Split off some of these validation methods into their own class called Validate so...

[mediawiki.git] / RELEASE-NOTES

= MediaWiki release notes =

Security reminder: MediaWiki does not require PHP's register_globals
setting since version 1.2.0. If you have it on, turn it *off* if you can.

== MediaWiki 1.14 ==

THIS IS NOT A RELEASE YET

MediaWiki is now using a "continuous integration" development model with
quarterly snapshot releases. The latest development code is always kept
"ready to run", and in fact runs our own sites on Wikipedia.

Release branches will continue to receive security updates for about a year
from first release, but nonessential bugfixes and feature developments
will be made on the development trunk and appear in the next quarterly release.

Those wishing to use the latest code instead of a branch release can obtain
it from source control: http://www.mediawiki.org/wiki/Download_from_SVN

=== Configuration changes in 1.14 ===

* $wgExemptFromUserRobotsControl is an array of namespaces to be exempt from
  the effect of the new __INDEX__/__NOINDEX__ magic words.  (Default: null, ex-
  empt all content namespaces.)
* $wgForwardSearchUrl has been removed entirely. Documented setting since 1.4
  has been $wgSearchForwardUrl.
* (bug 15080) $wgOverrideSiteFeed has been added. Setting either
  $wgSiteFeed['rss'] or 'atom' to a URL will override the default Recent Changes
  feed that appears on all pages.
* $wgSQLiteDataDirMode has been introduced as the default directory mode for
  SQLite data directories on creation. Note this setting is separate from
  $wgDirectoryMode, which applies to all normal directories created by MediaWiki.
* $wgGroupsAddToSelf and $wgGroupsRemoveFromSelf now work more like
  $wgAddGroups and $wgRemoveGroups, where the user must belong to a specified
  group in order to add or remove those groups from themselves.
  Backwards compatibility is maintained.
* $wgRestrictDisplayTitle controls if the use of the {{DISPLAYTITLE}} magic
  word is restricted to titles equivalent to the actual page title. This
  is true per default, but can be set to false to allow any title.
* $wgSpamRegex may now be an array of multiple regular expressions.
* $wgAjaxSearch has been removed; use $wgEnableMWSuggest instead.
* Editing the MediaWiki namespace is now unconditionally restricted to people 
  with the editinterface right, configuring this in $wgNamespaceProtection 
  is not required.
* $wgAllowExternalImagesFrom may now be an array of multiple strings.
* Introduced $wgEnableImageWhitelist to toggle the on-wiki external image
  whitelist on or off.
* Added $wgRenderHashAppend to append some string to the parser cache and the
  sitenotice cache keys.

=== Migrated extensions ===
The following extensions are migrated into MediaWiki 1.14:

* Special:DeletedContributions to show deleted user contributions (was extension
  DeletedContributions)
* Special:Log/newusers recording new users (was extension Newuserlog)
* Special:LinkSearch to search for external links (was extension LinkSearch)
* RenderHash
* NoMoveUserPages

=== New features in 1.14 ===

* New URL syntaxes for Special:ListUsers - 'Special:ListUsers/USER' and
  'Special:ListUsers/GROUP/USER', in addition to the older syntax
  'Special:ListUsers/GROUP' where GROUP is a valid group name.
* Configurable per-namespace and per-page notices for the edit form,
  respectively MediaWiki:Editnotice-# where # is the namespace number, and
  MediaWiki:Editnotice-#-PAGENAME where # is the page's namespace number and
  PAGENAME is the page name minus the namespace prefix.
* (bug 8068) New __INDEX__ and __NOINDEX__ magic words allow user control of
  search engine indexing on a per-article basis.
* Handheld stylesheet options
* Added 'DoEditSectionLink' hook as a cleaner unified version of the old
  'EditSectionLink' and 'EditSectionLinkForOther' hooks.  Note that the
  'EditSectionLinkForOther' hook has been removed, but 'EditSectionLink' is
  run in all cases instead, so extensions using the old hooks should still work
  if they ran roughly the same code for both hooks (as is almost certain).
* Signature (~~~~) "cleaning", i.e. template removal, can be disabled with
  $wgCleanSignatures=false
* Extensions can use the SkinBuildSidebar hook to modify the content of the
  sidebar and add custom portlets to it
* Added 'MakeGlobalVariablesScript' hook for extensions to be able to add vari-
  ables into into the output of Skin::makeVariablesScript
* (bug 13846) Added $wgAddGroups and $wgRemoveGroups display on
  Special:ListGroupRights
* (bug 14377) Add a date selector to history pages
* (bug 15007) New 'pagetitle-view-mainpage' message allows the HTML <title> of
  the main page to be customized
* Added $wgDisableTitleConversion to disabling the conversion for all pages on
  the wiki
* Added 'noconvertlink' toggle that can be set per user preferences, also
  added 'convertlink=no|yes' on GET requests whether have the link titles
  being converted or not
* (bug 14921) Special:Contributions/: add user name to <title>
  Patch by Emufarmers
* Unescape more "safe" characters when producing URLs, for added prettiness
* Introduced a new hook 'SkinAfterContent' that allows extensions to add text
  after the page content and article metadata. Updated all skins and skin
  templates to work with that hook.
* (bug 14929) removeUnusedAccounts.php now supports 'ignore-touched' and
  'ignore-groups'. Patch by Louperivois
* (bug 15127) Work around minor display glitch in Opera.
* By default, reject file uploads that look like ZIP files, to avoid the
  so-called GIFAR vulnerability.
* (bug 15141) Give ability to only list protected pages with the cascading
  option enabled on Special:ProtectedPages
* (bug 15157) Special:Watchlist has the same options as Special:Watchlist:
  Show/Hide logged in users, Show/Hide anonymous, Invert namespace selection
* Added hook 'UserrightsChangeableGroups' to allow modification of what
  groups may be added or removed via the Special:UserRights interface.
* HTML entities like &nbsp; now work (are not escaped) in edit summaries.
* (bug 13815) In the comment for page moves, use the colon-separator message
  instead of a hardcoded colon.
* Allow <gallery> to accept image names without an Image: prefix
* Add tooltips to rollback and undo links
* BMP images are now displayed as PNG
* (bug 13471) Added NUMBERINGROUP magic word
* (bug 11884) Now support Flash EXIF attribute
* Show thumbnails in the file history list, patch by User:Agbad
* Added support of piped wikilinks using double-width brackets
* Added an on-wiki external image whitelist. Items in this whitelist are
  treated as regular expression fragments to match for when possibly
  displaying an external image inline.
* (bugs 15405, 15436) Sort more currency types correctly in sortable tables
* (bug 15422) Sort more different types of numbers in sortable tables
* (bug 2889) MediaWiki:Print.css applies to the printable version
* Category counts (e.g. from {{PAGESINCATEGORY:}}) should be more accurate for
  small categories
* After logging in, automatically redirect to wherever you logged in from
* (bug 5619) Break messages used in Special:Statistics down further
* (bug 11029) Add link to Special:Listusers?group=sysop etc at
  Special:Statistics
* (bug 15514) Setting $wgRightsText without $wgRightsUrl now produces a 
  plaintext copyright notice. Patch by Juliano F. Ravasi.
* (bug 15551) Deletion log excerpt is now shown whenever a user vists a 
  deleted page, even if they are unable to edit it.
* Added Wantedfiles special pages, allowing users to find image links with no
  image.
* (bug 12650) It is now possible to set different expiration times for different
  restriction types on the protection form.
* (bug 8440) Allow preventing blocked users from editing their talk pages
* Improved upload file type detection for OpenDocument formats
* Added the ability to set the target attribute on external links with 
  $wgExternalLinkTarget
* api.php now sends "Retry-After" and "X-Database-Lag" HTTP headers if the maxlag
  check fails, just like index.php does


=== Bug fixes in 1.14 ===

* (bug 14907) DatabasePostgres::fieldType now defined.
* (bug 14659) Passing the default limit param to Special:Recentchanges no more
  falls back to the user option
* (bug 14954) Fix regression in Modern and Simple skins
* Recursion loop check added to Categoryfinder class
* Fixed few performance troubles of large job queue processing
* Not setting various parameters in Foreign Repos now fails more gracefully
* (bug 2333) Redirects are properly rendered when previewing an edit.
* (bug 14972) Use localized alias of Special:Search on all search forms
* (bug 11035) Special:Search should have descriptive <title>
* Special pages are now not subject to special handling for "self-links"
* (bug 15053) Syntactically incorrect redirects with another link in them
  no longer redirect to the second link
* (bug 15049) Fix for CheckUser extension's log search: usernames containing
  a "-" were incorrectly turned into bogus IP range searches.
  Patch by Max Semenik.
* (bug 15055) Talk page notifications no longer attempt to send mail when
  user's e-mail address is invalid or unconfirmed
* (bug 12370) Add throttle on password attempts. Defaults to max 5 attempts in 5
  minutes.
* (bug 15016) 'Templates used on this page' list in view source should be
  wrapped in a div with class "templatesUsed"
* (bug 14868) Setting $wgFeedDiffCutoff to 0 now disables generation of the diff
  entirely, not just the display of it.
* (bug 6387) Introduced new setting $wgCategoryPrefixedDefaultSortkey which
  allows having the unprefixed page title as the default category sortkey
* (bug 15079) Add class="ns-talk" / "ns-subject" to <body>. Also added
  ns-special to special pages.
* (bug 15052) Skins should add their name as a class in <body>
* (bug 14165, bug 14294) Wikimedia specific configuration in convertGrammar()
  for several languages was removed. The settings have been put in extension
  WikimediaMessages. Patch for Czech by Danny B.
* (bug 15101) Displaying only bots edits in Special:Recentchanges now works
  again
* (bug 13770) Fixed incorrect detection of PHP's DOM module
* (bug 14790) Export of category pages when using Category: prefix now actually
  gives results
* Avoid recursive crazy expansions in section edit comments for pages which
  contain '/*' in the title
* Fix excessive memory usage when parsing pages with lots of links
* $wgSpamRegex now matches the edit summary and page move descriptions in
  addition to body text.
* Navigation links to images available from a shared repository (like Commons)
  from their local talk pages no longer appear as redlinks
* Action=purge on ForeignApiFiles now works (purges their thumbnails and 
  description pages).
* (bug 15303) Title conversion for templates wasn't working in some cases.
* (bug 15264) Underscores in Special:Search/Foo_bar parameters were taken
  literally; now converting them to spaces per expectation.
* (bug 15342) "Invert" checkbox now works correctly when selecting main
  namespace in Special:Watchlist
* (bug 15172) 'Go' button of Special:Recentchanges now on the same line as the
  last input element (like Special:Watchlist too)
* (bug 15351) Fix fatal error for invalid section fragments in autocomments
* Fixed intermittent deadlock errors involving objectcache table queries. 
  Use a separate database connection for the objectcache table to avoid 
  long-lasting locks on that table.
* Respect file restrictions in the file history list
* (bug 15399) Odd/even classes on sortable tables' rows could be slow for large
  tables, and have been disabled by default.
* (bug 15482) Special:Recentchangeslinked has no longer two submit buttons
* (bug 15292) New message notification for unregistred users now works again
* (bug 14398) mwsuggest.js: Let width of container be configurable
* (bug 15543) Only include user touched timestamp to generated CSS
* (bug 15497) Removed encoding attribute from <?xml ?> tag
* (bug 12284) Special:Preferences now sets a returnto parameter on the link to
  Special:Userlogin. Patch by Marooned.
* Fixed the HTTP accept language string detection length in 
  LanguageConverter.php, instead of the fixed length language codes.
* Special:Recentchangeslinked no longer shows outgoing links for nonexistent pages
  even if there are broken link records with source article id 0 in the database
* (bug 15598) Special:Newpages default limit uses user preference for recentchanges
  limit instead of hardcoded 50.
* (bug 15617) $wgFeedClassesOutputPage::getHeadLinks() respects $wgFeedClasses,
  instead of hardcoding rss and atom. Patch by Juliano F. Ravasi. 
* (bug 14638) Special:Blockip now provides a link to the block log if the user
  has been blocked more than 10 times. Patch by Matt Johnston.
* (bug 12678) Skins don't show Upload link if the user isn't allowed to upload.
* Fixed incorrect usage of DB_LAST in Special:Export. Deprecated DB_LAST.
* (bug 15642) Blocked sysops can no longer block other users
* Http::request() now respects $wgHTTPtimeout when not using cURL
* (bug 15158) Userinvalidcssjstitle not shown on preview
* (bug 15196) Free external links should be numbered in a localised manner
* (bug 15388) Title of Special:PrefixIndex
* Links with no title but a curid parameter now use the curid to pick a page

=== API changes in 1.14 ===

* Registration time of users registered before the DB field was created is now
  shown as empty instead of the current time.
* API search now falls back to fulltext search by default when using Lucene
  or other engine which doesn't support a separate title search function.
  This means you can use API search on Wikipedia without explicitly adding
  &srwhat=text to the query.
* Added iiprop=bitdepth to imageinfo and aiprop=bitdepth to allimages
* (bug 14713) API-specific permissions (such as 'writeapi' and 'apihighlimits'
  are now listed on action=help
* (bug 15044) Added requestid parameter to api.php to facilitate distinguishing
  between requests
* (bug 15048) Added limit field for multivalue parameters to action=paraminfo
  output.
* When the limit on multivalue parameters is exceeded, a warning is issued
* list=search doesn't list missing pages any more
* (bug 15178) Added clshow to prop=categories to allow filtering for hidden/
  non-hidden categories
* (bug 15228) Combining revids= and redirects now throws a warning instead of an
  error, and still resolves redirects generated by the generator.
* list={backlinks,embeddedin,imageusage} now return arrays with keys 0, 1, 2,
  etc. (AKA lists) instead of arrays with pageIDs as keys (AKA hash tables)
  for consistency with other list modules.
* Added action=watch
* (bug 15275) apprefix and related parameters ignore spaces at the end
* action=edit no longer throws unknown error 228  when trying to create an empty
  section with section=new
* Database replication lag doesn't cause all action=edit requests to return the
  nochange flag any more
* (bug 15392) ApiFormatBase::formatHTML now uses $wgUrlProtocols.
* (bug 15444) action=edit returns "Unknown error: ``AS_END''" where it should
  return just "Unknown error"
* (bug 15448) YAML output returns empty values instead of 0
* (bug 15445) Added action=patrol
* (bug 15466) Added action=purge
* (bug 15486) action=block ignores autoblock parameter
* (bug 15492) added rcprop=loginfo to list=recentchanges
* (bug 15527) action=rollback can now revert anonymous editors
* (bug 15535) prop=info&inprop=protection doesn't list pre-1.10 protections
  if the page is also protected otherwise (1.10+ style or cascading)
* list=random now has rnredirect parameter, to get random redirects.
* Added APIAfterExecute, APIQueryAfterExecute and APIQueryGeneratorAfterExecute
  hooks which allow for extending core modules in a cleaner way
* action=protect checks for invalid protection types and levels
* (bug 15673) Added indentation to format=wddxfm output and improved built-in 
  WDDX formatter to resemble PHP's more
* (bug 15706) Empty values for apprtype and apprlevel are now silently ignored
  rather than causing an exception
* Added uiprop=preferencestoken to meta=userinfo
* (bug 15609) Add inprop=url and inprop=readable to prop=info
* Add ApiDisabled and ApiQueryDisabled classes so individual modules can
  be disabled in LocalSettings.php
* (bug 15653) Add prop=duplicatefiles

=== Languages updated in 1.14 ===

MediaWiki supports over 300 languages. Many localisations are updated
regularly. Below only new and removed languages are listed.

* Bakhtiari (bqi) (new)
* Fiji Hindi (Devanagari script) (hif-deva) (new)
* Krio (kri) (new)
* Lezghian (lez) (new)
* Laz (lzz) (new)
* Niuean (niu) (new)
* Oromo (om) (new)
* Plautdietsch (pdt) (new)
* Tarantino (roa-tara) (new)
* Serbo-Croatian (sh) (new)
* Tulu (tcy) (new)

== Compatibility ==

MediaWiki 1.14 requires PHP 5 (5.2 recommended). PHP 4 is no longer supported.

PHP 5.0.x fails on 64-bit systems due to serious bugs with array processing:
http://bugs.php.net/bug.php?id=34879
Upgrade affected systems to PHP 5.1 or higher.

MySQL 3.23.x is no longer supported; some older hosts may need to upgrade.
At this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases.


== Upgrading ==

1.14 has several database changes since 1.13, and will not work without schema
updates.

If upgrading from before 1.11, and you are using a wiki as a commons repository,
make sure that it is updated as well. Otherwise, errors may arise due to
database schema changes.

If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
new database fields are filled with data.

If you are upgrading from MediaWiki 1.4.x or earlier, some major database
changes are made, and there is a slightly higher chance that things could
break. Don't forget to always back up your database before upgrading!

See the file UPGRADE for more detailed upgrade instructions.


=== Caveats ===

Some output, particularly involving user-supplied inline HTML, may not
produce 100% valid or well-formed XHTML output. Testers are welcome to
set $wgMimeType = "application/xhtml+xml"; to test for remaining problem
cases, but this is not recommended on live sites. (This must be set for
MathML to display properly in Mozilla.)

For notes on 1.13.x and older releases, see HISTORY.


=== Online documentation ===

Documentation for both end-users and site administrators is currently being
built up on MediaWiki.org, and is covered under the GNU Free Documentation
License (except for pages that explicitly state that their contents are in
the public domain) :

  http://www.mediawiki.org/wiki/Documentation


=== Mailing list ===

A MediaWiki-l mailing list has been set up distinct from the Wikipedia
wikitech-l list:

  http://lists.wikimedia.org/mailman/listinfo/mediawiki-l

A low-traffic announcements-only list is also available:

  http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce

It's highly recommended that you sign up for one of these lists if you're
going to run a public MediaWiki, so you can be notified of security fixes.


=== IRC help ===

There's usually someone online in #mediawiki on irc.freenode.net