 1.32, was removed.
2324 * WikiPage::prepareContentForEdit() now requires a UserIdentity parameter to be
2325 provided. Not providing one has been deprecated since 1.37.
2326 * EventRelayerKafka, deprecated in 1.38, was removed.
2327 * MediaWiki\Logger\Monolog\KafkaHandler, deprecated in 1.38, was removed.
2328 * The "trace" option of SectionProfiler, deprecated in 1.38, was removed.
2329 * The global function wfWikiID(), deprecated since 1.35, has been removed.
2330 * Database::wasKnownStatementRollbackError() was removed. Subclasses should
2331 override isKnownStatementRollbackError() instead.
2332 * Database::wasQueryTimeoutError() was removed. Subclasses should
2333 override isQueryTimeoutError() instead.
2334 * Database::buildSuperlative() has been removed without deprecation.
2335 * The following methods, deprecated in 1.37, have been removed:
2336 - Linker::setStubThreshold(), ::getStubThreshold().
2337 - LinkRendererFactory::createForUser().
2338 - ParserOptions::getStubThreshold(), ::setStubThreshold().
2339 * Changes to ResourceLoader modules:
2340 - The mediawiki.viewport module, deprecated in 1.37 has been
2341 removed. Use IntersectionObserver instead.
2342 * If you manage a wiki in Swahili, and you use "Faili:" as a namespace anywhere,
2343 and you mean to use it as "Media:", replace it with "Media:". See T304920.
2345 - Skin::getCopyrightIcon(), ::getPoweredBy(), deprecated in 1.37 have been
2347 - Skin::bottomScripts, deprecated in 1.37, now emits deprecation notices.
2348 Skins using SkinTemplate must set bodyOnly as a skin option and
2349 remove lines of code generating html, body and head elements.
2350 - Skin::makeSearchButton and Skin::makeSearchInput were deprecated in 1.38.
2351 Use SkinTemplate methods with the same name or Skin::getTemplateData
2353 - Styles for the HTML classes `warningbox`, `errorbox` and `successbox` have
2354 been removed in favor of Html class methods.
2355 - The feature `legacy` used inside ResourceLoaderSkinModule,
2356 deprecated in 1.37, will no longer ship any styles.
2357 - Skin::getSkinStylePath, deprecated since 1.36, has been removed.
2358 - Skin::getPortletData has been made private.
2359 - SkinTemplate::getPersonalToolsList(), deprecated in 1.35 has been
2361 - The following SkinTemplate template data, deprecated in 1.37,
2365 - The following hooks, deprecated in 1.37, have been removed:
2366 - SkinGetPoweredBy: SkinGetPoweredByHook
2367 - The following hooks are deprecated and replaced with
2368 SkinTemplateNavigation::Universal:
2369 - SkinTemplateNavigation::SpecialPage
2370 - SkinTemplateNavigation
2372 - The mediawiki.skinning.content.externallinks module, which was
2373 deprecated in 1.36 has been removed. Skins that still rely on it
2374 will lose the icon styling of external links by type.
2375 * Experimental wiki farm support: Automatic detection of the requested site
2376 within a wiki farm based on the requested domain has been removed.
2377 Use the MW_WIKI_NAME environment variable to specify the name of the site
2378 to load configuration for. Using the WIKI_NAME environment variable for this
2379 purpose is deprecated. This is only relevant if you have been using
2380 $wgWikiFarmSettingsDirectory to load wiki farm config.
2381 * MWExceptionHandler::installHandler was marked @internal and had required
2382 arguments added. This method is intended for use in bootstrap code and is
2383 unused in known extensions.
2384 * MWException::useOutputPage was made private without deprecation.
2385 This method was apparently only public for testing and is unused in known
2387 * Calling getId() on a User or UserIdentityValue from the wrong wiki, deprecated
2388 since 1.36, now throws an exception.
2389 * The following methods have been removed from ExtensionRegistry without
2390 deprecation and without replacement. They had been introduced in 1.35 for use
2391 in the testing framework, and were not in use by any known extension:
2392 - exportAutoloadClassesAndNamespaces
2393 - exportTestAutoloadClassesAndNamespaces
2394 * The MWNamespace class, deprecated since 1.34, has been removed. Use the
2395 NamespaceInfo service instead.
2396 * The UnknownContent and UnknownContentHandler class aliases have been removed,
2397 use FallbackContent and FallbackContentHandler instead.
2398 * IResultWrapper::next() now returns void, to match the Iterator interface that
2399 it implements. fetchObject() has the same behavior as next() used to.
2400 * In HTMLForm HTMLAutoCompleteSelectFields, the parameters 'autocomplete' and
2401 'autocomplete-messages', which were deprecated in MediaWiki 1.29, were
2402 removed. Instead, use 'autocomplete-data' and 'autocomplete-data-messages'.
2403 * The global $wgParser, deprecated in 1.32, was removed. Use
2404 MediaWikiServices::getInstance()->getParser() instead.
2405 * ParserOutput::setText will now set the ParserOutput's text to null if
2406 given null. Previously it did nothing if given null.
2407 * The default value for the first argument to the ParserOutput constructor
2408 is now null instead of ''.
2409 * IDatabase::lockTables() and IDatabase::unlockTables(), deprecated since 1.38,
2411 * The $context parameter to `new HTMLForm( … )` and `HTMLForm::factory( … )`
2413 * The class alias for revision related classes in namespace MediaWiki\Storage
2414 has been removed. Classes are IncompleteRevisionException,
2415 MutableRevisionRecord, MutableRevisionSlots, RevisionAccessException,
2416 RevisionArchiveRecord, RevisionFactory, RevisionLookup, RevisionRecord,
2417 RevisionSlots, RevisionStore, RevisionStoreRecord, SlotRecord, and
2418 SuppressedDataException.
2419 * Calling getBy() on an AbstractBlock from the wrong wiki, deprecated since
2420 1.38, now throws an exception.
2421 * Passing a MediaWiki\Linker\LinkTarget to EditPage::makeTemplatesOnThisPageList
2422 or TemplatesOnThisPageFormatter::format is no longer supported,
2423 a MediaWiki\Page\PageIdentity is required.
2424 * The deprecated class alias FakeConverter has been removed, use
2425 TrivialLanguageConverter instead.
2426 * The deprecated ApiQueryContributions class alias has been removed, use
2427 ApiQueryUserContribs instead.
2428 * The deprecated MediaWiki\Special\SpecialPageFactory class alias has been
2429 removed, use MediaWiki\SpecialPage\SpecialPageFactory instead.
2430 * The following skin modules, deprecated in 1.37, have been removed:
2431 - mediawiki.skinning.elements
2432 - mediawiki.skinning.content
2433 - mediawiki.toc.styles
2434 - mediawiki.legacy.config
2435 - mediawiki.legacy.shared
2436 - mediawiki.legacy.commonPrint
2437 * FileModule::compileLessFile(), deprecated since 1.35, has been removed. Use
2438 ::compileLessString() instead.
2439 * LogFormatter::styleRestricedElement(), deprecated since 1.37, has been
2440 removed. Use ::styleRestrictedElement() instead.
2441 * Title::isNamespaceProtected(), deprecated in 1.34, has been removed.
2442 * ApiStashEdit::parseAndStash(), deprecated in 1.34, has been removed.
2443 * LinkCache::forUpdate(), deprecated in 1.34, has been removed.
2444 * Passing null instead of a NamespaceInfo instance to LinkCache::__construct()
2445 is not supported anymore. It is recommended to request an instance from the
2447 * ApiQueryBase::showHiddenUsersAddBlockInfo(), deprecated in 1.34, has been
2448 removed. Use ApiQueryBlockInfoTrait instead.
2449 * ApiQueryBase::prefixedTitlePartToKey(), deprecated in 1.35, has been removed.
2450 Use ::parsePrefixedTitlePart() instead.
2451 * ExternalStoreDB::getSlave(), deprecated in 1.34, has been removed. Use
2452 ExternalStoreDB::getReplica() instead.
2453 * ChangesListSpecialPage::checkStructuredFilterUiEnabled() and
2454 SpecialWatchlist::checkStructuredFilterUiEnabled() now support UserIdentity
2455 as the only argument. Passing Config argument was deprecated in 1.34.
2456 * DatabaseUpdater::ifNoActorTable(), deprecated in 1.35, has been removed. Use
2457 ::ifTableNotExists() instead.
2458 * MediaWiki\Revision\RevisionStoreFactory::getRevisionStore was documented
2459 to allow passing bool true as a dbDomain, this is no longer possible,
2460 because that is an invalid value for a dbDomain.
2461 * LinkHolderArray::__construct() had its signature changed. The class was marked
2463 * SpecialMute::isTargetBlacklisted(), deprecated in 1.35, has been removed. Use
2464 ::isTargetMuted() instead.
2465 * WebRequest::checkUrlExtension(), deprecated in 1.35, has been removed.
2466 * ContentHandler::cleanupHandlersCache(), deprecated in 1.35, has been removed.
2467 * SpecialVersion::getExtAuthorsFileName, deprecated in 1.35, has been removed.
2468 Use MediaWiki\ExtensionInfo::getAuthorsFileName.
2469 * SpecialVersion::getExtLicenseFileName, deprecated in 1.35, has been removed.
2470 Use MediaWiki\ExtensionInfo::getLicenseFileNames.
2471 * CategoryPage::getCategoryViewerClass and ::setCategoryViewerClass, deprecated
2472 in 1.35, have been removed.
2473 * SqlBlobStore::getLegacyEncodingConversionLang(), deprecated in 1.34, has been
2475 * wfCanIPUseHTTPS(), deprecated in 1.37, has been removed.
2476 * wfGetScriptUrl(), deprecated in 1.35, has been removed.
2477 * The following methods of Database class, are no longer stable to override:
2478 - ::implicitOrderby()
2486 - ::buildSubstring()
2487 - ::buildStringCast()
2488 - ::buildIntegerCast()
2490 - ::addIdentifierQuotes()
2493 - ::unionSupportsOrderAndLimit()
2499 - ::setTableAliases()
2500 - ::setIndexAliases()
2501 - ::buildGroupConcatField()
2502 * SpecialUnblock::processUnblock(), deprecated in 1.36, has been removed. Use
2503 UnblockUser instead.
2504 * wfLocalFile() and wfFindFile(), deprecated in 1.34, have been removed.
2505 * Maintenance script resetUserTokens.php, deprecated in 1.27, has been removed.
2506 * These methods in Database have been removed without deprecation as they are
2507 not used outside core. Users should override corresponding methods in
2508 SQLPlatform instead:
2509 - Database::doInsert -> SQLPlatform::insertSqlText
2510 - Database::doDropTable -> SQLPlatform::dropTableSqlText
2511 - Database::doRollback -> SQLPlatform::rollbackSqlText
2512 - Database::doSavepoint -> SQLPlatform::savepointSqlText
2513 - Database::doReleaseSavepoint -> SQLPlatform::releaseSavepointSqlText
2514 - Database::doRollbackToSavepoint -> SQLPlatform::rollbackToSavepointSqlText
2515 * The following protected methods of Database class have been removed without
2516 deprecation as they are not used outside core. Users should call
2517 corresponding methods in SQLPlatform:
2518 - Database::makeInsertLists -> SQLPlatform::makeInsertLists
2519 - Database::isFlagInOptions -> SQLPlatform::isFlagInOptions
2520 - Database::normalizeOptions -> SQLPlatform::normalizeOptions
2521 - Database::fieldNameWithAlias -> SQLPlatform::fieldNameWithAlias
2522 - Database::isTransactableQuery -> SQLPlatform::isTransactableQuery
2523 * $wgCanonicalNamespaceNames no longer includes custom namespaces defined using
2524 $wgExtraNamespaces. Extensions should use the NamespaceInfo service instead
2525 of accessing this configuration setting directly.
2526 * The following hook, deprecated in 1.35, has been removed:
2527 - ParserGetVariableValueVarCache: ParserGetVariableValueVarCacheHook
2528 * The $variableCache parameter to the ParserGetVariableValueSwitch hook is
2529 no longer used; non-standard use of this parameter has been deprecated since
2531 * These methods have been moved from IDatabase to IMaintainableDatabase:
2532 - IDatabase::fieldExists -> IMaintainableDatabase::fieldExists
2533 - IDatabase::indexExists -> IMaintainableDatabase::indexExists
2534 - IDatabase::tableExists -> IMaintainableDatabase::tableExists
2535 * DBConnRef doesn't accept live connection in constructor anymore.
2536 Only parameters for getting connection should be provided.
2537 * IDatabase::getTopologyRootPrimary() was removed.
2538 * User::blockedBy(), deprecated since 1.38, has been removed.
2539 * User::getBlockId(), deprecated since 1.38, has been removed.
2540 * AlphabeticPager::getOrderTypeMessages(), unused since 1.13, has been removed
2541 without deprecation.
2543 === Deprecations in 1.39 ===
2544 * PageProps::getInstance(), deprecated since 1.38, emits deprecations warnings.
2545 * The global function wfGetDB() has been deprecated. Use
2546 LoadBalancer::getConnection() instead.
2547 * SpecialRedirectWithAction::__construct without SearchEngineFactory argument
2548 will now emit a deprecation notice.
2549 * Use of the SiteStatsUpdate constructor has been deprecated in favor of
2550 the ::factory() method.
2551 * AuthManager::checkAccountCreatePermissions has been deprecated. Use
2552 AuthManager::authorizeCreateAccount or AuthManager::probablyCanCreateAccount
2554 * Title::getSelectFields() has been deprecated in favor of
2555 PageStore::newSelectQueryBuilder()
2556 * Title::newFromTitleValue(), deprecated since in 1.34, now emits deprecation
2557 warnings. Use ::newFromLinkTarget() instead.
2558 * ExtensionRegistry::readFromQueue() has been marked @internal. Extensions
2559 should use ExtensionProcessor instead.
2560 * Processor::getExtraAutoloaderPaths() and
2561 ExtensionProcessor::getExtraAutoloaderPaths() have been deprecated, use get
2562 getExtractedAutoloadInfo() instead.
2563 * The following global functions are deprecated in favor of the listed UrlUtils
2565 - wfExpandUrl -> UrlUtils::expand
2566 - wfGetServerUrl -> UrlUtils::getServer
2567 - wfAssembleUrl -> UrlUtils::assemble
2568 - wfRemoveDotSegments -> UrlUtils::removeDotSegments
2569 - wfUrlProtocols -> UrlUtils::validProtocols
2570 - wfUrlProtocolsWithoutProtRel -> UrlUtils::validAbsoluteProtocols
2571 - wfParseUrl -> UrlUtils::parse
2572 - wfExpandIRI -> UrlUtils::expandIRI
2573 - wfMatchesDomainList -> UrlUtils::matchesDomainList
2574 These methods are exact replacements except that
2575 1) they return null instead of false or empty string on error (where
2577 2) UrlUtils::validProtocols does not take a parameter (documentation said not
2578 to pass one to wfUrlProtocols anyway);
2579 3) they use type hints (don't try passing null instead of string, etc.).
2580 * MaintainableDBConnRef is deprecated, use DBConnRef instead.
2581 * Loading DefaultSettings.php is deprecated. To get default values of main
2582 config settings, use MainConfigSchema::listDefaultValues() or
2583 MainConfigSchema::getDefaultValue().
2584 * AbstractContent::getRedirectChain() and
2585 AbstractContent::getUltimateRedirectTarget() are now emitting deprecation
2587 * (T244138) QueryPage::getSQL() is deprecated. Instead QueryPage::getQueryInfo()
2588 should be overridden.
2589 * Calling new JobRunner() directly without $serviceOptions now emits
2590 deprecation warnings. Use MediaWikiServices::getInstance()->getJobRunner()
2592 * Passing an array of targets to Article::getRedirectHeaderHtml() is
2593 deprecated. Supply a single redirect target instead (T296430).
2594 * The following Less mediawiki.mixins have been deprecated:
2596 - .animation-delay()
2597 - .transform-rotate()
2598 * Skin::getAction is deprecated. Use IContextSource::getActionName instead.
2599 * User::getOption, deprecated since 1.35, now emits deprecation warnings.
2600 Use UserOptionsLookup::getOption instead.
2601 * ILBFactory::forEachLB() is deprecated. Use ::getAllLBs().
2602 * LoadBalancer::forEachOpenConnection() and ::forEachOpenPrimaryConnection()
2603 are deprecated without replacement.
2604 * The following classes were moved from the root namespace to the
2605 MediaWiki\ResourceLoader namespace, the old names becoming deprecated aliases:
2606 ResourceLoader, MessageBlobStore, VueComponentParser.
2607 * The following classes had the "ResourceLoader" prefix stripped while being
2608 moved to the MediaWiki\ResourceLoader namespace, the old names becoming
2609 deprecated aliases: DerivativeResourceLoaderContext,
2610 ResourceLoaderCircularDependencyError, ResourceLoaderClientHtml,
2611 ResourceLoaderCodexModule, ResourceLoaderContext, ResourceLoaderFileModule,
2612 ResourceLoaderFilePath, ResourceLoaderForeignApiModule, ResourceLoaderImage,
2613 ResourceLoaderImageModule, ResourceLoaderLanguageDataModule,
2614 ResourceLoaderLessVarFileModule, ResourceLoaderModule,
2615 ResourceLoaderMwUrlModule, ResourceLoaderOOUIFileModule,
2616 ResourceLoaderOOUIIconPackModule, ResourceLoaderOOUIImageModule,
2617 ResourceLoaderOOUIModule, ResourceLoaderSiteModule,
2618 ResourceLoaderSiteStylesModule, ResourceLoaderSkinModule,
2619 ResourceLoaderStartUpModule, ResourceLoaderUserModule,
2620 ResourceLoaderUserOptionsModule, ResourceLoaderUserStylesModule,
2621 ResourceLoaderWikiModule.
2622 * WANObjectCache::reap() and WANObjectCache::reapCheckKey() have been
2623 deprecated without replacement.
2624 * The following methods in WikiRevision and their interfaces
2625 ImportableUploadRevision and ImportableOldRevision are deprecated:
2626 - ::getUserObj() → ::getUser()
2627 - ::setUserObj() → ::setUsername()
2628 - ::setUserIP() → ::setUsername()
2629 * ObjectCache::addBusyCallback() is deprecated and non-functional.
2630 * MWTimestamp::getHumanTimestamp(), deprecated in 1.26, now emits deprecation
2632 * Article::viewRedirect(), deprecated in 1.30, now emits deprecation warnings.
2633 * Parser::getFreshParser() is deprecated, use ParserFactory::getInstance().
2634 * CoreParserFunctions::mwnamespace() is deprecated and emits deprecation
2635 warnings, use CoreParserFunctions::namespace() instead.
2636 * Registering magic variables whose names include a colon is deprecated.
2637 * User::blockedFor(), deprecated in 1.35, now emits deprecation warnings.
2638 * Access to previously public properties AbstractBlock::$mExpiry,
2639 AbstractBlock::$mHideName, AbstractBlock::$mTimestamp, DatabaseBlock::$mAuto,
2640 and DatabaseBlock::$mParentBlockId, deprecated in 1.34, now emits deprecation
2642 * Access to previously public properties User::$mBlock, User::$mBlockedby, and
2643 User::$mHideName, deprecated in 1.35, now emits deprecation warnings.
2644 * JobQueueGroup::singleton() and ::destroySingletons(), deprecated in 1.37, now
2645 emit deprecation warnings.
2646 * Title::getNotificationTimestamp(), deprecated in 1.35, now emits deprecation
2648 * Global functions wfReadOnly and wfReadOnlyReason, deprecated in 1.38, now
2649 emit deprecation warnings.
2650 * Overriding or calling DifferenceEngine::getDiffBodyCacheKey(), deprecated in
2651 1.31, now emits deprecation warnings.
2652 * Access to previously public property WikiRevision::$fileIsTemp, deprecated in
2653 1.29, now emits deprecation warnings.
2654 * wfQueriesMustScale() has been deprecated and emits deprecation warnings.
2655 * ContextSource::getStats(), RequestContext::getStats(), and
2656 DerivativeContext::getStats(), deprecated in 1.27, now emit deprecation
2658 * ManualLogEntry::setTags(), deprecated in 1.33, now emits deprecation warnings.
2659 * WikiRevision::downloadSource(), deprecated in 1.31, now emits deprecation
2661 * DifferenceEngine::textDiff(), deprecated in 1.32, now emits deprecation
2663 * FormatMetadata::flattenArrayContentLang(), deprecated in 1.36, now emits
2664 deprecation warnings.
2665 * SkinTemplate::getNameSpaceKey(), deprecated in 1.35, now emits deprecation
2667 * EnqueueJob::newFromJobsByWiki(), deprecated in 1.33, now emits deprecation
2669 * The following methods of the MWGrants class, all deprecated since 1.38,
2670 are now emitting deprecation warnings:
2681 * DataUpdate::runUpdates(), deprecated in 1.28, now emits deprecation warnings.
2682 * CdnCacheUpdate::newFromTitles(), deprecated in 1.35, now emits deprecation
2684 * Instantiating HTMLCacheUpdate class, deprecated in 1.34, now emits deprecation
2686 * ISQLPlatform::tableNames() (implemented by IDatabase) is now deprecated.
2687 None of the tableName*() functions should be used by most users;
2688 if you absolutely must use raw SQL, write several tableName() calls instead.
2689 * Language::isWellFormedLanguageTag() has been deprecated in favor of
2690 LanguageCode::isWellFormedLanguageTag().
2691 * The PrevNextNavigationRenderer helper class has been deprecated in favor of
2692 the new PagerNavigationBuilder one.
2693 * The methods IndexPager::getPagingLinks(), IndexPager::getLimitLinks() and
2694 IndexPager::buildPrevNextNavigation() have been deprecated in favor of
2695 IndexPager::getNavigationBuilder().
2696 * Overriding the method IndexPager::makeLink() has been deprecated.
2697 * ActorMigration is deprecated. The temporary table is no longer needed, the
2698 actor table can be directly joined to the revision table, which is simple
2699 enough to not need a helper class. See the methods of ActorMigration for more
2700 specific information on replacements. ActorMigrationBase remains usable for
2701 migrations in extension tables.
2703 === Other changes in 1.39 ===
2704 * Dynamic default values are now applied before extension registration callbacks
2705 are run. This way, extensions have a complete view of config variables, with
2706 all defaults applied. For example, when the default value of X used to be
2707 static but becomes dynamic, and an extension reads the value of X in the
2708 registration callback, it will now continue to function as expected. In some
2709 cases however, this may cause an undesired change in behavior: if the dynamic
2710 default of setting X depends on the value of setting Y, and an extension
2711 changes Y, the changed value of Y will no longer affect the value of X.
2715 MediaWiki 1.39 requires PHP 7.4.3 or later and the following PHP extensions:
2726 MariaDB is the recommended database software. MySQL, PostgreSQL, or SQLite can
2727 be used instead, but support for them is somewhat less mature.
2729 The supported versions are:
2731 * MariaDB 10.3 or higher
2732 * MySQL 5.7.0 or higher
2733 * PostgreSQL 10 or later
2734 * SQLite 3.8.0 or later
2736 == Online documentation ==
2737 Documentation for both end-users and site administrators is available on
2738 MediaWiki.org, and is covered under the GNU Free Documentation License (except
2739 for pages that explicitly state that their contents are in the public domain):
2741 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
2744 A mailing list is available for MediaWiki user support and discussion:
2746 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
2748 A low-traffic announcements-only list is also available:
2750 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
2752 It's highly recommended that you sign up for one of these lists if you're
2753 going to run a public MediaWiki, so you can be notified of security fixes.
2756 There's usually someone online in #mediawiki on irc.libera.chat.
2760 == MediaWiki 1.38.7 ==
2762 This is a security and maintenance release of the MediaWiki 1.38 branch.
2764 === Changes since MediaWiki 1.38.6 ===
2765 * Localisation updates.
2766 * (T333990) composer.json: Explicitly pin psr/http-message to 1.0.1.
2767 * (T335203, CVE-2023-29197) SECURITY: Upgrading guzzlehttp/psr7
2769 * (T322944) Add Authorization to default $wgAllowedCorsHeaders.
2770 * (T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter.
2771 * (T330464) Work around argument corruption bug in XMLReader::open.
2772 * (T313157) IndexPager: Also protect against $offset being 0.
2773 * (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker.
2775 == MediaWiki 1.38.6 ==
2777 This is a security and maintenance release of the MediaWiki 1.38 branch.
2779 === Changes since MediaWiki 1.38.5 ===
2780 * Localisation updates.
2781 * (T325872) ChangeTags: Remove table name from condition.
2782 * (T324895) MWCallbackStream: Add explicit $stream property.
2783 * (T297031, T326039) PostgresUpdater: Move setDefault ahead of
2784 changeNullableField.
2785 * Remove /images .htaccess rules that are no longer relevent.
2786 * Disable php in .htaccess of images directory as a hardening measure.
2787 * (T322583) Include missing message parameter in message.
2788 * Fix phan error when Excimer is enabled.
2789 * (T323373) Parser: Fix extractSections() behavior for PHP >= 8.0
2790 * (T326021) Add matrix: to $wgUrlProtocols.
2791 * (T326377) rdbms: Use DBConnRef in SelectQueryBuilder.
2792 * api/en.json: api-help-datatype-expiry add missing 'may'.
2793 * (T328222) Pass empty string to strlen() if schema is null for
2795 * (T317329) OutputPage: Fix undefined ['host'] in ImagePreconnect code.
2796 * (T289926) SpecialRevisionDelete: Set default of '' for wpReason.
2797 * (T155582, T328503) Fix XML dumps for content types with non-string
2799 * (T314099) revisiondelete: Replace dynamic property Status::$itemStatuses.
2800 * (T329198) ParamValidator: Improve paramvalidator-help-multi-max message.
2801 * (T292348) WikiImporter: do not fail if upload entry in dump lacks 'text'
2803 * (T295637) Add no to fallback chain of nb and nn.
2804 * (T329484) API: Fix query+allimages user parameter description.
2805 * (T330529) SpecialEditTags: Set default of '' for wpReason.
2806 * (T330526) htmlform: Handle null from HTMLFormField::getDefault in
2808 * (T285159, CVE-2023-29141) SECURITY: Do not apply autoblocks to untrusted
2811 == MediaWiki 1.38.5 ==
2813 This is a security and maintenance release of the MediaWiki 1.38 branch.
2815 === Changes since MediaWiki 1.38.4 ===
2816 * Localisation updates.
2817 * Tests: Explicit cast to int in RandomImageGenerator test (php8 warnings).
2818 * (T319000) WebInstaller: Don't try and run trim() on null.
2819 * (T318753) Installer: Disable logo dropper for now.
2820 * (T320864) When calling mail(), use an array for headers.
2821 * (T311567) In ManualLogEntry, cast the comment to string.
2822 * (T289926) api: Fix minor PHP 8.1 incompatibility in ApiOptions.
2823 * (T322803) SpecialBotPasswords: Don't pass null to trim().
2824 * (T323082) Upgrading wikimedia/xmp-reader (0.8.1 => 0.8.5).
2825 * Language: Handle ronna and quetta.
2826 * PostgresUpdater: Remove trailing space from 'user_id ' column.
2827 * (T304515) LCStoreStaticArray: atomically replace the cache file.
2828 * (T324890, T324891, T324901) Parser: Allow dynamic properties on PHP 8.2.
2829 * (T324910) On pages using multi-content revisions, the raw content of a
2830 specific slot can be retrieved using the action=raw&slot=<role-name> query
2832 * (T322637) SECURITY: sqlite should not create DB file world-readable.
2834 == MediaWiki 1.38.4 ==
2836 This is a maintenance release of the MediaWiki 1.38 branch.
2838 === Changes since MediaWiki 1.38.3 ===
2839 * Fix missing use statement from backport of fix for T307278.
2841 == MediaWiki 1.38.3 ==
2843 This is a security and maintenance release of the MediaWiki 1.38 branch.
2845 === Changes since MediaWiki 1.38.2 ===
2846 * Localisation updates.
2847 * (T311568) UploadBase::setTempFile() handle $tempPath being passed as null.
2848 * (T311559) SpecialListFiles: user parameter isn't always present.
2849 * (T311561) ImageListPager: Don't call htmlspecialchars() on null.
2850 * (T311920) SpecialBlockList: Prevent passing null to trim().
2851 * (T311921) SpecialUserrights: Don't pass null to str_replace.
2852 * (T311570) SpecialWithoutInterwiki: Don't pass null through to
2853 Title::capitalize().
2854 * (T311574, T311576) SpecialLinkSearch: Don't pass null through to the parser.
2855 * (T311360) RecentChange: Straight join to actor table when needed.
2856 * (T311360) RecentChange: Make join to comment table also straight.
2857 * Remove messages in en-gb.json.
2858 * (T312519, T312520) Parser::extensionSubstitution() Don't run substr() on null.
2859 * (T287564) populateInterwiki: Include not null columns iw_api/iw_wikiid.
2860 * (T312302) SpecialRedirect: Don't pass null to explode.
2861 * RemoveInvalidEmails: Fix quoting for postgres.
2862 * (T312678) import: UploadSourceAdapter::stream_read() don't pass null to
2864 * (T312300) SpecialDiff: Don't pass null to explode().
2865 * (T312680) parser: Fix CoreParserFunctions::urlencode() null coalescence $arg.
2866 * (T289926) Handle null passed to wfShorthandToInteger() and Html::element().
2867 * (T289926) Ensure that strlen() does not get passed a (valid) null.
2868 * (T312301) SpecialDiff: Don't pass null to trim().
2869 * Hooks: Use more meaningful name for SkinAfterPortlet hook parameter.
2870 * (T289926) Ensure we don't pass null to mb_strlen.
2871 * (T312305, T311572, T311571, T311578) HTMLForm: Null coalescence in trim()
2873 * (T289926) site: Consistently return null from Site::getDomain().
2874 * (T307304, T289879) filebackend,jobqueue: Add signature for
2875 FilterIterator::accept().
2876 * (T304559) Use page ID from parent revision, improve logging.
2877 * (T312183) rdbms: Adapt hasOrMadeRecentPrimaryChanges test mock for PHP 8.1.
2878 * Add application/vnd.ms-opentype to MIME list.
2879 * Allow composer/installers plugin in composer.json.
2880 * (T313663) Make ReadOnlyModeTest work in php8.
2881 * (T313663) Make HandlerTestTrait compatible with php8.1.
2882 * (T313663) [php8] Make DeletePageTest stop giving warnings on php8.1.
2883 * Change type hints for BatchRowIterator and NotRecursiveIterator for
2884 compatibility with PHP 8.1.
2885 * (T313663) [php8.1] Change override of $wgResourceBasePath for CSP tests.
2886 * (T313663) parser: Mock WikiPage::getContentModel in ParserCacheTest to fix
2888 * (T313663) [php8.1] Make WikiImporterFactoryTest use better mock for
2890 * Fix tests so getName() doesn't return null.
2891 * (T313663) [php8] Don't use strlen on potentially null string.
2892 * (T313663) [php8.1] Suppress test warning about providing null.
2893 * (T313663) [php8.1] mock User::getTitleKey() in DeaultPreferencesFactoryTest.
2894 * (T313663) Parser will use current timestamp instead of null if passed a
2895 RevisionRecord that does not have a timestamp.
2896 * (T313663) Add explicit null check for $sha in FileBackend [php8.1].
2897 * (T313663) LogFormatter: Cast argument of ctype_digit to string [php8.1].
2898 * (T313663) Mock UserOptionsManager::getOption for php8.1.
2899 * (T289879, T289926) Get rid of warnings on PHP 8.1.
2900 * (T313663) Check for null return of preg_replace in MediaWikiTitleCodec.
2901 * (T313663) cast db name to string when checking if it is read only [php8.1].
2902 * (T313663) Avoid testing strlen on null in ApiQuerySiteinfo [php 8.1 compat].
2903 * (T313663) Use default timezone UTC for SpecialWatchlistTest [php 8.1].
2904 * (T313663) Mock User::getTitleKey in SpecialPreferencesTest [php 8.1].
2905 * (T314096) Migrate use of ${var}-style string interpolation.
2906 * (T314099) preprocessor: Add missing field declarations.
2907 * (T313663, T313662) Make default value for optional args {{PAGESINCAT:..}} be
2909 * (T313663) [php8.1] Mock out getLocalDomainID for WatchedItemStore tests.
2910 * (T313663) Suppress warnings for the null test of addIdentifierQuotes.
2911 * (T314225) SpecialCategories: Null coalescene $par.
2912 * (T314099) User: Allow dynamic properties on PHP 8.2.
2913 * (T314404) SpecialGoToInterwiki: Null coalescene $par.
2914 * (T314397) SpecialBlock: Better handle null in getTargetUserTitle.
2915 * (T314099) phpunit: Fix trivial dynamic property usages in tests.
2916 * (T314405) UploadStash: Check if us_prop is set in the fileMetadata.
2917 * (T313663) Make ChangesListSpecialPageTest cast to string for php 8.1.
2918 * (T313663) Do not test giving a null fragment to Title::makeTitle.
2919 * (T314550) SpecialMergeHistory: Set timestamp to '' if no mergepoint.
2920 * (T314551) SpecialMergeHistory: Set defaults for target and dest parameters.
2921 * (T313663) Cast results of Sqlite test to string [php 8.1].
2922 * (T314208) Set $wgServer for HttpRequestFactoryTest to prevent warnings on
2924 * (T314208, T297082) phpunit: Fallback to global default user options.
2925 * (T307282) Avoid passing null to strcasecmp(), for PHP 8.1.
2926 * Fix a couple deprecation warnings in the installer under PHP 8.1.
2927 * api: Add rel=nofollow to help examples.
2928 * (T307613) Validate length of user email on Special:ChangeEmail/
2929 Special:CreateAccount.
2930 * (T314226) LoginSignupSpecialPage: Check if $value is a string before length.
2931 * (T314824) tests: Update parser test after i18n change.
2932 * (T313663, T296083) context: Replace deprecated User::getOption.
2933 * (T295958, T278847) MediaWiki-Docker: Switch PHP images to PHP7.4.
2934 * (T314906, T314907) SpecialBlock: Set defaults for wpPageRestrictions and
2935 wpNamespaceRestrictions.
2936 * (T315309) ImportStreamSource::newFromURL() Prevent passing null to fwrite.
2937 * (T315892) composer.json: Pin phpunit to 8.5.28.
2938 * (T313663) Do not compare byte-for-byte of serialized items in tests [php8.1].
2939 * objectcache: avoid php 8.1 argument type warnings in
2940 genericKeyFromComponents().
2941 * (T317750) session: Fix broken SessionTest case due to PHPUnit dependency
2943 * ManualLogEntry: Don't pass null to trim() as PHP 8.1 whines.
2944 * (T313663) Add a null check VueComponentParser to prevent php8.1 issues.
2945 * (T313049) Bump wikimedia/parsoid to v0.15.1.
2946 * (T318754) WebInstallerOptions::addPersonalizationOptions(): Close fieldset.
2947 * (T318460) SpecialChangeEmail: Set default for returntoquery.
2948 * (T318307) Update docs for HTMLFormField::validate() to permit all data types.
2949 * (T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results
2950 in an IP range check on Special:Contributions.
2951 * (T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence
2953 * (T307278, CVE-2022-41766) SECURITY: On action=rollback the message
2954 "alreadyrolled" can leak revision deleted user name.
2956 == MediaWiki 1.38.2 ==
2958 This is a security and maintenance release of the MediaWiki 1.38 branch.
2960 === Changes since MediaWiki 1.38.1 ===
2961 * Localisation updates.
2962 * (T309426) Repair language selector for SVGs.
2963 * (T310013) Fix default value for $wgShowEXIF and $wgUsePathInfo.
2964 * (T308471) SECURITY: Escape welcomeuser message passed to showSuccessPage().
2965 * (T308473) SECURITY: Escape contributions-title msg for use within page title.
2966 * (T311272) Call parent constructor of AddSite maintenance script first.
2967 * MediaWiki: Don't eagerly initialize action name.
2968 * (T311384, CVE-2022-27776) Updated guzzlehttp/guzzle from 7.4.1 to 7.4.5.
2969 * (T289926) Avoid passing null to trim() in SkinTemplate.
2970 * (T289879) Address deprecations for PHP 8.1.
2971 * (T311473) rollbackEdits: Pass user identity to RollbackPage.
2972 * Upgrade wikimedia/remex-html from 3.0.1 to 3.0.2.
2973 * (T311551) ShellboxClientFactory::getUrl(): Check if $this->key is null.
2974 * (T311552) ChangesListSpecialPage: Don't pass null to FormatJson::decode().
2975 * (T311569) FileBackend::isStoragePath() Handle being passed null.
2976 * (T311544) Pass int to ApiUsageException::newWithMessage()'s $httpCode param.
2977 * (T311678) SpecialEditWatchlist: Prevent passing null to strtolower().
2978 * (T311554) ChangeTags: Return early in formatSummaryRow() if $tags === null.
2979 * Upgrade wikimedia/common-passwords from 0.3.0 to 0.4.0.
2981 == MediaWiki 1.38.1 ==
2983 This is a maintenance release of the MediaWiki 1.38 branch.
2985 === Changes since MediaWiki 1.38.0 ===
2986 * (T309860) Add justinrainbow/json-schema to vendor.
2987 * (T309933) Drop PHP 7.2 support in MediaWiki 1.38; require 7.3.19.
2989 == MediaWiki 1.38.0 ==
2991 === Changes since MediaWiki 1.38.0-rc.1 ===
2992 * Localisation updates.
2993 * (T309114) LocalFile::prerenderThumbnails: Limit the number of thumbnail
2995 * (T305779) phpunit: Support setting skin context in BundleSizeTest subclasses.
2996 * (T309028) SECURITY: ApiEditPage: update title after redirects.
2997 * (T308967) notifications: prevent log spam when invalid user object listed.
2998 * composer: Lock Parsoid version to specific 0.15.0 release.
2999 * (T306362, T308680) change-your-logo.svg: Resize to 135px square, re-crush,
3000 and manually minify.
3002 == MediaWiki 1.38.0-rc.1 ==
3004 === Changes since MediaWiki 1.38.0-rc.0 ===
3005 * Localisation updates.
3006 * (T305028) Undeprecate EditPage::$textbox2.
3007 * (T305635) LogActions is a map, not a list.
3008 * (T306721) Add wikimedia/equivset to vendor; needed by bundled AbuseFilter.
3009 * (T307284) Simplify TransactionManager::pendingWriteQueryDuration.
3010 * (T307307) Add symfony/yaml to vendor.
3011 * Fix old_name in UserLogoutComplete hook.
3012 * REST: don't send stack trace in error responses.
3013 * (T307998) SessionManager: stop storing an ObjectFactory instance.
3014 * (T193565) UserGroupManager: Fix dbDomain in addUserToGroup() deferred update.
3016 == Upgrading notes for 1.38 ==
3017 Don't forget to always back up your database before upgrading!
3019 See the file UPGRADE for more detailed per-version upgrade instructions from the
3020 oldest supported upgrading version, MediaWiki 1.29.
3022 Some specific notes for MediaWiki 1.38 upgrades are below:
3023 * (T191740) The AbuseFilter extension is now bundled with MediaWiki. This is an
3024 anti-abuse feature that lets privileged users to set specific actions to be
3025 taken when actions by users, such as edits or file uploads, match certain
3027 * (T232948) The Math extension is now bundled with MediaWiki. This is a content
3028 feature that lets users create mathematical formulæ, written in a sub-set of
3029 LaTeX and rendered in MathML with a fallback SVG image. By default, it will
3030 use Wikimedia's mathoid service to render each formula, but local rendering
3031 can be set up for network isolation or performance.
3032 * (T191743) The Minerva skin is now bundled with MediaWiki. This is a simple,
3033 light-weight, and scalable skin that is particularly optimised for mobile use,
3034 and integrates well with the MobileFrontend extension (available separately),
3035 but can also be used as a regular desktop skin.
3037 For notes on 1.37.x and older releases, see HISTORY.
3039 === Configuration changes for system administrators in 1.38 ===
3041 ==== New configuration ====
3042 * (T297708) $wgMaxExecutionTimeForExpensiveQueries - This setting can be used to
3043 control the maximum execution time for several expensive query pages (e.g.
3044 RecentChanges and UserContribs).
3045 * $wgBrowserFormatDetection – This setting allows overriding browsers' automatic
3046 detection and handling of formats. It's initially used to prevent auto-linking
3047 of possible telephone numbers in wiki pages' output in Safari on iOS; this can
3048 be re-enabled if you wish, or locally extended for other browsers' quirks.
3049 * (T240685) $wgMetricsTarget, $wgMetricsFormat, $wgMetricsPrefix - These provide
3050 configuration for a new MetricsFactory service with support for the dogstatsd
3051 format, intended for integration with Prometheus integration.
3052 * $wgGroupInheritsPermissions – This setting allows inheriting permissions, both
3053 granted and revoked, from another group.
3054 * $wgForeignApiRepos – ForeignAPIRepo now has a apiMetadataExpiry option to
3055 control for how long file metadata is cached. Additionally the default changed
3056 from 1 hour to 4 hours.
3057 * $wgSkinsPreferred – This lets you set a list of preferred skins to be listed
3058 higher in Special:Preferences.
3059 * $wgWikiFarmSettingsDirectory – A directory that contains site-specific
3060 configuration files. Setting this will enable multi-tenant ("wiki farm")
3061 mode, causing site-specific settings to be loaded based on information from
3062 the web request. EXPERIMENTAL.
3063 * $wgWikiFarmSettingsExtension – The file extension to be used when looking up
3064 site-specific settings files in $wgWikiFarmSettingsDirectory, such as 'json'
3065 or 'yaml'. EXPERIMENTAL.
3066 * $wgWikiFarmSiteDetector – A callback function that returns the name of the
3067 wiki for the current request. This is used in multi-tenant ("wiki farm")
3068 mode to determine which settings file to load from
3069 $wgWikiFarmSettingsDirectory. EXPERIMENTAL.
3070 * $wgEnableRemoteBagOStuffTests – This replaces the environment variable
3071 PHPUNIT_USE_BAGOSTUFF.
3072 * (T230211) $wgForceDeferredUpdatesPreSend – Force deferred updates to be run
3073 before sending a response to the client, instead of attempting to run them
3074 after sending the response. Setting this to true is useful for end-to-end
3075 testing, to ensure that the effects of a request are visible to any subsequent
3076 requests, even if they are made immediately after the first one. Note however
3077 that this does not ensure that database replication is complete, nor does it
3078 execute any jobs enqueued for later.
3079 * $wgTemplateLinksSchemaMigrationStage – Templatelinks table schema migration
3080 stage, for normalizing tl_namespace and tl_title fields.
3082 ==== Changed configuration ====
3083 * $wgStyleDirectory and $wgExtensionDirectory – These are now set later, so can
3084 no longer be used within LocalSettings.php unless explicitly set in that file.
3085 * $wgFileBackends – This setting no longer takes 'fileJournal' as an option.
3086 * $wgMaxImageArea - This setting may now be set to false to disable size.
3087 checking before scaling. Extensions can still override its value by using the
3088 BitmapHandlerCheckImageArea hook.
3089 * $wgAjaxUploadDestCheck – This is now deprecated, and act as always-true.
3090 * $wgInterwikiCache – This no longer supports the string value for CDB files.
3091 * $wgParserOutputHooks – This is now deprecated; adjustments using this should
3092 be done with OutputPageParserOutputHook instead. (T292321)
3093 * $wgExternalStores – This is newly documentated in
3094 includes/externalstore/README.md.
3096 ==== Removed configuration ====
3097 * $wgShellLocale - This setting has been removed as it was a flawed solution to
3098 the problem of locale dependence, MediaWiki will now always set a locale of
3099 C.UTF-8 or C and works around the remaining problems of the C locale by not
3100 using escapeshellarg. This follows the direction of PHP 8.0, which sets a
3101 locale of C by default instead of respecting LC_CTYPE.
3102 * $wgLoggedOutMaxAge - Experiment removed, originally added in 1.35. (T293848)
3103 * $wgIncludejQueryMigrate - Deprecated in 1.36. We only support jQuery v3.
3104 * $wgUseCategoryBrowser - This experimental feature has been removed. If you
3105 still need to use this feature, please see [[mw:Extension:CategoryExplorer]].
3106 * $wgStyleSheetPath - alias for $wgStylePath, deprecated since 1.3 (2004).
3108 === User-facing changes in 1.38 ===
3109 * (T284921) The "auto-number headings" feature was removed following a
3110 consultation, due to performance reasons.
3112 === New operator/developer features in 1.38 ===
3113 * EXPERIMENTAL: The environment variable MW_CONFIG_FILE can be used to specify
3114 the location of the settings file. This allows alternative settings files to
3115 be loaded depending on the environment. Settings files may be given as PHP
3116 files like the traditional LocalSettings.php file, or they may use JSON or
3118 See https://www.mediawiki.org/wiki/Manual:YAML_settings_file_format
3119 * Added a deleteUserEmail maintenance script - This file enables the deletion of
3120 a given user's associated email address. It can be helpful for
3121 privacy-preserving operations.
3122 * The description array for constructing an HTMLForm now can use 'disable-if' to
3123 disable fields on condition easily, supported expressions are the same as
3125 * There is a new interface, IForeignRepoWithMWApi, to allows you to mark file
3126 repos provided by an extension as supporting making API queries against the
3127 foreign file repo so that extensions like TimedMediaHandler that depend on
3128 this can stop hard-coding looking for specific class names.
3129 * Added EXPERIMENTAL support for an easy to configure multi-tenant ("wiki
3131 Settings for each site can be placed in a directory specified by
3132 $wgWikiFarmSettingsDirectory. Site detection is controlled by
3133 $wgWikiFarmSiteDetector and defaults to the requested host name.
3134 For example, setting $wgWikiFarmSettingsDirectory = "sites" would cause
3135 the settings for wiki.example.com to be loaded from
3136 "sites/wiki_example_com.yaml".
3137 WARNING: YAML files under the web root may be accessible to browsers, please
3138 take appropriate measures to protect them from access via HTTP.
3139 * Running QUnit tests for an individual test suite module is possible with
3140 `grunt qunit --qunit-component={componentName}`, where {componentName} is
3141 "MediaWiki" to run core's QUnit tests or the skin or extension name.
3142 * The 'mediawiki.mixins' module now has a `.user-select()` Less mixin.
3144 === External library changes in 1.38 ===
3146 ==== New external libraries ====
3147 * symfony/yaml was promoted from development-only.
3148 * justinrainbow/json-schema was promoted from development-only.
3150 ==== Changed external libraries ====
3151 * Updated OOUI from v0.42.0 to v0.43.2.
3152 * Updated Vue from 2.6.11 to 3.2.23.
3153 * Updated WVUI from v0.3.0 to v0.4.0.
3154 * Updated composer/semver from 3.2.5 to 3.2.6.
3155 * Updated guzzlehttp/guzzle from 7.2.0 to 7.4.5.
3156 * Updated pear/mail_mime from 1.10.9 to 1.10.11.
3157 * Updated pear/net_smtp from 1.9.2 to 1.10.0.
3158 * Updated psr/log from 1.1.3 to 1.1.4.
3159 * Updated psy/psysh from 0.10.5 to 0.11.1.
3160 * Updated symfony/polyfill-php80 from 1.23.1 to 1.25.0.
3161 * Updated wikimedia/assert from 0.5.0 to 0.5.1.
3162 * Updated wikimedia/cdb from 1.4.1 to 2.0.0.
3163 * Updated wikimedia/ip-utils from 3.0.2 to 4.0.0.
3164 * Updated wikimedia/minify from 2.2.4 to 2.2.6.
3165 * Updated wikimedia/object-factory from 3.0.2 to 4.0.0.
3166 * Updated wikimedia/parsoid from v0.14.0-a14 to v0.15.0.
3167 * Updated wikimedia/purtle from 1.0.7 to 1.0.8.
3168 * Updated wikimedia/request-timeout from 1.1.0 to 1.2.0.
3169 * Updated wikimedia/shellbox from 2.0.0 to 3.0.0.
3170 * Updated wikimedia/wrappedstring from 3.2.0 to 4.0.1.
3171 * Updated wikimedia/remex-html from 3.0.1 to 3.0.2.
3172 * Updated wikimedia/common-passwords from 0.3.0 to 0.4.0.
3174 ===== Changed development-only external libraries =====
3175 * Updated QUnit from 2.16.0 to 2.18.0.
3176 * Updated composer/semver from 3.5.4 to 3.5.5.
3177 * Updated composer/spdx-licenses from 1.5.4 to 1.5.5.
3178 * Updated doctrine/dbal for PHP < 7.3 from 2.10.4 to 2.13.6.
3179 * Updated doctrine/dbal for PHP >= 7.3 from 3.0.0 to 3.1.5.
3181 ==== Removed external libraries ====
3182 * jquery.jStorage, deprecated since MW 1.28; use "mediawiki.storage" instead.
3184 === Action API changes in 1.38 ===
3185 * New `deletetalk` parameter on action=delete that allows you to delete the
3186 associated talk page of a subject page.
3187 * New `variant` parameter for all API actions, for specifying language variant
3188 (akin to the existing `variant` parameter for index.php). Task T117549.
3190 === Languages updated in 1.38 ===
3191 MediaWiki supports over 400 languages. Many localisations are updated regularly.
3192 Below only new and removed languages are listed, as well as changes to languages
3193 because of Phabricator reports.
3195 * (T292166) Updated namespace names for the Lombard language.
3196 * (T299201) Changed the autonym of the Angika language to अंगिका
3197 * (T298309) Changed the autonym of the Abkhaz language to аԥсшәа
3198 * (T302972) Changed the autonym of the Kirundi language to ikirundi
3199 * (T220303) Show numbered lists with Burmese numerals in relevant languages
3200 * (T291899) Added language support for Xiang Chinese (hsn).
3201 * (T292612) Added language support for S'gaw Karen (ksw).
3202 * (T293656) Added language support for Farefare (gur).
3203 * (T294729) Added language support for Pa'O (blk).
3204 * (T296286) Added language support for Skolt Sámi (sms).
3205 * (T296612) Added language support for Makhuwa (vmw).
3206 * (T296707) Added language support for Ga (gaa).
3207 * (T297073) Added language support for Nanai (gld).
3208 * (T297074) Added language support for Nawdm (nmz).
3209 * (T298075) Added language support for Northern Thai (nod).
3210 * (T298182) Added language support for Cape Verdean Creole (kea).
3211 * (T298385) Added language support for Nheengatu (yrl).
3212 * (T299329) Added language support for Fon (fon).
3213 * (T300474) Added language support for Nkore (nyn).
3214 * (T302556) Added language support for Pannonian Rusyn (rsk).
3216 === Breaking changes in 1.38 ===
3217 * (T291008) The IP class, deprecated since 1.35 in favor of the IPUtils library,
3218 has been removed. The IP related regexes which were also deprecated in favor
3219 of the IPUtils library were also removed, IPUtils::RE_* should be used
3221 * (T293043) The MediaWikiIntegrationTestCase class alias 'MediaWikiTestCase' has
3223 * LinkCache::singleton(), deprecated since 1.28, has been removed.
3224 * RepoGroup::singleton(), ::destroySingletons() and setSingleton(), all
3225 deprecated since 1.34, have been removed.
3226 * The following methods from FileDeleteForm were removed:
3227 - ::__construct (the class is no longer newable)
3229 - ::haveDeletableFile()
3230 Use FileDeleteAction instead.
3231 * MessageCache::singleton(), deprecated since 1.34, has been removed.
3232 * LockManagerGroup::singleton() and ::destroySingletons(), both deprecated since
3233 1.34, have been removed.
3234 * FileBackendGroup::singleton() and ::destroySingletons(), both deprecated since
3235 1.35, have been removed.
3236 * TemplateParser used to support disabling the cache with a boolean parameter in
3237 its constructor. This was deprecated in 1.35 and has now been removed.
3238 * The ArticleUndeleteLogEntry hook, deprecated in 1.37, was removed.
3239 * The BeforeResetNotificationTimestamp hook, deprecated in 1.37, was removed.
3240 * The global function mimeTypeMatch() has been removed without a deprecation
3242 * The following JavaScript mw.config keys have been removed:
3246 - $wgCookieExpiration
3247 Use mw.cookie from the mediawiki.cookie module instead.
3248 * The signature of PageUpdater::markAsRevert method was changed. It has never
3249 been used outside of MediaWiki core.
3250 * If you want to use interwiki titles with HTMLTitleTextField, you now need to
3251 pass 'interwiki' => true. In 1.37, the default behavior was to let interwiki
3252 title through by default, logging a deprecation warning.
3253 * The `UndeleteForm::undelete` hook, deprecated in 1.37, was removed.
3254 * BagOStuff::setDebug(), deprecated since 1.36, has been removed.
3255 * The `jquery.mw-jump` ResourceLoader module was removed.
3256 * The `wgForeignUploadTargets` and `wgEnableUploads` configuration values were
3257 removed from mw.config. They had previously been documented as being included
3258 for internal use by the mediawiki.ForeignUpload module.
3259 *The `&$hasHistory` parameter to WikiPage::getAutoDeleteReason() and
3260 ContentHandler::getAutoDeleteReason() was hard-deprecated with no replacement.
3261 * Several Skin methods, which have emitted deprecation warnings since 1.36, have
3262 been removed. These include:
3263 - Skin::privacyLink()
3265 - Skin::disclaimerLink()
3266 For these, instead use Skin::footerLink() to alter footer links.
3268 For this, use ResourceLoaderSkinModule::getAvailableLogos() instead.
3269 - Skin::getIndicatorsHTML()
3270 For this, use Skin::getIndicatorsData() instead.
3271 - Skin::subPageSubtitle()
3272 For this, use Skin::prepareSubtitle() instead.
3273 - Skin::makeVariablesScript()
3274 For this, use ResourceLoader::makeInlineScript() instead.
3275 - Skin::getAllowedSkins()
3276 - Skin::getSkinNames()
3277 For these, use SkinFactory::getAllowedSkins() or ::getInstalledSkins().
3279 - Skin::getSearchLink()
3280 - Skin::mainPageLink()
3281 * Parser::getUser and ::mUser, as well as ParserOptions::getUser, deprecated
3282 since 1.37, has been removed.
3283 * Parser::$mStripState, deprecated in 1.35, has been made private. Use
3284 Parser::getStripState() instead.
3285 * The following deprecated features in blocks were removed:
3286 - DatabaseBlock constructor 'byText' property with blocker's name, use 'by'
3287 property with UserIdentity value instead.
3288 - DatabaseBlock constructor 'by' property with blocker's ID, use 'by' property
3289 with UserIdentity value instead.
3290 - DatabaseBlock::isWhitelistedFromAutoblocks, use ::isExemptedFromAutoblocks.
3291 - DatabaseBlock::setBlocker now only accepts UserIdentity.
3292 - AbstractBlock::getTargetAndType and ::getTarget, use ::getTargetName,
3293 ::getTargetUserIdentity and ::getType instead
3294 * The following functions, emitting deprecations since 1.37, have been removed:
3295 - Title::isWatchable()
3296 - WatchAction::doWatchOrUnwatch(), WatchAction::doWatch(),
3297 WatchAction::doUnwatch(), WatchAction::getWatchToken()
3298 - User::isWatched(), User::isTempWatched(), User::addWatch(),
3300 * ParserOptions::setTidy() that had no effect and was deprecated since 1.35 has
3302 * The "YAML" encoding option of EtcdConfig, has been removed without
3304 * The constant ApiBase::PARAM_VALUE_LINKS, deprecated since 1.35 has been
3306 * UserLoadOptions, UserSaveOptions and UserResetAllOptions hooks, deprecated
3307 since 1.37, were removed.
3308 * The experimental FileJournal system has been removed without deprecation. This
3309 includes the FileJournal abstract class, its implementation classes
3310 DBFileJournal and NullFileJournal, various minor getters and setters, and the
3311 option for the wiki configuration $wgFileBackends.
3312 * The return values for each `bind` function in checkboxHack.js has been changed
3313 from an object to a function. In addition, the `unbind` function has been
3314 removed. A deprecation process was assumed unnecessary as there were no known
3316 * File::getUser, ::getImageSize, ArchivedFile::getRawDescription, ::getUser,
3317 ::getRawUser and ::getRawDescription, deprecated since 1.37, has been removed.
3318 * ShellboxHttpClient class has been removed without deprecation. It was an
3319 internal class used by ShellboxClientFactory.
3320 * The following hard deprecated User methods have been removed:
3321 - ::resetIdByNameCache,
3322 - ::getStubThreshold,
3323 - ::matchEditTokenNoSuffix,
3324 - ::changeableByGroup,
3325 - ::changeableGroups,
3326 - ::isAllowUsertalk,
3331 - ::isValidUserName,
3333 - ::isCreatableName,
3334 - ::getCanonicalName,
3335 - ::addAutopromoteOnceGroups,
3336 - ::getDefaultOptions,
3337 - ::getDefaultOption,
3345 - ::getEffectiveGroups,
3346 - ::getAutomaticGroups,
3349 - ::getFirstEditTimestamp
3350 - ::getLatestEditTimestamp
3351 * Http::$httpEngine, deprecated since 1.34, has been removed. The only available
3352 HTTP engine is now Guzzle. CurlHttpRequest and PhpHttpRequest classes were
3354 * The UserRightsProxy class was deprecated. Pass the correct domain to
3355 UserGroupManagerFactory instead.
3356 * Parser option enableLimitReport was deprecated. The report is now generated
3357 post-parse and can be included by providing 'includeDebugInfo' option to
3358 ParserOutput::getText. Thus, ParserOptions::enableLimitReport and
3359 ::getEnableLimitReport methods were deprecated.
3360 * Ajax action that was deprecated in 1.27 now has been removed.
3361 * The following methods have been removed from IDatabase without deprecation as
3362 they were completely unused:
3363 - ::preCommitCallbacksPending()
3364 - ::pendingWriteRowsAffected()
3365 - ::getServerUptime()
3367 * The following deprecated methods have been removed from IDatabase:
3368 - ::aggregateValue() soft-deprecated since 1.33
3369 - ::getTopologyRootMaster() since 1.37
3370 - ::masterPosWait() since 1.37
3371 - ::dataSeek() soft-deprecated since 1.37
3372 - ::numFields() soft-deprecated since 1.37
3373 - ::fieldName() soft-deprecated since 1.37
3374 - ::onTransactionIdle() soft-deprecated since 1.32
3375 - ::getMasterPos() since 1.37
3376 * DatabaseMysqlBase::fieldType() and DatabasePostgres::fieldType(), deprecated
3377 since 1.37, have been removed.
3378 * Database::assertIsWritableMaster(), deprecated since 1.37, has been removed.
3379 * ResultWrapper::getInternalResult(), soft-deprecated since 1.37 and
3380 ResultWrapper::unwrap(), deprecated since 1.37, have been removed.
3381 * Language::AS_AUTONYMS, deprecated since 1.34, has been removed. You can use
3382 the LanguageNameUtils::AUTONYMS constant instead.
3383 * Several Language class variables deprecated in 1.35 have been removed; they
3384 are each replaced by a constant, as listed after the arrow:
3385 - ::$mWeekdayMsgs → WEEKDAY_MESSAGES
3386 - ::$mWeekdayAbbrevMsg → WEEKDAY_ABBREVIATED_MESSAGES
3387 - ::$mMonthGenMsgs → MONTH_GENITIVE_MESSAGES
3388 - ::$mIranianCalendarMonthMsgs → IRANIAN_CALENDAR_MONTHS_MESSAGES
3389 - ::$mHebrewCalendarMonthMsgs → HEBREW_CALENDAR_MONTHS_MESSAGES
3390 - ::$mHebrewCalendarMonthGenMsgs → HEBREW_CALENDAR_MONTH_GENITIVE_MESSAGES
3391 - ::$mHijriCalendarMonthMsgs → HIJRI_CALENDAR_MONTH_MESSAGES
3392 * wfIncrStats, deprecated since 1.36, has been removed.
3393 * Profiler::profileIn and ::profileOut, deprecated in 1.33, has been removed.
3394 * IEditObject::AS_CANNOT_USE_CUSTOM_MODEL, deprecated in 1.35, was removed.
3395 * Several protected methods in EditPage were made private. None of these was
3396 used outside of EditPage itself. Since the class is not stable to extend,
3397 this change happened without a deprecation phase.
3398 * The following public methods in EditPage, unused externally, were
3401 - ::isSupportedContentModel()
3402 - ::getParentRevId()
3403 * EditPage::setApiEditOverride() was marked as @internal for use by
3405 * SelectQueryBuilder::straightJoin() was renamed to straightJoinOption().
3406 * The following deprecated methods have been removed from ILBFactory:
3407 - ::beginMasterChanges() since 1.37
3408 - ::commitMasterChanges() since 1.37
3409 - ::rollbackMasterChanges() since 1.37
3410 - ::hasMasterChanges() since 1.37
3411 - ::hasOrMadeRecentMasterChanges() since 1.37
3412 * The "groupLoadsByDB" option to LBFactoryMulti has been removed. Consider using
3413 "groupLoadsBySection" instead.
3414 * The following methods have been removed from ILoadBalancer without deprecation
3415 as they were completely unused:
3418 - ::forEachOpenReplicaConnection()
3419 * The following deprecated methods have been removed from ILoadBalancer:
3420 - ::getMasterPos() since 1.37
3421 - ::finalizeMasterChanges() since 1.37
3422 - ::approveMasterChanges() since 1.37
3423 - ::beginMasterChanges() since 1.37
3424 - ::commitMasterChanges() since 1.37
3425 - ::runMasterTransactionIdleCallbacks() since 1.37
3426 - ::runMasterTransactionListenerCallbacks() since 1.37
3427 - ::rollbackMasterChanges() since 1.37
3428 - ::flushMasterSnapshots() since 1.37
3429 - ::hasMasterConnection() since 1.37
3430 - ::hasMasterChanges() since 1.37
3431 - ::lastMasterChangeTimestamp() since 1.37
3432 - ::hasOrMadeRecentMasterChanges() since 1.37
3433 - ::pendingMasterChangeCallers() since 1.37
3434 - ::forEachOpenMasterConnection() since 1.37
3435 - ::waitForMasterPos() since 1.37
3436 * LoadBalancer::safeGetLag() which has been soft-deprecated since 1.34 has been
3438 * The following properties of the EditPage class, deprecated since 1.35, were
3440 - ::$deletedSinceEdit
3448 - ::$allowBlankSummary
3451 - ::$hasPresetSummary
3455 - ::$nosummaryparentRevId
3459 * Special:ListFiles and Special:NewFiles no longer allows to search for parts of
3460 file names (option was not available for $wgMiserMode = true)
3461 * DBAccessBase, deprecated since 1.37, has been removed.
3462 * The UserNamePrefixSearch service no longer supports a UserIdentity parameter
3463 to search(), to check for a specific audience an Authority object is required.
3464 * The methods CoreParserFunctions::register() and CoreTagHooks::register() have
3465 been marked @internal, and had a seconds parameter added. These methods are
3466 intended for use in Parser's constructor, and are not used by any known
3468 * LoadBalancer::openConnection(), deprecated since 1.34, has been removed.
3469 * Skin::preloadExistence has been made private. There is no known usages outside
3472 === Deprecations in 1.38 ===
3473 * The MWGrants class is deprecated in favor of the new GrantsInfo and
3474 GrantsLocalization services.
3475 * The global functions wfReadOnly() and wfReadOnlyReason() have been deprecated
3476 in favor of the ReadOnlyMode service.
3477 * PageProps::getInstance() has been deprecated. Use
3478 MediaWikiServices::getPageProps() instead.
3479 * User::setOption(), deprecated since 1.35, now emits deprecation warnings.
3480 * Linker::formatComment(), ::formatLinksInComment(), ::commentBlock() and
3481 revComment() were deprecated. Use the new CommentFormatter service.
3482 * Several Skin methods have been deprecated.
3483 - Skin::setSearchPageTitle(), Skin::getSearchPageTitle(). For these,
3484 use SpecialPage::newSearchPage() or associated user preference instead.
3485 - Skin::getSkinStylePath now triggers deprecation warnings. Direct string path
3486 should be used instead.
3487 - SkinTemplate::getPersonalToolsList(), deprecated since 1.35, now emits
3488 deprecation warnings.
3489 - In preparation for SkinTemplate::getPortletData becoming a private
3490 function, extending the method is no longer permitted. Use
3491 SkinTemplate::getTemplateData instead.
3492 - SkinTemplate::buildContentNavigationUrls is now deprecated. Skins can
3493 use the runOnSkinTemplateNavigationHooks method or the
3494 SkinTemplateNavigation__Universal hook if they need access to this data.
3495 * Usage of several template data keys in QuickTemplate are now deprecated:
3496 - searchaction, poweredbyico, copyrightico
3497 * DatabaseBlock::purgeExpired(), deprecated since 1.36, now emits deprecation
3499 * The following methods from the User class now trigger deprecation warnings:
3502 * Content::getParserOutput and AbstractContent::fillParserOutput was
3503 hard-deprecated, use ContentRenderer::getParserOutput instead. Extensions
3504 defining a content model should override ContentHandler::fillParserOutput.
3505 * Title::newFromIDs and TitleFactory::newFromIDs have been hard deprecated. Use
3506 a PageSelectQueryBuilder from a PageStore instead.
3507 * Content::getRedirectChain() and Content::getUltimateRedirectTarget() have been
3508 deprecated with no replacement because support for $wgMaxRedirect will be
3509 removed completely. See T296430 for more information.
3510 * WikiPage::getRedirectTarget() has been deprecated. Use the equivalent
3511 RedirectLookup::getRedirectTarget() instead.
3512 * Article::doDelete() was deprecated. Use WikiPage::doDeleteArticleReal if you
3513 only need to delete the article. If you also need things to happen with
3514 OutputPage, you may want to check the hooks in DeleteAction instead.
3515 * Instantiating the MessageContent class now emits deprecation notices.
3516 * Message::content() now triggers deprecation warnings.
3517 * Parser::setDefaultSort(), Parser::getDefaultSort(), and
3518 Parser::getCustomDefaultSort() now trigger deprecation warnings. Use
3519 ParserOutput::{get,set}PageProperty('defaultsort') instead.
3520 * The following methods from the ParserOutput class now emit deprecation
3522 - ::hideNewSection() - use ::setHideNewSection()
3523 - ::preventClickjacking() - use ::{get,set}PreventClickjacking()
3524 - ::getProperty() - use ::getPageProperty() (return value changed)
3525 - ::setProperty() - use ::setPageProperty()
3526 - ::unsetProperty() - use ::unsetPageProperties()
3527 - ::getProperties() - use ::getPageProperties()
3528 - ::getCategoryLinks() - use ::getCategoryNames()
3529 - ::setCategoryLinks() - use ::setCategories()
3530 - ::addTrackingCategory() - use Parser::addTrackingCategory()
3531 or TrackingCategories::addTrackingCategory()
3532 - ::addWarning() - use ::addWarningMsg()
3533 - ::hasDynamicContent() - use ::hasReducedExpiry()
3534 * The following methods from the ParserOutput class were deprecated:
3535 - ::getFlag() - use ::getOutputFlag()
3536 - ::setFlag() - use ::setOutputFlag()
3537 - ::getAllFlags() - this method is now marked @internal
3538 - ::addJsConfigVars() - use ::setJsConfigVar() or ::appendJsConfigVar()
3539 - ::addOutputHook() / ::getOutputHooks() - these hooks should be migrated
3540 to use the OutputPageParserOutput hook instead
3541 * The use of ParserOutput::setExtensionData() to overwrite previous values
3542 stored under a given key has been deprecated; use the new
3543 ::appendExtensionData() to collect multiple values in the ParserOutput rather
3544 than destructively updating stored values. (T300981)
3545 * The signatures of the following methods from the ParserOutput class were
3546 narrowed, restricting the permitted argument types:
3547 - ::addModules() - if you formerly passed a string, pass an array with
3548 the string as the only element.
3549 - ::addModuleStyles() - if you formerly passed a string, pass an array
3550 with the string as the only element.
3551 * Access to the following public or protected properties of OutputPage was
3552 deprecated; they will be made private or removed in a future release.
3553 Use accessor functions instead.
3562 - ::$mEnableClientCache
3563 - ::$mNewSectionLink
3564 - ::$mHideNewSectionLink
3566 * The following methods were deprecated; use ::setPreventClickjacking(..)
3568 - OutputPage::preventClickjacking()
3569 - OutputPage::allowClickjacking()
3570 - ImageHistoryList::preventClickjacking()
3571 - ImageHistoryPseudoPager::preventClickjacking()
3572 - ContribsPager::preventClickjacking()
3573 * OutputPage::enableClientCache() was deprecated, because it is universally used
3574 to do the opposite -- use OutputPage::disableClientCache() instead.
3575 * Sanitizer::removeHTMLtags() has been deprecated. Its output can include
3576 unbalanced or ill-formed HTML and thus external callers may be misled about
3577 how to safely incorporate its output into a page. It is recommended to use the
3578 new Sanitizer::removeSomeTags() method instead, which will always return
3580 * EventRelayerKafka was deprecated. To use $wgEventRelayerConfig with Kafka,
3581 add a similar class to your code.
3582 * MediaWiki\Logger\Monolog\KafkaHandler was deprecated. Consider using
3583 $wgMWLoggerDefaultSpi with SyslogHandler, or to use Kafka, add a similar
3584 Monolog handler class to your code.
3585 * Collation::singleton() and ::factory() now trigger deprecation warnings.
3586 * The following methods in MWNamespace, all deprecated since 1.34, now emit
3587 deprecation warnings:
3591 - getCanonicalNamespaces()
3592 - getCanonicalName()
3593 - getCanonicalIndex()
3594 - getValidNamespaces()
3597 - getContentNamespaces()
3598 * Return values in the parameter $pageLang of the hook PageContentLanguage with
3599 other types than a Language object, deprecated since 1.33, now emmits
3600 deprecation warnings.
3601 * Passing a db to BlockRestrictionStore::loadByBlockId() is deprecated.
3602 BlockRestrictionStoreFactory should be used to fetch a correct
3603 BlockRestrictionStore instead.
3604 * All external access to ParserOutput and CacheTime classes properties will now
3605 emit deprecation warnings. Use getters and setters instead.
3606 * The custom jQuery event `watchpage.mw` emitted on #ca-watch and #ca-unwatch is
3607 now deprecated in favour of the new `wikipage.watchlistChange` hook.
3608 * The global function wfLogProfilingData() has been deprecated without a
3609 replacement. The logic has been moved to the MediaWiki class.
3610 * The "trace" option of SectionProfiler has been deprecated.
3611 * The PageArchive class has had several methods deprecated. The replacements are
3613 - Use UndeletePage instead of ::undeleteAsUser(), ::getFileStatus() and
3614 ::getRevisionStatus().
3615 - Use the respective methods of the new ArchivedRevisionLookup service
3616 instead of ::listRevisions, ::getRevisionRecordByTimestamp,
3617 ::getArchivedRevisionRecord, ::getPreviousRevisionRecord and
3618 ::getLastRevisionId.
3619 - Use ArchivedRevisionLookup::hasArchivedRevisions instead of ::isDeleted.
3620 * PageUpdater::isUnchanged() has been deprecated, use wasRevisionCreated()
3622 * The `mediawiki.pager.tablePager` module was deprecated in favor of the more
3623 generic `mediawiki.pager.styles`.
3624 * wfGetCache() and wfGetMainCache(), both deprecated since 1.32, now emit
3625 deprecation warnings.
3626 * LinkCache::addGoodLinkObj() has been hard deprecated.
3627 * ApiStashEdit::parseAndStash has been hard deprecated.
3628 * Content::prepareSave was hard-deprecated, now emits deprecation warnings.
3629 Use ContentHandler::validateSave instead.
3630 * The hooks LinksUpdateAfterInsert and LinksUpdateConstructed were deprecated.
3631 * Access to all public properties in LinksUpdate was deprecated.
3632 * The global variable $IP has been deprecated for use in application logic.
3633 It will remain available for use in LocalSettings.php for now, though
3634 $wgBaseDirectory is preferred.
3635 Application logic should use the BaseDirectory setting from the main config.
3636 Tests and framework code that need to function without MediaWiki being
3637 fully initialized should use the MW_INSTALL_PATH constant.
3638 * The global function wfWikiID(), deprecated since 1.35, now emits deprecation
3640 * AbstractBlock::getBy() now takes a wikiId as a parameter and emits deprecation
3641 warnings in case of cross-wiki accesses.
3642 * The `button` parameter for `bindUpdateAriaExpandedOnInput` and
3643 `updateAriaExpanded` in checkboxHack.js have been deprecated.
3644 `bindToggleOnSpaceEnter` has also been deprecated in favor of
3645 `bindToggleOnEnter`.
3646 * IDatabase::lockTables() and IDatabase::unlockTables() have been deprecated
3647 with no replacement. Instead, callers should batch updates into atomic
3648 transactions, using FOR UPDATE for SELECT queries.
3649 * EditPage::addNewLineAtEnd() was deprecated; use
3650 TextboxBuilder::addNewLineAtEnd instead.
3651 * EditPage::getCopywarn() was deprecated; use EditPage::getCopyrightWarning
3653 * EditPage::getCopyrightWarning() without passing a MessageLocalizer parameter
3654 has been deprecated.
3655 * Passing the $formCallback parameter to EditPage::showEditForm, deprecated in
3656 1.25 and previously emitting a warn notice, now emits a deprecation notice.
3657 * EditPage::$action has been deprecated.
3658 * The following properties in EditPage now emit deprecation notices when used
3660 - mArticle (use ::getArticle() instead)
3661 - mTitle (use ::getTitle() instead)
3662 - isNew (no replacement)
3663 - allowBlankArticle (no replacement)
3664 - selfRedirect (no replacement)
3665 - allowSelfRedirect (no replacement)
3666 - diff (no replacement)
3667 - textbox2 (no replacement)
3668 - undoAfter (no replacement)
3669 - edit (no replacement)
3670 - contentLength (no replacement)
3671 * The HTMLForm methods getPreText, setPreText, addPreText, getPostText,
3672 setPostText, addPostText, getHeaderText, setHeaderText, addHeaderText,
3673 getFooterText, setFooterText and addFooterText have been renamed to
3674 getPreHtml, setPreHtml, addPreHtml, getPostHtml, setPostHtml, addPostHtml,
3675 getHeaderHtml, setHeaderHtml, addHeaderHtml, getFooterHtml, setFooterHtml and
3676 addFooterHtml respectively.
3677 * The FormSpecialPage methods preText and postText have been renamed to preHtml
3678 and postHtml respectively.
3679 * Article::doDelete, deprecated in 1.37, now emits deprecation notices.
3680 * The following Less mediawiki.mixins have been deprecated:
3681 - .background-image()
3682 - .list-style-image()
3683 * Category::getPageCount now takes a parameter. Category::COUNT_ALL_MEMBERS
3684 return count of all members while Category::COUNT_CONTENT_PAGES return that
3685 of content pages. For the former behavior use Category::getMemberCount()
3686 * Using `new HTMLForm( … )` or `HTMLForm::factory( … )` without the $context
3687 parameter is now deprecated.
3688 * BagOStuff::incr() and BagOStuff::decr() are now deprecated.
3689 * Action::exists() and ActionFactory::actionExists() are deprecated, use
3690 (bool)ActionFactory::getAction().
3692 === Other changes in 1.38 ===
3693 * The following things were changed in the file deletion form:
3694 - The name and ID of the submit button are now `wpConfirmB`, not
3695 `mw-filedelete-submit`
3696 - The ID of the form is now `deleteconfirm`, not `mw-img-deleteconfirm`
3697 - The `mw-filedelete-editreasons` class was replaced with
3698 `mw-delete-editreasons`
3699 The goal of these changes is to make the HTML more similar to that of
3700 normal page deletion.
3701 * ParserOptions created with ::newFrom* or ::newCanonical are now identical.
3702 * MediaWiki initialization order have been changed to load vendor autoload
3703 earlier. This means that extensions that are installed via composer and
3704 execute code upon autoloading can not depend on any MediaWiki classes,
3705 constants or globals in that code.
3706 * The source of truth for configuration defaults is now the MainConfigSchema
3707 class. DefaultSettings.php still exists for backwards compatibility. A PHP
3708 file generated for optimized loading will be used in Setup.php to initialize
3709 configuration variables. Setup.php can be made to load DefaultSettings.php
3710 as before by setting MW_USE_LEGACY_DEFAULT_SETTINGS as an environment
3711 variable (e.g. via SetEnv in htaccess) or a PHP constant (e.g. via
3712 auto_prepend_file in php.ini).
3715 MediaWiki 1.38 requires PHP 7.3.19 or later and the following PHP extensions:
3726 MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used,
3727 but support for them is somewhat less mature.
3729 The supported versions are:
3731 * MySQL 5.5.8 or later
3732 * PostgreSQL 9.4 or later
3733 * SQLite 3.8.0 or later
3735 == Online documentation ==
3736 Documentation for both end-users and site administrators is available on
3737 MediaWiki.org, and is covered under the GNU Free Documentation License (except
3738 for pages that explicitly state that their contents are in the public domain):
3740 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
3743 A mailing list is available for MediaWiki user support and discussion:
3745 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
3747 A low-traffic announcements-only list is also available:
3749 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
3751 It's highly recommended that you sign up for one of these lists if you're
3752 going to run a public MediaWiki, so you can be notified of security fixes.
3755 There's usually someone online in #mediawiki on irc.libera.chat.
3759 == MediaWiki 1.37.6 ==
3761 This is a maintenance release of the MediaWiki 1.37 branch.
3763 === Changes since MediaWiki 1.37.5 ===
3764 * Fix missing use statement from backport of fix for T307278.
3766 == MediaWiki 1.37.5 ==
3768 This is a security and maintenance release of the MediaWiki 1.37 branch.
3770 === Changes since MediaWiki 1.37.4 ===
3771 * Localisation updates.
3772 * (T312519, T312520) Parser::extensionSubstitution() Don't run substr() on null.
3773 * (T287564) populateInterwiki: Include not null columns iw_api/iw_wikiid.
3774 * (T312302) SpecialRedirect: Don't pass null to explode.
3775 * RemoveInvalidEmails: Fix quoting for postgres.
3776 * (T312678) import: UploadSourceAdapter::stream_read() don't pass null to
3778 * (T312300) SpecialDiff: Don't pass null to explode().
3779 * (T312680) parser: Fix CoreParserFunctions::urlencode() null coalescence $arg.
3780 * (T289926) Handle null passed to wfShorthandToInteger() and Html::element().
3781 * (T289926) Ensure that strlen() does not get passed a (valid) null.
3782 * (T312301) SpecialDiff: Don't pass null to trim().
3783 * Hooks: Use more meaningful name for SkinAfterPortlet hook parameter.
3784 * (T289926) Ensure we don't pass null to mb_strlen.
3785 * (T312305, T311572, T311571, T311578) HTMLForm: Null coalescence in trim()
3787 * (T289926) site: Consistently return null from Site::getDomain().
3788 * (T307304, T289879) filebackend,jobqueue: Add signature for
3789 FilterIterator::accept().
3790 * (T312183) rdbms: Adapt hasOrMadeRecentPrimaryChanges test mock for PHP 8.1.
3791 * Add application/vnd.ms-opentype to MIME list.
3792 * Allow composer/installers plugin in composer.json.
3793 * Change type hints for BatchRowIterator and NotRecursiveIterator for
3794 compatibility with PHP 8.1.
3795 * (T313663) [php8.1] Change override of $wgResourceBasePath for CSP tests.
3796 * (T313663) parser: Mock WikiPage::getContentModel in ParserCacheTest to fix
3798 * (T313663) [php8.1] Make WikiImporterFactoryTest use better mock for
3800 * Fix tests so getName() doesn't return null.
3801 * (T313663) [php8] Don't use strlen on potentially null string.
3802 * (T313663) [php8.1] Suppress test warning about providing null.
3803 * (T313663) Parser will use current timestamp instead of null if passed a
3804 RevisionRecord that does not have a timestamp.
3805 * (T313663) Add explicit null check for $sha in FileBackend [php8.1].
3806 * (T313663) LogFormatter: Cast argument of ctype_digit to string [php8.1].
3807 * (T313663) Mock UserOptionsManager::getOption for php8.1.
3808 * (T289879, T289926) Get rid of warnings on PHP 8.1.
3809 * (T313663) Check for null return of preg_replace in MediaWikiTitleCodec.
3810 * (T313663) cast db name to string when checking if it is read only [php8.1].
3811 * (T313663) Avoid testing strlen on null in ApiQuerySiteinfo [php 8.1 compat].
3812 * Fix a couple deprecation warnings in the installer under PHP 8.1.
3813 * (T313663) Use default timezone UTC for SpecialWatchlistTest [php 8.1].
3814 * (T313663) Mock User::getTitleKey in SpecialPreferencesTest [php 8.1].
3815 * (T314096) Migrate use of ${var}-style string interpolation.
3816 * (T314099) preprocessor: Add missing field declarations.
3817 * (T313663, T313662) Make default value for optional args {{PAGESINCAT:..}} be
3819 * (T314225) SpecialCategories: Null coalescene $par.
3820 * (T314099) User: Allow dynamic properties on PHP 8.2.
3821 * (T314397) SpecialBlock: Better handle null in getTargetUserTitle.
3822 * (T314099) phpunit: Fix trivial dynamic property usages in tests.
3823 * (T314405) UploadStash: Check if us_prop is set in the fileMetadata.
3824 * (T313663) Make ChangesListSpecialPageTest cast to string for php 8.1.
3825 * (T313663) Do not test giving a null fragment to Title::makeTitle.
3826 * (T314550) SpecialMergeHistory: Set timestamp to '' if no mergepoint.
3827 * (T314551) SpecialMergeHistory: Set defaults for target and dest parameters.
3828 * api: Add rel=nofollow to help examples.
3829 * (T307613) Validate length of user email on Special:ChangeEmail/
3830 Special:CreateAccount.
3831 * (T314226) LoginSignupSpecialPage: Check if $value is a string before length.
3832 * (T314824) tests: Update parser test after i18n change.
3833 * (T295958, T278847) MediaWiki-Docker: Switch PHP images to PHP7.4.
3834 * (T314906, T314907) SpecialBlock: Set defaults for wpPageRestrictions and
3835 wpNamespaceRestrictions.
3836 * (T315309) ImportStreamSource::newFromURL() Prevent passing null to fwrite.
3837 * (T315892) composer.json: Pin phpunit to 8.5.28.
3838 * (T313049) Bump wikimedia/parsoid to v0.14.2.
3839 * (T317750) session: Fix broken SessionTest case due to PHPUnit dependency
3841 * (T318079) SpecialEditTags: Set default value of wpTagsToRemove to empty array.
3842 * (T318460) SpecialChangeEmail: Set default for returntoquery.
3843 * (T318307) Update docs for HTMLFormField::validate() to permit all data types.
3844 * (T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results
3845 in an IP range check on Special:Contributions.
3846 * (T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence
3848 * (T307278, CVE-2022-41766) SECURITY: On action=rollback the message
3849 "alreadyrolled" can leak revision deleted user name.
3851 == MediaWiki 1.37.4 ==
3853 This is a maintenance release of the MediaWiki 1.37 branch.
3855 === Changes since MediaWiki 1.37.3 ===
3856 * Localisation updates.
3857 * (T311568) UploadBase::setTempFile() handle $tempPath being passed as null.
3858 * (T311559) SpecialListFiles: user parameter isn't always present.
3859 * (T311561) ImageListPager: Don't call htmlspecialchars() on null.
3860 * (T311920) SpecialBlockList: Prevent passing null to trim().
3861 * (T311921) SpecialUserrights: Don't pass null to str_replace.
3862 * (T311570) SpecialWithoutInterwiki: Don't pass null through to
3863 Title::capitalize().
3864 * (T311574, T311576) SpecialLinkSearch: Don't pass null through to the parser.
3865 * (T312059) Update guzzlehttp/guzzle to 7.4.5 in vendor.
3866 * (T296435, T297669) cache: Add four fields to LinkCache::getSelectFields.
3868 == MediaWiki 1.37.3 ==
3870 This is a security and maintenance release of the MediaWiki 1.37 branch.
3872 === Changes since MediaWiki 1.37.2 ===
3873 * Localisation updates.
3874 * (T289879) Type hints for ArrayAccess and JsonSerializable.
3875 * (T304783) TemplateParser: avoid warnings when called by NoLocalSettings.
3876 * Rebuilt vendor with composer 2.3.3.
3877 * Fix old_name in UserLogoutComplete hook.
3878 * (T289879) Address some deprecations for PHP 8.1.
3879 * (T193565) UserGroupManager: Fix dbDomain in addUserToGroup() deferred update.
3880 * (T309114) LocalFile::prerenderThumbnails: Limit the number of thumbnail jobs
3882 * (T307982) Updated wikimedia/parsoid from v0.14.0 to v0.14.1.
3883 * (T308471) SECURITY: Escape welcomeuser message passed to showSuccessPage().
3884 * (T308473) SECURITY: Escape contributions-title msg for use within page title.
3885 * (T311272) Call parent constructor of AddSite maintenance script first.
3886 * MediaWiki: Don't eagerly initialize action name.
3887 * Updated wikimedia/shellbox from v2.0.0 to v2.1.1.
3888 * (T311384, CVE-2022-27776) Updated guzzlehttp/guzzle from 7.2.0 to 7.4.5.
3889 * (T289926) Avoid passing null to trim() in SkinTemplate.
3890 * (T311473) rollbackEdits: Pass user identity to RollbackPage.
3891 * (T307282) Avoid passing null to strcasecmp(), for PHP 8.1.
3892 * (T311551) ShellboxClientFactory::getUrl(): Check if $this->key is null.
3893 * (T311552) ChangesListSpecialPage: Don't pass null to FormatJson::decode().
3894 * (T311569) FileBackend::isStoragePath() Handle being passed null.
3895 * (T311544) Pass int to ApiUsageException::newWithMessage()'s $httpCode param.
3896 * (T311678) SpecialEditWatchlist: Prevent passing null to strtolower().
3897 * (T281741) ChangeTags: Fix adding CSS classes for hidden tags.
3898 * (T296642) changetags: Fix management of a '0' tag.
3899 * (T311554) ChangeTags: Return early in formatSummaryRow() if $tags === null.
3900 * (T303033) Handle null in ChangeTags::modifyDisplayQuery.
3901 * Updated wikimedia/common-passwords from 0.3.0 to 0.4.0.
3903 == MediaWiki 1.37.2 ==
3905 This is a security and maintenance release of the MediaWiki 1.37 branch.
3907 === Changes since MediaWiki 1.37.1 ===
3908 * (T298261) Fix support for Composer 2.2.
3909 * (T298283) composer.json: Add wikimedia/composer-merge-plugin to allow-plugins.
3910 * Update doctrine/dbal (3.0.0 => 3.1.5).
3911 * (T296898) Add entry point name to disabled Session exception if possible.
3912 * (T298564) MemcachedClient: Add support for IPv6.
3913 * (T297543, CVE-2022-28202) SECURITY: properly escape output used within
3914 galleries and Special:RevisionDelete.
3915 * (T289956) WatchAction: Fix bug that prevents showing proper success
3916 message in the noscript fallback mode.
3917 * (T268847) Suppress deprecation warnings from libxml_disable_entity_loader().
3918 * (T283275) Fix PHP 8.0 failure of RefreshSecondaryDataUpdateTest.
3919 * (T283275) Fix PHP 8.0 failure of WikiExporterFactoryTest.
3920 * (T275673) objectcache: Avoid getCurrentTime() call in MapCacheLRU::has().
3921 * (T275673) objectcache: split up MapCacheLRU::getAge() to avoid conditional
3923 * Fix the json schema and the extension processor for Parsoid extension modules.
3924 * (T299696) update.php: Avoid passing null to substr.
3925 * (T195807, T256401) Fix signature of DatabasePostgres::buildGroupConcatField.
3926 * In PHP 8.1 don't throw exceptions from mysqli.
3927 * (T289926) SiteConfiguration: Don't pass null to str_replace().
3928 * (T264735) Fix deprecation warning from CURLPIPE_HTTP1.
3929 * (T260735) Stop using is_resource() where possible.
3930 * (T289879) Apply ReturnTypeWillChange to various implementations of built in
3932 * (T299312) Implement __serialize/__unserialize for PHP 8.1 support.
3933 * ExtensionRegistry: Add process cache for lazy attributes.
3934 * (T301041) ApiPageSet: Add "missing": true to missing revisions.
3935 * Allow ParsoidModules extension schema to register services.
3936 * (T300462) SpecialUndelete: Do not show empty comments as deleted.
3937 * (T297708) Allow setting max execution time to several special pages.
3938 * (T205349) LinkCache: Try invalidating cache before throwing.
3939 * (T302540) composer.json: Add ext-calendar to require.
3940 * (T302540) composer.json: Add ext-simplexml to require-dev.
3941 * (T302540) composer.json: Add various PHP extensions to suggests.
3942 * Upgrading symfony/polyfill-php80 (v1.23.1 => v1.25.0).
3943 * (T304008) Don't re-check "Move subpages" on Special:MovePage after a warning.
3944 * (T293576) listFiles: Display file name instead of version.
3945 * (T303871) Fix @since of Title::getId().
3946 * (T303560) Installer: Check correct PCRE_CONFIG_NEWLINE value.
3947 * wrapOldPasswords: add \n to two output calls.
3948 * (T297571, CVE-2022-28201) Title::newMainPage() goes into an infinite recursion
3949 loop if it points to a local interwiki.
3950 * (T297731, CVE-2022-28203) Requesting Special:NewFiles on a wiki with many file
3951 uploads with actor as a condition can result in a DoS.
3952 * (T297754, CVE-2022-28204) Special:WhatLinksHere can result in a DoS when a
3953 page is used on a extremely large number of other pages.
3955 == MediaWiki 1.37.1 ==
3957 This is a security and maintenance release of the MediaWiki 1.37 branch.
3959 === Changes since MediaWiki 1.37.0 ===
3960 * (T296112) Allow inserting new sections named '0'.
3961 * Fix path for ZhConversion.php.
3962 * nukeNS: don't run purgeRedundantText() after every change.
3963 * (T286779, T297031) installer: Fix Postgres mistakes in using changeField
3965 * (T225888) RollbackAction: fix missing pagetitle.
3966 * (T297322, CVE-2021-44858, CVE-2021-44857) SECURITY: Fix permissions checks in
3968 * (T297574, CVE-2021-45038) SECURITY: Fix permissions check in action=rollback.
3969 * (T34716, T297416) SECURITY: Require 'read' right for most actions.
3970 * (T271037, CVE-2021-44856) SECURITY: Fix use of EditFilterMergedContent hook
3971 when changing content model.
3973 == MediaWiki 1.37.0 ==
3975 === Changes since MediaWiki 1.37.0-rc.2 ===
3976 * Remove justinrainbow/json-schema from vendor.
3977 * Updated pear/mail_mime from 1.10.9 to 1.10.11.
3978 * Update deprecated Guzzle Psr7 function calls.
3979 * (T281972) UserIdentityValue: Correct @since tags.
3980 * Updated wikimedia/parsoid from v0.14.0-a19 to v0.14.0.
3981 * Localisation updates.
3982 * Tweak error message for missing composer dependencies.
3984 == MediaWiki 1.37.0-rc.2 ==
3986 === Changes since MediaWiki 1.37.0-rc.1 ===
3987 * (T295173) Re-add wikimedia/normalized-exception to vendor.
3988 * Remove wikimedia/testing-access-wrapper, psr/simple-cache, psr/http-factory
3990 * (T295191) ApiQuerySiteinfo: Fix "rightsinfo"/"url" when $wgRightsPage is set.
3991 * (T212428) Allow populateContentTables to continue when there are bad blobs.
3993 == MediaWiki 1.37.0-rc.1 ==
3995 === Changes since MediaWiki 1.37.0-rc.0 ===
3996 * (T294043) checkStorage: pass no parameters to WikiRevision::getContent().
3997 * (T292763, CVE-2021-44854) SECURITY: Do not cache private wiki completion
3999 * (T293783) ApiQueryImageInfo: don't show empty comments as deleted.
4000 * (T294316) Revert "Mark ApiClientLogin/ApiLogin as requiring write mode".
4001 * (T294796) JobQueueRedis: Replace deprecated zSize with zCard.
4002 * Remove duplicate settings from DefaultSettings.
4003 * (T278037) NoLocalSettings: Pass an EmptyBagOStuff to TemplateParser.
4005 == MediaWiki 1.37.0-rc.0 ==
4007 == Upgrading notes for 1.37 ==
4008 Don't forget to always back up your database before upgrading!
4010 See the file UPGRADE for more detailed per-version upgrade instructions from the
4011 oldest supported upgrading version, MediaWiki 1.27.
4013 Some specific notes for MediaWiki 1.37 upgrades are below:
4014 * (T280806) Deprecated methods of fetching API tokens have been removed. This
4015 may cause older bots and scripts to fail. Most queries are trivially
4016 updateable to using new methods. See the Action API changes section below
4017 for more information.
4019 For notes on 1.36.x and older releases, see HISTORY.
4021 === Configuration changes for system administrators in 1.37 ===
4022 * (T242768) The PasswordCannotMatchUsername password policy has been removed,
4023 please use PasswordCannotBeSubstringInUsername instead. If you have not
4024 customised your password policies, there will be nothing to do here.
4026 ==== New configuration ====
4027 * $wgBrowserFormatDetection - This setting allows the enabling or disabling
4028 of automatic detection of possible phone numbers in a webpage in iOS Safari.
4029 * $wgParserEnableLegacyMediaDOM - This setting defaults to true, and enables
4030 the legacy media HTML structure in the output from the Parser. The
4031 alternative modern HTML structure for media is described at
4032 https://www.mediawiki.org/wiki/Parsing/Media_structure
4033 In a future release of MediaWiki this option will default to false,
4034 so it's a good idea to test this setting on your wiki early and report
4037 ==== Changed configuration ====
4038 * $wgContentHandlerTextFallback - This migration setting, which defines how to
4039 react if a plain text version of a non-text Content object is requested using
4040 ContentHandler::getContentText(), is deprecated.
4041 * $wgActions – This setting lets sysadmins over-ride which actions can be used.
4042 It has been re-worked to support injecting dependencies into Action sub-
4043 classes as part of wider work on dependency injection. Previously, $wgActions
4044 was an array where the keys were the names of actions, and the values had the
4045 following impacts (for a given key 'Foo'):
4046 - `true`: use the class 'FooAction' unless for a specific page
4047 WikiPage::getActionOverrides() wants to override that action
4048 - a string: use the class with that name, and do not allow over-riding on a
4050 - `false`: the action is disabled
4051 - a callable: use the Action instance returned by invoking that callback, and
4052 do not allow overriding on a per-page basis
4053 - an object: use that specific Action instance, and do not allow overr-iding
4054 on a per-page basis.
4055 As part of T253078, values can now be arrays that are not callables, which are
4056 treated as ObjectFactory specs, allowing for services to be injected.
4057 Additionally, the distinction between values that allow per-page overrides and
4058 those that do not was removed - all actions can now be overridden on a per-
4059 page basis using WikiPage::getActionOverrides().
4060 * $wgShellboxUrl – This setting, new in 1.36 to configure the novel Shellbox
4061 encapsulation system, is now deprecated; use $wgShellboxUrls as a mapping of
4062 service => URL instead.
4063 * $wgIncludejQueryMigrate – This setting, introduced in 1.29 to on whether to
4064 provide a migration layer for jQuery, has now switched its default value from
4065 true to false. This may break gadgets that depended on methods that were
4066 removed in jQuery 3 in 2017. See T280944 for more information.
4067 * A number of settings have been renamed. The former configuration variable
4068 names are deprecated, but will be used as the fall back if they are still set,
4069 and remain temporarily available for extensions which might try to read them:
4070 - $wgFileBlacklist is now $wgProhibitedFileExtensions
4071 - $wgMimeTypeBlacklist is now $wgMimeTypeExclusions
4072 - $wgEnableUserEmailBlacklist is now $wgEnableUserEmailMuteList
4073 - $wgShortPagesNamespaceBlacklist is now $wgShortPagesNamespaceExclusions
4074 * $wgMimeTypeExclusions - As well as being renamed, this configuration array now
4075 also prohibits the RFC 4329 form of JavaScript, 'application/javascript', as
4076 well as previous MIME types.
4077 * $wgFragmentMode - This setting, which determines the encoding of section IDs,
4078 has now switched its default value from legacy-first to html5-first: both the
4079 HTML5 anchor and the legacy percent-encoding-style anchor will still be
4080 generated for section titles, but references to them will use the HTML5
4081 version, resulting in human-readable fragments.
4083 ==== Removed configuration ====
4084 * $wgLegacyJavaScriptGlobals, deprecated in 1.36.
4085 * (T274695) $wgAjaxEditStash, deprecated in 1.36.
4086 * $wgShowDBErrorBacktrace, deprecated and non-functional since 1.32.
4087 * $wgShowSQLErrors, deprecated and non-functional since 1.32.
4088 * $wgLangObjCacheSize, without deprecation; the LanguageFactory service now
4089 always retains at most 10 objects in its LRU-cache.
4090 * $wgDjvuToXML, without deprecation; the tool it enables is obsolete and
4091 abandoned upstream. Use $wgDjvuDump to use that tool instead.
4093 === New user-facing features in 1.37 ===
4094 * (T161934) MediaWiki now supports JPEG2000 files, to a limited extent.
4096 === External library changes in 1.37 ===
4098 ==== New external libraries ====
4099 * Added symfony/polyfill-php80 1.23.1.
4100 * Added whatwg-fetch 3.6.2.
4101 * Added wikimedia/normalized-exception 1.0.1.
4103 ==== Changed external libraries ====
4104 * Updated OOjs from v5.0.0 to v6.0.0
4105 * Updated OOjs-Router from v0.2.0 to v0.3.0
4106 * Updated OOUI from v0.41.3 to v0.42.0
4107 * Updated WVUI from v0.1.0 to v0.3.0
4108 * Updated cssjanus/cssjanus from v1.3.0 to v2.1.0.
4109 * Updated pear/mail_mime from 1.10.9 to 1.10.11.
4110 * Updated psr/container from v1.0.0 to v1.1.1.
4111 * Updated wikimedia/minify from v2.2.2 to v2.2.4.
4112 * Updated wikimedia/object-factory from v3.0.0 to v3.0.2.
4113 * Updated wikimedia/parsoid from v0.13.1 to v0.14.1.
4114 * Updated wikimedia/relpath from v2.1.1 to v3.0.0.
4115 * Updated wikimedia/remex-html from v2.3.1 to v2.3.2.
4116 * Updated wikimedia/shellbox from v1.0.4 to v2.1.1.
4117 * Updated wikimedia/wait-condition-loop from v2.0.1 to v2.0.2.
4118 * Updated zordius/lightncandy from v1.2.5 to v1.2.6.
4119 * Updated guzzlehttp/guzzle from 7.2.0 to 7.4.5.
4120 * Updated wikimedia/common-passwords from 0.3.0 to 0.4.0.
4122 ===== Changed development-only external libraries =====
4123 * Updated qunit from 2.10.0 to 2.16.0.
4125 ==== Removed external libraries ====
4126 * The pimple/pimple development-only library has been removed.
4128 === Action API changes in 1.37 ===
4129 * (T280806) The API methods for fetching tokens which were deprecated in
4130 MediaWiki 1.24 have been removed. action=query&meta=tokens&type= should be
4131 used instead. Please note some token types no longer exist, and you should
4132 just use type=csrf for those instead.
4133 - action=query&prop=info&intoken ->
4134 action=query&meta=tokens&type=csrf
4135 - action=tokens&type= ->
4136 action=query&meta=tokens&type=
4137 - action=query&list=recentchanges&rctoken ->
4138 action=query&meta=tokens&type=csrf
4139 - action=query&prop=revisions&rvtoken=rollback ->
4140 action=query&meta=tokens&type=rollback
4141 - action=query&meta=userinfo&uiprop=preferencestoken ->
4142 action=query&meta=tokens&type=csrf
4143 - action=query&list=users&ustoken=userrights ->
4144 action=query&meta=tokens&type=userrights
4146 === Languages updated in 1.37 ===
4147 MediaWiki supports over 350 languages. Many localisations are updated regularly.
4148 Below only new and removed languages are listed, as well as changes to languages
4149 because of Phabricator reports.
4151 * (T280435) LRM and RLM characters were removed from names of languages with
4152 parentheses in Names.php
4153 * (T283422) Add namespace name translations and change the autonym of
4154 the Kinyarwanda language to "Ikinyarwanda".
4155 * (T283423) Change the autonym of the Lombard language from "lumbaart"
4157 * (T279619) Added language support for Dagbani (dag).
4158 * (T282085) Added language support for Malay in Arabic (Jawi) script (ms-arab).
4159 * (T283053) Added language support for Ojibwe (ojb).
4160 * (T283480) Added language support for Wallisian (wls, Fakaʻuvea).
4161 * (T284002) Added language support for Paiwan (pwn).
4162 * (T284044) Added language support for Carpathian Romani (rmc).
4163 * (T286460) Added language support for Gun (guw, Gungbe).
4164 * (T287345) Added language support for Baoulé (bci).
4165 * (T290126) Added language support for Kildin Sami (sjd).
4166 * (T290408) Added language support for Pite Sami (sje).
4167 * (T25216) Started the renaming of the language code for Norman from nrm to
4170 === Breaking changes in 1.37 ===
4171 * The Revision class, emitting deprecation warnings since 1.35, was removed
4172 entirely. As part of this, the following hooks that included a Revision object
4174 - ArticleRevisionUndeleted - use RevisionUndeleted
4175 - ArticleRollbackComplete - use RollbackComplete
4176 - DiffRevisionTools - use DiffTools
4177 - DiffViewHeader - use DifferenceEngineViewHeader
4178 - HistoryRevisionTools - use HistoryTools
4179 - NewRevisionFromEditComplete - use RevisionFromEditComplete
4180 - PageContentInsertComplete - use PageSaveComplete
4181 - PageContentSaveComplete - use PageSaveComplete
4182 - ParserFetchTemplate - use BeforeParserFetchTemplateRevisionRecord
4183 - RevisionInsertComplete - use RevisionRecordInserted
4184 - TitleMoveComplete - use PageMoveComplete
4185 - TitleMoveCompleting - use PageMoveCompleting
4186 - UndeleteShowRevision - no replacement
4187 - UserRetrieveNewTalks - no replacement
4188 … the following methods and variables have been removed:
4189 - Article::$mRevision
4190 - Article::getRevisionFetched()
4191 - ContribsPager::tryToCreateValidRevision()
4192 - EditPage::$mBaseRevision
4193 - EditPage::getBaseRevision()
4194 - LinksUpdate::getRevision()
4195 - LinksUpdate::setRevision()
4196 - PageArchive::getArchivedRevision()
4197 - PageArchive::getPreviousRevision()
4198 - PageArchive::getRevision()
4199 - Parser::$mRevisionObject
4200 - Parser::fetchCurrentRevisionOfTitle()
4201 - Parser::getRevisionObject()
4202 - Parser::statelessFetchRevision()
4203 - ParserOptions::getCurrentRevisionCallback()
4204 - ParserOptions::setCurrentRevisionCallback()
4205 - Title::countAuthorsBetween()
4206 - Title::getFirstRevision()
4207 - User::getNewMessageLinks()
4208 - User::getNewMessageRevisionId()
4209 - User::setNewtalk()
4210 - WikiPage::getOldestRevision()
4211 - WikiPage::getRevision()
4212 - WikiPage::getUndoContent()
4213 - WikiPage::updateIfNewerOn()
4214 … and the following methods no longer accept Revision objects as parameters:
4215 - CategoryMembershipChange::__construct()
4216 - ContentHandler::getUndoContent()
4217 - DerivedPageDataUpdater::prepareUpdate()
4218 - DifferenceEngine::getRevisionHeader()
4219 - Linker::buildRollbackLink()
4220 - Linker::generateRollback()
4221 - Linker::getRevDeleteLink()
4222 - Linker::getRollbackEditCount()
4223 - Linker::revComment()
4224 - Linker::revUserLink()
4225 - Linker::revUserTools()
4226 - WikiPage::doDeleteUpdates()
4227 - WikiPage::doEditUpdates()
4228 - WikiPage::hasDifferencesOutsideMainSlot()
4229 - WikiPage::onArticleEdit()
4230 - WikiPage::prepareContentForEdit()
4231 - WikiPage::updateRevisionOn()
4232 The following methods return arrays that formerly included a 'revision'
4233 key that would emit deprecation warnings when accessed and return a
4234 Revision object. The Revision object has been removed from the arrays,
4235 and the 'revision-record' key should be used to get the relevant
4236 RevisionRecord instead:
4237 - PageUpdater::doCreate()
4238 - PageUpdater::doModify()
4239 - Parser::statelessFetchTemplate()
4240 - WikiPage::doEditContent()
4241 Finally, the ParserOptions `templateCallback` option is a callback that is
4242 called in Parser::fetchTemplateAndTitle() and should return an array - the
4243 'revision' key to that array used to be a Revision object and was used if
4244 no 'revision-record' was returned - is now ignored.
4245 * Previously, the classes RevisionTestModifyableContent and
4246 RevisionTestModifyableContentHandler were loaded for use in tests, but were
4247 only used within the tests for the since-removed Revision class. This content
4248 and content handler class were removed without deprecation.
4249 * WANObjectCache::HOLDOFF_NONE, deprecated since 1.35, was removed. Use
4250 WANObjectCache::HOLDOFF_TTL_NONE instead.
4251 * Calling ResourceLoader::makeVersionQuery() without $modules parameter,
4252 deprecated since MediaWiki 1.34, is no longer supported.
4253 * LocalFile::recordUpload2(), deprecated since 1.35, was removed.
4254 * The following methods and fields in the Language class, deprecated since 1.35,
4259 - ::findVariantLink()
4261 - ::updateConversionTable()
4262 * The following methods in the Parser class have been removed after having been
4266 * (T273354) When an edit is prevented by an 'EditFilterMergedContent' hook
4267 handler without changing the status, the edit form will now be displayed.
4268 * User::clearNotification() which had been deprecated in 1.35 has been removed.
4269 Use WatchlistManager::clearTitleUserNotification() instead.
4270 * User::getNewtalk() which had been deprecated in 1.35 has been removed. Use
4271 TalkPageNotificationManager::userHasNewMessages() instead.
4272 * The Autopromote class, deprecated since 1.35, was removed. Use
4273 UserGroupManager instead.
4274 * The CachedAction, SpecialCachedPage, CacheHelper, and ICacheHelper classes,
4275 all emitting deprecation warnings since 1.36, have been removed.
4276 * The hooks BeforeHttpsRedirect, CanIPUseHTTPS and UserRequiresHTTPS, deprecated
4277 in 1.35, were removed.
4278 * The TitleArrayFromResult hook, deprecated in 1.36, was removed.
4279 * The deprecated "es6-promise" alias ResourceLoader module has been removed. Use
4280 the "es6-polyfills" module directly intead.
4281 * The deprecated "mediawiki.legacy.protect" ResourceLoader module, deprecated
4282 since 1.36, has been removed. Use "mediawiki.action.protect" instead.
4283 * The JavaScript alias $j for references to jQuery, deprecated since 1.23, has
4284 been removed. Use $ instead.
4285 * The AuthenticationProvider interface and the SessionProvider class no longer
4286 extend the PSR LoggerAwareInterface concept, so they can't be typehinted as
4287 LoggerAwareInterface.
4288 * User::getGrantName(), emitting deprecation warnings since 1.36, has been
4289 removed. Use MWGrants::grantName() instead.
4290 * The following ApiBase methods, deprecated since 1.35, have been removed:
4291 - ApiBase::explodeMultiValue
4292 - ApiBase::parseMultiValue
4293 - ApiBase::validateLimit
4294 - ApiBase::validateTimestamp
4295 * The User::idCacheByName() public static field was removed without deprecation.
4296 Instead of using it, get a UserIdentity by name from the UserIdentityLookup
4298 * IDatabase::upsert() and IDatabase::replace() now only accept a single unique
4299 key. Previously, a warning was issued if there were multiple unique keys
4301 * The MediaWiki:Autoblock_whitelist block exemption control was moved in 1.36 to
4302 MediaWiki:Block-autoblock-exemptionlist. The backward-compatibility of reading
4303 the old MediaWiki:Autoblock_whitelist page has now been dropped.
4304 * The following overridable methods in File hierarchy have changed signatures:
4305 - File::deleteFile() - now accepts UserIdentity instead of User
4306 - File::getDescription() - now accepts Authority instead of User
4307 - File::userCan() - now accepts Authority instead of User
4308 - LocalFile::deleteOldFile() - now accepts UserIdentity instead of User
4309 * The following global methods, each deprecated since 1.36, have been removed:
4310 - wfAppendToArrayIfNotDefault()
4312 - wfConfiguredReadOnlyReason()
4314 - wfGetPrecompiledData()
4316 * The following deprecated methods of the Title class have been removed:
4317 - ::nameOf(), deprecated in 1.36
4318 - ::getPreviousRevisionID(), deprecated in 1.34
4319 - ::getNextRevisionID(), deprecated in 1.34
4320 - ::getEarliestRevTime(), deprecated in 1.35
4321 * UploadBase::stashFile(), deprecated since 1.28, was removed.
4322 * wfGetRusage(), deprecated since 1.35, has been removed.
4323 * The following CLI options were removed from tests/phpunit.php:
4327 The following options (inherited from Maintenance) were also removed:
4336 The following options were changed to environment variables:
4337 - wiki => PHPUNIT_WIKI
4338 - use-normal-tables => PHPUNIT_USE_NORMAL_TABLES
4339 - use-filebackend => PHPUNIT_USE_FILEBACKEND
4340 - use-bagostuff => PHPUNIT_USE_BAGOSTUFF
4341 - use-jobqueue => PHPUNIT_USE_JOBQUEUE
4342 This is so that we can use the default PHPUnit entry point (T90875).
4343 * The PHPUNIT_REUSE_DB / --reuse-db option was removed from the phpunit.php
4344 runner. It had been broken for at least three years already. The original use
4345 case was speeding up tests on Oracle, but Oracle support was dropped several
4347 * The MediaWikiPHPUnitTest__endTestHook and MediaWikiPHPUnitTest__startTestHook
4348 PHPUnit hooks were removed. MediaWikiHooksPHPUnitExtension was also removed.
4349 * EntryPoint::getTextFormatters() was made private without a deprecation period;
4350 it had no known external callers.
4351 * DatabaseBlock::chooseBlock(), deprecated since 1.35, was removed.
4352 * SpecialPageFactory::getRestrictedPages(), deprecated since 1.36, was removed.
4353 * SpecialBlock::validateTarget(), deprecated since 1.36, was removed.
4354 * The PatchFileLocation trait was removed without deprecation.
4355 * ActorMigrationBase::getExistingActorId() and ::getNewActorId(), emitting
4356 deprecation warnings since 1.36, were removed.
4357 * Hook handlers implementing the MediaWikiServicesHook hook are now prohibited
4358 from having services injected. This is because by definition, this hook runs
4359 before the service container is fully initialized.
4360 * The protected property LocalFile::$metadata was removed without deprecation.
4361 * WatchedItem::getUser(), emitting deprecation warnings since 1.36, has been
4363 * AuthManager::singleton(), emitting deprecation warnings since 1.36, has been
4365 * The AugmentPageProps class was removed without deprecation. It had no known
4367 * Html::infobox(), deprecated since 1.36, was removed.
4368 * ParserOptions::__construct() now requires that the first parameter is a
4369 UserIdentity object - passing `null` used to fallback to the global
4370 $wgUser but was deprecated since 1.36.
4371 * ParserOptions::newCanonical() no longer supports the first parameter being
4372 null (or omitted entirely), which would fallback to the global $wgUser but
4373 was deprecated since 1.35.
4374 * The SkinTemplatePreventOtherActiveTabs hook, deprecated in 1.35, was removed
4376 * The SkinTemplateTabAction hook, deprecated in 1.35, was removed entirely.
4377 * The SkinTemplateBuildNavUrlsNav_urlsAfterPermalink hook, deprecated in 1.35,
4378 was removed entirely.
4379 * The SkinTemplateToolboxEndHook, deprecated in 1.35, was removed entirely.
4380 * The following methods of RevisionStore class, formerly emitting deprecation
4381 warnings, were removed:
4382 - ::newMutableRevisionFromArray()
4383 - ::loadRevisionFromPageId()
4384 - ::loadRevisionFromTitle()
4385 - ::loadRevisionFromTimestamp()
4386 - ::listRevisionSizes()
4387 * LogEntry::getPerformer(), deprecated since 1.36, was removed along with
4388 methods in sub-classes: DatabaseLogEntry, ManualLogEntry, RCDatabaseLogEntry.
4389 * Skin::getRelevantUser() now returns an instance of UserIdentity, and not
4390 necessarily a User object. There is no known usages in MediaWiki ecosystem
4391 that were not satisfied with UserIdentity.
4392 * Direct construction of MergeHistory class, deprecated since 1.35, is no longer
4393 supported. Use MergeHistoryFactory instead. MergeHistory::checkPermissions,
4394 deprecated since 1.36, was removed.
4395 * Skin::generateDebugHTML(), deprecated since 1.35, was removed. Call
4396 MWDebug::getHTMLDebugLog() directly.
4397 * The ApiTestCase class no longer interacts with the global $wgUser.
4398 Previously, the global variable was set at the start of each test, and in
4399 ApiTestCase::doApiRequest() if a performer was specified $wgUser was
4400 updated to match, and if no performer was specified $wgUser was used
4401 instead. Now, $wgUser is not updated, and if no performer is specified
4402 the reusable TestUser object for the sysop is relied on. Extensions
4403 or skins that rely on the global $wgUser variable (which has been
4404 deprecated since 1.35) should instead retrieve the acting user from the
4405 relevant context source.
4406 * SkinTemplate::makeArticleUrlDetails(), deprecated since 1.35, was removed.
4407 * Skin::makeNSUrl(), deprecated since 1.35, was removed.
4408 * Skin::getRevisionId(), deprecated since 1.34, was removed. Use
4409 OutputPage::getRevisionId() instead.
4410 * Skin::isRevisionCurrent(), deprecated since 1.34, was removed. Use
4411 OutputPage::isRevisionCurrent() instead.
4412 * AbstractBlock::parseTarget(), deprecated since 1.36, was removed.
4413 * The ArticleEditUpdates hook, deprecated since 1.35, was removed.
4414 * The `@stable to extend` class CentralIdLookup has following changes:
4415 - The protected ::checkAudience() method now returns an Authority instead of a
4417 - A number of its `@stable to override` methods now accept an Authority
4418 instead of a User instance as the $audience parameter.
4419 - A number of methods now accept a UserIdentity instead of their User
4421 - The ::localUserFromCentralId() method now returns UserIdentity and not
4422 necessarily a User object.
4423 All extensions that extend this class or use this method were updated to be
4424 ready to the new behavior.
4425 * WatchedItemStoreInterface::enqueueWatchlistExpiryJob(), deprecated since 1.36,
4427 * ResultWrapper is now abstract. It cannot be directly constructed (T286694).
4428 * The SecondaryDataUpdates hook, deprecated in 1.32, was removed entirely.
4429 * Content::getDeletionUpdates(), was removed. Use
4430 ContentHandler::getDeletionUpdates() instead.
4431 * Content::getSecondaryDataUpdates(), was removed. Use
4432 ContentHandler::getSecondaryDataUpdates() instead.
4433 * wfDiff(), deprecated since 1.25, has been removed.
4434 * Language::$mLangObjCache, deprecated since 1.35, was removed.
4435 * Language::$transformData, deprecated since 1.35, was removed.
4436 * Language::transformUsingPairFile() was marked @internal. Its deprecated
4437 parameters are no longer supported.
4438 * SpecialMute::getTarget(), unused outside of the SpecialMute class, was
4440 * The Skin::setupSkinUserCss() method, deprecated in 1.32, was removed. Please
4441 use skin registration instead.
4442 * The ResourceLoaderSkinModule `legacy`, `content` and `content-thumbnails`
4443 features were deprecated. Skins should instead select from the features
4444 listed on [[mw:Manual:ResourceLoaderSkinModule]].
4445 * ParserCache::getKey() and ::getEtag(), deprecated since 1.36, were removed.
4446 * The BaseTemplateToolbox hook, deprecated since 1.35, was removed.
4447 * Previously a capitalize-all-nouns class was added to the body element of
4448 languages where nouns must be capitalized. This class is no longer added to
4449 the body tag and must be provided by skins.
4450 * The SkinTemplateOutputPageBeforeExec hook, deprecated since 1.35, was removed.
4451 * Calling Message::toString() without a parameter, which triggered deprecation
4452 warnings since 1.36, is no longer supported. You can instead use the explicit
4453 formatting methods directly, such as Message::text() and Message::escaped().
4454 * Article::getContentObject(), deprecated since 1.32, was removed.
4455 * Article::delete(), Article::confirmDelete() and ImagePage::delete() were
4456 removed. The logic responsible for building the form is being
4457 moved to DeleteAction, while the actual deletion logic will be moved to a
4459 * WikiImporter::debugRevisionHandler(), unused and for debug only, was removed.
4460 * Content::preloadTransform() now emits deprecation warnings. Instead, please
4461 use ContentTransformer::preloadTransform(). Extensions defining a content
4462 model should override ContentHandler::preloadTransform().
4463 * Content::preSaveTransform() now emits deprecation warnings. Instead, please
4464 use ContentTransformer::preSaveTransform() instead. Extensions defining
4465 a content model should override ContentHandler::preSaveTransform().
4466 * Constructing WikiPage objects from Title instances that cannot exist, emitting
4467 deprecation warnings since 1.36, now throws an exception. Additionally,
4468 WikiPage now implements ProperPageIdentity, rather than just PageIdentity.
4469 * The Skin::bottomScripts() method is deprecated. Please instead use
4470 OutputPage::getBottomScripts().
4471 * LinksUpdate::getTriggeringUser() now returns ?UserIdentity instead of ?User.
4472 * The LESS mixin `.box-shadow()` (from mediawiki.mixins.less), deprecated since
4473 1.36, was removed. Use CSS property `box-shadow` unprefixed for all basic
4474 supported browsers instead.
4475 * The LESS mixin `.flex()` now no longer tries to support the 2009 version of
4476 the Flexbox specification; support for the 2012 and modern standard versions
4478 * The StorageAwareness::ATTR_SYNCWRITES, StorageAwareness::QOS_SYNCWRITES_*,
4479 StorageAwareness::ATTR_LOCALITY, and StorageAwareness::QOS_LOCALITY_*
4480 constants were removed.
4482 === Deprecations in 1.37 ===
4483 * JobQueue::getWiki(), deprecated in 1.33, now emits deprecation warnings.
4484 * AbstractBlock::getTargetAndType() and ::getTarget() now emit deprecation
4485 warnings. Use ::getTargetName() and ::getTargetUserIdentity() together with
4487 * Passing a UserIdentity to WatchlistManager::clearAllUserNotifications() and
4488 WatchlistManager::clearTitleUserNotifications() is now deprecated. Pass an
4490 * Passing LinkTarget to WatchlistManager::clearTitleUserNotifications() and
4491 WatchlistManager::getTitleNotificationTimestamp(). Pass PageIdentity instead.
4492 * The User class methods ::isWatched(), ::isTempWatched(), ::removeWatch(), and
4493 ::addWatch() have been deprecated. Use corresponding methods in
4494 WatchlistManager instead.
4495 * Multiple WatchAction methods have been deprecated in lieu of WatchlistManager:
4496 - ::doWatchOrUnwatch() use WatchlistManager::setWatch()
4497 - ::doWatch() -> WatchlistManager::addWatch()
4498 - ::doUnwatch() -> WatchlistManager::removeWatch()
4499 * WatchAction::getWatchToken() now emits deprecation warnings. Instead use
4500 CsrfTokenSet::getToken().
4501 * Action::getHookContainer() has been marked as internal. Actions that require
4502 access to a hook container should have one injected instead.
4503 * The ::getTitle() and ::setTitle() methods in Parser have been deprecated.
4504 Use ::getPage() and ::setPage() instead.
4505 * Title::isWatchable() has been deprecated. Use WatchlistManager::isWatchable()
4507 * Methods and classes related to the primary database, previously referred to as
4508 'master', have been deprecated, with the new ones replacing them as follows:
4509 - The DBMasterPos and MySQLMasterPos classes have been respectively renamed to
4510 DBPrimaryPos and MySQLPrimaryPos.
4511 - LocalRepo::getMasterDB() -> ::getPrimaryDB()
4512 - ForeignDBRepo::getMasterDB() -> ::getPrimaryDB()
4513 - JobQueueDB::getMasterDB() -> ::getPrimaryDB()
4514 - ForeignDBViaLBRepo::getMasterDB() -> ::getPrimaryDB()
4515 - DBFileJournal::getMasterDB() -> ::getPrimaryDB()
4516 - ILoadBalancer::getMasterPos() -> ::getPrimaryPos()
4517 - IDatabase::getMasterPos() -> ::getPrimaryPos()
4518 - ILoadBalancer::finalizeMasterChanges() -> ::finalizePrimaryChanges()
4519 - ILoadBalancer::approveMasterChanges() -> ::approvePrimaryChanges()
4520 - ILoadBalancer::beginMasterChanges() -> ::beginPrimaryChanges()
4521 - ILBFactory::beginMasterChanges() -> ::beginPrimaryChanges()
4522 - ILoadBalancer::commitMasterChanges() -> ::commitPrimaryChanges()
4523 - ILBFactory::commitMasterChanges() -> ::commitPrimaryChanges()
4524 - IDatabase::getTopologyRootMaster() -> ::getTopologyRootPrimary()
4525 - IDatabase::masterPosWait() -> ::primaryPosWait()
4526 - ILoadBalancer::runMasterTransactionIdleCallbacks() ->
4527 ::runPrimaryTransactionIdleCallbacks()
4528 - ILoadBalancer::runMasterTransactionListenerCallbacks() ->
4529 ::runPrimaryTransactionListenerCallbacks()
4530 - ILoadBalancer::rollbackMasterChanges() -> ::rollbackPrimaryChanges()
4531 - ILBFactory::rollbackMasterChanges() -> ::rollbackPrimaryChanges()
4532 - ILoadBalancer::flushMasterSnapshots() -> ::flushPrimarySnapshots()
4533 - ILoadBalancer::hasMasterConnection() -> ::hasPrimaryConnection()
4534 - ILoadBalancer::hasMasterChanges() -> ::hasPrimaryChanges()
4535 - ILBFactory::hasMasterChanges() -> ::hasPrimaryChanges()
4536 - ILoadBalancer::lastMasterChangeTimestamp() -> ::lastPrimaryChangeTimestamp()
4537 - ILoadBalancer::hasOrMadeRecentMasterChanges() ->
4538 ::hasOrMadeRecentPrimaryChanges()
4539 - ILBFactory::hasOrMadeRecentMasterChanges() ->
4540 ::hasOrMadeRecentPrimaryChanges()
4541 - ILoadBalancer::pendingMasterChangeCallers() ->
4542 ::pendingPrimaryChangeCallers()
4543 - ILoadBalancer::forEachOpenMasterConnection() ->
4544 ::forEachOpenPrimaryConnection()
4545 - ILoadBalancer::waitForMasterPos() -> ::waitForPrimaryPos()
4546 - Database::assertIsWritableMaster() -> ::assertIsWritablePrimary()
4547 - RevDelList::reloadFromMaster() -> ::reloadFromPrimary()
4548 - ExternalStoreDB::getMaster() -> ::getPrimary()
4549 - DatabaseMysqlBase::getMasterServerInfo() -> ::getPrimaryServerInfo()
4550 - MWExceptionHandler::rollbackMasterChangesAndLog() ->
4551 ::rollbackPrimaryChangesAndLog()
4552 * wfGetLB(), deprecated since 1.27, now emits deprecation warnings.
4553 * wfLocalFile(), deprecated since 1.34, now emits deprecation warnings.
4554 * wfFindFile(), deprecated since 1.34, now emits deprecation warnings.
4555 * wfIncrStats(), deprecated in 1.36, now emits deprecation warnings.
4556 * wfCanIPUseHTTPS() is now deprecated, and always returns true.
4557 * The UserLoadFromDatabase hook has been deprecated. It had no known uses.
4558 * The following methods in ApiPageSet have been deprecated:
4559 - ::getTitles(), use ::getTargets() instead.
4560 - ::getGoodTitles(), use ::getGoodPages() instead.
4561 - ::getMissingTitles(), use ::getMissingPages() instead.
4562 - ::getGoodAndMissingTitles(), use ::getGoodAndMissingPages() instead.
4563 - ::getRedirectTitles(), use ::getRedirectTargets() instead.
4564 - ::getSpecialTitles(), use ::getSpecialPages() instead.
4565 * The following methods from the User class, deprecated in 1.35, now each emit
4566 deprecation warnings:
4570 - ::isCreatableName()
4571 - ::getCanonicalName()
4572 - ::addAutopromoteOnceGroups()
4573 - ::getEffectiveGroups()
4574 - ::getAutomaticGroups()
4575 - ::getFormerGroups()
4578 * The following methods in User were deprecated:
4579 - ::idFromName() - use UserIdentityLookup::getUserIdentityByName() instead.
4580 - ::resetIdByNameCache() - in tests, reset service container. No replacement
4581 needed in production code.
4582 * Use of ActorMigration for any table except revision, deprecated in 1.34, now
4583 emits deprecation warnings. Instead of getInsertValues(), use
4584 ActorNormalization::acquireActorId(). Instead of getWhere() and getJoin(),
4585 do your own join on the actor table.
4586 * DatabasePostgres::remappedTableName() and its dependent constructor parameter
4587 'keywordTableMap' are deprecated. Reserved identifiers that are used as table
4588 names should be quoted where necessary.
4589 * LinkCache::singleton(), deprecated since 1.28, now emits deprecation warnings.
4590 * MessageCache::singleton(), deprecated since 1.34, now emits deprecation
4592 * LockManagerGroup::singleton() and ::destroySingletons(), deprecated since
4593 1.34, now emit deprecation warnings.
4594 * HtmlFileCacheUpdate::newFromTitles() is now deprecated and emitting warnings.
4595 Use newFromPages() instead.
4596 * SessionProvider ::setLogger(), ::setManager(), ::setConfig(), and
4597 ::setHookContainer() were deprecated. Use ::init() to inject dependencies, or
4598 override ::postInitSetup() to do any custom post-initialization configuration.
4599 * AbstractAuthenticationProvider ::setLogger(), ::setManager(), ::setConfig(),
4600 and ::setHookContainer() now emit deprecation warnings. Use ::init() to inject
4601 dependencies, or override ::postInitSetup() to do any custom post-
4602 initialization configuration.
4603 * User::isLoggedIn(), deprecated since 1.36, now emits deprecation warnings. Use
4604 the method it wraps, User::isRegistered(), instead.
4605 * FileBackendGroup::singleton() and ::destroySingletons(), deprecated since
4606 1.35, now emit deprecation warnings.
4607 * The first parameter of User::getBlock() should now be an integer using the
4608 Authority::FOR_XXX constants. Providing a boolean is deprecated.
4609 * ApiBase::addBlockInfoToStatus() is deprecated for use by extensions. It is now
4610 marked as @internal and may be deleted in the future.
4611 It should not be necessary to call this method, Authority should be providing
4612 all relevant information via a PermissionStatus object.
4613 * JobQueueGroup::singleton() was deprecated - use
4614 MediaWikiServices::getJobQueueGroup() instead.
4615 * JobQueueGroup::destroySingletons() was deprecated. JobQueueGroups are now
4616 automatically destroyed after tests.
4617 * LinkCache::addGoodLinkObj() has been deprecated, since it is prone to
4618 corrupting the cache with invalid information. Use addGoodLinkObjFromRow()
4619 instead. PHPUnit tests must use LinkCacheTestTrait::addGoodLinkObject().
4620 * ContentHandler::getContentText() is now deprecated. Use Content::getText()
4622 * LinkCache::addLinkObj() has been deprecated, use PageStore::getPageForLink()
4624 * MediaWiki\User\UserNamePrefixSearch::search() previously accepted as its first
4625 parameter either the string 'public' or a UserIdentity object, to filter
4626 results for. It now expects an Authority object instead of UserIdentity, and
4627 providing just a UserIdentity will now trigger a deprecation warning.
4628 * User::getRights(), deprecated since 1.34, now emits deprecation warnings.
4629 * User::changeableGroups() and ::changeableByGroup() now emit deprecation
4630 warnings, use corresponding methods in UserGroupManager instead.
4631 * User::incEditCount() was deprecated in favor of the new method
4632 UserEditTracker::incrementUserEditCount().
4633 * RepoGroup::singleton(), ::destroySingleton() and ::setSingleton(), deprecated
4634 since 1.34, now emit deprecation warnings.
4635 * RecentChange::getPerformer(), deprecated since 1.36, now emits deprecation
4636 warnings. Use ::getPerformerIdentity() instead.
4637 * ContentHandler::cleanupHandlersCache(), deprecated since 1.35, now emits
4638 deprecation warnings.
4639 * Category::getTitle() was deprecated in favor of Category::getPage()
4640 * File::getUser() method now emits deprecation warnings, along with its over-
4641 rides in LocalFile and ForeignApiFile in favor of ::getUploader().
4642 * SpecialBlock::checkUnblockSelf(), deprecated in 1.36, now emits deprecation
4644 * (T284179) The mediawiki.viewport ResourceLoader module is deprecated. You can
4645 now just use MutationObserver or InterSectionObserver directly, which are
4646 widely available in all supported JavaScript browsers.
4647 * The following constructor options of DatabaseBlock class will now trigger
4648 deprecation warnings:
4649 - the 'byText' property with blocker's name,
4650 - the 'by' property with blocker's ID,
4651 For both of these, use the 'by' property with UserIdentity value instead.
4652 * The BeforeResetNotificationTimestamp hook was deprecated.
4653 * ArchivedFile::getUser() ::getRawUser() ::getRawUserText() were deprecated in
4654 favor of ::getUploader.() ::getRawDescription() was deprecated in favor of
4655 ::getDescription() with RAW audience parameter.
4656 * When calling LocalFile::newFromRow() or LocalFile::loadFromRow(), passing
4657 extra fields not requested by ::getQueryInfo() will now trigger deprecation
4658 warnings. This is to warn callers that deprefixing and automatic assignment of
4659 such fields will not be done in a future version.
4660 * JobSpecification::getTitle() was deprecated without providing a replacement.
4661 It wasn't used and job given the purpose of JobSpecification class it is not
4663 * The protected method File::getImageSize() is now deprecated.
4664 * BacklinkCache::get() was deprecated, use
4665 BacklinkCacheFactory::getBacklinkCache() instead.
4666 * Title::getBacklinkCache() now emits deprecation warnings. Instead, use the
4667 ::getBacklinkCache() method in the BacklinkCacheFactory service.
4668 * MediaHandler::getImageSize(), ::getMetadata(), and ::isMetadataValid() were
4669 deprecated and should no longer be overridden. Instead, sub-classes should
4670 override getSizeAndMetadata().
4671 * Deprecated File::getMetadata(). Instead use ::getMetadataArray(),
4672 ::getMetadataItem() and ::getMetadataItems().
4673 * Message::title() has been deprecated; use Message::page() instead.
4674 * BaseTemplate::getAfterPortlet(), BaseTemplate::renderAfterPortlet(), and the
4675 BaseTemplateAfterPortlet hook, which were deprecated in 1.35,
4676 now emit deprecation warnings.
4677 * The LocalFile::getHistory() hook is deprecated.
4678 * Previously the Skin templateDirectory option inside skin.json had to be
4679 relative to MediaWiki core. This should now be relative to the skin.
4680 * Calling WikiPage::prepareContentForEdit() without a UserIdentity is now
4682 * User::getEditTokenObject(), ::getEditToken(), and ::matchEditToken() were each
4683 deprecated. Use CsrfTokenRepository, which is available via IContextSource,
4684 instead. ::matchEditTokenNoSuffix() was deprecated without replacement.
4685 It was introduced to be able to provide custom error message if the token
4686 was submitted, but ending slashes were stripped by some ASCII mangling proxy.
4687 Use ::matchToken() instead, such proxies are much less common now and there's
4688 not much benefit in customising the error message.
4689 * ContentHandler::getForTitle(), deprecated since 1.35, now emits deprecation
4691 * User::listOptionKinds(), deprecated since 1.35, now emits deprecation
4693 * WikiPage::doEditContent(), deprecated since 1.32, now emits deprecation
4695 * CentralIdLookup::factory() and ::factoryNonLocal() now emit deprecation
4696 warnings; obtain an instance from MediaWikiServices instead.
4697 * The class RandomPage was renamed to SpecialRandomPage. The class RandomPage
4699 * BotPassword::invalidateAllPasswordsForCentralId() was deprecated.
4700 * BotPassword::removeAllPasswordsForCentralId() was deprecated.
4701 * The Title class members: $mTextform, $mUrlform, $mDbkeyform, $mNamespace,
4702 $mInterwiki, and $mFragment have been deprecated to not be used directly.
4703 Instead, their corresponding accessor methods should be used.
4704 * IDatabase::fetchObject(), ::fetchRow(), ::numRows(), ::numFields(),
4705 ::fieldName(), ::freeResult() and ::dataSeek() are deprecated. Use the
4706 corresponding methods in IResultWrapper instead.
4707 * ResultWrapper::unwrap(), DatabaseMysqlBase::fieldType() and
4708 DatabasePostgres::fieldType() each now emit deprecation warnings.
4709 * Sub-classes implementing Database::doQuery() should return either boolean or
4710 an IResultWrapper. To do otherwise will now trigger a deprecation warning.
4711 * User::getOptionKinds() and ::resetOptions(), both deprecated since 1.35,
4712 now emit deprecation warnings.
4713 * The following methods in MWNamespace, all deprecated since 1.34, now emit
4714 deprecation warnings:
4722 - ::hasTalkNamespace()
4723 - ::wantSignatures()
4725 - ::getSubjectNamespaces()
4726 - ::getTalkNamespaces()
4728 - ::hasGenderDistinction()
4729 - ::isNonincludable()
4730 - ::getNamespaceContentModel()
4731 - ::getRestrictionLevels()
4732 - ::getCategoryLinkType()
4733 * LogFormatter::styleRestricedElement() has been deprecated in favor of
4734 LogFormatter::styleRestrictedElement()
4735 * The following hooks related to user preferences were deprecated:
4736 - UserLoadOptions: use LoadUserOptions instead.
4737 - UserSaveOptions: use SaveUserOptions instead.
4738 - UserResetAllOptions: no replacement was provided, the hook is not used.
4739 * Title::isNamespaceProtected(), deprecated in 1.34, now emits deprecation
4741 * UserSelectQueryBuilder::userIds(), ::userNames(), and ::userNamePrefix() has
4742 been deprecated in favor of ::whereUserIds(), ::whereUserNames(), and
4743 ::whereUserNamePrefix().
4744 * Manually constructing a MovePage object, deprecated in 1.34, now emits
4745 deprecation warnings. Use MovePageFactory instead.
4746 * The following deletion-related methods were deprecated:
4747 - WikiPage::doDeleteArticleReal() (soft) - use DeletePage
4748 - WikiPage::doDeleteArticleBatched() (soft) - no replacement
4749 - WikiPage::isBatchedDelete() (soft) - use DeletePage
4750 - WikiPage::doDeleteUpdates() (hard) - no replacement
4751 - WikiPage::getDeletionUpdates() (hard) - no replacement
4752 - Title::isBigDeletion (soft) - no replacement
4753 * Relying on PermissionManager or Authority to check for big deletions
4754 was deprecated. This is now automatically checked if you use
4755 DeletePage::deleteIfAllowed(). (T288759)
4756 * The userCan hook now emits deprecation warnings. Use the
4757 getUserPermissionsErrors or getUserPermissionsErrorsExpensive hooks instead.
4758 * Parser::$mUser public access, and the methods ParserOptions::getUser() and
4759 Parser::getUser() each now emit deprecation warnings.
4760 * The following methods in the Title class have been deprecated in favor of the
4761 corresponding methods in the new RestrictionStore service (with different
4762 names where indicated):
4763 - ::areCascadeProtectionSourcesLoaded()
4764 - ::areRestrictionsCascading()
4765 - ::areRestrictionsLoaded()
4766 - ::getAllRestrictions()
4767 - ::getCascadeProtectionSources()
4768 - ::getFilteredRestrictionTypes()
4769 -> ::listAllRestrictionTypes()
4770 - ::getRestrictionExpiry()
4771 - ::getRestrictionTypes()
4772 -> ::listApplicableRestrictionTypes()
4773 - ::getRestrictions()
4774 - ::isCascadeProtected()
4776 - ::isSemiProtected()
4777 - ::loadRestrictionsFromRows()
4778 * The following Title methods have been deprecated with no direct public
4780 - ::deleteTitleProtection()
4781 - ::getTitleProtection()
4782 - ::flushRestrictions()
4783 - ::loadRestrictions()
4784 * User::isAllowUsertalk() now emits deprecation warnings. Use User::getBlock()
4785 and AbstractBlock::isUsertalkEditAllowed() instead.
4786 * Classes used by Preprocessor_DOM have been merged with classes used by
4787 Preprocessor_Hash, as Preprocessor_DOM was removed in 1.35.
4788 - PPDPart has been merged into PPDPart_Hash
4789 - PPDStack has been merged into PPDStack_Hash
4790 - PPDStackElement has been merged into PPDStackElement_Hash
4791 * By default, the global variable $wgUser is now an instance of the new class
4792 StubGlobalUser rather than User, and the first time it is used it will emit
4793 deprecation warnings (the $wgUser variable was deprecated in 1.35). For
4794 extensions that read from this variable, please use a relevant ContextSource
4795 instead, falling back to RequestContext::getMain() if none is available.
4796 * Collation::singleton() and ::factory() were deprecated; obtain an instance of
4797 the CollationFactory from MediaWikiServices instead.
4798 * Title::getDefaultNamespace() has been deprecated to be removed because there
4799 are no known callers/consumers.
4800 * With removal of the stub threshold feature, the following methods now emit
4801 deprecation warnings:
4802 - LinkRenderer::setStubThreshold() and ::getStubThreshold() - no replacement.
4803 - LinkRendererFactory::createForUser() - calling ::create() is now sufficient
4804 - ParserOptions::setStubThreshold() and ::getStubThreshold() - no replacement.
4805 - User::getStubThreshold() - no replacement.
4806 * The ArticleDelete and ArticleDeleteComplete hooks were deprecated. Use
4807 PageDelete and PageDeleteComplete instead.
4808 * The ArticleUndeleteLogEntry hook was deprecated without replacement.
4809 * The following LESS mediawiki.mixins have been deprecated:
4812 - .transform-origin()
4814 - .transition-transform()
4815 * The `UndeleteForm::undelete` hook was deprecated. A new hook was
4816 introduced, `PageUndelete`, that provides handlers with more information and
4817 is also called for non-UI requests. The capability of replacing the
4818 PageArchive object has been removed, as that violates the laws of nature.
4820 === Other changes in 1.37 ===
4821 * WatchlistManager::addWatch() and WatchlistManager::addWatchIgnoringRights(),
4822 which replace User::addWatch(), now call the WatchArticle and
4823 WatchArticleComplete hooks.
4824 * WatchlistManager::removeWatch() and
4825 WatchlistManager::removeWatchIgnoringRights(), which replace
4826 User::removeWatch(), now call the UnwatchArticle and UnwatchArticleComplete
4828 * The overridable postInitSetup() method was added to the
4829 AbstractAuthenticationProvider class. A provider can override postInitSetup()
4830 to do any custom post-initialization configuration.
4831 * The overridable postInitSetup() method was added to the SessionProvider
4832 class. A provider can override postInitSetup() to do any custom
4833 post-initialization configuration.
4834 * The protected getConfig() method was added to the SessionProvider class.
4835 Use SessionProvider::getConfig() to get a config.
4836 * The DBAccessBase class is deprecated. Classes that used to extend it
4837 should get a load balancer (factory) injected in the constructor instead.
4838 * ActorNormalization::acquireActorId() now requires IDatabase parameter.
4839 Not providing one emitted deprecation warnings since 1.36.
4840 * Anti-lock constants ALF_PRELOAD_LINK, ALF_NO_BLOCK_LOCK, ALF_NO_LINK_LOCK
4841 and ALF_PRELOAD_EXISTENCE have been removed. They're unused since 1.25.
4842 * (T278036) CSS class 'mw-htmlform-field-autoinfuse' used by some forms has been
4843 renamed to 'mw-htmlform-autoinfuse'.
4844 * User::newFromRow() does not accept pre-loaded user preferences under
4845 $data['user_properties'] anymore. This optimization was not used.
4846 * The following files change the letter case of the file names:
4847 - SpecialRandompage.php -> SpecialRandomPage.php
4848 - SpecialRandomredirect.php -> SpecialRandomRedirect.php
4849 - SpecialRandomrootpage.php -> SpecialRandomRootPage.php
4850 * Media files which are uploaded server side using the importImages.php
4851 maintenance script will now have the "mw-server-side-upload" change tag.
4852 * (T284917) The stub threshold feature has been removed.
4853 * Skin::getPoweredBy() and Skin::getCopyrightIcon() have been deprecated as they
4854 are only designed for use by skins extended BaseTemplate. You can move calls
4855 to instead use BaseTemplate::getPoweredByHTML() and ::getCopyrightIconHTML()
4857 * The SkinGetPoweredBy hook is deprecated. No replacement is provided.
4858 * HTMLTitleTextField didn't support interwiki titles well previously.
4859 Starting with 1.37, HTMLTitleTextField has a new parameter, 'interwiki',
4860 which can be used to control acceptance of interwiki titles. To provide
4861 a transitional period, the default value ('interwiki' => null) ensures
4862 MW will have the same behavior as before (logging a deprecation warning).
4863 In 1.38, the default behavior will change to "interwiki links aren't allowed".
4867 MediaWiki 1.37 requires PHP 7.3.19 or later, or PHP 7.4.3 or later, and the
4868 following PHP extensions:
4879 Support for PHP 8.0 is not yet complete.
4881 MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used,
4882 but support for them is somewhat less mature.
4884 The supported versions are:
4886 * MySQL 5.5.8 or later
4887 * PostgreSQL 9.4 or later
4888 * SQLite 3.8.0 or later
4890 == Online documentation ==
4891 Documentation for both end-users and site administrators is available on
4892 MediaWiki.org, and is covered under the GNU Free Documentation License (except
4893 for pages that explicitly state that their contents are in the public domain):
4895 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
4898 A mailing list is available for MediaWiki user support and discussion:
4900 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
4902 A low-traffic announcements-only list is also available:
4904 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
4906 It's highly recommended that you sign up for one of these lists if you're
4907 going to run a public MediaWiki, so you can be notified of security fixes.
4910 There's usually someone online in #mediawiki on irc.libera.chat.
4914 == MediaWiki 1.36.4 ==
4916 This is a security and maintenance release of the MediaWiki 1.36 branch.
4918 === Changes since MediaWiki 1.36.3 ===
4919 * (T298261) Fix support for Composer 2.2.
4920 * (T298283) composer.json: Add wikimedia/composer-merge-plugin to allow-plugins.
4921 * Update doctrine/dbal (3.0.0 => 3.1.5).
4922 * (T296898) Add entry point name to disabled Session exception if possible.
4923 * (T298564) MemcachedClient: Add support for IPv6.
4924 * (T297543, CVE-2022-28202) SECURITY: properly escape output used within
4925 galleries and Special:RevisionDelete.
4926 * (T268847) Suppress deprecation warnings from libxml_disable_entity_loader().
4927 * (T283275) Fix PHP 8.0 failure of WikiExporterFactoryTest.
4928 * Fix the json schema and the extension processor for Parsoid extension modules.
4929 * (T299696) update.php: Avoid passing null to substr.
4930 * In PHP 8.1 don't throw exceptions from mysqli.
4931 * (T289926) SiteConfiguration: Don't pass null to str_replace().
4932 * (T264735) Fix deprecation warning from CURLPIPE_HTTP1.
4933 * (T260735) Stop using is_resource() where possible.
4934 * (T289879) Apply ReturnTypeWillChange to various implementations of built in
4936 * (T299312) Implement __serialize/__unserialize for PHP 8.1 support.
4937 * ExtensionRegistry: Add process cache for lazy attributes.
4938 * (T301041) ApiPageSet: Add "missing": true to missing revisions.
4939 * Allow ParsoidModules extension schema to register services.
4940 * (T297708) Allow setting max execution time to several special pages.
4941 * (T302540) composer.json: Add ext-calendar to require.
4942 * (T302540) composer.json: Add ext-simplexml to require-dev.
4943 * (T302540) composer.json: Add various PHP extensions to suggests.
4944 * Upgrading symfony/polyfill-php80 (v1.23.1 => v1.25.0).
4945 * (T304008) Don't re-check "Move subpages" on Special:MovePage after a warning.
4946 * (T293576) listFiles: Display file name instead of version.
4947 * (T303871) Fix @since of Title::getId().
4948 * (T303560) Installer: Check correct PCRE_CONFIG_NEWLINE value.
4949 * wrapOldPasswords: add \n to two output calls.
4950 * (T297571, CVE-2022-28201) Title::newMainPage() goes into an infinite recursion
4951 loop if it points to a local interwiki.
4952 * (T297731, CVE-2022-28203) Requesting Special:NewFiles on a wiki with many file
4953 uploads with actor as a condition can result in a DoS.
4955 == MediaWiki 1.36.3 ==
4957 This is a security and maintenance release of the MediaWiki 1.36 branch.
4959 === Changes since MediaWiki 1.36.2 ===
4960 * (T280363) mediawiki.page.ready: Introduce wikipage.indicators hook.
4961 * (T290697) Add symfony/polyfill-php80.
4962 * IcuCollation: Add some more icu to unicode version mappings.
4963 * ApiBase: Annotate deprecated constants individually.
4964 * PHPVersionCheck: Mark PHP 7.4.0 - 7.4.2 as buggy.
4965 * (T293044) installer: Fix 5th param to sourceFile() in DatabaseUpdater.
4966 * (T291127) Always encode spaces in cookie values as "%20".
4967 * Use LocalFile::getHookRunner instead of LocalFile::hookRunner.
4968 * (T293564) mediawiki.page.ready: Fire hook 'wikipage.indicators' with
4970 * HistoryBlobStub: add getLocation() to get $mOldId.
4971 * Fix checkStorage.php.
4972 * checkStorage: pass no parameters to WikiRevision::getContent().
4973 * (T292763, CVE-2021-44854) SECURITY: Do not cache private wiki completion
4975 * (T294316) Revert "Mark ApiClientLogin/ApiLogin as requiring write mode".
4976 * (T294796) JobQueueRedis: Replace deprecated zSize with zCard.
4977 * (T278037) NoLocalSettings: Pass an EmptyBagOStuff to TemplateParser.
4978 * (T212428, T267468) Allow populateContentTables to continue when there are
4980 * (T295191) ApiQuerySiteinfo: Fix "rightsinfo"/"url" when $wgRightsPage is
4982 * Update pear/mail_mime to 1.10.11.
4983 * Update deprecated Guzzle Psr7 function calls.
4984 * (T281972) Follow-Up: I10fbd4b6a: Update @since tags as those were backported.
4985 * Tweak error message for missing composer dependencies.
4986 * (T296112) Allow inserting new sections named '0'.
4987 * nukeNS: don't run purgeRedundantText() after every change.
4988 * (T286779, T297031) installer: Fix Postgres mistakes in using changeField
4990 * (T225888) RollbackAction: fix missing pagetitle.
4991 * (T297322, CVE-2021-44858, CVE-2021-44857) SECURITY: Fix permissions checks in
4993 * (T297574, CVE-2021-45038) SECURITY: Fix permissions check in action=rollback.
4994 * (T34716, T297416) SECURITY: Require 'read' right for most actions.
4995 * (T271037, CVE-2021-44856) SECURITY: Fix use of EditFilterMergedContent hook
4996 when changing content model.
4998 == MediaWiki 1.36.2 ==
5000 This is a security and maintenance release of the MediaWiki 1.36 branch.
5002 === Changes since MediaWiki 1.36.1 ===
5003 * Don't access MWServices prematurely in Maintenence.php.
5004 * (T283394) Mark ApiClientLogin/ApiLogin as requiring write mode.
5005 * Installer: Fix foundation.wikimedia.org link in config-pingback-help.
5006 * (T283273) Make postgres IRC channel point to libera.chat.
5007 * composer.json: Promote and pin monolog/monolog to require from require-dev.
5008 * (T287526) JavaScriptMinifer: Recognize `...` as a single token.
5009 * (T287526) Update wikimedia/minify to 2.2.4.
5010 * (T289108) ExtensionProcessor: Remove loaderScripts from extension.json
5012 * (T281549) Installer: Fix mediawiki-announce auto subscription code.
5013 * FormatJson: Optimize encode() for supported PHP versions.
5014 * (T290398) renameRestrictions.php: Update protected_titles as well.
5015 * (T290489) objectcache: Fix PHP warning for ReplicatedBagOStuff::setMulti.
5016 * $wgMimeTypeBlacklist - This configuration array now prohibits the RFC 4329
5017 form of JavaScript, 'application/javascript', as well as previous MIME types.
5018 * (T51097, T290273) resourceloader: Call getStyleFiles from
5019 FileModule::getFileHashes.
5020 * (T277788) parser: Avoid calling ParserOptions::getOption() too many times.
5021 * (T291244) Unserialize objects in ParserCache->mExtensionData as objects.
5022 * MysqlUpdater: Add updatelog entries for dropDefault.
5023 * (T290776) Fix $phase check in OutputHandler.
5024 * The wikimedia/parsoid library has been upgraded from v0.13.0 to v0.13.1.
5025 * (T285515, CVE-2021-41798) SECURITY: XSS vulnerability in Special:Search.
5026 * (T290379, CVE-2021-41799) SECURITY: ApiQueryBacklinks can cause a full
5028 * (T284419, CVE-2021-41800) SECURITY: fix PoolCounter protection of
5029 Special:Contributions.
5031 == MediaWiki 1.36.1 ==
5033 This is a security and maintenance release of the MediaWiki 1.36 branch.
5035 === Changes since MediaWiki 1.36.0 ===
5036 * (T283942) DatabaseInstaller.php: Only run core schema file if specified table
5037 doesn't already exist.
5038 * (T247223) Optimise MessageCache::isMainCacheable() for the single-message
5040 * (T283244) JavaScriptMinifer: Fix handling of "delete" as object property.
5041 * (T284391) Fix SkinModule to correctly prepend remote path on document root
5043 * (T235554) Disable DEFER_SET_LENGTH_AND_FLUSH headers to avoid HTTP errors.
5044 * (T278579) Don't send headers on ob_end_clean().
5045 * (T285287) MultiHttpClient: Replace PHP version check with defined().
5046 * (T280226, CVE-2021-35197) SECURITY: Prevent blocked users from purging pages.
5048 == MediaWiki 1.36.0 ==
5050 === Changes since MediaWiki 1.36.0-rc.0 ===
5051 * (T248481) rdbms: Use server time in
5052 DatabaseMysqlBase::getLagFromPtHeartbeat().
5053 * (T281549) WebInstaller: Don't show the announce-l subscribe checkbox for now.
5054 * (T264214) Follow-ups for UserGroupManager.
5055 * (T282280) resourceloader: Fix path-only URLs in wiki modules when script path
5057 * (T281972) UserIdentityValue: Introduce convenience static factory methods.
5058 * (T230428) Make page_is_redirect and page_is_new unsigned.
5059 * (T280292) Legacy feature should not load thumbnail style rules (only layout).
5060 * (T283247) Freenode -> Libera per wikimedia moving from freenode to libera.
5061 * (T280270) composer: Lock Parsoid version to specific 0.13.0 release.
5062 * (T142663) Add extension.json merge strategy "provide_default".
5063 * (T283540) HookContainer: Fix normalization of callback for static handler.
5064 * (T283464) registration: Fix array order for array_replace_recursive merge
5066 * (T283539) Interwiki: Fix calling "onInterwikiLoadPrefix" hook.
5067 * (T282594) Timeless: Re-branch to 40eb3dad1for REL1_36.
5069 == MediaWiki 1.36.0-rc.0 ==
5071 == Upgrading notes for 1.36 ==
5072 Don't forget to always back up your database before upgrading!
5074 See the file UPGRADE for more detailed per-version upgrade instructions from the
5075 oldest supported upgrading version, MediaWiki 1.27.
5077 Some specific notes for MediaWiki 1.36 upgrades are below:
5078 * MediaWiki 1.36 now requires the PHP internationalization extension (commonly
5079 referred to as Intl, ext-intl, or php-intl).
5080 * The MediaWiki:Autoblock_whitelist block exemption control has been moved to
5081 MediaWiki:Block-autoblock-exemptionlist. If you use this feature, please move
5082 the MediaWiki:Autoblock_whitelist page.
5083 * (T275334) $wgExtensionFunctions is sometimes used to change configuration
5084 settings. This is not safe; extension functions are run relatively late, some
5085 services are already initialized by that point and so they use the old
5086 configuration. Changes in 1.36 make this kind of breakage even more common.
5087 You can use the MediaWikiServices hook instead. (In the future there might be
5088 a dedicated hook for configuration changes.)
5090 For notes on 1.35.x and older releases, see HISTORY.
5092 === Configuration changes for system administrators in 1.36 ===
5093 The MediaWiki update script, maintenance/update.php, used to accept `--nopurge`
5094 as an option to prevent clearing caches stored in the database during upgrade.
5095 This is no longer encouraged, and the option has been removed.
5097 ==== New configuration ====
5098 * (T256001) $wgManualRevertSearchRadius – This setting controls a new feature
5099 that marks edits as reverts if they restore the page to an exact previous
5100 state. This configuration variable sets the maximum number of revisions of a
5101 page that will be checked against every new edit. Set this to 0 to disable the
5103 * (T244058) $wgOldRevisionParserCacheExpireTime — This setting was added to
5104 control caching of ParserOutput for old (non-current) revisions.
5105 * (T265263) $wgRememberMe - This setting configures the "remember me" checkbox
5106 on account log-in systems via RememberMeAuthenticationRequest.
5107 * (T157145) $wgSkinMetaTags – This setting lets sysadmins configure skins that
5108 support meta tags. These tags make sharing of MediaWiki pages on a variety of
5109 social platforms more contentful and thus useful.
5110 * (T280944) $wgIncludejQueryMigrate - This setting lets sysadmins disable the
5111 jQuery Migrate plugin. It has been enabled by default since MediaWiki 1.27.
5112 In future releases it will be disabled by default.
5114 ==== Changed configuration ====
5115 * $wgLogos – This setting selects the logo shown on the site. The default value
5116 for the site logo, which is shown in an install if you have not set one, will
5117 now be the new logo of MediaWiki.
5118 * (T274695) $wgAjaxEditStash — This setting, to disable the edit stashing
5119 feature when users start writing an edit summary, has been deprecated. In
5120 future releases, this feature will always be enabled.
5121 * $wgUploadStashScalerBaseUrl – This setting, to enable remote on-demand media
5122 scaling, was deprecated. Use the `thumbProxyUrl` setting in $wgLocalFileRepo
5124 * $wgSlaveLagWarning and $wgSlaveLagCritical – These settings have been renamed,
5125 to $wgDatabaseReplicaLagWarning & $wgDatabaseReplicaLagCritical respectively.
5126 The former configuration variable names are deprecated, but will be used as
5127 the fall back if they are still set, and remain temporarily available for
5128 extensions which try to read them.
5129 * $wgWANObjectCaches - The "coalesceKeys" option was removed without deprecation
5130 and replaced by a new "coalesceScheme" option, set to "hash_stop" by default.
5131 If you use Dynomite, then set the new "coalesceKeys" option to "hash_tag". The
5132 "cluster" and "mcrouterAware" options were also removed without deprecation.
5133 Use "broadcastRoutingPrefix" instead.
5135 ==== Removed configuration ====
5136 * $wgUseTwoButtonsSearchForm — This setting, deprecated in 1.35, has been
5138 * $wgAllowImageMoving — This setting, deprecated in 1.35, has been removed. Use
5139 group permission settings instead. For example, to prevent sysops from
5140 moving files, set `$wgGroupPermissions['sysop']['movefile'] = false;`
5141 * $wgExtNewTables, $wgExtNewFields, $wgExtNewIndexes, $wgExtPGNewFields,
5142 $wgExtPGAlteredFields, $wgExtModifiedFields — These settings were removed.
5143 They became obsolete after 1.17 overhauled the database updater, but were kept
5144 for backwards compatibility. The LoadExtensionSchemaUpdates hook should be
5146 * $wgParserConf - This setting, deprecated in 1.35, has been removed. The last
5147 use of this setting was for pre-processor configuration, which was deprecated
5148 in 1.34 and removed in 1.35.
5149 * $wgEnableRestAPI - This setting, ignored since 1.35, has been removed.
5150 * $wgPagePropsHaveSortkey – This temporary setting has been removed, along with
5151 the schema change upgrade path it controlled. If your site is still using it,
5152 meaning you have not yet applied the `pp_sortkey` schema change from 1.24, you
5153 must now apply it before upgrading.
5154 * The deprecated password policies PasswordCannotMatchBlacklist and
5155 PasswordNotInLargeBlacklist were removed. Please use
5156 PasswordCannotMatchDefaults and PasswordNotInCommonList respectively instead.
5158 === New user-facing features in 1.36 ===
5159 * The logo of MediaWiki has changed. This means that the "Powered By MediaWiki"
5160 button shown in the skin footer will be different.
5161 * All HTML5 named entities are now accepted in wikitext.
5162 * (T106263) The file description page's alternate sizes now include 2048px.
5164 === New developer features in 1.36 ===
5165 * Parser test files can now declare a dependency on a specific extension being
5166 loaded, not just on the presence of a certain extension tag hook. This is a
5167 better fit for extensions like TimedMediaHandler, which affect the output but
5168 don't register parser hooks. Use `extension:Foo` in the `!! hooks` section of
5169 your parser test file to declare a dependency on the `Foo` extension being
5171 * To expose code previously present in SpecialBlock/SpecialUnblock to other
5172 parts of the code, or to extensions, the new BlockUser and UnblockUser command
5173 objects were added. Use the BlockUserFactory and UnblockUserFactory services
5175 * The hook UsersPagerDoBatchLookupsHook takes now a \Wikimedia\Rdbms\IDatabase,
5176 instead of \Wikimedia\Rdbms\DBConnRef, as the first parameter.
5177 * MediaHandlers can now customize the formatting of the metadata they emit by
5178 over-riding MediaHandler::formatTag( $key, $value ). The default for unknown
5179 tags is numeric formatting; non-EXIF tags which are non-numeric should always
5180 use this method to specify the desired formatting.
5181 * The new 'title' type can be used to validate action API and REST API inputs.
5182 * The new ArticleParserOptions hook allows customizing the parser options used
5183 to parse wikitext for an article, based on user preferences, title, etc.
5184 * The new 'raw' type can be used to validate action API inputs. It bypasses the
5185 Unicode NFC normalization done on inputs of type 'string', so it more suitable
5186 when the input is binary or may contain deprecated Unicode sequences or
5187 characters (such as U+2001) that should be passed unmodified.
5188 * (T260330) A new abstraction for running shell commands has been introduced,
5189 called BoxedCommand. A BoxedCommand object can be obtained with
5190 MediaWikiServices::getInstance()->getCommandFactory()->createBoxed().
5191 * ResourceLoader modules can now mark themselves as ES6-only by setting
5192 `'es6' => true` in their module definition. ES6-only modules will not be
5193 executed in browsers that don't support ES6, such as IE11.
5195 === External library changes in 1.36 ===
5197 ==== New external libraries ====
5198 * Added wikimedia/minify 2.2.2.
5199 * Added wikimedia/request-timeout 1.1.0.
5200 * Added wikimedia/shellbox 1.0.4.
5202 * Added symfony/symfony/polyfill-php80 1.23.1.
5204 ==== Changed external libraries ====
5205 * Updated composer/semver from 1.5.1 to 3.2.4.
5206 * Updated guzzlehttp/guzzle from 6.5.4 to 7.2.0.
5207 * Updated jQuery from v3.4.1 to v3.6.0.
5208 * Updated jQuery Migrate from v3.1.0 to v3.3.2.
5209 * Updated jquery.client from 2.0.2 to 3.0.0.
5210 * Updated OOUI from 0.39.3 to 0.41.3.
5211 * Updated pear/mail_mime from 1.10.8 to 1.10.9.
5212 * Updated pear/net_smtp from 1.9.1 to 1.9.2.
5213 * Updated pimple/pimple from 3.3.0 to 3.3.1.
5214 * Updated wikimedia/at-ease from 2.0.0 to 2.1.0.
5215 * Updated wikimedia/cldr-plural-rule-parser from 1.0.0 to 2.0.0.
5216 * Updated wikimedia/common-passwords from 0.2.0 to 0.3.0.
5217 * Updated wikimedia/composer-merge-plugin from 1.4.1 to 2.0.1.
5218 * Updated wikimedia/html-formatter from 1.0.2 to 3.0.1.
5219 * Updated wikimedia/ip-set from 2.1.0 to 3.0.0.
5220 * Updated wikimedia/ip-utils from 1.0.0 to 3.0.2.
5221 * Updated wikimedia/less.php from 3.0.0 to 3.1.0.
5222 * Updated wikimedia/object-factory from 2.1.0 to 3.0.0.
5223 * Updated wikimedia/php-session-serializer from 1.0.7 to 2.0.0.
5224 * Updated wikimedia/remex-html from 2.2.0 to 2.2.2.
5225 * Updated wikimedia/utfnormal from 2.0.0 to 3.0.2.
5226 * Updated wikimedia/wait-condition-loop from 1.0.1 to 2.0.1.
5227 * Updated wikimedia/xmp-reader from 0.7.0 to 0.8.1.
5229 ===== Changed development-only external libraries =====
5230 * Updated composer/spdx-licenses from 1.5.3 to 1.5.4.
5231 * Updated doctrine/dbal from 2.10.2 to 3.0.0.
5232 * Updated doctrine/sql-formatter from 1.1.0 to 1.1.1.
5233 * Updated mediawiki/mediawiki-phan-config from 0.10.2 to 0.10.6.
5234 * Updated monolog/monolog from 1.25.3 to 2.2.0.
5235 * Updated nikic/php-parser from 4.4.0 to 4.10.2.
5236 * Updated psy/psysh from 0.10.4 to 0.10.5.
5237 * Updated seld/jsonlint from 1.7.1 to 1.8.3.
5238 * Updated symfony/yaml from ~3.4|~4.3|~5.0.5 to ~3.4|~5.1.
5239 * Updated wikimedia/testing-access-wrapper from 1.0.0 to 2.0.0.
5241 ==== Removed external libraries ====
5242 * The html5shiv library has been removed, as support for Internet Explorer 8 has
5244 * The wikimedia/avro suggested development-only library has been removed, as the
5245 support for logging in Avro format has been dropped.
5247 === Bug fixes in 1.36 ===
5248 * (T190285) ApiEditPage module used to switch 'undo' and 'undoafter' parameters,
5249 if it founds you reversed them (based on assumption that higher revision ID
5250 indicates a later revision). The assumption is not always true, and is
5251 hindering proper edit undoing in some cases, hence the logic has been removed.
5252 Reversing the parameters will now lead to edit conflict or undefined behavior.
5253 * (T263340) In history merging, pages with a content model that does not support
5254 redirects will now be recorded as deleted if no revision is being left in the
5255 source page (that's if all revisions of the page have been merged to another).
5257 === Action API changes in 1.36 ===
5258 * (T269636) `Access-Control-Max-Age` was added to the default list of headers
5259 allowed for cross-origin API requests ($wgAllowedCorsHeaders).
5260 * (T258108) Accounts with the 'bot' right no longer have pages automatically
5261 added to the watchlist when making API edits, regardless of their preferences.
5262 This is to reduce the size of the watchlist data in the database. To add API
5263 bot edits to the watchlist, explicitly set the 'watch' option.
5265 === Languages updated in 1.36 ===
5266 MediaWiki supports over 350 languages. Many localisations are updated regularly.
5267 Below only new and removed languages are listed, as well as changes to languages
5268 because of Phabricator reports.
5270 * (T258975) Added a Latin/Cyrillic script converter for the Talysh language.
5271 * (T245359) Split Bali script locale from "ban" (Balinese) (ban-bali).
5272 * (T264582) Added language support for Madurese (mad).
5273 * (T259330) Added language support for Mara (mrh).
5274 * (T263968) Added language support for Nias (nia).
5275 * (T270365) Added language support for Tyap (kcg).
5276 * (T276745) Added language support for Wayuu (guc).
5278 === Breaking changes in 1.36 ===
5279 * Grade C (non-JavaScript) support for Internet Explorer 8 has been dropped.
5280 * (T249459) wfIsBadImage(), deprecated in 1.34, has been removed.
5281 * (T176526) EditPage::getContextTitle() will now throw an exception if a context
5282 title was not set using setContextTitle(). Previously, this mis-use would only
5283 cause a deprecation warning to be emitted.
5284 * The DeferredStringifier class, deprecated since 1.31, was removed.
5285 * Multiple methods that fell back to the $wgUser global variable were
5286 individually hard deprecated previously. The following have now been removed:
5287 - ApiTestCase::doLogin
5288 - Article::doDeleteArticle
5289 - Article::doDeleteArticleReal
5290 - Article::getComment
5291 - Article::getCreator
5293 - Article::getUserText
5294 - Article::insertProtectNullRevision
5296 - File::recordUpload
5297 - ForeignDBFile::delete
5298 - ForeignDBFile::recordUpload
5300 - LocalFile::deleteOld
5301 - LocalFile::recordUpload
5302 - PageArchive::undelete
5303 - RecentChange::markPatrolled
5304 - Title::getUserPermissionsErrors
5305 - Title::quickUserCan
5307 - WebRequest::getLimitOffset
5308 - WikiPage::doDeleteArticle
5309 - WikiPage::insertProtectNullRevision
5310 * The SpecialPageFactory class, deprecated in 1.32, has been removed. Use the
5311 SpecialPageFactory service instead.
5312 * Multiple methods previously had optional User parameters, with fallbacks
5313 to the $wgUser global variable. Not passing a User to those methods was
5314 previously hard deprecated, and support for not passing a User has now
5316 - ArchivedFile::userCan
5318 - FileDeleteForm::__construct
5319 - FileDeleteForm::doDelete
5320 - LocalFileDeleteBatch::__construct
5321 - LogEventsList::getExcludeClause (only needed for the 'user' audience)
5322 - LogEventsList::userCan
5323 - LogEventsList::userCanBitfield
5324 - LogEventsList::userCanViewLogType
5325 - LogPage::addEntry (also accepts user id instead)
5326 - OldLocalFile::userCan
5328 - Title::getNotificationTimestamp (though the entire method is deprecated)
5329 - WikiPage::getComment (only needed for the FOR_THIS_USER audience)
5330 - WikiPage::getCreator (only needed for the FOR_THIS_USER audience)
5331 - WikiPage::getUser (only needed for the FOR_THIS_USER audience)
5332 - WikiPage::getUserText (only needed for the FOR_THIS_USER audience)
5333 * The following hooks have been removed:
5334 - APIQueryInfoTokens
5335 - APIQueryRecentChangesTokens
5336 - APIQueryRevisionsTokens
5337 - APIQueryUsersTokens
5338 - ApiTokensGetTokenTypes
5339 * LogEventsList::typeAction previously accepted an optional right parameter, and
5340 checked if the context user ($wgUser) had that right. Passing a right was hard
5341 deprecated in 1.35, and support for passing a right has now been removed.
5342 * WikiPage::doDeleteArticleReal previously accepted an optional user as its
5343 fifth parameter, and fell back to $wgUser if not user was provided. The
5344 signature changed to have the user as the second parameter, and the old
5345 signature was hard deprecated in 1.35. Support for the old signature has now
5347 * User::addNewUserLogEntry, deprecated since 1.27, was removed.
5348 * As part of refactoring the EditPage class, EditPage::setPreloadedContent,
5349 which had no known callers was removed entirely. Additionally, the following
5350 public methods were made private:
5351 - ::extractSectionTitle
5352 - ::getSummaryInputWidget
5353 - ::noSuchSectionPage
5355 * EditPage::matchSpamRegex and ::matchSummarySpamRegex, deprecated in 1.35,
5356 were removed. Use the SpamChecker service instead.
5357 * The global function `wfWaitForSlaves`, deprecated in 1.27 and hard-deprecated
5358 in 1.35, has been removed. Use LBFactory::waitForReplication() instead.
5359 * Calling Action::factory() with null as the first parameter, rather than a
5360 string, was deprecated in 1.35 and support was now removed.
5361 * Calling Action::factory() with an object that wasn't an Article as the second
5362 parameter was deprecated in 1.35 and support was now removed.
5363 * The global variable $wgMemc, deprecated since 1.35, has been removed. Usage
5364 should generally be migrated to WANObjectCache, or if you really need the
5365 internal object, use ObjectCache::getLocalClusterInstance instead.
5366 * The preprocessDump.php maintenance script was removed.
5367 * CategoryFinder, which was deprecated in 1.31 and hard-deprecated in 1.35,
5369 * GenderCache::singleton(), which was deprecated in 1.28 and hard-deprecated
5370 in 1.35, has been removed.
5371 * Sanitizer::escapeId(), deprecated in 1.30, has been removed.
5372 * Direct invocation of Parser::__construct() (instead of via a ParserFactory)
5373 now throws an exception; support has also been removed for several
5374 deprecated variants on the arguments passed to Parser::__construct.
5375 Direct invocation of Parser::__construct was deprecated in 1.34.
5376 * Parser::setFunctionTagHook(), deprecated in 1.35, has been removed.
5377 * The following properties of Parser, deprecated in 1.35, have been made
5379 - $mTagHooks - use Parser::getTags()
5380 - $mFunctionHooks - use Parser::getFunctionHooks()
5381 - $mOutput - use Parser::getOutput()
5382 - $mPreprocessor - use Parser::getPreprocessor()
5383 * The ParserBeforeTidy hook, deprecated in 1.35, has been removed.
5384 * The ParserBeforeTidy, ParserBeforeStrip, and ParserAfterStrip hooks,
5385 deprecated in 1.35, have been removed.
5386 * All methods of MWTidy except for MW::tidy() have been removed. These were each
5387 either marked as @internal or deprecated in 1.35.
5388 * (T248062) Mixins `.background-image-svg()` and `.background-image-svg-quick()`
5389 (provided by mediawiki.mixins.less), which have been deprecated since 1.35,
5390 have now been removed. MediaWiki no longer supports any browser which would
5391 require this SVG-fallback PNG support, so you can simply use the regular CSS
5392 `background-image:` declaration instead.
5393 * The ResourceLoader module `mediawiki.legacy.oldshared` and its file
5394 'oldshared.css', deprecated since 1.35 has been removed (T248357).
5395 * `ResourceLoader::__construct` now requires a Config parameter. The optional
5396 nature of this parameter was deprecated in 1.34.
5397 * The LinkBegin and LinkEnd hooks, deprecated in 1.28, have been removed. You
5398 can instead use the HtmlPageLinkRendererBegin and HtmlPageLinkRendererEnd
5399 hooks, respectively.
5400 * The EmailUser hook passes its fifth param, $error, by reference, to allow
5401 hook handlers to add error messages, indicate that they have sent the email
5402 instead of core, etc. Setting the parameter to something other than a
5403 Status object, true, false, an empty string, an array, or a MessageSpecifier,
5404 object, which had been deprecated in 1.29, is no longer supported, and now
5405 results in an MWException being thrown.
5406 * Skin::getDynamicStylesheetQuery(), deprecated in 1.32, has been removed. You
5407 should use action=raw&ctype=text/css directly.
5408 * Skin::makeI18nUrl(), deprecated in 1.35, has been removed.
5409 * The following User methods, deprecated and moved to BlockManager in 1.34, were
5411 - ::isDnsBlacklisted
5413 - ::isLocallyBlockedProxy
5414 - ::trackBlockWithCookie
5415 * Support for v1 of the parser tests file format has been removed; it was
5416 deprecated in 1.35. (T174199)
5417 * SpecialUnblockUser::processUIUnblock() now returns a Status object instead of
5418 an array of messages or a boolean value. This function was also marked as
5419 @internal and is no longer safe to call it publicly.
5420 * mw.Title.getDotExtension() from the 'mediawiki.Title' module was removed
5421 without deprecation. You should use mw.Title.getExtension() and prepend the
5423 * Profiler::getTemplated and Profiler::setTemplated, deprecated in 1.34, have
5425 * DatabaseMysqlBase now requires MySQL version 5.6.4+ when "lagDetectionMethod"
5426 is set to "pt-heartbeat".
5427 * Removed HookContainer::getOriginalHooksForTest() without deprecation. This
5428 method was introduced in 1.35 for internal use, and appears unused outside of
5430 * ParserCache::__construct() now requires three parameters.
5431 * Message->getFormat(), deprecated in 1.29, has been removed.
5432 * Support for passing Article to ParserCache::get, deprecated in 1.35, has been
5434 * ParserCache::singleton(), deprecated in 1.30, has been removed.
5435 * DatabaseBlock::deleteIfExpired and ::fromMaster, deprecated in 1.35, have been
5437 * Some deprecated AbstractBlock methods have been removed:
5438 - ::prevents, deprecated in 1.33
5439 - ::shouldTrackWithCookie, deprecated in 1.34
5440 - ::getBlocker, deprecated in 1.35
5441 - ::setBlocker, deprecated in 1.35
5442 - ::getBlockErrorParams, deprecated in 1.35
5443 * Multiple DatabaseBlock methods dealing with cookies, deprecated in 1.34,
5448 - ::getIdFromCookieValue
5449 - ::shouldTrackWithCookie
5450 * The public static callback function SpecialUnblock::processUIUnblock has been
5451 removed. This method was for internal use only, and appears unused outside of
5453 * ChangeTags::truncateTagDescription, deprecated in 1.35, has been removed.
5454 * Deprecated null fallbacks in PasswordReset constructor have been removed.
5455 * User::isEveryoneAllowed and User::getAllRights, deprecated in 1.34, has been
5457 * The following methods of the UserGroupMembership class, deprecated in 1.35,
5460 - ::newFromRow - use UserGroupManager::newGroupMembershipFromRow
5461 - ::selectFields - use UserGroupManager::getQueryInfo
5462 - ::delete - use UserGroupManager::removeUserFromGroup
5463 - ::insert - use UserGroupManager::addUserToGroup
5464 - ::purgeExpired - use UserGroupManager::purgeExpired
5465 - ::getMembershipsForUser - use UserGroupManager::getUserGroupMemberships
5466 - ::getMembership - use UserGroupManager::getUserGroupMemberships
5467 * The public static callback function SpecialBlock::validateTargetField has been
5468 removed. This method was for internal use only, and appears unused outside of
5470 * The public static callback function SpecialUploadStash::tryClearStashedUploads
5471 has been removed. This method was for internal use only, and appears unused
5472 outside of MediaWiki core.
5473 * SpecialComparePages::showDiff() ::revOrTitle(), ::checkExistingTitle(), and
5474 ::checkExistingRevision() were marked as @internal to allow for breaking
5475 changes. They are no longer safe to call. The methods were unused outside of
5477 * Each special page within core now uses service injection via it constructor.
5478 When extending these special pages, a call to the grandparent constructor
5479 (`SpecialPage::__construct()`) in the sub-class would now break the derived
5480 special page, as the fallback code in the parent constructor cannot set the
5481 services as needed. Be sure to call the parent constructor when extending
5482 core special pages. Extending core's special pages is not part of the stable
5483 interface, and should generally be avoided.
5484 * Language::getExtraUserToggles and ::viewPrevNext, deprecated in 1.34, have
5486 * StreamFile::send404Message and ::parseRange, deprecated in 1.34, have been
5488 * SVGMetadataExtractor class, deprecated in 1.34, has been removed.
5489 * ProcessCacheLRU class, deprecated in 1.32, has been removed.
5490 * wfForeignMemcKey(), deprecated in 1.35, has been removed.
5491 * LoadBalancer::safeWaitForMasterPos(), deprecated in 1.34, has been removed.
5492 * JobQueue::factory() now requires its `idGenerator` option. The optional
5493 nature of this option was deprecated in 1.35.
5494 * ApiFeedRecentChanges::getFeedObject has been changed to private, and appears
5495 unused outside of MediaWiki core.
5496 * Skin::subPageSubtitle() has been changed to private method. Callers should
5497 use Skin::prepareSubtitle().
5498 * RevisionDeleter::checkRevisionExistence was removed without deprecation.
5499 It had no known callers.
5500 * wfForeignMemcKey() and wfMemcKey(), deprecated in 1.35, have been removed.
5501 * MediaWiki now also requires the php-intl extension.
5502 * BotPassword::save() now returns a Status object for the result rather than
5504 * The methods in CoreTagHooks have been marked @internal and type hints have
5505 been added. The methods appeared to be unused outside of MediaWiki core.
5506 * SquidPurgeClient and SquidPurgeClientPool, deprecated since 1.35, have been
5508 * Several methods on WikiPage will now throw an exception when called on a
5509 WikiPage instance that where constructed on a title that does not refer to a
5510 proper page (but rather a special page or interwiki link). The behavior was
5511 previously undefined and could in some cases lead to data corruption. Affected
5512 methods are: getId(), insertOn(), newPageUpdater(), doUpdateRestrictions(),
5513 doDeleteArticleReal(), doRollback(), and doEditContent().
5514 * The ParserTestRunner no longer invokes the ParserTestTables hook. Instead, it
5515 clones all database tables before running tests, like MediaWikiIntegrationTest
5516 does. If an extension was mis-using the hook to *exclude* tables from the
5517 clone, that will no longer occur, and tests may fail.
5518 * The following classes, which were only loaded for tests and had no uses found
5519 in public MediaWiki-related git, were removed:
5522 * Passing Title as a second parameter to RevisionStore::getPreviousRevision and
5523 getNextRevision, hard deprecated since 1.31, was prohibited.
5524 * (T275619) Maintenance::hasOption and Maintenance::getOption now behave as
5525 documented and are not altered by previous calls to these methods.
5526 * The internal class FirejailCommand was removed.
5527 * Command::execute() now returns a Shellbox\Command\UnboxedResult instead of a
5528 MediaWiki\Shell\Result. Any type hints should be updated.
5529 * WikiPage::$mIsRedirect was removed.
5530 * ObjectCache::detectLocalServerCache(), deprecated in 1.35, was removed.
5531 * The following functions from the Title class have been removed:
5532 - countRevisionsBetween
5534 * The PageProps class was converted to a service. PageProps::overrideInstance
5535 was removed, and MediaWikiServices::redefineService should be used
5537 * Support for creating a MediaWikiTitleCodec object without the InterwikiLookup
5538 and NamespaceInfo services, deprecated in 1.34, was removed. Note that the
5539 MediaWikiTitleCodec class is not @newable or @stable to create, and should
5540 be retrieved from MediaWikiServices instead.
5541 * The $wgContLang variable, deprecated in 1.32, was removed. You can instead use
5542 MediaWikiServices::getInstance()->getContentLanguage().
5543 * User::clearAllNotifications(), hard deprecated in 1.35, was removed. Use
5544 WatchlistManager::clearAllUserNotifications() instead.
5545 * DatabaseBlock::getBlocker can return any UserIdentity instance, not just User.
5546 * MediaWiki::triggerJobs(), deprecated in 1.34, was removed.
5547 * The following Article methods, deprecated in 1.35, were removed:
5557 - getAutoDeleteReason
5562 - getDeletionUpdates
5563 - getHiddenCategories
5574 - hasViewableContent
5577 - insertRedirectEntry
5586 - prepareContentForEdit
5587 - protectDescription
5588 - protectDescriptionLog
5589 - replaceSectionAtRev
5590 - replaceSectionContent
5592 - shouldCheckParserCache
5594 - triggerOpportunisticLinksUpdate
5595 - updateCategoryCounts
5599 - doUpdateRestrictions
5600 - updateRestrictions
5604 * The monolog-based logging system has dropped the Avro format. Because of this,
5605 the AvroFormatter class and the AvroValidator utility class have been removed
5606 without deprecation.
5607 * AbstractBlock::$mReason, deprecated in 1.34, was removed.
5608 Use AbstractBlock::getReasonComment and AbstractBlock::setReason instead.
5610 === Deprecations in 1.36 ===
5611 * (T278026) The DB_MASTER constant has been deprecated in favour of DB_PRIMARY.
5612 * (T245963) User::getGrantName() is now hard deprecated and will be removed in
5613 a subsequent release. Use MWGrants::grantName() instead.
5614 * wfIncrStats() is now deprecated. Use MediaWikiServices::getInstance()
5615 ->getStatsdDataFactory()->updateCount() instead.
5616 * WikiPage::doEditContent() is now deprecated. Use
5617 WikiPage::doUserEditContent() instead. Note that doEditContent() was also
5618 deprecated in 1.32 for unrelated reasons and doUserEditContent() is
5619 deprecated for other reasons, however, using doUserEditContent() is
5620 recommended over using doEditContent().
5621 * WikiPage::doUserEditContent() is now deprecated. Use
5622 PageUpdater::saveRevision instead. Note that the new method expects callers
5623 to take care of checking EDIT_MINOR against the minoredit right, and to apply
5624 the autopatrol right as appropriate.
5625 * LocalFile::recordUpload2, soft deprecated in 1.35, now emits deprecation
5626 warnings. Use ::recordUpload3 instead.
5627 * Constructing a new instance of the ParserOptions class without providing
5628 a User object, which falls back to the global $wgUser, is now deprecated.
5629 * The User class, which was marked as @newable in 1.35, is no longer newable,
5630 meaning that it is no longer safe to manually call the constructor via
5631 `new User`. Instead, use the UserFactory service. Additionally, the
5632 following static constructor methods were deprecated in favor of using the
5633 UserFactory service:
5636 - User::newFromActorId
5637 - User::newFromIdentity
5638 - User::newFromAnyId
5639 - User::newFromConfirmationCode
5640 * The following User methods have been hard deprecated in favor of the new
5641 UserEditTracker service:
5642 - User::getFirstEditTimestamp
5643 - User::getLatestEditTimestamp
5644 * The confusingly-named User->isLoggedIn() method has been deprecated in favour
5645 of the method it wraps, User->isRegistered().
5646 * Use of the `preprocessor=Preprocessor_DOM` option in parser test files has
5647 been deprecated. Preprocessor_DOM was removed in 1.35.
5648 * ParserOptions::setTidy() has been deprecated. It has had no effect since
5650 * Sanitizer::escapeIdReferenceList() has been deprecated; it will eventually
5651 be made private to the class, as it appears to have no uses outside the
5653 * Sanitizer::hackDocType() is deprecated; it will eventually be made private.
5654 * Skin::getIndicatorsHTML() is deprecated. The functionality can be retained
5655 by reimplementing the method using the raw indicators data from
5656 OutputPage::getIndicators.
5657 * Skin::makeVariablesScript() has been deprecated. Use
5658 ResourceLoader::makeInlineScript() instead.
5659 * SpecialPageFactory::getRestrictedPages() has been deprecated.
5660 Use SpecialPageFactory::getUsablePages() instead.
5661 * Title::nameOf() is deprecated; use Title::newFromID()->getPrefixedDBkey()
5663 * DatabaseBlock::insert, DatabaseBlock::update, DatabaseBlock::purgeExpired and
5664 DatabaseBlock::delete are deprecated. Use DatabaseBlockStore::insertBlock,
5665 DatabaseBlockStore::updateBlock, DatabaseBlockStore::purgeExpiredBlocks and
5666 DatabaseBlockStore::deleteBlock instead.
5667 * SpecialBlock::getTargetAndType and AbstractBlock::parseTarget are deprecated.
5668 Call BlockUtils::parseBlockTarget instead.
5669 * SpecialUnblock::processUnblock was deprecated - use UnblockUserFactory
5671 * Deprecated MediaWikiIntegrationtestCase::removeTemporaryHook() in favor of
5672 MediaWikiIntegrationtestCase::clearHook().
5673 * Skin::getSearchLink(), also exposed as 'searchaction' option in SkinTemplate,
5674 has been deprecated. Use Title or SpecialPage methods directly.
5675 * Skin::getAllowedSkins and ::getSkinNames have been deprecated. Use their
5676 respective equivalents in SkinFactory instead.
5677 * The RollbackComplete hook has been deprecated, use the PageSaveComplete hook
5679 * Skin::makeUrl() has been deprecated. Title methods should be used instead.
5680 * Skin::privacyLink(), Skin::disclaimerLink() and Skin::aboutLink() have been
5681 deprecated. Please use Skin::footerLink() instead.
5682 * Skin::getLogo() has been deprecated. Use ResourceLoaderSkinModule instead.
5683 * The module `mediawiki.toc.styles` has been replaced by
5684 ResourceLoaderSkinModule. If you are having problems styling table of contents
5685 ensure you have an updated skin.
5686 * Skin::mainPageLink() has been deprecated. Use LinkRenderer service instead.
5687 * BaseTemplate::getToolbox() method has been hard deprecated. The toolbox data
5688 is now available in a sidebar data array which you can get from any class
5689 that's extending QuickTemplate class.
5690 * Constructing a DefaultPreferencesFactory, LinkHolderArray or PasswordReset
5691 without a $hookContainer parameter is deprecated.
5692 * Autopromote class, soft deprecated since 1.35, now emits deprecation warnings.
5693 Use UserGroupManager instead.
5694 * SpecialBlock::canBlockEmail has been deprecated. Please use
5695 BlockPermissionChecker::checkEmailPermissions instead.
5696 * SpecialBlock::checkUnblockSelf has been deprecated. Please use
5697 BlockPermissionChecker::checkBlockPermissions instead.
5698 * SpecialBlock::parseExpiryInput was deprecated - use
5699 BlockUser::parseExpiryInput instead.
5700 * SpecialBlock::validateTarget has been deprecated, use BlockUtils instead.
5701 * SpecialBlock::validateTargetField has been deprecated for external use,
5702 use BlockUtils instead.
5703 * SpecialPage::getLanguageConverter has been deprecated, use
5704 LanguageConverterFactory::getLanguageConverter() directly.
5705 * ParserCache::getKey has been deprecated. Use ParserCache::getMetadata and
5706 ParserCache::makeParserOutputKey instead.
5707 * The PHPUnit4And6Compat class, used to provide compatibility with PHPUnit 4,
5708 was removed. MediaWiki support for PHPUnit 4 ended with the removal of HHVM
5710 * The PHPUnit6And8Compat class, used to provide compatibility with PHPUnit 6,
5711 was removed without deprecation. This class was introduced during the
5712 upgrade to PHPUnit 8, but never used.
5713 * MediaWikiIntegrationTestCase::assertType, hard-deprecated in 1.35 due to
5714 incompatibility with PHPUnit 8, was removed.
5715 * ParserCache::getETag has been deprecated, instead build suitable etag
5717 * The following functions from the Language class have been hard deprecated
5718 and will be removed in a subsequent release:
5721 - updateConversionTable
5723 * The following functions from the Title class have been hard deprecated:
5724 - getPreviousRevisionID
5726 - getEarliestRevTime
5727 * The following functions from the User class have been hard deprecated:
5730 * The mw.language.commafy client-side method has been deprecated, to match
5731 the deprecation of Language::commafy. Use mw.language.convertNumber
5733 * The "es6-promise" module has been deprecated. Use "es6-polyfills" instead.
5734 * Title::isDeleted() and Title::isDeletedQuick() have been deprecated. Please
5735 use Title::getDeletedEditsCount() and Title::hasDeletedEdits() instead.
5736 * Article::getContentObject, soft-deprecated since 1.32, was hard-deprecated.
5737 * WikiRevision::importUpload, soft-deprecated since 1.31, was hard-deprecated.
5738 * Html::infoBox() has been deprecated. There's no replacement.
5739 * Message::toString() without a $format parameter, soft-deprecated since 1.28,
5740 was hard-deprecated. Use explicit formatting methods instead, such as
5741 Message::text() and Message::escaped().
5742 * BagOStuff::makeKeyInternal() usage outside of BagOStuff has been deprecated.
5743 * BagOStuff::setDebug() is deprecated and calls to it are ignored. Debug logs
5744 are now unconditionally enabled.
5745 * The following global functions have been hard deprecated:
5746 - wfAppendToArrayIfNotDefault
5748 - wfClearOutputBuffers
5749 - wfConfiguredReadOnlyReason
5751 - wfGetPrecompiledData
5753 * BeforeParserFetchTemplateAndtitleHook has been deprecated; replace
5754 with the new BeforeParserFetchTemplateRevisionRecord hook. (The
5755 similar ParserFetchTemplateHook was deprecated in 1.35; the new hook
5757 * The InterwikiLoadPrefix hook has been deprecated; it is not compatible
5758 with future wikitext parsers (which need to enumerate all interwiki
5759 prefixes). In test cases please use $wgInterwikiCache instead.
5760 * WikiPage instances should no longer be constructed for titles that do not
5761 represent editable pages (e.g. special pages). WikiPages were always
5762 documented to represent "MediaWiki article and history".
5763 * Skin::getSkinStylePath() has been deprecated. Please replace usages with
5764 the direct path to the resources.
5765 * The second argument of EnhancedChangesList::getDiffHistLinks, $query, has
5767 * The ParserTestTables hook has been deprecated; it is no longer necessary
5768 after a ParserTestRunner refactoring.
5769 * The following classes have been hard deprecated: CachedAction,
5770 SpecialCachedPage, CacheHelper, ICacheHelper. They were unused in MediaWiki
5771 ecosystem, so no replacement was provided.
5772 * The ProtectionForm::buildForm hook has been deprecated. Please use the
5773 ProtectionFormAddFormFields hook instead.
5774 * RevisionStore::newMutableRevisionFromArray has been hard deprecated. Instead,
5775 MutableRevisionRecord should be constructed directly via constructor.
5776 * UserIdentity::getActorId() is deprecated. The actor ID should not be exposed
5777 to application logic. Storage layer code should use the ActorNormalization
5778 service for normalizing and denormalizing user names.
5779 * Constructing a UserIdentityValue with an actor ID as the third parameter is
5780 deprecated. The parameter should be omitted. Storage layer code should use
5781 the ActorNormalization service for normalizing and denormalizing user names.
5782 * Command::cgroup() is deprecated and no longer functional. $wgShellCgroup is
5783 now implemented as an Executor option.
5784 * Command::restrict() is deprecated. Instead use the new separate accessors.
5785 * MWTidy::tidy() is deprecated. Use MediaWikiServices::getTidy()-tidy() instead.
5786 * TidyDriverBase::supportsValidate() is deprecated; it has always returned
5788 * WatchedItem::getUser hard-deprecated in favor of ::getUserIdentity.
5789 * WatchedItemStoreInterface::enqueueWatchlistExpiryJob was hard deprecated in
5790 favor of the new method maybeEnqueueWatchlistExpiryJob that takes care of
5791 relevant configuration checks.
5792 * LogEntry::getPerformer() and its implementations have been hard-deprecated, in
5793 favor of ::getPerformerIdentity().
5794 * AuthManager::singleton(), deprecated in 1.35, is hard deprecated. Use
5795 MediaWikiServices::getAuthManager() instead.
5796 * User::clearNotification(), deprecated in 1.35, is hard deprecated. Use
5797 WatchlistManager::clearTitleUserNotification() instead.
5798 * Passing string to DatabaseBlock::setBlocker was deprecated. Only UserIdentity
5800 * DatabaseBlock constructor 'byText' option was deprecated in favour of 'by'
5801 option, which now accepts UserIdentity. Passing user ID is deprecated.
5802 * Parser::getUser was deprecated. Use Parser::getUserIdentity instead.
5803 * DatabaseBlock::isWhitelistedFromAutoblocks was deprecated. Use
5804 DatabaseBlock::isExemptedFromAutoblocks instead.
5805 * User::isIPRange(), deprecated in 1.35, is hard deprecated.
5806 Use the UserNameUtils service or IPUtils directly.
5807 * BaseTemplate::getFooterIcons(), deprecated in 1.35, is hard deprecated. Read
5808 footer icons from template data requested via $this->get('footericons').
5809 * `box-shadow()` LESS mixin from mediawiki.mixins is deprecated due to updated
5810 basic browser support. Use unprefixed property `box-shadow:` instead.
5811 * MergeHistory::checkPermissions was deprecated. Use ::probablyCanMerge or
5812 ::authorizeMerge instead.
5813 * User::isValidUserName(), deprecated in 1.35, is hard deprecated.
5814 Use the UserNameUtils service instead.
5815 * The TitleArrayFromResult hook has been deprecated.
5816 * The EditPageBeforeEditToolbar hook has been deprecated; it has become
5817 defunct after the classic edit toolbar was removed. Use one of the many
5818 other EditPage hooks instead.
5819 * Deprecated the class name MediaWiki\User\WatchlistNotificationManager; use
5820 MediaWiki\Watchlist\WatchlistManager instead. Deprecated the method
5821 MediaWikiServices->getWatchlistNotificationManager(); use
5822 MediaWikiServices->getWatchlistManager() instead.
5823 * The "ArticleEditUpdatesDeleteFromRecentchanges" hook, deprecated in 1.35, has
5824 been removed. Other hooks like "RecentChange_save" can be used instead.
5826 === Other changes in 1.36 ===
5827 * The 'tidy' key in ParserOptions (used in the parser cache) has been removed.
5828 It has had no effect since 1.35.
5829 * A future release of MediaWiki will make `{{=}}` a built-in parser function,
5830 for use when automatically escaping the `=` character in template arguments.
5831 A tracking category and parser warning have been added to this release when
5832 `{{=}}` is used and it expands to something other than `=`.
5833 * The implementation of TestFileReader::read has been changed to use Parsoid's
5834 parser test file parser. This should be compatible with existing code, but it
5835 only supports version 2 of the test file specification and may be more strict
5836 when parsing invalid input, including duplicate tests.
5837 * BeforeParserFetchTemplateRevisionRecord, a new hook, unifies and replaces the
5838 old BeforeParserFetchTemplateAndtitleHook and ParserFetchTemplateHook.
5839 * The SkinLessImportPaths attribute was added, allowing skins to add a directory
5840 to the import path for LESS stylesheets. Skins can use this to provide a
5841 custom version of mediawiki.skin.variables.less, setting skin-specific values
5842 for certain LESS variables.
5843 * The interaction between ContentHandler::getParserOutputForIndexing() and
5844 ContentHandler::getDataForSearchIndex() has been clarified (the latter should
5845 only be called with the result of the former). Extensions may override
5846 getParserOutputForIndexing() to skip generating HTML, which may improve
5847 indexing performance. (The default implementation still generates HTML, and
5848 getDataForSearchIndex() implementations can still rely on it if they do not
5849 over-ride getParserOutputForIndexing().)
5850 * Article::fetchContentObject, ::mContentObject, ::mContentLoaded,
5851 ::mRevIdFetched, all deprecated since 1.32, were removed.
5852 * Article::mParserOptions and ::setParserOptions were removed.
5853 * Article and ImagePage::getEmptyPageParserOutput, unused, were removed.
5854 * ParserCache's default serialization format was changed from PHP serialization
5855 to JSON serialization. In case some installed extension do not support JSON
5856 yet, $wgParserCacheUseJson can be used to revert back to PHP serialization.
5857 * PermissionManager::groupHasPermission, ::getGroupPermissions and
5858 ::getGroupsWithPermission were deprecated, use GroupPermissionsLookup
5860 * WatchedItemStoreInterface now accepts PageIdentity where it accepted
5861 LinkTarget, calling with LinkTarget was deprecated.
5862 * 'movable' attribute has been added to the 'namespaces' property of
5863 extension.json schema. Extensions that define namespaces can set it to
5864 `false` to disallow moving pages in the specified namespace. Extensions
5865 should either use this or NamespaceIsMovableHook, but not both. The hook
5866 overrides the attribute.
5870 MediaWiki 1.36 requires PHP 7.3.19 or later and the following PHP extensions:
5881 MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used,
5882 but support for them is somewhat less mature.
5884 The supported versions are:
5886 * MySQL 5.5.8 or later
5887 * PostgreSQL 9.4 or later
5888 * SQLite 3.8.0 or later
5890 == Online documentation ==
5891 Documentation for both end-users and site administrators is available on
5892 MediaWiki.org, and is covered under the GNU Free Documentation License (except
5893 for pages that explicitly state that their contents are in the public domain):
5895 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
5898 A mailing list is available for MediaWiki user support and discussion:
5900 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
5902 A low-traffic announcements-only list is also available:
5904 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
5906 It's highly recommended that you sign up for one of these lists if you're
5907 going to run a public MediaWiki, so you can be notified of security fixes.
5910 There's usually someone online in #mediawiki on irc.libera.chat.
5914 MediaWiki 1.35 should mostly work on PHP 8.0/8.1, however it is not
5915 currently actively supported. Testing (on a development wiki!) is
5916 appreciated, and bugs with PHP 8.0/8.1 on MediaWiki 1.35 will be accepted.
5918 It is anticipated that in a later MediaWiki 1.35 point release, we can
5919 declare 1.35 as supporting PHP 8.0/8.1.
5921 PHP 8.0 workboard: https://phabricator.wikimedia.org/tag/php_8.0_support/
5922 PHP 8.1 workboard: https://phabricator.wikimedia.org/tag/php_8.1_support/
5923 PHP 8.2 workboard: https://phabricator.wikimedia.org/tag/php_8.2_support/
5924 PHP 8.3 workboard: https://phabricator.wikimedia.org/tag/php_8.3_support/
5926 == MediaWiki 1.35.13 ==
5928 This is a maintenance release of the MediaWiki 1.35 branch.
5930 === Changes since MediaWiki 1.35.12 ===
5931 * Tarball release to fix backport issues with patch for T341529.
5933 == MediaWiki 1.35.12 ==
5935 This is a security and maintenance release of the MediaWiki 1.35 branch.
5937 === Changes since MediaWiki 1.35.11 ===
5938 * Localisation updates.
5939 * (T333050, CVE-2023-45363) SECURITY: Fix infinite loop for
5940 self-redirects with variants conversion.
5941 * (T341434) WikiImporter: Improve error message output.
5942 * (T341737) ApiBase: Cast $id to string in filterIDs.
5943 * (T342632) ApiComparePages: Add help url.
5944 * (T347227) ImportReporter: Make callback functions public.
5945 * doc: Improve description of type in extension.schema.v1.json.
5946 * (T340221, CVE-2023-45360) SECURITY: XSS via
5947 'youhavenewmessagesmanyusers' and 'youhavenewmessages' messages.
5948 * (T341529, CVE-2023-45362) SECURITY: diff-multi-sameuser
5949 ("X intermediate revisions by the same user not shown") ignores username
5951 * (T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted XML
5952 file to Special:Upload (non-standard configuration).
5954 == MediaWiki 1.35.11 ==
5956 This is a security and maintenance release of the MediaWiki 1.35 branch.
5958 === Changes since MediaWiki 1.35.10 ===
5959 * Localisation updates.
5960 * (T333990) composer.json: Explicitly pin psr/http-message to 1.0.1.
5961 * (T335203, CVE-2023-29197) SECURITY: Upgrading guzzlehttp/psr7
5963 * (T269636) Add Access-Control-Max-Age to $wgAllowedCorsHeaders.
5964 * (T322944) Add Authorization to default $wgAllowedCorsHeaders.
5965 * (T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter.
5966 * (T297917) objectcache: avoid use of ctype_digit() in
5967 WANObjectCache::adaptiveTTL().
5968 * (T330464) Work around argument corruption bug in XMLReader::open.
5969 * (T313157) IndexPager: Also protect against $offset being 0.
5970 * (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker.
5972 == MediaWiki 1.35.10 ==
5974 This is a security and maintenance release of the MediaWiki 1.35 branch.
5976 === Changes since MediaWiki 1.35.9 ===
5977 * Localisation updates.
5978 * (T324895) MWCallbackStream: Add explicit $stream property.
5979 * Remove /images .htaccess rules that are no longer relevent.
5980 * Disable php in .htaccess of images directory as a hardening measure.
5981 * (T322583) Include missing message parameter in message.
5982 * Fix phan error when Excimer is enabled.
5983 * (T274966) tests: Make pass on php8.0.
5984 * (T323373) Parser: Fix extractSections() behavior for PHP >= 8.0.
5985 * (T326021) Add matrix: to $wgUrlProtocols.
5986 * api/en.json: api-help-datatype-expiry add missing 'may'.
5987 * (T225218) Wait until the recent changes are updated.
5988 * (T328222) Pass empty string to strlen() if schema is null for
5990 * (T317329) OutputPage: Fix undefined ['host'] in ImagePreconnect code.
5991 * (T289926) SpecialRevisionDelete: Set default of '' for wpReason.
5992 * (T155582, T328503) Fix XML dumps for content types with non-string
5994 * (T295958, T278847) MediaWiki-Docker: Switch PHP images to PHP7.4.
5995 * (T314099) revisiondelete: Replace dynamic property Status::$itemStatuses.
5996 * (T329198) ParamValidator: Improve paramvalidator-help-multi-max message.
5997 * (T292348) WikiImporter: do not fail if upload entry in dump lacks 'text'
5999 * (T329484) API: Fix query+allimages user parameter description.
6000 * (T330529) SpecialEditTags: Set default of '' for wpReason.
6001 * (T330526) htmlform: Handle null from HTMLFormField::getDefault in
6003 * (T285159, CVE-2023-29141) SECURITY: Do not apply autoblocks to untrusted
6006 == MediaWiki 1.35.9 ==
6008 This is a security and maintenance release of the MediaWiki 1.35 branch.
6010 === Changes since MediaWiki 1.35.8 ===
6011 * Localisation updates.
6012 * (T319000) WebInstaller: Don't try and run trim() on null.
6013 * (T320864) When calling mail(), use an array for headers.
6014 * (T311567) In ManualLogEntry, cast the comment to string.
6015 * (T323082) Upgrading wikimedia/xmp-reader (0.7.0 => 0.8.5).
6016 * Language: Handle ronna and quetta.
6017 * (T304515) LCStoreStaticArray: atomically replace the cache file.
6018 * (T324890, T324891, T324901) Parser: Allow dynamic properties on PHP 8.2.
6019 * (T322637) SECURITY: sqlite should not create DB file world-readable.
6021 == MediaWiki 1.35.8 ==
6023 This is a security and maintenance release of the MediaWiki 1.35 branch.
6025 === Changes since MediaWiki 1.35.7 ===
6026 * Localisation updates.
6027 * (T311568) UploadBase::setTempFile() handle $tempPath being passed as null.
6028 * (T311559) SpecialListFiles: user parameter isn't always present.
6029 * (T311561) ImageListPager: Don't call htmlspecialchars() on null.
6030 * (T311920) SpecialBlockList: Prevent passing null to trim().
6031 * (T311921) SpecialUserrights: Don't pass null to str_replace.
6032 * (T311570) SpecialWithoutInterwiki: Don't pass null through to
6033 Title::capitalize().
6034 * (T311574, T311576) SpecialLinkSearch: Don't pass null through to the parser.
6035 * (T312519, T312520) Parser::extensionSubstitution() Don't run substr() on null.
6036 * (T287564) populateInterwiki: Include not null columns iw_api/iw_wikiid.
6037 * (T312302) SpecialRedirect: Don't pass null to explode.
6038 * RemoveInvalidEmails: Fix quoting for postgres.
6039 * (T312678) import: UploadSourceAdapter::stream_read() don't pass null to
6041 * (T312300) SpecialDiff: Don't pass null to explode().
6042 * (T312680) parser: Fix CoreParserFunctions::urlencode() null coalescence $arg.
6043 * (T289926) Handle null passed to wfShorthandToInteger() and Html::element().
6044 * (T289926) Ensure that strlen() does not get passed a (valid) null.
6045 * (T312301) SpecialDiff: Don't pass null to trim().
6046 * Hooks: Use more meaningful name for SkinAfterPortlet hook parameter.
6047 * (T289926) Ensure we don't pass null to mb_strlen.
6048 * (T312305, T311572, T311571, T311578) HtmlForm: Null coalescence in trim()
6050 * (T289926) site: Consistently return null from Site::getDomain().
6051 * (T307304, T289879) filebackend,jobqueue: Add signature for
6052 FilterIterator::accept().
6053 * (T312183) rdbms: Adapt hasOrMadeRecentPrimaryChanges test mock for PHP 8.1.
6054 * Add application/vnd.ms-opentype to MIME list.
6055 * Allow composer/installers plugin in composer.json.
6056 * (T313663) Make HandlerTestTrait compatible with php8.1.
6057 * (T313663) [php8.1] Change override of $wgResourceBasePath for CSP tests.
6058 * Change type hints for BatchRowIterator and NotRecursiveIterator for
6059 compatibility with PHP 8.1.
6060 * (T313663) [php8] Don't use strlen on potentially null string.
6061 * (T313663) [php8.1] Suppress test warning about providing null.
6062 * (T313663) Parser will use current timestamp instead of null if passed a
6063 RevisionRecord that does not have a timestamp.
6064 * (T313663) Add explicit null check for $sha in FileBackend [php8.1].
6065 * (T313663) LogFormatter: Cast argument of ctype_digit to string [php8.1].
6066 * (T289879, T289926) Get rid of warnings on PHP 8.1.
6067 * rdbms: fix some PHP 8 warnings in Database/LoadBalancer/LBFactory.
6068 * (T313663) Avoid testing strlen on null in ApiQuerySiteinfo [php 8.1 compat].
6069 * Fix a couple deprecation warnings in the installer under PHP 8.1.
6070 * (T313663) Use default timezone UTC for SpecialWatchlistTest [php 8.1].
6071 * (T314096) Migrate use of ${var}-style string interpolation.
6072 * (T313663, T313662) Make default value for optional args {{PAGESINCAT:..}} be
6074 * (T314225) SpecialCategories: Null coalescene $par.
6075 * (T314099) User: Allow dynamic properties on PHP 8.2.
6076 * (T314404) SpecialGoToInterwiki: Null coalescene $par.
6077 * (T314397) SpecialBlock: Better handle null in getTargetUserTitle.
6078 * (T314099) phpunit: Fix trivial dynamic property usages in tests.
6079 * (T314405) UploadStash: Check if us_prop is set in the fileMetadata.
6080 * (T314550) SpecialMergeHistory: Set timestamp to '' if no mergepoint.
6081 * (T314551) SpecialMergeHistory: Set defaults for target and dest parameters.
6082 * api: Add rel=nofollow to help examples.
6083 * (T314824) tests: Update parser test after i18n change.
6084 * (T263927) Add autocomplete HTML attribute to common auth form fields.
6085 * (T307613) Validate length of user email on Special:ChangeEmail/
6086 Special:CreateAccount.
6087 * (T314906, T314907) SpecialBlock: Set defaults for wpPageRestrictions and
6088 wpNamespaceRestrictions.
6089 * (T315309) ImportStreamSource::newFromURL() Prevent passing null to fwrite.
6090 * (T315892) composer.json: Pin phpunit to 8.5.28.
6091 * (T229092) MigrateActors.php: ignore duplicate creations of actors.
6092 * (T313049) Bump wikimedia/parsoid to v0.12.3.
6093 * (T317750) session: Fix broken SessionTest case due to PHPUnit dependency
6095 * (T318460) SpecialChangeEmail: Set default for returntoquery.
6096 * (T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results
6097 in an IP range check on Special:Contributions.
6098 * (T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence
6101 == MediaWiki 1.35.7 ==
6103 This is a security and maintenance release of the MediaWiki 1.35 branch.
6105 === Changes since MediaWiki 1.35.6 ===
6106 * Localisation updates.
6107 * (T289879) Type hints for ArrayAccess.
6108 * (T304783) TemplateParser: avoid warnings when called by NoLocalSettings.
6109 * Rebuilt vendor with composer 2.3.3.
6110 * (T289879) Address some deprecations for PHP 8.1.
6111 * Fix old_name in UserLogoutComplete hook.
6112 * (T286260, T307979) objectcache: normalize $exptime to a TTL in
6113 APCUBagOStuff/WinCacheBagOStuff.
6114 * MediaSearchWidget should declare an explicit dependency on mediawiki.user
6116 * (T288423) WikiImporter: Replace deprecated WikiRevision::setText.
6117 * (T309377, CVE-2022-29248, T311384, CVE-2022-27776) Updating guzzlehttp/guzzle
6119 * (T308471) SECURITY: Escape welcomeuser message passed to showSuccessPage().
6120 * (T311272) Call parent constructor of AddSite maintenance script first.
6121 * MediaWiki: Don't eagerly initialize action name.
6122 * (T289926) Avoid passing null to trim() in SkinTemplate.
6123 * (T307282) Avoid passing null to strcasecmp(), for PHP 8.1.
6124 * (T311552) ChangesListSpecialPage: Don't pass null to FormatJson::decode().
6125 * (T311569) FileBackend::isStoragePath() Handle being passed null.
6126 * (T311544) Pass int to ApiUsageException::newWithMessage()'s $httpCode param.
6127 * (T311678) SpecialEditWatchlist: Prevent passing null to strtolower().
6128 * (T281741) ChangeTags: Fix adding CSS classes for hidden tags.
6129 * (T296642) changetags: Fix management of a '0' tag.
6130 * (T311554) ChangeTags: Return early in formatSummaryRow() if $tags === null.
6131 * (T303033) Handle null in ChangeTags::modifyDisplayQuery.
6133 == MediaWiki 1.35.6 ==
6135 This is a security and maintenance release of the MediaWiki 1.35 branch.
6137 === Changes since MediaWiki 1.35.5 ===
6138 * (T298261) Fix support for Composer 2.2.
6139 * (T298283) composer.json: Add wikimedia/composer-merge-plugin to allow-plugins.
6140 * Update doctrine/dbal (3.0.0 => 3.1.5).
6141 * (T298564) MemcachedClient: Add support for IPv6.
6142 * (T297543, CVE-2022-28202) SECURITY: properly escape output used within
6143 galleries and Special:RevisionDelete.
6144 * (T268847) Suppress deprecation warnings from libxml_disable_entity_loader().
6145 * (T283275) Fix PHP 8.0 failure of WikiExporterFactoryTest.
6146 * (T274966) Upgrading wikimedia/html-formatter (1.0.2 => 2.0.1).
6147 * Fix the json schema and the extension processor for Parsoid extension modules.
6148 * (T299696) update.php: Avoid passing null to substr.
6149 * In PHP 8.1 don't throw exceptions from mysqli.
6150 * (T289926) SiteConfiguration: Don't pass null to str_replace().
6151 * (T264735) Fix deprecation warning from CURLPIPE_HTTP1.
6152 * (T260735) Stop using is_resource() where possible.
6153 * (T289879) Apply ReturnTypeWillChange to various implementations of built in
6155 * (T299312) Implement __serialize/__unserialize for PHP 8.1 support.
6156 * ExtensionRegistry: Add process cache for lazy attributes.
6157 * (T301041) ApiPageSet: Add "missing": true to missing revisions.
6158 * Allow ParsoidModules extension schema to register services.
6159 * (T297708) Allow setting max execution time to several special pages.
6160 * Upgrading wikimedia/object-factory (v2.1.0 => v2.2.0).
6161 * (T302540) composer.json: Add ext-calendar to require.
6162 * (T302540) composer.json: Add ext-simplexml to require-dev.
6163 * (T302540) composer.json: Add various PHP extensions to suggests.
6164 * Upgrading symfony/polyfill-php80 (v1.23.1 => v1.25.0).
6165 * (T303871) Add Title::getId() as an alias for ::getArticleId().
6166 * (T304008) Don't re-check "Move subpages" on Special:MovePage after a warning.
6167 * (T293576) listFiles: Display file name instead of version.
6168 * (T303560) Installer: Check correct PCRE_CONFIG_NEWLINE value.
6169 * wrapOldPasswords: add \n to two output calls.
6170 * (T304993) Make editcontentmodel a part of editpage grant.
6171 * (T297571, CVE-2022-28201) Title::newMainPage() goes into an infinite recursion
6172 loop if it points to a local interwiki.
6173 * (T297731, CVE-2022-28203) Requesting Special:NewFiles on a wiki with many file
6174 uploads with actor as a condition can result in a DoS.
6176 == MediaWiki 1.35.5 ==
6178 This is a security and maintenance release of the MediaWiki 1.35 branch.
6180 === Changes since MediaWiki 1.35.4 ===
6181 * (T290697) Add symfony/polyfill-php80.
6182 * IcuCollation: Add some more icu to unicode version mappings.
6183 * ApiBase: Annotate deprecated constants individually.
6184 * PHPVersionCheck: Mark PHP 7.4.0 - 7.4.2 as buggy.
6185 * (T293044) installer: Fix 5th param to sourceFile() in DatabaseUpdater.
6186 * (T291127) Always encode spaces in cookie values as "%20".
6187 * Use LocalFile::getHookRunner instead of LocalFile::hookRunner.
6188 * HistoryBlobStub: add getLocation() to get $mOldId.
6189 * Fix checkStorage.php.
6190 * checkStorage: pass no parameters to WikiRevision::getContent().
6191 * (T292763, CVE-2021-44854) SECURITY: Do not cache private wiki completion
6193 * (T294316) Revert "Mark ApiClientLogin/ApiLogin as requiring write mode".
6194 * (T250068) resources: Upgrade jQuery from 3.4.1 to 3.6.0.
6195 * (T250068) resources: Upgrade jquery-migrate from 3.1.0 (patched) to 3.3.2
6197 * (T294796) JobQueueRedis: Replace deprecated zSize with zCard.
6198 * (T212428, T267468) Allow populateContentTables to continue when there are
6200 * (T295191) ApiQuerySiteinfo: Fix "rightsinfo"/"url" when $wgRightsPage is
6202 * Update pear/mail_mime to 1.10.11.
6203 * Update deprecated Guzzle Psr7 function calls.
6204 * Tweak error message for missing composer dependencies.
6205 * (T296112) Allow inserting new sections named '0'.
6206 * nukeNS: don't run purgeRedundantText() after every change.
6207 * (T225888) RollbackAction: fix missing pagetitle.
6208 * (T297322, CVE-2021-44858, CVE-2021-44857) SECURITY: Fix permissions checks in
6210 * (T297574, CVE-2021-45038) SECURITY: Fix permissions check in action=rollback.
6211 * (T34716, T297416) SECURITY: Require 'read' right for most actions.
6212 * (T271037, CVE-2021-44856) SECURITY: Fix use of EditFilterMergedContent hook
6213 when changing content model.
6215 == MediaWiki 1.35.4 ==
6217 This is a security and maintenance release of the MediaWiki 1.35 branch.
6219 === Changes since MediaWiki 1.35.3 ===
6220 * (T283394) Mark ApiClientLogin/ApiLogin as requiring write mode.
6221 * (T283273) Make postgres IRC channel point to libera.chat.
6222 * (T289108) ExtensionProcessor: Remove loaderScripts from extension.json
6224 * (T281549) Installer: Fix mediawiki-announce auto subscription code.
6225 * FormatJson: Optimize encode() for supported PHP versions.
6226 * (T290398) renameRestrictions.php: Update protected_titles as well.
6227 * $wgMimeTypeBlacklist - This configuration array now prohibits the RFC 4329
6228 form of JavaScript, 'application/javascript', as well as previous MIME types.
6229 * (T51097, T290273) resourceloader: Call getStyleFiles from
6230 FileModule::getFileHashes.
6231 * (T277788) parser: Avoid calling ParserOptions::getOption() too many times.
6232 * (T285515, CVE-2021-41798) SECURITY: XSS vulnerability in Special:Search.
6233 * (T290379, CVE-2021-41799) SECURITY: ApiQueryBacklinks can cause a full
6235 * (T284419, CVE-2021-41800) SECURITY: fix PoolCounter protection of
6236 Special:Contributions.
6238 == MediaWiki 1.35.3 ==
6240 This is a security and maintenance release of the MediaWiki 1.35 branch.
6242 === Changes since MediaWiki 1.35.2 ===
6243 * (T259685) SQLite compatibility with ZeroConf VisualEditor was fixed in 1.35.2.
6244 * (T196906, T242751) Fix the test MonologSpiTest::testDefaultChannel.
6245 * (T279964) Parser: Trim trailing whitespace as the last step in pre-save
6247 * (T278026) rdbms: Add DB_PRIMARY to replace DB_MASTER.
6248 * (T252853) Update updateSearchIndex.php to 2006+ standards.
6249 * (T276945) Define a batch size in maintenance/manageJobs.php.
6250 * (T276945) Implement JobQueueDB::getAllAbandonedJobs.
6251 * (T269676) authevents: strval() variables passed to status when logging.
6252 * (T280944) $wgIncludejQueryMigrate - This setting allows the jQuery Migrate
6253 plugin to be disabled. It has been enabled by default since MediaWiki 1.27.
6254 * (T281584) apihelp-query+iwlinks-param-prop: s/interlanguage/interwiki/.
6255 * (T281635) Delete maintenance/cleanupAncientTables.php.
6256 * (T282133) RedisConnectionPool: Suppress phan issue.
6257 * (T281549) WebInstaller: Don't show the announce-l subscribe
6258 checkbox temporarily.
6259 * (T278266) Fix annoying E_NOTICE about undefined 'alt' index in
6260 Skin#makeFooterIcon.
6261 * (T264214) UserRightsProxy::addGroup has to be allowed to update the
6262 old group as well, which is used for granting interwiki rights.
6263 * (T269776, T278266) getFooterIcons should not return empty arrays.
6264 * (T274966) Skip AvroFormatterTest::testSchemaNotAvailable on PHP 8.0.
6265 * phpunit: fail on warnings.
6266 * (T283247) Freenode -> Libera per wikimedia moving from
6268 * (T243124) Make phpunit:unit accept extension*.json to populate the classes.
6269 * (T142663) Add extension.json merge strategy "provide_default".
6270 * (T283540) HookContainer: Fix normalization of callback for static handler.
6271 * (T283464) Fix array order for array_replace_recursive merge strategy.
6272 * (T247223) Optimise MessageCache::isMainCacheable() for the single-message
6274 * (T278579) Don't send headers on ob_end_clean().
6275 * (T280226, CVE-2021-35197) SECURITY: Prevent blocked users from purging
6278 == MediaWiki 1.35.2 ==
6280 This is a security and maintenance release of the MediaWiki 1.35 branch.
6282 MediaWiki 1.35.2 supports Composer 2.0. It is recommended to make sure your
6283 libraries are up to date on Composer 1.x, before running Composer 2.x.
6285 While normally running update.php isn't required for point releases,
6286 it is recommended to run it for 1.35.2 so that iwlinks.iwl_prefix is
6287 updated to take 32 characters.
6289 === Changes since MediaWiki 1.35.1 ===
6290 * (T270450) The confusingly-named User->isLoggedIn() method has been deprecated
6291 in favour of the method it wraps, User->isRegistered().
6292 * Upgrade pimple/pimple from 3.3.0 to 3.3.1 for PHP 8.0 support.
6293 * Upgrade seld/jsonlint from 1.7.1 to 1.8.3 for PHP 8.0 support.
6294 * Upgrade doctrine/dbal from 2.10.4 to 3.0.0 for PHP 8.0 support.
6295 * (T270734) Fix display of Special:Preferences URL in password reset email.
6296 * (T252774, T271441) resourceloader: Give SkinModule 'features' option an
6298 * (T271441) Unknown features shouldn't break style output.
6299 * (T264986) Make use of CURLMOPT_MAX_HOST_CONNECTIONS conditional on having
6301 * DefaultSettings.php: Update $wgPingback documentation.
6302 * Fix docs for LanguageConverter::translate.
6303 * (T272250) Don't rely on implicit string->int cast in comparison.
6304 * (T272327) Exif::isSlong: Cast input to float so PHP 8.0 abs() doesn't whine.
6305 * (T272328) UploadBase: Don't call MimeAnalyzer if mTempPath is null.
6306 * Remove nonfunctional default sampling for WANObjectCache metrics.
6307 * (T258851) Prevent service injection to LoadExtensionSchemaUpdates hook.
6308 * (T270852) Hooks: Map dash character to underscore when generating hook names.
6309 * (T271551, T270145) Fix fetching ipblock-exempt within
6310 BlockManager::getUserBlock.
6311 * PHPVersionCheck: The PHP Group only supports PHP >= 7.3.0.
6312 * (T248925) Set empty closures in DatabaseTest to fix PHP 8 tests.
6313 * (T34217) rdbms: Remove outdated MySQL 4 references and fix doc URLs.
6314 * (T248925) Special:Contributions reports negative namespace error on PHP 8.
6315 * (T248925) objectcache: Fix non-numeric string check in HashBagOStuff for
6317 * (T248925) Fix CacheTime::getCacheExpiry for PHP 8.
6318 * (T259685) Allow REST API POST handlers to opt out of mandatory SQLite locking.
6319 * (T91820, T259685) MWLBFactory: rename magic HTTP header for opting out of
6321 * (T272326) Fix DeprecationHelperTest on PHP 8.
6322 * Upgrade wikimedia/less.php from 3.0.0 to 3.1.0 for PHP 8.0 support.
6323 * (T236639) OutputPage: Make $wgDebugRedirects work again.
6324 * (T274648) registration: Allow reusing cached metadata between wikis.
6325 * CdnCacheUpdate: Send full URL instead of path to Curl for purge.
6326 * Upgrade monolog/monolog from 1.25.3 to 2.2.0 for PHP 8.0 support.
6327 * FileBackend: Do not use SOCKET_ENOENT on windows.
6328 * (T275441) ApiQueryUserInfo: Allow all uiprops to be requested at once.
6329 * (T275261) Escape wikitext in the title in invalid title error messages.
6330 * (T275242) Extend iwlinks.iwl_prefix to VARBINARY(32) on MySQL.
6331 * (T246594, T270228) PHPVersionCheck: Complain about known-bad versions above
6333 * (T275824) Upgrade wikimedia/composer-merge-plugin from 1.4.1 to 2.0.1 for
6334 Composer 2.0 support.
6335 * (T269293) Record all used options in metadata.
6336 * Allow usage of Composer 2.0 to install MediaWiki's dependencies.
6337 * (T259872) skins: Call headElement() after getTemplateData() in SkinMustache.
6338 * (T277009, CVE-2021-30158) SECURITY: Allow blocked users to access
6339 Special:ResetTokens.
6340 * (T272412) Add "Account data" section to user preferences.
6341 * (T268310) Add list of thumbnail urls to LocalFilePurgeThumbnails hook.
6342 * (T277520) registration: Allow specifying immovable namespaces in
6344 * (T275619) Maintenance::hasOption and Maintenance::getOption now behave as
6345 documented and are not altered by previous calls to these methods.
6346 * (T254688) Remove page inner join from subquery in SpecialWhatLinksHere.
6347 * (T122124) signup: added help message for security.
6348 * (T278014, CVE-2021-30154) SECURITY: Escape mediastatistics-header-* messages
6349 on Special:NewFiles.
6350 * (T278058, CVE-2021-30157) SECURITY: Escape rcfilters-filter-* messages on
6352 * (T277414) HTMLFormField: Use non namespaced class name rather than
6354 * (T268673) maintenance: Don't create SearchUpdate in rebuildtextindex.php
6355 for page_namespace below 0.
6356 * (T246594, T270228) Mark ParserOptionsTests skipped on PHP 7.4.0-7.4.8.
6357 * (T268230) Switch to new MediaWiki logo by Serhio Magpie.
6358 * (T271735) Expand config-pingback-help, link to privacy policy in
6360 * Fix documentation of user-global in $wgRateLimits.
6361 * BackupDumper: Add -o as shortcode for --output.
6362 * (T235554) Disable DEFER_SET_LENGTH_AND_FLUSH headers to avoid HTTP errors.
6363 * (T270713, CVE-2021-30152) SECURITY: Allow user to only apply protection they
6364 have right to do so via action=protect.
6365 * (T272386, CVE-2021-30159) SECURITY: Non-admin deleted enwiki page in fast
6367 * (T270988, CVE-2021-30155) SECURITY: ContentModelChange: Check that user can
6369 * (T279451, CVE-2021-30458) SECURITY: Parsoid comment fostering allows for
6370 inserting mostly arbitrary <meta> tags.
6372 == MediaWiki 1.35.1 ==
6374 This is a security and maintenance release of the MediaWiki 1.35 branch.
6376 While normally running update.php isn't required for point releases,
6377 it is recommended to run it for 1.35.1 so that sites.site_language is
6378 updated to take 35 characters.
6380 Watchlist Expiry is no longer considered experimental, but is off by default.
6381 To enable it, set $wgWatchlistExpiry = true; in your LocalSettings.php.
6383 === Changes since MediaWiki 1.35.0 ===
6384 * (T263929) purgeList.php Fix all-namespaces option to match one used in code.
6385 * (T248719) ParserCache::get - fix wfDeprecated call.
6386 * (T261430) WatchlistExpiryWidget: Move focus to expiry dropdown after hitting
6388 * Preload mediawiki.watchstar.widgets before api request.
6389 * (T261030) ApiEditPage: Show existing watchlist expiry if status is not being
6391 * (T264502) Fix PHP 8 compat with strcspn() $length parameter exceeding string.
6392 * (T248925) Remove final modifier on private function.
6393 * (T264683) Remove ipb_anon_only from ipb_address_unique index addition.
6394 * (T261415) Add days left messages to changes-lists' clock icons.
6395 * Fix order of wfDeprecated parameters in ExternalStoreDB::getSlave.
6396 * (T261260) Preload class used in HeaderCallback.
6397 * (T260868, T260009) Normalize WatchedItem expiry field.
6398 * (T264683) Remove doTable check from (Mysql|Sqlite)Updater::indexHasFields.
6399 * (T264534) ApiPageSet: Avoid infinite loop when merging redirects.
6400 * (T196906) Empty Monolog loggers are now real blackholes.
6401 * (T258649) WatchAction: avoid UPDATE when old and new watch period is
6403 * Parser: Adjust typehint to show that getTitle can return null.
6404 * (T263592) media: Fix case of FlashPixVersion in
6405 FormatMetadata::makeFormattedData().
6406 * (T265223) BaseTemplate: Guard against passing zero arg to array_merge().
6407 * (T264965) Fix base path handling for MessagePosterModule registration.
6408 * (T252183) Fix Database::getTempTableWrites for multi table DDLs.
6409 * (T182546) Fix switch/case indentation per mediawiki coding conventions.
6410 * Flip Yoda conditionals.
6411 * (T263213) Move SkinTemplate::getFooterLinks() to Skin.
6412 * build: Updating mediawiki/mediawiki-codesniffer to 33.0.0.
6413 * (T267105) Make ImageBuilder::checkMissingImage public.
6414 * Updating guzzlehttp/guzzle (6.5.4 => 6.5.5).
6415 * (T266681) Support new style hook registration on install and update.
6416 * (T266980) Fix unsetting of copyright icon in FooterIcons.
6417 * upload.js: Don't assume that warnings array will include 'code' key.
6418 * upload.js: Fix typo in upload API.
6419 * (T264333, T190988, T266903) Pass along ignorewarnings param to all
6420 individual chunks being uploaded.
6421 * (T267558) importTextFiles.php: Replace deprecated WikiRevision:setText().
6422 * (T266418) composer.json: add requirement for composer-plugin-api ^1.1.
6423 * (T261431) Add ARIA attributes to watchlink and its notification.
6424 * (T258877) Change invalid 'Content-Encoding: none' header.
6425 * Fix trailing ; in patch-sites-site_language-35.sql.
6426 * (T248852) wfAssembleUrl: Handle empty query field in URL bits.
6427 * (T268846) Updating wikimedia/testing-access-wrapper (1.0.0 => 2.0.0).
6428 * (T268887) migrateComments: Cast array keys back to string before passing
6430 * (T266619) Introduce new $wgThumbPath config.
6431 * (T269178) MemcachedClient: Cast Resource to integer.
6432 * (T263925) Use the old HookContainer to set up the post-reset services.
6433 * Change "site cache" to just "cache" in the right-purge message.
6434 * [UploadedFileStreamTest] Skip test with chmod.
6435 * (T269710) Updating composer/semver (1.5.1 => 1.7.2).
6436 * (T269710) Updating mediawiki/mediawiki-codesniffer (33.0.0 => 34.0.0).
6437 * (T260631, T260633), BotPassword::save() now returns a Status object for the
6438 result rather than a bool. The length of the bot password grants and
6439 restriction fields are now validated, and an error will be thrown if it
6440 would be truncated by the database.
6441 * (T265778) Fix English/*nix specific error messages in FSFileBackend.
6442 * (T267543) Split dropping of image.img_user_timestamp.
6443 * [FileTest] Do not assume /tmp exists on windows.
6444 * Clean up temp files correctly after unit tests.
6445 * Skip undo related phpunit tests when diff3 is missing.
6446 * (T269964) rdbms: Remove outer parentheses in insert query for Postgres.
6447 * (T263911) In MWExceptionHandler::report(), catch all throwables.
6448 * (T268894, CVE-2020-35474) SECURITY: Use Html::element in
6449 ChangeListSpecialPage for sanity.
6450 * (T268917) Use Xml::element in SpecialUserrights for sanity.
6451 * (T268938, CVE-2020-35478, CVE-2020-35479) SECURITY: Pass escaped html
6452 to LogFormatter::makePageLink for sanity.
6453 * (T268938) Fixed mixed escaping in Language::translateBlockExpiry.
6454 * (T263911) UserOptionsManager: don't differentiate anons caches.
6455 * (T261260) HeaderCallback: pre-cache request ID.
6456 * Parsoid updated to v0.12.1.
6457 * (T205908, CVE-2020-35477) SECURITY: Unable to change visibility of log
6458 entries when MediaWiki:Mainpage uses Special:MyLanguage.
6459 * (T120883, CVE-2020-35480) SECURITY: Divergent behavior for contributions
6460 and user pages of hidden users and missing users.
6461 * (T270145) Fix condition that can lead to using APCOND_BLOCKED in
6462 $wgAutopromote to cause an OOM in PHP.
6464 == MediaWiki 1.35.0 ==
6466 === Changes since MediaWiki 1.35.0-rc.3 ===
6467 * (T261258) Remove checks for ancient ImageMagick versions in BitmapHandler.
6468 * (T260232) Don't include null page ids in query list for category dumps.
6469 * (T260009) Check existing watchitem when saving action=watch.
6470 * (T259055) Correct success messages for action=watch.
6471 * mediawiki.page.ready: Simpler tablesorter/makeCollapsible call.
6472 * mediawiki.page.ready: Fix skin override config flags, wrong way round.
6473 * (T262175, T248512) Remove requirement for ApiWatchlistTrait to be in ApiBase.
6474 * (T259053, T260434) Watchlist: Fix updateWatchLink removing css class when
6476 * (T261901, T261476) mediawiki.notification: Don't close notif when clicking
6478 * (T251506) Sanitizer: Truncate IDs to a reasonable length.
6479 * (T259452) Parsoid updated to v0.12.0.
6480 * (T261970) watch.ajax: Add expiry support to watchpage.mw event.
6481 * (T262900) Fix failure of rebuildLocalisationCache.php due to ResourceLoader
6483 * (T263014) Hard deprecate File::userCan() with $user=null.
6484 * (T262547) Use localized success message after watching via action=watch.
6485 * (T201491) Fix typo 'Watchlst' in `apihelp-edit-param-watchlistexpiry`.
6486 * (T261081) Installer: consistently reset Language objects.
6487 * (T250449, T250450) Installer: consistently reset Language objects.
6488 * Explicitly wrap some XML calls in libxml_disable_entity_loader().
6489 * (T262934) Ensure dropdown label is always on its own line.
6490 * (T246855) resourceloader: Use a local HookRunner.
6491 * (T263604) Have findBadBlobs.php require Maintenance.php rather than
6493 * (T263606) Set fake time, to avoid flaky tests.
6494 * (T261325) Add FindMissingActors script.
6495 * (T262364) shell: Don't blacklist /run/firejail.
6496 * (T263655) NewPagesPager: Ignore nonexistent namespaces.
6497 * Update specialPageAliases and magicWords for Egyptian Arabic (arz).
6498 * (T261347) ParserOutput: don't throw on bad editsection.
6499 * (T232568, CVE-2020-25813) SpecialUserrights: If a viewer lacks `hideuser`,
6500 ignore hidden users.
6501 * (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on
6502 Special:Contributions.
6503 * (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within
6505 * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking
6506 firejail's --output functionality.
6507 * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and
6509 * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in
6510 mw.message( ... ).parse().
6511 * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct
6513 * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used.
6514 * Add Finnish special page aliases.
6515 * Fix GuzzleHttpRequest request headers.
6516 * Fix description for pruneFileCache.php.
6517 * emptyUserGroup.php: handle more than 5000 users.
6518 * Make ApiSandbox copyable URL absolute.
6519 * (T261087) Add a link from a deleted page to that page's logs.
6521 == MediaWiki 1.35.0-rc.3 ==
6523 === Changes since MediaWiki 1.35.0-rc.2 ===
6524 * (T258662) mediawiki.visibleTimeout: Update the nextVisibleTimeoutId value.
6525 * Ensure Parsoid doesn't throw when <ref> is used w/o Cite installed.
6526 * Remove maintenance/createCommonPasswordCdb.php.
6527 * (T260468) Increase "sites.site_global_key" to varbinary(64).
6528 * (T183759) Fix shell edge-cases in Windows.
6529 * (T257879) Drop PHP 7.2 support; require 7.3.19.
6530 * (T251661, CVE-2020-25827) SECURITY: User::pingLimiter: add user-global
6532 * (T246991) User: enforce pingLimiter() expiry time.
6533 * (T256831) Rest: Handle Uri constructor exception.
6534 * (T259094) Fix RequestFromGlobalsTest failing in Travis CI.
6535 * (T256831, T261344) Rest: Use try/catch to handle URIs with embedded colon.
6537 == MediaWiki 1.35.0-rc.2 ==
6539 === Changes since MediaWiki 1.35.0-rc.1 ===
6540 * (T259693) uuid: Fix filenames on Windows.
6541 * Remove Gruntfile.js and package-lock.json from the tarball.
6542 * firejail: Strengthen by copying from Wikimedia's profile.
6543 * (T260059) ResourceLoaderOOUIImageModule: loadOOUIDefinition() may return
6545 * (T30162, T245387) The installer supports using a Postgres server running
6546 on a custom port other than 5432.
6547 * (T260201) Support private wikis in Parsoid zero configuration mode.
6548 * Fix bad use of `|=` PHP bit operation where `= … ||` bool is intended.
6549 * (T259212) SpecialBlock: Show error if a block could not be inserted or found.
6550 * (T255842) UserOptionsManager: fix options reset.
6551 * (T258649) WatchAction: avoid unnecessary UPDATEs when expiry is unchanged.
6552 * (T250851) Allow skins to override mediawiki.page.ready initialisation.
6553 * (T250851) mediawiki.page.ready: Allow skins to disable search lazy load.
6554 * (T253135, T255632) Update language in watchlist expiry.
6555 * Use IPset in MWRestrictions::checkIP.
6556 * (T259564) Fix race condition on edit page.
6557 * (T260759) Hide watchlist expiry label in edit form.
6558 * mime: Fix docs of MIME_EXTENSIONS, they're arrays, not space-seperated.
6559 * (T260031) Add application/font-sfnt to MimeMap for ttf files.
6560 * (T259379) WatchedItemStore: Cache single WatchedItems with preexisting expiry.
6561 * Add a maintenance script to create bot passwords.
6562 * (T201269) Add Traditional Chinese zh-hant as fallback for Amis (ami).
6563 * Improve wfParseUrl docs.
6564 * (T251038) Add multi index fields in ImageListPager for unique paginate.
6565 * (T259916) Guard against 'Widget not found' error.
6567 == MediaWiki 1.35.0-rc.1 ==
6569 === Changes since MediaWiki 1.35.0-rc.0 ===
6570 * (T252136) Fix RecentChanges watchlist filters when WatchlistExpiry is off.
6571 * (T258662) Update time period for watchlist expiry pop-up.
6572 * (T258443) Fix expiry dropdown not getting disabled on edit page.
6573 * (T259398) Add license information for promise-polyfill.
6574 * Remove executable bit from scripts without shebang.
6575 * (T256526) Fix bold of watched items on Special:RecentChangesLinked.
6576 * (T259060) Edit page expiry dropdown should keep state after
6578 * (T259009) Translate expiry period in pop-up message for watchlist expiry.
6579 * (T258310) Add watchlist clock icon to RecentChanges.
6580 * (T259362) Permit temporary table writes on replica DB connections.
6581 * (T250214) Add UI support in Special:EditWatchlist for watchlist expiry.
6582 * (T72470) Disable wgLegacyJavaScriptGlobals by default.
6583 * (T130906) Add Edge to MediaWiki:Clearyourcache.
6584 * (T257279) Add mediawiki.ui Less variable deprecation note.
6585 * (T249521) Fixed reassignEdits.php to work with anonymous users.
6586 * (T259448) Fix Circular dependency when creating service in
6587 DBLoadBalancerFactory.
6588 * (T257259) Default to using watchlist expiry of old page when moving pages.
6590 == MediaWiki 1.35.0-rc.0 ==
6592 == Upgrading notes for 1.35 ==
6593 1.35 requires PHP 7.3.19 or above (up from 7.2.9). (T257879)
6595 1.35 has several database changes since 1.34, and will not work without schema
6596 updates. Note that due to changes to some very large tables like the revision
6597 table, the schema update may take quite long (minutes on a medium sized site,
6598 many hours on a large site).
6600 Don't forget to always back up your database before upgrading!
6602 MediaWiki 1.35 is the next LTS after 1.31, and will be supported for around 3
6605 MediaWiki has a lot of both soft and hard deprecations, and code removed. As
6606 always, make sure your versions of extensions match the MediaWiki version,
6607 and updates may be required to any custom extensions.
6609 See the file UPGRADE for more detailed upgrade instructions, including
6610 important information when upgrading from versions prior to 1.11.
6612 Some specific notes for MediaWiki 1.35 upgrades are below:
6613 * (T259685) When using SQLite as the database backend for MediaWiki,
6614 Zeroconf (zero-configuration) VisualEditor/Parsoid only works with
6615 MediaWiki 1.35.2 and above. It is still recommended to use
6616 MySQL/MariaDB rather than SQLite when using VisualEditor.
6618 For notes on 1.34.x and older releases, see HISTORY.
6620 === Configuration changes for system administrators in 1.35 ===
6622 * (T72470) $wgLegacyJavaScriptGlobals is now false by default. This feature
6623 will be completely removed in a later MediaWiki release.
6625 ==== New configuration ====
6626 * $wgDiffEngine — This can be used to specify the difference engine to use,
6627 rather than MediaWiki choosing the first of $wgExternalDiffEngine, wikidiff2,
6628 or php that is usable.
6629 * $wgSearchMatchRedirectPreference — This configuration setting controls whether
6630 users can set a new preference, search-match-redirect, which decides if search
6631 should redirect them to exact matches is available. By default, this is set to
6632 false, which maintains the previous behaviour without preference bloat. Change
6633 your site's default by setting $wgDefaultUserOptions['search-match-redirect'].
6634 * $wgPoolCounterConf['SpecialContributions'] — Per-user concurrency in the use
6635 of SpecialContributions can now be limited by setting this appropriately.
6636 * $wgPasswordPolicy — PasswordCannotBeSubstringInUsername is a new password
6637 policy check. Similar to the existing PasswordCannotMatchUsername check, this
6638 check ensures that a user's (case-insensitive) password cannot be a part of
6639 their username. e.g. password = MyPass, username = ThisUsersPasswordIsMyPass.
6640 * $wgLogos — This new configuration setting combines the now-deprecated $wgLogo
6641 and $wgLogoHD settings into a single, associative array. It provides support
6642 for a new key, 'wordmark', for setting a horizontal wordmark to show next to
6643 the graphical logo. To do this, set 'wordmark' to an array with 'src' set to
6644 the path of the wordmark image, and 'width' and 'height' for its dimensions
6645 in pixels. $wgLogos inherits the existing support provided by its predecessor
6646 settings: '1x' mapping to the path of the logo as a 135x135px raster image
6647 (equivalent to $wgLogo), and '1.5x', '2x', and 'svg' operating as before for
6648 $wgLogoHD. If $wgLogos is unset, $wgLogo and $wgLogoHD values are read for
6649 temporary backwards compatibility. (T232140)
6650 * $wgWatchlistExpiry — (EXPERIMENTAL) This enables the new watchlist expiry
6651 feature. The database table (watchlist_expiry) for this is created regardless
6652 of this setting, but all other aspects of the expiry feature are controlled
6653 by it. Enabling in production is discouraged for the time being. A future
6654 MediaWiki 1.35 release will advertise this feature once it is stable.
6655 * $wgWatchlistPurgeRate — This sets the chance of expired watchlist items being
6656 purged on each page edit. Only has effect if $wgWatchlistExpiry is true.
6657 * $wgWatchlistExpiryMaxDuration — This is the maximum definite relative duration
6658 for watchlist expiries. Only has effect if $wgWatchlistExpiry is true.
6659 * $wgImgAuthPath – This can be used to override the path prefix used when
6660 handling img_auth.php requests. (T235357)
6661 * $wgAllowedCorsHeaders — This is a list of headers which can be used in a
6662 cross-site API request.
6663 * $wgHTTPMaxTimeout and $wgHTTPMaxConnectTimeout — These allow site
6664 administrators to limit the timeouts used by the HTTP client libraries.
6665 This only affects callers using HttpRequestFactory and the deprecated
6666 wrappers in the Http class.
6667 * $wgCdnMaxageStale — This controls the Cache-Control s-maxage header for page
6668 views when PoolCounter lock contention indicates that a stale cache entry
6670 * $wgForceHTTPS — This makes the HTTP to HTTPS redirect be unconditional and
6671 suppresses various hacks needed to support mixed HTTP/HTTPS wikis. We
6672 recommend this be set to true on pure HTTPS wikis.
6673 * $wgCookieSameSite — This setting allows login cookies to be sent with
6674 SameSite=None. This is required for cross-site CentralAuth auto-login after
6676 * $wgUseSameSiteLegacyCookies — This adds a compatibility hack to
6677 SameSite=None cookies for browsers which implemented an incompatible draft
6678 version of the specification.
6680 ==== Changed configuration ====
6681 * $wgResourceLoaderMaxage (T235314) — This configuration array controls the
6682 max-age for HTTP caching through the Cache-Control header. It has uses the
6683 "versioned" key for urls that do have a version parameter, and the
6684 "unversioned" key for urls without a version parameter. The sub keys for
6685 "client" and "server" are no longer supported in MediaWiki 1.35.
6686 * $wgEnableOpenSearchSuggest — This boolean variable is deprecated and no longer
6687 used. The OpenSearch API is now always enabled.
6688 * $wgAuthManagerConfig and $wgAuthManagerAutoConfig — These can now use the
6689 'services' option in provider specifications.
6690 * $wgVirtualRestConfig['modules']['parsoid'] —
6691 - The defaults have been updated. If you were relying on the default values,
6692 you may need to update your configuration.
6693 - The 'URL' parameter, previously allowed for backwards-compatibility, has
6694 been deprecated. Use 'url' instead.
6695 * $wgXmlDumpSchemaVersion — Default is now set to XML_DUMP_SCHEMA_VERSION_11, so
6696 dumps use the new dump format per default. Consumers of XML dumps should not
6697 be affected if they ignore any unknown tags they encounter. Also, the format
6698 is effectively unchanged for revisions that only contain the main slot. The
6699 --schema-version option can be used with the dumpBackup.php script to set the
6700 dump format. (T238921)
6701 * $wgParserConf — This configuration is now deprecated. It has been
6702 effectively constant since 2008, and is ignored by core code.
6703 Configure the ParserFactory service in order to customize the Parser used.
6704 * $wgAutoloadAttemptLowercase — This has been deprecated, and the default value
6706 * $wgAllowImageMoving — This configuration setting is now deprecated. Instead,
6707 use $wgGroupPermissions; e.g., to revoke sysops' ability to move images use
6708 $wgGroupPermissions['sysop']['movefile'] = false.
6709 * $wgAllowImageTag — This configuration is now deprecated; future parsers will
6710 not support direct use of the HTML <img> tag in wikitext.
6711 * $wgUseTwoButtonsSearchForm — This has been deprecated. If you maintain a skin
6712 that relies on this and wishes to let system administrators change it, you
6713 should convert it to a config variable specific to your skin. If you're using
6714 it to configure your wiki, you should check individual skins to see whether
6715 they have local skin config for the feature and use that.
6716 * $wgPasswordPolicy — The deprecated policy 'PasswordCannotBePopular' has been
6717 removed. Use PasswordNotInCommonList instead which covers many more passwords.
6718 * Backwards compatibility for using an associative array
6719 (e.g. [ '127.0.0.1' => 'bad-ip' ]) for $wgProxyList has been removed. This
6720 was deprecated since 1.30. Please convert these arrays to indexed/sequential
6721 ones (e.g. [ '127.0.0.1' ]).
6722 * $wgShellRestrictionMethod — This now defaults to 'autodetect', which will
6723 enable sandboxing for shell commands using firejail, if it's installed. To
6724 disable restrictions, set it to false.
6725 * $wgLegacyJavaScriptGlobals – This deprecated setting now default to false,
6726 instead of true, ahead of its planned removal.
6728 ==== Removed configuration ====
6729 * $wgSysopEmailBans — This setting, deprecated in 1.34, was removed. To let
6730 sysops block email access, use $wgGroupPermissions['sysop']['blockemail'].
6731 * $wgDBWindowsAuthentication — This setting had no effect anymore after support
6732 for SQL Server was removed in 1.34. (T230418)
6733 * $wgProfileOnly — This setting, deprecated in 1.23, was removed. The profiler
6734 output should instead be configured via $wgProfiler['output'].
6735 * $wgProfileLimit — This setting, deprecated in 1.25, was removed.
6736 Set $wgProfiler['threshold'] instead.
6737 * $wgDebugTimestamps — This setting was removed. It affected the text output
6738 produced via $wgDebugComments, if enabled.
6739 * $wgSkipSkin — This setting, deprecated in 1.23, was removed. To disable a
6740 skin from being shown, use $wgSkipSkins.
6741 * $wgUseSquid, $wgSquidServers, $wgSquidServersNoPurge, and $wgSquidMaxage —
6742 These, deprecated in 1.34, have been removed. Use $wgUseCdn, $wgCdnServers,
6743 $wgCdnServersNoPurge, or $wgCdnMaxAge instead.
6744 * $wgDisableCounters — This, deprecated in 1.25, was removed. The feature that
6745 it controlled was already removed in 1.26, but the variable remained existent
6746 with a value of `false` for backward-compatibility.
6747 * $wgMaxGeneratedPPNodeCount — This setting was removed. It only affected
6748 Preprocessor_DOM, which was deprecated in 1.34 and removed in this release.
6749 * $wgFixArabicUnicode and $wgFixMalayalamUnicode — These, deprecated in 1.33,
6750 were removed. The fixes are now always enabled for their respective languages.
6751 * $wgAllowTitlesInSVG — This, unused and deprecated since 1.34, was removed.
6752 * $wgEnablePartialBlocks — This setting, deprecated when it was added in 1.33,
6753 was removed. Partial blocks are now always enabled.
6754 * $wgLocalInterwiki — This setting, deprecated in 1.23, has been removed.
6755 * $wgContentHandlerUseDB — This setting, deprecated in 1.34, has been removed.
6756 * $wgMultiContentRevisionSchemaMigrationStage — This setting must no longer
6757 be set locally. If the migration stage was set to anything other than
6758 SCHEMA_COMPAT_NEW locally, update.php must be run after removing the setting.
6759 Usage of the setting in code is deprecated. The setting will be removed
6761 * $wgEnableRestAPI — This setting is no longer obeyed by MediaWiki core, and
6762 should not be set set locally. Usage of the setting in code is deprecated; it
6763 is now set true by default. The setting will be removed completely in 1.36.
6764 * $wgObjectCaches — The 'slaveOnly' option for SqlBagOStuff, deprecated in 1.34,
6765 was removed. Use 'replicaOnly' instead.
6767 === New user-facing features in 1.35 ===
6768 * (T204618) Whitelisted the aria-hidden HTML attribute for all elements in
6770 * (T13456) Special:EditPage, Special:PageHistory, Special:PageInfo, and
6771 Special:Purge have been created as shortcuts for each action.
6772 Special:EditPage/Foo redirects to title=foo&action=edit, with PageHistory,
6773 PageInfo, and Purge corresponding to action= history, info, and purge
6774 respectively. When linked to, its subpage is used as the target. Otherwise,
6775 it displays a basic interface to allow the end user to specify the target
6777 * (T139221) The generated table of contents is now a navigation landmark role
6778 for assistive technologies.
6779 * (T245931) interwiki map API doesn't report foreign language if
6780 $wgInterwikiMagic=false
6781 * The form at ?action=watch has a new dropdown list to support expiry dates for
6782 watchlist items (if $wgWatchlistExpiry is true).
6784 === New developer features in 1.35 ===
6785 * A Docker based local development develpoment environment configuration is
6786 included (T238224) and DEVELOPERS.md has been added with usage documentation
6787 and links to further help.
6788 * If CSP is enabled, extensions can now add additional sources using the
6789 ContentSecurityPolicy::addDefaultSource, ::addStyleSrc and ::addScriptSrc
6790 methods (e.g. $context->getOutput()->getCSP()->addDefaultSrc( 'example.com' ))
6791 * Extensions can now specify classes and namespaces to be autoloaded by the
6792 test autoloader, by setting the "TestAutoloadNamespaces" and
6793 "TestAutoloadClasses" properties in extension.json. (T196090)
6794 * (T250977) extension.json now allows "SearchMappings" which maps the canonical
6795 name of the search engine (used in wgSearchType and wgSearchTypeAlternatives)
6796 to a specification using the ObjectFactory specification. This allows
6797 extensions to register Search Engines using namespaced classes.
6798 * Added getters for OutputPage's robot, index and follow policies;
6799 getRobotPolicy() returns the entire policy as a string in the form
6800 <index policy>,<follow policy> while getIndexPolicy() and getFollowPolicy()
6801 return their respective policies as a string.
6802 * The ResourceLoaderSiteModulePages and ResourceLoaderSiteStylesModulePages
6803 hooks were added to allow changing which wiki pages these modules contain.
6804 * The SkinFactory now allows skins to be specified as an ObjectFactory spec,
6805 allowing the construction of skins with services injected.
6806 * ContentHandlerFactory for most ContentHandler static methods. It has been
6807 added to the constructors for many classes to improve SOLID / GRASP.
6808 * FileDeleteForm's constructor now accepts a user as the second parameter.
6809 Support for not passing a user has also been hard-deprecated and will be
6811 * The ParserPreSaveTransformComplete hook was added.
6812 * The ParserBeforePreprocess hook was added.
6813 * The ResourceLoaderSkinModule class now has a "legacy" feature that loads
6814 the stylesheets previously part of the "mediawiki.legacy.shared" and
6815 "mediawiki.legacy.commonPrint" module.
6816 Those modules are now deprecated and no longer loaded by skins.
6817 For skins needing to retain these styles, you will need to load these
6818 styles via a module using the ResourceLoaderSkinModule class.
6819 See Vector and Monobook for examples.
6820 * ParserOutput now has methods addExtraCSPStyleSrc, addExtraCSPDefaultSrc
6821 addExtraCSPScriptSrc for parser tags/functions to be able to add sources
6822 to the Content Security Policy.
6823 * The HtmlCacheUpdater service was added to unify the logic of purging CDN cache
6824 and HTML file cache to simplify callers and make them more consistent.
6825 * The MultiHttpClient code will fallover to non-curl if curl_multi* is blocked.
6826 * Preferences which use HTMLTitlesMultiselectField can make use of
6827 MultiTitleFilter class for saving title text to/from article IDs in user
6829 * OutputPage::addHtmlClasses() was added to allow injecting CSS classes on
6830 to the <html> element on page load.
6831 * The SkinAddFooterLinks hook is added to allow extensions to add items to skin
6832 footers. Previously this had to be done via SkinTemplateOutputPageBeforeExec.
6833 Doing so using that hook is now hard deprecated.
6834 * A new BlockPermissionChecker service was introduced for checking
6835 block-related permissions.
6836 * The support of 'database' type of extensions has been added to allow 3d party
6837 databases like Percona be used as storage. See T226857, T253248.
6838 * Three new return parameters have been added to the
6839 EditPageGetCheckboxesDefinition hook. Handlers of this hook are no longer
6840 restricted to defining checkboxes. See the documentation of
6841 EditPage::getCheckboxesDefinition() for more details.
6842 * New flag File::RENDER_TMP was added in order to allow
6843 File::generateAndSaveThumb and File::trasform to render a thumbnail without
6844 saving it to the storage.
6846 === External library changes in 1.35 ===
6848 ==== New external libraries ====
6849 * Added wikimedia/ip-utils 1.0.0.
6850 * Added wikimedia/parsoid 0.12.3.
6851 * Added wikimedia/services 2.0.1.
6852 * Added taylorhakes/promise-polyfill v8.1.3.
6853 * Added vuejs v2.6.11.
6854 * Added vuex v3.1.3.
6855 * Added symfony/symfony/polyfill-php80 1.25.0.
6857 ===== New development-only external libraries =====
6858 * Added doctrine/dbal 3.1.5.
6859 * Added doctrine/sql-formatter 1.1.0.
6860 * Added pimple/pimple 3.3.1.
6862 ==== Changed external libraries ====
6863 * pear/mail_mime was upgraded from 1.10.2 to 1.10.11.
6864 * wikimedia/less.php was upgraded from 1.8.0 to 3.1.0.
6865 * Updated oojs from 3.0.0 to 5.0.0.
6866 * Updated OOUI from 0.35.1 to 0.39.3.
6867 * zordius/lightncandy was upgraded from 0.23.0 to 1.2.5.
6868 * Updated jQuery from v3.3.1 to v3.6.0.
6869 * Updated jQuery Migrate from v3.0.1 to v3.3.2.
6870 * Updated wikimedia/assert from 0.2.2 to 0.5.0.
6871 * Updated pear/net_smtp from 1.8.1 from to 1.9.1.
6872 * Updated psr/log from 1.0.2 to 1.1.3.
6873 * Updated jquery.i18n from 1.0.5 to 1.0.7.
6874 * Updated guzzlehttp/guzzle from 6.3.3 to 6.5.8.
6875 * Updated wikimedia/xmp-reader from 0.6.3 to 0.8.5.
6876 Fixes error log spam with too-large XMP data, and adds support for GPano tags.
6877 * Updated wikimedia/base-convert from v2.0.0 to v2.0.1.
6878 * Updated composer/semver from 1.5.0 to 1.7.2.
6879 * Updated wikimedia/remex-html from 2.1.0 to 2.2.0.
6880 * Replaced wikimedia/password-blacklist 0.1.4 with wikimedia/common-passwords
6882 * Updated wikimedia/composer-merge-plugin from 1.4.1 to 2.0.1.
6883 * Updated wikimedia/html-formatter from 1.0.2 to 2.0.1.
6884 * Updated wikimedia/object-factory from 2.1.0 to 2.2.0.
6886 ===== Changed development-only external libraries =====
6887 * Updated symfony/yaml from 3.4.28 to 5.0.5.
6888 * Updated nikic/php-parser from 3.1.5 to 4.4.0.
6889 * Updated php-parallel-lint/php-console-highlighter from v0.3.2 to v0.5.
6890 * Updated php-parallel-lint/php-parallel-lint from v0.9.2 to v1.2.0.
6891 * Updated psy/psysh from 0.9.9 to 0.10.4.
6892 * Updated monolog/monolog from 1.24.0 to 2.2.0.
6893 * Upgrade mediawiki-codesniffer from 28.0.0 to 38.0.0.
6894 * Updated composer/spdx-licenses from 1.5.1 to 1.5.3.
6895 * Updated monolog/monolog from 1.25.2 to 1.25.3.
6896 * Updated qunit from 2.9.1 to 2.10.0.
6897 * Updating wikimedia/testing-access-wrapper from 1.0.0 to 2.0.0.
6898 * Updated seld/jsonlint from 1.7.1 to 1.8.3.
6900 ==== Removed external libraries ====
6901 * phpunit/php-invoker (dev-only).
6902 Removing this unbreaks development on Windows systems, in exchange for losing
6903 time limits in running unit tests.
6904 * The jquery.getAttrs module was removed.
6906 === Action API changes in 1.35 ===
6907 * The 'suggest' parameter of action=opensearch has been deprecated.
6908 The API behaves the same with and without this parameter.
6909 It was previously used by $wgEnableOpenSearchSuggest to partially
6910 disable the API if set to false. Specifically, it would deny internal
6911 frontend requests carrying this parameter, whilst accepting other requests.
6912 * Integer-type parameters are now validated for syntax rather than being
6913 interpreted in surprising ways. For example, the following will now return a
6915 - "1.9" (formerly interpreted as "1")
6916 - " 1" (formerly interpreted as "1")
6917 - "1e1" (formerly interpreted as "1" or "10", depending on the PHP version)
6918 - "1foobar" (formerly interpreted as "1")
6919 - "foobar" (formerly intepreted as "0")
6920 parameters. Ranges should be assumed to be enforced.
6921 * Many user-type parameters now accept a user ID, formatted like "#12345".
6922 * The 'assert' parameter used by all API modules now supports the value 'anon'.
6923 When specified, the API will return the 'assertanonfailed' error if the user
6925 * action=edit now supports the 'baserevid' parameter for edit conflict
6926 detection, as an alternative to 'basetimestamp'. Note that self-conflicts
6927 will continue to be ignored if 'basetimestamp' is set, but not if only
6929 * A new module was added to change the content model of existing pages.
6930 Use action=changecontentmodel. Unlike Special:ChangeContentModel, the api
6931 module does not work for pages that do not already exist.
6932 * If $wgWatchlistExpiry is true, the following API changes are made:
6933 - action=watch accepts a new 'expiry' parameter analagous to the expiry
6934 accepted by action=userrights, action=block, etc., except it must be no
6935 greater than $wgWatchlistExpiryMaxDuration, or an infinity value.
6936 - action=query&list=watchlistraw returns pages' watchlist expiry dates.
6937 * (T249526) action=login will now return Failed rather than NeedToken on
6940 === Action API internal changes in 1.35 ===
6941 * The Action API now uses the Wikimedia\ParamValidator library for parameter
6942 validation, which brings some new features and changes. For the most part
6943 existing module code should work as it did before, but see subsequent notes
6945 - The values for all ApiBase PARAM_* constants have changed. Code should have
6946 been using the constants rather than hard-coding the values.
6947 - Several ApiBase PARAM_* constants have been deprecated, see the in-class
6948 documentation for details. Use the equivalent ParamValidator constants
6950 - The value returned for 'upload'-type parameters has changed from
6951 WebRequestUpload to Psr\Http\Message\UploadedFileInterface.
6952 * Validation of 'user'-type parameters is more flexible. PARAM constants exist
6953 to specify the type of "user" allowed and to request UserIdentity objects
6954 rather than name strings. The default is to accept all types (name, IP,
6955 range, and interwiki) that were formerly accepted.
6956 * Maximum limits are no longer ignored in "internal mode".
6957 * The $paramName to ApiBase::handleParamNormalization() should now include the
6959 * (T245931) meta=siteinfo&siprop=interwikimap no longer reports language or
6960 extralanglink when $wgInterwikiMagic is false.
6962 === Languages updated in 1.35 ===
6963 MediaWiki supports over 350 languages. Many localisations are updated regularly.
6964 Below only new and removed languages are listed, as well as changes to languages
6965 because of Phabricator reports.
6967 * The default targets for the ISBN search from Special:BookSources in English
6968 have been updated for better international suppport. They will now be
6969 BetterWorldBooks.com, OpenLibrary.org and Worldcat.org.
6970 * (T237672) Changed the Moroccan Arabic language (ary) to the Arabic script.
6971 * (T201269) Added language support for Amis (ami).
6972 * (T248299) Added language support for Inari Sami (smn).
6973 * (T251369) Added language support for Ladin (lld).
6974 * (T251369) Added language support for Seediq (trv), also known as Taroko.
6975 * (T254854) Added language support for Southern Altay (alt).
6977 === Breaking changes in 1.35 ===
6978 * MediaWiki no longer supports PHP 7.2; use PHP 7.3.19+ (T228346, T257879).
6979 * ResourceLoader::getLessVars(), deprecated in 1.32, was removed.
6980 Use ResourceLoaderModule::getLessVars() instead.
6981 * The jquery.tabIndex module, deprecated in 1.34, has been removed.
6982 * The mediawiki.RegExp module alias, deprecated in 1.34, was removed.
6983 Use the mediawiki.util module instead.
6984 * The easy-deflate.inflate module, unused since 1.32, was removed.
6985 * The easy-deflate.deflate module was removed. Use the mediawiki.deflate
6987 * The mediawiki.notify module was removed. The mw.notify() shortcut is now
6988 available by default, without any dependency.
6989 * (T219604) The "jquery.ui.*" and "jquery.effects.*" module aliases,
6990 deprecated in 1.34, have been removed. Use "jquery.ui" instead.
6991 * (T235457) The "user.tokens" module has been removed.
6992 Use "user.options" instead.
6993 * (T251855) The mw.Map#exists method in JavaScript no longer supports checking
6994 multiple keys. This affects mw.config.exists() and mw.user.tokens.exists().
6995 * The internal variable $constructorOptions for the Parser & SpecialPageFactory,
6996 exposed only for integration purposes, are now each replaced by a const called
6997 CONSTRUCTOR_OPTIONS. This was a breaking change made without deprecation.
6998 * ObjectCache::getWANInstance, deprecated in 1.34, was removed.
6999 Use MediaWikiServices::getMainWANObjectCache instead.
7000 * ObjectCache::newWANCacheFromParams, deprecated in 1.34, was removed.
7001 Construct WANObjectCache directly instead, or use MediaWikiServices.
7002 * (T231366) The ProfilerOutputDb class and profileinfo.php entry point,
7003 deprecated in 1.34, was removed.
7004 * SiteConfiguration->localVHosts, deprecated in 1.25, was removed.
7005 Use $wgLocalVirtualHosts instead.
7006 * The $wgContLanguageCode read-only variable was removed.
7007 It has been a non-configurable copy of $wgLanguageCode since MW 1.8 (2006).
7008 Use $wgLanguageCode directly instead.
7009 * ApiQueryUserInfo::getBlockInfo, deprecated in 1.34, was removed. Use
7010 ApiBlockInfoTrait::getBlockDetails instead.
7011 * Password::equals(), deprecated in 1.33, was removed. Use Password::verify().
7012 * QuickTemplate::setRef(), deprecated in 1.31, was removed. Use set().
7013 * The mediawiki.ui.text module, deprecated in 1.28 and unused, was removed.
7014 * AbstractBlock::mReason, deprecated in 1.34, is no longer public.
7015 * The GetBlockedStatus and UserIsHidden, deprecated in 1.34, has been removed.
7016 Instead, use the GetUserBlock hook.
7017 * As part of work to replace the Parser, a large number of breaking changes have
7018 been made, principally in related methods and properties being removed or made
7020 - disableCache(), deprecated in 1.28.
7021 - serializeHalfParsedText() and the helpers unserializeHalfParsedText(),
7022 isValidHalfParsedText(), and StripState::getSubState() and
7023 StripState::merge(), all deprecated in 1.31. The helper functions
7024 LinkHolderArray::mergeForeign() and LinkHolderArray::getSubArray()
7026 - getConverterLanguage(), deprecated in 1.32. Use getTargetLanguage() instead.
7027 - A large set of methods exposed only for historical reasons, deprecated in
7028 1.34, have now been removed or made private:
7029 - areSubpagesAllowed()
7033 - doDoubleUnderscore()
7038 - getVariableValue()
7039 - initialiseVariables()
7040 - makeKnownLinkHolder()
7041 - maybeDoSubpageLink()
7042 - parseLinkParameter()
7043 - replaceExternalLinks()
7044 - replaceInternalLinks()
7045 - replaceInternalLinks2()
7046 - replaceLinkHoldersText().
7052 - incrementIncludeSize(), setTransparentTagHook(), replaceTransparentTags(),
7053 and $mTransparentTagHooks have been removed without deprecation.
7054 - The following constants have been made private without deprecation:
7058 - The following properties have been removed without deprecation:
7059 - ::$mDefaultStripList
7062 - The following properties have been made private without deprecation:
7063 - ::$mFunctionSynonyms
7064 - ::$mFunctionTagHooks
7068 - ::$mImageParamsMagicArray
7071 - ::$mConf (deprecated in 1.34)
7072 - ::$mExtLinkBracketedRegex
7078 - ::$mForceTocPosition
7081 - ::$mLangLinkLanguages
7082 - ::$currentRevisionCache
7085 - Parser::getTitle() will now throw a TypeError if $mTitle is uninitialized.
7086 This use pattern was deprecated in 1.34.
7087 - ContentHandler::makeParserOptions(), deprecated in 1.32, was removed. Use
7088 WikiPage::makeParserOptions() or ParserOptions::newCanonical() instead.
7089 - The ParserAfterUnstrip hook, believed to be unused, was removed without
7091 - Preprocessor_DOM and related classes, deprecated in 1.34, have been removed.
7092 Consequently, the related ParserOptions::getMaxGeneratedPPNodeCount() and
7093 ::setMaxGeneratedPPNodeCount() have been removed without deprecation.
7094 - The support for the old signature for ParserFactory::__construct, which was
7095 deprecated in 1.34, has been removed.
7096 - Parser::getDefaultPreprocessorClass(), deprecated in 1.34, has been removed.
7097 * MediaWikiTestCase::prepareServices(), deprecated in 1.32, has been removed
7098 * The method ContentHandler::getSlotDiffRendererInternal is replaced with
7099 ContentHandler::getSlotDiffRendererWithOptions. This breaks consumers which
7100 call parent::getSlotDiffRendererInternal (no instances of which are known).
7101 * TextContent::getHighlightHtml, deprecated since 1.24, has been removed. Use
7102 TextContent::getHtml instead.
7103 * ExtensionRegistry::load(), deprecated in 1.34, was removed. Instead, use
7104 ExtensionRegistry::queue().
7105 * MWMessagePack class, deprecated in 1.34, was removed.
7106 * The cdb.php maintenance script was removed. Use the 'cdb' command from the
7107 wikimedia/cdb library instead.
7108 * User::addNewUserLogEntryAutoCreate, deprecated in 1.27, was removed.
7109 * FileBasedSiteLookup class, deprecated in 1.33, was removed.
7110 * The wfGlobalCacheKey global function, deprecated in 1.30, was removed.
7111 * The APCBagOStuff class was removed. MediaWiki requires PHP 7.2+ (support
7112 for HHVM was dropped) and these versions of PHP only support apcu. The default
7113 "apc" entry in $wgObjectCaches now refers to APCUBagOStuff.
7114 * Database::bufferResults(), deprecated in 1.34, has been removed.
7115 * CannotReplaceActiveServiceException, ContainerDisabledException,
7116 DestructibleService, NoSuchServiceException, SalvageableService,
7117 ServiceAlreadyDefinedException, ServiceContainer and ServiceDisabledException
7118 in the global namespace, deprecated in 1.33, were removed. Use the classes in
7119 the MediaWiki\\Services namespace instead.
7120 * The following methods in the Interwiki class were removed: ::fetch(),
7121 ::isValidInterwiki(), ::invalidateCache(), and ::getAllPrefixes().
7122 * The UsersMultiselectWidget config 'allowArbitrary' is now false by default. To
7123 accept arbitrary entries, pass in true for this config.
7124 * OutputPage::parse() and OutputPage::parseInline(), deprecated in 1.32, have
7125 been removed. Use ::parseAsContent() or ::parseAsInterface(), as
7127 * WikiPage::selectFields, deprecated in 1.31, was removed. Use ::getQueryInfo.
7128 * The remaining static methods for MagicWord, deprecated in 1.32, were removed.
7129 These were MagicWord::get(), ::getSubstIDs(), ::getDoubleUnderscoreArray(),
7130 ::getVariableIDs(), and ::getCacheTTL(). Instead, use MagicWordFactory (via
7132 * ApiBase::checkTitleUserPermissions no longer accepts a User as the third
7133 parameter. Passing a user was deprecated in 1.33.
7134 * Sanitizer::setupAttributeWhitelist() and Sanitizer::attributeWhitelist(),
7135 deprecated in 1.34, have been removed. They should not have been public.
7136 * Passing a sequential array as the second parameter to
7137 Sanitizer::validateAttributes() has been deprecated; use an associative
7138 array where keys are the allowed attributes.
7139 * The $warnCallback parameter to Sanitizer::removeHTMLtags, deprecated since
7140 its introduction in 1.28, has been removed.
7141 * SpecialRecentChanges::filterByCategories(), deprecated in 1.31, was removed.
7142 * The `ArticleContentViewCustom` hook, deprecated in 1.32, was removed.
7143 * AuthManager::callLegacyAuthPlugin, deprecated in 1.33, was removed.
7144 * wfGetMessageCacheStorage was removed without deprecation.
7145 * Title::moveSubpages, deprecated in 1.34, was removed. Use the MovePage class
7146 and MovePage::moveSubpages instead.
7147 * Article::doEditContent, deprecated in 1.29, was removed. Instead, use
7148 WikiPage::doEditContent.
7149 * CommentStore::newKey, deprecated in 1.31, was removed.
7150 * EditPage::$hookError was changed from public to private.
7151 * Title::isValidMoveOperation, ::moveTo, and ::isValidMoveTarget, deprecated
7152 in 1.25, were removed. Use the MovePage class and its methods instead.
7153 * Title::getUserCaseDBKey(), deprecated in 1.33, was removed. Use ::getDBkey().
7154 * StringUtils::explodeMarkup() was removed without deprecation.
7155 * AjaxResponse methods that were unused have been removed without deprecation:
7161 * ApiDelete::delete and ::deleteFile, both of which were protected methods,
7162 have been made private to allow a signature change.
7163 * HistoryPager::revLink, ::curLink, ::lastLink, and ::diffButtons, which had
7164 no visibilities defined, have been made private to allow signature changes.
7165 * SpecialNewpages::revisionFromRcResult, which previously was protected, has
7166 been made private to allow a signature change.
7167 * DifferenceEngine::$mOldRev and $mNewRev, deprecated for public access in
7168 1.32, have been removed.
7169 * DifferenceEngine::revisionDeleteLink, which was previosuly protected, has
7170 been made private to allow a signature change.
7171 * DifferenceEngine::getParserOutput, which is protected, has had a breaking
7172 signature change: the second parameter must be a RevisionRecord object,
7173 rather than a Revision object.
7174 * WikiPage::setLastEdit, which was previously protected, has been made
7175 private to allow a signature change.
7176 * Skin::getSkinNameMessages() deprecated in 1.34, has been removed.
7177 * Skin::escapeSearchLink() deprecated in 1.34, has been removed, use
7178 Skin::getSearchLink() instead.
7179 * Skin::shouldPreloadLogo() deprecated in 1.32, has been removed.
7180 * Revision::loadFromId and RevisionStore::loadRevisionFromId have been
7182 * OutputPage::parserOptions doesn't accept an $options parameter anymore.
7183 * MessageCache::getParserOptions previously did not have a visibility set.
7184 It has been made private.
7185 * SpecialUndelete::showDiff previously did not have a visibilty set. It
7186 hav been made private to allow a signature change.
7187 * The Skin no longer loads the "mediawiki.legacy.shared" or
7188 "mediawiki.legacy.commonPrint" modules. The legacy shared styles must now
7189 be loaded by the skin explicitly, either inherited via the
7190 "mediawiki.skinning.*" modules, or by making your skin's main styles
7191 module use the ResourceLoaderSkinModule class with the "legacy" attribute.
7192 See Vector and Monobook for examples.
7193 * Passing an ApiMain to the constructor of ApiResult is no longer supported.
7194 This was deprecated in 1.25.
7195 * ResourceLoaderWikiModule::invalidateModuleCache has been declared to
7196 be @internal as part of a signature change. No known uses exist outside
7198 * The ArticleAfterFetchContentObject hook, deprecated in 1.32, was removed.
7199 Use ArticleRevisionViewCustom to control output.
7200 * DatabaseBlock::isValid, deprecated in 1.33, was removed.
7201 * HTMLUserTextField and HTMLUsersMultiselectField previously implied
7202 required=true when exists=true. Form fields that use exists=true should also
7203 set required=true if they are required.
7204 * In DatabaseUpdater, the following methods are no longer public: dropTable(),
7205 modifyTable(), modifyField(), runMaintenance(), copyFile(), appendLine().
7206 In PostgresUpdater, the following methods are no longer public:
7207 addPgEnumValue(), addPgIndex(), addPgExtIndex(). This change was made without
7208 deprecation due to immediate danger of data corruption and loss, see T157651.
7209 Extensions should instead use dropExtensionTable(),
7210 modifyExtensionExtensionTable(), modifyExtensionField(), addExtensionUpdate().
7211 The addExtensionUpdate() method can still be used to access any of the
7212 protected methods on DatabaseUpdater.
7213 * ResourceLoader no longer provides the (always-true) variables for wgEnableAPI
7214 and wgEnableWriteAPI; they were deprecated in MediaWiki 1.31 and removed from
7215 the PHP environment in MediaWiki 1.32.
7216 * The wfSetupSession global function, deprecated in 1.27, was removed. Use the
7217 persist() method of the right MediaWiki\Session\SessionManager object instead.
7218 * The wfIsHHVM global function, deprecated in 1.34, was removed.
7219 * GenderCache::doTitlesArray no longer accepts string values in its $titles
7220 array parameter. Use Title objects (or other LinkTarget) instead.
7221 * Unused CommentStore::MAX_COMMENT_LENGTH has been removed.
7222 * User::checkTemporaryPassword() and User::checkPassword(), deprecated in 1.27,
7223 were removed. Use AuthManager instead.
7224 * All constants and class functions now have explicit visibility modifiers. This
7225 means, per [[mw:Stable interface policy]], that these should now be considered
7226 stable. This also helps MW align with PSR 2 and PSR 12. This was done based on
7227 audits of the corpus of skins and extensions hosted in Gerrit. If you find any
7228 that you need to be less restrictive (i.e. public or protected), please report
7229 these so that we can re-evaluate or suggest workarounds.
7230 * BaseTemplate::msgWiki(), deprecated in 1.33, was removed. Use ->msg() or
7232 * QuickTemplate::msgWiki(), deprecated in 1.33, was removed. Use ->msg()
7234 * WebInstaller::getErrorBox() and ::getWarningBox(), deprecated in 1.34,
7235 were removed. Use Html::errorBox() or ::warningBox() instead.
7236 * SpecialVersion::getExtensionCredits() and SpecialVersion::getSkinCredits()
7237 have become private without deprecation.
7238 * As part of the migration to a new hook system (T240307), the following classes
7239 now require an additional HookContainer constructor parameter:
7243 - ClassicInterwikiLookup
7244 - ContentHandlerFactory
7245 - ContentSecurityPolicy
7246 - DefaultOptionsManager
7247 - DerivedPageDataUpdater
7248 - FullSearchResultWidget
7253 - LinkRendererFactory
7259 - PageHandlerFactory
7264 - RevisionStoreFactory
7266 - SearchEngineConfig
7267 - SearchEngineFactory
7271 - SpecialPageFactory
7273 - UserOptionsManager
7274 - WatchedItemQueryService
7276 * The following classes now require setHookContainer() to be called after
7278 - AuthenticationProvider
7279 - ResourceLoaderModule
7281 * The parameters to ChronologyProtector::getTouched() and
7282 ILBFactory::getChronologyProtectorTouched() were changed without backwards
7284 * The deprecated $blacklist parameter to wfIsBadImage() has been removed.
7285 * SpecialBlock::checkUnblockSelf no longer accepts an integer representing
7286 an user ID as part of ongoing refactoring of SpecialBlock class.
7287 * User::setInternalPassword() and User::setPassword(), deprecated in 1.27, have
7288 been removed. Use User::changeAuthenticationData() instead.
7289 * User::selectFields(), deprecated in 1.31, has been removed. Use
7290 User::getQueryInfo() instead.
7291 * The "legacy" serialization type in RESTBagOStuff, deprecated in 1.34,
7293 * The populateContentModel.php maintenance script was removed. It has
7294 been replaced by the populateContentTables.php script.
7295 * The findHooks.php maintenance script, for the old hooks system, was removed.
7296 * (T257278) Calling MediaWiki\Shell\Command::restrict() will now overwrite
7297 any previous restrictions rather than adding to them, making it possible to
7298 disable the default restrictions.
7300 === Deprecations in 1.35 ===
7301 * The PHPUnit4And6Compat class, used to provide compatibility with PHPUnit 4, is
7302 now deprecated. MediaWiki support for PHPUnit 4 ended with the removal of HHVM
7304 * LockManagerGroup::getDefault() and LockManagerGroup::getAny() are deprecated.
7305 They seem to be unused. Just use get() directly, and catch any exception.
7306 * AbstractBlock::getPermissionsError and AbstractBlock::getBlockErrorParams are
7307 deprecated. Use BlockErrorFormatter::getMessage instead.
7308 * The IP class is deprecated. Please instead use the Wikimedia\IPUtils class
7309 from the new wikimedia/ip-utils library instead. Additionally, the RE_IP_*
7310 constants are also deprecated. RE_IP_BYTE can be replaced with a class
7311 constant on the IPUtils class, while the others will eventually be made
7313 * The following Language methods are deprecated: getFallbackFor,
7314 getFallbacksFor, getFallbacksIncludingSiteLanguage. Use the corresponding new
7315 methods on the LanguageFallback class: getFirst, getAll, and
7316 getAllIncludingSiteLanguage.
7317 * FileJournal::factory is deprecated. Use the constructor directly instead.
7318 * AbstractBlock methods setBlocker(), getBlocker() are deprecated and will
7319 become internal implementation of DatabaseBlock.
7320 * Title::countRevisionsBetween has been deprecated and moved into RevisionStore.
7321 * FileBackendGroup::singleton() is deprecated. Use MediaWikiServices instead.
7322 * FileBackendGroup::destroySingleton() is deprecated. Test frameworks should
7323 instead reset MediaWikiServices between test runs.
7324 (MediaWikiIntegrationTestCase does this automatically.)
7325 * GenderCache::singleton(), deprecated in 1.28, is hard deprecated. Use
7326 MediaWikiServices::getGenderCache() instead.
7327 * MediaWikiIntegrationTest::setContentLang() has been deprecated. Use
7328 setMwGlobals( 'wgLanguageCode', 'xxx' ) to set a different site language
7329 code, or setService( 'ContentLanguage', $myObj ) to set a specific Language
7330 object. Service resets and $wgContLang will be handled automatically.
7331 * MediaWikiIntegrationTest::assertType() has been deprecated, as part of the
7332 work to move to PHPUnit 8; PHPUnit's assertInternalType() was deprecated, and
7333 will be removed in PHPUnit 9. MediaWikiIntegrationTest::assertTypeOrValue(),
7334 a wrapper for assertType(), has been removed immediately, without deprecation.
7335 * AbstractBlock::getReason is deprecated, since reasons are actually stored as
7336 CommentStoreComments, and getReason returns a string with no caller control
7337 over language or formatting. Instead use AbstractBlock::getReasonComment,
7338 which returns the CommentStoreComment.
7339 * The global function wfGetRusage() is deprecated and will now always call the
7340 getrusage() function without checking for its existence.
7341 * The properties User::mBlock, User::mBlockedby and User::mHideName are
7342 deprecated. Instead, use User::getBlock to get the block, then use
7343 AbstractBlock::getByName or AbstractBlock::getHideName.Use the GetUserBlock
7344 hook to set, unset or modify a block, including hiding or unhiding a user.
7345 * Directly calling the MergeHistory constructor is deprecated. Instead, use the
7346 new MergeHistoryFactory class.
7347 * Language::factory() and Language::getParentLanguage() are deprecated, and so
7348 is directly calling the Language constructor. Use the new LanguageFactory
7350 * Language::classFromCode() is deprecated. There is no reason it should be used
7351 outside the Language class itself.
7352 * Language::clearCaches() is deprecated. Instead, reset all services and set
7353 Language::$mLangObjCache = [].
7354 * The following functions from Language class are deprecated in favour of
7355 respective functions in LanguageConverter:
7357 - autoConvertToAllVariants
7364 - convertCategoryKey
7366 - getPreferredVariant
7369 - getExtraHashOptions
7370 - updateConversionTable
7371 * Language::classFromCode() is hard deprecated and should be removed in 1.36
7372 * Language::getConverter() is deprecated and should be removed in 1.36
7373 * Language::MESSAGES_FALLBACKS, Language::STRICT_FALLBACKS were deprecated.
7374 Use LanguageFallback::MESSAGES and LanguageFallback::STRICT respectively
7375 * Language::$mLangObjCache is deprecated and should be removed in 1.36. Use
7376 MediaWikiServices instead to get a LanguageFactory.
7377 * Language::getMessagesFor(), getMessageFor(), and getMessageKeysFor() are
7378 deprecated. Use LocalisationCache's getItem(), getSubitem(), and
7379 getSubitemList() methods directly.
7380 * OutputPage::getCSPNonce() is deprecated, use OutputPage::getCSP()->getNonce()
7382 * DerivedPageDataUpdater::prepareUpdate accepted as its second parameter an
7383 optional array of options. Specifying the value of the `oldrevision` key of
7384 the array to be a Revision object, rather than a RevisionRecord object, is
7385 hard deprecated. The same applies to the options parameter in
7386 WikiPage::doEditUpdates.
7387 * Skin::makeI18nUrl() and makeNSUrl() have been deprecated, no longer used.
7388 * Title::countAuthorsBetween and Title::getAuthorsBetween were hard deprecated.
7389 Use respective methods in RevisionStore instead.
7390 * Remove deprecated SkinCopyrightFooter &$forContent parameter
7391 * The following Language class static variables have been replaced with
7392 constants and deprecated: $mWeekdayMsgs, $mWeekdayAbbrevMsgs, $mMonthMsgs,
7393 $mMonthGenMsgs, $mMonthAbbrevMsgs, $mIranianCalendarMonthMsgs,
7394 $mHebrewCalendarMonthMsgs, $mHebrewCalendarMonthGenMsgs,
7395 $mHijriCalendarMonthMsgs and $durationIntervals.
7396 * As part of dropping security support for IE 6 and IE 7,
7397 WebRequest::checkUrlExtension() has been deprecated, and now always returns
7399 * The following ApiBase::PARAM_* constants have been deprecated in favor of
7400 equivalent ParamValidator constants: PARAM_DFLT, PARAM_ISMULTI, PARAM_TYPE,
7401 PARAM_MAX, PARAM_MAX2, PARAM_MIN, PARAM_ALLOW_DUPLICATES, PARAM_DEPRECATED,
7402 PARAM_REQUIRED, PARAM_SUBMODULE_MAP, PARAM_SUBMODULE_PARAM_PREFIX, PARAM_ALL,
7403 PARAM_EXTRA_NAMESPACES, PARAM_SENSITIVE, PARAM_DEPRECATED_VALUES,
7404 PARAM_ISMULTI_LIMIT1, PARAM_ISMULTI_LIMIT2, PARAM_MAX_BYTES, PARAM_MAX_CHARS.
7405 * ApiBase::explodeMultiValue() is deprecated. Use
7406 ParamValidator::explodeMultiValue() instead.
7407 * ApiBase::parseMultiValue() is deprecated. No replacement is provided;
7408 generally this sort of thing should be handled by fully validating the
7410 * ApiBase::validateLimit() and ApiBase::validateTimestamp() are deprecated.
7411 Use ApiParamValidator::validateValue() with an appropriate settings array
7413 * ContentHandler (use ContentHandlerFactory):
7418 - getAllContentFormats
7419 - protected $handler (not need anymore)
7420 - cleanupHandlersCache (not need anymore)
7421 * (T212738) The $wgVersion global is deprecated; instead, use MW_VERSION.
7422 * $wgMemc is deprecated, use MediaWikiServices::getLocalServerObjectCache()
7424 * ObjectCache::detectLocalServerCache() is deprecated, instead use
7425 MediaWikiServices::getLocalServerObjectCache() or
7426 ObjectCache::makeLocalServerCache().
7427 * ImagePage::getImageLimitsFromOptions() is deprecated. Use static function
7428 MediaFileTrait::getImageLimitsFromOptions() instead.
7429 * As part of work to replace the Parser, alongside the breaking changes listed
7430 above, a large number of deprecations changes been made, to simplify the API
7431 or because they will not be supported in replacement:
7432 - Parser::doBlockLevels() (and BlockLevelPass class has been marked @internal)
7433 - Parser::setFunctionTagHook()
7434 - Parser::attributeStripCallback()
7435 - Parser::fetchTemplate() - use Parser::fetchTemplateAndTitle() instead.
7436 - Parser::enableOOUI() - use $parser->getOutput()->enableOOUI() instead.
7437 - LinkHolderArray has been deprecated for public usage and will be
7438 internal part of parser.
7439 - The following parser-related hooks have been deprecated:
7440 - InternalParseBeforeSanitize
7441 Use an alternative hook which doesn't expose internal half-parsed state,
7442 like ParserBeforeInternalParse or ParserAfterTidy
7443 - ParserFetchTemplate
7444 Use BeforeParserFetchTemplateAndTitle
7445 - ParserSectionCreate
7446 No replacement; <section> tag wrapping will be done by core in future.
7447 - BeforeParserrenderImageGallery
7448 No replacement; MediaHandler provides for customizable media rendering
7450 Use ParserAfterTidy instead to avoid exposing internal half-parsed state
7452 No replacement; stripping is no longer supported.
7454 No replacement; stripping is no longer supported.
7455 - The accessor/mutator methods Parser::Options(), Parser::OutputType(), and
7456 Parser::Title() have been deprecated; use the appropriate Parser::get* or
7457 Parser::set* methods instead.
7458 - Parser::firstCallInit() has been deprecated. The parser is initialized
7459 fully on construction and so ::firstCallInit() no longer has any effect
7460 when manually invoked.
7461 - ParserOptions::setAllowExternalImages(), ::setAllowExternalImagesFrom(),
7462 and ::setEnableImageWhitelist() have been deprecated. Future parsers
7463 will not allow per-parser configuration of image filtering; use
7464 site configuration instead.
7465 - ParserOptions::getTidy() and ParserOptions::setTidy() have been deprecated.
7466 These options no longer have any effect.
7467 - Most methods of MWTidy, except for MWTidy::tidy(), have been deprecated;
7468 tidiness is always enabled and not configurable.
7469 - Version 1 of the parserTests file format has been deprecated. You'll need to
7470 update your parser tests to version 2, which uses Remex tidy on all test
7471 output by default. Support for parser tests with Remex tidy off will later
7472 be removed entirely.
7473 - $wgParser — This global variable, soft deprecated in 1.32, has now been hard
7474 deprecated. Use MediaWikiServices::getInstance()->getParser() instead.
7476 * The signature of DefaultPreferencesFactory::__construct has been changed:
7477 - LanguageConverter $languageConverter has been added.
7478 and its usage with old arguments is hard deprecated.
7479 * The public usage of the following properties of LanguageConverter have been
7480 deprecated as there is no reason they should be used outside the
7481 LanguageConverter class and will be changed from public to private:
7489 - mVarSeparatorPattern
7490 changed from public to protected:
7492 * The ArticleEditUpdatesDeleteFromRecentchanges hook has been deprecated. Please
7493 use the RecentChange_save hook or similar instead.
7494 * The ArticleEditUpdates hook has been deprecated. Please
7495 use the RevisionDataUpdates hook or similar instead.
7496 * The SkinTemplatePreventOtherActiveTabs and SkinTemplateTabAction hooks have
7497 been hard deprecated. Please use the SkinTemplateNavigation__Universal hook
7499 * ResourceLoaderFileModule::compileLessFile() has been deprecated, use
7500 ResourceLoaderFileModule::compileLessString() instead
7501 * The SquidPurgeClient and SquidPurgeClientPool classes have been deprecated.
7502 Use MultiHttpClient or HtmlCacheUpdater instead.
7503 * MimeAnalyzer::getExtensionsForType() and ::getTypesForExtensions() were
7504 deprecated in favor of MimeAnalyzer::getExtensionsFromMimeType() and
7505 ::getMimeTypesFromExtension(), respectively. The new methods return arrays
7506 rather than strings.
7507 * Calling Action::factory and Action constructor with WikiPage has been
7508 hard deprecated. Caller must provide an Article instance.
7509 * ApiTestCase::doLogin, soft deprecated in 1.31, was hard deprecated.
7510 * WebRequest::getLimitOffset is hard deprecated. Instead, use
7511 ::getLimitOffsetForUser and pass a User object.
7512 * PageArchive::getPreviousRevision is hard deprecated. Instead, use the new
7513 ::getPreviousRevisionRecord method.
7514 * PageArchive::getArchivedRevision is hard deprecated. Instead, use the new
7515 ::getArchivedRevisionRecord method.
7516 * PageArchive::undelete is hard deprecated. Instead, use ::undeleteAsUser
7517 and pass a User object.
7518 * PageArchive::getRevision is hard deprecated.
7519 * EditPage::getBaseRevision was hard deprecated. Instead, use the new
7520 ::getExpectedParentRevision method.
7521 * The public variable EditPage::$mBaseRevision was hard deprecated.
7522 * FileDeleteForm previously did not accept a user parameter in its constructor,
7523 instead relying on the global $wgUser. A user parameter has been added,
7524 and //not// providing a user is deprecated. There are no known callers
7525 outside of mediawiki core.
7526 * AuthManager::singleton() has been deprecated. Use
7527 MediaWikiServices::getInstance()->getAuthManager() instead.
7528 * ContribsPager::tryToCreateValidRevision is hard deprecated. Instead, use
7529 ContribsPager::tryCreatingRevisionRecord.
7530 * The following functions all accept an optional user parameter. Not passing a
7531 user is hard deprecated, and support for calling them without passing a user
7532 will be removed in 1.36:
7533 - Title::getNotificationTimestamp (note however that the method is deprecated
7534 in its entirely in favor of the new WatchlistNotificationManager service)
7536 - LogEventsList::userCan
7537 - LogEventsList::userCanBitfield
7538 - LogEventsList::userCanViewLogType
7540 - FileDeleteForm::doDelete
7541 - OldLocalFile::userCan
7542 - ArchivedFile::userCan
7544 * The following functions all accept an optional audience parameter and
7545 an optional user parameter. If the audience is FOR_THIS_USER and no
7546 user is passed, they fallback to $wgUser. Not passing a user when
7547 one is needed is deprecated
7548 - LogEventsList::getExcludeClause
7549 - WikiPage::getComment
7550 - WikiPage::getCreator
7552 - WikiPage::getUserText
7553 * UploadBase::checkWarnings now accepts a User parameter; not providing a
7554 user is soft deprecated.
7555 * Article::insertProtectNullRevision and WikiPage::insertProtectNullRevision
7556 were hard deprecated. Instead, use WikiPage::insertNullProtectionRevision.
7557 * Article::doDeleteArticle, Article::doDeleteArticleReal, and
7558 WikiPage::doDeleteArticle are all deprecated. Instead, use
7559 WikiPage::doDeleteArticleReal.
7560 * Article::getComment is deprecated. Instead, use WikiPage::getComment.
7561 * Article::getCreator is deprecated. Instead, use WikiPage::getCreator.
7562 * Article::updateRevisionOn() and ::updateIfNewerOn(), and
7563 WikiPage::updateIfNewerOn() are deprecated. Instead, use
7564 WikiPage::updateRevisionOn().
7565 * Article::getUser is deprecated. Instead, use WikiPage::getUser.
7566 * Article::getUserText is deprecated. Instead, use WikiPage::getUserText.
7567 * Article::prepareContentForEdit is hard deprecated. Instead, use
7568 WikiPage::prepareContentForEdit.
7569 * WikiPage::prepareContentForEdit previously accepted either a Revision or a
7570 RevisionRecord object as its optional second parameter. Passing a Revision
7571 is now hard deprecated.
7572 * Article::getUndoContent and WikiPage::getUndoContent are hard deprecated.
7573 Instead, use ContentHandler::getUndoContent.
7574 * Passing Revision objects to ContentHandler::getUndoContent is hard deprecated.
7575 Instead, pass the associated Content objects, as well as whether the undo is
7576 from the current revision.
7577 * Article::doDeleteUpdates and ::doEditUpdates are deprecated. Instead,
7578 use WikiPage::doDeleteUpdates and ::doEditUpdates.
7579 * WikiPage::doEditUpdates previously accepted a Revision object as its first
7580 parameter. It now accepts RevisionRecord objects, and passing Revision
7581 objects is deprecated.
7582 * Article::getRevisionFetched is deprecated. Instead, use the
7583 fetchRevisionRecord method, which has been converted from protected to
7585 * LocalFileDeleteBatch was migrated to a new constructor signature with the
7586 user as the second parameter. Support for the old signature is hard
7587 deprecated, and once removed the user parameter will be required. At the
7588 same time, a number of file-deletion related methods were updated
7589 - File::delete is hard deprecated in favor of the new ::deleteFile
7590 - LocalFile::delete is hard deprecated in favor of the new ::deleteFile
7591 - LocalFile::deleteOld is hard deprecated in favor of the new ::deleteOldFile
7592 - ForeignDBFile::delete is hard deprecated in favor of the new ::deleteFile
7593 * File::recordUpload (along with the respective methods in the LocalFile and
7594 ForeignDBFile classes) is hard deprecated, and LocalFile::recordUpload2 is
7595 soft deprecated. Use the new LocalFile::recordUpload3, which has a different
7596 signature and requires that a User parameter is passed.
7597 * The SpecialPageFactory class was moved from the MediaWiki\Special namespace
7598 to the MediaWiki\SpecialPage namespace. The old location remains as a
7600 * Title::userCan, ::quickUserCan, and ::getUserPermissionsErrors, which
7601 were deprecated in 1.33, were hard deprecated. Instead, use
7602 PermissionManager::userCan, ::quickUserCan, and ::getPermissionErrors.
7603 * All methods of the old SpecialPageFactory, deprecated in 1.32, were hard
7604 deprecated. Instead, get a SpecialPageFactory from MediaWikiServices and
7606 * User::updateNewtalk now accepts as its optional third parameter a
7607 RevisionRecord object; passing a Revision is hard deprecated.
7608 * User::getNewMessageRevisionId and ::getNewMessageLinks were hard deprecated.
7609 * DifferenceEngine::getRevisionHeader now accepts a RevisionRecord as its
7610 first parameter; passing a Revision is hard deprecated.
7611 * WikiPage::doDeleteUpdates now accepts as its optional third parameter
7612 a RevisionRecord object; passing a Revision is hard deprecated.
7613 * WikiPage::onArticleEdit now accepts as its optional second parameter
7614 a RevisionRecord object; passing a Revision is hard deprecated.
7615 * Global $wgUser variable was soft deprecated.
7616 * The Revision class was soft deprecated entirely in 1.31. All methods
7617 have now been individually hard deprecated:
7618 - ::__construct - create MutableRevisionRecord objects instead
7619 - ::newFromId - use RevisionLookup::getRevisionById instead
7620 - ::newFromTitle - use RevisionLookup::getRevisionByTitle instead
7621 - ::newFromPageId - use RevisionStore::getRevisionByPageId instead
7622 - ::newFromArchiveRow - use RevisionFactory::newRevisionFromArchiveRow
7623 - ::newFromRow - use RevisionStore::newRevisionFromRow instead
7624 - ::loadFromPageId - use RevisionStore::getRevisionByPageId instead
7625 - ::loadFromTitle - use RevisionStore::getRevisionByTitle instead
7626 - ::loadFromTimestamp - use RevisionStore::getRevisionByTimestamp instead
7627 - ::getQueryInfo - use RevisionStore::getQueryInfo instead
7628 - ::getArchiveQueryInfo - use RevisionStore::getArchiveQueryInfo instead
7629 - ::getParentLengths - use RevisionStore::getRevisionSizes instead
7630 - ::getRevisionRecord - no replacement
7631 - ::getId - use RevisionRecord::getId instead
7632 - ::setId - use MutableRevisionRecord::setId instead
7633 - ::setUserIdAndName - use MutableRevisionRecord::setUser instead
7634 - ::getTextId - use SlotRecord::getContentAddress for retrieving an actual
7635 content address, or RevisionRecord::hasSameContent to compare content
7636 - ::getParentId - use RevisionRecord::getParentId instead
7637 - ::getSize - use RevisionRecord::getSize instead
7638 - ::getSha1 - use RevisionRecord::getSha1 instead
7639 - ::getTitle - use RevisionRecord::getPageAsLinkTarget instead
7640 - ::setTitle - the method was previously a no-op
7641 - ::getPage - use RevisionRecord::getPageId instead
7642 - ::getUser - use RevisionRecord::getUser and then User::getId instead
7643 - ::getUserText - use RevisionRecord::getUser and then User::getName instead
7644 - ::getComment - use RevisionRecord::getComment instead
7645 - ::isMinor - use RevisionRecord::isMinor instead
7646 - ::isUnpatrolled - use RevisionStore::getRcIdIfUnpatrolled instead
7647 - ::getRecentChange - use RevisionStore::getRecentChange instead
7648 - ::isDeleted - use RevisionRecord::isDeleted instead
7649 - ::getVisibility - use RevisionRecord::getVisibility instead
7650 - ::getContent - use RevisionRecord::getContent instead
7651 - ::getSerializedData - use SlotRecord::getContent for retrieving a
7652 content object, and Content::serialize for the serialized form
7653 - ::getContentModel - use SlotRecord::getModel instead
7654 - ::getContentFormat - use SlotRecord::getFormat instead, with a fallback
7655 to ContentHandler::getDefaultFormat
7656 - ::getContentHandler - use ContentHandlerFactory::getContentHandler instead
7657 - ::getTimestamp - use RevisionRecord::getTimestamp instead
7658 - ::isCurrent - use RevisionRecord::isCurrent instead
7659 - ::getPrevious - use RevisionLookup::getPreviousRevision instead
7660 - ::getNext - use RevisionLookup::getNextRevision instead
7661 - ::getRevisionText - use RevisionRecord::getContent instead
7662 - ::compressRevisionText - use SqlBlobStore::compressData instead
7663 - ::decompressRevisionText - use SqlBlobStore::decompressData instead
7664 - ::insertOn - use RevisionStore::insertRevisionOn instead
7665 - ::base36Sha1 - use SlotRecord::base36Sha1 instead
7666 - ::newNullRevision - use RevisionStore::newNullRevision
7667 - ::userCan - use RevisionRecord::userCanBitfield instead
7668 - ::userCanBitfield - use RevisionRecord::userCanBitfield instead
7669 - ::getTimestampFromId - use RevisionStore::getTimestampFromId instead
7670 - ::countByPageId - use RevisionStore::countRevisionsByPageId instead
7671 - ::countByTitle - use RevisionStore::countRevisionsByTitle instead
7672 - ::userWasLastToEdit - use RevisionStore::userWasLastToEdit instead
7673 - ::newKnownCurrent - use RevisionStore::getKnownCurrentRevision instead
7674 * The Revision method had a few methods that were previously protected and
7675 have been made private. They were:
7676 - ::getRevisionStore
7677 - ::getRevisionLookup
7678 - ::getRevisionFactory
7680 The $mRecord variable was also changed from protected to private.
7681 * Multiple hooks that include Revision objects were deprecated. The hooks, as
7682 well as suitable replacements, are noted below:
7683 - ArticleRevisionUndeleted (hard deprecated, use the RevisionUndeleted hook)
7684 - ArticleRollbackComplete (hard deprecated, use the RollbackComplete hook)
7685 - DiffRevisionTools (hard deprecated, use the DiffTools hook)
7686 - DiffViewHeader (hard deprecated, use the DifferenceEngineViewHeader hook)
7687 - HistoryRevisionTools (hard deprecated, use the HistoryTools hook)
7688 - NewRevisionFromEditComplete (hard deprecated, use the
7689 RevisionFromEditComplete hook).
7690 - PageContentInsertComplete (hard deprecated, use the PageSaveComplete hook)
7691 - PageContentSaveComplete (hard deprecated, use the PageSaveComplete hook)
7692 - RevisionInsertComplete (soft deprecated in 1.31, now hard deprecated)
7693 - TitleMoveCompleting (hard deprecated, use the PageMoveCompleting hook)
7694 - TitleMoveComplete (hard deprecated, use the PageMoveComplete hook)
7695 - UndeleteShowRevision (hard deprecated)
7696 * The following RevisionStore methods were deprecated:
7697 - ::loadRevisionFromTitle
7698 - ::loadRevisionFromTimestamp
7699 - ::loadRevisionFromPageId
7700 - ::listRevisionSizes
7701 * WikiPage::$mLastRevision was changed from protected to private.
7702 * RecentChange::markPatrolled was deprecated. Use ::doMarkPatrolled instead.
7703 * The JobRunner class has been converted to a service class.
7704 Direct construction is deprecated, use MediaWikiServices::getJobRunner.
7705 * JobRunner::setLogger has been deprecated, thus using JobRunner as a
7706 LoggerAwareInterface is deprecated as well. Rely on the logger passed in the
7707 constructor instead.
7708 * LogEventsList::typeAction accepts an optional right to check against as
7709 the fourth parameter. Specifying such a right is deprecated.
7710 * SkinTemplate::makeArticleUrlDetails has been deprecated, no longer used.
7711 * Passing a Revision object into CategoryMembershipChange constructor is
7712 deprecated. Pass a RevisionRecord instead.
7713 * The "mediawiki.legacy.oldshared" module has been deprecated.
7714 Skins and extensions that are using this should copy its necessary CSS rules
7715 to their own styles module. CologneBlue and Nostalgia skins serve as examples.
7716 * The "mediawiki.legacy.shared" module has been deprecated.
7717 Use the "mediawiki.skinning.*" modules, or ResourceLoaderSkinModule instead.
7718 * The following hooks, soft deprecated in 1.24, have been hard deprecated:
7719 - APIQueryInfoTokens
7720 - APIQueryRecentChangesTokens
7721 - APIQueryRevisionsTokens
7722 - APIQueryUsersTokens
7723 - ApiTokensGetTokenTypes
7724 * Calling Action::factory and Action constructor with any Page implementations
7725 other than Article is deprecated.
7726 * Action::page property is deprecated for direct access.
7727 Use Action::getArticle or Action::getWikiPage instead.
7728 * LESS `.background-image-svg()` mixin from 'mediawiki.mixins.less' is
7729 deprecated and should be removed in 1.36.
7730 * LESS `.background-image-svg-quick()` mixin from 'mediawiki.mixins.less' is
7731 deprecated and should be removed in 1.36.
7732 * The following methods were deprecated:
7733 - Title::getFirstRevision (hard deprecated)
7734 - Title::getEarliestRevTime
7735 - WikiPage::getOldestRevision (hard deprecated)
7736 - Article::getOldestRevision (hard deprecated)
7737 Use RevisionStore::getFirstRevision instead.
7738 * WikiPage::commitRollback and ::doRollback are declared to be internal
7739 in preparation for breaking changes. Neither method has any known
7740 callers outside of MediaWiki core. Both methods modify an array passed
7741 by reference ($resultDetails) - accessing the Revision objects added to
7742 that array (using the keys `current` and `target`) is also deprecated.
7743 * The following Linker methods previously accepted Revision objects as
7744 parameters. They now accept either Revision or RevisionRecord objects.
7745 Passing a Revision object is hard deprecated.
7749 - ::generateRollback
7750 - ::getRollbackEditCount
7751 - ::buildRollbackLink
7752 - ::getRevDeleteLink
7753 * WikiPage::hasDifferencesOutsideMainSlot previously accepted Revision
7754 objects for its two parameters. It now accepts RevisionRecord objects,
7755 and passing Revision objects is hard deprecated.
7756 * WikiPage::updateRevisionOn previously accepted Revision objects for its
7757 second parameter. It now accepts RevisionRecord objects, and passing
7758 Revision objects is hard deprecated.
7759 * The ParserGetVariableValueVarCache hook has been deprecated.
7760 * When using the ParserGetVariableValueSwitch hook, the following unusual
7761 uses have been deprecated: modifying the passed $magicWordId or failing to
7762 cache the returned value in $variableCache. The related
7763 MagicWordwgVariableIDs hook has been deprecated and renamed; use
7764 the GetMagicVariableIDs hook instead.
7765 * The following Parser properties have been deprecated:
7776 - ::$mGeneratedPPNodeCount
7777 - ::$mHighestExpansionDepth
7778 - ::$mDoubleUnderscores
7779 - ::$mExpensiveFunctionCount
7785 - ::$mRevisionObject
7787 - ::$mRevisionTimestamp
7792 * LinksUpdate::getRevision and ::setRevision are hard deprecated in favor
7793 of the new ::getRevisionRecord and ::setRevisionRecord methods.
7794 * A large number of exposed variables and methods of Article were deprecated as
7795 part of its planned removal:
7796 - Article::$mContext is deprecated; use getContext()/setContext() instead.
7797 - Article::__get(), ::__set() are hard deprecated, use the WikiPage properties
7799 - These Article methods were hard deprecated; use their WikiPage equivalents:
7802 - ::clearPreparedEdit,
7804 - ::doDeleteArticleReal,
7808 - ::doUpdateRestrictions,
7812 - ::getContentHandler,
7813 - ::getContentModel,
7814 - ::getContributors,
7815 - ::getDeletionUpdates,
7816 - ::getHiddenCategories,
7819 - ::getLinksTimestamp,
7821 - ::getRedirectTarget,
7825 - ::hasViewableContent,
7828 - ::insertRedirectEntry,
7833 - ::lockAndGetLatest,
7834 - ::makeParserOptions,
7836 - ::pageDataFromTitle,
7837 - ::prepareContentForEdit,
7838 - ::protectDescription,
7839 - ::protectDescriptionLog,
7840 - ::replaceSectionAtRev,
7842 - ::shouldCheckParserCache,
7843 - ::supportsSections,
7844 - ::triggerOpportunisticLinksUpdate,
7845 - ::updateCategoryCounts, and
7846 - ::updateRedirectOn.
7847 - Article::generateReason() was hard deprecated; instead, please use
7848 WikiPage::getAutoDeleteReason().
7849 - Article::replaceSectionContent() was hard deprecated, use
7850 Article::replaceSectionAtRev() instead.
7851 - Article::getRevision and WikiPage::getRevision were hard deprecated in favor
7852 of the new WikiPage::getRevisionRecord method.
7853 * A new UserNameUtils service was introduced. The following User methods
7854 were deprecated in favor of using the new service:
7861 * The signature of WikiPage::doDeleteArticleReal was changed to make the user
7862 the second parameter, and the suppression option the third parameter.
7863 Previously, the third parameter was unused. Using the old signature is
7865 * ApiQueryRevisions::getRollbackToken, which has been soft deprecated since
7866 1.24, accepted as its third parameter a Revision object. It now accepts
7867 a RevisionRecord, and passing a Revision is hard deprecated.
7868 * Passing Article to ParserCache::get() was deprecated
7869 * ParserOptions::newCanonical() with no first parameter, or null as the first
7870 parameter, which falls back to using global $wgUser, is hard deprecated.
7871 * Parser::fetchCurrentRevisionOfTitle, ::statelessFetchRevision, and
7872 ::getRevisionObject were hard deprecated in favor of the new
7873 ::fetchCurrentRevisionRecordOfTitle, ::statelessFetchRevisionRecord,
7874 and ::getRevisionRecordObject methods respectively.
7875 * ParserOptions::getCurrentRevisionCallback and ::setCurrentRevisionCallback
7876 were hard deprecated in favor of the new ::getCurrentRevisionRecordCallback
7877 and ::setCurrentRevisionRecordCallback methods respectively.
7878 * Parser::statelessFetchTemplate returns an array; accessing the Revision
7879 object returned (via the `revision` key to the array) is deprecated. Instead,
7880 use `revision-record` to retrieve the equivalent RevisionRecord.
7881 * WikiPage::doEditContent returns an array, and PageUpdater::getStatus returns
7882 a Status object with an array value. For both of those arrays, accessing the
7883 Revision object returned (via the `revision` key to the array) is deprecated.
7884 Instead, use `revision-record` to retrieve the equivalent RevisionRecord.
7885 * Page interface was deprecated. Use Article or WikiPage instead.
7886 * The following DatabaseBlock methods are deprecated because they are no longer
7887 needed in core: chooseBlock, fromMaster, deleteIfExpired.
7888 * wfGetScriptUrl() was deprecated. The script URL should be configured rather
7889 than detected. wfScript() can be used to get a configured script URL.
7890 * Action::factory() with null $action argument is hard deprecated
7891 * The following methods of the User class were deprecated: getDefaultOptions,
7892 getDefaultOption, getOptions, getOption, getBoolOption, getIntOption,
7893 setOption, listOptionKinds, getOptionKinds, resetOptions. Use corresponding
7894 methods in UserOptionsLookup or UserOptionsManager service classes instead.
7895 * UserRetrieveNewTalks hook was deprecated without replacement.
7896 * User::getNewtalk and ::setNewtalk were hard deprecated. Use service
7897 TalkPageNotificationManager instead.
7898 * EditPage::matchSpamRegex and ::matchSummarySpamRegex were hard deprecated in
7899 favor of the new SpamChecker service.
7900 * Title::getNotificationTimestamp, User::clearNotification, and
7901 User::clearAllNotifications were deprecated in favor of the new
7902 WatchlistNotificationManager service.
7903 * SpecialPage::setListed() and SpecialPage::listed() were deprecated. Subclass
7904 UnlistedSpecialPage to set listed as false, and use SpecialPage::isListed()
7906 * CategoryPage::getCategoryViewerClass() and ::setCategoryViewerClass() were
7908 * MWHttpRequest and its subclasses PhpHttpRequest, CurlHttpRequest and
7909 GuzzleHttpRequest now require the timeout and connectTimeout options to
7910 always be specified, otherwise a deprecation warning will be raised. Most
7911 callers should use HttpRequestFactory which always sets these options.
7912 * Linker::normaliseSpecialPage() has been deprecated, instead make use of
7913 LinkRenderer::normalizeTarget().
7914 * SkinTemplate::getPersonalToolsList() was soft deprecated.
7915 * ChangeTags::truncateTagDescription() has been deprecated.
7916 * The following methods of the User class are deprecated: getGroups,
7917 getGroupMemberships, getEffectiveGroups, getAutomaticGroups,
7918 addGroup, removeGroup, getFormerGroups, getAllGroups, getImplicitGroups,
7919 addAutopromoteOnceGroups. Use the new UserGroupManager service instead.
7920 * The following methods of the UserGroupMembership class were deprecated:
7921 selectFields, getMembershipsForUser, getMembership, insert, delete,
7922 newFromRow, initFromRow, purgeExpired.
7923 Use the new UserGroupManager service instead.
7924 * wfWaitForSlaves() has been hard deprecated. Use LBFactory::waitForReplication
7925 instead. It was soft deprecated in 1.27.
7926 * BaseTemplate::getAfterPortlet and ::renderAfterPortlet have been deprecated in
7927 favor of the Skin::getAfterPortlet method. Skin::getAfterPortlet does not wrap
7928 the result in a div, callers are responsible for that.
7929 The hook BaseTemplateAfterPortlet, called by both methods has been deprecated
7930 as well and is replaced by SkinAfterPortlet.
7931 * Autopromote class has been soft deprecated and it's methods moved into
7933 * SkinTemplateBuildNavUrlsNav_urlsAfterPermalink hook has been deprecated.
7934 Use SidebarBeforeOutput hook and get the revision id from the OutputPage
7936 * BaseTemplate::getToolbox() method has been soft deprecated. The toolbox data
7937 is now available in a sidebar data array which you can get from any class
7938 that's extending QuickTemplate class. The hook associated with this method,
7939 BaseTemplateToolbox, has been hard deprecated. To add items to the toolbox,
7940 use SidebarBeforeOutput hook instead.
7941 * The SkinTemplateOutputPageBeforeExec hook is deprecated.
7942 The page [[mw:Manual:Hooks/SkinTemplateOutputPageBeforeExec]] and T60137
7943 for recommendations for alternative approaches based on how developers
7944 previously used this hook.
7945 * SkinTemplateToolboxEnd hook has been deprecated. Use SidebarBeforeOutput hook
7947 * Using Skin::addToBodyAttributes() method to add body attributes has been
7948 deprecated. Use OutputPageBodyAttributes hook instead.
7949 * Installer::getDBTypes has been hard deprecated in favor of
7950 InstallerDBSupport::getDatabases
7951 * The hooks BeforeHttpsRedirect, CanIPUseHTTPS and UserRequiresHTTPS were
7952 deprecated, as part of a long-term plan to remove support for mixed
7954 * Skin::generateDebugHTML() has been hard deprecated. Call
7955 MWDebug::getHTMLDebugLog() directly.
7956 * ExternalStoreDB::getSlave(), soft deprecated in 1.34, was hard deprecated.
7957 Use ExternalStoreDB::getReplica() instead.
7958 * Less variables in mediawiki.ui/variables.less file that don't follow the
7959 standard variable naming scheme (compare WikimediaUI Base) including
7960 `@colorGray* variables have been deprecated. New variables are in place and
7961 aliases have been set. Replace occurrences and use the new variables instead.
7963 === Other changes in 1.35 ===
7964 * A new maintenance script is added (purgeExpiredWatchlistItems.php) with which
7965 to delete expired watchlist items. These items will also be deleted during
7966 wiki editing if $wgWatchlistPurgeRate is > 0. This maintenance script only
7967 has effect if $wgWatchlistExpiry is true. It is recommended that a cronjob or
7968 similar be set up to run it at least daily.
7969 * Title::purgeSquid is deprecated. Use MediaWikiServices::getHtmlCacheUpdater.
7970 * SpecialVersion::getExtLicenseFileName() has been deprecated, use
7971 MediaWiki\ExtensionInfo::getLicenseFileNames() instead.
7972 * SpecialVersion::getExtAuthorsFileName() has been deprecated, use
7973 MediaWiki\ExtensionInfo::getAuthorsFileName() instead.
7974 * Migration to the new content storage schema is complete, all backwards
7975 compatibility code and duplication in the database have been removed.
7976 The old schema was a 1:1 relationship modeled by
7977 revision.text_id -> text.old_id. The new schema is a n:m relationship,
7978 revision.rev_id <- slots.slot_revision_id|slots.slot_content_id ->
7979 content.content_id|content.content_address -> text.old_id. The same applies
7980 to the archive table.
7981 The following fields were removed:
7982 - revision.rev_text_id, replaced by content.content_address
7983 - revision.rev_content_model, replaced by content.content_model,
7984 referencing content_models.model_id
7985 - revision.rev_content_format, replaced by automatic detecting in
7987 - archive.ar_text_id, replaced by content.content_address
7988 - archive.ar_content_model, replaced by content.content_model,
7989 referencing content_models.model_id
7990 - archive.ar_content_format, replaced by automatic detecting in
7992 * Migration to normalized storage of edit comments and user names is
7993 progressing. The following fields were unused and have been removed:
7994 - revision.rev_comment,
7995 replaced by rev_comment_id referencing comment.comment_id.
7996 - revision.rev_user and rev_user_text,
7997 replaced by rev_actor referencing actor.actor_id.
7998 Note that archive.ar_user, archive.ar_user_text, and archive.ar_comment
7999 had already been removed in previous releases.
8000 * The printableversion has been marked as deprecated per T167956.
8001 * (T30162, T245387) The installer supports using a Postgres server running
8002 on a custom port other than 5432.
8005 MediaWiki 1.35 requires PHP 7.3.19 or later, and the following PHP extensions:
8015 MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used,
8016 but support for them is somewhat less mature.
8018 The supported versions are:
8020 * MySQL 5.5.8 or later
8021 * PostgreSQL 9.2 or later
8022 * SQLite 3.8.0 or later
8024 == Online documentation ==
8025 Documentation for both end-users and site administrators is available on
8026 MediaWiki.org, and is covered under the GNU Free Documentation License (except
8027 for pages that explicitly state that their contents are in the public domain):
8029 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
8032 A mailing list is available for MediaWiki user support and discussion:
8034 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
8036 A low-traffic announcements-only list is also available:
8038 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
8040 It's highly recommended that you sign up for one of these lists if you're
8041 going to run a public MediaWiki, so you can be notified of security fixes.
8044 There's usually someone online in #mediawiki on irc.libera.chat.
8048 == MediaWiki 1.34.4 ==
8050 This is a maintenance release of the Mediawiki 1.34 branch.
8052 === Changes since MediaWiki 1.34.3 ===
8053 * Fixed issue relating to backporting of changes for T260485.
8055 == MediaWiki 1.34.3 ==
8057 This is a security and maintenance release of the MediaWiki 1.34 branch.
8059 === Changes since MediaWiki 1.34.2 ===
8060 * In the web installer, use secure session cookies.
8061 * Make UsersPager::requestedGroup public.
8062 * (T257407) Split patch-drop-user-fields.sql into patch per table.
8063 * (T257356) Split patch-drop-comment-fields.sql into patch per table.
8064 * (T257997) Undeprecate WebInstaller::getInfoBox().
8065 * Added $wgForceHTTPS, which makes the HTTP to HTTPS redirect be unconditional
8066 and suppresses various hacks needed to support mixed HTTP/HTTPS wikis. We
8067 recommend this be set to true on pure HTTPS wikis.
8068 * Added $wgCookieSameSite, which allows login cookies to be sent with
8069 SameSite=None. This is required for cross-site CentralAuth autologin after
8071 * Added $wgUseSameSiteLegacyCookies, which adds a compatibility hack to
8072 SameSite=None cookies for browsers which implemented an incompatible draft
8073 version of the specification.
8074 * (T257207) shell: Expand documentation in firejail.profile.
8075 * (T246135) Give the "remember me" checkbox a specific CSS class so skins
8076 like Minerva can only hide that checkbox.
8077 * (T256287) rdbms: improve DBConnRef domain selection exception message.
8078 * (T248191, T259123) phpunit: Acknowledge known dberror from
8079 SpecialPageFatalTest.
8080 * (T256394, T259123) Cleanup up excess commit() call in LocalRepoTest.
8081 * Fix runBatchedQuery.php for no result from select.
8082 * (T130906) Add Edge to MediaWiki:Clearyourcache.
8083 * (T249521) reassignEdits: Update script to use User::newFromName for anon
8085 * (T172060) GlobalFunctions: Use php_uname instead of posix_uname.
8086 * Use IPset in MWRestrictions::checkIP.
8087 * (T260031) Add application/font-sfnt to MimeMap for ttf files.
8088 * shell: Make ->restrict( RESTRICT_NONE ) actually work.
8089 * (T183759) Fixes shell edge-cases in Windows.
8090 * (T258390) Add CentralIdLookup::factoryNonLocal().
8091 * (T246991) User: Fix pingLimiter() to use makeGlobalKey() for global rate
8093 * (T232568, CVE-2020-25813) SECURITY: Special:UserRights exposes the existence
8095 * (T251661, CVE-2020-25827) SECURITY: User::pingLimiter: add user-global rate
8097 * (T246991) User: enforce pingLimiter() expiry time.
8098 * (T260232) don't include null page ids in query list for category dumps.
8099 * (T251506) Sanitizer: Truncate IDs to a reasonable length.
8100 * (T262900) Fix failure of rebuildLocalisationCache.php due to RL hook.
8101 * Explicitly wrap some XML calls in libxml_disable_entity_loader().
8102 * (T263455 T247285) Set EnableJavaScriptTest to true in
8103 includes/DevelopmentSettings.php.
8104 * (T232568, CVE-2020-25813) SECURITY: SpecialUserrights: If a viewer lacks
8105 `hideuser`, ignore hidden users.
8106 * (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on
8107 Special:Contributions.
8108 * (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within
8110 * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking
8111 firejail's --output functionality.
8112 * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and
8114 * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in
8115 mw.message( ... ).parse().
8116 * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct
8118 * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used.
8120 == MediaWiki 1.34.2 ==
8122 This is a security and maintenance release of the MediaWiki 1.34 branch.
8124 === Changes since MediaWiki 1.34.1 ===
8125 * (T247017) PasswordReset performance improvements.
8126 * The MultiHttpClient code will fallover to non-curl if curl_multi* is blocked.
8127 * (T250568) Work around change in SimpleXMLElement behavior introduced in PHP
8129 * (T251789) Let $wgResourceLoaderMaxQueryLength=-1 fallback to default.
8130 * Remove some rotten and out of date documentation.
8131 * (T252311) Improvements to some older SQLite update patches.
8132 * (T240307) Minor fixes to extension.schema.v2.json and
8133 extension.schema.v1.json.
8134 * (T238043) cleanupUsersWithNoId.php: Handle missing fields.
8135 * (T199474) Set rc_patrolled to 2 for autopatrolled changes in
8136 rebuildrecentchanges.php.
8137 * (T229461) Update the change_tag table in rebuildrecentchanges.php.
8138 * (T249730) Password Reset Updates.
8139 * (T234450) Per-user concurrency in SpecialContributions can now be limited by
8140 setting $wgPoolCounterConf['SpecialContributions'] appropriately.
8141 * (T248947) SECURITY: img_auth.php may leak private extension images into the
8144 == MediaWiki 1.34.1 ==
8146 This is a security and maintenance release of the MediaWiki 1.34 branch.
8148 === Changes since MediaWiki 1.34.0 ===
8149 * (T211450) User: better error message when getActorId fails.
8150 * (T241340) Don't redefine MW_ENTRY_POINT in thumb.php if already defined.
8151 * (T236444) User: Allow newSystemUser() to create over anonymous actors.
8152 * (T238483) Fix NewPagesPager "hide registered users" option.
8153 * (T245072) mediawiki.language: Rename languageData back to languageNames.
8154 * Use proper SemVer comparison in CheckComposerLockUpToDate.
8155 * (T212738) Add the MW_VERSION constant, global $wgVersion is soft deprecated.
8156 * (T246127) Fix error when initialising updateCollation.php.
8157 * Update comment about PHP versions supported by The PHP Group.
8158 * (T247215) Fix output of RecountCategories::doWork().
8159 * Add check for page existence to view.php maintenance script.
8160 * (T245149) Fix fetching login token from action=query&meta=tokens on private
8162 * (T236509) SECURITY: Fix HTML escaping in UserGroupMembership::getLink().
8163 * (T232932) SECURITY: User content can redirect the logout button to different
8165 * (T246602) SECURITY: jquery.makeCollapsible allows applying event handler to
8168 == MediaWiki 1.34.0 ==
8170 === Changes since MediaWiki 1.34.0-rc.1 ===
8171 * $wgDiffEngine (T237049) – This configuration can be used to specify which
8172 difference engine to use. MediaWiki continues to default to automatically
8173 choosing the first of $wgExternalDiffEngine, wikidiff2, or php that is
8175 * (T231866) SqlBlobStore no longer needs Language object.
8176 * (T236735) WikiExporter: Remove unnecessary check for SCHEMA_COMPAT_WRITE_OLD
8178 * (T231673) Set MCR migration stage to SCHEMA_COMPAT_NEW.
8179 * (T229601) Make sure DBLoadBalancerFactory service is not disabled.
8180 * (T232866) Fix support for HTTP/2 in MultiHttpClient.
8181 * (T231866) LocalisationCache: Don't instantiate ResourceLoader.
8182 * (T227461) Stop calling deprecated Redis delete functions.
8183 * (T239561) Mark options as requiring parameters in addSite.php.
8184 * (T232866) Mimic CURLOPT_POST in GuzzleHttpRequest.
8185 * (T239734) Replace deprecated lSize with lLen in Redis code.
8186 * (T192134) SECURITY: Do not allow user scripts on Special:PasswordReset.
8187 * (T239428) ApiEditPage: Test for bad redirect targets.
8188 * (T233342) rdbms: Log debug message traces as 'exception.trace' instead of
8190 * (T226751) media: Log and fail gracefully on invalid EXIF coordinates.
8191 * (T240924) NewPagesPager: Fix namespace query conditions.
8192 * (T212067) Tests for an old PHP bug in parse_url.
8194 == MediaWiki 1.34.0-rc.1 ==
8196 === Changes since MediaWiki 1.34.0-rc.0 ===
8197 * (T231742) rdbms: Restore debug toolbar "Queries" feature.
8198 * (T231366) The ProfilerOutputDb class, 'profiling' table, and profileinfo.php
8199 entry point had been deprecated.
8200 * (T234361) localisation: Add debug message for backend of MessageCache.
8201 * (T234361) session: Add debug message for the used store class.
8202 * (T235559) Fix example Kask configuration in RESTBagOStuff class comment.
8203 * (T235137) Don't apply styling for Special:Contributions on other pages.
8204 * Upgrade mediawiki-codesniffer from 26.0.0 to 28.0.0 (dev-only).
8205 * (T219604) The "jquery.ui.*" and "jquery.effects.*" modules are now
8206 deprecated as aliases for the "jquery.ui" module.
8207 * (T235392) Deprecate setting Parser::mTitle to null.
8208 * Supporting commits for T235392 were also backported to prevent divergence
8209 from master (MediaWiki 1.35).
8210 * (T234581) The 'jquery.tabIndex' module is deprecated.
8211 * Fix docs for GetUserBlock hooks.
8212 * Parser: Hard deprecate getConverterLanguage.
8213 * (T236810) A number of public methods of Parser were exposed only for
8214 historical reasons and have been deprecated: doMagicLinks,
8215 doDoubleUnderscore, doHeadings, doAllQuotes, replaceExternalLinks,
8216 replaceInternalLinks, replaceInternalLinks2, getVariableValue,
8217 initialiseVariables, formatHeadings, testPst, testPreprocess, testSrvus,
8218 areSubpagesAllowed, maybeDoSubpageLink, splitWhitespace, createAssocArgs,
8219 armorLinks, makeKnownLinkHolder, getImageParams, parseLinkParameter,
8220 stripAltText, replaceLinkHolders, replaceLinkHoldersText, armorLinks,
8221 makeKnownLinkHolder, getImageParams, parseLinkParameter, stripAltText.
8222 * (T30798) $wgServer must now always be set in LocalSettings.php. This is most
8223 likely the case already for any wiki installed after 1.18. The autodetection
8224 system was informally deprecated since 1.18 and vulnerable to cache poisoning
8225 attacks. Older wikis may need to update their LocalSettings.php file.
8226 * (T232169) Hard deprecate $wgSysopEmailBans.
8227 * (T236628) Fix for ArticleRevisionViewCustom hook in DifferenceEngine.php.
8228 * (T181658) Do not insert page titles into querycache.qc_value.
8229 * ParamValidator has been flagged as unstable.
8230 * Hard deprecate Parser::disableCache().
8232 == MediaWiki 1.34.0-rc.0 ==
8234 == Upgrading notes for 1.34 ==
8235 1.34 has several database changes since 1.33, and will not work without schema
8236 updates. Note that due to changes to some very large tables like the revision
8237 table, the schema update may take quite long (minutes on a medium sized site,
8238 many hours on a large site).
8240 Don't forget to always back up your database before upgrading!
8242 See the file UPGRADE for more detailed upgrade instructions, including
8243 important information when upgrading from versions prior to 1.11.
8245 Some specific notes for MediaWiki 1.34 upgrades are below:
8247 * MediaWiki now requires PHP 7.2.9 or above.
8248 * MediaWiki no longer supports HHVM.
8250 For notes on 1.33.x and older releases, see HISTORY.
8252 === Configuration changes for system administrators in 1.34 ===
8254 In an effort to enforce best practices for passwords, MediaWiki will now warn
8255 users, and suggest that they change their password, if it is in the list of
8256 100,000 commonly used passwords that are considered bad passwords. If you want
8257 to disable this for your users, please add the following to your local settings:
8259 $wgPasswordPolicy['policies']['default']['PasswordNotInLargeBlacklist'] = false;
8261 ==== New configuration ====
8262 * $wgAllowExternalReqID (T201409) - This configuration setting controls whether
8263 Mediawiki accepts the request ID set by the incoming request via the
8264 `X-Request-Id` header. If set to `true`, that value will be used throughout
8265 the code as the request identificator. Otherwise, the sent header will be
8266 ignored and the request ID will either be taken from Apache's mod_unique
8267 module or will be generated by Mediawiki itself (depending on the set-up).
8268 * $wgEnableSpecialMute (T218265) - This configuration controls whether
8269 Special:Mute is available and whether to include a link to it on emails
8270 originating from Special:Email.
8271 * editmyuserjsredirect user right – users without this right now cannot edit JS
8272 redirects in their userspace unless the target of the redirect is also in
8273 their userspace. By default, this right is given to everyone.
8274 * (T226733) Add rate limiter to Special:ConfirmEmail.
8275 * $wgDiffEngine (T237049) – This configuration can be used to specify which
8276 difference engine to use. MediaWiki continues to default to automatically
8277 choosing the first of $wgExternalDiffEngine, wikidiff2, or php that is
8280 ==== Changed configuration ====
8281 * $wgUseCdn, $wgCdnServers, $wgCdnServersNoPurge, and $wgCdnMaxAge – These four
8282 CDN-related config variables have been renamed from being specific to Squid –
8283 they were previously $wgUseSquid, $wgSquidServers, $wgSquidServersNoPurge, and
8284 $wgSquidMaxage respectively. This aligns them with the related existing
8285 variable $wgCdnMaxageLagged. The previous configuration variable names are
8286 deprecated, but will be used as the fall back if they are still set.
8287 Note that wgSquidPurgeUseHostHeader has not been renamed, as it is deprecated.
8288 * (T27707) File type checks for image uploads have been relaxed to allow files
8289 containing some HTML markup in metadata. As a result, the $wgAllowTitlesInSVG
8290 setting is no longer applied and is now always true. Note that MSIE 7 may
8291 still be able to misinterpret certain malformed PNG files as HTML.
8292 * (T30798) $wgServer must now always be set in LocalSettings.php. This is most
8293 likely the case already for any wiki installed after 1.18. The autodetection
8294 system was informally deprecated since 1.18 and vulnerable to cache poisoning
8295 attacks. Older wikis may need to update their LocalSettings.php file.
8296 * Introduced $wgVerifyMimeTypeIE to allow disabling the MSIE 6/7 file type
8297 detection heuristic on upload, which is more conservative than the checks
8298 that were changed above.
8299 * $wgExternalDiffEngine — Setting this to a string value of 'wikidiff',
8300 'wikidiff2', or 'wikidiff3' will no longer work. This legacy behaviour was
8301 deprecated in MediaWiki 1.27, 1.32, and 1.27, respectively.
8302 * $wgSkipSkin — Setting this instead of $wgSkipSkins, deprecated in 1.23, is now
8304 * $wgLocalInterwiki — Setting this instead of $wgLocalInterwikis, deprecated in
8305 1.23, is now hard-deprecated.
8306 * $wgProfileOnly — Setting this, deprecated in 1.23, is now hard-deprecated.
8307 Instead, set the log file in $wgDebugLogGroups['profileoutput'].
8308 * $wgProxyList — Setting this to an array with IP addresses in the array keys,
8309 which was deprecated in 1.30, no longer works. Instead, $wgProxyList should be
8310 an array with IP addresses as the values, or a string path to a file
8311 containing one IP address per line.
8312 * $wgCookieSetOnAutoblock and $wgCookieSetOnIpBlock are now enabled by default.
8314 ==== Removed configuration ====
8315 * $wgWikiDiff2MovedParagraphDetectionCutoff — If you still want a custom change
8316 size threshold, please specify in php.ini, using the configuration variable
8317 wikidiff2.moved_paragraph_detection_cutoff.
8318 * $wgUseESI - This experimental setting, deprecated in 1.33, is now removed.
8319 * $wgDebugPrintHttpHeaders - The default of including HTTP headers in the
8320 debug log channel is no longer configurable. The debug log itself remains
8321 configurable via $wgDebugLogFile.
8322 * $wgMsgCacheExpiry - The MessageCache uses 24 hours as the expiry for values
8323 stored in WANObjectCache. This is no longer configurable.
8324 * $wgPasswordSalt – This setting, used for migrating exceptionally old, insecure
8325 password setups and deprecated since 1.24, is now removed.
8326 * $wgDBOracleDRCP - If you must use persistent connections, set DBO_PERSISTENT
8327 in the 'flags' field for servers in $wgDBServers (or $wgLBFactoryConf).
8328 * $wgMemCachedDebug - Set the cache "debug" field in $wgObjectCaches instead.
8329 * $wgActorTableSchemaMigrationStage has been removed. Extension code for
8330 MediaWiki 1.31+ finding it unset should treat it as being SCHEMA_COMPAT_NEW.
8332 === New user-facing features in 1.34 ===
8333 * Special:Mute has been added as a quick way for users to block unwanted emails
8334 from other users originating from Special:EmailUser.
8335 * (T207577) Special:NewSection has been created as a shortcut to creating a new
8336 section on a page. When linked to, its subpage is used as the target
8337 ([[Special:NewSection/Test]] redirects to creating a new section in "Test").
8338 Otherwise, it displays a basic interface to allow the end user to specify
8339 the target manually.
8340 * (T220447) Special:Contributions/newbies has been removed for performance and
8341 usefulness reasons. Use Special:RecentChanges?userExpLevel=newcomer instead.
8342 * Special:NewFiles/newbies has been removed for performance and usefulness
8343 reasons. Use Special:RecentChanges?userExpLevel=newcomer&namespace=6 instead.
8345 === New developer features in 1.34 ===
8346 * The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification
8347 of headers in private wikis.
8348 * Language::formatTimePeriod now supports the new 'avoidhours' option to output
8349 strings like "5 days ago" instead of "5 days 13 hours ago".
8350 * (T220163) Added SpecialMuteModifyFormFields hook to allow extensions
8351 to add fields to Special:Mute.
8352 * (T100896) Skin authors can define custom OOUI themes using OOUIThemePaths.
8353 See <https://www.mediawiki.org/wiki/OOUI/Themes> for details.
8354 * (T229035) The GetUserBlock hook was added. Use this instead of
8356 * ObjectFactory is available as a service. When used as a service, the object
8357 specs can now specify needed DI services.
8358 * (T222388) Special pages can now be specified as an ObjectFactory spec,
8359 allowing the construction of special pages that require services to be
8360 injected in their constructor.
8361 * (T222388) API modules can now be specified as an ObjectFactory spec,
8362 allowing the construction of modules that require services to be injected
8363 in their constructor.
8364 * (T117736) The function signature of SpecialContributions::getForm::filters
8365 has changed. It now expects definitions of additional filter fields as array
8368 === External library changes in 1.34 ===
8370 ==== Changed external libraries ====
8371 * Updated Mustache from 1.0.0 to v3.0.1.
8372 * Updated OOUI from v0.31.3 to v0.34.0.
8373 * Updated OOjs from v2.2.2 to v3.0.0.
8374 * Updated composer/semver from 1.4.2 to 1.5.0.
8375 * Updated composer/spdx-licenses from 1.4.0 to 1.5.1 (dev-only).
8376 * Updated mediawiki/codesniffer from 25.0.0 to 28.0.0 (dev-only).
8377 * Updated cssjanus/cssjanus from 1.2.1 to 1.3.0.
8378 * Updated wikimedia/at-ease from 1.2.0 to 2.0.0.
8379 * Updated wikimedia/remex-html from 2.0.1 to 2.1.0.
8380 * Updated monolog/monolog from 1.22.1 to 1.24.0 (dev-only).
8381 * Updated wikimedia/object-factory from 1.0.0 to 2.1.0.
8382 * Updated wikimedia/timestamp from 2.2.0 to 3.0.0.
8383 * Updated wikimedia/xmp-reader from 0.6.2 to 0.6.3.
8384 * Updated mediawiki/mediawiki-phan-config from 0.6.0 to 0.6.1 (dev-only).
8385 * Updated wikimedia/avro from 1.8.0 to 1.9.0 (dev-only).
8387 ==== Removed external libraries ====
8388 * The jquery.async module, deprecated in 1.33, was removed.
8390 === Bug fixes in 1.34 ===
8391 * (T222529) If a log entry or page revision is recorded in the database with an
8392 empty username, attempting to display it will log an error and return a "no
8393 username available" to the user instead of silently displaying nothing or
8396 === Action API changes in 1.34 ===
8397 * The 'recenteditcount' response property from action=query list=allusers,
8398 deprecated in 1.25, has been removed.
8399 * (T60993) action=query list=filearchive, list=alldeletedrevisions and
8400 prop=deletedrevisions no longer require the 'deletedhistory' user right.
8401 * In the response to queries that use 'prop=imageinfo', entries for
8402 non-existing files (indicated by the 'filemissing' field) now omit the
8403 following fields, since they are meaningless in this context:
8404 'timestamp', 'userhidden', 'user', 'userid', 'anon', 'size', 'width',
8405 'height', 'pagecount', 'duration', 'commenthidden', 'parsedcomment',
8406 'comment', 'thumburl', 'thumbwidth', 'thumbheight', 'thumbmime',
8407 'thumberror', 'url', 'sha1', 'metadata', 'extmetadata', 'commonmetadata',
8408 'mime', 'mediadtype', 'bitdepth'.
8409 Clients that process these fields should first check if 'filemissing' is
8410 set. Fields that are supported even if the file is missing include:
8411 'canonicaltitle', 'archivename' (deleted files only), 'descriptionurl',
8412 'descriptionshorturl'.
8413 * The 'blockexpiry' result property in list=users and list=allusers will now be
8414 returned in the same format used by the rest of the API: ISO 8601 for
8415 expiring blocks, and "infinite" for non-expiring blocks.
8417 === Action API internal changes in 1.34 ===
8418 * The exception thrown in ApiModuleManager::getModule has been changed
8419 from an MWException to an UnexpectedValueException, thrown by ObjectFactory.
8420 ApiModuleManager::getModule now also throws InvalidArgumentExceptions when
8421 ObjectFactory is presented with an invalid spec or incorrectly constructed
8423 * Added ApiQueryBlockInfoTrait.
8425 === Languages updated in 1.34 ===
8426 MediaWiki supports over 350 languages. Many localisations are updated regularly.
8427 Below only new and removed languages are listed, as well as changes to languages
8428 because of Phabricator reports.
8430 * (T152908) Added language support for N'Ko (nqo).
8432 === Breaking changes in 1.34 ===
8433 * The global functions wfSuppressWarnings and wfRestoreWarnings, deprecated in
8434 1.26, have been removed. Use Wikimedia\AtEase\AtEase::suppressWarnings() and
8435 Wikimedia\AtEase\AtEase::restoreWarnings() directly.
8436 * Preferences class, deprecated in 1.31, has been removed.
8437 * The following parts of code, deprecated in 1.32, were removed in favor of
8438 built-in PHP functions:
8441 * Functions of the MWCryptRand class: singleton(), wasStrong() and generate().
8442 * Various Special Page PHP Classes were renamed (mostly casing changes):
8443 * SpecialAncientpages => SpecialAncientPages
8444 * SpecialConfirmemail => SpecialConfirmEmail
8445 * SpecialDeadendpages => SpecialDeadendPages
8446 * SpecialFewestrevisions => SpecialFewestRevisions
8447 * SpecialListredirects => SpecialListRedirects
8448 * SpecialLonelypages => SpecialLonelyPages
8449 * SpecialLongpages => SpecialLongPages
8450 * SpecialMIMEsearch => SpecialMIMESearch
8451 * SpecialMostcategories => SpecialMostCategories
8452 * SpecialMostinterwikis => SpecialMostInterwikis
8453 * SpecialMostlinked => SpecialMostLinked
8454 * SpecialMostlinkedcategories => SpecialMostLinkedCategories
8455 * SpecialMostlinkedtemplates => SpecialMostLinkedTemplates
8456 * SpecialMostrevisions => SpecialMostRevisions
8457 * SpecialNewimages => SpecialNewFiles
8458 * SpecialShortpages => SpecialShortPages
8459 * SpecialUncategorizedcategories => SpecialUncategorizedCategories
8460 * SpecialUncategorizedimages => SpecialUncategorizedImages
8461 * SpecialUncategorizedpages => SpecialUncategorizedPages
8462 * SpecialUncategorizedtemplates => SpecialUncategorizedTemplates
8463 * SpecialUnusedcategories => SpecialUnusedCategories
8464 * SpecialUnusedimages => SpecialUnusedImages
8465 * SpecialUnusedtemplates => SpecialUnusedTemplates
8466 * SpecialUnwatchedpages => SpecialUnwatchedPages
8467 * SpecialWantedcategories => SpecialWantedCategories
8468 * SpecialWantedtemplates => SpecialWantedTemplates
8469 * SpecialWithoutinterwiki => SpecialWithoutInterwiki
8470 * Language::setCode, deprecated in 1.32, was removed. Use Language::factory to
8471 create a new Language object with a different language code.
8472 * MWNamespace::clearCaches() has been removed. So has the $rebuild parameter
8473 to MWNamespace::getCanonicalNamespaces(), which was deprecated since 1.31.
8474 Instead, reset services, such as by calling $this->overrideMwServices() (if
8475 your test extends MediaWikiTestCase). Services will generally not pick up
8476 configuration changes from after they were created, so you must reset
8477 services after any configuration change. Even if your code works now, it is
8478 likely to break in future versions as more code is moved to services.
8479 * The ill-defined "DatabaseOraclePostInit" hook has been removed.
8480 * PreferencesFormLegacy and PreferencesForm classes, deprecated in 1.32, have
8482 * ObjectFactory class, deprecated in 1.31, has been removed.
8483 * HWLDFWordAccumudlator class, deprecated in 1.28, has been removed.
8484 * XMPInfo, XMPReader and XMPValidate, deprecated in 1.32, have been removed.
8485 * The RedirectSpecialPage::execute method could sometimes return a Title object.
8486 This behavior was removed, and the method now matches the parent signature
8487 (SpecialPage::execute) which is to return HTML string or void.
8488 To obtain the destination title, use RedirectSpecialPage::getRedirect.
8489 * The 'recenteditcount' response property from action API action=query
8490 list=allusers, deprecated in 1.25, has been removed.
8491 * SearchEngine::userNamespaces(), SearchEngine::namespacesAsText(),
8492 SearchEngine::create(), SearchEngine::getSearchTypes() and
8493 SearchEngine::getNearMatch(), methods deprecated in 1.27, have been removed.
8494 * FileRepo::streamFile(), deprecated in 1.26, has been removed.
8495 * User::randomPassword() method, deprecated in 1.27, have been removed.
8496 * MWNamespace::canTalk(), deprecated in 1.30, have been removed.
8497 * Parser class property $mUniqPrefix, deprecated in 1.26, has been removed.
8498 * wfArrayFilter() and wfArrayFilterByKey(), deprecated in 1.32, have been
8500 * wfMakeUrlIndexes() function, deprecated in 1.33, have been removed.
8501 * Method signatures in WatchedItemQueryServiceExtension have changed from taking
8502 User objects to taking UserIdentity objects. Extensions implementing this
8503 interface need to be changed accordingly.
8504 * User::getGroupPage() and ::makeGroupLinkHTML(), deprecated in 1.29, have been
8505 removed. Use UserGroupMembership::getGroupPage and ::getLink instead.
8506 * User::makeGroupLinkWiki(), deprecated in 1.29, has been removed. Use
8507 UserGroupMembership::getLink() instead.
8508 * SavepointPostgres, deprecated in 1.31, has been removed.
8509 * OutputPage::enableSectionEditLinks(), OutputPage::sectionEditLinksEnabled(),
8510 ParserOptions::getEditSection(), ParserOptions::setEditSection(), and
8511 ParserOutput::getEditSectionTokens, ::getTOCEnabled, ::setEditSectionTokens,
8512 and ::setTOCEnabled, deprecated in 1.31, have been removed.
8513 * EditPage::safeUnicodeInput() and ::safeUnicodeOutput(), deprecated in 1.30,
8515 * Four methods in OutputPage, deprecated in 1.32, have been removed. You should
8516 use OutputPage::showFatalError or throw a FatalError instead. The methods are
8517 ::showFileCopyError(), ::showFileRenameError(), ::showFileDeleteError(), and
8518 ::showFileNotFoundError().
8519 * ApiBase::truncateArray(), deprecated in 1.32, has been removed.
8520 * IcuCollation::getICUVersion(), deprecated in 1.32, has been removed. Use PHP's
8521 INTL_ICU_VERSION constant directly.
8522 * HTMLForm::setSubmitProgressive(), deprecated in 1.32, has been removed.
8523 * ResourceLoaderStartUpModules::getStartupModules() and ::getLegacyModules(),
8524 both deprecated in 1.32, have been removed.
8525 * BaseTemplate::msgHtml() and QuickTemplate::msgHtml(), deprecated in 1.32, have
8526 been removed. Use ->msg() or ->getMsg() instead.
8527 * WatchAction::getUnwatchToken(), deprecated in 1.32, has been removed. Instead,
8528 use WatchAction::getWatchToken() with action 'unwatch' directly.
8529 * Language::initEncoding(), ::recodeForEdit(), and recodeInput(), deprecated in
8530 1.28, have been removed.
8531 * PageArchive::getTextFromRow(), ::listAllPages(), and ::getLastRevisionText(),
8532 deprecated in 1.32, have been removed.
8533 * OutputPage::getModuleScripts(), ParserOutput::getModuleScripts(), deprecated
8534 in 1.33, have been removed.
8535 * User::getPasswordValidity(), deprecated in 1.33, has been removed.
8536 * ApiQueryBase::prepareUrlQuerySearchString(), deprecated in 1.33, has been
8538 * ChangeTags::purgeTagUsageCache(), deprecated in 1.33, has been removed.
8539 * JobQueueGroup::pushLazyJobs(), deprecated in 1.33, has been removed.
8540 * MediaWikiTestCase::stashMwGlobals(), deprecated in 1.32, has been removed.
8541 * SearchEngine::transformSearchTerm(), deprecated in 1.32, has been removed.
8542 * The Block typehint only refers to blocks stored in the database. It should be
8543 updated to AbstractBlock in cases where any type of block could be expected.
8544 * FileRepoStatus, deprecated in 1.25, has been removed.
8545 * The LegacyHookPreAuthenticationProvider class, deprecated since its creation
8546 in 1.27, has been removed.
8547 * IP::isValidBlock(), deprecated in 1.30, has been removed.
8548 * WikiPage::prepareContentForEdit now doesn't accept an integer for $revision,
8549 was deprecated in 1.25.
8550 * The jquery.byteLength module, deprecated in 1.31, was removed.
8551 Use the mediawiki.String module instead.
8552 * mw.language.specialCharacters, deprecated in 1.33, has been removed.
8553 Use require( 'mediawiki.language.specialCharacters' ) instead.
8554 * The jquery.colorUtil module was removed. Use jquery.color instead.
8555 * The jquery.checkboxShiftClick module was removed. The functionality
8556 is provided by mediawiki.page.ready instead (T232688).
8557 * The 'jquery.accessKeyLabel' module has been removed. This jQuery
8558 plugin now ships as part of the 'mediawiki.util' module bundle.
8559 * EditPage::submit(), deprecated in 1.29, has been removed. Use $this->edit()
8561 * HTMLForm::getErrors(), deprecated in 1.28, has been removed. Use
8562 getErrorsOrWarnings() instead.
8563 * SpecialPage::getTitle(), deprecated in 1.23, has been removed. Use
8564 SpecialPage::getPageTitle() instead.
8565 * jquery.ui.effect-bounce, jquery.ui.effect-explode, jquery.ui.effect-fold
8566 jquery.ui.effect-pulsate, jquery.ui.effect-slide, jquery.ui.effect-transfer,
8567 which are no longer used, have now been removed.
8568 * SpecialEmailUser::validateTarget(), ::getTarget() without a sender/user
8569 specified, deprecated in 1.30, have been removed.
8570 * BufferingStatsdDataFactory::getBuffer(), deprecated in 1.30, has been removed.
8571 * The constant DB_SLAVE, deprecated in 1.28, has been removed. Use DB_REPLICA.
8572 * The constants NS_IMAGE and NS_IMAGE_TALK, deprecated in 1.14, have been
8573 removed. Use NS_FILE and NS_FILE_TALK respectively.
8574 * Replacer, DoubleReplacer, HashtableReplacer and RegexlikeReplacer
8575 (deprecated in 1.32) have been removed. Closures should be used instead.
8576 * OutputPage::addWikiText(), ::addWikiTextWithTitle(), ::addWikiTextTitleTidy(),
8577 ::addWikiTextTidy(), ::addWikiTextTitle(), deprecated in 1.32, have been
8579 * The $wgUseKeyHeader configuration option and the OutputPage::getKeyHeader()
8580 method, deprecated in 1.32, have been removed.
8581 * WebInstallerOutput::addWikiText(), deprecated in 1.32, has been removed.
8582 * Parser::fetchFile(), deprecated in 1.32, has been removed. Use the method
8583 Parser::fetchFileAndTitle() instead.
8584 * The global function wfBCP47, deprecated in 1.31, has been removed.
8585 * wfCountDown() function, deprecated in 1.31, has been removed. Use
8586 \Maintenance::countDown() method instead.
8587 * OutputPage::wrapWikiMsg() no longer accepts an options parameter. This was
8588 deprecated since 1.20.
8589 * Skin::outputPage() no longer accepts a context. This was deprecated in 1.20.
8590 * Linker::link() no longer accepts a string for the query array, as was
8592 * PrefixSearch::titleSearch(), deprecated in 1.23, has been removed. Use the
8593 SearchEngine::defaultPrefixSearch or ::completionSearch() methods instead.
8594 * The UserRights hook, deprecated in 1.26, has been removed. Instead, use the
8595 UserGroupsChanged hook.
8596 * Skin::getDefaultInstance(), deprecated in 1.27, has been removed. Get the
8597 instance from MediaWikiServices instead.
8598 * The UserLoadFromSession hook, deprecated in 1.27, has been removed.
8599 * The wfResetSessionID global function, deprecated in 1.27, has been removed.
8600 Use MediaWiki\Session\SessionManager instead.
8601 * The wfGetLBFactory global function, deprecated in 1.27, has been removed.
8602 Use MediaWikiServices::getInstance()->getDBLoadBalancerFactory().
8603 * The internal method OutputPage->addScriptFile() will no longer silently drop
8604 calls that use an invalid path (i.e., something other than an absolute path,
8605 protocol-relative URL, or full scheme URL), and will instead pass them to the
8606 client where they will likely 404. This usage was deprecated in 1.24.
8607 * Database::reportConnectionError, deprecated in 1.32, has been removed.
8608 * APIEditBeforeSave hook, deprecated in 1.28, has been removed. Please see
8609 EditFilterMergedContent hook for an alternative way to use this feature.
8610 * API module methods getDescription(), getParamDescription(), & getExamples(),
8611 all deprecated in 1.25 and ignored, have been removed.
8612 * The API module method getDescriptionMessage(), deprecated in 1.30, has been
8614 * The JavaScript global variable wgLoadScript has been removed. Use
8615 mw.util.wikiScript( 'load' ) instead.
8616 * ResourceLoader no longer creates the 'mw.legacy' placeholder object. It has
8617 been unused since 1.16 and was deprecated in 1.22. To deprecate a property
8618 in JavaScript, use mw.log.deprecate() instead.
8619 * The 'user.groups' module, deprecated in 1.28, was removed.
8620 Use the 'user' module instead.
8621 * The ResourceLoaderContext::expandModuleNames method, deprecated in 1.33, was
8622 removed. Use ResourceLoader::expandModuleNames instead.
8623 * The ability to override User::$mRights has been removed. Use
8624 PermissionManager::addTemporaryUserRights() instead.
8625 * Previously, when iterating ResultWrapper with foreach() or a similar
8626 construct, the range of the index was 1..numRows. This has been fixed to be
8628 * The ChangePasswordForm hook, deprecated in 1.27, has been removed. Use the
8629 AuthChangeFormFields hook or security levels instead.
8630 * WikiMap::getWikiIdFromDomain(), deprecated in 1.33, has been removed.
8631 Use WikiMap::getWikiIdFromDbDomain() instead.
8632 * The config variables $wgHtml5, $wgJsMimeType, and $wgXhtmlDefaultNamespace,
8633 which were deprecated and ignored by core since 1.22, are no longer set to any
8634 value, and SkinTemplate no longer emits a 'jsmimetype' key. Any extensions not
8635 updated since 2013 to cope with this deprecation may now break.
8636 * (T222637) Passing ResourceLoaderModule objects to ResourceLoader::register()
8637 or $wgResourceModules is no longer supported.
8638 Use the 'class' or 'factory' option of the array format instead.
8639 * The parameter $lang of the functions generateTOC and tocList in Linker and
8640 DummyLinker must be in type Language when present. Other types are
8641 deprecated since 1.33.
8642 * The static properties mw.Api.errors and mw.Api.warnings, deprecated in 1.29,
8644 * ParserOption::getSpeculativeRevIdCallback(), deprecated in 1.28, has been
8646 * The UploadVerification hook, deprecated in 1.28, has been removed. Instead,
8647 use the UploadVerifyFile hook.
8648 * UploadBase:: and UploadFromChunks::stashFileGetKey() and stashSession(),
8649 deprecated in 1.28, have been removed. Instead, please use the getFileKey()
8650 method on the response from doStashFile().
8651 * LBFactory::setDomainPrefix() and LoadBalancer::setDomainPrefix(), deprecated
8652 in 1.33, have been removed. Use setLocalDomainPrefix() instead.
8653 * IDatabase::implicitGroupby(), deprecated in 1.30, has been removed.
8654 * IDatabase::doneWrites(), deprecated in 1.31, has been removed.
8655 Use IDatabase::lastDoneWrites() instead.
8656 * Database::reportConnectionError(), deprecated in 1.32, has been removed.
8657 * LoadBalancer::laggedSlaveUsed(), deprecated in 1.28, has been removed.
8658 Use LoadBalancer::laggedReplicaUsed() instead.
8659 * Database::getProperty(), deprecated in 1.28, has been removed.
8660 * IDatabase::getWikiId(), deprecated in 1.30, has been removed.
8661 Use IDatabase::getDomainID() instead.
8662 * (T191231) Support for using Oracle or MSSQL as database backends has been
8664 * MessageCache::destroyInstance() has been removed. Instead, call
8665 MediaWikiTestCase::resetServices().
8666 * SearchResult protected field $searchEngine is removed and no longer
8667 initialized after calling SearchResult::initFromTitle().
8668 * The UserIsBlockedFrom hook is only called if a block is found first, and
8669 should only be used to unblock a blocked user.
8670 * Parameters for index.php from PATH_INFO, such as the title, are no longer
8672 * The selectFields() methods on classes LocalFile, ArchivedFile, OldLocalFile,
8673 DatabaseBlock, and RecentChange, deprecated in 1.31, have been removed. Use
8674 the corresponding getQueryInfo() methods instead.
8675 * The following methods on Revision, deprecated since 1.31, have been removed.
8676 Use RevisionStore::getQueryInfo() or RevisionStore::getArchiveQueryInfo()
8678 * Revision::userJoinCond()
8679 * Revision::pageJoinCond()
8680 * Revision::selectFields()
8681 * Revision::selectArchiveFields()
8682 * Revision::selectTextFields()
8683 * Revision::selectPageFields()
8684 * Revision::selectUserFields()
8685 * User::setNewpassword(), deprecated in 1.27 has been removed.
8686 * The ObjectCache::getMainWANInstance and ObjectCache::getMainStashInstance
8687 functions, deprecated since 1.28, have been removed.
8688 * Language::$dataCache has been removed (without prior deprecation, for
8689 practical reasons). Use MediaWikiServices instead to get a LocalisationCache.
8691 === Deprecations in 1.34 ===
8692 * The MWNamespace class is deprecated. Use NamespaceInfo.
8693 * ExtensionRegistry->load() is deprecated, as it breaks dependency checking.
8694 Instead, use ->queue().
8695 * User::isBlocked() is deprecated since it does not tell you if the user is
8696 blocked from editing a particular page. Use User::getBlock() or
8697 PermissionManager::isBlockedFrom() or PermissionManager::userCan() instead.
8698 * User::isLocallyBlockedProxy and User::inDnsBlacklist are deprecated and moved
8699 to the BlockManager as private helper methods.
8700 * User::isDnsBlacklisted is deprecated. Use BlockManager::isDnsBlacklisted
8702 * The Config argument to ChangesListSpecialPage::checkStructuredFilterUiEnabled
8703 is deprecated. Pass only the User argument.
8704 * WatchedItem::getUser is deprecated. Use getUserIdentity.
8705 * Passing a Title as the first parameter to the getTimestampById method of
8706 RevisionStore is deprecated. Omit it, passing only the remaining parameters.
8707 * Title::getPreviousRevisionId and Title::getNextRevisionId are deprecated. Use
8708 RevisionLookup::getPreviousRevision and RevisionLookup::getNextRevision.
8709 * The Title parameter to RevisionLookup::getPreviousRevision and
8710 RevisionLookup::getNextRevision is deprecated and should be omitted.
8711 * MWHttpRequest::factory is deprecated. Use HttpRequestFactory.
8712 * The Http class is deprecated. For the request, get, and post methods, use
8713 HttpRequestFactory. For isValidURI, use MWHttpRequest::isValidURI. For
8714 getProxy, use (string)$wgHTTPProxy. For createMultiClient, construct a
8715 MultiHttpClient directly.
8716 * Http::$httpEngine is deprecated and has no replacement. The default 'guzzle'
8717 engine will eventually be made the only engine for HTTP requests.
8718 * RepoGroup::singleton(), RepoGroup::destroySingleton(),
8719 RepoGroup::setSingleton(), wfFindFile(), and wfLocalFile() are all
8720 deprecated. Use MediaWikiServices instead.
8721 * The getSubjectPage, getTalkPage, and getOtherPage of Title are deprecated.
8722 Use NamespaceInfo's getSubjectPage, getTalkPage, and getAssociatedPage.
8723 * MWMessagePack class, no longer used, has been deprecated in 1.34.
8724 * The Block class is separated into DatabaseBlock (for blocks stored in the
8725 database), and SystemBlock (for temporary blocks created by the system).
8726 SystemBlock should be used when creating any temporary blocks. Block is
8727 a deprecated alias for DatabaseBlock.
8728 * Parser::$mConf is deprecated. It will be removed entirely in a later version.
8729 Some context can be found at T224165.
8730 * Constructing Parser directly is deprecated. Obtain one from ParserFactory.
8731 * Title::moveSubpages is deprecated. Use MovePage::moveSubpages or
8732 MovePage::moveSubpagesIfAllowed.
8733 * The MWNamespace class is deprecated. Use MediaWikiServices::getNamespaceInfo.
8734 * (T62260) Hard deprecate Language::getExtraUserToggles() method.
8735 * Language::viewPrevNext function is deprecated, use
8736 PrevNextNavigationRenderer::buildPrevNextNavigation instead
8737 * User::trackBlockWithCookie and DatabaseBlock::clearCookie are deprecated. Use
8738 BlockManager::trackBlockWithCookie and BlockManager::clearCookie instead.
8739 * DatabaseBlock::setCookie, DatabaseBlock::getCookieValue,
8740 DatabaseBlock::getIdFromCookieValue and AbstractBlock::shouldTrackWithCookie
8741 are moved to internal helper methods for BlockManager::trackBlockWithCookie.
8742 * ResourceLoaderContext::getConfig and ResourceLoaderContext::getLogger have
8743 been deprecated. Inside ResourceLoaderModule subclasses, use the local methods
8744 instead. Elsewhere, use the methods from the ResourceLoader class.
8745 * The Profiler::setTemplated and Profiler::getTemplated methods have been
8746 deprecated. Use Profiler::setAllowOutput and Profiler::getAllowOutput
8748 * The ProfilerOutputDb class, 'profiling' table, and profileinfo.php entry
8749 point had been deprecated (T231366).
8750 * The Preprocessor_DOM implementation has been deprecated. It will be
8751 removed in a future release. Use the Preprocessor_Hash implementation
8753 * Sanitizer::attributeWhitelist() and Sanitizer::setupAttributeWhitelist()
8754 have been deprecated; they will be made private in the future.
8755 * SearchResult::termMatches() method is deprecated. It was unreliable because
8756 only populated by few search engine implementations. Use
8757 SqlSearchResult::getTermMatches() if really needed.
8758 * SearchResult::getTextSnippet( $terms ) the $terms param is being deprecated
8759 and should no longer be passed. Search engine implemenations should be
8760 responsible for carrying relevant information needed for highlighting with
8761 their own SearchResultSet/SearchResult sub-classes.
8762 * SearchResultSet::free() method is deprecated.
8763 * SearchEngine::$searchTerms protected field is deprecated. Moved to
8765 * The use of the $terms param in the ShowSearchHit and ShowSearchHitTitle
8766 hooks is highly discouraged as it's only populated by SearchDatabase search
8768 * Skin::escapeSearchLink() is deprecated. Use Skin::getSearchLink() or the skin
8769 template option 'searchaction' instead.
8770 * Skin::getRevisionId() and Skin::isRevisionCurrent() have been deprecated.
8771 Use OutputPage::getRevisionId() and OutputPage::isRevisionCurrent() instead.
8772 * LoadBalancer::haveIndex() and LoadBalancer::isNonZeroLoad() have
8774 * FileBackend::getWikiId() has been deprecated.
8775 Use FileBackend::getDomainId() instead.
8776 * User::getRights() and User::$mRights have been deprecated. Use
8777 PermissionManager::getUserPermissions() instead.
8778 * The LocalisationCacheRecache hook no longer allows purging of message blobs
8779 to be prevented. Modifying the $purgeBlobs parameter now has no effect.
8780 * SVGMetadataExtractor::getMetadata has been deprecated. Instead, you should
8781 use SVGReader->getMetadata() directly.
8782 * The following public properties on AbstractBlock are deprecated: $mReason,
8783 $mTimestamp, $mExpiry, $mHideName. Use the getters/setters instead.
8784 * The following public properties on DatabaseBlock are deprecated: $mAuto,
8785 $mParentBlockId. To check for an autoblock use DatabaseBlock::getType; to
8786 check for the parent ID, use DatabaseBlock::getParentBlockId.
8787 * SearchEngine::userHighlightPrefs() is deprecated, simply stop passing
8788 $contextlines and $contextchars to the SearchHighlighter methods, they will
8789 use proper defaults defined in SearchHighlighter::DEFAULT_CONTEXT_LINES and
8790 DEFAULT_CONTEXT_CHARS.
8791 * SearchUpdate constructor: passing a string as the title param and or a boolean
8792 or a string as the content will produce a deprecation warning.
8793 * SearchEngine::getTextFromContent() is deprecated, use getTextForSearchIndex()
8794 directly from the Content object.
8795 * SearchEngine::textAlreadyUpdatedForIndex() is deprecated, given the
8796 deprecation above this method is no longer needed/called and should not be
8797 implemented by SearchEngine implementation.
8798 * IDatabase::bufferResults() has been deprecated. Use query batching instead.
8799 * MessageCache::singleton() is deprecated. Use
8800 MediaWikiServices::getMessageCache().
8801 * ObjectCache::getWANInstance() is deprecated. Use
8802 MediaWikiServices::getMainWANObjectCache() instead.
8803 * ObjectCache::newWANCacheFromParams() is deprecated. Use
8804 MediaWikiServices::getMainWANObjectCache() instead.
8805 * Constructing MovePage directly is deprecated. Use MovePageFactory.
8806 * TempFSFile::factory() has been deprecated. Use TempFSFileFactory instead.
8807 * wfIsBadImage() is deprecated. Use the BadFileLookup service instead.
8808 * Building a new SearchResult is hard-deprecated, always call
8809 SearchResult::newFromTitle(). This class is being refactored into an abstract
8810 class. If you extend this class please be sure to override all its methods
8811 or extend RevisionSearchResult.
8812 * Skin::getSkinNameMessages() is deprecated and no longer used.
8813 * The mediawiki.RegExp module is deprecated; use mw.util.escapeRegExp() instead.
8814 * Specifying a SpecialPage object for the list of special pages (either through
8815 the SpecialPage_initList hook or by adding to $wgSpecialPages) is now
8817 * The 'jquery.tabIndex' module is deprecated.
8818 * WebInstaller::getWarningBox() and getErrorBox() are deprecated.
8819 Use Html::errorBox() or Html::warningBox() instead.
8820 * Use of ActorMigration with 'ar_user', 'img_user', 'oi_user', 'fa_user',
8821 'rc_user', 'log_user', and 'ipb_by' is deprecated. Queries should be adjusted
8822 to use the corresponding actor fields directly. Note that use with
8823 'rev_user' is *not* deprecated at this time.
8824 * Specifying both the class and factory parameters for
8825 ApiModuleManager::addModule is now deprecated. The ObjectFactory spec should
8827 * The UserIsHidden hook is deprecated. Use GetUserBlock instead, and add a
8828 system block that hides the user.
8829 * The GetBlockedStatus hook is deprecated. Use GetUserBlock instead, to add or
8831 * $wgContentHandlerUseDB is deprecated and should always be true.
8832 * StreamFile::send404Message() and StreamFile::parseRange() are now deprecated.
8833 Use HTTPFileStreamer::send404Message() and HTTPFileStreamer::parseRange()
8834 respectively instead.
8835 * Global variable $wgSysopEmailBans is deprecated; to allow sysops to ban
8836 users from sending emails, use
8837 $wgGroupPermissions['sysop']['blockemail'] = true;
8838 * ApiQueryBase::showHiddenUsersAddBlockInfo() is deprecated. Use
8839 ApiQueryBlockInfoTrait instead.
8840 * PasswordReset is now a service, its direct instantiation is deprecated.
8841 * RESTBagOStuff users should specify either "JSON" or "PHP" serialization type.
8842 * The global function wfIsHHVM() is deprecated and will now always return false
8843 regardless of the runtime environment. This is part of the continuing work to
8844 remove HHVM support from MediaWiki, which started in MediaWiki 1.31.
8845 * Language::getLocalisationCache() is deprecated. Use MediaWikiServices
8847 * The following Language methods are deprecated: isSupportedLanguage,
8848 isValidCode, isValidBuiltInCode, isKnownLanguageTag, fetchLanguageNames,
8849 fetchLanguageName, getFileName, getMessagesFileName, getJsonMessagesFileName.
8850 Use the new LanguageNameUtils class instead. (Note that fetchLanguageName(s)
8851 are called getLanguageName(s) in the new class.)
8852 * Using the Parser without initializing its $mTitle property to non-null has
8853 been deprecated. In a future release Parser::getTitle() will throw a
8854 TypeError if $mTitle is uninitialized.
8855 * A number of public methods of Parser were exposed only for historical
8856 reasons and have been deprecated: doMagicLinks, doDoubleUnderscore,
8857 doHeadings, doAllQuotes, replaceExternalLinks, replaceInternalLinks,
8858 replaceInternalLinks2, getVariableValue, initialiseVariables, formatHeadings,
8859 testPst, testPreprocess, testSrvus, areSubpagesAllowed, maybeDoSubpageLink,
8860 splitWhitespace, createAssocArgs, armorLinks, makeKnownLinkHolder,
8861 getImageParams, parseLinkParameter, stripAltText, replaceLinkHolders,
8862 replaceLinkHoldersText, armorLinks, makeKnownLinkHolder, getImageParams,
8863 parseLinkParameter, stripAltText.
8865 === Other changes in 1.34 ===
8866 * Added option to specify "Various authors" as author in extension credits using
8867 "..." as the only author name. If the "author" array contains more than one
8868 entry and "..." is one of the entries in the array, "..." will be parsed as
8869 "others" (version-poweredby-others i18n message) like previously.
8870 * (T232563) Browser support ("Grade C") for Internet Explorer 6 and 7
8871 was discontinued. Basic content and security features may no longer
8872 work correctly in these browsers.
8876 == MediaWiki 1.33.4 ==
8878 This is a security and maintenance release of the MediaWiki 1.33 branch.
8880 === Changes since MediaWiki 1.33.3 ===
8881 * (T247017) PasswordReset performance improvements.
8882 * The MultiHttpClient code will fallover to non-curl if curl_multi* is blocked.
8883 * (T250568) Work around change in SimpleXMLElement behavior introduced in PHP
8885 * Remove some rotten and out of date documentation.
8886 * (T252311) Improvements to some older SQLite update patches.
8887 * (T240307) Minor fixes to extension.schema.v2.json and
8888 extension.schema.v1.json.
8889 * rdbms: Add callback for atomic section cancellation.
8890 * (T191668) NameTableStoreTest::getCallCheckingDb simplification.
8891 * Make NameTableStore use LoadBalancer::getConnectionRef().
8892 * (T224949) NameTableStore: ensure consistency upon rollback.
8893 * (T199474) Set rc_patrolled to 2 for autopatrolled changes in
8894 rebuildrecentchanges.php.
8895 * (T229461) Update the change_tag table in rebuildrecentchanges.php.
8896 * (T234450) Per-user concurrency in SpecialContributions can now be limited by
8897 setting $wgPoolCounterConf['SpecialContributions'] appropriately.
8898 * (T248947) SECURITY: img_auth.php may leak private extension images into the
8901 == MediaWiki 1.33.3 ==
8903 This is a security and maintenance release of the MediaWiki 1.33 branch.
8905 === Changes since MediaWiki 1.33.2 ===
8906 * (T245072) mediawiki.language: Rename languageData back to languageNames.
8907 * Use proper SemVer comparison in CheckComposerLockUpToDate.
8908 * (T212738) Add the MW_VERSION constant, global $wgVersion is soft deprecated.
8909 * Update comment about PHP versions supported by The PHP Group.
8910 * (T247215) Fix output of RecountCategories::doWork().
8911 * Add check for page existence to view.php maintenance script.
8912 * (T236509) SECURITY: Fix HTML escaping in UserGroupMembership::getLink().
8913 * (T246602) SECURITY: jquery.makeCollapsible allows applying event handler to
8916 == MediaWiki 1.33.2 ==
8918 This is a security and maintenance release of the MediaWiki 1.33 branch.
8920 === Changes since MediaWiki 1.33.1 ===
8921 * (T217831) (T200653) PopulateContentTables: compute sha1 and length if needed.
8922 * Fix extra newlines in the installer.
8923 * (T236628) Fix for ArticleRevisionViewCustom hook in DifferenceEngine.php.
8924 * (T181658) Do not insert page titles into querycache.qc_value.
8925 * (T206013) Suppress errors when reading invalid XML file properties.
8926 * (T237931) Remove references to pg_attrdef.adsrc in Postgres code.
8927 * Use correct value for 'sslmode' in DatabasePostgres.
8928 * (T232866) Fix support for HTTP/2 in MultiHttpClient.
8929 * (T227461) Stop calling deprecated Redis delete functions.
8930 * (T239561) Mark options as requiring parameters in addSite.php.
8931 * (T219440) Skip flaky rollback test.
8932 * (T232866) Mimic CURLOPT_POST in GuzzleHttpRequest.
8933 * (T239734) Replace deprecated lSize with lLen in Redis code.
8934 * (T192134) SECURITY: Do not allow user scripts on Special:PasswordReset.
8935 * (T239428) ApiEditPage: Test for bad redirect targets.
8936 * (T233342) rdbms: Log debug message traces as 'exception.trace' instead of
8938 * (T226751) media: Log and fail gracefully on invalid EXIF coordinates.
8939 * (T212067) SECURITY: Work around PHP bug in parse_url.
8941 == MediaWiki 1.33.1 ==
8943 This is a security and maintenance release of the MediaWiki 1.33 branch.
8945 === Changes since MediaWiki 1.33.0 ===
8946 * A change that kept people with a database table prefix that didn't
8947 end with an underscore from updating was reverted.
8948 * (T207100) Updated LanguageTr for dotted and dotless I in PHP 7.3.
8949 * The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification
8950 of headers in private wikis.
8951 * (T230317) Allow upgrading from MediaWiki before 1.15 where the valid_tag table
8953 * (T208897) MessageCache: Restore 'loadedLanguages' tracking for load().
8954 * (T228555) MessageCache: Fix isMainCacheable() logic for non-content languages.
8955 * (T200088) Remove title protection correctly for undeletions and imports.
8956 * (T230402) SECURITY: Add permission check for suppressed account to
8958 * Add helper for HTTPFileStreamer header syntax.
8959 * (T227461) ObjectCache: avoid using deprecated phpredis::delete() alias.
8960 * (T231386) SpecialRedirect::dispatchUser() should use a 302 http status code.
8961 * (T118799) Fix XMP parser errors due to trailing nullchar.
8962 * (T230618) Fix GROUP BY in ActiveUsersPager and RecentChangesUpdateJob for
8964 * (T230487) Handle changed defaults in Argon2PasswordTest::testPartialConfig().
8965 * (T233119) Improve documentation for the MinimumPasswordLengthToLogin policy.
8966 * (T227662) Split down patch-comment-table.sql and patch-actor-table.sql into
8967 separate files to help allieviate potential migration problems.
8969 === Upgrading notes for 1.33 ===
8970 1.33 has several database changes since 1.32, and will not work without schema
8971 updates. Note that due to changes to some very large tables like the revision
8972 table, the schema update may take quite long (minutes on a medium sized site,
8973 many hours on a large site).
8975 Don't forget to always back up your database before upgrading!
8977 See the file UPGRADE for more detailed upgrade instructions, including
8978 important information when upgrading from versions prior to 1.11.
8980 Some specific notes for MediaWiki 1.33 upgrades are below:
8982 * Some external link searches will not work correctly until update.php (or
8983 refreshExternallinksIndex.php) is run. These include searches for links using
8984 IP addresses, internationalized domain names, and possibly mailto links.
8985 * If you ran migrateActors.php using an older version of MediaWiki and want to
8986 run your wiki with $wgActorTableSchemaMigrationStage SCHEMA_COMPAT_READ_OLD,
8987 note that log_search rows needed to find revision deletions by target user
8988 were incorrectly deleted. See T215464 for details.
8989 * If revision deletions were performed when the wiki was configured with
8990 $wgActorTableSchemaMigrationStage SCHEMA_COMPAT_WRITE_BOTH and without
8991 migrateActors.php having been run, the log_search table may contain rows with
8992 empty values for "target_author_actor" which will prevent log searches for
8993 revision deletions by target user from finding those log entries. These rows
8994 may be corrected by (re-)running migrateActors.php.
8996 For notes on 1.32.x and older releases, see HISTORY.
8998 == MediaWiki 1.33.0 ==
9000 === Changes since MediaWiki 1.33.0-rc.0 ===
9001 * (T225558) Update installer link to PHP intl.
9002 * (T225901) Only attempt to deduplicate if there is data in archive and revision
9004 * (T225564) Fetch tag ID before calling undefineTag().
9005 * (T225496) Detect APC for MainCacheType in CLI installer.
9006 * Call unpack() with correct parameters in MimeAnalyzer.php for PHP 7.0 support.
9007 * (T212613) Style change tags correctly on Special:Newpages.
9008 * (T202211) Fix SQLite patch-(page|template)links-fix-pk.sql column order.
9010 == MediaWiki 1.33.0-rc.0 ==
9012 === Configuration changes for system administrators in 1.33 ===
9013 ==== New configuration ====
9014 * $wgEnablePartialBlocks – This enables the Partial Blocks feature, which gives
9015 accounts with block permissions the ability to block users, IPs, and IP ranges
9016 from editing specific pages, while allowing them to edit the rest of the wiki.
9017 It is a temporary setting for gradual enablement, current default to `false`,
9018 and will be set to `true` and then removed once initial development completes.
9020 ==== Changed configuration ====
9021 * $wgChangeTagsSchemaMigrationStage (T193868) — This temporary setting, added in
9022 MediaWiki 1.32, now defaults to MIGRATION_NEW instead of MIGRATION_WRITE_BOTH.
9023 * $wgPasswordPolicy – There is a new password policy to check that the account's
9024 password is not in the large blacklist. This is enabled by default for the
9025 built-in user groups bureaucrat, sysop, interface-admin, and bot. To configure
9026 this for other user groups, set the `PasswordNotInLargeBlacklist` flag `true`.
9027 * $wgPasswordDefault – There is a new password type configuration using Argon2
9028 password hashing (which requires PHP 7.2 and above). It's designed to resist
9029 timing attacks, and (on systems with PHP 7.3+) GPU hacking; if you configure
9030 argon2 to be used, by default, it will automatically choose the best available
9031 algorithm depending on which version of PHP you have available. To use this,
9032 you can set `$wgPasswordDefault = 'argon2';`.
9033 * $wgActorTableSchemaMigrationStage now defaults to reading the new schema.
9034 update.php will back-populate the new database fields due to the changed
9035 setting, which may take some time on large wikis. You can avoid downtime by
9036 following a process like that described in T188327.
9038 ==== Removed configuration ====
9039 * $wgTagStatisticsNewTable (T199334) — This temporary setting, added in
9040 MediaWiki 1.32, has now been removed. When loading Special:Tags, MediaWiki
9041 will now always use the `change_tag_def` instead of the `change_tag` table.
9042 * $wgUseTidy, $wgTidyBin, $wgTidyConf, $wgTidyOpts, $wgTidyInternal, and
9043 $wgDebugTidy – These options, all deprecated since 1.26, have now all been
9044 removed, as MediaWiki now always tidies user output. The $wgTidyConfig setting
9045 remains only for experimental features and debugging, and should not be used.
9046 * $wgEnableParserCache – This setting has been deprecated since 1.26, has now
9047 been removed. If you still desire to disable the parser cache, instead you can
9048 set `$wgParserCacheType = CACHE_NONE;`.
9049 * $wgCommentTableSchemaMigrationStage – This temporary migration setting has now
9050 been removed. Code finding it unset should treat it as being MIGRATION_NEW.
9051 * $wgAuth – This old setting, deprecated in 1.27, has been removed as part of
9052 the removal of AuthPlugin.
9053 * $wgSitesCacheFile – This configuration was introduced in 1.25 with the intent
9054 to allow sites to configure a file in which to cache the SiteStore database
9055 table, but it was never used. SiteStore already caches its information by
9056 default using BagOStuff (e.g. Memcached or APC).
9057 * $wgClockSkewFudge – This setting was used by User.php to let sites adjust by
9058 how much MediaWiki would fudge when trying to minimize the chances of a
9059 user.user_touched database update to the "current" timestamp being before the
9060 value already there (e.g. due to clock skew between different servers). This
9061 is no longer a problem, because the code now ensures the timestamp is always
9062 higher than the previous one. The writes are guarded with CAS logic (check
9063 and set), which prevents updates that would overlap.
9064 * $wgDBmysql5 (T196185) - This experimental setting, deprecated in 1.31, has
9067 === New user-facing features in 1.33 ===
9068 * (T96041) __EXPECTUNUSEDCATEGORY__ on a category page causes the category
9069 to be hidden on Special:UnusedCategories.
9070 * (T210814) SVGs are now by default displayed in wiki language on image
9072 * Special:CreateAccount now warns the user if their chosen username has to be
9074 * (T205040) Multilingual images are now be displayed in the current parse
9075 language where available.
9076 * Special:ActiveUsers will no longer filter out users who became inactive since
9077 the last time the active users query cache was updated.
9078 * (T215675) RecentChange and ManualLogEntry implement new Taggable interface.
9079 * (T215675) Added a hook, ManualLogEntryBeforePublish, to allow extensions
9080 to modify (example: add tags) log entries.
9082 === New developer features in 1.33 ===
9083 * The AuthManagerLoginAuthenticateAudit hook has a new parameter for
9084 additional information about the authentication event.
9085 * TextContent::getText() was introduced as a replacement for
9086 Content::getNativeData() for text-based content models.
9087 * (T214706) LinksUpdate::getAddedExternalLinks() and
9088 LinksUpdate::getRemovedExternalLinks() were introduced.
9089 * (T213893) Added 'MaintenanceUpdateAddParams' hook
9090 * (T219655) The MarkPatrolled hook has a new parameter for the tags
9091 associated with this entry in the patrol log.
9092 * (T212472) Extensions can now specify platform abilities they require to work,
9093 limited to shell access for now.
9096 === External library changes in 1.33 ===
9097 ==== New external libraries ====
9098 * Added wikimedia/password-blacklist 0.1.4.
9099 * Added guzzlehttp/guzzle 6.3.3.
9101 ==== Changed external libraries ====
9102 * Updated OOUI from v0.29.2 to v0.31.3.
9103 * Updated OOjs Router from pre-release to v0.2.0.
9104 * Updated moment from v2.19.3 to v2.24.0.
9105 * Updated wikimedia/xmp-reader from 0.6.0 to 0.6.2.
9106 * Updated wikimedia/scoped-callback from 2.0.0 to 3.0.0.
9107 * Updated jquery-client from 2.0.1 to 2.0.2.
9108 * Updated pear/net_smtp from 1.8.0 to 1.8.1.
9109 * Updated cssjanus/cssjanus from 1.2.0 to 1.3.0.
9110 * Updated wikimedia/php-session-serializer from 1.0.6 to 1.0.7.
9112 ==== Removed external libraries ====
9113 * (T219403) jquery.ui.spinner, deprecated since 1.31, was removed.
9116 === Developer library changes in 1.33 ===
9117 ==== New developer libraries ====
9118 * Added jakub-onderka/php-console-highlighter 0.3.2 explicitly (dev-only).
9119 * Added mediawiki/mediawiki-phan-config 0.5.0 (dev-only).
9121 ==== Changed developer libraries ====
9122 * Updated wikimedia/ip-set from 1.3.0 to 2.0.1.
9123 * The deprecated IPSet\IPSet alias was removed, Wikimedia\IPSet must be
9125 * Updated psy/psysh from 0.9.6 to 0.9.9 (dev-only).
9126 * Updated nikic/php-parser from 3.1.3 to 3.1.5 (dev-only).
9127 * Updated mediawiki/mediawiki-codesniffer from 22.0.0 to 25.0.0 (dev-only).
9128 * Updated qunitjs from 2.6.2 to 2.9.1.
9130 ==== Removed developer libraries ====
9131 * The jetbrains/phpstorm-stubs repository was removed in favour of the minimal
9132 stubs we need, which are kept in the new `.phan/internal_stubs` directory
9136 === Bug fixes in 1.33 ===
9137 * (T164211) Special:UserRights could sometimes fail with a
9138 "conflict detected" error when there weren't any conflicts.
9139 * (T216029) Chrome redirects to Special:BadTitle after editing a section with
9140 a non-Latin name on a page with non-Latin characters in title.
9141 * (T222385) resourceloader: Use AND instead of OR for upsert conds in
9142 saveFileDependencies().
9144 === Action API changes in 1.33 ===
9145 * (T198913) Added 'ApiOptions' hook.
9146 * The JSON formatversion=2 is no longer experimental.
9147 * Internal API errors (those with code beginning "internal_api_error") will
9148 include the exception class name in a data field named "errorclass".
9149 * Class names are not guaranteed to remain stable, and in particular database
9150 exceptions will now include the "Wikimedia\Rdbms\" prefix in the class name.
9151 * The code including an exception class name is deprecated. In the future,
9152 all internal errors will use code "internal_api_error".
9153 * (T212356) When using action=delete on pages with many revisions, the module
9154 may return a boolean-true 'scheduled' and no 'logid'. This signifies that the
9155 deletion will be processed via the job queue.
9156 * action=setnotificationtimestamp will now update the watchlist asynchronously
9157 if entirewatchlist is set, so updates may not be visible immediately
9158 * Block info will be added to "blocked" errors from more modules.
9159 * (T216245) Autoblocks will now be spread by action=edit and action=move.
9160 * action=query&meta=userinfo has a new uiprop, 'latestcontrib', that returns
9161 the date of user's latest contribution.
9162 * (T25227) action=logout now requires to be posted and have a csrf token.
9164 === Action API internal changes in 1.33 ===
9165 * A number of deprecated methods for API documentation, intended for overriding
9166 by extensions, are no longer called by MediaWiki, and will emit deprecation
9167 notices if your extension attempts to use them:
9168 * ApiBase::getDescription() (deprecated in 1.25)
9169 * ApiBase::getParamDescription() (deprecated in 1.25)
9170 * ApiBase::getExamples() (deprecated in 1.25)
9171 * ApiBase::getDescriptionMessage() (deprecated in 1.30)
9172 Additionally, the 'APIGetDescription' and 'APIGetParamDescription' hooks have
9173 been removed, as their only use was to let extensions override values returned
9174 by getDescription() and getParamDescription(), respectively.
9175 * API error codes may only contain ASCII letters, numbers, underscore, and
9176 hyphen. Methods such as ApiBase::dieWithError() and
9177 ApiMessageTrait::setApiCode() will throw an InvalidArgumentException if
9179 * ApiBase::checkTitleUserPermissions() now takes an options array as its third
9180 parameter. Passing a User object or null is deprecated.
9181 * The api-feature-usage log channel now has log context. The text message is
9182 deprecated and will be removed in the future.
9184 === Languages updated in 1.33 ===
9185 MediaWiki supports over 350 languages. Many localisations are updated regularly.
9186 Below only new and removed languages are listed, as well as changes to languages
9187 because of Phabricator reports.
9189 * (T203908) Added language support for Eastern Pwo (kjp).
9190 * (T213717) Fixed a translation error on Goan Konkani (gom-deva) translations
9192 * (T212221) Added $digitTransformTable for Santali (sat).
9193 * (T216479) Added language support for Saisiyat (xsy).
9194 * (T219728) Added support for new Japanese era name "Reiwa"
9196 === Breaking changes in 1.33 ===
9197 * The parameteter $lang in DifferenceEngine::setTextLanguage must be of type
9198 Language. Other types are deprecated since 1.32.
9199 * Skin::doEditSectionLink requires type Language for the parameter $lang.
9200 The parameters $tooltip and $lang are mandatory. Omitting the parameters is
9201 deprecated since 1.32.
9202 * Language::truncate(), deprecated in 1.31, has been removed.
9203 * UtfNormal, deprecated in 1.25, was removed. Use UtfNormal\Validator directly
9205 * (T197179) In OOUI HTMLForm fields, the parameters 'notice', 'notice-messages',
9206 and 'notice-message', which were deprecated in 1.32, were removed. Instead,
9207 use 'help', 'help-message', and 'help-messages'.
9208 * (T197179) HTMLFormField::getNotices(), deprecated in 1.32, was removed.
9209 * The "Parsoid v1" compatibility mappings in ParsoidVirtualRESTService and
9210 RestbaseVirtualRESTService, deprecated since 1.26, have been removed.
9211 Use the RESTBase v1 or Parsoid v3 API instead.
9212 * ParserOptions defaults 'tidy' to true now, since the untidy modes of the
9213 parser are being deprecated and ParserOptions::getCanonicalOverrides()
9214 has always been true at any rate.
9215 * Support for disabling tidy and external tidy implementations has been removed.
9216 This was deprecated in 1.32. The pure PHP Remex tidy implementation is now
9217 used and no configuration is necessary.
9218 * A number of deprecated methods for API documentation, intended for overriding
9219 by extensions, are no longer called by MediaWiki, and will emit deprecation
9220 notices if your extension attempts to use them:
9221 * ApiBase::getDescription() (deprecated in 1.25)
9222 * ApiBase::getParamDescription() (deprecated in 1.25)
9223 * ApiBase::getExamples() (deprecated in 1.25)
9224 * ApiBase::getDescriptionMessage() (deprecated in 1.30)
9225 Additionally, the 'APIGetDescription' and 'APIGetParamDescription' hooks have
9226 been removed, as their only use was to let extensions override values returned
9227 by getDescription() and getParamDescription(), respectively.
9228 * The authentication hooks 'AbortAutoAccount' 'AbortNewAccount', 'AbortLogin',
9229 'LoginUserMigrated', 'UserCreateForm', and 'UserLoginForm', all deprecated by
9230 the creation of AuthManager in 1.27, have been removed. This also means that
9231 the FakeAuthTemplate and LoginForm classes are removed, that FakeAuthTemplate
9232 is no longer passed into LoginSignupSpecialPage->getFieldDefinitions(), and
9233 that LoginSignupSpecialPage->getBCFieldDefinitions() is removed.
9234 * The 'jquery.localize' module, deprecated in 1.32, has been removed. Instead,
9236 * The hooks LanguageGetSpecialPageAliases and LanguageGetMagic, deprecated since
9237 1.16, have now been removed. Instead, use $specialPageAliases or $magicWords
9238 respectively in a $wgExtensionMessagesFiles file.
9239 * The following methods of the Preferences class, deprecated in 1.31, have been
9241 * getSaveBlacklist()
9242 * loadPreferenceValues()
9243 * getOptionFromUser()
9244 * profilePreferences()
9246 * filesPreferences()
9247 * datetimePreferences()
9248 * renderingPreferences()
9249 * editingPreferences()
9251 * watchlistPreferences()
9252 * searchPreferences()
9254 * generateSkinOptions()
9258 * validateSignature()
9260 * getTimezoneOptions()
9262 * filterTimezoneInput()
9264 * mw.util.jsMessage(), deprecated in 1.20, was removed. Use mw.notify instead.
9265 * (T61113) User::EDIT_TOKEN_SUFFIX was removed. It was deprecated since 1.27.
9266 * The 'mediawiki.api' module aliases, deprecated in 1.32, have been removed.
9267 Specifically: mediawiki.api.category, mediawiki.api.edit,
9268 mediawiki.api.login, mediawiki.api.options, mediawiki.api.parse,
9269 mediawiki.api.upload, mediawiki.api.user, mediawiki.api.watch,
9270 mediawiki.api.messages, and mediawiki.api.rollback.
9271 * The 'jquery.byteLimit' module alias for 'jquery.lengthLimit',
9272 deprecated in 1.31, was removed.
9273 * Revision::fetchRevision(), deprecated in 1.28, was removed.
9274 * Class SquidUpdate, deprecated in 1.27, was removed.
9275 * Title->getSquidURLs(), deprecated in 1.27, was removed. Instead, use
9276 Title->getCdnUrls().
9277 * Title::escapeFragmentForURL(), deprecated in 1.30, was removed. Use
9278 Sanitizer::escapeIdForLink() or escapeIdForExternalInterwiki() instead.
9279 * Title->canTalk(), deprecated in 1.30, was removed. Instead, use
9280 Title->canHaveTalkPage().
9281 * Title's methods for site and user page related to CSS and JS, deprecated in
9283 * Title->isCssOrJsPage() — Use Title->isSiteConfigPage()
9284 * Title->isCssJsSubpage() – Use Title->isUserConfigPage()
9285 * Title->getSkinFromCssJsSubpage() – Use Title->getSkinFromConfigSubpage()
9286 * Title->isCssSubpage() – Use Title->isUserCssConfigPage()
9287 * Title->isJsSubpage() – Use Title->isUserJsConfigPage()
9288 * SiteSQLStore, deprecated in 1.27 and whose only method, ::newInstance(),
9289 would return the global SiteStore instance, has been removed. You can get to
9290 this via MediaWiki\MediaWikiServices::getInstance()->getSiteStore() directly.
9291 * Linker::formatSize, deprecated in 1.28, has been removed (with DummyLinker's).
9292 Instead, use Language->formatSize() with the relevant Language object.
9293 * Linker::formatTemplates, deprecated in 1.28, has been removed (along with the
9294 version in DummyLinker). You can use TemplatesOnThisPageFormatter directly.
9295 * EventRelayerGroup::singleton(), deprecated in 1.27, has been removed. You can
9296 use MediaWikiServices::getInstance()->getEventRelayerGroup() directly.
9297 * LinkCache->addLink(), deprecated in 1.27, has been removed. It is thought to
9298 be unused, and is distinct from OutputPage->addLink(), which remains.
9299 * JsonContent->getJsonData(), deprecated in 1.25, has been removed. Instead, use
9300 JsonContent->getData().
9301 * MWExceptionHandler::getLogId(), deprecated in 1.27, has been removed, as the
9302 exception ID is the same as the request ID, from WebRequest::getRequestId().
9303 * SearchEngine::getNearMatchResultSet(), deprecated in 1.27, has been removed.
9304 You can use SearchEngine::getNearMatcher() instead.
9305 * EmailNotification::updateWatchlistTimestamp, deprecated in 1.27, has been
9306 removed. Instead, use WatchedItemStore::updateNotificationTimestamp directly.
9307 * User::getGroupName() and ::getGroupMember(), both deprecated in 1.29, have
9308 been removed. Instead, please use UserGroupMembership::getGroupName() and
9309 UserGroupMembership::getGroupMemberName().
9310 * Backwards compatibility for setting wgSessionsInObjectCache to false or using
9311 wgSessionHandler, both of which were deprecated in 1.27 with the introduction
9312 of SessionManager, has been removed.
9313 * SessionManager::autoCreateUser, deprecated in 1.27, has been removed. Use
9314 MediaWiki\Auth\AuthManager::autoCreateUser instead.
9315 * The mw.libs.jpegmeta property, deprecated in 1.31, was removed.
9316 Use require( 'mediawiki.libs.jpegmeta' ) instead.
9317 * The mw.user.stickyRandomId() method, deprecated in 1.32, was removed.
9318 Use mw.user.getPageviewToken() instead.
9319 * Removed deprecated class property WikiRevision::$importer.
9320 * ResourceLoaderFileModule::readStyleFiles() now requires its $context
9322 * The ChangeList::insertArticleLink() method, that was deprecated in 1.27, has
9324 * MessageBlobStore::__construct() now requires its $rl parameter.
9325 * Second parameter to Sanitizer::escapeIdReferenceList() (deprecated in 1.31)
9327 * The 'jquery.xmldom' module has been removed.
9328 * The 'jquery.mockjax' module has been removed.
9329 * The 'jquery.hidpi' module, deprecated in 1.32, has been removed.
9330 * AuthPlugin and related code, deprecated in 1.27, has been removed. Extensions
9331 should instead use AuthManager. The following no longer exist:
9332 * The AuthPlugin class itself and the related AuthPluginUser class and i18n
9333 * The AuthPluginSetup and AuthPluginAutoCreate hooks
9334 * The transitional wrapper classes AuthPluginPrimaryAuthenticationProvider,
9335 AuthManagerAuthPlugin, and AuthManagerAuthPluginUser.
9336 * The $wgAuth configuration setting and its use in Setup.php and unit tests
9337 * (T217772) The 'wgAvailableSkins' mw.config key in JavaScript, was removed.
9338 * Language::markNoConversion, deprecated in 1.32, has been removed. Use
9339 LanguageConverter::markNoConversion instead.
9340 * BagOStuff::modifySimpleRelayEvent() method has been removed.
9341 * ParserOutput::getLegacyOptions, deprecated in 1.30, has been removed.
9342 Use ParserOutput::allCacheVaryingOptions instead.
9343 * CdnCacheUpdate::newSimplePurge, deprecated in 1.27, has been removed.
9344 Use CdnCacheUpdate::newFromTitles() instead.
9345 * Handling of multiple arguments by the Block constructor, deprecated in 1.26,
9347 * The translation of main page in Sardinian (sc) was changed from "Pàgina Base"
9348 to "Pàgina printzipale". Existing wikis using this content language need to
9349 move the main page or change the name through MediaWiki:Mainpage page.
9350 * wfSplitWikiID(), deprecated in 1.32, has been removed.
9351 * MessageBlobStore::getBlob(), deprecated in 1.27, has been removed.
9352 Use ::getBlobs() instead.
9353 * The .background-size() LESS mixin, deprecated in 1.27, has been removed.
9354 * ReadOnlyMode::clearCache() and ConfiguredReadOnlyMode::clearCache() have been
9355 removed. Use MediaWikiTestCase::overrideMwServices() instead.
9356 * Support for the 'aggregator' option of JobQueue (and thus $wgJobTypeConf) was
9357 removed. The JobQueueAggregator interface and JobQueueAggregatorRedis class
9358 have also been removed. They were experimentally developed for use by the
9359 Wikimedia Foundation, but were never used, with no known use cases. (Note that
9360 this does not affect JobQueueRedis which is still supported.)
9362 === Deprecations in 1.33 ===
9363 * The configuration option $wgUseESI has been deprecated, and is expected
9364 to be removed in a future release.
9365 * The configuration option $wgSquidPurgeUseHostHeader has been deprecated,
9366 and is expected to be removed in a future release.
9367 * The configuration options $wgFixArabicUnicode and $wgFixMalayalamUnicode,
9368 introduced in MW 1.17, have been deprecated. These fixes will always be
9369 applied for Arabic and Malayalam in the future. Please enable these on
9370 your local wiki (if you have them explicitly set to false) and run
9371 maintenance/cleanupTitles.php to fix any existing page titles.
9372 * The LegacyHookPreAuthenticationProvider class, deprecated since its creation
9373 in 1.27 as part of the AuthManager re-write, now emits deprecation warnings.
9374 This will help identify the issue if you added it to $wgAuthManagerConfig.
9375 * wfSplitWikiId() is now deprecated. Cache key generation should have the wiki
9376 domain ID as a key component and use makeGlobalKey().
9377 * (T202094) Title::getUserCaseDBKey() is deprecated; instead, please use
9378 Title::getDBkey(), which doesn't vary case.
9379 * User::getPasswordValidity() is now deprecated. User::checkPasswordValidity()
9380 returns the same information in a more useful format.
9381 * For Linker::generateTOC() and Linker::tocList(), passing strings or booleans
9382 as the $lang parameter was deprecated. The same applies to DummyLinker.
9383 * The PasswordPolicy 'PasswordCannotBePopular' has been deprecated. To
9384 follow best practices, it is reccommended to use 'PasswordNotInLargeBlacklist'
9385 instead which blacklists 100,000 commonly used passwords.
9386 * (T208862) Action::requiresUnblock() is now called from
9387 Title::getUserPermissionsErrors() and Title::userCan(). Previously, the method
9388 was only called in Action::checkCanExecute(). Actions should ensure that their
9389 requiresUnblock() returns the proper result (the default is `true`).
9390 * (T211608) The MediaWiki\Services namespace has been renamed to
9391 Wikimedia\Services. The old name is still supported, but deprecated.
9392 * (T155582) Content::getNativeData has been deprecated. Please use model-
9393 specific getters, such as TextContent::getText().
9394 * The class WebInstallerOutput is now marked as @private.
9395 * (T209699) The jquery.async module has been deprecated. JavaScript code that
9396 needs asynchronous behaviour should use Promises.
9397 * Password::equals() is deprecated, use verify().
9398 * BaseTemplate::msgWiki() and QuickTemplate::msgWiki() will be removed. Use
9399 other means to fetch a properly escaped message string or Message object.
9400 * (T126091) The 'ResourceLoaderTestModules' hook, which lets you declare QUnit
9401 testing code for your JavaScript modules, is deprecated. Instead, you can now
9402 use the new extension registration key 'QUnitTestModule'.
9403 * (T213426) The jquery.throttle-debounce module has been deprecated. JavaScript
9404 code that needs this behaviour should use OO.ui.debounce/throttle.
9405 * The mw.language.specialCharacters property from the
9406 'mediawiki.language.specialCharacters' module has been deprecated.
9407 Use require( 'mediawiki.language.specialCharacters' ) instead.
9408 * ChangeTags::purgeTagUsageCache() has been deprecated, and is expected to be
9409 removed in a future release.
9410 * Passing a User object or null as the third parameter to
9411 ApiBase::checkTitleUserPermissions() has been deprecated. Pass an array
9412 [ 'user' => $user ] instead.
9413 * (T211578) Block::prevents is deprecated. Use Block::isEmailBlocked,
9414 Block::isCreateAccountBlocked and Block::isUsertalkEditAllowed to get and set
9415 block properties; use Block::appliesToRight and Block::appliesToUsertalk to
9416 check block behaviour.
9417 * The api-feature-usage log channel now has log context. The text message is
9418 deprecated and will be removed in the future.
9419 * The FileBasedSiteLookup class has been deprecated. For a cacheable SiteLookup
9420 implementation, use CachingSiteStore instead.
9421 * Language::viewPrevNext function is deprecated, use
9422 SpecialPage::buildPrevNextNavigation instead
9423 * ManualLogEntry::setTags() is deprecated, use ManualLogEntry::addTags()
9424 instead. The setTags() method was overriding the tags, addTags() doesn't
9425 override, only adds new tags.
9426 * Block::isValid is deprecated, since it is no longer needed in core.
9427 * Calling Maintenance::hasArg() as well as Maintenance::getArg() with no
9428 parameter has been deprecated. Please pass the argument number 0.
9429 * ResourceLoaderContext::expandModuleNames has been deprecated.
9430 Use ResourceLoader::expandModuleNames instead.
9432 === Other changes in 1.33 ===
9433 * (T201747) Html::openElement() warns if given an element name with a space
9435 * The implementation of buildStringCast() in Wikimedia\Rdbms\Database has
9436 changed to explicitly cast. Subclasses relying on the base-class
9437 implementation should check whether they need to override it now.
9438 * BagOStuff::add is now abstract and must explicitly be defined in subclasses.
9439 * LinksDeletionUpdate is now a subclass of LinksUpdate. As a consequence,
9440 the following hooks will now be triggered upon page deletion in addition
9441 to page updates: LinksUpdateConstructed, LinksUpdate, LinksUpdateComplete.
9442 LinksUpdateAfterInsert is not triggered since deletions do not cause
9443 insertions into links tables.
9444 * Category::newFromID( $id )->getID() will now return $id without any
9445 validation, to avoid a mostly unnecessary DB query.
9446 * On Special:Version, the name for an extension can no longer be arbitrary
9447 html when no link is specified.
9451 == MediaWiki 1.32.6 ==
9453 This is a security and maintenance release of the MediaWiki 1.32 branch.
9455 === Changes since MediaWiki 1.32.5 ===
9456 * (T236628) Fix for ArticleRevisionViewCustom hook in DifferenceEngine.php.
9457 * (T181658) Do not insert page titles into querycache.qc_value.
9458 * (T206013) Suppress errors when reading invalid XML file properties.
9459 * (T237931) Remove references to pg_attrdef.adsrc in Postgres code.
9460 * Use correct value for 'sslmode' in DatabasePostgres.
9461 * (T232866) Fix support for HTTP/2 in MultiHttpClient.
9462 * (T227461) Stop calling deprecated Redis delete functions.
9463 * (T239561) Mark options as requiring parameters in addSite.php.
9464 * (T239734) Replace deprecated lSize with lLen in Redis code.
9465 * (T192134) SECURITY: Do not allow user scripts on Special:PasswordReset.
9466 * (T239428) ApiEditPage: Test for bad redirect targets.
9467 * (T233342) rdbms: Log debug message traces as 'exception.trace' instead of
9469 * (T226751) media: Log and fail gracefully on invalid EXIF coordinates.
9470 * (T212067) SECURITY: Work around PHP bug in parse_url.
9472 == MediaWiki 1.32.5 ==
9474 This is a maintenance release of the MediaWiki 1.32 branch.
9476 === Changes since MediaWiki 1.32.4 ===
9477 * Compute sha1 and length if needed in maintenance/populateContentTables.php.
9478 * Fix extra newlines in the installer.
9479 * Followup T230402, PermissionManager doesn't exist until 1.33, so fix the
9480 backported patches to use User::isAllowed() instead.
9482 == MediaWiki 1.32.4 ==
9484 This is a security and maintenance release of the MediaWiki 1.32 branch.
9486 === Changes since MediaWiki 1.32.3 ===
9487 * (T207100) Updated LanguageTr for dotted and dotless I in PHP 7.3.
9488 * The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification
9489 of headers in private wikis.
9490 * (T230402) SECURITY: Add permission check for suppressed account to
9492 * (T208897) MessageCache: Restore 'loadedLanguages' tracking for load().
9493 * (T200088) Remove title protection correctly for undeletions and imports.
9494 * Add helper for HTTPFileStreamer header syntax.
9495 * (T118799) Fix XMP parser errors due to trailing nullchar.
9496 * (T233119) Improve documentation for the MinimumPasswordLengthToLogin policy.
9497 * Cache redirects from Special:Redirect.
9498 * (T231386) dispatchUser() should use a 302 http status code.
9499 * (T227662) Split down patch-comment-table.sql and patch-actor-table.sql into
9500 separate files to help allieviate potential migration problems.
9501 * Make SQLite's patch-add-3d.sql a no-op to prevent clobbering other database
9504 == MediaWiki 1.32.3 ==
9506 This is a maintenance release of the MediaWiki 1.32 branch.
9508 === Changes since MediaWiki 1.32.2 ===
9509 * (T225558) Update installer link to PHP intl.
9510 * (T225496) Detect APC for MainCacheType in CLI installer.
9511 * (T226766) Remove jetbrains/phpstorm-stubs from composer dev dependencies.
9512 * (T202211) Fix SQLite patch-(image|page|template)links-fix-pk.sql column order.
9514 == MediaWiki 1.32.2 ==
9516 This is a security and maintenance release of the MediaWiki 1.32 branch.
9518 === Changes since MediaWiki 1.32.1 ===
9519 * (T204423) Backport support for hyphenated DB names in JobQueueGroup.
9520 * (T216968) Return pageid as int in both list=iwbacklinks and
9522 * (T215169) Fix for Database::update() with IGNORE option fails on PostgreSQL.
9523 * (T199474) Fix typo in rebuildrecentchanges.php resulting in rogue flags.
9524 * (T218608) SECURITY: Fix an issue that prevents Extension:OAuth working when
9525 $wgBlockDisablesLogin is true.
9526 * (T216029) Chrome redirects to Special:BadTitle after editing a section with
9527 a non-Latin name on a page with non-Latin characters in title.
9528 * Unbreak language related maintenance scripts that use StaticArrayWriter.
9529 * (T219728) Added support for new Japanese era name "Reiwa".
9530 * (T25227) SECURITY: action=logout now requires to be posted and have a csrf
9532 * Updated cssjanus/cssjanus from 1.2.0 to 1.3.0.
9533 * (T221045) Remove orphaned code from ConfigRepository.
9534 * (T222385) resourceloader: Use AND instead of OR for upsert conds in
9535 saveFileDependencies().
9536 * (T224374) Fix message parameters so that the message that says SQLite is
9537 out of date makes sense.
9538 * (T200471) Prevent LBFactorySimple breaking ExternalStorage, when trying to
9539 connect to external server with local database name.
9540 * (T197279) SECURITY: Fix reauth in Special:ChangeEmail.
9541 * (T208881) SECURITY: blacklist CSS var().
9542 * (T209794) SECURITY: rate-limit and prevent blocked users from changing email.
9543 * (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
9544 * (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
9545 * (T222036, T222038) SECURITY: Add permission check for user is permitted to
9547 * (T221739) SECURITY: resources: Patch jQuery 3.3.1 for CVE-2019-11358.
9549 == MediaWiki 1.32.1 ==
9551 === Changes since MediaWiki 1.32.0 ===
9552 * (T213577) rdbms: avoid transaction status errors from ping() in rollback().
9553 * rdbms: Pass required parameter.
9554 * rdbms: do not treat SAVEPOINT and RELEASE SAVEPOINT as write queries.
9555 * (T204531) rdbms: reduce LoadBalancer replication log spam.
9556 * (T213489) Avoid session double-start in Setup.php.
9557 * (T213717) Correct namespace 'Template' for gom-deva
9558 * (T198054) Fix login page crash caused by unknown language via ?uselang
9559 * (T215324) (T210937) list=users mistakenly reports user as missing.
9560 * (T209483) Add ILBFactory::redefineLocalDomain method. This is intended for
9561 use with scripts like addWiki.php to avoid mismatched domain errors.
9562 * (T208871) The hard-coded Google search form on the database error page was
9564 * (T204800) Fix Title::getFragmentForURL for bad interwiki prefix
9565 * (T215566) Fix installer being unable to determine if the database exists
9566 during a fresh installation.
9568 == MediaWiki 1.32.0 ==
9570 === Changes since MediaWiki 1.32.0-rc.2 ===
9571 * (T188327) Fix slow queries in migrateActors.php.
9572 * (T102320) Fix $magicWords for the Sanskrit language.
9574 === Changes since MediaWiki 1.32.0-rc.1 ===
9575 * Fix addition of ug_expiry column to user_groups table on MSSQL.
9576 * (T210307) Fix the cache timestamp for forced updates.
9577 * (T210621) User: Bypass repeatable-read when creating an actor_id.
9578 * (T197535) Extensions can now specify PHP versions and PHP extensions they
9580 * Updated wikimedia/ip-set from v1.2.0 to v1.3.0.
9581 * (T212356) When using action=delete on pages with many revisions, the module
9582 may return a boolean-true 'scheduled' and no 'logid'. This signifies that the
9583 deletion will be processed via the job queue.
9584 * (T64103) Dropped columns category.cat_hidden, site_stats.ss_admins, and
9585 recentchanges.rc_cur_time from the PostgreSQL schema.
9587 === Changes since MediaWiki 1.32.0-rc.0 ===
9588 * (T209885) Prevent populateSearchIndex.php from breaking once actor migration
9590 * (T210998) Properly set $wgLanguageCode in the generated LocalSettings.php
9591 if --lang is used with the command-line installer (install.php).
9593 === Configuration changes in 1.32 ===
9595 ==== New configuration ====
9596 * $wgJpegQuality – The quality of JPEG thumbnails is now configurable through
9597 this setting. The default is 80, which matches the quality of JPEG thumbnails
9598 previously generated by ImageMagick. The quality of JPEG thumbnails generated
9599 by GD was previously 95, but now uses the $wgJpegQuality setting as well.
9600 * $wgCookieSetOnIpBlock - This determines whether to set a cookie when an IP
9601 user is blocked. Doing so means that a blocked user, even after moving to a
9602 new IP address, will still be blocked.
9603 * $wgRawHtmlMessages – This new configuration setting is added for listing
9604 messages which are displayed as raw HTML.
9605 * $wgCSPHeader and $wgCSPReportOnlyHeader – You can now define a
9606 "Content Security Policy" for your wiki. This adds a defense-in-depth feature
9607 to stop an attacker who has found a bug in the parser allowing them to insert
9608 malicious attributes. Disabled by default. (T135963)
9609 * $wgGroupPermissions – A new user group, 'interface-admin', is added for
9610 controlling access to sitewide CSS/JS (and editing other users' CSS/JS). No
9611 other group has 'editsitecss', 'editusercss', 'editsitejs' or 'edituserjs'
9613 * $wgGrantPermissions – A new grant group, 'editsiteconfig', is added for
9614 granting the above rights.
9615 * $wgDBDefaultGroup – A default database group for use by maintenance scripts.
9616 * $wgResourceLoaderEnableJSProfiler – This new configuration setting lets you
9617 enable client-side profiling of JavaScript modules; it is off by default.
9618 * (T193868) $wgChangeTagsSchemaMigrationStage — This temporary configuration
9619 setting allows sysadmins to gradually migrate the database table schema for
9620 how change tags are stored.
9621 * (T199334) $wgTagStatisticsNewTable — This temporary configuration setting
9622 allows sysadmins to enable the caching of Special:Tags via the new
9623 change_tag_def table.
9625 ==== Changed configuration ====
9626 * $wgUseAjax – This setting, deprecated in 1.31, is now ignored.
9627 * $wgDefaultUserOptions – The default watchlist view time (watchlistdays) has
9628 been increased from 3 to 7 days. (T194414)
9629 * $wgGroupPermissions – The right to edit sitewide Javascript
9630 (e.g. MediaWiki:Common.js), CSS or JSON was separated from 'editinterface'
9631 and is available under 'editsitejs'/'editsitecss'/'editsitejson'. Having
9632 'editinterface' is still necessary to edit such pages.
9633 * $wgMultiContentRevisionSchemaMigrationStage now defaults to writing both the
9634 old and the new schema, but reading the new schema, so Multi-Content Revisions
9635 (MCR) are now functional per default. The new default value of the setting is
9636 SCHEMA_COMPAT_WRITE_BOTH | SCHEMA_COMPAT_READ_NEW.
9637 * $wgActorTableSchemaMigrationStage no longer accepts MIGRATION_WRITE_BOTH or
9638 MIGRATION_WRITE_NEW. It instead uses SCHEMA_COMPAT_WRITE_BOTH |
9639 SCHEMA_COMPAT_READ_OLD and SCHEMA_COMPAT_WRITE_BOTH | SCHEMA_COMPAT_READ_NEW
9640 for intermediate stages of migration.
9641 * $wgDBTableOptions – The default table options now use the binary charset. The
9642 default was already overridden in the installer-generated LocalSettings.php,
9643 and so is always set to binary after the installer UI option was removed. The
9644 default value is only used when the installer installs an extension.
9645 * $wgPopularPasswordFile — The location of the default popular passwords file
9646 has been moved to be in line with other non-PHP files used by libraries and
9648 * $wgEnableImageWhitelist is now disabled by default, as it opens up a hole for
9649 potential privacy leaks by administrators. You can check
9650 "MediaWiki:External image whitelist" on your wiki to see whether the feature
9651 was ever used, and whether it needs to be re-enabled.
9653 ==== Removed configuration ====
9654 * $wgEnableAPI and $wgEnableWriteAPI – These settings, deprecated in 1.31,
9655 have been removed. (T115414)
9656 * $wgSiteSupportPage – This setting, unused since 1.5, was removed.
9657 * $wgBrowserBlacklist – This setting, deprecated in 1.30, was removed.
9658 * $wgExperimentalHtmlIds – This setting, deprecated since 1.30, was removed.
9659 The 'html5-legacy' value for $wgFragmentMode is no longer accepted.
9660 * $wgPasswordSenderName - This setting, ignored since 1.23 by MediaWiki and
9661 most extensions, is no longer set. Instead, you can modify the system
9662 message `emailsender`.
9663 * $wgTidyConfig – The experimental Html5Internal and Html5Depurate tidy drivers
9664 were removed. RemexHtml, which is the default, should be used instead.
9665 * (T181318) The $wgStyleVersion setting and its appendage to various script and
9666 style URLs in OutputPage, deprecated in 1.31, was removed.
9667 * (T140807) The wgResourceLoaderLESSImportPaths configuration option was removed
9668 from ResourceLoader. Instead, use `@import` statements in LESS to import
9669 files directly from nearby directories within the same project.
9670 * (T140804) The wgResourceLoaderLESSVars configuration option, deprecated
9671 since 1.30, was removed. Instead, to expose variables from PHP to LESS, use
9672 the ResourceLoaderModule::getLessVars() method.
9673 * $wgResourceLoaderValidateStaticJS – This setting, unused since MediaWiki 1.18,
9675 * Two temporary variables for deploying the feature of filters on change lists,
9676 $wgStructuredChangeFiltersShowPreference introduced in MediaWiki 1.30 and
9677 $wgStructuredChangeFiltersOnWatchlist in 1.31, were removed.
9679 === New features in 1.32 ===
9680 * (T112474) Generalized the ResourceLoader mechanism for overriding modules
9681 using a particular page during edit previews.
9682 * (T12331) You can now log page creation events by setting $wgPageCreationLog
9684 * Added 'ApiParseMakeOutputPage' hook.
9685 * (T174313) Added checkbox on Special:ListUsers to display only users in
9686 temporary user groups.
9687 * (T152462) A cookie can now be set when an IP user is blocked to track that
9688 user if they move to a new IP address. This is disabled by default.
9689 * (T194950) Added 'ApiMaxLagInfo' hook.
9690 * SpecialPage::checkLoginSecurityLevel() will now preserve POST data when
9692 * FormSpecialPage::execute() will now call checkLoginSecurityLevel() if
9693 getLoginSecurityLevel() returns non-false.
9694 * The 'ImageBeforeProduceHTML' hook is now passed three new parameters, $parser,
9695 &$query and &$widthOption, allowing extensions even finer control over the
9696 resulting HTML code.
9697 * Added new 'ArticleShowPatrolFooter' hook, which allows extensions to determine
9698 if the [mark as patrolled] link should be shown at the footer of patrollable
9700 * The array of hidden options ($opts) passed to the 'SpecialSearchPowerBox' hook
9701 is now passed by reference, allowing extensions to modify or even unset it.
9702 * Added new 'OutputPageAfterGetHeadLinksArray' hook, allowing extensions to
9703 modify the return value of OutputPage#getHeadLinksArray in order to add,
9704 remove or otherwise alter the elements to be output in the page <head>.
9705 * (T28934) The 'HistoryPageToolLinks' hook allows extensions to append
9706 additional links to the subtitle of a history page.
9707 * The 'GetLinkColours' hook now receives an additional $title parameter,
9708 the Title object of the page being parsed, on which the links will be shown.
9709 * (T194731) DifferenceEngine supports multiple slots. Added SlotDiffRenderer to
9710 render diffs between two Content objects, and DifferenceEngine::setRevisions()
9711 to render diffs between two custom (potentially multi-content) revisions.
9712 Added GetSlotDiffRenderer hook which works like GetDifferenceEngine for slots.
9713 * Added a temporary action=mcrundo to the web UI, as the normal undo logic
9714 can't yet handle MCR and deadlines are forcing is to put off fixing that.
9715 This action should be considered deprecated and should not be used directly.
9716 * Extensions overriding ContentHandler::getUndoContent() will need to be
9717 updated for the changed method signature.
9718 * Added a new hook, 'UserGetRightsRemove', which can be used to remove rights
9719 from user. Unlike the 'UserGetRights' it will ensure that removed rights
9720 will not be reinserted.
9721 * (T197535) Extensions can now specify PHP versions and PHP extensions they
9724 === External library changes in 1.32 ===
9726 ==== New external libraries ====
9727 * Added pear/Net_SMTP v1.8.0.
9728 * Added wikimedia/xmp-reader v0.6.0.
9730 * Added cache/integration-tests v0.16.0 (dev-only).
9731 * Added giorgiosironi/eris v0.10.0 (dev-only).
9732 * Added seld/jsonlint v1.7.1 (dev-only).
9734 * Added EasyDeflate (unversioned).
9736 ==== Changed external libraries ====
9737 * Updated OOUI from v0.26.3 to v0.29.2.
9738 * Updated wikimedia/base-convert from v1.0.1 to v2.0.0.
9739 * Updated wikimedia/remex-html from v1.0.3 to v2.0.1.
9740 * Updated wikimedia/scoped-callback from v1.0.0 to v2.0.0.
9741 ** ScopedCallback objects can no longer be serialized.
9742 * Updated wikimedia/timestamp from v1.0.0 to v2.2.0.
9743 * Updated wikimedia/wrappedstring from v2.3.0 to v3.0.1.
9744 * oyejorge/less.php replaced with our fork wikimedia/less.php
9745 * Updated wikimedia/ip-set from v1.2.0 to v1.3.0.
9747 * Updated composer/spdx-licenses from v1.3.0 to v1.4.0 (dev-only).
9748 * Updated mediawiki/mediawiki-codesniffer from v18.0.0 to v22.0.0 (dev-only).
9749 * Updated psy/psysh from v0.8.11 to v0.9.6 (dev-only).
9751 * Updated CLDRPluralRuleParser from v0.1.0 to v1.3.2-pre.
9752 * Updated jquery from v3.2.1 to v3.3.1.
9753 * Updated jquery.client from v2.0.0 to v2.0.1.
9754 * Updated jquery.i18n from v1.0.4 to v1.0.5.
9755 * Updated mustache.js from v0.8.2-d9aa703 to v1.0.0.
9756 * Updated OOjs from v2.2.0 to v2.2.2.
9757 * Updated qunitjs from v2.4.0 to v2.6.2.
9758 * Updated sinonjs from v1.17.3 to v1.17.7.
9760 ==== Removed external libraries ====
9761 * pear/mail_mime-decode was removed.
9763 === Bug fixes in 1.32 ===
9764 * SpecialPage::execute() will now only call checkLoginSecurityLevel() if
9765 getLoginSecurityLevel() returns non-false.
9766 * (T43720, T46197) Improved page display title handling for category pages
9767 * (T65080) Fixed resetting options of some types via API action=options.
9769 === Action API changes in 1.32 ===
9770 * Added templated parameters.
9771 * A module can define a templated parameter like "{fruit}-quantity", where
9772 the actual parameters recognized correspond to the values of a multi-valued
9773 parameter. Then clients can make requests like
9774 "fruits=apples|bananas&apples-quantity=1&bananas-quantity=5".
9775 * action=paraminfo will return templated parameter definitions separately
9776 from normal parameters. All parameter definitions now include an "index"
9777 key to allow clients to maintain parameter ordering when merging normal and
9778 templated parameters.
9779 * It is now an error to submit too many values for a multi-valued parameter.
9780 This has generated a warning since MediaWiki 1.14.
9781 * Assertion failures from the 'assert' and 'assertuser' parameters will no
9782 longer use the action module's custom response format, for the few modules
9783 that use custom formatters that handle errors.
9784 * (T198935) User list preferences such as `email-blacklist` and similar
9785 extension preferences are no longer represented as arrays when returned by
9786 action=query&meta=userinfo&uiprop=options.
9787 * 'missingparam' errors will now use the prefixed parameter name in the code
9788 and error text, e.g. "noxxfoo" and "The 'xxfoo' parameter must be set" rather
9789 than "nofoo" and "The 'foo' parameter must be set".
9790 * action=query&prop=revisions now takes a 'rvslots' parameter to indicate the
9791 multi-content revision slots for which content should be returned. It also
9792 has a new rvprop, 'roles', to indicate which roles have slots. A deprecation
9793 warning will be issued if rvprop=content or rvprop=contentmodel are used
9795 * The rvcontentformat parameter to action=query&prop=revisions has been
9796 deprecated. Clients should be prepared to deal with the default format for
9798 * Use of the deprecated parameters rvexpandtemplates, rvgeneratexml, rvparse,
9799 rvdiffto, rvdifftotext, rvdifftotextpst, rvcontentformat, or the deprecated
9800 rvprop=parsetree is forbidden with the new 'rvslots' parameter.
9801 * action=query&prop=deletedrevisions, action=query&list=allrevisions, and
9802 action=query&list=alldeletedrevisions are changed similarly to
9803 &prop=revisions (see the three previous items).
9804 * (T174032) action=compare now supports multi-content revisions.
9805 * It has a 'slots' parameter to select diffing of individual slots. The
9806 default behavior is to return one combined diff.
9807 * The 'fromtext', 'fromsection', 'fromcontentmodel', 'fromcontentformat',
9808 'totext', 'tosection', 'tocontentmodel', and 'tocontentformat' parameters
9809 are deprecated. Specify the new 'fromslots' and 'toslots' to identify which
9810 slots have text supplied and the corresponding templated parameters for
9812 * The behavior of 'fromsection' and 'tosection' of extracting one section's
9813 content is not being preserved. 'fromsection-{slot}' and 'tosection-{slot}'
9814 instead expand the given text as if for a section edit. This effectively
9815 declines T183823 in favor of T185723.
9816 * (T198214) The 'disabletidy' parameter to action=parse has been
9817 deprecated; untidy output will not be supported by future wikitext
9819 * Added intestactionsdetail to action=query&prop=info to allow retrieving the
9820 reasons an action is not allowed.
9821 * Deprecated action=query&prop=info inprop=readable in favor of
9823 * (T212356) When using action=delete on pages with many revisions, the module
9824 may return a boolean-true 'scheduled' and no 'logid'. This signifies that the
9825 deletion will be processed via the job queue.
9827 === Action API internal changes in 1.32 ===
9828 * Added 'ApiParseMakeOutputPage' hook.
9829 * Parameter names may no longer contain '{' or '}', as these are now used for
9830 templated parameters.
9831 * (T194950) Added 'ApiMaxLagInfo' hook.
9832 * The following methods now take a RevisionRecord rather than a Revision. No
9833 external callers are known.
9834 * ApiFeedContributions::feedItemAuthor()
9835 * ApiFeedContributions::feedItemDesc()
9836 * ApiQueryRevisionsBase::extractRevisionInfo()
9837 * The following deprecated methods have been removed:
9838 * ApiBase::profileIn() (deprecated in 1.25)
9839 * ApiBase::profileOut() (deprecated in 1.25)
9840 * ApiBase::safeProfileOut() (deprecated in 1.25)
9841 * ApiBase::profileDBIn() (deprecated in 1.25)
9842 * ApiBase::profileDBOut() (deprecated in 1.25)
9843 * ApiBase::dieUsage() (deprecated in 1.29)
9844 * ApiBase::dieUsageMsg() (deprecated in 1.29)
9845 * ApiBase::dieUsageMsgOrDebug() (deprecated in 1.29)
9846 * ApiBase::getErrorFromStatus() (deprecated in 1.29)
9847 * ApiBase::parseMsg() (deprecated in 1.29)
9848 * ApiBase::setWarning() (deprecated in 1.29)
9849 * ApiPageSet::getInvalidTitles() (deprecated in 1.26)
9850 * ApiQueryLogEvents::addLogParams() (deprecated in 1.25)
9851 * ApiUsageException::getCodeString() (deprecated in 1.29)
9852 * ApiUsageException::getMessageArray() (deprecated in 1.29)
9853 * Class UsageException, deprecated in 1.29, has been removed.
9854 * ApiErrorFormatter: Added getFormat() and newWithFormat(). In particular, you
9855 can now easily test $formatter->getFormat() === 'bc', and then call
9856 $formatter->newWithFormat( 'plaintext' ) to get a non-BC formatter.
9858 === Languages updated in 1.32 ===
9859 MediaWiki supports over 350 languages. Many localisations are updated regularly.
9860 Below only new and removed languages are listed, as well as changes to languages
9861 because of Phabricator reports.
9863 * (T193566) Added language support for Ambonese Malay (abs).
9864 * (T194047) Added language support for Shawiya, Latin script (shy-latn).
9865 * (T195940) Added language support for Batak Mandailing (btm).
9866 * (T137491) Added language support for Standard Moroccan Amazigh (zgh).
9867 * (T198132) Added language support for Manipuri (mni).
9868 * (T201276) Added language support for Western Armenian (hyw).
9869 * (T201583) Added language support for Mon (mnw).
9871 === Breaking changes in 1.32 ===
9872 * $wgRequestTime, deprecated in 1.25, was removed. Use
9873 $_SERVER['REQUEST_TIME_FLOAT'] or WebRequest::getElapsedTime() instead.
9874 * The MediaWikiI18N class, deprecated in 1.31, was removed.
9875 * QuickTemplate::setTranslator(), deprecated in 1.31, was removed. Use
9876 Skin::msg() instead.
9877 * wfInitShellLocale(), deprecated in 1.30, was removed.
9878 * wfShellExecDisabled(), deprecated in 1.30, was removed.
9879 * The type string for the parameter $lang of DateFormatter::getInstance,
9880 deprecated in 1.31, was removed.
9881 * The EDIT_TOKEN_SUFFIX constant deprecated in 1.27, was removed. Use
9882 MediaWiki\Session\Token::SUFFIX instead.
9883 * EditPage::isOouiEnabled() deprecated in 1.30, was removed.
9884 * mw.util.wikiGetlink(), deprecated in 1.23, was removed. Use mw.util.getUrl()
9886 * (T61113) The following methods and constants from the Revision class, which
9887 were deprecated in 1.25, have now been removed:
9888 * Revision::getRawUser()
9889 * Revision::getRawUserText()
9890 * Revision::getRawComment()
9891 * window.gM() from mediawiki.jqueryMsg, deprecated in 1.23, was removed. Use
9892 mw.msg() or mw.message() instead.
9893 * mw.util.escapeId(), deprecated in 1.30, was removed. Use
9894 mw.util.escapeIdForAttribute or mw.util.escapeIdForLink instead.
9895 * mw.util.updateTooltipAccessKeys(), deprecated in 1.24, was removed. Use
9896 jquery.accessKeyLabel instead.
9897 * The SqlDataUpdate class, deprecated in 1.28, has been removed.
9898 * The Html5Internal and Html5Depurate tidy driver classes were removed, along
9899 with the Balancer tidy implementation. Both implementations were experimental,
9900 and were replaced by RemexHtml.
9901 * (T179624) Job::insert() and ::batchInsert(), deprecated in 1.21, were both
9902 removed. Use JobQueueGroup::singleton()->push() instead.
9903 * The jquery.footHovzer module, for mediawiki.debug, was removed.
9904 * The es5-shim module, empty and deprecated since 1.29, was removed.
9905 * the dom-level2-shim module, empty and deprecated since 1.29, was removed.
9906 * the json module, empty and deprecated since 1.29, was removed.
9907 * The mediawiki.widgets.visibleByteLimit module alias, deprecated in 1.32, was
9908 removed. Use mediawiki.widgets.visibleLengthLimit instead.
9909 * The jquery.farbtastic module, unused since 1.18, was removed.
9910 * The 'jquery.expandableField' module, unused since 1.22, was removed.
9911 * The hooks 'PreferencesFormPreSave' and 'PreferencesGetLegend' may provide
9912 any HTMLForm object rather than PreferencesForm.
9913 * The non namespaced TimestampException class, deprecated in 1.29, was removed.
9914 Use Wikimedia\Timestamp\TimestampException instead.
9915 * The global functions codepointToUtf8, hexSequenceToUtf8, utf8ToHexSequence,
9916 utf8ToCodepoint, and escapeSingleString (deprecated in 1.25) were removed.
9917 The UtfNormal\Utils class from the utfnormal library should be used instead.
9918 * The deprecated UTF8_ and UNICODE_ constants were removed. The class constants
9919 from the UtfNormal\Constants class from the utfnormal library should be used
9920 * The protected methods PHPSessionHandler::returnSuccess() and returnFailure(),
9921 only needed for PHP5 compatibility, have been removed. It now uses the boolean
9922 values `true` and `false` respectively.
9923 * The $parserMemc global and wfGetParserCacheStorage(), deprecated since 1.30,
9924 were removed. Use the ParserCache class instead.
9925 * ScopedCallback (deprecated in 1.28) was removed. Use Wikimedia\ScopedCallback
9927 * Support for ResourceLoaderModule::getModifiedTime() and getModifiedHash(),
9928 deprecated since 1.26, was removed. Use getDefinitionSummary() instead.
9929 * (T195256) Skins are recommended not to rely on JavaScript for the "mw-jump"
9930 and "jump-to-nav" accessibility links. To this end, the "jquery.mw-jump"
9931 is no longer loaded by default. The Vector and MonoBook skins have made a
9932 minor change to implement the toggle feature with CSS instead. To restore
9933 prior functionality, either explicitly load "jquery.mw-jump" in your skin
9934 or refer to T195256 for details on how to make the same change.
9935 * Hook 'EditPageBeforeEditChecks' was removed;
9936 use 'EditPageGetCheckboxesDefinition' instead.
9937 * Linker::getLinkColour() and DummyLinker::getLinkColour(), deprecated since
9938 1.28, were removed. LinkRenderer::getLinkClasses() should be used instead.
9939 * Wikimedia\Rdbms\LoadBalancer::getLaggedSlaveMode(), deprecated in 1.28, has
9940 been removed. Use Wikimedia\Rdbms\LoadBalancer::getLaggedReplicaMode()
9942 * mw.widgets.CategoryMultiselectWidget now uses TagMultiselectWidget instead of
9943 CapsuleMultiselectWidget. The following methods may no longer be used:
9944 * setItemsFromData: Use setValue instead
9945 * getItemsData: Use getItems instead and get the data property
9946 * Two OutputPage methods, addMetadataLink() and getMetadataAttribute(), were
9947 removed. Use addLink() instead.
9948 * Another two OutputPage methods, setPageTitleActionText() and
9949 getPageTitleActionText(), were removed. They did nothing since 1.15 (almost
9950 ten years). Use setHTMLTitle() directly.
9951 * The return value of OutputPage::adaptCdnTTL() has been removed. The
9952 value returned was misleading and probably not what any caller would
9954 * All MagicWord static member variables have been removed. Use appropriate
9955 hooks or MagicWordFactory methods instead.
9956 * MagicWord::clearCache() has been removed. Instead, create a new
9957 MagicWordFactory, such as by calling
9958 resetServiceForTesting( 'MagicWordFactory' ) on a MediaWikiServices.
9959 * mw.util.init() has been removed. This function is not needed anymore and was
9960 a no-op function since 1.30.
9961 * SpecialPageFactory::resetList() is a no-op. Call overrideMwServices()
9963 * MediaWiki no longer supports a StartProfiler.php file. Instead, you can set
9964 $wgProfiler and $wgEnableProfileInfo.
9965 * The mw.loader.addSource() is now considered a private method, and no longer
9966 supports the `id, url` signature. Use the `Object` parameter instead.
9967 * The backwards-compatibility code in HTMLForm to add a drop-down control to an
9968 option that is not set to be a drop-down if the "mw-chosen" class is present,
9970 * Several collations were removed. They were workarounds for bugs in the ICU
9971 library and they are no longer needed (as of ICU 57.1):
9972 * 'uppercase-se' (NorthernSamiUppercaseCollation) - use 'uca-se' instead
9973 * 'xx-uca-et' (CollationEt) - use 'uca-et' instead
9974 * 'xx-uca-fa' (CollationFa) - use 'uca-fa' instead
9975 * LanguageCode::bcp47() now always returns a valid BCP 47 code. This means
9976 that some MediaWiki-specific language codes, such as `simple`, are mapped
9977 into valid BCP 47 codes (eg `en-simple`).
9978 * The hooks 'SpecialRecentChangesFilters' & 'SpecialWatchlistFilters' deprecated
9979 in 1.23 were removed. Instead, use 'ChangesListSpecialPageStructuredFilters'.
9980 The ChangesListSpecialPage code for these legacy hooks, and their use in
9981 SpecialRecentchanges.php and SpecialWatchlist, was also removed:
9982 * ChangesListSpecialPage->getCustomFilters()
9983 * ChangesListSpecialPage->getFilterGroupDefinitionFromLegacyCustomFilters()
9984 * ChangesListSpecialPage::customFilters
9985 * The global function wfUseMW, deprecated since 1.26, has now been removed. Use
9986 the "requires" property of static extension registration instead.
9987 * $wgSpecialPages no longer accepts array syntax, deprecated since 1.18.
9988 * The MailAddress constructor can no longer be called with a User object,
9989 behaviour which has been deprecated since 1.24.
9990 * LBFactory, deprecated since 1.28, has been removed. Instead, use
9991 Wikimedia\Rdbms\LBFactory.
9992 * The MimeMagic class, deprecated since 1.28 has been removed. Get a
9993 MimeAnalyzer instance from MediaWikiServices instead.
9994 * The '--tidy' option to maintenance/parse.php has been removed. Tidying
9995 the output is now the default. Use '--no-tidy' to bypass the tidy
9997 * The global function wfErrorLog, deprecated since 1.25, has now been removed.
9998 Use MWLoggerLegacyLogger::emit or UDPTransport.
9999 * The hooks 'SpecialRecentChangesQuery' & 'SpecialWatchlistQuery', deprecated in
10000 1.23, were removed. Instead, use ChangesListSpecialPageStructuredFilters or
10001 ChangesListSpecialPageQuery.
10002 * The global function wfUsePHP, deprecated since 1.30, has now been removed. To
10003 assert a newer version of PHP than MediaWiki does, use extension registration.
10004 * The hook 'ChangesListSpecialPageFilters', deprecated in 1.29, has now been
10005 removed. Use the 'ChangesListSpecialPageStructuredFilters' hook instead.
10006 * DeferredUpdates::setImmediateMode(), deprecated since 1.29, has been removed.
10007 * File / MediaHandler::getStreamHeaders(), deprecated since 1.30, was removed.
10008 * The hook 'DoEditSectionLink', deprecated since 1.25, has been removed. Use
10009 the hook 'SkinEditSectionLinks' instead.
10010 * The hook 'UserGetImplicitGroups', deprecated since 1.25, has been removed.
10011 * The global function wfRunHooks, deprecated since 1.25, has now been removed.
10013 * The hook 'UnknownAction', deprecated since 1.19, has now been removed.
10014 * The hook 'ParserLimitReport', deprecated since 1.22, has been removed. Use
10015 the hooks 'ParserLimitReportPrepare' and 'ParserLimitReportFormat' instead.
10016 * The following deprecated API methods have been removed:
10017 * ApiBase::profileIn() (deprecated in 1.25)
10018 * ApiBase::profileOut() (deprecated in 1.25)
10019 * ApiBase::safeProfileOut() (deprecated in 1.25)
10020 * ApiBase::profileDBIn() (deprecated in 1.25)
10021 * ApiBase::profileDBOut() (deprecated in 1.25)
10022 * ApiBase::dieUsage() (deprecated in 1.29)
10023 * ApiBase::dieUsageMsg() (deprecated in 1.29)
10024 * ApiBase::dieUsageMsgOrDebug() (deprecated in 1.29)
10025 * ApiBase::getErrorFromStatus() (deprecated in 1.29)
10026 * ApiBase::parseMsg() (deprecated in 1.29)
10027 * ApiBase::setWarning() (deprecated in 1.29)
10028 * ApiPageSet::getInvalidTitles() (deprecated in 1.26)
10029 * ApiQueryLogEvents::addLogParams() (deprecated in 1.25)
10030 * ApiUsageException::getCodeString() (deprecated in 1.29)
10031 * ApiUsageException::getMessageArray() (deprecated in 1.29)
10032 * Class UsageException, deprecated in 1.29, has been removed.
10033 * MediaWiki no longer has a 'JavaScript-powered' wikitext toolbar built in. The
10034 old "bulletin board style toolbar", known as "the 2006 wikitext editor", has
10035 been removed, and instead sysadmins will be required to choose one (or more)
10036 of the several extensions available for this purpose if they need the
10037 functionality. The MediaWiki "tarball" releases have included the replacement
10038 extension for this, the WikiEditor extension aka "the 2010 wikitext editor",
10039 for many years now. As part of this, several parts of MediaWiki have been
10040 removed or simplified:
10041 * The user option 'showtoolbar' (shown as "Show edit toolbar") is no longer
10042 available; if an extension adds a toolbar via the EditPageBeforeEditToolbar
10043 hook, it will be shown; extensions should provide a specific user preference
10044 to disable themselves as needed.
10045 * The public methods Language::getImageFile() and ::getImageFiles(), and the
10046 related specification of $imageFiles within individual languages' code file,
10047 as well as the referenced static media assets, all of which were only used
10048 inside MediaWiki itself for providing the icons for the old toolbar, have
10049 been removed without explicit deprecation.
10050 * The internal ResourceLoader module "mediawiki.toolbar", which is unused
10051 except by MediaWiki itself and back-compatibility code, has been removed.
10052 * The internal ResourceLoaderEditToolbarModule class has been removed.
10054 === Deprecations in 1.32 ===
10055 * HTMLForm::setSubmitProgressive() is deprecated. No need to call it. Submit
10056 button is already marked as progressive.
10057 * Skin::setupSkinUserCss() is deprecated. Adding of modules to load
10058 has been centralised to Skin::getDefaultModules(), which is now capable
10059 of queueing style modules as well.
10060 * OutputPage::addModuleScripts() and ParserOutput::addModuleScripts are
10061 deprecated. Use addModules() instead.
10062 * Overriding SearchEngine::{searchText,searchTitle,searchArchiveTitle}
10063 in extending classes is deprecated. Extend related doSearch* methods
10065 * The following 'mediawiki.api' plugin modules were merged into mediawiki.api
10066 and deprecated: mediawiki.api.category, mediawiki.api.edit,
10067 mediawiki.api.login, mediawiki.api.options, mediawiki.api.parse,
10068 mediawiki.api.upload, mediawiki.api.user, mediawiki.api.watch,
10069 mediawiki.api.messages, and mediawiki.api.rollback.
10070 * ApiBase::truncateArray() is deprecated. No replacement, as nothing is known
10072 * WatchAction::getUnwatchToken is deprecated. Use WatchAction::getWatchToken
10073 with the 'unwatch' action parameter instead.
10074 * IcuCollation::getICUVersion() is deprecated, as you can just use the PHP
10075 constant INTL_ICU_VERSION directly in all versions that MediaWiki supports.
10076 * Parser::fetchFile() is deprecated. Use ::fetchFileAndTitle() instead.
10077 * The ApiQueryContributions class has been renamed to ApiQueryUserContribs.
10078 * The XMPInfo, XMPReader, and XMPValidate classes have been deprecated in favor
10079 of the namespaced classes provided by the wikimedia/xmp-reader library.
10080 * SearchResultSet::{next,rewind} are deprecated. Calling code should
10081 use foreach on the SearchResultSet, or the extractResults method. Extending
10082 code should override extractResults.
10083 * Instantiating SearchResultSet directly is deprecated. SearchEngine
10084 implementations must subclass SearchResultSet for their purposes.
10085 * SearchResult::setExtensionData argument has been changed from accepting an
10086 array to accepting a Closure that returns the array when called.
10087 * Class CryptRand, everything in MWCryptRand except generateHex() and function
10088 MediaWikiServices::getInstance()->getCryptRand() are deprecated, use
10089 random_bytes() to generate cryptographically secure random byte sequences.
10090 * Parser::getConverterLanguage() is deprecated. Use ::getTargetLanguage()
10092 * Language::markNoConversion() is deprecated. It confused readers because
10093 it had unexpected behavior (only marking text if it looked like a URL)
10094 and was only used in a single place in the code. Use
10095 LanguageConverter::markNoConversion() instead.
10096 * (T197492) Language::truncate() was soft deprecated in 1.31 and is
10097 hard deprecated in this release. It has been split into two similar
10098 methods, Language::truncateForVisual() and Language::truncateForDatabase(),
10099 which measure length in characters and bytes, respectively. Use
10100 Language::truncateForVisual() when possible to provide equity to users
10101 of multibyte scripts.
10102 * (T176526) EditPage::getContextTitle() falling back to $wgTitle when the
10103 context title is unset is now deprecated; anything creating an EditPage
10104 instance should set the context title via ::setContextTitle().
10105 * The 'jquery.hidpi' module (polyfill for IMG srcset) is deprecated.
10106 * ResourceLoaderStartUpModule::getStartupModules() and ::getLegacyModules()
10107 are deprecated. These concepts are obsolete and have no replacement.
10108 * String type for $lang of DifferenceEngine::setTextLanguage is deprecated.
10109 * The following methods of OutputPage are now deprecated in favour
10110 of using showFatalError directly: OutputPage::showFileDeleteError()
10111 OutputPage::showFileNotFoundError(), OutputPage::showFileRenameError()
10112 OutputPage::showFileCopyError() and OutputPage::showUnexpectedValueError().
10113 * The Replacer, DoubleReplacer, HashtableReplacer, and RegexlikeReplacer
10114 classes are now deprecated. Use a Closure instead.
10115 * (T194263) ContentHandler::makeParserOptions() is deprecated. Use
10116 WikiPage::makeParserOptions() or ParserOptions::newCanonical() instead.
10117 * (T100681) Use of the Parsoid v1 API with the VirtualRESTService, deprecated in
10118 MediaWiki 1.26, is now hard-deprecated. All known clients were converted to
10119 the Parsoid v3 API in May 2015.
10120 * $input is deprecated in hook 'LogEventsListGetExtraInputs'. Use
10121 $formDescriptor instead.
10122 * SearchEngine::transformSearchTerm( $term ) should no longer be called prior
10123 to running searchText. This method was mainly implemented to support the
10124 'prefix' URI param in SpecialSearch, but there are no reasons to expose this
10125 logic as it should be handled internally by SearchEngine implementations
10126 supporting this feature. SearchEngine implementations should no longer
10127 override this methods.
10128 * SearchEngine::replacePrefixes( $query ) should no longer be called prior
10129 to running searchText/searchTitle.
10130 * (T199657) Messages for $wgFilterLogTypes labels should be no longer be in the
10131 'log-show-hide-[type]' format. Instead use 'logeventslist-[type]-log'.
10132 * Global functions wfArrayFilter() and wfArrayFilterByKey() are deprecated.
10133 use array_filter() directly.
10134 * The $wgShowSQLErrors global is deprecated and nonfunctional.
10135 Set $wgShowExceptionDetails and/or $wgShowHostnames instead.
10136 * The $wgShowDBErrorBacktrace global is deprecated and nonfunctional.
10137 Set $wgShowExceptionDetails instead.
10138 * Public access to the DifferenceEngine properties mOldid, mNewid, mOldRev,
10139 mNewRev, mOldPage, mNewPage, mOldContent, mNewContent, mRevisionsLoaded,
10140 mTextLoaded and mCacheHit is deprecated. Use getOldid() / getNewid() /
10141 getOldRevision() / getNewRevision() for the first four (note that the
10142 revision ones return a RevisionRecord, not a Revision), do your own lookup
10144 * The $wgExternalDiffEngine value 'wikidiff2' is deprecated. To use wikidiff2
10145 just enable the PHP extension, and it will be autodetected.
10146 * (T194731) DifferenceEngine properties mOldContent and mNewContent and methods
10147 setContent(), generateContentDiffBody(), generateTextDiffBody() and textDiff()
10148 are deprecated. To interact with a single slot, use a SlotDiffRenderer (and
10149 subclass it to customize diff rendering); to diff custom (e.g. unsaved)
10150 content, use setRevisions(). Subclassing DifferenceEngine should only be done
10151 to customize page-level diff properties (such as the navigation header).
10152 * The wfUseMW function, soft-deprecated in 1.26, is now hard deprecated.
10153 * All MagicWord static methods are now deprecated. Use the MagicWordFactory
10155 * PasswordFactory::init is deprecated. To get a password factory with the
10156 standard configuration, use
10157 MediaWikiServices::getInstance()->getPasswordFactory.
10158 * $wgContLang is deprecated, use
10159 MediaWikiServices::getInstance()->getContentLanguage() instead.
10160 * $wgParser is deprecated, use MediaWikiServices::getInstance()->getParser()
10162 * wfGetMainCache() is deprecated, use ObjectCache::getLocalClusterInstance()
10164 * wfGetCache() is deprecated, use ObjectCache::getInstance() instead.
10165 * All SpecialPageFactory static methods are deprecated. Instead, call the
10166 methods on a SpecialPageFactory instance, which may be obtained from
10168 * mw.user.stickyRandomId was renamed to the more explicit
10169 mw.user.getPageviewToken to better capture its function.
10170 * Passing Revision objects to ContentHandler::getUndoContent() is deprecated,
10171 Content object should be passed instead.
10172 * (T197179) Parameters 'notice', 'notice-messages', 'notice-message',
10173 previously used by OOUI HTMLForm fields, are now deprecated. Use
10174 'help', 'help-message', 'help-messages' instead.
10175 * (T197179) HTMLFormField::getNotices() is now deprecated.
10176 * The jquery.localize module is now deprecated. Use jquery.i18n instead.
10177 * The SecondaryDataUpdates hook was deprecated in favor of RevisionDataUpdates,
10178 or overriding ContentHandler::getSecondaryDataUpdates (T194038).
10179 * The WikiPageDeletionUpdates hook was deprecated in favor of
10180 PageDeletionDataUpdates, or overriding ContentHandler::getDeletionDataUpdates
10182 * Content::getSecondaryDataUpdates has been deprecated in favor of
10183 ContentHandler::getSecondaryDataUpdates() for overriding by extensions
10185 Application logic should call WikiPage::doSecondaryDataUpdates() (T194037).
10186 * Content::getDeletionUpdates has been deprecated in favor of
10187 ContentHandler::getDeletionUpdates() for overriding by extensions (T194038).
10188 Application logic should call WikiPage::doSecondaryDataUpdates() (T194037).
10189 * (T198214) Old Tidy-related configuration settings, which were soft-deprecated
10190 in MediaWiki 1.26, have now been hard deprecated. This affects $wgUseTidy,
10191 $wgTidyBin, $wgTidyConf, $wgTidyOpts, $wgTidyInternal, and $wgDebugTidy. Use
10192 $wgTidyConfig instead.
10193 * All Tidy configurations other than Remex have been hard deprecated;
10194 future parsers will not emit compatible output for these configurations.
10195 In particular, running MediaWiki with tidy disabled has been deprecated.
10196 * (T198214) OutputPage::addWikiText(), OutputPage::addWikiTextWithTitle(),
10197 and OutputPage::addWikiTextTitle() have been deprecated, since they
10198 can result in untidy output. In addition OutputPage::addWikiTextTidy()
10199 and OutputPage::addWikiTextTitleTidy() was deprecated to make naming new
10200 methods consistent. Use OutputPage::addWikiTextAsInterface() or
10201 OutputPage::addWikiTextAsContent() instead, which ensures the output is
10202 tidy and clarifies whether content-language specific postprocessing should
10203 be done on the text.
10204 * OutputPage::parse() and OutputPage::parseInline() have been deprecated
10205 due to untidy output and inconsistent handling of wrapper divs and
10206 interface/content language defaults. Use OutputPage::parseAsContent(),
10207 OutputPage::parseAsInterface(), or OutputPage::parseInlineAsInterface()
10209 * QuickTemplate::msgHtml() and BaseTemplate::msgHtml() have been deprecated
10210 as they promote bad practises. I18n messages should always be properly
10212 * Skin::getDynamicStylesheetQuery() has been deprecated. It always
10213 returns action=raw&ctype=text/css which callers should use directly.
10214 * Class LegacyFormatter is deprecated.
10215 * Use of CommentStore::insertWithTempTable() with 'img_description' is
10216 deprecated. Use CommentStore::insert() instead.
10217 * Language::setCode is deprecated as public function. Use Language::factory
10218 to create a new Language object with a different language code.
10219 * Several classes have been moved from the MediaWiki\Storage\ namespace to the
10220 MediaWiki\Revision\ namespace. The old class names are aliased for
10221 compatibility, but are deprecated. Classes are IncompleteRevisionException,
10222 MutableRevisionRecord, MutableRevisionSlots, RevisionAccessException,
10223 RevisionArchiveRecord, RevisionFactory, RevisionLookup, RevisionRecord,
10224 RevisionSlots, RevisionStore, RevisionStoreRecord, SlotRecord, and
10225 SuppressedDataException.
10226 * When using OOUI HTMLForm containing an 'info' field which uses the 'rawrow'
10227 option, it is now deprecated to give its contents (the 'default' option)
10228 as a string. They should be given as a OOUI\FieldLayout object instead.
10229 Notably, this affects fields defined in the 'GetPreferences' hook, because
10230 Special:Preferences uses an OOUI form now. (If possible, don't use 'rawrow'.)
10231 * In Skin::doEditSectionLink omitting the parameters $tooltip and $lang is
10232 deprecated. For the $lang parameter, types other than Language are
10234 * The $wgUseKeyHeader configuration option and the
10235 OutputPage::getKeyHeader() method have been deprecated; the relevant
10236 draft IETF spec expired without becoming a standard.
10237 * Deprecated API action=query&prop=info inprop=readable in favor of
10238 intestactions=read.
10240 === Other changes in 1.32 ===
10241 * (T198811) The following tables have had their UNIQUE indexes turned into
10242 proper PRIMARY KEYs for increased maintainability: interwiki, page_props,
10243 protected_titles and site_identifiers.
10244 * OOUI HTMLForm will now display help text inline after the input field,
10245 rather than in a popup. Previous behavior can be restored by using
10246 `'help-inline' => false`.
10247 * The archive table's ar_rev_id field is now unique.
10248 * Special:BotPasswords now requires reauthentication.
10249 * (T174023) Multi-Content Revision (MCR) capabilities were introduced into the
10250 storage layer and have basic support for display. No user interface exists
10251 yet for creating or managing content in slots beides the main slot. See
10252 <https://www.mediawiki.org/wiki/Multi-Content_Revisions> for more
10254 * The image_comment_temp database table has been removed. Since all access
10255 should be mediated by the CommentStore class, this change shouldn't affect
10257 * (T206147) Database::close() will no longer commit any open transactions.
10258 * (T64103) Dropped columns category.cat_hidden, site_stats.ss_admins, and
10259 recentchanges.rc_cur_time from the PostgreSQL schema.
10263 == MediaWiki 1.31.16 ==
10265 This is a security and maintenance release of the MediaWiki 1.31 branch.
10267 This is intended to be the final release of the MediaWiki 1.31 branch,
10268 and as such, 1.31 is now considered End of Life.
10270 === Changes since MediaWiki 1.31.15 ===
10271 * (T283273) Make postgres IRC channel point to libera.chat.
10272 * (T289108) ExtensionProcessor: Remove loaderScripts from
10273 extension.json schemas.
10274 * (T285515, CVE-2021-41798) SECURITY: XSS vulnerability in
10276 * (T290379, CVE-2021-41799) SECURITY: ApiQueryBacklinks can cause a full
10278 * (T284419, CVE-2021-41800) SECURITY: fix PoolCounter protection of
10279 Special:Contributions.
10281 == MediaWiki 1.31.15 ==
10283 This is a security and maintenance release of the MediaWiki 1.31 branch.
10285 === Changes since MediaWiki 1.31.14 ===
10286 * (T270988) Fixup issues in SpecialChangeContentModel.php.
10287 * (T278026) rdbms: Add DB_PRIMARY to replace DB_MASTER.
10288 * (T276945) Define a batch size in maintenance/manageJobs.php.
10289 * (T276945) Implement JobQueueDB::getAllAbandonedJobs.
10290 * (T281549) WebInstaller: Don't show the announce-l subscribe
10291 checkbox temporarily.
10292 * (T283247) Freenode -> Libera per wikimedia moving from
10293 freenode to libera.
10294 * (T280226, CVE-2021-35197) SECURITY: Prevent blocked users from
10297 == MediaWiki 1.31.14 ==
10299 This is a maintenance release of the MediaWiki 1.31 branch.
10301 === Changes since MediaWiki 1.31.13 ===
10302 * Make Title implement IDBAccessObject.
10304 == MediaWiki 1.31.13 ==
10306 This is a security and maintenance release of the MediaWiki 1.31 branch.
10308 === Changes since MediaWiki 1.31.12 ===
10309 * (T115436) resourceloader: CSSMin::getLocalFileReferences now strips
10311 * Updating php-parallel-lint/php-parallel-lint (0.9.2 => 1.0.0).
10312 * Updating mediawiki/codesniffer (19.1.0 => 19.4.0).
10313 * DefaultSettings.php: Update $wgPingback documentation.
10314 * PHPVersionCheck: The PHP Group only supports PHP >= 7.3.0.
10315 * (T275261) Escape wikitext in the title in invalid title error messages.
10316 * (T277009, CVE-2021-30158) SECURITY: Allow blocked users to access
10317 Special:ResetTokens.
10318 * pageExist.php: Output trailing newlines.
10319 * (T278058, CVE-2021-30157) SECURITY: Escape rcfilters-filter-* messages
10320 on ChangesList pages.
10321 * (T277414) HTMLFormField: Use non namespaced class name rather than
10323 * (T268230) Switch to new MediaWiki logo by Serhio Magpie.
10324 * (T271735) Expand config-pingback-help, link to privacy policy in
10326 * Fix documentation of user-global in $wgRateLimits.
10327 * BackupDumper: Add -o as shortcode for --output.
10328 * (T278014, CVE-2021-30154) SECURITY: Escape mediastatistics-header-*
10329 messages on Special:NewFiles.
10330 * (T270713, CVE-2021-30152) SECURITY: Allow user to only apply protection
10331 they have right to do so via action=protect.
10332 * (T272386, CVE-2021-30159) SECURITY: Non-admin deleted enwiki page in
10334 * (T270988, CVE-2021-30155) SECURITY: ContentModelChange: Check that user
10336 * (T276843, CVE-2021-20270, CVE-2021-27291) SECURITY:
10337 SyntaxHighlight_GeSHi: Various lexers have been disabled due to DoS
10340 == MediaWiki 1.31.12 ==
10342 This is a maintenance release of the MediaWiki 1.31 branch.
10344 === Changes since MediaWiki 1.31.11 ===
10345 * Fixed issues relating to User::isRegistered() not existing in 1.31.
10347 == MediaWiki 1.31.11 ==
10349 This is a security and maintenance release of the MediaWiki 1.31 branch.
10351 === Changes since MediaWiki 1.31.10 ===
10352 * Fix undefined $wgRedirectOnLogin.
10353 * (T251661, T265313) CentralIdLookup::factoryNonLocal can return null.
10354 * (T263592) media: Fix case of FlashPixVersion in
10355 FormatMetadata::makeFormattedData().
10356 * (T265223) BaseTemplate: Guard against passing zero arg to array_merge().
10357 * (T266418) composer.json: add requirement for composer-plugin-api ^1.1.
10358 * (T260631, T260633), BotPassword::save() now returns a Status object for the
10359 result rather than a bool. The length of the bot password grants and
10360 restriction fields are now validated, and an error will be thrown if it
10361 would be truncated by the database.
10362 * (T264536, T233012) SectionProfiler: Do not attempt to use null values as
10364 * (T269178) MemcachedClient: Cast Resource to integer.
10365 * (T268917, CVE-2020-35475) SECURITY: Use Xml::element in SpecialUserrights for
10367 * (T268938, CVE-2020-35479) SECURITY: BlockLogFormatter can output raw html.
10368 * (T205908, CVE-2020-35477) SECURITY: Unable to change visibility of log entries
10369 when MediaWiki:Mainpage uses Special:MyLanguage.
10370 * (T120883, CVE-2020-35480) SECURITY: Divergent behavior for contributions and
10371 user pages of hidden users and missing users.
10373 == MediaWiki 1.31.10 ==
10375 This is a maintenance release of the MediaWiki 1.31 branch.
10377 === Changes since MediaWiki 1.31.9 ===
10378 * Fixed issues relating to backporting of changes for T260485.
10380 == MediaWiki 1.31.9 ==
10382 This is a security and maintenance release of the MediaWiki 1.31 branch.
10384 === Changes since MediaWiki 1.31.8 ===
10385 * In the web installer, use secure session cookies.
10386 * (T257207) shell: Expand documentation in firejail.profile.
10387 * Added $wgForceHTTPS, which makes the HTTP to HTTPS redirect be unconditional
10388 and suppresses various hacks needed to support mixed HTTP/HTTPS wikis. We
10389 recommend this be set to true on pure HTTPS wikis.
10390 * Added $wgCookieSameSite, which allows login cookies to be sent with
10391 SameSite=None. This is required for cross-site CentralAuth autologin after
10393 * Added $wgUseSameSiteLegacyCookies, which adds a compatibility hack to
10394 SameSite=None cookies for browsers which implemented an incompatible draft
10395 version of the specification.
10396 * (T191537) Disable WebResponse setters for post-send processing.
10397 * (T198525) WebReponse: Use values altered in 'WebResponseSetCookie' hook.
10398 * Fix runBatchedQuery.php for no result from select.
10399 * (T130906) Add Edge to MediaWiki:Clearyourcache.
10400 * Use IPset in MWRestrictions::checkIP.
10401 * (T260031) Add application/font-sfnt to MimeMap for ttf files.
10402 * shell: Make ->restrict( RESTRICT_NONE ) actually work.
10403 * (T183759) Fixes shell edge-cases in Windows.
10404 * (T258390) Add CentralIdLookup::factoryNonLocal().
10405 * (T246991) User: Fix pingLimiter() to use makeGlobalKey() for global rate
10407 * (T251661, CVE-2020-25827) SECURITY: User::pingLimiter: add user-global rate
10409 * (T246991) User: enforce pingLimiter() expiry time.
10410 * (T260232) don't include null page ids in query list for category dumps.
10411 * (T251506) Sanitizer: Truncate IDs to a reasonable length.
10412 * Explicitly wrap some XML calls in libxml_disable_entity_loader().
10413 * (T263455 T247285) Set EnableJavaScriptTest to true in
10414 includes/DevelopmentSettings.php.
10415 * (T232568, CVE-2020-25813) SECURITY: Special:UserRights exposes the existence
10417 * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking
10418 firejail's --output functionality.
10419 * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and
10421 * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in
10422 mw.message( ... ).parse().
10423 * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct
10425 * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used.
10427 == MediaWiki 1.31.8 ==
10429 This is a security and maintenance release of the MediaWiki 1.31 branch.
10431 === Changes since MediaWiki 1.31.7 ===
10432 * (T199809) Don't invalidate BotPasswords if a password reset email is sent.
10433 * (T247017) PasswordReset performance improvements.
10434 * (T250568) Work around change in SimpleXMLElement behavior introduced in PHP
10436 * Remove some rotten and out of date documentation.
10437 * (T252311) Improvements to some older SQLite update patches.
10438 * (T240307) Minor fixes to extension.schema.v2.json and
10439 extension.schema.v1.json.
10440 * (T199474) Set rc_patrolled to 2 for autopatrolled changes in
10441 rebuildrecentchanges.php.
10442 * (T229461) Update the change_tag table in rebuildrecentchanges.php.
10443 * (T206476) Call ob_start() before running tests.
10444 * (T234450) Per-user concurrency in SpecialContributions can now be limited by
10445 setting $wgPoolCounterConf['SpecialContributions'] appropriately.
10446 * (T248947) SECURITY: img_auth.php may leak private extension images into the
10449 == MediaWiki 1.31.7 ==
10451 This is a security and maintenance release of the MediaWiki 1.31 branch.
10453 === Changes since MediaWiki 1.31.6 ===
10454 * (T193565, T234022) Re-add DB domain sanity checks to LoadBalancer.
10455 * Use proper SemVer comparison in CheckComposerLockUpToDate.
10456 * (T212738) Add the MW_VERSION constant, global $wgVersion is soft deprecated.
10457 * Update comment about PHP versions supported by The PHP Group.
10458 * (T247215) Fix output of RecountCategories::doWork().
10459 * Add check for page existence to view.php maintenance script.
10460 * (T247580) Disable some broken Selenium tests.
10461 * (T236509) SECURITY: Fix HTML escaping in UserGroupMembership::getLink().
10462 * (T246602) SECURITY: jquery.makeCollapsible allows applying event handler to
10465 == MediaWiki 1.31.6 ==
10467 This is a security and maintenance release of the MediaWiki 1.31 branch.
10469 === Changes since MediaWiki 1.31.5 ===
10470 * (T181658) Do not insert page titles into querycache.qc_value.
10471 * (T206013) Suppress errors when reading invalid XML file properties.
10472 * (T237931) Remove references to pg_attrdef.adsrc in Postgres code.
10473 * Use correct value for 'sslmode' in DatabasePostgres.
10474 * (T232866) Fix support for HTTP/2 in MultiHttpClient.
10475 * (T227461) Stop calling deprecated Redis delete functions.
10476 * (T239561) Mark options as requiring parameters in addSite.php.
10477 * (T239734) Replace deprecated lSize with lLen in Redis code.
10478 * (T192134) SECURITY: Do not allow user scripts on Special:PasswordReset.
10479 * (T239428) ApiEditPage: Test for bad redirect targets.
10480 * (T233342) rdbms: Log debug message traces as 'exception.trace' instead of
10482 * (T226751) media: Log and fail gracefully on invalid EXIF coordinates.
10483 * (T212067) Work around PHP bug in parse_url.
10485 == MediaWiki 1.31.5 ==
10487 This is a maintenance release of the MediaWiki 1.31 branch.
10489 === Changes since MediaWiki 1.31.4 ===
10490 * Fix extra newlines in installer.
10491 * Followup T230402, PermissionManager doesn't exist until 1.33, so fix the
10492 backported patches to use User::isAllowed() instead.
10494 == MediaWiki 1.31.4 ==
10496 This is a security and maintenance release of the MediaWiki 1.31 branch.
10498 === Changes since MediaWiki 1.31.3 ===
10499 * (T207100) Updated LanguageTr for dotted and dotless I in PHP 7.3.
10500 * The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification
10501 of headers in private wikis.
10502 * (T230402) SECURITY: Add permission check for suppressed account to
10504 * Add helper for HTTPFileStreamer header syntax.
10505 * (T118799) Fix XMP parser errors due to trailing nullchar.
10506 * (T233119) Improve documentation for the MinimumPasswordLengthToLogin policy.
10507 * (T202183) Give more specific error messages on Special:Redirect.
10508 * Cache redirects from Special:Redirect.
10509 * (T231386) dispatchUser() should use a 302 http status code.
10510 * (T227662) Split down patch-comment-table.sql and patch-actor-table.sql into
10511 separate files to help allieviate potential migration problems.
10512 * Make SQLite's patch-add-3d.sql a no-op to prevent clobbering other database
10515 == MediaWiki 1.31.3 ==
10517 This is a maintenance release of the MediaWiki 1.31 branch.
10519 === Changes since MediaWiki 1.31.2 ===
10520 * (T225558) Update installer link to PHP intl.
10521 * (T225496) Detect APC for MainCacheType in CLI installer.
10522 * (T226766) Remove jetbrains/phpstorm-stubs from composer dev dependencies.
10523 * (T202211) Fix SQLite patch-(image|page|template)links-fix-pk.sql column order.
10525 == MediaWiki 1.31.2 ==
10527 This is a security and maintenance release of the MediaWiki 1.31 branch.
10529 Required PHP version has been increased from 7.0.0 to 7.0.13.
10531 === Changes since MediaWiki 1.31.1 ===
10532 * (T204729) WatchedItemStore::countVisitingWatchersMultiple() shouldn't query
10533 all titles when asked for none.
10534 * (T205967) Fix syntax error typo in postgres database upgrade file.
10535 * (T200254) Add pear/Net_SMTP 1.7.3 to composer dependencies.
10536 * (T206765) Load installer i18n when running update.php.
10537 * (T109121) Remove deprecated pear/mail_mime-decode from composer suggested
10539 [Also in the bundled composer /vendor directory.]
10540 * Various PHP 7.2 and 7.3 compatibility fixes:
10541 * (T200595, T206974) Fix PHP 7.3 warnings of using "continue" in some
10542 scenarios instead of "break".
10543 * (T206976, T206977) Also in the bundled LocalisationUpdate and
10544 ParserFunctions extensions.
10545 * (T206979) Fix PHP 7.3 warnings of using "compact()" when some variables may
10547 * (T215632) FormatMetadata and UploadStash regexes fixed to be PHP
10549 * Fix PHP warnings "preg_replace(): [...] invalid range in character class.
10550 * Avoid PHP 7.2 warnings in DBConRefTest about count() on non-Countable.
10551 * Suppress "Headers already sent" in PHP 7.2 too.
10552 * (T206476) Output only to stderr in unit tests.
10553 * (T207112) Add session_write_close() calls to SessionManager tests.
10554 * oyejorge/less.php replaced with our fork wikimedia/less.php
10555 * (T209756) Updated wikimedia/ip-set from 1.2.0 to 1.3.0.
10556 * (T213489) Avoid session double-start in Setup.php.
10557 * (T206975) Switch to our fork of less.php.
10558 * (T207540) Include IP address in "Login for $1 succeeded" log entry.
10559 * (T201781) Database: Allow selectFieldValues() to accept SQL fragments.
10560 * (T205765) installer: Don't link to the obsolete "Extension Matrix" page.
10561 * (T206013) Update ImportableUploadRevisionImporter for interwiki usernames.
10562 * (T207541) Pass an email address, not a MailAddress, to mail().
10563 * (T207603) SECURITY: User JS may no longer be loaded with mime type
10564 text/javascript if there is no account associated with the username.
10565 * (T112937, T113042) SECURITY: Do not allow loading pages raw with a
10566 text/javascript MIME
10567 type if non-admins can edit the page.
10568 * (T17491) <ins>/<del> elements can be phrasing or flow.
10569 * (T200827) RemexCompatMunger: Don't call endTag() in case B/b
10570 * (T207088) Upgrade wikimedia/remex-html to 2.0.1.
10571 [Also in the bundled composer /vendor directory.]
10572 * (T194052) Updated wikimedia/base-convert from 1.0.1 to 2.0.0.
10573 [Also in the bundled composer /vendor directory.]
10574 * (T199494) Fix notices in maintenance/removeUnusuedAccounts.php.
10575 * Require ext-fileinfo in composer.json, per PHPVersionCheck.
10576 * (T176390) Bundled LocalisationUpdate extension: Handle exceptions from
10578 * (T208255) Completion search should not change the search query.
10579 * (T209870) Fix SQL syntax error in MS-SQL initialisation file for new wikis.
10580 * (T185049) LogFormatter: Fail softer when trying to link an invalid titles.
10581 * (T210998) Properly set $wgLanguageCode in the generated LocalSettings.php
10582 if --lang is used with the command-line installer (install.php).
10583 * (T211061) ImageListPager: Actor migration for buildQueryConds().
10584 * (T209335) Clarify the default sidebar 'Help' link is about MediaWiki itself.
10585 * Fix addition of ug_expiry column to user_groups table on MSSQL.
10586 * (T204767) Add join conditions to ActiveUsersPager.
10587 * (T210621) User: Bypass repeatable-read when creating an actor_id.
10588 * (T204531) rdbms: reduce LoadBalancer replication log spam.
10589 * (T195525) Fix db error outage page.
10590 * (T208871) The hard-coded Google search form on the database error page was
10592 * (T176097) Fix flaky MessageBlobStoreTest assertion failures.
10593 * (T209423) Update required PHP version to 7.0.13.
10594 * (T209885) Prevent populateSearchIndex.php from breaking once actor migration
10596 * (T216968) Return pageid as int in both list=iwbacklinks and
10597 list=langbacklinks.
10598 * (T215169) Fix for Database::update() with IGNORE option fails on PostgreSQL.
10599 * (T204423) Backport support for hyphenated DB names in JobQueueGroup.
10600 * (T199474) Fix typo in rebuildrecentchanges.php resulting in rogue flags.
10601 * (T218608) SECURITY: Fix an issue that prevents Extension:OAuth working when
10602 $wgBlockDisablesLogin is true.
10603 * (T216029) Chrome redirects to Special:BadTitle after editing a section with
10604 a non-Latin name on a page with non-Latin characters in title.
10605 * (T219728) Added support for new Japanese era name "Reiwa".
10606 * (T25227) SECURITY: action=logout now requires to be posted and have a csrf
10608 * Updated cssjanus/cssjanus from 1.2.0 to 1.3.0.
10609 * (T222385) resourceloader: Use AND instead of OR for upsert conds in
10610 saveFileDependencies().
10611 * (T224374) Fix message parameters so that the message that says SQLite is out
10612 of date makes sense.
10613 * SpecialPage::checkLoginSecurityLevel() will now preserve POST data when
10615 * FormSpecialPage::execute() will now call checkLoginSecurityLevel() if
10616 getLoginSecurityLevel() returns non-false.
10617 * (T197279) SECURITY: Fix reauth in Special:ChangeEmail.
10618 * (T208881) SECURITY: blacklist CSS var().
10619 * (T209794) SECURITY: rate-limit and prevent blocked users from changing email.
10620 * (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
10621 * (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
10622 * (T222036, T222038) SECURITY: Add permission check for user is permitted to
10624 * (T221739) SECURITY: resources: Patch jQuery 3.2.1 for CVE-2019-11358.
10626 == MediaWiki 1.31.1 ==
10628 This is a security and maintenance release of the MediaWiki 1.31 branch.
10630 === Changes since MediaWiki 1.31.0 ===
10631 * (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides
10633 * (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's
10635 * (T199029, CVE-2018-13258) SECURITY: Tarball was missing .htaccess files.
10636 * (T197229) Bundle Nuke extension, it was accidentally omitted.
10637 * (T193995) Fix undefined patchPath() method call in parser tests.
10638 * (T198687) Fix various selectFields methods to use the string 'NULL', not null.
10639 * Special:BotPasswords now requires reauthentication.
10640 * (T191608, T187638) Add 'logid' parameter to Special:Log.
10641 * (T193829) Indicate when a Bot Password needs reset.
10642 * (T198037) GitInfo: Don't try shelling out if it's disabled.
10643 * (T151415) Log email changes.
10644 * (T197206) Fix performance regression when multiple DB used without caching.
10645 * (T197030) PHPSessionHandler: Suppress headers warnings in initialize().
10646 * (T182377, T196793) Exif: Guard against uncountable tag values.
10647 * (T200861) Fix total breakage of SQLite web upgrade.
10648 * (T200864) Fix pingback over-reporting on non-MySQL databases
10649 * (T202550) Unbreak SpecialListusersHeaderForm and SpecialListusersHeader
10652 == MediaWiki 1.31.0 ==
10654 === Changes since MediaWiki 1.31.0-rc.2 ===
10655 * (T195783) Initialize PSR-4 namespaces at same stage as normal autoloader.
10656 * (T196092) Hide MySQL binary/utf-8 charset option in the installer.
10657 * (T196185) Don't allow setting $wgDBmysql5 in the installer.
10658 * (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported.
10659 * (T182366) UploadBase::checkXMLEncodingMissmatch() now works on PHP 7.1+
10660 * (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete
10662 * (T196672) The mtime of extension.json files is now able to be zero
10663 * (T180403) Validate $length in padleft/padright parser functions.
10664 * (T143790) Make $wgEmailConfirmToEdit only affect edit actions.
10666 === Changes since MediaWiki 1.31.0-rc.0 ===
10667 * (T33223) Drop archive.ar_text and ar_flags.
10668 * Add default edit rate limit of 90 edits/minute for all users.
10669 * (T187645) Use codepoint as tiebreaker when getting first-letters in
10671 * (T191947) Don't shell during the installer if shelling out is disabled.
10672 * (T194319) Improve duplicate config setting exception as part of extension
10674 * (T195211) Don't require trailing slash in PSR-4 autoloader directory.
10675 * (T186565) Fix PHP Notice from `ob_end_flush()` in `FileRepo::streamFile()`.
10676 * Do not incorrectly hide namespace input field in the installer.
10677 * (T186456) Refactor checks looking for PEAR maik libraries to be clearer.
10679 === Important pre-upgrade notes for 1.31 ===
10680 * If you're using MySQL, SQLite, or MSSQL, are not using update.php to apply
10681 schema changes, and cannot have downtime to run migrateArchiveText.php and
10682 apply patch-drop-ar_text.sql manually, you'll have to apply a default value
10683 to the ar_text and ar_flags columns of the archive table or make those
10684 columns nullable before upgrading to MediaWiki 1.31.
10685 maintenance/archives/patch-nullable-ar_text.sql shows how to do this for
10688 === Configuration changes in 1.31 ===
10689 * $wgEnableAPI and $wgEnableWriteAPI are now deprecated and will be removed in
10690 a future version. The API is now considered to be stable, secure and
10692 * $wgUsejQueryThree was removed, as it is now the default. This was documented
10693 as a temporary variable during the migration period, deprecated since 1.29.
10694 * $wgLogoHD has been updated to support svg images and uses $wgLogo where
10695 possible for fallback images such as png.
10696 * (T44246) $wgFilterLogTypes will no longer ignore 'patrol' when user does not
10697 have the right to mark things patrolled.
10698 * Wikis that contain imported revisions or CentralAuth global blocks should run
10699 maintenance/cleanupUsersWithNoId.php.
10700 * The configuration settings $wgResourceLoaderMinifierStatementsOnOwnLine and
10701 $wgResourceLoaderMinifierMaxLineLength, deprecated since 1.27, were removed.
10702 * (T180921) $wgReferrerPolicy now supports having fallbacks for browsers that
10703 are not using the latest version of the Referrer Policy specification.
10704 * $wgFragmentMode is now set to [ 'legacy', 'html5' ] by default. This is a
10705 first step of migration to human-readable section IDs that will later result
10706 in 'html5' being the default mode.
10707 * CACHE_ACCEL now only supports APC(u) or WinCache. XCache support was removed
10708 as upstream is inactive and has no plans to move to PHP 7.
10709 * The old CategorizedRecentChanges feature, including its related configuration
10710 option $wgAllowCategorizedRecentChanges, has been removed.
10711 * (T188472) The 'comma' value for $wgArticleCountMethod is no longer supported
10712 for performance reasons, and installations with this setting will now work as
10713 if it was configured with 'any'.
10714 * (T185753) MediaWiki now defaults to using RemexHtml to tidy up user input,
10715 rather than being off by default. If you wish to disable HTML tidying
10716 entirely, set $wgTidyConfig to null; if you wish to use the old, deprecated
10717 Tidy external binary, both set $wgTidyConfig to null and $wgUseTidy to true.
10718 * $wgLogAutopatrol now defaults to false instead of true.
10719 * $wgValidateAllHtml was removed and will be ignored.
10720 * $wgScriptExtension, deprecated and ignored since 1.25, was removed. See the
10721 1.25 release notes for more information.
10722 * $wgUseAjax is now marked as deprecated, just like the deprecated AJAX
10723 framework that it enables. Some extensions mistakenly used this to check
10724 whether any AJAX functionality at all should be enabled, further making this
10725 problematic to retain.
10726 * $wgDBmysql5 is now deprecated, and will be removed in a future version. It
10727 has been marked as experimental ever since it was introduced.
10729 === New features in 1.31 ===
10730 * (T76554) User sub-pages named ….json are now protected in the same way that
10731 ….js and ….css pages are, so that configuration options can safely be placed
10733 * Wikimedia\Rdbms\IDatabase->select() and similar methods now support joins
10734 with parentheses for grouping.
10735 * As a first pass in standardizing dialog boxes across the MediaWiki product,
10736 Html class now provides helper methods for messageBox, successBox, errorBox
10737 and warningBox generation.
10738 * (T9240) Imports will now record unknown (and, optionally, known) usernames in
10739 a format like "iw>Example".
10740 * (T20209) Linker (used on history pages, log pages, and so on) will display
10741 usernames formed like "iw>Example" as interwiki links, as if by wikitext like
10742 [[iw:User:Example|iw>Example]].
10743 * (T111605) The 'ImportHandleUnknownUser' hook allows extensions to auto-create
10744 users during an import.
10745 * Added a hook, ParserOutputPostCacheTransform, to allow extensions to affect
10746 the ParserOutput::getText() post-cache transformations.
10747 * Added a hook, UploadForm:getInitialPageText, to allow extensions to alter the
10748 initial page text for file uploads.
10749 * (T181651) The info page for File pages now displays the file's base-16 SHA1
10750 hash value in the table of basic information.
10751 * Style tags with a 'data-mw-deduplicate' attribute will be deduplicated as a
10752 ParserOutput::getText() post-cache transformation. This may be disabled by
10753 passing 'deduplicateStyles' => false to that method.
10754 * The identity of the logged-in or IP "actor" for logged actions is being moved
10755 into a new actor table, with the rows in tables such as revision and logging
10756 referring to the actor ID instead of storing the user ID and name/IP in
10758 * This is currently gated by $wgActorTableSchemaMigrationStage. Most wikis
10759 can set this to MIGRATION_NEW and run maintenance/migrateActors.php as
10760 soon as any necessary extensions are updated.
10761 * Most code accessing rows for logged actions from the database should use
10762 the relevant getQueryInfo() methods to get the information needed to build
10763 the SQL query. The ActorMigration class may also be used to get feature
10764 -flagged information needed to access actor-related fields during the
10766 * Added Wikimedia\Rdbms\IDatabase::cancelAtomic(), to roll back an atomic
10767 section without having to roll back the whole transaction.
10768 * Wikimedia\Rdbms\IDatabase::doAtomicSection(), non-native ::insertSelect(),
10769 and non-MySQL ::replace() and ::upsert() no longer roll back the whole
10770 transaction on failure.
10771 * (T189785) Added a monthly heartbeat ping to the pingback feature.
10772 * The CLI installer (maintenance/install.php) learned to detect and include
10773 extensions. Pass --with-extensions to enable that feature.
10774 * (T184791) rc_patrolled now has three states: "0" for unpatrolled,
10775 "1" for manually patrolled and "2" for autopatrolled actions.
10776 * Extensions can now set their type to "editor" if they provide an editor or
10777 enhance the editing experience.
10778 * Extensions can use a PSR-4 autoloader by setting an "AutoloadNamespaces"
10779 property in extension.json. See the documentation at
10780 <https://mediawiki.org/wiki/Manual:Extension.json/Schema#AutoloadNamespaces>
10781 for more details and an example.
10782 * (T19099) Tabs which link to pages that don't exist (like those to uncreated
10783 discussion pages) now have a tooltip to indicate state, not just colour.
10785 === External library changes in 1.31 ===
10786 * pear/mail, pear/mail_mime and pear/mail_mime-decode have been moved from
10787 suggested to required. These packages now must be installed via composer
10788 and not via PEAR itself.
10790 ==== Upgraded external libraries ====
10791 * Updated jquery.chosen from v0.9.14 to v1.8.2.
10792 * Updated composer/spdx-licenses from 1.1.4 to 1.3.0 (development dependency).
10793 * Updated nikic/php-parser from 2.1.0 to 3.1.3 (development dependency).
10794 * Updated wikimedia/ip-set from 1.1.0 to 1.2.0.
10795 * Updated wikimedia/relpath from 2.0.0 to 2.1.1.
10796 * Updated wikimedia/running-stat from 1.1.0 to 1.2.0.
10797 * Updated wikimedia/wrappedstring from 2.2.0 to 2.3.0.
10798 * Updated mediawiki/at-ease from 1.1.0 to 1.2.0.
10799 * Updated wikimedia/php-session-serializer from 1.0.4 to 1.0.6.
10800 * Updated wikimedia/remex-html from 1.0.2 to 1.0.3.
10801 * Updated wikimedia/html-formatter from 1.0.1 to 1.0.2.
10803 ==== New external libraries ====
10804 * Added wikimedia/object-factory 1.0.0
10806 ==== Removed and replaced external libraries ====
10807 * (T17845) The deprecated 'jquery.badge' module was removed.
10808 * The deprecated 'jquery.autoEllipsis' module was removed. Use the CSS
10809 text-overflow property instead.
10810 * The deprecated 'jquery.placeholder' module was removed.
10811 * The deprecated 'jquery.appear' module was removed. Use the
10812 'mediawiki.viewport' module instead.
10813 * mediawiki/at-ease was replaced with wikimedia/at-ease.
10815 === Bug fixes in 1.31 ===
10816 * (T90902) Non-breaking space in header ID breaks anchor.
10817 * (T189375) CSSMin now allows quoted urls in `url()` syntax to start with a
10819 * (T2087, T10897, T87753, T174639) Whitespace created by category and language
10820 links is now stripped rather than leaving blank lines in odd places.
10821 * (T3780) Uploads with UTF-8 names now work on PHP7.1+ on Windows servers.
10822 * (T182366) UploadBase::checkXMLEncodingMissmatch() now works on PHP 7.1+
10824 === Action API changes in 1.31 ===
10825 * (T185058) The 'name' value to tgprop for action=query&list=tags has been
10826 removed. It has never made a difference in the output, the name was always
10827 returned regardless.
10828 * The 'watch' and 'unwatch' parameters for action=move have been removed. They
10829 were deprecated and also accidentally nonfunctional since 1.17 in 2010. Use
10830 'watchlist' instead.
10832 === Action API internal changes in 1.31 ===
10833 * ApiBase::getProfileDBTime, deprecated since 1.25, was removed.
10834 * ApiBase::getModuleProfileName, deprecated since 1.25, was removed.
10835 * ApiBase::getProfileTime, deprecated since 1.25, was removed.
10837 === Languages updated in 1.31 ===
10838 MediaWiki supports over 350 languages. Many localisations are updated
10839 regularly. Below only new and removed languages are listed, as well as
10840 changes to languages because of Phabricator reports.
10842 * (T180052) Mirandese (mwl) now supports gendered NS_USER/NS_USER_TALK.
10843 * (T182305) New language support: Nyungar (nys).
10844 * (T186359) New language support: Siberian Tatar [себертатар] (sty).
10845 * (T186635) New language support: Guianan Creole (gcr).
10846 * (T186647) New language support: Kumyk [къумукъ] (kum).
10847 * (T187750) New language support: Spanish formal address (es-formal).
10848 * (T187824) New language support: Hungarian formal address (hu-formal).
10849 * (T189127) New language support: Gorontalo (gor).
10851 === Breaking changes in 1.31 ===
10852 * MessageBlobStore::insertMessageBlob(), deprecated in 1.27, was removed.
10853 * The OutputPage class constructor now requires a context parameter.
10854 Instantiating without context was deprecated in 1.18.
10855 * The mw.page JavaScript singleton, deprecated in 1.30, was removed.
10856 * Article::getLastPurgeTimestamp(), WikiPage::getLastPurgeTimestamp(), and the
10857 related WikiPage::PURGE_* constants, deprecated in 1.29, were removed.
10858 * The Article::selectFields(), ::onArticleCreate(), ::onArticleDelete(), and
10859 ::onArticleEdit() methods, deprecated in 1.24, were removed.
10860 * Installer::locateExecutable() and ::locateExecutableInDefaultPaths() were
10861 removed. Use ExecutableFinder::findInDefaultPaths() instead.
10862 * The deprecated MW_DIFF_VERSION constant was removed.
10863 DifferenceEngine::MW_DIFF_VERSION should be used instead.
10864 * Due to significant refactoring, method ContribsPager::getUserCond() that had
10865 no access restriction has been removed.
10866 * The Block class will no longer accept usable-but-missing usernames for
10867 'byText' or ->setBlocker(). Callers should either ensure the blocker exists
10868 locally or use a new interwiki-format username like "iw>Example".
10869 * The following methods and constants from the WatchedItem class, which were
10870 deprecated in 1.27, have been removed:
10871 * WatchedItem::getTitle()
10872 * WatchedItem::fromUserTitle()
10873 * WatchedItem::addWatch()
10874 * WatchedItem::removeWatch()
10875 * WatchedItem::isWatched()
10876 * WatchedItem::duplicateEntries()
10877 * WatchedItem::IGNORE_USER_RIGHTS
10878 * WatchedItem::CHECK_USER_RIGHTS
10879 * WatchedItem::DEPRECATED_USAGE_TIMESTAMP
10880 * The $statementsOnOwnLine parameter of JavaScriptMinifier::minify was removed.
10881 $wgResourceLoaderMinifierStatementsOnOwnLine, the corresponding configuration
10882 variable, has been deprecated since 1.27 and was removed as well.
10883 * The $maxLineLength parameter of JavaScriptMinifier::minify was removed.
10884 $wgResourceLoaderMinifierMaxLineLength, the corresponding configuration
10885 variable, has been deprecated since 1.27 and was removed as well.
10886 * The HtmlFormatter class, deprecated in 1.27, was removed. The namespaced
10887 HtmlFormatter\HtmlFormatter class should be used instead.
10888 * The driver 'mysql' for MySQL, deprecated in MediaWiki 1.30, has been removed.
10889 The driver has been deprecated since PHP 5.5 and was removed in PHP 7.0. The
10890 default driver for MySQL has been 'mysqli' since MediaWiki 1.22.
10891 * The following properties of PreparedEdit were deprecated in 1.21 and have
10893 * PreparedEdit->newText
10894 * PreparedEdit->oldText
10895 * PreparedEdit->pst
10896 * ParserOutput objects which are generated using a non-default value for
10897 ParserOptions::setWrapOutputClass() can no longer be added to the parser
10899 * The following deprecated methods from the OutputPage class have been removed:
10900 * OutputPage::addExtensionStyle(); deprecated in 1.27
10901 * OutputPage::getExtStyle(); deprecated in 1.27
10902 * OutputPage::setETag(); deprecated in 1.28 (obsolete no-op)
10903 * OutputPage::setSquidMaxage(); deprecated in 1.27
10904 * OutputPage::readOnlyPage(); deprecated in 1.25
10905 * OutputPage::rateLimited(); deprecated in 1.25
10906 * Additionally, the protected OutputPage::$mExtStyles array, only accessed
10907 through the above and with no known uses, was removed.
10908 * The no-op method Skin::showIPinHeader(), deprecated in 1.27, was removed.
10909 * The following variables and methods in EditPage, deprecated in MediaWiki 1.30,
10911 * $isCssJsSubpage — use ::isUserConfigPage()
10912 * $isCssSubpage — use ::isUserCssConfigPage()
10913 * $isJsSubpage — use ::isUserJsConfigPage()
10914 * $isWrongCaseCssJsPage – use ::isWrongCaseUserConfigPage()
10915 * ::getSummaryInput() – use ::getSummaryInputWidget()
10916 * ::getSummaryInputOOUI() – use ::getSummaryInputWidget()
10917 * ::getCheckboxes() – use ::getCheckboxesWidget() or
10918 ::getCheckboxesDefinition()
10919 * ::getCheckboxesOOUI() – use ::getCheckboxesWidget() or
10920 ::getCheckboxesDefinition()
10921 * ResourceLoaderModule::getPosition(), deprecated in 1.29, has been removed.
10922 * In User, the cookie-related methods which were wrappers for the functions on
10923 the response object, and were deprecated in 1.27, have been removed:
10926 * ::setExtendedLoginCookie()
10927 Note that User::setCookies() remains, and is not deprecated.
10928 * Also in User, some auth-related methods which were deprecated in 1.27 have
10930 * ::getEditTokenTimestamp() – use MediaWiki\Session\Token::getTimestamp()
10931 * ::getPasswordFactory() – create a PasswordFactory directly
10932 * ::passwordChangeInputAttribs()
10933 * The global functions wfProfileIn and wfProfileOut, deprecated in 1.25, have
10935 * SpecialPageFactory::getList(), deprecated in 1.24, has been removed. You can
10936 use ::getNames() instead.
10937 * OpenSearch::getOpenSearchTemplate(), deprecated in 1.25, has been removed. You
10938 can use ApiOpenSearch::getOpenSearchTemplate() instead.
10939 * The global function wfBaseConvert, deprecated in 1.27, has been removed. Use
10940 Wikimedia\base_convert() directly.
10941 * Calling Database::begin() explicitly during an implicit transaction or when
10942 DBO_TRX is set results in an exception. Calling Database::commit() explicitly
10943 for an implicit transaction also results in an exception. Previously these
10944 were logged as errors. The startAtomic() and endAtomic() methods, or
10945 AtomicSectionUpdate should be used instead.
10946 * The global function wfOutputHandler() was removed, use the its replacement
10947 MediaWiki\OutputHandler::handle() instead. The global function was only
10948 sometimes defined. Its replacement is always available via the autoloader.
10949 * ChangeTags::listExtensionActivatedTags and ::listExtensionDefinedTags,
10950 deprecated in 1.28, have been removed. Use ::listSoftwareActivatedTags() and
10951 ::listSoftwareDefinedTags() instead.
10952 * Title::getTitleInvalidRegex(), deprecated in 1.25, has been removed. You can
10953 use MediaWikiTitleCodec::getTitleInvalidRegex() instead.
10954 * HTMLForm & VFormHTMLForm::isVForm(), deprecated in 1.25, have been removed.
10955 * The ProfileSection class, deprecated in 1.25 and unused, has been removed.
10956 * The ResourceLoaderGetLessVars hook, deprecated in 1.30, has been removed. Use
10957 ResourceLoaderModule::getLessVars() to expose local variables instead of
10959 * As part of work to modernise user-generated content clean-up, a config option
10960 and some methods related to HTML validity were removed without deprecation.
10961 The public methods MWTidy::checkErrors() and the path through which it was
10962 called, TidyDriverBase::validate(), are removed, as are the testing methods
10963 MediaWikiTestCase::assertValidHtmlSnippet() and ::assertValidHtmlDocument().
10964 The $wgValidateAllHtml configuration option is removed and will be ignored.
10965 * Execution of external programs using MediaWiki\Shell\Command now applies
10966 the RESTRICT_DEFAULT Firejail restriction by default.
10967 * The ResourceLoaderModule::getHashMtime() and ::getDefinitionMtime() methods,
10968 deprecated in 1.26, were removed.
10969 * The deprecated 'mediawiki.widgets.CategorySelector' module alias was removed.
10970 Use the 'mediawiki.widgets.CategoryMultiselectWidget' module directly.
10972 === Deprecations in 1.31 ===
10973 * The Revision class was deprecated in favor of RevisionStore, BlobStore, and
10974 RevisionRecord and its subclasses.
10975 * The global function wfBCP47 is deprecated in favour of LanguageCode::bcp47.
10976 * The global function wfCountDown is now deprecated in favor of
10977 Maintenance::countDown.
10978 * Several methods for returning lists of fields to select from the database
10979 have been deprecated in favor of similar methods that also return the tables
10980 to select from and the join conditions for those tables.
10981 * Block::selectFields() → Block::getQueryInfo()
10982 * RecentChange::selectFields() → RecentChange::getQueryInfo()
10983 * ArchivedFile::selectFields() → ArchivedFile::getQueryInfo()
10984 * LocalFile::selectFields() → LocalFile::getQueryInfo()
10985 * LocalFile::getCacheFields() with a prefix no longer works
10986 * LocalFile::getLazyCacheFields() with a prefix no longer works
10987 * OldLocalFile::selectFields() → OldLocalFile::getQueryInfo()
10988 * RecentChange::selectFields() → RecentChange::getQueryInfo()
10989 * Revision::userJoinCond() → Revision::getQueryInfo( [ 'user' ] )
10990 * Revision::selectUserFields() → Revision::getQueryInfo( [ 'user' ] )
10991 * Revision::pageJoinCond() → Revision::getQueryInfo( [ 'page' ] )
10992 * Revision::selectPageFields() → Revision::getQueryInfo( [ 'page' ] )
10993 * Revision::selectTextFields() → Revision::getQueryInfo( [ 'text' ] )
10994 * Revision::selectFields() → Revision::getQueryInfo()
10995 * Revision::selectArchiveFields() → Revision::getArchiveQueryInfo()
10996 * User::selectFields() → User::getQueryInfo()
10997 * WikiPage::selectFields() → WikiPage::getQueryInfo()
10998 * Revision::setUserIdAndName() was deprecated.
10999 * Access to TitleValue class properties was deprecated, the relevant getters
11000 should be used instead.
11001 * DifferenceEngine::getDiffBodyCacheKey() is deprecated. Subclasses should
11002 override DifferenceEngine::getDiffBodyCacheKeyParams() instead.
11003 * Use of Maintenance::error( $err, $die ) to exit script was deprecated. Use
11004 Maintenance::fatalError() instead.
11005 * Passing a ParserOptions object to OutputPage::parserOptions() is deprecated.
11006 * The RevisionInsertComplete hook is now deprecated; use instead the hook
11007 RevisionRecordInserted. RevisionInsertComplete is still called, but the second
11008 and third parameter will always be null. Hard deprecation is scheduled for
11010 * The following methods that get and set ParserOutput state are deprecated.
11011 Callers should use the new stateless $options parameter to
11012 ParserOutput::getText() instead.
11013 * ParserOptions::getEditSection()
11014 * ParserOptions::setEditSection()
11015 * ParserOutput::getEditSectionTokens()
11016 * ParserOutput::setEditSectionTokens()
11017 * ParserOutput::getTOCEnabled()
11018 * ParserOutput::setTOCEnabled()
11019 * OutputPage::enableSectionEditLinks()
11020 * OutputPage::sectionEditLinksEnabled()
11021 * The public ParserOutput state fields $mTOCEnabled and $mEditSectionTokens
11022 are also deprecated.
11023 * License::getLicenses has been deprecated; use License::getLines instead.
11024 * QuickTemplate::setRef() was deprecated in favour of QuickTemplate::set().
11025 Setting template variables by reference allowed violating the principle of
11026 data being immutable once added to the skin template. In practice, this method
11027 was not being used for that. Rather, setRef() existed as memory optimisation
11029 * QuickTemplate::setTranslator() and MediaWikiI18N::set() were deprecated in
11030 favour of Skin::msg() parameters.
11031 * MediaWikiI18N::translate() was deprecated in favour of Skin::msg() or
11033 * Passing false to ParserOptions::setWrapOutputClass() is deprecated. Use the
11034 'unwrap' transform to ParserOutput::getText() instead.
11035 * \ObjectFactory (no namespace) is deprecated, the namespaced class
11036 \Wikimedia\ObjectFactory from the wikimedia/object-factory library should be
11038 * CommentStore::newKey is deprecated. Instead, get an instance from
11040 * The following CommentStore methods have had their signatures changed to
11041 introduce a $key parameter, usage of the methods on instances retrieved from
11042 CommentStore::newKey will remain unchanged but deprecated:
11043 * CommentStore::getFields
11044 * CommentStore::getJoin
11045 * CommentStore::getComment
11046 * CommentStore::getCommentLegacy
11047 * CommentStore::insert
11048 * CommentStore::insertWithTemplate
11049 * The following methods in Title have been renamed, and the old ones are
11051 * Title::getSkinFromCssJsSubpage – use ::getSkinFromConfigSubpage
11052 * Title::isCssOrJsPage – use ::isSiteConfigPage
11053 * Title::isCssJsSubpage – use ::isUserConfigPage
11054 * Title::isCssSubpage – use ::isUserCssConfigPage
11055 * Title::isJsSubpage – use ::isUserJsConfigPage
11056 * The following methods related to caching of half-parsed HTML were deprecated:
11057 * Parser::serializeHalfParsedText()
11058 * Parser::unserializeHalfParsedText()
11059 * Parser::isValidHalfParsedText()
11060 * StripState::getSubState()
11061 * StripState::merge()
11062 * The DeferredStringifier class is deprecated, use Message::listParam() instead.
11063 * The type string for the parameter $lang of DateFormatter::getInstance is
11065 * Wikimedia\Rdbms\SavepointPostgres is deprecated.
11066 * The DO_MAINTENANCE constant is deprecated. RUN_MAINTENANCE_IF_MAIN should be
11068 * The function wfShellWikiCmd() has been deprecated, use
11069 MediaWiki\Shell::makeScriptCommand().
11070 * In the future, the hooks 'PreferencesFormPreSave' and 'PreferencesGetLegend'
11071 will be allowed to provide any HTMLForm object rather than PreferencesForm.
11073 === Other changes in 1.31 ===
11074 * Browser support for Internet Explorer 10 was lowered from Grade A to Grade C.
11075 * Browser support for Opera 12 and older was dropped entirely. Opera 15+
11076 continues at Grade A.
11077 * Multi-content-revision capability was introduced into the storage layer. See
11078 <https://mediawiki.org/wiki/Requests_for_comment/Multi-Content_Revisions>.
11079 * The "free" CSS class is now only applied to unbracketed URLs in wikitext.
11080 Links written using square brackets will get the class "text" not "free".
11081 * RFC 157418: Whitespace is trimmed from wikitext headings, wikitext list items,
11082 wikitext table captions, wikitext table headings, wikitext table cells. HTML
11083 headings, HTML list items, HTML table captions, HTML table headings, HTML
11084 table cells will not have this trimming behavior.
11086 == Compatibility ==
11087 MediaWiki 1.31 requires PHP 7.0.0 or later. Although HHVM 3.18.5 or later is
11088 supported, it is generally advised to use PHP 7.0.0 or later for long term
11091 MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used,
11092 but support for them is somewhat less mature. There is experimental support for
11093 Oracle and Microsoft SQL Server.
11095 The supported versions are:
11097 * MySQL 5.5.8 or later
11098 * PostgreSQL 9.2 or later
11099 * SQLite 3.3.7 or later
11100 * Oracle 9.0.1 or later
11101 * Microsoft SQL Server 2005 (9.00.1399)
11104 1.31 has several database changes since 1.30, and will not work without schema
11105 updates. Note that due to changes to some very large tables like the revision
11106 table, the schema update may take quite long (minutes on a medium sized site,
11107 many hours on a large site).
11109 Don't forget to always back up your database before upgrading!
11111 See the file UPGRADE for more detailed upgrade instructions, including
11112 important information when upgrading from versions prior to 1.11.
11114 For notes on 1.30.x and older releases, see HISTORY.
11116 == Online documentation ==
11117 Documentation for both end-users and site administrators is available on
11118 MediaWiki.org, and is covered under the GNU Free Documentation License (except
11119 for pages that explicitly state that their contents are in the public domain):
11121 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
11124 A mailing list is available for MediaWiki user support and discussion:
11126 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
11128 A low-traffic announcements-only list is also available:
11130 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
11132 It's highly recommended that you sign up for one of these lists if you're
11133 going to run a public MediaWiki, so you can be notified of security fixes.
11136 There's usually someone online in #mediawiki on irc.freenode.net.
11141 == MediaWiki 1.30.2 ==
11143 This is a security and maintenance release of the MediaWiki 1.30 branch.
11145 === Changes since MediaWiki 1.30.1 ===
11146 * (T204729) WatchedItemStore::countVisitingWatchersMultiple() shouldn't query
11147 all titles when asked for none.
11148 * (T109121) Remove deprecated pear/mail_mime-decode from composer suggested
11150 * (T207540) Include IP address in "Login for $1 succeeded" log entry.
11151 * (T205765) Don't link to the obsolete "Extension Matrix" page in installer.
11152 * (T207603) SECURITY: User JS may no longer be loaded with mime type
11153 text/javascript if there is no account associated with the username.
11154 * (T113042) SECURITY: Do not allow loading pages raw with a text/javascript MIME
11155 type if non-admins can edit the page.
11156 * (T207541) Pass email address to mail().
11157 * Fix addition of ug_expiry column to user_groups table on MSSQL.
11158 * (T204531) rdbms: reduce LoadBalancer replication log spam.
11159 * (T213489) Avoid session double-start in Setup.php.
11160 * (T195525) Fix db error outage page.
11161 * (T208871) The hard-coded Google search form on the database error page was
11163 * (T216968) Return pageid as int in both list=iwbacklinks and
11164 list=langbacklinks.
11165 * (T218608) SECURITY: Fix an issue that prevents Extension:OAuth working when
11166 $wgBlockDisablesLogin is true.
11167 * (T25227) SECURITY: action=logout now requires to be posted and have a csrf
11169 * (T222385) resourceloader: Use AND instead of OR for upsert conds in
11170 saveFileDependencies().
11171 * (T224374) Fix message parameters so that the message that says SQLite is out
11172 of date makes sense.
11173 * SpecialPage::checkLoginSecurityLevel() will now preserve POST data when
11175 * FormSpecialPage::execute() will now call checkLoginSecurityLevel() if
11176 getLoginSecurityLevel() returns non-false.
11177 * (T197279) SECURITY: Fix reauth in Special:ChangeEmail.
11178 * (T208881) SECURITY: blacklist CSS var().
11179 * (T209794) SECURITY: rate-limit and prevent blocked users from changing email.
11180 * (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
11181 * (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
11182 * (T222036, T222038) SECURITY: Add permission check for user is permitted to
11184 * (T221739) SECURITY: resources: Patch jQuery 1.11.3 for CVE-2019-11358.
11186 == MediaWiki 1.30.1 ==
11188 This is a security and maintenance release of the MediaWiki 1.30 branch.
11190 === Changes since MediaWiki 1.30.0 ===
11191 * (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides
11193 * (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's
11195 * (T87572) Make FormatMetadata::flattenArrayReal() work for an associative
11197 * Updated composer/spdx-licenses from 1.1.4 to 1.3.0 (development dependency).
11198 * (T189567) the CLI installer (maintenance/install.php) learned to detect and
11199 include extensions. Pass --with-extensions to enable that feature.
11200 * (T190503) Let built-in web server (maintenance/dev) handle .php requests.
11201 * (T167507) selenium: Run Chrome headlessly.
11202 * selenium: Pass -no-sandbox to Chrome under Docker.
11203 * (T179190) selenium: Move logic for running tests from package.json to
11205 * (T192584) Stop incorrectly passing USE INDEX to RecentChange::newFromConds().
11206 * Add default edit rate limit of 90 edits/minute for all users.
11207 * (T186565) Fix PHP Notice from `ob_end_flush()` in `FileRepo::streamFile()`.
11208 * oojs/oojs-ui updated to remove an unnecessary dependancy.
11209 * (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported.
11210 * (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete
11212 * (T196672) The mtime of extension.json files is now able to be zero
11213 * (T180403) Validate $length in padleft/padright parser functions.
11214 * (T143790) Make $wgEmailConfirmToEdit only affect edit actions.
11215 * (T193995) Fix undefined patchPath() method call in parser tests.
11216 * Special:BotPasswords now requires reauthentication.
11217 * (T191608, T187638) Add 'logid' parameter to Special:Log.
11218 * (T193829) Indicate when a Bot Password needs reset.
11219 * (T151415) Log email changes.
11220 * (T200861) Fix total breakage of SQLite web upgrade.
11221 * (T202550) Unbreak SpecialListusersHeaderForm and SpecialListusersHeader
11223 * (T190539) Explicitly require Postgres 9.1.
11224 * (T118420) Unbreak Oracle installer.
11226 == MediaWiki 1.30.0 ==
11228 === Changes since MediaWiki 1.30.0-rc.0 ===
11229 * Upgraded Moment.js from v2.15.0 to v2.19.3.
11230 * Add ip_changes to postgres/tables.sql.
11231 * Skip null shell parameters.
11232 * Add wfWaitForSlaves() to maintenance/migrateComments.php.
11233 * (T182245) Fix join conditions in ImageListPager.
11234 * (T178626) Revert #contentSub and #jump-to-nav margin changes.
11236 === MySQL version requirement in 1.30 ===
11237 As of 1.30, MediaWiki now requires MySQL 5.5.8 or higher (see Compatibility
11240 === Configuration changes in 1.30 ===
11241 * The "C.UTF-8" locale should be used for $wgShellLocale, if available, to avoid
11242 unexpected behavior when code uses locale-sensitive string comparisons. For
11243 example, the Scribunto extension considers "bar" < "Foo" in most locales
11244 since it ignores case.
11245 * $wgShellLocale now affects LC_ALL rather than only LC_CTYPE. See
11246 documentation of $wgShellLocale for details.
11247 * $wgShellLocale is now applied for all requests. wfInitShellLocale() is
11248 deprecated and a no-op, as it is no longer needed.
11249 * $wgJobClasses may now specify callback functions as an alternative to plain
11250 class names. This is intended for extensions that want control over the
11251 instantiation of their jobs, to allow for proper dependency injection.
11252 * $wgResourceModules may now specify callback functions as an alternative
11253 to plain class names, using the 'factory' key in the module description
11254 array. This allows dependency injection to be used for ResourceLoader modules.
11255 * $wgExceptionHooks has been removed.
11256 * (T163562) $wgRangeContributionsCIDRLimit was introduced to control the size
11257 of IP ranges that can be queried at Special:Contributions.
11258 * (T45547) $wgUsePigLatinVariant added (off by default).
11259 * (T152540) MediaWiki now supports a section ID escaping style that allows to
11260 display non-Latin characters verbatim on many modern browsers. This is
11261 controlled by the new configuration setting, $wgFragmentMode.
11262 * $wgExperimentalHtmlIds is now deprecated and will be removed in a future
11263 version, use $wgFragmentMode to migrate off it to a modern alternative.
11264 * $wgExternalInterwikiFragmentMode was introduced to control how fragments in
11265 sinterwikis going outside of current wiki farm are encoded.
11266 * (T120333) Soft-deprecated the use of PHP extension 'mysql' in favor of
11267 'mysqli'. This PHP extension was deprecated in PHP 5.5 and removed in PHP 7.0.
11268 MediaWiki auto-selects the 'mysqli' driver since MediaWiki 1.22, except if
11269 explicitly requested through the configuration parameter $wgDBservers.
11270 * $wgOOUIEditPage was removed, as it is now the default. This was documented as
11271 a temporary variable during the migration period.
11273 === New features in 1.30 ===
11274 * (T37247) Output from Parser::parse() will now be wrapped in a div with
11275 class="mw-parser-output" by default. This may be changed or disabled using
11276 ParserOptions::setWrapOutputClass().
11277 * (T163562) Added ability to search for contributions within an IP ranges
11278 at Special:Contributions.
11279 * Added 'ChangeTagsAllowedAdd' hook, enabling extensions to allow software-
11280 specific tags to be added by users.
11281 * Added a 'ParserOptionsRegister' hook to allow extensions to register
11282 additional parser options.
11283 * (T45547) Included Pig Latin, a language game in English, as a
11284 LanguageConverter variant. This allows English-speaking developers
11285 to develop and test LanguageConverter more easily. Pig Latin can be
11286 enabled by setting $wgUsePigLatinVariant to true.
11287 * Added RecentChangesPurgeRows hook to allow extensions to purge data that
11288 depends on the recentchanges table.
11289 * Added JS config values wgDiffOldId/wgDiffNewId to the output of diff pages.
11290 * (T2424) Added direct unwatch links to entries in Special:Watchlist (if the
11291 'watchlistunwatchlinks' preference option is enabled). With JavaScript
11292 enabled, these links toggle so the user can also re-watch pages that have
11293 just been unwatched.
11294 * Added $wgParserTestMediaHandlers, where mock media handlers can be passed to
11295 MediaHandlerFactory for parser tests.
11296 * Edit summaries, block reasons, and other "comments" are now stored in a
11297 separate database table. Use the CommentFormatter class to access them.
11298 ** This is currently gated by $wgCommentTableSchemaMigrationStage. Most wikis
11299 can set this to MIGRATION_NEW and run maintenance/migrateComments.php as
11300 soon as any necessary extensions are updated.
11301 * (T138166) Added ability for users to prohibit other users from sending them
11302 emails with Special:Emailuser. Can be enabled by setting
11303 $wgEnableUserEmailBlacklist to true.
11304 * (T67297) $wgBrowserBlacklist is deprecated, and changing it will have no
11305 effect. Instead, users using browsers that do not support Unicode will be
11306 unable to edit and should upgrade to a modern browser instead.
11308 === External library changes in 1.30 ===
11310 ==== Upgraded external libraries ====
11311 * Updated justinrainbow/json-schema from v3.0 to v5.2.
11312 * Updated mediawiki/mediawiki-codesniffer from v0.7.2 to v0.12.0.
11313 * Updated wikimedia/composer-merge-plugin from v1.4.0 to v1.4.1.
11314 * Updated wikimedia/relpath from v1.0.3 to v2.0.0.
11315 * Updated OOjs from v2.0.0 to v2.1.0.
11316 * Updated OOUI from v0.21.1 to v0.23.0.
11317 * Updated QUnit from v1.23.1 to v2.4.0.
11318 * Updated phpunit/phpunit from v4.8.35 to v4.8.36.
11319 * Upgraded Moment.js from v2.15.0 to v2.19.3.
11321 ==== New external libraries ====
11322 * The class \TestingAccessWrapper has been moved to the external library
11323 wikimedia/testing-access-wrapper and renamed \Wikimedia\TestingAccessWrapper.
11324 * Purtle, a fast, lightweight RDF generator.
11326 === Bug fixes in 1.30 ===
11327 * (T151633) Ordered list items use now Devanagari digits in Nepalese
11330 === Action API changes in 1.30 ===
11331 * (T37247) action=parse output will be wrapped in a div with
11332 class="mw-parser-output" by default. This may be changed or disabled using
11333 the new 'wrapoutputclass' parameter.
11334 * When errorformat is not 'bc', abort reasons from action=login will be
11335 formatted as specified by the error formatter parameters.
11336 * action=compare can now handle arbitrary text, deleted revisions, and
11337 returning users and edit comments.
11338 * (T164106) The 'rvdifftotext', 'rvdifftotextpst', 'rvdiffto',
11339 'rvexpandtemplates', 'rvgeneratexml', 'rvparse', and 'rvprop=parsetree'
11340 parameters to prop=revisions are deprecated, as are the similarly named
11341 parameters to prop=deletedrevisions, list=allrevisions, and
11342 list=alldeletedrevisions. Use action=compare, action=parse, or
11343 action=expandtemplates instead.
11345 === Action API internal changes in 1.30 ===
11346 * ApiBase::getDescriptionMessage() and the "apihelp-*-description" messages are
11347 deprecated. The existing message should be split between "apihelp-*-summary"
11348 and "apihelp-*-extended-description".
11349 * (T123931) Individual values of multi-valued parameters can now be marked as
11352 === Languages updated in 1.30 ===
11353 MediaWiki supports over 350 languages. Many localisations are updated
11354 regularly. Below only new and removed languages are listed, as well as
11355 changes to languages because of Phabricator reports.
11357 * Added: kbp (Kabɩyɛ / Kabiyè)
11358 * Added: skr (Saraiki, سرائیکی)
11359 * Added: tay (Tayal / Atayal)
11360 * Removed: tokipona (Toki Pona)
11362 ==== Pig Latin added ====
11363 * (T45547) Added Pig Latin, a made-up English variant (en-x-piglatin),
11364 for easier variant development and testing. Disabled by default. It can be
11365 enabled by setting $wgUsePigLatinVariant to true.
11367 === Other changes in 1.30 ===
11368 * The use of an associative array for $wgProxyList, where the IP address is in
11369 the key instead of the value, is deprecated (e.g. [ '127.0.0.1' => 'value' ]).
11370 Please convert these arrays to indexed/sequential ones (e.g. [ '127.0.0.1' ]).
11371 * mw.user.bucket (deprecated in 1.23) was removed.
11372 * LoadBalancer::getServerInfo() and LoadBalancer::setServerInfo() are
11373 deprecated. There are no known callers.
11374 * File::getStreamHeaders() was deprecated.
11375 * MediaHandler::getStreamHeaders() was deprecated.
11376 * Title::canTalk() was deprecated. The new Title::canHaveTalkPage() should be
11378 * MWNamespace::canTalk() was deprecated. The new MWNamespace::hasTalkNamespace()
11379 should be used instead.
11380 * The ExtractThumbParameters hook (deprecated in 1.21) was removed.
11381 * The OutputPage::addParserOutputNoText and ::getHeadLinks methods (both
11382 deprecated in 1.24) were removed.
11383 * wfMemcKey() and wfGlobalCacheKey() were deprecated. BagOStuff::makeKey() and
11384 BagOStuff::makeGlobalKey() should be used instead.
11385 * (T146304) Preprocessor handling of LanguageConverter markup has been improved.
11386 As a result of the new uniform handling, '-{' may need to be escaped
11387 (for example, as '-<nowiki/>{') where it occurs inside template arguments
11389 * (T163966) Page moves are now counted as edits for the purposes of
11390 autopromotion, i.e., they increment the user_editcount field in the database.
11391 * Two new hooks, LogEventsListLineEnding and NewPagesLineEnding, were added for
11392 manipulating Special:Log and Special:NewPages lines.
11393 * The OldChangesListRecentChangesLine, EnhancedChangesListModifyLineData,
11394 PageHistoryLineEnding, ContributionsLineEnding and
11395 DeletedContributionsLineEnding hooks have an additional parameter, for
11396 manipulating HTML data attributes of RC/history lines.
11397 EnhancedChangesListModifyBlockLineData can do that via the
11398 $data['attribs'] subarray.
11399 * (T130632) The OutputPage::enableTOC() method was removed.
11400 * WikiPage::getParserOutput() will now throw an exception if passed
11401 ParserOptions that would pollute the parser cache. Callers should use
11402 WikiPage::makeParserOptions() to create the ParserOptions object and only
11403 change options that affect the parser cache key.
11404 * Article::viewRedirect() is deprecated.
11405 * IP::isValidBlock() was deprecated. Use the equivalent IP::isValidRange().
11406 * DeprecatedGlobal no longer supports passing in a direct value, it requires a
11407 callable factory function or a class name.
11408 * The $parserMemc global, wfGetParserCacheStorage(), and
11409 ParserCache::singleton() are all deprecated. The main ParserCache instance
11410 should be obtained from MediaWikiServices instead. Access to the underlying
11411 BagOStuff is possible through the new ParserCache::getCacheStorage() method.
11412 * .mw-ui-constructive CSS class (deprecated in 1.27) was removed.
11413 * Sanitizer::escapeId() was deprecated, use escapeIdForAttribute(),
11414 escapeIdForLink() or escapeIdForExternalInterwiki() instead.
11415 * Title::escapeFragmentForURL() was deprecated, use one of the aforementioned
11416 Sanitizer functions or, if possible, Title::getFragmentForURL().
11417 * Second parameter to Sanitizer::escapeIdReferenceList() ($options) now does
11418 nothing and is deprecated.
11419 * mw.util.escapeId() was deprecated, use escapeIdForAttribute() or
11421 * MagicWord::replaceMultiple() (deprecated in 1.25) was removed.
11422 * WikiImporter now requires the second parameter to be an instance of the
11423 Config, class. Prior to that, the Config parameter was optional (a behavior
11424 deprecated in 1.25).
11425 * Removed 'jquery.mwExtension' module. (deprecated since 1.26)
11426 * mediawiki.ui: Deprecate greys, which are not part of WikimediaUI color palette
11428 * CdbReader, CdbWriter, CdbException classes (deprecated in 1.25) were removed.
11429 The namespaced classes in the Cdb namespace should be used instead.
11430 * IPSet class (deprecated in 1.26) was removed. The namespaced IPSet\IPSet
11431 should be used instead.
11432 * RunningStat class (deprecated in 1.27) was removed. The namespaced
11433 RunningStat\RunningStat should be used instead.
11434 * MWMemcached and MemCachedClientforWiki classes (deprecated in 1.27) were
11436 The MemcachedClient class should be used instead.
11437 * EditPage underwent some refactoring and deprecations:
11438 * EditPage::isOouiEnabled() is deprecated and will always return true.
11439 * EditPage::getSummaryInput() and ::getSummaryInputOOUI() are deprecated.
11440 Please use ::getSummaryInputWidget() instead.
11441 * EditPage::getCheckboxes() and ::getCheckboxesOOUI() are deprecated. Please
11442 use ::getCheckboxesWidget() instead.
11443 * Creating an EditPage instance without calling EditPage::setContextTitle()
11444 should be avoided and will be deprecated in a future release.
11445 * EditPage::safeUnicodeInput() and ::safeUnicodeOutput() are deprecated and
11447 * EditPage::$isCssJsSubpage, ::$isCssSubpage, and ::$isJsSubpage are
11448 deprecated. The corresponding methods from Title should be used instead.
11449 * EditPage::$isWrongCaseCssJsPage is deprecated. There is no replacement.
11450 * EditPage::$mArticle and ::$mTitle are deprecated for public usage. The
11451 getters ::getArticle() and ::getTitle() should be used instead.
11452 * Trying to control or fake EditPage context by overriding $wgUser,
11453 $wgRequest, $wgOut, and $wgLang is no longer supported and won't work. The
11454 IContextSource returned from EditPage::getContext() must be modified
11456 * Parser::getRandomString() (deprecated in 1.26) was removed.
11457 * Parser::uniqPrefix() (deprecated in 1.26) was removed.
11458 * Parser::extractTagsAndParams() now only accepts three arguments. The fourth,
11459 $uniq_prefix was deprecated in 1.26 and has now been removed.
11460 * (T172514) The following tables have had their UNIQUE indexes turned into
11461 proper PRIMARY KEYs for increased maintainability: categorylinks, imagelinks,
11462 iwlinks, langlinks, log_search, module_deps, objectcache, pagelinks,
11463 query_cache, site_stats, templatelinks, text, transcache, user_former_groups,
11465 * IDatabase::nextSequenceValue() is no longer needed by any database backends
11466 (formerly it was needed by PostgreSQL and Oracle), and is now deprecated.
11467 * (T146591) The lc_lang_key index on the l10n_cache table has been changed into
11469 * (T157227) bot_password.bp_user, change_tag.ct_log_id, change_tag.ct_rev_id,
11470 page_restrictions.pr_user, tag_summary.ts_log_id, tag_summary.ts_rev_id and
11471 user_properties.up_user have all been made unsigned on MySQL.
11472 * DB_SLAVE is deprecated. DB_REPLICA should be used instead.
11473 * wfUsePHP() is deprecated.
11474 * wfFixSessionID() was removed.
11475 * wfShellExec() and related functions are deprecated, use Shell::command(). This
11476 also slightly changes the behavior of how execution time limits are calculated
11477 when only some of defaults are overridden per-call. When in doubt, always
11478 override both wall clock and CPU time.
11479 * (T138166) SpecialEmailUser::getTarget() now requires a second argument, the
11480 sending user object. Using the method without the second argument is
11482 * (T67297) Browsers that don't support Unicode will have their edits rejected.
11483 * (T178450) The module 'jquery.badge' is deprecated and will be removed in a
11484 future release. For notifying the user of an event, the Notifications ("Echo")
11485 system should be used instead.
11486 * (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and
11487 browser sends non-standard url escaping.
11488 * (T165846) SECURITY: BotPassword login attempts weren't throttled.
11492 == MediaWiki 1.29.3 ==
11494 This is a security and maintenance release of the MediaWiki 1.29 branch.
11496 === Changes since 1.29.2 ===
11497 * (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides
11499 * (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's
11501 * (T180551) Fix LanguageSrTest for language converter
11502 * (T180552) Fix language converter parser test with self-close tags
11503 * (T180537) Remove $wgAuth usage from wrapOldPasswords.php
11504 * (T180485) InputBox: Have inputbox langconvert certain attributes
11505 * (T161732, T181547) Upgraded Moment.js from v2.15.0 to v2.19.3.
11506 * (T172927) Drop vendor from MW release branch
11507 * (T87572) Make FormatMetadata::flattenArrayReal() work for an associative array
11508 * Updated composer/spdx-licenses from 1.1.4 to 1.3.0 (development dependency).
11509 * (T189567) the CLI installer (maintenance/install.php) learned to detect and
11510 include extensions. Pass --with-extensions to enable that feature.
11511 * (T182381) Mask deprecated call in WatchedItemUnitTest
11512 * (T190503) Let built-in web server (maintenance/dev) handle .php requests.
11513 * The karma qunit tests would fail on some configuration due to headers already
11514 sent. Check headers_sent() before sending cpPosTime headers
11515 * (T167507) selenium: Run Chrome headlessly.
11516 * selenium: Pass -no-sandbox to Chrome under Docker
11517 * (T191247) Use MediaWiki\SuppressWarnings around trigger_error('') instead @
11518 * (T75174, T161041) Unit test ChangesListSpecialPageTest::testFilterUserExpLevel
11519 fails under SQLite.
11520 * (T192584) Stop incorrectly passing USE INDEX to RecentChange::newFromConds().
11521 * (T179190) selenium: Move test running logic from package.json to selenium.sh.
11522 * (T117839, T193200) PDFHandler: Fix for pdfinfo changes in poppler-utils 0.48.
11523 * Add default edit rate limit of 90 edits/minute for all users.
11524 * (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported.
11525 * (T196672) The mtime of extension.json files is now able to be zero
11526 * (T180403) Validate $length in padleft/padright parser functions.
11527 * (T143790) Make $wgEmailConfirmToEdit only affect edit actions.
11528 * (T194237) Special:BotPasswords now requires reauthentication.
11529 * (T191608, T187638) Add 'logid' parameter to Special:Log.
11530 * (T176097) resourceloader: Disable a flaky MessageBlobStoreTest case
11531 * (T193829) Indicate when a Bot Password needs reset.
11532 * (T151415) Log email changes.
11533 * (T118420) Unbreak Oracle installer.
11535 == MediaWiki 1.29.2 ==
11537 This is a security and maintenance release of the MediaWiki 1.29 branch.
11539 === Changes since 1.29.1 ===
11540 * (T166757) Avoid scoped lock errors in Category::refreshCounts() due to
11542 * (T175439) Unbreak Postgres Updater when setting defaults for a column.
11543 * (T160298) Remove use of implicitGroupBy() in ActiveUsersPager.
11544 * Fixed login button label to accept RawMessage.
11545 * Fixed case of SpecialRecentChanges class usage.
11546 * (T174255) Declare uploadCount property in importDump.php.
11547 * (T163646) Pass a string not an int to mysql_real_escape_string().
11548 * (T180143) Bump justinrainbow/json-schema development dependency to ~5.2.
11549 * Updated dev dependancy phpunit/phpunit from v4.8.35 to v4.8.36.
11550 * (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and
11551 browser sends non-standard url escaping.
11552 * (T165846) SECURITY: BotPassword login attempts weren't throttled.
11553 * (T128209) SECURITY: Reflected File Download from api.php.
11554 * (T134100) SECURITY: Do not reveal if user exists during login failure.
11555 * (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
11556 * (T125163) SECURITY: Make anchor for headlines escape > and <.
11557 * (T180237) SECURITY: Protect vendor folder with .htaccess.
11558 * (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in
11560 * (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit.
11561 * (T119158) SECURITY: Handle -{}- syntax in attributes safely.
11562 * (T180488) (T125177) "api.log contains passwords in plaintext" wasn't correctly
11563 fixed in all branches in the previous security release.
11565 == MediaWiki 1.29.1 ==
11567 This is a maintenance release of the MediaWiki 1.29 branch.
11569 The SpamBlacklist and PdfHandler extensions were missing from the generated
11572 === Changes since 1.29.1 ===
11573 * (T164999) Define mw.Upload.Dialog.static.name in mediawiki.Upload.Dialog.js.
11574 * (T172061) Fix fatal when passing a category to refreshLinks.php.
11576 == MediaWiki 1.29.0 ==
11578 === Configuration changes in 1.29 ===
11579 * Default cookie expiration time has been reduced to 30 days. Login cookie
11580 expiration time is kept at 180 days.
11581 * A new configuration variable has been added: $wgCookieSetOnAutoblock. This
11582 determines whether to set a cookie when a user is autoblocked. Doing so means
11583 that a blocked user, even after logging out and moving to a new IP address,
11584 will still be blocked.
11585 * The resetpassword right and associated password reset capture feature has
11587 * The $error parameter to the EmailUser hook should be set to a Status object
11588 or boolean false. This should be compatible with at least MediaWiki 1.23 if
11589 not earlier. Returning a raw HTML string is now deprecated.
11590 * The $message parameter to the ApiCheckCanExecute hook should be set to an
11591 ApiMessage. This is compatible with MediaWiki 1.27 and later. Returning a
11592 code for ApiBase::parseMsg() will no longer work.
11593 * ApiBase::$messageMap is no longer public. Code attempting to access it will
11594 result in a PHP fatal error.
11595 * $wgUserEmailUseReplyTo is now true by default to work around restrictive DMARC
11597 * Subpages are now enabled by default in the Template namespace. Set
11598 $wgNamespacesWithSubpages[NS_TEMPLATE] to false to keep the old behavior.
11599 * $wgRunJobsAsync is now false by default (T142751). This change only affects
11600 wikis with $wgJobRunRate > 0.
11601 * (T158474) "Unknown user" has been added to $wgReservedUsernames.
11602 * (T156983) $wgRateLimitsExcludedIPs now accepts CIDR ranges as well as single
11604 * $wgDummyLanguageCodes is deprecated. Additional language code mappings may be
11605 added to $wgExtraLanguageCodes instead.
11606 * (T161453) LocalisationCache will no longer use the temporary directory in it's
11607 fallback chain when trying to work out where to write the cache.
11608 * The user right 'editusercssjs' (deprecated in 1.16) was removed. Use
11609 'editusercss' and 'edituserjs' in $wgGroupPermissions and elsewhere instead.
11611 === New features in 1.29 ===
11612 * (T5233) A cookie can now be set when a user is autoblocked, to track that user
11613 if they move to a new IP address. This is disabled by default.
11614 * Added ILocalizedException interface to standardize the use of localized
11615 exceptions, largely so the API can handle them more sensibly.
11616 * Blocks created automatically by MediaWiki, such as for configured proxies or
11617 dnsbls, are now indicated as such and use a new i18n message when displayed.
11618 * Added new $wgHTTPImportTimeout setting. Sets timeout for
11619 downloading the XML dump during a transwiki import in seconds.
11620 * Parser limit report is now available in machine-readable format to JavaScript
11621 via mw.config.get('wgPageParseReport').
11622 * Added $wgSoftBlockRanges, to allow for automatically blocking anonymous edits
11623 from certain IP ranges (e.g. private IPs).
11624 * (T59603) Added new magic word {{PAGELANGUAGE}} which returns the language code
11625 of the page being parsed.
11626 * HTML5 form validation attributes will no longer be suppressed. Originally
11627 browsers had poor support for them, but modern browsers handle them fine.
11628 This might affect some forms that used them and only worked because the
11629 attributes were not actually being set.
11630 * Expiry times can now be specified when users are added to user groups.
11631 * Completely new user interface for the RecentChanges page, which
11632 structures filters into user-friendly groups. This has corresponding
11633 changes to how filters are registered by core and extensions.
11634 * The edit form now uses pretty OOjs UI buttons, checkboxes and summary input.
11635 Because this change can cause problems for extensions and on-wiki
11636 scripts depending on the exact HTML, the old version is still available
11637 and can be used by setting $wgOOUIEditPage = false; in LocalSettings.php.
11638 This will be removed later and OOjs UI will become the only option.
11639 To make testing easier, users can also force either mode by adding
11640 &ooui=true or &ooui=false to the action=edit URL.
11642 === External library changes in 1.29 ===
11644 ==== Upgraded external libraries ====
11645 * Updated QUnit from v1.22.0 to v1.23.1.
11646 * Updated cssjanus from v1.1.2 to v1.2.0.
11647 * Updated psr/log from v1.0.0 to v1.0.2.
11648 * Update Moment.js from v2.8.4 to v2.15.0.
11649 * Updated oyejorge/less.php from v1.7.0.10 to v1.7.0.14.
11650 * Updated monolog from v1.18.2 to 1.22.1.
11651 * Updated wikimedia/composer-merge-plugin from v1.3.1 to v1.4.0.
11652 * Updated OOjs from v1.1.10 to v2.0.0.
11653 * Updated jQuery from v1.11.3 to v3.2.1 (including jQuery Migrate v3.0.0).
11655 ==== New external libraries ====
11656 * Added wikimedia/timestamp v1.0.0.
11657 * Added wikimedia/remex-html v1.0.1.
11659 ==== Removed and replaced external libraries ====
11661 === Bug fixes in 1.29 ===
11662 * (T62604) Core parser functions returning a number now format the number
11663 according to the page content language, not wiki content language.
11664 * (T27187) Search suggestions based on jquery.suggestions will now correctly
11665 only highlight prefix matches in the results.
11666 * (T157035) "new mw.Uri()" was ignoring options when using default URI.
11667 * Special:Allpages can no longer be filtered by redirect in miser mode.
11668 * (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is
11670 * (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow
11671 redirect to interwiki links.
11672 * (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
11673 $wgAdvancedSearchHighlighting is true.
11674 * (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
11675 their values out of the logs.
11676 * (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a
11678 * (T156184) SECURITY: Escape content model/format url parameter in message.
11679 * (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
11681 * (T161453) SECURITY: LocalisationCache will no longer use the temporary
11682 directory in it's fallback chain when trying to work out where to write the
11684 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
11685 inclusion syntax's link parameter.
11686 * (T108138) SECURITY: Sysops can undelete pages, although the page is protected
11689 === Action API changes in 1.29 ===
11690 * Submitting sensitive authentication request parameters to action=login,
11691 action=clientlogin, action=createaccount, action=linkaccount, and
11692 action=changeauthenticationdata in the query string is now an error. They
11693 should be submitted in the POST body instead.
11694 * The capture option for action=resetpassword has been removed
11695 * action=clearhasmsg now requires a POST.
11696 * (T47843) API errors and warnings may be requested in non-English languages
11697 using the new 'errorformat', 'errorlang', and 'errorsuselocal' parameters.
11698 * API error codes may have changed. Most notably, errors from modules using
11699 parameter prefixes (e.g. all query submodules) will no longer be prefixed.
11700 * ApiPageSet-using modules will report the 'invalidreason' using the specified
11702 * action=emailuser may return a "Warnings" status, and now returns 'warnings'
11703 and 'errors' subelements (as applicable) instead of 'message'.
11704 * action=imagerotate returns an 'errors' subelement rather than 'errormessage'.
11705 * action=move now reports errors when moving the talk page as an array under
11706 key 'talkmove-errors', rather than using 'talkmove-error-code' and
11707 'talkmove-error-info'. The format for subpage move errors has also changed.
11708 * action=revisiondelete no longer includes a "rendered" property on warnings
11709 and errors for each item. Use errorformat=wikitext if you're wanting parsed
11711 * action=rollback no longer returns a "messageHtml" property. Use
11712 errorformat=html if you're wanting HTML formatting of error messages.
11713 * action=upload now reports optional stash failures as an array under key
11714 'stasherrors' rather than a 'stashfailed' text string.
11715 * action=watch reports 'errors' and 'warnings' instead of a single 'error', and
11716 no longer returns a 'message' on success.
11717 * Added action=validatepassword to validate passwords for the account creation
11718 and password change forms.
11719 * action=purge now requires a POST.
11720 * There is a new `languagevariants` siprop for action=query&meta=siteinfo,
11721 which returns a list of languages with active LanguageConverter instances.
11722 * action=query&query=allpages will no longer filter redirects using a database
11723 query in miser mode. This may result in less results being returned than were
11726 === Action API internal changes in 1.29 ===
11727 * New methods were added to ApiBase to handle errors and warnings using i18n
11728 keys. Methods for using hard-coded English messages were deprecated:
11729 * ApiBase::dieUsage() was deprecated
11730 * ApiBase::dieUsageMsg() was deprecated
11731 * ApiBase::dieUsageMsgOrDebug() was deprecated
11732 * ApiBase::getErrorFromStatus() was deprecated
11733 * ApiBase::parseMsg() was deprecated
11734 * ApiBase::setWarning() was deprecated
11735 * ApiBase::$messageMap is no longer public. Code attempting to access it will
11736 result in a PHP fatal error.
11737 * The $message parameter to the ApiCheckCanExecute hook should be set to an
11738 ApiMessage. This is compatible with MediaWiki 1.27 and later. Returning a
11739 code for ApiBase::parseMsg() will no longer work.
11740 * UsageException is deprecated in favor of ApiUsageException. For the time
11741 being ApiUsageException is a subclass of UsageException to allow things that
11742 catch only UsageException to still function properly.
11743 * If, for some strange reason, code was using an ApiErrorFormatter instead of
11744 ApiErrorFormatter_BackCompat, note that the result format has changed and
11745 various methods now take a module path rather than a module name.
11746 * ApiMessageTrait::getApiCode() now strips 'apierror-' and 'apiwarn-' prefixes
11747 from the message key, and maps some message keys for backwards compatibility.
11748 * API parameters may now be marked as "sensitive" to keep their values out of
11751 === Languages updated in 1.29 ===
11753 MediaWiki supports over 350 languages. Many localisations are updated
11754 regularly. Below only new and removed languages are listed, as well as
11755 changes to languages because of Phabricator reports.
11757 * Based as always on linguistic studies on intelligibility and language
11758 knowledge by geography, language fallbacks have been expanded. When a
11759 translation is missing in the user's preferred interface language, the
11760 corresponding translation for the fallback language will be used instead.
11761 English will only be used as last resort when there are no translations.
11762 Some configurations (such as date formats and gender namespaces) have also
11763 been updated when using the fallback language's configuration was inadequate.
11764 The new or reinstated language fallbacks are (after cs ↔ sk in 1.28):
11765 ca ↔ oc; hsb ↔ dsb; io → eo; mdf → ru; pnt → el; roa-tara → it; rup → ro;
11766 sh → bs, sr-el, hr.
11767 * (T137376) New language support: Atikamekw (atj).
11768 * (T163600) New language support: Dinka (din).
11769 * (T155957) Talk Namespaces for Javanese language (jv) have been updated.
11771 ==== No fallback for Ukrainian ====
11772 * (T39314) The fallback from Ukrainian to Russian was removed. The Ukrainian
11773 language will now use the default fallback language: English. When a
11774 translation to Ukrainian is not available, an English string will be shown.
11776 === Other changes in 1.29 ===
11777 * Database::getSearchEngine() (deprecated in 1.28) was removed. Use
11778 SearchEngineFactory::getSearchEngineClass() instead.
11779 * $wgSessionsInMemcached (deprecated in 1.20) was removed. No replacement is
11780 required as all sessions are stored in Object Cache now.
11781 * MWHttpRequest::execute() should be considered to return a StatusValue; the
11782 Status return type is deprecated.
11783 * User::edits() (deprecated in 1.21) was removed.
11784 * Xml::escapeJsString() (deprecated in 1.21) was removed.
11785 * Article::getText() and Article::prepareTextForEdit() (deprecated in 1.21)
11787 * Article::getAutosummary() and WikiPage::getAutosummary() (deprecated in 1.21)
11789 * Hook ArticleViewCustom (deprecated in 1.21) was removed. Use
11790 ArticleContentViewCustom instead.
11791 * Hooks EditPageGetDiffText and ShowRawCssJs (deprecated in 1.21) were removed.
11792 * Class RevisiondeleteAction (deprecated in 1.25) was removed.
11793 * WikiPage::prepareTextForEdit() (deprecated in 1.21) was removed.
11794 * WikiPage::getText() (deprecated in 1.21) was removed.
11795 * Article::fetchContent() (deprecated in 1.21) was removed.
11796 * User::getPassword() (deprecated in 1.27) was removed.
11797 * User::getTemporaryPassword() (deprecated in 1.27) was removed.
11798 * User::isPasswordReminderThrottled() (deprecated in 1.27) was removed.
11799 * Class FSRepo (deprecated in 1.19) was removed.
11800 * WebRequest::checkSessionCookie() (deprecated in 1.27) was removed. Use
11801 \MediaWiki\Session\SessionManager::singleton()->getPersistedSessionId()
11803 * Class ImageGallery (deprecated in 1.22) was removed.
11804 Use ImageGalleryBase::factory instead.
11805 * Title::moveNoAuth() (deprecated in 1.25) was removed. Use MovePage class
11807 * Hook UnknownAction (deprecated in 1.19) was actually deprecated (it will now
11808 emit warnings). Create a subclass of Action and add it to $wgActions instead.
11809 * WikiRevision::getText() (deprecated since 1.21) is no longer marked
11811 * Linker::getInterwikiLinkAttributes() (deprecated since 1.25) was removed.
11812 * Linker::getInternalLinkAttributes() (deprecated since 1.25) was removed.
11813 * Linker::getInternalLinkAttributesObj() (deprecated since 1.25) was removed.
11814 * Linker::getLinkAttributesInternal() (deprecated since 1.25) was removed.
11815 * RedisConnectionPool::handleException (deprecated since 1.23) was removed.
11816 * The static properties mw.Api.errors and mw.Api.warnings, containing incomplete
11817 and outdated lists of errors/warnings returned by the API, are now deprecated.
11818 * wiki.phtml entry point was removed. Refer to index.php instead. If you want
11819 "wiki.phtml" URLs to continue to work, set up redirects. In Apache, this can
11820 be done by enabling mod_rewrite and adding the following rules to your
11825 RewriteRule ^/w/wiki\.phtml$ /w/index.php [R=301,L]
11826 * Hook ArticleAfterFetchContent (deprecated in 1.21) was removed.
11827 Use ArticleAfterFetchContentObject instead.
11828 * Hook ArticleInsertComplete (deprecated in 1.21) was removed.
11829 Use PageContentInsertComplete instead.
11830 * Hook ArticleSave (deprecated in 1.21) was removed.
11831 Use PageContentSave instead.
11832 * Hook ArticleSaveComplete (deprecated in 1.21) was removed.
11833 Use PageContentSaveComplete instead.
11834 * Hook EditFilterMerged (deprecated in 1.21) was removed.
11835 Use EditFilterMergedContent instead.
11836 * Hook EditPageGetPreviewText (deprecated in 1.21) was removed.
11837 Use EditPageGetPreviewContent instead.
11838 * Hook TitleIsCssOrJsPage (deprecated in 1.21) was removed.
11839 Use ContentHandlerDefaultModelFor instead.
11840 * Hook TitleIsWikitextPage (deprecated in 1.21) was removed.
11841 Use ContentHandlerDefaultModelFor instead.
11842 * Article::getContent() (deprecated in 1.21) was removed.
11843 * Revision::getText() (deprecated in 1.21) was removed.
11844 * Article::doEdit() and WikiPage::doEdit() (deprecated in 1.21) were removed.
11845 * Parser::replaceUnusualEscapes() (deprecated in 1.24) was removed.
11846 * Article::doEditContent() was marked as deprecated, to be removed in 1.30
11848 * ContentHandler::runLegacyHooks() was removed.
11849 * refreshLinks.php now can be limited to a particular category with
11850 --category=... or a tracking category with --tracking-category=...
11851 * User-like objects that are passed to SpecialUserRights and its subclasses are
11852 now required to have a getGroupMemberships() method. See UserRightsProxy for
11854 * User::$mGroups (instance variable) was marked private. Use User::getGroups()
11856 * User::getGroupName(), User::getGroupMember(), User:getGroupPage(),
11857 User::makeGroupLinkHTML(), and User::makeGroupLinkWiki() were deprecated.
11858 Use equivalent methods on the UserGroupMembership class.
11859 * Maintenance scripts and tests that call User::addGroup() must now ensure that
11860 User objects have been added to the database prior to calling addGroup().
11861 * Protected function UsersPager::getGroups() was removed, and protected function
11862 UsersPager::buildGroupLink() was changed from a static to an instance method.
11863 * The third parameter ($cache) to the UsersPagerDoBatchLookups hook was changed;
11864 see docs/hooks.txt.
11865 * User::crypt() (deprecated in 1.24) was removed.
11866 * User::comparePasswords() (deprecated in 1.24) was removed.
11867 * ArchivedFile::getUserText() (deprecated in 1.23) was removed.
11868 * HTMLFileCache::newFromTitle() (deprecated in 1.24) was removed.
11869 * BREAKING CHANGE: Internal signature changes to ChangesListSpecialPage
11870 and subclasses. It should only break if you call buildMainQueryConds
11871 (changed to buildQuery with new signature) or doMainQuery (new
11872 signature). Subclasses are likely to call at least doMainQuery
11873 (possibly both), but other classes might too, because they were
11875 Also, some related hooks were deprecated, but this is not yet a
11877 * Removed 'jquery.arrowSteps' module. (deprecated since 1.28)
11878 * The 'jquery.autoEllipsis' ResourceLoader module is now deprecated.
11879 * WikiRevision::$fileIsTemp was deprecated.
11880 * WikiRevision::$importer was deprecated.
11881 * WikiRevision::$user was deprecated.
11882 * Article::getLastPurgeTimestamp(), WikiPage::getLastPurgeTimestamp(), and the
11883 WikiPage::PURGE_* constants are deprecated, and the functions will always
11884 return false. They were a hack for an issue that has since been fixed.
11885 * Hook 'EditPageBeforeEditChecks' is now deprecated. Instead use the new hook
11886 'EditPageGetCheckboxesDefinition', or 'EditPage::showStandardInputs:options'
11887 if you don't actually care about checkboxes and just want to add some HTML
11889 * Selflinks are now rendered as href-less <a> tags with the class mw-selflink
11890 rather than <strong> tags. The old class name, "selflink", was deprecated
11891 and will be removed in a future release. (T160480)
11892 * (T156184) $wgRawHtml will no longer apply to internationalization messages.
11893 * Browser support for non-ES5 JavaScript browsers, including Android 2,
11894 Opera <12.10, and Internet Explorer 9, was lowered from Grade A to Grade C.
11895 * Removed wikibits global methods deprecated since MediaWiki 1.17 (T122755):
11896 is_gecko, is_chrome_mac, is_chrome, webkit_version, is_safari_win, is_safari,
11897 webkit_match, is_ff2, ff2_bugs, is_ff2_win, is_ff2_x11, opera95_bugs,
11898 opera7_bugs, opera6_bugs, is_opera_95, is_opera_preseven, is_opera,
11899 ie6_bugs, clientPC, changeText, killEvt, addHandler, hookEvent,
11900 addClickHandler, removeHandler, getElementsByClassName, getInnerText,
11901 setupCheckboxShiftClick, addCheckboxClickHandlers, mwEditButtons,
11902 mwCustomEditButtons, injectSpinner, removeSpinner, escapeQuotes,
11903 escapeQuotesHTML, jsMsg, addPortletLink, appendCSS, tooltipAccessKeyPrefix,
11904 tooltipAccessKeyRegexp, updateTooltipAccessKeys.
11905 * The ID of the <li> element containing the login link has changed from
11906 'pt-login' to 'pt-login-private' in private wikis.
11907 * The old, neglected "bulletin board style toolbar" in the edit form is now
11908 deprecated (T30856). This old code dates from 2006, and was replaced in the
11909 MediaWiki release tarball and in Wikimedia production by the WikiEditor
11910 extension in 2010. It is only shown to users if no other editor was
11911 installed, and leads to confusion.
11912 * (T92459) Loading ResourceLoader modules containing JavaScript through
11913 addModuleStyles() is deprecated and will log a warning server-side.
11917 == MediaWiki 1.28.3 ==
11919 This is a security and maintenance release of the MediaWiki 1.28 branch.
11921 === Changes since 1.28.2 ==
11922 * (T168856) Allow SVGs created by Dia to be uploaded.
11923 * (T157545) Add missing doUpdates() call to refreshLinks.php.
11924 * (T165714) (T100085) Better handling of jobs execution in post-connection
11926 * (T154425) (T154438) (T157679) Use AutoCommitUpdate instead of
11927 Database->onTransactionIdle.
11928 * (T154425) Make DeferredUpdates detect LBFactory transaction rounds.
11929 * (T149454) Restore erroneously removed realTableName call from
11931 * (T167798) Fix phrase search and highlighting for phrase queries.
11932 * (T151136) Provide credits information to callbacks in extension registration.
11933 * (T160462) Allow namespaces defined in extension.json to be overwritten
11935 * (T168337) Fix ErrorPageError to work from non-UI contexts.
11936 * (T143788) Backports for PHP 7.0 and 7.1 support.
11937 * (T175439) Unbreak Postgres Updater when setting defaults for a column.
11938 * (T160298) Remove use of implicitGroupBy() in ActiveUsersPager.
11939 * (T174255) Declare uploadCount property in importDump.php.
11940 * (T180231) SECURITY: Updated dev dependancy phpunit/phpunit from v4.8.24 to
11942 * (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and
11943 browser sends non-standard url escaping.
11944 * (T165846) SECURITY: BotPassword login attempts weren't throttled.
11945 * (T128209) SECURITY: Reflected File Download from api.php.
11946 * (T134100) SECURITY: Do not reveal if user exists during login failure.
11947 * (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
11948 * (T125163) SECURITY: Make anchor for headlines escape > and <.
11949 * (T180237) SECURITY: Protect vendor folder with .htaccess.
11950 * (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in
11952 * (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit.
11953 * (T119158) SECURITY: Handle -{}- syntax in attributes safely.
11955 == MediaWiki 1.28.2 ==
11957 Due to a packaging error, the wrong version of the SyntaxHighlight extension was
11958 included in the tarball version of MediaWiki 1.28.1. The version included had a
11959 serious security issue in it (T158689). There was also some minor code fixes in
11960 MediaWiki itself since 1.28.1, but none of them were security relevant.
11962 == MediaWiki 1.28.1 ==
11964 This is a security and maintenance release of the MediaWiki 1.28 branch.
11966 === Changes since 1.28.0 ===
11968 * $wgRunJobsAsync is now false by default (T142751). This change only affects
11969 wikis with $wgJobRunRate > 0.
11970 * Fix fatal from "WaitConditionLoop" not being found, experienced when a wiki
11971 has more than one database server setup.
11972 * (T152717) Better escaping for PHP mail() command,
11973 * (T154670) A missing method causing the MySQL installer to fatal in rare
11974 circumstances was restored.
11975 * (T154672) Un-deprecate ArticleAfterFetchContentObject hook.
11976 * (T158766) Avoid SQL error on MSSQL when using selectRowCount().
11977 * (T145635) Fix too long index error when installing with MSSQL.
11978 * (T156184) $wgRawHtml will no longer apply to internationalization messages.
11979 * (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is
11981 * (T154872) Fix incorrect ar_usertext_timestamp index names in new 1.28
11983 * (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow
11984 redirect to interwiki links.
11985 * (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
11986 $wgAdvancedSearchHighlighting is true.
11987 * (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
11988 their values out of the logs.
11989 * (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a
11991 * (T156184) SECURITY: Escape content model/format url parameter in message.
11992 * (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
11994 * (T161453) SECURITY: LocalisationCache will no longer use the temporary
11995 directory in it's fallback chain when trying to work out where to write the
11997 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
11998 inclusion syntax's link parameter.
11999 * (T108138) SECURITY: Sysops can undelete pages, although the page is protected
12002 == MediaWiki 1.28 ==
12004 === Changes since 1.28.0-rc1 ===
12005 * (T148957) Replace wgShowExceptionDetails with wgShowDBErrorBacktrace on db
12007 * (T148956) Only apply wgDBschema to postgres/mssql.
12008 * (T145991) Introduce separate log action for deleting pages on move.
12009 * (T141474) (T110464) Bypass login page if no user input is required.
12011 === Changes since 1.28.0-rc0 ===
12012 * (T142210) The changes to move the parser "NewPP limit report" from a HTML
12013 comment to a machine-readable JavaScript config option 'wgPageParseReport'
12014 have been undone. They caused the human-readable limit report to be shown
12015 incompletely or not at all. ParserOutput::setLimitReportData() and
12016 getLimitReportData() behave as they did in MediaWiki 1.27 again.
12017 * (T149510) Value of {{DISPLAYTITLE:}} parser function will not be used for
12018 the text of subheadings on a category page when creating it. This wasn't
12020 * (T106793) MediaWiki will no longer try to perform a HTTP redirect to the
12021 canonical pretty URL when a non-pretty URL is used. It resulted in redirect
12022 loops in some clients and in some server configurations. This undoes a change
12023 made in MediaWiki 1.26.
12024 * (T149759) manifest_version: 2 was removed.
12026 === Configuration changes in 1.28 ===
12027 * $wgSend404Code now affects status code of action=history if the page is not
12029 * BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests
12030 made by MediaWiki via a proxy. Relying on the http_proxy environment
12031 variable is no longer supported.
12032 * The load.php entry point now enforces the existing policy of not allowing
12033 access to session data, which includes the session user and the session
12034 user's language. If such access is attempted, an exception will be thrown.
12035 * The number of internal PBKDF2 iterations used to derive the session secret
12036 is configurable via $wgSessionPbkdf2Iterations.
12037 * Upload dialog's file upload log comment can now be configured separately for
12038 local and foreign uploads.
12039 * $wgForeignUploadTargets now defaults to `[ 'local' ]`, where `'local'`
12040 signifies local uploads. A value of `[]` (empty array) now means that
12041 no upload targets are allowed, effectively disabling the upload dialog.
12042 * The deprecated $wgEditEncoding variable has been removed; it was only used
12043 for Esperanto language character conversion. You are now recommended to use
12044 input methods provided by the UniversalLanguageSelector extension.
12045 * When $wgPingback is true, MediaWiki will periodically ping
12046 https://www.mediawiki.org/beacon with basic information about the local
12047 MediaWiki installation. This data includes, for example, the type of system,
12048 PHP version, and chosen database backend. This behavior is off by default.
12049 * When $wgEditSubmitButtonLabelPublish is true, MediaWiki will label the button
12050 to store-to-database-and-show-to-others as "Publish page"/"Publish changes";
12051 if false, the default, they will be "Save page"/"Save changes".
12052 * The 'editcontentmodel' permission is now granted to all logged-in users
12054 instead of just administrators ('sysop'). Documentation for this feature is
12055 available at <https://www.mediawiki.org/wiki/Help:ChangeContentModel>.
12056 * $wgRevisionCacheExpiry is now set to one week by default instead of being
12058 * Magic links are now disabled by default, and can be re-enabled by modifying
12059 the value of $wgEnableMagicLinks. Their usage is discouraged, but if they are
12060 manually enabled, a tracking category will be added to help identify usage and
12061 make it easier to migrate away from. If you depend upon magic link
12062 functionality, it is requested that you comment on
12063 <https://www.mediawiki.org/wiki/Requests_for_comment/Future_of_magic_links>
12064 and explain your use case(s).
12065 * New config variable $wgCSPFalsePositiveUrls to control what URLs to ignore
12066 in upcoming Content-Security-Policy feature's reporting.
12068 === New features in 1.28 ===
12069 * User::isBot() method for checking if an account is a bot role account.
12070 * Added a new 'slideshow' mode for galleries.
12071 * Added a new hook, 'UserIsBot', to aid in determining if a user is a bot.
12072 * Added a new hook, 'ApiMakeParserOptions', to allow extensions to better
12073 interact with API parsing.
12074 * Added a new hook, 'UploadVerifyUpload', which can be used to reject a file
12075 upload. Unlike 'UploadVerifyFile' it provides information about upload comment
12076 and the file description page, but does not run for uploads to stash.
12077 * (T141604) Extensions can now provide a better error message when their
12078 maintenance scripts are run without the extension being installed.
12079 * (T8948) Numeric sorting in categories is now supported by setting
12080 $wgCategoryCollation to 'uca-default-u-kn' or 'uca-<langcode>-u-kn'. If you
12081 can't use UCA collations, a 'numeric' collation is also available. If
12082 migrating from another collation, you will need to run the updateCollation.php
12083 maintenance script.
12084 * Two new codes have been added to #time parser function: "xit" for days in
12085 current month, and "xiz" for days passed in the year, both in Iranian
12087 * mw.Api has a new option, useUS, to use U+001F (Unit Separator) when
12088 appropriate for sending multi-valued parameters. This defaults to true when
12089 the mw.Api instance seems to be for the local wiki.
12090 * After a client performs an action which alters a database that has replica
12091 databases, MediaWiki will wait for the replica databases to synchronize with
12092 the master database while it renders the HTML output. However, if the output
12093 is a redirect to another wiki on the wiki farm with a different domain,
12094 MediaWiki will instead alter the redirect URL to include a ?cpPosTime
12095 parameter that triggers the database synchronization when the URL is followed
12096 by the client. The same-domain case uses a new cpPosTime cookie.
12097 * Added new hooks, 'ApiQueryBaseBeforeQuery', 'ApiQueryBaseAfterQuery', and
12098 'ApiQueryBaseProcessRow', to make it easier for extensions to add 'prop' and
12099 'show' parameters to existing API query modules.
12101 === External library changes in 1.28 ===
12103 ==== Upgraded external libraries ====
12104 * Updated es5-shim from v4.1.5 to v4.5.8
12105 * Updated composer/semver from v1.4.1 to v1.4.2
12106 * Updated wikimedia/php-session-serializer from v1.0.3 to v1.0.4
12108 ==== New external libraries ====
12109 * Added wikimedia/scoped-callback v1.0.0
12110 * Added wikimedia/wait-condition-loop v1.0.1
12112 === Bug fixes in 1.28 ===
12113 * (T146496) action=history pages should return 404 HTTP error code if the page
12115 * (T137264) SECURITY: XSS in unclosed internal links
12116 * (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks
12117 * (T133147) SECURITY: Require login to preview user CSS pages
12118 * (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is
12120 * (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
12122 * (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true
12123 * (T139670) Move 'UserGetRights' call before application of
12124 Session::getAllowedUserRights()
12126 === Action API changes in 1.28 ===
12127 * Added 'maxarticlesize' property to action=query&meta=siteinfo which contains
12128 the value of $wgMaxArticleSize.
12129 * Property 'modulemessages' from action=parse&prop=modules was removed
12130 (deprecated since 1.26).
12131 * The following response properties from action=login, deprecated in 1.27, are
12132 now removed: lgtoken, cookieprefix, sessionid. Clients should handle cookies
12133 to properly manage session state.
12134 * Submitting the lgtoken and lgpassword parameters in the query string to
12135 action=login is now deprecated and outputs a warning. They should be submitted
12136 in the POST body instead.
12137 * Submitting sensitive authentication request parameters to action=clientlogin,
12138 action=createaccount, action=linkaccount, and action=changeauthenticationdata
12139 in the query string is now deprecated and outputs a warning. They should be
12140 submitted in the POST body instead.
12141 * (T141960) Multi-valued parameters may now be separated using U+001F
12142 (Unit Separator) instead of the pipe character. This will be useful if some of
12143 the multiple values need to contain pipes, e.g. for action=options.
12144 * The API will now warn if input is not NFC-normalized Unicode or if it
12145 contains invalid characters.
12146 * The 'normalized' list output by action=query and other modules that use
12147 ApiPageSet may contain entries where the 'from' value is percent-encoded as
12148 the raw value cannot be represented in a valid API response. These are
12149 indicated by a 'fromencoded' boolean alongside the existing 'from' parameter.
12150 * (T28680) action=paraminfo can now return info about all submodules of a
12151 module without listing them all explicitly.
12152 * (T146770) It is now possible to assert that the current user is a specific
12153 named user, using the 'assertuser' parameter.
12154 * (T141963) Added a 'known' property when missing-but-known titles (e.g. from
12155 the 'TitleIsAlwaysKnown' hook) are output in various modules.
12157 === Action API internal changes in 1.28 ===
12158 * Added a new hook, 'ApiMakeParserOptions', to allow extensions to better
12159 interact with ApiParse and ApiExpandTemplates.
12160 * (T139565) SECURITY: API: Generate head items in the context of the given title
12161 * (T115333) SECURITY: Check read permission when loading page content in
12163 * ApiBase::getResultData() was removed (deprecated since 1.25)
12164 * ApiBase::makeHelpArrayToString() was removed (deprecated since 1.25)
12165 * ApiBase::makeHelpMsgParameters() was removed (deprecated since 1.25)
12166 * ApiBase::makeHelpMsg() was removed (deprecated since 1.25)
12167 * ApiFormatBase::formatHTML() was removed (deprecated since 1.25)
12168 * ApiFormatBase::getNeedsRawData() was removed (deprecated since 1.25)
12169 * ApiFormatBase::getWantsHelp() was removed (deprecated since 1.25)
12170 * ApiFormatBase::setBufferResult() was removed (deprecated since 1.25)
12171 * ApiFormatBase::setHelp() was removed (deprecated since 1.25)
12172 * ApiFormatBase::setUnescapeAmps() was removed (deprecated since 1.25)
12173 * ApiMain::makeHelpMsgHeader() was removed (deprecated since 1.25)
12174 * ApiMain::reallyMakeHelpMsg() was removed (deprecated since 1.25)
12175 * ApiMain::setHelp() was removed (deprecated since 1.25)
12176 * ApiResult::beginContinuation() was removed (deprecated since 1.25)
12177 * ApiResult::cleanUpUTF8() was removed (deprecated since 1.25)
12178 * ApiResult::convertStatusToArray() was removed (deprecated since 1.25)
12179 * ApiResult::disableSizeCheck() was removed (deprecated since 1.24)
12180 * ApiResult::enableSizeCheck() was removed (deprecated since 1.24)
12181 * ApiResult::endContinuation() was removed (deprecated since 1.25)
12182 * ApiResult::getData() was removed (deprecated since 1.25)
12183 * ApiResult::getIsRawMode() was removed (deprecated since 1.25)
12184 * ApiResult::setContent() was removed (deprecated since 1.25)
12185 * ApiResult::setContinueParam() was removed (deprecated since 1.25)
12186 * ApiResult::setElement() was removed (deprecated since 1.25)
12187 * ApiResult::setGeneratorContinueParam() was removed (deprecated since 1.25)
12188 * ApiResult::setIndexedTagName_internal() was removed (deprecated since 1.25)
12189 * ApiResult::setIndexedTagName_recursive() was removed (deprecated since 1.25)
12190 * ApiResult::setMainForContinuation() was removed (deprecated since 1.25)
12191 * ApiResult::setParsedLimit() was removed (deprecated since 1.25)
12192 * ApiResult::setRawMode() was removed (deprecated since 1.25)
12193 * ApiResult::size() was removed (deprecated since 1.25)
12194 * Added new hooks, 'ApiQueryBaseBeforeQuery', 'ApiQueryBaseAfterQuery', and
12195 'ApiQueryBaseProcessRow', to make it easier for extensions to add 'prop' and
12196 'show' parameters to existing API query modules. A query module can enable
12197 these hooks by passing an array for $hookData to ApiQueryBase::select() and
12198 by calling ApiQueryBase->processRow() before adding a row's data to the
12201 === Languages updated in 1.28 ===
12203 MediaWiki supports over 375 languages. Many localisations are updated
12204 regularly. Below only new and removed languages are listed, as well as
12205 changes to languages because of Phabricator reports.
12207 * (T137411) ban (Balinese), thanks to translators Adi Mayndra, Andru,
12208 BASAbali, M. Adiputra, Naval Scene, Nemo bis, NoiX180, and 아라.
12209 * (T135867) shn (Shan), thanks to translators Khun Sar, Piangpha,
12210 Saiddzone Saimawnkham, Saosukham, and Sengwan.
12211 * Czech (cs) and Slovak (sk) set as reciprocal fallbacks.
12212 * (T146744) Livvi-Karelian (olo) namespace messages created thanks to translator
12215 === Other changes in 1.28 ===
12216 * (T128697) Improved handling of large diffs.
12217 * [BREAKING CHANGE] $wgExtendedLoginCookies has been removed. You can
12218 use or update a custom session provider if needed.
12219 * Deprecated APIEditBeforeSave hook in favor of EditFilterMergedContent.
12220 * The 'UploadVerification' hook is deprecated. Use 'UploadVerifyFile' instead.
12221 * SiteConfiguration::isLocalVHost() was removed (deprecated since 1.25).
12222 * The 'UserLoginComplete' hook has a new parameter to differentiate between
12223 actual login and visiting the login page while already logged in.
12224 * ResourceLoader::makeLoaderURL() was removed (deprecated since 1.24).
12225 * $.fn.liveAndTestAtStart was removed (deprecated since 1.24).
12226 * mw.util.tooltipAccessKeyPrefix was removed (deprecated since 1.24).
12227 * mw.util.tooltipAccessKeyRegexp was removed (deprecated since 1.24).
12228 * Linker::link() and Linker::linkKnown() were deprecated; please instead use
12229 MediaWiki\Linker\LinkRenderer. In addition, the LinkBegin and LinkEnd hooks
12230 were replaced by HtmlPageLinkRendererBegin and HtmlPageLinkRendererEnd
12231 respectively. See docs/hooks.txt for the specific changes needed for those
12233 * Linker::formatSize() was deprecated. Use Language::formatSize() directly.
12234 * Aliases for Linker methods, deprecated since 1.21, were removed from Skin:
12235 * Skin::commentBlock() (use Linker::commentBlock() instead)
12236 * Skin::generateRollback() (use Linker::generateRollback() instead)
12237 * Skin::link() (use MediaWiki\Linker\LinkRenderer instead)
12238 * Skin::linkKnown() (use MediaWiki\Linker\LinkRenderer instead)
12239 * Skin::userLink() (use Linker::userLink() instead)
12240 * Skin::userToolLinks() (use Linker::userToolLinks() instead)
12241 * Disabled "bug 2702" HTML tidying of parsed UI messages on wikis where Tidy is
12243 * DifferenceEngine::generateDiffBody() was removed (deprecated since 1.21).
12244 * UploadBase::stashFileGetKey() and UploadBase::stashSession() were deprecated.
12245 Use ...->stashFile()->getFileKey() instead.
12246 * "Public domain" was removed as a wiki license option from the installer, in
12248 * AuthenticationRequest::$required is now changed from REQUIRED to
12249 PRIMARY_REQUIRED on requests needed by primary providers even if all primaries
12251 Primary providers are discouraged from returning multiple REQUIRED requests.
12252 * OOjs UI PHP widgets constructed with the `'infusable' => true` config option
12253 will no longer be automatically infused. You should call `OO.ui.infuse()`
12254 on them yourself from your JavaScript code.
12255 * parserTests.php has moved to tests/parser/parserTests.php
12256 * The command line options specific to parser tests have been removed from
12257 phpunit.php: --regex and --keep-uploads. Instead of --regex, use --filter.
12258 Instead of --keep-uploads, use the same option to parserTests.php, but you
12259 must specify a directory with --upload-dir.
12260 * The 'jquery.arrowSteps' ResourceLoader module is now deprecated.
12261 * IP::isConfiguredProxy() and IP::isTrustedProxy() were removed. Callers should
12262 migrate to using the same functions on a ProxyLookup instance, obtainable from
12264 * The ArticleAfterFetchContent, ArticleInsertComplete, ArticleSave,
12265 ArticleSaveComplete, ArticleViewCustom, EditFilterMerged, EditPageGetDiffText,
12266 EditPageGetPreviewText and ShowRawCssJs hooks will now emit deprecation
12268 * (T68404) CSS3 attr() function with url type is no longer allowed
12270 * Database::getSearchEngine() is deprecated, use
12271 SearchEngineFactory::getSearchEngineClass instead.
12273 == Compatibility ==
12275 MediaWiki 1.28 requires PHP 5.5.9 or later. There is experimental support for
12276 HHVM 3.6.5 or later.
12278 MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but
12279 support for them is somewhat less mature. There is experimental support for
12280 Oracle and Microsoft SQL Server.
12282 The supported versions are:
12284 * MySQL 5.0.3 or later
12285 * PostgreSQL 8.3 or later
12286 * SQLite 3.3.7 or later
12287 * Oracle 9.0.1 or later
12288 * Microsoft SQL Server 2005 (9.00.1399)
12292 1.28 has several database changes since 1.27, and will not work without schema
12293 updates. Note that due to changes to some very large tables like the revision
12294 table, the schema update may take quite long (minutes on a medium sized site,
12295 many hours on a large site).
12297 If upgrading from before 1.11, and you are using a wiki as a commons
12298 repository, make sure that it is updated as well. Otherwise, errors may arise
12299 due to database schema changes.
12301 If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
12302 new database fields are filled with data.
12304 If you are upgrading from MediaWiki 1.4.x or earlier, you should upgrade to
12305 1.5 first. The upgrade script maintenance/upgrade1_5.php has been removed
12306 with MediaWiki 1.21.
12308 Don't forget to always back up your database before upgrading!
12310 See the file UPGRADE for more detailed upgrade instructions.
12312 For notes on 1.27.x and older releases, see HISTORY.
12314 == Online documentation ==
12316 Documentation for both end-users and site administrators is available on
12317 MediaWiki.org, and is covered under the GNU Free Documentation License (except
12318 for pages that explicitly state that their contents are in the public domain):
12320 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
12324 A mailing list is available for MediaWiki user support and discussion:
12326 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
12328 A low-traffic announcements-only list is also available:
12330 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
12332 It's highly recommended that you sign up for one of these lists if you're
12333 going to run a public MediaWiki, so you can be notified of security fixes.
12337 There's usually someone online in #mediawiki on irc.freenode.net.
12341 == MediaWiki 1.27.7 ==
12343 This is a maintenance release of the MediaWiki 1.27 branch.
12345 === Changes since MediaWiki 1.27.6 ===
12346 * Add missing `use MediaWiki\MediaWikiServices;` to LogEventsList.php.
12347 * Remove broken tests from ApiBlockTest.php.
12349 == MediaWiki 1.27.6 ==
12351 This is a security and maintenance release of the MediaWiki 1.27 branch.
12353 === Changes since MediaWiki 1.27.5 ===
12354 * (T204729) WatchedItemStore::countVisitingWatchersMultiple() shouldn't query
12355 all titles when asked for none.
12356 * (T109121) Remove deprecated pear/mail_mime-decode from composer suggested
12358 * (T207241) Augment precision of updatelist time.
12359 * (T207540) Include IP address in "Login for $1 succeeded" log entry.
12360 * (T205765) Don't link to the obsolete "Extension Matrix" page in installer.
12361 * (T207603) SECURITY: User JS may no longer be loaded with mime type
12362 text/javascript if there is no account associated with the username.
12363 * (T113042) SECURITY: Do not allow loading pages raw with a text/javascript MIME
12364 type if non-admins can edit the page.
12365 * (T207541) Pass email address to mail().
12366 * (T209335) Clarify the default sidebar 'Help' link is about MediaWiki itself.
12367 * (T213359) Update mediawiki/mediawiki-codesniffer to 0.8.1.
12368 * (T208871) The hard-coded Google search form on the database error page was
12370 * (T216968) Return pageid as int in both list=iwbacklinks and
12371 list=langbacklinks.
12372 * (T218608) Fix an issue that prevents Extension:OAuth working when
12373 $wgBlockDisablesLogin is true.
12374 * (T219728) Added support for new Japanese era name "Reiwa".
12375 * (T25227) SECURITY: action=logout now requires to be posted and have a csrf
12377 * SpecialPage::checkLoginSecurityLevel() will now preserve POST data when
12379 * FormSpecialPage::execute() will now call checkLoginSecurityLevel() if
12380 getLoginSecurityLevel() returns non-false.
12381 * (T197279) SECURITY: Fix reauth in Special:ChangeEmail.
12382 * (T208881) SECURITY: blacklist CSS var().
12383 * (T209794) SECURITY: rate-limit and prevent blocked users from changing email.
12384 * (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
12385 * (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
12386 * (T222036, T222038) SECURITY: Add permission check for user is permitted to
12388 * (T221739) SECURITY: resources: Patch jQuery 1.11.3 for CVE-2019-11358.
12390 == MediaWiki 1.27.5 ==
12392 This is a security and maintenance release of the MediaWiki 1.27 branch.
12394 === Changes since 1.27.4 ===
12395 * (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides
12397 * (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's
12399 * Upgraded Moment.js from v2.8.4 to v2.19.3.
12400 * (T160298) Fixed Special:ActiveUsers due to bad backport.
12401 * (T87572) Make FormatMetadata::flattenArrayReal() work for an associative
12403 * Updated list of SPDX licenses for extensions.
12404 * (T189567) the CLI installer (maintenance/install.php) learned to detect and
12405 include extensions. Pass --with-extensions to enable that feature.
12406 * (T192584) Stop incorrectly passing USE INDEX to RecentChange::newFromConds().
12407 * Add default edit rate limit of 90 edits/minute for all users.
12408 * (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported.
12409 * (T196672) The mtime of extension.json files is now able to be zero.
12410 * (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete
12412 * (T180403) Validate $length in padleft/padright parser functions.
12413 * (T143790) Make $wgEmailConfirmToEdit only affect edit actions.
12414 * Special:BotPasswords now requires reauthentication.
12415 * (T191608, T187638) Add 'logid' parameter to Special:Log.
12416 * (T193829) Indicate when a Bot Password needs reset.
12417 * (T151415) Log email changes.
12418 * (T118420) Unbreak Oracle installer.
12420 == MediaWiki 1.27.4 ==
12421 This is a security and maintenance release of the MediaWiki 1.27 branch.
12423 === Changes since 1.27.3 ===
12424 * (T100085) Better handling of jobs execution in post-connection shutdown.
12425 * (T141604) Support conditionally registered namespaces.
12426 * (T167798) Fix highlighting for phrase queries and phrase search.
12427 * (T151136) Provide credits information to callbacks.
12428 * (T160462) Allow namespaces defined in extension.json to be overwritten
12430 * (T168856) Allow SVGs created by Dia to be uploaded.
12431 * (T144705) (T148662) Password reset link is no longer shown when no reset
12432 options are available.
12433 * (T143788) (T174262) Various backports for PHP 7.0 and 7.1 support.
12434 * (T66795) $wgUserEmailUseReplyTo is now true by default to work around
12435 restrictive DMARC policies.
12436 * DB_REPLICA constant added from REL1_28+ to ease backports to extensions and
12438 * (T175439) Unbreak Postgres Updater when setting defaults for a column.
12439 * (T160298) Remove use of implicitGroupBy() in ActiveUsersPager.
12440 * (T142304) Allow putting the app ID in the password for bot passwords.
12441 * Updated dev dependancy phpunit/phpunit from v4.8.24 to v4.8.36.
12442 * (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and
12443 browser sends non-standard url escaping.
12444 * (T165846) SECURITY: BotPassword login attempts weren't throttled.
12445 * (T128209) SECURITY: Reflected File Download from api.php.
12446 * (T134100) SECURITY: Do not reveal if user exists during login failure.
12447 * (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
12448 * (T125163) SECURITY: Make anchor for headlines escape > and <.
12449 * (T180237) SECURITY: Protect vendor folder with .htaccess.
12450 * (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in
12452 * (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit.
12453 * (T119158) SECURITY: Handle -{}- syntax in attributes safely.
12455 == MediaWiki 1.27.3 ==
12456 Due to a packaging error, the wrong version of the SyntaxHighlight extension was
12457 included in the tarball version of MediaWiki 1.27.2. The version included had a
12458 serious security issue in it (T158689). There was also some minor code fixes in
12459 MediaWiki itself since 1.27.2, but none of them were security relevant.
12461 === Changes since 1.27.2 ===
12462 * (T145664) Fix broken wincache merge() implementation
12463 * (T163434) Add wikimedia/testing-access-wrapper for forwards compatibility
12464 * (T153505) Fix php warnings on php 7.1 due to use of &$this
12466 == MediaWiki 1.27.2 ==
12467 This is a security and maintenance release of the MediaWiki 1.27 branch.
12469 ApiCreateAccount was removed in 1.27.0. It was incorrectly still marked as
12470 deprecated (rather than already removed) in the RELEASE-NOTES at the point
12471 1.27.0 was released.
12473 === Changes since 1.27.1 ===
12475 * (T68404) CSS3 attr() function with url type argument is no longer allowed
12477 * $wgRunJobsAsync is now false by default (T142751). This change only affects
12478 wikis with $wgJobRunRate > 0.
12479 * (T152717) Better escaping for PHP mail() command
12480 * Submitting the lgtoken and lgpassword parameters in the query string to
12481 action=login is now deprecated and outputs a warning. They should be submitted
12482 in the POST body instead.
12483 * Submitting sensitive authentication request parameters to action=clientlogin,
12484 action=createaccount, action=linkaccount, and action=changeauthenticationdata
12485 in the query string is now deprecated and outputs a warning. They should be
12486 submitted in the POST body instead.
12487 * (T158766) Avoid SQL error on MSSQL when using selectRowCount()
12488 * (T145635) Fix too long index error when installing with MSSQL.
12489 * (T156184) $wgRawHtml will no longer apply to internationalization messages.
12490 * (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is
12492 * (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow
12493 redirect to interwiki links.
12494 * (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
12495 $wgAdvancedSearchHighlighting is true.
12496 * (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
12497 their values out of the logs.
12498 * (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a
12500 * (T156184) SECURITY: Escape content model/format url parameter in message.
12501 * (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
12503 * (T161453) SECURITY: LocalisationCache will no longer use the temporary
12504 directory in it's fallback chain when trying to work out where to write the
12506 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
12507 inclusion syntax's link parameter.
12508 * (T108138) SECURITY: Sysops can undelete pages, although the page is protected
12511 == MediaWiki 1.27.1 ==
12513 This is a maintenance release of the MediaWiki 1.27 branch.
12515 === Changes since 1.27.0 ===
12516 * BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests
12517 made by MediaWiki via a proxy. Relying on the http_proxy environment
12518 variable is no longer supported.
12519 * (T139565) SECURITY: API: Generate head items in the context of the given title
12520 * (T137264) SECURITY: XSS in unclosed internal links
12521 * (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks
12522 * (T133147) SECURITY: Require login to preview user CSS pages
12523 * (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is
12525 * (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
12527 * (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true
12528 * (T115333) SECURITY: Check read permission when loading page content in
12530 * (T57548) Remove support for $wgWellFormedXml = false, all output is now well
12532 * (T139670) Move 'UserGetRights' call before application of
12533 Session::getAllowedUserRights()
12535 == MediaWiki 1.27.0 ==
12537 === PHP version requirement in 1.27 ===
12538 As of 1.27, MediaWiki now requires PHP 5.5.9 or higher (see Compatibility
12539 section). Additionally, the following PHP extensions are required:
12543 * mbstring (new requirement in 1.27)
12545 The following PHP extensions are strongly recommended:
12548 === Configuration changes in 1.27 ===
12549 * $wgAllowMicrodataAttributes and $wgAllowRdfaAttributes were removed,
12550 now always enabled. If you use RDFa on your wiki, you now have to explicitly
12551 set $wgHtml5Version to 'HTML+RDFa 1.0' or 'XHTML+RDFa 1.0'.
12552 * $wgUseLinkNamespaceDBFields was removed.
12553 * Deprecated $wgResourceLoaderMinifierStatementsOnOwnLine and
12554 $wgResourceLoaderMinifierMaxLineLength, because there was little value in
12555 making the behavior configurable. The default values (`false` for the former,
12556 1000 for the latter) are now hard-coded.
12557 * $wgDebugDumpSqlLength was removed (deprecated in 1.24).
12558 * $wgDebugDBTransactions was removed (deprecated in 1.20).
12559 * $wgUseXVO has been removed, as it provides functionality only used by
12560 custom Wikimedia patches against Squid 2.x that probably noone uses in
12561 production anymore. There is now $wgUseKeyHeader that provides similar
12562 functionality but instead of the MediaWiki-specific X-Vary-Options header,
12563 uses the draft Key header standard.
12564 * $wgScriptExtension (and support for '.php5' entry points) was removed. See the
12565 deprecation notice in the release notes for version 1.25 for advice on how to
12566 preserve support for '.php5' entry points via URL rewriting.
12567 * Password handling via the User object has been deprecated and partially
12568 removed, pending the future introduction of AuthManager. In particular:
12569 ** expirePassword(), getPasswordExpireDate(), resetPasswordExpiration(), and
12570 getPasswordExpired() have been removed. They were unused outside of core.
12571 ** The mPassword, mNewpassword, mNewpassTime, and mPasswordExpires fields are
12572 now private and will be removed in the future.
12573 ** The getPassword() and getTemporaryPassword() methods now throw
12574 BadMethodCallException and will be removed in the future.
12575 ** The ability to pass 'password' and 'newpassword' to createNew() has been
12576 removed. The only users of it seem to have been using it to set invalid
12577 passwords, and so shouldn't be greatly affected.
12578 ** setPassword(), setInternalPassword(), and setNewpassword() have been
12579 deprecated, pending the introduction of AuthManager.
12580 ** User::randomPassword() is deprecated in favor of a new method
12581 PasswordFactory::generateRandomPasswordString()
12582 ** User::getPasswordFactory() is deprecated, callers should just create a
12583 PasswordFactory themselves.
12584 ** A new constructor, User::newSystemUser(), has been added to simplify the
12585 creation of passwordless "system" users for logged actions.
12586 * $wgMaxSquidPurgeTitles was removed.
12587 * $wgAjaxWatch was removed. This is now enabled by default.
12588 * $wgUseInstantCommons now hotlinks Commons images by default instead of
12589 downloading originals and thumbnailing them locally. This allows wikis to save
12590 on CPU and bandwidth while reducing time to first byte for pages, even without
12591 a thumbnail handler. See $wgForeignFileRepos documentation for tweaks.
12592 * (T27397) WebP is enabled by default as an uploadable filetype.
12593 * (T48998) $wgArticlePath must now be either a full url, or start with a "/".
12594 * $wgRateLimitLog was removed; use $wgDebugLogGroups['ratelimit'] instead.
12595 * Deprecated API formats dbg, txt, and yaml have been removed.
12596 * CLDRPluralRule* classes have been replaced with
12597 wikimedia/cldr-plural-rule-parser.
12598 * Removed $wgProfilePerHost, $wgUDPProfilerHost, $wgUDPProfilerPort,
12599 $wgUDPProfilerFormatString, $wgStatsMethod, $wgAggregateStatsID,
12600 $wgStatsFormatString, and $wgProfileCallTree (deprecated since 1.20).
12601 * For proper operation of LocalIdLookup with shared user tables, ensure that
12602 $wgSharedDB and $wgSharedTables are properly set even on the "central" wiki
12603 that all others are sharing from and that $wgLocalDatabases is set to the
12604 full list of sharing wikis on all those wikis.
12605 * Massive overhaul to session handling:
12606 ** $wgSessionsInObjectCache is no longer supported and must be true, due to
12607 MediaWiki\Session\SessionManager. $wgSessionHandler is similarly no longer
12609 ** ObjectCacheSessionHandler is removed, replaced with
12610 MediaWiki\Session\PhpSessionHandler.
12611 ** PHP session handling in general ($_SESSION, session_id(), and so on) is
12612 deprecated. Use MediaWiki\Session\SessionManager instead. A new config
12613 variable, $wgPHPSessionHandling, is available to cause use of $_SESSION to
12614 issue a deprecation warning or to cause most PHP session handling to throw
12616 ** Deprecated UserSetCookies hook. Session-handling extensions should generally
12617 be creating a custom subclass of CookieSessionProvider. Other extensions
12618 messing with cookies can no longer count on user data being saved in cookies
12619 versus other methods.
12620 ** Deprecated UserLoadFromSession hook, extensions should create a
12621 MediaWiki\Session\SessionProvider.
12622 ** The User cannot be loaded from session until after Setup.php completes.
12623 Attempts to do so will be ignored and the User will remain unloaded.
12624 ** CSRF tokens may be fetched from the MediaWiki\Session\Session, which uses
12625 the MediaWiki\Session\Token class.
12626 * MediaWiki will now auto-create users as necessary, removing the need for
12627 extensions to do so. An 'autocreateaccount' right is added to allow
12628 auto-creation when 'createaccount' is not granted to all users.
12629 * Deprecated AuthPluginAutoCreate hook in favor of LocalUserCreated.
12630 * Most cookie-handling methods in User are deprecated.
12631 * $wgAllowAsyncCopyUploads and $CopyUploadAsyncTimeout were removed. This was an
12632 experimental feature that has never worked.
12633 * Login and createaccount tokens now vary by timestamp.
12634 * LoginForm::getLoginToken() and LoginForm::getCreateaccountToken()
12635 return a MediaWiki\Session\Token, and tokens must be checked using that
12637 * $wgEnotifUseJobQ was removed and the job queue is always used.
12638 * The functionality of the ApiSandbox extension has been merged into core. The
12639 extension should no longer be used.
12640 * $wgPreloadJavaScriptMwUtil was removed (deprecated in 1.26).
12641 Extensions, skins, gadgets and scripts that use the mediawiki.util module must
12642 express a dependency on it.
12643 * $wgIncludeLegacyJavaScript, deprecated in MediaWiki 1.26, now defaults false.
12644 Extensions, skins, gadgets and scripts that need the mediawiki.legacy.wikibits
12645 module should express a dependency on it.
12646 * Removed configuration option $wgCopyrightIcon (deprecated since 1.18). Use
12647 $wgFooterIcons['copyright']['copyright'] instead.
12648 * If the openssl and mcrypt PHP extensions are both unavailable, secure
12649 session storage (used for login) will raise an exception. This exception may
12650 be bypassed by setting $wgSessionInsecureSecrets = true.
12651 * Massive overhaul to authentication:
12652 ** AuthPlugin and AuthPluginUser are deprecated.
12653 ** LoginForm and associated templates are deprecated. Extensions which called
12654 static LoginForm methods should be converted into authentication providers.
12655 ** The following hooks are deprecated:
12656 *** AbortAutoAccount (create a MediaWiki\Auth\PreAuthenticationProvider instead)
12657 *** AbortLogin (create a MediaWiki\Auth\PreAuthenticationProvider instead)
12658 *** AbortNewAccount (create a MediaWiki\Auth\PreAuthenticationProvider instead)
12659 *** AddNewAccount (use LocalUserCreated instead)
12660 *** AuthPluginSetup (create a MediaWiki\Auth\PrimaryAuthenticationProvider
12662 *** ChangePasswordForm (use AuthChangeFormFields instead, or security levels)
12663 *** LoginUserMigrated (create a MediaWiki\Auth\PreAuthenticationProvider
12665 *** UserCreateForm (create a MediaWiki\Auth\AuthenticationProvider of some type
12667 *** UserLoginForm (create a MediaWiki\Auth\AuthenticationProvider of some type
12669 ** The following hooks are removed:
12670 *** AbortChangePassword
12671 *** LoginPasswordResetMessage
12672 *** PrefsPasswordAudit
12673 ** The UserLoginComplete hook will no longer be called for all logins, only for
12674 those via the web UI. Use UserLoggedIn if you need to do something on all
12676 ** $wgRequirePasswordforEmailChange is removed.
12678 === New features in 1.27 ===
12679 * $wgDataCenterUpdateStickTTL was also added. This decides how long a user
12680 sticks to the primary DC (via cookies) after they make changes to the site.
12681 * Added a new hook, 'UserMailerTransformContent', to transform the contents
12682 of an email. This is similar to the EmailUser hook but applies to all mail
12683 sent via UserMailer.
12684 * Added a new hook, 'UserMailerTransformMessage', to transform the contents
12685 of an emai after MIME encoding.
12686 * Added a new hook, 'UserMailerSplitTo', to control which users have to be
12687 emailed separately (ie. there is a single address in the To: field) so
12688 user-specific changes to the email can be applied safely.
12689 * $wgCdnMaxageLagged was added, which limits the CDN cache TTL
12690 when any load balancer uses a DB that is lagged beyond the 'max lag'
12691 setting in the relevant section of $wgLBFactoryConf.
12692 * User::newSystemUser() may be used to simplify the creation of passwordless
12693 "system" users for logged actions from scripts and extensions.
12694 * Extensions can now return detailed error information via the API when
12695 preventing user actions using 'getUserPermissionsErrors' and similar hooks
12696 by using ApiMessage instances instead of strings for the $result value.
12697 * $wgAPIMaxLagThreshold was added to limit bot changes when databases lag
12699 * Skins and extensions can now use FlexBox mixins (.flex-display(@display: flex)
12700 and .flex(@grow: 1, @shrink: 1, @width: auto, @order: 1)) in Less to create
12701 cross-browser-compatible FlexBox rules. Users will still need to add fallback
12702 float rules or the like for compatibility with IE9- separately.
12703 * Added MWTimestamp::getTimezoneString() which returns the localized timezone
12704 string, if available. To localize this string, see the comments of
12705 $wgLocaltimezone in includes/DefaultSettings.php.
12706 * Added CentralIdLookup, a service that allows extensions needing a concept of
12707 "central" users to get that without having to know about specific central
12708 authentication extensions.
12709 * $wgMaxUserDBWriteDuration added to limit huge user-generated transactions.
12710 Regular web request transactions that takes longer than this are aborted.
12711 * Added a new hook, 'TitleMoveCompleting', which runs before a page move is
12713 * $wgCdnReboundPurgeDelay was added to provide secondary delayed purges of URLs
12714 from CDN to mitigate DB replication lag and WAN cache purge lag.
12715 * (T49162) Installer will default to setting CACHE_ACCEL as the main cache type
12716 if it is available.
12717 * It is now possible to patrol file uploads (both for new files and new versions
12718 of existing files). Special:NewFiles has gained an option to filter by patrol
12719 status. This functionality can be disabled using $wgUseFilePatrol.
12720 * MediaWiki\Session infrastructure allows for easier use of session mechanisms
12721 other than the usual cookies.
12722 ** SessionMetadata and SessionCheckInfo hooks allow for setting and checking
12723 custom session metadata.
12724 * Added MWGrants and associated configuration settings $wgGrantPermissions and
12725 $wgGrantPermissionGroups to hold configuration for authentication features
12726 such as OAuth that want to allow restricting the user rights a user may make
12728 ** If you're already using the OAuth extension, these new variables are
12729 identical to (and will replace) $wgMWOAuthGrantPermissions and
12730 $wgMWOAuthGrantPermissionGroups.
12731 * Added MWRestrictions as a class to check restrictions on a WebRequest, e.g.
12732 to assert that the request comes from a particular IP range.
12733 * Added bot passwords, a rights-restricted login mechanism for API-using bots.
12734 * Whitelisted the following HTML attributes for all elements in wikitext:
12735 aria-describedby, aria-flowto, aria-label, aria-labelledby, aria-owns.
12736 * Removed "presentation" restriction on the HTML role attribute in wikitext.
12737 All values are now allowed for the role attribute.
12738 * $wgContentHandlers now also supports callbacks to create an instance of the
12739 appropriate ContentHandler subclass.
12740 * Added $wgAuthenticationTokenVersion, which if non-null prevents the
12741 user_token database field from being exposed in cookies. Setting this would
12742 be a good idea, but will log out all current sessions.
12743 * $wgEventRelayerConfig was added, for managing PubSub event relay
12744 configuration, specifically for reliable CDN url purges.
12745 * Requests have unique IDs, equal to the UNIQUE_ID environment variable (when
12746 MediaWiki is behind Apache+mod_unique_id or something similar) or a randomly-
12747 generated 24-character string. This request ID is used to annotate log records
12748 and error messages. It is available client-side via
12749 mw.config.get( 'wgRequestId' ).
12750 The request ID supplants exception IDs. Accordingly,
12751 MWExceptionHandler::getLogId() is deprecated.
12752 * (T33313) Add a preference for watching uploads by default, also applies
12753 to API-based upload tools.
12754 * $wgJpegPixelFormat was added to override chroma subsampling for JPEG image
12755 thumbnails created via ImageMagick. Defaults to 'yuv420', providing bandwidth
12756 savings versus the previous behavior on many files.
12757 * MediaWiki\Auth infrastructure (called "AuthManager") allows for more flexible
12758 configuration of multiple authentication pieces that was possible with
12759 AuthPlugin. For example, it's now easy to plug in second-factor
12760 authentication, or add additional checks to the login process, or to support
12761 multiple login methods at once, or to support non-password-based login
12763 ** Providers are configured via the global setting $wgAuthManagerConfig.
12764 ** A global, $wgDisableAuthManager, is temporarily available to disable
12765 AuthManager until extensions are ready to support it.
12766 ** New hook, AuthChangeFormFields, to adjust the form fields on
12767 AuthManager-related special pages.
12768 ** New hook, AuthManagerLoginAuthenticateAudit, for additional logging of
12769 AuthManager-related authentication requests.
12770 ** New hook, ChangeAuthenticationDataAudit, for additional logging of
12771 AuthManager-related authentication data changes.
12772 ** New hook, SecuritySensitiveOperationStatus, to work with the new mechanism
12773 for requiring a recent login before taking security-sensitive operations
12774 like changing a password.
12775 ** Two new globals, $wgChangeCredentialsBlacklist and
12776 $wgRemoveCredentialsBlacklist can be used to prevent the web UI and the API
12777 changing certain authentication data.
12778 * The file upload dialog (available if you install WikiEditor or VisualEditor)
12779 can now be configured using $wgUploadDialog.
12781 === External library changes in 1.27 ===
12783 ==== Upgraded external libraries ====
12784 * Updated oojs/oojs-ui from v0.12.12 to v0.13.3.
12785 * Updated composer/semver from v1.0.0 to v1.2.0.
12786 * Updated liuggio/statsd-php-client to 1.0.18.
12787 * Updated QUnit from v1.18.0 to v1.22.0.
12789 ==== New external libraries ====
12790 * Added wikimedia/base-convert v1.0.1.
12791 * Added wikimedia/cldr-plural-rule-parser v1.0.0.
12792 * Added wikimedia/relpath v1.0.3.
12793 * Added wikimedia/running-stat v1.1.0.
12794 * Added wikimedia/php-session-serializer v1.0.3.
12796 ==== Removed and replaced external libraries ====
12798 === Bug fixes in 1.27 ===
12799 * Special:Upload will now display correct maximum allowed file size when running
12800 under HHVM (T116347).
12801 * (T54077) The APIEditBeforeSave hook will once again give only the content of
12802 the section being edited, rather than the whole revision. This reverts the
12803 change made in MediaWiki 1.22.
12805 === Action API changes in 1.27 ===
12806 * Added list=allrevisions.
12807 * generator=recentchanges now has the option to generate revids.
12808 * ApiPageSet::setRedirectMergePolicy() was added. This allows generator
12809 modules to define how generator data for a redirect source gets merged
12810 into the redirect destination.
12811 * prop=imageinfo&iiprop=uploadwarning will no longer include the possibility of
12812 "was-deleted" warning.
12813 * Added difftotextpst to query=revisions which preforms a pre-save transform on
12814 the text before diffing it.
12815 * Deprecated formats dbg, txt, and yaml have been removed.
12816 * (T47988) The protect log event details now use new-style formatting.
12817 * The following response properties from action=login are deprecated, and may
12818 be removed in the future: lgtoken, cookieprefix, sessionid. Clients should
12819 handle cookies to properly manage session state.
12820 * action=login transparently allows login using bot passwords. Clients should
12821 merely need to change the username and password used after setting up a bot
12823 * action=upload no longer understands statuskey, asyncdownload or leavemessage.
12824 * Several changes when $wgDisableAuthManager is false:
12825 ** action=login is deprecated for uses other than bot passwords.
12826 ** list=users can now indicate if a missing username is creatable.
12827 ** action=createaccount is changed in a non-backwards-compatible manner.
12828 ** Added action=query&meta=authmanagerinfo.
12829 ** Added action=clientlogin to be used to log into the main account instead of
12831 ** Added action=linkaccount.
12832 ** Added action=unlinkaccount.
12833 ** Added action=changeauthenticationdata.
12834 ** Added action=removeauthenticationdata.
12835 ** Added action=resetpassword.
12837 === Action API internal changes in 1.27 ===
12838 * ApiQueryORM removed.
12839 * The following classes have been removed:
12843 * ApiBase::addTokenProperties() was removed (deprecated since 1.24).
12844 * ApiBase::getFinalPossibleErrors() was removed (deprecated since 1.24).
12845 * ApiBase::getFinalResultProperties() was removed (deprecated since 1.24).
12846 * ApiBase::getRequireAtLeastOneParameterErrorMessages() was removed (deprecated
12848 * ApiBase::getPossibleErrors() was removed (deprecated since 1.24).
12849 * ApiBase::getRequireMaxOneParameterErrorMessages() was removed (deprecated
12851 * ApiBase::getRequireOnlyOneParameterErrorMessages() was removed (deprecated
12853 * ApiBase::getResultProperties() was removed (deprecated since 1.24).
12854 * ApiBase::getTitleOrPageIdErrorMessage() was removed (deprecated since 1.24).
12855 * ApiBase::parseErrors() was removed (deprecated since 1.24).
12856 * ApiQueryBase::titleToKey(), ApiQueryBase::keyToTitle() and
12857 ApiQueryBase::keyPartToTitle() all removed (deprecated since 1.24).
12858 * ApiQueryBase::checkRowCount() was removed (deprecated since 1.24).
12859 * ApiQueryBase::getDirectionDescription() was removed (deprecated since 1.25).
12860 * ApiQuery::getGenerators() was removed (deprecated since 1.21).
12861 * ApiQuery::getModules() was removed (deprecated since 1.21).
12862 * ApiQuery::getModuleType() was removed (deprecated since 1.21).
12863 * ApiQuery::setGeneratorContinue() was removed (deprecated since 1.24).
12864 * ApiMain::getModules() was removed (deprecated since 1.21).
12865 * ApiBase::getVersion() was removed (deprecated since 1.21).
12866 * ApiMain::getShowVersions() was removed (deprecated in 1.21).
12867 * ApiMain::addModule() was removed (deprecated in 1.21).
12868 * ApiMain::addFormat() was removed (deprecated in 1.21).
12869 * ApiMain::getFormats() was removed (deprecated in 1.21).
12870 * ApiPageSet::finishPageSetGeneration() was removed (deprecated in 1.21).
12871 * ApiCreateAccount was removed.
12873 === Languages updated in 1.27 ===
12875 MediaWiki supports over 350 languages. Many localisations are updated
12876 regularly. Below only new and removed languages are listed, as well as
12877 changes to languages because of Phabricator reports.
12879 * (T113688) Change default numerals from Gurmukhi to Arabic for Punjabi locale.
12880 * (T116020) Aliases of magic words in MessagesXx.php are sorted by usage.
12882 === Other changes in 1.27 ===
12883 * Added dependency injection (DI) infrastructure, see docs/injection.txt for
12885 It is planned to incrementally move MediaWiki code towards using DI, using the
12886 service locator (SL) pattern as a stepping stone.
12887 * ProfilerOutputUdp was removed. Note that there is a ProfilerOutputStats class.
12888 * WikiPage::doDeleteArticleReal() and WikiPage::doDeleteArticle() now
12889 ignore the 2nd and 3rd arguments (formerly $id and $commit).
12890 * Removed "loaderScripts" option from ResourceLoaderFileModule class.
12891 * Removed ORM-like wrapper added in 1.20.
12892 * LinkCache::getGoodLinks and LinkCache::getBadLinks were removed
12893 (deprecated in 1.26).
12894 * WikiPage::doQuickEdit() was removed (deprecated since 1.21).
12895 * Removed SiteObject and SiteArray classes (deprecated in 1.21).
12896 * MessageBlobStore::getInstance() was removed (deprecated since 1.25).
12897 * (T84937) Free external links ("autolinked" urls) will now be terminated
12898 by and HTML entity encodings of  , <, and >.
12899 * (T36948) The default file revert message's timestamp is now in
12900 $wgLocaltimezone, instead of UTC.
12901 * The default name of the 'suppress' group page has been changed from
12902 'Project:Oversight' to 'Project:Suppress'.
12903 * DatabaseBase::resultObject() is now protected (use outside Database classes
12904 not necessary since 1.11).
12905 * Calling ResourceLoaderFileModule::readStyleFiles() without a
12906 ResourceLoaderContext instance is deprecated.
12907 * ResourceLoader::getLessCompiler() now takes an optional parameter of
12908 additional LESS variables to set for the compiler.
12909 * wfBaseConvert() marked as deprecated, use Wikimedia\base_convert() directly
12911 * Obsolete maintenance scripts clearCacheStats.php and showCacheStats.php
12912 were removed. The underlying data is sent to StatsD (see $wgStatsdServer).
12913 * Removed msg_resource_links database table and associated code.
12914 * Removed msg_resource database table and associated code.
12915 * Skin::getNamespaceNotice() was removed.
12916 * wfIsConfiguredProxy() was removed (deprecated since 1.24).
12917 * wfDebugTimer() was removed (deprecated since 1.25).
12918 * wfIsTrustedProxy() was removed (deprecated since 1.24).
12919 * wfGetIP() was removed (deprecated since 1.19).
12920 * MWHookException was removed.
12921 * OutputPage::appendSubtitle() was removed (deprecated since 1.19).
12922 * OutputPage::loginToUse() was removed (deprecated since 1.19).
12923 * Article::loadContent() was removed (deprecated since 1.19).
12924 * User::editToken() was removed (deprecated since 1.19).
12925 * Removed --force-normal option of dumpBackup.php, as it no longer served
12926 any useful purpose since 1.22.
12927 * The functions processOption() and processArgs() on the BackupDumper and
12928 TextPassDumper classes have been removed.
12929 * The maintenance/backupTextPass.inc file was deleted. You should include
12930 maintenance/dumpTextPass.php instead.
12931 * WikiPage::getUsedTemplates() was removed (deprecated since 1.19).
12932 * wfEmptyMsg() was removed (deprecated since 1.18).
12933 * OutputPage::permissionRequired() was removed (deprecated since 1.18).
12934 * OutputPage::blockedPage() was removed (deprecated since 1.18).
12935 * User::getSkin() was removed (deprecated since 1.18).
12936 * OutputPage::includeJQuery() was removed (deprecated since 1.17).
12937 * WikiPage::updateRestrictions() was removed (deprecated since 1.19).
12938 * WikiPage::testPreSaveTransform() was removed (deprecated since 1.19).
12939 * LogPage::logName() was removed (deprecated since 1.19).
12940 * LogPage::logHeader() was removed (deprecated since 1.19).
12941 * wfCheckLimits() was removed (deprecated since 1.24).
12942 * Linker::makeKnownLinkObj() was removed (deprecated since 1.16).
12943 * Linker::makeLinkObj() was removed (deprecated since 1.16).
12944 * wfMsgForContentNoTrans() was removed (deprecated since 1.18).
12945 * ChangesList::usePatrol was removed (deprecated since 1.22).
12946 * wfMsgNoTrans() was removed (deprecated since 1.18).
12947 * Linker::makeImageLink2 was removed (deprecated since 1.20).
12948 * Title::userIsWatching() was removed (deprecated since 1.20).
12949 * Removed WaitForSlave maintenance script; use SELECT MASTER_POS_WAIT()
12950 database function directly instead.
12951 * wfMsg() was removed (deprecated since 1.18).
12952 * wfMsgForContent() was removed (deprecated since 1.18).
12953 * wfMsgReal() was removed (deprecated since 1.18).
12954 * wfMsgGetKey() was removed (deprecated since 1.18).
12955 * wfMsgHtml() was removed (deprecated since 1.18).
12956 * wfMsgWikiHtml() was removed (deprecated since 1.18).
12957 * wfMsgExt() was removed (deprecated since 1.18).
12958 * Language::armourMath() was removed (deprecated since 1.22).
12959 * LanguageConverter::armourMath() was removed (deprecated since 1.22).
12960 * FakeConverter::armourMath() was removed (deprecated since 1.22).
12961 * The unused jquery.validate ResourceLoader module was removed.
12962 * FileRepo::getRootUrl() was removed (deprecated since 1.20).
12963 * User::generateToken() was removed (deprecated since 1.20).
12964 * WikiPage::getRawText() was removed (deprecated since 1.21).
12965 * ParserOutput::hasCustomDataUpdates() was removed (deprecated since 1.25).
12966 * ParserOutput::addSecondaryDataUpdate() was removed (deprecated since 1.25).
12967 * ParserOutput::getSecondaryDataUpdates() was removed (deprecated since 1.25).
12968 * Gallery images with multiple caption pipes no longer concatenate them all
12969 together but instead pick the final one, similar to image syntax.
12970 * XML-like parser tags (such as <gallery>), when unclosed, will be left unparsed
12971 rather than consume everything until the end of the page.
12972 * New maintenance script resetUserEmail.php allows sysadmins to reset user
12973 emails in case a user forgot password/account was stolen.
12974 * wfCheckEntropy() was removed (deprecated in 1.27).
12975 * Browser support for Internet Explorer 8 lowered from Grade A to Grade C.
12976 * ContentHandler::supportsCategories method added. Default is true.
12977 CategoryMembershipChangeJob updates are skipped for content that
12978 does not support categories.
12979 * wikidiff difference engine is no longer supported, anyone still using it are
12980 encouraged to upgrade to wikidiff2 which is actively maintained and has better
12981 package availability.
12982 * Database logic was removed from WatchedItem and a WatchedItemStore was
12984 ** WatchedItem::IGNORE_USER_RIGHTS and WatchedItem::CHECK_USER_RIGHTS were
12985 deprecated. User::IGNORE_USER_RIGHTS and User::CHECK_USER_RIGHTS were
12987 ** WatchedItem::fromUserTitle was deprecated in favour of the constructor.
12988 ** WatchedItem::resetNotificationTimestamp was deprecated.
12989 ** WatchedItem::batchAddWatch was deprecated.
12990 ** WatchedItem::addWatch was deprecated.
12991 ** WatchedItem::removeWatch was deprecated.
12992 ** WatchedItem::isWatched was deprecated.
12993 ** WatchedItem::duplicateEntries was deprecated.
12994 ** EmailNotification::updateWatchlistTimestamp was deprecated.
12995 ** User::getWatchedItem was removed.
12996 * Unit tests don't work with external PHPUnit anymore, Composer is now the only
12997 supported way. Run `composer install` to install it and other dev dependencies
12999 * wl_id field added to the watchlist table.
13000 * Revision::getRawText() was removed (deprecated since 1.21).
13001 * WikiPage::replaceSection() was removed (deprecated since 1.21).
13002 * Article::replaceSection() was removed (deprecated since 1.21).
13003 * Language::getLangObj() was removed (deprecated since 1.24).
13004 * Language::getLanguageName() was removed (deprecated since 1.20).
13005 * Language::getLanguageNames() was removed (deprecated since 1.20).
13006 * Language::getTranslatedLanguageNames() was removed (deprecated since 1.20).
13007 * Language::specialPage() was removed (deprecated since 1.24).
13008 * MediaWikiTestCase::assertException() was removed (deprecated since 1.22).
13009 * OutputPage::getHeadItems() was removed (deprecated since 1.24).
13010 * OutputPage::getScript() was removed (deprecated since 1.24).
13011 * OutputPage::out() was removed (deprecated since 1.22).
13012 * OutputPage::setAllowedModules() was removed (deprecated since 1.24).
13013 * UserrightsPage::makeGroupNameListForLog() was removed (deprecated since 1.21).
13014 * MediaWikiSite::newFromGlobalId() was removed (deprecated since 1.21).
13015 * Title::newFromRedirect() was removed (deprecated since 1.21).
13016 * Skin::commonPrintStylesheet() was removed (deprecated since 1.22).
13017 * Skin::getCommonStylePath() was removed (deprecated since 1.24).
13018 * Skin::newFromKey() was removed (deprecated since 1.24).
13019 * Skin::getUsableSkins() was removed (deprecated since 1.23).
13020 * LoadBalancer::pickRandom() was removed (deprecated in 1.21).
13021 * Article::getUndoText() and WikiPage::getUndoText were removed (deprecated
13023 * DifferenceEngine::setText() was removed (deprecated in 1.21).
13024 * Title::newFromRedirectArray() was removed (deprecated in 1.21).
13025 * UserMailer::send() no longer accepts $replyto as the 5th argument and
13026 $contentType as the 6th. These must be passed in the options array now.
13027 * Title::newFromRedirectRecurse() was removed (deprecated in 1.21).
13028 * Skin::accesskey was removed (deprecated since 1.21).
13029 * Skin::blockLink was removed (deprecated since 1.21).
13030 * Skin::buildRollbackLink was removed (deprecated since 1.21).
13031 * Skin::emailLink was removed (deprecated since 1.21).
13032 * Skin::formatComment was removed (deprecated since 1.21).
13033 * Skin::formatHiddenCategories was removed (deprecated since 1.21).
13034 * Skin::formatLinksInComment was removed (deprecated since 1.21).
13035 * Skin::formatRevisionSize was removed (deprecated since 1.21).
13036 * Skin::formatSize was removed (deprecated since 1.21).
13037 * Skin::formatTemplates was removed (deprecated since 1.21).
13038 * Skin::generateTOC was removed (deprecated since 1.21).
13039 * Skin::getInternalLinkAttributes was removed (deprecated since 1.21).
13040 * Skin::getInternalLinkAttributesObj was removed (deprecated since 1.21).
13041 * Skin::getInterwikiLinkAttributes was removed (deprecated since 1.21).
13042 * Skin::getInvalidTitleDescription was removed (deprecated since 1.21).
13043 * Skin::getLinkColour was removed (deprecated since 1.21).
13044 * Skin::getRevDeleteLink was removed (deprecated since 1.21).
13045 * Skin::getRollbackEditCount was removed (deprecated since 1.21).
13046 * Skin::makeBrokenImageLinkObj was removed (deprecated since 1.21).
13047 * Skin::makeCommentLink was removed (deprecated since 1.21).
13048 * Skin::makeExternalImage was removed (deprecated since 1.21).
13049 * Skin::makeExternalLink was removed (deprecated since 1.21).
13050 * Skin::makeHeadline was removed (deprecated since 1.21).
13051 * Skin::makeImageLink was removed (deprecated since 1.21).
13052 * Skin::makeMediaLinkFile was removed (deprecated since 1.21).
13053 * Skin::makeMediaLinkObj was removed (deprecated since 1.21).
13054 * Skin::makeSelfLinkObj was removed (deprecated since 1.21).
13055 * Skin::makeThumbLink2 was removed (deprecated since 1.21).
13056 * Skin::makeThumbLinkObj was removed (deprecated since 1.21).
13057 * Skin::normaliseSpecialPage was removed (deprecated since 1.21).
13058 * Skin::normalizeSubpageLink was removed (deprecated since 1.21).
13059 * Skin::processResponsiveImages was removed (deprecated since 1.21).
13060 * Skin::revComment was removed (deprecated since 1.21).
13061 * Skin::revDeleteLink was removed (deprecated since 1.21).
13062 * Skin::revDeleteLinkDisabled was removed (deprecated since 1.21).
13063 * Skin::revUserLink was removed (deprecated since 1.21).
13064 * Skin::revUserTools was removed (deprecated since 1.21).
13065 * Skin::specialLink was removed (deprecated since 1.21).
13066 * Skin::splitTrail was removed (deprecated since 1.21).
13067 * Skin::titleAttrib was removed (deprecated since 1.21).
13068 * Skin::tocIndent was removed (deprecated since 1.21).
13069 * Skin::tocLine was removed (deprecated since 1.21).
13070 * Skin::tocLineEnd was removed (deprecated since 1.21).
13071 * Skin::tocList was removed (deprecated since 1.21).
13072 * Skin::tocUnindent was removed (deprecated since 1.21).
13073 * Skin::tooltip was removed (deprecated since 1.21).
13074 * Skin::tooltipAndAccesskeyAttribs was removed (deprecated since 1.21).
13075 * Skin::userTalkLink was removed (deprecated since 1.21).
13076 * Skin::userToolLinksRedContribs was removed (deprecated since 1.21).
13077 * wikidiff3 is now the default and only PHP diff engine. It provides improved
13078 diff performance on complex changes. $wgExternalDiffEngine = 'wikidiff3'
13079 therefore makes no difference now. Users are still recommended to use
13080 wikidiff2 if possible, though.
13081 * User::addNewUserLogEntry() was deprecated.
13082 * User::addNewUserLogEntryAutoCreate() was deprecated.
13083 * User::isPasswordReminderThrottled() was deprecated.
13084 * Bot-oriented parameters to Special:UserLogin (wpCookieCheck,
13085 wpSkipCookieCheck) were removed.
13086 * Installer can now be customized without patching MediaWiki code, see
13087 mw-config/overrides/README for details.
13089 === Compatibility ===
13091 MediaWiki 1.27 requires PHP 5.5.9 or later. There is experimental support for
13092 HHVM 3.6.5 or later.
13094 MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but
13095 support for them is somewhat less mature. There is experimental support for
13096 Oracle and Microsoft SQL Server.
13098 The supported versions are:
13100 * MySQL 5.0.3 or later
13101 * PostgreSQL 8.3 or later
13102 * SQLite 3.3.7 or later
13103 * Oracle 9.0.1 or later
13104 * Microsoft SQL Server 2005 (9.00.1399)
13108 1.27 has several database changes since 1.26, and will not work without schema
13109 updates. Note that due to changes to some very large tables like the revision
13110 table, the schema update may take quite long (minutes on a medium sized site,
13111 many hours on a large site).
13113 If upgrading from before 1.11, and you are using a wiki as a commons
13114 repository, make sure that it is updated as well. Otherwise, errors may arise
13115 due to database schema changes.
13117 If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
13118 new database fields are filled with data.
13120 If you are upgrading from MediaWiki 1.4.x or earlier, you should upgrade to
13121 1.5 first. The upgrade script maintenance/upgrade1_5.php has been removed
13122 with MediaWiki 1.21.
13124 Don't forget to always back up your database before upgrading!
13126 See the file UPGRADE for more detailed upgrade instructions.
13128 For notes on 1.26.x and older releases, see HISTORY.
13133 == MediaWiki 1.26.4 ==
13135 This is a maintenance release of the MediaWiki 1.26 branch.
13137 === Changes since 1.26.3 ===
13138 * BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests
13139 made by MediaWiki via a proxy. Relying on the http_proxy environment
13140 variable is no longer supported.
13141 * (T124163) Fixed fatal error in DifferenceEngine under HHVM.
13142 * (T139565) SECURITY: API: Generate head items in the context of the given title
13143 * (T137264) SECURITY: XSS in unclosed internal links
13144 * (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks
13145 * (T133147) SECURITY: Require login to preview user CSS pages
13146 * (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is
13148 * (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
13150 * (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true
13151 * (T115333) SECURITY: Check read permission when loading page content in
13153 * Remove support for $wgWellFormedXml = false, all output is now well formed
13155 == MediaWiki 1.26.3 ==
13157 This is a maintenance release of the MediaWiki 1.26 branch.
13159 === Changes since 1.26.2 ===
13160 * (T116266) Fixed undefined property notices in DairikiDiff under HHVM.
13161 * (T123166) Fix fatal error when importing pages to titles which cannot be
13162 created, such as invalid titles or titles the user is not allowed to edit.
13163 * (T122056) Old tokens are remaining valid within a new session
13164 * (T127114) Login throttle can be tricked using non-canonicalized usernames
13165 * (T123653) Cross-domain policy regexp is too narrow
13166 * (T123071) Incorrectly identifying http link in a's href attributes, due to
13167 m modifier in regex
13168 * (T129506) MediaWiki:Gadget-popups.js isn't renderable
13169 * (T125283) Users occasionally logged in as different users after
13170 SessionManager deployment
13171 * (T103239) Patrol allows click catching and patrolling of any page
13172 * (T122807) [tracking] Check php crypto primatives
13173 * (T98313) Graphs can leak tokens, leading to CSRF
13174 * (T130947) Diff generation should use PoolCounter
13175 * (T133507) Careless use of $wgExternalLinkTarget is insecure
13176 * (T132874) API action=move is not rate limited
13177 * (T110143) strip markers can be used to get around html attribute escaping in
13178 (many?) parser tags
13179 * (T116030) Increase pbkdf2 parameter strengths
13180 * (T127420) Pbkdf2Password does not check if hash_pbkdf2() succeeded
13181 * (T126685) Globally throttle password attempts
13183 == MediaWiki 1.26.2 ==
13185 This is a maintenance release of the MediaWiki 1.26 branch.
13187 === Changes since 1.26.1 ===
13188 * (T121892) Fix fatal error on some Special pages, introduced in 1.26.1.
13190 == MediaWiki 1.26.1 ==
13192 This is a maintenance release of the MediaWiki 1.26 branch.
13194 === Changes since 1.26.0 ===
13195 * (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths
13196 that do not begin with a slash. This enabled trivial XSS attacks.
13197 Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are
13198 "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an
13200 * (T119309) SECURITY: Use hash_compare() for edit token comparison
13201 * (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting
13202 with '@' as file uploads
13203 * (T115522) SECURITY: Passwords generated by User::randomPassword() can no
13204 longer be shorter than $wgMinimalPasswordLength
13205 * (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could
13206 result in improper blocks being issued
13207 * (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions
13208 and related pages no longer use HTTP redirects and are now redirected by
13210 * Fixed ConfigException in ExpandTemplates due to AlwaysUseTidy.
13211 * Fixed stray literal \n in Special:Search.
13212 * Fix issue that breaks HHVM Repo Authorative mode.
13213 * (T120267) Work around APCu memory corruption bug
13215 == MediaWiki 1.26.0 ==
13217 === Configuration changes in 1.26 ===
13218 * $wgPasswordResetRoutes['email'] = true by default.
13219 * $wgEnableParserCache was deprecated, set $wgParserCacheType to CACHE_NONE
13220 instead if you want to disable the parser cache.
13221 * New-style continuation is now the default for API action=continue. Clients may
13222 use the 'rawcontinue' parameter to receive raw query-continue data, but the
13223 new style is encouraged as it's harder to implement incorrectly.
13224 * Deprecated API formats dump and wddx have been completely removed.
13225 * (T7645) The "Signature" button on the edit toolbar is now hidden by default
13226 in non-talk namespaces. A new configuration variable,
13227 $wgExtraSignatureNamespaces, controls in which subject (non-talk) namespaces
13228 the "Signature" button on the edit toolbar will be displayed.
13229 * $wgResourceLoaderUseESI was deprecated and removed. This was an experimental
13230 feature that was never enabled by default.
13231 * $wgResourceLoaderExperimentalAsyncLoading was deprecated and removed.
13232 This experimental feature was never enabled by default and is obsolete as of
13233 MediaWiki 1.26, in where ResourceLoader became fully asynchronous.
13234 * $wgMasterWaitTimeout was removed (deprecated in 1.24).
13235 * Fields in ParserOptions are now private. Use the accessors instead.
13236 * Custom LESS functions (defined via $wgResourceLoaderLESSFunctions or
13237 in extension.json) have been removed, after being deprecated in 1.24.
13238 * $wgAlwaysUseTidy has been removed.
13239 * ResetSessionID hook has been removed. Nothing seems to use it.
13240 * Certain AuthPlugin methods are deprecated in favor of new hooks:
13241 ** AuthPlugin::initUser() is replaced by LocalUserCreated.
13242 ** AuthPlugin::updateUser() is replaced by UserLoggedIn.
13243 ** AuthPlugin::updateExternalDB() is replaced by the existing UserSaveSettings.
13244 ** AuthPlugin::updateExternalDBGroups() is replaced by UserGroupsChanged.
13245 ** AuthPluginUser::isHidden() is replaced by UserIsHidden.
13246 ** AuthPluginUser::isLocked() is replaced by UserIsLocked.
13247 * The UserRights hook is deprecated in favor of the new UserGroupsChanged hook.
13248 * AuthPlugin::initUser() and AuthPlugin::updateUser() should no longer replace
13249 the passed User object.
13250 * $wgBlockAllowsUTEdit is now set to true by default. This allows
13251 blocked users to edit their talk pages unless explicitly disabled
13252 when they are being blocked.
13254 === New features in 1.26 ===
13255 * (T51506) Now action=info gives estimates of actual watchers for a page.
13256 See $wgRCMaxAge, $wgWatchersMaxAge and $wgUnwatchedPageSecret
13257 to learn how to configure if needed.
13258 * Change tags can now be hidden in the interface by disabling the associated
13259 "tag-<id>" interface message.
13260 * ':' (colon) is now invalid in usernames for new accounts. Existing accounts
13262 * Added a new hook, 'LogException', to log exceptions in nonstandard ways.
13263 * Revive the 'SpecialSearchResultsAppend' hook which occurs after the list of
13264 search results are rendered. The initial use case is to append a "give us
13265 feedback" link beneath the search results.
13266 * Added a new hook, 'RejectParserCacheValue', which allows extensions to
13267 reject an otherwise-successful parser cache lookup. The intent is to allow
13268 extensions to manage the eviction of archaic HTML output from the cache.
13269 * (T68699) The expiration of the UserID and Token login cookies
13270 ($wgExtendedLoginCookieExpiration) can be configured independently of the
13271 expiration of all other cookies ($wgCookieExpiration).
13272 * (T50519) Support for generating JPEG/PNG thumbnails from WebP images added
13273 if ImageMagick is used as image scaler ($wgUseImageMagick = true). Uploading
13274 of WebP images still disabled by default. Add $wgFileExtensions[] =
13275 'webp'; to LocalSettings.php to enable uploading of WebP images.
13276 * Added new hooks 'EnhancedChangesListModifyLineData' &
13277 'EnhancedChangesListModifyBlockLineData', to modify the data used to build
13278 lines in enhanced recentchanges and watchlist.
13279 * Caches that need purging ability now use the WANObjectCache interface.
13280 This corresponds to a new $wgMainWANCache setting, which defaults to using
13281 the $wgMainCacheType settings.
13282 * Callers needing fast light-weight data stores use $wgMainStash to select
13283 the store type from $wgObjectCaches. The default is the local database.
13284 * Interface message overrides in the MediaWiki namespace will now be cached in
13285 memcached and APC (if available), rather than memcached and local files.
13286 * Added a new hook, 'RandomPageQuery', to allow modification of the query used
13287 by Special:Random to select random pages.
13288 * $wgTransactionalTimeLimit was added, which controls the request time limit
13289 for potentially slow POST requests that need to be as atomic as possible.
13290 * ResourceLoader now loads all scripts asynchronously. The top-queue and
13291 startup modules are no longer synchronously loaded.
13292 * 'mediawiki.ui.button' styles are no longer unconditionally loaded on every
13293 page. During the deprecation period, the styles will only be loaded on pages
13294 which contain 'mw-ui-button' in their HTML. Starting in 1.28, the styles will
13295 only be loaded if explicitly required.
13296 * If search returns zero results and current search engine has a "did you mean"
13297 suggestion, results for suggestion will be shown. Can be disabled by setting
13298 $wgSearchRunSuggestedQuery to false.
13299 * Added several JavaScript libraries for uploading files to MediaWiki
13300 from the client-side. See documentation for mw.Upload and its
13301 subclasses for more information.
13302 * Added OOUI dialogs and layout for file upload interfaces. See
13303 documentation for mw.Upload.Dialog, mw.Upload.BookletLayout and its
13304 subclasses for more information.
13306 === extension.json changes in 1.26 ===
13307 * (T99344) The extension.json schema is now versioned. All extensions
13308 and skins should set a "manifest_version" property corresponding to
13309 the schema version they were written for. The only supported version
13311 * (T102523) The error message if a non-array attribute is set was improved.
13312 * (T107646) Configuration settings can now specify how they should be merged,
13313 which is necessary for arrays using integer keys.
13314 * (T110389) Adding namespaces through extension.json now actually works
13315 * $wgNamespaceProtection can now be set in extension.json.
13316 * $wgCapitalLinkOverrides can now be set in extension.json.
13317 * (T97186) Extensions using a custom prefix for their configuration settings
13318 can now set a "_prefix" key to override the default of "wg".
13319 * (T99084) Extensions can now specify what MediaWiki core versions they
13321 * (T105236) The extension.json schema now validates custom classes in
13322 the "ResourceModules" property properly.
13324 === External library changes in 1.26 ===
13325 ==== Upgraded external libraries ====
13326 * Updated es5-shim from v4.0.0 to v4.1.5.
13327 * Updated json2 from revision 2014-02-04 to 2015-05-03.
13328 * Updated Sinon.JS from 1.10.3 to 1.15.4.
13329 * Updated jQuery Client from v1.0.0 to v2.0.0.
13330 * Updated QUnit from v1.17.1 to v1.18.0.
13331 * Updated liuggio/statsd-php-client from v1.0.12 to v1.0.16.
13332 * Updated oojs/oojs-ui from v0.11.3 to v0.12.12.
13333 * Updated wikimedia/cdb from v1.0.1 to v1.3.0.
13334 * Updated wikimedia/utfnormal from v1.0.2 to v1.0.3.
13335 * Updated wikimedia/composer-merge-plugin from v1.0.0 to v1.3.0.
13336 * Updated zordius/lightncandy from v0.18 to v0.21.
13338 ==== New external libraries ====
13339 * Added composer/semver v1.0.0.
13340 * Added mediawiki/at-ease v1.1.0.
13341 * Added wikimedia/assert v0.2.2.
13342 * Added wikimedia/ip-set v1.0.1.
13343 * Added wikimedia/wrappedstring v2.0.0.
13345 ==== Removed and replaced external libraries ====
13346 * Replaced leafo/lessphp v0.5.0 with oyejorge/less.php v1.7.0.9.
13348 === Bug fixes in 1.26 ===
13349 * (T53283) load.php sometimes sends 304 response without full headers
13350 * (T65198) Talk page tabs now have a "rel=discussion" attribute
13351 * (T98841) {{msgnw:}} now preserves comments even when subst: is not used.
13352 * (T104142) $wgEmergencyContact and $wgPasswordSender now use their default
13353 value if set to an empty string.
13355 === Action API changes in 1.26 ===
13356 * New-style continuation is now the default for action=continue. Clients may
13357 use the 'rawcontinue' parameter to receive raw query-continue data, but the
13358 new style is encouraged as it's harder to implement incorrectly.
13359 * Deprecated API formats dump and wddx have been completely removed.
13360 * API action=query&list=tags: The displayname can now be boolean false if the
13361 tag is meant to be hidden from user interfaces.
13362 * action=import no longer allows both the namespace= and rootpage= parameters
13363 to be set. If they are both set, the value of rootpage= will be ignored.
13364 * prop=revision output in enum mode is now sorted by timestamp rather than
13365 revision ID. This usually won't make any difference.
13366 * (T102645) Namespace list from meta=siteinfo&siprop=namespaces is now an array
13367 with formatversion=2.
13368 * Various other output from meta=siteinfo will now always be arrays instead of
13369 sometimes being numerically-indexed objects with formatversion=2.
13370 * When errors about users being blocked are returned, they now include
13371 information about the relevant block.
13372 * (T99926) list=random has higher limits, in line with other API modules.
13373 * list=random's rnredirect parameter is deprecated in favor of a new
13374 rnfilterredir parameter that also allows for listing both redirects and
13376 * list=random now supports continuation.
13377 * API responses to GET requests may now include ETag and Last-Modified headers,
13378 and will honor corresponding If-None-Match and If-Modified-Since on such
13381 === Action API internal changes in 1.26 ===
13382 * New metadata item ApiResult::META_KVP_MERGE to allow for merging the KVP key
13383 into the value when the value is an assoc.
13384 * API action modules may now provide values for the RFC 7232 ETag and
13385 Last-Modified headers. The API will check these against If-None-Match and
13386 If-Modified-Since request headers on GET requests and avoid executing the
13387 module when appropriate.
13389 === Languages updated in 1.26 ===
13391 MediaWiki supports over 350 languages. Many localisations are updated
13392 regularly. Below only new and removed languages are listed, as well as
13393 changes to languages because of Phabricator reports.
13396 ** ase (American sign language), thanks to translator Icemandeaf
13397 ** dty (डोटेली/Doteli), thanks to translators जनक राज भट्ट, बिप्लब आनन्द,
13398 मेश सिंह बोहरा, and राम प्रसाद जोशी
13399 ** luz (لئری دوٙمینی / Southern Luri)
13400 ** olo (Livvinкarjala / Livvi-Karelian), thanks to translators Denö, Hiloin
13401 Natoi, Ilja.mos, and Mashoi7
13403 === Other changes in 1.26 ===
13404 * ChangeTags::tagDescription() will return false if the interface message
13405 for the tag is disabled.
13406 * Added PageHistoryPager::doBatchLookups hook.
13407 * Added $wikiId parameter to FormatAutocomments hook.
13408 * Added ParserCacheSaveComplete to ParserCache
13409 * supportsDirectEditing and supportsDirectApiEditing methods added to
13410 ContentHandler, to provide a way for ApiEditPage and EditPage to check
13411 if direct editing of content is allowed. These methods return false,
13412 by default for the ContentHandler base class and true for TextContentHandler
13413 and it's derivative classes (everything in core). For Content types that
13414 do not support direct editing, an alternative mechanism should be provided
13415 for editing, such as action overrides or specific api modules.
13416 * mediaWiki.confirmCloseWindow now returns an object of functions, instead of
13417 one function. The callback can't be called directly any more. The callback
13418 function is replaced with confirmCloseWindow.release().
13419 * BREAKING CHANGE: Added an optional ResouceLoaderContext parameter to
13420 ResourceLoaderModule::getDependencies(). Extension classes that override that
13421 method should be updated. If they aren't updated, PHP Strict standards
13422 warnings will appear when E_STRICT error reporting is enabled. Note: in the
13423 near future, this parameter will probably become non-optional.
13424 * Removed maintenance script deleteImageMemcached.php.
13425 * MWFunction::newObj() was removed (deprecated in 1.25).
13426 ObjectFactory::getObjectFromSpec() should be used instead.
13427 * The parser will no longer randomize the string it uses to mark the place of
13428 items that were stripped during parsing. It will use a fixed string instead.
13429 This causes the parser to re-use the regular expressions it uses to search
13430 and replace markers rather than generate novel expressions on each parse.
13431 Re-using regular expressions will improve performance on HHVM and the
13432 forthcoming PHP 7. The interfaces changes accompanying this change are:
13433 - Parser::getRandomString() and Parser::uniqPrefix() have been deprecated.
13434 - The $uniq_prefix argument for Parser::extractTagsAndParams() and the
13435 $prefix argument for StripState::_construct() are deprecated and their
13437 * wfSuppressWarnings() and wfRestoreWarnings() were split into a separate
13438 library, mediawiki/at-ease, and are now deprecated. Callers should use
13439 MediaWiki\suppressWarnings() and MediaWiki\restoreWarnings() directly.
13440 * The Block class constructor now takes an associative array of parameters
13441 instead of many optional positional arguments. Calling the constructor the old
13442 way will issue a deprecation warning.
13443 * The jquery.mwExtension module was deprecated.
13444 * $wgSpecialPageGroups was removed (deprecated in 1.21).
13445 * SpecialPageFactory::setGroup was removed (deprecated in 1.21).
13446 * SpecialPageFactory::getGroup was removed (deprecated in 1.21).
13447 * DatabaseBase::ignoreErrors() is now protected.
13448 * BREAKING CHANGE: mediawiki.legacy.ajax has been removed, following
13449 a lengthy deprecation period.
13450 * The ScopedPHPTimeout class was removed.
13451 * Removed maintenance script fixSlaveDesync.php.
13452 * Watchlist tokens, SpecialResetTokens, and User::getTokenFromOption()
13453 are deprecated. Applications using those can work via the OAuth
13454 extension instead. New tokens types should not be added.
13455 * DatabaseBase::errorCount() was removed (unused).
13456 * $wgDeferredUpdateList was removed.
13457 * DeferredUpdates::addHTMLCacheUpdate() was removed.
13461 == MediaWiki 1.25.6 ==
13463 This is a maintenance release of the MediaWiki 1.25 branch.
13465 === Changes since 1.25.5 ===
13466 * (T123166) Fix fatal error when importing pages to titles which cannot be
13467 created, such as invalid titles or titles the user is not allowed to edit.
13468 * (T122056) Old tokens are remaining valid within a new session
13469 * (T127114) Login throttle can be tricked using non-canonicalized usernames
13470 * (T123653) Cross-domain policy regexp is too narrow
13471 * (T123071) Incorrectly identifying http link in a's href attributes, due to
13472 m modifier in regex
13473 * (T129506) MediaWiki:Gadget-popups.js isn't renderable
13474 * (T125283) Users occasionally logged in as different users after
13475 SessionManager deployment
13476 * (T103239) Patrol allows click catching and patrolling of any page
13477 * (T122807) [tracking] Check php crypto primatives
13478 * (T98313) Graphs can leak tokens, leading to CSRF
13479 * (T130947) Diff generation should use PoolCounter
13480 * (T133507) Careless use of $wgExternalLinkTarget is insecure
13481 * (T132874) API action=move is not rate limited
13482 * (T110143) strip markers can be used to get around html attribute escaping in
13483 (many?) parser tags
13484 * (T116030) Increase pbkdf2 parameter strengths
13485 * (T127420) Pbkdf2Password does not check if hash_pbkdf2() succeeded
13486 * (T126685) Globally throttle password attempts
13488 == MediaWiki 1.25.5 ==
13490 This is a maintenance release of the MediaWiki 1.25 branch.
13492 === Changes since 1.25.4 ===
13493 * (T121892) Fix fatal error on some Special pages, introduced in 1.25.4.
13495 == MediaWiki 1.25.4 ==
13497 This is a security and maintenance release of the MediaWiki 1.25 branch.
13499 === Changes since 1.25.3 ===
13500 * (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths
13501 that do not begin with a slash. This enabled trivial XSS attacks.
13502 Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are
13503 "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an
13505 * (T119309) SECURITY: Use hash_compare() for edit token comparison
13506 * (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting
13507 with '@' as file uploads
13508 * (T115522) SECURITY: Passwords generated by User::randomPassword() can no
13509 longer be shorter than $wgMinimalPasswordLength
13510 * (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could
13511 result in improper blocks being issued
13512 * (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions
13513 and related pages no longer use HTTP redirects and are now redirected by
13515 * (T103237) $wgUseGzip had no effect when using file cache.
13516 * (T114606) mw.notify was not correctly fixed to the page if
13517 initialized while not at the top of the page.
13518 * Fix issue that breaks HHVM Repo Authorative mode.
13520 == MediaWiki 1.25.3 ==
13522 This is a security and maintenance release of the MediaWiki 1.25 branch.
13524 === Changes since 1.25.2 ===
13526 * (T98975) Fix having multiple callbacks for a single hook.
13527 * (T107632) maintenance/refreshLinks.php did not always remove all links
13528 pointing to nonexistent pages.
13529 * (T104142) $wgEmergencyContact and $wgPasswordSender now use their default
13530 value if set to an empty string.
13531 * (T62174) Provide fallbacks for use of mb_convert_encoding() in
13532 HtmlFormatter. It was causing an error when accessing the api help page
13533 if the mbstring PHP extension was not installed.
13534 * (T105896) Confirmation emails would sometimes contain invalid codes.
13535 * (T105597) Fixed edit stash inclusion queries.
13536 * (T91850) SECURITY: Add throttle check in ApiUpload and SpecialUpload
13537 * (T91203, T91205) SECURITY: API: Improve validation in chunked uploading
13538 * (T95589) SECURITY: RevDel: Check all revisions for suppression, not just the
13540 * (T108616) SECURITY: Avoid exposure of local path in PNG thumbnails
13542 == MediaWiki 1.25.2 ==
13544 This is a security and maintenance release of the MediaWiki 1.25 branch.
13546 === Changes since 1.25.1 ===
13548 * (T94116) SECURITY: Compare API watchlist token in constant time
13549 * (T97391) SECURITY: Escape error message strings in thumb.php
13550 * (T106893) SECURITY: Don't leak autoblocked IP addresses on
13551 Special:DeletedContributions
13552 * (T102562) Fix InstantCommons parameters to handle the new HTTPS-only
13553 policy of Wikimedia Commons.
13554 * (T100767) Setting a configuration setting for skin or extension to
13555 false in LocalSettings.php was not working.
13556 * (T100635) API action=opensearch json output no longer breaks when
13557 $wgDebugToolbar is enabled.
13558 * (T102522) Using an extension.json or skin.json file which has
13559 a "manifest_version" property for 1.26 compatability will no longer
13561 * (T86156) Running updateSearchIndex.php will not throw an error as
13562 page_restrictions has been added to the locked table list.
13563 * Special:Version would throw notices if using SVN due to an incorrectly
13564 named variable. Add an additional check that an index is defined.
13566 == MediaWiki 1.25.1 ==
13568 This is a bug fix release of the MediaWiki 1.25 branch.
13570 === Changes since 1.25 ===
13571 * (T100351) Fix syntax errors in extension.json of ConfirmEdit extension
13573 == MediaWiki 1.25.0 ==
13575 === Configuration changes in 1.25 ===
13576 * $wgPageShowWatchingUsers was removed.
13577 * $wgLocalVirtualHosts has been added to replace $wgConf->localVHosts.
13578 * $wgAntiLockFlags was removed.
13579 * $wgJavaScriptTestConfig was removed.
13580 * Edit tokens returned from User::getEditToken may change on every call. Token
13581 validity must be checked by passing the user-supplied token to
13582 User::matchEditToken rather than by testing for equality with a
13583 newly-generated token.
13584 * (T74951) The UserGetLanguageObject hook may be passed any IContextSource
13585 for its $context parameter. Formerly it was documented as receiving a
13586 RequestContext specifically.
13587 * Profiling was restructured and $wgProfiler now requires an 'output' parameter.
13588 See StartProfiler.sample for details.
13589 * $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that
13590 might be a flash policy directive configurable.
13591 * ApiOpenSearch now supports XML output. The OpenSearchXml extension should no
13592 longer be used. If extracts and page images are desired, the TextExtracts and
13593 PageImages extensions are required.
13594 * $wgOpenSearchTemplate is deprecated in favor of $wgOpenSearchTemplates.
13595 * Edits are now prepared via AJAX as users type edit summaries. This behavior
13596 can be disabled via $wgAjaxEditStash.
13597 * (T46740) The temporary option $wgIncludejQueryMigrate was removed, along
13598 with the jQuery Migrate library, as indicated when this option was provided in
13600 * ProfilerStandard and ProfilerSimpleTrace were removed. Make sure that any
13601 StartProfiler.php config is updated to reflect this. Xhprof is available
13602 for zend/hhvm. Also, for hhvm, one can consider using its xenon profiler.
13603 * Default value of $wgSVGConverters['rsvg'] now uses the 'rsvg-convert' binary
13604 rather than 'rsvg'.
13605 * Default value of $wgSVGConverters['ImageMagick'] now uses transparent
13606 background with white fallback color, rather than just white background.
13607 * MediaWikiBagOStuff class removed, make sure any object cache config
13608 uses SqlBagOStuff instead.
13609 * The 'daemonized' flag must be set to true in $wgJobTypeConf for any redis
13610 job queues. This means that mediawiki/services/jobrunner service has to
13611 be installed and running for any such queues to work.
13612 * $wgAutopromoteOnce no longer supports the 'view' event. For keeping some
13613 compatibility, any 'view' event triggers will still trigger on 'edit'.
13614 * $wgExtensionDirectory was added for when your extensions directory is
13615 somewhere other than $IP/extensions (as $wgStyleDirectory does with the skins
13618 === New features in 1.25 ===
13619 * (T64861) Updated plural rules to CLDR 26. Includes incompatible changes
13620 for plural forms in Russian, Prussian, Tagalog, Manx and several languages
13621 that fall back to Russian.
13622 * (T60139) ResourceLoaderFileModule now supports language fallback
13623 for 'languageScripts'.
13624 * Added a new hook, "ContentAlterParserOutput", to allow extensions to modify
13625 the parser output for a content object before links update.
13626 * (T37785) Enhanced recent changes and extended watchlist are now default.
13627 Documentation: https://meta.wikimedia.org/wiki/Help:Enhanced_recent_changes
13628 and https://www.mediawiki.org/wiki/Manual:$wgDefaultUserOptions
13629 * (T69341) SVG images will no longer be base64-encoded when being embedded
13630 in CSS. This results in slight size increase before gzip compression (due to
13631 percent-encoding), but up to 20% decrease after it.
13632 * Update jStorage to v0.4.12.
13633 * MediaWiki now natively supports page status indicators: icons (or short text
13634 snippets) usually displayed in the top-right corner of the page. They have
13635 been in use on Wikipedia for a long time, implemented using templates and CSS
13636 absolute positioning.
13637 - Basic wikitext syntax:
13638 <indicator name="foo">[[File:Foo.svg|20px]]</indicator>
13639 - Usage instructions:
13640 https://www.mediawiki.org/wiki/Help:Page_status_indicators
13641 - Adjusting custom skins to support indicators:
13642 https://www.mediawiki.org/wiki/Manual:Skinning#Page_status_indicators
13643 * Edit tokens may now be time-limited: passing a maximum age to
13644 User::matchEditToken will reject any older tokens.
13645 * The debug logging internals have been overhauled, and are now using the
13647 * Update CSSJanus to v1.1.1.
13648 * Update lessphp to v0.5.0.
13649 * Added a hook, "ApiOpenSearchSuggest", to allow extensions to provide extracts
13650 and images for ApiOpenSearch output. The semantics are identical to the
13651 "OpenSearchXml" hook provided by the OpenSearchXml extension.
13652 * PrefixSearchBackend hook now has an $offset parameter. Combined with $limit,
13653 this allows for pagination of prefix results. Extensions using this hook
13654 should implement supporting behavior. Not doing so can result in undefined
13655 behavior from API clients trying to continue through prefix results.
13656 * Update jQuery from v1.11.1 to v1.11.3.
13657 * External libraries installed via composer will now be displayed
13658 on Special:Version in their own section. Extensions or skins that are
13659 installed via composer will not be shown in this section as it is assumed
13660 they will add the proper credits to the skins or extensions section. They
13661 can also be accessed through the API via the new siprop=libraries to
13663 * Update QUnit from v1.14.0 to v1.16.0.
13664 * Update Moment.js from v2.8.3 to v2.8.4.
13665 * Special:Tags now allows for manipulating the list of user-modifiable change
13667 * Added 'managetags' user right and 'ChangeTagCanCreate', 'ChangeTagCanDelete',
13668 and 'ChangeTagCanCreate' hooks to allow for managing user-modifiable change
13670 * Added 'ChangeTagsListActive' hook, to separate the concepts of "defined" and
13671 "active" formerly conflated by the 'ListDefinedTags' hook.
13672 * Added TemplateParser class that provides a server-side interface to cachable
13673 dynamically-compiled Mustache templates (currently uses lightncandy library).
13674 * Clickable anchors for each section heading in the content are now generated
13675 and appear in the gutter on hovering over the heading.
13676 * Added 'CategoryViewer::doCategoryQuery' and 'CategoryViewer::generateLink'
13677 hooks to allow extensions to override how links to pages are rendered within
13679 * (T19665) Special:WantedPages only lists page which having at least one red
13680 link pointing to it.
13681 * New hooks 'ApiMain::moduleManager' and 'ApiQuery::moduleManager', can be
13682 used for conditional registration of API modules.
13683 * New hook 'EnhancedChangesList::getLogText' to alter, remove or add to the
13684 links of a group of changes in EnhancedChangesList.
13685 * A full interface for StatsD metric reporting has been added to the context
13686 interface, reachable via IContextSource::getStats().
13687 * Move the jQuery Client library from being mastered in MediaWiki as v0.1.0 to a
13688 proper, published library, which is now tagged as v1.0.0.
13689 * A new message (defaulting to blank), 'editnotice-notext', can be shown to
13690 users when they are editing if no edit notices apply to the page being edited.
13691 * (T94536) You can now make the sitenotice appear to logged-in users only by
13692 editing MediaWiki:Anonnotice and replacing its content with "". Setting it to
13693 "-" (default) will continue disable it and fallback to MediaWiki:Sitenotice.
13694 * Modifying the tagging of a revision or log entry is now available via
13695 Special:EditTags, generally accessed via the revision-deletion-like interface
13696 on history pages and Special:Log is likely to be more useful.
13697 * Added 'applychangetags' and 'changetags' user rights.
13698 * (T35235) LogFormatter subclasses are now responsible for formatting the
13699 parameters for API log event output. Extensions should implement the new
13700 getParametersForApi() method in their log formatters.
13702 ==== External libraries ====
13703 * MediaWiki now requires certain external libraries to be installed. In the past
13704 these were bundled inside the Git repository of MediaWiki core, but now they
13705 need to be installed separately. For users using the tarball, this will be
13706 taken care of and no action will be required. Users using Git will either need
13707 to use composer to fetch dependencies or use the mediawiki/vendor repository
13708 which includes all dependencies for MediaWiki core and ones used in Wikimedia
13709 deployment. Detailed instructions can be found at:
13710 https://www.mediawiki.org/wiki/Download_from_Git#Fetch_external_libraries
13711 * The following libraries are now required:
13713 This library provides the interfaces set by the PSR-3 standard
13714 (http://www.php-fig.org/psr/psr-3/) which are used by MediaWiki internally
13715 via the MediaWiki\Logger\LoggerFactory class.
13716 See the structured logging RfC
13717 <https://www.mediawiki.org/wiki/Requests_for_comment/Structured_logging>
13718 for more background information.
13719 ** cssjanus/cssjanus
13720 This library was formerly bundled with MediaWiki core and has been removed.
13721 It automatically flips CSS for RTL support.
13723 This library was formerly bundled with MediaWiki core and has been removed.
13724 It compiles LESS files into CSS.
13726 This library was formerly a part of MediaWiki core, and has been moved into a
13727 separate library. It provides CDB functions which are used in the Interwiki
13728 and Localization caches. More information about the library can be found at
13729 https://www.mediawiki.org/wiki/CDB.
13730 ** liuggio/statsd-php-client
13731 This library provides a StatsD client API for logging application metrics to
13734 === Bug fixes in 1.25 ===
13735 * (T73003) No additional code will be generated to try to load CSS-embedded
13736 SVG images in Internet Explorer 6 and 7, as they don't support them anyway.
13737 * (T69021) On Special:BookSources, corrected validation of ISBNs (both
13738 10- and 13-digit forms) containing "X".
13739 * Page moving was refactored into a MovePage class. As part of that:
13740 ** The AbortMove hook was removed.
13741 ** MovePageIsValidMove is for extensions to specify whether a page
13742 cannot be moved for technical reasons, and should not be overridden.
13743 ** MovePageCheckPermissions is for checking whether the given user is
13744 allowed to make the move.
13745 ** Title::moveNoAuth() was deprecated. Use the MovePage class instead.
13746 ** Title::moveTo() was deprecated. Use the MovePage class instead.
13747 ** Title::isValidMoveOperation() broken down into MovePage::isValidMove()
13748 and MovePage::checkPermissions().
13749 * (T18530) Multiple autocomments are now formatted in an edit summary.
13750 * (T70361) Autocomments containing "/*" are parsed correctly.
13751 * The Special:WhatLinksHere page linked from 'Number of redirects to this page'
13752 on action=info about a file page does not list file links anymore.
13753 * (T78637) Search bar is not autofocused unless it is empty so that proper
13754 scrolling using arrow keys is possible.
13755 * (T50853) Database::makeList() modified to handle 'NULL' separately when
13757 * (T85192) Captcha position modified in Usercreate template. As a result:
13758 ** extrafields parameter added to Usercreate.php to insert additional data
13759 ** 'extend' method added to QuickTemplate to append additional values to any
13760 field of data array
13761 * (T86974) Several Title methods now load from the database when necessary
13762 (instead of returning incorrect results) even when the page ID is known.
13763 * (T74070) Duplicate search for archived files on file upload now omits the
13765 This requires the fa_sha1 field being populated.
13766 * Removed rel="archives" from the "View history" link, as it did not pass
13768 * $wgUseTidy is now set when parserTests are run with the tidy option to match
13770 * (T37472) update.php will purge ResourceLoader cache unless --nopurge is passed
13772 * (T72109) mediawiki.language should respect $wgTranslateNumerals in
13775 === Action API changes in 1.25 ===
13776 * (T67403) XML tag highlighting is now only performed for formats
13777 "xmlfm" and "wddxfm".
13778 * action=paraminfo supports generalized submodules (modules=query+value),
13779 querymodules and formatmodules are deprecated
13780 * action=paraminfo no longer outputs descriptions and other help text by
13781 default. If needed, it may be requested using the new 'helpformat' parameter.
13782 * action=help has been completely rewritten, and outputs help in HTML
13783 rather than plain text.
13784 * Hitting api.php without specifying an action now displays only the help for
13785 the main module, with links to submodule help.
13786 * API help is no longer displayed on errors.
13787 * 'uselang' is now a recognized API parameter; "uselang=user" may be used to
13788 explicitly select the language from the current user's preferences, and
13789 "uselang=content" may be used to select the wiki's content language.
13790 * Default output format for the API is now jsonfm.
13791 * Simplified continuation will return a "batchcomplete" property in the result
13792 when a batch of pages is complete.
13793 * Pretty-printed HTML output now has nicer formatting and (if available)
13794 better syntax highlighting.
13795 * Deprecated list=deletedrevs in favor of newly-added prop=deletedrevisions and
13796 list=alldeletedrevisions.
13797 * prop=revisions will gracefully continue when given too many revids or titles,
13798 rather than just ignoring the extras.
13799 * prop=revisions will no longer die if rvcontentformat doesn't match a
13800 revision's content model; it will instead warn and omit the content.
13801 * If the user has the 'deletedhistory' right, action=query's revids parameter
13802 will now recognize deleted revids.
13803 * prop=revisions may be used as a generator, generating revids.
13804 * (T68776) format=json results will no longer be corrupted when
13805 $wgMangleFlashPolicy is in effect. format=php results will cleanly return an
13806 error instead of returning invalid serialized data.
13807 * Generators may now return data for the generated pages when used with
13809 * Query page data for generator=search and generator=prefixsearch will now
13810 include an "index" field, which may be used by the client for sorting the
13812 * ApiOpenSearch now supports XML output.
13813 * ApiOpenSearch will now output descriptions and URLs as array indexes 2 and 3
13815 * (T76051) list=tags will now continue correctly.
13816 * (T76052) list=tags can now indicate whether a tag is defined.
13817 * (T75522) list=prefixsearch now supports continuation
13818 * (T78737) action=expandtemplates can now return page properties.
13819 * (T78690) list=allimages now accepts multiple pipe-separated values
13820 for the 'aimime' parameter.
13821 * prop=info with inprop=protections will now return applicable protection types
13822 with the 'restrictiontypes' key.
13823 * (T85417) When resolving redirects, ApiPageSet will now add the targets of
13824 interwiki redirects to the list of interwiki titles.
13825 * (T85417) When outputting the list of redirect titles, a 'tointerwiki'
13826 property (like the existing 'tofragment' property) will be set.
13827 * Added action=managetags to allow for managing the list of
13828 user-modifiable change tags. Actually modifying the tagging of a revision or
13829 log entry is not implemented yet.
13830 * list=tags has additional properties to indicate 'active' status and tag
13832 * siprop=libraries was added to ApiQuerySiteinfo to list installed external
13834 * (T88010) Added action=checktoken, to test a CSRF token's validity.
13835 * (T88010) Added intestactions to prop=info, to allow querying of
13836 Title::userCan() via the API.
13837 * Default type param for query list=watchlist and list=recentchanges has
13838 been changed from all types (e.g. including 'external') to 'edit|new|log'.
13839 * Added formatversion to format=json. Still "experimental" as further changes
13840 to the output formatting might still be made.
13841 * (T73020) Log event details are now always under a 'params' subkey for
13842 list=logevents, and a 'logparams' subkey for list=watchlist and
13843 list=recentchanges.
13844 * Log event details are changing formatting:
13845 * block events now report flags as an array rather than as a comma-separated
13847 * patrol events now report the 'auto' flag as a boolean (absent/empty string
13848 for BC formats) rather than as an integer.
13849 * rights events now report the old and new group lists as arrays rather than
13850 as comma-separated lists.
13851 * merge events use new-style formatting.
13852 * delete/event and delete/revision events use new-style formatting.
13853 * The root node and various other nodes will now always be an object in formats
13854 such as json that distinguish between arrays and objects.
13855 * Except for action=opensearch where the spec requires an array.
13857 === Action API internal changes in 1.25 ===
13858 * ApiHelp has been rewritten to support i18n and paginated HTML output.
13859 Most existing modules should continue working without changes, but should do
13861 * Add an i18n message "apihelp-{$moduleName}-description" to replace
13863 * Add i18n messages "apihelp-{$moduleName}-param-{$param}" for each parameter
13864 to replace getParamDescription(). If necessary, the settings array returned
13865 by getParams() can use the new ApiBase::PARAM_HELP_MSG key to override the
13867 * Implement getExamplesMessages() to replace getExamples().
13868 * Modules with submodules (like action=query) must have their submodules
13869 override ApiBase::getParent() to return the correct parent object.
13870 * The 'APIGetDescription' and 'APIGetParamDescription' hooks are deprecated,
13871 and will have no effect for modules using i18n messages. Use
13872 'APIGetDescriptionMessages' and 'APIGetParamDescriptionMessages' instead.
13873 * Api formatters will no longer be asked to display the help screen on errors.
13874 * ApiMain::getCredits() was removed. The credits are available in the
13875 'api-credits' i18n message.
13876 * ApiFormatBase has been changed to support i18n and syntax highlighting via
13877 extensions with the new 'ApiFormatHighlight' hook. Core syntax highlighting
13879 * ApiFormatBase now always buffers. Output is done when
13880 ApiFormatBase::closePrinter is called.
13881 * Much of the logic in ApiQueryRevisions has been split into
13882 ApiQueryRevisionsBase.
13883 * The 'revids' parameter supplied by ApiPageSet will now count deleted
13884 revisions as "good" if the user has the 'deletedhistory' right. New methods
13885 ApiPageSet::getLiveRevisionIDs() and ApiPageSet::getDeletedRevisionIDs() are
13886 provided to access just the live or just the deleted revids.
13887 * Added ApiPageSet::setGeneratorData() and ApiPageSet::populateGeneratorData()
13888 to allow generators to include data in the action=query result.
13889 * New hooks 'ApiMain::moduleManager' and 'ApiQuery::moduleManager', can be
13890 used for conditional registration of API modules.
13891 * Added ApiBase::lacksSameOriginSecurity() to allow modules to easily check if
13892 the current request was sent with the 'callback' parameter (or any future
13893 method that breaks the same-origin policy).
13894 * Profiling methods in ApiBase are deprecated and no longer need to be called.
13895 * ApiResult was greatly overhauled. See inline documentation for details.
13896 * ApiResult will automatically convert objects to strings or arrays (depending
13897 on whether a __toString() method exists on the object), and will refuse to
13898 add unsupported value types.
13899 * An informal interface, ApiSerializable, exists to override the default
13901 * ApiResult/ApiFormatBase "raw mode" is deprecated.
13902 * ApiFormatXml now assumes defaults and so on instead of throwing errors when
13903 metadata isn't set.
13904 * (T35235) LogFormatter subclasses are now responsible for formatting log event
13905 parameters for the API.
13906 * Many modules have changed result data formats. While this shouldn't affect
13907 clients not using the experimental formatversion=2, code using
13908 ApiResult::getResultData() without the transformations for backwards
13909 compatibility may need updating, as will code that wasn't following the old
13910 conventions for API boolean output.
13911 * The following methods have been deprecated and may be removed in a future
13913 * ApiBase::getDescription
13914 * ApiBase::getParamDescription
13915 * ApiBase::getExamples
13916 * ApiBase::makeHelpMsg
13917 * ApiBase::makeHelpArrayToString
13918 * ApiBase::makeHelpMsgParameters
13919 * ApiBase::getModuleProfileName
13920 * ApiBase::profileIn
13921 * ApiBase::profileOut
13922 * ApiBase::safeProfileOut
13923 * ApiBase::getProfileTime
13924 * ApiBase::profileDBIn
13925 * ApiBase::profileDBOut
13926 * ApiBase::getProfileDBTime
13927 * ApiBase::getResultData
13928 * ApiFormatBase::setUnescapeAmps
13929 * ApiFormatBase::getWantsHelp
13930 * ApiFormatBase::setHelp
13931 * ApiFormatBase::formatHTML
13932 * ApiFormatBase::setBufferResult
13933 * ApiFormatBase::getDescription
13934 * ApiFormatBase::getNeedsRawData
13936 * ApiMain::reallyMakeHelpMsg
13937 * ApiMain::makeHelpMsgHeader
13938 * ApiResult::setRawMode
13939 * ApiResult::getIsRawMode
13940 * ApiResult::getData
13941 * ApiResult::setElement
13942 * ApiResult::setContent
13943 * ApiResult::setIndexedTagName_recursive
13944 * ApiResult::setIndexedTagName_internal
13945 * ApiResult::setParsedLimit
13946 * ApiResult::beginContinuation
13947 * ApiResult::setContinueParam
13948 * ApiResult::setGeneratorContinueParam
13949 * ApiResult::endContinuation
13951 * ApiResult::convertStatusToArray
13952 * ApiQueryImageInfo::getPropertyDescriptions
13953 * ApiQueryLogEvents::addLogParams
13954 * The following classes have been deprecated and may be removed in a future
13956 * ApiQueryDeletedrevs
13958 === Languages updated in 1.25 ===
13960 MediaWiki supports over 350 languages. Many localisations are updated
13961 regularly. Below only new and removed languages are listed, as well as
13962 changes to languages because of Bugzilla reports.
13965 ** awa (अवधी / Awadhi), thanks to translator 1AnuraagPandey;
13966 ** bgn (بلوچی رخشانی / Western Balochi), thanks to translators
13967 Baloch Afghanistan, Ibrahim khashrowdi and Rachitrali;
13968 ** ses (Koyraboro Senni), thanks to translator Songhay.
13969 * (T66440) Kazakh (kk) wikis should no longer forcefully reset the user's
13970 interface language to kk where unexpected.
13971 * The Chinese conversion table was substantially updated to fix a lot of
13972 bugs and ensure better reading experience for different variants.
13974 === Other changes in 1.25 ===
13975 * (T45591) Links to MediaWiki.org translatable help were added to indicators,
13976 mostly in special pages. Local custom target titles can be placed in the
13977 relevant '(namespace-X|action name|special page name)-helppage' system
13978 message. Extensions can use the addHelpLink() function to do the same.
13979 * The skin autodiscovery mechanism, deprecated in MediaWiki 1.23, has been
13980 removed. See https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery for
13981 migration guide for creators and users of custom skins that relied on it.
13982 * Javascript variables 'wgFileCanRotate' and 'wgFileExtensions' now only
13983 available on Special:Upload.
13984 * (T58257) Set site logo from mediawiki.skinning.interface module instead of
13985 inline styles in the HTML.
13986 * Removed ApiQueryUsers::getAutoGroups(). (deprecated since 1.20)
13987 * Removed XmlDumpWriter::schemaVersion(). (deprecated since 1.20)
13988 * Removed LogEventsList::getDisplayTitle(). (deprecated since 1.20)
13989 * Removed Preferences::trySetUserEmail(). (deprecated since 1.20)
13990 * Removed mw.user.name() and mw.user.anonymous() methods. (deprecated since
13992 * Removed 'ok' and 'err' parameters in the mediawiki.api modules. (deprecated
13994 * Removed 'async' parameter from the mw.Api#getCategories() method. (deprecated
13996 * Removed 'jquery.json' module. (deprecated since 1.24)
13997 Use the 'json' module and global JSON object instead.
13998 * Deprecated OutputPage::readOnlyPage() and OutputPage::rateLimited().
13999 Also, the former will now throw an MWException if called with one or more
14001 * Removed hitcounters and associated code.
14002 * The "temp" zone of the upload respository is now considered private. If it
14003 already exists (such as under the images/ directory), please make sure that
14004 the directory is not web readable (e.g. via a .htaccess file).
14005 * BREAKING CHANGE: In the XML dump format used by Special:Export and
14006 dumpBackup.php, the <model> and <format> tags now apprear before the <text>
14007 tag, instead of after the <text> and <sha1> tags.
14008 The new schema version is 0.10, the new schema URI is:
14009 https://www.mediawiki.org/xml/export-0.10.xsd
14010 * MWFunction::call() and MWFunction::callArray() were removed, having being
14011 deprecated in 1.22.
14012 * Deprecated the getInternalLinkAttributes, getInternalLinkAttributesObj,
14013 and getInternalLinkAttributes methods in Linker, and removed
14014 getExternalLinkAttributes method, which was deprecated in MediaWiki 1.18.
14015 * Removed Sites class, which was deprecated in 1.21 and replaced by
14017 * Added wgRelevantArticleId to the client-side config, for use on special pages.
14018 * Deprecated the TitleIsCssOrJsPage hook. Superseded by the
14019 ContentHandlerDefaultModelFor hook since MediaWiki 1.21.
14020 * Deprecated the TitleIsWikitextPage hook. Superseded by the
14021 ContentHandlerDefaultModelFor hook since MediaWiki 1.21.
14022 * Changed parsing of variables in schema (.sql) files:
14023 ** The substituted values are no longer parsed. (Formerly, several passes
14024 were made for each variable, so depending on the order in which variables
14025 were defined, variables might have been found inside encoded values. This
14026 is no longer the case.)
14027 ** Variables are no longer string encoded when the /*$var*/ syntax is used.
14028 If string encoding is necessary, use the '{$var}' syntax instead.
14029 ** Variable names must only consist of one or more of the characters
14031 ** In source text of the form '{$A}'{$B}' or `{$A}`{$B}`, where variable A
14032 does not exist yet variable B does, the latter may not be replaced.
14033 However, this difference is unlikely to arise in practice.
14034 * (T67278) RFC, PMID, and ISBN "magic links" must be surrounded by non-word
14035 characters on both sides.
14036 * The FormatAutocomments hook will now receive $pre and $post as booleans,
14037 rather than as strings that must be prepended or appended to $comment.
14038 * (T30950, T31025) RFC, PMID, and ISBN "magic links" can no longer contain
14039 newlines; but they can contain and other non-newline whitespace.
14040 * The 'mediawiki.action.edit' ResourceLoader module no longer generates the edit
14041 toolbar, which has been moved to a separate 'mediawiki.toolbar' module. If you
14042 relied on this behavior, update your scripts' dependencies.
14043 * HTMLForm's 'vform' display style has been separated to a subclass. Therefore:
14044 * HTMLForm::isVForm() is now deprecated.
14045 * You can no longer do this:
14046 $form = new HTMLForm( … );
14047 $form->setDisplayFormat( 'vform' ); // throws exception
14049 $form = HTMLForm::factory( 'vform', … );
14050 * Deprecated Revision methods getRawUser(), getRawUserText() and
14052 * BREAKING CHANGE: mediawiki.user.generateRandomSessionId:
14053 The alphabet of the prior string returned was A-Za-z0-9 and now it is 0-9A-F
14054 * (T87504) Avoid serving SVG background-images in CSS for Opera 12, which
14055 renders them incorrectly when combined with border-radius or background-size.
14056 * Removed maintenance script dumpSisterSites.php.
14057 * DatabaseBase class constructors must be called using the array argument style.
14058 Ideally, DatabaseBase:factory() should be used instead in most cases.
14059 * Deprecated ParserOutput::addSecondaryDataUpdate and
14060 ParserOutput::getSecondaryDataUpdates.
14061 This is a hard deprecation, with getSecondaryDataUpdates returning an empty
14062 array and addSecondaryDataUpdate throwing an exception. These functions will
14063 be removed in 1.26, since they interfere with caching of ParserOutput objects.
14064 * Introduced new hook 'SecondaryDataUpdates' that allows extensions to inject
14066 * Introduced new hook 'OpportunisticLinksUpdate' that allows extensions to
14067 perform updates when a page is re-rendered.
14068 * EditPage::attemptSave has been modified not to call handleStatus itself and
14069 instead just returns the Status object. Extension calling it should be aware
14071 * Removed class DBObject. (unused since 1.10)
14072 * wfDiff() is deprecated.
14073 * The -m (maximum replication lag) option of refreshLinks.php was removed.
14074 It had no effect since MediaWiki 1.18 and should be removed from any cron
14075 jobs or similar scripts you may have set up.
14076 * (T85864) The following messages no longer support raw html: redirectto,
14077 thisisdeleted, viewdeleted, editlink, retrievedfrom, version-poweredby-others,
14078 retrievedfrom, thisisdeleted, viewsourcelink, lastmodifiedat, laggedslavemode,
14079 protect-summary-cascade
14080 * All BloomCache related code has been removed. This was largely experimental.
14081 * $wgResourceModuleSkinStyles no longer supports per-module local or remote
14082 paths. They can only be set for the entire skin.
14083 * Removed global function swap(). (deprecated since 1.24)
14084 * Deprecated the ".php5" file extension entry points and the $wgScriptExtension
14085 configuration variable. Refer to the ".php" files instead. If you want
14086 ".php5" URLs to continue to work, set up redirects. In Apache, this can be
14087 done by enabling mod_rewrite and adding the following rules to your
14092 RewriteRule ^(.*)\.php5 $1.php [R=301,L]
14094 * The global importScriptURI and importStylesheetURI functions, as well as the
14095 loadedScripts object, from wikibits.js (deprecated since 1.17) now emit
14096 warnings through mw.log.warn when accessed.
14100 == MediaWiki 1.24.6 ==
14102 This is a maintenance release of the MediaWiki 1.24 branch.
14104 === Changes since 1.24.5 ===
14105 * (T121892) Fix fatal error on some Special pages, introduced in 1.24.5.
14107 == MediaWiki 1.24.5 ==
14109 This is a security and maintenance release of the MediaWiki 1.23 branch.
14111 === Changes since 1.24.4 ===
14112 * (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths
14113 that do not begin with a slash. This enabled trivial XSS attacks.
14114 Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are
14115 "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an
14117 * (T119309) SECURITY: Use hash_compare() for edit token comparison
14118 * (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting
14119 with '@' as file uploads
14120 * (T115522) SECURITY: Passwords generated by User::randomPassword() can no
14121 longer be shorter than $wgMinimalPasswordLength
14122 * (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could
14123 result in improper blocks being issued
14124 * (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions
14125 and related pages no longer use HTTP redirects and are now redirected by
14127 * (T103237) $wgUseGzip had no effect when using file cache.
14129 == MediaWiki 1.24.4 ==
14131 This is a security and maintenance release of the MediaWiki 1.24 branch.
14133 === Changes since 1.24.3 ===
14135 * (T91653) Minimal PSR-3 debug logger to support backports from 1.25+.
14136 * (T68650) Fix indexing of moved pages with PostgreSQL. Requires running
14138 * (T91850) SECURITY: Add throttle check in ApiUpload and SpecialUpload
14139 * (T91203, T91205) SECURITY: API: Improve validation in chunked uploading
14140 * (T95589) SECURITY: RevDel: Check all revisions for suppression, not just the
14142 * (T108616) SECURITY: Avoid exposure of local path in PNG thumbnails
14144 == MediaWiki 1.24.3 ==
14146 This is a security and maintenance release of the MediaWiki 1.24 branch.
14148 === Changes since 1.24.2 ===
14150 * (T94116) SECURITY: Compare API watchlist token in constant time
14151 * (T97391) SECURITY: Escape error message strings in thumb.php
14152 * (T106893) SECURITY: Don't leak autoblocked IP addresses on
14153 Special:DeletedContributions
14154 * Update jQuery from v1.11.2 to v1.11.3.
14155 * (T102562) Fix InstantCommons parameters to handle the new HTTPS-only
14156 policy of Wikimedia Commons.
14158 == MediaWiki 1.24.2 ==
14160 This is a security and maintenance release of the MediaWiki 1.24 branch.
14162 === Changes since 1.24.1 ===
14164 * (T85848, T71210) SECURITY: Don't parse XMP blocks that contain XML entities,
14165 to prevent various DoS attacks.
14166 * (T85848) SECURITY: Don't allow directly calling Xml::isWellFormed, to reduce
14168 * (T88310) SECURITY: Always expand xml entities when checking SVG's.
14169 * (T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS.
14170 * (T85855) SECURITY: Don't execute another user's CSS or JS on preview.
14171 * (T64685) SECURITY: Allow setting maximal password length to prevent DoS when
14173 * (T85349, T85850, T86711) SECURITY: Multiple issues fixed in SVG filtering to
14174 prevent XSS and protect viewer's privacy.
14175 * Fix case of SpecialAllPages/SpecialAllMessages in SpecialPageFactory to fix
14176 loading these special pages when $wgAutoloadAttemptLowercase is false.
14177 * (bug T70087) Fix Special:ActiveUsers page for installations using
14179 * (bug T76254) Fix deleting of pages with PostgreSQL. Requires a schema change
14180 and running update.php to fix.
14182 == MediaWiki 1.24.1 ==
14184 This is a security and maintenance release of the MediaWiki 1.24 branch.
14186 === Changes since 1.24.0 ===
14188 * (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which
14189 could lead to xss. Permission to edit MediaWiki namespace is required to
14191 * (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in
14192 $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as
14194 * (bug T74222) The original patch for T74222 was reverted as unnecessary.
14195 * Fixed a couple of entries in RELEASE-NOTES-1.24.
14196 * (bug T76168) OutputPage: Add accessors for some protected properties.
14197 * (bug T74834) Make 1.24 branch directly installable under PostgreSQL.
14199 == MediaWiki 1.24.0 ==
14201 === Configuration changes in 1.24 ===
14202 * MediaWiki will no longer run if register_globals is enabled. It has been
14203 deprecated for 5 years now, and was removed in PHP 5.4. For more information
14204 about why, see <https://www.mediawiki.org/wiki/register_globals>.
14205 * MediaWiki now requires PHP's iconv extension. openSUSE users may need to
14206 install the php5-iconv package. Users of other systems may need to add
14207 extension=iconv.so to php.ini or recompile PHP without --without-iconv.
14208 * MediaWiki will no longer function if magic quotes are enabled. It has
14209 been deprecated for 5 years now, and was removed in PHP 5.4.
14210 * The server's canonical hostname is available as $wgServerName, which is
14211 exposed in both mw.config and ApiQuerySiteinfo.
14212 * Introduced $wgPagePropsHaveSortkey as a backwards-compatibility switch,
14213 for using the old schema of the page_props table, in case the respective
14214 schema update was not applied.
14215 * $wgSearchEverythingOnlyLoggedIn was removed as the 'searcheverything'
14216 user option was removed. Use $wgNamespacesToBeSearchedDefault instead or
14217 if you used to have $wgDefaultUserOptions['searcheverything'] = 1.
14218 * $wgMasterWaitTimeout has been deprecated.
14219 * $wgDBClusterTimeout has been removed.
14220 * $wgProxyKey has been removed. It is no longer used by MediaWiki core.
14221 Ensure $wgSecretKey is set in LocalSettings.php.
14222 * $wgExtraInterlanguageLinkPrefixes is a new configuration variable that
14223 contains an array of interwiki prefixes that should be treated as language
14224 prefixes (i.e. turned into interlanguage links when $wgInterwikiMagic is set
14226 * $wgParserTestRemote has been removed.
14227 * $wgCountTotalSearchHits has been removed. If you're concerned about efficiency
14228 of search, you should use something like CirrusSearch instead of built in
14230 * Users in the 'sysop' group have access to Special:MergeHistory by default.
14231 * $wgFileStore was removed after having been deprecated in 1.17. Alternative
14232 configurations are $wgDeletedDirectory and $wgHashedUploadDirectory.
14233 * The deprecated $wgUseCommaCount variable has been removed.
14234 * $wgEnableSorbs and $wgSorbsUrl have been removed.
14235 * The UserCryptPassword and UserComparePassword hooks are no longer called.
14236 Any extensions using them must be updated to use the Password Hashing API.
14237 * $wgCompiledFiles has been removed.
14238 * $wgSortSpecialPages was removed, the listing on Special:SpecialPages is
14240 * $wgSpecialPages may now use callback functions as an alternative to plain
14241 class names. This allows more control over constructor parameters.
14242 * $wgHTCPMulticastAddress, $wgHTCPMulticastRouting and $wgHTCPPort were removed.
14243 * $wgRC2UDPAddress, $wgRC2UDPInterwikiPrefix, $wgRC2UDPOmitBots, $wgRC2UDPPort
14244 and $wgRC2UDPPrefix have been removed.
14245 * The default password type for MediaWiki has been changed from MD5 to PBKDF2.
14246 Password hashes will automatically be updated as users log in. If necessary,
14247 the old MD5 hashing can be restored by changing $wgPasswordDefault to 'B'.
14248 In addition, there is a maintenance script wrapOldPassword.php that can wrap
14249 all passwords in PBKDF2 (or the hashing algorithm of your choice) if you don't
14250 want to wait for your users to log in.
14251 * $wgImportSources can now either be a regular array, or an associative map
14252 specifying subprojects on the interwiki map of the target wiki, or a mix of
14253 the two. Existing configurations will still work.
14254 * Users must be able to edit through a page's protection to be able to delete
14256 * The default thumb size ($wgDefaultUserOptions['thumbsize']) is now 300px, up
14257 from 180px. If you have altered the number of entries in $wgThumbLimits for
14258 your wiki, you may need to adjust your default user settings to compensate for
14260 * $wgDeferredUpdateList is now deprecated, you should use
14261 DeferredUpdates::addUpdate() instead.
14262 * $wgCanonicalLanguageLinks has been removed. Per Google recommendations, we
14263 will not send a rel=canonical pointing to a variant-neutral page, however
14264 we will send rel=alternate.
14265 * $wgResourceLoaderLESSFunctions has been deprecated and will be removed in the
14267 * $wgGoToEdit has been removed. Use the SpecialSearchNogomatch hook for similar
14270 === New features in 1.24 ===
14271 * Added new hook WatchlistEditorBeforeFormRender, allowing subscribers to
14272 manipulate the list of pages and/or preload lots of data at once.
14273 * Added new argument &$link in hook WatchlistEditorBuildRemoveLine, allowing the
14274 link to the title to be changed.
14275 * Added a new hook, "WhatLinksHereProps", to allow extensions to annotate
14276 WhatLinksHere entries.
14277 * Added a new hook, "ContentGetParserOutput", to customize parser output for
14278 a given content object.
14279 * Deprecated the hook "ShowRawCssJs", use "ContentGetParserOutput" instead.
14280 * HTMLForm's HTMLTextField now supports the 'url' type.
14281 * HTMLForm fields may now be dynamically hidden based on the values of other
14282 fields in the form.
14283 * HTMLForm now supports multiple copies of an input field or set of input
14284 fields, e.g. the form may request "one or more usernames" without having to
14285 have the user enter delimited list of names into a text field.
14286 * Added a new hook, "SidebarBeforeOutput", to allow to edit the structure of
14287 the sidebar just before its display.
14288 * (bug 49156) Added the mediawiki.cookie ResourceLoader module, which wraps
14289 jquery.cookie so that getting/setting a cookie is syntactically and
14290 functionally similar to using the WebRequest::getCookie() and
14291 WebResponse::setcookie() methods.
14292 * (bug 44740) jQuery upgraded from 1.8.3 to 1.11.1. A new configuration option,
14293 $wgIncludejQueryMigrate, also loads the jQuery Migrate hack to let extensions
14294 and gadgets use the long-deprecated functions that were removed in jQuery 1.9.
14295 This option is turned off by default, and will be removed in MediaWiki 1.25.
14296 * (bug 47076) jQuery UI upgraded from 1.8.24 to 1.9.2.
14297 * Changes to content typography (fonts, etc.). See
14298 https://www.mediawiki.org/wiki/Typography_refresh for further information.
14299 * WikitextContent will now render redirects with the expected "redirect"
14300 header, rather than as an ordered list. Code calling Article::viewRedirect
14301 can probably be changed to no longer special-case redirects.
14302 * Header font set to a serif font stack. See
14303 https://www.mediawiki.org/wiki/Typography_refresh for further information.
14304 * (bug 65567) Added a new hook, "BeforeHttpsRedirect", to allow cancellation of
14305 the HTTP to HTTPS redirect due to forceHTTPS cookie, userRequires, etc. This
14306 is only for page views, since this hook doesn't affect UserLogin, OAuth,
14307 CentralAuth, etc. ATTENTION: This hook is likely to be removed soon due to
14308 overall design of the system.
14309 * (bug 17367) It is now possible to add pages to your watchlist from
14310 Special:UnwatchedPages without reloading the special page.
14311 * New methods setVolatile and isVolatile are added to PPFrame, so that
14312 extensions such as Cite.php can mark that their output is volatile and
14313 shouldn't be cached.
14314 * (bug 52817) Advanced search options are now saved on the search page itself,
14315 rather than in a dedicated pane in the preferences panel.
14316 * (bug 44591) The dropdown actions menu (little triangle next to page tabs) in
14317 the Vector skin has gained a label that should make it more discoverable.
14318 * MWCryptHKDF added for fast, cryptographically secure random number generation
14319 that won't deplete openssl's entropy pool.
14320 * ResourceLoader: File modules can now provide a skip function that uses an
14321 inline feature test to bypass loading of the module.
14322 * (bug 20210) Special pages may now provide autocompletion of their subpage
14323 names in search suggestions. Right now the only useful implementation is in
14324 Special:Log, but more are to come.
14325 * Special:MostLinkedTemplates is no longer limited to transclusions from the
14326 Template namespace.
14327 * Skins can now use 'remoteSkinPath' when defining ResourceLoader modules.
14328 This works the same as 'remoteExtPath' but is relative to the skins/ folder
14329 instead of the extensions/ folder.
14330 * Added the json2.js polyfill for the ES5 JSON.stringify and JSON.parse methods.
14331 Exposed as module "json" with a skip function to optimise loading.
14332 * Extensions and skins may now use 'namemsg' in $wgExtensionCredits in addition
14333 to 'name', to allow for the name to be localizable. 'name' should still be
14334 specified for backwards-compatibility and to define the path Special:Version
14335 uses to find extension license information.
14336 * Browser tests are now included to verify basic wiki functionality in developer
14337 environments. For details on running tests, see
14338 tests/browser/README.mediawiki.
14339 * Upgrade jStorage to v0.4.10.
14340 * {{!}} is now a magic word that produces the | character. This removes the need
14341 for Template:! for purposes such as passing pipes inside of parameters.
14342 * (bug 20790) The block log snippet on Special:Contributions and while
14343 editing user and user talk pages now works for IP range blocks.
14344 * (bug 9360) Added ability to change the page language for MediaWiki pages using
14345 Special:PageLanguage. All pages are set to wiki language by default.
14346 The feature needs to be enabled with $wgPageLanguageUseDB=true and
14347 permission needs to be set for 'pagelang'.
14348 * Upgrade Moment.js to v2.8.3.
14349 * (bug 67042) Added support for the HTML5 <rtc> tag for East Asian typography.
14350 * Upgrade Sinon.JS to 1.10.3.
14351 * Added the es5-shim polyfill for older or non-compliant javascript engines.
14352 * Upgrade jQuery Cookie to v1.3.1.
14353 * (bug 20476) Add a "viewsuppressed" user right to be able to view
14354 suppressed content but not suppress it ("suppressrevision" right).
14355 * (bug 66440) The MediaWiki web installer will now allow you to choose the skins
14356 to enable (from the ones included in download tarball) and decide which one
14357 should be the default.
14358 * (bug 68085, 68802) Links like [[localInterwikiPrefix:languageCode:pageTitle]],
14359 where localInterwikiPrefix is a member of the $wgLocalInterwikis array, will
14360 no longer be displayed in the sidebar when $wgInterwikiMagic is true. In a
14361 similar way, links like [[localInterwikiPrefix:File:Image.png]] and
14362 [[localInterwikiPrefix:Category:Hello]] will now render as regular links, and
14363 will not include the file or add the page to the category.
14364 * New special page, MyLanguage, to redirect users to subpages with localised
14365 versions of a page. (Integrated from Extension:Translate)
14366 * MediaWiki now supports multiple password types, including bcrypt and PBKDF2.
14367 The default type can be changed with $wgPasswordDefault and the type
14368 configurations can be changed with $wgPasswordConfig.
14369 * Skins can now define custom styles for default ResourceLoader modules using
14370 the $wgResourceModuleSkinStyles global. See the Vector skin for examples.
14371 * (bug 4488) There is now a preference to watch pages where the user has
14372 rollbacked an edit by default.
14373 * (bug 15484) Users will now be redirected to the login page when they need to
14374 log in, rather than being shown a page asking them to log in and having to
14375 click another link to actually get to the login page.
14376 * A JsonContent and JsonContentHandler were added for extensions to extend.
14377 * (bug 35045) Redirects to sections will now update the URL in browser's address
14378 bar using the HTML5 History API. When [[Dog]] redirects to [[Animals#Dog]],
14379 the user will now see "Animals#Dog" in their browser instead of "Dog#Dog".
14380 * API token handling has been rewritten. Any API module using tokens will need
14381 to be updated. See the entry below under "Action API internal changes".
14382 * Added HTMLAutoCompleteSelectField.
14383 * Added a new hook, "SkinPreloadExistence", to allow extensions to add titles to
14384 link existence cache before the page is rendered.
14385 * Config::set() was moved to its own interface, MutableConfig.
14386 GlobalVarConfig::set() is now deprecated, does not implement MutableConfig.
14387 * A MutableConfig named HashConfig was added, that stores an array of
14388 configuration settings.
14389 * (bug 69418) A MultiConfig implementation was added that supports fallback
14390 to multiple Config instances.
14391 * Update CSSJanus to v1.1.0.
14392 * Added FormatJson::parse() returning status with result or localized error
14394 * Added DeletedContribsPager::reallyDoQuery hook allowing extensions to data to
14395 Special:DeletedContributions
14396 * Added DeletedContributionsLineEnding hook allowing extensions to format
14397 Special:DeletedContributions lines
14398 * (T69525) You can now make MediaWiki speed up its thumbnail rendering by using
14399 intermediary thumbnails. $wgThumbnailBuckets must be set to a list of target
14400 thumbnail widths; when a new thumbnail needs to be rendered, MediaWiki will
14401 find the smallest bucket smaller than the original but larger than the target
14402 width + $wgThumbnailMinimumBucketDistance, and it will scale that thumbnail,
14403 rather than the original, down to the target size at greater speed in return
14404 for minor loss of fidelity.
14406 === Bug fixes in 1.24 ===
14407 * (bug 50572) MediaWiki:Blockip should support gender
14408 * (bug 49116) Footer copyright notice is now always displayed in user language
14409 rather than content language (same as copyright notice for editing interface).
14410 * (bug 62258) A bug was fixed in File::getUnscaledThumb when a height
14411 restriction was present in the parameters. Images with both the "frame"
14412 option and a size specification set will now always ignore the provided
14413 size and display an unscaled image, as the documentation has always
14415 * (bug 39035) Improved Vector skin performance by removing collapsibleNav,
14416 which used to collapse some sidebar elements by default.
14417 This removes -list id suffixes like p-lang-list: instead of using things like
14418 #p-lang-list, you can do #p-lang .body ul.
14419 * (bug 890) Links in Special:RecentChanges and Special:Watchlist no longer
14420 follow redirects to their target pages.
14421 * Parser now dies early if called recursively, instead of producing subtle bugs.
14422 * (bug 14323) Redirect pages, when viewed with redirect=no, no longer hide the
14423 remaining page content.
14424 * (bug 52587) Maintenance script deleteBatch.php no longer follows redirects
14425 in the file namespace and delete the file on the target page. It will still
14426 however delete the redirect page.
14427 * (bug 22683) {{msgnw:}} and other uses of PPFrame::RECOVER_ORIG will correctly
14428 recover the original code of extension tags.
14429 * (bug 65757) MSSQL: Update script drops unnamed constraints to be prepared
14430 for future updates. Because it's doing so heuristically, it may fail or drop
14432 * (bug 67870) wfShellExec() cuts off stdout at multiples of 8192 bytes.
14433 * $wgRunJobsAsync now works with private wikis (e.g. read requires login).
14434 * (bugs 57238, 65206) Blank pages can now be directly created.
14435 * (bug 69789) Title::getContentModel() now loads from the database when
14436 necessary instead of incorrectly returning the default content model.
14437 * (bug 69249) wfBaseConvert() now works around PHP Bug #50175 when using GMP.
14438 * (bug 57909) URLs in the externallinks table will no longer have certain
14439 characters decoded in the query string.
14440 * (bug 67368) LESS mixins like .background-image() correctly flip image
14441 references for RTL stylesheets now.
14443 === Action API changes in 1.24 ===
14444 * action=parse API now supports prop=modules, which provides the list of
14445 ResourceLoader modules that should be used to enhance the parsed content.
14446 * action=query&meta=siteinfo&siprop=interwikimap returns a new "protorel"
14447 field which is true if protocol-relative urls can be used to access
14448 a particular interwiki map entry.
14449 * list=logevents now provides logpage, which is the page ID from the
14450 logging table, if ids are requested and the user has the permissions.
14451 * action=edit now requires that appendtext, prependtext, or section=new be used
14452 when using the 'redirect' parameter, to prevent clients accidentally
14453 overwriting the target page with the content of the redirect.
14454 * list=logevents will now return an error if both letitle and leprefix are
14456 * list=logevents has a new parameter, lenamespace, to allow filtering by
14458 * action=expandtemplates has a new parameter, prop, and a new output format.
14459 The old format is still used if prop isn't provided, but this is deprecated.
14460 * meta=userinfo can now return the count of unread pages on the watchlist.
14461 * list=watchlist can now filter by unread status.
14462 * The deprecated action=parse&prop=languageshtml has been removed.
14463 * (bug 48071) action=setnotificationtimestamp no longer throws PHP or database
14464 errors when no pages are given.
14465 * (bug 60734) Actions that use ApiPageSet (e.g. purge, watch,
14466 setnotificationtimestamp) will now include continuation information when
14468 * Removed 'props' and 'errors' from action=paraminfo, as they have extremely
14469 limited use and are generally inaccurate, unmaintained, and impossible to
14471 * Formats dbg, dump, txt, wddx, and yaml are now deprecated.
14472 * action=paraminfo now indicates when a parameter is specifying a submodule.
14473 * The iwurl parameter to prop=iwlinks is deprecated in favor of iwprop=url, for
14474 parallelism with prop=langlinks.
14475 * All tokens should be fetched from action=query&meta=tokens; all other methods
14476 of fetching tokens are deprecated. The value needed for meta=tokens's 'type'
14477 parameter for each module is documented in the action=help output and is
14478 returned from action=paraminfo.
14479 * New action ClearHasMsg that can be used to clear HasMsg flag.
14480 * The cmstartsortkey and cmendsortkey parameters to list=categorymembers are
14481 deprecated in favor of cmstarthexsortkey and cmendhexsortkey.
14482 * (bug 63326) Add blockedtimestamp field to output of blockinfo property for
14483 the list=allusers and list=users modules.
14484 * prop=imageinfo no longer requires iiurlwidth to be set when using iiurlparam.
14485 * Added prop=linkshere, prop=fileusage, and prop=transcludedin, which are
14486 roughly equivalent to list=backlinks, list=imageusage, and list=embeddedin
14487 but can work on a list of titles (including titles from a generator).
14488 * prop=redirects can now filter returned redirects by namespace.
14490 === Action API internal changes in 1.24 ===
14491 * Methods for handling continuation are added to ApiResult, so actions other
14492 than query that use generators can easily support continuation.
14493 * $wgAPIModules (and the related $wgAPIFormatModules, $wgAPIMetaModules,
14494 $wgAPIPropModules, and $wgAPIListModules settings) now allow API modules
14495 to be specified using a "module spec" array instead of a plain class name.
14496 A "module spec" is an associative array containing at least the 'class' key
14497 for the module's class, and optionally a 'factory' key for the factory
14498 function to use for the module. This is intended for extensions that want
14499 control over the instantiation of their API modules, to allow for proper
14500 dependency injection.
14501 * A new param type 'submodule' is available. Parameters of this type will take
14502 the list of valid values from the module's ApiModuleManager for the group
14503 corresponding to the parameter name.
14504 * The 'APIGetPossibleErrors' and 'APIGetResultProperties' hooks are no longer
14506 * API token handling has been rewritten. Any API module using tokens will need
14508 * ApiBase::needsToken now returns a token type instead of boolean true when a
14509 token is needed. Returning true will throw an exception. See documentation
14510 of that method for details.
14511 * Information for the 'token' parameter is automatically set by ApiBase
14512 getFinalParams and getFinalParamDescription.
14513 * ApiBase::getTokenSalt has been removed.
14514 * The hooks APIQueryInfoTokens, APIQueryRevisionsTokens,
14515 APIQueryRecentChangesTokens, APIQueryUsersTokens, and
14516 ApiTokensGetTokenTypes are deprecated, but are still called to support
14517 backwards-compatible token access.
14518 * ApiBase::validateLimit and ApiBase::validateTimestamp are now protected.
14519 * ApiQueryRedirects was removed; prop=redirects is now implemented by
14520 ApiQueryBacklinksProp along with the newly-added prop modules.
14521 * The following methods have been deprecated and may be removed in a future
14523 * ApiBase::getResultProperties
14524 * ApiBase::getFinalResultProperties
14525 * ApiBase::addTokenProperties
14526 * ApiBase::getRequireOnlyOneParameterErrorMessages
14527 * ApiBase::getRequireMaxOneParameterErrorMessages
14528 * ApiBase::getRequireAtLeastOneParameterErrorMessages
14529 * ApiBase::getTitleOrPageIdErrorMessage
14530 * ApiBase::getPossibleErrors
14531 * ApiBase::getFinalPossibleErrors
14532 * ApiBase::parseErrors
14533 * ApiQuery::setGeneratorContinue
14534 * ApiQueryBase::checkRowCount
14535 * ApiQueryBase::titleToKey
14536 * ApiQueryBase::keyToTitle
14537 * ApiQueryBase::keyPartToTitle
14538 * ApiQueryInfo::getTokenFunctions
14539 * ApiQueryInfo::resetTokenCache
14540 * ApiQueryInfo::getEditToken
14541 * ApiQueryInfo::getDeleteToken
14542 * ApiQueryInfo::getProtectToken
14543 * ApiQueryInfo::getMoveToken
14544 * ApiQueryInfo::getBlockToken
14545 * ApiQueryInfo::getUnblockToken
14546 * ApiQueryInfo::getEmailToken
14547 * ApiQueryInfo::getImportToken
14548 * ApiQueryInfo::getWatchToken
14549 * ApiQueryInfo::getOptionsToken
14550 * ApiQueryRecentChanges::getTokenFunctions
14551 * ApiQueryRecentChanges::getPatrolToken
14552 * ApiQueryRevisions::getTokenFunctions
14553 * ApiQueryRevisions::getRollbackToken
14554 * ApiQueryUsers::getTokenFunctions
14555 * ApiQueryUsers::getUserrightsToken
14556 * The following classes have been deprecated and may be removed in a future
14564 * The following class constants have been deprecated and may be removed in a
14566 * ApiBase::PROP_ROOT
14567 * ApiBase::PROP_LIST
14568 * ApiBase::PROP_TYPE
14569 * ApiBase::PROP_NULLABLE
14571 === Languages updated in 1.24 ===
14573 MediaWiki supports over 350 languages. Many localisations are updated
14574 regularly. Below only new and removed languages are listed, as well as
14575 changes to languages because of Bugzilla reports.
14577 === Other changes in 1.24 ===
14578 * The deprecated jquery.delayedBind ResourceLoader module was removed.
14579 * The deprecated function mw.util.toggleToc was removed.
14580 * The Special:Search hooks SpecialSearchGo and SpecialSearchResultsAppend
14581 were removed as they were unused.
14582 * (bug 65477) User::pingLimiter() now has an additional profile point varying
14583 by action being used.
14584 * mediawiki.util.$content no longer supports old versions of the Vector,
14585 Monobook, Modern and CologneBlue skins that don't yet implement the "mw-body"
14586 and/or "mw-body-primary" class name in their html.
14587 * Added pp_sortkey column to page_props table, so pages can be efficiently
14588 queried and sorted by property value (bug 58032).
14589 See $wgPagePropsHaveSortkey if you want to postpone the schema change.
14590 * BREAKING CHANGE: All four built-in MediaWiki skins (Vector, MonoBook, Modern
14591 and Cologne Blue) were moved out of MediaWiki core to their own respective
14592 repositories. They will be installed with the release tarball, but you must
14593 install them separately if installing MediaWiki from source code. A warning
14594 message displayed until you do it should guide you through the process. See
14595 also <https://www.mediawiki.org/wiki/Manual:Skin_configuration>.
14596 * BREAKING CHANGE: Skins built for MediaWiki 1.15 and earlier that do not use
14597 the "headelement" template key are no longer supported. Setting
14598 $useHeadElement = false; is no longer supported and will not cause old keys
14599 like "headlinks", "skinnameclass", etc. to be defined.
14600 * BREAKING CHANGE: The files commonElements.css, commonContent.css and
14601 commonInterface.css (in skins/common/) have been removed. Skins may no longer
14602 rely on their presence and include them in their style modules. ResourceLoader
14603 modules introduced in MediaWiki 1.23 should be loaded instead:
14604 - skins/common/commonElements.css → 'mediawiki.skinning.elements' module
14605 - skins/common/commonContent.css → 'mediawiki.skinning.content' module
14606 - skins/common/commonInterface.css → 'mediawiki.skinning.interface' module
14607 * The deprecated 'SpecialVersionExtensionTypes' hook was removed.
14608 * (bug 63891) Add 'X-Robots-Tag: noindex' header in action=render pages.
14609 * SpecialPage no longer supports the syntax for invoking wfSpecial*() functions.
14610 Special pages should subclass SpecialPage and implement the execute() method.
14611 * (bug 63755) The deprecated constants RC_MOVE and RC_MOVE_OVER_REDIRECT were
14613 * Special:MostLinkedTemplates has been renamed to Special:MostTranscludedPages.
14614 * The skin autodiscovery mechanism has been deprecated and will be removed in
14615 MediaWiki 1.25. See https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery
14616 for migration guide for creators and users of custom skins that relied on it.
14617 * ResourceLoaderFileModule#getAllStyleFiles now returns all style files and all
14618 skin style files used by the module.
14619 * Removed getLang() from IContextSource and subclasses. (deprecated since 1.19)
14620 * Removed setLang() from subclasses of IContextSource. (deprecated since 1.19)
14621 * Removed WebRequest::escapeAppendQuery(). (deprecated since 1.20)
14622 * Removed info(), purge(), revert() and rollback() from the Article class; they
14623 have since become subclasses of the Action class. (deprecated since 1.19)
14624 * SearchEngineReplacePrefixesComplete hook was removed.
14625 * The "jquery.json" module has been deprecated. Use the "json" module instead.
14626 * Removed HTMLForm::addJS(). (deprecated since 1.18)
14627 * Removed LogEventsList::showHeader(). (deprecated since 1.19)
14628 * Removed ImageGalleryBase::useSkin(). (deprecated since 1.18)
14629 * Removed DatabaseMysqlBase::getLagFromProcesslist(). (deprecated since 1.19)
14630 * Removed LoadBalancer::closeConnecton(). (deprecated since 1.18)
14631 * Removed ApiBase::createContext(). (deprecated since 1.19)
14632 * BREAKING CHANGE: The undocumented Special{$this->getName()}BeforeFormDisplay
14633 set of hooks has been removed and replaced by a single new hook
14634 SpecialPageBeforeFormDisplay.
14635 * (bug 65781) Removed block warning on included {{Special:Contributions}}
14636 * Removed Skin::makeGlobalVariablesScript(). (deprecated since 1.19)
14637 * Removed MWNamespace::isMain(). (deprecated since 1.19)
14638 * Removed Preferences::loadOldSearchNs(). (deprecated since 1.19)
14639 * Removed OutputPage::getStatusMessage(). (deprecated since 1.18)
14640 * Removed OutputPage::isUserJsAllowed(). (deprecated since 1.18)
14641 * Removed Title::updateTitleProtection(). (deprecated since 1.19)
14642 * Removed ParserOptions::setSkin(). (deprecated since 1.19)
14643 * Removed Title::escapeCanonicalURL(). (deprecated since 1.19)
14644 * Removed Title::escapeLocalURL(). (deprecated since 1.19)
14645 * Removed Title::escapeFullURL(). (deprecated since 1.19)
14646 * Removed User::isValidEmailAddr(). (deprecated since 1.18)
14647 * Removed Title::getEscapedText(). (deprecated since 1.19)
14648 * Removed Language::getFallbackLanguageCode(). (deprecated since 1.19)
14649 * Removed WikiPage::isBigDeletion(). (deprecated since 1.19)
14650 * Removed MWInit class which contained functions related to a now discontinued
14651 PHP compiler called hphpc. (deprecated since 1.22)
14652 * ApiResult::enableSizeCheck() and disableSizeCheck() are now obsolete.
14653 * Removed ResourceLoaderGetStartupModules hook. (deprecated since 1.23)
14654 * Removed getFormFields(), onSubmit() and onSuccess() from FormlessAction, as
14655 these were meant specifically for FormAction instead.
14656 * Removed Action::execute().
14657 * Removed AjaxAddScript which has been obsolete since ResourceLoader and
14658 is unused by any modern extension.
14659 * Removed maintenance/nextJobDB.php; no longer in use.
14660 * Removed global function wfViewPrevNext(). (deprecated since 1.19)
14661 * Removed global function xmlsafe() from Export.php. (moved to OAIRepo
14663 * Removed Title::userCanRead(). (deprecated since 1.19)
14664 * Removed maintenance script importTextFile.php. Use edit.php script instead.
14665 * A _from_namespace field has been added to the templatelinks, pagelinks,
14666 and filelinks tables. Run update.php to apply this change to the schema.
14667 * Removed File::sha1Base36(). (deprecated since 1.19)
14668 * Removed File::getPropsFromPath(). (deprecated since 1.19)
14669 * Removed functions blockedPage(), noCreatePermission(), readOnlyPage() and
14670 userNotLoggedInPage() from EditPage.php. (deprecated since 1.19)
14671 * Removed functions getContent(), getPreloadedText(), mergeChangesInto() and
14672 setPreloadedText() from EditPage.php. (deprecated since 1.21)
14673 * Removed global functions wfArrayLookup(), wfArrayMerge(),
14674 wfDebugDieBacktrace() and wfTime(). (deprecated since 1.22)
14675 * Browser support for Internet Explorer 6 and 7 lowered from Grade A to Grade C,
14676 meaning that JavaScript is no longer executed in these browser versions.
14677 * Browser support for Opera 11 lowered from Grade A to Grade C.
14678 * Removed IEFixes module which existed purely to provide support for MSIE
14679 versions below 7 (conditionally loaded only for those browsers).
14680 * Deprecated SpecialPageFactory::getList() in favor of
14681 SpecialPageFactory::getNames()
14682 * Action::checkCanExecute() no longer has a return value.
14683 * Removed cleanupForIRC(), loadFromCurRow(), newFromCurRow(), notifyRC2UDP()
14684 and sendToUDP() from RecentChange.php. (deprecated since 1.22)
14685 * Removed EnhancedChangesList::arrow(), sideArrow(), downArrow(), spacerArrow().
14686 * Removed Xml::namespaceSelector(). (deprecated since 1.19)
14687 * Removed WikiPage::estimateRevisionCount(). (deprecated since 1.19)
14688 * MYSQL: Enum item added to "major MIME type" columns.
14689 Running update.php on MySQL < v5.1 may result in heavy processing.
14690 * RSS and Atom feeds generated by MediaWiki no longer include a fallback
14691 stylesheet. It was ignored by most browsers these days anyway.
14692 * SpecialSearchNoResults hook has been removed. SpecialSearchResults is now
14693 called unconditionally.
14694 * TablePager::getBody() is now 'final' and can't be overridden in subclasses.
14695 * TablePager::getBody() is deprecated, use getBodyOutput() or getFullOutput().
14696 * Added $outputPage parameter to the SkinTemplateGetLanguageLink hook.
14697 * log_page for move log entries store the original page ID, rather than that
14698 of the new redirect page. This is not retroactive.
14699 * LCStoreAccel was removed. $wgLocalisationCacheConf can no longer be set to
14700 use this store class.
14701 * Html::infoBox() no longer accepts paths relative to skins/common/images/.
14702 * Deprecated defunct Skin::getCommonStylePath().
14703 * Some extensions had their ResourceLoader modules depend on the "mediawiki"
14704 and "jquery" modules. In the past, this behavior was undefined, now it will
14706 * Removed BagOStuff::replace(). (deprecated since 1.23)
14707 * In Linker.php, link(), linkText() and makeBrokenImageLinkObj() now display
14708 warnings if their first parameter is not a Title object. Also makeImageLink()
14709 now requires a Parser as its first parameter.
14710 * (bug 67368) LESS functions embed() and embeddable(), added in MediaWiki 1.23
14711 and broken by design, have been removed. Use appropriate LESS mixins instead.
14712 * Removed cssjanus.py from maintenance directory as it was unused.
14713 * Removed maintenance/purgeOldText.inc and the PurgeRedundantText() function
14714 it contained (superseded by Maintenance::purgeRedundantText() in 1.16).
14715 The purgeOldText.php maintenance script has been retained.
14716 * PHPUnit tests can be found by directory discovery, by adding the directory
14717 path from your UnitTestsList callback. Older versions of MediaWiki core will
14718 barf at this usage.
14720 ==== Renamed classes ====
14721 * CLDRPluralRuleConverter_Expression to CLDRPluralRuleConverterExpression
14722 * CLDRPluralRuleConverter_Fragment to CLDRPluralRuleConverterFragment
14723 * CLDRPluralRuleConverter_Operator to CLDRPluralRuleConverterOperator
14724 * CLDRPluralRuleEvaluator_Range to CLDRPluralRuleEvaluatorRange
14725 * CSSJanus_Tokenizer to CSSJanusTokenizer
14726 * MediaWiki_I18N to MediaWikiI18N
14727 * Parser_DiffTest to ParserDiffTest
14728 * RevDel_ArchiveItem to RevDelArchiveItem
14729 * RevDel_ArchiveList to RevDelArchiveList
14730 * RevDel_ArchivedFileItem to RevDelArchivedFileItem
14731 * RevDel_ArchivedFileList to RevDelArchivedFileList
14732 * RevDel_ArchivedRevisionItem to RevDelArchivedRevisionItem
14733 * RevDel_FileItem to RevDelFileItem
14734 * RevDel_FileList to RevDelFileList
14735 * RevDel_Item to RevDelItem
14736 * RevDel_List to RevDelList
14737 * RevDel_LogItem to RevDelLogItem
14738 * RevDel_LogList to RevDelLogList
14739 * RevDel_RevisionItem to RevDelRevisionItem
14740 * RevDel_RevisionList to RevDelRevisionList
14741 * WebInstaller_Complete to WebInstallerComplete
14742 * WebInstaller_Copying to WebInstallerCopying
14743 * WebInstaller_DBConnect to WebInstallerDBConnect
14744 * WebInstaller_DBSettings to WebInstallerDBSettings
14745 * WebInstaller_Document to WebInstallerDocument
14746 * WebInstaller_ExistingWiki to WebInstallerExistingWiki
14747 * WebInstaller_Install to WebInstallerInstall
14748 * WebInstaller_Language to WebInstallerLanguage
14749 * WebInstaller_Name to WebInstallerName
14750 * WebInstaller_Options to WebInstallerOptions
14751 * WebInstaller_Readme to WebInstallerReadme
14752 * WebInstaller_ReleaseNotes to WebInstallerReleaseNotes
14753 * WebInstaller_Restart to WebInstallerRestart
14754 * WebInstaller_Upgrade to WebInstallerUpgrade
14755 * WebInstaller_UpgradeDoc to WebInstallerUpgradeDoc
14756 * WebInstaller_Welcome to WebInstallerWelcome
14758 ==== Removed classes ====
14759 * IPBlockForm - Use SpecialBlock directly
14760 * WatchlistEditor - Use SpecialEditWatchlist directly
14761 * FormatExif - Use FormatMetadata directly
14762 * RevertFileAction - Use RevertAction directly
14763 * HistoryPage - Use HistoryAction directly
14764 * RawPage - Use RawAction directly
14765 * StubContLang - Use Language::factory() instead
14766 * XMLReader2 - Use XMLReader directly
14767 * ResourceLoaderLESSFunctions - No longer in use, not intended for public usage
14769 ==== Removed files ====
14770 The skins/common/ directory, previously containing some assets intended to be
14771 used by skins and a number of legacy styles and scripts, has been removed. Its
14772 contents have been deleted or relocated into the resources/ directory. Full list
14773 of files that are no longer available follows.
14775 * skins/common/ajax.js
14776 * skins/common/commonContent.css
14777 * skins/common/commonElements.css
14778 * skins/common/commonInterface.css
14779 * skins/common/commonPrint.css
14780 * skins/common/config-cc.css
14781 * skins/common/config.css
14782 * skins/common/config.js
14783 * skins/common/feed.css
14784 * skins/common/IEFixes.js
14785 * skins/common/oldshared.css
14786 * skins/common/protect.js
14787 * skins/common/shared.css
14788 * skins/common/upload.js
14789 * skins/common/wikibits.js
14790 * skins/common/images/add.png
14791 * skins/common/images/ajax-loader.gif
14792 * skins/common/images/arrow_disabled_first_25.png
14793 * skins/common/images/arrow_disabled_last_25.png
14794 * skins/common/images/arrow_disabled_left_25.png
14795 * skins/common/images/arrow_disabled_right_25.png
14796 * skins/common/images/arrow_first_25.png
14797 * skins/common/images/arrow_last_25.png
14798 * skins/common/images/arrow_left_25.png
14799 * skins/common/images/arrow_right_25.png
14800 * skins/common/images/Arr_.png
14801 * skins/common/images/Arr_d.png
14802 * skins/common/images/Arr_l.png
14803 * skins/common/images/Arr_r.png
14804 * skins/common/images/Arr_u.png
14805 * skins/common/images/bullet.gif
14806 * skins/common/images/button_bold.png
14807 * skins/common/images/button_extlink.png
14808 * skins/common/images/button_headline.png
14809 * skins/common/images/button_hr.png
14810 * skins/common/images/button_image.png
14811 * skins/common/images/button_italic.png
14812 * skins/common/images/button_link.png
14813 * skins/common/images/button_media.png
14814 * skins/common/images/button_nowiki.png
14815 * skins/common/images/button_sig.png
14816 * skins/common/images/button_template.png
14817 * skins/common/images/cc-0.png
14818 * skins/common/images/cc-by-nc-sa.png
14819 * skins/common/images/cc-by-sa.png
14820 * skins/common/images/cc-by.png
14821 * skins/common/images/Checker-16x16.png
14822 * skins/common/images/closewindow.png
14823 * skins/common/images/closewindow19x19.png
14824 * skins/common/images/critical-32.png
14825 * skins/common/images/diffunderline.gif
14826 * skins/common/images/download-32.png
14827 * skins/common/images/feed-icon.png
14828 * skins/common/images/feed-icon.svg
14829 * skins/common/images/gnu-fdl.png
14830 * skins/common/images/help-question-hover.gif
14831 * skins/common/images/help-question.gif
14832 * skins/common/images/info-32.png
14833 * skins/common/images/link_icon.gif
14834 * skins/common/images/magnify-clip-rtl.png
14835 * skins/common/images/magnify-clip.png
14836 * skins/common/images/mediawiki.png
14837 * skins/common/images/nextredirectltr.png
14838 * skins/common/images/nextredirectrtl.png
14839 * skins/common/images/poweredby_mediawiki_88x31.png
14840 * skins/common/images/public-domain.png
14841 * skins/common/images/question-small.png
14842 * skins/common/images/question.svg
14843 * skins/common/images/redirectltr.png
14844 * skins/common/images/redirectrtl.png
14845 * skins/common/images/remove.png
14846 * skins/common/images/spinner.gif
14847 * skins/common/images/tick-32.png
14848 * skins/common/images/tipsy-arrow.gif
14849 * skins/common/images/tooltip_icon.png
14850 * skins/common/images/warning-32.png
14851 * skins/common/images/wiki.png
14852 * skins/common/images/Zoom_sans.gif
14853 * skins/common/images/ar/button_bold.png
14854 * skins/common/images/ar/button_headline.png
14855 * skins/common/images/ar/button_italic.png
14856 * skins/common/images/ar/button_link.png
14857 * skins/common/images/ar/button_nowiki.png
14858 * skins/common/images/be-tarask/button_bold.png
14859 * skins/common/images/be-tarask/button_italic.png
14860 * skins/common/images/be-tarask/button_link.png
14861 * skins/common/images/cyrl/button_bold.png
14862 * skins/common/images/cyrl/button_italic.png
14863 * skins/common/images/cyrl/button_link.png
14864 * skins/common/images/de/button_bold.png
14865 * skins/common/images/de/button_italic.png
14866 * skins/common/images/fa/button_bold.png
14867 * skins/common/images/fa/button_headline.png
14868 * skins/common/images/fa/button_italic.png
14869 * skins/common/images/fa/button_link.png
14870 * skins/common/images/fa/button_nowiki.png
14871 * skins/common/images/icons/fileicon-c.png
14872 * skins/common/images/icons/fileicon-cpp.png
14873 * skins/common/images/icons/fileicon-deb.png
14874 * skins/common/images/icons/fileicon-djvu.png
14875 * skins/common/images/icons/fileicon-djvu.xcf
14876 * skins/common/images/icons/fileicon-dvi.png
14877 * skins/common/images/icons/fileicon-exe.png
14878 * skins/common/images/icons/fileicon-h.png
14879 * skins/common/images/icons/fileicon-html.png
14880 * skins/common/images/icons/fileicon-iso.png
14881 * skins/common/images/icons/fileicon-java.png
14882 * skins/common/images/icons/fileicon-mid.png
14883 * skins/common/images/icons/fileicon-mov.png
14884 * skins/common/images/icons/fileicon-o.png
14885 * skins/common/images/icons/fileicon-ogg.png
14886 * skins/common/images/icons/fileicon-ogg.xcf
14887 * skins/common/images/icons/fileicon-pdf.png
14888 * skins/common/images/icons/fileicon-ps.png
14889 * skins/common/images/icons/fileicon-psd.png
14890 * skins/common/images/icons/fileicon-rm.png
14891 * skins/common/images/icons/fileicon-rpm.png
14892 * skins/common/images/icons/fileicon-svg.png
14893 * skins/common/images/icons/fileicon-tar.png
14894 * skins/common/images/icons/fileicon-tex.png
14895 * skins/common/images/icons/fileicon-ttf.png
14896 * skins/common/images/icons/fileicon-txt.png
14897 * skins/common/images/icons/fileicon.png
14898 * skins/common/images/ksh/button_S_italic.png
14902 == MediaWiki 1.23.17 ==
14904 === Changes since 1.23.16 === <!--T:69-->
14905 * Fix syntax errors introduced in 1.23.16 when running PHP 5.3.
14907 == MediaWiki 1.23.16 ==
14908 This is a security and maintenance release of the MediaWiki 1.23 branch.
14910 === Changes since 1.23.15 ===
14911 * (T68404) CSS3 attr() function with url type is no longer allowed
14913 * (T156184) $wgRawHtml will no longer apply to internationalization messages.
14914 * Submitting the lgtoken and lgpassword parameters in the query string to
14915 action=login is now deprecated and outputs a warning. They should be submitted
14916 in the POST body instead.
14917 * (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow
14918 redirect to interwiki links.
14919 * (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
14920 $wgAdvancedSearchHighlighting is true.
14921 * (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
14922 their values out of the logs.
14923 * (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a
14925 * (T156184) SECURITY: Escape content model/format url parameter in message.
14926 * (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
14928 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
14929 inclusion syntax's link parameter.
14930 * (T108138) SECURITY: Sysops can undelete pages, although the page is protected
14933 == MediaWiki 1.23.15 ==
14935 This is a maintenance release of the MediaWiki 1.23 branch.
14937 === Changes since 1.23.14 ===
14938 * BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests
14939 made by MediaWiki via a proxy. Relying on the http_proxy environment
14940 variable is no longer supported.
14941 * (T139565) SECURITY: API: Generate head items in the context of the given title
14942 * (T137264) SECURITY: XSS in unclosed internal links
14943 * (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks
14944 * (T133147) SECURITY: Require login to preview user CSS pages
14945 * (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is
14947 * (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
14949 * (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true
14950 * (T115333) SECURITY: Check read permission when loading page content in
14952 * Remove support for $wgWellFormedXml = false, all output is now well formed
14954 == MediaWiki 1.23.13 ==
14956 This is a maintenance release of the MediaWiki 1.23 branch.
14958 === Changes since 1.23.12 ===
14959 * (T121892) Fix fatal errors on some Special pages, introduced in 1.23.12.
14961 == MediaWiki 1.23.12 ==
14963 This is a security and maintenance release of the MediaWiki 1.23 branch.
14965 === Changes since 1.23.11 ===
14966 * (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths
14967 that do not begin with a slash. This enabled trivial XSS attacks.
14968 Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are
14969 "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an
14971 * (T119309) SECURITY: Use hash_compare() for edit token comparison
14972 * (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting
14973 with '@' as file uploads
14974 * (T115522) SECURITY: Passwords generated by User::randomPassword() can no
14975 longer be shorter than $wgMinimalPasswordLength
14976 * (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could
14977 result in improper blocks being issued
14978 * (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions
14979 and related pages no longer use HTTP redirects and are now redirected by
14982 == MediaWiki 1.23.11 ==
14984 This is a security and maintenance release of the MediaWiki 1.23 branch.
14986 === Changes since 1.23.10 ===
14988 * (T91850) SECURITY: Add throttle check in ApiUpload and SpecialUpload
14989 * (T91203, T91205) SECURITY: API: Improve validation in chunked uploading
14990 * (T108616) SECURITY: Avoid exposure of local path in PNG thumbnails
14992 == MediaWiki 1.23.10 ==
14994 This is a security and maintenance release of the MediaWiki 1.23 branch.
14996 === Changes since 1.23.9 ===
14998 * (T94116) SECURITY: Compare API watchlist token in constant time
14999 * (T97391) SECURITY: Escape error message strings in thumb.php
15000 * (T106893) SECURITY: Don't leak autoblocked IP addresses on
15001 Special:DeletedContributions
15002 * (bug 67644) Make AutoLoaderTest handle namespaces
15003 * (T91653) Minimal PSR-3 debug logger to support backports from 1.25+.
15004 * (T102562) Fix InstantCommons parameters to handle the new HTTPS-only
15005 policy of Wikimedia Commons.
15007 == MediaWiki 1.23.9 ==
15009 This is a security and maintenance release of the MediaWiki 1.23 branch.
15011 === Changes since 1.23.8 ===
15013 * (T85848, T71210) SECURITY: Don't parse XMP blocks that contain XML entities,
15014 to prevent various DoS attacks.
15015 * (T85848) SECURITY: Don't allow directly calling Xml::isWellFormed, to reduce
15017 * (T88310) SECURITY: Always expand xml entities when checking SVG's.
15018 * (T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS.
15019 * (T85855) SECURITY: Don't execute another user's CSS or JS on preview.
15020 * (T85349, T85850, T86711) SECURITY: Multiple issues fixed in SVG filtering to
15021 prevent XSS and protect viewer's privacy.
15022 * (bug T68650) Fix indexing of moved pages with PostgreSQL. Requires running
15024 * (bug T70087) Fix Special:ActiveUsers page for installations using
15027 == MediaWiki 1.23.8 ==
15029 This is a security and maintenance release of the MediaWiki 1.23 branch.
15031 === Changes since 1.23.7 ===
15033 * (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which
15034 could lead to xss. Permission to edit MediaWiki namespace is required to
15036 * (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in
15037 $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as
15039 * (bug T74222) The original patch for T74222 was reverted as unnecessary.
15041 == MediaWiki 1.23.7 ==
15043 This is a security and maintenance release of the MediaWiki 1.23 branch.
15045 === Changes since 1.23.6 ===
15047 * (bugs 66776, 71478) SECURITY: User PleaseStand reported a way to inject code
15048 into API clients that used format=php to process pages that underwent flash
15049 policy mangling. This was fixed along with improving how the mangling was done
15050 for format=json, and allowing sites to disable the mangling using
15051 $wgMangleFlashPolicy.
15052 * (bug 70901) SECURITY: User Jackmcbarn reported that the ability to update
15053 the content model for a page could allow an unprivileged attacker to edit
15054 another user's common.js under certain circumstances. The user right
15055 "editcontentmodel" was added, and is needed to change a revision's content
15057 * (bug 71111) SECURITY: User PleaseStand reported that on wikis that allow raw
15058 HTML, it is not safe to preview wikitext coming from an untrusted source such
15059 as a cross-site request. Thus add an edit token to the form, and when raw HTML
15060 is allowed, ensure the token is provided before showing the preview. This
15061 check is not performed on wikis that both allow raw HTML and anonymous
15062 editing, since there are easier ways to exploit that scenario.
15063 * (bug 72222) SECURITY: Do not show log action when the entry is revdeleted with
15064 DELETED_ACTION. NOTICE: this may be reverted in a future release pending a
15065 public RFC about the desired functionality. This issue was reported by user
15067 * (bug 71621) Make allowing site-wide styles on restricted special pages a
15069 * (bug 42723) Added updated version history from 1.19.2 to 1.22.13
15070 * $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that
15071 might be a flash policy directive configurable.
15073 == MediaWiki 1.23.6 ==
15075 This is a maintenance release of the MediaWiki 1.23 branch.
15077 === Changes since 1.23.5 ===
15078 * (Bug 72274) Job queue not running (HTTP 411) due to missing
15079 Content-Length: header
15080 * (Bug 67440) Allow classes to be registered properly from installer
15082 == MediaWiki 1.23.5 ==
15084 This is a security release of the MediaWiki 1.23 branch.
15086 === Changes since 1.23.4 ===
15087 * (bug 70672) SECURITY: OutputPage: Remove separation of css and js module
15090 == MediaWiki 1.23.4 ==
15092 This is a security and maintenance release of the MediaWiki 1.23 branch.
15094 === Changes since 1.23.3 ===
15096 * (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style>
15097 elements; normalize style elements and attributes before filtering; add
15098 checks for attributes that contain css; add unit tests for html5sec and
15100 * (bug 65998) Make MySQLi work with non-standard socket.
15101 * (bug 66986) GlobalVarConfig shouldn't throw exceptions for null-valued config
15104 == MediaWiki 1.23.3 ==
15106 This is a maintenance release of the MediaWiki 1.23 branch.
15108 === Changes since 1.23.2 ===
15110 * (bug 68501) Correctly handle incorrect namespace in cleanupTitles.php.
15111 * (bug 64970) Fix support for blobs on DatabaseOracle::update.
15112 * (bug 66574) Display MediaWiki:Loginprompt on the login page.
15113 * (bug 67870) wfShellExec() cuts off stdout at multiples of 8192 bytes.
15114 * (bug 60629) Handle invalid language code gracefully in
15115 Language::fetchLanguageNames.
15116 * (bug 62017) Restore the number of rows shown on Special:Watchlist.
15117 * Check for boolean false result from database query in SqlBagOStuff.
15119 == MediaWiki 1.23.2 ==
15121 This is a security and maintenance release of the MediaWiki 1.23 branch.
15123 === Changes since 1.23.1 ===
15125 * (bug 68187) SECURITY: Prepend jsonp callback with comment.
15126 * (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used
15127 for loading a new page in Javascript,instead of relying on the URL in the link
15128 that has been clicked.
15129 * (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and
15131 * (bug 68313) Preferences: Turn stubthreshold back into a combo box.
15132 * (bug 65214) Fix initSiteStats.php maintenance script.
15133 * (bug 67594) Special:ActiveUsers: Fix to work with PostgreSQL.
15135 == MediaWiki 1.23.1 ==
15137 This is a security and maintenance release of the MediaWiki 1.23 branch.
15139 === Changes since 1.23.0 ===
15141 * (bug 65839) SECURITY: Prevent external resources in SVG files.
15142 * (bug 67025) Special:Watchlist: Don't try to render empty row.
15143 * (bug 66922) Don't allow some E_NOTICE messages to end up in the
15145 * (bug 66467) FileBackend: Avoid using popen() when "parallelize" is disabled.
15146 * (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects
15147 like only extracting the tail of the file partially or not at all.
15148 * (bug 66182) Removed -x flag on some php files.
15150 == MediaWiki 1.23.0 ==
15152 === Configuration changes in 1.23 ===
15153 * (bug 13250) Restored method for clearing a watchlist in web UI
15154 so that users with large watchlists don't have to perform
15155 contortions to clear them.
15156 * When $wgJobRunRate is higher than zero, jobs are now executed via an
15157 asynchronous HTTP request to a MediaWiki entry point. This may require
15158 increasing the number of server worker threads. $wgRunJobsAsync has been
15159 added to disable this feature if needed, falling back to executing the job
15160 on the same process but making the execution synchronously.
15161 * $wgDebugLogGroups values may be set to an associative array with a
15162 'destination' key specifying the log destination. The array may also contain
15163 a 'sample' key with a positive integer value N indicating that the log group
15164 should be sampled by dispatching one in every N messages on average. The
15165 sampling is random.
15166 * In addition to the current exception log format, MediaWiki now serializes
15167 exception metadata to JSON and logs it to the 'exception-json' log group.
15168 This makes MediaWiki easier to integrate with log aggregation and analysis
15170 * $wgSquidServersNoPurge now supports the use of Classless Inter-Domain
15171 Routing (CIDR) notation to specify contiguous blocks of IPv4 and/or IPv6
15172 addresses that should be trusted to provide X-Forwarded-For headers.
15173 * Preferences 'watchcreations', 'watchdefault', 'enotifwatchlistpages' ("Add
15174 pages I create and files I upload to my watchlist", "Add pages and files I
15175 edit to my watchlist", "Email me when a page or file on my watchlist is
15176 changed") are now enabled by default. In addition new user accounts' personal
15177 and talk pages are now watched by them by default.
15178 * $wgLBFactoryConf: Class names have had underscores removed. The configuration
15179 should be updated if LBFactory_Simple or LBFactory_Multi is configured.
15180 * $wgPasswordSenderName has been removed and is no longer functional. To set a
15181 custom mailer name, the system message 'emailsender' should be modified
15182 (default: "{{SITENAME}}").
15183 * (bug 63269) Email notifications were not correctly handling the
15184 [[MediaWiki:Helppage]] message being set to a full URL (the default).
15185 If you customized [[MediaWiki:Enotif body]] (the text of email notifications),
15186 you'll need to edit it locally to include the URL via the new variable
15187 $HELPPAGE instead of the parser functions fullurl and canonicalurl; otherwise
15188 you don't have to do anything.
15189 * $wgDBAhandler was removed as the only class using it was also removed
15190 * The 'max threads' setting was removed from $wgDBservers.
15191 * Support for AdminSettings.php has been completely removed. All configuration
15192 belongs in LocalSettings.php.
15193 * $wgSkipSkin, which has been replaceable by $wgSkipSkins since 2005 (r9249), is
15194 now formally deprecated.
15195 * Removed deprecated $wgDisabledActions as it is hardly used anywhere.
15196 * $wgRateLimitLog has been deprecated and replaced by
15197 $wgDebugLogGroup['ratelimit'].
15198 * $wgLocalInterwikis is an array containing multiple local interwiki prefixes
15199 (interwiki prefixes that point back to the current wiki). This effectively
15200 allows more than one value of $wgLocalInterwiki to be specified and
15201 understood by the parser. The value of $wgLocalInterwiki is automatically
15202 prepended to the start of this array.
15203 * $wgQueryPages has been removed. Query Pages should be added to by using the
15205 * $wgHttpOnlyBlacklist has been removed.
15206 * $wgLicenseTerms has been removed as it was unused.
15207 * $wgProfileOnly is now deprecated; set the log file in
15208 $wgDebugLogGroups['profileoutput'] to replace it.
15209 * $wgMaxBacklinksInvalidate was removed; use $wgJobBackoffThrottling instead
15210 * Deprecated ResourceLoaderGetStartupModules hook.
15212 === New features in 1.23 ===
15213 * ResourceLoader can utilize the Web Storage API to cache modules client-side.
15214 Compared to the browser cache, caching in Web Storage allows ResourceLoader
15215 to be more granular about evicting stale modules from the cache while
15216 retaining the ability to retrieve multiple modules in a single HTTP request.
15217 This capability can be enabled by setting $wgResourceLoaderStorageEnabled to
15218 true. This feature is currently considered experimental and should only be
15220 * (bug 6092) Add expensive parser functions {{REVISIONID:}}, {{REVISIONUSER:}}
15221 and {{REVISIONTIMESTAMP:}} (with friends).
15222 * Add "wgRelevantUserName" to mw.config containing the current
15223 Skin::getRelevantUser value.
15224 * (bug 56033) Add content model to the page information.
15225 * Added Article::MissingArticleConditions hook to give extensions a chance to
15226 hide their (unrelated) log entries.
15227 * Added LonelyPagesQuery hook to let extensions modify the query used to
15228 generate Special:LonelyPages.
15229 * Added $wgOpenSearchDefaultLimit defining the default number of entries to show
15230 on action=opensearch API call.
15231 * For namespaces with $wgNamespaceProtection (including the MediaWiki
15232 namespace), the "protect" tab will be shown only if there are restriction
15233 levels available that would restrict editing beyond what
15234 $wgNamespaceProtection already applies. The protection form will offer only
15235 those protection levels.
15236 * Added $wgAPIFormatModules, allowing extensions to add additional output
15237 formatting modules for the API.
15238 * (bug 47812) The MediaWiki:Group-user.{css,js} pages can now be used to add
15239 custom CSS or JavaScript enabled only for registered users.
15240 * (bug 52005) Special pages RecentChanges, RecentChangesLinked and Watchlist
15241 now include a legend describing the symbols used in lists of changes.
15242 * Improved the accessibility of the tabs in Special:Preferences.
15243 * Added ApiBeforeMain hook, roughly equivalent to the BeforeInitialize hook:
15244 it's called after everything is set up but before any major processing
15246 * The jquery.client module now performs a component-wise version comparison in
15247 its #test method when strings are used in the browser map: version '1.10' is
15248 now correctly considered larger than '1.2'. Using numbers in the version map
15250 * All API modules now support an assert parameter, which can either be
15251 'user' or 'bot'. The API will throw an error if the user is not logged
15252 in (user) or does not have the 'bot' userright (bot). Based off of the
15253 AssertEdit extension by Steve Sanbeg.
15254 * [[Special:Diff]] was added, allowing users to create internal links to
15255 revision comparison pages using syntax such as [[Special:Diff/12345]],
15256 [[Special:Diff/12345/prev]] or [[Special:Diff/12345/98765]].
15257 * New user accounts' personal and talk pages are now watched by them by default.
15258 * Added SkinTemplateGetLanguageLink hook to allow changing the html of language
15260 * Added MessageCache::get hook as a new way to customize messages across
15262 * Added jquery.throttle-debounce ResourceLoader module to limit the number of
15263 callbacks for frequently occurring events.
15264 * Special:ProtectedPages shows now a table. The timestamp, the reason and
15265 the protecting user are also shown.
15266 * Added experimental support for using Microsoft SQL Server as the database
15268 ** Added new Microsoft SQL Server-specific configuration variable
15269 $wgDBWindowsAuthentication, which makes the web server authenticate against
15270 the database server using Integrated Windows Authentication instead of
15271 $wgDBuser/$wgDBpassword.
15272 * HTMLForm 'select', 'selectandother', 'selectorother', 'multiselect', and
15273 'radio' fields can now use message keys as labels via the 'options-messages'
15274 parameter, which overrides the 'options' parameter.
15275 * Admins can expire users passwords manually, or on a schedule using the
15276 $wgPasswordExpirationDays configuration setting.
15277 * Add new hook SendWatchlistEmailNotification, this will be used to determine
15278 whether to send a watchlist email notification.
15279 * (bug 42026) Special:Contributions now includes an option to filter page
15280 creations, similar to the topOnly option.
15281 * Add mediawiki.ui.button styling to all pages so wiki content can use styled
15283 * Special:UserLogin/signup now does AJAX checks for invalid and taken usernames,
15284 displaying the error live.
15285 * Added BaseTemplateAfterPortlet hook to allow injecting html after portlets in
15287 * Support has been added for a JSON based localisation file format. The
15288 installer has been updated to use it.
15289 * Changes to content typography (colors, line-height etc.). See
15290 https://www.mediawiki.org/wiki/Typography_refresh for further information.
15291 * The Vector skin's visual treatment of external links has been simplified to a
15292 single icon (from nine). This should not affect local rules unless they were
15293 re-using these icons, which have now been deleted.
15294 * ResourceLoader: mw.loader.using() now implements a Promise interface.
15295 * Add new hook ChangesListInitRows accessed via
15296 ChangesList::initChangesListRows.
15297 If called by the ChangesList consumer this gives extensions a chance to batch
15298 process the result set prior to rendering.
15299 * A PoolCounterRedis class was added which can be make use of in
15300 $wgPoolCounterConf. This requires at least one Redis 2.6+ server.
15301 * $wgProfileToDatabase was removed. Set $wgProfiler to ProfilerSimpleDB
15302 in StartProfiler.php instead of using this.
15303 * (bug 63444) Made it possible to change the indent string (default: 4 spaces)
15304 used by FormatJson::encode().
15306 === Bug fixes in 1.23 ===
15307 * (bug 41759) The "updated since last visit" markers (on history pages, recent
15308 changes and watchlist) and the talk page message indicator are now correctly
15309 updated when the user is viewing old revisions of pages, instead of always
15310 acting as if the latest revision was being viewed.
15311 * (bug 56443) Special:ConfirmEmail no longer shows a "Mail a confirmation code"
15312 when the email address is already confirmed. Also, consistently use
15313 "confirmed", rather than "authenticated", when messaging whether or not the
15314 user has confirmed an email address.
15315 * (bug 19415) action=render no longer shows section edit links. This affects
15316 behavior of several other features where (bogus) section edit links will
15317 disappear, such as file description pages loaded via $wgUseInstantCommons or
15318 pages transcluded cross-wiki via $wgEnableScaryTranscluding.
15319 * (bug 56912) Show correct link color on cached result of Special:DeadendPages.
15320 * Classes TitleListDependency and TitleDependency have been removed, as they
15321 have been found unused in core and extensions for a long time.
15322 * (bug 57098) SpecialPasswordReset now obeys returnto parameter
15323 * (bug 37812) ResourceLoader will notice when a module's definition changes and
15324 recompile it accordingly.
15325 * (bug 57201) SpecialRecentChangesFilters hook is now executed for feeds.
15326 * (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages
15327 to appear blank or with missing text.
15328 * (bug 56931) Updated the plural rules to CLDR 24. They are in new format
15329 which is detailed in UTS 35 Rev 33. The PHP parser and evaluator as well as
15330 the JavaScript evaluator were updated to support the new format. Plural rules
15331 for some languages have changed, most notably Russian. Affected software
15332 messages have been updated and marked for review at translatewiki.net.
15333 * (bug 23542) imagelinks now stores both the redirect and target (as
15334 templatelinks does).
15335 * (bug 58167) The web installer no longer throws an exception when PHP is
15336 compiled without support for MySQL yet with support for another DBMS.
15337 * (bug 56199) Raw option of parser functions must now match complete word,
15339 * (bug 60543) Special:PrefixIndex forgot stripprefix=1 for "Next page" link
15340 * (bug 29762) Undoing an already-undone edit will now display an appropriate
15341 message instead of leading the user to make a null edit.
15342 * (bug 52659) mediawiki.notification: Notification area remained visible when
15343 empty and thus was stealing pointer events from links on the page.
15344 * (bug 26811) When a DBUnexpectedError occurs, DB server hostnames are now
15345 hidden unless $wgShowExceptionDetails is true, and $wgShowDBErrorBacktrace
15346 no longer applies in such cases.
15347 * (bug 60960) Avoid doing file_exist() checks on data: URIs, as they cause
15348 warnings to be printed on Windows due to large path length.
15349 * (bug 48084) Fixed a bug in the installer that could cause $wgLogo to hold
15350 the wrong path to the placeholder logo (skins/common/images/wiki.png).
15351 * (bug 64289) jquery.textSelection: Don't throw errors on empty collections.
15353 === Web API changes in 1.23 ===
15354 * (bug 54884) action=parse&prop=categories now indicates hidden and missing
15356 * action=query&meta=filerepoinfo now returns additional information for each
15358 * action=parse&prop=languageshtml was deprecated in 1.18 and will be removed in
15360 * action=parse now has disabletoc flag to disable table of contents in output.
15361 * (bug 25702) list=allcategories, list=allimages, list=alllinks, list=allpages,
15362 list=deletedrevs and list=filearchive did not handle case-sensitivity
15363 properly for all parameters.
15364 * ApiQueryBase::titlePartToKey allows an extra parameter that indicates the
15365 namespace in order to properly capitalize the title part.
15366 * (bug 57874) action=feedcontributions no longer has one item more than limit.
15367 * All API modules now support an assert parameter. See the new features section
15369 * Added prop=contributors to fetch the list of contributors to the page.
15370 * The following API modules will now return entries where fields have been
15371 revision-deleted: list=deletedrevs, list=filearchive, list=recentchanges,
15372 list=watchlist. "hidden" indicators will be included, in the same style as is
15373 already done for prop=revisions.
15374 * The following API modules will now return the content of revision-deleted
15375 fields, in addition to the "hidden" indicators, if the querying user has the
15376 necessary rights: list=logevents, list=usercontribs, prop=imageinfo,
15378 * The above modules, where applicable, will now return entries filtered by
15379 revision-deleted fields if the querying user has the necessary rights. For
15380 example, prop=revisions with rvuser or rvexcludeuser will no longer skip
15381 revisions where the user was revision-deleted if the current user has the
15382 deletedhistory right.
15383 * The 'hideuser' right, used when blocking, is no longer necessary or
15384 sufficient for seeing contributions with revision-deleted in
15386 * list=watchlist now uses the querying user's rights rather than the wlowner's
15387 rights when checking whether wlprop=patrol is allowed.
15388 * (bug 32151) ApiWatch now has pageset capabilities (titles/pageids/generators).
15389 Title parameter is now deprecated.
15390 * (bug 23005) Added action=revisiondelete.
15391 * Added siprop=restrictions to API action=query&meta=siteinfo for querying
15392 possible page restriction (protection) levels and types.
15393 * Added prop 'limitreportdata' and 'limitreporthtml' to action=parse.
15394 * (bug 58627) Provide language names on action=parse&prop=langlinks.
15395 * Deprecated llurl= in favour of llprop=url for action=query&prop=langlinks.
15396 * Added llprop=langname and llprop=autonym for action=query&prop=langlinks.
15397 * prop=redirects is added, to return redirects to the pages in the query.
15398 * list=allredirects is added, to list all redirects pointing to a namespace.
15399 * (bug 42026) Added ucshow={new,!new,top,!top} to list=usercontribs.
15400 Also added newonly to action=feedcontributions.
15401 * (bug 42026) Deprecated uctoponly in favor of ucshow=top.
15402 * list=search no longer has a "srredirects" parameter. Redirects are now
15403 included in all searches.
15404 * Added list=prefixsearch that works like action=opensearch but can be used as
15406 * (bug 24782) Various modules will now use unique continuation parameters.
15407 * (bug 63249) Cache RecentChanges Atom feed in varnish for 15 seconds.
15409 === Languages updated in 1.23 ===
15411 MediaWiki supports over 350 languages. Many localisations are updated
15412 regularly. Below only new and removed languages are listed, as well as
15413 changes to languages because of Bugzilla reports.
15415 * Support was added for Algerian Spoken Arabic (arq).
15416 * Support was added for Riograndenser Hunsrückisch (hrx).
15417 * Support was added for Northern Luri (lrc).
15419 === Other changes in 1.23 ===
15420 * The rc_type field in the recentchanges table has been superseded by a new
15421 rc_source field. The rc_source field is a string representation of the
15422 change type where rc_type was a numeric constant. This field is not yet
15423 queried but will be in a future release.
15424 ** Utilize update.php to create and populate this new field. On larger wikis
15425 which do not wish to update recentchanges table in one large update please
15426 review the SQL and comments in maintenance/archives/patch-rc_source.sql.
15427 ** The rc_type field of recentchanges will be deprecated in a future release.
15428 * The global variable $wgArticle has been removed after a lengthy deprecation.
15429 * The global functions addButton and insertTags (for mw.toolbar.addButton and
15430 mw.toolbar.insertTags) now emits mw.log.warn when accessed.
15431 * The ExpandTemplates extension has been moved into MediaWiki core.
15432 * (bug 52812) Removed "Disable search suggestions" from Preference.
15433 * (bug 52809) Removed "Disable browser page caching" from Preference.
15434 * Three new modules intended for use by custom skins were added:
15435 'mediawiki.skinning.elements', 'mediawiki.skinning.content', and
15436 'mediawiki.skinning.interface', representing three levels of standard
15437 MediaWiki styling. Previously skin creators wishing to use them had to refer
15438 to the file names of appropriate files directly, which is now discouraged.
15439 * The modules 'skins.vector' and 'skins.monobook' have been renamed to
15440 'skins.vector.styles' and 'skins.monobook.styles', respectively,
15441 and their definition was changed not to include the common*.css files;
15442 the two skins now load the 'mediawiki.skinning.interface' module instead.
15443 * A page_links_updated field has been added to the page table.
15444 * SpecialPage::getTitle has been deprecated in favor of
15445 SpecialPage::getPageTitle.
15446 * BREAKING CHANGE: Two potentially backwards-incompatible changes have been made
15447 to the 'SpecialWatchlistQuery' hook's last parameter (array $values) to make
15448 the hook more consistent with the 'SpecialRecentChangesQuery' one:
15449 ** Several array keys have been renamed: hideMinor → hideminor,
15450 hideBots → hidebots, hideAnons → hideanons, hideLiu → hideliu,
15451 hidePatrolled → hidepatrolled, hideOwn → hidemyself.
15452 ** The parameter value is now a FormOptions object, not a plain array (array
15453 access operators should continue to work, as it implements the ArrayAccess
15455 * Option to mark hooks as deprecated has been added.
15456 * (bug 52811) Preference "Enable section editing via [edit] links" was removed.
15457 * (bug 52813) Preference "Show table of contents (for pages with more than
15458 3 headings)" was removed.
15459 * (bug 52810) Preference "Justify paragraphs" was removed.
15460 * OutputPage::showErrorPage raises a notice if arguments are incoherent.
15461 * Thumbnails that keep failing to render in thumb.php will be rate-limited
15462 against further render attempts for 1 hour. $wgAttemptFailureEpoch can be
15463 altered to reset all rate-limited thumbnails at once.
15464 * (bug 56572) Builds of the OOjs and OOjs UI libraries are now available.
15465 * mw.loader.go and mw.loader.version have been removed.
15466 * (bug 52815) Preference "Enable simplified search bar (Vector skin only)"
15468 * A user_password_expires column has been added to the user table. The User
15469 object expects this column to exist. Use update.php to create this new field.
15470 * The jquery.delayedBind ResourceLoader module was deprecated in favor of the
15471 jquery.throttle-debounce module. It will be removed in MediaWiki 1.24.
15472 * mw.user.bucket has been deprecated.
15473 * On Special:PrefixIndex, a table#mw-prefixindex-list-table was changed to
15474 table.mw-prefixindex-list-table to avoid duplicate ids when the special page
15476 * (bug 62198) window.$j has been deprecated.
15477 * Preference "Disable link title conversion" was removed.
15478 * SpecialRecentChanges no longer includes any functionality for generating feeds
15479 - it has been factored out to ApiFeedRecentChanges. Old URLs redirect to new
15481 * RecentChange::mExtra['lang'] is no longer set and should no longer be used.
15482 Extensions should read from other configuration variables, including
15483 $wgLocalInterwikis, to identify the current wiki.
15484 * Sections in the parser test framework have been renamed and the old
15485 section names are deprecated. Please use "!!wikitext" and "!!html"
15486 (or "!!html/php") instead of "!!input" and "!!result". This allows
15487 us to extend parser tests to accommodate additional input/output
15488 pairs, such as "!!html/parsoid" (for the output of the Parsoid
15489 parser, where it differs from the PHP parser).
15490 * Special:Search no longer has an "include redirects" option on the advanced
15491 tab. Redirects are now included in all searches.
15492 * mediawiki.api.category's getCategories() 'async' parameter was deprecated.
15493 * The locations of resources have been split between upstream libraries, now in
15494 resources/lib/, local libaries in resources/src/, and local forks of upstream
15495 libraries, also in resources/src/.
15496 * BREAKING CHANGE: The automatically-generated function closure with which
15497 ResourceLoader wraps all modules' JavaScript code now binds the identifier
15498 names 'jQuery' and '$' to the jQuery object of the version of jQuery that is
15499 bundled with MediaWiki. If you bind these names to other objects in global
15500 scope (like Zepto.js or document.querySelectorAll, for example) you will need
15501 to use different names to or re-bind them at the top of each
15502 ResourceLoader-loaded module.
15503 * (bug 52342) Preference "Remember my login" was removed.
15504 * The skin autodiscovery mechanism has been deprecated and will be removed in
15505 MediaWiki 1.25. See https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery
15506 for migration guide for creators and users of custom skins that relied on it.
15508 ==== Removed classes ====
15509 * FakeMemCachedClient (deprecated in 1.18)
15510 * RdfMetaData (unused)
15511 * TitleDependency (unused)
15512 * TitleListDependency (unused)
15513 * WikiError (deprecated in 1.17)
15514 * WikiXmlError (deprecated in 1.17)
15515 * WikiErrorMsg (deprecated in 1.17)
15517 ==== Renamed classes ====
15518 * CdbReader_DBA to CdbReaderDBA
15519 * CdbReader_PHP to CdbReaderPHP
15520 * CdbWriter_DBA to CdbWriterDBA
15521 * CdbWriter_PHP to CdbWriterPHP
15522 * DiffOp_Add to DiffOpAdd
15523 * DiffOp_Change to DiffOpChange
15524 * DiffOp_Copy to DiffOpCopy
15525 * DiffOp_Delete to DiffOpDelete
15526 * HWLDF_WordAccumulator to HWLDFWordAccumulator
15527 * LBFactory_Fake to LBFactoryFake
15528 * LBFactory_Multi to LBFactoryMulti
15529 * LBFactory_Simple to LBFactorySimple
15530 * LBFactory_Single to LBFactorySingle
15531 * LCStore_Accel to LCStoreAccel
15532 * LCStore_CDB to LCStoreCDB
15533 * LCStore_DB to LCStoreDB
15534 * LCStore_Null to LCStoreNull
15535 * LoadBalancer_Single to LoadBalancerSingle
15536 * LoadMonitor_MySQL to LoadMonitorMySQL
15537 * LoadMonitor_Null to LoadMonitorNull
15538 * LocalisationCache_BulkLoad to LocalisationCacheBulkLoad
15539 * csvStatsOutput to CsvStatsOutput
15540 * extensionLanguages to ExtensionLanguages
15541 * languages to Languages
15542 * statsOutput to StatsOutput
15543 * textStatsOutput to TextStatsOutput
15544 * wikiStatsOutput to WikiStatsOutput
15546 ==== Removed methods ====
15547 * ApiBase::getValidNamespaces() (deprecated in 1.17)
15548 * ApiMain::setCachePrivate() (deprecated in 1.17)
15549 * ApiMain::setVaryCookie (deprecated in 1.17)
15550 * Article::doRedirect() (deprecated in 1.18)
15551 * Article::doUnwatch() (deprecated in 1.18)
15552 * Article::doWatch() (deprecated in 1.18)
15553 * Article::forUpdate() (deprecated in 1.18)
15554 * Article::markpatrolled() (deprecated in 1.18)
15555 * Article::unwatch() (deprecated in 1.18)
15556 * Article::watch() (deprecated in 1.18)
15557 * Block::clear() (deprecated in 1.18)
15558 * Block::decodeExpiry() (deprecated in 1.18)
15559 * Block::encodeExpiry() (deprecated in 1.18)
15560 * Block::forUpdate() (deprecated in 1.18)
15561 * Block::infinity() (deprecated in 1.18)
15562 * Block::load() (deprecated in 1.18)
15563 * Block::newFromDB() (deprecated in 1.18)
15564 * Block::normaliseRange() (deprecated in 1.18)
15565 * Block::parseExpiryInput() (deprecated in 1.18)
15566 * CategoryViewer::addSubcategory() (deprecated in 1.17)
15567 * EditPage::spamPage() (deprecated since 1.17)
15568 * Exif::getFormattedData() (deprecated in 1.18)
15569 * Exif::makeFormattedData() (deprecated in 1.18)
15570 * in_string (deprecated in 1.21)
15571 * Language::convertLinkToAllVariants() (deprecated in 1.17)
15572 * LanguageConverter::convertLinkToAllVariants() (deprecated in 1.17)
15573 * Linker::makeBrokenLink() (deprecated in 1.16)
15574 * Linker::makeBrokenLinkObj() (deprecated in 1.16)
15575 * Linker::makeColouredLinkObj() (deprecated in 1.16)
15576 * Linker::makeSizeLinkObj() (deprecated in 1.17)
15577 * MediaWiki::articleFromTitle() (deprecated in 1.18)
15578 * ParserOptions::getkin() (deprecated 1.18)
15579 * ProfilerSimple::getCpuTime (deprecated in 1.20)
15580 * Revision::revText() (deprecated in 1.17)
15581 * SkinTemplate::jstext() (deprecated in 1.21)
15582 * SpecialPage::__call() (deprecated in 1.17)
15583 * SpecialPage::executePath() (deprecated in 1.18)
15584 * SpecialPage::exists() (deprecated in 1.18)
15585 * SpecialPage::file() (deprecated in 1.18)
15586 * SpecialPage::func() (deprecated in 1.18)
15587 * SpecialPage::getGroup() (deprecated in 1.18)
15588 * SpecialPage::getPage() (deprecated in 1.18)
15589 * SpecialPage::getPageByAlias() (deprecated in 1.18)
15590 * SpecialPage::getLocalNameFor() (deprecated in 1.18)
15591 * SpecialPage::getRegularPages() (deprecated in 1.18)
15592 * SpecialPage::getRestrictedPages() (deprecated in 1.18)
15593 * SpecialPage::getTitleForAlias() (deprecated in 1.18)
15594 * SpecialPage::getUsablePages() (deprecated in 1.18)
15595 * SpecialPage::includable() (deprecated in 1.18)
15596 * SpecialPage::init()
15597 * SpecialPage::initAliasList() (deprecated in 1.18)
15598 * SpecialPage::initList() (deprecated in 1.18)
15599 * SpecialPage::name() (deprecated in 1.18)
15600 * SpecialPage::removePage() (deprecated in 1.18)
15601 * SpecialPage::resolveAlias() (deprecated in 1.18)
15602 * SpecialPage::resolveAliasWithSubpage() (deprecated in 1.18)
15603 * SpecialPage::restriction() (deprecated in 1.18)
15604 * SpecialPage::setGroup() (deprecated in 1.18)
15605 * SpecialRecentChanges::feedSetup()
15606 * SpecialRevisionDelete::extractBitField() (deprecated in 1.22)
15607 * User::getPageRenderingHash() (deprecated in 1.17)
15608 * WebRequest::getFileSize() (deprecated in 1.17)
15609 * WebRequest::isPathInfoBad() (deprecated in 1.17)
15610 * wfGenerateToken (deprecated in 1.20)
15611 * wfStreamFile (deprecated in 1.19)
15612 * wfUILang (deprecated in 1.18)
15613 * WikiPage::createUpdates() (deprecated in 1.18)
15614 * WikiPage::quickEdit() (deprecated in 1.18)
15615 * WikiPage::useParserCache() (deprecated in 1.18)
15616 * WikiPage::viewUpdates() (deprecated in 1.18)
15618 ==== Removed globals ====
15619 * $wgBetterDirectionality (deprecated in 1.18)
15623 == MediaWiki 1.22.15 ==
15625 This is a security and maintenance release of the MediaWiki 1.22 branch.
15627 === Changes since 1.22.14 ===
15629 * (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which
15630 could lead to xss. Permission to edit MediaWiki namespace is required to
15632 * (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in
15633 $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as
15635 * (bug T74222) The original patch for T74222 was reverted as unnecessary.
15637 == MediaWiki 1.22.14 ==
15639 This is a security and maintenance release of the MediaWiki 1.22 branch.
15641 === Changes since 1.22.13 ===
15643 * (bugs 66776, 71478) SECURITY: User PleaseStand reported a way to inject code
15644 into API clients that used format=php to process pages that underwent flash
15645 policy mangling. This was fixed along with improving how the mangling was done
15646 for format=json, and allowing sites to disable the mangling using
15647 $wgMangleFlashPolicy.
15648 * (bug 70901) SECURITY: User Jackmcbarn reported that the ability to update
15649 the content model for a page could allow an unprivileged attacker to edit
15650 another user's common.js under certain circumstances. The user right
15651 "editcontentmodel" was added, and is needed to change a revision's content
15653 * (bug 72222) SECURITY: Do not show log action when the entry is revdeleted with
15654 DELETED_ACTION. NOTICE: this may be reverted in a future release pending a
15655 public RFC about the desired functionality. This issue was reported by user
15657 * (bug 71621) Make allowing site-wide styles on restricted special pages a
15659 * $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that
15660 might be a flash policy directive configurable.
15662 == MediaWiki 1.22.13 ==
15663 This is a maintenance release of the MediaWiki 1.22 branch.
15665 === Changes since 1.22.12 ===
15666 * (bug 67440) Allow classes to be registered properly from installer
15668 == MediaWiki 1.22.12 ==
15669 This is a security release of the MediaWiki 1.22 branch.
15671 === Changes since 1.22.11 ===
15672 * (bug 70672) SECURITY: OutputPage: Remove separation of css and js module
15675 == MediaWiki 1.22.11 ==
15676 This is a security release of the MediaWiki 1.22 branch.
15678 === Changes since 1.22.10 ===
15679 * (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style>
15680 elements; normalize style elements and attributes before filtering; add checks
15681 for attributes that contain css; add unit tests for html5sec and reported
15684 == MediaWiki 1.22.10 ==
15685 This is a maintenance release of the MediaWiki 1.22 branch.
15687 === Changes since 1.22.9 ===
15688 * (bug 64970) Fix support for blobs on DatabaseOracle::update
15689 * (bug 60719) In MediaWiki 1.22, the job queue execution on each page request
15690 was changed (Gerrit change 59797) so, instead of executing the job inside the
15691 same PHP process that's rendering the page, a new PHP cli command is spawned
15692 to execute runJobs.php in the background. It will only work if $wgPhpCli is
15693 set to an actual path or safe mode is off, otherwise, the old method will be
15695 https://www.mediawiki.org/wiki/Manual:Job_queue#Changes_in_MediaWiki_1.22
15696 for more information. This change was in earlier releases of 1.22 but was not
15697 noted here until now.
15699 == MediaWiki 1.22.9 ==
15700 This is a security and maintenance release of the MediaWiki 1.22 branch.
15702 === Changes since 1.22.8 ===
15703 * (bug 68187) SECURITY: Prepend jsonp callback with comment.
15704 * (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used
15705 for loading a new page in Javascript,instead of relying on the URL in the
15706 link that has been clicked.
15707 * (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and
15709 * (bug 59147) The img_metadata field was not being decoded from bytea into text.
15711 == MediaWiki 1.22.8 ==
15712 This is a security and maintenance release of the MediaWiki 1.22 branch.
15714 === Changes since 1.22.7 ===
15715 * (bug 65839) SECURITY: Prevent external resources in SVG files.
15716 * (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like
15717 only extracting the tail of the file partially or not at all.
15719 == MediaWiki 1.22.7 ==
15720 This is a security and maintenance release of the MediaWiki 1.22 branch.
15722 === Changes since 1.22.6 ===
15723 * (bug 65501) SECURITY: Don't parse usernames as wikitext on
15724 Special:PasswordReset.
15725 * (bug 36356) Add space between two feed links.
15726 * (bug 63269) Email notifications were not correctly handling the
15727 MediaWiki:Helppage message being set to a full URL. This is a regression from
15728 the 1.22.5 point release, which made the default value for it a URL. If you
15729 customized MediaWiki:Enotif body (the text of email notifications), you'll
15730 need to edit it locally to include the URL via the new variable $HELPPAGE
15731 instead of the parser functions fullurl and canonicalurl; otherwise you don't
15732 have to do anything.
15733 * Add missing uploadstash.us_props for PostgreSQL.
15734 * (bug 56047) Fixed stream wrapper in PhpHttpRequest.
15736 == MediaWiki 1.22.6 ==
15737 This is a security release of the MediaWiki 1.22 branch.
15739 === Changes since 1.22.5 ===
15740 * (bug 63251) SECURITY: Escape sortKey in pageInfo.
15742 == MediaWiki 1.22.5 ==
15743 This is a security and maintenance release of the MediaWiki 1.22 branch.
15745 === Changes since 1.22.4 ===
15746 * (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword.
15747 * (bug 62467) Set a title for the context during import on the cli.
15748 * Fix custom local MediaWiki:Helppage values.
15749 * mediawiki.js: Fix documentation breakage.
15750 * (bug 58153) Make MySQLi work with non standard port.
15751 * (bug 53887) Reintroduced a link to help pages in the default sidebar, that any
15752 sysop can customize by editing MediaWiki:Sidebar locally. The link now points
15753 to a mediawiki.org page which is guaranteed to exist. Nothing needs to be done
15754 on your end, but remember to adjust MediaWiki:Sidebar for the needs of your
15755 wikis. Everyone can help with the shared documentation by translating:
15756 https://www.mediawiki.org/wiki/Special:Translate/agg-Help_pages .
15757 * (bug 53888) Corrected a regression in 1.22 which introduced red links on the
15758 login page. If you previously installed 1.22.x and have created a local page
15759 to make the red link blue, write its title as in MediaWiki:helplogin-url if
15760 you didn't already. Otherwise, you don't need to do anything, but you can
15761 translate the help page at <https://www.mediawiki.org/wiki/Help:Logging_in>.
15763 == MediaWiki 1.22.4 ==
15764 This is a maintenance release of the MediaWiki 1.22 branch.
15766 === Changes since 1.22.3 ===
15767 * Use the correct branch of the extensions' git repositories.
15769 == MediaWiki 1.22.3 ==
15770 This is a security and bugfix release of the MediaWiki 1.22 branch.
15772 === Changes since 1.22.2 ===
15773 * (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted
15774 namespaces. Also disallow iframe elements. * User will get an error including
15775 the namespace name if they use a non- whitelisted namespace.
15776 * (bug 61346) SECURITY: Make token comparison use constant time. It seems like
15777 our token comparison would be vulnerable to timing attacks. This will take
15779 * (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.
15780 * (bug 53710) Add sequence support for upsert in DatabaseOracle in the same way
15782 * (bug 60231, bug 58719) Various fixes to job running code in Wiki.php: Make it
15783 async on Windows. Fixed possible "invalid filename" errors on Windows.
15784 Redirect output to dev/null to avoid hanging PHP.
15785 * (bug 60083) Correct sequence name for fresh Postgres installation. Spotted by
15787 * (bug 60531) Avoid variable naming conflicts in
15788 DatabasePostgres::selectSQLText. Spotted by gebhkla
15789 * (bug 60094) Fix rebuildall.php fatal error with PostgreSQL.
15790 * (bug 43817) Add error handling if descriptionmsg isn't defined for extension.
15791 * (bug 60543) Special:PrefixIndex omits stripprefix=1 for "Next page" link.
15793 == MediaWiki 1.22.2 ==
15794 This is a security and bugfix release of the MediaWiki 1.22 branch.
15796 === Changes since 1.22.1 ===
15797 * (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media
15799 * (bug 58253) Check for very old PCRE versions in installer and updater
15800 * (bug 60054) Make WikiPage::$mPreparedEdit public
15802 == MediaWiki 1.22.1 ==
15803 This is a security and maintenance release of the MediaWiki 1.22 branch.
15805 === Changes since 1.22.0 ===
15806 * (bug 57550) SECURITY: Disallow stylesheets in SVG Uploads
15807 * (bug 58088) SECURITY: Don't normalize U+FF3C to \ in CSS Checks
15808 * (bug 58472) SECURITY: Disallow -o-link in styles
15809 * (bug 58553) SECURITY: Return error on invalid XML for SVG Uploads
15810 * (bug 58699) SECURITY: Fix RevDel log entry information leaks
15811 * (bug 58178) Restore compatibility with curl < 7.16.2.
15812 * (bug 56931) Updated the plural rules to CLDR 24. They are in new format which
15813 is detailed in UTS 35 Rev 33. The PHP parser and evaluator as well as the
15814 JavaScript evaluator were updated to support the new format. Plural rules for
15815 some languages have changed, most notably Russian. Affected software messages
15816 have been updated and marked for review at translatewiki.net. This change is
15817 backported from the development branch of MediaWiki 1.23.
15818 * (bug 58434) The broken installer for database backend Oracle was fixed.
15819 * (bug 58167) The web installer no longer throws an exception when PHP is
15820 compiled without support for MySQL yet with support for another DBMS.
15821 * (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to
15822 appear blank or with missing text.
15823 * (bug 47055) Changed FOR UPDATE handling in Postgresql
15824 * (bug 57026) Avoid extra parsing in prepareContentForEdit()
15826 == MediaWiki 1.22.0 ==
15828 === Configuration changes in 1.22 ===
15829 * $wgRedirectScript was removed. It was unused.
15830 * Removed $wgLocalMessageCacheSerialized, it is now always true.
15831 * $wgVectorUseIconWatch is now enabled by default.
15832 * $wgCascadingRestrictionLevels was added.
15833 * ftps, ssh, sftp, xmpp, sip, sips, tel, sms, bitcoin, magnet, urn, and geo
15834 have been whitelisted inside of $wgUrlProtocols.
15835 * $wgDocType and $wgDTD have been removed and are no longer used for the
15837 * $wgHtml5 is no longer used by core. Setting it to false will no longer disable
15838 HTML5. It is still set to true for extension compatibility but doing so in
15839 extensions is deprecated.
15840 * $wgXhtmlDefaultNamespace is no longer used by core. Setting it will no longer
15841 change the xmlns used by MediaWiki. Reliance on this variable by extensions
15843 * $wgHandheldStyle was removed.
15844 * $wgHandheldForIPhone was removed.
15845 * $wgJsMimeType is no longer used by core. Most usage has been removed since
15846 HTML output is now exclusively HTML5.
15847 * $wgDBOracleDRCP added. True enables persistent connection with DRCP on Oracle.
15848 * $wgLogAutopatrol added to allow disabling logging of autopatrol edits in the
15850 Default for $wgLogAutopatrol is true.
15851 * The 'edit' right no longer allows for editing a user's own CSS and JS.
15852 * New rights 'editmyusercss', 'editmyuserjs', 'viewmywatchlist',
15853 'editmywatchlist', 'viewmyprivateinfo', 'editmyprivateinfo', and
15854 'editmyoptions' restrict actions that were formerly allowed by default. They
15855 have been added to the default for $wgGroupPermissions['*'].
15856 * The 'editprotected' right no longer allows bypassing of all page protection
15857 restrictions. Any group using it for this purpose will now need to have all
15858 the individual rights listed in $wgRestrictionTypes for the same effect.
15859 * The 'protect' and 'autoconfirmed' rights are no longer used for the default
15860 page protection levels. The rights 'editprotected' and 'editsemiprotected'
15861 are now used for this purpose instead.
15862 * (bug 40866) wgOldChangeTagsIndex removed.
15863 * $wgNoFollowDomainExceptions now only matches entire domains. For example,
15864 an entry for 'bar.com' will still match 'foo.bar.com' but not 'foobar.com'.
15865 * $wgCopyUploadTimeout and $wgCopyUploadAsyncTimeout added to change the timeout
15866 times for fetching the file during upload by url.
15867 * New key added to $wgGalleryOptions - $wgGalleryOptions['mode'] to set
15868 default gallery mode.
15869 * New hook 'GalleryGetModes' to allow extensions to make new gallery modes.
15870 * The checkbox for staying in HTTPS displayed on the login form when
15871 $wgSecureLogin is enabled has been removed. Instead, whether the user stays in
15872 HTTPS will be determined
15873 based on the user's preferences, and whether they came from HTTPS or not.
15874 * $wgRC2UDPAddress, $wgRC2UDPInterwikiPrefix, $wgRC2UDPOmitBots, $wgRC2UDPPort,
15875 and $wgRC2UDPPrefix configuration options have been deprecated in favor of a
15876 $wgRCFeeds configuration array. $wgRCFeeds makes both the format and
15877 destination of recent change notifications customizable, and allows for
15878 multiple destinations to be specified.
15879 * (bug 53862) portal-url, currentevents-url and helppage have been removed from
15880 the default Sidebar.
15881 * The 'vector-simplesearch' preference is now enabled by default. Previously
15882 it was only enabled if the Vector extension was installed.
15883 * The precise format of metric datagrams produced by the UDP profiler and stats
15884 counter may now be specified as $wgUDPProfilerFormatString and
15885 $wgStatsFormatString, respectively.
15886 * (bug 54597) $wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath, and
15887 $wgProxyMemcExpiry have been removed, along with the open proxy scanner
15888 script they were added for.
15889 * Default value of $wgMaxShellMemory has been tripled (it's now 300 MB).
15891 === New features in 1.22 ===
15892 * You can now install extensions using Composer.
15893 See https://www.mediawiki.org/wiki/Composer
15894 * (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and
15896 * (bug 33454) Language::sprintfDate now has a timezone parameter, and supports
15897 the "eIOPTZ" formatting characters.
15898 * EditWarning: A warning is shown when an editor leaves the edit form without
15899 saving (enabled by default, users can opt-out via the 'useeditwarning'
15900 preference). This feature was moved from the Vector extension, and is now part
15901 of core for all skins. Take care when upgrading that you don't use an older
15902 version of the Vector extension as this feature may conflict.
15903 * New 'mediawiki.ui' CSS module providing mw-ui-* styles for buttons and a
15904 compact vertical form layout.
15905 * HTMLForm supports a new display format 'vform' which applies this compact
15907 layout and button styling. Special:PasswordReset uses this format.
15908 * New versions of login (Special:UserLogin) and create account
15909 (Special:UserLogin/signup) forms using the "vform" compact vertical form
15910 layout. These forms use new messages that assume a "Help logging in" link, see
15911 https://www.mediawiki.org/wiki/Manual:Page_customizations;
15912 https://www.mediawiki.org/wiki/Account_creation_user_experience/Strings lists
15913 the message key changes.
15914 * (bug 23343) Implemented ability to apply IP blocks to the contents of
15915 X-Forwarded-For headers by adding a new configuration variable
15916 $wgApplyIpBlocksToXff (disabled by default).
15917 * The new hook 'APIGetPossibleErrors' to modify the list of possible errors was
15919 * (bug 25592) LogEventsList::showLogExtract() will now ignore various
15920 Pager-related WebRequest parameters by default, as this is overwhelmingly
15921 likely to be what was intended by users of the method. If any caller wishes
15922 to use these parameters, the new param 'useRequestParams' may be set to true.
15923 * mw.util.addPortletLink: Tooltip is no longer required to be plain (without
15924 an accesskey in it already). As such it now rountrips. Creating a link with a
15925 message as tooltip, grabbing the title attribute and using it to create
15926 another portlet will work as expected.
15927 * (bug 6747) {{ROOTPAGENAME}} introduced, contains the name of the topmost
15928 page without namespace.
15929 * BREAKING CHANGE: (bug 41729) Display editsection links next to headings. Also
15930 change their class name from .editsection to .mw-editsection and place them at
15931 the end of the heading element instead of the beginning. Client-side code and
15932 screen-scrapers will have to be adjusted to handle both cases (old HTML will
15933 still be visible on cached page renders until they are purged); extensions
15934 using the DoEditSectionLink or EditSectionLink hooks might need adjustments as
15936 * (bug 45535) introduced the new 'LanguageLinks' hook for manipulating the
15937 language links associated with a page before display.
15938 * Chosen (http://harvesthq.github.io/chosen/) was added as module
15940 * HTMLForm will turn multiselect checkboxes into a Chosen interface when setting
15941 cssclass 'mw-chosen'
15942 * rebuildLocalisationCache learned --lang option. Let you rebuild l10n caches
15943 of the specified languages instead of all of them.
15944 * New GetNewMessagesAlert hook allowing extensions to disable or modify the new
15946 * New wgUserNewMsgRevisionId JS global for logged in users. This will be null
15947 if the user has no new talk page messages. Otherwise it will be set to the
15948 revision ID of the oldest new talk page message. This will allow gadgets and
15949 extensions to create their own new message alerts on the client side.
15950 * mediawiki.log: Added log.warn wrapper (uses console.warn and console.trace).
15951 * mediawiki.log: Implemented log.deprecate. This method defines a property and
15952 uses ES5 getter/setter to emit a warning when they are used.
15953 * $wgCascadingRestrictionLevels was added, allowing one to specify restriction
15954 levels which can be cascading (previously 'sysop' was hard-coded as the only
15956 * XHTML5 support has been improved. If you set
15957 $wgMimeType = 'application/xhtml+xml' MediaWiki will try outputting markup
15958 according to XHTML5 rules.
15959 * Altered hook 'ProtectionForm::save', adding the reason page protection is
15960 changed as third parameter.
15961 * New hook 'TitleSquidURLs' for manipulating the list of URLs to be purged from
15962 HTTP caches when a page is changed.
15963 * Changed the patrolling system to always show the link for patrolling in case
15964 the current revision is patrollable. This also removed the usage of the rcid
15966 * Oracle DB backend now supports Database Resident Connection Pooling (DRCP).
15967 Can be enabled by setting $wgDBOracleDRCP=true.
15968 Requires Oracle DB 11gR1 or above, enabled DRCP inside the DB itself and a
15969 propper connect string.
15970 More about DRCP can be found at:
15971 https://oracle-base.com/articles/11g/database-resident-connection-pool-11gr1
15972 * Add a new parameter $patrolFooterShown to hook ArticleViewFooter so the hook
15973 handlers can take further action based on the status of the patrol footer
15974 * A new hook TitleQuickPermissions was added to allow overriding of quick
15975 permissions in the Title class.
15976 * LinkCache singleton can now be altered or cleared, letting one to specify
15977 another instance that does not rely on a database backend.
15978 * MediaWiki's PHPUnit tests can now use PHPUnit installed using composer --dev.
15979 * (bug 43689) The lists of templates used on the page and hidden categories it
15980 is a member of, shown below the edit form, are now collapsible (and collapsed
15982 * Parser profiling data, formerly only available in the "NewPP limit report"
15983 HTML comment, is now also displayed at the bottom of page previews.
15984 * Added ParserLimitReportPrepare and ParserLimitReportFormat hooks, deprecated
15985 ParserLimitReport hook.
15986 * New user rights have been added to increase granularity in rights management
15987 for extensions such as OAuth:
15988 ** editmyusercss controls whether a user may edit their own CSS subpages.
15989 ** editmyuserjs controls whether a user may edit their own JS subpages.
15990 ** viewmywatchlist controls whether a user may view their watchlist.
15991 ** editmywatchlist controls whether a user may edit their watchlist.
15992 ** viewmyprivateinfo controls whether a user may access their private
15993 information (e.g. registered email address, real name).
15994 ** editmyprivateinfo controls whether a user may change their private
15996 ** editmyoptions controls whether a user may change their preferences.
15997 * Add new hook AbortTalkPageEmailNotification, this will be used to determine
15998 whether to send the regular talk page email notification
15999 * Action classes registered in $wgActions are now also supported in the form of
16000 a callback (which returns an instance of Action) instead of providing the name
16001 of a subclass of Action.
16002 * (bug 46513) Vector: Add the collapsibleTabs script from the Vector extension.
16003 * Added $wgRecentChangesFlags for defining new flags for RecentChanges and
16005 * (bug 40518) mw.toolbar: Implemented mw.toolbar.addButtons for adding multiple
16006 button objects in one call.
16007 * Rights used for the default protection levels ('sysop' and 'autoconfirmed')
16008 are now used just for that purpose, instead of overloading other rights. This
16009 allows easy granting of the ability to edit sysop-protected pages without
16010 also granting the ability to protect and unprotect.
16011 * (bug 48256) Make brackets in section edit links accessible to CSS.
16012 They are now wrapped in <span class="mw-editsection-bracket" />.
16013 * (bug 8480) Allow handler specific parameters in galleries (like page number)
16014 * jquery.client: Add detection for Opera 15 and Internet Explorer 11.
16015 * Change tags (used by the AbuseFilter extension) are now shown on diff pages.
16016 * Change tag lists (shown on recent changes, watchlist, user contributions,
16017 history pages, diff pages) now include a link to Special:Tags to distinguish
16018 them from edit summaries.
16019 * Added a new method and hook, User::isEveryoneAllowed() and
16020 UserIsEveryoneAllowed, for use in situations where a "does everyone have this
16021 right?" check is used to avoid more expensive checks.
16022 * (bug 14431) Display "(No difference)" instead of an empty diff (when comparing
16023 revisions in the history or when previewing changes while editing).
16024 * New hook 'IsUploadAllowedFromUrl' is added which can be used to intercept
16025 uploads by URL, useful for blacklisting specific URLs
16026 * (bug 21912) Watchlist token implementation has been refactored and
16027 Special:ResetTokens was added to allow users to reset their tokens
16028 instead of presenting them in Preferences.
16029 * Special:PrefixIndex now lets you strip the searched prefix from the displayed
16030 titles. Given a list of articles named Bug1, Bug2, you can now transclude the
16031 list of bug numbers using: {{Special:PrefixIndex/Bug|stripprefix=1}}.
16032 The special page form received a new checkbox matching that option.
16033 * (bug 23580) Implement javascript callback interface "mw.hook".
16034 * (bug 30713) New mw.hook "wikipage.content".
16035 * (bug 40430) jquery.placeholder gets a new parameter to set the attribute value
16037 * $wgHTCPMulticastRouting renamed $wgHTCPRouting since it accepts unicast.
16038 * $wgHTCPRouting rules can now be passed an array of hosts/ports to send purge
16039 too. Can be used whenever several multicast group could be interested by a
16041 * (bug 25931) Add Special:RandomInCategory.
16042 * mediawiki.util: addPortletLink now supports passing a jQuery object as
16044 * <wbr> can now be used inside WikiText.
16045 * WebResponse::setcookie is much more featureful. Callers using PHP's
16046 setcookie() or setrawcookie() should begin using this instead.
16047 * New hook WebResponseSetCookie, called from WebResponse::setcookie().
16048 * New hook ResetSessionID, called when the session id is reset.
16049 * Add a mode parameter to <gallery> tag with potential options of "traditional",
16050 "nolines", "packed", "packed-overlay", or "packed-hover".
16051 * (bug 47399) A success message is now displayed after changing the password.
16052 * Make thumb.php give HTTP redirects for file redirects
16053 * (bug 30607) Special:ListFiles can now show old versions of files. Additionally
16054 Special:AllMyUploads was introduced so the user can get a list of all things
16055 they have ever uploaded, even if it was subsequently overridden.
16056 * Introduced Special:MyFiles and Special:AllMyFiles as an alias for
16057 Special:MyUploads and Special:AllMyUploads respectively.
16058 * IPv6 addresses in X-Forwarded-For headers are now normalised before checking
16059 against allowed proxy lists.
16060 * Add deferrable update support for callback/closure.
16061 * Add TitleMove hook before page renames.
16062 * Revision deletion backend code is moved out of SpecialRevisiondelete
16063 * Added {{REVISIONSIZE}} variable to get the current size of a revision.
16064 * Add support for the LESS stylesheet language to ResourceLoader. LESS is a
16065 stylesheet language that compiles into CSS. ResourceLoader file modules may
16066 include LESS style files; ResourceLoader will compile these files into CSS
16067 before sending them to the client.
16068 ** The $wgResourceLoaderLESSVars configuration variable is an associative array
16069 mapping variable names to string CSS values. These variables are considered
16070 declared for all LESS files. Additional variables may be registered by
16071 adding keys to the array.
16072 ** $wgResourceLoaderLESSFunctions is an associative array of custom LESS
16073 function names to PHP callables. See
16074 <http://leafo.net/lessphp/docs/#custom_functions>
16075 for more details regarding custom functions.
16076 ** $wgResourceLoaderLESSImportPaths is an array of file system paths. Files
16077 referenced in LESS '@import' statements are looked up here first.
16078 * ResourceLoader supports hashes as module cache invalidation trigger (instead
16079 of or in addition to timestamps).
16080 * Added $wgExtensionEntryPointListFiles for use in mergeMessageFileList.php.
16081 * Added a hook, APIQuerySiteInfoStatisticsInfo, to allow extensions to modify
16082 the output of the API query meta=siteinfo&siprop=statistics
16083 * Primary keys have been added to both the archive table and the externallinks
16085 * Added $wgEnableParserLimitReporting to control whether the NewPP limit report
16086 is output in a HTML comment.
16087 * The 'UnwatchArticle' and 'WatchArticle' hooks now support a Status object
16088 instead of just a boolean return value to abort the hook.
16089 * Added a hook, SpecialWatchlistGetNonRevisionTypes, to allow extensions
16090 with custom recentchanges entries to hook into the Watchlist without
16091 clobbering each other.
16092 * A hidden, empty input field was added to the edit form, and any edit that
16093 fills it in will be rejected. This prevents against the simplest form of
16094 spambots. Previously in the "SimpleAntiSpam" extension by Ryan Schmidt.
16095 * populateRevisionLength.php maintenance script updated to also populate
16096 archive.ar_len field.
16097 * (bug 43571) DatabaseMySQLBase learned to list views, optionally filtered by a
16098 prefix. Also fixed PHPUnit test suite when using a MySQL backend containing
16101 === Bug fixes in 1.22 ===
16102 * (bug 47271) $wgContentHandlerUseDB should be set to false during the upgrade
16103 * Disable Special:PasswordReset when $wgEnableEmail is false. Previously one
16104 could still navigate to the page by entering the URL directly.
16105 * (bug 47138) Fixed a fatal error when a blocked user tries to automatically
16106 create an account on login due external authentication in some circumstances.
16107 * (bug 23393) HTML <hN> headings containing line breaks are now handled
16109 * (bug 45803) Whitespace within == Headline == syntax and within <hN> headings
16110 is now non-significant and not preserved in the HTML output.
16111 * (bug 47218) Special:BlockList now handles correctly user names with spaces
16112 when passed as subpage.
16113 * Pager's properly validate which fields are allowed to be sorted on.
16114 * mw.util.tooltipAccessKeyRegexp: The regex now matches "option-" as well.
16115 Support for Mac "option" was added in 1.16, but the regex was never updated.
16116 * (bug 46768) Usernames of blocking users now display correctly, even if
16118 * (bug 39590) Self-transclusions now show the most up to date result always
16119 after save instead of being a revision behind.
16120 * A bias in wfRandomString() toward digits 1-7 has been corrected. Generated
16121 strings will now start with digits 0 and 8-f as often as they should.
16122 * (bug 45371) Removed Parser_LinkHooks and CoreLinkFunctions classes.
16123 * (bug 41545) Allow <kbd>, <samp>, and <var> to be nested like allowed in html.
16124 * PLURAL magic word no longer causes a PHP notice when no matching form exists.
16125 * (bug 36641) Patrol page links no longer show on non-existent revisions.
16126 * (bug 35810) Pages not linked from Special:RecentChanges or Special:NewPages
16127 are patrollable now.
16128 * (bug 30213) JavaScript for search suggestions is now disabled when the API
16129 is disabled, and AJAX patrolling and watching are now disabled when use of
16130 the write API is not allowed.
16131 * (bug 48294) API: Fix chunk upload async mode.
16132 * (bug 46749) Broken files tracking category removed from pages if an image
16133 with that name is uploaded.
16134 * (bug 14176) System messages that are empty were previously incorrectly treated
16135 as non-existent, causing a fallback to the default. This stopped users from
16136 overriding system messages to make them blank.
16137 * (bug 48319) action=parse no longer returns an error if passed none of 'oldid',
16138 'pageid', 'page', 'title', and 'text' (e.g. if only passed 'summary'). A
16139 warning will instead be issued if 'title' is non-default, unless no props are
16141 * Special:Recentchangeslinked will now include upload log entries
16142 * (bug 41281) Fixed ugly output if file size could not be extracted for
16144 * (bug 50315) list=logevents API module will now output log entries by anonymous
16146 * (bug 38911) Handle headers with rowspan in jquery.tablesorter
16147 * (bug 658) Converted the table of contents on wiki pages from <table> to <div>
16148 and adjusted skin CSS accordingly. The CSS was carefully crafted to be
16149 backwards-compatible in all reasonable cases (uses of the __TOC__ magic word,
16150 the #toc CSS id and the .toc CSS class). However, particularly bad abuse of
16151 the id or the class can possibly break.
16152 * CSSJanus now supports rgb, hsl, rgba, and hsla color syntaxes.
16153 * Special:Listfiles can no longer be sorted by image name when filtering
16154 by user in miser mode.
16155 * (bug 49074) CSSJanus: Handle values of border-radius correctly.
16156 * Handle relative inclusions ({{../name}}) in main namespace with subpages
16157 enabled correctly (previously MediaWiki tried to include Template:Parent/name
16158 instead of just Parent/name).
16159 * Added $wgAPIUselessQueryPages to allow extensions to flag their query pages
16160 for non-inclusion in ApiQueryQueryPages.
16161 * (bug 50870) mediawiki.notification: Notification area should remain visible
16162 when scrolled down.
16163 * (bug 13438) Special:MIMESearch no longer an expensive special page.
16164 * (bug 48342) Fixed a fatal error when $wgValidateAllHtml is set to true and
16165 the function apache_request_headers() function is not available.
16166 * (bug 33399) LivePreview: Re-run wikipage content handlers
16167 (jquery.makeCollapsible, jquery.tablesorter) after preview content is loaded.
16168 * (bug 51891) Fixed PHP notice on Special:PagesWithProp when no properties
16170 * (bug 52006) Corrected documentation of $wgTranscludeCacheExpiry.
16171 * (bug 52077) The APIEditBeforeSave hook is giving the content of the whole
16172 revision as second argument now, rather than just the current section.
16173 * (bug 49694) $wgSpamRegex is now also applied on the new section headline text
16174 adding a new topic on a page
16175 * (bug 41756) Improve treatment of multiple comments on a blank line.
16176 * (bug 51064) Purge upstream caches when deleting file assets.
16177 * (bug 39012) File types with a mime that we do not know the extension for
16178 can no longer be uploaded as an extension that we do know the mime type
16180 * (bug 51742) Add data-sort-value for better sorting of hitcounts Special:Tags
16181 * (bug 26811) On DB error pages, server hostnames are now hidden when both
16182 $wgShowHostnames and $wgShowSQLErrors are false.
16183 * (bug 6200) line breaks in <blockquote> are handled like they are in <div>
16184 * (bug 14931) Default character set now set to 'utf8' when a new MySQL
16185 database is created.
16186 * (bug 47191) Fixed "Column 'si_title' cannot be part of FULLTEXT index"
16187 MySQL error when installing using the binary character set option.
16188 * (bug 45288) Support mysqli PHP extension
16189 * (bug 55818) BREAKING CHANGE: Removed undocumented 'Debug' hook in wfDebug.
16190 This resolves an infinite loop when using $wgDebugFunctionEntry = true.
16191 * (bug 56707) Correct tooltip of "Next n results" on query special pages.
16192 * (bug 56770) mw.util.addPortletLink: Check length before access array index.
16194 === API changes in 1.22 ===
16195 * (bug 25553) The JSON output formatter now leaves forward slashes unescaped
16196 to improve human readability of URLs and similar strings. Also, a "utf8"
16197 option is now provided to use UTF-8 encoding instead of hex escape codes
16198 for most non-ASCII characters.
16199 * (bug 46626) xmldoublequote parameter was removed. Because of a bug, the
16200 parameter has had no effect since MediaWiki 1.16, and so its removal is
16201 unlikely to impact existing clients.
16202 * (bug 47216) action=query&meta=siteinfo&siprop=skins will now indicate which
16203 skin is the default and which are unusable (e.g. listed in $wgSkipSkins).
16204 * (bug 25325) Added support for wlshow filtering (bots/anon/minor/patrolled)
16205 to action=feedwatchlist.
16206 * WDDX formatted output will actually be formatted (and normal output will no
16207 longer be), and will no longer choke on booleans.
16208 * action=opensearch no longer silently ignores the format parameter.
16209 * action=opensearch now supports format=jsonfm.
16210 * list=usercontribs&ucprop=ids will now include the parent revision id.
16211 * BREAKING CHANGE: action=parse no longer returns all langlinks for the page
16212 with prop=langlinks by default. The new effectivelanglinks parameter will
16213 request that the LanguageLinks hook be called to determine the effective
16215 * BREAKING CHANGE: list=allpages, list=langbacklinks, and prop=langlinks do not
16216 apply the new LanguageLinks hook, and thus only consider language links
16217 stored in the database.
16218 * (bug 47219) Allow specifying change type of Wikipedia feed items
16219 * prop=imageinfo now allows setting iiurlheight without setting iiurlwidth
16220 * prop=info now adds the content model and page language of the title.
16221 * New upload log entries will now contain information on the relevant
16222 image (sha1 and timestamp).
16223 * (bug 49239) action=parse now can parse in preview and section preview modes.
16224 * (bug 49259) action=patrol now accepts revision ids.
16225 * (bug 48129) list=blocks&bkip= now correctly handles IPv6 CIDR ranges and
16226 honors $wgBlockCIDRLimit. Note any clients passing invalid values to bkip
16227 will now receive an error, rather than the previous behavior listing all
16229 * (bug 48201) action=parse&text=foo now assumes wikitext if no title is given,
16230 rather than using the content model of the page "API".
16231 * action=watch no longer silently ignores hook abort.
16232 * (bug 50785) action=purge with forcelinkupdate=1 no longer queues refreshLinks
16233 jobs in the job queue for link table updates of pages that use the given page
16234 as a template. Instead, forcerecursivelinkupdate=1 is introduced and should
16235 be used if that behaviour is desirable.
16236 * The 'debugLog' property (enabled by $wgDebugToolbar) no longer sets the log
16237 entry values through ApiResult::content but directly. This changes the JSON
16238 output from an array of objects with content in '*' to an array of strings
16240 * (bug 51342) prop=imageinfo iicontinue now contains the dbkey, not the text
16241 version of the title.
16242 * (bug 52538) action=edit will now use empty text instead of the contents
16243 of section 0 when passed prependtext or appendtext with section=new.
16244 * Support for the 'gettoken' parameter to action=block and action=unblock,
16245 deprecated since 1.20, has been removed.
16246 * (bug 49090) Token-getting functions will fail when using jsonp callbacks.
16247 * (bug 52699) action=upload returns normalized file name on warning
16248 "exists-normalized" instead of filename to be uploaded to.
16249 * (bug 53884) action=edit will now return an error when the specified section
16250 does not exist in the page.
16251 * Added meta=filerepoinfo API module for getting information about foreign
16252 file repositories, and related ForeignAPIRepo methods getInfo and getApiUrl.
16253 * The new query module list=allfileusages to enumerate file usages was added.
16255 === Languages updated in 1.22 ===
16257 MediaWiki supports over 350 languages. Many localisations are updated
16258 regularly. Below only new and removed languages are listed, as well as
16259 changes to languages because of Bugzilla reports.
16261 * Batak Toba (bbc-latn) added.
16262 * (bug 46751) Made Buryat (Russia) (буряад) (bxr) fallback to Russian.
16264 === Other changes in 1.22 ===
16265 * BREAKING CHANGE: Implementation of MediaWiki's JS and JSON value encoding
16267 ** MediaWiki no longer supports PHP installations in which the native JSON
16268 extension is missing or disabled.
16269 ** XmlJsCode objects can no longer be nested inside objects or arrays.
16270 (For Xml::encodeJsCall(), this individually applies to each argument.)
16271 ** The sets of characters escaped by default, along with the precise escape
16272 sequences used, have changed (except for the Xml::escapeJsString()
16273 function, which is now deprecated).
16274 * BREAKING CHANGE: The Services_JSON class has been removed. If necessary,
16275 be sure to upgrade affected extensions at the same time (e.g. Collection).
16276 * redirect.php was removed. It was unused.
16277 * ClickTracking integration was dropped from the mediaWiki.user.bucket
16278 JavaScript function. The 'tracked' option is now ignored.
16279 * BREAKING CHANGE: Legacy skins Simple, MySkin, Chick, Standard and Nostalgia
16280 were all removed. (Nostalgia was moved to an extension.) The SkinLegacy and
16281 LegacyTemplate classes that supported them were removed as well and are now a
16282 part of the Nostalgia extension.
16283 * Event namespace used by jquery.makeCollapsible has been changed from
16284 'mw-collapse' to 'mw-collapsible' for consistency with the module name.
16285 * BREAKING CHANGE: The "ExternalAuth" authentication subsystem was removed,
16286 along with its associated globals of $wgExternalAuthType, $wgExternalAuthConf,
16287 $wgAutocreatePolicy and $wgAllowPrefChange. Affected users are encouraged to
16288 use AuthPlugin for external authentication/authorization needs.
16289 * The Quickbar feature of the legacy skin model and the last remnants of it
16290 throughout the code base have been removed.
16291 * Externaledit/externaldiff preference was removed. Very few users used this
16292 feature, and improper configuration can actually prevent a user from editing
16293 * Calling Linker methods using a skin will now output deprecation warnings.
16294 * (bug 46680) "Return to" links are no longer tagged with rel="next".
16295 * BREAKING CHANGE: mw.util.tooltipAccessKeyRegexp: The match group for the
16296 accesskey character is now $6 instead of $5.
16297 * HipHop compiler (hphpc) support was removed. HipHop VM support (hhvm) was
16299 * A new Special:Redirect page was added, providing lookup by revision ID,
16300 user ID, or file name. The old Special:Filepath page was reimplemented
16301 to redirect through Special:Redirect.
16302 * Monobook: Removed the old conditional stylesheets for Opera 6, 7 and 9.
16303 * Support for XHTML 1.0 has been removed. MediaWiki now only outputs (X)HTML5.
16304 * wikibits: User-agent related globals have been deprecated. The following
16305 properties now default to false and emit mw.log.warn: is_gecko, is_chrome_mac,
16306 is_chrome, webkit_version, is_safari_win, is_safari, webkit_match, is_ff2,
16307 ff2_bugs, is_ff2_win, is_ff2_x11, opera95_bugs, opera7_bugs, opera6_bugs,
16308 is_opera_95, is_opera_preseven, is_opera, and ie6_bugs.
16309 * (bug 48276) MediaWiki will now flash a confirmation message upon successfully
16311 * (bug 40785) mediawiki.legacy.ajax has been marked as deprecated. The following
16312 properties now emit mw.log.warn when accessed: sajax_debug, sajax_init_object,
16313 sajax_do_call and wfSupportsAjax.
16314 * BREAKING CHANGE: meta keywords are no longer supported. A
16315 <meta name="keywords" will no longer be output and OutputPage::addKeyword no
16317 * Methods Title::userCanEditCssSubpage and Title::userCanEditJsSubpage,
16318 deprecated since 1.19, have been removed.
16319 * (bug 50134) Hook functions are no longer required to return a value. When a
16320 hook function does not return a value (or when it returns an explicit null),
16321 processing continues. To abort the hook, a hook function must return an
16322 explicit, boolean false or a string error message. Other falsey values are
16323 tantamount to a 'return true' in earlier versions of MediaWiki.
16324 * BREAKING CHANGE: The EditSectionLink hook was removed after being
16325 deprecated since MediaWiki 1.14. Use DoEditSectionLink instead.
16326 * (bug 48256) The 'editsection-brackets' optional message was removed.
16327 Section edit links' brackets can now be customized using CSS by
16328 styling span.mw-editsection-bracket.
16329 * The usePatrol function in ChangesList has been marked as deprecated.
16330 * (bug 50785) A "null edit", that is, a save action in which no changes to the
16331 page text are made and no revision recorded, will no longer send refreshLinks
16332 jobs to the job table to update pages which use the edited page as a template.
16333 * The LivePreviewPrepare and LivePreviewDone events triggered on "jQuery( mw )"
16334 have been deprecated in favour of using mw.hook.
16335 * The 'showjumplinks' user preference has been removed, jump links are now
16337 * Methods RecentChange::notifyRC2UDP, RecentChange::sendToUDP, and
16338 RecentChange::cleanupForIRC have been deprecated, as it is now the
16339 responsibility of classes implementing the RCFeedFormatter and RCFeedEngine
16340 interfaces to implement the formatting and delivery for recent change
16342 * SpecialPrefixindex methods namespacePrefixForm() and showPrefixChunk() have
16343 been made protected. They were accepting form variance arguments, this is now
16344 using properties in the SpecialPrefixindex class.
16345 * (bug 50310) BREAKING CHANGE: wikibits: Drop support for mwCustomEditButtons.
16346 It defaults to an empty array and emits mw.log.warn when accessed.
16347 * BREAKING CHANGE: Special:Disambiguations has been removed from MediaWiki core.
16348 Functions related to disambiguation pages are now handled by the Disambiguator
16349 extension (https://www.mediawiki.org/wiki/Extension:Disambiguator) (bug
16351 * BREAKING CHANGE: The 'mediawiki.legacy.wikiprintable' module has been removed.
16352 The skins/common/wikiprintable.css file no longer exists. Return value of
16353 Skin#commonPrintStylesheet is ignored. Please use the
16354 'mediawiki.legacy.commonPrint' module instead or base your skin on
16356 * (bug 49629) The hook ExtractThumbParameters has been deprecated in favour
16357 of media handler overriding MediaHandler::parseParamString.
16358 * (bug 46512) The collapsibleNav feature from the Vector extension has been
16359 moved to the Vector skin in core.
16360 * SpecialRecentChanges::addRecentChangesJS() function has been renamed
16361 to addModules() and made protected.
16362 * Methods WatchAction::doWatch and WatchAction::doUnwatch now return a Status
16363 object instead of a boolean.
16364 * Information boxes (CSS classes errorbox, warningbox, successbox) have been
16366 * BREAKING CHANGE: The module 'mediawiki.legacy.IEFixes' has been removed as it
16367 was unused. The file skins/common/IEFixes.js remains but is only used by
16368 wikibits. The file never contained any re-usable components. To use it in a
16369 skin, load 'mediawiki.legacy.wikibits' (which IEFixes depends on) and that
16370 will import IEFixes automatically if user agent conditions are met.
16371 * Code specific to the Math extension was marked as deprecated.
16372 * mediawiki.util: mw.util.wikiGetlink has been renamed to getUrl. (The old name
16373 still works, but is deprecated.)
16377 == MediaWiki 1.21.11 ==
16378 This is a security and maintenance release of the MediaWiki 1.21 branch.
16380 === Changes since 1.21.10 ===
16381 * (bug 65839) SECURITY: Prevent external resources in SVG files.
16382 * (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like
16383 only extracting the tail of the file partially or not at all.
16385 == MediaWiki 1.21.10 ==
16386 This is a security and maintenance release of the MediaWiki 1.21 branch.
16388 === Changes since 1.21.9 ===
16389 * (bug 65501) SECURITY: Don't parse usernames as wikitext on
16390 Special:PasswordReset.
16391 * (bug 36356) Add space between two feed links.
16393 == MediaWiki 1.21.9 ==
16394 This is a security and maintenance release of the MediaWiki 1.21 branch.
16396 === Changes since 1.21.8 ===
16397 * (bug 63251) SECURITY: Escape sortKey in pageInfo.
16398 * (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to
16399 appear blank or with missing text.
16401 == MediaWiki 1.21.8 ==
16402 This is a security and maintenance release of the MediaWiki 1.21 branch.
16404 === Changes since 1.21.7 ===
16405 * (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword.
16406 * (bug 62467) Set a title for the context during import on the cli.
16408 == MediaWiki 1.21.7 ==
16409 This is a maintenance release of the MediaWiki 1.21 branch.
16411 === Changes since 1.21.6 ===
16412 * Use the correct branch of the extensions' git repositories.
16414 == MediaWiki 1.21.6 ==
16415 This is a security release of the MediaWiki 1.21 branch.
16417 === Changes since 1.21.5 ===
16418 * (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted
16419 namespaces. Also disallow iframe elements.
16420 * User will get an error including the namespace name if they use a
16421 non-whitelisted namespace.
16422 * (bug 61346) SECURITY: Make token comparison use constant time. It seems like
16423 our token comparison would be vulnerable to timing attacks. This will take
16425 * (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.
16427 == MediaWiki 1.21.5 ==
16428 This is a security release of the MediaWiki 1.21 branch.
16430 === Changes since 1.21.4 ===
16431 * (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media
16434 == MediaWiki 1.21.4 ==
16435 This is a security release of the MediaWiki 1.21 branch.
16437 === Changes since 1.21.3 ===
16438 * (bug 57550) SECURITY: Disallow stylesheets in SVG Uploads
16439 * (bug 58088) SECURITY: Don't normalize U+FF3C to \ in CSS Checks
16440 * (bug 58472) SECURITY: Disallow -o-link in styles
16441 * (bug 58553) SECURITY: Return error on invalid XML for SVG Uploads
16442 * (bug 58699) SECURITY: Fix RevDel log entry information leaks
16444 == MediaWiki 1.21.3 ==
16445 This is a security and maintenance release of the MediaWiki 1.21 branch.
16447 === Changes since 1.21.2 ===
16448 * (bug 53032) SECURITY: Don't cache when a call could autocreate
16449 * (bug 55332) SECURITY: Improve css javascript detection
16450 * (bug 49717) Fix behaviour $wgVerifyMimeType = false; in Upload
16451 * Fix comma errors in various js files
16454 == MediaWiki 1.21.2 ==
16455 This is a security and maintenance release of the MediaWiki 1.21 branch.
16457 === Changes since 1.21.1 ===
16458 * SECURITY: Fix extension detection with 2 .'s
16459 * SECURITY: Support for the 'gettoken' parameter to action=block and
16460 action=unblock, deprecated since 1.20, has been removed.
16461 * SECURITY: Sanitize ResourceLoader exception messages
16462 * Purge upstream caches when deleting file assets.
16463 * Unit test suite now runs the AutoLoader tests. Also fixed the autoloading
16464 entry for the PageORMTableForTesting class though it had no impact.
16466 == MediaWiki 1.21.1 ==
16467 This is a maintenance release of the MediaWiki 1.21 branch.
16469 === Changes since 1.21.0 ===
16470 * An incorrect version number was used for 1.21.0. 1.21.1 has the correct
16472 * A problem with the Oracle SQL table creation was fixed.
16473 * (PdfHandler extension) Fix warning if pdfinfo fails but pdftext succeeds.
16475 == MediaWiki 1.21.0 ==
16477 === Configuration changes in 1.21 ===
16478 * (bug 29374) $wgVectorUseSimpleSearch is now enabled by default.
16479 * Deprecated $wgAllowRealName is removed. Use $wgHiddenPrefs[] = 'realname'
16481 * (bug 39957) Added $wgUnwatchedPageThreshold, specifying minimum count
16482 of page watchers required for the number to be accessible to users
16483 without the unwatchedpages permission.
16484 * $wgBug34832TransitionalRollback has been removed.
16485 * (bug 29472) $wgUseDynamicDates has been removed and its functionality
16488 === New features in 1.21 ===
16489 * (bug 38110) Schema changes (adding or dropping tables, indices and
16490 fields) can be now be done separately from other changes that
16491 update.php makes. This is useful in environments that use database
16492 permissions to restrict schema changes but allow the DB user that
16493 MediaWiki normally runs as to perform other changes that update.php
16494 makes. Schema changes can be run separately. See the file UPGRADE
16495 for more information.
16496 * (bug 34876) jquery.makeCollapsible has been improved in performance.
16497 * Added ContentHandler facility to allow extensions to support other content
16498 than wikitext. See docs/contenthandler.txt for details.
16499 * New feature was developed for showing high-DPI thumbnails for high-DPI mobile
16500 and desktop displays (configurable with $wgResponsiveImages).
16501 * Added new backend to represent and store information about sites and site
16502 specific configuration.
16503 * jQuery upgraded from 1.8.2 to 1.8.3.
16504 * jQuery UI upgraded from 1.8.23 to 1.8.24.
16505 * Added separate fa_sha1 field to filearchive table. This allows sha1
16506 searches with the api in miser mode for deleted files.
16507 * Add initial and programmatic sorting for tablesorter.
16508 * Add the event "sortEnd.tablesorter", triggered after sorting has completed.
16509 * The Job system was refactored to allow for different backing stores for
16510 queues as well as cross-wiki access to queues, among other things. The schema
16511 for the DB queue was changed to support better concurrency and reduce
16513 * Added ApiQueryORM class to facilitate creation of query API modules based on
16514 tables that have a corresponding ORMTable class.
16515 * (bug 40876) Icon for PSD (Adobe Photoshop) file types.
16516 * (bug 40641) Implemented Special:Version/Credits with a list of contributors.
16517 * (bug 7851) Implemented one-click AJAX patrolling.
16518 * The <data>, <time>, <meta>, and <link> elements are allowed within WikiText
16519 for use with Microdata.
16520 * The HTML5 <mark> tag has been whitelisted.
16521 * Added ParserCloned hook for when the Parser object is cloned.
16522 * Added AlternateEditPreview hook to allow extensions to replace the page
16523 preview from the edit page.
16524 * Added EditPage::showStandardInputs:options hook to allow extensions to add
16525 new fields to the "editOptions" area of the edit form.
16526 * Upload stash DB schema altered to improve upload performance.
16527 * The following global functions are now reporting deprecated warnings in
16528 debug mode: wfMsg, wfMsgNoTrans, wfMsgForContent, wfMsgForContentNoTrans,
16529 wfMsgReal, wfMsgGetKey, wfMsgHtml, wfMsgWikiHtml, wfMsgExt, wfEmptyMsg. Use
16530 the Message class, or the global method wfMessage.
16531 * Added $wgEnableCanonicalServerLink, off by default. If enabled, a
16532 <link rel=canonical> tag is added to every page indicating the correct server
16534 * Debug message emitted by wfDebugLog() will now be prefixed with the group
16535 name when its logged to the default log file. That is the case whenever the
16536 group has no key in wgDebugLogGroups, that will help triage the default log.
16537 * (bug 24620) Add types to LogFormatter.
16538 * jQuery JSON upgraded from 2.3 to 2.4.0.
16539 * Added GetDoubleUnderscoreIDs hook, for modifying the list of magic words.
16540 * DatabaseUpdater class has two new methods to ease extensions schema changes:
16541 dropExtensionIndex and renameExtensionIndex.
16542 * New preference type - 'api'. Preferences of this type are not shown on
16543 Special:Preferences, but are still available via the action=options API.
16544 * (bug 39397) Hide rollback link if a user is the only contributor of the page.
16545 * $wgPageInfoTransclusionLimit limits the list size of transcluded articles
16546 on the info action. Default is 50.
16547 * Added action=createaccount to allow user account creation.
16548 * (bug 40124) action=options API also allows for setting of arbitrary
16549 preferences, provided that their names are prefixed with 'userjs-'. This
16550 officially reenables the feature that was undocumented and defective
16551 in MW 1.20 (saving preferences using Special:Preferences cleared any
16552 additional fields) and which has been disabled in 1.20.1 as a part of
16553 a security fix (bug 42202).
16554 * Added option to specify "others" as author in extension credits using
16555 "..." as author name.
16556 * Added the ability to limit the wall clock time used by shell processes,
16557 as well as the CPU time. Configurable with $wgMaxShellWallClockTime.
16558 * Allow memory of shell subprocesses to be limited using Linux cgroups
16559 instead of ulimit -v, which tends to cause deadlocks in recent versions
16560 of ImageMagick. Configurable with $wgShellCgroup.
16561 * Added $wgWhitelistReadRegexp for regex whitelisting.
16562 * (bug 5346) Categories that are redirects will be displayed italic in
16563 the category links section at the bottom of a page.
16564 * (bug 43915) New maintenance script deleteEqualMessages.php.
16565 * You can now create checkbox option matrices through the HTMLCheckMatrix
16566 subclass in HTMLForm.
16567 * WikiText now permits the use of WAI-ARIA's role="presentation" inside of
16568 html elements and tables. This allows presentational markup, especially
16569 tables. To be marked up as such.
16570 * maintenance/sql.php learned the --cluster option. Let you run the script
16571 on some external cluster instead of the primary cluster for a given wiki.
16572 * (bug 20281) test the parsing of inline URLs.
16573 * Added Special:PagesWithProp, which lists pages using a particular page
16575 * Implemented language-specific collations for category sorting for 67 languages
16576 based in latin, greek and cyrillic alphabets. This allows one to *finally* get
16577 articles to be correctly sorted on category pages. They are named
16578 'uca-<langcode>', where <langcode> is one of: af, ast, az, be, bg, br, bs, ca,
16579 co, cs, cy, da, de, dsb, el, en, eo, es, et, eu, fi, fo, fr, fur, fy, ga, gd,
16580 gl, hr, hsb, hu, is, it, kk, kl, ku, ky, la, lb, lt, lv, mk, mo, mt, nl, no,
16581 oc, pl, pt, rm, ro, ru, rup, sco, sk, sl, smn, sq, sr, sv, tk, tl, tr, tt, uk,
16583 * Added 'CategoryAfterPageAdded' and 'CategoryAfterPageRemoved' hooks.
16584 * Added 'HistoryRevisionTools' and 'DiffRevisionTools' hooks.
16585 * Added 'SpecialSearchResultsPrepend' and 'SpecialSearchResultsAppend' hooks.
16586 * (bug 33186) Add image rotation api "imagerotate"
16587 * (bug 34040) Add "User rights management" link on user page toolbox.
16588 * (bug 45526) Add QUnit assertion helper "QUnit.assert.htmlEqual" for asserting
16589 structual equality of HTML (ignoring insignificant differences like
16590 quotmarks, order and whitespace in the attribute list).
16591 * (bug 23393) HTML <hN> headings containing line breaks are now handled
16593 * (bug 45803) Whitespace within == Headline == syntax and within <hN> headings
16594 is now non-significant and not preserved in the HTML output.
16596 === Bug fixes in 1.21 ===
16597 * (bug 40353) SpecialDoubleRedirect should support interwiki redirects.
16598 * (bug 40352) fixDoubleRedirects.php should support interwiki redirects.
16599 * (bug 9237) SpecialBrokenRedirect should not list interwiki redirects.
16600 * (bug 34960) Drop unused fields rc_moved_to_ns and rc_moved_to_title from
16601 recentchanges table.
16602 * (bug 32951) Do not register internal externals with absolute protocol,
16603 when server has relative protocol.
16604 * (bug 39005) When purging proxies listed in $wgSquidServers using HTTP PURGE
16605 method requests, we now send a Host header by default, for Varnish
16606 compatibility. This also works with Squid in reverse-proxy mode. If you wish
16607 to support Squid configured in forward-proxy mode, set
16608 $wgSquidPurgeUseHostHeader to false.
16609 * (bug 37020) sql.php with readline eats semicolon.
16610 * (bug 11748) Properly handle optionally-closed HTML tags when Tidy is
16611 disabled, and don't wrap HTML-syntax definition lists in paragraphs.
16612 * (bug 41409) Diffs while editing an old revision should again diff against the
16614 * (bug 41494) Honor $wgLogExceptionBacktrace when logging non-API exceptions
16615 caught during API execution.
16616 * (bug 37963) Fixed loading process for user options.
16617 * (bug 26995) Update filename field on Upload page after having sanitized it.
16618 * (bug 41793) Contribution links to users with 0 edits on Special:ListUsers
16619 didn't show up red.
16620 * (bug 41899) A PHP notice no longer occurs when using the "rvcontinue" API
16622 * (bug 42036) Account creation emails now contain canonical (not
16623 protocol-relative) URLs.
16624 * (bug 41990) Fix regression: API edit with redirect=true and lacking
16625 starttimestamp and basetimestamp should not cause an edit conflict.
16626 * (bug 41706) EditPage: Preloaded page should be converted if possible and
16628 * (bug 41886) Rowspans are no longer exploded by tablesorter until the table is
16630 * (bug 2865) User interface HTML elements don't use lang attribute.
16631 (completed the fix by adding the lang attribute to firstHeading).
16632 * (bug 42173) Removed namespace prefixes on Special:UncategorizedCategories.
16633 * (bug 36053) Log in "returnto" feature forgets query parameters if no
16634 title parameter was specified.
16635 * (bug 42410) API action=edit now returns correct timestamp for the new edit.
16636 * (bug 14901) Email notification mistakes log action for new page creation.
16637 Enotif no longer sends "page has been created" notifications for some log
16638 actions. The following events now have a correct message: page creation,
16639 deletion, move, restore (undeletion), change (edit). Parameter
16640 $CHANGEDORCREATED is deprecated in 'enotif_body' and scheduled for removal in
16642 * (bug 457) In the sidebar of Vector, CologneBlue, Monobook, and Monobook-based
16643 skins, the heading levels have been changed from (variously per skin)
16644 <h4>, <h5> or <h6> to only <h3>s, with a <h2> hidden heading above them.
16645 If you are styling or scripting the headings in a custom way, this change
16646 will require updates to your site's CSS or JS.
16647 * (bug 41342) jquery.suggestions should cancel any active (async) fetches
16648 before it triggers another fetch.
16649 * (bug 42184) $wgUploadSizeWarning missing second variable.
16650 * (bug 34581) removeUnusedAccounts.php maintenance script now ignores newuser
16651 log when determining whether an account is used.
16652 * (bug 43379) Gracefully fail if rev_len is unavailable for a revision on the
16654 * (bug 42949) API no longer assumes all exceptions are MWException.
16655 * (bug 41733) Hide "New user message" (.usermessage) element from printable
16657 * (bug 39062) Special:Contributions will display changes that don't have
16658 a parent id instead of just an empty bullet item.
16659 * (bug 37209) "LinkCache doesn't currently know about this title" error fixed.
16660 * wfMerge() now works if $wgDiff3 contains spaces
16661 * (bug 43052) mediawiki.action.view.dblClickEdit.dblClickEdit should trigger
16662 ca-edit click instead opening URL directly.
16663 * (bug 43964) Invalid value of "link" parameter in <gallery> no longer produces
16665 * (bug 44775) The username field is not pre-filled when creating an account.
16666 * (bug 45069) wfParseUrl() no longer produces a PHP notice if passed a "mailto:"
16667 URL without address
16668 * (bug 45012) Creating an account by e-mail can no longer show a
16669 "password mismatch" error.
16670 * (bug 44599) On Special:Version, HEADs for submodule checkouts (e.g. for
16671 extensions) performed using Git 1.7.8+ should now appear.
16672 * (bug 42184) $wgUploadSizeWarning missing second variable
16673 * (bug 40326) Check if files exist with a different extension during uploading
16674 * (bug 34798) Updated CSS for Atom/RSS recent changes feeds to match on-wiki
16676 * (bug 42430) Calling numRows on MySQL no longer propagates unrelated errors.
16677 * (bug 44719) Removed mention of non-existing maintenance/migrateCurStubs.php
16678 script in includes/DefaultSettings.php
16679 * (bug 45143) jquery.badge: Treat non-Latin variants of zero as zero as well.
16680 * (bug 46151) mwdocgen.php should not ignore exit code of doxygen command.
16681 * (bug 41889) Fix $.tablesorter rowspan exploding for complex cases.
16683 === API changes in 1.21 ===
16684 * prop=revisions can now report the contentmodel and contentformat.
16685 See docs/contenthandler.txt.
16686 * action=edit and action=parse now support contentmodel and contentformat
16687 parameters to control the interpretation of page content.
16688 See docs/contenthandler.txt for details.
16689 * (bug 35693) ApiQueryImageInfo now suppresses errors when unserializing
16691 * (bug 40111) Disable minor edit for page/section creation by API.
16692 * (bug 41042) Revert change to action=parse&page=... behavior when the page
16694 * (bug 27202) Add timestamp sort to list=allimages.
16695 * (bug 43137) Don't return the sha1 of revisions through the API if the content
16696 is revision-deleted.
16697 * ApiQueryImageInfo now also returns imageinfo for redirects.
16698 * list=alltransclusions added to enumerate every instance of page embedding
16699 * list=alllinks & alltransclusions now allow both 'from' and 'continue' in
16700 the same query. When both are present, 'from' is simply ignored.
16701 * list=alllinks & alltransclusions now allow 'unique' in generators, to yield
16702 a list of all link/template target pages instead of source pages.
16703 * BREAKING CHANGE: list=logevents output format changed for details of some log
16704 types. Specifically, details that were formerly reported under a key like
16705 "4::foo" will now be reported under a key of simply "foo".
16706 * BREAKING CHANGE: '??_badcontinue' error code was changed to '??badcontinue'
16707 for all query modules.
16708 * ApiQueryBase adds 'badcontinue' error code if module has 'continue' parameter.
16709 * (bug 35885) Removed version parameter and all getVersion() methods.
16710 * action=options now takes a "resetkinds" option, which allows only resetting
16711 certain types of preferences when the "reset" option is set.
16712 * (bug 36751) ApiQueryImageInfo now returns imageinfo for the redirect target
16713 when queried with &redirects=.
16714 * (bug 31849) ApiQueryImageInfo no longer gets confused when asked for info on
16715 a redirect and its target.
16716 * (bug 43849) ApiQueryImageInfo no longer throws exceptions with ForeignDBRepo
16718 * On error, any warnings generated before that error will be shown in the
16720 * action=help supports generalized submodules (modules=query+value),
16721 querymodules obsolete
16722 * ApiQueryImageInfo continuation is more reliable. The only major change is
16723 that the imagerepository property will no longer be set on page objects not
16724 processed in the current query (i.e. non-images or those skipped due to
16726 * Add supports for all pageset capabilities - generators, redirects,
16727 converttitles to action=purge and action=setnotificationtimestamp.
16728 * (bug 43251) prop=pageprops&ppprop= now accepts multiple props to query.
16729 * ApiQueryImageInfo will now limit the number of calls to File::transform made
16730 in any one query. If there are too many, iicontinue will be returned.
16731 * action=query&meta=siteinfo&siprop=general will now return the regexes used for
16732 link trails and link prefixes. Added for Parsoid support.
16733 * Added an API query module list=pageswithprop, which lists pages using a
16734 particular page property.
16735 * Added an API query module list=pagepropnames, which lists all page prop names
16736 currently in use on the wiki.
16737 * (bug 44921) ApiMain::execute() will now return after the CORS check for an
16738 HTTP OPTIONS request.
16739 * (bug 44923) action=upload works correctly if the entire file is uploaded in
16741 * Added 'continue=' parameter to streamline client iteration over complex query
16743 * (bug 44909) API parameters may now be marked as type "upload", which is now
16744 used for action=upload's 'file' and 'chunk' parameters. This type will raise
16745 an error during parameter validation if the parameter is given but not
16746 recognized as an uploaded file.
16747 * (bug 44244) prop=info may now return the number of people watching each page.
16748 * (bug 33304) list=allpages will no longer return duplicate entries when
16749 querying protection.
16750 * (bug 33304) list=allpages will now find really old indefinite protections.
16751 * (bug 45937) meta=allmessages will report a syntactically invalid lang as a
16752 proper error instead of as an uncaught exception.
16753 * (bug 25325) added support for wlshow filtering (bots/anon/minor/patrolled)
16754 to action=feedwatchlist
16755 * WDDX formatted output will actually be formatted (and normal output will no
16756 longer be), and will no longer choke on booleans.
16758 === API internal changes in 1.21 ===
16759 * For debugging only, a new global $wgDebugAPI removes many API restrictions
16761 Never use on the production servers, as this flag introduces security holes.
16762 Whenever enabled, a warning will also be added to all output.
16763 * ApiModuleManager now handles all submodules (actions,props,lists) and
16765 * Query stores prop/list/meta as submodules
16766 * ApiPageSet can now be used in any action to process titles/pageids/revids or
16768 * BREAKING CHANGE: ApiPageSet constructor now has two params instead of three,
16769 with only the first one keeping its meaning. ApiPageSet is now derived from
16771 * BREAKING CHANGE: ApiQuery::newGenerator() and executeGeneratorModule() were
16773 * ApiQueryGeneratorBase::setGeneratorMode() now requires a pageset param.
16774 * $wgAPIGeneratorModules is now obsolete and will be ignored.
16775 * Added flags ApiResult::OVERRIDE and ADD_ON_TOP to setElement() and addValue()
16776 * Internal API calls will now include <warnings> in case of unused parameters
16778 === Languages updated in 1.21 ===
16780 MediaWiki supports over 350 languages. Many localisations are updated
16781 regularly. Below only new and removed languages are listed, as well as
16782 changes to languages because of Bugzilla reports.
16784 * South Azerbaijani (azb) added.
16785 * (bug 30040) Autonym for nds-nl is now 'Nedersaksies' (was 'Nedersaksisch').
16786 * (bug 45436) Autonym for pi (Pali) is now 'पालि' (was ''पाळि').
16787 * (bug 34977) Now formatted numbers in Spanish use space as separator
16788 for thousands, as mandated by the Real Academia Española.
16789 * (bug 35031) Kurdish formatted numbers now use period and comma
16790 as separators for thousands and decimals respectively.
16792 === Other changes in 1.21 ===
16793 * BREAKING CHANGE: (bug 44385) Removed the jquery.collapsibleTabs module and
16794 moved it to the Vector extension. It was entirely Vector-extension-specific,
16795 deeply interconnected with the extension, and this functionality really
16796 belongs to the extension instead of the skin anyway. In the unlikely case you
16797 were using it, you have to either copy it to your extension, or install the
16798 Vector extension (and possibly disable its features using config settings if
16799 you don't want them).
16800 * Experimental IBM DB2 support was removed due to lack of interest and
16802 * BREAKING CHANGE: Filenames of maintenance scripts were standardized into
16803 lowerCamelCase format, and made more explicit:
16804 - clear_stats.php -> clearCacheStats.php
16805 - clear_interwiki_cache.php -> clearInterwikiCache.php
16806 - initStats.php -> initSiteStats.php
16807 - proxy_check.php -> proxyCheck.php
16808 - stats.php -> showCacheStats.php
16809 - showStats.php -> showSiteStats.php.
16810 Class names were renamed accordingly:
16811 - clear_stats -> ClearCacheStats
16812 - InitStats -> InitSiteStats
16813 - CacheStats -> ShowCacheStats
16814 - ShowStats -> ShowSiteStats.
16815 * BREAKING CHANGE: (bug 38244) Removed the mediawiki.api.titleblacklist module
16816 and moved it to the TitleBlacklist extension.
16820 == MediaWiki 1.20.8 ==
16821 This is a security release of the MediaWiki 1.20 branch.
16823 === Changes since 1.20.7 ===
16824 * (bug 53032) SECURITY: Don't cache when a call could autocreate
16825 * (bug 55332) SECURITY: Improve css javascript detection
16826 * (bug 49717) Fix behaviour $wgVerifyMimeType = false; in Upload
16827 * Fix comma errors in various js files
16830 == MediaWiki 1.20.7 ==
16831 This is a security release of the MediaWiki 1.20 branch.
16833 === Changes since 1.20.6 ===
16834 * SECURITY: Fix extension detection with 2 .'s
16835 * SECURITY: Token-getting functions will fail when using jsonp callbacks.
16836 * SECURITY: Sanitize ResourceLoader exception messages
16837 * Purge upstream caches when deleting file assets.
16839 == MediaWiki 1.20.6 ==
16840 This is a security and maintenance release of the MediaWiki 1.20 branch.
16842 === Changes since 1.20.5 ===
16843 * (bug 48306) SECURITY: Run file validation checks on chunked uploads, and
16844 chunks of upload, during the upload process.
16845 * (bug 44327) mediawiki.user: Use session ID instead of 1-year cross-session
16847 * (bug 47202) wikibits: FF2Fixes.css should not be loaded in Firefox 20.
16848 * (bug 31044) Make ResourceLoader behave in read-only mode
16850 == MediaWiki 1.20.5 ==
16851 This is a security and maintenance release of the MediaWiki 1.20 branch.
16853 === Changes since 1.20.4 ===
16854 * (bug 46590) Add hook AbortChangePassword to Special:ChangePassword
16855 * (bug 47304) SECURITY: Check SVG xml encoding against whitelist
16856 * Localisation updates from http://translatewiki.net.
16857 * mwdocgen.php: Implement --version option.
16858 * Remove svnstat stuff used in Doxygen generation
16859 * (bug 43594) Correctly suppress warnings that were missed after the upstream
16860 * PHP change to E_STRICT being included in E_ALL.
16862 == MediaWiki 1.20.4 ==
16863 This is a security release of the MediaWiki 1.20 branch.
16865 === Changes since 1.20.3 ===
16866 * (bug 47251) SECURITY: Disable external entities in Import
16867 * (bug 46859) SECURITY: Disable external entities in XMLReader
16868 * (bug 46084) SECURITY: Sanitize $limitReport before outputting
16870 == MediaWiki 1.20.3 ==
16871 This is a security and maintenance release of the MediaWiki 1.20 branch.
16873 === Changes since MediaWiki 1.20.2 ===
16874 * New preference type - 'api'. Preferences of this type are not shown on
16875 Special:Preferences, but are still available via the action=options API.
16877 * (bug 44010) Context is passed to UserGetLanguageObject.
16878 * The recursion guard on RequestContext::getLanguage() was weakened.
16879 * (bug 40585) Don't drop 'step="any"' in HTML input fields.
16880 * (bug 44024) Fixed problems in ObjectCache when using XCache.
16881 * (bug 44010) FauxRequest leaked cookie data from primary request.
16882 * (bug 44135/bug 42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST
16883 * (bug 43518) API action=unblock should return the user name, not the full user
16885 * (bug 45355) Prevent read of arbitrary files through mwdoc-filter.php
16887 == MediaWiki 1.20.2 ==
16888 This is a maintenance release of the MediaWiki 1.20 branch
16890 === Changes since MediaWiki 1.20.1 ===
16891 * (bug 42638) Fix API action=options&reset=1 & unit tests.
16892 * (bug 42370) Fixed backport of 60cc060 to use mDoneWrites — caused
16893 * (bug 42592) User rights, preferences and other things are not saving in
16896 == MediaWiki 1.20.1 ==
16897 This is a security release of the MediaWiki 1.20 branch
16899 === Changes since 1.20.0 ===
16900 * (bug 42202) Validate options to prevent html injection
16901 * (bug 40995) Prevent session fixation in Special:UserLogin (CVE-2012-5391)
16902 * (bug 41400) Prevent linker regex from exceeding PCRE backtrack limit
16903 * Javscript Lint fixes
16904 * (bug 40632) Remove CleanupPresentationalAttributes feature
16905 * [Database] Fixed case where trx idle callbacks might be lost.
16907 == MediaWiki 1.20.0 ==
16909 === PHP 5.3 now required ===
16910 Since 1.20, the lowest supported version of PHP is now 5.3.2. Please
16911 upgrade PHP if you have not done so prior to upgrading MediaWiki.
16913 === Configuration changes in 1.20 ===
16914 * $wgGitRepositoryViewers defines a mapping from Git remote repository to the
16915 Gitweb instance URL used in Special:Version.
16916 * `$wgUsePathInfo = true;` is no longer needed to make $wgArticlePath work on
16917 servers using like nginx, lighttpd, and apache over fastcgi. MediaWiki now
16918 always extracts path info from REQUEST_URI if it's available.
16919 * The user right 'upload_by_url' is no longer given to sysops by default.
16920 This only affects installations which have $wgAllowCopyUploads set to true.
16921 * Removed f-prot support from $wgAntivirusSetup.
16922 * New variable $wgDBerrorLogTZ to provide dates in the error log in a
16923 different timezone than the wiki timezone set by $wgLocaltimezone.
16924 * New variables $wgDBssl and $wgDBcompress to enable SSL and compression for
16925 database connections, if either are available for the selected DB type.
16926 * $wgUseCombinedLoginLink now defaults to false, making MediaWiki output
16927 separate login and create account links by default.
16929 === New features in 1.20 ===
16930 * Added TitleIsAlwaysKnown hook which gets called when determining if a page
16932 * Added NamespaceIsMovable hook which gets called when determining if pages in a
16933 certain namespace can be moved.
16934 * Added SpecialPageBeforeExecute hook which gets called before
16935 SpecialPage::execute.
16936 * Added SpecialPageAfterExecute hook which gets called after
16937 SpecialPage::execute.
16938 * Added ORMTable, ORMRow and ORMResult classes for additional abstraction of
16939 database interaction.
16940 * Added CacheHelper and associated SpecialCachedPage and CachedAction helper
16942 * (bug 32341) Add upload by URL domain limitation.
16943 * &useskin=default will now always display the default skin. Useful for users
16944 with a preference for the non-default skin to look at something using the
16946 * (bug 27619) Remove preference option to display broken links as link?
16947 * (bug 34896) jQuery JSON plugin upgraded to v2.3 (2011-09-17).
16948 * (bug 34302) Add CSS classes to email fields in user preferences.
16949 * Introduced $wgDebugDBTransactions to trace transaction status (currently
16951 * (bug 23795) Add parser itself to ParserMakeImageParams hook.
16952 * Introduce a cryptographic random number generator source api for use when
16953 generating various tokens.
16954 * (bug 30963) Option on Special:Prefixindex and Special:Allpages to not show
16956 * (bug 18062) New message when edit or create the local page of a shared file.
16957 * (bug 22870) Separate interface message when creating a page.
16958 * (bug 17615) nosummary option should be reassigned on preview/captcha.
16959 * (bug 34355) Add a variable and parser function for the namespace number.
16960 * (bug 35649) Special:Version now shows hashes of extensions checked out from
16962 * (bug 35728) Git revisions are now linked on Special:Version.
16963 * "Show Changes" on default messages shows now diff against default message text
16964 * (bug 23006) create #speciale parser function.
16965 * generateSitemap can now optionally skip redirect pages.
16966 * (bug 27757) New API command just for retrieving tokens (not page-based).
16967 * Added GitViewers hook for extensions using external git repositories to have a
16968 web-based repository viewer linked to from Special:Version.
16969 * Memcached debug logs can now be sent to their own file logs by setting
16970 $wgDebugLogFile['memcached'] to some filepath.
16971 * (bug 35685) api.php URL and other entry point URLs are now listed on
16973 * Edit notices can now be translated.
16974 * jQuery upgraded to 1.8.2.
16975 * jQuery UI upgraded to 1.8.23.
16976 * QUnit upgraded from v1.2.0 to v1.10.0.
16977 * (bug 37604) jquery.cookie upgraded to 2011 version.
16978 * (bug 22887) Add warning and tracking category for preprocessor errors
16979 * (bug 31704) Allow selection of associated namespace on the watchlist
16980 * (bug 5445) Now remove autoblocks when a user is unblocked.
16981 * Added $wgLogExceptionBacktrace, on by default, to allow logging of exception
16983 * Added device detection for determining device capabilities.
16984 * QUnit.newMwEnvironment now supports passing a custom setup and/or teardown
16985 function. Arguments signature has changed. First arguments is now an options
16986 object of which 'config' can be a property. Previously 'config' itself was the
16987 first and only argument.
16988 * New getCreator and getOldestRevision methods added to WikiPage class
16989 * (bug 4220) the XML dump format schema now have unique identity constraints
16990 for page and revision identifiers. Patch by Elvis Stansvik.
16991 * cleanupSpam.php now can delete spam pages if --delete was specified instead of
16993 * Added new hook ChangePasswordForm to allow adding of additional fields in
16994 Special:ChangePassword
16995 * Added new function getDomain to AuthPlugin for getting a user's domain
16996 * (bug 23427) New magic word {{PAGEID}} which gives the current page ID.
16997 Will be null on previewing a page being created.
16998 * (bug 37627) UserNotLoggedIn() exception to show a generic error page whenever
16999 a user is not logged in.
17000 * Watched status in changes lists are no longer indicated by <strong></strong>
17001 tags with class "mw-watched". Instead, each line now has a class
17002 "mw-changeslist-line-watched" or "mw-changeslist-line-not-watched", and the
17003 title itself is surrounded by <span></span> tags with class "mw-title".
17004 * Added ContribsPager::reallyDoQuery hook allowing extensions to data to
17006 * Added new hook ParserAfterParse to allow extensions to affect parsed output
17007 after the parse is complete but before block level processing, link holder
17008 replacement, and so on.
17009 * (bug 34678) Added InternalParseBeforeSanitize hook which gets called during
17010 Parser's internalParse method just before the parser removes
17011 unwanted/dangerous HTML tags.
17012 * Added new hook AfterFinalPageOutput to allow modifications to buffered page
17013 output before sent to the client.
17014 * (bug 36783) Implement jQuery Promise interface in mediawiki.api module.
17015 * Make dates in sortable tables sort according to the page content language
17016 instead of the site content language
17017 * (bug 37926) Deleterevision will no longer allow users to delete log entries,
17018 the new deletelogentry permission is required for this.
17019 * (bug 14237) Allow PAGESINCATEGORY to distinguish between 'all', 'pages',
17020 'files' and 'subcats'
17021 * (bug 38362) Make Special:Listuser includeable on wiki pages.
17022 * Added support in jquery.localize for placeholder attributes.
17023 * (bug 38151) Implemented mw.user.getRights for getting and caching the current
17024 user's user rights.
17025 * Session storage can now configured independently of general object cache
17026 storage, by using $wgSessionCacheType. $wgSessionsInMemcached has been
17027 renamed to $wgSessionsInObjectCache, with the old name retained for backwards
17028 compatibility. When this feature is enabled, the expiry time can now be
17029 configured with $wgObjectCacheSessionExpiry.
17030 * Added a Redis client for object caching.
17031 * Implemented mw.user.getGroups for getting and caching user groups.
17032 * (bug 37830) Added $wgRequirePasswordforEmailChange to control whether password
17033 confirmation is required for changing an email address or not.
17034 * HTMLForm mutators can now be chained (they return $this)
17035 * A new message, "api-error-filetype-banned-type", is available for formatting
17036 API upload errors due to the file extension blacklist.
17037 * New hook 'ParserTestGlobals' allows to set globals before running parser
17039 * Allow importing pages as subpage.
17040 * Add lang and hreflang attributes to language links on Login page.
17041 * (bug 22749) Create Special:MostInterwikis.
17042 * Show change tags when transclude Special:Recentchanges(linked) or
17044 * (bug 23226) Add |class= parameter to image links in order to add class(es) to
17046 * (bug 39431) SVG animated status is now shown in long description.
17047 * (bug 39376) jquery.form upgraded to 3.14.
17048 * SVG files will now show the actual width in the SVG's specified units
17049 in the metadata box.
17050 * Added ResourceLoader module "jquery.jStorage" (v0.3.0, http://jStorage.info/).
17051 * (bug 39273) Added AJAX support for "Show changes" (diff) in LivePreview.
17052 * Added ResourceLoader module "jquery.badge".
17053 * mw.util.$content now points to the overall content area in the skin rather
17054 than just page text content area. If you need the old behavior please use
17055 $( '#mw-content-text').
17056 * jsMessage has been replaced with a floating bubble notification system
17057 complete with auto-hide, multi-message support, and message replacement tags.
17058 * jquery.messageBox which appears to be unused by both core and extensions has
17060 * (bug 34939) Made link parsing insensitive ([HttP://]).
17061 * (bug 40072) Add CSS classes to items in output of ChangesList pages.
17062 * Added $wgCopyUploadProxy global to define which proxy to use for copy
17064 * (bug 40448) mediawiki.legacy.mwsuggest has been replaced with a new module,
17065 mediawiki.searchSuggest, based on SimpleSearch from Extension:Vector.
17067 === Known issues in 1.20.0 ===
17068 These are issues that we're targeting to be fixed in a later release
17069 in the 1.20 series. Issues may be added or removed from this list as
17070 we see fit. For now, it is comprised of those bugs on the 1.20.0
17071 milestone in Bugzilla.
17073 * (bug 35894): Reports of secret key generation "hanging" on windows
17074 This is probably a bug that has been fixed in PHP. If you run
17075 into this, try upgrading your PHP.
17076 * (bug 38334): PHP Notice: Undefined index: href in /www/w/skins/Vector.php on
17078 We think this is a problem in some extension. If you see this,
17079 try disabling your extensions and check out the logging patch on
17080 this bug. Or try this patch:
17081 <https://gerrit.wikimedia.org/r/#/c/27937/1/skins/Vector.php>
17082 * (bug 39268): [Regression] Toolbar inserts in main textarea only (instead of
17083 the focussed textarea)
17084 This should only be an issue if you are using the ProofreadPage
17086 * (bug 40641): Clicking "others" in Special:Version asks to download a file
17087 If you encounter this, you can tell your webserver to serve the
17088 CREDITS file with text/plain MIME type to fix it.
17090 === Bug fixes in 1.20 ===
17091 * (bug 40939): [Regression] InfoAction: Call to a member function getUserText()
17093 * (bug 40780): searchsuggest-containing line ("containing...") doesn't include
17095 * (bug 37714): [Regression] Incomplete log entries
17096 * (bug 27202): API: Add timestamp sort to list=allimages
17097 * (bug 30245) Use the correct way to construct a log page title.
17098 * (bug 34237) Regenerate an empty user_token and save to the database
17099 when we try to set the user's cookies for login.
17100 * (bug 32210) New edit emails for watched pages always provide a link to the
17101 edit which triggered the mail.
17102 * (bug 12021) Added user talk link on Special:Listusers.
17103 * (bug 34445) section edit and TOC hide/show links are excluded from selection
17104 and copy/paste on supporting browsers.
17105 * (bug 34428) Fixed incorrect hash mismatch errors in the DiffHistoryBlob
17106 history compression method.
17107 * (bug 34702) Localised parentheses are now used in more special pages.
17108 * (bug 34723) When editing a script page on a RTL wiki the textbox should be
17110 * (bug 34762) Calling close() on a DatabaseBase object now clears the
17112 * (bug 34863) Show deletion log extract on non-existent file pages if
17114 * (bug 28019) Let ?preloadtitle=foo be passed on to target of
17115 Special:MyPage and Special:MyTalk.
17116 * (bug 34929) Show the correct diff when a section edit is rejected by the spam
17118 * (bug 15816) Add a switch for SETting the search_path (Postgres).
17119 * (bug 34521) Returning to the previous page after logging in loses any array-
17120 valued parameters in the query string.
17121 * (bug 34735) Updated compressOld.php documentation to mention the different
17122 usages of -s and -n parameters depending on compression type.
17123 * (bug 13896) Rendering of devanagari numbers in automatic '#' number lists.
17124 * (bug 33689) Upgrade to 1.19 on Postgres fails due to incomplete query when
17125 trying to defer foreign key for externallinks.
17126 * (bug 32748) Printer friendly version of article decode Unicode chars as a
17127 pretty IRI in footer.
17128 * Removed white border around thumbnails in galleries.
17129 * (bug 31236) "Next" and "Previous" buttons are shown incorrectly in
17130 an RTL environment.
17131 * (bug 35749) Updated maintenance/checkSyntax.php to use Git instead of
17132 Subversion when invoked with the --modified option.
17133 * (bug 35069) On history pages, the " . . " separator after the number of
17134 characters changed in a revision is now suppressed if no text would follow.
17135 * (bug 18704) Add a unique CSS class or ID to the tagfilter table row at
17137 * (bug 33564) transwiki import sometimes result in invalid title.
17138 * (bug 35572) Blocks appear to succeed even if query fails due to wrong DB
17140 * (bug 31757) Add a word-separator between help-messages in HTMLForm
17141 * (bug 30410) Removed deprecated $wgFilterCallback and the 'filtered' API error.
17142 * (bug 32604) Some messages needs escaping of wikitext inside username.
17143 * (bug 36537) Rename wfArrayToCGI to wfArrayToCgi for consistency with
17145 * (bug 25946) The message on the top of Special:RecentChanges is now displayed
17146 in user language instead of content language.
17147 * (bug 35264) Wrong type used for <ns> in export.xsd
17148 * (bug 24985) Use $wgTmpDirectory as the default temp directory so that people
17149 who don't have access to /tmp can specify an alternative.
17150 * (bug 27283) SqlBagOStuff breaks PostgreSQL transactions.
17151 * (bug 35727) mw.Api ajax() should put token parameter last.
17152 * (bug 37708) mw.Uri.clone() should make a deep copy.
17153 * (bug 38024) ResourceLoader should not create empty stylesheets for modules
17154 that don't have stylesheets.
17155 * (bug 36812) Special:ActiveUsers "Hide bots" should hide users from any group
17156 having the "bot" user right, instead of just the default "bot" user group.
17157 * (bug 35082) mw.util.addPortletLink incorrectly adds link to mutiple <ul> tags.
17158 * (bug 36991) jquery.tablesorter should extract date sort format from date
17159 string instead of global config. Dates like "April 1 2012" and "1 April 2012"
17160 now sort correctly regardless of the content language's DefaultDateFormat.
17161 * (bug 31895) mw.loader mode now correct when triggered from a $.fn.ready
17162 handler that is bound before mediawiki.js's handler (e.g. browser-userscripts
17163 like greasemonkey).
17164 * (bug 38152) jquery.tablesorter: Use .data() instead of .attr(), so that live
17165 values are used instead of just the fixed values from when the tablesorter
17167 * (bug 38093) Gender of changed user groups missing in Special:Log/rights
17168 * (bug 35893) Special:Block needs to load mediawiki.special.block.js.
17169 * (bug 37331) ResourceLoader modules sometimes execute twice in Firefox
17170 * (bug 31644) GlobalUsage, CentralAuth and AbuseLog extensions should not use
17171 insecure links to foreign wikis in the WikiMap.
17172 * (bug 36073) Avoid duplicate element IDs on File pages.
17173 * (bug 25095) Special:Categories should also include the first relevant item
17174 when "from" is filled.
17175 * (bug 35526) jquery.tablesorter now uses a stable sort.
17176 * (bug 38953) --memory-limit switch not working for runJobs.php.
17177 * (bug 33037) Make subpage of Special:newfiles control how many files
17178 are returned, like in previous versions.
17179 * (bug 36524) "Show" options on Special:RecentChanges and
17180 Special:RecentChangesLinked are now remembered between successive clicks.
17181 * (bug 26069) Page title is no longer "Error" for all error pages.
17182 * (bug 39297) Show warning if thumbnail of animated image will not be animated.
17183 * (bug 38249) Parser will throw an exception instead of outputting gibberish if
17184 PCRE is compiled without support for unicode properties.
17185 * (bug 30390) Suggested file name on Special:Upload should not contain
17186 illegal characters.
17187 * EXIF below sea level GPS altitude data is now shown correctly.
17188 * (bug 39284) jquery.tablesorter should not consider "."" or "?"" to be a
17190 * (bug 39273) "Show changes" should not be incorrectly displayed in the Live
17192 * Made body-content lang attribute honor the variant language when it is set.
17193 * (bug 36761) "Mark pages as visited" now submits previously established filter
17195 * (bug 39635) PostgreSQL LOCK IN SHARE MODE option is a syntax error.
17196 * (bug 36329) Accesskey tooltips for Firefox 14 on Mac should use "ctrl-option-"
17198 * (bug 32552) Drop unused database field cat_hidden from table category.
17199 * (bug 24502) Do not allow multiple language links to the same language.
17200 * (bug 40214) Category pages no longer use deprecated "width" HTML attribute.
17201 * (bug 39941) Add missing stylesheets to the installer pages
17202 * In HTML5 mode, allow new input element types values (such as color, range..)
17203 * (bug 36151) mw.Title: Don't limit extension in title parsing.
17204 * (bug 38158) jquery.byteLimit sometimes causes an unexpected 0 maxLength being
17206 * (bug 38163) jquery.byteLimit incorrectly limits input when using methods other
17207 than basic per-char typing.
17208 * (bug 34495) patrol log now credit the user patrolling (instead of patrolled
17210 * (bug 31676) ResourceLoader should work around IE stylesheet limit.
17211 * (bug 40498) ResourceLoader should not output an empty "@media print { }"
17213 * (bug 40500) ResourceLoader should not ignore media-type for urls in debug
17215 * (bug 40660) ResourceLoaderWikiModule should not convert " " to a space
17216 for pages from the MediaWiki-namespace.
17217 * (bug 40329) (bug 40632) Removed CleanupPresentationalAttributes feature.
17219 === API changes in 1.20 ===
17220 * (bug 34316) Add ability to retrieve maximum upload size from MediaWiki API.
17221 * (bug 34313) MediaWiki API intro message about "HTML format" should mention
17222 the format parameter.
17223 * (bug 32384) Allow descending order for list=watchlistraw.
17224 * (bug 31883) Limit of bkusers of list=blocks and titles of action=query is
17225 not documented in API help.
17226 * (bug 32492) API now allows editing using pageid.
17227 * (bug 32497) API now allows changing of protection level using pageid.
17228 * (bug 32498) API now allows comparing pages using pageids.
17229 * (bug 30975) API import of pages with invalid characters in this wiki leads to
17231 * (bug 30488) API now allows listing of backlinks/embeddedin/imageusage per
17233 * (bug 34927) Output media_type for list=filearchive.
17234 * (bug 28814) add properties to output of action=parse.
17235 * (bug 33224) add variants of content language to meta=siteinfo.
17236 * (bug 32643) action=purge with forcelinkupdate no longer crashes when ratelimit
17238 * The paraminfo module now also contains result properties for most modules.
17239 * (bug 32348) Allow descending order for list=alllinks.
17240 * (bug 31777) Upload unknown error ``fileexists-forbidden''.
17241 * (bug 32382) Allow descending order for list=iwbacklinks.
17242 * (bug 32381) Allow descending order for list=backlinks, list=embeddedin and
17244 * (bug 32383) Allow descending order for list=langbacklinks.
17245 * API meta=siteinfo can now return the list of known variable IDs.
17246 * (bug 35980) list=deletedrevs now honors drdir correctly in "all" mode
17248 * (bug 29290) API avoids mangling fields in continuation parameters
17249 * (bug 36987) API avoids mangling fields in continuation parameters
17250 * (bug 30836) siteinfo prop=specialpagealiases will no longer return nonexistent
17252 * (bug 38190) Add "required" flag to some token params for hint in api docs.
17253 * (bug 27567) Add file repo support to prop=duplicatefiles.
17254 * (bug 27610) Add archivename for non-latest image version to list=filearchive
17255 * (bug 38231) Add xml parse tree to action=parse.
17256 * Watchlist notification timestamp may be queried by page and may be updated via
17258 * (bug 38904) prop=revisions&rvstart=... no longer blows up when continuing.
17259 * (bug 39032) ApiQuery generates help in constructor.
17260 * (bug 11142) Improve file extension blacklist error reporting in API upload.
17261 * (bug 39665) List of query generators is now not built using reflection,
17262 instead it is defined in code.
17263 * (bug 35993) Deprecated gettoken parameter - support will be removed in 1.22.
17265 === Languages updated in 1.20 ===
17267 MediaWiki supports over 350 languages. Many localisations are updated
17268 regularly. Below only new and removed languages are listed, as well as
17269 changes to languages because of Bugzilla reports.
17271 * Emilian (egl) added.
17272 * Tornedalen Finnish (fit) added.
17273 * Mizo (lus) added.
17274 * Santali (sat) added.
17275 * (bug 34192) Namespace gender aliases for Albanian languages (sq & aln).
17276 * (bug 35541) Namespace gender aliases for Croatian (hr).
17277 * (bug 36012) Space in $separatorTransformTable should be non-breaking in
17278 Portuguese, Esperanto and Udmurt.
17279 * Turoyo (tru) added.
17280 * Cyrillic-Latin language converter added for Uzbek (uz).
17282 === Other changes in 1.20 ===
17283 * The user_token field is now left empty until a user attempts to login and
17284 cookies need to be set. It is also now possible to reset every user's
17285 user_token simply by clearing the values in the user_token column.
17286 * Removed ./tests/qunit/index.html from core. It wasn't actively maintained and
17287 has been made obsolete when [[Special:JavaScriptTest/qunit]] was introduced,
17288 which actually uses ResourceLoader, LocalSettings and the Skin.
17289 * Removed $wgDBtransactions global. This was only checked in one class
17290 and only applies to MyISAM or similar DBs. Those should only be used
17291 for archived sites anyway. We can't get edit conflicts on such sites,
17292 so the WikiPage code wasn't useful there either.
17293 * Deprecated mw.user.name in favour of mw.user.getName.
17294 * Deprecated mw.user.anonymous in favour of mw.user.isAnon.
17295 * Deprecated DatabaseBase functions newFromParams(), newFromType(), set(),
17296 quote_ident(), and escapeLike() were removed.
17297 * Use of __DIR__ instead of dirname( __FILE__ ).
17298 * OutputPage::wrapWikiMsg() no longer supports the 'options' parameter. It was
17299 not used and complicated migration to Message class.
17300 * Live preview functionality has been improved and moved into the
17301 'mediawiki.action.edit.preview' module. The old 'mediawiki.legacy.preview'
17302 module has been removed.
17303 * (bug 40448) Removed mediawiki.legacy.mwsuggest module, and removed the
17304 following that has become obsolete:
17305 - globals $wgEnableMWSuggest and $wgMWSuggestTemplate.
17306 - mw.config.values wgMWSuggestTemplate and wgSearchNamespaces.
17307 - method SearchEngine::getMWSuggestTemplate().
17309 == MediaWiki 1.19 ==
17311 == MediaWiki 1.19.24 ==
17313 This is a security and maintenance release of the MediaWiki 1.19 branch.
17315 === Changes since 1.19.23 ===
17317 * ({{bug|T85848}}, {{bug|T71210}}) SECURITY: Don't parse XMP blocks that
17318 contain XML entities, to prevent various DoS attacks.
17319 * ({{bug|T88310}}) SECURITY: Always expand xml entities when checking SVG's.
17320 * ({{bug|T73394}}) SECURITY: Escape > in Html::expandAttributes to prevent XSS.
17321 * ({{bug|T85855}}) SECURITY: Don't execute another user's CSS or JS on preview.
17322 * ({{bug|T85349}}, {{bug|T85850}}, {{bug|T86711}}) SECURITY: Multiple issues
17323 fixed in SVG filtering to prevent XSS and protect viewer's privacy.
17325 == MediaWiki 1.19.23 ==
17327 This is a security and maintenance release of the MediaWiki 1.19 branch.
17329 === Changes since 1.19.22 ===
17331 * (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which
17332 could lead to xss. Permission to edit MediaWiki namespace is required to
17334 * (bug T74222) The original patch for T74222 was reverted as unnecessary.
17335 * Add missing $ in front of variable in OutputPage.php
17337 == MediaWiki 1.19.22 ==
17339 This is a security and maintenance release of the MediaWiki 1.19 branch.
17341 === Changes since 1.19.21 ===
17343 * ({{bug|66776}}, {{bug|71478}}) SECURITY: User PleaseStand reported a way to
17344 inject code into API clients that used format=php to process pages that
17345 underwent flash policy mangling. This was fixed along with improving how the
17346 mangling was done for format=json, and allowing sites to disable the mangling
17347 using $wgMangleFlashPolicy.
17348 * ({{bug|72222}}) SECURITY: Do not show log action when the entry is revdeleted
17349 with DELETED_ACTION. NOTICE: this may be reverted in a future release pending a
17350 public RFC about the desired functionality. This issue was reported by user
17352 * ({{bug|71621}}) Make allowing site-wide styles on restricted special pages a
17354 * $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that
17355 might be a flash policy directive configurable.
17357 == MediaWiki 1.19.21 ==
17358 This is a maintenance release of the MediaWiki 1.19 branch.
17360 === Changes since 1.19.20 ===
17361 * (bug 67440) Allow classes to be registered properly from installer.
17362 * (bug 47281) Fixed a dumpBackup.php error with --uploads
17363 --include-filesoptions: Unable to find the wrapper "mwstore".
17364 * System administrators are encouraged to upgrade to this release or 1.22+ and
17365 produce a full data dump.
17366 https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Backing_up_a_wiki
17367 * (bug 63049) Removed anonymous functions from ApiFormatBase, added in1.19.13 as
17368 part of the fix for bug 61362, for PHP 5.2 compatibility.
17370 == MediaWiki 1.19.20 ==
17371 This is a security release of the MediaWiki 1.19 branch.
17373 === Changes since 1.19.19 ===
17374 * (bug 70672) SECURITY: OutputPage: Remove separation of css and js module
17377 == MediaWiki 1.19.19 ==
17378 This is a security release of the MediaWiki 1.19 branch.
17380 === Changes since 1.19.18 ===
17381 * (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style>
17382 elements; normalize style elements and attributes before filtering; add checks
17383 for attributes that contain css; add unit tests for html5sec and reported
17386 == MediaWiki 1.19.18 ==
17387 This is a security release of the MediaWiki 1.19 branch.
17389 === Changes since 1.19.17 ===
17390 * (bug 68187) SECURITY: Prepend jsonp callback with comment.
17391 * (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and
17394 == MediaWiki 1.19.17 ==
17395 This is a security and maintenance release of the MediaWiki 1.19 branch.
17397 === Changes since 1.19.16 ===
17398 * (bug 65839) SECURITY: Prevent external resources in SVG files.
17399 * (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like
17400 only extracting the tail of the file partially or not at all.
17402 == MediaWiki 1.19.16 ==
17403 This is a security release of the MediaWiki 1.19 branch.
17405 === Changes since 1.19.15 ===
17406 * (bug 65501) SECURITY: Don't parse usernames as wikitext on
17407 Special:PasswordReset.
17409 == MediaWiki 1.19.15 ==
17410 This is a security and maintenance release of the MediaWiki 1.19 branch.
17412 === Changes since 1.19.14 ===
17413 Fixed resetting passwords.
17414 * (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to
17415 appear blank or with missing text.
17417 == MediaWiki 1.19.14 ==
17418 This is a security and maintenance release of the MediaWiki 1.19 branch.
17420 === Changes since 1.19.13 ===
17421 * (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword.
17422 * (bug 62467) Set a title for the context during import on the cli.
17424 == MediaWiki 1.19.13 ==
17425 This is a security and maintenance release of the MediaWiki 1.19 branch.
17427 === Changes since 1.19.12 ===
17428 * (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.
17429 * Use the correct branch of the extensions' git repositories.
17431 == MediaWiki 1.19.12 ==
17432 This is a security release of the MediaWiki 1.19 branch.
17434 === Changes since 1.19.11 ===
17435 * (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted
17436 namespaces. Also disallow iframe elements. * User will get an error including
17437 the namespace name if they use a non- whitelisted namespace.
17438 * (bug 61346) SECURITY: Make token comparison use constant time. It seems like
17439 our token comparison would be vulnerable to timing attacks. This will take
17442 == MediaWiki 1.19.11 ==
17443 This is a security release of the MediaWiki 1.19 branch.
17445 === Changes since 1.19.10 ===
17446 * (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media
17449 == MediaWiki 1.19.10 ==
17450 This is a security release of the MediaWiki 1.19 branch.
17452 === Changes since 1.19.9 ===
17453 * (bug 57550) SECURITY: Disallow stylesheets in SVG Uploads
17454 * (bug 58088) SECURITY: Don't normalize U+FF3C to \ in CSS Checks
17455 * (bug 58472) SECURITY: Disallow -o-link in styles
17456 * (bug 58553) SECURITY: Return error on invalid XML for SVG Uploads
17457 * (bug 58699) SECURITY: Fix RevDel log entry information leaks
17459 == MediaWiki 1.19.9 ==
17460 This is a security and maintenance release of the MediaWiki 1.19 branch.
17462 === Changes since 1.19.8 ===
17463 * (bug 53032) SECURITY: Don't cache when a call could autocreate
17464 * (bug 55332) SECURITY: Improve css javascript detection
17465 * (bug 49717) Fix behaviour $wgVerifyMimeType = false; in Upload
17468 == MediaWiki 1.19.8 ==
17471 This is a security and maintenance release of the MediaWiki 1.19 branch.
17473 === Changes since 1.19.7 ===
17474 * SECURITY: Sanitize ResourceLoader exception messages
17475 * SECURITY: Token-getting functions will fail when using jsonp callbacks.
17476 * SECURITY: Fix extension detection with 2 .'s
17477 * Allow a string other than '*' as condition for DatabaseBase::delete()
17478 * Purge upstream caches when deleting file assets.
17479 * jquery.tablesorter: Add missing dependency on jquery.mwExtension
17481 == MediaWiki 1.19.7 ==
17484 This is a security release of the MediaWiki 1.19 branch
17486 === Changes since 1.19.6 ===
17487 * (bug 48306) SECURITY: Run file validation checks on chunked uploads, and
17488 chunks of upload, during the upload process.
17490 == MediaWiki 1.19.6 ==
17493 This is a security and maintenance release of the MediaWiki 1.19 branch
17495 === Changes since 1.19.5 ===
17496 * (bug 47304) SECURITY: Check SVG xml encoding against whitelist
17497 * (bug 46590) Added AbortChangePassword hook to allow extensions to abort
17498 password changes from Special:ChangePassword
17499 * Localisation updates from http://translatewiki.net.
17500 * mwdocgen.php: Implement --version option.
17501 * Remove svnstat stuff used in Doxygen generation
17502 * E_USER_DEPRECATED undefined prior to php 5.3
17504 == MediaWiki 1.19.5 ==
17507 This is a security and maintenance release of the MediaWiki 1.19 branch
17509 === Changes since 1.19.4 ===
17510 * (bug 47251) SECURITY: Disable external entities in Import
17511 * (bug 46859) SECURITY: Disable external entities in XMLReader
17512 * (bug 46084) SECURITY: Sanitize $limitReport before outputting
17513 * (bug 43594) Fix notices displayed on PHP 5.4
17514 * (bug 40585) Don't drop 'step="any"' in HTML input fields.
17516 == MediaWiki 1.19.4 ==
17519 This is a security release of the MediaWiki 1.19 branch
17521 === Changes since 1.19.3 ===
17522 * New preference type - 'api'. Preferences of this type are not shown on
17523 Special:Preferences, but are still available via the action=options API.
17524 * (bug 44010) Context is passed to UserGetLanguageObject.
17525 * The recursion guard on RequestContext::getLanguage() was weakened.
17526 * (bug 44135/bug 42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST
17527 * (bug 43518) API action=unblock should return the user name, not the full user
17530 == MediaWiki 1.19.3 ==
17533 This is a security release of the MediaWiki 1.19 branch
17535 === Changes since 1.19.2 ===
17536 * (bug 40995) Prevent session fixation in Special:UserLogin (CVE-2012-5391)
17537 * (bug 41400) Prevent linker regex from exceeding PCRE backtrack limit
17538 * Increase permitted runtime for testParserTest (only used for continuous
17540 * Updated messages translations from http://translatewiki.net/
17542 == MediaWiki 1.19.2 ==
17544 This is a security release of the MediaWiki 1.19 branch
17546 === Changes since 1.19.1 ===
17547 * (bug 39700) File: link to non-existing file can inject html
17548 * (bug 39823) Hidden block text leaking to admins
17549 * (bug 39184) LDAP password leakage
17550 * (bug 39180) Disallow framing of api results
17551 * (bug 37587) Enforce language codes to be html safe
17552 * (bug 39824) Check global blocks on account creation
17554 == MediaWiki 1.19 ==
17556 MediaWiki 1.19 is a large release that contains many new features and bug
17557 fixes. This is a summary of the major changes of interest to users.
17558 You can consult the RELEASE-NOTES-1.19 file for the full list of changes in
17561 Our thanks go to everyone who helped to improve MediaWiki by testing the beta
17562 release and submitting bug reports.
17564 === Changes since 1.19.1 ===
17565 * (bug 38406) Properly quote table names in DatabaseBase::tableName()
17566 * (bug 38249) Parser will throw an exception instead of outputting gibberish if
17567 PCRE is compiled without support for unicode properties.
17569 === Changes since 1.19.0 ===
17570 * (bug 36568) Fixed "Illegal string offset 'LIMIT'" warnings in updater
17571 * (bug 36938) Correctly escape uselang attribute to prevent xss
17572 * Expanded Blacklist for SVG Files
17574 === Changes since 1.19 beta 2 ===
17575 * Special:Watchlist no longer sets links to feed when the user is anonymous.
17576 * (bug 35961) Hash comparison should always be strict.
17577 * Fix broken email confirmation expiration caused by MWCryptRand changes.
17578 * (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php
17580 * (bug 36042) 'show' causes a fatal in blocks API.
17582 === Changes since 1.19 beta 1 ===
17583 * (bug 35014) Including a special page no longer sets the page's title to the
17585 * (bug 35019) Edit summaries are no longer transformed in notification e-mails
17586 * (bug 35152) Help message for e-mail is shown again in user preferences
17587 * (bug 34887) $3 and $4 parameters are now substituted correctly in message
17589 * (bug 34841) Edit links are no longer displayed when display old page versions
17590 * (bug 34889) User name should be normalized on Special:Contributions
17591 * (bug 35051) If heading has a trailing space after == then its name is not
17592 preloaded into edit summary on section edit
17593 * (bug 31417) New ID mw-content-text around the actual page text, without
17594 categories, contentSub, ... The same div often also contains the class
17595 mw-content-ltr/rtl.
17596 * (bug 35303) Proxy and DNS blacklist blocking works again
17597 * (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in
17598 core parser functions which operate on strings, such as padleft.
17599 * (bug 18295) Don't expose strip markers when a tag appears inside a link
17601 * (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token
17603 * (bug 34907) Fixed exposure of tokens through load.php that could have
17604 facilitated CSRF attacks.
17605 * (bug 35317) CSRF in Special:Upload.
17607 === Configuration changes in 1.19 ===
17608 * Removed SkinTemplateSetupPageCss hook; use BeforePageDisplay instead.
17609 * (bug 27132) movefile right granted by default to registered users.
17610 * Default cookie lifetime ($wgCookieExpiration) is increased to 180 days.
17611 * (bug 31204) Removed old user.user_options.
17612 * $wgMaxImageArea now applies to jpeg files if they are not scaled with
17614 * Introduced $wgQueryPageDefaultLimit (defaults to 50) for the number of
17615 items to show by default on query pages (special pages such as Whatlinkshere).
17616 * (bug 32470) Increase the length of ug_group.
17617 * (bug 32239) Removed $wgEnableTooltipsAndAccesskeys.
17618 * Removed $wgVectorShowVariantName.
17619 * Removed $wgExtensionAliasesFiles. Use $wgExtensionMessagesFiles.
17620 * Removed $wgResourceLoaderInlinePrivateModules , now always enabled.
17622 === New features in 1.19 ===
17623 * (bug 19838) Add ability to get all interwiki prefixes also if the interwiki
17625 * $wgDnsBlacklistUrls now accepts an array with url and key as the
17626 elements to work with DNSBLs that require keys, such as
17628 * (bug 30022) Add support for custom loadScript sources to ResourceLoader.
17629 * (bug 19052) Unicode space separator characters (Zs) now terminates external
17630 links and images links.
17631 * (bug 30160) Add public method to mw.loader to get module names from registry.
17632 * (bug 15558) Parameters to special pages included in wikitext can now be passed
17634 * Installer now issues a warning if mod_security is present.
17635 * (bug 29455) Add support for a filter callback function in jQuery byteLimit
17637 * Added two new GetLocalURL hooks to better serve extensions working on a
17638 limited type of titles.
17639 * Added a --no-updates flag to importDump.php that skips updating the links
17641 * Most presentational html attributes like valign are now converted to inline
17642 css style rules. These attributes were removed from html5 and so we clean
17643 them up when $wgHtml5 is enabled. This can be disabled using
17644 $wgCleanupPresentationalAttributes.
17645 * Magic words (time and number-formatting ones, plus DIRECTIONMARK, but not
17646 NAMESPACE) now depend on the page content language instead of the site
17647 language. In theory this sets the right magic words in system messages,
17648 although they are not used there.
17649 * (bug 30451) Add page_props to RefreshLinks::deleteLinksFromNonexistent.
17650 * (bug 30450) Clear page_props table on page deletion.
17651 * Hook added to check for exempt from account creation throttle.
17652 * (bug 30344) Add configuration variable for setting custom priorities when
17653 generating sitemaps.
17654 * (bug 96170) Add array support for space-separated list attributes (like
17655 'class') in the Html helper class.
17656 * (bug 26470) Add checkered background image on hover on files pages.
17657 * (bug 30774) mediawiki.html: Add support for numbers and booleans in the
17658 attribute values and element contents.
17659 * Conversion script between Tifinagh and Latin for the Tachelhit language.
17660 * (bug 16755) Add options 'noreplace' and 'noerror' to {{DEFAULTSORT:...}}
17661 to stop it from replace an already existing default sort, and suppress error.
17662 * (bug 18578) Rewrote revision delete related messages to allow better
17664 * (bug 30364) LanguageConverter now depends on the page content language
17665 instead of the wiki content language.
17666 * Jump links will now be usable in CSS-capable browsers instead of only
17667 in outdated text browsers.
17668 * New common*.css files usable by skins instead of having to copy piles
17669 of generic styles from MonoBook or Vector's css.
17670 * Some deprecated presentational html attributes will now be automatically
17672 * (bug 31297) Add support for namespaces in Special:RecentChanges subpage filter
17674 * The default user signature now contains a talk link in addition to the user
17676 * (bug 25306) Add link of old page title to MediaWiki:Delete_and_move_reason.
17677 * Added hook BitmapHandlerCheckImageArea.
17678 * (bug 30062) Add $wgDBprefix option to cli installer.
17679 * getUserPermissionsErrors and getUserPermissionsErrorsExpensive hooks are now
17680 also called when checking for 'read' permission.
17681 * Introduce $wgEnableSearchContributorsByIP which controls whether searching
17682 for an IP address redirects to the contributions list for that IP.
17683 * (bug 8859) Database::update should take array of tables too.
17684 * (bug 19698) Add "Inverse namespaces" option to Special:Contributions.
17685 * (bug 24037) Add byte length of revision to Special:Contributions.
17686 * (bug 1672) Added $wgDisableUploadScriptChecks to allow uploading of files
17687 containing HTML or JS. DISABLING THESE CHECKS IS VERY DANGEROUS.
17688 * New path mappings can be added using the WebRequestPathInfoRouter hook
17689 and adding paths to the PathRouter.
17690 * (bug 32666) Special:ActiveUsers now allows a subpage to be used as value for
17691 the "target" query parameter (eg. Special:ActiveUsers/Username).
17692 * New JavaScript variable wgPageContentLanguage.
17693 * Added new debugging toolbar, enabled with $wgDebugToolbar.
17694 * Differences in the history page now uses slightly better colors for people
17695 perceiving colors differently.
17696 * (bug 32879) Upgrade jQuery to 1.7.1.
17697 * jQuery UI upgraded to 1.8.17.
17698 * Extensions can use the 'Language::getMessagesFileName' hook to define new
17699 languages using messages files outside of core.
17700 * (bug 32512) Add 'Associated namespace' checkbox to Special:Contributions.
17701 * Added $wgSend404Code, true by default, which can be set to false to send a
17702 200 status code instead of 404 for nonexistent articles.
17703 * (bug 33447) Link to the broken image tracking category from
17704 Special:Wantedfiles.
17705 * (bug 27724) Add timestamp to job queue.
17706 * (bug 30339) Implement SpecialPage for running javascript tests. Disabled by
17707 default, due to tests potentially being harmful, not to be run on a production
17708 wiki. Enable by setting $wgEnableJavaScriptTest to true.
17709 * Extensions can use the RequestContextCreateSkin hook to override what skin is
17710 loaded in some contexts.
17711 * (bug 33456) Show $wgQueryCacheLimit on cached query pages.
17712 * (bug 10574) Add an option to allow all pages to be exported by Special:Export.
17713 * mediawiki.js Message object constructor is now publicly available as
17715 * (bug 29309) Allow CSS class per tooltip (tipsy).
17716 * (bug 33565) Add accesskey/tooltip to submit buttons on Special:EditWatchlist.
17717 * (bug 17959) Inline rendering/thumbnailing for Gimp XCF images.
17718 * (bug 27775) Namespace has it's own XML tag in the XML dump file.
17719 * (bug 30513) Redirect tag is now resolved in XML dump file.
17720 * sha1 xml tag added to XML dump file.
17721 * (bug 33646) Badtitle error page now emits a 400 HTTP status.
17722 * Special:MovePage now has a dropdown menu for namespaces.
17723 * (bug 34420) Special:Version now shows git HEAD sha1 when available.
17724 * (bug 33952) Refactor mw.toolbar to allow dynamic additions at any time.
17726 === Bug fixes in 1.19 ===
17727 * $wgUploadNavigationUrl should be used for file redlinks if.
17728 $wgUploadMissingFileUrl is not set. The first was used for this
17729 until the second was introduced in 1.17.
17730 * BREAKING CHANGE: Style rules for wikitable are now more specific and prevent
17731 inheritance to nested tables which caused various issues (bug 30485 and bug
17732 33434). If your wiki has overridden rules for ".wikitable", please revise them
17733 and adjust where necessary. For comparison, use the "table.wikitable" section
17734 in skins/common/shared.css as base.
17735 * $wgUploadNavigationUrl is now used for file redlinks if
17736 $wgUploadMissingFileUrl is not set. The former was used for this until the
17737 second was introduced in 1.17.
17738 * (bug 27894) Move 'editondblclick' event listener down from body to
17740 * (bug 30172) The check for posix_isatty() in maintenance scripts did not detect
17741 when the function exists but is disabled. Introduced
17742 Maintenance::posix_isatty().
17743 * (bug 30264) Changed installer-generated LocalSettings.php to use
17744 require_once() instead require() for included extensions.
17745 * Do not convert text in the user interface language to another script.
17746 * (bug 26283) Previewing user JS/CSS pages didn't load other user JS/CSS pages.
17747 * (bug 26486) ResourceLoader modules with paths to nonexistent files cause PHP
17748 warnings/notices to be thrown.
17749 * (bug 30335) Fix for HTMLForms using GET that were breaking when non-friendly
17751 * (bug 28649) Preventing half truncated multi-byte unicode characters when
17752 truncating log comments.
17753 * Show --batch-size option in help of maintenance scripts that support it.
17754 * (bug 4381) Magic quotes cleaning was not comprehensive, key strings were not
17756 * (bug 23057) Importers no longer can 'edit' or 'create' a fully-protected page
17757 by importing a new revision into it.
17758 * Allow moving the associated talk pages of subpages even if the base page
17760 * Per page edit-notices now work in namespaces without subpages enabled.
17761 * (bug 31081) $wgEnotifUseJobQ is no longer unconditionally enqueueing jobs.
17762 * (bug 30202) File names are now restricted on upload to 240 bytes, because of
17763 restrictions on some of the database fields.
17764 * Timezones are now recognised in user preferences when offset is different
17766 * (bug 31692) "summary" parameter now also works when undoing revisions.
17767 * (bug 18823) "move succeeded" text displayed bluelinks even when redirect was
17769 * (bug 19186) Special:UserLogin's title on Special:SpecialPages now says
17770 "create account" when the user cannot create an account.
17771 * (bug 31818) 'usercreated' message now supports GENDER.
17772 * (bug 32022) Our phpunit.php script can now be executed from another directory.
17773 * (bug 26020) Setting $wgEmailConfirmToEdit to true no longer removes diffs
17774 from recent changes feeds.
17775 * (bug 30232) add current time to message wlnote on Special:Watchlist.
17776 * (bug 29110) $wgFeedDiffCutoff did not affect new pages.
17777 * (bug 32168) Add wfRemoveDotSegments for use in wfExpandUrl.
17778 * (bug 32358) Do not display "No higher resolution available" for dimensionless
17779 files (like audio files).
17780 * (bug 32168) Add wfAssembleUrl for use in wfExpandUrl.
17781 * (bug 32168) fixed - wfExpandUrl expands dot segments now.
17782 * (bug 31535) Upload comments now truncated properly, and don't have brackets.
17783 * (bug 32086) Special:PermanentLink now shows an error message when no subpage
17785 * (bug 30368) Special:Newpages now shows the new page name for moved pages.
17786 * (bug 1697) The way to search blocked usernames in block log should be clearer.
17787 * (bug 29747) eAccelerator shared memory caching has been removed since it is
17788 now disabled by default and is buggy. APC, XCache and WinCache are not
17790 * Installer now refuses to install if php was not compiled with Ctype support.
17791 * (bug 29475) Remove "trackback" feature entirely from core.
17792 * (bug 32665) Special:BlockList prefills the username in the input field if
17793 using the Special:BlockList/username URL.
17794 * (bug 27721) Make JavaScript variables wgSeparatorTransformTable and
17795 wgDigitTransformTable depend on page content language so the sort script
17796 sorts correctly more often.
17797 * (bug 32230) Expose wgRedirectedFrom in JavaScript.
17798 * (bug 31212) History tab not collapsed when the screen is narrow.
17799 * (bug 15521) Use new section summary when the action of adding a new section
17800 also happens to create the page.
17801 * (bug 32960) Remove EmailAuthenticationTimestamp from database when a
17802 email address is removed.
17803 * (bug 32414) Empty page get a empty bytes attribute in Export/Dump.
17804 * (bug 33101) Viewing a User or User talk of username resembling IP ending
17805 with .xxx causes Internal error.
17806 * Warning about undefined index in certain situations when $wgLogRestrictions
17807 causes the first log type requested to be removed but not the others.
17808 * Use separate message ('prefixindex-namespace') for title of
17809 Special:PrefixIndex rather then re-using Special:AllPages's allinnamespace.
17810 * (bug 33156) Special:Block now allows you to confirm you want to block yourself
17811 when using non-normalized username.
17812 * (bug 33246) News icon shown for news:// URLs but not for news: URLs.
17813 * (bug 33305) Make mw.util.addCSS resistant to IE's @font-face bug by setting
17814 cssText after DOM insertion.
17815 * (bug 30711) When adding a new section to a page with section=new, the text is
17816 now always added to the current version of the page.
17817 * (bug 31719) Fix uploads of SVGs exported by Adobe Illustrator by expanding
17818 XML entities correctly.
17819 * (bug 30914) Embeddable ResourceLoader modules (user.options, user.tokens)
17820 should be loaded in <head> for proper dependency resolution.
17821 * (bug 32702) Removed method Skin::makeGlobalVariablesScript() has been readded
17822 for backward compatibility.
17823 * (bug 31469) Make sure tracking category messages expand variables like
17824 {{NAMESPACE}} relative to correct title.
17825 * (bug 33454) ISO-8601 week-based year number (format character 'o') is now
17826 calculated correctly with respect to timezone.
17827 * (bug 32219) InstantCommons now fetches content from Wikimedia Commons using
17828 HTTPS when the local wiki is served over HTTPS.
17829 * (bug 33525) clearTagHooks doesn't clear function hooks.
17830 * (bug 33523) Function tag hooks don't appear on Special:Version.
17831 * Files with IPTC blocks we can't read no longer prevent extraction of exif
17833 * (bug 33587) Remove action "historysubmit" from history pages.
17834 * (bug 25800) mw.config wgAction should contain the actually performed action
17835 instead of whatever the query value contains.
17836 * (bug 4438) Add CSS hook for current WikiPage action.
17837 * (bug 33703) Common border-bottom color for <abbr> should inherit default
17839 * (bug 33819) Display file sizes in appropriate units.
17840 * (bug 32948) {{REVISIONID}} and related variables are no longer blank after
17842 * (bug 33880) $wgUsersNotifiedOnAllChanges should not send e-mail to user who
17844 * (bug 33902) Decoding %2B with mw.Uri.decode results in ' ' instead of +.
17845 * (bug 33762) QueryPage-based special pages no longer misses *-summary message.
17846 * Other sizes links are no longer generated for wikis without a 404 thumbnail
17848 * (bug 29454) Enforce byteLimit for page title input on Special:MovePage.
17849 * (bug 34114) CSSMin::remap() doesn't respect its $embed parameter.
17850 * Special:Contributions/newbies now shows the contributions for the user
17851 "newbies". New user contributions are obtained using the form or using
17852 ?contribs=newbie in URL.
17853 * It is now possible to delete images that have no corresponding description
17855 * (bug 33165) GlobalFunctions.php line 1312: Call to a member function
17856 getText() on a non-object.
17857 * (bug 31676) Group dynamically inserted CSS into a single <style> tag, to work
17858 around a bug where not all styles were applied in Internet Explorer.
17859 * (bug 28936, bug 5280) Broken or invalid titles can't be removed from
17861 * (bug 34600) Older skins using useHeadElement=false were broken in 1.18.
17862 * (bug 34604) [mw.config] wgActionPaths should be an object instead of a numeral
17864 * (bug 12262) Indents and lists are now aligned
17865 * (bug 29753) mw.util.tooltipAccessKeyPrefix should be alt-shift for Chrome
17867 * (bug 25095) Special:Categories should also include the first relevant item
17868 when "from" is filled.
17869 * (bug 34972) An error occurred while changing your watchlist settings for
17870 [[Special:WhatLinksHere/Example]]
17872 === API changes in 1.19 ===
17873 * Made action=edit less likely to return "unknownerror", by returning the actual
17874 error message (which may have come from a hook call or similar).
17875 * (bug 19838) siprop=interwikimap can now use the interwiki cache.
17876 * (bug 29748) Add API search prefix support.
17877 * (bug 29684) Set forgotten parameter types in ApiQueryIWLinks.
17878 * (bug 29685) do not output NULL parentid with list=deletedrevs&drprop=parentid.
17879 * siprop=interwikimap and siprop=languages can use silanguagecode to have
17880 a best effort language name translation. Use CLDR extension for best result.
17881 * (bug 30230) action=expandtemplates should not silently override invalid title
17883 * (bug 18634) Create API to fetch MediaWiki's language fallback tree structure.
17884 * (bug 26885) Allow show/hide of account blocks, temporary blocks and single IP
17885 address blocks for list=blocks.
17886 * (bug 30591) Add support to only return keys in ApiAllMessages.
17887 * The API now respects $wgShowHostnames and won't share the hostname in
17888 servedby if it's set to false.
17889 * wlexcludeuser parameter added to ApiFeedWatchlist.
17890 * (bug 7304) Links on redirect pages no longer cause the redirect page to show
17891 up as a redirect to the linked page on Special:Whatlinkshere.
17892 * (bug 32609) API: Move captchaid/captchaword of action=edit from core
17893 to Captcha extension(s).
17894 * Added 'APIGetDescription' hook.
17895 * (bug 32688) Paraminfo for parameter "generator" of the query module shows too
17897 * (bug 32415) Empty page get no size attribute in API output.
17898 * (bug 31759) Undefined property notice in querypages API.
17899 * (bug 32495) API should allow purge by pageids.
17900 * (bug 33147) API examples should explain what they do.
17901 * (bug 33482) Api incorrectly calls ApiBase::parseMultiValue if allowed
17902 values is given as an array.
17903 * (bug 32948) {{REVISIONID}} and related variables are no longer blank after
17904 calling action=purge&forcelinkupdate.
17905 * (bug 34377) action=watch now parses messages using the correct title instead
17907 * (bug 35036) WikiLove messages were not automatically updated in JavaScript
17908 after having been changed on-wiki due to a bug in core
17910 === Languages updated in 1.19 ===
17912 MediaWiki supports over 350 languages. Many localisations are updated
17913 regularly. Below only new and removed languages are listed, as well as
17914 changes to languages because of Bugzilla reports.
17916 * Canadian English (en-ca) (new).
17917 * Norwegian (bokmål) (nb) (renamed from no).
17918 * Uighur (Latin) (ug-latn) was incorrectly marked as right-to-left language.
17919 * (bug 30217) Make pt-br a fallback of pt.
17920 * (bug 31193) Set fallback language of Assamese from Bengali to English.
17921 * Update date format for dsb and hsb: month names need the genitive.
17922 * (bug 28643) Serbian variant conversion improvements (Nikola Smolenski).
17923 * (bug 29405, bug 30809) Lower diacritics are invisible in titles in Indic
17924 languages Assamese, Bengali, Hindi, Malyalam and Odiya.
17925 * (bug 32826) Titles in indic languages are partially cut.
17926 * (bug 33367) Gendered namespaces for Czech.
17927 * (bug 33014) Language::formatSize()/formatBitrate() should be able to deal
17928 with larger numbers (tera-yotta).
17930 === Other changes in 1.19 ===
17931 * BREAKING CHANGE: Legacy global array 'ta' and global function 'akeytt' have
17932 been removed from wikibits.js.
17933 * jquery.mwPrototypes module was renamed to jquery.mwExtension.
17934 * The maintenance script populateSha1.php was renamed to the more concise
17935 populateImageSha1.php.
17936 * The Client-IP header is no longer checked for when trying to resolve a
17937 client's real IP address.
17938 * (bug 22096) Although IE5.x and below was already unsupported officially,
17939 stylesheets existing exclusively for IE5.0 and IE5.5 have now been removed
17940 (which were in skins 'chick' and 'monobook').
17941 * The constructor for CategoryView has changed, the second parameter is now a
17942 Context source and is required.
17943 * The Title::escape{Local,Full,Canonical}URL methods are deprecated, please use
17944 proper html building methods to escape the normal get{...}URL methods instead.
17945 * The $variant arguments in the Title::get{Local,Full,Link,Canonical}URL methods
17946 have been replaced with a secondary query argument.
17947 * The $variant argument in the hooks for the
17948 Title::get{Local,Full,Link,Canonical}URL methods have been removed, the
17949 variant is now part of the $query argument.
17950 * Removed Title::isValidCssJsSubpage(), deprecated since 1.17 in favor of
17951 using Title::isCssJsSubpage() or checking Title::isWrongCaseCssJsPage().
17952 * Support for the deprecated hook MagicWordMagicWords was removed.
17953 * The Xml::namespaceSelector method has been deprecated, please use
17954 Html::namespaceSelector instead (note that the parameters have changed also).
17955 * (bug 33746) Preload popular ResourceLoader modules (mediawiki.util) as
17956 stop-gap for scripts missing dependencies.
17957 New configuration variable $wgPreloadJavaScriptMwUtil has been introduced for
17958 this (set to false by default for new installations). Set to true if your wiki
17959 has a large amount of user/site scripts that are lacking dependency
17960 information. In the short to medium term these user/site scripts should be
17961 fixed by adding the used modules to the dependencies in the module registry
17962 and/or wrapping them in a callback to mw.loader.using.
17964 == MediaWiki 1.18 ==
17966 == MediaWiki 1.18.6 ==
17969 This is a maintenance and security release of the MediaWiki 1.18 branch
17971 === Changes since 1.18.5 ===
17972 * ([[bugzilla:40995|bug 40995]]) Prevent session fixation in Special:UserLogin
17974 * ([[bugzilla:41400|bug 41400]]) Prevent linker regex from exceeding PCRE
17976 * Localisation updates
17977 * Increase permitted runtime for testParserTest
17978 * ([[bugzilla:36179|bug 36179]]) Unquote 'null' for PostgreSQL.
17980 == MediaWiki 1.18.5 ==
17983 This is a security release of the MediaWiki 1.18 branch
17985 === Changes since 1.18.4 ===
17986 * (bug 39700) File: link to non-existing file can inject html
17987 * (bug 39823) Hidden block text leaking to admins
17988 * (bug 39184) LDAP password leakage
17989 * (bug 39180) Disallow framing of api results
17990 * (bug 37587) Enforce language codes to be html safe
17991 * (bug 39824) Check global blocks on account creation
17993 == MediaWiki 1.18.4 ==
17996 This is a security release of the MediaWiki 1.18 branch.
17998 === Changes since 1.18.3 ===
17999 * (bug 36938) Correctly escape uselang attribute to prevent xss
18000 * Expanded Blacklist for SVG Files
18002 == MediaWiki 1.18.3 ==
18005 This is a maintenance release of the MediaWiki 1.18 branch.
18007 === Changes since 1.18.2 ===
18008 * (bug 35446) Using "{{nse:}}" with an invalid namespace name no longer throws
18010 * (bug 35567) The whole password reminder e-mail is now sent in the same
18012 * (bug 35961) Hash comparison should always be strict.
18013 * (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php
18015 * Fix broken email confirmation expiration caused by MWCryptRand changes.
18017 == MediaWiki 1.18.2 ==
18020 This is a maintenance and security release of the MediaWiki 1.18 branch.
18022 === Changes since 1.18.1 ===
18023 * (bug 33686) could not get a list of contributors for an article when using
18025 * (Bug 33865) Exception thrown in action=parse when attempting to use the title
18026 parameter without setting the text parameter.
18027 * UserMailer could potentially throw a fatal error when a MailAddress object had
18028 an empty email address.
18029 * (Bug 33087) Exchange server rejected mail sent by MediaWiki
18030 * (bug 34528) Edit section tooltips show correction section name again
18031 * (bug 34246) MediaWiki:Whatlinkshere-summary message is displayed again in
18032 Special:Whatlinkshere
18033 * (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in
18034 core parser functions which operate on strings, such as formatnum.
18035 * (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token
18037 * (bug 34907) Fixed exposure of tokens through load.php that could have
18038 facilitated CSRF attacks.
18039 * (bug 35317) CSRF in Special:Upload.
18041 == MediaWiki 1.18.1 ==
18044 This a maintenance and security release of the MediaWiki 1.18 branch.
18046 === Changes since 1.18.0 ===
18047 * (bug 32712) Fix for search indexing of pages with certain unicode chars
18049 * (bug 3901) Lang, hreflang attribs added to sidebar interlanguage links for
18051 * (bug 30774) mediawiki.html: Add support for numbers and booleans in the
18052 attribute values and element contents.
18053 * (bug 32473) [[Special:PasswordReset]] can not be used on private wiki.
18054 * (bug 32853) Fixed CACHE_DBA object cache type.
18055 * (bug 32786) Backward compatibility for extension using 1.17's
18056 Database::newFromType().
18057 * Fixed exception when using Special:WhatLinksHere on a Media: file.
18058 * (bug 32709) Private Wiki users were always taken to Special:Badtitle on login.
18059 * (bug 33240) Sort images are missing but referenced in css.
18060 * (bug 31921) Magic words REVISIONDAY, REVISIONMONTH and REVISIONYEAR were
18061 not showing their values on preview.
18062 * (bug 32702) Removed method Skin::makeGlobalVariablesScript() has been readded
18063 for backward compatibility.
18064 * (bug 30172) The check for posix_isatty() in maintenance scripts did not detect
18065 when the function exists but is disabled. Introduced
18066 Maintenance::posix_isatty().
18067 * (bug 33305) Make mw.util.addCSS resistant to IE's @font-face bug by setting
18068 cssText after DOM insertion.
18069 * (bug 29102) Upgrades no longer fail with the error "Unknown character set:
18071 * (bug 25355) Parser generates edit section links for special pages.
18072 * (bug 33321) Adding a line to MediaWiki:Sidebar that contains a pipe, but
18073 doesn't have any pipes after being transformed by MessageCache, causes
18074 exception on all pages.
18075 * Fixed recentchanges FK violation on page delete and cache purge error in
18076 updater for Oracle DB.
18077 * (bug 33117) prop=revisions allows deleted text to be exposed through cache
18080 == MediaWiki 1.18.0 ==
18083 This is the first stable release of the MediaWiki 1.18 branch.
18085 === Summary of selected changes in 1.18 ===
18087 Selected changes since MediaWiki 1.17 that may be of interest:
18089 * Some of the more commonly used MediaWiki extensions are now included in the
18090 release tarball. These extensions are ConfirmEdit, Gadgets, Nuke,
18091 ParserFunctions, Renameuser, Vector and WikiEditor.
18093 * Gender support has been improved, meaning user pages can display the correct
18094 gender variant of "User" can now be used.
18096 * MediaWiki can now detect the camera orientation of an image from the Exif
18097 metadata, and can rotate the image thumbnail appropriately. Metadata support
18098 has been generally improved, and can now extract IPTC and XMP metadata.
18100 * Improved directionality support in 1.18 means that MediaWiki is better to use
18103 * MediaWiki now supports protocol - relative URLs in links, interwiki targets
18106 * Math support has been removed from core
18108 === Changes since 1.18.0rc1 ===
18109 * (bug 32228) regression in Special:Search which did not conserve profile on
18111 * (bug 32460) Categories were improperly aligned in Simple and CologneBlue
18112 * (bug 32412) TOC links on [[Special:EditWatchlist]] points to the fieldsets
18113 * (bug 32582) Fix TOC show/hide link regression on IE 8
18115 === Changes since 1.18 beta 1 ===
18116 * (bug 31886) Wrong titles redirecting to Special:Badtitle in the 1.18
18118 * (bug 32051) Fix description for wlprop=sizes.
18119 * (bug 31913) Special:MostLinkedTemplates had an incorrect GROUP BY clause
18120 under Microsoft SQL.
18121 * (bug 32100) installer complains about suhosin GET limit.
18122 * (bug 31933) fix 1.18 regression in Monobook sidebar: huge spacing between
18123 portlets on IE 7 and IE 8/9 in compatibility view.
18124 * (bug 32126) Fix 1.18 regression in watchlist editor when items already removed
18126 * (bug 32183) remove the client-* classes added from user-agent-sniffing onto
18127 the <html> element.
18128 * (bug 29912) Unit tests break if parsertest tables are still present.
18129 * (bug 31694) During installation, tabbing order (cursor focus) goes to logo
18130 instead of 'continue'.
18131 * (bug 29102) Upgrade fails "Unknown character set: 'mysql4".
18132 * (bug 31990) justify paragraphs pref adds extra space to category listing.
18133 * (bug 20148) Better title for [[Special:Disambiguations]] page.
18134 * (bug 31502) TOC is missing on Special:EditWatchlist.
18135 * (bug 32256) API list=search stops at first invalid result.
18136 * (bug 32047) jquery.tablesorter.js: thead is before caption.
18137 * (bug 29854) Store protocol-relative links twice in the externallinks table,
18138 one with http: in el_index and once with https.
18139 * (bug 31822) Error during upgrade due to output buffer reset in stdout.
18141 === Configuration changes in 1.18 ===
18142 * The WantedPages::getSQL hook has been removed and replaced with
18143 WantedPages::getQueryInfo. This may break older extensions.
18144 * The SkinTemplateBuildContentActionUrlsAfterSpecialPage,
18145 SkinTemplateContentActions and SkinTemplateTabs hooks have been removed in
18146 favor of SkinTemplateNavigation and SkinTemplateNavigation::SpecialPage.
18147 * $wgUseCombinedLoginLink controls whether to output a combined
18148 login / create account link in the personal bar, or to output separate login
18149 and create account links.
18150 * Skin names are no longer created based on a ucfirst version of the key in
18151 $wgValidSkinNames but now the value. This means for
18152 $wgValidSkinNames["monobook"] = "MonoBook"; the skin loader will no longer try
18153 loading SkinMonobook and will instead load SkinMonoBook.
18154 * $wgMaxUploadSize may now be set to an array to specify the upload size limit
18156 * $wgAPICacheHelp added in 1.16 is now removed. To disable API help caching, set
18157 $wgAPICacheHelpTimeout = 0;
18158 * OutputPage::isUserJsAllowed() no longer returns false when scripts are allowed
18159 by the page, but $wgAllowUserJs is set to false.
18160 * Pure "Skin" class based custom skins are no longer supported, all custom skins
18161 should be put together using SkinTemplate and BaseTemplate or QuickTemplate.
18162 * The transliteration for passwords in case they were migrated from an old
18163 Latin-1 install (previous to MediaWiki 1.5) is now only done for wikis with
18164 $wgLegacyEncoding set.
18165 * (bug 27508) Add $wgSVGMetadataCutoff to limit the maximum amount of an SVG we
18166 look at when finding metadata to prevent excessive resource usage.
18167 * $wgSysopUserBans and $wgSysopRangeBans (deprecated in 1.17) are now removed.
18168 Use $wgBlockCIDRLimit = array( 'IPv4' => 43, 'IPv6' => 128 ) to achieve the
18169 same functionality as $wgSysopRangeBans; you can use the BlockIp hook to
18170 replicate $wgSysopUserBans functionality.
18171 * The options on the block form have been standardised such that checking a box
18172 makes the block 'more serious'; so while "check to prevent account creation"
18173 and "check to enable autoblock" remain the same, "check to allow user-talk
18174 edit" is reversed to "check to *disable* user-talk edit", and "check to block
18175 anon-only" becomes "check to block logged-in users too". The default settings
18177 * Most of the field names on the Special:Block form have been changed, which
18178 will probably break screen-scraping bots.
18179 * (bug 26866) The 'trackback' right is no longer granted to sysops by default.
18180 $wgUseTrackbacks is already false by default.
18181 * (bug 17009) the hiddenStructure CSS class, a highly hackish way of at least
18182 *appearing* to hide article elements, has been removed. Use the
18183 ParserFunctions extension to actually remove unwanted elements from the
18185 * (bug 14202) $wgUseTeX has been superseded by the Math extension. To re-enable
18186 math conversion after upgrading, obtain the Math extension from SVN or from
18187 https://www.mediawiki.org/wiki/Extension:Math and add to LocalSettings.php:
18188 require_once "$IP/extensions/Math/Math.php";
18189 * $wgProfiler is now a configuration array, see StartProfiler.sample for
18191 * $wgProfiling has been removed.
18192 * The spyc library is now no longer included in phase3.
18193 * (bug 28343) Unused preferences contextlines/contextchars have been removed
18194 * $wgSkinExtensionFunctions has been removed. Use $wgExtensionFunctions instead.
18195 * $wgProto has been removed. You now only need to set $wgServer to change the
18197 * $wgRateLimitsExcludedGroups (deprecated in 1.13) has been removed.
18198 * $wgInputEncoding and $wgOutputEncoding (deprecated in 1.5) have now been
18200 * $wgAllowUserSkin (deprecated in 1.16) has now been removed.
18201 * $wgExtraRandompageSQL (deprecated in 1.16) has now been removed.
18202 * LogReader and LogViewer classes (deprecated in 1.14) have now been removed.
18203 * (bug 26033) Added $wgArticleCountMethod to select the method to use to say
18204 whether a page is an article or not. $wgUseCommaCount is now deprecated.
18205 * $wgEnableDublinCoreRdf and $wgEnableCreativeCommonsRdf no longer work in core,
18206 and the functionality has been moved to the relevant extensions. See
18207 https://www.mediawiki.org/wiki/Extension:DublinCoreRdf and
18208 https://www.mediawiki.org/wiki/Extension:CreativeCommonsRdf as appropriate.
18209 * (bug 21107) Split error "customcssjsprotected" into separate messages for JS
18211 * Removed $wgCheckCopyrightUpload from DefaultSettings, since the relevant
18212 feature was removed in about 1.5.
18213 * LogPageValidTypes, LogPageLogName, LogPageLogHeader and LogPageActionText
18214 hooks have been removed.
18215 * New hook "Collation::factory" to allow extensions to create custom
18216 category collations.
18217 * $wgGroupPermissions now supports per namespace permissions.
18218 * $wgEnableAutoRotation enables or disables auto-rotation. Leaving it set to
18219 null will cause MediaWiki to determine if auto-rotation is available.
18221 === New features in 1.18 ===
18222 * BREAKING CHANGE: action=watch / action=unwatch now requires a token.
18223 * BREAKING CHANGE: Article class hierarchy split into WikiPage (backend)
18224 and Article (frontend) hierarchies. Several hooks now pass a WikiPage object
18225 instead of an Article object. These hooks all use an $article parameter as
18226 documented in hooks.txt. Extensions should be updated to account for this,
18227 though most won't require any changes.
18228 * (bug 27860) Minor edit after clicking 'new section' tab
18229 Now the "This is a minor edit" checkbox is not available when you
18230 create a page or new section.
18231 * (bug 8130) Query pages should limit to content namespaces, not just main
18233 * Special:Contribs now redirects to Special:Contributions.
18234 * (bug 6672) Images are now autorotated according to their EXIF orientation.
18235 This only affects thumbnails; the source remains unrotated.
18236 * (bug 25708) Update case mappings and normalization to Unicode 6.0.0.
18237 * New hook ArticlePrepareTextForEdit added, called when preparing text to be
18239 * New parser option PreSaveTransform added, allows the pre-save transformation
18240 to be selectively disabled.
18241 * Alternative to $wgHooks implemented, using the new Hooks class.
18242 * Add width parameter to Special:Filepath to allow getting the file path of a
18244 * (bug 26870) Add size to {{filepath:}}.
18245 * Upload warnings now show a thumbnail of the uploaded file.
18246 * Introduced the edittools-upload message, which will be inserted under the
18247 upload form instead of edittools if available.
18248 * (bug 26285) Extensions will be automatically generated on upload if the user
18249 specified a filename without extension.
18250 * (bug 26851) Special:UserRights now allows to prefill the reason field
18251 * New maintenance script to fix double redirects
18252 (maintenance/fixDoubleRedirects.php).
18253 * (bug 23315) New body classes to allow easier styling of special pages.
18254 * (bug 27159) Make email confirmation code expiration time configurable.
18255 * (bug 29047) CSS/JS for each user group is imported from
18256 MediaWiki:Group-sysop.js, MediaWiki:Group-autoconfirmed.css, etc.
18257 * (bug 24230) Uploads of ZIP types, such as MS Office or OpenOffice can now be
18258 safely enabled. A ZIP file reader was added which can scan a ZIP file for
18259 potentially dangerous Java applets. This allows applets to be blocked
18260 specifically, rather than all ZIP files being blocked.
18261 * (bug 2429) Allow selection of associated namespace in recent changes.
18262 * (bug 26217) File size is now checked before uploading in HTML5 browsers.
18263 * CSS stylesheet MediaWiki:Noscript.css is now loaded for users with JavaScript
18264 disabled (enclosed in the head in a <noscript> tag).
18265 * Added UserGetLanguageObject hook to change the language used in $wgLang.
18266 * (bug 14645) When $wgMiserMode is on, expensive special pages are styled
18267 differently (italicized by default) on Special:SpecialPages.
18268 * Added $wgAggregateStatsID, which allows UDP stats to be aggregated over
18270 * When $wgAllowMicrodataAttributes is true, all itemtypes are allowed, not just
18271 the three that were defined in the original specification.
18272 * (bug 14706) Added support for the Imagick PHP extension.
18273 * (bug 18691) Added support for SVG rasterization using the Imagick PHP
18275 * (bug 2581, bug 6834) Added links to thumbnail in several resolutions to the
18276 file description page. The sizes are set by $wgImageLimits.
18277 * (bug 28031) Add pageCount support to ArchivedFile.
18278 * (bug 27924) PhpHttpRequest doesn't return response body if HTTP != 200.
18279 * Added hook BitmapHandlerTransform to allow extension to transform a file
18280 without overriding the entire handler.
18281 * The parser now attempts to output markers for editsection tokens and defer the
18282 rendering of them post-cache to reduce parser cache fragmentation and ensure
18283 skin customizability of edit section links.
18284 * (bug 24755) AuthPlugin auto-creation of local accounts can now be aborted by
18285 other extensions by handling the 'AbortAutoAccount' hook, similar to the
18286 'AbortNewAccount' triggered by explicit account creations. (They are separate
18287 to avoid loops and confusion; auth plugins like CentralAuth need to handle
18288 AbortNewAccount separately.
18289 * Special:ListFiles is now transcludable.
18290 * (bug 13879) Special:Emailuser asks for suitable target user if called without.
18291 * (bug 16956) IPTC and XMP metadata now extracted from images.
18292 * (bug 23816) A tracking category is now added for any pages with broken images.
18293 * (bug 23495) Allow createAndPromote.php to create non-sysop users.
18294 * (bug 28916) A way to to toggle mw.config legacy globals settings from
18295 LocalSettings.php has been created by introducing $wgLegacyJavaScriptGlobals.
18296 * (bug 28503) Support for ircs:// URL protocols.
18297 * (bug 26033) It is now possible to count all non-redirect pages in content
18298 namespaces as articles.
18299 * Images can now be embedded in an XML dump stream using backupDump.php
18300 --include-files and can be imported using importDump.php --uploads;
18301 furthermore, it can import files from the filesystem using --image-base-path.
18302 * Three new hooks in Special:Undelete, 'UndeleteForm::showHistory',
18303 'UndeleteForm::showRevision' and 'UndeleteForm::undelete', so that extensions
18304 may override the usage of PageArchive class and replace it with their own
18305 class that extends PageArchive.
18306 * (bug 28915) Implement QUnit test suite for MediaWiki JavaScript.
18307 Also built-in support for distribution through a TestSwarm instance.
18308 * (bug 29036) For cascade-protected pages, the mw-textarea-cprotected class is
18309 added to the textarea on the edit form.
18310 * mw.util.wikiScript has been implemented (like wfScript in GlobalFunctions.php)
18311 * (bug 29067) Expose user.tokens (like we do user.options) in ResourceLoader.
18312 * New 'Debug' hook used by wfDebug() and wfDebugLog().
18313 * (bug 27655) Require token for watching/unwatching pages)
18314 * (bug 28904) (bug 29773) Update jQuery version from 1.4.4 to 1.6.2 (the latest
18316 * (bug 29441) Expose CapitalLinks config in JS to allow modules to properly
18317 handle titles on case-sensitive wikis.
18318 * (bug 29397) Implement mw.Title module in core.
18319 * In MySQL 4.1.9+ with replication enabled, fetch the slave lag from SHOW SLAVE
18320 STATUS instead of SHOW PROCESSLIST. This ensures that lag is reported
18321 correctly in the case where there are no write events occurring. Note that
18322 the DB user now needs to have the REPLICATION CLIENT privilege if you are
18324 * Language codes in $wgDummyLanguageCodes are now excluded on localization
18325 statistics (maintenance/language/transstat.php).
18326 * (bug 29586) Make the (next 200) links on categories link directly to
18327 the relevant section of the category.
18328 * (bug 29109) Allow the automatic edit summary for redirect creation
18329 show the first bit of the new redirect page.
18330 * (bug 29723) mw.util.wikiGetlink() now defaults to wgPageName.
18331 * (bug 29680) Add GetDefaultSortkey hook to override the default sortkey.
18332 * (bug 16699) {{#language:}} accepts second parameter to specify the language in
18333 which the language name is wanted. Coverage depends on the cldr extension.
18334 * (bug 15802) An easy way to look up messages: language qqx which returns
18336 * (bug 29868) Add support for passing parameters to mw.msg in jquery.localize.
18337 * (bug 29558) $wgMiserMode now disables update.php by default.
18338 * AjaxCategories: Easily add, edit or delete categories on article pages.
18339 Suggests possible categories when typing, all saves are done via AJAX.
18340 Supports editing of multiple categories and then saving them in one batch.
18341 * $wgAutopromoteOnce was added, allowing for users to be automatically promoted
18342 to explicit usergroups. If a group is removed from a user via
18343 Special:UserRights, it will not automatically be re-added. Configuration is
18344 similar to $wgAutopromote (see DefaultSettings.php).
18345 * The PerformRetroactiveAutoblock hook was added to allow overriding or
18346 complementing retroactive autoblock handling. This runs when blocking a user
18347 with the 'autoblock' option.
18348 * MediaWiki now supports using protocol-relative URLs in links, interwiki
18349 targets and $wgServer.
18350 * Introduced $wgVaryOnXFPForAPI which will cause the API to send
18351 Vary: X-Forwarded-Proto headers.
18352 * New maintenance script to refresh image metadata
18353 (maintenance/refreshImageMetadata.php).
18354 * (bug 16428) Include permalink in printable version.
18355 * (bug 30722) Add an identity collation that sorts things based on what the
18356 unicode code point is (aka pre-1.17 behavior).
18357 * (bug 30940) Add a hook in User:getDefaultOptions.
18358 To give extensions a better and more flexible way of providing default
18359 values for preferences a hook has been introduced in User:getDefaultOptions().
18360 Setting preferences in $wgDefaultUserOptions still work fine, but when reading
18361 them (i.e. with array_keys) to get a list of all preferences, then
18362 $wgDefaultUserOptions should no longer be used as it will contain those set
18363 via User:getDefaultOptions().
18364 * (bug 30497) Add client-nojs and client-js classes on document element
18365 to let styles easily hide or show things based on general JS availability.
18366 * (bug 31293) If Special:Userlogin is loaded over HTTPS, display
18367 MediaWiki:loginend-https instead of MediaWiki:loginend, if it's not empty.
18368 Same for signupend on the account creation page.
18369 * (bug 31233) New OutputPage::addJsConfigVars() method to make the output page
18370 specific mw.config map extendable.
18371 * mw.util.wikiScript has been implemented (like wfScript in
18372 GlobalFunctions.php).
18374 === Bug fixes in 1.18 ===
18375 * (bug 27860) Minor edit after clicking 'new section' tab.
18376 * (bug 23119) WikiError class and subclasses are now marked as deprecated.
18377 * (bug 10871) Javascript and CSS pages in MediaWiki namespace are no longer
18378 treated as wikitext on preview.
18379 * (bug 22753) Output from update.php is more clear when things changed, entries
18380 indicating nothing changed are now all prefixed by "...".
18381 * Page existence is now not revealed (in the colour of the tabs) to users who
18382 cannot read the page in question.
18383 * (bug 19006) {{REVISIONUSER}} no longer acts like {{CURRENTUSER}} in some
18385 * (bug 16019) $wgArticlePath = "/$1" no longer breaks API edit/watch actions.
18386 * (bug 18372) File types blacklisted by $wgFileBlacklist will no longer be shown
18387 as "Permitted file types" on the upload form.
18388 * (bug 26379) importImages.php gives more descriptive error message on failure.
18389 * (bug 26410) + signs are no longer treated as spaces in internal links if
18390 link has a % sign in it.
18391 * (bug 26412) Search results headers no longer show a bogus edit link.
18392 * (bug 26540) Fixed wrong call to applyPatch in MysqlUpdater.
18393 * (bug 26574) Added 'upload' to $wgRestrictionTypes, allowing upload protected
18394 pages to be queried via the API and Special:ProtectedPages, and allowing
18395 disabling upload protection by removing it from $wgRestrictionTypes.
18396 * If an edit summary exceeds 250 bytes and is truncated, add an ellipse.
18397 * (bug 26638) Database error pages display correctly in RTL languages.
18398 * (bug 26187) Confirmrecreate no longer parses the edit summary.
18399 * (bug 26208) Mark directionality of some interlanguage links.
18400 * (bug 26034) Make the "View / Read" tab in content_navigation style tabs remain
18401 selected when the action is "purge".
18402 * (bug 14267) Support a MediaWiki:Mainpage-nstab override for the subject
18403 namespace tab on the mainpage of a wiki.
18404 * (bug 10158) Do not mention allowing others to contact you when the feature
18405 is disabled ($wgEnableUserEmail=false).
18406 * (bug 26733) Wrap initial table creation in transaction.
18407 * (bug 26729) Category pages should return 404 if they do not exist and have no
18409 * (bug 2585) Image pages should send 404 if no image, no shared image and no
18411 * Custom editintro's using the editintro url parameter will no longer show
18412 <noinclude> sections on pages they are included on.
18413 * (bug 26449) Keep underlines from headings outside of tables and thumbs by
18414 adding overflow:hidden to h1,h2,h3,h4,h5,h6 (also fixes editsection bunching).
18415 * (bug 26708) Remove background-color:white from tables in Monobook and Vector.
18416 * (bug 28422) Remove color:black from tables in Monobook and Vector. And add it
18417 to table.wikitable instead.
18418 * (bug 26781) {{PAGENAME}} and related parser functions escape their output
18420 * (bug 26716) Provide link to instructions for external editor related
18421 preferences and add a comment to the ini control file explaining what is
18423 * Trying to upload a file with no extension or with a disallowed MIME type now
18424 gives the right message instead of complaining about a MIME/extension
18426 * (bug 26809) Uploading files with multiple extensions where one of the
18427 extensions is blacklisted now gives the proper extension in the error message.
18428 * (bug 26961) Hide anon edits in watchlist preference now actually works.
18429 * (bug 19751) Filesystem is now checked during image undeletion.
18430 * Send last modified headers for Special:Recentchanges when RC patrol is
18431 enabled, but user cannot see rc patrol links.
18432 * (bug 26548) ForeignAPIRepo (InstantCommons) now works with PDF files
18433 and other multi-paged file formats.
18434 * Files with a mime type that does not match the extension are now properly
18436 * (bug 27201) Special:WhatLinksHere output no longer contains duplicate IDs.
18437 * (bug 15905) Nostalgia skin could become more usable by including a Talk:
18438 link at the top of the page.
18439 * (bug 27560) Search queries no longer fail in Walloon language.
18440 * (bug 27679) Broken embedded files with special characters are no longer
18441 double HTML escaped.
18442 * (bug 27700) The upload protection can now also be set for files that do not
18444 * (bug 27763) Article::getParserOutput() no longer throws a fatal given when an
18445 incorrect revision ID is passed.
18446 * Trim the form field for uploading by url to remove extra spaces which could
18447 cause confusing error messages.
18448 * (bug 27854) Http::isValidURI is way too lax.
18449 * Do not show enotifminoredits preference, if disabled by $wgEnotifMinorEdits.
18450 * AbortLogin returning "ABORTED" now handled. Also allows message identifier
18451 for "ABORTED" reason to be returned and displayed to user.
18452 * (bug 28034) uploading file to local wiki when file exists on shared repository
18453 (commons) gives spurious info in the warning message.
18454 * Usernames get lost when selecting different sorts on Special:listfiles.
18455 * (bug 14005) editing section 0 of an existing but empty page gives no such
18457 * (bug 26939) Installer does not set $wgMetaNamespace.
18458 * (bug 28166) UploadBase assumes that 'edit' and 'upload' rights are not per
18460 * Make truncate function automatically consider length of '...' string,
18461 since length can vary by localization.
18462 * (bug 28242) Make redirects generated by urls containing a local interwiki
18463 prefix be a 301 instead of a 302.
18464 * (bug 15641) blocked administrators are now prevented from deleting or
18465 protecting their own talk page; and all blocked users are more
18466 comprehensively prevented from performing other actions.
18467 * (bug 27893) Edit-on-doubleclick now applies only on view and purge actions;
18468 no longer triggers unexpectedly on delete, history etc.
18469 * (bug 28417) Fix PHP notice when importing revision without a listed id.
18470 * (bug 28430) Make html and TeX output of <math> always be left-to-right.
18471 * (bug 28306) Fix exposure of suppressed usernames in ForeignDBRepo.
18472 * (bug 28372) Fix bogus link to suppressed file versions in ForeignDBRepo.
18473 * (bug 27473) Fix regression: bold, italic no longer interfere with linktrail
18475 * (bug 28444) Fix regression: edit-on-doubleclick retains revision id again.
18476 * ' character entity is now allowed in wikitext.
18477 * UtfNormal::cleanUp on an invalid utf-8 sequence no longer returns false if
18479 * (bug 28561) The css class small will no longer make nested elements even
18481 * (bug 13172) Array type exif data (like GPS) was not being extracted from
18483 * (bug 28532) wfMsgExt() and wfMsgWikiHtml() use $wgOut->parse().
18484 * (bug 16129) Transcluded special pages expose strip markers when they output
18486 * (bug 27249) "Installed software" table in Special:Version should always be
18488 * (bug 28719) Do not call mLinkHolders __destruct explicitly.
18489 * (bug 21196) Article::getContributors() no longer fails on PostgreSQL.
18490 * (bug 28752) XCache doesn't work in CLI mode.
18491 * (bug 28076) Thumbnail height limited to 360 pixels on Special:Listfiles.
18492 * (bug 22227) Special:Listfiles no longer throws an error on bogus file entries.
18493 * (bug 19408) user_properties.up_property: 32 bytes is not enough.
18494 * (bug 25262) Fix for minification of hardcoded data: URIs in CSS.
18495 * (bug 29263) Add LTR class to the shared CSS to be used for left-to-right text
18496 such as SQL queries shown in dberrortext and similar messages in RTL
18498 * (bug 14977) Fixed $wgServer detection in cases where an IPv6 address is used
18499 as the server name.
18500 * The View X deleted revisions is now shown again on Special:Upload.
18501 * (bug 29071) mediawiki.action.watch.ajax.js should pass uselang to API.
18502 * (bug 28868) Show total pages in the subtitle of an image on the
18503 file description page for multi-paged documents.
18504 * (bug 28883) Message names for different compression types commonly
18505 used in Tiff files.
18506 * When transcluding a special page, do not let it interpret url parameters.
18507 * (bug 28887) Special page classes are no longer re-used during 1 request.
18508 * (bug 28888) Searching for something starting with a # sign no longer tells
18509 the user a page named [[:]] already exists.
18510 * (bug 23002) Imagelinks table not updated after imagemove.
18511 * (bug 27864) Transcluding {{Special:Prefix}} with empty prefix now lists all
18513 * (bug 18803) JPEG2000 images should not be uploadable as .jpg files.
18514 * (bug 11868) If using links to count articles, the checking will now be based
18515 on the real presence of an internal link instead of the "[[" string.
18516 * (bug 28287) The "your changes" box for edit conflicts is now read-only.
18517 * (bug 28940) When making a thumb of an SVG, and only specifying the height
18518 make the width be the max SVG size, not the natrual width of the SVG.
18519 * (bug 1780) Uploading files with non-ascii characters are now forbidden on
18521 * (bug 23464) File: prefixes are now chopped off during uploading.
18522 * (bug 28174) Message config-logo-help amended to not explicitly assume any
18523 LTR/RTL screen layout.
18524 * (bug 28992) Revision numbers in the patrol log are transformed in the user
18526 * (bug 27073) ResourceLoaderDynamicStyles marker should be dynamically appended
18527 to the document head if it doesn't exist.
18528 * (bug 27023) After the document is ready, mw.loader is broken (calls callback
18529 before module is parsed).
18530 * (bug 4330) External URLs without a custom title should be treated as LTR,
18532 * (bug 29055) Make "don't send email on minor edits" preference apply to
18533 changes to talk page in addition to watchlist edits.
18534 * (bug 28272) Special:AllMessages should have only one "Go" button.
18535 * (bug 29101) Special:FileDuplicateSearch no longer shows silly message.
18536 * (bug 29048) jQuery.tabIndex: firstTabIndex() should not output the same
18538 * (bug 29332) Warn if user requests mediawiki-announce subscription but does not
18539 enter an e-mail address.
18540 * (bug 25375) Add canonical namespaces to "wgNamespaceIds" in mw.config.
18541 * The class JpegOrTiffHandler was renamed ExifBitmapHandler.
18542 * (bug 29443) Special:Undelete should use JavaScript to invert all checkboxes
18543 instead of reloading the page.
18544 * (bug 29325) Setting $wgStrictFileExtensions to false no longer gives incorrect
18546 * (bug 29437) Multiple apostrophes in deleted article title cause odd rendering.
18547 * (bug 29485) RSS feed of Special:RecentChange grouped together multiple
18548 consecutive edits by same user in included diff, but then linked to
18549 a single ungrouped diff.
18550 * Do not try to group together a page creation and edit in the RSS feed of RC.
18551 * (bug 29342) Patrol preferences shouldn't be visible to users who don't have
18552 patrol permissions.
18553 * (bug 29471) Exception no longer thrown for files with invalid date in
18555 * (bug 29492) Long-running steps in the installer (such as Upgrade and Install)
18556 no longer cause timeouts.
18557 * (bug 29507) Change 'image link' to 'file link' in Special:Whatlinkshere.
18558 * If the db is really screwed up, and doesn't have a recentchanges table,
18559 make the updater throw an exception instead of a fatal.
18560 * wfArrayToCGI() and wfCgiToArray() now handle nested and associative arrays
18562 * (bug 29567) mw.util.addPortletLink should only wrap link in <span> for
18563 "vectorTabs" portlets.
18564 * (bug 8556) Incorrect session failure warning on preview-on-open
18565 namespaces (categories) when combined with $wgRawHtml.
18566 * Use content language in formatting of dates in revertpage message
18567 (rollback revert edit summary) and do not adjust for user timezone.
18568 * (bug 29277) MediaWiki:Filepage.css is also shown on the local wiki
18569 * Make sure Backlink cache does not retrieve interwiki redirects when looking
18570 for redirects to a local page.
18571 * (bug 6100) Allow different directionality (LTR/RTL) for user interface
18572 and wiki content, along with many other RTL and directionality improvements
18573 (such as bugs 28030, 12406, 28349).
18574 * (bug 29712) Removed broken defaultUserOptionOverrides in MessagesXx files and
18575 unneeded CSS flipping of quickbar. Instead, introduce option 5 which sets
18576 left/right according to the directionality of your interface language.
18577 * (bug 19514) Unordered list list-style-image should be IE6-compatible (8-bit).
18578 * (bug 27410) The tag filter on a history page is now within a <label> element.
18579 * (bug 29779) DairikiDiff/WikiDiff <ins> and <del> should undo browser default
18580 styling (strike/underline).
18581 * (bug 28630) Add iwlinks, langlinks, redirect to
18582 RefreshLinks::deleteLinksFromNonexistent.
18583 * (bug 29797) Error: "Tried to load block with invalid type" when subpages
18584 are disabled for user pages.
18585 * (bug 12205) Bidirectional names in action=credits are split and displayed
18586 incorrectly when wrapped to the next line.
18587 * (bug 20781) Move 'mainpagetext' messages to installer's .i18n file.
18588 * (bug 29737) "MediaWiki:Qbsettings-directionality" should refer to script,
18590 * (bug 26360) $wgSessionHandler was overriding system settings unconditionally.
18591 * Removed AjaxFunctions.php. The last remaining function js_unescape() was moved
18592 to the FCKEditor extension.
18593 * (bug 28762) Resizing to specified height broken for very thin images.
18594 * (bug 29959) Installer fatal when cURL and allow_url_fopen is disabled and user
18595 tries to subscribe to mediawiki-announce.
18596 * (bug 27427) mw.util.getParamValue shouldn't return value from hash even if
18597 param is only present in hash.
18598 * Installer checked for magic_quotes_runtime instead of register_globals.
18599 * (bug 30131) XCache with variable caching disabled no longer used for variable
18600 caching (CACHE_ACCEL)
18601 * $wgSVGMaxSize is now applied to the smaller of width or height, making very
18602 wide pano/timeline/diagram SVGs renderable at saner sizes.
18603 * (bug 30219) The page shown when LocalSettings.php does not exist was broken on
18605 * (bug 30074) Moving user JS subpages resulted in JS errors because
18606 #REDIRECT [[Foo]] is invalid JS.
18607 * (bug 30335) Fix for HTMLForms using GET breaking when non-friendly URLs
18609 * (bug 30264) Changed installer-generated LocalSettings.php to use
18610 require_once() instead of require() for included extensions.
18611 * Tracking categories are no longer shown in footer for special pages.
18612 * (bug 30684) Fix bad escaping in mw.message for inexistent messages (i.e.
18614 * $wgOverrideSiteFeed no longer double escapes urls.
18615 * The preprocessor no longer fails with a PHP warning about XML_PARSE_HUGE when
18616 processing complex pages using newer versions of libxml2.
18617 * (bug 30907) Special:Unusedcategories should sort ascendingly.
18618 * (bug 28545) When using the uca-default collation, sortkey's starting with a
18619 space (U+20) will sort under an invisible header like in 1.16 rather than a
18621 * (bug 30192) Thumbnails of archived files are now deleted.
18622 * (bug 30843) mediawiki.Title should not convert extensions (anything after the
18623 last full stop) to lower case).
18624 * (bug 31213) Exception thrown when trying to move file cross-namespace.
18625 * (bug 18424) Special:Prefixindex and Special:Allpages paging links are
18626 really small, and somewhat inconsistent with each other.
18627 * (bug 30466) Entries in iwlinks table are now cleared when moving a page over
18629 * (bug 31674) Can't edit watchlist if it contains special pages.
18630 * (bug 32100) Installer complains about Suhosin GET limit even if it is
18631 already set above 1024 bytes.
18633 === API changes in 1.18 ===
18634 * BREAKING CHANGE: action=watch now requires POST and token.
18635 * (bug 26339) Throw warning when truncating an overlarge API result.
18636 * (bug 14869) Add API module for accessing QueryPage-based special pages.
18637 * (bug 14020) API for Special:Unwatchedpages.
18638 * (bug 24287) Wrap API Help output at 100 characters.
18639 * Add a realname uiprop option to query=userinfo so a user's realname can be
18641 * Add a &watchuser option to ApiBlock.
18642 * (bug 26541) Generator-ise ApiQueryRecentChanges.
18643 * action=parse now correctly returns an error for nonexistent pages.
18644 * (bug 25767) Add userrights properties to allusers and users query lists.
18645 * (bug 26558) list=allusers auprop=groups does not list groups a user is
18646 automatically a member of.
18647 * (bug 26559) list=allusers auprop=rights does not match
18648 list=users usprop=rights.
18649 * (bug 26560) On allusers if limit < total number of users, last user gets
18651 * (bug 25135) add "normalized" to action=parse.
18652 * (bug 26460) Add support for listing category members by category pageid.
18653 * (bug 26482) add a imimages param to prop=images.
18654 * (bug 26498) allow LinksUpdate with API.
18655 * (bug 26485) add a elextlinks param to prop=extlinks.
18656 * (bug 26483) add a iwtitles param to prop=iwlinks.
18657 * (bug 26484) add a lltitles param to prop=langlinks.
18658 * (bug 26480) add a pppageprops param to prop=pageprops.
18659 * (bug 26650) Remove $wgAPICacheHelp in favour of $wgAPICacheHelpTimeout.
18660 * (bug 24650) Fix API to work with categorylinks changes.
18661 * Expose list of skins in meta=siteinfo.
18662 * (bug 26548) Add iiurlparam param to query=imageinfo and query=stashimageinfo.
18663 * (bug 27205) aiprop=metadata and aiprop=parsedcomment need help text.
18664 * Add a amtitle param to meta=allmessages.
18665 * (bug 25832) query=allimages now outputs ns/title as well.
18666 * (bug 27199) Thumbnail urls can be fetched for old files as well.
18667 * (bug 27376) when using ApiBase::PARAM_TYPE => 'integer' without a min or
18668 max value, API doesn't validate the input is actually an integer.
18669 * (bug 27479) API error when using both prop=pageprops and
18670 prop=info&inprop=displaytitle.
18671 * (bug 27554) Update API information text to reflect change in bug 26125.
18672 * (bug 27611) list=blocks: Use ipb_by_text instead of join with user table.
18673 * (bug 27616) Add userid of blocked user and blocker to list=blocks.
18674 * (bug 27688) Simplify queries to list user block information.
18675 * (bug 27708) list=users does not have a property to return user id.
18676 * (bug 27715) imageinfo didn't respect revdelete.
18677 * (bug 27862) Useremail module didn't properly return success on success.
18678 * (bug 27590) prop=imageinfo now allows querying the media type.
18679 * (bug 27587) list=filearchive now outputs full title info.
18680 * (bug 27018) Added action=filerevert to revert files to an old version.
18681 * (bug 27897) list=allusers and list=users list hidden users.
18682 * (bug 27717) API's exturlusage module does not respect $wgMiserMode.
18683 * (bug 27588) list=filearchive&faprop=sha1 returns empty attribute.
18684 * (bug 28010) Passing a non existent user to list=users gives internal error.
18685 * (bug 27549) action=query&list=users&usprop=groups doesn't show implicit
18686 groups if a user doesn't have explicit groups.
18687 * (bug 27670) Ordering by timestamp (and usage of start and end) isn't as clear
18688 in auto generated document, as it is on mediawiki.org.
18689 * (bug 27182) API: Add filter by prefix for meta=allmessages.
18690 * (bug 27183) API: Add filter by customisation state for meta=allmessages.
18691 * (bug 27340) API: Allow listing of "small" categories.
18692 * (bug 27342) Add audir param to list=allusers.
18693 * (bug 27203) add fato param to list=filearchive.
18694 * (bug 27341) Add drto param to list=deletedrevs.
18695 * (bug 26630) Add API for Special:ActiveUsers.
18696 * (bug 27020) API: Allow title prefix search of logevents (only when not in
18698 * (bug 26629) add Special:MIMESearch to API.
18699 * (bug 27585) add pagecount to list=filearchive.
18700 * (bug 28104) Namespace for local pages in interwiki backlinks (iwbacklinks)
18702 * (bug 27343) Add parseddescription to list=filearchive.
18703 * (bug 27469) label implicit groups in list=allusers&auprop=groups/
18704 list=users&usprop=groups.
18705 * Addition of APIQuerySiteInfoGeneralInfo hook to add extra information to
18706 the general site info results.
18707 * (bug 16288) API: consider making closure status of wikis more clear
18708 with meta=siteinfo.
18709 * (bug 27589) list=allimages&aiprop=archivename is useless.
18710 * (bug 27586) Remove duplication of props in ApiQueryStashImageInfo
18711 by using ApiQueryImageInfo.
18712 * (bug 28226) prop=extlinks&eloffset should be an integer.
18713 * (bug 28070) Fix watchlist RSS for databases that store timestamps in a
18714 real timestamp field.
18715 * API upload errors may now return the parameter that needs to be changed and
18716 a sessionkey to fix the error.
18717 * (bug 28249) allow dupes in meta=allmessages&amargs.
18718 * (bug 28263) cannot import xml with the API, when have not "import" user
18719 right, but "importupload".
18720 * (bug 28365) Added description for uiprop=preferencestoken in meta=userinfo.
18721 * (bug 28394) Set forgotten parameters types in ApiUnblock.
18722 * (bug 28395) Set forgotten parameters types in ApiParse.
18723 * (bug 28368) add hint for multipart/form-data to API information of
18724 action=import&xml=.
18725 * (bug 28391) action=feedwatchlist&allrev should be a bool.
18726 * (bug 28364) add registration date to meta=userinfo.
18727 * (bug 28254) action=paraminfo: Extract type from PARAM_DFLT if
18728 PARAM_TYPE is not set.
18729 * (bug 27712) add parent_id to list=deletedrevs.
18730 * (bug 28455) Add 'toponly' to recentchanges API module.
18731 * (bug 26873) API: Add 'toponly' filter in usercontribs module.
18732 * (bug 28586) YAML: strings that are the same as boolean literals.
18733 * (bug 28591) Update/replace/supplement spyc (YAML parsing library).
18734 * YAML API output is now 1.2 compliant, using JSON as the formatter.
18735 * (bug 28672) give information about misermode on API.
18736 * (bug 28558) Add iw_api and iw_wikiid to meta=siteinfo&siprop=interwikimap
18737 * (bug 26882) Allow listing of indefinite protections with the API.
18738 * (bug 27344) add drprefix param to list=deletedrevs.
18739 * (bug 28560) list=deletedrevs should die, if combination of param is invalid.
18740 * (bug 28238) paraminfo: output both limits for multi param.
18741 * (bug 27179) API: List of extension tags through meta=siteinfo.
18742 * Get a list of function hooks through meta=siteinfo.
18743 * Get a list of all subscribed hooks, and those subscribers.
18744 * (bug 28225) Allow hiding of user groups in list=allusers.
18745 * (bug 27185) API: Add Special:ComparePages.
18746 * (bug 28265) allow outputting of comments for action=expandtemplates.
18747 * (bug 27790) Add query type for querymodules to output of ApiParamInfo.
18748 * (bug 28963) Add langbacklinks query module to the api.
18749 * (bug 27593) API should return error message when sha1/sha1base36 is invalid.
18750 * (bug 28578) API's parse module should not silently override invalid
18752 * (bug 20699) Watchlist API should list log-events.
18753 * (bug 29070) Require a token in API action=watch.
18754 * (bug 29221) Expose oldrevid in ApiQueryWatchlist output.
18755 * (bug 29267) Always give the servername for meta=siteinfo&siprop=dbrepllag.
18756 * (bug 28897) rvparse now respects rvsection for action=query&prop=revisions.
18757 * (bug 25734) API: Possible issue with revids validation.
18758 * (bug 28002) Internal error in ApiFormatRaw::getMimeType.
18759 * (bug 29237) ApiQuery now has an option to output the "iwurl" attribute.
18760 * (bug 28392) Mark action=undelete×tamps as type "timestamp".
18761 * (bug 21346) Make deleted images searchable by hash (disabled in Miser Mode).
18762 * (bug 27595) sha1 search of list=filearchive does not work.
18763 * (bug 26763) Make RSS/Atom of user contributions more visible.
18764 * (bug 25133) Allow redirects also for action=parse&pageid.
18765 * (bug 29745) Fatal error in API search.
18766 * (bug 29476) API returns page title instead of sectiontitle for
18767 srprop=sectiontitle.
18768 * Correct the documentation of srprop properties.
18769 * (bug 28817) Add reference help page link to API Modules.
18770 * (bug 29935) Improve formatting of examples in ApiParamInfo.
18771 * (bug 29938) list=users&usprop=rights shows rights the user doesn't have.
18772 * (bug 24781) The API will include an XML namespace if the includexmlnamespace
18774 * (bug 29392) Setting the start or end parameter now works with lists blocks,
18775 categorymembers, deletedrevs, logevents, protectedtitles, usercontributions
18776 and watchlist in Postgres.
18778 === Languages updated in 1.18 ===
18780 MediaWiki supports over 330 languages. Many localisations are updated
18781 regularly. Below only new and removed languages are listed, as well as
18782 changes to languages because of Bugzilla reports.
18784 * Angika (anp) (new).
18785 * Brahui (brh) (new).
18786 * Central Dusun (dtp) (new).
18787 * Jamaican Creole English (jam) (new).
18788 * Khowar (khw) (new).
18790 * Kichwa (qug) (new).
18791 * Tokipona (tp) (removed) 'tokipona' is still valid.
18792 * (bug 17160) Gender specific display text for User namespace.
18793 * Link trail added for sl and sh.
18794 * (bug 27633) Add characters to linkTrail for Portuguese (pt and pt-br).
18795 * (bug 27426) Set $namespaceGenderAliases for Arabic (ar).
18796 * (bug 27385) Set Polish $namespaceGenderAliases.
18797 * (bug 27681) Set $namespaceGenderAliases for Portuguese (pt and pt-br).
18798 * (bug 27785) Fallback language for Kabardian (kbd) is English now.
18799 * (bug 27825) Raw watchlist edit message now uses formatted numbers.
18800 * (bug 28040) Turkish: properly lower case 'I' to 'i' (dotless i) and
18801 uppercase 'i' to 'I' (dotted i).
18802 * Conversion script between Syllabics and Latin for the Inuktitut language.
18803 * Date formats for Indonesian (id) updated.
18804 * Bhojpuri (bho) (renamed from "bh").
18805 * (bug 29031) When translating block log entries, indefinite, infinite, and
18806 infinity are now considered the same.
18807 * Aromanian (rup) (renamed from "rua-rup").
18808 * Kashmiri (ks) split into Kashmiri (Perso-Arabic) (ks-arab) and Kashmiri
18809 (Devanagari) (ks-deva). Defaults to ks-arab.
18810 * (bug 30864) Use bengali numerals for <ol> for Assamese.
18811 * (bug 30817) Restored linktrail for kk (Kazakh).
18812 * (bug 27398) Add $wgExtraGenderNamespaces for configured gendered namespaces.
18813 * (bug 30846) New LanguageOs class.
18815 === Other changes in 1.18 ===
18816 * Removed legacy wgAjaxWatch javascript global object, no longer in use.
18817 * (bug 28556) Upload support for MacBinary files has been removed (Used by
18818 Internet Explorer 5 for Mac OS 9).
18819 * On wiki farm setups using $wgConf, 'wgCanonicalServer' is now expected to be
18820 set for all wikis. This was already the case for 'wgServer'.
18822 == MediaWiki 1.17 ==
18824 == MediaWiki 1.17.5 ==
18827 This is a security release of the MediaWiki 1.17 branch.
18829 === Summary of selected changes in 1.17 ===
18831 Selected changes since MediaWiki 1.16 that may be of interest:
18833 * A new installer has been introduced. It has a wizard-style interface which is
18834 translated into many languages. Many shortcomings in the old installer were
18835 addressed with this rewrite. Note that it is no longer required for the config
18836 directory to be made writable by the webserver. Instead the generated
18837 LocalSettings.php file is offered as a download, which you must then upload
18838 to the wiki's base directory.
18840 * ResourceLoader, a new framework for delivering client-side resources such as
18841 JavaScript and CSS, has been introduced. These resources are now delivered
18842 through the new entry point script "load.php", instead of as static files
18843 served directly by the web server. This allows minification, compression and
18844 client-side caching to be used more effectively, which should provide a net
18845 performance improvement for most users.
18847 * Category sorting has been improved.
18848 ** Sorting is now case insensitive.
18849 ** Sub-categories, pages and files can now be paged separately.
18850 ** When several pages are given the same sort key, they sort by their
18851 names instead of randomly.
18853 * The lowest supported version of PHP is now 5.2.3. If necessary, please
18854 upgrade PHP prior to upgrading MediaWiki.
18856 === Changes since 1.17.4 ===
18858 * (bug 36938) Correctly escape uselang attribute to prevent xss
18859 * Expanded Blacklist for SVG Files
18861 === Changes since 1.17.3 ===
18863 * (bug 35961) Hash comparison should always be strict.
18864 * Fix broken email confirmation expiration caused by MWCryptRand changes.
18865 * (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php
18868 === Changes since 1.17.2 ===
18870 * (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in
18871 core parser functions which operate on strings, such as padleft.
18872 * (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token
18874 * (bug 34907) Fixed exposure of tokens through load.php that could have
18875 facilitated CSRF attacks.
18876 * (bug 35317) CSRF in Special:Upload.
18878 === Changes since 1.17.1 ===
18879 * (bug 33117) prop=revisions allows deleted text to be exposed through cache
18881 * (bug 32709) Private Wiki users were always taken to Special:Badtitle on login.
18883 === Changes since 1.17.0 ===
18885 * (bug 29535) Added missing Creative Commons CC0 icon.
18886 * (bug 29726) Fixed failure to load internationalization messages in
18887 client-side scripts on WebKit-based browsers.
18888 * Fixed a bug in message transformation where the previous language could leak
18889 into later transformations in the UI language.
18890 * (bug 29091) Fixed form of native name for Ossetic language (Иронау -> Ирон)
18891 * Fixed maintenance scripts upgrade1_5.php and rebuildImages.php, they did not
18892 work at all since 1.17 beta 1.
18893 * (bug 29531) Fixed img_auth.php for thumbnails and other filenames with
18894 multiple dots, was broken by the fix for bug 28840.
18895 * In the maintenance script purgeList.php, fixed a fatal error when a page
18896 title is given, instead of a URL.
18897 * (bug 19514) Unordered list list-style-image should be IE6-compatible (8-bit).
18898 * Installer checked for magic_quotes_runtime instead of register_globals.
18899 * $wgSVGMaxSize is now applied to the smaller of width or height, making very
18900 wide pano/timeline/diagram SVGs renderable at saner sizes.
18901 * (bug 29959) Installer fatal when cURL and allow_url_fopen is disabled and user
18902 tries to subscribe to mediawiki-announce.
18903 * Installer checked for magic_quotes_runtime instead of register_globals
18904 * (bug 30131) XCache with variable caching disabled no longer used for variable
18905 caching (CACHE_ACCEL)
18906 * (bug 30264) Changed installer-generated LocalSettings.php to use
18907 require_once() instead require() for included extensions.
18908 * (bug 26486) ResourceLoader modules with paths to nonexistent files cause PHP
18909 warnings/notices to be thrown
18910 * (bug 30907) Special:Unusedcategories should sort ascendingly.
18911 * (bug 30219) The page shown when LocalSettings.php does not exist was broken on
18913 * Hardcoded NLS_NUMERIC_CHARACTERS for Oracle DB to prevent type conversion
18915 * Fixed recentchanges FK violation on page delete and cache purge error in
18916 updater for Oracle DB.
18917 * (bug 32276) Skins were generating output using the internal page title which
18918 would allow anonymous users to determine whether a page exists, potentially
18919 leaking private data. In fact, the curid and oldid request parameters would
18920 allow page titles to be enumerated even when they are not guessable.
18921 * (bug 32616) action=ajax requests were dispatched to the relevant internal
18922 functions without any read permission checks being done. This could lead to
18923 data leakage on private wikis.
18925 === Changes since 1.17.0rc1 ===
18927 * Fixed syntax error in generated LocalSettings.php when a non-default user
18928 rights profile is chosen.
18929 * (bug 29399) Fixed PostgreSQL installation when the DB user for installation
18930 is the same as the one for web access.
18931 * (bug 29233) Fixed failover for DB slave servers. When a DB slave went down,
18932 an error was immediately shown to the user, instead of trying another slave.
18933 Was broken since 1.17 beta 1.
18934 * (bug 29278) Fixed PHP fatal error when attempting to add text to a page via a
18936 * (bug 29408) Fixed uploads of files with MIME types that aren't detected by
18938 * Removed DEFAULT '' NOT NULL field definitions from Oracle DB schema because
18939 using the DEFAULT value ('') in DML broke Oracle backend as it treats an
18940 empty VARCHAR2 value as NULL. Indexes on Oracle do not require NOT NULL
18943 === Changes since 1.17 beta 1 ===
18945 * Fixed warning about missing file "password.js".
18946 * When installing on MySQL, don't attempt to create a new database user if the
18947 same user is used for installation and web access.
18948 * Fixed SQL query errors in queries with table aliases.
18949 * (bug 27891) Fixed the "chronology protector", broken since 1.17beta1, which
18950 ensures that when database replication is used, the new version is seen by
18951 the user immediately after they create or edit an article.
18952 * (bug 28845) Allow PostgreSQL installation using a non-root user account which
18953 has role creation abilities.
18954 * When installing on PostgreSQL and the install account is the same as the web
18955 account, check to make sure that the account has suitable privileges in the
18957 * (bug 28172) Fixed error in PostgreSQL installation when creating the wiki
18959 * Fixed an issue with the Oracle installer in cases where the user is different
18960 to the database name.
18961 * Added "unblockself" to the list of available rights.
18962 * In the installer, fixed the "user rights profile" option, it never worked.
18963 * (bug 29117) Fixed Hebrew localisation of the installer.
18964 * (bug 28840) Reduce the collateral damage caused by the fix for bug 28235 (XSS
18965 on Internet Explorer 6 due to a file extension in the query string) by
18966 reducing the number of URLs that are blocked, and by redirecting the request
18967 to a safer URL where possible instead of blocking it.
18968 * (bug 28812) Fixed documentation of API action=parse.
18969 * (bug 28979) Fixed styling of <abbr> and <acronym>.
18970 * Fixed the error message displayed when you try to create an account by email,
18971 but an email address is not given.
18972 * Fixed JS error due to missing dependency for jquery.suggestions.
18973 * Exposed $wgExtensionAssetsPath in JavaScript.
18974 * (bug 28738) Made ResourceLoader support environments with small URL length
18975 limits. The length limit can be configured via
18976 $wgResourceLoaderMaxQueryLength, and this is set automatically in the
18977 generated LocalSettings.php when the php.ini variable
18978 "suhosin.get.max_value_length" is set. When a URL exceeds this limit, the
18979 request is split up. Also, reduced the average length of load.php URLs by
18980 using a more compact parameter format.
18981 * (bug 25262) Fix for minification of hardcoded data: URIs in CSS.
18982 * (bug 25124) Respect $wgStyleDirectory in ResourceLoader.
18983 * Allow installation when no HTTP client is available, don't throw an exception.
18984 * (bug 27465) Fix metadata extraction for SVG files using unusual namespace
18986 * (bug 29174) Fix regression in upload-by-URL: uploading files larger than the
18987 PHP memory limit should work again.
18988 * Fixed the display of comments in the new user log.
18989 * (bug 28237) When installing extensions using the web-based installer, create
18990 any necessary database tables.
18991 * (bug 28983) Fixed automated installation of extensions that overwrite $path.
18992 * Fixed error caused by missing magic words.
18993 * Fixed breakage of article editing in PostgreSQL due to text search
18994 configuration errors.
18995 * Fixed the HTTPS client used when Curl is not available. This avoids an error
18996 during install about failure of the mediawiki-announce subscription.
18997 * (bug 28162) When installing to PostgreSQL, respect the "database port" input,
19000 === Configuration changes in 1.17 ===
19002 * $wgLogAutocreatedAccounts controls whether autocreation of accounts is logged
19004 * (bug 22858) $wgLocalStylePath is by default set to the same value as
19005 $wgStylePath but should never point to a different domain than the site is
19006 on, allowing skins to use .htc files which are not cross-domain friendly.
19007 * $wgFileStore has been deprecated. The only usage $wgFileStore['deleted'] has
19008 been turned into $wgDeletedDirectory.
19009 * $wgDeletedDirectory has been added to specify what directory to place deleted
19011 * IBM DB2 database no longer uses the db specific $wgDBport_db2 variable but the
19013 * $wgCategoryPrefixedDefaultSortkey was removed and is now always false. This
19014 provides more sensible sorting behavior for categories.
19015 * Removed unused globals: $wgEnableSerializedMessages, $wgCheckSerialized,
19016 $wgUseMemCached, $wgDisableSearchContext, $wgColorErrors, $wgUseZhdaemon,
19017 $wgZhdaemonHost and $wgZhdaemonPort.
19018 * (bug 24408) The include_path is not modified in the default LocalSettings.php
19019 * $wgVectorExtraStyles was removed, and is no longer in use.
19020 * Removed $wgUpdates for database updates; extensions should use
19021 DatabaseUpdater::addExtensionUpdate() via the LoadExtensionSchemaUpdates hook.
19022 * Removed $wgServerName. It doesn't need to be set anymore and is no longer
19023 available as input for other configuration items, either.
19024 * It's no longer necessary for LocalSettings.php to include DefaultSettings.php.
19025 * It's no longer necessary to set $wgCacheEpoch to the file modification time
19026 of LocalSettings.php, in LocalSettings.php itself. Instead, this is done
19027 automatically if $wgInvalidateCacheOnLocalSettingsChange is true (which is
19029 * $wgCopyrightIcon is deprecated and $wgFooterIcons['copyright']['copyright']
19030 should be used instead.
19031 * $wgSysopUserBans is deprecated, and will be made permanently true in 1.18.
19032 If you need this functionality, you should use the BlockIp hook to filter and
19033 reject such blocks.
19034 * $wgSysopRangeBans is deprecated, you should set $wgBlockCIDRLimit to maximum
19035 (32 for IPv4, 128 for IPv6), equivalent to allowing rangeblocks of only 1
19038 === New features in 1.17 ===
19040 * (bug 10183) Users can now add personal styles and scripts to all skins via
19041 User:<name>/common.css and /common.js (if user css/js is enabled).
19042 * (bug 22748) Add anchors on Special:ListGroupRights.
19043 * (bug 21981) Add parameter 'showfilename' to <gallery> to automatically
19044 apply the names of the individual files within the gallery.
19045 * Future-proof redirection to fragments in Gecko, so things work a little nicer
19046 if they fix <https://bugzilla.mozilla.org/show_bug.cgi?id=516293>.
19047 * Support git:// and mms:// protocols by default for external links.
19048 * (bug 15810) Blocked admins can no longer unblock themselves without the
19049 'unblockself' permission (which they have by default).
19050 * (bug 18499) Added "enhanced" URL parameter to switch between old and enhanced
19052 * (bug 22925) "sp-contributions-blocked-notice-anon" message now displayed when
19053 viewing contributions of a blocked IP address.
19054 * (bug 22474) {{urlencode:}} now takes an optional second parameter for type of
19056 * Special:Listfiles now supports a username parameter.
19057 * Special:Random carries over query string parameters.
19058 * (bug 23206) Add Special::Search hook for detecting successful "Go".
19059 * When visiting a "red link" of a deleted file, a deletion and move log excerpt
19060 is provided on the Upload form.
19061 * (bug 22647) Add category details in search results.
19062 * (bug 23276) Add hook to Special:NewPages to modify query.
19063 * Add accesskey 's' and tooltip to 'Save' button at Special:Preferences.
19064 * Add accesskey 'b' and tooltip to the summary field of edit mode.
19065 * (bug 20186) Allow filtering Special:Contributions for RevisionDeleted edits.
19066 * ajaxwatch now uses the API and JQuery, and can be used to animate arbitrary
19067 watch links, not just to watch the page the link is on.
19068 * (bug 20976) "searchmenu-new-nocreate" message now displayed when there
19069 is no title match in search and the user has no rights to create pages.
19070 * (bug 23429) Added new hook WatchlistEditorBuildRemoveLine.
19071 * (bug 22844) Added support for WinCache object caching (for IIS).
19072 * (bug 23580) Add two new events to LivePreview so that scripts can be notified
19073 about the beginning and finishing of LivePreview actions.
19074 * (bug 21278) Now the sidebar allows inclusion of wiki markup.
19075 * (bug 23733) Add IDs to messages used on CSS/JS pages.
19076 * Show validity period of the login cookie in Special:UserLogin and
19077 Special:Preferences.
19078 * Interlanguage links display the page title in their tooltip.
19079 * (bug 23621) New Special:ComparePages to compare (diff) two articles.
19080 * (bug 4597) Provide support in Special:Contributions to show only "current"
19082 * (bug 17857) {{anchorencode}} acts more like how the parser creates section ids
19083 * (bug 21477) \& can now be used in <math>
19084 * (bug 11641) \dotsc \dotsm \dotsi \dotso can now be used in <math>
19085 * (bug 21475) \mathtt and \textsf can now be used in <math>
19086 * texvc is now run via ulimit4.sh, to limit execution time.
19087 * SQLite now supports $wgSharedDB.
19088 * (bug 8507) Group file links by namespace:title on image pages.
19089 * Stop emitting named entities, so we can use <!DOCTYPE html> while still being
19091 * texvc now supports \bcancel and \xcancel in addition to \cancel and \cancelto
19092 * Added scriptExtension setting to $wgForeignFileRepos.
19093 * ForeignApiRepo uses scriptDirUrl if apiBase not set.
19094 * (bug 24212) Added MediaWiki:Filepage.css which is also included on foreign
19096 * (bug 14685) Double underscore magic word usage is now tracked in the
19097 page_props table, as well as the behavioral magic words {{DEFAULTSORT}} and
19099 * (bug 24045) MediaWiki:Ipb-needreblock is now wrapped in a div with class
19100 "mw-ipb-needreblock"
19101 * Non-file pages can no longer be moved to the file namespace, nor vice versa.
19102 * (bug 671) The <dfn>, <kbd> and <samp> elements have been whitelisted in user
19104 * (bug 21503) There's now a "reason" field when creating account for other
19106 * (bug 24418) action=markpatrolled now requires a token.
19107 * A variety of category sort-related fixes, including:
19108 ** (bug 164) In English, lowercase and uppercase letters now sort the same.
19109 ** (bug 1211) Subcategories, ordinary pages, and files now page separately.
19110 ** When several pages are given the same sort key, they sort by their names
19111 instead of randomly.
19112 * (bug 23848) Add {{ARTICLEPATH}} Magic Word.
19113 * (bug 8140) Add dedicated CSS classes to Special:Newpages elements.
19114 * (bug 11005) Add CSS class to empty pages in Special:Newpages.
19115 * The parser cache is now shared amongst users whose different settings aren't
19117 * Any attribute beginning with "data-" can now be used in wikitext, per HTML5.
19118 * (bug 24007) Diff pages now mention the number of users having edited
19119 intermediate revisions.
19120 * Added new hook GetIP.
19121 * Special:Version now displays whether a SQLite database supports full-text
19123 * TS_ISO_8691_BASIC was added as a time format, which is used by ResourceLoader
19125 * Maintenance scripts get a --memory-limit option to override defaults (which
19126 is usually to set it to -1 to disable the limit).
19127 * (bug 25397) Allow uploading (not displaying) of WebP images, disabled
19129 * (bug 23194) Special:ListFiles now has thumbnails.
19130 * Use hreflang to specify canonical and alternate links, search engine friendly
19131 when a wiki has multiple variant languages.
19132 * (bug 19593) Specifying --server in now works for all maintenance scripts.
19133 * Now rebuildtextindex.php warns if SQLite doesn't support full-text search.
19134 * (bug 10541) Front/backend separation of installation/upgrade code.
19135 * (bug 10596) Allow installer to enable extensions already in extensions folder.
19136 * (bug 20627) Installer should be in languages other than English.
19137 * Support for metadata in SVG files (title, description).
19138 * Special:Search: Add CSS classes to 'none found' and 'create link' messages.
19139 * Add CSS classes (including namespace and pagename) to the enhanced recent
19140 changes/watchlist entries.
19141 * (bug 22463) Add hook 'SkinGetPoweredBy' to make 'powered by' icon/text
19143 * Added CSS print pagination to the print stylesheets.
19144 * (bug 25960) Add <link rel=canonical"> for File pages of shared/foreign
19146 * When viewing a redirect, the redirect arrow and redirection target are both
19147 wrapped in a div that has the class "redirectMsg" so that the redirection
19148 arrow can be customized with CSS.
19149 * (bug 21911) Hard coded limit for long page warning removed. New message
19150 [[MediaWiki:Longpage-hint]] (empty per default) can be used instead.
19151 Parameters: $1 shows the formatted textsize in Byte/KB/MB, $2 is the raw
19152 number of the textsize in Byte.
19153 * (bug 3276) Give image <gallery>s fluid width.
19154 * Added uploads link to page subtitle in Special:Contributions.
19155 * Added Special:Myuploads special page that redirects to Special:Listfiles.
19156 * The footerlinks used in Monobook/Vector/Modern are now part of common skin
19157 code, SkinTemplateOutputPageBeforeExec can be used to customize the list.
19158 * Special wrapping setups can now define MW_CONFIG_FILE to load a config file
19159 other than LocalSettings.php. This is like MW_CONFIG_CALLBACK but works in
19160 some cases where MW_CONFIG_CALLBACK will not work.
19161 * (bug 26574) Added 'upload' to $wgRestrictionTypes, allowing upload protected
19162 pages to be queried via the API and Special:ProtectedPages, and allowing
19163 disabling upload protection by removing it from $wgRestrictionTypes.
19164 * The name attribute of HTMLForm fields can now be overridden by passing a
19165 'name' key in the descriptor array. Hidden field names are now treated
19166 consistently with other fields and, by default, prefixed with 'wp'.
19167 * (bug 27402) Add support for disabling MWSuggest.
19168 * (bug 26563) Add bytes changed per revision for stub and full article dumps.
19169 * (bug 27508) Add $wgSVGMetadataCutoff to limit the maximum amount of an svg we
19170 look at when finding metadata to prevent excessive resource usage.
19171 * (bug 198) $wgUpgradeKey allows unlocking the web installer for upgrades
19172 without having to move LocalSettings.php
19173 * Added $wgAllowImageTag, which can be set to true to whitelist the <img> tag
19175 * (bug 12797) Add $wgGalleryOptions for adjusting of default gallery display
19177 * Added the $wgAllowUserCssPrefs option which allows disabling CSS-based
19178 preferences; which can improve page loading speed.
19179 * Added $wgSQLMode for setting database SQL modes - either performance (null)
19180 or other reasons (such as enabling stricter checks).
19181 * (bug 20193) Added $wgVectorShowVariantName global configuration variable
19182 which causes Vector to render the variants drop-down menu with a label
19183 showing the current variant name. This is off by default, pending further
19184 research into its user experience implications.
19185 * The upload link for missing files can now be set separately from the
19186 navigation link with $wgUploadMissingFileUrl.
19187 * $wgAdditionalMailParams added to allow setting extra options to mail() calls.
19188 * Added $wgSecureLogin to optionally login using HTTPS.
19189 * (bug 25728) Added $wgPasswordSenderName to make the name associated
19190 with $wgPasswordSender configurable.
19191 * (bug 22463) $wgFooterIcons added to allow configuration of the icons shown in
19192 the footers of skins.
19193 * $wgFileCacheDepth can be used to set the depth of the subdirectory hierarchy
19194 used for the file cache. Default value is 2, which matches former behavior.
19196 === Bug fixes in 1.17 ===
19198 * (bug 17560) Half-broken deletion moved image files to deletion archive
19199 without updating database.
19200 * (bug 22666) Submitting user block form with an invalid user name no longer
19202 * (bug 22665, bug 22667) User '0' can now be unblocked and have its block
19204 * (bug 22606) The body of e-mail address confirmation message is now different
19205 when the address changed.
19206 * (bug 22664) Special:Userrights now accepts '0' as a valid user name.
19207 * (bug 5210) Preload parser now parses <noinclude>, <includeonly> and
19209 * (bug 22709) IIS7 mishandles redirects generated by OutputPage::output() when
19210 the URL contains a colon.
19211 * (bug 22353) Categorised recent changes now works again.
19212 * (bug 22747) "Reveal my e-mail address in notification e-mails" preference is
19213 now only displayed when relevant.
19214 * (bug 22772) {{#special:}} parser function now works with subpages.
19215 * (bug 18664) Relative URIs in interwiki links cause failed redirects.
19216 * (bug 19270) Relative URIs in interwiki links break interwiki transclusion.
19217 * (bug 22903) Revdelete log entries now show in the user preferred language.
19218 * (bug 22905) Correctly handle <abbr> followed by ISBN.
19219 * (bug 22940) Namespace aliases pointing to main namespace don't work.
19220 * (bug 15810) Blocked admins can no longer block/unblock other users.
19221 * (bug 22876) Avoid possible PHP Notice if $wgDefaultUserOptions is not
19223 * (bug 14952) Page titles are renormalized after html entities are removed so
19224 that links with non-NFC character references work correctly.
19225 * (bug 22991) wgUserGroups JavaScript variable now reports * group for
19226 anonymous users instead of null.
19227 * (bug 22627) Remove PHP notice when deleting a page only hidden users edited.
19228 * (bug 21520) Anonymous previews now also gives a warning about not being
19229 logged in (anonpreviewwarning).
19230 * (bug 22935) image/x-ms-bmp mime type added for BMP files.
19231 * (bug 23024) Special:ListFiles now escapes file names correctly.
19232 * (bug 22867) "View source" tab is now only displayed if there's source text.
19233 * (bug 19393) Feeds now format dates in user language rather than content
19235 * (bug 22852) "Served in" comment is now the time used to cache a single page
19236 when using rebuildFileCache.php
19237 * (bug 22496) Viewing diff of a redirect page without specifying "oldid"
19238 parameter no longer makes the page displayed as being the redirect target.
19239 * (bug 22918) Feed cache keys now use $wgRenderHashAppend.
19240 * (bug 21916) Last-Modified header is now correct when outputting cached feed.
19241 * (bug 20049) Fixed PHP notice in search highlighter that occurs in some cases.
19242 * (bug 23017) Special:Disambiguations now list pages in content namespaces
19243 rather than only main namespace.
19244 * (bug 23063) $wgMaxAnimatedGifArea is checked against the total size of all
19245 frames, and $wgMaxImageArea against the size of the first frame, rather than
19246 the other way around. Both now default to 12.5 megapixels. Also, images
19247 exceeding $wgMaxImageArea can still be embedded at original size.
19248 * (bug 23078) "All public logs" option on Special:Log is now always the first
19250 * (bug 16817) Group names in user rights log are now singular and in lowercase.
19251 * Special:Preferences no longer crashes if the wiki default date formatting
19252 style is not valid for the user's interface language.
19253 * (bug 23167) Check the watch checkbox by default if the watchcreations
19255 * Maintenance script cleanupTitles is now able to fix titles stored
19256 in a negative namespace (which is invalid).
19257 * (bug 19858) Removed obsolete <big> in interface messages.
19258 * (bug 21456) "Bad title" error when showing non-local interwiki pages no longer
19259 displays incorrect tabs.
19260 * (bug 23190) Improved math representation for text browsers.
19261 * (bug 22015) Improved upload-by-url error handling and error display.
19262 * (bug 17941) $wgMaxUploadSize is now honored by all upload sources.
19263 * (bug 23080) New usernames now limited to 235 bytes so that custom skin files
19265 * (bug 23075) Correct MediaTransformError default width in gallery.
19266 * (bug 16487) The Anonymous user account used on Postgres is no longer
19267 displayed on Special:Listusers.
19268 * (bug 23313) Move watchlisthidepatrolled above token in watchlist preferences
19269 to enhance preference grouping.
19270 * (bug 23298) Interwiki links with prefix only in log summaries now link to the
19272 * (bug 23284) Times are now rounded correctly.
19273 * (bug 23375) Added ogv, oga, spx as extensions for ogg files.
19274 * (bug 18408) All required permissions for uploading (upload, edit, create)
19275 are now checked when loading Special:Upload. Toolbar link for Special:Upload
19276 is no longer shown if the user does not have the required permissions.
19277 * (bug 23397) texvc in html mode renders \sim as ˜ not ∼
19278 * (bug 23241) License selector should be disabled during upload of a new
19280 * (bug 23240) Add ID to namespace selector form on Special:Watchlist.
19281 * The pipe | character in urls is now escaped.
19282 * (bug 23422) mp3 files can now be moved.
19283 * (bug 23448) MediaWiki:Summary-preview is now displayed instead of
19284 MediaWiki:Subject-preview when previewing summary.
19285 * (bug 23426) The {{REVISIONMONTH}} variable is now zero-padded and added
19286 new variable {{REVISIONMONTH1}} when unpadded version is needed.
19287 * Special:Userrights didn't recognize user as changing his/her own rights if
19288 user did not capitalize first letter of username.
19289 * (bug 23507) Add styles for printing wikitables.
19290 * (bug 19586) Avoid JS errors in mwsuggest when using old browsers such
19292 * (bug 23563) Old skins now support $wgUploadNavigationUrl and take into
19293 account upload rights.
19294 * (bug 1347) Render \phi in math using images, in order to create consistent
19295 and correct render results.
19296 * (bug 16573) Render \epsilon in math using images, in order to create
19297 consistent and correct render results.
19298 * (bug 22541) Support image redirects when using ForeignAPIRepo.
19299 * (bug 22967) Make edit summary length cut-off behave correctly for multibyte
19301 * (bug 8689) Long numeric lines no longer kill the parser.
19302 * (bug 23740) Article::doRedirect() now use $extraQuery parameter correctly if
19303 the $noRedir parameter is set to true.
19304 * (bug 23688) Correct mime types for Office 2007 OpenXML documents.
19305 * (bug 23787) Corrected $wgDefaultSkin's comment in DefaultSettings.php.
19306 * (bug 23797) Xml::input() now allows '0' for the value parameter.
19307 * (bug 23747) Make sure that on History pages, the RevDel button is not
19308 accidentally activated when hitting enter.
19309 * (bug 23845) Special:ListFiles now uses correct file names without underscores.
19310 * Ask for permanent login in Special:Preferences only if $wgCookieExpiration >
19312 * (bug 16356) Repair dumpInterwiki.inc to use proper normalization.
19313 * (bug 24006) deleteArchivedRevisions.php maintenance script now longer throws
19315 * (bug 23465) Don't ignore the predefined destination filename on
19316 Special:Upload after following a red link.
19317 * (bug 23642) Recognize mime types of MS OpenXML documents.
19318 * (bug 22784) Normalise underscores and spaces in autocomments.
19319 * (bug 19910) Headings of the form ===+\s+ are now displayed as valid headings.
19320 * (bug 24022) Only check file extensions on the uploadpage when needed.
19321 * (bug 24076) Recognize Office 2003 files with OpenXML trailers.
19322 * (bug 24244) Updated comments in DefaultSettings.php to reflect
19323 Image: --> File: namespace rename.
19324 * Make wfTimestamp recognize negative unix timestamp values.
19325 * (bug 24401) SimpleSearch: No button/text indicating 'Search' if image is
19327 * (bug 23293) Do not show change tags when Special:RecentChanges(linked) or
19328 Special:Newpages is transcluded into another page as it messes up the page.
19329 * (bug 24517) LocalFile::newFromKey() and OldLocalFile::newFromKey() no longer
19330 throw fatal errors.
19331 * (bug 23380) Uploaded files that are larger than allowed by PHP now show a
19332 useful error message.
19333 * Uploading to a protected title will allow the user to choose a new name
19334 instead of showing an error page.
19335 * (bug 24425) Use Database::replace instead of delete/insert in
19336 SqlBagOStuff::set to avoid query errors about duplicate keynames.
19337 * (bug 15470) First letters of filenames are always capitalized by upload JS.
19338 * (bug 21215) NoLocalSettings.php doesn't tolerate rewrite rules.
19339 * (bug 21052) Fix link color for stubs in NewPages.
19340 * (bug 24714) Usage of {{#dateformat: }} in wikis without $wgUseDynamicDates no
19341 longer pollutes the parser cache.
19342 * (bug 17031) Correct which characters the parser allows in tag attributes (a
19343 letter, colon or underscore followed by 0 or more letters, numbers, colons,
19344 underscores, hyphens, and/or periods).
19345 * Save 200 useless queries on each category page view.
19346 * Shell commands will now work on Linux in filesystems mounted noexec.
19347 * (bug 24804) Corrected commafying in Polish and Ukrainian.
19348 * "Difference between pages" is now displayed instead of "Difference between
19349 revisions" on diffs when appropriate.
19350 * (bug 23703) ForeignAPIRepo fails on findBySha1() when using a 1.14 install as
19351 a repository due to missing 'name' attribute from the API list=allimages.
19352 * (bug 24898) MediaWiki uses /tmp even if a vHost-specific tempdir is set, also
19353 make wfTempDir() return a sane value for Windows on worst-case.
19354 * (bug 24824) Support ImageMagick 6.5.6-2+ JPEG decoder size hint, to reduce
19355 memory usage when such an ImageMagick is used for scaling.
19356 * Disable multithreaded behavior in recent ImageMagick, to avoid a deadlock
19357 when a resource limit such as $wgMaxShellMemory is hit.
19358 * (bug 24981) Allow extensions to access SpecialUpload variables again.
19359 * (bug 20744) Wiki forgets about an uploaded file.
19360 * (bug 17913) Don't show "older edit" when no older edit available.
19361 * (bug 6204) TOC not properly rendered when using $wgMaxTocLevel.
19362 * (bug 24977) The accesskey in history page now lead directly to the diff
19363 instead of alternating focus between the two buttons.
19364 * (bug 24987) Special:ListUsers does not take external groups into account.
19365 * (bug 20633) update.php has mixed language output.
19366 * SQLite system table names are now never prefixed.
19367 * (bug 25292) SkinSubPageSubtitle hook now passes the Skin object as second
19369 * (bug 25167) Correctly load JS fixes for IE6 (fixing a regression in 1.16).
19370 * (bug 25367) wfShellExec() is more explicit when failing due to disabled
19372 * (bug 25462) Fix double-escaping for section edit link tooltips.
19373 * action=raw was removed for Special:Statistics. This information is still
19374 available via the API.
19375 * (bug 23934) Groups defined in $wgRevokePermissions but not in
19376 $wgGroupPermissions now appear on Special:ListGroupRights.
19377 * (bug 23923) Special:Prefixindex no longer shows results if nothing was
19379 * (bug 22308) Search now finds text in default main page immediately after
19381 * (bug 25697) Make sure empty lines render in diff view.
19382 * Use an actual minus sign in diff views, instead of a hyphen.
19383 * (bug 23732) Clarified "n links" message on Special:MostLinkedFiles.
19384 * (bug 23731) Clarified "n links" message on Special:MostLinkedTemplates.
19385 * (bug 25642) A exception is now thrown instead of a fatal error when using
19386 $wgSMTP without PEAR mail package.
19387 * (bug 19633) When possible, Upscale small SVGs when creating thumbnails.
19388 * (bug 11013) Database driver detection needs rewriting for robustness.
19389 * (bug 13409) Installer prompts could use clarification--now has help boxes.
19390 * (bug 16902) Installer spews warnings when exec() and dl() are not available.
19391 * (bug 19129) Only show MyISAM/InnoDB when supported.
19392 * (bug 17762) Only show other e-mail options when e-mail is globally enabled.
19393 * Cache multiple sizes of InstantCommons thumbnails.
19394 * (bug 25488) Disallowing anonymous users to read pages no longer throws error
19395 on discussion pages with vector as default skin.
19396 * (bug 24833) Files name in includes/diff/ are now less confusing.
19397 * (bug 25713) SpecialPage::resolveAlias() now normalise spaces to underscores.
19398 * (bug 25829) Special:Mypage and Special:Mytalk now forward oldid, diff and dir
19400 * (bug 25175) HTML file cache now honor $wgCacheDirectory if
19401 $wgFileCacheDirectory is not set.
19402 * (bug 13353) Diff3 version checks were too strict, did not detect working
19404 * (bug 25843) Links to special pages using link= attribute on images are now
19405 normalised like normal links to special pages.
19406 * (bug 21364) External links using link= attribute on images now respect
19407 $wgExternalLinkTarget.
19408 * (bug 17789) Added a note to the total views on Special:Statistics saying that
19409 is doesn't count non-existing pages and special pages.
19410 * (bug 17996) HTTP redirects are now combined when requesting a special page.
19411 * (bug 19944) Link on image thumbnails no longer link to "Media:" namespace in
19413 * (bug 25670) wfFindFile() now checks the namespace of the given title, only
19414 "File" and "Media" are allowed now.
19415 * (bug 25872) Rename the HttpRequest class to MWHttpRequest to avoid conflict
19416 with php extension that defines same class.
19417 * (bug 20591) There's now a different message on Special:MovePage when
19418 $wgFixDoubleRedirects is set to false.
19419 * Fixed PHP warnings when updating a broken MySQL database.
19420 * (bug 26023) Corrected deleteBacth.php's documentation.
19421 * (bug 25451) Improved datetime representation in 32 bit php >= 5.2.
19422 * Show "skin does not exist error" only when the skin is inputted in the wrong
19424 * (bug 26164) Potential html injection when the database server isn't available.
19425 * (bug 26160) Upload description set by extensions are not propagated.
19426 * (bug 9675) generateSitemap.php now takes an --urlpath parameter to allow
19427 absolute URLs in the sitemap index (as required e.g. by Google).
19428 * Partial workaround for bug 6220: at least make files on shared repositories
19429 show up as (struck-out) bluelinks instead of redlinks on Special:WantedFiles.
19430 * rebuildFileCache.php no longer creates inappropriate cache files for
19432 * (bug 25512) Subcategory list should not include category prefix for members.
19433 * (bug 10871) Javascript and CSS pages in MediaWiki namespace are no longer
19434 treated as wikitext on preview.
19435 * Page existence is now not revealed (in the colour of the tabs) to users who
19436 cannot read the page in question.
19437 * (bug 22753) Output from update.php is more clear when things changed, entries
19438 indicating nothing changed are now all prefixed by "..."
19439 * (bug 16019) $wgArticlePath = "/$1" no longer breaks API edit/watch actions.
19440 * (bug 18372) File types blacklisted by $wgFileBlacklist will no longer be shown
19441 as "Permitted file types" on the upload form.
19442 * (bug 26540) Fixed wrong call to applyPatch in MysqlUpdater.
19443 * (bug 26034) Make the "View / Read" tab in content_navigation style tabs remain
19444 selected when the action is "purge".
19445 * (bug 26733) Wrap initial table creation in transaction.
19446 * (bug 26208) Mark directionality of some interlanguage links.
19447 * (bug 26716) Provide link to instructions for external editor related
19449 * (bug 26961) Hide anon edits in watchlist preference now actually works.
19450 * (bug 1379) Installer directory conflicts with some hosts' configuration panel.
19451 * (bug 27781) Installer does not warn about 5.1.x. Added a compatibility
19452 function for array_key_exists().
19453 * Fix XML well-formedness on a few pages when $wgHtml5 is true (the default).
19454 * (bug 28069) MediaWiki fails streaming files when mod_deflate and ob_gzhandler
19456 * (bug 26223) Concurrently moving an article to different titles leaks a
19457 redirect revision with no page.
19458 * (bug 15641) Fixed permissions checks in Special:Import which allowed users
19459 without the 'import' permission to import pages from configured import
19461 * (bug 26449) Keep underlines from headings outside of tables and thumbs by
19462 adding overflow:hidden to h1,h2,h3,h4,h5,h6 (also fixes editsection bunching).
19463 * (bug 26708) Remove background-color:white from tables in Monobook and Vector.
19464 * (bug 26781) {{PAGENAME}} and related parser functions escape their output
19466 * (bug 26716) Provide link to instructions for external editor related
19467 preferences and add a comment to the ini control file explaining what is going
19469 * (bug 28422) Remove color:black from tables in Monobook and Vector. And add it
19470 to table.wikitable instead.
19471 * (bug 27560) Search queries no longer fail in walloon language.
19472 * (bug 27700) The upload protection can now also be set for files that do not
19474 * (bug 28034) uploading file to local wiki when file exists on shared repository
19475 (commons) gives spurious info in the warning message.
19476 * Usernames get lost when selecting different sorts on Special:listfiles.
19477 * (bug 28166) UploadBase assumes that 'edit' and 'upload' rights are not per
19479 * (bug 28242) Make redirects generated by urls containing a local interwiki
19480 prefix be a 301 instead of a 302.
19481 * (bug 28568) Entries in the iwlinks table are now removed on page deletion.
19482 * (bug 28306) Fix exposure of suppressed usernames in ForeignDBRepo.
19483 * (bug 28444) Fix regression: edit-on-doubleclick retains revision id again.
19484 * UtfNormal::cleanUp on an invalid utf-8 sequence no longer returns false if
19486 * (bug 26729) Category pages should return 404 if they do not exist and have no
19488 * (bug 28214) When page not found, sends malformed HTTP/1.x instead of HTTP/1.1
19489 in header of response.
19490 * (bug 27634) TOC title appears in wrong language.
19491 * (bug 27761) Fix regression: pages with Esperanto titles containing convertible
19492 character sequences became unreachable.
19493 * (bug 27508) SVGMetadataExtractor takes too much resources on huge svgs.
19494 * (bug 27465) SVG thumbnail generation.
19495 * (bug 27467) preload can leave UNIQ.
19496 * (bug 27539) Allow attributes beginning with a digit in wikitext tag
19498 * (bug 27328) using relative paths in CSS imports in MediaWiki:Common.css broken
19500 * (bug 27333) Fix repetitive last-seen time queries on page history.
19501 * (bug 26250, bug 23817) Fix wfObjectToArray() to descend into arrays; fixes
19502 processing of JSON return values for ForeignAPIRepo when native json module
19504 * (bug 25675) Fix search suggestions for Special: pages with spaces.
19505 * (bug 25571) Xml::encodeJsVar now passes floats natively instead of converting
19507 * (bug 27338) Gallery in 1.17 breaks for audio/video + ogghandler.
19508 * (bug 27302) Don't append the current timestamp for user/site modules when no
19509 user/site JS/CSS is present.
19510 * (bug 27016) dumpTextPass.php now consider the "output" parameter.
19511 * (bug 22606) don't send the "someone registred an account" message when setting
19512 email address (i.e. old one empty) in user preferences.
19513 * (bug 26458) Section edit links appear on pages that user does not have right
19515 * (bug 28611) Don't die in SqlBagOStuff::incr() if there's a race condition.
19516 * (bug 16886) Sister projects box moves down the extract of the first result
19518 * (bug 17398) Fixed "link" parameter in image links with "thumb" or "frame"
19521 === API changes in 1.17 ===
19523 * BREAKING CHANGE: action=patrol now requires POST.
19524 * BREAKING CHANGE: patrol token is no longer the same as edit token.
19525 * BREAKING CHANGE: Session keys returned by ApiUpload are now strings instead
19527 * BREAKING CHANGE: (bug 25303) Fix API parameter integer validation to actually
19528 enforce validation on the input values in addition to giving a warning.
19529 Also add flag to enforce (die) if integer out of range.
19530 * (bug 24650) Fix API to work with categorylinks changes.
19531 * action=parse now correctly returns an error for nonexistent pages.
19532 * (bug 27201) Special:WhatLinksHere output no longer contains duplicate IDs.
19533 * (bug 26560) On allusers if limit < total number of users, last user gets
19535 * (bug 27715) imageinfo didn't respect revdelete.
19536 * (bug 27479) API error when using both prop=pageprops and
19537 prop=info&inprop=displaytitle.
19538 * (bug 27862) Useremail module didn't properly return success on success.
19539 * (bug 27590) prop=imageinfo now allows querying the media type.
19540 * (bug 27587) list=filearchive now outputs full title info.
19541 * (bug 27897) list=allusers and list=users list hidden users.
19542 * (bug 22738) Allow filtering by action type on query=logevent.
19543 * (bug 22764) uselang parameter for action=parse.
19544 * (bug 22944) API: watchlist options are inconsistent.
19545 * (bug 22868) don't list infinite block expiry date as "now" in API logevents.
19546 * (bug 22290) prop=revisions now outputs "comment" field even when comment
19547 is empty, for consistency with list=recentchanges.
19548 * (bug 19721) API action=help should have a way to just list for a specific
19550 * (bug 23458) Add support for pageid parameter to action=parse requests.
19551 * (bug 23460) Parse action should have a section option.
19552 * (bug 21346) Make deleted images searchable by hash.
19553 * (bug 23461) Normalise usage of parameter names in parameter descriptions.
19554 * (bug 23548) Allow access of another users watchlist through watchlistraw
19555 using token and username.
19556 * (bug 23524) Api Modules as followup to bug 14473 (Add iwlinks table to
19557 track inline interwiki link usage).
19558 * Add pltitles and tltemplates to prop=links and prop=templates respectively,
19559 similar to prop=categories's clcategories.
19560 * (bug 23834) Invalid "thumbwidth" and "thumbheight" in "imageinfo" query when
19561 thumbnailing larger than original image.
19562 * (bug 23835) Need "thumbmime" result in "imageinfo" query.
19563 * (bug 23851) Repair diff for file redirect pages.
19564 * (bug 24009) Include implicit groups in action=query&list=users&usprop=groups.
19565 * (bug 24016) API: Handle parameters specified in simple string syntax
19566 ( 'paramname' => 'defaultval' ) correctly when outputting help.
19567 * (bug 24089) Logevents causes PHP Notice if leprop=title isn't supplied.
19568 * (bug 23473) Give description of properties on all modules.
19569 * (bug 24136) unknownerror when adding new section without summary, but
19571 * (bug 22339) Added srwhat=nearmatch to list=search to get a "go" result.
19572 * (bug 24303) Added new &servedby parameter to all actions which adds the
19573 hostname that served the request to the result. It is also added
19574 unconditionally on error.
19575 * (bug 24185) Titles in the Media and Special namespace are now supported for
19576 title normalization in action=query. Special pages have their name resolved
19577 to the local alias.
19578 * (bug 24296) Added converttitles parameter to convert titles to their
19579 canonical language variant.
19580 * (bug 23936) Add "displaytitle" to query/info API.
19581 * (bug 24485) Make iwbacklinks a generator, optionally display iwprefix and
19583 * (bug 24564) Fix fatal errors when using list=deletedrevs, prop=revisions or
19584 one of the backlinks generators with limit=max.
19585 * (bug 24656) API's parse module needs option to disable PP report.
19586 * PARAM_REQUIRED parameter flag added. If this flag is set, and the end user
19587 does not set the parameter, the API will automatically throw an error.
19588 * (bug 24665) When starttimestamp is not specified, fake it by setting it to
19589 NOW, not to the timestamp of the last edit.
19590 * (bug 24677) axto= parameters added to allcategories, allimages, alllinks,
19591 allmessages, allpages, and allusers.
19592 * (bug 24236) Add add, remove, add-self, remove-self tags to
19593 meta=siteinfo&siprop=usergroups.
19594 * (bug 24484) Add prop=pageprops module.
19595 * (bug 24330) Add &redirect parameter to ?action=edit.
19596 * (bug 24722) For list=allusers&auprop=blockinfo, only show blockedby and
19597 blockreason if the user is actually blocked.
19598 * Add format=dump and format=dumpfm, outputs results in PHP's var_dump() format.
19599 * For required string parameters, if '' is provided, this is now classed as
19601 * (bug 24724) list=allusers is out by 1 (shows total users - 1).
19602 * (bug 24166) API error when using rvprop=tags.
19603 * Introduced "asynchronous download" mode for upload-by-url. Requires
19604 $wgAllowAsyncCopyUploads to be true.
19605 * sinumberingroup correctly gives size of 'user' group, and omits size of
19606 implicit groups rather than showing 0.
19607 * (bug 25248) API: paraminfo errors with certain modules.
19608 * (bug 24792) API help for action=purge sometimes wrongly stated whether a
19609 POST request was needed due to cache pollution.
19610 * Added iiprop=parsedcomment to prop=imageinfo, similar to prop=revisions.
19611 * Added rvparse to parse revisions. For performance reasons if this option is
19612 used, rvlimit is enforced to 1.
19613 * (bug 25748) If a action=parse request provides an oldid that is actually the
19614 current revision id, try the parser cache, and save it to it if necessary.
19615 * (bug 25463) Export header should not be shown if no pages were requested, to
19617 * (bug 25648) API discovery information has been added as RSD link in page
19618 <head> and by providing an API module action=rsd. Added hook
19619 ApiRsdServiceApis for extensions to add their own service to the services
19621 * The HTML of diff output markers has changed. Hyphens are now minus signs,
19622 empty markers are now filled with non-breaking-space characters.
19623 * (bug 25741) Add more data to list=search's srprop.
19624 * (bug 25760) counter property still reported by the API when
19625 $wgDisableCounters enabled.
19626 * (bug 25987) prop=info&inprop=watched now also works for missing pages.
19627 * (bug 26006) prop=langlinks now allows obtaining full URL.
19628 * (bug 26075) ApiDelete.php now calls correctly ArticleDelete hook.
19629 * (bug 26089) add block expiration to blockinfo.
19630 * (bug 26125) prop=imageinfo&iiprop=size now returns the page count if the
19631 file is a multi-page file.
19632 * (bug 10268) Added linktodiffs parameter on action=feedwatchlist.
19633 * (bug 26219) Show API limits for multi values in description.
19634 * (bug 28070) Fix watchlist RSS for databases that store timestamps in a
19635 real timestamp field.
19636 * (bug 27722) list=filearchive now supports revdel.
19638 === Language support changes in 1.17 ===
19640 MediaWiki supports over 330 languages. Many localizations are updated regularly.
19642 The following languages were added:
19644 * Moroccan Spoken Arabic (ary)
19647 * Kabardian (Cyrillic) (kbd-cyrl)
19649 * Minangkabau (min)
19650 * Dutch (informal) (nl-informal)
19653 Other significant changes to MediaWiki's language support:
19655 * Fiji Hindi (Devangari script) was removed.
19656 * Removed deprecated language code "dk" (Danish), use "da" instead.
19657 * Link trail added for sl and sh.
19658 * (bug 27633) Add characters to linkTrail for Portuguese (pt and pt-br).
19659 * (bug 23156) Commafy and search normalization updated for Belarusian
19661 * (bug 23283) Native name for Old English -> Ænglisc.
19662 * (bug 23364) Native name for Azerbaijani -> Azərbaycanca.
19663 * (bug 24593) Native name for Sorani now uses only Arabic script.
19664 * (bug 24628) Generic translations for NS_USER/NS_USER_TALK for Esperanto.
19665 * (bug 24917) Polish as fallback for Kashubia.
19666 * (bug 24794) Tatar link trail updated.
19667 * Esperanto date format corrected.
19668 * (bug 28159) Change interwiki name of language kbd to Къэбэрдеибзэ /
19670 * (bug 28184) Namespaces for the Latgalian Wikipedia.
19671 * (bug 25010) Bashkir-language interwikis: linktext change from Башҡорт
19673 * (bug 26395) Change name of Cornish language to Kernowek.
19675 === Other changes in 1.17 ===
19677 * DatabaseFunctions.php that was needed for compatibility with pre-1.3
19678 extensions has been removed.
19679 * XmlFunctions.php has been removed. Use the Xml or Html classes as appropriate.
19680 * The FailFunction "error handling" method has now been removed
19681 * Sysops now have the "suppressredirect" right by default
19682 * Removed $wgRemoteUploads. It was not well supported and superseded by
19683 $wgUploadNavigationUrl.
19684 * (bug 26253) $wgPostCommitUpdateList has been removed
19685 * The PHPUnit test suite has been removed from this release due to serious
19686 issues which should be resolved by the 1.18 release.
19687 * Oracle DB now uses the __destruct function to commit/close connection as it
19688 doesn't commit on close if transation is triggered in OCI.
19690 == MediaWiki 1.16 ==
19692 == MediaWiki 1.16.5 ==
19693 === Changes since 1.16.4 ===
19695 * (bug 28534) Fixed XSS vulnerability for IE 6 clients. This is the third
19696 attempt at fixing bug 28235.
19697 * (bug 28639) Fixed potential privilege escalation when $wgBlockDisablesLogin
19700 == MediaWiki 1.16.4 ==
19701 === Changes since 1.16.3 ===
19703 * (bug 28507) The change we made in 1.16.3 to fix bug 28235 (XSS for IE 6
19704 clients) was not actually sufficient to fix that bug. This release contains
19705 a second attempt, hopefully we have fixed it this time.
19707 == MediaWiki 1.16.3 ==
19708 === Changes since 1.16.2 ===
19710 * (bug 28449) Fixed permissions checks in Special:Import which allowed users
19711 without the 'import' permission to import pages from the configured import
19713 * (bug 28235) Fixed XSS affecting IE 6 and earlier clients only, due to those
19714 browsers looking for a file extension in the query string of the URL, and
19715 ignoring the Content-Type header if one is found.
19716 * (bug 28450) Fixed a CSS validation issue involving escaped comments, which
19717 led to XSS for Internet Explorer clients and privacy loss for other clients.
19719 == MediaWiki 1.16.2 ==
19720 === Changes since 1.16.1 ===
19722 * (bug 26642) Fixed incorrect translated namespace due to a regression in the
19723 language converter.
19724 * The interface translations were updated.
19725 * (bug 27093, CVE-2011-0047): Fixed CSS injection vulnerability.
19726 * (bug 27094) Fixed server-side arbitrary script inclusion vulnerability.
19727 Affects Windows servers only. A malicious file with extension ".php" must
19728 exist on the server for the exploit to be effective.
19730 == MediaWiki 1.16.1 ==
19731 === Changes since 1.16.0 ===
19733 * (bug 24981) Allow extensions to access SpecialUpload variables again
19734 * (bug 24724) list=allusers was out by 1 (shows total users - 1)
19735 * (bug 24166) Fixed API error when using rvprop=tags
19736 * For wikis using French as a content language, Special:Téléchargement works
19737 again as an alias for Special:Upload.
19738 * (bug 25167) Correctly load JS fixes for IE6 (fixing a regression in 1.16.0)
19739 * (bug 25248) Fixed paraminfo errors in certain API modules.
19740 * The installer now has improved handling for situations where safe_mode is
19741 active or exec() and similar functions are disabled.
19742 * (bug 19593) Specifying --server in now works for all maintenance scripts.
19743 * Fixed $wgLicenseTerms register globals.
19744 * (bug 26561) Fixed clickjacking vulnerabilities by introducing support for
19745 X-Frame-Options. The header value can be configured using $wgBreakFrames and
19746 $wgEditPageFrameOptions.
19748 == MediaWiki 1.16.0 ==
19749 === Changes since 1.16 beta 3 ===
19751 * (bug 23769) Disabled HTML 5 client-side form validation. Was introduced in
19752 1.16 beta 1, but is currently poorly supported by browsers.
19753 * (bug 23175) Re-added window.ta variable for backwards compatibility.
19754 * (bug 23264) Fixed breakage of various command line scripts due to extra line
19755 endings being inserted by Maintenance::output().
19756 * Fixed HTTP client functionality with safe_mode=On.
19757 * Fixed parser tests broken in 1.16 beta 3.
19758 * For Oracle DB backend: fixed parser tests and table prefix feature.
19759 * (bug 23767) Fixed PHP warning when REQUEST_URI is blank (IIS issue).
19760 * Fixed plural function for Northern Sami (se)
19761 * (bug 23597) Fixed conflicts between ID attributes in the Vector skin and
19762 parser-generated heading IDs. Renamed head, panel, head-base and page-base.
19763 * Disabled $wgHitcounterUpdateFreq>1 feature on SQLite, does not work yet.
19764 * (bug 23465) Don't ignore the predefined destination filename on
19765 Special:Upload after following a red link to a file.
19766 * In SQLite full-text search feature: fixed "move page" feature, was non-
19768 * (bug 24565) Fixed Cache-Control headers sent from API modules, to protect
19769 user privacy in the case where an attacker can access the wiki through the
19770 same HTTP proxy as a logged-in user.
19771 * Fixed an XSS vulnerability in profileinfo.php for installations with
19772 $wgEnableProfileInfo = true (false by default)
19773 * Fixed a case where an X-Vary-Options header was sent despite $wgUseXVO being
19774 false. Fixed a minor header parsing issue when $wgUseXVO = true.
19775 * Fixed a register_globals arbitrary inclusion vulnerability in
19776 MediaWikiParserTest.php, introduced in 1.16 beta 1.
19778 === Changes since 1.16 beta 2 ===
19780 * Fixed bugs in the [[Special:Userlogin]] and [[Special:Emailuser]] handling of
19782 * Fixed sorting in [[Special:Allmessages]]
19783 * (bug 23113) Fixed title in the show/hide links on diff pages
19784 * (bug 23117) Fixed API rollback, was returning "badtoken" for valid requests
19785 * (bug 23127) Re-added missing $1 parameter to the uploadtext message
19786 * Fixed a bug in the Vector skin where personal tools display behind the logo
19787 * (bug 23139) Fixed a bug in edit conflict resolution, where both textboxes
19788 showed the same text.
19789 * (bug 23115, bug 23124) Fixed various problems with <title> and <h1> elements
19790 in page views and previews when the language converter is enabled.
19791 * (bug 23148) Fixed a local path disclosure vulnerability in ImageMagick image
19792 scaling, which was introduced in 1.16 beta 1.
19793 * Improved error checking on installer.
19794 * (bug 22970) Fixed a JavaScript error in the upload destination conflict
19796 * (bug 23167) Check the watch checkbox by default if the watchcreations
19798 * (bug 23171) Improve IE6 version check to avoid false positives.
19799 * (bug 23176) Fixed upload warning override feature "upload new version",
19800 broken in 1.16 beta 1.
19801 * Fixed regression in unwatch links sent out in notification emails. When the
19802 mailing job was deferred via the job queue, the title was incorrect.
19803 * (bug 23534) Fixed SQL query error in API list=allusers.
19804 * Fixed a bug in uploads for non-JavaScript clients. An empty string was used
19805 as the default destination filename, instead of the source filename as
19807 * (bug 23371) Fixed CSRF vulnerability in "e-mail me my password", "create
19808 account" and "create by e-mail" features of [[Special:Userlogin]]
19809 * (bug 23687) Fixed XSS vulnerability affecting IE clients only, due to a CSS
19811 * Fixed a DoS vulnerability in ImageMagick image scaling. ImageMagick
19812 expanded wildcard characters "?" and "*" in image filenames, potentially
19813 causing large numbers of images to be scaled in response to a single request.
19814 The fix for this involves breaking the scaling of such image filenames until
19815 ImageMagick 6.6.1-5 or later is deployed, see bug 23361 for more details.
19816 * (bug 23608) Fixed invalid HTML in diff pages.
19818 === Changes since 1.16 beta 1 ===
19820 * Fixed errors in maintenance/patchSql.php
19821 * (bug 19627) Fix regression from r57867 where HTMLForm would output
19822 <element classes="foo bar"> rather than <element class="foo bar">
19823 * Fixed broken "-r" option to maintenance/lag.php
19824 * (bug 23076) Fixed login CSRF vulnerability. Logins now require a token to
19825 be submitted along with the user name and password.
19827 === Configuration changes in 1.16 ===
19829 * (bug 18222) $wgMinimalPasswordLength default is now 1
19830 * $wgSessionHandler can be used to configure session.save_handler
19831 * $wgLocalFileRepo/$wgForeignFileRepos now have a 'fileMode' parameter to
19832 be used when uploading/moving files
19833 * (bug 18761) $wgHiddenPrefs is a new array for specifying preferences not
19834 to be shown to users
19835 * $wgAllowRealName and $wgAllowUserSkin were deprecated in favor of
19836 $wgHiddenPrefs[] = 'realname', but the former are still retained
19837 for backwards-compatibility
19838 * (bug 9257) $wgRCMaxAge now defaults to three months
19839 * $wgDevelopmentWarnings can be set to true to show warnings about deprecated
19840 functions and other potential errors when developing.
19841 * Subpages are now enabled in the MediaWiki namespace by default. This is
19842 mainly a cosmetic change, and does not in any way affect the MessageCache,
19843 which was already effectively treating the namespace as if it had subpages.
19844 * Oracle: maintenance/ora/user.sql script for creating DB user on oracle with
19845 appropriate privileges. Creating this user with web-install page requires
19846 oci8.privileged_connect set to On in php.ini.
19847 * Removed UserrightsChangeableGroups hook introduced in 1.14
19848 * Added $wgCacheDirectory, to replace $wgFileCacheDirectory,
19849 $wgLocalMessageCache, and any other local caches which need a place to put
19851 * $wgFileCacheDirectory is no longer set to anything by default, and so either
19852 needs to be set explicitly, or $wgCacheDirectory needs to be set instead.
19853 * $wgLocalMessageCache has been removed. Instead, set $wgUseLocalMessageCache
19855 * Removed $wgEnableSerializedMessages and $wgCheckSerialized. Similar
19856 functionality is now available via $wgLocalisationCacheConf.
19857 * $wgMessageCache->addMessages() is deprecated. Messages added via this
19858 interface will not appear in Special:AllMessages.
19859 * $wgRegisterInternalExternals can be used to record external links pointing
19861 * (bug 19907) $wgCrossSiteAJAXdomains and $wgCrossSiteAJAXdomainExceptions added
19862 to control which external domains may access the API via cross-site AJAX.
19863 * $wgMaintenanceScripts for extensions to add their scripts to the default list
19864 * $wgMemoryLimit has been added, default value '50M'
19865 * $wgExtraRandompageSQL is deprecated, the SpecialRandomGetRandomTitle hook
19866 should be used instead
19867 * (bug 20489) $wgIllegalFileChars added to override the default list of illegal
19868 characters in file names.
19869 * (bug 19646) $wgImgAuthDetails added to display reason access to uploaded file
19870 was denied to users(img_auth only)
19871 * (bug 19646) $wgImgAuthPublicTest added to test to see if img_auth set up
19872 correctly (img_auth only)
19873 * $wgUploadMaintenance added to disable file deletions and restorations during
19875 * $wgCapitalLinkOverrides added to configure per-namespace capitalization
19876 * (bug 21172) $wgSorbsUrl can now be an array with multiple DNSBL and renamed
19877 to $wgDnsBlacklistUrls (backward compatibility kept)
19878 * $wgEnableHtmlDiff has been removed
19879 * (bug 3340) $wgBlockCIDRLimit added (default: 16) to configure the low end of
19880 CIDR ranges for blocking
19881 * $wgUseInstantCommons added for quick and easy enabling of Commons as a remote
19883 * $wgDBAhandler added to choose a DBA handler when using CACHE_DBA
19884 * $wgPreviewOnOpenNamespaces for extensions that create namespaces that behave
19885 similarly to the category namespace.
19886 * $wgEnableSorbs renamed to $wgDnsBlacklistUrls ($wgEnableSorbs kept for
19887 backward compatibility)
19888 * $wgUploadNavigationUrl now also affects inline images that do not
19889 exist. In that case the URL will get (?|&)wpDestFile=<filename> appended to
19891 * If $wgLocaltimezone is null, use the server's timezone as the default for
19892 signatures. This was always the behavior documented in DefaultSettings.php
19893 but has not been the actual behavior for some time: instead, UTC was used
19895 * Added $wgExtensionAssetsPath, to decouple assets serving from $wgScriptPath.
19896 If not specified it will default to $wgScriptPath/extensions
19897 * Added $wgCountTotalSearchHits to make search UI display total number of hits
19898 with some search engines.
19899 * Added $wgAdvertisedFeedTypes to decide what feed types (RSS, Atom, both, or
19900 neither) MediaWiki advertises. Default is array( 'atom' ), so RSS is no
19901 longer advertised by default (but it still works).
19902 * Added $wgMemCachedTimeout, controls how long to wait for data from the
19904 * New configuration variables $wgDebugTimestamps and $wgDebugPrintHttpHeaders
19905 for controlling debug output.
19906 * New $wgBlockDisablesLogin when set to true disallows blocked users from
19908 * (bug 8790) Metadata edition ($wgUseMetadataEdit) has been moved to a separate
19909 extension "MetadataEdit".
19911 === New features in 1.16 ===
19913 * Add CSS defintion of the 'wikitable' class to shared.css
19914 * (bug 17163) Added MediaWiki:Talkpageheader which will be displayed when
19916 * Superfluous border="0" removed from images
19917 * Added new hook 'MessageCacheReplace' into MessageCache.php. For instance
19918 to allow extensions to update caches in similar way as MediaWiki invalidates
19919 a cached MonoBook sidebar
19920 * Special:AllPages: Move hardcoded styles from code to CSS
19921 * (bug 18529) New hook: SoftwareInfo for adding information about the software
19923 * Added $wgExtPGAlteredFields to allow extensions to easily alter the data
19924 type of columns when using the Postgres backend.
19925 * (bug 16950) Show move log when viewing/creating a deleted page
19926 * (bug 18242) Show the Subversion revision number per extensions in
19928 * (bug 18420) Missing file revisions are handled gracefully now
19929 * (bug 9219) Auth plugins can control editing RealName/Email/Nick preferences
19930 * (bug 18466) Add note or warning when overruling a move (semi-)protection
19931 * (bug 18342) insertTags works in edit summary box
19932 * (bug 18411) The upload form also checks post_max_size
19933 * Watchlist now has a specialized <div> tag that contains a unique class for
19935 * Added Minguo calendar support for the Taiwan Chinese language
19936 * Database: unionQueries function to be used for UNION sql construction, so
19937 it can be overloaded on DB abstraction level for DB specific functionality
19938 * (bug 18849) Implement Japanese and North Korean calendars
19939 * (bug 5755) Introduce {{CURRENTMONTH1}} and {{LOCALMONTH1}} to display the
19940 month number without the leading zero
19941 * (bug 13456) categoriespagetext supports PLURAL
19942 * (bug 18860) Blocks of IPs affecting registered users can now block email
19943 * (bug 17093) Date and time are separate parameters in Special:BlockList
19944 * (bug 11484) Added ISO speed rating to default collapsed EXIF metadata view
19945 * (bug 14866) Messages 'recentchangeslinked-toolbox' and
19946 'recentchangeslinked-toolbox' were added to allow more fine grained
19947 customisation of the user interface
19948 * DISPLAYTITLE now accepts a limited amount of wiki markup (the single-quote
19950 * Special:Search now could search terms in all variant-forms. ONLY apply on
19951 wikis enabled LanguageConverter.
19952 * Add autopromote condition APCOND_BLOCKED to autopromote blocked users to
19953 various user groups.
19954 * Add $wgRevokePermissions as a means of restricting a group's rights. The
19955 syntax is identical to $wgGroupPermissions, but users in these groups will
19956 have these rights stripped from them.
19957 * Added a PHP port of CDB (constant database), for improved local caching when
19958 the DBA extension is not available.
19959 * Introduced a new system for localisation caching. The system is based around
19960 fast fetches of individual messages, minimising memory overhead and startup
19961 time in the typical case. The database backend will be used by default, but
19962 set $wgCacheDirectory to get a faster CDB-based implementation.
19963 * Expanded the number of variables which can be set in the extension messages
19965 * Added a feature to allow per-article process pool size control for the parsing
19966 task, to limit resource usage when the cache for a heavily-viewed article is
19967 invalidated. Requires an external daemon.
19968 * (bug 19576) Moved the id attributes from the anchors accompanying section
19969 headers to the <span class="mw-headline"> elements within the section headers,
19970 removing the redundant anchor elements.
19971 * Parser::setFunctionTagHook now can be used to add a new tag which is parsed at
19973 * Added $wgShowArchiveThumbnails, allowing sysadmins to disable thumbnail
19974 display for old versions of images.
19975 * In watchlists and Special:RecentChanges, the difference in page size now
19976 appears in dark green if bytes were added and dark red if bytes were removed.
19977 * Added FSRepo configuration properties thumbUrl and thumbDir, to allow the
19978 thumbnails to be stored in a separate location to the source images.
19979 * If config/ directory is not executable, the command to make it executable
19980 now asks the user to cd to the correct directory
19981 * Add experimental new external authentication framework, ExternalAuth
19982 * (bug 18768) Remove AdminSettings requirements. Maintenance environment
19983 will still load it if it exists, but it's not required for anything
19984 * (bug 19900) The "listgrouprights-key" message is now wrapped in a div with
19985 class "mw-listgrouprights-key"
19986 * (bug 471) Allow RSS feeds for watchlist, using an opt-in security token
19987 * (bug 10812) Interwiki links can have names and descriptions, fetched from
19988 message 'interwiki-desc-PREFIX', not really used anywhere yet though
19989 * (bug 9691) Add type (signup or login) parameter to
19990 AuthPlugin::ModifyUITemplate()
19991 * (bug 14454) "Member of group(s)" in Special:Preferences causes language
19993 * (bug 16697) Unicode combining characters are difficult to edit in some
19995 * Parser test supports uploading results to remote CodeReview instance
19996 * (bug 20013) Added CSS class "mw-version-ext-version" is wrapped on the
19997 extension version in Special:Version
19998 * (bug 20014) Added CSS class "mw-listgrouprights-right-name" is wrapped on the
19999 right name in Special:ListGroupRights
20000 * (bug 12920) New CoreParserFunction {{nse:...}} as an url-friendly equivalent
20002 * (bug 16322) Allow maintenance scripts to accept DB user/pass over input or
20004 * (bug 18566) Maintenance script to un/protect pages
20005 * (bug 671) The HTML <abbr> tag is now permitted.
20006 * RecentChanges now has a legend to explain what the Nmb! flags mean, and the
20007 flags have tooltips.
20008 * (bug 15209) New hook BeforeInitialize called after everything has been setup
20009 but before Mediawiki::performRequestForTitle()
20010 * wgMainPageTitle variable now available to JavaScript code to identify the main
20011 page link, so it doesn't have to be extracted from the link URLs.
20012 * (bug 16836) Display preview of signature in user preferences and describe its
20014 * The default output format is now HTML 5 instead of XHTML 1.0 Transitional.
20015 This can be disabled by setting $wgHtml5 = false;. Specific features enabled
20017 ** Some extra inputs will be autofocused, in supporting browsers.
20018 ** The summary attribute has been removed from tables of contents. summary is
20019 obsolete in HTML 5 and wasn't useful here anyway.
20020 ** Unnecessary type="" attribute removed for CSS and JS.
20021 ** If $wgWellFormedXml is set to false, some bytes will be shaved off of HTML
20022 output by omitting some things like quotation marks where HTML 5 allows.
20023 ** (bug 16921) maxlength enabled for page move comments
20024 * The description message in $wgExtensionCredits can be an array with parameters
20025 * New hook SpecialRandomGetRandomTitle allows extensions to modify the selection
20026 criteria used by Special:Random and subclasses, or substitute a custom result,
20027 deprecating the $wgExtraRandompageSQL config variable
20028 * (bug 20318) Distinct CSS classes for ISBN/RFC/PMID special links added
20029 * (bug 20404) Custom fields in the user creation form template can now have
20030 detail labels in prefsectiontip divs.
20031 * MakeSysop and MakeBot are now aliases for Special:UserRights
20032 * IndexPager->mLimitsShown can now be an associative array of limit => text-to-
20033 display-in-limit-form.
20034 * (bug 18880) LogEventsList::showLogExtract() can now take a string-by-reference
20035 and add its HTML to it, rather than having to go straight to $wgOut.
20036 * Added $wgShowDBErrorBacktrace, to allow users to easily gather backtraces for
20037 database connection and query errors.
20038 * Show change block / unblock link on Special:Contributions if user is blocked
20039 * Display note on Special:Contributions if the user is blocked, and provide an
20040 excerpt from the block log.
20041 * (bug 19646) New hook: ImgAuthBeforeStream for tests and functionality before
20042 file is streamed to user, but only when using img_auth
20043 * Note on non-existing user and user talk pages if user does not exist
20044 * New hook ShowMissingArticle so extensions can modify the output for
20045 non-existent pages.
20046 * Admins could disable some variants using $wgDisabledVariants now. ONLY apply
20047 on wikis enabled LanguageConverter.
20048 * (bug 16310) Credits page now lists IP addresses rather than saying the number
20049 of anonymous users that edited the page
20050 * New permission 'sendemail' added. Default right for all registered users. Can
20051 for example be used to prevent new accounts from sending spam.
20052 * (bug 16979) Tracking categories for __INDEX__ and __NOINDEX__
20053 * Two new hooks, ConfirmEmailComplete and InvalidateEmailComplete, which are
20054 called after a user's email has been successfully confirmed or invalidated.
20055 * (bug 19741) Moved the XCF files out of the main MediaWiki distribution, for
20056 a smaller subversion checkout.
20057 * (bug 13750) First letter capitalization can now be a per-namespace setting
20058 * (bug 21073) "User does not exist" message no longer displayed on sub-sub-pages
20060 * (bug 21095) Tracking categories produced by the parser (expensive parser
20061 function limit exceeded, __NOINDEX__ tracking, etc) can now be disabled by
20062 setting the system message ([[MediaWiki:expensive-parserfunction-category]]
20064 * Added maintenance script sqlite.php for SQLite-specific maintenance tasks.
20065 * Rewrote Special:Upload to allow easier extension.
20066 * Upload errors that can be solved by changing the filename now do not require
20068 * Added $wgRateLimitsExcludedIPs, to allow specific IPs to be whitelisted from
20070 * (bug 21222) When $wgUseTeX is not enabled, <math> is no longer registered with
20071 the parser so extensions are free to implement their own <math> tag
20072 * (bug 21047) Wrap 'cannotdelete' into a div with the generic 'error' class and
20073 an own 'mw-error-cannotdelete' class
20074 * New hook AbortNewAccountAuto, called before account creation from AuthPlugin-
20075 or ExtUser-driven requests.
20076 * (bug 3480) The warning saying that the page has a history when deleting it now
20077 contains the number of revisions in the history
20078 * $wgStylePath and $wgLogo are now set in the default LocalSettings.php file.
20079 * (bug 20186) Allow filtering history for revision deletion.
20080 * New hook OtherBlockLogLink, called in Special:IPBlockList and Special:Block
20081 to show links to block logs of other blocking extensions, i.e. GlobalBlocking
20082 * Added search capabilities to SQLite backend
20083 * rebuildtextindex.php maintenance script now supports databases other than
20085 * upgrade1_5.php now requires to be run --update option to prevent confusion
20086 * (bug 17662) Customizable default preload/editintro for new sections in the
20087 respective addsection-preload and addsection-editintro messages
20088 * Added maintenance script checkSyntax.php that checks for PHP syntax errors
20089 and common coding mistakes
20090 * Updated Unicode normalization tables
20091 * (bug 21604) Spellcheck attribute for editsummary
20092 * New wgCategories JavaScript global variable for userscripts.
20093 * (bug 20717) Added checkboxes to hide users with bot and/or sysop group
20094 membership in SpecialActiveusers
20095 * Allow \pagecolor and \definecolor in texvc
20096 * $wgTexvcBackgroundColor contains background color for texvc call
20097 * (bug 21574) Redirects can now have "303 See Other" HTTP status
20098 * EditPage refactored to allow extensions to derive new edit modes much easier.
20099 * (bug 21826) Subsections of Special:Version now also have anchors
20100 * (bug 19791) Add URL of file source as comment to thumbs (for ImageMagick)
20101 * (bug 21946) Sorted wikitables do not properly handle minus signs
20102 * (bug 18885) Red links for media files do not support shared repositories
20103 * Added $wgFixArabicUnicode, to convert deprecated presentation forms in
20104 Arabic text to their modern equivalents, and $wgFixMalayalamUnicode, to
20105 convert ZWJ-based chillu sequences in Malayalam text to their Unicode 5.1
20107 * (bug 22051) Returing false in SpecialContributionsBeforeMainOutput hook now
20108 stops normal output
20109 * Send new password e-mail in users preference language
20110 * LanguageConverter now support nested using of manual convert syntax like
20112 * Upload license preview now uses the API instead of action=ajax
20113 * (bug 7346) Add <guid> to RSS to avoid duplicates
20114 * (bug 19996) Added new hooks for Special:Search, which allow to further
20115 restrict/expand it.
20116 * (bug 21936) When a revision has been patrolled, there's now a link back to the
20118 * (bug 22315) SpecialRecentChangesQuery hook now pass $query_options and checks
20120 * Separate unit test suites under t/ and tests/ were merged and moved to
20121 maintenance/tests/.
20122 * importImages.php maintenance script can now use the original uploader and
20123 comment from another wiki.
20124 * Support for Turck MMCache was removed
20125 * (bug 14592) Warn users when they try to move their user page that their
20126 account will not be renamed
20127 * Show block log on non-existing user (talk) pages of currently blocked users
20129 === Bug fixes in 1.16 ===
20131 * (bug 18031) Make namespace selector on Special:Export remember the previous
20133 * The svn-version version numbers on Special:Version have been removed
20134 * (bug 17374) Special:Export no longer exports two copies of the same page
20135 * (bug 18190) Proper parsing in MediaWiki:Sharedupload message
20136 * (bug 17617) HTML cleanup for ImagePage
20137 * (bug 17964) namespaceDupes.php no longer fails on an empty interwiki table
20138 * Improved error handling for image moving
20139 * (bug 17974) On Special:SpecialPages, restricted special pages are now marked
20140 with <strong> tags, helps with text-based browsers
20141 * (bug 18259) Special:DeletedContributions now also uses
20142 MediaWiki:Sp-contributions-logs for the link to Special:Log
20143 * Don't add empty title="" attributes to links to anchors on the current page
20144 * (bug 18291) rebuildrecentchanges.php failed to add deletion log entries
20145 * (bug 18304) rebuildrecentchanges.php got size changes wrong
20146 * (bug 18170) Fixed a PHP warning in Parser::preSaveTransform() in PHP 5.3
20147 * (bug 18289) Database connection error page now returns correct HTML
20148 * "successbox", "errorbox" and related CSS classes are now available in all
20150 * (bug 18316) Removed superfluous name="fulltext" from Special:Search
20151 * (bug 18331) MediaWiki:Undelete-revision can now have wikitext
20152 * The "noautoblock" flag is no longer displayed in the block log when blocking
20154 * (bug 18009) $wgHooks and $wgExtensionFunctions now support closures
20155 * (bug 17948) Maintenance scripts now exit(0) or exit(1) as appropriate
20156 * (bug 18377) Time in Enhanced ChangesList lacking localisation
20157 * (bug 12998) Allow <sup>, <sub>, etc. in DISPLAYTITLE
20158 * (bug 1553) Lowercase navigation headings in German
20159 * (bug 7830) Pending transactions failed to commit on loginToUse() error
20160 * (bug 11613) session.save_handler being over-ridden
20161 * (bug 11381) session.save_handler being set twice (causes error)
20162 * (bug 17835) ForeignAPIRepo throwing error on first page load for file
20163 * (bug 18115) ForeignAPIRepo cache isn't working
20164 * Fixed a bug caused by LanguageConverter.php, which brings an abnormal '}-'
20165 after some parsed math syntax.
20166 * (bug 18441) rebuildrecentchanges.inc no longer ignores $wgLogRestrictions
20167 * (bug 18317) Bolded selections in 1 | 3 | etc days on RecentChanges now use
20168 <strong> instead of hardcoded styles
20169 * (bug 18449) Fixed items number per column on category pages when the total is
20171 * (bug 18121) maintenance/deleteArchivedRevisions.php no longer deletes
20172 revisions when --delete is not passed
20173 * (bug 13172) GPS coordinates in image Exif data are now actually displayed
20174 * Overhaul of preferences system, includes the following bug fixes:
20175 ** (bug 5363) Changes to default preferences now impact registered users.
20176 ** (bug 14806) Hook to enable putting preferences in existing tabs.
20177 ** (bug 17191) Registration date now listed on preferences page.
20178 ** The user_properties table (now used for storing preferences) has been added
20179 to $wgSharedTables.
20180 ** Note that this change will break some extensions which have not been adapted
20182 * (bug 17020) Adding fallback encodings for Traditional and Simplified Chinese
20183 languages while the text is typed as URLs.
20184 * (bug 17614) Prev / Next links are not shown if all results are shown
20185 * (bug 18207) Strange spacing before [[irc:...]] links
20186 * Removed float from the user login form in RTL interface - caused display
20188 * (bug 15008) Redirect images are now subject to Bad image list rules
20189 * (bug 6802) profileinfo.php now also work on other database servers than MySQL
20190 * (bug 16925) Diffs no longer fail when $wgExternalDiffEngine is set to
20191 'wikidiff' or 'wikidiff2' but extension is not installed
20192 * (bug 18326) Chmod errors in file repos have been hidden
20193 * (bug 18718) Comma after a } create a error in IE
20194 * (bug 18716) Removed redundant class in Modern skin CSS for category links and
20196 * (bug 18656) Use proper directory separators in wfMkdirParents()
20197 * (bug 18549) Make Special:Blockip respect $wgEnableUserEmail and
20199 * (bug 16912) Tooltips on images with link= disappear
20200 * (bug 18389) Localise numbers in EXIF data
20201 * (bug 18522) Wrap MediaWiki:Protect-cascadeon in a div for identification
20202 * (bug 18438) Tweak HTML for preview bar for consistency and accessibility
20203 * (bug 18432) Updated documentation for dumpBackup.php
20204 * Fix array logic in Sanitizer::removeHTMLtags so that it doesn't strip good
20205 tags that were redundantly defined.
20206 * (bug 14118) SpecialPage::getTitleFor does not return a localised name
20207 * (bug 18698) Renaming non entry point maintenance scripts from .inc.php to
20209 * Deprecated methods Title::getInterwikiLink, Title::userCanCreate(),
20210 Title::userCanEdit() and Title::userCanMove() have been removed
20211 * Only show upload links on file description if $wgEnableUploads = true
20212 and user can upload
20213 * Don't say "You need to log in to upload/move", because it's possible that
20214 uploading/moving is disabled for registered users as well (e.g. only sysops)
20215 * (bug 18943) Handle invalid titles gracefully at Special:Mostlinked
20216 * (bug 8873) Enable variant conversion in text on 'alt' and 'title' attributes
20217 * (bug 10837) Introducing the StubUserVariant class to determine the variant
20218 variable instead of using this to overrule the user language preference.
20219 * (bug 19014) If user had deletedhistory right, but not undeleted right, then
20220 show "view" instead of "view/restore" on logs.
20221 * (bug 19017) TOC level calculation error in an odd case
20222 * (bug 18999) CSS update for RTL interwiki links
20223 * (bug 18925) history.js removes class names of list elements on initialization
20224 * Multiple whitespace in TOC anchors is now stripped, for consistency with the
20225 link from the edit comment
20226 * (bug 19112) Preferences now respects $wgUseExternalEditor
20227 * (bug 18173) MediaWiki now fails when unable to determine a client IP
20228 * (bug 19170) Special:Version should follow the content language direction
20229 * (bug 19160) maintenance/purgeOldText.inc is now compatible with PostgreSQL
20230 * Fixed performance regression in "bad image list" feature
20231 * Show user preference 'Use live preview' if $wgLivePreview is enabled only
20232 * (bug 17014) Blocked users can no longer use Special:UserRights unless they
20233 can add/remove *all* groups (have 'userrights' permission).
20234 * (bug 19294) Always show Sp-contributions-footer(-anon)
20235 * Attempts to restrict reading of pages while anonymous viewing is allowed
20236 via extensions not using the userCan hook and via $wgRevokePermissions now
20238 * (bug 8445) Multiple-character search terms are now handled properly for
20240 * (bug 19450) Use formatNum for "Number of edits" in Special:Preferences
20241 * (bug 11242) Check for MySQL storage engines during installation now checks
20242 whether the engines are actually available
20243 * (bug 19390) Omit the "printable version" link on the printable version
20244 * (bug 18394) img_auth.php now respects userCan
20245 * (bug 19509) Uploading to a file named '0' previously treated it as null input
20246 and attempted to upload with the source name. Now warns about not having an
20247 extension (since 0.ext is perfectly valid)
20248 * (bug 19468) Enotif preferences are now only displayed when they are turned on
20249 * (bug 19442) Show/hide options on watchlist only work once
20250 * (bug 19602) PubMed Magic links now use updated NIH url
20251 * (bug 19637) externallinks have links to self
20252 * Don't load Opera 9.5 RTL fixes for Opera 9.6
20253 * Remove five-year-old KHTMLFixes.css, which is unlikely to be relevant anymore
20254 and was causing problems.
20255 * Removed repetition of URIs in the title attributes of external links.
20256 * (bug 19693) User name is now escaped in "Contributions for ..." link on
20258 * (bug 19571) Override buildConcat for SQLite.
20259 * Log in and log out links no longer return to page view when clicked from
20260 history view, edit page, or something similar
20261 * (bug 19513) RTL fixes for new Search UI
20262 * (bug 16497) Special:Allmessages is paginated
20263 * (bug 18708) CSS plainlinks class now available to all skins
20264 * (bug 19590) Database error messages no longer have "MySQL" hardcoded as the
20266 * (bug 19759) successbox on Special:Preferences now correctly aligned on
20267 standard, nostalgia and cologneblue skin
20268 * (bug 19814) interwiki links from file links ([[File:Foo.jpg|link=de:Test]])
20269 are no longer recorded in the pagelinks table
20270 * (bug 19784) date option "ISO 8601" produced illegal id
20271 * (bug 19761) Removed autogenerated <meta keywords> tag with link data.
20272 Keyword set was not useful, and is ignored by modern search engines anyway.
20273 * (bug 19827) Special:SpecialPages title is "Upload file
20274 * (bug 19355) Added .xhtml, .xht to upload file extension blacklist
20275 * (bug 19287) Workaround for lag on history page in Firefox 3.5
20276 * (bug 19564) Updated docs/hooks.txt
20277 * (bug 18751) Fix for buggage in profiling setup for some extensions on PHP 5.1
20278 * (bug 17139) ts_resortTable inconsistent trimming makes date sorting fragile
20279 * (bug 19445) Change oldimage table to use ON UPDATE CASCADE for FK to image
20281 * (bug 14080) Short notation links to subpages didn't work in edit summaries
20282 * (bug 17374) Special:Export no longer exports multiple copies of pages
20283 * (bug 19818) Edits to user CSS/JS subpages can now be marked as patrolled by
20284 users who can't edit them
20285 * (bug 19839) Comments in log items are no more double escaped
20286 * (bug 18161) Fix inconsistent separators in watchlist link toolbars with
20287 "enhanced recent changes"
20288 * (bug 16877) Moving a page over a redirect no longer leaves an orphan entry in
20289 the recentchanges table
20290 * (bug 16009) Limit selection forms based on Pager now links to the correct page
20291 when using long urls
20292 * The display of the language list on the preferences is more comply with the
20294 * (bug 19849) Custom X-Vary-Options header now disabled unless $wgUseXVO is set
20295 * (bug 19301) Duplicate entries in $wgAddGroups, $wgRemoveGroups,
20296 $wgGroupsAddToSelf and $wgGroupsRemoveFromSelf are no more displayed on
20297 Special:ListGroupRights
20298 * (bug 18799) Special:Userlogin now handles correctly the returnto parameter
20299 to not link back to Special:Userlogout when user's language isn't the same as
20301 * (bug 19479) Show proper error message when unable to connect to PostgreSQL
20302 database with username/password in MediaWiki's setup
20303 * (bugs 18407, 18409) Special:Upload is now listed on Special:Specialpages only
20304 if uploads are enabled and the user can access it
20305 * (bug 17988) Spaces before [[Category:]] links are no longer ignored
20306 * (bug 19957) All known-failing tests now marked disabled; added --run-disabled
20307 option to parser test suite to run disabled tests if desired.
20308 * (bug 16311) Make recent change flags (n/m/b) <abbr>s instead of <span>s
20309 * (bug 15680) Split the edit tip message of user CSS/JS subpage into
20310 "usercssyoucanpreview" and "userjsyoucanpreview" respectively.
20311 * (bug 12110) Split the rights for editing users' CSS/JS subpage from
20312 "editusercssjs" into "editusercss" and "edituserjs" respectively.
20313 * (bug 19394) RecentChanges feed URLs for log items with no revisions
20314 (eg Newuser, Userrights) are no longer broken
20315 * (bug 17395) Remote file descriptions use user language ($wgLang), not wiki
20316 language ($wgContLang)
20317 * (bug 11867) Lock error on redirect table when running orphans.php
20318 * (bug 18930) initStats.php now refreshes active users count
20319 * (bug 18699) Using the nosummary URL option no longer triggers the "You have
20320 not provided a summary" warning for those who activated it in their
20322 * (bug 18855) commandLine.inc and Maintenance.php are now properly included
20323 using the full path
20324 * (bug 18497) Fixed broken style sheets in Opera fullscreen mode
20325 * (bug 16084) Default memory limit has be increased to 50M, see $wgMemoryLimit
20326 * (bug 17864/19519) Added proper input normalization in Special:UserRights
20327 * (bug 20086) Add Hook to add extra statistics at the end of Special:Statistics
20328 * (bug 19289) importDump.php can now handle bzip2 and 7zip
20329 * (bug 20131) Fixed a PHP notice for users having the "rollback" right on
20330 Special:RecentChangesLinked
20331 * Do not transform EXIF fields with pure text to avoid results like
20332 foo,bar@example,com
20333 * (bug 20176) Fix login/logout links in skin CologneBlue
20334 * (bug 20203) "Powered by Mediawiki" now has height/width on image tag
20335 * (bug 20273) Fix broken output when no pages are found in the content
20337 * (bug 20265) Make AncientPages and UnusedFiles work on SQLite
20338 * Fixed XSS vulnerability for Internet Explorer clients (only pre-release
20339 versions of MediaWiki were affected).
20340 * (bug 14817) Moving a page to a subpage of itself moves it twice
20341 * (bug 20289) $wgMaximumMovedPages should only count pages actually moved
20342 * (bug 15248) Non-breaking spaces and certain other Unicode space characters
20343 are now normalized to ordinary spaces in titles; if your wiki has existing
20344 titles with such characters, run cleanupTitles.php and/or cleanupImages.php
20345 * (bug 11143) Links containing invalid UTF-8 percent-code sequences are now
20346 cleanly disabled instead of breaking parsing entirely on PHP 5.2.
20347 * (bug 20296) Fixed an PHP warning in Language::getMagic() in PHP 5.3
20348 * (bug 20358) Unprotect tab was missing accesskey; now same as protect tab.
20349 * (bug 20317) Cleaned up default main page link accesskey settings
20350 * (bug 20362) Special:Statistics now produces valid HTML when view counters are
20352 * (bug 19857) maintenance/deleteRevision.php on last revision no longer breaks
20354 * (bug 20365) Page name with c/g/h/j/s/u + x are now correctly handled in
20355 Special:MovePage with Esperanto as content language
20356 * (bug 20364) Fixed regression in GIF metadata loading
20357 * (bug 20299) MediaWiki:Move-subpages and MediaWiki:Move-talk-subpages can now
20359 * (bug 15475) DatabaseBase::setFlag(), DatabaseBase::clearFlag() and
20360 DatabaseBase::getFlag() now have documentation
20361 * (bug 19966) MediaWiki:License-header is now used for the licensing header in
20362 the file description page instead of MediaWiki:License
20363 * (bug 20380) Links to history/deleted edits at the top of
20364 Special:RevisionDelete are no more displayed when doing log suppression
20365 * (bug 8143) Localised parser function names are now correctly case insensitive
20366 if they contain non-ASCII characters
20367 * (bug 19055) maintenance/rebuildrecentchanges.php now purges
20368 Special:Recentchanges's RSS and Atom feed cache
20369 * The installer will now try to bypass PHP's max_execution_time
20370 * (bug 20260) SQLite no longer tries to automatically create the database at
20371 execution time, this now happens only at install time; if it is not available
20372 at script execution, it now throws an exception
20373 * Fixed EditFilterMerged hook so the hookError parameter serves a purpose
20374 (analogous to EditFilter hook)
20375 * (bug 2257) Tag extensions can expand template parameters provided to the tag,
20376 by using a new parameter added to the recursiveTagParse function
20377 * (bug 14900) __INDEX__ and __NOINDEX__ no longer override site config set in
20378 $wgArticleRobotPolicies.
20379 * (bug 20466) Hidden categories are no more displayed when printing
20380 * (bug 20446) When changing user rights with User@remotewiki and remotewiki is
20381 the local wiki, the user is now treated as the local user
20382 * (bug 20494) OutputPage::getArticleBodyOnly() no longer requires an useless
20384 * (bug 20136) Protection form JavaScript now synchronizes the expiry boxes on
20385 any change, in addition to onkeyup.
20386 * Don't link to "edit this page" on MediaWiki:Noarticletext if user is not
20387 allowed to create page. Done via new message
20388 MediaWiki:Noarticletext-nopermission
20389 * Improved compatibility between the Vector skin and addPortletLink() from
20390 wikibits.js: empty portlets are now present but hidden, adding an element to a
20392 * (bug 19531) addPortletLink() now wraps inserted labels in a <span> element to
20393 be compatible with the CSS for the Vector skin
20394 * (bug 20578) Wrong localized image metadata - duplicated string?
20395 * (bug 20556) Stub threshold's "other" <input> in Special:Preferences now has a
20396 correct type="text" parameter
20397 * (bug 482) Don't include TOC in the printable version if it has been hidden
20398 * Adjust the time according to the user configuration on Special:Revisiondelete
20399 * (bug 20624) Installation no longer allows "qqq" as the chosen language
20400 * (bug 20634) The installer-created database user will now have all rights on
20401 the database so that upgrades will go more smoothly.
20402 * (bug 18180) Special:Export ignores limit, dir, offset parameters
20403 * User::getBlockedStatus() works for all kinds of user objects and doesn't
20404 assume the user object is equal to the current-user object ($wgUser)
20405 * (bug 20517) Cancel link from edit page now returns to the old version when
20406 editing an old version
20407 * (bug 16902) Installer no longer shows warnings when exec() has been disabled
20408 by disable_functions
20409 * (bug 20726) Title::getLatestRevID's documentation now says that the function
20410 returns false if the page doesn't exist
20411 * (bug 20751) ForeignApiRepo now urldecodes filenames when saving to local cache
20412 * (bug 20730) Fix to Special:Version ViewVC link for branch checkouts
20413 * (bug 20353) wfShellExec() was adding extra quotes on Windows Vista, causing
20414 command line scripts to fail
20415 * (bug 20702) Parser functions can now be used correctly in
20416 MediaWiki:Missing-article
20417 * (bug 14117) "redirected from" is now also shown on foreign file redirects
20418 * (bug 17747) Only display thumbnail column in file history if the image can
20420 * (bug 3421) Live preview no longer breaks user CSS/JS previews
20421 * (bug 11264) The file logo on a file description page for documents (PDF, ...)
20422 now links to the file rather than the file description page
20423 * Password fields built with HTMLForm now still have the type="password"
20424 attribute if $wgHtml5=false.
20425 * (bug 20836) Preload now works for MediaWiki namespace
20426 * (bug 20885) Search box no longer suggests unavailable special pages
20427 * (bug 20948) "Create this page" on Special:Search is no longer displayed when
20428 searching for special pages
20429 * (bug 20524) Hideuser: Show nice error when trying to block hidden user without
20431 * (bug 21026) Fixed file redirects on shared repos on non-English client wikis
20432 * (bug 21030) Fixed schema choices from being overwritten by defining unique
20433 field names per driver.
20434 * (bug 21115) wgCanonicalSpecialPageName javascript variable is now always
20435 false on non-special pages
20436 * (bug 21113) "Other statistics" header on Special:Statistics is no more
20437 displayed when there isn't any entry in it
20438 * (bug 21114) Special:Contributions no longer shows diff links for new
20440 * (bug 21116) MediaWiki:Templatesused, MediaWiki:Templatesusedpreview and
20441 MediaWiki:Templatesusedsection now support plural
20442 * (bug 21079) There is no more line wrapping between label and field in
20444 * (bug 20256) Fixed SQL errors on Special:Recentchanges and
20445 Special:Recentchangeslinked on SQLite backend
20446 * (bug 20880) Fixed updater failure on SQLite backend
20447 * (bug 21182) Fixed invalid HTML in Special:Listgrouprights
20448 * (bug 20242) Installer no longer promts for user credentials for SQLite
20450 * (bug 20911) Installer failed to create a SQLite database
20451 * (bug 20847) Deprecated deprecated akeytt() removed in wikibits.js leaving
20453 * (bug 21161) Changing $wgCacheEpoch now always invalidates file cache
20454 * (bug 20268) Fixed row count estimation on SQLite backend
20455 * (bug 20275) Fixed LIKE queries on SQLite backend
20456 * (bug 21234) Moving subpages of titles containing \\ now works properly
20457 * (bug 21006) maintenance/updateArticleCount.php now works again on PostgreSQL
20458 * (bug 19319) Add activeusers-intro message at top of SpecialActiveUsers page
20459 * (bug 21255) Fixed hostname construction for DNSBL checking
20460 * (bug 18019) Users are now warned when moving a file to a name in use on a
20461 shared repository and only users with the 'reupload-shared' permission can
20463 * (bug 18909) Add missing Postgres INSERT SELECT wrapper
20464 * User::isValidPassword now only returns boolean results,
20465 User::getPasswordValidity can be used to get an error message string
20466 * The error message shown in Special:ChangePassword now parses wiki markup
20467 * (bug 19859) Removed experimental HTMLDiff feature
20468 * Removed section edit links in edit conflict form
20469 * Allow SpecialActiveusers to work on non-MySQL databases
20470 * (bug 6579) Fixed protecting images from uploading only
20471 * (bug 18609) Search index was empty for some pages
20472 * (bug 13453) rebuildrecentchanges maintenance script works on PG again
20473 * (bug 16583) Reduce false positives when checking for PHP (on upload, etc.)
20474 * (bug 20112) Bitrotted tests in the t/ directory were failing.
20475 * (bug 21470) MediaWiki:Sp-contributions-explain is now wrapped in a <p> with
20476 id "mw-sp-contributions-explain"
20477 * (bug 19159) Fixed \overleftrightarrow in texvc
20478 * (bug 19391) Fix caching for Recent ChangesFeed.
20479 * (bug 21455) Fixed "Watch this page" checkbox appearing on some special pages
20480 even to non-logged in users
20481 * (bug 21551) Rewrote the Squid purge HTTP client to provide a more robust and
20482 general implementation of HTTP, allowing it to purge non-Squid caches such as
20484 * Fixed corruption of long UDP debug log messages by using socket_sendto()
20485 instead of fsockopen() with fwrite().
20486 * (bug 16884) Fixed feed links in sidebar not complying with URL parameters
20487 of the displayed page
20488 * (bug 21403) memcached class renamed to MWMemecached to avoid conflict with
20489 PHP's memcached extension
20490 * (bug 21650) Both calls to SkinTemplateTabs hook are now compatible
20491 * (bug 21672) Add missing Accept-Language to both Vary and XVO headers
20492 * (bug 21679) "Edit block reasons" link at the bottom of Special:Blockip is now
20493 only displayed to the users that have "editinterface" right
20494 * (bug 21740) Attempting to protect a page that doesn't exist (salting) returns
20496 * (bug 18762) both redirects and links get fixed one after another if
20497 redirects-only switch is not present
20498 * (bug 20159) thumbnails rerendered if older than $wgThumbnailEpoch
20499 * Fixed a bug which in some situations causes the job queue to grow forever,
20500 due to an infinite loop of job requeues.
20501 * (bug 21523) File that can have multiple pages (djvu, pdf, ...) no longer have
20502 the page selector when they have only one page
20503 * (bug 21559) "logempty" message is now wrapped in a div with class
20504 "mw-warning-logempty" when used in log extract
20505 * (bug 20549) Parser tests were broken on SQLite backend
20506 * (bug 21776) Interwiki urls like http://en.wikibooks.org/wiki/cs: should give
20507 a redirect instead of a baderror.
20508 * (bug 21803) Special:MyContributions now keeps the query string parameters
20509 * Redirecting special pages now keep query string parameters set to "0" (e.g.
20511 * (bug 20765) Special:ListGroupRights no longer misses addables and removables
20512 groups if there are duplicate entries
20513 * (bug 21814) Message shown when rolling back an edit with a deleted username
20514 now shows '(username deleted)' instead of broken user tool links
20515 * (bug 21536) Fixed JavaScript error on Special:Search caused by an incorrect ID
20516 * (bug 21535) RecentChanges RSS feed now always recognises the namespace filter,
20517 previously it sometimes didn't due to caching.
20518 * (bug 20388) ProfilerSimpleText no longer outputs comment on action=raw
20519 * refreshLinks.php now purges orphaned redirect table rows
20520 * (bug 2971) Swap links of hist & diff location on Special:Contributions for
20521 consistency with RC/WL
20522 * (bug 21986) Special page names are now capitalized by content language
20523 * If two log types have the same description, they're now both displayed in the
20524 type selector on Special:Log
20525 * (bug 20115) Special:Userlogin title says "Log in / create account" even if the
20526 user can't create an account
20527 * (bug 2658) Don't attempt to set the TZ environment variable.
20528 * (bug 9794) User rights log entries for foreign user now links to the foreign
20529 user's page if possible
20530 * (bug 14717) Don't load nonexistent CSS fix files for non-Monobook skins
20531 * (bug 22034) Use wfClientAcceptsGzip() in wfGzipHandler instead of
20533 * (bug 19226) First line renders differently on many UI messages.
20534 * (bug 21303) Comments are no longer stripped from MediaWiki:Common.js and
20535 skin-specific JS pages
20536 * (bug 5061) Use the more precise thumbcaption thumbimage and thumbinner classes
20538 * (bug 22096) IE50Fixes.css and IE55Fixes.css have been dropped from the
20539 Monobook and Chick skins
20540 * Fixed bug involving unclosed "-{" markup in the language converter
20541 * (bug 21870) No longer include Google logo from an external server on wiki
20543 * (bug 22181) Do not truncate if the ellipsis actually make the string longer
20544 * (bug 16039) Text disappearing after a bad image
20545 * (bug 18784) Internal links like [[File:Foo|caption]] should read 'caption',
20546 not 'File:Foo' when Foo is not an image
20547 * (bug 21518) Special:UserRights no longer displays the user name box for users
20548 that can only change their rights
20549 * (bug 21593) Special:UserRights now lists automatic groups membership
20550 * (bug 22364) Setting $wgUseExternalEditor to false no longer hides the reupload
20551 link from file pages
20552 * Fix bug introduced in MediaWiki 1.12: The author field in
20553 $wgExtensionCredits is no longer sorted with sort() but rather used
20554 as it appears in extensions as was the case before r30117 where it
20555 was unintentionally sorted along with other fields.
20556 * (bug 19334) Textarea no longer jumps when editing longer articles in IE8
20557 * Truncate summary of page moves in revision comment field to avoid broken
20558 multibyte characters
20559 * (bug 22540) ForeignApiRepos no longer try to store thumbnails that don't exist
20560 * (bug 22551) Special:Resetpass now has a "Cancel" button that sends the user to
20561 the page set in the &returnto parameter.
20562 * (bug 19194) Search box in Modern skin doesn't focus with Safari/Chrome
20563 * (bug 17790) Users instantly logged off on HughesNet
20564 * (bug 21549) Make foreign key constraints DEFERRABLE INITIALLY DEFERRED
20565 when using Postgres as the database backend.
20567 == API changes in 1.16 ==
20569 * Added uiprop=changeablegroups to meta=userinfo
20570 * Added usprop=gender to list=users
20571 * (bug 18311) action=purge now works for images too
20572 * Add parentid to prop=revisions output
20573 * (bug 17832) action=delete returns 'unknownerror' instead of 'permissiondenied'
20574 when the user is blocked
20575 * (bug 18546) Added timestamp of new revision to action=edit output
20576 * (bug 18554) Also list hidden revisions in list=usercontribs for privileged
20578 * (bug 13049) "API must be accessed from the primary script entry point" error
20579 * (bug 16422) Don't display help for format=jsonfm unless specifically requested
20580 * Added PHP and database version to meta=siteinfo output
20581 * (bug 18533) Add readonly message to meta=siteinfo output
20582 * (bug 18518) Add clprop=hidden to prop=categories
20583 * (bug 18710) Fixed internal error with empty parameter in action=paraminfo
20584 * (bug 18709) Missing descriptions for some parameters in action=paraminfo
20586 * (bug 18731) Show correct SVN links for extension modules in api.php?version
20587 * (bug 18730) Add version information to action=paraminfo output
20588 * (bug 18743) Add ucprop=size to list=usercontribs
20589 * (bug 18749) Add generator flag to action=paraminfo output
20590 * Make action=block respect $wgEnableUserEmail and $wgSysopEmailBans
20591 * Made deleting file description pages without files possible
20592 * (bug 18773) Add content flag to siprop=namespaces output
20593 * (bug 18785) Add siprop=languages to meta=siteinfo
20594 * (bug 14200) Added user and excludeuser parameters to list=watchlist and
20596 * Added index, fromtitle and byteoffset fields to action=parse&prop=sections
20598 * (bug 19313) action=rollback returns wrong revid on master/slave setups
20599 * (bug 19323) action=parse doesn't return section tree on pages with Cite
20601 * (bug 18720) Add anchor field to action=parse&prop=sections output
20602 * (bug 19423) The initial file description page used caption in user lang
20603 rather than UI lang
20604 * (bug 17809) Add number of users in user groups to meta=siteinfo
20605 * (bug 18533) Add readonly reason to readonly exception
20606 * (bug 19528) Added XSLT parameter to API queries in format=xml
20607 * (bug 19040) Fix prependtext and appendtext in combination with section
20608 parameter in action=edit
20609 * (bug 19090) Added watchlist parameter, deprecated watch and unwatch
20610 parameter in action=edit
20611 * Added fields to list=search output: size, wordcount, timestamp, snippet
20612 * Where supported by backend, list=search adds a 'searchinfo' element with
20613 optional info: 'totalhits' count and 'suggestion' alternate query term
20614 * (bug 19907) $wgCrossSiteAJAXdomains added to allow specified (or all)
20615 external domains to access api.php via AJAX, if the browser supports the
20616 Access-Control-Allow-Origin HTTP header
20617 * (bug 19999) Made metadata and properties of search results optional. Added
20619 * (bug 20700) Add amprop=default to meta=allmessages to list default value for
20620 customized messages
20621 * Don't parse magic words in meta=allmessages, output messages unparsed
20622 * (bug 21105) list=usercontribs can now list contribs for User:0
20623 * (bug 21085) list=deletedrevs no longer returns only one revision when
20624 drcontinue param is passed
20625 * (bug 21106) Deprecated parameters now tagged in action=paraminfo
20626 * (bug 19004) Added support for tags
20627 * (bug 21083) list=allusers no longer returns current timestamp for users
20628 without registration date
20629 * (bug 20967) action=edit allows creation of invalid titles
20630 * (bug 19523) Add inprop=watched to prop=info
20631 * (bug 21589) API: Separate summary and initial page text for uploads
20632 * (bug 21817) list=usercontribs returns empty result for empty ucuser
20633 * (bug 21441) meta=userinfo&uiprop=options no longer returns default options
20634 for logged-in users under certain circumstances
20635 * (bug 21945) Add chomp control in YAML
20636 * Expand the thumburl to an absolute url to make it consistent with url and
20638 * (bug 20233) ApiLogin::execute() doesn't handle LoginForm :: RESET_PASS
20639 * (bug 22061) API: add prop=headitems to action=parse
20640 * (bug 22240) API: include time in siteinfo
20641 * (bug 22241) Quick edit is still using the deprecated watch parameter (API:
20642 Setting default for watch/unwatch wrongly set)
20643 * (bug 22245) blfilterredirect=nonredirects in blredirect mode wrongly filtering
20644 * (bug 22248) Output extension URLs in meta=siteinfo&siprop=extensions
20645 * Support key-params arrays in 'descriptionmsg' in
20646 meta=siteinfo&siprop=extensions
20647 * (bug 21922) YAML output should quote asterisk when used as key
20648 * (bug 22297) safesubst: to allow substitution without breaking transclusion
20649 * (bug 18758) API read of watchlist's wl_notificationtimestamp
20650 * (bug 20809) Expose EditFormPreloadText via the API
20651 * (bug 18427) Comment (edit summary) parser option for API
20652 * (bug 18608) API should provide list of CSS styles to apply to rendered output
20653 * (bug 18771) List possible errors in action=paraminfo
20655 === Languages updated in 1.16 ===
20657 MediaWiki supports over 300 languages. Many localisations are updated
20658 regularly. Below only new and removed languages are listed, as well as
20659 changes to languages because of Bugzilla reports.
20661 * Capiznon (cps) (new)
20662 * North Frisian (frr) (new)
20663 * Kirmanjki (kiu) (new)
20664 * Komi-Permyak (koi) (new)
20665 * Karachay-Balkar (krc) (new)
20666 * Hill Mari (mrj) (new)
20667 * Prussian (prg) (new)
20668 * Romagnol (rgn) (new)
20669 * Lower Silesian (sli) (new)
20670 * Picard (pcd) (new)
20671 * Uyghur (Arabic script) (ug-arab) (new)
20672 * Upper Franconian (vmf) (new)
20673 * Votic (vot) (new)
20674 * Eastern Yiddish (ydd) (removed)
20675 * Iriga Bicolano (bto) (removed)
20676 * Ladin (lld) (removed)
20677 * Laz (lzz) (removed)
20678 * Palembang (plm) (removed)
20679 * Megleno-Romanian (Greek script) (ruq-grek) (removed)
20680 * Tamazight (tzm) (removed)
20683 * (bug 18474) Sorani (ckb - Central Kurdish) (renamed from ku-arab)
20684 * Add PLURAL function for Scots Gaelic (gd)
20685 * Add Estonian letters äöõšüž to linktrail (et)
20686 * (bug 18776) Native name of Burmese language (my)
20687 * (bug 18806) Use correct unicode characters in spelling of native Chuvash
20689 * (bug 18864) Updated autonym for Zhuang language
20690 * (bug 18308) Updated date formatting in Occitan (oc)
20691 * (bug 19080) Added ăâîşţșțĂÂÎŞŢȘȚ to Romanion (ro) linktrail
20692 * (bug 19286) Correct commafying function in Polish (pl)
20693 * (bug 19441) Updated date formatting for Lithuanian
20694 * (bug 19630) Added ÄäÇçĞğŇňÖöŞşÜüÝýŽž to Turkmen (tk) linktrail
20695 * (bug 19949) New linktrail for Greek (el)
20696 * (bug 19809) Korean (North Korea) (ko-kp) (new)
20697 * (bug 19968) Fixed "Project talk" namespace name for Maltese (mt)
20698 * (bug 21168) Added áâãàéêçíóôõúü to Portuguese (pt) linktrail
20699 * (bug 21596) Change interwiki link for Kurdish (ku)
20700 * (bug 23767) PHP warning/error when REQUEST_URI returns blank (IIS issue).
20702 == MediaWiki 1.15 ==
20704 == MediaWiki 1.15.5 ==
20705 === Changes since 1.15.4 ===
20707 * (bug 24565) Fixed Cache-Control headers sent from API modules, to protect
20708 user privacy in the case where an attacker can access the wiki through the
20709 same HTTP proxy as a logged-in user.
20710 * Fixed a minor cookie header parsing issue causing incorrect Cache-Control
20711 headers to be sent.
20712 * Fixed an XSS vulnerability in profileinfo.php for installations with
20713 $wgEnableProfileInfo = true (false by default)
20714 * For backwards compatibility with extensions from 1.14.x or before, restored
20715 the original function ApiMain::requestWriteMode().
20716 * In API login "need token" responses, added the cookieprefix and sessionid
20717 fields, as in MediaWiki 1.16.x. This is an improvement to the CSRF fix
20718 introduced in 1.15.3.
20720 == MediaWiki 1.15.4 ==
20721 === Changes since 1.15.3 ===
20723 * (bug 23534) Fixed SQL query error in API list=allusers.
20724 * (bug 23371) Fixed CSRF vulnerability in "e-mail me my password", "create
20725 account" and "create by e-mail" features of [[Special:Userlogin]]
20726 * (bug 23687) Fixed XSS vulnerability affecting IE clients only, due to a CSS
20729 == MediaWiki 1.15.3 ==
20730 === Changes since 1.15.2 ===
20732 * (bug 22828) Fixed deletion on SQLite.
20733 * (bug 23076) Fixed login CSRF vulnerability. Logins now require a token to
20734 be submitted along with the user name and password.
20736 == MediaWiki 1.15.2 ==
20737 === Changes since 1.15.1 ===
20739 * The installer now includes a check for a data corruption issue with certain
20740 versions of libxml2 2.7 and PHP earlier than 5.2.9, and also for a PHP bug
20741 present in the official release of PHP 5.3.1.
20742 * (bug 20239) MediaWiki:Imagemaxsize does not contain anymore a <br /> tag which
20743 was displayed to the user
20744 * (bug 21150) SQLite no longer raise an error when deleting files
20745 * (bug 20880) Fixed updater failure on SQLite backend
20746 * upgrade1_5.php now requires to be run --update option to prevent confusion
20747 * Fixed a CSS validation issue which allowed external images to be included
20748 into wikis where that is disallowed by configuration.
20749 * Fixed a data leakage vulnerability for private wikis using img_auth.php or
20750 similar image access authentication schemes. Check user permissions before
20751 streaming out scaled images from thumb.php.
20753 == MediaWiki 1.15.1 ==
20754 === Changes since 1.15.0 ===
20755 * Fixed fatal errors for unusual file repository configurations, such as
20757 * Fixed the "change password" link on Special:Preferences to have the correct
20758 returnto parameter.
20759 * (bug 19693) Fixed cross-site scripting vulnerability in Special:Block
20761 == MediaWiki 1.15.0 ==
20762 === Changes since 1.15.0rc1 ===
20764 * Removed category redirect feature, implementation was incomplete.
20765 * (bug 18846) Remove update_password_format(), unnecessary, destroys all
20766 passwords if a wiki with $wgPasswordSalt=false is upgraded with the web
20768 * (bug 19127) Documentation warning for PostgreSQL users who run update.php:
20769 use the same user in AdminSettings.php as in LocalSettings.php.
20770 * Fixed possible web invocation of some maintenance scripts, due to the use of
20771 include() instead of require(). A full exploit would require a very strange
20772 web server configuration.
20773 * Localisation updates.
20775 === Configuration changes in 1.15 ===
20777 * Added $wgNewPasswordExpiry, to specify an expiry time (in seconds) to
20778 temporary passwords
20779 * Added $wgUseTwoButtonsSearchForm to choose the Search form behavior/look
20780 * Added $wgNoFollowDomainExceptions to allow exempting particular domain names
20781 from rel="nofollow" on external links
20782 * (bug 12970) Brought back $wgUseImageResize.
20783 * Added $wgRedirectOnLogin to allow specifying a specific page to redirect users
20784 to upon logging in (ex: "Main Page")
20785 * Add $wgExportFromNamespaces for enabling/disabling the "export all from
20786 namespace" option (disabled by default)
20788 === New features in 1.15 ===
20790 * (bug 2242) Add an expiry time to temporary passwords
20791 * (bug 9947) Add PROTECTIONLEVEL parser function to return the protection level
20792 for the current page for a given action
20793 * (bug 17002) Add &minor= and &summary= as parameters in the url when editing,
20794 to automatically add a summary or a minor edit.
20795 * (bug 16852) padleft and padright now accept multiletter pad characters
20796 * When using 'UserCreateForm' hook to add new checkboxes into
20797 Special:UserLogin/signup, the messages can now contain HTML to allow
20798 hyperlinking to the site's Terms of Service page, for example
20799 * Add new hook 'UserLoadFromDatabase' that is called while loading a user
20801 * (bug 17045) Options on the block form are prefilled with the options of the
20802 existing block when modifying an existing block.
20803 * (bug 17055) "(show/hide)" links to Special:RevisionDelete now use a CSS class
20804 rather than hardcoded HTML tags
20805 * Added new hook 'WantedPages::getSQL' into SpecialWantedpages.php to allow
20806 extensions to alter the SQL query which is used to get the list of wanted
20808 * (bugs 16957/16969) Add show/hide to preferences for RC patrol options on
20810 * (bug 11443) Auto-noindex user/user talk pages for blocked user
20811 * (bug 11644) Add $wgMaxRedirects variable to control how many redirects are
20812 recursed through until the "destination" page is reached.
20813 * Add $wgInvalidRedirectTargets variable to prevent redirects to certain
20815 * Use HTML5 rel attributes for some links, where appropriate
20816 * Added optional alternative Search form look - Go button & Advanced search
20817 link instead of Go button & Search button
20818 * (bug 2314) Add links to user custom CSS and JS to Special:Preferences
20819 * More helpful error message on raw page access if PHP_SELF isn't set
20820 * (bug 13040) Gender switch in user preferences
20821 * (bug 13040) {{GENDER:}} magic word for interface messages
20822 * (bug 3301) Optionally sort user list according to account creation time
20823 * Remote description pages for foreign file repos are now fetched in the
20825 * (bug 17180) If $wgUseFileCache is enabled, $wgShowIPinHeader is automatically
20827 * (bug 16604) Mark non-patrolled edits in feeds with "!"
20828 * (bug 16604) Show title/rev in IRC for patrol log
20829 * (bug 16854) Whether a page is being parsed as a preview or section preview
20830 can now be determined and set with ParserOptions.
20831 * Wrap message 'confirmemail_pending' into a div with CSS classes "error" and
20832 "mw-confirmemail-pending"
20833 * (bug 8249) The magic words for namespaces and pagenames can now be used as
20834 parser functions to return the desired namespace or normalized title/title
20835 part for a given title.
20836 * (bug 17110) Styled #mw-data-after-content in cologneblue.css to match the
20838 * (bug 7556) Time zone names in signatures lack i18n
20839 * (bug 3311) Automatic category redirects
20840 * (bug 17236) Suppress 'watch user page link' for IP range blocks
20841 * Wrap message 'searchresulttext' (Special:Search) into a div with
20842 class "mw-searchresult"
20843 * (bug 15283) Interwiki imports can now fetch included templates
20844 * Treat svn:// URLs as external links by default
20845 * New function to convert namespace text for display (only applies on wiki with
20846 LanguageConverter class)
20847 * (bug 17379) Contributions-title is now parsed for magic words.
20848 * Preprocessor output now cached in memcached.
20849 * (bug 14468) Lines in classic RecentChanges and Watchlist have classes
20850 "mw-line-odd" and "mw-line-even" to make styling using css possible.
20851 * (bug 17311) Add a note beside the gender selection menu to tell users that
20852 this information will be public
20853 * Localize time zone regions in Special:Preferences
20854 * Add NUMBEROFACTIVEUSERS magic word, which is like NUMBEROFUSERS, but uses
20855 the active users data from site_stats.
20856 * Add a <link rel="canonical"> tag on redirected page views
20857 * Replace hardcoded '...' as indication of a truncation with the
20859 * Wrap warning message 'editinginterface' into a div with class
20860 'mw-editinginterface'
20861 * (bug 17497) Oasis opendocument added to mime.types
20862 * Remove the link to Special:FileDuplicateSearch from the "file history" section
20863 of image description pages as the list of duplicated files is shown in the
20864 next section anyway.
20865 * Added $wgRateLimitsExcludedIPs, to allow specific IPs to be whitelisted from
20867 * (bug 14981) Shared repositories can now have display names, located at
20868 Mediawiki:Shared-repo-name-REPONAME, where REPONAME is the name in
20869 $wgForeignFileRepos
20870 * Special:ListUsers: Sort list of usergroups by alphabet
20871 * (bug 16762) Special:Movepage now shows a list of subpages when possible
20872 * (bug 17585) Hide legend on Special:Specialpages from non-privileged users
20873 * Added $wgUseTagFilter to control enabling of filter-by-change-tag
20874 * (bug 17291) MediaWiki:Nocontribs now has an optional $1 parameter for the
20876 * Wrap special page summary message '$specialPageName-summary' into a div
20877 with class 'mw-specialpage-summary'
20878 * $wgSummarySpamRegex added to handle edit summary spam. This is used *instead*
20879 of $wgSpamRegex for edit summary checks. Text checks still use $wgSpamRegex.
20880 * New function to convert content text to specified language (only applies on
20881 wiki with LanguageConverter class)
20882 * (bug 17844) Redirect users to a specific page when they log in, see
20884 * Added a link to Special:UserRights on Special:Contributions for privileged
20886 * (bug 10336) Added new magic word {{REVISIONUSER}}, which displays the editor
20887 of the displayed revision
20888 * LinkerMakeExternalLink now has an $attribs parameter for link attributes and
20889 a $linkType parameter for the type of external link being made
20890 * (bug 17785) Dynamic dates surrounded with a <span> tag, fixing sortable tables
20891 with dynamic dates.
20892 * (bug 4582) Provide preference-based autoformatting of unlinked dates with the
20893 dateformat parser function.
20894 * (bug 17886) Special:Export now allows you to export a whole namespace (limited
20896 * (bug 17714) Limited TIFF upload support now built in if 'tif' extension is
20897 enabled. Image width and height are now recognized, and when using
20898 ImageMagick, optional flattening to PNG or JPEG for inline display can be
20899 enabled by setting $wgTiffThumbnailType
20900 * Renamed two input IDs on Special:Log from 'page' and 'user' to 'mw-log-page'
20901 and 'mw-log-user', respectively
20902 * Added $wgInvalidUsernameCharacters to disallow certain characters in
20903 usernames during registration (such as "@")
20904 * Added $wgUserrightsInterwikiDelimiter to allow changing the delimiter
20905 used in Special:UserRights to denote the user should be searched for
20906 on a different database
20907 * Add a class if 'missingsummary' is triggered to allow styling of the summary
20909 * Title attributes are now always blank on framed and thumbnailed images, and
20910 default to blank on inline images instead of defaulting to the image's
20911 filename. Additionally, the alt attribute now defaults to the filename on
20912 framed and thumbnailed images if no caption or alt attribute is specified.
20914 === Bug fixes in 1.15 ===
20915 * (bug 16968) Special:Upload no longer throws useless warnings.
20916 * (bug 17000) Special:RevisionDelete now checks if the database is locked
20917 before trying to delete the edit.
20918 * (bug 16852) padleft and padright now handle multibyte characters correctly
20919 * (bug 17010) maintenance/namespaceDupes.php now add the suffix recursively if
20920 the destination page exists
20921 * (bug 17035) Special:Upload now fails gracefully if PHP's file_uploads has
20923 * Fixing the caching issue by using -{T|xxx}- syntax (only applies on wiki with
20924 LanguageConverter class)
20925 * Improving the efficiency by using -{A|xxx}- syntax (only applies on wiki with
20926 LanguageConverter class)
20927 * (bug 17054) Added more descriptive errors in Special:RevisionDelete
20928 * (bug 11527) Diff on page with one revision shows "Next" link to same diff
20929 * (bug 8065) Fix summary forcing for new pages
20930 * (bug 10569) redirects to Special:Mypage and Special:Mytalk are no longer
20931 allowed by default. Change $wgInvalidRedirectTargets to re-enable.
20932 * (bug 3043) Feed links of given page are now preceded by standard feed icon
20933 * (bug 17150) escapeLike now escapes literal \ properly
20934 * Inconsistent use of sysop, admin, administrator in system messages changed
20936 * (bug 14423) Check block flag validity for block logging
20937 * DB transaction and slave-lag avoidance tweaks for Email Notifications
20938 * (bug 17104) Removed [Mark as patrolled] link for already patrolled revisions
20939 * (bug 17106) Added 'redirect=no' and 'mw-redirect' class to redirects at
20940 "user contributions"
20941 * Rollback links on new pages removed from "user contributions"
20942 * (bug 15811) Re-upload form tweaks: license fields removed, destination locked,
20943 comment label uses better message
20944 * Whole HTML validation ($wgValidateAllHtml) now works with external tidy
20945 * Parser tests no longer fail when $wgExternalLinkTarget is set in
20947 * (bug 15391) catch DBQueryErrors on external storage insertion. This avoids
20948 error messages on save were the edit in fact is saved.
20949 * (bug 17184) Remove duplicate "z" accesskey in MonoBook
20950 * Parser tests no longer fail when $wgAlwaysUseTidy is set in LocalSettings.php
20951 * Removed redundant dupe warnings on reupload for the same title. Dupe warnings
20952 for identical files at different titles are still given.
20953 * Add 'change tagging' facility, where changes can be tagged internally with
20954 certain designations, which are displayed on various summaries of changes,
20955 and the entries can be styled with CSS.
20956 * (bug 17207) Fix regression breaking category page display on PHP 5.1
20957 * Categoryfinder utility class no longer fails on invalid input or gives wrong
20958 results for category names that include pseudo-namespaces
20959 * (bug 17252) Galician numbering format
20960 * (bug 17146) Fix for UTF-8 and short word search for some possible MySQL
20962 * (bug 7480) Internationalize database error message
20963 * (bug 16555) Number of links to mediawiki.org scaled back on post-installation
20964 * (bug 14938) Removing a section no longer leaves excess whitespace
20965 * (bug 17304) Fixed fatal error when thumbnails couldn't be generated for file
20967 * (bug 17283) Remove double URL escaping in show/hide links for log entries
20968 and RevisionDeleteForm::__construct
20969 * (bug 17105) Numeric table sorting broken
20970 * (bug 17231) Transcluding special pages on wikis using language conversion no
20971 longer affects the page title
20972 * (bug 6702) Default system messages updated/improved
20973 * (bug 17190) User ID on preference page no longer has delimeters
20974 * (bug 17341) "Powered by MediaWiki" should be on the left on RTL wikis
20975 * (bug 17404) "userrights-interwiki" right was missing in User::$mCoreRights
20976 * (bug 7509) Separation strings should be configurable
20977 * (bug 17420) Send the correct content type from action=raw when the HTML file
20979 * (bug 12746) Do not allow new password e-mails when wiki is in read-only mode
20980 * (bug 17478) Fixed a PHP Strict standards error in
20981 maintenance/cleanupWatchlist.php
20982 * (bug 17488) RSS/Atom links in left toolbar are now localized in classic skin
20983 * (bug 17472) use print <<<EOF in maintenance/importTextFile.php
20984 * Special:PrefixIndex: Move table styling to shared.css, add CSS IDs to tables
20985 use correct message 'allpagesprefix' for input form label, replace _ with ' '
20987 * (bug 17506) Exceptions within exceptions now respect $wgShowExceptionDetails
20988 * Fixed excessive job queue utilisation
20989 * File dupe messages for remote repos are now shown only once.
20990 * (bug 14980) Messages 'shareduploadwiki' and 'shareduploadwiki-desc' are now
20991 used as a parameter in 'sharedupload' for easier styling and customization.
20992 * (bug 17482) Formatting error in Special:Preferences#Misc (Opera)
20993 * (bug 17556) <link> parameters in Special:Contributions feeds (RSS and Atom)
20994 now point to the actual contributors' feed.
20995 * ForeignApiRepos now fetch MIME types, rather than trying to figure it locally
20996 * Special:Import: Do not show input field for import depth if
20997 $wgExportMaxLinkDepth == 0
20998 * (bug 17570) $wgMaxRedirects is now correctly respected when following
20999 redirects (was previously one more than $wgMaxRedirects)
21000 * (bug 16335) __NONEWSECTIONLINK__ magic word to suppress new section link.
21001 * (bug 17581) Wrong index name in PostgreSQL's updater: was rc_timestamp_nobot,
21002 changed to rc_timestamp_bot
21003 * (bug 17437) Fixed incorrect link to web-based installer
21004 * (bug 17538) Use shorter URLs in <link> elements
21005 * (bug 13778) Hidden input added to the search form so that using the Enter key
21006 on IE will do a fulltext search like clicking the button does
21007 * (bug 1061) CSS-added icons next to links display through the text and makes
21008 it unreadable in RTL
21009 * Special:Wantedtemplates now works on PostgreSQL
21010 * (bug 14414) maintenance/updateSpecialPages.php no longer throws error with
21012 * (bug 17546) Correct Tongan language native name is "lea faka-Tonga"
21013 * (bug 17621) Special:WantedFiles has no link to Special:Whatlinkshere
21014 * (bug 17460) Client ecoding is now correctly set for PostgreSQL
21015 * (bug 17648) Prevent floats from intruding into edit area in previews if no
21017 * (bug 17692) Added (list of members) link to 'user' in Special:Listgrouprights
21018 * (bug 17707) Show file destination as plain text if &wpForReUpload=1
21019 * (bug 10172) Moved setting of "changed since last visit" flags out of the job
21021 * (bug 17761) "show/hide" link in page history in now works for the first
21022 displayed revision if it's not the current one
21023 * (bug 17722) Fix regression where users are unable to change temporary
21025 * (bug 17799) Special:Random no longer throws a database error when a non-
21026 namespace is given, silently falls back to NS_MAIN
21027 * (bug 17751) The message for bad titles in WantedPages is now localized
21028 * (bug 17860) Moving a page in the "MediaWiki" namespace using SuppressRedirect
21029 no longer corrupts the message cache
21030 * (bug 17900) Fixed User Groups interface log display after saving groups.
21031 * (bug 17897) Fixed string offset error in <pre> tags
21032 * (bug 17778) MediaWiki:Catseparator can now have HTML entities
21033 * (bug 17676) Error on Special:ListFiles when using Postgres
21034 * Special:Export doesn't use raw SQL queries anymore
21035 * (bug 14771) Thumbnail links to individual DjVu pages no longer have
21036 two "page" parameters
21037 * (bug 17972) Special:FileDuplicateSearch form now works correctly on wikis that
21038 don't use PathInfo or short urls
21039 * (bug 17990) trackback.php now has a trackback.php5 alias and works with
21041 * (bug 14990) Parser tests works again with PostgreSQL
21042 * (bug 11487) Special:Protectedpages doesn't list protections with pr_expiry
21044 * (bug 18018) Deleting a file redirect leaves behind a malfunctioning redirect
21045 * (bug 17537) Disable bad zlib.output_compression output on HTTP 304 responses
21046 * (bug 11213) [edit] section links in printable version no longer appear when
21047 you cut-and-paste article text
21048 * (bug 17405) "Did you mean" to mirror Go/Search behavior of original request
21049 * (bug 18116) 'edittools' is now output identically on edit and upload pages
21050 * (bug 17241) The diffonly URI parameter should cascade to "Next edit" and
21051 "Previous edit" diff links
21052 * (bug 16823) Sidebar search form should not use Special:Search view URL as
21054 * (bug 16343) Non-existing, but in use, category pages can be "go" match hits
21055 * Fixed a CSS validation issue which allowed external images to be included
21056 into wikis where that is disallowed by configuration.
21057 * Fixed a data leakage vulnerability for private wikis using img_auth.php or
21058 similar image access authentication schemes. Check user permissions before
21059 streaming out scaled images from thumb.php.
21061 == API changes in 1.15 ==
21062 * (bug 16858) Revamped list=deletedrevs to make listing deleted contributions
21063 and listing all deleted pages possible
21064 * (bug 16844) Added clcategories parameter to prop=categories
21065 * (bug 17025) Add "fileextension" parameter to meta=siteinfo&siprop=
21066 * (bug 17048) Show the 'new' flag in list=usercontribs for the revision that
21067 created the page, even if it's not the top revision
21068 * (bug 17069) Added ucshow=patrolled|!patrolled to list=usercontribs
21069 * action=delete respects $wgDeleteRevisionsLimit and the bigdelete user right
21070 * (bug 15949) Add undo functionality to action=edit
21071 * (bug 16483) Kill filesort in ApiQueryBacklinks caused by missing parentheses.
21072 Building query properly now using makeList()
21073 * (bug 17182) Fix pretty printer so URLs with parentheses in them are
21074 autolinked correctly
21075 * (bug 17224) Added siprop=rightsinfo to meta=siteinfo
21076 * (bug 17239) Added prop=displaytitle to action=parse
21077 * (bug 17317) Added watch parameter to action=protect
21078 * (bug 17007) Added export and exportnowrap parameters to action=query
21079 * (bug 17326) BREAKING CHANGE: Changed output format for iiprop=metadata
21080 * (bug 17355) Added auwitheditsonly parameter to list=allusers
21081 * (bug 17007) Added action=import
21082 * BREAKING CHANGE: Removed rctitles parameter from list=recentchanges because
21083 of performance concerns
21084 * Listing (semi-)deleted revisions and log entries as well in prop=revisions
21086 * (bug 11430) BREAKING CHANGE: Modules may return fewer results than the
21087 limit and still set a query-continue in some cases
21088 * (bug 17357) Added movesubpages parameter to action=move
21089 * (bug 17433) Added bot flag to list=watchlist&wlprop=flags output
21090 * (bug 16740) Added list=protectedtitles
21091 * Added mainmodule and pagesetmodule parameters to action=paraminfo
21092 * (bug 17502) meta=siteinfo&siprop=namespacealiases no longer lists namespace
21093 aliases already listed in siprop=namespaces
21094 * (bug 17529) rvend ignored when rvstartid is specified
21095 * (bug 17626) Added uiprop=email to list=userinfo
21096 * (bug 13209) Added rvdiffto parameter to prop=revisions
21097 * Manual language conversion improve: Now we can include both ";" and ":" in
21099 * (bug 17795) Don't report views count on meta=siteinfo if $wgDisableCounters
21101 * (bug 17774) Don't hide read-restricted modules like action=query from users
21102 without read rights, but throw an error when they try to use them.
21103 * Don't hide write modules when $wgEnableWriteAPI is false, but throw an error
21104 when someone tries to use them
21105 * BREAKING CHANGE: action=purge requires write rights and, for anonymous users,
21107 * (bug 18099) Using appendtext to edit a non-existent page causes an interface
21108 message to be included in the page text
21109 * Fixed the circular template inclusion check, was broken when the loop
21110 involved redirects. Without this, infinite recursion within the parser is
21112 * (bug 18601) generator=backlinks returns invalid continue parameter
21113 * (bug 18597) Internal error with empty generator= parameter
21114 * (bug 18617) Add xml:space="preserve" attribute to relevant tags in XML output
21115 * (bug 17611) Provide a sensible error message on install when the SQLite data
21116 directory is wrong.
21118 === Languages updated in 1.15 ===
21120 MediaWiki supports over 300 languages. Many localisations are updated
21121 regularly. Below only new and removed languages are listed, as well as
21122 changes to languages because of Bugzilla reports.
21124 * Austrian German (de-at) (new)
21125 * Swiss Standard German (de-ch) (new)
21126 * Simplified Gan Chinese (gan-hans) (new)
21127 * Traditional Gan Chinese (gan-hant) (new)
21128 * Literary Chinese (lzh) (new)
21129 * Uyghur (Latin script) (ug-latn) (renamed from 'ug')
21131 * Võro (vro) (renamed from fiu-vro)
21132 * (bug 17151) Add magic word alias for #redirect for Vietnamese
21133 * (bug 17288) Messages improved for default language (English)
21134 * (bug 12937) Update native name for Afar
21135 * (bug 16909) 'histlegend' now reuses messages instead of copying them
21136 * (bug 17832) action=delete returns 'unknownerror' instead of 'permissiondenied'
21137 when the user is blocked
21138 * Traditional/Simplified Gan Chinese conversion support
21140 == MediaWiki 1.14 ==
21142 == MediaWiki 1.14.1 ==
21143 === Changes since 1.14.0 ===
21145 * (bug 17737) Fixed russian URLs for Special:BookSources
21146 * (bug 17713) Using links with only an anchor no longer add an dummy entry in
21147 the pagelinks table
21148 * (bug 17897) Fixed string offset error in <pre> tags
21149 * (bug 17832) Fixed action=delete returning 'unknownerror' instead of
21150 'permissiondenied' when the user is blocked
21151 * Fixed performance regression when accessing deleted (archived) files
21152 * (bug 19693) Fixed cross-site scripting vulnerability in Special:Block
21154 == MediaWiki 1.14.0 ==
21155 === Changes since 1.14.0rc1 ===
21157 * Fixed the performance of the backlinks API module
21158 * (bug 17420) Send the correct content type from action=raw when the HTML file
21160 * (bug 17437) Fixed incorrect link to web-based installer
21161 * (bug 17527) Fixed missing MySQL-specific options in installer
21163 === Configuration changes in 1.14 ===
21165 * $wgExemptFromUserRobotsControl is an array of namespaces to be exempt from
21166 the effect of the new __INDEX__/__NOINDEX__ magic words. (Default: null, ex-
21167 empt all content namespaces.)
21168 * $wgForwardSearchUrl has been removed entirely. Documented setting since 1.4
21169 has been $wgSearchForwardUrl.
21170 * (bug 15080) $wgOverrideSiteFeed has been added. Setting either
21171 $wgSiteFeed['rss'] or 'atom' to a URL will override the default Recent
21172 Changes feed that appears on all pages.
21173 * $wgSQLiteDataDirMode has been introduced as the default directory mode for
21174 SQLite data directories on creation. Note that this setting is separate from
21175 $wgDirectoryMode, which applies to all normal dirs created by MediaWiki.
21176 * $wgGroupsAddToSelf and $wgGroupsRemoveFromSelf now work more like
21177 $wgAddGroups and $wgRemoveGroups, where the user must belong to a specified
21178 group in order to add or remove those groups from themselves.
21179 Backwards compatibility is maintained.
21180 * $wgRestrictDisplayTitle controls if the use of the {{DISPLAYTITLE}} magic
21181 word is restricted to titles equivalent to the actual page title. This
21182 is true per default, but can be set to false to allow any title.
21183 * $wgSpamRegex may now be an array of multiple regular expressions.
21184 * $wgAjaxSearch has been removed; use $wgEnableMWSuggest instead.
21185 * Editing the MediaWiki namespace is now unconditionally restricted to people
21186 with the editinterface right, configuring this in $wgNamespaceProtection
21188 * $wgAllowExternalImagesFrom may now be an array of multiple strings.
21189 * Introduced $wgEnableImageWhitelist to toggle the on-wiki external image
21190 whitelist on or off.
21191 * Added $wgRenderHashAppend to append some string to the parser cache and the
21192 sitenotice cache keys.
21193 * $wgRCChangedSizeThreshold is now a positive integer by default,
21194 * (bug 16006) $wgEnableWriteAPI is now true by default. Authorized can perform
21195 write actions using the API.
21196 * Added $wgRC2UDPInterwikiPrefix which adds an interwiki prefix
21197 ($wgLocalInterwiki) onto the page names in the UDP feed.
21198 * Added $wgAllowUserSkin to let the wiki's owner disable user selectable skins
21199 on the wiki. If it's set to false, then the skin used will *always* be
21201 * Added $wgEnotifUseRealName, which allows UserMailer to send out e-mails based
21202 on the user's real name if one is set. Defaults to false (use the username)
21203 * Removed the 'apiThumbCacheDir' option from $wgForeignFileRepos (only used in
21205 * (bug 44) Image namespace and accompanying talk namespace renamed to File.
21206 For backward compatibility purposes, Image still works. External tools may
21207 need to be updated.
21208 * The constants NS_FILE and NS_FILE_TALK can now be used instead of NS_IMAGE and
21209 NS_IMAGE_TALK. The old constants are retained as aliases for compatibility,
21210 and should still be used in code meant to be compatible with v1.13 or older.
21211 * MediaWiki can be forced to use private IPs forwarded by a proxy server by
21212 using $wgUsePrivateIPs.
21213 * The 'BeforeWatchlist' hook has been removed due to internal changes in
21214 Special:Watchlist. 'SpecialWatchlistQuery' should now be used by extensions
21215 to customize the watchlist database query.
21217 === Migrated extensions ===
21218 The following extensions are migrated into MediaWiki 1.14:
21220 * Special:DeletedContributions to show deleted user contributions (was
21221 extension DeletedContributions)
21222 * Special:Log/newusers recording new users (was extension Newuserlog)
21223 * Special:LinkSearch to search for external links (was extension LinkSearch)
21226 * UniversalEditButton
21228 === New features in 1.14 ===
21230 * New URL syntaxes for Special:ListUsers - 'Special:ListUsers/USER' and
21231 'Special:ListUsers/GROUP/USER', in addition to the older syntax
21232 'Special:ListUsers/GROUP' where GROUP is a valid group name.
21233 * Configurable per-namespace and per-page notices for the edit form,
21234 respectively MediaWiki:Editnotice-# where # is the namespace number, and
21235 MediaWiki:Editnotice-#-PAGENAME where # is the page's namespace number and
21236 PAGENAME is the page name minus the namespace prefix.
21237 * (bug 8068) New __INDEX__ and __NOINDEX__ magic words allow user control of
21238 search engine indexing on a per-article basis.
21239 * Handheld stylesheet options
21240 * Added 'DoEditSectionLink' hook as a cleaner unified version of the old
21241 'EditSectionLink' and 'EditSectionLinkForOther' hooks. Note that the
21242 'EditSectionLinkForOther' hook has been removed, but 'EditSectionLink' is
21243 run in all cases instead, so extensions using the old hooks should still work
21244 if they ran roughly the same code for both hooks (as is almost certain).
21245 * Signature (~~~~) "cleaning", i.e. template removal, can be disabled with
21246 $wgCleanSignatures=false
21247 * Extensions can use the SkinBuildSidebar hook to modify the content of the
21248 sidebar and add custom portlets to it
21249 * Added 'MakeGlobalVariablesScript' hook for extensions to be able to add vari-
21250 ables into the output of Skin::makeVariablesScript
21251 * (bug 13846) Added $wgAddGroups and $wgRemoveGroups display on
21252 Special:ListGroupRights
21253 * (bug 14377) Add a date selector to history pages
21254 * (bug 15007) New 'pagetitle-view-mainpage' message allows the HTML <title> of
21255 the main page to be customized
21256 * Added $wgDisableTitleConversion to disabling the conversion for all pages on
21258 * Added 'noconvertlink' toggle that can be set per user preferences, also
21259 added 'convertlink=no|yes' on GET requests whether have the link titles
21260 being converted or not
21261 * (bug 14921) Special:Contributions/: add user name to <title>
21262 Patch by Emufarmers
21263 * Unescape more "safe" characters when producing URLs, for added prettiness
21264 * Introduced a new hook 'SkinAfterContent' that allows extensions to add text
21265 after the page content and article metadata. Updated all skins and skin
21266 templates to work with that hook.
21267 * (bug 14929) removeUnusedAccounts.php now supports 'ignore-touched' and
21268 'ignore-groups'. Patch by Louperivois
21269 * (bug 15127) Work around minor display glitch in Opera.
21270 * By default, reject file uploads that look like ZIP files, to avoid the
21271 so-called GIFAR vulnerability.
21272 * (bug 15141) Give ability to only list protected pages with the cascading
21273 option enabled on Special:ProtectedPages
21274 * (bug 15157) Special:Watchlist has the same options as Special:Watchlist:
21275 Show/Hide logged in users, Show/Hide anonymous, Invert namespace selection
21276 * Added hook 'UserrightsChangeableGroups' to allow modification of what
21277 groups may be added or removed via the Special:UserRights interface.
21278 * HTML entities like now work (are not escaped) in edit summaries.
21279 * (bug 13815) In the comment for page moves, use the colon-separator message
21280 instead of a hardcoded colon.
21281 * Allow <gallery> to accept image names without an Image: prefix
21282 * Add tooltips to rollback and undo links
21283 * BMP images are now displayed as PNG
21284 * (bug 13471) Added NUMBERINGROUP magic word
21285 * (bug 11884) Now support Flash EXIF attribute
21286 * Show thumbnails in the file history list, patch by User:Agbad
21287 * Added support of piped wikilinks using double-width brackets
21288 * Added an on-wiki external image whitelist. Items in this whitelist are
21289 treated as regular expression fragments to match for when possibly
21290 displaying an external image inline.
21291 * (bugs 15405, 15436) Sort more currency types correctly in sortable tables
21292 * (bug 15422) Sort more different types of numbers in sortable tables
21293 * (bug 2889) MediaWiki:Print.css applies to the printable version
21294 * Category counts (e.g. from {{PAGESINCATEGORY:}}) should be more accurate for
21296 * After logging in, automatically redirect to wherever you logged in from
21297 * (bug 5619) Break messages used in Special:Statistics down further
21298 * (bug 11029) Add link to Special:Listusers?group=sysop etc at
21300 * (bug 15514) Setting $wgRightsText without $wgRightsUrl now produces a
21301 plaintext copyright notice. Patch by Juliano F. Ravasi.
21302 * (bug 15551) Deletion log excerpt is now shown whenever a user vists a
21303 deleted page, even if they are unable to edit it.
21304 * Added Wantedfiles special pages, allowing users to find image links with no
21306 * (bug 12650) It is now possible to set different expiration times for
21307 different restriction types on the protection form.
21308 * (bug 8440) Allow preventing blocked users from editing their talk pages
21309 * Improved upload file type detection for OpenDocument formats
21310 * Added the ability to set the target attribute on external links with
21311 $wgExternalLinkTarget
21312 * api.php now sends "Retry-After" and "X-Database-Lag" HTTP headers if the
21313 maxlag check fails, just like index.php does
21314 * Added "link" parameter to image links, to allow images to link to an
21315 arbitrary title or URL. This should replace inaccessible and incomplete
21316 solutions such as CSS-based overlays and ImageMap.
21317 * (bug 368) Don't use caption for alt attribute; allow manual specification
21318 using new "alt=" parameter for images
21319 * (bug 44) The {{ns:}} core parser function now also accepts localized
21320 namespace names and aliases; also, its output now uses spaces instead of
21321 underscores to match the behavior of the {{NAMESPACE}} magic word
21322 * Added the ability to display user edit counts in Special:ListUsers. Off by
21323 default, enabled with $wgEdititis = true (named after the medical condition
21324 marked by unhealthy obsession with edit counts).
21325 * Added a file cache to the parser to improve page rendering time on pages with
21326 several uses of the same image.
21327 * (bug 1250) Users can still use "show preview" and "show changes" even if the
21328 wiki is set to read-only mode.
21329 * Added a call to the 'UnwatchArticleComplete' hook to the watchlist editor.
21330 This should make it so that ALL user-accessible methods of removing a page
21331 from a watchlist lead to this hook being called (it was previously only
21332 called from within Article.php
21333 * Maximum execution time for shell processes on linux is now configured with
21334 $wgMaxShellTime (180 seconds by default)
21335 * (bug 1306) 'Email user' link no longer shown on user page when emailing
21336 is not available due to lack of confirmed address or disabled preference
21337 * Special:Wanted templates special page added to display missing templates
21338 linked from articles
21339 * Make search matches bold only, not red as well
21340 * (bug 10080) Blocks can be modified without unblocking first
21341 * (bug 15820) Special:BlockIP shows a notice if the user being blocked is
21342 already directly blocked
21343 * (bug 13710) Allow to force "watch this" checkbox via URL using parameter
21345 * (bug 15125) Add Public Domain to default options when installing. Patch by
21347 * Set a special temporary directory for ImageMagick with $wgImageMagickTempDir
21348 * (bug 16113) Show/hide for redirects in Special:NewPages
21349 * (bug 15903) Upload link was added to Nostalgia skin
21350 * (bug 15761) Add user toggle to omit diff after rollback
21351 * Added the BitmapHandler_ClientOnly media handler, which allows server-side
21352 image scaling to be completely disabled for specific media types, via the
21353 $wgMediaHandlers configuration variable.
21354 * New 'AbortDiffCache' hook can be used to cancel the caching of a diff
21355 * (bug 15835) Added Content-Style-Type meta tag
21356 * (bug 11027) Add parameter to MW:Randompage-nopages so that user can see the
21358 * Add id="mw-user-domain-section" to <tr> tag in Userlogin.php template so that
21359 admins with a single domain can hide the domain section using CSS
21360 * Dropped old Paser_OldPP class. Only new parser with preprocessor is used.
21361 * Moved password reset form from Special:Preferences to Special:ResetPass
21362 * Added Special:ChangePassword as a special page alias for Special:ResetPass
21363 * Added complementary function for addHandler() called removeHandler() for
21365 * Improved security of file uploads for IE clients, using a reverse-engineered
21366 algorithm very similar to IE's content detection algorithm.
21367 * Cascading protection no longer requires that both edit and move are restricted
21368 to sysop, just edit=sysop is enough
21369 * (bug 2391) A warning is now shown for invalid ISBN numbers on
21370 Special:Booksources.
21371 * Installer has been updated to reflect the release of the GFDL 1.3. The URL for
21372 1.2 has been updated, and the 1.3 URL has been given. 1.2 is still
21373 Wikipedia-compatible. RightsCode was changed from 'gfdl' to 'gfdl1_2', so we
21374 can now support 1.2 as well as 1.3 (gfdl1_3).
21375 * (bug 16293) PD URL was changed to the CreativeCommons site on PD (which
21376 auto-detects your language) instead of Wikipedia.
21377 * (bug 16635) The "view and edit watchlist" page (Special:Watchlist/edit) now
21378 includes a table of contents
21379 * File objects returned by wfFindFile() are now cached by default
21380 * (bug 7492) Rights can now be assigned to specific IP addresses and ranges by
21381 using $wgAutopromote (new defines: APCOND_ISIP and APCOND_IPINRANGE)
21382 * Add a 'change block' link to Special:IPBlockList and Special:Log
21383 * (bug 16459) Use native getElementsByClassName where possible, for better
21384 performance in modern browsers
21385 * Enable \cancel and \cancelto in texvc (recompile required)
21386 * Added 'UserCryptPassword' and 'UserComparePasswords' hooks to allow extensions
21387 to implement their own password hashing methods.
21388 * (bug 16760) Add CSS-class to action links of Special:Log
21389 * (bug 505) Time zones can now be specified by location in user preferences,
21390 avoiding the need to manually update for DST. Patch by Brad Jorsch.
21391 * (bug 2585) HTTP 404 return code is now given for a page view if the page
21392 does not exist, allowing spiders and link checkers to detect broken links.
21393 * Special:Log: Add 'change protection' link for unprotected pages too
21394 * Special:Log: Add log type specific CSS classes 'mw-logline-$logtype' to
21396 * (bug 16754) Making arbitrary rows of sortable tables sticky:
21397 |- class="unsortable"
21398 * Show subversion too even if a "normal" version number is available
21399 * (bug 16121) Add a note that a page move was without creating a redirect in the
21401 * Image moving is now enabled for sysops by default
21402 * Make "Did you mean" search feature more noticeable
21403 * (bug 16720) Transcluded Special:NewPages processes "/username="
21405 === Bug fixes in 1.14 ===
21407 * (bug 14907) DatabasePostgres::fieldType now defined.
21408 * (bug 14659) Passing the default limit param to Special:Recentchanges no more
21409 falls back to the user option
21410 * (bug 14954) Fix regression in Modern and Simple skins
21411 * Recursion loop check added to Categoryfinder class
21412 * Fixed few performance troubles of large job queue processing
21413 * Not setting various parameters in Foreign Repos now fails more gracefully
21414 * (bug 2333) Redirects are properly rendered when previewing an edit.
21415 * (bug 14972) Use localized alias of Special:Search on all search forms
21416 * (bug 11035) Special:Search should have descriptive <title>
21417 * Special pages are now not subject to special handling for "self-links"
21418 * (bug 15053) Syntactically incorrect redirects with another link in them
21419 no longer redirect to the second link
21420 * (bug 15049) Fix for CheckUser extension's log search: usernames containing
21421 a "-" were incorrectly turned into bogus IP range searches.
21422 Patch by Max Semenik.
21423 * (bug 15055) Talk page notifications no longer attempt to send mail when
21424 user's e-mail address is invalid or unconfirmed
21425 * (bug 12370) Add throttle on password attempts. Defaults to max 5 attempts in
21427 * (bug 15016) 'Templates used on this page' list in view source should be
21428 wrapped in a div with class "templatesUsed"
21429 * (bug 14868) Setting $wgFeedDiffCutoff to 0 now disables generation of the
21430 diff entirely, not just the display of it.
21431 * (bug 6387) Introduced new setting $wgCategoryPrefixedDefaultSortkey which
21432 allows having the unprefixed page title as the default category sortkey
21433 * (bug 15079) Add class="ns-talk" / "ns-subject" to <body>. Also added
21434 ns-special to special pages.
21435 * (bug 15052) Skins should add their name as a class in <body>
21436 * (bug 14165, bug 14294) Wikimedia specific configuration in convertGrammar()
21437 for several languages was removed. The settings have been put in extension
21438 WikimediaMessages. Patch for Czech by Danny B.
21439 * (bug 15101) Displaying only bots edits in Special:Recentchanges now works
21441 * (bug 13770) Fixed incorrect detection of PHP's DOM module
21442 * (bug 14790) Export of category pages when using Category: prefix now actually
21444 * Avoid recursive crazy expansions in section edit comments for pages which
21445 contain '/*' in the title
21446 * Fix excessive memory usage when parsing pages with lots of links
21447 * $wgSpamRegex now matches the edit summary and page move descriptions in
21448 addition to body text.
21449 * Navigation links to images available from a shared repository (like Commons)
21450 from their local talk pages no longer appear as redlinks
21451 * Action=purge on ForeignApiFiles now works (purges their thumbnails and
21452 description pages).
21453 * (bug 15303) Title conversion for templates wasn't working in some cases.
21454 * (bug 15264) Underscores in Special:Search/Foo_bar parameters were taken
21455 literally; now converting them to spaces per expectation.
21456 * (bug 15342) "Invert" checkbox now works correctly when selecting main
21457 namespace in Special:Watchlist
21458 * (bug 15172) 'Go' button of Special:Recentchanges now on the same line as the
21459 last input element (like Special:Watchlist too)
21460 * (bug 15351) Fix fatal error for invalid section fragments in autocomments
21461 * Fixed intermittent deadlock errors involving objectcache table queries.
21462 Use a separate database connection for the objectcache table to avoid
21463 long-lasting locks on that table.
21464 * Respect file restrictions in the file history list
21465 * (bug 15399) Odd/even classes on sortable tables' rows could be slow for large
21466 tables, and have been disabled by default.
21467 * (bug 15482) Special:Recentchangeslinked has no longer two submit buttons
21468 * (bug 15292) New message notification for unregistred users now works again
21469 * (bug 14398) mwsuggest.js: Let width of container be configurable
21470 * (bug 15543) Only include user touched timestamp to generated CSS
21471 * (bug 15497) Removed encoding attribute from <?xml ?> tag
21472 * (bug 12284) Special:Preferences now sets a returnto parameter on the link to
21473 Special:UserLogin. Patch by Marooned.
21474 * Fixed the HTTP accept language string detection length in
21475 LanguageConverter.php, instead of the fixed length language codes.
21476 * Special:RecentChangesLinked no longer shows outgoing links for nonexistent
21477 pages even if there are broken link records with source article id 0 in the
21479 * (bug 15598) Special:Newpages default limit uses user preference for
21480 recentchanges limit instead of hardcoded 50.
21481 * (bug 15617) $wgFeedClassesOutputPage::getHeadLinks() respects $wgFeedClasses,
21482 instead of hardcoding rss and atom. Patch by Juliano F. Ravasi.
21483 * (bug 14638) Special:Blockip now provides a link to the block log if the user
21484 has been blocked more than 10 times. Patch by Matt Johnston.
21485 * (bug 12678) Skins don't show Upload link if the user isn't allowed to upload.
21486 * Fixed incorrect usage of DB_LAST in Special:Export. Deprecated DB_LAST.
21487 * (bug 15642) Blocked sysops can no longer block other users
21488 * Http::request() now respects $wgHTTPtimeout when not using cURL
21489 * (bug 15158) Userinvalidcssjstitle not shown on preview
21490 * (bug 15196) Free external links should be numbered in a localised manner
21491 * (bug 15388) Title of Special:PrefixIndex
21492 * Links with no title but a curid parameter now use the curid to pick a page
21493 * (bug 10323) Special:Undelete should have "inverse selection" button
21494 * (bug 15831) Modern skin RTL support is bugous
21495 * (bug 15869) Nostalgia skin does not show page title in printable mode
21496 * (bug 15795) Special:Userrights is now listed on Special:SpecialPages when the
21497 user can only change his rights
21498 * (bug 15846) Categories "leak" from older revisions in certain circumstances
21499 * (bug 15928) Special pages dropdown should be inline in non-MonoBook skins
21500 * (bug 14178) Some uses of UserLoadFromSession hook cause segfault
21501 * (bug 15925) Postitive bytes added on recentchanges and watchlists are now
21502 bolded if above the threshold, previously it only worked for negatives
21503 * Specify apple-touch-icon before favicon in HTML head section to make the
21504 Konqueror browser correctly use the latter
21505 * (bug 15717) Set $separatorTransformTable for language 'eu'
21506 * (bug 15605) Enabled $datePreferences for language 'hr'. Added standard date
21508 * (bug 13701) {{NUMBEROFVIEWS}} magic word to show number of total views.
21509 * (bug 5101) Image from Commons doesn't show up when searched in Wikipedia
21511 * (bug 14609) User's namespaces to be searched default not updated after adding
21513 * Purge form uses valid XHTML
21514 * (bug 12764) Special:LonelyPages shows transcluded pages
21515 * (bug 16073) Enhanced RecentChanges uses onclick handler with better fallback
21516 if JavaScript is disabled
21517 * (bug 4253) Recentchanges IRC messages no longer include title in diff URLs
21518 * Allow '0' to be an accesskey.
21519 * (bug 8063) Use language-dependent sorting in client-side sortable tables
21520 * (bug 16160) Suggestions box should be resized from left for RTL wikis
21521 * (bug 11533) Fixed insane slowdown when in read-only mode for long periods
21522 of time with CACHE_NONE (default objectcache table configuration).
21523 * Trying to set two different default category sort keys for one page now
21525 * (bug 16143) Fix redirect loop on special pages starting with lower case
21527 * (bug 15737) Fix notices while expanding using PPCustomFrame
21528 * (bug 15544) Non-index entry points cause the "Wiki not set up" message to
21530 * (bug 5101) Image from Commons doesn't show up when searched in Wikipedia
21532 * (bug 4362) [[MediaWiki:History copyright]] no more used with most recent
21533 revision when passing oldid parameter in the url
21534 * (bug 16265) When caching thumbs with the ForeignApiRepo, we now use the same
21535 filename as the remote site.
21536 * (bug 8345) Don't autosummarize where a redirect was left unchanged
21537 * Made thumb caching in ForeignApiFile objects integrated with normal thumb
21538 path naming (/thumbs/hash/file), retired 'apiThumbCacheDir' as a result.
21539 * (bug 5530) Consistency between character encoding in {{PAGENAMEE}},
21540 {{SUBPAGENAMEE}} and {{FULLPAGENAMEE}}
21541 * Safer handling of non-MediaWiki exceptions -- now obeys our settings for
21542 formatting and path exposure.
21543 * Less verbose errors from profileinfo.php when not configured
21544 * Blacklist redirects via Special:Filepath, hard to use.
21545 * Improved input validation on Special:Import form
21546 * Add a .htaccess to deleted images directory for additional protection
21547 against exposure of deleted files with known SHA-1 hashes on default
21549 * Improved scripting safety heuristics for IE 5/6 content-type detection.
21550 * Improved scripting safety heuristics on SVG uploads.
21551 * (bug 11728) Unify layout of enhanced watchlist/recent changes
21552 * (bug 8702) Properly update stats when running nukePage maintenance script
21553 * (bug 7726) Searches for words less than 4 characters now work without
21554 requiring customization of MySQL server settings
21555 * Honour unchecked "Leave a redirect behind" for moved subpages
21556 * (bug 16440) Broken 0-byte math renderings are now deleted and re-rendered
21557 when page is re-parsed.
21558 * (bug 6100) Unicode BiDi embedding/override characters (U+202A - U+202E) are
21559 now automatically removed from titles; these characters can accidentally end
21560 up in copy-and-pasted titles, and, by overriding normal bidirectional text
21561 handling, can lead to annoying behavior such as text rendering backwards
21562 * Fixed minor bug where the memcached value for how many accounts an IP had
21563 created that day would be increased even if $wgAccountCreationThrottle was
21564 hit. This meant if an IP hit the throttle and then the throttle was raised
21565 later that day, the IP still couldn't create another account, because it
21566 had marked them as having created another account, when their last account
21567 creation had actually failed.
21568 * (bug 12647) Allow autogenerated edit summary messages to be blanked with '-'
21569 * (bug 16026) 'Revision-info' and 'revision-info-current' both accept wiki
21571 * (bug 16529) Fix for search suggestions with some third-party JS libraries
21572 * (bug 13342) importScript() generates more consistent URI encoding
21573 * (bug 16577) When a blocked user tries to rollback a page, the block message
21574 is now only displayed once
21575 * (bug 14268) SVG image sizes now extracted with proper XML parser
21576 * (bug 14365) RepoGroup::findFiles() no longer crashes if passed an invalid
21578 * (bug 4253, bug 16586) Revision ID is now given instead of title in URLs for
21579 new pages in the recent changes IRC feed
21580 * Ugly tooltips in Special:Statistics were phased out in favor of more direct
21581 information. Went ahead and rewrote SpecialStatistics to subclass SpecialPage
21582 * (bug 5506) Links to files on foreign repositories are now shown consistently
21583 as bluelinks e.g. in logs and edit summaries
21584 * (bug 16623) Add missing </p> tag in Special:LockDB
21585 * (bug 15849) Special:Movepage now throws a more specific error when trying to
21586 move a title to an interwiki target
21587 * (bug 16638) 8-bit URL fallback encoding now set on additional languages using
21588 Arabic script (Persian, Urdu, Sindhi, Punjabi)
21589 * (bug 16656) cleanupTitles and friends should now work in load-balanced
21590 DB environments when $wgDBserver isn't set.
21591 * (bug 3691) Aspect ratio from viewBox attribute is now preserved for SVG
21592 images which do not specify width and height attributes.
21593 * (bug 15027) Internet domain names and IP addresses can now be indexed and
21594 searched sensibly with the default MySQL search backend.
21595 * (bug 11733) Fixed parameter validation in importTextFile.php
21596 * (bug 16712) Special:NewFiles updated to use "newer"/"older" paging messages
21597 for clarity over "previous/next"
21598 * (bug 16612) Fixed "noprint" class for Modern skin print style
21599 * Section anchors now have an "id" attribute as well as a "name" attribute,
21600 even when Tidy is not used
21601 * (bug 16026) revision-info, revision-info-current, cannotdelete,
21602 redirectedfrom, historywarning and difference messages now use Wiki text
21603 rather than raw HTML markup
21604 * (bug 13835) Fix rendering of {{filepath:Wiki.png|nowiki}}
21605 * (bug 16772) Special:Upload now correctly rejects files with spaces in the
21606 file extension (e.g. Foo. jpg).
21607 * Image moving over an existing file no longer throws a database error
21608 * (bug 16786) Restored "redundant" links recently removed from Classic sidebar
21609 * (bug 16850) $wgActionPaths can have query strings now, previously, this broke
21611 * (bug 16376) Mention in deleteBatch.php and moveBatch.php maintenance scripts
21612 that STDIN can be used for page list
21613 * (bug 16560) Special:Random returns a page from ContentNamespaces, and no
21614 longer from NS_MAIN
21616 === API changes in 1.14 ===
21618 * Registration time of users registered before the DB field was created is now
21619 shown as empty instead of the current time.
21620 * API search now falls back to fulltext search by default when using Lucene
21621 or other engine which doesn't support a separate title search function.
21622 This means you can use API search on Wikipedia without explicitly adding
21623 &srwhat=text to the query.
21624 * Added iiprop=bitdepth to imageinfo and aiprop=bitdepth to allimages
21625 * (bug 14713) API-specific permissions (such as 'writeapi' and 'apihighlimits'
21626 are now listed on action=help
21627 * (bug 15044) Added requestid parameter to api.php to facilitate distinguishing
21629 * (bug 15048) Added limit field for multivalue parameters to action=paraminfo
21631 * When the limit on multivalue parameters is exceeded, a warning is issued
21632 * list=search doesn't list missing pages any more
21633 * (bug 15178) Added clshow to prop=categories to allow filtering for hidden/
21634 non-hidden categories
21635 * (bug 15228) Combining revids= and redirects now throws a warning instead of
21636 an error, and still resolves redirects generated by the generator.
21637 * list={backlinks,embeddedin,imageusage} now return arrays with keys 0, 1, 2,
21638 etc. (AKA lists) instead of arrays with pageIDs as keys (AKA hash tables)
21639 for consistency with other list modules.
21640 * Added action=watch
21641 * (bug 15275) apprefix and related parameters ignore spaces at the end
21642 * action=edit no longer throws unknown error 228 when trying to create an
21643 empty section with section=new
21644 * Database replication lag doesn't cause all action=edit requests to return the
21645 nochange flag any more
21646 * (bug 15392) ApiFormatBase::formatHTML now uses $wgUrlProtocols.
21647 * (bug 15444) action=edit returns "Unknown error: ``AS_END''" where it should
21648 return just "Unknown error"
21649 * (bug 15448) YAML output returns empty values instead of 0
21650 * (bug 15445) Added action=patrol
21651 * (bug 15466) Added action=purge
21652 * (bug 15486) action=block ignores autoblock parameter
21653 * (bug 15492) added rcprop=loginfo to list=recentchanges
21654 * (bug 15527) action=rollback can now revert anonymous editors
21655 * (bug 15535) prop=info&inprop=protection doesn't list pre-1.10 protections
21656 if the page is also protected otherwise (1.10+ style or cascading)
21657 * list=random now has rnredirect parameter, to get random redirects.
21658 * Added APIAfterExecute, APIQueryAfterExecute and APIQueryGeneratorAfterExecute
21659 hooks which allow for extending core modules in a cleaner way
21660 * action=protect checks for invalid protection types and levels
21661 * (bug 15673) Added indentation to format=wddxfm output and improved built-in
21662 WDDX formatter to resemble PHP's more
21663 * (bug 15706) Empty values for apprtype and apprlevel are now silently ignored
21664 rather than causing an exception
21665 * Added uiprop=preferencestoken to meta=userinfo
21666 * (bug 15609) Add inprop=url and inprop=readable to prop=info
21667 * Add ApiDisabled and ApiQueryDisabled classes so individual modules can
21668 be disabled in LocalSettings.php
21669 * (bug 15653) Add prop=duplicatefiles
21670 * (bug 15768) Add list=watchlistraw
21671 * (bug 15647) action=edit with basetimestamp fails if the page has been deleted
21672 and undeleted since the last edit
21673 * (bug 15785) Allow for different expiry times for different protections in
21675 * Added allowsduplicates attribute to action=paraminfo output
21676 * (bug 15767) apfilterlanglinks returns duplicate results
21677 * (bug 15845) Added pageid/fromid parameter to action=delete/move, making
21678 manipulation of legacy pages with invalid titles possible
21679 * (bug 15881) Empty or invalid parameters cause database errors
21680 * The maxage and smaxage parameters are now properly validated
21681 * (bug 15945) list=recentchanges doesn't check $wgUseRCPatrol, $wgUseNPPatrol
21682 and patrolmarks right
21683 * (bug 15985) acfrom and aifrom parameters didn't work when sorting in
21685 * (bug 15995) Add cmstartsortkey and cmendsortkey parameters to
21686 list=categorymembers
21687 * (bug 16017) list=categorymembers sets invalid continue parameters for
21688 sortkeys containing pipes
21689 * (bug 16018) Added uccontinue parameter to list=usercontribs so paging
21690 works properly when multiple users are queried or a userprefix is used
21691 * (bug 16047) Added activeusers attribute to meta=siteinfo&siprop=statistics
21693 * Added redirect resolution to action=parse
21694 * (bug 16074) rvprop=content combined with a generator with a high limit causes
21696 * (bug 16105) Image metadata attributes containing spaces result in invalid XML
21697 * (bug 16126) Added siprop=magicwords to meta=siteinfo
21698 * (bug 16159) Added wlshow=patrolled|!patrolled to list=watchlist
21699 * (bug 16225) Titles like Talk:Talk:Foo broke apfrom and friends
21700 * meta=siteinfo&siprop=interwikimap no longer throws an exception for empty
21701 sifilter parameter.
21702 * (bug 12760) meta=userinfo&uiprop=ratelimits doesn't list group-specific rate
21704 * (bug 16398) meta=userinfo&uiprop=rights lists some rights twice in some cases
21705 * (bug 16408) Added rvgeneratexml to prop=revisions
21706 * (bug 16421) Made list=logevents's leuser accept user names with underscores
21708 * (bug 16516) Made rvsection=T-2 work
21709 * (bug 16526) Added usprop=emailable to list=users
21710 * (bug 16548) list=search threw errors with an invalid error code
21711 * (bug 16515) Added pst and onlypst parameters to action=parse
21712 * (bug 16541) Added block expiry timestamp to list=logevents output
21713 * (bug 16613) action=protect doesn't tell when &cascade was set but cascading
21714 protection wasn't allowed
21715 * (bug 16626) action=delete now correctly handles empty "reason" param
21716 * (bug 15579) clshow considers all categories !hidden
21717 * (bug 16647) list=allcategories, prop=categories don't return "hidden"
21718 property for hidden categories
21719 * New siprop parameter of 'extensions' to list all installed extensions
21720 * (bug 16672) Include canonical namespace name in
21721 meta=siteinfo&siprop=namespaces.
21722 * (bug 16726) siprop=namespacealiases should also list localized aliases
21723 * (bug 16730) Added apprfiltercascade parameter to list=allpages to filter
21724 cascade-protected pages
21726 === Languages updated in 1.14 ===
21728 MediaWiki supports over 300 languages. Many localisations are updated
21729 regularly. Below only new and removed languages are listed.
21731 * Bakhtiari (bqi) (new)
21732 * Fiji Hindi (Devanagari script) (hif-deva) (new)
21734 * Lezghian (lez) (new)
21736 * Eastern Mari (mhr) (new)
21737 * Niuean (niu) (new)
21739 * Plautdietsch (pdt) (new)
21740 * Western Punjabi (pnb) (new)
21741 * Tarantino (roa-tara) (new)
21742 * Serbo-Croatian (sh) (new)
21746 == MediaWiki 1.13 ==
21748 == MediaWiki 1.13.5 ==
21752 This is a maintenance update to the Summer 2008 snapshot release of MediaWiki.
21754 MediaWiki is now using a "continuous integration" development model with
21755 quarterly snapshot releases. The latest development code is always kept
21756 "ready to run", and in fact runs our own sites on Wikipedia.
21758 Release branches will continue to receive security updates for about a year
21759 from first release, but nonessential bugfixes and feature developments
21760 will be made on the development trunk and appear in the next quarterly release.
21762 Those wishing to use the latest code instead of a branch release can obtain
21763 it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
21765 == Changes since 1.13.4 ==
21767 * (bug 17449) Fixed PostgreSQL installation
21768 * (bug 17527) Fixed missing MySQL-specific options in installer
21770 == Changes since 1.13.3 ==
21772 A number of cross-site scripting (XSS) security vulnerabilities were discovered
21773 in the web-based installer (config/index.php). These vulnerabilities all
21774 require a live installer -- once the installer has been used to install a wiki,
21777 Note that cross-site scripting vulnerabilities can be used to attack any website
21778 in the same cookie domain. So if you have an uninstalled copy of MediaWiki on
21779 the same site as an active web service, MediaWiki could be used to attack the
21782 If you are hosting an old copy of MediaWiki that you have never installed, you
21783 are advised to remove it from the web.
21785 == Changes since 1.13.2 ==
21787 David Remahl of Apple's Product Security team has identified a number of
21788 security issues in previous releases of MediaWiki. Subsequent analysis by the
21789 MediaWiki development team expanded the scope of these vulnerabilities. The
21790 issues with a significant impact are as follows:
21792 * An XSS vulnerability affecting all MediaWiki installations between 1.13.0 and
21793 1.13.2. [CVE-2008-5249]
21794 * A local script injection vulnerability affecting Internet Explorer clients for
21795 all MediaWiki installations with uploads enabled. [CVE-2008-5250]
21796 * A local script injection vulnerability affecting clients with SVG scripting
21797 capability (such as Firefox 1.5+), for all MediaWiki installations with SVG
21798 uploads enabled. [CVE-2008-5250]
21799 * A CSRF vulnerability affecting the Special:Import feature, for all MediaWiki
21800 installations since the feature was introduced in 1.3.0. [CVE-2008-5252]
21802 XSS (cross-site scripting) vulnerabilities allow an attacker to steal an
21803 authorised user's login session, and to act as that user on the wiki. The
21804 authorised user must visit a web page controlled by the attacker in order to
21805 activate the attack. Intranet wikis are vulnerable if the attacker can
21806 determine the intranet URL.
21808 Local script injection vulnerabilities are like XSS vulnerabilities, except
21809 that the attacker must have an account on the local wiki, and there is no
21810 external site involved. The attacker uploads a script to the wiki, which another
21811 user is tricked into executing, with the effect that the attacker is able to act
21812 as the privileged user.
21814 CSRF vulnerabilities allow an attacker to act as an authorised user on the wiki,
21815 but unlike an XSS vulnerability, the attacker can only act as the user in a
21816 specific and restricted way. The present CSRF vulnerability allows pages to be
21817 edited, with forged revision histories. Like an XSS vulnerability, the
21818 authorised user must visit the malicious web page to activate the attack.
21820 These four vulnerabilities are all fixed in this release.
21822 David Remahl also reminded us of some security-related configuration issues:
21824 * By default, MediaWiki stores a backup of deleted images in the images/deleted
21825 directory. If you do not want these images to be publically accessible, make
21826 sure this directory is not accessible from the web. MediaWiki takes some steps
21827 to avoid leaking these images, but these measures are not perfect.
21828 * Set display_errors=off in your php.ini to avoid path disclosure via PHP fatal
21829 errors. This is the default on most shared web hosts.
21830 * Enabling MediaWiki's debugging features, such as $wgShowExceptionDetails, may
21831 lead to path disclosure.
21833 Other changes in this release:
21835 * Avoid fatal error in profileinfo.php when not configured.
21836 * Add a .htaccess to deleted images directory for additional protection against
21837 exposure of deleted files with known SHA-1 hashes on default installations.
21838 * Avoid streaming uploaded files to the user via index.php. This allows
21839 security-conscious users to serve uploaded files via a different domain, and
21840 thus client-side scripts executed from that domain cannot access the login
21841 cookies. Affects Special:Undelete, img_auth.php and thumb.php.
21842 * When streaming files via index.php, use the MIME type detected from the
21843 file extension, not from the data. This reduces the XSS attack surface.
21844 * Blacklist redirects via Special:Filepath. Such redirects exacerbate any
21845 XSS vulnerabilities involving uploads of files containing scripts.
21846 * Internationalisation updates.
21848 == Changes since 1.13.1 ==
21850 * Security: Work around misconfiguration by requiring strict comparisons for
21851 in_array in User::isAllowed().
21852 * (bug 14944) Added $wgShellLocale for configuration of an appropriate locale
21853 to use for LC_CTYPE during shell invocation. For servers that don't have
21854 en_US.utf8. Also added locale detection during install.
21855 * Localisation updates
21856 * Security: Fixed XSS vulnerability in useskin parameter.
21858 == Changes since 1.13.0 ==
21860 * (bug 15460) Fixed intermittent deadlock errors and poor concurrent
21861 performance for installations without memcached.
21862 * (bug 13770) Fixed DOM module detection for installations with both dom
21864 * (bug 15148) Fixed Special:BlockIP for PostgreSQL
21865 * Fixed SQLite support for non-memcached installations
21866 * Localisation updates, Achinese (ace) added.
21868 == Changes since 1.13.0rc2 ==
21870 * (bug 13770) Fixed incorrect detection of PHP's DOM module
21871 * Fix regression from r37834: accesskey tooltip hint should be given for the
21872 minor edit and watch labels on the edit page.
21873 * Updated Chinese simplified/traditional conversion tables
21875 == Changes since 1.13.0rc1 ==
21877 * $wgForwardSearchUrl has been removed entirely. Documented setting since 1.4
21878 has been $wgSearchForwardUrl.
21879 * (bug 14907) DatabasePostgres::fieldType now defined.
21880 * (bug 14966) Fix SearchEngineDummy class for silently non-functional search
21881 on Sqlite instead of horribly fatal error breaky one.
21882 * (bug 14987) Only fix double redirects on page move when the checkbox is
21884 * (bug 13376) Use $wgPasswordSender, not $wgEmergencyContact, as return
21885 address for page update notification mails.
21886 * API: Registration time of users registered before the DB field was created is
21887 now shown as empty instead of the current time.
21888 * (bug 14904): fragments were lost when redirects were fixed.
21889 * Added magic word __STATICREDIRECT__ to suppress the redirect fixer
21890 * (bug 15035) Revert English linkTrail to /^([a-z]+)(.*)$/sD, as it was before
21891 r36253. Multiple reports of breakage due to old (pre-5.0) PCRE libraries,
21892 both bundled with PHP and packaged with distros such as RHEL.
21893 * (bug 14944) Shell invocation of external programs such as ImageMagick convert
21894 was broken in PHP 5.2.6, if the server had a non-UTF-8 locale.
21897 === Configuration changes in 1.13 ===
21899 * New option $wgFeed can be set false to turn off syndication feeds
21900 * (bug 5745) Special:Whatlinkshere now shows up to $wgMaxRedirectLinksRetrieved
21901 links through each redirect instead of hardcoded 500
21902 * Set $wgUploadSizeWarning to false by default
21903 * Added $wgLBFactoryConf, for generic configuration of multi-master wiki farms
21904 * Removed $wgAlternateMaster, use $wgLBFactoryConf
21905 * (bug 13562) Misspelled option $wgUserNotifedOnAllChanges changed to
21906 $wgUserNotifiedOnAllChanges
21907 * (bug 12860) New option $wgSitemapNamespaces allows sitemaps to be generated
21908 for only some namespaces
21909 * Removed the emailconfirmed implicit group by default. To re-add it, use:
21910 $wgAutopromote['emailconfirmed'] = APCOND_EMAILCONFIRMED;
21911 in your LocalSettings.php.
21912 * (bug 2396) New shared database configuration variables. $wgSharedPrefix allows
21913 you to use a shared database with a different prefix. Or you can now use a
21914 local database and use prefixes to separate wiki and the shared tables. And
21915 the new $wgSharedTables variable allows you to specify a list of tables to
21917 * Automatic edit summaries can be disabled with $wgUseAutomaticEditSummaries
21918 * Duplicates of images are now shown on the image page
21919 * $wgRCFilterByAge allows for the list of dates in recent changes special pages
21920 to be filtered to only those within the range of $wgRCMaxAge
21921 * $wgRCLinkLimits and $wgRCLinkDays allow for customization of the list and
21922 limits displayed on the recent changes special pages
21923 * The "createpage" permission is no longer required when uploading if the target
21924 image page already exists
21925 * $wgMaximumMovedPages restricts the number of pages that can be moved at once
21926 (default 100) with the new subpage-move functionality of Special:Movepage
21927 * Hooks display in Special:Version is now disabled by default, use
21928 $wgSpecialVersionShowHooks = true; to enable it.
21929 * $wgActiveUserEditCount sets the number of edits that must be performed over
21930 a certain number of days to be considered active
21931 * $wgActiveUserDays is that number of days
21932 * $wgRateLimitsExcludedGroups has been deprecated in favor of
21933 $wgGroupPermissions[]['noratelimit']. The former still works, however.
21934 * New $wgGroupPermissions option 'move-subpages' added to control bulk-moving
21935 subpages along with pages. Assigned to 'user' and 'sysop' by default.
21936 * New $wgRC2UDPOmitBots allows user to omit bot edits from UDP output.
21938 * Removed $wgEnableCascadingProtection option. Disabling cascading protection
21939 is no longer possible.
21940 * $wgMessageCacheType defines now the type of cache used by the MessageCache
21941 class, previously it was choosen based on $wgParserCacheType
21942 * $wgExtensionAliasesFiles option to simplify adding aliases to special pages
21943 provided by extensions, in a similar way to $wgExtensionMessagesFiles
21944 * Added $wgXMLMimeTypes, an array of XML mimetypes we can check for
21946 * Added $wgDirectoryMode, which allows for setting the default CHMOD value when
21947 creating new directories.
21948 * (bug 14843) $wgCookiePrefix can be set by LocalSettings now, false defaults
21951 === New features in 1.13 ===
21953 * __HIDDENCAT__ on a category page causes the category to be hidden on the
21955 * Do not show edit permissions errors on a red link click, just redirect to the
21956 article. This is so that readers who don't know what a red link is are not
21957 confused when they are told they are range-blocked.
21958 * Add a new hook ImageBeforeProduceHTML to allow extensions to modify wikitext
21959 image syntax output
21960 * (bug 13100) Added 'preloadtitle' parameter to action=edit§ion=new that
21961 pre-fills the section title field
21962 * (bug 13112) Added Special:RelatedChanges alias to Special:RecentChangesLinked
21963 * (bug 13130) Moved edit token and autosummary fields above edit tools to
21964 reduce broken form submissions
21965 * Add --old-redirects-only option to maintenance/refreshLinks.php, to add old
21966 redirects to the redirect table
21967 * Add links to page and file deletion forms to edit predefined delete reasons
21968 * (bug 13269) Added MediaWiki:Uploadfooter to the bottom of Special:Upload
21969 * (bug 2815) Search results for media now use thumbnail instead of text extract
21970 * When a page doesn't exist, the tab should say "create", not "edit"
21971 * (bug 12882) Added a span with class "patrollink" around "Mark as patrolled"
21973 * Magic word formatnum can now take raw suffix to undo formatting
21974 * Add updatelog table to reliably permit updates that don't change the schema
21975 * Add category table to allow better tracking of category membership counts
21976 ** (bug 1212) Give correct membership counts on the pages of large categories
21977 ** Use category table for more efficient display of Special:Categories
21978 * (bug 1459) Search for duplicate files by hash: Special:FileDuplicateSearch
21979 * (bug 9447) Added hooks for search result headings
21980 * Image redirects are now enabled by default
21981 * (bug 13450) Email confirmation can now be canceled before the expiration
21982 * (bug 13490) Show upload/file size limit on upload form
21983 * Redesign of Special:UserRights
21984 * Make rev_deleted log entries more intelligible
21985 * (bug 6943) Added PAGESINCATEGORY: magic word
21986 * (bug 13604) Added Special:ListGroupRights
21987 * (bug 6332, 8617) Added message 'mainpage-description' as duplicate of
21988 'mainpage' and added it to message 'sidebar'
21989 * Automatically add old redirects to the redirect table when needed
21990 * (bug 6934) Allow inclusions, links, redirects to be separately toggled on or
21991 off on Special:WhatLinksHere
21992 * Cache image redirects
21993 * (bug 10457) Organize Special:SpecialPages into sections
21994 * Add a new hook EditPageBeforeConflictDiff to allow extensions like FCKeditor
21995 to modify the output for edit conflicts
21996 * Add class="nested" for <fieldset>s so fieldsets inside fieldsets get
21997 a slightly less huge margin and padding
21998 * (bug 13527) Use sitemaps.org format 0.9 instead of a Google-specific format
21999 * Allow \C and \Q as TeX commands to match \R, \N, \Z
22000 * On Special:UserRights, when you can add a group you can't remove or remove
22001 one you can't add, a notice is printed to warn you
22002 * (bug 12698) Create PAGESIZE parser function, to return the size of a page
22003 * Allow the "log in / create account" link in the toolbar to have different
22004 text from Special:UserLogin title (new message 'nav-login-createaccount')
22005 * Say "log in / create account" if an anonymous user can create an account,
22006 otherwise just "log in", consistently across skins
22007 * Special:Shortpages and Special:Longpages now returns pages in all content
22008 namespaces, not just NS_MAIN.
22009 * (bug 889) Improve conflict-handling between shared upload repository
22011 * Update documentation links in auto-generated LocalSettings.php
22012 * (bug 13584) The new hook SkinTemplateToolboxEnd was added.
22013 * (bug 709) Cannot rename/move images and other media files [EXPERIMENTAL]
22014 * Custom rollback summaries now accept the same arguments as the default message
22015 * (bug 12542) Added hooks for expansion of Special:Listusers
22016 * Drop-down AJAX search suggestions (turn on $wgEnableMWSuggest)
22017 * More relevant search snippets (turn on $wgAdvancedSearchHighlighting)
22018 * (bug 13950) Allow users to watch the user/talk pages of users they block.
22019 * (bug 13970) Allow MonoBook-based skins to specify their own print stylesheet
22020 * Show image links on Special:Whatlinkshere
22021 * Use rel="start", "prev", "next" appropriately on Pager-based pages
22022 * Add support for SQLite
22023 * AutoAuthenticate hook renamed to UserLoadFromSession
22024 * (bug 13232) importScript(), importStylesheet() funcs available to custom JS
22025 * (bug 13095) Search by first letters or digits in [[Special:Categories]]
22026 * Users moving a page can now move all subpages automatically as well
22027 * (bug 14259) Localisation message for upload button on Special:Import is now
22028 'import-upload' instead of 'upload'
22029 * Add information about user group membership to Special:Preferences
22030 * (bug 14146) Wrap usage section on imagepages into <div>s.
22031 * New layout for Special:Specialpages. Restricted pages are marked but not
22032 separated from other pages in their group.
22033 * (bug 14263) Show a diff of the revert on rollback notification page.
22034 * (bug 13434) Show a warning when hash identical files exist
22035 * Sidebar is now cached for all languages
22036 * The User class now contains a public function called isActiveEditor. Figures
22037 out if a user is active based on at least $wgActiveUserEditCount number of
22038 edits in the last $wgActiveUserDays days.
22039 * SpecialSearchResults hook now passes results by reference, so they can be
22040 changed by extensions.
22041 * Add a new hook LinkerMakeExternalLink to allow extensions to modify the output
22043 * (bug 14132) Allow user to disable bot edits from being output to UDP.
22044 * (bug 14328) jsMsg() within Wikibits now accepts a DOM object, not just a
22046 * (bug 14558) New system message (emailuserfooter) is now added to the footer of
22047 e-mails sent with Special:Emailuser
22048 * Add support for Hijri (Islamic) calendar
22049 * Add a new hook LinkerMakeExternalImage to allow extensions to modify the
22050 output of external (hotlinked) images.
22051 * (bug 14604) Introduced the following features for the LanguageConverter:
22052 Multi-tag support, single conversion flag, remove conversion flag on a single
22053 page, description flag, variant name, multi-variant fallbacks.
22054 * Add zh-mo and zh-my variants for the zh language
22055 * (bugs 4832, 9481, 12890) Special:Recentchangeslinked now has all options that
22056 are in Special:Recentchanges
22057 * Allow an $error message to be passed to ArticleDelete hook
22058 * Allow extensions to modify the user creation form by calling addInputItem();
22059 * Add meta generator tag to HTML output
22060 * MediawikiPerformAction hook is now passed the Mediawiki object
22061 * Added blank special page Special:BlankPage for benchmarking, etc.
22062 * Foreign repo file descriptions and thumbnails are now cached.
22063 * (bug 11732) Allow localisation of edit button images
22064 * Allow the search box, toolbox and languages box in the Monobook sidebar to be
22065 moved around arbitrarily using special sections in [[MediaWiki:Sidebar]]:
22066 SEARCH, TOOLBOX and LANGUAGES
22067 * Add a new hook NormalizeMessageKey to allow extensions to replace messages
22068 before the database is potentially queried
22069 * (bug 9736) Redirects on Special:Fewestrevisions are now marked as such.
22070 * New date/time formats in Cs localization according to ČSN and PČP.
22071 * Special:Recentchangeslinked now includes changes to transcluded pages and
22072 displayed images; also, the "Show changes to pages linked" checkbox now works
22073 on category pages too, showing all links that are not categorizations
22074 * (bug 4578) Automatically fix redirects broken by a page move
22076 === Bug fixes in 1.13 ===
22078 * (bug 10677) Add link to the file description page on the shared repository
22079 * (bug 13084) Increase size of source/destination filename fields in upload form
22080 * (bug 13115) rebuildrecentchanges should print the current value of $wgRCMaxAge
22081 * (bug 13140) Show parent categories in category namespace
22082 * (bug 13149) Correctly format 'fileexists' message on Upload page
22083 * Make the default filepageexists message accurate
22084 * (bug 12988) $wgMinimalPasswordLength no longer breaks create user by email
22085 * (bug 13022) Fix upload from URL on PHP 5.0.x
22086 * (bug 13132) Unable to unprotect pages protected with earlier versions of
22088 * (bug 12723) OpenSearch description name now uses more compact language code
22089 to avoid passing the length limit as often, is customizable per site via
22090 'opensearch-desc' message.
22091 * (bug 13135) Special:Userrights now passes IDs through form submission
22092 to allow functionality on not-quite-right usernames
22093 * (bug 12575) Prevent duplicate patrol log entries from being created
22094 * (bug 13174) __HIDDENCAT__ now applies only to category pages
22095 * (bug 13031) Add links to user pages in e-mail form
22096 * (bug 13147) Description for categoriespagetext (used in Special:Categories)
22098 * (bug 11561) Fix fatal error when calling action=revert to non-image page
22099 * (bug 12430) Fix call to private method LinkFilter::makeRegex fatal error in
22100 maintenance/cleanupSpam.php
22101 * All skins should have the "mediawiki" class on the body element
22102 * (bug 13019) Message cache for some extensions not loaded at time of editing
22103 * (bug 13247) Prettified ISBN links
22104 * maintenance/refreshLinks.php did not fix page_id 1 with the --new-only option
22105 * (bug 13110) Don't show "Permission error" page if the edit is already rolled
22106 back when using rollback
22107 * (bug 13012) Use content messages for block options when generating the
22108 recentchanges entry
22109 * (bug 13274) Change links for messages to ucfirst
22110 * (bug 13273) Un-hardcode some punctuation (add new messages colon-separator,
22111 autocomment-prefix)
22112 * Parse MediaWiki message translations with a correct language setting on
22114 * (bug 13281) Treat X-Forwarded-For, Client-ip and User-Agent headers as
22115 case-insensitive names.
22116 * Adding the fix for lists in RTL wikis to more skins, and fixing the image toc
22117 * (bug 8157) Remove redirects from Special:Unusedtemplates. Patch by WebBoy.
22118 * (bug 10721) Duplicate section anchors with differing case now disambiguated
22119 for Internet Explorer's sake and standards compliance
22120 * (bug 13298) Tighter limits on Special:Newpages limits when embedding
22121 * Email subject in content language instead of sending user's UI language
22122 * (bug 13251) Allow maintenance rebuild scripts to work with Postgres
22123 * (bug 2084) Fixed incorrect regex to match redirects
22124 * (bug 3131) Manually-specified upload destination filename is no longer
22125 overwritten by browsing for a file after you wrote it.
22126 * (bug 7251) Sidebars generated by MediaWiki:Sidebar now have the class
22127 'generated-sidebar'.
22128 * (bug 13265) Media handler is missing 'image/x-bmp'
22129 * (bug 13407) MediaWiki:Powersearch is used in two places
22130 * (bug 13403) Fix cache invalidation of history pages when old revisions change
22131 * (bug 11563) Deprecated SearchMySQL4 class; merged code to SearchMySQL
22132 * (bug 12801) Fix link in subtitle message in AJAX search
22133 * (bug 13428) Fix regression in protection form layout HTML validity
22134 * (bug 9403) Sanitize newlines from search term input
22135 * (bug 13429) Separate date and time in message sp-newimages-showfrom
22136 * (bug 13137) Allow setting 'editprotected' right separately from 'protect',
22137 so groups may optionally edit protected pages without having 'protect' perms
22138 * Disallow deletion of big pages by means of moving a page to its title and
22139 using the "delete and move" option.
22140 * (bug 13466, 13632) White space differences not shown in diffs
22141 * (bug 1953) Search form now honors namespace selections more reliably
22142 * (bug 12294) Namespace class renamed to MWNamespace for PHP 5.3 compatibility
22143 * PHP 5.3 compatibility fix for wfRunHooks() called with no parameters
22144 * (bug 6447) Trackbacks now work with transactional tables, if enabled
22145 * (bug 6892, 7147) Trackback error handling, optional fields more robust
22146 * (bug 6813) Don't break HTML validator when using trackbacks
22147 * Fix for size checks on SVG images with global 'stroke-width' attribute
22148 * (bug 11874) Inline CSS with !important no longer borken
22149 * (bug 1600) Strip extra == section markup == in new-comment field
22150 * (bug 11325) Wrapped page titles in MonoBook skin spaced more nicely
22151 * (bug 12077) Fix HTML nesting for TOC
22152 * (bug 344) Purge cache for talk/article pages when deleting the other tab
22153 * (bug 13436) Treat image captions correctly when they include option keywords
22154 (like ending with "px" or starting with "upright")
22155 * Trackback display formatting fixed
22156 * Don't die when single-element arrays are passed to SQL query constructors
22157 that have an array index other than 0
22158 * (bug 13522) Fix fatal error in Parser::extractTagsAndParams
22159 * (bug 13532) Use proper timestamp call when reverting images
22160 * (bug 13543) Updated FAQ link in the installer sidebar
22161 * (bug 13540) Date format in confirmation e-mail now matches message language
22162 * (bug 13554) PHP Notice in old pre-processor when list item is empty.
22163 * (bug 13556) Don't show a blank form if no image is attached in Special:Upload
22164 * (bug 13576) maintenance/rebuildrecentchanges.php fails
22165 * (bug 13441) Allow Special:Recentchanges to show bots only
22166 * (bug 13431) Show true message source in Special:Allmessages&ot=php / xml
22167 * (bug 13463) Login successful page doesn't use user's preferred interface
22169 * (bug 13630) Fixed warnings for pass by reference at call time in
22170 Special:Revisiondelete when generating the log entry.
22171 * (bug 12064) BeforePageDisplay hook is now called for all skins
22172 * (bug 13624) Fix regression with manual thumb= parameter on images
22173 * (bug 11039) Add missing labels on protection form
22174 * (bug 13458) Preview/edit toolbar spacing now works consistently
22175 * (bug 13433) Fix action=render on Image: pages
22176 * (bug 13678) Fix CSS validation for Monobook
22177 * (bug 13684) Links in Special:ListGroupRights should be in content language
22178 * (bug 13690) Fix PHP notice on accessing some URLs
22179 * Hide (undo) link if user isn't able to edit page
22180 * Invalidate cache of pages that includes images via redirects on upload
22181 * (bug 13705) Don't show rollback link in page history on incorrect revisions
22182 * (bug 13708) Don't set "Search results" title when loading Special:Search
22184 * (bug 13736) Don't show MediaWiki:Anontalkpagetext on non-existent IP addresses
22185 * (bug 13728) Don't trim initial whitespace during section edits
22186 * (bug 13727) Don't delete log entries from recentchanges on page deletion
22187 * (bug 13752) Redirects to sections now work again
22188 * (bug 13725) Upload form watch checkbox state set correctly with wpDestFile
22189 * (bug 13756) Don't show the form and navigation links of Special:Newpages if
22190 the page is included
22191 * When hiding things on WhatLinksHere, generated URLs should hide them too
22192 * Properly escape search terms with regex chars so they appear highlighted in
22194 * (bug 13768) pt_title field encoding fixed
22195 * Do not display empty columns on Special:UserRights if all groups are
22196 changeable or all unchangeable
22197 * Fix fatal error on calling PAGESINCATEGORY with invalid category name
22198 * (bug 13793) Special:Whatlinkshere filters wrong - after paginating instead of
22200 * (bug 13796) Show links to parent pages even if some of them are missing
22201 * (bug 13816) Filter by main namespace doesn't work on WhatLinksHere
22202 * (bug 13822) Fatal error on some pages when calculating subpage subtitle
22203 * (bug 13824) AJAX search suggestion now works with non-SkinTemplate skins
22204 * Added 'application/x-dia-diagram' MediaWiki's known MIME types
22205 * (bug 13866) skins/common/shared.css - invalid attribute fixing
22206 * Hide edit section links on Special:Undelete
22207 * (bug 13860) Fix "Justify paragraphs" option for Modern skin
22208 * (bug 13168) accessibility links in Modern skin link to wrong anchor id
22209 * (bug 13185) No line break after 'subpages' class in Modern skin
22210 * (bug 13583) No "poweredby" in Modern skin
22211 * (bug 13880) "Printable" link in Modern skin now formats as print mode
22212 * (bug 13885) Bump default $wgSVGMaxSize from 1024 to 2048 pixels
22213 * (bug 13891) Show categories box even if all categories are hidden and user has
22214 "show hidden categories" option on
22215 * (bug 13915) Undefined variable $wltsfield in includes/SpecialWatchlist.php
22216 * (bug 13913) Special:Whatlinkshere now has correct HTML markup
22217 * (bug 13905) Blacklist Mac IE from HttpOnly cookies; it eats them sometimes
22218 * (bug 13922) Fix bad HTML on empty Special:Prefixindex and Special:Allpages
22219 * (bug 13924) Fix bad HTML on power search form
22220 * (bug 13820) Fix updater for rev_parent_id population
22221 * (bug 13925) Fix bad HTML on search results list
22222 * (bug 13934) Fixing the link to GNU General Public License Version 2
22223 * Show correct accesskey prefix for Firefox 3 beta (Alt-Shift-, not Alt-)
22224 * (bug 13949) Special:PrefixIndex/AllPages paging links contain invalid XML
22225 * (bug 13770) Use Preprocessor_Hash by default to avoid missing DOM module
22227 * (bug 13982) Disable ccmeonemails preference when user-to-user mails disabled
22228 * (bug 13615) Update case mappings and normalization to Unicode 5.1.0
22229 Note that case mappings will only be used if mbstring extension is not
22231 * (bug 14044) Don't increment page view counters on views from bot users
22232 * (bug 14042) Calling Database::limitResult() misplaced the comment in the log
22234 * (bug 14047) Fix regression in installer which hid DB-specific options
22235 Also makes SQLite path configurable in the installer.
22236 * (bug 13546) Follow image redirects on image page
22237 * (bug 12644) Template list on edit page now sorted on preview
22238 * (bug 14058) Support pipe trick for namespaces and interwikis with "-"
22239 * Message name filter on Special:Allmessages now case-insensitive
22240 * (bug 13943) Fix image redirect behavior on image pages
22241 * (bug 14093) Do 'sysop' => 'protect' magic in Title::isValidMoveOperation
22242 * (bug 14063) Power search form missing <label> for redirects check
22243 * (bug 14111) Similar filename warning links now lead to correct page
22244 * (bug 14082) Fix for complex text input vs AJAX suggestions on some browsers
22245 * (bug 13693) Categories sometimes claim to have a negative number of members
22246 * (bug 1701) Korean Hangul syllables now broken down properly in Category lists
22247 even if the wiki's overall content language is not Korean
22248 * (bug 12773) addOnloadHook() now calls functions immediately when scripts are
22249 loaded after the primary page completion, instead of dropping them
22250 * (bug 14199) Fix deletion form for image redirect pages
22251 * (bug 14220) Disabling $wgCheckFileExtensions now works without also
22252 disabling $wgStrictFileExtensions
22253 * (bug 14241) Pages can no longer be protected to levels you are not in
22254 * (bug 14296) Fix local name of ang: (Anglo-Saxon)
22255 * (bug 4871) Hardcoded superscript in time zone preferences moved to message
22256 * (bug 6957) E-mail confirmation links now using English special page name
22257 for better compatibility and keeping the links shorter. Avoids problem
22258 with corrupt links in Gmail on IE 6.
22259 * (bug 14273) Fix for HTTP Accept header parsing with spaces as from Konqueror
22260 * (bug 14312) Update LanguageKaa.php for handling transform issues with i to İ
22262 * (bug 13826) MediaWiki:Defaultns accepts Wikicode
22263 * (bug 14324) Creating an account is again possible with $wgEmailConfirmToEdit
22265 * (bug 13034) Interwiki pages can now be reached using Go search button
22266 * (bug 14362) Change interwiki names of Erzya and Moksha Wikipedias
22267 * (bug 14370) When a grouppage-x message does not exist the entry on the
22268 ListGroupRights special page now links to the project namespace page for it,
22269 not the main namespace page.
22270 * (bug 11659) Urldecode image names in galleries
22271 * (bug 14258, 14368) Fix for subpage renames in replication environments
22272 * (bug 14367) Failed block no longer adds phantom watchlist entry
22273 * (bug 14385) "Move subpages" option no longer tries to move to invalid titles
22274 * (bug 14386) Fix subpage namespace oddity when moving a talk page
22275 * (bug 11771) Signup form now not shown if in read-only mode.
22276 * (bug 12859) $wgRateLimitsExcludedGroups has been deprecated in favor of
22277 $wgGroupPermissions[]['noratelimit'].
22278 * (Bug 13828) Split parameter $1 of MediaWiki:Missingarticle into $1 (=title)
22279 and $2 (=revision numbers)
22280 * (bug 14401) Fix Safari access key tooltips for Windows and >3.1 Mac versions
22281 * (bug 14432) Fix notice regression in Special:Newpages feed mode
22282 * (bug 11951) EditPage::getEditToolbar() is now static.
22283 * (bug 14392) Fix regression breaking table prefix in installer
22284 * (bug 11084) $wgDBprefix replacement for updater SQL will now work for
22285 extension tables using uppercase letters or digits in their names.
22286 * (bug 12311) Fix regression with lists at start of undeletion preview
22287 * (bug 14496) Fix regression with parseinline on Special:Upload.
22288 * We no longer just give up on a missing upload base directory; it's now
22289 created automatically if we have sufficient permissions!
22290 * (bug 14479) MediaWiki:upload-maxfilesize should have a div id wrapper
22291 * (bug 14497) Throw visible errors in installer scripts when SQL files
22292 fail due to database permission or other error
22293 * (bug 14500) Site feed (Recentchanges) no longer shows up on the actual
22294 recent changes page.
22295 * (bug 14511) MediaWiki:Delete-legend is no longer double escaped
22296 * Generate correct section anchors for numeric headers
22297 * (bug 14520) Don't load nonexistent CSS files for Chick/Myskin/Simple skins
22298 * (bug 14551) Cancel upload no longer automatically suppresses warnings
22299 * (bug 13878) Deprecate Article::getDB() in favor of direct wfGetDB() calls
22300 * (bug 4977) Fix for possible squid purging errors when using HTTP purges
22301 and multiple servers
22302 * (bug 14572) Redirects listed on file links on image pages no longer redirect.
22303 * (bug 14537) Change interwiki name for Old Church Slavonic (cu)
22304 * (bug 14583) Fix regression in recent changes "limit to certain categories."
22305 * (bug 14515) HTML nesting cleanup on edit form
22306 * (bug 14647) Removed unused 'townBox' CSS classes
22307 * (bug 14687) OutputPage::addStyle() now adds type="text/css" like it should.
22308 * OpenSearch cleanup; Firefox now sends you to the search page for empty
22309 searches instead of the domain root (which may not even be a wiki).
22310 * (bug 3481) Pages moved shortly after creation are shown at their new title
22311 on Special:Newpages.
22312 * (bug 12716) Trying to unprotect a title that isn't protected no longer
22313 generates a log entry.
22314 * (bug 14088) Excessively long block expiry times are rejected as invalid,
22315 keeps the log page from being distorted.
22316 * (bug 14708) Emulate INSERT...IGNORE with standard SQL for Postgres backend.
22317 * (bug 14646) Fix some double-escaping of HTML in feed output
22318 * (bug 14709) Fix login success message formatting when using cookie check
22319 * (bug 14710) Remove "donate" link from default sidebar
22320 * (bug 14745) Image moving works on sites that transform thumbnails via 404
22321 * (bug 2186) Document.write() in wikibits caused failures when using
22322 application/xhtml+xml. The calls to this have been removed.
22323 * (bug 14764) Fix regression in from Article::lastModified(), failed to work
22324 on non-mySQL schemas.
22325 * (bug 14763) Child classes of Database (DatabasePostgres and DatabaseOracle)
22326 had strict standards issues with setFakeSlaveLag() and setFakeMaster().
22327 * (bug 451) Improve the phrase mappings of the Chinese converter arrays.
22328 * (bug 12487) Rights log is not fully internationalized
22329 * (bug 10837) Language variants no longer override other languages than base
22330 * (bug 14778) 'limit' parameter now applies to history feeds as well as
22332 * (bug 14845) Bug in prefs javascript: Calling an array item without checking
22334 * Accesskeys for minor edit/watch checkboxes on edit now work in Firefox 3
22335 * (bug 12384) Comments in maintenance/*php
22336 * (bug 12441) ./maintenance/generateSitemap.php fix -fspath requiring
22338 * (bug 12568) configuration script now produce valid XHTML.
22339 * The accesskey to edit a page is now disabled when editing the page, to pre-
22340 vent conflicts with Safari shortcuts.
22342 === API changes in 1.13 ===
22344 * Fixing main page display in meta=siteinfo
22345 * (bug 13128) Added patrolled flag to list=recentchanges
22346 * Implemented {bl,ei,iu}redirect (lists links through redirects as well)
22347 * (bug 13154) Introduced subpages flag to meta=siteinfo&siprop=namespaces
22348 * (bug 13157) Added ucuserprefix parameter to list=usercontribs
22349 * (bug 12394) Added rctitles parameter to list=recentchanges, making rcid
22351 * (bug 13218) Fix inclusion of " character in hyperlinks
22352 * Added watch and unwatch parameters to action=delete and action=move
22353 * Added action=edit
22354 * (bug 11401) Added xmldoublequote to xml formatter
22355 * Added rvsection parameter to prop=revisions to allow fetching the content of
22356 a certain section only
22357 * Introduced list=allimages
22358 * (bug 13371) Build page set from image hashes
22359 * Mark non-existent messages in meta=allmessages as missing
22360 * (bug 13390) One invalid title no longer kills an entire API query
22361 * (bug 13419) Fix gblredirect so it actually works
22362 * (bug 13418) Disable eiredirect because it's useless
22363 * (bug 13395) list=allcategories should use category table
22364 * (bug 13442) Missing pages in prop=langlinks and prop=extlinks are now
22366 * (bug 13444) Add description to list=watchlist
22367 * (bug 13482) Disabled search types handled properly
22368 * Added inprop=talkid,subjectid to prop=info
22369 * Added help text message that specifies whether a module is POST-only
22370 * Added createonly parameter to action=edit
22371 * Replaced $wgAPIUCUserPrefixMinLength by the more generic $wgAPIMaxDBRows
22372 * (bug 11719) Remove trailing blanks in YAML output.
22373 * (bug 13541) Added siprop=specialpagealiases to meta=siteinfo
22374 * Added fallback8bitEncoding and readonly fields to
22375 meta=siteinfo&siprop=general output
22376 * (bug 13544) Added prop=revid to action=parse
22377 * (bug 13603) Added siprop=usergroups to meta=siteinfo
22378 * Cleaned up redirect resolution
22379 * Added possibility to obtain all external links through list=exturlusage
22380 * (bug 13606) Added archivename to iiprop
22381 * (bug 11633) Explicitly convert redirect titles to strings due to PHP's
22382 very weak typing on array keys.
22383 * (bug 12136) Extend allowed characters in JSON callback to ][.'"_A-Za-z0-9
22384 * (bug 11673) Return error 'unknown_action' in specified format
22385 * (bug 13618) Added rcprop=redirect and rcshow=redirect to list=recentchanges
22386 * (bug 13544) Added oldid parameter to action=parse to allow for parsing of old
22388 * (bug 13718) Return the proper continue parameter for cmsort=timestamp
22389 * action=login now returns the correct waiting time in the details property
22390 * (bug 13792) Broken titles are now silently skipped in search results.
22391 * (bug 13819) exturlusage paging skipped an item
22392 * Fixed handling of usernames containing spaces in list=block
22393 * (bug 13836) Fixed fatal errors resulting from combining iiprop=metadata with
22395 * (bug 13735) Added prop=categoryinfo module
22396 * (bug 13945) Retrieve cascading protection sources via inprop=protection
22397 * (bug 13965) Hardcoded 51 limit on titles is too limiting
22398 * (bug 13993) apfrom doesn't work with apdir=descending
22399 * (bug 14018) Introduced alcontinue to list=alllinks to improve paging
22400 * (bug 14013) Added rcshow=patrolled to list=recentchanges
22401 * (bug 14028) Added language attribute to interwiki map in meta=siteinfo
22402 * (bug 14022) Added usprop=registration and auprop=blockinfo
22403 * (bug 14021) Removed titles= support from list=backlinks (has been obsolete
22405 * (bug 13829) Expose parse tree via action=expandtemplates
22406 * (bug 13606) Allow deletion of images
22407 * Added iiprop=mime and aiprop=metadata
22408 * Handled unrecognized values for parameters more gracefully
22409 * Handled requesting disallowed tokens more gracefully
22410 * (bug 14140) URL-encoded page titles are now decoded in edit summaries
22411 * (bug 14243) Only accept post requests in action=edit; patch by HardDisk
22412 * action=block now returns an ISO8601 timestamp, like all other modules do
22413 * Added md5 parameter to action=edit
22414 * (bug 14335) Logging in to unified account using API not possible
22415 * Added action=emailuser to send an email to a user
22416 * (bug 14471) Use HTMLTidy and generate limit report in action=parse
22417 * (bug 14459) Added prependtext and appendtext parameters to action=edit
22418 * (bug 14526) Unescaped SQL in list=backlinks
22419 * Added 'hidden' flag to list=allcategories and prop=categoryinfo output
22420 * Added nocreate parameter to action=edit
22421 * (bug 14402) Added maxage and smaxage parameters to api.php
22422 * Added bkip parameter to list=blocks
22423 * (bug 14651) apprefix and similar parameters are now canonicalized
22424 * Added clprop=timestamp to prop=categories
22425 * (bug 14678) API errors now respects $wgShowExceptionDetails and
22427 * (bug 14723) Added time zone and writing direction to meta=siteinfo
22428 * Added APIQueryInfoTokens and APIQueryRevisionsTokens hooks so extensions
22429 can add their own tokens
22430 * Added block and unblock tokens to prop=info as well
22431 * Added paging (limit and continue parameters) to
22432 prop={links,templatelinks,langlinks,extlinks,categories,images}
22433 * Added flag "top" to list=usercontribs if the user is the last contributor to
22435 * list=exturlusage in "list all links" mode can now filter by protocol
22437 == MediaWiki 1.12 ==
22439 == MediaWiki 1.12.4 ==
22443 A number of cross-site scripting (XSS) security vulnerabilities were discovered
22444 in the web-based installer (config/index.php). These vulnerabilities all
22445 require a live installer -- once the installer has been used to install a wiki,
22448 Note that cross-site scripting vulnerabilities can be used to attack any
22449 website in the same cookie domain. So if you have an uninstalled copy of
22450 MediaWiki on the same site as an active web service, MediaWiki could be used to
22451 attack the active service.
22453 If you are hosting an old copy of MediaWiki that you have never installed, you
22454 are advised to remove it from the web.
22456 == MediaWiki 1.12.3 ==
22458 * Fixed packaging/distribution error. Many files were missing from the
22459 distributed tarball.
22461 == MediaWiki 1.12.2 ==
22463 David Remahl of Apple's Product Security team has identified a number of
22464 security issues in previous releases of MediaWiki. Subsequent analysis by the
22465 MediaWiki development team expanded the scope of these vulnerabilities. The
22466 issues with a significant impact are as follows:
22468 * A local script injection vulnerability affecting Internet Explorer clients
22469 for all MediaWiki installations with uploads enabled. [CVE-2008-5250]
22470 * A local script injection vulnerability affecting clients with SVG scripting
22471 capability (such as Firefox 1.5+), for all MediaWiki installations with SVG
22472 uploads enabled. [CVE-2008-5250]
22473 * A CSRF vulnerability affecting the Special:Import feature, for all MediaWiki
22474 installations since the feature was introduced in 1.3.0. [CVE-2008-5252]
22476 A local script injection vulnerability allows an attacker with a wiki account
22477 to steal another user's login session, and to act as that user on the wiki. The
22478 attacker uploads a malicious script file, and tricks the victim into executing
22481 CSRF vulnerabilities allow an attacker to act as an authorised user on the
22482 wiki, but unlike an XSS vulnerability, the attacker can only act as the user in
22483 a specific and restricted way. The present CSRF vulnerability allows pages to
22484 be edited, with forged revision histories. Like an XSS vulnerability, the
22485 authorised user must visit the malicious web page to activate the attack.
22487 These three vulnerabilities are all fixed in this release.
22489 David Remahl also reminded us of some security-related configuration issues:
22491 * By default, MediaWiki stores a backup of deleted images in the images/deleted
22492 directory. If you do not want these images to be publically accessible, make
22493 sure this directory is not accessible from the web. MediaWiki takes some steps
22494 to avoid leaking these images, but these measures are not perfect.
22495 * Set display_errors=off in your php.ini to avoid path disclosure via PHP fatal
22496 errors. This is the default on most shared web hosts.
22497 * Enabling MediaWiki's debugging features, such as $wgShowExceptionDetails, may
22498 lead to path disclosure.
22500 Other changes in this release:
22502 * Avoid fatal error in profileinfo.php when not configured.
22503 * Add a .htaccess to deleted images directory for additional protection against
22504 exposure of deleted files with known SHA-1 hashes on default installations.
22505 * Avoid streaming uploaded files to the user via index.php. This allows
22506 security-conscious users to serve uploaded files via a different domain, and
22507 thus client-side scripts executed from that domain cannot access the login
22508 cookies. Affects Special:Undelete, img_auth.php and thumb.php.
22509 * When streaming files via index.php, use the MIME type detected from the file
22510 extension, not from the data. This reduces the XSS attack surface.
22511 * Blacklist redirects via Special:Filepath. Such redirects exacerbate any XSS
22512 vulnerabilities involving uploads of files containing scripts.
22513 * Internationalisation updates.
22515 == MediaWiki 1.12.1 ==
22517 Changes since 1.12.0:
22518 * (bug [[bugzilla:13522|13522]]) Fix fatal error in Parser::extractTagsAndParams
22519 * (bug [[bugzilla:12077|12077]]) Fix HTML nesting for TOC
22520 * (bug [[bugzilla:13532|13532]]) Use proper timestamp call when reverting images
22521 * (bug [[bugzilla:13649|13649]], [[bugzilla:14084|14084]]) Bad call to
22523 * (bug [[bugzilla:13770|13770]]) Use Preprocessor_Hash by default to avoid
22524 missing DOM module errors
22525 * (bug [[bugzilla:13442|13442]]) API: Missing pages in prop=langlinks and
22526 prop=extlinks are now handled properly.
22527 * (bug [[bugzilla:13482|13482]]) API: Disabled search types handled properly
22528 * (bug [[bugzilla:13836|13836]]) API: Fixed fatal errors resulting from
22529 combining iiprop=metadata with format=xml
22530 * (bug [[bugzilla:11633|11633]]) API: Explicitly convert redirect titles to
22531 strings due to PHP's very weak typing on array keys.
22532 * API: Fixing main page display in meta=siteinfo
22533 * (bug [[bugzilla:11719|11719]]) API: Remove trailing blanks in YAML output.
22534 * (bug [[bugzilla:13718|13718]]) API: Return the proper continue parameter for
22536 * Security: Work around misconfiguration by requiring strict comparisons for
22537 in_array in User::isAllowed().
22538 * Security: Fixed XSS vulnerability in useskin parameter.
22540 == MediaWiki 1.12.0 ==
22542 This is the quarterly branch release of [[MediaWiki]] for Winter 2008.
22544 MediaWiki is now using a "continuous integration" development model with
22545 quarterly snapshot releases. The latest development code is always kept "ready
22546 to run", and in fact runs our own sites on [[wikipedia:|Wikipedia]].
22548 Release branches will continue to receive security updates for about a year
22549 from first release, but nonessential bugfixes and feature developments will be
22550 made on the development trunk and appear in the next quarterly release.
22552 Those wishing to use the latest code instead of a branch release can obtain it
22553 from source control: [[Download from SVN]].
22555 Changes since 1.12.0rc1:
22556 *(bug [[bugzilla:13359|13359]]) Double-escaping in [[Special:Allpages]].
22557 *Localization updates.
22559 == MediaWiki 1.12.0rc1 ==
22561 This is a release candidate of the Winter 2008 quarterly snapshot release of
22564 MediaWiki is now using a "continuous integration" development model with
22565 quarterly snapshot releases. The latest development code is always kept "ready
22566 to run", and in fact runs our own sites on [[wikipedia:|Wikipedia]].
22568 Release branches will continue to receive security updates for about a year
22569 from first release, but nonessential bugfixes and feature developments will be
22570 made on the development trunk and appear in the next quarterly release.
22572 Those wishing to use the latest code instead of a branch release can obtain it
22573 from source control: [[Download from SVN]].
22575 This is the Winter 2007 quarterly release.
22577 MediaWiki is now using a "continuous integration" development model with
22578 quarterly snapshot releases. The latest development code is always kept
22579 "ready to run", and in fact runs our own sites on Wikipedia.
22581 Release branches will continue to receive security updates for about a year
22582 from first release, but nonessential bugfixes and feature developments
22583 will be made on the development trunk and appear in the next quarterly release.
22585 Those wishing to use the latest code instead of a branch release can obtain
22586 it from source control: https://www.mediawiki.org/wiki/Download_from_SVN
22588 === Configuration changes in 1.12 ===
22589 * Marking edits as bot edits with Special:Contributions?bot=1 now requires the
22590 markbotedit permission, rather than the rollback permission previously used.
22591 This permission is assigned by default to the sysop group.
22592 * MediaWiki now checks if serialized files are out of date. New configuration
22593 variable $wgCheckSerialized can be set to false to enable old behavior (i.e.
22594 to not check and assume they are always up to date)
22595 * The rollback permission can now be rate-limited using the normal mechanism.
22596 * New configuration variable $wgExtraLanguageNames
22597 * Behavior of $wgAddGroups and $wgRemoveGroups changed. New behavior:
22598 * * Granting the userrights privilege allows arbitrary changing of rights.
22599 * * Without the userrights privilege, a user will be able to add and/or
22600 remove the groups specified in $wgAddGroups and $wgRemoveGroups for
22601 any groups they are in.
22602 * New permission userrights-interwiki for changing user rights on foreign wikis.
22603 * $wgImplicitGroups for groups that are hidden from Special:Listusers, etc.
22604 * $wgAutopromote: automatically promote users who match specified criteria
22605 * $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf: allow users to add or remove
22606 themselves from specified groups via Special:Userrights.
22607 * When $wgUseTidy has been enabled, PHP's Tidy module is now used if it is
22608 present, in preference to an external Tidy executable which may or may not
22609 be present. To force use of external Tidy even when the PHP module is
22610 available, set $wgTidyInternal to false.
22613 === New features in 1.12 ===
22614 * (bug 10735) Add a warning for non-descriptive filenames at Special:Upload
22615 * Add {{filepath:}} parser function to get full path to an uploaded file,
22616 complementing {{fullurl:}} for pages.
22617 * (bug 11136) If using Postgres, search path is explicitly set if wgDBmwschema
22618 is not set to 'mediawiki', allowing multiple mediawiki instances per user.
22619 * (bug 11151) Add descriptive <title> to revision history page
22620 * (bug 5412) Add feed links for the site to all pages
22621 * (bug 11353) Add ability to retrieve raw section content via action=raw
22622 * (bug 6909) Show relevant deletion log lines when uploading a previously
22624 * On SkinTemplate based skins (like MonoBook), omit confusing "edit"/"view
22625 source" tab entirely if the page doesn't exist and the user isn't allowed to
22627 * Clarify instructions given when an exception is thrown
22628 * AuthPlugin added strictUserAuth() method to allow per-user override
22629 of the strict() authentication behavior.
22630 * (bug 7872) Deleted revisions can now be viewed as diffs showing changes
22631 against the previous revision, whether currently deleted or live.
22632 * Added tooltips for the "Go" and "Search" buttons
22633 * (bug 11649) Show input form when Special:Whatlinkshere has no parameters
22634 * isValidEmailAddr hook added to User method of that name, to allow, e.g., re-
22635 stricting e-mail addresses to a specific domain
22636 * Removed "Clear" link in watchlist editor tools, as people were afraid to
22637 click it. Existing clear links will fall back to the raw editor, which is
22638 very easy to clear your watchlist with.
22639 * (bug 1405) Add wgUseNPPatrol option to control patroling for new articles
22640 on Special:Newpages
22641 * LogLine hook added to allow formatting custom entries in Special:Log.
22642 * Support for Iranian calendar
22643 * (bug 1401) Allow hiding logged-in users, bots and patrolled pages on
22645 * ChangesListInsertArticleLink hook added for adding extra article info to RC.
22646 * MediaWikiPerformAction hook added for diverting control after the main
22647 globals have been set up but before any actions have been taken.
22648 * BeforeWatchlist hook added for filtering or replacing watchlist.
22649 * SkinTemplateTabAction hook added for altering the properties of tab links.
22650 * OutputPage::getRedirect public method added.
22651 * (bug 11848, 12506) Allow URL parameters 'section', 'editintro' and 'preload'
22652 in Special:Mypage and Special:Mytalk
22653 * Add ot=raw to Special:Allmessages
22654 * Support for Hebrew calendar
22655 * Support for Hebrew numerals in dates and times
22656 * (bug 11315) Signatures can be configured in [[MediaWiki:Signature]] and
22657 [[MediaWiki:Signature-anon]]
22658 * Signatures for anonymous users link to Special:Contributions page rather than
22660 * Added --override switch for disabled pages in updateSpecialPages.php
22661 * Provide a unique message (ipb_blocked_as_range) if unblock of a single IP
22663 because it is part of a blocked range.
22664 * (bug 3973) Use a separate message for the email content when an account is
22665 created by another user
22666 * dumpTextPass.php can spawn fetchText.php as a subprocess, which should restart
22667 cleanly if database connections fail unpleasantly.
22668 * (bug 12028) Add Special:Listbots as shortcut for Special:Listusers/bot
22669 * (bug 9633) Add a predefined list of delete reasons to the deletion form
22670 * Show a warning message when creating/editing a user (talk) page but the user
22672 * (bug 8396) Ignore out-of-date serialised message caches
22673 * (bug 12195) Undeleting pages now requires 'undelete' permission
22674 * (bug 11810) Localize displayed semicolons
22675 * (bug 11657) Support for Thai solar calendar
22676 * (bug 943) RSS feed for Recentchangeslinked
22677 * Introduced AbortMove hook
22678 * (bug 2919) Protection of nonexistent pages with regular protection interface.
22679 * Special:Upload now lists permitted/prohibited file extensions.
22680 * Split ambiguous filetype-badtype message into two new messages,
22681 filetype-unwanted-type and filetype-banned-type.
22682 * Added link to the old title in Special:Movepage
22683 * On Special:Movepage, errors are now more noticeable.
22684 * It is now possible to change rights on other local wikis without the MakeSysop
22686 * Add HTML ID's mw-read-only-warning and mw-anon-edit-warning to warnings when
22687 editing to allow CSS styling.
22688 * Parser now returns list of sections
22689 * When a user is prohibited from creating a page, a title of "View source"
22690 makes no sense, and there should be no "Return to [[Page]]" link.
22691 * (bug 12486) Protected titles now give a warning for privileged editors.
22692 * (bug 9939) Special:Search now sets focus to search input box when no existing
22694 * For Special:Userrights, use GET instead of POST to search for users.
22695 * Allow subpage syntax for Special:Userrights, i.e., Special:Userrights/Name.
22696 * When submitting changes on Special:Userrights, show the full form again, not
22697 just the search box.
22698 * Added exception hooks
22699 * (bug 12574) Allow bots to specify whether an edit should be marked as a bot
22700 edit, via the parameter 'bot'. (Default: '1')
22701 * (bug 12536) User should be able to get MediaWiki version from any page
22702 * (bug 12622) A JavaScript constant to declare whether api.php is available
22703 * Add caching to the AJAX search
22704 * Add APCOND_INGROUPS
22705 * Add DBA caching to installer
22706 * (bug 12585) Added a bunch of parameters to the revertpage message
22707 * Support redirects in image namespace
22708 * (bug 10049) Prefix index search and namespaces in Special:Withoutinterwiki
22709 * (bug 12668) Support for custom iPhone bookmark icon via $wgAppleTouchIcon
22710 * Add option to include templates in Special:Export.
22711 * (bug 12655) Added $wgUserEmailUseReplyTo config option to put sender
22712 address in Reply-To instead of From for user-to-user emails.
22713 This protects against SPF problems and privacy-leaking bounce messages
22714 when using mailers that set the envelope sender to the From header value.
22715 * (bug 11897) Add alias [[Special:CreateAccount]] & [[Special:Userlogin/signup]]
22716 for Special:Userlogin?type=signup
22717 * (bug 12214) Add a predefined list of delete reasons to the file deletion form
22718 * Merged backends for OpenSearch suggestions and AJAX search.
22719 Both now accept namespace prefixes, handle 'Media:' and 'Special:' pages,
22720 and reject interwiki prefixes. PrefixSearch class centralizes this code,
22721 and the backend part can be overridden by the PrefixSearchBackend hook.
22722 * (bug 10365) Localization of Special:Version
22723 * When installing using Postgres, the Pl/Pgsql language is now checked for
22724 and installed when at the superuser level.
22725 * The default robot policy for the entire wiki is now configurable via the
22726 $wgDefaultRobotPolicy setting.
22727 * (bug 12239) Use different separators for autocomments
22728 * (bug 12857) Patrol link on new pages should clear floats
22729 * (bug 12968) Render redirect wikilinks in a redirect class for customization
22731 * EditPageBeforeEditButtons hook added for altering the edit buttons below the
22734 === Bug fixes in 1.12 ===
22736 * Subpages are now indexed for searching properly when using PostgreSQL
22737 * (bug 3846) Suppress warnings from, e.g. open_basedir when scanning for
22738 ImageMagick, diff3 et al. during installation [patch by Jan Reininghaus]
22739 * (bug 7027) Shift handling of deletion permissions-checking to
22740 getUserPermissionsErrors.
22741 * Login and signup forms are now more correct for right-to-left languages.
22742 * (bug 5387) Block log items on RecentChanges don't make use of possible
22744 * (bug 11211) Pass, as a parameter to the protectedpagetext interface
22745 message, the level of protection.
22746 * (bug 9611) Supply the blocker and reason for the cantcreateaccounttext
22748 * (bug 8759) Fixed bug where rollback was allowed on protected pages for wikis
22749 where rollback is given to non-sysops.
22750 * (bug 8834) Split off permission for editing user JavaScript and CSS from
22751 editinterface to a new permission key editusercssjs.
22752 * (bug 11266) Set fallback language for Fulfulde (ff) to French
22753 * (bug 11179) Include image version deletion comment in public log
22754 * Fixed notice when accessing special page without read permission and whitelist
22756 * (bug 9252) Fix for tidy funkiness when using editintro mode
22757 * (bug 4021) Fix for MySQL wildcard search
22758 * (bug 10699) Fix for MySQL phrase search
22759 * (bug 11321) Fix width of gallerybox when option "width=xxx" is used
22760 * (bug 7890) Special:BrokenRedirects links deleted redirects to a non-existent
22762 * Fix initial statistics when installing: add correct values
22763 * (bug 11342) Fix several 'returnto' links in permissions/error pages which
22764 linked to the main page instead of targetted page
22765 * Strike the link to the redirect rather than using an asterisk in
22766 Special:Listredirects
22767 * (bug 11355) Fix false positives in Safe Mode and other config detection
22768 when boolean settings are disabled with 'Off' via php_admin_value/php_value
22769 * (bug 11292) Fixed unserialize errors with Postgres by creating special Blob
22771 * (bug 11363) Make all metadata fields bytea when using Postgres.
22772 * (bug 11331) Add buildConcat() and use CASE not IF for DB compatibility. Make
22773 oldimage cascade delete via image table for Postgres, change fa_storage_key
22775 * (bug 11438) Live Preview chops returned text
22776 * Show the right message on account creation when the user is blocked
22777 * (bug 11450) Fix creation of objectcache table on upgrade
22778 * Fix namespace selection after submit of Special:Newpages
22779 * Make input form of Special:Newpages nicer for RTL wikis
22780 * (bug 11462) Fix typo in LanguageGetSpecialPageAliases hook name
22781 * (bug 11474) Fix unintentional fall-through in math error handling
22782 * (bug 11478) Fix undefined method call in file deletion interface
22783 * (bug 278) Search results no longer highlight incorrect partial word matches
22784 * Compatibility with incorrectly detected old-style DJVU mime types
22785 * (bug 11560) Fix broken HTML output from weird link nesting in edit comments.
22786 Nested links (as in image caption text) still don't work _right_ but they're
22788 * (bug 9718) Remove unnecessary css from main.css causing spacing issues on
22790 * (bug 11574) Add an interface message loginstart, which, similarly to loginend,
22791 appears just before the login form. Patch by MinuteElectron.
22792 * Do not cache category pages if using 'from' or 'until'
22793 * Created new hook getUserPermissionsErrors, to go with userCan changes.
22794 * Diff pages did not properly display css/js pages.
22795 * (bug 11620) Add call to User::isValidEmailAddr during accout creation.
22796 * (bug 11629) If $wgEmailConfirmToEdit is true, require people to supply an
22797 email address when registering.
22798 * (bug 11612) Days to show in recent changes cannot be larger than 7
22799 * (bug 11131) Change filearchive width/height columns to int for Postgres
22800 * Support plural in undeleted{revisions,revisions-files,files}
22801 * (bug 11343) If the database is read-only, ensure that undelete fails.
22802 * (bug 11690) Show revert link for page moves in Special:Log to allowed users
22804 * Initial-lowercase prefix checks in namespaceDupes.php now actually work.
22805 * Fix regression in LinkBatch.php breaking PHP 5.0
22806 * (bug 11452) wfMsgExt uses sometimes wrong language object for parsing magic
22807 words when called with options ''parsemag'' or ''content''.
22808 * (bug 11727) Support plural in 'historysize' message
22809 * (bug 11744) Incorrect return value from Title::getParentCategories()
22810 * (bug 11762) Fix native language name of Akan (ak)
22811 * (bug 11722) Fix inconsistent case in unprotect tabs
22812 * (bug 11795) Be more paranoid about confirming accept-encoding header is
22814 * (bug 11809) Use formatNum() for more numbers
22815 * (bug 11818) Fix native language name of Inuktitut (iu)
22816 * Remove all commas when parsing float numbers in sorted tables
22817 * Limit text field of deletion, protection and user rights changes reasons to
22818 255 characters (already restricted in the database)
22819 * In the deletion default reasons, calculate how much text to get from the
22820 article text, rather than getting 150 characters (which may be too much)
22821 * Add two messages for Special:Blockme which were used but undefined
22822 * (bug 11921) Support plural in message number_of_watching_users_pageview
22823 * If an IP address is blocked as part of a rangeblock, attempting to unblock
22824 the single IP should not unblock the entire range.
22825 * (bug 6695) Fix native language name of Southern Sotho (Sesotho) (st)
22826 * Make action=render follow redirects by default
22827 * If restricted read access was enabled, whitelist didn't work with special
22828 pages which had spaces in theirs names
22829 * If restricted read access was enabled, requests for non-existing special pages
22831 * Feeds for recent changes now provide correct URLs for the change, not just
22833 * Check for if IP is blocked as part of a range when unblocking (see above bug-
22834 fix) was faulty. Now fixed.
22835 * Fixed wpReason URL parameter to action=delete.
22836 * Do not force a password for account creation by email
22837 * Ensure that rate-limiting is applied to rollbacks.
22838 * Make a better rate-limiting error message (i.e. a normal MW error,
22839 rather than an "Internal Server Error").
22840 * Do not present an image bigger than the source when 'frameless' option is used
22841 (to be consistent with the 'thumb' option now)
22842 * Support {{PLURAL}} for import log
22843 * Make sure that the correct log entries are shown on Special:Userrights even
22844 for users with special characters in their names
22845 * The number of watching users in watchlists was always reported as 1
22846 * namespaceDupes.php no longer dies when coming across an illegal title
22847 * (bug 12143) Do not show a link to patrol new pages for non existent pages
22848 * (bug 12166) Fix XHTML validity for Special:Emailuser
22849 * (bug 11346) Users who cannot edit a page can now no longer unprotect it.
22850 * (bug 451) Add a generic Traditional / Simplified Chinese conversion table,
22851 instead of a Traditional conversion with Taiwan variant, and a Simplified
22852 conversion with China variant.
22853 * (bug 12178) Fix wpReason parameter to action=delete, again.
22854 * Graceful behavior for updateRestrictions.php if a page already has records
22855 in the page_restrictions matching its old page_restrictions field.
22856 May help with odd upgrade issues or race condition.
22857 * (bug 11993) Remove contentsub "revision history"
22858 * (bug 11952) Ensure we quote_ident() all schema names as needed
22859 inside of the DatabasePostgres.php file.
22860 * (bug 12184) Exceptions now sent to stderr instead of stdout for command-line
22861 scripts, making for cleaner reporting during batch jobs. PHP errors will also
22862 be redirected in most cases on PHP 5.2.4 and later, switching 'display_errors'
22863 to 'stderr' at runtime.
22864 * (bug 12148) Text highlight wasn't applied to cleanly deleted and added
22865 lines in diff output
22866 * (bug 10166) Fix a PHP warning in Language::getMagic
22867 * Only mark rollback edits as minor if the user can normally mark edits minor
22868 * Escape page names in the move successful page (e.g. for pages with two
22870 * (bug 12145) Add localized names of kk-variants
22871 * (bug 12259) Localize the numbers in deleted pages on the sysop view
22872 * Set proper page title for successful file deletion
22873 * (bug 11221) Do not show 'Compare selected versions' button for a history page
22874 with one revision only
22875 * (bug 12267) Set the default date format to Thai solar calender for the Thai
22877 * (bug 10184) Extensions' stylesheets and scripts should be loaded before
22878 user-customized ones (like Common.css, Common.js)
22879 * (bug 12283) Special:Newpages forgets parameters
22880 * (bug 12031) All namespaces doesn't work in Special:Newpages
22881 * (bug 585) Only create searchindex replica table for parser tests if db is
22883 * Allow --record option if parserTests.php to work when using Postgres
22884 * (bug 12296) Simplify cache epoch in default LocalSettings.php
22885 * (bug 12346) XML fix when body double-click and click handlers are present
22886 * Fix regression -- missing feed links in sidebar on Special:Recentchanges
22887 * (bug 12371) Handle more namespace case variants in namespaceDupes.php
22888 * (bug 12380) Bot-friendly EditPage::spamPage
22889 * (bug 8066) Spaces can't be entered in special page aliases
22890 * Hide undo link if user can't edit article
22891 * (bug 12416) Fix password setting for createAndPromote.php
22892 * (bug 3097) Inconsistently usable titles containing HTML character entities
22893 are now forbidden. A run of cleanupTitles.php will fix up existing pages.
22894 * (bug 12446) Permissions check fix for undelete link
22895 * (bug 12451) AJAX title normalization tweaks
22896 * When a user creating a page is not allowed to either create the page nor edit
22897 it, all applicable reasons are now shown.
22898 * (bug 11428) Allow $wgScript inside $wgArticlePath when emulating PATH_INFO
22899 Fixes 'root'-style rewrite configurations
22900 * (bug 12493) Removed hardcoded MAX_FILE_SIZE from Special:Import upload form
22901 * (bug 12489) Special:Userrights listed in restricted section again
22902 * (bug 12553) Fixed invalid XHTML in edit conflict screen
22903 * (bug 12505) Fixed section=0 with action=raw
22904 * (bug 12614) Do not log user rights change that didn't change anything
22905 * (bug 12584) Don't reset cl_timestamp when auto-updating sort key on move
22906 * (bug 12588) Fix selection in namespace selector on Special:Newpages
22907 * Use only default options when generating RSS and Atom syndication links.
22908 This should help prevent infinite link loops that some software may follow,
22909 and will generally keep feed behavior cleaner.
22910 * (bug 12608) Unifying the spelling of getDBkey() in the code.
22911 * (bug 12611) Bot flag ignored in recent changes
22912 * (bug 12617) Decimal and thousands separators for Romanian
22913 * (bug 12567) Fix for misformatted read-only messages on edit, protect.
22914 Also added proper read-only checks to several special pages.
22915 Have removed read-only checks from the general user permission framework.
22916 * Creating a site with a name containing '#' is no longer permitted, since the
22917 name will not work (but $wgSiteName is not checked if manually set).
22918 * (bug 12695) Suppress dvips verbiage from web server error log
22919 * (bug 12716) Unprotecting a non-protected page leaves a log entry
22920 * Log username blocks with canonical form of name instead of input form
22921 * (bug 11593, 12719) Fixes for overzealous invocation of thumb.php.
22922 Non-image handlers and full-size images may now decline it, fixing
22923 mystery failures when using $wgThumbnailScriptPath.
22924 * (bug 12327) Comma in username no longer disrupts mail headers
22925 * (bug 6436) Localization of Special:Import XML parser Error message(s).
22926 * Security fix for API on MSIE
22927 * (bug 12768) Database query syntax error in maintenance/storage/compressOld.inc
22928 * (bug 12753) Empty captions in MediaWiki:Sidebar result in PHP errors
22929 * (bug 12790) Page protection is not logged when edit-protection is used
22930 and move-protection is not
22931 * (bug 12793) Fix for restricted namespaces/pages in Special:Export
22932 * Fix for Special:Export so it doesn't ignore the page named '0'
22933 * Don't display rollback link if the user doesn't have all required permissions
22934 * The comment of a time-limited protection now contains the date in the default
22936 * (bug 12880) wfLoadExtensionMessages does not use $fallback from MessagesXx.php
22937 * (bug 12885) Correction for Russian convertPlural function
22938 * (bug 12768) Make DatabasePostgres->hasContraint() schema aware.
22939 * (bug 12735) Truncate usernames in comments using mb_ functions.
22940 * (bug 12892) Poor tab indexing on "delete file" form
22941 * (bug 12660) When creating an account by e-mail, do not send the creator's IP
22943 * (bug 12931) Fix wrong global variable in SpecialVersion
22944 * (bug 12919) Use 'deletedrevision' message as content when deleting an old file
22946 * (bug 12952) Using Nosuchusershort instead of Nosuchuser when account creation
22948 * (bug 12869) Magnify icon alignment should be adjusted using linked CSS
22949 * Fixing message cache updates for MediaWiki messages moves
22950 * (bug 12815) Signature timestamps were always in UTC, even if the timezone code
22951 in parentheses after them claimed otherwise
22952 * (bug 12732) Fix installer and searching to handle built-in tsearch2 for
22954 * (bug 12784) Change "bool" types to smallint to handle Postgres 8.3 strictness.
22955 * (bug 12301) Allow maintenance/findhooks.php to search hooks in multiple
22957 * (bug 7681, 11559) Cookie values no longer override GET and POST variables.
22958 * (bug 5262) Fully-qualified $wgStylePath no longer corrupted on XML feeds
22959 * (bug 3269) Inaccessible titles ending in '/.' or '/..' now forbidden.
22960 * (bug 12935, 12981) Fully-qualify archive URLs in delete, revert messages
22961 * (bug 12938) Fix template expansion and 404 returns for action=raw with section
22962 * (bug 11567) Fix error checking for PEAR::Mail. UserMailer::send() now returns
22963 true-or-WikiError, which seems to be the calling convention expected by half
22964 its callers already
22965 * (bug 12846) IE rtl.css issue in RTL wikis special:Preferences when selecting
22966 an LTR user language
22967 * (bug 13005) DISPLAYTITLE does not work on preview
22968 * (bug 13004) Fix error on Postgres searches that return too many results.
22970 == Parser changes in 1.12 ==
22972 For help with migration to the MediaWiki 1.12 parser, please visit:
22974 http://meta.wikimedia.org/wiki/Migration_to_the_new_preprocessor
22976 The parser pass order has changed from
22978 * Extension tag strip and render
22979 * HTML normalisation and security
22980 * Template expansion
22985 * Template and extension tag parse to intermediate representation
22986 * Template expansion and extension rendering
22987 * HTML normalisation and security
22990 The main effect of this for the user is that the rules for uncovered syntax
22993 Uncovered main-pass syntax, such as HTML tags, are now generally valid, whereas
22994 previously in some cases they were escaped. For example, you could have "<ta" in
22995 one template, and "ble>" in another template, and put them together to make a
22996 valid <table> tag. Previously the result would have been "<table>".
22998 Uncovered preprocessor syntax is generally not recognised. For example, if you
22999 have "{{a" in Template:A and "b}}" in Template:B, then "{{a}}{{b}}" will be
23000 converted to a literal "{{ab}}" rather than the contents of Template:Ab. This
23001 was the case previously in HTML output mode, and is now uniformly the case in
23002 the other modes as well. HTML-style comments uncovered by template expansion
23003 will not be recognised by the preprocessor and hence will not prevent template
23004 expansion within them, but they will be stripped by the following HTML security
23007 Bug 5678 has been fixed. This has a number of user-visible effects related to
23008 the removal of this double-parse. Please see the wiki page for examples.
23010 Message transformation mode has been removed, and replaced with "preprocess"
23011 mode. This means that some MediaWiki namespace messages may need to be updated,
23012 especially ones which took advantage of the terribly counterintuitive behavior
23013 of the former message mode.
23015 The header identification routines for section edit and for numbering section
23016 edit links have been merged. This removes a significant failure mode and fixes a
23017 whole category of bugs (tracked by bug #4899). Wikitext headings uncovered by
23018 template expansion will still be rendered into a heading tag, and will get an
23019 entry in the TOC, but will not have a section edit link. HTML-style headings
23020 will also not have a section edit link. Valid wikitext headings present in the
23021 template source text will get a template section edit link. This is a major
23022 break from previous behavior, but I believe the effects are almost entirely
23025 The main motivation for making these changes was performance. The new two-pass
23026 preprocessor can skip "dead branches" in template expansion, such as unfollowed
23027 #switch cases and unused defaults for template arguments. This provides a
23028 significant performance improvement in template-heavy test cases taken from
23029 Wikipedia. Parser function hooks can participate in this performance improvement
23030 by using the new SFH_OBJECT_ARGS flag during registration.
23032 The pre-expand include size limit has been removed, since there's no efficient
23033 way to calculate such a figure, and it would now be meaningless for performance
23034 anyway. The "preprocessor node count" takes its place, with a generous default
23037 The context in which XML-style extension tags are called has changed, so
23038 extensions which make use of the parser state may need compatibility changes.
23040 The new preprocessor syntax has been documented in Backus-Naur Form at:
23042 https://www.mediawiki.org/wiki/Preprocessor_ABNF
23044 The ExpandTemplates extension now has the ability to generate an XML parse
23045 tree from wikitext source. This parse tree corresponds closely to the grammar
23046 documented on that page.
23048 === API changes in 1.12 ===
23050 Full API documentation is available at https://www.mediawiki.org/wiki/API
23052 * (bug 11275) Enable descending sort in categorymembers
23053 * (bug 11308) Allow the API to output the image metadata
23054 * (bug 11296) Temporary fix for escaping of ampersands inside links in
23057 * (bug 11405) Expand templates implementation in the API
23058 * (bug 11218) Add option to feedwatchlist to display multiple revisions for each
23060 * (bug 11404) Provide name of exception caught in error code field of internal
23061 api error messages.
23062 * (bug 11534) rvendid doesn't work
23063 * Fixed rvlimit of the revisions query to only enforce the lower query limit if
23064 revision content is requested.
23065 * Include svn revision number (if install is checked-out from svn) in siteinfo
23067 * (bug 11173) Allow limited wikicode rendering via api.php
23068 * (bug 11572) API should provide interface for expanding templates
23069 * (bug 11569) Login should return the cookie prefix
23070 * (bug 11632) Breaking change: Specify the type of a change in the recentchanges
23071 list as 'edit', 'new', 'log' instead of 0, 1, 2, respectively.
23072 * Compatibility fix for PHP 5.0.x.
23073 * Add rctype parameter to list=recentchanges that filters by type
23074 * Add apprtype and apprlevel parameters to filter list=allpages by protection
23076 * Add apdir parameter to enable listing all pages from Z to A
23077 * (bug 11721) Use a different title for results than for the help page.
23078 * (bug 11562) Added a user_registration parameter/field to the list=allusers
23080 * (bug 11588) Preserve document structure for empty dataset in backlinks query.
23081 * Outputting list of all user preferences rather than having to request them by
23083 * (bug 11206) api.php should honor maxlag
23084 * Make prop=info check for restrictions in the old format too.
23085 * Add apihighlimits permission, default for sysops and bots
23086 * Add limit=max to use maximal limit
23087 * Add action=parse to render parser output. Use it instead of action=render
23088 which has been removed
23089 * Add rvtoken=rollback to prop=revisions
23090 * Add meta=allmessages to get messages from site's messages cache.
23091 * Use bold and italics highlighting only in API help
23092 * Added action={block,delete,move,protect,rollback,unblock,undelete} and
23093 list={blocks,deletedrevs}
23094 * Fixed sessionid attribute in action=login
23095 * Standardized limits. Revisions and Deletedrevisions formerly using
23096 200 / 10000, now 500 / 5000, in line with other modules.
23097 * Added list=allcategories module
23098 * (bug 12321) API list=blocks reveals private data
23099 * Fix output of wfSajaxSearch
23100 * (bug 12413) meta=userinfo missing <query> tag
23101 * Add list of sections to action=parse output
23102 * Added action=logout
23103 * Added cascade flag to prop=info&inprop=protections
23104 * Added wlshow parameter to list=watchlist, similar to rcshow
23105 (list=recentchanges)
23106 * Added support for image thumbnailing to prop=imageinfo
23107 * action={login,block,delete,move,protect,rollback,unblock,undelete} now must be
23109 * prop=imageinfo interface changed: iihistory replaced by iilimit, iistart and
23111 * Added amlang parameter to meta=allmessages
23112 * Added apfilterlanglinks parameter to list=allpages, replacing
23113 query.php?what=nolanglinks
23114 * (bug 12718) Added action=paraminfo module that provides information about API
23115 modules and their parameters
23116 * Added iiurlwidth and iiurlheight parameters to prop=imageinfo
23117 * Added format=txt and format=dbg, imported from query.php
23118 * Added uiprop=editcount to meta=userinfo
23119 * Added list=users which fetches user information
23120 * Added list=random which fetches a list of random pages
23121 * Added page parameter to action=parse to facilitate parsing of existing pages
23122 * Added uiprop=ratelimits to meta=userinfo
23123 * Added siprop=namespacealiases to meta=siteinfo
23124 * Made multiple values for ucuser possible in list=usercontribs
23125 * (bug 12944) Added cmstart and cmend parameters to list=categorymembers
23126 * Allow queries to have a where range that does not match the range field
23128 == MediaWiki 1.11 ==
23130 == MediaWiki 1.11.2 ==
23134 This is a security release of the Fall 2007 snapshot release of MediaWiki.
23135 Possible cross-site information leaks using the callback parameter for
23136 JSON-formatted results in the API are prevented by dropping user credentials.
23138 MediaWiki release versions prior to 1.11 are not vulnerable, as they do not
23139 include the callback feature which allows client-side JavaScript on other sites
23142 Changes in this release:
23144 * User credentials are dropped for API JSON requests using a callback
23145 * Edit tokens are not reported for API JSON requests using a callback
23147 == MediaWiki 1.11.1 ==
23151 This is a security and bugfix release of the Fall 2007 snapshot release of
23152 MediaWiki. A potential XSS injection vector affecting api.php only for
23153 Microsoft Internet Explorer users has been closed.
23155 Changes in this release:
23156 * (bug [[bugzilla:11450|11450]]) Fix creation of objectcache table on upgrade
23157 * (bug [[bugzilla:11462|11462]]) Fix typo in LanguageGetSpecialPageAliases hook
23159 * Fix regression in LinkBatch.php breaking PHP 5.0
23160 * Security fix for API on MSIE
23162 To work around the vulnerability without upgrading, you may disable the API if
23164 :[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;
23166 Not vulnerable versions:
23171 * 1.8 any version (if $wgEnableAPI has been left off)
23173 Vulnerable versions:
23174 * 1.11 <= 1.11.0rc1
23177 * 1.8 any version (if $wgEnableAPI has been switched on)
23179 MediaWiki 1.7 and below are not affected as they do not include the API
23180 functionality, however the BotQuery extension is similarly vulnerable unless
23181 updated to the latest SVN version.
23183 == MediaWiki 1.11.0 ==
23187 This is the Fall 2007 snapshot release of MediaWiki.
23189 MediaWiki is now using a "continuous integration" development model with
23190 quarterly snapshot releases. The latest development code is always kept "ready
23191 to run", and in fact runs our own sites on Wikipedia.
23193 Release branches will continue to receive security updates for about a year
23194 from first release, but nonessential bugfixes and feature developments will be
23195 made on the development trunk and appear in the next quarterly release.
23197 Those wishing to use the latest code instead of a branch release can obtain it
23198 from source control: [[Download from SVN]]
23200 This is the Summer 2007 branch release of MediaWiki.
23202 MediaWiki is now using a "continuous integration" development model with
23203 quarterly snapshot releases. The latest development code is always kept
23204 "ready to run", and in fact runs our own sites on Wikipedia.
23206 Release branches will continue to receive security updates for about a year
23207 from first release, but nonessential bugfixes and feature developments
23208 will be made on the development trunk and appear in the next quarterly release.
23210 Those wishing to use the latest code instead of a branch release can obtain
23211 it from source control: https://www.mediawiki.org/wiki/Download_from_SVN
23213 == Changes since 1.11.0rc1 ==
23215 A possible HTML/XSS injection vector in the API pretty-printing mode has been
23218 The vulnerability may be worked around in an unfixed version by simply
23219 disabling the API interface if it is not in use, by adding this to
23220 [[Manual:LocalSettings.php|LocalSettings.php]]:<br />
23221 <code>[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;</code> <br />
23222 (This is the default setting in 1.8.x.)
23224 Not vulnerable versions:
23230 Vulnerable versions:
23231 * 1.11 <= 1.11.0rc1
23234 * 1.8 <= 1.8.4 (if [[Manual:$wgEnableAPI|$wgEnableAPI]] has been switched on)
23236 MediaWiki 1.7 and below are not affected as they do not include the faulty
23237 function, however the [[Extension:BotQuery|BotQuery extension]] is similarly
23238 vulnerable unless updated to the latest SVN version.
23240 == Configuration changes since 1.10 ==
23242 * $wgThumbUpright - Adjust width of upright images when parameter 'upright' is
23244 * $wgAddGroups, $wgRemoveGroups - Finer control over who can assign which
23246 * $wgEnotifImpersonal, $wgEnotifUseJobQ - Bulk mail options for large sites
23247 * $wgShowHostnames - Expose server host names through the API and HTML comments
23248 * $wgSaveDeletedFiles has been removed, the feature is now enabled
23251 == New features since 1.10 ==
23253 * (bug 8868) Separate "blocked" message for autoblocks
23254 * Adding expiry of block to block messages
23255 * Links to redirect pages in categories are wrapped in
23256 <span class="redirect-in-category"></span>
23257 * Introduced 'ImageOpenShowImageInlineBefore' hook; see docs/hooks.txt for
23259 * (bug 9628) Show warnings about slave lag on Special:Contributions,
23261 * (bug 8818) Expose "wpDestFile" as parameter $1 to "uploaddisabledtext"
23262 * Introducing new image keyword 'upright' and corresponding variable
23263 $wgThumbUpright. This allows better proportional view of upright images
23264 related to landscape images on a page without nailing the width of upright
23265 images to a fix value which makes views for anon unproportional and user
23266 preferences useless
23267 * (bug 6072) Introducing 'border' keyword to the [[Image:]] syntax
23268 * Introducing 'frameless' keyword to [[Image:]] syntax which respects the
23269 user preferences for image width like 'thumb' but without a frame.
23270 * (bug 7960) Link to "what links here" for each "what links here" entry
23271 * Added support for configuration of an arbitrary number of commons-style
23273 * Added a Content-Disposition header to thumb.php output
23274 * Improved thumb.php error handling
23275 * Display file history on local image description pages of shared images
23276 * Added $wgArticleRobotPolicies
23277 * (bug 10076) Additional parameter $7 added to MediaWiki:Blockedtext
23278 containing, the ip, ip range, or username whose block is affecting the
23279 * (bug 7691) Show relevant lines from the deletion log when re-creating a
23280 previously deleted article
23281 * Added variables 'wgRestrictionEdit' and 'wgRestrictionMove' for JS to header
23282 * (bug 9898) Allow viewing all namespaces in Special:Newpages
23283 * (bug 10139) Introduce 'EditSectionLink' and 'EditSectionLinkForOther' hooks;
23284 see docs/hooks.txt for details
23285 * (bug 9769) Provide "watch this page" toggle on protection form
23286 * (bug 9886) Provide clear example "stub link" in Special:Preferences
23287 * (bug 10055) Populate email address and real name properties of User objects
23288 passed to the 'AbortNewAccount' hook
23289 * Show result of Special:Booksources in wiki content language always, it's
23290 normally better maintained than the generic list from the standard message
23292 * (bug 7997) Allow users to be blocked from using Special:Emailuser
23293 * (bug 8989) Blacklist 'mhtml' and 'mht' files from upload
23294 * (bug 8760) Allow wiki links in "protectexpiry" message
23295 * (bug 5908) Add "DEFAULTSORTKEY" and "DEFAULTCATEGORYSORT" aliases for
23296 "DEFAULTSORT" magic word
23297 * (bug 10181) Support the XCache object caching mechanism
23298 * (bug 9058) Introduce '--aconf' option for all maintenance scripts, to provide
23299 a path to the AdminSettings.php file
23300 * (bug 8781) Remind users to check file permissions for LocalSettings.php
23302 * Use shared.css for all skins and oldshared.css in place of common.css for
23303 pre-Monobook skins. As always, modifications should go in-wiki to MediaWiki:
23304 Common.css and MediaWiki:Monobook.css.
23305 * (bug 8869) Introduce Special:Uncategorizedtemplates
23306 * (bug 8734) Different log message when article protection level is changed
23307 * (bug 8458, 10338) Limit custom signature length to $wgMaxSigChars Unicode
23309 * (bug 10096) Added an ability to query interwiki map table
23310 * On reupload, add a null revision to the image description page
23311 * Group log output by date
23312 * Kurdish interface latin/arabic writing system with transliteration
23313 * Support wiki text in all query page headers
23314 * Add 'Orphanedpages' as an alias to Special:Lonelypages
23315 * (bug 9328) Use "revision-info-current" message in place of "revision-info"
23316 when viewing the current revision of a page, if available
23317 * (bug 8890) Enable wiki text for "license" message
23318 * Throw a showstopper exception when a hook function fails to return a value.
23319 Forgetting to give a 'true' return value is a very common error which tends
23320 to cause hard-to-track-down interactions between extensions.
23321 * Use $wgJobClasses to determine the correct Job to instantiate for a particular
23322 queued task; allows extensions to introduce custom jobs
23323 * (bug 10326) AJAX-based page watching and unwatching has been cleaned up and
23324 enabled by default.
23325 * Added option to install to MyISAM
23326 * (bug 9250) Remove hardcoded minimum image name length of three characters
23327 * Fixed DISPLAYTITLE behavior to reject titles which don't normalise to the
23328 same title as the current page, and enabled per default
23329 * Wrap site CSS and JavaScript in a <pre> tag, like user JS/CSS
23330 * (bug 10196) Add classes and dir="ltr" to the <pre>s on CSS and JS pages (new
23331 classes: mw-code, mw-css, mw-js)
23332 * (bug 6711) Add $wgAddGroups and $wgRemoveGroups to allow finer control over
23333 usergroup assignment.
23334 * Introduce 'UserEffectiveGroups' hook; see docs/hooks.txt for more information
23335 * (bug 10387) Detect and handle '.php5' extension environments at install time
23336 * Introduce 'ShowRawCssJs' hook; see docs/hooks.txt for more information
23337 * (bug 10404) Show rights log for the selected user in Special:Userrights
23338 * New javascript for upload page that will show a warning if a file with the
23339 "destination filename" already exists.
23340 * Add 'editsection-brackets' message to allow localization (or removal) of the
23341 brackets in the "[edit]" link for sections
23342 * (bug 10437) Move texvc styling to shared.css
23343 * Introduce "raw editing" mode for the watchlist, to allow bulk additions,
23344 removals, and convenient exporting of watchlist contents
23345 * Show "undo" links in page histories
23346 * Option to jump to specified time period in user contributions
23347 * Improved feedback on "rollback success" page
23348 * Show distinct 'namespaceprotected' message to users when namespace protection
23349 prevents page editing
23350 * (bug 9936) Per-edit suppression of preview-on-first edit with "preview=no"
23351 * Allow showing a one-off preview on first edit with "preview=yes"
23352 * (bug 9151) Remove timed redirects on "Return to X" pages for accessibility.
23353 * Link to user logs in toolbox when viewing a user page
23354 * (bug 10508) Allow HTML attributes on <gallery>
23355 * (bug 1962) Allow HTML attributes on <math>
23356 * (bug 10530) Introduce optional "sp-contributions-explain" message for
23357 additional explanation in Special:Contributions
23358 * (bug 10520) Preview licences during upload via AJAX (toggle with
23359 $wgAjaxLicensePreview)
23360 * New Parser::setTransparentTagHook for parser extension and template
23362 * Introduced 'ContributionsToolLinks' hook; see docs/hooks.txt for more
23364 * Add a message if category is empty
23365 * Add CSS compatibility for Opera 9.5
23366 * Remove largely untested handheld stylesheet, which was causing more trouble
23367 than good. Proper handheld support will be added at a future date. For now,
23368 display should be acceptable either with CSS turned off or when using a so-
23369 phisticated handheld browser.
23370 * (bug 3173) Option to offer exported pages as a download, rather than
23371 displaying inline, as in most browsers
23372 * Pass the user as an argument to 'isValidPassword' hook callbacks; see
23373 docs/hooks.txt for more information
23374 * Introduce 'UserGetRights' hook; see docs/hooks.txt for more information
23375 * (bug 9595) Pass new Revision to the 'ArticleInsertComplete' and
23376 'ArticleSaveComplete' hooks; see docs/hooks.txt for more information
23377 * (bug 9575) Accept upload description from GET parameters
23378 * Skip the difference engine cache when 'action=purge' is used while requesting
23379 a difference page, to allow refreshing the cache in case of errors
23380 * (bug 10701) Link to Special:Listusers in default Special:Statistics messages
23381 * Improved file history presentation
23382 * (bug 10739) Users can now enter comments when reverting files
23383 * Improved handling of permissions errors
23384 * (bug 10793) "Mark patrolled" links will now be shown for users with
23385 patrol permissions on all eligible diff pages
23386 * (bug 10655) Show standard tool links for blocked users in block log messages
23387 * Show standard tool links for blocked users in Special:Ipblocklist
23388 * Miscellaneous aesthetic improvements to Special:Ipblocklist
23389 * (bug 10826) Added link trail with Cyrillic characters for Mongolian language
23390 * (bug 10859) Introduce 'UserGetImplicitGroups' hook; see docs/hooks.txt for
23392 * (bug 10832) Include user information when viewing a deleted revision
23393 * (bug 10872) Fall back to sane defaults when generating protection selector
23394 labels for custom restriction levels
23395 * Show edit count in user preferences
23396 * Improved support for audio/video extensions
23397 * (bug 10937) Distinguish overwritten files in upload log
23398 * Introduce 'ArticleUpdateBeforeRedirect' hook; see docs/hooks.txt for more
23400 * Confirmation is now required when deleting old versions of files
23401 * (bug 7535) Users can now enter comments when deleting old versions of files
23402 * (bug 11001) Submit Special:Newpages as a GET, rather than a POST request
23403 * The <strong></strong> around links to watched pages in change lists now
23404 has a class - "mw-watched"
23405 * (bug 9002) Provide a "view/restore deleted edits" link on Special:Upload
23406 when a destination filename is provided that corresponds with previous
23408 * Make the "invalid special page" message clearer
23409 * Add accesskey 's' and tooltip to 'upload file' button at Special:Upload
23410 * Introduced 'SkinAfterBottomScripts' hook; see docs/hooks.txt for
23412 * (bug 11095) Honour "preview on first edit" preference when preloading
23413 text for a non-existent page
23414 * (bug 11022) Use a more accurate page title for Special:Whatlinkshere and
23415 Special:Recentchangeslinked
23416 * Add link to user contributions in normal watchlist edit mode
23417 * (bug 9426) Add 'newsectionheaderdefaultlevel' message to allow
23418 modification of the heading formatting for new sections when section=new
23419 argument is supplied
23420 * (bug 10836) Add 'newsectionsummary' message to allow modification of the
23421 text that prefixes a new section link in Recent Changes
23423 == Bugfixes since 1.10 ==
23425 * (bug 9712) Use Arabic comma in date/time formats for Arabic and Farsi
23426 * (bug 9670) Follow redirects when render edit section links to transcluded
23428 * (bug 6204) Fix incorrect unindentation with $wgMaxTocLevel
23429 * (bug 3431) Suppress "next page" link in Special:Search at end of results
23430 * Don't show unblock form if the user doesn't have permission to use it
23431 (cosmetic change, no vulnerabilities existed)
23432 * Subtitle success message when unblocking a block ID instead of a pseudo link
23433 like [[User:#123|#123]]
23434 * Use the standard HTTP fetch functions when retrieving remote wiki pages
23435 through transwiki, so we can take advantage of cURL goodies if available
23436 * Disable user JavaScript on Special:Userlogin, Special:Resetpass and
23437 Special:Preferences, to avoid a compromised script sniffing passwords, etc.
23438 * (bug 9854, 3770) Clip overflow text in gallery boxes for visual cleanliness
23439 instead of letting it flow outside the box or trigger ugly scroll bars.
23440 * Tooltips for print version and permalink
23441 * Links to the MediaWiki namespace for system messages having their default
23442 values are no longer shown as nonexistent (e.g., in red)
23443 * Special:Ipblocklist differentiates between empty list and no search results.
23444 * (bug 5375) profiling does not respect read-only mode.
23445 * (bug 7070) monobook/user.gif has antialias artifacts
23446 * (bug 9123) Safer way when applying $wgLocalTZoffset
23447 * (bug 9896) Documentation for $wgSquidServers and X-FORWARDED-FOR
23448 * (bug 9417) Uploading new versions of images when using Postgres no longer
23450 * (bug 9908) Using tsearch2 with Postgres 8.1 no longer gives an error.
23451 * (bug 1438) Fix for diff table layout on very wide lines.
23452 Diff style rules have been broken out to common/diff.css,
23453 and the dupes removed from the default skin files.
23454 Skins can still override the default rules.
23455 * (bug 1229) Balance columns in diff display evenly
23456 * Right-align diff line numbers in RTL language display
23457 * (bug 9332) Fix instructions in tests/README
23458 * (bug 9813) Reject usernames containing '#' to avoid silent truncation
23459 of fragments during the normalisation process
23460 * (bug 7989) RSS feeds content now use black text when using white background.
23461 * (bug 9971) Typo in a french language message.
23462 * (bug 9973) Changed size was shown in advanced recentchanges collapsible items
23463 with $wgRCShowChangedSized = false.
23464 * Fix PHP strict standards warning in enhanced recent changes.
23465 * (bug 5850) Added hexadecimal html entities comments for $digitTransformTable
23467 * (bug 7432) Change language name for Aromanian (roa-rup)
23468 * (bug 908) Unexistent special pages now generate a red link.
23469 * (bug 7899) Added \hline and \vline to the list of allowed TeX commands
23470 * (bug 7993) support mathematical symbol classes
23471 * (bug 10007) Allow Block IP to work with Postgrs again.
23472 * Add Google Wireless Transcoder to the Unicode editing blacklist
23473 * (bug 10083) Fix for Special:Version breakage on PHP 5.2 with some hooks
23474 * (bug 3624) TeX: \ker, \hom, \arg, \dim treated like \sin & \cos
23475 * (bug 10132, 10134) Restore back-compatibility Image::imageUrl() function
23476 * (bug 10113) Fix double-click for view source on protected pages
23477 * (bug 10117) Special:Wantedpages doesn't handle invalid titles in result
23478 set [now prints out a warning]
23479 * (bug 10118) Introduced Special:Mostlinkedtemplates, report which lists
23480 templates with a high number of inclusion links
23481 * (bug 10104) Fixed Database::getLag() for PostgreSQL and Oracle
23482 * (bug 9820) session.save_path check no longer halts installation, but
23483 warns of possible bad values
23484 * (bug 9978) Fixed session.save_path validation when using extended
23485 configuration format, e.g. "5;/tmp"
23486 * Don't generate a diff link in the patrol log if the page doesn't exist
23487 * (bug 10067) Translations for former skins removed from message files
23488 * (bug 9993) Force $wgShowExceptionDetails on during installation
23489 * (bug 9980) Validate administrator username and password during
23491 * (bug 9383) Don't set a default value for BLOB column in rc-deleted
23493 * (bug 10149) Don't show full template list on section-0 edit
23494 * (bug 9909) Ensure access to binary fields in the math table use encodeBlob()
23496 * (bug 6743) Don't link broken image links to the upload form when uploads
23498 * (bug 9679) Improve documentation for $wgSiteNotice
23499 * (bug 10215) Show custom editing introduction when editing existing pages
23500 * (bug 10223) Fix edit link in noarticletext localizations for fr, oc
23501 * (bug 10247) Fix IP address regex to avoid false positive IPv6 matches
23502 * (bug 9948) Workaround for diff regression with old Mozilla versions
23503 * (bug 10265) Fix regression in category image gallery paging
23504 * (bug 8577) Fix some weird misapplications of time zones.
23505 {{CURRENT*}} functions now consistently use UTC as intended, while
23506 {{LOCAL*}} functions return local time per server config or $wgLocaltimezone.
23507 Signature dates for Japanese and other languages including weekday now show
23508 the correct day to match the rest of the time in local time.
23509 * Escape the output of magic variables that return page name or part of it
23510 * (bug 10309) Initialise parser state properly in extractSections(), fixes
23511 some cases where section edits broke because tags were improperly stripped
23512 * Avoid PHP notice errors when doing HTTP proxy purges for an empty list
23513 * As intended, *skip* the HTTP proxy purges when doing HTCP purges
23514 * (bug 9696) Fix handling of brace transformations in "pagemovedtext"
23515 * (bug 10325) Fix regression in form action on Special:Listusers
23516 * Fixed installation on MyISAM or old InnoDB with charset=utf8, was giving
23517 overlong key errors.
23518 * Fixed zero-padding issues with MySQL 5 binary schema
23519 * (bug 10344) Don't follow a redirect after changing its protection level
23520 * (bug 10333) Correct date format in Slovenian
23521 * (bug 10160) Show error message for unknown namespace on Special:Allpages and
23522 Special:Prefixindex; making forms prettier for RTL wikis.
23523 * (bug 10334) Replace normal spaces before percent (%) signs with non-breaking
23525 * (bug 10372) namespaceDupes.php no longer ignores namespace aliases
23526 * (bug 10198) namespaceDupes.php no longer ignores interwiki prefixes
23527 * namespaceDupes.php should work better for initial-lowercase wikis
23528 * (bug 10377) "Permanent links" to revisions still work if the page is moved
23529 and the redirect deleted
23530 * (bug 7071) Properly handle an 'oldid' passed to view or edit that doesn't
23531 match the given title. Fixes inconsistencies with talk, history, edit links.
23532 * (bug 10397) Fix AJAX watch error fallback when we receive a bogus result
23533 * (bug 10396) Fix AJAX error when $wgScriptPath/index.php is not valid;
23534 using $wgScript now included in JS info
23535 * Use native XMLHttpRequest class in preference to ActiveX on IE 7; this
23536 avoids the "ActiveX "Do you want to allow ActiveX?" prompt when something
23537 security settings are cranked this way and AJAX-y gets used.
23538 * Delay AJAX watch initialization until click so IE 6 with ugly security
23539 settings doesn't prompt you until you use the link.
23540 * (bug 10401) Provide non-redirecting link to original title in Special:Movepage
23541 * Fix broken handling of log views for page titles consisting of one
23542 or more zeros, e.g. "0", "00" etc.
23543 * Fix read permission check for special pages with subpage parameters, e.g.
23544 Special:Confirmemail
23545 * Fix read permission check for unreadable page titles which are numerically
23546 equivalent to a whitelisted title
23547 * '?>' closing tag removed from all files to help avoid problems with extraneous
23548 whitespace (broken XML feeds, etc.)
23549 * Don't use garbled parser cache output when viewing custom CSS or JavaScript
23551 * (bug 10406) Fix Special:Listusers filter form for non-ASCII localizations
23552 * Fix empty message checks for message names containing &
23553 This corrects some odd behavior with sidebar items and custom namespaces
23554 containing ampersands.
23555 * (bug 10375) Change thousands separator character to for Latin (la)
23556 * (bug 10477) Fix AJAX watch for Farsi on Firefox: JavaScript encoding tweak
23557 * (bug 10496) Fix broken DISTINCT option logic in database backend
23558 * Fix CSS media declaration for "screen, projection"; was causing some
23560 * (bug 10495) $wgMemcachedDebug set twice in includes/DefaultSettings.php
23561 * (bug 10316) Prevent inconsistent cached skin settings in gen=js by setting
23562 the intended skin directly in the URL.
23563 * (bug 9903) Don't mark redirects in categories as stubs
23564 * (bug 6965) Cannot include "Template:R" with {{R}} (magic word conflict)
23565 * Padding parser functions now work with strings like '0' that evaluate to false
23566 * (bug 10332) Title->userCan( 'edit' ) may return false positive
23567 * Fix bug with <nowiki> in front of links for wikis where linkPrefixExtension is
23569 * (bug 10552) Suppress rollback link in history for single-revision pages
23570 * (bug 10538) Gracefully handle invalid input on move success page
23571 * Fix for Esperanto double-x-encoding in move success page
23572 * (bug 10526) Fix toolbar/insertTags behavior for IE 6/7 and Opera (8+)
23573 Now matches the selection behavior on Mozilla / Safari.
23574 Patch by Alex Smotrov.
23575 * Don't show non-functional toolbar buttons on Opera 7 anymore
23576 * (bug 9151) Fix relative subpage links with section fragments
23577 * (bug 10560) Adding a space between category letter heading and "continues"
23578 * (bug 4650) Keep impossibly large/small counts off Special:Statistics
23579 * (bug 10608) PHP notice when installing with PostgreSQL
23580 * (bug 10615) Fix for transwiki import when CURL not available
23581 * (bug 8054) Return search page for empty search requests with ugly URLs
23582 * (bug 10572) Force refresh after clearing visitation timestamps on watchlist
23583 * (bug 10631) Warn when illegal characters are removed from filename at upload
23584 * Fix several JavaScript bugs under MSIE 5/Macintosh
23585 * (bug 10591) Use Arabic numerals (0,1,2...) for the Malayam language
23586 * (bug 10642) Fix shift-click checkbox behavior for Opera 9.0+ and 6.0
23587 * Work around Safari bug with pages ending in ".gz" or ".tgz"
23588 * Removed obsolete maintenance/changeuser.sql script; use RenameUser extension
23589 * (bug 2735) "Preview" shown in title bar for action=submit on special pages
23590 * Removed "restore" links from the deletion log embedded in Special:Undelete
23591 * Improved error reporting and robustness for file delete/undelete.
23592 * Improved speed of file delete by storing the SHA-1 hash in image/oldimage
23593 * Fixed leading zero in base 36 SHA-1 hash
23594 * Protection form no longer produces JavaScript errors
23595 * (bug 10741) File histories show "delete" links for non-sysops
23596 * (bug 10744) Treat "noarticletext" and "noarticletextanon" as wiki text when
23597 used on a non-existent page with "action=info"
23598 * Fix escaping of raw message text when used on a non-existent page with
23600 * (bug 10683) Fix inconsistent handling of URL-encoded titles in links
23601 used in redirects (i.e. they now work)
23602 * (bug 8878) Changes to $dateFormats in German localization (removing unused,
23603 nonexistent formats, putting time after date)
23604 * (bug 10769) Database::update() should return boolean result
23605 * Fix preference checkbox display for right-to-left languages which caused
23606 them to be hidden in IE in some cases
23607 * Fix upload form display in right-to-left languages
23608 * Fixed regression in blocking of username '0'
23609 * (bug 9437) Don't overwrite edit form submission handler when setting up
23610 edit box scroll position preserve/restore behavior
23611 * (bug 10805) Fix "undo" link when viewing the diff of the most recent
23612 change to a page using "diff=0"
23613 * (bug 10765) img_auth.php will now refuse logged-out requests where
23614 $wgWhitelistRead is undefined, instead of (incorrectly) honouring them
23615 * Fixed img_auth.php file name extraction for whitelist checking
23616 * Tweak spacing of email preference display
23617 * Table sorting JavaScript prefers textContent over innerText to allow hidden
23618 sort keys to work on Safari
23619 * (bug 4530) Fix local name of Kurdish language
23620 * (bug 10830) Fix local name of Haitian Creole language
23621 * Fix invalid XHTML in Special:Protectedpages
23622 * Fix comments in contributions and log pages for right-to-left languages
23623 * Make installer include_path-independent, so it should work on hosts which
23624 disable user setting of PHP include_path setting
23625 * glob() is horribly unreliable and doesn't work on some systems, including
23626 free.fr shared hosting. No longer using it in Language::getLanguageNames()
23627 * (bug 10763) Fix multi-insert logic for PostgreSQL
23628 * Fix invalid XHTML when viewing a deleted revision
23629 * Fix syntax error in translations of magic words in Romanian language
23630 * (bug 8737) Fix warnings caused by incorrect use of `/dev/null` when piping
23631 process error output under Windows
23632 * (bug 7890) Don't list redirects to special pages in Special:BrokenRedirects
23633 * (bug 10783) Resizing PNG-24 images with GD no longer causes all alpha
23634 channel transparency to be lost and transparent pixels to be turned black
23635 * (bug 9339) General error pages were transforming messages and their parameters
23637 * (bug 9026) Incorrect heading numbering when viewing Special:Statistics with
23638 "auto-numbered headings" enabled
23639 * Fixed invalid XHTML in Special:Upload
23640 * (bug 11013) Make sure dl() is available before attempting to use it to check
23641 available databases in installer
23642 * Resizing transparent GIF images with GD now retains transparency by skipping
23644 * (bug 11065) Fix regression in handling of wiki-formatted EXIF metadata
23645 * Double encoding broke Special:Newpages for some languages
23646 * Adding a newline before the statistics footer, to prevent parsing problems
23647 * Preventing the TOC from appearing in Special:Statistics
23648 * (bug 11082) Fix check for fully-specced table names in Database::tableName
23649 * (bug 11067) Fix regression in upload conflict thumbnail display
23650 * (bug 10985) Resolved cached entries on Special:DoubleRedirects were being
23651 suppressed, breaking paging - now strikes out "fixed" results
23652 * (bug 8393) <sup> and <sub> need to be preserved (without attributes) for
23653 entries in the table of contents
23654 * (bug 11114) Fix regression in read-only mode error display during editing
23655 * Force non-MySQL databases to use an ORDER BY in SpecialAllpages to ensure
23656 that the first page_title is truly the first page title.
23657 * (bug 10836) Change the summary on creating of new section
23658 * Inclusion of Special:Wantedpages now works again
23660 == API changes since 1.10 ==
23662 Full API documentation is available at https://www.mediawiki.org/wiki/API
23664 * New properties: links, templates, images, langlinks, categories, external
23666 * Breaking Change: imagelinks renamed into imageusage (il->iu)
23667 * Bug fix: incorrect generator behavior in some cases
23668 * JSON format allows an optional callback function to wrap the result.
23669 * Login module disabled until a more secure solution can be implemented
23670 * (bug 9938) Querying by revision identifier returns the most recent revision
23671 for the corresponding page, rather than the requested revision
23672 * (bug 8772) Filter page revision queries by user
23673 * (bug 9927) User contributions queries do not accept IP addresses
23674 * Watchlist feed now reports a proper feed item when the user is not logged in
23675 * Watchlist feed date bug fixed - automatically shows one last day
23676 * Watchlist feed now allows to specify number of hours to monitor
23677 * list=allpages now returns a list instead of a map in JSON format
23678 * Breaking Change: in json, revisions are now returned as a list, not as a map.
23679 * Add: prop=info can show page is new flag, current page length, and visit
23681 * Change: Query watchlist now shows flags only when explicitly requested with
23683 * rc_this_oldid (textid) is no longer accessible from query watchlist
23684 * action=usercontribs: additional filtering by ucshow=; selection of needed
23685 fields with ucprop=; the textid (rev_text_id) is no longer being exposed
23686 * (bug 9970) Breaking Change: backlinks, embeddedin and imageusage now return
23687 lists in JSON instead of a map, and do not return anything when titles do
23689 * (bug 9121) Introduced indexpageids query parameter to list the page_id
23690 values of all returned page items
23691 * (bug 10147) Now interwiki titles are not processed but added to a separate
23692 "interwiki" section of the output.
23693 * Added categorymembers list to query for pages in a category.
23694 * (bug 10260) Show page protection status
23695 * (bug 10392) Include MediaWiki version details in version output
23696 * (bug 10411) Site language in meta=siteinfo
23697 * (bug 10391) action=help doesn't return help if format is fancy markup
23698 * backlinks, embeddedin and imageusage lists should use (bl|ei|iu)title
23699 parameter instead of titles. Titles for these lists is obsolete and might stop
23701 * Added prop=imageinfo - gets image properties and upload history
23702 * (bug 10211) Added db server replication lag information in meta=siteinfo
23703 * Added external url search within wiki pages (list=exturlusage)
23704 * Added link enumeration (list=alllinks)
23705 * Added registered users enumeration (list=allusers)
23706 * Added full text search in titles and content (list=search)
23707 * (bug 10684) Expanded list=allusers functionality
23708 * Possible breaking change: prop=revisions no longer includes pageid for
23710 * Added rvprop=size to prop=revisions (The size will not be shown if it is NULL
23712 * list=allpages now allows to filter by article min/max size and protection
23714 * Added site statistics (siprop=statistics for meta=siteinfo)
23715 * (bug 10902) Unable to fetch user contributions from IP addresses
23716 * `list=usercontribs` no longer requires that the user exist
23717 * (bug 10971) `aufrom` parameter doesn't work with spaces
23718 * Fix username handling issue with `auprefix` parameter
23719 * Treat underscores as spaces for `aufrom` and `auprefix` parameters
23720 * Added edit/delete/... token retrieval to prop=info
23721 * Added meta=userinfo - logged-in user information, group membership, rights
23722 * (bug 11072) Fix regression in API image history query
23723 * (bug 11115) Adding SHA1 hash to imageinfo query
23724 * (bug 10898) API does not return an edit token for non-existent pages
23725 * (bug 10890) Timestamp support for categorymembers query
23726 * (bug 10980) Add exclude redirects on backlinks
23727 * IPv6 titles in User namespace are normalized (run cleanupTitles.php to fix any
23730 == Maintenance script changes since 1.10 ==
23732 * Add support for wgMaxTocLevel option in parserTests
23733 * (bug 6823) Disable article view counter in maintenance/dumpHTML.php
23734 * Fix maintenance/importImages.php so it doesn't barf PHP errors when no
23735 suitable files are found, and make the list of extensions an option (defaults
23736 to $wgFileExtensions)
23737 * Add option to maintenance/createAndPromote.php to give the user bureaucrat
23738 permissions (--bureaucrat)
23739 * Allow overwriting existing files with a conflicting name using
23740 maintenance/importImages.php
23741 * (bug 10266) Use native newlines when rebuilding a messages file.
23743 == Languages updated since 1.10 ==
23756 * Extremaduran (ext)
23761 * Français Cadien (frc) (new)
23762 * Franco-Provençal/Arpetan (frp)
23766 * Upper Sorbian (hsb)
23776 * Kinaray-a (krj) (new)
23783 * Bahasa Melayu (ms)
23789 * Punjabi (Gurmukhi) (pa)
23791 * Piedmontese (pms)
23795 * Aromanian (roa-rup)
23813 * Winaray (war) (new)
23815 * Old Chinese / Late Middle Chinese (zh-classical)
23816 * Chinese (PRC) (zh-cn)
23817 * Chinese (Taiwan) (zh-tw)
23818 * Cantonese (zh-yue)
23820 == MediaWiki 1.10 ==
23822 == MediaWiki 1.10.4 ==
23826 * Correction for API path fix, broken in 1.10.3
23828 == MediaWiki 1.10.3 ==
23832 This is a security update to the Winter 2007 quarterly release. A potential
23833 XSS injection vector affecting api.php only for Microsoft Internet Explorer
23834 users has been closed.
23837 To work around the vulnerability without upgrading, you may disable the API if
23840 :[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;
23842 Not vulnerable versions:
23847 * 1.8 any version (if $wgEnableAPI has been left off)
23849 Vulnerable versions:
23850 * 1.11 <= 1.11.0rc1
23853 * 1.8 any version (if $wgEnableAPI has been switched on)
23855 MediaWiki 1.7 and below are not affected as they do not include the API
23856 functionality, however the BotQuery extension is similarly vulnerable unless
23857 updated to the latest SVN version.
23859 == MediaWiki 1.10.2 ==
23862 This is a security fix update to the Spring 2007 quarterly release snapshot. A
23863 possible HTML/XSS injection vector in the API pretty-printing mode has been
23866 The vulnerability may be worked around in an unfixed version by simply
23867 disabling the API interface if it is not in use, by adding this to
23869 :[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;
23871 Not vulnerable versions:
23877 Vulnerable versions:
23878 * 1.11 <= 1.11.0rc1
23881 * 1.8 <= 1.8.4 (if $wgEnableAPI has been switched on)
23883 MediaWiki 1.7 and below are not affected as they do not include the faulty
23884 function, however the BotQuery extension is similarly vulnerable unless updated
23885 to the latest SVN version.
23887 == MediaWiki 1.10.1 ==
23890 This is a bugfix update to the Spring 2007 quarterly release snapshot. A number
23891 of fixes to improve compatibility with PostgreSQL, some versions of MySQL, and
23892 some PHP configurations are included.
23894 Changes since 1.10.0:
23896 * (bug [[bugzilla:9417|9417]]) Uploading new versions of images when using
23897 Postgres no longer throws warnings.
23898 * (bug [[bugzilla:9908|9908]]) Using tsearch2 with Postgres 8.1 no longer gives
23900 * (bug [[bugzilla:9973|9973]]) Changed size was shown in advanced recentchanges
23901 collapsible items with $wgRCShowChangedSized = false.
23902 * Fixed installation on MyISAM or old InnoDB with charset=utf8, was giving
23903 overlong key errors.
23904 * Fixed zero-padding issues with MySQL 5 binary schema
23905 * (bug [[bugzilla:9820|9820]]) session.save_path check no longer halts
23906 installation, but warns of possible bad values
23907 * (bug [[bugzilla:9978|9978]]) Fixed session.save_path validation when using
23908 extended configuration format, e.g. "5;/tmp"
23910 == MediaWiki 1.10.0 ==
23913 This is the quarterly release snapshot for Spring 2007. See below for a full
23914 list of changes since the 1.9.x series.
23916 Changes since 1.10.0rc2:
23918 * (bug [[bugzilla:9808|9808]]) Fix regression that ignored user 'rclimit'
23919 option for Special:Contributions
23921 == MediaWiki 1.10.0rc2 ==
23924 THIS IS A RELEASE CANDIDATE MADE AVAILABLE FOR TESTING!
23925 A FINAL 1.10.0 RELEASE WILL APPEAR WITHIN A FEW DAYS.
23927 Changes since 1.10.0rc1:
23928 * Various l10n fixes and updates
23929 * Fix for upgrade of page_restrictions table
23930 * (bug [[bugzilla:9780|9780]]) Fix normalization of titles with initial colon
23931 followed by whitespace
23932 * Fix for regression in upload: wrong size info saved into image table
23933 * Avoid cyclic stub problems when authorization hooks do funny things with the
23934 user and the database at load time
23936 == MediaWiki 1.10.0rc1 ==
23937 This is the Spring 2007 branch release of MediaWiki.
23939 MediaWiki is now using a "continuous integration" development model with
23940 quarterly snapshot releases. The latest development code is always kept
23941 "ready to run", and in fact runs our own sites on Wikipedia.
23943 Release branches will continue to receive security updates for about a year
23944 from first release, but nonessential bugfixes and feature developments
23945 will be made on the development trunk and appear in the next quarterly release.
23947 Those wishing to use the latest code instead of a branch release can obtain
23948 it from source control: https://www.mediawiki.org/wiki/Download_from_SVN
23950 == Configuration changes ==
23952 * A new switch $wgCommandLineDarkBg used by maintenance scripts
23953 (parserTests.php). It lets you specify if your terminal use a dark background,
23954 the colorized output will be made lighter making things easier to read.
23955 * The minimum permissions needed to edit a page in each namespace can now be
23956 customized via the $wgNamespaceProtection array. By default, editing pages in
23957 the MediaWiki namespace requires "editinterface" permission, as before.
23958 * Allow restriction of autoconfirmed permission by edit count. New global
23959 setting $wgAutoConfirmCount (defaulting to zero, naturally).
23960 * Added rate limiter for Special:Emailuser
23961 * Private logs can now be created using $wgLogRestrictions
23962 * (Bug 8590) limited HTML is now always enabled ($wgUserHtml = true).
23963 * Deprecated $wgUseImageResize, thumbnailing will be enabled unconditionally.
23965 == New features since 1.9 ==
23967 * (bug 6937) Introduce "statistics-footer" message, appended to
23969 * (bug 6638) List block flags in block log entries
23970 * (bugs 5051, 5376) Tooltips and accesskeys no longer require JavaScript
23971 * Added SkinTemplateOutputPageBeforeExec hook before SkinTemplate::outputPage()
23973 (http://lists.wikimedia.org/pipermail/wikitech-l/2007-January/028554.html)
23974 * Introduce "cascading protection" -- implicit protection on pages transcluded
23975 into a page protected with this option enabled
23976 * (bug 8567) Added hook RawPageViewBeforeOutput just before the text is blown
23977 out in action=raw, so extensions might influence the output.
23978 * (bug 3446) Add user preference to hide page content below diffs, can be
23979 overridden by adding diffonly=1 or diffonly=0 to the URL of the diff page
23980 * Add 'purge' privilege to replace the hardcoded check for login state in
23981 determining whether action=purge can be done via GET. Switching the
23982 permission on for anons can be helpful for benchmarking.
23983 * (bug 7842) Link back to deleted revision list from deleted revision preview
23984 * (bug 8619) Add user-aware "unblock" link to Special:Blockip
23985 * (bug 8522) Provide a "delete" link on Special:Brokenredirects for users with
23986 the appropriate permission
23987 * (bug 8628) Add user-aware block list link to Special:Blockip
23988 * (bug 8621) Log revisions marked as patrolled
23989 * Introduce "BookInformation" hook; see docs/hooks.txt for more details
23990 * Add title prefix search for Special:Undelete
23991 * Remove full-archive list from Special:Undelete
23992 * (bug 8136) Introduce 'ArticleUndelete' hook; see docs/hooks.txt for more info
23993 * (bug 8712) Expose user groups as a JavaScript global
23994 * Introduce 'CustomEditor' hook; see docs/hooks.txt for more information
23995 * New special page, Special:Protectedpages, which shows all protected pages
23996 and their protection status (full protection status is not pulled out due
23997 to performance considerations, so it just shows "full protected" or
23999 * (bug 4133) Allow page protections to be made with an expiry date, in the same
24000 format as block expiry dates. Existing protections are assumed to be infinite,
24001 as are protections made with the new field left blank.
24002 * (bug 8535) Allow certain vertical alignment attributes to be used as image
24004 * (bug 6987) Allow perrow, widths, and heights attributes for <gallery>
24005 * (bug 3678) Allow disabling MediaWiki:Aboutsite in the same way as
24006 MediaWiki:Disclaimers; Also means that if any of the footer links are
24007 disabled in the wiki's default language (by setting to "-"), they'll also
24008 be disabled in other languages too (e.g. if the user specifies uselang=fr).
24009 * Sort log types in Special:Log
24010 * Added a classname ("mw-toolbar-editbutton") and unique IDs to the edit
24012 * Hide irrelevant block options in Special:Blockip based on whether an
24013 IP address/range or username is listed. (Dynamic using JS.)
24014 * (bug 9032) Make quickbarSettings localizable through Special:Allmessages
24015 * (bug 7782) Standardisation of file info at image description pages.
24016 * (bug 1035) View contributions / recentchanges for an IP range.
24017 * (bug 8747) When unwatching pages from Special:Watchlist/edit, put the
24018 confirmation messages in a proper list with a CSS class and id.
24019 * (bug 9118) Show relevant log fragments on deletion confirmatio page
24020 * (bug 9009) Add username entry field to Special:Contributions
24021 * (bug 1723) Article size in history
24022 * (bug 9223) Disallow magic tilde sequences in page titles and usernames
24023 * (bug 6997) Link from Special:log/block to unblock form
24024 * (bug 9117) Link from Special:log/delete to undelete form
24025 * Link from Special:log/protect to change protection form
24026 * (bug 1196) Add IPv6 support added to blocks, more consistancy for IPv6
24028 * (bug 3984) Searching in logs by title%
24029 * Show thumbnail of existing image if image exists already under this filename
24030 * (bug 5546) Watchlist reflects logged actions like move, protection, undelete
24031 * Support protocols other than HTTP in LinkFilter, use $wgUrlProtocols
24032 * (bug 3069) Warning on upload of scaled down images
24033 * Warning on upload of images with uppercase extension if image with lowercase
24035 * (bug 4624) Namespace selection for Special:Whatlinkshere
24036 * Introduce PageHistoryBeforeList and PageHistoryLineEnding hooks; see
24037 docs/hooks.txt for more information
24038 * (bug 9397) Introduce "sp-contributions-footer" and
24039 "sp-contributions-footer-anon" messages, shown at the end of
24040 Special:Contributions as appropriate for the target
24041 * (bug 8421) Expose current action in JavaScript globals (as 'wgAction')
24042 * (bug 9069) Use galleries in query pages dedicated to images
24043 * (bug 9177) Installer now warns of various conditions affecting
24044 session.save_path which can lead to broken session storage
24045 * (bug 9046) Special page to list pages without language links
24046 * (bug 9508) Special page to list articles with the fewest revisions
24047 * Introduce 'FileUpload' hook; see docs/hooks.txt for more information
24048 * Introduce 'SearchUpdate' hook; see docs/hooks.txt for more information
24049 * Introduce 'mywatchlist' message; used on personal menu to link to watchlist
24051 * Introduce magic word {{NUMBEROFEDITS}}
24052 * Introduced media handlers for file-type specific operations.
24053 * Improved error reporting for image thumbnailing
24054 * Added sharpening option for ImageMagick thumbnailing
24055 * (bug 9656) Autosummaries will be generated for deletion of pages longer than
24057 * Predefined block reasons added to Special:Blockip
24058 * (bug 9196) Installer now check that zend.ze1_compatibility_mode is off
24059 * (bug 9697) Introduce 'InternalParseBeforeLinks' hook; see docs/hooks.txt for
24061 * 'contribsub' message changed to 'contribsub2' with two parameters to permit
24062 better localization. Change is reverse-compatible and can be ignored for
24064 * Adding a 'reason' field to Special:Userrights
24066 == Bugfixes since 1.9 ==
24068 * (bug 7292) Fix site statistics when moving pages in/out of content namespaces
24069 * (bug 8531) Correct local name of Lingála
24070 * Made the PLURAL: parser function return singular on -1 per default
24071 * Fixed up the AjaxSearch
24072 * Fix SpecialVersion->formatCredits input. Version and Url parameters should be
24073 null to be treated properly with isset.
24074 * Page restrictions moved into a new, dedicated table
24075 * Correct tooltip accesskey hint for Opera on the Macintosh
24076 (uses Shift-Esc-, not Ctrl-).
24077 * (bug 8002) Math should render left-to-right even in right-to-left wikis
24078 * Pass e-mail and real name fields to AuthPlugin::addUser, as additional
24079 optional fields, which may be considered useful at registration time.
24080 * PostgreSQL upgrade scripts fixed and updated
24081 * (bug 8613) Fix error when viewing "Recent Changes" and using Postgres.
24082 * Initialise site_stats table at upgrade time if data was missing
24083 * (bug 7250) Updated Unicode normalization tables to Unicode 5.0
24084 * Unmaintained Oracle support files have been removed.
24085 * Use browser default for printing size, don't force to 11pt
24086 * (bug 8632) Fix regression in page protection null edit update
24087 * (bug 8407) Disallow indexing of "printable" versions
24088 * (bug 8643) Correctly escape the page-specific CSS class for non-Monobook skins
24089 * (bug 8629) Document $wgFilterCallback
24090 * (bug 1000) Clarify warning about memory_limit in installer
24091 * Suppress PHP warning about set_time_limit in installer when safe mode is on
24092 * (bug 3000) Fall back to SCRIPT_NAME plus QUERY_STRING when REQUEST_URI is
24093 not available, as on IIS with PHP-CGI
24094 * Missing interwiki row for English Wikipedia restored (as "wikipedia:")
24095 * use configured cache servers for mctest.php
24096 * bucket details in mcc.php
24097 * fix input validation and remove debugging code in compressOld
24098 * full ID range for moveToExternal
24099 * fix resolveStubs.php for compatibility with older serialized data
24100 * maximum line length for bar graphs in getLagTimes.php
24101 * recognize specieswiki in rebuildInterwiki.inc
24102 * profile unicode cleanup in Xml
24103 * log slow parses in Article.php
24104 * profile wfMsgReal
24105 * log mkdir failures
24106 * profile AutoLoader
24107 * rebuild empty DjVu metadata containing ''
24108 * security fix for DjVu metadata retrieval
24109 * Undelete page list can use plural marker
24110 * (bug 8638) Fix update from 1.4 and earlier
24111 * (bug 8641) Fix order of updates to ipblocks table
24112 * (bug 8678) Fix detection of self-links for numeric titles in Parser
24113 * (bug 6171) Magically close tags in tables when not using Tidy.
24114 * Sanitizer now correctly escapes lonely '>' occurring before the first wikitag.
24115 * Ignore self closing on closing tags ( '</div />' now gives '</div>')
24116 * (bug 8673) Minor fix for web service API content-type header
24117 * Fix API revision list on PHP 5.2.1; bad reference assignment
24118 * (bug 8688) Handle underscores/spaces in Special:Blockip and
24119 Special:Ipblocklist in a consistent manner
24120 * (bug 8701) Check database lock status when blocking/unblocking users
24121 * ParserOptions and ParserOutput classes are now in their own files
24122 * (bug 8708) Namespace translations for Zealandic language
24123 * Renamed constructor methods to PHP 5 __construct reserved name
24124 * (bug 8715) Warn users when editing an interface message whether or not the
24125 message page exists
24126 * ar: fix the 'create a new page' on search page when no exact match found
24127 * (bug 8703) Corrected talk and image namespace name for Limburgish (li)
24128 * (bug 8671) Expose "wpDestFile" as a parameter to "uploadtext"
24129 * (bug 8403) Respect bad image list exceptions in galleries on wiki pages
24130 * Allow sending per-user contribution requests to "contributions" query group
24131 * (bug 3717) Update user count for AuthPlugin account autocreation
24132 * (bug 8719) Firefox release notes lie! Fix tooltips for Firefox 2 on x11;
24133 accesskeys default settings appear to be same as Windows.
24134 * Added an option to make Linker::userToolLinks() show the contribs link
24135 red when the user has no edits. Linker::userToolLinksRedContribs() is an
24136 alias to that which should be used to make it more self documentating.
24137 * (bug 8749) Bring MySQL 5 table defs back into sync
24138 * (bug 8751) Set session cookies to HTTPS-only to match other cookies
24139 * (bug 8652) Catch exceptions generated by malformed XML in multipage media
24140 * (bug 8782) Help text in Makefile
24141 * (bug 8777) Suppress 'previous' link on Special:Allpages when at first page
24142 * (bug 8774) Fix path for GNU FDL rights icon on new installs
24143 * Fix multipage selector drop-down for DjVu images to work when title
24144 is passed as a query string parameter; we have to pass the title as
24145 a form parameter or it gets dropped from the form submission URL
24146 * (bug 8819) Fix full path disclosure in with skins dependencies
24147 * Fixed bug affecting HTML formatting in sortable table column titles
24148 * Merged table sorting code into wikibits.js
24149 * (bug 8711) Stop floats in previews from spilling into edit area
24150 * (bug 8858) Safer handling when $wgImageLimits is changed. Added a note
24151 in DefaultSettings to make it clear.
24152 * (bug 4268) Fixed data-loss bug in compressOld batch text compression
24153 affecting pages which had null edits (move, protect, etc) as second
24154 edit in a batch group. Isolated and patched by Travis Derouin.
24155 * Fix for paths in 1.4->1.5 special-case updater script
24156 * (bug 8789) AJAX search: IE users can now use the return key
24157 * (bug 6844) Use <ins> and <del> tags to emphase the differences
24158 * (bug 6684) Fix improper javascript array iteration
24159 * (bug 4347) use MailAddress object for reply-to
24160 * Add AlphabeticPager abstract class
24161 * Use faster AlphabeticPager for Special:Categories
24162 * (bug 8875) Show printable link in MonoBook sidebar for locally nonexistent
24163 pages; perhaps useful for categories and shared images
24164 * Clean up session checks to better handle the case where the session was
24165 opened during the current request. May help with some caching corner
24167 * (bug 8897) Fix whitespace removal for interlanguage links with link prefix
24168 * Add 'ParserTestTables' hook to expand the list of temporary tables copied
24169 by the parser test harness; use for extensions which require the presence
24170 of other tables while they work.
24171 * Message names changed for AlphabeticPager introduced with r19758
24172 for better localisations.
24173 * (bug 8944) The deprecated is_a() function is used in StubObjects.php
24174 * (bug 8992) Fix a remaining raw use of REQUEST_URI in history
24175 * (bug 8999) User.php gives "undefined user editcount" PHP notice.
24176 * (bug 8984) Fix a database error in Special:Recentchangeslinked
24177 when using the Postgres database.
24178 * Moved the main ob_start() from the default LocalSettings.php to WebStart.php.
24179 The ob_start() section should preferably be removed from older
24180 LocalSettings.php files.
24181 * Give Content-Length header for HTTP/1.0 clients.
24182 * Partial support for Flash cross-domain-policy filtering.
24183 * Lazy-initialize site_stats row on load when empty. Somewhat kinder to
24184 dump-based installations, avoiding PHP warnings when NUMBEROFARTICLES
24186 * Add 'charset' to Content-Type headers on various HTTP error responses
24187 to forestall additional UTF-7-autodetect XSS issues. PHP sends only
24188 'text/html' by default when the script didn't specify more details,
24189 which some inconsiderate browsers consider a license to autodetect
24190 the deadly, hard-to-escape UTF-7.
24191 This fixes an issue with the Ajax interface error message on MSIE when
24192 $wgUseAjax is enabled (not default configuration); this UTF-7 variant
24193 on a previously fixed attack vector was discovered by Moshe BA from BugSec:
24194 http://www.bugsec.com/articles.php?Security=24
24195 * Trackback responses now specify XML content type
24196 * (bug 9044) Send a comment with action=raw pages in CSS/JS output mode
24197 to work around IE/Mac bug where empty pages time out verrrrryyyyy slowly,
24198 particularly with new keepalive-friendly HTTP on Wikipedia
24199 * (bug 8919) Suppress paging links and related messages where there are no
24200 rows to list for query pages
24201 * (bug 9057) Standardize MediaWiki: namespace for oc
24202 * (bug 8132) Suppress "Pages in this category" heading in categories when
24204 * (bug 8958) Handle search operators better when using tsearch2 (Postgres)
24205 * (bug 8799) Use redirect table for Special:BrokenRedirects and
24206 Special:DoubleRedirects
24207 * (bug 8918) Enable PLURAL option for MediaWiki:showingresults and
24208 MediaWiki:showingresultsnum
24209 * (bug 9122) Fix minor display issue in RTL with section edit link margin
24210 * (bug 5805) Enable PLURAL option for some messages of watchlist and statistic
24211 * (bug 3953) Work around poor display of parenthesis in the in other
24212 languages section of MonoBook skin
24213 * (bug 8539) Enable PLURAL option for another message of recentchanges.
24214 * (bug 8728) MediaWiki:Badfiletype split into 3 messages
24215 * (bug 9131) Allow SpecialContributions to work with Postgres
24216 * (bug 9155) Allow footer info to wrap in Monobook
24217 * (bug 8847) Strip spurious #fragments from request URI to fix redirect
24218 loops on some server configurations
24219 * (bug 9097) column "pr_pagetype" does not exist
24220 * (bug 9217) Balance wfProfile calls in Skin::outputPage
24221 * (bug 9222) PostgreSQL updater should not be version-specific
24222 * Fix fallback implementation of mb_strlen so it works and isn't insanely
24223 slow for large strings, since it's used for page edit lengths
24224 * (bug 8815) Setting password in initUser() breaks LdapAuthentication plugin
24225 * (bug 9256) Add a quick note to index.php header comments
24226 * Make Special:Listusers caseinsensitive for first letter
24227 * Default tidy.conf has been moved from extensions module into includes.
24228 * Ignore lonely '''''
24229 * (bug 9244) When calling edit page for nonexistent section, generate error
24230 inside of just discarding edits, since edit links sometimes go to the wrong
24232 * (bug 9019) No warning during upload if image description page exists, but no
24234 * (bug 8582) Allow thumbnailing when imagesize has a space.
24235 * (bug 8716) Change math_inputhash and math_outputhash to bytea for Postgres
24236 * (bug 9343) Correct internal name for Wolof language
24237 * (bug 9363) Fix Postgres error on Recentchangeslinked
24238 * (bug 5142) Fixed call of hook ArticleViewHeader
24239 * (bug 4777) Separate prev/next messages for Special:Whatlinkshere
24240 * Merge approx 15 missing Wikipedia language codes into wikipedia-interwiki.sql
24241 based on Jeff Merkey's mediawiki-1.9.3.WG-20070316.tar.gz.bz2 archive.
24242 * (bug 9411) Fix for shared image descriptions using query-string titles
24243 * (bug 4756) Add user tool links for self created accounts at special:log
24244 instead of sometimes broken block links from newuserlog extension
24245 * (bug 5817) Special:Recentchangeslinked now shows red link for nonexistent
24246 target page instead of silently redirecting
24247 * (bug 8914) Don't transform colons in {{anchorencode:}}
24248 * (bug 9241) Handle edit section links and include size links for cached
24249 templates the same as the first transclusion.
24250 * (bug 9466) "Rollback failed" page doesn't format edit comment
24251 * (bug 9472) Invalid XHTML on cached special pages
24252 * (bug 9472) Invalid XHTML on Special:Newpages
24253 * (bug 4764) "My contributions" not bold when viewing own contributions
24254 * (bug 9194) Add {{PLURAL:...}} to navigation bar of Special:Whatlinkshere
24255 * (bug 9033) Use a more specific error message when users are not able/allowed
24256 to edit page protection levels due to a block, database lock or permissions
24257 * Fixed $wgFeedLimit
24258 * (bug 9270) Corrected help namespace name for Dutch Lower Saxon (nds-nl)
24259 * (bug 929, 4215) Expose "rcdays" user preference in Special:Preferences
24260 * (bug 9554) Extension-provided group name messages not used
24261 * (bug 9565) Translate template namespace name for Hindi (hi)
24262 * (bug 8599) Correct localized names of zh-variants
24263 * (bug 3366) Require skins based on SkinTemplate to override the skinname
24265 * (bug 9220) Removed obsoletes functions in install-utils.inc.
24266 * Removed obsoletes Title::getRelatedCache and Title:touchArray
24267 * (bug 7285) Check MySQL username length during install
24268 * (bug 6910) Correct date/time formats in Vietnamese (vi)
24269 * (bug 9608) Correctly use ORDER BY in dumpLinks.php
24270 * (bug 9609) Correctly use ORDER BY in SpecialWhatlinkshere.php
24271 * Special:Random and Special:Randomredirect now try harder to send the user to
24272 a random page, and will give an error message if none really can be found
24273 instead of sending the user to the main page like they used to
24274 * Fix object variable used for displaying "not-patrolled" CSS class on list
24275 * Fixed interaction of page parameter to ImagePage with the HTML file cache
24276 * Fixed MIME type for SVG files, will be silently changed from image/svg
24277 to image/svg+xml after loading from the database.
24278 * Workaround for djvutoxml bug #1704049 (poor performance). Use djvudump
24280 * Fixed odd behavior in ImagePage on DjVu thumbnailing errors
24281 * (bug 5439) "Go" title search will now jump to shared/foreign Image: and
24282 MediaWiki: pages that have not been locally edited.
24283 * (bug 9630) Limits links in Whatlinkshere forgot about namespace filter
24284 * Fixed upgrade for the non-standard MySQL schemas
24285 * Disable MySQL's strict mode at session start for MySQL 4.1+, to avoid the
24286 various problems that occur when it is on.
24287 * (bug 9585) Fix regression in tidy usage in Special:Undelete previews
24288 * (bug 3826) Normalize some invalid cookie name characters when setting
24289 up $wgCookiePrefix. Completes application of patch by Anders Kaseorg.
24290 * (bug 9649) Fix RTL form alignment for Special:Movepage
24291 * (bug 9582) Members of bot group now mark edits patrolled by default
24292 * (bug 9669) Fix limit ordering for rebuildrecentchanges; broken since
24293 converted from 1.4 to 1.5 schema
24294 * (bug 9682) Revert PHP 5.1 dependency on warning suppression for SVN info
24295 * (bug 5959) Anchors dropped from stub links
24296 * (bug 3348) Some additional weak password checks: password which is same
24297 as username will now be rejected.
24298 * (bug 8602) Converted Special:Contributions to use an IndexPager. The
24299 interpretation of the offset parameter has changed, and the go parameter
24301 * (bug 6204) Fixes for indentation with $wgMaxTocLevel:
24302 - don't emit too many list close tags after an invisible header
24303 - don't emit too many final list close tags if last header is invisible
24304 - don't emit TOC when there are no visible headers
24305 * (bug 7629) Fix $wgBrowserBlackList to avoid false positive on MSIE
24306 when certain plugins are present which alter the user agent
24311 * New script maintenance/language/checkExtensioni18n.php used to check i18n
24312 progress in the extension repository.
24313 * Running maintenance/parserTests.php with '--record' option, will now
24314 automatically attempt to create the required tables
24315 * --purge option to do additional parser-cache purging for purgeList.php
24316 * Fix hardcoded background color in parserTests.php
24317 * parserTests.php : removed the 'light' option for --color argument, replacing
24318 it with a new global switch : $wgCommandLineDarkBg
24319 * (bug 8780) Clarify message for command-line scripts if LocalSettings.php
24320 exists but is not readable
24321 * dumpBackup / importDump now work with PostgreSQL
24322 * (bug 8975) Use "Maintenance script" as the default username for
24323 importImages.php and importTextFile.php scripts
24324 * (bug 8933) Fix maintenance/reassignEdits.php script
24325 * (bug 9440) Added "mediawikiwiki" interwiki prefix to MediaWiki.org
24326 * (bug 2979) Import now gracefully skips invalid titles with a warning
24327 * Restore '--norc' option for maintenance/importTextFile.php
24328 * Help information for maintenance/importTextFile.php now easier to read on
24330 * Doxygen documentation now show the revision number of each file, generate
24331 graphs using dot and include a search engine.
24334 == Languages updated ==
24339 * Belarusian normative (be)
24340 * Belarusian alternative (be-x-old)
24358 * Upper Sorbian (hsb)
24378 * Dutch Lower Saxon (nds-nl)
24380 * Nepal Bhasa (new)
24398 * Old Chinese / Late Middle Chinese (zh-classical)
24399 * Chinese (PRC) (zh-cn)
24400 * Chinese (Taiwan) (zh-tw)
24401 * Cantonese (zh-yue)
24403 == Compatibility ==
24405 MediaWiki 1.10 requires PHP 5 (5.1 recommended). PHP 4 is no longer supported.
24407 PHP 5.0.x fails on 64-bit systems due to serious bugs with array processing:
24408 http://bugs.php.net/bug.php?id=34879
24409 Upgrade affected systems to PHP 5.1 or higher.
24411 MySQL 3.23.x is no longer supported; some older hosts may need to upgrade.
24412 At this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases.
24417 1.10 has several database changes since 1.9, and will not work without schema
24420 If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
24421 new database fields are filled with data.
24423 If you are upgrading from MediaWiki 1.4.x or earlier, some major database
24424 changes are made, and there is a slightly higher chance that things could
24425 break. Don't forget to always back up your database before upgrading!
24427 See the file UPGRADE for more detailed upgrade instructions.
24429 = MediaWiki release notes =
24430 Security reminder: MediaWiki does not require PHP's register_globals
24431 setting since version 1.2.0. If you have it on, turn it *off* if you can.
24435 == MediaWiki 1.9.6 ==
24439 * Correction for API path fix, broken in 1.9.5
24441 == MediaWiki 1.9.5 ==
24445 This is a security update to the Winter 2007 quarterly release. A potential XSS
24446 injection vector affecting api.php only for Microsoft Internet Explorer users
24450 To work around the vulnerability without upgrading, you may disable the API if
24453 :[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;
24455 Not vulnerable versions:
24460 * 1.8 any version (if $wgEnableAPI has been left off)
24462 Vulnerable versions:
24463 * 1.11 <= 1.11.0rc1
24466 * 1.8 any version (if $wgEnableAPI has been switched on)
24468 MediaWiki 1.7 and below are not affected as they do not include the API
24469 functionality, however the BotQuery extension is similarly vulnerable unless
24470 updated to the latest SVN version.
24472 == MediaWiki 1.9.4 ==
24476 This is a security and bug fix update to the Winter 2007 quarterly release.
24477 Minor compatibility fixes for IIS 5 are included.
24479 * (bug [[bugzilla:8847|8847]]) Strip spurious #fragments from request URI to
24480 fix redirect loops on some server configurations
24481 * A possible HTML/XSS injection vector in the API pretty-printing mode has been
24484 The vulnerability may be worked around in an unfixed version by simply
24485 disabling the API interface if it is not in use, by adding this to
24488 :[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;
24490 Not vulnerable versions:
24496 Vulnerable versions:
24497 * 1.11 <= 1.11.0rc1
24500 * 1.8 <= 1.8.4 (if $wgEnableAPI has been switched on)
24502 MediaWiki 1.7 and below are not affected as they do not include the faulty
24503 function, however the BotQuery extension is similarly vulnerable unless updated
24504 to the latest SVN version.
24506 == MediaWiki 1.9.3 ==
24510 This is a security and bug-fix update to the Winter 2007 quarterly release.
24511 Minor compatibility fixes for IIS and PostgreSQL are included.
24513 An XSS injection vulnerability based on Microsoft Internet Explorer's UTF-7
24514 charset autodetection was located in the AJAX support module, affecting MSIE
24515 users on MediaWiki 1.6.x and up when the optional setting $wgUseAjax is enabled.
24517 If you are using an extension based on the optional Ajax module, either disable
24518 it or upgrade to a version containing the fix:
24520 * 1.9: fixed in 1.9.3
24521 * 1.8: fixed in 1.8.4
24522 * 1.7: fixed in 1.7.3
24523 * 1.6: fixed in 1.6.10
24525 There is no known danger in the default configuration, with ''$wgUseAjax'' off.
24527 * ([[mediazilla:8992|8992]]) Fix a remaining raw use of REQUEST_URI in history
24528 * ([[mediazilla:8984|8984]]) Fix a database error in
24529 Special:Recentchangeslinked when using the PostgreSQL database.
24530 * Add ''charset'' to Content-Type headers on various HTTP error responses to
24531 forestall additional UTF-7-autodetect XSS issues. PHP sends only ''text/html''
24532 by default when the script didn't specify more details, which some
24533 inconsiderate browsers consider a license to autodetect the deadly,
24534 hard-to-escape UTF-7. This fixes an issue with the Ajax interface error message
24535 on MSIE when ''$wgUseAjax'' is enabled (not default configuration); this UTF-7
24536 variant on a previously fixed attack vector was discovered by Moshe BA from
24537 BugSec: [http://www.bugsec.com/articles.php?Security=24
24538 http://www.bugsec.com/articles.php?Security=24]
24539 * Trackback responses now specify XML content type
24541 == MediaWiki 1.9.2 ==
24545 This is a bug-fix update that fixes some installation and other minor issues
24546 with the 1.9.1 release as well as a security issue which was introduced in the
24549 JavaScript code which regenerated the "sortable tables" feature did not
24550 properly sanitize input, leading to an HTML injection vulnerability.
24552 * ([[mediazilla:8774|8774]]) Fix path for GNU FDL rights icon on new installs
24553 * ([[mediazilla:8819|8819]]) Fix full path disclosure with skins dependencies
24554 * ([[mediazilla:8819|8819]]) Fixed data-loss bug in compressOld batch text
24555 compression affecting pages which had null edits (move, protect, etc) as second
24556 edit in a batch group. Isolated and patched by Travis Derouin.
24557 * Security fix for sortable tables JavaScript
24559 == MediaWiki 1.9.1 ==
24563 This is a bug-fix update that fixes some installation and upgrade issues with
24564 the original 1.9.0 release.
24566 * ([[mediazilla:3000|3000]]) Fall back to SCRIPT_NAME plus QUERY_STRING when
24567 REQUEST_URI is not available, as on IIS with PHP-CGI
24568 * Security fix for DjVu images. (Only affects servers where .djvu file uploads
24569 are enabled and ''$wgDjvuToXML'' is set.)
24570 * ([[mediazilla:8638|8638]]) Fix update from 1.4 and earlier
24571 * ([[mediazilla:8641|8641]]) Fix order of updates to ipblocks table for updates
24573 * ([[mediazilla:8673|8673]]) Minor fix for web service API content-type header
24574 * Fix API revision list on PHP 5.2.1; bad reference assignment
24575 * Fixed up the AjaxSearch
24576 * Exclude settings files when generating documentation. That could expose the
24577 database user and password to remote users.
24578 * ar: fix the 'create a new page' on search page when no exact match found
24579 * Correct tooltip accesskey hint for Opera on the Macintosh (uses Shift-Esc-,
24581 * ([[mediazilla:8719|8719]]) Firefox release notes lie! Fix tooltips for
24582 Firefox 2 on x11; accesskeys default settings appear to be same as Windows.
24584 == Changes since 1.8 ==
24586 * (bug 8200) Make category lists sorted by name when using Postgres.
24587 * (bug 7841) Support 'IGNORE' inserts for Postgres, fixes watchlist
24589 * (bug 6835) Removing the includes/Parser.php::getTemplateArgs() function,
24590 because it seems to be unused.
24591 * (bug 7139) Increasing the visual width of the edit summary field on larger
24592 screen sizes, for the default monobook skin.
24593 * Fix PHP notice and estimates for dumpBackup.php and friends
24594 * Improved register_globals paranoia checks
24595 * (bug 7545) Fix PHP version check on install
24596 * Disable PHP exception backtrace printing unless $wgShowExceptionDetails
24597 is set. Backtraces may contain sensitive information in function call
24599 * (bug 6164) Avoid smashing Cite state if message transformation triggers
24600 during bad image list check, by skipping message transformation.
24601 This isn't a good permanent fix.
24602 * (bug 6918) Stopped borders and backgrounds from showing through floated
24604 * (bug 6868) Un-hardcode section edit link style
24605 * (bug 3205) Stop right floats from stacking horizontally in non-Monobook skins
24606 * Added global $wgStyleVersion to centralize bumping CSS and JS file versions
24607 for cache-friendly style and script updating
24608 * (bug 7562) Fix non-ASCII namespaces on Windows/XAMPP servers
24609 * Friendlier check for PHP 5 in command-line scripts; it's common for parallel
24610 PHP 4 and 5 installations to interfere on the command-line.
24611 * Fix regression in autoconfirm permission check
24612 * (bug 3015) Add CSS ids to subcategory and page sections on category pages
24613 * (bug 7587) Fix erroneous id for specialpage tab, enabling informative popup
24614 * (bug 7599) Fix thumbnail purging, PHP notices on HTCP image page purge
24615 * (bug 7581) Update language name for cbk-zam
24616 * (bug 7444) Update namespace translations for Telugu (te), kept old values as
24617 alias for compatibility
24618 * (bug 4525) Move section links down visually to same level as headings
24619 (editsection links are now inside the heading elements)
24620 * Workaround for http://bugs.php.net/bug.php?id=31892 , PATH_INFO and hence
24621 URLs of the style /index.php/Main_Page were broken on some CGI installations.
24622 * (bug 7623) Validate custom HTML id's correctly in Monobook interface
24623 * (bug 2241) Fix collision of 'w' and 'd' accesskeys
24624 * (bug 5795) CSS class added to body based on page name for page-specific
24626 * (bug 6276) Stopped search field from getting too large in Cologne Blue
24627 * (bug 7644) User creations that are aborted by hooks shouldn't be counted
24628 against account creations per day limit
24629 * (bug 7636) Show Firefox 2 users correct accesskey prefix
24630 * (bug 6427) Block blocked IPs from using the mail password function
24631 to allow blocking of flooders
24632 * Include common.css from classic-style skins in main HTML with the bump URL
24633 * (bug 7607) Add Karakalpak (kaa) to Names.php and stub message file for
24635 * (bug 7582) Add 'tog-nolangconversion' to MessagesEn.php.
24636 This key is need for languages with variants (zh, sr, kk)
24637 * (bug 7606) MediaWiki messages for "rss" and "atom" missing
24638 * (bug 7609) Add some more '*-summary' messages to MessagesEn.php with empty
24639 strings to allow better localisation via Special:Allmessages. Mark this new
24640 messages as optional for localisation.
24641 * Fix user_newpass upgrade for prefixed tables (reported by Fyren)
24642 * (bug 7663) Include language variant switcher links on Nostalgia skin
24643 * (bug 6531) Fix PHP fatal error on installation page with bad username input.
24644 * (bug 6977) Remove 404 link for autogenerated database documentation.
24645 * (bug 7369) Allow "Show Changes" without requiring edit token.
24646 * (bug 7687) Fix movetalk box checks itself when confirming a delete and move.
24647 * (bug 7684) Obey watchcreated preference for Special:Upload watch checkbox
24648 * (bug 7686) Include id attribute on delete form confirmation button
24649 * Allow compound interwiki prefixes in $wgImportSources
24650 * (bug 7304) Added redirect table to store redirect targets.
24651 * Added querycachetwo table (similar to querycache but has two titles)
24652 * PageArchive can now return a Revision object for more convenient processing
24653 of deleted revision data
24654 * Added 'UndeleteShowRevision' hook in Special:Undelete
24655 * Error message on attempt to view invalid or missing deleted revisions
24656 * Remove unsightly "_" from namespace in Special:Allpages, Special:Prefixindex
24657 * (bug 3224) Allow minor edits by bots to skip new message notification on
24658 user talk pages. This can be disabled by adjusting the 'nominornewtalk'
24659 permission. Patch by Werdna.
24660 * (bug 7741) MATH: fixed broken syntax of underbrace etc. Fixed arrays
24661 * Fix purging for updated SVG files
24662 * (bug 7745) Add id attribute to search button in Monobook
24663 * (bug 7749) MATH: added some more LaTeX symbols, e.g. parallel, diamond, ast...
24664 * (bug 7304) Added code in Article.php to keep redirect table up to date.
24665 * Made special page names case-insensitive and localisable. Care has been taken
24666 to maintain backwards compatibility.
24667 * Used special page subpages in a few more places, instead of query parameters.
24668 * (bug 7758) Added wrapper span to "templates used" explanation to allow CSS
24669 styling (class="mw-templatesUsedExplanation").
24670 * Added {{#special:}} parser function, to give the local default title for
24672 * (bug 7766) Remove redundant / from AJAX requests, can break some servers
24673 * Add tab links from extensions to classic-based skins (SkinTemplateTab hook)
24674 Provides better cross-skin compatibility for extensions using the modern
24675 skin hooks, such as Oversight
24676 * Moved variant language links on Cologne Blue and Nostalgia to before the
24678 * Fix for parser tests with MySQL 5 in strict mode
24679 * Added block option "enable autoblocks"
24680 * Amend Special:Ipblocklist to note when a block has autoblock DISABLED.
24681 * (bug 7780) Fix regression in editing redirects
24682 * Add whitespace above "templates included on this page" using CSS, not
24683 hardcoded line break.
24684 * Remove entries from redirect table on article deletion
24685 * (bug 7788) Force section headers in new section links for users who have
24686 'prompt for blank edit summaries' on.
24687 * (bug 1133) Special:Emailuser: add an option to send yourself a copy of your
24689 * (bug 461) Allow "Categories:" link at bottom of pages to be customized via
24690 pagecategorieslink message.
24691 * Sort the list of skins in "My Preferences" -> Skins by alphabetical order.
24692 * (bug 7785) Postgres compatibility for timestamps in RC feeds
24693 * (bug 7550) Normalize user parameter normally on Special:Log
24694 * (bug 7294) Fix PATH search for diff3 on install
24695 * Various fixes related to the blocking change re: autoblocks. On inserting
24696 an IP block, the ipb_enable_autoblock field is now automagically blanked,
24697 because it doesn't make any sense for an IP. Additionally, IP blocks
24698 without the ipb_enable_autoblock option no longer show up as "autoblock
24699 disabled" on Special:Ipblocklist.
24700 * (bug 7774) MATH: aded more amstex functions
24701 * (bug 1182) MATH: fixed inconsistent rendering of upper case Greek letters in
24703 * Fix regression in streaming page dump generation
24704 * (bug 7801) Add support for parser function hooks in parser tests
24705 * checkUsernames.php now uses wfDebugLog instead of hardcoded path to log
24706 * (bug 7810) Update talk namespaces for Occitan
24707 * Allow case-sensitive URLs to be used for uploading from URLs.
24708 * (bug 1109) Correct fix for compressed 304 responses when additional output
24709 buffers have been installed within the compression handler
24710 * (bug 7819) Move automatic redirect edit summary after pre-save transform
24711 to work properly with subst: fun
24712 * (bug 7826) Fix typos in two English messages.
24713 * (bug 5365) Stop users being prompted to enter an edit summary for null edits,
24714 if they have selected that option in preferences.
24715 * (bug 5936) Show an 'm' to the left of the edit summary on diff pages for minor
24717 * (bug 7820) Improve error reporting for uploads via URL.
24718 * (bug 5149) When autoblocks are enabled, retroactively apply an autoblock to
24719 the most recently used IP of a user when they are blocked.
24720 * Add an index on (rc_user_text,rc_timestamp) on the recentchanges table. This
24721 will make CheckUser.php and the new retroactive autoblock functionality
24723 * Fix regression in Special:Undelete for revisions deleted under MediaWiki 1.4
24724 with compression or legacy encoding
24725 * (bug 6737) Fixes for MySQL 5 schema in strict mode
24726 * Approximate height for client-side scaling fallback instead of passing -1
24727 into the HTML output.
24728 * Make the DNSBL to check for proxy blocking configurable via $wgSorbsUrl
24729 * Add experimental recording/reporting mode to parser tests runner, to
24730 compare changes against the previous run.
24731 Additional tables 'testrun' and 'testitem' are in maintenance/testRunner.sql,
24732 source this and pass --record option to parserTests.php
24733 * Make the set of default parser test input files extensible via
24734 $wgParserTestFiles. This can now be appended to by extensions or local
24735 configuration files so that extension or custom tests can be automatically
24736 run along with the main batch.
24737 * Run PHP install version checks on update.php so command-line updaters see
24738 new version requirements
24739 * Do a check for the PHP 5.0.x 64-bit bug, since this is much more disruptive
24740 as of MW 1.8 than it used to be. Install or upgrade now aborts with a
24741 warning and a request to upgrade.
24742 * (bug 6440) Updated indexes to improve backlinking queries (links, templates,
24744 * Switched 'anon-only' block mode to default for IP blocks
24745 * (bug 3687, 7892) Add distinct heading for media files in category display,
24747 * (bug 1578) Add different icons for external links to audio, video, or PDF in
24749 * Made autoblocks block account creation if the user block has that option
24751 * Add auto-summaries to blankings and large removals without summaries.
24752 * (bug 7811) Allow preview of edit summaries.
24753 * (bug 6839) Wikibits.js minor changes to make JS-lint happier.
24754 * (bug 7932) Make sure that edit toolbar clears floats so it appears correctly.
24755 * (bug 6873) When viewing old revisions, add link to diff to current version.
24756 * (bug 3315) Provide rollback link directly on history page.
24757 * Replace 'old-revision-navigation' message with 'revision-info' and
24758 'revision-nav' messages, wrapped in divs with appropriate id's.
24759 * (bug 4178) MediaWiki:Common.js will now be included for all users if
24760 $wgUseSiteJs is enabled, in addition to (if applicable) MediaWiki:Monobook.js
24761 and user JS subpages.
24762 * (bug 7918) "Templates used on this page" changes during preview to reflect
24763 any added or removed templates, and works as expected for section edits.
24764 * (bug 7919) "Templates used on this page" is now shown for read-only pages.
24765 * (bug 7688) When viewing diff, section anchors in autosummary jump to section
24766 on current page instead of loading the latest version.
24767 * (bug 7970) Use current connection explicitly on Database::getServerVersion
24768 * (bug 2001) Tables with class="sortable" can now be dynamically sorted via
24770 * Added autosummary for new pages with 500 or less characters, and refactor
24771 the autosummary code so it's all done in one function. doEdit is getting too
24773 * (bug 7554) The correct MIME type for SVG images is now displayed on the
24774 image page (image/svg+xml, not image/svg).
24775 * (bug 7883) Added autoblock whitelisting feature, using which specific ranges
24776 can be protected from autoblocking. These ranges are specified, in list
24777 format, in the autoblock_whitelist system message.
24778 * Added placeholders for text injection by hooks to EditPage.php
24779 * (bug 8009) Automatic edit summary for redirects is not filled for edits in
24781 * Installer support for experimental MySQL 4.1/5.0 binary-safe schema
24782 * Use INSERT IGNORE for db-based BagOStuff add/insert, for more memcache-like
24783 behavior when keys already exist on add (instead of dying with an error...)
24784 * Add a hook 'UploadForm:initial' before the upload form is generated, and two
24785 member variable for text injection into the form, which can be filled by the
24787 * (bug 6295) Add a "revision patching" functionality, where an edit can be
24789 (with a functionality similar to diff rev1 rev2 | patch -R rev3 -o rev3).
24790 This is triggered by including &undo=revid in an edit URL. A link to a URL
24791 that will undo a given edit is shown on NEW revision headers on diff pages.
24792 The link leads to a "Show Changes" page showing what will be done to undo the
24794 * Fix display of link in "already rolled back" message for image/category pages
24795 * (bug 6016) Left-aligned images should stack vertically, like right-aligned
24796 images, not horizontally.
24797 * Patch from LeonWP: added UploadForm:BeforeProcessing hook in SpecialUpload.php
24798 * Add AuthPluginSetup hook to override $wgAuth after configuration
24799 * Fix regression in authentication hook auto-creation on login
24800 * (bug 8110) Allow spaces in ISBNs
24801 * (bug 8024) Introduce "send me copies of emails I send to others" preference
24802 * Added 'EditPage::attemptSave' hook before an article is saved.
24803 * (bug 8083) Applied patch for sk localisation
24804 * Add a backslash character to the edit token, to prevent edits via certain
24805 broken proxies that mangle such characters in form submissions
24806 * (bug 7461) Allow overwriting pages using importTextFile.php
24807 * (bug 7946) importTextFile.php doesn't perform pre-save transform
24808 * (bug 8117) {{REVISIONTIMESTAMP}} showed weird default if $wgLocalTZoffset set;
24809 now uses current time for previews and if timestamp can't be loaded from DB
24810 * {{REVISIONTIMESTAMP}} now uses site local timezone instead of user timezone
24811 to ensure consistent behavior
24812 * {{REVISIONTIMESTAMP}} and friends should now work on non-MySQL backends
24813 * (bug 7671) Observe canonical media namespace prefix in Linker::formatComment
24814 * Added js variable wgCurRevisionId to the output
24815 * (bug 8141) Cleanup of Parser::doTableStuff, patch by AzaTht
24816 * (bug 8042) Make miser mode caching limits settable via $wgQueryCacheLimit
24817 instead of hardcoding to 1000
24818 * Enable QueryPage classes to override list formatting
24819 * (bug 5485) Show number of intervening revisions in diff view
24820 * (bug 8100) Fix XHTML validity in Taiwanese localization
24821 * Added redirect to section feature. Use it wisely.
24822 * Added a configuration variable allowing the "break out of framesets" feature
24823 to be switched on and off ($wgBreakFrames). Off by default.
24824 * Allow Xml::check() $attribs parameter to override 'value' attribute
24825 * DB schema change: added two columns (rc_old_len and rc_new_len) to the
24826 recentchanges table to store the text lengths before and after the edit
24827 * (bug 1085) Made Special:Recentchanges show the character difference between
24828 the changed revisions
24829 * Removed a redundant <strong> tag from diff pages that was causing display
24830 issues for some users
24831 * (bug 8203) The keyboard shortcut for "log out" was removed, because users
24832 were pressing it when they intended to press the shortcut for "preview".
24833 * (bug 8148) Handle non-removable output buffers gracefully when cleaning
24834 buffers for HTTP 304 responses, StreamFile, and Special:Export.
24835 Duplicated code merged into wfResetOutputBuffers() and wfClearOutputBuffers()
24836 * Special:AllPages : 'next page' link now point to the first title of the next
24837 chunk instead of pointing to the last title of current chunk.
24838 * (bug 4673) Special:AllPages : add a 'previous' link (new message 'prevpage')
24839 * (bug 8121) wfRandom() was not between 0 and 1
24840 * Add static method Parser::createAssocArgs($args), so parser functions can
24841 use the same code to parse arguments as the templates do.
24842 * Change behavior of logins using the temporary e-mailed password (as stored
24843 in user_newpassword hash field). Instead of just logging in silently and
24844 leaving the previous user_password field in place indefinitely, the user
24845 is now prompted to set a new password.
24847 The password-changing form is at Special:Resetpass; currently it's only
24848 usable for changing from the temporary password during login, but it
24849 could perhaps be generalized, replacing the subform in preferences.
24851 Once the new password is set successfully, the temporary password is wiped
24852 so it cannot be used to login a second time, and the login process
24854 * Suppress 'mail new password' button on login form if $wgAuth forbids
24855 changing user passwords; it wouldn't work very well...
24856 * Consolidate password length checks and $wgAuth manipulation into
24857 User::setPassword() to avoid duplicate code in different places
24858 that set passwords.
24859 * User::setPassword() now throws PasswordError exceptions if the password
24860 is illegal or cannot be set via $wgAuth. These can be caught and a human-
24861 readable error message displayed by UI code.
24862 * Added Title::isSubpage()
24863 * (bug 8241) Don't consider user pages of User:Foo.css to be CSS subpages
24864 * Set an explicit class on framed thumbnail inner divs and images, changed some
24865 CSS to use these instead of using descendent selectors.
24866 * Accept null parameter to User::setPassword() as indicating the password
24867 field should be cleared to an unusable state. Login will only be possible
24868 after the password is reset, for instance by e-mail.
24869 * (bug 6394) Invalidate the password set for "by e-mail" account creations
24870 to avoid accidental empty password creations.
24871 * Made the show change size function work on page moves, page creations, and
24872 log entries. Also fixed it in the javascript recentchanges.
24873 * (bug 8239) correctly get 50 new contributions when clicking '(50 next)'
24874 * (bug 2259) Fix old regression where e-mail addresses were no longer
24875 confirmed on login with mailed password.
24876 * Add a notification about the confirmation mail sent during account
24877 creation, so people don't immediately go off to request a second one.
24878 * Add a warning on Special:Confirmemail if a code was already sent and has
24880 * Add user_editcount field to provide data for heuristics on account use.
24881 Incremented on edit, with lazy initialization from past revision data.
24882 Can batch-initialize with maintenance/initEditCount.php (not yet friendly
24883 to replication environments, this will do all accounts in one query).
24884 * Allow raw SQL subsections in Database::update() SET portion as well as
24885 for WHERE portion. Handy for increments and such.
24886 * User::getOption now accept a default value to override default user values
24887 this makes it consistent with WebRequest::get* methods. Corrected code in
24888 various places accordingly.
24889 * (bug 8264) Fix JavaScript global vars for XHTML mode
24890 * Make $wgSiteNotice value wikitext again, for consistency with editable
24891 MediaWiki:Sitenotice and MediaWiki:Anonnotice.
24892 * (bug 8044) When redirecting from the canonical name of the special page
24893 to the localised one, parameters/subpages are omitted
24894 * (bug 8164) Special:Booksources should use GET for form submission
24895 * Rewrite Special:Booksources to clean up interface and remove redundant code
24896 * (bug 7925) Change Special:Allmessages message name filter javascript to be
24897 a bit more responsive and easier on the CPU
24898 * (bug 4488) Support watching pages on deletion; introduces new user preference
24899 * Minor restructuring of Special:Preferences; "watch pages I edit" and "watch
24900 pages I create" options now accessible under "Watchlist" options
24901 * (bug 8153) <nowiki> doesn't work in site notice
24902 * (bug 6690) wfMsgNoTrans() transforms messages
24903 * (bug 8274) Wrap edit tools in a <div> with a specified class
24904 * Detect PHP 5.0.x 64-bit bug and abort in WebStart.php; too many things break
24905 mysteriously otherwise (detection code copied from install-utils.inc)
24906 * (bug 8295) Change handling of <center> tags in doBlockLevels() to match that
24908 * (bug 8110) Make magic ISBN linking stricter: only match ten-digit sequences
24909 (plus optional ISBN-13 prefix) with no immediately following alphanumeric
24910 character, disallow multiple consecutive internal redirects
24911 * (bug 2785) Accept optional colon prefix in links when formatting comments
24912 * Don't show "you can view and copy the source of this page" message for
24913 pages which don't exist
24914 * (bug 8310) Blank line added to top of 'post' when page is blank
24915 * (bug 8109) Template parameters ignored in "recentchangestext"
24916 * Gracefully skip redirect-to-fragment on WebKit versions less than 420;
24917 it messes up on current versions of Safari but is ok in the latest
24918 nightlies. Checking the version number will allow it to automatically
24919 work when new releases of Safari appear.
24920 * Fix regression in thumb styles; size and padding didn't match with
24922 * (bug 8333) Fix quick user data update on login password change on
24923 replication database setups. User data is now pulled from master
24924 instead of slave in User::loadFromDatabase, ensuring that it is
24925 fresh and accurate when read and then saved back into cache.
24926 This was breaking with the Special:Rename operation which
24927 automatically logs the user in with the new password after changing
24928 it; pulling from slave meant the record was often not the updated
24930 * (bug 8335) Set image width to the first valid parameter found.
24931 * (bug 8350) Fix watchlist viewing bug when using Postgres.
24932 * (bug 6603) When warning about invalid file extensions, output the bit
24933 of the extension we actually checked
24934 * (bug 7669) Drop defaults on BLOB/TEXT columns for better compatibility
24935 with MySQL's strict mode, often enabled by the Windows installer.
24936 The defaults are ignored anyway when strict mode is off...
24937 * (bug 7685) Use explicit values for ar_text and ar_flags when deleting,
24938 for better compatibility with MySQL's strict mode
24939 * Update default interwiki values to reflect changed location of ursine:
24940 * (bug 5411) Remove autopatrol preference
24941 * Users who have the "autopatrol" permission will have their edits marked as
24942 patrolled automatically
24943 * Users who do not have the "autopatrol" permission will no longer be able
24944 to mark their own edits as patrolled
24945 * Introduce 'PingLimiter' hook; see docs/hooks.txt for more information
24946 * (bug 532) Tweaked alt text for some interface messages
24947 * (bug 8231) Gave useful alt text to the main <img> on image pages
24948 * (bug 371) Remove alt text for "Enlarge" icon on thumbnails
24949 * Initialize user_editcount to 0 instead of NULL for newly created accounts
24950 * (bug 3696) Strip LRM and RLM characters from titles to work around the
24951 problem some people have where titles cut-and-pasted from lists include
24952 the bidi override characters appended to the lists.
24953 A more thorough blacklist for forbidden and translatable characters would
24954 be wise, though, as might a cleaner method for the lists in the first place.
24955 * Fix regression in email password resets on read-restricted sites
24956 * Set tabindex on fields in deletion form so you don't have to tab through
24957 the links in the sitenotice
24958 * (bug 8271) Show full time and date on viewer for individual deleted
24960 * (bug 8214) Output file size limit and actual file size in appropriate units
24962 * (bug 8016) Purge objectcache table during upgrade processes - use the
24963 --nopurge option to prevent this when running maintenance/update.php
24964 * (bug 7612) Remove superfluous link to Special:Categories from result items
24965 on Special:Mostcategories
24966 * {{PLURAL:}} now handles formatted numbers correctly
24967 * (bug 8331) Added the change size value to watchlists; therefore made
24968 watchlists use RecentChange::newFromRow() instead of newFromCurRow()
24969 * (bug 8351) Fix undo for simple reverts
24970 * (bug 6856) User::clearNotification() does not respect read-only mode
24971 * (bug 6853) Use a checkbox on the installer form to indicate that a superuser
24972 account should be used; this is clearer than the old check which relied on
24973 the password never being an obscure value
24974 * Remove old unused watchlist cache, which was a leftover from the old schema
24975 where watchlists were more expensive to generate
24976 * Minor cosmetic changes to Special:Userrights
24977 * Added wgCanonicalSpecialPageName to JavaScript variables
24978 * Fix image deleting when using Postgres.
24979 * Output both source and destination titles in maintenance/moveBatch.php
24980 * Added basic parser tests for language variants
24981 * Enable selflinks and categories to be written in some of the language variants
24982 * Prevent conversion of JavaScript code in language variants
24983 * Output software version number in maintenance/parserTests.php
24984 * (bug 7169) Use Ajax to watch/unwatch articles if enabled
24985 * Make variant table caching a little more robust, using main language code
24986 in cache key. Probably this is still a bit wonky, though. Was breaking
24987 parser tests when Chinese tables were getting loaded into Serbian code.
24988 * (bug 8380) Be nicer about blank lines in deleteBatch.php
24989 * (bug 8401) Fix regression in SORBS lookup for some DNS setups
24990 * Use raw file descriptor in posix_isatty() check to avoid warning on
24991 Linux systems with at least some versions of PHP
24992 * (bug 5908) Allow overriding the default category sort key for all items on
24993 a page using {{DEFAULTSORT}}
24994 * (bug 6449) Throw a more definitive error message when installation fails
24995 due to an invalid database name
24996 * (bug 5827) Use full text for option link labels on Special:Watchlist
24997 * (bug 8018) Allow hiding minor edits from the watchlist
24998 * (bug 8427) MonoBook RTL IE 7.0 tweaks failed when sidebar's navigation
24999 section is renamed; no longer relies on first section name
25000 * Stabilize client-side table sorting even if the underlying Javascript sort()
25001 implementation is unstable
25002 * Add hook for extensions to add user information to the panel in preferences,
25003 next to the user name and ID.
25004 * (bug 8392) Display protection status of transcluded pages in the edit page
25005 template list. Patch by Fyren, with i18n naming tweak.
25006 * Fix for interwiki transclusion where target wiki uses query string for title
25007 * Resolve namespaces on interwiki Title objects using canonical namespace names
25008 if possible (should not happen, though, outside interwiki transclusion... and
25009 maybe not even then, but it does)
25010 * (bug 8447) Fix SQL typo breaking non-default $wgHitcounterUpdateFreq
25011 * Do not allow previews of deleted images to be cached
25012 * Add global variable $wgDefaultLanguageVariant used to set the default language
25013 variant of a wiki to something different than the main language code
25014 * Add 'variant' option to parserTests - runs test with the given variant as
25015 preferred, utilize it for more parser tests of language variants code
25016 * (bug 6503) Fix bug that stopped certain irrelevant links from being hidden
25018 * Avoid PHP warning in Creative Commons metadata when a creative commons
25019 license is not actually set up
25020 * (bug 8463) Don't print external link icons for Monobook
25021 * (bug 8461) Support watching pages on move
25022 * (bug 8041) Work around bug with debug_backtrace when Zend Optimizer is
25023 loaded by skipping the function. Use wfDebugBacktrace() wrapper function.
25024 * Reduce config file clutter by setting various script and upload paths
25025 based on $IP or $wgScriptPath in Setup.php. They can still be explicitly
25026 overridden in LocalSettings.php if desired...
25027 * Attempt to detect redirect loops for the canonical title redirect, and
25028 give some hints to the poor confused administrator.
25029 * Introduce new flag 'R' - raw output for language variant escape tags
25030 * Advise users when updates for a query page have been disabled using
25031 $wgDisableQueryPageUpdate
25032 * (bug 8413) Improve comments for $wgNamespaceRobotPolicies
25033 * (bug 8330) Show "bytes" suffix on recent changes diff counter
25034 optionally... if set in rc-changes-size message (default empty for now)
25035 * (bug 8489) Support basic links in <gallery> caption attribute
25036 * (bug 8485) Correct Lingala number formatting
25037 * The MediaWiki namespace is no longer pre-filled with default messages on
25038 install. All default messages will be removed from the MediaWiki namespace
25040 * Recentchanges RSS/Atom feeds now use a separate message for the description
25041 to avoid cluttering it with useless wiki formatting
25042 * (bug 8417) Handle EXIF unknown dates
25043 * (bug 8372) Return nothing on empty <math> tags.
25044 * New maintenance script to show the cached statistics : showStats.php.
25045 * Count deleted edits when regenerating total edits in maintenance/initStats.php
25046 * (bug 3706) Allow users to be exempted from IP blocks. The ipblock-exempt
25047 permission key has been added to enable this behavior, by default assigned to
25049 * (bug 7948) importDump.php now warn that Recentchanges need to be rebuild.
25050 * (bug 7667) allow XHTML namespaces customization
25051 * (bug 8531) Correct local name of Lingála (patch by Raymond)
25052 * Fix regression with default lock file and cache directories; threw visible
25053 warning with open_basedir
25056 == 1.8 Compatibility changes ==
25058 === Zend Optimizer ===
25060 A bug in some versions of PHP 5 and Zend Optimizer which was triggered under
25061 MediaWiki 1.8.x has been worked around by disabling some internal debugging
25062 features when Zend Optimizer is loaded. This should solve some common
25063 "blank page" problems.
25065 === PHP 5.0 64-bit ===
25067 MediaWiki now checks for a condition where PHP 5.0.x corrupts array data
25068 on 64-bit systems and warns you to upgrade PHP to solve the problem. This
25069 bug causes Special: pages to fail on affected systems under MediaWiki 1.8
25070 and higher, and subtler data corruption on earlier versions.
25072 The only known workaround is to upgrade PHP to 5.1 or later, which you
25073 probably should do anyway for security reasons!
25077 MediaWiki should now install and run correctly on MySQL 5.0 and higher when
25078 MySQL's "strict mode" is enabled. (This is now the default for many Windows
25079 installations, though it seems to remain off by default on Unix.)
25081 This fixes errors about "cannot default default value for BLOB/TEXT fields".
25083 === ImageMagick ===
25085 Note that ImageMagick older than 6.x may no longer work for image resizing
25086 due to use of the -thumbnail option.
25089 == 1.8 Behavior changes ==
25091 === Localized special pages ===
25093 The names of Special: pages can now be localized, so links and URLs to them
25094 are more legible in languages that aren't English.
25096 Not all languages have included localized names yet.
25098 === E-mail password ===
25100 Users are now required to set a new password for themselves when they first
25101 log in with a newly generated e-mailed password.
25103 Requesting passwords frequently is prevented to reduce abusive mailbombing.
25105 === Undo revision ===
25107 An "undo" link now appears in diff view for easier reverting of older edits.
25108 When GNU diff3 is available for edit conflict merging, this can make it much
25109 easier to "undo" the changes of an older edit when there are surrounding
25110 changes elsewhere in the page.
25112 The changes must be manually reviewed and approved, as with conventional
25113 full-revision reverts.
25117 User blocks can be set to disable the automatic blocking of IP addresses the
25118 account logs in with.
25121 == 1.8 Database changes ==
25123 * new 'redirect' table stores data on page redirects
25124 * new 'querycachetwo' table used for some cached special pages
25125 * 'ipblocks' table adds 'ipb_enable_autoblock'
25126 * 'recentchanges' table adds 'rc_old_len', 'rc_new_len' for size tracking
25127 * 'user' table has added 'user_newpass_time' and 'user_editcount' fields
25128 * some indexes have been updated on 'recentchanges'
25130 == 1.8 Configuration changes ==
25132 Several configuration options have changed since 1.8:
25134 === $wgEnableAPI ===
25136 The experimental machine API interface is now enabled by default, read-only.
25137 You can disable it by setting $wgEnableAPI = false; in LocalSettings.php.
25139 === $wgPathInfo ===
25141 The use of PATH_INFO (the text after the script name in 'index.php/Blah')
25142 is controlled by the $wgUsePathInfo setting. This is now explicitly disabled
25143 for CGI, apache2filter, and ISAPI configurations of PHP, for more consistency
25144 with the autodetection from the installer.
25146 In some rarer configurations you may have to switch $wgUsePathInfo from false
25147 to true or, perhaps, from true to false to make things work properly if bad
25148 PATH_INFO data comes through the server.
25150 The wiki now tries to detect this condition and should show you an error
25151 message describing what to change instead of sending the browser into an
25152 infinite redirect loop.
25154 === $wgScript and other path settings ===
25156 The following configuration variables are now automatically set in Setup.php
25157 if they are not overridden in LocalSettings.php:
25159 from $wgScriptPath:
25161 | \- $wgArticlePath
25162 + $wgRedirectScript
25169 - $wgStyleDirectory
25170 + $wgUploadDirectory
25171 \- $wgMathDirectory
25174 Newly generated configuration files will by default include only $wgScriptPath
25175 (hardcoded from the installer) and $IP (detected at runtime).
25177 Old configuration files which specify all these values explicitly should
25178 continue to work just fine, but if you use the defaults you can remove them
25181 === $wgGroupPermissions ===
25183 The sysop group now holds the "autopatrol" and "ipblock-exempt" rights by
25186 "autopatrol" replaces the preference for marking ones own edits patrolled
25187 by default; users holding this permission will automatically have their
25188 edits patrolled, while others cannot mark their own edits as patrolled
25189 even if they have patrolling rights.
25191 "ipblock-exempt" excludes the user from IP blocks; accounts which are blocked
25192 explicitly by name will still be blocked, however. This is given to sysops
25193 to minimize annoyance from accidental "collateral damage"; remember that a
25194 sysop will be able to lift the block if they desire.
25196 The bot group now holds the "nominornewtalk" right. A user with this right
25197 will not trigger new message notifications when making minor edits to user
25198 talk pages. This is meant to minimize annoyance from maintenance bot
25201 === $wgUseWatchlistCache ===
25203 Watchlist caching has been removed. The feature was not maintained, and has
25204 been unnecessary since switching to the 'recentchanges' database table
25205 reduced server pressure for Wikipedia's watchlists.
25207 === $wgBreakFrames ===
25209 MediaWiki in the past attempted to detect when it was embedded in a frameset
25210 and "break out" of it, assuming it to be hostile.
25212 This behavior is now disabled by default, but can be reenabled by setting
25213 $wgBreakFrames to true in LocalSettings.php.
25216 == 1.8 New settings ==
25218 === $wgVariantArticlePath ===
25220 For languages with script variant support (Chinese, Serbian, and others),
25221 it's possible to use alternate URL paths to select the variant for article
25222 display, setting $wgVariantArticlePath.
25224 Documentation for this setting would be useful.
25226 === $wgMaxMsgCacheEntrySize ===
25228 The message cache can now skip items larger than a given size; this allows
25229 it to better handle the primary caching case when large CSS and JS blobs are
25232 === $wgStyleVersion ===
25234 When making significant changes to skin stylesheets and JavaScript files,
25235 you can append a string to this variable to tweak the generated URLs,
25236 forcing newly rendered pages to bring in a fresh version despite server-
25237 or browser-side caching.
25239 Normally this will be set in the course of MediaWiki development, but
25240 if doing development on a custom skin you may wish to poke it as well.
25242 === $wgRCShowChangedSize ===
25244 Special:Recentchanges and Special:Watchlist now show the number of bytes
25245 added or removed to an article to give an idea of the size of the edit.
25246 This information was previously available only in the IRC update feeds.
25248 To disable this site-wide, set $wgRCShowChangedSize to false.
25249 (Individual users can suppress the data in custom CSS.)
25251 Adjust $wgRCChangedSizeThreshold to trigger highlighting of particularly
25254 The formatting of the size figure can be adjusted through the
25255 [[MediaWiki:Rc-change-size]] message.
25257 === $wgQueryCacheLimit ===
25259 The number of rows stored for "expensive" special pages in miser mode
25260 can now be adjusted up or down from the default 1000.
25262 === $wgDisableQueryPageUpdate ===
25264 Individual "expensive" special pages can be skipped in processing by
25265 updateSpecialPages if added to this list.
25267 === $wgSorbsUrl ===
25269 The base hostname for the DNS-based proxy blacklist can now be overridden
25270 when $wgEnableSorbs is set, to use a different blacklist instead of SORBS.
25271 The blacklist would need to respond the same was as SORBS; any positive
25272 response will be taken as a proxy.
25274 === $wgAjaxWatch ===
25276 Experimental AJAX mode for the watch/unwatch tabs to execute inline.
25277 Does not include the UI messages describing how to reach the watchlist,
25278 so you may not want it on a general-audience site just yet.
25280 === $wgParserTestFiles ===
25282 MediaWiki's parser test suite can now be expanded with additional test
25283 files. Custom extensions can add their test files to this array, and
25284 they will be run along with the main tests by maintenance/parserTests.php
25288 == MediaWiki 1.8.5 ==
25292 This is a security fix update to the Fall 2006 quarterly release snapshot. A
25293 possible HTML/XSS injection vector in the API pretty-printing mode has been
25296 The vulnerability may be worked around in an unfixed version by simply
25297 disabling the API interface if it is not in use, by adding this to
25300 :[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;
25302 (This is the default setting in 1.8.x.)
25304 Not vulnerable versions:
25310 Vulnerable versions:
25311 * 1.11 <= 1.11.0rc1
25314 * 1.8 <= 1.8.4 (if $wgEnableAPI has been switched on)
25316 MediaWiki 1.7 and below are not affected as they do not include the faulty
25317 function, however the BotQuery extension is similarly vulnerable unless updated
25318 to the latest SVN version.
25320 == MediaWiki 1.8.4 ==
25324 This is a security and bug-fix update to the Fall 2006 quarterly release.
25326 An XSS injection vulnerability based on Microsoft Internet Explorer's UTF-7
25327 charset autodetection was located in the AJAX support module, affecting MSIE
25328 users on MediaWiki 1.6.x and up when the optional setting
25329 [[Manual:$wgUseAjax|$wgUseAjax]] is enabled.
25331 If you are using an extension based on the optional Ajax module, either disable
25332 it or upgrade to a version containing the fix:
25333 * 1.9: fixed in 1.9.3
25334 * 1.8: fixed in 1.8.4
25335 * 1.7: fixed in 1.7.3
25336 * 1.6: fixed in 1.6.10
25338 There is no known danger in the default configuration, with $wgUseAjax off.
25340 * (bug [[bugzilla:8819|8819]]) Fix full path disclosure with skins dependencies
25341 * Add 'charset' to Content-Type headers on various HTTP error responses to
25342 forestall additional UTF-7-autodetect XSS issues. PHP sends only 'text/html' by
25343 default when the script didn't specify more details, which some inconsiderate
25344 browsers consider a license to autodetect the deadly, hard-to-escape UTF-7.
25345 This fixes an issue with the Ajax interface error message on MSIE when
25346 [[Manual:$wgUseAjax|$wgUseAjax]] is enabled (not default configuration); this
25347 UTF-7 variant on a previously fixed attack vector was discovered by Moshe BA
25348 from BugSec: http://www.bugsec.com/articles.php?Security=24
25349 * Trackback responses now specify XML content type
25351 == MediaWiki 1.8.3 ==
25355 MediaWiki 1.8.3 fixes several issues in the Fall 2006 snapshot release:
25357 * ([[mediazilla:7831|7831]]) Regression in AutoAuthenticate hook
25358 * Run PHP install version checks on update.php so command-line updaters see new
25359 version requirements
25360 * Do a check for the PHP 5.0.x 64-bit bug, since this is much more disruptive
25361 as of MW 1.8 than it used to be. Install or upgrade now aborts with a warning
25362 and a request to upgrade.
25363 * XSS fix in AJAX module
25365 An XSS injection vulnerability was located in the AJAX support module,
25366 affecting MediaWiki 1.6.x and up when the optional setting $wgUseAjax is
25369 There is no danger in the default configuration, with $wgUseAjax off.
25371 If you are using an extension based on the optional AJAX module, either disable
25372 it or upgrade to a version containing the fix:
25374 == MediaWiki 1.8.2 ==
25378 MediaWiki 1.8.2 fixes several issues in the Fall 2006 snapshot release:
25380 * ([[mediazilla:7565|7565]]) Fixed typos in German localisation
25381 * ([[mediazilla:7562|7562]]) Fix non-ASCII namespaces on Windows/XAMPP servers
25383 == MediaWiki 1.8.1 ==
25387 MediaWiki 1.8.1 fixes several issues in the Fall 2006 snapshot release:
25389 * Fix PHP notice and estimates for dumpBackup.php and friends
25390 * Improved register_globals paranoia checks
25391 * ([[mediazilla:7545|7545]]) Fix PHP version check on install
25392 * Experimental web API disabled by default
25393 * Disable PHP exception backtrace printing unless $wgShowExceptionDetails is
25394 set. Backtraces may contain sensitive information in function call parameters.
25396 == MediaWiki 1.8.0 ==
25400 This is the quarterly release snapshot for Fall 2006. While the code has been
25401 running on Wikipedia for some time, installation and upgrade bits may be less
25402 well tested. Bug fix releases may follow in the coming days or weeks.
25404 MediaWiki is now using a "continuous integration" development model with
25405 quarterly snapshot releases. The latest development code is always kept "ready
25406 to run", and in fact runs our own sites on Wikipedia.
25408 Release branches will continue to receive security updates for about a year
25409 from first release, but nonessential bugfixes and feature development happen
25410 will be made on the development trunk and appear in the next quarterly release.
25412 Those wishing to use the latest code instead of a branch release can obtain it
25413 from source control: [[Download from SVN]]
25415 == Configuration changes ==
25416 * $wgUseETag, to enable/disable sending of HTTP ETag headers (default: disabled)
25417 * $wgLegalTitleChars now includes '+' by default for better compatibility with
25418 importing data dumps from Wikipedia
25419 * $wgDefaultUserOptions now includes all default option settings instead of
25422 == Major new features ==
25423 * ([[mediazilla:7098|7098]]) Add an option to disable/enable sending of HTTP
25424 ETag headers, as it seems to result in broken behaviour in combination with
25425 Squid 2.6 (disabled by default).
25426 * ([[mediazilla:550|550]]) Allow blocks on anonymous users only.
25427 * ([[mediazilla:6420|6420]]) Render thumbnails for DJVU images, support
25428 multipage DJVU display on image pages. Added new 'page=' thumbnail option to
25429 select a page from a multipage djvu for thumbnail generation.
25430 * Full Postgres support is now enabled. It requires version 8.1 or better, and
25431 needs to have both plpgsql and tsearch2 already installed.
25432 * ([[mediazilla:6386|6386]]) fix grammatical errors in danish naming of talk
25435 == Changes since 1.7 ==
25437 * Introduced AjaxResponse object, superceding AjaxCachePolicy
25438 * Changes to sajax_do_call: optionally accept an element to fill instead of a
25439 callback function; take the target function or element as a third parameter;
25440 pass the full XMLHttpRequest object to the handler function, instead of just
25441 the resultText value; use HTTP response codes to report errors.
25442 * (bug 6562) Removed unmaintained ParserXml.php for now
25443 * History paging overlap bug fixed
25444 * (bug 6586) Regression in "unblocked" subtitle
25445 * Don't put empty-page message into view-source when page text is blank
25446 * (bug 6587) Remove redundant "allnonarticles" message
25447 * Block improvements: Allow blocks on anonymous users only. Optionally allow
25448 or disallow account creation from blocked IP addresses. Prevent duplicate
25449 blocks. Fixed the problem of expiry and unblocking erroneously affecting
25450 multiple blocks. Fixed confusing lack of error message when a blocked user
25451 attempts to create an account. Fixed inefficiency of Special:Ipblocklist in
25452 the presence of large numbers of blocks; added indexes and implemented an
25454 * (bug 6448) Allow filtering of Special:Newpages according to username
25455 * (bug 6618) Improve permissions/error detection in Special:Lockdb
25456 * Quick hack for extension testing: parser test doesn't create new message
25458 * (bug 6299) Maintain parser's revision ID across recursive calls to fix
25459 {{REVISIONID}} when Cite extension is used
25460 * (bug 6622) Removed deprecated function Image::newFromTitle
25461 * (bug 6627) Fix regression in Special:Ipblocklist with table prefix
25462 * Removed forced dereferencements (new() returns a reference in PHP5)
25463 * Note about $wgUploadSizeWarning using byte
25464 * (bug 6592) Add most viewed pages summary to Special:Statistics
25465 * Pre-strip characters ignored in IDNs from URLs so they can't be used
25466 to break the blacklists for regular URLs
25467 * Fix regression in blocking of user accounts
25468 * (bug 6635) Fix regression searching for range blocks on Ipblocklist
25469 * Fix regression searching Ipblocklist with ugly URLs
25470 * (bug 6639) Use a consistent default for upload directories
25471 * Preserve entered reason when reporting unconfirmed lock on Special:Lockdb
25472 * (bug 6642) Don't offer to unlock the database when it isn't locked
25473 * cleanupTitles.php changed from --dry-run option to --fix, so default
25474 behavior is now a non-invasive check as with namespaceDupes.php
25475 * (bug 6660) Fix behavior of EditPage::blockedPage() when the article does
25476 not exist; now doesn't show the source box if the user hasn't provided it
25477 (blocked mid-edit) and the page doesn't exist
25478 * Improve default value of "blockedtext"
25479 * (bug 6680) Added localisation for Dutch bookstore list (nl)
25480 * Renamed maintainace script redundanttrans.php to unusedMessages.php - clearer
25482 * Fix regression which allowed some blocked users to create additional accounts
25483 * (bug 6657) Fix Hungarian linktrail
25484 * (bug 6751) Fix preview of blanked section with edit on first preview option
25485 * (bug 5456) Separate MediaWiki:Search into messages for both noun and verb,
25486 introduced 'MediaWiki:Searchbutton'
25487 * Made lines from initialiseMessages() appear as list items during installation
25488 * Moved the bulk of the localisation data from the Language*.php files to the
25489 Messages*.php files. Deleted most of the Languages*.php files.
25490 * Introduced "stub global" framework to provide deferred initialisation of core
25492 * Removed placeholder values for $wgTitle and $wgArticle, these variables will
25493 now be null during the initialisation process, until they are set by index.php
25494 or another entry point.
25495 * Added DBA cache type, for BDB-style caches.
25496 * Removed custom date format functions, replacing them with a format string in
25497 the style of PHP's date(). Used string identifiers instead of integer
25498 identifiers, in both the language files and user preferences. Migration should
25499 be transparent in most cases.
25500 * Simplified the initialisation API for LoadBalancer objects.
25501 * Removed the broken altencoding feature.
25502 * Moved default user options and toggles from Language to User. Language objects
25503 are still able to define default preference overrides and extra user toggles,
25504 via a slightly different interface.
25505 * Don't include the date option in the parser cache rendering hash unless
25506 $wgUseDynamicDates is enabled.
25507 * Merged LanguageUtf8 with Language. Removed LanguageUtf8.php.
25508 * Removed inclusion of language files from the bottom of Language.php. This is
25509 now consistently done from Language::factory().
25510 * Add the name of the executing maintenance script to the debug log. Start the
25511 profiler during maintenance scripts.
25512 * Added "serialized" directory, for storing precompiled data in serialized form.
25513 * Fix regression in auto-set NS_PROJECT_TALK namespace
25514 * Fix regression in ordering of namespaces
25515 * (bug 6806, 6030) Added several global JS variables for article path, user
25516 name, page title, etc.
25517 * hooks registered with addOnloadHook are now called at the one of the html body
25519 * Split ajax aided search from core ajax framework. Use wgUseAjax to enable the
25520 framework and wgAjaxSearch to enable the suggest feature for the search box.
25521 * Added experimental installer for extensions.
25522 See maintenance/installExtension.php
25523 * Added Tajic (tg) language file.
25524 * (bug 6903) Added Cantonese localisation (zh-yue)
25525 * Fix regression in Korean and Japanese date formatting (day of week)
25526 * (bug 6919) Add English alias magic words for Tatar (tt) language file.
25527 * (bug 6753) Fixed broken Kazakh linktrail (kk)
25528 * (bug 6700) Added Kazakh language variants to Names.php
25529 * (bug 6827) some i18n specific maintenance scripts fails after merge of
25530 localisation-work branch
25531 * Throwed an exception for the deprecated functions OutputPage::sysopRequired
25532 and OutputPage::developerRequired - use OutputPage::permissionRequired
25534 * Removed the deprecated functions User::isSysop, User::isBureaucrat and
25535 User::isDeveloper - use User::isAllowed instead.
25536 * (bug 769) OutputPage::permissionRequired() should suggest groups with the
25538 * (bug 6971) Fix regression in Special:Export history view
25539 * Revamped Special:Imagelist
25540 * (bug 7000) updated MessagesPl.php
25541 * (bug 6946) Fix unexpected behavior change with GET hits to Special:Export
25542 * (bug 1866) Improve navigation on Special:Listusers; user now a starting
25543 point as with Special:Allpages, rather than a pure limit.
25544 * Clean up tab order on Special:Blockip
25545 * (bug 5969) Clean up tab order on Special:Userlogin forms
25546 * (bug 3512) namespaceDupes now handles spaces and initial caps properly
25547 * (bug 7037) Fix regression in login tab order
25548 * (bug 7031) Report missing email on 'email password' instead of false success
25549 * (bug 7010) Don't send email notifications for watched talk pages when user
25550 has selected to receive only updates for their own talk page
25551 * Added {{CURRENTHOUR}}
25552 * Added [[:Image:Foo.png]] style links to the pagelinks table
25553 * Avoid duplicate revision imports with Special:Import
25554 * (bug 7054) Validate email address before sending email confirmation message
25555 * (bug 7061) Format title on "from (page)" links on Special:Allpages
25556 * (bug 7044) Introduce "padleft" and "padright" colon functions
25557 * Pass page title as parameters to "linkshere" and "nolinkshere" and update
25558 default message text
25559 * Allows to upload from publicy accessible URL. Set $wgAllowCopyUploads = true;
25560 in LocalSettings.php
25561 Limited to $wgMaxUploadSize (default:100MB); URL upload is limited to sysops
25562 by default, and displayed as a second line if appropriate
25563 * (bug 832) Return to user page after emailing a user
25564 * (bug 366) Add local-system-timezone equivalents for date/time variables
25565 * (bug 7109) Fix Atom feed version number in header links
25566 * (bug 7075) List registered parser function hooks on Special:Version
25567 * (bug 7059) Introduce "anchorencode" colon function
25568 * Include SVN revision number in {{CURRENTVERSION}} output, where applicable
25569 * Fix bug in wfRunHooks which caused corruption of objects in the hook list
25570 * (bug 4979) Use simplified email addresses when running on Windows
25571 * (bug 4434) Show block log fragment on Special:Blockip
25572 * [[MediaWiki:Disambiguationspage]] may optionally contain wiki links to any
25573 number of disambiguation templates.
25574 * [[Special:Disambiguations]] now shows pages in NS:0 that link to any pages
25575 that embed any of the templates listed at [[MediaWiki:Disambiguationspage]].
25576 * Fix formatting of titles on Special:Undelete
25577 * (bug 7026) Fix action=raw&templates=expand
25578 * (bug 6976) Add namespace and direction classes to classic skins
25579 * (bug 7144) Don't "return to main" from OutputPage::loginToUse() if the user
25580 can't read the main page in the first place
25581 * (bug 7188) Fix minor borkage in HTMLForm
25582 * (bug 6675) Replaced message 'watchthis' with new message 'watchthisupload in
25584 * Add a quickie script dumpSisterSites.php for generating a page list in the
25585 format for WSR-1 SisterSites support
25586 * (bug 7223) Monobook.js is used for site content, should not be localized
25587 * Set default disabled values for DjVu render options
25588 * Added Xml::option() for generating <option>s easily
25589 * Localized page numbers in drop-down for DjVu page selection
25590 * Fixed linktrail for vi
25591 * (bug 6893) "Call to a member function exists() on a non-object" on
25592 trackback.php with bad input
25593 * (bug 6886) PHP undefined offset on bad input to Special:Revisiondelete
25594 * (bug 6887) PHP error for call to getId() on bad input to
25595 Special:Revisiondelete
25596 * (bug 6888) PHP error for call to getTimestamp() on bad input to
25597 Special:Revisiondelete
25598 * (bug 7252) Use dvipng support in texvc math rastrization. dvipng is required
25599 if texvc is rebuilt.
25600 * (bug 7279) Use wfBaseName in place of basename() in more places
25601 * Clear newtalk marker on diff links with explicit current revision number
25602 * (bug 7064) Replace hard-coded empty message checks with wfEmptyMsg calls
25603 * (bug 6777) Remove some PHP 4 compat cruft
25604 * Add --user, --comment, and --license options to importImages.php
25605 * (bug 6216) The immobile namespace message does not mention the source page
25606 * (bug 7299) Normalize username filter on Special:Newpages
25607 * (bug 7306) RTL text in an LTR wiki breaks appearance of Special:Recentchanges
25608 * (bug 7312) Don't emit SET NAMES utf8 if connection failed
25609 * (bug 7305) Proper compare for bot check on RC notify, should fix overrides
25610 that force edits by non-bot users to bot mode
25611 * Set Vary: Cookie on action=raw generated CSS and JS, to ensure that user
25612 preferences don't get stuck in proxy caches for other people
25613 * (bug 7324) Fix error message for failure of Database::sourceFile()
25614 * (bug 7309) Plurals: use singular form for zero in French and Brazilian
25616 * Add page_no_title_convert field to support language variant conversion
25617 for page titles which shouldn't be converted on display/linking
25618 * Lazy extraction of text chunks in Revision objects, may reduce hits to
25619 external storage when actual text content is not used
25620 * Added experimental $wgRevisionCacheExpiry to cache extracted revision text
25621 in $wgMemc, to further reduce hits to external storage.
25622 Set to 0 (disabled) by default.
25623 * Minor changes to the installer.
25624 * Remove ":" for 'youremail' and 'yourrealname' in
25625 includes/templates/Userlogin.php so that ":" could be used in i18n for
25626 Special:Preferences (like 'username' and 'uid').
25627 * Fix layout for Special:Preferences->Date and Time (position for
25629 * Updates to language variant code for Serbian et al
25630 * (bug 6756) Enabling RTL direction for kk-cn
25631 * (bug 6701) Kazakh language variants in MessagesEn.php
25632 * (bug 7335) SVN revision check in Special:Version fails on SVN 1.4 working copy
25633 * (bug 6518) Replaced 'lastmodified' with 'lastmodifiedat' and 'lastmodifiedby'
25634 with 'lastmodifiedatby' with separated parameters for date and time to allow
25635 better localisation. Updated all message files to display the old format for
25637 * (bug 7357) Make supposedly static methods of Skin actually static
25638 * Added info text to Special:Deadendpages and Special:Lonelypages
25639 * Fix regression in cachability of generated CSS and JS for MonoBook skin,
25640 while avoiding clobbering of different users' cached data
25641 * (bug 6849) Block @ from usernames; interferes with multi-database tools and
25642 was meant to be banned years ago... For now existing accounts will not be
25643 prevented fromm login.
25644 * (bug 6092) Introduce magic words {{REVISIONDAY}}, {{REVISIONDAY2},
25645 {{REVISIONMONTH}}, {{REVISIONYEAR}} and {{REVISIONTIMESTAMP}}
25646 * (bug 7425) Preceeding whitespace in [[...]] breaks subpages
25647 * Try to reconnect after transitory database errors in dumpTextPass.php
25648 * (bug 6023) Fixed mismatch of 0/NULL for wl_notificationtimestamp; now
25649 notification mails are working after 'Mark all pages visited' button on
25650 Special:Watchlist is clicked
25651 * Made {{INT:}} a core parser function instead of a special case. The syntax
25652 and behavior is largely unchanged.
25653 * (bug 7448) Fixing the native name for Ewe (ee)
25654 * (bug 6864) Replace message 'editing' with new message 'editinguser' in
25655 Special:Userrights to allow better localisation
25656 * Add '*-summary' for special pages to MessagesEn.php to allow
25657 customizing/translation directly through Special:Allmessages
25658 * (bug 6130, bug 5818) Replaced message 'go' with the new message
25659 'searcharticle' in skins to allow better localisation
25660 * Add + to $wgLegalTitleChars by default. Some sites may have occasional
25661 problems with hard-to-reach pages, but it should be less trouble than
25662 "I can't import dumps from Wikipedia" complaints
25663 * (bug 7460) Revert broken patch for bug 7226 which slows down
25664 Special:Allmessages by a factor of 16
25665 * Committed a bunch of live hacks from Wikimedia servers
25666 * (bug 6889) PHP notices in thumb.php with missing params
25667 * Cleaner error behavior on thumb.php with invalid page selection
25668 * (bug 6617) Validate timestamps on Special:Undelete
25669 * Do fewer unnecessary full writes of user rows; only update user_touched
25670 for watch/unwatch, group membership change, and login operations
25671 * Restructured the languages directory, to avoid problems when people
25672 untar MW 1.8 over the top of a 1.7 installation.
25673 * (bug 6890) SQL query error on bad input to Pager lists
25674 due to negative LIMIT clause, caused by integer wraparound.
25675 * Fixed various bugs related to table prefixes, especially the interaction
25676 between table prefixes and memcached, which was formerly completely broken.
25677 * (bug 7004) PHP iconv() notice on bad password input to Special:Userlogin.
25678 * (bug 6826) Extend pre-save transform context link ("pipe trick")
25679 syntax to pages with commas in title
25680 * Use ImageMagick -thumbnail option instead of -resize to avoid including
25681 excessive metadata in thumbs (requires ImageMagick 6.0.0 or newer).
25682 * (bug 7499) Corrections to Swedish talk namespace names
25683 * (bug 7508) Added option to compress HTML pages by dumpHTML.php
25684 * (bug 7519) Add plural in SpecialWatchlist
25685 * (bug 7459) Magic word variables are always case sensitive
25686 * Replaced {{SERVER}}{{localurl:xxx}} with {{fullurl:xxx}} in localisation files
25687 * Fix regression in Special:Watchlist text header
25688 * (bug 7510) Update article counts etc on undelete
25689 * (bug 7520) Update article counts on XML import
25690 * (bug 7526) Make $wgDefaultUserOptions work again
25691 * (bug 7472) Localize Help namespace for Basque
25692 * (bug 7529) Including a non-existent category in an article places that article
25694 * (bug 4528) Lack of important LaTeX functions stackrel, rightleftharpoon
25695 * (bug 6721) missing symbols ulcorner, urcorner, llcorner, lrcorner,
25696 twoheadrightarrow, twoheadleftarrow
25697 * (bug 7367) Hyphens sometimes erroneously appended to equations when not
25699 * Add "title" to the opensearch link to allow automatic adding of the search
25700 engine in Firefox 2
25701 * (bug 7537) Add php5 to $wgFileBlacklist
25702 * (bug 6929) Restore AutoAuthenticate hook
25704 == Languages updated ==
25707 * Bavarian (bar) stub file
25709 * Bishnupriya (bpy) stub file
25710 * Brazilian Portuguese (pt-br)
25711 * Cantonese (zh-yue)
25728 * Mazandarani (mzn)
25742 == Compatibility ==
25743 MediaWiki 1.8 requires PHP 5 (5.1 recommended). PHP 4 is no longer supported.
25745 MySQL 3.23.x is no longer supported; some older hosts may need to upgrade. At
25746 this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases.
25749 Some minor database changes have been made since 1.7:
25750 * new fields and indexes on ipblocks
25751 * index change on recentchanges
25753 Several changes from 1.5 and 1.6 do require updates to be run on upgrade. To
25754 ensure that these tables are filled with data, run refreshLinks.php after the
25757 If you are upgrading from MediaWiki 1.4.x or earlier, some major database
25758 changes are made, and there is a slightly higher chance that things could
25759 break. Don't forget to always back up your database before upgrading!
25762 Some output, particularly involving user-supplied inline HTML, may not produce
25763 100% valid or well-formed XHTML output. Testers are welcome to set $wgMimeType
25764 = "application/xhtml+xml"; to test for remaining problem cases, but this is not
25765 recommended on live sites. (This must be set for MathML to display properly in
25770 == MediaWiki 1.7.3 ==
25774 This is a security and bug-fix update to the Summer 2006 quarterly release.
25776 An XSS injection vulnerability based on Microsoft Internet Explorer's UTF-7
25777 charset autodetection was located in the AJAX support module, affecting MSIE
25778 users on MediaWiki 1.6.x and up when the optional setting
25779 [[Manual:$wgUseAjax|$wgUseAjax]] is enabled.
25781 If you are using an extension based on the optional Ajax module, either disable
25782 it or upgrade to a version containing the fix:
25784 * 1.9: fixed in 1.9.3
25785 * 1.8: fixed in 1.8.4
25786 * 1.7: fixed in 1.7.3
25787 * 1.6: fixed in 1.6.10
25789 There is no known danger in the default configuration, with
25790 [[Manual:$wgUseAjax|$wgUseAjax]] off.
25792 * Add 'charset' to Content-Type headers on various HTTP error responses to
25793 forestall additional UTF-7-autodetect XSS issues. PHP sends only 'text/html' by
25794 default when the script didn't specify more details, which some inconsiderate
25795 browsers consider a license to autodetect the deadly, hard-to-escape UTF-7.
25796 This fixes an issue with the Ajax interface error message on MSIE when
25797 [[Manual:$wgUseAjax|$wgUseAjax]] is enabled (not default configuration); this
25798 UTF-7 variant on a previously fixed attack vector was discovered by Moshe BA
25799 from BugSec: http://www.bugsec.com/articles.php?Security=24
25800 * Trackback responses now specify XML content type
25802 == MediaWiki 1.7.2 ==
25806 * Note about $wgUploadSizeWarning using byte
25807 * Update to German bookstore list (de)
25808 * (bug [[bugzilla:6680|6680]]) Added localisation for Dutch bookstore list (nl)
25809 * (bug [[bugzilla:6708|6708]]) Minor updates to Russian translation (ru)
25810 * (bug [[bugzilla:6730|6730]]) Clearer usage of message 'titlematch' in German
25812 * Added direction mark to Special:Listredirects
25813 * XSS fix in AJAX module
25815 An XSS injection vulnerability was located in the AJAX support module,
25816 affecting MediaWiki 1.6.x and up when the optional setting
25817 [[Manual:$wgUseAjax|$wgUseAjax]] is enabled.
25819 There is no danger in the default configuration, with
25820 [[Manual:$wgUseAjax|$wgUseAjax]] off.
25822 If you are using an extension based on the optional AJAX module, either disable
25823 it or upgrade to a version containing the fix:
25825 * 1.9: fixed in 1.9.0rc2
25826 * 1.8: fixed in 1.8.3
25827 * 1.7: fixed in 1.7.2
25828 * 1.6: fixed in 1.6.9
25831 == MediaWiki 1.7.1 ==
25835 MediaWiki 1.7.1 is a security and bugfix maintenance release of the Summer 2006
25838 A potential HTML/JavaScript-injection vulnerability in a debugging script has
25839 been fixed. Only versions and configurations of PHP vulnerable to the $GLOBALS
25840 overwrite vulnerability are affected.
25842 As a workaround for existing installs, profileinfo.php may simply be deleted if
25843 it's not being used.
25845 * Fix for 'emailconfirmed' implicit user group
25846 * Fix for upgrades on some versions of MySQL 4.0.x
25847 * Fixed potential XSS in profileinfo.php
25848 * Installer now shows clear error message about old PHP versions rather than a
25849 confusing parse error
25851 == MediaWiki 1.7.0 ==
25854 This is the quarterly release snapshot for Summer 2006. While the code
25855 has been running on Wikipedia for some time, installation and upgrade
25856 bits may be less well tested. Bug fix releases may follow in the coming
25859 MediaWiki is now using a "[[w:en:Continuous_integration|continuous
25860 integration]]" development model with
25861 quarterly snapshot releases. The latest development code is always kept
25862 "ready to run", and in fact runs our own sites on Wikipedia.
25864 Release branches will continue to receive security updates for about a year
25865 from first release, but nonessential bugfixes and feature development happen
25866 will be made on the development trunk and appear in the next quarterly release.
25868 Those wishing to use the latest code instead of a branch release can obtain
25869 it from source control: [[Download from SVN]]
25871 == Changes since 1.6 ==
25873 * (bug 5458) Fix double-URL encoding in block log link in contribs and contribs
25875 * (bug 5462) Bogus missing patch warning in updater
25876 * (bug 5461) Use of deprecated "showhideminor" in Special:Recentchangeslinked
25877 * PHP warning when allow_call_time_pass_reference is off
25878 * Update to Finnish localization
25879 * (bug 5467) Link to page histories in watchlist edit mode
25880 * Further additions to Hebrew localisation
25881 * (bug 5476) Invalid xhtml in German localization
25882 * (bug 5479) Id translation for preferences tabs caption
25883 * (bug 5493) Id translation for special pages
25884 * Added skinname and style path parameters to CBT version of MonoBook
25885 * Include subversion revision number in Special:Version if available
25886 * (bug 5344) Fix regression that broke slashes in extension tag parameters
25887 * Improve Special:Log performance on big log sets
25888 * (bug 5507) Changed mediawiki:logouttext from plain to wikitext
25889 * (bug 4760) Prevent creation of entries in protection log when protection
25890 levels haven't changed
25891 * (bug 861) Show page protection/unprotection events in histories
25892 * (bug 5499) Don't clear the tag strip state when asked not to clear state.
25893 Fixes regression with use of <ref> in a template breaking <nowiki> etc.
25894 * Minor improvements to English language files
25895 * Display the anon talk page info message on anon talk pages again
25896 (moved outside the parser cache)
25897 * Optional {{DISPLAYTITLE|title with markup}} magic word
25898 Deactivated by default, set "$wgAllowDisplayTitle = true" in LocalSettings.php
25900 * Cleaned SpecialContributions a bit
25901 * Added a table to track interlanguage links
25902 * (bug 5544) Fix redirect arrow in Special:Listredirects for right-to-left
25904 * Replace "doubleredirectsarrow" with a content language check that picks the
25906 * (bug 5537) Add stub language file for Samogitian (bat-smg); inherits
25908 * Don't force edit summaries when a user is editing their own user/talk page
25909 * (bug 5510) Warning produced when using {{SUBPAGENAME}} in some namespaces
25910 * (bug 385) Installer support for PostgreSQL, fixes for PG compatibility
25911 * PersistentObject removed; it doesn't do anything and was broken besides.
25912 All extensions using it have been corrected.
25913 * Propagate ISBN number for Booksources in LanguageNo.php
25914 * (bug 5548) Improvements to Indonesian localisation [patch: Ivan Lanin]
25915 * Add TALKSPACE, SUBJECTSPACE, TALKPAGENAME, SUBJECTPAGENAME (and encoded forms
25916 for all) magic words
25917 * (bug 5403) Fix Special:Newpages RSS/Atom feeds
25918 * Reject malformed addresses in X-Forwarded-For entries
25919 * (bug 3359) Add hooks on completion of file upload
25920 * (bug 5559) Improve detection of ImageMagick [patch: Greg Turnquist]
25921 * (bug 5475) New pages feeds ignore "limit" argument
25922 * (bug 5184) CSS misapplied to elements in Special:Allmessages due to
25923 conflicting anchor identifiers
25924 * (bug 5519) Allow sidebar cache to be disabled; disable it by default.
25925 * Maintenance script to import the contents of a text file into a wiki page
25926 * Add $wgReservedUsernames configuration directive to block account creation/use
25927 * (bug 5576) Remove debugging hack in session check
25928 * (bug 5426) Lowercase treatment of titles in rights log leads to broken links
25930 * Minor improvements to French localisation files
25931 * (bug 5181) Update "nogomatch" for Slovak
25932 * (bug 5594) Id translation up to # Login and logout pages section
25933 * (bug 5536) Use content language for editing help link
25934 * Improvements to German localisation files
25935 * (bug 5570) Problems using <special page>/parameter link form for long titles
25936 * (bug 3884) Add $user parameter to AddNewUser hook, call it for by-email
25937 registrations as well as self-registrations.
25938 * (bug 4327) Report age of cached data sets in query pages
25939 * (bug 4662) Fix Safari check in wikibits.js
25940 * (bug 4663) Edit toolbar enabled in compatible versions of Safari
25941 * (bug 5572) Edit toolbar enabled in compatible versions of Konqueror (3.5+)
25942 * (bug 5235) Edit toolbar tooltips no longer show JavaScript junk in Opera
25943 * Edit toolbar now works in pure XHTML mode (application/xhtml+xml)
25944 * Add watchlist clear function to allow quick purging of all items
25945 * (bug 5625) Additional namespace translations for Welsh
25946 * Add meta tag and JavaScript variables to cached special pages which provides
25947 the timestamp of the last update, in YYYYMMDDHHMMSS format.
25948 * (bug 5628) More translations for MessagesHr.php
25949 * (bug 5595) Localisation for Bosnian language (bs)
25950 * (bug 2910) Default view preferences for watchlists
25951 * Add "hide bot edits from the watchlist" user preference
25952 * (bug 5250) Introduce Special:Unusedtemplates
25953 * Add user preference setting for an extended watchlist, showing all recent
25954 edits up to a certain edit, and not just the latest edit.
25955 * Made MessageRo.php more general
25956 * (bug 5640) Indonesian localisation improvements
25957 * (bug 5592) Actions are logged with the default language for the
25958 wiki, not the language of the user performing the operation.
25959 * (bug 5644) Error in LanguageBs.php file
25960 * (bug 5646) Compare for identical types in wfElement()
25961 * (bug 5472) Language::userAdjust()->minDiff not initialized on else condition
25962 * (bug 5386) LanguageMk.php: updated namespaces translations
25963 * (bug 5422) Stub for Romani (rmy) language which extends ro
25964 * Fix linktrail for LanguageSr
25965 * (bug 5664) Fix Bosnian linktrail
25966 * (bug 3825) Namespace filtering on Special:Newpages
25967 * (bug 1922) When Special:Wantedpages is cached, mark links to pages
25968 which have since been created
25969 * (bug 5659) Change grammar hacks for Bosnian Wikimedia namespaces.
25970 This sort of special casing should be removed and fixed properly.
25971 * Remove useless whitespace from Special:Brokenredirects header
25972 * Treat "allmessagesnotsupporteddb" as wikitext when echoing; change default
25974 * (bug 5497) Regression in HTML normalization in 1.6 (unclosed <li>,<dd>,<dt>)
25975 * (bug 5709) Allow customisation of separator for categories
25976 * (bug 5684) Introduce Special:Randomredirect
25977 * (bug 5611) Add a name attribute to the text box containing source text in
25979 * Indicate when a protected page is an interface message ("protectedinterface")
25980 * (bug 4259) Indicate when a protected page being edited is an interface message
25981 ("editinginterface")
25982 * (bug 4834) Fix XHTML output when using $wgMaxTocLevel
25983 * Pass login link to "whitelistedittext" containing 'returnto' parameter
25984 * (bug 5728): mVersion missing from User::__sleep() leading to constant cache
25986 * Updated maintenance/transstat.php so it can show duplicate messages
25987 * Improvements to update scripts; print out the version, check for superuser
25988 credentials before attempting a connection, and produce a friendlier error if
25989 the connection fails
25990 * (bug 5005) Fix XHTML <gallery> output.
25991 * (bug 5315) "Expires: -1" HTTP header made strictly valid (using 1970 date).
25992 * (bug 4825) note in DefaultSettings.php about 'profiling' table creation
25993 * Remove unneeded extra whitespace at top of Special:Categories
25994 * (bug 5679) time units are now using local numerals
25995 * (bug 5751) Updates to Portuguese localisation files
25996 * (bug 5741) Introduce {{NUMBEROFUSERS}} magic word
25997 * (bug 93) <nowiki> tags and tildes in templates
25998 * The returnto parameter is now actually used by SpecialUserlogin.php
25999 * Parser can now know that it is parsing an interface message
26000 * (bug 4737) MediaWiki:Viewcount supports {{PLURAL}} now
26001 * Fix bug in wfMsgExt under PHP 5.1.2
26002 * (bug 5761) Project talk namespace broken in Xal, Os, Udm and Cv
26003 * Rewrite reassignEdits script to be more efficient; support optional updates to
26004 recent changes table; add reporting and silent modes
26005 * Cleaned up formatNum usage in langfiles
26006 * (bug 5716) Warn when a user tries to upload a file which was previously
26008 * (bug 5565) Add a class attribute to the table on Special:Allpages
26009 * "lang=xx" option for parser test cases to set content language
26010 * (bug 5764) Friulian translation updated
26011 * (bug 5757) Fix premature cutoff in LanguageConverter with extra end markers
26012 * (bug 5516) Show appropriate "return to" link on blocked page
26013 * (bug 5377) Do not auto-login when creating an account as another user
26014 * (bug 5284) Special redirect pages should remember parameters
26015 * Suppress 7za output on dumpBackup
26016 * (bug 5338) Reject extra initial colons in title
26017 * (bug 5487) Escape self-closed HTML pair tags
26018 * Add "raw suffix" magic word for some magic words, e.g. {{NUMBEROFUSERS|R}}
26019 will produce a count minus formatting
26020 * Fix Parser::cleanSig() to use Parser::startExternalParse() and choose an
26021 appropriate output format given the scope of the clean
26022 * (bug 5593) Change "bureaucrat log" to "rights log"
26023 * Show a boilerplate "(none)" in place of a blank within the log action text for
26025 * (bug 137) Commented out translations for copyrightwarning which mention GNU
26027 * (bug 5723) Don't count pages linked to from the MediaWiki namespace as
26029 * (bug 5696) Add a third parameter, $3, to "rcnote", passing the current time
26030 formatted according to the current user's settings
26031 * (bug 5780) Thousands and decimal separators for Norwegian
26032 * Updated initStats maintenance script
26033 * (bug 5767) Fix date formats in Vietnamese locale
26034 * (bug 361) URL in URL, they were almost fixed. Now they are.
26035 * (bug 4876) Add __NEWSECTIONLINK__ magic word to force the "new section"
26036 link/tab to show up on specific pages on demand
26037 * Bidi-aid on list pages
26038 * (bug 5782) Allow entries in the bad image list to use canonical namespace
26040 * (bug 5789) Treat "loginreqpagetext" as wikitext
26041 * Sanitizer: now handles nested <li> in <ul> or <ol>
26042 * (bug 5796) We require MySQL >=4.0.14
26043 * Add 'EmailConfirmed' hook
26044 * New findhooks.php script to find undocumented hooks.
26045 * Silently ignore errors on profiling table update.
26046 * (bug 5801) Correct handling of underscores in Special:Listusers
26047 * Clean up Special:Listusers; add an "(all)" label to the group selection box
26048 * (bug 5812) Use appropriate link colour in Special:Mostlinked
26049 * (bug 5802) {{CURRENTMONTHNAME}} variable broken in Vietnamese locale
26050 * (bug 5817) Appropriate handling for Special:Recentchangeslinked where the
26051 target page doesn't exist
26052 * Special:Randompage now additionally accepts English namespace name as
26054 * (bug 2981) Really fixed linktrail for Tamil (ta)
26055 * Disallow substituting Special pages when included into a page
26056 * (bug 5587) Clean up the languages from references to the Groups special page
26057 * Added new group-X and group-X-member messages
26058 * Rewritten removeUnusedAccounts to be more efficient, print names of inactive
26060 * Redirect Special:Userlist to Special:Listusers
26061 * Introduce $wgAllowTitlesInSVG, which allows the <title> attribute in uploaded
26062 files bearing the image/svg MIME type. Disabled by default due to the vast
26063 majority of web servers being hideously misconfigured. See DefaultSettings.php
26065 * Changed default LocalSettings.php to append the previous include path when
26067 * (bug 5837) Use "members" for the value descriptor in Special:Categories,
26068 Special:Wantedcategories and Special:Mostlinkedcategories.
26069 * (bug 3309) Allow comments when undeleting pages
26070 * Clean up Special:Undelete a bit
26071 * (bug 5805) messages nbytes, ncategories can now use {{plural:}}
26072 * Clean up Special:Imagelist a bit
26073 * (bug 5838) Namespace names for Nds-NL
26074 * (bug 5749) Added Tyvan language files
26075 * (bug 5791) Fix SQL syntax in Special:BrokenRedirects, was causing incorrect
26077 * (bug 5839) Prevent access to Special:Confirmemail for logged-out users
26078 * (bug 5853) Update for Portuguese messages (pt)
26079 * (bug 5851) Use Cyrillic for Kirghiz language name
26080 * (bug 5841) Allow the 'EditFilter' hook to return a non-fatal error message
26081 * (bug 5846) Link to individual group description pages in Special:Listusers
26082 * (bug 5857) Update for German localisation (de)
26083 * (bug 5858) Update for Russian language (ru)
26084 * (bug 5860) Update for Indonesian language (id)
26085 * (bug 1120) Update for Czech language (Cs)
26086 * Added many missing formatNum calls
26087 * Added grammar function to Belarusian (be)
26088 * (bug 5819) Add 'PersonalUrls' hook
26089 * (bug 5862) Update of Belarusian language (be)
26090 * (bug 5886) Update for Portuguese messages (pt)
26091 * (bug 5586) <gallery> treated text as links
26092 * (bug 5878) Update for Indonesian language (id)
26093 * (bug 5697) Update for Malay language (ms)
26094 * (bug 5890) Update for German language (de)
26095 * (bug 5889) Name for Sindhi language should appear as سنڌي
26096 * --force-normal parameter on dump scripts to force check for ICU extension
26097 * (bug 5895) Update for Dutch language (nl)
26098 * (bug 5891) Linktrail for Polish language (pl)
26099 * User::isBureaucrat , User::isDeveloper , User::isSysop deprecated in
26100 v1.6 now die with a backtrace. They will be removed in v1.8
26101 * dumpTextPass now skips goes to database for entries that were blank in the
26102 previous dump, as this may indicate a broken dump.
26103 * dumpTextPass progress includes percentage of items prefetched
26104 * dumpTextPass can now use 7zip files for prefetch
26105 * (bug 5915) Update to Indonesian localisation (id)
26106 * (bug 5913) Update for German localisation (de)
26107 * (bug 5905) Plural support for Bosnian localisation (bs)
26108 * Groups which won't hit the rate limiter now configurable with
26109 $wgRateLimitsExcludedGroups
26110 * (bug 5806) {{plural:}} support instead of "twin" MediaWiki messages
26111 * (bug 5931) Update for Polish language (pl)
26112 * Ignore the user and user talk namespaces on Special:Wantedpages
26113 * Introduce NUMBEROFPAGES magic word
26114 * (bug 5833) Introduce CURRENTVERSION magic word
26115 * (bug 5370) Allow throttling of password reminder requests with the rate
26117 * (bug 5683) Respect parser output marked as uncacheable when saving
26118 * (bug 5918) Links autonumbering now work for all defined protocols
26119 * (bug 5935) Improvement to German localisation (de)
26120 * (bug 5937) Register links from gallery captions with the parent parser output
26121 object so that link tables receive those updates too
26122 * (bug 5845) Introduce BASEPAGENAME and BASEPAGENAMEE magic words
26123 * (bug 5941) Use content language when getting the administrator page title for
26125 * (bug 5949) Update to Indonesian localisation (id)
26126 * (bug 5862) Update of Belarusian translation (be)
26127 * (bug 5950) Improvements to French localisation
26128 * (bug 5805) {{plural:}} support for counters in some special pages
26129 * (bug 5952) Improvement to German localisation (de)
26130 * Rename conflicting metadata help message to "metadata_help" (was "metadata")
26131 and treat it as wiki text
26132 * Improve preferences input filtering
26133 * Maintenance script to import multiple files into the wiki
26134 * (bug 5957) Update for Hebrew language (he)
26135 * (bug 5962) Update for Italian language (it)
26136 * (bug 5961) Update for Portuguese localisation (pt)
26137 * (bug 5849) Remove some hard-coded references to "Wikipedia" in messages
26138 * (bug 5967) Improvement to German localisation (de)
26139 * (bug 5962) Update for Italian language (it)
26140 * Suppress images in galleries which appear on the bad image list (when
26141 rendering for a wiki page; galleries in special pages and categories are
26143 * Maintenance script to remove orphaned revisions from the database
26144 * (bug 5991) Update for Russian language (ru)
26145 * (bug 6001) PAGENAMEE and FULLPAGENAMEE don't work in FULLURL and LOCALURL
26147 * (bug 5958) Switch Uzbek language name to use latin script
26148 * (bug 839) Add URLENCODE magic word
26149 * (bug 6004) Update for Polish language (pl)
26150 * (bug 5971) Improvement to German localisation (de)
26151 * (bug 4873) Don't overwrite the subtitle navigation when viewing a redirect
26152 page that isn't current
26153 * (bug 2203) Namespace updates for Thai
26154 * Fix breakage in parser test suite which caused incorrect reporting of the
26155 failure of {{NUMBEROFFILES}}. Now initialises the site_stats table with some
26156 dumb data. Updated the expected output for {{NUMBEROFARTICLES}} to reflect
26158 * (bug 6009) Use {{ns:project}} in messages where appropriate
26159 * (bug 6012) Update to Indonesian localisation (id)
26160 * (bug 6017) Update list of bookstores in German localisation files
26161 * (bug 5187) Allow programmatically bypassing username validation, for scripts
26162 * (bug 6025) SpecialImport: wrong message when no file selected
26163 * (bug 6015) EditPage: add spacing in the boxes "edit is minor" and "watch this"
26164 * (bug 6018) Userrights: new message when no user specified ('nouserspecified')
26165 * (bug 2015) Add "\sim" to ~ conversion for HTML rendering
26166 * (bug 6029) Improvement to German localisation (de)
26167 * (bug 5015) Update be: magic words
26168 * (bug 3974) Add parameter for site URL to "passwordremindertext"
26169 * (bug 6039) Update for Portuguese localisation (pt)
26170 * (bug 764) Add CREATE TEMPORARY TABLES to default database permissions
26171 * Big update to Swedish localisation (sv)
26172 * Use appropriate HTML functions to create the tool links on image pages, so
26173 they don't look garbled when tidy isn't on
26174 * (bug 5511) Fix URL-encoding of usernames in links on Special:Ipblocklist
26175 * (bug 6046) Update to Indonesian localisation (id) #15
26176 * (bug 5523) $wgNoFollowNsExceptions to allow disabling rel="nofollow" in
26177 specially-selected namespaces.
26178 * (bug 6055) Fix for HTML/JS injection bug in variable handler (found by Nick
26180 * Reordered wiki table handling and __TOC__ extraction in the parser to better
26181 handle some overlapping tag cases.
26182 * Only the first __TOC__ is now turned into a TOC
26183 * (bug 4610) Indicate patrolled status on watchlists and allow users to mark
26184 changes as patrolled using the diff links there
26185 * Add 'DiffViewHeader' hook called before diff page output
26186 * (bug 6051) Improvement to German localisation (de)
26187 * (bug 6054) Update to Indonesian localisation (id) #16
26188 * Add {{CURRENTTIMESTAMP}} magic word
26189 * (bug 6061) Improper escaping in some html forms
26190 * (bug 6065) Remove underscore when using NAMESPACE and TALKSPACE magics.
26191 * (bug 6074) Correct squid purging of offsite upload URLs
26192 * To simplify the lives of extension developers, the logging type arrays
26193 can now be appended to directly by an extension setup function. It is
26194 no longer necessary to write four separate functions just to add a
26196 * (bug 6057) Count "licenses" as a message (and show it in Special:Allmessages)
26197 * Added $wgGrammarForms global
26198 * Fixed hardcoded 'done.' when removing watchlist entries.
26199 * (bug 5962) Update for Italian language (it)
26200 * (bug 6086) Remove vestigial attempt to call Article::validate()
26201 * wfHostname() function for consistent server hostname use in debug messages
26202 * Send thumbnailing error messages to 'thumbnail' log group
26203 * wfShellexec() now accepts an optional parameter to receive the exit code
26204 * Failed, but not zero-length, thumbnail renderings are now removed.
26205 Should help clean up when rsvg fails in weird ways.
26206 * (bug 6081) Change description for Turkmen language
26207 * Increase robustness of parser placeholders; fixes some glitches when
26208 adjacent to identifier-ish constructs such as URLs.
26209 * Shut up the parser test whining about files in a temp directory.
26210 * (bug 6098) Add Aragonese language support (an)
26211 * (bug 6101) Update for Russian language (ru)
26212 * Add $wgIgnoreImageErrors to suppress error messages for thumbnail rendering
26213 problems. If errors are transitory, this should reduce annoying messages
26214 making it into cached display.
26215 * (bug 6103) Wrap self-links in a CSS class ("selflink")
26216 * (bug 6102) For consistency with other markup, normalize all HTML-encoded
26217 character entities in URLs, not just ampersands. This allows use of eg
26218 = when making URLs for template parameters.
26219 * Markup anality: escape </ as <\/ in toolbar javascript for pure correctness
26220 under HTML-compatible browsers.
26221 * (bug 5077) Added hook 'BeforePageDisplay' to SkinTemplate::outputPage
26222 * Replace fatally changed 'uploadnewversion' with 'uploadnewversion-linktext'
26223 * (bug 472) Syndication feeds for the last few edits of page history
26224 * Format edit comments in Recent Changes feed
26225 * Switch incorrectly ordered column headers on Recent Changes feed diffs
26226 * (bug 6117) Use message for history feed description, add German localization
26227 * (bug 1017) fixed thumbnails of animated gifs.
26228 * Add APC as object caching option
26229 * Update to Albanian localization (sq)
26230 * (bug 6099) Introduce {{DIRECTIONMARK}} magic word (with {{DIRMARK}} as an
26232 * Use optimized php5-only microtime()
26233 * Add possibility to store local message cache as PHP executable script
26234 * Fix profiling table definition
26235 * (bug 6040) Run pre-save transform before calculating the diff. when doing a
26236 "show changes" operation in the editor
26237 * (bug 4033) Respect $wgStyleDirectory when checking available skins
26238 * Remove hideous backslashes from MessagesBr.php
26239 * Fix APC object cache issues, add functionality to installer
26240 * (bug 6133) Update strip state as we work. This mostly fixes extensions
26241 used in Cite.php <ref> tags when Tidy is on.
26242 * (bug 6139) Workaround for transclusion oddities in Vietnamese upload text
26243 * (bug 6136) Update to Catalan language (ca)
26244 * Update to Japanese localization (ja)
26245 * Add /usr/local/bin to the diff3 search paths in the installer
26246 * (bug 6106) Update to Indonesian localisation (id) #17
26247 * (bug 6125) Add links to edit old versions to diff views
26248 * (bug 5127) Auto edit summary when creating/editing redirect page
26249 * (bug 3926) Introduce {{#language:}} magic word
26250 * Fix section links from edit comments for [[:Image:Bla.jpg]] in section titles
26251 * (bug 6126) Allow fallback to customized primary language when user language
26252 message contains '-'; fixes licenses selector on Commons configuration after
26253 recent addition of the message to Messages.php
26254 * (bug 5527) Batch up job queue insertions for, hopefully, better survivability
26255 of lock contention etc. Duplicates are now removed at pop time instead of
26257 * When showing the "blah has been undeleted" page, make sure it's a blue link
26258 * parserTests.php accepts a --file parameter to run an alternate test sutie
26259 * parser tests can now test extensions using !!hooks sections
26260 * Fix oddity with open tag parameters getting stuck on </li>
26261 * (bug 5384) Fix <!-- comments --> in <ref> extension
26262 * Nesting of different tag extensions and comments should now work more
26263 consistently and more safely. A cleaner, one-pass tag strip lets the
26264 'outer' tag either take source (<nowiki>-style) or pass it down to
26265 further parsing (<ref>-style). There should no longer be surprise
26266 expansion of foreign extensions inside HTML output, or differences
26267 in behavior based on the order tags are loaded.
26268 * (bug 885) Pre-save transform no longer silently appends close tags
26269 * Pre-save transform no longer changes the case of close tags
26270 * (bug 6164) Fix regression with <gallery> resetting <ref> state
26271 * Hackaround for IE 7 wrapping bug in MonoBook footer
26272 * New message sp-newimages-showfrom replaces rclistfrom on special:newimages
26273 * Improve handling of ;: definition list construct with overlapping or
26275 * (bug 6171) Fix sanitizing of HTML-elements with an optional closing
26276 tag. The sanitizer still needs to learn how to make well-formed XML
26278 * Fix fatal error when specifying illegal name for manual thumbnail
26279 * (bug 6184) Use shinier Linker::userLink() to make user links in
26281 * (bug 6170) Update for Kashubian translation (csb)
26282 * (bug 6191) Update to Indonesian translation (id) #18
26283 * (bug 6114) Update to Walloon localization (wa)
26284 * Added $wgNamespaceRobotPolicies to allow customisation of robot policies on a
26285 per-namespace basis.
26286 * Add <ol> to the list of block elements for doBlockLevels; avoids <p>s being
26287 interspersed into your ordered lists.
26288 * (bug 5021) Transcluding the same special page twice now works
26289 * Add 'SiteNoticeBefore' and 'SiteNoticeAfter' hooks
26290 * (bug 6182) Date passed in "sp-newimages-showfrom" not adjusted to user time
26292 * (bug 2587) Fix for section editing with comment prefix
26293 * (bug 2607) Fix for section editing with mix of wiki and HTML headings
26294 * (bug 3342) Fix for section editing with headings wrapped in <noinclude>
26295 * (bug 3476) Fix for section editing with faux headings in extensions
26296 * (bug 5272) Fix for section editing with HTML-heading subsections
26297 * Fix for bogus wiki headings improperly detected with following text
26298 * Fix for HTML headings improperly not detected with preceding/following text
26299 * Section extraction and replacement functions merged into one implementation
26300 on the Parser object, so they can't get out of sync with each other.
26301 * Edit security precautions in raw HTML mode, etc
26302 * (bug 6197) Update to Indonesian translation (id) #19
26303 * (bug 6175) Improvement to German translation (de)
26304 * Redirect Special:Logs to Special:Log
26305 * (bug 6206) Linktrail for Swedish localization (se)
26306 * (bug 3202) Attributes now allowed on <pre> tags
26307 * Sanitizer::validateTagAttributes now available to discard illegal/unsafe
26308 attribute values from an array.
26309 * (bug 3837) Leave <center> as is instead of doing an unsafe text replacement
26310 to <div class="center">. <center> is perfectly valid in the target doctype
26311 (XHTML 1.0 Transitional), while the replacement didn't catch all cases and
26312 could even result in invalid output from valid input.
26313 * (bug 4280) Use 'noindex,nofollow' instead of 'noindex,follow' for default
26314 meta robots tag on diff view and special pages. Should reduce impact of
26315 robots on scrolling special pages, diffs etc on sites where robots.txt
26316 doesn't forbid access.
26317 * Regression fix: suppress warning about session failure when clicking to
26318 edit with 'preview on first edit' enabled.
26319 * (bug 6230) Regression fix: <nowiki> in [URL link text]
26320 * Added AutoLoader.php, which loads classes without need of require_once()
26321 * (bug 5981) Add plural function Slovenian (sl)
26322 * (bug 5945) Introduce {{CONTENTLANGUAGE}} magic word
26323 * {{PLURAL}} can now take up to five forms
26324 * (bug 6243) Fix email for usernames containing dots when using PEAR::Mail
26325 * Remove a number of needless {{ns:project}}-type transforms from messages
26326 files. These usages already have separate label text. Such transforms are
26327 wasteful on each page view.
26328 * Update to Yiddish localization (yi)
26329 * (bug 6254) Update to Indonesian translation (id) #20
26330 * (bug 6255) Fix transclusions starting with "#" or "*" in HTML attributes
26331 * Whitespace now normalized more or less properly in HTML attributes
26332 * Fix regression(?) in behavior of initial-whitespace-pre in <center>
26333 * (bug 6260) Update to Interlingua localization (ia)
26334 * Update to Vlax Romany localization (rmy)
26335 * Update to Latin translation (la)
26336 * Update to Dutch translation (nl)
26337 * Avoid some notices in page history with bad input
26338 * Use double quoted consistently on attributes in linker output; preparing
26339 for new normalization code when tidy not in use
26340 * Replace "nogomatch" with "noexactmatch" and place the magic colon in the
26341 messages themselves. Some minor tweaks to the actual message content.
26342 * Introduce $wgContentNamespaces which allows for articles to exist in
26343 namespaces other than the main namespace, and still be counted as valid
26344 content in the site statistics.
26345 * (bug 5932) Introduce {{PAGESINNAMESPACE}} magic word
26346 * Disable $wgAllowExternalImages by default.
26347 * (bug 2700) Nice things like link completion and signatures now work in
26349 * Cancel output buffering in StreamFile; when used inside gzip buffering this
26350 could cause funny timeout behavior as the Content-Length was wrong.
26351 * Return correct content-type header with 304 responses for StreamFile;
26352 it confuses Safari if you let it return "text/html".
26353 * (bug 6280) Correct GRAMMAR for Slovenian localisation (sl)
26354 * (bug 6162) Change date format for Dutch Low Saxon (nds-nl)
26355 * (bug 6296) Update to Indonesian localisation (id) #21
26356 * Introduce EditFormPreloadText hook, see docs/hooks.txt for more information
26357 * (bug 4054) Add "boteditletter" to recent changes flags
26358 * Update to Catalan localization (ca)
26359 * (bug 2099) Deleted image files can now be archived and undeleted.
26360 Set $wgSaveDeletedFiles on and an appropriate directory path in
26361 $wgFileStore['deleted']['directory']
26362 * (bug 6324) Fix regression in enhanced RC alignment
26363 * Introduce {{NUMBEROFADMINS}} magic word
26364 * Update to Slovak translation (sk)
26365 * Update to Alemannic localization (gsw)
26366 * (bug 6300) Bug fixes for sr: variants
26367 * namespaceDupes.php can now accept an arbitrary prefix, for checking rogue
26368 interwikis and such. Not yet fully automated.
26369 * (bug 6344) Add Special:Uncategorizedimages page
26370 * (bug 6357) Update to Russian translation (ru)
26371 * Workaround possible bug in Firefox nightlies by properly removing the
26372 Content-Encoding header instead of sending explicit 'identity' value
26374 * (bug 6304) Show timestamp for current revision in diff pages
26375 * Vertically align current version with old version header in diff display
26376 * (bug 6174) Remove redundant "emailforlost" message
26377 * (bug 6189) Show an error to an unprivileged user trying to create account
26378 * (bug 6365) Show user information in the "old revision" navigation links
26379 * Introduce 'FetchChangesList' hook; see docs/hooks.txt for more information
26380 * (bug 6345) Update to Indonesian localisation (id) #22
26381 * (bug 6279) Add genitive month names to Slovenian localisation
26382 * (bug 6351) Update to German translation (de)
26383 * Respect language directionality when displaying arrow in
26384 Special:Brokenredirects
26385 * Remove unused "validation" table definitions from the schema files
26386 * (bug 6398) Work around apparent PCRE bug breaking section editing when
26387 massively-indented preformatted text immediately followed a header
26388 * (bug 6392) Fix misbehaving <br /> in preferences form
26389 * Add translated magic words to Hebrew localization
26390 * (bug 6396) Change name for Chuvash language
26391 * Introduce optional (off by default) language selector bar for user login
26392 and registration. Customisable via the "loginlanguagelinks" message, the
26393 links will preserve "returnto" values. If the user creates an account while
26394 using such a link, then the language in use will be saved as their language
26396 * Make sure '~~~' '~~~~' '~~~~~' are removed in Nickname preference.
26397 * Rename "ipusuccess" to "unblocked", change the format (now wiki text)
26398 * (bug 2316) Add "caption" attribute to <gallery> tag
26399 * Allow setting the skin object that ImageGallery will use; needed during parse
26400 operations (the skin must come from the ParserOptions, not $wgUser)
26401 * Fix notice in MacBinary detection debug data for files of certain lengths
26402 * (bug 6131) Add type detection for DjVu files, allowing them to be uploaded
26403 with validity checking and size detection. No inline thumbnailing yet,
26404 but could be added in the future.
26405 * (bug 6423) Don't update newtalk flag if page content didn't change (null edits
26406 were causing the newtalk flag to trigger inappropriately)
26407 * Parser functions are now set using magic words.
26408 * (bug 6428) Incorrect form action URL on Special:Newimages with hidebots = 0
26410 * (bug 4990) Show page source to blocked users on edits, or their modified
26411 version if blocked during an edit
26412 * (bug 5903) When requesting the raw source of a non-existent message page,
26413 return blank content (as opposed to the message key)
26414 * Improve default blank content of MediaWiki:Common.css and
26415 MediaWiki:Monobook.css
26416 * (bug 6434) Allow customisation of submit button text on Special:Export
26417 * (bug 6314) Add user tool links on page histories
26418 * Fix display of file-type icons in galleries when $wgIgnoreImageErrors is off
26419 * (bug 6438) Update to Indonesian translation (id) #23
26420 * Adding the language code parameter to the hook "LanguageGetMagic", to allow
26421 localizble extensions magic words.
26422 * Update to Romanian translation (ro)
26423 * Update to Esperanto translation (eo)
26424 * Check for preg_match() existence when installing and die out whining about
26425 PCRE if it's not there, instead of throwing a fatal error
26426 * (bug 672) Add MathAfterTexvc hook
26427 * Update to Piedmontese localization (pms)
26428 * dumpBackup can optionally compress via dbzip2
26429 * (bug 2483) Run link updates on change via XML import
26430 * (bug 2481) List imported pages during Special:Import
26431 * (bug 2482) Log and RC entries for Special:Import events
26432 * Allow fetching all revisions from transwiki Special:Import
26433 * Allow fetching all revisions from Special:Export GET request
26434 * Disable output buffering on Special:Export; should help with streaming
26435 large numbers of history items.
26436 * Allow setting a maximum number of revisions for history Special:Export;
26437 pages with more than $wgExportMaxHistory revisions are excluded from
26438 export when history is requested.
26439 * Fix transwiki import of pages with space in name
26440 * Save null edit when importing pages through Special:Import
26441 * Update to Korean translation (ko)
26442 * Show a more specific message when an anonymous user tries to access
26444 * (bug 3278) Paging links in Special:Prefixindex
26445 * Added Latvian localization (lv)
26446 * (bug 6472) Fix regression in Special:Export with multiple pages
26447 * Update to Macedonian translation (mk)
26448 * Allow page moves over historyless self-redirects. Such are usually created
26449 as part of namespace rearrangements, and it's easier to clean them up if
26450 we can move over them.
26451 * Show some error results in moveBatch.php
26452 * (bug 6479) Allow specification of the skin to use during HTML dumps
26453 * (bug 6461) Link to page histories in Special:Newpages
26454 * (bug 6484) Don't do message transformations when preloading messages for
26456 * (bug 6201) Treat spaces as underscores in parameters to {{ns:}}
26457 * (bug 6006) Allow hiding the password change fields using an authentication
26459 * (bug 6489) Use appropriate link colour on Special:Shortpages
26460 * Added formatnum magic word
26461 * Added Javanese localization (jv)
26462 * (bug 6491) Apply bad image list in category galleries
26463 * (bug 6488) Show relevant log fragment in Special:Movepage
26464 * Fix potential PHP notice in Special:Blockme when $wgBlockOpenProxies is true
26465 * Use mysql_real_escape_string instead of addslashes for string escaping in
26466 the MySQL Database class. This may fix some rare breakage with binary fields.
26467 Note that MediaWiki does not support the multibyte character sets where a
26468 "dumb" byte replacement can be actively dangerous; UTF-8 is always safe
26469 in this regard due to the bit patterns which make head and tail bytes
26471 * (bug 6497) Use $wgMetaNamespaceTalk for Esperanto if set
26472 * (bug 6498) Use localized forms for image size in Special:Undelete
26473 * (bug 6485) Update to Indonesian translation (id) #24
26474 * Extension messages translation is now possible.
26475 * Add target namespace override selector for transwiki imports.
26476 $wgImportTargetNamespace specifies the default, to be used for
26477 Wiktionary's 'Transwiki:' namespace etc.
26478 * (bug 6506) Update to German localisation (de)
26479 * (bug 502) Avoid silly tabs on bad title by using virtual special page
26480 * (bug 6511) Add diff links to old revision navigation bar
26481 * (bug 6511) Replace 'oldrevisionnavigation' message with
26482 'old-revision-navigation'
26483 * Fix regression in Polish genitive month forms
26484 * (bug 4037) Make input handling in Special:Allpages and Special:Prefixindex
26485 more consistent: Accept just a namespace prefix and a colon, reject input
26486 with interwiki prefixes, otherwise do what Title::makeTitleSafe() does.
26487 * (bug 6516) Update to Russian translation
26488 * New 'allpagesbadtitle' message for Special:Allpages, based on 'badtitletext'.
26489 * Rename "searchquery" to "searchsubtitle" and support wiki text in it
26490 * Introduce updateArticleCount maintenance script which uses a better check that
26491 reflects what Article::isCountable() tests for
26492 * Introduce 'BadImage' hook; see docs/hooks.txt for more information
26493 * Add "searchsubtitleinvalid" message for searches that are not valid titles.
26494 * (bug 5962) Update to Italian localisation
26495 * (bug 6530) Update to Indonesian localisation (id) #25
26496 * (bug 6523) Fix SVG issue in rebuildImages.php
26497 * (bug 6512) Link to page-specific logs on page histories
26498 * (bug 6504) Allow configuring session name with $wgSessionName
26499 * (bug 6185) Add standard user tool links to log page views
26500 * Update to Venetian translation (vec)
26501 * Update to Slovenian translation (sl)
26502 * Add standard user tool links to deleted revision list
26503 * Separate out EditPage's getContent bits from regular Article getContent.
26504 Cleans up read-only-mode warning on empty pages and neats up some code.
26505 * (bug 6565) Strict JavaScript writing
26506 * (bug 6570) Update to Indonesian localisation (id) #26
26507 * Added Telugu translation (te)
26508 * Update to Catalan translation (ca)
26509 * (bug 6560) Avoid PHP notice when trimming ISBN whitespace
26510 * Added namespace translation to Kannada (ka)
26511 * (bug 6566) Improve input validation on timestamp conversion
26512 * Implicit group "emailconfirmed" for all users whose email addresses are
26514 * (bug 6577) Avoid multiline parser breakage on <pre> with newline in attribute
26515 * (bug 6771) Make old revisions of MediaWiki pages available with action=raw
26518 == Compatibility ==
26519 MediaWiki 1.7 requires PHP 5 (5.1 recommended). PHP 4 is no longer supported.
26521 If you are unable to run PHP 5, you may have to stick with 1.6 for now.
26523 MySQL 3.23.x is no longer supported; some older hosts may need to upgrade.
26524 At this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases.
26526 Experimental Oracle support has been dropped as it is unmaintained.
26529 Several changes to the database have been made from 1.6:
26531 * A new "langlinks" table tracks interlanguage links
26532 * A new "filearchive" table stores information on deleted files
26533 * A new "querycache_info" table stores information on query page updates
26535 To ensure that these tables are filled with data, run refreshLinks.php after
26538 If you are upgrading from MediaWiki 1.4.x or earlier, some major database
26539 changes are made, and there is a slightly higher chance that things could
26540 break. Don't forget to always back up your database before upgrading!
26542 == Configuration changes ==
26544 Some configuration options have changed:
26545 * $wgAllowExternalImages now defaults to off for increased security.
26546 * $wgLocalTZoffset was in hours, it is now using minutes.
26547 * Extensions may register special pages via the $wgSpecialPages array without
26548 forcing an early load of the SpecialPage.php class file.
26550 == Major new features ==
26552 * Deleted files can now be archived and undeleted, if you set up an appropriate
26553 non-web-accessible directory. Set $wgSaveDeletedFiles on and an appropriate
26554 directory path in $wgFileStore['deleted']['directory']
26555 * Experimental PostgreSQL support has been updated. It may or may not be in
26556 usable shape; those interested in PostgreSQL are encouraged to follow 1.8
26560 Some output, particularly involving user-supplied inline HTML, may not
26561 produce 100% valid or well-formed XHTML output. Testers are welcome to
26562 set $wgMimeType = "application/xhtml+xml"; to test for remaining problem
26563 cases, but this is not recommended on live sites. (This must be set for
26564 MathML to display properly in Mozilla.)
26568 == MediaWiki 1.6.12 ==
26572 This is a security update to the Spring 2006 quarterly release.
26574 A number of cross-site scripting (XSS) security vulnerabilities were discovered
26575 in the web-based installer (config/index.php). These vulnerabilities all
26576 require a live installer -- once the installer has been used to install a
26577 wiki, it is deactivated.
26579 Note that cross-site scripting vulnerabilities can be used to attack any
26580 website in the same cookie domain. So if you have an uninstalled copy of
26581 MediaWiki on the same site as an active web service, MediaWiki could be used to
26582 attack the active service.
26584 If you are hosting an old copy of MediaWiki that you have never installed, you
26585 are advised to remove it from the web.
26587 == MediaWiki 1.6.11 ==
26591 This is a security update to the Spring 2006 quarterly release.
26593 David Remahl of Apple's Product Security team has identified a number of
26594 security issues in previous releases of MediaWiki. Subsequent analysis by the
26595 MediaWiki development team expanded the scope of these vulnerabilities. The
26596 issues with a significant impact are as follows:
26598 * An XSS vulnerability affecting Internet Explorer clients for all MediaWiki
26599 installations with uploads enabled. [CVE-2008-5250]
26600 * An XSS vulnerability affecting clients with SVG scripting capability (such as
26601 Firefox 1.5+), for all MediaWiki installations with SVG uploads enabled.
26603 * A CSRF vulnerability affecting the Special:Import feature, for all MediaWiki
26604 installations since the feature was introduced in 1.3.0. [CVE-2008-5252]
26606 XSS (cross-site scripting) vulnerabilities allow an attacker to steal an
26607 authorised user's login session, and to act as that user on the wiki. The
26608 authorised user must visit a web page controlled by the attacker in order to
26609 activate the attack. Intranet wikis are vulnerable if the attacker can
26610 determine the intranet URL, even if the attacker cannot access it.
26612 CSRF vulnerabilities allow an attacker to act as an authorised user on the
26613 wiki, but unlike an XSS vulnerability, the attacker can only act as the user in
26614 a specific and restricted way. The present CSRF vulnerability allows pages to
26615 be edited, with forged revision histories. Like an XSS vulnerability, the
26616 authorised user must visit the malicious web page to activate the attack.
26618 Rather than backport our SVG validation code to this ancient branch, we have
26619 instead disabled SVG uploads. To enable SVG uploads, please upgrade to
26620 MediaWiki 1.13.3 or later.
26622 The other two issues have been fixed.
26624 == MediaWiki 1.6.10 ==
26628 This is a security and bug-fix update to the Spring 2006 quarterly release.
26630 An XSS injection vulnerability based on Microsoft Internet Explorer's UTF-7
26631 charset autodetection was located in the AJAX support module, affecting MSIE
26632 users on MediaWiki 1.6.x and up when the optional setting $wgUseAjax is enabled.
26634 If you are using an extension based on the optional Ajax module, either disable
26635 it or upgrade to a version containing the fix:
26637 * 1.9: fixed in 1.9.3
26638 * 1.8: fixed in 1.8.4
26639 * 1.7: fixed in 1.7.3
26640 * 1.6: fixed in 1.6.10
26642 There is no known danger in the default configuration, with $wgUseAjax off.
26644 * ([[mediazilla:8819|bug 8819]]) Fix full path disclosure with skins
26646 * Add 'charset' to Content-Type headers on various HTTP error responses to
26647 forestall additional UTF-7-autodetect XSS issues. PHP sends only 'text/html' by
26648 default when the script didn't specify more details, which some inconsiderate
26649 browsers consider a license to autodetect the deadly, hard-to-escape UTF-7.
26650 This fixes an issue with the Ajax interface error message on MSIE when
26651 $wgUseAjax is enabled (not default configuration); this UTF-7 variant on a
26652 previously fixed attack vector was discovered by Moshe BA from BugSec:
26653 http://www.bugsec.com/articles.php?Security=24
26654 * Trackback responses now specify XML content type
26656 == MediaWiki 1.6.9 ==
26660 * ([[mediazilla:6621|bug 6621]]) Backported German translation for
26663 * ([[mediazilla:6680|bug 6680]]) Added localisation for Dutch bookstore list
26665 * ([[mediazilla:6730|bug 6730]]) Clearer usage of message 'titlematch' in
26666 German translation (de)
26667 * XSS fix in AJAX module
26669 An XSS injection vulnerability was located in the AJAX support module,
26670 affecting MediaWiki 1.6.x and up when the optional setting $wgUseAjax is
26673 There is no danger in the default configuration, with $wgUseAjax off.
26675 If you are using an extension based on the optional AJAX module, either disable
26676 it or upgrade to a version containing the fix:
26678 * 1.9: fixed in 1.9.0rc2
26679 * 1.8: fixed in 1.8.3
26680 * 1.7: fixed in 1.7.2
26681 * 1.6: fixed in 1.6.9
26683 == MediaWiki 1.6.8 ==
26687 MediaWiki 1.6.8 is a security and bugfix maintenance release of the Spring 2006
26690 A potential HTML/JavaScript-injection vulnerability in a debugging script has
26691 been fixed. Only versions and configurations of PHP vulnerable to the $GLOBALS
26692 overwrite vulnerability are affected.
26694 As a workaround for existing installs, profileinfo.php may simply be deleted if
26695 it's not being used.
26697 * ([[mediazilla:5957|bug 5957]]) Updates to Hebrew translation (he)
26698 * Respect language directionality when displaying arrow in
26699 Special:Brokenredirects
26700 * ([[mediazilla:6415|bug 6415]]) Typo in Parser.php
26701 * Fixed potential XSS in profileinfo.php
26703 == MediaWiki 1.6.7 ==
26707 MediaWiki 1.6.7 is a security and bugfix maintenance release of the Spring 2006
26710 An HTML/JavaScript-injection vulnerability in the edit form has been closed.
26711 This vulnerability was new in 1.6.0; MediaWiki versions 1.5.x or earlier are
26714 Extensions, comments, and <nowiki><nowiki></nowiki> sections are now handled in
26715 a one-pass way which is more reliable and safer. Under earlier versions of
26716 MediaWiki, certain extensions could be abused to inject HTML/JavaScript into
26719 Additional precautions are made against offsite form submissions when the
26720 restricted raw HTML mode is enabled.
26722 Some small localization and user interface updates are also included.
26724 *([[MediaZilla:6051|bug 6051]]) Improvement to German localisation (de)
26725 *([[MediaZilla:6017|bug 6017]]) Update bookstore list for German language (de)
26726 *([[MediaZilla:6138|bug 6138]]) Minor grammar tweak in "loginreqlink"
26727 *([[MediaZilla:5957|bug 5957]]) Update for Hebrew language (he)
26728 *Increase robustness of parser placeholders; fixes some glitches when adjacent
26729 to identifier-ish constructs such as URLs.
26730 *([[MediaZilla:5384|bug 5384]]) Fix <nowiki><!-- comments --> in <ref></nowiki>
26732 *Nesting of different tag extensions and comments should now work more
26733 consistently and more safely. A cleaner, one-pass tag strip lets the 'outer'
26734 tag either take source (<nowiki><nowiki></nowiki>-style) or pass it down to
26735 further parsing (<nowiki><ref></nowiki>-style). There should no longer be
26736 surprise expansion of foreign extensions inside HTML output, or differences in
26737 behavior based on the order tags are loaded.
26738 *([[MediaZilla:885|bug 885]]) Pre-save transform no longer silently appends
26740 *Pre-save transform no longer changes the case of close tags
26741 *Edit security precautions in raw HTML mode, etc
26743 == MediaWiki 1.6.6 ==
26747 MediaWiki 1.6.6 is a security and bugfix maintenance release.
26749 An XSS injection vector in brace replacement has been fixed, as have some
26750 potential problems with table parsing. Upgrading is strongly recommended for
26751 all users of 1.6. MediaWiki versions 1.5 and earlier are not affected.
26753 Additionally some localization and user interface updates are included.
26755 * Correct "revertpage" message in English
26756 * ([[MediaZilla:5507|bug 5507]]) Logouttext now uses wiki markup
26757 * (bugs [[MediaZilla:5857|5857]], [[MediaZilla:5957|5957]]) Update for German
26759 * ([[MediaZilla:5586|bug 5586]]) <nowiki><gallery></nowiki> treated text as
26761 * ([[MediaZilla:5957|bug 5957]]) Update for Hebrew language (he)
26762 * ([[MediaZilla:6025|bug 6025]]) SpecialImport: wrong message when no file
26764 * ([[MediaZilla:6015|bug 6015]]) EditPage: add spacing in the boxes "edit is
26765 minor" and "watch this"
26766 * ([[MediaZilla:6018|bug 6018]]) Userrights: new message when no user specified
26767 ('nouserspecified')
26768 * ([[MediaZilla:6055|bug 6055]]) Fix for HTML/JS injection bug in variable
26769 handler (found by Nick Jenkins)
26770 * Reordered wiki table handling and <nowiki>__TOC__</nowiki> extraction in the
26771 parser to better handle some overlapping tag cases.
26772 * Only the first <nowiki>__TOC__</nowiki> is now turned into a TOC.
26773 * ([[MediaZilla:361|bug 361]]) URL in URL, they were almost fixed. Now they are.
26775 == MediaWiki 1.6.5 ==
26779 * Rolled back the buggy patch for [[MediaZilla:5497|bug 5497]].
26781 == MediaWiki 1.6.4 ==
26785 * Further improvements to Hebrew localisation
26786 * ([[MediaZilla:5544|bug 5544]]) Fix redirect arrow in Special:Listredirects
26787 for right-to-left languages
26788 * Replace "doubleredirectsarrow" with a content language check that picks the
26790 * Remove live debugging hack which caused errors with certain database names
26791 * ([[MediaZilla:5510|bug 5510]]) Warning produced when using
26792 <nowiki>{{SUBPAGENAME}}</nowiki> in some namespaces
26793 * ([[MediaZilla:5548|bug 5548]]) Improvements to Indonesian localisation
26794 [patch: Ivan Lanin]
26795 * ([[MediaZilla:5403|bug 5403]]) Fix Special:Newpages RSS/Atom feeds
26796 * ([[MediaZilla:3359|bug 3359]]) Add hooks on completion of file upload
26797 * ([[MediaZilla:5184|bug 5184]]) CSS misapplied to elements in
26798 Special:Allmessages due to conflicting anchor identifiers
26799 * ([[MediaZilla:5519|bug 5519]]) Allow sidebar cache to be disabled; disable it
26801 * Add $wgReservedUsernames configuration directive to block account creation/use
26802 * ([[MediaZilla:5576|bug 5576]]) Remove debugging hack in session check
26803 * ([[MediaZilla:5181|bug 5181]]) Update "nogomatch" for Slovak
26804 * ([[MediaZilla:5594|bug 5594]]) Id translation up to '# Login and logout
26806 * ([[MediaZilla:5536|bug 5536]]) Use content language for editing help link
26807 * Minor improvements to English language files
26808 * Improvements to German localisation files
26809 * ([[MediaZilla:5628|bug 5628]]) Translations for MessagesHr.php
26810 * (bugs [[MediaZilla:5595|5595]], [[MediaZilla:5644|5644]]) Localisation for
26811 Bosnian language (bs)
26812 * ([[MediaZilla:5592|bug 5592]]) Actions are logged with the default language
26813 for the wiki, not the language of the user performing the operation.
26814 * ([[MediaZilla:5646|bug 5646]]) Compare for identical types in wfElement()
26815 * Fix for concurrency problem in job queue (image description page invalidation)
26816 * ([[MediaZilla:5497|bug 5497]]) regeression in HTML normalization in 1.6
26817 (unclosed <nowiki><li>,<dd>,<dt></nowiki>)
26818 * ([[MediaZilla:5709|bug 5709]]) Allow customisation of separator for categories
26819 * ([[MediaZilla:4834|bug 4834]]) Fix XHTML output when using $wgMaxTocLevel
26820 * Improvements to update scripts; print out the version, check for superuser
26821 credentials before attempting a connection, and produce a friendlier error if
26822 the connection fails
26823 * ([[MediaZilla:5005|bug 5005]]): Fix XHTML <nowiki><gallery></nowiki> output.
26824 * ([[MediaZilla:5315|bug 5315]]) "Expires: -1" HTTP header made strictly valid
26826 * ([[MediaZilla:4825|bug 4825]]): note in DefaultSettings.php about 'profiling'
26828 * Remove unneeded extra whitespace at top of Special:Categories
26829 * Rewrite reassignEdits script to be more efficient; support optional updates
26830 to recent changes table; add reporting and silent modes
26831 * Updated initStats maintenance script
26832 * ([[MediaZilla:5723|bug 5723]]) Don't count pages linked to from the MediaWiki
26833 namespace as "wanted"
26834 * ([[MediaZilla:5789|bug 5789]]) Treat "loginreqpagetext" as wikitext
26835 * ([[MediaZilla:5796|bug 5796]]) We require MySQL >=4.0.14
26837 == MediaWiki 1.6.3 ==
26841 * Fix disappearing red-linked items in the watchlist editing view
26842 * ([[MediaZilla:5512|bug 5512]]) Spacing in "page has a history" deletion
26844 * ([[MediaZilla:5508|bug 5508]]) Switch ENGINE in table statements back to
26845 TYPE; fixes regression where some versions of MySQL 4.0.x wouldn't work
26846 * Added note about [[Manual:$wgUrlProtocols|$wgUrlProtocols]] format change
26848 == MediaWiki 1.6.2 ==
26852 * Further improvements to Hebrew localisation
26853 * Fix 'copyright' message for Romanian
26854 * ([[MediaZilla:5476|bug 5476]]) Invalid xhtml in German localization
26855 * ([[MediaZilla:5479|bug 5479]]) Id translation for preferences tabs caption
26856 * ([[MediaZilla:5493|bug 5493]]) Id translation for special pages
26857 * Additional path fixes in the updater
26858 * ([[MediaZilla:5344|bug 5344]]) Fix regression that broke slashes in extension
26861 == MediaWiki 1.6.1 ==
26865 Some minor issues in the 1.6.0 release have been corrected:
26866 * ([[MediaZilla:5458|bug 5458]]) Fix double-URL encoding in block log link in
26867 contribs and contribs link in block log
26868 * ([[MediaZilla:5462|bug 5462]]) Bogus missing patch warning in updater
26869 * ([[MediaZilla:5461|bug 5461]]) Use of deprecated "showhideminor" in
26870 Special:Recentchangeslinked
26871 * PHP warning when allow_call_time_pass_reference is off
26872 * Update to Finnish localization
26874 == MediaWiki 1.6.0 ==
26878 MediaWiki is now using a "continuous integration" development model with
26879 quarterly snapshot releases. The latest development code is always kept "ready
26880 to run", and in fact runs our own sites on Wikipedia.
26882 Release branches will continue to receive security updates for about a year
26883 from first release, but nonessential bugfixes and feature development will take
26884 place on the development trunk and will appear in the next quarterly release.
26886 Those wishing to use the latest code instead of a branch release can [[Download
26887 from SVN|obtain it from source control]].
26889 === What's new in 1.6 ===
26891 '''User interface:'''
26892 * The account creation form has been separated from the user login form.
26893 * Page protection/unprotection uses a new, expanded form
26896 * Categories and "what links here" now update as expected when adding or
26897 removing links in a template.
26898 * Template parameters can now have default values, as <nowiki>{{{name|default
26902 * Optional support for rasterizing SVG images to PNG for inline display
26905 * Feed generation upgraded to Atom 1.0
26906 * Diffs in RSS and Atom feeds are now colored for improved readability.
26909 * MySQL 3.23.x support dropped; 4.0 or later required
26910 * Experimental support for Unicode mode of MySQL 4.1/5.0 (moderately tested)
26911 * Experimental Oracle support (not well tested!)
26913 '''Anti-spam extension support:'''
26914 * [[meta:SpamBlacklist extension|SpamBlacklist extension]] now has support for
26916 * Support for a [[meta:ConfirmEdit extension|captcha extension]] to restrict
26917 automated spam edits.
26919 Numerous bug fixes and other behind-the-scenes changes have been made; see the
26920 file HISTORY for a complete change list.
26922 == Changes since 1.5 ==
26924 * (bug 2885) More PHP 5.1 fixes: skin, search, log, undelete
26927 * Use strval() to make sure we don't accidentally get null on bad revision
26928 text loads or other fields mucking up XML export output
26929 * Clean up duplicate code for selection of changeslist style
26930 * Correct blob caching to reduce redundant blob loads on backups
26931 * (bug 3182) Clear link cache during import to prevent memory leak
26932 * Fixed possible infinite loop in formatComment
26933 * Wrap message page insertions in a transaction to speed up installation
26934 * Avoid notice warning on edit with no User-Agent header
26935 * (bug 3649) Remove obsolete, broken moveCustomMessages script
26936 * Avoid numerous redundant latest-revision lookups in history
26937 * Require PHP 4.3.2 or higher strictly now.
26938 * Tweak infinite-template-handling loop for PHP 5.1.1 string handling change
26939 * Remove unused OutputPage::addCookie()
26940 * Fix for short_open_tag off again; please don't break this, guys
26941 * (bug 4507) Adjust FULLPAGENAMEE escaping to standard form
26942 * (bug 5302) Merge the two #p-search .pBody statements in monobook css.
26945 * Finally dropped MySQL 3.23.x support
26947 * (bug 3056) MySQL 3 compatibility fix: USE INDEX instead of FORCE INDEX
26948 * Update all stats fields on recount.sql
26949 * (bug 3227) Fix SQL injection introduced in experimental code
26950 * Fix table prefix usage in Block::enumBlocks
26951 * (bug 3448) Set page_len on undelete
26952 * (bug 3506) Avoid MySQL error when Listusers returns no results
26953 * Skip update of disused 'rc_cur_time' field (todo: discard the field)
26954 * (bug 3735) Fix to run under MySQL 5's strict mode
26955 * (bug 3786) Experimental support for MySQL 4.1/5.0 utf8 charset mode
26956 NOTE: Enabling this may break existing wikis, and still doesn't
26957 work for all Unicode characters due to MySQL limitations.
26958 * MySQL 5.0 strict mode fix for moving unwatched pages
26959 * Ability to set the table name for external storage servers
26960 * Update ipblocks table in MySQL 5 table defs
26961 * Removed FulltextStoplist.php, no longer used (was for MySQL 3.x workaround)
26962 * Added templatelinks table, to track template inclusions. User-visible effects
26964 * (inclusion) tag for inclusions in Special:Whatlinkshere
26965 * More accurate list of used templates on the edit page
26966 * More reliable cache invalidation when templates outside the template
26967 namespace are changed
26968 * Respect database prefix in dumpHTML.inc
26969 * Removed read-only check from Database::query()
26970 * Added externallinks table, to track links to arbitrary URLs
26971 * Added job table, for deferred processing of jobs. The immediate application is
26972 to complete the link table refresh operation when templates are changed.
26973 * Don't change the password of the MySQL root user.
26976 * (bug 3306) Document $wgLocalTZoffset
26979 (list not complete)
26980 * Move ArticleSave hook execution into Article insert/update functions,
26981 so they get called on non-EditPage actions that use these functions
26982 to create or update pages.
26983 * Added EditFilter hook, and output callback on EditPage::showEditForm()
26984 for a place to add in captcha-type extensions in the edit flow
26985 * (bug 3684) Fix typo in fatal error backtraces in Hooks.php
26986 * Fix for hook callbacks on objects containing no fields
26987 * Add a hook for additional user creation throttle / limiter extensions
26988 * Use $wgOut->parse() in wfGetSiteNotice() instead of creating a new parser
26989 instance. This allows use of extension hooks if required.
26990 * Added AutoAuthenticate hook for external User object suppliers
26991 * Added 'PageRenderingHash' hook for changing the parser cache hash key
26992 from an extension that changes rendering based on nonstandard options.
26993 * Add 'GetInternalURL' hook to match the GetFullURL and GetLocalURL ones
26994 * (bug 4456) Add hook for marking article patrolled
26995 * Add UserRights hook, fires after a user's group memberships are changed
26998 * Support SVG rendering with rsvg
26999 * Cap arbitrary SVG renders to given image size or $wgSVGMaxSize pixels wide
27000 * (bug 3127) Render large SVGs at image page size correctly
27001 * Fix scaling of non-integer SVG unit sizes
27002 * (bug 2800) Don't scale up small images on |thumb| without explicit size
27003 * Use the real file link instead of the default-size rasterized version for
27004 large SVG images on image description page
27005 * Include the file name/type/size line for non-resized images
27006 * (bug 3489) PHP 5.1 compat problem with captioned images
27007 * (bug 3643) Fix image page display of large images with resizing disabled
27008 * Added a limit to the size of image files which can be thumbnailed
27009 * (bug 3806) Gracefully fall back to client-side scaling on |thumb| image
27010 that passes $wgMaxImageArea
27011 * (bug 153) Adjust thumbnail size calculations to match consistently;
27012 patch by David Benbennick
27013 * (bug 4162) Add $wgThumbnailEpoch timestamp to force old thumbs to
27014 be rerendered on demand, sitewide
27015 * (bug 1850) Additional fixes so existing local and remote images
27016 get a blue link even if there's no local description page
27017 * Avoid FATAL ERROR when creating thumbnail of non-existing image
27018 * (bug 4207) Wrong image size when using 100x200px syntax to scale image up
27019 patch by David Benbennick
27020 * Don't delete thumbnails when refreshing exif metadata. This caused thumbs
27021 to vanish mysteriously from time to time for files that didn't have metadata.
27022 * (bug 4426) Add link to user_talk page on image pages
27023 * Support a custom convert command for thumbnailing. See DefaultSettings.php
27024 and the comments for $wgCustomConvertCommand, for more information.
27025 * UserCan hook now allows advisory return values, rather than mandatory ones.
27028 * (bug 3782) Throw fatal installation warning if mbstring.func_overload on.
27029 Why do people invent these crazy options that change language semantics?
27030 * Fixed installer bugs 921 and 3914 (issues with using root and so forth)
27031 * (bug 4258) Use ugly urls for ISAPI by default
27032 patch by Rob Church
27033 * Improve installer
27034 * Use a superuser account (such as root), if specifed, to create tables
27035 * Don't overwrite conservative permissions on the mySQL user with ALL
27036 permissions, if said user exists
27037 * Changes to some of the wording of explanations for fields
27038 * (bug 1734) granting db permissions failed with db usernames containg '-'
27039 * Add basic check for session support in PHP and die if not present
27042 * Fix problem reported on mailing list where re-initialising stats didn't work
27043 (can't insert duplicate rows with the same id field)
27044 * Added --conf option to command line scripts, allowing the user to specify a
27045 different LocalSettings.php.
27046 * Maintenance script to delete unused text records
27047 * Maintenance script to delete non-current revisions
27048 * Maintenance script to wipe a page and all revisions from the database
27049 * Maintenance script to reassign edits from one user to another
27050 * Maintenance script to find and remove links to a given domain
27052 * Fix --report interval option for dumpTextPass
27055 * Partial support for Basque language (from wikipedia and meta)
27056 * (bug 3141) Partial support for Breton language (thanks Fulup).
27057 * Support for venitian language
27058 * (bug 1334) LanguageGa.php update
27059 * Finnish date format was hardcoded, now implemented properly
27060 * (bug 3190) Added some date format choices for language sr
27061 * (bug 2753) Some namespaces were not translated in LanguageTa.php (Tamil)
27062 * (bug 3204) Fix typo breaking special pages in fy localization
27063 * (bug 3177) Estonian date formats not implemented in LanguageEt.php
27064 * (bug 1020) Changing user interface language does not work immediately
27065 * (bug 3271) Updated LanguageNn.php for HEAD
27066 * Experimental feature to allow translation of block expiry times
27067 Implementation only for Finnish currently
27068 * (bug 3304) Language file for Croatian (LanguageHr.php)
27069 * (bug 2143) Update Vietnamese interface
27070 * (bug 3063) Remove some hardcodings from Hebrew localisation
27071 * (bug 3408) Bulgarian formatNum corrected
27072 * (bug 1512) Disable x-code interp on Esperanto URLs for now, it does more
27073 harm than good under current system by breaking incoming URLs with "ux".
27074 (Editing is not affected, just URLs.)
27075 * (bug 1423) LanguageJa.php update
27076 * Fix language name for dv
27077 * (bug 3503) Update LanguageSq.php from sq.wikipedia.org messages
27078 * (bug 3629) Fix date & time format for Frisian
27079 * (bug 3334) Namespace changes for Polish
27080 * (bug 3580) Change default Dutch language file to more neutral
27081 * (bug 3656) LanguageHr.php - added convertPlural
27082 * (bug 3414) LanguageBe.php - added convertPlural
27083 * (bug 3163) Full translation of LanguageBr
27084 * (bug 3617) Update for portuguese language (pt)
27085 * Namespaces hacks on LanguagePl
27086 * (bug 3682) LanguageSr.php - added convertPlural
27087 * (bug 3694) LanguageTr.php update
27088 * (bug 3711) Removed invisible unicode characters from LanguageHu
27089 * (bug 2981) Linktrail for Tamil (ta)
27090 * (bug 3722) Update of Arabic language (ar) Namespace changes
27091 * Removed hardcoded Norwegian (no) project namespaces
27092 * (bug 2324) image for redirects should be without text and oriented according
27093 to content language
27094 * (bug 3666) Don't spew PHP warnings in prefs on unrecognized site language
27095 * (bug 3817) Use localized date formats in preferences; 'no preference' option
27096 localizable as 'datedefault' message. Tweaked lots of languages files...
27097 * (bug 2721) Regression: Use European number separators for vi: wikis
27098 * (bug 3961) minor languageDe changes
27099 * (bug 1984) LanguageKo.php (Korean) update
27100 * (bug 3804) update of LanguageWa.php file
27101 * (bug 3886) Update for Portuguese language (pt)
27102 * (bug 4020) Update namespaces for ms
27103 * (bug 3922) bidi embedding overrides on category links
27104 * (bug 4061) Update of Slovene namespace names (LanguageSl.php)
27105 * (bug 4064) LanguageDe comma changes
27106 * (bug 3922) Further tweaks to bidi overrides in category list for old
27107 versions of Safari and Konqueror
27108 * Fix custom namespaces on wikis set for Portuguese
27109 * (bug 4153) Fix block length localizations in Greek
27110 * (bug 3844) ab: av: ba: ce: & kv: now inherit from LanguageRu.php
27111 ii: & za: now inherit from LanguageZn_cn.php
27112 * (bug 4165) Correct validation for user language selection (data taint)
27113 * (bug 4192) Remove silly 'The Free Encyclopedia' default sitesubtitle
27114 * Use content-lang for sitenotice
27115 * (bug 4233) Update LanguageJa.php
27116 * (bug 4279) Small correction to LanguageDa.php
27117 * (bug 4108, 4336) Remove trailing whitespace from various messages, which
27118 mucks up message updating to create dupe entries
27119 * (bug 4389) Fix math options on zh-hk and zh-tw (but not localized)
27120 * (bug 4392) Update of LanguageSr.php
27121 * (bug 4382) Frisian numeric format
27122 * (bug 4424) Update for Spanish language (es) 100% messages translated
27123 * (bug 4425) Typos in Polish translation
27124 * (bug 4436) Update for Turkish language (tr)
27125 * (bug 4413) Update of Farsi language file (LanguageFa.php)
27126 * Update for LanguageSr (Serbian): magic words
27127 * (bug 137) MediaWiki:Copyrightwarning hardcoding
27128 * (bug 4457) Update for Portuguese language (pt)
27129 * convertPlural breakage fixed a little
27130 * (bug 4144) Support for Sudanese language (Basa Sunda)
27132 - Removed obsolote, badly or untranslated messages
27133 - Removed references to wikipedia/wikimedia etc in messages
27134 - Other cleanup, like removing html and javascript and extension calls
27135 - Removed hardcoded namespaces: Tt, Ms, Ia, Ga, Fo, Bn, Csb, He, Nv, Oc, Tlh
27136 - Removed some useless backwards compatibility hacks
27137 - Fixed formatnum on many languages
27138 * wgAmericanDates check produced incorrect results in languages that don't have
27140 * (bug 4548) Update for Portuguese language (pt): time format
27141 * (bug 4530) Use consistent name for Kurdish
27142 * Tweak default "upload disabled" text
27143 * (bug 4504) Use site language for namespace name resolution
27144 * (bug 4510) Correct Barnes & Noble bookstore URLs
27145 * (bug 3991) Allow the operation of wikicode on Protect move only text
27146 * (bug 4267) Switch dv sd ug ks arc languages to RTL
27147 * Default main page content improved per bug 4690
27148 * (bug 4615) Update for Portuguese language (pt)
27149 * Separated MessagesSl.php as the other languages.
27150 * (bug 4960) Add additional namespaces variants to Yiddish for compatibility
27151 * (bug 4805) Removed more wikipedia-references from MessagesUk.php
27152 * (bug 5015) Update magic words translation in LanguageBe.php
27153 * (bug 4859) Update for Portuguese messages (pt)
27154 * (bug 4788) One string for MessagesPl
27155 * Restriction types now use restriction-* messages instead of ui messages
27156 * (bug 4685) Slovenian LanguageSl.php hardcodes project namespace
27157 * (bug 5097) Fix Hungarian language (hu): thousands separator
27158 * (bug 5098) Update for Portuguese messages (pt)
27159 * (bug 5113) Spelling error in French language file
27160 * (bug 5105) Magic words for LanguageAr.php
27161 * (bug 3993) Variants for Serbian language
27162 * Typo in English messages file
27163 * (bug 4114) Spacing in watchlist rows (in editing mode)
27164 * Update default "exporttext" to reflect that Special:Import exists
27165 * (bug 4960) Add additional namespaces variants to Yi projects: Yiddish Wikinews
27167 * (bug 5357) Add the icon near the user name also in RTL interfaces
27168 * (bug 5156) Update for Hebrew language (he)
27169 * (bug 4497,4704,5010) Added some new language codes.
27170 * (bug 5362) Piedmontese added
27171 * (bug 5349) Update for Portuguese messages (pt)
27172 * (bug 3573) Finished full Greek translation: namespaces
27173 * (bug 5288) Initial localisation for Az
27174 * (bug 4361) Fix "allmessagesnotsupportedui" so it doesn't refer to nonexisting
27176 * Tweak wording of "allmessagesnotsupporteddb"
27179 * (bug 2522) {{CURRENTDAY2}} now shows the current day number with two digits
27180 * (bug 3210) Fix Media: links with remote image URL path
27181 * (bug 3405) Don't use raw letters as aliases of MSGNW: and SUBST:
27182 * (bug 3412) Clean up date format handling so ~~~~-sigs work with default
27183 format as designed. Documentation comments updated.
27184 * Fix Parser::unstrip on PHP 5.1.0RC4
27185 * (bug 3797) Don't expand variables and sigs in comments
27186 * Allow parser cache on redirect targets
27187 * Run wikitext-escaping on plaintext sigs (no wiki markup, just name)
27188 * Check for unbalanced HTML tags on raw sigs (markup allowed, but show
27189 a warning in prefs and use default sig if not balanced)
27190 * Respect <noinclude> and <includeonly> during {{subst:}} expansion as well as
27191 ordinary templates.
27192 * Support <includeonly> in templates loaded through preload= parameter
27193 * (bug 3979) Save correct {{REVISIONID}} into parser cache on edit
27194 * Substitute {{REVISIONID}} correctly in diff display
27195 * (bug 1850) Allow red-links on image pages linked with [[:image:foo]]
27196 * Fix XML validity checks in parser tests on PHP 5.1
27197 * (bug 4377) "[" is not valid in URLs
27198 * (bug 4453) fix for __TOC__ dollar-number breakage
27199 * Convert unnecessary URL escape codes in external links to their equivalent
27200 character before doing anything with them. This prevents certain kinds of
27201 spam filter evasion.
27202 * (bug 4783) : Fix for "{{ns:0}} does not render"
27203 * Improved support for interwiki transclusion
27204 * (bug 1850) Image link to nonexistent file fixed.
27205 * (bug 5167) Add {{SUBPAGENAME}} and {{SUBPAGENAMEE}} variables
27206 * (bug 4949) Missing : in "addedwatchtext" for English and Spanish
27207 * Allow user-defined functions, which work in a similar way to {{GRAMMAR:}}
27208 etc. Registered via an interface similar to tag hooks.
27211 * (bug 2527) Always set destination filename when new file is selected
27212 * (bug 3076) Support MacBinary-encoded uploads from IE/Mac
27213 * (bug 2554) Tell users they are uploading too large file
27214 * Support for a license selection box on Special:Upload, configurable from
27216 * Add 'reupload' and 'reupload-shared' permission keys to restrict new uploads
27217 overwriting existing files; default is the old behavior (allowed).
27220 * (bug 3244) Fix remote image loading hack, JavaScript injection on MSIE
27221 * (bug 3280) Respect 'move' group permission on page moves
27222 * (bug 2613) Clear saved passwords from the form
27223 * IP privacy fix for blocklist search on autoblocks
27224 * Security fix for <math>
27225 * Security fix for tables
27226 * Security fix for Special:Upload license selection list
27227 * Add UploadVerification hook for custom file upload validation/security checks
27228 * Blacklist additional MSIE CSS safety tricks
27229 * Fix meta robots tag on Special:Version again to avoid listing vulnerable
27230 versions for convenient harvesting by automated worms
27231 * Sanitizer CSS comment processing order fix
27232 * Forbid usernames that can be interpreted as titles with namespaces, as that
27233 leads to hard-to-manage names.
27234 * (bug 4071) Generate passwords long enough for $wgMinimalPasswordLength
27235 * Add createpage and createtalk permission keys, allowing a quick
27236 switch to disable page creation for anonymous users.
27237 * (bug 675) Add page protection level for unregistered/new accounts
27238 * User::isNewbie now uses the registration date and $wgAutoconfirmAge
27239 * Add 'deletedhistory' permission key for ability to view deleted history
27240 list via Special:Undelete. Default is off, replicating the 1.5 behavior,
27241 but it can be turned back on for random users to replicate the previous
27243 * Set cookies to secure mode based on use of HTTPS or $wgCookieSecure
27244 * (bug 4371) Disallow tilde character in signatures
27245 * Removed broken wgAllowAnonymousMinor and added new group right minoredit
27246 * Added detection for WMF files (application/x-msmetafile), added this
27247 MIME type to the default blacklist. Prevented inline display of images
27248 which are not of known image types. This is in response to
27249 https://en.wikipedia.org/wiki/Windows_Metafile_vulnerability
27250 * Blocked users can no longer roll back, change the protection of, or
27251 delete/undelete pages
27252 * Protect against spoofing of X-Forwarded-For header
27253 * XSS issue : now sanitize search query input (fixed in 1.5rc3)
27254 * Remove deprecated $wgOnlySysopsCanPatrol references; use
27255 User::isAllowed( 'patrol' )
27256 per bug 5282. Patch by Alan Harder.
27257 * Prevent registration/login with the username "MediaWiki default"
27260 * Rearranged Special:Movepage form to reduce confusion between destination
27261 title and reason input boxes
27262 * (bug 1956) Hide bot uploads from Special:Newimages
27263 * (bug 3220) Fix escaping of block URLs in Recentchanges
27264 * (bug 3284) Ipblocklist paging, substring search
27265 * Allow filtering of robot edits in Special:Watchlist by setting
27266 $wgFilterRobotsWL = true.
27267 * Fix interlanguage links on special pages when extra namespaces configured
27268 * (bug 3475) anon contrib links on Special:Newpages
27269 * Special:Import/importDump fixes: report XML parse errors, accept <minor/>
27270 * (bug 2369) Add separate message for input box on Special:Prefixindex
27271 * (bug 3798) DoubleRedirects no longer has hard coded arrows
27272 * (bug 3803) Fix links on Special:Wantedcategories with miser mode off
27273 * Fix Special:BrokenRedirects on MySQL 5.0
27274 * (bug 3807) Fix 'all' in namespaces drop-down on contribs, rc
27275 * Fail gracefully on invalid namespace in Special:Newpages
27276 * (bug 3762) Define missing Special:Import UI messages
27277 * (bug 3761) Avoid deprecation warnings in Special:Import
27278 * (bug 2894) Enhanced Recent Changes link fixes
27279 * (bug 4059) fix 'hide minor edits' on Recentchangeslinked
27280 * (bug 146) List number of category members in Special:Categories
27281 (patch by Joel Nothman)
27282 * (bug 4090) Fix diff links in Special:Recentchangeslinked
27283 * (bug 4093) '&bot=1' in Special:Contributions now propagate to other links
27284 * Fix display of old recentchanges records for page moves
27285 * (bug 360) Let Whatlinkshere track [[:image:foo]] links
27286 * (bug 3073) Keep search parameter on paging in Special:Newimages
27287 * Removed Special:Validate, it's been superseded by the Review extension
27288 * (bug 4359) red [[user:#id]] links generated in [[special:Log]]
27289 * (bug 1996) Special page to list redirects
27290 * (bug 4334) Add "watch" links to Special:Unwatchedpages
27291 * Generate target user page links in Special:Ipblocklist where appropriate
27292 (i.e. not an autoblock)
27293 * Generate link to talk page of the blocker in Special:Ipblocklist, move
27294 contribs. link of the target next to their name
27295 * (bug 2714) Backlink from special:whatlinkshere was hard set as 'existing'
27296 * Move parentheses out of <a> link in Special:Contributions
27297 * (bug 3192): properly check 'limit' parameter on Special:Contributions
27298 * (bug 3187) watchlist text refer to unexistent "Stop watching" action
27299 * Add block, block log and general log links to Special:Contributions
27300 * Add contributions link to block log items
27301 * Added optional "hide own edits" feature to Special:Recentchanges
27302 * (bug 5018) Anchors for each message in Special:Allmessages
27303 * Introduce $wgWantedPagesThreshold per bug 5011; Special:Wantedpages will not
27304 list pages with less than this number of links. Defaults to 1.
27305 * (bug 4319) Don't show a "create account" link on the login form when
27306 account creation is disabled.
27307 * JavaScript filter for Special:Allmessages
27308 * (bug 3047) Don't mention talk pages on Special:Movepage when there isn't one
27309 * Show links to user page, talk page and contributions page on Special:Newpages
27310 * Special:Export can now export a list of all contributors to an article (off by
27312 * (bug 5372) Add number of files to Special:Statistics
27313 * (bug 2871) Links to talk pages in watchlist editing view
27314 * (bug 5385) Allow hiding anonymous edits on Special:Recentchanges
27315 * (bug 2544) Illogical error reporting order in Special:Userlogin
27316 * (bug 5409) Hide "show/hide patrolled edits" in Special:Recentchanges if
27317 patrolling is disabled
27318 * (bug 5447) Convert first letter of username to uppercase before searching in
27320 * (bug 759) Wrap redirects on the watchlist editing page in a span, class
27322 * (bug 1862) Namespace filtering in watchlists
27325 * PHP 4.1 compatibility fix: don't use new_link parameter to mysql_connect
27326 if running prior to 4.2.0 as it causes the call to fail
27327 * (bug 3117) Fix display of upload size and type with tidy on
27328 * (bug 2323) Remove "last" tabindex from history page
27329 * (bug 3116) Division by zero on [[Image:Foo.png|123x123px|]]
27330 * Fix display of read-only lockfile message
27331 * Include software-visible client IP address in Special:Version comment
27332 as a proxy debugging aid
27333 * (bug 3170) Page Title failed to obey MediaWiki:Pagetitle.
27334 wikititlesuffix was removed
27335 * Add ability to break off certain debug topics into additional log files;
27336 use $wgDebugLogGroups to configure and wfDebugLog() to log.
27337 * Edit conflict on recreation of deleted page
27338 * (bug 3216) Don't show empty warning page when no warnings.
27339 * (bug 3218) Use proper quoting on history Compare Revisions button
27340 * Fix upgrade from 1.4 due to version number check breakage [for rc future]
27341 * Fix upgrade from 1.4 with no old revisions
27342 * Remove "info" editing toolbar that was shown in browsers which do not
27343 fully support the editing toolbar, but was found to be too confusing.
27344 * Don't override edit conflict suppression on section edits; section merging
27345 should provide the expected transparency here and fits usage patterns better.
27346 * (bug 3292) Fix move-over-redirect test when current entries are not plaintext
27347 * (bug 2078) Don't hide watch tab on preview
27348 * Fix regressions in ChangesList traditional layout
27349 * Fix edit on double-click for move-protected pages in Classic skin
27350 * (bug 3485) Fix bogus warning about filename capitalization when off
27351 * (bug 2570) Add 'watch this page' checkbox on uploads, watch uploads
27352 by default when 'watchdefault' option is on
27353 * Add options to dumpBackup.php for making split/partial dumps by page id
27354 * Added filter options, compression piping, and multiple output streams for
27356 * (bug 3595) Warn and abort if importDump.php called in read-only mode.
27357 * (bug 3598) Update message cache on message page deletion, patch by Tietew
27358 * Added separate noarticletext and newarticletext messages for logged in and
27360 * (bug 3332) Installation now uses Monobook, validates, plus usability
27362 * (bug 3660) Update diff3 detection to work with Windows/Cygwin
27363 * (bug 2330) Don't do funny thinks with "links" in MediaWiki:Undeletedtext
27364 * Two-pass data dump for friendliness to the DB (--stub, then dumpTextPass.php)
27365 * Data dump 'prefetch' mode to read normalized text from a prior dump
27366 (requires PHP 5, XMLReader extension)
27367 * (bug 2773) Print style sheet no longer overrides RTL text direction
27368 * (bug 2938) Update MediaWiki:Exporttext to be more general
27370 * Fix wfMsg*() replacements; args containing literal $[2-9] were wiped
27371 * Added @import for [[MediaWiki:Common.css]] to all skins
27372 * Edit box now remembers scrollbar position on preview
27373 * (bug 3816) Throw edit conflict instead of fatal error when a page is
27374 moved or deleted during section edit
27375 * (bug 3771) Handle internal functions in backtrace in wfAbruptExit()
27376 * (bug 3291) 'last' diff link for last history line when not at end
27377 * (bug 3667) Add missing global in page move code
27378 * (bug 2885) Remove unnecessary reference parameter which broke classic skin
27379 talk notification on PHP 5.0.5
27380 * (bug 3852) "Redirected from" link no longer obscured on double-redirects
27381 * changed directory hierarchy in images/math/. System upgrades from old to
27382 new hierarchy on the fly.
27383 * (bug 3487) Fix category edit preview with preview-on-bottom
27384 * (bug 918) Search index incorrectly joined words at == headings ==
27385 * (bug 3877) Render math images into temp directory, then move to hashed
27386 subdir so you can render new math images and have them work
27387 * (bug 2392) Fix Atom items content type, upgrade to Atom 1.0
27388 * Allow $wgFeedCacheTimeout of 0 to disable feed caching
27389 * Fix WebRequest::getRequestURL() to strip off the host bits squid prepends
27390 * Require POST for action=purge, to stop bots from purging the cache
27391 * Added local message cache feature ($wgLocalMessageCache), to reduce bandwidth
27392 requirements to the memcached server.
27393 * (bug 3562) for go search, try Caps-Variants-Broken-At-Non-Whitespace
27394 * (bug 2569) Use PATH_SEPARATOR instead of trying to guess based on
27395 DIRECTORY_SEPARATOR (was wrong on NetWare)
27396 * (bug 2740) Accept image deletions on 'enter' submit from MSIE
27397 * (bug 3939) Don't try to load text for interwiki redirect target
27398 * (bug 3948) Avoid notice warning in debug statement in bad search
27399 * Recognize Special:Search consistently so read whitelist works
27400 * (bug 3999) Change atom 1.0 feed id; had been unnecessarily complex due to
27401 unclear language in the spec. Now using the URL, same as the permalink,
27402 which someone else will probably whine about because it's not 'perma'
27403 enough or something.
27404 * (bug 4014) Fix include mode for Allpages on small page sets
27405 * (bug 3996) Fix text for new entries in RC RSS/Atom feed
27406 * (bug 3065) Update both watched namespaces when renaming pages
27407 * Changed mail form to have a bigger message entry box (like for editing
27409 * Fix ulimit parameters for wfShellExec when memory_limit is specified in 'm'
27410 * (bug 2111) Collapsable exif metadata table, clean up display
27411 * Reduce fractions in display of exif exposure time
27412 * (bug 4048) Optional footer link to site privacy policy
27413 * Don't die() when update.php reaches the end of the warning count
27414 * (bug 1915) Fix edit links when 'direction' used with 'oldid';
27415 using revision ID reported via OutputPage; Skin::editUrlOptions()
27416 * Remove obsolete 'redirect=no' on some edit links
27417 * Include oldid for the second revision on edit link on diff view
27418 * (bug 4035) Fix prev/next revision links on edit page
27419 * (bug 4100, 3049) Add 'edittools' message to hold edit tools, put it
27420 on Special:Upload as well as edit, rearrange edit page pieces a bit.
27421 Copyright warning now above the buttons to ensure it's visible,
27422 template list at the bottom so it can grow.
27423 * Optional summary parameter to action=rollback, for user javascript
27424 * (bug 4167) Fix regression caused by patch for bug 153
27425 * (bug 4169) Use $wgLegalTitleChars in pipe trick conversions
27426 * (bug 4170) Decode HTML character escapes in sort key
27427 * (bug 4201) Fix user-talk mode for Enotif, and general code cleanup
27428 * (bug 4214) Skip redundant action text inserts into the HTML <title>
27429 * (bug 4212) Skip redundant meta-robots tag for default settings
27430 * Fix regression: old version missing from edit links in Nostalgia skin
27431 * (bug 1600) Trigger edit conflict on duplicate section=new submissions
27432 * (bug 4001) Use local variables properly in wikibits.js akeytt()
27433 * Fix regression: old version missing from edit links on CSS/JS pages
27434 * (bug 3211) Include Date, To mail headers when using PEAR::Mail
27435 * (bug 3407) Fix encoding of subject and from/to headers on notification
27436 mails; userMailer() now takes a MailAddress wrapper object instead of
27437 a raw string to abstract things a level.
27438 * Fixed --server override on dumpTextPass.php
27439 * Added plugin interface for dumpBackup, so additional filters and output
27440 sink types can be registered at runtime from an extension
27441 * (bug 349) Fix for some numeric differences not being highlighted
27442 patch by Andrius Ramanauskas
27443 * (bug 4298) Include rc_id on enhanced RC singleton diff links for patrolling
27444 * Did some refactoring on ChangesList.php merging dupe code
27445 * (bug 1586) Fix interwiki generator for wikimedia obscure domains
27446 * (bug 3493) Mark edits patrolled when they are reverted
27447 patch by Leon Planken
27448 * Removed experimental Amethyst skin from default set
27449 * Upgrade old skin preferences properly at Special:Preferences
27450 (used to spontaneously switch to Classic skin for old numeric pref records)
27451 * (bug 3424) Update page_touched for category members on category page creation
27452 * Log views show message when no matches
27453 * Fix raw sitenotice display on database error
27454 * Fix autoconfirm check for old accounts
27455 * (bug 4368) Don't show useless empty preview on new section creation
27456 * Don't show useless empty preview on new page creation
27457 * (bug 4411) Fix messages diff link for classic skin
27458 * (bug 4385) Separate parser cache entries for non-editing users, so section
27459 edit links don't vanish / appear unwanted on protected pages
27460 * (bug 2726, 3397) Fix [[Special:]] and [[:Image]] links in action=render
27461 * (bug 4419) Remove obsolete magnify.png.old
27462 * Removed $wgUseCategoryMagic option, categories are now enabled unconditionally
27463 * (bug 3318) UI workarounds for disabled items in license selector
27464 MSIE/Win: items now grayed out, JS will revert to 'non selected' if clicked
27465 Safari: JS will revert to 'non selected' if clicked (but not gray)
27466 MSIE/Mac: indented items now visible (JS hack)
27467 * (bug 714) "plainlinks" class issues in IE, Opera
27468 * (bug 4317) Inconsistent "broken redirects" messages
27469 * Default interface text for "selflinks" tweaked
27470 * (bug 3194) default implementation of translateBlockExpiry
27471 which uses ipboptions
27472 * (bug 4446) $wgExportAllowHistory option to explicitly disable history in
27473 Special:Export form, 'exportnohistory' message to translate live hack.
27474 * Maintenance script to delete unused user accounts
27475 * (bug 912) Search box easier to reach in text browsers (lynx, links)
27476 * $wgParserCacheExpireTime added
27477 * Skip loading of RecentChange.php except where needed
27478 * Enforce $wgSVGMaxSize when rendering, even for SVGs with a very large source
27479 size. This is necessary to limit server memory usage.
27480 * Cleanup and error checking on Special:Listredirects
27481 * Clear up some instances of old OutputPage::sysopRequired() function usage
27482 * Improve "upload disabled" notice
27483 * Move parts of index.php to include/Wiki.php in an attempt to both cleanup
27484 index.php and create a MediaWiki-class mediaWiki base object
27485 * (bug 4104) Added OutputPageBeforeHTML hook for tweaking primary wiki output
27486 HTML on final output (cached or not)
27487 * Avoid PHP notice on command-line scripts if empty argument is passed ('')
27488 * (bug 4571) Partial fix hack for {{fulllurl:}} in action=render
27489 * (bug 3502) Bowtie symbol for TeX
27490 * (bug 4000) Support for \textstyle et al. in <math>
27491 * (bug 1663) support color in TeX formulas
27492 * (bug 2026) missing glue around \not= (TeX)
27493 * (bug 4576) Missing '>' broke license selector's first option in IE, Opera
27494 * Override $wgLocaltimezone in parser tests for us outside Iceland and UK
27495 * Fix extra whitespace at end of Wiki.php, DESTROYS XML OUTPUT
27496 * Remove redundant 'echo' statements from MonoBook.php
27497 * (bug 1103) Fix up redirect handling for images, categories
27498 Redirects are now followed from the top-level, outside of the Article
27499 content loading and viewing, for clarity and consistency.
27500 * (bug 4104) 'OutputPageBeforeHTML' hook to postprocess article HTML on
27501 page view (comes after parser cache, if used). Patch by ThomasV.
27502 * Linker::formatComment corrupted the passed title object on PHP 5
27503 if the comment included a section link. Use clone() to make a safe copy.
27504 * Add wfClone() wrapper since we're still using PHP 4 on some servers.
27505 * Remove obsolete killthread.php
27506 * Added wfDie() wrapper, and some manual die(-1), to force the return code
27507 to the shell to return nonzero when we crap out with an error.
27508 * Allow input of the stub from a compressed file instead of stdin
27509 for dumpTextPass.php; easier to get errors back on the shell
27510 * Added an attractive space on the namespace selector on contribs
27511 * Move PHP 5-friendly XHTML doctype hack to Sanitizer, use for sig checks.
27512 Fixes use of named entities in sigs on PHP 5
27513 * (bug 4482) Include move comment on the null edit as well as the redirect
27514 * (bug 3990) Use existing session name if session.auto_start is on
27515 Fixes checks for open sessions, such as the cookie warning on login.
27516 Patch by Zbigniew Braniecki.
27517 * Add cache-safe alternate sitenotice for anonymous users.
27518 (MediaWiki:Anonnotice) This is displayed instead of the regular sitenotice,
27519 if it exists. If not, the regular sitenotice shows. If that doesn't exist,
27520 the value of $wgSiteNotice is used, and if that's null, then nothing is shown.
27521 * Spit the generated LocalSettings code out during the installer as an aid
27522 to debugging issues. (Keep this?)
27523 * Use __FILE__ to form path in new LocalSettings.php, so it stays accurate
27524 when the directory is relocated for typical usage.
27525 * Auto-update $wgCacheEpoch when LocalSettings.php changes on new installs.
27526 For typical usage this will be a light burden and should reduce confusion
27527 when the configuration is edited.
27528 * Fix $wgCacheEpoch's effect on client-side caching.
27529 * (bug 1122) gray out 'older revision' when viewing first article revision.
27530 * Clearer message in DefaultSettings.php: edit LocalSettings.php instead
27531 * MonoBook skin top link id changed from "contentTop" to "top" (shared with
27533 * (bug 3350) Missing label for move talk page checkbox.
27534 * (bug 2108) Sort entries when using category browser
27535 * (bug 2393) Fix MIME type for Atom feeds ( application/rss+atom )
27536 * Add ".deps.php" include-file preloaders for some dynamically-loaded
27537 language and skin classes. Should help with the broken base-class
27538 problem under PHP 5 with APC as opcode cache. See details:
27539 https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/4NVSC4LAZX6ACO77QVLRQYAWULAJCKJ2/
27540 * Small changes to tabs in Monobook skin c/o Chris Ware
27541 * (bug 4679) Work around buggy basename() function in PHP5, which breaks
27542 uploads of files starting with multibyte characters on Linux.
27543 wfBaseName() doesn't suffer this bug, and understands backslash on
27544 both Unix and Windows.
27545 * (bug 3603) headscripts variable not hooked up to MonoBook skin
27546 * Allow local cdb-based interwiki cache
27547 * Use the "block", not the "protect" permission, when determining whether to
27548 show a "block user" link in the toolbox
27549 * Fix backup dump text prefetch for XMLReader constant changes in PHP 5.1
27550 * Suppress useless percentage indicator on output from 7za during dumps
27551 * (bug 4633) Add (previous 200) (next 200) also above catlinks
27552 * (bug 4686) Fix regression where ?diff=0&oldid=0 caused fatal error on
27553 pages with only one revision. Fixes message diff link on first edit.
27554 * Fix dependence on hardcoded UNIQ_PREFIX in LanguageConverter.php
27555 * Do not check lag on external storage servers
27556 * Do not tidy interface messages (unless full tidy is set)
27557 * Do not trust equality propagation and give more hints to MySQL
27558 optimizer for revision fetches (avoids index scans)
27559 * Use revision rate for ETA in dump generation; it tends to be more stable
27560 than the per-page count for full-history dumps.
27561 * Include timestamp in wfDebugLog breakouts
27562 * (bug 4469) Namespace-specific notice to be displayed below site-notice
27563 Edit messages like "MediaWiki:Namespacenotice-" plus namespace name
27564 which is blank for main namespace, or like e.g. "User_talk"
27565 * Adjust user login/creation form hooks to work with a captcha plugin
27566 * (bug 1284) Inline styles for diffs in Recent Changes RSS/Atom feeds
27567 * (bug 4824) IE7 beta 2 broke compatibility with PNG logo workarounds,
27568 and seems to work ok with other bits. No longer including the IE
27569 workarounds JavaScript for IE 7 and above.
27570 * Fix extra namespace for Bulgarian
27571 * (bug 4303) Add $wgFavicon to change the shorticon icon link from
27572 the default /favicon.ico or disable it (if set to false)
27573 * (bug 3347) strip linebreaks in math error source
27574 * (bug 4841) Warning for non-logged-in edits
27575 * (bug 4867) Leave invalid EXIF date fields unformatted instead of
27576 showing a bogus current timestamp
27577 * Reset $wgActionPaths during parser test; corrects some false failures
27578 in the automated test report.
27579 * (bug 4875) Define a div containing the shared image description
27580 * (bug 4860) Expose Title->userCan() as Hooks
27581 * (bug 4828) Fix genitive month-name variable for cs, pl, uk
27582 * (bug 4842) Fix 'show number of watching users' with enhanced RC
27583 * (bug 4889) Fix image talk namespace for Tamil
27584 * (bug 4147) Added cleanupWatchlist.php to clear out bogus watchlist entries
27585 * (partial bug 3456) Disable auto redirect to Main Page after account creation
27586 * (bug 4824) Separate out IE7 CSS compat hacks, fix for RTL pages
27587 * Added support for wikidiff2 and similar external diff engines.
27588 * Allow cookies to be shared between multiple wikis with a shared user database
27589 * Blocking some Unicode whitespace characters in usernames. Should check
27590 if some or all should be blocked from all page titles.
27591 * Unknown log types no longer throw notices everywhere in RecentChanges
27592 * (bug 4502, 5017) Don't render potentially hostile deleted page contents
27593 on Special:Undelete by default; show source, with an optional preview.
27594 The revisions list no longer shows the latest text by default, so it can
27595 still be operated if the text is hostile.
27596 * (bug 5013) Check for existence on "return to" links
27597 * Removed trailing whitespace on a bunch more messages.
27598 * Fix missing bad title check in Special:Booksources
27599 * Remove empty booksources string in fy
27600 * Avoid corrupting <gallery> inside <!-- comment -->
27601 * Remove legacy PHPTal code, hasn't been maintained in ages.
27602 * Tweak Userlogin include order for APC issue
27603 * Don't try to link to current page on protection tab
27604 * More exact checking in Title::equals() to fox moves of numerically similar
27605 page titles. (Odd hex title bug on 64-bit.)
27606 * Fix explicit s-maxage=0 on raw pages; should help with proxy issues in
27607 generated stylesheets... hopefully...
27608 * (bug 4685) More fixes for Slovenian project namespace
27609 * Fixed and enhanced a little the Live Preview, which had been broken for some
27611 * Added article size limit, $wgMaxArticleSize
27612 * (bug 4974) Don't follow redirected talk page on "new messages" link
27613 * (bug 4970) Make category paging limits configurable
27614 * (bug 4535) Warn user when editing CSS or JS subpage of a skin that doesn't
27616 * Make Live Preview an user preference, still controllable by the global
27618 * Rename the stub LanguageAls / LanguageGem_alsation to LanguageGsw to follow
27619 updated language code assignments
27620 * (bug 5081) Remove bogus fix for invalid characters in links which simply
27621 broke use of legitimate multiple whitespace characters in bracketed link.
27622 * (bug 4838) Add relative oldids (prev, next, cur) for raw pages
27624 * (bug 5086) Force image resize dimensions on ImageMagick, as for instance
27625 "-resize 100x35!"; some thumbs were off due to differences in rounding and
27626 would be generated smaller than expected.
27627 * (bug 5062) Width sometimes one pixel short when using maximum heights
27628 * Purge thumbnails and metadata cache for action=purge on an image page
27629 * (bug 4273) Bounce back with a message when attempting to submit a new comment
27630 with an empty main textbox (user probably hit Enter in subject field)
27631 * (bug 5141) Gracefully handle the new account link when createaccount off
27632 * (bug 5150 and related) Fix missing ID attribute in HTML namespace selector
27633 * (bug 5152) Proper HTML escaping on subpage breadcrumbs
27634 * (bug 4855) Section edit links now have the section name in the title
27636 * (bug 2115) Support shift-selecting multiple checkboxes with JavaScript.
27637 * (bug 5161) Don't try to load template list for nonexistent pages
27638 * (bug 5228) Workaround for broken LanguageConverter title overrides; avoid
27639 unnecessary hidden UI work when watch/unwatch is performed on edit
27640 * Fixed bogus master fallback in external storage
27641 * (bug 5246) Add speak:none to "hiddenStructure" class in main.css
27642 * Further work on rev_deleted; changed to a bitfield with several data-hiding
27643 options. Not yet ready for production use; Special:Revisiondelete is
27644 incomplete, and the flags are not preserved across page deletion/undeletion.
27645 To try it; add the 'deleterevision' permission to a privileged group.
27646 * (bug 5270) Fix broken linktrail for br, cv, fr, hr, nn, oc, ta, wa
27647 * Add a clickable contribs link in user tool links (rc, watchlist, diff view)
27648 to see how people like it. (There was one in the old hacked-up diff view.)
27649 * (bug 5236) Load wikibits.js before site-customized javascript
27650 * (bug 4119) Workaround for <nowiki> following link in Walloon; remove capitals
27651 from linktrail, as they're not used anywhere else.
27652 * (bug 4781) Output links with the percent-encoding they're supplied with;
27653 save the normalization for internal link storage. The normalization is a bit
27654 buggy and can make incorrect foldings in the query string and such, so isn't
27655 reliable beyond the hostname where it's used for the spam bulk checker.
27656 * Don't URL-decode in the title attribute for URL links; it can produce false
27657 results that don't code back to their original values.
27658 * (bug 4611) Add user preference (default on) to add new pages to creators's
27660 * (bug 5286) Fix regression in display of missing/bad revision IDs
27661 * (bug 4729) Add user preference that marks a user's edits as patrolled if user
27663 * (bug 4630) Add user preference to prompt users when entering blank edit
27665 * Added optional suggest feature for the search box. Set wgUseAjax to true to
27667 * (bug 5277) Use audio/midi rather that audio/mid
27668 * (bug 5410) Use namespace name when a custom namespace's nstab-NS message is
27670 * (bug 5432) Fix inconsistencies in cookie names when using table prefixes
27671 * Additional protections against HTML breakage in table parsing
27672 * (bug 5355) Include skin name and style JS settings in page source;
27673 fixes regression where Opera 6/7 and KHTML CSS fixes weren't applied
27674 when wikibits.js was moved up before user JS inclusion.
27675 * Added $wgColorErrors: if set, database error messages will be highlighted
27676 when running command-line scripts in a Unix terminal.
27677 * (bug 5195) rebuildrecentchanges.php works again; Database::insertSelect now
27678 has a parameter for select options.
27679 * Fix updateSearchIndex.php for new schema
27680 * Fix bogus "filename too short" error when uploading files with a period in the
27681 base name, e.g. "Mr. Zee.png"
27682 * (bug 2139) Show page title in subtitle when viewing "read only" page
27683 * (bug 5452) Update language name for Cree
27685 == Compatibility ==
27687 Older PHP 4.2 and 4.1 releases are no longer supported; PHP 4 users must
27688 upgrade to 4.3 or later.
27690 MediaWiki 1.6 is the last major version to support PHP 4; future versions will
27693 MySQL 3.23.x is no longer supported; some older hosts may need to upgrade.
27694 At this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases.
27698 Several changes to the database have been made from 1.5; these are relatively
27699 minor but do require that the update process be run before the new code will
27702 * A new "templatelinks" table tracks template inclusions.
27703 * A new "externallinks" table tracks URL links; this can be used by a mass
27704 spam-cleanup tool in the SpamBlacklist extension.
27705 * A new "jobs" table stores a queue of pages to update in the background; this
27706 is used to update links in including pages when templates are edited.
27708 To ensure that these tables are filled with data, run refreshLinks.php after
27711 If you are upgrading from MediaWiki 1.4.x or earlier, some major database
27712 changes are made, and there is a slightly higher chance that things could
27713 break. Don't forget to always back up your database before upgrading!
27717 Some output, particularly involving user-supplied inline HTML, may not produce
27718 100% valid or well-formed XHTML output. Testers are welcome to set $wgMimeType
27719 = "application/xhtml+xml"; to test for remaining problem cases, but this is not
27720 recommended on live sites. (This must be set for MathML to display properly in
27726 == MediaWiki 1.5.9 ==
27727 * (bug 3359) Add hooks on completion of file upload
27729 == MediaWiki 1.5.8 ==
27733 MediaWiki 1.5.8 is a security and bugfix maintenance release.
27735 A bug in decoding of certain encoded links could allow injection of raw
27736 HTML into page output; this could potentially lead to XSS attacks.
27738 Some minor UI fixes were also made, see the change log at the bottom of
27742 == MediaWiki 1.5.7 ==
27746 MediaWiki 1.5.7 is a bugfix maintenance release.
27748 Most importantly, a security issue in the installer has been fixed. The bug
27749 affects new installations of 1.5.6 only. If the user specified the MySQL root
27750 password, to allow the installer to create an unprivileged account, the
27751 installer would not only create the new account but also change the root
27752 password to be equal to the password of the new account.
27754 Anyone affected by this bug will need to change the root password back
27755 manually. For information about how to change passwords in MySQL please see:
27756 http://dev.mysql.com/doc/refman/5.1/en/passwords.html
27758 This version includes fixes for compatibility with Internet Explorer 7
27759 beta 2, and various other bugs; see the full changelog at the end of
27763 == MediaWiki 1.5.6 ==
27767 MediaWiki 1.5.6 is a security and bugfix maintenance release.
27769 A bug in edit comment formatting could send PHP into an infinite loop
27770 if certain malformed links were included. In most installations, this
27771 would cause the script to fail after PHP's 30-second failsafe timeout.
27773 Some improvements have been made to the installer which should make
27774 installation possible on a system with a broken MySQL "root" account.
27776 For several other minor fixes, see the complete changelog at the end
27780 == MediaWiki 1.5.5 ==
27784 MediaWiki 1.5.5 is a security and bugfix maintenance release.
27786 Detection for uploads of Windows Metafile (.wmf) images has been added
27787 to help protect against a client-side vulnerability in unpatched Microsoft
27788 Windows operating systems.
27790 Sites which have enabled uploads and added non-standard file types
27791 (such as .ogg, .doc, or .pdf) should upgrade to this release to ensure
27792 that malicious .wmf files can't be uploaded with a fake extension;
27793 such files could put visitors to the site at risk.
27795 For more details on this, see:
27796 https://en.wikipedia.org/wiki/Windows_Metafile_vulnerability
27798 Additionally, a maintenance script removeUnusedAccounts.php has been added;
27799 this replaces an older Perl script which had not been updated for the new
27803 == MediaWiki 1.5.4 ==
27807 MediaWiki 1.5.4 is a security and bugfix maintenance release.
27809 A hardcoded internal placeholder string has been replaced with a random
27810 one. This closes a hole where security checks in inline style attributes
27811 could be bypassed, injecting JavaScript code that could execute in
27812 Microsoft Internet Explorer.
27814 Other browsers would not be vulnerable.
27816 Several minor fixes are included in this release, most notably a fix
27817 to clear the "you have new messages" flag properly for usernames
27818 containing spaces when e-mail notification is enabled.
27820 See the changelog at the end of the release notes for a full list of
27824 == MediaWiki 1.5.3 ==
27828 MediaWiki 1.5.3 is a security and bugfix maintenance release.
27830 Validation of the user language option was broken by a code change in
27831 May 2005, opening the possibility of remote code execution as this
27832 parameter is used in forming a class name dynamically created with
27835 The validation has been corrected in this version. All prior 1.5 release
27836 and prelease versions are affected; 1.4 and earlier and not affected.
27838 Additionally several bugs have been fixed; see the changelog later in
27839 this file for a complete list.
27842 == MediaWiki 1.5.2 ==
27846 MediaWiki 1.5.2 is a bugfix maintenance release.
27848 A change in PHP 4.4.1 and PHP 5.1.0RC broke handling of extension and
27849 <pre> sections, causing garbage data to be inserted in output and saved
27850 edits. This version works around the change.
27852 Several other glitches with MySQL 5.0 and PHP 5.0.5 were also fixed;
27853 see the change log below for a complete list.
27856 == MediaWiki 1.5.1 ==
27860 MediaWiki 1.5.1 is a bugfix and security maintenance release, and is a
27861 recommended upgrade for all installations.
27863 This release includes further corrections to the inline CSS style sanitation
27864 which works around a JavaScript "feature" on Microsoft Internet Explorer.
27865 Users of Microsoft Internet Explorer for Windows may be vulnerable to
27866 XSS injections on prior versions; users of standards-compliant browsers
27867 are not vulnerable.
27869 Major fixes include:
27870 * Image pages work again with resizing disabled
27871 * Works in MySQL 5.0 strict mode
27873 There is experimental support in this release for explicitly declaring
27874 the UTF-8 charset in the database; this has been tested with MySQL 5.0.15
27875 but should work on 4.1 as well.
27877 IMPORTANT: Changing this setting on an existing wiki may produce interesting
27878 data corruption, depending on server configuration. Page contents should,
27879 usually, be unaffected, but page titles and other items may be. Limitations
27880 in MySQL's Unicode support mean that characters outside the BMP cannot be used
27881 in page titles or various other fields when using this mode.
27883 Table definitions are in maintenance/mysql5/tables.sql, and the runtime
27884 option to send 'SET NAMES utf8' is set by $wgDBmysql5 = true.
27886 (MySQL 3.23.x and 4.0.x do not support character set declarations; on these
27887 versions MediaWiki simply works with UTF-8 data and MySQL is blissfully
27892 == MediaWiki 1.5.0 final ==
27896 MediaWiki 1.5.0 is the new stable release branch of MediaWiki, and is
27897 recommended for all new installations.
27899 Any wikis running a 1.5 beta or release candidate are strongly recommended
27900 to upgrade to the final release, which includes a number of bug fixes and
27901 a security fix for CSS bugs in Microsoft Internet Explorer.
27903 IMPORTANT: Running a 1.3 or 1.4 wiki and don't want to jump to 1.5 yet?
27904 Be sure to upgrade to 1.3.17 or 1.4.11, also released today. Versions
27905 prior to 1.3.16 and 1.4.10 have a serious data corruption bug which is
27906 triggered by a spambot known to operate in the wild.
27909 === What's new in 1.5? ===
27912 The core table schema has changed significantly. This should make better
27913 use of the database's cache and disk I/O, and make significantly speed up
27914 rename and delete operations on pages with very long edit histories.
27916 Unfortunately this does mean upgrading a wiki of size from 1.4 will require
27917 some downtime for the schema restructuring, but future storage backend
27918 changes should be able to integrate into the new system more easily.
27921 The current revision of a page now has a permanent 'oldid' number assigned
27922 immediately, and the id numbers are now preserved across deletion/undeletion.
27923 A permanent reference to the current revision of a page is now just a matter
27924 of going to the 'history' tab and copying the first link in the list.
27927 Renames of pages are now recorded in Special:Log and the page history.
27928 A handy revert link is available from the log for sysops.
27931 Ever lost track of what you'd done so far during an edit? A 'Show diff'
27932 button on the edit page now makes it easy to remember.
27935 It's now possible to specify the final filename of an upload distinct
27936 from the original filename on your disk.
27938 An image link for a missing file will now take you straight to the upload
27941 More metadata is pre-extracted from uploaded images, which will ease pressure
27942 on disk or NFS volumes used to store images. EXIF metadata is displayed on
27943 the image description page if PHP is configured with the necessary module.
27945 If .svg files are added to the upload whitelist, you can choose to render
27946 them to rasterized .png images for inline display using one of several
27947 external helper programs. See DefaultSettings.php for SVG options.
27950 There are some changes to the user permissions system, with assignable
27951 groups. Note that this does *not* allow you to make pages which are only
27952 accessible to certain groups.
27954 For details see: https://www.mediawiki.org/wiki/Manual:User_rights
27957 User-to-user e-mail can now be restricted to require a mail-back confirmation
27958 first to reduce potential for abuse with false addresses.
27960 Updates to user talk pages and watchlist entries can optionally send e-mail
27964 A somewhat experimental interface for hooking in an external editor
27965 application is included.
27968 A bunch of stuff we forgot to mention.
27971 === What's gone? ===
27974 Wikis must now be encoded in Unicode UTF-8; this has been the default for
27975 some time, but some languages could optionally be installed in Latin-1 mode.
27976 This is no longer supported.
27978 You can check if your current wiki is in Latin-1 mode by using your browser's
27979 "view source"; look for a line like this:
27981 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
27983 If it says charset=utf-8, you're ready. If it says charset=iso8859-1,
27984 you may need to convert your data. (English-language wikis avoiding
27985 any accented characters may be able to get away without conversion.)
27988 Some optimization hacks for MySQL 3.x have been removed as part of the schema
27989 clean-up (specifically, the inverse_timestamp fields).
27991 MediaWiki 1.5 may still run on 3.x, but wikis of non-trivial size should
27992 very seriously consider upgrading to a more modern release. MySQL 3.x support
27993 will probably be entirely dropped in the next major release.
27995 Special:Maintenance
27996 These tools were, ironically enough, not really maintained. This special
27997 page has been removed; insofar as some of its pieces were useful and haven't
27998 already been supplanted by other special pages they should be rewritten in
27999 an efficient and safe manner in the future.
28005 Wikis in Latin-1 encoding are no longer supported; only Unicode UTF-8.
28006 A new option $wgLegacyEncoding is provided to allow on-the-fly recoding of
28007 old page text entries, but other metadata fields (titles, comments etc) need
28008 to be pre-converted. The standard upgrade process does not yet fully automate
28009 this, but you can try the alternate partial-upgrader in upgrade1_5.php.
28011 The upgrade from 1.4 to 1.5 schema has not been tested for all cases, so
28012 it's possible you may experience problems in some combinations.
28015 The text entries of deleted pages are no longer removed from the main
28016 text table on deletion. If you provide public backup dumps of your databases,
28017 you will probably want to use the new XML-format dump generator, available
28018 as maintenance/dumpBackup.php.
28020 For more information on how we run our own public data dumps at Wikimedia,
28021 see http://meta.wikimedia.org/wiki/Data_dumps
28024 The table definitions for PostgreSQL install are out of date. PostgreSQL
28025 support may return in later releases, pending appropriate patches.
28028 Some users may encounter installation problems with MySQL 4.1 or higher
28029 due to strange charset encoding / collation configurations. Try setting
28030 to 'latin1' or 'utf8' if you encounter problems.
28034 == MediaWiki 1.5 release candidate 4 ==
28038 MediaWiki 1.5rc4 is a preview release of the new 1.5 release series.
28039 It fixes compatibility with PHP 5.1, and corrects two cross-site scripting
28042 * <math> tags were handled incorrectly when TeX rendering support is off,
28043 as in the default configuration.
28044 * Extension or <nowiki> sections in Wiki table syntax could bypass HTML
28045 style attribute restrictions for cross-site scripting attacks against
28046 Microsoft Internet Explorer
28048 Wikis where the optional math support has been *enabled* are not vulnerable
28049 to the first, but are vulnerable to the second.
28053 == MediaWiki 1.5 release candidate 3 ==
28057 MediaWiki 1.5rc3 is a preview release of the new 1.5 release series.
28058 It fixes several major problems in 1.5rc2:
28060 * Fixed a cross-site scripting injection in the search form
28061 (broken since 1.5beta1)
28063 * Fixed upgrades from 1.4 database schema
28064 (broken since 1.5rc2)
28066 1.3 and 1.4 releases are not vulnerable to the XSS bug, but anyone
28067 running an earlier 1.5 beta or release candidate should upgrade
28071 == MediaWiki 1.5 release candidate 2 ==
28075 MediaWiki 1.5rc2 is a preview release of the new 1.5 release series.
28076 Numerous bug fixes since last beta, plus a security fix; see change
28077 log below for full details.
28079 A flaw in the interaction between extensions and HTML attribute
28080 sanitization was discovered which could allow unauthorized use
28081 of offsite resources in style sheets, and possible exploitation
28082 of a JavaScript injection feature on Microsoft Internet Explorer.
28084 This version expands the returned text and properly checks it
28087 A 1.5rc1 release was mistakenly made from the incorrect source code
28088 branch; 1.5rc2 is identical to the actual 1.5rc1 in revision control
28089 except for version number.
28092 == MediaWiki 1.5 beta 4 ==
28096 MediaWiki 1.5 beta 4 is a preview release of the new 1.5 release series.
28097 A number of bugs have been fixed since beta 3; see the full changelist below.
28100 == MediaWiki 1.5 beta 3 ==
28104 MediaWiki 1.5 beta 3 is a preview release of the new 1.5 release
28105 series, with a security update over beta 2.
28107 Incorrect escaping of a parameter in the page move template could
28108 be used to inject JavaScript code by getting a victim to visit a
28109 maliciously constructed URL. Users of vulnerable releases are
28110 recommended to upgrade to this release.
28112 Vulnerable versions:
28113 * 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3
28114 * 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6
28115 * 1.3 legacy series: not vulnerable
28117 This release also includes several bug fixes and localization updates.
28118 See the changelog at the end of this file for a detailed list.
28122 == MediaWiki 1.5 beta 2 ==
28126 MediaWiki 1.5 beta 2 is a preview release of the new 1.5 release series.
28127 While most exciting new bugs should have been ironed out at this point,
28128 third-party wiki operators should probably not run this beta release
28129 on a public site without closely following additional development.
28131 Anyone who _has_ been running beta 1 is very very strongly advised to
28132 upgrade to beta 2, as it fixes many bugs from the previous beta including
28133 a couple of HTML and SQL injections.
28135 This release should be followed by one or two release candidates and
28136 a 1.5.0 final within the next few weeks.
28138 Beta upgraders, note there are some minor database changes. For upgrades
28139 from 1.4, see the file UPGRADE for details on significant database and
28140 configuration file changes.
28142 Beta 2 includes a preliminary command-line XML wiki dump importer tool,
28143 maintenance/importDump.php, paired with maintenance/dumpBackup.php.
28144 These use the same format as Special:Export and Special:Import, able
28145 to package a wiki's entire page set independent of the backend database
28146 and compression format.
28149 == MediaWiki 1.5 beta 1 ==
28153 MediaWiki 1.5 beta 1 is a preview release, pretty much feature complete,
28154 of the new 1.5 release series. There are several known and likely a number
28155 of unknown bugs; it is not recommended to use this release in a production
28156 environment but would be recommended for testing in mind of an upcoming
28159 A number of significant changes have been made since the alpha releases,
28160 including database changes and a reworking of the user permissions settings.
28161 See the file UPGRADE for details of upgrading and changing your prior
28162 configuration settings for the new system.
28166 == MediaWiki 1.5 alpha 2 ==
28170 MediaWiki 1.5 alpha 2 includes a lot of bug fixes, feature merges,
28171 and a security update.
28173 Incorrect handling of page template inclusions made it possible to
28174 inject JavaScript code into HTML attributes, which could lead to
28175 cross-site scripting attacks on a publicly editable wiki.
28177 Vulnerable releases and fix:
28178 * 1.5 prerelease: fixed in 1.5alpha2
28179 * 1.4 stable series: fixed in 1.4.5
28180 * 1.3 legacy series: fixed in 1.3.13
28181 * 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended
28184 == MediaWiki 1.5 alpha 1 ==
28188 This is a testing preview release, being put out mainly to aid testers in
28189 finding installation bugs and other major problems. It is strongly recommended
28190 NOT to run a live production web site on this alpha release.
28192 ** WARNING: USE OF THIS ALPHA RELEASE MAY INFEST YOUR HOUSE WITH **
28193 ** TERMITES, ROT YOUR TEETH, GROW HAIR ON YOUR PALMS, AND PASTE **
28194 ** INNUENDO INTO YOUR C.V. RIGHT BEFORE A JOB INTERVIEW! **
28195 ** DON'T SAY WE DIDN'T WARN YOU, MAN. WE TOTALLY DID RIGHT HERE. **
28198 === Smaller changes since 1.4 ===
28200 Various bugfixes, small features, and a few experimental things:
28202 * 'live preview' reduces preview reload burden on supported browsers
28203 * support for external editors for files and wiki pages:
28204 https://www.mediawiki.org/wiki/Manual:External_editors
28205 * Schema reworking:
28206 https://www.mediawiki.org/wiki/Proposed_Database_Schema_Changes/October_2004
28207 * (bug 15) Allow editors to view diff of their change before actually submitting
28209 * (bug 190) Hide your own edits on the watchlist
28210 * (bug 510): Special:Randompage now works for other namespaces than NS_MAIN.
28211 * (bug 1015) support for the full wikisyntax in <gallery> captions.
28212 * (bug 1105) A "Destination filename" (save as) added to Special:Upload Upload.
28213 * (bug 1352) Images on description pages now get thumbnailed regardless of
28214 whether the thumbnail is larger than the original.
28215 * (bug 1662) A new magicword, {{CURRENTMONTHABBREV}} returns the abbreviation of
28217 * (bug 1668) 'Date format' supported for other languages than English, see:
28218 https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/5SH5IDCNYZTRBQQZ33GS7WYDEJ3PSEZE/
28219 * (bug 1739) A new magicword, {{REVISIONID}} give you the article or diff
28220 database revision id, useful for proper citation.
28221 * (bug 1998) Updated the Russian translation.
28222 * (bug 2064) Configurable JavaScript mimetype with $wgJsMimeType
28223 * (bug 2084) Fixed a regular expression in includes/Title.php that was accepting
28224 invalid syntax like #REDIRECT [[foo] in redirects
28225 * It's now possible to invert the namespace selection at Special:Allpages and
28226 Special:Contributions
28227 * No longer using sorbs.net to check for open proxies by default.
28228 * What was $wgDisableUploads is now $wgEnableUploads, and should be set to true
28229 if one wishes to enable uploads.
28230 * Supplying a reason for a block is no longer mandatory
28231 * Language conversion support for category pages
28232 * $wgStyleSheetDirectory is no longer an alias for $wgStyleDirectory;
28233 * Special:Movepage can now take parameters like Special:Movepage/Page_to_move
28234 (used to just be able to take parameters via a GET request like
28235 index.php?title=Special:Movepage&target=Page_to_move)
28236 * (bug 2151) The delete summary now includes editor name, if only one has edited
28238 * (bug 2105) Fixed from argument to the PHP mail() function. A missing space
28239 could prevent sending mail with some versions of sendmail.
28240 * (bug 2228) Updated the Slovak translation
28244 === Changes since 1.5alpha1 ===
28246 * (bug 73) Category sort key is set to file name when adding category to
28247 file description from upload page (previously it would be set to
28248 "Special:Upload", causing problems with category paging)
28249 * (bug 419) The contents of the navigation toolbar are now editable through
28250 the MediaWiki namespace on the MediaWiki:navbar page.
28251 * (bug 498) The Views heading in MonoBook.php is now localizable
28252 * (bug 898) The wiki can now do advanced sanity check on uploaded files
28253 including virus checks using external programs.
28254 * (bug 1692) Fix margin on unwatch tab
28255 * (bug 1906) Generalize project namespace for Latin localization, update
28257 * (bug 1975) The name for Limburgish (li) changed from "Lèmburgs" to "Limburgs
28258 * (bug 2019) Wrapped the output of Special:Version in <div dir='ltr'> in order
28259 to preserve the correct flow of text on RTL wikis.
28260 * (bug 2067) Fixed crash on empty quoted HTML attribute
28261 * (bug 2075) Corrected namespace definitions in Tamil localization
28262 * (bug 2079) Removed links to Special:Maintenance from movepagetext message
28263 * (bug 2094) Multiple use of a template produced wrong results in some cases
28264 * (bug 2095) Triple-closing-bracket thing partly fixed
28265 * (bug 2110) "noarticletext" should not display on Image page for "sharedupload"
28267 * (bug 2150) Fix tab indexes on edit form
28268 * (bug 2152) Add missing bgcolor to attribute whitelist for <td> and <th>
28269 * (bug 2176) Section edit 'show changes' button works correctly now
28270 * (bug 2178) Use temp dir from environment in parser tests
28271 * (bug 2217) Negative ISO years were incorrectly converted to BC notation
28272 * (bug 2234) allow special chars in database passwords during install
28273 * Deprecated the {{msg:template}} syntax for referring to templates, {{msg: is
28274 now the wikisyntax representation of wfMsgForContent()
28275 * Fix for reading incorrectly re-gzipped HistoryBlob entries
28276 * HistoryBlobStub: the last-used HistoryBlob is kept open to speed up
28277 multiple-revision pulls
28278 * Add $wgLegacySchemaConversion update-time option to reduce amount of
28279 copying during the schema upgrade: creates HistoryBlobCurStub reference
28280 records in text instead of copying all the cur_text fields. Requires
28281 that the cur table be left in place until/unless such fields are migrated
28282 into the main text store.
28283 * Special:Export now includes page, revision, and user id numbers by
28284 default (previously this was disabled for no particular reason)
28285 * dumpBackup.php can dump the full database to Export XML, with current
28286 revisions only or complete histories.
28287 * The group table was renamed to groups because "group" is a reserved word in
28288 SQL which caused some inconveniances.
28289 * New fileicons for c, cpp, deb, dvi, exe, h, html, iso, java, mid, mov, o,
28290 ogg, pdf, ps, rm, rpm, tar, tex, ttf and txt files based on the KDE
28292 * Fixed a bug in Special:Newimages that made it impossible to search for '0'
28293 * Added language variant support for Icelandic, now supports "Íslenzka"
28294 * The #p-nav id in MonoBook is now #p-navigation
28295 * Putting $4 in msg:userstatstext will now give the percentage of
28296 admnistrators out of normal users.
28297 * links and brokenlinks tables merged to pagelinks; this will reduce pain
28298 dealing with moves and deletes of widely-linked pages.
28299 * Add validate table and val_ip column through the updater.
28300 * Simple rate limiter for edits and page moves; set $wgRateLimits
28301 (somewhat experimental; currently needs memcached)
28302 * (bug 2262) Hide math preferences when TeX is not enabled
28303 * (bug 2267) Don't generate thumbnail at the same size as the source image.
28304 * Fix rebuildtextindex.inc for new schema
28305 * Remove linkscc table code, no longer used.
28306 * (bug 2271) Use faster text-only link replacement in image alt text
28307 instead of rerunning expensive link lookup and HTML generation.
28308 * Only build the HTML attribute whitelist tree once.
28309 * Replace wfMungeToUtf8 and do_html_entity_decode with a single function
28310 that does both numeric and named chars: Sanitizer::decodeCharReferences
28311 * Removed some obsolete UTF-8 converter functions
28312 * Fix function comment in debug dump of SQL statements
28313 * (bug 2275) Update search index more or less right on page move
28314 * (bug 2053) Move comment whitespace trimming from edit page to save;
28315 leaves the whitespace from the section comment there on preview.
28316 * (bug 2274) Respect stub threshold in category page list
28317 * (bug 2173) Fatal error when removing an article with an empty title from the
28319 * Removed -f parameter from mail() usage, likely to cause failures and bounces.
28320 * (bug 2130) Fixed interwiki links with fragments
28321 * (bug 684) Accept an attribute parameter array on parser hook tags
28322 * (bug 814) Integrate AuthPlugin changes to support Ryan Lane's external
28323 LDAP authentication plugin
28324 * (bug 2034) Armor HTML attributes against template inclusion and links munging
28326 === Changes since 1.5alpha2 ===
28328 * (bug 2319) Fix parse hook tag matching
28329 * (bug 2329) Fix title formatting in several special pages
28330 * (bug 2223) Add unique index on user_name field to prevent duplicate accounts
28331 * (bug 1976) fix shared user database with a table prefix set
28332 * (bug 2334) Accept null for attribs in wfElement without PHP warning
28333 * (bug 2309) Allow templates and template parameters in HTML attribute zone,
28334 with proper validation checks. (regression from fix for 2304)
28335 * Disallow close tags and enforce empty tags for <hr> and <br>
28336 * Changed user_groups format quite a bit.
28337 * (bug 2368) Avoid fatally breaking PHP 4.1.2 in a debug line
28338 * (bug 2367) Insert correct redirect link record on page move
28339 * (bug 2372) Fix rendering of empty-title inline interwiki links
28340 * (bug 2384) Fix typo in regex for IP address checking
28341 * (bug 650) Prominently link MySQL 4.1 help page in installer if a possible
28342 version conflict is detected
28343 * (bug 2394) Undo incompatible breakage to {{msg:}} compatibility includes
28344 * (bug 1322) Use a shorter cl_sortkey field to avoid breaking on MySQL 4.1
28345 when the default charset is set to utf8
28346 * (bug 2400) don't send confirmation mail on account creation if
28347 $wgEmailAuthentication is false.
28348 * (bug 2172) Fix problem with nowiki beeing replaced by marker strings
28349 when a template with a gallery was used.
28350 * Guard Special:Userrights against form submission forgery
28351 * (bug 2408) page_is_new was inverted (whoops!)
28352 * Added wfMsgHtml() function for escaping messages and leaving params intact
28353 * Fix ordering of Special:Listusers; fix groups list so it shows all groups
28354 when searching for a specific group and can't be split across pages
28355 * (bug 1702) Display a handy upload link instead of a useless blank link
28356 for [[media:]] links to nonexistent files.
28357 * (bug 873) Fix usage of createaccount permission; replaces $wgWhitelistAccount
28358 * (bug 1805) Initialise $wgContLang before $wgUser
28359 * (bug 2277) Added Friulian language file
28360 * (bug 2457) The "Special page" href now links to the current special page
28362 * (bug 1120) Updated the Czech translation
28363 * A new magic word, {{SCRIPTPATH}}, returns $wgScriptPath
28364 * A new magic word, {{SERVERNAME}}, returns $wgServerName
28365 * A new magic word, {{NUMBEROFFILES}}, returns the number of rows in the image
28367 * Special:Imagelist displays titles with " " instead of "_"
28368 * Less gratuitous munging of content sample in delete summary
28369 * badaccess/badaccesstext to supercede sysop*, developer* messages
28370 * Changed $wgGroupPermissions to more cut-n-paste-friendly format
28371 * 'developer' group deprecated by default
28372 * Special:Upload now uses 'upload' permission instead of hardcoding login check
28373 * Add 'importupload' permission to disable direct uploads to Special:Import
28374 * (bug 2459) Correct escaping in Special:Log prev/next links
28375 * (bug 2462 etc) Taking out the experimental dash conversion; it broke too many
28376 things for the current parser to handle cleanly
28377 * (bug 2467) Added a Turkish language file
28378 * Fixed a bug in Special:Contributions that caused the namespace selection to
28379 be forgotten between submits
28380 * Special:Watchlist/edit now has namespace subheadings
28381 * (bug 1714) the "Save page" button now has right margin to separate it from
28382 "Show preview" and "Show changes"
28383 * Special:Statistics now supports action=raw, useful for bots designed to
28384 harwest e.g. article counts from multiple wikis.
28385 * The copyright confirmation box at Special:Upload is now turned off by default
28386 and can be turned back on by setting $wgCopyrightAffirmation to a true value.
28387 * Restored prior text for password reminder button and e-mail, replacing
28388 the factually inaccurate text that was there.
28389 * (bug 2178) Fix temp dir check again
28390 * (bug 2488) Format 'deletedtext' message as wikitext
28391 * (bug 750) Keep line endings consistent in LocalSettings.php
28392 * (bug 1577) Add 'printable version' tab in MonoBook for people who don't
28393 realize you can just hit print to get a nicely formatted printable page.
28394 * Trim whitespace from option values to weather line-ending corruption problems
28395 * Fixed a typo in the Romanian language file (NS_MESIA => NS_MEDIA)
28396 * (bug 2504) Updated the Finnish translation
28397 * (bug 2506, 2512) Updated the Nynorsk translation
28398 * (bug 996) Replace $wgWhitelistEdit with 'edit' permission; fixup UPGRADE
28399 documentation about edit and read whitelists.
28400 * (bug 2515) Fix incremental link table update
28401 * Removed some wikipedia-specifica from LanguageXx.php's
28402 * (bug 2496) Allow MediaWiki:edithelppage to point to external page
28403 * Added a versionRequired() function to OutputPage, useful for extension
28404 writers that want to control what version of MediaWiki their extension
28406 * Serialized user objects now checked for versioning
28407 * Fix for interwiki link regression
28408 * Printable link shorter in monobook
28409 * Experimental Latin-1-and-replication-friendly upgrader script
28410 * (bug 2520) Don't show enotif options when disabled
28412 == Changes since 1.5beta1 ==
28414 * (bug 2531) Changed the interwiki name for sh (Serbocroatian) to
28415 Srpskohrvatski/Српскохрватски (was Српскохрватски (Srbskohrvatski))
28416 * Nonzero return code for command-line scripts on wfDebugDieBacktrace()
28417 * Conversion fix for empty old table in upgrade1_5.php
28418 * Try reading revisions from master if no result on slave
28419 * (bug 2538) Suppress notice on user serialized checks
28420 * Fix paging on Special:Contributions
28421 * (bug 2541) Fix unprotect tab
28422 * (bug 1242) category list now show on edit page
28423 * Skip sidebar entries where link text is '-'
28424 * Convert non-UTF-8 URL parameters even if referer is local
28425 * (bug 2460) <img> width & height properly filled when resizing image
28426 * (bug 2273) deletion log comment used user interface language
28427 * Try reading revision _text_ from master if no result on slave
28428 * Use content-language message cache for raw view of message pages
28429 * (bug 2530) Not displaying talk pages on Special:Watchlist/edit
28430 * Fixed a bug that would occour if $wgCapitalLinks was set to false, a user
28431 agent could create a username that began with a lower case letter that was
28432 not in the ASCII character set ( now user $wgContLang->ucfirst() instead of
28434 * Moved the user name / password validity checking from
28435 LoginForm::addNewAccountInternal() to two new functions,
28436 User::isValidUserName() and User::isValidPassword(), extensions can now do
28437 these checks without rewriting code.
28438 * Fix $wgSiteNotice when MediaWiki:Sitenotice is set to default '-'
28439 * Fixed a bug where the watchlist count without talk pages would be off by a
28441 * upgrade1_5.php uses insert ignore, allows to skip image info initialization
28442 * Fix namespaces in category list.
28443 * Add rebuildImages.php to update image metadata fields
28444 * Special:Ancientpages is expensive in new schema for now
28445 * (bug 2568) Fixed a logic error in the Special:Statistics code which caused
28446 the displayed percentage of admins to be totally off.
28447 * (bug 2560) Don't show blank width/height attributes for missing size
28448 * Don't show bogus messages about watchlist notifications when disabled
28449 * Don't show old debug messages in watchlist
28450 * (bug 2576) Fix recording of transclusion links
28451 * (bug 2577) Allow sysops to enter non-standard block times
28452 * Fixed a bug where Special:Contributions wouldn't remember the 'invert'
28453 status between next/previous buttons.
28454 * Move MonoBook printable link from tab to sidebar
28455 * (bug 2567) Fix HTML escaping on category titles in list
28456 * (bug 2562) Show rollback link for current revisions on diff pages
28457 * (bug 2583) Add --missinig option on rebuildImages.php to add db entries
28458 for uploaded files that don't have them
28459 * (bug 2572) Fix edit conflict handling
28460 * (bug 2595) Show "Earlier" and "Latest" links on history go to the first/last
28461 page in the article history pager.
28462 * Don't show empty-page text in 'Show changes' on new page
28463 * (bug 2591) Check for end, fix limits on Whatlinkshere
28464 * (bug 2584) Fix output of subcategory list
28465 * (bug 2597) Don't crash when undeleting an image description page
28466 * (bug 2564) Don't show "editingold" warning for recent revision
28467 * Various code cleanup and HTML escaping fixlets
28468 * Copy IRC-over-UDP update option from REL1_4
28469 * (bug 2548) Keep summary on 'show changes' of section edit
28470 * Move center on toc to title part to avoid breaking .toc style usage
28471 * HTML sanitizer: correct multiple attributes by keeping last, not first
28472 * (bug 2614) Fix section edit links on diff-to-current with oldid set
28473 Also fix navigation links on current-with-oldid view.
28474 * (bug 2620) Return to prior behavior for some more things (such as
28475 subpage parent links) on current-diff view.
28476 * (bug 2618) Fix regression from another fix; show initial preview for
28477 categories only if the page does not exist.
28478 * (bug 2625) Keep group & user settings when paging in Listusers
28479 * (bug 2627) Fix regression: diff radio button initial selection
28480 * Copy fix for old search URLs with Lucene search plugin from REL1_4
28481 * (bug 619) Don't use incompatible diff3 executable on non-Linux systems.
28482 * (bug 2631) Fix Hebrew namespaces.
28483 * (bug 2630) Indicate no-longer-valid cached entries in BrokenRedirects list
28484 * (bug 2644, 2645) "cur" diff links in page history, watchlist and
28485 recentchanges should specify current ID explicitly.
28486 * (bug 2609) Fix text justification preferenced with MonoBook skin.
28487 * (bug 2594) Display article tab as red for non-existent articles.
28488 * (bug 2656) Fix regression: prevent blocked users from reverting images
28489 * (bug 2629) Automatically capitalize usernames again instead of
28490 rejecting lowercase with a useless error message
28491 * (bug 2661) Fix link generation in contribs
28492 * Add support for &preload=Page_name (load text of an existing page into
28493 edit area) and &editintro=Page_name (load text of an existing page instead
28494 of MediaWiki:Newpagetext) to &action=edit, if page is new.
28495 * (bugs 2633, 2672, 2685, 2695) Fix Estonian, Portuguese, Italian, Finnish and
28496 Spanish numeric formatting
28497 * Fixed Swedish numeric formatting
28498 * (bug 2658) Fix signature time, localtime to match timezone offset again
28499 * Files from shared repositories (e.g. commons) now display with their
28500 image description pages when viewed on local wikis.
28501 * Restore compatibility namespace aliases for French Wikipedia
28502 * Fix diff order on Enhanced RC 'changes' link
28503 * (bug 2650) Fix national date type display on wikis that don't support
28504 dynamic date conversion.
28505 * FiveUpgrade: large table hacks, install iw_trans update before links
28506 * (bug 2648) Rename namespaces in Afrikaanse
28507 * Special:Booksources checks if custom list page exists before using it
28508 * (bug 1170) Fixed linktrail for da: and ru:
28509 * (bug 2683) Really fix apostrophe escaping for toolbox tips
28510 * (bug 923) Fix title and subtitle for rclinked special page
28511 * (bug 2642) watchdetails message in several languages used <a></a> instead of
28513 * (bug 2181) basic CSB language localisation by Tomasz G. Sienicki (thanks for
28515 * Fix correct use of escaping in edit toolbar bits
28516 * Removed language conversion support from Icelandic
28517 * (bug 2616) Fix proportional image scaling, giving correct height
28518 * (bug 2640) Include width and height attributes on unscaled images
28519 * Workaround for mysterious problem with bogus epoch If-Last-Modified reqs
28520 * (bug 1109) Suppress compressed output on 304 responses
28521 * (bug 2674) Include some site configuration info in export data:
28522 namespaces definitions, case-sensitivity, site name, version.
28523 * Use xml:space="preserve" hint on export <text> elements
28524 * Make language variant selection work again for zh
28526 == Changes since 1.5beta2 ==
28528 * Escaped & correctly in Special:Contributions
28529 * (bug 2534) Hide edit sections with CSS to make right click to edit section
28531 * (bug 2708) Avoid undefined notice on cookieless login attempt
28532 * (bug 2188) Correct template namespace for Greek localization
28533 * Fixed number formatting for Dutch
28534 * (bug 1355) add class noprint to commonPrint.css
28535 * (bug 2350) Massive update for Limburgish (li) language using Wikipédia
28536 * Massive update for Arab (ar) language using Wikipédia
28537 * (bug 1560) Massive update for Kurdish (ku) language using Wikipédia
28538 * (bug 2709) Some messages were not read from database
28539 * (bug 2416) Don't allow search engine robots to index or follow nonexisting
28541 * Fix escaping in page move template.
28542 * (bug 153) Discrepancy between thumbnail size and <img> height attribute
28544 == Changes since 1.5beta3 ==
28546 * Fix talk page move handling
28547 * (bug 2721) New language file for Vietnamese with the Vietnamese number
28549 * (bug 2749) would appear as a literal in image galleries for Cs, Fr,
28551 * (bug 787) external links being rendered when they only have one slash
28552 * Fixed a missing typecast in Language::dateFormat() that would cause some
28553 interesting errors with signitures.
28554 * (bug 2764) Number format for Nds
28555 * (bug 1553) Stop forcing lowercase in Monobook skin for German language.
28556 * (bug 1064) Implements Special:Unusedcategories
28557 * (bug 2311) New language file for Macedonian
28558 * Fix nohistory message on empty page history
28559 * Fix fatal error in history when validation on
28560 * Cleaned up email notification message formatting
28561 * Finally fixed Special:Disambiguations that was broke since SCHEMA_WORK
28562 * (bug 2761) fix capitalization of "i" in Turkish
28563 * (bug 2789) memcached image metadata now cleared after deletion
28564 * Add serialized version number to image metadata cache records
28565 * (bug 2780) Fix thumbnail generation with GD for new image schema
28566 * (bug 2791) Slovene numeric format
28567 * (bug 655) Provide empty search form when searching for nothing
28568 * Nynorsk numeric format fix
28569 * (bug 2825) Fix regression in newtalk notifications for anons w/ enotif off
28570 * (bug 2833) Fix bug in previous fix
28571 * With $wgCapitalLinks off, accept off-by-first-letter-case in 'go' match
28572 * Optional parameters for [[Special:Listusers]]
28573 * (bug 2832) [[Special:Listadmins]] redirects to [[Special:Listusers/sysop]]
28574 * (bug 785) Parser did not get out of <pre> with list elements
28575 * Some shared upload fixes
28576 * (bug 2768) section=new on nonexistent talk page does not add heading
28577 * support preload= parameter for section=new
28578 * show comment subject in preview when using section=new
28579 * use comment form when creating a new talk page
28580 * (bug 460) Properly handle <center> tags as a block.
28581 * Undo inconsistent editing behavior change
28582 * (bug 2835) Back out fix for bug 2802, caused regressions in category sort
28583 * PHP 4.1.2 compatibility fix: define floatval() equivalent if missing
28584 * (bug 2901) Number format for Catalan
28585 * Special:Allpages performance hacks: index memcached caching, removed
28586 inverse checkbox, use friendlier relative offsets in index build
28587 * Bring back "Chick" skin for mobile devices. It needs testing.
28588 * Fix spelling of $wgForwardSearchUrl in DefaultSettings.php
28589 * Specify USE INDEX on Allpages chunk queries, sometimes gets lost
28590 due to bogus optimization
28591 * (bug 275) Section duplication fix
28592 * Remove unused use of undefined variable in UserMailer
28593 * Fix notice on search index update due to non-array
28594 * (bug 2885) Fix fatal errors and notices in PHP 5.1.0beta3
28595 * (bug 2931) Fix additional notices on reference use in PHP 4.4.0
28596 * (bug 2774) Add three new $wgHooks to LogPage which enable extensions to add
28597 their own logtypes, see extensions/Renameuser/SpecialRenameuser.php for an
28599 * (bug 740) Messages from extensions now appear in Special:Allmessages
28600 * (bug 2857) fixed parsing of lists in <pre> sections
28601 * (bug 796) Trackback support
28602 * Fix 1.5 regression: weird, backwards diff links on new pages in enhanced RC
28603 are now suppressed as before.
28605 * "uselang" and "useskin" URL parameters can now be used in the URL when
28606 viewing a page, to change the language and skin of a page respectively.
28607 * Skins can now be previewed in preferences
28608 * (bug 2943) AuthPlugin::getCanonicalName() name canonicalization hook,
28610 * Wrap revision insert & page update in a transaction, rollback on late
28612 * (bug 2953) 'other' didn't work in Special:Blockip when localized
28613 * (bug 2958) Rollback and delete auto-summary should be in the project's
28615 * Removed useless protectreason message
28616 * Spelling fix: $wgUrlProtcols -> $wgUrlProtocols
28617 * Switch Moldovan local name to cyrillic
28618 * Fix typo in undefined array index access prevention
28619 * (bug 2947) Update namespaces for sr localization
28620 * (bug 2952) Added Asturian language file with translated namespaces
28621 * (bug 2676) Apply a protective transformation on editing input/output
28622 for browsers that hit the Unicode blacklist. Patch by plugwash.
28623 * (bug 2999) Fix encoding conversion of pl_title in upgrade1_5.php
28624 * compressOld.php disabled, as it's known to be broken.
28627 === Changes since 1.5beta4 ===
28629 * Fix Special:Allmessages under PHP 5
28630 * (bug 2911) Special:Watchlist allowed only one type of limit at a time
28631 * (bug 693) Special:Allmessages is excessively wide and redundant
28632 * (bug 3001) Updated and applied live hack for recentchanges-based watchlist
28633 * (bug 145) Finish 'exclude redirect' implementation in search form
28634 * Rearranged Special:Movepage form to reduce confusion between destination
28635 title and reason input boxes
28636 * (bug 2527) Always set destination filename when new file is selected
28637 * (bug 3056) MySQL 3 compatibility fix: USE INDEX instead of FORCE INDEX
28638 * PHP 4.1 compatibility fix: don't use new_link parameter to mysql_connect
28639 if running prior to 4.2.0 as it causes the call to fail
28640 * (bug 3117) Fix display of upload size and type with tidy on
28641 * (bug 1487) invalid html on empty list in banlist
28642 * (bug 3017) Hotkey conflict for delete and show changes
28643 * made pixel unit translateable and blocklistline now eats infiniteblock
28645 * (bug 3092) Wrong numerical separator for big numbers in Serbian.
28646 * (bug 2855) Credit for a uniq author showed its realname even with
28647 $wgAllowRealName=false.
28648 * New special page: SpecialMostlinked
28649 * (bug 2393) Fix MIME type for Atom feeds ( application/rss+atom )
28650 * Fix display of read-only lockfile message
28651 * Added a new hook, 'AddNewAccount', which is run after account creation
28652 * Update all stats fields on recount.sql
28653 * Include software-visible client IP address in Special:Version comment
28654 as a proxy debugging aid
28655 * (bug 3162) Fix 'undefined property page_is_new' error on watchlist
28656 * (bug 1734) granting db permissions failed with db usernames containg '-'
28657 * (bug 3170) wikititlesuffix was removed, use pagetitle instead
28658 * (bug 3187) watchlist text refer to unexistent "Stop watching" action
28659 * (bug 3190) Added some date format choices for language sr
28660 * (bug 1334) LanguageGa.php update
28661 * (bug 1020) Changing user interface language does not work immediately
28662 * (bug 2753) Some namespaces were not translated in LanguageTa.php (Tamil)
28663 * (bug 3204) Fix typo breaking special pages in fy localization
28664 * (bug 3210) Fix Media: links with remote image URL path
28665 * (bug 3220) Fix escaping of block URLs in Recentchanges
28666 * (bug 3238): Updated LanguageNn.php for 1_5 branch
28667 * (bug 3192): properly check 'limit' parameter on Special:Contributions
28668 * (bug 3244) Fix remote image loading hack, JavaScript injection on MSIE
28669 * Fix URL sanitization in HTML attributes, which broke in this branch
28670 * (bug 3475) anon contrib links on Special:Newpages
28673 === Changes since 1.5rc2 ===
28675 * Fix upgrade from 1.4 due to version number check breakage
28676 * Fix upgrade from 1.4 with no old revisions
28677 * (bug 2108) Sort entries when using category browser
28678 * XSS issue : now sanitize search query input
28681 === Changes since 1.5rc3 ===
28683 * (bug 3280) Respect 'move' group permission on page moves
28684 * (bug 2885) More PHP 5.1 fixes: skin, search, log, undelete
28685 * Security fix for <math>
28686 * Security fix for tables
28689 === Changes since 1.5rc4 ===
28691 * (bug 3292) Fix move-over-redirect test when current entries are not plaintext
28692 * (bug 2078) Don't hide watch tab on preview
28693 * (bug 3306) Document $wgLocalTZoffset
28694 * Support SVG rendering with rsvg
28695 * Cap arbitrary SVG renders to given image size or $wgSVGMaxSize pixels wide
28696 * (bug 3127) Render large SVGs at image page size correctly
28697 * (bug 3448) Set page_len on undelete
28698 * (bug 2800) Don't scale up small iamges on |thumb| without explicit size
28699 * Use the real file link instead of the default-size rasterized version for
28700 large SVG images on image description page
28701 * Include the file name/type/size line for non-resized images
28702 * (bug 3412) Clean up date format handling so ~~~~-sigs work with default
28703 format as designed. Documentation comments updated.
28704 * (bug 1423) LanguageJa.php update
28705 * (bug 3405) Don't use raw letters as aliases of MSGNW: and SUBST:
28706 * (bug 3485) Fix bogus warning about filename capitalization when off
28707 * (bug 2792) Update rebuildrecentchanges.inc for new schema
28708 * Special:Import/importDump fixes: report XML parse errors, accept <minor/>
28709 * (bug 3489) PHP 5.1 compat problem with captioned images
28710 * (bug 3350) Missing label for move talk page checkbox.
28711 * (bug 2570) Add 'watch this page' checkbox on uploads, watch uploads
28712 by default when 'watchdefault' option is on
28713 * (bug 3182) Clear link cache during import to prevent memory leak
28714 * (bug 3573) Full Greek Translation
28715 * (bug 3595) Warn and abort if importDump.php called in read-only mode.
28716 * (bug 3598) Update message cache on message page deletion, patch by Tietew
28717 * Blacklist additional MSIE CSS safety tricks
28720 === Changes since 1.5.0 ===
28722 * (bug 3629) Fix date & time format for Frisian
28723 * (bug 3641) Fix handling of unrecognized file uploads with known extensions
28724 * (bug 3643) Fix image page display of large images with resizing disabled
28725 * Fix meta robots tag on Special:Version again to avoid listing vulnerable
28726 versions for convenient harvesting by automated worms
28727 * (bug 3684) Fix typo in fatal error backtraces in Hooks.php
28728 * Backport fix for reference usage notice in Special:Search on PHP 4.4.0
28729 * Backport database connect error display fix from HEAD
28730 * (bug 2773) Print style sheet no longer overrides RTL text direction
28731 * MonoBook skin top link id changed from "contentTop" to "top" (shared with
28733 * Wrap message page insertions in a transaction to speed up installation
28734 * Fix Special:MovePage invalid HTML attribute for reason textarea
28735 * Avoid notice warning on edit with no User-Agent header
28736 * (bug 3734) Swapped out obsolete recount.sql with initStats.php
28737 * (bug 3735) Fix to run under MySQL 5's strict mode
28738 * (bug 3786) Experimental support for MySQL 4.1/5.0 utf8 charset mode
28739 NOTE: Enabling this may break existing wikis, and still doesn't
28740 work for all Unicode characters due to MySQL limitations.
28741 * Sanitizer CSS comment processing order fix
28744 === Changes since 1.5.1 ===
28746 * Fix Special:BrokenRedirects on MySQL 5.0
28747 * (bug 3809) Backport fix for detecting diff3 failure
28748 * MySQL 5.0 strict mode fix for moving unwatched pages
28749 * (bug 3782) Throw fatal installation warning if mbstring.func_overload on.
28750 Why do people invent these crazy options that change language semantics?
28751 * (bug 3762) Define missing Special:Import UI messages
28752 * (bug 3771) Handle internal functions in backtrace in wfAbruptExit()
28753 * (bug 3649) Remove obsolete, broken moveCustomMessages script
28754 * (bug 3667) Add missing global in page move code
28755 * (bug 3761) Avoid deprecation warnings in Special:Import
28756 * (bug 2885) Remove unnecessary reference parameter which broke classic skin
28757 talk notification on PHP 5.0.5
28758 * (bug 3845) Update attribute.php for 1.5 schema
28759 * Fix Parser::unstrip on PHP 4.4.1 and PHP 5.1.0RC4
28762 === Changes since 1.5.2 ===
28764 * (bug 3612) Remove old broken version of maintenance/compressOld.php
28765 The working version is in maintenance/storage/compressOld.php
28766 * (bug 2740) Accept image deletions on 'enter' submit from MSIE
28767 * (bug 3933) specify XML namespace for Atom 0.3 feeds
28768 * (bug 3939) Don't try to load text for interwiki redirect target
28769 * (bug 3948) Avoid notice warning in debug statement in bad search
28770 * Recognize Special:Search consistently so read whitelist works
28771 * (bug 4013) typo in fr
28772 * (bug 3996) Fix text for new entries in RC RSS/Atom feed
28773 * (bug 2894) Enhanced Recent Changes link fixes
28774 * (bug 3065) Update both watched namespaces when renaming pages
28775 * Move parentheses out of <a> link in Special:Contributions
28776 * (bug 4071) Generate passwords long enough for $wgMinimalPasswordLength
28777 * (bug 4035) Fix prev/next revision links on edit page
28778 * (bug 4165) Correct validation for user language selection (data taint)
28779 * Clearer message in DefaultSettings.php: edit LocalSettings.php instead
28782 === Changes since 1.5.3 ===
28784 * (bug 3805) Clear 'new messages' flag properly in enotif mode
28785 for usernames containing spaces
28786 * (bug 2714) Backlink from special:whatlinkshere was hard set as 'existing'
28787 * (bug 4249) Typo in entities2literals.pl
28788 * (bug 4233) Update for japanese language
28789 * (bug 4279) Small correction to LanguageDa.php
28790 * (bug 4267) Switch dv sd ug ks arc languages to RTL
28791 * (bug 3991) Allow the operation of wikicode on Protect move only text
28792 * Added AutoAuthenticate hook for external User object suppliers
28793 * Parser internal placeholder string now fully randomized for safety
28795 === Changes since 1.5.4 ===
28797 * Maintenance script to delete unused user accounts
28798 * Added detection for WMF files (application/x-msmetafile), added this
28799 MIME type to the default blacklist. Prevented inline display of images
28800 which are not of known image types. This is in response to
28801 https://en.wikipedia.org/wiki/Windows_Metafile_vulnerability
28803 === Changes since 1.5.5 ===
28805 * (bug 4258) When installing under IIS, $wgArticlePath = "$wgScript?title=$1"
28807 * (bug 4510) Correct Barnes & Noble bookstore URLs
28808 * (bug 4504) Use site language for namespace name resolution
28809 * Installer fixes from HEAD backported; now uses a more sensible method of
28810 establishing which mySQL user to use, which clears up bug 921 et al. Minor
28811 changes to installer.
28812 * Fix problem reported on mailing list where re-initialising stats didn't work
28813 (can't insert duplicate rows with the same id field)
28814 * (bug 1122) gray out 'older revision' when viewing first article revision.
28815 * Respect database prefix in dumpHTML.inc
28816 * Minor improvements to removeUnusedAccounts.php maintenance script
28817 * Fix for single-digit week numbers from {{CURRENTWEEK}}, broken by PHP 4.4.1
28818 * Removed read-only check from Database::query()
28819 * Added --conf option to command line scripts, allowing the user to specify a
28820 different LocalSettings.php.
28822 === Changes since 1.5.6 ===
28824 * Default main page content improved per bug 4690
28825 * Fix dependence on hardcoded UNIQ_PREFIX in LanguageConverter.php
28826 * Fixed Special:Unlockdb
28827 * Maintenance script to delete unused text records
28828 * Maintenance script to delete non-current revisions
28829 * Maintenance script to wipe a page and all revisions from the database
28830 * (bug 4768) Wrong Russian translation (typo)
28831 * Performance bugfix: propagate equality manually for Revision fetches
28832 * (bug 4773) PHP fatal error when invalid title passed to Special:Export
28833 * Added missing table defs. for transcache to installer schemas
28834 * (bug 4824) IE7 beta 2 broke compatibility with PNG logo workarounds,
28835 and seems to work ok with other bits. No longer including the IE
28836 workarounds JavaScript for IE 7 and above.
28837 * (bug 2532) Image directory structure migration bug
28838 * (bug 4881) Correction to the fix for 1487; Ipblocklist showed 'no blocks'
28839 message at the end of the list even if there were blocks.
28840 * (bug 4805) Removed more wikipedia-references from LanguageUk.php
28841 * Introduce $wgWantedPagesThreshold per bug 5011; Special:Wantedpages will not
28842 list pages with less than this number of links. Defaults to 1.
28843 * Allow customisation of paging limits for items in categories using the
28844 $wgCategoryPagingLimit global, per bug 4970.
28845 * Improve "nogomatch" text to make it more obvious that a page can be created.
28846 * (bug 5113) Spelling error in French language file
28847 * Don't change the password of the MySQL root user.
28849 === Changes since 1.5.7 ===
28851 * (bug 5180) User login page shows inappropriate email blurb
28852 * Add the "AbortNewAccount" hook on account creation; see hooks.txt for more
28854 * Update default "exporttext" to reflect that Special:Import exists
28855 * Add links to useful material to the default main page content
28856 * Fix fragment HTML injection
28858 === Changes since 1.5.8 ===
28860 * Fixed obvious mistakes in Finnish (fi) translation
28861 * Fixed obvious mistakes in Kurdish (ku) translation
28862 * Merge two #p-search .pBody statements i monobook/main.css
28863 * (bug 5156) Update for Hebrew language (he) translation
28864 * Add the "UserRights" hook on user group changes; see hooks.txt for more info.
28865 * Translated "listingcontinuesabbrev" for German
28869 Some output, particularly involving user-supplied inline HTML, may not
28870 produce 100% valid or well-formed XHTML output. Testers are welcome to
28871 set $wgMimeType = "application/xhtml+xml"; to test for remaining problem
28872 cases, but this is not recommended on live sites. (This must be set for
28873 MathML to display properly in Mozilla.)
28877 == MediaWiki 1.4.15 ==
28879 (released March 26, 2006) MediaWiki 1.4.15 is a security maintenance release. A
28880 bug in decoding of certain encoded links could allow injection of raw HTML into
28881 page output; this could potentially lead to XSS attacks. Additionally, this
28882 release may display more correctly in IE7 betas.
28884 == MediaWiki 1.4.14 ==
28885 (released January 19, 2006) MediaWiki 1.4.14 is a security and bugfix
28886 maintenance release. A bug in edit comment formatting could send PHP into an
28887 infinite loop if certain malformed links were included. In most installations,
28888 this would cause the script to fail after PHP's 30-second failsafe timeout. For
28889 several other minor fixes, see the complete changelog at the end of this file.
28891 == MediaWiki 1.4.13 ==
28892 (released January 5, 2006) MediaWiki 1.4.13 is a security maintenance
28893 release.Detection for uploads of Windows Metafile (.wmf) images has been added
28894 to help protect against a client-side vulnerability in unpatched Microsoft
28895 Windows operating systems. Sites which have enabled uploads and added
28896 non-standard file types (such as .ogg, .doc, or .pdf) should upgrade to this
28897 release to ensure that malicious .wmf files can't be uploaded with a fake
28898 extension; such files could put visitors to the site at risk. For more details
28899 on this, see: https://en.wikipedia.org/wiki/Windows_Metafile_vulnerability
28901 == MediaWiki 1.4.12 ==
28902 (released 2005-11-02) MediaWiki 1.4.12 is a bugfix and security maintenance
28903 release. A change in PHP 4.4.1 broke handling of extension and
28904 <nowiki><pre></nowiki> sections, causing garbage data to be inserted in output
28905 and saved edits. This version works around the change. This release includes
28906 further corrections to the inline CSS style sanitation which works around a
28907 JavaScript "feature" on Microsoft Internet Explorer. Users of Microsoft
28908 Internet Explorer for Windows may be vulnerable to XSS injections on prior 1.4
28909 releases; users of standards-compliant browsers are not vulnerable.
28911 == MediaWiki 1.4.11 ==
28912 (released 2005-10-05) MediaWiki 1.4.11 is a security maintenance release.
28913 Unsafe handling of CSS by Microsoft Internet Explorer could be exploited to
28914 produce cross-site scripting attacks by JavaScript injection to clients running
28915 that browser. This release blacklists several additional variants from use in
28916 HTML inline style attributes. All publicly accessible wikis are recommended to
28917 upgrade to reduce the risk to visitors using Microsoft web browsers. Note: the
28918 MediaWiki 1.4.x series is not compatible with PHP 5.0.5 or higher. Upgrade to
28919 the 1.5.0 release if you require this version of PHP 5.
28921 == MediaWiki 1.4.10 ==
28922 (released 2005-09-21) MediaWiki 1.4.10 is a security maintenance release. A bug
28923 in edit submission handling could cause corruption of the previous revision in
28924 the database if an abnormal URL was used, such as those used by some spambots.
28926 * 1.4.x <= 1.4.9; fixed in 1.4.10
28927 * 1.3.x <= 1.3.15; fixed in 1.3.16
28928 1.5 release candidates are not affected by this problem. All publicly editable
28929 wikis are strongly recommended to upgrade immediately.
28930 1.4 releases can be manually patched by changing this bit in EditPage.php:
28932 <syntaxhighlight lang="php">
28933 function importFormData( &$request ) {
28934 if( $request->wasPosted() ) {
28937 <syntaxhighlight lang="php">
28938 function importFormData( &$request ) {
28939 if( $request->getVal( 'action' ) == 'submit' && $request->wasPosted() )
28942 == MediaWiki 1.4.9 ==
28943 (released 2005-08-29) MediaWiki 1.4.9 is a security maintenance release. It
28944 corrects two cross-site scripting security bugs:
28945 * <nowiki><math></nowiki> tags were handled incorrectly when TeX rendering
28946 support is off, as in the default configuration.
28947 * Extension or <nowiki><nowiki></nowiki> sections in Wiki table syntax could
28948 bypass HTML style attribute restrictions for cross-site scripting attacks
28949 against Microsoft Internet Explorer Wikis where the optional math support has
28950 been *enabled* are not vulnerable to the first, but are vulnerable to the
28953 == MediaWiki 1.4.8 ==
28954 (released 2005-08-23) MediaWiki 1.4.8 is a bug fix and security maintenance
28955 release. A flaw in the interaction between extensions and HTML attribute
28956 sanitization was discovered which could allow unauthorized use of offsite
28957 resources in style sheets, and possible exploitation of a JavaScript injection
28958 feature on Microsoft Internet Explorer. This version expands the returned text
28959 and properly checks it before output. Additionally, an update to
28960 skins/MonoBook.php ensures that sites using the default MonoBook skin will
28961 display correctly in the Internet Explorer 7 beta. (1.3 and 1.5 are not
28962 affected by this bug.)
28964 == MediaWiki 1.4.7 ==
28965 (released 2005-07-16)
28966 MediaWiki 1.4.7 is a bug fix release. Those affected by the following problems
28967 in 1.4.6 should upgrade:
28968 * Watchlist breakage on MySQL 3.23.x and with table prefix enabled
28969 * Possible breakage in watchlist, some image resizing modes on PHP 4.1.2 1.4.6
28970 included a fix for a cross-site scripting vulnerability, so anyone running
28971 older 1.4 releases is very strongly encouraged to upgrade as well. Note to
28972 upgraders: this version of MediaWiki is known to produce a large number of
28973 notice-level warnings under the newly released PHP 4.4.0. These appear however
28974 to be harmless; if you encounter them add this to your LocalSettings.php to
28975 suppress the notices: error_reporting( E_ALL & ~E_NOTICE ); PHP 5.1.0beta3 is
28976 known to be incompatible at this time.
28978 == MediaWiki 1.4.6 ==
28979 (released 2005-07-07) MediaWiki 1.4.6 is a bug fix and security update release.
28980 Incorrect escaping of a parameter in the page move template could
28981 be used to inject JavaScript code by getting a victim to visit a maliciously
28982 constructed URL. Users of vulnerable releases are recommended to upgrade to
28983 this release. Vulnerable versions:
28984 * 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3
28985 * 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6
28986 * 1.3 legacy series: not vulnerable This release also includes fixes for some
28987 rare bug annoying HTTP errors, a PHP 4.1.2 breakage bug, and works around some
28988 template limitations introduced in 1.4.5. See the changelog at the end of this
28989 file for a detailed list of bugs fixed.
28991 == MediaWiki 1.4.5 ==
28992 (released 2005-06-03) MediaWiki 1.4.5 is a security update and bugfix release.
28993 Incorrect handling of page template inclusions made it possible to inject
28994 JavaScript code into HTML attributes, which could lead to cross-site scripting
28995 attacks on a publicly editable wiki. Vulnerable releases and fix:
28996 * 1.5 prerelease: fixed in 1.5alpha2
28997 * 1.4 stable series: fixed in 1.4.5
28998 * 1.3 legacy series: fixed in 1.3.13
28999 * 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended This
29000 release also includes a number of bug fixes (see changelog below) and merges
29001 some large-server load balancing patches from Wikipedia. An experimental rate
29002 limiter for page edits and moves can be enabled with global, per-IP,
29003 per-subnet, or per-user bases. See configuration options in
29004 includes/DefaultSettings.php
29006 == MediaWiki 1.4.4 ==
29007 (released 2005-05-04) MediaWiki 1.4.4 is a bugfix release for the 1.4 stable
29008 release series. Some bugs in the installer/updater and refreshLinks maintenance
29009 script were introduced in the last release and have been corrected.
29011 == MediaWiki 1.4.3 ==
29013 (released 2005-04-28)
29015 MediaWiki 1.4.3 is a bugfix release for the 1.4 stable release series.
29017 Chiefly, this fixes a compatibility problem with PHP 5 and a minor link
29018 table corruption bug on initial page save.
29021 == MediaWiki 1.4.2 ==
29023 (released 2005-04-20)
29025 MediaWiki 1.4.2 is a security and bug fix release for the 1.4 stable release
29028 A cross-site scripting injection vulnerability was discovered, which
29029 affects only MSIE clients and is only open if MediaWiki has been
29030 manually configured to run output through HTML Tidy ($wgUseTidy).
29032 Several other bugs are fixed in this release, see the changelog below.
29034 All new installations are highly recommended to use 1.4.2 instead of
29035 1.3.x; 1.3.x users should consider upgrading for bug fixes and new
29036 features. Ealier 1.4.x release and beta users should upgrade to this
29037 release for relevant bug fixes; see the changelog later in this file.
29040 If you have trouble, remember to read this whole file and the online FAQ page
29041 before asking for help:
29043 https://www.mediawiki.org/wiki/Manual:FAQ
29046 === READ THIS FIRST: Upgrading ===
29048 If upgrading from an older release, see the notes in the file UPGRADE.
29049 There are a couple of minor database changes from the beta releases,
29050 and somewhat larger changes from 1.3.x.
29052 Upgrading from a previous 1.4.x stable release installation should
29053 generally only require copying the new files over the old ones.
29056 ==== READ THIS FIRST, TOO: MySQL 4.1 AND 5.0 ====
29058 MySQL 5.0 is a beta release, not yet ready for production use. If you
29059 are using it, the notes below about 4.1 apply to you too.
29061 If you have the choice of MySQL 4.0 or MySQL 4.1 and don't need 4.1 for
29062 some other application, you should consider sticking with 4.0 for the
29063 moment. 4.1 may require you to do extra fiddling to get things to work
29064 due to changes that aren't fully backwards-compatible.
29066 MySQL 4.1 has changed the authentication protocol in an incompatible
29067 way; many PHP installations still use the older client libraries and
29068 CANNOT CONNECT TO THE SERVER WITH A PASSWORD without some changes.
29070 See: http://dev.mysql.com/doc/mysql/en/Old_client.html
29072 If MySQL is set with utf-8 as the default character set, installation
29073 may fail with "key too long" errors. Set the default charset to 'latin1'
29074 for installation and it should work.
29076 The mysqldump backup generator now applies an automatic conversion to
29077 UTF-8, which may irretrivably corrupt your data. Pass the -charset option
29078 with the original default charset (eg 'latin1') to skip the conversion.
29081 ==== READ THIS FIRST IF RUNNING ON A WINDOWS SERVER ====
29083 MediaWiki is tested and deployed primarily under the Apache web server
29084 on Linux Unix systems. There are known to be problems running on
29085 Microsoft's IIS which are not fully resolved. If you have a choice,
29086 try running under Apache on Windows, or on a Unix/Linux box instead.
29088 If you're having trouble with blank pages on IIS and can't switch,
29089 try the workaround suggested in this bug report:
29090 http://bugzilla.wikimedia.org/show_bug.cgi?id=1763
29093 === New features ===
29095 * 'Recentchanges Patrol' to mark new edits that haven't yet been viewed.
29096 * New, searchable deletion/upload/protection logs
29097 * Image gallery generation (Special:Newimages and <gallery> tag)
29098 * SVG rasterization support (requires external support tools)
29099 * Users can select from the available localizations to override the
29100 default user interface language.
29101 * Traditional/Simplified Chinese conversion support
29102 * rel="nofollow" support to combat linkspam
29104 The current implementation adds this attribute to _all_ external URL
29105 links in wiki text (but not internal [[wiki links]] or interwiki links).
29106 To disable the attribute for _all_ external links, add this line to your
29109 $wgNoFollowLinks = false
29111 For background information on nofollow see:
29113 http://www.google.com/googleblog/2005/01/preventing-comment-spam.html
29116 === Installation and compatibility ===
29118 * The default MonoBook theme now works with PHP 5.0
29119 * Installation on systems with PHP's safe mode or other oddities
29120 should work more reliably, as MonoBook no longer needs to
29121 create a compiled template file for the wiki to run.
29122 * A table prefix may be specified, to avoid conflicts with other
29123 web applications forced to share a database.
29124 * More thorough UTF-8 input validation; fixes non-ASCII uploaded
29125 filenames from Safari.
29126 * Command-line database upgrade script.
29129 === Customizability ===
29131 * Default user options can now be overridden in LocalSettings.
29132 * Skins system more modular: templates and CSS are now in /skins/
29133 New skins can be dropped into this directory and used immediately.
29134 * More extension hooks have been added.
29135 * Authentication plugin hook.
29136 * More internal code documentation, generated with phpdoc:
29137 https://doc.wikimedia.org/mediawiki-core/master/php/html/
29140 === Optimization ===
29142 * For many operations, MediaWiki 1.4 should run faster and use
29143 less memory than MediaWiki 1.3. Page rendering is up to twice
29144 as fast. (Use a PHP accelerator such as Turck MMCache for best
29145 results with any PHP application, though!)
29146 * The parser cache no longer requires memcached, and is enabled
29147 by default. This avoids a lot of re-rendering of pages that
29148 have been shown recently, greatly speeding longer page views.
29149 * Support for compiled PHP modules to speed up page diff and
29150 Unicode validation/normalization. (Requires ability to compile
29151 and load PHP extensions).
29154 === What isn't ready yet ===
29156 * A new user/groups permissions scheme has been held back to 1.5.
29157 * An experimental SOAP interface will be made available as an extension
29158 * PostgreSQL support is largely working, minus search and the installer.
29159 You can perform a manual installation.
29160 * E-mail notification of watched page changes and verification of
29161 user-submitted e-mail addresses is not yet included.
29162 * Log pages are not automatically imported into the new log table
29163 at upgrade time. A script to import old text log entries is
29164 incomplete, but may be available in later point releases.
29165 * Some localizations are still incomplete.
29171 === Important security updates ===
29173 A security audit found and fixed a number of problems. Users of MediaWiki
29174 1.3.10 and earlier should upgrade to 1.3.11; users of 1.4 beta releases
29175 prior to 1.4rc1 should upgrade immediately.
29177 ==== Cross-site scripting vulnerability ====
29179 XSS injection points can be used to hijack session and authentication
29180 cookies as well as more serious attacks.
29182 * Media: links output raw text into an attribute value, potentially
29183 abusable for JavaScript injection. This has been corrected.
29184 * Additional checks added to file upload to protect against MSIE and
29185 Safari MIME-type autodetection bugs.
29187 As of 1.3.10/1.4beta6, per-user customized CSS and JavaScript is disabled
29188 by default as a general precaution. Sites which want this ability may set
29189 $wgAllowUserCss and $wgAllowUserJs in LocalSettings.php.
29192 ==== Cross-site request forgery ====
29194 An attacker could use JavaScript-submitted forms to perform various
29195 restricted actions by tricking an authenticated user into visiting
29196 a malicious web page. A fix for page editing in 1.3.10/1.4beta6 has
29197 been expanded in this release to other forms and functions.
29199 Authors of bot tools may need to update their code to include the
29203 ==== Directory traversal ====
29205 An unchecked parameter in image deletion could allow an authenticated
29206 administrator to delete arbitary files in directories writable by the
29207 web server, and confirm existence of files not deletable.
29210 ==== Older issues ====
29212 Note that 1.4 beta releases prior to beta 5 include an input validation
29213 error which could lead to execution of arbitrary PHP code on the server.
29214 Users of older betas should upgrade immediately to the current version.
29217 Beta 6 also introduces the use of rel="nofollow" attributes on external
29218 links in wiki pages to reduce the effectiveness of wiki spam. This will
29219 cause participating search engines to ignore external URL links from wiki
29220 pages for purposes of page relevancy ranking.
29223 === Misc bugs fixed in beta 1 ===
29225 * (bug 95) Templates no longer limited to 5 inclusions per page
29226 * New user preference for limiting the image size for images on image
29228 * (bug 530) Allow user to preview article on first edit
29229 * (bug 479) [[RFC 1234]] will now make an internal link
29230 * (bug 511) PhpTal skins shown bogus 'What links here' etc on special pages
29231 * (bug 770) Adding filter and username exact search match for Special:Listusers
29232 * (bug 733) Installer die if it can not write LocalSettings.php
29233 * (bug 705) Various special pages no more show the rss/atom feed links
29234 * (bug 114) use category backlinks in Special:Recentchangeslinked
29236 === Beta 2 fixes ===
29238 * (bug 987) Reverted bogus fix for bug 502
29239 * (bug 992) Fix enhanced recent changes in PHP5
29240 * (bug 1009) Fix Special:Makesysop when using table prefixes
29241 * (bug 1010) fix broken Commons image link on Classic & Cologne Blue
29242 * (bug 985) Fix auto-summary for section edits
29243 * (bug 995) Close <a> tag
29244 * (bug 1004) renamed norsk language links (twice)
29245 * Login works again when using an old-style default skin
29246 * Fix for load balancing mode, notify if using old settings format
29247 * (bug 1014) Missing image size option on old accounts handled gracefully
29248 * (bug 1027) Fix page moves with table prefix
29249 * (bug 1018) Some pages fail with stub threshold enabled
29250 * (bug 1024) Fix link to high-res image version on Image: pages
29251 * (bug 1016) Fix handling of lines omitting Image: in a <gallery> tag
29252 * security fix for image galleries
29253 * (bug 1039) Avoid error message in certain message cache failure modes
29254 * Fix string escaping with PostgreSQL
29255 * (bug 1015) [partial] -- use comment formatter on image gallery text
29256 * Allow customization of all UI languages
29257 * use $wgForceUIMsgAsContentMsg to make regular UI messages act as content
29258 * new user option for zh users to disable language conversion
29259 * Defer message cache initialization, shaving a few ms off file cache hits
29260 * Fixed Special:Allmessages when using table prefixes
29261 * (bug 996) Fix $wgWhitelistRead to work again
29262 * (bug 1028) fix page move over redirect to not fail on the unique index
29264 === Beta 3 fixes ===
29266 * Hide RC patrol markers when patrol is disabled or not allowed to patrol.
29267 * Fix language selection for upgraded accounts
29268 * (bug 1076) navigation links in QueryPage should be translated by wgContLang.
29269 * (bug 922) bogus DOS line endings in LanguageEl.php
29270 * Fix index usage in contribs
29271 * Caching and load limiting options for Recentchanges RSS/Atom feed
29272 * (bug 1074) Add stock icons for non-image files in gallery/Newimages
29273 * Add width and height attributes on thumbs in gallery/Newimages
29274 * Enhance upload extension blacklist to protect against vulnerable
29275 Apache configurations
29277 === Beta 4 fixes ===
29279 * (bug 1090) Fix sitesupport links in CB/classic skins
29280 * Gracefully ignore non-legal titles in a <gallery>
29281 * Fix message page caching behavior when $wgCapitalLinks is turned off
29282 after installation and the wiki is subsequently upgraded
29283 * Database error messages include the database server name/address
29284 * Paging support for large categories
29285 * Fix image page scaling when thumbnail generation is disabled
29286 * Select the content language in prefs when bogus interface language is set
29287 * Fix interwiki links in edit comments
29288 * Fix crash on banned user visit
29289 * Avoid PHP warning messages when thumbnail not generated
29290 * (bug 1157) List unblocks correctly in Special:Log
29291 * Fix fatal errors in LanguageLi.php
29292 * Undo overly bright, difficult to read colors in Cologne Blue
29293 * (bug 1162) fix five-tilde date inserter
29294 * Add raw signatures option for those who simply must have cute sigs
29295 * (bug 1164) Let wikitext be used in Loginprompt and Loginend messages
29296 * Add the dreaded <span> to the HTML whitelist
29297 * (bug 1170) Fix Russian linktrail
29298 * (bug 1168) Missing text on the bureaucrat log
29299 * (bug 1180) Fix Makesysop on shared-user-table sites
29300 * (bug 1178) Fix previous diff link when using 'oldid=0'
29301 * (bug 1173) Stop blocked accounts from reverting/deleting images
29302 * Keep generated stylesheets cache-separated for each user
29303 * (bug 1175) Fix "preview on first edit" mode
29304 * Fix revert bug caused by bug 1175 fix
29305 * Fix CSS classes on minor, new, unpatrolled markers in enhanced RC
29306 * Set MySQL 4 boolean search back to 'and' mode by default
29307 * (bug 1193) Fix move-only page protection mode
29308 * Fix zhtable Makefile to include the traditional manual table
29309 * Add memcache timeout for the zh conversion tables
29310 * Allow user customization of the zh conversion tables through
29311 Mediawiki:zhconversiontable
29312 * Add zh-min-man (back) to language names list
29313 * Ported $wgCopyrightIcon setting from REL1_3A
29314 * (bug 1218) Show the original image on image pages if the thumbnail would be
29315 bigger than the original image
29316 * (bug 1213) i18n of Special:Log labels
29317 * (bug 1013) Fix jbo, minnan in language names list
29318 * Added magic word MAG_NOTITLECONVERT to indicate that the title of the page
29319 do not need to be converted. Useful in zh:
29320 * (bug 1224) Use proper date messages for date reformatter
29321 * (bug 1241) Don't show 'cont.' for first entry of the category list
29322 * (bug 1240) Special:Preferences was broken in Slovenian locale when
29323 $wgUseDynamicDates is enabled
29324 * Added magic word MAG_NOCONTENTCONVERT to suppress the conversion of the
29325 content of an article. Useful in zh:
29326 * write-lock for updating the zh conversion tables in memcache
29327 * recursively parse subpages of MediaWiki:Zhconversiontable
29328 * (bug 1144) Fix export for fy language
29329 * make removal of an entry from zhconversiontable work
29330 * (bug 752) Don't insert newline in link title for url with %0a
29331 * Fix missing search box contents in MonoBook skin
29332 * Add option to forward search directly to an external URL (eg google)
29333 * Correctly highlight the fallback language variant when the selected
29334 variant is disabled. Used in zh: only for now.
29336 === Beta 5 fixes ===
29338 * (bug 1124) Fix ImageGallery XHTML compliance
29339 * (bug 1186) news: in the middle of a word
29340 * (bug 1283) Use underlining and borders to highlight additions/deletions
29342 * Use user's local timezone in Special:Log display
29343 * Show filename for images in gallery by default (restore beta 3 behavior)
29344 * (bug 1201) Double-escaping in brokenlinks, imagelinks, categorylinks,
29346 * When using squid reverse proxy, cache the redirect to the Main_Page
29347 * (bug 1302) Fix Norwegian language file
29348 * (bug 1205) Fix broken article saving in PHP 5.1
29349 * (bug 1206) Implement CURRENTWEEK and CURRENTDOW magic keyword (will give
29350 number of the week and number of the day).
29351 * (bug 1204) Blocks do not expire automatically
29352 * (bug 1184) expiry time of indefinite blocks shown as the current time
29353 * (bug 1317) Fix external links in image captions
29354 * (bug 1084) Fix logo not rendering centrally in IE
29355 * (bug 288) Fix tabs wrapping in IE6
29356 * (bug 119) Fix full-width tabs with RTL text in IE
29357 * (bug 1323) Fix logo rendering off-screen in IE with RTL language
29358 * Show "block" link in Special:Recentchanges for logged in users, too, if
29359 wgUserSysopBans is true.
29360 * (bug 1326) Use content language for '1movedto2' in edit history
29361 * zh: Fix warning when HTTP_ACCEPT_LANGUAGE is not set
29362 * zh: Fix double conversion for zh-sg and zh-hk
29363 * (bug 1132) Fix concatenation of link lists in refreshLinks
29364 * (bug 1101) Fix memory leak in refreshLinks
29365 * (bug 1339) Fix order of @imports in Cologne Blue CSS
29366 * Don't try to create links without namespaces ([[Category:]] link bug)
29367 * Memcached data compression fixes
29368 * Several valid XHTML fixes
29369 * (bug 624) Fix IE freezing rendering whilst waiting for CSS with MonoBook
29370 * (bug 211) Fix tabbed preferences with XHTML MIME type
29371 * Fix for script execution vulnerability.
29373 === Beta 6 fixes ===
29375 * (bug 1335) implement 'tooltip-watch' in Language.php
29376 * Fix linktrail for nn: language
29377 * (bug 1214) Fix prev/next links in Special:Log
29378 * (bug 1354) Fix linktrail for fo: language
29379 * (bug 512) Reload generated CSS on preference change
29380 * (bug 63) Fix displaying as if logged in after logout
29381 * Set default MediaWiki:Sitenotice to '-', avoiding extra database hits
29382 * Skip message cache initialization on raw page view (quick hack)
29383 * Fix notice errors in wfDebugDieBacktrace() in XML callbacks
29384 * Suppress notice error on bogus timestamp input (returns epoch as before)
29385 * Remove unnecessary initialization and double-caching of parser variables
29386 * Call-tree output mode for profiling
29387 * (bug 730) configurable $wgRCMaxAge; don't try to update purged RC entries
29388 * Add $wgNoFollowLinks option to add rel="nofollow" on external links
29390 * (bug 1130) Show actual title when moving page instead of encoded one.
29391 * (bug 925) Fix headings containing <math>
29392 * (bug 1131) Fix headings containing interwiki links
29393 * (bug 1380) Update Nynorsk language file
29394 * (bug 1232) Fix sorting of cached Special:Wantedpages in miser mode
29395 * (bug 1217) Image within an image caption broke rendering
29396 * (bug 1384) Make patrol signs have the same width for page moves as for edits
29397 * (bug 1364) fix "clean up whitespace" in Title:SecureAndSplit
29398 * (bug 1389) i18n for proxyblocker message
29399 * Add fur/Furlan/Friulian to language names list
29400 * Add TitleMoveComplete hook on page renames
29401 * Allow simple comments for each translation rules in MW:Zhconversiontable
29402 * (bug 1402) Make link color of tab subject page link on talk page indicate
29403 whether article exists
29404 * (bug 1368) Fix SQL error on stopword/short word search w/ MySQL 3.x
29405 * Translated Hebrew namespace names
29406 * (bug 1429) Stop double-escaping of block comments; fix formatting
29407 * (bug 829) Fix URL-escaping on block success
29408 * (bug 1228) Fix double-escaping on & sequences in [enclosed] URLs
29409 * (bug 1435) Fixed many CSS errors
29410 * (bug 1457) Fix XHTML validation on category column list
29411 * (bug 1458) Don't save if edit form submission is incomplete
29412 * Logged-in edits and preview of user CSS/JS are now locked to a session token.
29413 * Per-user CSS and JavaScript subpage customizations now disabled by default.
29414 They can be re-enabled via $wgAllowUserJs and $wgAllowUserCss.
29415 * Removed .ogg from the default uploads whitelist as an extra precaution.
29416 If your web server is configured to serve Ogg files with the correct
29417 Content-Type header, you can re-add it in LocalSettings.php:
29418 $wgFileExtensions[] = 'ogg';
29422 * Fix notice error on nonexistent template in wikitext system message
29423 * (bug 1469) add missing <ul> tags on Special:Log
29424 * (bug 1470) remove extra <ul> tags from Danish log messages
29425 * Fix notice on purge w/ squid mode off
29426 * (bug 1477) hide details of SQL error messages by default
29427 Set $wgShowSQLErrors = true for debugging.
29428 * (bug 1430) Don't check for template data when editing page that doesn't exist
29429 * Recentchanges table purging fixed when using table prefix
29430 * (bug 1431) Avoid redundant objectcache garbage collection
29431 * (bug 1474) Switch to better-cached index for statistics page count
29432 * Run Unicode normalization on all input fields
29433 * Fix translation for allpagesformtext2 in LanguageZh_cn and LanguageZh_tw
29434 * Block image revert without valid login
29435 * (bug 1446) stub Bambara (bm) language file using French messages
29436 * (bug 1432) Update Estonian localization
29437 * (bug 1471) unclosed <p> tag in Danish messages
29438 * convertLinks script fixes
29439 * Corrections to template loop detection
29440 * XHTML encoding fix for usernames containing & in Special:Emailuser
29441 * (for zh) Search for variant links even when conversion is turned off,
29442 to help prevent duplicate articles.
29443 * Disallow ISO 8859-1 C1 characters and "no-break space" in user names
29445 * Correct the name of the main page it LanguageIt
29446 * Allow Special:Makesysop to work for usernames containing SQL special
29448 * Fix annoying blue line in Safari on scaled-down images on description page
29449 * Increase upload sanity checks
29450 * Fix XSS bug in Media: links
29451 * Add cross-site form submission protection to various actions
29452 * Fix fatal error on some dubious page titles
29453 * Stub threshold displays correctly again
29456 === 1.4.0 final fixes ===
29458 * (bug 65) Fix broken interwiki link encoding on Latin-1 wikis; force to UTF-8
29459 * (bug 563) Fix UTF-8 interwiki URL redirects via Latin-1 wikis
29460 * (bug 1536) Fix page info
29461 * Support os (Ossetic) as language code, using Russian localization base
29462 * (bug 1610) Support non (Old Norse) as language code, using Icelandic
29464 * (bug 1618) Properly list custom namespaces in Special:Allpages
29465 * (bug 1622) Remove trailing' >' when using category browser
29466 * (bug 1570) Fix php 4.2.x error on conflict merging
29467 * (bug 1585) Fix page title on post-login redirection page
29468 * Run UTF-8 validation on old text in Recentchanges RSS diffs
29469 * (bug 1642) fix a mime type typo in img_auth.php
29470 * Automated interwiki redirects only for local interwikis
29471 * Respect read-only mode on block removals
29472 * Trim old illegal characters from syndication feeds
29473 * Reduce message cache outage recovery delay from 1 day to 5 minutes
29474 * (bug 1403) Update Finnish localization
29475 * (bug 1478) Punjabi localization
29476 * (bug 1667) Update script 5 second countdown.
29477 * (bug 1057) Fix logging table encoding (error on MySQL 4.1)
29478 * (bug 1680) Fix linktrail for fo
29479 * (bug 1653) Removing hardcoded messages in Special:Allmessages
29480 * (bug 1594) Render a hyphen in a formula as − in HTML
29481 * (bug 1495) Fall back to default language MediaWiki: for custom messages
29482 * (bug 1617) Show different error messages for "user does not
29483 exist" and "wrong password" when using AuthPlugin
29484 * (bug 1532), (bug 1544) Changed language names for
29485 'bn', 'bo', 'dv', 'dz', 'ht', 'ii', 'li', 'lo', 'ng', 'or', 'pa', 'si',
29487 * Fix editing on non-Esperanto wiki with user language pref set to Esperanto
29488 * Make conversion table for zh-sg default to zh-cn, and zh-hk default to zh-tw
29489 * Fix PHP notice in MonoBook when counters disabled
29490 * (bug 1696) Update namespaces, dates in uk localization
29491 * (bug 551) Installer warns about magic_quotes_runtime and magic_quotes_sybase
29492 instead of trying to install with corrupt table files
29493 * Installer no longer tries to move non-default MediaWiki: pages into Template:
29494 * User-to-user email disabled by default ($wgEnableUserEmail)
29497 === 1.4.1 fixes ===
29499 * (bug 1720) fix genitive month names for uk
29500 * (bug 1704) fixed untranslateable string in Special:Log
29501 * (bug 1638) Added Belrusian language file
29502 * (bug 1736) typo in SpecialValidate.php
29503 * (bug 73) Upload doesn't run edit updates on description page (links,
29504 search index and categories)
29505 * (bug 646) <math> fails to recognize \ll and \gg
29506 * (bug 926) \div element from TeX not supported in <math> element
29507 * (bug 1147) add \checkmark to whitelist in texutil.ml
29508 * (bug 937) \limits function from LaTeX not supported in <math> element
29509 * Support for manually converting article title to different Chinese
29511 * (bug 1488, bug 1744) Fix encoding for preferences, dates in Latin-1 mode
29512 * (bug 1042) Fix UTF-8 case conversion for PHP <4.3 with mbstring extension
29513 * Fix code typo that broke article credits display
29514 * Installation fixes for running under IIS
29515 * (bug 1556) login page tab order. "remember" checkbox now come after password.
29516 * SQL debug log fixlets
29517 * (bug 1815) Fix namespace in old revision display with mismatched title
29518 * (bug 1788) Fix link duplication when edit/upload comment includes newlines
29519 * Change default on $wgSysopUserBans and $wgSysopRangeBans to true
29520 * Fix link conversion for URL request
29521 * (bug 1851) Updated download URL for the SCIM packages used by zhtable
29522 * (bug 1853) Try stripping quotes from term for 'go' title match
29523 * Fix missing function in Latin1 mode
29524 * (bug 1860) Anchors of interwiki links did not get normalized
29525 * (bug 1847) accept lowercase x in ISBN, do not accept invalid A-W,Y,Z
29526 * Fix link conversion for URL request, hopefully without breaking the wiki
29527 * (bug 1849) New option allows to consider categorized images as used on
29528 Special:Unusedimages
29529 * Localized category namespace for ka (Georgian)
29530 * (bug 1107) Work around includes problem in installer when parent dir is not
29531 readable by the web server
29532 * (bug 1927) Incorrect escaping on wikitext message in Blockip
29535 === 1.4.2 fixes ===
29537 * Fix math options in Finnish localization
29538 * Use in-process Tidy extension if available when $wgUseTidy is on
29539 * (bug 1933) Fix PATH_INFO usage under IIS with PHP ISAPI module
29540 * (bug 1188) <nowiki> in {{subst:}} includes fixed
29541 * (bug 1936) <!-- comments --> in {{subst:}} includes fixed
29542 * Fix a potential MSIE JavaScript injection vector in Tidy mode
29545 === 1.4.3 fixes ===
29547 * (bug 1636) Refs like ţ were misinterpreted as octal in some places
29548 * (bug 1163) Special:Undelete showed oldest revision instead of newest
29549 * (bug 1938) Fix escaping of illegal character references in link text
29550 * (bug 1997) Fix for error on display of renamed items in Recentchanges on PHP5
29551 * (bug 1949) Profiling typo in rare error case
29552 * (bug 1963) Fix deletion log link when $wgCapitalLinks is off
29553 * (bug 1970) Don't show move tab for immobile pages
29554 * (bug 1770) Page creation recorded links from the 'newarticletext' message
29555 * Optional change to the site_stats table. When applied, this removes the need
29556 for expensive queries in Special:Statistics.
29559 === 1.4.4 fixes ===
29561 * (bug 725) Let dir="ltr" attribute work again in MonoBook on RTL languages
29562 * (bug 2024) Skip JavaScript error for custom skins where .js message not set
29563 * (bug 2025) Updated Indonesian localization
29564 * (bug 2039) Updated Lithuanian localization
29569 Some output, particularly involving user-supplied inline HTML, may not
29570 produce 100% valid or well-formed XHTML output. Testers are welcome to
29571 set $wgMimeType = "application/xhtml+xml"; to test for remaining problem
29572 cases, but this is not recommended on live sites. (This must be set for
29573 MathML to display properly in Mozilla.)
29576 For notes on 1.3.x and older releases, see HISTORY.
29579 === Online documentation ===
29581 Documentation for both end-users and site administrators is currently being
29582 built up on MediaWiki.org, and is covered under the GNU Free Documentation
29585 https://www.mediawiki.org/
29588 === Mailing list ===
29590 A MediaWiki-l mailing list has been set up distinct from the Wikipedia
29593 http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
29595 A low-traffic announcements-only list is also available:
29596 http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
29598 It's highly recommended that you sign up for one of these lists if you're
29599 going to run a public MediaWiki, so you can be notified of security fixes.
29604 There's usually someone online in #mediawiki on irc.freenode.net
29608 == MediaWiki 1.3.18 ==
29609 (released 2005-11-02)
29610 MediaWiki 1.3.18 is a bugfix and security maintenance release. A change in PHP
29611 4.4.1 broke handling of extension and <nowiki><pre></nowiki> sections, causing
29612 garbage data to be inserted in output and saved edits. This version works
29613 around the change. This release includes further corrections to the inline CSS
29614 style sanitation which works around a JavaScript "feature" on Microsoft
29615 Internet Explorer. Users of Microsoft Internet Explorer for Windows may be
29616 vulnerable to XSS injections on prior 1.3 releases; users of
29617 standards-compliant browsers are not vulnerable.
29619 == MediaWiki 1.3.17 ==
29620 (released 2005-10-05)
29621 MediaWiki 1.3.17 is a security maintenance release. Unsafe handling of CSS by
29622 Microsoft Internet Explorer could be exploited to produce cross-site scripting
29623 attacks by JavaScript injection to clients running that browser. This release
29624 blacklists several additional variants from use in HTML inline style
29625 attributes. All publicly accessible wikis are recommended to upgrade to reduce
29626 the risk to visitors using Microsoft web browsers.Note: the MediaWiki 1.3.x
29627 series is not compatible with PHP 5.0.5 or higher. Upgrade to the 1.5.0 release
29628 if you require this version of PHP 5.
29630 == MediaWiki 1.3.16 ==
29631 (released 2005-09-21)
29632 MediaWiki 1.3.16 is a security maintenance release. A bug in edit submission
29633 handling could cause corruption of the previous revision in the database if an
29634 abnormal URL was used, such as those used by some spambots. Affected releases:
29635 * 1.4.x <= 1.4.9; fixed in 1.4.10
29636 * 1.3.x <= 1.3.15; fixed in 1.3.16
29637 1.5 release candidates are not affected by this problem. All publicly editable
29638 wikis are strongly recommended to upgrade immediately.
29639 1.3 releases can be manually patched by changing this bit in
29640 {{manual|EditPage.php}}:
29641 <syntaxhighlight lang="php">
29642 if( $this->tokenOk( $request ) ) {
29643 $this->save = $request->wasPosted() && !$this->preview;
29647 <syntaxhighlight lang="php">
29648 if( $this->tokenOk( $request ) ) {
29649 $this->save = $request->getVal( 'action' ) == 'submit' &&
29650 $request->wasPosted() && !$this->preview;
29654 == MediaWiki 1.3.15, 2005-08-29 ==
29655 MediaWiki 1.3.15 is a security maintenance release. It corrects across-site
29656 scripting security bug:
29657 * <nowiki><math></nowiki> tags were handled incorrectly when TeX rendering
29658 support is off, as in the default configuration. Wikis where the optional math
29659 support has been *enabled* are not vulnerable. The 1.3.x series is no longer
29660 maintained except for security fixes; new users and those seeking bug fixes
29661 should upgrade to 1.4.9 or 1.5.0.
29663 == MediaWiki 1.3.14, 2005-08-23 ==
29664 MediaWiki 1.3.14 is a security maintenance release. A flaw in the interaction
29665 between extensions and HTML attribute sanitization was discovered which could
29666 allow unauthorized use of offsite resources in style sheets, and possible
29667 exploitation of a JavaScript injection feature on Microsoft Internet Explorer.
29668 The 1.3.x series is no longer maintained except for security fixes; new users
29669 and those seeking bug fixes should upgrade to 1.4.8 or 1.5.0. Existing 1.3.x
29670 installations not willing to upgrade to the current stable release should apply
29671 the change manually:
29672 In includes/Parser.php, function {{code|inline=y|lang=php|fixTagAttributes()}}
29674 <syntaxhighlight lang="php">
29675 # Any placeholder items should have been unstripped already before
29676 # we got to this point. Raw text inserted later could be dangerous.
29677 if( strpos( $t, UNIQ_PREFIX ) !== false ) {
29678 wfDebug( "Parser::fixTagAttributes found stripped data placeholder;
29679 dropping attributes\n" );
29683 If you are actively using extensions to generate HTML attribute values, upgrade
29684 to 1.4 or 1.5 for a more thorough fix.
29686 == MediaWiki 1.3.13, 2005-06-03 ==
29687 MediaWiki 1.3.13 is a security maintenance release. Incorrect handling of page
29688 template inclusions made it possible to inject JavaScript code into HTML
29689 attributes, which could lead to cross-site scripting attacks on a publicly
29690 editable wiki. Vulnerable releases and fix:
29691 * 1.5 prerelease: fixed in 1.5alpha2
29692 * 1.4 stable series: fixed in 1.4.5
29693 * 1.3 legacy series: fixed in 1.3.13
29694 * 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended The
29695 1.3.x series is no longer maintained except for security fixes; new users and
29696 those seeking general bug fixes should install 1.4.5. Existing 1.3.x
29697 installations not willing or able to upgrade to the current stable relase
29698 should update the installation to 1.3.13; only includes/Parser.php has changed
29701 == MediaWiki 1.3.12, 2005-02-20 ==
29702 MediaWiki 1.3.12 is a security maintenance release. A cross-site scripting
29703 injection vulnerability was discovered, which affects only MSIE clients and is
29704 only open if MediaWiki has been manually configured to run output through HTML
29705 Tidy ($wgUseTidy). The 1.3.x series is no longer maintained except for security
29706 fixes; new users and those seeking bug fixes should upgrade to 1.4.2. Existing
29707 1.3.x installations using Tidy not willing to upgrade to the current stable
29708 relase should either turn off Tidy or update the installation to 1.3.12.
29710 == MediaWiki 1.3.11, 2005-02-20 ==
29711 MediaWiki 1.3.11 is a security release.
29712 A security audit found and fixed a number of problems. Users of MediaWiki
29713 1.3.10 and earlier should upgrade to 1.3.11; users of 1.4 beta releases should
29716 === Cross-site scripting vulnerability ===
29717 XSS injection points can be used to hijack session and authentication cookies
29718 as well as more serious attacks.
29719 * Media: links output raw text into an attribute value, potentially abusable
29720 for JavaScript injection. This has been corrected.
29721 * Additional checks added to file upload to protect against MSIE and Safari
29722 MIME-type autodetection bugs.
29723 As of <code>1.3.10/1.4beta6</code>, per-user customized CSS and JavaScript is
29724 disabled by default as a general precaution. Sites which want this ability may
29725 set {{wg|AllowUserCss}} and {{wg|AllowUserJs}} in LocalSettings.php.
29727 === Cross-site request forgery ===
29728 An attacker could use JavaScript-submitted forms to perform various restricted
29729 actions by tricking an authenticated user into visiting a malicious web page. A
29730 fix for page editing in 1.3.10/1.4beta6 has been expanded in this release to
29731 other forms and functions. Authors of bot tools may need to update their code
29732 to include the additional fields.
29734 === Directory traversal ===
29735 An unchecked parameter in image deletion could allow an authenticated
29736 administrator to delete arbitary files in directories writable by the web
29737 server, and confirm existence of files not deletable.
29739 == MediaWiki 1.3.10, 2005-02-03 ==
29740 MediaWiki 1.3.10 is a security release.
29741 An attacker could craft a URL which, when visited by a particular logged-in
29742 user, would execute arbitrary JavaScript code on the user's browser in the
29743 wiki's site context. This attack has been blocked, and as an extra precaution
29744 the user CSS and JavaScript subpage support is now disabled by default. Sites
29745 which want this ability may set {{wg|AllowUserCss}} and {{wg|AllowUserJs}} in
29746 {{manual|LocalSettings.php}}. Additional protections have been added against
29747 off-site form submissions
29748 hijacking user credentials. Authors of bot tools may need to update their code
29749 to include additional fields. All wikis running 1.3.x are strongly urged to
29751 Changes from 1.3.9:
29752 * Logged-in edits and preview of user CSS/JS are now locked to a session token.
29753 * Per-user CSS and JavaScript subpage customizations now disabled by default.
29754 They can be re-enabled via {{wg|AllowUserJs}} and {{wg|AllowUserCss}}.
29755 * Removed .ogg from the default uploads whitelist as an extra precaution. If
29756 your web server is configured to serve Ogg files with the correct Content-Type
29757 header, you can re-add it in LocalSettings.php: {{wg|FileExtensions}}<code>[] =
29760 == MediaWiki 1.3.9, 2004-12-12 ==
29761 MediaWiki 1.3.9 is a security and bug fix release.
29762 A flaw in upload handling has been found which may allow upload and execution
29763 of arbitrary scripts with the permissions of the web server. Only wikis that
29764 have enabled uploads and have a vulnerable Apache configuration will be
29765 affected, but to be safe all wikis should upgrade. Wikis with uploads available
29766 should either disable uploads or upgrade to 1.3.9 immediately; if other files
29767 are customized and require merging changes,
29768 includes/{{manual|SpecialUpload.php}} may be replaced individually to add the
29769 fix. (It is also recommended to configure your web server to disable script
29770 execution in the 'images' subdirectory where uploads are placed, which prevents
29771 most attacks even if the wiki fails.)
29772 Changes from 1.3.8:
29773 * Backported "Templates used in this page"-feature of EditPage
29774 * Allow "MySkin" as a default skin.
29775 * ({{bugzilla|938}}) Parse namespaces correctly on self-interwiki links
29776 * ({{bugzilla|1010}}) fix broken Commons image link on [[Skin:Classic|Classic]]
29777 & [[Skin:Cologne Blue|Cologne Blue]]
29778 * ({{bugzilla|1004}}) Norsk language names for interwiki links changed, Nauruan
29779 language name changed
29780 * Enhance upload extension blacklist to protect against vulnerable Apache
29783 == MediaWiki 1.3.8, 2004-11-15 ==
29784 MediaWiki 1.3.8 is a bugfix release. Those running wikis with uploads enabled
29785 are strongly recommended to upgrade as this fixes several problems with
29786 overwriting previously-uploaded files.
29787 Changes from 1.3.7:
29788 * ({{bugzilla|506}}) fix {{code|inline=y|lang=html|array_key_exists()}} warning
29789 for IIS servers using ISAPI mode
29790 * ({{bugzilla|718}}) fix bad charset in (file) cached pages
29791 * use local numerals in category page (for Hindi et al)
29792 * alias month abbreviations to month names in Hindi
29793 * add localized numerals for Gujarati and Kannada
29794 * fix Category and project namespaces for Hindi
29795 * Don't output bogus timestamp on [[Special:RecentChanges]] if no entries
29796 * Correct template include path which broke some but not all Windows installs
29797 * Fix edit form submission problem with some PHP versions
29798 * Disallow unreachable titles with %XX hex codes
29799 * Allow page [[0]] to be renamed
29800 * ({{bugzilla|774}}) when saving with <code>section=new</code>, return to the
29801 anchor as with existing numbered section edits
29802 * Experimental shared upload overlay area (disabled by default)
29803 * ({{bugzilla|806}}) Removed some "Wikipedia" hardcoding in German localization
29804 * User option localization fix for some extensions
29805 * ({{bugzilla|809}}) now try to load the mysql php extension if it isn't loaded
29806 * ({{bugzilla|848}}) fix error message in [[Special:Newpages]] RSS and Atom
29808 * ({{bugzilla|26}}) fix cache headers on anon talk page notification
29809 * ({{bugzilla|874}}) added 'cgi' to {{wg|FileBlacklist}}
29810 * ({{bugzilla|862}}) localize date and time format for Finnish
29811 * ({{bugzilla|548}}) Don't overwrite images until the user confirms it
29813 == MediaWiki 1.3.7, 2004-10-18 ==
29814 Changes from 1.3.6:
29815 * Fix protected-page related security issue.
29817 == MediaWiki 1.3.6, 2004-10-14 ==
29818 Changes from 1.3.5:
29819 * ({{bugzilla|296}}) Variables in user interface messages are no longer
29820 substituted at install time, so changes to the site name etc should be easier
29822 * ({{bugzilla|149}}) [[Special:RecentChanges]] "changes from" link preserves
29824 * ({{bugzilla|433}}) tooltip for "Undelete" tab now labeled correctly
29825 * ({{bugzilla|439}}) unclickable "Move" tab no longer displays on protected
29827 * ({{bugzilla|484}}) graceful deletion of images where the actual file is
29829 * ({{bugzilla|686}}) fixed [[plural]]s in Catalan localization
29830 * Fixed potential HTML/JavaScript injection attack in the
29831 [[Extension:UnicodeConverter|UnicodeConverter]] extension. (This extension is
29832 not enabled by default.)
29833 * Fixed potential HTML/JavaScript injection attack via raw page views to a
29834 maliciously crafted wiki page.
29835 * ({{bugzilla|187}}, {{bugzilla|669}}) Fixed centered thumbnails, using
29836 {{code|inline=y|lang=html|<div>}} instead of {{code|inline=y|lang=html|<span>}}.
29837 * catch MySQL error 2000 during installation.
29838 * ({{bugzilla|704}}) Removed misleading LocalSettings.sample
29839 * Fix cross site scripting bugs in [[Special:Ipblocklist]],
29840 [[Special:EmailUser]]
29841 * Fix SQL injection and cross site scripting bugs in Special:Maintenance
29842 * Fix cross site scripting bugs and possible filename validation vulnerability
29844 * and more of that sort
29846 == MediaWiki 1.3.5, 2004-09-30 ==
29847 Changes from 1.3.4:
29848 * Clean up input validation in 'raw' page output mode which was a potential
29849 cross-site scripting opportunity.
29851 == MediaWiki 1.3.4, 2004-09-28 ==
29852 === SECURITY NOTE ===
29853 As of 1.3.4, MediaWiki performs some screening of newly uploaded files for
29854 validity. (Some) corrupt image files, and HTML files mistakenly or maliciously
29855 masquerading as images, should now be rejected. These checks protect against
29856 Internet Explorer security holes relating to type autodetection which are a
29857 potential cross-site scripting attack vector, and also rejects at least one
29858 known version of the "JPEG virus" which might attack unpatched clients. If you
29859 already have invalid files uploaded this will not protect against them. If you
29860 have expanded the <code>filetype</code> whitelist or disabled the strict type
29861 checking, other dangerous file types may still get through. You should always
29862 be careful when allowing uploads!
29863 Changes from 1.3.3:
29864 * Fixed lots of template-related bugs, esp. for cases where template variables
29865 are used for links, images, etc.
29866 * Fixed transformation of page messages when viewing [[Special:Allmessages]]
29867 * Handle "ISBN ISBN 1234" correctly
29868 * Fixed warning on Category pages
29869 * Fixed some bad error messages on login page
29870 * Fixed history entry for initial main page on install
29871 * Removed problematic <code>{</code> and <code>}</code> from legal title
29873 * Strip leading blank from output in preformatted text.
29874 * Fixed problem when moving pages to titles with '#' in
29875 * Optional {{wg|RawHtml}} for raw {{code|inline=y|lang=html|<html>}} sections.
29876 Use only on limited- participation 'trusted' wikis, as it does not protect
29877 against cross-site scripting attacks. For security, this option can only be
29878 enabled if in {{wg|WhitelistEdit}} mode.
29879 * Fixed problem where pages which were created as a redirect following a move
29880 never showed on [[Special:Randompage]].
29881 * Fixed line spacing on printed table of contents
29882 * Allow links to pages with names of the form [[RFC 1234]]
29883 * Fixed broken edit links being shown for sections from included templates
29884 * Verify that uploaded image files are of the claimed type.
29886 == MediaWiki 1.3.3, 2004-09-09 ==
29887 Changes from 1.3.2:
29888 * Fix for long numeric page titles
29889 * Fix Go search for "0", numeric almost-self-links
29890 * Avoid caching of pages with "You have new messages" headers
29891 * Fix for upgrades as non-root users from 1.2 command-line installs.
29892 * Fix for {{wg|DebugDumpSql}} debug mode.
29893 * {{wg|ExtraNamespaces}} setting for configuring additional namespaces (see
29894 note in {{manual|DefaultSettings.php}})
29895 * 'recache' on query pages now disabled when miser mode is on; special case the
29896 global settings in your {{manual|LocalSettings.php}} to do automatic updates.
29897 * Don't block UTF-8 titles containing byte 0xA0 (bug added in 1.3.2)
29898 * Watch/unwatch tabs now shown on edit pages in MonoBook.
29899 * Fix default skin in Irish localization (ga)
29900 * Add Traditional Chinese localization (zh-tw)
29901 * Changed default sortkey of subcategories. Don't include "Category:"-prefix
29903 * More helpful info on spam catcher.
29904 * Allow larger offsets for queries such as [[Special:Listusers]]
29905 * Semicolon (;) added to French non-break space rules
29906 * Possible fix for some install errors with path names permission problems.
29907 * Removed [[Project:All system messages]], which has been superseded by the
29908 much faster [[Special:Allmessages]]. This speeds up installation considerably.
29910 == MediaWiki 1.3.2, 2004-08-30 ==
29911 Changes from 1.3.1:
29912 * Fix namespaced page creation links when no go match
29913 * When cookies are disabled, don't show login screen twice
29914 * Install should no longer die when PHP is pre-configured to compress output
29915 * Fixed bug that caused long Japanese pages to time out with Tidy active
29916 * When session.handler is set incorrectly, try automatic override to 'files'
29917 * Watch/Unwatch links back to the affected page instead of Main Page
29918 * Upload link no longer displayed on Monobook if uploading is disabled
29919 * Special:Allmessages faster, shows correct original text, works in safe mode
29921 == MediaWiki 1.3.1, 2004-08-14 ==
29922 Changes from 1.3.0:
29923 * Watchlist parameters now work with register_globals off
29924 * Fixed parsing of ''italics'' and '''bold''' mark-up (again)
29925 * Special:Allpages display is more sensible on smaller wikis
29926 * Fixed XHTML parsing error in classic skins
29927 * Moved pages update watchlist correctly
29928 * Fixed rebuildall.php on case-sensitive Unix filesystems
29929 * Disabled file cache compression by default due to incompatibility with output
29930 buffer compression (ob_gzhandler)
29931 * New magic word {{code|inline=y|PAGENAMEE}} (URL-escaped version of
29932 {{code|inline=y|PAGENAME}})
29933 * Installation avoids blank username; better message on missing XML module
29934 * {{wg|WhitelistAccount}} no longer breaks all logins.
29936 == MediaWiki 1.3.0, 2004-08-11 ==
29938 * New default layout '[[Skin:MonoBook|MonoBook]]' (available on PHP4 only
29940 * Print stylesheet now built-in to every page
29941 * More or less correct XHTML 1.0 (served as text/html by default)
29943 * Image captions can now include links and other basic formatting
29944 * Image bounding box can be specified instead of width, e.g. as 100x100px,
29945 making the image not wider than 100px and not higher than 100px, keeping aspect
29947 * Templates have been expanded with parameters, and separated from the
29948 MediaWiki: localization scheme.
29949 * Categories more or less work
29950 * added a special page for listing users with sysop rights.
29952 * Automatic merging of edit conflicts that don't directly interfere
29953 * Edit summaries can now include basic formatting and links
29954 Metadata and output:
29955 * Linked Creative Commons copyright metadata (optional)
29956 * RSS 2.0 & Atom 0.3 feeds for Recent Changes, New Pages
29958 * WikiHiero hieroglyphic module can be added (separate download)
29959 * Timeline module can be added (separate download). Requires ploticus.
29960 * TeX now has an experimental MathML output mode (incomplete!)
29961 Installation and upgrading:
29962 * The old install.php and update.php have been removed. In-place installation
29963 introduced in 1.2 is now the standard installation and upgrade method, see
29964 INSTALL and UPGRADE for directions.
29966 * The links table has been changed to use a cur_id for l_from. The link tables
29967 must be converted on upgrade, which may entail some downtime.
29968 Code and compatibility:
29969 * Should now run clean with error reporting set to E_ALL.
29970 * register_globals hack from 1.2 has been replaced with safer code
29971 * Bundled PHPTAL 0.7.0 from http://phptal.sourceforge.net/ (with some patches)
29972 * Most image-related code moved to Image.php
29973 * More fixes for PHP 4.1.2 (thanks to Asheesh Laroia)
29974 * URL encoding fix for anchors
29975 * All languages now available in UTF-8 mode
29976 * Various other fixes
29979 Some output, particularly involving user-supplied inline HTML, may not produce
29980 100% valid or well-formed XHTML output. Testers are welcome to set $wgMimeType
29981 = "application/xhtml+xml"; to test for remaining problem cases, but this is not
29982 recommended on live sites. (This must be set for MathML to display properly in
29983 Mozilla.) The new 'MonoBook' skin is not compatible with PHP 5 due to bugs in
29984 the underlying PHPTAL library. It will be automatically disabled when running
29985 on PHP5; the older look and feel will be used instead.