aboutsummaryrefslogtreecommitdiffstats
path: root/RELEASE-NOTES-1.29
Commit message (Collapse)AuthorAgeFilesLines
* Move RELEASE-NOTES-1.29 to HISTORYJames D. Forrester2017-05-021-395/+0
| | | | | | | Changes to master that are going to be immediately backported to REL1_29 before release should write changes to HISTORY directly. Change-Id: Ia3e02293b13406e7a4741ef14897dd83bca98d46
* resourceloader: Bump severity of style queue violation to WarningTimo Tijhof2017-05-011-0/+2
| | | | | | | | | | | Previously it was only in debug logs (which are enabled in Jenkins, MediaWiki-Vagrant, Beta, and for mwdebug hosts in wmf-production). Turning it into a warning() will log it for regular requests as well which is the last step before we can consider hard enforcement. Bug: T92459 Change-Id: I87c7794c5cfe35521bf76cc42f94907001e9d24b
* mediawiki.toolbar: Emit deprecation warningsJames D. Forrester2017-04-261-0/+5
| | | | | | | | | | | Callers to the EditPageBeforeEditToolbar hook can now return false to signal that the toolbar is over-written, in which case this old code won't be called (so no deprecation warnings for users of WikiEditor, CodeEditor, etc.). Bug: T30856 Depends-On: I5e755ef5dffb843368563511044d3123f14dc4bc Change-Id: I3bed70a20e4b94fe3d04a00925b8012312202574
* Add Dinka (din) to Names.php and languages/messages/Amire802017-04-241-0/+1
| | | | | Bug: T163600 Change-Id: I2bf03c97680c17cddf48d05adee88581640268ec
* Add different log-in tooltip for private wikisThis, that and the other2017-04-201-0/+2
| | | | | Bug: T148006 Change-Id: I14e9a554c72222e6f67bc120941199b999740886
* Upgrade to jQuery v3Timo Tijhof2017-04-121-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Source code: https://code.jquery.com/jquery-3.2.1.js https://code.jquery.com/jquery-migrate-3.0.0.js Documentation: https://blog.jquery.com/2016/06/09/jquery-3-0-final-released/ https://jquery.com/upgrade-guide/3.0/ This is not a breaking change because jQuery Migrate covers all breaking changes. However some extensions (especially unit tests) may've relied on undocumented behaviour. For that reason, and due to unresolved upsteam issues this is still behind a feature flag for now. It is true by default to ensure this has wide exposure to discover issues as quickly as possible. If this is not resolved before the end of the 1.29 release cycle it should be turned off again. Bug: T124742 Change-Id: I3c3dedaa9a9d449eaa2b7e5d24b4540e7fa421c0
* Merge "Convert EditPage buttons, checkboxes and summary input to OOUI"jenkins-bot2017-04-121-0/+7
|\
| * Convert EditPage buttons, checkboxes and summary input to OOUIFlorian2017-04-121-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Several methods now have a new implementation using OOjs UI widgets (ButtonInputWidget/ButtonWidget, CheckboxInputWidget, TextInputWidget). The existing (public) methods are unchanged. The OOjs UI version is used by default. Because this change can cause problems for extensions and on-wiki scripts depending on the exact HTML, the old version is still available and can be used by setting $wgOOUIEditPage = false; in LocalSettings.php. This will be removed later and OOjs UI will become the only option. To make testing easier, users can also force either mode by adding &ooui=true or &ooui=false to the action=edit URL. * EditPage::getSummaryInput() and EditPage::getSummaryInputOOUI() * EditPage::getCheckboxes() and EditPage::getCheckboxesOOUI() * EditPage::getCancelLink() * EditPage::getEditButtons() Bug: T111088 Co-Authored-By: Amir Sarabadani <ladsgroup@gmail.com> Co-Authored-By: Florian Schmidt <florian.schmidt.welzow@t-online.de> Change-Id: I25aa78ac59082789938ecfb5878eb16614392995
* | Merge "Remove some ancient upgrade information from release notes"jenkins-bot2017-04-121-14/+4
|\ \ | |/ |/|
| * Remove some ancient upgrade information from release notesTTO2017-01-171-14/+4
| | | | | | | | | | | | Also mention MariaDB. Change-Id: Ia74974e3fec2b5df517ab81294eb06c75679e1cb
* | Merge "Remove "editusercssjs" user right"jenkins-bot2017-04-121-0/+2
|\ \
| * | Remove "editusercssjs" user rightzppix12017-04-111-0/+2
| | | | | | | | | | | | | | | | | | Deprecated since MediaWiki1.16 Change-Id: Ic9851d53affe0f4ece7a79f541ec5cb39133b109
* | | wikibits: Remove methods deprecated since 1.17 and 1.18Timo Tijhof2017-04-111-0/+10
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Keeping only importScript and friends and addOnloadHook for now. Inline wikiUrlencode logic so that the dependency on mediawiki.util can be removed, which caused significant performance overhead (See I54f087655e1c). Follows-up: * 68fae478a8 (1.22; deprecation warnings for ua vars) * ec69391a4f (1.22; deprecation warnings for jsMsg) * fcf4934a52 (1.23; deprecation warnings for the rest) The following have been deprecated since either 1.17 or 1.18. Deprecation warnings were added in 1.22. Most of these variables have also been replaced with dummy placeholders in 1.22 so that calling code is silently disabled instead of causing cascading failures into other code. Anything still using these variables to date has been broken since at least April 2013. * User-Agent variables: is_gecko, is_chrome_mac, is_chrome, webkit_version, is_safari_win, is_safari, webkit_match, is_ff2, ff2_bugs, is_ff2_win, is_ff2_x11, opera95_bugs, opera7_bugs, opera6_bugs, is_opera_95, is_opera_preseven, is_opera, ie6_bugs. (deprecated since 1.17; warnings and hardcoded to false since 1.22) clientPC (deprecated since 1.17; warnings added in 1.22) * DOM manipulation: changeText, killEvt, addHandler, hookEvent, addClickHandler, removeHandler, getElementsByClassName, getInnerText. (deprecated since 1.17; replaced with no-op warning dummies in 1.22) * Checkbox utilities: setupCheckboxShiftClick, addCheckboxClickHandlers. (deprecated since 1.17; replaced with no-op warning dummies in 1.22) * Classic toolbar utilities: mwEditButtons, mwCustomEditButtons (deprecated since 1.17; replaced with no-op warning dummies in 1.22) * Misc utilities: - injectSpinner, removeSpinner, escapeQuotes, escapeQuotesHTML, jsMsg (deprecated since 1.17; replaced with no-op warning dummies in 1.22) - addPortletLink, appendCSS, tooltipAccessKeyPrefix, tooltipAccessKeyRegexp, updateTooltipAccessKeys (deprecated since 1.17; warnings added in 1.22) Bug: T122755 Change-Id: I7f9f61ea81ad1efa0b5cff79b5e5f4bbe2d401fe
* | SECURITY: Do not allow users to undelete a page they can't edit or createBrian Wolff2017-04-061-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the page exists, it only checks edit rights, otherwise it checks both edit and create rights. This would only matter on wikis that have a non-default rights configuration where there are users with undelete rights but a restriction level enabled that prevents them from creating/editing pages (or they otherwise aren't allowed to edit/create) It should be noted that the error messages aren't used in the normal UI currently, but they could be in the future, and extensions could potentially be using them (The backend functions return them, but the UI functions in Special:Undelete ignore them) Bug: T108138 Change-Id: I164b80534cf89e0afca264e9de07431484af8508
* | SECURITY: Always normalize link url before adding to ParserOutputBrian Wolff2017-04-061-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move link normalization directly into addExternalLink() method, since you always need to do it - having it separate is just inviting people to forget to normalize a link. Additionally, links weren't properly registered for <gallery>. This was somewhat unnoticed, as the call to recursiveTagParse() would register free links, but it wouldn't work for example with protocol relative links. Issue originally reported by MZMcBride. Bug: T48143 Change-Id: I557fb3b433ef9d618097b6ba4eacc6bada250ca2
* | SECURITY: Don't write LocalisationCache to temporary directoryReedy2017-04-061-0/+4
| | | | | | | | | | Bug: T161453 Change-Id: I51b375c63fcece908da921c465c861968c9eee1c
* | SECURITY: Whitelist DTD declaration in SVGBrian Wolff2017-04-061-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Only allow ENTITY declarations inside the doctype internal subset. Do not allow parameter entities, recursive entity references are entity values longer than 255 bytes, or external entity references. Filter external doctype subset to only allow the standard svg doctypes. Recursive entities that are simple aliases are allowed because people appear to use them on commons. Declaring xmlns:xlink to have a #FIXED value to the xlink namespace is allowed because GraphViz apparently does that so its somewhat common. This prevents someone bypassing filter by using default attribute values in internal dtd subset. No browser loads the external dtd subset that I could find, but whitelist just to be safe anyways. Issue reported by Cassiogomes11. Bug: T151735 Change-Id: I7cb4690f759ad97e70e06e560978b6207d84c446
* | SECURITY: Escape wikitext content model/format in messageBrian Wolff2017-04-061-0/+1
| | | | | | | | | | | | | | | | | | Escape wikitext in model= and format= url parameter to edit page. This goes along with 1c788944 to help prevent XSS for wikis with $wgRawHtml = true; set. Bug: T156184 Change-Id: Ifcaa2ccf05a2a691d0b150e2f7e0e765db25fc7f
* | SECURITY: SpecialWatchlist: Check CSRF token when using "Mark all pages visited"Bartosz Dziewoński2017-04-061-0/+2
| | | | | | | | | | Bug: T150044 Change-Id: I7f75cab4ceb4a2c320af210fad15956b70c29661
* | SECURITY: API: Don't log "sensitive" parametersBrad Jorsch2017-04-061-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | Stuff like passwords and CSRF tokens shouldn't be in the logs. The fact of being sensitive is intentionally separated from the need to be in the POST body because, for example, the wltoken parameter to ApiQueryWatchlist needs to be in the query string to serve its purpose but still shouldn't be logged. Bug: T125177 Change-Id: I1d61f4dcf792d77401ee2e2988b1afcb2a2ad58f
* | SECURITY: XSS in search if $wgAdvancedSearchHighlighting = true;Brian Wolff2017-04-061-0/+2
| | | | | | | | | | | | | | | | | | | | | | In the non-default configuration where $wgAdvancedSearchHighlighting is set to true, there is an XSS vulnerability as HTML tags are not properly escaped if the tag spans multiple search results Issue introduced in abf726ea0 (MediaWiki 1.13 and above). Bug: T144845 Change-Id: I2db7888d591b97f1a01bfd3b7567ce6f169874d3
* | SECURITY: Do not directly redirect to interwikis, but use splash pageBrian Wolff2017-04-061-0/+2
| | | | | | | | | | | | | | | | | | Directly redirecting based on a url paramter might potentially be used in a phishing attack to confuse users. Bug: T109140 Bug: T122209 Change-Id: I6c604439320fa876719933cc7f3a3ff04fb1a6ad
* | Merge "Clarify release notes for Opera 12.0-12.10 being Grade C"jenkins-bot2017-04-051-2/+2
|\ \
| * | Clarify release notes for Opera 12.0-12.10 being Grade CBartosz Dziewoński2017-04-051-2/+2
| | | | | | | | | | | | | | | | | | Follow-up to 09fcee61106146adbc8889f3950a2ea02cda0da6. Change-Id: Ibbdaa85a35af4e5560e092deaede626bc0a504e6
* | | Update OOjs to v2.0.0James D. Forrester2017-04-051-0/+1
|/ / | | | | | | | | | | | | Release notes: https://phabricator.wikimedia.org/diffusion/GOJS/browse/master/History.md;v2.0.0 Change-Id: I5bbc3e0ec7c4789c6b476c0fb039e0292027c014
* | Merge "startup: Drop JavaScript support for ES3-only browsers"jenkins-bot2017-04-041-0/+2
|\ \
| * | startup: Drop JavaScript support for ES3-only browsersJames D. Forrester2017-04-031-0/+2
| | | | | | | | | | | | | | | Bug: T128115 Change-Id: I95400637d1b85d2c607cd91bcb39ce21733295c8
* | | Move new external libraries to correct RELEASE-NOTES sectionReedy2017-04-041-2/+2
| | | | | | | | | | | | Change-Id: I420ee75026847ce33d91b04534c9e960db557130
* | | Update oyejorge/less.php v1.7.0.13 to v1.7.0.14Reedy2017-04-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | https://github.com/oyejorge/less.php/releases/tag/v1.7.0.14 https://github.com/oyejorge/less.php/compare/v1.7.0.13...v1.7.0.14 Change-Id: Ibf7cc4704fae5890093e6855403d93b0a2b1b97f Depends-On: Ie641cf2954c39fd84ab26a92ad3028a49c15926d
* | | Update cssjanus/cssjanus from 1.1.3 to 1.2.0Reedy2017-04-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | https://github.com/cssjanus/php-cssjanus/releases/tag/v1.2.0 https://github.com/cssjanus/php-cssjanus/compare/v1.1.3...v1.2.0 Change-Id: Iad2ea202b7724edc8360ce74943e2026f57e1f06 Depends-On: Iec366b794e38710102deaba771dba5cf7b412d5a
* | | Update composer-merge-plugin from 1.3.1 to 1.4.0Reedy2017-04-041-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | https://github.com/wikimedia/composer-merge-plugin/releases/tag/v1.4.0 https://github.com/wikimedia/composer-merge-plugin/compare/v1.3.1...v1.4.0 Change-Id: I3e01a632b764f7903291d0141243e6210da9bebe Depends-On: I0c96d9a630ab25ff4269af25a660c5bd7837a9dc
* | | Update monolog from 1.18.2 to 1.22.1Reedy2017-04-041-0/+1
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | https://github.com/Seldaek/monolog/releases/tag/1.19.0 https://github.com/Seldaek/monolog/releases/tag/1.20.0 https://github.com/Seldaek/monolog/releases/tag/1.21.0 https://github.com/Seldaek/monolog/releases/tag/1.22.0 https://github.com/Seldaek/monolog/releases/tag/1.22.1 https://github.com/Seldaek/monolog/compare/1.18.2...1.22.1 Bug: T158707 Change-Id: Icfb87911486aee8b712ce643f0041f91eb6cc078 Depends-On: Id5a96aaba77e52290a5afaff2c01b29c285e67af
* | Move atj in RELEASE-NOTES-1.29 to language sectionReedy2017-04-031-1/+1
| | | | | | | | Change-Id: I5ca54f5c749d2c65435647f1e8737fa139e641a9
* | Release notes for CACHE_ANYTHING being CACHE_NONE (c5a0fa5bed4c)Brian Wolff2017-04-011-0/+1
| | | | | | | | Change-Id: I88d967b73e623d25249a14c286eee7a9a98bd3f3
* | Release notes for no <html> in system messages (1c7889446)Brian Wolff2017-04-011-0/+1
| | | | | | | | Change-Id: I501d00974c6a5c00b36d070ca3d0495971529ed7
* | Linker: Render selflinks as href-less classed <a>s, not <strong>sJames D. Forrester2017-03-291-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Self-links are still semantically links, and representing them as <strong>s is inelegant and more important a real pain to work with, especially in contexts where they may change state (like inside an editor). Instead, render them as <a>, with no href to avoid user agent style over- rides and with a class to style them as before, named 'mw-selflink' to go with 'mw-redirect'. This allows much easier adjustment later. The old CSS class 'selflink' is retained for backwards compatibility, but deprecated. Bug: T160480 Change-Id: If058843924c3b30c116df2520aef93a004d98a5d
* | EditPage: Refactor getCheckboxes() to allow changing the formatBartosz Dziewoński2017-03-291-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | getCheckboxes() directly generated the HTML for the "This is a minor edit" and "Watch this page" checkboxes, and allowed extensions to add more HTML checkboxes (and modify existing ones) using the 'EditPageBeforeEditChecks' hook. This prevents us from ever changing the format of the HTML (e.g. to use OOUI checkboxes). Introduce new method getCheckboxesDefinition(), which generates the checkboxes in a machine-readable format, with a new hook 'EditPageGetCheckboxesDefinition'. Rewrite getCheckboxes() in terms of that. The old hook 'EditPageBeforeEditChecks' is now deprecated. Change-Id: I3dbe973dcac6cba0c3a1ac5d983cafcfb49d833c
* | Merge "Deprecate "Avoid page_touched update for HTTP GET action=purge requests""jenkins-bot2017-03-281-0/+3
|\ \
| * | Deprecate "Avoid page_touched update for HTTP GET action=purge requests"Brad Jorsch2017-03-271-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts most of commit c84ba4d86420d7af918e572e2cd4613d7be185b3. The changes made there are no longer needed, and nothing in Gerrit seems to have started using them since they were added. The added constants in WikiPage, WikiPage::getLastPurgeTimestamp(), and Article::getLastPurgeTimestamp() are deprecated, useless, and unused, but not removed yet since they snuck into 1.28 so we can't revert them without a deprecation period. Sigh. Bug: T145649 Change-Id: I526fd4e004bee84c831a4cee71e44e92ee73480b
* | | Add support for AtikamekwSébastien Santoro2017-03-261-0/+1
|/ / | | | | | | | | | | | | Language code: atj Bug: T137376 Change-Id: Ieb9b6bcd09aedbf520b384a6572f96d7db1eca18
* | Update RemexHtml to 1.0.1Tim Starling2017-03-231-0/+1
| | | | | | | | | | | | | | For a bug fix Depends-On: I4421afbfa52d7711d9369398891e91ae09db50c9 Change-Id: I5285c0b1c6f42891c002637cd3e4bd2f54615940
* | Deprecate WikiRevision::$useraddshore2017-03-211-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | This was introduced in 436a028086fb3f01c4605c5ad2964d56f9306aca but was not used there. It also currently looks unused. We could go ahead and just remove this now, as anything that wants to set the $user when the property is removed would still succeed. But lets adhere to the deprecation policy here. Change-Id: Id47323bb1ff480a16b46107825ed5f2f861ad976
* | Deprecate WikiRevision::$importeraddshore2017-03-211-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | This was introduced in 9b3128eb2b654761f21fd4ca1d5a1a4b796dc912 but was not used there. It also currently looks unused, even when grepping for possible magic usages of 'importer' and "importer". We could go ahead and just remove this now, as anything that wants to set the $importer when the property is removed would still succeed. But lets adhere to the deprecation policy here. Change-Id: I5ac16dd87a95be6a3cdd4b16988d37d1d6104749
* | Deprecate WikiRevision::$fileIsTemp and fix $isTempaddshore2017-03-211-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Cleanup from 43d5d3b682cc1733ad01a837d11af4a402d57e6a This commit introduces both $fileIsTemp $isTemp It would appear that the intent was to have one property here and it looks like both of these are meant to do the same thing. It also looks as if both public properties are actually unused (only used by the getter and setters) As isTemp will now sometimes return true line 766 $autoDeleteSource will be true in new cases. As a result $tmpFile->autocollect(); will be called in more cases Change-Id: I8014172fb9fd7a0e4a89d0872bafdf6c50f92646
* | Disable filter by redirect Special:AllPages and query=allpages in miser modeReedy2017-03-201-0/+4
| | | | | | | | | | Bug: T160916 Change-Id: Ib9562b404731e1f621b9f07c33821d04cd2aa6ae
* | Mark 'jquery.autoElllipsis' module as deprecatedTimo Tijhof2017-03-171-0/+1
| | | | | | | | | | | | | | | | | | | | | | It was originally introduced for jquery.searchSuggest, which hasn't used this since 2014 (56a4aff8ca61106c) when it was removed for performance reasons (T61172) in favour of CSS text-overflow. Deprecation is done the same way as for 'jquery.arrowSteps'. Bug: T160804 Change-Id: Ib7b37b94200a8802de9d98581d3cb42df6e5ba17
* | Remove unused 'jquery.arrowSteps' (deprecated in 1.28)Timo Tijhof2017-03-171-1/+1
| | | | | | | | | | | | | | Was only used by UploadWizard, and no-where else in Wikimedia Git. UploadWizard has its own copy as of last year. (T144974) Change-Id: I3d426f67f8ba061d10434469f261cb725bd672d6
* | Merge "Avoid breaking wikis that were modifying $wgDummyLanguageCodes"jenkins-bot2017-03-151-0/+2
|\ \
| * | Avoid breaking wikis that were modifying $wgDummyLanguageCodesTTO2017-03-091-0/+2
| | | | | | | | | | | | | | | | | | Follow-up to If73c74ee87d8235381449cab7dcd9f46b0f23590. Change-Id: I51b7ecf51860bfddea87fcf7cad17295088e1dd9
* | | Back-end of new RecentChanges page, refactoringMatthew Flaschen2017-03-111-0/+12
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Generate old RC, Related changes (it was already displayed and working on 'Related changes' before this change), and Watchlist/etc. and data for new UI from back-end. This moves everything used for defining the old (unstructured) and new (structured) filters into unified objects, ChangesListFilter and ChangesListFilterGroup (and sub-classes). This includes the query logic (see below) and logic for adding CSS attribution classes. This is a breaking change (for subclasses of ChangesListSpecialpage) due to the signature (and name) change of buildMainQueryConds and doMainQuery. An alternative that I don't think is a breaking change would be to put the filter->DB logic in runMainQueryHook, but then it's doing more than just running a hook. This is because it used to only build $conds here, but it's clear from filterOnUserExperienceLevel filters need more than this. I added all the DB parameters from the hook, but this could be debated. I have an checked and fixed the WMF-deployed extensions affected by this. Other than that, there should be full back-compat (including legacy filters not using the new system). * add hidepatrolled/hideunpatrolled to new UI. * Move userExpLevel from RC to ChangesListSpecialPage. Although for now the structured UI only displays on RC anyway, when it displays on watchlist, it seems we'll want userExpLevel there. Change this to make 'all' exclude unregistered users. * Don't have front-end convert none-selected to 'all' on string_options. * Needs the hideanons/hideliu special redirect to be done before this is merged (T151873) Bug: T152754 Bug: T152797 Change-Id: Iec2d82f6a830403d1c948a280efa58992e0cdee7
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-23 12:29:15 +0000