-Change notes from older releases. For current info see RELEASE-NOTES.
+Change notes from older releases. For current info see RELEASE-NOTES-1.30.
+
+= MediaWiki 1.29 =
+
+== MediaWiki 1.29.0 ==
+
+=== Configuration changes in 1.29 ===
+* Default cookie expiration time has been reduced to 30 days. Login cookie
+ expiration time is kept at 180 days.
+* A new configuration variable has been added: $wgCookieSetOnAutoblock. This
+ determines whether to set a cookie when a user is autoblocked. Doing so means
+ that a blocked user, even after logging out and moving to a new IP address,
+ will still be blocked.
+* The resetpassword right and associated password reset capture feature has
+ been removed.
+* The $error parameter to the EmailUser hook should be set to a Status object
+ or boolean false. This should be compatible with at least MediaWiki 1.23 if
+ not earlier. Returning a raw HTML string is now deprecated.
+* The $message parameter to the ApiCheckCanExecute hook should be set to an
+ ApiMessage. This is compatible with MediaWiki 1.27 and later. Returning a
+ code for ApiBase::parseMsg() will no longer work.
+* ApiBase::$messageMap is no longer public. Code attempting to access it will
+ result in a PHP fatal error.
+* $wgUserEmailUseReplyTo is now true by default to work around restrictive DMARC
+ policies.
+* Subpages are now enabled by default in the Template namespace. Set
+ $wgNamespacesWithSubpages[NS_TEMPLATE] to false to keep the old behavior.
+* $wgRunJobsAsync is now false by default (T142751). This change only affects
+ wikis with $wgJobRunRate > 0.
+* (T158474) "Unknown user" has been added to $wgReservedUsernames.
+* (T156983) $wgRateLimitsExcludedIPs now accepts CIDR ranges as well as single IPs.
+* $wgDummyLanguageCodes is deprecated. Additional language code mappings may be
+ added to $wgExtraLanguageCodes instead.
+* (T161453) LocalisationCache will no longer use the temporary directory in it's
+ fallback chain when trying to work out where to write the cache.
+* The user right 'editusercssjs' (deprecated in 1.16) was removed. Use
+ 'editusercss' and 'edituserjs' in $wgGroupPermissions and elsewhere instead.
+
+=== New features in 1.29 ===
+* (T5233) A cookie can now be set when a user is autoblocked, to track that user
+ if they move to a new IP address. This is disabled by default.
+* Added ILocalizedException interface to standardize the use of localized
+ exceptions, largely so the API can handle them more sensibly.
+* Blocks created automatically by MediaWiki, such as for configured proxies or
+ dnsbls, are now indicated as such and use a new i18n message when displayed.
+* Added new $wgHTTPImportTimeout setting. Sets timeout for
+ downloading the XML dump during a transwiki import in seconds.
+* Parser limit report is now available in machine-readable format to JavaScript
+ via mw.config.get('wgPageParseReport').
+* Added $wgSoftBlockRanges, to allow for automatically blocking anonymous edits
+ from certain IP ranges (e.g. private IPs).
+* (T59603) Added new magic word {{PAGELANGUAGE}} which returns the language code
+ of the page being parsed.
+* HTML5 form validation attributes will no longer be suppressed. Originally
+ browsers had poor support for them, but modern browsers handle them fine.
+ This might affect some forms that used them and only worked because the
+ attributes were not actually being set.
+* Expiry times can now be specified when users are added to user groups.
+* Completely new user interface for the RecentChanges page, which
+ structures filters into user-friendly groups. This has corresponding
+ changes to how filters are registered by core and extensions.
+* The edit form now uses pretty OOjs UI buttons, checkboxes and summary input.
+ Because this change can cause problems for extensions and on-wiki
+ scripts depending on the exact HTML, the old version is still available
+ and can be used by setting $wgOOUIEditPage = false; in LocalSettings.php.
+ This will be removed later and OOjs UI will become the only option.
+ To make testing easier, users can also force either mode by adding
+ &ooui=true or &ooui=false to the action=edit URL.
+
+=== External library changes in 1.29 ===
+
+==== Upgraded external libraries ====
+* Updated QUnit from v1.22.0 to v1.23.1.
+* Updated cssjanus from v1.1.2 to v1.2.0.
+* Updated psr/log from v1.0.0 to v1.0.2.
+* Update Moment.js from v2.8.4 to v2.15.0.
+* Updated oyejorge/less.php from v1.7.0.10 to v1.7.0.14.
+* Updated monolog from v1.18.2 to 1.22.1.
+* Updated wikimedia/composer-merge-plugin from v1.3.1 to v1.4.0.
+* Updated OOjs from v1.1.10 to v2.0.0.
+* Updated jQuery from v1.11.3 to v3.2.1 (including jQuery Migrate v3.0.0).
+
+==== New external libraries ====
+* Added wikimedia/timestamp v1.0.0.
+* Added wikimedia/remex-html v1.0.1.
+
+==== Removed and replaced external libraries ====
+
+=== Bug fixes in 1.29 ===
+* (T62604) Core parser functions returning a number now format the number according
+ to the page content language, not wiki content language.
+* (T27187) Search suggestions based on jquery.suggestions will now correctly only
+ highlight prefix matches in the results.
+* (T157035) "new mw.Uri()" was ignoring options when using default URI.
+* Special:Allpages can no longer be filtered by redirect in miser mode.
+* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is installed.
+* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow redirect
+ to interwiki links.
+* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
+ $wgAdvancedSearchHighlighting is true.
+* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
+ their values out of the logs.
+* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a CSRF
+ token.
+* (T156184) SECURITY: Escape content model/format url parameter in message.
+* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
+ declaration.
+* (T161453) SECURITY: LocalisationCache will no longer use the temporary directory
+ in it's fallback chain when trying to work out where to write the cache.
+* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file inclusion
+ syntax's link parameter.
+* (T108138) SECURITY: Sysops can undelete pages, although the page is protected against
+ it.
+
+=== Action API changes in 1.29 ===
+* Submitting sensitive authentication request parameters to action=login,
+ action=clientlogin, action=createaccount, action=linkaccount, and
+ action=changeauthenticationdata in the query string is now an error. They
+ should be submitted in the POST body instead.
+* The capture option for action=resetpassword has been removed
+* action=clearhasmsg now requires a POST.
+* (T47843) API errors and warnings may be requested in non-English languages
+ using the new 'errorformat', 'errorlang', and 'errorsuselocal' parameters.
+* API error codes may have changed. Most notably, errors from modules using
+ parameter prefixes (e.g. all query submodules) will no longer be prefixed.
+* ApiPageSet-using modules will report the 'invalidreason' using the specified
+ 'errorformat'.
+* action=emailuser may return a "Warnings" status, and now returns 'warnings' and
+ 'errors' subelements (as applicable) instead of 'message'.
+* action=imagerotate returns an 'errors' subelement rather than 'errormessage'.
+* action=move now reports errors when moving the talk page as an array under
+ key 'talkmove-errors', rather than using 'talkmove-error-code' and
+ 'talkmove-error-info'. The format for subpage move errors has also changed.
+* action=revisiondelete no longer includes a "rendered" property on warnings
+ and errors for each item. Use errorformat=wikitext if you're wanting parsed
+ output.
+* action=rollback no longer returns a "messageHtml" property. Use
+ errorformat=html if you're wanting HTML formatting of error messages.
+* action=upload now reports optional stash failures as an array under key
+ 'stasherrors' rather than a 'stashfailed' text string.
+* action=watch reports 'errors' and 'warnings' instead of a single 'error', and
+ no longer returns a 'message' on success.
+* Added action=validatepassword to validate passwords for the account creation
+ and password change forms.
+* action=purge now requires a POST.
+* There is a new `languagevariants` siprop for action=query&meta=siteinfo,
+ which returns a list of languages with active LanguageConverter instances.
+* action=query&query=allpages will no longer filter redirects using a database
+ query in miser mode. This may result in less results being returned than were
+ requested.
+
+=== Action API internal changes in 1.29 ===
+* New methods were added to ApiBase to handle errors and warnings using i18n
+ keys. Methods for using hard-coded English messages were deprecated:
+ * ApiBase::dieUsage() was deprecated
+ * ApiBase::dieUsageMsg() was deprecated
+ * ApiBase::dieUsageMsgOrDebug() was deprecated
+ * ApiBase::getErrorFromStatus() was deprecated
+ * ApiBase::parseMsg() was deprecated
+ * ApiBase::setWarning() was deprecated
+* ApiBase::$messageMap is no longer public. Code attempting to access it will
+ result in a PHP fatal error.
+* The $message parameter to the ApiCheckCanExecute hook should be set to an
+ ApiMessage. This is compatible with MediaWiki 1.27 and later. Returning a
+ code for ApiBase::parseMsg() will no longer work.
+* UsageException is deprecated in favor of ApiUsageException. For the time
+ being ApiUsageException is a subclass of UsageException to allow things that
+ catch only UsageException to still function properly.
+* If, for some strange reason, code was using an ApiErrorFormatter instead of
+ ApiErrorFormatter_BackCompat, note that the result format has changed and
+ various methods now take a module path rather than a module name.
+* ApiMessageTrait::getApiCode() now strips 'apierror-' and 'apiwarn-' prefixes
+ from the message key, and maps some message keys for backwards compatibility.
+* API parameters may now be marked as "sensitive" to keep their values out of
+ the logs.
+
+=== Languages updated in 1.29 ===
+
+MediaWiki supports over 350 languages. Many localisations are updated
+regularly. Below only new and removed languages are listed, as well as
+changes to languages because of Phabricator reports.
+
+* Based as always on linguistic studies on intelligibility and language
+ knowledge by geography, language fallbacks have been expanded. When a
+ translation is missing in the user's preferred interface language, the
+ corresponding translation for the fallback language will be used instead.
+ English will only be used as last resort when there are no translations.
+ Some configurations (such as date formats and gender namespaces) have also
+ been updated when using the fallback language's configuration was inadequate.
+ The new or reinstated language fallbacks are (after cs ↔ sk in 1.28):
+ ca ↔ oc; hsb ↔ dsb; io → eo; mdf → ru; pnt → el; roa-tara → it; rup → ro;
+ sh → bs, sr-el, hr.
+* (T137376) New language support: Atikamekw (atj).
+* (T163600) New language support: Dinka (din).
+* (T155957) Talk Namespaces for Javanese language (jv) have been updated.
+
+==== No fallback for Ukrainian ====
+* (T39314) The fallback from Ukrainian to Russian was removed. The Ukrainian
+ language will now use the default fallback language: English. When a translation
+ to Ukrainian is not available, an English string will be shown.
+
+=== Other changes in 1.29 ===
+* Database::getSearchEngine() (deprecated in 1.28) was removed. Use
+ SearchEngineFactory::getSearchEngineClass() instead.
+* $wgSessionsInMemcached (deprecated in 1.20) was removed. No replacement is
+ required as all sessions are stored in Object Cache now.
+* MWHttpRequest::execute() should be considered to return a StatusValue; the
+ Status return type is deprecated.
+* User::edits() (deprecated in 1.21) was removed.
+* Xml::escapeJsString() (deprecated in 1.21) was removed.
+* Article::getText() and Article::prepareTextForEdit() (deprecated in 1.21)
+ were removed.
+* Article::getAutosummary() and WikiPage::getAutosummary() (deprecated in 1.21)
+ were removed.
+* Hook ArticleViewCustom (deprecated in 1.21) was removed. Use ArticleContentViewCustom
+ instead.
+* Hooks EditPageGetDiffText and ShowRawCssJs (deprecated in 1.21) were removed.
+* Class RevisiondeleteAction (deprecated in 1.25) was removed.
+* WikiPage::prepareTextForEdit() (deprecated in 1.21) was removed.
+* WikiPage::getText() (deprecated in 1.21) was removed.
+* Article::fetchContent() (deprecated in 1.21) was removed.
+* User::getPassword() (deprecated in 1.27) was removed.
+* User::getTemporaryPassword() (deprecated in 1.27) was removed.
+* User::isPasswordReminderThrottled() (deprecated in 1.27) was removed.
+* Class FSRepo (deprecated in 1.19) was removed.
+* WebRequest::checkSessionCookie() (deprecated in 1.27) was removed. Use
+ \MediaWiki\Session\SessionManager::singleton()->getPersistedSessionId() instead.
+* Class ImageGallery (deprecated in 1.22) was removed.
+ Use ImageGalleryBase::factory instead.
+* Title::moveNoAuth() (deprecated in 1.25) was removed. Use MovePage class instead.
+* Hook UnknownAction (deprecated in 1.19) was actually deprecated (it will now
+ emit warnings). Create a subclass of Action and add it to $wgActions instead.
+* WikiRevision::getText() (deprecated since 1.21) is no longer marked deprecated.
+* Linker::getInterwikiLinkAttributes() (deprecated since 1.25) was removed.
+* Linker::getInternalLinkAttributes() (deprecated since 1.25) was removed.
+* Linker::getInternalLinkAttributesObj() (deprecated since 1.25) was removed.
+* Linker::getLinkAttributesInternal() (deprecated since 1.25) was removed.
+* RedisConnectionPool::handleException (deprecated since 1.23) was removed.
+* The static properties mw.Api.errors and mw.Api.warnings, containing incomplete
+ and outdated lists of errors/warnings returned by the API, are now deprecated.
+* wiki.phtml entry point was removed. Refer to index.php instead. If you want "wiki.phtml"
+ URLs to continue to work, set up redirects. In Apache, this can be done by enabling
+ mod_rewrite and adding the following rules to your configuration:
+
+ RewriteEngine On
+ RewriteBase /
+ RewriteRule ^/w/wiki\.phtml$ /w/index.php [R=301,L]
+* Hook ArticleAfterFetchContent (deprecated in 1.21) was removed.
+ Use ArticleAfterFetchContentObject instead.
+* Hook ArticleInsertComplete (deprecated in 1.21) was removed.
+ Use PageContentInsertComplete instead.
+* Hook ArticleSave (deprecated in 1.21) was removed.
+ Use PageContentSave instead.
+* Hook ArticleSaveComplete (deprecated in 1.21) was removed.
+ Use PageContentSaveComplete instead.
+* Hook EditFilterMerged (deprecated in 1.21) was removed.
+ Use EditFilterMergedContent instead.
+* Hook EditPageGetPreviewText (deprecated in 1.21) was removed.
+ Use EditPageGetPreviewContent instead.
+* Hook TitleIsCssOrJsPage (deprecated in 1.21) was removed.
+ Use ContentHandlerDefaultModelFor instead.
+* Hook TitleIsWikitextPage (deprecated in 1.21) was removed.
+ Use ContentHandlerDefaultModelFor instead.
+* Article::getContent() (deprecated in 1.21) was removed.
+* Revision::getText() (deprecated in 1.21) was removed.
+* Article::doEdit() and WikiPage::doEdit() (deprecated in 1.21) were removed.
+* Parser::replaceUnusualEscapes() (deprecated in 1.24) was removed.
+* Article::doEditContent() was marked as deprecated, to be removed in 1.30
+ or later.
+* ContentHandler::runLegacyHooks() was removed.
+* refreshLinks.php now can be limited to a particular category with --category=...
+ or a tracking category with --tracking-category=...
+* User-like objects that are passed to SpecialUserRights and its subclasses are
+ now required to have a getGroupMemberships() method. See UserRightsProxy for
+ an example.
+* User::$mGroups (instance variable) was marked private. Use User::getGroups()
+ instead.
+* User::getGroupName(), User::getGroupMember(), User:getGroupPage(),
+ User::makeGroupLinkHTML(), and User::makeGroupLinkWiki() were deprecated.
+ Use equivalent methods on the UserGroupMembership class.
+* Maintenance scripts and tests that call User::addGroup() must now ensure that
+ User objects have been added to the database prior to calling addGroup().
+* Protected function UsersPager::getGroups() was removed, and protected function
+ UsersPager::buildGroupLink() was changed from a static to an instance method.
+* The third parameter ($cache) to the UsersPagerDoBatchLookups hook was changed;
+ see docs/hooks.txt.
+* User::crypt() (deprecated in 1.24) was removed.
+* User::comparePasswords() (deprecated in 1.24) was removed.
+* ArchivedFile::getUserText() (deprecated in 1.23) was removed.
+* HTMLFileCache::newFromTitle() (deprecated in 1.24) was removed.
+* BREAKING CHANGE: Internal signature changes to ChangesListSpecialPage
+ and subclasses. It should only break if you call buildMainQueryConds
+ (changed to buildQuery with new signature) or doMainQuery (new
+ signature). Subclasses are likely to call at least doMainQuery
+ (possibly both), but other classes might too, because they were
+ public.
+ Also, some related hooks were deprecated, but this is not yet a
+ breaking change.
+* Removed 'jquery.arrowSteps' module. (deprecated since 1.28)
+* The 'jquery.autoEllipsis' ResourceLoader module is now deprecated.
+* WikiRevision::$fileIsTemp was deprecated.
+* WikiRevision::$importer was deprecated.
+* WikiRevision::$user was deprecated.
+* Article::getLastPurgeTimestamp(), WikiPage::getLastPurgeTimestamp(), and the
+ WikiPage::PURGE_* constants are deprecated, and the functions will always
+ return false. They were a hack for an issue that has since been fixed.
+* Hook 'EditPageBeforeEditChecks' is now deprecated. Instead use the new hook
+ 'EditPageGetCheckboxesDefinition', or 'EditPage::showStandardInputs:options'
+ if you don't actually care about checkboxes and just want to add some HTML
+ to the page.
+* Selflinks are now rendered as href-less <a> tags with the class mw-selflink
+ rather than <strong> tags. The old class name, "selflink", was deprecated
+ and will be removed in a future release. (T160480)
+* (T156184) $wgRawHtml will no longer apply to internationalization messages.
+* Browser support for non-ES5 JavaScript browsers, including Android 2,
+ Opera <12.10, and Internet Explorer 9, was lowered from Grade A to Grade C.
+* Removed wikibits global methods deprecated since MediaWiki 1.17 (T122755):
+ is_gecko, is_chrome_mac, is_chrome, webkit_version, is_safari_win, is_safari,
+ webkit_match, is_ff2, ff2_bugs, is_ff2_win, is_ff2_x11, opera95_bugs,
+ opera7_bugs, opera6_bugs, is_opera_95, is_opera_preseven, is_opera,
+ ie6_bugs, clientPC, changeText, killEvt, addHandler, hookEvent,
+ addClickHandler, removeHandler, getElementsByClassName, getInnerText,
+ setupCheckboxShiftClick, addCheckboxClickHandlers, mwEditButtons,
+ mwCustomEditButtons, injectSpinner, removeSpinner, escapeQuotes,
+ escapeQuotesHTML, jsMsg, addPortletLink, appendCSS, tooltipAccessKeyPrefix,
+ tooltipAccessKeyRegexp, updateTooltipAccessKeys.
+* The ID of the <li> element containing the login link has changed from
+ 'pt-login' to 'pt-login-private' in private wikis.
+* The old, neglected "bulletin board style toolbar" in the edit form is now
+ deprecated (T30856). This old code dates from 2006, and was replaced in the
+ MediaWiki release tarball and in Wikimedia production by the WikiEditor
+ extension in 2010. It is only shown to users if no other editor was
+ installed, and leads to confusion.
+* (T92459) Loading ResourceLoader modules containing JavaScript through
+ addModuleStyles() is deprecated and will log a warning server-side.
+
+= MediaWiki 1.28 =
+
+== MediaWiki 1.28.1 ==
+
+This is a security and maintenance release of the MediaWiki 1.28 branch.
+
+=== Changes since 1.28.0 ===
+
+* $wgRunJobsAsync is now false by default (T142751). This change only affects
+ wikis with $wgJobRunRate > 0.
+* Fix fatal from "WaitConditionLoop" not being found, experienced when a wiki has
+ more than one database server setup.
+* (T152717) Better escaping for PHP mail() command,
+* (T154670) A missing method causing the MySQL installer to fatal in rare
+ circumstances was restored.
+* (T154672) Un-deprecate ArticleAfterFetchContentObject hook.
+* (T158766) Avoid SQL error on MSSQL when using selectRowCount().
+* (T145635) Fix too long index error when installing with MSSQL.
+* (T156184) $wgRawHtml will no longer apply to internationalization messages.
+* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is installed.
+* (T154872) Fix incorrect ar_usertext_timestamp index names in new 1.28 installs.
+* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow redirect
+ to interwiki links.
+* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
+ $wgAdvancedSearchHighlighting is true.
+* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
+ their values out of the logs.
+* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a CSRF
+ token.
+* (T156184) SECURITY: Escape content model/format url parameter in message.
+* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
+ declaration.
+* (T161453) SECURITY: LocalisationCache will no longer use the temporary directory
+ in it's fallback chain when trying to work out where to write the cache.
+* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file inclusion
+ syntax's link parameter.
+* (T108138) SECURITY: Sysops can undelete pages, although the page is protected against
+ it.
+
+== MediaWiki 1.28 ==
+
+=== Changes since 1.28.0-rc1 ===
+* (T148957) Replace wgShowExceptionDetails with wgShowDBErrorBacktrace on db
+ errors.
+* (T148956) Only apply wgDBschema to postgres/mssql.
+* (T145991) Introduce separate log action for deleting pages on move.
+* (T141474) (T110464) Bypass login page if no user input is required.
+
+=== Changes since 1.28.0-rc0 ===
+* (T142210) The changes to move the parser "NewPP limit report" from a HTML
+ comment to a machine-readable JavaScript config option 'wgPageParseReport'
+ have been undone. They caused the human-readable limit report to be shown
+ incompletely or not at all. ParserOutput::setLimitReportData() and
+ getLimitReportData() behave as they did in MediaWiki 1.27 again.
+* (T149510) Value of {{DISPLAYTITLE:}} parser function will not be used for
+ the text of subheadings on a category page when creating it. This wasn't
+ working correctly.
+* (T106793) MediaWiki will no longer try to perform a HTTP redirect to the
+ canonical pretty URL when a non-pretty URL is used. It resulted in redirect
+ loops in some clients and in some server configurations. This undoes a change
+ made in MediaWiki 1.26.
+* (T149759) manifest_version: 2 was removed.
+
+=== Configuration changes in 1.28 ===
+* $wgSend404Code now affects status code of action=history if the page is not there.
+* BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests
+ made by MediaWiki via a proxy. Relying on the http_proxy environment
+ variable is no longer supported.
+* The load.php entry point now enforces the existing policy of not allowing
+ access to session data, which includes the session user and the session
+ user's language. If such access is attempted, an exception will be thrown.
+* The number of internal PBKDF2 iterations used to derive the session secret
+ is configurable via $wgSessionPbkdf2Iterations.
+* Upload dialog's file upload log comment can now be configured separately for
+ local and foreign uploads.
+* $wgForeignUploadTargets now defaults to `[ 'local' ]`, where `'local'`
+ signifies local uploads. A value of `[]` (empty array) now means that
+ no upload targets are allowed, effectively disabling the upload dialog.
+* The deprecated $wgEditEncoding variable has been removed; it was only used
+ for Esperanto language character conversion. You are now recommended to use
+ input methods provided by the UniversalLanguageSelector extension.
+* When $wgPingback is true, MediaWiki will periodically ping
+ https://www.mediawiki.org/beacon with basic information about the local
+ MediaWiki installation. This data includes, for example, the type of system,
+ PHP version, and chosen database backend. This behavior is off by default.
+* When $wgEditSubmitButtonLabelPublish is true, MediaWiki will label the button
+ to store-to-database-and-show-to-others as "Publish page"/"Publish changes";
+ if false, the default, they will be "Save page"/"Save changes".
+* The 'editcontentmodel' permission is now granted to all logged-in users ('user').
+ instead of just administrators ('sysop'). Documentation for this feature is
+ available at <https://www.mediawiki.org/wiki/Help:ChangeContentModel>.
+* $wgRevisionCacheExpiry is now set to one week by default instead of being disabled.
+* Magic links are now disabled by default, and can be re-enabled by modifying the value
+ of $wgEnableMagicLinks. Their usage is discouraged, but if they are manually enabled,
+ a tracking category will be added to help identify usage and make it easier to migrate
+ away from. If you depend upon magic link functionality, it is requested that you comment
+ on <https://www.mediawiki.org/wiki/Requests_for_comment/Future_of_magic_links> and
+ explain your use case(s).
+* New config variable $wgCSPFalsePositiveUrls to control what URLs to ignore
+ in upcoming Content-Security-Policy feature's reporting.
+
+=== New features in 1.28 ===
+* User::isBot() method for checking if an account is a bot role account.
+* Added a new 'slideshow' mode for galleries.
+* Added a new hook, 'UserIsBot', to aid in determining if a user is a bot.
+* Added a new hook, 'ApiMakeParserOptions', to allow extensions to better
+ interact with API parsing.
+* Added a new hook, 'UploadVerifyUpload', which can be used to reject a file
+ upload. Unlike 'UploadVerifyFile' it provides information about upload comment
+ and the file description page, but does not run for uploads to stash.
+* (T141604) Extensions can now provide a better error message when their
+ maintenance scripts are run without the extension being installed.
+* (T8948) Numeric sorting in categories is now supported by setting $wgCategoryCollation
+ to 'uca-default-u-kn' or 'uca-<langcode>-u-kn'. If you can't use UCA collations,
+ a 'numeric' collation is also available. If migrating from another
+ collation, you will need to run the updateCollation.php maintenance script.
+* Two new codes have been added to #time parser function: "xit" for days in current
+ month, and "xiz" for days passed in the year, both in Iranian calendar.
+* mw.Api has a new option, useUS, to use U+001F (Unit Separator) when
+ appropriate for sending multi-valued parameters. This defaults to true when
+ the mw.Api instance seems to be for the local wiki.
+* After a client performs an action which alters a database that has replica databases,
+ MediaWiki will wait for the replica databases to synchronize with the master database
+ while it renders the HTML output. However, if the output is a redirect to another wiki
+ on the wiki farm with a different domain, MediaWiki will instead alter the redirect
+ URL to include a ?cpPosTime parameter that triggers the database synchronization when
+ the URL is followed by the client. The same-domain case uses a new cpPosTime cookie.
+* Added new hooks, 'ApiQueryBaseBeforeQuery', 'ApiQueryBaseAfterQuery', and
+ 'ApiQueryBaseProcessRow', to make it easier for extensions to add 'prop' and
+ 'show' parameters to existing API query modules.
+
+=== External library changes in 1.28 ===
+
+==== Upgraded external libraries ====
+* Updated es5-shim from v4.1.5 to v4.5.8
+* Updated composer/semver from v1.4.1 to v1.4.2
+* Updated wikimedia/php-session-serializer from v1.0.3 to v1.0.4
+
+==== New external libraries ====
+* Added wikimedia/scoped-callback v1.0.0
+* Added wikimedia/wait-condition-loop v1.0.1
+
+=== Bug fixes in 1.28 ===
+* (T146496) action=history pages should return 404 HTTP error code if the page does not exist
+* (T137264) SECURITY: XSS in unclosed internal links
+* (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks
+* (T133147) SECURITY: Require login to preview user CSS pages
+* (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is
+ the top file
+* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
+ permissions
+* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true
+* (T139670) Move 'UserGetRights' call before application of
+ Session::getAllowedUserRights()
+
+=== Action API changes in 1.28 ===
+* Added 'maxarticlesize' property to action=query&meta=siteinfo which contains
+ the value of $wgMaxArticleSize.
+* Property 'modulemessages' from action=parse&prop=modules was removed
+ (deprecated since 1.26).
+* The following response properties from action=login, deprecated in 1.27, are
+ now removed: lgtoken, cookieprefix, sessionid. Clients should handle cookies
+ to properly manage session state.
+* Submitting the lgtoken and lgpassword parameters in the query string to
+ action=login is now deprecated and outputs a warning. They should be submitted
+ in the POST body instead.
+* Submitting sensitive authentication request parameters to action=clientlogin,
+ action=createaccount, action=linkaccount, and action=changeauthenticationdata
+ in the query string is now deprecated and outputs a warning. They should be
+ submitted in the POST body instead.
+* (T141960) Multi-valued parameters may now be separated using U+001F (Unit Separator)
+ instead of the pipe character. This will be useful if some of the multiple
+ values need to contain pipes, e.g. for action=options.
+* The API will now warn if input is not NFC-normalized Unicode or if it
+ contains invalid characters.
+* The 'normalized' list output by action=query and other modules that use
+ ApiPageSet may contain entries where the 'from' value is percent-encoded as
+ the raw value cannot be represented in a valid API response. These are
+ indicated by a 'fromencoded' boolean alongside the existing 'from' parameter.
+* (T28680) action=paraminfo can now return info about all submodules of a
+ module without listing them all explicitly.
+* (T146770) It is now possible to assert that the current user is a specific
+ named user, using the 'assertuser' parameter.
+* (T141963) Added a 'known' property when missing-but-known titles (e.g. from
+ the 'TitleIsAlwaysKnown' hook) are output in various modules.
+
+=== Action API internal changes in 1.28 ===
+* Added a new hook, 'ApiMakeParserOptions', to allow extensions to better
+ interact with ApiParse and ApiExpandTemplates.
+* (T139565) SECURITY: API: Generate head items in the context of the given title
+* (T115333) SECURITY: Check read permission when loading page content in ApiParse
+* ApiBase::getResultData() was removed (deprecated since 1.25)
+* ApiBase::makeHelpArrayToString() was removed (deprecated since 1.25)
+* ApiBase::makeHelpMsgParameters() was removed (deprecated since 1.25)
+* ApiBase::makeHelpMsg() was removed (deprecated since 1.25)
+* ApiFormatBase::formatHTML() was removed (deprecated since 1.25)
+* ApiFormatBase::getNeedsRawData() was removed (deprecated since 1.25)
+* ApiFormatBase::getWantsHelp() was removed (deprecated since 1.25)
+* ApiFormatBase::setBufferResult() was removed (deprecated since 1.25)
+* ApiFormatBase::setHelp() was removed (deprecated since 1.25)
+* ApiFormatBase::setUnescapeAmps() was removed (deprecated since 1.25)
+* ApiMain::makeHelpMsgHeader() was removed (deprecated since 1.25)
+* ApiMain::reallyMakeHelpMsg() was removed (deprecated since 1.25)
+* ApiMain::setHelp() was removed (deprecated since 1.25)
+* ApiResult::beginContinuation() was removed (deprecated since 1.25)
+* ApiResult::cleanUpUTF8() was removed (deprecated since 1.25)
+* ApiResult::convertStatusToArray() was removed (deprecated since 1.25)
+* ApiResult::disableSizeCheck() was removed (deprecated since 1.24)
+* ApiResult::enableSizeCheck() was removed (deprecated since 1.24)
+* ApiResult::endContinuation() was removed (deprecated since 1.25)
+* ApiResult::getData() was removed (deprecated since 1.25)
+* ApiResult::getIsRawMode() was removed (deprecated since 1.25)
+* ApiResult::setContent() was removed (deprecated since 1.25)
+* ApiResult::setContinueParam() was removed (deprecated since 1.25)
+* ApiResult::setElement() was removed (deprecated since 1.25)
+* ApiResult::setGeneratorContinueParam() was removed (deprecated since 1.25)
+* ApiResult::setIndexedTagName_internal() was removed (deprecated since 1.25)
+* ApiResult::setIndexedTagName_recursive() was removed (deprecated since 1.25)
+* ApiResult::setMainForContinuation() was removed (deprecated since 1.25)
+* ApiResult::setParsedLimit() was removed (deprecated since 1.25)
+* ApiResult::setRawMode() was removed (deprecated since 1.25)
+* ApiResult::size() was removed (deprecated since 1.25)
+* Added new hooks, 'ApiQueryBaseBeforeQuery', 'ApiQueryBaseAfterQuery', and
+ 'ApiQueryBaseProcessRow', to make it easier for extensions to add 'prop' and
+ 'show' parameters to existing API query modules. A query module can enable
+ these hooks by passing an array for $hookData to ApiQueryBase::select() and
+ by calling ApiQueryBase->processRow() before adding a row's data to the
+ result.
+
+=== Languages updated in 1.28 ===
+
+MediaWiki supports over 375 languages. Many localisations are updated
+regularly. Below only new and removed languages are listed, as well as
+changes to languages because of Phabricator reports.
+
+* (T137411) ban (Balinese), thanks to translators Adi Mayndra, Andru,
+ BASAbali, M. Adiputra, Naval Scene, Nemo bis, NoiX180, and 아라.
+* (T135867) shn (Shan), thanks to translators Khun Sar, Piangpha,
+ Saiddzone Saimawnkham, Saosukham, and Sengwan.
+* Czech (cs) and Slovak (sk) set as reciprocal fallbacks.
+* (T146744) Livvi-Karelian (olo) namespace messages created thanks to translator Ilja.mos.
+
+=== Other changes in 1.28 ===
+* (T128697) Improved handling of large diffs.
+* [BREAKING CHANGE] $wgExtendedLoginCookies has been removed. You can
+ use or update a custom session provider if needed.
+* Deprecated APIEditBeforeSave hook in favor of EditFilterMergedContent.
+* The 'UploadVerification' hook is deprecated. Use 'UploadVerifyFile' instead.
+* SiteConfiguration::isLocalVHost() was removed (deprecated since 1.25).
+* The 'UserLoginComplete' hook has a new parameter to differentiate between actual
+ login and visiting the login page while already logged in.
+* ResourceLoader::makeLoaderURL() was removed (deprecated since 1.24).
+* $.fn.liveAndTestAtStart was removed (deprecated since 1.24).
+* mw.util.tooltipAccessKeyPrefix was removed (deprecated since 1.24).
+* mw.util.tooltipAccessKeyRegexp was removed (deprecated since 1.24).
+* Linker::link() and Linker::linkKnown() were deprecated; please instead use
+ MediaWiki\Linker\LinkRenderer. In addition, the LinkBegin and LinkEnd hooks
+ were replaced by HtmlPageLinkRendererBegin and HtmlPageLinkRendererEnd
+ respectively. See docs/hooks.txt for the specific changes needed for those hooks.
+* Linker::formatSize() was deprecated. Use Language::formatSize() directly.
+* Aliases for Linker methods, deprecated since 1.21, were removed from Skin:
+ * Skin::commentBlock() (use Linker::commentBlock() instead)
+ * Skin::generateRollback() (use Linker::generateRollback() instead)
+ * Skin::link() (use MediaWiki\Linker\LinkRenderer instead)
+ * Skin::linkKnown() (use MediaWiki\Linker\LinkRenderer instead)
+ * Skin::userLink() (use Linker::userLink() instead)
+ * Skin::userToolLinks() (use Linker::userToolLinks() instead)
+* Disabled "bug 2702" HTML tidying of parsed UI messages on wikis where Tidy is
+ disabled.
+* DifferenceEngine::generateDiffBody() was removed (deprecated since 1.21).
+* UploadBase::stashFileGetKey() and UploadBase::stashSession() were deprecated.
+ Use ...->stashFile()->getFileKey() instead.
+* "Public domain" was removed as a wiki license option from the installer, in
+ favour of CC-0.
+* AuthenticationRequest::$required is now changed from REQUIRED to PRIMARY_REQUIRED
+ on requests needed by primary providers even if all primaries need them.
+ Primary providers are discouraged from returning multiple REQUIRED requests.
+* OOjs UI PHP widgets constructed with the `'infusable' => true` config option
+ will no longer be automatically infused. You should call `OO.ui.infuse()`
+ on them yourself from your JavaScript code.
+* parserTests.php has moved to tests/parser/parserTests.php
+* The command line options specific to parser tests have been removed from
+ phpunit.php: --regex and --keep-uploads. Instead of --regex, use --filter.
+ Instead of --keep-uploads, use the same option to parserTests.php, but you
+ must specify a directory with --upload-dir.
+* The 'jquery.arrowSteps' ResourceLoader module is now deprecated.
+* IP::isConfiguredProxy() and IP::isTrustedProxy() were removed. Callers should
+ migrate to using the same functions on a ProxyLookup instance, obtainable from
+ MediaWikiServices.
+* The ArticleAfterFetchContent, ArticleInsertComplete, ArticleSave, ArticleSaveComplete,
+ ArticleViewCustom, EditFilterMerged, EditPageGetDiffText, EditPageGetPreviewText and
+ ShowRawCssJs hooks will now emit deprecation warnings if used.
+* (T68404) CSS3 attr() function with url type is no longer allowed
+ in inline styles.
+* Database::getSearchEngine() is deprecated, use SearchEngineFactory::getSearchEngineClass
+ instead.
-== MediaWiki 1.16 ==
+== Compatibility ==
+
+MediaWiki 1.28 requires PHP 5.5.9 or later. There is experimental support for
+HHVM 3.6.5 or later.
+
+MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but
+support for them is somewhat less mature. There is experimental support for
+Oracle and Microsoft SQL Server.
+
+The supported versions are:
+
+* MySQL 5.0.3 or later
+* PostgreSQL 8.3 or later
+* SQLite 3.3.7 or later
+* Oracle 9.0.1 or later
+* Microsoft SQL Server 2005 (9.00.1399)
+
+== Upgrading ==
+
+1.28 has several database changes since 1.27, and will not work without schema
+updates. Note that due to changes to some very large tables like the revision
+table, the schema update may take quite long (minutes on a medium sized site,
+many hours on a large site).
+
+If upgrading from before 1.11, and you are using a wiki as a commons
+repository, make sure that it is updated as well. Otherwise, errors may arise
+due to database schema changes.
+
+If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
+new database fields are filled with data.
+
+If you are upgrading from MediaWiki 1.4.x or earlier, you should upgrade to
+1.5 first. The upgrade script maintenance/upgrade1_5.php has been removed
+with MediaWiki 1.21.
+
+Don't forget to always back up your database before upgrading!
+
+See the file UPGRADE for more detailed upgrade instructions.
+
+For notes on 1.27.x and older releases, see HISTORY.
+
+== Online documentation ==
+
+Documentation for both end-users and site administrators is available on
+MediaWiki.org, and is covered under the GNU Free Documentation License (except
+for pages that explicitly state that their contents are in the public domain):
+
+ https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
+
+== Mailing list ==
+
+A mailing list is available for MediaWiki user support and discussion:
+
+ https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
+
+A low-traffic announcements-only list is also available:
+
+ https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
-== Changes since 1.16.4 ==
+It's highly recommended that you sign up for one of these lists if you're
+going to run a public MediaWiki, so you can be notified of security fixes.
-* (bug 28534) Fixed XSS vulnerability for IE 6 clients. This is the third
- attempt at fixing bug 28235.
-* (bug 28639) Fixed potential privilege escalation when $wgBlockDisablesLogin
- is enabled.
+== IRC help ==
+
+There's usually someone online in #mediawiki on irc.freenode.net.
+
+= MediaWiki 1.27 =
+
+== MediaWiki 1.27.3 ==
+Due to a packaging error, the wrong version of the SyntaxHighlight extension was
+included in the tarball version of MediaWiki 1.27.2. The version included had a
+serious security issue in it (T158689). There was also some minor code fixes in
+MediaWiki itself since 1.27.2, but none of them were security relevant.
+
+=== Changes since 1.27.2 ===
+* (T145664) Fix broken wincache merge() implementation
+* (T163434) Add wikimedia/testing-access-wrapper for forwards compatibility
+* (T153505) Fix php warnings on php 7.1 due to use of &$this
+
+== MediaWiki 1.27.2 ==
+This is a security and maintenance release of the MediaWiki 1.27 branch.
+
+ApiCreateAccount was removed in 1.27.0. It was incorrectly still marked as
+deprecated (rather than already removed) in the RELEASE-NOTES at the point 1.27.0
+was released.
+
+=== Changes since 1.27.1 ===
+
+* (T68404) CSS3 attr() function with url type argument is no longer allowed
+ in inline styles.
+* $wgRunJobsAsync is now false by default (T142751). This change only affects
+ wikis with $wgJobRunRate > 0.
+* (T152717) Better escaping for PHP mail() command
+* Submitting the lgtoken and lgpassword parameters in the query string to
+ action=login is now deprecated and outputs a warning. They should be submitted
+ in the POST body instead.
+* Submitting sensitive authentication request parameters to action=clientlogin,
+ action=createaccount, action=linkaccount, and action=changeauthenticationdata
+ in the query string is now deprecated and outputs a warning. They should be
+ submitted in the POST body instead.
+* (T158766) Avoid SQL error on MSSQL when using selectRowCount()
+* (T145635) Fix too long index error when installing with MSSQL.
+* (T156184) $wgRawHtml will no longer apply to internationalization messages.
+* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is installed.
+* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow redirect
+ to interwiki links.
+* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
+ $wgAdvancedSearchHighlighting is true.
+* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
+ their values out of the logs.
+* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a CSRF
+ token.
+* (T156184) SECURITY: Escape content model/format url parameter in message.
+* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
+ declaration.
+* (T161453) SECURITY: LocalisationCache will no longer use the temporary directory
+ in it's fallback chain when trying to work out where to write the cache.
+* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file inclusion
+ syntax's link parameter.
+* (T108138) SECURITY: Sysops can undelete pages, although the page is protected against
+ it.
+
+== MediaWiki 1.27.1 ==
+
+This is a maintenance release of the MediaWiki 1.27 branch.
+
+=== Changes since 1.27.0 ===
+* BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests
+ made by MediaWiki via a proxy. Relying on the http_proxy environment
+ variable is no longer supported.
+* (T139565) SECURITY: API: Generate head items in the context of the given title
+* (T137264) SECURITY: XSS in unclosed internal links
+* (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks
+* (T133147) SECURITY: Require login to preview user CSS pages
+* (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is
+ the top file
+* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
+ permissions
+* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true
+* (T115333) SECURITY: Check read permission when loading page content in ApiParse
+* (T57548) Remove support for $wgWellFormedXml = false, all output is now well formed
+* (T139670) Move 'UserGetRights' call before application of Session::getAllowedUserRights()
+
+== MediaWiki 1.27.0 ==
+
+=== PHP version requirement in 1.27 ===
+As of 1.27, MediaWiki now requires PHP 5.5.9 or higher (see Compatibility
+section). Additionally, the following PHP extensions are required:
+* ctype
+* iconv
+* json
+* mbstring (new requirement in 1.27)
+* xml
+The following PHP extensions are strongly recommended:
+* openssl
+
+=== Configuration changes in 1.27 ===
+* $wgAllowMicrodataAttributes and $wgAllowRdfaAttributes were removed,
+ now always enabled. If you use RDFa on your wiki, you now have to explicitly
+ set $wgHtml5Version to 'HTML+RDFa 1.0' or 'XHTML+RDFa 1.0'.
+* $wgUseLinkNamespaceDBFields was removed.
+* Deprecated $wgResourceLoaderMinifierStatementsOnOwnLine and
+ $wgResourceLoaderMinifierMaxLineLength, because there was little value in
+ making the behavior configurable. The default values (`false` for the former,
+ 1000 for the latter) are now hard-coded.
+* $wgDebugDumpSqlLength was removed (deprecated in 1.24).
+* $wgDebugDBTransactions was removed (deprecated in 1.20).
+* $wgUseXVO has been removed, as it provides functionality only used by
+ custom Wikimedia patches against Squid 2.x that probably noone uses in
+ production anymore. There is now $wgUseKeyHeader that provides similar
+ functionality but instead of the MediaWiki-specific X-Vary-Options header,
+ uses the draft Key header standard.
+* $wgScriptExtension (and support for '.php5' entry points) was removed. See the
+ deprecation notice in the release notes for version 1.25 for advice on how to
+ preserve support for '.php5' entry points via URL rewriting.
+* Password handling via the User object has been deprecated and partially
+ removed, pending the future introduction of AuthManager. In particular:
+** expirePassword(), getPasswordExpireDate(), resetPasswordExpiration(), and
+ getPasswordExpired() have been removed. They were unused outside of core.
+** The mPassword, mNewpassword, mNewpassTime, and mPasswordExpires fields are
+ now private and will be removed in the future.
+** The getPassword() and getTemporaryPassword() methods now throw
+ BadMethodCallException and will be removed in the future.
+** The ability to pass 'password' and 'newpassword' to createNew() has been
+ removed. The only users of it seem to have been using it to set invalid
+ passwords, and so shouldn't be greatly affected.
+** setPassword(), setInternalPassword(), and setNewpassword() have been
+ deprecated, pending the introduction of AuthManager.
+** User::randomPassword() is deprecated in favor of a new method
+ PasswordFactory::generateRandomPasswordString()
+** User::getPasswordFactory() is deprecated, callers should just create a
+ PasswordFactory themselves.
+** A new constructor, User::newSystemUser(), has been added to simplify the
+ creation of passwordless "system" users for logged actions.
+* $wgMaxSquidPurgeTitles was removed.
+* $wgAjaxWatch was removed. This is now enabled by default.
+* $wgUseInstantCommons now hotlinks Commons images by default instead of
+ downloading originals and thumbnailing them locally. This allows wikis to save
+ on CPU and bandwidth while reducing time to first byte for pages, even without
+ a thumbnail handler. See $wgForeignFileRepos documentation for tweaks.
+* (T27397) WebP is enabled by default as an uploadable filetype.
+* (T48998) $wgArticlePath must now be either a full url, or start with a "/".
+* $wgRateLimitLog was removed; use $wgDebugLogGroups['ratelimit'] instead.
+* Deprecated API formats dbg, txt, and yaml have been removed.
+* CLDRPluralRule* classes have been replaced with
+ wikimedia/cldr-plural-rule-parser.
+* Removed $wgProfilePerHost, $wgUDPProfilerHost, $wgUDPProfilerPort,
+ $wgUDPProfilerFormatString, $wgStatsMethod, $wgAggregateStatsID,
+ $wgStatsFormatString, and $wgProfileCallTree (deprecated since 1.20).
+* For proper operation of LocalIdLookup with shared user tables, ensure that
+ $wgSharedDB and $wgSharedTables are properly set even on the "central" wiki
+ that all others are sharing from and that $wgLocalDatabases is set to the
+ full list of sharing wikis on all those wikis.
+* Massive overhaul to session handling:
+** $wgSessionsInObjectCache is no longer supported and must be true, due to
+ MediaWiki\Session\SessionManager. $wgSessionHandler is similarly no longer
+ used.
+** ObjectCacheSessionHandler is removed, replaced with
+ MediaWiki\Session\PhpSessionHandler.
+** PHP session handling in general ($_SESSION, session_id(), and so on) is
+ deprecated. Use MediaWiki\Session\SessionManager instead. A new config
+ variable, $wgPHPSessionHandling, is available to cause use of $_SESSION to
+ issue a deprecation warning or to cause most PHP session handling to throw
+ exceptions.
+** Deprecated UserSetCookies hook. Session-handling extensions should generally
+ be creating a custom subclass of CookieSessionProvider. Other extensions
+ messing with cookies can no longer count on user data being saved in cookies
+ versus other methods.
+** Deprecated UserLoadFromSession hook, extensions should create a
+ MediaWiki\Session\SessionProvider.
+** The User cannot be loaded from session until after Setup.php completes.
+ Attempts to do so will be ignored and the User will remain unloaded.
+** CSRF tokens may be fetched from the MediaWiki\Session\Session, which uses
+ the MediaWiki\Session\Token class.
+* MediaWiki will now auto-create users as necessary, removing the need for
+ extensions to do so. An 'autocreateaccount' right is added to allow
+ auto-creation when 'createaccount' is not granted to all users.
+* Deprecated AuthPluginAutoCreate hook in favor of LocalUserCreated.
+* Most cookie-handling methods in User are deprecated.
+* $wgAllowAsyncCopyUploads and $CopyUploadAsyncTimeout were removed. This was an
+ experimental feature that has never worked.
+* Login and createaccount tokens now vary by timestamp.
+* LoginForm::getLoginToken() and LoginForm::getCreateaccountToken()
+ return a MediaWiki\Session\Token, and tokens must be checked using that
+ class's methods.
+* $wgEnotifUseJobQ was removed and the job queue is always used.
+* The functionality of the ApiSandbox extension has been merged into core. The
+ extension should no longer be used.
+* $wgPreloadJavaScriptMwUtil was removed (deprecated in 1.26).
+ Extensions, skins, gadgets and scripts that use the mediawiki.util module must
+ express a dependency on it.
+* $wgIncludeLegacyJavaScript, deprecated in MediaWiki 1.26, now defaults false.
+ Extensions, skins, gadgets and scripts that need the mediawiki.legacy.wikibits
+ module should express a dependency on it.
+* Removed configuration option $wgCopyrightIcon (deprecated since 1.18). Use
+ $wgFooterIcons['copyright']['copyright'] instead.
+* If the openssl and mcrypt PHP extensions are both unavailable, secure
+ session storage (used for login) will raise an exception. This exception may
+ be bypassed by setting $wgSessionInsecureSecrets = true.
+* Massive overhaul to authentication:
+** AuthPlugin and AuthPluginUser are deprecated.
+** LoginForm and associated templates are deprecated. Extensions which called
+ static LoginForm methods should be converted into authentication providers.
+** The following hooks are deprecated:
+*** AbortAutoAccount (create a MediaWiki\Auth\PreAuthenticationProvider instead)
+*** AbortLogin (create a MediaWiki\Auth\PreAuthenticationProvider instead)
+*** AbortNewAccount (create a MediaWiki\Auth\PreAuthenticationProvider instead)
+*** AddNewAccount (use LocalUserCreated instead)
+*** AuthPluginSetup (create a MediaWiki\Auth\PrimaryAuthenticationProvider instead)
+*** ChangePasswordForm (use AuthChangeFormFields instead, or security levels)
+*** LoginUserMigrated (create a MediaWiki\Auth\PreAuthenticationProvider instead)
+*** UserCreateForm (create a MediaWiki\Auth\AuthenticationProvider of some type instead)
+*** UserLoginForm (create a MediaWiki\Auth\AuthenticationProvider of some type instead)
+** The following hooks are removed:
+*** AbortChangePassword
+*** LoginPasswordResetMessage
+*** PrefsPasswordAudit
+** The UserLoginComplete hook will no longer be called for all logins, only for
+ those via the web UI. Use UserLoggedIn if you need to do something on all
+ logins.
+** $wgRequirePasswordforEmailChange is removed.
+
+=== New features in 1.27 ===
+* $wgDataCenterUpdateStickTTL was also added. This decides how long a user
+ sticks to the primary DC (via cookies) after they make changes to the site.
+* Added a new hook, 'UserMailerTransformContent', to transform the contents
+ of an email. This is similar to the EmailUser hook but applies to all mail
+ sent via UserMailer.
+* Added a new hook, 'UserMailerTransformMessage', to transform the contents
+ of an emai after MIME encoding.
+* Added a new hook, 'UserMailerSplitTo', to control which users have to be
+ emailed separately (ie. there is a single address in the To: field) so
+ user-specific changes to the email can be applied safely.
+* $wgCdnMaxageLagged was added, which limits the CDN cache TTL
+ when any load balancer uses a DB that is lagged beyond the 'max lag'
+ setting in the relevant section of $wgLBFactoryConf.
+* User::newSystemUser() may be used to simplify the creation of passwordless
+ "system" users for logged actions from scripts and extensions.
+* Extensions can now return detailed error information via the API when
+ preventing user actions using 'getUserPermissionsErrors' and similar hooks
+ by using ApiMessage instances instead of strings for the $result value.
+* $wgAPIMaxLagThreshold was added to limit bot changes when databases lag
+ becomes too high.
+* Skins and extensions can now use FlexBox mixins (.flex-display(@display: flex)
+ and .flex(@grow: 1, @shrink: 1, @width: auto, @order: 1)) in Less to create
+ cross-browser-compatible FlexBox rules. Users will still need to add fallback
+ float rules or the like for compatibility with IE9- separately.
+* Added MWTimestamp::getTimezoneString() which returns the localized timezone
+ string, if available. To localize this string, see the comments of
+ $wgLocaltimezone in includes/DefaultSettings.php.
+* Added CentralIdLookup, a service that allows extensions needing a concept of
+ "central" users to get that without having to know about specific central
+ authentication extensions.
+* $wgMaxUserDBWriteDuration added to limit huge user-generated transactions.
+ Regular web request transactions that takes longer than this are aborted.
+* Added a new hook, 'TitleMoveCompleting', which runs before a page move is
+ committed.
+* $wgCdnReboundPurgeDelay was added to provide secondary delayed purges of URLs
+ from CDN to mitigate DB replication lag and WAN cache purge lag.
+* (T49162) Installer will default to setting CACHE_ACCEL as the main cache type
+ if it is available.
+* It is now possible to patrol file uploads (both for new files and new versions
+ of existing files). Special:NewFiles has gained an option to filter by patrol
+ status. This functionality can be disabled using $wgUseFilePatrol.
+* MediaWiki\Session infrastructure allows for easier use of session mechanisms
+ other than the usual cookies.
+** SessionMetadata and SessionCheckInfo hooks allow for setting and checking
+ custom session metadata.
+* Added MWGrants and associated configuration settings $wgGrantPermissions and
+ $wgGrantPermissionGroups to hold configuration for authentication features
+ such as OAuth that want to allow restricting the user rights a user may make
+ use of.
+** If you're already using the OAuth extension, these new variables are
+ identical to (and will replace) $wgMWOAuthGrantPermissions and
+ $wgMWOAuthGrantPermissionGroups.
+* Added MWRestrictions as a class to check restrictions on a WebRequest, e.g.
+ to assert that the request comes from a particular IP range.
+* Added bot passwords, a rights-restricted login mechanism for API-using bots.
+* Whitelisted the following HTML attributes for all elements in wikitext:
+ aria-describedby, aria-flowto, aria-label, aria-labelledby, aria-owns.
+* Removed "presentation" restriction on the HTML role attribute in wikitext.
+ All values are now allowed for the role attribute.
+* $wgContentHandlers now also supports callbacks to create an instance of the
+ appropriate ContentHandler subclass.
+* Added $wgAuthenticationTokenVersion, which if non-null prevents the
+ user_token database field from being exposed in cookies. Setting this would
+ be a good idea, but will log out all current sessions.
+* $wgEventRelayerConfig was added, for managing PubSub event relay configuration,
+ specifically for reliable CDN url purges.
+* Requests have unique IDs, equal to the UNIQUE_ID environment variable (when
+ MediaWiki is behind Apache+mod_unique_id or something similar) or a randomly-
+ generated 24-character string. This request ID is used to annotate log records
+ and error messages. It is available client-side via mw.config.get( 'wgRequestId' ).
+ The request ID supplants exception IDs. Accordingly, MWExceptionHandler::getLogId()
+ is deprecated.
+* (T33313) Add a preference for watching uploads by default, also applies
+ to API-based upload tools.
+* $wgJpegPixelFormat was added to override chroma subsampling for JPEG image
+ thumbnails created via ImageMagick. Defaults to 'yuv420', providing bandwidth
+ savings versus the previous behavior on many files.
+* MediaWiki\Auth infrastructure (called "AuthManager") allows for more flexible
+ configuration of multiple authentication pieces that was possible with
+ AuthPlugin. For example, it's now easy to plug in second-factor
+ authentication, or add additional checks to the login process, or to support
+ multiple login methods at once, or to support non-password-based login methods.
+** Providers are configured via the global setting $wgAuthManagerConfig.
+** A global, $wgDisableAuthManager, is temporarily available to disable
+ AuthManager until extensions are ready to support it.
+** New hook, AuthChangeFormFields, to adjust the form fields on
+ AuthManager-related special pages.
+** New hook, AuthManagerLoginAuthenticateAudit, for additional logging of
+ AuthManager-related authentication requests.
+** New hook, ChangeAuthenticationDataAudit, for additional logging of
+ AuthManager-related authentication data changes.
+** New hook, SecuritySensitiveOperationStatus, to work with the new mechanism
+ for requiring a recent login before taking security-sensitive operations
+ like changing a password.
+** Two new globals, $wgChangeCredentialsBlacklist and $wgRemoveCredentialsBlacklist
+ can be used to prevent the web UI and the API changing certain authentication data.
+* The file upload dialog (available if you install WikiEditor or VisualEditor)
+ can now be configured using $wgUploadDialog.
+
+=== External library changes in 1.27 ===
+
+==== Upgraded external libraries ====
+* Updated oojs/oojs-ui from v0.12.12 to v0.13.3.
+* Updated composer/semver from v1.0.0 to v1.2.0.
+* Updated liuggio/statsd-php-client to 1.0.18.
+* Updated QUnit from v1.18.0 to v1.22.0.
+
+==== New external libraries ====
+* Added wikimedia/base-convert v1.0.1.
+* Added wikimedia/cldr-plural-rule-parser v1.0.0.
+* Added wikimedia/relpath v1.0.3.
+* Added wikimedia/running-stat v1.1.0.
+* Added wikimedia/php-session-serializer v1.0.3.
+
+==== Removed and replaced external libraries ====
+
+=== Bug fixes in 1.27 ===
+* Special:Upload will now display correct maximum allowed file size when running
+ under HHVM (T116347).
+* (T54077) The APIEditBeforeSave hook will once again give only the content of
+ the section being edited, rather than the whole revision. This reverts the
+ change made in MediaWiki 1.22.
+
+=== Action API changes in 1.27 ===
+* Added list=allrevisions.
+* generator=recentchanges now has the option to generate revids.
+* ApiPageSet::setRedirectMergePolicy() was added. This allows generator
+ modules to define how generator data for a redirect source gets merged
+ into the redirect destination.
+* prop=imageinfo&iiprop=uploadwarning will no longer include the possibility of
+ "was-deleted" warning.
+* Added difftotextpst to query=revisions which preforms a pre-save transform on
+ the text before diffing it.
+* Deprecated formats dbg, txt, and yaml have been removed.
+* (T47988) The protect log event details now use new-style formatting.
+* The following response properties from action=login are deprecated, and may
+ be removed in the future: lgtoken, cookieprefix, sessionid. Clients should
+ handle cookies to properly manage session state.
+* action=login transparently allows login using bot passwords. Clients should
+ merely need to change the username and password used after setting up a bot
+ password.
+* action=upload no longer understands statuskey, asyncdownload or leavemessage.
+* Several changes when $wgDisableAuthManager is false:
+** action=login is deprecated for uses other than bot passwords.
+** list=users can now indicate if a missing username is creatable.
+** action=createaccount is changed in a non-backwards-compatible manner.
+** Added action=query&meta=authmanagerinfo.
+** Added action=clientlogin to be used to log into the main account instead of
+ action=login.
+** Added action=linkaccount.
+** Added action=unlinkaccount.
+** Added action=changeauthenticationdata.
+** Added action=removeauthenticationdata.
+** Added action=resetpassword.
+
+=== Action API internal changes in 1.27 ===
+* ApiQueryORM removed.
+* The following classes have been removed:
+** ApiFormatDbg
+** ApiFormatTxt
+** ApiFormatYaml
+* ApiBase::addTokenProperties() was removed (deprecated since 1.24).
+* ApiBase::getFinalPossibleErrors() was removed (deprecated since 1.24).
+* ApiBase::getFinalResultProperties() was removed (deprecated since 1.24).
+* ApiBase::getRequireAtLeastOneParameterErrorMessages() was removed (deprecated since 1.24).
+* ApiBase::getPossibleErrors() was removed (deprecated since 1.24).
+* ApiBase::getRequireMaxOneParameterErrorMessages() was removed (deprecated since 1.24).
+* ApiBase::getRequireOnlyOneParameterErrorMessages() was removed (deprecated since 1.24).
+* ApiBase::getResultProperties() was removed (deprecated since 1.24).
+* ApiBase::getTitleOrPageIdErrorMessage() was removed (deprecated since 1.24).
+* ApiBase::parseErrors() was removed (deprecated since 1.24).
+* ApiQueryBase::titleToKey(), ApiQueryBase::keyToTitle() and
+ ApiQueryBase::keyPartToTitle() all removed (deprecated since 1.24).
+* ApiQueryBase::checkRowCount() was removed (deprecated since 1.24).
+* ApiQueryBase::getDirectionDescription() was removed (deprecated since 1.25).
+* ApiQuery::getGenerators() was removed (deprecated since 1.21).
+* ApiQuery::getModules() was removed (deprecated since 1.21).
+* ApiQuery::getModuleType() was removed (deprecated since 1.21).
+* ApiQuery::setGeneratorContinue() was removed (deprecated since 1.24).
+* ApiMain::getModules() was removed (deprecated since 1.21).
+* ApiBase::getVersion() was removed (deprecated since 1.21).
+* ApiMain::getShowVersions() was removed (deprecated in 1.21).
+* ApiMain::addModule() was removed (deprecated in 1.21).
+* ApiMain::addFormat() was removed (deprecated in 1.21).
+* ApiMain::getFormats() was removed (deprecated in 1.21).
+* ApiPageSet::finishPageSetGeneration() was removed (deprecated in 1.21).
+* ApiCreateAccount was removed.
+
+=== Languages updated in 1.27 ===
+
+MediaWiki supports over 350 languages. Many localisations are updated
+regularly. Below only new and removed languages are listed, as well as
+changes to languages because of Phabricator reports.
+
+* (T113688) Change default numerals from Gurmukhi to Arabic for Punjabi locale.
+* (T116020) Aliases of magic words in MessagesXx.php are sorted by usage.
+
+=== Other changes in 1.27 ===
+* Added dependency injection (DI) infrastructure, see docs/injection.txt for details.
+ It is planned to incrementally move MediaWiki code towards using DI, using the
+ service locator (SL) pattern as a stepping stone.
+* ProfilerOutputUdp was removed. Note that there is a ProfilerOutputStats class.
+* WikiPage::doDeleteArticleReal() and WikiPage::doDeleteArticle() now
+ ignore the 2nd and 3rd arguments (formerly $id and $commit).
+* Removed "loaderScripts" option from ResourceLoaderFileModule class.
+* Removed ORM-like wrapper added in 1.20.
+* LinkCache::getGoodLinks and LinkCache::getBadLinks were removed
+ (deprecated in 1.26).
+* WikiPage::doQuickEdit() was removed (deprecated since 1.21).
+* Removed SiteObject and SiteArray classes (deprecated in 1.21).
+* MessageBlobStore::getInstance() was removed (deprecated since 1.25).
+* (T84937) Free external links ("autolinked" urls) will now be terminated
+ by and HTML entity encodings of  , <, and >.
+* (T36948) The default file revert message's timestamp is now in
+ $wgLocaltimezone, instead of UTC.
+* The default name of the 'suppress' group page has been changed from
+ 'Project:Oversight' to 'Project:Suppress'.
+* DatabaseBase::resultObject() is now protected (use outside Database classes
+ not necessary since 1.11).
+* Calling ResourceLoaderFileModule::readStyleFiles() without a
+ ResourceLoaderContext instance is deprecated.
+* ResourceLoader::getLessCompiler() now takes an optional parameter of
+ additional LESS variables to set for the compiler.
+* wfBaseConvert() marked as deprecated, use Wikimedia\base_convert() directly
+ instead.
+* Obsolete maintenance scripts clearCacheStats.php and showCacheStats.php
+ were removed. The underlying data is sent to StatsD (see $wgStatsdServer).
+* Removed msg_resource_links database table and associated code.
+* Removed msg_resource database table and associated code.
+* Skin::getNamespaceNotice() was removed.
+* wfIsConfiguredProxy() was removed (deprecated since 1.24).
+* wfDebugTimer() was removed (deprecated since 1.25).
+* wfIsTrustedProxy() was removed (deprecated since 1.24).
+* wfGetIP() was removed (deprecated since 1.19).
+* MWHookException was removed.
+* OutputPage::appendSubtitle() was removed (deprecated since 1.19).
+* OutputPage::loginToUse() was removed (deprecated since 1.19).
+* Article::loadContent() was removed (deprecated since 1.19).
+* User::editToken() was removed (deprecated since 1.19).
+* Removed --force-normal option of dumpBackup.php, as it no longer served
+ any useful purpose since 1.22.
+* The functions processOption() and processArgs() on the BackupDumper and
+ TextPassDumper classes have been removed.
+* The maintenance/backupTextPass.inc file was deleted. You should include
+ maintenance/dumpTextPass.php instead.
+* WikiPage::getUsedTemplates() was removed (deprecated since 1.19).
+* wfEmptyMsg() was removed (deprecated since 1.18).
+* OutputPage::permissionRequired() was removed (deprecated since 1.18).
+* OutputPage::blockedPage() was removed (deprecated since 1.18).
+* User::getSkin() was removed (deprecated since 1.18).
+* OutputPage::includeJQuery() was removed (deprecated since 1.17).
+* WikiPage::updateRestrictions() was removed (deprecated since 1.19).
+* WikiPage::testPreSaveTransform() was removed (deprecated since 1.19).
+* LogPage::logName() was removed (deprecated since 1.19).
+* LogPage::logHeader() was removed (deprecated since 1.19).
+* wfCheckLimits() was removed (deprecated since 1.24).
+* Linker::makeKnownLinkObj() was removed (deprecated since 1.16).
+* Linker::makeLinkObj() was removed (deprecated since 1.16).
+* wfMsgForContentNoTrans() was removed (deprecated since 1.18).
+* ChangesList::usePatrol was removed (deprecated since 1.22).
+* wfMsgNoTrans() was removed (deprecated since 1.18).
+* Linker::makeImageLink2 was removed (deprecated since 1.20).
+* Title::userIsWatching() was removed (deprecated since 1.20).
+* Removed WaitForSlave maintenance script; use SELECT MASTER_POS_WAIT()
+ database function directly instead.
+* wfMsg() was removed (deprecated since 1.18).
+* wfMsgForContent() was removed (deprecated since 1.18).
+* wfMsgReal() was removed (deprecated since 1.18).
+* wfMsgGetKey() was removed (deprecated since 1.18).
+* wfMsgHtml() was removed (deprecated since 1.18).
+* wfMsgWikiHtml() was removed (deprecated since 1.18).
+* wfMsgExt() was removed (deprecated since 1.18).
+* Language::armourMath() was removed (deprecated since 1.22).
+* LanguageConverter::armourMath() was removed (deprecated since 1.22).
+* FakeConverter::armourMath() was removed (deprecated since 1.22).
+* The unused jquery.validate ResourceLoader module was removed.
+* FileRepo::getRootUrl() was removed (deprecated since 1.20).
+* User::generateToken() was removed (deprecated since 1.20).
+* WikiPage::getRawText() was removed (deprecated since 1.21).
+* ParserOutput::hasCustomDataUpdates() was removed (deprecated since 1.25).
+* ParserOutput::addSecondaryDataUpdate() was removed (deprecated since 1.25).
+* ParserOutput::getSecondaryDataUpdates() was removed (deprecated since 1.25).
+* Gallery images with multiple caption pipes no longer concatenate them all
+ together but instead pick the final one, similar to image syntax.
+* XML-like parser tags (such as <gallery>), when unclosed, will be left unparsed
+ rather than consume everything until the end of the page.
+* New maintenance script resetUserEmail.php allows sysadmins to reset user emails in case
+ a user forgot password/account was stolen.
+* wfCheckEntropy() was removed (deprecated in 1.27).
+* Browser support for Internet Explorer 8 lowered from Grade A to Grade C.
+* ContentHandler::supportsCategories method added. Default is true.
+ CategoryMembershipChangeJob updates are skipped for content that
+ does not support categories.
+* wikidiff difference engine is no longer supported, anyone still using it are encouraged
+ to upgrade to wikidiff2 which is actively maintained and has better package availability.
+* Database logic was removed from WatchedItem and a WatchedItemStore was created:
+** WatchedItem::IGNORE_USER_RIGHTS and WatchedItem::CHECK_USER_RIGHTS were deprecated.
+ User::IGNORE_USER_RIGHTS and User::CHECK_USER_RIGHTS were introduced.
+** WatchedItem::fromUserTitle was deprecated in favour of the constructor.
+** WatchedItem::resetNotificationTimestamp was deprecated.
+** WatchedItem::batchAddWatch was deprecated.
+** WatchedItem::addWatch was deprecated.
+** WatchedItem::removeWatch was deprecated.
+** WatchedItem::isWatched was deprecated.
+** WatchedItem::duplicateEntries was deprecated.
+** EmailNotification::updateWatchlistTimestamp was deprecated.
+** User::getWatchedItem was removed.
+* Unit tests don't work with external PHPUnit anymore, Composer is now the only supported
+ way. Run `composer install` to install it and other dev dependencies to run unit tests.
+* wl_id field added to the watchlist table.
+* Revision::getRawText() was removed (deprecated since 1.21).
+* WikiPage::replaceSection() was removed (deprecated since 1.21).
+* Article::replaceSection() was removed (deprecated since 1.21).
+* Language::getLangObj() was removed (deprecated since 1.24).
+* Language::getLanguageName() was removed (deprecated since 1.20).
+* Language::getLanguageNames() was removed (deprecated since 1.20).
+* Language::getTranslatedLanguageNames() was removed (deprecated since 1.20).
+* Language::specialPage() was removed (deprecated since 1.24).
+* MediaWikiTestCase::assertException() was removed (deprecated since 1.22).
+* OutputPage::getHeadItems() was removed (deprecated since 1.24).
+* OutputPage::getScript() was removed (deprecated since 1.24).
+* OutputPage::out() was removed (deprecated since 1.22).
+* OutputPage::setAllowedModules() was removed (deprecated since 1.24).
+* UserrightsPage::makeGroupNameListForLog() was removed (deprecated since 1.21).
+* MediaWikiSite::newFromGlobalId() was removed (deprecated since 1.21).
+* Title::newFromRedirect() was removed (deprecated since 1.21).
+* Skin::commonPrintStylesheet() was removed (deprecated since 1.22).
+* Skin::getCommonStylePath() was removed (deprecated since 1.24).
+* Skin::newFromKey() was removed (deprecated since 1.24).
+* Skin::getUsableSkins() was removed (deprecated since 1.23).
+* LoadBalancer::pickRandom() was removed (deprecated in 1.21).
+* Article::getUndoText() and WikiPage::getUndoText were removed (deprecated since
+ 1.21).
+* DifferenceEngine::setText() was removed (deprecated in 1.21).
+* Title::newFromRedirectArray() was removed (deprecated in 1.21).
+* UserMailer::send() no longer accepts $replyto as the 5th argument and $contentType
+ as the 6th. These must be passed in the options array now.
+* Title::newFromRedirectRecurse() was removed (deprecated in 1.21).
+* Skin::accesskey was removed (deprecated since 1.21).
+* Skin::blockLink was removed (deprecated since 1.21).
+* Skin::buildRollbackLink was removed (deprecated since 1.21).
+* Skin::emailLink was removed (deprecated since 1.21).
+* Skin::formatComment was removed (deprecated since 1.21).
+* Skin::formatHiddenCategories was removed (deprecated since 1.21).
+* Skin::formatLinksInComment was removed (deprecated since 1.21).
+* Skin::formatRevisionSize was removed (deprecated since 1.21).
+* Skin::formatSize was removed (deprecated since 1.21).
+* Skin::formatTemplates was removed (deprecated since 1.21).
+* Skin::generateTOC was removed (deprecated since 1.21).
+* Skin::getInternalLinkAttributes was removed (deprecated since 1.21).
+* Skin::getInternalLinkAttributesObj was removed (deprecated since 1.21).
+* Skin::getInterwikiLinkAttributes was removed (deprecated since 1.21).
+* Skin::getInvalidTitleDescription was removed (deprecated since 1.21).
+* Skin::getLinkColour was removed (deprecated since 1.21).
+* Skin::getRevDeleteLink was removed (deprecated since 1.21).
+* Skin::getRollbackEditCount was removed (deprecated since 1.21).
+* Skin::makeBrokenImageLinkObj was removed (deprecated since 1.21).
+* Skin::makeCommentLink was removed (deprecated since 1.21).
+* Skin::makeExternalImage was removed (deprecated since 1.21).
+* Skin::makeExternalLink was removed (deprecated since 1.21).
+* Skin::makeHeadline was removed (deprecated since 1.21).
+* Skin::makeImageLink was removed (deprecated since 1.21).
+* Skin::makeMediaLinkFile was removed (deprecated since 1.21).
+* Skin::makeMediaLinkObj was removed (deprecated since 1.21).
+* Skin::makeSelfLinkObj was removed (deprecated since 1.21).
+* Skin::makeThumbLink2 was removed (deprecated since 1.21).
+* Skin::makeThumbLinkObj was removed (deprecated since 1.21).
+* Skin::normaliseSpecialPage was removed (deprecated since 1.21).
+* Skin::normalizeSubpageLink was removed (deprecated since 1.21).
+* Skin::processResponsiveImages was removed (deprecated since 1.21).
+* Skin::revComment was removed (deprecated since 1.21).
+* Skin::revDeleteLink was removed (deprecated since 1.21).
+* Skin::revDeleteLinkDisabled was removed (deprecated since 1.21).
+* Skin::revUserLink was removed (deprecated since 1.21).
+* Skin::revUserTools was removed (deprecated since 1.21).
+* Skin::specialLink was removed (deprecated since 1.21).
+* Skin::splitTrail was removed (deprecated since 1.21).
+* Skin::titleAttrib was removed (deprecated since 1.21).
+* Skin::tocIndent was removed (deprecated since 1.21).
+* Skin::tocLine was removed (deprecated since 1.21).
+* Skin::tocLineEnd was removed (deprecated since 1.21).
+* Skin::tocList was removed (deprecated since 1.21).
+* Skin::tocUnindent was removed (deprecated since 1.21).
+* Skin::tooltip was removed (deprecated since 1.21).
+* Skin::tooltipAndAccesskeyAttribs was removed (deprecated since 1.21).
+* Skin::userTalkLink was removed (deprecated since 1.21).
+* Skin::userToolLinksRedContribs was removed (deprecated since 1.21).
+* wikidiff3 is now the default and only PHP diff engine. It provides improved diff
+ performance on complex changes. $wgExternalDiffEngine = 'wikidiff3' therefore
+ makes no difference now. Users are still recommended to use wikidiff2 if possible,
+ though.
+* User::addNewUserLogEntry() was deprecated.
+* User::addNewUserLogEntryAutoCreate() was deprecated.
+* User::isPasswordReminderThrottled() was deprecated.
+* Bot-oriented parameters to Special:UserLogin (wpCookieCheck, wpSkipCookieCheck)
+ were removed.
+* Installer can now be customized without patching MediaWiki code, see
+ mw-config/overrides/README for details.
+
+=== Compatibility ===
+
+MediaWiki 1.27 requires PHP 5.5.9 or later. There is experimental support for
+HHVM 3.6.5 or later.
+
+MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but
+support for them is somewhat less mature. There is experimental support for
+Oracle and Microsoft SQL Server.
+
+The supported versions are:
+
+* MySQL 5.0.3 or later
+* PostgreSQL 8.3 or later
+* SQLite 3.3.7 or later
+* Oracle 9.0.1 or later
+* Microsoft SQL Server 2005 (9.00.1399)
+
+=== Upgrading ===
+
+1.27 has several database changes since 1.26, and will not work without schema
+updates. Note that due to changes to some very large tables like the revision
+table, the schema update may take quite long (minutes on a medium sized site,
+many hours on a large site).
+
+If upgrading from before 1.11, and you are using a wiki as a commons
+repository, make sure that it is updated as well. Otherwise, errors may arise
+due to database schema changes.
-== Changes since 1.16.3 ==
+If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
+new database fields are filled with data.
+
+If you are upgrading from MediaWiki 1.4.x or earlier, you should upgrade to
+1.5 first. The upgrade script maintenance/upgrade1_5.php has been removed
+with MediaWiki 1.21.
-* (bug 28507) The change we made in 1.16.3 to fix bug 28235 (XSS for IE 6
- clients) was not actually sufficient to fix that bug. This release contains
- a second attempt, hopefully we have fixed it this time.
+Don't forget to always back up your database before upgrading!
-== Changes since 1.16.2 ==
+See the file UPGRADE for more detailed upgrade instructions.
-* (bug 28449) Fixed permissions checks in Special:Import which allowed users
- without the 'import' permission to import pages from the configured import
+For notes on 1.26.x and older releases, see HISTORY.
+
+
+= MediaWiki 1.26 =
+
+== MediaWiki 1.26.4 ==
+
+This is a maintenance release of the MediaWiki 1.26 branch.
+
+=== Changes since 1.26.3 ===
+* BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests
+ made by MediaWiki via a proxy. Relying on the http_proxy environment
+ variable is no longer supported.
+* (T124163) Fixed fatal error in DifferenceEngine under HHVM.
+* (T139565) SECURITY: API: Generate head items in the context of the given title
+* (T137264) SECURITY: XSS in unclosed internal links
+* (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks
+* (T133147) SECURITY: Require login to preview user CSS pages
+* (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is
+ the top file
+* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
+ permissions
+* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true
+* (T115333) SECURITY: Check read permission when loading page content in ApiParse
+* Remove support for $wgWellFormedXml = false, all output is now well formed
+
+== MediaWiki 1.26.3 ==
+
+This is a maintenance release of the MediaWiki 1.26 branch.
+
+=== Changes since 1.26.2 ===
+* (T116266) Fixed undefined property notices in DairikiDiff under HHVM.
+* (T123166) Fix fatal error when importing pages to titles which cannot be
+ created, such as invalid titles or titles the user is not allowed to edit.
+* (T122056) Old tokens are remaining valid within a new session
+* (T127114) Login throttle can be tricked using non-canonicalized usernames
+* (T123653) Cross-domain policy regexp is too narrow
+* (T123071) Incorrectly identifying http link in a's href attributes, due to
+ m modifier in regex
+* (T129506) MediaWiki:Gadget-popups.js isn't renderable
+* (T125283) Users occasionally logged in as different users after
+ SessionManager deployment
+* (T103239) Patrol allows click catching and patrolling of any page
+* (T122807) [tracking] Check php crypto primatives
+* (T98313) Graphs can leak tokens, leading to CSRF
+* (T130947) Diff generation should use PoolCounter
+* (T133507) Careless use of $wgExternalLinkTarget is insecure
+* (T132874) API action=move is not rate limited
+* (T110143) strip markers can be used to get around html attribute escaping in
+ (many?) parser tags
+* (T116030) Increase pbkdf2 parameter strengths
+* (T127420) Pbkdf2Password does not check if hash_pbkdf2() succeeded
+* (T126685) Globally throttle password attempts
+
+== MediaWiki 1.26.2 ==
+
+This is a maintenance release of the MediaWiki 1.26 branch.
+
+=== Changes since 1.26.1 ===
+* (T121892) Fix fatal error on some Special pages, introduced in 1.26.1.
+
+== MediaWiki 1.26.1 ==
+
+This is a maintenance release of the MediaWiki 1.26 branch.
+
+=== Changes since 1.26.0 ===
+* (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths
+ that do not begin with a slash. This enabled trivial XSS attacks.
+ Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are
+ "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an
+ error.
+* (T119309) SECURITY: Use hash_compare() for edit token comparison
+* (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting
+ with '@' as file uploads
+* (T115522) SECURITY: Passwords generated by User::randomPassword() can no
+ longer be shorter than $wgMinimalPasswordLength
+* (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could
+ result in improper blocks being issued
+* (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions
+ and related pages no longer use HTTP redirects and are now redirected by
+ MediaWiki
+* Fixed ConfigException in ExpandTemplates due to AlwaysUseTidy.
+* Fixed stray literal \n in Special:Search.
+* Fix issue that breaks HHVM Repo Authorative mode.
+* (T120267) Work around APCu memory corruption bug
+
+== MediaWiki 1.26.0 ==
+
+=== Configuration changes in 1.26 ===
+* $wgPasswordResetRoutes['email'] = true by default.
+* $wgEnableParserCache was deprecated, set $wgParserCacheType to CACHE_NONE
+ instead if you want to disable the parser cache.
+* New-style continuation is now the default for API action=continue. Clients may
+ use the 'rawcontinue' parameter to receive raw query-continue data, but the
+ new style is encouraged as it's harder to implement incorrectly.
+* Deprecated API formats dump and wddx have been completely removed.
+* (T7645) The "Signature" button on the edit toolbar is now hidden by default
+ in non-talk namespaces. A new configuration variable,
+ $wgExtraSignatureNamespaces, controls in which subject (non-talk) namespaces
+ the "Signature" button on the edit toolbar will be displayed.
+* $wgResourceLoaderUseESI was deprecated and removed. This was an experimental
+ feature that was never enabled by default.
+* $wgResourceLoaderExperimentalAsyncLoading was deprecated and removed.
+ This experimental feature was never enabled by default and is obsolete as of
+ MediaWiki 1.26, in where ResourceLoader became fully asynchronous.
+* $wgMasterWaitTimeout was removed (deprecated in 1.24).
+* Fields in ParserOptions are now private. Use the accessors instead.
+* Custom LESS functions (defined via $wgResourceLoaderLESSFunctions or
+ in extension.json) have been removed, after being deprecated in 1.24.
+* $wgAlwaysUseTidy has been removed.
+* ResetSessionID hook has been removed. Nothing seems to use it.
+* Certain AuthPlugin methods are deprecated in favor of new hooks:
+** AuthPlugin::initUser() is replaced by LocalUserCreated.
+** AuthPlugin::updateUser() is replaced by UserLoggedIn.
+** AuthPlugin::updateExternalDB() is replaced by the existing UserSaveSettings.
+** AuthPlugin::updateExternalDBGroups() is replaced by UserGroupsChanged.
+** AuthPluginUser::isHidden() is replaced by UserIsHidden.
+** AuthPluginUser::isLocked() is replaced by UserIsLocked.
+* The UserRights hook is deprecated in favor of the new UserGroupsChanged hook.
+* AuthPlugin::initUser() and AuthPlugin::updateUser() should no longer replace
+ the passed User object.
+* $wgBlockAllowsUTEdit is now set to true by default. This allows
+ blocked users to edit their talk pages unless explicitly disabled
+ when they are being blocked.
+
+=== New features in 1.26 ===
+* (T51506) Now action=info gives estimates of actual watchers for a page.
+ See $wgRCMaxAge, $wgWatchersMaxAge and $wgUnwatchedPageSecret
+ to learn how to configure if needed.
+* Change tags can now be hidden in the interface by disabling the associated
+ "tag-<id>" interface message.
+* ':' (colon) is now invalid in usernames for new accounts. Existing accounts
+ are not affected.
+* Added a new hook, 'LogException', to log exceptions in nonstandard ways.
+* Revive the 'SpecialSearchResultsAppend' hook which occurs after the list of
+ search results are rendered. The initial use case is to append a "give us
+ feedback" link beneath the search results.
+* Added a new hook, 'RejectParserCacheValue', which allows extensions to
+ reject an otherwise-successful parser cache lookup. The intent is to allow
+ extensions to manage the eviction of archaic HTML output from the cache.
+* (T68699) The expiration of the UserID and Token login cookies
+ ($wgExtendedLoginCookieExpiration) can be configured independently of the
+ expiration of all other cookies ($wgCookieExpiration).
+* (T50519) Support for generating JPEG/PNG thumbnails from WebP images added
+ if ImageMagick is used as image scaler ($wgUseImageMagick = true). Uploading
+ of WebP images still disabled by default. Add $wgFileExtensions[] =
+ 'webp'; to LocalSettings.php to enable uploading of WebP images.
+* Added new hooks 'EnhancedChangesListModifyLineData' &
+ 'EnhancedChangesListModifyBlockLineData', to modify the data used to build
+ lines in enhanced recentchanges and watchlist.
+* Caches that need purging ability now use the WANObjectCache interface.
+ This corresponds to a new $wgMainWANCache setting, which defaults to using
+ the $wgMainCacheType settings.
+* Callers needing fast light-weight data stores use $wgMainStash to select
+ the store type from $wgObjectCaches. The default is the local database.
+* Interface message overrides in the MediaWiki namespace will now be cached in
+ memcached and APC (if available), rather than memcached and local files.
+* Added a new hook, 'RandomPageQuery', to allow modification of the query used
+ by Special:Random to select random pages.
+* $wgTransactionalTimeLimit was added, which controls the request time limit
+ for potentially slow POST requests that need to be as atomic as possible.
+* ResourceLoader now loads all scripts asynchronously. The top-queue and
+ startup modules are no longer synchronously loaded.
+* 'mediawiki.ui.button' styles are no longer unconditionally loaded on every
+ page. During the deprecation period, the styles will only be loaded on pages
+ which contain 'mw-ui-button' in their HTML. Starting in 1.28, the styles will
+ only be loaded if explicitly required.
+* If search returns zero results and current search engine has a "did you mean"
+ suggestion, results for suggestion will be shown. Can be disabled by setting
+ $wgSearchRunSuggestedQuery to false.
+* Added several JavaScript libraries for uploading files to MediaWiki
+ from the client-side. See documentation for mw.Upload and its
+ subclasses for more information.
+* Added OOUI dialogs and layout for file upload interfaces. See
+ documentation for mw.Upload.Dialog, mw.Upload.BookletLayout and its
+ subclasses for more information.
+
+=== extension.json changes in 1.26 ===
+* (T99344) The extension.json schema is now versioned. All extensions
+ and skins should set a "manifest_version" property corresponding to
+ the schema version they were written for. The only supported version
+ currently is "1".
+* (T102523) The error message if a non-array attribute is set was improved.
+* (T107646) Configuration settings can now specify how they should be merged,
+ which is necessary for arrays using integer keys.
+* (T110389) Adding namespaces through extension.json now actually works
+* $wgNamespaceProtection can now be set in extension.json.
+* $wgCapitalLinkOverrides can now be set in extension.json.
+* (T97186) Extensions using a custom prefix for their configuration settings
+ can now set a "_prefix" key to override the default of "wg".
+* (T99084) Extensions can now specify what MediaWiki core versions they
+ depend upon.
+* (T105236) The extension.json schema now validates custom classes in
+ the "ResourceModules" property properly.
+
+=== External library changes in 1.26 ===
+==== Upgraded external libraries ====
+* Updated es5-shim from v4.0.0 to v4.1.5.
+* Updated json2 from revision 2014-02-04 to 2015-05-03.
+* Updated Sinon.JS from 1.10.3 to 1.15.4.
+* Updated jQuery Client from v1.0.0 to v2.0.0.
+* Updated QUnit from v1.17.1 to v1.18.0.
+* Updated liuggio/statsd-php-client from v1.0.12 to v1.0.16.
+* Updated oojs/oojs-ui from v0.11.3 to v0.12.12.
+* Updated wikimedia/cdb from v1.0.1 to v1.3.0.
+* Updated wikimedia/utfnormal from v1.0.2 to v1.0.3.
+* Updated wikimedia/composer-merge-plugin from v1.0.0 to v1.3.0.
+* Updated zordius/lightncandy from v0.18 to v0.21.
+
+==== New external libraries ====
+* Added composer/semver v1.0.0.
+* Added mediawiki/at-ease v1.1.0.
+* Added wikimedia/assert v0.2.2.
+* Added wikimedia/ip-set v1.0.1.
+* Added wikimedia/wrappedstring v2.0.0.
+
+==== Removed and replaced external libraries ====
+* Replaced leafo/lessphp v0.5.0 with oyejorge/less.php v1.7.0.9.
+
+=== Bug fixes in 1.26 ===
+* (T53283) load.php sometimes sends 304 response without full headers
+* (T65198) Talk page tabs now have a "rel=discussion" attribute
+* (T98841) {{msgnw:}} now preserves comments even when subst: is not used.
+* (T104142) $wgEmergencyContact and $wgPasswordSender now use their default
+ value if set to an empty string.
+
+=== Action API changes in 1.26 ===
+* New-style continuation is now the default for action=continue. Clients may
+ use the 'rawcontinue' parameter to receive raw query-continue data, but the
+ new style is encouraged as it's harder to implement incorrectly.
+* Deprecated API formats dump and wddx have been completely removed.
+* API action=query&list=tags: The displayname can now be boolean false if the
+ tag is meant to be hidden from user interfaces.
+* action=import no longer allows both the namespace= and rootpage= parameters
+ to be set. If they are both set, the value of rootpage= will be ignored.
+* prop=revision output in enum mode is now sorted by timestamp rather than
+ revision ID. This usually won't make any difference.
+* (T102645) Namespace list from meta=siteinfo&siprop=namespaces is now an array
+ with formatversion=2.
+* Various other output from meta=siteinfo will now always be arrays instead of
+ sometimes being numerically-indexed objects with formatversion=2.
+* When errors about users being blocked are returned, they now include
+ information about the relevant block.
+* (T99926) list=random has higher limits, in line with other API modules.
+* list=random's rnredirect parameter is deprecated in favor of a new
+ rnfilterredir parameter that also allows for listing both redirects and
+ non-redirects.
+* list=random now supports continuation.
+* API responses to GET requests may now include ETag and Last-Modified headers,
+ and will honor corresponding If-None-Match and If-Modified-Since on such
+ requests.
+
+=== Action API internal changes in 1.26 ===
+* New metadata item ApiResult::META_KVP_MERGE to allow for merging the KVP key
+ into the value when the value is an assoc.
+* API action modules may now provide values for the RFC 7232 ETag and
+ Last-Modified headers. The API will check these against If-None-Match and
+ If-Modified-Since request headers on GET requests and avoid executing the
+ module when appropriate.
+
+=== Languages updated in 1.26 ===
+
+MediaWiki supports over 350 languages. Many localisations are updated
+regularly. Below only new and removed languages are listed, as well as
+changes to languages because of Phabricator reports.
+
+* Languages added:
+** ase (American sign language), thanks to translator Icemandeaf
+** dty (डोटेली/Doteli), thanks to translators जनक राज भट्ट, बिप्लब आनन्द,
+ मेश सिंह बोहरा, and राम प्रसाद जोशी
+** luz (لئری دوٙمینی / Southern Luri)
+** olo (Livvinкarjala / Livvi-Karelian), thanks to translators Denö, Hiloin Natoi,
+ Ilja.mos, and Mashoi7
+
+=== Other changes in 1.26 ===
+* ChangeTags::tagDescription() will return false if the interface message
+ for the tag is disabled.
+* Added PageHistoryPager::doBatchLookups hook.
+* Added $wikiId parameter to FormatAutocomments hook.
+* Added ParserCacheSaveComplete to ParserCache
+* supportsDirectEditing and supportsDirectApiEditing methods added to
+ ContentHandler, to provide a way for ApiEditPage and EditPage to check
+ if direct editing of content is allowed. These methods return false,
+ by default for the ContentHandler base class and true for TextContentHandler
+ and it's derivative classes (everything in core). For Content types that
+ do not support direct editing, an alternative mechanism should be provided
+ for editing, such as action overrides or specific api modules.
+* mediaWiki.confirmCloseWindow now returns an object of functions, instead of
+ one function. The callback can't be called directly any more. The callback
+ function is replaced with confirmCloseWindow.release().
+* BREAKING CHANGE: Added an optional ResouceLoaderContext parameter to
+ ResourceLoaderModule::getDependencies(). Extension classes that override that
+ method should be updated. If they aren't updated, PHP Strict standards
+ warnings will appear when E_STRICT error reporting is enabled. Note: in the
+ near future, this parameter will probably become non-optional.
+* Removed maintenance script deleteImageMemcached.php.
+* MWFunction::newObj() was removed (deprecated in 1.25).
+ ObjectFactory::getObjectFromSpec() should be used instead.
+* The parser will no longer randomize the string it uses to mark the place of
+ items that were stripped during parsing. It will use a fixed string instead.
+ This causes the parser to re-use the regular expressions it uses to search
+ and replace markers rather than generate novel expressions on each parse.
+ Re-using regular expressions will improve performance on HHVM and the
+ forthcoming PHP 7. The interfaces changes accompanying this change are:
+ - Parser::getRandomString() and Parser::uniqPrefix() have been deprecated.
+ - The $uniq_prefix argument for Parser::extractTagsAndParams() and the
+ $prefix argument for StripState::_construct() are deprecated and their
+ value is ignored.
+* wfSuppressWarnings() and wfRestoreWarnings() were split into a separate library,
+ mediawiki/at-ease, and are now deprecated. Callers should use
+ MediaWiki\suppressWarnings() and MediaWiki\restoreWarnings() directly.
+* The Block class constructor now takes an associative array of parameters
+ instead of many optional positional arguments. Calling the constructor the old
+ way will issue a deprecation warning.
+* The jquery.mwExtension module was deprecated.
+* $wgSpecialPageGroups was removed (deprecated in 1.21).
+* SpecialPageFactory::setGroup was removed (deprecated in 1.21).
+* SpecialPageFactory::getGroup was removed (deprecated in 1.21).
+* DatabaseBase::ignoreErrors() is now protected.
+* BREAKING CHANGE: mediawiki.legacy.ajax has been removed, following
+ a lengthy deprecation period.
+* The ScopedPHPTimeout class was removed.
+* Removed maintenance script fixSlaveDesync.php.
+* Watchlist tokens, SpecialResetTokens, and User::getTokenFromOption()
+ are deprecated. Applications using those can work via the OAuth
+ extension instead. New tokens types should not be added.
+* DatabaseBase::errorCount() was removed (unused).
+* $wgDeferredUpdateList was removed.
+* DeferredUpdates::addHTMLCacheUpdate() was removed.
+
+= MediaWiki 1.25 =
+
+== MediaWiki 1.25.6 ==
+
+This is a maintenance release of the MediaWiki 1.25 branch.
+
+=== Changes since 1.25.5 ===
+* (T123166) Fix fatal error when importing pages to titles which cannot be
+ created, such as invalid titles or titles the user is not allowed to edit.
+* (T122056) Old tokens are remaining valid within a new session
+* (T127114) Login throttle can be tricked using non-canonicalized usernames
+* (T123653) Cross-domain policy regexp is too narrow
+* (T123071) Incorrectly identifying http link in a's href attributes, due to
+ m modifier in regex
+* (T129506) MediaWiki:Gadget-popups.js isn't renderable
+* (T125283) Users occasionally logged in as different users after
+ SessionManager deployment
+* (T103239) Patrol allows click catching and patrolling of any page
+* (T122807) [tracking] Check php crypto primatives
+* (T98313) Graphs can leak tokens, leading to CSRF
+* (T130947) Diff generation should use PoolCounter
+* (T133507) Careless use of $wgExternalLinkTarget is insecure
+* (T132874) API action=move is not rate limited
+* (T110143) strip markers can be used to get around html attribute escaping in
+ (many?) parser tags
+* (T116030) Increase pbkdf2 parameter strengths
+* (T127420) Pbkdf2Password does not check if hash_pbkdf2() succeeded
+* (T126685) Globally throttle password attempts
+
+== MediaWiki 1.25.5 ==
+
+This is a maintenance release of the MediaWiki 1.25 branch.
+
+=== Changes since 1.25.4 ===
+* (T121892) Fix fatal error on some Special pages, introduced in 1.25.4.
+
+== MediaWiki 1.25.4 ==
+
+This is a security and maintenance release of the MediaWiki 1.25 branch.
+
+=== Changes since 1.25.3 ===
+* (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths
+ that do not begin with a slash. This enabled trivial XSS attacks.
+ Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are
+ "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an
+ error.
+* (T119309) SECURITY: Use hash_compare() for edit token comparison
+* (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting
+ with '@' as file uploads
+* (T115522) SECURITY: Passwords generated by User::randomPassword() can no
+ longer be shorter than $wgMinimalPasswordLength
+* (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could
+ result in improper blocks being issued
+* (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions
+ and related pages no longer use HTTP redirects and are now redirected by
+ MediaWiki
+* (T103237) $wgUseGzip had no effect when using file cache.
+* (T114606) mw.notify was not correctly fixed to the page if
+ initialized while not at the top of the page.
+* Fix issue that breaks HHVM Repo Authorative mode.
+
+== MediaWiki 1.25.3 ==
+
+This is a security and maintenance release of the MediaWiki 1.25 branch.
+
+=== Changes since 1.25.2 ===
+
+* (T98975) Fix having multiple callbacks for a single hook.
+* (T107632) maintenance/refreshLinks.php did not always remove all links
+ pointing to nonexistent pages.
+* (T104142) $wgEmergencyContact and $wgPasswordSender now use their default
+ value if set to an empty string.
+* (T62174) Provide fallbacks for use of mb_convert_encoding() in
+ HtmlFormatter. It was causing an error when accessing the api help page
+ if the mbstring PHP extension was not installed.
+* (T105896) Confirmation emails would sometimes contain invalid codes.
+* (T105597) Fixed edit stash inclusion queries.
+* (T91850) SECURITY: Add throttle check in ApiUpload and SpecialUpload
+* (T91203, T91205) SECURITY: API: Improve validation in chunked uploading
+* (T95589) SECURITY: RevDel: Check all revisions for suppression, not just the
+ first
+* (T108616) SECURITY: Avoid exposure of local path in PNG thumbnails
+
+== MediaWiki 1.25.2 ==
+
+This is a security and maintenance release of the MediaWiki 1.25 branch.
+
+=== Changes since 1.25.1 ===
+
+* (T94116) SECURITY: Compare API watchlist token in constant time
+* (T97391) SECURITY: Escape error message strings in thumb.php
+* (T106893) SECURITY: Don't leak autoblocked IP addresses on
+ Special:DeletedContributions
+* (T102562) Fix InstantCommons parameters to handle the new HTTPS-only
+ policy of Wikimedia Commons.
+* (T100767) Setting a configuration setting for skin or extension to
+ false in LocalSettings.php was not working.
+* (T100635) API action=opensearch json output no longer breaks when
+ $wgDebugToolbar is enabled.
+* (T102522) Using an extension.json or skin.json file which has
+ a "manifest_version" property for 1.26 compatability will no longer
+ trigger warnings.
+* (T86156) Running updateSearchIndex.php will not throw an error as
+ page_restrictions has been added to the locked table list.
+* Special:Version would throw notices if using SVN due to an incorrectly
+ named variable. Add an additional check that an index is defined.
+
+== MediaWiki 1.25.1 ==
+
+This is a bug fix release of the MediaWiki 1.25 branch.
+
+=== Changes since 1.25 ===
+* (T100351) Fix syntax errors in extension.json of ConfirmEdit extension
+
+== MediaWiki 1.25.0 ==
+
+=== Configuration changes in 1.25 ===
+* $wgPageShowWatchingUsers was removed.
+* $wgLocalVirtualHosts has been added to replace $wgConf->localVHosts.
+* $wgAntiLockFlags was removed.
+* $wgJavaScriptTestConfig was removed.
+* Edit tokens returned from User::getEditToken may change on every call. Token
+ validity must be checked by passing the user-supplied token to
+ User::matchEditToken rather than by testing for equality with a
+ newly-generated token.
+* (T74951) The UserGetLanguageObject hook may be passed any IContextSource
+ for its $context parameter. Formerly it was documented as receiving a
+ RequestContext specifically.
+* Profiling was restructured and $wgProfiler now requires an 'output' parameter.
+ See StartProfiler.sample for details.
+* $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that
+ might be a flash policy directive configurable.
+* ApiOpenSearch now supports XML output. The OpenSearchXml extension should no
+ longer be used. If extracts and page images are desired, the TextExtracts and
+ PageImages extensions are required.
+* $wgOpenSearchTemplate is deprecated in favor of $wgOpenSearchTemplates.
+* Edits are now prepared via AJAX as users type edit summaries. This behavior
+ can be disabled via $wgAjaxEditStash.
+* (T46740) The temporary option $wgIncludejQueryMigrate was removed, along
+ with the jQuery Migrate library, as indicated when this option was provided in
+ MediaWiki 1.24.
+* ProfilerStandard and ProfilerSimpleTrace were removed. Make sure that any
+ StartProfiler.php config is updated to reflect this. Xhprof is available
+ for zend/hhvm. Also, for hhvm, one can consider using its xenon profiler.
+* Default value of $wgSVGConverters['rsvg'] now uses the 'rsvg-convert' binary
+ rather than 'rsvg'.
+* Default value of $wgSVGConverters['ImageMagick'] now uses transparent
+ background with white fallback color, rather than just white background.
+ * MediaWikiBagOStuff class removed, make sure any object cache config
+ uses SqlBagOStuff instead.
+* The 'daemonized' flag must be set to true in $wgJobTypeConf for any redis
+ job queues. This means that mediawiki/services/jobrunner service has to
+ be installed and running for any such queues to work.
+* $wgAutopromoteOnce no longer supports the 'view' event. For keeping some
+ compatibility, any 'view' event triggers will still trigger on 'edit'.
+* $wgExtensionDirectory was added for when your extensions directory is somewhere
+ other than $IP/extensions (as $wgStyleDirectory does with the skins directory).
+
+=== New features in 1.25 ===
+* (T64861) Updated plural rules to CLDR 26. Includes incompatible changes
+ for plural forms in Russian, Prussian, Tagalog, Manx and several languages
+ that fall back to Russian.
+* (T60139) ResourceLoaderFileModule now supports language fallback
+ for 'languageScripts'.
+* Added a new hook, "ContentAlterParserOutput", to allow extensions to modify the
+ parser output for a content object before links update.
+* (T37785) Enhanced recent changes and extended watchlist are now default.
+ Documentation: https://meta.wikimedia.org/wiki/Special:MyLanguage/Help:Enhanced_recent_changes
+ and https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:$wgDefaultUserOptions.
+* (T69341) SVG images will no longer be base64-encoded when being embedded
+ in CSS. This results in slight size increase before gzip compression (due to
+ percent-encoding), but up to 20% decrease after it.
+* Update jStorage to v0.4.12.
+* MediaWiki now natively supports page status indicators: icons (or short text
+ snippets) usually displayed in the top-right corner of the page. They have
+ been in use on Wikipedia for a long time, implemented using templates and CSS
+ absolute positioning.
+ - Basic wikitext syntax: <indicator name="foo">[[File:Foo.svg|20px]]</indicator>
+ - Usage instructions: https://www.mediawiki.org/wiki/Help:Page_status_indicators
+ - Adjusting custom skins to support indicators:
+ https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Skinning#Page_status_indicators
+* Edit tokens may now be time-limited: passing a maximum age to
+ User::matchEditToken will reject any older tokens.
+* The debug logging internals have been overhauled, and are now using the
+ PSR-3 interfaces.
+* Update CSSJanus to v1.1.1.
+* Update lessphp to v0.5.0.
+* Added a hook, "ApiOpenSearchSuggest", to allow extensions to provide extracts
+ and images for ApiOpenSearch output. The semantics are identical to the
+ "OpenSearchXml" hook provided by the OpenSearchXml extension.
+* PrefixSearchBackend hook now has an $offset parameter. Combined with $limit,
+ this allows for pagination of prefix results. Extensions using this hook
+ should implement supporting behavior. Not doing so can result in undefined
+ behavior from API clients trying to continue through prefix results.
+* Update jQuery from v1.11.1 to v1.11.3.
+* External libraries installed via composer will now be displayed
+ on Special:Version in their own section. Extensions or skins that are
+ installed via composer will not be shown in this section as it is assumed
+ they will add the proper credits to the skins or extensions section. They
+ can also be accessed through the API via the new siprop=libraries to
+ ApiQuerySiteInfo.
+* Update QUnit from v1.14.0 to v1.16.0.
+* Update Moment.js from v2.8.3 to v2.8.4.
+* Special:Tags now allows for manipulating the list of user-modifiable change
+ tags.
+* Added 'managetags' user right and 'ChangeTagCanCreate', 'ChangeTagCanDelete',
+ and 'ChangeTagCanCreate' hooks to allow for managing user-modifiable change
+ tags.
+* Added 'ChangeTagsListActive' hook, to separate the concepts of "defined" and
+ "active" formerly conflated by the 'ListDefinedTags' hook.
+* Added TemplateParser class that provides a server-side interface to cachable
+ dynamically-compiled Mustache templates (currently uses lightncandy library).
+* Clickable anchors for each section heading in the content are now generated
+ and appear in the gutter on hovering over the heading.
+* Added 'CategoryViewer::doCategoryQuery' and 'CategoryViewer::generateLink' hooks
+ to allow extensions to override how links to pages are rendered within NS_CATEGORY
+* (T19665) Special:WantedPages only lists page which having at least one red link
+ pointing to it.
+* New hooks 'ApiMain::moduleManager' and 'ApiQuery::moduleManager', can be
+ used for conditional registration of API modules.
+* New hook 'EnhancedChangesList::getLogText' to alter, remove or add to the
+ links of a group of changes in EnhancedChangesList.
+* A full interface for StatsD metric reporting has been added to the context
+ interface, reachable via IContextSource::getStats().
+* Move the jQuery Client library from being mastered in MediaWiki as v0.1.0 to a
+ proper, published library, which is now tagged as v1.0.0.
+* A new message (defaulting to blank), 'editnotice-notext', can be shown to users
+ when they are editing if no edit notices apply to the page being edited.
+* (T94536) You can now make the sitenotice appear to logged-in users only by
+ editing MediaWiki:Anonnotice and replacing its content with "". Setting it to
+ "-" (default) will continue disable it and fallback to MediaWiki:Sitenotice.
+* Modifying the tagging of a revision or log entry is now available via
+ Special:EditTags, generally accessed via the revision-deletion-like interface
+ on history pages and Special:Log is likely to be more useful.
+* Added 'applychangetags' and 'changetags' user rights.
+* (T35235) LogFormatter subclasses are now responsible for formatting the
+ parameters for API log event output. Extensions should implement the new
+ getParametersForApi() method in their log formatters.
+
+==== External libraries ====
+* MediaWiki now requires certain external libraries to be installed. In the past
+ these were bundled inside the Git repository of MediaWiki core, but now they
+ need to be installed separately. For users using the tarball, this will be taken
+ care of and no action will be required. Users using Git will either need to use
+ composer to fetch dependencies or use the mediawiki/vendor repository which includes
+ all dependencies for MediaWiki core and ones used in Wikimedia deployment. Detailed
+ instructions can be found at:
+ https://www.mediawiki.org/wiki/Download_from_Git#Fetch_external_libraries
+* The following libraries are now required:
+** psr/log
+ This library provides the interfaces set by the PSR-3 standard (http://www.php-fig.org/psr/psr-3/)
+ which are used by MediaWiki internally via the
+ MediaWiki\Logger\LoggerFactory class.
+ See the structured logging RfC (https://www.mediawiki.org/wiki/Special:MyLanguage/Requests_for_comment/Structured_logging)
+ for more background information.
+** cssjanus/cssjanus
+ This library was formerly bundled with MediaWiki core and has been removed.
+ It automatically flips CSS for RTL support.
+** leafo/lessphp
+ This library was formerly bundled with MediaWiki core and has been removed.
+ It compiles LESS files into CSS.
+** wikimedia/cdb
+ This library was formerly a part of MediaWiki core, and has been moved into a separate library.
+ It provides CDB functions which are used in the Interwiki and Localization caches.
+ More information about the library can be found at https://www.mediawiki.org/wiki/Special:MyLanguage/CDB.
+** liuggio/statsd-php-client
+ This library provides a StatsD client API for logging application metrics to a remote server.
+
+=== Bug fixes in 1.25 ===
+* (T73003) No additional code will be generated to try to load CSS-embedded
+ SVG images in Internet Explorer 6 and 7, as they don't support them anyway.
+* (T69021) On Special:BookSources, corrected validation of ISBNs (both
+ 10- and 13-digit forms) containing "X".
+* Page moving was refactored into a MovePage class. As part of that:
+** The AbortMove hook was removed.
+** MovePageIsValidMove is for extensions to specify whether a page
+ cannot be moved for technical reasons, and should not be overridden.
+** MovePageCheckPermissions is for checking whether the given user is
+ allowed to make the move.
+** Title::moveNoAuth() was deprecated. Use the MovePage class instead.
+** Title::moveTo() was deprecated. Use the MovePage class instead.
+** Title::isValidMoveOperation() broken down into MovePage::isValidMove()
+ and MovePage::checkPermissions().
+* (T18530) Multiple autocomments are now formatted in an edit summary.
+* (T70361) Autocomments containing "/*" are parsed correctly.
+* The Special:WhatLinksHere page linked from 'Number of redirects to this page'
+ on action=info about a file page does not list file links anymore.
+* (T78637) Search bar is not autofocused unless it is empty so that proper scrolling using arrow keys is possible.
+* (T50853) Database::makeList() modified to handle 'NULL' separately when building IN clause
+* (T85192) Captcha position modified in Usercreate template. As a result:
+** extrafields parameter added to Usercreate.php to insert additional data
+** 'extend' method added to QuickTemplate to append additional values to any field of data array
+* (T86974) Several Title methods now load from the database when necessary
+ (instead of returning incorrect results) even when the page ID is known.
+* (T74070) Duplicate search for archived files on file upload now omits the extension.
+ This requires the fa_sha1 field being populated.
+* Removed rel="archives" from the "View history" link, as it did not pass
+ HTML validation.
+* $wgUseTidy is now set when parserTests are run with the tidy option to match
+ output on wiki.
+* (T37472) update.php will purge ResourceLoader cache unless --nopurge is passed to it.
+* (T72109) mediawiki.language should respect $wgTranslateNumerals in convertNumber().
+
+=== Action API changes in 1.25 ===
+* (T67403) XML tag highlighting is now only performed for formats
+ "xmlfm" and "wddxfm".
+* action=paraminfo supports generalized submodules (modules=query+value),
+ querymodules and formatmodules are deprecated
+* action=paraminfo no longer outputs descriptions and other help text by
+ default. If needed, it may be requested using the new 'helpformat' parameter.
+* action=help has been completely rewritten, and outputs help in HTML
+ rather than plain text.
+* Hitting api.php without specifying an action now displays only the help for
+ the main module, with links to submodule help.
+* API help is no longer displayed on errors.
+* 'uselang' is now a recognized API parameter; "uselang=user" may be used to
+ explicitly select the language from the current user's preferences, and
+ "uselang=content" may be used to select the wiki's content language.
+* Default output format for the API is now jsonfm.
+* Simplified continuation will return a "batchcomplete" property in the result
+ when a batch of pages is complete.
+* Pretty-printed HTML output now has nicer formatting and (if available)
+ better syntax highlighting.
+* Deprecated list=deletedrevs in favor of newly-added prop=deletedrevisions and
+ list=alldeletedrevisions.
+* prop=revisions will gracefully continue when given too many revids or titles,
+ rather than just ignoring the extras.
+* prop=revisions will no longer die if rvcontentformat doesn't match a
+ revision's content model; it will instead warn and omit the content.
+* If the user has the 'deletedhistory' right, action=query's revids parameter
+ will now recognize deleted revids.
+* prop=revisions may be used as a generator, generating revids.
+* (T68776) format=json results will no longer be corrupted when
+ $wgMangleFlashPolicy is in effect. format=php results will cleanly return an
+ error instead of returning invalid serialized data.
+* Generators may now return data for the generated pages when used with
+ action=query.
+* Query page data for generator=search and generator=prefixsearch will now
+ include an "index" field, which may be used by the client for sorting the
+ search results.
+* ApiOpenSearch now supports XML output.
+* ApiOpenSearch will now output descriptions and URLs as array indexes 2 and 3
+ in JSON format.
+* (T76051) list=tags will now continue correctly.
+* (T76052) list=tags can now indicate whether a tag is defined.
+* (T75522) list=prefixsearch now supports continuation
+* (T78737) action=expandtemplates can now return page properties.
+* (T78690) list=allimages now accepts multiple pipe-separated values
+ for the 'aimime' parameter.
+* prop=info with inprop=protections will now return applicable protection types
+ with the 'restrictiontypes' key.
+* (T85417) When resolving redirects, ApiPageSet will now add the targets of
+ interwiki redirects to the list of interwiki titles.
+* (T85417) When outputting the list of redirect titles, a 'tointerwiki'
+ property (like the existing 'tofragment' property) will be set.
+* Added action=managetags to allow for managing the list of
+ user-modifiable change tags. Actually modifying the tagging of a revision or
+ log entry is not implemented yet.
+* list=tags has additional properties to indicate 'active' status and tag
sources.
-* (bug 28235) Fixed XSS affecting IE 6 and earlier clients only, due to those
- browsers looking for a file extension in the query string of the URL, and
- ignoring the Content-Type header if one is found.
-* (bug 28450) Fixed a CSS validation issue involving escaped comments, which
- led to XSS for Internet Explorer clients and privacy loss for other clients.
-
-== Changes since 1.16.1 ==
-
-* (bug 26642) Fixed incorrect translated namespace due to a regression in the
- language converter.
-* The interface translations were updated.
-* (bug 27093, CVE-2011-0047): Fixed CSS injection vulnerability.
-* (bug 27094) Fixed server-side arbitrary script inclusion vulnerability.
- Affects Windows servers only. A malicious file with extension ".php" must
- exist on the server for the exploit to be effective.
-
-== Changes since 1.16.0 ==
-
-* (bug 24981) Allow extensions to access SpecialUpload variables again
-* (bug 24724) list=allusers was out by 1 (shows total users - 1)
-* (bug 24166) Fixed API error when using rvprop=tags
-* For wikis using French as a content language, Special:Téléchargement works
- again as an alias for Special:Upload.
-* (bug 25167) Correctly load JS fixes for IE6 (fixing a regression in 1.16.0)
-* (bug 25248) Fixed paraminfo errors in certain API modules.
-* The installer now has improved handling for situations where safe_mode is
- active or exec() and similar functions are disabled.
+* siprop=libraries was added to ApiQuerySiteInfo to list installed external libraries.
+* (T88010) Added action=checktoken, to test a CSRF token's validity.
+* (T88010) Added intestactions to prop=info, to allow querying of
+ Title::userCan() via the API.
+* Default type param for query list=watchlist and list=recentchanges has
+ been changed from all types (e.g. including 'external') to 'edit|new|log'.
+* Added formatversion to format=json. Still "experimental" as further changes
+ to the output formatting might still be made.
+* (T73020) Log event details are now always under a 'params' subkey for
+ list=logevents, and a 'logparams' subkey for list=watchlist and
+ list=recentchanges.
+* Log event details are changing formatting:
+ * block events now report flags as an array rather than as a comma-separated
+ list.
+ * patrol events now report the 'auto' flag as a boolean (absent/empty string
+ for BC formats) rather than as an integer.
+ * rights events now report the old and new group lists as arrays rather than
+ as comma-separated lists.
+ * merge events use new-style formatting.
+ * delete/event and delete/revision events use new-style formatting.
+* The root node and various other nodes will now always be an object in formats
+ such as json that distinguish between arrays and objects.
+ * Except for action=opensearch where the spec requires an array.
+
+=== Action API internal changes in 1.25 ===
+* ApiHelp has been rewritten to support i18n and paginated HTML output.
+ Most existing modules should continue working without changes, but should do
+ the following:
+ * Add an i18n message "apihelp-{$moduleName}-description" to replace getDescription().
+ * Add i18n messages "apihelp-{$moduleName}-param-{$param}" for each parameter
+ to replace getParamDescription(). If necessary, the settings array returned
+ by getParams() can use the new ApiBase::PARAM_HELP_MSG key to override the
+ message.
+ * Implement getExamplesMessages() to replace getExamples().
+* Modules with submodules (like action=query) must have their submodules
+ override ApiBase::getParent() to return the correct parent object.
+* The 'APIGetDescription' and 'APIGetParamDescription' hooks are deprecated,
+ and will have no effect for modules using i18n messages. Use
+ 'APIGetDescriptionMessages' and 'APIGetParamDescriptionMessages' instead.
+* Api formatters will no longer be asked to display the help screen on errors.
+* ApiMain::getCredits() was removed. The credits are available in the
+ 'api-credits' i18n message.
+* ApiFormatBase has been changed to support i18n and syntax highlighting via
+ extensions with the new 'ApiFormatHighlight' hook. Core syntax highlighting
+ has been removed.
+* ApiFormatBase now always buffers. Output is done when
+ ApiFormatBase::closePrinter is called.
+* Much of the logic in ApiQueryRevisions has been split into ApiQueryRevisionsBase.
+* The 'revids' parameter supplied by ApiPageSet will now count deleted
+ revisions as "good" if the user has the 'deletedhistory' right. New methods
+ ApiPageSet::getLiveRevisionIDs() and ApiPageSet::getDeletedRevisionIDs() are
+ provided to access just the live or just the deleted revids.
+* Added ApiPageSet::setGeneratorData() and ApiPageSet::populateGeneratorData()
+ to allow generators to include data in the action=query result.
+* New hooks 'ApiMain::moduleManager' and 'ApiQuery::moduleManager', can be
+ used for conditional registration of API modules.
+* Added ApiBase::lacksSameOriginSecurity() to allow modules to easily check if
+ the current request was sent with the 'callback' parameter (or any future
+ method that breaks the same-origin policy).
+* Profiling methods in ApiBase are deprecated and no longer need to be called.
+* ApiResult was greatly overhauled. See inline documentation for details.
+* ApiResult will automatically convert objects to strings or arrays (depending
+ on whether a __toString() method exists on the object), and will refuse to
+ add unsupported value types.
+ * An informal interface, ApiSerializable, exists to override the default
+ object conversion.
+* ApiResult/ApiFormatBase "raw mode" is deprecated.
+* ApiFormatXml now assumes defaults and so on instead of throwing errors when
+ metadata isn't set.
+* (T35235) LogFormatter subclasses are now responsible for formatting log event
+ parameters for the API.
+* Many modules have changed result data formats. While this shouldn't affect
+ clients not using the experimental formatversion=2, code using
+ ApiResult::getResultData() without the transformations for backwards
+ compatibility may need updating, as will code that wasn't following the old
+ conventions for API boolean output.
+* The following methods have been deprecated and may be removed in a future
+ release:
+ * ApiBase::getDescription
+ * ApiBase::getParamDescription
+ * ApiBase::getExamples
+ * ApiBase::makeHelpMsg
+ * ApiBase::makeHelpArrayToString
+ * ApiBase::makeHelpMsgParameters
+ * ApiBase::getModuleProfileName
+ * ApiBase::profileIn
+ * ApiBase::profileOut
+ * ApiBase::safeProfileOut
+ * ApiBase::getProfileTime
+ * ApiBase::profileDBIn
+ * ApiBase::profileDBOut
+ * ApiBase::getProfileDBTime
+ * ApiBase::getResultData
+ * ApiFormatBase::setUnescapeAmps
+ * ApiFormatBase::getWantsHelp
+ * ApiFormatBase::setHelp
+ * ApiFormatBase::formatHTML
+ * ApiFormatBase::setBufferResult
+ * ApiFormatBase::getDescription
+ * ApiFormatBase::getNeedsRawData
+ * ApiMain::setHelp
+ * ApiMain::reallyMakeHelpMsg
+ * ApiMain::makeHelpMsgHeader
+ * ApiResult::setRawMode
+ * ApiResult::getIsRawMode
+ * ApiResult::getData
+ * ApiResult::setElement
+ * ApiResult::setContent
+ * ApiResult::setIndexedTagName_recursive
+ * ApiResult::setIndexedTagName_internal
+ * ApiResult::setParsedLimit
+ * ApiResult::beginContinuation
+ * ApiResult::setContinueParam
+ * ApiResult::setGeneratorContinueParam
+ * ApiResult::endContinuation
+ * ApiResult::size
+ * ApiResult::convertStatusToArray
+ * ApiQueryImageInfo::getPropertyDescriptions
+ * ApiQueryLogEvents::addLogParams
+* The following classes have been deprecated and may be removed in a future
+ release:
+ * ApiQueryDeletedrevs
+
+=== Languages updated in 1.25 ===
+
+MediaWiki supports over 350 languages. Many localisations are updated
+regularly. Below only new and removed languages are listed, as well as
+changes to languages because of Bugzilla reports.
+
+* Languages added:
+** awa (अवधी / Awadhi), thanks to translator 1AnuraagPandey;
+** bgn (بلوچی رخشانی / Western Balochi), thanks to translators
+ Baloch Afghanistan, Ibrahim khashrowdi and Rachitrali;
+** ses (Koyraboro Senni), thanks to translator Songhay.
+* (T66440) Kazakh (kk) wikis should no longer forcefully reset the user's
+ interface language to kk where unexpected.
+* The Chinese conversion table was substantially updated to fix a lot of
+ bugs and ensure better reading experience for different variants.
+
+=== Other changes in 1.25 ===
+* (T45591) Links to MediaWiki.org translatable help were added to indicators,
+ mostly in special pages. Local custom target titles can be placed in the
+ relevant '(namespace-X|action name|special page name)-helppage' system
+ message. Extensions can use the addHelpLink() function to do the same.
+* The skin autodiscovery mechanism, deprecated in MediaWiki 1.23, has been
+ removed. See https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery for
+ migration guide for creators and users of custom skins that relied on it.
+* Javascript variables 'wgFileCanRotate' and 'wgFileExtensions' now only
+ available on Special:Upload.
+* (T58257) Set site logo from mediawiki.skinning.interface module instead of
+ inline styles in the HTML.
+* Removed ApiQueryUsers::getAutoGroups(). (deprecated since 1.20)
+* Removed XmlDumpWriter::schemaVersion(). (deprecated since 1.20)
+* Removed LogEventsList::getDisplayTitle(). (deprecated since 1.20)
+* Removed Preferences::trySetUserEmail(). (deprecated since 1.20)
+* Removed mw.user.name() and mw.user.anonymous() methods. (deprecated since 1.20)
+* Removed 'ok' and 'err' parameters in the mediawiki.api modules. (deprecated
+ since 1.20)
+* Removed 'async' parameter from the mw.Api#getCategories() method. (deprecated
+ since 1.20)
+* Removed 'jquery.json' module. (deprecated since 1.24)
+ Use the 'json' module and global JSON object instead.
+* Deprecated OutputPage::readOnlyPage() and OutputPage::rateLimited().
+ Also, the former will now throw an MWException if called with one or more
+ arguments.
+* Removed hitcounters and associated code.
+* The "temp" zone of the upload respository is now considered private. If it
+ already exists (such as under the images/ directory), please make sure that
+ the directory is not web readable (e.g. via a .htaccess file).
+* BREAKING CHANGE: In the XML dump format used by Special:Export and
+ dumpBackup.php, the <model> and <format> tags now apprear before the <text>
+ tag, instead of after the <text> and <sha1> tags.
+ The new schema version is 0.10, the new schema URI is:
+ https://www.mediawiki.org/xml/export-0.10.xsd
+* MWFunction::call() and MWFunction::callArray() were removed, having being
+ deprecated in 1.22.
+* Deprecated the getInternalLinkAttributes, getInternalLinkAttributesObj,
+ and getInternalLinkAttributes methods in Linker, and removed
+ getExternalLinkAttributes method, which was deprecated in MediaWiki 1.18.
+* Removed Sites class, which was deprecated in 1.21 and replaced by SiteSQLStore.
+* Added wgRelevantArticleId to the client-side config, for use on special pages.
+* Deprecated the TitleIsCssOrJsPage hook. Superseded by the
+ ContentHandlerDefaultModelFor hook since MediaWiki 1.21.
+* Deprecated the TitleIsWikitextPage hook. Superseded by the
+ ContentHandlerDefaultModelFor hook since MediaWiki 1.21.
+* Changed parsing of variables in schema (.sql) files:
+** The substituted values are no longer parsed. (Formerly, several passes
+ were made for each variable, so depending on the order in which variables
+ were defined, variables might have been found inside encoded values. This
+ is no longer the case.)
+** Variables are no longer string encoded when the /*$var*/ syntax is used.
+ If string encoding is necessary, use the '{$var}' syntax instead.
+** Variable names must only consist of one or more of the characters
+ "A-Za-z0-9_".
+** In source text of the form '{$A}'{$B}' or `{$A}`{$B}`, where variable A
+ does not exist yet variable B does, the latter may not be replaced.
+ However, this difference is unlikely to arise in practice.
+* (T67278) RFC, PMID, and ISBN "magic links" must be surrounded by non-word
+ characters on both sides.
+* The FormatAutocomments hook will now receive $pre and $post as booleans,
+ rather than as strings that must be prepended or appended to $comment.
+* (T30950, T31025) RFC, PMID, and ISBN "magic links" can no longer contain
+ newlines; but they can contain and other non-newline whitespace.
+* The 'mediawiki.action.edit' ResourceLoader module no longer generates the edit
+ toolbar, which has been moved to a separate 'mediawiki.toolbar' module. If you
+ relied on this behavior, update your scripts' dependencies.
+* HTMLForm's 'vform' display style has been separated to a subclass. Therefore:
+ * HTMLForm::isVForm() is now deprecated.
+ * You can no longer do this:
+ $form = new HTMLForm( … );
+ $form->setDisplayFormat( 'vform' ); // throws exception
+ Instead, do this:
+ $form = HTMLForm::factory( 'vform', … );
+* Deprecated Revision methods getRawUser(), getRawUserText() and getRawComment().
+* BREAKING CHANGE: mediawiki.user.generateRandomSessionId:
+ The alphabet of the prior string returned was A-Za-z0-9 and now it is 0-9A-F
+* (T87504) Avoid serving SVG background-images in CSS for Opera 12, which
+ renders them incorrectly when combined with border-radius or background-size.
+* Removed maintenance script dumpSisterSites.php.
+* DatabaseBase class constructors must be called using the array argument style.
+ Ideally, DatabaseBase:factory() should be used instead in most cases.
+* Deprecated ParserOutput::addSecondaryDataUpdate and ParserOutput::getSecondaryDataUpdates.
+ This is a hard deprecation, with getSecondaryDataUpdates returning an empty array and
+ addSecondaryDataUpdate throwing an exception. These functions will be removed in 1.26,
+ since they interfere with caching of ParserOutput objects.
+* Introduced new hook 'SecondaryDataUpdates' that allows extensions to inject custom updates.
+* Introduced new hook 'OpportunisticLinksUpdate' that allows extensions to perform
+ updates when a page is re-rendered.
+* EditPage::attemptSave has been modified not to call handleStatus itself and
+ instead just returns the Status object. Extension calling it should be aware of
+ this.
+* Removed class DBObject. (unused since 1.10)
+* wfDiff() is deprecated.
+* The -m (maximum replication lag) option of refreshLinks.php was removed.
+ It had no effect since MediaWiki 1.18 and should be removed from any cron
+ jobs or similar scripts you may have set up.
+* (T85864) The following messages no longer support raw html: redirectto,
+ thisisdeleted, viewdeleted, editlink, retrievedfrom, version-poweredby-others,
+ retrievedfrom, thisisdeleted, viewsourcelink, lastmodifiedat, laggedslavemode,
+ protect-summary-cascade
+* All BloomCache related code has been removed. This was largely experimental.
+* $wgResourceModuleSkinStyles no longer supports per-module local or remote paths. They
+ can only be set for the entire skin.
+* Removed global function swap(). (deprecated since 1.24)
+* Deprecated the ".php5" file extension entry points and the $wgScriptExtension
+ configuration variable. Refer to the ".php" files instead. If you want
+ ".php5" URLs to continue to work, set up redirects. In Apache, this can be
+ done by enabling mod_rewrite and adding the following rules to your
+ configuration:
+
+ RewriteEngine On
+ RewriteBase /
+ RewriteRule ^(.*)\.php5 $1.php [R=301,L]
+
+* The global importScriptURI and importStylesheetURI functions, as well as the
+ loadedScripts object, from wikibits.js (deprecated since 1.17) now emit
+ warnings through mw.log.warn when accessed.
+
+= MediaWiki 1.24 =
+
+== MediaWiki 1.24.6 ==
+
+This is a maintenance release of the MediaWiki 1.24 branch.
+
+=== Changes since 1.24.5 ===
+* (T121892) Fix fatal error on some Special pages, introduced in 1.24.5.
+
+== MediaWiki 1.24.5 ==
+
+This is a security and maintenance release of the MediaWiki 1.23 branch.
+
+=== Changes since 1.24.4 ===
+* (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths
+ that do not begin with a slash. This enabled trivial XSS attacks.
+ Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are
+ "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an
+ error.
+* (T119309) SECURITY: Use hash_compare() for edit token comparison
+* (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting
+ with '@' as file uploads
+* (T115522) SECURITY: Passwords generated by User::randomPassword() can no
+ longer be shorter than $wgMinimalPasswordLength
+* (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could
+ result in improper blocks being issued
+* (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions
+ and related pages no longer use HTTP redirects and are now redirected by
+ MediaWiki
+* (T103237) $wgUseGzip had no effect when using file cache.
+
+== MediaWiki 1.24.4 ==
+
+This is a security and maintenance release of the MediaWiki 1.24 branch.
+
+=== Changes since 1.24.3 ===
+
+* (T91653) Minimal PSR-3 debug logger to support backports from 1.25+.
+* (T68650) Fix indexing of moved pages with PostgreSQL. Requires running
+ update.php to fix.
+* (T91850) SECURITY: Add throttle check in ApiUpload and SpecialUpload
+* (T91203, T91205) SECURITY: API: Improve validation in chunked uploading
+* (T95589) SECURITY: RevDel: Check all revisions for suppression, not just the
+ first
+* (T108616) SECURITY: Avoid exposure of local path in PNG thumbnails
+
+== MediaWiki 1.24.3 ==
+
+This is a security and maintenance release of the MediaWiki 1.24 branch.
+
+=== Changes since 1.24.2 ===
+
+* (T94116) SECURITY: Compare API watchlist token in constant time
+* (T97391) SECURITY: Escape error message strings in thumb.php
+* (T106893) SECURITY: Don't leak autoblocked IP addresses on
+ Special:DeletedContributions
+* Update jQuery from v1.11.2 to v1.11.3.
+* (T102562) Fix InstantCommons parameters to handle the new HTTPS-only
+ policy of Wikimedia Commons.
+
+== MediaWiki 1.24.2 ==
+
+This is a security and maintenance release of the MediaWiki 1.24 branch.
+
+=== Changes since 1.24.1 ===
+
+* (T85848, T71210) SECURITY: Don't parse XMP blocks that contain XML entities,
+ to prevent various DoS attacks.
+* (T85848) SECURITY: Don't allow directly calling Xml::isWellFormed, to reduce
+ likelihood of DoS.
+* (T88310) SECURITY: Always expand xml entities when checking SVG's.
+* (T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS.
+* (T85855) SECURITY: Don't execute another user's CSS or JS on preview.
+* (T64685) SECURITY: Allow setting maximal password length to prevent DoS when
+ using PBKDF2.
+* (T85349, T85850, T86711) SECURITY: Multiple issues fixed in SVG filtering to
+ prevent XSS and protect viewer's privacy.
+* Fix case of SpecialAllPages/SpecialAllMessages in SpecialPageFactory to fix
+ loading these special pages when $wgAutoloadAttemptLowercase is false.
+* (bug T70087) Fix Special:ActiveUsers page for installations using
+ PostgreSQL.
+* (bug T76254) Fix deleting of pages with PostgreSQL. Requires a schema change
+ and running update.php to fix.
+
+== MediaWiki 1.24.1 ==
+
+This is a security and maintenance release of the MediaWiki 1.24 branch.
+
+=== Changes since 1.24.0 ===
+
+* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which
+ could lead to xss. Permission to edit MediaWiki namespace is required to
+ exploit this.
+* (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in
+ $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as
+ part of its name.
+* (bug T74222) The original patch for T74222 was reverted as unnecessary.
+* Fixed a couple of entries in RELEASE-NOTES-1.24.
+* (bug T76168) OutputPage: Add accessors for some protected properties.
+* (bug T74834) Make 1.24 branch directly installable under PostgreSQL.
+
+== MediaWiki 1.24.0 ==
+
+=== Configuration changes in 1.24 ===
+* MediaWiki will no longer run if register_globals is enabled. It has been
+ deprecated for 5 years now, and was removed in PHP 5.4. For more information
+ about why, see <https://www.mediawiki.org/wiki/register_globals>.
+* MediaWiki now requires PHP's iconv extension. openSUSE users may need to
+ install the php5-iconv package. Users of other systems may need to add
+ extension=iconv.so to php.ini or recompile PHP without --without-iconv.
+* MediaWiki will no longer function if magic quotes are enabled. It has
+ been deprecated for 5 years now, and was removed in PHP 5.4.
+* The server's canonical hostname is available as $wgServerName, which is
+ exposed in both mw.config and ApiQuerySiteInfo.
+* Introduced $wgPagePropsHaveSortkey as a backwards-compatibility switch,
+ for using the old schema of the page_props table, in case the respective
+ schema update was not applied.
+* $wgSearchEverythingOnlyLoggedIn was removed as the 'searcheverything'
+ user option was removed. Use $wgNamespacesToBeSearchedDefault instead or
+ if you used to have $wgDefaultUserOptions['searcheverything'] = 1.
+* $wgMasterWaitTimeout has been deprecated.
+* $wgDBClusterTimeout has been removed.
+* $wgProxyKey has been removed. It is no longer used by MediaWiki core.
+ Ensure $wgSecretKey is set in LocalSettings.php.
+* $wgExtraInterlanguageLinkPrefixes is a new configuration variable that
+ contains an array of interwiki prefixes that should be treated as language
+ prefixes (i.e. turned into interlanguage links when $wgInterwikiMagic is set
+ to true).
+* $wgParserTestRemote has been removed.
+* $wgCountTotalSearchHits has been removed. If you're concerned about efficiency
+ of search, you should use something like CirrusSearch instead of built in
+ search.
+* Users in the 'sysop' group have access to Special:MergeHistory by default.
+* $wgFileStore was removed after having been deprecated in 1.17. Alternative
+ configurations are $wgDeletedDirectory and $wgHashedUploadDirectory.
+* The deprecated $wgUseCommaCount variable has been removed.
+* $wgEnableSorbs and $wgSorbsUrl have been removed.
+* The UserCryptPassword and UserComparePassword hooks are no longer called.
+ Any extensions using them must be updated to use the Password Hashing API.
+* $wgCompiledFiles has been removed.
+* $wgSortSpecialPages was removed, the listing on Special:SpecialPages is
+ now always sorted.
+* $wgSpecialPages may now use callback functions as an alternative to plain class names.
+ This allows more control over constructor parameters.
+* $wgHTCPMulticastAddress, $wgHTCPMulticastRouting and $wgHTCPPort were removed.
+* $wgRC2UDPAddress, $wgRC2UDPInterwikiPrefix, $wgRC2UDPOmitBots, $wgRC2UDPPort
+ and $wgRC2UDPPrefix have been removed.
+* The default password type for MediaWiki has been changed from MD5 to PBKDF2.
+ Password hashes will automatically be updated as users log in. If necessary, the
+ old MD5 hashing can be restored by changing $wgPasswordDefault to 'B'. In addition,
+ there is a maintenance script wrapOldPassword.php that can wrap all passwords in
+ PBKDF2 (or the hashing algorithm of your choice) if you don't want to wait for your
+ users to log in.
+* $wgImportSources can now either be a regular array, or an associative map
+ specifying subprojects on the interwiki map of the target wiki, or a mix of
+ the two. Existing configurations will still work.
+* Users must be able to edit through a page's protection to be able to delete it.
+* The default thumb size ($wgDefaultUserOptions['thumbsize']) is now 300px, up from
+ 180px. If you have altered the number of entries in $wgThumbLimits for your wiki, you
+ may need to adjust your default user settings to compensate for the index change.
+* $wgDeferredUpdateList is now deprecated, you should use DeferredUpdates::addUpdate()
+ instead.
+* $wgCanonicalLanguageLinks has been removed. Per Google recommendations, we
+ will not send a rel=canonical pointing to a variant-neutral page, however
+ we will send rel=alternate.
+* $wgResourceLoaderLESSFunctions has been deprecated and will be removed in the future.
+* $wgGoToEdit has been removed. Use the SpecialSearchNogomatch hook for similar
+ functionality.
+
+=== New features in 1.24 ===
+* Added new hook WatchlistEditorBeforeFormRender, allowing subscribers to
+ manipulate the list of pages and/or preload lots of data at once.
+* Added new argument &$link in hook WatchlistEditorBuildRemoveLine, allowing the
+ link to the title to be changed.
+* Added a new hook, "WhatLinksHereProps", to allow extensions to annotate
+ WhatLinksHere entries.
+* Added a new hook, "ContentGetParserOutput", to customize parser output for
+ a given content object.
+* Deprecated the hook "ShowRawCssJs", use "ContentGetParserOutput" instead.
+* HTMLForm's HTMLTextField now supports the 'url' type.
+* HTMLForm fields may now be dynamically hidden based on the values of other
+ fields in the form.
+* HTMLForm now supports multiple copies of an input field or set of input
+ fields, e.g. the form may request "one or more usernames" without having to
+ have the user enter delimited list of names into a text field.
+* Added a new hook, "SidebarBeforeOutput", to allow to edit the structure of
+ the sidebar just before its display.
+* (bug 49156) Added the mediawiki.cookie ResourceLoader module, which wraps
+ jquery.cookie so that getting/setting a cookie is syntactically and
+ functionally similar to using the WebRequest::getCookie() and
+ WebResponse::setcookie() methods.
+* (bug 44740) jQuery upgraded from 1.8.3 to 1.11.1. A new configuration option,
+ $wgIncludejQueryMigrate, also loads the jQuery Migrate hack to let extensions
+ and gadgets use the long-deprecated functions that were removed in jQuery 1.9.
+ This option is turned off by default, and will be removed in MediaWiki 1.25.
+* (bug 47076) jQuery UI upgraded from 1.8.24 to 1.9.2.
+* Changes to content typography (fonts, etc.). See
+ https://www.mediawiki.org/wiki/Typography_refresh for further information.
+* WikitextContent will now render redirects with the expected "redirect"
+ header, rather than as an ordered list. Code calling Article::viewRedirect
+ can probably be changed to no longer special-case redirects.
+* Header font set to a serif font stack. See
+ https://www.mediawiki.org/wiki/Typography_refresh for further information.
+* (bug 65567) Added a new hook, "BeforeHttpsRedirect", to allow cancellation of
+ the HTTP to HTTPS redirect due to forceHTTPS cookie, userRequires, etc. This
+ is only for page views, since this hook doesn't affect UserLogin, OAuth,
+ CentralAuth, etc. ATTENTION: This hook is likely to be removed soon due to
+ overall design of the system.
+* (bug 17367) It is now possible to add pages to your watchlist from
+ Special:UnwatchedPages without reloading the special page.
+* New methods setVolatile and isVolatile are added to PPFrame, so that
+ extensions such as Cite.php can mark that their output is volatile and
+ shouldn't be cached.
+* (bug 52817) Advanced search options are now saved on the search page itself,
+ rather than in a dedicated pane in the preferences panel.
+* (bug 44591) The dropdown actions menu (little triangle next to page tabs) in
+ the Vector skin has gained a label that should make it more discoverable.
+* MWCryptHKDF added for fast, cryptographically secure random number generation
+ that won't deplete openssl's entropy pool.
+* ResourceLoader: File modules can now provide a skip function that uses an
+ inline feature test to bypass loading of the module.
+* (bug 20210) Special pages may now provide autocompletion of their subpage
+ names in search suggestions. Right now the only useful implementation is in
+ Special:Log, but more are to come.
+* Special:MostLinkedTemplates is no longer limited to transclusions from the
+ Template namespace.
+* Skins can now use 'remoteSkinPath' when defining ResourceLoader modules.
+ This works the same as 'remoteExtPath' but is relative to the skins/ folder
+ instead of the extensions/ folder.
+* Added the json2.js polyfill for the ES5 JSON.stringify and JSON.parse methods.
+ Exposed as module "json" with a skip function to optimise loading.
+* Extensions and skins may now use 'namemsg' in $wgExtensionCredits in addition
+ to 'name', to allow for the name to be localizable. 'name' should still be
+ specified for backwards-compatibility and to define the path Special:Version
+ uses to find extension license information.
+* Browser tests are now included to verify basic wiki functionality in developer
+ environments. For details on running tests, see tests/browser/README.mediawiki.
+* Upgrade jStorage to v0.4.10.
+* {{!}} is now a magic word that produces the | character. This removes the need
+ for Template:! for purposes such as passing pipes inside of parameters.
+* (bug 20790) The block log snippet on Special:Contributions and while
+ editing user and user talk pages now works for IP range blocks.
+* (bug 9360) Added ability to change the page language for MediaWiki pages using
+ Special:PageLanguage. All pages are set to wiki language by default.
+ The feature needs to be enabled with $wgPageLanguageUseDB=true and
+ permission needs to be set for 'pagelang'.
+* Upgrade Moment.js to v2.8.3.
+* (bug 67042) Added support for the HTML5 <rtc> tag for East Asian typography.
+* Upgrade Sinon.JS to 1.10.3.
+* Added the es5-shim polyfill for older or non-compliant javascript engines.
+* Upgrade jQuery Cookie to v1.3.1.
+* (bug 20476) Add a "viewsuppressed" user right to be able to view
+ suppressed content but not suppress it ("suppressrevision" right).
+* (bug 66440) The MediaWiki web installer will now allow you to choose the skins
+ to enable (from the ones included in download tarball) and decide which one
+ should be the default.
+* (bug 68085, 68802) Links like [[localInterwikiPrefix:languageCode:pageTitle]],
+ where localInterwikiPrefix is a member of the $wgLocalInterwikis array, will
+ no longer be displayed in the sidebar when $wgInterwikiMagic is true. In a
+ similar way, links like [[localInterwikiPrefix:File:Image.png]] and
+ [[localInterwikiPrefix:Category:Hello]] will now render as regular links, and
+ will not include the file or add the page to the category.
+* New special page, MyLanguage, to redirect users to subpages with localised
+ versions of a page. (Integrated from Extension:Translate)
+* MediaWiki now supports multiple password types, including bcrypt and PBKDF2.
+ The default type can be changed with $wgPasswordDefault and the type
+ configurations can be changed with $wgPasswordConfig.
+* Skins can now define custom styles for default ResourceLoader modules using
+ the $wgResourceModuleSkinStyles global. See the Vector skin for examples.
+* (bug 4488) There is now a preference to watch pages where the user has
+ rollbacked an edit by default.
+* (bug 15484) Users will now be redirected to the login page when they need to
+ log in, rather than being shown a page asking them to log in and having to click
+ another link to actually get to the login page.
+* A JsonContent and JsonContentHandler were added for extensions to extend.
+* (bug 35045) Redirects to sections will now update the URL in browser's address
+ bar using the HTML5 History API. When [[Dog]] redirects to [[Animals#Dog]],
+ the user will now see "Animals#Dog" in their browser instead of "Dog#Dog".
+* API token handling has been rewritten. Any API module using tokens will need
+ to be updated. See the entry below under "Action API internal changes".
+* Added HTMLAutoCompleteSelectField.
+* Added a new hook, "SkinPreloadExistence", to allow extensions to add titles to
+ link existence cache before the page is rendered.
+* Config::set() was moved to its own interface, MutableConfig. GlobalVarConfig::set()
+ is now deprecated, does not implement MutableConfig.
+* A MutableConfig named HashConfig was added, that stores an array of configuration
+ settings.
+* (bug 69418) A MultiConfig implementation was added that supports fallback
+ to multiple Config instances.
+* Update CSSJanus to v1.1.0.
+* Added FormatJson::parse() returning status with result or localized error message
+* Added DeletedContribsPager::reallyDoQuery hook allowing extensions to data to
+ Special:DeletedContributions
+* Added DeletedContributionsLineEnding hook allowing extensions to format
+ Special:DeletedContributions lines
+* (T69525) You can now make MediaWiki speed up its thumbnail rendering by using
+ intermediary thumbnails. $wgThumbnailBuckets must be set to a list of target
+ thumbnail widths; when a new thumbnail needs to be rendered, MediaWiki will
+ find the smallest bucket smaller than the original but larger than the target
+ width + $wgThumbnailMinimumBucketDistance, and it will scale that thumbnail,
+ rather than the original, down to the target size at greater speed in return
+ for minor loss of fidelity.
+
+=== Bug fixes in 1.24 ===
+* (bug 50572) MediaWiki:Blockip should support gender
+* (bug 49116) Footer copyright notice is now always displayed in user language
+ rather than content language (same as copyright notice for editing interface).
+* (bug 62258) A bug was fixed in File::getUnscaledThumb when a height
+ restriction was present in the parameters. Images with both the "frame"
+ option and a size specification set will now always ignore the provided
+ size and display an unscaled image, as the documentation has always
+ claimed it would.
+* (bug 39035) Improved Vector skin performance by removing collapsibleNav,
+ which used to collapse some sidebar elements by default.
+ This removes -list id suffixes like p-lang-list: instead of using things like
+ #p-lang-list, you can do #p-lang .body ul.
+* (bug 890) Links in Special:RecentChanges and Special:Watchlist no longer
+ follow redirects to their target pages.
+* Parser now dies early if called recursively, instead of producing subtle bugs.
+* (bug 14323) Redirect pages, when viewed with redirect=no, no longer hide the
+ remaining page content.
+* (bug 52587) Maintenance script deleteBatch.php no longer follows redirects
+ in the file namespace and delete the file on the target page. It will still
+ however delete the redirect page.
+* (bug 22683) {{msgnw:}} and other uses of PPFrame::RECOVER_ORIG will correctly
+ recover the original code of extension tags.
+* (bug 65757) MSSQL: Update script drops unnamed constraints to be prepared
+ for future updates. Because it's doing so heuristically, it may fail or drop
+ wrong constraints.
+* (bug 67870) wfShellExec() cuts off stdout at multiples of 8192 bytes.
+* $wgRunJobsAsync now works with private wikis (e.g. read requires login).
+* (bugs 57238, 65206) Blank pages can now be directly created.
+* (bug 69789) Title::getContentModel() now loads from the database when
+ necessary instead of incorrectly returning the default content model.
+* (bug 69249) wfBaseConvert() now works around PHP Bug #50175 when using GMP.
+* (bug 57909) URLs in the externallinks table will no longer have certain
+ characters decoded in the query string.
+* (bug 67368) LESS mixins like .background-image() correctly flip image
+ references for RTL stylesheets now.
+
+=== Action API changes in 1.24 ===
+* action=parse API now supports prop=modules, which provides the list of
+ ResourceLoader modules that should be used to enhance the parsed content.
+* action=query&meta=siteinfo&siprop=interwikimap returns a new "protorel"
+ field which is true if protocol-relative urls can be used to access
+ a particular interwiki map entry.
+* list=logevents now provides logpage, which is the page ID from the
+ logging table, if ids are requested and the user has the permissions.
+* action=edit now requires that appendtext, prependtext, or section=new be used
+ when using the 'redirect' parameter, to prevent clients accidentally
+ overwriting the target page with the content of the redirect.
+* list=logevents will now return an error if both letitle and leprefix are
+ specified.
+* list=logevents has a new parameter, lenamespace, to allow filtering by
+ namespace.
+* action=expandtemplates has a new parameter, prop, and a new output format.
+ The old format is still used if prop isn't provided, but this is deprecated.
+* meta=userinfo can now return the count of unread pages on the watchlist.
+* list=watchlist can now filter by unread status.
+* The deprecated action=parse&prop=languageshtml has been removed.
+* (bug 48071) action=setnotificationtimestamp no longer throws PHP or database
+ errors when no pages are given.
+* (bug 60734) Actions that use ApiPageSet (e.g. purge, watch,
+ setnotificationtimestamp) will now include continuation information when
+ using a generator.
+* Removed 'props' and 'errors' from action=paraminfo, as they have extremely
+ limited use and are generally inaccurate, unmaintained, and impossible to
+ properly maintain.
+* Formats dbg, dump, txt, wddx, and yaml are now deprecated.
+* action=paraminfo now indicates when a parameter is specifying a submodule.
+* The iwurl parameter to prop=iwlinks is deprecated in favor of iwprop=url, for
+ parallelism with prop=langlinks.
+* All tokens should be fetched from action=query&meta=tokens; all other methods
+ of fetching tokens are deprecated. The value needed for meta=tokens's 'type'
+ parameter for each module is documented in the action=help output and is
+ returned from action=paraminfo.
+* New action ClearHasMsg that can be used to clear HasMsg flag.
+* The cmstartsortkey and cmendsortkey parameters to list=categorymembers are
+ deprecated in favor of cmstarthexsortkey and cmendhexsortkey.
+* (bug 63326) Add blockedtimestamp field to output of blockinfo property for
+ the list=allusers and list=users modules.
+* prop=imageinfo no longer requires iiurlwidth to be set when using iiurlparam.
+* Added prop=linkshere, prop=fileusage, and prop=transcludedin, which are
+ roughly equivalent to list=backlinks, list=imageusage, and list=embeddedin
+ but can work on a list of titles (including titles from a generator).
+* prop=redirects can now filter returned redirects by namespace.
+
+=== Action API internal changes in 1.24 ===
+* Methods for handling continuation are added to ApiResult, so actions other
+ than query that use generators can easily support continuation.
+* $wgAPIModules (and the related $wgAPIFormatModules, $wgAPIMetaModules,
+ $wgAPIPropModules, and $wgAPIListModules settings) now allow API modules
+ to be specified using a "module spec" array instead of a plain class name.
+ A "module spec" is an associative array containing at least the 'class' key
+ for the module's class, and optionally a 'factory' key for the factory function
+ to use for the module. This is intended for extensions that want control over
+ the instantiation of their API modules, to allow for proper dependency
+ injection.
+* A new param type 'submodule' is available. Parameters of this type will take
+ the list of valid values from the module's ApiModuleManager for the group
+ corresponding to the parameter name.
+* The 'APIGetPossibleErrors' and 'APIGetResultProperties' hooks are no longer used.
+* API token handling has been rewritten. Any API module using tokens will need
+ to be updated:
+ * ApiBase::needsToken now returns a token type instead of boolean true when a
+ token is needed. Returning true will throw an exception. See documentation
+ of that method for details.
+ * Information for the 'token' parameter is automatically set by ApiBase
+ getFinalParams and getFinalParamDescription.
+ * ApiBase::getTokenSalt has been removed.
+ * The hooks APIQueryInfoTokens, APIQueryRevisionsTokens,
+ APIQueryRecentChangesTokens, APIQueryUsersTokens, and
+ ApiTokensGetTokenTypes are deprecated, but are still called to support
+ backwards-compatible token access.
+* ApiBase::validateLimit and ApiBase::validateTimestamp are now protected.
+* ApiQueryRedirects was removed; prop=redirects is now implemented by
+ ApiQueryBacklinksProp along with the newly-added prop modules.
+* The following methods have been deprecated and may be removed in a future
+ release:
+ * ApiBase::getResultProperties
+ * ApiBase::getFinalResultProperties
+ * ApiBase::addTokenProperties
+ * ApiBase::getRequireOnlyOneParameterErrorMessages
+ * ApiBase::getRequireMaxOneParameterErrorMessages
+ * ApiBase::getRequireAtLeastOneParameterErrorMessages
+ * ApiBase::getTitleOrPageIdErrorMessage
+ * ApiBase::getPossibleErrors
+ * ApiBase::getFinalPossibleErrors
+ * ApiBase::parseErrors
+ * ApiQuery::setGeneratorContinue
+ * ApiQueryBase::checkRowCount
+ * ApiQueryBase::titleToKey
+ * ApiQueryBase::keyToTitle
+ * ApiQueryBase::keyPartToTitle
+ * ApiQueryInfo::getTokenFunctions
+ * ApiQueryInfo::resetTokenCache
+ * ApiQueryInfo::getEditToken
+ * ApiQueryInfo::getDeleteToken
+ * ApiQueryInfo::getProtectToken
+ * ApiQueryInfo::getMoveToken
+ * ApiQueryInfo::getBlockToken
+ * ApiQueryInfo::getUnblockToken
+ * ApiQueryInfo::getEmailToken
+ * ApiQueryInfo::getImportToken
+ * ApiQueryInfo::getWatchToken
+ * ApiQueryInfo::getOptionsToken
+ * ApiQueryRecentChanges::getTokenFunctions
+ * ApiQueryRecentChanges::getPatrolToken
+ * ApiQueryRevisions::getTokenFunctions
+ * ApiQueryRevisions::getRollbackToken
+ * ApiQueryUsers::getTokenFunctions
+ * ApiQueryUsers::getUserrightsToken
+* The following classes have been deprecated and may be removed in a future
+ release:
+ * ApiFormatDbg
+ * ApiFormatDump
+ * ApiFormatTxt
+ * ApiFormatWddx
+ * ApiFormatYaml
+ * ApiTokens
+* The following class constants have been deprecated and may be removed in a
+ future release:
+ * ApiBase::PROP_ROOT
+ * ApiBase::PROP_LIST
+ * ApiBase::PROP_TYPE
+ * ApiBase::PROP_NULLABLE
+
+=== Languages updated in 1.24 ===
+
+MediaWiki supports over 350 languages. Many localisations are updated
+regularly. Below only new and removed languages are listed, as well as
+changes to languages because of Bugzilla reports.
+
+=== Other changes in 1.24 ===
+* The deprecated jquery.delayedBind ResourceLoader module was removed.
+* The deprecated function mw.util.toggleToc was removed.
+* The Special:Search hooks SpecialSearchGo and SpecialSearchResultsAppend
+ were removed as they were unused.
+* (bug 65477) User::pingLimiter() now has an additional profile point varying
+ by action being used.
+* mediawiki.util.$content no longer supports old versions of the Vector,
+ Monobook, Modern and CologneBlue skins that don't yet implement the "mw-body"
+ and/or "mw-body-primary" class name in their html.
+* Added pp_sortkey column to page_props table, so pages can be efficiently
+ queried and sorted by property value (bug 58032).
+ See $wgPagePropsHaveSortkey if you want to postpone the schema change.
+* BREAKING CHANGE: All four built-in MediaWiki skins (Vector, MonoBook, Modern
+ and Cologne Blue) were moved out of MediaWiki core to their own respective
+ repositories. They will be installed with the release tarball, but you must
+ install them separately if installing MediaWiki from source code. A warning
+ message displayed until you do it should guide you through the process. See
+ also <https://www.mediawiki.org/wiki/Manual:Skin_configuration>.
+* BREAKING CHANGE: Skins built for MediaWiki 1.15 and earlier that do not use
+ the "headelement" template key are no longer supported. Setting
+ $useHeadElement = false; is no longer supported and will not cause old keys
+ like "headlinks", "skinnameclass", etc. to be defined.
+* BREAKING CHANGE: The files commonElements.css, commonContent.css and
+ commonInterface.css (in skins/common/) have been removed. Skins may no longer
+ rely on their presence and include them in their style modules. ResourceLoader
+ modules introduced in MediaWiki 1.23 should be loaded instead:
+ - skins/common/commonElements.css → 'mediawiki.skinning.elements' module
+ - skins/common/commonContent.css → 'mediawiki.skinning.content' module
+ - skins/common/commonInterface.css → 'mediawiki.skinning.interface' module
+* The deprecated 'SpecialVersionExtensionTypes' hook was removed.
+* (bug 63891) Add 'X-Robots-Tag: noindex' header in action=render pages.
+* SpecialPage no longer supports the syntax for invoking wfSpecial*() functions.
+ Special pages should subclass SpecialPage and implement the execute() method.
+* (bug 63755) The deprecated constants RC_MOVE and RC_MOVE_OVER_REDIRECT were
+ removed.
+* Special:MostLinkedTemplates has been renamed to Special:MostTranscludedPages.
+* The skin autodiscovery mechanism has been deprecated and will be removed in
+ MediaWiki 1.25. See https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery
+ for migration guide for creators and users of custom skins that relied on it.
+* ResourceLoaderFileModule#getAllStyleFiles now returns all style files and all
+ skin style files used by the module.
+* Removed getLang() from IContextSource and subclasses. (deprecated since 1.19)
+* Removed setLang() from subclasses of IContextSource. (deprecated since 1.19)
+* Removed WebRequest::escapeAppendQuery(). (deprecated since 1.20)
+* Removed info(), purge(), revert() and rollback() from the Article class; they
+ have since become subclasses of the Action class. (deprecated since 1.19)
+* SearchEngineReplacePrefixesComplete hook was removed.
+* The "jquery.json" module has been deprecated. Use the "json" module instead.
+* Removed HTMLForm::addJS(). (deprecated since 1.18)
+* Removed LogEventsList::showHeader(). (deprecated since 1.19)
+* Removed ImageGalleryBase::useSkin(). (deprecated since 1.18)
+* Removed DatabaseMysqlBase::getLagFromProcesslist(). (deprecated since 1.19)
+* Removed LoadBalancer::closeConnecton(). (deprecated since 1.18)
+* Removed ApiBase::createContext(). (deprecated since 1.19)
+* BREAKING CHANGE: The undocumented Special{$this->getName()}BeforeFormDisplay
+ set of hooks has been removed and replaced by a single new hook
+ SpecialPageBeforeFormDisplay.
+* (bug 65781) Removed block warning on included {{Special:Contributions}}
+* Removed Skin::makeGlobalVariablesScript(). (deprecated since 1.19)
+* Removed MWNamespace::isMain(). (deprecated since 1.19)
+* Removed Preferences::loadOldSearchNs(). (deprecated since 1.19)
+* Removed OutputPage::getStatusMessage(). (deprecated since 1.18)
+* Removed OutputPage::isUserJsAllowed(). (deprecated since 1.18)
+* Removed Title::updateTitleProtection(). (deprecated since 1.19)
+* Removed ParserOptions::setSkin(). (deprecated since 1.19)
+* Removed Title::escapeCanonicalURL(). (deprecated since 1.19)
+* Removed Title::escapeLocalURL(). (deprecated since 1.19)
+* Removed Title::escapeFullURL(). (deprecated since 1.19)
+* Removed User::isValidEmailAddr(). (deprecated since 1.18)
+* Removed Title::getEscapedText(). (deprecated since 1.19)
+* Removed Language::getFallbackLanguageCode(). (deprecated since 1.19)
+* Removed WikiPage::isBigDeletion(). (deprecated since 1.19)
+* Removed MWInit class which contained functions related to a now discontinued
+ PHP compiler called hphpc. (deprecated since 1.22)
+* ApiResult::enableSizeCheck() and disableSizeCheck() are now obsolete.
+* Removed ResourceLoaderGetStartupModules hook. (deprecated since 1.23)
+* Removed getFormFields(), onSubmit() and onSuccess() from FormlessAction, as
+ these were meant specifically for FormAction instead.
+* Removed Action::execute().
+* Removed AjaxAddScript which has been obsolete since ResourceLoader and
+ is unused by any modern extension.
+* Removed maintenance/nextJobDB.php; no longer in use.
+* Removed global function wfViewPrevNext(). (deprecated since 1.19)
+* Removed global function xmlsafe() from Export.php. (moved to OAIRepo extension)
+* Removed Title::userCanRead(). (deprecated since 1.19)
+* Removed maintenance script importTextFile.php. Use edit.php script instead.
+* A _from_namespace field has been added to the templatelinks, pagelinks,
+ and filelinks tables. Run update.php to apply this change to the schema.
+* Removed File::sha1Base36(). (deprecated since 1.19)
+* Removed File::getPropsFromPath(). (deprecated since 1.19)
+* Removed functions blockedPage(), noCreatePermission(), readOnlyPage() and
+ userNotLoggedInPage() from EditPage.php. (deprecated since 1.19)
+* Removed functions getContent(), getPreloadedText(), mergeChangesInto() and
+ setPreloadedText() from EditPage.php. (deprecated since 1.21)
+* Removed global functions wfArrayLookup(), wfArrayMerge(), wfDebugDieBacktrace()
+ and wfTime(). (deprecated since 1.22)
+* Browser support for Internet Explorer 6 and 7 lowered from Grade A to Grade C,
+ meaning that JavaScript is no longer executed in these browser versions.
+* Browser support for Opera 11 lowered from Grade A to Grade C.
+* Removed IEFixes module which existed purely to provide support for MSIE versions
+ below 7 (conditionally loaded only for those browsers).
+* Deprecated SpecialPageFactory::getList() in favor of
+ SpecialPageFactory::getNames()
+* Action::checkCanExecute() no longer has a return value.
+* Removed cleanupForIRC(), loadFromCurRow(), newFromCurRow(), notifyRC2UDP()
+ and sendToUDP() from RecentChange.php. (deprecated since 1.22)
+* Removed EnhancedChangesList::arrow(), sideArrow(), downArrow(), spacerArrow().
+* Removed Xml::namespaceSelector(). (deprecated since 1.19)
+* Removed WikiPage::estimateRevisionCount(). (deprecated since 1.19)
+* MYSQL: Enum item added to "major MIME type" columns.
+ Running update.php on MySQL < v5.1 may result in heavy processing.
+* RSS and Atom feeds generated by MediaWiki no longer include a fallback
+ stylesheet. It was ignored by most browsers these days anyway.
+* SpecialSearchNoResults hook has been removed. SpecialSearchResults is now
+ called unconditionally.
+* TablePager::getBody() is now 'final' and can't be overridden in subclasses.
+* TablePager::getBody() is deprecated, use getBodyOutput() or getFullOutput().
+* Added $outputPage parameter to the SkinTemplateGetLanguageLink hook.
+* log_page for move log entries store the original page ID, rather than that
+ of the new redirect page. This is not retroactive.
+* LCStoreAccel was removed. $wgLocalisationCacheConf can no longer be set to
+ use this store class.
+* Html::infoBox() no longer accepts paths relative to skins/common/images/.
+* Deprecated defunct Skin::getCommonStylePath().
+* Some extensions had their ResourceLoader modules depend on the "mediawiki"
+ and "jquery" modules. In the past, this behavior was undefined, now it will
+ throw an error.
+* Removed BagOStuff::replace(). (deprecated since 1.23)
+* In Linker.php, link(), linkText() and makeBrokenImageLinkObj() now display
+ warnings if their first parameter is not a Title object. Also makeImageLink()
+ now requires a Parser as its first parameter.
+* (bug 67368) LESS functions embed() and embeddable(), added in MediaWiki 1.23
+ and broken by design, have been removed. Use appropriate LESS mixins instead.
+* Removed cssjanus.py from maintenance directory as it was unused.
+* Removed maintenance/purgeOldText.inc and the PurgeRedundantText() function
+ it contained (superseded by Maintenance::purgeRedundantText() in 1.16).
+ The purgeOldText.php maintenance script has been retained.
+* PHPUnit tests can be found by directory discovery, by adding the directory
+ path from your UnitTestsList callback. Older versions of MediaWiki core will
+ barf at this usage.
+
+==== Renamed classes ====
+* CLDRPluralRuleConverter_Expression to CLDRPluralRuleConverterExpression
+* CLDRPluralRuleConverter_Fragment to CLDRPluralRuleConverterFragment
+* CLDRPluralRuleConverter_Operator to CLDRPluralRuleConverterOperator
+* CLDRPluralRuleEvaluator_Range to CLDRPluralRuleEvaluatorRange
+* CSSJanus_Tokenizer to CSSJanusTokenizer
+* MediaWiki_I18N to MediaWikiI18N
+* Parser_DiffTest to ParserDiffTest
+* RevDel_ArchiveItem to RevDelArchiveItem
+* RevDel_ArchiveList to RevDelArchiveList
+* RevDel_ArchivedFileItem to RevDelArchivedFileItem
+* RevDel_ArchivedFileList to RevDelArchivedFileList
+* RevDel_ArchivedRevisionItem to RevDelArchivedRevisionItem
+* RevDel_FileItem to RevDelFileItem
+* RevDel_FileList to RevDelFileList
+* RevDel_Item to RevDelItem
+* RevDel_List to RevDelList
+* RevDel_LogItem to RevDelLogItem
+* RevDel_LogList to RevDelLogList
+* RevDel_RevisionItem to RevDelRevisionItem
+* RevDel_RevisionList to RevDelRevisionList
+* WebInstaller_Complete to WebInstallerComplete
+* WebInstaller_Copying to WebInstallerCopying
+* WebInstaller_DBConnect to WebInstallerDBConnect
+* WebInstaller_DBSettings to WebInstallerDBSettings
+* WebInstaller_Document to WebInstallerDocument
+* WebInstaller_ExistingWiki to WebInstallerExistingWiki
+* WebInstaller_Install to WebInstallerInstall
+* WebInstaller_Language to WebInstallerLanguage
+* WebInstaller_Name to WebInstallerName
+* WebInstaller_Options to WebInstallerOptions
+* WebInstaller_Readme to WebInstallerReadme
+* WebInstaller_ReleaseNotes to WebInstallerReleaseNotes
+* WebInstaller_Restart to WebInstallerRestart
+* WebInstaller_Upgrade to WebInstallerUpgrade
+* WebInstaller_UpgradeDoc to WebInstallerUpgradeDoc
+* WebInstaller_Welcome to WebInstallerWelcome
+
+==== Removed classes ====
+* IPBlockForm - Use SpecialBlock directly
+* WatchlistEditor - Use SpecialEditWatchlist directly
+* FormatExif - Use FormatMetadata directly
+* RevertFileAction - Use RevertAction directly
+* HistoryPage - Use HistoryAction directly
+* RawPage - Use RawAction directly
+* StubContLang - Use Language::factory() instead
+* XMLReader2 - Use XMLReader directly
+* ResourceLoaderLESSFunctions - No longer in use, not intended for public usage
+
+==== Removed files ====
+The skins/common/ directory, previously containing some assets intended to be
+used by skins and a number of legacy styles and scripts, has been removed. Its
+contents have been deleted or relocated into the resources/ directory. Full list
+of files that are no longer available follows.
+
+* skins/common/ajax.js
+* skins/common/commonContent.css
+* skins/common/commonElements.css
+* skins/common/commonInterface.css
+* skins/common/commonPrint.css
+* skins/common/config-cc.css
+* skins/common/config.css
+* skins/common/config.js
+* skins/common/feed.css
+* skins/common/IEFixes.js
+* skins/common/oldshared.css
+* skins/common/protect.js
+* skins/common/shared.css
+* skins/common/upload.js
+* skins/common/wikibits.js
+* skins/common/images/add.png
+* skins/common/images/ajax-loader.gif
+* skins/common/images/arrow_disabled_first_25.png
+* skins/common/images/arrow_disabled_last_25.png
+* skins/common/images/arrow_disabled_left_25.png
+* skins/common/images/arrow_disabled_right_25.png
+* skins/common/images/arrow_first_25.png
+* skins/common/images/arrow_last_25.png
+* skins/common/images/arrow_left_25.png
+* skins/common/images/arrow_right_25.png
+* skins/common/images/Arr_.png
+* skins/common/images/Arr_d.png
+* skins/common/images/Arr_l.png
+* skins/common/images/Arr_r.png
+* skins/common/images/Arr_u.png
+* skins/common/images/bullet.gif
+* skins/common/images/button_bold.png
+* skins/common/images/button_extlink.png
+* skins/common/images/button_headline.png
+* skins/common/images/button_hr.png
+* skins/common/images/button_image.png
+* skins/common/images/button_italic.png
+* skins/common/images/button_link.png
+* skins/common/images/button_media.png
+* skins/common/images/button_nowiki.png
+* skins/common/images/button_sig.png
+* skins/common/images/button_template.png
+* skins/common/images/cc-0.png
+* skins/common/images/cc-by-nc-sa.png
+* skins/common/images/cc-by-sa.png
+* skins/common/images/cc-by.png
+* skins/common/images/Checker-16x16.png
+* skins/common/images/closewindow.png
+* skins/common/images/closewindow19x19.png
+* skins/common/images/critical-32.png
+* skins/common/images/diffunderline.gif
+* skins/common/images/download-32.png
+* skins/common/images/feed-icon.png
+* skins/common/images/feed-icon.svg
+* skins/common/images/gnu-fdl.png
+* skins/common/images/help-question-hover.gif
+* skins/common/images/help-question.gif
+* skins/common/images/info-32.png
+* skins/common/images/link_icon.gif
+* skins/common/images/magnify-clip-rtl.png
+* skins/common/images/magnify-clip.png
+* skins/common/images/mediawiki.png
+* skins/common/images/nextredirectltr.png
+* skins/common/images/nextredirectrtl.png
+* skins/common/images/poweredby_mediawiki_88x31.png
+* skins/common/images/public-domain.png
+* skins/common/images/question-small.png
+* skins/common/images/question.svg
+* skins/common/images/redirectltr.png
+* skins/common/images/redirectrtl.png
+* skins/common/images/remove.png
+* skins/common/images/spinner.gif
+* skins/common/images/tick-32.png
+* skins/common/images/tipsy-arrow.gif
+* skins/common/images/tooltip_icon.png
+* skins/common/images/warning-32.png
+* skins/common/images/wiki.png
+* skins/common/images/Zoom_sans.gif
+* skins/common/images/ar/button_bold.png
+* skins/common/images/ar/button_headline.png
+* skins/common/images/ar/button_italic.png
+* skins/common/images/ar/button_link.png
+* skins/common/images/ar/button_nowiki.png
+* skins/common/images/be-tarask/button_bold.png
+* skins/common/images/be-tarask/button_italic.png
+* skins/common/images/be-tarask/button_link.png
+* skins/common/images/cyrl/button_bold.png
+* skins/common/images/cyrl/button_italic.png
+* skins/common/images/cyrl/button_link.png
+* skins/common/images/de/button_bold.png
+* skins/common/images/de/button_italic.png
+* skins/common/images/fa/button_bold.png
+* skins/common/images/fa/button_headline.png
+* skins/common/images/fa/button_italic.png
+* skins/common/images/fa/button_link.png
+* skins/common/images/fa/button_nowiki.png
+* skins/common/images/icons/fileicon-c.png
+* skins/common/images/icons/fileicon-cpp.png
+* skins/common/images/icons/fileicon-deb.png
+* skins/common/images/icons/fileicon-djvu.png
+* skins/common/images/icons/fileicon-djvu.xcf
+* skins/common/images/icons/fileicon-dvi.png
+* skins/common/images/icons/fileicon-exe.png
+* skins/common/images/icons/fileicon-h.png
+* skins/common/images/icons/fileicon-html.png
+* skins/common/images/icons/fileicon-iso.png
+* skins/common/images/icons/fileicon-java.png
+* skins/common/images/icons/fileicon-mid.png
+* skins/common/images/icons/fileicon-mov.png
+* skins/common/images/icons/fileicon-o.png
+* skins/common/images/icons/fileicon-ogg.png
+* skins/common/images/icons/fileicon-ogg.xcf
+* skins/common/images/icons/fileicon-pdf.png
+* skins/common/images/icons/fileicon-ps.png
+* skins/common/images/icons/fileicon-psd.png
+* skins/common/images/icons/fileicon-rm.png
+* skins/common/images/icons/fileicon-rpm.png
+* skins/common/images/icons/fileicon-svg.png
+* skins/common/images/icons/fileicon-tar.png
+* skins/common/images/icons/fileicon-tex.png
+* skins/common/images/icons/fileicon-ttf.png
+* skins/common/images/icons/fileicon-txt.png
+* skins/common/images/icons/fileicon.png
+* skins/common/images/ksh/button_S_italic.png
+
+= MediaWiki 1.23 =
+
+== MediaWiki 1.23.16 ==
+This is a security and maintenance release of the MediaWiki 1.23 branch.
+
+=== Changes since 1.23.15 ===
+* (T68404) CSS3 attr() function with url type is no longer allowed
+ in inline styles.
+* (T156184) $wgRawHtml will no longer apply to internationalization messages.
+* Submitting the lgtoken and lgpassword parameters in the query string to
+ action=login is now deprecated and outputs a warning. They should be submitted
+ in the POST body instead.
+* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow redirect
+ to interwiki links.
+* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
+ $wgAdvancedSearchHighlighting is true.
+* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
+ their values out of the logs.
+* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a CSRF
+ token.
+* (T156184) SECURITY: Escape content model/format url parameter in message.
+* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
+ declaration.
+* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file inclusion
+ syntax's link parameter.
+* (T108138) SECURITY: Sysops can undelete pages, although the page is protected against
+ it.
+
+== MediaWiki 1.23.15 ==
+
+This is a maintenance release of the MediaWiki 1.23 branch.
+
+=== Changes since 1.23.14 ===
+* BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests
+ made by MediaWiki via a proxy. Relying on the http_proxy environment
+ variable is no longer supported.
+* (T139565) SECURITY: API: Generate head items in the context of the given title
+* (T137264) SECURITY: XSS in unclosed internal links
+* (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks
+* (T133147) SECURITY: Require login to preview user CSS pages
+* (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is
+ the top file
+* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
+ permissions
+* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true
+* (T115333) SECURITY: Check read permission when loading page content in ApiParse
+* Remove support for $wgWellFormedXml = false, all output is now well formed
+
+== MediaWiki 1.23.13 ==
+
+This is a maintenance release of the MediaWiki 1.23 branch.
+
+=== Changes since 1.23.12 ===
+* (T121892) Fix fatal errors on some Special pages, introduced in 1.23.12.
+
+== MediaWiki 1.23.12 ==
+
+This is a security and maintenance release of the MediaWiki 1.23 branch.
+
+=== Changes since 1.23.11 ===
+* (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths
+ that do not begin with a slash. This enabled trivial XSS attacks.
+ Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are
+ "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an
+ error.
+* (T119309) SECURITY: Use hash_compare() for edit token comparison
+* (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting
+ with '@' as file uploads
+* (T115522) SECURITY: Passwords generated by User::randomPassword() can no
+ longer be shorter than $wgMinimalPasswordLength
+* (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could
+ result in improper blocks being issued
+* (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions
+ and related pages no longer use HTTP redirects and are now redirected by
+ MediaWiki
+
+== MediaWiki 1.23.11 ==
+
+This is a security and maintenance release of the MediaWiki 1.23 branch.
+
+=== Changes since 1.23.10 ===
+
+* (T91850) SECURITY: Add throttle check in ApiUpload and SpecialUpload
+* (T91203, T91205) SECURITY: API: Improve validation in chunked uploading
+* (T108616) SECURITY: Avoid exposure of local path in PNG thumbnails
+
+== MediaWiki 1.23.10 ==
+
+This is a security and maintenance release of the MediaWiki 1.23 branch.
+
+=== Changes since 1.23.9 ===
+
+* (T94116) SECURITY: Compare API watchlist token in constant time
+* (T97391) SECURITY: Escape error message strings in thumb.php
+* (T106893) SECURITY: Don't leak autoblocked IP addresses on
+ Special:DeletedContributions
+* (bug 67644) Make AutoLoaderTest handle namespaces
+* (T91653) Minimal PSR-3 debug logger to support backports from 1.25+.
+* (T102562) Fix InstantCommons parameters to handle the new HTTPS-only
+ policy of Wikimedia Commons.
+
+== MediaWiki 1.23.9 ==
+
+This is a security and maintenance release of the MediaWiki 1.23 branch.
+
+=== Changes since 1.23.8 ===
+
+* (T85848, T71210) SECURITY: Don't parse XMP blocks that contain XML entities,
+ to prevent various DoS attacks.
+* (T85848) SECURITY: Don't allow directly calling Xml::isWellFormed, to reduce
+ likelihood of DoS.
+* (T88310) SECURITY: Always expand xml entities when checking SVG's.
+* (T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS.
+* (T85855) SECURITY: Don't execute another user's CSS or JS on preview.
+* (T85349, T85850, T86711) SECURITY: Multiple issues fixed in SVG filtering to
+ prevent XSS and protect viewer's privacy.
+* (bug T68650) Fix indexing of moved pages with PostgreSQL. Requires running
+ update.php to fix.
+* (bug T70087) Fix Special:ActiveUsers page for installations using
+ PostgreSQL.
+
+== MediaWiki 1.23.8 ==
+
+This is a security and maintenance release of the MediaWiki 1.23 branch.
+
+=== Changes since 1.23.7 ===
+
+* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which
+ could lead to xss. Permission to edit MediaWiki namespace is required to
+ exploit this.
+* (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in
+ $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as
+ part of its name.
+* (bug T74222) The original patch for T74222 was reverted as unnecessary.
+
+== MediaWiki 1.23.7 ==
+
+This is a security and maintenance release of the MediaWiki 1.23 branch.
+
+=== Changes since 1.23.6 ===
+
+* (bugs 66776, 71478) SECURITY: User PleaseStand reported a way to inject code
+ into API clients that used format=php to process pages that underwent flash
+ policy mangling. This was fixed along with improving how the mangling was done
+ for format=json, and allowing sites to disable the mangling using
+ $wgMangleFlashPolicy.
+* (bug 70901) SECURITY: User Jackmcbarn reported that the ability to update
+ the content model for a page could allow an unprivileged attacker to edit
+ another user's common.js under certain circumstances. The user right
+ "editcontentmodel" was added, and is needed to change a revision's content
+ model.
+* (bug 71111) SECURITY: User PleaseStand reported that on wikis that allow raw
+ HTML, it is not safe to preview wikitext coming from an untrusted source such
+ as a cross-site request. Thus add an edit token to the form, and when raw HTML
+ is allowed, ensure the token is provided before showing the preview. This
+ check is not performed on wikis that both allow raw HTML and anonymous
+ editing, since there are easier ways to exploit that scenario.
+* (bug 72222) SECURITY: Do not show log action when the entry is revdeleted with
+ DELETED_ACTION. NOTICE: this may be reverted in a future release pending a
+ public RFC about the desired functionality. This issue was reported by user
+ Bawolff.
+* (bug 71621) Make allowing site-wide styles on restricted special pages a
+ config option.
+* (bug 42723) Added updated version history from 1.19.2 to 1.22.13
+* $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that
+ might be a flash policy directive configurable.
+
+== MediaWiki 1.23.6 ==
+
+This is a maintenance release of the MediaWiki 1.23 branch.
+
+=== Changes since 1.23.5 ===
+* (Bug 72274) Job queue not running (HTTP 411) due to missing
+ Content-Length: header
+* (Bug 67440) Allow classes to be registered properly from installer
+
+== MediaWiki 1.23.5 ==
+
+This is a security release of the MediaWiki 1.23 branch.
+
+=== Changes since 1.23.4 ===
+* (bug 70672) SECURITY: OutputPage: Remove separation of css and js module
+ allowance.
+
+== MediaWiki 1.23.4 ==
+
+This is a security and maintenance release of the MediaWiki 1.23 branch.
+
+=== Changes since 1.23.3 ===
+
+* (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style>
+ elements; normalize style elements and attributes before filtering; add
+ checks for attributes that contain css; add unit tests for html5sec and
+ reported bugs.
+* (bug 65998) Make MySQLi work with non-standard socket.
+* (bug 66986) GlobalVarConfig shouldn't throw exceptions for null-valued config
+ settings.
+
+== MediaWiki 1.23.3 ==
+
+This is a maintenance release of the MediaWiki 1.23 branch.
+
+=== Changes since 1.23.2 ===
+
+* (bug 68501) Correctly handle incorrect namespace in cleanupTitles.php.
+* (bug 64970) Fix support for blobs on DatabaseOracle::update.
+* (bug 66574) Display MediaWiki:Loginprompt on the login page.
+* (bug 67870) wfShellExec() cuts off stdout at multiples of 8192 bytes.
+* (bug 60629) Handle invalid language code gracefully in
+ Language::fetchLanguageNames.
+* (bug 62017) Restore the number of rows shown on Special:Watchlist.
+* Check for boolean false result from database query in SqlBagOStuff.
+
+== MediaWiki 1.23.2 ==
+
+This is a security and maintenance release of the MediaWiki 1.23 branch.
+
+=== Changes since 1.23.1 ===
+
+* (bug 68187) SECURITY: Prepend jsonp callback with comment.
+* (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used
+ for loading a new page in Javascript,instead of relying on the URL in the link
+ that has been clicked.
+* (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and
+ ParserOutput.
+* (bug 68313) Preferences: Turn stubthreshold back into a combo box.
+* (bug 65214) Fix initSiteStats.php maintenance script.
+* (bug 67594) Special:ActiveUsers: Fix to work with PostgreSQL.
+
+== MediaWiki 1.23.1 ==
+
+This is a security and maintenance release of the MediaWiki 1.23 branch.
+
+=== Changes since 1.23.0 ===
+
+* (bug 65839) SECURITY: Prevent external resources in SVG files.
+* (bug 67025) Special:Watchlist: Don't try to render empty row.
+* (bug 66922) Don't allow some E_NOTICE messages to end up in the LocalSettings.php.
+* (bug 66467) FileBackend: Avoid using popen() when "parallelize" is disabled.
+* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects
+ like only extracting the tail of the file partially or not at all.
+* (bug 66182) Removed -x flag on some php files.
+
+== MediaWiki 1.23.0 ==
+
+=== Configuration changes in 1.23 ===
+* (bug 13250) Restored method for clearing a watchlist in web UI
+ so that users with large watchlists don't have to perform
+ contortions to clear them.
+* When $wgJobRunRate is higher than zero, jobs are now executed via an
+ asynchronous HTTP request to a MediaWiki entry point. This may require
+ increasing the number of server worker threads. $wgRunJobsAsync has been
+ added to disable this feature if needed, falling back to executing the job
+ on the same process but making the execution synchronously.
+* $wgDebugLogGroups values may be set to an associative array with a
+ 'destination' key specifying the log destination. The array may also contain
+ a 'sample' key with a positive integer value N indicating that the log group
+ should be sampled by dispatching one in every N messages on average. The
+ sampling is random.
+* In addition to the current exception log format, MediaWiki now serializes
+ exception metadata to JSON and logs it to the 'exception-json' log group.
+ This makes MediaWiki easier to integrate with log aggregation and analysis
+ tools.
+* $wgSquidServersNoPurge now supports the use of Classless Inter-Domain
+ Routing (CIDR) notation to specify contiguous blocks of IPv4 and/or IPv6
+ addresses that should be trusted to provide X-Forwarded-For headers.
+* Preferences 'watchcreations', 'watchdefault', 'enotifwatchlistpages' ("Add
+ pages I create and files I upload to my watchlist", "Add pages and files I
+ edit to my watchlist", "Email me when a page or file on my watchlist is
+ changed") are now enabled by default. In addition new user accounts' personal
+ and talk pages are now watched by them by default.
+* $wgLBFactoryConf: Class names have had underscores removed. The configuration
+ should be updated if LBFactory_Simple or LBFactory_Multi is configured.
+* $wgPasswordSenderName has been removed and is no longer functional. To set a
+ custom mailer name, the system message 'emailsender' should be modified
+ (default: "{{SITENAME}}").
+* (bug 63269) Email notifications were not correctly handling the
+ [[MediaWiki:Helppage]] message being set to a full URL (the default).
+ If you customized [[MediaWiki:Enotif body]] (the text of email notifications),
+ you'll need to edit it locally to include the URL via the new variable
+ $HELPPAGE instead of the parser functions fullurl and canonicalurl; otherwise
+ you don't have to do anything.
+* $wgDBAhandler was removed as the only class using it was also removed
+* The 'max threads' setting was removed from $wgDBservers.
+* Support for AdminSettings.php has been completely removed. All configuration
+ belongs in LocalSettings.php.
+* $wgSkipSkin, which has been replaceable by $wgSkipSkins since 2005 (r9249), is
+ now formally deprecated.
+* Removed deprecated $wgDisabledActions as it is hardly used anywhere.
+* $wgRateLimitLog has been deprecated and replaced by
+ $wgDebugLogGroup['ratelimit'].
+* $wgLocalInterwikis is an array containing multiple local interwiki prefixes
+ (interwiki prefixes that point back to the current wiki). This effectively
+ allows more than one value of $wgLocalInterwiki to be specified and
+ understood by the parser. The value of $wgLocalInterwiki is automatically
+ prepended to the start of this array.
+* $wgQueryPages has been removed. Query Pages should be added to by using the
+ wgQueryPages hook.
+* $wgHttpOnlyBlacklist has been removed.
+* $wgLicenseTerms has been removed as it was unused.
+* $wgProfileOnly is now deprecated; set the log file in
+ $wgDebugLogGroups['profileoutput'] to replace it.
+* $wgMaxBacklinksInvalidate was removed; use $wgJobBackoffThrottling instead
+* Deprecated ResourceLoaderGetStartupModules hook.
+
+=== New features in 1.23 ===
+* ResourceLoader can utilize the Web Storage API to cache modules client-side.
+ Compared to the browser cache, caching in Web Storage allows ResourceLoader
+ to be more granular about evicting stale modules from the cache while
+ retaining the ability to retrieve multiple modules in a single HTTP request.
+ This capability can be enabled by setting $wgResourceLoaderStorageEnabled to
+ true. This feature is currently considered experimental and should only be
+ enabled with care.
+* (bug 6092) Add expensive parser functions {{REVISIONID:}}, {{REVISIONUSER:}}
+ and {{REVISIONTIMESTAMP:}} (with friends).
+* Add "wgRelevantUserName" to mw.config containing the current
+ Skin::getRelevantUser value.
+* (bug 56033) Add content model to the page information.
+* Added Article::MissingArticleConditions hook to give extensions a chance to
+ hide their (unrelated) log entries.
+* Added LonelyPagesQuery hook to let extensions modify the query used to
+ generate Special:LonelyPages.
+* Added $wgOpenSearchDefaultLimit defining the default number of entries to show
+ on action=opensearch API call.
+* For namespaces with $wgNamespaceProtection (including the MediaWiki
+ namespace), the "protect" tab will be shown only if there are restriction
+ levels available that would restrict editing beyond what
+ $wgNamespaceProtection already applies. The protection form will offer only
+ those protection levels.
+* Added $wgAPIFormatModules, allowing extensions to add additional output
+ formatting modules for the API.
+* (bug 47812) The MediaWiki:Group-user.{css,js} pages can now be used to add
+ custom CSS or JavaScript enabled only for registered users.
+* (bug 52005) Special pages RecentChanges, RecentChangesLinked and Watchlist
+ now include a legend describing the symbols used in lists of changes.
+* Improved the accessibility of the tabs in Special:Preferences.
+* Added ApiBeforeMain hook, roughly equivalent to the BeforeInitialize hook:
+ it's called after everything is set up but before any major processing
+ happens.
+* The jquery.client module now performs a component-wise version comparison in
+ its #test method when strings are used in the browser map: version '1.10' is
+ now correctly considered larger than '1.2'. Using numbers in the version map
+ is not affected.
+* All API modules now support an assert parameter, which can either be
+ 'user' or 'bot'. The API will throw an error if the user is not logged
+ in (user) or does not have the 'bot' userright (bot). Based off of the
+ AssertEdit extension by Steve Sanbeg.
+* [[Special:Diff]] was added, allowing users to create internal links to
+ revision comparison pages using syntax such as [[Special:Diff/12345]],
+ [[Special:Diff/12345/prev]] or [[Special:Diff/12345/98765]].
+* New user accounts' personal and talk pages are now watched by them by default.
+* Added SkinTemplateGetLanguageLink hook to allow changing the html of language
+ links.
+* Added MessageCache::get hook as a new way to customize messages across
+ multiple sites.
+* Added jquery.throttle-debounce ResourceLoader module to limit the number of
+ callbacks for frequently occurring events.
+* Special:ProtectedPages shows now a table. The timestamp, the reason and
+ the protecting user are also shown.
+* Added experimental support for using Microsoft SQL Server as the database
+ backend.
+** Added new Microsoft SQL Server-specific configuration variable
+ $wgDBWindowsAuthentication, which makes the web server authenticate against
+ the database server using Integrated Windows Authentication instead of
+ $wgDBuser/$wgDBpassword.
+* HTMLForm 'select', 'selectandother', 'selectorother', 'multiselect', and
+ 'radio' fields can now use message keys as labels via the 'options-messages'
+ parameter, which overrides the 'options' parameter.
+* Admins can expire users passwords manually, or on a schedule using the
+ $wgPasswordExpirationDays configuration setting.
+* Add new hook SendWatchlistEmailNotification, this will be used to determine
+ whether to send a watchlist email notification.
+* (bug 42026) Special:Contributions now includes an option to filter page
+ creations, similar to the topOnly option.
+* Add mediawiki.ui.button styling to all pages so wiki content can use styled
+ buttons.
+* Special:UserLogin/signup now does AJAX checks for invalid and taken usernames,
+ displaying the error live.
+* Added BaseTemplateAfterPortlet hook to allow injecting html after portlets in skins.
+* Support has been added for a JSON based localisation file format. The
+ installer has been updated to use it.
+* Changes to content typography (colors, line-height etc.). See
+ https://www.mediawiki.org/wiki/Typography_refresh for further information.
+* The Vector skin's visual treatment of external links has been simplified to a
+ single icon (from nine). This should not affect local rules unless they were
+ re-using these icons, which have now been deleted.
+* ResourceLoader: mw.loader.using() now implements a Promise interface.
+* Add new hook ChangesListInitRows accessed via ChangesList::initChangesListRows.
+ If called by the ChangesList consumer this gives extensions a chance to batch
+ process the result set prior to rendering.
+* A PoolCounterRedis class was added which can be make use of in $wgPoolCounterConf.
+ This requires at least one Redis 2.6+ server.
+* $wgProfileToDatabase was removed. Set $wgProfiler to ProfilerSimpleDB
+ in StartProfiler.php instead of using this.
+* (bug 63444) Made it possible to change the indent string (default: 4 spaces)
+ used by FormatJson::encode().
+
+=== Bug fixes in 1.23 ===
+* (bug 41759) The "updated since last visit" markers (on history pages, recent
+ changes and watchlist) and the talk page message indicator are now correctly
+ updated when the user is viewing old revisions of pages, instead of always
+ acting as if the latest revision was being viewed.
+* (bug 56443) Special:ConfirmEmail no longer shows a "Mail a confirmation code"
+ when the email address is already confirmed. Also, consistently use
+ "confirmed", rather than "authenticated", when messaging whether or not the
+ user has confirmed an email address.
+* (bug 19415) action=render no longer shows section edit links. This affects
+ behavior of several other features where (bogus) section edit links will
+ disappear, such as file description pages loaded via $wgUseInstantCommons or
+ pages transcluded cross-wiki via $wgEnableScaryTranscluding.
+* (bug 56912) Show correct link color on cached result of Special:DeadendPages.
+* Classes TitleListDependency and TitleDependency have been removed, as they
+ have been found unused in core and extensions for a long time.
+* (bug 57098) SpecialPasswordReset now obeys returnto parameter
+* (bug 37812) ResourceLoader will notice when a module's definition changes and
+ recompile it accordingly.
+* (bug 57201) SpecialRecentChangesFilters hook is now executed for feeds.
+* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages
+ to appear blank or with missing text.
+* (bug 56931) Updated the plural rules to CLDR 24. They are in new format
+ which is detailed in UTS 35 Rev 33. The PHP parser and evaluator as well as
+ the JavaScript evaluator were updated to support the new format. Plural rules
+ for some languages have changed, most notably Russian. Affected software
+ messages have been updated and marked for review at translatewiki.net.
+* (bug 23542) imagelinks now stores both the redirect and target (as
+ templatelinks does).
+* (bug 58167) The web installer no longer throws an exception when PHP is
+ compiled without support for MySQL yet with support for another DBMS.
+* (bug 56199) Raw option of parser functions must now match complete word,
+ to take effect.
+* (bug 60543) Special:PrefixIndex forgot stripprefix=1 for "Next page" link
+* (bug 29762) Undoing an already-undone edit will now display an appropriate
+ message instead of leading the user to make a null edit.
+* (bug 52659) mediawiki.notification: Notification area remained visible when
+ empty and thus was stealing pointer events from links on the page.
+* (bug 26811) When a DBUnexpectedError occurs, DB server hostnames are now
+ hidden unless $wgShowExceptionDetails is true, and $wgShowDBErrorBacktrace
+ no longer applies in such cases.
+* (bug 60960) Avoid doing file_exist() checks on data: URIs, as they cause
+ warnings to be printed on Windows due to large path length.
+* (bug 48084) Fixed a bug in the installer that could cause $wgLogo to hold
+ the wrong path to the placeholder logo (skins/common/images/wiki.png).
+* (bug 64289) jquery.textSelection: Don't throw errors on empty collections.
+
+=== Web API changes in 1.23 ===
+* (bug 54884) action=parse&prop=categories now indicates hidden and missing
+ categories.
+* action=query&meta=filerepoinfo now returns additional information for each
+ repo.
+* action=parse&prop=languageshtml was deprecated in 1.18 and will be removed in
+ MediaWiki 1.24.
+* action=parse now has disabletoc flag to disable table of contents in output.
+* (bug 25702) list=allcategories, list=allimages, list=alllinks, list=allpages,
+ list=deletedrevs and list=filearchive did not handle case-sensitivity
+ properly for all parameters.
+* ApiQueryBase::titlePartToKey allows an extra parameter that indicates the
+ namespace in order to properly capitalize the title part.
+* (bug 57874) action=feedcontributions no longer has one item more than limit.
+* All API modules now support an assert parameter. See the new features section
+ for more details.
+* Added prop=contributors to fetch the list of contributors to the page.
+* The following API modules will now return entries where fields have been
+ revision-deleted: list=deletedrevs, list=filearchive, list=recentchanges,
+ list=watchlist. "hidden" indicators will be included, in the same style as is
+ already done for prop=revisions.
+* The following API modules will now return the content of revision-deleted
+ fields, in addition to the "hidden" indicators, if the querying user has the
+ necessary rights: list=logevents, list=usercontribs, prop=imageinfo,
+ prop=revisions.
+* The above modules, where applicable, will now return entries filtered by
+ revision-deleted fields if the querying user has the necessary rights. For
+ example, prop=revisions with rvuser or rvexcludeuser will no longer skip
+ revisions where the user was revision-deleted if the current user has the
+ deletedhistory right.
+* The 'hideuser' right, used when blocking, is no longer necessary or
+ sufficient for seeing contributions with revision-deleted in
+ list=usercontribs.
+* list=watchlist now uses the querying user's rights rather than the wlowner's
+ rights when checking whether wlprop=patrol is allowed.
+* (bug 32151) ApiWatch now has pageset capabilities (titles/pageids/generators).
+ Title parameter is now deprecated.
+* (bug 23005) Added action=revisiondelete.
+* Added siprop=restrictions to API action=query&meta=siteinfo for querying
+ possible page restriction (protection) levels and types.
+* Added prop 'limitreportdata' and 'limitreporthtml' to action=parse.
+* (bug 58627) Provide language names on action=parse&prop=langlinks.
+* Deprecated llurl= in favour of llprop=url for action=query&prop=langlinks.
+* Added llprop=langname and llprop=autonym for action=query&prop=langlinks.
+* prop=redirects is added, to return redirects to the pages in the query.
+* list=allredirects is added, to list all redirects pointing to a namespace.
+* (bug 42026) Added ucshow={new,!new,top,!top} to list=usercontribs.
+ Also added newonly to action=feedcontributions.
+* (bug 42026) Deprecated uctoponly in favor of ucshow=top.
+* list=search no longer has a "srredirects" parameter. Redirects are now
+ included in all searches.
+* Added list=prefixsearch that works like action=opensearch but can be used as
+ a generator.
+* (bug 24782) Various modules will now use unique continuation parameters.
+* (bug 63249) Cache RecentChanges Atom feed in varnish for 15 seconds.
+
+=== Languages updated in 1.23 ===
+
+MediaWiki supports over 350 languages. Many localisations are updated
+regularly. Below only new and removed languages are listed, as well as
+changes to languages because of Bugzilla reports.
+
+* Support was added for Algerian Spoken Arabic (arq).
+* Support was added for Riograndenser Hunsrückisch (hrx).
+* Support was added for Northern Luri (lrc).
+
+=== Other changes in 1.23 ===
+* The rc_type field in the recentchanges table has been superseded by a new
+ rc_source field. The rc_source field is a string representation of the
+ change type where rc_type was a numeric constant. This field is not yet
+ queried but will be in a future release.
+** Utilize update.php to create and populate this new field. On larger wikis
+ which do not wish to update recentchanges table in one large update please
+ review the SQL and comments in maintenance/archives/patch-rc_source.sql.
+** The rc_type field of recentchanges will be deprecated in a future release.
+* The global variable $wgArticle has been removed after a lengthy deprecation.
+* The global functions addButton and insertTags (for mw.toolbar.addButton and
+ mw.toolbar.insertTags) now emits mw.log.warn when accessed.
+* The ExpandTemplates extension has been moved into MediaWiki core.
+* (bug 52812) Removed "Disable search suggestions" from Preference.
+* (bug 52809) Removed "Disable browser page caching" from Preference.
+* Three new modules intended for use by custom skins were added:
+ 'mediawiki.skinning.elements', 'mediawiki.skinning.content', and
+ 'mediawiki.skinning.interface', representing three levels of standard
+ MediaWiki styling. Previously skin creators wishing to use them had to refer
+ to the file names of appropriate files directly, which is now discouraged.
+* The modules 'skins.vector' and 'skins.monobook' have been renamed to
+ 'skins.vector.styles' and 'skins.monobook.styles', respectively,
+ and their definition was changed not to include the common*.css files;
+ the two skins now load the 'mediawiki.skinning.interface' module instead.
+* A page_links_updated field has been added to the page table.
+* SpecialPage::getTitle has been deprecated in favor of
+ SpecialPage::getPageTitle.
+* BREAKING CHANGE: Two potentially backwards-incompatible changes have been made
+ to the 'SpecialWatchlistQuery' hook's last parameter (array $values) to make
+ the hook more consistent with the 'SpecialRecentChangesQuery' one:
+** Several array keys have been renamed: hideMinor → hideminor,
+ hideBots → hidebots, hideAnons → hideanons, hideLiu → hideliu,
+ hidePatrolled → hidepatrolled, hideOwn → hidemyself.
+** The parameter value is now a FormOptions object, not a plain array (array
+ access operators should continue to work, as it implements the ArrayAccess
+ interface).
+* Option to mark hooks as deprecated has been added.
+* (bug 52811) Preference "Enable section editing via [edit] links" was removed.
+* (bug 52813) Preference "Show table of contents (for pages with more than
+ 3 headings)" was removed.
+* (bug 52810) Preference "Justify paragraphs" was removed.
+* OutputPage::showErrorPage raises a notice if arguments are incoherent.
+* Thumbnails that keep failing to render in thumb.php will be rate-limited
+ against further render attempts for 1 hour. $wgAttemptFailureEpoch can be
+ altered to reset all rate-limited thumbnails at once.
+* (bug 56572) Builds of the OOjs and OOjs UI libraries are now available.
+* mw.loader.go and mw.loader.version have been removed.
+* (bug 52815) Preference "Enable simplified search bar (Vector skin only)"
+ was removed.
+* A user_password_expires column has been added to the user table. The User
+ object expects this column to exist. Use update.php to create this new field.
+* The jquery.delayedBind ResourceLoader module was deprecated in favor of the
+ jquery.throttle-debounce module. It will be removed in MediaWiki 1.24.
+* mw.user.bucket has been deprecated.
+* On Special:PrefixIndex, a table#mw-prefixindex-list-table was changed to
+ table.mw-prefixindex-list-table to avoid duplicate ids when the special page
+ is transcluded.
+* (bug 62198) window.$j has been deprecated.
+* Preference "Disable link title conversion" was removed.
+* SpecialRecentChanges no longer includes any functionality for generating feeds
+ - it has been factored out to ApiFeedRecentChanges. Old URLs redirect to new
+ ones.
+* RecentChange::mExtra['lang'] is no longer set and should no longer be used.
+ Extensions should read from other configuration variables, including
+ $wgLocalInterwikis, to identify the current wiki.
+* Sections in the parser test framework have been renamed and the old
+ section names are deprecated. Please use "!!wikitext" and "!!html"
+ (or "!!html/php") instead of "!!input" and "!!result". This allows
+ us to extend parser tests to accommodate additional input/output
+ pairs, such as "!!html/parsoid" (for the output of the Parsoid
+ parser, where it differs from the PHP parser).
+* Special:Search no longer has an "include redirects" option on the advanced
+ tab. Redirects are now included in all searches.
+* mediawiki.api.category's getCategories() 'async' parameter was deprecated.
+* The locations of resources have been split between upstream libraries, now in
+ resources/lib/, local libaries in resources/src/, and local forks of upstream
+ libraries, also in resources/src/.
+* BREAKING CHANGE: The automatically-generated function closure with which
+ ResourceLoader wraps all modules' JavaScript code now binds the identifier
+ names 'jQuery' and '$' to the jQuery object of the version of jQuery that is
+ bundled with MediaWiki. If you bind these names to other objects in global
+ scope (like Zepto.js or document.querySelectorAll, for example) you will need
+ to use different names to or re-bind them at the top of each
+ ResourceLoader-loaded module.
+* (bug 52342) Preference "Remember my login" was removed.
+* The skin autodiscovery mechanism has been deprecated and will be removed in
+ MediaWiki 1.25. See https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery
+ for migration guide for creators and users of custom skins that relied on it.
+
+==== Removed classes ====
+* FakeMemCachedClient (deprecated in 1.18)
+* RdfMetaData (unused)
+* TitleDependency (unused)
+* TitleListDependency (unused)
+* WikiError (deprecated in 1.17)
+* WikiXmlError (deprecated in 1.17)
+* WikiErrorMsg (deprecated in 1.17)
+
+==== Renamed classes ====
+* CdbReader_DBA to CdbReaderDBA
+* CdbReader_PHP to CdbReaderPHP
+* CdbWriter_DBA to CdbWriterDBA
+* CdbWriter_PHP to CdbWriterPHP
+* DiffOp_Add to DiffOpAdd
+* DiffOp_Change to DiffOpChange
+* DiffOp_Copy to DiffOpCopy
+* DiffOp_Delete to DiffOpDelete
+* HWLDF_WordAccumulator to HWLDFWordAccumulator
+* LBFactory_Fake to LBFactoryFake
+* LBFactory_Multi to LBFactoryMulti
+* LBFactory_Simple to LBFactorySimple
+* LBFactory_Single to LBFactorySingle
+* LCStore_Accel to LCStoreAccel
+* LCStore_CDB to LCStoreCDB
+* LCStore_DB to LCStoreDB
+* LCStore_Null to LCStoreNull
+* LoadBalancer_Single to LoadBalancerSingle
+* LoadMonitor_MySQL to LoadMonitorMySQL
+* LoadMonitor_Null to LoadMonitorNull
+* LocalisationCache_BulkLoad to LocalisationCacheBulkLoad
+* csvStatsOutput to CsvStatsOutput
+* extensionLanguages to ExtensionLanguages
+* languages to Languages
+* statsOutput to StatsOutput
+* textStatsOutput to TextStatsOutput
+* wikiStatsOutput to WikiStatsOutput
+
+==== Removed methods ====
+* ApiBase::getValidNamespaces() (deprecated in 1.17)
+* ApiMain::setCachePrivate() (deprecated in 1.17)
+* ApiMain::setVaryCookie (deprecated in 1.17)
+* Article::doRedirect() (deprecated in 1.18)
+* Article::doUnwatch() (deprecated in 1.18)
+* Article::doWatch() (deprecated in 1.18)
+* Article::forUpdate() (deprecated in 1.18)
+* Article::markpatrolled() (deprecated in 1.18)
+* Article::unwatch() (deprecated in 1.18)
+* Article::watch() (deprecated in 1.18)
+* Block::clear() (deprecated in 1.18)
+* Block::decodeExpiry() (deprecated in 1.18)
+* Block::encodeExpiry() (deprecated in 1.18)
+* Block::forUpdate() (deprecated in 1.18)
+* Block::infinity() (deprecated in 1.18)
+* Block::load() (deprecated in 1.18)
+* Block::newFromDB() (deprecated in 1.18)
+* Block::normaliseRange() (deprecated in 1.18)
+* Block::parseExpiryInput() (deprecated in 1.18)
+* CategoryViewer::addSubcategory() (deprecated in 1.17)
+* EditPage::spamPage() (deprecated since 1.17)
+* Exif::getFormattedData() (deprecated in 1.18)
+* Exif::makeFormattedData() (deprecated in 1.18)
+* in_string (deprecated in 1.21)
+* Language::convertLinkToAllVariants() (deprecated in 1.17)
+* LanguageConverter::convertLinkToAllVariants() (deprecated in 1.17)
+* Linker::makeBrokenLink() (deprecated in 1.16)
+* Linker::makeBrokenLinkObj() (deprecated in 1.16)
+* Linker::makeColouredLinkObj() (deprecated in 1.16)
+* Linker::makeSizeLinkObj() (deprecated in 1.17)
+* MediaWiki::articleFromTitle() (deprecated in 1.18)
+* ParserOptions::getkin() (deprecated 1.18)
+* ProfilerSimple::getCpuTime (deprecated in 1.20)
+* Revision::revText() (deprecated in 1.17)
+* SkinTemplate::jstext() (deprecated in 1.21)
+* SpecialPage::__call() (deprecated in 1.17)
+* SpecialPage::executePath() (deprecated in 1.18)
+* SpecialPage::exists() (deprecated in 1.18)
+* SpecialPage::file() (deprecated in 1.18)
+* SpecialPage::func() (deprecated in 1.18)
+* SpecialPage::getGroup() (deprecated in 1.18)
+* SpecialPage::getPage() (deprecated in 1.18)
+* SpecialPage::getPageByAlias() (deprecated in 1.18)
+* SpecialPage::getLocalNameFor() (deprecated in 1.18)
+* SpecialPage::getRegularPages() (deprecated in 1.18)
+* SpecialPage::getRestrictedPages() (deprecated in 1.18)
+* SpecialPage::getTitleForAlias() (deprecated in 1.18)
+* SpecialPage::getUsablePages() (deprecated in 1.18)
+* SpecialPage::includable() (deprecated in 1.18)
+* SpecialPage::init()
+* SpecialPage::initAliasList() (deprecated in 1.18)
+* SpecialPage::initList() (deprecated in 1.18)
+* SpecialPage::name() (deprecated in 1.18)
+* SpecialPage::removePage() (deprecated in 1.18)
+* SpecialPage::resolveAlias() (deprecated in 1.18)
+* SpecialPage::resolveAliasWithSubpage() (deprecated in 1.18)
+* SpecialPage::restriction() (deprecated in 1.18)
+* SpecialPage::setGroup() (deprecated in 1.18)
+* SpecialRecentChanges::feedSetup()
+* SpecialRevisionDelete::extractBitField() (deprecated in 1.22)
+* User::getPageRenderingHash() (deprecated in 1.17)
+* WebRequest::getFileSize() (deprecated in 1.17)
+* WebRequest::isPathInfoBad() (deprecated in 1.17)
+* wfGenerateToken (deprecated in 1.20)
+* wfStreamFile (deprecated in 1.19)
+* wfUILang (deprecated in 1.18)
+* WikiPage::createUpdates() (deprecated in 1.18)
+* WikiPage::quickEdit() (deprecated in 1.18)
+* WikiPage::useParserCache() (deprecated in 1.18)
+* WikiPage::viewUpdates() (deprecated in 1.18)
+
+==== Removed globals ====
+* $wgBetterDirectionality (deprecated in 1.18)
+
+= MediaWiki 1.22 =
+
+== MediaWiki 1.22.15 ==
+
+This is a security and maintenance release of the MediaWiki 1.22 branch.
+
+=== Changes since 1.22.14 ===
+
+* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which
+ could lead to xss. Permission to edit MediaWiki namespace is required to
+ exploit this.
+* (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in
+ $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as
+ part of its name.
+* (bug T74222) The original patch for T74222 was reverted as unnecessary.
+
+== MediaWiki 1.22.14 ==
+
+This is a security and maintenance release of the MediaWiki 1.22 branch.
+
+=== Changes since 1.22.13 ===
+
+* (bugs 66776, 71478) SECURITY: User PleaseStand reported a way to inject code
+ into API clients that used format=php to process pages that underwent flash
+ policy mangling. This was fixed along with improving how the mangling was done
+ for format=json, and allowing sites to disable the mangling using
+ $wgMangleFlashPolicy.
+* (bug 70901) SECURITY: User Jackmcbarn reported that the ability to update
+ the content model for a page could allow an unprivileged attacker to edit
+ another user's common.js under certain circumstances. The user right
+ "editcontentmodel" was added, and is needed to change a revision's content
+ model.
+* (bug 72222) SECURITY: Do not show log action when the entry is revdeleted with
+ DELETED_ACTION. NOTICE: this may be reverted in a future release pending a
+ public RFC about the desired functionality. This issue was reported by user
+ Bawolff.
+* (bug 71621) Make allowing site-wide styles on restricted special pages a
+ config option.
+* $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that
+ might be a flash policy directive configurable.
+
+== MediaWiki 1.22.13 ==
+This is a maintenance release of the MediaWiki 1.22 branch.
+
+=== Changes since 1.22.12 ===
+* (bug 67440) Allow classes to be registered properly from installer
+
+== MediaWiki 1.22.12 ==
+This is a security release of the MediaWiki 1.22 branch.
+
+=== Changes since 1.22.11 ===
+* (bug 70672) SECURITY: OutputPage: Remove separation of css and js module allowance.
+
+== MediaWiki 1.22.11 ==
+This is a security release of the MediaWiki 1.22 branch.
+
+=== Changes since 1.22.10 ===
+* (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style> elements; normalize style elements and attributes before filtering; add checks for attributes that contain css; add unit tests for html5sec and reported bugs.
+
+== MediaWiki 1.22.10 ==
+This is a maintenance release of the MediaWiki 1.22 branch.
+
+=== Changes since 1.22.9 ===
+* (bug 64970) Fix support for blobs on DatabaseOracle::update
+* (bug 60719) In MediaWiki 1.22, the job queue execution on each page request was changed (Gerrit change 59797) so, instead of executing the job inside the same PHP process that's rendering the page, a new PHP cli command is spawned to execute runJobs.php in the background. It will only work if $wgPhpCli is set to an actual path or safe mode is off, otherwise, the old method will be used. https://www.mediawiki.org/wiki/Manual:Job_queue#Changes_introduced_in_MediaWiki_1.22 for more infomation. This change was in earlier releases of 1.22 but was not noted here until now.
+
+== MediaWiki 1.22.9 ==
+This is a security and maintenance release of the MediaWiki 1.22 branch.
+
+=== Changes since 1.22.8 ===
+* (bug 68187) SECURITY: Prepend jsonp callback with comment.
+* (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used for loading a new page in Javascript,instead of relying on the URL in the link that has been clicked.
+* (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and ParserOutput.
+* (bug 59147) The img_metadata field was not being decoded from bytea into text.
+
+== MediaWiki 1.22.8 ==
+This is a security and maintenance release of the MediaWiki 1.22 branch.
+
+=== Changes since 1.22.7 ===
+* (bug 65839) SECURITY: Prevent external resources in SVG files.
+* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like only extracting the tail of the file partially or not at all.
+
+== MediaWiki 1.22.7 ==
+This is a security and maintenance release of the MediaWiki 1.22 branch.
+
+=== Changes since 1.22.6 ===
+* (bug 65501) SECURITY: Don't parse usernames as wikitext on Special:PasswordReset.
+* (bug 36356) Add space between two feed links.
+* (bug 63269) Email notifications were not correctly handling the MediaWiki:Helppage message being set to a full URL. This is a regression from the 1.22.5 point release, which made the default value for it a URL. If you customized MediaWiki:Enotif body (the text of email notifications), you'll need to edit it locally to include the URL via the new variable $HELPPAGE instead of the parser functions fullurl and canonicalurl; otherwise you don't have to do anything.
+Add missing uploadstash.us_props for PostgreSQL.
+* (bug 56047) Fixed stream wrapper in PhpHttpRequest.
+
+== MediaWiki 1.22.6 ==
+This is a security release of the MediaWiki 1.22 branch.
+
+=== Changes since 1.22.5 ===
+* (bug 63251) SECURITY: Escape sortKey in pageInfo.
+
+== MediaWiki 1.22.5 ==
+This is a security and maintenance release of the MediaWiki 1.22 branch.
+
+=== Changes since 1.22.4 ===
+* (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword.
+* (bug 62467) Set a title for the context during import on the cli.
+* Fix custom local MediaWiki:Helppage values.
+* mediawiki.js: Fix documentation breakage.
+* (bug 58153) Make MySQLi work with non standard port.
+* (bug 53887) Reintroduced a link to help pages in the default sidebar, that any sysop can customize by editing MediaWiki:Sidebar locally. The link now points to a mediawiki.org page which is guaranteed to exist. Nothing needs to be done on your end, but remember to adjust MediaWiki:Sidebar for the needs of your wikis. Everyone can help with the shared documentation by translating: https://www.mediawiki.org/wiki/Special:Translate/agg-Help_pages .
+* (bug 53888) Corrected a regression in 1.22 which introduced red links on the login page. If you previously installed 1.22.x and have created a local page to make the red link blue, write its title as in MediaWiki:helplogin-url if you didn't already. Otherwise, you don't need to do anything, but you can translate the help page at https://www.mediawiki.org/wiki/Help:Logging_in .
+
+== MediaWiki 1.22.4 ==
+This is a maintenance release of the MediaWiki 1.22 branch.
+
+=== Changes since 1.22.3 ===
+* Use the correct branch of the extensions' git repositories.
+
+== MediaWiki 1.22.3 ==
+This is a security and bugfix release of the MediaWiki 1.22 branch.
+
+=== Changes since 1.22.2 ===
+* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. * User will get an error including the namespace name if they use a non- whitelisted namespace.
+* (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time.
+* (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.
+* (bug 53710) Add sequence support for upsert in DatabaseOracle in the same way as in selectInsert
+* (bug 60231, bug 58719) Various fixes to job running code in Wiki.php: Make it async on Windows. Fixed possible "invalid filename" errors on Windows. Redirect output to dev/null to avoid hanging PHP.
+* (bug 60083) Correct sequence name for fresh Postgres installation. Spotted by gebhkla
+* (bug 60531) Avoid variable naming conflicts in DatabasePostgres::selectSQLText. Spotted by gebhkla
+* (bug 60094) Fix rebuildall.php fatal error with PostgreSQL.
+* (bug 43817) Add error handling if descriptionmsg isn't defined for extension.
+* (bug 60543) Special:PrefixIndex omits stripprefix=1 for "Next page" link.
+
+== MediaWiki 1.22.2 ==
+This is a security and bugfix release of the MediaWiki 1.22 branch.
+
+=== Changes since 1.22.1 ===
+* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media formats
+* (bug 58253) Check for very old PCRE versions in installer and updater
+* (bug 60054) Make WikiPage::$mPreparedEdit public
+
+== MediaWiki 1.22.1 ==
+This is a security and maintenance release of the MediaWiki 1.22 branch.
+
+=== Changes since 1.22.0 ===
+* (bug 57550) SECURITY: Disallow stylesheets in SVG Uploads
+* (bug 58088) SECURITY: Don't normalize U+FF3C to \ in CSS Checks
+* (bug 58472) SECURITY: Disallow -o-link in styles
+* (bug 58553) SECURITY: Return error on invalid XML for SVG Uploads
+* (bug 58699) SECURITY: Fix RevDel log entry information leaks
+* (bug 58178) Restore compatibility with curl < 7.16.2.
+* (bug 56931) Updated the plural rules to CLDR 24. They are in new format which is detailed in UTS 35 Rev 33. The PHP parser and evaluator as well as the JavaScript evaluator were updated to support the new format. Plural rules for some languages have changed, most notably Russian. Affected software messages have been updated and marked for review at translatewiki.net. This change is backported from the development branch of MediaWiki 1.23.
+* (bug 58434) The broken installer for database backend Oracle was fixed.
+* (bug 58167) The web installer no longer throws an exception when PHP is compiled without support for MySQL yet with support for another DBMS.
+* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to appear blank or with missing text.
+* (bug 47055) Changed FOR UPDATE handling in Postgresql
+* (bug 57026) Avoid extra parsing in prepareContentForEdit()
+
+== MediaWiki 1.22.0 ==
+
+=== Configuration changes in 1.22 ===
+* $wgRedirectScript was removed. It was unused.
+* Removed $wgLocalMessageCacheSerialized, it is now always true.
+* $wgVectorUseIconWatch is now enabled by default.
+* $wgCascadingRestrictionLevels was added.
+* ftps, ssh, sftp, xmpp, sip, sips, tel, sms, bitcoin, magnet, urn, and geo
+ have been whitelisted inside of $wgUrlProtocols.
+* $wgDocType and $wgDTD have been removed and are no longer used for the DOCTYPE.
+* $wgHtml5 is no longer used by core. Setting it to false will no longer disable HTML5.
+ It is still set to true for extension compatibility but doing so in extensions is deprecated.
+* $wgXhtmlDefaultNamespace is no longer used by core. Setting it will no longer change the
+ xmlns used by MediaWiki. Reliance on this variable by extensions is deprecated.
+* $wgHandheldStyle was removed.
+* $wgHandheldForIPhone was removed.
+* $wgJsMimeType is no longer used by core. Most usage has been removed since
+ HTML output is now exclusively HTML5.
+* $wgDBOracleDRCP added. True enables persistent connection with DRCP on Oracle.
+* $wgLogAutopatrol added to allow disabling logging of autopatrol edits in the logging table.
+ Default for $wgLogAutopatrol is true.
+* The 'edit' right no longer allows for editing a user's own CSS and JS.
+* New rights 'editmyusercss', 'editmyuserjs', 'viewmywatchlist',
+ 'editmywatchlist', 'viewmyprivateinfo', 'editmyprivateinfo', and
+ 'editmyoptions' restrict actions that were formerly allowed by default. They
+ have been added to the default for $wgGroupPermissions['*'].
+* The 'editprotected' right no longer allows bypassing of all page protection
+ restrictions. Any group using it for this purpose will now need to have all
+ the individual rights listed in $wgRestrictionTypes for the same effect.
+* The 'protect' and 'autoconfirmed' rights are no longer used for the default
+ page protection levels. The rights 'editprotected' and 'editsemiprotected'
+ are now used for this purpose instead.
+* (bug 40866) wgOldChangeTagsIndex removed.
+* $wgNoFollowDomainExceptions now only matches entire domains. For example,
+ an entry for 'bar.com' will still match 'foo.bar.com' but not 'foobar.com'.
+* $wgCopyUploadTimeout and $wgCopyUploadAsyncTimeout added to change the timeout times for
+ fetching the file during upload by url.
+* New key added to $wgGalleryOptions - $wgGalleryOptions['mode'] to set
+ default gallery mode.
+* New hook 'GalleryGetModes' to allow extensions to make new gallery modes.
+* The checkbox for staying in HTTPS displayed on the login form when $wgSecureLogin is
+ enabled has been removed. Instead, whether the user stays in HTTPS will be determined
+ based on the user's preferences, and whether they came from HTTPS or not.
+* $wgRC2UDPAddress, $wgRC2UDPInterwikiPrefix, $wgRC2UDPOmitBots, $wgRC2UDPPort,
+ and $wgRC2UDPPrefix configuration options have been deprecated in favor of a
+ $wgRCFeeds configuration array. $wgRCFeeds makes both the format and
+ destination of recent change notifications customizable, and allows for
+ multiple destinations to be specified.
+* (bug 53862) portal-url, currentevents-url and helppage have been removed from the
+ default Sidebar.
+* The 'vector-simplesearch' preference is now enabled by default. Previously
+ it was only enabled if the Vector extension was installed.
+* The precise format of metric datagrams produced by the UDP profiler and stats counter
+ may now be specified as $wgUDPProfilerFormatString and $wgStatsFormatString,
+ respectively.
+* (bug 54597) $wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath, and
+ $wgProxyMemcExpiry have been removed, along with the open proxy scanner
+ script they were added for.
+* Default value of $wgMaxShellMemory has been tripled (it's now 300 MB).
+
+=== New features in 1.22 ===
+* You can now install extensions using Composer.
+ See https://www.mediawiki.org/wiki/Composer
+* (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and attributes.
+* (bug 33454) Language::sprintfDate now has a timezone parameter, and supports
+ the "eIOPTZ" formatting characters.
+* EditWarning: A warning is shown when an editor leaves the edit form without
+ saving (enabled by default, users can opt-out via the 'useeditwarning'
+ preference). This feature was moved from the Vector extension, and is now part
+ of core for all skins. Take care when upgrading that you don't use an older
+ version of the Vector extension as this feature may conflict.
+* New 'mediawiki.ui' CSS module providing mw-ui-* styles for buttons and a
+ compact vertical form layout.
+* HTMLForm supports a new display format 'vform' which applies this compact vertical
+ layout and button styling. Special:PasswordReset uses this format.
+* New versions of login (Special:UserLogin) and create account
+ (Special:UserLogin/signup) forms using the "vform" compact vertical form layout.
+ These forms use new messages that assume a "Help logging in" link, see
+ https://www.mediawiki.org/wiki/Manual:Page_customizations;
+ https://www.mediawiki.org/wiki/Account_creation_user_experience/Strings lists the
+ message key changes.
+* (bug 23343) Implemented ability to apply IP blocks to the contents of X-Forwarded-For headers
+ by adding a new configuration variable $wgApplyIpBlocksToXff (disabled by default).
+* The new hook 'APIGetPossibleErrors' to modify the list of possible errors was
+ added.
+* (bug 25592) LogEventsList::showLogExtract() will now ignore various
+ Pager-related WebRequest parameters by default, as this is overwhelmingly
+ likely to be what was intended by users of the method. If any caller wishes
+ to use these parameters, the new param 'useRequestParams' may be set to true.
+* mw.util.addPortletLink: Tooltip is no longer required to be plain (without
+ an accesskey in it already). As such it now rountrips. Creating a link with a
+ message as tooltip, grabbing the title attribute and using it to create
+ another portlet will work as expected.
+* (bug 6747) {{ROOTPAGENAME}} introduced, contains the name of the topmost
+ page without namespace.
+* BREAKING CHANGE: (bug 41729) Display editsection links next to headings. Also
+ change their class name from .editsection to .mw-editsection and place them at
+ the end of the heading element instead of the beginning. Client-side code and
+ screen-scrapers will have to be adjusted to handle both cases (old HTML will
+ still be visible on cached page renders until they are purged); extensions
+ using the DoEditSectionLink or EditSectionLink hooks might need adjustments as
+ well.
+* (bug 45535) introduced the new 'LanguageLinks' hook for manipulating the
+ language links associated with a page before display.
+* Chosen (http://harvesthq.github.io/chosen/) was added as module 'jquery.chosen'
+* HTMLForm will turn multiselect checkboxes into a Chosen interface when setting cssclass 'mw-chosen'
+* rebuildLocalisationCache learned --lang option. Let you rebuild l10n caches
+ of the specified languages instead of all of them.
+* New GetNewMessagesAlert hook allowing extensions to disable or modify the new
+ messages alert
+* New wgUserNewMsgRevisionId JS global for logged in users. This will be null
+ if the user has no new talk page messages. Otherwise it will be set to the
+ revision ID of the oldest new talk page message. This will allow gadgets and
+ extensions to create their own new message alerts on the client side.
+* mediawiki.log: Added log.warn wrapper (uses console.warn and console.trace).
+* mediawiki.log: Implemented log.deprecate. This method defines a property and
+ uses ES5 getter/setter to emit a warning when they are used.
+* $wgCascadingRestrictionLevels was added, allowing one to specify restriction levels
+ which can be cascading (previously 'sysop' was hard-coded as the only one).
+* XHTML5 support has been improved. If you set $wgMimeType = 'application/xhtml+xml'
+ MediaWiki will try outputting markup according to XHTML5 rules.
+* Altered hook 'ProtectionForm::save', adding the reason page protection is
+ changed as third parameter.
+* New hook 'TitleSquidURLs' for manipulating the list of URLs to be purged from
+ HTTP caches when a page is changed.
+* Changed the patrolling system to always show the link for patrolling in case the
+ current revision is patrollable. This also removed the usage of the rcid URI parameters.
+* Oracle DB backend now supports Database Resident Connection Pooling (DRCP).
+ Can be enabled by setting $wgDBOracleDRCP=true.
+ Requires Oracle DB 11gR1 or above, enabled DRCP inside the DB itself and a
+ propper connect string.
+ More about DRCP can be found at:
+ http://www.oracle-base.com/articles/11g/database-resident-connection-pool-11gr1.php
+* Add a new parameter $patrolFooterShown to hook ArticleViewFooter so the hook
+ handlers can take further action based on the status of the patrol footer
+* A new hook TitleQuickPermissions was added to allow overriding of quick
+ permissions in the Title class.
+* LinkCache singleton can now be altered or cleared, letting one to specify
+ another instance that does not rely on a database backend.
+* MediaWiki's PHPUnit tests can now use PHPUnit installed using composer --dev.
+* (bug 43689) The lists of templates used on the page and hidden categories it
+ is a member of, shown below the edit form, are now collapsible (and collapsed
+ by default).
+* Parser profiling data, formerly only available in the "NewPP limit report"
+ HTML comment, is now also displayed at the bottom of page previews.
+* Added ParserLimitReportPrepare and ParserLimitReportFormat hooks, deprecated
+ ParserLimitReport hook.
+* New user rights have been added to increase granularity in rights management
+ for extensions such as OAuth:
+** editmyusercss controls whether a user may edit their own CSS subpages.
+** editmyuserjs controls whether a user may edit their own JS subpages.
+** viewmywatchlist controls whether a user may view their watchlist.
+** editmywatchlist controls whether a user may edit their watchlist.
+** viewmyprivateinfo controls whether a user may access their private
+ information (e.g. registered email address, real name).
+** editmyprivateinfo controls whether a user may change their private
+ information.
+** editmyoptions controls whether a user may change their preferences.
+* Add new hook AbortTalkPageEmailNotification, this will be used to determine
+ whether to send the regular talk page email notification
+* Action classes registered in $wgActions are now also supported in the form of
+ a callback (which returns an instance of Action) instead of providing the name
+ of a subclass of Action.
+* (bug 46513) Vector: Add the collapsibleTabs script from the Vector extension.
+* Added $wgRecentChangesFlags for defining new flags for RecentChanges and
+ watchlists.
+* (bug 40518) mw.toolbar: Implemented mw.toolbar.addButtons for adding multiple
+ button objects in one call.
+* Rights used for the default protection levels ('sysop' and 'autoconfirmed')
+ are now used just for that purpose, instead of overloading other rights. This
+ allows easy granting of the ability to edit sysop-protected pages without
+ also granting the ability to protect and unprotect.
+* (bug 48256) Make brackets in section edit links accessible to CSS.
+ They are now wrapped in <span class="mw-editsection-bracket" />.
+* (bug 8480) Allow handler specific parameters in galleries (like page number)
+* jquery.client: Add detection for Opera 15 and Internet Explorer 11.
+* Change tags (used by the AbuseFilter extension) are now shown on diff pages.
+* Change tag lists (shown on recent changes, watchlist, user contributions,
+ history pages, diff pages) now include a link to Special:Tags to distinguish
+ them from edit summaries.
+* Added a new method and hook, User::isEveryoneAllowed() and
+ UserIsEveryoneAllowed, for use in situations where a "does everyone have this
+ right?" check is used to avoid more expensive checks.
+* (bug 14431) Display "(No difference)" instead of an empty diff (when comparing
+ revisions in the history or when previewing changes while editing).
+* New hook 'IsUploadAllowedFromUrl' is added which can be used to intercept uploads by
+ URL, useful for blacklisting specific URLs
+* (bug 21912) Watchlist token implementation has been refactored and
+ Special:ResetTokens was added to allow users to reset their tokens
+ instead of presenting them in Preferences.
+* Special:PrefixIndex now lets you strip the searched prefix from the displayed
+ titles. Given a list of articles named Bug1, Bug2, you can now transclude the
+ list of bug numbers using: {{Special:PrefixIndex/Bug|stripprefix=1}}.
+ The special page form received a new checkbox matching that option.
+* (bug 23580) Implement javascript callback interface "mw.hook".
+* (bug 30713) New mw.hook "wikipage.content".
+* (bug 40430) jquery.placeholder gets a new parameter to set the attribute value
+ to be used.
+* $wgHTCPMulticastRouting renamed $wgHTCPRouting since it accepts unicast.
+* $wgHTCPRouting rules can now be passed an array of hosts/ports to send purge
+ too. Can be used whenever several multicast group could be interested by a
+ specific purge.
+* (bug 25931) Add Special:RandomInCategory.
+* mediawiki.util: addPortletLink now supports passing a jQuery object as nextnode.
+* <wbr> can now be used inside WikiText.
+* WebResponse::setcookie is much more featureful. Callers using PHP's
+ setcookie() or setrawcookie() should begin using this instead.
+* New hook WebResponseSetCookie, called from WebResponse::setcookie().
+* New hook ResetSessionID, called when the session id is reset.
+* Add a mode parameter to <gallery> tag with potential options of "traditional",
+ "nolines", "packed", "packed-overlay", or "packed-hover".
+* (bug 47399) A success message is now displayed after changing the password.
+* Make thumb.php give HTTP redirects for file redirects
+* (bug 30607) Special:ListFiles can now show old versions of files. Additionally
+ Special:AllMyUploads was introduced so the user can get a list of all things
+ they have ever uploaded, even if it was subsequently overridden.
+* Introduced Special:MyFiles and Special:AllMyFiles as an alias for Special:MyUploads
+ and Special:AllMyUploads respectively.
+* IPv6 addresses in X-Forwarded-For headers are now normalised before checking
+ against allowed proxy lists.
+* Add deferrable update support for callback/closure.
+* Add TitleMove hook before page renames.
+* Revision deletion backend code is moved out of SpecialRevisiondelete
+* Added {{REVISIONSIZE}} variable to get the current size of a revision.
+* Add support for the LESS stylesheet language to ResourceLoader. LESS is a
+ stylesheet language that compiles into CSS. ResourceLoader file modules may
+ include LESS style files; ResourceLoader will compile these files into CSS
+ before sending them to the client.
+** The $wgResourceLoaderLESSVars configuration variable is an associative array
+ mapping variable names to string CSS values. These variables are considered
+ declared for all LESS files. Additional variables may be registered by
+ adding keys to the array.
+** $wgResourceLoaderLESSFunctions is an associative array of custom LESS
+ function names to PHP callables. See <http://leafo.net/lessphp/docs/#custom_functions>
+ for more details regarding custom functions.
+** $wgResourceLoaderLESSImportPaths is an array of file system paths. Files
+ referenced in LESS '@import' statements are looked up here first.
+* ResourceLoader supports hashes as module cache invalidation trigger (instead
+ of or in addition to timestamps).
+* Added $wgExtensionEntryPointListFiles for use in mergeMessageFileList.php.
+* Added a hook, APIQuerySiteInfoStatisticsInfo, to allow extensions to modify
+ the output of the API query meta=siteinfo&siprop=statistics
+* Primary keys have been added to both the archive table and the externallinks
+ tables.
+* Added $wgEnableParserLimitReporting to control whether the NewPP limit report is
+ output in a HTML comment.
+* The 'UnwatchArticle' and 'WatchArticle' hooks now support a Status object
+ instead of just a boolean return value to abort the hook.
+* Added a hook, SpecialWatchlistGetNonRevisionTypes, to allow extensions
+ with custom recentchanges entries to hook into the Watchlist without
+ clobbering each other.
+* A hidden, empty input field was added to the edit form, and any edit that fills
+ it in will be rejected. This prevents against the simplest form of spambots.
+ Previously in the "SimpleAntiSpam" extension by Ryan Schmidt.
+* populateRevisionLength.php maintenance script updated to also populate
+ archive.ar_len field.
+* (bug 43571) DatabaseMySQLBase learned to list views, optionally filtered by a
+ prefix. Also fixed PHPUnit test suite when using a MySQL backend containing
+ views.
+
+=== Bug fixes in 1.22 ===
+* (bug 47271) $wgContentHandlerUseDB should be set to false during the upgrade
+* Disable Special:PasswordReset when $wgEnableEmail is false. Previously one
+ could still navigate to the page by entering the URL directly.
+* (bug 47138) Fixed a fatal error when a blocked user tries to automatically
+ create an account on login due external authentication in some circumstances.
+* (bug 23393) HTML <hN> headings containing line breaks are now handled
+ correctly.
+* (bug 45803) Whitespace within == Headline == syntax and within <hN> headings
+ is now non-significant and not preserved in the HTML output.
+* (bug 47218) Special:BlockList now handles correctly user names with spaces
+ when passed as subpage.
+* Pager's properly validate which fields are allowed to be sorted on.
+* mw.util.tooltipAccessKeyRegexp: The regex now matches "option-" as well.
+ Support for Mac "option" was added in 1.16, but the regex was never updated.
+* (bug 46768) Usernames of blocking users now display correctly, even if numeric.
+* (bug 39590) Self-transclusions now show the most up to date result always
+ after save instead of being a revision behind.
+* A bias in wfRandomString() toward digits 1-7 has been corrected. Generated
+ strings will now start with digits 0 and 8-f as often as they should.
+* (bug 45371) Removed Parser_LinkHooks and CoreLinkFunctions classes.
+* (bug 41545) Allow <kbd>, <samp>, and <var> to be nested like allowed in html.
+* PLURAL magic word no longer causes a PHP notice when no matching form exists.
+* (bug 36641) Patrol page links no longer show on non-existent revisions.
+* (bug 35810) Pages not linked from Special:RecentChanges or Special:NewPages
+ are patrollable now.
+* (bug 30213) JavaScript for search suggestions is now disabled when the API
+ is disabled, and AJAX patrolling and watching are now disabled when use of
+ the write API is not allowed.
+* (bug 48294) API: Fix chunk upload async mode.
+* (bug 46749) Broken files tracking category removed from pages if an image
+ with that name is uploaded.
+* (bug 14176) System messages that are empty were previously incorrectly treated
+ as non-existent, causing a fallback to the default. This stopped users from
+ overriding system messages to make them blank.
+* (bug 48319) action=parse no longer returns an error if passed none of 'oldid',
+ 'pageid', 'page', 'title', and 'text' (e.g. if only passed 'summary'). A
+ warning will instead be issued if 'title' is non-default, unless no props are
+ requested.
+* Special:Recentchangeslinked will now include upload log entries
+* (bug 41281) Fixed ugly output if file size could not be extracted for multi-page media.
+* (bug 50315) list=logevents API module will now output log entries by anonymous users.
+* (bug 38911) Handle headers with rowspan in jquery.tablesorter
+* (bug 658) Converted the table of contents on wiki pages from <table> to <div>
+ and adjusted skin CSS accordingly. The CSS was carefully crafted to be
+ backwards-compatible in all reasonable cases (uses of the __TOC__ magic word,
+ the #toc CSS id and the .toc CSS class). However, particularly bad abuse of
+ the id or the class can possibly break.
+* CSSJanus now supports rgb, hsl, rgba, and hsla color syntaxes.
+* Special:Listfiles can no longer be sorted by image name when filtering
+ by user in miser mode.
+* (bug 49074) CSSJanus: Handle values of border-radius correctly.
+* Handle relative inclusions ({{../name}}) in main namespace with subpages
+ enabled correctly (previously MediaWiki tried to include Template:Parent/name
+ instead of just Parent/name).
+* Added $wgAPIUselessQueryPages to allow extensions to flag their query pages
+ for non-inclusion in ApiQueryQueryPages.
+* (bug 50870) mediawiki.notification: Notification area should remain visible
+ when scrolled down.
+* (bug 13438) Special:MIMESearch no longer an expensive special page.
+* (bug 48342) Fixed a fatal error when $wgValidateAllHtml is set to true and
+ the function apache_request_headers() function is not available.
+* (bug 33399) LivePreview: Re-run wikipage content handlers
+ (jquery.makeCollapsible, jquery.tablesorter) after preview content is loaded.
+* (bug 51891) Fixed PHP notice on Special:PagesWithProp when no properties
+ are defined.
+* (bug 52006) Corrected documentation of $wgTranscludeCacheExpiry.
+* (bug 52077) The APIEditBeforeSave hook is giving the content of the whole
+ revision as second argument now, rather than just the current section.
+* (bug 49694) $wgSpamRegex is now also applied on the new section headline text
+ adding a new topic on a page
+* (bug 41756) Improve treatment of multiple comments on a blank line.
+* (bug 51064) Purge upstream caches when deleting file assets.
+* (bug 39012) File types with a mime that we do not know the extension for
+ can no longer be uploaded as an extension that we do know the mime type
+ for.
+* (bug 51742) Add data-sort-value for better sorting of hitcounts Special:Tags
+* (bug 26811) On DB error pages, server hostnames are now hidden when both
+ $wgShowHostnames and $wgShowSQLErrors are false.
+* (bug 6200) line breaks in <blockquote> are handled like they are in <div>
+* (bug 14931) Default character set now set to 'utf8' when a new MySQL
+ database is created.
+* (bug 47191) Fixed "Column 'si_title' cannot be part of FULLTEXT index"
+ MySQL error when installing using the binary character set option.
+* (bug 45288) Support mysqli PHP extension
+* (bug 55818) BREAKING CHANGE: Removed undocumented 'Debug' hook in wfDebug.
+ This resolves an infinite loop when using $wgDebugFunctionEntry = true.
+* (bug 56707) Correct tooltip of "Next n results" on query special pages.
+* (bug 56770) mw.util.addPortletLink: Check length before access array index.
+
+=== API changes in 1.22 ===
+* (bug 25553) The JSON output formatter now leaves forward slashes unescaped
+ to improve human readability of URLs and similar strings. Also, a "utf8"
+ option is now provided to use UTF-8 encoding instead of hex escape codes
+ for most non-ASCII characters.
+* (bug 46626) xmldoublequote parameter was removed. Because of a bug, the
+ parameter has had no effect since MediaWiki 1.16, and so its removal is
+ unlikely to impact existing clients.
+* (bug 47216) action=query&meta=siteinfo&siprop=skins will now indicate which
+ skin is the default and which are unusable (e.g. listed in $wgSkipSkins).
+* (bug 25325) Added support for wlshow filtering (bots/anon/minor/patrolled)
+ to action=feedwatchlist.
+* WDDX formatted output will actually be formatted (and normal output will no
+ longer be), and will no longer choke on booleans.
+* action=opensearch no longer silently ignores the format parameter.
+* action=opensearch now supports format=jsonfm.
+* list=usercontribs&ucprop=ids will now include the parent revision id.
+* BREAKING CHANGE: action=parse no longer returns all langlinks for the page
+ with prop=langlinks by default. The new effectivelanglinks parameter will
+ request that the LanguageLinks hook be called to determine the effective
+ language links.
+* BREAKING CHANGE: list=allpages, list=langbacklinks, and prop=langlinks do not
+ apply the new LanguageLinks hook, and thus only consider language links
+ stored in the database.
+* (bug 47219) Allow specifying change type of Wikipedia feed items
+* prop=imageinfo now allows setting iiurlheight without setting iiurlwidth
+* prop=info now adds the content model and page language of the title.
+* New upload log entries will now contain information on the relevant
+ image (sha1 and timestamp).
+* (bug 49239) action=parse now can parse in preview and section preview modes.
+* (bug 49259) action=patrol now accepts revision ids.
+* (bug 48129) list=blocks&bkip= now correctly handles IPv6 CIDR ranges and
+ honors $wgBlockCIDRLimit. Note any clients passing invalid values to bkip
+ will now receive an error, rather than the previous behavior listing all
+ user blocks.
+* (bug 48201) action=parse&text=foo now assumes wikitext if no title is given,
+ rather than using the content model of the page "API".
+* action=watch no longer silently ignores hook abort.
+* (bug 50785) action=purge with forcelinkupdate=1 no longer queues refreshLinks
+ jobs in the job queue for link table updates of pages that use the given page
+ as a template. Instead, forcerecursivelinkupdate=1 is introduced and should
+ be used if that behaviour is desirable.
+* The 'debugLog' property (enabled by $wgDebugToolbar) no longer sets the log
+ entry values through ApiResult::content but directly. This changes the JSON
+ output from an array of objects with content in '*' to an array of strings
+ with the content.
+* (bug 51342) prop=imageinfo iicontinue now contains the dbkey, not the text
+ version of the title.
+* (bug 52538) action=edit will now use empty text instead of the contents
+ of section 0 when passed prependtext or appendtext with section=new.
+* Support for the 'gettoken' parameter to action=block and action=unblock,
+ deprecated since 1.20, has been removed.
+* (bug 49090) Token-getting functions will fail when using jsonp callbacks.
+* (bug 52699) action=upload returns normalized file name on warning
+ "exists-normalized" instead of filename to be uploaded to.
+* (bug 53884) action=edit will now return an error when the specified section
+ does not exist in the page.
+* Added meta=filerepoinfo API module for getting information about foreign
+ file repositories, and related ForeignAPIRepo methods getInfo and getApiUrl.
+* The new query module list=allfileusages to enumerate file usages was added.
+
+=== Languages updated in 1.22 ===
+
+MediaWiki supports over 350 languages. Many localisations are updated
+regularly. Below only new and removed languages are listed, as well as
+changes to languages because of Bugzilla reports.
+
+* Batak Toba (bbc-latn) added.
+* (bug 46751) Made Buryat (Russia) (буряад) (bxr) fallback to Russian.
+
+=== Other changes in 1.22 ===
+* BREAKING CHANGE: Implementation of MediaWiki's JS and JSON value encoding
+ has changed:
+** MediaWiki no longer supports PHP installations in which the native JSON
+ extension is missing or disabled.
+** XmlJsCode objects can no longer be nested inside objects or arrays.
+ (For Xml::encodeJsCall(), this individually applies to each argument.)
+** The sets of characters escaped by default, along with the precise escape
+ sequences used, have changed (except for the Xml::escapeJsString()
+ function, which is now deprecated).
+* BREAKING CHANGE: The Services_JSON class has been removed. If necessary,
+ be sure to upgrade affected extensions at the same time (e.g. Collection).
+* redirect.php was removed. It was unused.
+* ClickTracking integration was dropped from the mediaWiki.user.bucket
+ JavaScript function. The 'tracked' option is now ignored.
+* BREAKING CHANGE: Legacy skins Simple, MySkin, Chick, Standard and Nostalgia
+ were all removed. (Nostalgia was moved to an extension.) The SkinLegacy and
+ LegacyTemplate classes that supported them were removed as well and are now a
+ part of the Nostalgia extension.
+* Event namespace used by jquery.makeCollapsible has been changed from
+ 'mw-collapse' to 'mw-collapsible' for consistency with the module name.
+* BREAKING CHANGE: The "ExternalAuth" authentication subsystem was removed, along
+ with its associated globals of $wgExternalAuthType, $wgExternalAuthConf,
+ $wgAutocreatePolicy and $wgAllowPrefChange. Affected users are encouraged to
+ use AuthPlugin for external authentication/authorization needs.
+* The Quickbar feature of the legacy skin model and the last remnants of it
+ throughout the code base have been removed.
+* Externaledit/externaldiff preference was removed. Very few users used this
+ feature, and improper configuration can actually prevent a user from editing
+* Calling Linker methods using a skin will now output deprecation warnings.
+* (bug 46680) "Return to" links are no longer tagged with rel="next".
+* BREAKING CHANGE: mw.util.tooltipAccessKeyRegexp: The match group for the
+ accesskey character is now $6 instead of $5.
+* HipHop compiler (hphpc) support was removed. HipHop VM support (hhvm) was
+ added.
+* A new Special:Redirect page was added, providing lookup by revision ID,
+ user ID, or file name. The old Special:Filepath page was reimplemented
+ to redirect through Special:Redirect.
+* Monobook: Removed the old conditional stylesheets for Opera 6, 7 and 9.
+* Support for XHTML 1.0 has been removed. MediaWiki now only outputs (X)HTML5.
+* wikibits: User-agent related globals have been deprecated. The following
+ properties now default to false and emit mw.log.warn: is_gecko, is_chrome_mac,
+ is_chrome, webkit_version, is_safari_win, is_safari, webkit_match, is_ff2,
+ ff2_bugs, is_ff2_win, is_ff2_x11, opera95_bugs, opera7_bugs, opera6_bugs,
+ is_opera_95, is_opera_preseven, is_opera, and ie6_bugs.
+* (bug 48276) MediaWiki will now flash a confirmation message upon successfully
+ editing a page.
+* (bug 40785) mediawiki.legacy.ajax has been marked as deprecated. The following
+ properties now emit mw.log.warn when accessed: sajax_debug, sajax_init_object,
+ sajax_do_call and wfSupportsAjax.
+* BREAKING CHANGE: meta keywords are no longer supported. A <meta name="keywords"
+ will no longer be output and OutputPage::addKeyword no longer exists.
+* Methods Title::userCanEditCssSubpage and Title::userCanEditJsSubpage,
+ deprecated since 1.19, have been removed.
+* (bug 50134) Hook functions are no longer required to return a value. When a
+ hook function does not return a value (or when it returns an explicit null),
+ processing continues. To abort the hook, a hook function must return an
+ explicit, boolean false or a string error message. Other falsey values are
+ tantamount to a 'return true' in earlier versions of MediaWiki.
+* BREAKING CHANGE: The EditSectionLink hook was removed after being
+ deprecated since MediaWiki 1.14. Use DoEditSectionLink instead.
+* (bug 48256) The 'editsection-brackets' optional message was removed.
+ Section edit links' brackets can now be customized using CSS by
+ styling span.mw-editsection-bracket.
+* The usePatrol function in ChangesList has been marked as deprecated.
+* (bug 50785) A "null edit", that is, a save action in which no changes to the
+ page text are made and no revision recorded, will no longer send refreshLinks
+ jobs to the job table to update pages which use the edited page as a template.
+* The LivePreviewPrepare and LivePreviewDone events triggered on "jQuery( mw )"
+ have been deprecated in favour of using mw.hook.
+* The 'showjumplinks' user preference has been removed, jump links are now
+ always included.
+* Methods RecentChange::notifyRC2UDP, RecentChange::sendToUDP, and
+ RecentChange::cleanupForIRC have been deprecated, as it is now the
+ responsibility of classes implementing the RCFeedFormatter and RCFeedEngine
+ interfaces to implement the formatting and delivery for recent change
+ notifications.
+* SpecialPrefixindex methods namespacePrefixForm() and showPrefixChunk() have
+ been made protected. They were accepting form variance arguments, this is now
+ using properties in the SpecialPrefixindex class.
+* (bug 50310) BREAKING CHANGE: wikibits: Drop support for mwCustomEditButtons.
+ It defaults to an empty array and emits mw.log.warn when accessed.
+* BREAKING CHANGE: Special:Disambiguations has been removed from MediaWiki core.
+ Functions related to disambiguation pages are now handled by the Disambiguator
+ extension (https://www.mediawiki.org/wiki/Extension:Disambiguator) (bug
+ 35981).
+* BREAKING CHANGE: The 'mediawiki.legacy.wikiprintable' module has been removed.
+ The skins/common/wikiprintable.css file no longer exists. Return value of
+ Skin#commonPrintStylesheet is ignored. Please use the 'mediawiki.legacy.commonPrint'
+ module instead or base your skin on SkinTemplate.
+* (bug 49629) The hook ExtractThumbParameters has been deprecated in favour
+ of media handler overriding MediaHandler::parseParamString.
+* (bug 46512) The collapsibleNav feature from the Vector extension has been moved
+ to the Vector skin in core.
+* SpecialRecentChanges::addRecentChangesJS() function has been renamed
+ to addModules() and made protected.
+* Methods WatchAction::doWatch and WatchAction::doUnwatch now return a Status
+ object instead of a boolean.
+* Information boxes (CSS classes errorbox, warningbox, successbox) have been
+ made more subtle.
+* BREAKING CHANGE: The module 'mediawiki.legacy.IEFixes' has been removed as it was
+ unused. The file skins/common/IEFixes.js remains but is only used by wikibits.
+ The file never contained any re-usable components. To use it in a skin, load
+ 'mediawiki.legacy.wikibits' (which IEFixes depends on) and that will import
+ IEFixes automatically if user agent conditions are met.
+* Code specific to the Math extension was marked as deprecated.
+* mediawiki.util: mw.util.wikiGetlink has been renamed to getUrl. (The old name
+ still works, but is deprecated.)
+
+= MediaWiki 1.21 =
+
+== MediaWiki 1.21.11 ==
+This is a security and maintenance release of the MediaWiki 1.21 branch.
+
+=== Changes since 1.21.10 ===
+* (bug 65839) SECURITY: Prevent external resources in SVG files.
+* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like only extracting the tail of the file partially or not at all.
+
+== MediaWiki 1.21.10 ==
+This is a security and maintenance release of the MediaWiki 1.21 branch.
+
+=== Changes since 1.21.9 ===
+* (bug 65501) SECURITY: Don't parse usernames as wikitext on Special:PasswordReset.
+* (bug 36356) Add space between two feed links.
+
+== MediaWiki 1.21.9 ==
+This is a security and maintenance release of the MediaWiki 1.21 branch.
+
+=== Changes since 1.21.8 ===
+* (bug 63251) SECURITY: Escape sortKey in pageInfo.
+* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to appear blank or with missing text.
+
+== MediaWiki 1.21.8 ==
+This is a security and maintenance release of the MediaWiki 1.21 branch.
+
+=== Changes since 1.21.7 ===
+* (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword.
+* (bug 62467) Set a title for the context during import on the cli.
+
+== MediaWiki 1.21.7 ==
+This is a maintenance release of the MediaWiki 1.21 branch.
+
+=== Changes since 1.21.6 ===
+* Use the correct branch of the extensions' git repositories.
+
+== MediaWiki 1.21.6 ==
+This is a security release of the MediaWiki 1.21 branch.
+
+=== Changes since 1.21.5 ===
+* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. * User will get an error including the namespace name if they use a non- whitelisted namespace.
+* (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time.
+* (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.
+
+== MediaWiki 1.21.5 ==
+This is a security release of the MediaWiki 1.21 branch.
+
+=== Changes since 1.21.4 ===
+* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media formats
+
+== MediaWiki 1.21.4 ==
+This is a security release of the MediaWiki 1.21 branch.
+
+=== Changes since 1.21.3 ===
+* (bug 57550) SECURITY: Disallow stylesheets in SVG Uploads
+* (bug 58088) SECURITY: Don't normalize U+FF3C to \ in CSS Checks
+* (bug 58472) SECURITY: Disallow -o-link in styles
+* (bug 58553) SECURITY: Return error on invalid XML for SVG Uploads
+* (bug 58699) SECURITY: Fix RevDel log entry information leaks
+
+== MediaWiki 1.21.3 ==
+This is a security and maintenance release of the MediaWiki 1.21 branch.
+
+=== Changes since 1.21.2 ===
+* (bug 53032) SECURITY: Don't cache when a call could autocreate
+* (bug 55332) SECURITY: Improve css javascript detection
+* (bug 49717) Fix behaviour $wgVerifyMimeType = false; in Upload
+* Fix comma errors in various js files
+* Translations
+
+== MediaWiki 1.21.2 ==
+This is a security and maintenance release of the MediaWiki 1.21 branch.
+
+=== Changes since 1.21.1 ===
+* SECURITY: Fix extension detection with 2 .'s
+* SECURITY: Support for the 'gettoken' parameter to action=block and action=unblock, deprecated since 1.20, has been removed.
+* SECURITY: Sanitize ResourceLoader exception messages
+* Purge upstream caches when deleting file assets.
+* Unit test suite now runs the AutoLoader tests. Also fixed the autoloading entry for the PageORMTableForTesting class though it had no impact.
+
+== MediaWiki 1.21.1 ==
+This is a maintenance release of the MediaWiki 1.21 branch.
+
+=== Changes since 1.21.0 ===
+* An incorrect version number was used for 1.21.0. 1.21.1 has the correct number.
+* A problem with the Oracle SQL table creation was fixed.
+* (PdfHandler extension) Fix warning if pdfinfo fails but pdftext succeeds.
+
+== MediaWiki 1.21.0 ==
+
+=== Configuration changes in 1.21 ===
+* (bug 29374) $wgVectorUseSimpleSearch is now enabled by default.
+* Deprecated $wgAllowRealName is removed. Use $wgHiddenPrefs[] = 'realname'
+ instead.
+* (bug 39957) Added $wgUnwatchedPageThreshold, specifying minimum count
+ of page watchers required for the number to be accessible to users
+ without the unwatchedpages permission.
+* $wgBug34832TransitionalRollback has been removed.
+* (bug 29472) $wgUseDynamicDates has been removed and its functionality
+ disabled.
+
+=== New features in 1.21 ===
+* (bug 38110) Schema changes (adding or dropping tables, indices and
+ fields) can be now be done separately from other changes that
+ update.php makes. This is useful in environments that use database
+ permissions to restrict schema changes but allow the DB user that
+ MediaWiki normally runs as to perform other changes that update.php
+ makes. Schema changes can be run separately. See the file UPGRADE
+ for more information.
+* (bug 34876) jquery.makeCollapsible has been improved in performance.
+* Added ContentHandler facility to allow extensions to support other content
+ than wikitext. See docs/contenthandler.txt for details.
+* New feature was developed for showing high-DPI thumbnails for high-DPI mobile
+ and desktop displays (configurable with $wgResponsiveImages).
+* Added new backend to represent and store information about sites and site
+ specific configuration.
+* jQuery upgraded from 1.8.2 to 1.8.3.
+* jQuery UI upgraded from 1.8.23 to 1.8.24.
+* Added separate fa_sha1 field to filearchive table. This allows sha1
+ searches with the api in miser mode for deleted files.
+* Add initial and programmatic sorting for tablesorter.
+* Add the event "sortEnd.tablesorter", triggered after sorting has completed.
+* The Job system was refactored to allow for different backing stores for
+ queues as well as cross-wiki access to queues, among other things. The schema
+ for the DB queue was changed to support better concurrency and reduce
+ deadlock errors.
+* Added ApiQueryORM class to facilitate creation of query API modules based on
+ tables that have a corresponding ORMTable class.
+* (bug 40876) Icon for PSD (Adobe Photoshop) file types.
+* (bug 40641) Implemented Special:Version/Credits with a list of contributors.
+* (bug 7851) Implemented one-click AJAX patrolling.
+* The <data>, <time>, <meta>, and <link> elements are allowed within WikiText
+ for use with Microdata.
+* The HTML5 <mark> tag has been whitelisted.
+* Added ParserCloned hook for when the Parser object is cloned.
+* Added AlternateEditPreview hook to allow extensions to replace the page
+ preview from the edit page.
+* Added EditPage::showStandardInputs:options hook to allow extensions to add
+ new fields to the "editOptions" area of the edit form.
+* Upload stash DB schema altered to improve upload performance.
+* The following global functions are now reporting deprecated warnings in
+ debug mode: wfMsg, wfMsgNoTrans, wfMsgForContent, wfMsgForContentNoTrans,
+ wfMsgReal, wfMsgGetKey, wfMsgHtml, wfMsgWikiHtml, wfMsgExt, wfEmptyMsg. Use
+ the Message class, or the global method wfMessage.
+* Added $wgEnableCanonicalServerLink, off by default. If enabled, a
+ <link rel=canonical> tag is added to every page indicating the correct server
+ to use.
+* Debug message emitted by wfDebugLog() will now be prefixed with the group
+ name when its logged to the default log file. That is the case whenever the
+ group has no key in wgDebugLogGroups, that will help triage the default log.
+* (bug 24620) Add types to LogFormatter.
+* jQuery JSON upgraded from 2.3 to 2.4.0.
+* Added GetDoubleUnderscoreIDs hook, for modifying the list of magic words.
+* DatabaseUpdater class has two new methods to ease extensions schema changes:
+ dropExtensionIndex and renameExtensionIndex.
+* New preference type - 'api'. Preferences of this type are not shown on
+ Special:Preferences, but are still available via the action=options API.
+* (bug 39397) Hide rollback link if a user is the only contributor of the page.
+* $wgPageInfoTransclusionLimit limits the list size of transcluded articles
+ on the info action. Default is 50.
+* Added action=createaccount to allow user account creation.
+* (bug 40124) action=options API also allows for setting of arbitrary
+ preferences, provided that their names are prefixed with 'userjs-'. This
+ officially reenables the feature that was undocumented and defective
+ in MW 1.20 (saving preferences using Special:Preferences cleared any
+ additional fields) and which has been disabled in 1.20.1 as a part of
+ a security fix (bug 42202).
+* Added option to specify "others" as author in extension credits using
+ "..." as author name.
+* Added the ability to limit the wall clock time used by shell processes,
+ as well as the CPU time. Configurable with $wgMaxShellWallClockTime.
+* Allow memory of shell subprocesses to be limited using Linux cgroups
+ instead of ulimit -v, which tends to cause deadlocks in recent versions
+ of ImageMagick. Configurable with $wgShellCgroup.
+* Added $wgWhitelistReadRegexp for regex whitelisting.
+* (bug 5346) Categories that are redirects will be displayed italic in
+ the category links section at the bottom of a page.
+* (bug 43915) New maintenance script deleteEqualMessages.php.
+* You can now create checkbox option matrices through the HTMLCheckMatrix
+ subclass in HTMLForm.
+* WikiText now permits the use of WAI-ARIA's role="presentation" inside of
+ html elements and tables. This allows presentational markup, especially
+ tables. To be marked up as such.
+* maintenance/sql.php learned the --cluster option. Let you run the script
+ on some external cluster instead of the primary cluster for a given wiki.
+* (bug 20281) test the parsing of inline URLs.
+* Added Special:PagesWithProp, which lists pages using a particular page property.
+* Implemented language-specific collations for category sorting for 67 languages
+ based in latin, greek and cyrillic alphabets. This allows one to *finally* get
+ articles to be correctly sorted on category pages. They are named
+ 'uca-<langcode>', where <langcode> is one of: af, ast, az, be, bg, br, bs, ca,
+ co, cs, cy, da, de, dsb, el, en, eo, es, et, eu, fi, fo, fr, fur, fy, ga, gd,
+ gl, hr, hsb, hu, is, it, kk, kl, ku, ky, la, lb, lt, lv, mk, mo, mt, nl, no,
+ oc, pl, pt, rm, ro, ru, rup, sco, sk, sl, smn, sq, sr, sv, tk, tl, tr, tt, uk,
+ uz, vi.
+* Added 'CategoryAfterPageAdded' and 'CategoryAfterPageRemoved' hooks.
+* Added 'HistoryRevisionTools' and 'DiffRevisionTools' hooks.
+* Added 'SpecialSearchResultsPrepend' and 'SpecialSearchResultsAppend' hooks.
+* (bug 33186) Add image rotation api "imagerotate"
+* (bug 34040) Add "User rights management" link on user page toolbox.
+* (bug 45526) Add QUnit assertion helper "QUnit.assert.htmlEqual" for asserting
+ structual equality of HTML (ignoring insignificant differences like
+ quotmarks, order and whitespace in the attribute list).
+* (bug 23393) HTML <hN> headings containing line breaks are now handled
+ correctly.
+* (bug 45803) Whitespace within == Headline == syntax and within <hN> headings
+ is now non-significant and not preserved in the HTML output.
+
+=== Bug fixes in 1.21 ===
+* (bug 40353) SpecialDoubleRedirect should support interwiki redirects.
+* (bug 40352) fixDoubleRedirects.php should support interwiki redirects.
+* (bug 9237) SpecialBrokenRedirect should not list interwiki redirects.
+* (bug 34960) Drop unused fields rc_moved_to_ns and rc_moved_to_title from
+ recentchanges table.
+* (bug 32951) Do not register internal externals with absolute protocol,
+ when server has relative protocol.
+* (bug 39005) When purging proxies listed in $wgSquidServers using HTTP PURGE
+ method requests, we now send a Host header by default, for Varnish
+ compatibility. This also works with Squid in reverse-proxy mode. If you wish
+ to support Squid configured in forward-proxy mode, set
+ $wgSquidPurgeUseHostHeader to false.
+* (bug 37020) sql.php with readline eats semicolon.
+* (bug 11748) Properly handle optionally-closed HTML tags when Tidy is
+ disabled, and don't wrap HTML-syntax definition lists in paragraphs.
+* (bug 41409) Diffs while editing an old revision should again diff against the
+ current revision.
+* (bug 41494) Honor $wgLogExceptionBacktrace when logging non-API exceptions
+ caught during API execution.
+* (bug 37963) Fixed loading process for user options.
+* (bug 26995) Update filename field on Upload page after having sanitized it.
+* (bug 41793) Contribution links to users with 0 edits on Special:ListUsers
+ didn't show up red.
+* (bug 41899) A PHP notice no longer occurs when using the "rvcontinue" API
+ parameter.
+* (bug 42036) Account creation emails now contain canonical (not
+ protocol-relative) URLs.
+* (bug 41990) Fix regression: API edit with redirect=true and lacking
+ starttimestamp and basetimestamp should not cause an edit conflict.
+* (bug 41706) EditPage: Preloaded page should be converted if possible and
+ needed.
+* (bug 41886) Rowspans are no longer exploded by tablesorter until the table is
+ actually sorted.
+* (bug 2865) User interface HTML elements don't use lang attribute.
+ (completed the fix by adding the lang attribute to firstHeading).
+* (bug 42173) Removed namespace prefixes on Special:UncategorizedCategories.
+* (bug 36053) Log in "returnto" feature forgets query parameters if no
+ title parameter was specified.
+* (bug 42410) API action=edit now returns correct timestamp for the new edit.
+* (bug 14901) Email notification mistakes log action for new page creation.
+ Enotif no longer sends "page has been created" notifications for some log
+ actions. The following events now have a correct message: page creation,
+ deletion, move, restore (undeletion), change (edit). Parameter
+ $CHANGEDORCREATED is deprecated in 'enotif_body' and scheduled for removal in
+ MediaWiki 1.23.
+* (bug 457) In the sidebar of Vector, CologneBlue, Monobook, and Monobook-based
+ skins, the heading levels have been changed from (variously per skin)
+ <h4>, <h5> or <h6> to only <h3>s, with a <h2> hidden heading above them.
+ If you are styling or scripting the headings in a custom way, this change
+ will require updates to your site's CSS or JS.
+* (bug 41342) jquery.suggestions should cancel any active (async) fetches
+ before it triggers another fetch.
+* (bug 42184) $wgUploadSizeWarning missing second variable.
+* (bug 34581) removeUnusedAccounts.php maintenance script now ignores newuser
+ log when determining whether an account is used.
+* (bug 43379) Gracefully fail if rev_len is unavailable for a revision on the
+ History page.
+* (bug 42949) API no longer assumes all exceptions are MWException.
+* (bug 41733) Hide "New user message" (.usermessage) element from printable view.
+* (bug 39062) Special:Contributions will display changes that don't have
+ a parent id instead of just an empty bullet item.
+* (bug 37209) "LinkCache doesn't currently know about this title" error fixed.
+* wfMerge() now works if $wgDiff3 contains spaces
+* (bug 43052) mediawiki.action.view.dblClickEdit.dblClickEdit should trigger
+ ca-edit click instead opening URL directly.
+* (bug 43964) Invalid value of "link" parameter in <gallery> no longer produces
+ a fatal error.
+* (bug 44775) The username field is not pre-filled when creating an account.
+* (bug 45069) wfParseUrl() no longer produces a PHP notice if passed a "mailto:"
+ URL without address
+* (bug 45012) Creating an account by e-mail can no longer show a
+ "password mismatch" error.
+* (bug 44599) On Special:Version, HEADs for submodule checkouts (e.g. for
+ extensions) performed using Git 1.7.8+ should now appear.
+* (bug 42184) $wgUploadSizeWarning missing second variable
+* (bug 40326) Check if files exist with a different extension during uploading
+* (bug 34798) Updated CSS for Atom/RSS recent changes feeds to match on-wiki diffs.
+* (bug 42430) Calling numRows on MySQL no longer propagates unrelated errors.
+* (bug 44719) Removed mention of non-existing maintenance/migrateCurStubs.php
+ script in includes/DefaultSettings.php
+* (bug 45143) jquery.badge: Treat non-Latin variants of zero as zero as well.
+* (bug 46151) mwdocgen.php should not ignore exit code of doxygen command.
+* (bug 41889) Fix $.tablesorter rowspan exploding for complex cases.
+
+=== API changes in 1.21 ===
+* prop=revisions can now report the contentmodel and contentformat.
+ See docs/contenthandler.txt.
+* action=edit and action=parse now support contentmodel and contentformat
+ parameters to control the interpretation of page content.
+ See docs/contenthandler.txt for details.
+* (bug 35693) ApiQueryImageInfo now suppresses errors when unserializing metadata.
+* (bug 40111) Disable minor edit for page/section creation by API.
+* (bug 41042) Revert change to action=parse&page=... behavior when the page
+ does not exist.
+* (bug 27202) Add timestamp sort to list=allimages.
+* (bug 43137) Don't return the sha1 of revisions through the API if the content is
+ revision-deleted.
+* ApiQueryImageInfo now also returns imageinfo for redirects.
+* list=alltransclusions added to enumerate every instance of page embedding
+* list=alllinks & alltransclusions now allow both 'from' and 'continue' in
+ the same query. When both are present, 'from' is simply ignored.
+* list=alllinks & alltransclusions now allow 'unique' in generators, to yield
+ a list of all link/template target pages instead of source pages.
+* BREAKING CHANGE: list=logevents output format changed for details of some log
+ types. Specifically, details that were formerly reported under a key like
+ "4::foo" will now be reported under a key of simply "foo".
+* BREAKING CHANGE: '??_badcontinue' error code was changed to '??badcontinue'
+ for all query modules.
+* ApiQueryBase adds 'badcontinue' error code if module has 'continue' parameter.
+* (bug 35885) Removed version parameter and all getVersion() methods.
+* action=options now takes a "resetkinds" option, which allows only resetting
+ certain types of preferences when the "reset" option is set.
+* (bug 36751) ApiQueryImageInfo now returns imageinfo for the redirect target
+ when queried with &redirects=.
+* (bug 31849) ApiQueryImageInfo no longer gets confused when asked for info on
+ a redirect and its target.
+* (bug 43849) ApiQueryImageInfo no longer throws exceptions with ForeignDBRepo
+ redirects.
+* On error, any warnings generated before that error will be shown in the result.
+* action=help supports generalized submodules (modules=query+value), querymodules obsolete
+* ApiQueryImageInfo continuation is more reliable. The only major change is
+ that the imagerepository property will no longer be set on page objects not
+ processed in the current query (i.e. non-images or those skipped due to
+ iicontinue).
+* Add supports for all pageset capabilities - generators, redirects, converttitles to
+ action=purge and action=setnotificationtimestamp.
+* (bug 43251) prop=pageprops&ppprop= now accepts multiple props to query.
+* ApiQueryImageInfo will now limit the number of calls to File::transform made
+ in any one query. If there are too many, iicontinue will be returned.
+* action=query&meta=siteinfo&siprop=general will now return the regexes used for
+ link trails and link prefixes. Added for Parsoid support.
+* Added an API query module list=pageswithprop, which lists pages using a
+ particular page property.
+* Added an API query module list=pagepropnames, which lists all page prop names
+ currently in use on the wiki.
+* (bug 44921) ApiMain::execute() will now return after the CORS check for an
+ HTTP OPTIONS request.
+* (bug 44923) action=upload works correctly if the entire file is uploaded in
+ the first chunk.
+* Added 'continue=' parameter to streamline client iteration over complex query results
+* (bug 44909) API parameters may now be marked as type "upload", which is now
+ used for action=upload's 'file' and 'chunk' parameters. This type will raise
+ an error during parameter validation if the parameter is given but not
+ recognized as an uploaded file.
+* (bug 44244) prop=info may now return the number of people watching each page.
+* (bug 33304) list=allpages will no longer return duplicate entries when
+ querying protection.
+* (bug 33304) list=allpages will now find really old indefinite protections.
+* (bug 45937) meta=allmessages will report a syntactically invalid lang as a
+ proper error instead of as an uncaught exception.
+* (bug 25325) added support for wlshow filtering (bots/anon/minor/patrolled)
+ to action=feedwatchlist
+* WDDX formatted output will actually be formatted (and normal output will no
+ longer be), and will no longer choke on booleans.
+
+=== API internal changes in 1.21 ===
+* For debugging only, a new global $wgDebugAPI removes many API restrictions when true.
+ Never use on the production servers, as this flag introduces security holes.
+ Whenever enabled, a warning will also be added to all output.
+* ApiModuleManager now handles all submodules (actions,props,lists) and instantiation
+* Query stores prop/list/meta as submodules
+* ApiPageSet can now be used in any action to process titles/pageids/revids or any generator.
+* BREAKING CHANGE: ApiPageSet constructor now has two params instead of three, with only the
+ first one keeping its meaning. ApiPageSet is now derived from ApiBase.
+* BREAKING CHANGE: ApiQuery::newGenerator() and executeGeneratorModule() were deleted.
+* ApiQueryGeneratorBase::setGeneratorMode() now requires a pageset param.
+* $wgAPIGeneratorModules is now obsolete and will be ignored.
+* Added flags ApiResult::OVERRIDE and ADD_ON_TOP to setElement() and addValue()
+* Internal API calls will now include <warnings> in case of unused parameters
+
+=== Languages updated in 1.21 ===
+
+MediaWiki supports over 350 languages. Many localisations are updated
+regularly. Below only new and removed languages are listed, as well as
+changes to languages because of Bugzilla reports.
+
+* South Azerbaijani (azb) added.
+* (bug 30040) Autonym for nds-nl is now 'Nedersaksies' (was 'Nedersaksisch').
+* (bug 45436) Autonym for pi (Pali) is now 'पालि' (was ''पाळि').
+* (bug 34977) Now formatted numbers in Spanish use space as separator
+ for thousands, as mandated by the Real Academia Española.
+* (bug 35031) Kurdish formatted numbers now use period and comma
+ as separators for thousands and decimals respectively.
+
+=== Other changes in 1.21 ===
+* BREAKING CHANGE: (bug 44385) Removed the jquery.collapsibleTabs module and
+ moved it to the Vector extension. It was entirely Vector-extension-specific,
+ deeply interconnected with the extension, and this functionality really
+ belongs to the extension instead of the skin anyway. In the unlikely case you
+ were using it, you have to either copy it to your extension, or install the
+ Vector extension (and possibly disable its features using config settings if
+ you don't want them).
+* Experimental IBM DB2 support was removed due to lack of interest and maintainership
+* BREAKING CHANGE: Filenames of maintenance scripts were standardized into
+ lowerCamelCase format, and made more explicit:
+ - clear_stats.php -> clearCacheStats.php
+ - clear_interwiki_cache.php -> clearInterwikiCache.php
+ - initStats.php -> initSiteStats.php
+ - proxy_check.php -> proxyCheck.php
+ - stats.php -> showCacheStats.php
+ - showStats.php -> showSiteStats.php.
+ Class names were renamed accordingly:
+ - clear_stats -> ClearCacheStats
+ - InitStats -> InitSiteStats
+ - CacheStats -> ShowCacheStats
+ - ShowStats -> ShowSiteStats.
+* BREAKING CHANGE: (bug 38244) Removed the mediawiki.api.titleblacklist module
+ and moved it to the TitleBlacklist extension.
+
+= MediaWiki 1.20 =
+
+== MediaWiki 1.20.8 ==
+This is a security release of the MediaWiki 1.20 branch.
+
+=== Changes since 1.20.7 ===
+* (bug 53032) SECURITY: Don't cache when a call could autocreate
+* (bug 55332) SECURITY: Improve css javascript detection
+* (bug 49717) Fix behaviour $wgVerifyMimeType = false; in Upload
+* Fix comma errors in various js files
+* Translations
+
+== MediaWiki 1.20.7 ==
+This is a security release of the MediaWiki 1.20 branch.
+
+=== Changes since 1.20.6 ===
+* SECURITY: Fix extension detection with 2 .'s
+* SECURITY: Token-getting functions will fail when using jsonp callbacks.
+* SECURITY: Sanitize ResourceLoader exception messages
+* Purge upstream caches when deleting file assets.
+
+== MediaWiki 1.20.6 ==
+This is a security and maintenance release of the MediaWiki 1.20 branch.
+
+=== Changes since 1.20.5 ===
+* (bug 48306) SECURITY: Run file validation checks on chunked uploads, and chunks of upload, during the upload process.
+* (bug 44327) mediawiki.user: Use session ID instead of 1-year cross-session cookies
+* (bug 47202) wikibits: FF2Fixes.css should not be loaded in Firefox 20.
+* (bug 31044) Make ResourceLoader behave in read-only mode
+
+== MediaWiki 1.20.5 ==
+This is a security and maintenance release of the MediaWiki 1.20 branch.
+
+=== Changes since 1.20.4 ===
+* (bug 46590) Add hook AbortChangePassword to Special:ChangePassword
+* (bug 47304) SECURITY: Check SVG xml encoding against whitelist
+* Localisation updates from http://translatewiki.net.
+* mwdocgen.php: Implement --version option.
+* Remove svnstat stuff used in Doxygen generation
+* (bug 43594) Correctly supress warnings that were missed after the upstream
+* PHP change to E_STRICT being included in E_ALL.
+
+== MediaWiki 1.20.4 ==
+This is a security release of the MediaWiki 1.20 branch.
+
+=== Changes since 1.20.3 ===
+* (bug 47251) SECURITY: Disable external entities in Import
+* (bug 46859) SECURITY: Disable external entities in XMLReader
+* (bug 46084) SECURITY: Sanitize $limitReport before outputting
+
+== MediaWiki 1.20.3 ==
+This is a security and maintenance release of the MediaWiki 1.20 branch.
+
+=== Changes since MediaWiki 1.20.2 ===
+* New preference type - 'api'. Preferences of this type are not shown on Special:Preferences, but are still available via the action=options API. (Unbreaks MLEB.)
+* (bug 44010) Context is passed to UserGetLanguageObject.
+* The recursion guard on RequestContext::getLanguage() was weakened.
+* (bug 40585) Don't drop 'step="any"' in HTML input fields.
+* (bug 44024) Fixed problems in ObjectCache when using XCache.
+* (bug 44010) FauxRequest leaked cookie data from primary request.
+* (bug 44135/bug 42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST
+* (bug 43518) API action=unblock should return the user name, not the full user object
+* (bug 45355) Prevent read of arbitrary files through mwdoc-filter.php
+
+== MediaWiki 1.20.2 ==
+This is a maintenance release of the MediaWiki 1.20 branch
+
+=== Changes since MediaWiki 1.20.1 ===
+* (bug 42638) Fix API action=options&reset=1 & unit tests.
+* (bug 42370) Fixed backport of 60cc060 to use mDoneWrites — caused * (bug 42592) User rights, preferences and other things are not saving in 1.20.1.
+
+== MediaWiki 1.20.1 ==
+This is a security release of the MediaWiki 1.20 branch
+
+=== Changes since 1.20.0 ===
+* (bug 42202) Validate options to prevent html injection
+* (bug 40995) Prevent session fixation in Special:UserLogin (CVE-2012-5391)
+* (bug 41400) Prevent linker regex from exceeding PCRE backtrack limit
+* Javscript Lint fixes
+* (bug 40632) Remove CleanupPresentationalAttributes feature
+* [Database] Fixed case where trx idle callbacks might be lost.
+
+== MediaWiki 1.20.0 ==
+
+=== PHP 5.3 now required ===
+Since 1.20, the lowest supported version of PHP is now 5.3.2. Please
+upgrade PHP if you have not done so prior to upgrading MediaWiki.
+
+=== Configuration changes in 1.20 ===
+* $wgGitRepositoryViewers defines a mapping from Git remote repository to the
+ Gitweb instance URL used in Special:Version.
+* `$wgUsePathInfo = true;` is no longer needed to make $wgArticlePath work on servers
+ using like nginx, lighttpd, and apache over fastcgi. MediaWiki now always extracts
+ path info from REQUEST_URI if it's available.
+* The user right 'upload_by_url' is no longer given to sysops by default.
+ This only affects installations which have $wgAllowCopyUploads set to true.
+* Removed f-prot support from $wgAntivirusSetup.
+* New variable $wgDBerrorLogTZ to provide dates in the error log in a
+ different timezone than the wiki timezone set by $wgLocaltimezone.
+* New variables $wgDBssl and $wgDBcompress to enable SSL and compression for database
+ connections, if either are available for the selected DB type.
+* $wgUseCombinedLoginLink now defaults to false, making MediaWiki output separate
+ login and create account links by default.
+
+=== New features in 1.20 ===
+* Added TitleIsAlwaysKnown hook which gets called when determining if a page exists.
+* Added NamespaceIsMovable hook which gets called when determining if pages in a
+ certain namespace can be moved.
+* Added SpecialPageBeforeExecute hook which gets called before SpecialPage::execute.
+* Added SpecialPageAfterExecute hook which gets called after SpecialPage::execute.
+* Added ORMTable, ORMRow and ORMResult classes for additional abstraction of
+ database interaction.
+* Added CacheHelper and associated SpecialCachedPage and CachedAction helper classes.
+* (bug 32341) Add upload by URL domain limitation.
+* &useskin=default will now always display the default skin. Useful for users with a
+ preference for the non-default skin to look at something using the default skin.
+* (bug 27619) Remove preference option to display broken links as link?
+* (bug 34896) jQuery JSON plugin upgraded to v2.3 (2011-09-17).
+* (bug 34302) Add CSS classes to email fields in user preferences.
+* Introduced $wgDebugDBTransactions to trace transaction status (currently PostgreSQL only).
+* (bug 23795) Add parser itself to ParserMakeImageParams hook.
+* Introduce a cryptographic random number generator source api for use when
+ generating various tokens.
+* (bug 30963) Option on Special:Prefixindex and Special:Allpages to not show redirects.
+* (bug 18062) New message when edit or create the local page of a shared file.
+* (bug 22870) Separate interface message when creating a page.
+* (bug 17615) nosummary option should be reassigned on preview/captcha.
+* (bug 34355) Add a variable and parser function for the namespace number.
+* (bug 35649) Special:Version now shows hashes of extensions checked out from git.
+* (bug 35728) Git revisions are now linked on Special:Version.
+* "Show Changes" on default messages shows now diff against default message text
+* (bug 23006) create #speciale parser function.
+* generateSitemap can now optionally skip redirect pages.
+* (bug 27757) New API command just for retrieving tokens (not page-based).
+* Added GitViewers hook for extensions using external git repositories to have a web-based
+ repository viewer linked to from Special:Version.
+* Memcached debug logs can now be sent to their own file logs by setting
+ $wgDebugLogFile['memcached'] to some filepath.
+* (bug 35685) api.php URL and other entry point URLs are now listed on
+ Special:Version
+* Edit notices can now be translated.
+* jQuery upgraded to 1.8.2.
+* jQuery UI upgraded to 1.8.23.
+* QUnit upgraded from v1.2.0 to v1.10.0.
+* (bug 37604) jquery.cookie upgraded to 2011 version.
+* (bug 22887) Add warning and tracking category for preprocessor errors
+* (bug 31704) Allow selection of associated namespace on the watchlist
+* (bug 5445) Now remove autoblocks when a user is unblocked.
+* Added $wgLogExceptionBacktrace, on by default, to allow logging of exception
+ backtraces.
+* Added device detection for determining device capabilities.
+* QUnit.newMwEnvironment now supports passing a custom setup and/or teardown function.
+ Arguments signature has changed. First arguments is now an options object of which
+ 'config' can be a property. Previously 'config' itself was the first and only argument.
+* New getCreator and getOldestRevision methods added to WikiPage class
+* (bug 4220) the XML dump format schema now have unique identity constraints
+ for page and revision identifiers. Patch by Elvis Stansvik.
+* cleanupSpam.php now can delete spam pages if --delete was specified instead of blanking
+ them.
+* Added new hook ChangePasswordForm to allow adding of additional fields in Special:ChangePassword
+* Added new function getDomain to AuthPlugin for getting a user's domain
+* (bug 23427) New magic word {{PAGEID}} which gives the current page ID.
+ Will be null on previewing a page being created.
+* (bug 37627) UserNotLoggedIn() exception to show a generic error page whenever
+ a user is not logged in.
+* Watched status in changes lists are no longer indicated by <strong></strong>
+ tags with class "mw-watched". Instead, each line now has a class
+ "mw-changeslist-line-watched" or "mw-changeslist-line-not-watched", and the
+ title itself is surrounded by <span></span> tags with class "mw-title".
+* Added ContribsPager::reallyDoQuery hook allowing extensions to data to MyContribs
+* Added new hook ParserAfterParse to allow extensions to affect parsed output
+ after the parse is complete but before block level processing, link holder
+ replacement, and so on.
+* (bug 34678) Added InternalParseBeforeSanitize hook which gets called during Parser's
+ internalParse method just before the parser removes unwanted/dangerous HTML tags.
+* Added new hook AfterFinalPageOutput to allow modifications to buffered page output before sent
+ to the client.
+* (bug 36783) Implement jQuery Promise interface in mediawiki.api module.
+* Make dates in sortable tables sort according to the page content language
+ instead of the site content language
+* (bug 37926) Deleterevision will no longer allow users to delete log entries,
+ the new deletelogentry permission is required for this.
+* (bug 14237) Allow PAGESINCATEGORY to distinguish between 'all', 'pages', 'files'
+ and 'subcats'
+* (bug 38362) Make Special:Listuser includeable on wiki pages.
+* Added support in jquery.localize for placeholder attributes.
+* (bug 38151) Implemented mw.user.getRights for getting and caching the current
+ user's user rights.
+* Session storage can now configured independently of general object cache
+ storage, by using $wgSessionCacheType. $wgSessionsInMemcached has been
+ renamed to $wgSessionsInObjectCache, with the old name retained for backwards
+ compatibility. When this feature is enabled, the expiry time can now be
+ configured with $wgObjectCacheSessionExpiry.
+* Added a Redis client for object caching.
+* Implemented mw.user.getGroups for getting and caching user groups.
+* (bug 37830) Added $wgRequirePasswordforEmailChange to control whether password
+ confirmation is required for changing an email address or not.
+* HTMLForm mutators can now be chained (they return $this)
+* A new message, "api-error-filetype-banned-type", is available for formatting
+ API upload errors due to the file extension blacklist.
+* New hook 'ParserTestGlobals' allows to set globals before running parser tests.
+* Allow importing pages as subpage.
+* Add lang and hreflang attributes to language links on Login page.
+* (bug 22749) Create Special:MostInterwikis.
+* Show change tags when transclude Special:Recentchanges(linked) or Special:Newpages.
+* (bug 23226) Add |class= parameter to image links in order to add class(es) to HTML img tag.
+* (bug 39431) SVG animated status is now shown in long description.
+* (bug 39376) jquery.form upgraded to 3.14.
+* SVG files will now show the actual width in the SVG's specified units
+ in the metadata box.
+* Added ResourceLoader module "jquery.jStorage" (v0.3.0, http://jStorage.info/).
+* (bug 39273) Added AJAX support for "Show changes" (diff) in LivePreview.
+* Added ResourceLoader module "jquery.badge".
+* mw.util.$content now points to the overall content area in the skin rather than just
+ page text content area. If you need the old behavior please use $( '#mw-content-text').
+* jsMessage has been replaced with a floating bubble notification system complete
+ with auto-hide, multi-message support, and message replacement tags.
+* jquery.messageBox which appears to be unused by both core and extensions has
+ been removed.
+* (bug 34939) Made link parsing insensitive ([HttP://]).
+* (bug 40072) Add CSS classes to items in output of ChangesList pages.
+* Added $wgCopyUploadProxy global to define which proxy to use for copy
+ uploads.
+* (bug 40448) mediawiki.legacy.mwsuggest has been replaced with a new module,
+ mediawiki.searchSuggest, based on SimpleSearch from Extension:Vector.
+
+=== Known issues in 1.20.0 ===
+These are issues that we're targeting to be fixed in a later release
+in the 1.20 series. Issues may be added or removed from this list as
+we see fit. For now, it is comprised of those bugs on the 1.20.0
+milestone in Bugzilla.
+
+* (bug 35894): Reports of secret key generation "hanging" on windows
+ This is probably a bug that has been fixed in PHP. If you run
+ into this, try upgrading your PHP.
+* (bug 38334): PHP Notice: Undefined index: href in /www/w/skins/Vector.php on line 416
+ We think this is a problem in some extension. If you see this,
+ try disabling your extensions and check out the logging patch on
+ this bug. Or try this patch:
+ <https://gerrit.wikimedia.org/r/#/c/27937/1/skins/Vector.php>
+* (bug 39268): [Regression] Toolbar inserts in main textarea only (instead of the focussed textarea)
+ This should only be an issue if you are using the ProofreadPage
+ extension.
+* (bug 40641): Clicking "others" in Special:Version asks to download a file
+ If you encounter this, you can tell your webserver to serve the
+ CREDITS file with text/plain MIME type to fix it.
+
+=== Bug fixes in 1.20 ===
+* (bug 40939): [Regression] InfoAction: Call to a member function getUserText() on a non-object
+* (bug 40780): searchsuggest-containing line ("containing...") doesn't include the entered text
+* (bug 37714): [Regression] Incomplete log entries
+* (bug 27202): API: Add timestamp sort to list=allimages
+* (bug 30245) Use the correct way to construct a log page title.
+* (bug 34237) Regenerate an empty user_token and save to the database
+ when we try to set the user's cookies for login.
+* (bug 32210) New edit emails for watched pages always provide a link to the
+ edit which triggered the mail.
+* (bug 12021) Added user talk link on Special:Listusers.
+* (bug 34445) section edit and TOC hide/show links are excluded from selection and
+ copy/paste on supporting browsers.
+* (bug 34428) Fixed incorrect hash mismatch errors in the DiffHistoryBlob
+ history compression method.
+* (bug 34702) Localised parentheses are now used in more special pages.
+* (bug 34723) When editing a script page on a RTL wiki the textbox should be LTR.
+* (bug 34762) Calling close() on a DatabaseBase object now clears the connection.
+* (bug 34863) Show deletion log extract on non-existent file pages if applicable.
+* (bug 28019) Let ?preloadtitle=foo be passed on to target of
+ Special:MyPage and Special:MyTalk.
+* (bug 34929) Show the correct diff when a section edit is rejected by the spam
+ filter.
+* (bug 15816) Add a switch for SETting the search_path (Postgres).
+* (bug 34521) Returning to the previous page after logging in loses any array-
+ valued parameters in the query string.
+* (bug 34735) Updated compressOld.php documentation to mention the different
+ usages of -s and -n parameters depending on compression type.
+* (bug 13896) Rendering of devanagari numbers in automatic '#' number lists.
+* (bug 33689) Upgrade to 1.19 on Postgres fails due to incomplete query when
+ trying to defer foreign key for externallinks.
+* (bug 32748) Printer friendly version of article decode Unicode chars as a
+ pretty IRI in footer.
+* Removed white border around thumbnails in galleries.
+* (bug 31236) "Next" and "Previous" buttons are shown incorrectly in
+ an RTL environment.
+* (bug 35749) Updated maintenance/checkSyntax.php to use Git instead of
+ Subversion when invoked with the --modified option.
+* (bug 35069) On history pages, the " . . " separator after the number of
+ characters changed in a revision is now suppressed if no text would follow.
+* (bug 18704) Add a unique CSS class or ID to the tagfilter table row at RecentChanges
+* (bug 33564) transwiki import sometimes result in invalid title.
+* (bug 35572) Blocks appear to succeed even if query fails due to wrong DB structure
+* (bug 31757) Add a word-separator between help-messages in HTMLForm
+* (bug 30410) Removed deprecated $wgFilterCallback and the 'filtered' API error.
+* (bug 32604) Some messages needs escaping of wikitext inside username.
+* (bug 36537) Rename wfArrayToCGI to wfArrayToCgi for consistency with wfCgiToArray.
+* (bug 25946) The message on the top of Special:RecentChanges is now displayed
+ in user language instead of content language.
+* (bug 35264) Wrong type used for <ns> in export.xsd
+* (bug 24985) Use $wgTmpDirectory as the default temp directory so that people
+ who don't have access to /tmp can specify an alternative.
+* (bug 27283) SqlBagOStuff breaks PostgreSQL transactions.
+* (bug 35727) mw.Api ajax() should put token parameter last.
+* (bug 37708) mw.Uri.clone() should make a deep copy.
+* (bug 38024) ResourceLoader should not create empty stylesheets for modules
+ that don't have stylesheets.
+* (bug 36812) Special:ActiveUsers "Hide bots" should hide users from any group
+ having the "bot" user right, instead of just the default "bot" user group.
+* (bug 35082) mw.util.addPortletLink incorrectly adds link to mutiple <ul> tags.
+* (bug 36991) jquery.tablesorter should extract date sort format from date
+ string instead of global config. Dates like "April 1 2012" and "1 April 2012"
+ now sort correctly regardless of the content language's DefaultDateFormat.
+* (bug 31895) mw.loader mode now correct when triggered from a $.fn.ready
+ handler that is bound before mediawiki.js's handler (e.g. browser-userscripts
+ like greasemonkey).
+* (bug 38152) jquery.tablesorter: Use .data() instead of .attr(), so that live
+ values are used instead of just the fixed values from when the tablesorter
+ was initialized.
+* (bug 38093) Gender of changed user groups missing in Special:Log/rights
+* (bug 35893) Special:Block needs to load mediawiki.special.block.js.
+* (bug 37331) ResourceLoader modules sometimes execute twice in Firefox
+* (bug 31644) GlobalUsage, CentralAuth and AbuseLog extensions should not use
+ insecure links to foreign wikis in the WikiMap.
+* (bug 36073) Avoid duplicate element IDs on File pages.
+* (bug 25095) Special:Categories should also include the first relevant item
+ when "from" is filled.
+* (bug 35526) jquery.tablesorter now uses a stable sort.
+* (bug 38953) --memory-limit switch not working for runJobs.php.
+* (bug 33037) Make subpage of Special:newfiles control how many files
+ are returned, like in previous versions.
+* (bug 36524) "Show" options on Special:RecentChanges and Special:RecentChangesLinked
+ are now remembered between successive clicks.
+* (bug 26069) Page title is no longer "Error" for all error pages.
+* (bug 39297) Show warning if thumbnail of animated image will not be animated.
+* (bug 38249) Parser will throw an exception instead of outputting gibberish if
+ PCRE is compiled without support for unicode properties.
+* (bug 30390) Suggested file name on Special:Upload should not contain
+ illegal characters.
+* EXIF below sea level GPS altitude data is now shown correctly.
+* (bug 39284) jquery.tablesorter should not consider "."" or "?"" to be a currency.
+* (bug 39273) "Show changes" should not be incorrectly displayed in the Live Preview state.
+* Made body-content lang attribute honor the variant language when it is set.
+* (bug 36761) "Mark pages as visited" now submits previously established filter options.
+* (bug 39635) PostgreSQL LOCK IN SHARE MODE option is a syntax error.
+* (bug 36329) Accesskey tooltips for Firefox 14 on Mac should use "ctrl-option-" prefix.
+* (bug 32552) Drop unused database field cat_hidden from table category.
+* (bug 24502) Do not allow multiple language links to the same language.
+* (bug 40214) Category pages no longer use deprecated "width" HTML attribute.
+* (bug 39941) Add missing stylesheets to the installer pages
+* In HTML5 mode, allow new input element types values (such as color, range..)
+* (bug 36151) mw.Title: Don't limit extension in title parsing.
+* (bug 38158) jquery.byteLimit sometimes causes an unexpected 0 maxLength being enforced.
+* (bug 38163) jquery.byteLimit incorrectly limits input when using methods other than
+ basic per-char typing.
+* (bug 34495) patrol log now credit the user patrolling (instead of patrolled
+ user).
+* (bug 31676) ResourceLoader should work around IE stylesheet limit.
+* (bug 40498) ResourceLoader should not output an empty "@media print { }" block.
+* (bug 40500) ResourceLoader should not ignore media-type for urls in debug mode.
+* (bug 40660) ResourceLoaderWikiModule should not convert " " to a space
+ for pages from the MediaWiki-namespace.
+* (bug 40329) (bug 40632) Removed CleanupPresentationalAttributes feature.
+
+=== API changes in 1.20 ===
+* (bug 34316) Add ability to retrieve maximum upload size from MediaWiki API.
+* (bug 34313) MediaWiki API intro message about "HTML format" should mention
+ the format parameter.
+* (bug 32384) Allow descending order for list=watchlistraw.
+* (bug 31883) Limit of bkusers of list=blocks and titles of action=query is
+ not documented in API help.
+* (bug 32492) API now allows editing using pageid.
+* (bug 32497) API now allows changing of protection level using pageid.
+* (bug 32498) API now allows comparing pages using pageids.
+* (bug 30975) API import of pages with invalid characters in this wiki leads to Fatal Error.
+* (bug 30488) API now allows listing of backlinks/embeddedin/imageusage per pageid.
+* (bug 34927) Output media_type for list=filearchive.
+* (bug 28814) add properties to output of action=parse.
+* (bug 33224) add variants of content language to meta=siteinfo.
+* (bug 32643) action=purge with forcelinkupdate no longer crashes when ratelimit is reached.
+* The paraminfo module now also contains result properties for most modules.
+* (bug 32348) Allow descending order for list=alllinks.
+* (bug 31777) Upload unknown error ``fileexists-forbidden''.
+* (bug 32382) Allow descending order for list=iwbacklinks.
+* (bug 32381) Allow descending order for list=backlinks, list=embeddedin and list=imageusage.
+* (bug 32383) Allow descending order for list=langbacklinks.
+* API meta=siteinfo can now return the list of known variable IDs.
+* (bug 35980) list=deletedrevs now honors drdir correctly in "all" mode (mode #3).
+* (bug 29290) API avoids mangling fields in continuation parameters
+* (bug 36987) API avoids mangling fields in continuation parameters
+* (bug 30836) siteinfo prop=specialpagealiases will no longer return nonexistent special pages
+* (bug 38190) Add "required" flag to some token params for hint in api docs.
+* (bug 27567) Add file repo support to prop=duplicatefiles.
+* (bug 27610) Add archivename for non-latest image version to list=filearchive
+* (bug 38231) Add xml parse tree to action=parse.
+* Watchlist notification timestamp may be queried by page and may be updated via the API.
+* (bug 38904) prop=revisions&rvstart=... no longer blows up when continuing.
+* (bug 39032) ApiQuery generates help in constructor.
+* (bug 11142) Improve file extension blacklist error reporting in API upload.
+* (bug 39665) List of query generators is now not built using reflection, instead it is
+ defined in code.
+* (bug 35993) Deprecated gettoken parameter - support will be removed in 1.22.
+
+=== Languages updated in 1.20 ===
+
+MediaWiki supports over 350 languages. Many localisations are updated
+regularly. Below only new and removed languages are listed, as well as
+changes to languages because of Bugzilla reports.
+
+* Emilian (egl) added.
+* Tornedalen Finnish (fit) added.
+* Mizo (lus) added.
+* Santali (sat) added.
+* (bug 34192) Namespace gender aliases for Albanian languages (sq & aln).
+* (bug 35541) Namespace gender aliases for Croatian (hr).
+* (bug 36012) Space in $separatorTransformTable should be non-breaking in
+ Portuguese, Esperanto and Udmurt.
+* Turoyo (tru) added.
+* Cyrillic-Latin language converter added for Uzbek (uz).
+
+=== Other changes in 1.20 ===
+* The user_token field is now left empty until a user attempts to login and
+ cookies need to be set. It is also now possible to reset every user's
+ user_token simply by clearing the values in the user_token column.
+* Removed ./tests/qunit/index.html from core. It wasn't actively maintained and
+ has been made obsolete when [[Special:JavaScriptTest/qunit]] was introduced,
+ which actually uses ResourceLoader, LocalSettings and the Skin.
+* Removed $wgDBtransactions global. This was only checked in one class
+ and only applies to MyISAM or similar DBs. Those should only be used
+ for archived sites anyway. We can't get edit conflicts on such sites,
+ so the WikiPage code wasn't useful there either.
+* Deprecated mw.user.name in favour of mw.user.getName.
+* Deprecated mw.user.anonymous in favour of mw.user.isAnon.
+* Deprecated DatabaseBase functions newFromParams(), newFromType(), set(),
+ quote_ident(), and escapeLike() were removed.
+* Use of __DIR__ instead of dirname( __FILE__ ).
+* OutputPage::wrapWikiMsg() no longer supports the 'options' parameter. It was
+ not used and complicated migration to Message class.
+* Live preview functionality has been improved and moved into the
+ 'mediawiki.action.edit.preview' module. The old 'mediawiki.legacy.preview' module
+ has been removed.
+* (bug 40448) Removed mediawiki.legacy.mwsuggest module, and removed the
+ following that has become obsolete:
+ - globals $wgEnableMWSuggest and $wgMWSuggestTemplate.
+ - mw.config.values wgMWSuggestTemplate and wgSearchNamespaces.
+ - method SearchEngine::getMWSuggestTemplate().
+
+== MediaWiki 1.19 ==
+
+== MediaWiki 1.19.21 ==
+This is a maintenance release of the MediaWiki 1.19 branch.
+
+=== Changes since 1.19.20 ===
+* (bug 67440) Allow classes to be registered properly from installer.
+* (bug 47281) Fixed a dumpBackup.php error with --uploads --include-filesoptions: Unable to find the wrapper "mwstore". * System administrators are encouraged to upgrade to this release or 1.22+ and produce a full data dump. https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Backing_up_a_wiki
+* (bug 63049) Removed anonymous functions from ApiFormatBase, added in1.19.13 as part of the fix for bug 61362, for PHP 5.2 compatibility.
+
+== MediaWiki 1.19.20 ==
+This is a security release of the MediaWiki 1.19 branch.
+
+=== Changes since 1.19.19 ===
+* (bug 70672) SECURITY: OutputPage: Remove separation of css and js module allowance.
+
+== MediaWiki 1.19.19 ==
+This is a security release of the MediaWiki 1.19 branch.
+
+=== Changes since 1.19.18 ===
+* (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style> elements; normalize style elements and attributes before filtering; add checks for attributes that contain css; add unit tests for html5sec and reported bugs.
+
+== MediaWiki 1.19.18 ==
+This is a security release of the MediaWiki 1.19 branch.
+
+=== Changes since 1.19.17 ===
+* (bug 68187) SECURITY: Prepend jsonp callback with comment.
+* (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and ParserOutput.
+
+== MediaWiki 1.19.17 ==
+This is a security and maintenance release of the MediaWiki 1.19 branch.
+
+=== Changes since 1.19.16 ===
+* (bug 65839) SECURITY: Prevent external resources in SVG files.
+* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like only extracting the tail of the file partially or not at all.
+
+== MediaWiki 1.19.16 ==
+This is a security release of the MediaWiki 1.19 branch.
+
+=== Changes since 1.19.15 ===
+* (bug 65501) SECURITY: Don't parse usernames as wikitext on Special:PasswordReset.
+
+== MediaWiki 1.19.15 ==
+This is a security and maintenance release of the MediaWiki 1.19 branch.
+
+=== Changes since 1.19.14 ===
+Fixed resetting passwords.
+* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to appear blank or with missing text.
+
+== MediaWiki 1.19.14 ==
+This is a security and maintenance release of the MediaWiki 1.19 branch.
+
+=== Changes since 1.19.13 ===
+* (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword.
+* (bug 62467) Set a title for the context during import on the cli.
+
+== MediaWiki 1.19.13 ==
+This is a security and maintenance release of the MediaWiki 1.19 branch.
+
+=== Changes since 1.19.12 ===
+* (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.
+* Use the correct branch of the extensions' git repositories.
+
+== MediaWiki 1.19.12 ==
+This is a security release of the MediaWiki 1.19 branch.
+
+=== Changes since 1.19.11 ===
+* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. * User will get an error including the namespace name if they use a non- whitelisted namespace.
+* (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time.
+
+== MediaWiki 1.19.11 ==
+This is a security release of the MediaWiki 1.19 branch.
+
+=== Changes since 1.19.10 ===
+* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media formats
+
+== MediaWiki 1.19.10 ==
+This is a security release of the MediaWiki 1.19 branch.
+
+=== Changes since 1.19.9 ===
+* (bug 57550) SECURITY: Disallow stylesheets in SVG Uploads
+* (bug 58088) SECURITY: Don't normalize U+FF3C to \ in CSS Checks
+* (bug 58472) SECURITY: Disallow -o-link in styles
+* (bug 58553) SECURITY: Return error on invalid XML for SVG Uploads
+* (bug 58699) SECURITY: Fix RevDel log entry information leaks
+
+== MediaWiki 1.19.9 ==
+This is a security and maintenance release of the MediaWiki 1.19 branch.
+
+=== Changes since 1.19.8 ===
+* (bug 53032) SECURITY: Don't cache when a call could autocreate
+* (bug 55332) SECURITY: Improve css javascript detection
+* (bug 49717) Fix behaviour $wgVerifyMimeType = false; in Upload
+* Translations
+
+== MediaWiki 1.19.8 ==
+2013-09-03
+
+This is a security and maintenance release of the MediaWiki 1.19 branch.
+
+=== Changes since 1.19.7 ===
+* SECURITY: Sanitize ResourceLoader exception messages
+* SECURITY: Token-getting functions will fail when using jsonp callbacks.
+* SECURITY: Fix extension detection with 2 .'s
+* Allow a string other than '*' as condition for DatabaseBase::delete()
+* Purge upstream caches when deleting file assets.
+* jquery.tablesorter: Add missing dependency on jquery.mwExtension
+
+== MediaWiki 1.19.7 ==
+2013-05-21
+
+This is a security release of the MediaWiki 1.19 branch
+
+=== Changes since 1.19.6 ===
+* (bug 48306) SECURITY: Run file validation checks on chunked uploads, and chunks of upload, during the upload process.
+
+== MediaWiki 1.19.6 ==
+2013-04-30
+
+This is a security and maintenance release of the MediaWiki 1.19 branch
+
+=== Changes since 1.19.5 ===
+* (bug 47304) SECURITY: Check SVG xml encoding against whitelist
+* (bug 46590) Added AbortChangePassword hook to allow extensions to abort password changes from Special:ChangePassword
+* Localisation updates from http://translatewiki.net.
+* mwdocgen.php: Implement --version option.
+* Remove svnstat stuff used in Doxygen generation
+* E_USER_DEPRECATED undefined prior to php 5.3
+
+== MediaWiki 1.19.5 ==
+2013-04-15
+
+This is a security and maintenance release of the MediaWiki 1.19 branch
+
+=== Changes since 1.19.4 ===
+* (bug 47251) SECURITY: Disable external entities in Import
+* (bug 46859) SECURITY: Disable external entities in XMLReader
+* (bug 46084) SECURITY: Sanitize $limitReport before outputting
+* (bug 43594) Fix notices displayed on PHP 5.4
+* (bug 40585) Don't drop 'step="any"' in HTML input fields.
+
+== MediaWiki 1.19.4 ==
+2013-03-04
+
+This is a security release of the MediaWiki 1.19 branch
+
+=== Changes since 1.19.3 ===
+* New preference type - 'api'. Preferences of this type are not shown on Special:Preferences, but are still available via the action=options API.
+* (bug 44010) Context is passed to UserGetLanguageObject.
+* The recursion guard on RequestContext::getLanguage() was weakened.
+* (bug 44135/bug 42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST
+* (bug 43518) API action=unblock should return the user name, not the full user object
+
+== MediaWiki 1.19.3 ==
+2012-11-30
+
+This is a security release of the MediaWiki 1.19 branch
+
+=== Changes since 1.19.2 ===
+* (bug 40995) Prevent session fixation in Special:UserLogin (CVE-2012-5391)
+* (bug 41400) Prevent linker regex from exceeding PCRE backtrack limit
+* Increase permitted runtime for testParserTest (only used for continuous integration).
+* Updated messages translations from http://translatewiki.net/
+
+== MediaWiki 1.19.2 ==
+
+This is a security release of the MediaWiki 1.19 branch
+
+=== Changes since 1.19.1 ===
+* (bug 39700) File: link to non-existing file can inject html
+* (bug 39823) Hidden block text leaking to admins
+* (bug 39184) LDAP password leakage
+* (bug 39180) Disallow framing of api results
+* (bug 37587) Enforce language codes to be html safe
+* (bug 39824) Check global blocks on account creation
+
+== MediaWiki 1.19 ==
+
+MediaWiki 1.19 is a large release that contains many new features and bug
+fixes. This is a summary of the major changes of interest to users.
+You can consult the RELEASE-NOTES-1.19 file for the full list of changes in
+this version.
+
+Our thanks go to everyone who helped to improve MediaWiki by testing the beta
+release and submitting bug reports.
+
+=== Changes since 1.19.1 ===
+* (bug 38406) Properly quote table names in DatabaseBase::tableName()
+* (bug 38249) Parser will throw an exception instead of outputting gibberish if
+ PCRE is compiled without support for unicode properties.
+
+=== Changes since 1.19.0 ===
+* (bug 36568) Fixed "Illegal string offset 'LIMIT'" warnings in updater
+* (bug 36938) Correctly escape uselang attribute to prevent xss
+* Expanded Blacklist for SVG Files
+
+=== Changes since 1.19 beta 2 ===
+* Special:Watchlist no longer sets links to feed when the user is anonymous.
+* (bug 35961) Hash comparison should always be strict.
+* Fix broken email confirmation expiration caused by MWCryptRand changes.
+* (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php
+ on line 598.
+* (bug 36042) 'show' causes a fatal in blocks API.
+
+=== Changes since 1.19 beta 1 ===
+* (bug 35014) Including a special page no longer sets the page's title to the
+ included page
+* (bug 35019) Edit summaries are no longer transformed in notification e-mails
+* (bug 35152) Help message for e-mail is shown again in user preferences
+* (bug 34887) $3 and $4 parameters are now substituted correctly in message
+ "movepage-moved"
+* (bug 34841) Edit links are no longer displayed when display old page versions
+* (bug 34889) User name should be normalized on Special:Contributions
+* (bug 35051) If heading has a trailing space after == then its name is not
+ preloaded into edit summary on section edit
+* (bug 31417) New ID mw-content-text around the actual page text, without categories,
+ contentSub, ... The same div often also contains the class mw-content-ltr/rtl.
+* (bug 35303) Proxy and DNS blacklist blocking works again
+* (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in
+ core parser functions which operate on strings, such as padleft.
+* (bug 18295) Don't expose strip markers when a tag appears inside a link
+ inside a heading.
+* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token
+ parameter present.
+* (bug 34907) Fixed exposure of tokens through load.php that could have facilitated
+ CSRF attacks.
+* (bug 35317) CSRF in Special:Upload.
+
+=== Configuration changes in 1.19 ===
+* Removed SkinTemplateSetupPageCss hook; use BeforePageDisplay instead.
+* (bug 27132) movefile right granted by default to registered users.
+* Default cookie lifetime ($wgCookieExpiration) is increased to 180 days.
+* (bug 31204) Removed old user.user_options.
+* $wgMaxImageArea now applies to jpeg files if they are not scaled with
+ ImageMagick.
+* Introduced $wgQueryPageDefaultLimit (defaults to 50) for the number of
+ items to show by default on query pages (special pages such as Whatlinkshere).
+* (bug 32470) Increase the length of ug_group.
+* (bug 32239) Removed $wgEnableTooltipsAndAccesskeys.
+* Removed $wgVectorShowVariantName.
+* Removed $wgExtensionAliasesFiles. Use $wgExtensionMessagesFiles.
+* Removed $wgResourceLoaderInlinePrivateModules , now always enabled.
+
+=== New features in 1.19 ===
+* (bug 19838) Add ability to get all interwiki prefixes also if the interwiki
+ cache is used.
+* $wgDnsBlacklistUrls now accepts an array with url and key as the
+ elements to work with DNSBLs that require keys, such as
+ Project Honeypot.
+* (bug 30022) Add support for custom loadScript sources to ResourceLoader.
+* (bug 19052) Unicode space separator characters (Zs) now terminates external
+ links and images links.
+* (bug 30160) Add public method to mw.loader to get module names from registry.
+* (bug 15558) Parameters to special pages included in wikitext can now be passed
+ as with templates.
+* Installer now issues a warning if mod_security is present.
+* (bug 29455) Add support for a filter callback function in jQuery byteLimit
+ plugin.
+* Added two new GetLocalURL hooks to better serve extensions working on a
+ limited type of titles.
+* Added a --no-updates flag to importDump.php that skips updating the links
+ tables.
+* Most presentational html attributes like valign are now converted to inline
+ css style rules. These attributes were removed from html5 and so we clean
+ them up when $wgHtml5 is enabled. This can be disabled using
+ $wgCleanupPresentationalAttributes.
+* Magic words (time and number-formatting ones, plus DIRECTIONMARK, but not
+ NAMESPACE) now depend on the page content language instead of the site
+ language. In theory this sets the right magic words in system messages,
+ although they are not used there.
+* (bug 30451) Add page_props to RefreshLinks::deleteLinksFromNonexistent.
+* (bug 30450) Clear page_props table on page deletion.
+* Hook added to check for exempt from account creation throttle.
+* (bug 30344) Add configuration variable for setting custom priorities when
+ generating sitemaps.
+* (bug 96170) Add array support for space-separated list attributes (like
+ 'class') in the Html helper class.
+* (bug 26470) Add checkered background image on hover on files pages.
+* (bug 30774) mediawiki.html: Add support for numbers and booleans in the
+ attribute values and element contents.
+* Conversion script between Tifinagh and Latin for the Tachelhit language.
+* (bug 16755) Add options 'noreplace' and 'noerror' to {{DEFAULTSORT:...}}
+ to stop it from replace an already existing default sort, and suppress error.
+* (bug 18578) Rewrote revision delete related messages to allow better
+ localisation.
+* (bug 30364) LanguageConverter now depends on the page content language
+ instead of the wiki content language.
+* Jump links will now be usable in CSS-capable browsers instead of only
+ in outdated text browsers.
+* New common*.css files usable by skins instead of having to copy piles
+ of generic styles from MonoBook or Vector's css.
+* Some deprecated presentational html attributes will now be automatically
+ converted to css.
+* (bug 31297) Add support for namespaces in Special:RecentChanges subpage filter
+ syntax.
+* The default user signature now contains a talk link in addition to the user link.
+* (bug 25306) Add link of old page title to MediaWiki:Delete_and_move_reason.
+* Added hook BitmapHandlerCheckImageArea.
+* (bug 30062) Add $wgDBprefix option to cli installer.
+* getUserPermissionsErrors and getUserPermissionsErrorsExpensive hooks are now
+ also called when checking for 'read' permission.
+* Introduce $wgEnableSearchContributorsByIP which controls whether searching
+ for an IP address redirects to the contributions list for that IP.
+* (bug 8859) Database::update should take array of tables too.
+* (bug 19698) Add "Inverse namespaces" option to Special:Contributions.
+* (bug 24037) Add byte length of revision to Special:Contributions.
+* (bug 1672) Added $wgDisableUploadScriptChecks to allow uploading of files
+ containing HTML or JS. DISABLING THESE CHECKS IS VERY DANGEROUS.
+* New path mappings can be added using the WebRequestPathInfoRouter hook
+ and adding paths to the PathRouter.
+* (bug 32666) Special:ActiveUsers now allows a subpage to be used as value for the
+ "target" query parameter (eg. Special:ActiveUsers/Username).
+* New JavaScript variable wgPageContentLanguage.
+* Added new debugging toolbar, enabled with $wgDebugToolbar.
+* Differences in the history page now uses slightly better colors for people
+ perceiving colors differently.
+* (bug 32879) Upgrade jQuery to 1.7.1.
+* jQuery UI upgraded to 1.8.17.
+* Extensions can use the 'Language::getMessagesFileName' hook to define new
+ languages using messages files outside of core.
+* (bug 32512) Add 'Associated namespace' checkbox to Special:Contributions.
+* Added $wgSend404Code, true by default, which can be set to false to send a
+ 200 status code instead of 404 for nonexistent articles.
+* (bug 33447) Link to the broken image tracking category from Special:Wantedfiles.
+* (bug 27724) Add timestamp to job queue.
+* (bug 30339) Implement SpecialPage for running javascript tests. Disabled by default, due to
+ tests potentially being harmful, not to be run on a production wiki.
+ Enable by setting $wgEnableJavaScriptTest to true.
+* Extensions can use the RequestContextCreateSkin hook to override what skin is
+ loaded in some contexts.
+* (bug 33456) Show $wgQueryCacheLimit on cached query pages.
+* (bug 10574) Add an option to allow all pages to be exported by Special:Export.
+* mediawiki.js Message object constructor is now publicly available as mw.Message.
+* (bug 29309) Allow CSS class per tooltip (tipsy).
+* (bug 33565) Add accesskey/tooltip to submit buttons on Special:EditWatchlist.
+* (bug 17959) Inline rendering/thumbnailing for Gimp XCF images.
+* (bug 27775) Namespace has it's own XML tag in the XML dump file.
+* (bug 30513) Redirect tag is now resolved in XML dump file.
+* sha1 xml tag added to XML dump file.
+* (bug 33646) Badtitle error page now emits a 400 HTTP status.
+* Special:MovePage now has a dropdown menu for namespaces.
+* (bug 34420) Special:Version now shows git HEAD sha1 when available.
+* (bug 33952) Refactor mw.toolbar to allow dynamic additions at any time.
+
+=== Bug fixes in 1.19 ===
+* $wgUploadNavigationUrl should be used for file redlinks if.
+ $wgUploadMissingFileUrl is not set. The first was used for this
+ until the second was introduced in 1.17.
+* BREAKING CHANGE: Style rules for wikitable are now more specific and prevent
+ inheritance to nested tables which caused various issues (bug 30485 and bug
+ 33434). If your wiki has overridden rules for ".wikitable", please revise them and
+ adjust where necessary. For comparison, use the "table.wikitable" section in
+ skins/common/shared.css as base.
+* $wgUploadNavigationUrl is now used for file redlinks if
+ $wgUploadMissingFileUrl is not set. The former was used for this until the
+ second was introduced in 1.17.
+* (bug 27894) Move 'editondblclick' event listener down from body to
+ div#bodyContent.
+* (bug 30172) The check for posix_isatty() in maintenance scripts did not detect
+ when the function exists but is disabled. Introduced
+ Maintenance::posix_isatty().
+* (bug 30264) Changed installer-generated LocalSettings.php to use
+ require_once() instead require() for included extensions.
+* Do not convert text in the user interface language to another script.
+* (bug 26283) Previewing user JS/CSS pages didn't load other user JS/CSS pages.
+* (bug 26486) ResourceLoader modules with paths to nonexistent files cause PHP
+ warnings/notices to be thrown.
+* (bug 30335) Fix for HTMLForms using GET that were breaking when non-friendly
+ URLs are used.
+* (bug 28649) Preventing half truncated multi-byte unicode characters when
+ truncating log comments.
+* Show --batch-size option in help of maintenance scripts that support it.
+* (bug 4381) Magic quotes cleaning was not comprehensive, key strings were not
+ unescaped.
+* (bug 23057) Importers no longer can 'edit' or 'create' a fully-protected page by
+ importing a new revision into it.
+* Allow moving the associated talk pages of subpages even if the base page
+ has no subpage.
+* Per page edit-notices now work in namespaces without subpages enabled.
+* (bug 31081) $wgEnotifUseJobQ is no longer unconditionally enqueueing jobs.
+* (bug 30202) File names are now restricted on upload to 240 bytes, because of
+ restrictions on some of the database fields.
+* Timezones are now recognised in user preferences when offset is different
+ due to DST.
+* (bug 31692) "summary" parameter now also works when undoing revisions.
+* (bug 18823) "move succeeded" text displayed bluelinks even when redirect was
+ suppressed.
+* (bug 19186) Special:UserLogin's title on Special:SpecialPages now says
+ "create account" when the user cannot create an account.
+* (bug 31818) 'usercreated' message now supports GENDER.
+* (bug 32022) Our phpunit.php script can now be executed from another directory.
+* (bug 26020) Setting $wgEmailConfirmToEdit to true no longer removes diffs
+ from recent changes feeds.
+* (bug 30232) add current time to message wlnote on Special:Watchlist.
+* (bug 29110) $wgFeedDiffCutoff did not affect new pages.
+* (bug 32168) Add wfRemoveDotSegments for use in wfExpandUrl.
+* (bug 32358) Do not display "No higher resolution available" for dimensionless
+ files (like audio files).
+* (bug 32168) Add wfAssembleUrl for use in wfExpandUrl.
+* (bug 32168) fixed - wfExpandUrl expands dot segments now.
+* (bug 31535) Upload comments now truncated properly, and don't have brackets.
+* (bug 32086) Special:PermanentLink now shows an error message when no subpage
+ was specified.
+* (bug 30368) Special:Newpages now shows the new page name for moved pages.
+* (bug 1697) The way to search blocked usernames in block log should be clearer.
+* (bug 29747) eAccelerator shared memory caching has been removed since it is
+ now disabled by default and is buggy. APC, XCache and WinCache are not affected.
+* Installer now refuses to install if php was not compiled with Ctype support.
+* (bug 29475) Remove "trackback" feature entirely from core.
+* (bug 32665) Special:BlockList prefills the username in the input field if
+ using the Special:BlockList/username URL.
+* (bug 27721) Make JavaScript variables wgSeparatorTransformTable and
+ wgDigitTransformTable depend on page content language so the sort script
+ sorts correctly more often.
+* (bug 32230) Expose wgRedirectedFrom in JavaScript.
+* (bug 31212) History tab not collapsed when the screen is narrow.
+* (bug 15521) Use new section summary when the action of adding a new section
+ also happens to create the page.
+* (bug 32960) Remove EmailAuthenticationTimestamp from database when a
+ email address is removed.
+* (bug 32414) Empty page get a empty bytes attribute in Export/Dump.
+* (bug 33101) Viewing a User or User talk of username resembling IP ending
+ with .xxx causes Internal error.
+* Warning about undefined index in certain situations when $wgLogRestrictions
+ causes the first log type requested to be removed but not the others.
+* Use separate message ('prefixindex-namespace') for title of
+ Special:PrefixIndex rather then re-using Special:AllPages's allinnamespace.
+* (bug 33156) Special:Block now allows you to confirm you want to block yourself
+ when using non-normalized username.
+* (bug 33246) News icon shown for news:// URLs but not for news: URLs.
+* (bug 33305) Make mw.util.addCSS resistant to IE's @font-face bug by setting
+ cssText after DOM insertion.
+* (bug 30711) When adding a new section to a page with section=new, the text is
+ now always added to the current version of the page.
+* (bug 31719) Fix uploads of SVGs exported by Adobe Illustrator by expanding
+ XML entities correctly.
+* (bug 30914) Embeddable ResourceLoader modules (user.options, user.tokens)
+ should be loaded in <head> for proper dependency resolution.
+* (bug 32702) Removed method Skin::makeGlobalVariablesScript() has been readded
+ for backward compatibility.
+* (bug 31469) Make sure tracking category messages expand variables like
+ {{NAMESPACE}} relative to correct title.
+* (bug 33454) ISO-8601 week-based year number (format character 'o') is now
+ calculated correctly with respect to timezone.
+* (bug 32219) InstantCommons now fetches content from Wikimedia Commons using
+ HTTPS when the local wiki is served over HTTPS.
+* (bug 33525) clearTagHooks doesn't clear function hooks.
+* (bug 33523) Function tag hooks don't appear on Special:Version.
+* Files with IPTC blocks we can't read no longer prevent extraction of exif
+ or other metadata.
+* (bug 33587) Remove action "historysubmit" from history pages.
+* (bug 25800) mw.config wgAction should contain the actually performed action instead
+ of whatever the query value contains.
+* (bug 4438) Add CSS hook for current WikiPage action.
+* (bug 33703) Common border-bottom color for <abbr> should inherit default (text) color.
+* (bug 33819) Display file sizes in appropriate units.
+* (bug 32948) {{REVISIONID}} and related variables are no longer blank after doing
+ a null edit.
+* (bug 33880) $wgUsersNotifiedOnAllChanges should not send e-mail to user who made
+ the edit.
+* (bug 33902) Decoding %2B with mw.Uri.decode results in ' ' instead of +.
+* (bug 33762) QueryPage-based special pages no longer misses *-summary message.
+* Other sizes links are no longer generated for wikis without a 404 thumbnail handler.
+* (bug 29454) Enforce byteLimit for page title input on Special:MovePage.
+* (bug 34114) CSSMin::remap() doesn't respect its $embed parameter.
+* Special:Contributions/newbies now shows the contributions for the user "newbies".
+ New user contributions are obtained using the form or using ?contribs=newbie in URL.
+* It is now possible to delete images that have no corresponding description pages.
+* (bug 33165) GlobalFunctions.php line 1312: Call to a member function
+ getText() on a non-object.
+* (bug 31676) Group dynamically inserted CSS into a single <style> tag, to work
+ around a bug where not all styles were applied in Internet Explorer.
+* (bug 28936, bug 5280) Broken or invalid titles can't be removed from watchlist.
+* (bug 34600) Older skins using useHeadElement=false were broken in 1.18.
+* (bug 34604) [mw.config] wgActionPaths should be an object instead of a numeral
+ array.
+* (bug 12262) Indents and lists are now aligned
+* (bug 29753) mw.util.tooltipAccessKeyPrefix should be alt-shift for Chrome
+ on Windows
+* (bug 25095) Special:Categories should also include the first relevant item
+ when "from" is filled.
+* (bug 34972) An error occurred while changing your watchlist settings for
+ [[Special:WhatLinksHere/Example]]
+
+=== API changes in 1.19 ===
+* Made action=edit less likely to return "unknownerror", by returning the actual error
+ message (which may have come from a hook call or similar).
+* (bug 19838) siprop=interwikimap can now use the interwiki cache.
+* (bug 29748) Add API search prefix support.
+* (bug 29684) Set forgotten parameter types in ApiQueryIWLinks.
+* (bug 29685) do not output NULL parentid with list=deletedrevs&drprop=parentid.
+* siprop=interwikimap and siprop=languages can use silanguagecode to have
+ a best effort language name translation. Use CLDR extension for best result.
+* (bug 30230) action=expandtemplates should not silently override invalid title
+ inputs.
+* (bug 18634) Create API to fetch MediaWiki's language fallback tree structure.
+* (bug 26885) Allow show/hide of account blocks, temporary blocks and single IP
+ address blocks for list=blocks.
+* (bug 30591) Add support to only return keys in ApiAllMessages.
+* The API now respects $wgShowHostnames and won't share the hostname in
+ servedby if it's set to false.
+* wlexcludeuser parameter added to ApiFeedWatchlist.
+* (bug 7304) Links on redirect pages no longer cause the redirect page to show
+ up as a redirect to the linked page on Special:Whatlinkshere.
+* (bug 32609) API: Move captchaid/captchaword of action=edit from core
+ to Captcha extension(s).
+* Added 'APIGetDescription' hook.
+* (bug 32688) Paraminfo for parameter "generator" of the query module shows too
+ many types.
+* (bug 32415) Empty page get no size attribute in API output.
+* (bug 31759) Undefined property notice in querypages API.
+* (bug 32495) API should allow purge by pageids.
+* (bug 33147) API examples should explain what they do.
+* (bug 33482) Api incorrectly calls ApiBase::parseMultiValue if allowed
+ values is given as an array.
+* (bug 32948) {{REVISIONID}} and related variables are no longer blank after
+ calling action=purge&forcelinkupdate.
+* (bug 34377) action=watch now parses messages using the correct title instead
+ of "API".
+* (bug 35036) WikiLove messages were not automatically updated in JavaScript
+ after having been changed on-wiki due to a bug in core
+
+=== Languages updated in 1.19 ===
+
+MediaWiki supports over 350 languages. Many localisations are updated
+regularly. Below only new and removed languages are listed, as well as
+changes to languages because of Bugzilla reports.
+
+* Canadian English (en-ca) (new).
+* Norwegian (bokmål) (nb) (renamed from no).
+* Uighur (Latin) (ug-latn) was incorrectly marked as right-to-left language.
+* (bug 30217) Make pt-br a fallback of pt.
+* (bug 31193) Set fallback language of Assamese from Bengali to English.
+* Update date format for dsb and hsb: month names need the genitive.
+* (bug 28643) Serbian variant conversion improvements (Nikola Smolenski).
+* (bug 29405, bug 30809) Lower diacritics are invisible in titles in Indic
+ languages Assamese, Bengali, Hindi, Malyalam and Odiya.
+* (bug 32826) Titles in indic languages are partially cut.
+* (bug 33367) Gendered namespaces for Czech.
+* (bug 33014) Language::formatSize()/formatBitrate() should be able to deal
+ with larger numbers (tera-yotta).
+
+=== Other changes in 1.19 ===
+* BREAKING CHANGE: Legacy global array 'ta' and global function 'akeytt' have
+ been removed from wikibits.js.
+* jquery.mwPrototypes module was renamed to jquery.mwExtension.
+* The maintenance script populateSha1.php was renamed to the more concise
+ populateImageSha1.php.
+* The Client-IP header is no longer checked for when trying to resolve a client's
+ real IP address.
+* (bug 22096) Although IE5.x and below was already unsupported officially, stylesheets
+ existing exclusively for IE5.0 and IE5.5 have now been removed (which were in skins
+ 'chick' and 'monobook').
+* The constructor for CategoryView has changed, the second parameter is now a
+ Context source and is required.
+* The Title::escape{Local,Full,Canonical}URL methods are deprecated, please use
+ proper html building methods to escape the normal get{...}URL methods instead.
+* The $variant arguments in the Title::get{Local,Full,Link,Canonical}URL methods
+ have been replaced with a secondary query argument.
+* The $variant argument in the hooks for the Title::get{Local,Full,Link,Canonical}URL
+ methods have been removed, the variant is now part of the $query argument.
+* Removed Title::isValidCssJsSubpage(), deprecated since 1.17 in favor of
+ using Title::isCssJsSubpage() or checking Title::isWrongCaseCssJsPage().
+* Support for the deprecated hook MagicWordMagicWords was removed.
+* The Xml::namespaceSelector method has been deprecated, please use
+ Html::namespaceSelector instead (note that the parameters have changed also).
+* (bug 33746) Preload popular ResourceLoader modules (mediawiki.util) as stop-gap
+ for scripts missing dependencies.
+ New configuration variable $wgPreloadJavaScriptMwUtil has been introduced for this
+ (set to false by default for new installations). Set to true if your wiki has a large
+ amount of user/site scripts that are lacking dependency information. In the short to
+ medium term these user/site scripts should be fixed by adding the used modules to the
+ dependencies in the module registry and/or wrapping them in a callback to mw.loader.using.
+
+== MediaWiki 1.18 ==
+
+== MediaWiki 1.18.5 ==
+2012-08-30
+
+This is a security release of the MediaWiki 1.18 branch
+
+=== Changes since 1.18.4 ===
+* (bug 39700) File: link to non-existing file can inject html
+* (bug 39823) Hidden block text leaking to admins
+* (bug 39184) LDAP password leakage
+* (bug 39180) Disallow framing of api results
+* (bug 37587) Enforce language codes to be html safe
+* (bug 39824) Check global blocks on account creation
+
+== MediaWiki 1.18.4 ==
+2012-06-12
+
+This is a security release of the MediaWiki 1.18 branch.
+
+=== Changes since 1.18.3 ===
+* (bug 36938) Correctly escape uselang attribute to prevent xss
+* Expanded Blacklist for SVG Files
+
+== MediaWiki 1.18.3 ==
+2012-04-25
+
+This is a maintenance release of the MediaWiki 1.18 branch.
+
+=== Changes since 1.18.2 ===
+* (bug 35446) Using "{{nse:}}" with an invalid namespace name no longer throws
+ a PHP warning.
+* (bug 35567) The whole password reminder e-mail is now sent in the same language.
+* (bug 35961) Hash comparison should always be strict.
+* (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php
+ on line 598.
+* Fix broken email confirmation expiration caused by MWCryptRand changes.
+
+== MediaWiki 1.18.2 ==
+2012-03-21
+
+This is a maintenance and security release of the MediaWiki 1.18 branch.
+
+=== Changes since 1.18.1 ===
+* (bug 33686) could not get a list of contributors for an article when using
+ a SQLite database.
+* (Bug 33865) Exception thrown in action=parse when attempting to use the title
+ parameter without setting the text parameter.
+* UserMailer could potentially throw a fatal error when a MailAddress object had
+ an empty email address.
+* (Bug 33087) Exchange server rejected mail sent by MediaWiki
+* (bug 34528) Edit section tooltips show correction section name again
+* (bug 34246) MediaWiki:Whatlinkshere-summary message is displayed again in
+ Special:Whatlinkshere
+* (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in
+ core parser functions which operate on strings, such as formatnum.
+* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token
+ parameter present.
+* (bug 34907) Fixed exposure of tokens through load.php that could have facilitated
+ CSRF attacks.
+* (bug 35317) CSRF in Special:Upload.
+
+== MediaWiki 1.18.1 ==
+2012-01-11
+
+This a maintenance and security release of the MediaWiki 1.18 branch.
+
+=== Changes since 1.18.0 ===
+* (bug 32712) Fix for search indexing of pages with certain unicode chars following URL.
+* (bug 3901) Lang, hreflang attribs added to sidebar interlanguage links for screen readers.
+* (bug 30774) mediawiki.html: Add support for numbers and booleans in the
+ attribute values and element contents.
+* (bug 32473) [[Special:PasswordReset]] can not be used on private wiki.
+* (bug 32853) Fixed CACHE_DBA object cache type.
+* (bug 32786) Backward compatibility for extension using 1.17's Database::newFromType().
+* Fixed exception when using Special:WhatLinksHere on a Media: file.
+* (bug 32709) Private Wiki users were always taken to Special:Badtitle on login.
+* (bug 33240) Sort images are missing but referenced in css.
+* (bug 31921) Magic words REVISIONDAY, REVISIONMONTH and REVISIONYEAR were
+ not showing their values on preview.
+* (bug 32702) Removed method Skin::makeGlobalVariablesScript() has been readded
+ for backward compatibility.
+* (bug 30172) The check for posix_isatty() in maintenance scripts did not detect
+ when the function exists but is disabled. Introduced Maintenance::posix_isatty().
+* (bug 33305) Make mw.util.addCSS resistant to IE's @font-face bug by setting
+ cssText after DOM insertion.
+* (bug 29102) Upgrades no longer fail with the error "Unknown character set: 'mysql4'.
+* (bug 25355) Parser generates edit section links for special pages.
+* (bug 33321) Adding a line to MediaWiki:Sidebar that contains a pipe, but doesn't
+ have any pipes after being transformed by MessageCache, causes exception on
+ all pages.
+* Fixed recentchanges FK violation on page delete and cache purge error in updater
+ for Oracle DB.
+* (bug 33117) prop=revisions allows deleted text to be exposed through cache pollution.
+
+== MediaWiki 1.18.0 ==
+2011-11-24
+
+This is the first stable release of the MediaWiki 1.18 branch.
+
+=== Summary of selected changes in 1.18 ===
+
+Selected changes since MediaWiki 1.17 that may be of interest:
+
+* Some of the more commonly used MediaWiki extensions are now included in the
+ release tarball. These extensions are ConfirmEdit, Gadgets, Nuke, ParserFunctions,
+ Renameuser, Vector and WikiEditor.
+
+* Gender support has been improved, meaning user pages can display the correct gender
+ variant of "User" can now be used.
+
+* MediaWiki can now detect the camera orientation of an image from the Exif metadata, and
+ can rotate the image thumbnail appropriately. Metadata support has been generally
+ improved, and can now extract IPTC and XMP metadata.
+
+* Improved directionality support in 1.18 means that MediaWiki is better to use for
+ RTL users.
+
+* MediaWiki now supports protocol - relative URLs in links, interwiki targets and $wgServer
+
+* Math support has been removed from core
+
+=== Changes since 1.18.0rc1 ===
+* (bug 32228) regression in Special:Search which did not conserve profile on new search
+* (bug 32460) Categories were improperly aligned in Simple and CologneBlue
+* (bug 32412) TOC links on [[Special:EditWatchlist]] points to the fieldsets
+* (bug 32582) Fix TOC show/hide link regression on IE 8
+
+=== Changes since 1.18 beta 1 ===
+* (bug 31886) Wrong titles redirecting to Special:Badtitle in the 1.18 deployment.
+* (bug 32051) Fix description for wlprop=sizes.
+* (bug 31913) Special:MostLinkedTemplates had an incorrect GROUP BY clause
+ under Microsoft SQL.
+* (bug 32100) installer complains about suhosin GET limit.
+* (bug 31933) fix 1.18 regression in Monobook sidebar: huge spacing between portlets
+ on IE 7 and IE 8/9 in compatibility view.
+* (bug 32126) Fix 1.18 regression in watchlist editor when items already removed
+ from watchlist.
+* (bug 32183) remove the client-* classes added from user-agent-sniffing onto
+ the <html> element.
+* (bug 29912) Unit tests break if parsertest tables are still present.
+* (bug 31694) During installation, tabbing order (cursor focus) goes to logo
+ instead of 'continue'.
+* (bug 29102) Upgrade fails "Unknown character set: 'mysql4".
+* (bug 31990) justify paragraphs pref adds extra space to category listing.
+* (bug 20148) Better title for [[Special:Disambiguations]] page.
+* (bug 31502) TOC is missing on Special:EditWatchlist.
+* (bug 32256) API list=search stops at first invalid result.
+* (bug 32047) jquery.tablesorter.js: thead is before caption.
+* (bug 29854) Store protocol-relative links twice in the externallinks table,
+ one with http: in el_index and once with https.
+* (bug 31822) Error during upgrade due to output buffer reset in stdout.
+
+=== Configuration changes in 1.18 ===
+* The WantedPages::getSQL hook has been removed and replaced with
+ WantedPages::getQueryInfo. This may break older extensions.
+* The SkinTemplateBuildContentActionUrlsAfterSpecialPage,
+ SkinTemplateContentActions and SkinTemplateTabs hooks have been removed in
+ favor of SkinTemplateNavigation and SkinTemplateNavigation::SpecialPage.
+* $wgUseCombinedLoginLink controls whether to output a combined
+ login / create account link in the personal bar, or to output separate login
+ and create account links.
+* Skin names are no longer created based on a ucfirst version of the key in
+ $wgValidSkinNames but now the value. This means for
+ $wgValidSkinNames["monobook"] = "MonoBook"; the skin loader will no longer try
+ loading SkinMonobook and will instead load SkinMonoBook.
+* $wgMaxUploadSize may now be set to an array to specify the upload size limit
+ per upload type.
+* $wgAPICacheHelp added in 1.16 is now removed. To disable API help caching, set
+ $wgAPICacheHelpTimeout = 0;
+* OutputPage::isUserJsAllowed() no longer returns false when scripts are allowed
+ by the page, but $wgAllowUserJs is set to false.
+* Pure "Skin" class based custom skins are no longer supported, all custom skins
+ should be put together using SkinTemplate and BaseTemplate or QuickTemplate.
+* The transliteration for passwords in case they were migrated from an old
+ Latin-1 install (previous to MediaWiki 1.5) is now only done for wikis with
+ $wgLegacyEncoding set.
+* (bug 27508) Add $wgSVGMetadataCutoff to limit the maximum amount of an SVG we
+ look at when finding metadata to prevent excessive resource usage.
+* $wgSysopUserBans and $wgSysopRangeBans (deprecated in 1.17) are now removed.
+ Use $wgBlockCIDRLimit = array( 'IPv4' => 43, 'IPv6' => 128 ) to achieve the
+ same functionality as $wgSysopRangeBans; you can use the BlockIp hook to
+ replicate $wgSysopUserBans functionality.
+* The options on the block form have been standardised such that checking a box
+ makes the block 'more serious'; so while "check to prevent account creation"
+ and "check to enable autoblock" remain the same, "check to allow user-talk
+ edit" is reversed to "check to *disable* user-talk edit", and "check to block
+ anon-only" becomes "check to block logged-in users too". The default settings
+ remain the same.
+* Most of the field names on the Special:Block form have been changed, which
+ will probably break screen-scraping bots.
+* (bug 26866) The 'trackback' right is no longer granted to sysops by default.
+ $wgUseTrackbacks is already false by default.
+* (bug 17009) the hiddenStructure CSS class, a highly hackish way of at least
+ *appearing* to hide article elements, has been removed. Use the
+ ParserFunctions extension to actually remove unwanted elements from the
+ output.
+* (bug 14202) $wgUseTeX has been superseded by the Math extension. To re-enable
+ math conversion after upgrading, obtain the Math extension from SVN or from
+ https://www.mediawiki.org/wiki/Extension:Math and add to LocalSettings.php:
+ require_once "$IP/extensions/Math/Math.php";
+* $wgProfiler is now a configuration array, see StartProfiler.sample for
+ details.
+* $wgProfiling has been removed.
+* The spyc library is now no longer included in phase3.
+* (bug 28343) Unused preferences contextlines/contextchars have been removed
+* $wgSkinExtensionFunctions has been removed. Use $wgExtensionFunctions instead.
+* $wgProto has been removed. You now only need to set $wgServer to change the
+ URL protocol.
+* $wgRateLimitsExcludedGroups (deprecated in 1.13) has been removed.
+* $wgInputEncoding and $wgOutputEncoding (deprecated in 1.5) have now been removed.
+* $wgAllowUserSkin (deprecated in 1.16) has now been removed.
+* $wgExtraRandompageSQL (deprecated in 1.16) has now been removed.
+* LogReader and LogViewer classes (deprecated in 1.14) have now been removed.
+* (bug 26033) Added $wgArticleCountMethod to select the method to use to say
+ whether a page is an article or not. $wgUseCommaCount is now deprecated.
+* $wgEnableDublinCoreRdf and $wgEnableCreativeCommonsRdf no longer work in core,
+ and the functionality has been moved to the relevant extensions. See
+ https://www.mediawiki.org/wiki/Extension:DublinCoreRdf and
+ https://www.mediawiki.org/wiki/Extension:CreativeCommonsRdf as appropriate.
+* (bug 21107) Split error "customcssjsprotected" into separate messages for JS and CSS
+* Removed $wgCheckCopyrightUpload from DefaultSettings, since the relevant feature
+ was removed in about 1.5.
+* LogPageValidTypes, LogPageLogName, LogPageLogHeader and LogPageActionText
+ hooks have been removed.
+* New hook "Collation::factory" to allow extensions to create custom
+ category collations.
+* $wgGroupPermissions now supports per namespace permissions.
+* $wgEnableAutoRotation enables or disables auto-rotation. Leaving it set to
+ null will cause MediaWiki to determine if auto-rotation is available.
+
+=== New features in 1.18 ===
+* BREAKING CHANGE: action=watch / action=unwatch now requires a token.
+* BREAKING CHANGE: Article class hierarchy split into WikiPage (backend)
+ and Article (frontend) hierarchies. Several hooks now pass a WikiPage object instead
+ of an Article object. These hooks all use an $article parameter as documented in hooks.txt.
+ Extensions should be updated to account for this, though most won't require any changes.
+* (bug 27860) Minor edit after clicking 'new section' tab
+ Now the "This is a minor edit" checkbox is not available when you
+ create a page or new section.
+* (bug 8130) Query pages should limit to content namespaces, not just main
+ namespace.
+* Special:Contribs now redirects to Special:Contributions.
+* (bug 6672) Images are now autorotated according to their EXIF orientation.
+ This only affects thumbnails; the source remains unrotated.
+* (bug 25708) Update case mappings and normalization to Unicode 6.0.0.
+* New hook ArticlePrepareTextForEdit added, called when preparing text to be
+ saved.
+* New parser option PreSaveTransform added, allows the pre-save transformation
+ to be selectively disabled.
+* Alternative to $wgHooks implemented, using the new Hooks class.
+* Add width parameter to Special:Filepath to allow getting the file path of a
+ thumbnail.
+* (bug 26870) Add size to {{filepath:}}.
+* Upload warnings now show a thumbnail of the uploaded file.
+* Introduced the edittools-upload message, which will be inserted under the
+ upload form instead of edittools if available.
+* (bug 26285) Extensions will be automatically generated on upload if the user
+ specified a filename without extension.
+* (bug 26851) Special:UserRights now allows to prefill the reason field
+* New maintenance script to fix double redirects
+ (maintenance/fixDoubleRedirects.php).
+* (bug 23315) New body classes to allow easier styling of special pages.
+* (bug 27159) Make email confirmation code expiration time configurable.
+* (bug 29047) CSS/JS for each user group is imported from MediaWiki:Group-sysop.js,
+ MediaWiki:Group-autoconfirmed.css, etc.
+* (bug 24230) Uploads of ZIP types, such as MS Office or OpenOffice can now be
+ safely enabled. A ZIP file reader was added which can scan a ZIP file for
+ potentially dangerous Java applets. This allows applets to be blocked
+ specifically, rather than all ZIP files being blocked.
+* (bug 2429) Allow selection of associated namespace in recent changes.
+* (bug 26217) File size is now checked before uploading in HTML5 browsers.
+* CSS stylesheet MediaWiki:Noscript.css is now loaded for users with JavaScript
+ disabled (enclosed in the head in a <noscript> tag).
+* Added UserGetLanguageObject hook to change the language used in $wgLang.
+* (bug 14645) When $wgMiserMode is on, expensive special pages are styled
+ differently (italicized by default) on Special:SpecialPages.
+* Added $wgAggregateStatsID, which allows UDP stats to be aggregated over
+ several wikis.
+* When $wgAllowMicrodataAttributes is true, all itemtypes are allowed, not just
+ the three that were defined in the original specification.
+* (bug 14706) Added support for the Imagick PHP extension.
+* (bug 18691) Added support for SVG rasterization using the Imagick PHP
+ extension.
+* (bug 2581, bug 6834) Added links to thumbnail in several resolutions to the
+ file description page. The sizes are set by $wgImageLimits.
+* (bug 28031) Add pageCount support to ArchivedFile.
+* (bug 27924) PhpHttpRequest doesn't return response body if HTTP != 200.
+* Added hook BitmapHandlerTransform to allow extension to transform a file
+ without overriding the entire handler.
+* The parser now attempts to output markers for editsection tokens and defer the
+ rendering of them post-cache to reduce parser cache fragmentation and ensure
+ skin customizability of edit section links.
+* (bug 24755) AuthPlugin auto-creation of local accounts can now be aborted by
+ other extensions by handling the 'AbortAutoAccount' hook, similar to the
+ 'AbortNewAccount' triggered by explicit account creations. (They are separate
+ to avoid loops and confusion; auth plugins like CentralAuth need to handle
+ AbortNewAccount separately.
+* Special:ListFiles is now transcludable.
+* (bug 13879) Special:Emailuser asks for suitable target user if called without.
+* (bug 16956) IPTC and XMP metadata now extracted from images.
+* (bug 23816) A tracking category is now added for any pages with broken images.
+* (bug 23495) Allow createAndPromote.php to create non-sysop users.
+* (bug 28916) A way to to toggle mw.config legacy globals settings from
+ LocalSettings.php has been created by introducing $wgLegacyJavaScriptGlobals.
+* (bug 28503) Support for ircs:// URL protocols.
+* (bug 26033) It is now possible to count all non-redirect pages in content
+ namespaces as articles.
+* Images can now be embedded in an XML dump stream using backupDump.php
+ --include-files and can be imported using importDump.php --uploads;
+ furthermore, it can import files from the filesystem using --image-base-path.
+* Three new hooks in Special:Undelete, 'UndeleteForm::showHistory',
+ 'UndeleteForm::showRevision' and 'UndeleteForm::undelete', so that extensions
+ may override the usage of PageArchive class and replace it with their own
+ class that extends PageArchive.
+* (bug 28915) Implement QUnit test suite for MediaWiki JavaScript.
+ Also built-in support for distribution through a TestSwarm instance.
+* (bug 29036) For cascade-protected pages, the mw-textarea-cprotected class is
+ added to the textarea on the edit form.
+* mw.util.wikiScript has been implemented (like wfScript in GlobalFunctions.php)
+* (bug 29067) Expose user.tokens (like we do user.options) in ResourceLoader.
+* New 'Debug' hook used by wfDebug() and wfDebugLog().
+* (bug 27655) Require token for watching/unwatching pages)
+* (bug 28904) (bug 29773) Update jQuery version from 1.4.4 to 1.6.2 (the latest version)
+* (bug 29441) Expose CapitalLinks config in JS to allow modules to properly
+ handle titles on case-sensitive wikis.
+* (bug 29397) Implement mw.Title module in core.
+* In MySQL 4.1.9+ with replication enabled, fetch the slave lag from SHOW SLAVE
+ STATUS instead of SHOW PROCESSLIST. This ensures that lag is reported
+ correctly in the case where there are no write events occurring. Note that
+ the DB user now needs to have the REPLICATION CLIENT privilege if you are
+ using replication.
+* Language codes in $wgDummyLanguageCodes are now excluded on localization
+ statistics (maintenance/language/transstat.php).
+* (bug 29586) Make the (next 200) links on categories link directly to
+ the relevant section of the category.
+* (bug 29109) Allow the automatic edit summary for redirect creation
+ show the first bit of the new redirect page.
+* (bug 29723) mw.util.wikiGetlink() now defaults to wgPageName.
+* (bug 29680) Add GetDefaultSortkey hook to override the default sortkey.
+* (bug 16699) {{#language:}} accepts second parameter to specify the language in
+ which the language name is wanted. Coverage depends on the cldr extension.
+* (bug 15802) An easy way to look up messages: language qqx which returns
+ the message keys.
+* (bug 29868) Add support for passing parameters to mw.msg in jquery.localize.
+* (bug 29558) $wgMiserMode now disables update.php by default.
+* AjaxCategories: Easily add, edit or delete categories on article pages.
+ Suggests possible categories when typing, all saves are done via AJAX.
+ Supports editing of multiple categories and then saving them in one batch.
+* $wgAutopromoteOnce was added, allowing for users to be automatically promoted
+ to explicit usergroups. If a group is removed from a user via Special:UserRights,
+ it will not automatically be re-added. Configuration is similar to
+ $wgAutopromote (see DefaultSettings.php).
+* The PerformRetroactiveAutoblock hook was added to allow overriding or complementing
+ retroactive autoblock handling. This runs when blocking a user with the 'autoblock' option.
+* MediaWiki now supports using protocol-relative URLs in links, interwiki
+ targets and $wgServer.
+* Introduced $wgVaryOnXFPForAPI which will cause the API to send
+ Vary: X-Forwarded-Proto headers.
+* New maintenance script to refresh image metadata (maintenance/refreshImageMetadata.php).
+* (bug 16428) Include permalink in printable version.
+* (bug 30722) Add an identity collation that sorts things based on what the
+ unicode code point is (aka pre-1.17 behavior).
+* (bug 30940) Add a hook in User:getDefaultOptions.
+ To give extensions a better and more flexible way of providing default
+ values for preferences a hook has been introduced in User:getDefaultOptions().
+ Setting preferences in $wgDefaultUserOptions still work fine, but when reading
+ them (i.e. with array_keys) to get a list of all preferences, then
+ $wgDefaultUserOptions should no longer be used as it will contain those set via
+ User:getDefaultOptions().
+* (bug 30497) Add client-nojs and client-js classes on document element
+ to let styles easily hide or show things based on general JS availability.
+* (bug 31293) If Special:Userlogin is loaded over HTTPS, display
+ MediaWiki:loginend-https instead of MediaWiki:loginend, if it's not empty.
+ Same for signupend on the account creation page.
+* (bug 31233) New OutputPage::addJsConfigVars() method to make the output page specific
+ mw.config map extendable.
+* mw.util.wikiScript has been implemented (like wfScript in GlobalFunctions.php).
+
+=== Bug fixes in 1.18 ===
+* (bug 27860) Minor edit after clicking 'new section' tab.
+* (bug 23119) WikiError class and subclasses are now marked as deprecated.
+* (bug 10871) Javascript and CSS pages in MediaWiki namespace are no longer
+ treated as wikitext on preview.
+* (bug 22753) Output from update.php is more clear when things changed, entries
+ indicating nothing changed are now all prefixed by "...".
+* Page existence is now not revealed (in the colour of the tabs) to users who
+ cannot read the page in question.
+* (bug 19006) {{REVISIONUSER}} no longer acts like {{CURRENTUSER}} in some
+ cases.
+* (bug 16019) $wgArticlePath = "/$1" no longer breaks API edit/watch actions.
+* (bug 18372) File types blacklisted by $wgFileBlacklist will no longer be shown
+ as "Permitted file types" on the upload form.
+* (bug 26379) importImages.php gives more descriptive error message on failure.
+* (bug 26410) + signs are no longer treated as spaces in internal links if
+ link has a % sign in it.
+* (bug 26412) Search results headers no longer show a bogus edit link.
+* (bug 26540) Fixed wrong call to applyPatch in MysqlUpdater.
+* (bug 26574) Added 'upload' to $wgRestrictionTypes, allowing upload protected
+ pages to be queried via the API and Special:ProtectedPages, and allowing
+ disabling upload protection by removing it from $wgRestrictionTypes.
+* If an edit summary exceeds 250 bytes and is truncated, add an ellipse.
+* (bug 26638) Database error pages display correctly in RTL languages.
+* (bug 26187) Confirmrecreate no longer parses the edit summary.
+* (bug 26208) Mark directionality of some interlanguage links.
+* (bug 26034) Make the "View / Read" tab in content_navigation style tabs remain
+ selected when the action is "purge".
+* (bug 14267) Support a MediaWiki:Mainpage-nstab override for the subject
+ namespace tab on the mainpage of a wiki.
+* (bug 10158) Do not mention allowing others to contact you when the feature
+ is disabled ($wgEnableUserEmail=false).
+* (bug 26733) Wrap initial table creation in transaction.
+* (bug 26729) Category pages should return 404 if they do not exist and have no
+ members.
+* (bug 2585) Image pages should send 404 if no image, no shared image and no
+ description page.
+* Custom editintro's using the editintro url parameter will no longer show
+ <noinclude> sections on pages they are included on.
+* (bug 26449) Keep underlines from headings outside of tables and thumbs by
+ adding overflow:hidden to h1,h2,h3,h4,h5,h6 (also fixes editsection bunching).
+* (bug 26708) Remove background-color:white from tables in Monobook and Vector.
+* (bug 28422) Remove color:black from tables in Monobook and Vector. And add it
+ to table.wikitable instead.
+* (bug 26781) {{PAGENAME}} and related parser functions escape their output
+ better.
+* (bug 26716) Provide link to instructions for external editor related
+ preferences and add a comment to the ini control file explaining what is
+ going on.
+* Trying to upload a file with no extension or with a disallowed MIME type now
+ gives the right message instead of complaining about a MIME/extension
+ mismatch.
+* (bug 26809) Uploading files with multiple extensions where one of the
+ extensions is blacklisted now gives the proper extension in the error message.
+* (bug 26961) Hide anon edits in watchlist preference now actually works.
+* (bug 19751) Filesystem is now checked during image undeletion.
+* Send last modified headers for Special:Recentchanges when RC patrol is
+ enabled, but user cannot see rc patrol links.
+* (bug 26548) ForeignAPIRepo (InstantCommons) now works with PDF files
+ and other multi-paged file formats.
+* Files with a mime type that does not match the extension are now properly
+ thumbnailed.
+* (bug 27201) Special:WhatLinksHere output no longer contains duplicate IDs.
+* (bug 15905) Nostalgia skin could become more usable by including a Talk:
+ link at the top of the page.
+* (bug 27560) Search queries no longer fail in Walloon language.
+* (bug 27679) Broken embedded files with special characters are no longer
+ double HTML escaped.
+* (bug 27700) The upload protection can now also be set for files that do not
+ exist.
+* (bug 27763) Article::getParserOutput() no longer throws a fatal given when an
+ incorrect revision ID is passed.
+* Trim the form field for uploading by url to remove extra spaces which could
+ cause confusing error messages.
+* (bug 27854) Http::isValidURI is way too lax.
+* Do not show enotifminoredits preference, if disabled by $wgEnotifMinorEdits.
+* AbortLogin returning "ABORTED" now handled. Also allows message identifier
+ for "ABORTED" reason to be returned and displayed to user.
+* (bug 28034) uploading file to local wiki when file exists on shared repository
+ (commons) gives spurious info in the warning message.
+* Usernames get lost when selecting different sorts on Special:listfiles.
+* (bug 14005) editing section 0 of an existing but empty page gives no such
+ section error.
+* (bug 26939) Installer does not set $wgMetaNamespace.
+* (bug 28166) UploadBase assumes that 'edit' and 'upload' rights are not per
+ page restrictions.
+* Make truncate function automatically consider length of '...' string,
+ since length can vary by localization.
+* (bug 28242) Make redirects generated by urls containing a local interwiki
+ prefix be a 301 instead of a 302.
+* (bug 15641) blocked administrators are now prevented from deleting or
+ protecting their own talk page; and all blocked users are more
+ comprehensively prevented from performing other actions.
+* (bug 27893) Edit-on-doubleclick now applies only on view and purge actions;
+ no longer triggers unexpectedly on delete, history etc.
+* (bug 28417) Fix PHP notice when importing revision without a listed id.
+* (bug 28430) Make html and TeX output of <math> always be left-to-right.
+* (bug 28306) Fix exposure of suppressed usernames in ForeignDBRepo.
+* (bug 28372) Fix bogus link to suppressed file versions in ForeignDBRepo.
+* (bug 27473) Fix regression: bold, italic no longer interfere with linktrail
+ for ca, kaa.
+* (bug 28444) Fix regression: edit-on-doubleclick retains revision id again.
+* ' character entity is now allowed in wikitext.
+* UtfNormal::cleanUp on an invalid utf-8 sequence no longer returns false if
+ intl installed.
+* (bug 28561) The css class small will no longer make nested elements even
+ smaller.
+* (bug 13172) Array type exif data (like GPS) was not being extracted from
+ images.
+* (bug 28532) wfMsgExt() and wfMsgWikiHtml() use $wgOut->parse().
+* (bug 16129) Transcluded special pages expose strip markers when they output
+ parsed messages.
+* (bug 27249) "Installed software" table in Special:Version should always be
+ left-to-right.
+* (bug 28719) Do not call mLinkHolders __destruct explicitly.
+* (bug 21196) Article::getContributors() no longer fails on PostgreSQL.
+* (bug 28752) XCache doesn't work in CLI mode.
+* (bug 28076) Thumbnail height limited to 360 pixels on Special:Listfiles.
+* (bug 22227) Special:Listfiles no longer throws an error on bogus file entries.
+* (bug 19408) user_properties.up_property: 32 bytes is not enough.
+* (bug 25262) Fix for minification of hardcoded data: URIs in CSS.
+* (bug 29263) Add LTR class to the shared CSS to be used for left-to-right text
+ such as SQL queries shown in dberrortext and similar messages in RTL
+ environments.
+* (bug 14977) Fixed $wgServer detection in cases where an IPv6 address is used
+ as the server name.
+* The View X deleted revisions is now shown again on Special:Upload.
+* (bug 29071) mediawiki.action.watch.ajax.js should pass uselang to API.
+* (bug 28868) Show total pages in the subtitle of an image on the
+ file description page for multi-paged documents.
+* (bug 28883) Message names for different compression types commonly
+ used in Tiff files.
+* When transcluding a special page, do not let it interpret url parameters.
+* (bug 28887) Special page classes are no longer re-used during 1 request.
+* (bug 28888) Searching for something starting with a # sign no longer tells
+ the user a page named [[:]] already exists.
+* (bug 23002) Imagelinks table not updated after imagemove.
+* (bug 27864) Transcluding {{Special:Prefix}} with empty prefix now lists all
+ pages.
+* (bug 18803) JPEG2000 images should not be uploadable as .jpg files.
+* (bug 11868) If using links to count articles, the checking will now be based
+ on the real presence of an internal link instead of the "[[" string.
+* (bug 28287) The "your changes" box for edit conflicts is now read-only.
+* (bug 28940) When making a thumb of an SVG, and only specifying the height
+ make the width be the max SVG size, not the natrual width of the SVG.
+* (bug 1780) Uploading files with non-ascii characters are now forbidden on
+ Windows.
+* (bug 23464) File: prefixes are now chopped off during uploading.
+* (bug 28174) Message config-logo-help amended to not explicitly assume any
+ LTR/RTL screen layout.
+* (bug 28992) Revision numbers in the patrol log are transformed in the user
+ language.
+* (bug 27073) ResourceLoaderDynamicStyles marker should be dynamically appended to
+ the document head if it doesn't exist.
+* (bug 27023) After the document is ready, mw.loader is broken (calls callback
+ before module is parsed).
+* (bug 4330) External URLs without a custom title should be treated as LTR,
+ even in RTL text.
+* (bug 29055) Make "don't send email on minor edits" preference apply to
+ changes to talk page in addition to watchlist edits.
+* (bug 28272) Special:AllMessages should have only one "Go" button.
+* (bug 29101) Special:FileDuplicateSearch no longer shows silly message.
+* (bug 29048) jQuery.tabIndex: firstTabIndex() should not output the same
+ as lastTabIndex().
+* (bug 29332) Warn if user requests mediawiki-announce subscription but does not
+ enter an e-mail address.
+* (bug 25375) Add canonical namespaces to "wgNamespaceIds" in mw.config.
+* The class JpegOrTiffHandler was renamed ExifBitmapHandler.
+* (bug 29443) Special:Undelete should use JavaScript to invert all checkboxes
+ instead of reloading the page.
+* (bug 29325) Setting $wgStrictFileExtensions to false no longer gives incorrect warning.
+* (bug 29437) Multiple apostrophes in deleted article title cause odd rendering.
+* (bug 29485) RSS feed of Special:RecentChange grouped together multiple
+ consecutive edits by same user in included diff, but then linked to
+ a single ungrouped diff.
+* Do not try to group together a page creation and edit in the RSS feed of RC.
+* (bug 29342) Patrol preferences shouldn't be visible to users who don't have
+ patrol permissions.
+* (bug 29471) Exception no longer thrown for files with invalid date in metadata.
+* (bug 29492) Long-running steps in the installer (such as Upgrade and Install)
+ no longer cause timeouts.
+* (bug 29507) Change 'image link' to 'file link' in Special:Whatlinkshere.
+* If the db is really screwed up, and doesn't have a recentchanges table,
+ make the updater throw an exception instead of a fatal.
+* wfArrayToCGI() and wfCgiToArray() now handle nested and associative arrays
+ correctly.
+* (bug 29567) mw.util.addPortletLink should only wrap link in <span> for
+ "vectorTabs" portlets.
+* (bug 8556) Incorrect session failure warning on preview-on-open
+ namespaces (categories) when combined with $wgRawHtml.
+* Use content language in formatting of dates in revertpage message
+ (rollback revert edit summary) and do not adjust for user timezone.
+* (bug 29277) MediaWiki:Filepage.css is also shown on the local wiki
+* Make sure Backlink cache does not retrieve interwiki redirects when looking for
+ redirects to a local page.
+* (bug 6100) Allow different directionality (LTR/RTL) for user interface
+ and wiki content, along with many other RTL and directionality improvements
+ (such as bugs 28030, 12406, 28349).
+* (bug 29712) Removed broken defaultUserOptionOverrides in MessagesXx files and
+ unneeded CSS flipping of quickbar. Instead, introduce option 5 which sets
+ left/right according to the directionality of your interface language.
+* (bug 19514) Unordered list list-style-image should be IE6-compatible (8-bit).
+* (bug 27410) The tag filter on a history page is now within a <label> element.
+* (bug 29779) DairikiDiff/WikiDiff <ins> and <del> should undo browser default
+ styling (strike/underline).
+* (bug 28630) Add iwlinks, langlinks, redirect to
+ RefreshLinks::deleteLinksFromNonexistent.
+* (bug 29797) Error: "Tried to load block with invalid type" when subpages
+ are disabled for user pages.
+* (bug 12205) Bidirectional names in action=credits are split and displayed
+ incorrectly when wrapped to the next line.
+* (bug 20781) Move 'mainpagetext' messages to installer's .i18n file.
+* (bug 29737) "MediaWiki:Qbsettings-directionality" should refer to script,
+ not language.
+* (bug 26360) $wgSessionHandler was overriding system settings unconditionally.
+* Removed AjaxFunctions.php. The last remaining function js_unescape() was moved
+ to the FCKEditor extension.
+* (bug 28762) Resizing to specified height broken for very thin images.
+* (bug 29959) Installer fatal when cURL and allow_url_fopen is disabled and user
+ tries to subscribe to mediawiki-announce.
+* (bug 27427) mw.util.getParamValue shouldn't return value from hash even if
+ param is only present in hash.
+* Installer checked for magic_quotes_runtime instead of register_globals.
+* (bug 30131) XCache with variable caching disabled no longer used for variable
+ caching (CACHE_ACCEL)
+* $wgSVGMaxSize is now applied to the smaller of width or height, making very wide
+ pano/timeline/diagram SVGs renderable at saner sizes.
+* (bug 30219) The page shown when LocalSettings.php does not exist was broken on
+ Windows servers.
+* (bug 30074) Moving user JS subpages resulted in JS errors because
+ #REDIRECT [[Foo]] is invalid JS.
+* (bug 30335) Fix for HTMLForms using GET breaking when non-friendly URLs
+ are used.
+* (bug 30264) Changed installer-generated LocalSettings.php to use require_once()
+ instead of require() for included extensions.
+* Tracking categories are no longer shown in footer for special pages.
+* (bug 30684) Fix bad escaping in mw.message for inexistent messages (i.e. <key>).
+* $wgOverrideSiteFeed no longer double escapes urls.
+* The preprocessor no longer fails with a PHP warning about XML_PARSE_HUGE when
+ processing complex pages using newer versions of libxml2.
+* (bug 30907) Special:Unusedcategories should sort ascendingly.
+* (bug 28545) When using the uca-default collation, sortkey's starting with a
+ space (U+20) will sort under an invisible header like in 1.16 rather than a U+6DE.
+* (bug 30192) Thumbnails of archived files are now deleted.
+* (bug 30843) mediawiki.Title should not convert extensions (anything after the
+ last full stop) to lower case).
+* (bug 31213) Exception thrown when trying to move file cross-namespace.
+* (bug 18424) Special:Prefixindex and Special:Allpages paging links are
+ really small, and somewhat inconsistent with each other.
+* (bug 30466) Entries in iwlinks table are now cleared when moving a page over
+ redirect.
+* (bug 31674) Can't edit watchlist if it contains special pages.
+* (bug 32100) Installer complains about Suhosin GET limit even if it is
+ already set above 1024 bytes.
+
+=== API changes in 1.18 ===
+* BREAKING CHANGE: action=watch now requires POST and token.
+* (bug 26339) Throw warning when truncating an overlarge API result.
+* (bug 14869) Add API module for accessing QueryPage-based special pages.
+* (bug 14020) API for Special:Unwatchedpages.
+* (bug 24287) Wrap API Help output at 100 characters.
+* Add a realname uiprop option to query=userinfo so a user's realname can be
+ extracted.
+* Add a &watchuser option to ApiBlock.
+* (bug 26541) Generator-ise ApiQueryRecentChanges.
+* action=parse now correctly returns an error for nonexistent pages.
+* (bug 25767) Add userrights properties to allusers and users query lists.
+* (bug 26558) list=allusers auprop=groups does not list groups a user is
+ automatically a member of.
+* (bug 26559) list=allusers auprop=rights does not match
+ list=users usprop=rights.
+* (bug 26560) On allusers if limit < total number of users, last user gets
+ duplicate.
+* (bug 25135) add "normalized" to action=parse.
+* (bug 26460) Add support for listing category members by category pageid.
+* (bug 26482) add a imimages param to prop=images.
+* (bug 26498) allow LinksUpdate with API.
+* (bug 26485) add a elextlinks param to prop=extlinks.
+* (bug 26483) add a iwtitles param to prop=iwlinks.
+* (bug 26484) add a lltitles param to prop=langlinks.
+* (bug 26480) add a pppageprops param to prop=pageprops.
+* (bug 26650) Remove $wgAPICacheHelp in favour of $wgAPICacheHelpTimeout.
+* (bug 24650) Fix API to work with categorylinks changes.
+* Expose list of skins in meta=siteinfo.
+* (bug 26548) Add iiurlparam param to query=imageinfo and query=stashimageinfo.
+* (bug 27205) aiprop=metadata and aiprop=parsedcomment need help text.
+* Add a amtitle param to meta=allmessages.
+* (bug 25832) query=allimages now outputs ns/title as well.
+* (bug 27199) Thumbnail urls can be fetched for old files as well.
+* (bug 27376) when using ApiBase::PARAM_TYPE => 'integer' without a min or
+ max value, API doesn't validate the input is actually an integer.
+* (bug 27479) API error when using both prop=pageprops and
+ prop=info&inprop=displaytitle.
+* (bug 27554) Update API information text to reflect change in bug 26125.
+* (bug 27611) list=blocks: Use ipb_by_text instead of join with user table.
+* (bug 27616) Add userid of blocked user and blocker to list=blocks.
+* (bug 27688) Simplify queries to list user block information.
+* (bug 27708) list=users does not have a property to return user id.
+* (bug 27715) imageinfo didn't respect revdelete.
+* (bug 27862) Useremail module didn't properly return success on success.
+* (bug 27590) prop=imageinfo now allows querying the media type.
+* (bug 27587) list=filearchive now outputs full title info.
+* (bug 27018) Added action=filerevert to revert files to an old version.
+* (bug 27897) list=allusers and list=users list hidden users.
+* (bug 27717) API's exturlusage module does not respect $wgMiserMode.
+* (bug 27588) list=filearchive&faprop=sha1 returns empty attribute.
+* (bug 28010) Passing a non existent user to list=users gives internal error.
+* (bug 27549) action=query&list=users&usprop=groups doesn't show implicit
+ groups if a user doesn't have explicit groups.
+* (bug 27670) Ordering by timestamp (and usage of start and end) isn't as clear
+ in auto generated document, as it is on mediawiki.org.
+* (bug 27182) API: Add filter by prefix for meta=allmessages.
+* (bug 27183) API: Add filter by customisation state for meta=allmessages.
+* (bug 27340) API: Allow listing of "small" categories.
+* (bug 27342) Add audir param to list=allusers.
+* (bug 27203) add fato param to list=filearchive.
+* (bug 27341) Add drto param to list=deletedrevs.
+* (bug 26630) Add API for Special:ActiveUsers.
+* (bug 27020) API: Allow title prefix search of logevents (only when not in
+ miser mode).
+* (bug 26629) add Special:MIMESearch to API.
+* (bug 27585) add pagecount to list=filearchive.
+* (bug 28104) Namespace for local pages in interwiki backlinks (iwbacklinks)
+ is missing.
+* (bug 27343) Add parseddescription to list=filearchive.
+* (bug 27469) label implicit groups in list=allusers&auprop=groups/
+ list=users&usprop=groups.
+* Addition of APIQuerySiteInfoGeneralInfo hook to add extra information to
+ the general site info results.
+* (bug 16288) API: consider making closure status of wikis more clear
+ with meta=siteinfo.
+* (bug 27589) list=allimages&aiprop=archivename is useless.
+* (bug 27586) Remove duplication of props in ApiQueryStashImageInfo
+ by using ApiQueryImageInfo.
+* (bug 28226) prop=extlinks&eloffset should be an integer.
+* (bug 28070) Fix watchlist RSS for databases that store timestamps in a
+ real timestamp field.
+* API upload errors may now return the parameter that needs to be changed and
+ a sessionkey to fix the error.
+* (bug 28249) allow dupes in meta=allmessages&amargs.
+* (bug 28263) cannot import xml with the API, when have not "import" user
+ right, but "importupload".
+* (bug 28365) Added description for uiprop=preferencestoken in meta=userinfo.
+* (bug 28394) Set forgotten parameters types in ApiUnblock.
+* (bug 28395) Set forgotten parameters types in ApiParse.
+* (bug 28368) add hint for multipart/form-data to API information of
+ action=import&xml=.
+* (bug 28391) action=feedwatchlist&allrev should be a bool.
+* (bug 28364) add registration date to meta=userinfo.
+* (bug 28254) action=paraminfo: Extract type from PARAM_DFLT if
+ PARAM_TYPE is not set.
+* (bug 27712) add parent_id to list=deletedrevs.
+* (bug 28455) Add 'toponly' to recentchanges API module.
+* (bug 26873) API: Add 'toponly' filter in usercontribs module.
+* (bug 28586) YAML: strings that are the same as boolean literals.
+* (bug 28591) Update/replace/supplement spyc (YAML parsing library).
+* YAML API output is now 1.2 compliant, using JSON as the formatter.
+* (bug 28672) give information about misermode on API.
+* (bug 28558) Add iw_api and iw_wikiid to meta=siteinfo&siprop=interwikimap
+* (bug 26882) Allow listing of indefinite protections with the API.
+* (bug 27344) add drprefix param to list=deletedrevs.
+* (bug 28560) list=deletedrevs should die, if combination of param is invalid.
+* (bug 28238) paraminfo: output both limits for multi param.
+* (bug 27179) API: List of extension tags through meta=siteinfo.
+* Get a list of function hooks through meta=siteinfo.
+* Get a list of all subscribed hooks, and those subscribers.
+* (bug 28225) Allow hiding of user groups in list=allusers.
+* (bug 27185) API: Add Special:ComparePages.
+* (bug 28265) allow outputting of comments for action=expandtemplates.
+* (bug 27790) Add query type for querymodules to output of ApiParamInfo.
+* (bug 28963) Add langbacklinks query module to the api.
+* (bug 27593) API should return error message when sha1/sha1base36 is invalid.
+* (bug 28578) API's parse module should not silently override invalid
+ title inputs.
+* (bug 20699) Watchlist API should list log-events.
+* (bug 29070) Require a token in API action=watch.
+* (bug 29221) Expose oldrevid in ApiQueryWatchlist output.
+* (bug 29267) Always give the servername for meta=siteinfo&siprop=dbrepllag.
+* (bug 28897) rvparse now respects rvsection for action=query&prop=revisions.
+* (bug 25734) API: Possible issue with revids validation.
+* (bug 28002) Internal error in ApiFormatRaw::getMimeType.
+* (bug 29237) ApiQuery now has an option to output the "iwurl" attribute.
+* (bug 28392) Mark action=undelete×tamps as type "timestamp".
+* (bug 21346) Make deleted images searchable by hash (disabled in Miser Mode).
+* (bug 27595) sha1 search of list=filearchive does not work.
+* (bug 26763) Make RSS/Atom of user contributions more visible.
+* (bug 25133) Allow redirects also for action=parse&pageid.
+* (bug 29745) Fatal error in API search.
+* (bug 29476) API returns page title instead of sectiontitle for
+ srprop=sectiontitle.
+* Correct the documentation of srprop properties.
+* (bug 28817) Add reference help page link to API Modules.
+* (bug 29935) Improve formatting of examples in ApiParamInfo.
+* (bug 29938) list=users&usprop=rights shows rights the user doesn't have.
+* (bug 24781) The API will include an XML namespace if the includexmlnamespace
+ parameter is set.
+* (bug 29392) Setting the start or end parameter now works with lists blocks,
+ categorymembers, deletedrevs, logevents, protectedtitles, usercontributions
+ and watchlist in Postgres.
+
+=== Languages updated in 1.18 ===
+
+MediaWiki supports over 330 languages. Many localisations are updated
+regularly. Below only new and removed languages are listed, as well as
+changes to languages because of Bugzilla reports.
+
+* Angika (anp) (new).
+* Brahui (brh) (new).
+* Central Dusun (dtp) (new).
+* Jamaican Creole English (jam) (new).
+* Khowar (khw) (new).
+* Liv (liv) (new).
+* Kichwa (qug) (new).
+* Tokipona (tp) (removed) 'tokipona' is still valid.
+* (bug 17160) Gender specific display text for User namespace.
+* Link trail added for sl and sh.
+* (bug 27633) Add characters to linkTrail for Portuguese (pt and pt-br).
+* (bug 27426) Set $namespaceGenderAliases for Arabic (ar).
+* (bug 27385) Set Polish $namespaceGenderAliases.
+* (bug 27681) Set $namespaceGenderAliases for Portuguese (pt and pt-br).
+* (bug 27785) Fallback language for Kabardian (kbd) is English now.
+* (bug 27825) Raw watchlist edit message now uses formatted numbers.
+* (bug 28040) Turkish: properly lower case 'I' to 'i' (dotless i) and
+ uppercase 'i' to 'I' (dotted i).
+* Conversion script between Syllabics and Latin for the Inuktitut language.
+* Date formats for Indonesian (id) updated.
+* Bhojpuri (bho) (renamed from "bh").
+* (bug 29031) When translating block log entries, indefinite, infinite, and
+ infinity are now considered the same.
+* Aromanian (rup) (renamed from "rua-rup").
+* Kashmiri (ks) split into Kashmiri (Perso-Arabic) (ks-arab) and Kashmiri
+ (Devanagari) (ks-deva). Defaults to ks-arab.
+* (bug 30864) Use bengali numerals for <ol> for Assamese.
+* (bug 30817) Restored linktrail for kk (Kazakh).
+* (bug 27398) Add $wgExtraGenderNamespaces for configured gendered namespaces.
+* (bug 30846) New LanguageOs class.
+
+=== Other changes in 1.18 ===
+* Removed legacy wgAjaxWatch javascript global object, no longer in use.
+* (bug 28556) Upload support for MacBinary files has been removed (Used by
+ Internet Explorer 5 for Mac OS 9).
+* On wiki farm setups using $wgConf, 'wgCanonicalServer' is now expected to be
+ set for all wikis. This was already the case for 'wgServer'.
+
+== MediaWiki 1.17 ==
+
+== MediaWiki 1.17.5 ==
+2012-06-12
+
+This is a security release of the MediaWiki 1.17 branch.
+
+=== Summary of selected changes in 1.17 ===
+
+Selected changes since MediaWiki 1.16 that may be of interest:
+
+* A new installer has been introduced. It has a wizard-style interface which is
+ translated into many languages. Many shortcomings in the old installer were
+ addressed with this rewrite. Note that it is no longer required for the config
+ directory to be made writable by the webserver. Instead the generated
+ LocalSettings.php file is offered as a download, which you must then upload
+ to the wiki's base directory.
+
+* ResourceLoader, a new framework for delivering client-side resources such as
+ JavaScript and CSS, has been introduced. These resources are now delivered
+ through the new entry point script "load.php", instead of as static files
+ served directly by the web server. This allows minification, compression and
+ client-side caching to be used more effectively, which should provide a net
+ performance improvement for most users.
+
+* Category sorting has been improved.
+** Sorting is now case insensitive.
+** Sub-categories, pages and files can now be paged separately.
+** When several pages are given the same sort key, they sort by their
+ names instead of randomly.
+
+* The lowest supported version of PHP is now 5.2.3. If necessary, please
+ upgrade PHP prior to upgrading MediaWiki.
+
+=== Changes since 1.17.4 ===
+
+* (bug 36938) Correctly escape uselang attribute to prevent xss
+* Expanded Blacklist for SVG Files
+
+=== Changes since 1.17.3 ===
+
+* (bug 35961) Hash comparison should always be strict.
+* Fix broken email confirmation expiration caused by MWCryptRand changes.
+* (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php
+ on line 598.
+
+=== Changes since 1.17.2 ===
+
+* (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in
+ core parser functions which operate on strings, such as padleft.
+* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token
+ parameter present.
+* (bug 34907) Fixed exposure of tokens through load.php that could have facilitated
+ CSRF attacks.
+* (bug 35317) CSRF in Special:Upload.
+
+=== Changes since 1.17.1 ===
+* (bug 33117) prop=revisions allows deleted text to be exposed through cache pollution.
+* (bug 32709) Private Wiki users were always taken to Special:Badtitle on login.
+
+=== Changes since 1.17.0 ===
+
+* (bug 29535) Added missing Creative Commons CC0 icon.
+* (bug 29726) Fixed failure to load internationalization messages in
+ client-side scripts on WebKit-based browsers.
+* Fixed a bug in message transformation where the previous language could leak
+ into later transformations in the UI language.
+* (bug 29091) Fixed form of native name for Ossetic language (Иронау -> Ирон)
+* Fixed maintenance scripts upgrade1_5.php and rebuildImages.php, they did not
+ work at all since 1.17 beta 1.
+* (bug 29531) Fixed img_auth.php for thumbnails and other filenames with
+ multiple dots, was broken by the fix for bug 28840.
+* In the maintenance script purgeList.php, fixed a fatal error when a page
+ title is given, instead of a URL.
+* (bug 19514) Unordered list list-style-image should be IE6-compatible (8-bit).
+* Installer checked for magic_quotes_runtime instead of register_globals.
+* $wgSVGMaxSize is now applied to the smaller of width or height, making very
+ wide pano/timeline/diagram SVGs renderable at saner sizes.
+* (bug 29959) Installer fatal when cURL and allow_url_fopen is disabled and user
+ tries to subscribe to mediawiki-announce.
+* Installer checked for magic_quotes_runtime instead of register_globals
+* (bug 30131) XCache with variable caching disabled no longer used for variable
+ caching (CACHE_ACCEL)
+* (bug 30264) Changed installer-generated LocalSettings.php to use require_once()
+ instead require() for included extensions.
+* (bug 26486) ResourceLoader modules with paths to nonexistent files cause PHP
+ warnings/notices to be thrown
+* (bug 30907) Special:Unusedcategories should sort ascendingly.
+* (bug 30219) The page shown when LocalSettings.php does not exist was broken on
+ Windows servers.
+* Hardcoded NLS_NUMERIC_CHARACTERS for Oracle DB to prevent type conversion errors.
+* Fixed recentchanges FK violation on page delete and cache purge error in updater
+ for Oracle DB.
+* (bug 32276) Skins were generating output using the internal page title which
+ would allow anonymous users to determine whether a page exists, potentially
+ leaking private data. In fact, the curid and oldid request parameters would
+ allow page titles to be enumerated even when they are not guessable.
+* (bug 32616) action=ajax requests were dispatched to the relevant internal
+ functions without any read permission checks being done. This could lead to
+ data leakage on private wikis.
+
+=== Changes since 1.17.0rc1 ===
+
+* Fixed syntax error in generated LocalSettings.php when a non-default user
+ rights profile is chosen.
+* (bug 29399) Fixed PostgreSQL installation when the DB user for installation
+ is the same as the one for web access.
+* (bug 29233) Fixed failover for DB slave servers. When a DB slave went down,
+ an error was immediately shown to the user, instead of trying another slave.
+ Was broken since 1.17 beta 1.
+* (bug 29278) Fixed PHP fatal error when attempting to add text to a page via a
+ redirect.
+* (bug 29408) Fixed uploads of files with MIME types that aren't detected by
+ MediaWiki.
+* Removed DEFAULT '' NOT NULL field definitions from Oracle DB schema because
+ using the DEFAULT value ('') in DML broke Oracle backend as it treats an
+ empty VARCHAR2 value as NULL. Indexes on Oracle do not require NOT NULL
+ fields.
+
+=== Changes since 1.17 beta 1 ===
+
+* Fixed warning about missing file "password.js".
+* When installing on MySQL, don't attempt to create a new database user if the
+ same user is used for installation and web access.
+* Fixed SQL query errors in queries with table aliases.
+* (bug 27891) Fixed the "chronology protector", broken since 1.17beta1, which
+ ensures that when database replication is used, the new version is seen by
+ the user immediately after they create or edit an article.
+* (bug 28845) Allow PostgreSQL installation using a non-root user account which
+ has role creation abilities.
+* When installing on PostgreSQL and the install account is the same as the web
+ account, check to make sure that the account has suitable privileges in the
+ mediawiki schema.
+* (bug 28172) Fixed error in PostgreSQL installation when creating the wiki
+ sysop account.
+* Fixed an issue with the Oracle installer in cases where the user is different
+ to the database name.
+* Added "unblockself" to the list of available rights.
+* In the installer, fixed the "user rights profile" option, it never worked.
+* (bug 29117) Fixed Hebrew localisation of the installer.
+* (bug 28840) Reduce the collateral damage caused by the fix for bug 28235 (XSS
+ on Internet Explorer 6 due to a file extension in the query string) by
+ reducing the number of URLs that are blocked, and by redirecting the request
+ to a safer URL where possible instead of blocking it.
+* (bug 28812) Fixed documentation of API action=parse.
+* (bug 28979) Fixed styling of <abbr> and <acronym>.
+* Fixed the error message displayed when you try to create an account by email,
+ but an email address is not given.
+* Fixed JS error due to missing dependency for jquery.suggestions.
+* Exposed $wgExtensionAssetsPath in JavaScript.
+* (bug 28738) Made ResourceLoader support environments with small URL length
+ limits. The length limit can be configured via $wgResourceLoaderMaxQueryLength,
+ and this is set automatically in the generated LocalSettings.php when the
+ php.ini variable "suhosin.get.max_value_length" is set. When a URL exceeds
+ this limit, the request is split up. Also, reduced the average length of
+ load.php URLs by using a more compact parameter format.
+* (bug 25262) Fix for minification of hardcoded data: URIs in CSS.
+* (bug 25124) Respect $wgStyleDirectory in ResourceLoader.
+* Allow installation when no HTTP client is available, don't throw an exception.
+* (bug 27465) Fix metadata extraction for SVG files using unusual namespace
+ names.
+* (bug 29174) Fix regression in upload-by-URL: uploading files larger than the
+ PHP memory limit should work again.
+* Fixed the display of comments in the new user log.
+* (bug 28237) When installing extensions using the web-based installer, create
+ any necessary database tables.
+* (bug 28983) Fixed automated installation of extensions that overwrite $path.
+* Fixed error caused by missing magic words.
+* Fixed breakage of article editing in PostgreSQL due to text search
+ configuration errors.
+* Fixed the HTTPS client used when Curl is not available. This avoids an error
+ during install about failure of the mediawiki-announce subscription.
+* (bug 28162) When installing to PostgreSQL, respect the "database port" input,
+ it was ignored.
+
+=== Configuration changes in 1.17 ===
+
+* $wgLogAutocreatedAccounts controls whether autocreation of accounts is logged
+ to new users log.
+* (bug 22858) $wgLocalStylePath is by default set to the same value as
+ $wgStylePath but should never point to a different domain than the site is
+ on, allowing skins to use .htc files which are not cross-domain friendly.
+* $wgFileStore has been deprecated. The only usage $wgFileStore['deleted'] has
+ been turned into $wgDeletedDirectory.
+* $wgDeletedDirectory has been added to specify what directory to place deleted
+ uploads in.
+* IBM DB2 database no longer uses the db specific $wgDBport_db2 variable but the
+ normal $wgDBport.
+* $wgCategoryPrefixedDefaultSortkey was removed and is now always false. This
+ provides more sensible sorting behavior for categories.
+* Removed unused globals: $wgEnableSerializedMessages, $wgCheckSerialized,
+ $wgUseMemCached, $wgDisableSearchContext, $wgColorErrors, $wgUseZhdaemon,
+ $wgZhdaemonHost and $wgZhdaemonPort.
+* (bug 24408) The include_path is not modified in the default LocalSettings.php
+* $wgVectorExtraStyles was removed, and is no longer in use.
+* Removed $wgUpdates for database updates; extensions should use
+ DatabaseUpdater::addExtensionUpdate() via the LoadExtensionSchemaUpdates hook.
+* Removed $wgServerName. It doesn't need to be set anymore and is no longer
+ available as input for other configuration items, either.
+* It's no longer necessary for LocalSettings.php to include DefaultSettings.php.
+* It's no longer necessary to set $wgCacheEpoch to the file modification time
+ of LocalSettings.php, in LocalSettings.php itself. Instead, this is done
+ automatically if $wgInvalidateCacheOnLocalSettingsChange is true (which is
+ the default).
+* $wgCopyrightIcon is deprecated and $wgFooterIcons['copyright']['copyright']
+ should be used instead.
+* $wgSysopUserBans is deprecated, and will be made permanently true in 1.18.
+ If you need this functionality, you should use the BlockIp hook to filter and
+ reject such blocks.
+* $wgSysopRangeBans is deprecated, you should set $wgBlockCIDRLimit to maximum
+ (32 for IPv4, 128 for IPv6), equivalent to allowing rangeblocks of only 1
+ address at a time.
+
+=== New features in 1.17 ===
+
+* (bug 10183) Users can now add personal styles and scripts to all skins via
+ User:<name>/common.css and /common.js (if user css/js is enabled).
+* (bug 22748) Add anchors on Special:ListGroupRights.
+* (bug 21981) Add parameter 'showfilename' to <gallery> to automatically
+ apply the names of the individual files within the gallery.
+* Future-proof redirection to fragments in Gecko, so things work a little nicer
+ if they fix <https://bugzilla.mozilla.org/show_bug.cgi?id=516293>.
+* Support git:// and mms:// protocols by default for external links.
+* (bug 15810) Blocked admins can no longer unblock themselves without the
+ 'unblockself' permission (which they have by default).
+* (bug 18499) Added "enhanced" URL parameter to switch between old and enhanced
+ changes list.
+* (bug 22925) "sp-contributions-blocked-notice-anon" message now displayed when
+ viewing contributions of a blocked IP address.
+* (bug 22474) {{urlencode:}} now takes an optional second parameter for type of
+ escaping.
+* Special:Listfiles now supports a username parameter.
+* Special:Random carries over query string parameters.
+* (bug 23206) Add Special::Search hook for detecting successful "Go".
+* When visiting a "red link" of a deleted file, a deletion and move log excerpt
+ is provided on the Upload form.
+* (bug 22647) Add category details in search results.
+* (bug 23276) Add hook to Special:NewPages to modify query.
+* Add accesskey 's' and tooltip to 'Save' button at Special:Preferences.
+* Add accesskey 'b' and tooltip to the summary field of edit mode.
+* (bug 20186) Allow filtering Special:Contributions for RevisionDeleted edits.
+* ajaxwatch now uses the API and JQuery, and can be used to animate arbitrary
+ watch links, not just to watch the page the link is on.
+* (bug 20976) "searchmenu-new-nocreate" message now displayed when there
+ is no title match in search and the user has no rights to create pages.
+* (bug 23429) Added new hook WatchlistEditorBuildRemoveLine.
+* (bug 22844) Added support for WinCache object caching (for IIS).
+* (bug 23580) Add two new events to LivePreview so that scripts can be notified
+ about the beginning and finishing of LivePreview actions.
+* (bug 21278) Now the sidebar allows inclusion of wiki markup.
+* (bug 23733) Add IDs to messages used on CSS/JS pages.
+* Show validity period of the login cookie in Special:UserLogin and
+ Special:Preferences.
+* Interlanguage links display the page title in their tooltip.
+* (bug 23621) New Special:ComparePages to compare (diff) two articles.
+* (bug 4597) Provide support in Special:Contributions to show only "current"
+ contributions
+* (bug 17857) {{anchorencode}} acts more like how the parser creates section ids
+* (bug 21477) \& can now be used in <math>
+* (bug 11641) \dotsc \dotsm \dotsi \dotso can now be used in <math>
+* (bug 21475) \mathtt and \textsf can now be used in <math>
+* texvc is now run via ulimit4.sh, to limit execution time.
+* SQLite now supports $wgSharedDB.
+* (bug 8507) Group file links by namespace:title on image pages.
+* Stop emitting named entities, so we can use <!DOCTYPE html> while still being
+ well-formed XML.
+* texvc now supports \bcancel and \xcancel in addition to \cancel and \cancelto
+* Added scriptExtension setting to $wgForeignFileRepos.
+* ForeignApiRepo uses scriptDirUrl if apiBase not set.
+* (bug 24212) Added MediaWiki:Filepage.css which is also included on foreign
+ client wikis.
+* (bug 14685) Double underscore magic word usage is now tracked in the
+ page_props table, as well as the behavioral magic words {{DEFAULTSORT}} and
+ {{DISPLAYTITLE}}
+* (bug 24045) MediaWiki:Ipb-needreblock is now wrapped in a div with class
+ "mw-ipb-needreblock"
+* Non-file pages can no longer be moved to the file namespace, nor vice versa.
+* (bug 671) The <dfn>, <kbd> and <samp> elements have been whitelisted in user
+ input.
+* (bug 21503) There's now a "reason" field when creating account for other users.
+* (bug 24418) action=markpatrolled now requires a token.
+* A variety of category sort-related fixes, including:
+** (bug 164) In English, lowercase and uppercase letters now sort the same.
+** (bug 1211) Subcategories, ordinary pages, and files now page separately.
+** When several pages are given the same sort key, they sort by their names
+ instead of randomly.
+* (bug 23848) Add {{ARTICLEPATH}} Magic Word.
+* (bug 8140) Add dedicated CSS classes to Special:Newpages elements.
+* (bug 11005) Add CSS class to empty pages in Special:Newpages.
+* The parser cache is now shared amongst users whose different settings aren't
+ used in the page.
+* Any attribute beginning with "data-" can now be used in wikitext, per HTML5.
+* (bug 24007) Diff pages now mention the number of users having edited
+ intermediate revisions.
+* Added new hook GetIP.
+* Special:Version now displays whether a SQLite database supports full-text
+ search.
+* TS_ISO_8691_BASIC was added as a time format, which is used by ResourceLoader
+ for versioning.
+* Maintenance scripts get a --memory-limit option to override defaults (which
+ is usually to set it to -1 to disable the limit).
+* (bug 25397) Allow uploading (not displaying) of WebP images, disabled
+ by default.
+* (bug 23194) Special:ListFiles now has thumbnails.
+* Use hreflang to specify canonical and alternate links, search engine friendly
+ when a wiki has multiple variant languages.
* (bug 19593) Specifying --server in now works for all maintenance scripts.
-* Fixed $wgLicenseTerms register globals.
-* (bug 26561) Fixed clickjacking vulnerabilities by introducing support for
- X-Frame-Options. The header value can be configured using $wgBreakFrames and
- $wgEditPageFrameOptions.
-
-== Changes since 1.16 beta 3 ==
-
-* (bug 23769) Disabled HTML 5 client-side form validation. Was introduced in
- 1.16 beta 1, but is currently poorly supported by browsers.
-* (bug 23175) Re-added window.ta variable for backwards compatibility.
-* (bug 23264) Fixed breakage of various command line scripts due to extra line
- endings being inserted by Maintenance::output().
-* Fixed HTTP client functionality with safe_mode=On.
-* Fixed parser tests broken in 1.16 beta 3.
-* For Oracle DB backend: fixed parser tests and table prefix feature.
-* (bug 23767) Fixed PHP warning when REQUEST_URI is blank (IIS issue).
-* Fixed plural function for Northern Sami (se)
-* (bug 23597) Fixed conflicts between ID attributes in the Vector skin and
- parser-generated heading IDs. Renamed head, panel, head-base and page-base.
-* Disabled $wgHitcounterUpdateFreq>1 feature on SQLite, does not work yet.
-* (bug 23465) Don't ignore the predefined destination filename on
- Special:Upload after following a red link to a file.
-* In SQLite full-text search feature: fixed "move page" feature, was non-
- functional.
-* (bug 24565) Fixed Cache-Control headers sent from API modules, to protect
- user privacy in the case where an attacker can access the wiki through the
- same HTTP proxy as a logged-in user.
-* Fixed an XSS vulnerability in profileinfo.php for installations with
- $wgEnableProfileInfo = true (false by default)
-* Fixed a case where an X-Vary-Options header was sent despite $wgUseXVO being
- false. Fixed a minor header parsing issue when $wgUseXVO = true.
-* Fixed a register_globals arbitrary inclusion vulnerability in
- MediaWikiParserTest.php, introduced in 1.16 beta 1.
-
-== Changes since 1.16 beta 2 ==
-
-* Fixed bugs in the [[Special:Userlogin]] and [[Special:Emailuser]] handling of
- invalid usernames.
-* Fixed sorting in [[Special:Allmessages]]
-* (bug 23113) Fixed title in the show/hide links on diff pages
-* (bug 23117) Fixed API rollback, was returning "badtoken" for valid requests
-* (bug 23127) Re-added missing $1 parameter to the uploadtext message
-* Fixed a bug in the Vector skin where personal tools display behind the logo
-* (bug 23139) Fixed a bug in edit conflict resolution, where both textboxes
- showed the same text.
-* (bug 23115, bug 23124) Fixed various problems with <title> and <h1> elements
- in page views and previews when the language converter is enabled.
-* (bug 23148) Fixed a local path disclosure vulnerability in ImageMagick image
- scaling, which was introduced in 1.16 beta 1.
-* Improved error checking on installer.
-* (bug 22970) Fixed a JavaScript error in the upload destination conflict
- check.
-* (bug 23167) Check the watch checkbox by default if the watchcreations
+* Now rebuildtextindex.php warns if SQLite doesn't support full-text search.
+* (bug 10541) Front/backend separation of installation/upgrade code.
+* (bug 10596) Allow installer to enable extensions already in extensions folder.
+* (bug 20627) Installer should be in languages other than English.
+* Support for metadata in SVG files (title, description).
+* Special:Search: Add CSS classes to 'none found' and 'create link' messages.
+* Add CSS classes (including namespace and pagename) to the enhanced recent
+ changes/watchlist entries.
+* (bug 22463) Add hook 'SkinGetPoweredBy' to make 'powered by' icon/text
+ customizable.
+* Added CSS print pagination to the print stylesheets.
+* (bug 25960) Add <link rel=canonical"> for File pages of shared/foreign
+ file repositories.
+* When viewing a redirect, the redirect arrow and redirection target are both
+ wrapped in a div that has the class "redirectMsg" so that the redirection
+ arrow can be customized with CSS.
+* (bug 21911) Hard coded limit for long page warning removed. New message
+ [[MediaWiki:Longpage-hint]] (empty per default) can be used instead.
+ Parameters: $1 shows the formatted textsize in Byte/KB/MB, $2 is the raw
+ number of the textsize in Byte.
+* (bug 3276) Give image <gallery>s fluid width.
+* Added uploads link to page subtitle in Special:Contributions.
+* Added Special:Myuploads special page that redirects to Special:Listfiles.
+* The footerlinks used in Monobook/Vector/Modern are now part of common skin
+ code, SkinTemplateOutputPageBeforeExec can be used to customize the list.
+* Special wrapping setups can now define MW_CONFIG_FILE to load a config file
+ other than LocalSettings.php. This is like MW_CONFIG_CALLBACK but works in
+ some cases where MW_CONFIG_CALLBACK will not work.
+* (bug 26574) Added 'upload' to $wgRestrictionTypes, allowing upload protected
+ pages to be queried via the API and Special:ProtectedPages, and allowing
+ disabling upload protection by removing it from $wgRestrictionTypes.
+* The name attribute of HTMLForm fields can now be overridden by passing a
+ 'name' key in the descriptor array. Hidden field names are now treated
+ consistently with other fields and, by default, prefixed with 'wp'.
+* (bug 27402) Add support for disabling MWSuggest.
+* (bug 26563) Add bytes changed per revision for stub and full article dumps.
+* (bug 27508) Add $wgSVGMetadataCutoff to limit the maximum amount of an svg we
+ look at when finding metadata to prevent excessive resource usage.
+* (bug 198) $wgUpgradeKey allows unlocking the web installer for upgrades
+ without having to move LocalSettings.php
+* Added $wgAllowImageTag, which can be set to true to whitelist the <img> tag
+ in wikitext.
+* (bug 12797) Add $wgGalleryOptions for adjusting of default gallery display
+ options.
+* Added the $wgAllowUserCssPrefs option which allows disabling CSS-based
+ preferences; which can improve page loading speed.
+* Added $wgSQLMode for setting database SQL modes - either performance (null)
+ or other reasons (such as enabling stricter checks).
+* (bug 20193) Added $wgVectorShowVariantName global configuration variable
+ which causes Vector to render the variants drop-down menu with a label
+ showing the current variant name. This is off by default, pending further
+ research into its user experience implications.
+* The upload link for missing files can now be set separately from the
+ navigation link with $wgUploadMissingFileUrl.
+* $wgAdditionalMailParams added to allow setting extra options to mail() calls.
+* Added $wgSecureLogin to optionally login using HTTPS.
+* (bug 25728) Added $wgPasswordSenderName to make the name associated
+ with $wgPasswordSender configurable.
+* (bug 22463) $wgFooterIcons added to allow configuration of the icons shown in
+ the footers of skins.
+* $wgFileCacheDepth can be used to set the depth of the subdirectory hierarchy
+ used for the file cache. Default value is 2, which matches former behavior.
+
+=== Bug fixes in 1.17 ===
+
+* (bug 17560) Half-broken deletion moved image files to deletion archive
+ without updating database.
+* (bug 22666) Submitting user block form with an invalid user name no longer
+ throws an error.
+* (bug 22665, bug 22667) User '0' can now be unblocked and have its block
+ settings changed.
+* (bug 22606) The body of e-mail address confirmation message is now different
+ when the address changed.
+* (bug 22664) Special:Userrights now accepts '0' as a valid user name.
+* (bug 5210) Preload parser now parses <noinclude>, <includeonly> and
+ redirects.
+* (bug 22709) IIS7 mishandles redirects generated by OutputPage::output() when
+ the URL contains a colon.
+* (bug 22353) Categorised recent changes now works again.
+* (bug 22747) "Reveal my e-mail address in notification e-mails" preference is
+ now only displayed when relevant.
+* (bug 22772) {{#special:}} parser function now works with subpages.
+* (bug 18664) Relative URIs in interwiki links cause failed redirects.
+* (bug 19270) Relative URIs in interwiki links break interwiki transclusion.
+* (bug 22903) Revdelete log entries now show in the user preferred language.
+* (bug 22905) Correctly handle <abbr> followed by ISBN.
+* (bug 22940) Namespace aliases pointing to main namespace don't work.
+* (bug 15810) Blocked admins can no longer block/unblock other users.
+* (bug 22876) Avoid possible PHP Notice if $wgDefaultUserOptions is not
+ correctly set.
+* (bug 14952) Page titles are renormalized after html entities are removed so
+ that links with non-NFC character references work correctly.
+* (bug 22991) wgUserGroups JavaScript variable now reports * group for
+ anonymous users instead of null.
+* (bug 22627) Remove PHP notice when deleting a page only hidden users edited.
+* (bug 21520) Anonymous previews now also gives a warning about not being
+ logged in (anonpreviewwarning).
+* (bug 22935) image/x-ms-bmp mime type added for BMP files.
+* (bug 23024) Special:ListFiles now escapes file names correctly.
+* (bug 22867) "View source" tab is now only displayed if there's source text.
+* (bug 19393) Feeds now format dates in user language rather than content
+ language.
+* (bug 22852) "Served in" comment is now the time used to cache a single page
+ when using rebuildFileCache.php
+* (bug 22496) Viewing diff of a redirect page without specifying "oldid"
+ parameter no longer makes the page displayed as being the redirect target.
+* (bug 22918) Feed cache keys now use $wgRenderHashAppend.
+* (bug 21916) Last-Modified header is now correct when outputting cached feed.
+* (bug 20049) Fixed PHP notice in search highlighter that occurs in some cases.
+* (bug 23017) Special:Disambiguations now list pages in content namespaces
+ rather than only main namespace.
+* (bug 23063) $wgMaxAnimatedGifArea is checked against the total size of all
+ frames, and $wgMaxImageArea against the size of the first frame, rather than
+ the other way around. Both now default to 12.5 megapixels. Also, images
+ exceeding $wgMaxImageArea can still be embedded at original size.
+* (bug 23078) "All public logs" option on Special:Log is now always the first
+ item.
+* (bug 16817) Group names in user rights log are now singular and in lowercase.
+* Special:Preferences no longer crashes if the wiki default date formatting
+ style is not valid for the user's interface language.
+* (bug 23167) Check the watch checkbox by default if the watchcreations
preference is set.
-* (bug 23171) Improve IE6 version check to avoid false positives.
-* (bug 23176) Fixed upload warning override feature "upload new version",
- broken in 1.16 beta 1.
-* Fixed regression in unwatch links sent out in notification emails. When the
- mailing job was deferred via the job queue, the title was incorrect.
-* (bug 23534) Fixed SQL query error in API list=allusers.
-* Fixed a bug in uploads for non-JavaScript clients. An empty string was used
- as the default destination filename, instead of the source filename as
- expected.
-* (bug 23371) Fixed CSRF vulnerability in "e-mail me my password", "create
- account" and "create by e-mail" features of [[Special:Userlogin]]
-* (bug 23687) Fixed XSS vulnerability affecting IE clients only, due to a CSS
- validation issue.
-* Fixed a DoS vulnerability in ImageMagick image scaling. ImageMagick
- expanded wildcard characters "?" and "*" in image filenames, potentially
- causing large numbers of images to be scaled in response to a single request.
- The fix for this involves breaking the scaling of such image filenames until
- ImageMagick 6.6.1-5 or later is deployed, see bug 23361 for more details.
-* (bug 23608) Fixed invalid HTML in diff pages.
-
-=== Changes since 1.16 beta 1 ===
-
-* Fixed errors in maintenance/patchSql.php
-* (bug 19627) Fix regression from r57867 where HTMLForm would output
- <element classes="foo bar"> rather than <element class="foo bar">
-* Fixed broken "-r" option to maintenance/lag.php
-* (bug 23076) Fixed login CSRF vulnerability. Logins now require a token to
- be submitted along with the user name and password.
+* Maintenance script cleanupTitles is now able to fix titles stored
+ in a negative namespace (which is invalid).
+* (bug 19858) Removed obsolete <big> in interface messages.
+* (bug 21456) "Bad title" error when showing non-local interwiki pages no longer
+ displays incorrect tabs.
+* (bug 23190) Improved math representation for text browsers.
+* (bug 22015) Improved upload-by-url error handling and error display.
+* (bug 17941) $wgMaxUploadSize is now honored by all upload sources.
+* (bug 23080) New usernames now limited to 235 bytes so that custom skin files
+ work.
+* (bug 23075) Correct MediaTransformError default width in gallery.
+* (bug 16487) The Anonymous user account used on Postgres is no longer
+ displayed on Special:Listusers.
+* (bug 23313) Move watchlisthidepatrolled above token in watchlist preferences
+ to enhance preference grouping.
+* (bug 23298) Interwiki links with prefix only in log summaries now link to the
+ correct link.
+* (bug 23284) Times are now rounded correctly.
+* (bug 23375) Added ogv, oga, spx as extensions for ogg files.
+* (bug 18408) All required permissions for uploading (upload, edit, create)
+ are now checked when loading Special:Upload. Toolbar link for Special:Upload
+ is no longer shown if the user does not have the required permissions.
+* (bug 23397) texvc in html mode renders \sim as ˜ not ∼
+* (bug 23241) License selector should be disabled during upload of a new
+ version.
+* (bug 23240) Add ID to namespace selector form on Special:Watchlist.
+* The pipe | character in urls is now escaped.
+* (bug 23422) mp3 files can now be moved.
+* (bug 23448) MediaWiki:Summary-preview is now displayed instead of
+ MediaWiki:Subject-preview when previewing summary.
+* (bug 23426) The {{REVISIONMONTH}} variable is now zero-padded and added
+ new variable {{REVISIONMONTH1}} when unpadded version is needed.
+* Special:Userrights didn't recognize user as changing his/her own rights if
+ user did not capitalize first letter of username.
+* (bug 23507) Add styles for printing wikitables.
+* (bug 19586) Avoid JS errors in mwsuggest when using old browsers such
+ as Opera 8.
+* (bug 23563) Old skins now support $wgUploadNavigationUrl and take into
+ account upload rights.
+* (bug 1347) Render \phi in math using images, in order to create consistent
+ and correct render results.
+* (bug 16573) Render \epsilon in math using images, in order to create
+ consistent and correct render results.
+* (bug 22541) Support image redirects when using ForeignAPIRepo.
+* (bug 22967) Make edit summary length cut-off behave correctly for multibyte
+ characters.
+* (bug 8689) Long numeric lines no longer kill the parser.
+* (bug 23740) Article::doRedirect() now use $extraQuery parameter correctly if
+ the $noRedir parameter is set to true.
+* (bug 23688) Correct mime types for Office 2007 OpenXML documents.
+* (bug 23787) Corrected $wgDefaultSkin's comment in DefaultSettings.php.
+* (bug 23797) Xml::input() now allows '0' for the value parameter.
+* (bug 23747) Make sure that on History pages, the RevDel button is not
+ accidentally activated when hitting enter.
+* (bug 23845) Special:ListFiles now uses correct file names without underscores.
+* Ask for permanent login in Special:Preferences only if $wgCookieExpiration > 0.
+* (bug 16356) Repair dumpInterwiki.inc to use proper normalization.
+* (bug 24006) deleteArchivedRevisions.php maintenance script now longer throws
+ a fatal error.
+* (bug 23465) Don't ignore the predefined destination filename on
+ Special:Upload after following a red link.
+* (bug 23642) Recognize mime types of MS OpenXML documents.
+* (bug 22784) Normalise underscores and spaces in autocomments.
+* (bug 19910) Headings of the form ===+\s+ are now displayed as valid headings.
+* (bug 24022) Only check file extensions on the uploadpage when needed.
+* (bug 24076) Recognize Office 2003 files with OpenXML trailers.
+* (bug 24244) Updated comments in DefaultSettings.php to reflect
+ Image: --> File: namespace rename.
+* Make wfTimestamp recognize negative unix timestamp values.
+* (bug 24401) SimpleSearch: No button/text indicating 'Search' if image is
+ disabled.
+* (bug 23293) Do not show change tags when Special:RecentChanges(linked) or
+ Special:Newpages is transcluded into another page as it messes up the page.
+* (bug 24517) LocalFile::newFromKey() and OldLocalFile::newFromKey() no longer
+ throw fatal errors.
+* (bug 23380) Uploaded files that are larger than allowed by PHP now show a
+ useful error message.
+* Uploading to a protected title will allow the user to choose a new name
+ instead of showing an error page.
+* (bug 24425) Use Database::replace instead of delete/insert in
+ SqlBagOStuff::set to avoid query errors about duplicate keynames.
+* (bug 15470) First letters of filenames are always capitalized by upload JS.
+* (bug 21215) NoLocalSettings.php doesn't tolerate rewrite rules.
+* (bug 21052) Fix link color for stubs in NewPages.
+* (bug 24714) Usage of {{#dateformat: }} in wikis without $wgUseDynamicDates no
+ longer pollutes the parser cache.
+* (bug 17031) Correct which characters the parser allows in tag attributes (a
+ letter, colon or underscore followed by 0 or more letters, numbers, colons,
+ underscores, hyphens, and/or periods).
+* Save 200 useless queries on each category page view.
+* Shell commands will now work on Linux in filesystems mounted noexec.
+* (bug 24804) Corrected commafying in Polish and Ukrainian.
+* "Difference between pages" is now displayed instead of "Difference between
+ revisions" on diffs when appropriate.
+* (bug 23703) ForeignAPIRepo fails on findBySha1() when using a 1.14 install as
+ a repository due to missing 'name' attribute from the API list=allimages.
+* (bug 24898) MediaWiki uses /tmp even if a vHost-specific tempdir is set, also
+ make wfTempDir() return a sane value for Windows on worst-case.
+* (bug 24824) Support ImageMagick 6.5.6-2+ JPEG decoder size hint, to reduce
+ memory usage when such an ImageMagick is used for scaling.
+* Disable multithreaded behavior in recent ImageMagick, to avoid a deadlock
+ when a resource limit such as $wgMaxShellMemory is hit.
+* (bug 24981) Allow extensions to access SpecialUpload variables again.
+* (bug 20744) Wiki forgets about an uploaded file.
+* (bug 17913) Don't show "older edit" when no older edit available.
+* (bug 6204) TOC not properly rendered when using $wgMaxTocLevel.
+* (bug 24977) The accesskey in history page now lead directly to the diff
+ instead of alternating focus between the two buttons.
+* (bug 24987) Special:ListUsers does not take external groups into account.
+* (bug 20633) update.php has mixed language output.
+* SQLite system table names are now never prefixed.
+* (bug 25292) SkinSubPageSubtitle hook now passes the Skin object as second
+ parameter.
+* (bug 25167) Correctly load JS fixes for IE6 (fixing a regression in 1.16).
+* (bug 25367) wfShellExec() is more explicit when failing due to disabled
+ passthru().
+* (bug 25462) Fix double-escaping for section edit link tooltips.
+* action=raw was removed for Special:Statistics. This information is still
+ available via the API.
+* (bug 23934) Groups defined in $wgRevokePermissions but not in
+ $wgGroupPermissions now appear on Special:ListGroupRights.
+* (bug 23923) Special:Prefixindex no longer shows results if nothing was
+ requested.
+* (bug 22308) Search now finds text in default main page immediately after setup.
+* (bug 25697) Make sure empty lines render in diff view.
+* Use an actual minus sign in diff views, instead of a hyphen.
+* (bug 23732) Clarified "n links" message on Special:MostLinkedFiles.
+* (bug 23731) Clarified "n links" message on Special:MostLinkedTemplates.
+* (bug 25642) A exception is now thrown instead of a fatal error when using
+ $wgSMTP without PEAR mail package.
+* (bug 19633) When possible, Upscale small SVGs when creating thumbnails.
+* (bug 11013) Database driver detection needs rewriting for robustness.
+* (bug 13409) Installer prompts could use clarification--now has help boxes.
+* (bug 16902) Installer spews warnings when exec() and dl() are not available.
+* (bug 19129) Only show MyISAM/InnoDB when supported.
+* (bug 17762) Only show other e-mail options when e-mail is globally enabled.
+* Cache multiple sizes of InstantCommons thumbnails.
+* (bug 25488) Disallowing anonymous users to read pages no longer throws error
+ on discussion pages with vector as default skin.
+* (bug 24833) Files name in includes/diff/ are now less confusing.
+* (bug 25713) SpecialPage::resolveAlias() now normalise spaces to underscores.
+* (bug 25829) Special:Mypage and Special:Mytalk now forward oldid, diff and dir
+ parameters.
+* (bug 25175) HTML file cache now honor $wgCacheDirectory if
+ $wgFileCacheDirectory is not set.
+* (bug 13353) Diff3 version checks were too strict, did not detect working diff3.
+* (bug 25843) Links to special pages using link= attribute on images are now
+ normalised like normal links to special pages.
+* (bug 21364) External links using link= attribute on images now respect
+ $wgExternalLinkTarget.
+* (bug 17789) Added a note to the total views on Special:Statistics saying that
+ is doesn't count non-existing pages and special pages.
+* (bug 17996) HTTP redirects are now combined when requesting a special page.
+* (bug 19944) Link on image thumbnails no longer link to "Media:" namespace in
+ some cases.
+* (bug 25670) wfFindFile() now checks the namespace of the given title, only
+ "File" and "Media" are allowed now.
+* (bug 25872) Rename the HttpRequest class to MWHttpRequest to avoid conflict
+ with php extension that defines same class.
+* (bug 20591) There's now a different message on Special:MovePage when
+ $wgFixDoubleRedirects is set to false.
+* Fixed PHP warnings when updating a broken MySQL database.
+* (bug 26023) Corrected deleteBacth.php's documentation.
+* (bug 25451) Improved datetime representation in 32 bit php >= 5.2.
+* Show "skin does not exist error" only when the skin is inputted in the wrong
+ case.
+* (bug 26164) Potential html injection when the database server isn't available.
+* (bug 26160) Upload description set by extensions are not propagated.
+* (bug 9675) generateSitemap.php now takes an --urlpath parameter to allow
+ absolute URLs in the sitemap index (as required e.g. by Google).
+* Partial workaround for bug 6220: at least make files on shared repositories
+ show up as (struck-out) bluelinks instead of redlinks on Special:WantedFiles.
+* rebuildFileCache.php no longer creates inappropriate cache files for redirects.
+* (bug 25512) Subcategory list should not include category prefix for members.
+* (bug 10871) Javascript and CSS pages in MediaWiki namespace are no longer
+ treated as wikitext on preview.
+* Page existence is now not revealed (in the colour of the tabs) to users who
+ cannot read the page in question.
+* (bug 22753) Output from update.php is more clear when things changed, entries
+ indicating nothing changed are now all prefixed by "..."
+* (bug 16019) $wgArticlePath = "/$1" no longer breaks API edit/watch actions.
+* (bug 18372) File types blacklisted by $wgFileBlacklist will no longer be shown as
+ "Permitted file types" on the upload form.
+* (bug 26540) Fixed wrong call to applyPatch in MysqlUpdater.
+* (bug 26034) Make the "View / Read" tab in content_navigation style tabs remain
+ selected when the action is "purge".
+* (bug 26733) Wrap initial table creation in transaction.
+* (bug 26208) Mark directionality of some interlanguage links.
+* (bug 26716) Provide link to instructions for external editor related preferences.
+* (bug 26961) Hide anon edits in watchlist preference now actually works.
+* (bug 1379) Installer directory conflicts with some hosts' configuration panel.
+* (bug 27781) Installer does not warn about 5.1.x. Added a compatibility function
+ for array_key_exists().
+* Fix XML well-formedness on a few pages when $wgHtml5 is true (the default).
+* (bug 28069) MediaWiki fails streaming files when mod_deflate and ob_gzhandler
+ are also set.
+* (bug 26223) Concurrently moving an article to different titles leaks a
+ redirect revision with no page.
+* (bug 15641) Fixed permissions checks in Special:Import which allowed users
+ without the 'import' permission to import pages from configured import sources.
+* (bug 26449) Keep underlines from headings outside of tables and thumbs by
+ adding overflow:hidden to h1,h2,h3,h4,h5,h6 (also fixes editsection bunching).
+* (bug 26708) Remove background-color:white from tables in Monobook and Vector.
+* (bug 26781) {{PAGENAME}} and related parser functions escape their output better.
+* (bug 26716) Provide link to instructions for external editor related preferences
+ and add a comment to the ini control file explaining what is going on.
+* (bug 28422) Remove color:black from tables in Monobook and Vector. And add it
+ to table.wikitable instead.
+* (bug 27560) Search queries no longer fail in walloon language.
+* (bug 27700) The upload protection can now also be set for files that do not
+ exist.
+* (bug 28034) uploading file to local wiki when file exists on shared repository
+ (commons) gives spurious info in the warning message.
+* Usernames get lost when selecting different sorts on Special:listfiles.
+* (bug 28166) UploadBase assumes that 'edit' and 'upload' rights are not per
+ page restrictions.
+* (bug 28242) Make redirects generated by urls containing a local interwiki
+ prefix be a 301 instead of a 302.
+* (bug 28568) Entries in the iwlinks table are now removed on page deletion.
+* (bug 28306) Fix exposure of suppressed usernames in ForeignDBRepo.
+* (bug 28444) Fix regression: edit-on-doubleclick retains revision id again.
+* UtfNormal::cleanUp on an invalid utf-8 sequence no longer returns false if
+ intl installed.
+* (bug 26729) Category pages should return 404 if they do not exist and have no
+ members.
+* (bug 28214) When page not found, sends malformed HTTP/1.x instead of HTTP/1.1
+ in header of response.
+* (bug 27634) TOC title appears in wrong language.
+* (bug 27761) Fix regression: pages with Esperanto titles containing convertible
+ character sequences became unreachable.
+* (bug 27508) SVGMetadataExtractor takes too much resources on huge svgs.
+* (bug 27465) SVG thumbnail generation.
+* (bug 27467) preload can leave UNIQ.
+* (bug 27539) Allow attributes beginning with a digit in wikitext tag parameters.
+* (bug 27328) using relative paths in CSS imports in MediaWiki:Common.css broken
+ in 1.17.
+* (bug 27333) Fix repetitive last-seen time queries on page history.
+* (bug 26250, bug 23817) Fix wfObjectToArray() to descend into arrays; fixes
+ processing of JSON return values for ForeignAPIRepo when native json module
+ not present.
+* (bug 25675) Fix search suggestions for Special: pages with spaces.
+* (bug 25571) Xml::encodeJsVar now passes floats natively instead of converting
+ to strings.
+* (bug 27338) Gallery in 1.17 breaks for audio/video + ogghandler.
+* (bug 27302) Don't append the current timestamp for user/site modules when no
+ user/site JS/CSS is present.
+* (bug 27016) dumpTextPass.php now consider the "output" parameter.
+* (bug 22606) don't send the "someone registred an account" message when setting
+ email address (i.e. old one empty) in user preferences.
+* (bug 26458) Section edit links appear on pages that user does not have right
+ to edit.
+* (bug 28611) Don't die in SqlBagOStuff::incr() if there's a race condition.
+* (bug 16886) Sister projects box moves down the extract of the first result
+ in IE 7.
+* (bug 17398) Fixed "link" parameter in image links with "thumb" or "frame"
+ parameter.
+
+=== API changes in 1.17 ===
+
+* BREAKING CHANGE: action=patrol now requires POST.
+* BREAKING CHANGE: patrol token is no longer the same as edit token.
+* BREAKING CHANGE: Session keys returned by ApiUpload are now strings instead
+ of integers.
+* BREAKING CHANGE: (bug 25303) Fix API parameter integer validation to actually
+ enforce validation on the input values in addition to giving a warning.
+ Also add flag to enforce (die) if integer out of range.
+* (bug 24650) Fix API to work with categorylinks changes.
+* action=parse now correctly returns an error for nonexistent pages.
+* (bug 27201) Special:WhatLinksHere output no longer contains duplicate IDs.
+* (bug 26560) On allusers if limit < total number of users, last user gets
+ duplicated.
+* (bug 27715) imageinfo didn't respect revdelete.
+* (bug 27479) API error when using both prop=pageprops and
+ prop=info&inprop=displaytitle.
+* (bug 27862) Useremail module didn't properly return success on success.
+* (bug 27590) prop=imageinfo now allows querying the media type.
+* (bug 27587) list=filearchive now outputs full title info.
+* (bug 27897) list=allusers and list=users list hidden users.
+* (bug 22738) Allow filtering by action type on query=logevent.
+* (bug 22764) uselang parameter for action=parse.
+* (bug 22944) API: watchlist options are inconsistent.
+* (bug 22868) don't list infinite block expiry date as "now" in API logevents.
+* (bug 22290) prop=revisions now outputs "comment" field even when comment
+ is empty, for consistency with list=recentchanges.
+* (bug 19721) API action=help should have a way to just list for a specific
+ module.
+* (bug 23458) Add support for pageid parameter to action=parse requests.
+* (bug 23460) Parse action should have a section option.
+* (bug 21346) Make deleted images searchable by hash.
+* (bug 23461) Normalise usage of parameter names in parameter descriptions.
+* (bug 23548) Allow access of another users watchlist through watchlistraw
+ using token and username.
+* (bug 23524) Api Modules as followup to bug 14473 (Add iwlinks table to
+ track inline interwiki link usage).
+* Add pltitles and tltemplates to prop=links and prop=templates respectively,
+ similar to prop=categories's clcategories.
+* (bug 23834) Invalid "thumbwidth" and "thumbheight" in "imageinfo" query when
+ thumbnailing larger than original image.
+* (bug 23835) Need "thumbmime" result in "imageinfo" query.
+* (bug 23851) Repair diff for file redirect pages.
+* (bug 24009) Include implicit groups in action=query&list=users&usprop=groups.
+* (bug 24016) API: Handle parameters specified in simple string syntax
+ ( 'paramname' => 'defaultval' ) correctly when outputting help.
+* (bug 24089) Logevents causes PHP Notice if leprop=title isn't supplied.
+* (bug 23473) Give description of properties on all modules.
+* (bug 24136) unknownerror when adding new section without summary, but
+ forceditsummary.
+* (bug 22339) Added srwhat=nearmatch to list=search to get a "go" result.
+* (bug 24303) Added new &servedby parameter to all actions which adds the
+ hostname that served the request to the result. It is also added
+ unconditionally on error.
+* (bug 24185) Titles in the Media and Special namespace are now supported for
+ title normalization in action=query. Special pages have their name resolved
+ to the local alias.
+* (bug 24296) Added converttitles parameter to convert titles to their
+ canonical language variant.
+* (bug 23936) Add "displaytitle" to query/info API.
+* (bug 24485) Make iwbacklinks a generator, optionally display iwprefix and
+ iwtitle.
+* (bug 24564) Fix fatal errors when using list=deletedrevs, prop=revisions or
+ one of the backlinks generators with limit=max.
+* (bug 24656) API's parse module needs option to disable PP report.
+* PARAM_REQUIRED parameter flag added. If this flag is set, and the end user
+ does not set the parameter, the API will automatically throw an error.
+* (bug 24665) When starttimestamp is not specified, fake it by setting it to
+ NOW, not to the timestamp of the last edit.
+* (bug 24677) axto= parameters added to allcategories, allimages, alllinks,
+ allmessages, allpages, and allusers.
+* (bug 24236) Add add, remove, add-self, remove-self tags to
+ meta=siteinfo&siprop=usergroups.
+* (bug 24484) Add prop=pageprops module.
+* (bug 24330) Add &redirect parameter to ?action=edit.
+* (bug 24722) For list=allusers&auprop=blockinfo, only show blockedby and
+ blockreason if the user is actually blocked.
+* Add format=dump and format=dumpfm, outputs results in PHP's var_dump() format.
+* For required string parameters, if '' is provided, this is now classed as
+ missing.
+* (bug 24724) list=allusers is out by 1 (shows total users - 1).
+* (bug 24166) API error when using rvprop=tags.
+* Introduced "asynchronous download" mode for upload-by-url. Requires
+ $wgAllowAsyncCopyUploads to be true.
+* sinumberingroup correctly gives size of 'user' group, and omits size of
+ implicit groups rather than showing 0.
+* (bug 25248) API: paraminfo errors with certain modules.
+* (bug 24792) API help for action=purge sometimes wrongly stated whether a
+ POST request was needed due to cache pollution.
+* Added iiprop=parsedcomment to prop=imageinfo, similar to prop=revisions.
+* Added rvparse to parse revisions. For performance reasons if this option is
+ used, rvlimit is enforced to 1.
+* (bug 25748) If a action=parse request provides an oldid that is actually the
+ current revision id, try the parser cache, and save it to it if necessary.
+* (bug 25463) Export header should not be shown if no pages were requested, to
+ reduce confusion.
+* (bug 25648) API discovery information has been added as RSD link in page
+ <head> and by providing an API module action=rsd. Added hook
+ ApiRsdServiceApis for extensions to add their own service to the services
+ list.
+* The HTML of diff output markers has changed. Hyphens are now minus signs,
+ empty markers are now filled with non-breaking-space characters.
+* (bug 25741) Add more data to list=search's srprop.
+* (bug 25760) counter property still reported by the API when
+ $wgDisableCounters enabled.
+* (bug 25987) prop=info&inprop=watched now also works for missing pages.
+* (bug 26006) prop=langlinks now allows obtaining full URL.
+* (bug 26075) ApiDelete.php now calls correctly ArticleDelete hook.
+* (bug 26089) add block expiration to blockinfo.
+* (bug 26125) prop=imageinfo&iiprop=size now returns the page count if the
+ file is a multi-page file.
+* (bug 10268) Added linktodiffs parameter on action=feedwatchlist.
+* (bug 26219) Show API limits for multi values in description.
+* (bug 28070) Fix watchlist RSS for databases that store timestamps in a
+ real timestamp field.
+* (bug 27722) list=filearchive now supports revdel.
+
+=== Language support changes in 1.17 ===
+
+MediaWiki supports over 330 languages. Many localizations are updated regularly.
+
+The following languages were added:
+
+* Moroccan Spoken Arabic (ary)
+* Banjar (bjn)
+* Kabardian (kbd)
+* Kabardian (Cyrillic) (kbd-cyrl)
+* Latgalian (ltg)
+* Minangkabau (min)
+* Dutch (informal) (nl-informal)
+* Rusyn (rue)
+
+Other significant changes to MediaWiki's language support:
+
+* Fiji Hindi (Devangari script) was removed.
+* Removed deprecated language code "dk" (Danish), use "da" instead.
+* Link trail added for sl and sh.
+* (bug 27633) Add characters to linkTrail for Portuguese (pt and pt-br).
+* (bug 23156) Commafy and search normalization updated for Belarusian
+ (Taraškievica).
+* (bug 23283) Native name for Old English -> Ænglisc.
+* (bug 23364) Native name for Azerbaijani -> Azərbaycanca.
+* (bug 24593) Native name for Sorani now uses only Arabic script.
+* (bug 24628) Generic translations for NS_USER/NS_USER_TALK for Esperanto.
+* (bug 24917) Polish as fallback for Kashubia.
+* (bug 24794) Tatar link trail updated.
+* Esperanto date format corrected.
+* (bug 28159) Change interwiki name of language kbd to Къэбэрдеибзэ /
+ Qabardjajəbza.
+* (bug 28184) Namespaces for the Latgalian Wikipedia.
+* (bug 25010) Bashkir-language interwikis: linktext change from Башҡорт
+ to Башҡортса.
+* (bug 26395) Change name of Cornish language to Kernowek.
+
+=== Other changes in 1.17 ===
+
+* DatabaseFunctions.php that was needed for compatibility with pre-1.3
+ extensions has been removed.
+* XmlFunctions.php has been removed. Use the Xml or Html classes as appropriate.
+* The FailFunction "error handling" method has now been removed
+* Sysops now have the "suppressredirect" right by default
+* Removed $wgRemoteUploads. It was not well supported and superseded by
+ $wgUploadNavigationUrl.
+* (bug 26253) $wgPostCommitUpdateList has been removed
+* The PHPUnit test suite has been removed from this release due to serious issues
+ which should be resolved by the 1.18 release.
+* Oracle DB now uses the __destruct function to commit/close connection as it
+ doesn't commit on close if transation is triggered in OCI.
+
+== MediaWiki 1.16 ==
=== Configuration changes in 1.16 ===
similarly to the category namespace.
* $wgEnableSorbs renamed to $wgDnsBlacklistUrls ($wgEnableSorbs kept for
backward compatibility)
-* $wgUploadNavigationUrl now also affects images inline images that do not
+* $wgUploadNavigationUrl now also affects inline images that do not
exist. In that case the URL will get (?|&)wpDestFile=<filename> appended to
it as appropriate.
* If $wgLocaltimezone is null, use the server's timezone as the default for
- signatures. This was always the behaviour documented in DefaultSettings.php
- but has not been the actual behaviour for some time: instead, UTC was used
+ signatures. This was always the behavior documented in DefaultSettings.php
+ but has not been the actual behavior for some time: instead, UTC was used
by default.
* Added $wgExtensionAssetsPath, to decouple assets serving from $wgScriptPath.
If not specified it will default to $wgScriptPath/extensions
* Added a feature to allow per-article process pool size control for the parsing
task, to limit resource usage when the cache for a heavily-viewed article is
invalidated. Requires an external daemon.
-* (bug 19576) Moved the id attribues from the anchors accompanying section
+* (bug 19576) Moved the id attributes from the anchors accompanying section
headers to the <span class="mw-headline"> elements within the section headers,
removing the redundant anchor elements.
* Parser::setFunctionTagHook now can be used to add a new tag which is parsed at
the return value
* Separate unit test suites under t/ and tests/ were merged and moved to
maintenance/tests/.
-* importImages.php maintenance script can now use the original uploader and
+* importImages.php maintenance script can now use the original uploader and
comment from another wiki.
* Support for Turck MMCache was removed
* (bug 14592) Warn users when they try to move their user page that their
** Note that this change will break some extensions which have not been adapted
for it.
* (bug 17020) Adding fallback encodings for Traditional and Simplified Chinese
- languages while the the text is typed as URLs.
+ languages while the text is typed as URLs.
* (bug 17614) Prev / Next links are not shown if all results are shown
* (bug 18207) Strange spacing before [[irc:...]] links
* Removed float from the user login form in RTL interface - caused display
* (bug 18943) Handle invalid titles gracefully at Special:Mostlinked
* (bug 8873) Enable variant conversion in text on 'alt' and 'title' attributes
* (bug 10837) Introducing the StubUserVariant class to determine the variant
- variable instead of using this to overrules the user language preference.
+ variable instead of using this to overrule the user language preference.
* (bug 19014) If user had deletedhistory right, but not undeleted right, then
show "view" instead of "view/restore" on logs.
* (bug 19017) TOC level calculation error in an odd case
are no longer recorded in the pagelinks table
* (bug 19784) date option "ISO 8601" produced illegal id
* (bug 19761) Removed autogenerated <meta keywords> tag with link data.
- Keyword set was not useful, and is ignored by modern search engines anway.
+ Keyword set was not useful, and is ignored by modern search engines anyway.
* (bug 19827) Special:SpecialPages title is "Upload file
* (bug 19355) Added .xhtml, .xht to upload file extension blacklist
* (bug 19287) Workaround for lag on history page in Firefox 3.5
* The display of the language list on the preferences is more comply with the
BCP 47 standards.
* (bug 19849) Custom X-Vary-Options header now disabled unless $wgUseXVO is set
-* (bug 19301) Duplicates entries in $wgAddGroups, $wgRemoveGroups,
+* (bug 19301) Duplicate entries in $wgAddGroups, $wgRemoveGroups,
$wgGroupsAddToSelf and $wgGroupsRemoveFromSelf are no more displayed on
Special:ListGroupRights
* (bug 18799) Special:Userlogin now handles correctly the returnto parameter
* (bug 15680) Split the edit tip message of user CSS/JS subpage into
"usercssyoucanpreview" and "userjsyoucanpreview" respectively.
* (bug 12110) Split the rights for editing users' CSS/JS subpage from
- "editusercssjs" into "editusercss" and edituserjs" respectively.
+ "editusercssjs" into "editusercss" and "edituserjs" respectively.
* (bug 19394) RecentChanges feed URLs for log items with no revisions
(eg Newuser, Userrights) are no longer broken
* (bug 17395) Remote file descriptions use user language ($wgLang), not wiki
enabled
* (bug 19857) maintenance/deleteRevision.php on last revision no longer breaks
target page
-* (bug 20365) Page name with with c/g/h/j/s/u + x are now correctly handled in
+* (bug 20365) Page name with c/g/h/j/s/u + x are now correctly handled in
Special:MovePage with Esperanto as content language
* (bug 20364) Fixed regression in GIF metadata loading
* (bug 20299) MediaWiki:Move-subpages and MediaWiki:Move-talk-subpages can now
* (bug 19966) MediaWiki:License-header is now used for the licensing header in
the file description page instead of MediaWiki:License
* (bug 20380) Links to history/deleted edits at the top of
- Special:RevisionDelete are no more displayed when when doing log suppression
+ Special:RevisionDelete are no more displayed when doing log suppression
* (bug 8143) Localised parser function names are now correctly case insensitive
if they contain non-ASCII characters
* (bug 19055) maintenance/rebuildrecentchanges.php now purges
"unknown error"
* (bug 18762) both redirects and links get fixed one after another if
redirects-only switch is not present
-* (bug 20159) thumbnails rerendered if older that $wgThumbnailEpoch
+* (bug 20159) thumbnails rerendered if older than $wgThumbnailEpoch
* Fixed a bug which in some situations causes the job queue to grow forever,
due to an infinite loop of job requeues.
* (bug 21523) File that can have multiple pages (djvu, pdf, ...) no longer have
* (bug 21776) Interwiki urls like http://en.wikibooks.org/wiki/cs: should give
a redirect instead of a baderror.
* (bug 21803) Special:MyContributions now keeps the query string parameters
-* Redirecting special pages now keep query string paramters set to "0" (e.g.
+* Redirecting special pages now keep query string parameters set to "0" (e.g.
for namespace)
* (bug 20765) Special:ListGroupRights no longer misses addables and removables
groups if there are duplicate entries
* refreshLinks.php now purges orphaned redirect table rows
* (bug 2971) Swap links of hist & diff location on Special:Contributions for
consistency with RC/WL
-* (bug 21986) Special page names were are now capitalized by content language
-* If two log type have the same description, they're now both displayed in the
+* (bug 21986) Special page names are now capitalized by content language
+* If two log types have the same description, they're now both displayed in the
type selector on Special:Log
* (bug 20115) Special:Userlogin title says "Log in / create account" even if the
user can't create an account
* Truncate summary of page moves in revision comment field to avoid broken
multibyte characters
* (bug 22540) ForeignApiRepos no longer try to store thumbnails that don't exist
-* (bug 22551) Special:Resetpass now has a "Cancel" button that sends the user to
+* (bug 22551) Special:Resetpass now has a "Cancel" button that sends the user to
the page set in the &returnto parameter.
* (bug 19194) Search box in Modern skin doesn't focus with Safari/Chrome
* (bug 17790) Users instantly logged off on HughesNet
-* (bug 21549) Make foreign key constraints DEFERRABLE INITIALLY DEFERRED
+* (bug 21549) Make foreign key constraints DEFERRABLE INITIALLY DEFERRED
when using Postgres as the database backend.
== API changes in 1.16 ==
* Added $wgNoFollowDomainExceptions to allow exempting particular domain names
from rel="nofollow" on external links
* (bug 12970) Brought back $wgUseImageResize.
-* Added $wgRedirectOnLogin to allow specifying a specifc page to redirect users
+* Added $wgRedirectOnLogin to allow specifying a specific page to redirect users
to upon logging in (ex: "Main Page")
-* Add $wgExportFromNamespaces for enabling/disabling the "export all from
+* Add $wgExportFromNamespaces for enabling/disabling the "export all from
namespace" option (disabled by default)
=== New features in 1.15 ===
'mw-editinginterface'
* (bug 17497) Oasis opendocument added to mime.types
* Remove the link to Special:FileDuplicateSearch from the "file history" section
- of image description pages as the list of duplicated files is shown in the
+ of image description pages as the list of duplicated files is shown in the
next section anyway.
* Added $wgRateLimitsExcludedIPs, to allow specific IPs to be whitelisted from
rate limits.
* (bug 14981) Shared repositories can now have display names, located at
- Mediawiki:Shared-repo-name-REPONAME, where REPONAME is the name in
+ Mediawiki:Shared-repo-name-REPONAME, where REPONAME is the name in
$wgForeignFileRepos
* Special:ListUsers: Sort list of usergroups by alphabet
* (bug 16762) Special:Movepage now shows a list of subpages when possible
of $wgSpamRegex for edit summary checks. Text checks still use $wgSpamRegex.
* New function to convert content text to specified language (only applies on wiki with
LanguageConverter class)
-* (bug 17844) Redirect users to a specific page when they log in, see
+* (bug 17844) Redirect users to a specific page when they log in, see
$wgRedirectOnLogin
* Added a link to Special:UserRights on Special:Contributions for privileged users
* (bug 10336) Added new magic word {{REVISIONUSER}}, which displays the editor
- of the displayed revision's author user name
-* LinkerMakeExternalLink now has an $attribs parameter for link attributes and
+ of the displayed revision
+* LinkerMakeExternalLink now has an $attribs parameter for link attributes and
a $linkType parameter for the type of external link being made
* (bug 17785) Dynamic dates surrounded with a <span> tag, fixing sortable tables with
dynamic dates.
* (bug 17341) "Powered by MediaWiki" should be on the left on RTL wikis
* (bug 17404) "userrights-interwiki" right was missing in User::$mCoreRights
* (bug 7509) Separation strings should be configurable
-* (bug 17420) Send the correct content type from action=raw when the HTML file
+* (bug 17420) Send the correct content type from action=raw when the HTML file
cache is enabled.
* (bug 12746) Do not allow new password e-mails when wiki is in read-only mode
* (bug 17478) Fixed a PHP Strict standards error in
* (bug 17778) MediaWiki:Catseparator can now have HTML entities
* (bug 17676) Error on Special:ListFiles when using Postgres
* Special:Export doesn't use raw SQL queries anymore
-* (bug 14771) Thumbnail links to individual DjVu pages have two no longer have
+* (bug 14771) Thumbnail links to individual DjVu pages no longer have
two "page" parameters
* (bug 17972) Special:FileDuplicateSearch form now works correctly on wikis that
don't use PathInfo or short urls
-* (bug 17990) trackback.php now has a trackback.php5 alias and works with
+* (bug 17990) trackback.php now has a trackback.php5 alias and works with
$wgScriptExtension
* (bug 14990) Parser tests works again with PostgreSQL
* (bug 11487) Special:Protectedpages doesn't list protections with pr_expiry
* (bug 13209) Added rvdiffto parameter to prop=revisions
* Manual language conversion improve: Now we can include both ";" and ":" in
conversion rules
-* (bug 17795) Don't report views count on meta=siteinfo if $wgDisableCounters
+* (bug 17795) Don't report views count on meta=siteinfo if $wgDisableCounters
is set
* (bug 17774) Don't hide read-restricted modules like action=query from users
without read rights, but throw an error when they try to use them.
a POST request
* (bug 18099) Using appendtext to edit a non-existent page causes an interface
message to be included in the page text
-* Fixed the circular template inclusion check, was broken when the loop
+* Fixed the circular template inclusion check, was broken when the loop
involved redirects. Without this, infinite recursion within the parser is
possible.
* (bug 18601) generator=backlinks returns invalid continue parameter
* Extensions can use the SkinBuildSidebar hook to modify the content of the
sidebar and add custom portlets to it
* Added 'MakeGlobalVariablesScript' hook for extensions to be able to add vari-
- ables into into the output of Skin::makeVariablesScript
+ ables into the output of Skin::makeVariablesScript
* (bug 13846) Added $wgAddGroups and $wgRemoveGroups display on
Special:ListGroupRights
* (bug 14377) Add a date selector to history pages
* Dropped old Paser_OldPP class. Only new parser with preprocessor is used.
* Moved password reset form from Special:Preferences to Special:ResetPass
* Added Special:ChangePassword as a special page alias for Special:ResetPass
-* Added complimentary function for addHandler() called removeHandler() for removing events
+* Added complementary function for addHandler() called removeHandler() for removing events
* Improved security of file uploads for IE clients, using a reverse-engineered
algorithm very similar to IE's content detection algorithm.
* Cascading protection no longer requires that both edit and move are restricted
== Changes since 1.13.2 ==
-David Remahl of Apple's Product Security team has identified a number of
+David Remahl of Apple's Product Security team has identified a number of
security issues in previous releases of MediaWiki. Subsequent analysis by the
MediaWiki development team expanded the scope of these vulnerabilities. The
issues with a significant impact are as follows:
* An XSS vulnerability affecting all MediaWiki installations between 1.13.0 and
1.13.2. [CVE-2008-5249]
-* A local script injection vulnerability affecting Internet Explorer clients for
+* A local script injection vulnerability affecting Internet Explorer clients for
all MediaWiki installations with uploads enabled. [CVE-2008-5250]
-* A local script injection vulnerability affecting clients with SVG scripting
- capability (such as Firefox 1.5+), for all MediaWiki installations with SVG
+* A local script injection vulnerability affecting clients with SVG scripting
+ capability (such as Firefox 1.5+), for all MediaWiki installations with SVG
uploads enabled. [CVE-2008-5250]
-* A CSRF vulnerability affecting the Special:Import feature, for all MediaWiki
+* A CSRF vulnerability affecting the Special:Import feature, for all MediaWiki
installations since the feature was introduced in 1.3.0. [CVE-2008-5252]
XSS (cross-site scripting) vulnerabilities allow an attacker to steal an
authorised user's login session, and to act as that user on the wiki. The
authorised user must visit a web page controlled by the attacker in order to
-activate the attack. Intranet wikis are vulnerable if the attacker can
+activate the attack. Intranet wikis are vulnerable if the attacker can
determine the intranet URL.
-Local script injection vulnerabilities are like XSS vulnerabilities, except
-that the attacker must have an account on the local wiki, and there is no
+Local script injection vulnerabilities are like XSS vulnerabilities, except
+that the attacker must have an account on the local wiki, and there is no
external site involved. The attacker uploads a script to the wiki, which another
-user is tricked into executing, with the effect that the attacker is able to act
+user is tricked into executing, with the effect that the attacker is able to act
as the privileged user.
CSRF vulnerabilities allow an attacker to act as an authorised user on the wiki,
to avoid leaking these images, but these measures are not perfect.
* Set display_errors=off in your php.ini to avoid path disclosure via PHP fatal
errors. This is the default on most shared web hosts.
-* Enabling MediaWiki's debugging features, such as $wgShowExceptionDetails, may
+* Enabling MediaWiki's debugging features, such as $wgShowExceptionDetails, may
lead to path disclosure.
Other changes in this release:
* Avoid fatal error in profileinfo.php when not configured.
-* Add a .htaccess to deleted images directory for additional protection against
- exposure of deleted files with known SHA-1 hashes on default installations.
-* Avoid streaming uploaded files to the user via index.php. This allows
+* Add a .htaccess to deleted images directory for additional protection against
+ exposure of deleted files with known SHA-1 hashes on default installations.
+* Avoid streaming uploaded files to the user via index.php. This allows
security-conscious users to serve uploaded files via a different domain, and
thus client-side scripts executed from that domain cannot access the login
cookies. Affects Special:Undelete, img_auth.php and thumb.php.
-* When streaming files via index.php, use the MIME type detected from the
+* When streaming files via index.php, use the MIME type detected from the
file extension, not from the data. This reduces the XSS attack surface.
-* Blacklist redirects via Special:Filepath. Such redirects exacerbate any
+* Blacklist redirects via Special:Filepath. Such redirects exacerbate any
XSS vulnerabilities involving uploads of files containing scripts.
* Internationalisation updates.
* Security: Work around misconfiguration by requiring strict comparisons for
in_array in User::isAllowed().
-* (bug 14944) Added $wgShellLocale for configuration of an appropriate locale
- to use for LC_CTYPE during shell invocation. For servers that don't have
+* (bug 14944) Added $wgShellLocale for configuration of an appropriate locale
+ to use for LC_CTYPE during shell invocation. For servers that don't have
en_US.utf8. Also added locale detection during install.
* Localisation updates
* Security: Fixed XSS vulnerability in useskin parameter.
== Changes since 1.13.0 ==
-* (bug 15460) Fixed intermittent deadlock errors and poor concurrent
+* (bug 15460) Fixed intermittent deadlock errors and poor concurrent
performance for installations without memcached.
-* (bug 13770) Fixed DOM module detection for installations with both dom
+* (bug 13770) Fixed DOM module detection for installations with both dom
and domxml.
* (bug 15148) Fixed Special:BlockIP for PostgreSQL
* Fixed SQLite support for non-memcached installations
== Changes since 1.13.0rc2 ==
* (bug 13770) Fixed incorrect detection of PHP's DOM module
-* Fix regression from r37834: accesskey tooltip hint should be given for the
+* Fix regression from r37834: accesskey tooltip hint should be given for the
minor edit and watch labels on the edit page.
* Updated Chinese simplified/traditional conversion tables
shown as empty instead of the current time.
* (bug 14904): fragments were lost when redirects were fixed.
* Added magic word __STATICREDIRECT__ to suppress the redirect fixer
-* (bug 15035) Revert English linkTrail to /^([a-z]+)(.*)$/sD, as it was before
- r36253. Multiple reports of breakage due to old (pre-5.0) PCRE libraries,
- both bundled with PHP and packaged with distros such as RHEL.
-* (bug 14944) Shell invocation of external programs such as ImageMagick convert
+* (bug 15035) Revert English linkTrail to /^([a-z]+)(.*)$/sD, as it was before
+ r36253. Multiple reports of breakage due to old (pre-5.0) PCRE libraries,
+ both bundled with PHP and packaged with distros such as RHEL.
+* (bug 14944) Shell invocation of external programs such as ImageMagick convert
was broken in PHP 5.2.6, if the server had a non-UTF-8 locale.
you to use a shared database with a different prefix. Or you can now use a local
database and use prefixes to separate wiki and the shared tables. And the new
$wgSharedTables variable allows you to specify a list of tables to share.
-* Automatic edit summaries can be disabled with $wgUseAutomaticEditSummaries
+* Automatic edit summaries can be disabled with $wgUseAutomaticEditSummaries
* Duplicates of images are now shown on the image page
* $wgRCFilterByAge allows for the list of dates in recent changes special pages to
be filtered to only those within the range of $wgRCMaxAge
image page already exists
* $wgMaximumMovedPages restricts the number of pages that can be moved at once
(default 100) with the new subpage-move functionality of Special:Movepage
-* Hooks display in Special:Version is now disabled by default, use
+* Hooks display in Special:Version is now disabled by default, use
$wgSpecialVersionShowHooks = true; to enable it.
* $wgActiveUserEditCount sets the number of edits that must be performed over
a certain number of days to be considered active
* $wgActiveUserDays is that number of days
-* $wgRateLimitsExcludedGroups has been deprecated in favor of
+* $wgRateLimitsExcludedGroups has been deprecated in favor of
$wgGroupPermissions[]['noratelimit']. The former still works, however.
* New $wgGroupPermissions option 'move-subpages' added to control bulk-moving
subpages along with pages. Assigned to 'user' and 'sysop' by default.
-* New $wgRC2UDPOmitBots allows user to omit bot edits from UDP output.
+* New $wgRC2UDPOmitBots allows user to omit bot edits from UDP output.
Default: false
* Removed $wgEnableCascadingProtection option. Disabling cascading protection
- is no longer possible.
+ is no longer possible.
* $wgMessageCacheType defines now the type of cache used by the MessageCache class,
previously it was choosen based on $wgParserCacheType
* $wgExtensionAliasesFiles option to simplify adding aliases to special pages
with MimeMagic.
* Added $wgDirectoryMode, which allows for setting the default CHMOD value when
creating new directories.
-* (bug 14843) $wgCookiePrefix can be set by LocalSettings now, false defaults
+* (bug 14843) $wgCookiePrefix can be set by LocalSettings now, false defaults
current behavior.
=== New features in 1.13 ===
reduce broken form submissions
* Add --old-redirects-only option to maintenance/refreshLinks.php, to add old
redirects to the redirect table
-* Add links to page and file deletion forms to edit predefined delete reasons
+* Add links to page and file deletion forms to edit predefined delete reasons
* (bug 13269) Added MediaWiki:Uploadfooter to the bottom of Special:Upload
* (bug 2815) Search results for media now use thumbnail instead of text extract
* When a page doesn't exist, the tab should say "create", not "edit"
text from Special:UserLogin title (new message 'nav-login-createaccount')
* Say "log in / create account" if an anonymous user can create an account,
otherwise just "log in", consistently across skins
-* Special:Shortpages and Special:Longpages now returns pages in all content
+* Special:Shortpages and Special:Longpages now returns pages in all content
namespaces, not just NS_MAIN.
* (bug 889) Improve conflict-handling between shared upload repository
and local one
* (bug 709) Cannot rename/move images and other media files [EXPERIMENTAL]
* Custom rollback summaries now accept the same arguments as the default message
* (bug 12542) Added hooks for expansion of Special:Listusers
-* Drop-down AJAX search suggestions (turn on $wgEnableMWSuggest)
+* Drop-down AJAX search suggestions (turn on $wgEnableMWSuggest)
* More relevant search snippets (turn on $wgAdvancedSearchHighlighting)
* (bug 13950) Allow users to watch the user/talk pages of users they block.
* (bug 13970) Allow MonoBook-based skins to specify their own print stylesheet
changed by extensions.
* Add a new hook LinkerMakeExternalLink to allow extensions to modify the output of
external links.
-* (bug 14132) Allow user to disable bot edits from being output to UDP.
-* (bug 14328) jsMsg() within Wikibits now accepts a DOM object, not just a string
-* (bug 14558) New system message (emailuserfooter) is now added to the footer of
+* (bug 14132) Allow user to disable bot edits from being output to UDP.
+* (bug 14328) jsMsg() within Wikibits now accepts a DOM object, not just a string
+* (bug 14558) New system message (emailuserfooter) is now added to the footer of
e-mails sent with Special:Emailuser
* Add support for Hijri (Islamic) calendar
* Add a new hook LinkerMakeExternalImage to allow extensions to modify the output
* Foreign repo file descriptions and thumbnails are now cached.
* (bug 11732) Allow localisation of edit button images
* Allow the search box, toolbox and languages box in the Monobook sidebar to be
- moved around arbitrarily using special sections in [[MediaWiki:Sidebar]]:
+ moved around arbitrarily using special sections in [[MediaWiki:Sidebar]]:
SEARCH, TOOLBOX and LANGUAGES
* Add a new hook NormalizeMessageKey to allow extensions to replace messages before
the database is potentially queried
* Special:Recentchangeslinked now includes changes to transcluded pages and
displayed images; also, the "Show changes to pages linked" checkbox now works on
category pages too, showing all links that are not categorizations
-* (bug 4578) Automatically fix redirects broken by a page move
+* (bug 4578) Automatically fix redirects broken by a page move
=== Bug fixes in 1.13 ===
* (bug 13428) Fix regression in protection form layout HTML validity
* (bug 9403) Sanitize newlines from search term input
* (bug 13429) Separate date and time in message sp-newimages-showfrom
-* (bug 13137) Allow setting 'editprotected' right separately from 'protect',
+* (bug 13137) Allow setting 'editprotected' right separately from 'protect',
so groups may optionally edit protected pages without having 'protect' perms
* Disallow deletion of big pages by means of moving a page to its title and
using the "delete and move" option.
* (bug 13705) Don't show rollback link in page history on incorrect revisions
* (bug 13708) Don't set "Search results" title when loading Special:Search
without query
-* (bug 13736) Don't show MediaWiki:Anontalkpagetext on non-existant IP addresses
+* (bug 13736) Don't show MediaWiki:Anontalkpagetext on non-existent IP addresses
* (bug 13728) Don't trim initial whitespace during section edits
* (bug 13727) Don't delete log entries from recentchanges on page deletion
* (bug 13752) Redirects to sections now work again
* (bug 12644) Template list on edit page now sorted on preview
* (bug 14058) Support pipe trick for namespaces and interwikis with "-"
* Message name filter on Special:Allmessages now case-insensitive
-* (bug 13943) Fix image redirect behaviour on image pages
+* (bug 13943) Fix image redirect behavior on image pages
* (bug 14093) Do 'sysop' => 'protect' magic in Title::isValidMoveOperation
* (bug 14063) Power search form missing <label> for redirects check
* (bug 14111) Similar filename warning links now lead to correct page
* (bug 14386) Fix subpage namespace oddity when moving a talk page
* (bug 11771) Signup form now not shown if in read-only mode.
* (bug 12859) $wgRateLimitsExcludedGroups has been deprecated in favor of
- $wgGroupPermissions[]['noratelimit'].
+ $wgGroupPermissions[]['noratelimit'].
* (Bug 13828) Split parameter $1 of MediaWiki:Missingarticle into $1 (=title)
and $2 (=revision numbers)
* (bug 14401) Fix Safari access key tooltips for Windows and >3.1 Mac versions
searches instead of the domain root (which may not even be a wiki).
* (bug 3481) Pages moved shortly after creation are shown at their new title
on Special:Newpages.
-* (bug 12716) Trying to unprotect a title that isn't protected no longer
+* (bug 12716) Trying to unprotect a title that isn't protected no longer
generates a log entry.
* (bug 14088) Excessively long block expiry times are rejected as invalid,
keeps the log page from being distorted.
* (bug 14764) Fix regression in from Article::lastModified(), failed to work
on non-mySQL schemas.
* (bug 14763) Child classes of Database (DatabasePostgres and DatabaseOracle)
- had stict standards issues with setFakeSlaveLag() and setFakeMaster().
+ had strict standards issues with setFakeSlaveLag() and setFakeMaster().
* (bug 451) Improve the phrase mappings of the Chinese converter arrays.
* (bug 12487) Rights log is not fully internationalized
* (bug 10837) Language variants no longer override other languages than base
* (bug 13128) Added patrolled flag to list=recentchanges
* Implemented {bl,ei,iu}redirect (lists links through redirects as well)
* (bug 13154) Introduced subpages flag to meta=siteinfo&siprop=namespaces
-* (bug 13157) Added ucuserprefix parameter to list=usercontibs
+* (bug 13157) Added ucuserprefix parameter to list=usercontribs
* (bug 12394) Added rctitles parameter to list=recentchanges, making rcid
retrieval easier
* (bug 13218) Fix inclusion of " character in hyperlinks
* (bug 13419) Fix gblredirect so it actually works
* (bug 13418) Disable eiredirect because it's useless
* (bug 13395) list=allcategories should use category table
-* (bug 13442) Missing pages in prop=langlinks and prop=extlinks are now
+* (bug 13442) Missing pages in prop=langlinks and prop=extlinks are now
handled properly.
* (bug 13444) Add description to list=watchlist
* (bug 13482) Disabled search types handled properly
* Replaced $wgAPIUCUserPrefixMinLength by the more generic $wgAPIMaxDBRows
* (bug 11719) Remove trailing blanks in YAML output.
* (bug 13541) Added siprop=specialpagealiases to meta=siteinfo
-* Added fallback8bitEncoding and readonly fields to
+* Added fallback8bitEncoding and readonly fields to
meta=siteinfo&siprop=general output
* (bug 13544) Added prop=revid to action=parse
* (bug 13603) Added siprop=usergroups to meta=siteinfo
* (bug 14013) Added rcshow=patrolled to list=recentchanges
* (bug 14028) Added language attribute to interwiki map in meta=siteinfo
* (bug 14022) Added usprop=registration and auprop=blockinfo
-* (bug 14021) Removed titles= support from list=backlinks (has been obsolete
+* (bug 14021) Removed titles= support from list=backlinks (has been obsolete
for ages)
* (bug 13829) Expose parse tree via action=expandtemplates
* (bug 13606) Allow deletion of images
* Added bkip parameter to list=blocks
* (bug 14651) apprefix and similar parameters are now canonicalized
* Added clprop=timestamp to prop=categories
-* (bug 14678) API errors now respects $wgShowExceptionDetails and
+* (bug 14678) API errors now respects $wgShowExceptionDetails and
$wgShowSQLErrors
* (bug 14723) Added time zone and writing direction to meta=siteinfo
* Added APIQueryInfoTokens and APIQueryRevisionsTokens hooks so extensions
will be made on the development trunk and appear in the next quarterly release.
Those wishing to use the latest code instead of a branch release can obtain
-it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
+it from source control: https://www.mediawiki.org/wiki/Download_from_SVN
=== Configuration changes in 1.12 ===
* Marking edits as bot edits with Special:Contributions?bot=1 now requires the
to not check and assume they are always up to date)
* The rollback permission can now be rate-limited using the normal mechanism.
* New configuration variable $wgExtraLanguageNames
-* Behaviour of $wgAddGroups and $wgRemoveGroups changed. New behaviour:
+* Behavior of $wgAddGroups and $wgRemoveGroups changed. New behavior:
* * Granting the userrights privilege allows arbitrary changing of rights.
* * Without the userrights privilege, a user will be able to add and/or
remove the groups specified in $wgAddGroups and $wgRemoveGroups for
and reject interwiki prefixes. PrefixSearch class centralizes this code,
and the backend part can be overridden by the PrefixSearchBackend hook.
* (bug 10365) Localization of Special:Version
-* When installing using Postgres, the Pl/Pgsql language is now checked for
+* When installing using Postgres, the Pl/Pgsql language is now checked for
and installed when at the superuser level.
* The default robot policy for the entire wiki is now configurable via the
$wgDefaultRobotPolicy setting.
pass.
Bug 5678 has been fixed. This has a number of user-visible effects related to
-the removal of this double-parse. Please see the wiki page for examples.
+the removal of this double-parse. Please see the wiki page for examples.
Message transformation mode has been removed, and replaced with "preprocess"
mode. This means that some MediaWiki namespace messages may need to be updated,
-especially ones which took advantage of the terribly counterintuitive behaviour
-of the former message mode.
+especially ones which took advantage of the terribly counterintuitive behavior
+of the former message mode.
The header identification routines for section edit and for numbering section
edit links have been merged. This removes a significant failure mode and fixes a
whole category of bugs (tracked by bug #4899). Wikitext headings uncovered by
-template expansion will still be rendered into a heading tag, and will get an
-entry in the TOC, but will not have a section edit link. HTML-style headings
-will also not have a section edit link. Valid wikitext headings present in the
-template source text will get a template section edit link. This is a major
-break from previous behaviour, but I believe the effects are almost entirely
+template expansion will still be rendered into a heading tag, and will get an
+entry in the TOC, but will not have a section edit link. HTML-style headings
+will also not have a section edit link. Valid wikitext headings present in the
+template source text will get a template section edit link. This is a major
+break from previous behavior, but I believe the effects are almost entirely
beneficial.
The main motivation for making these changes was performance. The new two-pass
The new preprocessor syntax has been documented in Backus-Naur Form at:
-http://www.mediawiki.org/wiki/Preprocessor_ABNF
+https://www.mediawiki.org/wiki/Preprocessor_ABNF
-The ExpandTemplates extension now has the ability to generate an XML parse
+The ExpandTemplates extension now has the ability to generate an XML parse
tree from wikitext source. This parse tree corresponds closely to the grammar
documented on that page.
=== API changes in 1.12 ===
-Full API documentation is available at http://www.mediawiki.org/wiki/API
+Full API documentation is available at https://www.mediawiki.org/wiki/API
* (bug 11275) Enable descending sort in categorymembers
* (bug 11308) Allow the API to output the image metadata
will be made on the development trunk and appear in the next quarterly release.
Those wishing to use the latest code instead of a branch release can obtain
-it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
+it from source control: https://www.mediawiki.org/wiki/Download_from_SVN
== Configuration changes since 1.10 ==
* Improved thumb.php error handling
* Display file history on local image description pages of shared images
* Added $wgArticleRobotPolicies
-* (bug 10076) Additional parameter $7 added to MediaWiki:Blockedtext
+* (bug 10076) Additional parameter $7 added to MediaWiki:Blockedtext
containing, the ip, ip range, or username whose block is affecting the
* (bug 7691) Show relevant lines from the deletion log when re-creating a
previously deleted article
enabled by default.
* Added option to install to MyISAM
* (bug 9250) Remove hardcoded minimum image name length of three characters
-* Fixed DISPLAYTITLE behaviour to reject titles which don't normalise to the
+* Fixed DISPLAYTITLE behavior to reject titles which don't normalise to the
same title as the current page, and enabled per default
* Wrap site CSS and JavaScript in a <pre> tag, like user JS/CSS
* (bug 10196) Add classes and dir="ltr" to the <pre>s on CSS and JS pages (new
* (bug 11022) Use a more accurate page title for Special:Whatlinkshere and
Special:Recentchangeslinked
* Add link to user contributions in normal watchlist edit mode
-* (bug 9426) Add 'newsectionheaderdefaultlevel' message to allow
- modification of the heading formatting for new sections when section=new
+* (bug 9426) Add 'newsectionheaderdefaultlevel' message to allow
+ modification of the heading formatting for new sections when section=new
argument is supplied
-* (bug 10836) Add 'newsectionsummary' message to allow modification of the
+* (bug 10836) Add 'newsectionsummary' message to allow modification of the
text that prefixes a new section link in Recent Changes
-
+
== Bugfixes since 1.10 ==
* (bug 9712) Use Arabic comma in date/time formats for Arabic and Farsi
* (bug 7070) monobook/user.gif has antialias artifacts
* (bug 9123) Safer way when applying $wgLocalTZoffset
* (bug 9896) Documentation for $wgSquidServers and X-FORWARDED-FOR
-* (bug 9417) Uploading new versions of images when using Postgres no longer
+* (bug 9417) Uploading new versions of images when using Postgres no longer
throws warnings.
* (bug 9908) Using tsearch2 with Postgres 8.1 no longer gives an error.
* (bug 1438) Fix for diff table layout on very wide lines.
* (bug 9383) Don't set a default value for BLOB column in rc-deleted
database patch
* (bug 10149) Don't show full template list on section-0 edit
-* (bug 9909) Ensure access to binary fields in the math table use encodeBlob()
+* (bug 9909) Ensure access to binary fields in the math table use encodeBlob()
and decodeBlob()
* (bug 6743) Don't link broken image links to the upload form when uploads
are disabled
* As intended, *skip* the HTTP proxy purges when doing HTCP purges
* (bug 9696) Fix handling of brace transformations in "pagemovedtext"
* (bug 10325) Fix regression in form action on Special:Listusers
-* Fixed installation on MyISAM or old InnoDB with charset=utf8, was giving
+* Fixed installation on MyISAM or old InnoDB with charset=utf8, was giving
overlong key errors.
* Fixed zero-padding issues with MySQL 5 binary schema
* (bug 10344) Don't follow a redirect after changing its protection level
* Fix upload form display in right-to-left languages
* Fixed regression in blocking of username '0'
* (bug 9437) Don't overwrite edit form submission handler when setting up
- edit box scroll position preserve/restore behaviour
+ edit box scroll position preserve/restore behavior
* (bug 10805) Fix "undo" link when viewing the diff of the most recent
change to a page using "diff=0"
* (bug 10765) img_auth.php will now refuse logged-out requests where
* (bug 8393) <sup> and <sub> need to be preserved (without attributes) for
entries in the table of contents
* (bug 11114) Fix regression in read-only mode error display during editing
-* Force non-MySQL databases to use an ORDER BY in SpecialAllpages to ensure
+* Force non-MySQL databases to use an ORDER BY in SpecialAllpages to ensure
that the first page_title is truly the first page title.
* (bug 10836) Change the summary on creating of new section
* Inclusion of Special:Wantedpages now works again
== API changes since 1.10 ==
-Full API documentation is available at http://www.mediawiki.org/wiki/API
+Full API documentation is available at https://www.mediawiki.org/wiki/API
* New properties: links, templates, images, langlinks, categories, external
links
"ready to run", and in fact runs our own sites on Wikipedia.
Release branches will continue to receive security updates for about a year
-from first release, but nonessential bugfixes and feature developments
+from first release, but nonessential bugfixes and feature developments
will be made on the development trunk and appear in the next quarterly release.
Those wishing to use the latest code instead of a branch release can obtain
-it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
+it from source control: https://www.mediawiki.org/wiki/Download_from_SVN
== Configuration changes ==
* A new switch $wgCommandLineDarkBg used by maintenance scripts (parserTests.php).
It lets you specify if your terminal use a dark background, the colorized
output will be made lighter making things easier to read.
-* The minimum permissions needed to edit a page in each namespace can now be
+* The minimum permissions needed to edit a page in each namespace can now be
customized via the $wgNamespaceProtection array. By default, editing pages in
the MediaWiki namespace requires "editinterface" permission, as before.
* Allow restriction of autoconfirmed permission by edit count. New global setting
== New features since 1.9 ==
-* (bug 6937) Introduce "statistics-footer" message, appended to
+* (bug 6937) Introduce "statistics-footer" message, appended to
Special:Statistics
* (bug 6638) List block flags in block log entries
* (bugs 5051, 5376) Tooltips and accesskeys no longer require JavaScript
"semi protected".
* (bug 4133) Allow page protections to be made with an expiry date, in the same
format as block expiry dates. Existing protections are assumed to be infinite,
- as are protections made with the new field left blank.
+ as are protections made with the new field left blank.
* (bug 8535) Allow certain vertical alignment attributes to be used as image
keywords
* (bug 6987) Allow perrow, widths, and heights attributes for <gallery>
* (bug 8678) Fix detection of self-links for numeric titles in Parser
* (bug 6171) Magically close tags in tables when not using Tidy.
* Sanitizer now correctly escapes lonely '>' occurring before the first wikitag.
-* Ignore self closing on closing tags ( '</div />' now gives '</div>')
+* Ignore self closing on closing tags ( '</div />' now gives '</div>')
* (bug 8673) Minor fix for web service API content-type header
* Fix API revision list on PHP 5.2.1; bad reference assignment
* (bug 8688) Handle underscores/spaces in Special:Blockip and Special:Ipblocklist
* (bug 3953) Work around poor display of parenthesis in the in other
languages section of MonoBook skin
* (bug 8539) Enable PLURAL option for another message of recentchanges.
-* (bug 8728) MediaWiki:Badfiletype splitted into 3 messages
+* (bug 8728) MediaWiki:Badfiletype split into 3 messages
* (bug 9131) Allow SpecialContributions to work with Postgres
* (bug 9155) Allow footer info to wrap in Monobook
* (bug 8847) Strip spurious #fragments from request URI to fix redirect
instead of sending the user to the main page like they used to
* Fix object variable used for displaying "not-patrolled" CSS class on list
* Fixed interaction of page parameter to ImagePage with the HTML file cache
-* Fixed MIME type for SVG files, will be silently changed from image/svg
+* Fixed MIME type for SVG files, will be silently changed from image/svg
to image/svg+xml after loading from the database.
-* Workaround for djvutoxml bug #1704049 (poor performance). Use djvudump
+* Workaround for djvutoxml bug #1704049 (poor performance). Use djvudump
instead.
-* Fixed odd behaviour in ImagePage on DjVu thumbnailing errors
+* Fixed odd behavior in ImagePage on DjVu thumbnailing errors
* (bug 5439) "Go" title search will now jump to shared/foreign Image: and
MediaWiki: pages that have not been locally edited.
* (bug 9630) Limits links in Whatlinkshere forgot about namespace filter
* Fixed upgrade for the non-standard MySQL schemas
-* Disable MySQL's strict mode at session start for MySQL 4.1+, to avoid the
+* Disable MySQL's strict mode at session start for MySQL 4.1+, to avoid the
various problems that occur when it is on.
* (bug 9585) Fix regression in tidy usage in Special:Undelete previews
* (bug 3826) Normalize some invalid cookie name characters when setting
* (bug 5959) Anchors dropped from stub links
* (bug 3348) Some additional weak password checks: password which is same
as username will now be rejected.
-* (bug 8602) Converted Special:Contributions to use an IndexPager. The
- interpretation of the offset parameter has changed, and the go parameter
+* (bug 8602) Converted Special:Contributions to use an IndexPager. The
+ interpretation of the offset parameter has changed, and the go parameter
has been removed.
* (bug 6204) Fixes for indentation with $wgMaxTocLevel:
- don't emit too many list close tags after an invisible header
* New maintenance script to show the cached statistics : showStats.php.
* Count deleted edits when regenerating total edits in maintenance/initStats.php
* (bug 3706) Allow users to be exempted from IP blocks. The ipblock-exempt permission
- key has been added to enable this behaviour, by default assigned to sysops.
+ key has been added to enable this behavior, by default assigned to sysops.
* (bug 7948) importDump.php now warn that Recentchanges need to be rebuild.
* (bug 7667) allow XHTML namespaces customization
* (bug 8531) Correct local name of Lingála (patch by Raymond)
* (bug 6586) Regression in "unblocked" subtitle
* Don't put empty-page message into view-source when page text is blank
* (bug 6587) Remove redundant "allnonarticles" message
-* Block improvements: Allow blocks on anonymous users only. Optionally allow
+* Block improvements: Allow blocks on anonymous users only. Optionally allow
or disallow account creation from blocked IP addresses. Prevent duplicate
blocks. Fixed the problem of expiry and unblocking erroneously affecting
multiple blocks. Fixed confusing lack of error message when a blocked user
- attempts to create an account. Fixed inefficiency of Special:Ipblocklist in
- the presence of large numbers of blocks; added indexes and implemented an
+ attempts to create an account. Fixed inefficiency of Special:Ipblocklist in
+ the presence of large numbers of blocks; added indexes and implemented an
indexed pager.
* (bug 6448) Allow filtering of Special:Newpages according to username
* (bug 6618) Improve permissions/error detection in Special:Lockdb
* (bug 6642) Don't offer to unlock the database when it isn't locked
* cleanupTitles.php changed from --dry-run option to --fix, so default
behavior is now a non-invasive check as with namespaceDupes.php
-* (bug 6660) Fix behaviour of EditPage::blockedPage() when the article does
+* (bug 6660) Fix behavior of EditPage::blockedPage() when the article does
not exist; now doesn't show the source box if the user hasn't provided it
(blocked mid-edit) and the page doesn't exist
* Improve default value of "blockedtext"
* Moved the bulk of the localisation data from the Language*.php files to the
Messages*.php files. Deleted most of the Languages*.php files.
* Introduced "stub global" framework to provide deferred initialisation of core
- modules.
+ modules.
* Removed placeholder values for $wgTitle and $wgArticle, these variables will
now be null during the initialisation process, until they are set by index.php
or another entry point.
-* Added DBA cache type, for BDB-style caches.
+* Added DBA cache type, for BDB-style caches.
* Removed custom date format functions, replacing them with a format string in
the style of PHP's date(). Used string identifiers instead of integer
identifiers, in both the language files and user preferences. Migration should
* Simplified the initialisation API for LoadBalancer objects.
* Removed the broken altencoding feature.
* Moved default user options and toggles from Language to User. Language objects
- are still able to define default preference overrides and extra user toggles,
+ are still able to define default preference overrides and extra user toggles,
via a slightly different interface.
* Don't include the date option in the parser cache rendering hash unless
$wgUseDynamicDates is enabled.
-* Merged LanguageUtf8 with Language. Removed LanguageUtf8.php.
+* Merged LanguageUtf8 with Language. Removed LanguageUtf8.php.
* Removed inclusion of language files from the bottom of Language.php. This is
- now consistently done from Language::factory().
+ now consistently done from Language::factory().
* Add the name of the executing maintenance script to the debug log. Start the
profiler during maintenance scripts.
* Added "serialized" directory, for storing precompiled data in serialized form.
* Fix regression in auto-set NS_PROJECT_TALK namespace
* Fix regression in ordering of namespaces
* (bug 6806, 6030) Added several global JS variables for article path, user name,
- page title, etc.
+ page title, etc.
* hooks registered with addOnloadHook are now called at the one of the html body
by all skins.
* Split ajax aided search from core ajax framework. Use wgUseAjax to enable the
framework and wgAjaxSearch to enable the suggest feature for the search box.
-* Added experimental installer for extensions.
+* Added experimental installer for extensions.
See maintenance/installExtension.php
* Added Tajic (tg) language file.
* (bug 6903) Added Cantonese localisation (zh-yue)
* Fix bug in wfRunHooks which caused corruption of objects in the hook list
* (bug 4979) Use simplified email addresses when running on Windows
* (bug 4434) Show block log fragment on Special:Blockip
-* [[MediaWiki:Disambiguationspage]] may optionally contain wiki links to any number
+* [[MediaWiki:Disambiguationspage]] may optionally contain wiki links to any number
of disambiguation templates.
* [[Special:Disambiguations]] now shows pages in NS:0 that link to any pages that embed
any of the templates listed at [[MediaWiki:Disambiguationspage]].
* Fix formatting of titles on Special:Undelete
* (bug 7026) Fix action=raw&templates=expand
* (bug 6976) Add namespace and direction classes to classic skins
-* (bug 7144) Don't "return to main" from OutputPage::loginToUse() if the the user can't
+* (bug 7144) Don't "return to main" from OutputPage::loginToUse() if the user can't
read the main page in the first place
* (bug 7188) Fix minor borkage in HTMLForm
* (bug 6675) Replaced message 'watchthis' with new message 'watchthisupload in Special:Upload
* Added experimental $wgRevisionCacheExpiry to cache extracted revision text
in $wgMemc, to further reduce hits to external storage.
Set to 0 (disabled) by default.
-* Minor changes to the installer.
+* Minor changes to the installer.
* Remove ":" for 'youremail' and 'yourrealname' in includes/templates/Userlogin.php
so that ":" could be used in i18n for Special:Preferences (like 'username' and 'uid').
* Fix layout for Special:Preferences->Date and Time (position for 'timezonetext').
was meant to be banned years ago... For now existing accounts will not be
prevented fromm login.
* (bug 6092) Introduce magic words {{REVISIONDAY}}, {{REVISIONDAY2}, {{REVISIONMONTH}},
- {{REVISIONYEAR}} and {{REVISIONTIMESTAMP}}
+ {{REVISIONYEAR}} and {{REVISIONTIMESTAMP}}
* (bug 7425) Preceeding whitespace in [[...]] breaks subpages
* Try to reconnect after transitory database errors in dumpTextPass.php
* (bug 6023) Fixed mismatch of 0/NULL for wl_notificationtimestamp; now notification
mails are working after 'Mark all pages visited' button on Special:Watchlist is clicked
-* Made {{INT:}} a core parser function instead of a special case. The syntax
- and behaviour is largely unchanged.
+* Made {{INT:}} a core parser function instead of a special case. The syntax
+ and behavior is largely unchanged.
* (bug 7448) Fixing the native name for Ewe (ee)
* (bug 6864) Replace message 'editing' with new message 'editinguser' in Special:Userrights
to allow better localisation
* (bug 6617) Validate timestamps on Special:Undelete
* Do fewer unnecessary full writes of user rows; only update user_touched
for watch/unwatch, group membership change, and login operations
-* Restructured the languages directory, to avoid problems when people
- untar MW 1.8 over the top of a 1.7 installation.
-* (bug 6890) SQL query error on bad input to Pager lists
+* Restructured the languages directory, to avoid problems when people
+ untar MW 1.8 over the top of a 1.7 installation.
+* (bug 6890) SQL query error on bad input to Pager lists
due to negative LIMIT clause, caused by integer wraparound.
* Fixed various bugs related to table prefixes, especially the interaction
between table prefixes and memcached, which was formerly completely broken.
* (bug 5536) Use content language for editing help link
* Improvements to German localisation files
* (bug 5570) Problems using <special page>/parameter link form for long titles
-* (bug 3884) Add $user parameter to AddNewUser hook, call it for by-email
+* (bug 3884) Add $user parameter to AddNewUser hook, call it for by-email
registrations as well as self-registrations.
* (bug 4327) Report age of cached data sets in query pages
* (bug 4662) Fix Safari check in wikibits.js
* (bug 2910) Default view preferences for watchlists
* Add "hide bot edits from the watchlist" user preference
* (bug 5250) Introduce Special:Unusedtemplates
-* Add user preference setting for an extended watchlist, showing all recent
+* Add user preference setting for an extended watchlist, showing all recent
edits up to a certain edit, and not just the latest edit..
* Made MessageRo.php more general
* (bug 5640) Indonesian localisation improvements
* (bug 6170) Update for Kashubian translation (csb)
* (bug 6191) Update to Indonesian translation (id) #18
* (bug 6114) Update to Walloon localization (wa)
-* Added $wgNamespaceRobotPolicies to allow customisation of robot policies on a
+* Added $wgNamespaceRobotPolicies to allow customisation of robot policies on a
per-namespace basis.
* Add <ol> to the list of block elements for doBlockLevels; avoids <p>s being
interspersed into your ordered lists.
* (bug 3837) Leave <center> as is instead of doing an unsafe text replacement
to <div class="center">. <center> is perfectly valid in the target doctype
(XHTML 1.0 Transitional), while the replacement didn't catch all cases and
- could even result in invalid output from valid input.
+ could even result in invalid output from valid input.
* (bug 4280) Use 'noindex,nofollow' instead of 'noindex,follow' for default
meta robots tag on diff view and special pages. Should reduce impact of
robots on scrolling special pages, diffs etc on sites where robots.txt
in StreamFile
* (bug 6304) Show timestamp for current revision in diff pages
* Vertically align current version with old version header in diff display
-* (bug 6174) Remove redundant "emailforlost" message
-* (bug 6189) Show an error to an unprivilleged user trying to create account
+* (bug 6174) Remove redundant "emailforlost" message
+* (bug 6189) Show an error to an unprivileged user trying to create account
* (bug 6365) Show user information in the "old revision" navigation links
* Introduce 'FetchChangesList' hook; see docs/hooks.txt for more information
* (bug 6345) Update to Indonesian localisation (id) #22
* Respect database prefix in dumpHTML.inc
* Removed read-only check from Database::query()
* Added externallinks table, to track links to arbitrary URLs
-* Added job table, for deferred processing of jobs. The immediate application is
+* Added job table, for deferred processing of jobs. The immediate application is
to complete the link table refresh operation when templates are changed.
* Don't change the password of the MySQL root user.
* Fixed installer bugs 921 and 3914 (issues with using root and so forth)
* (bug 4258) Use ugly urls for ISAPI by default
patch by Rob Church
-* Improve installer
+* Improve installer
* Use a superuser account (such as root), if specifed, to create tables
* Don't overwrite conservative permissions on the mySQL user with ALL
permissions, if said user exists
Maintenance:
* Fix problem reported on mailing list where re-initialising stats didn't work (can't insert
duplicate rows with the same id field)
-* Added --conf option to command line scripts, allowing the user to specify a
+* Added --conf option to command line scripts, allowing the user to specify a
different LocalSettings.php.
* Maintenance script to delete unused text records
* Maintenance script to delete non-current revisions
* (bug 1850) Image link to nonexistent file fixed.
* (bug 5167) Add {{SUBPAGENAME}} and {{SUBPAGENAMEE}} variables
* (bug 4949) Missing : in "addedwatchtext" for English and Spanish
-* Allow user-defined functions, which work in a similar way to {{GRAMMAR:}}
+* Allow user-defined functions, which work in a similar way to {{GRAMMAR:}}
etc. Registered via an interface similar to tag hooks.
Upload:
* Set cookies to secure mode based on use of HTTPS or $wgCookieSecure
* (bug 4371) Disallow tilde character in signatures
* Removed broken wgAllowAnonymousMinor and added new group right minoredit
-* Added detection for WMF files (application/x-msmetafile), added this
+* Added detection for WMF files (application/x-msmetafile), added this
MIME type to the default blacklist. Prevented inline display of images
which are not of known image types. This is in response to
http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability
* (bug 1956) Hide bot uploads from Special:Newimages
* (bug 3220) Fix escaping of block URLs in Recentchanges
* (bug 3284) Ipblocklist paging, substring search
-* Allow filtering of robot edits in Special:Watchlist by stting
+* Allow filtering of robot edits in Special:Watchlist by setting
$wgFilterRobotsWL = true.
* Fix interlanguage links on special pages when extra namespaces configured
* (bug 3475) anon contrib links on Special:Newpages
* (bug 912) Search box easier to reach in text browsers (lynx, links)
* $wgParserCacheExpireTime added
* Skip loading of RecentChange.php except where needed
-* Enforce $wgSVGMaxSize when rendering, even for SVGs with a very large source
+* Enforce $wgSVGMaxSize when rendering, even for SVGs with a very large source
size. This is necessary to limit server memory usage.
* Cleanup and error checking on Special:Listredirects
* Clear up some instances of old OutputPage::sysopRequired() function usage
* Improve "upload disabled" notice
-* Move parts of index.php to include/Wiki.php in an attempt to both cleanup index.php
+* Move parts of index.php to include/Wiki.php in an attempt to both cleanup index.php
and create a MediaWiki-class mediaWiki base object
* (bug 4104) Added OutputPageBeforeHTML hook for tweaking primary wiki output
HTML on final output (cached or not)
would be generated smaller than expected.
* (bug 5062) Width sometimes one pixel short when using maximum heights
* Purge thumbnails and metadata cache for action=purge on an image page
-* (bug 4273) Bounce back with a message when attempting to submit a new comment
+* (bug 4273) Bounce back with a message when attempting to submit a new comment
with an empty main textbox (user probably hit Enter in subject field)
* (bug 5141) Gracefully handle the new account link when createaccount off
* (bug 5150 and related) Fix missing ID attribute in HTML namespace selector
MediaWiki 1.5.7 is a bugfix maintenance release.
-Most importantly, a security issue in the installer has been fixed. The bug
-affects new installations of 1.5.6 only. If the user specified the MySQL root
-password, to allow the installer to create an unprivileged account, the
-installer would not only create the new account but also change the root
-password to be equal to the password of the new account.
+Most importantly, a security issue in the installer has been fixed. The bug
+affects new installations of 1.5.6 only. If the user specified the MySQL root
+password, to allow the installer to create an unprivileged account, the
+installer would not only create the new account but also change the root
+password to be equal to the password of the new account.
-Anyone affected by this bug will need to change the root password back
+Anyone affected by this bug will need to change the root password back
manually. For information about how to change passwords in MySQL please see:
http://dev.mysql.com/doc/refman/5.1/en/passwords.html
The core table schema has changed significantly. This should make better
use of the database's cache and disk I/O, and make significantly speed up
rename and delete operations on pages with very long edit histories.
-
+
Unfortunately this does mean upgrading a wiki of size from 1.4 will require
some downtime for the schema restructuring, but future storage backend
changes should be able to integrate into the new system more easily.
Uploads:
It's now possible to specify the final filename of an upload distinct
from the original filename on your disk.
-
+
An image link for a missing file will now take you straight to the upload page.
-
+
More metadata is pre-extracted from uploaded images, which will ease pressure
on disk or NFS volumes used to store images. EXIF metadata is displayed on
the image description page if PHP is configured with the necessary module.
-
+
If .svg files are added to the upload whitelist, you can choose to render
them to rasterized .png images for inline display using one of several
external helper programs. See DefaultSettings.php for SVG options.
There are some changes to the user permissions system, with assignable
groups. Note that this does *not* allow you to make pages which are only
accessible to certain groups.
-
- For details see: http://www.mediawiki.org/wiki/Manual:User_rights
+
+ For details see: https://www.mediawiki.org/wiki/Manual:User_rights
E-mail:
User-to-user e-mail can now be restricted to require a mail-back confirmation
first to reduce potential for abuse with false addresses.
-
+
Updates to user talk pages and watchlist entries can optionally send e-mail
notifications.
Wikis must now be encoded in Unicode UTF-8; this has been the default for
some time, but some languages could optionally be installed in Latin-1 mode.
This is no longer supported.
-
+
You can check if your current wiki is in Latin-1 mode by using your browser's
"view source"; look for a line like this:
-
+
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-
+
If it says charset=utf-8, you're ready. If it says charset=iso8859-1,
you may need to convert your data. (English-language wikis avoiding
any accented characters may be able to get away without conversion.)
MySQL 3.x:
Some optimization hacks for MySQL 3.x have been removed as part of the schema
clean-up (specifically, the inverse_timestamp fields).
-
+
MediaWiki 1.5 may still run on 3.x, but wikis of non-trivial size should
very seriously consider upgrading to a more modern release. MySQL 3.x support
will probably be entirely dropped in the next major release.
old page text entries, but other metadata fields (titles, comments etc) need
to be pre-converted. The standard upgrade process does not yet fully automate
this, but you can try the alternate partial-upgrader in upgrade1_5.php.
-
+
The upgrade from 1.4 to 1.5 schema has not been tested for all cases, so
it's possible you may experience problems in some combinations.
text table on deletion. If you provide public backup dumps of your databases,
you will probably want to use the new XML-format dump generator, available
as maintenance/dumpBackup.php.
-
+
For more information on how we run our own public data dumps at Wikimedia,
see http://meta.wikimedia.org/wiki/Data_dumps
* 'live preview' reduces preview reload burden on supported browsers
* support for external editors for files and wiki pages:
- http://www.mediawiki.org/wiki/Manual:External_editors
-* Schema reworking: http://www.mediawiki.org/wiki/Proposed_Database_Schema_Changes/October_2004
+ https://www.mediawiki.org/wiki/Manual:External_editors
+* Schema reworking: https://www.mediawiki.org/wiki/Proposed_Database_Schema_Changes/October_2004
* (bug 15) Allow editors to view diff of their change before actually submitting an edit
* (bug 190) Hide your own edits on the watchlist
* (bug 510): Special:Randompage now works for other namespaces than NS_MAIN.
* Supplying a reason for a block is no longer mandatory
* Language conversion support for category pages
* $wgStyleSheetDirectory is no longer an alias for $wgStyleDirectory;
-* Special:Movepage can now take paramaters like Special:Movepage/Page_to_move
- (used to just be able to take paramaters via a GET request like index.php?title=Special:Movepage&target=Page_to_move)
+* Special:Movepage can now take parameters like Special:Movepage/Page_to_move
+ (used to just be able to take parameters via a GET request like index.php?title=Special:Movepage&target=Page_to_move)
* (bug 2151) The delete summary now includes editor name, if only one has edited the article.
* (bug 2105) Fixed from argument to the PHP mail() function. A missing space could prevent sending mail with some versions of sendmail.
* (bug 2228) Updated the Slovak translation
* (bug 2394) Undo incompatible breakage to {{msg:}} compatiblity includes
* (bug 1322) Use a shorter cl_sortkey field to avoid breaking on MySQL 4.1
when the default charset is set to utf8
-* (bug 2400) don't send confirmation mail on account creation if
+* (bug 2400) don't send confirmation mail on account creation if
$wgEmailAuthentication is false.
* (bug 2172) Fix problem with nowiki beeing replaced by marker strings
when a template with a gallery was used.
* Skip sidebar entries where link text is '-'
* Convert non-UTF-8 URL parameters even if referer is local
* (bug 2460) <img> width & height properly filled when resizing image
-* (bug 2273) deletion log comment used user interface langage
+* (bug 2273) deletion log comment used user interface language
* Try reading revision _text_ from master if no result on slave
* Use content-language message cache for raw view of message pages
* (bug 2530) Not displaying talk pages on Special:Watchlist/edit
== Changes since 1.5beta2 ==
* Escaped & correctly in Special:Contributions
-* (bug 2534) Hide edit sections with CSS to make right click to edit section work
+* (bug 2534) Hide edit sections with CSS to make right click to edit section work
* (bug 2708) Avoid undefined notice on cookieless login attempt
* (bug 2188) Correct template namespace for Greek localization
* Fixed number formatting for Dutch
=== Changes since 1.5.4 ===
* Maintenance script to delete unused user accounts
-* Added detection for WMF files (application/x-msmetafile), added this
+* Added detection for WMF files (application/x-msmetafile), added this
MIME type to the default blacklist. Prevented inline display of images
which are not of known image types. This is in response to
http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability
=== Changes since 1.5.5 ===
-* (bug 4258) When installing under IIS, $wgArticlePath = "$wgScript?title=$1"
+* (bug 4258) When installing under IIS, $wgArticlePath = "$wgScript?title=$1"
should be set
* (bug 4510) Correct Barnes & Noble bookstore URLs
* (bug 4504) Use site language for namespace name resolution
-* Installer fixes from HEAD backported; now uses a more sensible method of
- establishing which mySQL user to use, which clears up bug 921 et al. Minor
+* Installer fixes from HEAD backported; now uses a more sensible method of
+ establishing which mySQL user to use, which clears up bug 921 et al. Minor
changes to installer.
-* Fix problem reported on mailing list where re-initialising stats didn't work
+* Fix problem reported on mailing list where re-initialising stats didn't work
(can't insert duplicate rows with the same id field)
* (bug 1122) gray out 'older revision' when viewing first article revision.
* Respect database prefix in dumpHTML.inc
* Minor improvements to removeUnusedAccounts.php maintenance script
* Fix for single-digit week numbers from {{CURRENTWEEK}}, broken by PHP 4.4.1
* Removed read-only check from Database::query()
-* Added --conf option to command line scripts, allowing the user to specify a
+* Added --conf option to command line scripts, allowing the user to specify a
different LocalSettings.php.
=== Changes since 1.5.6 ===
* Default main page content improved per bug 4690
-* Fix dependence on hardcoded UNIQ_PREFIX in LanguageConverter.php
+* Fix dependence on hardcoded UNIQ_PREFIX in LanguageConverter.php
* Fixed Special:Unlockdb
* Maintenance script to delete unused text records
* Maintenance script to delete non-current revisions
If you have trouble, remember to read this whole file and the online FAQ page
before asking for help:
-http://www.mediawiki.org/wiki/Manual:FAQ
+https://www.mediawiki.org/wiki/Manual:FAQ
=== READ THIS FIRST: Upgrading ===
* More extension hooks have been added.
* Authentication plugin hook.
* More internal code documentation, generated with phpdoc:
- http://www.mediawiki.org/docs/html/
+ https://doc.wikimedia.org/mediawiki-core/master/php/html/
=== Optimization ===
* (bug 1193) Fix move-only page protection mode
* Fix zhtable Makefile to include the traditional manual table
* Add memcache timeout for the zh conversion tables
-* Allow user customization of the zh conversion tables through
+* Allow user customization of the zh conversion tables through
Mediawiki:zhconversiontable
* Add zh-min-man (back) to language names list
* Ported $wgCopyrightIcon setting from REL1_3A
* (bug 752) Don't insert newline in link title for url with %0a
* Fix missing search box contents in MonoBook skin
* Add option to forward search directly to an external URL (eg google)
-* Correctly highlight the fallback language variant when the selected
+* Correctly highlight the fallback language variant when the selected
variant is disabled. Used in zh: only for now.
=== Beta 5 fixes ===
* (bug 1283) Use underlining and borders to highlight additions/deletions
in diff-view
* Use user's local timezone in Special:Log display
-* Show filename for images in gallery by default (restore beta 3 behaviour)
+* Show filename for images in gallery by default (restore beta 3 behavior)
* (bug 1201) Double-escaping in brokenlinks, imagelinks, categorylinks, searchindex
* When using squid reverse proxy, cache the redirect to the Main_Page
* (bug 1302) Fix Norwegian language file
* Memcached data compression fixes
* Several valid XHTML fixes
* (bug 624) Fix IE freezing rendering whilst waiting for CSS with MonoBook
-* (bug 211) Fix tabbed preferences with XHTML MIME type
+* (bug 211) Fix tabbed preferences with XHTML MIME type
* Fix for script execution vulnerability.
=== Beta 6 fixes ===
* (bug 1368) Fix SQL error on stopword/short word search w/ MySQL 3.x
* Translated Hebrew namespace names
* (bug 1429) Stop double-escaping of block comments; fix formatting
-* (bug 829) Fix URL-escaping on block success
+* (bug 829) Fix URL-escaping on block success
* (bug 1228) Fix double-escaping on & sequences in [enclosed] URLs
* (bug 1435) Fixed many CSS errors
* (bug 1457) Fix XHTML validation on category column list
* convertLinks script fixes
* Corrections to template loop detection
* XHTML encoding fix for usernames containing & in Special:Emailuser
-* (for zh) Search for variant links even when conversion is turned off,
+* (for zh) Search for variant links even when conversion is turned off,
to help prevent duplicate articles.
* Disallow ISO 8859-1 C1 characters and "no-break space" in user names
on Latin-1 wikis.
exist" and "wrong password" when using AuthPlugin
* (bug 1532), (bug 1544) Changed language names for
'bn', 'bo', 'dv', 'dz', 'ht', 'ii', 'li', 'lo', 'ng', 'or', 'pa', 'si',
- 'ti', 've'
+ 'ti', 've'
* Fix editing on non-Esperanto wiki with user language pref set to Esperanto
* Make conversion table for zh-sg default to zh-cn, and zh-hk default to zh-tw
* Fix PHP notice in MonoBook when counters disabled
* (bug 1963) Fix deletion log link when $wgCapitalLinks is off
* (bug 1970) Don't show move tab for immobile pages
* (bug 1770) Page creation recorded links from the 'newarticletext' message
-* Optional change to the site_stats table. When applied, this removes the need
+* Optional change to the site_stats table. When applied, this removes the need
for expensive queries in Special:Statistics.
built up on MediaWiki.org, and is covered under the GNU Free Documentation
License:
- http://www.mediawiki.org/
+ https://www.mediawiki.org/
=== Mailing list ===
scripts.mit.edu / autoinstalls / mediawiki.git / blobdiff