= MediaWiki release notes =
Security reminder: MediaWiki does not require PHP's register_globals
-setting since version 1.2.0. If you have it on, turn it *off* if you can.
-
-== MediaWiki 1.15.4 ==
-
-2010-05-28
-
-This is a security and maintenance release.
-
-MediaWiki is now using a "continuous integration" development model with
-quarterly snapshot releases. The latest development code is always kept
-"ready to run", and in fact runs our own sites on Wikipedia.
-
-Release branches will continue to receive security updates for about a year
-from first release, but nonessential bugfixes and feature developments
-will be made on the development trunk and appear in the next quarterly release.
-
-Those wishing to use the latest code instead of a branch release can obtain
-it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
-
-== Changes since 1.15.3 ==
-
-* (bug 23534) Fixed SQL query error in API list=allusers.
-* (bug 23371) Fixed CSRF vulnerability in "e-mail me my password", "create
- account" and "create by e-mail" features of [[Special:Userlogin]]
-* (bug 23687) Fixed XSS vulnerability affecting IE clients only, due to a CSS
- validation issue.
-
-=== Changes since 1.15.2 ===
-
-* (bug 22828) Fixed deletion on SQLite.
-* (bug 23076) Fixed login CSRF vulnerability. Logins now require a token to
- be submitted along with the user name and password.
-
-=== Changes since 1.15.1 ===
-
-* The installer now includes a check for a data corruption issue with certain
- versions of libxml2 2.7 and PHP earlier than 5.2.9, and also for a PHP bug
- present in the official release of PHP 5.3.1.
-* (bug 20239) MediaWiki:Imagemaxsize does not contain anymore a <br /> tag which
- was displayed to the user
-* (bug 21150) SQLite no longer raise an error when deleting files
-* (bug 20880) Fixed updater failure on SQLite backend
-* upgrade1_5.php now requires to be run --update option to prevent confusion
-* Fixed a CSS validation issue which allowed external images to be included
- into wikis where that is disallowed by configuration.
-* Fixed a data leakage vulnerability for private wikis using img_auth.php or
- similar image access authentication schemes. Check user permissions before
- streaming out scaled images from thumb.php.
-
-=== Changes since 1.15.0 ===
-
-* Fixed fatal errors for unusual file repository configurations, such as
- ForeignAPIRepo.
-* Fixed the "change password" link on Special:Preferences to have the correct
- returnto parameter.
-* (bug 19693) Fixed cross-site scripting vulnerability in Special:Block
-
-=== Changes since 1.15.0rc1 ===
-
-* Removed category redirect feature, implementation was incomplete.
-* (bug 18846) Remove update_password_format(), unnecessary, destroys all
- passwords if a wiki with $wgPasswordSalt=false is upgraded with the web
- installer.
-* (bug 19127) Documentation warning for PostgreSQL users who run update.php:
- use the same user in AdminSettings.php as in LocalSettings.php.
-* Fixed possible web invocation of some maintenance scripts, due to the use of
- include() instead of require(). A full exploit would require a very strange
- web server configuration.
-* Localisation updates.
-
-=== Configuration changes in 1.15 ===
-
-* Added $wgNewPasswordExpiry, to specify an expiry time (in seconds) to
- temporary passwords
-* Added $wgUseTwoButtonsSearchForm to choose the Search form behavior/look
-* Added $wgNoFollowDomainExceptions to allow exempting particular domain names
- from rel="nofollow" on external links
-* (bug 12970) Brought back $wgUseImageResize.
-* Added $wgRedirectOnLogin to allow specifying a specifc page to redirect users
- to upon logging in (ex: "Main Page")
-* Add $wgExportFromNamespaces for enabling/disabling the "export all from
- namespace" option (disabled by default)
-
-=== New features in 1.15 ===
-
-* (bug 2242) Add an expiry time to temporary passwords
-* (bug 9947) Add PROTECTIONLEVEL parser function to return the protection level
- for the current page for a given action
-* (bug 17002) Add &minor= and &summary= as parameters in the url when editing,
- to automatically add a summary or a minor edit.
-* (bug 16852) padleft and padright now accept multiletter pad characters
-* When using 'UserCreateForm' hook to add new checkboxes into
- Special:UserLogin/signup, the messages can now contain HTML to allow
- hyperlinking to the site's Terms of Service page, for example
-* Add new hook 'UserLoadFromDatabase' that is called while loading a user
- from the database.
-* (bug 17045) Options on the block form are prefilled with the options of the
- existing block when modifying an existing block.
-* (bug 17055) "(show/hide)" links to Special:RevisionDelete now use a CSS class
- rather than hardcoded HTML tags
-* Added new hook 'WantedPages::getSQL' into SpecialWantedpages.php to allow
- extensions to alter the SQL query which is used to get the list of wanted
- pages
-* (bugs 16957/16969) Add show/hide to preferences for RC patrol options on
- specialpages
-* (bug 11443) Auto-noindex user/user talk pages for blocked user
-* (bug 11644) Add $wgMaxRedirects variable to control how many redirects are
- recursed through until the "destination" page is reached.
-* Add $wgInvalidRedirectTargets variable to prevent redirects to certain
- special pages.
-* Use HTML5 rel attributes for some links, where appropriate
-* Added optional alternative Search form look - Go button & Advanced search
- link instead of Go button & Search button
-* (bug 2314) Add links to user custom CSS and JS to Special:Preferences
-* More helpful error message on raw page access if PHP_SELF isn't set
-* (bug 13040) Gender switch in user preferences
-* (bug 13040) {{GENDER:}} magic word for interface messages
-* (bug 3301) Optionally sort user list according to account creation time
-* Remote description pages for foreign file repos are now fetched in the
- content language.
-* (bug 17180) If $wgUseFileCache is enabled, $wgShowIPinHeader is automatically
- set to false.
-* (bug 16604) Mark non-patrolled edits in feeds with "!"
-* (bug 16604) Show title/rev in IRC for patrol log
-* (bug 16854) Whether a page is being parsed as a preview or section preview
- can now be determined and set with ParserOptions.
-* Wrap message 'confirmemail_pending' into a div with CSS classes "error" and
- "mw-confirmemail-pending"
-* (bug 8249) The magic words for namespaces and pagenames can now be used as
- parser functions to return the desired namespace or normalized title/title
- part for a given title.
-* (bug 17110) Styled #mw-data-after-content in cologneblue.css to match the
- rest of the font
-* (bug 7556) Time zone names in signatures lack i18n
-* (bug 3311) Automatic category redirects
-* (bug 17236) Suppress 'watch user page link' for IP range blocks
-* Wrap message 'searchresulttext' (Special:Search) into a div with
- class "mw-searchresult"
-* (bug 15283) Interwiki imports can now fetch included templates
-* Treat svn:// URLs as external links by default
-* New function to convert namespace text for display (only applies on wiki with
- LanguageConverter class)
-* (bug 17379) Contributions-title is now parsed for magic words.
-* Preprocessor output now cached in memcached.
-* (bug 14468) Lines in classic RecentChanges and Watchlist have classes
- "mw-line-odd" and "mw-line-even" to make styling using css possible.
-* (bug 17311) Add a note beside the gender selection menu to tell users that
- this information will be public
-* Localize time zone regions in Special:Preferences
-* Add NUMBEROFACTIVEUSERS magic word, which is like NUMBEROFUSERS, but uses
- the active users data from site_stats.
-* Add a <link rel="canonical"> tag on redirected page views
-* Replace hardcoded '...' as indication of a truncation with the
- 'ellipsis' message
-* Wrap warning message 'editinginterface' into a div with class
- 'mw-editinginterface'
-* (bug 17497) Oasis opendocument added to mime.types
-* Remove the link to Special:FileDuplicateSearch from the "file history" section
- of image description pages as the list of duplicated files is shown in the
- next section anyway.
-* Added $wgRateLimitsExcludedIPs, to allow specific IPs to be whitelisted from
- rate limits.
-* (bug 14981) Shared repositories can now have display names, located at
- Mediawiki:Shared-repo-name-REPONAME, where REPONAME is the name in
- $wgForeignFileRepos
-* Special:ListUsers: Sort list of usergroups by alphabet
-* (bug 16762) Special:Movepage now shows a list of subpages when possible
-* (bug 17585) Hide legend on Special:Specialpages from non-privileged users
-* Added $wgUseTagFilter to control enabling of filter-by-change-tag
-* (bug 17291) MediaWiki:Nocontribs now has an optional $1 parameter for the
- username
-* Wrap special page summary message '$specialPageName-summary' into a div
- with class 'mw-specialpage-summary'
-* $wgSummarySpamRegex added to handle edit summary spam. This is used *instead*
- of $wgSpamRegex for edit summary checks. Text checks still use $wgSpamRegex.
-* New function to convert content text to specified language (only applies on wiki with
- LanguageConverter class)
-* (bug 17844) Redirect users to a specific page when they log in, see
- $wgRedirectOnLogin
-* Added a link to Special:UserRights on Special:Contributions for privileged users
-* (bug 10336) Added new magic word {{REVISIONUSER}}, which displays the editor
- of the displayed revision's author user name
-* LinkerMakeExternalLink now has an $attribs parameter for link attributes and
- a $linkType parameter for the type of external link being made
-* (bug 17785) Dynamic dates surrounded with a <span> tag, fixing sortable tables
- with dynamic dates.
-* (bug 4582) Provide preference-based autoformatting of unlinked dates with the
- dateformat parser function.
-* (bug 17886) Special:Export now allows you to export a whole namespace (limited
- to 5000 pages)
-* (bug 17714) Limited TIFF upload support now built in if 'tif' extension is
- enabled. Image width and height are now recognized, and when using ImageMagick,
- optional flattening to PNG or JPEG for inline display can be enabled by setting
- $wgTiffThumbnailType
-* Renamed two input IDs on Special:Log from 'page' and 'user' to 'mw-log-page' and
- 'mw-log-user', respectively
-* Added $wgInvalidUsernameCharacters to disallow certain characters in
- usernames during registration (such as "@")
-* Added $wgUserrightsInterwikiDelimiter to allow changing the delimiter
- used in Special:UserRights to denote the user should be searched for
- on a different database
-* Add a class if 'missingsummary' is triggered to allow styling of the summary
- line
-
-=== Bug fixes in 1.15 ===
-
-* (bug 16968) Special:Upload no longer throws useless warnings.
-* (bug 17000) Special:RevisionDelete now checks if the database is locked
- before trying to delete the edit.
-* (bug 16852) padleft and padright now handle multibyte characters correctly
-* (bug 17010) maintenance/namespaceDupes.php now add the suffix recursively if
- the destination page exists
-* (bug 17035) Special:Upload now fails gracefully if PHP's file_uploads has
- been disabled
-* Fixing the caching issue by using -{T|xxx}- syntax (only applies on wiki with
- LanguageConverter class)
-* Improving the efficiency by using -{A|xxx}- syntax (only applies on wiki with
- LanguageConverter class)
-* (bug 17054) Added more descriptive errors in Special:RevisionDelete
-* (bug 11527) Diff on page with one revision shows "Next" link to same diff
-* (bug 8065) Fix summary forcing for new pages
-* (bug 10569) redirects to Special:Mypage and Special:Mytalk are no longer
- allowed by default. Change $wgInvalidRedirectTargets to re-enable.
-* (bug 3043) Feed links of given page are now preceded by standard feed icon
-* (bug 17150) escapeLike now escapes literal \ properly
-* Inconsistent use of sysop, admin, administrator in system messages changed
- to 'administrator'
-* (bug 14423) Check block flag validity for block logging
-* DB transaction and slave-lag avoidance tweaks for Email Notifications
-* (bug 17104) Removed [Mark as patrolled] link for already patrolled revisions
-* (bug 17106) Added 'redirect=no' and 'mw-redirect' class to redirects at
- "user contributions"
-* Rollback links on new pages removed from "user contributions"
-* (bug 15811) Re-upload form tweaks: license fields removed, destination locked,
- comment label uses better message
-* Whole HTML validation ($wgValidateAllHtml) now works with external tidy
-* Parser tests no longer fail when $wgExternalLinkTarget is set in
- LocalSettings
-* (bug 15391) catch DBQueryErrors on external storage insertion. This avoids
- error messages on save were the edit in fact is saved.
-* (bug 17184) Remove duplicate "z" accesskey in MonoBook
-* Parser tests no longer fail when $wgAlwaysUseTidy is set in LocalSettings.php
-* Removed redundant dupe warnings on reupload for the same title. Dupe warnings
- for identical files at different titles are still given.
-* Add 'change tagging' facility, where changes can be tagged internally with
- certain designations, which are displayed on various summaries of changes,
- and the entries can be styled with CSS.
-* (bug 17207) Fix regression breaking category page display on PHP 5.1
-* Categoryfinder utility class no longer fails on invalid input or gives wrong
- results for category names that include pseudo-namespaces
-* (bug 17252) Galician numbering format
-* (bug 17146) Fix for UTF-8 and short word search for some possible MySQL
- configs
-* (bug 7480) Internationalize database error message
-* (bug 16555) Number of links to mediawiki.org scaled back on post-installation
-* (bug 14938) Removing a section no longer leaves excess whitespace
-* (bug 17304) Fixed fatal error when thumbnails couldn't be generated for file
- history
-* (bug 17283) Remove double URL escaping in show/hide links for log entries
- and RevisionDeleteForm::__construct
-* (bug 17105) Numeric table sorting broken
-* (bug 17231) Transcluding special pages on wikis using language conversion no
- longer affects the page title
-* (bug 6702) Default system messages updated/improved
-* (bug 17190) User ID on preference page no longer has delimeters
-* (bug 17341) "Powered by MediaWiki" should be on the left on RTL wikis
-* (bug 17404) "userrights-interwiki" right was missing in User::$mCoreRights
-* (bug 7509) Separation strings should be configurable
-* (bug 17420) Send the correct content type from action=raw when the HTML file
- cache is enabled.
-* (bug 12746) Do not allow new password e-mails when wiki is in read-only mode
-* (bug 17478) Fixed a PHP Strict standards error in
- maintenance/cleanupWatchlist.php
-* (bug 17488) RSS/Atom links in left toolbar are now localized in classic skin
-* (bug 17472) use print <<<EOF in maintenance/importTextFile.php
-* Special:PrefixIndex: Move table styling to shared.css, add CSS IDs to tables
- use correct message 'allpagesprefix' for input form label, replace _ with ' '
- in next page link
-* (bug 17506) Exceptions within exceptions now respect $wgShowExceptionDetails
-* Fixed excessive job queue utilisation
-* File dupe messages for remote repos are now shown only once.
-* (bug 14980) Messages 'shareduploadwiki' and 'shareduploadwiki-desc' are now
- used as a parameter in 'sharedupload' for easier styling and customization.
-* (bug 17482) Formatting error in Special:Preferences#Misc (Opera)
-* (bug 17556) <link> parameters in Special:Contributions feeds (RSS and Atom)
- now point to the actual contributors' feed.
-* ForeignApiRepos now fetch MIME types, rather than trying to figure it locally
-* Special:Import: Do not show input field for import depth if
- $wgExportMaxLinkDepth == 0
-* (bug 17570) $wgMaxRedirects is now correctly respected when following
- redirects (was previously one more than $wgMaxRedirects)
-* (bug 16335) __NONEWSECTIONLINK__ magic word to suppress new section link.
-* (bug 17581) Wrong index name in PostgreSQL's updater: was rc_timestamp_nobot,
- changed to rc_timestamp_bot
-* (bug 17437) Fixed incorrect link to web-based installer
-* (bug 17538) Use shorter URLs in <link> elements
-* (bug 13778) Hidden input added to the search form so that using the Enter key
- on IE will do a fulltext search like clicking the button does
-* (bug 1061) CSS-added icons next to links display through the text and makes
- it unreadable in RTL
-* Special:Wantedtemplates now works on PostgreSQL
-* (bug 14414) maintenance/updateSpecialPages.php no longer throws error with
- PostgreSQL
-* (bug 17546) Correct Tongan language native name is "lea faka-Tonga"
-* (bug 17621) Special:WantedFiles has no link to Special:Whatlinkshere
-* (bug 17460) Client ecoding is now correctly set for PostgreSQL
-* (bug 17648) Prevent floats from intruding into edit area in previews if no
- toolbar present
-* (bug 17692) Added (list of members) link to 'user' in Special:Listgrouprights
-* (bug 17707) Show file destination as plain text if &wpForReUpload=1
-* (bug 10172) Moved setting of "changed since last visit" flags out of the job
- queue
-* (bug 17761) "show/hide" link in page history in now works for the first
- displayed revision if it's not the current one
-* (bug 17722) Fix regression where users are unable to change temporary passwords
-* (bug 17799) Special:Random no longer throws a database error when a non-
- namespace is given, silently falls back to NS_MAIN
-* (bug 17751) The message for bad titles in WantedPages is now localized
-* (bug 17860) Moving a page in the "MediaWiki" namespace using SuppressRedirect
- no longer corrupts the message cache
-* (bug 17900) Fixed User Groups interface log display after saving groups.
-* (bug 17897) Fixed string offset error in <pre> tags
-* (bug 17778) MediaWiki:Catseparator can now have HTML entities
-* (bug 17676) Error on Special:ListFiles when using Postgres
-* Special:Export doesn't use raw SQL queries anymore
-* (bug 14771) Thumbnail links to individual DjVu pages have two no longer have
- two "page" parameters
-* (bug 17972) Special:FileDuplicateSearch form now works correctly on wikis that
- don't use PathInfo or short urls
-* (bug 17990) trackback.php now has a trackback.php5 alias and works with
- $wgScriptExtension
-* (bug 14990) Parser tests works again with PostgreSQL
-* (bug 11487) Special:Protectedpages doesn't list protections with pr_expiry
- IS NULL
-* (bug 18018) Deleting a file redirect leaves behind a malfunctioning redirect
-* (bug 17537) Disable bad zlib.output_compression output on HTTP 304 responses
-* (bug 11213) [edit] section links in printable version no longer appear when
- you cut-and-paste article text
-* (bug 17405) "Did you mean" to mirror Go/Search behavior of original request
-* (bug 18116) 'edittools' is now output identically on edit and upload pages
-* (bug 17241) The diffonly URI parameter should cascade to "Next edit" and
- "Previous edit" diff links
-* (bug 16823) 'Sidebar search form should not use Special:Search view URL as
- target'
-* (bug 16343) Non-existing, but in use, category pages can be "go" match hits
-* Fixed the circular template inclusion check, was broken when the loop
- involved redirects. Without this, infinite recursion within the parser is
- possible.
-* (bug 17611) Provide a sensible error message on install when the SQLite data
- directory is wrong.
-* (bug 16937) Fixed PostgreSQL installation on Windows, workaround for upstream
- pg_version() bug.
-* (bug 11451) Fix upgrade from MediaWiki 1.2 or earlier (imagelinks schema).
-* Fixed SQLite indexes, installation and upgrade. Reintroduced it as an option
- to the installer.
-* (bug 18170) Fixed a PHP warning in Parser::preSaveTransform() in PHP 5.3
-* (bug 8873) Enable variant conversion in text on 'alt' and 'title' attributes
-
-== API changes in 1.15 ==
-
-* (bug 16858) Revamped list=deletedrevs to make listing deleted contributions
- and listing all deleted pages possible
-* (bug 16844) Added clcategories parameter to prop=categories
-* (bug 17025) Add "fileextension" parameter to meta=siteinfo&siprop=
-* (bug 17048) Show the 'new' flag in list=usercontribs for the revision that
- created the page, even if it's not the top revision
-* (bug 17069) Added ucshow=patrolled|!patrolled to list=usercontribs
-* action=delete respects $wgDeleteRevisionsLimit and the bigdelete user right
-* (bug 15949) Add undo functionality to action=edit
-* (bug 16483) Kill filesort in ApiQueryBacklinks caused by missing parentheses.
- Building query properly now using makeList()
-* (bug 17182) Fix pretty printer so URLs with parentheses in them are
- autolinked correctly
-* (bug 17224) Added siprop=rightsinfo to meta=siteinfo
-* (bug 17239) Added prop=displaytitle to action=parse
-* (bug 17317) Added watch parameter to action=protect
-* (bug 17007) Added export and exportnowrap parameters to action=query
-* (bug 17326) BREAKING CHANGE: Changed output format for iiprop=metadata
-* (bug 17355) Added auwitheditsonly parameter to list=allusers
-* (bug 17007) Added action=import
-* BREAKING CHANGE: Removed rctitles parameter from list=recentchanges because
- of performance concerns
-* Listing (semi-)deleted revisions and log entries as well in prop=revisions
- and list=logevents
-* (bug 11430) BREAKING CHANGE: Modules may return fewer results than the
- limit and still set a query-continue in some cases
-* (bug 17357) Added movesubpages parameter to action=move
-* (bug 17433) Added bot flag to list=watchlist&wlprop=flags output
-* (bug 16740) Added list=protectedtitles
-* Added mainmodule and pagesetmodule parameters to action=paraminfo
-* (bug 17502) meta=siteinfo&siprop=namespacealiases no longer lists namespace
- aliases already listed in siprop=namespaces
-* (bug 17529) rvend ignored when rvstartid is specified
-* (bug 17626) Added uiprop=email to list=userinfo
-* (bug 13209) Added rvdiffto parameter to prop=revisions
-* Manual language conversion improve: Now we can include both ";" and ":" in
- conversion rules
-* (bug 17795) Don't report views count on meta=siteinfo if $wgDisableCounters
- is set
-* (bug 17774) Don't hide read-restricted modules like action=query from users
- without read rights, but throw an error when they try to use them.
-* Don't hide write modules when $wgEnableWriteAPI is false, but throw an error
- when someone tries to use them
-* BREAKING CHANGE: action=purge requires write rights and, for anonymous users,
- a POST request
-* (bug 18099) Using appendtext to edit a non-existent page causes an interface
- message to be included in the page text
-* (bug 18601) generator=backlinks returns invalid continue parameter
-* (bug 18597) Internal error with empty generator= parameter
-* (bug 18617) Add xml:space="preserve" attribute to relevant tags in XML output
-
-=== Languages updated in 1.15 ===
-
-MediaWiki supports over 300 languages. Many localisations are updated
-regularly. Below only new and removed languages are listed, as well as
-changes to languages because of MediaZilla reports.
-
-* Austrian German (de-at) (new)
-* Swiss Standard German (de-ch) (new)
-* Simplified Gan Chinese (gan-hans) (new)
-* Traditional Gan Chinese (gan-hant) (new)
-* Literary Chinese (lzh) (new)
-* Uyghur (Latin script) (ug-latn) (renamed from 'ug')
-* Veps (vep) (new)
-* Võro (vro) (renamed from fiu-vro)
-* (bug 17151) Add magic word alias for #redirect for Vietnamese
-* (bug 17288) Messages improved for default language (English)
-* (bug 12937) Update native name for Afar
-* (bug 16909) 'histlegend' now reuses messages instead of copying them
-* (bug 17832) action=delete returns 'unknownerror' instead of 'permissiondenied'
- when the user is blocked
-* Traditional/Simplified Gan Chinese conversion support
+setting since version 1.2.0. If you have it on, turn it '''off''' if you can.
+
+== MediaWiki 1.17.4 ==
+2012-04-25
+
+This a maintenance of the MediaWiki 1.17 branch.
+
+=== Summary of selected changes in 1.17 ===
+
+Selected changes since MediaWiki 1.16 that may be of interest:
+
+* A new installer has been introduced. It has a wizard-style interface which is
+ translated into many languages. Many shortcomings in the old installer were
+ addressed with this rewrite. Note that it is no longer required for the config
+ directory to be made writable by the webserver. Instead the generated
+ LocalSettings.php file is offered as a download, which you must then upload
+ to the wiki's base directory.
+
+* ResourceLoader, a new framework for delivering client-side resources such as
+ JavaScript and CSS, has been introduced. These resources are now delivered
+ through the new entry point script "load.php", instead of as static files
+ served directly by the web server. This allows minification, compression and
+ client-side caching to be used more effectively, which should provide a net
+ performance improvement for most users.
+
+* Category sorting has been improved.
+** Sorting is now case insensitive.
+** Sub-categories, pages and files can now be paged separately.
+** When several pages are given the same sort key, they sort by their
+ names instead of randomly.
+
+* The lowest supported version of PHP is now 5.2.3. If necessary, please
+ upgrade PHP prior to upgrading MediaWiki.
+
+=== Changes since 1.17.3 ===
+
+* (bug 35961) Hash comparison should always be strict.
+* Fix broken email confirmation expiration caused by MWCryptRand changes.
+* (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php
+ on line 598.
+
+=== Changes since 1.17.2 ===
+
+* (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in
+ core parser functions which operate on strings, such as padleft.
+* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token
+ parameter present.
+* (bug 34907) Fixed exposure of tokens through load.php that could have facilitated
+ CSRF attacks.
+* (bug 35317) CSRF in Special:Upload.
+
+=== Changes since 1.17.1 ===
+* (bug 33117) prop=revisions allows deleted text to be exposed through cache pollution.
+* (bug 32709) Private Wiki users were always taken to Special:Badtitle on login.
+
+=== Changes since 1.17.0 ===
+
+* (bug 29535) Added missing Creative Commons CC0 icon.
+* (bug 29726) Fixed failure to load internationalization messages in
+ client-side scripts on WebKit-based browsers.
+* Fixed a bug in message transformation where the previous language could leak
+ into later transformations in the UI language.
+* (bug 29091) Fixed form of native name for Ossetic language (Иронау -> Ирон)
+* Fixed maintenance scripts upgrade1_5.php and rebuildImages.php, they did not
+ work at all since 1.17 beta 1.
+* (bug 29531) Fixed img_auth.php for thumbnails and other filenames with
+ multiple dots, was broken by the fix for bug 28840.
+* In the maintenance script purgeList.php, fixed a fatal error when a page
+ title is given, instead of a URL.
+* (bug 19514) Unordered list list-style-image should be IE6-compatible (8-bit).
+* Installer checked for magic_quotes_runtime instead of register_globals.
+* $wgSVGMaxSize is now applied to the smaller of width or height, making very
+ wide pano/timeline/diagram SVGs renderable at saner sizes.
+* (bug 29959) Installer fatal when cURL and allow_url_fopen is disabled and user
+ tries to subsribe to mediawiki-announce.
+* Installer checked for magic_quotes_runtime instead of register_globals
+* (bug 30131) XCache with variable caching disabled no longer used for variable
+ caching (CACHE_ACCEL)
+* (bug 30264) Changed installer-generated LocalSettings.php to use require_once()
+ instead require() for included extensions.
+* (bug 26486) ResourceLoader modules with paths to nonexistent files cause PHP
+ warnings/notices to be thrown
+* (bug 30907) Special:Unusedcategories should sort ascendingly.
+* (bug 30219) The page shown when LocalSettings.php does not exist was broken on
+ Windows servers.
+* Hardcoded NLS_NUMERIC_CHARACTERS for Oracle DB to prevent type conversion errors.
+* Fixed recentchanges FK violation on page delete and cache purge error in updater
+ for Oracle DB.
+* (bug 32276) Skins were generating output using the internal page title which
+ would allow anonymous users to determine wheter a page exists, potentially
+ leaking private data. In fact, the curid and oldid request parameters would
+ allow page titles to be enumerated even when they are not guessable.
+* (bug 32616) action=ajax requests were dispatched to the relevant internal
+ functions without any read permission checks being done. This could lead to
+ data leakage on private wikis.
+
+=== Changes since 1.17.0rc1 ===
+
+* Fixed syntax error in generated LocalSettings.php when a non-default user
+ rights profile is chosen.
+* (bug 29399) Fixed PostgreSQL installation when the DB user for installation
+ is the same as the one for web access.
+* (bug 29233) Fixed failover for DB slave servers. When a DB slave went down,
+ an error was immediately shown to the user, instead of trying another slave.
+ Was broken since 1.17 beta 1.
+* (bug 29278) Fixed PHP fatal error when attempting to add text to a page via a
+ redirect.
+* (bug 29408) Fixed uploads of files with MIME types that aren't detected by
+ MediaWiki.
+* Removed DEFAULT '' NOT NULL field definitions from Oracle DB schema because
+ using the DEFAULT value ('') in DML broke Oracle backend as it treats an
+ empty VARCHAR2 value as NULL. Indexes on Oracle do not require NOT NULL
+ fields.
+
+=== Changes since 1.17 beta 1 ===
+
+* Fixed warning about missing file "password.js".
+* When installing on MySQL, don't attempt to create a new database user if the
+ same user is used for installation and web access.
+* Fixed SQL query errors in queries with table aliases.
+* (bug 27891) Fixed the "chronology protector", broken since 1.17beta1, which
+ ensures that when database replication is used, the new version is seen by
+ the user immediately after they create or edit an article.
+* (bug 28845) Allow PostgreSQL installation using a non-root user account which
+ has role creation abilities.
+* When installing on PostgreSQL and the install account is the same as the web
+ account, check to make sure that the account has suitable privileges in the
+ mediawiki schema.
+* (bug 28172) Fixed error in PostgreSQL installation when creating the wiki
+ sysop account.
+* Fixed an issue with the Oracle installer in cases where the user is different
+ to the database name.
+* Added "unblockself" to the list of available rights.
+* In the installer, fixed the "user rights profile" option, it never worked.
+* (bug 29117) Fixed Hebrew localisation of the installer.
+* (bug 28840) Reduce the collateral damage caused by the fix for bug 28235 (XSS
+ on Internet Explorer 6 due to a file extension in the query string) by
+ reducing the number of URLs that are blocked, and by redirecting the request
+ to a safer URL where possible instead of blocking it.
+* (bug 28812) Fixed documentation of API action=parse.
+* (bug 28979) Fixed styling of <abbr> and <acronym>.
+* Fixed the error message displayed when you try to create an account by email,
+ but an email address is not given.
+* Fixed JS error due to missing dependency for jquery.suggestions.
+* Exposed $wgExtensionAssetsPath in JavaScript.
+* (bug 28738) Made ResourceLoader support environments with small URL length
+ limits. The length limit can be configured via $wgResourceLoaderMaxQueryLength,
+ and this is set automatically in the generated LocalSettings.php when the
+ php.ini variable "suhosin.get.max_value_length" is set. When a URL exceeds
+ this limit, the request is split up. Also, reduced the average length of
+ load.php URLs by using a more compact parameter format.
+* (bug 25262) Fix for minification of hardcoded data: URIs in CSS.
+* (bug 25124) Respect $wgStyleDirectory in ResourceLoader.
+* Allow installation when no HTTP client is available, don't throw an exception.
+* (bug 27465) Fix metadata extraction for SVG files using unusual namespace
+ names.
+* (bug 29174) Fix regression in upload-by-URL: uploading files larger than the
+ PHP memory limit should work again.
+* Fixed the display of comments in the new user log.
+* (bug 28237) When installing extensions using the web-based installer, create
+ any necessary database tables.
+* (bug 28983) Fixed automated installation of extensions that overwrite $path.
+* Fixed error caused by missing magic words.
+* Fixed breakage of article editing in PostgreSQL due to text search
+ configuration errors.
+* Fixed the HTTPS client used when Curl is not available. This avoids an error
+ during install about failure of the mediawiki-announce subscription.
+* (bug 28162) When installing to PostgreSQL, respect the "database port" input,
+ it was ignored.
+
+=== Configuration changes in 1.17 ===
+
+* $wgLogAutocreatedAccounts controls whether autocreation of accounts is logged
+ to new users log.
+* (bug 22858) $wgLocalStylePath is by default set to the same value as
+ $wgStylePath but should never point to a different domain than the site is
+ on, allowing skins to use .htc files which are not cross-domain friendly.
+* $wgFileStore has been deprecated. The only usage $wgFileStore['deleted'] has
+ been turned into $wgDeletedDirectory.
+* $wgDeletedDirectory has been added to specify what directory to place deleted
+ uploads in.
+* IBM DB2 database no longer uses the db specific $wgDBport_db2 variable but the
+ normal $wgDBport.
+* $wgCategoryPrefixedDefaultSortkey was removed and is now always false. This
+ provides more sensible sorting behavior for categories.
+* Removed unused globals: $wgEnableSerializedMessages, $wgCheckSerialized,
+ $wgUseMemCached, $wgDisableSearchContext, $wgColorErrors, $wgUseZhdaemon,
+ $wgZhdaemonHost and $wgZhdaemonPort.
+* (bug 24408) The include_path is not modified in the default LocalSettings.php
+* $wgVectorExtraStyles was removed, and is no longer in use.
+* Removed $wgUpdates for database updates; extensions should use
+ DatabaseUpdater::addExtensionUpdate() via the LoadExtensionSchemaUpdates hook.
+* Removed $wgServerName. It doesn't need to be set anymore and is no longer
+ available as input for other configuration items, either.
+* It's no longer necessary for LocalSettings.php to include DefaultSettings.php.
+* It's no longer necessary to set $wgCacheEpoch to the file modification time
+ of LocalSettings.php, in LocalSettings.php itself. Instead, this is done
+ automatically if $wgInvalidateCacheOnLocalSettingsChange is true (which is
+ the default).
+* $wgCopyrightIcon is deprecated and $wgFooterIcons['copyright']['copyright']
+ should be used instead.
+* $wgSysopUserBans is deprecated, and will be made permanently true in 1.18.
+ If you need this functionality, you should use the BlockIp hook to filter and
+ reject such blocks.
+* $wgSysopRangeBans is deprecated, you should set $wgBlockCIDRLimit to maximum
+ (32 for IPv4, 128 for IPv6), equivalent to allowing rangeblocks of only 1
+ address at a time.
+
+=== New features in 1.17 ===
+
+* (bug 10183) Users can now add personal styles and scripts to all skins via
+ User:<name>/common.css and /common.js (if user css/js is enabled).
+* (bug 22748) Add anchors on Special:ListGroupRights.
+* (bug 21981) Add parameter 'showfilename' to <gallery> to automatically
+ apply the names of the individual files within the gallery.
+* Future-proof redirection to fragments in Gecko, so things work a little nicer
+ if they fix <https://bugzilla.mozilla.org/show_bug.cgi?id=516293>.
+* Support git:// and mms:// protocols by default for external links.
+* (bug 15810) Blocked admins can no longer unblock themselves without the
+ 'unblockself' permission (which they have by default).
+* (bug 18499) Added "enhanced" URL parameter to switch between old and enhanced
+ changes list.
+* (bug 22925) "sp-contributions-blocked-notice-anon" message now displayed when
+ viewing contributions of a blocked IP address.
+* (bug 22474) {{urlencode:}} now takes an optional second parameter for type of
+ escaping.
+* Special:Listfiles now supports a username parameter.
+* Special:Random carries over query string parameters.
+* (bug 23206) Add Special::Search hook for detecting successful "Go".
+* When visiting a "red link" of a deleted file, a deletion and move log excerpt
+ is provided on the Upload form.
+* (bug 22647) Add category details in search results.
+* (bug 23276) Add hook to Special:NewPages to modify query.
+* Add accesskey 's' and tooltip to 'Save' button at Special:Preferences.
+* Add accesskey 'b' and tooltip to the summary field of edit mode.
+* (bug 20186) Allow filtering Special:Contributions for RevisionDeleted edits.
+* ajaxwatch now uses the API and JQuery, and can be used to animate arbitrary
+ watch links, not just to watch the page the link is on.
+* (bug 20976) "searchmenu-new-nocreate" message now displayed when when there
+ is no title match in search and the user has no rights to create pages.
+* (bug 23429) Added new hook WatchlistEditorBuildRemoveLine.
+* (bug 22844) Added support for WinCache object caching (for IIS).
+* (bug 23580) Add two new events to LivePreview so that scripts can be notified
+ about the beginning and finishing of LivePreview actions.
+* (bug 21278) Now the sidebar allows inclusion of wiki markup.
+* (bug 23733) Add IDs to messages used on CSS/JS pages.
+* Show validity period of the login cookie in Special:UserLogin and
+ Special:Preferences.
+* Interlanguage links display the page title in their tooltip.
+* (bug 23621) New Special:ComparePages to compare (diff) two articles.
+* (bug 4597) Provide support in Special:Contributions to show only "current"
+ contributions
+* (bug 17857) {{anchorencode}} acts more like how the parser creates section ids
+* (bug 21477) \& can now be used in <math>
+* (bug 11641) \dotsc \dotsm \dotsi \dotso can now be used in <math>
+* (bug 21475) \mathtt and \textsf can now be used in <math>
+* texvc is now run via ulimit4.sh, to limit execution time.
+* SQLite now supports $wgSharedDB.
+* (bug 8507) Group file links by namespace:title on image pages.
+* Stop emitting named entities, so we can use <!DOCTYPE html> while still being
+ well-formed XML.
+* texvc now supports \bcancel and \xcancel in addition to \cancel and \cancelto
+* Added scriptExtension setting to $wgForeignFileRepos.
+* ForeignApiRepo uses scriptDirUrl if apiBase not set.
+* (bug 24212) Added MediaWiki:Filepage.css which is also included on foreign
+ client wikis.
+* (bug 14685) Double underscore magic word usage is now tracked in the
+ page_props table, as well as the behavioral magic words {{DEFAULTSORT}} and
+ {{DISPLAYTITLE}}
+* (bug 24045) MediaWiki:Ipb-needreblock is now wrapped in a div with class
+ "mw-ipb-needreblock"
+* Non-file pages can no longer be moved to the file namespace, nor vice versa.
+* (bug 671) The <dfn>, <kbd> and <samp> elements have been whitelisted in user
+ input.
+* (bug 21503) There's now a "reason" field when creating account for other users.
+* (bug 24418) action=markpatrolled now requires a token.
+* A variety of category sort-related fixes, including:
+** (bug 164) In English, lowercase and uppercase letters now sort the same.
+** (bug 1211) Subcategories, ordinary pages, and files now page separately.
+** When several pages are given the same sort key, they sort by their names
+ instead of randomly.
+* (bug 23848) Add {{ARTICLEPATH}} Magic Word.
+* (bug 8140) Add dedicated CSS classes to Special:Newpages elements.
+* (bug 11005) Add CSS class to empty pages in Special:Newpages.
+* The parser cache is now shared amongst users whose different settings aren't
+ used in the page.
+* Any attribute beginning with "data-" can now be used in wikitext, per HTML5.
+* (bug 24007) Diff pages now mention the number of users having edited
+ intermediate revisions.
+* Added new hook GetIP.
+* Special:Version now displays whether a SQLite database supports full-text
+ search.
+* TS_ISO_8691_BASIC was added as a time format, which is used by ResourceLoader
+ for versioning.
+* Maintenance scripts get a --memory-limit option to override defaults (which
+ is usually to set it to -1 to disable the limit).
+* (bug 25397) Allow uploading (not displaying) of WebP images, disabled
+ by default.
+* (bug 23194) Special:ListFiles now has thumbnails.
+* Use hreflang to specify canonical and alternate links, search engine friendly
+ when a wiki has multiple variant languages.
+* (bug 19593) Specifying --server in now works for all maintenance scripts.
+* Now rebuildtextindex.php warns if SQLite doesn't support full-text search.
+* (bug 10541) Front/backend separation of installation/upgrade code.
+* (bug 10596) Allow installer to enable extensions already in extensions folder.
+* (bug 20627) Installer should be in languages other than English.
+* Support for metadata in SVG files (title, description).
+* Special:Search: Add CSS classes to 'none found' and 'create link' messages.
+* Add CSS classes (including namespace and pagename) to the enhanced recent
+ changes/watchlist entries.
+* (bug 22463) Add hook 'SkinGetPoweredBy' to make 'powered by' icon/text
+ customizable.
+* Added CSS print pagination to the print stylesheets.
+* (bug 25960) Add <link rel=canonical"> for File pages of shared/foreign
+ file repositories.
+* When viewing a redirect, the redirect arrow and redirection target are both
+ wrapped in a div that has the class "redirectMsg" so that the redirection
+ arrow can be customized with CSS.
+* (bug 21911) Hard coded limit for long page warning removed. New message
+ [[MediaWiki:Longpage-hint]] (empty per default) can be used instead.
+ Parameters: $1 shows the formatted textsize in Byte/KB/MB, $2 is the raw
+ number of the textsize in Byte.
+* (bug 3276) Give image <gallery>s fluid width.
+* Added uploads link to page subtitle in Special:Contributions.
+* Added Special:Myuploads special page that redirects to Special:Listfiles.
+* The footerlinks used in Monobook/Vector/Modern are now part of common skin
+ code, SkinTemplateOutputPageBeforeExec can be used to customize the list.
+* Special wrapping setups can now define MW_CONFIG_FILE to load a config file
+ other than LocalSettings.php. This is like MW_CONFIG_CALLBACK but works in
+ some cases where MW_CONFIG_CALLBACK will not work.
+* (bug 26574) Added 'upload' to $wgRestrictionTypes, allowing upload protected
+ pages to be queried via the API and Special:ProtectedPages, and allowing
+ disabling upload protection by removing it from $wgRestrictionTypes.
+* The name attribute of HTMLForm fields can now be overridden by passing a
+ 'name' key in the descriptor array. Hidden field names are now treated
+ consistently with other fields and, by default, prefixed with 'wp'.
+* (bug 27402) Add support for disabling MWSuggest.
+* (bug 26563) Add bytes changed per revision for stub and full article dumps.
+* (bug 27508) Add $wgSVGMetadataCutoff to limit the maximum amount of an svg we
+ look at when finding metadata to prevent excessive resource usage.
+* (bug 198) $wgUpgradeKey allows unlocking the web installer for upgrades
+ without having to move LocalSettings.php
+* Added $wgAllowImageTag, which can be set to true to whitelist the <img> tag
+ in wikitext.
+* (bug 12797) Add $wgGalleryOptions for adjusting of default gallery display
+ options.
+* Added the $wgAllowUserCssPrefs option which allows disabling CSS-based
+ preferences; which can improve page loading speed.
+* Added $wgSQLMode for setting database SQL modes - either performance (null)
+ or other reasons (such as enabling stricter checks).
+* (bug 20193) Added $wgVectorShowVariantName global configuration variable
+ which causes Vector to render the variants drop-down menu with a label
+ showing the current variant name. This is off by default, pending further
+ research into its user experience implications.
+* The upload link for missing files can now be set separately from the
+ navigation link with $wgUploadMissingFileUrl.
+* $wgAdditionalMailParams added to allow setting extra options to mail() calls.
+* Added $wgSecureLogin to optionally login using HTTPS.
+* (bug 25728) Added $wgPasswordSenderName to make the name associated
+ with $wgPasswordSender configurable.
+* (bug 22463) $wgFooterIcons added to allow configuration of the icons shown in
+ the footers of skins.
+* $wgFileCacheDepth can be used to set the depth of the subdirectory hierarchy.
+ used for the file cache. Default value is 2, which matches former behavior.
+
+=== Bug fixes in 1.17 ===
+
+* (bug 17560) Half-broken deletion moved image files to deletion archive
+ without updating database.
+* (bug 22666) Submitting user block form with an invalid user name no longer
+ throws an error.
+* (bug 22665, bug 22667) User '0' can now be unblocked and have its block
+ settings changed.
+* (bug 22606) The body of e-mail address confirmation message is now different
+ when the address changed.
+* (bug 22664) Special:Userrights now accepts '0' as a valid user name.
+* (bug 5210) Preload parser now parses <noinclude>, <includeonly> and
+ redirects.
+* (bug 22709) IIS7 mishandles redirects generated by OutputPage::output() when
+ the URL contains a colon.
+* (bug 22353) Categorised recent changes now works again.
+* (bug 22747) "Reveal my e-mail address in notification e-mails" preference is
+ now only displayed when relevant.
+* (bug 22772) {{#special:}} parser function now works with subpages.
+* (bug 18664) Relative URIs in interwiki links cause failed redirects.
+* (bug 19270) Relative URIs in interwiki links break interwiki transclusion.
+* (bug 22903) Revdelete log entries now show in the user preferred language.
+* (bug 22905) Correctly handle <abbr> followed by ISBN.
+* (bug 22940) Namespace aliases pointing to main namespace don't work.
+* (bug 15810) Blocked admins can no longer block/unblock other users.
+* (bug 22876) Avoid possible PHP Notice if $wgDefaultUserOptions is not
+ correctly set.
+* (bug 14952) Page titles are renormalized after html entities are removed so
+ that links with non-NFC character references work correctly.
+* (bug 22991) wgUserGroups JavaScript variable now reports * group for
+ anonymous users instead of null.
+* (bug 22627) Remove PHP notice when deleting a page only hidden users edited.
+* (bug 21520) Anonymous previews now also gives a warning about not being
+ logged in (anonpreviewwarning).
+* (bug 22935) image/x-ms-bmp mime type added for BMP files.
+* (bug 23024) Special:ListFiles now escapes file names correctly.
+* (bug 22867) "View source" tab is now only displayed if there's source text.
+* (bug 19393) Feeds now format dates in user language rather than content
+ language.
+* (bug 22852) "Served in" comment is now the time used to cache a single page
+ when using rebuildFileCache.php
+* (bug 22496) Viewing diff of a redirect page without specifying "oldid".
+ parameter no longer makes the page displayed as being the redirect target.
+* (bug 22918) Feed cache keys now use $wgRenderHashAppend.
+* (bug 21916) Last-Modified header is now correct when outputting cached feed.
+* (bug 20049) Fixed PHP notice in search highlighter that occurs in some cases.
+* (bug 23017) Special:Disambiguations now list pages in content namespaces
+ rather than only main namespace.
+* (bug 23063) $wgMaxAnimatedGifArea is checked against the total size of all.
+ frames, and $wgMaxImageArea against the size of the first frame, rather than
+ the other way around. Both now default to 12.5 megapixels. Also, images
+ exceeding $wgMaxImageArea can still be embedded at original size.
+* (bug 23078) "All public logs" option on Special:Log is now always the first
+ item.
+* (bug 16817) Group names in user rights log are now singular and in lowercase.
+* Special:Preferences no longer crashes if the wiki default date formatting
+ style is not valid for the user's interface language.
+* (bug 23167) Check the watch checkbox by default if the watchcreations
+ preference is set.
+* Maintenance script cleanupTitles is now able to fix titles stored
+ in a negative namespace (which is invalid).
+* (bug 19858) Removed obsolete <big> in interface messages.
+* (bug 21456) "Bad title" error when showing non-local interwiki pages no longer
+ displays incorrect tabs.
+* (bug 23190) Improved math representation for text browsers.
+* (bug 22015) Improved upload-by-url error handling and error display.
+* (bug 17941) $wgMaxUploadSize is now honored by all upload sources.
+* (bug 23080) New usernames now limited to 235 bytes so that custom skin files
+ work.
+* (bug 23075) Correct MediaTransformError default width in gallery.
+* (bug 16487) The Anonymous user account used on Postgres is no longer
+ displayed on Special:Listusers.
+* (bug 23313) Move watchlisthidepatrolled above token in watchlist preferences
+ to enhance preference grouping.
+* (bug 23298) Interwiki links with prefix only in log summaries now link to the
+ correct link.
+* (bug 23284) Times are now rounded correctly.
+* (bug 23375) Added ogv, oga, spx as extensions for ogg files.
+* (bug 18408) All required permissions for uploading (upload, edit, create).
+ are now checked when loading Special:Upload. Toolbar link for Special:Upload
+ is no longer shown if the user does not have the required permissions.
+* (bug 23397) texvc in html mode renders \sim as ˜ not ∼
+* (bug 23241) License selector should be disabled during upload of a new
+ version.
+* (bug 23240) Add ID to namespace selector form on Special:Watchlist.
+* The pipe | character in urls is now escaped.
+* (bug 23422) mp3 files can now be moved.
+* (bug 23448) MediaWiki:Summary-preview is now displayed instead of
+ MediaWiki:Subject-preview when previewing summary.
+* (bug 23426) The {{REVISIONMONTH}} variable is now zero-padded and added
+ new variable {{REVISIONMONTH1}} when unpadded version is needed.
+* Special:Userrights didn't recognize user as changing his/her own rights if
+ user did not capitalize first letter of username.
+* (bug 23507) Add styles for printing wikitables.
+* (bug 19586) Avoid JS errors in mwsuggest when using old browsers such
+ as Opera 8.
+* (bug 23563) Old skins now support $wgUploadNavigationUrl and take into
+ account upload rights.
+* (bug 1347) Render \phi in math using images, in order to create consistent
+ and correct render results.
+* (bug 16573) Render \epsilon in math using images, in order to create
+ consistent and correct render results.
+* (bug 22541) Support image redirects when using ForeignAPIRepo.
+* (bug 22967) Make edit summary length cut-off behave correctly for multibyte
+ characters.
+* (bug 8689) Long numeric lines no longer kill the parser.
+* (bug 23740) Article::doRedirect() now use $extraQuery parameter correctly if
+ the $noRedir parameter is set to true.
+* (bug 23688) Correct mime types for Office 2007 OpenXML documents.
+* (bug 23787) Corrected $wgDefaultSkin's comment in DefaultSettings.php.
+* (bug 23797) Xml::input() now allows '0' for the value parameter.
+* (bug 23747) Make sure that on History pages, the RevDel button is not
+ accidentally activated when hitting enter.
+* (bug 23845) Special:ListFiles now uses correct file names without underscores.
+* Ask for permanent login in Special:Preferences only if $wgCookieExpiration > 0.
+* (bug 16356) Repair dumpInterwiki.inc to use proper normalization.
+* (bug 24006) deleteArchivedRevisions.php maintenance script now longer throws
+ a fatal error.
+* (bug 23465) Don't ignore the predefined destination filename on
+ Special:Upload after following a red link.
+* (bug 23642) Recognize mime types of MS OpenXML documents.
+* (bug 22784) Normalise underscores and spaces in autocomments.
+* (bug 19910) Headings of the form ===+\s+ are now displayed as valid headings.
+* (bug 24022) Only check file extensions on the uploadpage when needed.
+* (bug 24076) Recognize Office 2003 files with OpenXML trailers.
+* (bug 24244) Updated comments in DefaultSettings.php to reflect.
+ Image: --> File: namespace rename.
+* Make wfTimestamp recognize negative unix timestamp values.
+* (bug 24401) SimpleSearch: No button/text indicating 'Search' if image is
+ disabled.
+* (bug 23293) Do not show change tags when Special:RecentChanges(linked) or
+ Special:Newpages is transcluded into another page as it messes up the page.
+* (bug 24517) LocalFile::newFromKey() and OldLocalFile::newFromKey() no longer
+ throw fatal errors.
+* (bug 23380) Uploaded files that are larger than allowed by PHP now show a
+ useful error message.
+* Uploading to a protected title will allow the user to choose a new name
+ instead of showing an error page.
+* (bug 24425) Use Database::replace instead of delete/insert in
+ SqlBagOStuff::set to avoid query errors about duplicate keynames.
+* (bug 15470) First letters of filenames are always capitalized by upload JS.
+* (bug 21215) NoLocalSettings.php doesn't tolerate rewrite rules.
+* (bug 21052) Fix link color for stubs in NewPages.
+* (bug 24714) Usage of {{#dateformat: }} in wikis without $wgUseDynamicDates no
+ longer pollutes the parser cache.
+* (bug 17031) Correct which characters the parser allows in tag attributes (a
+ letter, colon or underscore followed by 0 or more letters, numbers, colons,
+ underscores, hyphens, and/or periods).
+* Save 200 useless queries on each category page view.
+* Shell commands will now work on Linux in filesystems mounted noexec.
+* (bug 24804) Corrected commafying in Polish and Ukrainian.
+* "Difference between pages" is now displayed instead of "Difference between
+ revisions" on diffs when appropriate.
+* (bug 23703) ForeignAPIRepo fails on findBySha1() when using a 1.14 install as
+ a repository due to missing 'name' attribute from the API list=allimages.
+* (bug 24898) MediaWiki uses /tmp even if a vHost-specific tempdir is set, also
+ make wfTempDir() return a sane value for Windows on worst-case.
+* (bug 24824) Support ImageMagick 6.5.6-2+ JPEG decoder size hint, to reduce
+ memory usage when such an ImageMagick is used for scaling.
+* Disable multithreaded behaviour in recent ImageMagick, to avoid a deadlock
+ when a resource limit such as $wgMaxShellMemory is hit.
+* (bug 24981) Allow extensions to access SpecialUpload variables again.
+* (bug 20744) Wiki forgets about an uploaded file.
+* (bug 17913) Don't show "older edit" when no older edit available.
+* (bug 6204) TOC not properly rendered when using $wgMaxTocLevel.
+* (bug 24977) The accesskey in history page now lead directly to the diff.
+ instead of alternating focus between the two buttons.
+* (bug 24987) Special:ListUsers does not take external groups into account.
+* (bug 20633) update.php has mixed language output.
+* SQLite system table names are now never prefixed.
+* (bug 25292) SkinSubPageSubtitle hook now passes the Skin object as second
+ parameter.
+* (bug 25167) Correctly load JS fixes for IE6 (fixing a regression in 1.16).
+* (bug 25367) wfShellExec() is more explicit when failing due to disabled
+ passthru().
+* (bug 25462) Fix double-escaping for section edit link tooltips.
+* action=raw was removed for Special:Statistics. This information is still
+ available via the API.
+* (bug 23934) Groups defined in $wgRevokePermissions but not in
+ $wgGroupPermissions now appear on Special:ListGroupRights.
+* (bug 23923) Special:Prefixindex no longer shows results if nothing was
+ requested.
+* (bug 22308) Search now finds text in default main page immediately after setup.
+* (bug 25697) Make sure empty lines render in diff view.
+* Use an actual minus sign in diff views, instead of a hyphen.
+* (bug 23732) Clarified "n links" message on Special:MostLinkedFiles.
+* (bug 23731) Clarified "n links" message on Special:MostLinkedTemplates.
+* (bug 25642) A exception is now thrown instead of a fatal error when using
+ $wgSMTP without PEAR mail package.
+* (bug 19633) When possible, Upscale small SVGs when creating thumbnails.
+* (bug 11013) Database driver detection needs rewriting for robustness.
+* (bug 13409) Installer prompts could use clarification--now has help boxes.
+* (bug 16902) Installer spews warnings when exec() and dl() are not available.
+* (bug 19129) Only show MyISAM/InnoDB when supported.
+* (bug 17762) Only show other e-mail options when e-mail is globally enabled.
+* Cache multiple sizes of InstantCommons thumbnails.
+* (bug 25488) Disallowing anonymous users to read pages no longer throws error
+ on discussion pages with vector as default skin.
+* (bug 24833) Files name in includes/diff/ are now less confusing.
+* (bug 25713) SpecialPage::resolveAlias() now normalise spaces to underscores.
+* (bug 25829) Special:Mypage and Special:Mytalk now forward oldid, diff and dir
+ parameters.
+* (bug 25175) HTML file cache now honor $wgCacheDirectory if
+ $wgFileCacheDirectory is not set.
+* (bug 13353) Diff3 version checks were too strict, did not detect working diff3.
+* (bug 25843) Links to special pages using link= attribute on images are now.
+ normalised like normal links to special pages.
+* (bug 21364) External links using link= attribute on images now respect
+ $wgExternalLinkTarget.
+* (bug 17789) Added a note to the total views on Special:Statistics saying that
+ is doesn't count non-existing pages and special pages.
+* (bug 17996) HTTP redirects are now combined when requesting a special page.
+* (bug 19944) Link on image thumbnails no longer link to "Media:" namespace in
+ some cases.
+* (bug 25670) wfFindFile() now checks the namespace of the given title, only
+ "File" and "Media" are allowed now.
+* (bug 25872) Rename the HttpRequest class to MWHttpRequest to avoid conflict
+ with php extension that defines same class.
+* (bug 20591) There's now a different message on Special:MovePage when
+ $wgFixDoubleRedirects is set to false.
+* Fixed PHP warnings when updating a broken MySQL database.
+* (bug 26023) Corrected deleteBacth.php's documentation.
+* (bug 25451) Improved datetime representation in 32 bit php >= 5.2.
+* Show "skin does not exist error" only when the skin is inputted in the wrong
+ case.
+* (bug 26164) Potential html injection when the database server isn't available.
+* (bug 26160) Upload description set by extensions are not propagated.
+* (bug 9675) generateSitemap.php now takes an --urlpath parameter to allow
+ absolute URLs in the sitemap index (as required e.g. by Google).
+* Partial workaround for bug 6220: at least make files on shared repositories
+ show up as (struck-out) bluelinks instead of redlinks on Special:WantedFiles.
+* rebuildFileCache.php no longer creates inappropriate cache files for redirects.
+* (bug 25512) Subcategory list should not include category prefix for members.
+* (bug 10871) Javascript and CSS pages in MediaWiki namespace are no longer
+ treated as wikitext on preview.
+* Page existence is now not revealed (in the colour of the tabs) to users who
+ cannot read the page in question.
+* (bug 22753) Output from update.php is more clear when things changed, entries
+ indicating nothing changed are now all prefixed by "..."
+* (bug 16019) $wgArticlePath = "/$1" no longer breaks API edit/watch actions.
+* (bug 18372) File types blacklisted by $wgFileBlacklist will no longer be shown as
+ "Permitted file types" on the upload form.
+* (bug 26540) Fixed wrong call to applyPatch in MysqlUpdater.
+* (bug 26034) Make the "View / Read" tab in content_navigation style tabs remain
+ selected when the action is "purge".
+* (bug 26733) Wrap initial table creation in transaction.
+* (bug 26208) Mark directionality of some interlanguage links.
+* (bug 26716) Provide link to instructions for external editor related preferences.
+* (bug 26961) Hide anon edits in watchlist preference now actually works.
+* (bug 1379) Installer directory conflicts with some hosts' configuration panel.
+* (bug 27781) Installer does not warn about 5.1.x. Added a compatibility function
+ for array_key_exists().
+* Fix XML well-formedness on a few pages when $wgHtml5 is true (the default).
+* (bug 28069) MediaWiki fails streaming files when mod_deflate and ob_gzhandler
+ are also set.
+* (bug 26223) Concurrently moving an article to different titles leaks a
+ redirect revision with no page.
+* (bug 15641) Fixed permissions checks in Special:Import which allowed users
+ without the 'import' permission to import pages from configured import sources.
+* (bug 26449) Keep underlines from headings outside of tables and thumbs by
+ adding overflow:hidden to h1,h2,h3,h4,h5,h6 (also fixes editsection bunching).
+* (bug 26708) Remove background-color:white from tables in Monobook and Vector.
+* (bug 26781) {{PAGENAME}} and related parser functions escape their output better.
+* (bug 26716) Provide link to instructions for external editor related preferences
+ and add a comment to the ini control file explaining what is going on.
+* (bug 28422) Remove color:black from tables in Monobook and Vector. And add it
+ to table.wikitable instead.
+* (bug 27560) Search queries no longer fail in walloon language.
+* (bug 27700) The upload protection can now also be set for files that do not
+ exist.
+* (bug 28034) uploading file to local wiki when file exists on shared repository
+ (commons) gives spurious info in the warning message.
+* Usernames get lost when selecting different sorts on Special:listfiles.
+* (bug 28166) UploadBase assumes that 'edit' and 'upload' rights are not per
+ page restrictions.
+* (bug 28242) Make redirects generated by urls containing a local interwiki
+ prefix be a 301 instead of a 302.
+* (bug 28568) Entries in the iwlinks table are now removed on page deletion.
+* (bug 28306) Fix exposure of suppressed usernames in ForeignDBRepo.
+* (bug 28444) Fix regression: edit-on-doubleclick retains revision id again.
+* UtfNormal::cleanUp on an invalid utf-8 sequence no longer returns false if
+ intl installed.
+* (bug 26729) Category pages should return 404 if they do not exist and have no
+ members.
+* (bug 28214) When page not found, sends malformed HTTP/1.x instead of HTTP/1.1
+ in header of response.
+* (bug 27634) TOC title appears in wrong language.
+* (bug 27761) Fix regression: pages with Esperanto titles containing convertible
+ character sequences became unreachable.
+* (bug 27508) SVGMetadataExtractor takes too much resources on huge svgs.
+* (bug 27465) SVG thumbnail generation.
+* (bug 27467) preload can leave UNIQ.
+* (bug 27539) Allow attributes beginning with a digit in wiktext tag parameters.
+* (bug 27328) using relative paths in CSS imports in MediaWiki:Common.css broken
+ in 1.17.
+* (bug 27333) Fix repetitive last-seen time queries on page history.
+* (bug 26250, bug 23817) Fix wfObjectToArray() to descend into arrays; fixes
+ processing of JSON return values for ForeignAPIRepo when native json module
+ not present.
+* (bug 25675) Fix search suggestions for Special: pages with spaces.
+* (bug 25571) Xml::encodeJsVar now passes floats natively instead of converting
+ to strings.
+* (bug 27338) Gallery in 1.17 breaks for audio/video + ogghandler.
+* (bug 27302) Don't append the current timestamp for user/site modules when no
+ user/site JS/CSS is present.
+* (bug 27016) dumpTextPass.php now consider the "output" parameter.
+* (bug 22606) don't send the "someone registred an account" message when setting
+ email address (i.e. old one empty) in user preferences.
+* (bug 26458) Section edit links appear on pages that user does not have right
+ to edit.
+* (bug 28611) Don't die in SqlBagOStuff::incr() if there's a race condition.
+* (bug 16886) Sister projects box moves down the extract of the first result
+ in IE 7.
+* (bug 17398) Fixed "link" parameter in image links with "thumb" or "frame"
+ parameter.
+
+=== API changes in 1.17 ===
+
+* BREAKING CHANGE: action=patrol now requires POST.
+* BREAKING CHANGE: patrol token is no longer the same as edit token.
+* BREAKING CHANGE: Session keys returned by ApiUpload are now strings instead
+ of integers.
+* BREAKING CHANGE: (bug 25303) Fix API parameter integer validation to actually
+ enforce validation on the input values in addition to giving a warning.
+ Also add flag to enforce (die) if integer out of range.
+* (bug 24650) Fix API to work with categorylinks changes.
+* action=parse now correctly returns an error for nonexistent pages.
+* (bug 27201) Special:WhatLinksHere output no longer contains duplicate IDs.
+* (bug 26560) On allusers if limit < total number of users, last user gets
+ duplicated.
+* (bug 27715) imageinfo didn't respect revdelete.
+* (bug 27479) API error when using both prop=pageprops and
+ prop=info&inprop=displaytitle.
+* (bug 27862) Useremail module didn't properly return success on success.
+* (bug 27590) prop=imageinfo now allows querying the media type.
+* (bug 27587) list=filearchive now outputs full title info.
+* (bug 27897) list=allusers and list=users list hidden users.
+* (bug 22738) Allow filtering by action type on query=logevent.
+* (bug 22764) uselang parameter for action=parse.
+* (bug 22944) API: watchlist options are inconsistent.
+* (bug 22868) don't list infinite block expiry date as "now" in API logevents.
+* (bug 22290) prop=revisions now outputs "comment" field even when comment.
+ is empty, for consistency with list=recentchanges.
+* (bug 19721) API action=help should have a way to just list for a specific
+ module.
+* (bug 23458) Add support for pageid parameter to action=parse requests.
+* (bug 23460) Parse action should have a section option.
+* (bug 21346) Make deleted images searchable by hash.
+* (bug 23461) Normalise usage of parameter names in parameter descriptions.
+* (bug 23548) Allow access of another users watchlist through watchlistraw
+ using token and username.
+* (bug 23524) Api Modules as followup to bug 14473 (Add iwlinks table to
+ track inline interwiki link usage).
+* Add pltitles and tltemplates to prop=links and prop=templates respectively,
+ similar to prop=categories's clcategorie.
+* (bug 23834) Invalid "thumbwidth" and "thumbheight" in "imageinfo" query when
+ thumbnailing larger than original image.
+* (bug 23835) Need "thumbmime" result in "imageinfo" query.
+* (bug 23851) Repair diff for file redirect pages.
+* (bug 24009) Include implicit groups in action=query&list=users&usprop=groups.
+* (bug 24016) API: Handle parameters specified in simple string syntax
+ ( 'paramname' => 'defaultval' ) correctly when outputting help.
+* (bug 24089) Logevents causes PHP Notice if leprop=title isn't supplied.
+* (bug 23473) Give description of properties on all modules.
+* (bug 24136) unknownerror when adding new section without summary, but
+ forceditsummary.
+* (bug 22339) Added srwhat=nearmatch to list=search to get a "go" result.
+* (bug 24303) Added new &servedby parameter to all actions which adds the
+ hostname that served the request to the result. It is also added
+ unconditionally on error.
+* (bug 24185) Titles in the Media and Special namespace are now supported for
+ title normalization in action=query. Special pages have their name resolved
+ to the local alias.
+* (bug 24296) Added converttitles parameter to convert titles to their
+ canonical language variant.
+* (bug 23936) Add "displaytitle" to query/info API.
+* (bug 24485) Make iwbacklinks a generator, optionally display iwprefix and
+ iwtitle.
+* (bug 24564) Fix fatal errors when using list=deletedrevs, prop=revisions or
+ one of the backlinks generators with limit=max.
+* (bug 24656) API's parse module needs option to disable PP report.
+* PARAM_REQUIRED parameter flag added. If this flag is set, and the end user
+ does not set the parameter, the API will automatically throw an error.
+* (bug 24665) When starttimestamp is not specified, fake it by setting it to
+ NOW, not to the timestamp of the last edit.
+* (bug 24677) axto= parameters added to allcategories, allimages, alllinks,
+ allmessages, allpages, and allusers.
+* (bug 24236) Add add, remove, add-self, remove-self tags to
+ meta=siteinfo&siprop=usergroups.
+* (bug 24484) Add prop=pageprops module.
+* (bug 24330) Add &redirect parameter to ?action=edit.
+* (bug 24722) For list=allusers&auprop=blockinfo, only show blockedby and
+ blockreason if the user is actually blocked.
+* Add format=dump and format=dumpfm, outputs results in PHP's var_dump() format.
+* For required string parameters, if '' is provided, this is now classed as
+ missing.
+* (bug 24724) list=allusers is out by 1 (shows total users - 1).
+* (bug 24166) API error when using rvprop=tags.
+* Introduced "asynchronous download" mode for upload-by-url. Requires
+ $wgAllowAsyncCopyUploads to be true.
+* sinumberingroup correctly gives size of 'user' group, and omits size of
+ implicit groups rather than showing 0.
+* (bug 25248) API: paraminfo errors with certain modules.
+* (bug 24792) API help for action=purge sometimes wrongly stated whether a
+ POST request was needed due to cache pollution.
+* Added iiprop=parsedcomment to prop=imageinfo, similar to prop=revisions.
+* Added rvparse to parse revisions. For performance reasons if this option is
+ used, rvlimit is enforced to 1.
+* (bug 25748) If a action=parse request provides an oldid that is actually the
+ current revision id, try the parser cache, and save it to it if necessary.
+* (bug 25463) Export header should not be shown if no pages were requested, to
+ reduce confusion.
+* (bug 25648) API discovery information has been added as RSD link in page.
+ <head> and by providing an API module action=rsd. Added hook
+ ApiRsdServiceApis for extensions to add their own service to the services
+ list.
+* The HTML of diff output markers has changed. Hyphens are now minus signs,
+ empty markers are now filled with non-breaking-space characters.
+* (bug 25741) Add more data to list=search's srprop.
+* (bug 25760) counter property still reported by the API when
+ $wgDisableCounters enabled.
+* (bug 25987) prop=info&inprop=watched now also works for missing pages.
+* (bug 26006) prop=langlinks now allows obtaining full URL.
+* (bug 26075) ApiDelete.php now calls correctly ArticleDelete hook.
+* (bug 26089) add block expiration to blockinfo.
+* (bug 26125) prop=imageinfo&iiprop=size now returns the page count if the
+ file is a multi-page file.
+* (bug 10268) Added linktodiffs parameter on action=feedwatchlist.
+* (bug 26219) Show API limits for multi values in description.
+* (bug 28070) Fix watchlist RSS for databases that store timestamps in a
+ real timestamp field.
+* (bug 27722) list=filearchive now supports revdel.
+
+=== Language support changes in 1.17 ===
+
+MediaWiki supports over 330 languages. Many localizations are updated regularly.
+
+The following languages were added:
+
+* Moroccan Spoken Arabic (ary)
+* Banjar (bjn)
+* Kabardian (kdb)
+* Kabardian (Cyrillic) (kbd-cyrl)
+* Latgalian (ltg)
+* Minangkabau (min)
+* Dutch (informal) (nl-informal)
+* Rusyn (rue)
+
+Other significant changes to MediaWiki's language support:
+
+* Fiji Hindi (Devangari script) was removed.
+* Removed deprecated language code "dk" (Danish), use "da" instead.
+* Link trail added for sl and sh.
+* (bug 27633) Add characters to linkTrail for Portuguese (pt and pt-br).
+* (bug 23156) Commafy and search normalization updated for Belarusian
+ (Taraškievica).
+* (bug 23283) Native name for Old English -> Ænglisc.
+* (bug 23364) Native name for Azerbaijani -> Azərbaycanca.
+* (bug 24593) Native name for Sorani now uses only Arabic script.
+* (bug 24628) Generic translations for NS_USER/NS_USER_TALK for Esperanto.
+* (bug 24917) Polish as fallback for Kashubia.
+* (bug 24794) Tatar link trail updated.
+* Esperanto date format corrected.
+* (bug 28159) Change interwiki name of language kbd to Къэбэрдеибзэ /
+ Qabardjajəbza.
+* (bug 28184) Namespaces for the Latgalian Wikipedia.
+* (bug 25010) Bashkir-language interwikis: linktext change from Башҡорт
+ to Башҡортса.
+* (bug 26395) Change name of Cornish language to Kernowek.
+
+=== Other changes in 1.17 ===
+
+* DatabaseFunctions.php that was needed for compatibility with pre-1.3
+ extensions has been removed.
+* XmlFunctions.php has been removed. Use the Xml or Html classes as appropriate.
+* The FailFunction "error handling" method has now been removed
+* Sysops now have the "suppressredirect" right by default
+* Removed $wgRemoteUploads. It was not well supported and superseded by
+ $wgUploadNavigationUrl.
+* (bug 26253) $wgPostCommitUpdateList has been removed
+* The PHPUnit test suite has been removed from this release due to serious issues
+ which should be resolved by the 1.18 release.
+* Oracle DB now uses the __destruct fuction to commit/close connection as it
+ doesn't commit on close if transation is triggered in OCI.
== Compatibility ==
-MediaWiki 1.15 requires PHP 5 (5.2 recommended). PHP 4 is no longer supported.
+MediaWiki 1.17 requires PHP 5.2.3 or later.
-PHP 5.0.x fails on 64-bit systems due to serious bugs with array processing:
-http://bugs.php.net/bug.php?id=34879
-Upgrade affected systems to PHP 5.1 or higher.
+MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but
+support for them is somewhat less mature. There is experimental support for IBM
+DB2 and Microsoft SQL Server.
-MySQL 3.23.x is no longer supported; some older hosts may need to upgrade.
-At this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases.
+The supported versions are:
+* MySQL 4.0 or later
+* PostgreSQL 8.3 or later
+* SQLite 3
+* Oracle 9.0.1 or later
== Upgrading ==
-1.15 has several database changes since 1.14, and will not work without schema
+1.17 has several database changes since 1.16, and will not work without schema
updates.
-If upgrading from before 1.11, and you are using a wiki as a commons reposito-
-ry, make sure that it is updated as well. Otherwise, errors may arise due to
+If upgrading from before 1.11, and you are using a wiki as a commons repository,
+make sure that it is updated as well. Otherwise, errors may arise due to
database schema changes.
If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
See the file UPGRADE for more detailed upgrade instructions.
+For notes on 1.16.x and older releases, see HISTORY.
-=== Caveats ===
+== Online documentation ==
-Some output, particularly involving user-supplied inline HTML, may not
-produce 100% valid or well-formed XHTML output. Testers are welcome to
-set $wgMimeType = "application/xhtml+xml"; to test for remaining problem
-cases, but this is not recommended on live sites. (This must be set for
-MathML to display properly in Mozilla.)
+Documentation for both end-users and site administrators is available on
+MediaWiki.org, and is covered under the GNU Free Documentation License (except
+for pages that explicitly state that their contents are in the public domain):
-For notes on 1.14.x and older releases, see HISTORY.
+ http://www.mediawiki.org/wiki/Documentation
+== Mailing list ==
-=== Online documentation ===
+A mailing list is available for MediaWiki user support and discussion:
-Documentation for both end-users and site administrators is currently being
-built up on MediaWiki.org, and is covered under the GNU Free Documentation
-License (except for pages that explicitly state that their contents are in
-the public domain) :
-
- http://www.mediawiki.org/wiki/Documentation
-
-
-=== Mailing list ===
-
-A MediaWiki-l mailing list has been set up distinct from the Wikipedia
-wikitech-l list:
-
- http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
+ http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
A low-traffic announcements-only list is also available:
- http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
+ http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
It's highly recommended that you sign up for one of these lists if you're
going to run a public MediaWiki, so you can be notified of security fixes.
-
-=== IRC help ===
+== IRC help ==
There's usually someone online in #mediawiki on irc.freenode.net
scripts.mit.edu / autoinstalls / mediawiki.git / blobdiff