1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071
3072
3073
3074
3075
3076
3077
3078
3079
3080
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
3128
3129
3130
3131
3132
3133
3134
3135
3136
3137
3138
3139
3140
3141
3142
3143
3144
3145
3146
3147
3148
3149
3150
3151
3152
3153
3154
3155
3156
3157
3158
3159
3160
3161
3162
3163
3164
3165
3166
3167
3168
3169
3170
3171
3172
3173
3174
3175
3176
3177
3178
3179
3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
3190
3191
3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206
3207
3208
3209
3210
3211
3212
3213
3214
3215
3216
3217
3218
3219
3220
3221
3222
3223
3224
3225
3226
3227
3228
3229
3230
3231
3232
3233
3234
3235
3236
3237
3238
3239
3240
3241
3242
3243
3244
3245
3246
3247
3248
3249
3250
3251
3252
3253
3254
3255
3256
3257
3258
3259
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
3270
3271
3272
3273
3274
3275
3276
3277
3278
3279
3280
3281
3282
3283
3284
3285
3286
3287
3288
3289
3290
3291
3292
3293
3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306
3307
3308
3309
3310
3311
3312
3313
3314
3315
3316
3317
3318
3319
3320
3321
3322
3323
3324
3325
3326
3327
3328
3329
3330
3331
3332
3333
3334
3335
3336
3337
3338
3339
3340
3341
3342
3343
3344
3345
3346
3347
3348
3349
3350
3351
3352
3353
3354
3355
3356
3357
3358
3359
3360
3361
3362
3363
3364
3365
3366
3367
3368
3369
3370
3371
3372
3373
3374
3375
3376
3377
3378
3379
3380
3381
3382
3383
3384
3385
3386
3387
3388
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
3400
3401
3402
3403
3404
3405
3406
3407
3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421
3422
3423
3424
3425
3426
3427
3428
3429
3430
3431
3432
3433
3434
3435
3436
3437
3438
3439
3440
3441
3442
3443
3444
3445
3446
3447
3448
3449
3450
3451
3452
3453
3454
3455
3456
3457
3458
3459
3460
3461
3462
3463
3464
3465
3466
3467
3468
3469
3470
3471
3472
3473
3474
3475
3476
3477
3478
3479
3480
3481
3482
3483
3484
3485
3486
3487
3488
3489
3490
3491
3492
3493
3494
3495
3496
3497
3498
3499
3500
3501
3502
3503
3504
3505
3506
3507
3508
3509
3510
3511
3512
3513
3514
3515
3516
3517
3518
3519
3520
3521
3522
3523
3524
3525
3526
3527
3528
3529
3530
3531
3532
3533
3534
3535
3536
3537
3538
3539
3540
3541
3542
3543
3544
3545
3546
3547
3548
3549
3550
3551
3552
3553
3554
3555
3556
3557
3558
3559
3560
3561
3562
3563
3564
3565
3566
3567
3568
3569
3570
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594
3595
3596
3597
3598
3599
3600
3601
3602
3603
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621
3622
3623
3624
3625
3626
3627
3628
3629
3630
3631
3632
3633
3634
3635
3636
3637
3638
3639
3640
3641
3642
3643
3644
3645
3646
3647
3648
3649
3650
3651
3652
3653
3654
3655
3656
3657
3658
3659
3660
3661
3662
3663
3664
3665
3666
3667
3668
3669
3670
3671
3672
3673
3674
3675
3676
3677
3678
3679
3680
3681
3682
3683
3684
3685
3686
3687
3688
3689
3690
3691
3692
3693
3694
3695
3696
3697
3698
3699
3700
3701
3702
3703
3704
3705
3706
3707
3708
3709
3710
3711
3712
3713
3714
3715
3716
3717
3718
3719
3720
3721
3722
3723
3724
3725
3726
3727
3728
3729
3730
3731
3732
3733
3734
3735
3736
3737
3738
3739
3740
3741
3742
3743
3744
3745
3746
3747
3748
3749
3750
3751
3752
3753
3754
3755
3756
3757
3758
3759
3760
3761
3762
3763
3764
3765
3766
3767
3768
3769
3770
3771
3772
3773
3774
3775
3776
3777
3778
3779
3780
3781
3782
3783
3784
3785
3786
3787
3788
3789
3790
3791
3792
3793
3794
3795
3796
3797
3798
3799
3800
3801
3802
3803
3804
3805
3806
3807
3808
3809
3810
3811
3812
3813
3814
3815
3816
3817
3818
3819
3820
3821
3822
3823
3824
3825
3826
3827
3828
3829
3830
3831
3832
3833
3834
3835
3836
3837
3838
3839
3840
3841
3842
3843
3844
3845
3846
3847
3848
3849
3850
3851
3852
3853
3854
3855
3856
3857
3858
3859
3860
3861
3862
3863
3864
3865
3866
3867
3868
3869
3870
3871
3872
3873
3874
3875
3876
3877
3878
3879
3880
3881
3882
3883
3884
3885
3886
3887
3888
3889
3890
3891
3892
3893
3894
3895
3896
3897
3898
3899
3900
3901
3902
3903
3904
3905
3906
3907
3908
3909
3910
3911
3912
3913
3914
3915
3916
3917
3918
3919
3920
3921
3922
3923
3924
3925
3926
3927
3928
3929
3930
3931
3932
3933
3934
3935
3936
3937
3938
3939
3940
3941
3942
3943
3944
3945
3946
3947
3948
3949
3950
3951
3952
3953
3954
3955
3956
3957
3958
3959
3960
3961
3962
3963
3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
3974
3975
3976
3977
3978
3979
3980
3981
3982
3983
3984
3985
3986
3987
3988
3989
3990
3991
3992
3993
3994
3995
3996
3997
3998
3999
4000
4001
4002
4003
4004
4005
4006
4007
4008
4009
4010
4011
4012
4013
4014
4015
4016
4017
4018
4019
4020
4021
4022
4023
4024
4025
4026
4027
4028
4029
4030
4031
4032
4033
4034
4035
4036
4037
4038
4039
4040
4041
4042
4043
4044
4045
4046
4047
4048
4049
4050
4051
4052
4053
4054
4055
4056
4057
4058
4059
4060
4061
4062
4063
4064
4065
4066
4067
4068
4069
4070
4071
4072
4073
4074
4075
4076
4077
4078
4079
4080
4081
4082
4083
4084
4085
4086
4087
4088
4089
4090
4091
4092
4093
4094
4095
4096
4097
4098
4099
4100
4101
4102
4103
4104
4105
4106
4107
4108
4109
4110
4111
4112
4113
4114
4115
4116
4117
4118
4119
4120
4121
4122
4123
4124
4125
4126
4127
4128
4129
4130
4131
4132
4133
4134
4135
4136
4137
4138
4139
4140
4141
4142
4143
4144
4145
4146
4147
4148
4149
4150
4151
4152
4153
4154
4155
4156
4157
4158
4159
4160
4161
4162
4163
4164
4165
4166
4167
4168
4169
4170
4171
4172
4173
4174
4175
4176
4177
4178
4179
4180
4181
4182
4183
4184
4185
4186
4187
4188
4189
4190
4191
4192
4193
4194
4195
4196
4197
4198
4199
4200
4201
4202
4203
4204
4205
4206
4207
4208
4209
4210
4211
4212
4213
4214
4215
4216
4217
4218
4219
4220
4221
4222
4223
4224
4225
4226
4227
4228
4229
4230
4231
4232
4233
4234
4235
4236
4237
4238
4239
4240
4241
4242
4243
4244
4245
4246
4247
4248
4249
4250
4251
4252
4253
4254
4255
4256
4257
4258
4259
4260
4261
4262
4263
4264
4265
4266
4267
4268
4269
4270
4271
4272
4273
4274
4275
4276
4277
4278
4279
4280
4281
4282
4283
4284
4285
4286
4287
4288
4289
4290
4291
4292
4293
4294
4295
4296
4297
4298
4299
4300
4301
4302
4303
4304
4305
4306
4307
4308
4309
4310
4311
4312
4313
4314
4315
4316
4317
4318
4319
4320
4321
4322
4323
4324
4325
4326
4327
4328
4329
4330
4331
4332
4333
4334
4335
4336
4337
4338
4339
4340
4341
4342
4343
4344
4345
4346
4347
4348
4349
4350
4351
4352
4353
4354
4355
4356
4357
4358
4359
4360
4361
4362
4363
4364
4365
4366
4367
4368
4369
4370
4371
4372
4373
4374
4375
4376
4377
4378
4379
4380
4381
4382
4383
4384
4385
4386
4387
4388
4389
4390
4391
4392
4393
4394
4395
4396
4397
4398
4399
4400
4401
4402
4403
4404
4405
4406
4407
4408
4409
4410
4411
4412
4413
4414
4415
4416
4417
4418
4419
4420
4421
4422
4423
4424
4425
4426
4427
4428
4429
4430
4431
4432
4433
4434
4435
4436
4437
4438
4439
4440
4441
4442
4443
4444
4445
4446
4447
4448
4449
4450
4451
4452
4453
4454
4455
4456
4457
4458
4459
4460
4461
4462
4463
4464
4465
4466
4467
4468
4469
4470
4471
4472
4473
4474
4475
4476
4477
4478
4479
4480
4481
4482
4483
4484
4485
4486
4487
4488
4489
4490
4491
4492
4493
4494
4495
4496
4497
4498
4499
4500
4501
4502
4503
4504
4505
4506
4507
4508
4509
4510
4511
4512
4513
4514
4515
4516
4517
4518
4519
4520
4521
4522
4523
4524
4525
4526
4527
4528
4529
4530
4531
4532
4533
4534
4535
4536
4537
4538
4539
4540
4541
4542
4543
4544
4545
4546
4547
4548
4549
4550
4551
4552
4553
4554
4555
4556
4557
4558
4559
4560
4561
4562
4563
4564
4565
4566
4567
4568
4569
4570
4571
4572
4573
4574
4575
4576
4577
4578
4579
4580
4581
4582
4583
4584
4585
4586
4587
4588
4589
4590
4591
4592
4593
4594
4595
4596
4597
4598
4599
4600
4601
4602
4603
4604
4605
4606
4607
4608
4609
4610
4611
4612
4613
4614
4615
4616
4617
4618
4619
4620
4621
4622
4623
4624
4625
4626
4627
4628
4629
4630
4631
4632
4633
4634
4635
4636
4637
4638
4639
4640
4641
4642
4643
4644
4645
4646
4647
4648
4649
4650
4651
4652
4653
4654
4655
4656
4657
4658
4659
4660
4661
4662
4663
4664
4665
4666
4667
4668
4669
4670
4671
4672
4673
4674
4675
4676
4677
4678
4679
4680
4681
4682
4683
4684
4685
4686
4687
4688
4689
4690
4691
4692
4693
4694
4695
4696
4697
4698
4699
4700
4701
4702
4703
4704
4705
4706
4707
4708
4709
4710
4711
4712
4713
4714
4715
4716
4717
4718
4719
4720
4721
4722
4723
4724
4725
4726
4727
4728
4729
4730
4731
4732
4733
4734
4735
4736
4737
4738
4739
4740
4741
4742
4743
4744
4745
4746
4747
4748
4749
4750
4751
4752
4753
4754
4755
4756
4757
4758
4759
4760
4761
4762
4763
4764
4765
4766
4767
4768
4769
4770
4771
4772
4773
4774
4775
4776
4777
4778
4779
4780
4781
4782
4783
4784
4785
4786
4787
4788
4789
4790
4791
4792
4793
4794
4795
4796
4797
4798
4799
4800
4801
4802
4803
4804
4805
4806
4807
4808
4809
4810
4811
4812
4813
4814
4815
4816
4817
4818
4819
4820
4821
4822
4823
4824
4825
4826
4827
4828
4829
4830
4831
4832
4833
4834
4835
4836
4837
4838
4839
4840
4841
4842
4843
4844
4845
4846
4847
4848
4849
4850
4851
4852
4853
4854
4855
4856
4857
4858
4859
4860
4861
4862
4863
4864
4865
4866
4867
4868
4869
4870
4871
4872
4873
4874
4875
4876
4877
4878
4879
4880
4881
4882
4883
4884
4885
4886
4887
4888
4889
4890
4891
4892
4893
4894
4895
4896
4897
4898
4899
4900
4901
4902
4903
4904
4905
4906
4907
4908
4909
4910
4911
4912
4913
4914
4915
4916
4917
4918
4919
4920
4921
4922
4923
4924
4925
4926
4927
4928
4929
4930
4931
4932
4933
4934
4935
4936
4937
4938
4939
4940
4941
4942
4943
4944
4945
4946
4947
4948
4949
4950
4951
4952
4953
4954
4955
4956
4957
4958
4959
4960
4961
4962
4963
4964
4965
4966
4967
4968
4969
4970
4971
4972
4973
4974
4975
4976
4977
4978
4979
4980
4981
4982
4983
4984
4985
4986
4987
4988
4989
4990
4991
4992
4993
4994
4995
4996
4997
4998
4999
5000
5001
5002
5003
5004
5005
5006
5007
5008
5009
5010
5011
5012
5013
5014
5015
5016
5017
5018
5019
5020
5021
5022
5023
5024
5025
5026
5027
5028
5029
5030
5031
5032
5033
5034
5035
5036
5037
5038
5039
5040
5041
5042
5043
5044
5045
5046
5047
5048
5049
5050
5051
5052
5053
5054
5055
5056
5057
5058
5059
5060
5061
5062
5063
5064
5065
5066
5067
5068
5069
5070
5071
5072
5073
5074
5075
5076
5077
5078
5079
5080
5081
5082
5083
5084
5085
5086
5087
5088
5089
5090
5091
5092
5093
5094
5095
5096
5097
5098
5099
5100
5101
5102
5103
5104
5105
5106
5107
5108
5109
5110
5111
5112
5113
5114
5115
5116
5117
5118
5119
5120
5121
5122
5123
5124
5125
5126
5127
5128
5129
5130
5131
5132
5133
5134
5135
5136
5137
5138
5139
5140
5141
5142
5143
5144
5145
5146
5147
5148
5149
5150
5151
5152
5153
5154
5155
5156
5157
5158
5159
5160
5161
5162
5163
5164
5165
5166
5167
5168
5169
5170
5171
5172
5173
5174
5175
5176
5177
5178
5179
5180
5181
5182
5183
5184
5185
5186
5187
5188
5189
5190
5191
5192
5193
5194
5195
5196
5197
5198
5199
5200
5201
5202
5203
5204
5205
5206
5207
5208
5209
5210
5211
5212
5213
5214
5215
5216
5217
5218
5219
5220
5221
5222
5223
5224
5225
5226
5227
5228
5229
5230
5231
5232
5233
5234
5235
5236
5237
5238
5239
5240
5241
5242
5243
5244
5245
5246
5247
5248
5249
5250
5251
5252
5253
5254
5255
5256
5257
5258
5259
5260
5261
5262
5263
5264
5265
5266
5267
5268
5269
5270
5271
5272
5273
5274
5275
5276
5277
5278
5279
5280
5281
5282
5283
5284
5285
5286
5287
5288
5289
5290
5291
5292
5293
5294
5295
5296
5297
5298
5299
5300
5301
5302
5303
5304
5305
5306
5307
5308
5309
5310
5311
5312
5313
5314
5315
5316
5317
5318
5319
5320
5321
5322
5323
5324
5325
5326
5327
5328
5329
5330
5331
5332
5333
5334
5335
5336
5337
5338
5339
5340
5341
5342
5343
5344
5345
5346
5347
5348
5349
5350
5351
5352
5353
5354
5355
5356
5357
5358
5359
5360
5361
5362
5363
5364
5365
5366
5367
5368
5369
5370
5371
5372
5373
5374
5375
5376
5377
5378
5379
5380
5381
5382
5383
5384
5385
5386
5387
5388
5389
5390
5391
5392
5393
5394
5395
5396
5397
5398
5399
5400
5401
5402
5403
5404
5405
5406
5407
5408
5409
5410
5411
5412
5413
5414
5415
5416
5417
5418
5419
5420
5421
5422
5423
5424
5425
5426
5427
5428
5429
5430
5431
5432
5433
5434
5435
5436
5437
5438
5439
5440
5441
5442
5443
5444
5445
5446
5447
5448
5449
5450
5451
5452
5453
5454
5455
5456
5457
5458
5459
5460
5461
5462
5463
5464
5465
5466
5467
5468
5469
5470
5471
5472
5473
5474
5475
5476
5477
5478
5479
5480
5481
5482
5483
5484
5485
5486
5487
5488
5489
5490
5491
5492
5493
5494
5495
5496
5497
5498
5499
5500
5501
5502
5503
5504
5505
5506
5507
5508
5509
5510
5511
5512
5513
5514
5515
5516
5517
5518
5519
5520
5521
5522
5523
5524
5525
5526
5527
5528
5529
5530
5531
5532
5533
5534
5535
5536
5537
5538
5539
5540
5541
5542
5543
5544
5545
5546
5547
5548
5549
5550
5551
5552
5553
5554
5555
5556
5557
5558
5559
5560
5561
5562
5563
5564
5565
5566
5567
5568
5569
5570
5571
5572
5573
5574
5575
5576
5577
5578
5579
5580
5581
5582
5583
5584
5585
5586
5587
5588
5589
5590
5591
5592
5593
5594
5595
5596
5597
5598
5599
5600
5601
5602
5603
5604
5605
5606
5607
5608
5609
5610
5611
5612
5613
5614
5615
5616
5617
5618
5619
5620
5621
5622
5623
5624
5625
5626
5627
5628
5629
5630
5631
5632
5633
5634
5635
5636
5637
5638
5639
5640
5641
5642
5643
5644
5645
5646
5647
5648
5649
5650
5651
5652
5653
5654
5655
5656
5657
5658
5659
5660
5661
5662
5663
5664
5665
5666
5667
5668
5669
5670
5671
5672
5673
5674
5675
5676
5677
5678
5679
5680
5681
5682
5683
5684
5685
5686
5687
5688
5689
5690
5691
5692
5693
5694
5695
5696
5697
5698
5699
5700
5701
5702
5703
5704
5705
5706
5707
5708
5709
5710
5711
5712
5713
5714
5715
5716
5717
5718
5719
5720
5721
5722
5723
5724
5725
5726
5727
5728
5729
5730
5731
5732
5733
5734
5735
5736
5737
5738
5739
5740
5741
5742
5743
5744
5745
5746
5747
5748
5749
5750
5751
5752
5753
5754
5755
5756
5757
5758
5759
5760
5761
5762
5763
5764
5765
5766
5767
5768
5769
5770
5771
5772
5773
5774
5775
5776
5777
5778
5779
5780
5781
5782
5783
5784
5785
5786
5787
5788
5789
5790
5791
5792
5793
5794
5795
5796
5797
5798
5799
5800
5801
5802
5803
5804
5805
5806
5807
5808
5809
5810
5811
5812
5813
5814
5815
5816
5817
5818
5819
5820
5821
5822
5823
5824
5825
5826
5827
5828
5829
5830
5831
5832
5833
5834
5835
5836
5837
5838
5839
5840
5841
5842
5843
5844
5845
5846
5847
5848
5849
5850
5851
5852
5853
5854
5855
5856
5857
5858
5859
5860
5861
5862
5863
5864
5865
5866
5867
5868
5869
5870
5871
5872
5873
5874
5875
5876
5877
5878
5879
5880
5881
5882
5883
5884
5885
5886
5887
5888
5889
5890
5891
5892
5893
5894
5895
5896
5897
5898
5899
5900
5901
5902
5903
5904
5905
5906
5907
5908
5909
5910
5911
5912
5913
5914
5915
5916
5917
5918
5919
5920
5921
5922
5923
5924
5925
5926
5927
5928
5929
5930
5931
5932
5933
5934
5935
5936
5937
5938
5939
5940
5941
5942
5943
5944
5945
5946
5947
5948
5949
5950
5951
5952
5953
5954
5955
5956
5957
5958
5959
5960
5961
5962
5963
5964
5965
5966
5967
5968
5969
5970
5971
5972
5973
5974
5975
5976
5977
5978
5979
5980
5981
5982
5983
5984
5985
5986
5987
5988
5989
5990
5991
5992
5993
5994
5995
5996
5997
5998
5999
6000
6001
6002
6003
6004
6005
6006
6007
6008
6009
6010
6011
6012
6013
6014
6015
6016
6017
6018
6019
6020
6021
6022
6023
6024
6025
6026
6027
6028
6029
6030
6031
6032
6033
6034
6035
6036
6037
6038
6039
6040
6041
6042
6043
6044
6045
6046
6047
6048
6049
6050
6051
6052
6053
6054
6055
6056
6057
6058
6059
6060
6061
6062
6063
6064
6065
6066
6067
6068
6069
6070
6071
6072
6073
6074
6075
6076
6077
6078
6079
6080
6081
6082
6083
6084
6085
6086
6087
6088
6089
6090
6091
6092
6093
6094
6095
6096
6097
6098
6099
6100
6101
6102
6103
6104
6105
6106
6107
6108
6109
6110
6111
6112
6113
6114
6115
6116
6117
6118
6119
6120
6121
6122
6123
6124
6125
6126
6127
6128
6129
6130
6131
6132
6133
6134
6135
6136
6137
6138
6139
6140
6141
6142
6143
6144
6145
6146
6147
6148
6149
6150
6151
6152
6153
6154
6155
6156
6157
6158
6159
6160
6161
6162
6163
6164
6165
6166
6167
6168
6169
6170
6171
6172
6173
6174
6175
6176
6177
6178
6179
6180
6181
6182
6183
6184
6185
6186
6187
6188
6189
6190
6191
6192
6193
6194
6195
6196
6197
6198
6199
6200
6201
6202
6203
6204
6205
6206
6207
6208
6209
6210
6211
6212
6213
6214
6215
6216
6217
6218
6219
6220
6221
6222
6223
6224
6225
6226
6227
6228
6229
6230
6231
6232
6233
6234
6235
6236
6237
6238
6239
6240
6241
6242
6243
6244
6245
6246
6247
6248
6249
6250
6251
6252
6253
6254
6255
6256
6257
6258
6259
6260
6261
6262
6263
6264
6265
6266
6267
6268
6269
6270
6271
6272
6273
6274
6275
6276
6277
6278
6279
6280
6281
6282
6283
6284
6285
6286
6287
6288
6289
6290
6291
6292
6293
6294
6295
6296
6297
6298
6299
6300
6301
6302
6303
6304
6305
6306
6307
6308
6309
6310
6311
6312
6313
6314
6315
6316
6317
6318
6319
6320
6321
6322
6323
6324
6325
6326
6327
6328
6329
6330
6331
6332
6333
6334
6335
6336
6337
6338
6339
6340
6341
6342
6343
6344
6345
6346
6347
6348
6349
6350
6351
6352
6353
6354
6355
6356
6357
6358
6359
6360
6361
6362
6363
6364
6365
6366
6367
6368
6369
6370
6371
6372
6373
6374
6375
6376
6377
6378
6379
6380
6381
6382
6383
6384
6385
6386
6387
6388
6389
6390
6391
6392
6393
6394
6395
6396
6397
6398
6399
6400
6401
6402
6403
6404
6405
6406
6407
6408
6409
6410
6411
6412
6413
6414
6415
6416
6417
6418
6419
6420
6421
6422
6423
6424
6425
6426
6427
6428
6429
6430
6431
6432
6433
6434
6435
6436
6437
6438
6439
6440
6441
6442
6443
6444
6445
6446
6447
6448
6449
6450
6451
6452
6453
6454
6455
6456
6457
6458
6459
6460
6461
6462
6463
6464
6465
6466
6467
6468
6469
6470
6471
6472
6473
6474
6475
6476
6477
6478
6479
6480
6481
6482
6483
6484
6485
6486
6487
6488
6489
6490
6491
6492
6493
6494
6495
6496
6497
6498
6499
6500
6501
6502
6503
6504
6505
6506
6507
6508
6509
6510
6511
6512
6513
6514
6515
6516
6517
6518
6519
6520
6521
6522
6523
6524
6525
6526
6527
6528
6529
6530
6531
6532
6533
6534
6535
6536
6537
6538
6539
6540
6541
6542
6543
6544
6545
6546
6547
6548
6549
6550
6551
6552
6553
6554
6555
6556
6557
6558
6559
6560
6561
6562
6563
6564
6565
6566
6567
6568
6569
6570
6571
6572
6573
6574
6575
6576
6577
6578
6579
6580
6581
6582
6583
6584
6585
6586
6587
6588
6589
6590
6591
6592
6593
6594
6595
6596
6597
6598
6599
6600
6601
6602
6603
6604
6605
6606
6607
6608
6609
6610
6611
6612
6613
6614
6615
6616
6617
6618
6619
6620
6621
6622
6623
6624
6625
6626
6627
6628
6629
6630
6631
6632
6633
6634
6635
6636
6637
6638
6639
6640
6641
6642
6643
6644
6645
6646
6647
6648
6649
6650
6651
6652
6653
6654
6655
6656
6657
6658
6659
6660
6661
6662
6663
6664
6665
6666
6667
6668
6669
6670
6671
6672
6673
6674
6675
6676
6677
6678
6679
6680
6681
6682
6683
6684
6685
6686
6687
6688
6689
6690
6691
6692
6693
6694
6695
6696
6697
6698
6699
6700
6701
6702
6703
6704
6705
6706
6707
6708
6709
6710
6711
6712
6713
6714
6715
6716
6717
6718
6719
6720
6721
6722
6723
6724
6725
6726
6727
6728
6729
6730
6731
6732
6733
6734
6735
6736
6737
6738
6739
6740
6741
6742
6743
6744
6745
6746
6747
6748
6749
6750
6751
6752
6753
6754
6755
6756
6757
6758
6759
6760
6761
6762
6763
6764
6765
6766
6767
6768
6769
6770
6771
6772
6773
6774
6775
6776
6777
6778
6779
6780
6781
6782
6783
6784
6785
6786
6787
6788
6789
6790
6791
6792
6793
6794
6795
6796
6797
6798
6799
6800
6801
6802
6803
6804
6805
6806
6807
6808
6809
6810
6811
6812
6813
6814
6815
6816
6817
6818
6819
6820
6821
6822
6823
6824
6825
6826
6827
6828
6829
6830
6831
6832
6833
6834
6835
6836
6837
6838
6839
6840
6841
6842
6843
6844
6845
6846
6847
6848
6849
6850
6851
6852
6853
6854
6855
6856
6857
6858
6859
6860
6861
6862
6863
6864
6865
6866
6867
6868
6869
6870
6871
6872
6873
6874
6875
6876
6877
6878
6879
6880
6881
6882
6883
6884
6885
6886
6887
6888
6889
6890
6891
6892
6893
6894
6895
6896
6897
6898
6899
6900
6901
6902
6903
6904
6905
6906
6907
6908
6909
6910
6911
6912
6913
6914
6915
6916
6917
6918
6919
6920
6921
6922
6923
6924
6925
6926
6927
6928
6929
6930
6931
6932
6933
6934
6935
6936
6937
6938
6939
6940
6941
6942
6943
6944
6945
6946
6947
6948
6949
6950
6951
6952
6953
6954
6955
6956
6957
6958
6959
6960
6961
6962
6963
6964
6965
6966
6967
6968
6969
6970
6971
6972
6973
6974
6975
6976
6977
6978
6979
6980
6981
6982
6983
6984
6985
6986
6987
6988
6989
6990
6991
6992
6993
6994
6995
6996
6997
6998
6999
7000
7001
7002
7003
7004
7005
7006
7007
7008
7009
7010
7011
7012
7013
7014
7015
7016
7017
7018
7019
7020
7021
7022
7023
7024
7025
7026
7027
7028
7029
7030
7031
7032
7033
7034
7035
7036
7037
7038
7039
7040
7041
7042
7043
7044
7045
7046
7047
7048
7049
7050
7051
7052
7053
7054
7055
7056
7057
7058
7059
7060
7061
7062
7063
7064
7065
7066
7067
7068
7069
7070
7071
7072
7073
7074
7075
7076
7077
7078
7079
7080
7081
7082
7083
7084
7085
7086
7087
7088
7089
7090
7091
7092
7093
7094
7095
7096
7097
7098
7099
7100
7101
7102
7103
7104
7105
7106
7107
7108
7109
7110
7111
7112
7113
7114
7115
7116
7117
7118
7119
7120
7121
7122
7123
7124
7125
7126
7127
7128
7129
7130
7131
7132
7133
7134
7135
7136
7137
7138
7139
7140
7141
7142
7143
7144
7145
7146
7147
7148
7149
7150
7151
7152
7153
7154
7155
7156
7157
7158
7159
7160
7161
7162
7163
7164
7165
7166
7167
7168
7169
7170
7171
7172
7173
7174
7175
7176
7177
7178
7179
7180
7181
7182
7183
7184
7185
7186
7187
7188
7189
7190
7191
7192
7193
7194
7195
7196
7197
7198
7199
7200
7201
7202
7203
7204
7205
7206
7207
7208
7209
7210
7211
7212
7213
7214
7215
7216
7217
7218
7219
7220
7221
7222
7223
7224
7225
7226
7227
7228
7229
7230
7231
7232
7233
7234
7235
7236
7237
7238
7239
7240
7241
7242
7243
7244
7245
7246
7247
7248
7249
7250
7251
7252
7253
7254
7255
7256
7257
7258
7259
7260
7261
7262
7263
7264
7265
7266
7267
7268
7269
7270
7271
7272
7273
7274
7275
7276
7277
7278
7279
7280
7281
7282
7283
7284
7285
7286
7287
7288
7289
7290
7291
7292
7293
7294
7295
7296
7297
7298
7299
7300
7301
7302
7303
7304
7305
7306
7307
7308
7309
7310
7311
7312
7313
7314
7315
7316
7317
7318
7319
7320
7321
7322
7323
7324
7325
7326
7327
7328
7329
7330
7331
7332
7333
7334
7335
7336
7337
7338
7339
7340
7341
7342
7343
7344
7345
7346
7347
7348
7349
7350
7351
7352
7353
7354
7355
7356
7357
7358
7359
7360
7361
7362
7363
7364
7365
7366
7367
7368
7369
7370
7371
7372
7373
7374
7375
7376
7377
7378
7379
7380
7381
7382
7383
7384
7385
7386
7387
7388
7389
7390
7391
7392
7393
7394
7395
7396
7397
7398
7399
7400
7401
7402
7403
7404
7405
7406
7407
7408
7409
7410
7411
7412
7413
7414
7415
7416
7417
7418
7419
7420
7421
7422
7423
7424
7425
7426
7427
7428
7429
7430
7431
7432
7433
7434
7435
7436
7437
7438
7439
7440
7441
7442
7443
7444
7445
7446
7447
7448
7449
7450
7451
7452
7453
7454
7455
7456
7457
7458
7459
7460
7461
7462
7463
7464
7465
7466
7467
7468
7469
7470
7471
7472
7473
7474
7475
7476
7477
7478
7479
7480
7481
7482
7483
7484
7485
7486
7487
7488
7489
7490
7491
7492
7493
7494
7495
7496
7497
7498
7499
7500
7501
7502
7503
7504
7505
7506
7507
7508
7509
7510
7511
7512
7513
7514
7515
7516
7517
7518
7519
7520
7521
7522
7523
7524
7525
7526
7527
7528
7529
7530
7531
7532
7533
7534
7535
7536
7537
7538
7539
7540
7541
7542
7543
7544
7545
7546
7547
7548
7549
7550
7551
7552
7553
7554
7555
7556
7557
7558
7559
7560
7561
7562
7563
7564
7565
7566
7567
7568
7569
7570
7571
7572
7573
7574
7575
7576
7577
7578
7579
7580
7581
7582
7583
7584
7585
7586
7587
7588
7589
7590
7591
7592
7593
7594
7595
7596
7597
7598
7599
7600
7601
7602
7603
7604
7605
7606
7607
7608
7609
7610
7611
7612
7613
7614
7615
7616
7617
7618
7619
7620
7621
7622
7623
7624
7625
7626
7627
7628
7629
7630
7631
7632
7633
7634
7635
7636
7637
7638
7639
7640
7641
7642
7643
7644
7645
7646
7647
7648
7649
7650
7651
7652
7653
7654
7655
7656
7657
7658
7659
7660
7661
7662
7663
7664
7665
7666
7667
7668
7669
7670
7671
7672
7673
7674
7675
7676
7677
7678
7679
7680
7681
7682
7683
7684
7685
7686
7687
7688
7689
7690
7691
7692
7693
7694
7695
7696
7697
7698
7699
7700
7701
7702
7703
7704
7705
7706
7707
7708
7709
7710
7711
7712
7713
7714
7715
7716
7717
7718
7719
7720
7721
7722
7723
7724
7725
7726
7727
7728
7729
7730
7731
7732
7733
7734
7735
7736
7737
7738
7739
7740
7741
7742
7743
7744
7745
7746
7747
7748
7749
7750
7751
7752
7753
7754
7755
7756
7757
7758
7759
7760
7761
7762
7763
7764
7765
7766
7767
7768
7769
7770
7771
7772
7773
7774
7775
7776
7777
7778
7779
7780
7781
7782
7783
7784
7785
7786
7787
7788
7789
7790
7791
7792
7793
7794
7795
7796
7797
7798
7799
7800
7801
7802
7803
7804
7805
7806
7807
7808
7809
7810
7811
7812
7813
7814
7815
7816
7817
7818
7819
7820
7821
7822
7823
7824
7825
7826
7827
7828
7829
7830
7831
7832
7833
7834
7835
7836
7837
7838
7839
7840
7841
7842
7843
7844
7845
7846
7847
7848
7849
7850
7851
7852
7853
7854
7855
7856
7857
7858
7859
7860
7861
7862
7863
7864
7865
7866
7867
7868
7869
7870
7871
7872
7873
7874
7875
7876
7877
7878
7879
7880
7881
7882
7883
7884
7885
7886
7887
7888
7889
7890
7891
7892
7893
7894
7895
7896
7897
7898
7899
7900
7901
7902
7903
7904
7905
7906
7907
7908
7909
7910
7911
7912
7913
7914
7915
7916
7917
7918
7919
7920
7921
7922
7923
7924
7925
7926
7927
7928
7929
7930
7931
7932
7933
7934
7935
7936
7937
7938
7939
7940
7941
7942
7943
7944
7945
7946
7947
7948
7949
7950
7951
7952
7953
7954
7955
7956
7957
7958
7959
7960
7961
7962
7963
7964
7965
7966
7967
7968
7969
7970
7971
7972
7973
7974
7975
7976
7977
7978
7979
7980
7981
7982
7983
7984
7985
7986
7987
7988
7989
7990
7991
7992
7993
7994
7995
7996
7997
7998
7999
8000
8001
8002
8003
8004
8005
8006
8007
8008
8009
8010
8011
8012
8013
8014
8015
8016
8017
8018
8019
8020
8021
8022
8023
8024
8025
8026
8027
8028
8029
8030
8031
8032
8033
8034
8035
8036
8037
8038
8039
8040
8041
8042
8043
8044
8045
8046
8047
8048
8049
8050
8051
8052
8053
8054
8055
8056
8057
8058
8059
8060
8061
8062
8063
8064
8065
8066
8067
8068
8069
8070
8071
8072
8073
8074
8075
8076
8077
8078
8079
8080
8081
8082
8083
8084
8085
8086
8087
8088
8089
8090
8091
8092
8093
8094
8095
8096
8097
8098
8099
8100
8101
8102
8103
8104
8105
8106
8107
8108
8109
8110
8111
8112
8113
8114
8115
8116
8117
8118
8119
8120
8121
8122
8123
8124
8125
8126
8127
8128
8129
8130
8131
8132
8133
8134
8135
8136
8137
8138
8139
8140
8141
8142
8143
8144
8145
8146
8147
8148
8149
8150
8151
8152
8153
8154
8155
8156
8157
8158
8159
8160
8161
8162
8163
8164
8165
8166
8167
8168
8169
8170
8171
8172
8173
8174
8175
8176
8177
8178
8179
8180
8181
8182
8183
8184
8185
8186
8187
8188
8189
8190
8191
8192
8193
8194
8195
8196
8197
8198
8199
8200
8201
8202
8203
8204
8205
8206
8207
8208
8209
8210
8211
8212
8213
8214
8215
8216
8217
8218
8219
8220
8221
8222
8223
8224
8225
8226
8227
8228
8229
8230
8231
8232
8233
8234
8235
8236
8237
8238
8239
8240
8241
8242
8243
8244
8245
8246
8247
8248
8249
8250
8251
8252
8253
8254
8255
8256
8257
8258
8259
8260
8261
8262
8263
8264
8265
8266
8267
8268
8269
8270
8271
8272
8273
8274
8275
8276
8277
8278
8279
8280
8281
8282
8283
8284
8285
8286
8287
8288
8289
8290
8291
8292
8293
8294
8295
8296
8297
8298
8299
8300
8301
8302
8303
8304
8305
8306
8307
8308
8309
8310
8311
8312
8313
8314
8315
8316
8317
8318
8319
8320
8321
8322
8323
8324
8325
8326
8327
8328
8329
8330
8331
8332
8333
8334
8335
8336
8337
8338
8339
8340
8341
8342
8343
8344
8345
8346
8347
8348
8349
8350
8351
8352
8353
8354
8355
8356
8357
8358
8359
8360
8361
8362
8363
8364
8365
8366
8367
8368
8369
8370
8371
8372
8373
8374
8375
8376
8377
8378
8379
8380
8381
8382
8383
8384
8385
8386
8387
8388
8389
8390
8391
8392
8393
8394
8395
8396
8397
8398
8399
8400
8401
8402
8403
8404
8405
8406
8407
8408
8409
8410
8411
8412
8413
8414
8415
8416
8417
8418
8419
8420
8421
8422
8423
8424
8425
8426
8427
8428
8429
8430
8431
8432
8433
8434
8435
8436
8437
8438
8439
8440
8441
8442
8443
8444
8445
8446
8447
8448
8449
8450
8451
8452
8453
8454
8455
8456
8457
8458
8459
8460
8461
8462
8463
8464
8465
8466
8467
8468
8469
8470
8471
8472
8473
8474
8475
8476
8477
8478
8479
8480
8481
8482
8483
8484
8485
8486
8487
8488
8489
8490
8491
8492
8493
8494
8495
8496
8497
8498
8499
8500
8501
8502
8503
8504
8505
8506
8507
8508
8509
8510
8511
8512
8513
8514
8515
8516
8517
8518
8519
8520
8521
8522
8523
8524
8525
8526
8527
8528
8529
8530
8531
8532
8533
8534
8535
8536
8537
8538
8539
8540
8541
8542
8543
8544
8545
8546
8547
8548
8549
8550
8551
8552
8553
8554
8555
8556
8557
8558
8559
8560
8561
8562
8563
8564
8565
8566
8567
8568
8569
8570
8571
8572
8573
8574
8575
8576
8577
8578
8579
8580
8581
8582
8583
8584
8585
8586
8587
8588
8589
8590
8591
8592
8593
8594
8595
8596
8597
8598
8599
8600
8601
8602
8603
8604
8605
8606
8607
8608
8609
8610
8611
8612
8613
8614
8615
8616
8617
8618
8619
8620
8621
8622
8623
8624
8625
8626
8627
8628
8629
8630
8631
8632
8633
8634
8635
8636
8637
8638
8639
8640
8641
8642
8643
8644
8645
8646
8647
8648
8649
8650
8651
8652
8653
8654
8655
8656
8657
8658
8659
8660
8661
8662
8663
8664
8665
8666
8667
8668
8669
8670
8671
8672
8673
8674
8675
8676
8677
8678
8679
8680
8681
8682
8683
8684
8685
8686
8687
8688
8689
8690
8691
8692
8693
8694
8695
8696
8697
8698
8699
8700
8701
8702
8703
8704
8705
8706
8707
8708
8709
8710
8711
8712
8713
8714
8715
8716
8717
8718
8719
8720
8721
8722
8723
8724
8725
8726
8727
8728
8729
8730
8731
8732
8733
8734
8735
8736
8737
8738
8739
8740
8741
8742
8743
8744
8745
8746
8747
8748
8749
8750
8751
8752
8753
8754
8755
8756
8757
8758
8759
8760
8761
8762
8763
8764
8765
8766
8767
8768
8769
8770
8771
8772
8773
8774
8775
8776
8777
8778
8779
8780
8781
8782
8783
8784
8785
8786
8787
8788
8789
8790
8791
8792
8793
8794
8795
8796
8797
8798
8799
8800
8801
8802
8803
8804
8805
8806
8807
8808
8809
8810
8811
8812
8813
8814
8815
8816
8817
8818
8819
8820
8821
8822
8823
8824
8825
8826
8827
8828
8829
8830
8831
8832
8833
8834
8835
8836
8837
8838
8839
8840
8841
8842
8843
8844
8845
8846
8847
8848
8849
8850
8851
8852
8853
8854
8855
8856
8857
8858
8859
8860
8861
8862
8863
8864
8865
8866
8867
8868
8869
8870
8871
8872
8873
8874
8875
8876
8877
8878
8879
8880
8881
8882
8883
8884
8885
8886
8887
8888
8889
8890
8891
8892
8893
8894
8895
8896
8897
8898
8899
8900
8901
8902
8903
8904
8905
8906
8907
8908
8909
8910
8911
8912
8913
8914
8915
8916
8917
8918
8919
8920
8921
8922
8923
8924
8925
8926
8927
8928
8929
8930
8931
8932
8933
8934
8935
8936
8937
8938
8939
8940
8941
8942
8943
8944
8945
8946
8947
8948
8949
8950
8951
8952
8953
8954
8955
8956
8957
8958
8959
8960
8961
8962
8963
8964
8965
8966
8967
8968
8969
8970
8971
8972
8973
8974
8975
8976
8977
8978
8979
8980
8981
8982
8983
8984
8985
8986
8987
8988
8989
8990
8991
8992
8993
8994
8995
8996
8997
8998
8999
9000
9001
9002
9003
9004
9005
9006
9007
9008
9009
9010
9011
9012
9013
9014
9015
9016
9017
9018
9019
9020
9021
9022
9023
9024
9025
9026
9027
9028
9029
9030
9031
9032
9033
9034
9035
9036
9037
9038
9039
9040
9041
9042
9043
9044
9045
9046
9047
9048
9049
9050
9051
9052
9053
9054
9055
9056
9057
9058
9059
9060
9061
9062
9063
9064
9065
9066
9067
9068
9069
9070
9071
9072
9073
9074
9075
9076
9077
9078
9079
9080
9081
9082
9083
9084
9085
9086
9087
9088
9089
9090
9091
9092
9093
9094
9095
9096
9097
9098
9099
9100
9101
9102
9103
9104
9105
9106
9107
9108
9109
9110
9111
9112
9113
9114
9115
9116
9117
9118
9119
9120
9121
9122
9123
9124
9125
9126
9127
9128
9129
9130
9131
9132
9133
9134
9135
9136
9137
9138
9139
9140
9141
9142
9143
9144
9145
9146
9147
9148
9149
9150
9151
9152
9153
9154
9155
9156
9157
9158
9159
9160
9161
9162
9163
9164
9165
9166
9167
9168
9169
9170
9171
9172
9173
9174
9175
9176
9177
9178
9179
9180
9181
9182
9183
9184
9185
9186
9187
9188
9189
9190
9191
9192
9193
9194
9195
9196
9197
9198
9199
9200
9201
9202
9203
9204
9205
9206
9207
9208
9209
9210
9211
9212
9213
9214
9215
9216
9217
9218
9219
9220
9221
9222
9223
9224
9225
9226
9227
9228
9229
9230
9231
9232
9233
9234
9235
9236
9237
9238
9239
9240
9241
9242
9243
9244
9245
9246
9247
9248
9249
9250
9251
9252
9253
9254
9255
9256
9257
9258
9259
9260
9261
9262
9263
9264
9265
9266
9267
9268
9269
9270
9271
9272
9273
9274
9275
9276
9277
9278
9279
9280
9281
9282
9283
9284
9285
9286
9287
9288
9289
9290
9291
9292
9293
9294
9295
9296
9297
9298
9299
9300
9301
9302
9303
9304
9305
9306
9307
9308
9309
9310
9311
9312
9313
9314
9315
9316
9317
9318
9319
9320
9321
9322
9323
9324
9325
9326
9327
9328
9329
9330
9331
9332
9333
9334
9335
9336
9337
9338
9339
9340
9341
9342
9343
9344
9345
9346
9347
9348
9349
9350
9351
9352
9353
9354
9355
9356
9357
9358
9359
9360
9361
9362
9363
9364
9365
9366
9367
9368
9369
9370
9371
9372
9373
9374
9375
9376
9377
9378
9379
9380
9381
9382
9383
9384
9385
9386
9387
9388
9389
9390
9391
9392
9393
9394
9395
9396
9397
9398
9399
9400
9401
9402
9403
9404
9405
9406
9407
9408
9409
9410
9411
9412
9413
9414
9415
9416
9417
9418
9419
9420
9421
9422
9423
9424
9425
9426
9427
9428
9429
9430
9431
9432
9433
9434
9435
9436
9437
9438
9439
9440
9441
9442
9443
9444
9445
9446
9447
9448
9449
9450
9451
9452
9453
9454
9455
9456
9457
9458
9459
9460
9461
9462
9463
9464
9465
9466
9467
9468
9469
9470
9471
9472
9473
9474
9475
9476
9477
9478
9479
9480
9481
9482
9483
9484
9485
9486
9487
9488
9489
9490
9491
9492
9493
9494
9495
9496
9497
9498
9499
9500
9501
9502
9503
9504
9505
9506
9507
9508
9509
9510
9511
9512
9513
9514
9515
9516
9517
9518
9519
9520
9521
9522
9523
9524
9525
9526
9527
9528
9529
9530
9531
9532
9533
9534
9535
9536
9537
9538
9539
9540
9541
9542
9543
9544
9545
9546
9547
9548
9549
9550
9551
9552
9553
9554
9555
9556
9557
9558
9559
9560
9561
9562
9563
9564
9565
9566
9567
9568
9569
9570
9571
9572
9573
9574
9575
9576
9577
9578
9579
9580
9581
9582
9583
9584
9585
9586
9587
9588
9589
9590
9591
9592
9593
9594
9595
9596
9597
9598
9599
9600
9601
9602
9603
9604
9605
9606
9607
9608
9609
9610
9611
9612
9613
9614
9615
9616
9617
9618
9619
9620
9621
9622
9623
9624
9625
9626
9627
9628
9629
9630
9631
9632
9633
9634
9635
9636
9637
9638
9639
9640
9641
9642
9643
9644
9645
9646
9647
9648
9649
9650
9651
9652
9653
9654
9655
9656
9657
9658
9659
9660
9661
9662
9663
9664
9665
9666
9667
9668
9669
9670
9671
9672
9673
9674
9675
9676
9677
9678
9679
9680
9681
9682
9683
9684
9685
9686
9687
9688
9689
9690
9691
9692
9693
9694
9695
9696
9697
9698
9699
9700
9701
9702
9703
9704
9705
9706
9707
9708
9709
9710
9711
9712
9713
9714
9715
9716
9717
9718
9719
9720
9721
9722
9723
9724
9725
9726
9727
9728
9729
9730
9731
9732
9733
9734
9735
9736
9737
9738
9739
9740
9741
9742
9743
9744
9745
9746
9747
9748
9749
9750
9751
9752
9753
9754
9755
9756
9757
9758
9759
9760
9761
9762
9763
9764
9765
9766
9767
9768
9769
9770
9771
9772
9773
9774
9775
9776
9777
9778
9779
9780
9781
9782
9783
9784
9785
9786
9787
9788
9789
9790
9791
9792
9793
9794
9795
9796
9797
9798
9799
9800
9801
9802
9803
9804
9805
9806
9807
9808
9809
9810
9811
9812
9813
9814
9815
9816
9817
9818
9819
9820
9821
9822
9823
9824
9825
9826
9827
9828
9829
9830
9831
9832
9833
9834
9835
9836
9837
9838
9839
9840
9841
9842
9843
9844
9845
9846
9847
9848
9849
9850
9851
9852
9853
9854
9855
9856
9857
9858
9859
9860
9861
9862
9863
9864
9865
9866
9867
9868
9869
9870
9871
9872
9873
9874
9875
9876
9877
9878
9879
9880
9881
9882
9883
9884
9885
9886
9887
9888
9889
9890
9891
9892
9893
9894
9895
9896
9897
9898
9899
9900
9901
9902
9903
9904
9905
9906
9907
9908
9909
9910
9911
9912
9913
9914
9915
9916
9917
9918
9919
9920
9921
9922
9923
9924
9925
9926
9927
9928
9929
9930
9931
9932
9933
9934
9935
9936
9937
9938
9939
9940
9941
9942
9943
9944
9945
9946
9947
9948
9949
9950
9951
9952
9953
9954
9955
9956
9957
9958
9959
9960
9961
9962
9963
9964
9965
9966
9967
9968
9969
9970
9971
9972
9973
9974
9975
9976
9977
9978
9979
9980
9981
9982
9983
9984
9985
9986
9987
9988
9989
9990
9991
9992
9993
9994
9995
9996
9997
9998
9999
10000
10001
10002
10003
10004
10005
10006
10007
10008
10009
10010
10011
10012
10013
10014
10015
10016
10017
10018
10019
10020
10021
10022
10023
10024
10025
10026
10027
10028
10029
10030
10031
10032
10033
10034
10035
10036
10037
10038
10039
10040
10041
10042
10043
10044
10045
10046
10047
10048
10049
10050
10051
10052
10053
10054
10055
10056
10057
10058
10059
10060
10061
10062
10063
10064
10065
10066
10067
10068
10069
10070
10071
10072
10073
10074
10075
10076
10077
10078
10079
10080
10081
10082
10083
10084
10085
10086
10087
10088
10089
10090
10091
10092
10093
10094
10095
10096
10097
10098
10099
10100
10101
10102
10103
10104
10105
10106
10107
10108
10109
10110
10111
10112
10113
10114
10115
10116
10117
10118
10119
10120
10121
10122
10123
10124
10125
10126
10127
10128
10129
10130
10131
10132
10133
10134
10135
10136
10137
10138
10139
10140
10141
10142
10143
10144
10145
10146
10147
10148
10149
10150
10151
10152
10153
10154
10155
10156
10157
10158
10159
10160
10161
10162
10163
10164
10165
10166
10167
10168
10169
10170
10171
10172
10173
10174
10175
10176
10177
10178
10179
10180
10181
10182
10183
10184
10185
10186
10187
10188
10189
10190
10191
10192
10193
10194
10195
10196
10197
10198
10199
10200
10201
10202
10203
10204
10205
10206
10207
10208
10209
10210
10211
10212
10213
10214
10215
10216
10217
10218
10219
10220
10221
10222
10223
10224
10225
10226
10227
10228
10229
10230
10231
10232
10233
10234
10235
10236
10237
10238
10239
10240
10241
10242
10243
10244
10245
10246
10247
10248
10249
10250
10251
10252
10253
10254
10255
10256
10257
10258
10259
10260
10261
10262
10263
10264
10265
10266
10267
10268
10269
10270
10271
10272
10273
10274
10275
10276
10277
10278
10279
10280
10281
10282
10283
10284
10285
10286
10287
10288
10289
10290
10291
10292
10293
10294
10295
10296
10297
10298
10299
10300
10301
10302
10303
10304
10305
10306
10307
10308
10309
10310
10311
10312
10313
10314
10315
10316
10317
10318
10319
10320
10321
10322
10323
10324
10325
10326
10327
10328
10329
10330
10331
10332
10333
10334
10335
10336
10337
10338
10339
10340
10341
10342
10343
10344
10345
10346
10347
10348
10349
10350
10351
10352
10353
10354
10355
10356
10357
10358
10359
10360
10361
10362
10363
10364
10365
10366
10367
10368
10369
10370
10371
10372
10373
10374
10375
10376
10377
10378
10379
10380
10381
10382
10383
10384
10385
10386
10387
10388
10389
10390
10391
10392
10393
10394
10395
10396
10397
10398
10399
10400
10401
10402
10403
10404
10405
10406
10407
10408
10409
10410
10411
10412
10413
10414
10415
10416
10417
10418
10419
10420
10421
10422
10423
10424
10425
10426
10427
10428
10429
10430
10431
10432
10433
10434
10435
10436
10437
10438
10439
10440
10441
10442
10443
10444
10445
10446
10447
10448
10449
10450
10451
10452
10453
10454
10455
10456
10457
10458
10459
10460
10461
10462
10463
10464
10465
10466
10467
10468
10469
10470
10471
10472
10473
10474
10475
10476
10477
10478
10479
10480
10481
10482
10483
10484
10485
10486
10487
10488
10489
10490
10491
10492
10493
10494
10495
10496
10497
10498
10499
10500
10501
10502
10503
10504
10505
10506
10507
10508
10509
10510
10511
10512
10513
10514
10515
10516
10517
10518
10519
10520
10521
10522
10523
10524
10525
10526
10527
10528
10529
10530
10531
10532
10533
10534
10535
10536
10537
10538
10539
10540
10541
10542
10543
10544
10545
10546
10547
10548
10549
10550
10551
10552
10553
10554
10555
10556
10557
10558
10559
10560
10561
10562
10563
10564
10565
10566
10567
10568
10569
10570
10571
10572
10573
10574
10575
10576
10577
10578
10579
10580
10581
10582
10583
10584
10585
10586
10587
10588
10589
10590
10591
10592
10593
10594
10595
10596
10597
10598
10599
10600
10601
10602
10603
10604
10605
10606
10607
10608
10609
10610
10611
10612
10613
10614
10615
10616
10617
10618
10619
10620
10621
10622
10623
10624
10625
10626
10627
10628
10629
10630
10631
10632
10633
10634
10635
10636
10637
10638
10639
10640
10641
10642
10643
10644
10645
10646
10647
10648
10649
10650
10651
10652
10653
10654
10655
10656
10657
10658
10659
10660
10661
10662
10663
10664
10665
10666
10667
10668
10669
10670
10671
10672
10673
10674
10675
10676
10677
10678
10679
10680
10681
10682
10683
10684
10685
10686
10687
10688
10689
10690
10691
10692
10693
10694
10695
10696
10697
10698
10699
10700
10701
10702
10703
10704
10705
10706
10707
10708
10709
10710
10711
10712
10713
10714
10715
10716
10717
10718
10719
10720
10721
10722
10723
10724
10725
10726
10727
10728
10729
10730
10731
10732
10733
10734
10735
10736
10737
10738
10739
10740
10741
10742
10743
10744
10745
10746
10747
10748
10749
10750
10751
10752
10753
10754
10755
10756
10757
10758
10759
10760
10761
10762
10763
10764
10765
10766
10767
10768
10769
10770
10771
10772
10773
10774
10775
10776
10777
10778
10779
10780
10781
10782
10783
10784
10785
10786
10787
10788
10789
10790
10791
10792
10793
10794
10795
10796
10797
10798
10799
10800
10801
10802
10803
10804
10805
10806
10807
10808
10809
10810
10811
10812
10813
10814
10815
10816
10817
10818
10819
10820
10821
10822
10823
10824
10825
10826
10827
10828
10829
10830
10831
10832
10833
10834
10835
10836
10837
10838
10839
10840
10841
10842
10843
10844
10845
10846
10847
10848
10849
10850
10851
10852
10853
10854
10855
10856
10857
10858
10859
10860
10861
10862
10863
10864
10865
10866
10867
10868
10869
10870
10871
10872
10873
10874
10875
10876
10877
10878
10879
10880
10881
10882
10883
10884
10885
10886
10887
10888
10889
10890
10891
10892
10893
10894
10895
10896
10897
10898
10899
10900
10901
10902
10903
10904
10905
10906
10907
10908
10909
10910
10911
10912
10913
10914
10915
10916
10917
10918
10919
10920
10921
10922
10923
10924
10925
10926
10927
10928
10929
10930
10931
10932
10933
10934
10935
10936
10937
10938
10939
10940
10941
10942
10943
10944
10945
10946
10947
10948
10949
10950
10951
10952
10953
10954
10955
10956
10957
10958
10959
10960
10961
10962
10963
10964
10965
10966
10967
10968
10969
10970
10971
10972
10973
10974
10975
10976
10977
10978
10979
10980
10981
10982
10983
10984
10985
10986
10987
10988
10989
10990
10991
10992
10993
10994
10995
10996
10997
10998
10999
11000
11001
11002
11003
11004
11005
11006
11007
11008
11009
11010
11011
11012
11013
11014
11015
11016
11017
11018
11019
11020
11021
11022
11023
11024
11025
11026
11027
11028
11029
11030
11031
11032
11033
11034
11035
11036
11037
11038
11039
11040
11041
11042
11043
11044
11045
11046
11047
11048
11049
11050
11051
11052
11053
11054
11055
11056
11057
11058
11059
11060
11061
11062
11063
11064
11065
11066
11067
11068
11069
11070
11071
11072
11073
11074
11075
11076
11077
11078
11079
11080
11081
11082
11083
11084
11085
11086
11087
11088
11089
11090
11091
11092
11093
11094
11095
11096
11097
11098
11099
11100
11101
11102
11103
11104
11105
11106
11107
11108
11109
11110
11111
11112
11113
11114
11115
11116
11117
11118
11119
11120
11121
11122
11123
11124
11125
11126
11127
11128
11129
11130
11131
11132
11133
11134
11135
11136
11137
11138
11139
11140
11141
11142
11143
11144
11145
11146
11147
11148
11149
11150
11151
11152
11153
11154
11155
11156
11157
11158
11159
11160
11161
11162
11163
11164
11165
11166
11167
11168
11169
11170
11171
11172
11173
11174
11175
11176
11177
11178
11179
11180
11181
11182
11183
11184
11185
11186
11187
11188
11189
11190
11191
11192
11193
11194
11195
11196
11197
11198
11199
11200
11201
11202
11203
11204
11205
11206
11207
11208
11209
11210
11211
11212
11213
11214
11215
11216
11217
11218
11219
11220
11221
11222
11223
11224
11225
11226
11227
11228
11229
11230
11231
11232
11233
11234
11235
11236
11237
11238
11239
11240
11241
11242
11243
11244
11245
11246
11247
11248
11249
11250
11251
11252
11253
11254
11255
11256
11257
11258
11259
11260
11261
11262
11263
11264
11265
11266
11267
11268
11269
11270
11271
11272
11273
11274
11275
11276
11277
11278
11279
11280
11281
11282
11283
11284
11285
11286
11287
11288
11289
11290
11291
11292
11293
11294
11295
11296
11297
11298
11299
11300
11301
11302
11303
11304
11305
11306
11307
11308
11309
11310
11311
11312
11313
11314
11315
11316
11317
11318
11319
11320
11321
11322
11323
11324
11325
11326
11327
11328
11329
11330
11331
11332
11333
11334
11335
11336
11337
11338
11339
11340
11341
11342
11343
11344
11345
11346
11347
11348
11349
11350
11351
11352
11353
11354
11355
11356
11357
11358
11359
11360
11361
11362
11363
11364
11365
11366
11367
11368
11369
11370
11371
11372
11373
11374
11375
11376
11377
11378
11379
11380
11381
11382
11383
11384
11385
11386
11387
11388
11389
11390
11391
11392
11393
11394
11395
11396
11397
11398
11399
11400
11401
11402
11403
11404
11405
11406
11407
11408
11409
11410
11411
11412
11413
11414
11415
11416
11417
11418
11419
11420
11421
11422
11423
11424
11425
11426
11427
11428
11429
11430
11431
11432
11433
11434
11435
11436
11437
11438
11439
11440
11441
11442
11443
11444
11445
11446
11447
11448
11449
11450
11451
11452
11453
11454
11455
11456
11457
11458
11459
11460
11461
11462
11463
11464
11465
11466
11467
11468
11469
11470
11471
11472
11473
11474
11475
11476
11477
11478
11479
11480
11481
11482
11483
11484
11485
11486
11487
11488
11489
11490
11491
11492
11493
11494
11495
11496
11497
11498
11499
11500
11501
11502
11503
11504
11505
11506
11507
11508
11509
11510
11511
11512
11513
11514
11515
11516
11517
11518
11519
11520
11521
11522
11523
11524
11525
11526
11527
11528
11529
11530
11531
11532
11533
11534
11535
11536
11537
11538
11539
11540
11541
11542
11543
11544
11545
11546
11547
11548
11549
11550
11551
11552
11553
11554
11555
11556
11557
11558
11559
11560
11561
11562
11563
11564
11565
11566
11567
11568
11569
11570
11571
11572
11573
11574
11575
11576
11577
11578
11579
11580
11581
11582
11583
11584
11585
11586
11587
11588
11589
11590
11591
11592
11593
11594
11595
11596
11597
11598
11599
11600
11601
11602
11603
11604
11605
11606
11607
11608
11609
11610
11611
11612
11613
11614
11615
11616
11617
11618
11619
11620
11621
11622
11623
11624
11625
11626
11627
11628
11629
11630
11631
11632
11633
11634
11635
11636
11637
11638
11639
11640
11641
11642
11643
11644
11645
11646
11647
11648
11649
11650
11651
11652
11653
11654
11655
11656
11657
11658
11659
11660
11661
11662
11663
11664
11665
11666
11667
11668
11669
11670
11671
11672
11673
11674
11675
11676
11677
11678
11679
11680
11681
11682
11683
11684
11685
11686
11687
11688
11689
11690
11691
11692
11693
11694
11695
11696
11697
11698
11699
11700
11701
11702
11703
11704
11705
11706
11707
11708
11709
11710
11711
11712
11713
11714
11715
11716
11717
11718
11719
11720
11721
11722
11723
11724
11725
11726
11727
11728
11729
11730
11731
11732
11733
11734
11735
11736
11737
11738
11739
11740
11741
11742
11743
11744
11745
11746
11747
11748
11749
11750
11751
11752
11753
11754
11755
11756
11757
11758
11759
11760
11761
11762
11763
11764
11765
11766
11767
11768
11769
11770
11771
11772
11773
11774
11775
11776
11777
11778
11779
11780
11781
11782
11783
11784
11785
11786
11787
11788
11789
11790
11791
11792
11793
11794
11795
11796
11797
11798
11799
11800
11801
11802
11803
11804
11805
11806
11807
11808
11809
11810
11811
11812
11813
11814
11815
11816
11817
11818
11819
11820
11821
11822
11823
11824
11825
11826
11827
11828
11829
11830
11831
11832
11833
11834
11835
11836
11837
11838
11839
11840
11841
11842
11843
11844
11845
11846
11847
11848
11849
11850
11851
11852
11853
11854
11855
11856
11857
11858
11859
11860
11861
11862
11863
11864
11865
11866
11867
11868
11869
11870
11871
11872
11873
11874
11875
11876
11877
11878
11879
11880
11881
11882
11883
11884
11885
11886
11887
11888
11889
11890
11891
11892
11893
11894
11895
11896
11897
11898
11899
11900
11901
11902
11903
11904
11905
11906
11907
11908
11909
11910
11911
11912
11913
11914
11915
11916
11917
11918
11919
11920
11921
11922
11923
11924
11925
11926
11927
11928
11929
11930
11931
11932
11933
11934
11935
11936
11937
11938
11939
11940
11941
11942
11943
11944
11945
11946
11947
11948
11949
11950
11951
11952
11953
11954
11955
11956
11957
11958
11959
11960
11961
11962
11963
11964
11965
11966
11967
11968
11969
11970
11971
11972
11973
11974
11975
11976
11977
11978
11979
11980
11981
11982
11983
11984
11985
11986
11987
11988
11989
11990
11991
11992
11993
11994
11995
11996
11997
11998
11999
12000
12001
12002
12003
12004
12005
12006
12007
12008
12009
12010
12011
12012
12013
12014
12015
12016
12017
12018
12019
12020
12021
12022
12023
12024
12025
12026
12027
12028
12029
12030
12031
12032
12033
12034
12035
12036
12037
12038
12039
12040
12041
12042
12043
12044
12045
12046
12047
12048
12049
12050
12051
12052
12053
12054
12055
12056
12057
12058
12059
12060
12061
12062
12063
12064
12065
12066
12067
12068
12069
12070
12071
12072
12073
12074
12075
12076
12077
12078
12079
12080
12081
12082
12083
12084
12085
12086
12087
12088
12089
12090
12091
12092
12093
12094
12095
12096
12097
12098
12099
12100
12101
12102
12103
12104
12105
12106
12107
12108
12109
12110
12111
12112
12113
12114
12115
12116
12117
12118
12119
12120
12121
12122
12123
12124
12125
12126
12127
12128
12129
12130
12131
12132
12133
12134
12135
12136
12137
12138
12139
12140
12141
12142
12143
12144
12145
12146
12147
12148
12149
12150
12151
12152
12153
12154
12155
12156
12157
12158
12159
12160
12161
12162
12163
12164
12165
12166
12167
12168
12169
12170
12171
12172
12173
12174
12175
12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
12216
12217
12218
12219
12220
12221
12222
12223
12224
12225
12226
12227
12228
12229
12230
12231
12232
12233
12234
12235
12236
12237
12238
12239
12240
12241
12242
12243
12244
12245
12246
12247
12248
12249
12250
12251
12252
12253
12254
12255
12256
12257
12258
12259
12260
12261
12262
12263
12264
12265
12266
12267
12268
12269
12270
12271
12272
12273
12274
12275
12276
12277
12278
12279
12280
12281
12282
12283
12284
12285
12286
12287
12288
12289
12290
12291
12292
12293
12294
12295
12296
12297
12298
12299
12300
12301
12302
12303
12304
12305
12306
12307
12308
12309
12310
12311
12312
12313
12314
12315
12316
12317
12318
12319
12320
12321
12322
12323
12324
12325
12326
12327
12328
12329
12330
12331
12332
12333
12334
12335
12336
12337
12338
12339
12340
12341
12342
12343
12344
12345
12346
12347
12348
12349
12350
12351
12352
12353
12354
12355
12356
12357
12358
12359
12360
12361
12362
12363
12364
12365
12366
12367
12368
12369
12370
12371
12372
12373
12374
12375
12376
12377
12378
12379
12380
12381
12382
12383
12384
12385
12386
12387
12388
12389
12390
12391
12392
12393
12394
12395
12396
12397
12398
12399
12400
12401
12402
12403
12404
12405
12406
12407
12408
12409
12410
12411
12412
12413
12414
12415
12416
12417
12418
12419
12420
12421
12422
12423
12424
12425
12426
12427
12428
12429
12430
12431
12432
12433
12434
12435
12436
12437
12438
12439
12440
12441
12442
12443
12444
12445
12446
12447
12448
12449
12450
12451
12452
12453
12454
12455
12456
12457
12458
12459
12460
12461
12462
12463
12464
12465
12466
12467
12468
12469
12470
12471
12472
12473
12474
12475
12476
12477
12478
12479
12480
12481
12482
12483
12484
12485
12486
12487
12488
12489
12490
12491
12492
12493
12494
12495
12496
12497
12498
12499
12500
12501
12502
12503
12504
12505
12506
12507
12508
12509
12510
12511
12512
12513
12514
12515
12516
12517
12518
12519
12520
12521
12522
12523
12524
12525
12526
12527
12528
12529
12530
12531
12532
12533
12534
12535
12536
12537
12538
12539
12540
12541
12542
12543
12544
12545
12546
12547
12548
12549
12550
12551
12552
12553
12554
12555
12556
12557
12558
12559
12560
12561
12562
12563
12564
12565
12566
12567
12568
12569
12570
12571
12572
12573
12574
12575
12576
12577
12578
12579
12580
12581
12582
12583
12584
12585
12586
12587
12588
12589
12590
12591
12592
12593
12594
12595
12596
12597
12598
12599
12600
12601
12602
12603
12604
12605
12606
12607
12608
12609
12610
12611
12612
12613
12614
12615
12616
12617
12618
12619
12620
12621
12622
12623
12624
12625
12626
12627
12628
12629
12630
12631
12632
12633
12634
12635
12636
12637
12638
12639
12640
12641
12642
12643
12644
12645
12646
12647
12648
12649
12650
12651
12652
12653
12654
12655
12656
12657
12658
12659
12660
12661
12662
12663
12664
12665
12666
12667
12668
12669
12670
12671
12672
12673
12674
12675
12676
12677
12678
12679
12680
12681
12682
12683
12684
12685
12686
12687
12688
12689
12690
12691
12692
12693
12694
12695
12696
12697
12698
12699
12700
12701
12702
12703
12704
12705
12706
12707
12708
12709
12710
12711
12712
12713
12714
12715
12716
12717
12718
12719
12720
12721
12722
12723
12724
12725
12726
12727
12728
12729
12730
12731
12732
12733
12734
12735
12736
12737
12738
12739
12740
12741
12742
12743
12744
12745
12746
12747
12748
12749
12750
12751
12752
12753
12754
12755
12756
12757
12758
12759
12760
12761
12762
12763
12764
12765
12766
12767
12768
12769
12770
12771
12772
12773
12774
12775
12776
12777
12778
12779
12780
12781
12782
12783
12784
12785
12786
12787
12788
12789
12790
12791
12792
12793
12794
12795
12796
12797
12798
12799
12800
12801
12802
12803
12804
12805
12806
12807
12808
12809
12810
12811
12812
12813
12814
12815
12816
12817
12818
12819
12820
12821
12822
12823
12824
12825
12826
12827
12828
12829
12830
12831
12832
12833
12834
12835
12836
12837
12838
12839
12840
12841
12842
12843
12844
12845
12846
12847
12848
12849
12850
12851
12852
12853
12854
12855
12856
12857
12858
12859
12860
12861
12862
12863
12864
12865
12866
12867
12868
12869
12870
12871
12872
12873
12874
12875
12876
12877
12878
12879
12880
12881
12882
12883
12884
12885
12886
12887
12888
12889
12890
12891
12892
12893
12894
12895
12896
12897
12898
12899
12900
12901
12902
12903
12904
12905
12906
12907
12908
12909
12910
12911
12912
12913
12914
12915
12916
12917
12918
12919
12920
12921
12922
12923
12924
12925
12926
12927
12928
12929
12930
12931
12932
12933
12934
12935
12936
12937
12938
12939
12940
12941
12942
12943
12944
12945
12946
12947
12948
12949
12950
12951
12952
12953
12954
12955
12956
12957
12958
12959
12960
12961
12962
12963
12964
12965
12966
12967
12968
12969
12970
12971
12972
12973
12974
12975
12976
12977
12978
12979
12980
12981
12982
12983
12984
12985
12986
12987
12988
12989
12990
12991
12992
12993
12994
12995
12996
12997
12998
12999
13000
13001
13002
13003
13004
13005
13006
13007
13008
13009
13010
13011
13012
13013
13014
13015
13016
13017
13018
13019
13020
13021
13022
13023
13024
13025
13026
13027
13028
13029
13030
13031
13032
13033
13034
13035
13036
13037
13038
13039
13040
13041
13042
13043
13044
13045
13046
13047
13048
13049
13050
13051
13052
13053
13054
13055
13056
13057
13058
13059
13060
13061
13062
13063
13064
13065
13066
13067
13068
13069
13070
13071
13072
13073
13074
13075
13076
13077
13078
13079
13080
13081
13082
13083
13084
13085
13086
13087
13088
13089
13090
13091
13092
13093
13094
13095
13096
13097
13098
13099
13100
13101
13102
13103
13104
13105
13106
13107
13108
13109
13110
13111
13112
13113
13114
13115
13116
13117
13118
13119
13120
13121
13122
13123
13124
13125
13126
13127
13128
13129
13130
13131
13132
13133
13134
13135
13136
13137
13138
13139
13140
13141
13142
13143
13144
13145
13146
13147
13148
13149
13150
13151
13152
13153
13154
13155
13156
13157
13158
13159
13160
13161
13162
13163
13164
13165
13166
13167
13168
13169
13170
13171
13172
13173
13174
13175
13176
13177
13178
13179
13180
13181
13182
13183
13184
13185
13186
13187
13188
13189
13190
13191
13192
13193
13194
13195
13196
13197
13198
13199
13200
13201
13202
13203
13204
13205
13206
13207
13208
13209
13210
13211
13212
13213
13214
13215
13216
13217
13218
13219
13220
13221
13222
13223
13224
13225
13226
13227
13228
13229
13230
13231
13232
13233
13234
13235
13236
13237
13238
13239
13240
13241
13242
13243
13244
13245
13246
13247
13248
13249
13250
13251
13252
13253
13254
13255
13256
13257
13258
13259
13260
13261
13262
13263
13264
13265
13266
13267
13268
13269
13270
13271
13272
13273
13274
13275
13276
13277
13278
13279
13280
13281
13282
13283
13284
13285
13286
13287
13288
13289
13290
13291
13292
13293
13294
13295
13296
13297
13298
13299
13300
13301
13302
13303
13304
13305
13306
13307
13308
13309
13310
13311
13312
13313
13314
13315
13316
13317
13318
13319
13320
13321
13322
13323
13324
13325
13326
13327
13328
13329
13330
13331
13332
13333
13334
13335
13336
13337
13338
13339
13340
13341
13342
13343
13344
13345
13346
13347
13348
13349
13350
13351
13352
13353
13354
13355
13356
13357
13358
13359
13360
13361
13362
13363
13364
13365
13366
13367
13368
13369
13370
13371
13372
13373
13374
13375
13376
13377
13378
13379
13380
13381
13382
13383
13384
13385
13386
13387
13388
13389
13390
13391
13392
13393
13394
13395
13396
13397
13398
13399
13400
13401
13402
13403
13404
13405
13406
13407
13408
13409
13410
13411
13412
13413
13414
13415
13416
13417
13418
13419
13420
13421
13422
13423
13424
13425
13426
13427
13428
13429
13430
13431
13432
13433
13434
13435
13436
13437
13438
13439
13440
13441
13442
13443
13444
13445
13446
13447
13448
13449
13450
13451
13452
13453
13454
13455
13456
13457
13458
13459
13460
13461
13462
13463
13464
13465
13466
13467
13468
13469
13470
13471
13472
13473
13474
13475
13476
13477
13478
13479
13480
13481
13482
13483
13484
13485
13486
13487
13488
13489
13490
13491
13492
13493
13494
13495
13496
13497
13498
13499
13500
13501
13502
13503
13504
13505
13506
13507
13508
13509
13510
13511
13512
13513
13514
13515
13516
13517
13518
13519
13520
13521
13522
13523
13524
13525
13526
13527
13528
13529
13530
13531
13532
13533
13534
13535
13536
13537
13538
13539
13540
13541
13542
13543
13544
13545
13546
13547
13548
13549
13550
13551
13552
13553
13554
13555
13556
13557
13558
13559
13560
13561
13562
13563
13564
13565
13566
13567
13568
13569
13570
13571
13572
13573
13574
13575
13576
13577
13578
13579
13580
13581
13582
13583
13584
13585
13586
13587
13588
13589
13590
13591
13592
13593
13594
13595
13596
13597
13598
13599
13600
13601
13602
13603
13604
13605
13606
13607
13608
13609
13610
13611
13612
13613
13614
13615
13616
13617
13618
13619
13620
13621
13622
13623
13624
13625
13626
13627
13628
13629
13630
13631
13632
13633
13634
13635
13636
13637
13638
13639
13640
13641
13642
13643
13644
13645
13646
13647
13648
13649
13650
13651
13652
13653
13654
13655
13656
13657
13658
13659
13660
13661
13662
13663
13664
13665
13666
13667
13668
13669
13670
13671
13672
13673
13674
13675
13676
13677
13678
13679
13680
13681
13682
13683
13684
13685
13686
13687
13688
13689
13690
13691
13692
13693
13694
13695
13696
13697
13698
13699
13700
13701
13702
13703
13704
13705
13706
13707
13708
13709
13710
13711
13712
13713
13714
13715
13716
13717
13718
13719
13720
13721
13722
13723
13724
13725
13726
13727
13728
13729
13730
13731
13732
13733
13734
13735
13736
13737
13738
13739
13740
13741
13742
13743
13744
13745
13746
13747
13748
13749
13750
13751
13752
13753
13754
13755
13756
13757
13758
13759
13760
13761
13762
13763
13764
13765
13766
13767
13768
13769
13770
13771
13772
13773
13774
13775
13776
13777
13778
13779
13780
13781
13782
13783
13784
13785
13786
13787
13788
13789
13790
13791
13792
13793
13794
13795
13796
13797
13798
13799
13800
13801
13802
13803
13804
13805
13806
13807
13808
13809
13810
13811
13812
13813
13814
13815
13816
13817
13818
13819
13820
13821
13822
13823
13824
13825
13826
13827
13828
13829
13830
13831
13832
13833
13834
13835
13836
13837
13838
13839
13840
13841
13842
13843
13844
13845
13846
13847
13848
13849
13850
13851
13852
13853
13854
13855
13856
13857
13858
13859
13860
13861
13862
13863
13864
13865
13866
13867
13868
13869
13870
13871
13872
13873
13874
13875
13876
13877
13878
13879
13880
13881
13882
13883
13884
13885
13886
13887
13888
13889
13890
13891
13892
13893
13894
13895
13896
13897
13898
13899
13900
13901
13902
13903
13904
13905
13906
13907
13908
13909
13910
13911
13912
13913
13914
13915
13916
13917
13918
13919
13920
13921
13922
13923
13924
13925
13926
13927
13928
13929
13930
13931
13932
13933
13934
13935
13936
13937
13938
13939
13940
13941
13942
13943
13944
13945
13946
13947
13948
13949
13950
13951
13952
13953
13954
13955
13956
13957
13958
13959
13960
13961
13962
13963
13964
13965
13966
13967
13968
13969
13970
13971
13972
13973
13974
13975
13976
13977
13978
13979
13980
13981
13982
13983
13984
13985
13986
13987
13988
13989
13990
13991
13992
13993
13994
13995
13996
13997
13998
13999
14000
14001
14002
14003
14004
14005
14006
14007
14008
14009
14010
14011
14012
14013
14014
14015
14016
14017
14018
14019
14020
14021
14022
14023
14024
14025
14026
14027
14028
14029
14030
14031
14032
14033
14034
14035
14036
14037
14038
14039
14040
14041
14042
14043
14044
14045
14046
14047
14048
14049
14050
14051
14052
14053
14054
14055
14056
14057
14058
14059
14060
14061
14062
14063
14064
14065
14066
14067
14068
14069
14070
14071
14072
14073
14074
14075
14076
14077
14078
14079
14080
14081
14082
14083
14084
14085
14086
14087
14088
14089
14090
14091
14092
14093
14094
14095
14096
14097
14098
14099
14100
14101
14102
14103
14104
14105
14106
14107
14108
14109
14110
14111
14112
14113
14114
14115
14116
14117
14118
14119
14120
14121
14122
14123
14124
14125
14126
14127
14128
14129
14130
14131
14132
14133
14134
14135
14136
14137
14138
14139
14140
14141
14142
14143
14144
14145
14146
14147
14148
14149
14150
14151
14152
14153
14154
14155
14156
14157
14158
14159
14160
14161
14162
14163
14164
14165
14166
14167
14168
14169
14170
14171
14172
14173
14174
14175
14176
14177
14178
14179
14180
14181
14182
14183
14184
14185
14186
14187
14188
14189
14190
14191
14192
14193
14194
14195
14196
14197
14198
14199
14200
14201
14202
14203
14204
14205
14206
14207
14208
14209
14210
14211
14212
14213
14214
14215
14216
14217
14218
14219
14220
14221
14222
14223
14224
14225
14226
14227
14228
14229
14230
14231
14232
14233
14234
14235
14236
14237
14238
14239
14240
14241
14242
14243
14244
14245
14246
14247
14248
14249
14250
14251
14252
14253
14254
14255
14256
14257
14258
14259
14260
14261
14262
14263
14264
14265
14266
14267
14268
14269
14270
14271
14272
14273
14274
14275
14276
14277
14278
14279
14280
14281
14282
14283
14284
14285
14286
14287
14288
14289
14290
14291
14292
14293
14294
14295
14296
14297
14298
14299
14300
14301
14302
14303
14304
14305
14306
14307
14308
14309
14310
14311
14312
14313
14314
14315
14316
14317
14318
14319
14320
14321
14322
14323
14324
14325
14326
14327
14328
14329
14330
14331
14332
14333
14334
14335
14336
14337
14338
14339
14340
14341
14342
14343
14344
14345
14346
14347
14348
14349
14350
14351
14352
14353
14354
14355
14356
14357
14358
14359
14360
14361
14362
14363
14364
14365
14366
14367
14368
14369
14370
14371
14372
14373
14374
14375
14376
14377
14378
14379
14380
14381
14382
14383
14384
14385
14386
14387
14388
14389
14390
14391
14392
14393
14394
14395
14396
14397
14398
14399
14400
14401
14402
14403
14404
14405
14406
14407
14408
14409
14410
14411
14412
14413
14414
14415
14416
14417
14418
14419
14420
14421
14422
14423
14424
14425
14426
14427
14428
14429
14430
14431
14432
14433
14434
14435
14436
14437
14438
14439
14440
14441
14442
14443
14444
14445
14446
14447
14448
14449
14450
14451
14452
14453
14454
14455
14456
14457
14458
14459
14460
14461
14462
14463
14464
14465
14466
14467
14468
14469
14470
14471
14472
14473
14474
14475
14476
14477
14478
14479
14480
14481
14482
14483
14484
14485
14486
14487
14488
14489
14490
14491
14492
14493
14494
14495
14496
14497
14498
14499
14500
14501
14502
14503
14504
14505
14506
14507
14508
14509
14510
14511
14512
14513
14514
14515
14516
14517
14518
14519
14520
14521
14522
14523
14524
14525
14526
14527
14528
14529
14530
14531
14532
14533
14534
14535
14536
14537
14538
14539
14540
14541
14542
14543
14544
14545
14546
14547
14548
14549
14550
14551
14552
14553
14554
14555
14556
14557
14558
14559
14560
14561
14562
14563
14564
14565
14566
14567
14568
14569
14570
14571
14572
14573
14574
14575
14576
14577
14578
14579
14580
14581
14582
14583
14584
14585
14586
14587
14588
14589
14590
14591
14592
14593
14594
14595
14596
14597
14598
14599
14600
14601
14602
14603
14604
14605
14606
14607
14608
14609
14610
14611
14612
14613
14614
14615
14616
14617
14618
14619
14620
14621
14622
14623
14624
14625
14626
14627
14628
14629
14630
14631
14632
14633
14634
14635
14636
14637
14638
14639
14640
14641
14642
14643
14644
14645
14646
14647
14648
14649
14650
14651
14652
14653
14654
14655
14656
14657
14658
14659
14660
14661
14662
14663
14664
14665
14666
14667
14668
14669
14670
14671
14672
14673
14674
14675
14676
14677
14678
14679
14680
14681
14682
14683
14684
14685
14686
14687
14688
14689
14690
14691
14692
14693
14694
14695
14696
14697
14698
14699
14700
14701
14702
14703
14704
14705
14706
14707
14708
14709
14710
14711
14712
14713
14714
14715
14716
14717
14718
14719
14720
14721
14722
14723
14724
14725
14726
14727
14728
14729
14730
14731
14732
14733
14734
14735
14736
14737
14738
14739
14740
14741
14742
14743
14744
14745
14746
14747
14748
14749
14750
14751
14752
14753
14754
14755
14756
14757
14758
14759
14760
14761
14762
14763
14764
14765
14766
14767
14768
14769
14770
14771
14772
14773
14774
14775
14776
14777
14778
14779
14780
14781
14782
14783
14784
14785
14786
14787
14788
14789
14790
14791
14792
14793
14794
14795
14796
14797
14798
14799
14800
14801
14802
14803
14804
14805
14806
14807
14808
14809
14810
14811
14812
14813
14814
14815
14816
14817
14818
14819
14820
14821
14822
14823
14824
14825
14826
14827
14828
14829
14830
14831
14832
14833
14834
14835
14836
14837
14838
14839
14840
14841
14842
14843
14844
14845
14846
14847
14848
14849
14850
14851
14852
14853
14854
14855
14856
14857
14858
14859
14860
14861
14862
14863
14864
14865
14866
14867
14868
14869
14870
14871
14872
14873
14874
14875
14876
14877
14878
14879
14880
14881
14882
14883
14884
14885
14886
14887
14888
14889
14890
14891
14892
14893
14894
14895
14896
14897
14898
14899
14900
14901
14902
14903
14904
14905
14906
14907
14908
14909
14910
14911
14912
14913
14914
14915
14916
14917
14918
14919
14920
14921
14922
14923
14924
14925
14926
14927
14928
14929
14930
14931
14932
14933
14934
14935
14936
14937
14938
14939
14940
14941
14942
14943
14944
14945
14946
14947
14948
14949
14950
14951
14952
14953
14954
14955
14956
14957
14958
14959
14960
14961
14962
14963
14964
14965
14966
14967
14968
14969
14970
14971
14972
14973
14974
14975
14976
14977
14978
14979
14980
14981
14982
14983
14984
14985
14986
14987
14988
14989
14990
14991
14992
14993
14994
14995
14996
14997
14998
14999
15000
15001
15002
15003
15004
15005
15006
15007
15008
15009
15010
15011
15012
15013
15014
15015
15016
15017
15018
15019
15020
15021
15022
15023
15024
15025
15026
15027
15028
15029
15030
15031
15032
15033
15034
15035
15036
15037
15038
15039
15040
15041
15042
15043
15044
15045
15046
15047
15048
15049
15050
15051
15052
15053
15054
15055
15056
15057
15058
15059
15060
15061
15062
15063
15064
15065
15066
15067
15068
15069
15070
15071
15072
15073
15074
15075
15076
15077
15078
15079
15080
15081
15082
15083
15084
15085
15086
15087
15088
15089
15090
15091
15092
15093
15094
15095
15096
15097
15098
15099
15100
15101
15102
15103
15104
15105
15106
15107
15108
15109
15110
15111
15112
15113
15114
15115
15116
15117
15118
15119
15120
15121
15122
15123
15124
15125
15126
15127
15128
15129
15130
15131
15132
15133
15134
15135
15136
15137
15138
15139
15140
15141
15142
15143
15144
15145
15146
15147
15148
15149
15150
15151
15152
15153
15154
15155
15156
15157
15158
15159
15160
15161
15162
15163
15164
15165
15166
15167
15168
15169
15170
15171
15172
15173
15174
15175
15176
15177
15178
15179
15180
15181
15182
15183
15184
15185
15186
15187
15188
15189
15190
15191
15192
15193
15194
15195
15196
15197
15198
15199
15200
15201
15202
15203
15204
15205
15206
15207
15208
15209
15210
15211
15212
15213
15214
15215
15216
15217
15218
15219
15220
15221
15222
15223
15224
15225
15226
15227
15228
15229
15230
15231
15232
15233
15234
15235
15236
15237
15238
15239
15240
15241
15242
15243
15244
15245
15246
15247
15248
15249
15250
15251
15252
15253
15254
15255
15256
15257
15258
15259
15260
15261
15262
15263
15264
15265
15266
15267
15268
15269
15270
15271
15272
15273
15274
15275
15276
15277
15278
15279
15280
15281
15282
15283
15284
15285
15286
15287
15288
15289
15290
15291
15292
15293
15294
15295
15296
15297
15298
15299
15300
15301
15302
15303
15304
15305
15306
15307
15308
15309
15310
15311
15312
15313
15314
15315
15316
15317
15318
15319
15320
15321
15322
15323
15324
15325
15326
15327
15328
15329
15330
15331
15332
15333
15334
15335
15336
15337
15338
15339
15340
15341
15342
15343
15344
15345
15346
15347
15348
15349
15350
15351
15352
15353
15354
15355
15356
15357
15358
15359
15360
15361
15362
15363
15364
15365
15366
15367
15368
15369
15370
15371
15372
15373
15374
15375
15376
15377
15378
15379
15380
15381
15382
15383
15384
15385
15386
15387
15388
15389
15390
15391
15392
15393
15394
15395
15396
15397
15398
15399
15400
15401
15402
15403
15404
15405
15406
15407
15408
15409
15410
15411
15412
15413
15414
15415
15416
15417
15418
15419
15420
15421
15422
15423
15424
15425
15426
15427
15428
15429
15430
15431
15432
15433
15434
15435
15436
15437
15438
15439
15440
15441
15442
15443
15444
15445
15446
15447
15448
15449
15450
15451
15452
15453
15454
15455
15456
15457
15458
15459
15460
15461
15462
15463
15464
15465
15466
15467
15468
15469
15470
15471
15472
15473
15474
15475
15476
15477
15478
15479
15480
15481
15482
15483
15484
15485
15486
15487
15488
15489
15490
15491
15492
15493
15494
15495
15496
15497
15498
15499
15500
15501
15502
15503
15504
15505
15506
15507
15508
15509
15510
15511
15512
15513
15514
15515
15516
15517
15518
15519
15520
15521
15522
15523
15524
15525
15526
15527
15528
15529
15530
15531
15532
15533
15534
15535
15536
15537
15538
15539
15540
15541
15542
15543
15544
15545
15546
15547
15548
15549
15550
15551
15552
15553
15554
15555
15556
15557
15558
15559
15560
15561
15562
15563
15564
15565
15566
15567
15568
15569
15570
15571
15572
15573
15574
15575
15576
15577
15578
15579
15580
15581
15582
15583
15584
15585
15586
15587
15588
15589
15590
15591
15592
15593
15594
15595
15596
15597
15598
15599
15600
15601
15602
15603
15604
15605
15606
15607
15608
15609
15610
15611
15612
15613
15614
15615
15616
15617
15618
15619
15620
15621
15622
15623
15624
15625
15626
15627
15628
15629
15630
15631
15632
15633
15634
15635
15636
15637
15638
15639
15640
15641
15642
15643
15644
15645
15646
15647
15648
15649
15650
15651
15652
15653
15654
15655
15656
15657
15658
15659
15660
15661
15662
15663
15664
15665
15666
15667
15668
15669
15670
15671
15672
15673
15674
15675
15676
15677
15678
15679
15680
15681
15682
15683
15684
15685
15686
15687
15688
15689
15690
15691
15692
15693
15694
15695
15696
15697
15698
15699
15700
15701
15702
15703
15704
15705
15706
15707
15708
15709
15710
15711
15712
15713
15714
15715
15716
15717
15718
15719
15720
15721
15722
15723
15724
15725
15726
15727
15728
15729
15730
15731
15732
15733
15734
15735
15736
15737
15738
15739
15740
15741
15742
15743
15744
15745
15746
15747
15748
15749
15750
15751
15752
15753
15754
15755
15756
15757
15758
15759
15760
15761
15762
15763
15764
15765
15766
15767
15768
15769
15770
15771
15772
15773
15774
15775
15776
15777
15778
15779
15780
15781
15782
15783
15784
15785
15786
15787
15788
15789
15790
15791
15792
15793
15794
15795
15796
15797
15798
15799
15800
15801
15802
15803
15804
15805
15806
15807
15808
15809
15810
15811
15812
15813
15814
15815
15816
15817
15818
15819
15820
15821
15822
15823
15824
15825
15826
15827
15828
15829
15830
15831
15832
15833
15834
15835
15836
15837
15838
15839
15840
15841
15842
15843
15844
15845
15846
15847
15848
15849
15850
15851
15852
15853
15854
15855
15856
15857
15858
15859
15860
15861
15862
15863
15864
15865
15866
15867
15868
15869
15870
15871
15872
15873
15874
15875
15876
15877
15878
15879
15880
15881
15882
15883
15884
15885
15886
15887
15888
15889
15890
15891
15892
15893
15894
15895
15896
15897
15898
15899
15900
15901
15902
15903
15904
15905
15906
15907
15908
15909
15910
15911
15912
15913
15914
15915
15916
15917
15918
15919
15920
15921
15922
15923
15924
15925
15926
15927
15928
15929
15930
15931
15932
15933
15934
15935
15936
15937
15938
15939
15940
15941
15942
15943
15944
15945
15946
15947
15948
15949
15950
15951
15952
15953
15954
15955
15956
15957
15958
15959
15960
15961
15962
15963
15964
15965
15966
15967
15968
15969
15970
15971
15972
15973
15974
15975
15976
15977
15978
15979
15980
15981
15982
15983
15984
15985
15986
15987
15988
15989
15990
15991
15992
15993
15994
15995
15996
15997
15998
15999
16000
16001
16002
16003
16004
16005
16006
16007
16008
16009
16010
16011
16012
16013
16014
16015
16016
16017
16018
16019
16020
16021
16022
16023
16024
16025
16026
16027
16028
16029
16030
16031
16032
16033
16034
16035
16036
16037
16038
16039
16040
16041
16042
16043
16044
16045
16046
16047
16048
16049
16050
16051
16052
16053
16054
16055
16056
16057
16058
16059
16060
16061
16062
16063
16064
16065
16066
16067
16068
16069
16070
16071
16072
16073
16074
16075
16076
16077
16078
16079
16080
16081
16082
16083
16084
16085
16086
16087
16088
16089
16090
16091
16092
16093
16094
16095
16096
16097
16098
16099
16100
16101
16102
16103
16104
16105
16106
16107
16108
16109
16110
16111
16112
16113
16114
16115
16116
16117
16118
16119
16120
16121
16122
16123
16124
16125
16126
16127
16128
16129
16130
16131
16132
16133
16134
16135
16136
16137
16138
16139
16140
16141
16142
16143
16144
16145
16146
16147
16148
16149
16150
16151
16152
16153
16154
16155
16156
16157
16158
16159
16160
16161
16162
16163
16164
16165
16166
16167
16168
16169
16170
16171
16172
16173
16174
16175
16176
16177
16178
16179
16180
16181
16182
16183
16184
16185
16186
16187
16188
16189
16190
16191
16192
16193
16194
16195
16196
16197
16198
16199
16200
16201
16202
16203
16204
16205
16206
16207
16208
16209
16210
16211
16212
16213
16214
16215
16216
16217
16218
16219
16220
16221
16222
16223
16224
16225
16226
16227
16228
16229
16230
16231
16232
16233
16234
16235
16236
16237
16238
16239
16240
16241
16242
16243
16244
16245
16246
16247
16248
16249
16250
16251
16252
16253
16254
16255
16256
16257
16258
16259
16260
16261
16262
16263
16264
16265
16266
16267
16268
16269
16270
16271
16272
16273
16274
16275
16276
16277
16278
16279
16280
16281
16282
16283
16284
16285
16286
16287
16288
16289
16290
16291
16292
16293
16294
16295
16296
16297
16298
16299
16300
16301
16302
16303
16304
16305
16306
16307
16308
16309
16310
16311
16312
16313
16314
16315
16316
16317
16318
16319
16320
16321
16322
16323
16324
16325
16326
16327
16328
16329
16330
16331
16332
16333
16334
16335
16336
16337
16338
16339
16340
16341
16342
16343
16344
16345
16346
16347
16348
16349
16350
16351
16352
16353
16354
16355
16356
16357
16358
16359
16360
16361
16362
16363
16364
16365
16366
16367
16368
16369
16370
16371
16372
16373
16374
16375
16376
16377
16378
16379
16380
16381
16382
16383
16384
16385
16386
16387
16388
16389
16390
16391
16392
16393
16394
16395
16396
16397
16398
16399
16400
16401
16402
16403
16404
16405
16406
16407
16408
16409
16410
16411
16412
16413
16414
16415
16416
16417
16418
16419
16420
16421
16422
16423
16424
16425
16426
16427
16428
16429
16430
16431
16432
16433
16434
16435
16436
16437
16438
16439
16440
16441
16442
16443
16444
16445
16446
16447
16448
16449
16450
16451
16452
16453
16454
16455
16456
16457
16458
16459
16460
16461
16462
16463
16464
16465
16466
16467
16468
16469
16470
16471
16472
16473
16474
16475
16476
16477
16478
16479
16480
16481
16482
16483
16484
16485
16486
16487
16488
16489
16490
16491
16492
16493
16494
16495
16496
16497
16498
16499
16500
16501
16502
16503
16504
16505
16506
16507
16508
16509
16510
16511
16512
16513
16514
16515
16516
16517
16518
16519
16520
16521
16522
16523
16524
16525
16526
16527
16528
16529
16530
16531
16532
16533
16534
16535
16536
16537
16538
16539
16540
16541
16542
16543
16544
16545
16546
16547
16548
16549
16550
16551
16552
16553
16554
16555
16556
16557
16558
16559
16560
16561
16562
16563
16564
16565
16566
16567
16568
16569
16570
16571
16572
16573
16574
16575
16576
16577
16578
16579
16580
16581
16582
16583
16584
16585
16586
16587
16588
16589
16590
16591
16592
16593
16594
16595
16596
16597
16598
16599
16600
16601
16602
16603
16604
16605
16606
16607
16608
16609
16610
16611
16612
16613
16614
16615
16616
16617
16618
16619
16620
16621
16622
16623
16624
16625
16626
16627
16628
16629
16630
16631
16632
16633
16634
16635
16636
16637
16638
16639
16640
16641
16642
16643
16644
16645
16646
16647
16648
16649
16650
16651
16652
16653
16654
16655
16656
16657
16658
16659
16660
16661
16662
16663
16664
16665
16666
16667
16668
16669
16670
16671
16672
16673
16674
16675
16676
16677
16678
16679
16680
16681
16682
16683
16684
16685
16686
16687
16688
16689
16690
16691
16692
16693
16694
16695
16696
16697
16698
16699
16700
16701
16702
16703
16704
16705
16706
16707
16708
16709
16710
16711
16712
16713
16714
16715
16716
16717
16718
16719
16720
16721
16722
16723
16724
16725
16726
16727
16728
16729
16730
16731
16732
16733
16734
16735
16736
16737
16738
16739
16740
16741
16742
16743
16744
16745
16746
16747
16748
16749
16750
16751
16752
16753
16754
16755
16756
16757
16758
16759
16760
16761
16762
16763
16764
16765
16766
16767
16768
16769
16770
16771
16772
16773
16774
16775
16776
16777
16778
16779
16780
16781
16782
16783
16784
16785
16786
16787
16788
16789
16790
16791
16792
16793
16794
16795
16796
16797
16798
16799
16800
16801
16802
16803
16804
16805
16806
16807
16808
16809
16810
16811
16812
16813
16814
16815
16816
16817
16818
16819
16820
16821
16822
16823
16824
16825
16826
16827
16828
16829
16830
16831
16832
16833
16834
16835
16836
16837
16838
16839
16840
16841
16842
16843
16844
16845
16846
16847
16848
16849
16850
16851
16852
16853
16854
16855
16856
16857
16858
16859
16860
16861
16862
16863
16864
16865
16866
16867
16868
16869
16870
16871
16872
16873
16874
16875
16876
16877
16878
16879
16880
16881
16882
16883
16884
16885
16886
16887
16888
16889
16890
16891
16892
16893
16894
16895
16896
16897
16898
16899
16900
16901
16902
16903
16904
16905
16906
16907
16908
16909
16910
16911
16912
16913
16914
16915
16916
16917
16918
16919
16920
16921
16922
16923
16924
16925
16926
16927
16928
16929
16930
16931
16932
16933
16934
16935
16936
16937
16938
16939
16940
16941
16942
16943
16944
16945
16946
16947
16948
16949
16950
16951
16952
16953
16954
16955
16956
16957
16958
16959
16960
16961
16962
16963
16964
16965
16966
16967
16968
16969
16970
16971
16972
16973
16974
16975
16976
16977
16978
16979
16980
16981
16982
16983
16984
16985
16986
16987
16988
16989
16990
16991
16992
16993
16994
16995
16996
16997
16998
16999
17000
17001
17002
17003
17004
17005
17006
17007
17008
17009
17010
17011
17012
17013
17014
17015
17016
17017
17018
17019
17020
17021
17022
17023
17024
17025
17026
17027
17028
17029
17030
17031
17032
17033
17034
17035
17036
17037
17038
17039
17040
17041
17042
17043
17044
17045
17046
17047
17048
17049
17050
17051
17052
17053
17054
17055
17056
17057
17058
17059
17060
17061
17062
17063
17064
17065
17066
17067
17068
17069
17070
17071
17072
17073
17074
17075
17076
17077
17078
17079
17080
17081
17082
17083
17084
17085
17086
17087
17088
17089
17090
17091
17092
17093
17094
17095
17096
17097
17098
17099
17100
17101
17102
17103
17104
17105
17106
17107
17108
17109
17110
17111
17112
17113
17114
17115
17116
17117
17118
17119
17120
17121
17122
17123
17124
17125
17126
17127
17128
17129
17130
17131
17132
17133
17134
17135
17136
17137
17138
17139
17140
17141
17142
17143
17144
17145
17146
17147
17148
17149
17150
17151
17152
17153
17154
17155
17156
17157
17158
17159
17160
17161
17162
17163
17164
17165
17166
17167
17168
17169
17170
17171
17172
17173
17174
17175
17176
17177
17178
17179
17180
17181
17182
17183
17184
17185
17186
17187
17188
17189
17190
17191
17192
17193
17194
17195
17196
17197
17198
17199
17200
17201
17202
17203
17204
17205
17206
17207
17208
17209
17210
17211
17212
17213
17214
17215
17216
17217
17218
17219
17220
17221
17222
17223
17224
17225
17226
17227
17228
17229
17230
17231
17232
17233
17234
17235
17236
17237
17238
17239
17240
17241
17242
17243
17244
17245
17246
17247
17248
17249
17250
17251
17252
17253
17254
17255
17256
17257
17258
17259
17260
17261
17262
17263
17264
17265
17266
17267
17268
17269
17270
17271
17272
17273
17274
17275
17276
17277
17278
17279
17280
17281
17282
17283
17284
17285
17286
17287
17288
17289
17290
17291
17292
17293
17294
17295
17296
17297
17298
17299
17300
17301
17302
17303
17304
17305
17306
17307
17308
17309
17310
17311
17312
17313
17314
17315
17316
17317
17318
17319
17320
17321
17322
17323
17324
17325
17326
17327
17328
17329
17330
17331
17332
17333
17334
17335
17336
17337
17338
17339
17340
17341
17342
17343
17344
17345
17346
17347
17348
17349
17350
17351
17352
17353
17354
17355
17356
17357
17358
17359
17360
17361
17362
17363
17364
17365
17366
17367
17368
17369
17370
17371
17372
17373
17374
17375
17376
17377
17378
17379
17380
17381
17382
17383
17384
17385
17386
17387
17388
17389
17390
17391
17392
17393
17394
17395
17396
17397
17398
17399
17400
17401
17402
17403
17404
17405
17406
17407
17408
17409
17410
17411
17412
17413
17414
17415
17416
17417
17418
17419
17420
17421
17422
17423
17424
17425
17426
17427
17428
17429
17430
17431
17432
17433
17434
17435
17436
17437
17438
17439
17440
17441
17442
17443
17444
17445
17446
17447
17448
17449
17450
17451
17452
17453
17454
17455
17456
17457
17458
17459
17460
17461
17462
17463
17464
17465
17466
17467
17468
17469
17470
17471
17472
17473
17474
17475
17476
17477
17478
17479
17480
17481
17482
17483
17484
17485
17486
17487
17488
17489
17490
17491
17492
17493
17494
17495
17496
17497
17498
17499
17500
17501
17502
17503
17504
17505
17506
17507
17508
17509
17510
17511
17512
17513
17514
17515
17516
17517
17518
17519
17520
17521
17522
17523
17524
17525
17526
17527
17528
17529
17530
17531
17532
17533
17534
17535
17536
17537
17538
17539
17540
17541
17542
17543
17544
17545
17546
17547
17548
17549
17550
17551
17552
17553
17554
17555
17556
17557
17558
17559
17560
17561
17562
17563
17564
17565
17566
17567
17568
17569
17570
17571
17572
17573
17574
17575
17576
17577
17578
17579
17580
17581
17582
17583
17584
17585
17586
17587
17588
17589
17590
17591
17592
17593
17594
17595
17596
17597
17598
17599
17600
17601
17602
17603
17604
17605
17606
17607
17608
17609
17610
17611
17612
17613
17614
17615
17616
17617
17618
17619
17620
17621
17622
17623
17624
17625
17626
17627
17628
17629
17630
17631
17632
17633
17634
17635
17636
17637
17638
17639
17640
17641
17642
17643
17644
17645
17646
17647
17648
17649
17650
17651
17652
17653
17654
17655
17656
17657
17658
17659
17660
17661
17662
17663
17664
17665
17666
17667
17668
17669
17670
17671
17672
17673
17674
17675
17676
17677
17678
17679
17680
17681
17682
17683
17684
17685
17686
17687
17688
17689
17690
17691
17692
17693
17694
17695
17696
17697
17698
17699
17700
17701
17702
17703
17704
17705
17706
17707
17708
17709
17710
17711
17712
17713
17714
17715
17716
17717
17718
17719
17720
17721
17722
17723
17724
17725
17726
17727
17728
17729
17730
17731
17732
17733
17734
17735
17736
17737
17738
17739
17740
17741
17742
17743
17744
17745
17746
17747
17748
17749
17750
17751
17752
17753
17754
17755
17756
17757
17758
17759
17760
17761
17762
17763
17764
17765
17766
17767
17768
17769
17770
17771
17772
17773
17774
17775
17776
17777
17778
17779
17780
17781
17782
17783
17784
17785
17786
17787
17788
17789
17790
17791
17792
17793
17794
17795
17796
17797
17798
17799
17800
17801
17802
17803
17804
17805
17806
17807
17808
17809
17810
17811
17812
17813
17814
17815
17816
17817
17818
17819
17820
17821
17822
17823
17824
17825
17826
17827
17828
17829
17830
17831
17832
17833
17834
17835
17836
17837
17838
17839
17840
17841
17842
17843
17844
17845
17846
17847
17848
17849
17850
17851
17852
17853
17854
17855
17856
17857
17858
17859
17860
17861
17862
17863
17864
17865
17866
17867
17868
17869
17870
17871
17872
17873
17874
17875
17876
17877
17878
17879
17880
17881
17882
17883
17884
17885
17886
17887
17888
17889
17890
17891
17892
17893
17894
17895
17896
17897
17898
17899
17900
17901
17902
17903
17904
17905
17906
17907
17908
17909
17910
17911
17912
17913
17914
17915
17916
17917
17918
17919
17920
17921
17922
17923
17924
17925
17926
17927
17928
17929
17930
17931
17932
17933
17934
17935
17936
17937
17938
17939
17940
17941
17942
17943
17944
17945
17946
17947
17948
17949
17950
17951
17952
17953
17954
17955
17956
17957
17958
17959
17960
17961
17962
17963
17964
17965
17966
17967
17968
17969
17970
17971
17972
17973
17974
17975
17976
17977
17978
17979
17980
17981
17982
17983
17984
17985
17986
17987
17988
17989
17990
17991
17992
17993
17994
17995
17996
17997
17998
17999
18000
18001
18002
18003
18004
18005
18006
18007
18008
18009
18010
18011
18012
18013
18014
18015
18016
18017
18018
18019
18020
18021
18022
18023
18024
18025
18026
18027
18028
18029
18030
18031
18032
18033
18034
18035
18036
18037
18038
18039
18040
18041
18042
18043
18044
18045
18046
18047
18048
18049
18050
18051
18052
18053
18054
18055
18056
18057
18058
18059
18060
18061
18062
18063
18064
18065
18066
18067
18068
18069
18070
18071
18072
18073
18074
18075
18076
18077
18078
18079
18080
18081
18082
18083
18084
18085
18086
18087
18088
18089
18090
18091
18092
18093
18094
18095
18096
18097
18098
18099
18100
18101
18102
18103
18104
18105
18106
18107
18108
18109
18110
18111
18112
18113
18114
18115
18116
18117
18118
18119
18120
18121
18122
18123
18124
18125
18126
18127
18128
18129
18130
18131
18132
18133
18134
18135
18136
18137
18138
18139
18140
18141
18142
18143
18144
18145
18146
18147
18148
18149
18150
18151
18152
18153
18154
18155
18156
18157
18158
18159
18160
18161
18162
18163
18164
18165
18166
18167
18168
18169
18170
18171
18172
18173
18174
18175
18176
18177
18178
18179
18180
18181
18182
18183
18184
18185
18186
18187
18188
18189
18190
18191
18192
18193
18194
18195
18196
18197
18198
18199
18200
18201
18202
18203
18204
18205
18206
18207
18208
18209
18210
18211
18212
18213
18214
18215
18216
18217
18218
18219
18220
18221
18222
18223
18224
18225
18226
18227
18228
18229
18230
18231
18232
18233
18234
18235
18236
18237
18238
18239
18240
18241
18242
18243
18244
18245
18246
18247
18248
18249
18250
18251
18252
18253
18254
18255
18256
18257
18258
18259
18260
18261
18262
18263
18264
18265
18266
18267
18268
18269
18270
18271
18272
18273
18274
18275
18276
18277
18278
18279
18280
18281
18282
18283
18284
18285
18286
18287
18288
18289
18290
18291
18292
18293
18294
18295
18296
18297
18298
18299
18300
18301
18302
18303
18304
18305
18306
18307
18308
18309
18310
18311
18312
18313
18314
18315
18316
18317
18318
18319
18320
18321
18322
18323
18324
18325
18326
18327
18328
18329
18330
18331
18332
18333
18334
18335
18336
18337
18338
18339
18340
18341
18342
18343
18344
18345
18346
18347
18348
18349
18350
18351
18352
18353
18354
18355
18356
18357
18358
18359
18360
18361
18362
18363
18364
18365
18366
18367
18368
18369
18370
18371
18372
18373
18374
18375
18376
18377
18378
18379
18380
18381
18382
18383
18384
18385
18386
18387
18388
18389
18390
18391
18392
18393
18394
18395
18396
18397
18398
18399
18400
18401
18402
18403
18404
18405
18406
18407
18408
18409
18410
18411
18412
18413
18414
18415
18416
18417
18418
18419
18420
18421
18422
18423
18424
18425
18426
18427
18428
18429
18430
18431
18432
18433
18434
18435
18436
18437
18438
18439
18440
18441
18442
18443
18444
18445
18446
18447
18448
18449
18450
18451
18452
18453
18454
18455
18456
18457
18458
18459
18460
18461
18462
18463
18464
18465
18466
18467
18468
18469
18470
18471
18472
18473
18474
18475
18476
18477
18478
18479
18480
18481
18482
18483
18484
18485
18486
18487
18488
18489
18490
18491
18492
18493
18494
18495
18496
18497
18498
18499
18500
18501
18502
18503
18504
18505
18506
18507
18508
18509
18510
18511
18512
18513
18514
18515
18516
18517
18518
18519
18520
18521
18522
18523
18524
18525
18526
18527
18528
18529
18530
18531
18532
18533
18534
18535
18536
18537
18538
18539
18540
18541
18542
18543
18544
18545
18546
18547
18548
18549
18550
18551
18552
18553
18554
18555
18556
18557
18558
18559
18560
18561
18562
18563
18564
18565
18566
18567
18568
18569
18570
18571
18572
18573
18574
18575
18576
18577
18578
18579
18580
18581
18582
18583
18584
18585
18586
18587
18588
18589
18590
18591
18592
18593
18594
18595
18596
18597
18598
18599
18600
18601
18602
18603
18604
18605
18606
18607
18608
18609
18610
18611
18612
18613
18614
18615
18616
18617
18618
18619
18620
18621
18622
18623
18624
18625
18626
18627
18628
18629
18630
18631
18632
18633
18634
18635
18636
18637
18638
18639
18640
18641
18642
18643
18644
18645
18646
18647
18648
18649
18650
18651
18652
18653
18654
18655
18656
18657
18658
18659
18660
18661
18662
18663
18664
18665
18666
18667
18668
18669
18670
18671
18672
18673
18674
18675
18676
18677
18678
18679
18680
18681
18682
18683
18684
18685
18686
18687
18688
18689
18690
18691
18692
18693
18694
18695
18696
18697
18698
18699
18700
18701
18702
18703
18704
18705
18706
18707
18708
18709
18710
18711
18712
18713
18714
18715
18716
18717
18718
18719
18720
18721
18722
18723
18724
18725
18726
18727
18728
18729
18730
18731
18732
18733
18734
18735
18736
18737
18738
18739
18740
18741
18742
18743
18744
18745
18746
18747
18748
18749
18750
18751
18752
18753
18754
18755
18756
18757
18758
18759
18760
18761
18762
18763
18764
18765
18766
18767
18768
18769
18770
18771
18772
18773
18774
18775
18776
18777
18778
18779
18780
18781
18782
18783
18784
18785
18786
18787
18788
18789
18790
18791
18792
18793
18794
18795
18796
18797
18798
18799
18800
18801
18802
18803
18804
18805
18806
18807
18808
18809
18810
18811
18812
18813
18814
18815
18816
18817
18818
18819
18820
18821
18822
18823
18824
18825
18826
18827
18828
18829
18830
18831
18832
18833
18834
18835
18836
18837
18838
18839
18840
18841
18842
18843
18844
18845
18846
18847
18848
18849
18850
18851
18852
18853
18854
18855
18856
18857
18858
18859
18860
18861
18862
18863
18864
18865
18866
18867
18868
18869
18870
18871
18872
18873
18874
18875
18876
18877
18878
18879
18880
18881
18882
18883
18884
18885
18886
18887
18888
18889
18890
18891
18892
18893
18894
18895
18896
18897
18898
18899
18900
18901
18902
18903
18904
18905
18906
18907
18908
18909
18910
18911
18912
18913
18914
18915
18916
18917
18918
18919
18920
18921
18922
18923
18924
18925
18926
18927
18928
18929
18930
18931
18932
18933
18934
18935
18936
18937
18938
18939
18940
18941
18942
18943
18944
18945
18946
18947
18948
18949
18950
18951
18952
18953
18954
18955
18956
18957
18958
18959
18960
18961
18962
18963
18964
18965
18966
18967
18968
18969
18970
18971
18972
18973
18974
18975
18976
18977
18978
18979
18980
18981
18982
18983
18984
18985
18986
18987
18988
18989
18990
18991
18992
18993
18994
18995
18996
18997
18998
18999
19000
19001
19002
19003
19004
19005
19006
19007
19008
19009
19010
19011
19012
19013
19014
19015
19016
19017
19018
19019
19020
19021
19022
19023
19024
19025
19026
19027
19028
19029
19030
19031
19032
19033
19034
19035
19036
19037
19038
19039
19040
19041
19042
19043
19044
19045
19046
19047
19048
19049
19050
19051
19052
19053
19054
19055
19056
19057
19058
19059
19060
19061
19062
19063
19064
19065
19066
19067
19068
19069
19070
19071
19072
19073
19074
19075
19076
19077
19078
19079
19080
19081
19082
19083
19084
19085
19086
19087
19088
19089
19090
19091
19092
19093
19094
19095
19096
19097
19098
19099
19100
19101
19102
19103
19104
19105
19106
19107
19108
19109
19110
19111
19112
19113
19114
19115
19116
19117
19118
19119
19120
19121
19122
19123
19124
19125
19126
19127
19128
19129
19130
19131
19132
19133
19134
19135
19136
19137
19138
19139
19140
19141
19142
19143
19144
19145
19146
19147
19148
19149
19150
19151
19152
19153
19154
19155
19156
19157
19158
19159
19160
19161
19162
19163
19164
19165
19166
19167
19168
19169
19170
19171
19172
19173
19174
19175
19176
19177
19178
19179
19180
19181
19182
19183
19184
19185
19186
19187
19188
19189
19190
19191
19192
19193
19194
19195
19196
19197
19198
19199
19200
19201
19202
19203
19204
19205
19206
19207
19208
19209
19210
19211
19212
19213
19214
19215
19216
19217
19218
19219
19220
19221
19222
19223
19224
19225
19226
19227
19228
19229
19230
19231
19232
19233
19234
19235
19236
19237
19238
19239
19240
19241
19242
19243
19244
19245
19246
19247
19248
19249
19250
19251
19252
19253
19254
19255
19256
19257
19258
19259
19260
19261
19262
19263
19264
19265
19266
19267
19268
19269
19270
19271
19272
19273
19274
19275
19276
19277
19278
19279
19280
19281
19282
19283
19284
19285
19286
19287
19288
19289
19290
19291
19292
19293
19294
19295
19296
19297
19298
19299
19300
19301
19302
19303
19304
19305
19306
19307
19308
19309
19310
19311
19312
19313
19314
19315
19316
19317
19318
19319
19320
19321
19322
19323
19324
19325
19326
19327
19328
19329
19330
19331
19332
19333
19334
19335
19336
19337
19338
19339
19340
19341
19342
19343
19344
19345
19346
19347
19348
19349
19350
19351
19352
19353
19354
19355
19356
19357
19358
19359
19360
19361
19362
19363
19364
19365
19366
19367
19368
19369
19370
19371
19372
19373
19374
19375
19376
19377
19378
19379
19380
19381
19382
19383
19384
19385
19386
19387
19388
19389
19390
19391
19392
19393
19394
19395
19396
19397
19398
19399
19400
19401
19402
19403
19404
19405
19406
19407
19408
19409
19410
19411
19412
19413
19414
19415
19416
19417
19418
19419
19420
19421
19422
19423
19424
19425
19426
19427
19428
19429
19430
19431
19432
19433
19434
19435
19436
19437
19438
19439
19440
19441
19442
19443
19444
19445
19446
19447
19448
19449
19450
19451
19452
19453
19454
19455
19456
19457
19458
19459
19460
19461
19462
19463
19464
19465
19466
19467
19468
19469
19470
19471
19472
19473
19474
19475
19476
19477
19478
19479
19480
19481
19482
19483
19484
19485
19486
19487
19488
19489
19490
19491
19492
19493
19494
19495
19496
19497
19498
19499
19500
19501
19502
19503
19504
19505
19506
19507
19508
19509
19510
19511
19512
19513
19514
19515
19516
19517
19518
19519
19520
19521
19522
19523
19524
19525
19526
19527
19528
19529
19530
19531
19532
19533
19534
19535
19536
19537
19538
19539
19540
19541
19542
19543
19544
19545
19546
19547
19548
19549
19550
19551
19552
19553
19554
19555
19556
19557
19558
19559
19560
19561
19562
19563
19564
19565
19566
19567
19568
19569
19570
19571
19572
19573
19574
19575
19576
19577
19578
19579
19580
19581
19582
19583
19584
19585
19586
19587
19588
19589
19590
19591
19592
19593
19594
19595
19596
19597
19598
19599
19600
19601
19602
19603
19604
19605
19606
19607
19608
19609
19610
19611
19612
19613
19614
19615
19616
19617
19618
19619
19620
19621
19622
19623
19624
19625
19626
19627
19628
19629
19630
19631
19632
19633
19634
19635
19636
19637
19638
19639
19640
19641
19642
19643
19644
19645
19646
19647
19648
19649
19650
19651
19652
19653
19654
19655
19656
19657
19658
19659
19660
19661
19662
19663
19664
19665
19666
19667
19668
19669
19670
19671
19672
19673
19674
19675
19676
19677
19678
19679
19680
19681
19682
19683
19684
19685
19686
19687
19688
19689
19690
19691
19692
19693
19694
19695
19696
19697
19698
19699
19700
19701
19702
19703
19704
19705
19706
19707
19708
19709
19710
19711
19712
19713
19714
19715
19716
19717
19718
19719
19720
19721
19722
19723
19724
19725
19726
19727
19728
19729
19730
19731
19732
19733
19734
19735
19736
19737
19738
19739
19740
19741
19742
19743
19744
19745
19746
19747
19748
19749
19750
19751
19752
19753
19754
19755
19756
19757
19758
19759
19760
19761
19762
19763
19764
19765
19766
19767
19768
19769
19770
19771
19772
19773
19774
19775
19776
19777
19778
19779
19780
19781
19782
19783
19784
19785
19786
19787
19788
19789
19790
19791
19792
19793
19794
19795
19796
19797
19798
19799
19800
19801
19802
19803
19804
19805
19806
19807
19808
19809
19810
19811
19812
19813
19814
19815
19816
19817
19818
19819
19820
19821
19822
19823
19824
19825
19826
19827
19828
19829
19830
19831
19832
19833
19834
19835
19836
19837
19838
19839
19840
19841
19842
19843
19844
19845
19846
19847
19848
19849
19850
19851
19852
19853
19854
19855
19856
19857
19858
19859
19860
19861
19862
19863
19864
19865
19866
19867
19868
19869
19870
19871
19872
19873
19874
19875
19876
19877
19878
19879
19880
19881
19882
19883
19884
19885
19886
19887
19888
19889
19890
19891
19892
19893
19894
19895
19896
19897
19898
19899
19900
19901
19902
19903
19904
19905
19906
19907
19908
19909
19910
19911
19912
19913
19914
19915
19916
19917
19918
19919
19920
19921
19922
19923
19924
19925
19926
19927
19928
19929
19930
19931
19932
19933
19934
19935
19936
19937
19938
19939
19940
19941
19942
19943
19944
19945
19946
19947
19948
19949
19950
19951
19952
19953
19954
19955
19956
19957
19958
19959
19960
19961
19962
19963
19964
19965
19966
19967
19968
19969
19970
19971
19972
19973
19974
19975
19976
19977
19978
19979
19980
19981
19982
19983
19984
19985
19986
19987
19988
19989
19990
19991
19992
19993
19994
19995
19996
19997
19998
19999
20000
20001
20002
20003
20004
20005
20006
20007
20008
20009
20010
20011
20012
20013
20014
20015
20016
20017
20018
20019
20020
20021
20022
20023
20024
20025
20026
20027
20028
20029
20030
20031
20032
20033
20034
20035
20036
20037
20038
20039
20040
20041
20042
20043
20044
20045
20046
20047
20048
20049
20050
20051
20052
20053
20054
20055
20056
20057
20058
20059
20060
20061
20062
20063
20064
20065
20066
20067
20068
20069
20070
20071
20072
20073
20074
20075
20076
20077
20078
20079
20080
20081
20082
20083
20084
20085
20086
20087
20088
20089
20090
20091
20092
20093
20094
20095
20096
20097
20098
20099
20100
20101
20102
20103
20104
20105
20106
20107
20108
20109
20110
20111
20112
20113
20114
20115
20116
20117
20118
20119
20120
20121
20122
20123
20124
20125
20126
20127
20128
20129
20130
20131
20132
20133
20134
20135
20136
20137
20138
20139
20140
20141
20142
20143
20144
20145
20146
20147
20148
20149
20150
20151
20152
20153
20154
20155
20156
20157
20158
20159
20160
20161
20162
20163
20164
20165
20166
20167
20168
20169
20170
20171
20172
20173
20174
20175
20176
20177
20178
20179
20180
20181
20182
20183
20184
20185
20186
20187
20188
20189
20190
20191
20192
20193
20194
20195
20196
20197
20198
20199
20200
20201
20202
20203
20204
20205
20206
20207
20208
20209
20210
20211
20212
20213
20214
20215
20216
20217
20218
20219
20220
20221
20222
20223
20224
20225
20226
20227
20228
20229
20230
20231
20232
20233
20234
20235
20236
20237
20238
20239
20240
20241
20242
20243
20244
20245
20246
20247
20248
20249
20250
20251
20252
20253
20254
20255
20256
20257
20258
20259
20260
20261
20262
20263
20264
20265
20266
20267
20268
20269
20270
20271
20272
20273
20274
20275
20276
20277
20278
20279
20280
20281
20282
20283
20284
20285
20286
20287
20288
20289
20290
20291
20292
20293
20294
20295
20296
20297
20298
20299
20300
20301
20302
20303
20304
20305
20306
20307
20308
20309
20310
20311
20312
20313
20314
20315
20316
20317
20318
20319
20320
20321
20322
20323
20324
20325
20326
20327
20328
20329
20330
20331
20332
20333
20334
20335
20336
20337
20338
20339
20340
20341
20342
20343
20344
20345
20346
20347
20348
20349
20350
20351
20352
20353
20354
20355
20356
20357
20358
20359
20360
20361
20362
20363
20364
20365
20366
20367
20368
20369
20370
20371
20372
20373
20374
20375
20376
20377
20378
20379
20380
20381
20382
20383
20384
20385
20386
20387
20388
20389
20390
20391
20392
20393
20394
20395
20396
20397
20398
20399
20400
20401
20402
20403
20404
20405
20406
20407
20408
20409
20410
20411
20412
20413
20414
20415
20416
20417
20418
20419
20420
20421
20422
20423
20424
20425
20426
20427
20428
20429
20430
20431
20432
20433
20434
20435
20436
20437
20438
20439
20440
20441
20442
20443
20444
20445
20446
20447
20448
20449
20450
20451
20452
20453
20454
20455
20456
20457
20458
20459
20460
20461
20462
20463
20464
20465
20466
20467
20468
20469
20470
20471
20472
20473
20474
20475
20476
20477
20478
20479
20480
20481
20482
20483
20484
20485
20486
20487
20488
20489
20490
20491
20492
20493
20494
20495
20496
20497
20498
20499
20500
20501
20502
20503
20504
20505
20506
20507
20508
20509
20510
20511
20512
20513
20514
20515
20516
20517
20518
20519
20520
20521
20522
20523
20524
20525
20526
20527
20528
20529
20530
20531
20532
20533
20534
20535
20536
20537
20538
20539
20540
20541
20542
20543
20544
20545
20546
20547
20548
20549
20550
20551
20552
20553
20554
20555
20556
20557
20558
20559
20560
20561
20562
20563
20564
20565
20566
20567
20568
20569
20570
20571
20572
20573
20574
20575
20576
20577
20578
20579
20580
20581
20582
20583
20584
20585
20586
20587
20588
20589
20590
20591
20592
20593
20594
20595
20596
20597
20598
20599
20600
20601
20602
20603
20604
20605
20606
20607
20608
20609
20610
20611
20612
20613
20614
20615
20616
20617
20618
20619
20620
20621
20622
20623
20624
20625
20626
20627
20628
20629
20630
20631
20632
20633
20634
20635
20636
20637
20638
20639
20640
20641
20642
20643
20644
20645
20646
20647
20648
20649
20650
20651
20652
20653
20654
20655
20656
20657
20658
20659
20660
20661
20662
20663
20664
20665
20666
20667
20668
20669
20670
20671
20672
20673
20674
20675
20676
20677
20678
20679
20680
20681
20682
20683
20684
20685
20686
20687
20688
20689
20690
20691
20692
20693
20694
20695
20696
20697
20698
20699
20700
20701
20702
20703
20704
20705
20706
20707
20708
20709
20710
20711
20712
20713
20714
20715
20716
20717
20718
20719
20720
20721
20722
20723
20724
20725
20726
20727
20728
20729
20730
20731
20732
20733
20734
20735
20736
20737
20738
20739
20740
20741
20742
20743
20744
20745
20746
20747
20748
20749
20750
20751
20752
20753
20754
20755
20756
20757
20758
20759
20760
20761
20762
20763
20764
20765
20766
20767
20768
20769
20770
20771
20772
20773
20774
20775
20776
20777
20778
20779
20780
20781
20782
20783
20784
20785
20786
20787
20788
20789
20790
20791
20792
20793
20794
20795
20796
20797
20798
20799
20800
20801
20802
20803
20804
20805
20806
20807
20808
20809
20810
20811
20812
20813
20814
20815
20816
20817
20818
20819
20820
20821
20822
20823
20824
20825
20826
20827
20828
20829
20830
20831
20832
20833
20834
20835
20836
20837
20838
20839
20840
20841
20842
20843
20844
20845
20846
20847
20848
20849
20850
20851
20852
20853
20854
20855
20856
20857
20858
20859
20860
20861
20862
20863
20864
20865
20866
20867
20868
20869
20870
20871
20872
20873
20874
20875
20876
20877
20878
20879
20880
20881
20882
20883
20884
20885
20886
20887
20888
20889
20890
20891
20892
20893
20894
20895
20896
20897
20898
20899
20900
20901
20902
20903
20904
20905
20906
20907
20908
20909
20910
20911
20912
20913
20914
20915
20916
20917
20918
20919
20920
20921
20922
20923
20924
20925
20926
20927
20928
20929
20930
20931
20932
20933
20934
20935
20936
20937
20938
20939
20940
20941
20942
20943
20944
20945
20946
20947
20948
20949
20950
20951
20952
20953
20954
20955
20956
20957
20958
20959
20960
20961
20962
20963
20964
20965
20966
20967
20968
20969
20970
20971
20972
20973
20974
20975
20976
20977
20978
20979
20980
20981
20982
20983
20984
20985
20986
20987
20988
20989
20990
20991
20992
20993
20994
20995
20996
20997
20998
20999
21000
21001
21002
21003
21004
21005
21006
21007
21008
21009
21010
21011
21012
21013
21014
21015
21016
21017
21018
21019
21020
21021
21022
21023
21024
21025
21026
21027
21028
21029
21030
21031
21032
21033
21034
21035
21036
21037
21038
21039
21040
21041
21042
21043
21044
21045
21046
21047
21048
21049
21050
21051
21052
21053
21054
21055
21056
21057
21058
21059
21060
21061
21062
21063
21064
21065
21066
21067
21068
21069
21070
21071
21072
21073
21074
21075
21076
21077
21078
21079
21080
21081
21082
21083
21084
21085
21086
21087
21088
21089
21090
21091
21092
21093
21094
21095
21096
21097
21098
21099
21100
21101
21102
21103
21104
21105
21106
21107
21108
21109
21110
21111
21112
21113
21114
21115
21116
21117
21118
21119
21120
21121
21122
21123
21124
21125
21126
21127
21128
21129
21130
21131
21132
21133
21134
21135
21136
21137
21138
21139
21140
21141
21142
21143
21144
21145
21146
21147
21148
21149
21150
21151
21152
21153
21154
21155
21156
21157
21158
21159
21160
21161
21162
21163
21164
21165
21166
21167
21168
21169
21170
21171
21172
21173
21174
21175
21176
21177
21178
21179
21180
21181
21182
21183
21184
21185
21186
21187
21188
21189
21190
21191
21192
21193
21194
21195
21196
21197
21198
21199
21200
21201
21202
21203
21204
21205
21206
21207
21208
21209
21210
21211
21212
21213
21214
21215
21216
21217
21218
21219
21220
21221
21222
21223
21224
21225
21226
21227
21228
21229
21230
21231
21232
21233
21234
21235
21236
21237
21238
21239
21240
21241
21242
21243
21244
21245
21246
21247
21248
21249
21250
21251
21252
21253
21254
21255
21256
21257
21258
21259
21260
21261
21262
21263
21264
21265
21266
21267
21268
21269
21270
21271
21272
21273
21274
21275
21276
21277
21278
21279
21280
21281
21282
21283
21284
21285
21286
21287
21288
21289
21290
21291
21292
21293
21294
21295
21296
21297
21298
21299
21300
21301
21302
21303
21304
21305
21306
21307
21308
21309
21310
21311
21312
21313
21314
21315
21316
21317
21318
21319
21320
21321
21322
21323
21324
21325
21326
21327
21328
21329
21330
21331
21332
21333
21334
21335
21336
21337
21338
21339
21340
21341
21342
21343
21344
21345
21346
21347
21348
21349
21350
21351
21352
21353
21354
21355
21356
21357
21358
21359
21360
21361
21362
21363
21364
21365
21366
21367
21368
21369
21370
21371
21372
21373
21374
21375
21376
21377
21378
21379
21380
21381
21382
21383
21384
21385
21386
21387
21388
21389
21390
21391
21392
21393
21394
21395
21396
21397
21398
21399
21400
21401
21402
21403
21404
21405
21406
21407
21408
21409
21410
21411
21412
21413
21414
21415
21416
21417
21418
21419
21420
21421
21422
21423
21424
21425
21426
21427
21428
21429
21430
21431
21432
21433
21434
21435
21436
21437
21438
21439
21440
21441
21442
21443
21444
21445
21446
21447
21448
21449
21450
21451
21452
21453
21454
21455
21456
21457
21458
21459
21460
21461
21462
21463
21464
21465
21466
21467
21468
21469
21470
21471
21472
21473
21474
21475
21476
21477
21478
21479
21480
21481
21482
21483
21484
21485
21486
21487
21488
21489
21490
21491
21492
21493
21494
21495
21496
21497
21498
21499
21500
21501
21502
21503
21504
21505
21506
21507
21508
21509
21510
21511
21512
21513
21514
21515
21516
21517
21518
21519
21520
21521
21522
21523
21524
21525
21526
21527
21528
21529
21530
21531
21532
21533
21534
21535
21536
21537
21538
21539
21540
21541
21542
21543
21544
21545
21546
21547
21548
21549
21550
21551
21552
21553
21554
21555
21556
21557
21558
21559
21560
21561
21562
21563
21564
21565
21566
21567
21568
21569
21570
21571
21572
21573
21574
21575
21576
21577
21578
21579
21580
21581
21582
21583
21584
21585
21586
21587
21588
21589
21590
21591
21592
21593
21594
21595
21596
21597
21598
21599
21600
21601
21602
21603
21604
21605
21606
21607
21608
21609
21610
21611
21612
21613
21614
21615
21616
21617
21618
21619
21620
21621
21622
21623
21624
21625
21626
21627
21628
21629
21630
21631
21632
21633
21634
21635
21636
21637
21638
21639
21640
21641
21642
21643
21644
21645
21646
21647
21648
21649
21650
21651
21652
21653
21654
21655
21656
21657
21658
21659
21660
21661
21662
21663
21664
21665
21666
21667
21668
21669
21670
21671
21672
21673
21674
21675
21676
21677
21678
21679
21680
21681
21682
21683
21684
21685
21686
21687
21688
21689
21690
21691
21692
21693
21694
21695
21696
21697
21698
21699
21700
21701
21702
21703
21704
21705
21706
21707
21708
21709
21710
21711
21712
21713
21714
21715
21716
21717
21718
21719
21720
21721
21722
21723
21724
21725
21726
21727
21728
21729
21730
21731
21732
21733
21734
21735
21736
21737
21738
21739
21740
21741
21742
21743
21744
21745
21746
21747
21748
21749
21750
21751
21752
21753
21754
21755
21756
21757
21758
21759
21760
21761
21762
21763
21764
21765
21766
21767
21768
21769
21770
21771
21772
21773
21774
21775
21776
21777
21778
21779
21780
21781
21782
21783
21784
21785
21786
21787
21788
21789
21790
21791
21792
21793
21794
21795
21796
21797
21798
21799
21800
21801
21802
21803
21804
21805
21806
21807
21808
21809
21810
21811
21812
21813
21814
21815
21816
21817
21818
21819
21820
21821
21822
21823
21824
21825
21826
21827
21828
21829
21830
21831
21832
21833
21834
21835
21836
21837
21838
21839
21840
21841
21842
21843
21844
21845
21846
21847
21848
21849
21850
21851
21852
21853
21854
21855
21856
21857
21858
21859
21860
21861
21862
21863
21864
21865
21866
21867
21868
21869
21870
21871
21872
21873
21874
21875
21876
21877
21878
21879
21880
21881
21882
21883
21884
21885
21886
21887
21888
21889
21890
21891
21892
21893
21894
21895
21896
21897
21898
21899
21900
21901
21902
21903
21904
21905
21906
21907
21908
21909
21910
21911
21912
21913
21914
21915
21916
21917
21918
21919
21920
21921
21922
21923
21924
21925
21926
21927
21928
21929
21930
21931
21932
21933
21934
21935
21936
21937
21938
21939
21940
21941
21942
21943
21944
21945
21946
21947
21948
21949
21950
21951
21952
21953
21954
21955
21956
21957
21958
21959
21960
21961
21962
21963
21964
21965
21966
21967
21968
21969
21970
21971
21972
21973
21974
21975
21976
21977
21978
21979
21980
21981
21982
21983
21984
21985
21986
21987
21988
21989
21990
21991
21992
21993
21994
21995
21996
21997
21998
21999
22000
22001
22002
22003
22004
22005
22006
22007
22008
22009
22010
22011
22012
22013
22014
22015
22016
22017
22018
22019
22020
22021
22022
22023
22024
22025
22026
22027
22028
22029
22030
22031
22032
22033
22034
22035
22036
22037
22038
22039
22040
22041
22042
22043
22044
22045
22046
22047
22048
22049
22050
22051
22052
22053
22054
22055
22056
22057
22058
22059
22060
22061
22062
22063
22064
22065
22066
22067
22068
22069
22070
22071
22072
22073
22074
22075
22076
22077
22078
22079
22080
22081
22082
22083
22084
22085
22086
22087
22088
22089
22090
22091
22092
22093
22094
22095
22096
22097
22098
22099
22100
22101
22102
22103
22104
22105
22106
22107
22108
22109
22110
22111
22112
22113
22114
22115
22116
22117
22118
22119
22120
22121
22122
22123
22124
22125
22126
22127
22128
22129
22130
22131
22132
22133
22134
22135
22136
22137
22138
22139
22140
22141
22142
22143
22144
22145
22146
22147
22148
22149
22150
22151
22152
22153
22154
22155
22156
22157
22158
22159
22160
22161
22162
22163
22164
22165
22166
22167
22168
22169
22170
22171
22172
22173
22174
22175
22176
22177
22178
22179
22180
22181
22182
22183
22184
22185
22186
22187
22188
22189
22190
22191
22192
22193
22194
22195
22196
22197
22198
22199
22200
22201
22202
22203
22204
22205
22206
22207
22208
22209
22210
22211
22212
22213
22214
22215
22216
22217
22218
22219
22220
22221
22222
22223
22224
22225
22226
22227
22228
22229
22230
22231
22232
22233
22234
22235
22236
22237
22238
22239
22240
22241
22242
22243
22244
22245
22246
22247
22248
22249
22250
22251
22252
22253
22254
22255
22256
22257
22258
22259
22260
22261
22262
22263
22264
22265
22266
22267
22268
22269
22270
22271
22272
22273
22274
22275
22276
22277
22278
22279
22280
22281
22282
22283
22284
22285
22286
22287
22288
22289
22290
22291
22292
22293
22294
22295
22296
22297
22298
22299
22300
22301
22302
22303
22304
22305
22306
22307
22308
22309
22310
22311
22312
22313
22314
22315
22316
22317
22318
22319
22320
22321
22322
22323
22324
22325
22326
22327
22328
22329
22330
22331
22332
22333
22334
22335
22336
22337
22338
22339
22340
22341
22342
22343
22344
22345
22346
22347
22348
22349
22350
22351
22352
22353
22354
22355
22356
22357
22358
22359
22360
22361
22362
22363
22364
22365
22366
22367
22368
22369
22370
22371
22372
22373
22374
22375
22376
22377
22378
22379
22380
22381
22382
22383
22384
22385
22386
22387
22388
22389
22390
22391
22392
22393
22394
22395
22396
22397
22398
22399
22400
22401
22402
22403
22404
22405
22406
22407
22408
22409
22410
22411
22412
22413
22414
22415
22416
22417
22418
22419
22420
22421
22422
22423
22424
22425
22426
22427
22428
22429
22430
22431
22432
22433
22434
22435
22436
22437
22438
22439
22440
22441
22442
22443
22444
22445
22446
22447
22448
22449
22450
22451
22452
22453
22454
22455
22456
22457
22458
22459
22460
22461
22462
22463
22464
22465
22466
22467
22468
22469
22470
22471
22472
22473
22474
22475
22476
22477
22478
22479
22480
22481
22482
22483
22484
22485
22486
22487
22488
22489
22490
22491
22492
22493
22494
22495
22496
22497
22498
22499
22500
22501
22502
22503
22504
22505
22506
22507
22508
22509
22510
22511
22512
22513
22514
22515
22516
22517
22518
22519
22520
22521
22522
22523
22524
22525
22526
22527
22528
22529
22530
22531
22532
22533
22534
22535
22536
22537
22538
22539
22540
22541
22542
22543
22544
22545
22546
22547
22548
22549
22550
22551
22552
22553
22554
22555
22556
22557
22558
22559
22560
22561
22562
22563
22564
22565
22566
22567
22568
22569
22570
22571
22572
22573
22574
22575
22576
22577
22578
22579
22580
22581
22582
22583
22584
22585
22586
22587
22588
22589
22590
22591
22592
22593
22594
22595
22596
22597
22598
22599
22600
22601
22602
22603
22604
22605
22606
22607
22608
22609
22610
22611
22612
22613
22614
22615
22616
22617
22618
22619
22620
22621
22622
22623
22624
22625
22626
22627
22628
22629
22630
22631
22632
22633
22634
22635
22636
22637
22638
22639
22640
22641
22642
22643
22644
22645
22646
22647
22648
22649
22650
22651
22652
22653
22654
22655
22656
22657
22658
22659
22660
22661
22662
22663
22664
22665
22666
22667
22668
22669
22670
22671
22672
22673
22674
22675
22676
22677
22678
22679
22680
22681
22682
22683
22684
22685
22686
22687
22688
22689
22690
22691
22692
22693
22694
22695
22696
22697
22698
22699
22700
22701
22702
22703
22704
22705
22706
22707
22708
22709
22710
22711
22712
22713
22714
22715
22716
22717
22718
22719
22720
22721
22722
22723
22724
22725
22726
22727
22728
22729
22730
22731
22732
22733
22734
22735
22736
22737
22738
22739
22740
22741
22742
22743
22744
22745
22746
22747
22748
22749
22750
22751
22752
22753
22754
22755
22756
22757
22758
22759
22760
22761
22762
22763
22764
22765
22766
22767
22768
22769
22770
22771
22772
22773
22774
22775
22776
22777
22778
22779
22780
22781
22782
22783
22784
22785
22786
22787
22788
22789
22790
22791
22792
22793
22794
22795
22796
22797
22798
22799
22800
22801
22802
22803
22804
22805
22806
22807
22808
22809
22810
22811
22812
22813
22814
22815
22816
22817
22818
22819
22820
22821
22822
22823
22824
22825
22826
22827
22828
22829
22830
22831
22832
22833
22834
22835
22836
22837
22838
22839
22840
22841
22842
22843
22844
22845
22846
22847
22848
22849
22850
22851
22852
22853
22854
22855
22856
22857
22858
22859
22860
22861
22862
22863
22864
22865
22866
22867
22868
22869
22870
22871
22872
22873
22874
22875
22876
22877
22878
22879
22880
22881
22882
22883
22884
22885
22886
22887
22888
22889
22890
22891
22892
22893
22894
22895
22896
22897
22898
22899
22900
22901
22902
22903
22904
22905
22906
22907
22908
22909
22910
22911
22912
22913
22914
22915
22916
22917
22918
22919
22920
22921
22922
22923
22924
22925
22926
22927
22928
22929
22930
22931
22932
22933
22934
22935
22936
22937
22938
22939
22940
22941
22942
22943
22944
22945
22946
22947
22948
22949
22950
22951
22952
22953
22954
22955
22956
22957
22958
22959
22960
22961
22962
22963
22964
22965
22966
22967
22968
22969
22970
22971
22972
22973
22974
22975
22976
22977
22978
22979
22980
22981
22982
22983
22984
22985
22986
22987
22988
22989
22990
22991
22992
22993
22994
22995
22996
22997
22998
22999
23000
23001
23002
23003
23004
23005
23006
23007
23008
23009
23010
23011
23012
23013
23014
23015
23016
23017
23018
23019
23020
23021
23022
23023
23024
23025
23026
23027
23028
23029
23030
23031
23032
23033
23034
23035
23036
23037
23038
23039
23040
23041
23042
23043
23044
23045
23046
23047
23048
23049
23050
23051
23052
23053
23054
23055
23056
23057
23058
23059
23060
23061
23062
23063
23064
23065
23066
23067
23068
23069
23070
23071
23072
23073
23074
23075
23076
23077
23078
23079
23080
23081
23082
23083
23084
23085
23086
23087
23088
23089
23090
23091
23092
23093
23094
23095
23096
23097
23098
23099
23100
23101
23102
23103
23104
23105
23106
23107
23108
23109
23110
23111
23112
23113
23114
23115
23116
23117
23118
23119
23120
23121
23122
23123
23124
23125
23126
23127
23128
23129
23130
23131
23132
23133
23134
23135
23136
23137
23138
23139
23140
23141
23142
23143
23144
23145
23146
23147
23148
23149
23150
23151
23152
23153
23154
23155
23156
23157
23158
23159
23160
23161
23162
23163
23164
23165
23166
23167
23168
23169
23170
23171
23172
23173
23174
23175
23176
23177
23178
23179
23180
23181
23182
23183
23184
23185
23186
23187
23188
23189
23190
23191
23192
23193
23194
23195
23196
23197
23198
23199
23200
23201
23202
23203
23204
23205
23206
23207
23208
23209
23210
23211
23212
23213
23214
23215
23216
23217
23218
23219
23220
23221
23222
23223
23224
23225
23226
23227
23228
23229
23230
23231
23232
23233
23234
23235
23236
23237
23238
23239
23240
23241
23242
23243
23244
23245
23246
23247
23248
23249
23250
23251
23252
23253
23254
23255
23256
23257
23258
23259
23260
23261
23262
23263
23264
23265
23266
23267
23268
23269
23270
23271
23272
23273
23274
23275
23276
23277
23278
23279
23280
23281
23282
23283
23284
23285
23286
23287
23288
23289
23290
23291
23292
23293
23294
23295
23296
23297
23298
23299
23300
23301
23302
23303
23304
23305
23306
23307
23308
23309
23310
23311
23312
23313
23314
23315
23316
23317
23318
23319
23320
23321
23322
23323
23324
23325
23326
23327
23328
23329
23330
23331
23332
23333
23334
23335
23336
23337
23338
23339
23340
23341
23342
23343
23344
23345
23346
23347
23348
23349
23350
23351
23352
23353
23354
23355
23356
23357
23358
23359
23360
23361
23362
23363
23364
23365
23366
23367
23368
23369
23370
23371
23372
23373
23374
23375
23376
23377
23378
23379
23380
23381
23382
23383
23384
23385
23386
23387
23388
23389
23390
23391
23392
23393
23394
23395
23396
23397
23398
23399
23400
23401
23402
23403
23404
23405
23406
23407
23408
23409
23410
23411
23412
23413
23414
23415
23416
23417
23418
23419
23420
23421
23422
23423
23424
23425
23426
23427
23428
23429
23430
23431
23432
23433
23434
23435
23436
23437
23438
23439
23440
23441
23442
23443
23444
23445
23446
23447
23448
23449
23450
23451
23452
23453
23454
23455
23456
23457
23458
23459
23460
23461
23462
23463
23464
23465
23466
23467
23468
23469
23470
23471
23472
23473
23474
23475
23476
23477
23478
23479
23480
23481
23482
23483
23484
23485
23486
23487
23488
23489
23490
23491
23492
23493
23494
23495
23496
23497
23498
23499
23500
23501
23502
23503
23504
23505
23506
23507
23508
23509
23510
23511
23512
23513
23514
23515
23516
23517
23518
23519
23520
23521
23522
23523
23524
23525
23526
23527
23528
23529
23530
23531
23532
23533
23534
23535
23536
23537
23538
23539
23540
23541
23542
23543
23544
23545
23546
23547
23548
23549
23550
23551
23552
23553
23554
23555
23556
23557
23558
23559
23560
23561
23562
23563
23564
23565
23566
23567
23568
23569
23570
23571
23572
23573
23574
23575
23576
23577
23578
23579
23580
23581
23582
23583
23584
23585
23586
23587
23588
23589
23590
23591
23592
23593
23594
23595
23596
23597
23598
23599
23600
23601
23602
23603
23604
23605
23606
23607
23608
23609
23610
23611
23612
23613
23614
23615
23616
23617
23618
23619
23620
23621
23622
23623
23624
23625
23626
23627
23628
23629
23630
23631
23632
23633
23634
23635
23636
23637
23638
23639
23640
23641
23642
23643
23644
23645
23646
23647
23648
23649
23650
23651
23652
23653
23654
23655
23656
23657
23658
23659
23660
23661
23662
23663
23664
23665
23666
23667
23668
23669
23670
23671
23672
23673
23674
23675
23676
23677
23678
23679
23680
23681
23682
23683
23684
23685
23686
23687
23688
23689
23690
23691
23692
23693
23694
23695
23696
23697
23698
23699
23700
23701
23702
23703
23704
23705
23706
23707
23708
23709
23710
23711
23712
23713
23714
23715
23716
23717
23718
23719
23720
23721
23722
23723
23724
23725
23726
23727
23728
23729
23730
23731
23732
23733
23734
23735
23736
23737
23738
23739
23740
23741
23742
23743
23744
23745
23746
23747
23748
23749
23750
23751
23752
23753
23754
23755
23756
23757
23758
23759
23760
23761
23762
23763
23764
23765
23766
23767
23768
23769
23770
23771
23772
23773
23774
23775
23776
23777
23778
23779
23780
23781
23782
23783
23784
23785
23786
23787
23788
23789
23790
23791
23792
23793
23794
23795
23796
23797
23798
23799
23800
23801
23802
23803
23804
23805
23806
23807
23808
23809
23810
23811
23812
23813
23814
23815
23816
23817
23818
23819
23820
23821
23822
23823
23824
23825
23826
23827
23828
23829
23830
23831
23832
23833
23834
23835
23836
23837
23838
23839
23840
23841
23842
23843
23844
23845
23846
23847
23848
23849
23850
23851
23852
23853
23854
23855
23856
23857
23858
23859
23860
23861
23862
23863
23864
23865
23866
23867
23868
23869
23870
23871
23872
23873
23874
23875
23876
23877
23878
23879
23880
23881
23882
23883
23884
23885
23886
23887
23888
23889
23890
23891
23892
23893
23894
23895
23896
23897
23898
23899
23900
23901
23902
23903
23904
23905
23906
23907
23908
23909
23910
23911
23912
23913
23914
23915
23916
23917
23918
23919
23920
23921
23922
23923
23924
23925
23926
23927
23928
23929
23930
23931
23932
23933
23934
23935
23936
23937
23938
23939
23940
23941
23942
23943
23944
23945
23946
23947
23948
23949
23950
23951
23952
23953
23954
23955
23956
23957
23958
23959
23960
23961
23962
23963
23964
23965
23966
23967
23968
23969
23970
23971
23972
23973
23974
23975
23976
23977
23978
23979
23980
23981
23982
23983
23984
23985
23986
23987
23988
23989
23990
23991
23992
23993
23994
23995
23996
23997
23998
23999
24000
24001
24002
24003
24004
24005
24006
24007
24008
24009
24010
24011
24012
24013
24014
24015
24016
24017
24018
24019
24020
24021
24022
24023
24024
24025
24026
24027
24028
24029
24030
24031
24032
24033
24034
24035
24036
24037
24038
24039
24040
24041
24042
24043
24044
24045
24046
24047
24048
24049
24050
24051
24052
24053
24054
24055
24056
24057
24058
24059
24060
24061
24062
24063
24064
24065
24066
24067
24068
24069
24070
24071
24072
24073
24074
24075
24076
24077
24078
24079
24080
24081
24082
24083
24084
24085
24086
24087
24088
24089
24090
24091
24092
24093
24094
24095
24096
24097
24098
24099
24100
24101
24102
24103
24104
24105
24106
24107
24108
24109
24110
24111
24112
24113
24114
24115
24116
24117
24118
24119
24120
24121
24122
24123
24124
24125
24126
24127
24128
24129
24130
24131
24132
24133
24134
24135
24136
24137
24138
24139
24140
24141
24142
24143
24144
24145
24146
24147
24148
24149
24150
24151
24152
24153
24154
24155
24156
24157
24158
24159
24160
24161
24162
24163
24164
24165
24166
24167
24168
24169
24170
24171
24172
24173
24174
24175
24176
24177
24178
24179
24180
24181
24182
24183
24184
24185
24186
24187
24188
24189
24190
24191
24192
24193
24194
24195
24196
24197
24198
24199
24200
24201
24202
24203
24204
24205
24206
24207
24208
24209
24210
24211
24212
24213
24214
24215
24216
24217
24218
24219
24220
24221
24222
24223
24224
24225
24226
24227
24228
24229
24230
24231
24232
24233
24234
24235
24236
24237
24238
24239
24240
24241
24242
24243
24244
24245
24246
24247
24248
24249
24250
24251
24252
24253
24254
24255
24256
24257
24258
24259
24260
24261
24262
24263
24264
24265
24266
24267
24268
24269
24270
24271
24272
24273
24274
24275
24276
24277
24278
24279
24280
24281
24282
24283
24284
24285
24286
24287
24288
24289
24290
24291
24292
24293
24294
24295
24296
24297
24298
24299
24300
24301
24302
24303
24304
24305
24306
24307
24308
24309
24310
24311
24312
24313
24314
24315
24316
24317
24318
24319
24320
24321
24322
24323
24324
24325
24326
24327
24328
24329
24330
24331
24332
24333
24334
24335
24336
24337
24338
24339
24340
24341
24342
24343
24344
24345
24346
24347
24348
24349
24350
24351
24352
24353
24354
24355
24356
24357
24358
24359
24360
24361
24362
24363
24364
24365
24366
24367
24368
24369
24370
24371
24372
24373
24374
24375
24376
24377
24378
24379
24380
24381
24382
24383
24384
24385
24386
24387
24388
24389
24390
24391
24392
24393
24394
24395
24396
24397
24398
24399
24400
24401
24402
24403
24404
24405
24406
24407
24408
24409
24410
24411
24412
24413
24414
24415
24416
24417
24418
24419
24420
24421
24422
24423
24424
24425
24426
24427
24428
24429
24430
24431
24432
24433
24434
24435
24436
24437
24438
24439
24440
24441
24442
24443
24444
24445
24446
24447
24448
24449
24450
24451
24452
24453
24454
24455
24456
24457
24458
24459
24460
24461
24462
24463
24464
24465
24466
24467
24468
24469
24470
24471
24472
24473
24474
24475
24476
24477
24478
24479
24480
24481
24482
24483
24484
24485
24486
24487
24488
24489
24490
24491
24492
24493
24494
24495
24496
24497
24498
24499
24500
24501
24502
24503
24504
24505
24506
24507
24508
24509
24510
24511
24512
24513
24514
24515
24516
24517
24518
24519
24520
24521
24522
24523
24524
24525
24526
24527
24528
24529
24530
24531
24532
24533
24534
24535
24536
24537
24538
24539
24540
24541
24542
24543
24544
24545
24546
24547
24548
24549
24550
24551
24552
24553
24554
24555
24556
24557
24558
24559
24560
24561
24562
24563
24564
24565
24566
24567
24568
24569
24570
24571
24572
24573
24574
24575
24576
24577
24578
24579
24580
24581
24582
24583
24584
24585
24586
24587
24588
24589
24590
24591
24592
24593
24594
24595
24596
24597
24598
24599
24600
24601
24602
24603
24604
24605
24606
24607
24608
24609
24610
24611
24612
24613
24614
24615
24616
24617
24618
24619
24620
24621
24622
24623
24624
24625
24626
24627
24628
24629
24630
24631
24632
24633
24634
24635
24636
24637
24638
24639
24640
24641
24642
24643
24644
24645
24646
24647
24648
24649
24650
24651
24652
24653
24654
24655
24656
24657
24658
24659
24660
24661
24662
24663
24664
24665
24666
24667
24668
24669
24670
24671
24672
24673
24674
24675
24676
24677
24678
24679
24680
24681
24682
24683
24684
24685
24686
24687
24688
24689
24690
24691
24692
24693
24694
24695
24696
24697
24698
24699
24700
24701
24702
24703
24704
24705
24706
24707
24708
24709
24710
24711
24712
24713
24714
24715
24716
24717
24718
24719
24720
24721
24722
24723
24724
24725
24726
24727
24728
24729
24730
24731
24732
24733
24734
24735
24736
24737
24738
24739
24740
24741
24742
24743
24744
24745
24746
24747
24748
24749
24750
24751
24752
24753
24754
24755
24756
24757
24758
24759
24760
24761
24762
24763
24764
24765
24766
24767
24768
24769
24770
24771
24772
24773
24774
24775
24776
24777
24778
24779
24780
24781
24782
24783
24784
24785
24786
24787
24788
24789
24790
24791
24792
24793
24794
24795
24796
24797
24798
24799
24800
24801
24802
24803
24804
24805
24806
24807
24808
24809
24810
24811
24812
24813
24814
24815
24816
24817
24818
24819
24820
24821
24822
24823
24824
24825
24826
24827
24828
24829
24830
24831
24832
24833
24834
24835
24836
24837
24838
24839
24840
24841
24842
24843
24844
24845
24846
24847
24848
24849
24850
24851
24852
24853
24854
24855
24856
24857
24858
24859
24860
24861
24862
24863
24864
24865
24866
24867
24868
24869
24870
24871
24872
24873
24874
24875
24876
24877
24878
24879
24880
24881
24882
24883
24884
24885
24886
24887
24888
24889
24890
24891
24892
24893
24894
24895
24896
24897
24898
24899
24900
24901
24902
24903
24904
24905
24906
24907
24908
24909
24910
24911
24912
24913
24914
24915
24916
24917
24918
24919
24920
24921
24922
24923
24924
24925
24926
24927
24928
24929
24930
24931
24932
24933
24934
24935
24936
24937
24938
24939
24940
24941
24942
24943
24944
24945
24946
24947
24948
24949
24950
24951
24952
24953
24954
24955
24956
24957
24958
24959
24960
24961
24962
24963
24964
24965
24966
24967
24968
24969
24970
24971
24972
24973
24974
24975
24976
24977
24978
24979
24980
24981
24982
24983
24984
24985
24986
24987
24988
24989
24990
24991
24992
24993
24994
24995
24996
24997
24998
24999
25000
25001
25002
25003
25004
25005
25006
25007
25008
25009
25010
25011
25012
25013
25014
25015
25016
25017
25018
25019
25020
25021
25022
25023
25024
25025
25026
25027
25028
25029
25030
25031
25032
25033
25034
25035
25036
25037
25038
25039
25040
25041
25042
25043
25044
25045
25046
25047
25048
25049
25050
25051
25052
25053
25054
25055
25056
25057
25058
25059
25060
25061
25062
25063
25064
25065
25066
25067
25068
25069
25070
25071
25072
25073
25074
25075
25076
25077
25078
25079
25080
25081
25082
25083
25084
25085
25086
25087
25088
25089
25090
25091
25092
25093
25094
25095
25096
25097
25098
25099
25100
25101
25102
25103
25104
25105
25106
25107
25108
25109
25110
25111
25112
25113
25114
25115
25116
25117
25118
25119
25120
25121
25122
25123
25124
25125
25126
25127
25128
25129
25130
25131
25132
25133
25134
25135
25136
25137
25138
25139
25140
25141
25142
25143
25144
25145
25146
25147
25148
25149
25150
25151
25152
25153
25154
25155
25156
25157
25158
25159
25160
25161
25162
25163
25164
25165
25166
25167
25168
25169
25170
25171
25172
25173
25174
25175
25176
25177
25178
25179
25180
25181
25182
25183
25184
25185
25186
25187
25188
25189
25190
25191
25192
25193
25194
25195
25196
25197
25198
25199
25200
25201
25202
25203
25204
25205
25206
25207
25208
25209
25210
25211
25212
25213
25214
25215
25216
25217
25218
25219
25220
25221
25222
25223
25224
25225
25226
25227
25228
25229
25230
25231
25232
25233
25234
25235
25236
25237
25238
25239
25240
25241
25242
25243
25244
25245
25246
25247
25248
25249
25250
25251
25252
25253
25254
25255
25256
25257
25258
25259
25260
25261
25262
25263
25264
25265
25266
25267
25268
25269
25270
25271
25272
25273
25274
25275
25276
25277
25278
25279
25280
25281
25282
25283
25284
25285
25286
25287
25288
25289
25290
25291
25292
25293
25294
25295
25296
25297
25298
25299
25300
25301
25302
25303
25304
25305
25306
25307
25308
25309
25310
25311
25312
25313
25314
25315
25316
25317
25318
25319
25320
25321
25322
25323
25324
25325
25326
25327
25328
25329
25330
25331
25332
25333
25334
25335
25336
25337
25338
25339
25340
25341
25342
25343
25344
25345
25346
25347
25348
25349
25350
25351
25352
25353
25354
25355
25356
25357
25358
25359
25360
25361
25362
25363
25364
25365
25366
25367
25368
25369
25370
25371
25372
25373
25374
25375
25376
25377
25378
25379
25380
25381
25382
25383
25384
25385
25386
25387
25388
25389
25390
25391
25392
25393
25394
25395
25396
25397
25398
25399
25400
25401
25402
25403
25404
25405
25406
25407
25408
25409
25410
25411
25412
25413
25414
25415
25416
25417
25418
25419
25420
25421
25422
25423
25424
25425
25426
25427
25428
25429
25430
25431
25432
25433
25434
25435
25436
25437
25438
25439
25440
25441
25442
25443
25444
25445
25446
25447
25448
25449
25450
25451
25452
25453
25454
25455
25456
25457
25458
25459
25460
25461
25462
25463
25464
25465
25466
25467
25468
25469
25470
25471
25472
25473
25474
25475
25476
25477
25478
25479
25480
25481
25482
25483
25484
25485
25486
25487
25488
25489
25490
25491
25492
25493
25494
25495
25496
25497
25498
25499
25500
25501
25502
25503
25504
25505
25506
25507
25508
25509
25510
25511
25512
25513
25514
25515
25516
25517
25518
25519
25520
25521
25522
25523
25524
25525
25526
25527
25528
25529
25530
25531
25532
25533
25534
25535
25536
25537
25538
25539
25540
25541
25542
25543
25544
25545
25546
25547
25548
25549
25550
25551
25552
25553
25554
25555
25556
25557
25558
25559
25560
25561
25562
25563
25564
25565
25566
25567
25568
25569
25570
25571
25572
25573
25574
25575
25576
25577
25578
25579
25580
25581
25582
25583
25584
25585
25586
25587
25588
25589
25590
25591
25592
25593
25594
25595
25596
25597
25598
25599
25600
25601
25602
25603
25604
25605
25606
25607
25608
25609
25610
25611
25612
25613
25614
25615
25616
25617
25618
25619
25620
25621
25622
25623
25624
25625
25626
25627
25628
25629
25630
25631
25632
25633
25634
25635
25636
25637
25638
25639
25640
25641
25642
25643
25644
25645
25646
25647
25648
25649
25650
25651
25652
25653
25654
25655
25656
25657
25658
25659
25660
25661
25662
25663
25664
25665
25666
25667
25668
25669
25670
25671
25672
25673
25674
25675
25676
25677
25678
25679
25680
25681
25682
25683
25684
25685
25686
25687
25688
25689
25690
25691
25692
25693
25694
25695
25696
25697
25698
25699
25700
25701
25702
25703
25704
25705
25706
25707
25708
25709
25710
25711
25712
25713
25714
25715
25716
25717
25718
25719
25720
25721
25722
25723
25724
25725
25726
25727
25728
25729
25730
25731
25732
25733
25734
25735
25736
25737
25738
25739
25740
25741
25742
25743
25744
25745
25746
25747
25748
25749
25750
25751
25752
25753
25754
25755
25756
25757
25758
25759
25760
25761
25762
25763
25764
25765
25766
25767
25768
25769
25770
25771
25772
25773
25774
25775
25776
25777
25778
25779
25780
25781
25782
25783
25784
25785
25786
25787
25788
25789
25790
25791
25792
25793
25794
25795
25796
25797
25798
25799
25800
25801
25802
25803
25804
25805
25806
25807
25808
25809
25810
25811
25812
25813
25814
25815
25816
25817
25818
25819
25820
25821
25822
25823
25824
25825
25826
25827
25828
25829
25830
25831
25832
25833
25834
25835
25836
25837
25838
25839
25840
25841
25842
25843
25844
25845
25846
25847
25848
25849
25850
25851
25852
25853
25854
25855
25856
25857
25858
25859
25860
25861
25862
25863
25864
25865
25866
25867
25868
25869
25870
25871
25872
25873
25874
25875
25876
25877
25878
25879
25880
25881
25882
25883
25884
25885
25886
25887
25888
25889
25890
25891
25892
25893
25894
25895
25896
25897
25898
25899
25900
25901
25902
25903
25904
25905
25906
25907
25908
25909
25910
25911
25912
25913
25914
25915
25916
25917
25918
25919
25920
25921
25922
25923
25924
25925
25926
25927
25928
25929
25930
25931
25932
25933
25934
25935
25936
25937
25938
25939
25940
25941
25942
25943
25944
25945
25946
25947
25948
25949
25950
25951
25952
25953
25954
25955
25956
25957
25958
25959
25960
25961
25962
25963
25964
25965
25966
25967
25968
25969
25970
25971
25972
25973
25974
25975
25976
25977
25978
25979
25980
25981
25982
25983
25984
25985
25986
25987
25988
25989
25990
25991
25992
25993
25994
25995
25996
25997
25998
25999
26000
26001
26002
26003
26004
26005
26006
26007
26008
26009
26010
26011
26012
26013
26014
26015
26016
26017
26018
26019
26020
26021
26022
26023
26024
26025
26026
26027
26028
26029
26030
26031
26032
26033
26034
26035
26036
26037
26038
26039
26040
26041
26042
26043
26044
26045
26046
26047
26048
26049
26050
26051
26052
26053
26054
26055
26056
26057
26058
26059
26060
26061
26062
26063
26064
26065
26066
26067
26068
26069
26070
26071
26072
26073
26074
26075
26076
26077
26078
26079
26080
26081
26082
26083
26084
26085
26086
26087
26088
26089
26090
26091
26092
26093
26094
26095
26096
26097
26098
26099
26100
26101
26102
26103
26104
26105
26106
26107
26108
26109
26110
26111
26112
26113
26114
26115
26116
26117
26118
26119
26120
26121
26122
26123
26124
26125
26126
26127
26128
26129
26130
26131
26132
26133
26134
26135
26136
26137
26138
26139
26140
26141
26142
26143
26144
26145
26146
26147
26148
26149
26150
26151
26152
26153
26154
26155
26156
26157
26158
26159
26160
26161
26162
26163
26164
26165
26166
26167
26168
26169
26170
26171
26172
26173
26174
26175
26176
26177
26178
26179
26180
26181
26182
26183
26184
26185
26186
26187
26188
26189
26190
26191
26192
26193
26194
26195
26196
26197
26198
26199
26200
26201
26202
26203
26204
26205
26206
26207
26208
26209
26210
26211
26212
26213
26214
26215
26216
26217
26218
26219
26220
26221
26222
26223
26224
26225
26226
26227
26228
26229
26230
26231
26232
26233
26234
26235
26236
26237
26238
26239
26240
26241
26242
26243
26244
26245
26246
26247
26248
26249
26250
26251
26252
26253
26254
26255
26256
26257
26258
26259
26260
26261
26262
26263
26264
26265
26266
26267
26268
26269
26270
26271
26272
26273
26274
26275
26276
26277
26278
26279
26280
26281
26282
26283
26284
26285
26286
26287
26288
26289
26290
26291
26292
26293
26294
26295
26296
26297
26298
26299
26300
26301
26302
26303
26304
26305
26306
26307
26308
26309
26310
26311
26312
26313
26314
26315
26316
26317
26318
26319
26320
26321
26322
26323
26324
26325
26326
26327
26328
26329
26330
26331
26332
26333
26334
26335
26336
26337
26338
26339
26340
26341
26342
26343
26344
26345
26346
26347
26348
26349
26350
26351
26352
26353
26354
26355
26356
26357
26358
26359
26360
26361
26362
26363
26364
26365
26366
26367
26368
26369
26370
26371
26372
26373
26374
26375
26376
26377
26378
26379
26380
26381
26382
26383
26384
26385
26386
26387
26388
26389
26390
26391
26392
26393
26394
26395
26396
26397
26398
26399
26400
26401
26402
26403
26404
26405
26406
26407
26408
26409
26410
26411
26412
26413
26414
26415
26416
26417
26418
26419
26420
26421
26422
26423
26424
26425
26426
26427
26428
26429
26430
26431
26432
26433
26434
26435
26436
26437
26438
26439
26440
26441
26442
26443
26444
26445
26446
26447
26448
26449
26450
26451
26452
26453
26454
26455
26456
26457
26458
26459
26460
26461
26462
26463
26464
26465
26466
26467
26468
26469
26470
26471
26472
26473
26474
26475
26476
26477
26478
26479
26480
26481
26482
26483
26484
26485
26486
26487
26488
26489
26490
26491
26492
26493
26494
26495
26496
26497
26498
26499
26500
26501
26502
26503
26504
26505
26506
26507
26508
26509
26510
26511
26512
26513
26514
26515
26516
26517
26518
26519
26520
26521
26522
26523
26524
26525
26526
26527
26528
26529
26530
26531
26532
26533
26534
26535
26536
26537
26538
26539
26540
26541
26542
26543
26544
26545
26546
26547
26548
26549
26550
26551
26552
26553
26554
26555
26556
26557
26558
26559
26560
26561
26562
26563
26564
26565
26566
26567
26568
26569
26570
26571
26572
26573
26574
26575
26576
26577
26578
26579
26580
26581
26582
26583
26584
26585
26586
26587
26588
26589
26590
26591
26592
26593
26594
26595
26596
26597
26598
26599
26600
26601
26602
26603
26604
26605
26606
26607
26608
26609
26610
26611
26612
26613
26614
26615
26616
26617
26618
26619
26620
26621
26622
26623
26624
26625
26626
26627
26628
26629
26630
26631
26632
26633
26634
26635
26636
26637
26638
26639
26640
26641
26642
26643
26644
26645
26646
26647
26648
26649
26650
26651
26652
26653
26654
26655
26656
26657
26658
26659
26660
26661
26662
26663
26664
26665
26666
26667
26668
26669
26670
26671
26672
26673
26674
26675
26676
26677
26678
26679
26680
26681
26682
26683
26684
26685
26686
26687
26688
26689
26690
26691
26692
26693
26694
26695
26696
26697
26698
26699
26700
26701
26702
26703
26704
26705
26706
26707
26708
26709
26710
26711
26712
26713
26714
26715
26716
26717
26718
26719
26720
26721
26722
26723
26724
26725
26726
26727
26728
26729
26730
26731
26732
26733
26734
26735
26736
26737
26738
26739
26740
26741
26742
26743
26744
26745
26746
26747
26748
26749
26750
26751
26752
26753
26754
26755
26756
26757
26758
26759
26760
26761
26762
26763
26764
26765
26766
26767
26768
26769
26770
26771
26772
26773
26774
26775
26776
26777
26778
26779
26780
26781
26782
26783
26784
26785
26786
26787
26788
26789
26790
26791
26792
26793
26794
26795
26796
26797
26798
26799
26800
26801
26802
26803
26804
26805
26806
26807
26808
26809
26810
26811
26812
26813
26814
26815
26816
26817
26818
26819
26820
26821
26822
26823
26824
26825
26826
26827
26828
26829
26830
26831
26832
26833
26834
26835
26836
26837
26838
26839
26840
26841
26842
26843
26844
26845
26846
26847
26848
26849
26850
26851
26852
26853
26854
26855
26856
26857
26858
26859
26860
26861
26862
26863
26864
26865
26866
26867
26868
26869
26870
26871
26872
26873
26874
26875
26876
26877
26878
26879
26880
26881
26882
26883
26884
26885
26886
26887
26888
26889
26890
26891
26892
26893
26894
26895
26896
26897
26898
26899
26900
26901
26902
26903
26904
26905
26906
26907
26908
26909
26910
26911
26912
26913
26914
26915
26916
26917
26918
26919
26920
26921
26922
26923
26924
26925
26926
26927
26928
26929
26930
26931
26932
26933
26934
26935
26936
26937
26938
26939
26940
26941
26942
26943
26944
26945
26946
26947
26948
26949
26950
26951
26952
26953
26954
26955
26956
26957
26958
26959
26960
26961
26962
26963
26964
26965
26966
26967
26968
26969
26970
26971
26972
26973
26974
26975
26976
26977
26978
26979
26980
26981
26982
26983
26984
26985
26986
26987
26988
26989
26990
26991
26992
26993
26994
26995
26996
26997
26998
26999
27000
27001
27002
27003
27004
27005
27006
27007
27008
27009
27010
27011
27012
27013
27014
27015
27016
27017
27018
27019
27020
27021
27022
27023
27024
27025
27026
27027
27028
27029
27030
27031
27032
27033
27034
27035
27036
27037
27038
27039
27040
27041
27042
27043
27044
27045
27046
27047
27048
27049
27050
27051
27052
27053
27054
27055
27056
27057
27058
27059
27060
27061
27062
27063
27064
27065
27066
27067
27068
27069
27070
27071
27072
27073
27074
27075
27076
27077
27078
27079
27080
27081
27082
27083
27084
27085
27086
27087
27088
27089
27090
27091
27092
27093
27094
27095
27096
27097
27098
27099
27100
27101
27102
27103
27104
27105
27106
27107
27108
27109
27110
27111
27112
27113
27114
27115
27116
27117
27118
27119
27120
27121
27122
27123
27124
27125
27126
27127
27128
27129
27130
27131
27132
27133
27134
27135
27136
27137
27138
27139
27140
27141
27142
27143
27144
27145
27146
27147
27148
27149
27150
27151
27152
27153
27154
27155
27156
27157
27158
27159
27160
27161
27162
27163
27164
27165
27166
27167
27168
27169
27170
27171
27172
27173
27174
27175
27176
27177
27178
27179
27180
27181
27182
27183
27184
27185
27186
27187
27188
27189
27190
27191
27192
27193
27194
27195
27196
27197
27198
27199
27200
27201
27202
27203
27204
27205
27206
27207
27208
27209
27210
27211
27212
27213
27214
27215
27216
27217
27218
27219
27220
27221
27222
27223
27224
27225
27226
27227
27228
27229
27230
27231
27232
27233
27234
27235
27236
27237
27238
27239
27240
27241
27242
27243
27244
27245
27246
27247
27248
27249
27250
27251
27252
27253
27254
27255
27256
27257
27258
27259
27260
27261
27262
27263
27264
27265
27266
27267
27268
27269
27270
27271
27272
27273
27274
27275
27276
27277
27278
27279
27280
27281
27282
27283
27284
27285
27286
27287
27288
27289
27290
27291
27292
27293
27294
27295
27296
27297
27298
27299
27300
27301
27302
27303
27304
27305
27306
27307
27308
27309
27310
27311
27312
27313
27314
27315
27316
27317
27318
27319
27320
27321
27322
27323
27324
27325
27326
27327
27328
27329
27330
27331
27332
27333
27334
27335
27336
27337
27338
27339
27340
27341
27342
27343
27344
27345
27346
27347
27348
27349
27350
27351
27352
27353
27354
27355
27356
27357
27358
27359
27360
27361
27362
27363
27364
27365
27366
27367
27368
27369
27370
27371
27372
27373
27374
27375
27376
27377
27378
27379
27380
27381
27382
27383
27384
27385
27386
27387
27388
27389
27390
27391
27392
27393
27394
27395
27396
27397
27398
27399
27400
27401
27402
27403
27404
27405
27406
27407
27408
27409
27410
27411
27412
27413
27414
27415
27416
27417
27418
27419
27420
27421
27422
27423
27424
27425
27426
27427
27428
27429
27430
27431
27432
27433
27434
27435
27436
27437
27438
27439
27440
27441
27442
27443
27444
27445
27446
27447
27448
27449
27450
27451
27452
27453
27454
27455
27456
27457
27458
27459
27460
27461
27462
27463
27464
27465
27466
27467
27468
27469
27470
27471
27472
27473
27474
27475
27476
27477
27478
27479
27480
27481
27482
27483
27484
27485
27486
27487
27488
27489
27490
27491
27492
27493
27494
27495
27496
27497
27498
27499
27500
27501
27502
27503
27504
27505
27506
27507
27508
27509
27510
27511
27512
27513
27514
27515
27516
27517
27518
27519
27520
27521
27522
27523
27524
27525
27526
27527
27528
27529
27530
27531
27532
27533
27534
27535
27536
27537
27538
27539
27540
27541
27542
27543
27544
27545
27546
27547
27548
27549
27550
27551
27552
27553
27554
27555
27556
27557
27558
27559
27560
27561
27562
27563
27564
27565
27566
27567
27568
27569
27570
27571
27572
27573
27574
27575
27576
27577
27578
27579
27580
27581
27582
27583
27584
27585
27586
27587
27588
27589
27590
27591
27592
27593
27594
27595
27596
27597
27598
27599
27600
27601
27602
27603
27604
27605
27606
27607
27608
27609
27610
27611
27612
27613
27614
27615
27616
27617
27618
27619
27620
27621
27622
27623
27624
27625
27626
27627
27628
27629
27630
27631
27632
27633
27634
27635
27636
27637
27638
27639
27640
27641
27642
27643
27644
27645
27646
27647
27648
27649
27650
27651
27652
27653
27654
27655
27656
27657
27658
27659
27660
27661
27662
27663
27664
27665
27666
27667
27668
27669
27670
27671
27672
27673
27674
27675
27676
27677
27678
27679
27680
27681
27682
27683
27684
27685
27686
27687
27688
27689
27690
27691
27692
27693
27694
27695
27696
27697
27698
27699
27700
27701
27702
27703
27704
27705
27706
27707
27708
27709
27710
27711
27712
27713
27714
27715
27716
27717
27718
27719
27720
27721
27722
27723
27724
27725
27726
27727
27728
27729
27730
27731
27732
27733
27734
27735
27736
27737
27738
27739
27740
27741
27742
27743
27744
27745
27746
27747
27748
27749
27750
27751
27752
27753
27754
27755
27756
27757
27758
27759
27760
27761
27762
27763
27764
27765
27766
27767
27768
27769
27770
27771
27772
27773
27774
27775
27776
27777
27778
27779
27780
27781
27782
27783
27784
27785
27786
27787
27788
27789
27790
27791
27792
27793
27794
27795
27796
27797
27798
27799
27800
27801
27802
27803
27804
27805
27806
27807
27808
27809
27810
27811
27812
27813
27814
27815
27816
27817
27818
27819
27820
27821
27822
27823
27824
27825
27826
27827
27828
27829
27830
27831
27832
27833
27834
27835
27836
27837
27838
27839
27840
27841
27842
27843
27844
27845
27846
27847
27848
27849
27850
27851
27852
27853
27854
27855
27856
27857
27858
27859
27860
27861
27862
27863
27864
27865
27866
27867
27868
27869
27870
27871
27872
27873
27874
27875
27876
27877
27878
27879
27880
27881
27882
27883
27884
27885
27886
27887
27888
27889
27890
27891
27892
27893
27894
27895
27896
27897
27898
27899
27900
27901
27902
27903
27904
27905
27906
27907
27908
27909
27910
27911
27912
27913
27914
27915
27916
27917
27918
27919
27920
27921
27922
27923
27924
27925
27926
27927
27928
27929
27930
27931
27932
27933
27934
27935
27936
27937
27938
27939
27940
27941
27942
27943
27944
27945
27946
27947
27948
27949
27950
27951
27952
27953
27954
27955
27956
27957
27958
27959
27960
27961
27962
27963
27964
27965
27966
27967
27968
27969
27970
27971
27972
27973
27974
27975
27976
27977
27978
27979
27980
27981
27982
27983
27984
27985
27986
27987
27988
27989
27990
27991
27992
27993
27994
27995
27996
27997
27998
27999
28000
28001
28002
28003
28004
28005
28006
28007
28008
28009
28010
28011
28012
28013
28014
28015
28016
28017
28018
28019
28020
28021
28022
28023
28024
28025
28026
28027
28028
28029
28030
28031
28032
28033
28034
28035
28036
28037
28038
28039
28040
28041
28042
28043
28044
28045
28046
28047
28048
28049
28050
28051
28052
28053
28054
28055
28056
28057
28058
28059
28060
28061
28062
28063
28064
28065
28066
28067
28068
28069
28070
28071
28072
28073
28074
28075
28076
28077
28078
28079
28080
28081
28082
28083
28084
28085
28086
28087
28088
28089
28090
28091
28092
28093
28094
28095
28096
28097
28098
28099
28100
28101
28102
28103
28104
28105
28106
28107
28108
28109
28110
28111
28112
28113
28114
28115
28116
28117
28118
28119
28120
28121
28122
28123
28124
28125
28126
28127
28128
28129
28130
28131
28132
28133
28134
28135
28136
28137
28138
28139
28140
28141
28142
28143
28144
28145
28146
28147
28148
28149
28150
28151
28152
28153
28154
28155
28156
28157
28158
28159
28160
28161
28162
28163
28164
28165
28166
28167
28168
28169
28170
28171
28172
28173
28174
28175
28176
28177
28178
28179
28180
28181
28182
28183
28184
28185
28186
28187
28188
28189
28190
28191
28192
28193
28194
28195
28196
28197
28198
28199
28200
28201
28202
28203
28204
28205
28206
28207
28208
28209
28210
28211
28212
28213
28214
28215
28216
28217
28218
28219
28220
28221
28222
28223
28224
28225
28226
28227
28228
28229
28230
28231
28232
28233
28234
28235
28236
28237
28238
28239
28240
28241
28242
28243
28244
28245
28246
28247
28248
28249
28250
28251
28252
28253
28254
28255
28256
28257
28258
28259
28260
28261
28262
28263
28264
28265
28266
28267
28268
28269
28270
28271
28272
28273
28274
28275
28276
28277
28278
28279
28280
28281
28282
28283
28284
28285
28286
28287
28288
28289
28290
28291
28292
28293
28294
28295
28296
28297
28298
28299
28300
28301
28302
28303
28304
28305
28306
28307
28308
28309
28310
28311
28312
28313
28314
28315
28316
28317
28318
28319
28320
28321
28322
28323
28324
28325
28326
28327
28328
28329
28330
28331
28332
28333
28334
28335
28336
28337
28338
28339
28340
28341
28342
28343
28344
28345
28346
28347
28348
28349
28350
28351
28352
28353
28354
28355
28356
28357
28358
28359
28360
28361
28362
28363
28364
28365
28366
28367
28368
28369
28370
28371
28372
28373
28374
28375
28376
28377
28378
28379
28380
28381
28382
28383
28384
28385
28386
28387
28388
28389
28390
28391
28392
28393
28394
28395
28396
28397
28398
28399
28400
28401
28402
28403
28404
28405
28406
28407
28408
28409
28410
28411
28412
28413
28414
28415
28416
28417
28418
28419
28420
28421
28422
28423
28424
28425
28426
28427
28428
28429
28430
28431
28432
28433
28434
28435
28436
28437
28438
28439
28440
28441
28442
28443
28444
28445
28446
28447
28448
28449
28450
28451
28452
28453
28454
28455
28456
28457
28458
28459
28460
28461
28462
28463
28464
28465
28466
28467
28468
28469
28470
28471
28472
28473
28474
28475
28476
28477
28478
28479
28480
28481
28482
28483
28484
28485
28486
28487
28488
28489
28490
28491
28492
28493
28494
28495
28496
28497
28498
28499
28500
28501
28502
28503
28504
28505
28506
28507
28508
28509
28510
28511
28512
28513
28514
28515
28516
28517
28518
28519
28520
28521
28522
28523
28524
28525
28526
28527
28528
28529
28530
28531
28532
28533
28534
28535
28536
28537
28538
28539
28540
28541
28542
28543
28544
28545
28546
28547
28548
28549
28550
28551
28552
28553
28554
28555
28556
28557
28558
28559
28560
28561
28562
28563
28564
28565
28566
28567
28568
28569
28570
28571
28572
28573
28574
28575
28576
28577
28578
28579
28580
28581
28582
28583
28584
28585
28586
28587
28588
28589
28590
28591
28592
28593
28594
28595
28596
28597
28598
28599
28600
28601
28602
28603
28604
28605
28606
28607
28608
28609
28610
28611
28612
28613
28614
28615
28616
28617
28618
28619
28620
28621
28622
28623
28624
28625
28626
28627
28628
28629
28630
28631
28632
28633
28634
28635
28636
28637
28638
28639
28640
28641
28642
28643
28644
28645
28646
28647
28648
28649
28650
28651
28652
28653
28654
28655
28656
28657
28658
28659
28660
28661
28662
28663
28664
28665
28666
28667
28668
28669
28670
28671
28672
28673
28674
28675
28676
28677
28678
28679
28680
28681
28682
28683
28684
28685
28686
28687
28688
28689
28690
28691
28692
28693
28694
28695
28696
28697
28698
28699
28700
28701
28702
28703
28704
28705
28706
28707
28708
28709
28710
28711
28712
28713
28714
28715
28716
28717
28718
28719
28720
28721
28722
28723
28724
28725
28726
28727
28728
28729
28730
28731
28732
28733
28734
28735
28736
28737
28738
28739
28740
28741
28742
28743
28744
28745
28746
28747
28748
28749
28750
28751
28752
28753
28754
28755
28756
28757
28758
28759
28760
28761
28762
28763
28764
28765
28766
28767
28768
28769
28770
28771
28772
28773
28774
28775
28776
28777
28778
28779
28780
28781
28782
28783
28784
28785
28786
28787
28788
28789
28790
28791
28792
28793
28794
28795
28796
28797
28798
28799
28800
28801
28802
28803
28804
28805
28806
28807
28808
28809
28810
28811
28812
28813
28814
28815
28816
28817
28818
28819
28820
28821
28822
28823
28824
28825
28826
28827
28828
28829
28830
28831
28832
28833
28834
28835
28836
28837
28838
28839
28840
28841
28842
28843
28844
28845
28846
28847
28848
28849
28850
28851
28852
28853
28854
28855
28856
28857
28858
28859
28860
28861
28862
28863
28864
28865
28866
28867
28868
28869
28870
28871
28872
28873
28874
28875
28876
28877
28878
28879
28880
28881
28882
28883
28884
28885
28886
28887
28888
28889
28890
28891
28892
28893
28894
28895
28896
28897
28898
28899
28900
28901
28902
28903
28904
28905
28906
28907
28908
28909
28910
28911
28912
28913
28914
28915
28916
28917
28918
28919
28920
28921
28922
28923
28924
28925
28926
28927
28928
28929
28930
28931
28932
28933
28934
28935
28936
28937
28938
28939
28940
28941
28942
28943
28944
28945
28946
28947
28948
28949
28950
28951
28952
28953
28954
28955
28956
28957
28958
28959
28960
28961
28962
28963
28964
28965
28966
28967
28968
28969
28970
28971
28972
28973
28974
28975
28976
28977
28978
28979
28980
28981
28982
28983
28984
28985
28986
28987
28988
28989
28990
28991
28992
28993
28994
28995
28996
28997
28998
28999
29000
29001
29002
29003
29004
29005
29006
29007
29008
29009
29010
29011
29012
29013
29014
29015
29016
29017
29018
29019
29020
29021
29022
29023
29024
29025
29026
29027
29028
29029
29030
29031
29032
29033
29034
29035
29036
29037
29038
29039
29040
29041
29042
29043
29044
29045
29046
29047
29048
29049
29050
29051
29052
29053
29054
29055
29056
29057
29058
29059
29060
29061
29062
29063
29064
29065
29066
29067
29068
29069
29070
29071
29072
29073
29074
29075
29076
29077
29078
29079
29080
29081
29082
29083
29084
29085
29086
29087
29088
29089
29090
29091
29092
29093
29094
29095
29096
29097
29098
29099
29100
29101
29102
29103
29104
29105
29106
29107
29108
29109
29110
29111
29112
29113
29114
29115
29116
29117
29118
29119
29120
29121
29122
29123
29124
29125
29126
29127
29128
29129
29130
29131
29132
29133
29134
29135
29136
29137
29138
29139
29140
29141
29142
29143
29144
29145
29146
29147
29148
29149
29150
29151
29152
29153
29154
29155
29156
29157
29158
29159
29160
29161
29162
29163
29164
29165
29166
29167
29168
29169
29170
29171
29172
29173
29174
29175
29176
29177
29178
29179
29180
29181
29182
29183
29184
29185
29186
29187
29188
29189
29190
29191
29192
29193
29194
29195
29196
29197
29198
29199
29200
29201
29202
29203
29204
29205
29206
29207
29208
29209
29210
29211
29212
29213
29214
29215
29216
29217
29218
29219
29220
29221
29222
29223
29224
29225
29226
29227
29228
29229
29230
29231
29232
29233
29234
29235
29236
29237
29238
29239
29240
29241
29242
29243
29244
29245
29246
29247
29248
29249
29250
29251
29252
29253
29254
29255
29256
29257
29258
29259
29260
29261
29262
29263
29264
29265
29266
29267
29268
29269
29270
29271
29272
29273
29274
29275
29276
29277
29278
29279
29280
29281
29282
29283
29284
29285
29286
29287
29288
29289
29290
29291
29292
29293
29294
29295
29296
29297
29298
29299
29300
29301
29302
29303
29304
29305
29306
29307
29308
29309
29310
29311
29312
29313
29314
29315
29316
29317
29318
29319
29320
29321
29322
29323
29324
29325
29326
29327
29328
29329
29330
29331
29332
29333
29334
29335
29336
29337
29338
29339
29340
29341
29342
29343
29344
29345
29346
29347
29348
29349
29350
29351
29352
29353
29354
29355
29356
29357
29358
29359
29360
29361
29362
29363
29364
29365
29366
29367
29368
29369
29370
29371
29372
29373
29374
29375
29376
29377
29378
29379
29380
29381
29382
29383
29384
29385
29386
29387
29388
29389
29390
29391
29392
29393
29394
29395
29396
29397
29398
29399
29400
29401
29402
29403
29404
29405
29406
29407
29408
29409
29410
29411
29412
29413
29414
29415
29416
29417
29418
29419
29420
29421
29422
29423
29424
29425
29426
29427
29428
29429
29430
29431
29432
29433
29434
29435
29436
29437
29438
29439
29440
29441
29442
29443
29444
29445
29446
29447
29448
29449
29450
29451
29452
29453
29454
29455
29456
29457
29458
29459
29460
29461
29462
29463
29464
29465
29466
29467
29468
29469
29470
29471
29472
29473
29474
29475
29476
29477
29478
29479
29480
29481
29482
29483
29484
29485
29486
29487
29488
29489
29490
29491
29492
29493
29494
29495
29496
29497
29498
29499
29500
29501
29502
29503
29504
29505
29506
29507
29508
29509
29510
29511
29512
29513
29514
29515
29516
29517
29518
29519
29520
29521
29522
29523
29524
29525
29526
29527
29528
29529
29530
29531
29532
29533
29534
29535
29536
29537
29538
29539
29540
29541
29542
29543
29544
29545
29546
29547
29548
29549
29550
29551
29552
29553
29554
29555
29556
29557
29558
29559
29560
29561
29562
29563
29564
29565
29566
29567
29568
29569
29570
29571
29572
29573
29574
29575
29576
29577
29578
29579
29580
29581
29582
29583
29584
29585
29586
29587
29588
29589
29590
29591
29592
29593
29594
29595
29596
29597
29598
29599
29600
29601
29602
29603
29604
29605
29606
29607
29608
29609
29610
29611
29612
29613
29614
29615
29616
29617
29618
29619
29620
29621
29622
29623
29624
29625
29626
29627
29628
29629
29630
29631
29632
29633
29634
29635
29636
29637
29638
29639
29640
29641
29642
29643
29644
29645
29646
29647
29648
29649
29650
29651
29652
29653
29654
29655
29656
29657
29658
29659
29660
29661
29662
29663
29664
29665
29666
29667
29668
29669
29670
29671
29672
29673
29674
29675
29676
29677
29678
29679
29680
29681
29682
29683
29684
29685
29686
29687
29688
29689
29690
29691
29692
29693
29694
29695
29696
29697
29698
29699
29700
29701
29702
29703
29704
29705
29706
29707
29708
29709
29710
29711
29712
29713
29714
29715
29716
29717
29718
29719
29720
29721
29722
29723
29724
29725
29726
29727
29728
29729
29730
29731
29732
29733
29734
29735
29736
29737
29738
29739
29740
29741
29742
29743
29744
29745
29746
29747
29748
29749
29750
29751
29752
29753
29754
29755
29756
29757
29758
29759
29760
29761
29762
29763
29764
29765
29766
29767
29768
29769
29770
29771
29772
29773
29774
29775
29776
29777
29778
29779
29780
29781
29782
29783
29784
29785
29786
29787
29788
29789
29790
29791
29792
29793
29794
29795
29796
29797
29798
29799
29800
29801
29802
29803
29804
29805
29806
29807
29808
29809
29810
29811
29812
29813
29814
29815
29816
29817
29818
29819
29820
29821
29822
29823
29824
29825
29826
29827
29828
29829
29830
29831
29832
29833
29834
29835
29836
29837
29838
29839
29840
29841
29842
29843
29844
29845
29846
29847
29848
29849
29850
29851
29852
29853
29854
29855
29856
29857
29858
29859
29860
29861
29862
29863
29864
29865
29866
29867
29868
29869
29870
29871
29872
29873
29874
29875
29876
29877
29878
29879
29880
29881
29882
29883
29884
29885
29886
29887
29888
29889
29890
29891
29892
29893
29894
29895
29896
29897
29898
29899
29900
29901
29902
29903
29904
29905
29906
29907
29908
29909
29910
29911
29912
29913
29914
29915
29916
29917
29918
29919
29920
29921
29922
29923
29924
29925
29926
29927
29928
29929
29930
29931
29932
29933
29934
29935
29936
29937
29938
29939
29940
29941
29942
29943
29944
29945
29946
29947
29948
29949
29950
29951
29952
29953
29954
29955
29956
29957
29958
29959
29960
29961
29962
29963
29964
29965
29966
29967
29968
29969
29970
29971
29972
29973
29974
29975
29976
29977
29978
29979
29980
29981
29982
29983
29984
29985
29986
29987
29988
29989
29990
29991
29992
29993
29994
29995
29996
29997
29998
29999
30000
30001
30002
30003
30004
30005
30006
30007
30008
30009
30010
30011
30012
30013
30014
30015
30016
30017
30018
30019
30020
30021
30022
30023
30024
30025
30026
30027
30028
30029
30030
30031
30032
30033
30034
30035
30036
30037
30038
30039
30040
30041
30042
30043
30044
30045
30046
30047
30048
30049
30050
30051
30052
30053
30054
30055
30056
30057
30058
30059
30060
30061
30062
30063
30064
30065
30066
30067
30068
30069
30070
30071
30072
30073
30074
30075
30076
30077
30078
30079
30080
30081
30082
30083
30084
30085
30086
30087
30088
30089
30090
30091
30092
30093
30094
30095
30096
30097
30098
30099
30100
30101
30102
30103
30104
30105
30106
30107
30108
30109
30110
30111
30112
30113
30114
30115
30116
30117
30118
30119
30120
30121
30122
30123
30124
30125
30126
30127
30128
30129
30130
30131
30132
30133
30134
30135
30136
30137
30138
30139
30140
30141
30142
30143
30144
30145
30146
30147
30148
30149
30150
30151
30152
30153
30154
30155
30156
30157
30158
30159
30160
30161
30162
30163
30164
30165
30166
30167
30168
30169
30170
30171
30172
30173
30174
30175
30176
30177
30178
30179
30180
30181
30182
30183
30184
30185
30186
30187
30188
30189
30190
30191
30192
30193
30194
30195
30196
30197
30198
30199
30200
30201
30202
30203
30204
30205
30206
30207
30208
30209
30210
30211
30212
30213
30214
30215
30216
30217
30218
30219
30220
30221
30222
30223
30224
30225
30226
30227
30228
30229
30230
30231
30232
30233
30234
30235
30236
30237
30238
30239
30240
30241
30242
30243
30244
30245
30246
30247
30248
30249
30250
30251
30252
30253
30254
30255
30256
30257
30258
30259
30260
30261
30262
30263
30264
30265
30266
30267
30268
30269
30270
30271
30272
30273
30274
30275
30276
30277
30278
30279
30280
30281
30282
30283
30284
30285
30286
30287
30288
30289
30290
30291
30292
30293
30294
30295
30296
30297
30298
30299
30300
30301
30302
30303
30304
30305
30306
30307
30308
30309
30310
30311
30312
30313
30314
30315
30316
30317
30318
30319
30320
30321
30322
30323
30324
30325
30326
30327
30328
30329
30330
30331
30332
30333
30334
30335
30336
30337
30338
30339
30340
30341
30342
30343
30344
30345
30346
30347
30348
30349
30350
30351
30352
30353
30354
30355
30356
30357
30358
30359
30360
30361
30362
30363
30364
30365
30366
30367
30368
30369
30370
30371
30372
30373
30374
30375
30376
30377
30378
30379
30380
30381
30382
30383
30384
30385
30386
30387
30388
30389
30390
30391
30392
30393
30394
30395
30396
30397
30398
30399
30400
30401
30402
30403
30404
30405
30406
30407
30408
30409
30410
30411
30412
30413
30414
30415
30416
30417
30418
30419
30420
30421
30422
30423
30424
30425
30426
30427
30428
30429
30430
30431
30432
30433
30434
30435
30436
30437
30438
30439
30440
30441
30442
30443
30444
30445
30446
30447
30448
30449
30450
30451
30452
30453
30454
30455
30456
30457
30458
30459
30460
30461
30462
30463
30464
30465
30466
30467
30468
30469
30470
30471
30472
30473
30474
30475
30476
30477
30478
30479
30480
30481
30482
30483
30484
30485
30486
30487
30488
30489
30490
30491
30492
30493
30494
30495
30496
30497
30498
30499
30500
30501
30502
30503
30504
30505
30506
30507
30508
30509
30510
30511
30512
30513
30514
30515
30516
30517
30518
30519
30520
30521
30522
30523
30524
30525
30526
30527
30528
30529
30530
30531
30532
30533
30534
30535
30536
30537
30538
30539
30540
30541
30542
30543
30544
30545
30546
30547
30548
30549
30550
30551
30552
30553
30554
30555
30556
30557
30558
30559
30560
30561
30562
30563
30564
30565
30566
30567
30568
30569
30570
30571
30572
30573
30574
30575
30576
30577
30578
30579
30580
30581
30582
30583
30584
30585
30586
30587
30588
30589
30590
30591
30592
30593
30594
30595
30596
30597
30598
30599
30600
30601
30602
30603
30604
30605
30606
30607
30608
30609
30610
30611
30612
30613
30614
30615
30616
30617
30618
30619
30620
30621
30622
30623
30624
30625
30626
30627
30628
30629
30630
30631
30632
30633
30634
30635
30636
30637
30638
30639
30640
30641
30642
30643
30644
30645
30646
30647
30648
30649
30650
30651
30652
30653
30654
30655
30656
30657
30658
30659
30660
30661
30662
30663
30664
30665
30666
30667
30668
30669
30670
30671
30672
30673
30674
30675
30676
30677
30678
30679
30680
30681
30682
30683
30684
30685
30686
30687
30688
30689
30690
30691
30692
30693
30694
30695
30696
30697
30698
30699
30700
30701
30702
30703
30704
30705
30706
30707
30708
30709
30710
30711
30712
30713
30714
30715
30716
30717
30718
30719
30720
30721
30722
30723
30724
30725
30726
30727
30728
30729
30730
30731
30732
30733
30734
30735
30736
30737
30738
30739
30740
30741
30742
30743
30744
30745
30746
30747
30748
30749
30750
30751
30752
30753
30754
30755
30756
30757
30758
30759
30760
30761
30762
30763
30764
30765
30766
30767
30768
30769
30770
30771
30772
30773
30774
30775
30776
30777
30778
30779
30780
30781
30782
30783
30784
30785
30786
30787
30788
30789
30790
30791
30792
30793
30794
30795
30796
30797
30798
30799
30800
30801
30802
30803
30804
30805
30806
30807
30808
30809
30810
30811
30812
30813
30814
30815
30816
30817
30818
30819
30820
30821
30822
30823
30824
30825
30826
30827
30828
30829
30830
30831
30832
30833
30834
30835
30836
30837
30838
30839
30840
30841
30842
30843
30844
30845
30846
30847
30848
30849
30850
30851
30852
30853
30854
30855
30856
30857
30858
30859
30860
30861
30862
30863
30864
30865
30866
30867
30868
30869
30870
30871
30872
30873
30874
30875
30876
30877
30878
30879
30880
30881
30882
30883
30884
30885
30886
30887
30888
30889
30890
30891
30892
30893
30894
30895
30896
30897
30898
30899
30900
30901
30902
30903
30904
30905
30906
30907
30908
30909
30910
30911
30912
30913
30914
30915
30916
30917
30918
30919
30920
30921
30922
30923
30924
30925
30926
30927
30928
30929
30930
30931
30932
30933
30934
30935
30936
30937
30938
30939
30940
30941
30942
30943
30944
30945
30946
30947
30948
30949
30950
30951
30952
30953
30954
30955
30956
30957
30958
30959
30960
30961
30962
30963
30964
30965
30966
30967
30968
30969
30970
30971
30972
30973
30974
30975
30976
30977
30978
30979
30980
30981
30982
30983
30984
30985
30986
30987
30988
30989
30990
30991
30992
30993
30994
30995
30996
30997
30998
30999
31000
31001
31002
31003
31004
31005
31006
31007
31008
31009
31010
31011
31012
31013
31014
31015
31016
31017
31018
31019
31020
31021
31022
31023
31024
31025
31026
31027
31028
31029
31030
31031
31032
31033
31034
31035
31036
31037
31038
31039
31040
31041
31042
31043
31044
31045
31046
31047
31048
31049
31050
31051
31052
31053
31054
31055
31056
31057
31058
31059
31060
31061
31062
31063
31064
31065
31066
31067
31068
31069
31070
31071
31072
31073
31074
31075
31076
31077
31078
31079
31080
31081
31082
31083
31084
31085
31086
31087
31088
31089
31090
31091
31092
31093
31094
31095
31096
31097
31098
31099
31100
31101
31102
31103
31104
31105
31106
31107
31108
31109
31110
31111
31112
31113
31114
31115
31116
31117
31118
31119
31120
31121
31122
31123
31124
31125
31126
31127
31128
31129
31130
31131
31132
31133
31134
31135
31136
31137
31138
31139
31140
31141
31142
31143
31144
31145
31146
31147
31148
31149
31150
31151
31152
31153
31154
31155
31156
31157
31158
31159
31160
31161
31162
31163
31164
31165
31166
31167
31168
31169
31170
31171
31172
31173
31174
31175
31176
31177
31178
31179
31180
31181
31182
31183
31184
31185
31186
31187
31188
31189
31190
31191
31192
31193
31194
31195
31196
31197
31198
31199
31200
31201
31202
31203
31204
31205
31206
31207
31208
31209
31210
31211
31212
31213
31214
31215
31216
31217
31218
31219
31220
31221
31222
31223
31224
31225
31226
31227
31228
31229
31230
31231
31232
31233
31234
31235
31236
31237
31238
31239
31240
31241
31242
31243
31244
31245
31246
31247
31248
31249
31250
31251
31252
31253
31254
31255
31256
31257
31258
31259
31260
31261
31262
31263
31264
31265
31266
31267
31268
31269
31270
31271
31272
31273
31274
31275
31276
31277
31278
31279
31280
31281
31282
31283
31284
31285
31286
31287
31288
31289
31290
31291
31292
31293
31294
31295
31296
31297
31298
31299
31300
31301
31302
31303
31304
31305
31306
31307
31308
31309
31310
31311
31312
31313
31314
31315
31316
31317
31318
31319
31320
31321
31322
31323
31324
31325
31326
31327
31328
31329
31330
31331
31332
31333
31334
31335
31336
31337
31338
31339
31340
31341
31342
31343
31344
31345
31346
31347
31348
31349
31350
31351
31352
31353
31354
31355
31356
31357
31358
31359
31360
31361
31362
31363
31364
31365
31366
31367
31368
31369
31370
31371
31372
31373
31374
31375
31376
31377
31378
31379
31380
31381
31382
31383
31384
31385
31386
31387
31388
31389
31390
31391
31392
31393
31394
31395
31396
31397
31398
31399
31400
31401
31402
31403
31404
31405
31406
31407
31408
31409
31410
31411
31412
31413
31414
31415
31416
31417
31418
31419
31420
31421
31422
31423
31424
31425
31426
31427
31428
31429
31430
31431
31432
31433
31434
31435
31436
31437
31438
31439
31440
31441
31442
31443
31444
31445
31446
31447
31448
31449
31450
31451
31452
31453
31454
31455
31456
31457
31458
31459
31460
31461
31462
31463
31464
31465
31466
31467
31468
31469
31470
31471
31472
31473
31474
31475
31476
31477
31478
31479
31480
31481
31482
31483
31484
31485
31486
31487
31488
31489
31490
31491
31492
31493
31494
31495
31496
31497
31498
31499
31500
31501
31502
31503
31504
31505
31506
31507
31508
31509
31510
31511
31512
31513
31514
31515
31516
31517
31518
31519
31520
31521
31522
31523
31524
31525
31526
31527
31528
31529
31530
31531
31532
31533
31534
31535
31536
31537
31538
31539
31540
31541
31542
31543
31544
31545
31546
31547
31548
31549
31550
31551
31552
31553
31554
31555
31556
31557
31558
31559
31560
31561
31562
31563
31564
31565
31566
31567
31568
31569
31570
31571
31572
31573
31574
31575
31576
31577
31578
31579
31580
31581
31582
31583
31584
31585
31586
31587
31588
31589
31590
31591
31592
31593
31594
31595
31596
31597
31598
31599
31600
31601
31602
31603
31604
31605
31606
31607
31608
31609
31610
31611
31612
31613
31614
31615
31616
31617
31618
31619
31620
31621
31622
31623
31624
31625
31626
31627
31628
31629
31630
31631
31632
31633
31634
31635
31636
31637
31638
31639
31640
31641
31642
31643
31644
31645
31646
31647
31648
31649
31650
31651
31652
31653
31654
31655
31656
31657
31658
31659
31660
31661
31662
31663
31664
31665
31666
31667
31668
31669
31670
31671
31672
31673
31674
31675
31676
31677
31678
31679
31680
31681
31682
31683
31684
31685
31686
31687
31688
31689
31690
31691
31692
31693
31694
31695
31696
31697
31698
31699
31700
31701
31702
31703
31704
31705
31706
31707
31708
31709
31710
31711
31712
31713
31714
31715
31716
31717
31718
31719
31720
31721
31722
31723
31724
31725
31726
31727
31728
31729
31730
31731
31732
31733
31734
31735
31736
31737
31738
31739
31740
31741
31742
31743
31744
31745
31746
31747
31748
31749
31750
31751
31752
31753
31754
31755
31756
31757
31758
31759
31760
31761
31762
31763
31764
31765
31766
31767
31768
31769
31770
31771
31772
31773
31774
31775
31776
31777
31778
31779
31780
31781
31782
31783
31784
31785
31786
31787
31788
31789
31790
31791
31792
31793
31794
31795
31796
31797
31798
31799
31800
31801
31802
31803
31804
31805
31806
31807
31808
31809
31810
31811
31812
31813
31814
31815
31816
31817
31818
31819
31820
31821
31822
31823
31824
31825
31826
31827
31828
31829
31830
31831
31832
31833
31834
31835
31836
31837
31838
31839
31840
31841
31842
31843
31844
31845
31846
31847
31848
31849
31850
31851
31852
31853
31854
31855
31856
31857
31858
31859
31860
31861
31862
31863
31864
31865
31866
31867
31868
31869
31870
31871
31872
31873
31874
31875
31876
31877
31878
31879
31880
31881
31882
31883
31884
31885
31886
31887
31888
31889
31890
31891
31892
31893
31894
31895
31896
31897
31898
31899
31900
31901
31902
31903
31904
31905
31906
31907
31908
31909
31910
31911
31912
31913
31914
31915
31916
31917
31918
31919
31920
31921
31922
31923
31924
31925
31926
31927
31928
31929
31930
31931
31932
31933
31934
31935
31936
31937
31938
31939
31940
31941
31942
31943
31944
31945
31946
31947
31948
31949
31950
31951
31952
31953
31954
31955
31956
31957
31958
31959
31960
31961
31962
31963
31964
31965
31966
31967
31968
31969
31970
31971
31972
31973
31974
31975
31976
31977
31978
31979
31980
31981
31982
31983
31984
31985
31986
31987
31988
31989
31990
31991
31992
31993
31994
31995
31996
31997
31998
31999
32000
32001
32002
32003
32004
32005
32006
32007
32008
32009
32010
32011
32012
32013
32014
32015
32016
32017
32018
32019
32020
32021
32022
32023
32024
32025
32026
32027
32028
32029
32030
32031
32032
32033
32034
32035
32036
32037
32038
32039
32040
32041
32042
32043
32044
32045
32046
32047
32048
32049
32050
32051
32052
32053
32054
32055
32056
32057
32058
32059
32060
32061
32062
32063
32064
32065
32066
32067
32068
32069
32070
32071
32072
32073
32074
32075
32076
32077
32078
32079
32080
32081
32082
32083
32084
32085
32086
32087
32088
32089
32090
32091
32092
32093
32094
32095
32096
32097
32098
32099
32100
32101
32102
32103
32104
32105
32106
32107
32108
32109
32110
32111
32112
32113
32114
32115
32116
32117
32118
32119
32120
32121
32122
32123
32124
32125
32126
32127
32128
32129
32130
32131
32132
32133
32134
32135
32136
32137
32138
32139
32140
32141
32142
32143
32144
32145
32146
32147
32148
32149
32150
32151
32152
32153
32154
32155
32156
32157
32158
32159
32160
32161
32162
32163
32164
32165
32166
32167
32168
32169
32170
32171
32172
32173
32174
32175
32176
32177
32178
32179
32180
32181
32182
32183
32184
32185
32186
32187
32188
32189
32190
32191
32192
32193
32194
32195
32196
32197
32198
32199
32200
32201
32202
32203
32204
32205
32206
32207
32208
32209
32210
32211
32212
32213
32214
32215
32216
32217
32218
32219
32220
32221
32222
32223
32224
32225
32226
32227
32228
32229
32230
32231
32232
32233
32234
32235
32236
32237
32238
32239
32240
32241
32242
32243
32244
32245
32246
32247
32248
32249
32250
32251
32252
32253
32254
32255
32256
32257
32258
32259
32260
32261
32262
32263
32264
32265
32266
32267
32268
32269
32270
32271
32272
32273
32274
32275
32276
32277
32278
32279
32280
32281
32282
32283
32284
32285
32286
32287
32288
32289
32290
32291
32292
32293
32294
32295
32296
32297
32298
32299
32300
32301
32302
32303
32304
32305
32306
32307
32308
32309
32310
32311
32312
32313
32314
32315
32316
32317
32318
32319
32320
32321
32322
32323
32324
32325
32326
32327
32328
32329
32330
32331
32332
32333
32334
32335
32336
32337
32338
32339
32340
32341
32342
32343
32344
32345
32346
32347
32348
32349
32350
32351
32352
32353
32354
32355
32356
32357
32358
32359
32360
32361
32362
32363
32364
32365
32366
32367
32368
32369
32370
32371
32372
32373
32374
32375
32376
32377
32378
32379
32380
32381
32382
32383
32384
32385
32386
32387
32388
32389
32390
32391
32392
32393
32394
32395
32396
32397
32398
32399
32400
32401
32402
32403
32404
32405
32406
32407
32408
32409
32410
32411
32412
32413
32414
32415
32416
32417
32418
32419
32420
32421
32422
32423
|
Change notes from older releases. For current info, see RELEASE-NOTES-1.44.
= MediaWiki 1.43 =
PHP 8.1 workboard: https://phabricator.wikimedia.org/tag/php_8.1_support/
PHP 8.2 workboard: https://phabricator.wikimedia.org/tag/php_8.2_support/
PHP 8.3 workboard: https://phabricator.wikimedia.org/tag/php_8.3_support/
PHP 8.4 workboard: https://phabricator.wikimedia.org/tag/php_8.4_support/
=== Changes since MediaWiki 1.43.1 ===
* Localisation updates.
* (T382987) $wgDnsBlacklistUrls now defaults to an empty array. See the comment
in the "Configuration changes for system administrators" section.
== MediaWiki 1.43.0 ==
=== Changes since MediaWiki 1.43.0-rc.0 ===
* (T381728) Use PHP 8.3 in MediaWiki-Docker
* (T382375) Misaligned label margins on Special:MathStatus
* (T382196) \overbrace rendered below (not above) in MathML and client-side
Mathjax
* (T381310) Math Popup not working in newer version of Popup-Extension
* (T380079) This page is using the deprecated ResourceLoader module
"mediawiki.Uri" on page load
* (T381311) Preview has wrong location in MathML mode
* (T381046) Preview not working with MathML rendering
* (T381102) <math>\left(a\right)'</math> in MathML and MathJax renders
with one prime symbol too much
* (T380184) <math>\operatorname{vec}</math> crashes with native MathML
* (T380654) vertical space between multline equations is ignored
* (T375274) mediawiki_function_names math functions eat the following paren in
native MML mode
* (T373732) Audit SUL3 shared-domain i18n messages for XSS
* (T381068) PHP Deprecated: Creation of dynamic property
MediaWiki\\Auth\\ButtonAuthenticationRequest::$skipReset is deprecated
at AuthenticationRequest.php:182
* (T20110) Define AbuseFilter consequence to display a CAPTCHA
* (T332743) On private wikis the ellipsis should not appear above 720px
(wikitech, office, translate wiki)
== Upgrading notes for 1.43 ==
Don't forget to always back up your database before upgrading!
See the file UPGRADE for more detailed per-version upgrade instructions from the
oldest supported upgrading version, MediaWiki 1.35.
Some specific notes for MediaWiki 1.43 upgrades are below:
* It is now necessary that the OpenSSL PHP extension is installed.
* update.php updates the Linter database table with two migration scripts that
can take a long time to run: with the provided settings, each migration
script update roughly 500 rows per second. If at all possible, it is
highly recommended to let update.php run these migration scripts.
If this is deemed too long a maintenance operation (depending on the number
of rows in the Linter database table), it is possible, for a upgrade from
1.40 onwards, to run the migration scripts before updating the MediaWiki
and extensions files to 1.43. Set $wgLinterWriteNamespaceColumnStage and
$wgLinterWriteTagAndTemplateColumnsStage to true, and run the
extensions/Linter/maintenance/migrateNamespace.php and
extensions/Linter/maintenance/migrateTagTemplate.php migration scripts
before proceeding with any other code update.
When upgrading from a version <= 1.39, a multi-step update is necessary to
be able to run the migration scripts independently from update.php: first
update to 1.42, then proceed as indicated.
For notes on 1.42.x and older releases, see HISTORY.
=== Configuration changes for system administrators in 1.43 ===
* $wgBlockTargetMigrationStage, which was introduced in 1.42, is now deprecated
and has no effect.
* (T382987) The default value of 'http.dnsbl.sorbs.net.' in $wgDnsBlacklistUrls
has been removed. This is because sorbs.net have stopped providing their
services. This means that if you have $wgEnableDnsBlacklist set to true, it
will no longer provide any value unless you add other servers to
$wgDnsBlacklistUrls.
==== New configuration ====
* (T13555) $wgParserEnableLegacyHeadingDOM - Defaults to `true`, can be set to
`false` to enable new, more accessible HTML markup for wikitext headings.
Note that each skin must also use the 'supportsMwHeading' option to allow it.
More information: https://www.mediawiki.org/wiki/Heading_HTML_changes
In a future release the new markup will become the default,
and later this option will be removed.
* (T12347) $wgEnableProtectionIndicators - Defaults to false, setting it to true
shows a lock icon indicator on protected pages.
* (T373480) $wgSortedCategories - Defaults to false, setting it to true will
sort the categories shown on article pages. This is an experimental setting;
its future will depend on community adoption and feedback on the phab task
is welcome.
* (T45646) $wgAllowRawHtmlCopyrightMessages - Defaults to true, can be set to
false to disable the use of the localisation messages 'copyright' and
'history_copyright' and the hook 'SkinCopyrightFooter', which have been
deprecated in this release. This helps protect your wiki against attacks by
a rogue administrator account and will become the default in the future.
* (T4085) $wgParserEnableUserLanguage - Defaults to false, can be set to
true to let {{USERLANGUAGE}} magic word return the user's language,
instead of the page language. Beware that accessing the user language may
reduce the efficiency of the parser cache.
==== Changed configuration ====
* wgPageLinksSchemaMigrationStage – (T299947) This temporary setting, which
controls the database schema migration for the page links table, is now set
by default to write to both old and new data and read from the new data.
* wgFooterIcons – (T256190) The default "Powered by MediaWiki" button icon has
been updated to an SVG icon, and the footer icons are now wrapped as buttons
in HTML, rather than faking it within the icons themselves. You should adjust
any footer icons you provide or over-ride to match.
* The "error-json" channel, configurable via $wgDebugLogGroups, has been
removed. For structured logging, use the "error" channel directly instead.
Since MediaWiki 1.25, structured logging is supported via Monolog for all
channels, including the "error" channel. For silenced errors, you use the
"silenced-error" channel added in MediaWiki 1.42. (T193472)
* wgResourceLoaderUseObjectCacheForDeps - (T343492) This is now enabled by
default. This means ResourceLoader writes information to the MainStash
instead of a core database table, which can be set to a separate database
via wgMainStash. If you find issues, please drop a comment on T343492.
It is now deprecated and will be removed in MediaWiki 1.44.
==== Removed configuration ====
* wgSessionInsecureSecrets has been removed since OpenSSL is now a required
PHP extension.
* $wgTemplateLinksSchemaMigrationStage has been removed.
* $wgSamplingStatsdClient has been removed. It was introduced in MW 1.28 for
use in the Wikibase extension, but never used. The new StatsFactory service
should be used for new instrumentations, which already supports sampling.
Beware that sampling is generally not needed even at scale, and that sampling
does not significantly reduce runtime overhead, thus making it slow to
instrument very hot code even with built-in sampling.
* (T294397) The 'writeapi' userright, which controlled access to some API
modules, has been removed.
* (T331883) The variables $wgLinterWriteTagAndTemplateColumnsStage,
$wgLinterUserInterfaceTagAndTemplateStage, $wgLinterWriteNamespaceColumnStage,
and $wgLinterUseNamespaceColumnStage have been removed. The namespace,
tag and template column of the Linter database table are now written and used.
The existing data from the Linter database is migrated to the new columns
by extensions/Linter/maintenance/migrateNamespace.php and
extensions/Linter/maintenance/migrateTagTemplate.php, which are both called
by the update script (T367207).
=== New user-facing features in 1.43 ===
* (T338341) Support reading XMP and EXIF from WebP files
* (T365636) Wiki's with wgAllowExternalImages enabled now detect urls
with AVIF, SVG and WebP images.
* (T242346) Special:TalkPage is a new special page that will redirect to the
associated talk namespace page, e.g. [[Special:TalkPage/Foo]] redirects to
[[Talk:Foo]]; [[Special:TalkPage/Project:Foo]] goes to [[Project talk:Foo]].
This allows for links by templates and tools without having to parse what
namespaces are valid and have associated talk pages.
* New preference: "Send password reset emails only when both email address
and username are provided."
* (T4085) Added new magic word {{USERLANGUAGE}} which returns the language code
of the interface set by the user.
* (T263513) Special:NamespaceInfo is a new special page that displays a list
of namespaces available on the wiki, their descriptions and configuration.
=== New developer features in 1.43 ===
* StatusValue class gained new method getMessages(): MessageSpecifier[],
allowing the errors to be inspected and displayed more easily, for example:
foreach ( $status->getMessages() as $msg ) {
if ( $msg->getKey() !== 'ignored-message' ) {
$this->getOutput()->addWikiMsg( $msg );
}
}
* (T358779) The MessageValue class can now be used instead of Message in most
places (in methods that accept the MessageSpecifier interface). This allows
using localisation messages in code that doesn't know the user's language,
such as many hooks, without relying on global state. To convert between them,
use MessageValue::newFromSpecifier() and Message::newFromSpecifier().
* The REST API framework now supports defining redirects in route definition
files. See MediaWiki\Rest\Handler\RedirectHandler for details.
* (T13555) Skins can enable the 'supportsMwHeading' option for new, more
accessible HTML markup for wikitext headings. MediaWiki's own styles and
scripts have been updated to support it, but your skin may also need updates.
More information: https://www.mediawiki.org/wiki/Heading_HTML_changes
A future release will emit deprecation warnings for skins with
'supportsMwHeading' set to false.
* The AuthPreserveQueryParams hook was added.
* (T219397) New `Language::formatDurationBetweenTimestamps()` function added
which takes two timestamps and a precision in order to calculate a more
accurate text representation of duration.
* Added an interactive mode to the install.php maintenance script.
* The ResourceLoaderModifyEmbeddedSourceUrls hook was added.
* The AuthManagerFilterProviders hook was added.
* The AuthManagerVerifyAuthentication hook was added.
* The OutputPageRenderCategoryLink hook was added, as a replacement for the
deprecated OutputPageMakeCategoryLinks hook.
* PreAuthenticationProvider, PrimaryAuthenticationProvider, and
SecondaryAuthenticationProvider now receive a `canAlwaysAutocreate` flag in
the options of the `testUserForCreation` invocation. This flag is true when
the session provider is exempt from autocreate user permissions checks.
* The CentralIdLookup service gained the isOwned() method, which can be used
to check if a local username is reserved for a central user, even if a local
user account does not exist yet. This can be used by extensions to look
up information about the central user.
* (T251790) A Jest-based test suite has been introduced for testing front-end
code such as Vue components. Tests can be run via `npm run jest`, and test
files live in `tests/jest/`. See https://www.mediawiki.org/wiki/Jest
for more information.
* The SpreadAnyEditBlock hook was added.
* The ConditionalDefaultOptionsAddCondition hook was added.
=== External library changes in 1.43 ===
* The OOjs Router library has been merged into core and will be archived
upstream.
===== New development-only external libraries =====
* (T251790) Some development-only external libraries have been added for the new
testing tools for front-end Vue components:
* Added jest and jest-environment-jsdom at v29.7.0.
* Added @vue/test-utils v2.4.6.
* Added @vue/vue3-jest v29.2.6.
* Added @babel/preset-env v7.25.4.
* Added pinia v2.0.16 (already available via ResourceLoader).
* Added @pinia/testing v0.0.12.
* Codex, already available via ResourceLoader, now has the npm versions, i.e.
@wikimedia/codex and @wikimedia/codex-icons, also installed for testing.
==== Changed external libraries ====
* Updated codex, codex-design-tokens and codex-icons
from v1.3.6 to v1.14.0.
* Updated composer/semver from 3.4.0 to 3.4.3.
* Updated guzzlehttp/guzzle from 7.7.1 to 7.9.2.
* Updated jquery.i18n from 1.0.7 to 1.0.10.
* Updated justinrainbow/json-schema from 5.2.13 to 5.3.0.
* Updated pear/mail from 1.6.0 to 2.0.0.
* Updated pear/net_smtp from 1.11.1 to 1.12.1.
* Updated mck89/peast from v1.16.2 to 1.16.3.
* Updated monolog/monolog from 2.9.2 to 2.9.3.
* Updated symfony/yaml from 5.4.35 to 5.4.45.
* Updated OOUI from v0.49.1 to v0.51.2.
* Updated wikimedia/at-ease from 2.1.0 to 3.0.0.
* Updated wikimedia/json-codec from 3.0.1 to 3.0.3.
* Updated wikimedia/less.php from 4.2.1 to 5.1.2.
* Updated wikimedia/minify from 2.7.0 to 2.8.0.
* Updated wikimedia/normalized-exception from 1.0.1 to 2.0.0.
* Updated wikimedia/php-session-serializer from 2.0.1 to 3.0.0.
* Updated wikimedia/purtle from 1.0.8 to 2.0.0.
* Updated wikimedia/relpath from 4.0.0 to 4.0.1.
* Updated wikimedia/remex-html from 4.1.0 to 4.1.1.
* Updated wikimedia/request-timeout from 1.2.0 to 2.0.0.
* Updated wikimedia/scoped-callback from 4.0.0 to 5.0.0.
* Updated wikimedia/services from 3.0.0 to 4.0.0.
* Updated wikimedia/shellbox from 4.0.2 to 4.1.1.
* Updated wikimedia/xmp-reader from 0.9.1 to 0.9.4.
* Updated vue from 3.3.9 to 3.4.27.
* Updated symfony/polyfill-php80 from 1.29.0 to 1.31.0.
* Updated symfony/polyfill-php81 from 1.29.0 to 1.31.0.
* Updated symfony/polyfill-php82 from 1.29.0 to 1.31.0.
* Updated symfony/polyfill-php83 from 1.29.0 to 1.31.0.
===== Changed development-only external libraries =====
* Updated doctrine/dbal from 3.7.2 to 3.8.4.
* Updated eslint-config-wikimedia from 0.26.0 to 0.27.0.
* Updated mediawiki/mediawiki-codesniffer from 43.0.0 to 45.0.0.
* Updated phpunit/phpunit from 9.6.16 to 9.6.19.
* Updated seld/jsonlint from 1.10.1 to 1.10.2.
=== Bug fixes in 1.43 ===
* When using the 'runMaintenance' method in a LoadExtensionSchemaUpdates hook
handler, only the script's class name is required, not its path. (T367918)
* QueryPage::recache() (used by the updateSpecialPages.php maintenance script)
no longer attempts to ignore database errors. (T278543)
=== Action API changes in 1.43 ===
* APIQueryUserInfo now returns null in the field registrationdate for users
created before December 2005 (their registration date was not recorded).
=== Languages updated in 1.43 ===
MediaWiki supports over 350 languages. Many localisations are updated regularly.
Below only new and removed languages are listed, as well as changes to languages
because of Phabricator reports.
* (T375891) Updated the autonym for Kadazan Dusun (dtp)
* (T357853) Added unidirectional script conversion for Meitei to Bengali script.
* (T367377) Updated the autonym for Tai Nuea (tdd)
* (T375947) Updated the autonym for Komering (kge)
* (T354937, T362041) Added language support for Minnan (Traditional Han script)
(nan-hant).
* (T290657) Added language support for Levantine Arabic (apc).
* (T364291) Added language support for Musi, also known as Palembang (mui).
* (T364737) Added language support for Haryanvi (bgc).
* (T365365) Added language support for Chakma (ccp).
* (T367991) Added language support for Iban (iba).
* (T367688) Added language support for Interslavic (Latin) (isv-latn).
* (T375360) Added language support for Interslavic (Cyrillic) (isv-cyrl).
* (T370123) Added language support for Nupe (nup).
* (T371051) Added language support for Saint Lucian Creole (acf).
* (T354937, T370987) Added language support for Minnan (Pe̍h-ōe-jī)
(nan-latn-pehoeji).
* (T354937, T369899) Added language support for Minnan (Tâi-lô)
(nan-latn-tailo).
* (T375052) Added language support for Tigre (tig).
* (T375999) Added language support for Luba-Lulua (lua).
* (T376248) Added language support for Duala (dua).
* (T375377) Added language support for Southern Ndebele (nr).
This is done experimentally, with only a Names.php entry and
namespace translations, before we have actual localized strings.
For details, see https://www.mediawiki.org/wiki/Future_of_Language_Incubation.
* (T356144) Deprecated the Kanuri language (kr) and replaced it
with Central Kanuri (knc). The language code kr is kept for
backwards compatibility and falls back to knc.
=== Breaking changes in 1.43 ===
* (T358779) The format of parameters used by the Message class has changed.
Instead of arrays in a special format, they are now MessageParam objects.
Code that simply called methods like Message::numParam() and didn't look
inside the values they return should be unaffected. Code that depended on
the formatted params being arrays or accessed their keys will need updates.
Example patches: https://gerrit.wikimedia.org/r/q/topic:message-param
* ErrorPageError public properties 'msg' and 'title' may now contain
any MessageSpecifier object, not just Message.
* Reset button functionality suppressReset() and $mShowReset from HTMLForm
was removed without replacement.
* UserGroupMembership::getGroupName(), deprecated in 1.38, and
UserGroupMembership::getGroupMemberName(), deprecated in 1.40, have
been removed.
* SerializedValueContainer::isUnified(), deprecated in 1.42, has been
removed.
* Parser::getFreshParser(), deprecated in 1.39, has been removed.
* ParserOutput::getLanguageLinks() no longer returns a reference to the
internal array.
* ConfigFactory::getDefaultInstance(), deprecated since 1.27, has been
removed.
* wfGetLangObj(), deprecated since 1.41, has been removed in favor of
LanguageFactory::getLanguage().
* wfRemoveDotSegments(), deprecated in 1.39, has been removed.
* IReadableDatabase::getReplicaPos() has been removed without deprecation
as it's not used anywhere.
* CommentFormatter::formatStringsAsBlock() has been removed without deprecation
as it's not used anywhere.
* ILoadBalancer::laggedReplicaUsed() has been moved to ILoadBalancerForOwner::
effectively making it internal.
* Define DB_MASTER, deprecated since 1.36, has been removed.
* ILoadBalancer::DB_MASTER, deprecated since 1.36, has been removed.
* Overriding MWException::getHTML(), ::getText(), ::getPageTitle(), and
::reportHTML() in order to display custom exception messages is no
longer supported.
* In PageHandlerTestTrait, the newRouter() method was renamed to
newRouterForPageHandler() to avoid a conflict with a method of the same
name in RestTestTrait. Also, PageHandlerTestTrait is no longer marked as
"stable to use". It was marked this way by accident, the functionality it
provides is specific to certain handlers implemented in MediaWiki core.
* MediaWikiIntegrationTestCase::addCoreDBData(), deprecated since 1.41, has
been removed.
* wfUnpack(), deprecated since 1.42, has been removed in favor of
StringUtils::unpack().
* UIDGenerator, deprecated since 1.35, has been removed.
* TablePager::getBody(), final and deprecated since 1.24, has been removed.
Use ::getBodyOutput() or ::getFullOutput() instead.
* ImportableUploadRevisionImporter::downloadSource(), deprecated in 1.31, is now
private. Its only known external caller was removed in 1.40.
* The following methods in the User class have been removed:
* Deprecated in 1.33:
* User::isBlockedFrom()
* Deprecated in 1.34:
* User::isBlocked()
* Deprecated in 1.35:
* User::addGroup()
* User::getAllGroups()
* User::getGroups()
* User::getGroupMemberships()
* User::getImplicitGroups()
* User::getOption()
* User::removeGroup()
* Deprecated in 1.37:
* User::isBlockedFromCreateAccount()
* BotPassword::invalidateAllPasswordsForCentralId() and
BotPassword::removeAllPasswordsForCentralId(), deprecated in 1.37,
have been removed.
* Title::getBrokenLinksFrom(), deprecated in 1.42, has been removed.
* The $type parameter to Skin::getCopyright(), deprecated in 1.40, has been
removed.
* The module `mediawiki.icon`, deprecated in 1.42, has been removed.
* The `@vue/composition-api` module, a deprecated alias for `vue` since 1.41,
has been removed. Use `vue` directly.
* SiteConfiguration::extractVar() and ::extractGlobal(), deprecated in 1.41,
have been removed.
* Skin::footerLink(), deprecated in 1.40, has been removed.
* Skin::getAction(), deprecated in 1.39, has been removed.
* Skin::makeSearchInput(), deprecated in 1.35, has been removed.
* Skin::makeSearchButton(), deprecated in 1.39, has been removed.
* SkinTemplate::buildContentNavigationUrls(), deprecated in 1.38,
has been removed.
* Title::getCdnUrls() and Title::purgeSquid(), deprecated in 1.35, have been
removed.
* The `mediawiki.pager.tablePager` module, deprecated in 1.38, has been
removed in favor of the more generic `mediawiki.pager.styles`.
* BagOStuff::setNewPreparedValues(), deprecated in 1.40, has been removed.
* Constructing MWHttpRequest objects now requires timeout and connectTimeout to
be set; this was deprecated in 1.35.
* Hooks that were run from SpecialContributions are now run from the parent,
ContributionsSpecialPage. The page passed in is a ContributionsSpecialPage
type, and documentation and type comparisons may need to be updated. Affected
hooks are: ContributionsBeforeMainOutputHook, ContributionsToolLinksHook,
SpecialContributions__getForm__filtersHook.
* Hooks that were run from ContribsPager are now run from the parent,
ContributionsPager. If a pager is passed in, it is a ContributionsPager type,
and documentation and type comparisons may need to be updated. Affected
hooks are: ContribsPager__reallyDoQueryHook, ContribsPager__getQueryInfoHook,
ContributionsLineEndingHook, SpecialContributions__formatRow__flagsHook.
* Hooks that were run from DeletedContribsPager are now run from the parent,
ContributionsPager. If a pager is passed in, it is a ContributionsPager type,
and documentation and type comparisons may need to be updated. Affected
hooks are: DeletedContribsPager__reallyDoQueryHook and
DeletedContributionsLineEndingHook.
* The public method ContributionsSpecialPage::getUserLinks has been made
protected. Although not marked @internal, the method was public to be called
from SpecialDeletedContributions (call now removed), and was not called from
anywhere else.
* DatabaseBlock::purgeExpired, deprecated since 1.38, has been removed.
* AbstractBlock::getPermissionsError, deprecated since 1.35, has been removed.
* IDatabase::namedLocksEnqueue() has been removed without deprecation.
* IDatabase::getTopologyRole() has been removed without deprecation.
* IDatabase::getTopologyBasedServerId() has been removed without deprecation.
Use IDatabase::getServerName() instead.
* IReadableDatabase::wasReadOnlyError() has been removed without deprecation.
Use IDatabase::isReadOnly() instead.
* IReadableDatabase::wasDeadlock() has been removed without deprecation.
* ILoadBalancer::getWriterIndex() has been removed without deprecation.
Use ServerInfo::WRITER_INDEX constant instead.
* MaintainableDBConnRef, deprecated since 1.39, has been removed.
* ILoadBalancer::reuseConnection(), deprecated since 1.39, has been removed.
* The $domain parameter to ILoadBalancer::getReadOnlyReason(), deprecated in
1.40, has been removed.
* WikiPage::doDeleteArticleBatched, hard deprecated since 1.37, has been
removed.
* SpecialEmailUser::submit, deprecated since 1.41, has been removed.
* SpecialEmailUser::validateTarget, deprecated since 1.41, has been removed.
* SpecialEmailUser::getPermissionsError, deprecated since 1.41 has been
removed.
* SpecialBlock::getTargetAndType, deprecated since 1.36, has been removed.
* ApiQueryBlockInfoTrait::addBlockInfoToQuery(), deprecated since 1.42, has been
removed.
* Linker::makeExternalLink() has been deprecated in favor of
LinkRenderer::makeExternalLink(), which has a improved API to help phan's
SecurityCheckPlugin provide more accurate checks for escaping issues.
* Linker::makeHeadline(), Linker::generateTOC(), Linker::tocIndent(),
Linker::tocUnindent(), Linker::tocLine(), Linker::tocLineEnd(), and
Linker::tocList(), deprecated in 1.42, have been removed.
* Linker::formatComment(), Linker::formatLinksInComment(),
Linker::commentBlock(), and Linker::revComment(), deprecated in 1.38,
have been removed.
* UserCache::singleton(), deprecated in 1.43, now emits deprecation warnings.
Use MediaWikiServices::getInstance()->getUserCache() instead.
* DummyLinker has been removed. The former DummyLinker parameter
to the 'ImageBeforeProduceHTML' hook is now null.
* The following methods of IDatabase have been moved to internal interface
IDatabaseForOwner without deprecation. These methods are internal and
shouldn't be used outside of rdbms library:
- ::pendingWriteCallers()
- ::flushSession()
- ::lastDoneWrites()
- ::setTransactionListener()
- ::serverIsReadOnly()
- ::getPrimaryPos()
- ::pendingWriteQueryDuration()
- ::writesOrCallbacksPending()
- ::writesPending()
- ::primaryPosWait()
* IMaintainableDatabase::listViews(), deprecated since 1.42, has been removed.
* IMaintainableDatabase::truncate(), deprecated since 1.42, has been removed.
* IMaintainableDatabase::textFieldSize() was removed without deprecation.
* ReplicatedBagOStuff, deprecated since 1.42, has been removed.
* The 'replicaOnly' option to SqlBagOStuff has been removed without deprecation.
It existed for internal use by SqlBagOStuff only.
* Support for WinCache as local server cache has been removed, because WinCache
is not available for supported versions of PHP. The WinCacheBagOStuff class
has been removed. Use MediaWikiServices::getLocalServerObjectCache() instead,
or the CACHE_ACCEL type instead, which automatically selects APCu when
available.
The "wincache" cache type (e.g. to ObjectCache::getInstance, and in
"wg*CacheType" configuration) remains supported as an alias for CACHE_ACCEL.
* LockManager::sha1Base16Absolute(), has been removed without deprecation.
* The "options" parameter to User::createNew() and the $data parameter to
UserOptionsManager::loadUserOptions() were removed.
* `.list-style-image()` mixin from mediawiki.mixins.less, deprecated since 1.38,
has been removed.
* `.background-image()` mixin from mediawiki.mixins.less, deprecated since 1.38,
has been removed.
* IDatabase::nextSequenceValue(), deprecated since 1.30, was removed.
* $wgAPIRequestLog was removed without deprecation. Use "api" and "api-request"
wgDebugLogGroups channels or SPI instead.
* The setStats() method in MediaWiki\Rest\Router now expects a StatsFactory
rather than a StatsdDataFactoryInterface. The method has been marked @internal
and should not be called by extensions.
* All `@width-breakpoint-*` Less variables have been removed. Use
`@min-width-breakpoint-*`/`@max-width-breakpoint-*` instead.
* The MessageContent class, deprecated since 1.38, is now removed. This also
means that the Message::content() method is also removed.
* The following ParserOption methods, deprecated since 1.35, were removed:
- ::setAllowExternalImages()
- ::setAllowExternalImagesFrom()
- ::setEnableImageWhitelist()
* Sanitizer::removeHTMLtags(), deprecated since 1.38, has been removed.
* OutputPage::getCSPNonce(), deprecated since 1.35, has been removed.
* UserMailer::rfc822Phrase(), deprecated since 1.38, has been removed.
* QueryPage::getSQL(), deprecated since 1.39, has been removed. The replacement
QueryPage::getQueryInfo() is now abstract.
* update-keys.sql was removed. It is not recommended to install MediaWiki by
manually sourcing SQL files, but if you are doing this, run
`update.php --initial` instead of sourcing update-keys.sql.
* MediaWikiVersionFetcher, deprecated since 1.42 has been removed.
* Support for using Skin::addToBodyAttributes() method, which was deprecated
in 1.35, has been removed. Use OutputPageBodyAttributesHook instead.
* Skins since 1.39 have not supported rendering content outside the body tag.
The bodyOnly=false option has now been removed, meaning this is no longer
supported.
* CentralIdLookup::factoryNonLocal(), deprecated since 1.37, has been removed.
* CryptHKDF and MWCryptHKDF were removed without deprecation, in part because no
past or present use could be found. hash_hkdf() can be used instead of HKDF().
While generate() and generateHex() have no direct replacement, random_bytes()
and MWCryptRand::generateHex() can be used instead.
=== Deprecations in 1.43 ===
* The methods StatusValue::getErrors() and StatusValue::getErrorsByType(),
as well as Status::getErrorsArray() and Status::getWarningsArray(), have
been deprecated in favor of new method StatusValue::getMessages().
* PermissionManager::getPermissionErrors() has been deprecated in favor
of getPermissionStatus().
* PermissionStatus::toLegacyErrorArray() is deprecated with no replacement.
* PermissionsError properties $errors and $permission are deprecated.
To display the error, throw it or use ->report().
* (T166010) All PHP code in MediaWiki is slowly being moved to be in a class
namespace as appropriate, so that we can use PSR-4 auto-loading, which will
speed up general code loading of MediaWiki. The old global namespace class
names are being left behind as deprecated aliases.
In this release of MediaWiki, 2236 classes now have a namespace and 509 do
not yet (81% done, up from 69% in MediaWiki 1.42.0). The following have newly
been moved:
- MediaWiki\Api:
- ApiAMCreateAccount
- ApiAcquireTempUserName
- ApiAuthManagerHelper
- ApiBase
- ApiBlock
- ApiBlockInfoTrait
- ApiCSPReport
- ApiChangeAuthenticationData
- ApiChangeContentModel
- ApiCheckToken
- ApiClearHasMsg
- ApiClientLogin
- ApiComparePages
- ApiContinuationManager
- ApiCreateTempUserTrait
- ApiDelete
- ApiDisabled
- ApiEditPage
- ApiEmailUser
- ApiErrorFormatter
- ApiErrorFormatter_BackCompat
- ApiExpandTemplates
- ApiFeedContributions
- ApiFeedRecentChanges
- ApiFeedWatchlist
- ApiFileRevert
- ApiFormatBase
- ApiFormatFeedWrapper
- ApiFormatJson
- ApiFormatNone
- ApiFormatPhp
- ApiFormatRaw
- ApiFormatXml
- ApiFormatXmlRsd
- ApiHelp
- ApiHelpParamValueMessage
- ApiImageRotate
- ApiImport
- ApiImportReporter
- ApiLinkAccount
- ApiLogin
- ApiLogout
- ApiMain
- ApiManageTags
- ApiMergeHistory
- ApiMessage
- ApiMessageTrait
- ApiModuleManager
- ApiMove
- ApiOpenSearch
- ApiOpenSearchFormatJson
- ApiOptions
- ApiOptionsBase
- ApiPageSet
- ApiParamInfo
- ApiParse
- ApiPatrol
- ApiProtect
- ApiPurge
- ApiQuery
- ApiQueryAllCategories
- ApiQueryAllDeletedRevisions
- ApiQueryAllImages
- ApiQueryAllLinks
- ApiQueryAllMessages
- ApiQueryAllPages
- ApiQueryAllRevisions
- ApiQueryAllUsers
- ApiQueryAuthManagerInfo
- ApiQueryBacklinks
- ApiQueryBacklinksprop
- ApiQueryBase
- ApiQueryBlockInfoTrait
- ApiQueryBlocks
- ApiQueryCategories
- ApiQueryCategoryInfo
- ApiQueryCategoryMembers
- ApiQueryContributors
- ApiQueryDeletedRevisions
- ApiQueryDeletedrevs
- ApiQueryDisabled
- ApiQueryDuplicateFiles
- ApiQueryExtLinksUsage
- ApiQueryExternalLinks
- ApiQueryFileRepoInfo
- ApiQueryFilearchive
- ApiQueryGeneratorBase
- ApiQueryIWBacklinks
- ApiQueryIWLinks
- ApiQueryImageInfo
- ApiQueryImages
- ApiQueryInfo
- ApiQueryLangBacklinks
- ApiQueryLangLinks
- ApiQueryLanguageinfo
- ApiQueryLinks
- ApiQueryLogEvents
- ApiQueryMyStashedFiles
- ApiQueryPagePropNames
- ApiQueryPageProps
- ApiQueryPagesWithProp
- ApiQueryPrefixSearch
- ApiQueryProtectedTitles
- ApiQueryQueryPage
- ApiQueryRandom
- ApiQueryRecentChanges
- ApiQueryRevisions
- ApiQueryRevisionsBase
- ApiQuerySearch
- ApiQuerySiteinfo
- ApiQueryStashImageInfo
- ApiQueryTags
- ApiQueryTokens
- ApiQueryUserContribs
- ApiQueryUserInfo
- ApiQueryUsers
- ApiQueryWatchlist
- ApiQueryWatchlistRaw
- ApiRawMessage
- ApiRemoveAuthenticationData
- ApiResetPassword
- ApiResult
- ApiRevisionDelete
- ApiRollback
- ApiRsd
- ApiSerializable
- ApiSetNotificationTimestamp
- ApiSetPageLanguage
- ApiStashEdit
- ApiTag
- ApiUnblock
- ApiUndelete
- ApiUpload
- ApiUsageException
- ApiUserrights
- ApiValidatePassword
- ApiWatch
- ApiWatchlistTrait
- IApiMessage
- SearchApi
- MediaWiki\Content:
- AbstractContent
- CodeContentHandler
- Content
- ContentHandler
- ContentModelChange
- CssContent
- CssContentHandler
- FallbackContent
- FallbackContentHandler
- FileContentHandler
- JavaScriptContent
- JavaScriptContentHandler
- JsonContent
- JsonContentHandler
- TextContent
- TextContentHandler
- WikitextContent
- WikitextContentHandler
- WikiTextStructure
- MediaWiki\Debug:
- DeprecationHelper
- MWDebug
- MediaWiki\Deferred:
- RefreshSecondaryDataUpdate
- MediaWiki\FileBackend:
- FileBackendGroup – FIXME: Should this be in Wikimedia\FileBackend instead?
- MediaWiki\Json:
- FormatJson
- MediaWiki\Language:
- Language
- LanguageCode
- ILanguageConverter
- LanguageConverter
- ConverterRule
- ReplacementArray
- MediaWiki\Maintenance:
- BackupDumper
- Benchmarker
- DeleteLocalPasswords
- FakeMaintenance
- LoggedUpdateMaintenance
- MWDoxygenFilter
- Maintenance
- SchemaMaintenance
- SevenZipStream
- TextPassDumper
- MediaWiki\Parser:
- BlockLevelPass
- CacheTime
- CoreMagicVariables
- CoreParserFunctions
- CoreTagHooks
- DateFormatter
- DateFormatterFactory
- LinkHolderArray
- MWTidy
- PPCustomFrame_Hash
- PPDPart_Hash
- PPDStackElement_Hash
- PPDStack_Hash
- PPFrame
- PPFrame_Hash
- PPNode
- PPNode_Hash_Array
- PPNode_Hash_Attr
- PPNode_Hash_Text
- PPNode_Hash_Tree
- PPTemplateFrame_Hash
- ParserCache
- ParserFactory
- ParserOptions
- Preprocessor
- Preprocessor_Hash
- StripState
- MediaWiki\RCFeed:
- FormattedRCFeed
- IRCColourfulRCFeedFormatter
- JSONRCFeedFormatter
- MachineReadableRCFeedFormatter
- RCFeed
- RCFeedFormatter
- RedisPubSubFeedEngine
- UDPRCFeedEngine
- XMLRCFeedFormatter
- MediaWiki\RenameUser:
- RenameUserJob
- MediaWiki\Registration:
- ExtensionDependencyError
- ExtensionJsonValidationError
- ExtensionJsonValidator
- ExtensionProcessor
- ExtensionRegistry
- MissingExtensionException
- Processor
- VersionChecker
- MediaWiki\RevisionList:
- RevisionItem
- RevisionItemBase
- RevisionList
- RevisionListBase
- MediaWiki\Watchlist:
- ActivityUpdateJob
- ClearUserWatchlistJob
- ClearWatchlistNotificationsJob
- NoWriteWatchedItemStore
- WatchedItem
- WatchedItemQueryService
- WatchedItemQueryServiceExtension
- WatchedItemStore
- WatchedItemStoreInterface
- WatchlistExpiryJob
- MediaWiki\Xml:
- Xml
- XmlSelect
- Wikimedia\FileBackend:
- FSFileBackend
- FSFileBackendDirList
- FSFileBackendFileList
- FSFileBackendList
- FileBackend
- FileBackendError
- FileBackendMultiWrite
- FileBackendStore
- FileBackendStoreShardDirIterator
- FileBackendStoreShardFileIterator
- FileBackendStoreShardListIterator
- FileOpBatch
- HTTPFileStreamer
- MemoryFileBackend
- SwiftFileBackend
- SwiftFileBackendDirList
- SwiftFileBackendFileList
- SwiftFileBackendList
- Wikimedia\FileBackend\FileOps:
- CopyFileOp
- CreateFileOp
- DeleteFileOp
- DescribeFileOp
- FileOp
- FileStatePredicates
- MoveFileOp
- NullFileOp
- StoreFileOp
- Wikimedia\FileBackend\FileOpHandle:
- FSFileOpHandle
- SwiftFileOpHandle
- FileBackendStoreOpHandle
- Wikimedia\FileBackend\FSFile:
- FSFile
- TempFSFile
- TempFSFileFactory
- Wikimedia\Http:
- MultiHttpClient
- Wikimedia\Message:
- MessageSpecifier
- Wikimedia\Mime:
- MSCompoundFileReader
- MimeAnalyzer
- XmlTypeCheck
- Wikimedia\ObjectCache:
- APCUBagOStuff
- BagOStuff
- CachedBagOStuff
- EmptyBagOStuff
- HashBagOStuff
- IStoreKeyEncoder
- MediumSpecificBagOStuff
- MemcachedBagOStuff
- MemcachedPeclBagOStuff
- MemcachedPhpBagOStuff
- MultiWriteBagOStuff
- RESTBagOStuff
- RedisBagOStuff
- WANObjectCache
- WinCacheBagOStuff
- RedisConnectionPool
- RedisConnRef
- Wikimedia\Rdbms:
- DBAccessObjectUtils
- IDBAccessObject
- Wikimedia\Stats:
- BufferingStatsdDataFactory
- IBufferingStatsdDataFactory
- NullStatsdDataFactory
- PrefixingStatsdDataFactoryProxy
- SamplingStatsdClient
- StatsdAwareInterface
* MessageCache::get() with $language other than Language or null is
deprecated and emits deprecation warnings. For high-level access,
use wfMessage() or RequestContext::msg() instead.
* Manually constructing a Language object, deprecated in 1.35, now emits
deprecation warnings. Use LanguageFactory instead.
* MediaWiki\Languages\Data\Names::$names is deprecated.
* SearchEngineConfig::getConfig() has been deprecated, use DI with
ServiceOptions to inject the required options.
* ObjectCache::isDatabaseId() and ::getLocalClusterInstance() have been
deprecated. Use their equivalents in ObjectCacheFactory.
* Using the "post" source in parameter declarations returned from
Handler::getParamSettings() is deprecated, use "body" instead.
* ISQLPlatform::tableNamesN() is now deprecated.
* The implementation in SQLPlatform of ISQLPlatform::tableNames(), deprecated in
MediaWiki 1.39, now emits deprecation warnings.
* Title::getTitleProtection(), deprecated in 1.37, now emits warnings. You can
use RestrictionStore::getCreateProtection() instead.
* Title::loadRestrictions(), deprecated in 1.37, now emits warnings.
* Title::flushRestrictions(), deprecated in 1.37, now emits warnings.
* Title::getPageViewLanguage(), deprecated in 1.42, now emits warnings.
* wfUrlProtocols(), deprecated in 1.39, now emits warnings.
* wfGetServerUrl(), deprecated in 1.39, now emits warnings.
* wfExpandIRI(), deprecated in 1.39, now emits warnings.
* The following methods, previously deprecated, now emit deprecation warnings:
- ContentHandler::getDefaultModelFor(), deprecated since 1.33
- ContentHandler::getAllContentFormats(), deprecated since 1.35
- ContentHandler::getContentModels(), deprecated since 1.35
- ContentHandler::getForContent(), deprecated since 1.35
- ContentHandler::getForModelID(), deprecated since 1.35
- ContentHandler::getContentText(), deprecated since 1.37
* Passing a Message argument to OutputPage::setPageTitle(), which was
deprecated in 1.41, now emits warnings.
* OutputPage::showFatalError() is deprecated, use showErrorPage() instead.
* OutputPage::showPermissionsErrorPage() is deprecated,
use showPermissionStatus() instead.
* OutputPage::formatPermissionsErrorMessage(), deprecated since 1.36,
now emits deprecation warnings. Use formatPermissionStatus() instead.
* OutputPage::setCategoryLinks() has been deprecated and emits deprecation
warnings. Use ::addCategoryLinks() instead.
* OutputPage::setLanguageLinks() has been deprecated; use ::addLanguageLinks()
instead.
* Passing 'index' to OutputPage::setIndexPolicy() and
OutputPage::setRobotPolicy() after previously passing 'noindex' has
been deprecated; in a future release OutputPage will behave like
ParserOutput::setIndexPolicy(), where 'noindex' takes precedence
over 'index'.
* (T375975) Language::embedBidi() has been deprecated; use <bdi> HTML tag
instead.
* (T375975) Language::getDirMark() has been deprecated; use <bdi> HTML tag
instead.
* (T375975) Language::getDirMarkEntity() has been hard deprecated; use
<bdi> HTML tag instead.
* (T375975) The unused third parameter of Language::specialList is removed as
the method isolates the title unconditionally from the details.
* LoadBalancer::getConnectionRef(), deprecated since 1.39, now emits deprecation
warnings. Use ::getConnection() instead.
* DBAccessObjectUtils::getDBOptions() is deprecated, use
SelectQueryBuilder::recency() instead.
* IDatabase::lockForUpdate is deprecated, use
SelectQueryBuilder::acquireRowLocks instead.
* ILBFactory::flushReplicaSnapshots() is deprecated no longer needed.
* wfGetUrlUtils() is deprecated; instead, get a UrlUtils from services.
* DerivedPageDataUpdater::getPreparedEdit(), provided for back-compatibility, is
now deprecated; use the getters directly, instead.
* AuthManager::forcePrimaryAuthenticationProviders(), provided for back-
compatibility, is now deprecated.
* WikiPage::hasDifferencesOutsideMainSlot(), provided as a stop-gap before
refactoring to support MCR, is now deprecated.
* ChangesList::getTimestamp() has been deprecated; use ::revDateLink() instead.
* RecentChange::doMarkPatrolled() is deprecated, use
RecentChange::markPatrolled() instead.
* LogFormatter::newFromRow() and LogFormatter::newFromEntry(), deprecated since
1.42, now emit deprecation warnings.
* LinksUpdate::getAddedLinks(), ::getRemovedLinks(), deprecated since 1.38, now
emit deprecation warnings.
* TitleLinksTable::getTitleArray(), deprecated since 1.38, now emits deprecation
warnings.
* SiteConfig::variants() has been deprecated; use ::variantsFor().
* ObjectCache::$instances and ::getInstance() have been deprecated; instead, use
ObjectCacheFactory::getInstance().
* WANObjectCache::clearLastError() and BagOStuff::clearLastError have been hard
deprecated, use ::watchErrors() together with ::getLastErrors() instead.
* BagOStuff::getSegmentationSize() and ::getSegmentedValueMaxSize() no longer
have any usage. The subclass' method in MediumSpecificBagOStuff overrides also
have no usage as well.
* ApiBase::errorArrayToStatus() is deprecated with no replacement.
* ApiTestCase::setExpectedApiException() has been deprecated; instead, use
::expectApiErrorCode() to test error codes instead of messages.
* ApiPageSet::getTitles(), ApiPageSet::getGoodTitles(),
ApiPageSet::getMissingTitles(), ApiPageSet::getGoodAndMissingTitles(),
ApiPageSet::getRedirectTitles() and ApiPageSet::getSpecialTitles, deprecated
since 1.37, now emit deprecation warnings.
* QueryPage::setDBLoadBalancer() and ::getDBLoadBalancer() have been deprecated,
use QueryPage::setDatabaseProvider() or ::getDatabaseProvider() instead.
* User::isBlockedGlobally(), deprecated since 1.40, now emits deprecation
warnings.
* User::isBlockedFromEmailuser() and User::canSendEmail(), deprecated since
1.41, now emit deprecation warnings.
* wfMergeErrorArrays() has been deprecated.
* wfArrayDiff2() has been deprecated.
* User::whoIs() and User::whoIsReal(), have been deprecated.
* UserCache class and MediaWikiServices::getUserCache(), have been deprecated.
* JsonUnserializable and related classes have been renamed to JsonDeserializable
to make it clearer that they're related to converting serialized content back
into JSON, rather than stating that things are not representable in JSON. The
previous class names have been left behind as deprecated aliases:
- JsonUnserializable -> JsonDeserializable
- JsonUnserializableTrait -> JsonDeserializableTrait
- JsonUnserializer -> JsonDeserializer
Additionally, JsonCodec's unserialize() and unserializeArray() methods have
also been renamed to deserialize() and deserializeArray(), with the old names
deprecated.
* In the REST framework, the the BodyValidator interface and all functionality
related to it are deprecated. They have been replaced by
Handler::getBodyParamSettings() and Handler::parseBodyData(). The following
interfaces, classes, and methods are affected:
- interface BodyValidator
- class JsonBodyValidator
- class NullValidator
- function Handler::getBodyValidator
- function Validator::validateBody
* StatusValue will emit deprecation warnings when an error is given as
a MessageSpecifier combined with a parameters array, which is usually
a mistake, as the parameters have always been ignored.
* In StatusValue::replaceMessage(), ::hasMessage() and ::hasMessagesExcept()
passing MessageSpecifier or MessageValue as $source has been deprecated.
* PageArchive::undeleteAsUser, deprecated since 1.35, now emits deprecation
warnings.
* DatabaseBlock::getQueryInfo() and DatabaseBlock::getRangeCond() are
deprecated and emit deprecation warnings. Use the equivalent methods in
DatabaseBlockStore.
* DatabaseBlockStore::getReadStage() and ::getWriteStage() are deprecated.
Use the new schema unconditionally.
* UserOptionsManager::resetOptions(), ::listOptionKinds and ::getOptionKinds are
deprecated and will emit deprecation warnings. Use the corresponding methods
in PreferencesFactory and UserOptionsManager::resetOptionsByName().
* The `i18n-all-lists-margins` and `interface-message-box` module of SkinModule
are deprecated. The former has been merged into the `elements` module, the
latter has no required replacement. See JavaScript console for instructions.
* ParsoidOutputAccess and all of its methods have been deprecated. Use
ParserOutputAccess with ParserOptions::setUseParsoid() instead.
* ParserOutput::addJsConfigVars(), deprecated since 1.38, now emits deprecation
warnings. Use ParserOutput::setJsConfigVar() instead.
* The following methods of ParserOutput, most of which used to return an
array by reference, have been deprecated. Use the
ParserOutput::getLinkList(...) method with an appropriate link type
instead:
* ParserOutput::getFileSearchOptions() - ParserOutputLinkTypes::MEDIA
* ParserOutput::getImages() - ParserOutputLinkTypes::MEDIA
* ParserOutput::getInterwikiLinks() - ParserOutputLinkTypes::INTERWIKI
* ParserOutput::getLanguageLinks() - ParserOutputLinkTypes::LANGUAGE
* ParserOutput::getLinks() - ParserOutputLinkTypes::LOCAL
* ParserOutput::getLinksSpecial() - ParserOutputLinkTypes::SPECIAL
* ParserOutput::getTemplates() - ParserOutputLinkTypes::TEMPLATE
* ParserOutput::getTemplateIds() - ParserOutputLinkTypes::TEMPLATE
* ParserOutput::setLanguageLinks(null) now emits deprecation warnings. Use
an empty array as an argument, not `null`.
* ParserOutput::setPageProperty() now emits deprecation warnings when called
with non-string values, which has been deprecated since 1.42.
* Use of the reference to the internal array returned by
ParserOutput::getExternalLinks() has been deprecated. In a future release
it will return a copy of the array.
* To support a future change allowing serializing of MessageValue objects
as JSON, the methods MessageValue::objectParams(), Message::objectParams()
and Message::objectParam() are deprecated. The UserGroupMembershipParam
class and the ParamType::OBJECT constant are likewise deprecated.
* Passing null or boolean values as message parameters, which are converted
to strings "" and "1", is deprecated.
* The Less mixin .column-break-after-avoid() is deprecated. Use just the
CSS rule `break-after: avoid-column;` instead now.
* The Less mixins .horizontal-gradient and .vertical-gradient are deprecated.
Use CSS rule linear-gradient directly.
* The following method are deprecated; instead call the appropriate
constructor method in PageRestHelperFactory with the appropriate
initialization arguments:
* HtmlOutputRendererHelper::init()
* HtmlMessageOutputHelper::init()
* HtmlInputTransformHelper::init()
Similarly, calling the constructor method in PageRestHelperFactory
without the appropriate initialization arguments is now deprecated.
* Calling HtmlToContentTransform::setMetrics() and
HtmlInputTransformHelper::setMetrics() with a StatsdDataFactoryInterface
is deprecated and emits warnings. Pass a StatsFactory instead.
* HTMLForm methods getPreText, setPreText, addPreText, getPostText,
setPostText, addPostText, getHeaderText, setHeaderText, addHeaderText,
getFooterText, setFooterText and addFooterText, deprecated since 1.38, now
emit deprecation warnings.
* FormSpecialPage methods preText and postText, deprecated since 1.38, now
emit deprecation warnings.
* EditPage::internalAttemptSave() is deprecated as part of cleaning up how
edits are saved, see T157658 for details.
* The MessageCache::get hook, deprecated since 1.41, now emits deprecation
warnings.
* Twelve deprecated properties of OutputPage now will emit warnings; their
relevant getters or setters should be used instead:
* mCategoryLinks - getCategoryLinks() and setCategoryLinks()
* mCategories - getCategories()
* mIndicators - getIndicators() and setIndicators()
* mHeadItems - getHeadItemsArray(), hasHeadItem(), addHeadItem(),
and addHeadItems()
* mModules - getModules() and addModules()
* mModuleStyles - getModuleStyles() and addModuleStyles()
* mJsConfigVars - getJsConfigVars() and addJsConfigVars()
* mTemplateIds - getTemplateIds()
- mEnableClientCache - Set with enableClientCache() and disableClientCache()
- mNewSectionLink - Get with showNewSectionLink()
- mHideNewSectionLink - Set with forceHideNewSectionLink()
- mNoGallery - getNoGallery()
* The following methods from the OutputPage class were deprecated; use
corresponding methods on the ParserOutput returned from
OutputPage::getMetadata() instead. (For example, instead of
$output->setIndexPolicy() use $output->getMetadata()->setIndexPolicy().)
- ::getIndexPolicy()
- ::setIndexPolicy() (setting 'index' after 'noindex' is deprecated)
- ::getPreventClickjacking()
- ::setPreventClickjacking()
* The hook OutputPageMakeCategoryLinks is deprecated. Use the new hook
OutputPageRenderCategoryLink instead.
* mw.cookie.getCrossSite() has been deprecated due to the removal of
$wgUseSameSiteLegacyCookies in MW 1.42. Use mw.cookie.get().
* The 'help' key in HTMLForm descriptors is deprecated. Use the 'help-raw'
key instead.
* ImageGalleryBase::setWidths() and ::setHeights() will now emit a deprecation
warning if they are called without ImageGalleryBase::setParser() having been
called. Please set the parser appropriately when using the image gallery.
* (T45646) The localisation messages 'copyright' and 'history_copyright' are
deprecated in favor of 'copyright-footer' and 'copyright-footer-history'.
The new messages are parsed as wikitext instead of being treated as raw HTML.
* (T45646) The hook 'SkinCopyrightFooter' is deprecated in favor of
'SkinCopyrightFooterMessage'. The new hook allows specifying copyright
messages that are parsed as wikitext instead of being treated as raw HTML.
* (T374314) The 'mw.Uri' module has been deprecated in favour of the browser-
native URL interface, which is now provided in all supported user agents. For
details, see <https://developer.mozilla.org/en-US/docs/Web/API/URL>.
* The parameter $default in WebRequest::getRawVal() is deprecated. Use ??
instead.
* SpecialBlock::processForm(), SpecialBlock::parseExpiryInput() and
SpecialBlock::canBlockEmail(), deprecated since 1.36, and
SpecialBlock::getSuggestedDurations(), deprecated since 1.42, now emit
deprecation warnings.
* The following soft deprecated Skin methods will now emit warnings:
- Skin::makeSpecialUrl (use SkinComponentUtils::makeSpecialUrl instead)
- Skin::makeSpecialUrlSubpage (use SkinComponentUtils::makeSpecialUrlSubpage
instead)
* The SkinFactory::getSkinNames deprecated in 1.37 now emits warnings,
use getInstalledSkins instead.
=== Other changes in 1.43 ===
* Class aliases to support the old PHPUnit 4 style un-namespaced `PHPUnit_`
classes (such as PHPUnit_Framework_Error) have been removed.
* [Temporary accounts] If $wgAutoCreateTempUser is enabled, then MediaWiki
will create a temporary account and log the user in for unsuccessful edit
attempts and null edits, in addition to edits that change content. This is
a change from the previous paradigm, where temporary accounts were created
only for successful edits. This change is done to support better logging
support and moderation, to ensure that hooks run in a pre-save context have
a user object to associate log entries and other actions with.
* Several entries have been removed from the default list of interwikis used
when installing new wikis. This does not affect existing wikis.
* User auto-creations are now performed as the target user instead of
anonymous IP user.
* [Temporary accounts] T359043 Temporary accounts for anonymous edits are
enabled in DevelopmentSettings.php. To disable the feature, set
`$wgAutoCreateTempUser['enabled'] = false;` in LocalSettings.php
* Corrected the interpretation of empty arrays in extension configuration when
the default value is null. Previously, an empty array specified by the
administrator would transform into the default null value. It now
appropriately retains its empty array state.
* (T362536) Exempted "deletedhistory", "deletedtext", and "viewsuppressed"
rights from namespace protection ($wgNamespaceProtection) since that's
only meant to prevent write actions.
* Image captions are no longer trimmed.
* 'SpecialPasswordResetOnSubmit' hook handlers can now receive both the
username and the email provided by the user, instead of only one of them.
* (T231827, T249976) Searchindex now uses utf8mb4,
si_page is marked as PK and si_title can handle longer title values.
== Compatibility ==
MediaWiki 1.43 requires PHP 8.1.0 or later and the following PHP extensions:
* ctype
* dom
* fileinfo
* iconv
* intl
* json
* mbstring
* openssl
* xml
MariaDB is the recommended database software. MySQL, PostgreSQL, or SQLite can
be used instead, but support for them is somewhat less mature.
The supported versions are:
* MariaDB 10.3 or higher
* MySQL 5.7.0 or higher
* PostgreSQL 10 or later
* SQLite 3.8.0 or later
== Online documentation ==
Documentation for both end-users and site administrators is available on
MediaWiki.org, and is covered under the GNU Free Documentation License (except
for pages that explicitly state that their contents are in the public domain):
<https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation>
== Mailing list ==
A mailing list is available for MediaWiki user support and discussion:
<https://lists.wikimedia.org/postorius/lists/mediawiki-l.lists.wikimedia.org/>
A low-traffic announcements-only list is also available:
<https://lists.wikimedia.org/postorius/lists/mediawiki-announce.lists.wikimedia.org/>
It's highly recommended that you sign up for one of these lists if you're
going to run a public MediaWiki, so you can be notified of security fixes.
== IRC help ==
There's usually someone online in #mediawiki on irc.libera.chat.
= MediaWiki 1.42 =
PHP 8.1 workboard: https://phabricator.wikimedia.org/tag/php_8.1_support/
PHP 8.2 workboard: https://phabricator.wikimedia.org/tag/php_8.2_support/
PHP 8.3 workboard: https://phabricator.wikimedia.org/tag/php_8.3_support/
== MediaWiki 1.42.3 ==
This is a maintenance release of the MediaWiki 1.42 branch.
=== Changes since MediaWiki 1.42.2 ===
* Fix issue related to backport of AbuseFilter patch for T372998.
== MediaWiki 1.42.2 ==
This is a security and maintenance release of the MediaWiki 1.42 branch.
=== Changes since MediaWiki 1.42.1 ===
* Localisation updates.
* Parser: Deprecate use of mOutput before initialization.
* (T365565) PrefixSearch: Make sure $prefix is a string.
* Clarify that $wgAllowCrossOrigin only applies to REST.
* composer.json: Add 5 more ext- to suggests.
* resources: Fix 404 Not Found for foreign Financial-Times/polyfill-library.
* ResourceLoader: Upgrade wikimedia/less.php to 4.4.1.
* SpecialExport: Prevent passing null to strtolower.
Additionally, some language support improvements which went out in 1.42.0 were
not noted; they are included here for completeness:
* (T343865) Added language support for Pu–Xian Min (Simplified Han script)
(cpx-hans).
* (T343865) Added language support for Pu–Xian Min (Traditional Han script)
(cpx-hant).
* (T284043) Added language support for Manchu (mnc).
* (T284043) Added language support for Manchu (Mongolian script) (mnc-mong).
* Added language converter for Central Moroccan Tamazigh (zgh).
== MediaWiki 1.42.1 ==
This is a maintenance release of the MediaWiki 1.42 branch.
=== Changes since MediaWiki 1.42.0 ===
* Localisation updates.
* Name the PagerTools array entries to allow hooks to unset them.
== MediaWiki 1.42.0 ==
=== Changes since MediaWiki 1.42.0-rc.0 ===
* Localisation updates.
* wrapOldPasswords: Improve progress output and decrease batch size.
* (T365060) Serialization test cases: fix filename after ParserOutput
namespacing.
* Use virtual domain when running update maintenance scripts.
* (T361367) ApiFeedWatchlist: Fix handling of array parameters.
* (T366130) EncryptedPassword: Store default parameters as strings.
== MediaWiki 1.42.0-rc.0 ==
== Upgrading notes for 1.42 ==
Don't forget to always back up your database before upgrading!
See the file UPGRADE for more detailed per-version upgrade instructions from the
oldest supported upgrading version, MediaWiki 1.35.
Some specific notes for MediaWiki 1.42 upgrades are below:
* MediaWiki 1.42 requires PHP 8.1 or above (up from 7.4) (T359868).
* MediaWiki now requires Composer 2.x, and any related (vendor) files generated
by Composer must be generated by Composer 2.x. Composer 1.x is mostly end of
life by upstream, and using it will result in slower actions when downloading
and installing packages. See the upstream blog post at
https://blog.packagist.com/deprecating-composer-1-support/ for further
information.
For notes on 1.41.x and older releases, see HISTORY.
=== Configuration changes for system administrators in 1.42 ===
* Composer 1.x is no longer supported, and can no longer be used with MediaWiki.
==== New configuration ====
* $wgMicroStashType: This setting allows for control of the object cache backend
for the MicroStash service.
* $wgEditRecoveryExpiry: This setting sets the number of seconds for which to
keep edit recovery data after each edit is stored.
* $wgDjvuUseBoxedCommand and $wgDjvuShell: The first is a temporary flag to
control whether or not to use BoxedCommand when wrapping DejaVu rendering, and
the second sets the command to call if so.
* $wgConditionalUserOptions: This setting makes it possible to define which user
properties have defaults varying by user, without growing the user_properties
table. The typical use-case is to enable a feature only for users created
after a certain date when rolling out features on large wiki farms.
* $wgGrantRiskGroups: This setting controls the risk levels for each grant, used
to indicate on various UIs which grants should be considered risky. (T290790)
* $wgTempAccountCreationThrottle: This setting is like AccountCreationThrottle,
but to be used for managing temporary account creations.
==== Changed configuration ====
* $wgAutoCreateTempUser: This setting (in active development), which configures
automatic 'temporary' user creation on page save, has had two changes:
- it now supports multiple match patterns on the 'matchPattern' key; and
- it now uses a different format for deciding how to label temporary accounts;
if your wiki used temporary accounts before 1.42, you will need to override
the configuration value to also match the old format of *$1.
* $wgLogActionsHandlers: This setting, which configures handlers for different
log actions, is now ObjectFactory compatible.
* $wgBotPasswordsCluster and $wgBotPasswordsDatabase: These settings have been
deprecated; use $wgVirtualDomainsMapping['virtual-botpasswords'] instead.
* $wgMainPageIsDomainRoot: This setting is no longer considered experimental.
==== Removed configuration ====
* $wgDisableCookieCheck: Removed without deprecation.
* $wgStatsCacheType: Removed without deprecation. Set $wgMicroStashType instead.
* $wgJobSerialCommitThreshold: Removed without deprecation. Any setups using
this config will perform just fine, but might be less performant.
* $wgLogoHD: Deprecated since 1.35. Use $wgLogo instead.
* $wgContentHandlerTextFallback: Deprecated since 1.37. No longer customizable.
* $wgSquidPurgeUseHostHeader: Deprecated since 1.33. No longer customizable, and
always true.
* $wgAllowImageTag: Deprecated since 1.35. Instead, you can register an
extension tag named <img>.
* $wgMinimalPasswordLength and $wgMaximalPasswordLength: Deprecated since 1.26.
Use $wgPasswordPolicy instead.
* $wgUseMediaWikiUIEverywhere: Experimental, removed without deprecation.
* $wgHTMLFormAllowTableFormat: Experimental, removed without deprecation.
* $wgOpenSearchTemplate: Deprecated since 1.25. Instead, you can use
$wgOpenSearchTemplates['application/x-suggestions+json'].
* $wgUseSameSiteLegacyCookies: Removed without deprecation.
=== New user-facing features in 1.42 ===
* (T308160) filter: is now allowed in inline CSS in wikitext
=== New developer features in 1.42 ===
* (T326466) MediaWikiIntegrationTestCase's database and set-up code now avoids
using dynamic properties, which was causing deprecation warnings in PHP 8.2.
* (T13555) MediaWiki now includes styles that allow more accessible markup for
section headings. MediaWiki's own HTML output will be changed in the future.
More information: https://www.mediawiki.org/wiki/Heading_HTML_changes
* (T193472) PHP Notice and Warning errors that are silenced (e.g. by the "@"
operator, error_reporting directive, or Wikimedia\AtEase) are now logged to
a new "silenced-error" channel.
* (T347347) The CLI installer accepts a "--with-developmentsettings" argument
to require the DevelopmentSettings.php file at install time.
* (T350054) MediaWiki's ResourceLoader has been updated to add basic support
for code-splitting (aka "tree-shaking") when using the Codex component
library. A ResourceLoader module can now specify a list of "codexComponents"
in its module defintion and ensure that only the code for those components
gets sent to the client. More information:
https://www.mediawiki.org/wiki/Codex#Subset_of_components
* (T345185) The SessionProviderInterface now allows defining providers that
are exempt from rights checks when auto creating users.
=== External library changes in 1.42 ===
==== New external libraries ====
* Added mediawiki/json-codec at v2.2.1.
* Added mck89/peast at v1.16.2.
==== Changed external libraries ====
* Updated OOUI from v0.48.1 to v0.49.1.
* Updated OOjs Router from 0.3.0 to 0.5.0.
* Updated codex, codex-design-tokens and codex-icons
from v1.0.0 to v1.3.6.
* Updated Vue from v3.2.37-compat to v3.3.9.
* Updated composer/semver from 3.3.2 to 3.4.0.
* Updated guzzlehttp/guzzle from 7.5.3 to 7.7.1.
* Updated monolog/monolog from 2.2.0 to 2.9.2.
* Updated pear/mail from 1.5.1 to 1.6.0.
* Updated pear/mail_mime from 1.10.11 to 1.10.12.
* Updated pear/net_smtp from 1.10.1 to 1.11.1.
* Updated psr/http-message from 1.0.1 to 1.1.
* Updated symfony/polyfill-php80 from 1.28.0 to 1.29.0.
* Updated symfony/polyfill-php81 from 1.28.0 to 1.29.0.
* Updated symfony/polyfill-php82 from 1.28.0 to 1.29.0.
* Updated symfony/polyfill-php83 from 1.28.0 to 1.29.0.
* Updated symfony/yaml from 5.4.23 to 5.4.35.
* Updated wikimedia/less.php from 4.1.1 to 4.2.1.
* Updated wikimedia/minify from 2.5.1 to 2.7.0.
* Updated wikimedia/relpath from 3.0.0 to 4.0.0.
* Updated wikimedia/remex-html from 4.0.1 to 4.1.0.
* Updated wikimedia/shellbox from 4.0.0 to 4.0.1.
===== Changed development-only external libraries =====
* Updated QUnit from v2.19.4 to v2.20.0.
* Updated composer/spdx-licenses from 1.5.7 to 1.5.8.
* Updated doctrine/dbal from 3.4.2 to 3.7.2.
* Updated doctrine/sql-formatter from 1.1.1 to 1.1.3.
* Updated grunt-banana-checker from 0.11.0 to 0.11.1.
* Updated mediawiki/mediawiki-codesniffer from 42.0.0 to 43.0.0.
* Updated mediawiki/mediawiki-phan-config from 0.13.0 to 0.14.0.
* Updated php-parallel-lint/php-parallel-lint from 1.3.2 to 1.4.0.
* Updated phpunit/phpunit from 9.5.28 to 9.6.16.
* Updated psy/psysh from ^0.11.1 to ^0.12.3.
* Updated seld/jsonlint from 1.8.3 to 1.10.1.
* Updated wikimedia/testing-access-wrapper from 2.0.0 to 3.0.0.
=== Action API changes in 1.42 ===
* APIQueryTags now includes "software" in the "source" array for software
generated tags. Reliance on the "extension" entries in this array is now
deprecated, but they will remain for backwards compatibility.
=== Languages updated in 1.42 ===
MediaWiki supports over 350 languages. Many localisations are updated regularly.
Below only new and removed languages are listed, as well as changes to languages
because of Phabricator reports.
* (T268143) Language variant conversion has been removed for Kazakh.
* (T352776) Updated autonym spelling for the Mon language (mnw).
* (T351874) Added language support for Komering (kge).
* (T351992) Added language support for Efik (efi).
* (T352954) Added language support for Rutul (rut).
* (T353058) Added language support for Arbëresh (aae).
* (T353307) Added language support for Guadeloupean Creole (gcf).
* (T353500) Added language support for Southeastern Kolami (nit).
* (T354519) Added language support for Tooro (ttj).
* (T354926) Added language support for Nyoro (nyo).
* (T356616) Added language support for Chinook Jargon (chn).
* (T357879) Added language support for Ibibio (ibb).
=== Breaking changes in 1.42 ===
* (T340802) ResourceLoader: The targets system is no longer active; all modules
will load on all platforms even if they are marked as desktop- or mobile-only
in the 'targets' field, which is no longer read. As part of this, the internal
methods RL\Module::setTarget() & ::getTargets(), and OutputPage::setTarget(),
have been removed.
* TitleArray, deprecated since 1.41, has been removed.
* UserRightsProxy, deprecated since 1.38, has been removed.
* SiteConfiguration::getConfig(), deprecated in 1.41, has been removed.
* UserLoginCompleteHook is always called with its $direct parameter set to
boolean true. The false case has been removed.
* MagicWord::load() has been marked @internal, and may change in the future
without further notice.
* All classes that implemented the IDBAccessObject interface and all interfaces
that extended it, no longer do that. See https://w.wiki/9DAX for more info.
* The type of the last parameter of BeforeInitializeHook::onBeforeInitialize()
and MediaWikiPerformActionHook::onMediaWikiPerformAction() changed from the
MediaWiki class to the new ActionEntryPoint. Relevant methods are still
available on the object.
* Classes that override Maintenance::finalSetup() must now declare the $settings
parameter and pass it on when calling the parent implementation.
MaintenanceRunner will always provide this parameter when calling
finalSetup().
* WebResponse::disableForPostSend() is no longer static.
* MediaWiki's virtualrest internal library has been removed, in favor of just
using other HTTP libraries: Guzzle, MultiHttpClient or MwHttpRequest.
* Several deprecated methods have been removed from the Content interface,
in favor of the respective methods in ContentHandlers. Callers should
use a more narrow interface like ContentRenderer or ContentTransformer
when possible. The following methods have been removed from Content:
- getParserOutput()
- preSaveTransform()
- preloadTransform()
- prepareSave()
* User::blockedFor() and AbstractBlock::getReason(), deprecated in 1.35, have
been removed. Use AbstractBlock::getReasonComment() instead.
* SerializedValueContainer::newUnified(), deprecated in 1.41 has been removed.
* Use of ActorMigration for any of the following tables, deprecated since 1.34,
is no longer supported:
- archive
- image
- oldimage
- filearchive
- recentchanges
- logging
- ipblocks
* ParserOutput::setFlag() and ::getFlag(), deprecated in 1.38, were removed. You
should use ::setOutputFlag() and ::getOutputFlag() instead.
* ParserOutput::getCategories(), deprecated in 1.40, has been removed. You
should use ::getCategoryNames() and ::getCategorySortKey() instead.
* ParserOutput::getTOCHTML(), deprecated in 1.40, has been removed. You should
use ::getTOCData() instead.
* The parser does not substitute the default category sort key at parse time;
this is substituted when the category links table is updated instead. As a
result {{DEFAULTSORT}} will affect all the contents of the page (not just
categories added after the location of {{DEFAULTSORT}} in the article) and
ParserOutput::getCategorySortKey() will return the empty string (still
meaning "use the default sort key") instead of the immediate value of
{{DEFAULTSORT}}. ParserOutput::getCategorySortKey() will directly reflect the
category link contents, instead of having post-processing done to it
(character references decoded, new lines replaced, language conversion). That
post-processing is now done when the category links table is updated, and so
it consistently applies even when categories are added directly via API.
* PostgresUpdater::addPgEnumValue() unused everywhere, have been removed
without deprecation. Use of ENUM is highly discouraged.
* ILoadBalancer::getAnyOpenConnection() has been removed without deprecation,
use ::getConnection() instead.
* The unused method CommentStore::getFields() has been removed without
depreaction.
* LanguageConverter's internal properties, all deprecated in 1.35 or 1.36, have
now had their deprecated property accessors dropped:
- mConvRuleTitle
- mUserVariant
- mHeaderVariant
- mMaxDepth
- mVarSeparatorPattern
- mLangObj
- mTablesLoaded
- mTables
- mVariants
- mMainLanguageCode
- mVariantFallbacks
- mFlags
- mVariantNames
- mDescCodeSep
- mDescVarSep
* OutputPage::addParserOutputText has been marked @internal since there are no
known users of it. Its old behavior has been deprecated and will change
in the future without further notice.
* A some methods of ConnectionManager and SessionConsistentConnectionManager,
previously deprecated, have been removed:
- ::releaseConnection(), deprecated in 1.38; do not use
- ::getWriteConnectionRef(), deprecated in 1.39; use getWriteConnection()
- ::getReadConnectionRef(), deprecated in 1.38; use getReadConnection()
- ::getLazyWriteConnectionRef(), deprecated in 1.39; use getWriteConnection()
- ::getLazyReadConnectionRef(), deprecated in 1.38; use getReadConnection()
* CoreParserFunctions::mwnamespace(), deprecated in 1.39, has been removed. Use
CoreParserFunctions::namespace() instead.
* Processor:: and ExtensionProcessor::getExtraAutoloaderPaths(), deprecated in
1.39, have been removed; use ::getExtractedAutoloadInfo() instead.
* MWExceptionHandler::rollbackMasterChangesAndLog(), deprecated in 1.37, has
been removed. Use ::rollbackPrimaryChangesAndLog() instead.
* Passing a custom database connection to DatabaseBlockStore::insertBlock(),
deprecated since 1.41, is no longer supported.
* LanguageConverterFactory::isTitleConversionDisabled(), deprecated in 1.36,
has been removed. Use ::isLinkConversionDisabled() instead.
* MediaWikiIntegrationTestCase::$tablesUsed has been deprecated. The framework
now detects these automatically.
* Passing an actor id to the constructor of UserIdentityValue, deprecated
since 1.36, is no longer being supported.
* Support for setting dynamic property on StatusValue object has been removed.
To pass your arbitrary data along the object, use StatusValue::statusData
property (which is always declared).
* The global function wfReportTime(), deprecated since 1.40, has been removed.
* The skin template parameter 'reporttime', deprecated since 1.41, has been
removed.
* WikiPage::getPageIsRedirectField(), deprecated since 1.41, has been removed.
* WikiPage::insertRedirect(), deprecated since 1.41, has been removed.
* Several methods in PageArchive, all deprecated in 1.38, have been removed:
- ::listRevisions()
- ::getRevisionRecordByTimestamp()
- ::getArchivedRevisionRecord()
- ::getPreviousRevisionRecord()
- ::getLastRevisionId()
- ::isDeleted()
- ::getFileStatus()
- ::getRevisionStatus()
* Database, DatabaseInstaller, DatabaseUpdater, DBPrimaryPos, ResultWrapper and
SQLPlatform are no longer stable to extend. It is not possible to define
database types in an extension.
* UserDef::PARAM_ALLOWED_USER_TYPES now differentiates between temporary account
usernames and user accounts. Any endpoints that want temp users to be
valid but were passing a name through will break. Temp users must now be
explicitly allowed.
* The Hooks class, a legacy wrapper for HooksContainer, has been removed. All of
its contents have been previously deprecated in 1.35 (or 1.41 for ::runner()):
- ::register()
- ::clear(),
- ::isRegistered()
- ::getHandlers()
- ::run()
- ::runWithoutAbort()
- ::runner()
* Article::__get(), ::__set(), deprecated since 1.35, have been removed.
* Several API calls have been updated to return a 'temp' user flag:
- ApiQueryImageInfo
- ApiQueryLogEvents
- ApiQueryRecentChanges
- APIs extended from ApiQueryRevisionsBase
* Parser::getCustomDefaultSort() and ::setDefaultSort(), deprecated since 1.38,
have been removed.
* UserOptionsLookup::getDefaultOptions() and ::getDefaultOption() now accept a
UserIdentity, to take conditional defaults for user properties into account.
When run on a wiki where conditional defaults are used, calling those methods
without the UserIdentity might produce unexpected results.
* Installer-related classes have been namespaced without having aliases added.
The following have been moved to MediaWiki\Installer:
- CliInstaller
- DatabaseInstaller
- InstallDocFormatter
- Installer
- InstallerOverrides
- InstallerSessionProvider
- LocalSettingsGenerator
- MysqlInstaller
- PostgresInstaller
- PostgresUpdater
- SqliteInstaller
- SqliteUpdater
- WebInstaller
- WebInstallerComplete
- WebInstallerCopying
- WebInstallerDBConnect
- WebInstallerDBSettings
- WebInstallerDocument
- WebInstallerExistingWikis
- WebInstallerInstall
- WebInstallerLanguage
- WebInstallerName
- WebInstallerOptions
- WebInstallerOutput
- WebInstallerPage
- WebInstallerReleaseNotes
- WebInstallerRestart
- WebInstallerUpgrade
- WebInstallerUpgradeDoc
- WebInstallerWelcome
* The file mediawiki.ui/variables.less, deprecated since 1.41, has been
removed in favor of mediawiki.skin.variables.less.
* The file mediawiki.ui/utilities.less, with its three layout CSS classes, has
been removed.
* The module `jquery.cookie` (deprecated as of 1.41) has been removed. Please
use `mediawiki.cookie` instead
* The no-op module `es6-polyfills` (deprecated as of 1.41) has been removed.
* Log formatters (as defined in $wgLogActionsHandlers) are now created by
ObjectFactory, which means their constructors must be public. Legacy log
formatters using callbacks instead of class names are no longer supported.
* The old aliases for the namespaced ResourceLoader classes, deprecated since
they were moved in MediaWiki 1.39, have now been dropped:
- ResourceLoader – use MediaWiki\ResourceLoader\ResourceLoader
- ResourceLoaderCircularDependencyError
– use MediaWiki\ResourceLoader\CircularDependencyError
- ResourceLoaderClientHtml – use MediaWiki\ResourceLoader\ClientHtml
- ResourceLoaderCodexModule – use MediaWiki\ResourceLoader\CodexModule
- ResourceLoaderContext – use MediaWiki\ResourceLoader\Context
- ResourceLoaderFileModule – use MediaWiki\ResourceLoader\FileModule
- ResourceLoaderFilePath – use MediaWiki\ResourceLoader\FilePath
- ResourceLoaderForeignApiModule
– use MediaWiki\ResourceLoader\ForeignApiModule
- ResourceLoaderImage – use MediaWiki\ResourceLoader\Image
- ResourceLoaderImageModule – use MediaWiki\ResourceLoader\ImageModule
- ResourceLoaderLessVarFileModule
– use MediaWiki\ResourceLoader\LessVarFileModule
- ResourceLoaderModule – use MediaWiki\ResourceLoader\Module
- ResourceLoaderMwUrlModule – use MediaWiki\ResourceLoader\MwUrlModule
- ResourceLoaderOOUIFileModule – use MediaWiki\ResourceLoader\OOUIFileModule
- ResourceLoaderOOUIIconPackModule
– use MediaWiki\ResourceLoader\OOUIIconPackModule
- ResourceLoaderOOUIImageModule
– use MediaWiki\ResourceLoader\OOUIImageModule
- ResourceLoaderOOUIModule – use MediaWiki\ResourceLoader\OOUIModule
- ResourceLoaderSiteModule – use MediaWiki\ResourceLoader\SiteModule
- ResourceLoaderSiteStylesModule
– use MediaWiki\ResourceLoader\SiteStylesModule
- ResourceLoaderSkinModule – use MediaWiki\ResourceLoader\SkinModule
- ResourceLoaderStartUpModule – use MediaWiki\ResourceLoader\StartUpModule
- ResourceLoaderUserModule – use MediaWiki\ResourceLoader\UserModule
- ResourceLoaderUserOptionsModule
– use MediaWiki\ResourceLoader\UserOptionsModule
- ResourceLoaderUserStylesModule
– use MediaWiki\ResourceLoader\UserStylesModule
- ResourceLoaderWikiModule – use MediaWiki\ResourceLoader\WikiModule
- DerivativeResourceLoaderContext
– use MediaWiki\ResourceLoader\DerivativeContext
- MessageBlobStore – use MediaWiki\ResourceLoader\MessageBlobStore
- VueComponentParser – use MediaWiki\ResourceLoader\VueComponentParser
* (T318989) Skin::lastModified, deprecated since 1.40, has been removed.
* Composer 1.x is no longer supported, and can no longer be used with MediaWiki.
* Title::GAID_FOR_UPDATE, deprecated in 1.34, has been removed. Instead, your
code should use IDBAccessObject::READ_LATEST.
* Six private Title class members, deprecated in 1.37, are now fully private;
use their corresponding accessor methods:
- $mTextform -> getText()
- $mUrlform -> getPartialURL()
- $mDbkeyform -> getDBkey()
- $mNamespace -> getNamespace()
- $mInterwiki -> getInterwiki()
- $mFragment -> getFragment()
* Skin::bottomScripts, deprecated since 1.37, has been removed.
* Fallback index and options have been removed from
DBAccessObjectUtils::getDBOptions() without deprecation.
* The deprecated class aliases for now-namespaced or renamed PHP classes that
were added in or before 1.39 LTS have now been removed:
- Blob -> Wikimedia\Rdbms\Blob
- Block -> MediaWiki\Block\DatabaseBlock
- DBAccessError -> Wikimedia\Rdbms\DBAccessError
- DBConnectionError -> Wikimedia\Rdbms\DBConnectionError
- DBError -> Wikimedia\Rdbms\DBError
- DBExpectedError -> Wikimedia\Rdbms\DBExpectedError
- DBQueryError -> Wikimedia\Rdbms\DBQueryError
- DBReadOnlyError -> Wikimedia\Rdbms\DBReadOnlyError
- DBReplicationWaitError -> Wikimedia\Rdbms\DBReplicationWaitError
- DBTransactionError -> Wikimedia\Rdbms\DBTransactionError
- DBTransactionSizeError -> Wikimedia\Rdbms\DBTransactionSizeError
- DBUnexpectedError -> Wikimedia\Rdbms\DBUnexpectedError
- DatabaseMysqlBase -> Wikimedia\Rdbms\DatabaseMySQL
- DatabaseMysqli -> Wikimedia\Rdbms\DatabaseMySQL
- EasyDeflate -> Deflate
- Field -> Wikimedia\Rdbms\Field
- IMaintainableDatabase -> Wikimedia\Rdbms\IMaintainableDatabase
- LinksDeletionUpdate -> MediaWiki\Deferred\LinksUpdate\LinksDeletionUpdate
- LinksUpdate -> MediaWiki\Deferred\LinksUpdate\LinksUpdate
- LoadBalancer -> Wikimedia\Rdbms\LoadBalancer
- LoadBalancerSingle -> Wikimedia\Rdbms\LoadBalancerSingle
- RCFeedEngine -> FormattedRCFeed
- RandomPage -> MediaWiki\Specials\SpecialRandomPage
* The return value of IDatabase::upsert(), deprecated since 1.33, has been
removed.
* Instancing MediaWiki\Specials\SpecialRandomPage without injected services has
been removed.
* SpecialPage::listed() and ::setListed(), deprecated since 1.35, have both been
removed. Use ::isListed() to read, and over-ride by implementing isListed() or
by sub-classing UnlistedSpecialPage.
* BlockListPager::getTotalAutoblocks() was removed.
=== Deprecations in 1.42 ===
* (T273239) wfGetDB(), deprecated in 1.39, now emits deprecation warnings. Most
code can migrate to MediaWikiServices::getInstance()->getConnectionProvider()
->getReplicaDatabase() or …->getPrimaryDatabase() as appropriate.
* (T166010) All PHP code in MediaWiki is slowly being moved to be in a class
namespace as appropriate, so that we can use PSR-4 auto-loading, which will
speed up general code loading of MediaWiki. The old global namespace class
names are being left behind as deprecated aliases.
In this release of MediaWiki, 1868 classes now have a namespace and 821 do
not yet (69% done, up from 63% in MediaWiki 1.41.0). The following have newly
been moved:
- MediaWiki\Cache:
- BacklinkCache
- FileCacheBase
- GenderCache
- HTMLCacheUpdater (and fix case for consistency with HTMLFileCache)
- LinkBatch
- LinkCache
- UserCache
- MediaWiki\Context:
- ContextSource
- DerivativeContextSource
- IContextSource
- MutableContext
- RequestContext
- MediaWiki\Deferred:
- AtomicSectionUpdate
- AutoCommitUpdate
- CdnCacheUpdate
- DataUpdate
- DeferrableCallback
- DeferrableUpdate
- DeferredUpdates
- DeferredUpdatesScope
- DeferredUpdatesScopeMediaWikiStack
- DeferredUpdatesScopeStack
- EnqueueableDataUpdate
- HtmlFileCacheUpdate
- JobQueueEnqueueUpdate
- MWCallableUpdate
- MergeableUpdate
- MessageCacheUpdate
- SearchUpdate
- SendPasswordResetEmailUpdate
- SiteStatsUpdate
- TransactionRoundAwareUpdate
- TransactionRoundDefiningUpdate
- UserEditCountInfo
- UserEditCountUpdate
- MediaWiki\HTMLForm:
- CodexHTMLForm
- CollapsibleFieldsetLayout
- HTMLForm
- HTMLFormActionFieldLayout
- HTMLFormElement
- HTMLFormField
- HTMLFormFieldLayout
- HTMLFormFieldRequiredOptionsException
- HTMLNestedFilterable
- OOUIHTMLForm
- VFormHTMLForm
- MediaWiki\HTMLForm\Field:
- HTMLApiField
- HTMLAutoCompleteSelectField
- HTMLButtonField
- HTMLCheckField
- HTMLCheckMatrix
- HTMLComboboxField
- HTMLDateTimeField
- HTMLEditTools
- HTMLExpiryField
- HTMLFileField
- HTMLFloatField
- HTMLFormFieldCloner
- HTMLFormFieldWithButton
- HTMLHiddenField
- HTMLInfoField
- HTMLIntField
- HTMLMultiSelectField
- HTMLNamespacesMultiselectField
- HTMLRadioField
- HTMLRestrictionsField
- HTMLSelectAndOtherField
- HTMLSelectField
- HTMLSelectLanguageField
- HTMLSelectLimitField
- HTMLSelectNamespace
- HTMLSelectNamespaceWithButton
- HTMLSelectOrOtherField
- HTMLSizeFilterField
- HTMLSubmitField
- HTMLTagFilter
- HTMLTagMultiselectField
- HTMLTextAreaField
- HTMLTextField
- HTMLTextFieldWithButton
- HTMLTimezoneField
- HTMLTitleTextField
- HTMLTitlesMultiselectField
- HTMLToggleSwitchField
- HTMLUserTextField
- HTMLUsersMultiselectField
- MediaWiki\Installer:
- DatabaseUpdater
- MysqlUpdater
- MediaWiki\LinkedData:
- PageDataRequestHandler
- MediaWiki\Maintenance:
- Version
- MediaWiki\Message:
- Message
- MediaWiki\Parser:
- Parser
- ParserOutput
- MediaWiki\PoolCounter:
- PoolCounter
- PoolCounterNull
- PoolCounterRedis
- PoolCounterWork
- PoolCounterWorkViaCallback
- PoolWorkArticleView
- PoolWorkArticleViewCurrent
- PoolWorkArticleViewOld
- MediaWiki\Site:
- CachingSiteStore
- DBSiteStore
- HashSiteStore
- MediaWikiSite
- Site
- SiteExporter
- SiteImporter
- SiteList
- SiteLookup
- SiteStore
- (T352284) MediaWiki\User\Options:
- DefaultOptionsLookup
- UserOptionsLookup
- UserOptionsManager
- StaticUserOptionsLookup
* Some hook classes have been moved from the generic MediaWiki\Hooks namespace
to live closer to the code which uses them:
- MediaWiki\Output\Hook:
- AfterBuildFeedLinksHook
- AfterFinalPageOutputHook
- BeforePageDisplayHook
- BeforePageRedirectHook
- GetCacheVaryCookiesHook
- LanguageLinksHook
- MakeGlobalVariablesScriptHook
- OutputPageAfterGetHeadLinksArrayHook
- OutputPageBeforeHTMLHook
- OutputPageBodyAttributesHook
- OutputPageCheckLastModifiedHook
- OutputPageMakeCategoryLinksHook
- OutputPageParserOutputHook
* API modules using ApiBase::requirePostedParameters() must also override
mustBePosted() to return true.
* Overriding MWException::getHTML(), ::getText(), ::getPageTitle(), and
::reportHTML() in order to display custom exception messages is now
deprecated. Provide the error message when constructing the Exception,
or if you need a whole custom error page, use ErrorPageError instead.
* Using `new ImportReporter( … )` or `new ApiImportReporter( … )` without
the $context parameter is now deprecated.
* Using `WikiImporterFactory::getWikiImporter()` without the $performer
parameter is now deprecated.
* BlockManager::getUserBlock() was deprecated. Instead use
BlockManager::getBlock(), which expects the caller to do ipblock-exempt
checking.
* The `composer phpunit:entrypoint` entrypoint has been deprecated, along with
bootstrap.integration.php and suite.xml. Run tests with `composer phpunit`
instead, or simply `vendor/bin/phpunit`, which use bootstrap.php and
phpunit.xml.dist.
* The global variable $wgCommandLineMode is deprecated. In most cases checks
for `$wgCommandLineMode` can be replaced with `MW_ENTRY_POINT === 'cli'`.
* The global function wfUnpack is deprecated and emits deprecation
warnings. Use StringUtils::unpack instead.
* BagOStuff::setNewPreparedValues() now emits deprecation warnings.
* SpecialEmailUser::getTarget() has been deprecated.
* User::isBlocked(), ::isBlockedFromCreateAccount() and ::isBlockedFrom() now
emit deprecation warnings. They were deprecated since 1.34, 1.37 and 1.33
respectively.
* DatabaseBlock::newFromID() was deprecated and will emit deprecation warnings.
Instead use DatabaseBlockStore::newFromID().
* DatabaseBlock::getAutoblockExpiry() was deprecated without replacement.
* MagicWord::getId() has been deprecated.
* MagicWordFactory::getSubstIDs() has been deprecated.
* Status::setMessageLocalizer is deprecated. Callers that want to control the
localization of the Status object should obtain a StatusFormatter from
the StatusFormatterFactory.
* Html::buttonAttributes() and Html::getTextInputAttributes() methods
no longer do anything and have been deprecated.
* DatabaseBlock::doAutoblock and ::updateTimestamp are now deprecated, use
DatabaseBlockStore::doAutoblock and ::updateTimestamp instead.
* The MediaWiki class has been deprecated. Type hints in hooks should be
changed to refer to MediaWikiEntryPoint instead. Note that extensions should
not define their own entry points and should not interfere with the state of
MediaWikiEntryPoint instances.
* Various methods in ObjectCache have been deprecated and their equivalent made
available in ObjectCacheFactory, use them instead:
- ::getInstance() -> ObjectCacheFactory::getInstance()
- ::newFromParams() -> ObjectCacheFactory::newFromParams()
- ::newAnything() -> ObjectCacheFactory::newInstance(
ObjectCache::getAnythingId() )
- ::getLocalServerInstance() -> ObjectCacheFactory::getLocalServerInstance()
- ::clear() -> ObjectCacheFactory::clear()
- In addition, the ObjectCache::$instances member has been deprecated as well.
* Vuex has been deprecated in favor of its successor, Pinia. Though deprecated,
Vuex 4 will remain accessible for the foreseeable future. Pinia should be used
for new projects.
* Linker::makeHeadline() has been deprecated.
* SerializedValueContainer::isUnified() has been deprecated and now emits
deprecation warnings since 1.42.
* Linker::generateTOC(), Linker::tocIndent(), Linker::tocUnindent(),
Linker::tocLine(), Linker::tocLineEnd(), Linker::tocList() are deprecated.
* Title::getBrokenLinksFrom() has been deprecated.
* LogFormatter subclasses now emit deprecation warnings unless they are
constructed using LogFormatterFactory.
* ReplicatedBagOStuff has been deprecated since 1.42.
* The third argument to ContentRenderer::getParserOutput() now accepts a
RevisionRecord or WikiRevision; passing an integer revision id has been
deprecated and emits a warning.
* Passing a null value to ParserOutput::setPageProperty() has been deprecated
and emits a warning; pass an empty string or use `::unsetPageProperty()`
instead.
* Passing a non-string value to ParserOutput::setPageProperty() has been
deprecated; use ::setNumericPageProperty() instead.
* Passing a non-scalar value to ParserOutput::setPageProperty() will emit
a warning (it has never worked).
* ParserOutput::setLanguageLinks() has been deprecated.
* ParserOutput::getTimestamp() and ::setTimestamp() have been deprecated; use
::getRevisionTimestamp() and ::setRevisionTimestamp() instead.
* ParserOutput::setText() has been deprecated; use ::setRawText() instead which
matches the name of the corresponding getter, ParserOutput::getRawText().
* ParserOutput::addTemplate() will emit a deprecation warning if it is called
with a non-local title, such as an interwiki link. In a future release it will
throw InvalidArgumentException.
* The use of dynamic properties of Parser has been deprecated and will emit
deprecation warnings.
* The following deprecated public properties of Parser will emit deprecation
warnings:
- Parser::$ot, deprecated since 1.35
- Parser::$mTitle, deprecated since 1.35
- Parser::$mOptions, deprecated since 1.35
* The following deprecated public properties of Parser are now marked
for internal use only:
- Parser::$mPPNodeCount, deprecated since 1.35
- Parser::$mHighestExpansionDepth, deprecated since 1.35
* ApiQueryBlockInfoTrait::addBlockInfoToQuery() will emit deprecation warnings
and will soon stop working due to schema changes. Instead use
addDeletedUserFilter() or getBlockDetailsForRows().
* UploadBase::getImageInfo was deprecated, subclasses of ApiUpload can use
ApiUpload::getUploadImageInfo() instead.
* DatabaseBlockStore::updateTimestamp() is now internal and should not be
called.
* The LocalisationCache helper class GlobalDependency has been deprecated,
use MainConfigDependency instead.
* The module `mediawiki.icon` has been deprecated. Use the Codex mixin instead
(T351681).
* ConfigRepository::class and MediaWikiServices::getConfigRepository() have been
deprecated, they are unused.
* Passing a WikiPage to PageEditStash::parseAndCache() has been deprecated.
Use PageUpdater instance.
* SpecialBlock::getSuggestedDurations() has been deprecated, use
Language::getBlockDurations() instead.
* MediaWikiServices::getBlockErrorFormatter() has been deprecated, use
MediaWikiServices::getFormatterFactory()->getBlockErrorFormatter() instead.
* DummyLinker has been deprecated. The DummyLinker parameter to the
'ImageBeforeProduceHTML' hook will become null in the future.
* Database::listViews() has been deprecated. This was previously used to filter
views out of the return value of Database::listTables(). Now listTables()
will not include views. MediaWiki does not use views.
* (T207621) UserMailer::rfc822Phrase(), deprecated since 1.38, now emits
deprecation warnings.
* TempUserConfig::getMatchPattern() has been deprecated, use getMatchPatterns()
instead.
* (T230025) Title::purgeSquid(), deprecated in 1.35, now emits warnings.
* Title::getCdnUrls(), deprecated in 1.35, now emits warnings.
* The rarely-used convenience method Xml::wrapClass() is now deprecated. Instead
you can use Xml::tags('span', ['class'=>'foo'], 'bar').
* WebRequest::getCrossSiteCookie() has been deprecated due to the removal of
$wgUseSameSiteLegacyCookies. It will emit deprecation warnings. Use
WebRequest::getCookie().
* Using the array_merge_recursive merge strategy in extension.json and skin.json
now emits deprecation warnings.
* DBAccessObjectUtils::getDBFromIndex() is now deprecated, use
::getDBFromRecency() instead.
* Many Xml methods that are specific to HTML but not XML are deprecated:
- Xml::buildForm
- Xml::buildTable
- Xml::buildTableRow
- Xml::check
- Xml::checkLabel
- Xml::dateMenu
- Xml::fieldset
- Xml::input
- Xml::inputLabel
- Xml::inputLabelSep
- Xml::label
- Xml::languageSelector
- Xml::listDropdown
- Xml::listDropdownOptions
- Xml::listDropdownOptionsOoui
- Xml::monthSelector
- Xml::option
- Xml::password
- Xml::radio
- Xml::radioLabel
- Xml::span
- Xml::submitButton
- Xml::textarea
- Xml::attrib (only for use in HTML, not XML contexts)
* IMaintainableDatabase::truncate() has been deprecated. Use truncateTable()
instead.
* TextConflictHelper->incrementStatsByUserEdits() is now deprecated. The action
this function previously handled should be moved into incrementConflictStats()
and incrementResolvedStats().
* SQLPlatform::getQueryVerb() is now deprecated.
=== Other changes in 1.42 ===
* Gallery: Image captions are no longer wrapped in <p> tags. Skins that
customize rendering for galleries may need to tweak their CSS.
* Scripts under maintenance/dev/, for quickly setup a local MediaWiki for
development purposes, have been removed, see DEVELOPERS.md for alternatives.
= MediaWiki 1.41 =
PHP 8.0 workboard: https://phabricator.wikimedia.org/tag/php_8.0_support/
PHP 8.1 workboard: https://phabricator.wikimedia.org/tag/php_8.1_support/
PHP 8.2 workboard: https://phabricator.wikimedia.org/tag/php_8.2_support/
PHP 8.3 workboard: https://phabricator.wikimedia.org/tag/php_8.3_support/
== MediaWiki 1.41.4 ==
This is a maintenance release of the MediaWiki 1.41 branch.
=== Changes since MediaWiki 1.41.3 ===
* Fix issue related to backport of AbuseFilter patch for T372998.
== MediaWiki 1.41.3 ==
This is a security and maintenance release of the MediaWiki 1.41 branch.
=== Changes since MediaWiki 1.41.2 ===
* Localisation updates.
* Parser: Deprecate use of mOutput before initialization.
* Clarify that $wgAllowCrossOrigin only applies to REST.
* composer.json: Add 5 more ext- to suggests.
* resources: Fix 404 Not Found for foreign Financial-Times/polyfill-library.
* ResourceLoader: Fix regression of color mapping in Less.php.
* ResourceLoader: Upgrade wikimedia/less.php to 4.4.1.
* SpecialExport: Prevent passing null to strtolower.
== MediaWiki 1.41.2 ==
This is a maintenance release of the MediaWiki 1.41 branch.
=== Changes since MediaWiki 1.41.1 ===
* Localisation updates.
* maintenance/generateSitemap.php: Partially revert 676fcf4.
* tests: Skip failing tests on php8.2 (and make pass).
* (T326480) ApiResult: Make array ordering consistent across PHP versions.
* (T352789, T287972) build: Raise TestingAccessWrapper from 2.0.0 to 3.0.0.
* (T326478) tests: Create new classes to hold dynamic properties in auth tests.
* (T353180) WANObjectCacheTest::testPreemptiveRefresh: Skip flaky test for PHP
8.2+.
* tests: Remove es6 option from StartUpModuleTest.
* (T326478) tests: Avoid dynamic properties in AuthenticationProvider Test.
* tests: Skip failing tests on php8.3 (and make pass).
* (T326466) Introduce and use DynamicPropertyTestHelper.
* (T326478) tests: Avoid dynamic properties in auth tests.
* (T352910) tests: Use TestingAccessWrapper::newFromClass in session tests.
* (T326478) tests: Avoid dynamic properties in SessionManagerTest.
* ArticleTest: Skip testGetOrSetOnNewProperty() if PHP >= 8.2.
* tests: Remove dead code from WikiPageDbTest::assertPreparedEditNotEquals.
* (T326479, T361985) StatusValue: Allow passing arbitrary data to augment
result.
* (T357760) Use i18n strings for truncated subpage message in SpecialMovePage.
* debug: Update PsySH 0.11.1 -> 0.12.3.
* (T361991) Fix slash-delimited regex from CLI on maintenence/grep.php.
* (T352695) tests: Only set $dbSetup if setupTestDB() ends without throwing.
* (T362272) api: Replace null $httpCode by 0 in ApiBase::dieWithErrorOrDebug.
* (T362740) api: Pass wikiId to UserIdentity instance for action=userrights.
* (T343994) SpecialPages: Document which class getDescription is returning a
string from.
* (T150647, T216682) Make EncryptedPassword work with Argon2Password.
* (T364270) Fix long param names overlapping docs in API help pages.
* wrapOldPasswords: Improve progress output and decrease batch size.
* (T361367) ApiFeedWatchlist: Fix handling of array parameters.
* (T366130) EncryptedPassword: Store default parameters as strings.
* Name the PagerTools array entries to allow hooks to unset them.
* Do not mark HttpRequestFactory as @internal.
== MediaWiki 1.41.1 ==
This is a security and maintenance release of the MediaWiki 1.41 branch.
=== Changes since MediaWiki 1.41.0 ===
* Localisation updates.
* CategoryViewer: Fix "count(): Argument #1 ($value) must be of type
Countable|array, null given".
* (T353929) ActiveUsersPager: Count actions only once.
* composer: Use @php instead of php.
* (T334992) Headings in the license pickers should not be selected.
* (T326065) Indent JsonContent using tabs.
* Correct deprecation version of mediawiki.ui resource loader module.
* Resources.php: Replace short urls with full urls.
* (T354541) authmanager: Improve AuthenticationRequest docs.
* Tweak docs for UseLegacyMediaStyles.
* (T353870) Parse custom edit intro as content to enable language conversion.
* (T330428) ForeignResourceManager: Add trailing newline in validateLicense.
* ForeignResourceManager: Make it clearer what is being skipped for
documentation-only.
* (T355017) Add missing space in Special:RecentChangesLinked.
* (T355003) composer.json Add ext-bcmath and ext-gmp to suggests.
* PHPVersionCheck: Update text to match currently supported upstream PHP
versions (8.1+).
* (T354045) API: mark HTML output as non-cacheable.
* (T355530) filerepo: Fix img_major_mime for files with a non-standard
extensions.
* (T355530) MimeAnalyzer: Add @since to isValidMajorMimeType.
* (T352554) ZhConverter: Fix language variant fallback chain.
* (T347541) Add 'maxlength' and 'minlength' support to HTMLTextAreaField.
* (T357668) Parser::getExternalLinkAttribs: Don't set rel attribute to null.
* LockManagerGroupIntegrationTest: Remove test depending on DBLockManager.
* (T357808) LinkRendererTest: Add missing import for LinkTarget.
* (T353305) ApiResetPassword: Allow both user and email parameters to be passed
for reset.
* (T358949) updateCollation: Explicitly cast $scale to int.
* (T359055) api: Improve linking of language codes lists in top level i18n
messages.
* (T359294) Make sure MovePage::isValidFileMove matches UploadBase::getTitle.
* (T230245) Respect $maxConcurrency when queuing async FileOps.
* (T352554) Follow-up "ZhConverter: Fix language variant fallback chain".
* (T359139) Restore ability to disable footer links with "-".
* Fix use of array keys in SessionManager::getVaryHeaders().
* (T292237, T317451) build: Restore Doxygen output for MediaWiki release tags.
* (T324903) HistoryPager: Add #[AllowDynamicProperties].
* (T360850) Update Apache config syntax in .htaccess files.
* Update wikimedia/parsoid to 0.18.2.
* docs: Remove use of $IP from mwdocgen.php.
* (T317451) build: Restore Doxygen output for MediaWiki release tags (take 3).
* docs: Set stable permalink on markdown files.
* (T360608) WebRequest: detectServer appends default ports that should be
omitted.
* (T357019) allow maintenance/deleteBatch.php to accept page ID.
* (T355538, CVE-2024-34507) SECURITY: XSS in edit summary parser.
* (T357760, CVE-2024-34506) SECURITY: Denial of service vector via GET request
to Special:MovePage on pages with thousands of subpages.
=== Changes since MediaWiki 1.41.0-rc.0 ===
* Localisation updates.
* Update wikimedia/parsoid to 0.18.0.
* (T351758) DEVELOPERS.md: reword WSL instructions to include best practices.
* (T350615) PoolCounterConnectionManager: Add support for ipv6.
* (T321234) Make MagicWordArray not fail on old revs with broken UTF-8.
* thumb: Fix "PHP Deprecated: strlen(): Passing null to parameter".
* (T344971) Maintenance: Fix RebuildTextIndex.
* (T327007) htmlform: Correct validation for file input field.
== MediaWiki 1.41.0-rc.0 ==
== Upgrading notes for 1.41 ==
Don't forget to always back up your database before upgrading!
See the file UPGRADE for more detailed per-version upgrade instructions from the
oldest supported upgrading version, MediaWiki 1.35.
Some specific notes for MediaWiki 1.41 upgrades are below:
* (T178356) MediaWiki now requires browsers to support ES6 for them to receive
JavaScript, up from ES5. In practice, this primarily means that users of
Internet Explorer 11 (EOL in 2022) will no longer get JavaScript tools.
For notes on 1.40.x and older releases, see HISTORY.
=== Configuration changes for system administrators in 1.41 ===
* $wgGroupPermissions: The 'purge' permission is now considered an
implicit right that can be rate limited, but not revoked. This has
effectively already been the case for a long time, see T291316.
==== New configuration ====
* $wgPrivilegedGroups – Users belonging in some of the listed groups will be
audited more aggressively.
* $wgPageLinksSchemaMigrationStage – This temporary flag lets you control the
migration stage for converting the pagelinks database table into normal form.
* $wgExternalLinksDomainGaps – Can be used by large wikis to optimize certain
external link queries.
* $wgResourceLoaderEnableSourceMapLinks - Add a SourceMap header to
ResourceLoader responses for JavaScript modules (T47514).
* $wgVirtualDomainsMapping - Mapping of virtual domains to other dbs. It's
useful to get connection to the external cluster.
==== Changed configuration ====
* $wgAuthManagerAutoConfig – When using this setting to modify the
authentication system in MediaWiki, the classes
TemporaryPasswordPrimaryAuthenticationProvider,
LocalPasswordPrimaryAuthenticationProvider and
EmailNotificationSecondaryAuthenticationProvider now require
DBLoadBalancerFactory, not DBLoadBalancer, as a service.
* $wgUseFileCache is no longer used for ResourceLoader module caching.
* $wgLBFactoryConf['secret'] has been replaced by $wgChronologyProtectorSecret.
==== Removed configuration ====
* $wgCommentTempTableSchemaMigrationStage – This temporary flag did let you
control the migration stage for the temporary comment database table, from
revision.
* $wgExternalLinksSchemaMigrationStage – This temporary flag did let you
control the migration stage for the externallinks database table.
* $wgParserOutputHooks - This array interacted with
ParserOutput::addOutputHook(), which has been deprecated since 1.38 and was
removed in this release.
=== New user-facing features in 1.41 ===
* Special:RandomPage can now take multiple namespaces in its URL, split by ','.
* The aria-level HTML attribute is now allowed in wikitext by the Sanitizer.
=== New features for sysadmins in 1.41 ===
* $wgDBssl can now enabled in the installer when the database type is
Postgres or MariaDB/MySQL (T335828).
* MWHttpRequest will forward 'tracestate' and/or 'traceparent' headers when
those are present in the original request and $wgAllowExternalReqID is set
to true.
* MultiHttpClient will send X-Request-Id header and additionally will forward
'tracestate' and/or 'traceparent' headers when those are present in the
original request and $wgAllowExternalReqID is set to true.
=== New developer features in 1.41 ===
* Added ForeignResourcesDir extension.json / skin.json attribute, which should
point to the directory holding your foreign-resources.yaml file. See
https://www.mediawiki.org/wiki/Foreign_resources for background.
* Added PrivilegedGroups attribute for extension.json / skin.json, which lets
you add any new user groups you define to wgPrivilegedGroups (see above).
* Added a .gitmessage commit template. To use it, run:
`git config commit.template .gitmessage`
* A new hook, TextSlotDiffRendererTablePrefixHook, has been added to allow
extensions to add content within #mw-content-text but after the
DifferenceEngineViewHeader or DifferenceEngineShowDiffPage hooks have been
run. The new hook is used to add elements within a horizontal display area,
where their order can be explicitly set. Examples of uses for this include
adding the VisualEditor diff-type switch, and the legend for inline diffs that
is displayed if Wikidiff2 is installed.
* validation callbacks for HTMLForm fields can now return Status objects.
HTMLForm::validate will convert good Status instances to true and Status
instances to a string containing a list with the errors.
* ?action=rollback, if successful, will fire core's postEdit JavaScript hook;
for now, we do *not* display a success message to the user via mw.notify(),
as the RollbackAction form's success page is already shown
* MultiHttpClient constructor will accept `headers` property which defines a
set of headers attached to every request performed by the client.
* New `Wikimedia/Http/TelemetryHeadersInterface` interface that provides a
telemetry information which could be attached to HTTP Requests
* Wikimedia/Http/TelemetryHeadersInterface can be passed to MultiHttpClient
via 'telemetry' option.
* UserRegistrationLookup adds support for multiple kinds of registration dates
Extensions providing support for wiki-farm can use this to provide a global
registration date (across all wikis), for example.
* When $wgUseXssLanguage is set to true (enabled by default in
DevelopmentSettings.php), ?uselang=x-xss can be used to easily test
whether all messages are being escaped correctly.
* Html::noticeBox accepts new optional parameters, 'heading' & 'iconClassName'.
'heading' allows to pass an string as title; 'iconClassName' overwrites the
default info icon.
=== External library changes in 1.41 ===
==== New external libraries ====
* Added pinia at v2.0.16.
* Added symfony/polyfill-php81 at v1.28.0.
* Added symfony/polyfill-php82 at v1.28.0.
* Added symfony/polyfill-php83 at v1.28.0.
==== Changed external libraries ====
* Updated codex, codex-design-tokens and codex-icons
from v0.6.2 to v1.0.0.
* Updated guzzlehttp/guzzle from 7.5.0 to 7.5.3.
* Updated jQuery from v3.6.1 to v3.7.0.
* Updated justinrainbow/json-schema from 5.2.12 to v5.2.13.
* Updated Mustache from 3.0.1 to 4.2.0.
* Updated OOjs from 6.0.0 to 7.0.1.
* Updated OOUI from v0.46.3 to v0.48.1.
* Updated pear/mail from 1.5.0 to 1.5.1.
* Updated symfony/polyfill-php82 from v1.27.0 to v1.28.0.
* Updated symfony/yaml from v5.4.17 to v5.4.23.
* Updated wikimedia/bcp-47-code from 1.0.0 to 2.0.0.
* Updated wikimedia/common-passwords from 0.4.0 to 0.5.0.
* Updated wikimedia/composer-merge-plugin from 2.0.1 to 2.1.0.
* Updated wikimedia/html-formatter from 3.0.1 to 4.0.3.
* Updated wikimedia/ip-utils from 4.0.0 to 5.0.0.
* Updated wikimedia/less.php from 4.0.0 to 4.1.1.
* Updated wikimedia/minify from 2.3.0 to 2.5.1.
* Updated wikimedia/remex-html from 3.0.3 to 4.0.1.
* Updated wikimedia/timestamp from 4.1.0 to 4.1.1.
* Updated wikimedia/utfnormal from 3.0.2 to 4.0.0.
===== Changed development-only external libraries =====
* Updated mediawiki/mediawiki-codesniffer from 41.0.0 to 42.0.0.
* Updated mediawiki/mediawiki-phan-config from 0.12.1 to 0.13.0.
==== Removed external libraries ====
* jquery.hoverIntent was removed.
* codex-search was removed, it's part of codex now.
* wikimedia/ip-set was removed, it's part of wikimedia/ip-utils now.
* jquery.color was removed.
* jquery.fullscreen was removed.
* jquery.form was removed.
=== Action API changes in 1.41 ===
* (T322944) `Authorization` was added to the default list of headers
allowed for cross-origin API requests ($wgAllowedCorsHeaders).
=== Languages updated in 1.41 ===
MediaWiki supports over 350 languages. Many localisations are updated regularly.
Below only new and removed languages are listed, as well as changes to languages
because of Phabricator reports.
* (T345807) Added language support for Karekare (kai).
* (T333765) Removed language support for Akan (Ak).
* (T332113) Added language support for Northern Hindko (hno).
* (T333425) Added language support for Iraqi (Mesopotamian) Arabic (acm).
* (T336919) Added language support for Crimean Tatar (Romania) (crh-ro).
* (T338416) Added language support for Betawi (bew).
* (T341545) Added language support for West Coast Bajau (a.k.a. Sama; bdr).
* (T332118) Namespace translations for Angika (anp) were added
* (T341942) The autonym of the Buginese language is changed to the Latin-script
name "Basa Ugi", and the localization in the language code "bug" is now only
in the Latin script. It's possible to add localization in the Lontara script
in translatewiki under the code "bug-bugi".
* (T341943) Main Page name translation was changed from "Leppa Indoë"
to "Watangpola". If you manage a wiki in this language, make sure that
links to the main page are correctly updated. See
https://translatewiki.net/w/i.php?title=Support&oldid=11723654#Change_MediaWiki:Mainpage/bug
=== Breaking changes in 1.41 ===
* Article::doDelete(), deprecated since 1.37, has been removed.
* CommentStore::getStore(), deprecated since 1.31, has been removed.
* Article::getRedirectHeaderHtml() no longer accepts an array as $target.
Passing an array was deprecated in 1.39. (The method itself has also
been deprecated.)
* BagOStuff::addBusyCallback(), deprecated since 1.39, has been removed.
* IExpiringStore has been removed, use either ExpirationAwareness or
StorageAwareness constants instead.
* IDatabase::wasErrorReissuable(), deprecated since 1.40, has been removed.
* IDatabase::lastQuery and IReadableDatabase::lastQuery, deprecated in 1.40,
have been removed.
* Database::queryMulti(), unused, has been removed without deprecation.
The protected Database::doMultiStatementQuery method was removed, and the
protected Database::executeQuery method signature was changed to take
Query object as argument instead of a raw SQL string.
* Database::unionConditionPermutations(), unused, has been removed without
deprecation.
* SimpleSearchResultSetWidget and SimpleSearchResultWidget classes, deprecated
in 1.31, have been removed.
* Database::factory(), deprecated in 1.39, has been removed.
* Calling IDatabase::delete() or IDatabase::update() with empty conditions
has been deprecated since 1.35. This now throws an error.
* Maintenance::shutdown() has been moved over into the MaintenanceRunner class
without deprecation.
* The following DatabasePostgres methods were unused and have been removed:
- ::currentSequenceValue()
- ::triggerExists()
- ::ruleExists()
* The following IDatabase methods were unused and removed without deprecation:
- ::wasLockTimeout()
- ::wasConnectionLoss()
* Database::getTempTableWrites(), previously protected, is now private.
* DatabasePostgres class parameter "keywordTableMap", deprecated since 1.37,
has been removed.
* Database::doUpsert() and ::doReplace() have been removed without deprecation.
Subclasses should override ::upsert() or ::replace() respectively.
* SelectQueryBuilder::lockForUpdate(), deprecated in 1.40 and unused,
has been removed without hard deprecation.
* TransactionProfiler::setSilenced() deprecated in 1.40, has been removed.
* ILoadBalancer::closeConnection, unused, has been removed without deprecation.
* ILoadBalancer::waitFor, unused, has been removed without deprecation.
* ILBFactory::resolveDomainID and ::getChronologyProtectorTouched, unused,
have been removed without deprecation.
* The following methods have been moved from ILoadBalancer to
ILoadBalancerForOwner:
- ::redefineLocalDomain()
- ::hasPrimaryConnection()
- ::setIndexAliases()
* LBFactory::makeCookieValueFromCPIndex() and ::getCPInfoFromCookieValue()
has been moved to ChronologyProtector class without backward compatability
as they are not supposed to be used outside of core.
* MWHttpRequest::factory(), deprecated since 1.34, has been removed.
* The Http class, deprecated since 1.34, with the functions ::request(),
::get(), ::post(), ::userAgent(), ::isValidURI(), ::getProxy(),
::createMultiClient() have been removed.
* WikiPage::factory(), ::newFromID() and ::newFromRow, deprecated in 1.36,
have been removed.
* Maintenance::$mArgList, ::shouldExecute(), ::setAgentAndTriggers(),
::adjustMemoryLimit(), ::globals(), and ::loadSettings() have been removed.
* The GenericArrayObject class, deprecated in 1.40,
has been removed.
* The $replace parameter has been removed from HookContainer::scopedRegister.
This parameter was unused outside core, and the functionality was intended
for testing.
* PrevNextNavigationRenderer class, deprecated in 1.39,
has been removed.
* class alias MediaWiki\User\WatchlistNotificationManager, deprecated in 1.36,
has been removed.
* MediaWikiServices::getWatchlistNotificationManager(), deprecated in 1.36,
has been removed.
* Interface MediaWiki\Hook\ParserTestTablesHook, deprecated in 1.36,
has been removed.
* The NewPagesLineEndingHook now takes NewPagesPager instead of
SpecialNewpages as first argument.
* The following methods in the Title class, deprecated since 1.37, have been
removed:
- ::areCascadeProtectionSourcesLoaded()
- ::areRestrictionsCascading()
- ::areRestrictionsLoaded()
- ::getAllRestrictions()
- ::getCascadeProtectionSources()
- ::getFilteredRestrictionTypes()
- ::getRestrictionExpiry()
- ::getRestrictionTypes()
- ::getRestrictions()
- ::isCascadeProtected()
- ::isProtected()
- ::isSemiProtected()
- ::loadRestrictionsFromRows()
* Global function wfShowingResults, deprecated in 1.40, has been removed.
* Global function wfClearOutputBuffers, deprecated in 1.36, has been removed.
* LinkBatch::__construct() now requires that all parameters be passed. The
fallback to MediaWikiServices emitted deprecation notices since 1.35.
* The methods IndexPager::getPagingLinks(), IndexPager::getLimitLinks() and
IndexPager::buildPrevNextNavigation(), deprecated in 1.39,
have been removed.
* Overriding the method IndexPager::makeLink(), deprecated in 1.39,
is no longer possible.
* MagicWordFactory::getCacheTime() is deprecated and returns -1.
* Various mediawiki.less mediawiki.ui variables, deprecated in 1.35, have been
removed. See also below that the remaining mediawiki.ui variables are now also
deprecated.
* Calling getId() on an AbstractBlock from the wrong wiki, deprecated since
1.38, now throws an exception.
* SQLite no longer supports raw MySQL queries.
* The following functions from the mediawiki.mixins Less import, deprecated
since 1.37, have been removed: .transition(), .transition-transform(),
.transform() and .transform-origin().
* Support was dropped for skins with paths relative to core which has been
sending deprecation notices since 1.37. The skin `templateDirectory` key
should now always be relative to the skin.
* The Skin public thisquery property was removed without deprecation. Only
one skin was known to use it and that has been patched accordingly.
* The jquery.tipsy module, deprecated since 1.28, has now been removed.
* NamespaceInfo::getRestrictionLevels(), deprecated in 1.34, has been removed.
Use PermissionManager::getNamespaceRestrictionLevels() instead.
* Proto-relative external links are now stored and indexed only as HTTPS
instead of two rows, one for HTTP and one for HTTPS.
* MediaWikiIntegrationTestCase::getTestUser(), ::getTestSysop(), and
::getMutableTestUser() have been made protected and non-static.
* MediaWikiIntegrationTestCase::$supportedDBs has been changed to a private
constant.
* MediaWikiIntegrationTestCase::addCoreDBData() has been deprecated. The method
is now a no-op and is no longer called. Tests should create the fixtures
they need.
* Saving preferences for a temporary user now throws an error (e.g. via
UserOptionsManager::saveOptions)
* ApiQuery::getNamedDB() and ApiQueryBase::selectNamedDB(), deprecated in
1.39, have been removed.
* ChangeTags::addTagsAccompanyingChangeWithChecks() and
ChangeTags::undefineTag() unused everywhere, have been removed without
deprecation.
* Usage of MediaWiki::preOutputCommit() with the $postCommitWork arg has been
dropped. It's no longer used.
* SkinTemplateNavigation and SkinTemplateNavigation::SpecialPage hooks,
deprecated in 1.39, have been removed.
* The PersonalUrls hook, deprecated in 1.39, has been removed.
* OutputPage::getCSPNonce(), soft deprecated in 1.35, now emits deprecation
warnings.
* Support of the third parameter of LogEventsListGetExtraInputs hook,
deprecated since 1.32, has been removed.
* JobSpecification::getTitle(), deprecated in 1.37, has been removed.
* The module mw.ui.anchor has been removed. Projects that need it should
maintain a local copy or use the Codex link mixin. More information
at T235961.
* ParsoidCachePrewarmJob::newSpec() now requires a PageRecord as the second
parameter instead of a page ID.
* Public access to the DifferenceEngine properties mOldid, mNewid, mOldRev,
mNewRev, mOldPage, mNewPage, mOldContent, mNewContent, mRevisionsLoaded,
mTextLoaded and mCacheHit, deprecated in 1.32, was removed.
* SearchDatabase::db, deprecated since 1.38, has been removed.
* SearchDatabase::lb has been removed without deprecation, use ::dbProvider
instead.
* StreamFile::STREAM_HEADLESS and StreamFile::STREAM_ALLOW_OB, deprecated
in 1.34, have been removed.
* AbstractAuthenticationProvider::setLogger(), ::setManager(), ::setConfig()
and ::setHookContainer() have been removed and also from it's related
interface, AuthenticationProvider. The corresponding properties are set in
AbstractAuthenticationProvider::init(). For side effects, you can override
AbstractAuthenticationProvider::postInitSetup().
* Title::newFromTitleValue(), deprecated since 1.34, has been removed.
* Parser::OT_MSG, related to OT_MSG(3) MediaWiki constant, parameter for
starting external parse has been dropped. This was kept since 2008 for B/C
only and no longer used. Use instead Parser::OT_PREPROCESS as the
replacement.
* SpecialPageAction has been removed without deprecation. There were no known
uses outside of core.
* ConfigRepository::getValueOf() has been removed without deprecation. This
method was introduced and never used for a long time now.
* BacklinkCache::get(), ::getLinks(), ::getCascadeProtectedLinks() which
emitted deprecation warnings has no usage left. It has been removed.
* The following constants and methods in the Language class, hard deprecated
since 1.40, have been removed:
- ::ALL
- ::SUPPORTED
- ::MESSAGES_FALLBACKS
- ::STRICT_FALLBACKS
- ::factory()
- ::isSupportedLanguage()
- ::isWellFormedLanguageTag()
- ::isValidCode()
- ::isValidBuiltInCode()
- ::isKnownLanguageTag()
- ::getLocalisationCache()
- ::fetchLanguageNames()
- ::fetchLanguageName()
- ::getConverter()
- ::autoConvert()
- ::autoConvertToAllVariants()
- ::convert()
- ::convertNamespace()
- ::hasVariants()
- ::hasVariant()
- ::convertHtml()
- ::convertCategoryKey()
- ::getVariants()
- ::getPreferredVariant()
- ::getDefaultVariant()
- ::getURLVariant()
- ::getExtraHashOptions()
- ::getParentLanguage()
- ::getFileName()
- ::getMessagesFileName()
- ::getJsonMessagesFileName()
- ::getFallbackFor()
- ::getFallbacksFor()
- ::getFallbacksIncludingSiteLanguage()
- ::getMessagesFor()
- ::getMessageFor()
- ::getMessageKeysFor()
- ::getConvRuleTitle()
* The parameter noSeparators to Language::formatNum, deprecated since 1.36,
has been removed. Use Language::formatNumNoSeparators instead.
* The following methods in the ParserOutput class, deprecated since 1.38, have
been removed:
- ::addOutputHook()
- ::addTrackingCategory()
- ::addWarning()
- ::getCategoryLinks()
- ::getOutputHooks()
- ::getProperties()
- ::getProperty()
- ::hasDynamicContent()
- ::hideNewSection()
- ::preventClickjacking()
- ::setCategoryLinks()
- ::setProperty()
- ::unsetProperty()
* OutputPage::allowClickjacking() and ::preventClickjacking(), deprecated
since 1.38, have been removed.
* ResourceFileCache has been removed without deprecation. There were no known
uses outside of core.
* Many LocalisationCache constants, properties and methods that have no known
usage outside of the class have been made private without deprecation.
* User::idFromName(), deprecated in 1.37, has been removed. Instead, you should
use UserIdentityLookup::getUserIdentityByName().
* User::incEditCount(), deprecated in 1.37, has been removed. Instead, use
UserEditTracker::incrementUserEditCount().
* Article::getTimestamp(), deprecated in 1.35, has been removed. Use WikiPage's
or RevisionRecord's version of this method instead.
* ActionFactory::actionExists(), deprecated since 1.38, has been dropped.
* Action::exists(), deprecated since 1.38, has been dropped.
* ContentHandler::getForTitle(), deprecated since 1.35, has been dropped.
* LockManagerGroup::getDefault() and ::getAny(), deprecated since 1.35, have
been dropped.
* BaseTemplate::getToolbox(), deprecated since 1.35, has been dropped. To add
items to the toolbox, use the SidebarBeforeOutput hook. To get the toolbox,
subclasses can use $this->data['sidebar']['TOOLBOX'].
* IndexPager::getHookContainer(), deprecated since 1.40, has been removed. You
should instead inject a HookContainer into your code.
* Not specifying a manifest_version in your extension.json or skin.json file,
deprecated since 1.26 and emitting warnings since 1.29, is no longer supported
with a fallback; it will now have unspecified behaviour.
* RecentChange::getEngine(), deprecated since 1.29, has been removed. Use
RCFeed::factory() instead.
* EditPage::showEditForm() no longer respects the $formCallback parameter, which
was deprecated in 1.25. Use the EditPage::showEditForm:fields hook instead.
* The following properties in EditPage, deprecated in 1.38, were made private:
- $mArticle
- $mTitle
- $isNew
- $allowBlankArticle
- $selfRedirect
- $allowSelfRedirect
- $diff
- $undoAfter
- $edit
- $contentLength
* EditPage::addNewLineAtEnd(), deprecated since 1.38, was removed.
* AuthManager::checkAccountCreatePermissions(), deprecated in 1.39, has been
removed. Use authorizeCreateAccount() or probablyCanCreateAccount() instead.
* LinkCache::addGoodLinkObj(), deprecated in 1.37, has been removed. You should
use ::addGoodLinkObjFromRow().
* Constructing TextConflictHelper without a ContentHandlerFactory, deprecated
since 1.35, will now trigger a type error.
* JobQueue::getWiki(), deprecated in 1.33, has been removed.
* ManualLogEntry::setTags(), deprecated in 1.33, has been removed.
* WikiPage::getDeletionUpdates(), deprecated in 1.37, has been removed.
* ResourceLoader\Context::getConfig(), deprecated in 1.34, has been removed.
* When creating a SearchUpdate instance, passing a non-Content string or Boolean
as the $c parameter, deprecated since 1.34, will now trigger type errors.
* SkinTemplate::getNameSpaceKey(), deprecated in 1.35, has been dropped. Instead
you should use Title::getNamespaceKey().
* The AddNewAccount hook, deprecated since 1.27, will now trigger deprecation
warnings. You should use the LocalUserCreated hook instead.
* The PrefixSearchBackend hook, deprecated since 1.27, will now trigger
deprecation warnings. Override SearchEngine::completionSearchBackend instead.
* PrefixSearch::validateNamespaces(), completely unused everywhere, has been
removed without deprecation.
* BaseTemplate::getTrail() and ::printTrail(), deprecated since 1.39, have been
dropped.
* Passing a second query parameter to Title::getFullURL(), Title::getLocalURL(),
Title::getInternalURL(), or Title::getCanonicalURL(), each deprecated in 1.19,
is now not supported. Pass it as a key,value pair in the first parameter array
instead.
* Title::getBacklinkCache(), deprecated since 1.37, has been dropped. Instead,
use BacklinkCacheFactory::getBacklinkCache().
* Title::newFromIDs and TitleFactory::newFromIDs, deprecated in 1.38, have been
dropped; use a PageStore QueryBuilder instead.
* Title::getSelectFields(), deprecated since 1.36, has been dropped. You can use
PageStore::newSelectQueryBuilder() instead.
* Title::getTouched() will now trigger an error if you pass it an instance of
IDatabase rather than a READ_XXX constant. This legacy behaviour has been
deprecated since 1.38.
* User::getGroupPermissions(), getGroupsWithPermission() & groupHasPermission(),
all of which were deprecated since 1.34, have been removed. Instead, use the
GroupPermissionsLookup service.
* Similarly, PermissionManager::getGroupPermissions(), getGroupsWithPermission()
& groupHasPermission(), all of which were deprecated since 1.36, have also
been removed. Instead, use the GroupPermissionsLookup service.
* The following old, deprecated aliases for classes in the RDBMS layer, have now
been removed:
- DBConnRef (use Wikimedia\Rdbms\DBConnRef)
- Database (use Wikimedia\Rdbms\Database)
- DatabaseBase (use Wikimedia\Rdbms\Database)
- DatabaseMysqlBase (use Wikimedia\Rdbms\DatabaseMySQL)
- DatabaseMysqli (use Wikimedia\Rdbms\DatabaseMySQL)
- DatabasePostgres (use Wikimedia\Rdbms\DatabasePostgres)
- DatabaseSqlite (use Wikimedia\Rdbms\DatabaseSqlite)
- IDatabase (use Wikimedia\Rdbms\IDatabase)
- FakeResultWrapper (use Wikimedia\Rdbms\FakeResultWrapper)
- ResultWrapper (use Wikimedia\Rdbms\ResultWrapper)
* The following old, deprecated aliases for classes have now been removed:
- MediaWiki\Rest\Handler\HtmlInputTransformHelper
- MediaWiki\Rest\Handler\HtmlMessageOutputHelper
- MediaWiki\Rest\Handler\HtmlOutputRendererHelper
- MediaWiki\Rest\Handler\PageContentHelper
- MediaWiki\Rest\Handler\PageRestHelperFactory
- MediaWiki\Rest\Handler\ParsoidFormatHelper
- MediaWiki\Rest\Handler\RevisionContentHelper
(use the classes from namespace MediaWiki\Rest\Handler\Helper)
- SearchNearMatcher (use MediaWiki\Search\TitleMatcher)
* $CHANGEDORCREATED argument of 'enotif_body' message was removed.
It wasn't used in the default messages since 1.21.
* The AbstractBlock and DatabaseBlock public properties mExpiry, mHideName,
mTimestamp, mAuto and mParentBlockId, deprecated since 1.34, have been
removed.
* WikiPage::doDeleteUpdates() and ::getDeletionUpdates(), deprecated in 1.37,
have been removed.
* The User public properties mOptions, mBlock, mBlockedby and mHideName,
deprecated since 1.35, were removed.
* User::CHECK_USER_RIGHTS and User::IGNORE_USER_RIGHTS were removed. They were
flags passed to methods which were previously removed.
* All public properties of LinksUpdate, deprecated in 1.38, were removed.
* The class Wikimedia\Rdbms\MySQLMasterPos, deprecated in 1.37, has been
removed. Use Wikimedia\Rdbms\MySQLPrimaryPos instead.
* The class GetBlockErrorMessageKey, deprecated in 1.40, has been removed.
* The ability to set Parser::mTitle to null, deprecated in 1.34, was removed.
* The following MagicWord methods have been removed without deprecation. There
were no known uses.
- ::addToArray
- ::compareStringLength
- ::getVariableRegex
- ::getVariableStartToEndRegex
- ::getWasModified
- ::matchStart
- ::matchVariableStartToEnd
- ::pregRemoveAndRecord
- ::substituteCallback
* The following MagicWordArray methods have been removed or made private without
deprecation. There were no known uses outside of the class.
- ::addArray
- ::getRegex, already marked as @internal, now private
- ::getRegexStart, already marked as @internal, now private
- ::getVariableRegex, deprecated since 1.36
- ::getVariableStartToEndRegex, already marked as @internal, now private
- ::parseMatch, now private
* AbstractContent::getRedirectChain() and ::getUltimateRedirectTarget(), both
deprecated in 1.38, have been removed.
=== Deprecations in 1.41 ===
* The MessageCache::get hook is deprecated for performance reasons. Use
MessageCacheFetchOverrides instead.
* EtcdConfig::setLogger() is deprecated as it was unused and could not be
used correctly. As a standalone class, its warnings now surface
unconditionally via the native PHP error log.
* The interface for hook ParserModifyImageHTML have been renamed from
ParserModifyImageHTML to ParserModifyImageHTMLHook,
the old name is deprecated.
* (T178356) The es6-polyfills module is deprecated and is now a no-op.
* SerializedValueContainer::newUnified() is unused and now emits deprecation
warnings.
* Profiler::setProfileID() and ::getAllowOutput() are now deprecated and also
emit deprecation warnings. For ::setProfileID(), override the related class
member directly in sub-class.
* (T166010) All PHP code in MediaWiki is slowly being moved to be in a class
namespace as appropriate, so that we can use PSR-4 auto-loading, which will
speed up general code loading of MediaWiki. The old global namespace class
names are being left behind as deprecated aliases.
In this release of MediaWiki, 1661 classes now have a namespace and 972 do
not yet (63% done, up from 54% in MediaWiki 1.40.0). The following have newly
been moved:
- MediaWiki\Config:
- Config
- ConfigException
- ConfigFactory
- EtcdConfig
- EtcdConfigParseError
- GlobalVarConfig
- HashConfig
- MultiConfig
- MutableConfig
- SiteConfiguration
- MediaWiki\EventRelayer:
- EventRelayer
- EventRelayerNull
- EventRelayerGroup
- MediaWiki\Installer:
- Pingback
- MediaWiki\Libs:
- Emptiable
- MediaWiki\Output:
- OutputPage
- OutputHandler
- StreamFile
- MediaWiki\Pager:
- ActiveUsersPager
- AllMessagesTablePager
- AlphabeticPager
- BlockListPager
- CategoryPager
- ContribsPager
- DeletedContribsPager
- HistoryPager
- ImageListPager
- IndexPager
- LogPager
- MergeHistoryPager
- NewFilesPager
- NewPagesPager
- Pager
- PagerTools
- ProtectedPagesPager
- ProtectedTitlesPager
- RangeChronologicalPager
- ReverseChronologicalPager
- TablePager
- UsersPager
- MediaWiki\Parser:
- Sanitizer
- MediaWiki\Request:
- ProxyLookup
- WebRequest
- MediaWiki\SiteStats:
- SiteStats
- SiteStatsInit
- MediaWiki\Specials:
- SpecialActiveUsers
- SpecialAllMessages
- SpecialAncientPages
- SpecialApiHelp
- SpecialApiSandbox
- SpecialAutoblockList
- SpecialBlankpage
- SpecialBlock
- SpecialBlockList
- SpecialBookSources
- SpecialBotPasswords
- SpecialBrokenRedirects
- SpecialCategories
- SpecialChangeContentModel
- SpecialChangeCredentials
- SpecialChangeEmail
- SpecialChangePassword
- SpecialComparePages
- SpecialConfirmEmail
- SpecialContribute
- SpecialContributions
- SpecialCreateAccount
- SpecialDeadendPages
- SpecialDeletePage
- SpecialDeletedContributions
- SpecialDiff
- SpecialDoubleRedirects
- SpecialEditPage
- SpecialEditTags
- SpecialEditWatchlist
- SpecialEmailInvalidate
- SpecialEmailUser
- SpecialExpandTemplates
- SpecialExport
- SpecialFewestRevisions
- SpecialFileDuplicateSearch
- SpecialFilepath
- SpecialGoToInterwiki
- SpecialImport
- SpecialJavaScriptTest
- SpecialLinkAccounts
- SpecialLinkSearch
- SpecialListDuplicatedFiles
- SpecialListFiles
- SpecialListGrants
- SpecialListGroupRights
- SpecialListRedirects
- SpecialListUsers
- SpecialLockdb
- SpecialLog
- SpecialLonelyPages
- SpecialLongPages
- SpecialMIMESearch
- SpecialMediaStatistics
- SpecialMergeHistory
- SpecialMostCategories
- SpecialMostInterwikis
- SpecialMostLinked
- SpecialMostLinkedCategories
- SpecialMostLinkedTemplates
- SpecialMostRevisions
- SpecialMute
- SpecialMyLanguage
- SpecialNewFiles
- SpecialNewPages (and capitalisation corrected)
- SpecialNewSection
- SpecialPageData
- SpecialPageHistory
- SpecialPageInfo
- SpecialPageLanguage
- SpecialPagesWithProp
- SpecialPasswordPolicies
- SpecialPasswordReset
- SpecialPermanentLink
- SpecialPreferences
- SpecialPrefixIndex (and capitalisation corrected)
- SpecialProtectedPages (and capitalisation corrected)
- SpecialProtectedTitles (and capitalisation corrected)
- SpecialProtectPage
- SpecialPurge
- SpecialRandomInCategory
- SpecialRandom
- SpecialRandomRedirect
- SpecialRandomRootPage
- SpecialRecentChanges
- SpecialRecentChangesLinked
- SpecialRedirect
- SpecialRedirectToSpecial
- SpecialRemoveCredentials
- SpecialRenameUser (and capitalisation corrected)
- SpecialResetTokens
- SpecialRevisionDelete
- SpecialRunJobs
- SpecialSearch
- SpecialShortPages
- SpecialSpecialPages (and capitalisation corrected)
- SpecialStatistics
- SpecialTags
- SpecialTrackingCategories
- SpecialUnblock
- SpecialUncategorizedCategories
- SpecialUncategorizedImages
- SpecialUncategorizedPages
- SpecialUncategorizedTemplates
- SpecialUndelete
- SpecialUnlinkAccounts
- SpecialUnlockdb
- SpecialUnusedCategories
- SpecialUnusedImages
- SpecialUnusedTemplates
- SpecialUnwatchedPages
- SpecialUpload
- SpecialUploadStash
- SpecialUserLogin
- SpecialUserLogout
- SpecialVersion
- SpecialWantedCategories
- SpecialWantedTemplates
- SpecialWatchlist
- SpecialWhatLinksHere
- SpecialWithoutInterwiki
- MediaWiki\Specials\Redirects:
- SpecialAllMyUploads
- SpecialListAdmins
- SpecialListBots
- SpecialMycontributions
- SpecialMylog
- SpecialMypage
- SpecialMytalk
- SpecialMyuploads
- MediaWiki\SpecialPage:
- AuthManagerSpecialPage
- ChangesListSpecialPage
- DisabledSpecialPage
- FormSpecialPage
- ImageQueryPage
- IncludableSpecialPage
- LoginSignupSpecialPage
- PageQueryPage
- QueryPage
- RedirectSpecialArticle
- RedirectSpecialPage
- SpecialPage
- SpecialRedirectToSpecial
- SpecialRedirectWithAction
- UnlistedSpecialPage
- WantedQueryPage
- MediaWiki\Status:
- Status
- MediaWiki\Title:
- ForeignTitle
- ForeignTitleFactory
- ImportTitleFactory
- MalformedTitleException
- MediaWikiTitleCodec
- NaiveForeignTitleFactory
- NaiveImportTitleFactory
- NamespaceAwareForeignTitleFactory
- NamespaceImportTitleFactory
- NamespaceInfo
- SubpageImportTitleFactory
- TitleFormatter
- TitleParser
- TitleValue
- MediaWiki\User:
- BotPassword
- ExternalUserNames
- LoggedOutEditToken
- PasswordReset
- User
- UserArray
- UserArrayFromResult
- UserGroupMembership
- UserRightsProxy
- MediaWiki\User\CentralId:
- CentralIdLookup
- LocalIdLookup
- MediaWiki\Utils:
- MWTimestamp
- GitInfo
- ExtensionInfo (previously under MediaWiki\ExtensionInfo)
- Wikimedia\Rdbms:
- ConfiguredReadOnlyMode
- ReadOnlyMode
* Various mediawiki.ui variables have been deprecated in favor of
'mediawiki.skin.variables.less' Codex design tokens featuring replacements.
* Hook handlers must now be specified either as a PHP callable, or as a PHP
object that has a method matching the hook name. Other ways to specify
the handler are deprecated and will soon be removed. Deprecated ways to
specify a hook handler include callables wrapped in an array. Handlers
defined using a "HookHandlers" entry in extension.json are not affected.
* TitleArray::newFromResult() has been deprecated and now emits deprecation
warnings, use TitleArrayFromResults instead.
* The MediaWikiIntegrationTestCase::$users has been deprecated. Use Authority
if possible, or call ::getTestUser() or ::getTestSysop() directly.
* WebRequest::isSafeRequest() and ::markAsSafeRequest() has been deprecated
and now emits deprecation warnings. Use ::hasSafeMethod() instead.
* The tests/phpunit/phpunit.php entrypoint has been deprecated. PHPUnit
tests should be run with composer, for example with the
`composer phpunit:entrypoint` command.
* The unnamespace UserNamePrefixSearch class, deprecated in 1.36, now emits
deprecation warnings. Use the MediaWiki\User\UserNamePrefixSearch service.
* The jquery.cookie ResourceLoader module has been merged into the existing
mediawiki.cookie module; jquery.cookie remains but is deprecated.
* Passing a database to DatabaseBlockStore::insertBlock() is deprecated.
DatabaseBlockStoreFactory should be used to fetch a correct
DatabaseBlockStore instead.
* The global function wfGetLangObj is deprecated and emits deprecation
warnings. Use MediaWiki\Languages\LanguageFactory::getLanguage instead.
* The SwiftVirtualRESTService class is deprecated in 1.41 and now emits
deprecation warnings.
* SqlBagOStuff::expireAll() is deprecated and now emits deprecation warnings,
use SqlBagOStuff::deleteObjectsExpiringBefore() instead.
* SqlBagOStuff::deleteAll() is deprecated and now emits deprecation warnings.
* Passing an actor id to the UserIdentityValue constructor is now emits
deprecation warnings, it is deprecated since 1.36.
* UserGroupMembership::getGroupName(), deprecated in 1.38, and
UserGroupMembership::getGroupMemberName(), deprecated in 1.40, now emit
deprecation warnings.
* UserGroupMembership::getLink() has been deprecated in favour of
::getLinkHTML() and ::getLinkWiki().
* Linker::formatComment(), ::formatLinksInComment(), ::commentBlock() and
::revComment(), deprecated in 1.38, now emit deprecation warnings.
* PageArchive::listRevisions(), ::getRevisionRecordByTimestamp(),
::getArchivedRevisionRecord(), ::getPreviousRevisionRecord(),
::getLastRevisionId() and ::isDeleted(), deprecated in 1.38,
now emit deprecation warnings.
* SearchResultThumbnail::getSize() has been deprecated to be dropped in the
future as it is resource intensive and degrades performance.
* The EmailUserPermissionsErrors and UserCanSendEmail hooks have been
deprecated in favour of the EmailUserAuthorizeSend hook.
* The EmailUser hook has been deprecated in favour of the EmailUserSendEmail
hook.
* The InterwikiLoadPrefix hook now emits deprecation warnings. Resetting the
$wgInterwikiCache setting instead.
* SiteConfiguration::getConfig() now emits deprecation warnings, Use ::get()
instead.
* SiteConfiguration::extractVar() and ::extractGlobal() have been deprecated
and also emit deprecation warnings.
* JobQueueGroup::waitForBackups() is deprecated. JobQueue::waitForBackups()
should be used instead.
* Hooks::isRegistered(), ::getHandlers(), ::run() and ::runWithoutAbort(),
deprecated in 1.35, now emit deprecation warnings.
* VirtualRESTService class and its subclasses now emit deprecation warnings
in 1.41 and as a replacement we can use MultiHttpClient.
* Calling the MediaWikiServices::getVirtualRESTServiceClient() function
which creates the VirtualRESTServiceClient now emits deprecation warnings.
* Language::getMessage and Language::getAllMessages are deprecated. Use
LocalisationCache or MessageCache as appropriate.
* VirtualRESTService class is deprecated in 1.41 and as a replacement
we can use MultiHttpClient.
* MediaWikiServices::getConfiguredReadOnlyMode() is deprecated. Use
::getReadOnlyMode() instead. ReadOnlyMode::getConfiguredReason()
and ::isConfiguredReadOnly() has been added to support that.
* UploadBase::isThrottled() has been deprecated and is emitting deprecation
warnings. Rate limits are enforced by UploadBase::verifyTitlePermissions(),
since rate limit checks are now implicit in permission checks.
* JobSpecification::toSerializableArray() now emits deprecation warnings.
* The following skin methods were deprecated:
- Skin::makeSpecialUrl (use Title or Special class instead)
- Skin::makeSpecialUrlSubpage (use Title or Special class instead)
* mw.jqueryMsg.parser, deprecated in 1.31, now emits deprecation warnings.
* ResourceLoader (T127268): The targets system is deprecated. Modules that
have been marked as desktop or mobile only are no longer supported and
will send deprecation warnings.
* TextSlotDiffRenderer::setLanguage() is deprecated, and calling it will
have no effect. Use ContentHandler::getSlotDiffRenderer(), or in subclasses,
ContentHandler::createTextSlotDiffRenderer(), to correctly inject
dependencies into TextSlotDiffRenderer.
* The static methods encodeJsVar() and encodeJsCall() have been moved from the
Xml class to the more appropriate MediaWiki\Html\Html one, and the old ones
are now deprecated.
* Some work to rename classes was done in previous releases, but the renaming
was not noted at the time. The old aliases work for now but are deprecated;
this is now explicitly noted:
From 1.40:
- Category -> MediaWiki\Category\Category
- CategoriesRdf -> MediaWiki\Category\CategoriesRdf
- CategoryViewer -> MediaWiki\Category\CategoryViewer
- TrackingCategories -> MediaWiki\Category\TrackingCategories
- CommentStore -> MediaWiki\CommentStore\CommentStore
- CommentStoreComment -> MediaWiki\CommentStore\CommentStoreComment
- EditPage -> MediaWiki\EditPage\EditPage
- TemplatesOnThisPageFormatter
-> MediaWiki\EditPage\TemplatesOnThisPageFormatter
- LinkFilter -> MediaWiki\ExternalLinks\LinkFilter
- AtomFeed -> MediaWiki\Feed\AtomFeed
- ChannelFeed -> MediaWiki\Feed\ChannelFeed
- FeedItem -> MediaWiki\Feed\FeedItem
- FeedUtils -> MediaWiki\Feed\FeedUtils
- RSSFeed -> MediaWiki\Feed\RSSFeed
- Html -> MediaWiki\Html\Html
- FormOptions -> MediaWiki\Html\FormOptions
- HtmlHelper -> MediaWiki\Html\HtmlHelper
- ListToggle -> MediaWiki\Html\ListToggle
- TemplateParser -> MediaWiki\Html\TemplateParser
- RawMessage -> MediaWiki\Language\RawMessage
- FileDeleteForm -> MediaWiki\Page\File\FileDeleteForm
- MergeHistory -> MediaWiki\Page\File\MergeHistory
- MovePage -> MediaWiki\Page\File\MovePage
- ProtectionForm -> MediaWiki\Page\File\ProtectionForm
- MediaWiki\BadFileLookup -> MediaWiki\Page\File\BadFileLookup
- PageProps -> MediaWiki\Page\PageProps
- MagicWord -> MediaWiki\Parser\MagicWord
- MagicWordArray -> MediaWiki\Parser\MagicWordArray
- MagicWordFactory -> MediaWiki\Parser\MagicWordFactory
- Linker -> MediaWiki\Linker\Linker
- DummyLinker -> MediaWiki\Linker\DummyLinker
- ForkController -> MediaWiki\Maintenance\ForkController
- OrderedStreamingForkController
-> MediaWiki\Maintenance\OrderedStreamingForkController
- ContentSecurityPolicy -> MediaWiki\Request\ContentSecurityPolicy
- DerivativeRequest -> MediaWiki\Request\DerivativeRequest
- FauxRequest -> MediaWiki\Request\FauxRequest
- FauxRequestUpload -> MediaWiki\Request\FauxRequestUpload
- PathRouter -> MediaWiki\Request\PathRouter
- WebRequestUpload -> MediaWiki\Request\WebRequestUpload
- FauxResponse -> MediaWiki\Request\FauxResponse
- WebResponse -> MediaWiki\Request\WebResponse
- MediaWiki\HeaderCallback -> MediaWiki\Request\HeaderCallback
- StubObject -> MediaWiki\StubObject\StubObject
- DeprecatedGlobal -> MediaWiki\StubObject\DeprecatedGlobal
- StubGlobalUser -> MediaWiki\StubObject\StubGlobalUser
- StubUserLang -> MediaWiki\StubObject\StubUserLang
- Title -> MediaWiki\Title\Title
- TitleArray -> MediaWiki\Title\TitleArray
- TitleArrayFromResult -> MediaWiki\Title\TitleArrayFromResult
- TitleFactory -> MediaWiki\Title\TitleFactory
- ActorMigration -> MediaWiki\User\ActorMigration
- ActorMigrationBase -> MediaWiki\User\ActorMigrationBase
- WikiMap -> MediaWiki\WikiMap\WikiMap
- WikiReference -> MediaWiki\WikiMap\WikiReference
From 1.39:
- ResourceLoader -> MediaWiki\ResourceLoader\ResourceLoader
From 1.29:
- IMaintainableDatabase -> Wikimedia\Rdbms\IMaintainableDatabase
* The WebRequest::getRequestId() and WebRequest::overrideRequestId() are
deprecated. Use methods from MediaWiki\Http\Telemetry class instead.
* The XmlJsCode wrapper class has been renamed to MediaWiki\Html\HtmlJsCode,
and the old name is now deprecated.
* The use of non-serializable arguments to ParserOutput::addWarningMsg() has
been deprecated and will emit deprecation warnings.
* Class UserRightsProxy, deprecated since 1.38, now emits
deprecation warnings from its factory functions.
* MediaWiki\ResourceLoader\Module::getDeprecationInformation() is deprecated.
Use ::getDeprecationWarning() instead.
* Passing a Message to OutputPage::setPageTitle() is deprecated.
Use ::setPageTitleMsg() instead (which escapes HTML metacharacters).
* Passing arguments to OutputPage::prepareErrorPage() is deprecated.
Use explicit calls to OutputPage::setPageTitleMsg() and ::setHTMLTitle()
instead.
* Returning a string from Action::getPageTitle() is deprecated;
return a Message instead, which will be formatted using FORMAT_ESCAPED.
* Returning a string from SpecialPage::getDescription() is deprecated;
return a Message instead, which will be formatted using FORMAT_ESCAPED.
* MediaWiki\Block\AbstractBlock::getReason(), deprecated since 1.35, now emits
deprecation warnings. Use ::getReasonComment() instead.
* User::getGroups(), ::addGroup(), ::removeGroup(), ::getGroupMemberships(),
::getAllGroups(), ::getImplicitGroups(), deprecated since 1.35, now emit
deprecation warnings.
* The global function wfReportTime(), deprecated since 1.40, now emits
deprecation warnings. The SkinTemplate parameter 'reporttime' is deprecated.
* RevisionStore::getQueryInfo() and RevisionFactory::getQueryInfo() have been
deprecated. Use ::newSelectQueryBuilder() instead.
* Following methods in rdbms library have been made internal:
- IDatabase::getLBInfo()
- IDatabase::setLBInfo()
- IDatabase::insert() Use InsertQueryBuilder instead.
- IDatabase::update() Use UpdateQueryBuilder instead.
- IDatabase::replace() Use ReplaceQueryBuilder instead.
- IDatabase::upsert() Use InsertQueryBuilder instead.
- IDatabase::delete() Use DeleteQueryBuilder instead.
- IReadableDatabase::selectField() Use SelectQueryBuilder instead.
- IReadableDatabase::selectFieldValues() Use SelectQueryBuilder instead.
- IReadableDatabase::select() Use SelectQueryBuilder instead.
- IReadableDatabase::selectRow() Use SelectQueryBuilder instead.
- IReadableDatabase::estimateRowCount() Use SelectQueryBuilder instead.
- IReadableDatabase::selectRowCount() Use SelectQueryBuilder instead.
- ISQLPlatform::unionQueries() Use UnionQueryBuilder instead.
* The core Wikimedia\Rdbms\DatabaseMysqlBase class has been renamed to reflect
the earlier merger of Mysqli into it; it's now Wikimedia\Rdbms\DatabaseMySQL.
* The following methods in SpecialEmailUser have been deprecated:
- SpecialEmailUser::validateTarget(), use EmailUser::validateTarget()
- SpecialEmailUser::getPermissionsError(), use EmailUser::canSend() or
EmailUser::authorizeSend()
- SpecialEmailUser::submit(), use EmailUser::sendEmailUnsafe()
* User::isBlockedFromEmailuser() has been deprecated. EmailUser::canSend()
checks blocks amongst other things. If you only need this check, use
User::getBlock()->appliesToRight( 'sendemail' ).
* User::canSendEmail() has been deprecated. Use EmailUser::canSend() instead.
* The following methods, previously deprecated, now emit deprecation warnings:
- ConfigFactory::getDefaultInstance(), deprecated since 1.27
- AbstractContent::getNativeData(), deprecated since 1.33
- TablePager::getBody(), deprecated since 1.24
- ContentHandler::getSlotDiffRendererInternal(), deprecated since 1.35
- ParserOutput::getCategories(), deprecated since 1.40
- PasswordFactory::init(), deprecated since 1.32
* WikitextContent::getRedirectTargetAndText has been deprecated, use
WikitextContentHandler::extractRedirectTargetAndText instead.
* WikiPage::doDeleteArticleBatched, deprecated in 1.37, now emits deprecation
warnings.
* WikiPage::getPageIsRedirectField() is now deprecated.
* WikiPage::insertRedirect() is now deprecated.
* Parser::getFreshParser(), deprecated since 1.39, now emits deprecation
warnings.
* The legacy MediaWiki UI ResourceLoader modules, such as `mediawiki.ui`, are
all now emitting deprecation warnings in the JavaScript console. Please use
Codex CSS components instead.
* Article::getRedirectHeaderHtml() has been deprecated and emits deprecation
warnings, use LinkRenderer::makeRedirectHeader() instead.
* SpecialBlock::getTargetAndType(), deprecated since 1.36, now emits deprecation
warnings.
* ApiBase::checkTitleUserPermissions() now type-forces a PageIdentity instead of
a LinkTarget. Passing a LinkTarget has been deprecated since 1.36.
* Passing a User to ApiBase::checkUserRightsAny() in the second parameter, which
was deprecated in 1.36, is no longer read. Instead, it will use the request
context's set Authority via IContextSource::getAuthority().
* Sanitizer::escapeIdReferenceList(), deprecated since 1.36, has been dropped.
* RecentChange::getPerformer(), deprecated since 1.36, has been dropped.
* SpecialPage::getLanguageConverter(), deprecated since 1.36, has been dropped.
Use LanguageConverterFactory::getLanguageConverter() directly.
* SpecialBlock::checkUnblockSelf(), deprecated since 1.36, has been dropped. Use
BlockPermissionChecker instead.
* DifferenceEngine::localiseLineNumbers() has been deprecated in favor of
BaseTextDiffer::localizeLineNumbers(). Subclasses such as PhpTextDiffer may
make this available via a ::localize() method.
* ChangeTags::modifyDisplayQuery() and ChangeTagsStore::modifyDisplayQuery()
have been deprecated in favor of ChangeTagsStore::modifyDisplayQueryBuilder()
* Calling SpecialRandomPage::__construct without services as parameters is
deprecated and emit deprecation warnings.
=== Other changes in 1.41 ===
* ExternalLinksLookup::getExternalLinksForPage() now exists to centralize
logic of looking up externallinks rows.
* The update script no longer accepts the --skip-compat-checks option.
* Use of the deprecated "Pragma: no-cache" HTTP response header on uncachable
responses has been removed in favour of "Cache-Control: no-cache" (T345420).
* Type hints were added to:
- The return value of WebRequest:: and DerivativeRequest::getSession()
- The return value of WebRequest:: and DerivativeRequest::getIP()
- The return value of User::getTitleKey()
- The return value of User::getRequest()
- The `$key` parameter to Skin::normalizeKey()
None of the methods whose return value was updated belongs to a class
stable to extend, and adding type hints to parameters is backwards
compatible. Therefore, this is not considered a breaking change.
* The mergeMessageFileList script now only works for extensions and skins
supporting extension registration (using extension.json or skin.json).
It will no longer attempt to load PHP entry points.
* Parser will no longer fall back to $wgTitle if a null is provided as a
Title or PageReference. To change the relevant title used for methods
that do not offer an option to set the page, call Parser::setPage.
This affects the methods cleanSig, getSection and replaceSection.
* (T347726, CVE-2023-51704) SECURITY: logging: Fix non-escaped messages
used in rights log.
== Compatibility ==
MediaWiki 1.41 requires PHP 7.4.3 or later and the following PHP extensions:
* ctype
* dom
* fileinfo
* iconv
* intl
* json
* mbstring
* xml
MariaDB is the recommended database software. MySQL, PostgreSQL, or SQLite can
be used instead, but support for them is somewhat less mature.
The supported versions are:
* MariaDB 10.3 or higher
* MySQL 5.7.0 or higher
* PostgreSQL 10 or later
* SQLite 3.8.0 or later
== Online documentation ==
Documentation for both end-users and site administrators is available on
MediaWiki.org, and is covered under the GNU Free Documentation License (except
for pages that explicitly state that their contents are in the public domain):
https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
== Mailing list ==
A mailing list is available for MediaWiki user support and discussion:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
A low-traffic announcements-only list is also available:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
It's highly recommended that you sign up for one of these lists if you're
going to run a public MediaWiki, so you can be notified of security fixes.
== IRC help ==
There's usually someone online in #mediawiki on irc.libera.chat.
= MediaWiki 1.40 =
PHP 8.0 workboard: https://phabricator.wikimedia.org/tag/php_8.0_support/
PHP 8.1 workboard: https://phabricator.wikimedia.org/tag/php_8.1_support/
PHP 8.2 workboard: https://phabricator.wikimedia.org/tag/php_8.2_support/
PHP 8.3 workboard: https://phabricator.wikimedia.org/tag/php_8.3_support/
== MediaWiki 1.40.4 ==
This is a maintenance release of the MediaWiki 1.41 branch.
=== Changes since MediaWiki 1.40.3 ===
* Localisation updates.
* tests: Skip failing tests on php8.2 (and make pass).
* (T326480) ApiResult: Make array ordering consistent across PHP versions.
* (T352789, T287972) build: Raise TestingAccessWrapper from 2.0.0 to 3.0.0.
* (T326478) tests: Create new classes to hold dynamic properties in auth tests.
* (T326478) tests: Avoid dynamic properties in AuthenticationProvider Test.
* tests: Skip failing tests on php8.3 (and make pass).
* (T326466) Introduce and use DynamicPropertyTestHelper.
* (T352910) tests: Use TestingAccessWrapper::newFromClass in session tests.
* (T326478) tests: Avoid dynamic properties in SessionManagerTest.
* ArticleTest: Skip testGetOrSetOnNewProperty() if PHP >= 8.2.
* (T326478) tests: Avoid dynamic properties in auth tests.
* tests: Remove dead code from WikiPageDbTest::assertPreparedEditNotEquals.
* (T326479, T361985) StatusValue: Allow passing arbitrary data to augment
result.
* (T357760) Use i18n strings for truncated subpage message in SpecialMovePage.
* debug: Update PsySH 0.11.1 -> 0.12.3.
* (T361991) Fix slash-delimited regex from CLI on maintenence/grep.php.
* (T352695) tests: Only set $dbSetup if setupTestDB() ends without throwing.
* (T362272) api: Replace null $httpCode by 0 in ApiBase::dieWithErrorOrDebug.
* (T150647, T216682) Make EncryptedPassword work with Argon2Password.
* (T364270) Fix long param names overlapping docs in API help pages.
* wrapOldPasswords: Improve progress output and decrease batch size.
* (T361367) ApiFeedWatchlist: Fix handling of array parameters.
* (T366130) EncryptedPassword: Store default parameters as strings.
* Name the PagerTools array entries to allow hooks to unset them.
* (T302186) Add title cache for Title::newMainPage().
== MediaWiki 1.40.3 ==
This is a security and maintenance release of the MediaWiki 1.40 branch.
=== Changes since MediaWiki 1.40.2 ===
* Localisation updates.
* (T296896) CategoryViewer::getSectionPagingLinks: Fix null array offset
warning.
* CategoryViewer: Fix "count(): Argument #1 ($value) must be of type
Countable|array, null given".
* (T334992) Headings in the license pickers should not be selected.
* (T353929) ActiveUsersPager: Count actions only once.
* composer: Use @php instead of php.
* (T326065) Indent JsonContent using tabs.
* (T309714, T354274) mime: Add support for 'font/woff' and 'font/woff2' mime
type.
* (T353644) Update wikimedia/parsoid to 0.17.3.
* (T354541) authmanager: Improve AuthenticationRequest docs.
* (T330428) ForeignResourceManager: Add trailing newline in validateLicense.
* (T355017) Add missing space in Special:RecentChangesLinked.
* (T355003) composer.json Add ext-bcmath and ext-gmp to suggests.
* PHPVersionCheck: Update text to match currently supported upstream PHP
versions (8.1+).
* (T354045) API: mark HTML output as non-cacheable.
* (T355530) filerepo: Fix img_major_mime for files with a non-standard
extensions.
* (T355530) MimeAnalyzer: Add @since to isValidMajorMimeType.
* (T352554) ZhConverter: Fix language variant fallback chain.
* (T357668) Parser::getExternalLinkAttribs: Don't set rel attribute to null.
* LockManagerGroupIntegrationTest: Remove test depending on DBLockManager.
* (T357808) LinkRendererTest: Add missing import for LinkTarget.
* (T353305) ApiResetPassword: Allow both user and email parameters to be passed
for reset.
* (T358949) updateCollation: Explicitly cast $scale to int.
* (T359055) api: Improve linking of language codes lists in top level i18n
messages.
* (T359294) Make sure MovePage::isValidFileMove matches UploadBase::getTitle.
* (T230245) Respect $maxConcurrency when queuing async FileOps.
* (T352554) Follow-up "ZhConverter: Fix language variant fallback chain".
* (T359139) Restore ability to disable footer links with "-".
* (T292237, T317451) build: Restore Doxygen output for MediaWiki release tags.
* (T324903) HistoryPager: Add #[AllowDynamicProperties].
* (T360850) Update Apache config syntax in .htaccess files.
* (T309714) mime: Make test cases use data provider.
* (T317489, T319202) Mark some parserTests on talk pages Parsoid only on
REL1_40.
* Update wikimedia/parsoid to 0.17.4.
* docs: Remove use of $IP from mwdocgen.php.
* (T317451) build: Restore Doxygen output for MediaWiki release tags (take 3).
* docs: Set stable permalink on markdown files.
* (T357019) allow maintenance/deleteBatch.php to accept page ID.
* (T355538, CVE-2024-34507) SECURITY: XSS in edit summary parser.
* (T357760, CVE-2024-34506) SECURITY: Denial of service vector via GET request
to Special:MovePage on pages with thousands of subpages.
== MediaWiki 1.40.2 ==
This is a security and maintenance release of the MediaWiki 1.40 branch.
=== Changes since MediaWiki 1.40.1 ===
* Localisation updates.
* Updated symfony/polyfill-php80 from 1.27.0 to 1.28.0.
* Updated symfony/polyfill-php81 from 1.27.0 to 1.28.0.
* (T344912) mail: Encode period (ascii 46) if it appears in encoded email
header.
* Added symfony/polyfill-php82.
* Added symfony/polyfill-php83.
* Updated symfony/yaml from 5.4.17 to 5.4.23.
* Updated wikimedia/timestamp from 4.1.0 to 4.1.1.
* tests: Provide coverage for StatusValue::__toString.
* StatusValue: Improve logging/debug output with multibyte characters.
* (T347726, CVE-2023-51704) SECURITY: logging: Fix non-escaped messages
used in rights log.
* Updated wikimedia/parsoid from 0.17.0 to 0.17.1.
* (T229992) LocalisationCache: Preserve fallback source language info.
* (T340840) Title: Check local fallbacks for system message.
* (T346332) Installer: Make Minerva works correctly for $wgDefaultSkin.
* specials: Use options-messages on Special:RevisionDelete.
* Fix use of buildComparison() in uppercaseTitlesForUnicodeTransition.php.
* (T275085) Fix logging Status objects to 'authevents' channel.
* (T341310) DEVELOPERS.md: mention git clone and WSL.
* (T351758) DEVELOPERS.md: reword WSL instructions to include best practices.
* (T350615) PoolCounterConnectionManager: Add support for ipv6.
* ParsoidCachePrewarmJob::newSpec() now requires a PageRecord as the second
parameter instead of a page ID.
* (T341123) ParsoidCachePrewarmJob: enable deduplication.
* (T349115) LocalisationCache: Fix a rare case in fallback source language.
* (T351848) language: Avoid multiple signs in Language::userAdjust.
* SwiftFileBackend: Fix "PHP Deprecated: strlen(): Passing null to parameter #1
($string) of type string is deprecated".
* maintenance: Add missing parenthesis to SQL in attachLatest.php.
* (T321234) Make MagicWordArray not fail on old revs with broken UTF-8.
* thumb: Fix "PHP Deprecated: strlen(): Passing null to parameter".
* (T327007) htmlform: Correct validation for file input field.
== MediaWiki 1.40.1 ==
This is a security and maintenance release of the MediaWiki 1.40 branch.
=== Changes since MediaWiki 1.40.0 ===
* Localisation updates.
* (T333050, CVE-2023-45363) SECURITY: Fix infinite loop for self-redirects
with variants conversion.
* docs: Fix a few typos in MainConfigSchema.
* (T290464) Add DiscussionTools bundling to release notes.
* (T309714) mime: Add support for 'font/sfnt' mime type.
* (T341434) WikiImporter: Improve error message output.
* (T341737) ApiBase: Cast $id to string in filterIDs.
* (T286291, T296188) Merge zh and zh-tw namespace translations back to zh-hans,
zh-hant, zh-hk respectively.
* (T337875) WRStats: Round up SequenceSpec::hardExpiry to the nearest integer.
* (T237898) installer: Check MariaDB version in updater/installer.
* (T342632) ApiComparePages: Add help url.
* (T326182, T324903) EditPage: Add #[AllowDynamicProperties].
* (T342351) rdbms: Fix postgres db function call.
* (T343675) user: Use {@} to escape annotation when writting about annotation.
* (T343797) LanguageWa: Fix double timezone adjustment.
* (T343669) skins: Avoid function call on array.
* (T326454) Update pear/mail to 1.5.1.
* (T343622) docs: Set the <comment> tag back to optional.
* (T330528) Upgrade wikimedia/html-formatter from 3.0.1 to 4.0.3.
* Updated jQuery from v3.6.1 to v3.7.1.
* (T337463) wdio-mediawiki: await saveScreenshot.
* (T208477) $wgPrivilegedGroups – Users belonging in some of the listed groups
will be audited more aggressively.
* doc: Improve description of "type" in extension.schema.v2.json.
* Added PrivilegedGroups attribute for extension.json / skin.json, which lets
you add any new user groups you define to wgPrivilegedGroups (see above).
* (T288624) MultiHttpClient: Unset $this->cmh after closing it.
* (T345039) Do not run SkinAfterBottomScripts hook twice unconditionally.
* (T265734) API Help: Note that parameters may be inherited from other context.
* (T285545) i18n: Split apihelp for standard dir parameter.
* (T285545) i18n: Split apihelp for redirects/linkshere/transcludedin/fileusage
show.
* (T285545) i18n: Split apihelp for parameter list=deletedrevs&drprop=.
* (T285545) i18n: Split apihelp for parameter list=allpages&apprexpiry=.
* (T285545) i18n: Split apihelp for parameter action=opensearch&redirects=.
* (T285545) i18n: Split apihelp for parameter action=managetags&operation=.
* (T285545) api: Add message for list=watchlist&wlprop=expiry.
* (T334011) ApiComparePages: expose 'difftype' param if wikidiff2 is installed.
* (T342633) api: Add message for action=compare&prop=timestamp.
* API: revids=… does not necessarily return the queried revisions.
* (T235207) Get correct main page in API call examples.
* doc: Make extension.schema.v2.json a valid JSON schema.
* (T326696) Add since tag to UserOptionsManager::MAX_BYTES_OPTION_VALUE.
* (T310378) Ensure that installer i18n is loaded by update.php.
* updateSpecialPages.php: Avoid implicit float conversion on modulo.
* (T347227) ImportReporter: Make callback functions public.
* (T346898) importDump: Unconditionally call $importer->setUsernamePrefix().
* (T204470) Remove feedback messages from RawHtmlMessages.
* (T127268) MainConfigSchema: Update doc for "ResourceLoader: Default File
modules to mobile and desktop targets".
* (T264765, CVE-2023-45364) SECURITY: Article: Check permissions before
showing link to view deleted revision.
* doc: Improve description of type in extension.schema.v1.json.
* (T340217, CVE-2023-45359) SECURITY: Vector 2022: Numerous unescaped messages
leading to potential XSS.
* (T340220, CVE-2023-45361) SECURITY: Vector 2022: vector-intro-page message
is assumed to yield a valid title.
* (T340221, CVE-2023-45360) SECURITY: XSS via 'youhavenewmessagesmanyusers'
and 'youhavenewmessages' messages.
* (T341529, CVE-2023-45362) SECURITY: diff-multi-sameuser ("X intermediate
revisions by the same user not shown") ignores username suppression.
* (T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted
XML file to Special:Upload (non standard configuration).
== MediaWiki 1.40.0 ==
=== Changes since MediaWiki 1.40.0-rc.0 ===
* Localisation updates.
* (T330464) Work around argument corruption bug in XMLReader::open.
* build: Updating mediawiki/mediawiki-phan-config to 0.12.1.
* Fix frame and frameless rdfa depending on file existing.
* (T329214) Pass whether current rev of file exists to
Linker::makeBrokenImageLinkObj.
* (T334659) Handle thumb errors when !$enableLegacyMediaDOM.
* A manualthumb that doesn't exist should be considered a thumb error.
* (T313157) IndexPager: Also protect against $offset being 0.
* (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker.
== MediaWiki 1.40.0-rc.0 ==
== Upgrading notes for 1.40 ==
Don't forget to always back up your database before upgrading!
See the file UPGRADE for more detailed per-version upgrade instructions from the
oldest supported upgrading version, MediaWiki 1.35.
Some specific notes for MediaWiki 1.40 upgrades are below:
* Maintenance scripts should now be executed using maintenance/run.php, e.g.
maintenance/run.php update not maintenance/update.php as before.
* Five extensions have now been bundled with MediaWiki:
* The DiscussionTools extension, which provides a forum-like editing
experience for wikitext-based discussion pages.
* The Echo extension, which provides a system of user notifications.
* The Linter extension, which warns about use of deprecated wikitext.
* The LoginNotify extension, which warns users about failed attempted logins.
* The Thanks extension, which lets users thank editors for edits.
* The Renameuser extension has been moved to MediaWiki core. It is now possible
to rename users without installing an extension. The extension had already
been bundled with MediaWiki since 1.18.
For notes on 1.39.x and older releases, see HISTORY.
=== Configuration changes for system administrators in 1.40 ===
* When computing PBKDF2 password hashes, MediaWiki now detects and uses OpenSSL
support if available, unless $wgPasswordConfig['pbkdf2']['class'] is set in
LocalSettings.php. OpenSSL is more efficient, so if that setting is present,
you should remove it (or set it to 'Pbkdf2PasswordUsingOpenSSL' if possible).
If users get an internal error when trying to log in, you can try setting it
to 'Pbkdf2PasswordUsingHashExtension'. In particular, this would be necessary
if existing PBKDF2 password hashes were computed using a hash algorithm other
than "sha512" or "sha256" (the current and prior defaults).
* You should configure your webserver to return the http header
'X-Content-Type-Options: nosniff' for the /images directory. This will
instruct browsers to not apply content sniffing when accessing the files.
MediaWiki before 1.40 shipped with a content sniffer which disallowed
potentially dangerous files at upload time, but this protection has now been
removed in favor of this 'X-Content-Type-Options: nosniff' header and the
installer will return a warning when it is not in place.
* Support for MW_USE_LEGACY_DEFAULT_SETTINGS has been removed, setting this
constant will not have any effect. Use of MW_USE_LEGACY_DEFAULT_SETTINGS
had been deprecated since 1.39.
==== New configuration ====
* $wgThumbnailNamespaces - This setting lets you define the namespaces for which
image thumbnails (or a placeholder in the absence of a thumbnail) will be
displayed on Special:Search.
* $wgResourceLoaderClientPreferences – This experimental flag lets you enable
client-side preferences for logged-out users.
* $wgExternalLinksSchemaMigrationStage – This temporary flag lets you control
the migration stage for the new schema for the external links database table.
Ignore it unless you have a large wiki farm with complex migration needs.
* $wgCommentTempTableSchemaMigrationStage – This temporary flag lets you control
the migration stage for the temporary comment database table, from revision.
Ignore it unless you have a large wiki farm with complex migration needs.
* $wgSpecialContributeSkinsEnabled – This setting lets you list skins on which
Special:Contribute is available, for where others don't work for the feature.
* $wgPrivilegedGroups – Users belonging in some of the listed groups will be
audited more aggressively.
==== Changed configuration ====
* $wgPasswordPolicies – This setting, which controls what makes for a valid
password for wiki accounts, has been adjusted to raise the minimal password
length from 1 to 8 characters. The initial limit of 1 has been in place since
MediaWiki 1.26. If you wish to allow shorter passwords, you can over-ride it
in your LocalSettings following the guidance on MediaWiki.org.
* (T254045) New accounts can no longer use an equals sign (=) in their
usernames because of issues it causes in wikitext syntax. This can be
adjusted by changing the value of $wgInvalidUsernameCharacters.
* (T314318) $wgParserEnableLegacyMediaDOM – This setting has been changed, so
the alternative modern HTML structure for media is now the default. You can
disable it for now by over-riding this back to `true` in LocalSettings, but
this configuration will be removed in future versions of MediaWiki. For more
details, see the documentation at:
https://www.mediawiki.org/wiki/Parsoid/Parser_Unification/Media_structure/FAQ
* $wgWatchlistExpiryMaxDuration – This setting, which controls the maximum
allowed duration for users to set their temporary watchlist entries for expiry
if that feature is enabled, has been increased from 6 months to 1 year.
==== Removed configuration ====
* $wgShellboxUrl – This setting, deprecated in 1.37, has now been removed; use
$wgShellboxUrls instead.
* $wgMainWANCache and $wgWANObjectCaches – These never-used settings have been
removed. To inject WANObjectCache parameters, use $wgWANObjectCache instead.
These variables were introduced for multi-DC wiki farms to add a separate
memcached proxy for cross-DC relaying of purges but never used because
WANObjectCache works based on route prefixes, which can be transparently
handled by the main memcached proxy.
* $wgParserTestFiles – This setting, deprecated in 1.30, has now been removed;
extensions can place their parser test files in `tests/parser` instead.
* (T231412) $wgAutoloadAttemptLowercase – This setting, deprecated in 1.35, no
longer has any effect. If you run into difficulties, fix the names of miscased
local files.
* (T309787) $wgVerifyMimeTypeIE – This setting, to provide extra security checks
for very old versions of Internet Explorer clients, was removed. These user
agents aren't used in practice, and haven't been served JavaScript content for
years.
=== New user-facing features in 1.40 ===
* Special:Search can now show thumbnails for results for titles outside NS_FILE.
This is controlled via the new onSearchResultProvideThumbnail hook.
* A new preference ('search-thumbnail-extra-namespaces') to allow users to
control whether to show more thumbnails (per $wgThumbnailNamespaces)
* (T324910) On pages using multi-content revisions, the raw content of a
specific slot can be retrieved using the action=raw&slot=<role-name> query
parameters.
* (T313804) The preferences page now provides a search bar to find preferences,
regardless of the tab on which they appear.
=== New developer features in 1.40 ===
* The MediaWiki-Docker development environment is now configured to
run on PHP 8.1 by default, up from PHP 7.4 now that that's EOL.
* Vue development mode is enabled by default in DevelopmentSettings.php
* (T277618) The @noVarDump annotation from the DebugInfoTrait tool can now be
added to references to stop them from being expanded when their object is
passed to var_dump(), to make its use for debugging more feasible.
* The ApiSandbox will now by default request responses in the latest API format,
rather than the original format. Users can set `formatversion` to a different
value if needed.
* A new hook, GetBlockErrorMessageKeyHook, allows extensions' block error
messages to be received and displayed by BlockErrorFormatter.
* A new hook, SpecialCreateAccountBenefits, lets extensions and local code set
custom content on the signup page about the benefits of using an account.
* (T321412) A new 'PageUndeleteComplete' hook has been added for more thorough
information about a page post restoration than the 'PageUndelete' hook passes.
This provides similar functionality to the 'PageDeleteComplete' hook.
* The Linker::specialLink() method can now link to a Special page's with a sub-
page or action parameter set, e.g. [[Special:Contributions/JohnDoe]].
* The PHPUnit entrypoints (tests/phpunit/phpunit.php and vendor/bin/phpunit)
now check if composer dependencies are up-to-date, like update.php, using
CheckComposerLockUpToDate. To disable this check, use
MW_SKIP_EXTERNAL_DEPENDENCIES=1 environment flag when running PHPUnit.
* ManualLogEntry::setForceBotFlag() has been added to allow the forcing of the
bot flag for log entries which are inserted to the recent changes.
=== External library changes in 1.40 ===
==== New external libraries ====
* Added codex-design-tokens at v0.6.2.
* Added symfony/polyfill-php81 at v1.28.0.
* Added symfony/polyfill-php82 at v1.28.0.
* Added symfony/polyfill-php83 at v1.28.0.
* Added wikimedia/bcp-47-code at v1.0.0.
===== New development-only external libraries =====
* Added wikimedia/langconv at v0.4.2.
==== Changed external libraries ====
* Updated OOUI from v0.44.3 to v0.46.3.
* Updated codex, codex-search, and codex-icons from v0.2.2 to v0.6.2.
* Updated cssjanus/cssjanus from 2.1.0 to 2.1.1.
* Updated guzzlehttp/guzzle 7.4.5 to 7.5.0.
* Updated justinrainbow/json-schema from 5.2.11 to 5.2.12.
* Updated pear/mail from 1.4.1 to 1.5.1.
* Updated pear/net_smtp from 0.10.0 to 0.10.1.
* Updated psr/container from 1.1.1 to 1.1.2.
* Updated symfony/polyfill-php80 from 1.26.0 to 1.28.0.
* Updated symfony/yaml from 5.4.10 to 5.4.23.
* Updated wikimedia/html-formatter from 3.0.1 to 4.0.3.
* Updated wikimedia/less.php from 3.1.0 to 4.0.0.
* Updated wikimedia/object-factory from 4.0.0 to 5.0.1.
* Updated wikimedia/parsoid from 0.16.0 to 0.17.0.
* Updated wikimedia/remex-html from 3.0.2 to 3.0.3.
* Updated wikimedia/shellbox from 3.0.0 to 4.0.0.
* Updated wikimedia/timestamp from 4.0.0 to 4.1.1.
* Updated wikimedia/xmp-reader from 0.8.4 to 0.9.1.
===== Changed development-only external libraries =====
* Updated QUnit from 2.18.2 to 2.19.4.
* Updated api-testing from 1.5.0 to 1.5.1.
* Updated composer/spdx-licenses from 1.5.6 to 1.5.7.
* Updated eslint-config-wikimedia from 0.22.1 to 0.24.0.
* Updated giorgiosironi/eris from ^0.10.0 to ^0.13.0.
* Updated grunt from 1.5.2 to 1.6.1.
* Updated grunt-banana-checker from 0.9.0 to 0.10.0.
* Updated grunt-eslint from 24.0.0 to 24.0.1.
* Updated karma from 6.3.15 to 6.4.1.
* Updated mediawiki/mediawiki-codesniffer from 38.0.0 to 41.0.0.
* Updated mediawiki/mediawiki-phan-config from 0.11.1 to 0.12.1.
* Updated php-parallel-lint/php-console-highlighter from 0.5 to 1.0.0.
* Updated php-parallel-lint/php-parallel-lint from 1.3.1 to 1.3.2.
* Updated phpunit/phpunit from 8.5.28 to 9.5.28.
* Updated stylelint-config-wikimedia from 0.13.0 to 0.13.1.
* Updated wikimedia/alea from 0.9.3 to 1.0.0.
==== Removed external libraries ====
* jquery.throttle-debounce, deprecated since MediaWiki 1.33.
* WVUI, deprecated since MediaWiki 1.39.
=== Action API changes in 1.40 ===
* New `cancreateaccount` parameter on action=query&meta=userinfo that allows
you to check if the user can create an account. Some of the errors that have
previously been returned by action=query&list=users&usprop=cancreate are now
returned here.
=== Languages updated in 1.40 ===
MediaWiki supports over 400 languages. Many localisations are updated regularly.
Below only new and removed languages are listed, as well as changes to languages
because of Phabricator reports.
* (T300378) Added language support for Toki Pona (tok).
* (T320465) Added language support for Magahi (mag).
* (T320912) Added language support for Arakanese (rki).
* (T323971) Added language support for Khakas (kjh).
* (T326526) Added language support for Igala (igl).
* (T329476) Added language support for Kusaal (kus).
* (T330266) Added language support for Southern Dagaare (dga).
* (T331596) Added language support for Obolo (ann).
* (T331597) Added language support for Nogai (nog).
* (T331599) Added language support for Wolaytta (wal).
* (T295637) Add no to fallback chain of nb and nn.
=== Breaking changes in 1.40 ===
* OutputPage::enableClientCache no longer accepts a parameter, nor does it
return the current value. It simply sets the OutputPage::mEnableClientCache
to true. Use OutputPage::disableClientCache to disable client side caching
instead.
* ResourceLoader::makeMessageSetScript, unused since 1.26, has been removed
without deprecation.
* Changes to skins:
- The internal protected method Skin::getFooterLinks() was removed.
It had no known usages. Different from SkinTemplate::getFooterLinks.
- The internal public method Skin::getSiteFooterLinks() was removed.
It had no known usages.
* The 'oojs-router' module has been removed without deprecation in favour
of the 'mediawiki.router' wrapper module.
* BagOStuff::makeKeyInternal(), deprecated for public use in 1.36, is now a
protected method of MediumSpecificBagOStuff.
* WANObjectCache::reap() and WANObjectCache::reapCheckKey(), deprecated since
1.39, have been removed.
* The EnqueueJob class, unused since 1.31, has been removed without
deprecation.
* JobQueueGroup::singleton() and ::destroySingletons(), deprecated since 1.37,
have been removed.
* JobRunner no longer supports manually calling the constructor,
use MediaWikiServices::getInstance()->getJobRunner() instead.
* JobRunner::setLogger, deprecated since 1.35, has been removed.
* ContextSource::getStats, deprecated since 1.27, has been removed.
* The following public properties of Parser, deprecated in 1.35,
have been made private: Parser::$mLinkId, Parser::$mIncludeSizes,
Parser::$mDoubleUnderscore, Parser::$mShowToc, Parser::$mRevisionId,
Parser::$mRevisionTimestamp, Parser::$mRevisionUser, Parser::$mRevisionSize,
Parser::$mInputSize, Parser::$mInParse, Parser::$mFirstCall,
Parser::$mGeneratedPPNodeCount
* The MWGrants class, deprecated since 1.38, has been removed.
* PageProps::getInstance(), deprecated since 1.38, has been removed.
* Global functions wfReadOnly and wfReadOnlyReason, deprecated since 1.38, have
been removed.
* Global function wfQueriesMustScale, deprecated since 1.39, has been removed.
* Global function wfLogProfilingData, deprecated since 1.38, has been removed.
* The HTMLCacheUpdate class, deprecated since 1.34, has been removed.
* Linker::normaliseSpecialPage(), deprecated since 1.35, has been removed.
* MWTimestamp::getHumanTimestamp(), deprecated since 1.26, has been removed.
* Collation::singleton() and ::factory(), deprecated since 1.37, have been
removed.
* SpecialVersion::listToText() and SpecialVersion::arrayToString()
have become private or internal without deprecation.
* The 'ParserTestFiles' key in the schema for extension.json has been removed.
This was deprecated in 1.30 and the corresponding $wgParserTestFiles
configuration variable has also been removed in this release. Extensions
can put parser test files in their `tests/parser` directory to have them
automatically run.
* DBLockManager, MySqlLockManager, and PostgreSqlLockManager have been
removed without deprecation.
* MediaWikiTestCaseTrait::checkPHPExtension() has been removed without
deprecation. Use PHPUnit @requires annotations instead.
* EditPage::getCopywarn(), deprecated since 1.38, has been removed.
* EditPage::getCopyrightWarning() now requires a MessageLocalizer parameter.
Use of other parameter types or omitting it was deprecated since 1.38.
* Action constructor now requires Article and IContextSource parameters.
Use of other parameter types or omitting them was deprecated since 1.35.
* Article::viewRedirect(), deprecated since 1.30, has been removed.
* Title::getNotificationTimestamp(), deprecated since 1.35, has been removed.
* WikiRevision::$fileIsTemp property, deprecated since 1.29, has been removed.
* Use of CommentStore::insertWithTempTable() with 'img_description' is no
longer supported, it was deprecated since 1.32. Use CommentStore::insert()
instead.
* Return values in the parameter $pageLang of the PageContentLanguage hook with
other types than a Language object, deprecated since 1.33 & emitting warnings
since 1.38, now throws an exception.
* FormatMetadata::flattenArrayContentLang(), deprecated since 1.36, has been
removed.
* WikiRevision::downloadSource() and ::importUpload(), deprecated since 1.31,
have been removed.
* DataUpdate::runUpdates(), deprecated since 1.28, has been removed.
* CdnCacheUpdate::newFromTitles(), deprecated since 1.35, has been removed.
* HtmlFileCacheUpdate::newFromTitles(), deprecated since 1.37, has been
removed.
* BaseTemplate::renderAfterPortlet() and ::getAfterPortlet(), has been removed.
Use the corresponding methods in Skin class.
* DifferenceEngine::textDiff(), deprecated since 1.32, has been removed.
* Skin::getSearchPageTitle() and Skin::setSearchPageTitle(), deprecated since
1.38, have been removed.
* DifferenceEngine::getDiffBodyCacheKey(), deprecated since 1.31, has been
removed.
* ForeignDBViaLBRepo::getMasterDB(), LocalRepo::getMasterDB(), and
JobQueueDB::getMasterDB(), deprecated since 1.37, have been removed.
* Clarified that the InitializeArticleMaybeRedirect hook should not change
its $article parameter; the behavior when doing so was previously
undocumented.
* IDatabase::ping()'s $rtt parameter was removed without deprecation.
* IDatabase::setBigSelects(), unused, was removed without deprecation.
* IDatabase::attributesFromType(), unused, was removed without deprecation.
* IMaintainableDatabase::deadlockLoop() was removed without deprecation.
* DatabasePostgres::remappedTableName(), deprecated since 1.37, has been
removed.
* ILBFactory::getChronologyProtectorClientId and ::commitAll, unused, were
removed without deprecation.
* LoadBalancer::haveIndex() and ::isNonZeroLoad(), deprecated in 1.34,
have been removed.
* LoadBalancer::getLazyConnectionRef(), deprecated in 1.38, has been removed.
* ILBFactory::forEachLB(), deprecated in 1.39, has been removed.
* LoadBalancer::getTransactionRoundStage and ::commitAll, unused, were
removed without deprecation.
* ILoadBalancer::getLaggedReplicaMode, unused, was removed without
deprecation. Use ILBFactory::laggedReplicaUsed() instead.
* Optional parameters of ILoadBalancer::waitForPrimaryPos(), $pos and $timeout
have been removed without deprecation as they are unused.
* LoadMonitorMysql was removed without deprecation. Use LoadMonitor instead.
* IDatabase::selectDB(), deprecated since 1.32, has been removed.
Use IDatabase::selectDomain() instead.
* The following deprecated hooks have been removed:
- BaseTemplateAfterPortlet, deprecated in 1.35
- BeforeParserFetchTemplateAndtitle, deprecated in 1.36
- BeforeParserrenderImageGallery, deprecated in 1.35
- InternalParseBeforeSanitize, deprecated in 1.35
- LinksUpdateConstructed, deprecated in 1.38
- LinksUpdateAfterInsert, deprecated in 1.38
- ParserSectionCreate, deprecated in 1.35
- ResourceLoaderTestModules, deprecated in 1.33
- SpecialMuteSubmit, deprecated in 1.35
- UserLoadFromDatabase, deprecated in 1.37
- UserSetCookies, deprecated in 1.27
* RemexDriver::__construct() now only accepts a ServiceOptions instance as
the only argument. Passing an array was deprecated since 1.36.
* TidyDriverBase::supportsValidate(), deprecated since 1.36, has been removed.
* RevDelList::reloadFromMaster(), deprecated since 1.37, has been removed.
* ExternalStoreDB::getMaster(), deprecated since 1.37, has been removed.
* DeletePage::deletionWasScheduled(), deprecated since 1.38, has been removed.
* The SearchResultProvideThumbnailHook (which was unstable) and now no longer
used, has been removed. Use SearchResultProvideThumbnailHook in the search
namespace: MediaWiki\Search\Hook\SearchResultProvideThumbnailHook.
* Command::cgroup(), deprecated since 1.36, has been removed.
* When running tests, the serialize_precision INI setting is now set to -1
(current PHP default) instead of 17. Extension tests may need to be adjusted
accordingly; string representations of floating-point numbers in serialized
or JSON-encoded data may change.
* WikiRevision::$sha1base36 is now private.
* IcuCollation::getUnicodeVersionForICU() was removed without deprecation.
* LinkFilter::supportsIDN() was removed without deprecation.
* The ability to pass null for the errorData parameter of HttpException and
LocalizedHttpException was removed without deprecation.
* ApiQueryExtLinksUsage::getProtocolPrefix() and ::prepareProtocols() have
been moved to LinkFilter with the same name.
* .box-sizing() Less mixin, deprecated since 1.37, has been removed.
Use CSS box-sizing now.
* MimeAnalyzer::getIEMimeTypes() and IEContentAnalyzer were removed.
* Language::commafy and mw.language.commafy, deprecated since 1.36, has been
removed.
* BagOStuff::decr(), deprecated since 1.28, has been removed.
* BagOStuff::incr(), deprecated since 1.28, has been removed.
=== Deprecations in 1.40 ===
* Changes to skins:
- The public Skin::footerLink is deprecated.
Use SkinComponentMenuLink::getTemplateData instead.
It now emits deprecation warnings.
- The protected Skin::lastModified is deprecated, and marked for @internal use
and now emits deprecation warnings.
* Manipulating $wgHooks after initialization is deprecated.
HookContainer::register() or HookContainer::scopedRegister() should be
used instead. During initialization, SettingsBuilder::registerHookHandlers
can be used. For backwards compatibility, $wgHooks is replaced by a fake
array that calls methods on HookContainer. $wgHooks can still be used as a
configuration variable, only dynamic manipulation is deprecated.
* ParserOptions::{get,set}ExternalLinkTarget() and
ParserOptions::{get,set}MaxTemplateDepth() have been deprecated and marked
for @internal use only.
* ParserOutput::getCategories() has been deprecated; use ::getCategoryNames()
and ::getCategorySortKey() instead.
* ParserOutput::{get,set}TOCHTML() has been deprecated; use
::{get,set}TOCData() instead.
* TransactionProfiler::setSilenced() is deprecated.
Use TransactionProfiler::silenceForScope() instead.
* The following methods in the Title class, deprecated since 1.37, emits
deprecations warnings:
- ::areCascadeProtectionSourcesLoaded()
- ::areRestrictionsCascading()
- ::areRestrictionsLoaded()
- ::getAllRestrictions()
- ::getCascadeProtectionSources()
- ::getFilteredRestrictionTypes()
- ::getRestrictionExpiry()
- ::getRestrictionTypes()
- ::getRestrictions()
- ::isCascadeProtected()
- ::isProtected()
- ::isSemiProtected()
- ::loadRestrictionsFromRows()
* The class Pbkdf2Password was renamed to Pbkdf2PasswordUsingHashExtension,
and the old name is now deprecated.
* WikiPage::factory(), ::newFromID() and ::newFromRow, deprecated in 1.36, now
emit deprecation warnings.
* Manually constructing a LinkBatch object, deprecated in 1.35, now emits
deprecation warnings. Use LinkBatchFactory instead.
* Calling MediaWikiSite::getFileUrl() without a $path argument is deprecated.
If you need the "generic" full file path, with $1 not replaced by anything,
call $site->getPath( MediaWikiSite::PATH_FILE ) directly.
* In SessionConsistentConnectionManager, the methods
getReadConnectionRef() and getWriteConnectionRef() are deprecated;
the ConnectionManager methods they override had been deprecated already.
* Database::wasErrorReissuable() is deprecated.
* MimeAnalyzer::isPHPImageType was not used and will now emit deprecation
warnings.
* GenericArrayObject, originally developed for Wikibase and SiteList, has been
deprecated. Use built-in ArrayObject directly instead.
* Parser::getFunctionLang() has been deprecated; use
Parser::getTargetLanguage() instead.
* MagicWordArray::getVariableRegex(), deprecated in 1.36, now emits deprecation
warnings.
* AbstractBlock::getId() now emits deprecation warnings in case of cross-wiki
access. This use was deprecated in 1.38.
* CommentStore::getStore, deprecated in 1.31, now emits deprecation warnings.
* BacklinkCache::get(), ::getLinks() and ::getCascadeProtectedLinks(),
deprecated in 1.37, now emit deprecation warnings.
* LanguageConverterFactory::isTitleConversionDisabled(), deprecated in 1.36,
now emits deprecation warnings.
* Language::getFileName(), ::getMessagesFileName() and
::getJsonMessagesFileName(), deprecated in 1.34,
now emit deprecation warnings.
* Language::getLocalisationCache(), deprecated in 1.34, also
Language::getMessagesFor(), ::getMessageFor() and ::getMessageKeysFor(),
deprecated in 1.35, now emit deprecation warnings.
* User::incEditCount(), deprecated in 1.37, now emits deprecation warnings.
* User::idFromName(), deprecated in 1.37, now emits deprecation warnings.
* The ability to override and use User::$mRights, deprecated in 1.34, now emits
deprecation warnings.
* IndexPager::getHookContainer is deprecated and emits deprecation warnings.
Inject a HookContainer instead.
* User::getGroupPermissions(), ::getGroupsWithPermission() and
::groupHasPermission(), deprecated in 1.34, now emit deprecation warnings.
* PermissionManager::getGroupPermissions(), ::getGroupsWithPermission() and
::groupHasPermission(), deprecated in 1.36, now emit deprecation warnings.
* Global function wfShowingResults is deprecated and emits deprecation warnings.
* UserGroupMembership::getGroupMemberName is deprecated, the deprecation of
UserGroupMembership::getGroupName in 1.38 missed a release note.
Use Language::getGroupMemberName or ::getGroupName instead.
* AbstractBlock::getPermissionsError(), deprecated in 1.35, now emits
deprecation warnings.
* SearchEngine::getNearMatcher() and ::getDefaultMatcher() have been deprecated
in favor of MediaWikiServices::getInstance()->getTitleMatcher().
* SearchNearMatcher class has been deprecated in 1.40 in favor of TitleMatcher.
* The following functions are deprecated: User::isBlockedGlobally and
User::getGlobalBlock. Use User::getBlock instead.
* The UserIsBlockedGlobally hook is deprecated.
Use GetUserBlock hook instead.
* The SystemBlock type global-block is deprecated.
GlobalBlocks are now added into CompositeBlocks via the GetUserBlock hook.
* Language::isWellFormedLanguageTag(), deprecated in 1.39, now emits deprecation
notices. Please use LanguageCode::isWellFormedLanguageTag() instead.
* Language::fetchLanguageNames() and ::fetchLanguageName(), deprecated in 1.34,
now emit deprecation warnings.
* Language::getFallbackFor(), ::getFallbacksIncludingSiteLanguage() and
::getFallbacksFor(), deprecated in 1.35, now emit deprecation warnings.
* Language::isSupportedLanguage(), ::isValidCode(), ::isValidBuiltInCode() and
::isKnownLanguageTag(), deprecated in 1.34, now emit deprecation warnings.
* Language::getConverter(), ::autoConvert(), ::autoConvertToAllVariants(),
::convert(), ::convertNamespace(), ::convertHtml(), ::convertCategoryKey(),
::getVariants(), ::hasVariants(), ::hasVariant(), ::getDefaultVariant(),
::getURLVariant(), ::getExtraHashOptions(), ::getConvRuleTitle(),
deprecated in 1.35, now emit deprecation warnings.
* Language::factory() and ::getParentLanguage(), deprecated in 1.35, now emit
deprecation warnings.
* Executing maintenance scripts directly is deprecated. The maintenance/run.php
entry point should be used instead.
* MWHttpRequest::factory, deprecated in 1.34, now emits deprecation warnings.
* Job::factory is deprecated, use JobFactory::newJob instead.
* Http::request(), ::get(), ::post(), ::userAgent() and ::isValidURI(),
deprecated in 1.34, now emit deprecation warnings.
* Title.js's confusingly-named getName() and getNameText() methods, for using
media files' pages, have been renamed to getFileNameWithoutExtension() and
getFileNameTextWithoutExtension() respectively. The old names are deprecated.
* Command::whitelistPaths() should now emit deprecation warnings. Make use of
Command::allowPaths/disallowPaths() instead.
* When manually creating an HTMLFormField (i.e. not via HTMLForm::factory),
it is deprecated to not include the "parent" field as one of the parameters.
* The MWException class is deprecated. Use native exceptions, either directly
or as base classes.
* SelectQueryBuilder::lockForUpdate() is deprecated. Use ::forUpdate() with
::fetchRowCount() or ::acquireRowLocks() instead.
* ArticleUndelete hook is deprecated. Use PageUndeleteComplete hook instead.
* The global function wfReportTime() is now deprecated.
* PrevNextNavigationRenderer, deprecated in 1.39, now emits deprecation
warnings.
* PagerNavigationBuilder::setMakeLinkCallback(), deprecated in 1.39, now emits
deprecation warnings.
* IndexPager::getPagingLinks(), IndexPager::getLimitLinks() and
IndexPager::buildPrevNextNavigation(), deprecated in 1.39, now emit
deprecation warnings.
* Overriding the method IndexPager::makeLink(), deprecated in 1.39, now emits
deprecation warnings.
* The following class names were namespaced (and, for the special pages,
also renamed), and the old class names are now deprecated:
- MostimagesPage -> MediaWiki\Specials\SpecialMostImages
- MovePageForm -> MediaWiki\Specials\SpecialMovePage
- UserrightsPage -> MediaWiki\Specials\SpecialUserRights
- WantedFilesPage -> MediaWiki\Specials\SpecialWantedFiles
- WantedPagesPage -> MediaWiki\Specials\SpecialWantedPages
- DerivativeRequest -> MediaWiki\Request\DerivativeRequest
- FauxRequest -> MediaWiki\Request\FauxRequest
- FauxRequestUpload -> MediaWiki\Request\FauxRequestUpload
- PathRouter -> MediaWiki\Request\PathRouter
- WebRequestUpload -> MediaWiki\Request\WebRequestUpload
- HeaderCallback -> MediaWiki\Request\HeaderCallback
- FauxResponse -> MediaWiki\Request\FauxResponse
- WebResponse -> MediaWiki\Request\WebResponse
- ForeignResourceManager ->
MediaWiki\ResourceLoader\ForeignResourceManager
- DummyLinker -> MediaWiki\Linker\DummyLinker
- Linker -> MediaWiki\Linker\Linker
- PageProps -> MediaWiki\Page\PageProps
- MagicWord -> MediaWiki\Parser\MagicWord
- MagicWordArray -> MediaWiki\Parser\MagicWordArray
- MagicWordFactory -> MediaWiki\Parser\MagicWordFactory
- RawMessage -> MediaWiki\Language\RawMessage
- ActorMigration -> MediaWiki\User\ActorMigration
- ActorMigrationBase -> MediaWiki\User\ActorMigrationBase
- CategoriesRdf -> MediaWiki\Category\CategoriesRdf
- Category -> MediaWiki\Category\Category
- CategoryViewer -> MediaWiki\Category\CategoryViewer
- TrackingCategories -> MediaWiki\Category\TrackingCategories
- EditPage -> MediaWiki\EditPage\EditPage
- TemplatesOnThisPageFormatter ->
MediaWiki\EditPage\TemplatesOnThisPageFormatter
- ContentSecurityPolicy -> MediaWiki\Request\ContentSecurityPolicy
- FormOptions -> MediaWiki\Html\FormOptions
- Html -> MediaWiki\Html\Html
- HtmlHelper -> MediaWiki\Html\HtmlHelper
- TemplateParser -> MediaWiki\Html\TemplateParser
- FormOptions -> MediaWiki\Html\FormOptions
- WikiMap -> MediaWiki\WikiMap\WikiMap
- WikiReference -> MediaWiki\WikiMap\WikiReference
- MediaWiki\BadFileLookup -> MediaWiki\Page\File\BadFileLookup
- FileDeleteForm -> MediaWiki\Page\File\FileDeleteForm
- MergeHistory -> MediaWiki\Page\MergeHistory
- MovePage -> MediaWiki\Page\MovePage
- ProtectionForm -> MediaWiki\Page\ProtectionForm
- LinkFilter -> MediaWiki\ExternalLinks\LinkFilter
- TitleArray -> MediaWiki\Title\TitleArray
- TitleArrayFromResult -> MediaWiki\Title\TitleArrayFromResult
- TitleFactory -> MediaWiki\Title\TitleFactory
- Title -> MediaWiki\Title\Title
- ForkController -> MediaWiki\Maintenance\ForkController
- OrderedStreamingForkController ->
MediaWiki\Maintenance\OrderedStreamingForkController
- AtomFeed -> MediaWiki\Feed\AtomFeed
- ChannelFeed -> MediaWiki\Feed\ChannelFeed
- FeedItem -> MediaWiki\Feed\FeedItem
- FeedUtils -> MediaWiki\Feed\FeedUtils
- RSSFeed -> MediaWiki\Feed\RSSFeed
- DeprecatedGlobal -> MediaWiki\StubObject\DeprecatedGlobal
- StubGlobalUser -> MediaWiki\StubObject\StubGlobalUser
- StubObject -> MediaWiki\StubObject\StubObject
- StubUserLang -> MediaWiki\StubObject\StubUserLang
* ContentHandler::getParserOutputForIndexing() and ::getDataForSearchIndex()
now take an optional RevisionRecord parameter.
* The SearchDataForIndex hook is deprecated in favor of SearchDataForIndex2
* IDatabase::lastQuery and IReadableDatabase::lastQuery are deprecated without
without replacement.
=== Other changes in 1.40 ===
* Calling RecentChange::doMarkPatrolled() with $auto = true has no effect and
logs a warning. Since 1.31, it would mark the change as manually patrolled,
but would not log it as such in patrol log and would still require
'autopatrol' right (not 'patrol'). Generally, whether a change should become
autopatrolled, is usually determined before it's inserted in the database.
* In versions of MediaWiki before 1.39, the table of contents location
was marked internally with <mw:toc>...</mw:toc>; in version 1.39
this was changed to an empty tag <mw:tocplace />. In 1.40 this has
been changed a final time to use an empty <meta> tag for future
Parsoid compatibility (see Parser::TOC_PLACEHOLDER). This may
affect you if stale content is left in the ParserCache or if your
skin did manual ToC replacement without using the recommended
Parser::replaceTableOfContentsMarker() function.
* Skins can now choose which Codex theme should be loaded by setting the
SkinCodexThemes attribute in their skin.json file.
* The parser test framework has been updated, and the 'pst', 'ill', 'cat'
and 'showflags' options have slight differences in their output. These
options are not much used outside core, but third parties may need to
update parser tests.
* (T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter.
== Compatibility ==
MediaWiki 1.40 requires PHP 7.4.3 or later and the following PHP extensions:
* ctype
* dom
* fileinfo
* iconv
* intl
* json
* mbstring
* xml
MariaDB is the recommended database software. MySQL, PostgreSQL, or SQLite can
be used instead, but support for them is somewhat less mature.
The supported versions are:
* MariaDB 10.3 or higher
* MySQL 5.7.0 or higher
* PostgreSQL 10 or later
* SQLite 3.8.0 or later
== Online documentation ==
Documentation for both end-users and site administrators is available on
MediaWiki.org, and is covered under the GNU Free Documentation License (except
for pages that explicitly state that their contents are in the public domain):
https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
== Mailing list ==
A mailing list is available for MediaWiki user support and discussion:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
A low-traffic announcements-only list is also available:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
It's highly recommended that you sign up for one of these lists if you're
going to run a public MediaWiki, so you can be notified of security fixes.
== IRC help ==
There's usually someone online in #mediawiki on irc.libera.chat.
= MediaWiki 1.39 =
PHP 8.0 workboard: https://phabricator.wikimedia.org/tag/php_8.0_support/
PHP 8.1 workboard: https://phabricator.wikimedia.org/tag/php_8.1_support/
PHP 8.2 workboard: https://phabricator.wikimedia.org/tag/php_8.2_support/
PHP 8.3 workboard: https://phabricator.wikimedia.org/tag/php_8.3_support/
== MediaWiki 1.39.10 ==
This is a maintenance release of the MediaWiki 1.39 branch.
=== Changes since 1.39.9 ===
* Fix issue related to backport of AbuseFilter patch for T372998.
== Mediawiki 1.39.9 ==
This is a security and maintenance release of the MediaWiki 1.39 branch.
=== Changes since 1.39.8 ===
* Localisation updates.
* (T303007) skins: Fix Skin::buildSidebar to not share cache between skins.
* (T367918) When using the 'runMaintenance' method in a
LoadExtensionSchemaUpdates hook handler, only the script's class name is
required, not its path.
* Clarify that $wgAllowCrossOrigin only applies to REST.
* (T370380) installer: Support MW_SKIP_EXTERNAL_DEPENDENCIES in update.php.
* composer.json: Add 5 more ext- to suggests.
* resources: Fix 404 Not Found for foreign Financial-Times/polyfill-library.
* ResourceLoader: Fix regression of color mapping in Less.php.
* ResourceLoader: Upgrade wikimedia/less.php to 4.4.1.
* SpecialExport: Prevent passing null to strtolower.
== MediaWiki 1.39.8 ==
This is a maintenance release of the MediaWiki 1.39 branch.
=== Changes since 1.39.7 ===
* Localisation updates.
* tests: Skip failing tests on php8.2 (and make pass).
* (T326480) ApiResult: Make array ordering consistent across PHP versions.
* (T352789, T287972) build: Raise TestingAccessWrapper from 2.0.0 to 3.0.0.
* (T326478) tests: Create new classes to hold dynamic properties in auth tests.
* (T326478) tests: Avoid dynamic properties in AuthenticationProvider Test.
* (T326466) Introduce and use DynamicPropertyTestHelper.
* tests: Skip failing tests on php8.3 (and make pass).
* (T352910) tests: Use TestingAccessWrapper::newFromClass in session tests.
* (T326478) tests: Avoid dynamic properties in auth tests.
* (T326479, T361985) StatusValue: Allow passing arbitrary data to augment
result.
* tests: Remove dead code from WikiPageDbTest::assertPreparedEditNotEquals.
* (T326478) tests: Avoid dynamic properties in SessionManagerTest.
* (T361990) Upgrading wikimedia/parsoid (v0.16.3 => v0.16.4).
* (T357760) Use i18n strings for truncated subpage message in SpecialMovePage.
* ArticleTest: Skip testGetOrSetOnNewProperty() if PHP >= 8.2.
* (T361982) Update wikimedia/less.php from 3.1.0 to 3.2.1.
* debug: Update PsySH 0.11.1 -> 0.12.3.
* (T361991) Fix slash-delimited regex from CLI on maintenence/grep.php.
* (T362078) Improve RestAPIAdditionalRouteFiles path expansion.
* (T352695) tests: Only set $dbSetup if setupTestDB() ends without throwing.
* (T302186) Add title cache for Title::newMainPage().
* objectcache: Fix flaky WANObjectCacheTest::testLockTSESlow case.
* (T362272) api: Replace null $httpCode by 0 in ApiBase::dieWithErrorOrDebug.
* (T150647, T216682) Make EncryptedPassword work with Argon2Password.
* (T327220) Special:ApiHelp: Move widths and floats in CSS to media query.
* (T364270) Fix long param names overlapping docs in API help pages.
* MaintenanceRunner.php: Add trailing newline to error message.
* wrapOldPasswords: Improve progress output and decrease batch size.
* (T361367) ApiFeedWatchlist: Fix handling of array parameters.
* (T132418) ResourceLoader: Add 1min grace via stale-while-revalidate
Cache-Control.
* (T366130) EncryptedPassword: Store default parameters as strings.
* Name the PagerTools array entries to allow hooks to unset them.
== MediaWiki 1.39.7 ==
This is a security and maintenance release of the MediaWiki 1.39 branch.
=== Changes since 1.39.6 ===
* Localisation updates.
* (T334992) Headings in the license pickers should not be selected.
* (T353929) ActiveUsersPager: Count actions only once.
* composer: Use @php instead of php.
* (T326065) Indent JsonContent using tabs.
* (T354541) authmanager: Improve AuthenticationRequest docs.
* (T355017) Add missing space in Special:RecentChangesLinked.
* (T355003) composer.json Add ext-bcmath and ext-gmp to suggests.
* PHPVersionCheck: Update text to match currently supported upstream PHP
versions (8.1+).
* (T354045) API: mark HTML output as non-cacheable.
* (T355530) filerepo: Fix img_major_mime for files with a non-standard
extensions.
* (T355530) MimeAnalyzer: Add @since to isValidMajorMimeType.
* (T317489, T319202) Mark some parserTests on talk pages Parsoid only on
REL1_39.
* (T350594) Update wikimedia/parsoid to 0.16.3.
* (T352554) ZhConverter: Fix language variant fallback chain.
* (T357668) Parser::getExternalLinkAttribs: Don't set rel attribute to null.
* LockManagerGroupIntegrationTest: Remove test depending on DBLockManager.
* (T357808) LinkRendererTest: Add missing import for LinkTarget.
* (T353305) ApiResetPassword: Allow both user and email parameters to be passed
for reset.
* (T358949) updateCollation: Explicitly cast $scale to int.
* (T359055) api: Improve linking of language codes lists in top level i18n
messages.
* (T359294) Make sure MovePage::isValidFileMove matches UploadBase::getTitle.
* (T230245) Respect $maxConcurrency when queuing async FileOps.
* (T352554) Follow-up "ZhConverter: Fix language variant fallback chain".
* (T292237, T317451) build: Restore Doxygen output for MediaWiki release tags.
* (T324903) HistoryPager: Add #[AllowDynamicProperties].
* (T360850) Update Apache config syntax in .htaccess files.
* (T309714, T354274) mime: Add support for 'font/woff' and 'font/woff2' mime
type.
* (T309714) mime: Make test cases use data provider.
* (T331608) installer: Bear with schema drift caused by running old updater.
* docs: Remove use of $IP from mwdocgen.php.
* (T317451) build: Restore Doxygen output for MediaWiki release tags (take 3).
* docs: Set stable permalink on markdown files.
* (T357019) allow maintenance/deleteBatch.php to accept page ID.
* (T355538, CVE-2024-34507) SECURITY: XSS in edit summary parser.
* (T357760, CVE-2024-34506) SECURITY: Denial of service vector via GET request
to Special:MovePage on pages with thousands of subpages.
== MediaWiki 1.39.6 ==
This is a security and maintenance release of the MediaWiki 1.39 branch.
=== Changes since MediaWiki 1.39.5 ===
* Localisation updates.
* Updated symfony/polyfill-php80 from 1.26.0 to 1.28.0.
* Updated symfony/polyfill-php81 from 1.26.0 to 1.28.0.
* (T344912) mail: Encode period (ascii 46) if it appears in encoded email
header.
* Added symfony/polyfill-php82.
* Added symfony/polyfill-php83.
* Updated symfony/yaml from 5.4.10 to 5.4.23.
* (T329609) ApiQueryLanguageinfoTest: Do not pass a float to setFakeTime.
* Updated wikimedia/timestamp from 4.0.0 to 4.1.1.
* tests: Provide coverage for StatusValue::__toString.
* StatusValue: Improve logging/debug output with multibyte characters.
* (T347726, CVE-2023-51704) SECURITY: logging: Fix non-escaped messages
used in rights log.
* Updated wikimedia/parsoid from 0.16.1 to 0.16.2.
* (T229992) LocalisationCache: Preserve fallback source language info.
* (T275085) Fix logging Status objects to 'authevents' channel.
* (T341310) DEVELOPERS.md: mention git clone and WSL.
* (T351758) DEVELOPERS.md: reword WSL instructions to include best practices.
* (T349115) LocalisationCache: Fix a rare case in fallback source language.
* SwiftFileBackend: Fix "PHP Deprecated: strlen(): Passing null to parameter #1
($string) of type string is deprecated".
* maintenance: Add missing parenthesis to SQL in attachLatest.php.
* (T353472) maintenance: Fix join condition in DeduplicateArchiveRevId.
== MediaWiki 1.39.5 ==
This is a security and maintenance release of the MediaWiki 1.39 branch.
=== Changes since MediaWiki 1.39.4 ===
* Localisation updates.
* (T333050, CVE-2023-45363) SECURITY: Fix infinite loop for self-redirects
with variants conversion.
* docs: Fix a few typos in MainConfigSchema.
* (T309714) mime: Add support for 'font/sfnt' mime type.
* (T341434) WikiImporter: Improve error message output.
* (T317255) VueComponentParser: Use Zest's getElementsByTagName() rather than
PHP's.
* (T341737) ApiBase: Cast $id to string in filterIDs.
* (T286291, T296188) Merge zh and zh-tw namespace translations back to zh-hans,
zh-hant, zh-hk respectively.
* (T337875) WRStats: Round up SequenceSpec::hardExpiry to the nearest integer.
* (T237898) installer: Check MariaDB version in updater/installer.
* (T342632) ApiComparePages: Add help url.
* (T326182, T324903) EditPage: Add #[AllowDynamicProperties].
* (T342351) rdbms: Fix postgres db function call.
* (T343675) user: Use {@} to escape annotation when writting about annotation.
* (T343797) LanguageWa: Fix double timezone adjustment.
* (T326454) Update pear/mail to 1.5.1.
* (T204470) Remove feedback messages from RawHtmlMessages.
* (T264765, CVE-2023-45364) SECURITY: Article: Check permissions before
showing link to view deleted revision.
* (T310378) Ensure that installer i18n is loaded by update.php.
* (T343622) docs: Set the <comment> tag back to optional.
* (T330528) Upgrade wikimedia/html-formatter from 3.0.1 to 4.0.3.
* (T337463) wdio-mediawiki: await saveScreenshot.
* (T274041) Include core PSR-4 classes in the generated classmap.
* (T208477) $wgPrivilegedGroups – Users belonging in some of the listed groups
will be audited more aggressively.
* doc: Improve description of "type" in extension.schema.v2.json.
* Added PrivilegedGroups attribute for extension.json / skin.json, which lets
you add any new user groups you define to wgPrivilegedGroups (see above).
* HTMLForm: Fix E_NOTICE when hide-if is used with setFormIdentifier.
* (T288624) MultiHttpClient: Unset $this->cmh after closing it.
* (T345039) Do not run SkinAfterBottomScripts hook twice unconditionally.
* (T265734) API Help: Note that parameters may be inherited from other context.
* API: Make continue parameter help description more specific.
* (T285545) i18n: Split apihelp for standard dir parameter.
* (T285545) i18n: Split apihelp for redirects/linkshere/transcludedin/fileusage
show.
* (T285545) i18n: Split apihelp for parameter list=deletedrevs&drprop=.
* (T285545) i18n: Split apihelp for parameter list=allpages&apprexpiry=.
* (T285545) i18n: Split apihelp for parameter action=opensearch&redirects=.
* (T285545) i18n: Split apihelp for parameter action=managetags&operation=.
* (T285545) api: Add message for list=watchlist&wlprop=expiry.
* (T334011) ApiComparePages: expose 'difftype' param if wikidiff2 is installed.
* (T342633) api: Add message for action=compare&prop=timestamp.
* API: revids=… does not necessarily return the queried revisions.
* (T326696) user: Truncate option value in UserOptionsManager.
* (T326696) ApiOptions: Give warning if the value is too long.
* API i18n: Add {{PLURAL:}} for byte count messages.
* (T235207) Get correct main page in API call examples.
* doc: Make extension.schema.v2.json a valid JSON schema.
* updateSpecialPages.php: Avoid implicit float conversion on modulo.
* (T347227) ImportReporter: Make callback functions public.
* (T346898) importDump: Unconditionally call $importer->setUsernamePrefix().
* doc: Improve description of type in extension.schema.v1.json.
* (T340217, CVE-2023-45359) SECURITY: Vector 2022: Numerous unescaped
messages leading to potential XSS.
* (T340220, CVE-2023-45361) SECURITY: Vector 2022: vector-intro-page
message is assumed to yield a valid title.
* (T340221, CVE-2023-45360) SECURITY: XSS via
'youhavenewmessagesmanyusers' and 'youhavenewmessages' messages.
* (T341529, CVE-2023-45362) SECURITY: diff-multi-sameuser
("X intermediate revisions by the same user not shown") ignores
username suppression.
* (T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted
XML file to Special:Upload (non-standard configuration).
== MediaWiki 1.39.4 ==
This is a security and maintenance release of the MediaWiki 1.39 branch.
=== Changes since MediaWiki 1.39.3 ===
* Localisation updates.
* (T333990) composer.json: Explicitly pin psr/http-message to 1.0.1.
* (T335203, CVE-2023-29197) SECURITY: Upgrading guzzlehttp/psr7
(2.4.0 => 2.4.5).
* (T333776) {{ACTIVEUSERS}} wasn't being updated without updateSpecialPages.php.
* (T258860) Prevent LogicCache exception from message cache during IO errors
from memcache.
* (T336868) Improve idempotency of postgres index upgrades.
* (T322944) Add Authorization to default $wgAllowedCorsHeaders.
* (T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter.
* A fake MessageLocalizer for use in unit tests.
* (T338114) Title: Add forward alias.
* composer: Add symfony/polyfill-php81 like symfony/polyfill-php80.
* (T330464) Work around argument corruption bug in XMLReader::open.
* Fix frame and frameless rdfa depending on file existing.
* Fixes for the phan upgrade, part 1.
* Fixes for the phan upgrade, part 2.
* (T298571) build: Update mediawiki/mediawiki-phan-config to 0.12.0.
* build: Updating mediawiki/mediawiki-phan-config to 0.12.1.
* (T329214) Pass whether current rev of file exists to
Linker::makeBrokenImageLinkObj.
* (T334659) Handle thumb errors when !$enableLegacyMediaDOM.
* A manualthumb that doesn't exist should be considered a thumb error.
* (T313157) IndexPager: Also protect against $offset being 0.
* (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker.
== MediaWiki 1.39.3 ==
This is a security and maintenance release of the MediaWiki 1.39 branch.
=== Changes since MediaWiki 1.39.2 ===
* Localisation updates.
* (T328477) LinksUpdate: Use DB key for category links table.
* GlobalFunctions: Remove check for MEDIAWIKI constant.
* (T329484) API: Fix query+allimages user parameter description.
* (T330529) SpecialEditTags: Set default of '' for wpReason.
* (T330382) postgres: Make the upgrade ignore dropping indexes that
might not exist.
* (T330526) htmlform: Handle null from HTMLFormField::getDefault in
multiselects.
* (T291753) rdbms: escape backslashes in makeConnectionString for PostgreSQL.
* (T325529) Fix total breakage of wgCanonicalServer fallback.
* (T318103) mediawiki.storage: Disable async GC during integration test.
* (T332461, T332397) TempFSFile: Keep the WeakMap alive.
* (T332902) page: fix InvalidArgumentException in SQLPlatform::makeList.
* (T285159, CVE-2023-29141) SECURITY: Do not apply autoblocks to untrusted
XFF headers.
== MediaWiki 1.39.2 ==
This is a maintenance release of the MediaWiki 1.39 branch.
=== Changes since MediaWiki 1.39.1 ===
* Localisation updates.
* (T325872) ChangeTags: Remove table name from condition.
* (T324895) MWCallbackStream: Add explicit $stream property.
* (T297031, T326039) PostgresUpdater: Move setDefault ahead of
changeNullableField.
* (T321319) Produce HTML for invalid JSON.
* (T215466, T326071) MigrateActors: Write to revision table (Follow-up 24115a8).
* (T223027) ReservedUsernames config: Add reserved names from maintenance
scripts.
* (T325000, T324896, T307631) Updated OOUI from v0.44.3 to v0.44.5.
* Remove /images .htaccess rules that are no longer relevant.
* Disable php in .htaccess of images directory as a hardening measure.
* (T322583) Include missing message parameter in message.
* LocalFileTest: use encodeBlob/decodeBlob for img_metadata.
* DatabaseSqlite: fix null blobs.
* rdbms: avoid pg_escape_bytea() call-style deprecation notices.
* (T322278) Improve LocalisationCache post-merge validation check.
* (T324408, T326367) Updated wikimedia/remex-html from 3.0.2 to 3.0.3.
* (T322278) Fix the remaining Phan failures on PHP 8.1.
* (T322278, T326367) Respond to some messages from Phan on PHP 8.1.
* Fix phan error when Excimer is enabled.
* (T326021) Add matrix: to $wgUrlProtocols.
* (T314099) stream wrapper: Declare $context class property.
* (T314099) libs\jsminplus: Declare JSNode::$expression.
* (T314096) composer.json: Updated composer/spdx-licenses from 1.5.6 to 1.5.7.
* (T326472) Upgrading cssjanus/cssjanus (v2.1.0 => v2.1.1).
* (T308536) rdbms: Remove deprecation mark for $wgSharedDB.
* (T215466, T326071) installer: Split drop action out of the SQL patch for actor
migration.
* (T322603) SqliteMaintenance.php: Fix fatally broken instanceof check.
* (T326377) rdbms: Use DBConnRef in SelectQueryBuilder.
* api/en.json: api-help-datatype-expiry add missing 'may'.
* (T317329) OutputPage: Fix undefined ['host'] in ImagePreconnect code.
* (T328222) Pass empty string to strlen() if schema is null for
PostgresDatabase.
* (T289926) SpecialRevisionDelete: Set default of '' for wpReason.
* (T155582, T328503) Fix XML dumps for content types with non-string
getNativeData().
* (T326886) PoolCounterRedis: Fix wrong cast, locks weren't being released.
* (T314099) revisiondelete: Replace dynamic property Status::$itemStatuses
* (T327821) skin: Restore default 'value' attribute in makeSearchButton().
* (T329198) ParamValidator: Improve paramvalidator-help-multi-max message.
* (T329415) Clear the statsd data buffer regardless of StatsdServer config.
* (T292348) WikiImporter: do not fail if upload entry in dump lacks 'text' tag.
* (T330049) UnregisteredLocalFile: Don't call MimeAnalyzer if no path.
* (T324894 TempFSFile: Use a WeakMap for reference tracking if available.
* (T295637) Add no to fallback chain of nb and nn.
== MediaWiki 1.39.1 ==
This is a security and maintenance release of the MediaWiki 1.39 branch.
=== Changes since MediaWiki 1.39.0 ===
* Localisation updates.
* PostgresUpdater: Remove trailing space from 'user_id ' column.
* (T304515) LCStoreStaticArray: atomically replace the cache file.
* (T324516) postgres: Fix upgrade for templatelinks primary key.
* (T324890, T324891, T324901) Parser: Allow dynamic properties on PHP 8.2.
* (T324513) uuid\GlobalIdGenerator: Check if getmyuid() exists.
* (T314099) OutputPage: Remove unused dynamic property ParserOptions->isBogus.
* (T314099) api: Remove use of undeclared property in action=comparepages.
* Upgrading wikimedia/xmp-reader (0.8.5 => 0.8.6).
* (T324489) Upgrading wikimedia/parsoid (v0.16.0 => v0.16.1).
* Updated pear/mail (v1.4.1 => v1.5.0).
* Removed wikimedia/dodo (v0.4.0).
* (T324910) On pages using multi-content revisions, the raw content of a
specific slot can be retrieved using the action=raw&slot=<role-name> query
parameters.
* (T322637) SECURITY: sqlite should not create DB file world-readable.
== MediaWiki 1.39.0 ==
=== Changes since MediaWiki 1.39.0-rc.1 ===
* Localisation updates.
* exception: Tolerate no service container when trying DB rollback.
* (T320282) Upgrading wikimedia/xmp-reader (0.8.3 => 0.8.4).
* objectcache: Deprecate WANObjectCache::reap() and ::reapCheckKey().
* (T320864) When calling mail(), use an array for headers.
* Upgrading wikimedia/xmp-reader (0.8.4 => 0.8.5).
* (T321154) Call setFormIdentifier() on LogEventsList form.
* When importing revision with same timestamp as latest revision, treat
it as the new latest.
* (T320726) RandomImageGenerator::getImageSpec: Don't pass a float to mt_rand(),
for PHP 8.1.
* (T298485, T322360) WikiExporter: Avoid calling reload in processing every row.
* (T321551) pager: Fix null used for foreach in Pager::getNavigationBar.
* (T321551) pager: Remove unused AlphabeticPager::getOrderTypeMessages()
support.
* pager: Remove unused PagerNavigationBuilder::setExtra().
* PagerNavigationBuilder: Document that nulls in setLinkQuery() etc. are
allowed.
* (T322335) ApiQueryRevisionsBase: Fix 'rvdiffto' parameter handling on PHP 8.0.
* (T314096) TestFileEditor: Fix string interpolation.
* (T289926) api: Fix minor PHP 8.1 incompatibility in ApiOptions.
* (T322803) SpecialBotPasswords: Don't pass null to trim().
* (T289926) Fix incomplete ITextFormatter mocks.
* Language: Handle ronna and quetta.
* (T72510) rdbms: make SqlitePlatform::tableName() apply double quotes.
* (T323373) Parser: Fix extractSections() behavior for PHP >= 8.0.
* .gitattributes: Ship docker-compose.yml to the tarball.
== MediaWiki 1.39.0-rc.1 ==
=== Changes since MediaWiki 1.39.0-rc.0 ===
* Localisation updates.
* (T318481) composer: Drop symfony/php73-polyfill.
* (T318460) SpecialChangeEmail: Set default for returntoquery.
* (T318307) HTMLFormField::validate(): Update docs to permit all data types
* (T306802) docker: update to latest published images.
* (T318754) WebInstallerOptions::addPersonalizationOptions(): Close fieldset.
* (T227047) Soft-deprecate the remainder of ActorMigration.
* (T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results
in an IP range check on Special:Contributions.
* (T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence
of hidden users.
* (T307278, CVE-2022-41766) SECURITY: On action=rollback the message
"alreadyrolled" can leak revision deleted user name.
* (T319186) .phan/config.php: Update minimum_target_php_version.
* Tests: Explicit cast to int in RandomImageGenerator test (php8 warnings).
* (T319186) .phan/config.php: Update minimum_target_php_version.
* (T310243) Deprecate use of 'wvui-search' package.
* utils: Fix return doc about false/null for UrlUtils::expand.
* (T319000) WebInstaller: Don't try and run trim() on null.
* In the event of preg failure in MagicWordArray throw exception.
* (T318753) Installer: Disable logo dropper for now.
== MediaWiki 1.39.0-rc.0 ==
== Upgrading notes for 1.39 ==
Don't forget to always back up your database before upgrading!
See the file UPGRADE for more detailed per-version upgrade instructions from the
oldest supported upgrading version, MediaWiki 1.31.
Some specific notes for MediaWiki 1.39 upgrades are below:
* (T278139) Drop PHP 7.3 support in MediaWiki 1.39; require 7.4.3 or higher.
For notes on 1.38.x and older releases, see HISTORY.
=== Configuration changes for system administrators in 1.39 ===
==== New configuration ====
* $wgAutoCreateTempUser – This configures automatic user creation on page save.
* $wgCopyUploadAllowOnWikiDomainConfig – This configures if administrators can
use the MediaWiki:Copyupload-allowed-domains system message to define which
domains can be used with the upload-by-url tool.
* $wgCdnMatchParameterOrder – This can be set to false if MediaWiki is behind a
CDN that re-orders query parameters. This will make the code that matches
request URLs to canonical CDN URLs insensitive to parameter order.
* $wgMultiShardSiteStats – This allows you to split site_stats across multiple
rows. Only useful for very large, heavily edited wikis. (T306589)
* $wgPrivilegedGroups – Users belonging in some of the listed groups will be
audited more aggressively.
==== Changed configuration ====
* $wgInvalidUsernameCharacters – This setting now contains the char '>', which
is now the reserved delimiter for external user names.
* $wgLocalFileRepo – The default serialization method for file meta-data has
been changed to JSON. You can revert it to PHP by setting the property
'useJsonMetadata' to false.
* $wgLBFactoryConf – The 'configCallback' flag can now be set to a callback
function that returns an array with keys to update in $wgLBFactoryConf. This
can be used to update the database configuration on the fly, e.g. to take
replica hosts out of rotation.
* $wgDBservers and $wgLBFactoryConf – The DBO_SSL flag in has been deprecated in
favour of a boolean "ssl" parameter.
* $wgObjectCaches – The 'globalKeyLB' and 'localKeyLB' flags are no longer
supported.
==== Removed configuration ====
* $wgMultiContentRevisionSchemaMigrationStage - This transition flag, deprecated
since MediaWiki 1.35, has been removed; the data migration is over.
* $wgActorTableSchemaMigrationStage - This transition flag has been removed; the
data migration is over.
* $wgWikiFarmSiteDetector – This experimental setting has been removed without
replacement. Use the MW_WIKI_NAME environment variable to specifiy the name of
the site for which to load configuration. Using the WIKI_NAME environment
variable for this purpose is deprecated.
* $wgParserCacheUseJson - The ParserCache now always uses JSON serialization.
Reading old non-JSON cache entries is still supported. The setting had been
deprecated since 1.36.
* $wgAllowJavaUploads - To allow uploads of JAR files, remove application/java
from $wgMimeTypeExclusions.
* $wgMaxRedirects – This broken feature was removed, as it never worked as
intended (T296430).
* $wgElementTiming – This experimental, default-disabled feature has been
removed without replacement.
* $wgPriorityHints and $wgPriorityHintsRatio – The related experimental feature
has been removed without replacement.
* $wgIncludeLegacyJavaScript – This flag has been removed, without loss of any
functionality in this release. Most former "wikibits" functions were removed
after deprecation in previous releases. The remaining functions, such as
importScript, are now available unconditionally.
* $wgLegacySchemaConversion - This unused setting has been removed.
* $wgInterwikiPrefixDisplayTypes - This unused setting has been removed.
* $wgMangleFlashPolicy – This is no longer functional, and is now deprecated.
Users who are somehow still using Flash as a browser extension will be exposed
to CSRF vulnerabilities.
=== New user-facing features in 1.39 ===
* Optional automatic user creation on page save ($wgAutoCreateTempUser)
* Administrators now have the option to delete/undelete the associated "Talk"
page when they are (un)deleting a given page. `deletetalk` and `undeletetalk`
options were added to the 'delete' and 'undelete' action APIs in MW 1.38.
* `{{=}}` is now a wikitext built-in magic word, expanding to `=`. This is
conventionally used as an escape mechanism to allow the use of `=` in
unnamed template arguments. Defining [[Template:=]] to expand to something
other than `=` has been deprecated since 1.36, with affected pages put into
a special tracking category for migration.
* (T284020) Bot passwords are now supported when using the REST API.
=== New developer features in 1.39 ===
* Added optional $size param to SearchResultProvideThumbnail hook.
* SearchResultProvideThumbnail hook interface moved from MediaWiki\Rest\Hook
namespace to MediaWiki\Search\Hook.
* JsonValidateSaveHook has been added to allow extensions to set additional
pre-save validations for specific JSON pages (T313254)
* Added 'PermissionErrorAudit' hook, enabling extensions to audit permission
errors on specfic actions. For instance account registration failed attempts
due to a block (T306018).
=== External library changes in 1.39 ===
==== New external libraries ====
* Added Codex v0.1.1. This replaces the now deprecated wvui library.
* Added symfony/polyfill-php81.
* Added symfony/polyfill-php82.
* Added symfony/polyfill-php83.
===== New development-only external libraries =====
* Updated QUnit from 2.18.0 to 2.18.2.
==== Changed external libraries ====
* Updated jQuery from v3.6.0 to v3.6.1.
* Updated OOUI from v0.43.2 to v0.44.5.
* Updated composer/semver from 3.2.6 to 3.3.2.
* Updated cssjanus/cssjanus fromv2.1.0 to v2.1.1.
* Updated pear/mail from v1.4.1 to v1.5.1.
* Updated symfony/polyfill-php80 from 1.25.0 to 1.28.0.
* Updated symfony/yaml from 5.4.3 to 5.4.23.
* Updated vue/compat from 3.2.23 to 3.2.37.
* Updated wikimedia/base-convert from 2.0.1 to 2.0.2.
* Updated wikimedia/html-formatter from 3.0.1 to 4.0.3.
* Updated wikimedia/ip-set from 3.0.0 to 3.1.0.
* Updated wikimedia/minify from 2.2.6 to 2.3.0.
* Updated wikimedia/php-session-serializer from 2.0.0 to 2.0.1.
* Updated wikimedia/remex-html from 3.0.2 to 3.0.3.
* Updated wikimedia/running-stat from 1.2.1 to 2.1.0.
* Updated wikimedia/scoped-callback from 3.0.0 to 4.0.0.
* Updated wikimedia/services from 2.0.1 to 3.0.0.
* Updated wikimedia/timestamp from 3.0.0 to 4.1.1.
* Updated wikimedia/xmp-reader from 0.8.1 to 0.8.6.
===== Changed development-only external libraries =====
* Updated composer/spdx-licenses from 1.5.5 to 1.5.7.
* Updated doctrine/dbal for PHP < 7.3 from 2.13.6 to 2.13.9.
* Updated doctrine/dbal for PHP >= 7.3 from 3.1.5 to 3.4.2.
* Updated mediawiki/mediawiki-phan-config from 0.11.1 to 0.12.1.
==== Removed external libraries ====
* Removed wikimedia/dodo (v0.4.0).
=== Bug fixes in 1.39 ===
* (T314013) $wgExtraNamespaces no longer overrides canonical namespace names
specified in extension.json files. While this setting can still be used to
rename extension-defined namespaces, system administrators may need to run
namespaceDupes.php after upgrading.
=== Action API changes in 1.39 ===
* New `undeletetalk` parameter on action=undelete that allows you to restore
all revisions of the associated talk page.
=== Languages updated in 1.39 ===
MediaWiki supports over 350 languages. Many localisations are updated regularly.
Below only new and removed languages are listed, as well as changes to languages
because of Phabricator reports.
* Actual localization was added for several languages, which were already
in Names.php and even used for a Wikipedia:
** (T313200) Added language support for Rundi (Kirundi, rn).
** (T310976) Added language support for Tumbuka (ChiTumbuka, tum).
** (T314270) Added language support for Kanuri (kr).
* (T313199) Added language support for Sylheti (syl).
* (T311975) Added language support for Ghanaian Pidgin (gpe).
* (T307080) Added language support for Okinawan (ryu).
* (T307887) Added language support for Mooré (mos).
* (T308813) Added language support for Nigerian Pidgin (pcm).
* (T309763) Added language support for Tai Nüa (tdd).
* (T310040) Added language support for Fante (fat).
* (T311034) Added language support for Campidanese Sardinian (sro).
* (T315406) Fix the autonym of the Iñupiaq language to "Iñupiatun".
* (T315677) Removed French fallback from the Fula language (ff).
* (T304920) In Swahili, The "Media" namespace is now "Media", as in English,
and the "File" namespace is now "Faili". The old name of the "File" namespace
was "Picha", and it's kept for backwards compatibility. If you manage a wiki
in Swahili, and you use "Faili:" as a namespace anywhere in wikitext, and
you mean to use it as "Media:", these need to be replaced to "Media:".
* (T309866) Some namespace translations were updated for Kyrgyz (ky). The old
ones are retained as aliases for backwards compatibility.
* (T117845) Started the renaming of the language codes for Serbian from sr-ec
and sr-el to sr-cyrl and sr-latn.
* (T295637) Add no to fallback chain of nb and nn.
=== Breaking changes in 1.39 ===
* Basic non-JavaScript (Grade C) support has been dropped for Internet Explorer
9-10, Firefox 27-38, and Android 4.3-4.4.
* The following methods, deprecated since 1.37, have been removed from IDatabase
- ::fetchObject()
- ::fetchRow()
- ::numRows()
- ::freeResult()
* Title::getDefaultNamespace(), deprecated since 1.37, has been removed.
* The DBPrimaryPos class alias 'DBMasterPos' has been removed.
* The global function wfGetLB(), deprecated since 1.27, has been removed.
* Passing a db to BlockRestrictionStore::loadByBlockId() is no longer supported.
BlockRestrictionStoreFactory should be used to fetch a correct
BlockRestrictionStore instead. This was deprecated since 1.38.
* The global function wfGetCache(), deprecated since 1.32, has been removed. You
can use ObjectCache::getInstance() instead.
* The global function wfGetMainCache(), deprecated since 1.32, has been removed.
You can use ObjectCache::getLocalClusterInstance() instead.
* MovePage::__construct() now requires that all parameters be passed. The
fallback to MediaWikiServices emitted deprecation notices since 1.37.
* WikiPage::doEditContent(), deprecated since 1.32, was removed.
* WikiPage::prepareContentForEdit() now requires a UserIdentity parameter to be
provided. Not providing one has been deprecated since 1.37.
* EventRelayerKafka, deprecated in 1.38, was removed.
* MediaWiki\Logger\Monolog\KafkaHandler, deprecated in 1.38, was removed.
* The "trace" option of SectionProfiler, deprecated in 1.38, was removed.
* The global function wfWikiID(), deprecated since 1.35, has been removed.
* Database::wasKnownStatementRollbackError() was removed. Subclasses should
override isKnownStatementRollbackError() instead.
* Database::wasQueryTimeoutError() was removed. Subclasses should
override isQueryTimeoutError() instead.
* Database::buildSuperlative() has been removed without deprecation.
* The following methods, deprecated in 1.37, have been removed:
- Linker::setStubThreshold(), ::getStubThreshold().
- LinkRendererFactory::createForUser().
- ParserOptions::getStubThreshold(), ::setStubThreshold().
* Changes to ResourceLoader modules:
- The mediawiki.viewport module, deprecated in 1.37 has been
removed. Use IntersectionObserver instead.
* If you manage a wiki in Swahili, and you use "Faili:" as a namespace anywhere,
and you mean to use it as "Media:", replace it with "Media:". See T304920.
* Changes to skins:
- Skin::getCopyrightIcon(), ::getPoweredBy(), deprecated in 1.37 have been
removed.
- Skin::bottomScripts, deprecated in 1.37, now emits deprecation notices.
Skins using SkinTemplate must set bodyOnly as a skin option and
remove lines of code generating html, body and head elements.
- Skin::makeSearchButton and Skin::makeSearchInput were deprecated in 1.38.
Use SkinTemplate methods with the same name or Skin::getTemplateData
instead.
- Styles for the HTML classes `warningbox`, `errorbox` and `successbox` have
been removed in favor of Html class methods.
- The feature `legacy` used inside ResourceLoaderSkinModule,
deprecated in 1.37, will no longer ship any styles.
- Skin::getSkinStylePath, deprecated since 1.36, has been removed.
- Skin::getPortletData has been made private.
- SkinTemplate::getPersonalToolsList(), deprecated in 1.35 has been
removed.
- The following SkinTemplate template data, deprecated in 1.37,
have been removed:
- poweredbyico
- copyrightico
- The following hooks, deprecated in 1.37, have been removed:
- SkinGetPoweredBy: SkinGetPoweredByHook
- The following hooks are deprecated and replaced with
SkinTemplateNavigation::Universal:
- SkinTemplateNavigation::SpecialPage
- SkinTemplateNavigation
- PersonalUrls
- The mediawiki.skinning.content.externallinks module, which was
deprecated in 1.36 has been removed. Skins that still rely on it
will lose the icon styling of external links by type.
* Experimental wiki farm support: Automatic detection of the requested site
within a wiki farm based on the requested domain has been removed.
Use the MW_WIKI_NAME environment variable to specify the name of the site
to load configuration for. Using the WIKI_NAME environment variable for this
purpose is deprecated. This is only relevant if you have been using
$wgWikiFarmSettingsDirectory to load wiki farm config.
* MWExceptionHandler::installHandler was marked @internal and had required
arguments added. This method is intended for use in bootstrap code and is
unused in known extensions.
* MWException::useOutputPage was made private without deprecation.
This method was apparently only public for testing and is unused in known
extensions.
* Calling getId() on a User or UserIdentityValue from the wrong wiki, deprecated
since 1.36, now throws an exception.
* The following methods have been removed from ExtensionRegistry without
deprecation and without replacement. They had been introduced in 1.35 for use
in the testing framework, and were not in use by any known extension:
- exportAutoloadClassesAndNamespaces
- exportTestAutoloadClassesAndNamespaces
* The MWNamespace class, deprecated since 1.34, has been removed. Use the
NamespaceInfo service instead.
* The UnknownContent and UnknownContentHandler class aliases have been removed,
use FallbackContent and FallbackContentHandler instead.
* IResultWrapper::next() now returns void, to match the Iterator interface that
it implements. fetchObject() has the same behavior as next() used to.
* In HTMLForm HTMLAutoCompleteSelectFields, the parameters 'autocomplete' and
'autocomplete-messages', which were deprecated in MediaWiki 1.29, were
removed. Instead, use 'autocomplete-data' and 'autocomplete-data-messages'.
* The global $wgParser, deprecated in 1.32, was removed. Use
MediaWikiServices::getInstance()->getParser() instead.
* ParserOutput::setText will now set the ParserOutput's text to null if
given null. Previously it did nothing if given null.
* The default value for the first argument to the ParserOutput constructor
is now null instead of ''.
* IDatabase::lockTables() and IDatabase::unlockTables(), deprecated since 1.38,
have been removed.
* The $context parameter to `new HTMLForm( … )` and `HTMLForm::factory( … )`
is now required.
* The class alias for revision related classes in namespace MediaWiki\Storage
has been removed. Classes are IncompleteRevisionException,
MutableRevisionRecord, MutableRevisionSlots, RevisionAccessException,
RevisionArchiveRecord, RevisionFactory, RevisionLookup, RevisionRecord,
RevisionSlots, RevisionStore, RevisionStoreRecord, SlotRecord, and
SuppressedDataException.
* Calling getBy() on an AbstractBlock from the wrong wiki, deprecated since
1.38, now throws an exception.
* Passing a MediaWiki\Linker\LinkTarget to EditPage::makeTemplatesOnThisPageList
or TemplatesOnThisPageFormatter::format is no longer supported,
a MediaWiki\Page\PageIdentity is required.
* The deprecated class alias FakeConverter has been removed, use
TrivialLanguageConverter instead.
* The deprecated ApiQueryContributions class alias has been removed, use
ApiQueryUserContribs instead.
* The deprecated MediaWiki\Special\SpecialPageFactory class alias has been
removed, use MediaWiki\SpecialPage\SpecialPageFactory instead.
* The following skin modules, deprecated in 1.37, have been removed:
- mediawiki.skinning.elements
- mediawiki.skinning.content
- mediawiki.toc.styles
- mediawiki.legacy.config
- mediawiki.legacy.shared
- mediawiki.legacy.commonPrint
* FileModule::compileLessFile(), deprecated since 1.35, has been removed. Use
::compileLessString() instead.
* LogFormatter::styleRestricedElement(), deprecated since 1.37, has been
removed. Use ::styleRestrictedElement() instead.
* Title::isNamespaceProtected(), deprecated in 1.34, has been removed.
* ApiStashEdit::parseAndStash(), deprecated in 1.34, has been removed.
* LinkCache::forUpdate(), deprecated in 1.34, has been removed.
* Passing null instead of a NamespaceInfo instance to LinkCache::__construct()
is not supported anymore. It is recommended to request an instance from the
service container.
* ApiQueryBase::showHiddenUsersAddBlockInfo(), deprecated in 1.34, has been
removed. Use ApiQueryBlockInfoTrait instead.
* ApiQueryBase::prefixedTitlePartToKey(), deprecated in 1.35, has been removed.
Use ::parsePrefixedTitlePart() instead.
* ExternalStoreDB::getSlave(), deprecated in 1.34, has been removed. Use
ExternalStoreDB::getReplica() instead.
* ChangesListSpecialPage::checkStructuredFilterUiEnabled() and
SpecialWatchlist::checkStructuredFilterUiEnabled() now support UserIdentity
as the only argument. Passing Config argument was deprecated in 1.34.
* DatabaseUpdater::ifNoActorTable(), deprecated in 1.35, has been removed. Use
::ifTableNotExists() instead.
* MediaWiki\Revision\RevisionStoreFactory::getRevisionStore was documented
to allow passing bool true as a dbDomain, this is no longer possible,
because that is an invalid value for a dbDomain.
* LinkHolderArray::__construct() had its signature changed. The class was marked
internal in 1.35.
* SpecialMute::isTargetBlacklisted(), deprecated in 1.35, has been removed. Use
::isTargetMuted() instead.
* WebRequest::checkUrlExtension(), deprecated in 1.35, has been removed.
* ContentHandler::cleanupHandlersCache(), deprecated in 1.35, has been removed.
* SpecialVersion::getExtAuthorsFileName, deprecated in 1.35, has been removed.
Use MediaWiki\ExtensionInfo::getAuthorsFileName.
* SpecialVersion::getExtLicenseFileName, deprecated in 1.35, has been removed.
Use MediaWiki\ExtensionInfo::getLicenseFileNames.
* CategoryPage::getCategoryViewerClass and ::setCategoryViewerClass, deprecated
in 1.35, have been removed.
* SqlBlobStore::getLegacyEncodingConversionLang(), deprecated in 1.34, has been
removed.
* wfCanIPUseHTTPS(), deprecated in 1.37, has been removed.
* wfGetScriptUrl(), deprecated in 1.35, has been removed.
* The following methods of Database class, are no longer stable to override:
- ::implicitOrderby()
- ::selectSQLText()
- ::bitNot()
- ::bitAnd()
- ::bitOr()
- ::buildConcat()
- ::buildGreatest()
- ::buildLeast()
- ::buildSubstring()
- ::buildStringCast()
- ::buildIntegerCast()
- ::tableName()
- ::addIdentifierQuotes()
- ::buildLike()
- ::limitResult()
- ::unionSupportsOrderAndLimit()
- ::unionQueries()
- ::conditional()
- ::strreplace()
- ::timestamp()
- ::getInfinity()
- ::setTableAliases()
- ::setIndexAliases()
- ::buildGroupConcatField()
* SpecialUnblock::processUnblock(), deprecated in 1.36, has been removed. Use
UnblockUser instead.
* wfLocalFile() and wfFindFile(), deprecated in 1.34, have been removed.
* Maintenance script resetUserTokens.php, deprecated in 1.27, has been removed.
* These methods in Database have been removed without deprecation as they are
not used outside core. Users should override corresponding methods in
SQLPlatform instead:
- Database::doInsert -> SQLPlatform::insertSqlText
- Database::doDropTable -> SQLPlatform::dropTableSqlText
- Database::doRollback -> SQLPlatform::rollbackSqlText
- Database::doSavepoint -> SQLPlatform::savepointSqlText
- Database::doReleaseSavepoint -> SQLPlatform::releaseSavepointSqlText
- Database::doRollbackToSavepoint -> SQLPlatform::rollbackToSavepointSqlText
* The following protected methods of Database class have been removed without
deprecation as they are not used outside core. Users should call
corresponding methods in SQLPlatform:
- Database::makeInsertLists -> SQLPlatform::makeInsertLists
- Database::isFlagInOptions -> SQLPlatform::isFlagInOptions
- Database::normalizeOptions -> SQLPlatform::normalizeOptions
- Database::fieldNameWithAlias -> SQLPlatform::fieldNameWithAlias
- Database::isTransactableQuery -> SQLPlatform::isTransactableQuery
* $wgCanonicalNamespaceNames no longer includes custom namespaces defined using
$wgExtraNamespaces. Extensions should use the NamespaceInfo service instead
of accessing this configuration setting directly.
* The following hook, deprecated in 1.35, has been removed:
- ParserGetVariableValueVarCache: ParserGetVariableValueVarCacheHook
* The $variableCache parameter to the ParserGetVariableValueSwitch hook is
no longer used; non-standard use of this parameter has been deprecated since
1.35.
* These methods have been moved from IDatabase to IMaintainableDatabase:
- IDatabase::fieldExists -> IMaintainableDatabase::fieldExists
- IDatabase::indexExists -> IMaintainableDatabase::indexExists
- IDatabase::tableExists -> IMaintainableDatabase::tableExists
* DBConnRef doesn't accept live connection in constructor anymore.
Only parameters for getting connection should be provided.
* IDatabase::getTopologyRootPrimary() was removed.
* User::blockedBy(), deprecated since 1.38, has been removed.
* User::getBlockId(), deprecated since 1.38, has been removed.
* AlphabeticPager::getOrderTypeMessages(), unused since 1.13, has been removed
without deprecation.
=== Deprecations in 1.39 ===
* PageProps::getInstance(), deprecated since 1.38, emits deprecations warnings.
* The global function wfGetDB() has been deprecated. Use
LoadBalancer::getConnection() instead.
* SpecialRedirectWithAction::__construct without SearchEngineFactory argument
will now emit a deprecation notice.
* Use of the SiteStatsUpdate constructor has been deprecated in favor of
the ::factory() method.
* AuthManager::checkAccountCreatePermissions has been deprecated. Use
AuthManager::authorizeCreateAccount or AuthManager::probablyCanCreateAccount
instead.
* Title::getSelectFields() has been deprecated in favor of
PageStore::newSelectQueryBuilder()
* Title::newFromTitleValue(), deprecated since in 1.34, now emits deprecation
warnings. Use ::newFromLinkTarget() instead.
* ExtensionRegistry::readFromQueue() has been marked @internal. Extensions
should use ExtensionProcessor instead.
* Processor::getExtraAutoloaderPaths() and
ExtensionProcessor::getExtraAutoloaderPaths() have been deprecated, use get
getExtractedAutoloadInfo() instead.
* The following global functions are deprecated in favor of the listed UrlUtils
methods.
- wfExpandUrl -> UrlUtils::expand
- wfGetServerUrl -> UrlUtils::getServer
- wfAssembleUrl -> UrlUtils::assemble
- wfRemoveDotSegments -> UrlUtils::removeDotSegments
- wfUrlProtocols -> UrlUtils::validProtocols
- wfUrlProtocolsWithoutProtRel -> UrlUtils::validAbsoluteProtocols
- wfParseUrl -> UrlUtils::parse
- wfExpandIRI -> UrlUtils::expandIRI
- wfMatchesDomainList -> UrlUtils::matchesDomainList
These methods are exact replacements except that
1) they return null instead of false or empty string on error (where
applicable);
2) UrlUtils::validProtocols does not take a parameter (documentation said not
to pass one to wfUrlProtocols anyway);
3) they use type hints (don't try passing null instead of string, etc.).
* MaintainableDBConnRef is deprecated, use DBConnRef instead.
* Loading DefaultSettings.php is deprecated. To get default values of main
config settings, use MainConfigSchema::listDefaultValues() or
MainConfigSchema::getDefaultValue().
* AbstractContent::getRedirectChain() and
AbstractContent::getUltimateRedirectTarget() are now emitting deprecation
warnings (T296430).
* (T244138) QueryPage::getSQL() is deprecated. Instead QueryPage::getQueryInfo()
should be overridden.
* Calling new JobRunner() directly without $serviceOptions now emits
deprecation warnings. Use MediaWikiServices::getInstance()->getJobRunner()
instead.
* Passing an array of targets to Article::getRedirectHeaderHtml() is
deprecated. Supply a single redirect target instead (T296430).
* The following Less mediawiki.mixins have been deprecated:
- .animation()
- .animation-delay()
- .transform-rotate()
* Skin::getAction is deprecated. Use IContextSource::getActionName instead.
* User::getOption, deprecated since 1.35, now emits deprecation warnings.
Use UserOptionsLookup::getOption instead.
* ILBFactory::forEachLB() is deprecated. Use ::getAllLBs().
* LoadBalancer::forEachOpenConnection() and ::forEachOpenPrimaryConnection()
are deprecated without replacement.
* The following classes were moved from the root namespace to the
MediaWiki\ResourceLoader namespace, the old names becoming deprecated aliases:
ResourceLoader, MessageBlobStore, VueComponentParser.
* The following classes had the "ResourceLoader" prefix stripped while being
moved to the MediaWiki\ResourceLoader namespace, the old names becoming
deprecated aliases: DerivativeResourceLoaderContext,
ResourceLoaderCircularDependencyError, ResourceLoaderClientHtml,
ResourceLoaderCodexModule, ResourceLoaderContext, ResourceLoaderFileModule,
ResourceLoaderFilePath, ResourceLoaderForeignApiModule, ResourceLoaderImage,
ResourceLoaderImageModule, ResourceLoaderLanguageDataModule,
ResourceLoaderLessVarFileModule, ResourceLoaderModule,
ResourceLoaderMwUrlModule, ResourceLoaderOOUIFileModule,
ResourceLoaderOOUIIconPackModule, ResourceLoaderOOUIImageModule,
ResourceLoaderOOUIModule, ResourceLoaderSiteModule,
ResourceLoaderSiteStylesModule, ResourceLoaderSkinModule,
ResourceLoaderStartUpModule, ResourceLoaderUserModule,
ResourceLoaderUserOptionsModule, ResourceLoaderUserStylesModule,
ResourceLoaderWikiModule.
* WANObjectCache::reap() and WANObjectCache::reapCheckKey() have been
deprecated without replacement.
* The following methods in WikiRevision and their interfaces
ImportableUploadRevision and ImportableOldRevision are deprecated:
- ::getUserObj() → ::getUser()
- ::setUserObj() → ::setUsername()
- ::setUserIP() → ::setUsername()
* ObjectCache::addBusyCallback() is deprecated and non-functional.
* MWTimestamp::getHumanTimestamp(), deprecated in 1.26, now emits deprecation
warnings.
* Article::viewRedirect(), deprecated in 1.30, now emits deprecation warnings.
* Parser::getFreshParser() is deprecated, use ParserFactory::getInstance().
* CoreParserFunctions::mwnamespace() is deprecated and emits deprecation
warnings, use CoreParserFunctions::namespace() instead.
* Registering magic variables whose names include a colon is deprecated.
* User::blockedFor(), deprecated in 1.35, now emits deprecation warnings.
* Access to previously public properties AbstractBlock::$mExpiry,
AbstractBlock::$mHideName, AbstractBlock::$mTimestamp, DatabaseBlock::$mAuto,
and DatabaseBlock::$mParentBlockId, deprecated in 1.34, now emits deprecation
warnings.
* Access to previously public properties User::$mBlock, User::$mBlockedby, and
User::$mHideName, deprecated in 1.35, now emits deprecation warnings.
* JobQueueGroup::singleton() and ::destroySingletons(), deprecated in 1.37, now
emit deprecation warnings.
* Title::getNotificationTimestamp(), deprecated in 1.35, now emits deprecation
warnings.
* Global functions wfReadOnly and wfReadOnlyReason, deprecated in 1.38, now
emit deprecation warnings.
* Overriding or calling DifferenceEngine::getDiffBodyCacheKey(), deprecated in
1.31, now emits deprecation warnings.
* Access to previously public property WikiRevision::$fileIsTemp, deprecated in
1.29, now emits deprecation warnings.
* wfQueriesMustScale() has been deprecated and emits deprecation warnings.
* ContextSource::getStats(), RequestContext::getStats(), and
DerivativeContext::getStats(), deprecated in 1.27, now emit deprecation
warnings.
* ManualLogEntry::setTags(), deprecated in 1.33, now emits deprecation warnings.
* WikiRevision::downloadSource(), deprecated in 1.31, now emits deprecation
warnings.
* DifferenceEngine::textDiff(), deprecated in 1.32, now emits deprecation
warnings.
* FormatMetadata::flattenArrayContentLang(), deprecated in 1.36, now emits
deprecation warnings.
* SkinTemplate::getNameSpaceKey(), deprecated in 1.35, now emits deprecation
warnings.
* EnqueueJob::newFromJobsByWiki(), deprecated in 1.33, now emits deprecation
warnings.
* The following methods of the MWGrants class, all deprecated since 1.38,
are now emitting deprecation warnings:
- getValidGrants
- getRightsByGrant
- grantName
- grantNames
- getGrantRights
- grantsAreValid
- getGrantGroups
- getHiddenGrants
- getGrantsLink
- getGrantsWikiText
* DataUpdate::runUpdates(), deprecated in 1.28, now emits deprecation warnings.
* CdnCacheUpdate::newFromTitles(), deprecated in 1.35, now emits deprecation
warnings.
* Instantiating HTMLCacheUpdate class, deprecated in 1.34, now emits deprecation
warnings.
* ISQLPlatform::tableNames() (implemented by IDatabase) is now deprecated.
None of the tableName*() functions should be used by most users;
if you absolutely must use raw SQL, write several tableName() calls instead.
* Language::isWellFormedLanguageTag() has been deprecated in favor of
LanguageCode::isWellFormedLanguageTag().
* The PrevNextNavigationRenderer helper class has been deprecated in favor of
the new PagerNavigationBuilder one.
* The methods IndexPager::getPagingLinks(), IndexPager::getLimitLinks() and
IndexPager::buildPrevNextNavigation() have been deprecated in favor of
IndexPager::getNavigationBuilder().
* Overriding the method IndexPager::makeLink() has been deprecated.
* ActorMigration is deprecated. The temporary table is no longer needed, the
actor table can be directly joined to the revision table, which is simple
enough to not need a helper class. See the methods of ActorMigration for more
specific information on replacements. ActorMigrationBase remains usable for
migrations in extension tables.
=== Other changes in 1.39 ===
* Dynamic default values are now applied before extension registration callbacks
are run. This way, extensions have a complete view of config variables, with
all defaults applied. For example, when the default value of X used to be
static but becomes dynamic, and an extension reads the value of X in the
registration callback, it will now continue to function as expected. In some
cases however, this may cause an undesired change in behavior: if the dynamic
default of setting X depends on the value of setting Y, and an extension
changes Y, the changed value of Y will no longer affect the value of X.
== Compatibility ==
MediaWiki 1.39 requires PHP 7.4.3 or later and the following PHP extensions:
* ctype
* dom
* fileinfo
* iconv
* intl
* json
* mbstring
* xml
MariaDB is the recommended database software. MySQL, PostgreSQL, or SQLite can
be used instead, but support for them is somewhat less mature.
The supported versions are:
* MariaDB 10.3 or higher
* MySQL 5.7.0 or higher
* PostgreSQL 10 or later
* SQLite 3.8.0 or later
== Online documentation ==
Documentation for both end-users and site administrators is available on
MediaWiki.org, and is covered under the GNU Free Documentation License (except
for pages that explicitly state that their contents are in the public domain):
https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
== Mailing list ==
A mailing list is available for MediaWiki user support and discussion:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
A low-traffic announcements-only list is also available:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
It's highly recommended that you sign up for one of these lists if you're
going to run a public MediaWiki, so you can be notified of security fixes.
== IRC help ==
There's usually someone online in #mediawiki on irc.libera.chat.
= MediaWiki 1.38 =
== MediaWiki 1.38.7 ==
This is a security and maintenance release of the MediaWiki 1.38 branch.
=== Changes since MediaWiki 1.38.6 ===
* Localisation updates.
* (T333990) composer.json: Explicitly pin psr/http-message to 1.0.1.
* (T335203, CVE-2023-29197) SECURITY: Upgrading guzzlehttp/psr7
(2.4.0 => 2.4.5).
* (T322944) Add Authorization to default $wgAllowedCorsHeaders.
* (T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter.
* (T330464) Work around argument corruption bug in XMLReader::open.
* (T313157) IndexPager: Also protect against $offset being 0.
* (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker.
== MediaWiki 1.38.6 ==
This is a security and maintenance release of the MediaWiki 1.38 branch.
=== Changes since MediaWiki 1.38.5 ===
* Localisation updates.
* (T325872) ChangeTags: Remove table name from condition.
* (T324895) MWCallbackStream: Add explicit $stream property.
* (T297031, T326039) PostgresUpdater: Move setDefault ahead of
changeNullableField.
* Remove /images .htaccess rules that are no longer relevent.
* Disable php in .htaccess of images directory as a hardening measure.
* (T322583) Include missing message parameter in message.
* Fix phan error when Excimer is enabled.
* (T323373) Parser: Fix extractSections() behavior for PHP >= 8.0
* (T326021) Add matrix: to $wgUrlProtocols.
* (T326377) rdbms: Use DBConnRef in SelectQueryBuilder.
* api/en.json: api-help-datatype-expiry add missing 'may'.
* (T328222) Pass empty string to strlen() if schema is null for
PostgresDatabase.
* (T317329) OutputPage: Fix undefined ['host'] in ImagePreconnect code.
* (T289926) SpecialRevisionDelete: Set default of '' for wpReason.
* (T155582, T328503) Fix XML dumps for content types with non-string
getNativeData().
* (T314099) revisiondelete: Replace dynamic property Status::$itemStatuses.
* (T329198) ParamValidator: Improve paramvalidator-help-multi-max message.
* (T292348) WikiImporter: do not fail if upload entry in dump lacks 'text'
tag.
* (T295637) Add no to fallback chain of nb and nn.
* (T329484) API: Fix query+allimages user parameter description.
* (T330529) SpecialEditTags: Set default of '' for wpReason.
* (T330526) htmlform: Handle null from HTMLFormField::getDefault in
multiselects.
* (T285159, CVE-2023-29141) SECURITY: Do not apply autoblocks to untrusted
XFF headers.
== MediaWiki 1.38.5 ==
This is a security and maintenance release of the MediaWiki 1.38 branch.
=== Changes since MediaWiki 1.38.4 ===
* Localisation updates.
* Tests: Explicit cast to int in RandomImageGenerator test (php8 warnings).
* (T319000) WebInstaller: Don't try and run trim() on null.
* (T318753) Installer: Disable logo dropper for now.
* (T320864) When calling mail(), use an array for headers.
* (T311567) In ManualLogEntry, cast the comment to string.
* (T289926) api: Fix minor PHP 8.1 incompatibility in ApiOptions.
* (T322803) SpecialBotPasswords: Don't pass null to trim().
* (T323082) Upgrading wikimedia/xmp-reader (0.8.1 => 0.8.5).
* Language: Handle ronna and quetta.
* PostgresUpdater: Remove trailing space from 'user_id ' column.
* (T304515) LCStoreStaticArray: atomically replace the cache file.
* (T324890, T324891, T324901) Parser: Allow dynamic properties on PHP 8.2.
* (T324910) On pages using multi-content revisions, the raw content of a
specific slot can be retrieved using the action=raw&slot=<role-name> query
parameters.
* (T322637) SECURITY: sqlite should not create DB file world-readable.
== MediaWiki 1.38.4 ==
This is a maintenance release of the MediaWiki 1.38 branch.
=== Changes since MediaWiki 1.38.3 ===
* Fix missing use statement from backport of fix for T307278.
== MediaWiki 1.38.3 ==
This is a security and maintenance release of the MediaWiki 1.38 branch.
=== Changes since MediaWiki 1.38.2 ===
* Localisation updates.
* (T311568) UploadBase::setTempFile() handle $tempPath being passed as null.
* (T311559) SpecialListFiles: user parameter isn't always present.
* (T311561) ImageListPager: Don't call htmlspecialchars() on null.
* (T311920) SpecialBlockList: Prevent passing null to trim().
* (T311921) SpecialUserrights: Don't pass null to str_replace.
* (T311570) SpecialWithoutInterwiki: Don't pass null through to
Title::capitalize().
* (T311574, T311576) SpecialLinkSearch: Don't pass null through to the parser.
* (T311360) RecentChange: Straight join to actor table when needed.
* (T311360) RecentChange: Make join to comment table also straight.
* Remove messages in en-gb.json.
* (T312519, T312520) Parser::extensionSubstitution() Don't run substr() on null.
* (T287564) populateInterwiki: Include not null columns iw_api/iw_wikiid.
* (T312302) SpecialRedirect: Don't pass null to explode.
* RemoveInvalidEmails: Fix quoting for postgres.
* (T312678) import: UploadSourceAdapter::stream_read() don't pass null to
strlen().
* (T312300) SpecialDiff: Don't pass null to explode().
* (T312680) parser: Fix CoreParserFunctions::urlencode() null coalescence $arg.
* (T289926) Handle null passed to wfShorthandToInteger() and Html::element().
* (T289926) Ensure that strlen() does not get passed a (valid) null.
* (T312301) SpecialDiff: Don't pass null to trim().
* Hooks: Use more meaningful name for SkinAfterPortlet hook parameter.
* (T289926) Ensure we don't pass null to mb_strlen.
* (T312305, T311572, T311571, T311578) HTMLForm: Null coalescence in trim()
calls.
* (T289926) site: Consistently return null from Site::getDomain().
* (T307304, T289879) filebackend,jobqueue: Add signature for
FilterIterator::accept().
* (T304559) Use page ID from parent revision, improve logging.
* (T312183) rdbms: Adapt hasOrMadeRecentPrimaryChanges test mock for PHP 8.1.
* Add application/vnd.ms-opentype to MIME list.
* Allow composer/installers plugin in composer.json.
* (T313663) Make ReadOnlyModeTest work in php8.
* (T313663) Make HandlerTestTrait compatible with php8.1.
* (T313663) [php8] Make DeletePageTest stop giving warnings on php8.1.
* Change type hints for BatchRowIterator and NotRecursiveIterator for
compatibility with PHP 8.1.
* (T313663) [php8.1] Change override of $wgResourceBasePath for CSP tests.
* (T313663) parser: Mock WikiPage::getContentModel in ParserCacheTest to fix
php8.1.
* (T313663) [php8.1] Make WikiImporterFactoryTest use better mock for
ImportSource.
* Fix tests so getName() doesn't return null.
* (T313663) [php8] Don't use strlen on potentially null string.
* (T313663) [php8.1] Suppress test warning about providing null.
* (T313663) [php8.1] mock User::getTitleKey() in DeaultPreferencesFactoryTest.
* (T313663) Parser will use current timestamp instead of null if passed a
RevisionRecord that does not have a timestamp.
* (T313663) Add explicit null check for $sha in FileBackend [php8.1].
* (T313663) LogFormatter: Cast argument of ctype_digit to string [php8.1].
* (T313663) Mock UserOptionsManager::getOption for php8.1.
* (T289879, T289926) Get rid of warnings on PHP 8.1.
* (T313663) Check for null return of preg_replace in MediaWikiTitleCodec.
* (T313663) cast db name to string when checking if it is read only [php8.1].
* (T313663) Avoid testing strlen on null in ApiQuerySiteinfo [php 8.1 compat].
* (T313663) Use default timezone UTC for SpecialWatchlistTest [php 8.1].
* (T313663) Mock User::getTitleKey in SpecialPreferencesTest [php 8.1].
* (T314096) Migrate use of ${var}-style string interpolation.
* (T314099) preprocessor: Add missing field declarations.
* (T313663, T313662) Make default value for optional args {{PAGESINCAT:..}} be
'' not null.
* (T313663) [php8.1] Mock out getLocalDomainID for WatchedItemStore tests.
* (T313663) Suppress warnings for the null test of addIdentifierQuotes.
* (T314225) SpecialCategories: Null coalescene $par.
* (T314099) User: Allow dynamic properties on PHP 8.2.
* (T314404) SpecialGoToInterwiki: Null coalescene $par.
* (T314397) SpecialBlock: Better handle null in getTargetUserTitle.
* (T314099) phpunit: Fix trivial dynamic property usages in tests.
* (T314405) UploadStash: Check if us_prop is set in the fileMetadata.
* (T313663) Make ChangesListSpecialPageTest cast to string for php 8.1.
* (T313663) Do not test giving a null fragment to Title::makeTitle.
* (T314550) SpecialMergeHistory: Set timestamp to '' if no mergepoint.
* (T314551) SpecialMergeHistory: Set defaults for target and dest parameters.
* (T313663) Cast results of Sqlite test to string [php 8.1].
* (T314208) Set $wgServer for HttpRequestFactoryTest to prevent warnings on
php8.1.
* (T314208, T297082) phpunit: Fallback to global default user options.
* (T307282) Avoid passing null to strcasecmp(), for PHP 8.1.
* Fix a couple deprecation warnings in the installer under PHP 8.1.
* api: Add rel=nofollow to help examples.
* (T307613) Validate length of user email on Special:ChangeEmail/
Special:CreateAccount.
* (T314226) LoginSignupSpecialPage: Check if $value is a string before length.
* (T314824) tests: Update parser test after i18n change.
* (T313663, T296083) context: Replace deprecated User::getOption.
* (T295958, T278847) MediaWiki-Docker: Switch PHP images to PHP7.4.
* (T314906, T314907) SpecialBlock: Set defaults for wpPageRestrictions and
wpNamespaceRestrictions.
* (T315309) ImportStreamSource::newFromURL() Prevent passing null to fwrite.
* (T315892) composer.json: Pin phpunit to 8.5.28.
* (T313663) Do not compare byte-for-byte of serialized items in tests [php8.1].
* objectcache: avoid php 8.1 argument type warnings in
genericKeyFromComponents().
* (T317750) session: Fix broken SessionTest case due to PHPUnit dependency
change.
* ManualLogEntry: Don't pass null to trim() as PHP 8.1 whines.
* (T313663) Add a null check VueComponentParser to prevent php8.1 issues.
* (T313049) Bump wikimedia/parsoid to v0.15.1.
* (T318754) WebInstallerOptions::addPersonalizationOptions(): Close fieldset.
* (T318460) SpecialChangeEmail: Set default for returntoquery.
* (T318307) Update docs for HTMLFormField::validate() to permit all data types.
* (T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results
in an IP range check on Special:Contributions.
* (T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence
of hidden users.
* (T307278, CVE-2022-41766) SECURITY: On action=rollback the message
"alreadyrolled" can leak revision deleted user name.
== MediaWiki 1.38.2 ==
This is a security and maintenance release of the MediaWiki 1.38 branch.
=== Changes since MediaWiki 1.38.1 ===
* Localisation updates.
* (T309426) Repair language selector for SVGs.
* (T310013) Fix default value for $wgShowEXIF and $wgUsePathInfo.
* (T308471) SECURITY: Escape welcomeuser message passed to showSuccessPage().
* (T308473) SECURITY: Escape contributions-title msg for use within page title.
* (T311272) Call parent constructor of AddSite maintenance script first.
* MediaWiki: Don't eagerly initialize action name.
* (T311384, CVE-2022-27776) Updated guzzlehttp/guzzle from 7.4.1 to 7.4.5.
* (T289926) Avoid passing null to trim() in SkinTemplate.
* (T289879) Address deprecations for PHP 8.1.
* (T311473) rollbackEdits: Pass user identity to RollbackPage.
* Upgrade wikimedia/remex-html from 3.0.1 to 3.0.2.
* (T311551) ShellboxClientFactory::getUrl(): Check if $this->key is null.
* (T311552) ChangesListSpecialPage: Don't pass null to FormatJson::decode().
* (T311569) FileBackend::isStoragePath() Handle being passed null.
* (T311544) Pass int to ApiUsageException::newWithMessage()'s $httpCode param.
* (T311678) SpecialEditWatchlist: Prevent passing null to strtolower().
* (T311554) ChangeTags: Return early in formatSummaryRow() if $tags === null.
* Upgrade wikimedia/common-passwords from 0.3.0 to 0.4.0.
== MediaWiki 1.38.1 ==
This is a maintenance release of the MediaWiki 1.38 branch.
=== Changes since MediaWiki 1.38.0 ===
* (T309860) Add justinrainbow/json-schema to vendor.
* (T309933) Drop PHP 7.2 support in MediaWiki 1.38; require 7.3.19.
== MediaWiki 1.38.0 ==
=== Changes since MediaWiki 1.38.0-rc.1 ===
* Localisation updates.
* (T309114) LocalFile::prerenderThumbnails: Limit the number of thumbnail
jobs triggered.
* (T305779) phpunit: Support setting skin context in BundleSizeTest subclasses.
* (T309028) SECURITY: ApiEditPage: update title after redirects.
* (T308967) notifications: prevent log spam when invalid user object listed.
* composer: Lock Parsoid version to specific 0.15.0 release.
* (T306362, T308680) change-your-logo.svg: Resize to 135px square, re-crush,
and manually minify.
== MediaWiki 1.38.0-rc.1 ==
=== Changes since MediaWiki 1.38.0-rc.0 ===
* Localisation updates.
* (T305028) Undeprecate EditPage::$textbox2.
* (T305635) LogActions is a map, not a list.
* (T306721) Add wikimedia/equivset to vendor; needed by bundled AbuseFilter.
* (T307284) Simplify TransactionManager::pendingWriteQueryDuration.
* (T307307) Add symfony/yaml to vendor.
* Fix old_name in UserLogoutComplete hook.
* REST: don't send stack trace in error responses.
* (T307998) SessionManager: stop storing an ObjectFactory instance.
* (T193565) UserGroupManager: Fix dbDomain in addUserToGroup() deferred update.
== Upgrading notes for 1.38 ==
Don't forget to always back up your database before upgrading!
See the file UPGRADE for more detailed per-version upgrade instructions from the
oldest supported upgrading version, MediaWiki 1.29.
Some specific notes for MediaWiki 1.38 upgrades are below:
* (T191740) The AbuseFilter extension is now bundled with MediaWiki. This is an
anti-abuse feature that lets privileged users to set specific actions to be
taken when actions by users, such as edits or file uploads, match certain
criteria.
* (T232948) The Math extension is now bundled with MediaWiki. This is a content
feature that lets users create mathematical formulæ, written in a sub-set of
LaTeX and rendered in MathML with a fallback SVG image. By default, it will
use Wikimedia's mathoid service to render each formula, but local rendering
can be set up for network isolation or performance.
* (T191743) The Minerva skin is now bundled with MediaWiki. This is a simple,
light-weight, and scalable skin that is particularly optimised for mobile use,
and integrates well with the MobileFrontend extension (available separately),
but can also be used as a regular desktop skin.
For notes on 1.37.x and older releases, see HISTORY.
=== Configuration changes for system administrators in 1.38 ===
==== New configuration ====
* (T297708) $wgMaxExecutionTimeForExpensiveQueries - This setting can be used to
control the maximum execution time for several expensive query pages (e.g.
RecentChanges and UserContribs).
* $wgBrowserFormatDetection – This setting allows overriding browsers' automatic
detection and handling of formats. It's initially used to prevent auto-linking
of possible telephone numbers in wiki pages' output in Safari on iOS; this can
be re-enabled if you wish, or locally extended for other browsers' quirks.
* (T240685) $wgMetricsTarget, $wgMetricsFormat, $wgMetricsPrefix - These provide
configuration for a new MetricsFactory service with support for the dogstatsd
format, intended for integration with Prometheus integration.
* $wgGroupInheritsPermissions – This setting allows inheriting permissions, both
granted and revoked, from another group.
* $wgForeignApiRepos – ForeignAPIRepo now has a apiMetadataExpiry option to
control for how long file metadata is cached. Additionally the default changed
from 1 hour to 4 hours.
* $wgSkinsPreferred – This lets you set a list of preferred skins to be listed
higher in Special:Preferences.
* $wgWikiFarmSettingsDirectory – A directory that contains site-specific
configuration files. Setting this will enable multi-tenant ("wiki farm")
mode, causing site-specific settings to be loaded based on information from
the web request. EXPERIMENTAL.
* $wgWikiFarmSettingsExtension – The file extension to be used when looking up
site-specific settings files in $wgWikiFarmSettingsDirectory, such as 'json'
or 'yaml'. EXPERIMENTAL.
* $wgWikiFarmSiteDetector – A callback function that returns the name of the
wiki for the current request. This is used in multi-tenant ("wiki farm")
mode to determine which settings file to load from
$wgWikiFarmSettingsDirectory. EXPERIMENTAL.
* $wgEnableRemoteBagOStuffTests – This replaces the environment variable
PHPUNIT_USE_BAGOSTUFF.
* (T230211) $wgForceDeferredUpdatesPreSend – Force deferred updates to be run
before sending a response to the client, instead of attempting to run them
after sending the response. Setting this to true is useful for end-to-end
testing, to ensure that the effects of a request are visible to any subsequent
requests, even if they are made immediately after the first one. Note however
that this does not ensure that database replication is complete, nor does it
execute any jobs enqueued for later.
* $wgTemplateLinksSchemaMigrationStage – Templatelinks table schema migration
stage, for normalizing tl_namespace and tl_title fields.
==== Changed configuration ====
* $wgStyleDirectory and $wgExtensionDirectory – These are now set later, so can
no longer be used within LocalSettings.php unless explicitly set in that file.
* $wgFileBackends – This setting no longer takes 'fileJournal' as an option.
* $wgMaxImageArea - This setting may now be set to false to disable size.
checking before scaling. Extensions can still override its value by using the
BitmapHandlerCheckImageArea hook.
* $wgAjaxUploadDestCheck – This is now deprecated, and act as always-true.
* $wgInterwikiCache – This no longer supports the string value for CDB files.
* $wgParserOutputHooks – This is now deprecated; adjustments using this should
be done with OutputPageParserOutputHook instead. (T292321)
* $wgExternalStores – This is newly documentated in
includes/externalstore/README.md.
==== Removed configuration ====
* $wgShellLocale - This setting has been removed as it was a flawed solution to
the problem of locale dependence, MediaWiki will now always set a locale of
C.UTF-8 or C and works around the remaining problems of the C locale by not
using escapeshellarg. This follows the direction of PHP 8.0, which sets a
locale of C by default instead of respecting LC_CTYPE.
* $wgLoggedOutMaxAge - Experiment removed, originally added in 1.35. (T293848)
* $wgIncludejQueryMigrate - Deprecated in 1.36. We only support jQuery v3.
* $wgUseCategoryBrowser - This experimental feature has been removed. If you
still need to use this feature, please see [[mw:Extension:CategoryExplorer]].
* $wgStyleSheetPath - alias for $wgStylePath, deprecated since 1.3 (2004).
=== User-facing changes in 1.38 ===
* (T284921) The "auto-number headings" feature was removed following a
consultation, due to performance reasons.
=== New operator/developer features in 1.38 ===
* EXPERIMENTAL: The environment variable MW_CONFIG_FILE can be used to specify
the location of the settings file. This allows alternative settings files to
be loaded depending on the environment. Settings files may be given as PHP
files like the traditional LocalSettings.php file, or they may use JSON or
YAML format.
See https://www.mediawiki.org/wiki/Manual:YAML_settings_file_format
* Added a deleteUserEmail maintenance script - This file enables the deletion of
a given user's associated email address. It can be helpful for
privacy-preserving operations.
* The description array for constructing an HTMLForm now can use 'disable-if' to
disable fields on condition easily, supported expressions are the same as
'hide-if'.
* There is a new interface, IForeignRepoWithMWApi, to allows you to mark file
repos provided by an extension as supporting making API queries against the
foreign file repo so that extensions like TimedMediaHandler that depend on
this can stop hard-coding looking for specific class names.
* Added EXPERIMENTAL support for an easy to configure multi-tenant ("wiki
farm") mode:
Settings for each site can be placed in a directory specified by
$wgWikiFarmSettingsDirectory. Site detection is controlled by
$wgWikiFarmSiteDetector and defaults to the requested host name.
For example, setting $wgWikiFarmSettingsDirectory = "sites" would cause
the settings for wiki.example.com to be loaded from
"sites/wiki_example_com.yaml".
WARNING: YAML files under the web root may be accessible to browsers, please
take appropriate measures to protect them from access via HTTP.
* Running QUnit tests for an individual test suite module is possible with
`grunt qunit --qunit-component={componentName}`, where {componentName} is
"MediaWiki" to run core's QUnit tests or the skin or extension name.
* The 'mediawiki.mixins' module now has a `.user-select()` Less mixin.
=== External library changes in 1.38 ===
==== New external libraries ====
* symfony/yaml was promoted from development-only.
* justinrainbow/json-schema was promoted from development-only.
==== Changed external libraries ====
* Updated OOUI from v0.42.0 to v0.43.2.
* Updated Vue from 2.6.11 to 3.2.23.
* Updated WVUI from v0.3.0 to v0.4.0.
* Updated composer/semver from 3.2.5 to 3.2.6.
* Updated guzzlehttp/guzzle from 7.2.0 to 7.4.5.
* Updated pear/mail_mime from 1.10.9 to 1.10.11.
* Updated pear/net_smtp from 1.9.2 to 1.10.0.
* Updated psr/log from 1.1.3 to 1.1.4.
* Updated psy/psysh from 0.10.5 to 0.11.1.
* Updated symfony/polyfill-php80 from 1.23.1 to 1.25.0.
* Updated wikimedia/assert from 0.5.0 to 0.5.1.
* Updated wikimedia/cdb from 1.4.1 to 2.0.0.
* Updated wikimedia/ip-utils from 3.0.2 to 4.0.0.
* Updated wikimedia/minify from 2.2.4 to 2.2.6.
* Updated wikimedia/object-factory from 3.0.2 to 4.0.0.
* Updated wikimedia/parsoid from v0.14.0-a14 to v0.15.0.
* Updated wikimedia/purtle from 1.0.7 to 1.0.8.
* Updated wikimedia/request-timeout from 1.1.0 to 1.2.0.
* Updated wikimedia/shellbox from 2.0.0 to 3.0.0.
* Updated wikimedia/wrappedstring from 3.2.0 to 4.0.1.
* Updated wikimedia/remex-html from 3.0.1 to 3.0.2.
* Updated wikimedia/common-passwords from 0.3.0 to 0.4.0.
===== Changed development-only external libraries =====
* Updated QUnit from 2.16.0 to 2.18.0.
* Updated composer/semver from 3.5.4 to 3.5.5.
* Updated composer/spdx-licenses from 1.5.4 to 1.5.5.
* Updated doctrine/dbal for PHP < 7.3 from 2.10.4 to 2.13.6.
* Updated doctrine/dbal for PHP >= 7.3 from 3.0.0 to 3.1.5.
==== Removed external libraries ====
* jquery.jStorage, deprecated since MW 1.28; use "mediawiki.storage" instead.
=== Action API changes in 1.38 ===
* New `deletetalk` parameter on action=delete that allows you to delete the
associated talk page of a subject page.
* New `variant` parameter for all API actions, for specifying language variant
(akin to the existing `variant` parameter for index.php). Task T117549.
=== Languages updated in 1.38 ===
MediaWiki supports over 400 languages. Many localisations are updated regularly.
Below only new and removed languages are listed, as well as changes to languages
because of Phabricator reports.
* (T292166) Updated namespace names for the Lombard language.
* (T299201) Changed the autonym of the Angika language to अंगिका
* (T298309) Changed the autonym of the Abkhaz language to аԥсшәа
* (T302972) Changed the autonym of the Kirundi language to ikirundi
* (T220303) Show numbered lists with Burmese numerals in relevant languages
* (T291899) Added language support for Xiang Chinese (hsn).
* (T292612) Added language support for S'gaw Karen (ksw).
* (T293656) Added language support for Farefare (gur).
* (T294729) Added language support for Pa'O (blk).
* (T296286) Added language support for Skolt Sámi (sms).
* (T296612) Added language support for Makhuwa (vmw).
* (T296707) Added language support for Ga (gaa).
* (T297073) Added language support for Nanai (gld).
* (T297074) Added language support for Nawdm (nmz).
* (T298075) Added language support for Northern Thai (nod).
* (T298182) Added language support for Cape Verdean Creole (kea).
* (T298385) Added language support for Nheengatu (yrl).
* (T299329) Added language support for Fon (fon).
* (T300474) Added language support for Nkore (nyn).
* (T302556) Added language support for Pannonian Rusyn (rsk).
=== Breaking changes in 1.38 ===
* (T291008) The IP class, deprecated since 1.35 in favor of the IPUtils library,
has been removed. The IP related regexes which were also deprecated in favor
of the IPUtils library were also removed, IPUtils::RE_* should be used
instead.
* (T293043) The MediaWikiIntegrationTestCase class alias 'MediaWikiTestCase' has
been removed.
* LinkCache::singleton(), deprecated since 1.28, has been removed.
* RepoGroup::singleton(), ::destroySingletons() and setSingleton(), all
deprecated since 1.34, have been removed.
* The following methods from FileDeleteForm were removed:
- ::__construct (the class is no longer newable)
- ::execute()
- ::haveDeletableFile()
Use FileDeleteAction instead.
* MessageCache::singleton(), deprecated since 1.34, has been removed.
* LockManagerGroup::singleton() and ::destroySingletons(), both deprecated since
1.34, have been removed.
* FileBackendGroup::singleton() and ::destroySingletons(), both deprecated since
1.35, have been removed.
* TemplateParser used to support disabling the cache with a boolean parameter in
its constructor. This was deprecated in 1.35 and has now been removed.
* The ArticleUndeleteLogEntry hook, deprecated in 1.37, was removed.
* The BeforeResetNotificationTimestamp hook, deprecated in 1.37, was removed.
* The global function mimeTypeMatch() has been removed without a deprecation
process.
* The following JavaScript mw.config keys have been removed:
- $wgCookiePrefix
- $wgCookieDomain
- $wgCookiePath
- $wgCookieExpiration
Use mw.cookie from the mediawiki.cookie module instead.
* The signature of PageUpdater::markAsRevert method was changed. It has never
been used outside of MediaWiki core.
* If you want to use interwiki titles with HTMLTitleTextField, you now need to
pass 'interwiki' => true. In 1.37, the default behavior was to let interwiki
title through by default, logging a deprecation warning.
* The `UndeleteForm::undelete` hook, deprecated in 1.37, was removed.
* BagOStuff::setDebug(), deprecated since 1.36, has been removed.
* The `jquery.mw-jump` ResourceLoader module was removed.
* The `wgForeignUploadTargets` and `wgEnableUploads` configuration values were
removed from mw.config. They had previously been documented as being included
for internal use by the mediawiki.ForeignUpload module.
*The `&$hasHistory` parameter to WikiPage::getAutoDeleteReason() and
ContentHandler::getAutoDeleteReason() was hard-deprecated with no replacement.
* Several Skin methods, which have emitted deprecation warnings since 1.36, have
been removed. These include:
- Skin::privacyLink()
- Skin::aboutLink()
- Skin::disclaimerLink()
For these, instead use Skin::footerLink() to alter footer links.
- Skin::getLogo()
For this, use ResourceLoaderSkinModule::getAvailableLogos() instead.
- Skin::getIndicatorsHTML()
For this, use Skin::getIndicatorsData() instead.
- Skin::subPageSubtitle()
For this, use Skin::prepareSubtitle() instead.
- Skin::makeVariablesScript()
For this, use ResourceLoader::makeInlineScript() instead.
- Skin::getAllowedSkins()
- Skin::getSkinNames()
For these, use SkinFactory::getAllowedSkins() or ::getInstalledSkins().
- Skin::makeUrl()
- Skin::getSearchLink()
- Skin::mainPageLink()
* Parser::getUser and ::mUser, as well as ParserOptions::getUser, deprecated
since 1.37, has been removed.
* Parser::$mStripState, deprecated in 1.35, has been made private. Use
Parser::getStripState() instead.
* The following deprecated features in blocks were removed:
- DatabaseBlock constructor 'byText' property with blocker's name, use 'by'
property with UserIdentity value instead.
- DatabaseBlock constructor 'by' property with blocker's ID, use 'by' property
with UserIdentity value instead.
- DatabaseBlock::isWhitelistedFromAutoblocks, use ::isExemptedFromAutoblocks.
- DatabaseBlock::setBlocker now only accepts UserIdentity.
- AbstractBlock::getTargetAndType and ::getTarget, use ::getTargetName,
::getTargetUserIdentity and ::getType instead
* The following functions, emitting deprecations since 1.37, have been removed:
- Title::isWatchable()
- WatchAction::doWatchOrUnwatch(), WatchAction::doWatch(),
WatchAction::doUnwatch(), WatchAction::getWatchToken()
- User::isWatched(), User::isTempWatched(), User::addWatch(),
User::removeWatch()
* ParserOptions::setTidy() that had no effect and was deprecated since 1.35 has
been removed.
* The "YAML" encoding option of EtcdConfig, has been removed without
deprecation.
* The constant ApiBase::PARAM_VALUE_LINKS, deprecated since 1.35 has been
removed.
* UserLoadOptions, UserSaveOptions and UserResetAllOptions hooks, deprecated
since 1.37, were removed.
* The experimental FileJournal system has been removed without deprecation. This
includes the FileJournal abstract class, its implementation classes
DBFileJournal and NullFileJournal, various minor getters and setters, and the
option for the wiki configuration $wgFileBackends.
* The return values for each `bind` function in checkboxHack.js has been changed
from an object to a function. In addition, the `unbind` function has been
removed. A deprecation process was assumed unnecessary as there were no known
usages.
* File::getUser, ::getImageSize, ArchivedFile::getRawDescription, ::getUser,
::getRawUser and ::getRawDescription, deprecated since 1.37, has been removed.
* ShellboxHttpClient class has been removed without deprecation. It was an
internal class used by ShellboxClientFactory.
* The following hard deprecated User methods have been removed:
- ::resetIdByNameCache,
- ::getStubThreshold,
- ::matchEditTokenNoSuffix,
- ::changeableByGroup,
- ::changeableGroups,
- ::isAllowUsertalk,
- ::getRights
- ::isAllowUsertalk
- ::isIP,
- ::isIPRange,
- ::isValidUserName,
- ::isUsableName,
- ::isCreatableName,
- ::getCanonicalName,
- ::addAutopromoteOnceGroups,
- ::getDefaultOptions,
- ::getDefaultOption,
- ::getOptions,
- ::getBoolOption,
- ::getIntOption,
- ::setOption
- ::listOptionKinds
- ::getOptionKinds,
- ::resetOptions,
- ::getEffectiveGroups,
- ::getAutomaticGroups,
- ::getFormerGroups
- ::isLoggedIn
- ::getFirstEditTimestamp
- ::getLatestEditTimestamp
* Http::$httpEngine, deprecated since 1.34, has been removed. The only available
HTTP engine is now Guzzle. CurlHttpRequest and PhpHttpRequest classes were
removed.
* The UserRightsProxy class was deprecated. Pass the correct domain to
UserGroupManagerFactory instead.
* Parser option enableLimitReport was deprecated. The report is now generated
post-parse and can be included by providing 'includeDebugInfo' option to
ParserOutput::getText. Thus, ParserOptions::enableLimitReport and
::getEnableLimitReport methods were deprecated.
* Ajax action that was deprecated in 1.27 now has been removed.
* The following methods have been removed from IDatabase without deprecation as
they were completely unused:
- ::preCommitCallbacksPending()
- ::pendingWriteRowsAffected()
- ::getServerUptime()
- ::maxListLen()
* The following deprecated methods have been removed from IDatabase:
- ::aggregateValue() soft-deprecated since 1.33
- ::getTopologyRootMaster() since 1.37
- ::masterPosWait() since 1.37
- ::dataSeek() soft-deprecated since 1.37
- ::numFields() soft-deprecated since 1.37
- ::fieldName() soft-deprecated since 1.37
- ::onTransactionIdle() soft-deprecated since 1.32
- ::getMasterPos() since 1.37
* DatabaseMysqlBase::fieldType() and DatabasePostgres::fieldType(), deprecated
since 1.37, have been removed.
* Database::assertIsWritableMaster(), deprecated since 1.37, has been removed.
* ResultWrapper::getInternalResult(), soft-deprecated since 1.37 and
ResultWrapper::unwrap(), deprecated since 1.37, have been removed.
* Language::AS_AUTONYMS, deprecated since 1.34, has been removed. You can use
the LanguageNameUtils::AUTONYMS constant instead.
* Several Language class variables deprecated in 1.35 have been removed; they
are each replaced by a constant, as listed after the arrow:
- ::$mWeekdayMsgs → WEEKDAY_MESSAGES
- ::$mWeekdayAbbrevMsg → WEEKDAY_ABBREVIATED_MESSAGES
- ::$mMonthGenMsgs → MONTH_GENITIVE_MESSAGES
- ::$mIranianCalendarMonthMsgs → IRANIAN_CALENDAR_MONTHS_MESSAGES
- ::$mHebrewCalendarMonthMsgs → HEBREW_CALENDAR_MONTHS_MESSAGES
- ::$mHebrewCalendarMonthGenMsgs → HEBREW_CALENDAR_MONTH_GENITIVE_MESSAGES
- ::$mHijriCalendarMonthMsgs → HIJRI_CALENDAR_MONTH_MESSAGES
* wfIncrStats, deprecated since 1.36, has been removed.
* Profiler::profileIn and ::profileOut, deprecated in 1.33, has been removed.
* IEditObject::AS_CANNOT_USE_CUSTOM_MODEL, deprecated in 1.35, was removed.
* Several protected methods in EditPage were made private. None of these was
used outside of EditPage itself. Since the class is not stable to extend,
this change happened without a deprecation phase.
* The following public methods in EditPage, unused externally, were
made private:
- ::getCancelLink()
- ::isSupportedContentModel()
- ::getParentRevId()
* EditPage::setApiEditOverride() was marked as @internal for use by
ApiEditPage only.
* SelectQueryBuilder::straightJoin() was renamed to straightJoinOption().
* The following deprecated methods have been removed from ILBFactory:
- ::beginMasterChanges() since 1.37
- ::commitMasterChanges() since 1.37
- ::rollbackMasterChanges() since 1.37
- ::hasMasterChanges() since 1.37
- ::hasOrMadeRecentMasterChanges() since 1.37
* The "groupLoadsByDB" option to LBFactoryMulti has been removed. Consider using
"groupLoadsBySection" instead.
* The following methods have been removed from ILoadBalancer without deprecation
as they were completely unused:
- ::waitForOne()
- ::allowLagged()
- ::forEachOpenReplicaConnection()
* The following deprecated methods have been removed from ILoadBalancer:
- ::getMasterPos() since 1.37
- ::finalizeMasterChanges() since 1.37
- ::approveMasterChanges() since 1.37
- ::beginMasterChanges() since 1.37
- ::commitMasterChanges() since 1.37
- ::runMasterTransactionIdleCallbacks() since 1.37
- ::runMasterTransactionListenerCallbacks() since 1.37
- ::rollbackMasterChanges() since 1.37
- ::flushMasterSnapshots() since 1.37
- ::hasMasterConnection() since 1.37
- ::hasMasterChanges() since 1.37
- ::lastMasterChangeTimestamp() since 1.37
- ::hasOrMadeRecentMasterChanges() since 1.37
- ::pendingMasterChangeCallers() since 1.37
- ::forEachOpenMasterConnection() since 1.37
- ::waitForMasterPos() since 1.37
* LoadBalancer::safeGetLag() which has been soft-deprecated since 1.34 has been
removed.
* The following properties of the EditPage class, deprecated since 1.35, were
made private:
- ::$deletedSinceEdit
- ::$lastDelete
- ::$mTokenOk
- ::$mTriedSave
- ::$incompleteForm
- ::$tooBig
- ::$missingComment
- ::$missingSummary
- ::$allowBlankSummary
- ::$autoSumm
- ::$mParserOutput
- ::$hasPresetSummary
- ::$minoredit
- ::$watchthis
- ::$recreate
- ::$nosummaryparentRevId
- ::$editintro
- ::$scrolltop
- ::$markAsBot
* Special:ListFiles and Special:NewFiles no longer allows to search for parts of
file names (option was not available for $wgMiserMode = true)
* DBAccessBase, deprecated since 1.37, has been removed.
* The UserNamePrefixSearch service no longer supports a UserIdentity parameter
to search(), to check for a specific audience an Authority object is required.
* The methods CoreParserFunctions::register() and CoreTagHooks::register() have
been marked @internal, and had a seconds parameter added. These methods are
intended for use in Parser's constructor, and are not used by any known
extension.
* LoadBalancer::openConnection(), deprecated since 1.34, has been removed.
* Skin::preloadExistence has been made private. There is no known usages outside
of MediaWiki core.
=== Deprecations in 1.38 ===
* The MWGrants class is deprecated in favor of the new GrantsInfo and
GrantsLocalization services.
* The global functions wfReadOnly() and wfReadOnlyReason() have been deprecated
in favor of the ReadOnlyMode service.
* PageProps::getInstance() has been deprecated. Use
MediaWikiServices::getPageProps() instead.
* User::setOption(), deprecated since 1.35, now emits deprecation warnings.
* Linker::formatComment(), ::formatLinksInComment(), ::commentBlock() and
revComment() were deprecated. Use the new CommentFormatter service.
* Several Skin methods have been deprecated.
- Skin::setSearchPageTitle(), Skin::getSearchPageTitle(). For these,
use SpecialPage::newSearchPage() or associated user preference instead.
- Skin::getSkinStylePath now triggers deprecation warnings. Direct string path
should be used instead.
- SkinTemplate::getPersonalToolsList(), deprecated since 1.35, now emits
deprecation warnings.
- In preparation for SkinTemplate::getPortletData becoming a private
function, extending the method is no longer permitted. Use
SkinTemplate::getTemplateData instead.
- SkinTemplate::buildContentNavigationUrls is now deprecated. Skins can
use the runOnSkinTemplateNavigationHooks method or the
SkinTemplateNavigation__Universal hook if they need access to this data.
* Usage of several template data keys in QuickTemplate are now deprecated:
- searchaction, poweredbyico, copyrightico
* DatabaseBlock::purgeExpired(), deprecated since 1.36, now emits deprecation
warnings.
* The following methods from the User class now trigger deprecation warnings:
- ::blockedBy
- ::getBlockId
* Content::getParserOutput and AbstractContent::fillParserOutput was
hard-deprecated, use ContentRenderer::getParserOutput instead. Extensions
defining a content model should override ContentHandler::fillParserOutput.
* Title::newFromIDs and TitleFactory::newFromIDs have been hard deprecated. Use
a PageSelectQueryBuilder from a PageStore instead.
* Content::getRedirectChain() and Content::getUltimateRedirectTarget() have been
deprecated with no replacement because support for $wgMaxRedirect will be
removed completely. See T296430 for more information.
* WikiPage::getRedirectTarget() has been deprecated. Use the equivalent
RedirectLookup::getRedirectTarget() instead.
* Article::doDelete() was deprecated. Use WikiPage::doDeleteArticleReal if you
only need to delete the article. If you also need things to happen with
OutputPage, you may want to check the hooks in DeleteAction instead.
* Instantiating the MessageContent class now emits deprecation notices.
* Message::content() now triggers deprecation warnings.
* Parser::setDefaultSort(), Parser::getDefaultSort(), and
Parser::getCustomDefaultSort() now trigger deprecation warnings. Use
ParserOutput::{get,set}PageProperty('defaultsort') instead.
* The following methods from the ParserOutput class now emit deprecation
warnings:
- ::hideNewSection() - use ::setHideNewSection()
- ::preventClickjacking() - use ::{get,set}PreventClickjacking()
- ::getProperty() - use ::getPageProperty() (return value changed)
- ::setProperty() - use ::setPageProperty()
- ::unsetProperty() - use ::unsetPageProperties()
- ::getProperties() - use ::getPageProperties()
- ::getCategoryLinks() - use ::getCategoryNames()
- ::setCategoryLinks() - use ::setCategories()
- ::addTrackingCategory() - use Parser::addTrackingCategory()
or TrackingCategories::addTrackingCategory()
- ::addWarning() - use ::addWarningMsg()
- ::hasDynamicContent() - use ::hasReducedExpiry()
* The following methods from the ParserOutput class were deprecated:
- ::getFlag() - use ::getOutputFlag()
- ::setFlag() - use ::setOutputFlag()
- ::getAllFlags() - this method is now marked @internal
- ::addJsConfigVars() - use ::setJsConfigVar() or ::appendJsConfigVar()
- ::addOutputHook() / ::getOutputHooks() - these hooks should be migrated
to use the OutputPageParserOutput hook instead
* The use of ParserOutput::setExtensionData() to overwrite previous values
stored under a given key has been deprecated; use the new
::appendExtensionData() to collect multiple values in the ParserOutput rather
than destructively updating stored values. (T300981)
* The signatures of the following methods from the ParserOutput class were
narrowed, restricting the permitted argument types:
- ::addModules() - if you formerly passed a string, pass an array with
the string as the only element.
- ::addModuleStyles() - if you formerly passed a string, pass an array
with the string as the only element.
* Access to the following public or protected properties of OutputPage was
deprecated; they will be made private or removed in a future release.
Use accessor functions instead.
- ::$mCategoryLinks
- ::$mCategories
- ::$mIndicators
- ::$mHeadItems
- ::$mModules
- ::$mModuleStyles
- ::$mJsConfigVars
- ::$mTemplateIds
- ::$mEnableClientCache
- ::$mNewSectionLink
- ::$mHideNewSectionLink
- ::$mNoGallery
* The following methods were deprecated; use ::setPreventClickjacking(..)
instead:
- OutputPage::preventClickjacking()
- OutputPage::allowClickjacking()
- ImageHistoryList::preventClickjacking()
- ImageHistoryPseudoPager::preventClickjacking()
- ContribsPager::preventClickjacking()
* OutputPage::enableClientCache() was deprecated, because it is universally used
to do the opposite -- use OutputPage::disableClientCache() instead.
* Sanitizer::removeHTMLtags() has been deprecated. Its output can include
unbalanced or ill-formed HTML and thus external callers may be misled about
how to safely incorporate its output into a page. It is recommended to use the
new Sanitizer::removeSomeTags() method instead, which will always return
balanced HTML.
* EventRelayerKafka was deprecated. To use $wgEventRelayerConfig with Kafka,
add a similar class to your code.
* MediaWiki\Logger\Monolog\KafkaHandler was deprecated. Consider using
$wgMWLoggerDefaultSpi with SyslogHandler, or to use Kafka, add a similar
Monolog handler class to your code.
* Collation::singleton() and ::factory() now trigger deprecation warnings.
* The following methods in MWNamespace, all deprecated since 1.34, now emit
deprecation warnings:
- isTalk()
- exists()
- subjectEquals()
- getCanonicalNamespaces()
- getCanonicalName()
- getCanonicalIndex()
- getValidNamespaces()
- isContent()
- hasSubpages()
- getContentNamespaces()
* Return values in the parameter $pageLang of the hook PageContentLanguage with
other types than a Language object, deprecated since 1.33, now emmits
deprecation warnings.
* Passing a db to BlockRestrictionStore::loadByBlockId() is deprecated.
BlockRestrictionStoreFactory should be used to fetch a correct
BlockRestrictionStore instead.
* All external access to ParserOutput and CacheTime classes properties will now
emit deprecation warnings. Use getters and setters instead.
* The custom jQuery event `watchpage.mw` emitted on #ca-watch and #ca-unwatch is
now deprecated in favour of the new `wikipage.watchlistChange` hook.
* The global function wfLogProfilingData() has been deprecated without a
replacement. The logic has been moved to the MediaWiki class.
* The "trace" option of SectionProfiler has been deprecated.
* The PageArchive class has had several methods deprecated. The replacements are
as follows:
- Use UndeletePage instead of ::undeleteAsUser(), ::getFileStatus() and
::getRevisionStatus().
- Use the respective methods of the new ArchivedRevisionLookup service
instead of ::listRevisions, ::getRevisionRecordByTimestamp,
::getArchivedRevisionRecord, ::getPreviousRevisionRecord and
::getLastRevisionId.
- Use ArchivedRevisionLookup::hasArchivedRevisions instead of ::isDeleted.
* PageUpdater::isUnchanged() has been deprecated, use wasRevisionCreated()
instead.
* The `mediawiki.pager.tablePager` module was deprecated in favor of the more
generic `mediawiki.pager.styles`.
* wfGetCache() and wfGetMainCache(), both deprecated since 1.32, now emit
deprecation warnings.
* LinkCache::addGoodLinkObj() has been hard deprecated.
* ApiStashEdit::parseAndStash has been hard deprecated.
* Content::prepareSave was hard-deprecated, now emits deprecation warnings.
Use ContentHandler::validateSave instead.
* The hooks LinksUpdateAfterInsert and LinksUpdateConstructed were deprecated.
* Access to all public properties in LinksUpdate was deprecated.
* The global variable $IP has been deprecated for use in application logic.
It will remain available for use in LocalSettings.php for now, though
$wgBaseDirectory is preferred.
Application logic should use the BaseDirectory setting from the main config.
Tests and framework code that need to function without MediaWiki being
fully initialized should use the MW_INSTALL_PATH constant.
* The global function wfWikiID(), deprecated since 1.35, now emits deprecation
warnings.
* AbstractBlock::getBy() now takes a wikiId as a parameter and emits deprecation
warnings in case of cross-wiki accesses.
* The `button` parameter for `bindUpdateAriaExpandedOnInput` and
`updateAriaExpanded` in checkboxHack.js have been deprecated.
`bindToggleOnSpaceEnter` has also been deprecated in favor of
`bindToggleOnEnter`.
* IDatabase::lockTables() and IDatabase::unlockTables() have been deprecated
with no replacement. Instead, callers should batch updates into atomic
transactions, using FOR UPDATE for SELECT queries.
* EditPage::addNewLineAtEnd() was deprecated; use
TextboxBuilder::addNewLineAtEnd instead.
* EditPage::getCopywarn() was deprecated; use EditPage::getCopyrightWarning
instead.
* EditPage::getCopyrightWarning() without passing a MessageLocalizer parameter
has been deprecated.
* Passing the $formCallback parameter to EditPage::showEditForm, deprecated in
1.25 and previously emitting a warn notice, now emits a deprecation notice.
* EditPage::$action has been deprecated.
* The following properties in EditPage now emit deprecation notices when used
from another class:
- mArticle (use ::getArticle() instead)
- mTitle (use ::getTitle() instead)
- isNew (no replacement)
- allowBlankArticle (no replacement)
- selfRedirect (no replacement)
- allowSelfRedirect (no replacement)
- diff (no replacement)
- textbox2 (no replacement)
- undoAfter (no replacement)
- edit (no replacement)
- contentLength (no replacement)
* The HTMLForm methods getPreText, setPreText, addPreText, getPostText,
setPostText, addPostText, getHeaderText, setHeaderText, addHeaderText,
getFooterText, setFooterText and addFooterText have been renamed to
getPreHtml, setPreHtml, addPreHtml, getPostHtml, setPostHtml, addPostHtml,
getHeaderHtml, setHeaderHtml, addHeaderHtml, getFooterHtml, setFooterHtml and
addFooterHtml respectively.
* The FormSpecialPage methods preText and postText have been renamed to preHtml
and postHtml respectively.
* Article::doDelete, deprecated in 1.37, now emits deprecation notices.
* The following Less mediawiki.mixins have been deprecated:
- .background-image()
- .list-style-image()
* Category::getPageCount now takes a parameter. Category::COUNT_ALL_MEMBERS
return count of all members while Category::COUNT_CONTENT_PAGES return that
of content pages. For the former behavior use Category::getMemberCount()
* Using `new HTMLForm( … )` or `HTMLForm::factory( … )` without the $context
parameter is now deprecated.
* BagOStuff::incr() and BagOStuff::decr() are now deprecated.
* Action::exists() and ActionFactory::actionExists() are deprecated, use
(bool)ActionFactory::getAction().
=== Other changes in 1.38 ===
* The following things were changed in the file deletion form:
- The name and ID of the submit button are now `wpConfirmB`, not
`mw-filedelete-submit`
- The ID of the form is now `deleteconfirm`, not `mw-img-deleteconfirm`
- The `mw-filedelete-editreasons` class was replaced with
`mw-delete-editreasons`
The goal of these changes is to make the HTML more similar to that of
normal page deletion.
* ParserOptions created with ::newFrom* or ::newCanonical are now identical.
* MediaWiki initialization order have been changed to load vendor autoload
earlier. This means that extensions that are installed via composer and
execute code upon autoloading can not depend on any MediaWiki classes,
constants or globals in that code.
* The source of truth for configuration defaults is now the MainConfigSchema
class. DefaultSettings.php still exists for backwards compatibility. A PHP
file generated for optimized loading will be used in Setup.php to initialize
configuration variables. Setup.php can be made to load DefaultSettings.php
as before by setting MW_USE_LEGACY_DEFAULT_SETTINGS as an environment
variable (e.g. via SetEnv in htaccess) or a PHP constant (e.g. via
auto_prepend_file in php.ini).
== Compatibility ==
MediaWiki 1.38 requires PHP 7.3.19 or later and the following PHP extensions:
* ctype
* dom
* fileinfo
* iconv
* intl
* json
* mbstring
* xml
MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used,
but support for them is somewhat less mature.
The supported versions are:
* MySQL 5.5.8 or later
* PostgreSQL 9.4 or later
* SQLite 3.8.0 or later
== Online documentation ==
Documentation for both end-users and site administrators is available on
MediaWiki.org, and is covered under the GNU Free Documentation License (except
for pages that explicitly state that their contents are in the public domain):
https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
== Mailing list ==
A mailing list is available for MediaWiki user support and discussion:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
A low-traffic announcements-only list is also available:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
It's highly recommended that you sign up for one of these lists if you're
going to run a public MediaWiki, so you can be notified of security fixes.
== IRC help ==
There's usually someone online in #mediawiki on irc.libera.chat.
= MediaWiki 1.37 =
== MediaWiki 1.37.6 ==
This is a maintenance release of the MediaWiki 1.37 branch.
=== Changes since MediaWiki 1.37.5 ===
* Fix missing use statement from backport of fix for T307278.
== MediaWiki 1.37.5 ==
This is a security and maintenance release of the MediaWiki 1.37 branch.
=== Changes since MediaWiki 1.37.4 ===
* Localisation updates.
* (T312519, T312520) Parser::extensionSubstitution() Don't run substr() on null.
* (T287564) populateInterwiki: Include not null columns iw_api/iw_wikiid.
* (T312302) SpecialRedirect: Don't pass null to explode.
* RemoveInvalidEmails: Fix quoting for postgres.
* (T312678) import: UploadSourceAdapter::stream_read() don't pass null to
strlen().
* (T312300) SpecialDiff: Don't pass null to explode().
* (T312680) parser: Fix CoreParserFunctions::urlencode() null coalescence $arg.
* (T289926) Handle null passed to wfShorthandToInteger() and Html::element().
* (T289926) Ensure that strlen() does not get passed a (valid) null.
* (T312301) SpecialDiff: Don't pass null to trim().
* Hooks: Use more meaningful name for SkinAfterPortlet hook parameter.
* (T289926) Ensure we don't pass null to mb_strlen.
* (T312305, T311572, T311571, T311578) HTMLForm: Null coalescence in trim()
calls.
* (T289926) site: Consistently return null from Site::getDomain().
* (T307304, T289879) filebackend,jobqueue: Add signature for
FilterIterator::accept().
* (T312183) rdbms: Adapt hasOrMadeRecentPrimaryChanges test mock for PHP 8.1.
* Add application/vnd.ms-opentype to MIME list.
* Allow composer/installers plugin in composer.json.
* Change type hints for BatchRowIterator and NotRecursiveIterator for
compatibility with PHP 8.1.
* (T313663) [php8.1] Change override of $wgResourceBasePath for CSP tests.
* (T313663) parser: Mock WikiPage::getContentModel in ParserCacheTest to fix
php8.1.
* (T313663) [php8.1] Make WikiImporterFactoryTest use better mock for
ImportSource.
* Fix tests so getName() doesn't return null.
* (T313663) [php8] Don't use strlen on potentially null string.
* (T313663) [php8.1] Suppress test warning about providing null.
* (T313663) Parser will use current timestamp instead of null if passed a
RevisionRecord that does not have a timestamp.
* (T313663) Add explicit null check for $sha in FileBackend [php8.1].
* (T313663) LogFormatter: Cast argument of ctype_digit to string [php8.1].
* (T313663) Mock UserOptionsManager::getOption for php8.1.
* (T289879, T289926) Get rid of warnings on PHP 8.1.
* (T313663) Check for null return of preg_replace in MediaWikiTitleCodec.
* (T313663) cast db name to string when checking if it is read only [php8.1].
* (T313663) Avoid testing strlen on null in ApiQuerySiteinfo [php 8.1 compat].
* Fix a couple deprecation warnings in the installer under PHP 8.1.
* (T313663) Use default timezone UTC for SpecialWatchlistTest [php 8.1].
* (T313663) Mock User::getTitleKey in SpecialPreferencesTest [php 8.1].
* (T314096) Migrate use of ${var}-style string interpolation.
* (T314099) preprocessor: Add missing field declarations.
* (T313663, T313662) Make default value for optional args {{PAGESINCAT:..}} be
'' not null.
* (T314225) SpecialCategories: Null coalescene $par.
* (T314099) User: Allow dynamic properties on PHP 8.2.
* (T314397) SpecialBlock: Better handle null in getTargetUserTitle.
* (T314099) phpunit: Fix trivial dynamic property usages in tests.
* (T314405) UploadStash: Check if us_prop is set in the fileMetadata.
* (T313663) Make ChangesListSpecialPageTest cast to string for php 8.1.
* (T313663) Do not test giving a null fragment to Title::makeTitle.
* (T314550) SpecialMergeHistory: Set timestamp to '' if no mergepoint.
* (T314551) SpecialMergeHistory: Set defaults for target and dest parameters.
* api: Add rel=nofollow to help examples.
* (T307613) Validate length of user email on Special:ChangeEmail/
Special:CreateAccount.
* (T314226) LoginSignupSpecialPage: Check if $value is a string before length.
* (T314824) tests: Update parser test after i18n change.
* (T295958, T278847) MediaWiki-Docker: Switch PHP images to PHP7.4.
* (T314906, T314907) SpecialBlock: Set defaults for wpPageRestrictions and
wpNamespaceRestrictions.
* (T315309) ImportStreamSource::newFromURL() Prevent passing null to fwrite.
* (T315892) composer.json: Pin phpunit to 8.5.28.
* (T313049) Bump wikimedia/parsoid to v0.14.2.
* (T317750) session: Fix broken SessionTest case due to PHPUnit dependency
change.
* (T318079) SpecialEditTags: Set default value of wpTagsToRemove to empty array.
* (T318460) SpecialChangeEmail: Set default for returntoquery.
* (T318307) Update docs for HTMLFormField::validate() to permit all data types.
* (T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results
in an IP range check on Special:Contributions.
* (T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence
of hidden users.
* (T307278, CVE-2022-41766) SECURITY: On action=rollback the message
"alreadyrolled" can leak revision deleted user name.
== MediaWiki 1.37.4 ==
This is a maintenance release of the MediaWiki 1.37 branch.
=== Changes since MediaWiki 1.37.3 ===
* Localisation updates.
* (T311568) UploadBase::setTempFile() handle $tempPath being passed as null.
* (T311559) SpecialListFiles: user parameter isn't always present.
* (T311561) ImageListPager: Don't call htmlspecialchars() on null.
* (T311920) SpecialBlockList: Prevent passing null to trim().
* (T311921) SpecialUserrights: Don't pass null to str_replace.
* (T311570) SpecialWithoutInterwiki: Don't pass null through to
Title::capitalize().
* (T311574, T311576) SpecialLinkSearch: Don't pass null through to the parser.
* (T312059) Update guzzlehttp/guzzle to 7.4.5 in vendor.
* (T296435, T297669) cache: Add four fields to LinkCache::getSelectFields.
== MediaWiki 1.37.3 ==
This is a security and maintenance release of the MediaWiki 1.37 branch.
=== Changes since MediaWiki 1.37.2 ===
* Localisation updates.
* (T289879) Type hints for ArrayAccess and JsonSerializable.
* (T304783) TemplateParser: avoid warnings when called by NoLocalSettings.
* Rebuilt vendor with composer 2.3.3.
* Fix old_name in UserLogoutComplete hook.
* (T289879) Address some deprecations for PHP 8.1.
* (T193565) UserGroupManager: Fix dbDomain in addUserToGroup() deferred update.
* (T309114) LocalFile::prerenderThumbnails: Limit the number of thumbnail jobs
triggered.
* (T307982) Updated wikimedia/parsoid from v0.14.0 to v0.14.1.
* (T308471) SECURITY: Escape welcomeuser message passed to showSuccessPage().
* (T308473) SECURITY: Escape contributions-title msg for use within page title.
* (T311272) Call parent constructor of AddSite maintenance script first.
* MediaWiki: Don't eagerly initialize action name.
* Updated wikimedia/shellbox from v2.0.0 to v2.1.1.
* (T311384, CVE-2022-27776) Updated guzzlehttp/guzzle from 7.2.0 to 7.4.5.
* (T289926) Avoid passing null to trim() in SkinTemplate.
* (T311473) rollbackEdits: Pass user identity to RollbackPage.
* (T307282) Avoid passing null to strcasecmp(), for PHP 8.1.
* (T311551) ShellboxClientFactory::getUrl(): Check if $this->key is null.
* (T311552) ChangesListSpecialPage: Don't pass null to FormatJson::decode().
* (T311569) FileBackend::isStoragePath() Handle being passed null.
* (T311544) Pass int to ApiUsageException::newWithMessage()'s $httpCode param.
* (T311678) SpecialEditWatchlist: Prevent passing null to strtolower().
* (T281741) ChangeTags: Fix adding CSS classes for hidden tags.
* (T296642) changetags: Fix management of a '0' tag.
* (T311554) ChangeTags: Return early in formatSummaryRow() if $tags === null.
* (T303033) Handle null in ChangeTags::modifyDisplayQuery.
* Updated wikimedia/common-passwords from 0.3.0 to 0.4.0.
== MediaWiki 1.37.2 ==
This is a security and maintenance release of the MediaWiki 1.37 branch.
=== Changes since MediaWiki 1.37.1 ===
* (T298261) Fix support for Composer 2.2.
* (T298283) composer.json: Add wikimedia/composer-merge-plugin to allow-plugins.
* Update doctrine/dbal (3.0.0 => 3.1.5).
* (T296898) Add entry point name to disabled Session exception if possible.
* (T298564) MemcachedClient: Add support for IPv6.
* (T297543, CVE-2022-28202) SECURITY: properly escape output used within
galleries and Special:RevisionDelete.
* (T289956) WatchAction: Fix bug that prevents showing proper success
message in the noscript fallback mode.
* (T268847) Suppress deprecation warnings from libxml_disable_entity_loader().
* (T283275) Fix PHP 8.0 failure of RefreshSecondaryDataUpdateTest.
* (T283275) Fix PHP 8.0 failure of WikiExporterFactoryTest.
* (T275673) objectcache: Avoid getCurrentTime() call in MapCacheLRU::has().
* (T275673) objectcache: split up MapCacheLRU::getAge() to avoid conditional
overhead.
* Fix the json schema and the extension processor for Parsoid extension modules.
* (T299696) update.php: Avoid passing null to substr.
* (T195807, T256401) Fix signature of DatabasePostgres::buildGroupConcatField.
* In PHP 8.1 don't throw exceptions from mysqli.
* (T289926) SiteConfiguration: Don't pass null to str_replace().
* (T264735) Fix deprecation warning from CURLPIPE_HTTP1.
* (T260735) Stop using is_resource() where possible.
* (T289879) Apply ReturnTypeWillChange to various implementations of built in
interfaces.
* (T299312) Implement __serialize/__unserialize for PHP 8.1 support.
* ExtensionRegistry: Add process cache for lazy attributes.
* (T301041) ApiPageSet: Add "missing": true to missing revisions.
* Allow ParsoidModules extension schema to register services.
* (T300462) SpecialUndelete: Do not show empty comments as deleted.
* (T297708) Allow setting max execution time to several special pages.
* (T205349) LinkCache: Try invalidating cache before throwing.
* (T302540) composer.json: Add ext-calendar to require.
* (T302540) composer.json: Add ext-simplexml to require-dev.
* (T302540) composer.json: Add various PHP extensions to suggests.
* Upgrading symfony/polyfill-php80 (v1.23.1 => v1.25.0).
* (T304008) Don't re-check "Move subpages" on Special:MovePage after a warning.
* (T293576) listFiles: Display file name instead of version.
* (T303871) Fix @since of Title::getId().
* (T303560) Installer: Check correct PCRE_CONFIG_NEWLINE value.
* wrapOldPasswords: add \n to two output calls.
* (T297571, CVE-2022-28201) Title::newMainPage() goes into an infinite recursion
loop if it points to a local interwiki.
* (T297731, CVE-2022-28203) Requesting Special:NewFiles on a wiki with many file
uploads with actor as a condition can result in a DoS.
* (T297754, CVE-2022-28204) Special:WhatLinksHere can result in a DoS when a
page is used on a extremely large number of other pages.
== MediaWiki 1.37.1 ==
This is a security and maintenance release of the MediaWiki 1.37 branch.
=== Changes since MediaWiki 1.37.0 ===
* (T296112) Allow inserting new sections named '0'.
* Fix path for ZhConversion.php.
* nukeNS: don't run purgeRedundantText() after every change.
* (T286779, T297031) installer: Fix Postgres mistakes in using changeField
method.
* (T225888) RollbackAction: fix missing pagetitle.
* (T297322, CVE-2021-44858, CVE-2021-44857) SECURITY: Fix permissions checks in
undo actions.
* (T297574, CVE-2021-45038) SECURITY: Fix permissions check in action=rollback.
* (T34716, T297416) SECURITY: Require 'read' right for most actions.
* (T271037, CVE-2021-44856) SECURITY: Fix use of EditFilterMergedContent hook
when changing content model.
== MediaWiki 1.37.0 ==
=== Changes since MediaWiki 1.37.0-rc.2 ===
* Remove justinrainbow/json-schema from vendor.
* Updated pear/mail_mime from 1.10.9 to 1.10.11.
* Update deprecated Guzzle Psr7 function calls.
* (T281972) UserIdentityValue: Correct @since tags.
* Updated wikimedia/parsoid from v0.14.0-a19 to v0.14.0.
* Localisation updates.
* Tweak error message for missing composer dependencies.
== MediaWiki 1.37.0-rc.2 ==
=== Changes since MediaWiki 1.37.0-rc.1 ===
* (T295173) Re-add wikimedia/normalized-exception to vendor.
* Remove wikimedia/testing-access-wrapper, psr/simple-cache, psr/http-factory
from vendor.
* (T295191) ApiQuerySiteinfo: Fix "rightsinfo"/"url" when $wgRightsPage is set.
* (T212428) Allow populateContentTables to continue when there are bad blobs.
== MediaWiki 1.37.0-rc.1 ==
=== Changes since MediaWiki 1.37.0-rc.0 ===
* (T294043) checkStorage: pass no parameters to WikiRevision::getContent().
* (T292763, CVE-2021-44854) SECURITY: Do not cache private wiki completion
results.
* (T293783) ApiQueryImageInfo: don't show empty comments as deleted.
* (T294316) Revert "Mark ApiClientLogin/ApiLogin as requiring write mode".
* (T294796) JobQueueRedis: Replace deprecated zSize with zCard.
* Remove duplicate settings from DefaultSettings.
* (T278037) NoLocalSettings: Pass an EmptyBagOStuff to TemplateParser.
== MediaWiki 1.37.0-rc.0 ==
== Upgrading notes for 1.37 ==
Don't forget to always back up your database before upgrading!
See the file UPGRADE for more detailed per-version upgrade instructions from the
oldest supported upgrading version, MediaWiki 1.27.
Some specific notes for MediaWiki 1.37 upgrades are below:
* (T280806) Deprecated methods of fetching API tokens have been removed. This
may cause older bots and scripts to fail. Most queries are trivially
updateable to using new methods. See the Action API changes section below
for more information.
For notes on 1.36.x and older releases, see HISTORY.
=== Configuration changes for system administrators in 1.37 ===
* (T242768) The PasswordCannotMatchUsername password policy has been removed,
please use PasswordCannotBeSubstringInUsername instead. If you have not
customised your password policies, there will be nothing to do here.
==== New configuration ====
* $wgBrowserFormatDetection - This setting allows the enabling or disabling
of automatic detection of possible phone numbers in a webpage in iOS Safari.
* $wgParserEnableLegacyMediaDOM - This setting defaults to true, and enables
the legacy media HTML structure in the output from the Parser. The
alternative modern HTML structure for media is described at
https://www.mediawiki.org/wiki/Parsing/Media_structure
In a future release of MediaWiki this option will default to false,
so it's a good idea to test this setting on your wiki early and report
any issues.
==== Changed configuration ====
* $wgContentHandlerTextFallback - This migration setting, which defines how to
react if a plain text version of a non-text Content object is requested using
ContentHandler::getContentText(), is deprecated.
* $wgActions – This setting lets sysadmins over-ride which actions can be used.
It has been re-worked to support injecting dependencies into Action sub-
classes as part of wider work on dependency injection. Previously, $wgActions
was an array where the keys were the names of actions, and the values had the
following impacts (for a given key 'Foo'):
- `true`: use the class 'FooAction' unless for a specific page
WikiPage::getActionOverrides() wants to override that action
- a string: use the class with that name, and do not allow over-riding on a
per-page basis
- `false`: the action is disabled
- a callable: use the Action instance returned by invoking that callback, and
do not allow overriding on a per-page basis
- an object: use that specific Action instance, and do not allow overr-iding
on a per-page basis.
As part of T253078, values can now be arrays that are not callables, which are
treated as ObjectFactory specs, allowing for services to be injected.
Additionally, the distinction between values that allow per-page overrides and
those that do not was removed - all actions can now be overridden on a per-
page basis using WikiPage::getActionOverrides().
* $wgShellboxUrl – This setting, new in 1.36 to configure the novel Shellbox
encapsulation system, is now deprecated; use $wgShellboxUrls as a mapping of
service => URL instead.
* $wgIncludejQueryMigrate – This setting, introduced in 1.29 to on whether to
provide a migration layer for jQuery, has now switched its default value from
true to false. This may break gadgets that depended on methods that were
removed in jQuery 3 in 2017. See T280944 for more information.
* A number of settings have been renamed. The former configuration variable
names are deprecated, but will be used as the fall back if they are still set,
and remain temporarily available for extensions which might try to read them:
- $wgFileBlacklist is now $wgProhibitedFileExtensions
- $wgMimeTypeBlacklist is now $wgMimeTypeExclusions
- $wgEnableUserEmailBlacklist is now $wgEnableUserEmailMuteList
- $wgShortPagesNamespaceBlacklist is now $wgShortPagesNamespaceExclusions
* $wgMimeTypeExclusions - As well as being renamed, this configuration array now
also prohibits the RFC 4329 form of JavaScript, 'application/javascript', as
well as previous MIME types.
* $wgFragmentMode - This setting, which determines the encoding of section IDs,
has now switched its default value from legacy-first to html5-first: both the
HTML5 anchor and the legacy percent-encoding-style anchor will still be
generated for section titles, but references to them will use the HTML5
version, resulting in human-readable fragments.
==== Removed configuration ====
* $wgLegacyJavaScriptGlobals, deprecated in 1.36.
* (T274695) $wgAjaxEditStash, deprecated in 1.36.
* $wgShowDBErrorBacktrace, deprecated and non-functional since 1.32.
* $wgShowSQLErrors, deprecated and non-functional since 1.32.
* $wgLangObjCacheSize, without deprecation; the LanguageFactory service now
always retains at most 10 objects in its LRU-cache.
* $wgDjvuToXML, without deprecation; the tool it enables is obsolete and
abandoned upstream. Use $wgDjvuDump to use that tool instead.
=== New user-facing features in 1.37 ===
* (T161934) MediaWiki now supports JPEG2000 files, to a limited extent.
=== External library changes in 1.37 ===
==== New external libraries ====
* Added symfony/polyfill-php80 1.23.1.
* Added whatwg-fetch 3.6.2.
* Added wikimedia/normalized-exception 1.0.1.
==== Changed external libraries ====
* Updated OOjs from v5.0.0 to v6.0.0
* Updated OOjs-Router from v0.2.0 to v0.3.0
* Updated OOUI from v0.41.3 to v0.42.0
* Updated WVUI from v0.1.0 to v0.3.0
* Updated cssjanus/cssjanus from v1.3.0 to v2.1.0.
* Updated pear/mail_mime from 1.10.9 to 1.10.11.
* Updated psr/container from v1.0.0 to v1.1.1.
* Updated wikimedia/minify from v2.2.2 to v2.2.4.
* Updated wikimedia/object-factory from v3.0.0 to v3.0.2.
* Updated wikimedia/parsoid from v0.13.1 to v0.14.1.
* Updated wikimedia/relpath from v2.1.1 to v3.0.0.
* Updated wikimedia/remex-html from v2.3.1 to v2.3.2.
* Updated wikimedia/shellbox from v1.0.4 to v2.1.1.
* Updated wikimedia/wait-condition-loop from v2.0.1 to v2.0.2.
* Updated zordius/lightncandy from v1.2.5 to v1.2.6.
* Updated guzzlehttp/guzzle from 7.2.0 to 7.4.5.
* Updated wikimedia/common-passwords from 0.3.0 to 0.4.0.
===== Changed development-only external libraries =====
* Updated qunit from 2.10.0 to 2.16.0.
==== Removed external libraries ====
* The pimple/pimple development-only library has been removed.
=== Action API changes in 1.37 ===
* (T280806) The API methods for fetching tokens which were deprecated in
MediaWiki 1.24 have been removed. action=query&meta=tokens&type= should be
used instead. Please note some token types no longer exist, and you should
just use type=csrf for those instead.
- action=query&prop=info&intoken ->
action=query&meta=tokens&type=csrf
- action=tokens&type= ->
action=query&meta=tokens&type=
- action=query&list=recentchanges&rctoken ->
action=query&meta=tokens&type=csrf
- action=query&prop=revisions&rvtoken=rollback ->
action=query&meta=tokens&type=rollback
- action=query&meta=userinfo&uiprop=preferencestoken ->
action=query&meta=tokens&type=csrf
- action=query&list=users&ustoken=userrights ->
action=query&meta=tokens&type=userrights
=== Languages updated in 1.37 ===
MediaWiki supports over 350 languages. Many localisations are updated regularly.
Below only new and removed languages are listed, as well as changes to languages
because of Phabricator reports.
* (T280435) LRM and RLM characters were removed from names of languages with
parentheses in Names.php
* (T283422) Add namespace name translations and change the autonym of
the Kinyarwanda language to "Ikinyarwanda".
* (T283423) Change the autonym of the Lombard language from "lumbaart"
to "lombard".
* (T279619) Added language support for Dagbani (dag).
* (T282085) Added language support for Malay in Arabic (Jawi) script (ms-arab).
* (T283053) Added language support for Ojibwe (ojb).
* (T283480) Added language support for Wallisian (wls, Fakaʻuvea).
* (T284002) Added language support for Paiwan (pwn).
* (T284044) Added language support for Carpathian Romani (rmc).
* (T286460) Added language support for Gun (guw, Gungbe).
* (T287345) Added language support for Baoulé (bci).
* (T290126) Added language support for Kildin Sami (sjd).
* (T290408) Added language support for Pite Sami (sje).
* (T25216) Started the renaming of the language code for Norman from nrm to
nrf.
=== Breaking changes in 1.37 ===
* The Revision class, emitting deprecation warnings since 1.35, was removed
entirely. As part of this, the following hooks that included a Revision object
were removed:
- ArticleRevisionUndeleted - use RevisionUndeleted
- ArticleRollbackComplete - use RollbackComplete
- DiffRevisionTools - use DiffTools
- DiffViewHeader - use DifferenceEngineViewHeader
- HistoryRevisionTools - use HistoryTools
- NewRevisionFromEditComplete - use RevisionFromEditComplete
- PageContentInsertComplete - use PageSaveComplete
- PageContentSaveComplete - use PageSaveComplete
- ParserFetchTemplate - use BeforeParserFetchTemplateRevisionRecord
- RevisionInsertComplete - use RevisionRecordInserted
- TitleMoveComplete - use PageMoveComplete
- TitleMoveCompleting - use PageMoveCompleting
- UndeleteShowRevision - no replacement
- UserRetrieveNewTalks - no replacement
… the following methods and variables have been removed:
- Article::$mRevision
- Article::getRevisionFetched()
- ContribsPager::tryToCreateValidRevision()
- EditPage::$mBaseRevision
- EditPage::getBaseRevision()
- LinksUpdate::getRevision()
- LinksUpdate::setRevision()
- PageArchive::getArchivedRevision()
- PageArchive::getPreviousRevision()
- PageArchive::getRevision()
- Parser::$mRevisionObject
- Parser::fetchCurrentRevisionOfTitle()
- Parser::getRevisionObject()
- Parser::statelessFetchRevision()
- ParserOptions::getCurrentRevisionCallback()
- ParserOptions::setCurrentRevisionCallback()
- Title::countAuthorsBetween()
- Title::getFirstRevision()
- User::getNewMessageLinks()
- User::getNewMessageRevisionId()
- User::setNewtalk()
- WikiPage::getOldestRevision()
- WikiPage::getRevision()
- WikiPage::getUndoContent()
- WikiPage::updateIfNewerOn()
… and the following methods no longer accept Revision objects as parameters:
- CategoryMembershipChange::__construct()
- ContentHandler::getUndoContent()
- DerivedPageDataUpdater::prepareUpdate()
- DifferenceEngine::getRevisionHeader()
- Linker::buildRollbackLink()
- Linker::generateRollback()
- Linker::getRevDeleteLink()
- Linker::getRollbackEditCount()
- Linker::revComment()
- Linker::revUserLink()
- Linker::revUserTools()
- WikiPage::doDeleteUpdates()
- WikiPage::doEditUpdates()
- WikiPage::hasDifferencesOutsideMainSlot()
- WikiPage::onArticleEdit()
- WikiPage::prepareContentForEdit()
- WikiPage::updateRevisionOn()
The following methods return arrays that formerly included a 'revision'
key that would emit deprecation warnings when accessed and return a
Revision object. The Revision object has been removed from the arrays,
and the 'revision-record' key should be used to get the relevant
RevisionRecord instead:
- PageUpdater::doCreate()
- PageUpdater::doModify()
- Parser::statelessFetchTemplate()
- WikiPage::doEditContent()
Finally, the ParserOptions `templateCallback` option is a callback that is
called in Parser::fetchTemplateAndTitle() and should return an array - the
'revision' key to that array used to be a Revision object and was used if
no 'revision-record' was returned - is now ignored.
* Previously, the classes RevisionTestModifyableContent and
RevisionTestModifyableContentHandler were loaded for use in tests, but were
only used within the tests for the since-removed Revision class. This content
and content handler class were removed without deprecation.
* WANObjectCache::HOLDOFF_NONE, deprecated since 1.35, was removed. Use
WANObjectCache::HOLDOFF_TTL_NONE instead.
* Calling ResourceLoader::makeVersionQuery() without $modules parameter,
deprecated since MediaWiki 1.34, is no longer supported.
* LocalFile::recordUpload2(), deprecated since 1.35, was removed.
* The following methods and fields in the Language class, deprecated since 1.35,
have been removed:
- ::classFromCode()
- ::clearCaches()
- ::convertTitle()
- ::findVariantLink()
- ::$mConverter
- ::updateConversionTable()
* The following methods in the Parser class have been removed after having been
deprecated in 1.35:
- fetchTemplate()
- Title()
* (T273354) When an edit is prevented by an 'EditFilterMergedContent' hook
handler without changing the status, the edit form will now be displayed.
* User::clearNotification() which had been deprecated in 1.35 has been removed.
Use WatchlistManager::clearTitleUserNotification() instead.
* User::getNewtalk() which had been deprecated in 1.35 has been removed. Use
TalkPageNotificationManager::userHasNewMessages() instead.
* The Autopromote class, deprecated since 1.35, was removed. Use
UserGroupManager instead.
* The CachedAction, SpecialCachedPage, CacheHelper, and ICacheHelper classes,
all emitting deprecation warnings since 1.36, have been removed.
* The hooks BeforeHttpsRedirect, CanIPUseHTTPS and UserRequiresHTTPS, deprecated
in 1.35, were removed.
* The TitleArrayFromResult hook, deprecated in 1.36, was removed.
* The deprecated "es6-promise" alias ResourceLoader module has been removed. Use
the "es6-polyfills" module directly intead.
* The deprecated "mediawiki.legacy.protect" ResourceLoader module, deprecated
since 1.36, has been removed. Use "mediawiki.action.protect" instead.
* The JavaScript alias $j for references to jQuery, deprecated since 1.23, has
been removed. Use $ instead.
* The AuthenticationProvider interface and the SessionProvider class no longer
extend the PSR LoggerAwareInterface concept, so they can't be typehinted as
LoggerAwareInterface.
* User::getGrantName(), emitting deprecation warnings since 1.36, has been
removed. Use MWGrants::grantName() instead.
* The following ApiBase methods, deprecated since 1.35, have been removed:
- ApiBase::explodeMultiValue
- ApiBase::parseMultiValue
- ApiBase::validateLimit
- ApiBase::validateTimestamp
* The User::idCacheByName() public static field was removed without deprecation.
Instead of using it, get a UserIdentity by name from the UserIdentityLookup
service.
* IDatabase::upsert() and IDatabase::replace() now only accept a single unique
key. Previously, a warning was issued if there were multiple unique keys
provided.
* The MediaWiki:Autoblock_whitelist block exemption control was moved in 1.36 to
MediaWiki:Block-autoblock-exemptionlist. The backward-compatibility of reading
the old MediaWiki:Autoblock_whitelist page has now been dropped.
* The following overridable methods in File hierarchy have changed signatures:
- File::deleteFile() - now accepts UserIdentity instead of User
- File::getDescription() - now accepts Authority instead of User
- File::userCan() - now accepts Authority instead of User
- LocalFile::deleteOldFile() - now accepts UserIdentity instead of User
* The following global methods, each deprecated since 1.36, have been removed:
- wfAppendToArrayIfNotDefault()
- wfAcceptToPrefs()
- wfConfiguredReadOnlyReason()
- wfDebugMem()
- wfGetPrecompiledData()
- wfNegotiateType()
* The following deprecated methods of the Title class have been removed:
- ::nameOf(), deprecated in 1.36
- ::getPreviousRevisionID(), deprecated in 1.34
- ::getNextRevisionID(), deprecated in 1.34
- ::getEarliestRevTime(), deprecated in 1.35
* UploadBase::stashFile(), deprecated since 1.28, was removed.
* wfGetRusage(), deprecated since 1.35, has been removed.
* The following CLI options were removed from tests/phpunit.php:
- use-filebackend
- use-jobqueue
- use-bagostuff
The following options (inherited from Maintenance) were also removed:
- conf
- dbuser
- dbpass
- dbdefaultgroup
- globals
- memory-limit
- profiler
- server
The following options were changed to environment variables:
- wiki => PHPUNIT_WIKI
- use-normal-tables => PHPUNIT_USE_NORMAL_TABLES
- use-filebackend => PHPUNIT_USE_FILEBACKEND
- use-bagostuff => PHPUNIT_USE_BAGOSTUFF
- use-jobqueue => PHPUNIT_USE_JOBQUEUE
This is so that we can use the default PHPUnit entry point (T90875).
* The PHPUNIT_REUSE_DB / --reuse-db option was removed from the phpunit.php
runner. It had been broken for at least three years already. The original use
case was speeding up tests on Oracle, but Oracle support was dropped several
releases ago.
* The MediaWikiPHPUnitTest__endTestHook and MediaWikiPHPUnitTest__startTestHook
PHPUnit hooks were removed. MediaWikiHooksPHPUnitExtension was also removed.
* EntryPoint::getTextFormatters() was made private without a deprecation period;
it had no known external callers.
* DatabaseBlock::chooseBlock(), deprecated since 1.35, was removed.
* SpecialPageFactory::getRestrictedPages(), deprecated since 1.36, was removed.
* SpecialBlock::validateTarget(), deprecated since 1.36, was removed.
* The PatchFileLocation trait was removed without deprecation.
* ActorMigrationBase::getExistingActorId() and ::getNewActorId(), emitting
deprecation warnings since 1.36, were removed.
* Hook handlers implementing the MediaWikiServicesHook hook are now prohibited
from having services injected. This is because by definition, this hook runs
before the service container is fully initialized.
* The protected property LocalFile::$metadata was removed without deprecation.
* WatchedItem::getUser(), emitting deprecation warnings since 1.36, has been
removed.
* AuthManager::singleton(), emitting deprecation warnings since 1.36, has been
removed.
* The AugmentPageProps class was removed without deprecation. It had no known
uses.
* Html::infobox(), deprecated since 1.36, was removed.
* ParserOptions::__construct() now requires that the first parameter is a
UserIdentity object - passing `null` used to fallback to the global
$wgUser but was deprecated since 1.36.
* ParserOptions::newCanonical() no longer supports the first parameter being
null (or omitted entirely), which would fallback to the global $wgUser but
was deprecated since 1.35.
* The SkinTemplatePreventOtherActiveTabs hook, deprecated in 1.35, was removed
entirely.
* The SkinTemplateTabAction hook, deprecated in 1.35, was removed entirely.
* The SkinTemplateBuildNavUrlsNav_urlsAfterPermalink hook, deprecated in 1.35,
was removed entirely.
* The SkinTemplateToolboxEndHook, deprecated in 1.35, was removed entirely.
* The following methods of RevisionStore class, formerly emitting deprecation
warnings, were removed:
- ::newMutableRevisionFromArray()
- ::loadRevisionFromPageId()
- ::loadRevisionFromTitle()
- ::loadRevisionFromTimestamp()
- ::listRevisionSizes()
* LogEntry::getPerformer(), deprecated since 1.36, was removed along with
methods in sub-classes: DatabaseLogEntry, ManualLogEntry, RCDatabaseLogEntry.
* Skin::getRelevantUser() now returns an instance of UserIdentity, and not
necessarily a User object. There is no known usages in MediaWiki ecosystem
that were not satisfied with UserIdentity.
* Direct construction of MergeHistory class, deprecated since 1.35, is no longer
supported. Use MergeHistoryFactory instead. MergeHistory::checkPermissions,
deprecated since 1.36, was removed.
* Skin::generateDebugHTML(), deprecated since 1.35, was removed. Call
MWDebug::getHTMLDebugLog() directly.
* The ApiTestCase class no longer interacts with the global $wgUser.
Previously, the global variable was set at the start of each test, and in
ApiTestCase::doApiRequest() if a performer was specified $wgUser was
updated to match, and if no performer was specified $wgUser was used
instead. Now, $wgUser is not updated, and if no performer is specified
the reusable TestUser object for the sysop is relied on. Extensions
or skins that rely on the global $wgUser variable (which has been
deprecated since 1.35) should instead retrieve the acting user from the
relevant context source.
* SkinTemplate::makeArticleUrlDetails(), deprecated since 1.35, was removed.
* Skin::makeNSUrl(), deprecated since 1.35, was removed.
* Skin::getRevisionId(), deprecated since 1.34, was removed. Use
OutputPage::getRevisionId() instead.
* Skin::isRevisionCurrent(), deprecated since 1.34, was removed. Use
OutputPage::isRevisionCurrent() instead.
* AbstractBlock::parseTarget(), deprecated since 1.36, was removed.
* The ArticleEditUpdates hook, deprecated since 1.35, was removed.
* The `@stable to extend` class CentralIdLookup has following changes:
- The protected ::checkAudience() method now returns an Authority instead of a
User instance.
- A number of its `@stable to override` methods now accept an Authority
instead of a User instance as the $audience parameter.
- A number of methods now accept a UserIdentity instead of their User
parameter.
- The ::localUserFromCentralId() method now returns UserIdentity and not
necessarily a User object.
All extensions that extend this class or use this method were updated to be
ready to the new behavior.
* WatchedItemStoreInterface::enqueueWatchlistExpiryJob(), deprecated since 1.36,
was removed.
* ResultWrapper is now abstract. It cannot be directly constructed (T286694).
* The SecondaryDataUpdates hook, deprecated in 1.32, was removed entirely.
* Content::getDeletionUpdates(), was removed. Use
ContentHandler::getDeletionUpdates() instead.
* Content::getSecondaryDataUpdates(), was removed. Use
ContentHandler::getSecondaryDataUpdates() instead.
* wfDiff(), deprecated since 1.25, has been removed.
* Language::$mLangObjCache, deprecated since 1.35, was removed.
* Language::$transformData, deprecated since 1.35, was removed.
* Language::transformUsingPairFile() was marked @internal. Its deprecated
parameters are no longer supported.
* SpecialMute::getTarget(), unused outside of the SpecialMute class, was
made private.
* The Skin::setupSkinUserCss() method, deprecated in 1.32, was removed. Please
use skin registration instead.
* The ResourceLoaderSkinModule `legacy`, `content` and `content-thumbnails`
features were deprecated. Skins should instead select from the features
listed on [[mw:Manual:ResourceLoaderSkinModule]].
* ParserCache::getKey() and ::getEtag(), deprecated since 1.36, were removed.
* The BaseTemplateToolbox hook, deprecated since 1.35, was removed.
* Previously a capitalize-all-nouns class was added to the body element of
languages where nouns must be capitalized. This class is no longer added to
the body tag and must be provided by skins.
* The SkinTemplateOutputPageBeforeExec hook, deprecated since 1.35, was removed.
* Calling Message::toString() without a parameter, which triggered deprecation
warnings since 1.36, is no longer supported. You can instead use the explicit
formatting methods directly, such as Message::text() and Message::escaped().
* Article::getContentObject(), deprecated since 1.32, was removed.
* Article::delete(), Article::confirmDelete() and ImagePage::delete() were
removed. The logic responsible for building the form is being
moved to DeleteAction, while the actual deletion logic will be moved to a
separate service.
* WikiImporter::debugRevisionHandler(), unused and for debug only, was removed.
* Content::preloadTransform() now emits deprecation warnings. Instead, please
use ContentTransformer::preloadTransform(). Extensions defining a content
model should override ContentHandler::preloadTransform().
* Content::preSaveTransform() now emits deprecation warnings. Instead, please
use ContentTransformer::preSaveTransform() instead. Extensions defining
a content model should override ContentHandler::preSaveTransform().
* Constructing WikiPage objects from Title instances that cannot exist, emitting
deprecation warnings since 1.36, now throws an exception. Additionally,
WikiPage now implements ProperPageIdentity, rather than just PageIdentity.
* The Skin::bottomScripts() method is deprecated. Please instead use
OutputPage::getBottomScripts().
* LinksUpdate::getTriggeringUser() now returns ?UserIdentity instead of ?User.
* The LESS mixin `.box-shadow()` (from mediawiki.mixins.less), deprecated since
1.36, was removed. Use CSS property `box-shadow` unprefixed for all basic
supported browsers instead.
* The LESS mixin `.flex()` now no longer tries to support the 2009 version of
the Flexbox specification; support for the 2012 and modern standard versions
remains unchanged.
* The StorageAwareness::ATTR_SYNCWRITES, StorageAwareness::QOS_SYNCWRITES_*,
StorageAwareness::ATTR_LOCALITY, and StorageAwareness::QOS_LOCALITY_*
constants were removed.
=== Deprecations in 1.37 ===
* JobQueue::getWiki(), deprecated in 1.33, now emits deprecation warnings.
* AbstractBlock::getTargetAndType() and ::getTarget() now emit deprecation
warnings. Use ::getTargetName() and ::getTargetUserIdentity() together with
::getType().
* Passing a UserIdentity to WatchlistManager::clearAllUserNotifications() and
WatchlistManager::clearTitleUserNotifications() is now deprecated. Pass an
Authority instead.
* Passing LinkTarget to WatchlistManager::clearTitleUserNotifications() and
WatchlistManager::getTitleNotificationTimestamp(). Pass PageIdentity instead.
* The User class methods ::isWatched(), ::isTempWatched(), ::removeWatch(), and
::addWatch() have been deprecated. Use corresponding methods in
WatchlistManager instead.
* Multiple WatchAction methods have been deprecated in lieu of WatchlistManager:
- ::doWatchOrUnwatch() use WatchlistManager::setWatch()
- ::doWatch() -> WatchlistManager::addWatch()
- ::doUnwatch() -> WatchlistManager::removeWatch()
* WatchAction::getWatchToken() now emits deprecation warnings. Instead use
CsrfTokenSet::getToken().
* Action::getHookContainer() has been marked as internal. Actions that require
access to a hook container should have one injected instead.
* The ::getTitle() and ::setTitle() methods in Parser have been deprecated.
Use ::getPage() and ::setPage() instead.
* Title::isWatchable() has been deprecated. Use WatchlistManager::isWatchable()
instead.
* Methods and classes related to the primary database, previously referred to as
'master', have been deprecated, with the new ones replacing them as follows:
- The DBMasterPos and MySQLMasterPos classes have been respectively renamed to
DBPrimaryPos and MySQLPrimaryPos.
- LocalRepo::getMasterDB() -> ::getPrimaryDB()
- ForeignDBRepo::getMasterDB() -> ::getPrimaryDB()
- JobQueueDB::getMasterDB() -> ::getPrimaryDB()
- ForeignDBViaLBRepo::getMasterDB() -> ::getPrimaryDB()
- DBFileJournal::getMasterDB() -> ::getPrimaryDB()
- ILoadBalancer::getMasterPos() -> ::getPrimaryPos()
- IDatabase::getMasterPos() -> ::getPrimaryPos()
- ILoadBalancer::finalizeMasterChanges() -> ::finalizePrimaryChanges()
- ILoadBalancer::approveMasterChanges() -> ::approvePrimaryChanges()
- ILoadBalancer::beginMasterChanges() -> ::beginPrimaryChanges()
- ILBFactory::beginMasterChanges() -> ::beginPrimaryChanges()
- ILoadBalancer::commitMasterChanges() -> ::commitPrimaryChanges()
- ILBFactory::commitMasterChanges() -> ::commitPrimaryChanges()
- IDatabase::getTopologyRootMaster() -> ::getTopologyRootPrimary()
- IDatabase::masterPosWait() -> ::primaryPosWait()
- ILoadBalancer::runMasterTransactionIdleCallbacks() ->
::runPrimaryTransactionIdleCallbacks()
- ILoadBalancer::runMasterTransactionListenerCallbacks() ->
::runPrimaryTransactionListenerCallbacks()
- ILoadBalancer::rollbackMasterChanges() -> ::rollbackPrimaryChanges()
- ILBFactory::rollbackMasterChanges() -> ::rollbackPrimaryChanges()
- ILoadBalancer::flushMasterSnapshots() -> ::flushPrimarySnapshots()
- ILoadBalancer::hasMasterConnection() -> ::hasPrimaryConnection()
- ILoadBalancer::hasMasterChanges() -> ::hasPrimaryChanges()
- ILBFactory::hasMasterChanges() -> ::hasPrimaryChanges()
- ILoadBalancer::lastMasterChangeTimestamp() -> ::lastPrimaryChangeTimestamp()
- ILoadBalancer::hasOrMadeRecentMasterChanges() ->
::hasOrMadeRecentPrimaryChanges()
- ILBFactory::hasOrMadeRecentMasterChanges() ->
::hasOrMadeRecentPrimaryChanges()
- ILoadBalancer::pendingMasterChangeCallers() ->
::pendingPrimaryChangeCallers()
- ILoadBalancer::forEachOpenMasterConnection() ->
::forEachOpenPrimaryConnection()
- ILoadBalancer::waitForMasterPos() -> ::waitForPrimaryPos()
- Database::assertIsWritableMaster() -> ::assertIsWritablePrimary()
- RevDelList::reloadFromMaster() -> ::reloadFromPrimary()
- ExternalStoreDB::getMaster() -> ::getPrimary()
- DatabaseMysqlBase::getMasterServerInfo() -> ::getPrimaryServerInfo()
- MWExceptionHandler::rollbackMasterChangesAndLog() ->
::rollbackPrimaryChangesAndLog()
* wfGetLB(), deprecated since 1.27, now emits deprecation warnings.
* wfLocalFile(), deprecated since 1.34, now emits deprecation warnings.
* wfFindFile(), deprecated since 1.34, now emits deprecation warnings.
* wfIncrStats(), deprecated in 1.36, now emits deprecation warnings.
* wfCanIPUseHTTPS() is now deprecated, and always returns true.
* The UserLoadFromDatabase hook has been deprecated. It had no known uses.
* The following methods in ApiPageSet have been deprecated:
- ::getTitles(), use ::getTargets() instead.
- ::getGoodTitles(), use ::getGoodPages() instead.
- ::getMissingTitles(), use ::getMissingPages() instead.
- ::getGoodAndMissingTitles(), use ::getGoodAndMissingPages() instead.
- ::getRedirectTitles(), use ::getRedirectTargets() instead.
- ::getSpecialTitles(), use ::getSpecialPages() instead.
* The following methods from the User class, deprecated in 1.35, now each emit
deprecation warnings:
- ::getOptions()
- ::isIP()
- ::isUsableName()
- ::isCreatableName()
- ::getCanonicalName()
- ::addAutopromoteOnceGroups()
- ::getEffectiveGroups()
- ::getAutomaticGroups()
- ::getFormerGroups()
- ::getIntOption()
- ::getBoolOption()
* The following methods in User were deprecated:
- ::idFromName() - use UserIdentityLookup::getUserIdentityByName() instead.
- ::resetIdByNameCache() - in tests, reset service container. No replacement
needed in production code.
* Use of ActorMigration for any table except revision, deprecated in 1.34, now
emits deprecation warnings. Instead of getInsertValues(), use
ActorNormalization::acquireActorId(). Instead of getWhere() and getJoin(),
do your own join on the actor table.
* DatabasePostgres::remappedTableName() and its dependent constructor parameter
'keywordTableMap' are deprecated. Reserved identifiers that are used as table
names should be quoted where necessary.
* LinkCache::singleton(), deprecated since 1.28, now emits deprecation warnings.
* MessageCache::singleton(), deprecated since 1.34, now emits deprecation
warnings.
* LockManagerGroup::singleton() and ::destroySingletons(), deprecated since
1.34, now emit deprecation warnings.
* HtmlFileCacheUpdate::newFromTitles() is now deprecated and emitting warnings.
Use newFromPages() instead.
* SessionProvider ::setLogger(), ::setManager(), ::setConfig(), and
::setHookContainer() were deprecated. Use ::init() to inject dependencies, or
override ::postInitSetup() to do any custom post-initialization configuration.
* AbstractAuthenticationProvider ::setLogger(), ::setManager(), ::setConfig(),
and ::setHookContainer() now emit deprecation warnings. Use ::init() to inject
dependencies, or override ::postInitSetup() to do any custom post-
initialization configuration.
* User::isLoggedIn(), deprecated since 1.36, now emits deprecation warnings. Use
the method it wraps, User::isRegistered(), instead.
* FileBackendGroup::singleton() and ::destroySingletons(), deprecated since
1.35, now emit deprecation warnings.
* The first parameter of User::getBlock() should now be an integer using the
Authority::FOR_XXX constants. Providing a boolean is deprecated.
* ApiBase::addBlockInfoToStatus() is deprecated for use by extensions. It is now
marked as @internal and may be deleted in the future.
It should not be necessary to call this method, Authority should be providing
all relevant information via a PermissionStatus object.
* JobQueueGroup::singleton() was deprecated - use
MediaWikiServices::getJobQueueGroup() instead.
* JobQueueGroup::destroySingletons() was deprecated. JobQueueGroups are now
automatically destroyed after tests.
* LinkCache::addGoodLinkObj() has been deprecated, since it is prone to
corrupting the cache with invalid information. Use addGoodLinkObjFromRow()
instead. PHPUnit tests must use LinkCacheTestTrait::addGoodLinkObject().
* ContentHandler::getContentText() is now deprecated. Use Content::getText()
instead.
* LinkCache::addLinkObj() has been deprecated, use PageStore::getPageForLink()
instead.
* MediaWiki\User\UserNamePrefixSearch::search() previously accepted as its first
parameter either the string 'public' or a UserIdentity object, to filter
results for. It now expects an Authority object instead of UserIdentity, and
providing just a UserIdentity will now trigger a deprecation warning.
* User::getRights(), deprecated since 1.34, now emits deprecation warnings.
* User::changeableGroups() and ::changeableByGroup() now emit deprecation
warnings, use corresponding methods in UserGroupManager instead.
* User::incEditCount() was deprecated in favor of the new method
UserEditTracker::incrementUserEditCount().
* RepoGroup::singleton(), ::destroySingleton() and ::setSingleton(), deprecated
since 1.34, now emit deprecation warnings.
* RecentChange::getPerformer(), deprecated since 1.36, now emits deprecation
warnings. Use ::getPerformerIdentity() instead.
* ContentHandler::cleanupHandlersCache(), deprecated since 1.35, now emits
deprecation warnings.
* Category::getTitle() was deprecated in favor of Category::getPage()
* File::getUser() method now emits deprecation warnings, along with its over-
rides in LocalFile and ForeignApiFile in favor of ::getUploader().
* SpecialBlock::checkUnblockSelf(), deprecated in 1.36, now emits deprecation
warnings.
* (T284179) The mediawiki.viewport ResourceLoader module is deprecated. You can
now just use MutationObserver or InterSectionObserver directly, which are
widely available in all supported JavaScript browsers.
* The following constructor options of DatabaseBlock class will now trigger
deprecation warnings:
- the 'byText' property with blocker's name,
- the 'by' property with blocker's ID,
For both of these, use the 'by' property with UserIdentity value instead.
* The BeforeResetNotificationTimestamp hook was deprecated.
* ArchivedFile::getUser() ::getRawUser() ::getRawUserText() were deprecated in
favor of ::getUploader.() ::getRawDescription() was deprecated in favor of
::getDescription() with RAW audience parameter.
* When calling LocalFile::newFromRow() or LocalFile::loadFromRow(), passing
extra fields not requested by ::getQueryInfo() will now trigger deprecation
warnings. This is to warn callers that deprefixing and automatic assignment of
such fields will not be done in a future version.
* JobSpecification::getTitle() was deprecated without providing a replacement.
It wasn't used and job given the purpose of JobSpecification class it is not
needed.
* The protected method File::getImageSize() is now deprecated.
* BacklinkCache::get() was deprecated, use
BacklinkCacheFactory::getBacklinkCache() instead.
* Title::getBacklinkCache() now emits deprecation warnings. Instead, use the
::getBacklinkCache() method in the BacklinkCacheFactory service.
* MediaHandler::getImageSize(), ::getMetadata(), and ::isMetadataValid() were
deprecated and should no longer be overridden. Instead, sub-classes should
override getSizeAndMetadata().
* Deprecated File::getMetadata(). Instead use ::getMetadataArray(),
::getMetadataItem() and ::getMetadataItems().
* Message::title() has been deprecated; use Message::page() instead.
* BaseTemplate::getAfterPortlet(), BaseTemplate::renderAfterPortlet(), and the
BaseTemplateAfterPortlet hook, which were deprecated in 1.35,
now emit deprecation warnings.
* The LocalFile::getHistory() hook is deprecated.
* Previously the Skin templateDirectory option inside skin.json had to be
relative to MediaWiki core. This should now be relative to the skin.
* Calling WikiPage::prepareContentForEdit() without a UserIdentity is now
deprecated.
* User::getEditTokenObject(), ::getEditToken(), and ::matchEditToken() were each
deprecated. Use CsrfTokenRepository, which is available via IContextSource,
instead. ::matchEditTokenNoSuffix() was deprecated without replacement.
It was introduced to be able to provide custom error message if the token
was submitted, but ending slashes were stripped by some ASCII mangling proxy.
Use ::matchToken() instead, such proxies are much less common now and there's
not much benefit in customising the error message.
* ContentHandler::getForTitle(), deprecated since 1.35, now emits deprecation
warnings.
* User::listOptionKinds(), deprecated since 1.35, now emits deprecation
warnings.
* WikiPage::doEditContent(), deprecated since 1.32, now emits deprecation
warnings.
* CentralIdLookup::factory() and ::factoryNonLocal() now emit deprecation
warnings; obtain an instance from MediaWikiServices instead.
* The class RandomPage was renamed to SpecialRandomPage. The class RandomPage
is now deprecated.
* BotPassword::invalidateAllPasswordsForCentralId() was deprecated.
* BotPassword::removeAllPasswordsForCentralId() was deprecated.
* The Title class members: $mTextform, $mUrlform, $mDbkeyform, $mNamespace,
$mInterwiki, and $mFragment have been deprecated to not be used directly.
Instead, their corresponding accessor methods should be used.
* IDatabase::fetchObject(), ::fetchRow(), ::numRows(), ::numFields(),
::fieldName(), ::freeResult() and ::dataSeek() are deprecated. Use the
corresponding methods in IResultWrapper instead.
* ResultWrapper::unwrap(), DatabaseMysqlBase::fieldType() and
DatabasePostgres::fieldType() each now emit deprecation warnings.
* Sub-classes implementing Database::doQuery() should return either boolean or
an IResultWrapper. To do otherwise will now trigger a deprecation warning.
* User::getOptionKinds() and ::resetOptions(), both deprecated since 1.35,
now emit deprecation warnings.
* The following methods in MWNamespace, all deprecated since 1.34, now emit
deprecation warnings:
- ::isMovable()
- ::isSubject()
- ::getTalk()
- ::getSubject()
- ::getAssociated()
- ::equals()
- ::subjectEquals()
- ::hasTalkNamespace()
- ::wantSignatures()
- ::isWatchable()
- ::getSubjectNamespaces()
- ::getTalkNamespaces()
- ::isCapitalized()
- ::hasGenderDistinction()
- ::isNonincludable()
- ::getNamespaceContentModel()
- ::getRestrictionLevels()
- ::getCategoryLinkType()
* LogFormatter::styleRestricedElement() has been deprecated in favor of
LogFormatter::styleRestrictedElement()
* The following hooks related to user preferences were deprecated:
- UserLoadOptions: use LoadUserOptions instead.
- UserSaveOptions: use SaveUserOptions instead.
- UserResetAllOptions: no replacement was provided, the hook is not used.
* Title::isNamespaceProtected(), deprecated in 1.34, now emits deprecation
warnings.
* UserSelectQueryBuilder::userIds(), ::userNames(), and ::userNamePrefix() has
been deprecated in favor of ::whereUserIds(), ::whereUserNames(), and
::whereUserNamePrefix().
* Manually constructing a MovePage object, deprecated in 1.34, now emits
deprecation warnings. Use MovePageFactory instead.
* The following deletion-related methods were deprecated:
- WikiPage::doDeleteArticleReal() (soft) - use DeletePage
- WikiPage::doDeleteArticleBatched() (soft) - no replacement
- WikiPage::isBatchedDelete() (soft) - use DeletePage
- WikiPage::doDeleteUpdates() (hard) - no replacement
- WikiPage::getDeletionUpdates() (hard) - no replacement
- Title::isBigDeletion (soft) - no replacement
* Relying on PermissionManager or Authority to check for big deletions
was deprecated. This is now automatically checked if you use
DeletePage::deleteIfAllowed(). (T288759)
* The userCan hook now emits deprecation warnings. Use the
getUserPermissionsErrors or getUserPermissionsErrorsExpensive hooks instead.
* Parser::$mUser public access, and the methods ParserOptions::getUser() and
Parser::getUser() each now emit deprecation warnings.
* The following methods in the Title class have been deprecated in favor of the
corresponding methods in the new RestrictionStore service (with different
names where indicated):
- ::areCascadeProtectionSourcesLoaded()
- ::areRestrictionsCascading()
- ::areRestrictionsLoaded()
- ::getAllRestrictions()
- ::getCascadeProtectionSources()
- ::getFilteredRestrictionTypes()
-> ::listAllRestrictionTypes()
- ::getRestrictionExpiry()
- ::getRestrictionTypes()
-> ::listApplicableRestrictionTypes()
- ::getRestrictions()
- ::isCascadeProtected()
- ::isProtected()
- ::isSemiProtected()
- ::loadRestrictionsFromRows()
* The following Title methods have been deprecated with no direct public
replacement:
- ::deleteTitleProtection()
- ::getTitleProtection()
- ::flushRestrictions()
- ::loadRestrictions()
* User::isAllowUsertalk() now emits deprecation warnings. Use User::getBlock()
and AbstractBlock::isUsertalkEditAllowed() instead.
* Classes used by Preprocessor_DOM have been merged with classes used by
Preprocessor_Hash, as Preprocessor_DOM was removed in 1.35.
- PPDPart has been merged into PPDPart_Hash
- PPDStack has been merged into PPDStack_Hash
- PPDStackElement has been merged into PPDStackElement_Hash
* By default, the global variable $wgUser is now an instance of the new class
StubGlobalUser rather than User, and the first time it is used it will emit
deprecation warnings (the $wgUser variable was deprecated in 1.35). For
extensions that read from this variable, please use a relevant ContextSource
instead, falling back to RequestContext::getMain() if none is available.
* Collation::singleton() and ::factory() were deprecated; obtain an instance of
the CollationFactory from MediaWikiServices instead.
* Title::getDefaultNamespace() has been deprecated to be removed because there
are no known callers/consumers.
* With removal of the stub threshold feature, the following methods now emit
deprecation warnings:
- LinkRenderer::setStubThreshold() and ::getStubThreshold() - no replacement.
- LinkRendererFactory::createForUser() - calling ::create() is now sufficient
- ParserOptions::setStubThreshold() and ::getStubThreshold() - no replacement.
- User::getStubThreshold() - no replacement.
* The ArticleDelete and ArticleDeleteComplete hooks were deprecated. Use
PageDelete and PageDeleteComplete instead.
* The ArticleUndeleteLogEntry hook was deprecated without replacement.
* The following LESS mediawiki.mixins have been deprecated:
- .box-sizing()
- .transform()
- .transform-origin()
- .transition()
- .transition-transform()
* The `UndeleteForm::undelete` hook was deprecated. A new hook was
introduced, `PageUndelete`, that provides handlers with more information and
is also called for non-UI requests. The capability of replacing the
PageArchive object has been removed, as that violates the laws of nature.
=== Other changes in 1.37 ===
* WatchlistManager::addWatch() and WatchlistManager::addWatchIgnoringRights(),
which replace User::addWatch(), now call the WatchArticle and
WatchArticleComplete hooks.
* WatchlistManager::removeWatch() and
WatchlistManager::removeWatchIgnoringRights(), which replace
User::removeWatch(), now call the UnwatchArticle and UnwatchArticleComplete
hooks.
* The overridable postInitSetup() method was added to the
AbstractAuthenticationProvider class. A provider can override postInitSetup()
to do any custom post-initialization configuration.
* The overridable postInitSetup() method was added to the SessionProvider
class. A provider can override postInitSetup() to do any custom
post-initialization configuration.
* The protected getConfig() method was added to the SessionProvider class.
Use SessionProvider::getConfig() to get a config.
* The DBAccessBase class is deprecated. Classes that used to extend it
should get a load balancer (factory) injected in the constructor instead.
* ActorNormalization::acquireActorId() now requires IDatabase parameter.
Not providing one emitted deprecation warnings since 1.36.
* Anti-lock constants ALF_PRELOAD_LINK, ALF_NO_BLOCK_LOCK, ALF_NO_LINK_LOCK
and ALF_PRELOAD_EXISTENCE have been removed. They're unused since 1.25.
* (T278036) CSS class 'mw-htmlform-field-autoinfuse' used by some forms has been
renamed to 'mw-htmlform-autoinfuse'.
* User::newFromRow() does not accept pre-loaded user preferences under
$data['user_properties'] anymore. This optimization was not used.
* The following files change the letter case of the file names:
- SpecialRandompage.php -> SpecialRandomPage.php
- SpecialRandomredirect.php -> SpecialRandomRedirect.php
- SpecialRandomrootpage.php -> SpecialRandomRootPage.php
* Media files which are uploaded server side using the importImages.php
maintenance script will now have the "mw-server-side-upload" change tag.
* (T284917) The stub threshold feature has been removed.
* Skin::getPoweredBy() and Skin::getCopyrightIcon() have been deprecated as they
are only designed for use by skins extended BaseTemplate. You can move calls
to instead use BaseTemplate::getPoweredByHTML() and ::getCopyrightIconHTML()
respectively.
* The SkinGetPoweredBy hook is deprecated. No replacement is provided.
* HTMLTitleTextField didn't support interwiki titles well previously.
Starting with 1.37, HTMLTitleTextField has a new parameter, 'interwiki',
which can be used to control acceptance of interwiki titles. To provide
a transitional period, the default value ('interwiki' => null) ensures
MW will have the same behavior as before (logging a deprecation warning).
In 1.38, the default behavior will change to "interwiki links aren't allowed".
== Compatibility ==
MediaWiki 1.37 requires PHP 7.3.19 or later, or PHP 7.4.3 or later, and the
following PHP extensions:
* ctype
* dom
* fileinfo
* iconv
* intl
* json
* mbstring
* xml
Support for PHP 8.0 is not yet complete.
MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used,
but support for them is somewhat less mature.
The supported versions are:
* MySQL 5.5.8 or later
* PostgreSQL 9.4 or later
* SQLite 3.8.0 or later
== Online documentation ==
Documentation for both end-users and site administrators is available on
MediaWiki.org, and is covered under the GNU Free Documentation License (except
for pages that explicitly state that their contents are in the public domain):
https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
== Mailing list ==
A mailing list is available for MediaWiki user support and discussion:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
A low-traffic announcements-only list is also available:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
It's highly recommended that you sign up for one of these lists if you're
going to run a public MediaWiki, so you can be notified of security fixes.
== IRC help ==
There's usually someone online in #mediawiki on irc.libera.chat.
= MediaWiki 1.36 =
== MediaWiki 1.36.4 ==
This is a security and maintenance release of the MediaWiki 1.36 branch.
=== Changes since MediaWiki 1.36.3 ===
* (T298261) Fix support for Composer 2.2.
* (T298283) composer.json: Add wikimedia/composer-merge-plugin to allow-plugins.
* Update doctrine/dbal (3.0.0 => 3.1.5).
* (T296898) Add entry point name to disabled Session exception if possible.
* (T298564) MemcachedClient: Add support for IPv6.
* (T297543, CVE-2022-28202) SECURITY: properly escape output used within
galleries and Special:RevisionDelete.
* (T268847) Suppress deprecation warnings from libxml_disable_entity_loader().
* (T283275) Fix PHP 8.0 failure of WikiExporterFactoryTest.
* Fix the json schema and the extension processor for Parsoid extension modules.
* (T299696) update.php: Avoid passing null to substr.
* In PHP 8.1 don't throw exceptions from mysqli.
* (T289926) SiteConfiguration: Don't pass null to str_replace().
* (T264735) Fix deprecation warning from CURLPIPE_HTTP1.
* (T260735) Stop using is_resource() where possible.
* (T289879) Apply ReturnTypeWillChange to various implementations of built in
interfaces.
* (T299312) Implement __serialize/__unserialize for PHP 8.1 support.
* ExtensionRegistry: Add process cache for lazy attributes.
* (T301041) ApiPageSet: Add "missing": true to missing revisions.
* Allow ParsoidModules extension schema to register services.
* (T297708) Allow setting max execution time to several special pages.
* (T302540) composer.json: Add ext-calendar to require.
* (T302540) composer.json: Add ext-simplexml to require-dev.
* (T302540) composer.json: Add various PHP extensions to suggests.
* Upgrading symfony/polyfill-php80 (v1.23.1 => v1.25.0).
* (T304008) Don't re-check "Move subpages" on Special:MovePage after a warning.
* (T293576) listFiles: Display file name instead of version.
* (T303871) Fix @since of Title::getId().
* (T303560) Installer: Check correct PCRE_CONFIG_NEWLINE value.
* wrapOldPasswords: add \n to two output calls.
* (T297571, CVE-2022-28201) Title::newMainPage() goes into an infinite recursion
loop if it points to a local interwiki.
* (T297731, CVE-2022-28203) Requesting Special:NewFiles on a wiki with many file
uploads with actor as a condition can result in a DoS.
== MediaWiki 1.36.3 ==
This is a security and maintenance release of the MediaWiki 1.36 branch.
=== Changes since MediaWiki 1.36.2 ===
* (T280363) mediawiki.page.ready: Introduce wikipage.indicators hook.
* (T290697) Add symfony/polyfill-php80.
* IcuCollation: Add some more icu to unicode version mappings.
* ApiBase: Annotate deprecated constants individually.
* PHPVersionCheck: Mark PHP 7.4.0 - 7.4.2 as buggy.
* (T293044) installer: Fix 5th param to sourceFile() in DatabaseUpdater.
* (T291127) Always encode spaces in cookie values as "%20".
* Use LocalFile::getHookRunner instead of LocalFile::hookRunner.
* (T293564) mediawiki.page.ready: Fire hook 'wikipage.indicators' with
children.
* HistoryBlobStub: add getLocation() to get $mOldId.
* Fix checkStorage.php.
* checkStorage: pass no parameters to WikiRevision::getContent().
* (T292763, CVE-2021-44854) SECURITY: Do not cache private wiki completion
results.
* (T294316) Revert "Mark ApiClientLogin/ApiLogin as requiring write mode".
* (T294796) JobQueueRedis: Replace deprecated zSize with zCard.
* (T278037) NoLocalSettings: Pass an EmptyBagOStuff to TemplateParser.
* (T212428, T267468) Allow populateContentTables to continue when there are
bad blobs.
* (T295191) ApiQuerySiteinfo: Fix "rightsinfo"/"url" when $wgRightsPage is
set.
* Update pear/mail_mime to 1.10.11.
* Update deprecated Guzzle Psr7 function calls.
* (T281972) Follow-Up: I10fbd4b6a: Update @since tags as those were backported.
* Tweak error message for missing composer dependencies.
* (T296112) Allow inserting new sections named '0'.
* nukeNS: don't run purgeRedundantText() after every change.
* (T286779, T297031) installer: Fix Postgres mistakes in using changeField
method.
* (T225888) RollbackAction: fix missing pagetitle.
* (T297322, CVE-2021-44858, CVE-2021-44857) SECURITY: Fix permissions checks in
undo actions.
* (T297574, CVE-2021-45038) SECURITY: Fix permissions check in action=rollback.
* (T34716, T297416) SECURITY: Require 'read' right for most actions.
* (T271037, CVE-2021-44856) SECURITY: Fix use of EditFilterMergedContent hook
when changing content model.
== MediaWiki 1.36.2 ==
This is a security and maintenance release of the MediaWiki 1.36 branch.
=== Changes since MediaWiki 1.36.1 ===
* Don't access MWServices prematurely in Maintenence.php.
* (T283394) Mark ApiClientLogin/ApiLogin as requiring write mode.
* Installer: Fix foundation.wikimedia.org link in config-pingback-help.
* (T283273) Make postgres IRC channel point to libera.chat.
* composer.json: Promote and pin monolog/monolog to require from require-dev.
* (T287526) JavaScriptMinifer: Recognize `...` as a single token.
* (T287526) Update wikimedia/minify to 2.2.4.
* (T289108) ExtensionProcessor: Remove loaderScripts from extension.json
schemas.
* (T281549) Installer: Fix mediawiki-announce auto subscription code.
* FormatJson: Optimize encode() for supported PHP versions.
* (T290398) renameRestrictions.php: Update protected_titles as well.
* (T290489) objectcache: Fix PHP warning for ReplicatedBagOStuff::setMulti.
* $wgMimeTypeBlacklist - This configuration array now prohibits the RFC 4329
form of JavaScript, 'application/javascript', as well as previous MIME types.
* (T51097, T290273) resourceloader: Call getStyleFiles from
FileModule::getFileHashes.
* (T277788) parser: Avoid calling ParserOptions::getOption() too many times.
* (T291244) Unserialize objects in ParserCache->mExtensionData as objects.
* MysqlUpdater: Add updatelog entries for dropDefault.
* (T290776) Fix $phase check in OutputHandler.
* The wikimedia/parsoid library has been upgraded from v0.13.0 to v0.13.1.
* (T285515, CVE-2021-41798) SECURITY: XSS vulnerability in Special:Search.
* (T290379, CVE-2021-41799) SECURITY: ApiQueryBacklinks can cause a full
table scan.
* (T284419, CVE-2021-41800) SECURITY: fix PoolCounter protection of
Special:Contributions.
== MediaWiki 1.36.1 ==
This is a security and maintenance release of the MediaWiki 1.36 branch.
=== Changes since MediaWiki 1.36.0 ===
* (T283942) DatabaseInstaller.php: Only run core schema file if specified table
doesn't already exist.
* (T247223) Optimise MessageCache::isMainCacheable() for the single-message
case.
* (T283244) JavaScriptMinifer: Fix handling of "delete" as object property.
* (T284391) Fix SkinModule to correctly prepend remote path on document root
installs.
* (T235554) Disable DEFER_SET_LENGTH_AND_FLUSH headers to avoid HTTP errors.
* (T278579) Don't send headers on ob_end_clean().
* (T285287) MultiHttpClient: Replace PHP version check with defined().
* (T280226, CVE-2021-35197) SECURITY: Prevent blocked users from purging pages.
== MediaWiki 1.36.0 ==
=== Changes since MediaWiki 1.36.0-rc.0 ===
* (T248481) rdbms: Use server time in
DatabaseMysqlBase::getLagFromPtHeartbeat().
* (T281549) WebInstaller: Don't show the announce-l subscribe checkbox for now.
* (T264214) Follow-ups for UserGroupManager.
* (T282280) resourceloader: Fix path-only URLs in wiki modules when script path
is docroot.
* (T281972) UserIdentityValue: Introduce convenience static factory methods.
* (T230428) Make page_is_redirect and page_is_new unsigned.
* (T280292) Legacy feature should not load thumbnail style rules (only layout).
* (T283247) Freenode -> Libera per wikimedia moving from freenode to libera.
* (T280270) composer: Lock Parsoid version to specific 0.13.0 release.
* (T142663) Add extension.json merge strategy "provide_default".
* (T283540) HookContainer: Fix normalization of callback for static handler.
* (T283464) registration: Fix array order for array_replace_recursive merge
strategy.
* (T283539) Interwiki: Fix calling "onInterwikiLoadPrefix" hook.
* (T282594) Timeless: Re-branch to 40eb3dad1for REL1_36.
== MediaWiki 1.36.0-rc.0 ==
== Upgrading notes for 1.36 ==
Don't forget to always back up your database before upgrading!
See the file UPGRADE for more detailed per-version upgrade instructions from the
oldest supported upgrading version, MediaWiki 1.27.
Some specific notes for MediaWiki 1.36 upgrades are below:
* MediaWiki 1.36 now requires the PHP internationalization extension (commonly
referred to as Intl, ext-intl, or php-intl).
* The MediaWiki:Autoblock_whitelist block exemption control has been moved to
MediaWiki:Block-autoblock-exemptionlist. If you use this feature, please move
the MediaWiki:Autoblock_whitelist page.
* (T275334) $wgExtensionFunctions is sometimes used to change configuration
settings. This is not safe; extension functions are run relatively late, some
services are already initialized by that point and so they use the old
configuration. Changes in 1.36 make this kind of breakage even more common.
You can use the MediaWikiServices hook instead. (In the future there might be
a dedicated hook for configuration changes.)
For notes on 1.35.x and older releases, see HISTORY.
=== Configuration changes for system administrators in 1.36 ===
The MediaWiki update script, maintenance/update.php, used to accept `--nopurge`
as an option to prevent clearing caches stored in the database during upgrade.
This is no longer encouraged, and the option has been removed.
==== New configuration ====
* (T256001) $wgManualRevertSearchRadius – This setting controls a new feature
that marks edits as reverts if they restore the page to an exact previous
state. This configuration variable sets the maximum number of revisions of a
page that will be checked against every new edit. Set this to 0 to disable the
feature entirely.
* (T244058) $wgOldRevisionParserCacheExpireTime — This setting was added to
control caching of ParserOutput for old (non-current) revisions.
* (T265263) $wgRememberMe - This setting configures the "remember me" checkbox
on account log-in systems via RememberMeAuthenticationRequest.
* (T157145) $wgSkinMetaTags – This setting lets sysadmins configure skins that
support meta tags. These tags make sharing of MediaWiki pages on a variety of
social platforms more contentful and thus useful.
* (T280944) $wgIncludejQueryMigrate - This setting lets sysadmins disable the
jQuery Migrate plugin. It has been enabled by default since MediaWiki 1.27.
In future releases it will be disabled by default.
==== Changed configuration ====
* $wgLogos – This setting selects the logo shown on the site. The default value
for the site logo, which is shown in an install if you have not set one, will
now be the new logo of MediaWiki.
* (T274695) $wgAjaxEditStash — This setting, to disable the edit stashing
feature when users start writing an edit summary, has been deprecated. In
future releases, this feature will always be enabled.
* $wgUploadStashScalerBaseUrl – This setting, to enable remote on-demand media
scaling, was deprecated. Use the `thumbProxyUrl` setting in $wgLocalFileRepo
instead.
* $wgSlaveLagWarning and $wgSlaveLagCritical – These settings have been renamed,
to $wgDatabaseReplicaLagWarning & $wgDatabaseReplicaLagCritical respectively.
The former configuration variable names are deprecated, but will be used as
the fall back if they are still set, and remain temporarily available for
extensions which try to read them.
* $wgWANObjectCaches - The "coalesceKeys" option was removed without deprecation
and replaced by a new "coalesceScheme" option, set to "hash_stop" by default.
If you use Dynomite, then set the new "coalesceKeys" option to "hash_tag". The
"cluster" and "mcrouterAware" options were also removed without deprecation.
Use "broadcastRoutingPrefix" instead.
==== Removed configuration ====
* $wgUseTwoButtonsSearchForm — This setting, deprecated in 1.35, has been
removed.
* $wgAllowImageMoving — This setting, deprecated in 1.35, has been removed. Use
group permission settings instead. For example, to prevent sysops from
moving files, set `$wgGroupPermissions['sysop']['movefile'] = false;`
* $wgExtNewTables, $wgExtNewFields, $wgExtNewIndexes, $wgExtPGNewFields,
$wgExtPGAlteredFields, $wgExtModifiedFields — These settings were removed.
They became obsolete after 1.17 overhauled the database updater, but were kept
for backwards compatibility. The LoadExtensionSchemaUpdates hook should be
used instead.
* $wgParserConf - This setting, deprecated in 1.35, has been removed. The last
use of this setting was for pre-processor configuration, which was deprecated
in 1.34 and removed in 1.35.
* $wgEnableRestAPI - This setting, ignored since 1.35, has been removed.
* $wgPagePropsHaveSortkey – This temporary setting has been removed, along with
the schema change upgrade path it controlled. If your site is still using it,
meaning you have not yet applied the `pp_sortkey` schema change from 1.24, you
must now apply it before upgrading.
* The deprecated password policies PasswordCannotMatchBlacklist and
PasswordNotInLargeBlacklist were removed. Please use
PasswordCannotMatchDefaults and PasswordNotInCommonList respectively instead.
=== New user-facing features in 1.36 ===
* The logo of MediaWiki has changed. This means that the "Powered By MediaWiki"
button shown in the skin footer will be different.
* All HTML5 named entities are now accepted in wikitext.
* (T106263) The file description page's alternate sizes now include 2048px.
=== New developer features in 1.36 ===
* Parser test files can now declare a dependency on a specific extension being
loaded, not just on the presence of a certain extension tag hook. This is a
better fit for extensions like TimedMediaHandler, which affect the output but
don't register parser hooks. Use `extension:Foo` in the `!! hooks` section of
your parser test file to declare a dependency on the `Foo` extension being
loaded.
* To expose code previously present in SpecialBlock/SpecialUnblock to other
parts of the code, or to extensions, the new BlockUser and UnblockUser command
objects were added. Use the BlockUserFactory and UnblockUserFactory services
to create them.
* The hook UsersPagerDoBatchLookupsHook takes now a \Wikimedia\Rdbms\IDatabase,
instead of \Wikimedia\Rdbms\DBConnRef, as the first parameter.
* MediaHandlers can now customize the formatting of the metadata they emit by
over-riding MediaHandler::formatTag( $key, $value ). The default for unknown
tags is numeric formatting; non-EXIF tags which are non-numeric should always
use this method to specify the desired formatting.
* The new 'title' type can be used to validate action API and REST API inputs.
* The new ArticleParserOptions hook allows customizing the parser options used
to parse wikitext for an article, based on user preferences, title, etc.
* The new 'raw' type can be used to validate action API inputs. It bypasses the
Unicode NFC normalization done on inputs of type 'string', so it more suitable
when the input is binary or may contain deprecated Unicode sequences or
characters (such as U+2001) that should be passed unmodified.
* (T260330) A new abstraction for running shell commands has been introduced,
called BoxedCommand. A BoxedCommand object can be obtained with
MediaWikiServices::getInstance()->getCommandFactory()->createBoxed().
* ResourceLoader modules can now mark themselves as ES6-only by setting
`'es6' => true` in their module definition. ES6-only modules will not be
executed in browsers that don't support ES6, such as IE11.
=== External library changes in 1.36 ===
==== New external libraries ====
* Added wikimedia/minify 2.2.2.
* Added wikimedia/request-timeout 1.1.0.
* Added wikimedia/shellbox 1.0.4.
* Added WVUI 0.1.0.
* Added symfony/symfony/polyfill-php80 1.23.1.
==== Changed external libraries ====
* Updated composer/semver from 1.5.1 to 3.2.4.
* Updated guzzlehttp/guzzle from 6.5.4 to 7.2.0.
* Updated jQuery from v3.4.1 to v3.6.0.
* Updated jQuery Migrate from v3.1.0 to v3.3.2.
* Updated jquery.client from 2.0.2 to 3.0.0.
* Updated OOUI from 0.39.3 to 0.41.3.
* Updated pear/mail_mime from 1.10.8 to 1.10.9.
* Updated pear/net_smtp from 1.9.1 to 1.9.2.
* Updated pimple/pimple from 3.3.0 to 3.3.1.
* Updated wikimedia/at-ease from 2.0.0 to 2.1.0.
* Updated wikimedia/cldr-plural-rule-parser from 1.0.0 to 2.0.0.
* Updated wikimedia/common-passwords from 0.2.0 to 0.3.0.
* Updated wikimedia/composer-merge-plugin from 1.4.1 to 2.0.1.
* Updated wikimedia/html-formatter from 1.0.2 to 3.0.1.
* Updated wikimedia/ip-set from 2.1.0 to 3.0.0.
* Updated wikimedia/ip-utils from 1.0.0 to 3.0.2.
* Updated wikimedia/less.php from 3.0.0 to 3.1.0.
* Updated wikimedia/object-factory from 2.1.0 to 3.0.0.
* Updated wikimedia/php-session-serializer from 1.0.7 to 2.0.0.
* Updated wikimedia/remex-html from 2.2.0 to 2.2.2.
* Updated wikimedia/utfnormal from 2.0.0 to 3.0.2.
* Updated wikimedia/wait-condition-loop from 1.0.1 to 2.0.1.
* Updated wikimedia/xmp-reader from 0.7.0 to 0.8.1.
===== Changed development-only external libraries =====
* Updated composer/spdx-licenses from 1.5.3 to 1.5.4.
* Updated doctrine/dbal from 2.10.2 to 3.0.0.
* Updated doctrine/sql-formatter from 1.1.0 to 1.1.1.
* Updated mediawiki/mediawiki-phan-config from 0.10.2 to 0.10.6.
* Updated monolog/monolog from 1.25.3 to 2.2.0.
* Updated nikic/php-parser from 4.4.0 to 4.10.2.
* Updated psy/psysh from 0.10.4 to 0.10.5.
* Updated seld/jsonlint from 1.7.1 to 1.8.3.
* Updated symfony/yaml from ~3.4|~4.3|~5.0.5 to ~3.4|~5.1.
* Updated wikimedia/testing-access-wrapper from 1.0.0 to 2.0.0.
==== Removed external libraries ====
* The html5shiv library has been removed, as support for Internet Explorer 8 has
been dropped.
* The wikimedia/avro suggested development-only library has been removed, as the
support for logging in Avro format has been dropped.
=== Bug fixes in 1.36 ===
* (T190285) ApiEditPage module used to switch 'undo' and 'undoafter' parameters,
if it founds you reversed them (based on assumption that higher revision ID
indicates a later revision). The assumption is not always true, and is
hindering proper edit undoing in some cases, hence the logic has been removed.
Reversing the parameters will now lead to edit conflict or undefined behavior.
* (T263340) In history merging, pages with a content model that does not support
redirects will now be recorded as deleted if no revision is being left in the
source page (that's if all revisions of the page have been merged to another).
=== Action API changes in 1.36 ===
* (T269636) `Access-Control-Max-Age` was added to the default list of headers
allowed for cross-origin API requests ($wgAllowedCorsHeaders).
* (T258108) Accounts with the 'bot' right no longer have pages automatically
added to the watchlist when making API edits, regardless of their preferences.
This is to reduce the size of the watchlist data in the database. To add API
bot edits to the watchlist, explicitly set the 'watch' option.
=== Languages updated in 1.36 ===
MediaWiki supports over 350 languages. Many localisations are updated regularly.
Below only new and removed languages are listed, as well as changes to languages
because of Phabricator reports.
* (T258975) Added a Latin/Cyrillic script converter for the Talysh language.
* (T245359) Split Bali script locale from "ban" (Balinese) (ban-bali).
* (T264582) Added language support for Madurese (mad).
* (T259330) Added language support for Mara (mrh).
* (T263968) Added language support for Nias (nia).
* (T270365) Added language support for Tyap (kcg).
* (T276745) Added language support for Wayuu (guc).
=== Breaking changes in 1.36 ===
* Grade C (non-JavaScript) support for Internet Explorer 8 has been dropped.
* (T249459) wfIsBadImage(), deprecated in 1.34, has been removed.
* (T176526) EditPage::getContextTitle() will now throw an exception if a context
title was not set using setContextTitle(). Previously, this mis-use would only
cause a deprecation warning to be emitted.
* The DeferredStringifier class, deprecated since 1.31, was removed.
* Multiple methods that fell back to the $wgUser global variable were
individually hard deprecated previously. The following have now been removed:
- ApiTestCase::doLogin
- Article::doDeleteArticle
- Article::doDeleteArticleReal
- Article::getComment
- Article::getCreator
- Article::getUser
- Article::getUserText
- Article::insertProtectNullRevision
- File::delete
- File::recordUpload
- ForeignDBFile::delete
- ForeignDBFile::recordUpload
- LocalFile::delete
- LocalFile::deleteOld
- LocalFile::recordUpload
- PageArchive::undelete
- RecentChange::markPatrolled
- Title::getUserPermissionsErrors
- Title::quickUserCan
- Title::userCan
- WebRequest::getLimitOffset
- WikiPage::doDeleteArticle
- WikiPage::insertProtectNullRevision
* The SpecialPageFactory class, deprecated in 1.32, has been removed. Use the
SpecialPageFactory service instead.
* Multiple methods previously had optional User parameters, with fallbacks
to the $wgUser global variable. Not passing a User to those methods was
previously hard deprecated, and support for not passing a User has now
been removed:
- ArchivedFile::userCan
- File::userCan
- FileDeleteForm::__construct
- FileDeleteForm::doDelete
- LocalFileDeleteBatch::__construct
- LogEventsList::getExcludeClause (only needed for the 'user' audience)
- LogEventsList::userCan
- LogEventsList::userCanBitfield
- LogEventsList::userCanViewLogType
- LogPage::addEntry (also accepts user id instead)
- OldLocalFile::userCan
- PatrolLog::record
- Title::getNotificationTimestamp (though the entire method is deprecated)
- WikiPage::getComment (only needed for the FOR_THIS_USER audience)
- WikiPage::getCreator (only needed for the FOR_THIS_USER audience)
- WikiPage::getUser (only needed for the FOR_THIS_USER audience)
- WikiPage::getUserText (only needed for the FOR_THIS_USER audience)
* The following hooks have been removed:
- APIQueryInfoTokens
- APIQueryRecentChangesTokens
- APIQueryRevisionsTokens
- APIQueryUsersTokens
- ApiTokensGetTokenTypes
* LogEventsList::typeAction previously accepted an optional right parameter, and
checked if the context user ($wgUser) had that right. Passing a right was hard
deprecated in 1.35, and support for passing a right has now been removed.
* WikiPage::doDeleteArticleReal previously accepted an optional user as its
fifth parameter, and fell back to $wgUser if not user was provided. The
signature changed to have the user as the second parameter, and the old
signature was hard deprecated in 1.35. Support for the old signature has now
been removed.
* User::addNewUserLogEntry, deprecated since 1.27, was removed.
* As part of refactoring the EditPage class, EditPage::setPreloadedContent,
which had no known callers was removed entirely. Additionally, the following
public methods were made private:
- ::extractSectionTitle
- ::getSummaryInputWidget
- ::noSuchSectionPage
- ::initialiseForm
* EditPage::matchSpamRegex and ::matchSummarySpamRegex, deprecated in 1.35,
were removed. Use the SpamChecker service instead.
* The global function `wfWaitForSlaves`, deprecated in 1.27 and hard-deprecated
in 1.35, has been removed. Use LBFactory::waitForReplication() instead.
* Calling Action::factory() with null as the first parameter, rather than a
string, was deprecated in 1.35 and support was now removed.
* Calling Action::factory() with an object that wasn't an Article as the second
parameter was deprecated in 1.35 and support was now removed.
* The global variable $wgMemc, deprecated since 1.35, has been removed. Usage
should generally be migrated to WANObjectCache, or if you really need the
internal object, use ObjectCache::getLocalClusterInstance instead.
* The preprocessDump.php maintenance script was removed.
* CategoryFinder, which was deprecated in 1.31 and hard-deprecated in 1.35,
has been removed.
* GenderCache::singleton(), which was deprecated in 1.28 and hard-deprecated
in 1.35, has been removed.
* Sanitizer::escapeId(), deprecated in 1.30, has been removed.
* Direct invocation of Parser::__construct() (instead of via a ParserFactory)
now throws an exception; support has also been removed for several
deprecated variants on the arguments passed to Parser::__construct.
Direct invocation of Parser::__construct was deprecated in 1.34.
* Parser::setFunctionTagHook(), deprecated in 1.35, has been removed.
* The following properties of Parser, deprecated in 1.35, have been made
private:
- $mTagHooks - use Parser::getTags()
- $mFunctionHooks - use Parser::getFunctionHooks()
- $mOutput - use Parser::getOutput()
- $mPreprocessor - use Parser::getPreprocessor()
* The ParserBeforeTidy hook, deprecated in 1.35, has been removed.
* The ParserBeforeTidy, ParserBeforeStrip, and ParserAfterStrip hooks,
deprecated in 1.35, have been removed.
* All methods of MWTidy except for MW::tidy() have been removed. These were each
either marked as @internal or deprecated in 1.35.
* (T248062) Mixins `.background-image-svg()` and `.background-image-svg-quick()`
(provided by mediawiki.mixins.less), which have been deprecated since 1.35,
have now been removed. MediaWiki no longer supports any browser which would
require this SVG-fallback PNG support, so you can simply use the regular CSS
`background-image:` declaration instead.
* The ResourceLoader module `mediawiki.legacy.oldshared` and its file
'oldshared.css', deprecated since 1.35 has been removed (T248357).
* `ResourceLoader::__construct` now requires a Config parameter. The optional
nature of this parameter was deprecated in 1.34.
* The LinkBegin and LinkEnd hooks, deprecated in 1.28, have been removed. You
can instead use the HtmlPageLinkRendererBegin and HtmlPageLinkRendererEnd
hooks, respectively.
* The EmailUser hook passes its fifth param, $error, by reference, to allow
hook handlers to add error messages, indicate that they have sent the email
instead of core, etc. Setting the parameter to something other than a
Status object, true, false, an empty string, an array, or a MessageSpecifier,
object, which had been deprecated in 1.29, is no longer supported, and now
results in an MWException being thrown.
* Skin::getDynamicStylesheetQuery(), deprecated in 1.32, has been removed. You
should use action=raw&ctype=text/css directly.
* Skin::makeI18nUrl(), deprecated in 1.35, has been removed.
* The following User methods, deprecated and moved to BlockManager in 1.34, were
removed:
- ::isDnsBlacklisted
- ::inDnsBlacklist
- ::isLocallyBlockedProxy
- ::trackBlockWithCookie
* Support for v1 of the parser tests file format has been removed; it was
deprecated in 1.35. (T174199)
* SpecialUnblockUser::processUIUnblock() now returns a Status object instead of
an array of messages or a boolean value. This function was also marked as
@internal and is no longer safe to call it publicly.
* mw.Title.getDotExtension() from the 'mediawiki.Title' module was removed
without deprecation. You should use mw.Title.getExtension() and prepend the
dot if need be.
* Profiler::getTemplated and Profiler::setTemplated, deprecated in 1.34, have
been removed.
* DatabaseMysqlBase now requires MySQL version 5.6.4+ when "lagDetectionMethod"
is set to "pt-heartbeat".
* Removed HookContainer::getOriginalHooksForTest() without deprecation. This
method was introduced in 1.35 for internal use, and appears unused outside of
MediaWiki core.
* ParserCache::__construct() now requires three parameters.
* Message->getFormat(), deprecated in 1.29, has been removed.
* Support for passing Article to ParserCache::get, deprecated in 1.35, has been
removed.
* ParserCache::singleton(), deprecated in 1.30, has been removed.
* DatabaseBlock::deleteIfExpired and ::fromMaster, deprecated in 1.35, have been
removed.
* Some deprecated AbstractBlock methods have been removed:
- ::prevents, deprecated in 1.33
- ::shouldTrackWithCookie, deprecated in 1.34
- ::getBlocker, deprecated in 1.35
- ::setBlocker, deprecated in 1.35
- ::getBlockErrorParams, deprecated in 1.35
* Multiple DatabaseBlock methods dealing with cookies, deprecated in 1.34,
have been removed:
- ::setCookie
- ::clearCookie
- ::getCookieValue
- ::getIdFromCookieValue
- ::shouldTrackWithCookie
* The public static callback function SpecialUnblock::processUIUnblock has been
removed. This method was for internal use only, and appears unused outside of
MediaWiki core.
* ChangeTags::truncateTagDescription, deprecated in 1.35, has been removed.
* Deprecated null fallbacks in PasswordReset constructor have been removed.
* User::isEveryoneAllowed and User::getAllRights, deprecated in 1.34, has been
removed.
* The following methods of the UserGroupMembership class, deprecated in 1.35,
has been removed:
- ::initFromRow
- ::newFromRow - use UserGroupManager::newGroupMembershipFromRow
- ::selectFields - use UserGroupManager::getQueryInfo
- ::delete - use UserGroupManager::removeUserFromGroup
- ::insert - use UserGroupManager::addUserToGroup
- ::purgeExpired - use UserGroupManager::purgeExpired
- ::getMembershipsForUser - use UserGroupManager::getUserGroupMemberships
- ::getMembership - use UserGroupManager::getUserGroupMemberships
* The public static callback function SpecialBlock::validateTargetField has been
removed. This method was for internal use only, and appears unused outside of
MediaWiki core.
* The public static callback function SpecialUploadStash::tryClearStashedUploads
has been removed. This method was for internal use only, and appears unused
outside of MediaWiki core.
* SpecialComparePages::showDiff() ::revOrTitle(), ::checkExistingTitle(), and
::checkExistingRevision() were marked as @internal to allow for breaking
changes. They are no longer safe to call. The methods were unused outside of
MediaWiki core.
* Each special page within core now uses service injection via it constructor.
When extending these special pages, a call to the grandparent constructor
(`SpecialPage::__construct()`) in the sub-class would now break the derived
special page, as the fallback code in the parent constructor cannot set the
services as needed. Be sure to call the parent constructor when extending
core special pages. Extending core's special pages is not part of the stable
interface, and should generally be avoided.
* Language::getExtraUserToggles and ::viewPrevNext, deprecated in 1.34, have
been removed.
* StreamFile::send404Message and ::parseRange, deprecated in 1.34, have been
removed.
* SVGMetadataExtractor class, deprecated in 1.34, has been removed.
* ProcessCacheLRU class, deprecated in 1.32, has been removed.
* wfForeignMemcKey(), deprecated in 1.35, has been removed.
* LoadBalancer::safeWaitForMasterPos(), deprecated in 1.34, has been removed.
* JobQueue::factory() now requires its `idGenerator` option. The optional
nature of this option was deprecated in 1.35.
* ApiFeedRecentChanges::getFeedObject has been changed to private, and appears
unused outside of MediaWiki core.
* Skin::subPageSubtitle() has been changed to private method. Callers should
use Skin::prepareSubtitle().
* RevisionDeleter::checkRevisionExistence was removed without deprecation.
It had no known callers.
* wfForeignMemcKey() and wfMemcKey(), deprecated in 1.35, have been removed.
* MediaWiki now also requires the php-intl extension.
* BotPassword::save() now returns a Status object for the result rather than
a bool.
* The methods in CoreTagHooks have been marked @internal and type hints have
been added. The methods appeared to be unused outside of MediaWiki core.
* SquidPurgeClient and SquidPurgeClientPool, deprecated since 1.35, have been
removed.
* Several methods on WikiPage will now throw an exception when called on a
WikiPage instance that where constructed on a title that does not refer to a
proper page (but rather a special page or interwiki link). The behavior was
previously undefined and could in some cases lead to data corruption. Affected
methods are: getId(), insertOn(), newPageUpdater(), doUpdateRestrictions(),
doDeleteArticleReal(), doRollback(), and doEditContent().
* The ParserTestRunner no longer invokes the ParserTestTables hook. Instead, it
clones all database tables before running tests, like MediaWikiIntegrationTest
does. If an extension was mis-using the hook to *exclude* tables from the
clone, that will no longer occur, and tests may fail.
* The following classes, which were only loaded for tests and had no uses found
in public MediaWiki-related git, were removed:
- MockWebRequest
- UserWrapper
* Passing Title as a second parameter to RevisionStore::getPreviousRevision and
getNextRevision, hard deprecated since 1.31, was prohibited.
* (T275619) Maintenance::hasOption and Maintenance::getOption now behave as
documented and are not altered by previous calls to these methods.
* The internal class FirejailCommand was removed.
* Command::execute() now returns a Shellbox\Command\UnboxedResult instead of a
MediaWiki\Shell\Result. Any type hints should be updated.
* WikiPage::$mIsRedirect was removed.
* ObjectCache::detectLocalServerCache(), deprecated in 1.35, was removed.
* The following functions from the Title class have been removed:
- countRevisionsBetween
- getAuthorsBetween
* The PageProps class was converted to a service. PageProps::overrideInstance
was removed, and MediaWikiServices::redefineService should be used
instead.
* Support for creating a MediaWikiTitleCodec object without the InterwikiLookup
and NamespaceInfo services, deprecated in 1.34, was removed. Note that the
MediaWikiTitleCodec class is not @newable or @stable to create, and should
be retrieved from MediaWikiServices instead.
* The $wgContLang variable, deprecated in 1.32, was removed. You can instead use
MediaWikiServices::getInstance()->getContentLanguage().
* User::clearAllNotifications(), hard deprecated in 1.35, was removed. Use
WatchlistManager::clearAllUserNotifications() instead.
* DatabaseBlock::getBlocker can return any UserIdentity instance, not just User.
* MediaWiki::triggerJobs(), deprecated in 1.34, was removed.
* The following Article methods, deprecated in 1.35, were removed:
- checkFlags
- checkTouched
- clearPreparedEdit
- doDeleteUpdates
- doEditUpdates
- doPurge
- doViewUpdates
- exists
- followRedirect
- getAutoDeleteReason
- getCategories
- getContentHandler
- getContentModel
- getContributors
- getDeletionUpdates
- getHiddenCategories
- getId
- getLatest
- getLinksTimestamp
- getMinorEdit
- getOldestRevision
- getRedirectTarget
- getRedirectURL
- getRevision
- getTouched
- getUndoContent
- hasViewableContent
- insertOn
- insertRedirect
- insertRedirectEntry
- isCountable
- isRedirect
- loadFromRow
- loadPageData
- lockAndGetLatest
- makeParserOptions
- pageDataFromId
- pageDataFromTitle
- prepareContentForEdit
- protectDescription
- protectDescriptionLog
- replaceSectionAtRev
- replaceSectionContent
- setTimestamp
- shouldCheckParserCache
- supportsSections
- triggerOpportunisticLinksUpdate
- updateCategoryCounts
- updateIfNewerOn
- updateRedirectOn
- updateRevisionOn
- doUpdateRestrictions
- updateRestrictions
- doRollback
- commitRollback
- generateReason
* The monolog-based logging system has dropped the Avro format. Because of this,
the AvroFormatter class and the AvroValidator utility class have been removed
without deprecation.
* AbstractBlock::$mReason, deprecated in 1.34, was removed.
Use AbstractBlock::getReasonComment and AbstractBlock::setReason instead.
=== Deprecations in 1.36 ===
* (T278026) The DB_MASTER constant has been deprecated in favour of DB_PRIMARY.
* (T245963) User::getGrantName() is now hard deprecated and will be removed in
a subsequent release. Use MWGrants::grantName() instead.
* wfIncrStats() is now deprecated. Use MediaWikiServices::getInstance()
->getStatsdDataFactory()->updateCount() instead.
* WikiPage::doEditContent() is now deprecated. Use
WikiPage::doUserEditContent() instead. Note that doEditContent() was also
deprecated in 1.32 for unrelated reasons and doUserEditContent() is
deprecated for other reasons, however, using doUserEditContent() is
recommended over using doEditContent().
* WikiPage::doUserEditContent() is now deprecated. Use
PageUpdater::saveRevision instead. Note that the new method expects callers
to take care of checking EDIT_MINOR against the minoredit right, and to apply
the autopatrol right as appropriate.
* LocalFile::recordUpload2, soft deprecated in 1.35, now emits deprecation
warnings. Use ::recordUpload3 instead.
* Constructing a new instance of the ParserOptions class without providing
a User object, which falls back to the global $wgUser, is now deprecated.
* The User class, which was marked as @newable in 1.35, is no longer newable,
meaning that it is no longer safe to manually call the constructor via
`new User`. Instead, use the UserFactory service. Additionally, the
following static constructor methods were deprecated in favor of using the
UserFactory service:
- User::newFromName
- User::newFromId
- User::newFromActorId
- User::newFromIdentity
- User::newFromAnyId
- User::newFromConfirmationCode
* The following User methods have been hard deprecated in favor of the new
UserEditTracker service:
- User::getFirstEditTimestamp
- User::getLatestEditTimestamp
* The confusingly-named User->isLoggedIn() method has been deprecated in favour
of the method it wraps, User->isRegistered().
* Use of the `preprocessor=Preprocessor_DOM` option in parser test files has
been deprecated. Preprocessor_DOM was removed in 1.35.
* ParserOptions::setTidy() has been deprecated. It has had no effect since
1.35.
* Sanitizer::escapeIdReferenceList() has been deprecated; it will eventually
be made private to the class, as it appears to have no uses outside the
Sanitizer class.
* Sanitizer::hackDocType() is deprecated; it will eventually be made private.
* Skin::getIndicatorsHTML() is deprecated. The functionality can be retained
by reimplementing the method using the raw indicators data from
OutputPage::getIndicators.
* Skin::makeVariablesScript() has been deprecated. Use
ResourceLoader::makeInlineScript() instead.
* SpecialPageFactory::getRestrictedPages() has been deprecated.
Use SpecialPageFactory::getUsablePages() instead.
* Title::nameOf() is deprecated; use Title::newFromID()->getPrefixedDBkey()
instead.
* DatabaseBlock::insert, DatabaseBlock::update, DatabaseBlock::purgeExpired and
DatabaseBlock::delete are deprecated. Use DatabaseBlockStore::insertBlock,
DatabaseBlockStore::updateBlock, DatabaseBlockStore::purgeExpiredBlocks and
DatabaseBlockStore::deleteBlock instead.
* SpecialBlock::getTargetAndType and AbstractBlock::parseTarget are deprecated.
Call BlockUtils::parseBlockTarget instead.
* SpecialUnblock::processUnblock was deprecated - use UnblockUserFactory
service instead.
* Deprecated MediaWikiIntegrationtestCase::removeTemporaryHook() in favor of
MediaWikiIntegrationtestCase::clearHook().
* Skin::getSearchLink(), also exposed as 'searchaction' option in SkinTemplate,
has been deprecated. Use Title or SpecialPage methods directly.
* Skin::getAllowedSkins and ::getSkinNames have been deprecated. Use their
respective equivalents in SkinFactory instead.
* The RollbackComplete hook has been deprecated, use the PageSaveComplete hook
instead.
* Skin::makeUrl() has been deprecated. Title methods should be used instead.
* Skin::privacyLink(), Skin::disclaimerLink() and Skin::aboutLink() have been
deprecated. Please use Skin::footerLink() instead.
* Skin::getLogo() has been deprecated. Use ResourceLoaderSkinModule instead.
* The module `mediawiki.toc.styles` has been replaced by
ResourceLoaderSkinModule. If you are having problems styling table of contents
ensure you have an updated skin.
* Skin::mainPageLink() has been deprecated. Use LinkRenderer service instead.
* BaseTemplate::getToolbox() method has been hard deprecated. The toolbox data
is now available in a sidebar data array which you can get from any class
that's extending QuickTemplate class.
* Constructing a DefaultPreferencesFactory, LinkHolderArray or PasswordReset
without a $hookContainer parameter is deprecated.
* Autopromote class, soft deprecated since 1.35, now emits deprecation warnings.
Use UserGroupManager instead.
* SpecialBlock::canBlockEmail has been deprecated. Please use
BlockPermissionChecker::checkEmailPermissions instead.
* SpecialBlock::checkUnblockSelf has been deprecated. Please use
BlockPermissionChecker::checkBlockPermissions instead.
* SpecialBlock::parseExpiryInput was deprecated - use
BlockUser::parseExpiryInput instead.
* SpecialBlock::validateTarget has been deprecated, use BlockUtils instead.
* SpecialBlock::validateTargetField has been deprecated for external use,
use BlockUtils instead.
* SpecialPage::getLanguageConverter has been deprecated, use
LanguageConverterFactory::getLanguageConverter() directly.
* ParserCache::getKey has been deprecated. Use ParserCache::getMetadata and
ParserCache::makeParserOutputKey instead.
* The PHPUnit4And6Compat class, used to provide compatibility with PHPUnit 4,
was removed. MediaWiki support for PHPUnit 4 ended with the removal of HHVM
support.
* The PHPUnit6And8Compat class, used to provide compatibility with PHPUnit 6,
was removed without deprecation. This class was introduced during the
upgrade to PHPUnit 8, but never used.
* MediaWikiIntegrationTestCase::assertType, hard-deprecated in 1.35 due to
incompatibility with PHPUnit 8, was removed.
* ParserCache::getETag has been deprecated, instead build suitable etag
explicitly.
* The following functions from the Language class have been hard deprecated
and will be removed in a subsequent release:
- findVariantLink
- convertTitle
- updateConversionTable
- commafy
* The following functions from the Title class have been hard deprecated:
- getPreviousRevisionID
- getNextRevisionID
- getEarliestRevTime
* The following functions from the User class have been hard deprecated:
- getDefaultOptions
- getDefaultOption
* The mw.language.commafy client-side method has been deprecated, to match
the deprecation of Language::commafy. Use mw.language.convertNumber
instead.
* The "es6-promise" module has been deprecated. Use "es6-polyfills" instead.
* Title::isDeleted() and Title::isDeletedQuick() have been deprecated. Please
use Title::getDeletedEditsCount() and Title::hasDeletedEdits() instead.
* Article::getContentObject, soft-deprecated since 1.32, was hard-deprecated.
* WikiRevision::importUpload, soft-deprecated since 1.31, was hard-deprecated.
* Html::infoBox() has been deprecated. There's no replacement.
* Message::toString() without a $format parameter, soft-deprecated since 1.28,
was hard-deprecated. Use explicit formatting methods instead, such as
Message::text() and Message::escaped().
* BagOStuff::makeKeyInternal() usage outside of BagOStuff has been deprecated.
* BagOStuff::setDebug() is deprecated and calls to it are ignored. Debug logs
are now unconditionally enabled.
* The following global functions have been hard deprecated:
- wfAppendToArrayIfNotDefault
- wfAcceptToPrefs
- wfClearOutputBuffers
- wfConfiguredReadOnlyReason
- wfDebugMem
- wfGetPrecompiledData
- wfNegotiateType
* BeforeParserFetchTemplateAndtitleHook has been deprecated; replace
with the new BeforeParserFetchTemplateRevisionRecord hook. (The
similar ParserFetchTemplateHook was deprecated in 1.35; the new hook
replaces both.)
* The InterwikiLoadPrefix hook has been deprecated; it is not compatible
with future wikitext parsers (which need to enumerate all interwiki
prefixes). In test cases please use $wgInterwikiCache instead.
* WikiPage instances should no longer be constructed for titles that do not
represent editable pages (e.g. special pages). WikiPages were always
documented to represent "MediaWiki article and history".
* Skin::getSkinStylePath() has been deprecated. Please replace usages with
the direct path to the resources.
* The second argument of EnhancedChangesList::getDiffHistLinks, $query, has
been deprecated.
* The ParserTestTables hook has been deprecated; it is no longer necessary
after a ParserTestRunner refactoring.
* The following classes have been hard deprecated: CachedAction,
SpecialCachedPage, CacheHelper, ICacheHelper. They were unused in MediaWiki
ecosystem, so no replacement was provided.
* The ProtectionForm::buildForm hook has been deprecated. Please use the
ProtectionFormAddFormFields hook instead.
* RevisionStore::newMutableRevisionFromArray has been hard deprecated. Instead,
MutableRevisionRecord should be constructed directly via constructor.
* UserIdentity::getActorId() is deprecated. The actor ID should not be exposed
to application logic. Storage layer code should use the ActorNormalization
service for normalizing and denormalizing user names.
* Constructing a UserIdentityValue with an actor ID as the third parameter is
deprecated. The parameter should be omitted. Storage layer code should use
the ActorNormalization service for normalizing and denormalizing user names.
* Command::cgroup() is deprecated and no longer functional. $wgShellCgroup is
now implemented as an Executor option.
* Command::restrict() is deprecated. Instead use the new separate accessors.
* MWTidy::tidy() is deprecated. Use MediaWikiServices::getTidy()-tidy() instead.
* TidyDriverBase::supportsValidate() is deprecated; it has always returned
false since 1.33.
* WatchedItem::getUser hard-deprecated in favor of ::getUserIdentity.
* WatchedItemStoreInterface::enqueueWatchlistExpiryJob was hard deprecated in
favor of the new method maybeEnqueueWatchlistExpiryJob that takes care of
relevant configuration checks.
* LogEntry::getPerformer() and its implementations have been hard-deprecated, in
favor of ::getPerformerIdentity().
* AuthManager::singleton(), deprecated in 1.35, is hard deprecated. Use
MediaWikiServices::getAuthManager() instead.
* User::clearNotification(), deprecated in 1.35, is hard deprecated. Use
WatchlistManager::clearTitleUserNotification() instead.
* Passing string to DatabaseBlock::setBlocker was deprecated. Only UserIdentity
is now allowed.
* DatabaseBlock constructor 'byText' option was deprecated in favour of 'by'
option, which now accepts UserIdentity. Passing user ID is deprecated.
* Parser::getUser was deprecated. Use Parser::getUserIdentity instead.
* DatabaseBlock::isWhitelistedFromAutoblocks was deprecated. Use
DatabaseBlock::isExemptedFromAutoblocks instead.
* User::isIPRange(), deprecated in 1.35, is hard deprecated.
Use the UserNameUtils service or IPUtils directly.
* BaseTemplate::getFooterIcons(), deprecated in 1.35, is hard deprecated. Read
footer icons from template data requested via $this->get('footericons').
* `box-shadow()` LESS mixin from mediawiki.mixins is deprecated due to updated
basic browser support. Use unprefixed property `box-shadow:` instead.
* MergeHistory::checkPermissions was deprecated. Use ::probablyCanMerge or
::authorizeMerge instead.
* User::isValidUserName(), deprecated in 1.35, is hard deprecated.
Use the UserNameUtils service instead.
* The TitleArrayFromResult hook has been deprecated.
* The EditPageBeforeEditToolbar hook has been deprecated; it has become
defunct after the classic edit toolbar was removed. Use one of the many
other EditPage hooks instead.
* Deprecated the class name MediaWiki\User\WatchlistNotificationManager; use
MediaWiki\Watchlist\WatchlistManager instead. Deprecated the method
MediaWikiServices->getWatchlistNotificationManager(); use
MediaWikiServices->getWatchlistManager() instead.
* The "ArticleEditUpdatesDeleteFromRecentchanges" hook, deprecated in 1.35, has
been removed. Other hooks like "RecentChange_save" can be used instead.
=== Other changes in 1.36 ===
* The 'tidy' key in ParserOptions (used in the parser cache) has been removed.
It has had no effect since 1.35.
* A future release of MediaWiki will make `{{=}}` a built-in parser function,
for use when automatically escaping the `=` character in template arguments.
A tracking category and parser warning have been added to this release when
`{{=}}` is used and it expands to something other than `=`.
* The implementation of TestFileReader::read has been changed to use Parsoid's
parser test file parser. This should be compatible with existing code, but it
only supports version 2 of the test file specification and may be more strict
when parsing invalid input, including duplicate tests.
* BeforeParserFetchTemplateRevisionRecord, a new hook, unifies and replaces the
old BeforeParserFetchTemplateAndtitleHook and ParserFetchTemplateHook.
* The SkinLessImportPaths attribute was added, allowing skins to add a directory
to the import path for LESS stylesheets. Skins can use this to provide a
custom version of mediawiki.skin.variables.less, setting skin-specific values
for certain LESS variables.
* The interaction between ContentHandler::getParserOutputForIndexing() and
ContentHandler::getDataForSearchIndex() has been clarified (the latter should
only be called with the result of the former). Extensions may override
getParserOutputForIndexing() to skip generating HTML, which may improve
indexing performance. (The default implementation still generates HTML, and
getDataForSearchIndex() implementations can still rely on it if they do not
over-ride getParserOutputForIndexing().)
* Article::fetchContentObject, ::mContentObject, ::mContentLoaded,
::mRevIdFetched, all deprecated since 1.32, were removed.
* Article::mParserOptions and ::setParserOptions were removed.
* Article and ImagePage::getEmptyPageParserOutput, unused, were removed.
* ParserCache's default serialization format was changed from PHP serialization
to JSON serialization. In case some installed extension do not support JSON
yet, $wgParserCacheUseJson can be used to revert back to PHP serialization.
* PermissionManager::groupHasPermission, ::getGroupPermissions and
::getGroupsWithPermission were deprecated, use GroupPermissionsLookup
service instead.
* WatchedItemStoreInterface now accepts PageIdentity where it accepted
LinkTarget, calling with LinkTarget was deprecated.
* 'movable' attribute has been added to the 'namespaces' property of
extension.json schema. Extensions that define namespaces can set it to
`false` to disallow moving pages in the specified namespace. Extensions
should either use this or NamespaceIsMovableHook, but not both. The hook
overrides the attribute.
== Compatibility ==
MediaWiki 1.36 requires PHP 7.3.19 or later and the following PHP extensions:
* ctype
* dom
* fileinfo
* iconv
* intl
* json
* mbstring
* xml
MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used,
but support for them is somewhat less mature.
The supported versions are:
* MySQL 5.5.8 or later
* PostgreSQL 9.4 or later
* SQLite 3.8.0 or later
== Online documentation ==
Documentation for both end-users and site administrators is available on
MediaWiki.org, and is covered under the GNU Free Documentation License (except
for pages that explicitly state that their contents are in the public domain):
https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
== Mailing list ==
A mailing list is available for MediaWiki user support and discussion:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
A low-traffic announcements-only list is also available:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
It's highly recommended that you sign up for one of these lists if you're
going to run a public MediaWiki, so you can be notified of security fixes.
== IRC help ==
There's usually someone online in #mediawiki on irc.libera.chat.
= MediaWiki 1.35 =
MediaWiki 1.35 should mostly work on PHP 8.0/8.1, however it is not
currently actively supported. Testing (on a development wiki!) is
appreciated, and bugs with PHP 8.0/8.1 on MediaWiki 1.35 will be accepted.
It is anticipated that in a later MediaWiki 1.35 point release, we can
declare 1.35 as supporting PHP 8.0/8.1.
PHP 8.0 workboard: https://phabricator.wikimedia.org/tag/php_8.0_support/
PHP 8.1 workboard: https://phabricator.wikimedia.org/tag/php_8.1_support/
PHP 8.2 workboard: https://phabricator.wikimedia.org/tag/php_8.2_support/
PHP 8.3 workboard: https://phabricator.wikimedia.org/tag/php_8.3_support/
== MediaWiki 1.35.14 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.13 ===
* Localisation updates.
* (T344912) mail: Encode period (ascii 46) if it appears in encoded email
header.
* (T347726, CVE-2023-51704) SECURITY: logging: Fix non-escaped messages
used in rights log.
== MediaWiki 1.35.13 ==
This is a maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.12 ===
* Tarball release to fix backport issues with patch for T341529.
== MediaWiki 1.35.12 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.11 ===
* Localisation updates.
* (T333050, CVE-2023-45363) SECURITY: Fix infinite loop for
self-redirects with variants conversion.
* (T341434) WikiImporter: Improve error message output.
* (T341737) ApiBase: Cast $id to string in filterIDs.
* (T342632) ApiComparePages: Add help url.
* (T347227) ImportReporter: Make callback functions public.
* doc: Improve description of type in extension.schema.v1.json.
* (T340221, CVE-2023-45360) SECURITY: XSS via
'youhavenewmessagesmanyusers' and 'youhavenewmessages' messages.
* (T341529, CVE-2023-45362) SECURITY: diff-multi-sameuser
("X intermediate revisions by the same user not shown") ignores username
suppression.
* (T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted XML
file to Special:Upload (non-standard configuration).
== MediaWiki 1.35.11 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.10 ===
* Localisation updates.
* (T333990) composer.json: Explicitly pin psr/http-message to 1.0.1.
* (T335203, CVE-2023-29197) SECURITY: Upgrading guzzlehttp/psr7
(1.9.0 => 1.9.1).
* (T269636) Add Access-Control-Max-Age to $wgAllowedCorsHeaders.
* (T322944) Add Authorization to default $wgAllowedCorsHeaders.
* (T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter.
* (T297917) objectcache: avoid use of ctype_digit() in
WANObjectCache::adaptiveTTL().
* (T330464) Work around argument corruption bug in XMLReader::open.
* (T313157) IndexPager: Also protect against $offset being 0.
* (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker.
== MediaWiki 1.35.10 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.9 ===
* Localisation updates.
* (T324895) MWCallbackStream: Add explicit $stream property.
* Remove /images .htaccess rules that are no longer relevent.
* Disable php in .htaccess of images directory as a hardening measure.
* (T322583) Include missing message parameter in message.
* Fix phan error when Excimer is enabled.
* (T274966) tests: Make pass on php8.0.
* (T323373) Parser: Fix extractSections() behavior for PHP >= 8.0.
* (T326021) Add matrix: to $wgUrlProtocols.
* api/en.json: api-help-datatype-expiry add missing 'may'.
* (T225218) Wait until the recent changes are updated.
* (T328222) Pass empty string to strlen() if schema is null for
PostgresDatabase.
* (T317329) OutputPage: Fix undefined ['host'] in ImagePreconnect code.
* (T289926) SpecialRevisionDelete: Set default of '' for wpReason.
* (T155582, T328503) Fix XML dumps for content types with non-string
getNativeData().
* (T295958, T278847) MediaWiki-Docker: Switch PHP images to PHP7.4.
* (T314099) revisiondelete: Replace dynamic property Status::$itemStatuses.
* (T329198) ParamValidator: Improve paramvalidator-help-multi-max message.
* (T292348) WikiImporter: do not fail if upload entry in dump lacks 'text'
tag.
* (T329484) API: Fix query+allimages user parameter description.
* (T330529) SpecialEditTags: Set default of '' for wpReason.
* (T330526) htmlform: Handle null from HTMLFormField::getDefault in
multiselects.
* (T285159, CVE-2023-29141) SECURITY: Do not apply autoblocks to untrusted
XFF headers.
== MediaWiki 1.35.9 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.8 ===
* Localisation updates.
* (T319000) WebInstaller: Don't try and run trim() on null.
* (T320864) When calling mail(), use an array for headers.
* (T311567) In ManualLogEntry, cast the comment to string.
* (T323082) Upgrading wikimedia/xmp-reader (0.7.0 => 0.8.5).
* Language: Handle ronna and quetta.
* (T304515) LCStoreStaticArray: atomically replace the cache file.
* (T324890, T324891, T324901) Parser: Allow dynamic properties on PHP 8.2.
* (T322637) SECURITY: sqlite should not create DB file world-readable.
== MediaWiki 1.35.8 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.7 ===
* Localisation updates.
* (T311568) UploadBase::setTempFile() handle $tempPath being passed as null.
* (T311559) SpecialListFiles: user parameter isn't always present.
* (T311561) ImageListPager: Don't call htmlspecialchars() on null.
* (T311920) SpecialBlockList: Prevent passing null to trim().
* (T311921) SpecialUserrights: Don't pass null to str_replace.
* (T311570) SpecialWithoutInterwiki: Don't pass null through to
Title::capitalize().
* (T311574, T311576) SpecialLinkSearch: Don't pass null through to the parser.
* (T312519, T312520) Parser::extensionSubstitution() Don't run substr() on null.
* (T287564) populateInterwiki: Include not null columns iw_api/iw_wikiid.
* (T312302) SpecialRedirect: Don't pass null to explode.
* RemoveInvalidEmails: Fix quoting for postgres.
* (T312678) import: UploadSourceAdapter::stream_read() don't pass null to
strlen().
* (T312300) SpecialDiff: Don't pass null to explode().
* (T312680) parser: Fix CoreParserFunctions::urlencode() null coalescence $arg.
* (T289926) Handle null passed to wfShorthandToInteger() and Html::element().
* (T289926) Ensure that strlen() does not get passed a (valid) null.
* (T312301) SpecialDiff: Don't pass null to trim().
* Hooks: Use more meaningful name for SkinAfterPortlet hook parameter.
* (T289926) Ensure we don't pass null to mb_strlen.
* (T312305, T311572, T311571, T311578) HtmlForm: Null coalescence in trim()
calls.
* (T289926) site: Consistently return null from Site::getDomain().
* (T307304, T289879) filebackend,jobqueue: Add signature for
FilterIterator::accept().
* (T312183) rdbms: Adapt hasOrMadeRecentPrimaryChanges test mock for PHP 8.1.
* Add application/vnd.ms-opentype to MIME list.
* Allow composer/installers plugin in composer.json.
* (T313663) Make HandlerTestTrait compatible with php8.1.
* (T313663) [php8.1] Change override of $wgResourceBasePath for CSP tests.
* Change type hints for BatchRowIterator and NotRecursiveIterator for
compatibility with PHP 8.1.
* (T313663) [php8] Don't use strlen on potentially null string.
* (T313663) [php8.1] Suppress test warning about providing null.
* (T313663) Parser will use current timestamp instead of null if passed a
RevisionRecord that does not have a timestamp.
* (T313663) Add explicit null check for $sha in FileBackend [php8.1].
* (T313663) LogFormatter: Cast argument of ctype_digit to string [php8.1].
* (T289879, T289926) Get rid of warnings on PHP 8.1.
* rdbms: fix some PHP 8 warnings in Database/LoadBalancer/LBFactory.
* (T313663) Avoid testing strlen on null in ApiQuerySiteinfo [php 8.1 compat].
* Fix a couple deprecation warnings in the installer under PHP 8.1.
* (T313663) Use default timezone UTC for SpecialWatchlistTest [php 8.1].
* (T314096) Migrate use of ${var}-style string interpolation.
* (T313663, T313662) Make default value for optional args {{PAGESINCAT:..}} be
'' not null.
* (T314225) SpecialCategories: Null coalescene $par.
* (T314099) User: Allow dynamic properties on PHP 8.2.
* (T314404) SpecialGoToInterwiki: Null coalescene $par.
* (T314397) SpecialBlock: Better handle null in getTargetUserTitle.
* (T314099) phpunit: Fix trivial dynamic property usages in tests.
* (T314405) UploadStash: Check if us_prop is set in the fileMetadata.
* (T314550) SpecialMergeHistory: Set timestamp to '' if no mergepoint.
* (T314551) SpecialMergeHistory: Set defaults for target and dest parameters.
* api: Add rel=nofollow to help examples.
* (T314824) tests: Update parser test after i18n change.
* (T263927) Add autocomplete HTML attribute to common auth form fields.
* (T307613) Validate length of user email on Special:ChangeEmail/
Special:CreateAccount.
* (T314906, T314907) SpecialBlock: Set defaults for wpPageRestrictions and
wpNamespaceRestrictions.
* (T315309) ImportStreamSource::newFromURL() Prevent passing null to fwrite.
* (T315892) composer.json: Pin phpunit to 8.5.28.
* (T229092) MigrateActors.php: ignore duplicate creations of actors.
* (T313049) Bump wikimedia/parsoid to v0.12.3.
* (T317750) session: Fix broken SessionTest case due to PHPUnit dependency
change.
* (T318460) SpecialChangeEmail: Set default for returntoquery.
* (T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results
in an IP range check on Special:Contributions.
* (T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence
of hidden users.
== MediaWiki 1.35.7 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.6 ===
* Localisation updates.
* (T289879) Type hints for ArrayAccess.
* (T304783) TemplateParser: avoid warnings when called by NoLocalSettings.
* Rebuilt vendor with composer 2.3.3.
* (T289879) Address some deprecations for PHP 8.1.
* Fix old_name in UserLogoutComplete hook.
* (T286260, T307979) objectcache: normalize $exptime to a TTL in
APCUBagOStuff/WinCacheBagOStuff.
* MediaSearchWidget should declare an explicit dependency on mediawiki.user
module.
* (T288423) WikiImporter: Replace deprecated WikiRevision::setText.
* (T309377, CVE-2022-29248, T311384, CVE-2022-27776) Updating guzzlehttp/guzzle
(6.5.5 => 6.5.8).
* (T308471) SECURITY: Escape welcomeuser message passed to showSuccessPage().
* (T311272) Call parent constructor of AddSite maintenance script first.
* MediaWiki: Don't eagerly initialize action name.
* (T289926) Avoid passing null to trim() in SkinTemplate.
* (T307282) Avoid passing null to strcasecmp(), for PHP 8.1.
* (T311552) ChangesListSpecialPage: Don't pass null to FormatJson::decode().
* (T311569) FileBackend::isStoragePath() Handle being passed null.
* (T311544) Pass int to ApiUsageException::newWithMessage()'s $httpCode param.
* (T311678) SpecialEditWatchlist: Prevent passing null to strtolower().
* (T281741) ChangeTags: Fix adding CSS classes for hidden tags.
* (T296642) changetags: Fix management of a '0' tag.
* (T311554) ChangeTags: Return early in formatSummaryRow() if $tags === null.
* (T303033) Handle null in ChangeTags::modifyDisplayQuery.
== MediaWiki 1.35.6 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.5 ===
* (T298261) Fix support for Composer 2.2.
* (T298283) composer.json: Add wikimedia/composer-merge-plugin to allow-plugins.
* Update doctrine/dbal (3.0.0 => 3.1.5).
* (T298564) MemcachedClient: Add support for IPv6.
* (T297543, CVE-2022-28202) SECURITY: properly escape output used within
galleries and Special:RevisionDelete.
* (T268847) Suppress deprecation warnings from libxml_disable_entity_loader().
* (T283275) Fix PHP 8.0 failure of WikiExporterFactoryTest.
* (T274966) Upgrading wikimedia/html-formatter (1.0.2 => 2.0.1).
* Fix the json schema and the extension processor for Parsoid extension modules.
* (T299696) update.php: Avoid passing null to substr.
* In PHP 8.1 don't throw exceptions from mysqli.
* (T289926) SiteConfiguration: Don't pass null to str_replace().
* (T264735) Fix deprecation warning from CURLPIPE_HTTP1.
* (T260735) Stop using is_resource() where possible.
* (T289879) Apply ReturnTypeWillChange to various implementations of built in
interfaces.
* (T299312) Implement __serialize/__unserialize for PHP 8.1 support.
* ExtensionRegistry: Add process cache for lazy attributes.
* (T301041) ApiPageSet: Add "missing": true to missing revisions.
* Allow ParsoidModules extension schema to register services.
* (T297708) Allow setting max execution time to several special pages.
* Upgrading wikimedia/object-factory (v2.1.0 => v2.2.0).
* (T302540) composer.json: Add ext-calendar to require.
* (T302540) composer.json: Add ext-simplexml to require-dev.
* (T302540) composer.json: Add various PHP extensions to suggests.
* Upgrading symfony/polyfill-php80 (v1.23.1 => v1.25.0).
* (T303871) Add Title::getId() as an alias for ::getArticleId().
* (T304008) Don't re-check "Move subpages" on Special:MovePage after a warning.
* (T293576) listFiles: Display file name instead of version.
* (T303560) Installer: Check correct PCRE_CONFIG_NEWLINE value.
* wrapOldPasswords: add \n to two output calls.
* (T304993) Make editcontentmodel a part of editpage grant.
* (T297571, CVE-2022-28201) Title::newMainPage() goes into an infinite recursion
loop if it points to a local interwiki.
* (T297731, CVE-2022-28203) Requesting Special:NewFiles on a wiki with many file
uploads with actor as a condition can result in a DoS.
== MediaWiki 1.35.5 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.4 ===
* (T290697) Add symfony/polyfill-php80.
* IcuCollation: Add some more icu to unicode version mappings.
* ApiBase: Annotate deprecated constants individually.
* PHPVersionCheck: Mark PHP 7.4.0 - 7.4.2 as buggy.
* (T293044) installer: Fix 5th param to sourceFile() in DatabaseUpdater.
* (T291127) Always encode spaces in cookie values as "%20".
* Use LocalFile::getHookRunner instead of LocalFile::hookRunner.
* HistoryBlobStub: add getLocation() to get $mOldId.
* Fix checkStorage.php.
* checkStorage: pass no parameters to WikiRevision::getContent().
* (T292763, CVE-2021-44854) SECURITY: Do not cache private wiki completion
results.
* (T294316) Revert "Mark ApiClientLogin/ApiLogin as requiring write mode".
* (T250068) resources: Upgrade jQuery from 3.4.1 to 3.6.0.
* (T250068) resources: Upgrade jquery-migrate from 3.1.0 (patched) to 3.3.2
(patched).
* (T294796) JobQueueRedis: Replace deprecated zSize with zCard.
* (T212428, T267468) Allow populateContentTables to continue when there are
bad blobs.
* (T295191) ApiQuerySiteinfo: Fix "rightsinfo"/"url" when $wgRightsPage is
set.
* Update pear/mail_mime to 1.10.11.
* Update deprecated Guzzle Psr7 function calls.
* Tweak error message for missing composer dependencies.
* (T296112) Allow inserting new sections named '0'.
* nukeNS: don't run purgeRedundantText() after every change.
* (T225888) RollbackAction: fix missing pagetitle.
* (T297322, CVE-2021-44858, CVE-2021-44857) SECURITY: Fix permissions checks in
undo actions.
* (T297574, CVE-2021-45038) SECURITY: Fix permissions check in action=rollback.
* (T34716, T297416) SECURITY: Require 'read' right for most actions.
* (T271037, CVE-2021-44856) SECURITY: Fix use of EditFilterMergedContent hook
when changing content model.
== MediaWiki 1.35.4 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.3 ===
* (T283394) Mark ApiClientLogin/ApiLogin as requiring write mode.
* (T283273) Make postgres IRC channel point to libera.chat.
* (T289108) ExtensionProcessor: Remove loaderScripts from extension.json
schemas.
* (T281549) Installer: Fix mediawiki-announce auto subscription code.
* FormatJson: Optimize encode() for supported PHP versions.
* (T290398) renameRestrictions.php: Update protected_titles as well.
* $wgMimeTypeBlacklist - This configuration array now prohibits the RFC 4329
form of JavaScript, 'application/javascript', as well as previous MIME types.
* (T51097, T290273) resourceloader: Call getStyleFiles from
FileModule::getFileHashes.
* (T277788) parser: Avoid calling ParserOptions::getOption() too many times.
* (T285515, CVE-2021-41798) SECURITY: XSS vulnerability in Special:Search.
* (T290379, CVE-2021-41799) SECURITY: ApiQueryBacklinks can cause a full
table scan.
* (T284419, CVE-2021-41800) SECURITY: fix PoolCounter protection of
Special:Contributions.
== MediaWiki 1.35.3 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.2 ===
* (T259685) SQLite compatibility with ZeroConf VisualEditor was fixed in 1.35.2.
* (T196906, T242751) Fix the test MonologSpiTest::testDefaultChannel.
* (T279964) Parser: Trim trailing whitespace as the last step in pre-save
transform.
* (T278026) rdbms: Add DB_PRIMARY to replace DB_MASTER.
* (T252853) Update updateSearchIndex.php to 2006+ standards.
* (T276945) Define a batch size in maintenance/manageJobs.php.
* (T276945) Implement JobQueueDB::getAllAbandonedJobs.
* (T269676) authevents: strval() variables passed to status when logging.
* (T280944) $wgIncludejQueryMigrate - This setting allows the jQuery Migrate
plugin to be disabled. It has been enabled by default since MediaWiki 1.27.
* (T281584) apihelp-query+iwlinks-param-prop: s/interlanguage/interwiki/.
* (T281635) Delete maintenance/cleanupAncientTables.php.
* (T282133) RedisConnectionPool: Suppress phan issue.
* (T281549) WebInstaller: Don't show the announce-l subscribe
checkbox temporarily.
* (T278266) Fix annoying E_NOTICE about undefined 'alt' index in
Skin#makeFooterIcon.
* (T264214) UserRightsProxy::addGroup has to be allowed to update the
old group as well, which is used for granting interwiki rights.
* (T269776, T278266) getFooterIcons should not return empty arrays.
* (T274966) Skip AvroFormatterTest::testSchemaNotAvailable on PHP 8.0.
* phpunit: fail on warnings.
* (T283247) Freenode -> Libera per wikimedia moving from
freenode to libera.
* (T243124) Make phpunit:unit accept extension*.json to populate the classes.
* (T142663) Add extension.json merge strategy "provide_default".
* (T283540) HookContainer: Fix normalization of callback for static handler.
* (T283464) Fix array order for array_replace_recursive merge strategy.
* (T247223) Optimise MessageCache::isMainCacheable() for the single-message
case.
* (T278579) Don't send headers on ob_end_clean().
* (T280226, CVE-2021-35197) SECURITY: Prevent blocked users from purging
pages.
== MediaWiki 1.35.2 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
MediaWiki 1.35.2 supports Composer 2.0. It is recommended to make sure your
libraries are up to date on Composer 1.x, before running Composer 2.x.
While normally running update.php isn't required for point releases,
it is recommended to run it for 1.35.2 so that iwlinks.iwl_prefix is
updated to take 32 characters.
=== Changes since MediaWiki 1.35.1 ===
* (T270450) The confusingly-named User->isLoggedIn() method has been deprecated
in favour of the method it wraps, User->isRegistered().
* Upgrade pimple/pimple from 3.3.0 to 3.3.1 for PHP 8.0 support.
* Upgrade seld/jsonlint from 1.7.1 to 1.8.3 for PHP 8.0 support.
* Upgrade doctrine/dbal from 2.10.4 to 3.0.0 for PHP 8.0 support.
* (T270734) Fix display of Special:Preferences URL in password reset email.
* (T252774, T271441) resourceloader: Give SkinModule 'features' option an
extensible default.
* (T271441) Unknown features shouldn't break style output.
* (T264986) Make use of CURLMOPT_MAX_HOST_CONNECTIONS conditional on having
curl >= 7.30.0.
* DefaultSettings.php: Update $wgPingback documentation.
* Fix docs for LanguageConverter::translate.
* (T272250) Don't rely on implicit string->int cast in comparison.
* (T272327) Exif::isSlong: Cast input to float so PHP 8.0 abs() doesn't whine.
* (T272328) UploadBase: Don't call MimeAnalyzer if mTempPath is null.
* Remove nonfunctional default sampling for WANObjectCache metrics.
* (T258851) Prevent service injection to LoadExtensionSchemaUpdates hook.
* (T270852) Hooks: Map dash character to underscore when generating hook names.
* (T271551, T270145) Fix fetching ipblock-exempt within
BlockManager::getUserBlock.
* PHPVersionCheck: The PHP Group only supports PHP >= 7.3.0.
* (T248925) Set empty closures in DatabaseTest to fix PHP 8 tests.
* (T34217) rdbms: Remove outdated MySQL 4 references and fix doc URLs.
* (T248925) Special:Contributions reports negative namespace error on PHP 8.
* (T248925) objectcache: Fix non-numeric string check in HashBagOStuff for
PHP 8.
* (T248925) Fix CacheTime::getCacheExpiry for PHP 8.
* (T259685) Allow REST API POST handlers to opt out of mandatory SQLite locking.
* (T91820, T259685) MWLBFactory: rename magic HTTP header for opting out of
SQLite write lock.
* (T272326) Fix DeprecationHelperTest on PHP 8.
* Upgrade wikimedia/less.php from 3.0.0 to 3.1.0 for PHP 8.0 support.
* (T236639) OutputPage: Make $wgDebugRedirects work again.
* (T274648) registration: Allow reusing cached metadata between wikis.
* CdnCacheUpdate: Send full URL instead of path to Curl for purge.
* Upgrade monolog/monolog from 1.25.3 to 2.2.0 for PHP 8.0 support.
* FileBackend: Do not use SOCKET_ENOENT on windows.
* (T275441) ApiQueryUserInfo: Allow all uiprops to be requested at once.
* (T275261) Escape wikitext in the title in invalid title error messages.
* (T275242) Extend iwlinks.iwl_prefix to VARBINARY(32) on MySQL.
* (T246594, T270228) PHPVersionCheck: Complain about known-bad versions above
minimum.
* (T275824) Upgrade wikimedia/composer-merge-plugin from 1.4.1 to 2.0.1 for
Composer 2.0 support.
* (T269293) Record all used options in metadata.
* Allow usage of Composer 2.0 to install MediaWiki's dependencies.
* (T259872) skins: Call headElement() after getTemplateData() in SkinMustache.
* (T277009, CVE-2021-30158) SECURITY: Allow blocked users to access
Special:ResetTokens.
* (T272412) Add "Account data" section to user preferences.
* (T268310) Add list of thumbnail urls to LocalFilePurgeThumbnails hook.
* (T277520) registration: Allow specifying immovable namespaces in
extension.json.
* (T275619) Maintenance::hasOption and Maintenance::getOption now behave as
documented and are not altered by previous calls to these methods.
* (T254688) Remove page inner join from subquery in SpecialWhatLinksHere.
* (T122124) signup: added help message for security.
* (T278014, CVE-2021-30154) SECURITY: Escape mediastatistics-header-* messages
on Special:NewFiles.
* (T278058, CVE-2021-30157) SECURITY: Escape rcfilters-filter-* messages on
ChangesList pages.
* (T277414) HTMLFormField: Use non namespaced class name rather than
static::class.
* (T268673) maintenance: Don't create SearchUpdate in rebuildtextindex.php
for page_namespace below 0.
* (T246594, T270228) Mark ParserOptionsTests skipped on PHP 7.4.0-7.4.8.
* (T268230) Switch to new MediaWiki logo by Serhio Magpie.
* (T271735) Expand config-pingback-help, link to privacy policy in
config-pingback.
* Fix documentation of user-global in $wgRateLimits.
* BackupDumper: Add -o as shortcode for --output.
* (T235554) Disable DEFER_SET_LENGTH_AND_FLUSH headers to avoid HTTP errors.
* (T270713, CVE-2021-30152) SECURITY: Allow user to only apply protection they
have right to do so via action=protect.
* (T272386, CVE-2021-30159) SECURITY: Non-admin deleted enwiki page in fast
double move.
* (T270988, CVE-2021-30155) SECURITY: ContentModelChange: Check that user can
create pages.
* (T279451, CVE-2021-30458) SECURITY: Parsoid comment fostering allows for
inserting mostly arbitrary <meta> tags.
== MediaWiki 1.35.1 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
While normally running update.php isn't required for point releases,
it is recommended to run it for 1.35.1 so that sites.site_language is
updated to take 35 characters.
Watchlist Expiry is no longer considered experimental, but is off by default.
To enable it, set $wgWatchlistExpiry = true; in your LocalSettings.php.
=== Changes since MediaWiki 1.35.0 ===
* (T263929) purgeList.php Fix all-namespaces option to match one used in code.
* (T248719) ParserCache::get - fix wfDeprecated call.
* (T261430) WatchlistExpiryWidget: Move focus to expiry dropdown after hitting
Tab.
* Preload mediawiki.watchstar.widgets before api request.
* (T261030) ApiEditPage: Show existing watchlist expiry if status is not being
changed.
* (T264502) Fix PHP 8 compat with strcspn() $length parameter exceeding string.
* (T248925) Remove final modifier on private function.
* (T264683) Remove ipb_anon_only from ipb_address_unique index addition.
* (T261415) Add days left messages to changes-lists' clock icons.
* Fix order of wfDeprecated parameters in ExternalStoreDB::getSlave.
* (T261260) Preload class used in HeaderCallback.
* (T260868, T260009) Normalize WatchedItem expiry field.
* (T264683) Remove doTable check from (Mysql|Sqlite)Updater::indexHasFields.
* (T264534) ApiPageSet: Avoid infinite loop when merging redirects.
* (T196906) Empty Monolog loggers are now real blackholes.
* (T258649) WatchAction: avoid UPDATE when old and new watch period is
indefinite.
* Parser: Adjust typehint to show that getTitle can return null.
* (T263592) media: Fix case of FlashPixVersion in
FormatMetadata::makeFormattedData().
* (T265223) BaseTemplate: Guard against passing zero arg to array_merge().
* (T264965) Fix base path handling for MessagePosterModule registration.
* (T252183) Fix Database::getTempTableWrites for multi table DDLs.
* (T182546) Fix switch/case indentation per mediawiki coding conventions.
* Flip Yoda conditionals.
* (T263213) Move SkinTemplate::getFooterLinks() to Skin.
* build: Updating mediawiki/mediawiki-codesniffer to 33.0.0.
* (T267105) Make ImageBuilder::checkMissingImage public.
* Updating guzzlehttp/guzzle (6.5.4 => 6.5.5).
* (T266681) Support new style hook registration on install and update.
* (T266980) Fix unsetting of copyright icon in FooterIcons.
* upload.js: Don't assume that warnings array will include 'code' key.
* upload.js: Fix typo in upload API.
* (T264333, T190988, T266903) Pass along ignorewarnings param to all
individual chunks being uploaded.
* (T267558) importTextFiles.php: Replace deprecated WikiRevision:setText().
* (T266418) composer.json: add requirement for composer-plugin-api ^1.1.
* (T261431) Add ARIA attributes to watchlink and its notification.
* (T258877) Change invalid 'Content-Encoding: none' header.
* Fix trailing ; in patch-sites-site_language-35.sql.
* (T248852) wfAssembleUrl: Handle empty query field in URL bits.
* (T268846) Updating wikimedia/testing-access-wrapper (1.0.0 => 2.0.0).
* (T268887) migrateComments: Cast array keys back to string before passing
to the DB.
* (T266619) Introduce new $wgThumbPath config.
* (T269178) MemcachedClient: Cast Resource to integer.
* (T263925) Use the old HookContainer to set up the post-reset services.
* Change "site cache" to just "cache" in the right-purge message.
* [UploadedFileStreamTest] Skip test with chmod.
* (T269710) Updating composer/semver (1.5.1 => 1.7.2).
* (T269710) Updating mediawiki/mediawiki-codesniffer (33.0.0 => 34.0.0).
* (T260631, T260633), BotPassword::save() now returns a Status object for the
result rather than a bool. The length of the bot password grants and
restriction fields are now validated, and an error will be thrown if it
would be truncated by the database.
* (T265778) Fix English/*nix specific error messages in FSFileBackend.
* (T267543) Split dropping of image.img_user_timestamp.
* [FileTest] Do not assume /tmp exists on windows.
* Clean up temp files correctly after unit tests.
* Skip undo related phpunit tests when diff3 is missing.
* (T269964) rdbms: Remove outer parentheses in insert query for Postgres.
* (T263911) In MWExceptionHandler::report(), catch all throwables.
* (T268894, CVE-2020-35474) SECURITY: Use Html::element in
ChangeListSpecialPage for sanity.
* (T268917) Use Xml::element in SpecialUserrights for sanity.
* (T268938, CVE-2020-35478, CVE-2020-35479) SECURITY: Pass escaped html
to LogFormatter::makePageLink for sanity.
* (T268938) Fixed mixed escaping in Language::translateBlockExpiry.
* (T263911) UserOptionsManager: don't differentiate anons caches.
* (T261260) HeaderCallback: pre-cache request ID.
* Parsoid updated to v0.12.1.
* (T205908, CVE-2020-35477) SECURITY: Unable to change visibility of log
entries when MediaWiki:Mainpage uses Special:MyLanguage.
* (T120883, CVE-2020-35480) SECURITY: Divergent behavior for contributions
and user pages of hidden users and missing users.
* (T270145) Fix condition that can lead to using APCOND_BLOCKED in
$wgAutopromote to cause an OOM in PHP.
== MediaWiki 1.35.0 ==
=== Changes since MediaWiki 1.35.0-rc.3 ===
* (T261258) Remove checks for ancient ImageMagick versions in BitmapHandler.
* (T260232) Don't include null page ids in query list for category dumps.
* (T260009) Check existing watchitem when saving action=watch.
* (T259055) Correct success messages for action=watch.
* mediawiki.page.ready: Simpler tablesorter/makeCollapsible call.
* mediawiki.page.ready: Fix skin override config flags, wrong way round.
* (T262175, T248512) Remove requirement for ApiWatchlistTrait to be in ApiBase.
* (T259053, T260434) Watchlist: Fix updateWatchLink removing css class when
action=watch.
* (T261901, T261476) mediawiki.notification: Don't close notif when clicking
<select> element.
* (T251506) Sanitizer: Truncate IDs to a reasonable length.
* (T259452) Parsoid updated to v0.12.0.
* (T261970) watch.ajax: Add expiry support to watchpage.mw event.
* (T262900) Fix failure of rebuildLocalisationCache.php due to ResourceLoader
hook.
* (T263014) Hard deprecate File::userCan() with $user=null.
* (T262547) Use localized success message after watching via action=watch.
* (T201491) Fix typo 'Watchlst' in `apihelp-edit-param-watchlistexpiry`.
* (T261081) Installer: consistently reset Language objects.
* (T250449, T250450) Installer: consistently reset Language objects.
* Explicitly wrap some XML calls in libxml_disable_entity_loader().
* (T262934) Ensure dropdown label is always on its own line.
* (T246855) resourceloader: Use a local HookRunner.
* (T263604) Have findBadBlobs.php require Maintenance.php rather than
cleanupTable.inc.
* (T263606) Set fake time, to avoid flaky tests.
* (T261325) Add FindMissingActors script.
* (T262364) shell: Don't blacklist /run/firejail.
* (T263655) NewPagesPager: Ignore nonexistent namespaces.
* Update specialPageAliases and magicWords for Egyptian Arabic (arz).
* (T261347) ParserOutput: don't throw on bad editsection.
* (T232568, CVE-2020-25813) SpecialUserrights: If a viewer lacks `hideuser`,
ignore hidden users.
* (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on
Special:Contributions.
* (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within
LogEventsList.
* (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking
firejail's --output functionality.
* (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and
'style' attribute.
* (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in
mw.message( ... ).parse().
* (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct
database.
* (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used.
* Add Finnish special page aliases.
* Fix GuzzleHttpRequest request headers.
* Fix description for pruneFileCache.php.
* emptyUserGroup.php: handle more than 5000 users.
* Make ApiSandbox copyable URL absolute.
* (T261087) Add a link from a deleted page to that page's logs.
== MediaWiki 1.35.0-rc.3 ==
=== Changes since MediaWiki 1.35.0-rc.2 ===
* (T258662) mediawiki.visibleTimeout: Update the nextVisibleTimeoutId value.
* Ensure Parsoid doesn't throw when <ref> is used w/o Cite installed.
* Remove maintenance/createCommonPasswordCdb.php.
* (T260468) Increase "sites.site_global_key" to varbinary(64).
* (T183759) Fix shell edge-cases in Windows.
* (T257879) Drop PHP 7.2 support; require 7.3.19.
* (T251661, CVE-2020-25827) SECURITY: User::pingLimiter: add user-global
rate limit type.
* (T246991) User: enforce pingLimiter() expiry time.
* (T256831) Rest: Handle Uri constructor exception.
* (T259094) Fix RequestFromGlobalsTest failing in Travis CI.
* (T256831, T261344) Rest: Use try/catch to handle URIs with embedded colon.
== MediaWiki 1.35.0-rc.2 ==
=== Changes since MediaWiki 1.35.0-rc.1 ===
* (T259693) uuid: Fix filenames on Windows.
* Remove Gruntfile.js and package-lock.json from the tarball.
* firejail: Strengthen by copying from Wikimedia's profile.
* (T260059) ResourceLoaderOOUIImageModule: loadOOUIDefinition() may return
false.
* (T30162, T245387) The installer supports using a Postgres server running
on a custom port other than 5432.
* (T260201) Support private wikis in Parsoid zero configuration mode.
* Fix bad use of `|=` PHP bit operation where `= … ||` bool is intended.
* (T259212) SpecialBlock: Show error if a block could not be inserted or found.
* (T255842) UserOptionsManager: fix options reset.
* (T258649) WatchAction: avoid unnecessary UPDATEs when expiry is unchanged.
* (T250851) Allow skins to override mediawiki.page.ready initialisation.
* (T250851) mediawiki.page.ready: Allow skins to disable search lazy load.
* (T253135, T255632) Update language in watchlist expiry.
* Use IPset in MWRestrictions::checkIP.
* (T259564) Fix race condition on edit page.
* (T260759) Hide watchlist expiry label in edit form.
* mime: Fix docs of MIME_EXTENSIONS, they're arrays, not space-separated.
* (T260031) Add application/font-sfnt to MimeMap for ttf files.
* (T259379) WatchedItemStore: Cache single WatchedItems with preexisting expiry.
* Add a maintenance script to create bot passwords.
* (T201269) Add Traditional Chinese zh-hant as fallback for Amis (ami).
* Improve wfParseUrl docs.
* (T251038) Add multi index fields in ImageListPager for unique paginate.
* (T259916) Guard against 'Widget not found' error.
== MediaWiki 1.35.0-rc.1 ==
=== Changes since MediaWiki 1.35.0-rc.0 ===
* (T252136) Fix RecentChanges watchlist filters when WatchlistExpiry is off.
* (T258662) Update time period for watchlist expiry pop-up.
* (T258443) Fix expiry dropdown not getting disabled on edit page.
* (T259398) Add license information for promise-polyfill.
* Remove executable bit from scripts without shebang.
* (T256526) Fix bold of watched items on Special:RecentChangesLinked.
* (T259060) Edit page expiry dropdown should keep state after
disabling/enabling.
* (T259009) Translate expiry period in pop-up message for watchlist expiry.
* (T258310) Add watchlist clock icon to RecentChanges.
* (T259362) Permit temporary table writes on replica DB connections.
* (T250214) Add UI support in Special:EditWatchlist for watchlist expiry.
* (T72470) Disable wgLegacyJavaScriptGlobals by default.
* (T130906) Add Edge to MediaWiki:Clearyourcache.
* (T257279) Add mediawiki.ui Less variable deprecation note.
* (T249521) Fixed reassignEdits.php to work with anonymous users.
* (T259448) Fix Circular dependency when creating service in
DBLoadBalancerFactory.
* (T257259) Default to using watchlist expiry of old page when moving pages.
== MediaWiki 1.35.0-rc.0 ==
== Upgrading notes for 1.35 ==
1.35 requires PHP 7.3.19 or above (up from 7.2.9). (T257879)
1.35 has several database changes since 1.34, and will not work without schema
updates. Note that due to changes to some very large tables like the revision
table, the schema update may take quite long (minutes on a medium sized site,
many hours on a large site).
Don't forget to always back up your database before upgrading!
MediaWiki 1.35 is the next LTS after 1.31, and will be supported for around 3
years.
MediaWiki has a lot of both soft and hard deprecations, and code removed. As
always, make sure your versions of extensions match the MediaWiki version,
and updates may be required to any custom extensions.
See the file UPGRADE for more detailed upgrade instructions, including
important information when upgrading from versions prior to 1.11.
Some specific notes for MediaWiki 1.35 upgrades are below:
* (T259685) When using SQLite as the database backend for MediaWiki,
Zeroconf (zero-configuration) VisualEditor/Parsoid only works with
MediaWiki 1.35.2 and above. It is still recommended to use
MySQL/MariaDB rather than SQLite when using VisualEditor.
For notes on 1.34.x and older releases, see HISTORY.
=== Configuration changes for system administrators in 1.35 ===
* (T72470) $wgLegacyJavaScriptGlobals is now false by default. This feature
will be completely removed in a later MediaWiki release.
==== New configuration ====
* $wgDiffEngine — This can be used to specify the difference engine to use,
rather than MediaWiki choosing the first of $wgExternalDiffEngine, wikidiff2,
or php that is usable.
* $wgSearchMatchRedirectPreference — This configuration setting controls whether
users can set a new preference, search-match-redirect, which decides if search
should redirect them to exact matches is available. By default, this is set to
false, which maintains the previous behaviour without preference bloat. Change
your site's default by setting $wgDefaultUserOptions['search-match-redirect'].
* $wgPoolCounterConf['SpecialContributions'] — Per-user concurrency in the use
of SpecialContributions can now be limited by setting this appropriately.
* $wgPasswordPolicy — PasswordCannotBeSubstringInUsername is a new password
policy check. Similar to the existing PasswordCannotMatchUsername check, this
check ensures that a user's (case-insensitive) password cannot be a part of
their username. e.g. password = MyPass, username = ThisUsersPasswordIsMyPass.
* $wgLogos — This new configuration setting combines the now-deprecated $wgLogo
and $wgLogoHD settings into a single, associative array. It provides support
for a new key, 'wordmark', for setting a horizontal wordmark to show next to
the graphical logo. To do this, set 'wordmark' to an array with 'src' set to
the path of the wordmark image, and 'width' and 'height' for its dimensions
in pixels. $wgLogos inherits the existing support provided by its predecessor
settings: '1x' mapping to the path of the logo as a 135x135px raster image
(equivalent to $wgLogo), and '1.5x', '2x', and 'svg' operating as before for
$wgLogoHD. If $wgLogos is unset, $wgLogo and $wgLogoHD values are read for
temporary backwards compatibility. (T232140)
* $wgWatchlistExpiry — (EXPERIMENTAL) This enables the new watchlist expiry
feature. The database table (watchlist_expiry) for this is created regardless
of this setting, but all other aspects of the expiry feature are controlled
by it. Enabling in production is discouraged for the time being. A future
MediaWiki 1.35 release will advertise this feature once it is stable.
* $wgWatchlistPurgeRate — This sets the chance of expired watchlist items being
purged on each page edit. Only has effect if $wgWatchlistExpiry is true.
* $wgWatchlistExpiryMaxDuration — This is the maximum definite relative duration
for watchlist expiries. Only has effect if $wgWatchlistExpiry is true.
* $wgImgAuthPath – This can be used to override the path prefix used when
handling img_auth.php requests. (T235357)
* $wgAllowedCorsHeaders — This is a list of headers which can be used in a
cross-site API request.
* $wgHTTPMaxTimeout and $wgHTTPMaxConnectTimeout — These allow site
administrators to limit the timeouts used by the HTTP client libraries.
This only affects callers using HttpRequestFactory and the deprecated
wrappers in the Http class.
* $wgCdnMaxageStale — This controls the Cache-Control s-maxage header for page
views when PoolCounter lock contention indicates that a stale cache entry
should be sent.
* $wgForceHTTPS — This makes the HTTP to HTTPS redirect be unconditional and
suppresses various hacks needed to support mixed HTTP/HTTPS wikis. We
recommend this be set to true on pure HTTPS wikis.
* $wgCookieSameSite — This setting allows login cookies to be sent with
SameSite=None. This is required for cross-site CentralAuth auto-login after
Chrome 84.
* $wgUseSameSiteLegacyCookies — This adds a compatibility hack to
SameSite=None cookies for browsers which implemented an incompatible draft
version of the specification.
==== Changed configuration ====
* $wgResourceLoaderMaxage (T235314) — This configuration array controls the
max-age for HTTP caching through the Cache-Control header. It has uses the
"versioned" key for urls that do have a version parameter, and the
"unversioned" key for urls without a version parameter. The sub keys for
"client" and "server" are no longer supported in MediaWiki 1.35.
* $wgEnableOpenSearchSuggest — This boolean variable is deprecated and no longer
used. The OpenSearch API is now always enabled.
* $wgAuthManagerConfig and $wgAuthManagerAutoConfig — These can now use the
'services' option in provider specifications.
* $wgVirtualRestConfig['modules']['parsoid'] —
- The defaults have been updated. If you were relying on the default values,
you may need to update your configuration.
- The 'URL' parameter, previously allowed for backwards-compatibility, has
been deprecated. Use 'url' instead.
* $wgXmlDumpSchemaVersion — Default is now set to XML_DUMP_SCHEMA_VERSION_11, so
dumps use the new dump format by default. Consumers of XML dumps should not
be affected if they ignore any unknown tags they encounter. Also, the format
is effectively unchanged for revisions that only contain the main slot. The
--schema-version option can be used with the dumpBackup.php script to set the
dump format. (T238921)
* $wgParserConf — This configuration is now deprecated. It has been
effectively constant since 2008, and is ignored by core code.
Configure the ParserFactory service in order to customize the Parser used.
* $wgAutoloadAttemptLowercase — This has been deprecated, and the default value
changed to false.
* $wgAllowImageMoving — This configuration setting is now deprecated. Instead,
use $wgGroupPermissions; e.g., to revoke sysops' ability to move images use
$wgGroupPermissions['sysop']['movefile'] = false.
* $wgAllowImageTag — This configuration is now deprecated; future parsers will
not support direct use of the HTML <img> tag in wikitext.
* $wgUseTwoButtonsSearchForm — This has been deprecated. If you maintain a skin
that relies on this and wishes to let system administrators change it, you
should convert it to a config variable specific to your skin. If you're using
it to configure your wiki, you should check individual skins to see whether
they have local skin config for the feature and use that.
* $wgPasswordPolicy — The deprecated policy 'PasswordCannotBePopular' has been
removed. Use PasswordNotInCommonList instead which covers many more passwords.
* Backwards compatibility for using an associative array
(e.g. [ '127.0.0.1' => 'bad-ip' ]) for $wgProxyList has been removed. This
was deprecated since 1.30. Please convert these arrays to indexed/sequential
ones (e.g. [ '127.0.0.1' ]).
* $wgShellRestrictionMethod — This now defaults to 'autodetect', which will
enable sandboxing for shell commands using firejail, if it's installed. To
disable restrictions, set it to false.
* $wgLegacyJavaScriptGlobals – This deprecated setting now default to false,
instead of true, ahead of its planned removal.
==== Removed configuration ====
* $wgSysopEmailBans — This setting, deprecated in 1.34, was removed. To let
sysops block email access, use $wgGroupPermissions['sysop']['blockemail'].
* $wgDBWindowsAuthentication — This setting had no effect anymore after support
for SQL Server was removed in 1.34. (T230418)
* $wgProfileOnly — This setting, deprecated in 1.23, was removed. The profiler
output should instead be configured via $wgProfiler['output'].
* $wgProfileLimit — This setting, deprecated in 1.25, was removed.
Set $wgProfiler['threshold'] instead.
* $wgDebugTimestamps — This setting was removed. It affected the text output
produced via $wgDebugComments, if enabled.
* $wgSkipSkin — This setting, deprecated in 1.23, was removed. To disable a
skin from being shown, use $wgSkipSkins.
* $wgUseSquid, $wgSquidServers, $wgSquidServersNoPurge, and $wgSquidMaxage —
These, deprecated in 1.34, have been removed. Use $wgUseCdn, $wgCdnServers,
$wgCdnServersNoPurge, or $wgCdnMaxAge instead.
* $wgDisableCounters — This, deprecated in 1.25, was removed. The feature that
it controlled was already removed in 1.26, but the variable remained existent
with a value of `false` for backward-compatibility.
* $wgMaxGeneratedPPNodeCount — This setting was removed. It only affected
Preprocessor_DOM, which was deprecated in 1.34 and removed in this release.
* $wgFixArabicUnicode and $wgFixMalayalamUnicode — These, deprecated in 1.33,
were removed. The fixes are now always enabled for their respective languages.
* $wgAllowTitlesInSVG — This, unused and deprecated since 1.34, was removed.
* $wgEnablePartialBlocks — This setting, deprecated when it was added in 1.33,
was removed. Partial blocks are now always enabled.
* $wgLocalInterwiki — This setting, deprecated in 1.23, has been removed.
* $wgContentHandlerUseDB — This setting, deprecated in 1.34, has been removed.
* $wgMultiContentRevisionSchemaMigrationStage — This setting must no longer
be set locally. If the migration stage was set to anything other than
SCHEMA_COMPAT_NEW locally, update.php must be run after removing the setting.
Usage of the setting in code is deprecated. The setting will be removed
completely in 1.36.
* $wgEnableRestAPI — This setting is no longer obeyed by MediaWiki core, and
should not be set set locally. Usage of the setting in code is deprecated; it
is now set true by default. The setting will be removed completely in 1.36.
* $wgObjectCaches — The 'slaveOnly' option for SqlBagOStuff, deprecated in 1.34,
was removed. Use 'replicaOnly' instead.
=== New user-facing features in 1.35 ===
* (T204618) Whitelisted the aria-hidden HTML attribute for all elements in
wikitext.
* (T13456) Special:EditPage, Special:PageHistory, Special:PageInfo, and
Special:Purge have been created as shortcuts for each action.
Special:EditPage/Foo redirects to title=foo&action=edit, with PageHistory,
PageInfo, and Purge corresponding to action= history, info, and purge
respectively. When linked to, its subpage is used as the target. Otherwise,
it displays a basic interface to allow the end user to specify the target
manually.
* (T139221) The generated table of contents is now a navigation landmark role
for assistive technologies.
* (T245931) interwiki map API doesn't report foreign language if
$wgInterwikiMagic=false
* The form at ?action=watch has a new dropdown list to support expiry dates for
watchlist items (if $wgWatchlistExpiry is true).
=== New developer features in 1.35 ===
* A Docker based local development develpoment environment configuration is
included (T238224) and DEVELOPERS.md has been added with usage documentation
and links to further help.
* If CSP is enabled, extensions can now add additional sources using the
ContentSecurityPolicy::addDefaultSource, ::addStyleSrc and ::addScriptSrc
methods (e.g. $context->getOutput()->getCSP()->addDefaultSrc( 'example.com' ))
* Extensions can now specify classes and namespaces to be autoloaded by the
test autoloader, by setting the "TestAutoloadNamespaces" and
"TestAutoloadClasses" properties in extension.json. (T196090)
* (T250977) extension.json now allows "SearchMappings" which maps the canonical
name of the search engine (used in wgSearchType and wgSearchTypeAlternatives)
to a specification using the ObjectFactory specification. This allows
extensions to register Search Engines using namespaced classes.
* Added getters for OutputPage's robot, index and follow policies;
getRobotPolicy() returns the entire policy as a string in the form
<index policy>,<follow policy> while getIndexPolicy() and getFollowPolicy()
return their respective policies as a string.
* The ResourceLoaderSiteModulePages and ResourceLoaderSiteStylesModulePages
hooks were added to allow changing which wiki pages these modules contain.
* The SkinFactory now allows skins to be specified as an ObjectFactory spec,
allowing the construction of skins with services injected.
* ContentHandlerFactory for most ContentHandler static methods. It has been
added to the constructors for many classes to improve SOLID / GRASP.
* FileDeleteForm's constructor now accepts a user as the second parameter.
Support for not passing a user has also been hard-deprecated and will be
removed in 1.36.
* The ParserPreSaveTransformComplete hook was added.
* The ParserBeforePreprocess hook was added.
* The ResourceLoaderSkinModule class now has a "legacy" feature that loads
the stylesheets previously part of the "mediawiki.legacy.shared" and
"mediawiki.legacy.commonPrint" module.
Those modules are now deprecated and no longer loaded by skins.
For skins needing to retain these styles, you will need to load these
styles via a module using the ResourceLoaderSkinModule class.
See Vector and Monobook for examples.
* ParserOutput now has methods addExtraCSPStyleSrc, addExtraCSPDefaultSrc
addExtraCSPScriptSrc for parser tags/functions to be able to add sources
to the Content Security Policy.
* The HtmlCacheUpdater service was added to unify the logic of purging CDN cache
and HTML file cache to simplify callers and make them more consistent.
* The MultiHttpClient code will fallover to non-curl if curl_multi* is blocked.
* Preferences which use HTMLTitlesMultiselectField can make use of
MultiTitleFilter class for saving title text to/from article IDs in user
preferences.
* OutputPage::addHtmlClasses() was added to allow injecting CSS classes on
to the <html> element on page load.
* The SkinAddFooterLinks hook is added to allow extensions to add items to skin
footers. Previously this had to be done via SkinTemplateOutputPageBeforeExec.
Doing so using that hook is now hard deprecated.
* A new BlockPermissionChecker service was introduced for checking
block-related permissions.
* The support of 'database' type of extensions has been added to allow 3d party
databases like Percona be used as storage. See T226857, T253248.
* Three new return parameters have been added to the
EditPageGetCheckboxesDefinition hook. Handlers of this hook are no longer
restricted to defining checkboxes. See the documentation of
EditPage::getCheckboxesDefinition() for more details.
* New flag File::RENDER_TMP was added in order to allow
File::generateAndSaveThumb and File::trasform to render a thumbnail without
saving it to the storage.
=== External library changes in 1.35 ===
==== New external libraries ====
* Added wikimedia/ip-utils 1.0.0.
* Added wikimedia/parsoid 0.12.3.
* Added wikimedia/services 2.0.1.
* Added taylorhakes/promise-polyfill v8.1.3.
* Added vuejs v2.6.11.
* Added vuex v3.1.3.
* Added symfony/symfony/polyfill-php80 1.25.0.
===== New development-only external libraries =====
* Added doctrine/dbal 3.1.5.
* Added doctrine/sql-formatter 1.1.0.
* Added pimple/pimple 3.3.1.
==== Changed external libraries ====
* pear/mail_mime was upgraded from 1.10.2 to 1.10.11.
* wikimedia/less.php was upgraded from 1.8.0 to 3.1.0.
* Updated oojs from 3.0.0 to 5.0.0.
* Updated OOUI from 0.35.1 to 0.39.3.
* zordius/lightncandy was upgraded from 0.23.0 to 1.2.5.
* Updated jQuery from v3.3.1 to v3.6.0.
* Updated jQuery Migrate from v3.0.1 to v3.3.2.
* Updated wikimedia/assert from 0.2.2 to 0.5.0.
* Updated pear/net_smtp from 1.8.1 from to 1.9.1.
* Updated psr/log from 1.0.2 to 1.1.3.
* Updated jquery.i18n from 1.0.5 to 1.0.7.
* Updated guzzlehttp/guzzle from 6.3.3 to 6.5.8.
* Updated wikimedia/xmp-reader from 0.6.3 to 0.8.5.
Fixes error log spam with too-large XMP data, and adds support for GPano tags.
* Updated wikimedia/base-convert from v2.0.0 to v2.0.1.
* Updated composer/semver from 1.5.0 to 1.7.2.
* Updated wikimedia/remex-html from 2.1.0 to 2.2.0.
* Replaced wikimedia/password-blacklist 0.1.4 with wikimedia/common-passwords
0.2.0.
* Updated wikimedia/composer-merge-plugin from 1.4.1 to 2.0.1.
* Updated wikimedia/html-formatter from 1.0.2 to 2.0.1.
* Updated wikimedia/object-factory from 2.1.0 to 2.2.0.
===== Changed development-only external libraries =====
* Updated symfony/yaml from 3.4.28 to 5.0.5.
* Updated nikic/php-parser from 3.1.5 to 4.4.0.
* Updated php-parallel-lint/php-console-highlighter from v0.3.2 to v0.5.
* Updated php-parallel-lint/php-parallel-lint from v0.9.2 to v1.2.0.
* Updated psy/psysh from 0.9.9 to 0.10.4.
* Updated monolog/monolog from 1.24.0 to 2.2.0.
* Upgrade mediawiki-codesniffer from 28.0.0 to 38.0.0.
* Updated composer/spdx-licenses from 1.5.1 to 1.5.3.
* Updated monolog/monolog from 1.25.2 to 1.25.3.
* Updated qunit from 2.9.1 to 2.10.0.
* Updating wikimedia/testing-access-wrapper from 1.0.0 to 2.0.0.
* Updated seld/jsonlint from 1.7.1 to 1.8.3.
==== Removed external libraries ====
* phpunit/php-invoker (dev-only).
Removing this unbreaks development on Windows systems, in exchange for losing
time limits in running unit tests.
* The jquery.getAttrs module was removed.
=== Action API changes in 1.35 ===
* The 'suggest' parameter of action=opensearch has been deprecated.
The API behaves the same with and without this parameter.
It was previously used by $wgEnableOpenSearchSuggest to partially
disable the API if set to false. Specifically, it would deny internal
frontend requests carrying this parameter, whilst accepting other requests.
* Integer-type parameters are now validated for syntax rather than being
interpreted in surprising ways. For example, the following will now return a
badinteger error:
- "1.9" (formerly interpreted as "1")
- " 1" (formerly interpreted as "1")
- "1e1" (formerly interpreted as "1" or "10", depending on the PHP version)
- "1foobar" (formerly interpreted as "1")
- "foobar" (formerly intepreted as "0")
parameters. Ranges should be assumed to be enforced.
* Many user-type parameters now accept a user ID, formatted like "#12345".
* The 'assert' parameter used by all API modules now supports the value 'anon'.
When specified, the API will return the 'assertanonfailed' error if the user
is logged in.
* action=edit now supports the 'baserevid' parameter for edit conflict
detection, as an alternative to 'basetimestamp'. Note that self-conflicts
will continue to be ignored if 'basetimestamp' is set, but not if only
'baserevid' is set.
* A new module was added to change the content model of existing pages.
Use action=changecontentmodel. Unlike Special:ChangeContentModel, the api
module does not work for pages that do not already exist.
* If $wgWatchlistExpiry is true, the following API changes are made:
- action=watch accepts a new 'expiry' parameter analagous to the expiry
accepted by action=userrights, action=block, etc., except it must be no
greater than $wgWatchlistExpiryMaxDuration, or an infinity value.
- action=query&list=watchlistraw returns pages' watchlist expiry dates.
* (T249526) action=login will now return Failed rather than NeedToken on
session loss.
=== Action API internal changes in 1.35 ===
* The Action API now uses the Wikimedia\ParamValidator library for parameter
validation, which brings some new features and changes. For the most part
existing module code should work as it did before, but see subsequent notes
for changes.
- The values for all ApiBase PARAM_* constants have changed. Code should have
been using the constants rather than hard-coding the values.
- Several ApiBase PARAM_* constants have been deprecated, see the in-class
documentation for details. Use the equivalent ParamValidator constants
instead.
- The value returned for 'upload'-type parameters has changed from
WebRequestUpload to Psr\Http\Message\UploadedFileInterface.
* Validation of 'user'-type parameters is more flexible. PARAM constants exist
to specify the type of "user" allowed and to request UserIdentity objects
rather than name strings. The default is to accept all types (name, IP,
range, and interwiki) that were formerly accepted.
* Maximum limits are no longer ignored in "internal mode".
* The $paramName to ApiBase::handleParamNormalization() should now include the
prefix.
* (T245931) meta=siteinfo&siprop=interwikimap no longer reports language or
extralanglink when $wgInterwikiMagic is false.
=== Languages updated in 1.35 ===
MediaWiki supports over 350 languages. Many localisations are updated regularly.
Below only new and removed languages are listed, as well as changes to languages
because of Phabricator reports.
* The default targets for the ISBN search from Special:BookSources in English
have been updated for better international suppport. They will now be
BetterWorldBooks.com, OpenLibrary.org and Worldcat.org.
* (T237672) Changed the Moroccan Arabic language (ary) to the Arabic script.
* (T201269) Added language support for Amis (ami).
* (T248299) Added language support for Inari Sami (smn).
* (T251369) Added language support for Ladin (lld).
* (T251369) Added language support for Seediq (trv), also known as Taroko.
* (T254854) Added language support for Southern Altay (alt).
=== Breaking changes in 1.35 ===
* MediaWiki no longer supports PHP 7.2; use PHP 7.3.19+ (T228346, T257879).
* ResourceLoader::getLessVars(), deprecated in 1.32, was removed.
Use ResourceLoaderModule::getLessVars() instead.
* The jquery.tabIndex module, deprecated in 1.34, has been removed.
* The mediawiki.RegExp module alias, deprecated in 1.34, was removed.
Use the mediawiki.util module instead.
* The easy-deflate.inflate module, unused since 1.32, was removed.
* The easy-deflate.deflate module was removed. Use the mediawiki.deflate
module instead.
* The mediawiki.notify module was removed. The mw.notify() shortcut is now
available by default, without any dependency.
* (T219604) The "jquery.ui.*" and "jquery.effects.*" module aliases,
deprecated in 1.34, have been removed. Use "jquery.ui" instead.
* (T235457) The "user.tokens" module has been removed.
Use "user.options" instead.
* (T251855) The mw.Map#exists method in JavaScript no longer supports checking
multiple keys. This affects mw.config.exists() and mw.user.tokens.exists().
* The internal variable $constructorOptions for the Parser & SpecialPageFactory,
exposed only for integration purposes, are now each replaced by a const called
CONSTRUCTOR_OPTIONS. This was a breaking change made without deprecation.
* ObjectCache::getWANInstance, deprecated in 1.34, was removed.
Use MediaWikiServices::getMainWANObjectCache instead.
* ObjectCache::newWANCacheFromParams, deprecated in 1.34, was removed.
Construct WANObjectCache directly instead, or use MediaWikiServices.
* (T231366) The ProfilerOutputDb class and profileinfo.php entry point,
deprecated in 1.34, was removed.
* SiteConfiguration->localVHosts, deprecated in 1.25, was removed.
Use $wgLocalVirtualHosts instead.
* The $wgContLanguageCode read-only variable was removed.
It has been a non-configurable copy of $wgLanguageCode since MW 1.8 (2006).
Use $wgLanguageCode directly instead.
* ApiQueryUserInfo::getBlockInfo, deprecated in 1.34, was removed. Use
ApiBlockInfoTrait::getBlockDetails instead.
* Password::equals(), deprecated in 1.33, was removed. Use Password::verify().
* QuickTemplate::setRef(), deprecated in 1.31, was removed. Use set().
* The mediawiki.ui.text module, deprecated in 1.28 and unused, was removed.
* AbstractBlock::mReason, deprecated in 1.34, is no longer public.
* The GetBlockedStatus and UserIsHidden, deprecated in 1.34, has been removed.
Instead, use the GetUserBlock hook.
* As part of work to replace the Parser, a large number of breaking changes have
been made, principally in related methods and properties being removed or made
private:
- disableCache(), deprecated in 1.28.
- serializeHalfParsedText() and the helpers unserializeHalfParsedText(),
isValidHalfParsedText(), and StripState::getSubState() and
StripState::merge(), all deprecated in 1.31. The helper functions
LinkHolderArray::mergeForeign() and LinkHolderArray::getSubArray()
were also removed.
- getConverterLanguage(), deprecated in 1.32. Use getTargetLanguage() instead.
- A large set of methods exposed only for historical reasons, deprecated in
1.34, have now been removed or made private:
- areSubpagesAllowed()
- armorLinks()
- createAssocArgs()
- doAllQuotes()
- doDoubleUnderscore()
- doHeadings()
- doMagicLinks()
- formatHeadings()
- getImageParams()
- getVariableValue()
- initialiseVariables()
- makeKnownLinkHolder()
- maybeDoSubpageLink()
- parseLinkParameter()
- replaceExternalLinks()
- replaceInternalLinks()
- replaceInternalLinks2()
- replaceLinkHoldersText().
- splitWhitespace()
- stripAltText()
- testPreprocess()
- testPst()
- testSrvus()
- incrementIncludeSize(), setTransparentTagHook(), replaceTransparentTags(),
and $mTransparentTagHooks have been removed without deprecation.
- The following constants have been made private without deprecation:
- ::EXT_LINK_ADDR
- ::EXT_IMAGE_REGEX
- ::SPACE_NOT_NL
- The following properties have been removed without deprecation:
- ::$mDefaultStripList
- ::$mIncludeCount
- ::$mRevIdForTs
- The following properties have been made private without deprecation:
- ::$mFunctionSynonyms
- ::$mFunctionTagHooks
- ::$mStripList
- ::$mVarCache
- ::$mImageParams
- ::$mImageParamsMagicArray
- ::$mSubstWords
- ::$mVariables
- ::$mConf (deprecated in 1.34)
- ::$mExtLinkBracketedRegex
- ::$mUrlProtocols
- ::$mAutonumber
- ::$mLinkHolders
- ::$mDefaultSort
- ::$mTplRedirCache
- ::$mForceTocPosition
- ::$mTplDomCache
- ::$mOutputType
- ::$mLangLinkLanguages
- ::$currentRevisionCache
- ::$mProfiler
- ::$mLinkRenderer
- Parser::getTitle() will now throw a TypeError if $mTitle is uninitialized.
This use pattern was deprecated in 1.34.
- ContentHandler::makeParserOptions(), deprecated in 1.32, was removed. Use
WikiPage::makeParserOptions() or ParserOptions::newCanonical() instead.
- The ParserAfterUnstrip hook, believed to be unused, was removed without
deprecation.
- Preprocessor_DOM and related classes, deprecated in 1.34, have been removed.
Consequently, the related ParserOptions::getMaxGeneratedPPNodeCount() and
::setMaxGeneratedPPNodeCount() have been removed without deprecation.
- The support for the old signature for ParserFactory::__construct, which was
deprecated in 1.34, has been removed.
- Parser::getDefaultPreprocessorClass(), deprecated in 1.34, has been removed.
* MediaWikiTestCase::prepareServices(), deprecated in 1.32, has been removed
* The method ContentHandler::getSlotDiffRendererInternal is replaced with
ContentHandler::getSlotDiffRendererWithOptions. This breaks consumers which
call parent::getSlotDiffRendererInternal (no instances of which are known).
* TextContent::getHighlightHtml, deprecated since 1.24, has been removed. Use
TextContent::getHtml instead.
* ExtensionRegistry::load(), deprecated in 1.34, was removed. Instead, use
ExtensionRegistry::queue().
* MWMessagePack class, deprecated in 1.34, was removed.
* The cdb.php maintenance script was removed. Use the 'cdb' command from the
wikimedia/cdb library instead.
* User::addNewUserLogEntryAutoCreate, deprecated in 1.27, was removed.
* FileBasedSiteLookup class, deprecated in 1.33, was removed.
* The wfGlobalCacheKey global function, deprecated in 1.30, was removed.
* The APCBagOStuff class was removed. MediaWiki requires PHP 7.2+ (support
for HHVM was dropped) and these versions of PHP only support apcu. The default
"apc" entry in $wgObjectCaches now refers to APCUBagOStuff.
* Database::bufferResults(), deprecated in 1.34, has been removed.
* CannotReplaceActiveServiceException, ContainerDisabledException,
DestructibleService, NoSuchServiceException, SalvageableService,
ServiceAlreadyDefinedException, ServiceContainer and ServiceDisabledException
in the global namespace, deprecated in 1.33, were removed. Use the classes in
the MediaWiki\\Services namespace instead.
* The following methods in the Interwiki class were removed: ::fetch(),
::isValidInterwiki(), ::invalidateCache(), and ::getAllPrefixes().
* The UsersMultiselectWidget config 'allowArbitrary' is now false by default. To
accept arbitrary entries, pass in true for this config.
* OutputPage::parse() and OutputPage::parseInline(), deprecated in 1.32, have
been removed. Use ::parseAsContent() or ::parseAsInterface(), as
appropriate.
* WikiPage::selectFields, deprecated in 1.31, was removed. Use ::getQueryInfo.
* The remaining static methods for MagicWord, deprecated in 1.32, were removed.
These were MagicWord::get(), ::getSubstIDs(), ::getDoubleUnderscoreArray(),
::getVariableIDs(), and ::getCacheTTL(). Instead, use MagicWordFactory (via
MediaWikiServices).
* ApiBase::checkTitleUserPermissions no longer accepts a User as the third
parameter. Passing a user was deprecated in 1.33.
* Sanitizer::setupAttributeWhitelist() and Sanitizer::attributeWhitelist(),
deprecated in 1.34, have been removed. They should not have been public.
* Passing a sequential array as the second parameter to
Sanitizer::validateAttributes() has been deprecated; use an associative
array where keys are the allowed attributes.
* The $warnCallback parameter to Sanitizer::removeHTMLtags, deprecated since
its introduction in 1.28, has been removed.
* SpecialRecentChanges::filterByCategories(), deprecated in 1.31, was removed.
* The `ArticleContentViewCustom` hook, deprecated in 1.32, was removed.
* AuthManager::callLegacyAuthPlugin, deprecated in 1.33, was removed.
* wfGetMessageCacheStorage was removed without deprecation.
* Title::moveSubpages, deprecated in 1.34, was removed. Use the MovePage class
and MovePage::moveSubpages instead.
* Article::doEditContent, deprecated in 1.29, was removed. Instead, use
WikiPage::doEditContent.
* CommentStore::newKey, deprecated in 1.31, was removed.
* EditPage::$hookError was changed from public to private.
* Title::isValidMoveOperation, ::moveTo, and ::isValidMoveTarget, deprecated
in 1.25, were removed. Use the MovePage class and its methods instead.
* Title::getUserCaseDBKey(), deprecated in 1.33, was removed. Use ::getDBkey().
* StringUtils::explodeMarkup() was removed without deprecation.
* AjaxResponse methods that were unused have been removed without deprecation:
- checkLastModified
- loadFromMemcached
- storeInMemcached
- setCacheDuration
- setVary
* ApiDelete::delete and ::deleteFile, both of which were protected methods,
have been made private to allow a signature change.
* HistoryPager::revLink, ::curLink, ::lastLink, and ::diffButtons, which had
no visibilities defined, have been made private to allow signature changes.
* SpecialNewpages::revisionFromRcResult, which previously was protected, has
been made private to allow a signature change.
* DifferenceEngine::$mOldRev and $mNewRev, deprecated for public access in
1.32, have been removed.
* DifferenceEngine::revisionDeleteLink, which was previosuly protected, has
been made private to allow a signature change.
* DifferenceEngine::getParserOutput, which is protected, has had a breaking
signature change: the second parameter must be a RevisionRecord object,
rather than a Revision object.
* WikiPage::setLastEdit, which was previously protected, has been made
private to allow a signature change.
* Skin::getSkinNameMessages() deprecated in 1.34, has been removed.
* Skin::escapeSearchLink() deprecated in 1.34, has been removed, use
Skin::getSearchLink() instead.
* Skin::shouldPreloadLogo() deprecated in 1.32, has been removed.
* Revision::loadFromId and RevisionStore::loadRevisionFromId have been
removed.
* OutputPage::parserOptions doesn't accept an $options parameter anymore.
* MessageCache::getParserOptions previously did not have a visibility set.
It has been made private.
* SpecialUndelete::showDiff previously did not have a visibilty set. It
hav been made private to allow a signature change.
* The Skin no longer loads the "mediawiki.legacy.shared" or
"mediawiki.legacy.commonPrint" modules. The legacy shared styles must now
be loaded by the skin explicitly, either inherited via the
"mediawiki.skinning.*" modules, or by making your skin's main styles
module use the ResourceLoaderSkinModule class with the "legacy" attribute.
See Vector and Monobook for examples.
* Passing an ApiMain to the constructor of ApiResult is no longer supported.
This was deprecated in 1.25.
* ResourceLoaderWikiModule::invalidateModuleCache has been declared to
be @internal as part of a signature change. No known uses exist outside
of MediaWiki core.
* The ArticleAfterFetchContentObject hook, deprecated in 1.32, was removed.
Use ArticleRevisionViewCustom to control output.
* DatabaseBlock::isValid, deprecated in 1.33, was removed.
* HTMLUserTextField and HTMLUsersMultiselectField previously implied
required=true when exists=true. Form fields that use exists=true should also
set required=true if they are required.
* In DatabaseUpdater, the following methods are no longer public: dropTable(),
modifyTable(), modifyField(), runMaintenance(), copyFile(), appendLine().
In PostgresUpdater, the following methods are no longer public:
addPgEnumValue(), addPgIndex(), addPgExtIndex(). This change was made without
deprecation due to immediate danger of data corruption and loss, see T157651.
Extensions should instead use dropExtensionTable(),
modifyExtensionExtensionTable(), modifyExtensionField(), addExtensionUpdate().
The addExtensionUpdate() method can still be used to access any of the
protected methods on DatabaseUpdater.
* ResourceLoader no longer provides the (always-true) variables for wgEnableAPI
and wgEnableWriteAPI; they were deprecated in MediaWiki 1.31 and removed from
the PHP environment in MediaWiki 1.32.
* The wfSetupSession global function, deprecated in 1.27, was removed. Use the
persist() method of the right MediaWiki\Session\SessionManager object instead.
* The wfIsHHVM global function, deprecated in 1.34, was removed.
* GenderCache::doTitlesArray no longer accepts string values in its $titles
array parameter. Use Title objects (or other LinkTarget) instead.
* Unused CommentStore::MAX_COMMENT_LENGTH has been removed.
* User::checkTemporaryPassword() and User::checkPassword(), deprecated in 1.27,
were removed. Use AuthManager instead.
* All constants and class functions now have explicit visibility modifiers. This
means, per [[mw:Stable interface policy]], that these should now be considered
stable. This also helps MW align with PSR 2 and PSR 12. This was done based on
audits of the corpus of skins and extensions hosted in Gerrit. If you find any
that you need to be less restrictive (i.e. public or protected), please report
these so that we can re-evaluate or suggest workarounds.
* BaseTemplate::msgWiki(), deprecated in 1.33, was removed. Use ->msg() or
->getMsg() instead.
* QuickTemplate::msgWiki(), deprecated in 1.33, was removed. Use ->msg()
instead.
* WebInstaller::getErrorBox() and ::getWarningBox(), deprecated in 1.34,
were removed. Use Html::errorBox() or ::warningBox() instead.
* SpecialVersion::getExtensionCredits() and SpecialVersion::getSkinCredits()
have become private without deprecation.
* As part of the migration to a new hook system (T240307), the following classes
now require an additional HookContainer constructor parameter:
- AuthManager
- BadFileLookup
- BlockManager
- ClassicInterwikiLookup
- ContentHandlerFactory
- ContentSecurityPolicy
- DefaultOptionsManager
- DerivedPageDataUpdater
- FullSearchResultWidget
- HtmlCacheUpdater
- LanguageFactory
- LanguageNameUtils
- LinkRenderer
- LinkRendererFactory
- LocalisationCache
- MagicWordFactory
- MessageCache
- NamespaceInfo
- PageEditStash
- PageHandlerFactory
- PageUpdater
- ParserFactory
- PermissionManager
- RevisionStore
- RevisionStoreFactory
- Router
- SearchEngineConfig
- SearchEngineFactory
- SearchFormWidget
- SearchNearMatcher
- SessionBackend
- SpecialPageFactory
- UserNameUtils
- UserOptionsManager
- WatchedItemQueryService
- WatchedItemStore
* The following classes now require setHookContainer() to be called after
construction:
- AuthenticationProvider
- ResourceLoaderModule
- SearchEngine
* The parameters to ChronologyProtector::getTouched() and
ILBFactory::getChronologyProtectorTouched() were changed without backwards
compatibility.
* The deprecated $blacklist parameter to wfIsBadImage() has been removed.
* SpecialBlock::checkUnblockSelf no longer accepts an integer representing
an user ID as part of ongoing refactoring of SpecialBlock class.
* User::setInternalPassword() and User::setPassword(), deprecated in 1.27, have
been removed. Use User::changeAuthenticationData() instead.
* User::selectFields(), deprecated in 1.31, has been removed. Use
User::getQueryInfo() instead.
* The "legacy" serialization type in RESTBagOStuff, deprecated in 1.34,
has been removed.
* The populateContentModel.php maintenance script was removed. It has
been replaced by the populateContentTables.php script.
* The findHooks.php maintenance script, for the old hooks system, was removed.
* (T257278) Calling MediaWiki\Shell\Command::restrict() will now overwrite
any previous restrictions rather than adding to them, making it possible to
disable the default restrictions.
=== Deprecations in 1.35 ===
* The PHPUnit4And6Compat class, used to provide compatibility with PHPUnit 4, is
now deprecated. MediaWiki support for PHPUnit 4 ended with the removal of HHVM
support.
* LockManagerGroup::getDefault() and LockManagerGroup::getAny() are deprecated.
They seem to be unused. Just use get() directly, and catch any exception.
* AbstractBlock::getPermissionsError and AbstractBlock::getBlockErrorParams are
deprecated. Use BlockErrorFormatter::getMessage instead.
* The IP class is deprecated. Please instead use the Wikimedia\IPUtils class
from the new wikimedia/ip-utils library instead. Additionally, the RE_IP_*
constants are also deprecated. RE_IP_BYTE can be replaced with a class
constant on the IPUtils class, while the others will eventually be made
private.
* The following Language methods are deprecated: getFallbackFor,
getFallbacksFor, getFallbacksIncludingSiteLanguage. Use the corresponding new
methods on the LanguageFallback class: getFirst, getAll, and
getAllIncludingSiteLanguage.
* FileJournal::factory is deprecated. Use the constructor directly instead.
* AbstractBlock methods setBlocker(), getBlocker() are deprecated and will
become internal implementation of DatabaseBlock.
* Title::countRevisionsBetween has been deprecated and moved into RevisionStore.
* FileBackendGroup::singleton() is deprecated. Use MediaWikiServices instead.
* FileBackendGroup::destroySingleton() is deprecated. Test frameworks should
instead reset MediaWikiServices between test runs.
(MediaWikiIntegrationTestCase does this automatically.)
* GenderCache::singleton(), deprecated in 1.28, is hard deprecated. Use
MediaWikiServices::getGenderCache() instead.
* MediaWikiIntegrationTest::setContentLang() has been deprecated. Use
setMwGlobals( 'wgLanguageCode', 'xxx' ) to set a different site language
code, or setService( 'ContentLanguage', $myObj ) to set a specific Language
object. Service resets and $wgContLang will be handled automatically.
* MediaWikiIntegrationTest::assertType() has been deprecated, as part of the
work to move to PHPUnit 8; PHPUnit's assertInternalType() was deprecated, and
will be removed in PHPUnit 9. MediaWikiIntegrationTest::assertTypeOrValue(),
a wrapper for assertType(), has been removed immediately, without deprecation.
* AbstractBlock::getReason is deprecated, since reasons are actually stored as
CommentStoreComments, and getReason returns a string with no caller control
over language or formatting. Instead use AbstractBlock::getReasonComment,
which returns the CommentStoreComment.
* The global function wfGetRusage() is deprecated and will now always call the
getrusage() function without checking for its existence.
* The properties User::mBlock, User::mBlockedby and User::mHideName are
deprecated. Instead, use User::getBlock to get the block, then use
AbstractBlock::getByName or AbstractBlock::getHideName.Use the GetUserBlock
hook to set, unset or modify a block, including hiding or unhiding a user.
* Directly calling the MergeHistory constructor is deprecated. Instead, use the
new MergeHistoryFactory class.
* Language::factory() and Language::getParentLanguage() are deprecated, and so
is directly calling the Language constructor. Use the new LanguageFactory
class instead.
* Language::classFromCode() is deprecated. There is no reason it should be used
outside the Language class itself.
* Language::clearCaches() is deprecated. Instead, reset all services and set
Language::$mLangObjCache = [].
* The following functions from Language class are deprecated in favour of
respective functions in LanguageConverter:
- autoConvert
- autoConvertToAllVariants
- convert
- convertTitle
- convertNamespace
- hasVariants
- hasVariant
- convertHtml
- convertCategoryKey
- getVariants
- getPreferredVariant
- getURLVariant
- findVariantLink
- getExtraHashOptions
- updateConversionTable
* Language::classFromCode() is hard deprecated and should be removed in 1.36
* Language::getConverter() is deprecated and should be removed in 1.36
* Language::MESSAGES_FALLBACKS, Language::STRICT_FALLBACKS were deprecated.
Use LanguageFallback::MESSAGES and LanguageFallback::STRICT respectively
* Language::$mLangObjCache is deprecated and should be removed in 1.36. Use
MediaWikiServices instead to get a LanguageFactory.
* Language::getMessagesFor(), getMessageFor(), and getMessageKeysFor() are
deprecated. Use LocalisationCache's getItem(), getSubitem(), and
getSubitemList() methods directly.
* OutputPage::getCSPNonce() is deprecated, use OutputPage::getCSP()->getNonce()
instead.
* DerivedPageDataUpdater::prepareUpdate accepted as its second parameter an
optional array of options. Specifying the value of the `oldrevision` key of
the array to be a Revision object, rather than a RevisionRecord object, is
hard deprecated. The same applies to the options parameter in
WikiPage::doEditUpdates.
* Skin::makeI18nUrl() and makeNSUrl() have been deprecated, no longer used.
* Title::countAuthorsBetween and Title::getAuthorsBetween were hard deprecated.
Use respective methods in RevisionStore instead.
* Remove deprecated SkinCopyrightFooter &$forContent parameter
* The following Language class static variables have been replaced with
constants and deprecated: $mWeekdayMsgs, $mWeekdayAbbrevMsgs, $mMonthMsgs,
$mMonthGenMsgs, $mMonthAbbrevMsgs, $mIranianCalendarMonthMsgs,
$mHebrewCalendarMonthMsgs, $mHebrewCalendarMonthGenMsgs,
$mHijriCalendarMonthMsgs and $durationIntervals.
* As part of dropping security support for IE 6 and IE 7,
WebRequest::checkUrlExtension() has been deprecated, and now always returns
true.
* The following ApiBase::PARAM_* constants have been deprecated in favor of
equivalent ParamValidator constants: PARAM_DFLT, PARAM_ISMULTI, PARAM_TYPE,
PARAM_MAX, PARAM_MAX2, PARAM_MIN, PARAM_ALLOW_DUPLICATES, PARAM_DEPRECATED,
PARAM_REQUIRED, PARAM_SUBMODULE_MAP, PARAM_SUBMODULE_PARAM_PREFIX, PARAM_ALL,
PARAM_EXTRA_NAMESPACES, PARAM_SENSITIVE, PARAM_DEPRECATED_VALUES,
PARAM_ISMULTI_LIMIT1, PARAM_ISMULTI_LIMIT2, PARAM_MAX_BYTES, PARAM_MAX_CHARS.
* ApiBase::explodeMultiValue() is deprecated. Use
ParamValidator::explodeMultiValue() instead.
* ApiBase::parseMultiValue() is deprecated. No replacement is provided;
generally this sort of thing should be handled by fully validating the
parameter.
* ApiBase::validateLimit() and ApiBase::validateTimestamp() are deprecated.
Use ApiParamValidator::validateValue() with an appropriate settings array
instead.
* ContentHandler (use ContentHandlerFactory):
- getForTitle
- getForContent
- getForModelID
- getContentModels
- getAllContentFormats
- protected $handler (not need anymore)
- cleanupHandlersCache (not need anymore)
* (T212738) The $wgVersion global is deprecated; instead, use MW_VERSION.
* $wgMemc is deprecated, use MediaWikiServices::getLocalServerObjectCache()
instead.
* ObjectCache::detectLocalServerCache() is deprecated, instead use
MediaWikiServices::getLocalServerObjectCache() or
ObjectCache::makeLocalServerCache().
* ImagePage::getImageLimitsFromOptions() is deprecated. Use static function
MediaFileTrait::getImageLimitsFromOptions() instead.
* As part of work to replace the Parser, alongside the breaking changes listed
above, a large number of deprecations changes been made, to simplify the API
or because they will not be supported in replacement:
- Parser::doBlockLevels() (and BlockLevelPass class has been marked @internal)
- Parser::setFunctionTagHook()
- Parser::attributeStripCallback()
- Parser::fetchTemplate() - use Parser::fetchTemplateAndTitle() instead.
- Parser::enableOOUI() - use $parser->getOutput()->enableOOUI() instead.
- LinkHolderArray has been deprecated for public usage and will be
internal part of parser.
- The following parser-related hooks have been deprecated:
- InternalParseBeforeSanitize
Use an alternative hook which doesn't expose internal half-parsed state,
like ParserBeforeInternalParse or ParserAfterTidy
- ParserFetchTemplate
Use BeforeParserFetchTemplateAndTitle
- ParserSectionCreate
No replacement; <section> tag wrapping will be done by core in future.
- BeforeParserrenderImageGallery
No replacement; MediaHandler provides for customizable media rendering
- ParserBeforeTidy
Use ParserAfterTidy instead to avoid exposing internal half-parsed state
- ParserBeforeStrip
No replacement; stripping is no longer supported.
- ParserAfterStrip
No replacement; stripping is no longer supported.
- The accessor/mutator methods Parser::Options(), Parser::OutputType(), and
Parser::Title() have been deprecated; use the appropriate Parser::get* or
Parser::set* methods instead.
- Parser::firstCallInit() has been deprecated. The parser is initialized
fully on construction and so ::firstCallInit() no longer has any effect
when manually invoked.
- ParserOptions::setAllowExternalImages(), ::setAllowExternalImagesFrom(),
and ::setEnableImageWhitelist() have been deprecated. Future parsers
will not allow per-parser configuration of image filtering; use
site configuration instead.
- ParserOptions::getTidy() and ParserOptions::setTidy() have been deprecated.
These options no longer have any effect.
- Most methods of MWTidy, except for MWTidy::tidy(), have been deprecated;
tidiness is always enabled and not configurable.
- Version 1 of the parserTests file format has been deprecated. You'll need to
update your parser tests to version 2, which uses Remex tidy on all test
output by default. Support for parser tests with Remex tidy off will later
be removed entirely.
- $wgParser — This global variable, soft deprecated in 1.32, has now been hard
deprecated. Use MediaWikiServices::getInstance()->getParser() instead.
(T160811)
* The signature of DefaultPreferencesFactory::__construct has been changed:
- LanguageConverter $languageConverter has been added.
and its usage with old arguments is hard deprecated.
* The public usage of the following properties of LanguageConverter have been
deprecated as there is no reason they should be used outside the
LanguageConverter class and will be changed from public to private:
- mLangObj
- mUcfirst
- mConvRuleTitle
- mURLVariant
- mUserVariant
- mHeaderVariant
- mMaxDepth
- mVarSeparatorPattern
changed from public to protected:
- mTables
* The ArticleEditUpdatesDeleteFromRecentchanges hook has been deprecated. Please
use the RecentChange_save hook or similar instead.
* The ArticleEditUpdates hook has been deprecated. Please
use the RevisionDataUpdates hook or similar instead.
* The SkinTemplatePreventOtherActiveTabs and SkinTemplateTabAction hooks have
been hard deprecated. Please use the SkinTemplateNavigation__Universal hook
instead.
* ResourceLoaderFileModule::compileLessFile() has been deprecated, use
ResourceLoaderFileModule::compileLessString() instead
* The SquidPurgeClient and SquidPurgeClientPool classes have been deprecated.
Use MultiHttpClient or HtmlCacheUpdater instead.
* MimeAnalyzer::getExtensionsForType() and ::getTypesForExtensions() were
deprecated in favor of MimeAnalyzer::getExtensionsFromMimeType() and
::getMimeTypesFromExtension(), respectively. The new methods return arrays
rather than strings.
* Calling Action::factory and Action constructor with WikiPage has been
hard deprecated. Caller must provide an Article instance.
* ApiTestCase::doLogin, soft deprecated in 1.31, was hard deprecated.
* WebRequest::getLimitOffset is hard deprecated. Instead, use
::getLimitOffsetForUser and pass a User object.
* PageArchive::getPreviousRevision is hard deprecated. Instead, use the new
::getPreviousRevisionRecord method.
* PageArchive::getArchivedRevision is hard deprecated. Instead, use the new
::getArchivedRevisionRecord method.
* PageArchive::undelete is hard deprecated. Instead, use ::undeleteAsUser
and pass a User object.
* PageArchive::getRevision is hard deprecated.
* EditPage::getBaseRevision was hard deprecated. Instead, use the new
::getExpectedParentRevision method.
* The public variable EditPage::$mBaseRevision was hard deprecated.
* FileDeleteForm previously did not accept a user parameter in its constructor,
instead relying on the global $wgUser. A user parameter has been added,
and //not// providing a user is deprecated. There are no known callers
outside of mediawiki core.
* AuthManager::singleton() has been deprecated. Use
MediaWikiServices::getInstance()->getAuthManager() instead.
* ContribsPager::tryToCreateValidRevision is hard deprecated. Instead, use
ContribsPager::tryCreatingRevisionRecord.
* The following functions all accept an optional user parameter. Not passing a
user is hard deprecated, and support for calling them without passing a user
will be removed in 1.36:
- Title::getNotificationTimestamp (note however that the method is deprecated
in its entirely in favor of the new WatchlistNotificationManager service)
- PatrolLog::record
- LogEventsList::userCan
- LogEventsList::userCanBitfield
- LogEventsList::userCanViewLogType
- LogPage::addEntry
- FileDeleteForm::doDelete
- OldLocalFile::userCan
- ArchivedFile::userCan
- File::userCan
* The following functions all accept an optional audience parameter and
an optional user parameter. If the audience is FOR_THIS_USER and no
user is passed, they fallback to $wgUser. Not passing a user when
one is needed is deprecated
- LogEventsList::getExcludeClause
- WikiPage::getComment
- WikiPage::getCreator
- WikiPage::getUser
- WikiPage::getUserText
* UploadBase::checkWarnings now accepts a User parameter; not providing a
user is soft deprecated.
* Article::insertProtectNullRevision and WikiPage::insertProtectNullRevision
were hard deprecated. Instead, use WikiPage::insertNullProtectionRevision.
* Article::doDeleteArticle, Article::doDeleteArticleReal, and
WikiPage::doDeleteArticle are all deprecated. Instead, use
WikiPage::doDeleteArticleReal.
* Article::getComment is deprecated. Instead, use WikiPage::getComment.
* Article::getCreator is deprecated. Instead, use WikiPage::getCreator.
* Article::updateRevisionOn() and ::updateIfNewerOn(), and
WikiPage::updateIfNewerOn() are deprecated. Instead, use
WikiPage::updateRevisionOn().
* Article::getUser is deprecated. Instead, use WikiPage::getUser.
* Article::getUserText is deprecated. Instead, use WikiPage::getUserText.
* Article::prepareContentForEdit is hard deprecated. Instead, use
WikiPage::prepareContentForEdit.
* WikiPage::prepareContentForEdit previously accepted either a Revision or a
RevisionRecord object as its optional second parameter. Passing a Revision
is now hard deprecated.
* Article::getUndoContent and WikiPage::getUndoContent are hard deprecated.
Instead, use ContentHandler::getUndoContent.
* Passing Revision objects to ContentHandler::getUndoContent is hard deprecated.
Instead, pass the associated Content objects, as well as whether the undo is
from the current revision.
* Article::doDeleteUpdates and ::doEditUpdates are deprecated. Instead,
use WikiPage::doDeleteUpdates and ::doEditUpdates.
* WikiPage::doEditUpdates previously accepted a Revision object as its first
parameter. It now accepts RevisionRecord objects, and passing Revision
objects is deprecated.
* Article::getRevisionFetched is deprecated. Instead, use the
fetchRevisionRecord method, which has been converted from protected to
public.
* LocalFileDeleteBatch was migrated to a new constructor signature with the
user as the second parameter. Support for the old signature is hard
deprecated, and once removed the user parameter will be required. At the
same time, a number of file-deletion related methods were updated
- File::delete is hard deprecated in favor of the new ::deleteFile
- LocalFile::delete is hard deprecated in favor of the new ::deleteFile
- LocalFile::deleteOld is hard deprecated in favor of the new ::deleteOldFile
- ForeignDBFile::delete is hard deprecated in favor of the new ::deleteFile
* File::recordUpload (along with the respective methods in the LocalFile and
ForeignDBFile classes) is hard deprecated, and LocalFile::recordUpload2 is
soft deprecated. Use the new LocalFile::recordUpload3, which has a different
signature and requires that a User parameter is passed.
* The SpecialPageFactory class was moved from the MediaWiki\Special namespace
to the MediaWiki\SpecialPage namespace. The old location remains as a
deprecated alias.
* Title::userCan, ::quickUserCan, and ::getUserPermissionsErrors, which
were deprecated in 1.33, were hard deprecated. Instead, use
PermissionManager::userCan, ::quickUserCan, and ::getPermissionErrors.
* All methods of the old SpecialPageFactory, deprecated in 1.32, were hard
deprecated. Instead, get a SpecialPageFactory from MediaWikiServices and
use its methods.
* User::updateNewtalk now accepts as its optional third parameter a
RevisionRecord object; passing a Revision is hard deprecated.
* User::getNewMessageRevisionId and ::getNewMessageLinks were hard deprecated.
* DifferenceEngine::getRevisionHeader now accepts a RevisionRecord as its
first parameter; passing a Revision is hard deprecated.
* WikiPage::doDeleteUpdates now accepts as its optional third parameter
a RevisionRecord object; passing a Revision is hard deprecated.
* WikiPage::onArticleEdit now accepts as its optional second parameter
a RevisionRecord object; passing a Revision is hard deprecated.
* Global $wgUser variable was soft deprecated.
* The Revision class was soft deprecated entirely in 1.31. All methods
have now been individually hard deprecated:
- ::__construct - create MutableRevisionRecord objects instead
- ::newFromId - use RevisionLookup::getRevisionById instead
- ::newFromTitle - use RevisionLookup::getRevisionByTitle instead
- ::newFromPageId - use RevisionStore::getRevisionByPageId instead
- ::newFromArchiveRow - use RevisionFactory::newRevisionFromArchiveRow
- ::newFromRow - use RevisionStore::newRevisionFromRow instead
- ::loadFromPageId - use RevisionStore::getRevisionByPageId instead
- ::loadFromTitle - use RevisionStore::getRevisionByTitle instead
- ::loadFromTimestamp - use RevisionStore::getRevisionByTimestamp instead
- ::getQueryInfo - use RevisionStore::getQueryInfo instead
- ::getArchiveQueryInfo - use RevisionStore::getArchiveQueryInfo instead
- ::getParentLengths - use RevisionStore::getRevisionSizes instead
- ::getRevisionRecord - no replacement
- ::getId - use RevisionRecord::getId instead
- ::setId - use MutableRevisionRecord::setId instead
- ::setUserIdAndName - use MutableRevisionRecord::setUser instead
- ::getTextId - use SlotRecord::getContentAddress for retrieving an actual
content address, or RevisionRecord::hasSameContent to compare content
- ::getParentId - use RevisionRecord::getParentId instead
- ::getSize - use RevisionRecord::getSize instead
- ::getSha1 - use RevisionRecord::getSha1 instead
- ::getTitle - use RevisionRecord::getPageAsLinkTarget instead
- ::setTitle - the method was previously a no-op
- ::getPage - use RevisionRecord::getPageId instead
- ::getUser - use RevisionRecord::getUser and then User::getId instead
- ::getUserText - use RevisionRecord::getUser and then User::getName instead
- ::getComment - use RevisionRecord::getComment instead
- ::isMinor - use RevisionRecord::isMinor instead
- ::isUnpatrolled - use RevisionStore::getRcIdIfUnpatrolled instead
- ::getRecentChange - use RevisionStore::getRecentChange instead
- ::isDeleted - use RevisionRecord::isDeleted instead
- ::getVisibility - use RevisionRecord::getVisibility instead
- ::getContent - use RevisionRecord::getContent instead
- ::getSerializedData - use SlotRecord::getContent for retrieving a
content object, and Content::serialize for the serialized form
- ::getContentModel - use SlotRecord::getModel instead
- ::getContentFormat - use SlotRecord::getFormat instead, with a fallback
to ContentHandler::getDefaultFormat
- ::getContentHandler - use ContentHandlerFactory::getContentHandler instead
- ::getTimestamp - use RevisionRecord::getTimestamp instead
- ::isCurrent - use RevisionRecord::isCurrent instead
- ::getPrevious - use RevisionLookup::getPreviousRevision instead
- ::getNext - use RevisionLookup::getNextRevision instead
- ::getRevisionText - use RevisionRecord::getContent instead
- ::compressRevisionText - use SqlBlobStore::compressData instead
- ::decompressRevisionText - use SqlBlobStore::decompressData instead
- ::insertOn - use RevisionStore::insertRevisionOn instead
- ::base36Sha1 - use SlotRecord::base36Sha1 instead
- ::newNullRevision - use RevisionStore::newNullRevision
- ::userCan - use RevisionRecord::userCanBitfield instead
- ::userCanBitfield - use RevisionRecord::userCanBitfield instead
- ::getTimestampFromId - use RevisionStore::getTimestampFromId instead
- ::countByPageId - use RevisionStore::countRevisionsByPageId instead
- ::countByTitle - use RevisionStore::countRevisionsByTitle instead
- ::userWasLastToEdit - use RevisionStore::userWasLastToEdit instead
- ::newKnownCurrent - use RevisionStore::getKnownCurrentRevision instead
* The Revision method had a few methods that were previously protected and
have been made private. They were:
- ::getRevisionStore
- ::getRevisionLookup
- ::getRevisionFactory
- ::getBlobStore
The $mRecord variable was also changed from protected to private.
* Multiple hooks that include Revision objects were deprecated. The hooks, as
well as suitable replacements, are noted below:
- ArticleRevisionUndeleted (hard deprecated, use the RevisionUndeleted hook)
- ArticleRollbackComplete (hard deprecated, use the RollbackComplete hook)
- DiffRevisionTools (hard deprecated, use the DiffTools hook)
- DiffViewHeader (hard deprecated, use the DifferenceEngineViewHeader hook)
- HistoryRevisionTools (hard deprecated, use the HistoryTools hook)
- NewRevisionFromEditComplete (hard deprecated, use the
RevisionFromEditComplete hook).
- PageContentInsertComplete (hard deprecated, use the PageSaveComplete hook)
- PageContentSaveComplete (hard deprecated, use the PageSaveComplete hook)
- RevisionInsertComplete (soft deprecated in 1.31, now hard deprecated)
- TitleMoveCompleting (hard deprecated, use the PageMoveCompleting hook)
- TitleMoveComplete (hard deprecated, use the PageMoveComplete hook)
- UndeleteShowRevision (hard deprecated)
* The following RevisionStore methods were deprecated:
- ::loadRevisionFromTitle
- ::loadRevisionFromTimestamp
- ::loadRevisionFromPageId
- ::listRevisionSizes
* WikiPage::$mLastRevision was changed from protected to private.
* RecentChange::markPatrolled was deprecated. Use ::doMarkPatrolled instead.
* The JobRunner class has been converted to a service class.
Direct construction is deprecated, use MediaWikiServices::getJobRunner.
* JobRunner::setLogger has been deprecated, thus using JobRunner as a
LoggerAwareInterface is deprecated as well. Rely on the logger passed in the
constructor instead.
* LogEventsList::typeAction accepts an optional right to check against as
the fourth parameter. Specifying such a right is deprecated.
* SkinTemplate::makeArticleUrlDetails has been deprecated, no longer used.
* Passing a Revision object into CategoryMembershipChange constructor is
deprecated. Pass a RevisionRecord instead.
* The "mediawiki.legacy.oldshared" module has been deprecated.
Skins and extensions that are using this should copy its necessary CSS rules
to their own styles module. CologneBlue and Nostalgia skins serve as examples.
* The "mediawiki.legacy.shared" module has been deprecated.
Use the "mediawiki.skinning.*" modules, or ResourceLoaderSkinModule instead.
* The following hooks, soft deprecated in 1.24, have been hard deprecated:
- APIQueryInfoTokens
- APIQueryRecentChangesTokens
- APIQueryRevisionsTokens
- APIQueryUsersTokens
- ApiTokensGetTokenTypes
* Calling Action::factory and Action constructor with any Page implementations
other than Article is deprecated.
* Action::page property is deprecated for direct access.
Use Action::getArticle or Action::getWikiPage instead.
* LESS `.background-image-svg()` mixin from 'mediawiki.mixins.less' is
deprecated and should be removed in 1.36.
* LESS `.background-image-svg-quick()` mixin from 'mediawiki.mixins.less' is
deprecated and should be removed in 1.36.
* The following methods were deprecated:
- Title::getFirstRevision (hard deprecated)
- Title::getEarliestRevTime
- WikiPage::getOldestRevision (hard deprecated)
- Article::getOldestRevision (hard deprecated)
Use RevisionStore::getFirstRevision instead.
* WikiPage::commitRollback and ::doRollback are declared to be internal
in preparation for breaking changes. Neither method has any known
callers outside of MediaWiki core. Both methods modify an array passed
by reference ($resultDetails) - accessing the Revision objects added to
that array (using the keys `current` and `target`) is also deprecated.
* The following Linker methods previously accepted Revision objects as
parameters. They now accept either Revision or RevisionRecord objects.
Passing a Revision object is hard deprecated.
- ::revUserLink
- ::revUserTools
- ::revComment
- ::generateRollback
- ::getRollbackEditCount
- ::buildRollbackLink
- ::getRevDeleteLink
* WikiPage::hasDifferencesOutsideMainSlot previously accepted Revision
objects for its two parameters. It now accepts RevisionRecord objects,
and passing Revision objects is hard deprecated.
* WikiPage::updateRevisionOn previously accepted Revision objects for its
second parameter. It now accepts RevisionRecord objects, and passing
Revision objects is hard deprecated.
* The ParserGetVariableValueVarCache hook has been deprecated.
* When using the ParserGetVariableValueSwitch hook, the following unusual
uses have been deprecated: modifying the passed $magicWordId or failing to
cache the returned value in $variableCache. The related
MagicWordwgVariableIDs hook has been deprecated and renamed; use
the GetMagicVariableIDs hook instead.
* The following Parser properties have been deprecated:
- ::$mTagHooks
- ::$mFunctionHooks
- ::$mMarkerIndex
- ::$mFirstCall
- ::$mPreprocessor
- ::$mOutput
- ::$mStripState
- ::$mLinkID
- ::$mIncludeSizes
- ::$mPPNodeCount
- ::$mGeneratedPPNodeCount
- ::$mHighestExpansionDepth
- ::$mDoubleUnderscores
- ::$mExpensiveFunctionCount
- ::$mShowToc
- ::$mUser
- ::$mOptions
- ::$mTitle
- ::$ot
- ::$mRevisionObject
- ::$mRevisionId
- ::$mRevisionTimestamp
- ::$mRevisionUser
- ::$mRevisionSize
- ::$mInputSize
- ::$mInParse
* LinksUpdate::getRevision and ::setRevision are hard deprecated in favor
of the new ::getRevisionRecord and ::setRevisionRecord methods.
* A large number of exposed variables and methods of Article were deprecated as
part of its planned removal:
- Article::$mContext is deprecated; use getContext()/setContext() instead.
- Article::__get(), ::__set() are hard deprecated, use the WikiPage properties
instead.
- These Article methods were hard deprecated; use their WikiPage equivalents:
- ::checkFlags,
- ::checkTouched,
- ::clearPreparedEdit,
- ::commitRollback,
- ::doDeleteArticleReal,
- ::doEditContent,
- ::doPurge,
- ::doRollback,
- ::doUpdateRestrictions,
- ::doViewUpdates,
- ::exists,
- ::followRedirect,
- ::getContentHandler,
- ::getContentModel,
- ::getContributors,
- ::getDeletionUpdates,
- ::getHiddenCategories,
- ::getId,
- ::getLatest,
- ::getLinksTimestamp,
- ::getMinorEdit,
- ::getRedirectTarget,
- ::getRedirectURL,
- ::getTimestamp,
- ::getTouched,
- ::hasViewableContent,
- ::insertOn,
- ::insertRedirect,
- ::insertRedirectEntry,
- ::isCountable,
- ::isRedirect,
- ::loadFromRow,
- ::loadPageData,
- ::lockAndGetLatest,
- ::makeParserOptions,
- ::pageDataFromId,
- ::pageDataFromTitle,
- ::prepareContentForEdit,
- ::protectDescription,
- ::protectDescriptionLog,
- ::replaceSectionAtRev,
- ::setTimestamp,
- ::shouldCheckParserCache,
- ::supportsSections,
- ::triggerOpportunisticLinksUpdate,
- ::updateCategoryCounts, and
- ::updateRedirectOn.
- Article::generateReason() was hard deprecated; instead, please use
WikiPage::getAutoDeleteReason().
- Article::replaceSectionContent() was hard deprecated, use
Article::replaceSectionAtRev() instead.
- Article::getRevision and WikiPage::getRevision were hard deprecated in favor
of the new WikiPage::getRevisionRecord method.
* A new UserNameUtils service was introduced. The following User methods
were deprecated in favor of using the new service:
- isIP
- isIPRange
- isValidUserName
- isUsableName
- isCreatableName
- getCanonicalName
* The signature of WikiPage::doDeleteArticleReal was changed to make the user
the second parameter, and the suppression option the third parameter.
Previously, the third parameter was unused. Using the old signature is
hard deprecated.
* ApiQueryRevisions::getRollbackToken, which has been soft deprecated since
1.24, accepted as its third parameter a Revision object. It now accepts
a RevisionRecord, and passing a Revision is hard deprecated.
* Passing Article to ParserCache::get() was deprecated
* ParserOptions::newCanonical() with no first parameter, or null as the first
parameter, which falls back to using global $wgUser, is hard deprecated.
* Parser::fetchCurrentRevisionOfTitle, ::statelessFetchRevision, and
::getRevisionObject were hard deprecated in favor of the new
::fetchCurrentRevisionRecordOfTitle, ::statelessFetchRevisionRecord,
and ::getRevisionRecordObject methods respectively.
* ParserOptions::getCurrentRevisionCallback and ::setCurrentRevisionCallback
were hard deprecated in favor of the new ::getCurrentRevisionRecordCallback
and ::setCurrentRevisionRecordCallback methods respectively.
* Parser::statelessFetchTemplate returns an array; accessing the Revision
object returned (via the `revision` key to the array) is deprecated. Instead,
use `revision-record` to retrieve the equivalent RevisionRecord.
* WikiPage::doEditContent returns an array, and PageUpdater::getStatus returns
a Status object with an array value. For both of those arrays, accessing the
Revision object returned (via the `revision` key to the array) is deprecated.
Instead, use `revision-record` to retrieve the equivalent RevisionRecord.
* Page interface was deprecated. Use Article or WikiPage instead.
* The following DatabaseBlock methods are deprecated because they are no longer
needed in core: chooseBlock, fromMaster, deleteIfExpired.
* wfGetScriptUrl() was deprecated. The script URL should be configured rather
than detected. wfScript() can be used to get a configured script URL.
* Action::factory() with null $action argument is hard deprecated
* The following methods of the User class were deprecated: getDefaultOptions,
getDefaultOption, getOptions, getOption, getBoolOption, getIntOption,
setOption, listOptionKinds, getOptionKinds, resetOptions. Use corresponding
methods in UserOptionsLookup or UserOptionsManager service classes instead.
* UserRetrieveNewTalks hook was deprecated without replacement.
* User::getNewtalk and ::setNewtalk were hard deprecated. Use service
TalkPageNotificationManager instead.
* EditPage::matchSpamRegex and ::matchSummarySpamRegex were hard deprecated in
favor of the new SpamChecker service.
* Title::getNotificationTimestamp, User::clearNotification, and
User::clearAllNotifications were deprecated in favor of the new
WatchlistNotificationManager service.
* SpecialPage::setListed() and SpecialPage::listed() were deprecated. Subclass
UnlistedSpecialPage to set listed as false, and use SpecialPage::isListed()
to get the value.
* CategoryPage::getCategoryViewerClass() and ::setCategoryViewerClass() were
deprecated.
* MWHttpRequest and its subclasses PhpHttpRequest, CurlHttpRequest and
GuzzleHttpRequest now require the timeout and connectTimeout options to
always be specified, otherwise a deprecation warning will be raised. Most
callers should use HttpRequestFactory which always sets these options.
* Linker::normaliseSpecialPage() has been deprecated, instead make use of
LinkRenderer::normalizeTarget().
* SkinTemplate::getPersonalToolsList() was soft deprecated.
* ChangeTags::truncateTagDescription() has been deprecated.
* The following methods of the User class are deprecated: getGroups,
getGroupMemberships, getEffectiveGroups, getAutomaticGroups,
addGroup, removeGroup, getFormerGroups, getAllGroups, getImplicitGroups,
addAutopromoteOnceGroups. Use the new UserGroupManager service instead.
* The following methods of the UserGroupMembership class were deprecated:
selectFields, getMembershipsForUser, getMembership, insert, delete,
newFromRow, initFromRow, purgeExpired.
Use the new UserGroupManager service instead.
* wfWaitForSlaves() has been hard deprecated. Use LBFactory::waitForReplication
instead. It was soft deprecated in 1.27.
* BaseTemplate::getAfterPortlet and ::renderAfterPortlet have been deprecated in
favor of the Skin::getAfterPortlet method. Skin::getAfterPortlet does not wrap
the result in a div, callers are responsible for that.
The hook BaseTemplateAfterPortlet, called by both methods has been deprecated
as well and is replaced by SkinAfterPortlet.
* Autopromote class has been soft deprecated and it's methods moved into
UserGroupManager.
* SkinTemplateBuildNavUrlsNav_urlsAfterPermalink hook has been deprecated.
Use SidebarBeforeOutput hook and get the revision id from the OutputPage
object.
* BaseTemplate::getToolbox() method has been soft deprecated. The toolbox data
is now available in a sidebar data array which you can get from any class
that's extending QuickTemplate class. The hook associated with this method,
BaseTemplateToolbox, has been hard deprecated. To add items to the toolbox,
use SidebarBeforeOutput hook instead.
* The SkinTemplateOutputPageBeforeExec hook is deprecated.
The page [[mw:Manual:Hooks/SkinTemplateOutputPageBeforeExec]] and T60137
for recommendations for alternative approaches based on how developers
previously used this hook.
* SkinTemplateToolboxEnd hook has been deprecated. Use SidebarBeforeOutput hook
instead.
* Using Skin::addToBodyAttributes() method to add body attributes has been
deprecated. Use OutputPageBodyAttributes hook instead.
* Installer::getDBTypes has been hard deprecated in favor of
InstallerDBSupport::getDatabases
* The hooks BeforeHttpsRedirect, CanIPUseHTTPS and UserRequiresHTTPS were
deprecated, as part of a long-term plan to remove support for mixed
HTTP/HTTPS wikis.
* Skin::generateDebugHTML() has been hard deprecated. Call
MWDebug::getHTMLDebugLog() directly.
* ExternalStoreDB::getSlave(), soft deprecated in 1.34, was hard deprecated.
Use ExternalStoreDB::getReplica() instead.
* Less variables in mediawiki.ui/variables.less file that don't follow the
standard variable naming scheme (compare WikimediaUI Base) including
`@colorGray* variables have been deprecated. New variables are in place and
aliases have been set. Replace occurrences and use the new variables instead.
=== Other changes in 1.35 ===
* A new maintenance script is added (purgeExpiredWatchlistItems.php) with which
to delete expired watchlist items. These items will also be deleted during
wiki editing if $wgWatchlistPurgeRate is > 0. This maintenance script only
has effect if $wgWatchlistExpiry is true. It is recommended that a cronjob or
similar be set up to run it at least daily.
* Title::purgeSquid is deprecated. Use MediaWikiServices::getHtmlCacheUpdater.
* SpecialVersion::getExtLicenseFileName() has been deprecated, use
MediaWiki\ExtensionInfo::getLicenseFileNames() instead.
* SpecialVersion::getExtAuthorsFileName() has been deprecated, use
MediaWiki\ExtensionInfo::getAuthorsFileName() instead.
* Migration to the new content storage schema is complete, all backwards
compatibility code and duplication in the database have been removed.
The old schema was a 1:1 relationship modeled by
revision.text_id -> text.old_id. The new schema is a n:m relationship,
revision.rev_id <- slots.slot_revision_id|slots.slot_content_id ->
content.content_id|content.content_address -> text.old_id. The same applies
to the archive table.
The following fields were removed:
- revision.rev_text_id, replaced by content.content_address
- revision.rev_content_model, replaced by content.content_model,
referencing content_models.model_id
- revision.rev_content_format, replaced by automatic detecting in
ContentHandler
- archive.ar_text_id, replaced by content.content_address
- archive.ar_content_model, replaced by content.content_model,
referencing content_models.model_id
- archive.ar_content_format, replaced by automatic detecting in
ContentHandler
* Migration to normalized storage of edit comments and user names is
progressing. The following fields were unused and have been removed:
- revision.rev_comment,
replaced by rev_comment_id referencing comment.comment_id.
- revision.rev_user and rev_user_text,
replaced by rev_actor referencing actor.actor_id.
Note that archive.ar_user, archive.ar_user_text, and archive.ar_comment
had already been removed in previous releases.
* The printableversion has been marked as deprecated per T167956.
* (T30162, T245387) The installer supports using a Postgres server running
on a custom port other than 5432.
== Compatibility ==
MediaWiki 1.35 requires PHP 7.3.19 or later, and the following PHP extensions:
* ctype
* dom
* fileinfo
* iconv
* json
* mbstring
* xml
MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used,
but support for them is somewhat less mature.
The supported versions are:
* MySQL 5.5.8 or later
* PostgreSQL 9.2 or later
* SQLite 3.8.0 or later
== Online documentation ==
Documentation for both end-users and site administrators is available on
MediaWiki.org, and is covered under the GNU Free Documentation License (except
for pages that explicitly state that their contents are in the public domain):
https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
== Mailing list ==
A mailing list is available for MediaWiki user support and discussion:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
A low-traffic announcements-only list is also available:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
It's highly recommended that you sign up for one of these lists if you're
going to run a public MediaWiki, so you can be notified of security fixes.
== IRC help ==
There's usually someone online in #mediawiki on irc.libera.chat.
= MediaWiki 1.34 =
== MediaWiki 1.34.4 ==
This is a maintenance release of the MediaWiki 1.34 branch.
=== Changes since MediaWiki 1.34.3 ===
* Fixed issue relating to backporting of changes for T260485.
== MediaWiki 1.34.3 ==
This is a security and maintenance release of the MediaWiki 1.34 branch.
=== Changes since MediaWiki 1.34.2 ===
* In the web installer, use secure session cookies.
* Make UsersPager::requestedGroup public.
* (T257407) Split patch-drop-user-fields.sql into patch per table.
* (T257356) Split patch-drop-comment-fields.sql into patch per table.
* (T257997) Undeprecate WebInstaller::getInfoBox().
* Added $wgForceHTTPS, which makes the HTTP to HTTPS redirect be unconditional
and suppresses various hacks needed to support mixed HTTP/HTTPS wikis. We
recommend this be set to true on pure HTTPS wikis.
* Added $wgCookieSameSite, which allows login cookies to be sent with
SameSite=None. This is required for cross-site CentralAuth autologin after
Chrome 84.
* Added $wgUseSameSiteLegacyCookies, which adds a compatibility hack to
SameSite=None cookies for browsers which implemented an incompatible draft
version of the specification.
* (T257207) shell: Expand documentation in firejail.profile.
* (T246135) Give the "remember me" checkbox a specific CSS class so skins
like Minerva can only hide that checkbox.
* (T256287) rdbms: improve DBConnRef domain selection exception message.
* (T248191, T259123) phpunit: Acknowledge known dberror from
SpecialPageFatalTest.
* (T256394, T259123) Cleanup up excess commit() call in LocalRepoTest.
* Fix runBatchedQuery.php for no result from select.
* (T130906) Add Edge to MediaWiki:Clearyourcache.
* (T249521) reassignEdits: Update script to use User::newFromName for anon
users.
* (T172060) GlobalFunctions: Use php_uname instead of posix_uname.
* Use IPset in MWRestrictions::checkIP.
* (T260031) Add application/font-sfnt to MimeMap for ttf files.
* shell: Make ->restrict( RESTRICT_NONE ) actually work.
* (T183759) Fixes shell edge-cases in Windows.
* (T258390) Add CentralIdLookup::factoryNonLocal().
* (T246991) User: Fix pingLimiter() to use makeGlobalKey() for global rate
limits.
* (T232568, CVE-2020-25813) SECURITY: Special:UserRights exposes the existence
of hidden users.
* (T251661, CVE-2020-25827) SECURITY: User::pingLimiter: add user-global rate
limit type.
* (T246991) User: enforce pingLimiter() expiry time.
* (T260232) don't include null page ids in query list for category dumps.
* (T251506) Sanitizer: Truncate IDs to a reasonable length.
* (T262900) Fix failure of rebuildLocalisationCache.php due to RL hook.
* Explicitly wrap some XML calls in libxml_disable_entity_loader().
* (T263455 T247285) Set EnableJavaScriptTest to true in
includes/DevelopmentSettings.php.
* (T232568, CVE-2020-25813) SECURITY: SpecialUserrights: If a viewer lacks
`hideuser`, ignore hidden users.
* (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on
Special:Contributions.
* (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within
LogEventsList.
* (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking
firejail's --output functionality.
* (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and
'style' attribute.
* (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in
mw.message( ... ).parse().
* (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct
database.
* (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used.
== MediaWiki 1.34.2 ==
This is a security and maintenance release of the MediaWiki 1.34 branch.
=== Changes since MediaWiki 1.34.1 ===
* (T247017) PasswordReset performance improvements.
* The MultiHttpClient code will fallover to non-curl if curl_multi* is blocked.
* (T250568) Work around change in SimpleXMLElement behavior introduced in PHP
7.3.17.
* (T251789) Let $wgResourceLoaderMaxQueryLength=-1 fallback to default.
* Remove some rotten and out of date documentation.
* (T252311) Improvements to some older SQLite update patches.
* (T240307) Minor fixes to extension.schema.v2.json and
extension.schema.v1.json.
* (T238043) cleanupUsersWithNoId.php: Handle missing fields.
* (T199474) Set rc_patrolled to 2 for autopatrolled changes in
rebuildrecentchanges.php.
* (T229461) Update the change_tag table in rebuildrecentchanges.php.
* (T249730) Password Reset Updates.
* (T234450) Per-user concurrency in SpecialContributions can now be limited by
setting $wgPoolCounterConf['SpecialContributions'] appropriately.
* (T248947) SECURITY: img_auth.php may leak private extension images into the
public cache.
== MediaWiki 1.34.1 ==
This is a security and maintenance release of the MediaWiki 1.34 branch.
=== Changes since MediaWiki 1.34.0 ===
* (T211450) User: better error message when getActorId fails.
* (T241340) Don't redefine MW_ENTRY_POINT in thumb.php if already defined.
* (T236444) User: Allow newSystemUser() to create over anonymous actors.
* (T238483) Fix NewPagesPager "hide registered users" option.
* (T245072) mediawiki.language: Rename languageData back to languageNames.
* Use proper SemVer comparison in CheckComposerLockUpToDate.
* (T212738) Add the MW_VERSION constant, global $wgVersion is soft deprecated.
* (T246127) Fix error when initialising updateCollation.php.
* Update comment about PHP versions supported by The PHP Group.
* (T247215) Fix output of RecountCategories::doWork().
* Add check for page existence to view.php maintenance script.
* (T245149) Fix fetching login token from action=query&meta=tokens on private
wikis.
* (T236509) SECURITY: Fix HTML escaping in UserGroupMembership::getLink().
* (T232932) SECURITY: User content can redirect the logout button to different
URL.
* (T246602) SECURITY: jquery.makeCollapsible allows applying event handler to
any CSS selector.
== MediaWiki 1.34.0 ==
=== Changes since MediaWiki 1.34.0-rc.1 ===
* $wgDiffEngine (T237049) – This configuration can be used to specify which
difference engine to use. MediaWiki continues to default to automatically
choosing the first of $wgExternalDiffEngine, wikidiff2, or php that is
usable.
* (T231866) SqlBlobStore no longer needs Language object.
* (T236735) WikiExporter: Remove unnecessary check for SCHEMA_COMPAT_WRITE_OLD
flag.
* (T231673) Set MCR migration stage to SCHEMA_COMPAT_NEW.
* (T229601) Make sure DBLoadBalancerFactory service is not disabled.
* (T232866) Fix support for HTTP/2 in MultiHttpClient.
* (T231866) LocalisationCache: Don't instantiate ResourceLoader.
* (T227461) Stop calling deprecated Redis delete functions.
* (T239561) Mark options as requiring parameters in addSite.php.
* (T232866) Mimic CURLOPT_POST in GuzzleHttpRequest.
* (T239734) Replace deprecated lSize with lLen in Redis code.
* (T192134) SECURITY: Do not allow user scripts on Special:PasswordReset.
* (T239428) ApiEditPage: Test for bad redirect targets.
* (T233342) rdbms: Log debug message traces as 'exception.trace' instead of
'trace'.
* (T226751) media: Log and fail gracefully on invalid EXIF coordinates.
* (T240924) NewPagesPager: Fix namespace query conditions.
* (T212067) Tests for an old PHP bug in parse_url.
== MediaWiki 1.34.0-rc.1 ==
=== Changes since MediaWiki 1.34.0-rc.0 ===
* (T231742) rdbms: Restore debug toolbar "Queries" feature.
* (T231366) The ProfilerOutputDb class, 'profiling' table, and profileinfo.php
entry point had been deprecated.
* (T234361) localisation: Add debug message for backend of MessageCache.
* (T234361) session: Add debug message for the used store class.
* (T235559) Fix example Kask configuration in RESTBagOStuff class comment.
* (T235137) Don't apply styling for Special:Contributions on other pages.
* Upgrade mediawiki-codesniffer from 26.0.0 to 28.0.0 (dev-only).
* (T219604) The "jquery.ui.*" and "jquery.effects.*" modules are now
deprecated as aliases for the "jquery.ui" module.
* (T235392) Deprecate setting Parser::mTitle to null.
* Supporting commits for T235392 were also backported to prevent divergence
from master (MediaWiki 1.35).
* (T234581) The 'jquery.tabIndex' module is deprecated.
* Fix docs for GetUserBlock hooks.
* Parser: Hard deprecate getConverterLanguage.
* (T236810) A number of public methods of Parser were exposed only for
historical reasons and have been deprecated: doMagicLinks,
doDoubleUnderscore, doHeadings, doAllQuotes, replaceExternalLinks,
replaceInternalLinks, replaceInternalLinks2, getVariableValue,
initialiseVariables, formatHeadings, testPst, testPreprocess, testSrvus,
areSubpagesAllowed, maybeDoSubpageLink, splitWhitespace, createAssocArgs,
armorLinks, makeKnownLinkHolder, getImageParams, parseLinkParameter,
stripAltText, replaceLinkHolders, replaceLinkHoldersText, armorLinks,
makeKnownLinkHolder, getImageParams, parseLinkParameter, stripAltText.
* (T30798) $wgServer must now always be set in LocalSettings.php. This is most
likely the case already for any wiki installed after 1.18. The autodetection
system was informally deprecated since 1.18 and vulnerable to cache poisoning
attacks. Older wikis may need to update their LocalSettings.php file.
* (T232169) Hard deprecate $wgSysopEmailBans.
* (T236628) Fix for ArticleRevisionViewCustom hook in DifferenceEngine.php.
* (T181658) Do not insert page titles into querycache.qc_value.
* ParamValidator has been flagged as unstable.
* Hard deprecate Parser::disableCache().
== MediaWiki 1.34.0-rc.0 ==
== Upgrading notes for 1.34 ==
1.34 has several database changes since 1.33, and will not work without schema
updates. Note that due to changes to some very large tables like the revision
table, the schema update may take quite long (minutes on a medium sized site,
many hours on a large site).
Don't forget to always back up your database before upgrading!
See the file UPGRADE for more detailed upgrade instructions, including
important information when upgrading from versions prior to 1.11.
Some specific notes for MediaWiki 1.34 upgrades are below:
* MediaWiki now requires PHP 7.2.9 or above.
* MediaWiki no longer supports HHVM.
For notes on 1.33.x and older releases, see HISTORY.
=== Configuration changes for system administrators in 1.34 ===
In an effort to enforce best practices for passwords, MediaWiki will now warn
users, and suggest that they change their password, if it is in the list of
100,000 commonly used passwords that are considered bad passwords. If you want
to disable this for your users, please add the following to your local settings:
$wgPasswordPolicy['policies']['default']['PasswordNotInLargeBlacklist'] = false;
==== New configuration ====
* $wgAllowExternalReqID (T201409) - This configuration setting controls whether
MediaWiki accepts the request ID set by the incoming request via the
`X-Request-Id` header. If set to `true`, that value will be used throughout
the code as the request identificator. Otherwise, the sent header will be
ignored and the request ID will either be taken from Apache's mod_unique
module or will be generated by MediaWiki itself (depending on the set-up).
* $wgEnableSpecialMute (T218265) - This configuration controls whether
Special:Mute is available and whether to include a link to it on emails
originating from Special:Email.
* editmyuserjsredirect user right – users without this right now cannot edit JS
redirects in their userspace unless the target of the redirect is also in
their userspace. By default, this right is given to everyone.
* (T226733) Add rate limiter to Special:ConfirmEmail.
* $wgDiffEngine (T237049) – This configuration can be used to specify which
difference engine to use. MediaWiki continues to default to automatically
choosing the first of $wgExternalDiffEngine, wikidiff2, or php that is
usable.
==== Changed configuration ====
* $wgUseCdn, $wgCdnServers, $wgCdnServersNoPurge, and $wgCdnMaxAge – These four
CDN-related config variables have been renamed from being specific to Squid –
they were previously $wgUseSquid, $wgSquidServers, $wgSquidServersNoPurge, and
$wgSquidMaxage respectively. This aligns them with the related existing
variable $wgCdnMaxageLagged. The previous configuration variable names are
deprecated, but will be used as the fall back if they are still set.
Note that wgSquidPurgeUseHostHeader has not been renamed, as it is deprecated.
* (T27707) File type checks for image uploads have been relaxed to allow files
containing some HTML markup in metadata. As a result, the $wgAllowTitlesInSVG
setting is no longer applied and is now always true. Note that MSIE 7 may
still be able to misinterpret certain malformed PNG files as HTML.
* (T30798) $wgServer must now always be set in LocalSettings.php. This is most
likely the case already for any wiki installed after 1.18. The autodetection
system was informally deprecated since 1.18 and vulnerable to cache poisoning
attacks. Older wikis may need to update their LocalSettings.php file.
* Introduced $wgVerifyMimeTypeIE to allow disabling the MSIE 6/7 file type
detection heuristic on upload, which is more conservative than the checks
that were changed above.
* $wgExternalDiffEngine — Setting this to a string value of 'wikidiff',
'wikidiff2', or 'wikidiff3' will no longer work. This legacy behaviour was
deprecated in MediaWiki 1.27, 1.32, and 1.27, respectively.
* $wgSkipSkin — Setting this instead of $wgSkipSkins, deprecated in 1.23, is now
hard-deprecated.
* $wgLocalInterwiki — Setting this instead of $wgLocalInterwikis, deprecated in
1.23, is now hard-deprecated.
* $wgProfileOnly — Setting this, deprecated in 1.23, is now hard-deprecated.
Instead, set the log file in $wgDebugLogGroups['profileoutput'].
* $wgProxyList — Setting this to an array with IP addresses in the array keys,
which was deprecated in 1.30, no longer works. Instead, $wgProxyList should be
an array with IP addresses as the values, or a string path to a file
containing one IP address per line.
* $wgCookieSetOnAutoblock and $wgCookieSetOnIpBlock are now enabled by default.
==== Removed configuration ====
* $wgWikiDiff2MovedParagraphDetectionCutoff — If you still want a custom change
size threshold, please specify in php.ini, using the configuration variable
wikidiff2.moved_paragraph_detection_cutoff.
* $wgUseESI - This experimental setting, deprecated in 1.33, is now removed.
* $wgDebugPrintHttpHeaders - The default of including HTTP headers in the
debug log channel is no longer configurable. The debug log itself remains
configurable via $wgDebugLogFile.
* $wgMsgCacheExpiry - The MessageCache uses 24 hours as the expiry for values
stored in WANObjectCache. This is no longer configurable.
* $wgPasswordSalt – This setting, used for migrating exceptionally old, insecure
password setups and deprecated since 1.24, is now removed.
* $wgDBOracleDRCP - If you must use persistent connections, set DBO_PERSISTENT
in the 'flags' field for servers in $wgDBServers (or $wgLBFactoryConf).
* $wgMemCachedDebug - Set the cache "debug" field in $wgObjectCaches instead.
* $wgActorTableSchemaMigrationStage has been removed. Extension code for
MediaWiki 1.31+ finding it unset should treat it as being SCHEMA_COMPAT_NEW.
=== New user-facing features in 1.34 ===
* Special:Mute has been added as a quick way for users to block unwanted emails
from other users originating from Special:EmailUser.
* (T207577) Special:NewSection has been created as a shortcut to creating a new
section on a page. When linked to, its subpage is used as the target
([[Special:NewSection/Test]] redirects to creating a new section in "Test").
Otherwise, it displays a basic interface to allow the end user to specify
the target manually.
* (T220447) Special:Contributions/newbies has been removed for performance and
usefulness reasons. Use Special:RecentChanges?userExpLevel=newcomer instead.
* Special:NewFiles/newbies has been removed for performance and usefulness
reasons. Use Special:RecentChanges?userExpLevel=newcomer&namespace=6 instead.
=== New developer features in 1.34 ===
* The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification
of headers in private wikis.
* Language::formatTimePeriod now supports the new 'avoidhours' option to output
strings like "5 days ago" instead of "5 days 13 hours ago".
* (T220163) Added SpecialMuteModifyFormFields hook to allow extensions
to add fields to Special:Mute.
* (T100896) Skin authors can define custom OOUI themes using OOUIThemePaths.
See <https://www.mediawiki.org/wiki/OOUI/Themes> for details.
* (T229035) The GetUserBlock hook was added. Use this instead of
GetBlockedStatus.
* ObjectFactory is available as a service. When used as a service, the object
specs can now specify needed DI services.
* (T222388) Special pages can now be specified as an ObjectFactory spec,
allowing the construction of special pages that require services to be
injected in their constructor.
* (T222388) API modules can now be specified as an ObjectFactory spec,
allowing the construction of modules that require services to be injected
in their constructor.
* (T117736) The function signature of SpecialContributions::getForm::filters
has changed. It now expects definitions of additional filter fields as array
rather than string.
=== External library changes in 1.34 ===
==== Changed external libraries ====
* Updated Mustache from 1.0.0 to v3.0.1.
* Updated OOUI from v0.31.3 to v0.34.0.
* Updated OOjs from v2.2.2 to v3.0.0.
* Updated composer/semver from 1.4.2 to 1.5.0.
* Updated composer/spdx-licenses from 1.4.0 to 1.5.1 (dev-only).
* Updated mediawiki/codesniffer from 25.0.0 to 28.0.0 (dev-only).
* Updated cssjanus/cssjanus from 1.2.1 to 1.3.0.
* Updated wikimedia/at-ease from 1.2.0 to 2.0.0.
* Updated wikimedia/remex-html from 2.0.1 to 2.1.0.
* Updated monolog/monolog from 1.22.1 to 1.24.0 (dev-only).
* Updated wikimedia/object-factory from 1.0.0 to 2.1.0.
* Updated wikimedia/timestamp from 2.2.0 to 3.0.0.
* Updated wikimedia/xmp-reader from 0.6.2 to 0.6.3.
* Updated mediawiki/mediawiki-phan-config from 0.6.0 to 0.6.1 (dev-only).
* Updated wikimedia/avro from 1.8.0 to 1.9.0 (dev-only).
==== Removed external libraries ====
* The jquery.async module, deprecated in 1.33, was removed.
=== Bug fixes in 1.34 ===
* (T222529) If a log entry or page revision is recorded in the database with an
empty username, attempting to display it will log an error and return a "no
username available" to the user instead of silently displaying nothing or
invalid links.
=== Action API changes in 1.34 ===
* The 'recenteditcount' response property from action=query list=allusers,
deprecated in 1.25, has been removed.
* (T60993) action=query list=filearchive, list=alldeletedrevisions and
prop=deletedrevisions no longer require the 'deletedhistory' user right.
* In the response to queries that use 'prop=imageinfo', entries for
non-existing files (indicated by the 'filemissing' field) now omit the
following fields, since they are meaningless in this context:
'timestamp', 'userhidden', 'user', 'userid', 'anon', 'size', 'width',
'height', 'pagecount', 'duration', 'commenthidden', 'parsedcomment',
'comment', 'thumburl', 'thumbwidth', 'thumbheight', 'thumbmime',
'thumberror', 'url', 'sha1', 'metadata', 'extmetadata', 'commonmetadata',
'mime', 'mediadtype', 'bitdepth'.
Clients that process these fields should first check if 'filemissing' is
set. Fields that are supported even if the file is missing include:
'canonicaltitle', 'archivename' (deleted files only), 'descriptionurl',
'descriptionshorturl'.
* The 'blockexpiry' result property in list=users and list=allusers will now be
returned in the same format used by the rest of the API: ISO 8601 for
expiring blocks, and "infinite" for non-expiring blocks.
=== Action API internal changes in 1.34 ===
* The exception thrown in ApiModuleManager::getModule has been changed
from an MWException to an UnexpectedValueException, thrown by ObjectFactory.
ApiModuleManager::getModule now also throws InvalidArgumentExceptions when
ObjectFactory is presented with an invalid spec or incorrectly constructed
objects.
* Added ApiQueryBlockInfoTrait.
=== Languages updated in 1.34 ===
MediaWiki supports over 350 languages. Many localisations are updated regularly.
Below only new and removed languages are listed, as well as changes to languages
because of Phabricator reports.
* (T152908) Added language support for N'Ko (nqo).
=== Breaking changes in 1.34 ===
* The global functions wfSuppressWarnings and wfRestoreWarnings, deprecated in
1.26, have been removed. Use Wikimedia\AtEase\AtEase::suppressWarnings() and
Wikimedia\AtEase\AtEase::restoreWarnings() directly.
* Preferences class, deprecated in 1.31, has been removed.
* The following parts of code, deprecated in 1.32, were removed in favor of
built-in PHP functions:
* CryptRand class
* CryptRand service
* Functions of the MWCryptRand class: singleton(), wasStrong() and generate().
* Various Special Page PHP Classes were renamed (mostly casing changes):
* SpecialAncientpages => SpecialAncientPages
* SpecialConfirmemail => SpecialConfirmEmail
* SpecialDeadendpages => SpecialDeadendPages
* SpecialFewestrevisions => SpecialFewestRevisions
* SpecialListredirects => SpecialListRedirects
* SpecialLonelypages => SpecialLonelyPages
* SpecialLongpages => SpecialLongPages
* SpecialMIMEsearch => SpecialMIMESearch
* SpecialMostcategories => SpecialMostCategories
* SpecialMostinterwikis => SpecialMostInterwikis
* SpecialMostlinked => SpecialMostLinked
* SpecialMostlinkedcategories => SpecialMostLinkedCategories
* SpecialMostlinkedtemplates => SpecialMostLinkedTemplates
* SpecialMostrevisions => SpecialMostRevisions
* SpecialNewimages => SpecialNewFiles
* SpecialShortpages => SpecialShortPages
* SpecialUncategorizedcategories => SpecialUncategorizedCategories
* SpecialUncategorizedimages => SpecialUncategorizedImages
* SpecialUncategorizedpages => SpecialUncategorizedPages
* SpecialUncategorizedtemplates => SpecialUncategorizedTemplates
* SpecialUnusedcategories => SpecialUnusedCategories
* SpecialUnusedimages => SpecialUnusedImages
* SpecialUnusedtemplates => SpecialUnusedTemplates
* SpecialUnwatchedpages => SpecialUnwatchedPages
* SpecialWantedcategories => SpecialWantedCategories
* SpecialWantedtemplates => SpecialWantedTemplates
* SpecialWithoutinterwiki => SpecialWithoutInterwiki
* Language::setCode, deprecated in 1.32, was removed. Use Language::factory to
create a new Language object with a different language code.
* MWNamespace::clearCaches() has been removed. So has the $rebuild parameter
to MWNamespace::getCanonicalNamespaces(), which was deprecated since 1.31.
Instead, reset services, such as by calling $this->overrideMwServices() (if
your test extends MediaWikiTestCase). Services will generally not pick up
configuration changes from after they were created, so you must reset
services after any configuration change. Even if your code works now, it is
likely to break in future versions as more code is moved to services.
* The ill-defined "DatabaseOraclePostInit" hook has been removed.
* PreferencesFormLegacy and PreferencesForm classes, deprecated in 1.32, have
been removed.
* ObjectFactory class, deprecated in 1.31, has been removed.
* HWLDFWordAccumudlator class, deprecated in 1.28, has been removed.
* XMPInfo, XMPReader and XMPValidate, deprecated in 1.32, have been removed.
* The RedirectSpecialPage::execute method could sometimes return a Title object.
This behavior was removed, and the method now matches the parent signature
(SpecialPage::execute) which is to return HTML string or void.
To obtain the destination title, use RedirectSpecialPage::getRedirect.
* The 'recenteditcount' response property from action API action=query
list=allusers, deprecated in 1.25, has been removed.
* SearchEngine::userNamespaces(), SearchEngine::namespacesAsText(),
SearchEngine::create(), SearchEngine::getSearchTypes() and
SearchEngine::getNearMatch(), methods deprecated in 1.27, have been removed.
* FileRepo::streamFile(), deprecated in 1.26, has been removed.
* User::randomPassword() method, deprecated in 1.27, have been removed.
* MWNamespace::canTalk(), deprecated in 1.30, have been removed.
* Parser class property $mUniqPrefix, deprecated in 1.26, has been removed.
* wfArrayFilter() and wfArrayFilterByKey(), deprecated in 1.32, have been
removed.
* wfMakeUrlIndexes() function, deprecated in 1.33, have been removed.
* Method signatures in WatchedItemQueryServiceExtension have changed from taking
User objects to taking UserIdentity objects. Extensions implementing this
interface need to be changed accordingly.
* User::getGroupPage() and ::makeGroupLinkHTML(), deprecated in 1.29, have been
removed. Use UserGroupMembership::getGroupPage and ::getLink instead.
* User::makeGroupLinkWiki(), deprecated in 1.29, has been removed. Use
UserGroupMembership::getLink() instead.
* SavepointPostgres, deprecated in 1.31, has been removed.
* OutputPage::enableSectionEditLinks(), OutputPage::sectionEditLinksEnabled(),
ParserOptions::getEditSection(), ParserOptions::setEditSection(), and
ParserOutput::getEditSectionTokens, ::getTOCEnabled, ::setEditSectionTokens,
and ::setTOCEnabled, deprecated in 1.31, have been removed.
* EditPage::safeUnicodeInput() and ::safeUnicodeOutput(), deprecated in 1.30,
have been removed.
* Four methods in OutputPage, deprecated in 1.32, have been removed. You should
use OutputPage::showFatalError or throw a FatalError instead. The methods are
::showFileCopyError(), ::showFileRenameError(), ::showFileDeleteError(), and
::showFileNotFoundError().
* ApiBase::truncateArray(), deprecated in 1.32, has been removed.
* IcuCollation::getICUVersion(), deprecated in 1.32, has been removed. Use PHP's
INTL_ICU_VERSION constant directly.
* HTMLForm::setSubmitProgressive(), deprecated in 1.32, has been removed.
* ResourceLoaderStartUpModules::getStartupModules() and ::getLegacyModules(),
both deprecated in 1.32, have been removed.
* BaseTemplate::msgHtml() and QuickTemplate::msgHtml(), deprecated in 1.32, have
been removed. Use ->msg() or ->getMsg() instead.
* WatchAction::getUnwatchToken(), deprecated in 1.32, has been removed. Instead,
use WatchAction::getWatchToken() with action 'unwatch' directly.
* Language::initEncoding(), ::recodeForEdit(), and recodeInput(), deprecated in
1.28, have been removed.
* PageArchive::getTextFromRow(), ::listAllPages(), and ::getLastRevisionText(),
deprecated in 1.32, have been removed.
* OutputPage::getModuleScripts(), ParserOutput::getModuleScripts(), deprecated
in 1.33, have been removed.
* User::getPasswordValidity(), deprecated in 1.33, has been removed.
* ApiQueryBase::prepareUrlQuerySearchString(), deprecated in 1.33, has been
removed.
* ChangeTags::purgeTagUsageCache(), deprecated in 1.33, has been removed.
* JobQueueGroup::pushLazyJobs(), deprecated in 1.33, has been removed.
* MediaWikiTestCase::stashMwGlobals(), deprecated in 1.32, has been removed.
* SearchEngine::transformSearchTerm(), deprecated in 1.32, has been removed.
* The Block typehint only refers to blocks stored in the database. It should be
updated to AbstractBlock in cases where any type of block could be expected.
* FileRepoStatus, deprecated in 1.25, has been removed.
* The LegacyHookPreAuthenticationProvider class, deprecated since its creation
in 1.27, has been removed.
* IP::isValidBlock(), deprecated in 1.30, has been removed.
* WikiPage::prepareContentForEdit now doesn't accept an integer for $revision,
was deprecated in 1.25.
* The jquery.byteLength module, deprecated in 1.31, was removed.
Use the mediawiki.String module instead.
* mw.language.specialCharacters, deprecated in 1.33, has been removed.
Use require( 'mediawiki.language.specialCharacters' ) instead.
* The jquery.colorUtil module was removed. Use jquery.color instead.
* The jquery.checkboxShiftClick module was removed. The functionality
is provided by mediawiki.page.ready instead (T232688).
* The 'jquery.accessKeyLabel' module has been removed. This jQuery
plugin now ships as part of the 'mediawiki.util' module bundle.
* EditPage::submit(), deprecated in 1.29, has been removed. Use $this->edit()
directly.
* HTMLForm::getErrors(), deprecated in 1.28, has been removed. Use
getErrorsOrWarnings() instead.
* SpecialPage::getTitle(), deprecated in 1.23, has been removed. Use
SpecialPage::getPageTitle() instead.
* jquery.ui.effect-bounce, jquery.ui.effect-explode, jquery.ui.effect-fold
jquery.ui.effect-pulsate, jquery.ui.effect-slide, jquery.ui.effect-transfer,
which are no longer used, have now been removed.
* SpecialEmailUser::validateTarget(), ::getTarget() without a sender/user
specified, deprecated in 1.30, have been removed.
* BufferingStatsdDataFactory::getBuffer(), deprecated in 1.30, has been removed.
* The constant DB_SLAVE, deprecated in 1.28, has been removed. Use DB_REPLICA.
* The constants NS_IMAGE and NS_IMAGE_TALK, deprecated in 1.14, have been
removed. Use NS_FILE and NS_FILE_TALK respectively.
* Replacer, DoubleReplacer, HashtableReplacer and RegexlikeReplacer
(deprecated in 1.32) have been removed. Closures should be used instead.
* OutputPage::addWikiText(), ::addWikiTextWithTitle(), ::addWikiTextTitleTidy(),
::addWikiTextTidy(), ::addWikiTextTitle(), deprecated in 1.32, have been
removed.
* The $wgUseKeyHeader configuration option and the OutputPage::getKeyHeader()
method, deprecated in 1.32, have been removed.
* WebInstallerOutput::addWikiText(), deprecated in 1.32, has been removed.
* Parser::fetchFile(), deprecated in 1.32, has been removed. Use the method
Parser::fetchFileAndTitle() instead.
* The global function wfBCP47, deprecated in 1.31, has been removed.
* wfCountDown() function, deprecated in 1.31, has been removed. Use
\Maintenance::countDown() method instead.
* OutputPage::wrapWikiMsg() no longer accepts an options parameter. This was
deprecated since 1.20.
* Skin::outputPage() no longer accepts a context. This was deprecated in 1.20.
* Linker::link() no longer accepts a string for the query array, as was
deprecated in 1.20.
* PrefixSearch::titleSearch(), deprecated in 1.23, has been removed. Use the
SearchEngine::defaultPrefixSearch or ::completionSearch() methods instead.
* The UserRights hook, deprecated in 1.26, has been removed. Instead, use the
UserGroupsChanged hook.
* Skin::getDefaultInstance(), deprecated in 1.27, has been removed. Get the
instance from MediaWikiServices instead.
* The UserLoadFromSession hook, deprecated in 1.27, has been removed.
* The wfResetSessionID global function, deprecated in 1.27, has been removed.
Use MediaWiki\Session\SessionManager instead.
* The wfGetLBFactory global function, deprecated in 1.27, has been removed.
Use MediaWikiServices::getInstance()->getDBLoadBalancerFactory().
* The internal method OutputPage->addScriptFile() will no longer silently drop
calls that use an invalid path (i.e., something other than an absolute path,
protocol-relative URL, or full scheme URL), and will instead pass them to the
client where they will likely 404. This usage was deprecated in 1.24.
* Database::reportConnectionError, deprecated in 1.32, has been removed.
* APIEditBeforeSave hook, deprecated in 1.28, has been removed. Please see
EditFilterMergedContent hook for an alternative way to use this feature.
* API module methods getDescription(), getParamDescription(), & getExamples(),
all deprecated in 1.25 and ignored, have been removed.
* The API module method getDescriptionMessage(), deprecated in 1.30, has been
removed.
* The JavaScript global variable wgLoadScript has been removed. Use
mw.util.wikiScript( 'load' ) instead.
* ResourceLoader no longer creates the 'mw.legacy' placeholder object. It has
been unused since 1.16 and was deprecated in 1.22. To deprecate a property
in JavaScript, use mw.log.deprecate() instead.
* The 'user.groups' module, deprecated in 1.28, was removed.
Use the 'user' module instead.
* The ResourceLoaderContext::expandModuleNames method, deprecated in 1.33, was
removed. Use ResourceLoader::expandModuleNames instead.
* The ability to override User::$mRights has been removed. Use
PermissionManager::addTemporaryUserRights() instead.
* Previously, when iterating ResultWrapper with foreach() or a similar
construct, the range of the index was 1..numRows. This has been fixed to be
0..(numRows-1).
* The ChangePasswordForm hook, deprecated in 1.27, has been removed. Use the
AuthChangeFormFields hook or security levels instead.
* WikiMap::getWikiIdFromDomain(), deprecated in 1.33, has been removed.
Use WikiMap::getWikiIdFromDbDomain() instead.
* The config variables $wgHtml5, $wgJsMimeType, and $wgXhtmlDefaultNamespace,
which were deprecated and ignored by core since 1.22, are no longer set to any
value, and SkinTemplate no longer emits a 'jsmimetype' key. Any extensions not
updated since 2013 to cope with this deprecation may now break.
* (T222637) Passing ResourceLoaderModule objects to ResourceLoader::register()
or $wgResourceModules is no longer supported.
Use the 'class' or 'factory' option of the array format instead.
* The parameter $lang of the functions generateTOC and tocList in Linker and
DummyLinker must be in type Language when present. Other types are
deprecated since 1.33.
* The static properties mw.Api.errors and mw.Api.warnings, deprecated in 1.29,
have been removed.
* ParserOption::getSpeculativeRevIdCallback(), deprecated in 1.28, has been
removed.
* The UploadVerification hook, deprecated in 1.28, has been removed. Instead,
use the UploadVerifyFile hook.
* UploadBase:: and UploadFromChunks::stashFileGetKey() and stashSession(),
deprecated in 1.28, have been removed. Instead, please use the getFileKey()
method on the response from doStashFile().
* LBFactory::setDomainPrefix() and LoadBalancer::setDomainPrefix(), deprecated
in 1.33, have been removed. Use setLocalDomainPrefix() instead.
* IDatabase::implicitGroupby(), deprecated in 1.30, has been removed.
* IDatabase::doneWrites(), deprecated in 1.31, has been removed.
Use IDatabase::lastDoneWrites() instead.
* Database::reportConnectionError(), deprecated in 1.32, has been removed.
* LoadBalancer::laggedSlaveUsed(), deprecated in 1.28, has been removed.
Use LoadBalancer::laggedReplicaUsed() instead.
* Database::getProperty(), deprecated in 1.28, has been removed.
* IDatabase::getWikiId(), deprecated in 1.30, has been removed.
Use IDatabase::getDomainID() instead.
* (T191231) Support for using Oracle or MSSQL as database backends has been
dropped.
* MessageCache::destroyInstance() has been removed. Instead, call
MediaWikiTestCase::resetServices().
* SearchResult protected field $searchEngine is removed and no longer
initialized after calling SearchResult::initFromTitle().
* The UserIsBlockedFrom hook is only called if a block is found first, and
should only be used to unblock a blocked user.
* Parameters for index.php from PATH_INFO, such as the title, are no longer
written to $_GET.
* The selectFields() methods on classes LocalFile, ArchivedFile, OldLocalFile,
DatabaseBlock, and RecentChange, deprecated in 1.31, have been removed. Use
the corresponding getQueryInfo() methods instead.
* The following methods on Revision, deprecated since 1.31, have been removed.
Use RevisionStore::getQueryInfo() or RevisionStore::getArchiveQueryInfo()
instead.
* Revision::userJoinCond()
* Revision::pageJoinCond()
* Revision::selectFields()
* Revision::selectArchiveFields()
* Revision::selectTextFields()
* Revision::selectPageFields()
* Revision::selectUserFields()
* User::setNewpassword(), deprecated in 1.27 has been removed.
* The ObjectCache::getMainWANInstance and ObjectCache::getMainStashInstance
functions, deprecated since 1.28, have been removed.
* Language::$dataCache has been removed (without prior deprecation, for
practical reasons). Use MediaWikiServices instead to get a LocalisationCache.
=== Deprecations in 1.34 ===
* The MWNamespace class is deprecated. Use NamespaceInfo.
* ExtensionRegistry->load() is deprecated, as it breaks dependency checking.
Instead, use ->queue().
* User::isBlocked() is deprecated since it does not tell you if the user is
blocked from editing a particular page. Use User::getBlock() or
PermissionManager::isBlockedFrom() or PermissionManager::userCan() instead.
* User::isLocallyBlockedProxy and User::inDnsBlacklist are deprecated and moved
to the BlockManager as private helper methods.
* User::isDnsBlacklisted is deprecated. Use BlockManager::isDnsBlacklisted
instead.
* The Config argument to ChangesListSpecialPage::checkStructuredFilterUiEnabled
is deprecated. Pass only the User argument.
* WatchedItem::getUser is deprecated. Use getUserIdentity.
* Passing a Title as the first parameter to the getTimestampById method of
RevisionStore is deprecated. Omit it, passing only the remaining parameters.
* Title::getPreviousRevisionId and Title::getNextRevisionId are deprecated. Use
RevisionLookup::getPreviousRevision and RevisionLookup::getNextRevision.
* The Title parameter to RevisionLookup::getPreviousRevision and
RevisionLookup::getNextRevision is deprecated and should be omitted.
* MWHttpRequest::factory is deprecated. Use HttpRequestFactory.
* The Http class is deprecated. For the request, get, and post methods, use
HttpRequestFactory. For isValidURI, use MWHttpRequest::isValidURI. For
getProxy, use (string)$wgHTTPProxy. For createMultiClient, construct a
MultiHttpClient directly.
* Http::$httpEngine is deprecated and has no replacement. The default 'guzzle'
engine will eventually be made the only engine for HTTP requests.
* RepoGroup::singleton(), RepoGroup::destroySingleton(),
RepoGroup::setSingleton(), wfFindFile(), and wfLocalFile() are all
deprecated. Use MediaWikiServices instead.
* The getSubjectPage, getTalkPage, and getOtherPage of Title are deprecated.
Use NamespaceInfo's getSubjectPage, getTalkPage, and getAssociatedPage.
* MWMessagePack class, no longer used, has been deprecated in 1.34.
* The Block class is separated into DatabaseBlock (for blocks stored in the
database), and SystemBlock (for temporary blocks created by the system).
SystemBlock should be used when creating any temporary blocks. Block is
a deprecated alias for DatabaseBlock.
* Parser::$mConf is deprecated. It will be removed entirely in a later version.
Some context can be found at T224165.
* Constructing Parser directly is deprecated. Obtain one from ParserFactory.
* Title::moveSubpages is deprecated. Use MovePage::moveSubpages or
MovePage::moveSubpagesIfAllowed.
* The MWNamespace class is deprecated. Use MediaWikiServices::getNamespaceInfo.
* (T62260) Hard deprecate Language::getExtraUserToggles() method.
* Language::viewPrevNext function is deprecated, use
PrevNextNavigationRenderer::buildPrevNextNavigation instead
* User::trackBlockWithCookie and DatabaseBlock::clearCookie are deprecated. Use
BlockManager::trackBlockWithCookie and BlockManager::clearCookie instead.
* DatabaseBlock::setCookie, DatabaseBlock::getCookieValue,
DatabaseBlock::getIdFromCookieValue and AbstractBlock::shouldTrackWithCookie
are moved to internal helper methods for BlockManager::trackBlockWithCookie.
* ResourceLoaderContext::getConfig and ResourceLoaderContext::getLogger have
been deprecated. Inside ResourceLoaderModule subclasses, use the local methods
instead. Elsewhere, use the methods from the ResourceLoader class.
* The Profiler::setTemplated and Profiler::getTemplated methods have been
deprecated. Use Profiler::setAllowOutput and Profiler::getAllowOutput
instead.
* The ProfilerOutputDb class, 'profiling' table, and profileinfo.php entry
point had been deprecated (T231366).
* The Preprocessor_DOM implementation has been deprecated. It will be
removed in a future release. Use the Preprocessor_Hash implementation
instead.
* Sanitizer::attributeWhitelist() and Sanitizer::setupAttributeWhitelist()
have been deprecated; they will be made private in the future.
* SearchResult::termMatches() method is deprecated. It was unreliable because
only populated by few search engine implementations. Use
SqlSearchResult::getTermMatches() if really needed.
* SearchResult::getTextSnippet( $terms ) the $terms param is being deprecated
and should no longer be passed. Search engine implemenations should be
responsible for carrying relevant information needed for highlighting with
their own SearchResultSet/SearchResult sub-classes.
* SearchResultSet::free() method is deprecated.
* SearchEngine::$searchTerms protected field is deprecated. Moved to
SearchDatabase.
* The use of the $terms param in the ShowSearchHit and ShowSearchHitTitle
hooks is highly discouraged as it's only populated by SearchDatabase search
engines.
* Skin::escapeSearchLink() is deprecated. Use Skin::getSearchLink() or the skin
template option 'searchaction' instead.
* Skin::getRevisionId() and Skin::isRevisionCurrent() have been deprecated.
Use OutputPage::getRevisionId() and OutputPage::isRevisionCurrent() instead.
* LoadBalancer::haveIndex() and LoadBalancer::isNonZeroLoad() have
been deprecated.
* FileBackend::getWikiId() has been deprecated.
Use FileBackend::getDomainId() instead.
* User::getRights() and User::$mRights have been deprecated. Use
PermissionManager::getUserPermissions() instead.
* The LocalisationCacheRecache hook no longer allows purging of message blobs
to be prevented. Modifying the $purgeBlobs parameter now has no effect.
* SVGMetadataExtractor::getMetadata has been deprecated. Instead, you should
use SVGReader->getMetadata() directly.
* The following public properties on AbstractBlock are deprecated: $mReason,
$mTimestamp, $mExpiry, $mHideName. Use the getters/setters instead.
* The following public properties on DatabaseBlock are deprecated: $mAuto,
$mParentBlockId. To check for an autoblock use DatabaseBlock::getType; to
check for the parent ID, use DatabaseBlock::getParentBlockId.
* SearchEngine::userHighlightPrefs() is deprecated, simply stop passing
$contextlines and $contextchars to the SearchHighlighter methods, they will
use proper defaults defined in SearchHighlighter::DEFAULT_CONTEXT_LINES and
DEFAULT_CONTEXT_CHARS.
* SearchUpdate constructor: passing a string as the title param and or a boolean
or a string as the content will produce a deprecation warning.
* SearchEngine::getTextFromContent() is deprecated, use getTextForSearchIndex()
directly from the Content object.
* SearchEngine::textAlreadyUpdatedForIndex() is deprecated, given the
deprecation above this method is no longer needed/called and should not be
implemented by SearchEngine implementation.
* IDatabase::bufferResults() has been deprecated. Use query batching instead.
* MessageCache::singleton() is deprecated. Use
MediaWikiServices::getMessageCache().
* ObjectCache::getWANInstance() is deprecated. Use
MediaWikiServices::getMainWANObjectCache() instead.
* ObjectCache::newWANCacheFromParams() is deprecated. Use
MediaWikiServices::getMainWANObjectCache() instead.
* Constructing MovePage directly is deprecated. Use MovePageFactory.
* TempFSFile::factory() has been deprecated. Use TempFSFileFactory instead.
* wfIsBadImage() is deprecated. Use the BadFileLookup service instead.
* Building a new SearchResult is hard-deprecated, always call
SearchResult::newFromTitle(). This class is being refactored into an abstract
class. If you extend this class please be sure to override all its methods
or extend RevisionSearchResult.
* Skin::getSkinNameMessages() is deprecated and no longer used.
* The mediawiki.RegExp module is deprecated; use mw.util.escapeRegExp() instead.
* Specifying a SpecialPage object for the list of special pages (either through
the SpecialPage_initList hook or by adding to $wgSpecialPages) is now
deprecated.
* The 'jquery.tabIndex' module is deprecated.
* WebInstaller::getWarningBox() and getErrorBox() are deprecated.
Use Html::errorBox() or Html::warningBox() instead.
* Use of ActorMigration with 'ar_user', 'img_user', 'oi_user', 'fa_user',
'rc_user', 'log_user', and 'ipb_by' is deprecated. Queries should be adjusted
to use the corresponding actor fields directly. Note that use with
'rev_user' is *not* deprecated at this time.
* Specifying both the class and factory parameters for
ApiModuleManager::addModule is now deprecated. The ObjectFactory spec should
be used instead.
* The UserIsHidden hook is deprecated. Use GetUserBlock instead, and add a
system block that hides the user.
* The GetBlockedStatus hook is deprecated. Use GetUserBlock instead, to add or
remove a block.
* $wgContentHandlerUseDB is deprecated and should always be true.
* StreamFile::send404Message() and StreamFile::parseRange() are now deprecated.
Use HTTPFileStreamer::send404Message() and HTTPFileStreamer::parseRange()
respectively instead.
* Global variable $wgSysopEmailBans is deprecated; to allow sysops to ban
users from sending emails, use
$wgGroupPermissions['sysop']['blockemail'] = true;
* ApiQueryBase::showHiddenUsersAddBlockInfo() is deprecated. Use
ApiQueryBlockInfoTrait instead.
* PasswordReset is now a service, its direct instantiation is deprecated.
* RESTBagOStuff users should specify either "JSON" or "PHP" serialization type.
* The global function wfIsHHVM() is deprecated and will now always return false
regardless of the runtime environment. This is part of the continuing work to
remove HHVM support from MediaWiki, which started in MediaWiki 1.31.
* Language::getLocalisationCache() is deprecated. Use MediaWikiServices
instead.
* The following Language methods are deprecated: isSupportedLanguage,
isValidCode, isValidBuiltInCode, isKnownLanguageTag, fetchLanguageNames,
fetchLanguageName, getFileName, getMessagesFileName, getJsonMessagesFileName.
Use the new LanguageNameUtils class instead. (Note that fetchLanguageName(s)
are called getLanguageName(s) in the new class.)
* Using the Parser without initializing its $mTitle property to non-null has
been deprecated. In a future release Parser::getTitle() will throw a
TypeError if $mTitle is uninitialized.
* A number of public methods of Parser were exposed only for historical
reasons and have been deprecated: doMagicLinks, doDoubleUnderscore,
doHeadings, doAllQuotes, replaceExternalLinks, replaceInternalLinks,
replaceInternalLinks2, getVariableValue, initialiseVariables, formatHeadings,
testPst, testPreprocess, testSrvus, areSubpagesAllowed, maybeDoSubpageLink,
splitWhitespace, createAssocArgs, armorLinks, makeKnownLinkHolder,
getImageParams, parseLinkParameter, stripAltText, replaceLinkHolders,
replaceLinkHoldersText, armorLinks, makeKnownLinkHolder, getImageParams,
parseLinkParameter, stripAltText.
=== Other changes in 1.34 ===
* Added option to specify "Various authors" as author in extension credits using
"..." as the only author name. If the "author" array contains more than one
entry and "..." is one of the entries in the array, "..." will be parsed as
"others" (version-poweredby-others i18n message) like previously.
* (T232563) Browser support ("Grade C") for Internet Explorer 6 and 7
was discontinued. Basic content and security features may no longer
work correctly in these browsers.
= MediaWiki 1.33 =
== MediaWiki 1.33.4 ==
This is a security and maintenance release of the MediaWiki 1.33 branch.
=== Changes since MediaWiki 1.33.3 ===
* (T247017) PasswordReset performance improvements.
* The MultiHttpClient code will fallover to non-curl if curl_multi* is blocked.
* (T250568) Work around change in SimpleXMLElement behavior introduced in PHP
7.3.17.
* Remove some rotten and out of date documentation.
* (T252311) Improvements to some older SQLite update patches.
* (T240307) Minor fixes to extension.schema.v2.json and
extension.schema.v1.json.
* rdbms: Add callback for atomic section cancellation.
* (T191668) NameTableStoreTest::getCallCheckingDb simplification.
* Make NameTableStore use LoadBalancer::getConnectionRef().
* (T224949) NameTableStore: ensure consistency upon rollback.
* (T199474) Set rc_patrolled to 2 for autopatrolled changes in
rebuildrecentchanges.php.
* (T229461) Update the change_tag table in rebuildrecentchanges.php.
* (T234450) Per-user concurrency in SpecialContributions can now be limited by
setting $wgPoolCounterConf['SpecialContributions'] appropriately.
* (T248947) SECURITY: img_auth.php may leak private extension images into the
public cache.
== MediaWiki 1.33.3 ==
This is a security and maintenance release of the MediaWiki 1.33 branch.
=== Changes since MediaWiki 1.33.2 ===
* (T245072) mediawiki.language: Rename languageData back to languageNames.
* Use proper SemVer comparison in CheckComposerLockUpToDate.
* (T212738) Add the MW_VERSION constant, global $wgVersion is soft deprecated.
* Update comment about PHP versions supported by The PHP Group.
* (T247215) Fix output of RecountCategories::doWork().
* Add check for page existence to view.php maintenance script.
* (T236509) SECURITY: Fix HTML escaping in UserGroupMembership::getLink().
* (T246602) SECURITY: jquery.makeCollapsible allows applying event handler to
any CSS selector.
== MediaWiki 1.33.2 ==
This is a security and maintenance release of the MediaWiki 1.33 branch.
=== Changes since MediaWiki 1.33.1 ===
* (T217831) (T200653) PopulateContentTables: compute sha1 and length if needed.
* Fix extra newlines in the installer.
* (T236628) Fix for ArticleRevisionViewCustom hook in DifferenceEngine.php.
* (T181658) Do not insert page titles into querycache.qc_value.
* (T206013) Suppress errors when reading invalid XML file properties.
* (T237931) Remove references to pg_attrdef.adsrc in Postgres code.
* Use correct value for 'sslmode' in DatabasePostgres.
* (T232866) Fix support for HTTP/2 in MultiHttpClient.
* (T227461) Stop calling deprecated Redis delete functions.
* (T239561) Mark options as requiring parameters in addSite.php.
* (T219440) Skip flaky rollback test.
* (T232866) Mimic CURLOPT_POST in GuzzleHttpRequest.
* (T239734) Replace deprecated lSize with lLen in Redis code.
* (T192134) SECURITY: Do not allow user scripts on Special:PasswordReset.
* (T239428) ApiEditPage: Test for bad redirect targets.
* (T233342) rdbms: Log debug message traces as 'exception.trace' instead of
'trace'.
* (T226751) media: Log and fail gracefully on invalid EXIF coordinates.
* (T212067) SECURITY: Work around PHP bug in parse_url.
== MediaWiki 1.33.1 ==
This is a security and maintenance release of the MediaWiki 1.33 branch.
=== Changes since MediaWiki 1.33.0 ===
* A change that kept people with a database table prefix that didn't
end with an underscore from updating was reverted.
* (T207100) Updated LanguageTr for dotted and dotless I in PHP 7.3.
* The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification
of headers in private wikis.
* (T230317) Allow upgrading from MediaWiki before 1.15 where the valid_tag table
doesn't yet exist.
* (T208897) MessageCache: Restore 'loadedLanguages' tracking for load().
* (T228555) MessageCache: Fix isMainCacheable() logic for non-content languages.
* (T200088) Remove title protection correctly for undeletions and imports.
* (T230402) SECURITY: Add permission check for suppressed account to
Special:Redirect.
* Add helper for HTTPFileStreamer header syntax.
* (T227461) ObjectCache: avoid using deprecated phpredis::delete() alias.
* (T231386) SpecialRedirect::dispatchUser() should use a 302 http status code.
* (T118799) Fix XMP parser errors due to trailing nullchar.
* (T230618) Fix GROUP BY in ActiveUsersPager and RecentChangesUpdateJob for
PostgreSQL.
* (T230487) Handle changed defaults in Argon2PasswordTest::testPartialConfig().
* (T233119) Improve documentation for the MinimumPasswordLengthToLogin policy.
* (T227662) Split down patch-comment-table.sql and patch-actor-table.sql into
separate files to help allieviate potential migration problems.
=== Upgrading notes for 1.33 ===
1.33 has several database changes since 1.32, and will not work without schema
updates. Note that due to changes to some very large tables like the revision
table, the schema update may take quite long (minutes on a medium sized site,
many hours on a large site).
Don't forget to always back up your database before upgrading!
See the file UPGRADE for more detailed upgrade instructions, including
important information when upgrading from versions prior to 1.11.
Some specific notes for MediaWiki 1.33 upgrades are below:
* Some external link searches will not work correctly until update.php (or
refreshExternallinksIndex.php) is run. These include searches for links using
IP addresses, internationalized domain names, and possibly mailto links.
* If you ran migrateActors.php using an older version of MediaWiki and want to
run your wiki with $wgActorTableSchemaMigrationStage SCHEMA_COMPAT_READ_OLD,
note that log_search rows needed to find revision deletions by target user
were incorrectly deleted. See T215464 for details.
* If revision deletions were performed when the wiki was configured with
$wgActorTableSchemaMigrationStage SCHEMA_COMPAT_WRITE_BOTH and without
migrateActors.php having been run, the log_search table may contain rows with
empty values for "target_author_actor" which will prevent log searches for
revision deletions by target user from finding those log entries. These rows
may be corrected by (re-)running migrateActors.php.
For notes on 1.32.x and older releases, see HISTORY.
== MediaWiki 1.33.0 ==
=== Changes since MediaWiki 1.33.0-rc.0 ===
* (T225558) Update installer link to PHP intl.
* (T225901) Only attempt to deduplicate if there is data in archive and revision
tables.
* (T225564) Fetch tag ID before calling undefineTag().
* (T225496) Detect APC for MainCacheType in CLI installer.
* Call unpack() with correct parameters in MimeAnalyzer.php for PHP 7.0 support.
* (T212613) Style change tags correctly on Special:Newpages.
* (T202211) Fix SQLite patch-(page|template)links-fix-pk.sql column order.
== MediaWiki 1.33.0-rc.0 ==
=== Configuration changes for system administrators in 1.33 ===
==== New configuration ====
* $wgEnablePartialBlocks – This enables the Partial Blocks feature, which gives
accounts with block permissions the ability to block users, IPs, and IP ranges
from editing specific pages, while allowing them to edit the rest of the wiki.
It is a temporary setting for gradual enablement, current default to `false`,
and will be set to `true` and then removed once initial development completes.
==== Changed configuration ====
* $wgChangeTagsSchemaMigrationStage (T193868) — This temporary setting, added in
MediaWiki 1.32, now defaults to MIGRATION_NEW instead of MIGRATION_WRITE_BOTH.
* $wgPasswordPolicy – There is a new password policy to check that the account's
password is not in the large blacklist. This is enabled by default for the
built-in user groups bureaucrat, sysop, interface-admin, and bot. To configure
this for other user groups, set the `PasswordNotInLargeBlacklist` flag `true`.
* $wgPasswordDefault – There is a new password type configuration using Argon2
password hashing (which requires PHP 7.2 and above). It's designed to resist
timing attacks, and (on systems with PHP 7.3+) GPU hacking; if you configure
argon2 to be used, by default, it will automatically choose the best available
algorithm depending on which version of PHP you have available. To use this,
you can set `$wgPasswordDefault = 'argon2';`.
* $wgActorTableSchemaMigrationStage now defaults to reading the new schema.
update.php will back-populate the new database fields due to the changed
setting, which may take some time on large wikis. You can avoid downtime by
following a process like that described in T188327.
==== Removed configuration ====
* $wgTagStatisticsNewTable (T199334) — This temporary setting, added in
MediaWiki 1.32, has now been removed. When loading Special:Tags, MediaWiki
will now always use the `change_tag_def` instead of the `change_tag` table.
* $wgUseTidy, $wgTidyBin, $wgTidyConf, $wgTidyOpts, $wgTidyInternal, and
$wgDebugTidy – These options, all deprecated since 1.26, have now all been
removed, as MediaWiki now always tidies user output. The $wgTidyConfig setting
remains only for experimental features and debugging, and should not be used.
* $wgEnableParserCache – This setting has been deprecated since 1.26, has now
been removed. If you still desire to disable the parser cache, instead you can
set `$wgParserCacheType = CACHE_NONE;`.
* $wgCommentTableSchemaMigrationStage – This temporary migration setting has now
been removed. Code finding it unset should treat it as being MIGRATION_NEW.
* $wgAuth – This old setting, deprecated in 1.27, has been removed as part of
the removal of AuthPlugin.
* $wgSitesCacheFile – This configuration was introduced in 1.25 with the intent
to allow sites to configure a file in which to cache the SiteStore database
table, but it was never used. SiteStore already caches its information by
default using BagOStuff (e.g. Memcached or APC).
* $wgClockSkewFudge – This setting was used by User.php to let sites adjust by
how much MediaWiki would fudge when trying to minimize the chances of a
user.user_touched database update to the "current" timestamp being before the
value already there (e.g. due to clock skew between different servers). This
is no longer a problem, because the code now ensures the timestamp is always
higher than the previous one. The writes are guarded with CAS logic (check
and set), which prevents updates that would overlap.
* $wgDBmysql5 (T196185) - This experimental setting, deprecated in 1.31, has
been removed.
=== New user-facing features in 1.33 ===
* (T96041) __EXPECTUNUSEDCATEGORY__ on a category page causes the category
to be hidden on Special:UnusedCategories.
* (T210814) SVGs are now by default displayed in wiki language on image
pages.
* Special:CreateAccount now warns the user if their chosen username has to be
normalized.
* (T205040) Multilingual images are now be displayed in the current parse
language where available.
* Special:ActiveUsers will no longer filter out users who became inactive since
the last time the active users query cache was updated.
* (T215675) RecentChange and ManualLogEntry implement new Taggable interface.
* (T215675) Added a hook, ManualLogEntryBeforePublish, to allow extensions
to modify (example: add tags) log entries.
=== New developer features in 1.33 ===
* The AuthManagerLoginAuthenticateAudit hook has a new parameter for
additional information about the authentication event.
* TextContent::getText() was introduced as a replacement for
Content::getNativeData() for text-based content models.
* (T214706) LinksUpdate::getAddedExternalLinks() and
LinksUpdate::getRemovedExternalLinks() were introduced.
* (T213893) Added 'MaintenanceUpdateAddParams' hook
* (T219655) The MarkPatrolled hook has a new parameter for the tags
associated with this entry in the patrol log.
* (T212472) Extensions can now specify platform abilities they require to work,
limited to shell access for now.
=== External library changes in 1.33 ===
==== New external libraries ====
* Added wikimedia/password-blacklist 0.1.4.
* Added guzzlehttp/guzzle 6.3.3.
==== Changed external libraries ====
* Updated OOUI from v0.29.2 to v0.31.3.
* Updated OOjs Router from pre-release to v0.2.0.
* Updated moment from v2.19.3 to v2.24.0.
* Updated wikimedia/xmp-reader from 0.6.0 to 0.6.2.
* Updated wikimedia/scoped-callback from 2.0.0 to 3.0.0.
* Updated jquery-client from 2.0.1 to 2.0.2.
* Updated pear/net_smtp from 1.8.0 to 1.8.1.
* Updated cssjanus/cssjanus from 1.2.0 to 1.3.0.
* Updated wikimedia/php-session-serializer from 1.0.6 to 1.0.7.
==== Removed external libraries ====
* (T219403) jquery.ui.spinner, deprecated since 1.31, was removed.
=== Developer library changes in 1.33 ===
==== New developer libraries ====
* Added jakub-onderka/php-console-highlighter 0.3.2 explicitly (dev-only).
* Added mediawiki/mediawiki-phan-config 0.5.0 (dev-only).
==== Changed developer libraries ====
* Updated wikimedia/ip-set from 1.3.0 to 2.0.1.
* The deprecated IPSet\IPSet alias was removed, Wikimedia\IPSet must be
used instead.
* Updated psy/psysh from 0.9.6 to 0.9.9 (dev-only).
* Updated nikic/php-parser from 3.1.3 to 3.1.5 (dev-only).
* Updated mediawiki/mediawiki-codesniffer from 22.0.0 to 25.0.0 (dev-only).
* Updated qunitjs from 2.6.2 to 2.9.1.
==== Removed developer libraries ====
* The jetbrains/phpstorm-stubs repository was removed in favour of the minimal
stubs we need, which are kept in the new `.phan/internal_stubs` directory
(dev-only).
=== Bug fixes in 1.33 ===
* (T164211) Special:UserRights could sometimes fail with a
"conflict detected" error when there weren't any conflicts.
* (T216029) Chrome redirects to Special:BadTitle after editing a section with
a non-Latin name on a page with non-Latin characters in title.
* (T222385) resourceloader: Use AND instead of OR for upsert conds in
saveFileDependencies().
=== Action API changes in 1.33 ===
* (T198913) Added 'ApiOptions' hook.
* The JSON formatversion=2 is no longer experimental.
* Internal API errors (those with code beginning "internal_api_error") will
include the exception class name in a data field named "errorclass".
* Class names are not guaranteed to remain stable, and in particular database
exceptions will now include the "Wikimedia\Rdbms\" prefix in the class name.
* The code including an exception class name is deprecated. In the future,
all internal errors will use code "internal_api_error".
* (T212356) When using action=delete on pages with many revisions, the module
may return a boolean-true 'scheduled' and no 'logid'. This signifies that the
deletion will be processed via the job queue.
* action=setnotificationtimestamp will now update the watchlist asynchronously
if entirewatchlist is set, so updates may not be visible immediately
* Block info will be added to "blocked" errors from more modules.
* (T216245) Autoblocks will now be spread by action=edit and action=move.
* action=query&meta=userinfo has a new uiprop, 'latestcontrib', that returns
the date of user's latest contribution.
* (T25227) action=logout now requires to be posted and have a csrf token.
=== Action API internal changes in 1.33 ===
* A number of deprecated methods for API documentation, intended for overriding
by extensions, are no longer called by MediaWiki, and will emit deprecation
notices if your extension attempts to use them:
* ApiBase::getDescription() (deprecated in 1.25)
* ApiBase::getParamDescription() (deprecated in 1.25)
* ApiBase::getExamples() (deprecated in 1.25)
* ApiBase::getDescriptionMessage() (deprecated in 1.30)
Additionally, the 'APIGetDescription' and 'APIGetParamDescription' hooks have
been removed, as their only use was to let extensions override values returned
by getDescription() and getParamDescription(), respectively.
* API error codes may only contain ASCII letters, numbers, underscore, and
hyphen. Methods such as ApiBase::dieWithError() and
ApiMessageTrait::setApiCode() will throw an InvalidArgumentException if
passed a bad code.
* ApiBase::checkTitleUserPermissions() now takes an options array as its third
parameter. Passing a User object or null is deprecated.
* The api-feature-usage log channel now has log context. The text message is
deprecated and will be removed in the future.
=== Languages updated in 1.33 ===
MediaWiki supports over 350 languages. Many localisations are updated regularly.
Below only new and removed languages are listed, as well as changes to languages
because of Phabricator reports.
* (T203908) Added language support for Eastern Pwo (kjp).
* (T213717) Fixed a translation error on Goan Konkani (gom-deva) translations
for NS_TEMPLATE.
* (T212221) Added $digitTransformTable for Santali (sat).
* (T216479) Added language support for Saisiyat (xsy).
* (T219728) Added support for new Japanese era name "Reiwa"
=== Breaking changes in 1.33 ===
* The parameteter $lang in DifferenceEngine::setTextLanguage must be of type
Language. Other types are deprecated since 1.32.
* Skin::doEditSectionLink requires type Language for the parameter $lang.
The parameters $tooltip and $lang are mandatory. Omitting the parameters is
deprecated since 1.32.
* Language::truncate(), deprecated in 1.31, has been removed.
* UtfNormal, deprecated in 1.25, was removed. Use UtfNormal\Validator directly
instead.
* (T197179) In OOUI HTMLForm fields, the parameters 'notice', 'notice-messages',
and 'notice-message', which were deprecated in 1.32, were removed. Instead,
use 'help', 'help-message', and 'help-messages'.
* (T197179) HTMLFormField::getNotices(), deprecated in 1.32, was removed.
* The "Parsoid v1" compatibility mappings in ParsoidVirtualRESTService and
RestbaseVirtualRESTService, deprecated since 1.26, have been removed.
Use the RESTBase v1 or Parsoid v3 API instead.
* ParserOptions defaults 'tidy' to true now, since the untidy modes of the
parser are being deprecated and ParserOptions::getCanonicalOverrides()
has always been true at any rate.
* Support for disabling tidy and external tidy implementations has been removed.
This was deprecated in 1.32. The pure PHP Remex tidy implementation is now
used and no configuration is necessary.
* A number of deprecated methods for API documentation, intended for overriding
by extensions, are no longer called by MediaWiki, and will emit deprecation
notices if your extension attempts to use them:
* ApiBase::getDescription() (deprecated in 1.25)
* ApiBase::getParamDescription() (deprecated in 1.25)
* ApiBase::getExamples() (deprecated in 1.25)
* ApiBase::getDescriptionMessage() (deprecated in 1.30)
Additionally, the 'APIGetDescription' and 'APIGetParamDescription' hooks have
been removed, as their only use was to let extensions override values returned
by getDescription() and getParamDescription(), respectively.
* The authentication hooks 'AbortAutoAccount' 'AbortNewAccount', 'AbortLogin',
'LoginUserMigrated', 'UserCreateForm', and 'UserLoginForm', all deprecated by
the creation of AuthManager in 1.27, have been removed. This also means that
the FakeAuthTemplate and LoginForm classes are removed, that FakeAuthTemplate
is no longer passed into LoginSignupSpecialPage->getFieldDefinitions(), and
that LoginSignupSpecialPage->getBCFieldDefinitions() is removed.
* The 'jquery.localize' module, deprecated in 1.32, has been removed. Instead,
use 'jquery.i18n'.
* The hooks LanguageGetSpecialPageAliases and LanguageGetMagic, deprecated since
1.16, have now been removed. Instead, use $specialPageAliases or $magicWords
respectively in a $wgExtensionMessagesFiles file.
* The following methods of the Preferences class, deprecated in 1.31, have been
removed:
* getSaveBlacklist()
* loadPreferenceValues()
* getOptionFromUser()
* profilePreferences()
* skinPreferences()
* filesPreferences()
* datetimePreferences()
* renderingPreferences()
* editingPreferences()
* rcPreferences()
* watchlistPreferences()
* searchPreferences()
* miscPreferences()
* generateSkinOptions()
* getDateOptions()
* getImageSizes()
* getThumbSizes()
* validateSignature()
* cleanSignature()
* getTimezoneOptions()
* filterIntval()
* filterTimezoneInput()
* getTimeZoneList()
* mw.util.jsMessage(), deprecated in 1.20, was removed. Use mw.notify instead.
* (T61113) User::EDIT_TOKEN_SUFFIX was removed. It was deprecated since 1.27.
* The 'mediawiki.api' module aliases, deprecated in 1.32, have been removed.
Specifically: mediawiki.api.category, mediawiki.api.edit,
mediawiki.api.login, mediawiki.api.options, mediawiki.api.parse,
mediawiki.api.upload, mediawiki.api.user, mediawiki.api.watch,
mediawiki.api.messages, and mediawiki.api.rollback.
* The 'jquery.byteLimit' module alias for 'jquery.lengthLimit',
deprecated in 1.31, was removed.
* Revision::fetchRevision(), deprecated in 1.28, was removed.
* Class SquidUpdate, deprecated in 1.27, was removed.
* Title->getSquidURLs(), deprecated in 1.27, was removed. Instead, use
Title->getCdnUrls().
* Title::escapeFragmentForURL(), deprecated in 1.30, was removed. Use
Sanitizer::escapeIdForLink() or escapeIdForExternalInterwiki() instead.
* Title->canTalk(), deprecated in 1.30, was removed. Instead, use
Title->canHaveTalkPage().
* Title's methods for site and user page related to CSS and JS, deprecated in
1.31, were removed:
* Title->isCssOrJsPage() — Use Title->isSiteConfigPage()
* Title->isCssJsSubpage() – Use Title->isUserConfigPage()
* Title->getSkinFromCssJsSubpage() – Use Title->getSkinFromConfigSubpage()
* Title->isCssSubpage() – Use Title->isUserCssConfigPage()
* Title->isJsSubpage() – Use Title->isUserJsConfigPage()
* SiteSQLStore, deprecated in 1.27 and whose only method, ::newInstance(),
would return the global SiteStore instance, has been removed. You can get to
this via MediaWiki\MediaWikiServices::getInstance()->getSiteStore() directly.
* Linker::formatSize, deprecated in 1.28, has been removed (with DummyLinker's).
Instead, use Language->formatSize() with the relevant Language object.
* Linker::formatTemplates, deprecated in 1.28, has been removed (along with the
version in DummyLinker). You can use TemplatesOnThisPageFormatter directly.
* EventRelayerGroup::singleton(), deprecated in 1.27, has been removed. You can
use MediaWikiServices::getInstance()->getEventRelayerGroup() directly.
* LinkCache->addLink(), deprecated in 1.27, has been removed. It is thought to
be unused, and is distinct from OutputPage->addLink(), which remains.
* JsonContent->getJsonData(), deprecated in 1.25, has been removed. Instead, use
JsonContent->getData().
* MWExceptionHandler::getLogId(), deprecated in 1.27, has been removed, as the
exception ID is the same as the request ID, from WebRequest::getRequestId().
* SearchEngine::getNearMatchResultSet(), deprecated in 1.27, has been removed.
You can use SearchEngine::getNearMatcher() instead.
* EmailNotification::updateWatchlistTimestamp, deprecated in 1.27, has been
removed. Instead, use WatchedItemStore::updateNotificationTimestamp directly.
* User::getGroupName() and ::getGroupMember(), both deprecated in 1.29, have
been removed. Instead, please use UserGroupMembership::getGroupName() and
UserGroupMembership::getGroupMemberName().
* Backwards compatibility for setting wgSessionsInObjectCache to false or using
wgSessionHandler, both of which were deprecated in 1.27 with the introduction
of SessionManager, has been removed.
* SessionManager::autoCreateUser, deprecated in 1.27, has been removed. Use
MediaWiki\Auth\AuthManager::autoCreateUser instead.
* The mw.libs.jpegmeta property, deprecated in 1.31, was removed.
Use require( 'mediawiki.libs.jpegmeta' ) instead.
* The mw.user.stickyRandomId() method, deprecated in 1.32, was removed.
Use mw.user.getPageviewToken() instead.
* Removed deprecated class property WikiRevision::$importer.
* ResourceLoaderFileModule::readStyleFiles() now requires its $context
parameter.
* The ChangeList::insertArticleLink() method, that was deprecated in 1.27, has
been removed.
* MessageBlobStore::__construct() now requires its $rl parameter.
* Second parameter to Sanitizer::escapeIdReferenceList() (deprecated in 1.31)
has been removed.
* The 'jquery.xmldom' module has been removed.
* The 'jquery.mockjax' module has been removed.
* The 'jquery.hidpi' module, deprecated in 1.32, has been removed.
* AuthPlugin and related code, deprecated in 1.27, has been removed. Extensions
should instead use AuthManager. The following no longer exist:
* The AuthPlugin class itself and the related AuthPluginUser class and i18n
* The AuthPluginSetup and AuthPluginAutoCreate hooks
* The transitional wrapper classes AuthPluginPrimaryAuthenticationProvider,
AuthManagerAuthPlugin, and AuthManagerAuthPluginUser.
* The $wgAuth configuration setting and its use in Setup.php and unit tests
* (T217772) The 'wgAvailableSkins' mw.config key in JavaScript, was removed.
* Language::markNoConversion, deprecated in 1.32, has been removed. Use
LanguageConverter::markNoConversion instead.
* BagOStuff::modifySimpleRelayEvent() method has been removed.
* ParserOutput::getLegacyOptions, deprecated in 1.30, has been removed.
Use ParserOutput::allCacheVaryingOptions instead.
* CdnCacheUpdate::newSimplePurge, deprecated in 1.27, has been removed.
Use CdnCacheUpdate::newFromTitles() instead.
* Handling of multiple arguments by the Block constructor, deprecated in 1.26,
has been removed.
* The translation of main page in Sardinian (sc) was changed from "Pàgina Base"
to "Pàgina printzipale". Existing wikis using this content language need to
move the main page or change the name through MediaWiki:Mainpage page.
* wfSplitWikiID(), deprecated in 1.32, has been removed.
* MessageBlobStore::getBlob(), deprecated in 1.27, has been removed.
Use ::getBlobs() instead.
* The .background-size() LESS mixin, deprecated in 1.27, has been removed.
* ReadOnlyMode::clearCache() and ConfiguredReadOnlyMode::clearCache() have been
removed. Use MediaWikiTestCase::overrideMwServices() instead.
* Support for the 'aggregator' option of JobQueue (and thus $wgJobTypeConf) was
removed. The JobQueueAggregator interface and JobQueueAggregatorRedis class
have also been removed. They were experimentally developed for use by the
Wikimedia Foundation, but were never used, with no known use cases. (Note that
this does not affect JobQueueRedis which is still supported.)
=== Deprecations in 1.33 ===
* The configuration option $wgUseESI has been deprecated, and is expected
to be removed in a future release.
* The configuration option $wgSquidPurgeUseHostHeader has been deprecated,
and is expected to be removed in a future release.
* The configuration options $wgFixArabicUnicode and $wgFixMalayalamUnicode,
introduced in MW 1.17, have been deprecated. These fixes will always be
applied for Arabic and Malayalam in the future. Please enable these on
your local wiki (if you have them explicitly set to false) and run
maintenance/cleanupTitles.php to fix any existing page titles.
* The LegacyHookPreAuthenticationProvider class, deprecated since its creation
in 1.27 as part of the AuthManager re-write, now emits deprecation warnings.
This will help identify the issue if you added it to $wgAuthManagerConfig.
* wfSplitWikiId() is now deprecated. Cache key generation should have the wiki
domain ID as a key component and use makeGlobalKey().
* (T202094) Title::getUserCaseDBKey() is deprecated; instead, please use
Title::getDBkey(), which doesn't vary case.
* User::getPasswordValidity() is now deprecated. User::checkPasswordValidity()
returns the same information in a more useful format.
* For Linker::generateTOC() and Linker::tocList(), passing strings or booleans
as the $lang parameter was deprecated. The same applies to DummyLinker.
* The PasswordPolicy 'PasswordCannotBePopular' has been deprecated. To
follow best practices, it is reccommended to use 'PasswordNotInLargeBlacklist'
instead which blacklists 100,000 commonly used passwords.
* (T208862) Action::requiresUnblock() is now called from
Title::getUserPermissionsErrors() and Title::userCan(). Previously, the method
was only called in Action::checkCanExecute(). Actions should ensure that their
requiresUnblock() returns the proper result (the default is `true`).
* (T211608) The MediaWiki\Services namespace has been renamed to
Wikimedia\Services. The old name is still supported, but deprecated.
* (T155582) Content::getNativeData has been deprecated. Please use model-
specific getters, such as TextContent::getText().
* The class WebInstallerOutput is now marked as @private.
* (T209699) The jquery.async module has been deprecated. JavaScript code that
needs asynchronous behaviour should use Promises.
* Password::equals() is deprecated, use verify().
* BaseTemplate::msgWiki() and QuickTemplate::msgWiki() will be removed. Use
other means to fetch a properly escaped message string or Message object.
* (T126091) The 'ResourceLoaderTestModules' hook, which lets you declare QUnit
testing code for your JavaScript modules, is deprecated. Instead, you can now
use the new extension registration key 'QUnitTestModule'.
* (T213426) The jquery.throttle-debounce module has been deprecated. JavaScript
code that needs this behaviour should use OO.ui.debounce/throttle.
* The mw.language.specialCharacters property from the
'mediawiki.language.specialCharacters' module has been deprecated.
Use require( 'mediawiki.language.specialCharacters' ) instead.
* ChangeTags::purgeTagUsageCache() has been deprecated, and is expected to be
removed in a future release.
* Passing a User object or null as the third parameter to
ApiBase::checkTitleUserPermissions() has been deprecated. Pass an array
[ 'user' => $user ] instead.
* (T211578) Block::prevents is deprecated. Use Block::isEmailBlocked,
Block::isCreateAccountBlocked and Block::isUsertalkEditAllowed to get and set
block properties; use Block::appliesToRight and Block::appliesToUsertalk to
check block behaviour.
* The api-feature-usage log channel now has log context. The text message is
deprecated and will be removed in the future.
* The FileBasedSiteLookup class has been deprecated. For a cacheable SiteLookup
implementation, use CachingSiteStore instead.
* Language::viewPrevNext function is deprecated, use
SpecialPage::buildPrevNextNavigation instead
* ManualLogEntry::setTags() is deprecated, use ManualLogEntry::addTags()
instead. The setTags() method was overriding the tags, addTags() doesn't
override, only adds new tags.
* Block::isValid is deprecated, since it is no longer needed in core.
* Calling Maintenance::hasArg() as well as Maintenance::getArg() with no
parameter has been deprecated. Please pass the argument number 0.
* ResourceLoaderContext::expandModuleNames has been deprecated.
Use ResourceLoader::expandModuleNames instead.
=== Other changes in 1.33 ===
* (T201747) Html::openElement() warns if given an element name with a space
in it.
* The implementation of buildStringCast() in Wikimedia\Rdbms\Database has
changed to explicitly cast. Subclasses relying on the base-class
implementation should check whether they need to override it now.
* BagOStuff::add is now abstract and must explicitly be defined in subclasses.
* LinksDeletionUpdate is now a subclass of LinksUpdate. As a consequence,
the following hooks will now be triggered upon page deletion in addition
to page updates: LinksUpdateConstructed, LinksUpdate, LinksUpdateComplete.
LinksUpdateAfterInsert is not triggered since deletions do not cause
insertions into links tables.
* Category::newFromID( $id )->getID() will now return $id without any
validation, to avoid a mostly unnecessary DB query.
* On Special:Version, the name for an extension can no longer be arbitrary
html when no link is specified.
= MediaWiki 1.32 =
== MediaWiki 1.32.6 ==
This is a security and maintenance release of the MediaWiki 1.32 branch.
=== Changes since MediaWiki 1.32.5 ===
* (T236628) Fix for ArticleRevisionViewCustom hook in DifferenceEngine.php.
* (T181658) Do not insert page titles into querycache.qc_value.
* (T206013) Suppress errors when reading invalid XML file properties.
* (T237931) Remove references to pg_attrdef.adsrc in Postgres code.
* Use correct value for 'sslmode' in DatabasePostgres.
* (T232866) Fix support for HTTP/2 in MultiHttpClient.
* (T227461) Stop calling deprecated Redis delete functions.
* (T239561) Mark options as requiring parameters in addSite.php.
* (T239734) Replace deprecated lSize with lLen in Redis code.
* (T192134) SECURITY: Do not allow user scripts on Special:PasswordReset.
* (T239428) ApiEditPage: Test for bad redirect targets.
* (T233342) rdbms: Log debug message traces as 'exception.trace' instead of
'trace'.
* (T226751) media: Log and fail gracefully on invalid EXIF coordinates.
* (T212067) SECURITY: Work around PHP bug in parse_url.
== MediaWiki 1.32.5 ==
This is a maintenance release of the MediaWiki 1.32 branch.
=== Changes since MediaWiki 1.32.4 ===
* Compute sha1 and length if needed in maintenance/populateContentTables.php.
* Fix extra newlines in the installer.
* Followup T230402, PermissionManager doesn't exist until 1.33, so fix the
backported patches to use User::isAllowed() instead.
== MediaWiki 1.32.4 ==
This is a security and maintenance release of the MediaWiki 1.32 branch.
=== Changes since MediaWiki 1.32.3 ===
* (T207100) Updated LanguageTr for dotted and dotless I in PHP 7.3.
* The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification
of headers in private wikis.
* (T230402) SECURITY: Add permission check for suppressed account to
Special:Redirect.
* (T208897) MessageCache: Restore 'loadedLanguages' tracking for load().
* (T200088) Remove title protection correctly for undeletions and imports.
* Add helper for HTTPFileStreamer header syntax.
* (T118799) Fix XMP parser errors due to trailing nullchar.
* (T233119) Improve documentation for the MinimumPasswordLengthToLogin policy.
* Cache redirects from Special:Redirect.
* (T231386) dispatchUser() should use a 302 http status code.
* (T227662) Split down patch-comment-table.sql and patch-actor-table.sql into
separate files to help allieviate potential migration problems.
* Make SQLite's patch-add-3d.sql a no-op to prevent clobbering other database
updates.
== MediaWiki 1.32.3 ==
This is a maintenance release of the MediaWiki 1.32 branch.
=== Changes since MediaWiki 1.32.2 ===
* (T225558) Update installer link to PHP intl.
* (T225496) Detect APC for MainCacheType in CLI installer.
* (T226766) Remove jetbrains/phpstorm-stubs from composer dev dependencies.
* (T202211) Fix SQLite patch-(image|page|template)links-fix-pk.sql column order.
== MediaWiki 1.32.2 ==
This is a security and maintenance release of the MediaWiki 1.32 branch.
=== Changes since MediaWiki 1.32.1 ===
* (T204423) Backport support for hyphenated DB names in JobQueueGroup.
* (T216968) Return pageid as int in both list=iwbacklinks and
list=langbacklinks.
* (T215169) Fix for Database::update() with IGNORE option fails on PostgreSQL.
* (T199474) Fix typo in rebuildrecentchanges.php resulting in rogue flags.
* (T218608) SECURITY: Fix an issue that prevents Extension:OAuth working when
$wgBlockDisablesLogin is true.
* (T216029) Chrome redirects to Special:BadTitle after editing a section with
a non-Latin name on a page with non-Latin characters in title.
* Unbreak language related maintenance scripts that use StaticArrayWriter.
* (T219728) Added support for new Japanese era name "Reiwa".
* (T25227) SECURITY: action=logout now requires to be posted and have a csrf
token.
* Updated cssjanus/cssjanus from 1.2.0 to 1.3.0.
* (T221045) Remove orphaned code from ConfigRepository.
* (T222385) resourceloader: Use AND instead of OR for upsert conds in
saveFileDependencies().
* (T224374) Fix message parameters so that the message that says SQLite is
out of date makes sense.
* (T200471) Prevent LBFactorySimple breaking ExternalStorage, when trying to
connect to external server with local database name.
* (T197279) SECURITY: Fix reauth in Special:ChangeEmail.
* (T208881) SECURITY: blacklist CSS var().
* (T209794) SECURITY: rate-limit and prevent blocked users from changing email.
* (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
* (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
* (T222036, T222038) SECURITY: Add permission check for user is permitted to
view the log type.
* (T221739) SECURITY: resources: Patch jQuery 3.3.1 for CVE-2019-11358.
== MediaWiki 1.32.1 ==
=== Changes since MediaWiki 1.32.0 ===
* (T213577) rdbms: avoid transaction status errors from ping() in rollback().
* rdbms: Pass required parameter.
* rdbms: do not treat SAVEPOINT and RELEASE SAVEPOINT as write queries.
* (T204531) rdbms: reduce LoadBalancer replication log spam.
* (T213489) Avoid session double-start in Setup.php.
* (T213717) Correct namespace 'Template' for gom-deva
* (T198054) Fix login page crash caused by unknown language via ?uselang
* (T215324) (T210937) list=users mistakenly reports user as missing.
* (T209483) Add ILBFactory::redefineLocalDomain method. This is intended for
use with scripts like addWiki.php to avoid mismatched domain errors.
* (T208871) The hard-coded Google search form on the database error page was
removed.
* (T204800) Fix Title::getFragmentForURL for bad interwiki prefix
* (T215566) Fix installer being unable to determine if the database exists
during a fresh installation.
== MediaWiki 1.32.0 ==
=== Changes since MediaWiki 1.32.0-rc.2 ===
* (T188327) Fix slow queries in migrateActors.php.
* (T102320) Fix $magicWords for the Sanskrit language.
=== Changes since MediaWiki 1.32.0-rc.1 ===
* Fix addition of ug_expiry column to user_groups table on MSSQL.
* (T210307) Fix the cache timestamp for forced updates.
* (T210621) User: Bypass repeatable-read when creating an actor_id.
* (T197535) Extensions can now specify PHP versions and PHP extensions they
depend on.
* Updated wikimedia/ip-set from v1.2.0 to v1.3.0.
* (T212356) When using action=delete on pages with many revisions, the module
may return a boolean-true 'scheduled' and no 'logid'. This signifies that the
deletion will be processed via the job queue.
* (T64103) Dropped columns category.cat_hidden, site_stats.ss_admins, and
recentchanges.rc_cur_time from the PostgreSQL schema.
=== Changes since MediaWiki 1.32.0-rc.0 ===
* (T209885) Prevent populateSearchIndex.php from breaking once actor migration
has been started.
* (T210998) Properly set $wgLanguageCode in the generated LocalSettings.php
if --lang is used with the command-line installer (install.php).
=== Configuration changes in 1.32 ===
==== New configuration ====
* $wgJpegQuality – The quality of JPEG thumbnails is now configurable through
this setting. The default is 80, which matches the quality of JPEG thumbnails
previously generated by ImageMagick. The quality of JPEG thumbnails generated
by GD was previously 95, but now uses the $wgJpegQuality setting as well.
* $wgCookieSetOnIpBlock - This determines whether to set a cookie when an IP
user is blocked. Doing so means that a blocked user, even after moving to a
new IP address, will still be blocked.
* $wgRawHtmlMessages – This new configuration setting is added for listing
messages which are displayed as raw HTML.
* $wgCSPHeader and $wgCSPReportOnlyHeader – You can now define a
"Content Security Policy" for your wiki. This adds a defense-in-depth feature
to stop an attacker who has found a bug in the parser allowing them to insert
malicious attributes. Disabled by default. (T135963)
* $wgGroupPermissions – A new user group, 'interface-admin', is added for
controlling access to sitewide CSS/JS (and editing other users' CSS/JS). No
other group has 'editsitecss', 'editusercss', 'editsitejs' or 'edituserjs'
by default.
* $wgGrantPermissions – A new grant group, 'editsiteconfig', is added for
granting the above rights.
* $wgDBDefaultGroup – A default database group for use by maintenance scripts.
* $wgResourceLoaderEnableJSProfiler – This new configuration setting lets you
enable client-side profiling of JavaScript modules; it is off by default.
* (T193868) $wgChangeTagsSchemaMigrationStage — This temporary configuration
setting allows sysadmins to gradually migrate the database table schema for
how change tags are stored.
* (T199334) $wgTagStatisticsNewTable — This temporary configuration setting
allows sysadmins to enable the caching of Special:Tags via the new
change_tag_def table.
==== Changed configuration ====
* $wgUseAjax – This setting, deprecated in 1.31, is now ignored.
* $wgDefaultUserOptions – The default watchlist view time (watchlistdays) has
been increased from 3 to 7 days. (T194414)
* $wgGroupPermissions – The right to edit sitewide Javascript
(e.g. MediaWiki:Common.js), CSS or JSON was separated from 'editinterface'
and is available under 'editsitejs'/'editsitecss'/'editsitejson'. Having
'editinterface' is still necessary to edit such pages.
* $wgMultiContentRevisionSchemaMigrationStage now defaults to writing both the
old and the new schema, but reading the new schema, so Multi-Content Revisions
(MCR) are now functional by default. The new default value of the setting is
SCHEMA_COMPAT_WRITE_BOTH | SCHEMA_COMPAT_READ_NEW.
* $wgActorTableSchemaMigrationStage no longer accepts MIGRATION_WRITE_BOTH or
MIGRATION_WRITE_NEW. It instead uses SCHEMA_COMPAT_WRITE_BOTH |
SCHEMA_COMPAT_READ_OLD and SCHEMA_COMPAT_WRITE_BOTH | SCHEMA_COMPAT_READ_NEW
for intermediate stages of migration.
* $wgDBTableOptions – The default table options now use the binary charset. The
default was already overridden in the installer-generated LocalSettings.php,
and so is always set to binary after the installer UI option was removed. The
default value is only used when the installer installs an extension.
* $wgPopularPasswordFile — The location of the default popular passwords file
has been moved to be in line with other non-PHP files used by libraries and
classes.
* $wgEnableImageWhitelist is now disabled by default, as it opens up a hole for
potential privacy leaks by administrators. You can check
"MediaWiki:External image whitelist" on your wiki to see whether the feature
was ever used, and whether it needs to be re-enabled.
==== Removed configuration ====
* $wgEnableAPI and $wgEnableWriteAPI – These settings, deprecated in 1.31,
have been removed. (T115414)
* $wgSiteSupportPage – This setting, unused since 1.5, was removed.
* $wgBrowserBlacklist – This setting, deprecated in 1.30, was removed.
* $wgExperimentalHtmlIds – This setting, deprecated since 1.30, was removed.
The 'html5-legacy' value for $wgFragmentMode is no longer accepted.
* $wgPasswordSenderName - This setting, ignored since 1.23 by MediaWiki and
most extensions, is no longer set. Instead, you can modify the system
message `emailsender`.
* $wgTidyConfig – The experimental Html5Internal and Html5Depurate tidy drivers
were removed. RemexHtml, which is the default, should be used instead.
* (T181318) The $wgStyleVersion setting and its appendage to various script and
style URLs in OutputPage, deprecated in 1.31, was removed.
* (T140807) The wgResourceLoaderLESSImportPaths configuration option was removed
from ResourceLoader. Instead, use `@import` statements in LESS to import
files directly from nearby directories within the same project.
* (T140804) The wgResourceLoaderLESSVars configuration option, deprecated
since 1.30, was removed. Instead, to expose variables from PHP to LESS, use
the ResourceLoaderModule::getLessVars() method.
* $wgResourceLoaderValidateStaticJS – This setting, unused since MediaWiki 1.18,
was removed.
* Two temporary variables for deploying the feature of filters on change lists,
$wgStructuredChangeFiltersShowPreference introduced in MediaWiki 1.30 and
$wgStructuredChangeFiltersOnWatchlist in 1.31, were removed.
=== New features in 1.32 ===
* (T112474) Generalized the ResourceLoader mechanism for overriding modules
using a particular page during edit previews.
* (T12331) You can now log page creation events by setting $wgPageCreationLog
to true.
* Added 'ApiParseMakeOutputPage' hook.
* (T174313) Added checkbox on Special:ListUsers to display only users in
temporary user groups.
* (T152462) A cookie can now be set when an IP user is blocked to track that
user if they move to a new IP address. This is disabled by default.
* (T194950) Added 'ApiMaxLagInfo' hook.
* SpecialPage::checkLoginSecurityLevel() will now preserve POST data when
reauthenticating.
* FormSpecialPage::execute() will now call checkLoginSecurityLevel() if
getLoginSecurityLevel() returns non-false.
* The 'ImageBeforeProduceHTML' hook is now passed three new parameters, $parser,
&$query and &$widthOption, allowing extensions even finer control over the
resulting HTML code.
* Added new 'ArticleShowPatrolFooter' hook, which allows extensions to determine
if the [mark as patrolled] link should be shown at the footer of patrollable
pages.
* The array of hidden options ($opts) passed to the 'SpecialSearchPowerBox' hook
is now passed by reference, allowing extensions to modify or even unset it.
* Added new 'OutputPageAfterGetHeadLinksArray' hook, allowing extensions to
modify the return value of OutputPage#getHeadLinksArray in order to add,
remove or otherwise alter the elements to be output in the page <head>.
* (T28934) The 'HistoryPageToolLinks' hook allows extensions to append
additional links to the subtitle of a history page.
* The 'GetLinkColours' hook now receives an additional $title parameter,
the Title object of the page being parsed, on which the links will be shown.
* (T194731) DifferenceEngine supports multiple slots. Added SlotDiffRenderer to
render diffs between two Content objects, and DifferenceEngine::setRevisions()
to render diffs between two custom (potentially multi-content) revisions.
Added GetSlotDiffRenderer hook which works like GetDifferenceEngine for slots.
* Added a temporary action=mcrundo to the web UI, as the normal undo logic
can't yet handle MCR and deadlines are forcing is to put off fixing that.
This action should be considered deprecated and should not be used directly.
* Extensions overriding ContentHandler::getUndoContent() will need to be
updated for the changed method signature.
* Added a new hook, 'UserGetRightsRemove', which can be used to remove rights
from user. Unlike the 'UserGetRights' it will ensure that removed rights
will not be reinserted.
* (T197535) Extensions can now specify PHP versions and PHP extensions they
depend on.
=== External library changes in 1.32 ===
==== New external libraries ====
* Added pear/Net_SMTP v1.8.0.
* Added wikimedia/xmp-reader v0.6.0.
* Added cache/integration-tests v0.16.0 (dev-only).
* Added giorgiosironi/eris v0.10.0 (dev-only).
* Added seld/jsonlint v1.7.1 (dev-only).
* Added EasyDeflate (unversioned).
==== Changed external libraries ====
* Updated OOUI from v0.26.3 to v0.29.2.
* Updated wikimedia/base-convert from v1.0.1 to v2.0.0.
* Updated wikimedia/remex-html from v1.0.3 to v2.0.1.
* Updated wikimedia/scoped-callback from v1.0.0 to v2.0.0.
** ScopedCallback objects can no longer be serialized.
* Updated wikimedia/timestamp from v1.0.0 to v2.2.0.
* Updated wikimedia/wrappedstring from v2.3.0 to v3.0.1.
* oyejorge/less.php replaced with our fork wikimedia/less.php
* Updated wikimedia/ip-set from v1.2.0 to v1.3.0.
* Updated composer/spdx-licenses from v1.3.0 to v1.4.0 (dev-only).
* Updated mediawiki/mediawiki-codesniffer from v18.0.0 to v22.0.0 (dev-only).
* Updated psy/psysh from v0.8.11 to v0.9.6 (dev-only).
* Updated CLDRPluralRuleParser from v0.1.0 to v1.3.2-pre.
* Updated jquery from v3.2.1 to v3.3.1.
* Updated jquery.client from v2.0.0 to v2.0.1.
* Updated jquery.i18n from v1.0.4 to v1.0.5.
* Updated mustache.js from v0.8.2-d9aa703 to v1.0.0.
* Updated OOjs from v2.2.0 to v2.2.2.
* Updated qunitjs from v2.4.0 to v2.6.2.
* Updated sinonjs from v1.17.3 to v1.17.7.
==== Removed external libraries ====
* pear/mail_mime-decode was removed.
=== Bug fixes in 1.32 ===
* SpecialPage::execute() will now only call checkLoginSecurityLevel() if
getLoginSecurityLevel() returns non-false.
* (T43720, T46197) Improved page display title handling for category pages
* (T65080) Fixed resetting options of some types via API action=options.
=== Action API changes in 1.32 ===
* Added templated parameters.
* A module can define a templated parameter like "{fruit}-quantity", where
the actual parameters recognized correspond to the values of a multi-valued
parameter. Then clients can make requests like
"fruits=apples|bananas&apples-quantity=1&bananas-quantity=5".
* action=paraminfo will return templated parameter definitions separately
from normal parameters. All parameter definitions now include an "index"
key to allow clients to maintain parameter ordering when merging normal and
templated parameters.
* It is now an error to submit too many values for a multi-valued parameter.
This has generated a warning since MediaWiki 1.14.
* Assertion failures from the 'assert' and 'assertuser' parameters will no
longer use the action module's custom response format, for the few modules
that use custom formatters that handle errors.
* (T198935) User list preferences such as `email-blacklist` and similar
extension preferences are no longer represented as arrays when returned by
action=query&meta=userinfo&uiprop=options.
* 'missingparam' errors will now use the prefixed parameter name in the code
and error text, e.g. "noxxfoo" and "The 'xxfoo' parameter must be set" rather
than "nofoo" and "The 'foo' parameter must be set".
* action=query&prop=revisions now takes a 'rvslots' parameter to indicate the
multi-content revision slots for which content should be returned. It also
has a new rvprop, 'roles', to indicate which roles have slots. A deprecation
warning will be issued if rvprop=content or rvprop=contentmodel are used
without rvslots.
* The rvcontentformat parameter to action=query&prop=revisions has been
deprecated. Clients should be prepared to deal with the default format for
relevant models.
* Use of the deprecated parameters rvexpandtemplates, rvgeneratexml, rvparse,
rvdiffto, rvdifftotext, rvdifftotextpst, rvcontentformat, or the deprecated
rvprop=parsetree is forbidden with the new 'rvslots' parameter.
* action=query&prop=deletedrevisions, action=query&list=allrevisions, and
action=query&list=alldeletedrevisions are changed similarly to
&prop=revisions (see the three previous items).
* (T174032) action=compare now supports multi-content revisions.
* It has a 'slots' parameter to select diffing of individual slots. The
default behavior is to return one combined diff.
* The 'fromtext', 'fromsection', 'fromcontentmodel', 'fromcontentformat',
'totext', 'tosection', 'tocontentmodel', and 'tocontentformat' parameters
are deprecated. Specify the new 'fromslots' and 'toslots' to identify which
slots have text supplied and the corresponding templated parameters for
each slot.
* The behavior of 'fromsection' and 'tosection' of extracting one section's
content is not being preserved. 'fromsection-{slot}' and 'tosection-{slot}'
instead expand the given text as if for a section edit. This effectively
declines T183823 in favor of T185723.
* (T198214) The 'disabletidy' parameter to action=parse has been
deprecated; untidy output will not be supported by future wikitext
parsers.
* Added intestactionsdetail to action=query&prop=info to allow retrieving the
reasons an action is not allowed.
* Deprecated action=query&prop=info inprop=readable in favor of
intestactions=read.
* (T212356) When using action=delete on pages with many revisions, the module
may return a boolean-true 'scheduled' and no 'logid'. This signifies that the
deletion will be processed via the job queue.
=== Action API internal changes in 1.32 ===
* Added 'ApiParseMakeOutputPage' hook.
* Parameter names may no longer contain '{' or '}', as these are now used for
templated parameters.
* (T194950) Added 'ApiMaxLagInfo' hook.
* The following methods now take a RevisionRecord rather than a Revision. No
external callers are known.
* ApiFeedContributions::feedItemAuthor()
* ApiFeedContributions::feedItemDesc()
* ApiQueryRevisionsBase::extractRevisionInfo()
* The following deprecated methods have been removed:
* ApiBase::profileIn() (deprecated in 1.25)
* ApiBase::profileOut() (deprecated in 1.25)
* ApiBase::safeProfileOut() (deprecated in 1.25)
* ApiBase::profileDBIn() (deprecated in 1.25)
* ApiBase::profileDBOut() (deprecated in 1.25)
* ApiBase::dieUsage() (deprecated in 1.29)
* ApiBase::dieUsageMsg() (deprecated in 1.29)
* ApiBase::dieUsageMsgOrDebug() (deprecated in 1.29)
* ApiBase::getErrorFromStatus() (deprecated in 1.29)
* ApiBase::parseMsg() (deprecated in 1.29)
* ApiBase::setWarning() (deprecated in 1.29)
* ApiPageSet::getInvalidTitles() (deprecated in 1.26)
* ApiQueryLogEvents::addLogParams() (deprecated in 1.25)
* ApiUsageException::getCodeString() (deprecated in 1.29)
* ApiUsageException::getMessageArray() (deprecated in 1.29)
* Class UsageException, deprecated in 1.29, has been removed.
* ApiErrorFormatter: Added getFormat() and newWithFormat(). In particular, you
can now easily test $formatter->getFormat() === 'bc', and then call
$formatter->newWithFormat( 'plaintext' ) to get a non-BC formatter.
=== Languages updated in 1.32 ===
MediaWiki supports over 350 languages. Many localisations are updated regularly.
Below only new and removed languages are listed, as well as changes to languages
because of Phabricator reports.
* (T193566) Added language support for Ambonese Malay (abs).
* (T194047) Added language support for Shawiya, Latin script (shy-latn).
* (T195940) Added language support for Batak Mandailing (btm).
* (T137491) Added language support for Standard Moroccan Amazigh (zgh).
* (T198132) Added language support for Manipuri (mni).
* (T201276) Added language support for Western Armenian (hyw).
* (T201583) Added language support for Mon (mnw).
=== Breaking changes in 1.32 ===
* $wgRequestTime, deprecated in 1.25, was removed. Use
$_SERVER['REQUEST_TIME_FLOAT'] or WebRequest::getElapsedTime() instead.
* The MediaWikiI18N class, deprecated in 1.31, was removed.
* QuickTemplate::setTranslator(), deprecated in 1.31, was removed. Use
Skin::msg() instead.
* wfInitShellLocale(), deprecated in 1.30, was removed.
* wfShellExecDisabled(), deprecated in 1.30, was removed.
* The type string for the parameter $lang of DateFormatter::getInstance,
deprecated in 1.31, was removed.
* The EDIT_TOKEN_SUFFIX constant deprecated in 1.27, was removed. Use
MediaWiki\Session\Token::SUFFIX instead.
* EditPage::isOouiEnabled() deprecated in 1.30, was removed.
* mw.util.wikiGetlink(), deprecated in 1.23, was removed. Use mw.util.getUrl()
instead.
* (T61113) The following methods and constants from the Revision class, which
were deprecated in 1.25, have now been removed:
* Revision::getRawUser()
* Revision::getRawUserText()
* Revision::getRawComment()
* window.gM() from mediawiki.jqueryMsg, deprecated in 1.23, was removed. Use
mw.msg() or mw.message() instead.
* mw.util.escapeId(), deprecated in 1.30, was removed. Use
mw.util.escapeIdForAttribute or mw.util.escapeIdForLink instead.
* mw.util.updateTooltipAccessKeys(), deprecated in 1.24, was removed. Use
jquery.accessKeyLabel instead.
* The SqlDataUpdate class, deprecated in 1.28, has been removed.
* The Html5Internal and Html5Depurate tidy driver classes were removed, along
with the Balancer tidy implementation. Both implementations were experimental,
and were replaced by RemexHtml.
* (T179624) Job::insert() and ::batchInsert(), deprecated in 1.21, were both
removed. Use JobQueueGroup::singleton()->push() instead.
* The jquery.footHovzer module, for mediawiki.debug, was removed.
* The es5-shim module, empty and deprecated since 1.29, was removed.
* the dom-level2-shim module, empty and deprecated since 1.29, was removed.
* the json module, empty and deprecated since 1.29, was removed.
* The mediawiki.widgets.visibleByteLimit module alias, deprecated in 1.32, was
removed. Use mediawiki.widgets.visibleLengthLimit instead.
* The jquery.farbtastic module, unused since 1.18, was removed.
* The 'jquery.expandableField' module, unused since 1.22, was removed.
* The hooks 'PreferencesFormPreSave' and 'PreferencesGetLegend' may provide
any HTMLForm object rather than PreferencesForm.
* The non namespaced TimestampException class, deprecated in 1.29, was removed.
Use Wikimedia\Timestamp\TimestampException instead.
* The global functions codepointToUtf8, hexSequenceToUtf8, utf8ToHexSequence,
utf8ToCodepoint, and escapeSingleString (deprecated in 1.25) were removed.
The UtfNormal\Utils class from the utfnormal library should be used instead.
* The deprecated UTF8_ and UNICODE_ constants were removed. The class constants
from the UtfNormal\Constants class from the utfnormal library should be used
* The protected methods PHPSessionHandler::returnSuccess() and returnFailure(),
only needed for PHP5 compatibility, have been removed. It now uses the boolean
values `true` and `false` respectively.
* The $parserMemc global and wfGetParserCacheStorage(), deprecated since 1.30,
were removed. Use the ParserCache class instead.
* ScopedCallback (deprecated in 1.28) was removed. Use Wikimedia\ScopedCallback
instead.
* Support for ResourceLoaderModule::getModifiedTime() and getModifiedHash(),
deprecated since 1.26, was removed. Use getDefinitionSummary() instead.
* (T195256) Skins are recommended not to rely on JavaScript for the "mw-jump"
and "jump-to-nav" accessibility links. To this end, the "jquery.mw-jump"
is no longer loaded by default. The Vector and MonoBook skins have made a
minor change to implement the toggle feature with CSS instead. To restore
prior functionality, either explicitly load "jquery.mw-jump" in your skin
or refer to T195256 for details on how to make the same change.
* Hook 'EditPageBeforeEditChecks' was removed;
use 'EditPageGetCheckboxesDefinition' instead.
* Linker::getLinkColour() and DummyLinker::getLinkColour(), deprecated since
1.28, were removed. LinkRenderer::getLinkClasses() should be used instead.
* Wikimedia\Rdbms\LoadBalancer::getLaggedSlaveMode(), deprecated in 1.28, has
been removed. Use Wikimedia\Rdbms\LoadBalancer::getLaggedReplicaMode()
instead.
* mw.widgets.CategoryMultiselectWidget now uses TagMultiselectWidget instead of
CapsuleMultiselectWidget. The following methods may no longer be used:
* setItemsFromData: Use setValue instead
* getItemsData: Use getItems instead and get the data property
* Two OutputPage methods, addMetadataLink() and getMetadataAttribute(), were
removed. Use addLink() instead.
* Another two OutputPage methods, setPageTitleActionText() and
getPageTitleActionText(), were removed. They did nothing since 1.15 (almost
ten years). Use setHTMLTitle() directly.
* The return value of OutputPage::adaptCdnTTL() has been removed. The
value returned was misleading and probably not what any caller would
have wanted.
* All MagicWord static member variables have been removed. Use appropriate
hooks or MagicWordFactory methods instead.
* MagicWord::clearCache() has been removed. Instead, create a new
MagicWordFactory, such as by calling
resetServiceForTesting( 'MagicWordFactory' ) on a MediaWikiServices.
* mw.util.init() has been removed. This function is not needed anymore and was
a no-op function since 1.30.
* SpecialPageFactory::resetList() is a no-op. Call overrideMwServices()
instead.
* MediaWiki no longer supports a StartProfiler.php file. Instead, you can set
$wgProfiler and $wgEnableProfileInfo.
* The mw.loader.addSource() is now considered a private method, and no longer
supports the `id, url` signature. Use the `Object` parameter instead.
* The backwards-compatibility code in HTMLForm to add a drop-down control to an
option that is not set to be a drop-down if the "mw-chosen" class is present,
is now removed.
* Several collations were removed. They were workarounds for bugs in the ICU
library and they are no longer needed (as of ICU 57.1):
* 'uppercase-se' (NorthernSamiUppercaseCollation) - use 'uca-se' instead
* 'xx-uca-et' (CollationEt) - use 'uca-et' instead
* 'xx-uca-fa' (CollationFa) - use 'uca-fa' instead
* LanguageCode::bcp47() now always returns a valid BCP 47 code. This means
that some MediaWiki-specific language codes, such as `simple`, are mapped
into valid BCP 47 codes (eg `en-simple`).
* The hooks 'SpecialRecentChangesFilters' & 'SpecialWatchlistFilters' deprecated
in 1.23 were removed. Instead, use 'ChangesListSpecialPageStructuredFilters'.
The ChangesListSpecialPage code for these legacy hooks, and their use in
SpecialRecentchanges.php and SpecialWatchlist, was also removed:
* ChangesListSpecialPage->getCustomFilters()
* ChangesListSpecialPage->getFilterGroupDefinitionFromLegacyCustomFilters()
* ChangesListSpecialPage::customFilters
* The global function wfUseMW, deprecated since 1.26, has now been removed. Use
the "requires" property of static extension registration instead.
* $wgSpecialPages no longer accepts array syntax, deprecated since 1.18.
* The MailAddress constructor can no longer be called with a User object,
behaviour which has been deprecated since 1.24.
* LBFactory, deprecated since 1.28, has been removed. Instead, use
Wikimedia\Rdbms\LBFactory.
* The MimeMagic class, deprecated since 1.28 has been removed. Get a
MimeAnalyzer instance from MediaWikiServices instead.
* The '--tidy' option to maintenance/parse.php has been removed. Tidying
the output is now the default. Use '--no-tidy' to bypass the tidy
phase.
* The global function wfErrorLog, deprecated since 1.25, has now been removed.
Use MWLoggerLegacyLogger::emit or UDPTransport.
* The hooks 'SpecialRecentChangesQuery' & 'SpecialWatchlistQuery', deprecated in
1.23, were removed. Instead, use ChangesListSpecialPageStructuredFilters or
ChangesListSpecialPageQuery.
* The global function wfUsePHP, deprecated since 1.30, has now been removed. To
assert a newer version of PHP than MediaWiki does, use extension registration.
* The hook 'ChangesListSpecialPageFilters', deprecated in 1.29, has now been
removed. Use the 'ChangesListSpecialPageStructuredFilters' hook instead.
* DeferredUpdates::setImmediateMode(), deprecated since 1.29, has been removed.
* File / MediaHandler::getStreamHeaders(), deprecated since 1.30, was removed.
* The hook 'DoEditSectionLink', deprecated since 1.25, has been removed. Use
the hook 'SkinEditSectionLinks' instead.
* The hook 'UserGetImplicitGroups', deprecated since 1.25, has been removed.
* The global function wfRunHooks, deprecated since 1.25, has now been removed.
Use Hooks::run().
* The hook 'UnknownAction', deprecated since 1.19, has now been removed.
* The hook 'ParserLimitReport', deprecated since 1.22, has been removed. Use
the hooks 'ParserLimitReportPrepare' and 'ParserLimitReportFormat' instead.
* The following deprecated API methods have been removed:
* ApiBase::profileIn() (deprecated in 1.25)
* ApiBase::profileOut() (deprecated in 1.25)
* ApiBase::safeProfileOut() (deprecated in 1.25)
* ApiBase::profileDBIn() (deprecated in 1.25)
* ApiBase::profileDBOut() (deprecated in 1.25)
* ApiBase::dieUsage() (deprecated in 1.29)
* ApiBase::dieUsageMsg() (deprecated in 1.29)
* ApiBase::dieUsageMsgOrDebug() (deprecated in 1.29)
* ApiBase::getErrorFromStatus() (deprecated in 1.29)
* ApiBase::parseMsg() (deprecated in 1.29)
* ApiBase::setWarning() (deprecated in 1.29)
* ApiPageSet::getInvalidTitles() (deprecated in 1.26)
* ApiQueryLogEvents::addLogParams() (deprecated in 1.25)
* ApiUsageException::getCodeString() (deprecated in 1.29)
* ApiUsageException::getMessageArray() (deprecated in 1.29)
* Class UsageException, deprecated in 1.29, has been removed.
* MediaWiki no longer has a 'JavaScript-powered' wikitext toolbar built in. The
old "bulletin board style toolbar", known as "the 2006 wikitext editor", has
been removed, and instead sysadmins will be required to choose one (or more)
of the several extensions available for this purpose if they need the
functionality. The MediaWiki "tarball" releases have included the replacement
extension for this, the WikiEditor extension aka "the 2010 wikitext editor",
for many years now. As part of this, several parts of MediaWiki have been
removed or simplified:
* The user option 'showtoolbar' (shown as "Show edit toolbar") is no longer
available; if an extension adds a toolbar via the EditPageBeforeEditToolbar
hook, it will be shown; extensions should provide a specific user preference
to disable themselves as needed.
* The public methods Language::getImageFile() and ::getImageFiles(), and the
related specification of $imageFiles within individual languages' code file,
as well as the referenced static media assets, all of which were only used
inside MediaWiki itself for providing the icons for the old toolbar, have
been removed without explicit deprecation.
* The internal ResourceLoader module "mediawiki.toolbar", which is unused
except by MediaWiki itself and back-compatibility code, has been removed.
* The internal ResourceLoaderEditToolbarModule class has been removed.
=== Deprecations in 1.32 ===
* HTMLForm::setSubmitProgressive() is deprecated. No need to call it. Submit
button is already marked as progressive.
* Skin::setupSkinUserCss() is deprecated. Adding of modules to load
has been centralised to Skin::getDefaultModules(), which is now capable
of queueing style modules as well.
* OutputPage::addModuleScripts() and ParserOutput::addModuleScripts are
deprecated. Use addModules() instead.
* Overriding SearchEngine::{searchText,searchTitle,searchArchiveTitle}
in extending classes is deprecated. Extend related doSearch* methods
instead.
* The following 'mediawiki.api' plugin modules were merged into mediawiki.api
and deprecated: mediawiki.api.category, mediawiki.api.edit,
mediawiki.api.login, mediawiki.api.options, mediawiki.api.parse,
mediawiki.api.upload, mediawiki.api.user, mediawiki.api.watch,
mediawiki.api.messages, and mediawiki.api.rollback.
* ApiBase::truncateArray() is deprecated. No replacement, as nothing is known
to use it.
* WatchAction::getUnwatchToken is deprecated. Use WatchAction::getWatchToken
with the 'unwatch' action parameter instead.
* IcuCollation::getICUVersion() is deprecated, as you can just use the PHP
constant INTL_ICU_VERSION directly in all versions that MediaWiki supports.
* Parser::fetchFile() is deprecated. Use ::fetchFileAndTitle() instead.
* The ApiQueryContributions class has been renamed to ApiQueryUserContribs.
* The XMPInfo, XMPReader, and XMPValidate classes have been deprecated in favor
of the namespaced classes provided by the wikimedia/xmp-reader library.
* SearchResultSet::{next,rewind} are deprecated. Calling code should
use foreach on the SearchResultSet, or the extractResults method. Extending
code should override extractResults.
* Instantiating SearchResultSet directly is deprecated. SearchEngine
implementations must subclass SearchResultSet for their purposes.
* SearchResult::setExtensionData argument has been changed from accepting an
array to accepting a Closure that returns the array when called.
* Class CryptRand, everything in MWCryptRand except generateHex() and function
MediaWikiServices::getInstance()->getCryptRand() are deprecated, use
random_bytes() to generate cryptographically secure random byte sequences.
* Parser::getConverterLanguage() is deprecated. Use ::getTargetLanguage()
instead.
* Language::markNoConversion() is deprecated. It confused readers because
it had unexpected behavior (only marking text if it looked like a URL)
and was only used in a single place in the code. Use
LanguageConverter::markNoConversion() instead.
* (T197492) Language::truncate() was soft deprecated in 1.31 and is
hard deprecated in this release. It has been split into two similar
methods, Language::truncateForVisual() and Language::truncateForDatabase(),
which measure length in characters and bytes, respectively. Use
Language::truncateForVisual() when possible to provide equity to users
of multibyte scripts.
* (T176526) EditPage::getContextTitle() falling back to $wgTitle when the
context title is unset is now deprecated; anything creating an EditPage
instance should set the context title via ::setContextTitle().
* The 'jquery.hidpi' module (polyfill for IMG srcset) is deprecated.
* ResourceLoaderStartUpModule::getStartupModules() and ::getLegacyModules()
are deprecated. These concepts are obsolete and have no replacement.
* String type for $lang of DifferenceEngine::setTextLanguage is deprecated.
* The following methods of OutputPage are now deprecated in favour
of using showFatalError directly: OutputPage::showFileDeleteError()
OutputPage::showFileNotFoundError(), OutputPage::showFileRenameError()
OutputPage::showFileCopyError() and OutputPage::showUnexpectedValueError().
* The Replacer, DoubleReplacer, HashtableReplacer, and RegexlikeReplacer
classes are now deprecated. Use a Closure instead.
* (T194263) ContentHandler::makeParserOptions() is deprecated. Use
WikiPage::makeParserOptions() or ParserOptions::newCanonical() instead.
* (T100681) Use of the Parsoid v1 API with the VirtualRESTService, deprecated in
MediaWiki 1.26, is now hard-deprecated. All known clients were converted to
the Parsoid v3 API in May 2015.
* $input is deprecated in hook 'LogEventsListGetExtraInputs'. Use
$formDescriptor instead.
* SearchEngine::transformSearchTerm( $term ) should no longer be called prior
to running searchText. This method was mainly implemented to support the
'prefix' URI param in SpecialSearch, but there are no reasons to expose this
logic as it should be handled internally by SearchEngine implementations
supporting this feature. SearchEngine implementations should no longer
override this methods.
* SearchEngine::replacePrefixes( $query ) should no longer be called prior
to running searchText/searchTitle.
* (T199657) Messages for $wgFilterLogTypes labels should be no longer be in the
'log-show-hide-[type]' format. Instead use 'logeventslist-[type]-log'.
* Global functions wfArrayFilter() and wfArrayFilterByKey() are deprecated.
use array_filter() directly.
* The $wgShowSQLErrors global is deprecated and nonfunctional.
Set $wgShowExceptionDetails and/or $wgShowHostnames instead.
* The $wgShowDBErrorBacktrace global is deprecated and nonfunctional.
Set $wgShowExceptionDetails instead.
* Public access to the DifferenceEngine properties mOldid, mNewid, mOldRev,
mNewRev, mOldPage, mNewPage, mOldContent, mNewContent, mRevisionsLoaded,
mTextLoaded and mCacheHit is deprecated. Use getOldid() / getNewid() /
getOldRevision() / getNewRevision() for the first four (note that the
revision ones return a RevisionRecord, not a Revision), do your own lookup
for page/content.
* The $wgExternalDiffEngine value 'wikidiff2' is deprecated. To use wikidiff2
just enable the PHP extension, and it will be autodetected.
* (T194731) DifferenceEngine properties mOldContent and mNewContent and methods
setContent(), generateContentDiffBody(), generateTextDiffBody() and textDiff()
are deprecated. To interact with a single slot, use a SlotDiffRenderer (and
subclass it to customize diff rendering); to diff custom (e.g. unsaved)
content, use setRevisions(). Subclassing DifferenceEngine should only be done
to customize page-level diff properties (such as the navigation header).
* The wfUseMW function, soft-deprecated in 1.26, is now hard deprecated.
* All MagicWord static methods are now deprecated. Use the MagicWordFactory
methods instead.
* PasswordFactory::init is deprecated. To get a password factory with the
standard configuration, use
MediaWikiServices::getInstance()->getPasswordFactory.
* $wgContLang is deprecated, use
MediaWikiServices::getInstance()->getContentLanguage() instead.
* $wgParser is deprecated, use MediaWikiServices::getInstance()->getParser()
instead.
* wfGetMainCache() is deprecated, use ObjectCache::getLocalClusterInstance()
instead.
* wfGetCache() is deprecated, use ObjectCache::getInstance() instead.
* All SpecialPageFactory static methods are deprecated. Instead, call the
methods on a SpecialPageFactory instance, which may be obtained from
MediaWikiServices.
* mw.user.stickyRandomId was renamed to the more explicit
mw.user.getPageviewToken to better capture its function.
* Passing Revision objects to ContentHandler::getUndoContent() is deprecated,
Content object should be passed instead.
* (T197179) Parameters 'notice', 'notice-messages', 'notice-message',
previously used by OOUI HTMLForm fields, are now deprecated. Use
'help', 'help-message', 'help-messages' instead.
* (T197179) HTMLFormField::getNotices() is now deprecated.
* The jquery.localize module is now deprecated. Use jquery.i18n instead.
* The SecondaryDataUpdates hook was deprecated in favor of RevisionDataUpdates,
or overriding ContentHandler::getSecondaryDataUpdates (T194038).
* The WikiPageDeletionUpdates hook was deprecated in favor of
PageDeletionDataUpdates, or overriding ContentHandler::getDeletionDataUpdates
(T194038).
* Content::getSecondaryDataUpdates has been deprecated in favor of
ContentHandler::getSecondaryDataUpdates() for overriding by extensions
(T194038).
Application logic should call WikiPage::doSecondaryDataUpdates() (T194037).
* Content::getDeletionUpdates has been deprecated in favor of
ContentHandler::getDeletionUpdates() for overriding by extensions (T194038).
Application logic should call WikiPage::doSecondaryDataUpdates() (T194037).
* (T198214) Old Tidy-related configuration settings, which were soft-deprecated
in MediaWiki 1.26, have now been hard deprecated. This affects $wgUseTidy,
$wgTidyBin, $wgTidyConf, $wgTidyOpts, $wgTidyInternal, and $wgDebugTidy. Use
$wgTidyConfig instead.
* All Tidy configurations other than Remex have been hard deprecated;
future parsers will not emit compatible output for these configurations.
In particular, running MediaWiki with tidy disabled has been deprecated.
* (T198214) OutputPage::addWikiText(), OutputPage::addWikiTextWithTitle(),
and OutputPage::addWikiTextTitle() have been deprecated, since they
can result in untidy output. In addition OutputPage::addWikiTextTidy()
and OutputPage::addWikiTextTitleTidy() was deprecated to make naming new
methods consistent. Use OutputPage::addWikiTextAsInterface() or
OutputPage::addWikiTextAsContent() instead, which ensures the output is
tidy and clarifies whether content-language specific postprocessing should
be done on the text.
* OutputPage::parse() and OutputPage::parseInline() have been deprecated
due to untidy output and inconsistent handling of wrapper divs and
interface/content language defaults. Use OutputPage::parseAsContent(),
OutputPage::parseAsInterface(), or OutputPage::parseInlineAsInterface()
as appropriate.
* QuickTemplate::msgHtml() and BaseTemplate::msgHtml() have been deprecated
as they promote bad practises. I18n messages should always be properly
escaped.
* Skin::getDynamicStylesheetQuery() has been deprecated. It always
returns action=raw&ctype=text/css which callers should use directly.
* Class LegacyFormatter is deprecated.
* Use of CommentStore::insertWithTempTable() with 'img_description' is
deprecated. Use CommentStore::insert() instead.
* Language::setCode is deprecated as public function. Use Language::factory
to create a new Language object with a different language code.
* Several classes have been moved from the MediaWiki\Storage\ namespace to the
MediaWiki\Revision\ namespace. The old class names are aliased for
compatibility, but are deprecated. Classes are IncompleteRevisionException,
MutableRevisionRecord, MutableRevisionSlots, RevisionAccessException,
RevisionArchiveRecord, RevisionFactory, RevisionLookup, RevisionRecord,
RevisionSlots, RevisionStore, RevisionStoreRecord, SlotRecord, and
SuppressedDataException.
* When using OOUI HTMLForm containing an 'info' field which uses the 'rawrow'
option, it is now deprecated to give its contents (the 'default' option)
as a string. They should be given as a OOUI\FieldLayout object instead.
Notably, this affects fields defined in the 'GetPreferences' hook, because
Special:Preferences uses an OOUI form now. (If possible, don't use 'rawrow'.)
* In Skin::doEditSectionLink omitting the parameters $tooltip and $lang is
deprecated. For the $lang parameter, types other than Language are
deprecated.
* The $wgUseKeyHeader configuration option and the
OutputPage::getKeyHeader() method have been deprecated; the relevant
draft IETF spec expired without becoming a standard.
* Deprecated API action=query&prop=info inprop=readable in favor of
intestactions=read.
=== Other changes in 1.32 ===
* (T198811) The following tables have had their UNIQUE indexes turned into
proper PRIMARY KEYs for increased maintainability: interwiki, page_props,
protected_titles and site_identifiers.
* OOUI HTMLForm will now display help text inline after the input field,
rather than in a popup. Previous behavior can be restored by using
`'help-inline' => false`.
* The archive table's ar_rev_id field is now unique.
* Special:BotPasswords now requires reauthentication.
* (T174023) Multi-Content Revision (MCR) capabilities were introduced into the
storage layer and have basic support for display. No user interface exists
yet for creating or managing content in slots beides the main slot. See
<https://www.mediawiki.org/wiki/Multi-Content_Revisions> for more
information.
* The image_comment_temp database table has been removed. Since all access
should be mediated by the CommentStore class, this change shouldn't affect
external code.
* (T206147) Database::close() will no longer commit any open transactions.
* (T64103) Dropped columns category.cat_hidden, site_stats.ss_admins, and
recentchanges.rc_cur_time from the PostgreSQL schema.
= MediaWiki 1.31 =
== MediaWiki 1.31.16 ==
This is a security and maintenance release of the MediaWiki 1.31 branch.
This is intended to be the final release of the MediaWiki 1.31 branch,
and as such, 1.31 is now considered End of Life.
=== Changes since MediaWiki 1.31.15 ===
* (T283273) Make postgres IRC channel point to libera.chat.
* (T289108) ExtensionProcessor: Remove loaderScripts from
extension.json schemas.
* (T285515, CVE-2021-41798) SECURITY: XSS vulnerability in
Special:Search.
* (T290379, CVE-2021-41799) SECURITY: ApiQueryBacklinks can cause a full
table scan.
* (T284419, CVE-2021-41800) SECURITY: fix PoolCounter protection of
Special:Contributions.
== MediaWiki 1.31.15 ==
This is a security and maintenance release of the MediaWiki 1.31 branch.
=== Changes since MediaWiki 1.31.14 ===
* (T270988) Fixup issues in SpecialChangeContentModel.php.
* (T278026) rdbms: Add DB_PRIMARY to replace DB_MASTER.
* (T276945) Define a batch size in maintenance/manageJobs.php.
* (T276945) Implement JobQueueDB::getAllAbandonedJobs.
* (T281549) WebInstaller: Don't show the announce-l subscribe
checkbox temporarily.
* (T283247) Freenode -> Libera per wikimedia moving from
freenode to libera.
* (T280226, CVE-2021-35197) SECURITY: Prevent blocked users from
purging pages.
== MediaWiki 1.31.14 ==
This is a maintenance release of the MediaWiki 1.31 branch.
=== Changes since MediaWiki 1.31.13 ===
* Make Title implement IDBAccessObject.
== MediaWiki 1.31.13 ==
This is a security and maintenance release of the MediaWiki 1.31 branch.
=== Changes since MediaWiki 1.31.12 ===
* (T115436) resourceloader: CSSMin::getLocalFileReferences now strips
anchors.
* Updating php-parallel-lint/php-parallel-lint (0.9.2 => 1.0.0).
* Updating mediawiki/codesniffer (19.1.0 => 19.4.0).
* DefaultSettings.php: Update $wgPingback documentation.
* PHPVersionCheck: The PHP Group only supports PHP >= 7.3.0.
* (T275261) Escape wikitext in the title in invalid title error messages.
* (T277009, CVE-2021-30158) SECURITY: Allow blocked users to access
Special:ResetTokens.
* pageExist.php: Output trailing newlines.
* (T278058, CVE-2021-30157) SECURITY: Escape rcfilters-filter-* messages
on ChangesList pages.
* (T277414) HTMLFormField: Use non namespaced class name rather than
static::class.
* (T268230) Switch to new MediaWiki logo by Serhio Magpie.
* (T271735) Expand config-pingback-help, link to privacy policy in
config-pingback.
* Fix documentation of user-global in $wgRateLimits.
* BackupDumper: Add -o as shortcode for --output.
* (T278014, CVE-2021-30154) SECURITY: Escape mediastatistics-header-*
messages on Special:NewFiles.
* (T270713, CVE-2021-30152) SECURITY: Allow user to only apply protection
they have right to do so via action=protect.
* (T272386, CVE-2021-30159) SECURITY: Non-admin deleted enwiki page in
fast double move.
* (T270988, CVE-2021-30155) SECURITY: ContentModelChange: Check that user
can create pages.
* (T276843, CVE-2021-20270, CVE-2021-27291) SECURITY:
SyntaxHighlight_GeSHi: Various lexers have been disabled due to DoS
vectors.
== MediaWiki 1.31.12 ==
This is a maintenance release of the MediaWiki 1.31 branch.
=== Changes since MediaWiki 1.31.11 ===
* Fixed issues relating to User::isRegistered() not existing in 1.31.
== MediaWiki 1.31.11 ==
This is a security and maintenance release of the MediaWiki 1.31 branch.
=== Changes since MediaWiki 1.31.10 ===
* Fix undefined $wgRedirectOnLogin.
* (T251661, T265313) CentralIdLookup::factoryNonLocal can return null.
* (T263592) media: Fix case of FlashPixVersion in
FormatMetadata::makeFormattedData().
* (T265223) BaseTemplate: Guard against passing zero arg to array_merge().
* (T266418) composer.json: add requirement for composer-plugin-api ^1.1.
* (T260631, T260633), BotPassword::save() now returns a Status object for the
result rather than a bool. The length of the bot password grants and
restriction fields are now validated, and an error will be thrown if it
would be truncated by the database.
* (T264536, T233012) SectionProfiler: Do not attempt to use null values as
arrays.
* (T269178) MemcachedClient: Cast Resource to integer.
* (T268917, CVE-2020-35475) SECURITY: Use Xml::element in SpecialUserrights for
sanity.
* (T268938, CVE-2020-35479) SECURITY: BlockLogFormatter can output raw html.
* (T205908, CVE-2020-35477) SECURITY: Unable to change visibility of log entries
when MediaWiki:Mainpage uses Special:MyLanguage.
* (T120883, CVE-2020-35480) SECURITY: Divergent behavior for contributions and
user pages of hidden users and missing users.
== MediaWiki 1.31.10 ==
This is a maintenance release of the MediaWiki 1.31 branch.
=== Changes since MediaWiki 1.31.9 ===
* Fixed issues relating to backporting of changes for T260485.
== MediaWiki 1.31.9 ==
This is a security and maintenance release of the MediaWiki 1.31 branch.
=== Changes since MediaWiki 1.31.8 ===
* In the web installer, use secure session cookies.
* (T257207) shell: Expand documentation in firejail.profile.
* Added $wgForceHTTPS, which makes the HTTP to HTTPS redirect be unconditional
and suppresses various hacks needed to support mixed HTTP/HTTPS wikis. We
recommend this be set to true on pure HTTPS wikis.
* Added $wgCookieSameSite, which allows login cookies to be sent with
SameSite=None. This is required for cross-site CentralAuth autologin after
Chrome 84.
* Added $wgUseSameSiteLegacyCookies, which adds a compatibility hack to
SameSite=None cookies for browsers which implemented an incompatible draft
version of the specification.
* (T191537) Disable WebResponse setters for post-send processing.
* (T198525) WebReponse: Use values altered in 'WebResponseSetCookie' hook.
* Fix runBatchedQuery.php for no result from select.
* (T130906) Add Edge to MediaWiki:Clearyourcache.
* Use IPset in MWRestrictions::checkIP.
* (T260031) Add application/font-sfnt to MimeMap for ttf files.
* shell: Make ->restrict( RESTRICT_NONE ) actually work.
* (T183759) Fixes shell edge-cases in Windows.
* (T258390) Add CentralIdLookup::factoryNonLocal().
* (T246991) User: Fix pingLimiter() to use makeGlobalKey() for global rate
limits.
* (T251661, CVE-2020-25827) SECURITY: User::pingLimiter: add user-global rate
limit type.
* (T246991) User: enforce pingLimiter() expiry time.
* (T260232) don't include null page ids in query list for category dumps.
* (T251506) Sanitizer: Truncate IDs to a reasonable length.
* Explicitly wrap some XML calls in libxml_disable_entity_loader().
* (T263455 T247285) Set EnableJavaScriptTest to true in
includes/DevelopmentSettings.php.
* (T232568, CVE-2020-25813) SECURITY: Special:UserRights exposes the existence
of hidden users.
* (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking
firejail's --output functionality.
* (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and
'style' attribute.
* (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in
mw.message( ... ).parse().
* (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct
database.
* (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used.
== MediaWiki 1.31.8 ==
This is a security and maintenance release of the MediaWiki 1.31 branch.
=== Changes since MediaWiki 1.31.7 ===
* (T199809) Don't invalidate BotPasswords if a password reset email is sent.
* (T247017) PasswordReset performance improvements.
* (T250568) Work around change in SimpleXMLElement behavior introduced in PHP
7.3.17.
* Remove some rotten and out of date documentation.
* (T252311) Improvements to some older SQLite update patches.
* (T240307) Minor fixes to extension.schema.v2.json and
extension.schema.v1.json.
* (T199474) Set rc_patrolled to 2 for autopatrolled changes in
rebuildrecentchanges.php.
* (T229461) Update the change_tag table in rebuildrecentchanges.php.
* (T206476) Call ob_start() before running tests.
* (T234450) Per-user concurrency in SpecialContributions can now be limited by
setting $wgPoolCounterConf['SpecialContributions'] appropriately.
* (T248947) SECURITY: img_auth.php may leak private extension images into the
public cache.
== MediaWiki 1.31.7 ==
This is a security and maintenance release of the MediaWiki 1.31 branch.
=== Changes since MediaWiki 1.31.6 ===
* (T193565, T234022) Re-add DB domain sanity checks to LoadBalancer.
* Use proper SemVer comparison in CheckComposerLockUpToDate.
* (T212738) Add the MW_VERSION constant, global $wgVersion is soft deprecated.
* Update comment about PHP versions supported by The PHP Group.
* (T247215) Fix output of RecountCategories::doWork().
* Add check for page existence to view.php maintenance script.
* (T247580) Disable some broken Selenium tests.
* (T236509) SECURITY: Fix HTML escaping in UserGroupMembership::getLink().
* (T246602) SECURITY: jquery.makeCollapsible allows applying event handler to
any CSS selector.
== MediaWiki 1.31.6 ==
This is a security and maintenance release of the MediaWiki 1.31 branch.
=== Changes since MediaWiki 1.31.5 ===
* (T181658) Do not insert page titles into querycache.qc_value.
* (T206013) Suppress errors when reading invalid XML file properties.
* (T237931) Remove references to pg_attrdef.adsrc in Postgres code.
* Use correct value for 'sslmode' in DatabasePostgres.
* (T232866) Fix support for HTTP/2 in MultiHttpClient.
* (T227461) Stop calling deprecated Redis delete functions.
* (T239561) Mark options as requiring parameters in addSite.php.
* (T239734) Replace deprecated lSize with lLen in Redis code.
* (T192134) SECURITY: Do not allow user scripts on Special:PasswordReset.
* (T239428) ApiEditPage: Test for bad redirect targets.
* (T233342) rdbms: Log debug message traces as 'exception.trace' instead of
'trace'.
* (T226751) media: Log and fail gracefully on invalid EXIF coordinates.
* (T212067) Work around PHP bug in parse_url.
== MediaWiki 1.31.5 ==
This is a maintenance release of the MediaWiki 1.31 branch.
=== Changes since MediaWiki 1.31.4 ===
* Fix extra newlines in installer.
* Followup T230402, PermissionManager doesn't exist until 1.33, so fix the
backported patches to use User::isAllowed() instead.
== MediaWiki 1.31.4 ==
This is a security and maintenance release of the MediaWiki 1.31 branch.
=== Changes since MediaWiki 1.31.3 ===
* (T207100) Updated LanguageTr for dotted and dotless I in PHP 7.3.
* The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification
of headers in private wikis.
* (T230402) SECURITY: Add permission check for suppressed account to
Special:Redirect.
* Add helper for HTTPFileStreamer header syntax.
* (T118799) Fix XMP parser errors due to trailing nullchar.
* (T233119) Improve documentation for the MinimumPasswordLengthToLogin policy.
* (T202183) Give more specific error messages on Special:Redirect.
* Cache redirects from Special:Redirect.
* (T231386) dispatchUser() should use a 302 http status code.
* (T227662) Split down patch-comment-table.sql and patch-actor-table.sql into
separate files to help allieviate potential migration problems.
* Make SQLite's patch-add-3d.sql a no-op to prevent clobbering other database
updates.
== MediaWiki 1.31.3 ==
This is a maintenance release of the MediaWiki 1.31 branch.
=== Changes since MediaWiki 1.31.2 ===
* (T225558) Update installer link to PHP intl.
* (T225496) Detect APC for MainCacheType in CLI installer.
* (T226766) Remove jetbrains/phpstorm-stubs from composer dev dependencies.
* (T202211) Fix SQLite patch-(image|page|template)links-fix-pk.sql column order.
== MediaWiki 1.31.2 ==
This is a security and maintenance release of the MediaWiki 1.31 branch.
Required PHP version has been increased from 7.0.0 to 7.0.13.
=== Changes since MediaWiki 1.31.1 ===
* (T204729) WatchedItemStore::countVisitingWatchersMultiple() shouldn't query
all titles when asked for none.
* (T205967) Fix syntax error typo in postgres database upgrade file.
* (T200254) Add pear/Net_SMTP 1.7.3 to composer dependencies.
* (T206765) Load installer i18n when running update.php.
* (T109121) Remove deprecated pear/mail_mime-decode from composer suggested
libraries.
[Also in the bundled composer /vendor directory.]
* Various PHP 7.2 and 7.3 compatibility fixes:
* (T200595, T206974) Fix PHP 7.3 warnings of using "continue" in some
scenarios instead of "break".
* (T206976, T206977) Also in the bundled LocalisationUpdate and
ParserFunctions extensions.
* (T206979) Fix PHP 7.3 warnings of using "compact()" when some variables may
not be set.
* (T215632) FormatMetadata and UploadStash regexes fixed to be PHP
7.3-compatible.
* Fix PHP warnings "preg_replace(): [...] invalid range in character class.
* Avoid PHP 7.2 warnings in DBConRefTest about count() on non-Countable.
* Suppress "Headers already sent" in PHP 7.2 too.
* (T206476) Output only to stderr in unit tests.
* (T207112) Add session_write_close() calls to SessionManager tests.
* oyejorge/less.php replaced with our fork wikimedia/less.php
* (T209756) Updated wikimedia/ip-set from 1.2.0 to 1.3.0.
* (T213489) Avoid session double-start in Setup.php.
* (T206975) Switch to our fork of less.php.
* (T207540) Include IP address in "Login for $1 succeeded" log entry.
* (T201781) Database: Allow selectFieldValues() to accept SQL fragments.
* (T205765) installer: Don't link to the obsolete "Extension Matrix" page.
* (T206013) Update ImportableUploadRevisionImporter for interwiki usernames.
* (T207541) Pass an email address, not a MailAddress, to mail().
* (T207603) SECURITY: User JS may no longer be loaded with mime type
text/javascript if there is no account associated with the username.
* (T112937, T113042) SECURITY: Do not allow loading pages raw with a
text/javascript MIME
type if non-admins can edit the page.
* (T17491) <ins>/<del> elements can be phrasing or flow.
* (T200827) RemexCompatMunger: Don't call endTag() in case B/b
* (T207088) Upgrade wikimedia/remex-html to 2.0.1.
[Also in the bundled composer /vendor directory.]
* (T194052) Updated wikimedia/base-convert from 1.0.1 to 2.0.0.
[Also in the bundled composer /vendor directory.]
* (T199494) Fix notices in maintenance/removeUnusuedAccounts.php.
* Require ext-fileinfo in composer.json, per PHPVersionCheck.
* (T176390) Bundled LocalisationUpdate extension: Handle exceptions from
GitHubFetcher.
* (T208255) Completion search should not change the search query.
* (T209870) Fix SQL syntax error in MS-SQL initialisation file for new wikis.
* (T185049) LogFormatter: Fail softer when trying to link an invalid titles.
* (T210998) Properly set $wgLanguageCode in the generated LocalSettings.php
if --lang is used with the command-line installer (install.php).
* (T211061) ImageListPager: Actor migration for buildQueryConds().
* (T209335) Clarify the default sidebar 'Help' link is about MediaWiki itself.
* Fix addition of ug_expiry column to user_groups table on MSSQL.
* (T204767) Add join conditions to ActiveUsersPager.
* (T210621) User: Bypass repeatable-read when creating an actor_id.
* (T204531) rdbms: reduce LoadBalancer replication log spam.
* (T195525) Fix db error outage page.
* (T208871) The hard-coded Google search form on the database error page was
removed.
* (T176097) Fix flaky MessageBlobStoreTest assertion failures.
* (T209423) Update required PHP version to 7.0.13.
* (T209885) Prevent populateSearchIndex.php from breaking once actor migration
has been started.
* (T216968) Return pageid as int in both list=iwbacklinks and
list=langbacklinks.
* (T215169) Fix for Database::update() with IGNORE option fails on PostgreSQL.
* (T204423) Backport support for hyphenated DB names in JobQueueGroup.
* (T199474) Fix typo in rebuildrecentchanges.php resulting in rogue flags.
* (T218608) SECURITY: Fix an issue that prevents Extension:OAuth working when
$wgBlockDisablesLogin is true.
* (T216029) Chrome redirects to Special:BadTitle after editing a section with
a non-Latin name on a page with non-Latin characters in title.
* (T219728) Added support for new Japanese era name "Reiwa".
* (T25227) SECURITY: action=logout now requires to be posted and have a csrf
token.
* Updated cssjanus/cssjanus from 1.2.0 to 1.3.0.
* (T222385) resourceloader: Use AND instead of OR for upsert conds in
saveFileDependencies().
* (T224374) Fix message parameters so that the message that says SQLite is out
of date makes sense.
* SpecialPage::checkLoginSecurityLevel() will now preserve POST data when
reauthenticating.
* FormSpecialPage::execute() will now call checkLoginSecurityLevel() if
getLoginSecurityLevel() returns non-false.
* (T197279) SECURITY: Fix reauth in Special:ChangeEmail.
* (T208881) SECURITY: blacklist CSS var().
* (T209794) SECURITY: rate-limit and prevent blocked users from changing email.
* (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
* (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
* (T222036, T222038) SECURITY: Add permission check for user is permitted to
view the log type.
* (T221739) SECURITY: resources: Patch jQuery 3.2.1 for CVE-2019-11358.
== MediaWiki 1.31.1 ==
This is a security and maintenance release of the MediaWiki 1.31 branch.
=== Changes since MediaWiki 1.31.0 ===
* (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides
'newbie'.
* (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's
account lock.
* (T199029, CVE-2018-13258) SECURITY: Tarball was missing .htaccess files.
* (T197229) Bundle Nuke extension, it was accidentally omitted.
* (T193995) Fix undefined patchPath() method call in parser tests.
* (T198687) Fix various selectFields methods to use the string 'NULL', not null.
* Special:BotPasswords now requires reauthentication.
* (T191608, T187638) Add 'logid' parameter to Special:Log.
* (T193829) Indicate when a Bot Password needs reset.
* (T198037) GitInfo: Don't try shelling out if it's disabled.
* (T151415) Log email changes.
* (T197206) Fix performance regression when multiple DB used without caching.
* (T197030) PHPSessionHandler: Suppress headers warnings in initialize().
* (T182377, T196793) Exif: Guard against uncountable tag values.
* (T200861) Fix total breakage of SQLite web upgrade.
* (T200864) Fix pingback over-reporting on non-MySQL databases
* (T202550) Unbreak SpecialListusersHeaderForm and SpecialListusersHeader
hooks.
== MediaWiki 1.31.0 ==
=== Changes since MediaWiki 1.31.0-rc.2 ===
* (T195783) Initialize PSR-4 namespaces at same stage as normal autoloader.
* (T196092) Hide MySQL binary/utf-8 charset option in the installer.
* (T196185) Don't allow setting $wgDBmysql5 in the installer.
* (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported.
* (T182366) UploadBase::checkXMLEncodingMissmatch() now works on PHP 7.1+
* (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete
hook.
* (T196672) The mtime of extension.json files is now able to be zero
* (T180403) Validate $length in padleft/padright parser functions.
* (T143790) Make $wgEmailConfirmToEdit only affect edit actions.
=== Changes since MediaWiki 1.31.0-rc.0 ===
* (T33223) Drop archive.ar_text and ar_flags.
* Add default edit rate limit of 90 edits/minute for all users.
* (T187645) Use codepoint as tiebreaker when getting first-letters in
IcuCollation.
* (T191947) Don't shell during the installer if shelling out is disabled.
* (T194319) Improve duplicate config setting exception as part of extension
registration.
* (T195211) Don't require trailing slash in PSR-4 autoloader directory.
* (T186565) Fix PHP Notice from `ob_end_flush()` in `FileRepo::streamFile()`.
* Do not incorrectly hide namespace input field in the installer.
* (T186456) Refactor checks looking for PEAR maik libraries to be clearer.
=== Important pre-upgrade notes for 1.31 ===
* If you're using MySQL, SQLite, or MSSQL, are not using update.php to apply
schema changes, and cannot have downtime to run migrateArchiveText.php and
apply patch-drop-ar_text.sql manually, you'll have to apply a default value
to the ar_text and ar_flags columns of the archive table or make those
columns nullable before upgrading to MediaWiki 1.31.
maintenance/archives/patch-nullable-ar_text.sql shows how to do this for
MySQL.
=== Configuration changes in 1.31 ===
* $wgEnableAPI and $wgEnableWriteAPI are now deprecated and will be removed in
a future version. The API is now considered to be stable, secure and
essential.
* $wgUsejQueryThree was removed, as it is now the default. This was documented
as a temporary variable during the migration period, deprecated since 1.29.
* $wgLogoHD has been updated to support svg images and uses $wgLogo where
possible for fallback images such as png.
* (T44246) $wgFilterLogTypes will no longer ignore 'patrol' when user does not
have the right to mark things patrolled.
* Wikis that contain imported revisions or CentralAuth global blocks should run
maintenance/cleanupUsersWithNoId.php.
* The configuration settings $wgResourceLoaderMinifierStatementsOnOwnLine and
$wgResourceLoaderMinifierMaxLineLength, deprecated since 1.27, were removed.
* (T180921) $wgReferrerPolicy now supports having fallbacks for browsers that
are not using the latest version of the Referrer Policy specification.
* $wgFragmentMode is now set to [ 'legacy', 'html5' ] by default. This is a
first step of migration to human-readable section IDs that will later result
in 'html5' being the default mode.
* CACHE_ACCEL now only supports APC(u) or WinCache. XCache support was removed
as upstream is inactive and has no plans to move to PHP 7.
* The old CategorizedRecentChanges feature, including its related configuration
option $wgAllowCategorizedRecentChanges, has been removed.
* (T188472) The 'comma' value for $wgArticleCountMethod is no longer supported
for performance reasons, and installations with this setting will now work as
if it was configured with 'any'.
* (T185753) MediaWiki now defaults to using RemexHtml to tidy up user input,
rather than being off by default. If you wish to disable HTML tidying
entirely, set $wgTidyConfig to null; if you wish to use the old, deprecated
Tidy external binary, both set $wgTidyConfig to null and $wgUseTidy to true.
* $wgLogAutopatrol now defaults to false instead of true.
* $wgValidateAllHtml was removed and will be ignored.
* $wgScriptExtension, deprecated and ignored since 1.25, was removed. See the
1.25 release notes for more information.
* $wgUseAjax is now marked as deprecated, just like the deprecated AJAX
framework that it enables. Some extensions mistakenly used this to check
whether any AJAX functionality at all should be enabled, further making this
problematic to retain.
* $wgDBmysql5 is now deprecated, and will be removed in a future version. It
has been marked as experimental ever since it was introduced.
=== New features in 1.31 ===
* (T76554) User sub-pages named ….json are now protected in the same way that
….js and ….css pages are, so that configuration options can safely be placed
there.
* Wikimedia\Rdbms\IDatabase->select() and similar methods now support joins
with parentheses for grouping.
* As a first pass in standardizing dialog boxes across the MediaWiki product,
Html class now provides helper methods for messageBox, successBox, errorBox
and warningBox generation.
* (T9240) Imports will now record unknown (and, optionally, known) usernames in
a format like "iw>Example".
* (T20209) Linker (used on history pages, log pages, and so on) will display
usernames formed like "iw>Example" as interwiki links, as if by wikitext like
[[iw:User:Example|iw>Example]].
* (T111605) The 'ImportHandleUnknownUser' hook allows extensions to auto-create
users during an import.
* Added a hook, ParserOutputPostCacheTransform, to allow extensions to affect
the ParserOutput::getText() post-cache transformations.
* Added a hook, UploadForm:getInitialPageText, to allow extensions to alter the
initial page text for file uploads.
* (T181651) The info page for File pages now displays the file's base-16 SHA1
hash value in the table of basic information.
* Style tags with a 'data-mw-deduplicate' attribute will be deduplicated as a
ParserOutput::getText() post-cache transformation. This may be disabled by
passing 'deduplicateStyles' => false to that method.
* The identity of the logged-in or IP "actor" for logged actions is being moved
into a new actor table, with the rows in tables such as revision and logging
referring to the actor ID instead of storing the user ID and name/IP in
every row.
* This is currently gated by $wgActorTableSchemaMigrationStage. Most wikis
can set this to MIGRATION_NEW and run maintenance/migrateActors.php as
soon as any necessary extensions are updated.
* Most code accessing rows for logged actions from the database should use
the relevant getQueryInfo() methods to get the information needed to build
the SQL query. The ActorMigration class may also be used to get feature
-flagged information needed to access actor-related fields during the
migration period.
* Added Wikimedia\Rdbms\IDatabase::cancelAtomic(), to roll back an atomic
section without having to roll back the whole transaction.
* Wikimedia\Rdbms\IDatabase::doAtomicSection(), non-native ::insertSelect(),
and non-MySQL ::replace() and ::upsert() no longer roll back the whole
transaction on failure.
* (T189785) Added a monthly heartbeat ping to the pingback feature.
* The CLI installer (maintenance/install.php) learned to detect and include
extensions. Pass --with-extensions to enable that feature.
* (T184791) rc_patrolled now has three states: "0" for unpatrolled,
"1" for manually patrolled and "2" for autopatrolled actions.
* Extensions can now set their type to "editor" if they provide an editor or
enhance the editing experience.
* Extensions can use a PSR-4 autoloader by setting an "AutoloadNamespaces"
property in extension.json. See the documentation at
<https://mediawiki.org/wiki/Manual:Extension.json/Schema#AutoloadNamespaces>
for more details and an example.
* (T19099) Tabs which link to pages that don't exist (like those to uncreated
discussion pages) now have a tooltip to indicate state, not just colour.
=== External library changes in 1.31 ===
* pear/mail, pear/mail_mime and pear/mail_mime-decode have been moved from
suggested to required. These packages now must be installed via composer
and not via PEAR itself.
==== Upgraded external libraries ====
* Updated jquery.chosen from v0.9.14 to v1.8.2.
* Updated composer/spdx-licenses from 1.1.4 to 1.3.0 (development dependency).
* Updated nikic/php-parser from 2.1.0 to 3.1.3 (development dependency).
* Updated wikimedia/ip-set from 1.1.0 to 1.2.0.
* Updated wikimedia/relpath from 2.0.0 to 2.1.1.
* Updated wikimedia/running-stat from 1.1.0 to 1.2.0.
* Updated wikimedia/wrappedstring from 2.2.0 to 2.3.0.
* Updated mediawiki/at-ease from 1.1.0 to 1.2.0.
* Updated wikimedia/php-session-serializer from 1.0.4 to 1.0.6.
* Updated wikimedia/remex-html from 1.0.2 to 1.0.3.
* Updated wikimedia/html-formatter from 1.0.1 to 1.0.2.
==== New external libraries ====
* Added wikimedia/object-factory 1.0.0
==== Removed and replaced external libraries ====
* (T17845) The deprecated 'jquery.badge' module was removed.
* The deprecated 'jquery.autoEllipsis' module was removed. Use the CSS
text-overflow property instead.
* The deprecated 'jquery.placeholder' module was removed.
* The deprecated 'jquery.appear' module was removed. Use the
'mediawiki.viewport' module instead.
* mediawiki/at-ease was replaced with wikimedia/at-ease.
=== Bug fixes in 1.31 ===
* (T90902) Non-breaking space in header ID breaks anchor.
* (T189375) CSSMin now allows quoted urls in `url()` syntax to start with a
space.
* (T2087, T10897, T87753, T174639) Whitespace created by category and language
links is now stripped rather than leaving blank lines in odd places.
* (T3780) Uploads with UTF-8 names now work on PHP7.1+ on Windows servers.
* (T182366) UploadBase::checkXMLEncodingMissmatch() now works on PHP 7.1+
=== Action API changes in 1.31 ===
* (T185058) The 'name' value to tgprop for action=query&list=tags has been
removed. It has never made a difference in the output, the name was always
returned regardless.
* The 'watch' and 'unwatch' parameters for action=move have been removed. They
were deprecated and also accidentally nonfunctional since 1.17 in 2010. Use
'watchlist' instead.
=== Action API internal changes in 1.31 ===
* ApiBase::getProfileDBTime, deprecated since 1.25, was removed.
* ApiBase::getModuleProfileName, deprecated since 1.25, was removed.
* ApiBase::getProfileTime, deprecated since 1.25, was removed.
=== Languages updated in 1.31 ===
MediaWiki supports over 350 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Phabricator reports.
* (T180052) Mirandese (mwl) now supports gendered NS_USER/NS_USER_TALK.
* (T182305) New language support: Nyungar (nys).
* (T186359) New language support: Siberian Tatar [себертатар] (sty).
* (T186635) New language support: Guianan Creole (gcr).
* (T186647) New language support: Kumyk [къумукъ] (kum).
* (T187750) New language support: Spanish formal address (es-formal).
* (T187824) New language support: Hungarian formal address (hu-formal).
* (T189127) New language support: Gorontalo (gor).
=== Breaking changes in 1.31 ===
* MessageBlobStore::insertMessageBlob(), deprecated in 1.27, was removed.
* The OutputPage class constructor now requires a context parameter.
Instantiating without context was deprecated in 1.18.
* The mw.page JavaScript singleton, deprecated in 1.30, was removed.
* Article::getLastPurgeTimestamp(), WikiPage::getLastPurgeTimestamp(), and the
related WikiPage::PURGE_* constants, deprecated in 1.29, were removed.
* The Article::selectFields(), ::onArticleCreate(), ::onArticleDelete(), and
::onArticleEdit() methods, deprecated in 1.24, were removed.
* Installer::locateExecutable() and ::locateExecutableInDefaultPaths() were
removed. Use ExecutableFinder::findInDefaultPaths() instead.
* The deprecated MW_DIFF_VERSION constant was removed.
DifferenceEngine::MW_DIFF_VERSION should be used instead.
* Due to significant refactoring, method ContribsPager::getUserCond() that had
no access restriction has been removed.
* The Block class will no longer accept usable-but-missing usernames for
'byText' or ->setBlocker(). Callers should either ensure the blocker exists
locally or use a new interwiki-format username like "iw>Example".
* The following methods and constants from the WatchedItem class, which were
deprecated in 1.27, have been removed:
* WatchedItem::getTitle()
* WatchedItem::fromUserTitle()
* WatchedItem::addWatch()
* WatchedItem::removeWatch()
* WatchedItem::isWatched()
* WatchedItem::duplicateEntries()
* WatchedItem::IGNORE_USER_RIGHTS
* WatchedItem::CHECK_USER_RIGHTS
* WatchedItem::DEPRECATED_USAGE_TIMESTAMP
* The $statementsOnOwnLine parameter of JavaScriptMinifier::minify was removed.
$wgResourceLoaderMinifierStatementsOnOwnLine, the corresponding configuration
variable, has been deprecated since 1.27 and was removed as well.
* The $maxLineLength parameter of JavaScriptMinifier::minify was removed.
$wgResourceLoaderMinifierMaxLineLength, the corresponding configuration
variable, has been deprecated since 1.27 and was removed as well.
* The HtmlFormatter class, deprecated in 1.27, was removed. The namespaced
HtmlFormatter\HtmlFormatter class should be used instead.
* The driver 'mysql' for MySQL, deprecated in MediaWiki 1.30, has been removed.
The driver has been deprecated since PHP 5.5 and was removed in PHP 7.0. The
default driver for MySQL has been 'mysqli' since MediaWiki 1.22.
* The following properties of PreparedEdit were deprecated in 1.21 and have
been removed:
* PreparedEdit->newText
* PreparedEdit->oldText
* PreparedEdit->pst
* ParserOutput objects which are generated using a non-default value for
ParserOptions::setWrapOutputClass() can no longer be added to the parser
cache.
* The following deprecated methods from the OutputPage class have been removed:
* OutputPage::addExtensionStyle(); deprecated in 1.27
* OutputPage::getExtStyle(); deprecated in 1.27
* OutputPage::setETag(); deprecated in 1.28 (obsolete no-op)
* OutputPage::setSquidMaxage(); deprecated in 1.27
* OutputPage::readOnlyPage(); deprecated in 1.25
* OutputPage::rateLimited(); deprecated in 1.25
* Additionally, the protected OutputPage::$mExtStyles array, only accessed
through the above and with no known uses, was removed.
* The no-op method Skin::showIPinHeader(), deprecated in 1.27, was removed.
* The following variables and methods in EditPage, deprecated in MediaWiki 1.30,
were removed:
* $isCssJsSubpage — use ::isUserConfigPage()
* $isCssSubpage — use ::isUserCssConfigPage()
* $isJsSubpage — use ::isUserJsConfigPage()
* $isWrongCaseCssJsPage – use ::isWrongCaseUserConfigPage()
* ::getSummaryInput() – use ::getSummaryInputWidget()
* ::getSummaryInputOOUI() – use ::getSummaryInputWidget()
* ::getCheckboxes() – use ::getCheckboxesWidget() or
::getCheckboxesDefinition()
* ::getCheckboxesOOUI() – use ::getCheckboxesWidget() or
::getCheckboxesDefinition()
* ResourceLoaderModule::getPosition(), deprecated in 1.29, has been removed.
* In User, the cookie-related methods which were wrappers for the functions on
the response object, and were deprecated in 1.27, have been removed:
* ::setCookie()
* ::clearCookie()
* ::setExtendedLoginCookie()
Note that User::setCookies() remains, and is not deprecated.
* Also in User, some auth-related methods which were deprecated in 1.27 have
been removed:
* ::getEditTokenTimestamp() – use MediaWiki\Session\Token::getTimestamp()
* ::getPasswordFactory() – create a PasswordFactory directly
* ::passwordChangeInputAttribs()
* The global functions wfProfileIn and wfProfileOut, deprecated in 1.25, have
been removed.
* SpecialPageFactory::getList(), deprecated in 1.24, has been removed. You can
use ::getNames() instead.
* OpenSearch::getOpenSearchTemplate(), deprecated in 1.25, has been removed. You
can use ApiOpenSearch::getOpenSearchTemplate() instead.
* The global function wfBaseConvert, deprecated in 1.27, has been removed. Use
Wikimedia\base_convert() directly.
* Calling Database::begin() explicitly during an implicit transaction or when
DBO_TRX is set results in an exception. Calling Database::commit() explicitly
for an implicit transaction also results in an exception. Previously these
were logged as errors. The startAtomic() and endAtomic() methods, or
AtomicSectionUpdate should be used instead.
* The global function wfOutputHandler() was removed, use the its replacement
MediaWiki\OutputHandler::handle() instead. The global function was only
sometimes defined. Its replacement is always available via the autoloader.
* ChangeTags::listExtensionActivatedTags and ::listExtensionDefinedTags,
deprecated in 1.28, have been removed. Use ::listSoftwareActivatedTags() and
::listSoftwareDefinedTags() instead.
* Title::getTitleInvalidRegex(), deprecated in 1.25, has been removed. You can
use MediaWikiTitleCodec::getTitleInvalidRegex() instead.
* HTMLForm & VFormHTMLForm::isVForm(), deprecated in 1.25, have been removed.
* The ProfileSection class, deprecated in 1.25 and unused, has been removed.
* The ResourceLoaderGetLessVars hook, deprecated in 1.30, has been removed. Use
ResourceLoaderModule::getLessVars() to expose local variables instead of
global ones.
* As part of work to modernise user-generated content clean-up, a config option
and some methods related to HTML validity were removed without deprecation.
The public methods MWTidy::checkErrors() and the path through which it was
called, TidyDriverBase::validate(), are removed, as are the testing methods
MediaWikiTestCase::assertValidHtmlSnippet() and ::assertValidHtmlDocument().
The $wgValidateAllHtml configuration option is removed and will be ignored.
* Execution of external programs using MediaWiki\Shell\Command now applies
the RESTRICT_DEFAULT Firejail restriction by default.
* The ResourceLoaderModule::getHashMtime() and ::getDefinitionMtime() methods,
deprecated in 1.26, were removed.
* The deprecated 'mediawiki.widgets.CategorySelector' module alias was removed.
Use the 'mediawiki.widgets.CategoryMultiselectWidget' module directly.
=== Deprecations in 1.31 ===
* The Revision class was deprecated in favor of RevisionStore, BlobStore, and
RevisionRecord and its subclasses.
* The global function wfBCP47 is deprecated in favour of LanguageCode::bcp47.
* The global function wfCountDown is now deprecated in favor of
Maintenance::countDown.
* Several methods for returning lists of fields to select from the database
have been deprecated in favor of similar methods that also return the tables
to select from and the join conditions for those tables.
* Block::selectFields() → Block::getQueryInfo()
* RecentChange::selectFields() → RecentChange::getQueryInfo()
* ArchivedFile::selectFields() → ArchivedFile::getQueryInfo()
* LocalFile::selectFields() → LocalFile::getQueryInfo()
* LocalFile::getCacheFields() with a prefix no longer works
* LocalFile::getLazyCacheFields() with a prefix no longer works
* OldLocalFile::selectFields() → OldLocalFile::getQueryInfo()
* RecentChange::selectFields() → RecentChange::getQueryInfo()
* Revision::userJoinCond() → Revision::getQueryInfo( [ 'user' ] )
* Revision::selectUserFields() → Revision::getQueryInfo( [ 'user' ] )
* Revision::pageJoinCond() → Revision::getQueryInfo( [ 'page' ] )
* Revision::selectPageFields() → Revision::getQueryInfo( [ 'page' ] )
* Revision::selectTextFields() → Revision::getQueryInfo( [ 'text' ] )
* Revision::selectFields() → Revision::getQueryInfo()
* Revision::selectArchiveFields() → Revision::getArchiveQueryInfo()
* User::selectFields() → User::getQueryInfo()
* WikiPage::selectFields() → WikiPage::getQueryInfo()
* Revision::setUserIdAndName() was deprecated.
* Access to TitleValue class properties was deprecated, the relevant getters
should be used instead.
* DifferenceEngine::getDiffBodyCacheKey() is deprecated. Subclasses should
override DifferenceEngine::getDiffBodyCacheKeyParams() instead.
* Use of Maintenance::error( $err, $die ) to exit script was deprecated. Use
Maintenance::fatalError() instead.
* Passing a ParserOptions object to OutputPage::parserOptions() is deprecated.
* The RevisionInsertComplete hook is now deprecated; use instead the hook
RevisionRecordInserted. RevisionInsertComplete is still called, but the second
and third parameter will always be null. Hard deprecation is scheduled for
1.32.
* The following methods that get and set ParserOutput state are deprecated.
Callers should use the new stateless $options parameter to
ParserOutput::getText() instead.
* ParserOptions::getEditSection()
* ParserOptions::setEditSection()
* ParserOutput::getEditSectionTokens()
* ParserOutput::setEditSectionTokens()
* ParserOutput::getTOCEnabled()
* ParserOutput::setTOCEnabled()
* OutputPage::enableSectionEditLinks()
* OutputPage::sectionEditLinksEnabled()
* The public ParserOutput state fields $mTOCEnabled and $mEditSectionTokens
are also deprecated.
* License::getLicenses has been deprecated; use License::getLines instead.
* QuickTemplate::setRef() was deprecated in favour of QuickTemplate::set().
Setting template variables by reference allowed violating the principle of
data being immutable once added to the skin template. In practice, this method
was not being used for that. Rather, setRef() existed as memory optimisation
for PHP 4.
* QuickTemplate::setTranslator() and MediaWikiI18N::set() were deprecated in
favour of Skin::msg() parameters.
* MediaWikiI18N::translate() was deprecated in favour of Skin::msg() or
wfMessage().
* Passing false to ParserOptions::setWrapOutputClass() is deprecated. Use the
'unwrap' transform to ParserOutput::getText() instead.
* \ObjectFactory (no namespace) is deprecated, the namespaced class
\Wikimedia\ObjectFactory from the wikimedia/object-factory library should be
used instead.
* CommentStore::newKey is deprecated. Instead, get an instance from
MediaWikiServices.
* The following CommentStore methods have had their signatures changed to
introduce a $key parameter, usage of the methods on instances retrieved from
CommentStore::newKey will remain unchanged but deprecated:
* CommentStore::getFields
* CommentStore::getJoin
* CommentStore::getComment
* CommentStore::getCommentLegacy
* CommentStore::insert
* CommentStore::insertWithTemplate
* The following methods in Title have been renamed, and the old ones are
deprecated:
* Title::getSkinFromCssJsSubpage – use ::getSkinFromConfigSubpage
* Title::isCssOrJsPage – use ::isSiteConfigPage
* Title::isCssJsSubpage – use ::isUserConfigPage
* Title::isCssSubpage – use ::isUserCssConfigPage
* Title::isJsSubpage – use ::isUserJsConfigPage
* The following methods related to caching of half-parsed HTML were deprecated:
* Parser::serializeHalfParsedText()
* Parser::unserializeHalfParsedText()
* Parser::isValidHalfParsedText()
* StripState::getSubState()
* StripState::merge()
* The DeferredStringifier class is deprecated, use Message::listParam() instead.
* The type string for the parameter $lang of DateFormatter::getInstance is
deprecated.
* Wikimedia\Rdbms\SavepointPostgres is deprecated.
* The DO_MAINTENANCE constant is deprecated. RUN_MAINTENANCE_IF_MAIN should be
used instead.
* The function wfShellWikiCmd() has been deprecated, use
MediaWiki\Shell::makeScriptCommand().
* In the future, the hooks 'PreferencesFormPreSave' and 'PreferencesGetLegend'
will be allowed to provide any HTMLForm object rather than PreferencesForm.
=== Other changes in 1.31 ===
* Browser support for Internet Explorer 10 was lowered from Grade A to Grade C.
* Browser support for Opera 12 and older was dropped entirely. Opera 15+
continues at Grade A.
* Multi-content-revision capability was introduced into the storage layer. See
<https://mediawiki.org/wiki/Requests_for_comment/Multi-Content_Revisions>.
* The "free" CSS class is now only applied to unbracketed URLs in wikitext.
Links written using square brackets will get the class "text" not "free".
* RFC 157418: Whitespace is trimmed from wikitext headings, wikitext list items,
wikitext table captions, wikitext table headings, wikitext table cells. HTML
headings, HTML list items, HTML table captions, HTML table headings, HTML
table cells will not have this trimming behavior.
== Compatibility ==
MediaWiki 1.31 requires PHP 7.0.0 or later. Although HHVM 3.18.5 or later is
supported, it is generally advised to use PHP 7.0.0 or later for long term
support.
MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used,
but support for them is somewhat less mature. There is experimental support for
Oracle and Microsoft SQL Server.
The supported versions are:
* MySQL 5.5.8 or later
* PostgreSQL 9.2 or later
* SQLite 3.3.7 or later
* Oracle 9.0.1 or later
* Microsoft SQL Server 2005 (9.00.1399)
== Upgrading ==
1.31 has several database changes since 1.30, and will not work without schema
updates. Note that due to changes to some very large tables like the revision
table, the schema update may take quite long (minutes on a medium sized site,
many hours on a large site).
Don't forget to always back up your database before upgrading!
See the file UPGRADE for more detailed upgrade instructions, including
important information when upgrading from versions prior to 1.11.
For notes on 1.30.x and older releases, see HISTORY.
== Online documentation ==
Documentation for both end-users and site administrators is available on
MediaWiki.org, and is covered under the GNU Free Documentation License (except
for pages that explicitly state that their contents are in the public domain):
https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
== Mailing list ==
A mailing list is available for MediaWiki user support and discussion:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
A low-traffic announcements-only list is also available:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
It's highly recommended that you sign up for one of these lists if you're
going to run a public MediaWiki, so you can be notified of security fixes.
== IRC help ==
There's usually someone online in #mediawiki on irc.freenode.net.
= MediaWiki 1.30 =
== MediaWiki 1.30.2 ==
This is a security and maintenance release of the MediaWiki 1.30 branch.
=== Changes since MediaWiki 1.30.1 ===
* (T204729) WatchedItemStore::countVisitingWatchersMultiple() shouldn't query
all titles when asked for none.
* (T109121) Remove deprecated pear/mail_mime-decode from composer suggested
libraries.
* (T207540) Include IP address in "Login for $1 succeeded" log entry.
* (T205765) Don't link to the obsolete "Extension Matrix" page in installer.
* (T207603) SECURITY: User JS may no longer be loaded with mime type
text/javascript if there is no account associated with the username.
* (T113042) SECURITY: Do not allow loading pages raw with a text/javascript MIME
type if non-admins can edit the page.
* (T207541) Pass email address to mail().
* Fix addition of ug_expiry column to user_groups table on MSSQL.
* (T204531) rdbms: reduce LoadBalancer replication log spam.
* (T213489) Avoid session double-start in Setup.php.
* (T195525) Fix db error outage page.
* (T208871) The hard-coded Google search form on the database error page was
removed.
* (T216968) Return pageid as int in both list=iwbacklinks and
list=langbacklinks.
* (T218608) SECURITY: Fix an issue that prevents Extension:OAuth working when
$wgBlockDisablesLogin is true.
* (T25227) SECURITY: action=logout now requires to be posted and have a csrf
token.
* (T222385) resourceloader: Use AND instead of OR for upsert conds in
saveFileDependencies().
* (T224374) Fix message parameters so that the message that says SQLite is out
of date makes sense.
* SpecialPage::checkLoginSecurityLevel() will now preserve POST data when
reauthenticating.
* FormSpecialPage::execute() will now call checkLoginSecurityLevel() if
getLoginSecurityLevel() returns non-false.
* (T197279) SECURITY: Fix reauth in Special:ChangeEmail.
* (T208881) SECURITY: blacklist CSS var().
* (T209794) SECURITY: rate-limit and prevent blocked users from changing email.
* (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
* (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
* (T222036, T222038) SECURITY: Add permission check for user is permitted to
view the log type.
* (T221739) SECURITY: resources: Patch jQuery 1.11.3 for CVE-2019-11358.
== MediaWiki 1.30.1 ==
This is a security and maintenance release of the MediaWiki 1.30 branch.
=== Changes since MediaWiki 1.30.0 ===
* (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides
'newbie'.
* (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's
account lock.
* (T87572) Make FormatMetadata::flattenArrayReal() work for an associative
array.
* Updated composer/spdx-licenses from 1.1.4 to 1.3.0 (development dependency).
* (T189567) the CLI installer (maintenance/install.php) learned to detect and
include extensions. Pass --with-extensions to enable that feature.
* (T190503) Let built-in web server (maintenance/dev) handle .php requests.
* (T167507) selenium: Run Chrome headlessly.
* selenium: Pass -no-sandbox to Chrome under Docker.
* (T179190) selenium: Move logic for running tests from package.json to
selenium.sh
* (T192584) Stop incorrectly passing USE INDEX to RecentChange::newFromConds().
* Add default edit rate limit of 90 edits/minute for all users.
* (T186565) Fix PHP Notice from `ob_end_flush()` in `FileRepo::streamFile()`.
* oojs/oojs-ui updated to remove an unnecessary dependancy.
* (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported.
* (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete
hook.
* (T196672) The mtime of extension.json files is now able to be zero
* (T180403) Validate $length in padleft/padright parser functions.
* (T143790) Make $wgEmailConfirmToEdit only affect edit actions.
* (T193995) Fix undefined patchPath() method call in parser tests.
* Special:BotPasswords now requires reauthentication.
* (T191608, T187638) Add 'logid' parameter to Special:Log.
* (T193829) Indicate when a Bot Password needs reset.
* (T151415) Log email changes.
* (T200861) Fix total breakage of SQLite web upgrade.
* (T202550) Unbreak SpecialListusersHeaderForm and SpecialListusersHeader
hooks.
* (T190539) Explicitly require Postgres 9.1.
* (T118420) Unbreak Oracle installer.
== MediaWiki 1.30.0 ==
=== Changes since MediaWiki 1.30.0-rc.0 ===
* Upgraded Moment.js from v2.15.0 to v2.19.3.
* Add ip_changes to postgres/tables.sql.
* Skip null shell parameters.
* Add wfWaitForSlaves() to maintenance/migrateComments.php.
* (T182245) Fix join conditions in ImageListPager.
* (T178626) Revert #contentSub and #jump-to-nav margin changes.
=== MySQL version requirement in 1.30 ===
As of 1.30, MediaWiki now requires MySQL 5.5.8 or higher (see Compatibility
section).
=== Configuration changes in 1.30 ===
* The "C.UTF-8" locale should be used for $wgShellLocale, if available, to avoid
unexpected behavior when code uses locale-sensitive string comparisons. For
example, the Scribunto extension considers "bar" < "Foo" in most locales
since it ignores case.
* $wgShellLocale now affects LC_ALL rather than only LC_CTYPE. See
documentation of $wgShellLocale for details.
* $wgShellLocale is now applied for all requests. wfInitShellLocale() is
deprecated and a no-op, as it is no longer needed.
* $wgJobClasses may now specify callback functions as an alternative to plain
class names. This is intended for extensions that want control over the
instantiation of their jobs, to allow for proper dependency injection.
* $wgResourceModules may now specify callback functions as an alternative
to plain class names, using the 'factory' key in the module description
array. This allows dependency injection to be used for ResourceLoader modules.
* $wgExceptionHooks has been removed.
* (T163562) $wgRangeContributionsCIDRLimit was introduced to control the size
of IP ranges that can be queried at Special:Contributions.
* (T45547) $wgUsePigLatinVariant added (off by default).
* (T152540) MediaWiki now supports a section ID escaping style that allows to
display non-Latin characters verbatim on many modern browsers. This is
controlled by the new configuration setting, $wgFragmentMode.
* $wgExperimentalHtmlIds is now deprecated and will be removed in a future
version, use $wgFragmentMode to migrate off it to a modern alternative.
* $wgExternalInterwikiFragmentMode was introduced to control how fragments in
sinterwikis going outside of current wiki farm are encoded.
* (T120333) Soft-deprecated the use of PHP extension 'mysql' in favor of
'mysqli'. This PHP extension was deprecated in PHP 5.5 and removed in PHP 7.0.
MediaWiki auto-selects the 'mysqli' driver since MediaWiki 1.22, except if
explicitly requested through the configuration parameter $wgDBservers.
* $wgOOUIEditPage was removed, as it is now the default. This was documented as
a temporary variable during the migration period.
=== New features in 1.30 ===
* (T37247) Output from Parser::parse() will now be wrapped in a div with
class="mw-parser-output" by default. This may be changed or disabled using
ParserOptions::setWrapOutputClass().
* (T163562) Added ability to search for contributions within an IP ranges
at Special:Contributions.
* Added 'ChangeTagsAllowedAdd' hook, enabling extensions to allow software-
specific tags to be added by users.
* Added a 'ParserOptionsRegister' hook to allow extensions to register
additional parser options.
* (T45547) Included Pig Latin, a language game in English, as a
LanguageConverter variant. This allows English-speaking developers
to develop and test LanguageConverter more easily. Pig Latin can be
enabled by setting $wgUsePigLatinVariant to true.
* Added RecentChangesPurgeRows hook to allow extensions to purge data that
depends on the recentchanges table.
* Added JS config values wgDiffOldId/wgDiffNewId to the output of diff pages.
* (T2424) Added direct unwatch links to entries in Special:Watchlist (if the
'watchlistunwatchlinks' preference option is enabled). With JavaScript
enabled, these links toggle so the user can also re-watch pages that have
just been unwatched.
* Added $wgParserTestMediaHandlers, where mock media handlers can be passed to
MediaHandlerFactory for parser tests.
* Edit summaries, block reasons, and other "comments" are now stored in a
separate database table. Use the CommentFormatter class to access them.
** This is currently gated by $wgCommentTableSchemaMigrationStage. Most wikis
can set this to MIGRATION_NEW and run maintenance/migrateComments.php as
soon as any necessary extensions are updated.
* (T138166) Added ability for users to prohibit other users from sending them
emails with Special:Emailuser. Can be enabled by setting
$wgEnableUserEmailBlacklist to true.
* (T67297) $wgBrowserBlacklist is deprecated, and changing it will have no
effect. Instead, users using browsers that do not support Unicode will be
unable to edit and should upgrade to a modern browser instead.
=== External library changes in 1.30 ===
==== Upgraded external libraries ====
* Updated justinrainbow/json-schema from v3.0 to v5.2.
* Updated mediawiki/mediawiki-codesniffer from v0.7.2 to v0.12.0.
* Updated wikimedia/composer-merge-plugin from v1.4.0 to v1.4.1.
* Updated wikimedia/relpath from v1.0.3 to v2.0.0.
* Updated OOjs from v2.0.0 to v2.1.0.
* Updated OOUI from v0.21.1 to v0.23.0.
* Updated QUnit from v1.23.1 to v2.4.0.
* Updated phpunit/phpunit from v4.8.35 to v4.8.36.
* Upgraded Moment.js from v2.15.0 to v2.19.3.
==== New external libraries ====
* The class \TestingAccessWrapper has been moved to the external library
wikimedia/testing-access-wrapper and renamed \Wikimedia\TestingAccessWrapper.
* Purtle, a fast, lightweight RDF generator.
=== Bug fixes in 1.30 ===
* (T151633) Ordered list items use now Devanagari digits in Nepalese
(thanks to Sfic)
=== Action API changes in 1.30 ===
* (T37247) action=parse output will be wrapped in a div with
class="mw-parser-output" by default. This may be changed or disabled using
the new 'wrapoutputclass' parameter.
* When errorformat is not 'bc', abort reasons from action=login will be
formatted as specified by the error formatter parameters.
* action=compare can now handle arbitrary text, deleted revisions, and
returning users and edit comments.
* (T164106) The 'rvdifftotext', 'rvdifftotextpst', 'rvdiffto',
'rvexpandtemplates', 'rvgeneratexml', 'rvparse', and 'rvprop=parsetree'
parameters to prop=revisions are deprecated, as are the similarly named
parameters to prop=deletedrevisions, list=allrevisions, and
list=alldeletedrevisions. Use action=compare, action=parse, or
action=expandtemplates instead.
=== Action API internal changes in 1.30 ===
* ApiBase::getDescriptionMessage() and the "apihelp-*-description" messages are
deprecated. The existing message should be split between "apihelp-*-summary"
and "apihelp-*-extended-description".
* (T123931) Individual values of multi-valued parameters can now be marked as
deprecated.
=== Languages updated in 1.30 ===
MediaWiki supports over 350 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Phabricator reports.
* Added: kbp (Kabɩyɛ / Kabiyè)
* Added: skr (Saraiki, سرائیکی)
* Added: tay (Tayal / Atayal)
* Removed: tokipona (Toki Pona)
==== Pig Latin added ====
* (T45547) Added Pig Latin, a made-up English variant (en-x-piglatin),
for easier variant development and testing. Disabled by default. It can be
enabled by setting $wgUsePigLatinVariant to true.
=== Other changes in 1.30 ===
* The use of an associative array for $wgProxyList, where the IP address is in
the key instead of the value, is deprecated (e.g. [ '127.0.0.1' => 'value' ]).
Please convert these arrays to indexed/sequential ones (e.g. [ '127.0.0.1' ]).
* mw.user.bucket (deprecated in 1.23) was removed.
* LoadBalancer::getServerInfo() and LoadBalancer::setServerInfo() are
deprecated. There are no known callers.
* File::getStreamHeaders() was deprecated.
* MediaHandler::getStreamHeaders() was deprecated.
* Title::canTalk() was deprecated. The new Title::canHaveTalkPage() should be
used instead.
* MWNamespace::canTalk() was deprecated. The new MWNamespace::hasTalkNamespace()
should be used instead.
* The ExtractThumbParameters hook (deprecated in 1.21) was removed.
* The OutputPage::addParserOutputNoText and ::getHeadLinks methods (both
deprecated in 1.24) were removed.
* wfMemcKey() and wfGlobalCacheKey() were deprecated. BagOStuff::makeKey() and
BagOStuff::makeGlobalKey() should be used instead.
* (T146304) Preprocessor handling of LanguageConverter markup has been improved.
As a result of the new uniform handling, '-{' may need to be escaped
(for example, as '-<nowiki/>{') where it occurs inside template arguments
or wikilinks.
* (T163966) Page moves are now counted as edits for the purposes of
autopromotion, i.e., they increment the user_editcount field in the database.
* Two new hooks, LogEventsListLineEnding and NewPagesLineEnding, were added for
manipulating Special:Log and Special:NewPages lines.
* The OldChangesListRecentChangesLine, EnhancedChangesListModifyLineData,
PageHistoryLineEnding, ContributionsLineEnding and
DeletedContributionsLineEnding hooks have an additional parameter, for
manipulating HTML data attributes of RC/history lines.
EnhancedChangesListModifyBlockLineData can do that via the
$data['attribs'] subarray.
* (T130632) The OutputPage::enableTOC() method was removed.
* WikiPage::getParserOutput() will now throw an exception if passed
ParserOptions that would pollute the parser cache. Callers should use
WikiPage::makeParserOptions() to create the ParserOptions object and only
change options that affect the parser cache key.
* Article::viewRedirect() is deprecated.
* IP::isValidBlock() was deprecated. Use the equivalent IP::isValidRange().
* DeprecatedGlobal no longer supports passing in a direct value, it requires a
callable factory function or a class name.
* The $parserMemc global, wfGetParserCacheStorage(), and
ParserCache::singleton() are all deprecated. The main ParserCache instance
should be obtained from MediaWikiServices instead. Access to the underlying
BagOStuff is possible through the new ParserCache::getCacheStorage() method.
* .mw-ui-constructive CSS class (deprecated in 1.27) was removed.
* Sanitizer::escapeId() was deprecated, use escapeIdForAttribute(),
escapeIdForLink() or escapeIdForExternalInterwiki() instead.
* Title::escapeFragmentForURL() was deprecated, use one of the aforementioned
Sanitizer functions or, if possible, Title::getFragmentForURL().
* Second parameter to Sanitizer::escapeIdReferenceList() ($options) now does
nothing and is deprecated.
* mw.util.escapeId() was deprecated, use escapeIdForAttribute() or
escapeIdForLink().
* MagicWord::replaceMultiple() (deprecated in 1.25) was removed.
* WikiImporter now requires the second parameter to be an instance of the
Config, class. Prior to that, the Config parameter was optional (a behavior
deprecated in 1.25).
* Removed 'jquery.mwExtension' module. (deprecated since 1.26)
* mediawiki.ui: Deprecate greys, which are not part of WikimediaUI color palette
any more.
* CdbReader, CdbWriter, CdbException classes (deprecated in 1.25) were removed.
The namespaced classes in the Cdb namespace should be used instead.
* IPSet class (deprecated in 1.26) was removed. The namespaced IPSet\IPSet
should be used instead.
* RunningStat class (deprecated in 1.27) was removed. The namespaced
RunningStat\RunningStat should be used instead.
* MWMemcached and MemCachedClientforWiki classes (deprecated in 1.27) were
removed.
The MemcachedClient class should be used instead.
* EditPage underwent some refactoring and deprecations:
* EditPage::isOouiEnabled() is deprecated and will always return true.
* EditPage::getSummaryInput() and ::getSummaryInputOOUI() are deprecated.
Please use ::getSummaryInputWidget() instead.
* EditPage::getCheckboxes() and ::getCheckboxesOOUI() are deprecated. Please
use ::getCheckboxesWidget() instead.
* Creating an EditPage instance without calling EditPage::setContextTitle()
should be avoided and will be deprecated in a future release.
* EditPage::safeUnicodeInput() and ::safeUnicodeOutput() are deprecated and
no-ops.
* EditPage::$isCssJsSubpage, ::$isCssSubpage, and ::$isJsSubpage are
deprecated. The corresponding methods from Title should be used instead.
* EditPage::$isWrongCaseCssJsPage is deprecated. There is no replacement.
* EditPage::$mArticle and ::$mTitle are deprecated for public usage. The
getters ::getArticle() and ::getTitle() should be used instead.
* Trying to control or fake EditPage context by overriding $wgUser,
$wgRequest, $wgOut, and $wgLang is no longer supported and won't work. The
IContextSource returned from EditPage::getContext() must be modified
instead.
* Parser::getRandomString() (deprecated in 1.26) was removed.
* Parser::uniqPrefix() (deprecated in 1.26) was removed.
* Parser::extractTagsAndParams() now only accepts three arguments. The fourth,
$uniq_prefix was deprecated in 1.26 and has now been removed.
* (T172514) The following tables have had their UNIQUE indexes turned into
proper PRIMARY KEYs for increased maintainability: categorylinks, imagelinks,
iwlinks, langlinks, log_search, module_deps, objectcache, pagelinks,
query_cache, site_stats, templatelinks, text, transcache, user_former_groups,
user_properties.
* IDatabase::nextSequenceValue() is no longer needed by any database backends
(formerly it was needed by PostgreSQL and Oracle), and is now deprecated.
* (T146591) The lc_lang_key index on the l10n_cache table has been changed into
a PRIMARY KEY.
* (T157227) bot_password.bp_user, change_tag.ct_log_id, change_tag.ct_rev_id,
page_restrictions.pr_user, tag_summary.ts_log_id, tag_summary.ts_rev_id and
user_properties.up_user have all been made unsigned on MySQL.
* DB_SLAVE is deprecated. DB_REPLICA should be used instead.
* wfUsePHP() is deprecated.
* wfFixSessionID() was removed.
* wfShellExec() and related functions are deprecated, use Shell::command(). This
also slightly changes the behavior of how execution time limits are calculated
when only some of defaults are overridden per-call. When in doubt, always
override both wall clock and CPU time.
* (T138166) SpecialEmailUser::getTarget() now requires a second argument, the
sending user object. Using the method without the second argument is
deprecated.
* (T67297) Browsers that don't support Unicode will have their edits rejected.
* (T178450) The module 'jquery.badge' is deprecated and will be removed in a
future release. For notifying the user of an event, the Notifications ("Echo")
system should be used instead.
* (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and
browser sends non-standard url escaping.
* (T165846) SECURITY: BotPassword login attempts weren't throttled.
= MediaWiki 1.29 =
== MediaWiki 1.29.3 ==
This is a security and maintenance release of the MediaWiki 1.29 branch.
=== Changes since 1.29.2 ===
* (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides
'newbie'.
* (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's
account lock.
* (T180551) Fix LanguageSrTest for language converter
* (T180552) Fix language converter parser test with self-close tags
* (T180537) Remove $wgAuth usage from wrapOldPasswords.php
* (T180485) InputBox: Have inputbox langconvert certain attributes
* (T161732, T181547) Upgraded Moment.js from v2.15.0 to v2.19.3.
* (T172927) Drop vendor from MW release branch
* (T87572) Make FormatMetadata::flattenArrayReal() work for an associative array
* Updated composer/spdx-licenses from 1.1.4 to 1.3.0 (development dependency).
* (T189567) the CLI installer (maintenance/install.php) learned to detect and
include extensions. Pass --with-extensions to enable that feature.
* (T182381) Mask deprecated call in WatchedItemUnitTest
* (T190503) Let built-in web server (maintenance/dev) handle .php requests.
* The karma qunit tests would fail on some configuration due to headers already
sent. Check headers_sent() before sending cpPosTime headers
* (T167507) selenium: Run Chrome headlessly.
* selenium: Pass -no-sandbox to Chrome under Docker
* (T191247) Use MediaWiki\SuppressWarnings around trigger_error('') instead @
* (T75174, T161041) Unit test ChangesListSpecialPageTest::testFilterUserExpLevel
fails under SQLite.
* (T192584) Stop incorrectly passing USE INDEX to RecentChange::newFromConds().
* (T179190) selenium: Move test running logic from package.json to selenium.sh.
* (T117839, T193200) PDFHandler: Fix for pdfinfo changes in poppler-utils 0.48.
* Add default edit rate limit of 90 edits/minute for all users.
* (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported.
* (T196672) The mtime of extension.json files is now able to be zero
* (T180403) Validate $length in padleft/padright parser functions.
* (T143790) Make $wgEmailConfirmToEdit only affect edit actions.
* (T194237) Special:BotPasswords now requires reauthentication.
* (T191608, T187638) Add 'logid' parameter to Special:Log.
* (T176097) resourceloader: Disable a flaky MessageBlobStoreTest case
* (T193829) Indicate when a Bot Password needs reset.
* (T151415) Log email changes.
* (T118420) Unbreak Oracle installer.
== MediaWiki 1.29.2 ==
This is a security and maintenance release of the MediaWiki 1.29 branch.
=== Changes since 1.29.1 ===
* (T166757) Avoid scoped lock errors in Category::refreshCounts() due to
nesting.
* (T175439) Unbreak Postgres Updater when setting defaults for a column.
* (T160298) Remove use of implicitGroupBy() in ActiveUsersPager.
* Fixed login button label to accept RawMessage.
* Fixed case of SpecialRecentChanges class usage.
* (T174255) Declare uploadCount property in importDump.php.
* (T163646) Pass a string not an int to mysql_real_escape_string().
* (T180143) Bump justinrainbow/json-schema development dependency to ~5.2.
* Updated dev dependancy phpunit/phpunit from v4.8.35 to v4.8.36.
* (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and
browser sends non-standard url escaping.
* (T165846) SECURITY: BotPassword login attempts weren't throttled.
* (T128209) SECURITY: Reflected File Download from api.php.
* (T134100) SECURITY: Do not reveal if user exists during login failure.
* (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
* (T125163) SECURITY: Make anchor for headlines escape > and <.
* (T180237) SECURITY: Protect vendor folder with .htaccess.
* (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in
update.php.
* (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit.
* (T119158) SECURITY: Handle -{}- syntax in attributes safely.
* (T180488) (T125177) "api.log contains passwords in plaintext" wasn't correctly
fixed in all branches in the previous security release.
== MediaWiki 1.29.1 ==
This is a maintenance release of the MediaWiki 1.29 branch.
The SpamBlacklist and PdfHandler extensions were missing from the generated
packages.
=== Changes since 1.29.1 ===
* (T164999) Define mw.Upload.Dialog.static.name in mediawiki.Upload.Dialog.js.
* (T172061) Fix fatal when passing a category to refreshLinks.php.
== MediaWiki 1.29.0 ==
=== Configuration changes in 1.29 ===
* Default cookie expiration time has been reduced to 30 days. Login cookie
expiration time is kept at 180 days.
* A new configuration variable has been added: $wgCookieSetOnAutoblock. This
determines whether to set a cookie when a user is autoblocked. Doing so means
that a blocked user, even after logging out and moving to a new IP address,
will still be blocked.
* The resetpassword right and associated password reset capture feature has
been removed.
* The $error parameter to the EmailUser hook should be set to a Status object
or boolean false. This should be compatible with at least MediaWiki 1.23 if
not earlier. Returning a raw HTML string is now deprecated.
* The $message parameter to the ApiCheckCanExecute hook should be set to an
ApiMessage. This is compatible with MediaWiki 1.27 and later. Returning a
code for ApiBase::parseMsg() will no longer work.
* ApiBase::$messageMap is no longer public. Code attempting to access it will
result in a PHP fatal error.
* $wgUserEmailUseReplyTo is now true by default to work around restrictive DMARC
policies.
* Subpages are now enabled by default in the Template namespace. Set
$wgNamespacesWithSubpages[NS_TEMPLATE] to false to keep the old behavior.
* $wgRunJobsAsync is now false by default (T142751). This change only affects
wikis with $wgJobRunRate > 0.
* (T158474) "Unknown user" has been added to $wgReservedUsernames.
* (T156983) $wgRateLimitsExcludedIPs now accepts CIDR ranges as well as single
IPs.
* $wgDummyLanguageCodes is deprecated. Additional language code mappings may be
added to $wgExtraLanguageCodes instead.
* (T161453) LocalisationCache will no longer use the temporary directory in it's
fallback chain when trying to work out where to write the cache.
* The user right 'editusercssjs' (deprecated in 1.16) was removed. Use
'editusercss' and 'edituserjs' in $wgGroupPermissions and elsewhere instead.
=== New features in 1.29 ===
* (T5233) A cookie can now be set when a user is autoblocked, to track that user
if they move to a new IP address. This is disabled by default.
* Added ILocalizedException interface to standardize the use of localized
exceptions, largely so the API can handle them more sensibly.
* Blocks created automatically by MediaWiki, such as for configured proxies or
dnsbls, are now indicated as such and use a new i18n message when displayed.
* Added new $wgHTTPImportTimeout setting. Sets timeout for
downloading the XML dump during a transwiki import in seconds.
* Parser limit report is now available in machine-readable format to JavaScript
via mw.config.get('wgPageParseReport').
* Added $wgSoftBlockRanges, to allow for automatically blocking anonymous edits
from certain IP ranges (e.g. private IPs).
* (T59603) Added new magic word {{PAGELANGUAGE}} which returns the language code
of the page being parsed.
* HTML5 form validation attributes will no longer be suppressed. Originally
browsers had poor support for them, but modern browsers handle them fine.
This might affect some forms that used them and only worked because the
attributes were not actually being set.
* Expiry times can now be specified when users are added to user groups.
* Completely new user interface for the RecentChanges page, which
structures filters into user-friendly groups. This has corresponding
changes to how filters are registered by core and extensions.
* The edit form now uses pretty OOjs UI buttons, checkboxes and summary input.
Because this change can cause problems for extensions and on-wiki
scripts depending on the exact HTML, the old version is still available
and can be used by setting $wgOOUIEditPage = false; in LocalSettings.php.
This will be removed later and OOjs UI will become the only option.
To make testing easier, users can also force either mode by adding
&ooui=true or &ooui=false to the action=edit URL.
=== External library changes in 1.29 ===
==== Upgraded external libraries ====
* Updated QUnit from v1.22.0 to v1.23.1.
* Updated cssjanus from v1.1.2 to v1.2.0.
* Updated psr/log from v1.0.0 to v1.0.2.
* Update Moment.js from v2.8.4 to v2.15.0.
* Updated oyejorge/less.php from v1.7.0.10 to v1.7.0.14.
* Updated monolog from v1.18.2 to 1.22.1.
* Updated wikimedia/composer-merge-plugin from v1.3.1 to v1.4.0.
* Updated OOjs from v1.1.10 to v2.0.0.
* Updated jQuery from v1.11.3 to v3.2.1 (including jQuery Migrate v3.0.0).
==== New external libraries ====
* Added wikimedia/timestamp v1.0.0.
* Added wikimedia/remex-html v1.0.1.
==== Removed and replaced external libraries ====
=== Bug fixes in 1.29 ===
* (T62604) Core parser functions returning a number now format the number
according to the page content language, not wiki content language.
* (T27187) Search suggestions based on jquery.suggestions will now correctly
only highlight prefix matches in the results.
* (T157035) "new mw.Uri()" was ignoring options when using default URI.
* Special:Allpages can no longer be filtered by redirect in miser mode.
* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is
installed.
* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow
redirect to interwiki links.
* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
$wgAdvancedSearchHighlighting is true.
* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
their values out of the logs.
* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a
CSRF token.
* (T156184) SECURITY: Escape content model/format url parameter in message.
* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
declaration.
* (T161453) SECURITY: LocalisationCache will no longer use the temporary
directory in it's fallback chain when trying to work out where to write the
cache.
* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
inclusion syntax's link parameter.
* (T108138) SECURITY: Sysops can undelete pages, although the page is protected
against it.
=== Action API changes in 1.29 ===
* Submitting sensitive authentication request parameters to action=login,
action=clientlogin, action=createaccount, action=linkaccount, and
action=changeauthenticationdata in the query string is now an error. They
should be submitted in the POST body instead.
* The capture option for action=resetpassword has been removed
* action=clearhasmsg now requires a POST.
* (T47843) API errors and warnings may be requested in non-English languages
using the new 'errorformat', 'errorlang', and 'errorsuselocal' parameters.
* API error codes may have changed. Most notably, errors from modules using
parameter prefixes (e.g. all query submodules) will no longer be prefixed.
* ApiPageSet-using modules will report the 'invalidreason' using the specified
'errorformat'.
* action=emailuser may return a "Warnings" status, and now returns 'warnings'
and 'errors' subelements (as applicable) instead of 'message'.
* action=imagerotate returns an 'errors' subelement rather than 'errormessage'.
* action=move now reports errors when moving the talk page as an array under
key 'talkmove-errors', rather than using 'talkmove-error-code' and
'talkmove-error-info'. The format for subpage move errors has also changed.
* action=revisiondelete no longer includes a "rendered" property on warnings
and errors for each item. Use errorformat=wikitext if you're wanting parsed
output.
* action=rollback no longer returns a "messageHtml" property. Use
errorformat=html if you're wanting HTML formatting of error messages.
* action=upload now reports optional stash failures as an array under key
'stasherrors' rather than a 'stashfailed' text string.
* action=watch reports 'errors' and 'warnings' instead of a single 'error', and
no longer returns a 'message' on success.
* Added action=validatepassword to validate passwords for the account creation
and password change forms.
* action=purge now requires a POST.
* There is a new `languagevariants` siprop for action=query&meta=siteinfo,
which returns a list of languages with active LanguageConverter instances.
* action=query&query=allpages will no longer filter redirects using a database
query in miser mode. This may result in less results being returned than were
requested.
=== Action API internal changes in 1.29 ===
* New methods were added to ApiBase to handle errors and warnings using i18n
keys. Methods for using hard-coded English messages were deprecated:
* ApiBase::dieUsage() was deprecated
* ApiBase::dieUsageMsg() was deprecated
* ApiBase::dieUsageMsgOrDebug() was deprecated
* ApiBase::getErrorFromStatus() was deprecated
* ApiBase::parseMsg() was deprecated
* ApiBase::setWarning() was deprecated
* ApiBase::$messageMap is no longer public. Code attempting to access it will
result in a PHP fatal error.
* The $message parameter to the ApiCheckCanExecute hook should be set to an
ApiMessage. This is compatible with MediaWiki 1.27 and later. Returning a
code for ApiBase::parseMsg() will no longer work.
* UsageException is deprecated in favor of ApiUsageException. For the time
being ApiUsageException is a subclass of UsageException to allow things that
catch only UsageException to still function properly.
* If, for some strange reason, code was using an ApiErrorFormatter instead of
ApiErrorFormatter_BackCompat, note that the result format has changed and
various methods now take a module path rather than a module name.
* ApiMessageTrait::getApiCode() now strips 'apierror-' and 'apiwarn-' prefixes
from the message key, and maps some message keys for backwards compatibility.
* API parameters may now be marked as "sensitive" to keep their values out of
the logs.
=== Languages updated in 1.29 ===
MediaWiki supports over 350 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Phabricator reports.
* Based as always on linguistic studies on intelligibility and language
knowledge by geography, language fallbacks have been expanded. When a
translation is missing in the user's preferred interface language, the
corresponding translation for the fallback language will be used instead.
English will only be used as last resort when there are no translations.
Some configurations (such as date formats and gender namespaces) have also
been updated when using the fallback language's configuration was inadequate.
The new or reinstated language fallbacks are (after cs ↔ sk in 1.28):
ca ↔ oc; hsb ↔ dsb; io → eo; mdf → ru; pnt → el; roa-tara → it; rup → ro;
sh → bs, sr-el, hr.
* (T137376) New language support: Atikamekw (atj).
* (T163600) New language support: Dinka (din).
* (T155957) Talk Namespaces for Javanese language (jv) have been updated.
==== No fallback for Ukrainian ====
* (T39314) The fallback from Ukrainian to Russian was removed. The Ukrainian
language will now use the default fallback language: English. When a
translation to Ukrainian is not available, an English string will be shown.
=== Other changes in 1.29 ===
* Database::getSearchEngine() (deprecated in 1.28) was removed. Use
SearchEngineFactory::getSearchEngineClass() instead.
* $wgSessionsInMemcached (deprecated in 1.20) was removed. No replacement is
required as all sessions are stored in Object Cache now.
* MWHttpRequest::execute() should be considered to return a StatusValue; the
Status return type is deprecated.
* User::edits() (deprecated in 1.21) was removed.
* Xml::escapeJsString() (deprecated in 1.21) was removed.
* Article::getText() and Article::prepareTextForEdit() (deprecated in 1.21)
were removed.
* Article::getAutosummary() and WikiPage::getAutosummary() (deprecated in 1.21)
were removed.
* Hook ArticleViewCustom (deprecated in 1.21) was removed. Use
ArticleContentViewCustom instead.
* Hooks EditPageGetDiffText and ShowRawCssJs (deprecated in 1.21) were removed.
* Class RevisiondeleteAction (deprecated in 1.25) was removed.
* WikiPage::prepareTextForEdit() (deprecated in 1.21) was removed.
* WikiPage::getText() (deprecated in 1.21) was removed.
* Article::fetchContent() (deprecated in 1.21) was removed.
* User::getPassword() (deprecated in 1.27) was removed.
* User::getTemporaryPassword() (deprecated in 1.27) was removed.
* User::isPasswordReminderThrottled() (deprecated in 1.27) was removed.
* Class FSRepo (deprecated in 1.19) was removed.
* WebRequest::checkSessionCookie() (deprecated in 1.27) was removed. Use
\MediaWiki\Session\SessionManager::singleton()->getPersistedSessionId()
instead.
* Class ImageGallery (deprecated in 1.22) was removed.
Use ImageGalleryBase::factory instead.
* Title::moveNoAuth() (deprecated in 1.25) was removed. Use MovePage class
instead.
* Hook UnknownAction (deprecated in 1.19) was actually deprecated (it will now
emit warnings). Create a subclass of Action and add it to $wgActions instead.
* WikiRevision::getText() (deprecated since 1.21) is no longer marked
deprecated.
* Linker::getInterwikiLinkAttributes() (deprecated since 1.25) was removed.
* Linker::getInternalLinkAttributes() (deprecated since 1.25) was removed.
* Linker::getInternalLinkAttributesObj() (deprecated since 1.25) was removed.
* Linker::getLinkAttributesInternal() (deprecated since 1.25) was removed.
* RedisConnectionPool::handleException (deprecated since 1.23) was removed.
* The static properties mw.Api.errors and mw.Api.warnings, containing incomplete
and outdated lists of errors/warnings returned by the API, are now deprecated.
* wiki.phtml entry point was removed. Refer to index.php instead. If you want
"wiki.phtml" URLs to continue to work, set up redirects. In Apache, this can
be done by enabling mod_rewrite and adding the following rules to your
configuration:
RewriteEngine On
RewriteBase /
RewriteRule ^/w/wiki\.phtml$ /w/index.php [R=301,L]
* Hook ArticleAfterFetchContent (deprecated in 1.21) was removed.
Use ArticleAfterFetchContentObject instead.
* Hook ArticleInsertComplete (deprecated in 1.21) was removed.
Use PageContentInsertComplete instead.
* Hook ArticleSave (deprecated in 1.21) was removed.
Use PageContentSave instead.
* Hook ArticleSaveComplete (deprecated in 1.21) was removed.
Use PageContentSaveComplete instead.
* Hook EditFilterMerged (deprecated in 1.21) was removed.
Use EditFilterMergedContent instead.
* Hook EditPageGetPreviewText (deprecated in 1.21) was removed.
Use EditPageGetPreviewContent instead.
* Hook TitleIsCssOrJsPage (deprecated in 1.21) was removed.
Use ContentHandlerDefaultModelFor instead.
* Hook TitleIsWikitextPage (deprecated in 1.21) was removed.
Use ContentHandlerDefaultModelFor instead.
* Article::getContent() (deprecated in 1.21) was removed.
* Revision::getText() (deprecated in 1.21) was removed.
* Article::doEdit() and WikiPage::doEdit() (deprecated in 1.21) were removed.
* Parser::replaceUnusualEscapes() (deprecated in 1.24) was removed.
* Article::doEditContent() was marked as deprecated, to be removed in 1.30
or later.
* ContentHandler::runLegacyHooks() was removed.
* refreshLinks.php now can be limited to a particular category with
--category=... or a tracking category with --tracking-category=...
* User-like objects that are passed to SpecialUserRights and its subclasses are
now required to have a getGroupMemberships() method. See UserRightsProxy for
an example.
* User::$mGroups (instance variable) was marked private. Use User::getGroups()
instead.
* User::getGroupName(), User::getGroupMember(), User:getGroupPage(),
User::makeGroupLinkHTML(), and User::makeGroupLinkWiki() were deprecated.
Use equivalent methods on the UserGroupMembership class.
* Maintenance scripts and tests that call User::addGroup() must now ensure that
User objects have been added to the database prior to calling addGroup().
* Protected function UsersPager::getGroups() was removed, and protected function
UsersPager::buildGroupLink() was changed from a static to an instance method.
* The third parameter ($cache) to the UsersPagerDoBatchLookups hook was changed;
see docs/hooks.txt.
* User::crypt() (deprecated in 1.24) was removed.
* User::comparePasswords() (deprecated in 1.24) was removed.
* ArchivedFile::getUserText() (deprecated in 1.23) was removed.
* HTMLFileCache::newFromTitle() (deprecated in 1.24) was removed.
* BREAKING CHANGE: Internal signature changes to ChangesListSpecialPage
and subclasses. It should only break if you call buildMainQueryConds
(changed to buildQuery with new signature) or doMainQuery (new
signature). Subclasses are likely to call at least doMainQuery
(possibly both), but other classes might too, because they were
public.
Also, some related hooks were deprecated, but this is not yet a
breaking change.
* Removed 'jquery.arrowSteps' module. (deprecated since 1.28)
* The 'jquery.autoEllipsis' ResourceLoader module is now deprecated.
* WikiRevision::$fileIsTemp was deprecated.
* WikiRevision::$importer was deprecated.
* WikiRevision::$user was deprecated.
* Article::getLastPurgeTimestamp(), WikiPage::getLastPurgeTimestamp(), and the
WikiPage::PURGE_* constants are deprecated, and the functions will always
return false. They were a hack for an issue that has since been fixed.
* Hook 'EditPageBeforeEditChecks' is now deprecated. Instead use the new hook
'EditPageGetCheckboxesDefinition', or 'EditPage::showStandardInputs:options'
if you don't actually care about checkboxes and just want to add some HTML
to the page.
* Selflinks are now rendered as href-less <a> tags with the class mw-selflink
rather than <strong> tags. The old class name, "selflink", was deprecated
and will be removed in a future release. (T160480)
* (T156184) $wgRawHtml will no longer apply to internationalization messages.
* Browser support for non-ES5 JavaScript browsers, including Android 2,
Opera <12.10, and Internet Explorer 9, was lowered from Grade A to Grade C.
* Removed wikibits global methods deprecated since MediaWiki 1.17 (T122755):
is_gecko, is_chrome_mac, is_chrome, webkit_version, is_safari_win, is_safari,
webkit_match, is_ff2, ff2_bugs, is_ff2_win, is_ff2_x11, opera95_bugs,
opera7_bugs, opera6_bugs, is_opera_95, is_opera_preseven, is_opera,
ie6_bugs, clientPC, changeText, killEvt, addHandler, hookEvent,
addClickHandler, removeHandler, getElementsByClassName, getInnerText,
setupCheckboxShiftClick, addCheckboxClickHandlers, mwEditButtons,
mwCustomEditButtons, injectSpinner, removeSpinner, escapeQuotes,
escapeQuotesHTML, jsMsg, addPortletLink, appendCSS, tooltipAccessKeyPrefix,
tooltipAccessKeyRegexp, updateTooltipAccessKeys.
* The ID of the <li> element containing the login link has changed from
'pt-login' to 'pt-login-private' in private wikis.
* The old, neglected "bulletin board style toolbar" in the edit form is now
deprecated (T30856). This old code dates from 2006, and was replaced in the
MediaWiki release tarball and in Wikimedia production by the WikiEditor
extension in 2010. It is only shown to users if no other editor was
installed, and leads to confusion.
* (T92459) Loading ResourceLoader modules containing JavaScript through
addModuleStyles() is deprecated and will log a warning server-side.
= MediaWiki 1.28 =
== MediaWiki 1.28.3 ==
This is a security and maintenance release of the MediaWiki 1.28 branch.
=== Changes since 1.28.2 ==
* (T168856) Allow SVGs created by Dia to be uploaded.
* (T157545) Add missing doUpdates() call to refreshLinks.php.
* (T165714) (T100085) Better handling of jobs execution in post-connection
shutdown.
* (T154425) (T154438) (T157679) Use AutoCommitUpdate instead of
Database->onTransactionIdle.
* (T154425) Make DeferredUpdates detect LBFactory transaction rounds.
* (T149454) Restore erroneously removed realTableName call from
DatabasePostgres.
* (T167798) Fix phrase search and highlighting for phrase queries.
* (T151136) Provide credits information to callbacks in extension registration.
* (T160462) Allow namespaces defined in extension.json to be overwritten
locally.
* (T168337) Fix ErrorPageError to work from non-UI contexts.
* (T143788) Backports for PHP 7.0 and 7.1 support.
* (T175439) Unbreak Postgres Updater when setting defaults for a column.
* (T160298) Remove use of implicitGroupBy() in ActiveUsersPager.
* (T174255) Declare uploadCount property in importDump.php.
* (T180231) SECURITY: Updated dev dependancy phpunit/phpunit from v4.8.24 to
v4.8.36.
* (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and
browser sends non-standard url escaping.
* (T165846) SECURITY: BotPassword login attempts weren't throttled.
* (T128209) SECURITY: Reflected File Download from api.php.
* (T134100) SECURITY: Do not reveal if user exists during login failure.
* (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
* (T125163) SECURITY: Make anchor for headlines escape > and <.
* (T180237) SECURITY: Protect vendor folder with .htaccess.
* (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in
update.php.
* (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit.
* (T119158) SECURITY: Handle -{}- syntax in attributes safely.
== MediaWiki 1.28.2 ==
Due to a packaging error, the wrong version of the SyntaxHighlight extension was
included in the tarball version of MediaWiki 1.28.1. The version included had a
serious security issue in it (T158689). There was also some minor code fixes in
MediaWiki itself since 1.28.1, but none of them were security relevant.
== MediaWiki 1.28.1 ==
This is a security and maintenance release of the MediaWiki 1.28 branch.
=== Changes since 1.28.0 ===
* $wgRunJobsAsync is now false by default (T142751). This change only affects
wikis with $wgJobRunRate > 0.
* Fix fatal from "WaitConditionLoop" not being found, experienced when a wiki
has more than one database server setup.
* (T152717) Better escaping for PHP mail() command,
* (T154670) A missing method causing the MySQL installer to fatal in rare
circumstances was restored.
* (T154672) Un-deprecate ArticleAfterFetchContentObject hook.
* (T158766) Avoid SQL error on MSSQL when using selectRowCount().
* (T145635) Fix too long index error when installing with MSSQL.
* (T156184) $wgRawHtml will no longer apply to internationalization messages.
* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is
installed.
* (T154872) Fix incorrect ar_usertext_timestamp index names in new 1.28
installs.
* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow
redirect to interwiki links.
* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
$wgAdvancedSearchHighlighting is true.
* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
their values out of the logs.
* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a
CSRF token.
* (T156184) SECURITY: Escape content model/format url parameter in message.
* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
declaration.
* (T161453) SECURITY: LocalisationCache will no longer use the temporary
directory in it's fallback chain when trying to work out where to write the
cache.
* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
inclusion syntax's link parameter.
* (T108138) SECURITY: Sysops can undelete pages, although the page is protected
against it.
== MediaWiki 1.28 ==
=== Changes since 1.28.0-rc1 ===
* (T148957) Replace wgShowExceptionDetails with wgShowDBErrorBacktrace on db
errors.
* (T148956) Only apply wgDBschema to postgres/mssql.
* (T145991) Introduce separate log action for deleting pages on move.
* (T141474) (T110464) Bypass login page if no user input is required.
=== Changes since 1.28.0-rc0 ===
* (T142210) The changes to move the parser "NewPP limit report" from a HTML
comment to a machine-readable JavaScript config option 'wgPageParseReport'
have been undone. They caused the human-readable limit report to be shown
incompletely or not at all. ParserOutput::setLimitReportData() and
getLimitReportData() behave as they did in MediaWiki 1.27 again.
* (T149510) Value of {{DISPLAYTITLE:}} parser function will not be used for
the text of subheadings on a category page when creating it. This wasn't
working correctly.
* (T106793) MediaWiki will no longer try to perform a HTTP redirect to the
canonical pretty URL when a non-pretty URL is used. It resulted in redirect
loops in some clients and in some server configurations. This undoes a change
made in MediaWiki 1.26.
* (T149759) manifest_version: 2 was removed.
=== Configuration changes in 1.28 ===
* $wgSend404Code now affects status code of action=history if the page is not
there.
* BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests
made by MediaWiki via a proxy. Relying on the http_proxy environment
variable is no longer supported.
* The load.php entry point now enforces the existing policy of not allowing
access to session data, which includes the session user and the session
user's language. If such access is attempted, an exception will be thrown.
* The number of internal PBKDF2 iterations used to derive the session secret
is configurable via $wgSessionPbkdf2Iterations.
* Upload dialog's file upload log comment can now be configured separately for
local and foreign uploads.
* $wgForeignUploadTargets now defaults to `[ 'local' ]`, where `'local'`
signifies local uploads. A value of `[]` (empty array) now means that
no upload targets are allowed, effectively disabling the upload dialog.
* The deprecated $wgEditEncoding variable has been removed; it was only used
for Esperanto language character conversion. You are now recommended to use
input methods provided by the UniversalLanguageSelector extension.
* When $wgPingback is true, MediaWiki will periodically ping
https://www.mediawiki.org/beacon with basic information about the local
MediaWiki installation. This data includes, for example, the type of system,
PHP version, and chosen database backend. This behavior is off by default.
* When $wgEditSubmitButtonLabelPublish is true, MediaWiki will label the button
to store-to-database-and-show-to-others as "Publish page"/"Publish changes";
if false, the default, they will be "Save page"/"Save changes".
* The 'editcontentmodel' permission is now granted to all logged-in users
('user').
instead of just administrators ('sysop'). Documentation for this feature is
available at <https://www.mediawiki.org/wiki/Help:ChangeContentModel>.
* $wgRevisionCacheExpiry is now set to one week by default instead of being
disabled.
* Magic links are now disabled by default, and can be re-enabled by modifying
the value of $wgEnableMagicLinks. Their usage is discouraged, but if they are
manually enabled, a tracking category will be added to help identify usage and
make it easier to migrate away from. If you depend upon magic link
functionality, it is requested that you comment on
<https://www.mediawiki.org/wiki/Requests_for_comment/Future_of_magic_links>
and explain your use case(s).
* New config variable $wgCSPFalsePositiveUrls to control what URLs to ignore
in upcoming Content-Security-Policy feature's reporting.
=== New features in 1.28 ===
* User::isBot() method for checking if an account is a bot role account.
* Added a new 'slideshow' mode for galleries.
* Added a new hook, 'UserIsBot', to aid in determining if a user is a bot.
* Added a new hook, 'ApiMakeParserOptions', to allow extensions to better
interact with API parsing.
* Added a new hook, 'UploadVerifyUpload', which can be used to reject a file
upload. Unlike 'UploadVerifyFile' it provides information about upload comment
and the file description page, but does not run for uploads to stash.
* (T141604) Extensions can now provide a better error message when their
maintenance scripts are run without the extension being installed.
* (T8948) Numeric sorting in categories is now supported by setting
$wgCategoryCollation to 'uca-default-u-kn' or 'uca-<langcode>-u-kn'. If you
can't use UCA collations, a 'numeric' collation is also available. If
migrating from another collation, you will need to run the updateCollation.php
maintenance script.
* Two new codes have been added to #time parser function: "xit" for days in
current month, and "xiz" for days passed in the year, both in Iranian
calendar.
* mw.Api has a new option, useUS, to use U+001F (Unit Separator) when
appropriate for sending multi-valued parameters. This defaults to true when
the mw.Api instance seems to be for the local wiki.
* After a client performs an action which alters a database that has replica
databases, MediaWiki will wait for the replica databases to synchronize with
the master database while it renders the HTML output. However, if the output
is a redirect to another wiki on the wiki farm with a different domain,
MediaWiki will instead alter the redirect URL to include a ?cpPosTime
parameter that triggers the database synchronization when the URL is followed
by the client. The same-domain case uses a new cpPosTime cookie.
* Added new hooks, 'ApiQueryBaseBeforeQuery', 'ApiQueryBaseAfterQuery', and
'ApiQueryBaseProcessRow', to make it easier for extensions to add 'prop' and
'show' parameters to existing API query modules.
=== External library changes in 1.28 ===
==== Upgraded external libraries ====
* Updated es5-shim from v4.1.5 to v4.5.8
* Updated composer/semver from v1.4.1 to v1.4.2
* Updated wikimedia/php-session-serializer from v1.0.3 to v1.0.4
==== New external libraries ====
* Added wikimedia/scoped-callback v1.0.0
* Added wikimedia/wait-condition-loop v1.0.1
=== Bug fixes in 1.28 ===
* (T146496) action=history pages should return 404 HTTP error code if the page
does not exist
* (T137264) SECURITY: XSS in unclosed internal links
* (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks
* (T133147) SECURITY: Require login to preview user CSS pages
* (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is
the top file
* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
permissions
* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true
* (T139670) Move 'UserGetRights' call before application of
Session::getAllowedUserRights()
=== Action API changes in 1.28 ===
* Added 'maxarticlesize' property to action=query&meta=siteinfo which contains
the value of $wgMaxArticleSize.
* Property 'modulemessages' from action=parse&prop=modules was removed
(deprecated since 1.26).
* The following response properties from action=login, deprecated in 1.27, are
now removed: lgtoken, cookieprefix, sessionid. Clients should handle cookies
to properly manage session state.
* Submitting the lgtoken and lgpassword parameters in the query string to
action=login is now deprecated and outputs a warning. They should be submitted
in the POST body instead.
* Submitting sensitive authentication request parameters to action=clientlogin,
action=createaccount, action=linkaccount, and action=changeauthenticationdata
in the query string is now deprecated and outputs a warning. They should be
submitted in the POST body instead.
* (T141960) Multi-valued parameters may now be separated using U+001F
(Unit Separator) instead of the pipe character. This will be useful if some of
the multiple values need to contain pipes, e.g. for action=options.
* The API will now warn if input is not NFC-normalized Unicode or if it
contains invalid characters.
* The 'normalized' list output by action=query and other modules that use
ApiPageSet may contain entries where the 'from' value is percent-encoded as
the raw value cannot be represented in a valid API response. These are
indicated by a 'fromencoded' boolean alongside the existing 'from' parameter.
* (T28680) action=paraminfo can now return info about all submodules of a
module without listing them all explicitly.
* (T146770) It is now possible to assert that the current user is a specific
named user, using the 'assertuser' parameter.
* (T141963) Added a 'known' property when missing-but-known titles (e.g. from
the 'TitleIsAlwaysKnown' hook) are output in various modules.
=== Action API internal changes in 1.28 ===
* Added a new hook, 'ApiMakeParserOptions', to allow extensions to better
interact with ApiParse and ApiExpandTemplates.
* (T139565) SECURITY: API: Generate head items in the context of the given title
* (T115333) SECURITY: Check read permission when loading page content in
ApiParse
* ApiBase::getResultData() was removed (deprecated since 1.25)
* ApiBase::makeHelpArrayToString() was removed (deprecated since 1.25)
* ApiBase::makeHelpMsgParameters() was removed (deprecated since 1.25)
* ApiBase::makeHelpMsg() was removed (deprecated since 1.25)
* ApiFormatBase::formatHTML() was removed (deprecated since 1.25)
* ApiFormatBase::getNeedsRawData() was removed (deprecated since 1.25)
* ApiFormatBase::getWantsHelp() was removed (deprecated since 1.25)
* ApiFormatBase::setBufferResult() was removed (deprecated since 1.25)
* ApiFormatBase::setHelp() was removed (deprecated since 1.25)
* ApiFormatBase::setUnescapeAmps() was removed (deprecated since 1.25)
* ApiMain::makeHelpMsgHeader() was removed (deprecated since 1.25)
* ApiMain::reallyMakeHelpMsg() was removed (deprecated since 1.25)
* ApiMain::setHelp() was removed (deprecated since 1.25)
* ApiResult::beginContinuation() was removed (deprecated since 1.25)
* ApiResult::cleanUpUTF8() was removed (deprecated since 1.25)
* ApiResult::convertStatusToArray() was removed (deprecated since 1.25)
* ApiResult::disableSizeCheck() was removed (deprecated since 1.24)
* ApiResult::enableSizeCheck() was removed (deprecated since 1.24)
* ApiResult::endContinuation() was removed (deprecated since 1.25)
* ApiResult::getData() was removed (deprecated since 1.25)
* ApiResult::getIsRawMode() was removed (deprecated since 1.25)
* ApiResult::setContent() was removed (deprecated since 1.25)
* ApiResult::setContinueParam() was removed (deprecated since 1.25)
* ApiResult::setElement() was removed (deprecated since 1.25)
* ApiResult::setGeneratorContinueParam() was removed (deprecated since 1.25)
* ApiResult::setIndexedTagName_internal() was removed (deprecated since 1.25)
* ApiResult::setIndexedTagName_recursive() was removed (deprecated since 1.25)
* ApiResult::setMainForContinuation() was removed (deprecated since 1.25)
* ApiResult::setParsedLimit() was removed (deprecated since 1.25)
* ApiResult::setRawMode() was removed (deprecated since 1.25)
* ApiResult::size() was removed (deprecated since 1.25)
* Added new hooks, 'ApiQueryBaseBeforeQuery', 'ApiQueryBaseAfterQuery', and
'ApiQueryBaseProcessRow', to make it easier for extensions to add 'prop' and
'show' parameters to existing API query modules. A query module can enable
these hooks by passing an array for $hookData to ApiQueryBase::select() and
by calling ApiQueryBase->processRow() before adding a row's data to the
result.
=== Languages updated in 1.28 ===
MediaWiki supports over 375 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Phabricator reports.
* (T137411) ban (Balinese), thanks to translators Adi Mayndra, Andru,
BASAbali, M. Adiputra, Naval Scene, Nemo bis, NoiX180, and 아라.
* (T135867) shn (Shan), thanks to translators Khun Sar, Piangpha,
Saiddzone Saimawnkham, Saosukham, and Sengwan.
* Czech (cs) and Slovak (sk) set as reciprocal fallbacks.
* (T146744) Livvi-Karelian (olo) namespace messages created thanks to translator
Ilja.mos.
=== Other changes in 1.28 ===
* (T128697) Improved handling of large diffs.
* [BREAKING CHANGE] $wgExtendedLoginCookies has been removed. You can
use or update a custom session provider if needed.
* Deprecated APIEditBeforeSave hook in favor of EditFilterMergedContent.
* The 'UploadVerification' hook is deprecated. Use 'UploadVerifyFile' instead.
* SiteConfiguration::isLocalVHost() was removed (deprecated since 1.25).
* The 'UserLoginComplete' hook has a new parameter to differentiate between
actual login and visiting the login page while already logged in.
* ResourceLoader::makeLoaderURL() was removed (deprecated since 1.24).
* $.fn.liveAndTestAtStart was removed (deprecated since 1.24).
* mw.util.tooltipAccessKeyPrefix was removed (deprecated since 1.24).
* mw.util.tooltipAccessKeyRegexp was removed (deprecated since 1.24).
* Linker::link() and Linker::linkKnown() were deprecated; please instead use
MediaWiki\Linker\LinkRenderer. In addition, the LinkBegin and LinkEnd hooks
were replaced by HtmlPageLinkRendererBegin and HtmlPageLinkRendererEnd
respectively. See docs/hooks.txt for the specific changes needed for those
hooks.
* Linker::formatSize() was deprecated. Use Language::formatSize() directly.
* Aliases for Linker methods, deprecated since 1.21, were removed from Skin:
* Skin::commentBlock() (use Linker::commentBlock() instead)
* Skin::generateRollback() (use Linker::generateRollback() instead)
* Skin::link() (use MediaWiki\Linker\LinkRenderer instead)
* Skin::linkKnown() (use MediaWiki\Linker\LinkRenderer instead)
* Skin::userLink() (use Linker::userLink() instead)
* Skin::userToolLinks() (use Linker::userToolLinks() instead)
* Disabled "bug 2702" HTML tidying of parsed UI messages on wikis where Tidy is
disabled.
* DifferenceEngine::generateDiffBody() was removed (deprecated since 1.21).
* UploadBase::stashFileGetKey() and UploadBase::stashSession() were deprecated.
Use ...->stashFile()->getFileKey() instead.
* "Public domain" was removed as a wiki license option from the installer, in
favour of CC-0.
* AuthenticationRequest::$required is now changed from REQUIRED to
PRIMARY_REQUIRED on requests needed by primary providers even if all primaries
need them.
Primary providers are discouraged from returning multiple REQUIRED requests.
* OOjs UI PHP widgets constructed with the `'infusable' => true` config option
will no longer be automatically infused. You should call `OO.ui.infuse()`
on them yourself from your JavaScript code.
* parserTests.php has moved to tests/parser/parserTests.php
* The command line options specific to parser tests have been removed from
phpunit.php: --regex and --keep-uploads. Instead of --regex, use --filter.
Instead of --keep-uploads, use the same option to parserTests.php, but you
must specify a directory with --upload-dir.
* The 'jquery.arrowSteps' ResourceLoader module is now deprecated.
* IP::isConfiguredProxy() and IP::isTrustedProxy() were removed. Callers should
migrate to using the same functions on a ProxyLookup instance, obtainable from
MediaWikiServices.
* The ArticleAfterFetchContent, ArticleInsertComplete, ArticleSave,
ArticleSaveComplete, ArticleViewCustom, EditFilterMerged, EditPageGetDiffText,
EditPageGetPreviewText and ShowRawCssJs hooks will now emit deprecation
warnings if used.
* (T68404) CSS3 attr() function with url type is no longer allowed
in inline styles.
* Database::getSearchEngine() is deprecated, use
SearchEngineFactory::getSearchEngineClass instead.
== Compatibility ==
MediaWiki 1.28 requires PHP 5.5.9 or later. There is experimental support for
HHVM 3.6.5 or later.
MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but
support for them is somewhat less mature. There is experimental support for
Oracle and Microsoft SQL Server.
The supported versions are:
* MySQL 5.0.3 or later
* PostgreSQL 8.3 or later
* SQLite 3.3.7 or later
* Oracle 9.0.1 or later
* Microsoft SQL Server 2005 (9.00.1399)
== Upgrading ==
1.28 has several database changes since 1.27, and will not work without schema
updates. Note that due to changes to some very large tables like the revision
table, the schema update may take quite long (minutes on a medium sized site,
many hours on a large site).
If upgrading from before 1.11, and you are using a wiki as a commons
repository, make sure that it is updated as well. Otherwise, errors may arise
due to database schema changes.
If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
new database fields are filled with data.
If you are upgrading from MediaWiki 1.4.x or earlier, you should upgrade to
1.5 first. The upgrade script maintenance/upgrade1_5.php has been removed
with MediaWiki 1.21.
Don't forget to always back up your database before upgrading!
See the file UPGRADE for more detailed upgrade instructions.
For notes on 1.27.x and older releases, see HISTORY.
== Online documentation ==
Documentation for both end-users and site administrators is available on
MediaWiki.org, and is covered under the GNU Free Documentation License (except
for pages that explicitly state that their contents are in the public domain):
https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
== Mailing list ==
A mailing list is available for MediaWiki user support and discussion:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
A low-traffic announcements-only list is also available:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
It's highly recommended that you sign up for one of these lists if you're
going to run a public MediaWiki, so you can be notified of security fixes.
== IRC help ==
There's usually someone online in #mediawiki on irc.freenode.net.
= MediaWiki 1.27 =
== MediaWiki 1.27.7 ==
This is a maintenance release of the MediaWiki 1.27 branch.
=== Changes since MediaWiki 1.27.6 ===
* Add missing `use MediaWiki\MediaWikiServices;` to LogEventsList.php.
* Remove broken tests from ApiBlockTest.php.
== MediaWiki 1.27.6 ==
This is a security and maintenance release of the MediaWiki 1.27 branch.
=== Changes since MediaWiki 1.27.5 ===
* (T204729) WatchedItemStore::countVisitingWatchersMultiple() shouldn't query
all titles when asked for none.
* (T109121) Remove deprecated pear/mail_mime-decode from composer suggested
libraries.
* (T207241) Augment precision of updatelist time.
* (T207540) Include IP address in "Login for $1 succeeded" log entry.
* (T205765) Don't link to the obsolete "Extension Matrix" page in installer.
* (T207603) SECURITY: User JS may no longer be loaded with mime type
text/javascript if there is no account associated with the username.
* (T113042) SECURITY: Do not allow loading pages raw with a text/javascript MIME
type if non-admins can edit the page.
* (T207541) Pass email address to mail().
* (T209335) Clarify the default sidebar 'Help' link is about MediaWiki itself.
* (T213359) Update mediawiki/mediawiki-codesniffer to 0.8.1.
* (T208871) The hard-coded Google search form on the database error page was
removed.
* (T216968) Return pageid as int in both list=iwbacklinks and
list=langbacklinks.
* (T218608) Fix an issue that prevents Extension:OAuth working when
$wgBlockDisablesLogin is true.
* (T219728) Added support for new Japanese era name "Reiwa".
* (T25227) SECURITY: action=logout now requires to be posted and have a csrf
token.
* SpecialPage::checkLoginSecurityLevel() will now preserve POST data when
reauthenticating.
* FormSpecialPage::execute() will now call checkLoginSecurityLevel() if
getLoginSecurityLevel() returns non-false.
* (T197279) SECURITY: Fix reauth in Special:ChangeEmail.
* (T208881) SECURITY: blacklist CSS var().
* (T209794) SECURITY: rate-limit and prevent blocked users from changing email.
* (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
* (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
* (T222036, T222038) SECURITY: Add permission check for user is permitted to
view the log type.
* (T221739) SECURITY: resources: Patch jQuery 1.11.3 for CVE-2019-11358.
== MediaWiki 1.27.5 ==
This is a security and maintenance release of the MediaWiki 1.27 branch.
=== Changes since 1.27.4 ===
* (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides
'newbie'.
* (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's
account lock.
* Upgraded Moment.js from v2.8.4 to v2.19.3.
* (T160298) Fixed Special:ActiveUsers due to bad backport.
* (T87572) Make FormatMetadata::flattenArrayReal() work for an associative
array.
* Updated list of SPDX licenses for extensions.
* (T189567) the CLI installer (maintenance/install.php) learned to detect and
include extensions. Pass --with-extensions to enable that feature.
* (T192584) Stop incorrectly passing USE INDEX to RecentChange::newFromConds().
* Add default edit rate limit of 90 edits/minute for all users.
* (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported.
* (T196672) The mtime of extension.json files is now able to be zero.
* (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete
hook.
* (T180403) Validate $length in padleft/padright parser functions.
* (T143790) Make $wgEmailConfirmToEdit only affect edit actions.
* Special:BotPasswords now requires reauthentication.
* (T191608, T187638) Add 'logid' parameter to Special:Log.
* (T193829) Indicate when a Bot Password needs reset.
* (T151415) Log email changes.
* (T118420) Unbreak Oracle installer.
== MediaWiki 1.27.4 ==
This is a security and maintenance release of the MediaWiki 1.27 branch.
=== Changes since 1.27.3 ===
* (T100085) Better handling of jobs execution in post-connection shutdown.
* (T141604) Support conditionally registered namespaces.
* (T167798) Fix highlighting for phrase queries and phrase search.
* (T151136) Provide credits information to callbacks.
* (T160462) Allow namespaces defined in extension.json to be overwritten
locally.
* (T168856) Allow SVGs created by Dia to be uploaded.
* (T144705) (T148662) Password reset link is no longer shown when no reset
options are available.
* (T143788) (T174262) Various backports for PHP 7.0 and 7.1 support.
* (T66795) $wgUserEmailUseReplyTo is now true by default to work around
restrictive DMARC policies.
* DB_REPLICA constant added from REL1_28+ to ease backports to extensions and
core.
* (T175439) Unbreak Postgres Updater when setting defaults for a column.
* (T160298) Remove use of implicitGroupBy() in ActiveUsersPager.
* (T142304) Allow putting the app ID in the password for bot passwords.
* Updated dev dependancy phpunit/phpunit from v4.8.24 to v4.8.36.
* (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and
browser sends non-standard url escaping.
* (T165846) SECURITY: BotPassword login attempts weren't throttled.
* (T128209) SECURITY: Reflected File Download from api.php.
* (T134100) SECURITY: Do not reveal if user exists during login failure.
* (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
* (T125163) SECURITY: Make anchor for headlines escape > and <.
* (T180237) SECURITY: Protect vendor folder with .htaccess.
* (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in
update.php.
* (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit.
* (T119158) SECURITY: Handle -{}- syntax in attributes safely.
== MediaWiki 1.27.3 ==
Due to a packaging error, the wrong version of the SyntaxHighlight extension was
included in the tarball version of MediaWiki 1.27.2. The version included had a
serious security issue in it (T158689). There was also some minor code fixes in
MediaWiki itself since 1.27.2, but none of them were security relevant.
=== Changes since 1.27.2 ===
* (T145664) Fix broken wincache merge() implementation
* (T163434) Add wikimedia/testing-access-wrapper for forwards compatibility
* (T153505) Fix php warnings on php 7.1 due to use of &$this
== MediaWiki 1.27.2 ==
This is a security and maintenance release of the MediaWiki 1.27 branch.
ApiCreateAccount was removed in 1.27.0. It was incorrectly still marked as
deprecated (rather than already removed) in the RELEASE-NOTES at the point
1.27.0 was released.
=== Changes since 1.27.1 ===
* (T68404) CSS3 attr() function with url type argument is no longer allowed
in inline styles.
* $wgRunJobsAsync is now false by default (T142751). This change only affects
wikis with $wgJobRunRate > 0.
* (T152717) Better escaping for PHP mail() command
* Submitting the lgtoken and lgpassword parameters in the query string to
action=login is now deprecated and outputs a warning. They should be submitted
in the POST body instead.
* Submitting sensitive authentication request parameters to action=clientlogin,
action=createaccount, action=linkaccount, and action=changeauthenticationdata
in the query string is now deprecated and outputs a warning. They should be
submitted in the POST body instead.
* (T158766) Avoid SQL error on MSSQL when using selectRowCount()
* (T145635) Fix too long index error when installing with MSSQL.
* (T156184) $wgRawHtml will no longer apply to internationalization messages.
* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is
installed.
* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow
redirect to interwiki links.
* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
$wgAdvancedSearchHighlighting is true.
* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
their values out of the logs.
* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a
CSRF token.
* (T156184) SECURITY: Escape content model/format url parameter in message.
* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
declaration.
* (T161453) SECURITY: LocalisationCache will no longer use the temporary
directory in it's fallback chain when trying to work out where to write the
cache.
* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
inclusion syntax's link parameter.
* (T108138) SECURITY: Sysops can undelete pages, although the page is protected
against it.
== MediaWiki 1.27.1 ==
This is a maintenance release of the MediaWiki 1.27 branch.
=== Changes since 1.27.0 ===
* BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests
made by MediaWiki via a proxy. Relying on the http_proxy environment
variable is no longer supported.
* (T139565) SECURITY: API: Generate head items in the context of the given title
* (T137264) SECURITY: XSS in unclosed internal links
* (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks
* (T133147) SECURITY: Require login to preview user CSS pages
* (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is
the top file
* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
permissions
* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true
* (T115333) SECURITY: Check read permission when loading page content in
ApiParse
* (T57548) Remove support for $wgWellFormedXml = false, all output is now well
formed
* (T139670) Move 'UserGetRights' call before application of
Session::getAllowedUserRights()
== MediaWiki 1.27.0 ==
=== PHP version requirement in 1.27 ===
As of 1.27, MediaWiki now requires PHP 5.5.9 or higher (see Compatibility
section). Additionally, the following PHP extensions are required:
* ctype
* iconv
* json
* mbstring (new requirement in 1.27)
* xml
The following PHP extensions are strongly recommended:
* openssl
=== Configuration changes in 1.27 ===
* $wgAllowMicrodataAttributes and $wgAllowRdfaAttributes were removed,
now always enabled. If you use RDFa on your wiki, you now have to explicitly
set $wgHtml5Version to 'HTML+RDFa 1.0' or 'XHTML+RDFa 1.0'.
* $wgUseLinkNamespaceDBFields was removed.
* Deprecated $wgResourceLoaderMinifierStatementsOnOwnLine and
$wgResourceLoaderMinifierMaxLineLength, because there was little value in
making the behavior configurable. The default values (`false` for the former,
1000 for the latter) are now hard-coded.
* $wgDebugDumpSqlLength was removed (deprecated in 1.24).
* $wgDebugDBTransactions was removed (deprecated in 1.20).
* $wgUseXVO has been removed, as it provides functionality only used by
custom Wikimedia patches against Squid 2.x that probably noone uses in
production anymore. There is now $wgUseKeyHeader that provides similar
functionality but instead of the MediaWiki-specific X-Vary-Options header,
uses the draft Key header standard.
* $wgScriptExtension (and support for '.php5' entry points) was removed. See the
deprecation notice in the release notes for version 1.25 for advice on how to
preserve support for '.php5' entry points via URL rewriting.
* Password handling via the User object has been deprecated and partially
removed, pending the future introduction of AuthManager. In particular:
** expirePassword(), getPasswordExpireDate(), resetPasswordExpiration(), and
getPasswordExpired() have been removed. They were unused outside of core.
** The mPassword, mNewpassword, mNewpassTime, and mPasswordExpires fields are
now private and will be removed in the future.
** The getPassword() and getTemporaryPassword() methods now throw
BadMethodCallException and will be removed in the future.
** The ability to pass 'password' and 'newpassword' to createNew() has been
removed. The only users of it seem to have been using it to set invalid
passwords, and so shouldn't be greatly affected.
** setPassword(), setInternalPassword(), and setNewpassword() have been
deprecated, pending the introduction of AuthManager.
** User::randomPassword() is deprecated in favor of a new method
PasswordFactory::generateRandomPasswordString()
** User::getPasswordFactory() is deprecated, callers should just create a
PasswordFactory themselves.
** A new constructor, User::newSystemUser(), has been added to simplify the
creation of passwordless "system" users for logged actions.
* $wgMaxSquidPurgeTitles was removed.
* $wgAjaxWatch was removed. This is now enabled by default.
* $wgUseInstantCommons now hotlinks Commons images by default instead of
downloading originals and thumbnailing them locally. This allows wikis to save
on CPU and bandwidth while reducing time to first byte for pages, even without
a thumbnail handler. See $wgForeignFileRepos documentation for tweaks.
* (T27397) WebP is enabled by default as an uploadable filetype.
* (T48998) $wgArticlePath must now be either a full url, or start with a "/".
* $wgRateLimitLog was removed; use $wgDebugLogGroups['ratelimit'] instead.
* Deprecated API formats dbg, txt, and yaml have been removed.
* CLDRPluralRule* classes have been replaced with
wikimedia/cldr-plural-rule-parser.
* Removed $wgProfilePerHost, $wgUDPProfilerHost, $wgUDPProfilerPort,
$wgUDPProfilerFormatString, $wgStatsMethod, $wgAggregateStatsID,
$wgStatsFormatString, and $wgProfileCallTree (deprecated since 1.20).
* For proper operation of LocalIdLookup with shared user tables, ensure that
$wgSharedDB and $wgSharedTables are properly set even on the "central" wiki
that all others are sharing from and that $wgLocalDatabases is set to the
full list of sharing wikis on all those wikis.
* Massive overhaul to session handling:
** $wgSessionsInObjectCache is no longer supported and must be true, due to
MediaWiki\Session\SessionManager. $wgSessionHandler is similarly no longer
used.
** ObjectCacheSessionHandler is removed, replaced with
MediaWiki\Session\PhpSessionHandler.
** PHP session handling in general ($_SESSION, session_id(), and so on) is
deprecated. Use MediaWiki\Session\SessionManager instead. A new config
variable, $wgPHPSessionHandling, is available to cause use of $_SESSION to
issue a deprecation warning or to cause most PHP session handling to throw
exceptions.
** Deprecated UserSetCookies hook. Session-handling extensions should generally
be creating a custom subclass of CookieSessionProvider. Other extensions
messing with cookies can no longer count on user data being saved in cookies
versus other methods.
** Deprecated UserLoadFromSession hook, extensions should create a
MediaWiki\Session\SessionProvider.
** The User cannot be loaded from session until after Setup.php completes.
Attempts to do so will be ignored and the User will remain unloaded.
** CSRF tokens may be fetched from the MediaWiki\Session\Session, which uses
the MediaWiki\Session\Token class.
* MediaWiki will now auto-create users as necessary, removing the need for
extensions to do so. An 'autocreateaccount' right is added to allow
auto-creation when 'createaccount' is not granted to all users.
* Deprecated AuthPluginAutoCreate hook in favor of LocalUserCreated.
* Most cookie-handling methods in User are deprecated.
* $wgAllowAsyncCopyUploads and $CopyUploadAsyncTimeout were removed. This was an
experimental feature that has never worked.
* Login and createaccount tokens now vary by timestamp.
* LoginForm::getLoginToken() and LoginForm::getCreateaccountToken()
return a MediaWiki\Session\Token, and tokens must be checked using that
class's methods.
* $wgEnotifUseJobQ was removed and the job queue is always used.
* The functionality of the ApiSandbox extension has been merged into core. The
extension should no longer be used.
* $wgPreloadJavaScriptMwUtil was removed (deprecated in 1.26).
Extensions, skins, gadgets and scripts that use the mediawiki.util module must
express a dependency on it.
* $wgIncludeLegacyJavaScript, deprecated in MediaWiki 1.26, now defaults false.
Extensions, skins, gadgets and scripts that need the mediawiki.legacy.wikibits
module should express a dependency on it.
* Removed configuration option $wgCopyrightIcon (deprecated since 1.18). Use
$wgFooterIcons['copyright']['copyright'] instead.
* If the openssl and mcrypt PHP extensions are both unavailable, secure
session storage (used for login) will raise an exception. This exception may
be bypassed by setting $wgSessionInsecureSecrets = true.
* Massive overhaul to authentication:
** AuthPlugin and AuthPluginUser are deprecated.
** LoginForm and associated templates are deprecated. Extensions which called
static LoginForm methods should be converted into authentication providers.
** The following hooks are deprecated:
*** AbortAutoAccount (create a MediaWiki\Auth\PreAuthenticationProvider instead)
*** AbortLogin (create a MediaWiki\Auth\PreAuthenticationProvider instead)
*** AbortNewAccount (create a MediaWiki\Auth\PreAuthenticationProvider instead)
*** AddNewAccount (use LocalUserCreated instead)
*** AuthPluginSetup (create a MediaWiki\Auth\PrimaryAuthenticationProvider
instead)
*** ChangePasswordForm (use AuthChangeFormFields instead, or security levels)
*** LoginUserMigrated (create a MediaWiki\Auth\PreAuthenticationProvider
instead)
*** UserCreateForm (create a MediaWiki\Auth\AuthenticationProvider of some type
instead)
*** UserLoginForm (create a MediaWiki\Auth\AuthenticationProvider of some type
instead)
** The following hooks are removed:
*** AbortChangePassword
*** LoginPasswordResetMessage
*** PrefsPasswordAudit
** The UserLoginComplete hook will no longer be called for all logins, only for
those via the web UI. Use UserLoggedIn if you need to do something on all
logins.
** $wgRequirePasswordforEmailChange is removed.
=== New features in 1.27 ===
* $wgDataCenterUpdateStickTTL was also added. This decides how long a user
sticks to the primary DC (via cookies) after they make changes to the site.
* Added a new hook, 'UserMailerTransformContent', to transform the contents
of an email. This is similar to the EmailUser hook but applies to all mail
sent via UserMailer.
* Added a new hook, 'UserMailerTransformMessage', to transform the contents
of an emai after MIME encoding.
* Added a new hook, 'UserMailerSplitTo', to control which users have to be
emailed separately (ie. there is a single address in the To: field) so
user-specific changes to the email can be applied safely.
* $wgCdnMaxageLagged was added, which limits the CDN cache TTL
when any load balancer uses a DB that is lagged beyond the 'max lag'
setting in the relevant section of $wgLBFactoryConf.
* User::newSystemUser() may be used to simplify the creation of passwordless
"system" users for logged actions from scripts and extensions.
* Extensions can now return detailed error information via the API when
preventing user actions using 'getUserPermissionsErrors' and similar hooks
by using ApiMessage instances instead of strings for the $result value.
* $wgAPIMaxLagThreshold was added to limit bot changes when databases lag
becomes too high.
* Skins and extensions can now use FlexBox mixins (.flex-display(@display: flex)
and .flex(@grow: 1, @shrink: 1, @width: auto, @order: 1)) in Less to create
cross-browser-compatible FlexBox rules. Users will still need to add fallback
float rules or the like for compatibility with IE9- separately.
* Added MWTimestamp::getTimezoneString() which returns the localized timezone
string, if available. To localize this string, see the comments of
$wgLocaltimezone in includes/DefaultSettings.php.
* Added CentralIdLookup, a service that allows extensions needing a concept of
"central" users to get that without having to know about specific central
authentication extensions.
* $wgMaxUserDBWriteDuration added to limit huge user-generated transactions.
Regular web request transactions that takes longer than this are aborted.
* Added a new hook, 'TitleMoveCompleting', which runs before a page move is
committed.
* $wgCdnReboundPurgeDelay was added to provide secondary delayed purges of URLs
from CDN to mitigate DB replication lag and WAN cache purge lag.
* (T49162) Installer will default to setting CACHE_ACCEL as the main cache type
if it is available.
* It is now possible to patrol file uploads (both for new files and new versions
of existing files). Special:NewFiles has gained an option to filter by patrol
status. This functionality can be disabled using $wgUseFilePatrol.
* MediaWiki\Session infrastructure allows for easier use of session mechanisms
other than the usual cookies.
** SessionMetadata and SessionCheckInfo hooks allow for setting and checking
custom session metadata.
* Added MWGrants and associated configuration settings $wgGrantPermissions and
$wgGrantPermissionGroups to hold configuration for authentication features
such as OAuth that want to allow restricting the user rights a user may make
use of.
** If you're already using the OAuth extension, these new variables are
identical to (and will replace) $wgMWOAuthGrantPermissions and
$wgMWOAuthGrantPermissionGroups.
* Added MWRestrictions as a class to check restrictions on a WebRequest, e.g.
to assert that the request comes from a particular IP range.
* Added bot passwords, a rights-restricted login mechanism for API-using bots.
* Whitelisted the following HTML attributes for all elements in wikitext:
aria-describedby, aria-flowto, aria-label, aria-labelledby, aria-owns.
* Removed "presentation" restriction on the HTML role attribute in wikitext.
All values are now allowed for the role attribute.
* $wgContentHandlers now also supports callbacks to create an instance of the
appropriate ContentHandler subclass.
* Added $wgAuthenticationTokenVersion, which if non-null prevents the
user_token database field from being exposed in cookies. Setting this would
be a good idea, but will log out all current sessions.
* $wgEventRelayerConfig was added, for managing PubSub event relay
configuration, specifically for reliable CDN url purges.
* Requests have unique IDs, equal to the UNIQUE_ID environment variable (when
MediaWiki is behind Apache+mod_unique_id or something similar) or a randomly-
generated 24-character string. This request ID is used to annotate log records
and error messages. It is available client-side via
mw.config.get( 'wgRequestId' ).
The request ID supplants exception IDs. Accordingly,
MWExceptionHandler::getLogId() is deprecated.
* (T33313) Add a preference for watching uploads by default, also applies
to API-based upload tools.
* $wgJpegPixelFormat was added to override chroma subsampling for JPEG image
thumbnails created via ImageMagick. Defaults to 'yuv420', providing bandwidth
savings versus the previous behavior on many files.
* MediaWiki\Auth infrastructure (called "AuthManager") allows for more flexible
configuration of multiple authentication pieces that was possible with
AuthPlugin. For example, it's now easy to plug in second-factor
authentication, or add additional checks to the login process, or to support
multiple login methods at once, or to support non-password-based login
methods.
** Providers are configured via the global setting $wgAuthManagerConfig.
** A global, $wgDisableAuthManager, is temporarily available to disable
AuthManager until extensions are ready to support it.
** New hook, AuthChangeFormFields, to adjust the form fields on
AuthManager-related special pages.
** New hook, AuthManagerLoginAuthenticateAudit, for additional logging of
AuthManager-related authentication requests.
** New hook, ChangeAuthenticationDataAudit, for additional logging of
AuthManager-related authentication data changes.
** New hook, SecuritySensitiveOperationStatus, to work with the new mechanism
for requiring a recent login before taking security-sensitive operations
like changing a password.
** Two new globals, $wgChangeCredentialsBlacklist and
$wgRemoveCredentialsBlacklist can be used to prevent the web UI and the API
changing certain authentication data.
* The file upload dialog (available if you install WikiEditor or VisualEditor)
can now be configured using $wgUploadDialog.
=== External library changes in 1.27 ===
==== Upgraded external libraries ====
* Updated oojs/oojs-ui from v0.12.12 to v0.13.3.
* Updated composer/semver from v1.0.0 to v1.2.0.
* Updated liuggio/statsd-php-client to 1.0.18.
* Updated QUnit from v1.18.0 to v1.22.0.
==== New external libraries ====
* Added wikimedia/base-convert v1.0.1.
* Added wikimedia/cldr-plural-rule-parser v1.0.0.
* Added wikimedia/relpath v1.0.3.
* Added wikimedia/running-stat v1.1.0.
* Added wikimedia/php-session-serializer v1.0.3.
==== Removed and replaced external libraries ====
=== Bug fixes in 1.27 ===
* Special:Upload will now display correct maximum allowed file size when running
under HHVM (T116347).
* (T54077) The APIEditBeforeSave hook will once again give only the content of
the section being edited, rather than the whole revision. This reverts the
change made in MediaWiki 1.22.
=== Action API changes in 1.27 ===
* Added list=allrevisions.
* generator=recentchanges now has the option to generate revids.
* ApiPageSet::setRedirectMergePolicy() was added. This allows generator
modules to define how generator data for a redirect source gets merged
into the redirect destination.
* prop=imageinfo&iiprop=uploadwarning will no longer include the possibility of
"was-deleted" warning.
* Added difftotextpst to query=revisions which preforms a pre-save transform on
the text before diffing it.
* Deprecated formats dbg, txt, and yaml have been removed.
* (T47988) The protect log event details now use new-style formatting.
* The following response properties from action=login are deprecated, and may
be removed in the future: lgtoken, cookieprefix, sessionid. Clients should
handle cookies to properly manage session state.
* action=login transparently allows login using bot passwords. Clients should
merely need to change the username and password used after setting up a bot
password.
* action=upload no longer understands statuskey, asyncdownload or leavemessage.
* Several changes when $wgDisableAuthManager is false:
** action=login is deprecated for uses other than bot passwords.
** list=users can now indicate if a missing username is creatable.
** action=createaccount is changed in a non-backwards-compatible manner.
** Added action=query&meta=authmanagerinfo.
** Added action=clientlogin to be used to log into the main account instead of
action=login.
** Added action=linkaccount.
** Added action=unlinkaccount.
** Added action=changeauthenticationdata.
** Added action=removeauthenticationdata.
** Added action=resetpassword.
=== Action API internal changes in 1.27 ===
* ApiQueryORM removed.
* The following classes have been removed:
** ApiFormatDbg
** ApiFormatTxt
** ApiFormatYaml
* ApiBase::addTokenProperties() was removed (deprecated since 1.24).
* ApiBase::getFinalPossibleErrors() was removed (deprecated since 1.24).
* ApiBase::getFinalResultProperties() was removed (deprecated since 1.24).
* ApiBase::getRequireAtLeastOneParameterErrorMessages() was removed (deprecated
since 1.24).
* ApiBase::getPossibleErrors() was removed (deprecated since 1.24).
* ApiBase::getRequireMaxOneParameterErrorMessages() was removed (deprecated
since 1.24).
* ApiBase::getRequireOnlyOneParameterErrorMessages() was removed (deprecated
since 1.24).
* ApiBase::getResultProperties() was removed (deprecated since 1.24).
* ApiBase::getTitleOrPageIdErrorMessage() was removed (deprecated since 1.24).
* ApiBase::parseErrors() was removed (deprecated since 1.24).
* ApiQueryBase::titleToKey(), ApiQueryBase::keyToTitle() and
ApiQueryBase::keyPartToTitle() all removed (deprecated since 1.24).
* ApiQueryBase::checkRowCount() was removed (deprecated since 1.24).
* ApiQueryBase::getDirectionDescription() was removed (deprecated since 1.25).
* ApiQuery::getGenerators() was removed (deprecated since 1.21).
* ApiQuery::getModules() was removed (deprecated since 1.21).
* ApiQuery::getModuleType() was removed (deprecated since 1.21).
* ApiQuery::setGeneratorContinue() was removed (deprecated since 1.24).
* ApiMain::getModules() was removed (deprecated since 1.21).
* ApiBase::getVersion() was removed (deprecated since 1.21).
* ApiMain::getShowVersions() was removed (deprecated in 1.21).
* ApiMain::addModule() was removed (deprecated in 1.21).
* ApiMain::addFormat() was removed (deprecated in 1.21).
* ApiMain::getFormats() was removed (deprecated in 1.21).
* ApiPageSet::finishPageSetGeneration() was removed (deprecated in 1.21).
* ApiCreateAccount was removed.
=== Languages updated in 1.27 ===
MediaWiki supports over 350 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Phabricator reports.
* (T113688) Change default numerals from Gurmukhi to Arabic for Punjabi locale.
* (T116020) Aliases of magic words in MessagesXx.php are sorted by usage.
=== Other changes in 1.27 ===
* Added dependency injection (DI) infrastructure, see docs/injection.txt for
details.
It is planned to incrementally move MediaWiki code towards using DI, using the
service locator (SL) pattern as a stepping stone.
* ProfilerOutputUdp was removed. Note that there is a ProfilerOutputStats class.
* WikiPage::doDeleteArticleReal() and WikiPage::doDeleteArticle() now
ignore the 2nd and 3rd arguments (formerly $id and $commit).
* Removed "loaderScripts" option from ResourceLoaderFileModule class.
* Removed ORM-like wrapper added in 1.20.
* LinkCache::getGoodLinks and LinkCache::getBadLinks were removed
(deprecated in 1.26).
* WikiPage::doQuickEdit() was removed (deprecated since 1.21).
* Removed SiteObject and SiteArray classes (deprecated in 1.21).
* MessageBlobStore::getInstance() was removed (deprecated since 1.25).
* (T84937) Free external links ("autolinked" urls) will now be terminated
by and HTML entity encodings of  , <, and >.
* (T36948) The default file revert message's timestamp is now in
$wgLocaltimezone, instead of UTC.
* The default name of the 'suppress' group page has been changed from
'Project:Oversight' to 'Project:Suppress'.
* DatabaseBase::resultObject() is now protected (use outside Database classes
not necessary since 1.11).
* Calling ResourceLoaderFileModule::readStyleFiles() without a
ResourceLoaderContext instance is deprecated.
* ResourceLoader::getLessCompiler() now takes an optional parameter of
additional LESS variables to set for the compiler.
* wfBaseConvert() marked as deprecated, use Wikimedia\base_convert() directly
instead.
* Obsolete maintenance scripts clearCacheStats.php and showCacheStats.php
were removed. The underlying data is sent to StatsD (see $wgStatsdServer).
* Removed msg_resource_links database table and associated code.
* Removed msg_resource database table and associated code.
* Skin::getNamespaceNotice() was removed.
* wfIsConfiguredProxy() was removed (deprecated since 1.24).
* wfDebugTimer() was removed (deprecated since 1.25).
* wfIsTrustedProxy() was removed (deprecated since 1.24).
* wfGetIP() was removed (deprecated since 1.19).
* MWHookException was removed.
* OutputPage::appendSubtitle() was removed (deprecated since 1.19).
* OutputPage::loginToUse() was removed (deprecated since 1.19).
* Article::loadContent() was removed (deprecated since 1.19).
* User::editToken() was removed (deprecated since 1.19).
* Removed --force-normal option of dumpBackup.php, as it no longer served
any useful purpose since 1.22.
* The functions processOption() and processArgs() on the BackupDumper and
TextPassDumper classes have been removed.
* The maintenance/backupTextPass.inc file was deleted. You should include
maintenance/dumpTextPass.php instead.
* WikiPage::getUsedTemplates() was removed (deprecated since 1.19).
* wfEmptyMsg() was removed (deprecated since 1.18).
* OutputPage::permissionRequired() was removed (deprecated since 1.18).
* OutputPage::blockedPage() was removed (deprecated since 1.18).
* User::getSkin() was removed (deprecated since 1.18).
* OutputPage::includeJQuery() was removed (deprecated since 1.17).
* WikiPage::updateRestrictions() was removed (deprecated since 1.19).
* WikiPage::testPreSaveTransform() was removed (deprecated since 1.19).
* LogPage::logName() was removed (deprecated since 1.19).
* LogPage::logHeader() was removed (deprecated since 1.19).
* wfCheckLimits() was removed (deprecated since 1.24).
* Linker::makeKnownLinkObj() was removed (deprecated since 1.16).
* Linker::makeLinkObj() was removed (deprecated since 1.16).
* wfMsgForContentNoTrans() was removed (deprecated since 1.18).
* ChangesList::usePatrol was removed (deprecated since 1.22).
* wfMsgNoTrans() was removed (deprecated since 1.18).
* Linker::makeImageLink2 was removed (deprecated since 1.20).
* Title::userIsWatching() was removed (deprecated since 1.20).
* Removed WaitForSlave maintenance script; use SELECT MASTER_POS_WAIT()
database function directly instead.
* wfMsg() was removed (deprecated since 1.18).
* wfMsgForContent() was removed (deprecated since 1.18).
* wfMsgReal() was removed (deprecated since 1.18).
* wfMsgGetKey() was removed (deprecated since 1.18).
* wfMsgHtml() was removed (deprecated since 1.18).
* wfMsgWikiHtml() was removed (deprecated since 1.18).
* wfMsgExt() was removed (deprecated since 1.18).
* Language::armourMath() was removed (deprecated since 1.22).
* LanguageConverter::armourMath() was removed (deprecated since 1.22).
* FakeConverter::armourMath() was removed (deprecated since 1.22).
* The unused jquery.validate ResourceLoader module was removed.
* FileRepo::getRootUrl() was removed (deprecated since 1.20).
* User::generateToken() was removed (deprecated since 1.20).
* WikiPage::getRawText() was removed (deprecated since 1.21).
* ParserOutput::hasCustomDataUpdates() was removed (deprecated since 1.25).
* ParserOutput::addSecondaryDataUpdate() was removed (deprecated since 1.25).
* ParserOutput::getSecondaryDataUpdates() was removed (deprecated since 1.25).
* Gallery images with multiple caption pipes no longer concatenate them all
together but instead pick the final one, similar to image syntax.
* XML-like parser tags (such as <gallery>), when unclosed, will be left unparsed
rather than consume everything until the end of the page.
* New maintenance script resetUserEmail.php allows sysadmins to reset user
emails in case a user forgot password/account was stolen.
* wfCheckEntropy() was removed (deprecated in 1.27).
* Browser support for Internet Explorer 8 lowered from Grade A to Grade C.
* ContentHandler::supportsCategories method added. Default is true.
CategoryMembershipChangeJob updates are skipped for content that
does not support categories.
* wikidiff difference engine is no longer supported, anyone still using it are
encouraged to upgrade to wikidiff2 which is actively maintained and has better
package availability.
* Database logic was removed from WatchedItem and a WatchedItemStore was
created:
** WatchedItem::IGNORE_USER_RIGHTS and WatchedItem::CHECK_USER_RIGHTS were
deprecated. User::IGNORE_USER_RIGHTS and User::CHECK_USER_RIGHTS were
introduced.
** WatchedItem::fromUserTitle was deprecated in favour of the constructor.
** WatchedItem::resetNotificationTimestamp was deprecated.
** WatchedItem::batchAddWatch was deprecated.
** WatchedItem::addWatch was deprecated.
** WatchedItem::removeWatch was deprecated.
** WatchedItem::isWatched was deprecated.
** WatchedItem::duplicateEntries was deprecated.
** EmailNotification::updateWatchlistTimestamp was deprecated.
** User::getWatchedItem was removed.
* Unit tests don't work with external PHPUnit anymore, Composer is now the only
supported way. Run `composer install` to install it and other dev dependencies
to run unit tests.
* wl_id field added to the watchlist table.
* Revision::getRawText() was removed (deprecated since 1.21).
* WikiPage::replaceSection() was removed (deprecated since 1.21).
* Article::replaceSection() was removed (deprecated since 1.21).
* Language::getLangObj() was removed (deprecated since 1.24).
* Language::getLanguageName() was removed (deprecated since 1.20).
* Language::getLanguageNames() was removed (deprecated since 1.20).
* Language::getTranslatedLanguageNames() was removed (deprecated since 1.20).
* Language::specialPage() was removed (deprecated since 1.24).
* MediaWikiTestCase::assertException() was removed (deprecated since 1.22).
* OutputPage::getHeadItems() was removed (deprecated since 1.24).
* OutputPage::getScript() was removed (deprecated since 1.24).
* OutputPage::out() was removed (deprecated since 1.22).
* OutputPage::setAllowedModules() was removed (deprecated since 1.24).
* UserrightsPage::makeGroupNameListForLog() was removed (deprecated since 1.21).
* MediaWikiSite::newFromGlobalId() was removed (deprecated since 1.21).
* Title::newFromRedirect() was removed (deprecated since 1.21).
* Skin::commonPrintStylesheet() was removed (deprecated since 1.22).
* Skin::getCommonStylePath() was removed (deprecated since 1.24).
* Skin::newFromKey() was removed (deprecated since 1.24).
* Skin::getUsableSkins() was removed (deprecated since 1.23).
* LoadBalancer::pickRandom() was removed (deprecated in 1.21).
* Article::getUndoText() and WikiPage::getUndoText were removed (deprecated
since 1.21).
* DifferenceEngine::setText() was removed (deprecated in 1.21).
* Title::newFromRedirectArray() was removed (deprecated in 1.21).
* UserMailer::send() no longer accepts $replyto as the 5th argument and
$contentType as the 6th. These must be passed in the options array now.
* Title::newFromRedirectRecurse() was removed (deprecated in 1.21).
* Skin::accesskey was removed (deprecated since 1.21).
* Skin::blockLink was removed (deprecated since 1.21).
* Skin::buildRollbackLink was removed (deprecated since 1.21).
* Skin::emailLink was removed (deprecated since 1.21).
* Skin::formatComment was removed (deprecated since 1.21).
* Skin::formatHiddenCategories was removed (deprecated since 1.21).
* Skin::formatLinksInComment was removed (deprecated since 1.21).
* Skin::formatRevisionSize was removed (deprecated since 1.21).
* Skin::formatSize was removed (deprecated since 1.21).
* Skin::formatTemplates was removed (deprecated since 1.21).
* Skin::generateTOC was removed (deprecated since 1.21).
* Skin::getInternalLinkAttributes was removed (deprecated since 1.21).
* Skin::getInternalLinkAttributesObj was removed (deprecated since 1.21).
* Skin::getInterwikiLinkAttributes was removed (deprecated since 1.21).
* Skin::getInvalidTitleDescription was removed (deprecated since 1.21).
* Skin::getLinkColour was removed (deprecated since 1.21).
* Skin::getRevDeleteLink was removed (deprecated since 1.21).
* Skin::getRollbackEditCount was removed (deprecated since 1.21).
* Skin::makeBrokenImageLinkObj was removed (deprecated since 1.21).
* Skin::makeCommentLink was removed (deprecated since 1.21).
* Skin::makeExternalImage was removed (deprecated since 1.21).
* Skin::makeExternalLink was removed (deprecated since 1.21).
* Skin::makeHeadline was removed (deprecated since 1.21).
* Skin::makeImageLink was removed (deprecated since 1.21).
* Skin::makeMediaLinkFile was removed (deprecated since 1.21).
* Skin::makeMediaLinkObj was removed (deprecated since 1.21).
* Skin::makeSelfLinkObj was removed (deprecated since 1.21).
* Skin::makeThumbLink2 was removed (deprecated since 1.21).
* Skin::makeThumbLinkObj was removed (deprecated since 1.21).
* Skin::normaliseSpecialPage was removed (deprecated since 1.21).
* Skin::normalizeSubpageLink was removed (deprecated since 1.21).
* Skin::processResponsiveImages was removed (deprecated since 1.21).
* Skin::revComment was removed (deprecated since 1.21).
* Skin::revDeleteLink was removed (deprecated since 1.21).
* Skin::revDeleteLinkDisabled was removed (deprecated since 1.21).
* Skin::revUserLink was removed (deprecated since 1.21).
* Skin::revUserTools was removed (deprecated since 1.21).
* Skin::specialLink was removed (deprecated since 1.21).
* Skin::splitTrail was removed (deprecated since 1.21).
* Skin::titleAttrib was removed (deprecated since 1.21).
* Skin::tocIndent was removed (deprecated since 1.21).
* Skin::tocLine was removed (deprecated since 1.21).
* Skin::tocLineEnd was removed (deprecated since 1.21).
* Skin::tocList was removed (deprecated since 1.21).
* Skin::tocUnindent was removed (deprecated since 1.21).
* Skin::tooltip was removed (deprecated since 1.21).
* Skin::tooltipAndAccesskeyAttribs was removed (deprecated since 1.21).
* Skin::userTalkLink was removed (deprecated since 1.21).
* Skin::userToolLinksRedContribs was removed (deprecated since 1.21).
* wikidiff3 is now the default and only PHP diff engine. It provides improved
diff performance on complex changes. $wgExternalDiffEngine = 'wikidiff3'
therefore makes no difference now. Users are still recommended to use
wikidiff2 if possible, though.
* User::addNewUserLogEntry() was deprecated.
* User::addNewUserLogEntryAutoCreate() was deprecated.
* User::isPasswordReminderThrottled() was deprecated.
* Bot-oriented parameters to Special:UserLogin (wpCookieCheck,
wpSkipCookieCheck) were removed.
* Installer can now be customized without patching MediaWiki code, see
mw-config/overrides/README for details.
=== Compatibility ===
MediaWiki 1.27 requires PHP 5.5.9 or later. There is experimental support for
HHVM 3.6.5 or later.
MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but
support for them is somewhat less mature. There is experimental support for
Oracle and Microsoft SQL Server.
The supported versions are:
* MySQL 5.0.3 or later
* PostgreSQL 8.3 or later
* SQLite 3.3.7 or later
* Oracle 9.0.1 or later
* Microsoft SQL Server 2005 (9.00.1399)
=== Upgrading ===
1.27 has several database changes since 1.26, and will not work without schema
updates. Note that due to changes to some very large tables like the revision
table, the schema update may take quite long (minutes on a medium sized site,
many hours on a large site).
If upgrading from before 1.11, and you are using a wiki as a commons
repository, make sure that it is updated as well. Otherwise, errors may arise
due to database schema changes.
If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
new database fields are filled with data.
If you are upgrading from MediaWiki 1.4.x or earlier, you should upgrade to
1.5 first. The upgrade script maintenance/upgrade1_5.php has been removed
with MediaWiki 1.21.
Don't forget to always back up your database before upgrading!
See the file UPGRADE for more detailed upgrade instructions.
For notes on 1.26.x and older releases, see HISTORY.
= MediaWiki 1.26 =
== MediaWiki 1.26.4 ==
This is a maintenance release of the MediaWiki 1.26 branch.
=== Changes since 1.26.3 ===
* BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests
made by MediaWiki via a proxy. Relying on the http_proxy environment
variable is no longer supported.
* (T124163) Fixed fatal error in DifferenceEngine under HHVM.
* (T139565) SECURITY: API: Generate head items in the context of the given title
* (T137264) SECURITY: XSS in unclosed internal links
* (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks
* (T133147) SECURITY: Require login to preview user CSS pages
* (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is
the top file
* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
permissions
* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true
* (T115333) SECURITY: Check read permission when loading page content in
ApiParse
* Remove support for $wgWellFormedXml = false, all output is now well formed
== MediaWiki 1.26.3 ==
This is a maintenance release of the MediaWiki 1.26 branch.
=== Changes since 1.26.2 ===
* (T116266) Fixed undefined property notices in DairikiDiff under HHVM.
* (T123166) Fix fatal error when importing pages to titles which cannot be
created, such as invalid titles or titles the user is not allowed to edit.
* (T122056) Old tokens are remaining valid within a new session
* (T127114) Login throttle can be tricked using non-canonicalized usernames
* (T123653) Cross-domain policy regexp is too narrow
* (T123071) Incorrectly identifying http link in a's href attributes, due to
m modifier in regex
* (T129506) MediaWiki:Gadget-popups.js isn't renderable
* (T125283) Users occasionally logged in as different users after
SessionManager deployment
* (T103239) Patrol allows click catching and patrolling of any page
* (T122807) [tracking] Check php crypto primatives
* (T98313) Graphs can leak tokens, leading to CSRF
* (T130947) Diff generation should use PoolCounter
* (T133507) Careless use of $wgExternalLinkTarget is insecure
* (T132874) API action=move is not rate limited
* (T110143) strip markers can be used to get around html attribute escaping in
(many?) parser tags
* (T116030) Increase pbkdf2 parameter strengths
* (T127420) Pbkdf2Password does not check if hash_pbkdf2() succeeded
* (T126685) Globally throttle password attempts
== MediaWiki 1.26.2 ==
This is a maintenance release of the MediaWiki 1.26 branch.
=== Changes since 1.26.1 ===
* (T121892) Fix fatal error on some Special pages, introduced in 1.26.1.
== MediaWiki 1.26.1 ==
This is a maintenance release of the MediaWiki 1.26 branch.
=== Changes since 1.26.0 ===
* (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths
that do not begin with a slash. This enabled trivial XSS attacks.
Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are
"/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an
error.
* (T119309) SECURITY: Use hash_compare() for edit token comparison
* (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting
with '@' as file uploads
* (T115522) SECURITY: Passwords generated by User::randomPassword() can no
longer be shorter than $wgMinimalPasswordLength
* (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could
result in improper blocks being issued
* (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions
and related pages no longer use HTTP redirects and are now redirected by
MediaWiki
* Fixed ConfigException in ExpandTemplates due to AlwaysUseTidy.
* Fixed stray literal \n in Special:Search.
* Fix issue that breaks HHVM Repo Authorative mode.
* (T120267) Work around APCu memory corruption bug
== MediaWiki 1.26.0 ==
=== Configuration changes in 1.26 ===
* $wgPasswordResetRoutes['email'] = true by default.
* $wgEnableParserCache was deprecated, set $wgParserCacheType to CACHE_NONE
instead if you want to disable the parser cache.
* New-style continuation is now the default for API action=continue. Clients may
use the 'rawcontinue' parameter to receive raw query-continue data, but the
new style is encouraged as it's harder to implement incorrectly.
* Deprecated API formats dump and wddx have been completely removed.
* (T7645) The "Signature" button on the edit toolbar is now hidden by default
in non-talk namespaces. A new configuration variable,
$wgExtraSignatureNamespaces, controls in which subject (non-talk) namespaces
the "Signature" button on the edit toolbar will be displayed.
* $wgResourceLoaderUseESI was deprecated and removed. This was an experimental
feature that was never enabled by default.
* $wgResourceLoaderExperimentalAsyncLoading was deprecated and removed.
This experimental feature was never enabled by default and is obsolete as of
MediaWiki 1.26, in where ResourceLoader became fully asynchronous.
* $wgMasterWaitTimeout was removed (deprecated in 1.24).
* Fields in ParserOptions are now private. Use the accessors instead.
* Custom LESS functions (defined via $wgResourceLoaderLESSFunctions or
in extension.json) have been removed, after being deprecated in 1.24.
* $wgAlwaysUseTidy has been removed.
* ResetSessionID hook has been removed. Nothing seems to use it.
* Certain AuthPlugin methods are deprecated in favor of new hooks:
** AuthPlugin::initUser() is replaced by LocalUserCreated.
** AuthPlugin::updateUser() is replaced by UserLoggedIn.
** AuthPlugin::updateExternalDB() is replaced by the existing UserSaveSettings.
** AuthPlugin::updateExternalDBGroups() is replaced by UserGroupsChanged.
** AuthPluginUser::isHidden() is replaced by UserIsHidden.
** AuthPluginUser::isLocked() is replaced by UserIsLocked.
* The UserRights hook is deprecated in favor of the new UserGroupsChanged hook.
* AuthPlugin::initUser() and AuthPlugin::updateUser() should no longer replace
the passed User object.
* $wgBlockAllowsUTEdit is now set to true by default. This allows
blocked users to edit their talk pages unless explicitly disabled
when they are being blocked.
=== New features in 1.26 ===
* (T51506) Now action=info gives estimates of actual watchers for a page.
See $wgRCMaxAge, $wgWatchersMaxAge and $wgUnwatchedPageSecret
to learn how to configure if needed.
* Change tags can now be hidden in the interface by disabling the associated
"tag-<id>" interface message.
* ':' (colon) is now invalid in usernames for new accounts. Existing accounts
are not affected.
* Added a new hook, 'LogException', to log exceptions in nonstandard ways.
* Revive the 'SpecialSearchResultsAppend' hook which occurs after the list of
search results are rendered. The initial use case is to append a "give us
feedback" link beneath the search results.
* Added a new hook, 'RejectParserCacheValue', which allows extensions to
reject an otherwise-successful parser cache lookup. The intent is to allow
extensions to manage the eviction of archaic HTML output from the cache.
* (T68699) The expiration of the UserID and Token login cookies
($wgExtendedLoginCookieExpiration) can be configured independently of the
expiration of all other cookies ($wgCookieExpiration).
* (T50519) Support for generating JPEG/PNG thumbnails from WebP images added
if ImageMagick is used as image scaler ($wgUseImageMagick = true). Uploading
of WebP images still disabled by default. Add $wgFileExtensions[] =
'webp'; to LocalSettings.php to enable uploading of WebP images.
* Added new hooks 'EnhancedChangesListModifyLineData' &
'EnhancedChangesListModifyBlockLineData', to modify the data used to build
lines in enhanced recentchanges and watchlist.
* Caches that need purging ability now use the WANObjectCache interface.
This corresponds to a new $wgMainWANCache setting, which defaults to using
the $wgMainCacheType settings.
* Callers needing fast light-weight data stores use $wgMainStash to select
the store type from $wgObjectCaches. The default is the local database.
* Interface message overrides in the MediaWiki namespace will now be cached in
memcached and APC (if available), rather than memcached and local files.
* Added a new hook, 'RandomPageQuery', to allow modification of the query used
by Special:Random to select random pages.
* $wgTransactionalTimeLimit was added, which controls the request time limit
for potentially slow POST requests that need to be as atomic as possible.
* ResourceLoader now loads all scripts asynchronously. The top-queue and
startup modules are no longer synchronously loaded.
* 'mediawiki.ui.button' styles are no longer unconditionally loaded on every
page. During the deprecation period, the styles will only be loaded on pages
which contain 'mw-ui-button' in their HTML. Starting in 1.28, the styles will
only be loaded if explicitly required.
* If search returns zero results and current search engine has a "did you mean"
suggestion, results for suggestion will be shown. Can be disabled by setting
$wgSearchRunSuggestedQuery to false.
* Added several JavaScript libraries for uploading files to MediaWiki
from the client-side. See documentation for mw.Upload and its
subclasses for more information.
* Added OOUI dialogs and layout for file upload interfaces. See
documentation for mw.Upload.Dialog, mw.Upload.BookletLayout and its
subclasses for more information.
=== extension.json changes in 1.26 ===
* (T99344) The extension.json schema is now versioned. All extensions
and skins should set a "manifest_version" property corresponding to
the schema version they were written for. The only supported version
currently is "1".
* (T102523) The error message if a non-array attribute is set was improved.
* (T107646) Configuration settings can now specify how they should be merged,
which is necessary for arrays using integer keys.
* (T110389) Adding namespaces through extension.json now actually works
* $wgNamespaceProtection can now be set in extension.json.
* $wgCapitalLinkOverrides can now be set in extension.json.
* (T97186) Extensions using a custom prefix for their configuration settings
can now set a "_prefix" key to override the default of "wg".
* (T99084) Extensions can now specify what MediaWiki core versions they
depend upon.
* (T105236) The extension.json schema now validates custom classes in
the "ResourceModules" property properly.
=== External library changes in 1.26 ===
==== Upgraded external libraries ====
* Updated es5-shim from v4.0.0 to v4.1.5.
* Updated json2 from revision 2014-02-04 to 2015-05-03.
* Updated Sinon.JS from 1.10.3 to 1.15.4.
* Updated jQuery Client from v1.0.0 to v2.0.0.
* Updated QUnit from v1.17.1 to v1.18.0.
* Updated liuggio/statsd-php-client from v1.0.12 to v1.0.16.
* Updated oojs/oojs-ui from v0.11.3 to v0.12.12.
* Updated wikimedia/cdb from v1.0.1 to v1.3.0.
* Updated wikimedia/utfnormal from v1.0.2 to v1.0.3.
* Updated wikimedia/composer-merge-plugin from v1.0.0 to v1.3.0.
* Updated zordius/lightncandy from v0.18 to v0.21.
==== New external libraries ====
* Added composer/semver v1.0.0.
* Added mediawiki/at-ease v1.1.0.
* Added wikimedia/assert v0.2.2.
* Added wikimedia/ip-set v1.0.1.
* Added wikimedia/wrappedstring v2.0.0.
==== Removed and replaced external libraries ====
* Replaced leafo/lessphp v0.5.0 with oyejorge/less.php v1.7.0.9.
=== Bug fixes in 1.26 ===
* (T53283) load.php sometimes sends 304 response without full headers
* (T65198) Talk page tabs now have a "rel=discussion" attribute
* (T98841) {{msgnw:}} now preserves comments even when subst: is not used.
* (T104142) $wgEmergencyContact and $wgPasswordSender now use their default
value if set to an empty string.
=== Action API changes in 1.26 ===
* New-style continuation is now the default for action=continue. Clients may
use the 'rawcontinue' parameter to receive raw query-continue data, but the
new style is encouraged as it's harder to implement incorrectly.
* Deprecated API formats dump and wddx have been completely removed.
* API action=query&list=tags: The displayname can now be boolean false if the
tag is meant to be hidden from user interfaces.
* action=import no longer allows both the namespace= and rootpage= parameters
to be set. If they are both set, the value of rootpage= will be ignored.
* prop=revision output in enum mode is now sorted by timestamp rather than
revision ID. This usually won't make any difference.
* (T102645) Namespace list from meta=siteinfo&siprop=namespaces is now an array
with formatversion=2.
* Various other output from meta=siteinfo will now always be arrays instead of
sometimes being numerically-indexed objects with formatversion=2.
* When errors about users being blocked are returned, they now include
information about the relevant block.
* (T99926) list=random has higher limits, in line with other API modules.
* list=random's rnredirect parameter is deprecated in favor of a new
rnfilterredir parameter that also allows for listing both redirects and
non-redirects.
* list=random now supports continuation.
* API responses to GET requests may now include ETag and Last-Modified headers,
and will honor corresponding If-None-Match and If-Modified-Since on such
requests.
=== Action API internal changes in 1.26 ===
* New metadata item ApiResult::META_KVP_MERGE to allow for merging the KVP key
into the value when the value is an assoc.
* API action modules may now provide values for the RFC 7232 ETag and
Last-Modified headers. The API will check these against If-None-Match and
If-Modified-Since request headers on GET requests and avoid executing the
module when appropriate.
=== Languages updated in 1.26 ===
MediaWiki supports over 350 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Phabricator reports.
* Languages added:
** ase (American sign language), thanks to translator Icemandeaf
** dty (डोटेली/Doteli), thanks to translators जनक राज भट्ट, बिप्लब आनन्द,
मेश सिंह बोहरा, and राम प्रसाद जोशी
** luz (لئری دوٙمینی / Southern Luri)
** olo (Livvinкarjala / Livvi-Karelian), thanks to translators Denö, Hiloin
Natoi, Ilja.mos, and Mashoi7
=== Other changes in 1.26 ===
* ChangeTags::tagDescription() will return false if the interface message
for the tag is disabled.
* Added PageHistoryPager::doBatchLookups hook.
* Added $wikiId parameter to FormatAutocomments hook.
* Added ParserCacheSaveComplete to ParserCache
* supportsDirectEditing and supportsDirectApiEditing methods added to
ContentHandler, to provide a way for ApiEditPage and EditPage to check
if direct editing of content is allowed. These methods return false,
by default for the ContentHandler base class and true for TextContentHandler
and it's derivative classes (everything in core). For Content types that
do not support direct editing, an alternative mechanism should be provided
for editing, such as action overrides or specific api modules.
* mediaWiki.confirmCloseWindow now returns an object of functions, instead of
one function. The callback can't be called directly any more. The callback
function is replaced with confirmCloseWindow.release().
* BREAKING CHANGE: Added an optional ResouceLoaderContext parameter to
ResourceLoaderModule::getDependencies(). Extension classes that override that
method should be updated. If they aren't updated, PHP Strict standards
warnings will appear when E_STRICT error reporting is enabled. Note: in the
near future, this parameter will probably become non-optional.
* Removed maintenance script deleteImageMemcached.php.
* MWFunction::newObj() was removed (deprecated in 1.25).
ObjectFactory::getObjectFromSpec() should be used instead.
* The parser will no longer randomize the string it uses to mark the place of
items that were stripped during parsing. It will use a fixed string instead.
This causes the parser to re-use the regular expressions it uses to search
and replace markers rather than generate novel expressions on each parse.
Re-using regular expressions will improve performance on HHVM and the
forthcoming PHP 7. The interfaces changes accompanying this change are:
- Parser::getRandomString() and Parser::uniqPrefix() have been deprecated.
- The $uniq_prefix argument for Parser::extractTagsAndParams() and the
$prefix argument for StripState::_construct() are deprecated and their
value is ignored.
* wfSuppressWarnings() and wfRestoreWarnings() were split into a separate
library, mediawiki/at-ease, and are now deprecated. Callers should use
MediaWiki\suppressWarnings() and MediaWiki\restoreWarnings() directly.
* The Block class constructor now takes an associative array of parameters
instead of many optional positional arguments. Calling the constructor the old
way will issue a deprecation warning.
* The jquery.mwExtension module was deprecated.
* $wgSpecialPageGroups was removed (deprecated in 1.21).
* SpecialPageFactory::setGroup was removed (deprecated in 1.21).
* SpecialPageFactory::getGroup was removed (deprecated in 1.21).
* DatabaseBase::ignoreErrors() is now protected.
* BREAKING CHANGE: mediawiki.legacy.ajax has been removed, following
a lengthy deprecation period.
* The ScopedPHPTimeout class was removed.
* Removed maintenance script fixSlaveDesync.php.
* Watchlist tokens, SpecialResetTokens, and User::getTokenFromOption()
are deprecated. Applications using those can work via the OAuth
extension instead. New tokens types should not be added.
* DatabaseBase::errorCount() was removed (unused).
* $wgDeferredUpdateList was removed.
* DeferredUpdates::addHTMLCacheUpdate() was removed.
= MediaWiki 1.25 =
== MediaWiki 1.25.6 ==
This is a maintenance release of the MediaWiki 1.25 branch.
=== Changes since 1.25.5 ===
* (T123166) Fix fatal error when importing pages to titles which cannot be
created, such as invalid titles or titles the user is not allowed to edit.
* (T122056) Old tokens are remaining valid within a new session
* (T127114) Login throttle can be tricked using non-canonicalized usernames
* (T123653) Cross-domain policy regexp is too narrow
* (T123071) Incorrectly identifying http link in a's href attributes, due to
m modifier in regex
* (T129506) MediaWiki:Gadget-popups.js isn't renderable
* (T125283) Users occasionally logged in as different users after
SessionManager deployment
* (T103239) Patrol allows click catching and patrolling of any page
* (T122807) [tracking] Check php crypto primatives
* (T98313) Graphs can leak tokens, leading to CSRF
* (T130947) Diff generation should use PoolCounter
* (T133507) Careless use of $wgExternalLinkTarget is insecure
* (T132874) API action=move is not rate limited
* (T110143) strip markers can be used to get around html attribute escaping in
(many?) parser tags
* (T116030) Increase pbkdf2 parameter strengths
* (T127420) Pbkdf2Password does not check if hash_pbkdf2() succeeded
* (T126685) Globally throttle password attempts
== MediaWiki 1.25.5 ==
This is a maintenance release of the MediaWiki 1.25 branch.
=== Changes since 1.25.4 ===
* (T121892) Fix fatal error on some Special pages, introduced in 1.25.4.
== MediaWiki 1.25.4 ==
This is a security and maintenance release of the MediaWiki 1.25 branch.
=== Changes since 1.25.3 ===
* (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths
that do not begin with a slash. This enabled trivial XSS attacks.
Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are
"/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an
error.
* (T119309) SECURITY: Use hash_compare() for edit token comparison
* (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting
with '@' as file uploads
* (T115522) SECURITY: Passwords generated by User::randomPassword() can no
longer be shorter than $wgMinimalPasswordLength
* (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could
result in improper blocks being issued
* (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions
and related pages no longer use HTTP redirects and are now redirected by
MediaWiki
* (T103237) $wgUseGzip had no effect when using file cache.
* (T114606) mw.notify was not correctly fixed to the page if
initialized while not at the top of the page.
* Fix issue that breaks HHVM Repo Authorative mode.
== MediaWiki 1.25.3 ==
This is a security and maintenance release of the MediaWiki 1.25 branch.
=== Changes since 1.25.2 ===
* (T98975) Fix having multiple callbacks for a single hook.
* (T107632) maintenance/refreshLinks.php did not always remove all links
pointing to nonexistent pages.
* (T104142) $wgEmergencyContact and $wgPasswordSender now use their default
value if set to an empty string.
* (T62174) Provide fallbacks for use of mb_convert_encoding() in
HtmlFormatter. It was causing an error when accessing the api help page
if the mbstring PHP extension was not installed.
* (T105896) Confirmation emails would sometimes contain invalid codes.
* (T105597) Fixed edit stash inclusion queries.
* (T91850) SECURITY: Add throttle check in ApiUpload and SpecialUpload
* (T91203, T91205) SECURITY: API: Improve validation in chunked uploading
* (T95589) SECURITY: RevDel: Check all revisions for suppression, not just the
first
* (T108616) SECURITY: Avoid exposure of local path in PNG thumbnails
== MediaWiki 1.25.2 ==
This is a security and maintenance release of the MediaWiki 1.25 branch.
=== Changes since 1.25.1 ===
* (T94116) SECURITY: Compare API watchlist token in constant time
* (T97391) SECURITY: Escape error message strings in thumb.php
* (T106893) SECURITY: Don't leak autoblocked IP addresses on
Special:DeletedContributions
* (T102562) Fix InstantCommons parameters to handle the new HTTPS-only
policy of Wikimedia Commons.
* (T100767) Setting a configuration setting for skin or extension to
false in LocalSettings.php was not working.
* (T100635) API action=opensearch json output no longer breaks when
$wgDebugToolbar is enabled.
* (T102522) Using an extension.json or skin.json file which has
a "manifest_version" property for 1.26 compatability will no longer
trigger warnings.
* (T86156) Running updateSearchIndex.php will not throw an error as
page_restrictions has been added to the locked table list.
* Special:Version would throw notices if using SVN due to an incorrectly
named variable. Add an additional check that an index is defined.
== MediaWiki 1.25.1 ==
This is a bug fix release of the MediaWiki 1.25 branch.
=== Changes since 1.25 ===
* (T100351) Fix syntax errors in extension.json of ConfirmEdit extension
== MediaWiki 1.25.0 ==
=== Configuration changes in 1.25 ===
* $wgPageShowWatchingUsers was removed.
* $wgLocalVirtualHosts has been added to replace $wgConf->localVHosts.
* $wgAntiLockFlags was removed.
* $wgJavaScriptTestConfig was removed.
* Edit tokens returned from User::getEditToken may change on every call. Token
validity must be checked by passing the user-supplied token to
User::matchEditToken rather than by testing for equality with a
newly-generated token.
* (T74951) The UserGetLanguageObject hook may be passed any IContextSource
for its $context parameter. Formerly it was documented as receiving a
RequestContext specifically.
* Profiling was restructured and $wgProfiler now requires an 'output' parameter.
See StartProfiler.sample for details.
* $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that
might be a flash policy directive configurable.
* ApiOpenSearch now supports XML output. The OpenSearchXml extension should no
longer be used. If extracts and page images are desired, the TextExtracts and
PageImages extensions are required.
* $wgOpenSearchTemplate is deprecated in favor of $wgOpenSearchTemplates.
* Edits are now prepared via AJAX as users type edit summaries. This behavior
can be disabled via $wgAjaxEditStash.
* (T46740) The temporary option $wgIncludejQueryMigrate was removed, along
with the jQuery Migrate library, as indicated when this option was provided in
MediaWiki 1.24.
* ProfilerStandard and ProfilerSimpleTrace were removed. Make sure that any
StartProfiler.php config is updated to reflect this. Xhprof is available
for zend/hhvm. Also, for hhvm, one can consider using its xenon profiler.
* Default value of $wgSVGConverters['rsvg'] now uses the 'rsvg-convert' binary
rather than 'rsvg'.
* Default value of $wgSVGConverters['ImageMagick'] now uses transparent
background with white fallback color, rather than just white background.
* MediaWikiBagOStuff class removed, make sure any object cache config
uses SqlBagOStuff instead.
* The 'daemonized' flag must be set to true in $wgJobTypeConf for any redis
job queues. This means that mediawiki/services/jobrunner service has to
be installed and running for any such queues to work.
* $wgAutopromoteOnce no longer supports the 'view' event. For keeping some
compatibility, any 'view' event triggers will still trigger on 'edit'.
* $wgExtensionDirectory was added for when your extensions directory is
somewhere other than $IP/extensions (as $wgStyleDirectory does with the skins
directory).
=== New features in 1.25 ===
* (T64861) Updated plural rules to CLDR 26. Includes incompatible changes
for plural forms in Russian, Prussian, Tagalog, Manx and several languages
that fall back to Russian.
* (T60139) ResourceLoaderFileModule now supports language fallback
for 'languageScripts'.
* Added a new hook, "ContentAlterParserOutput", to allow extensions to modify
the parser output for a content object before links update.
* (T37785) Enhanced recent changes and extended watchlist are now default.
Documentation: https://meta.wikimedia.org/wiki/Help:Enhanced_recent_changes
and https://www.mediawiki.org/wiki/Manual:$wgDefaultUserOptions
* (T69341) SVG images will no longer be base64-encoded when being embedded
in CSS. This results in slight size increase before gzip compression (due to
percent-encoding), but up to 20% decrease after it.
* Update jStorage to v0.4.12.
* MediaWiki now natively supports page status indicators: icons (or short text
snippets) usually displayed in the top-right corner of the page. They have
been in use on Wikipedia for a long time, implemented using templates and CSS
absolute positioning.
- Basic wikitext syntax:
<indicator name="foo">[[File:Foo.svg|20px]]</indicator>
- Usage instructions:
https://www.mediawiki.org/wiki/Help:Page_status_indicators
- Adjusting custom skins to support indicators:
https://www.mediawiki.org/wiki/Manual:Skinning#Page_status_indicators
* Edit tokens may now be time-limited: passing a maximum age to
User::matchEditToken will reject any older tokens.
* The debug logging internals have been overhauled, and are now using the
PSR-3 interfaces.
* Update CSSJanus to v1.1.1.
* Update lessphp to v0.5.0.
* Added a hook, "ApiOpenSearchSuggest", to allow extensions to provide extracts
and images for ApiOpenSearch output. The semantics are identical to the
"OpenSearchXml" hook provided by the OpenSearchXml extension.
* PrefixSearchBackend hook now has an $offset parameter. Combined with $limit,
this allows for pagination of prefix results. Extensions using this hook
should implement supporting behavior. Not doing so can result in undefined
behavior from API clients trying to continue through prefix results.
* Update jQuery from v1.11.1 to v1.11.3.
* External libraries installed via composer will now be displayed
on Special:Version in their own section. Extensions or skins that are
installed via composer will not be shown in this section as it is assumed
they will add the proper credits to the skins or extensions section. They
can also be accessed through the API via the new siprop=libraries to
ApiQuerySiteinfo.
* Update QUnit from v1.14.0 to v1.16.0.
* Update Moment.js from v2.8.3 to v2.8.4.
* Special:Tags now allows for manipulating the list of user-modifiable change
tags.
* Added 'managetags' user right and 'ChangeTagCanCreate', 'ChangeTagCanDelete',
and 'ChangeTagCanCreate' hooks to allow for managing user-modifiable change
tags.
* Added 'ChangeTagsListActive' hook, to separate the concepts of "defined" and
"active" formerly conflated by the 'ListDefinedTags' hook.
* Added TemplateParser class that provides a server-side interface to cachable
dynamically-compiled Mustache templates (currently uses lightncandy library).
* Clickable anchors for each section heading in the content are now generated
and appear in the gutter on hovering over the heading.
* Added 'CategoryViewer::doCategoryQuery' and 'CategoryViewer::generateLink'
hooks to allow extensions to override how links to pages are rendered within
NS_CATEGORY
* (T19665) Special:WantedPages only lists page which having at least one red
link pointing to it.
* New hooks 'ApiMain::moduleManager' and 'ApiQuery::moduleManager', can be
used for conditional registration of API modules.
* New hook 'EnhancedChangesList::getLogText' to alter, remove or add to the
links of a group of changes in EnhancedChangesList.
* A full interface for StatsD metric reporting has been added to the context
interface, reachable via IContextSource::getStats().
* Move the jQuery Client library from being mastered in MediaWiki as v0.1.0 to a
proper, published library, which is now tagged as v1.0.0.
* A new message (defaulting to blank), 'editnotice-notext', can be shown to
users when they are editing if no edit notices apply to the page being edited.
* (T94536) You can now make the sitenotice appear to logged-in users only by
editing MediaWiki:Anonnotice and replacing its content with "". Setting it to
"-" (default) will continue disable it and fallback to MediaWiki:Sitenotice.
* Modifying the tagging of a revision or log entry is now available via
Special:EditTags, generally accessed via the revision-deletion-like interface
on history pages and Special:Log is likely to be more useful.
* Added 'applychangetags' and 'changetags' user rights.
* (T35235) LogFormatter subclasses are now responsible for formatting the
parameters for API log event output. Extensions should implement the new
getParametersForApi() method in their log formatters.
==== External libraries ====
* MediaWiki now requires certain external libraries to be installed. In the past
these were bundled inside the Git repository of MediaWiki core, but now they
need to be installed separately. For users using the tarball, this will be
taken care of and no action will be required. Users using Git will either need
to use composer to fetch dependencies or use the mediawiki/vendor repository
which includes all dependencies for MediaWiki core and ones used in Wikimedia
deployment. Detailed instructions can be found at:
https://www.mediawiki.org/wiki/Download_from_Git#Fetch_external_libraries
* The following libraries are now required:
** psr/log
This library provides the interfaces set by the PSR-3 standard
(http://www.php-fig.org/psr/psr-3/) which are used by MediaWiki internally
via the MediaWiki\Logger\LoggerFactory class.
See the structured logging RfC
<https://www.mediawiki.org/wiki/Requests_for_comment/Structured_logging>
for more background information.
** cssjanus/cssjanus
This library was formerly bundled with MediaWiki core and has been removed.
It automatically flips CSS for RTL support.
** leafo/lessphp
This library was formerly bundled with MediaWiki core and has been removed.
It compiles LESS files into CSS.
** wikimedia/cdb
This library was formerly a part of MediaWiki core, and has been moved into a
separate library. It provides CDB functions which are used in the Interwiki
and Localization caches. More information about the library can be found at
https://www.mediawiki.org/wiki/CDB.
** liuggio/statsd-php-client
This library provides a StatsD client API for logging application metrics to
a remote server.
=== Bug fixes in 1.25 ===
* (T73003) No additional code will be generated to try to load CSS-embedded
SVG images in Internet Explorer 6 and 7, as they don't support them anyway.
* (T69021) On Special:BookSources, corrected validation of ISBNs (both
10- and 13-digit forms) containing "X".
* Page moving was refactored into a MovePage class. As part of that:
** The AbortMove hook was removed.
** MovePageIsValidMove is for extensions to specify whether a page
cannot be moved for technical reasons, and should not be overridden.
** MovePageCheckPermissions is for checking whether the given user is
allowed to make the move.
** Title::moveNoAuth() was deprecated. Use the MovePage class instead.
** Title::moveTo() was deprecated. Use the MovePage class instead.
** Title::isValidMoveOperation() broken down into MovePage::isValidMove()
and MovePage::checkPermissions().
* (T18530) Multiple autocomments are now formatted in an edit summary.
* (T70361) Autocomments containing "/*" are parsed correctly.
* The Special:WhatLinksHere page linked from 'Number of redirects to this page'
on action=info about a file page does not list file links anymore.
* (T78637) Search bar is not autofocused unless it is empty so that proper
scrolling using arrow keys is possible.
* (T50853) Database::makeList() modified to handle 'NULL' separately when
building IN clause
* (T85192) Captcha position modified in Usercreate template. As a result:
** extrafields parameter added to Usercreate.php to insert additional data
** 'extend' method added to QuickTemplate to append additional values to any
field of data array
* (T86974) Several Title methods now load from the database when necessary
(instead of returning incorrect results) even when the page ID is known.
* (T74070) Duplicate search for archived files on file upload now omits the
extension.
This requires the fa_sha1 field being populated.
* Removed rel="archives" from the "View history" link, as it did not pass
HTML validation.
* $wgUseTidy is now set when parserTests are run with the tidy option to match
output on wiki.
* (T37472) update.php will purge ResourceLoader cache unless --nopurge is passed
to it.
* (T72109) mediawiki.language should respect $wgTranslateNumerals in
convertNumber().
=== Action API changes in 1.25 ===
* (T67403) XML tag highlighting is now only performed for formats
"xmlfm" and "wddxfm".
* action=paraminfo supports generalized submodules (modules=query+value),
querymodules and formatmodules are deprecated
* action=paraminfo no longer outputs descriptions and other help text by
default. If needed, it may be requested using the new 'helpformat' parameter.
* action=help has been completely rewritten, and outputs help in HTML
rather than plain text.
* Hitting api.php without specifying an action now displays only the help for
the main module, with links to submodule help.
* API help is no longer displayed on errors.
* 'uselang' is now a recognized API parameter; "uselang=user" may be used to
explicitly select the language from the current user's preferences, and
"uselang=content" may be used to select the wiki's content language.
* Default output format for the API is now jsonfm.
* Simplified continuation will return a "batchcomplete" property in the result
when a batch of pages is complete.
* Pretty-printed HTML output now has nicer formatting and (if available)
better syntax highlighting.
* Deprecated list=deletedrevs in favor of newly-added prop=deletedrevisions and
list=alldeletedrevisions.
* prop=revisions will gracefully continue when given too many revids or titles,
rather than just ignoring the extras.
* prop=revisions will no longer die if rvcontentformat doesn't match a
revision's content model; it will instead warn and omit the content.
* If the user has the 'deletedhistory' right, action=query's revids parameter
will now recognize deleted revids.
* prop=revisions may be used as a generator, generating revids.
* (T68776) format=json results will no longer be corrupted when
$wgMangleFlashPolicy is in effect. format=php results will cleanly return an
error instead of returning invalid serialized data.
* Generators may now return data for the generated pages when used with
action=query.
* Query page data for generator=search and generator=prefixsearch will now
include an "index" field, which may be used by the client for sorting the
search results.
* ApiOpenSearch now supports XML output.
* ApiOpenSearch will now output descriptions and URLs as array indexes 2 and 3
in JSON format.
* (T76051) list=tags will now continue correctly.
* (T76052) list=tags can now indicate whether a tag is defined.
* (T75522) list=prefixsearch now supports continuation
* (T78737) action=expandtemplates can now return page properties.
* (T78690) list=allimages now accepts multiple pipe-separated values
for the 'aimime' parameter.
* prop=info with inprop=protections will now return applicable protection types
with the 'restrictiontypes' key.
* (T85417) When resolving redirects, ApiPageSet will now add the targets of
interwiki redirects to the list of interwiki titles.
* (T85417) When outputting the list of redirect titles, a 'tointerwiki'
property (like the existing 'tofragment' property) will be set.
* Added action=managetags to allow for managing the list of
user-modifiable change tags. Actually modifying the tagging of a revision or
log entry is not implemented yet.
* list=tags has additional properties to indicate 'active' status and tag
sources.
* siprop=libraries was added to ApiQuerySiteinfo to list installed external
libraries.
* (T88010) Added action=checktoken, to test a CSRF token's validity.
* (T88010) Added intestactions to prop=info, to allow querying of
Title::userCan() via the API.
* Default type param for query list=watchlist and list=recentchanges has
been changed from all types (e.g. including 'external') to 'edit|new|log'.
* Added formatversion to format=json. Still "experimental" as further changes
to the output formatting might still be made.
* (T73020) Log event details are now always under a 'params' subkey for
list=logevents, and a 'logparams' subkey for list=watchlist and
list=recentchanges.
* Log event details are changing formatting:
* block events now report flags as an array rather than as a comma-separated
list.
* patrol events now report the 'auto' flag as a boolean (absent/empty string
for BC formats) rather than as an integer.
* rights events now report the old and new group lists as arrays rather than
as comma-separated lists.
* merge events use new-style formatting.
* delete/event and delete/revision events use new-style formatting.
* The root node and various other nodes will now always be an object in formats
such as json that distinguish between arrays and objects.
* Except for action=opensearch where the spec requires an array.
=== Action API internal changes in 1.25 ===
* ApiHelp has been rewritten to support i18n and paginated HTML output.
Most existing modules should continue working without changes, but should do
the following:
* Add an i18n message "apihelp-{$moduleName}-description" to replace
getDescription().
* Add i18n messages "apihelp-{$moduleName}-param-{$param}" for each parameter
to replace getParamDescription(). If necessary, the settings array returned
by getParams() can use the new ApiBase::PARAM_HELP_MSG key to override the
message.
* Implement getExamplesMessages() to replace getExamples().
* Modules with submodules (like action=query) must have their submodules
override ApiBase::getParent() to return the correct parent object.
* The 'APIGetDescription' and 'APIGetParamDescription' hooks are deprecated,
and will have no effect for modules using i18n messages. Use
'APIGetDescriptionMessages' and 'APIGetParamDescriptionMessages' instead.
* Api formatters will no longer be asked to display the help screen on errors.
* ApiMain::getCredits() was removed. The credits are available in the
'api-credits' i18n message.
* ApiFormatBase has been changed to support i18n and syntax highlighting via
extensions with the new 'ApiFormatHighlight' hook. Core syntax highlighting
has been removed.
* ApiFormatBase now always buffers. Output is done when
ApiFormatBase::closePrinter is called.
* Much of the logic in ApiQueryRevisions has been split into
ApiQueryRevisionsBase.
* The 'revids' parameter supplied by ApiPageSet will now count deleted
revisions as "good" if the user has the 'deletedhistory' right. New methods
ApiPageSet::getLiveRevisionIDs() and ApiPageSet::getDeletedRevisionIDs() are
provided to access just the live or just the deleted revids.
* Added ApiPageSet::setGeneratorData() and ApiPageSet::populateGeneratorData()
to allow generators to include data in the action=query result.
* New hooks 'ApiMain::moduleManager' and 'ApiQuery::moduleManager', can be
used for conditional registration of API modules.
* Added ApiBase::lacksSameOriginSecurity() to allow modules to easily check if
the current request was sent with the 'callback' parameter (or any future
method that breaks the same-origin policy).
* Profiling methods in ApiBase are deprecated and no longer need to be called.
* ApiResult was greatly overhauled. See inline documentation for details.
* ApiResult will automatically convert objects to strings or arrays (depending
on whether a __toString() method exists on the object), and will refuse to
add unsupported value types.
* An informal interface, ApiSerializable, exists to override the default
object conversion.
* ApiResult/ApiFormatBase "raw mode" is deprecated.
* ApiFormatXml now assumes defaults and so on instead of throwing errors when
metadata isn't set.
* (T35235) LogFormatter subclasses are now responsible for formatting log event
parameters for the API.
* Many modules have changed result data formats. While this shouldn't affect
clients not using the experimental formatversion=2, code using
ApiResult::getResultData() without the transformations for backwards
compatibility may need updating, as will code that wasn't following the old
conventions for API boolean output.
* The following methods have been deprecated and may be removed in a future
release:
* ApiBase::getDescription
* ApiBase::getParamDescription
* ApiBase::getExamples
* ApiBase::makeHelpMsg
* ApiBase::makeHelpArrayToString
* ApiBase::makeHelpMsgParameters
* ApiBase::getModuleProfileName
* ApiBase::profileIn
* ApiBase::profileOut
* ApiBase::safeProfileOut
* ApiBase::getProfileTime
* ApiBase::profileDBIn
* ApiBase::profileDBOut
* ApiBase::getProfileDBTime
* ApiBase::getResultData
* ApiFormatBase::setUnescapeAmps
* ApiFormatBase::getWantsHelp
* ApiFormatBase::setHelp
* ApiFormatBase::formatHTML
* ApiFormatBase::setBufferResult
* ApiFormatBase::getDescription
* ApiFormatBase::getNeedsRawData
* ApiMain::setHelp
* ApiMain::reallyMakeHelpMsg
* ApiMain::makeHelpMsgHeader
* ApiResult::setRawMode
* ApiResult::getIsRawMode
* ApiResult::getData
* ApiResult::setElement
* ApiResult::setContent
* ApiResult::setIndexedTagName_recursive
* ApiResult::setIndexedTagName_internal
* ApiResult::setParsedLimit
* ApiResult::beginContinuation
* ApiResult::setContinueParam
* ApiResult::setGeneratorContinueParam
* ApiResult::endContinuation
* ApiResult::size
* ApiResult::convertStatusToArray
* ApiQueryImageInfo::getPropertyDescriptions
* ApiQueryLogEvents::addLogParams
* The following classes have been deprecated and may be removed in a future
release:
* ApiQueryDeletedrevs
=== Languages updated in 1.25 ===
MediaWiki supports over 350 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Bugzilla reports.
* Languages added:
** awa (अवधी / Awadhi), thanks to translator 1AnuraagPandey;
** bgn (بلوچی رخشانی / Western Balochi), thanks to translators
Baloch Afghanistan, Ibrahim khashrowdi and Rachitrali;
** ses (Koyraboro Senni), thanks to translator Songhay.
* (T66440) Kazakh (kk) wikis should no longer forcefully reset the user's
interface language to kk where unexpected.
* The Chinese conversion table was substantially updated to fix a lot of
bugs and ensure better reading experience for different variants.
=== Other changes in 1.25 ===
* (T45591) Links to MediaWiki.org translatable help were added to indicators,
mostly in special pages. Local custom target titles can be placed in the
relevant '(namespace-X|action name|special page name)-helppage' system
message. Extensions can use the addHelpLink() function to do the same.
* The skin autodiscovery mechanism, deprecated in MediaWiki 1.23, has been
removed. See https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery for
migration guide for creators and users of custom skins that relied on it.
* Javascript variables 'wgFileCanRotate' and 'wgFileExtensions' now only
available on Special:Upload.
* (T58257) Set site logo from mediawiki.skinning.interface module instead of
inline styles in the HTML.
* Removed ApiQueryUsers::getAutoGroups(). (deprecated since 1.20)
* Removed XmlDumpWriter::schemaVersion(). (deprecated since 1.20)
* Removed LogEventsList::getDisplayTitle(). (deprecated since 1.20)
* Removed Preferences::trySetUserEmail(). (deprecated since 1.20)
* Removed mw.user.name() and mw.user.anonymous() methods. (deprecated since
1.20)
* Removed 'ok' and 'err' parameters in the mediawiki.api modules. (deprecated
since 1.20)
* Removed 'async' parameter from the mw.Api#getCategories() method. (deprecated
since 1.20)
* Removed 'jquery.json' module. (deprecated since 1.24)
Use the 'json' module and global JSON object instead.
* Deprecated OutputPage::readOnlyPage() and OutputPage::rateLimited().
Also, the former will now throw an MWException if called with one or more
arguments.
* Removed hitcounters and associated code.
* The "temp" zone of the upload respository is now considered private. If it
already exists (such as under the images/ directory), please make sure that
the directory is not web readable (e.g. via a .htaccess file).
* BREAKING CHANGE: In the XML dump format used by Special:Export and
dumpBackup.php, the <model> and <format> tags now apprear before the <text>
tag, instead of after the <text> and <sha1> tags.
The new schema version is 0.10, the new schema URI is:
https://www.mediawiki.org/xml/export-0.10.xsd
* MWFunction::call() and MWFunction::callArray() were removed, having being
deprecated in 1.22.
* Deprecated the getInternalLinkAttributes, getInternalLinkAttributesObj,
and getInternalLinkAttributes methods in Linker, and removed
getExternalLinkAttributes method, which was deprecated in MediaWiki 1.18.
* Removed Sites class, which was deprecated in 1.21 and replaced by
SiteSQLStore.
* Added wgRelevantArticleId to the client-side config, for use on special pages.
* Deprecated the TitleIsCssOrJsPage hook. Superseded by the
ContentHandlerDefaultModelFor hook since MediaWiki 1.21.
* Deprecated the TitleIsWikitextPage hook. Superseded by the
ContentHandlerDefaultModelFor hook since MediaWiki 1.21.
* Changed parsing of variables in schema (.sql) files:
** The substituted values are no longer parsed. (Formerly, several passes
were made for each variable, so depending on the order in which variables
were defined, variables might have been found inside encoded values. This
is no longer the case.)
** Variables are no longer string encoded when the /*$var*/ syntax is used.
If string encoding is necessary, use the '{$var}' syntax instead.
** Variable names must only consist of one or more of the characters
"A-Za-z0-9_".
** In source text of the form '{$A}'{$B}' or `{$A}`{$B}`, where variable A
does not exist yet variable B does, the latter may not be replaced.
However, this difference is unlikely to arise in practice.
* (T67278) RFC, PMID, and ISBN "magic links" must be surrounded by non-word
characters on both sides.
* The FormatAutocomments hook will now receive $pre and $post as booleans,
rather than as strings that must be prepended or appended to $comment.
* (T30950, T31025) RFC, PMID, and ISBN "magic links" can no longer contain
newlines; but they can contain and other non-newline whitespace.
* The 'mediawiki.action.edit' ResourceLoader module no longer generates the edit
toolbar, which has been moved to a separate 'mediawiki.toolbar' module. If you
relied on this behavior, update your scripts' dependencies.
* HTMLForm's 'vform' display style has been separated to a subclass. Therefore:
* HTMLForm::isVForm() is now deprecated.
* You can no longer do this:
$form = new HTMLForm( … );
$form->setDisplayFormat( 'vform' ); // throws exception
Instead, do this:
$form = HTMLForm::factory( 'vform', … );
* Deprecated Revision methods getRawUser(), getRawUserText() and
getRawComment().
* BREAKING CHANGE: mediawiki.user.generateRandomSessionId:
The alphabet of the prior string returned was A-Za-z0-9 and now it is 0-9A-F
* (T87504) Avoid serving SVG background-images in CSS for Opera 12, which
renders them incorrectly when combined with border-radius or background-size.
* Removed maintenance script dumpSisterSites.php.
* DatabaseBase class constructors must be called using the array argument style.
Ideally, DatabaseBase:factory() should be used instead in most cases.
* Deprecated ParserOutput::addSecondaryDataUpdate and
ParserOutput::getSecondaryDataUpdates.
This is a hard deprecation, with getSecondaryDataUpdates returning an empty
array and addSecondaryDataUpdate throwing an exception. These functions will
be removed in 1.26, since they interfere with caching of ParserOutput objects.
* Introduced new hook 'SecondaryDataUpdates' that allows extensions to inject
custom updates.
* Introduced new hook 'OpportunisticLinksUpdate' that allows extensions to
perform updates when a page is re-rendered.
* EditPage::attemptSave has been modified not to call handleStatus itself and
instead just returns the Status object. Extension calling it should be aware
of this.
* Removed class DBObject. (unused since 1.10)
* wfDiff() is deprecated.
* The -m (maximum replication lag) option of refreshLinks.php was removed.
It had no effect since MediaWiki 1.18 and should be removed from any cron
jobs or similar scripts you may have set up.
* (T85864) The following messages no longer support raw html: redirectto,
thisisdeleted, viewdeleted, editlink, retrievedfrom, version-poweredby-others,
retrievedfrom, thisisdeleted, viewsourcelink, lastmodifiedat, laggedslavemode,
protect-summary-cascade
* All BloomCache related code has been removed. This was largely experimental.
* $wgResourceModuleSkinStyles no longer supports per-module local or remote
paths. They can only be set for the entire skin.
* Removed global function swap(). (deprecated since 1.24)
* Deprecated the ".php5" file extension entry points and the $wgScriptExtension
configuration variable. Refer to the ".php" files instead. If you want
".php5" URLs to continue to work, set up redirects. In Apache, this can be
done by enabling mod_rewrite and adding the following rules to your
configuration:
RewriteEngine On
RewriteBase /
RewriteRule ^(.*)\.php5 $1.php [R=301,L]
* The global importScriptURI and importStylesheetURI functions, as well as the
loadedScripts object, from wikibits.js (deprecated since 1.17) now emit
warnings through mw.log.warn when accessed.
= MediaWiki 1.24 =
== MediaWiki 1.24.6 ==
This is a maintenance release of the MediaWiki 1.24 branch.
=== Changes since 1.24.5 ===
* (T121892) Fix fatal error on some Special pages, introduced in 1.24.5.
== MediaWiki 1.24.5 ==
This is a security and maintenance release of the MediaWiki 1.23 branch.
=== Changes since 1.24.4 ===
* (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths
that do not begin with a slash. This enabled trivial XSS attacks.
Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are
"/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an
error.
* (T119309) SECURITY: Use hash_compare() for edit token comparison
* (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting
with '@' as file uploads
* (T115522) SECURITY: Passwords generated by User::randomPassword() can no
longer be shorter than $wgMinimalPasswordLength
* (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could
result in improper blocks being issued
* (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions
and related pages no longer use HTTP redirects and are now redirected by
MediaWiki
* (T103237) $wgUseGzip had no effect when using file cache.
== MediaWiki 1.24.4 ==
This is a security and maintenance release of the MediaWiki 1.24 branch.
=== Changes since 1.24.3 ===
* (T91653) Minimal PSR-3 debug logger to support backports from 1.25+.
* (T68650) Fix indexing of moved pages with PostgreSQL. Requires running
update.php to fix.
* (T91850) SECURITY: Add throttle check in ApiUpload and SpecialUpload
* (T91203, T91205) SECURITY: API: Improve validation in chunked uploading
* (T95589) SECURITY: RevDel: Check all revisions for suppression, not just the
first
* (T108616) SECURITY: Avoid exposure of local path in PNG thumbnails
== MediaWiki 1.24.3 ==
This is a security and maintenance release of the MediaWiki 1.24 branch.
=== Changes since 1.24.2 ===
* (T94116) SECURITY: Compare API watchlist token in constant time
* (T97391) SECURITY: Escape error message strings in thumb.php
* (T106893) SECURITY: Don't leak autoblocked IP addresses on
Special:DeletedContributions
* Update jQuery from v1.11.2 to v1.11.3.
* (T102562) Fix InstantCommons parameters to handle the new HTTPS-only
policy of Wikimedia Commons.
== MediaWiki 1.24.2 ==
This is a security and maintenance release of the MediaWiki 1.24 branch.
=== Changes since 1.24.1 ===
* (T85848, T71210) SECURITY: Don't parse XMP blocks that contain XML entities,
to prevent various DoS attacks.
* (T85848) SECURITY: Don't allow directly calling Xml::isWellFormed, to reduce
likelihood of DoS.
* (T88310) SECURITY: Always expand xml entities when checking SVG's.
* (T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS.
* (T85855) SECURITY: Don't execute another user's CSS or JS on preview.
* (T64685) SECURITY: Allow setting maximal password length to prevent DoS when
using PBKDF2.
* (T85349, T85850, T86711) SECURITY: Multiple issues fixed in SVG filtering to
prevent XSS and protect viewer's privacy.
* Fix case of SpecialAllPages/SpecialAllMessages in SpecialPageFactory to fix
loading these special pages when $wgAutoloadAttemptLowercase is false.
* (bug T70087) Fix Special:ActiveUsers page for installations using
PostgreSQL.
* (bug T76254) Fix deleting of pages with PostgreSQL. Requires a schema change
and running update.php to fix.
== MediaWiki 1.24.1 ==
This is a security and maintenance release of the MediaWiki 1.24 branch.
=== Changes since 1.24.0 ===
* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which
could lead to xss. Permission to edit MediaWiki namespace is required to
exploit this.
* (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in
$wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as
part of its name.
* (bug T74222) The original patch for T74222 was reverted as unnecessary.
* Fixed a couple of entries in RELEASE-NOTES-1.24.
* (bug T76168) OutputPage: Add accessors for some protected properties.
* (bug T74834) Make 1.24 branch directly installable under PostgreSQL.
== MediaWiki 1.24.0 ==
=== Configuration changes in 1.24 ===
* MediaWiki will no longer run if register_globals is enabled. It has been
deprecated for 5 years now, and was removed in PHP 5.4. For more information
about why, see <https://www.mediawiki.org/wiki/register_globals>.
* MediaWiki now requires PHP's iconv extension. openSUSE users may need to
install the php5-iconv package. Users of other systems may need to add
extension=iconv.so to php.ini or recompile PHP without --without-iconv.
* MediaWiki will no longer function if magic quotes are enabled. It has
been deprecated for 5 years now, and was removed in PHP 5.4.
* The server's canonical hostname is available as $wgServerName, which is
exposed in both mw.config and ApiQuerySiteinfo.
* Introduced $wgPagePropsHaveSortkey as a backwards-compatibility switch,
for using the old schema of the page_props table, in case the respective
schema update was not applied.
* $wgSearchEverythingOnlyLoggedIn was removed as the 'searcheverything'
user option was removed. Use $wgNamespacesToBeSearchedDefault instead or
if you used to have $wgDefaultUserOptions['searcheverything'] = 1.
* $wgMasterWaitTimeout has been deprecated.
* $wgDBClusterTimeout has been removed.
* $wgProxyKey has been removed. It is no longer used by MediaWiki core.
Ensure $wgSecretKey is set in LocalSettings.php.
* $wgExtraInterlanguageLinkPrefixes is a new configuration variable that
contains an array of interwiki prefixes that should be treated as language
prefixes (i.e. turned into interlanguage links when $wgInterwikiMagic is set
to true).
* $wgParserTestRemote has been removed.
* $wgCountTotalSearchHits has been removed. If you're concerned about efficiency
of search, you should use something like CirrusSearch instead of built in
search.
* Users in the 'sysop' group have access to Special:MergeHistory by default.
* $wgFileStore was removed after having been deprecated in 1.17. Alternative
configurations are $wgDeletedDirectory and $wgHashedUploadDirectory.
* The deprecated $wgUseCommaCount variable has been removed.
* $wgEnableSorbs and $wgSorbsUrl have been removed.
* The UserCryptPassword and UserComparePassword hooks are no longer called.
Any extensions using them must be updated to use the Password Hashing API.
* $wgCompiledFiles has been removed.
* $wgSortSpecialPages was removed, the listing on Special:SpecialPages is
now always sorted.
* $wgSpecialPages may now use callback functions as an alternative to plain
class names. This allows more control over constructor parameters.
* $wgHTCPMulticastAddress, $wgHTCPMulticastRouting and $wgHTCPPort were removed.
* $wgRC2UDPAddress, $wgRC2UDPInterwikiPrefix, $wgRC2UDPOmitBots, $wgRC2UDPPort
and $wgRC2UDPPrefix have been removed.
* The default password type for MediaWiki has been changed from MD5 to PBKDF2.
Password hashes will automatically be updated as users log in. If necessary,
the old MD5 hashing can be restored by changing $wgPasswordDefault to 'B'.
In addition, there is a maintenance script wrapOldPassword.php that can wrap
all passwords in PBKDF2 (or the hashing algorithm of your choice) if you don't
want to wait for your users to log in.
* $wgImportSources can now either be a regular array, or an associative map
specifying subprojects on the interwiki map of the target wiki, or a mix of
the two. Existing configurations will still work.
* Users must be able to edit through a page's protection to be able to delete
it.
* The default thumb size ($wgDefaultUserOptions['thumbsize']) is now 300px, up
from 180px. If you have altered the number of entries in $wgThumbLimits for
your wiki, you may need to adjust your default user settings to compensate for
the index change.
* $wgDeferredUpdateList is now deprecated, you should use
DeferredUpdates::addUpdate() instead.
* $wgCanonicalLanguageLinks has been removed. Per Google recommendations, we
will not send a rel=canonical pointing to a variant-neutral page, however
we will send rel=alternate.
* $wgResourceLoaderLESSFunctions has been deprecated and will be removed in the
future.
* $wgGoToEdit has been removed. Use the SpecialSearchNogomatch hook for similar
functionality.
=== New features in 1.24 ===
* Added new hook WatchlistEditorBeforeFormRender, allowing subscribers to
manipulate the list of pages and/or preload lots of data at once.
* Added new argument &$link in hook WatchlistEditorBuildRemoveLine, allowing the
link to the title to be changed.
* Added a new hook, "WhatLinksHereProps", to allow extensions to annotate
WhatLinksHere entries.
* Added a new hook, "ContentGetParserOutput", to customize parser output for
a given content object.
* Deprecated the hook "ShowRawCssJs", use "ContentGetParserOutput" instead.
* HTMLForm's HTMLTextField now supports the 'url' type.
* HTMLForm fields may now be dynamically hidden based on the values of other
fields in the form.
* HTMLForm now supports multiple copies of an input field or set of input
fields, e.g. the form may request "one or more usernames" without having to
have the user enter delimited list of names into a text field.
* Added a new hook, "SidebarBeforeOutput", to allow to edit the structure of
the sidebar just before its display.
* (bug 49156) Added the mediawiki.cookie ResourceLoader module, which wraps
jquery.cookie so that getting/setting a cookie is syntactically and
functionally similar to using the WebRequest::getCookie() and
WebResponse::setcookie() methods.
* (bug 44740) jQuery upgraded from 1.8.3 to 1.11.1. A new configuration option,
$wgIncludejQueryMigrate, also loads the jQuery Migrate hack to let extensions
and gadgets use the long-deprecated functions that were removed in jQuery 1.9.
This option is turned off by default, and will be removed in MediaWiki 1.25.
* (bug 47076) jQuery UI upgraded from 1.8.24 to 1.9.2.
* Changes to content typography (fonts, etc.). See
https://www.mediawiki.org/wiki/Typography_refresh for further information.
* WikitextContent will now render redirects with the expected "redirect"
header, rather than as an ordered list. Code calling Article::viewRedirect
can probably be changed to no longer special-case redirects.
* Header font set to a serif font stack. See
https://www.mediawiki.org/wiki/Typography_refresh for further information.
* (bug 65567) Added a new hook, "BeforeHttpsRedirect", to allow cancellation of
the HTTP to HTTPS redirect due to forceHTTPS cookie, userRequires, etc. This
is only for page views, since this hook doesn't affect UserLogin, OAuth,
CentralAuth, etc. ATTENTION: This hook is likely to be removed soon due to
overall design of the system.
* (bug 17367) It is now possible to add pages to your watchlist from
Special:UnwatchedPages without reloading the special page.
* New methods setVolatile and isVolatile are added to PPFrame, so that
extensions such as Cite.php can mark that their output is volatile and
shouldn't be cached.
* (bug 52817) Advanced search options are now saved on the search page itself,
rather than in a dedicated pane in the preferences panel.
* (bug 44591) The dropdown actions menu (little triangle next to page tabs) in
the Vector skin has gained a label that should make it more discoverable.
* MWCryptHKDF added for fast, cryptographically secure random number generation
that won't deplete openssl's entropy pool.
* ResourceLoader: File modules can now provide a skip function that uses an
inline feature test to bypass loading of the module.
* (bug 20210) Special pages may now provide autocompletion of their subpage
names in search suggestions. Right now the only useful implementation is in
Special:Log, but more are to come.
* Special:MostLinkedTemplates is no longer limited to transclusions from the
Template namespace.
* Skins can now use 'remoteSkinPath' when defining ResourceLoader modules.
This works the same as 'remoteExtPath' but is relative to the skins/ folder
instead of the extensions/ folder.
* Added the json2.js polyfill for the ES5 JSON.stringify and JSON.parse methods.
Exposed as module "json" with a skip function to optimise loading.
* Extensions and skins may now use 'namemsg' in $wgExtensionCredits in addition
to 'name', to allow for the name to be localizable. 'name' should still be
specified for backwards-compatibility and to define the path Special:Version
uses to find extension license information.
* Browser tests are now included to verify basic wiki functionality in developer
environments. For details on running tests, see
tests/browser/README.mediawiki.
* Upgrade jStorage to v0.4.10.
* {{!}} is now a magic word that produces the | character. This removes the need
for Template:! for purposes such as passing pipes inside of parameters.
* (bug 20790) The block log snippet on Special:Contributions and while
editing user and user talk pages now works for IP range blocks.
* (bug 9360) Added ability to change the page language for MediaWiki pages using
Special:PageLanguage. All pages are set to wiki language by default.
The feature needs to be enabled with $wgPageLanguageUseDB=true and
permission needs to be set for 'pagelang'.
* Upgrade Moment.js to v2.8.3.
* (bug 67042) Added support for the HTML5 <rtc> tag for East Asian typography.
* Upgrade Sinon.JS to 1.10.3.
* Added the es5-shim polyfill for older or non-compliant javascript engines.
* Upgrade jQuery Cookie to v1.3.1.
* (bug 20476) Add a "viewsuppressed" user right to be able to view
suppressed content but not suppress it ("suppressrevision" right).
* (bug 66440) The MediaWiki web installer will now allow you to choose the skins
to enable (from the ones included in download tarball) and decide which one
should be the default.
* (bug 68085, 68802) Links like [[localInterwikiPrefix:languageCode:pageTitle]],
where localInterwikiPrefix is a member of the $wgLocalInterwikis array, will
no longer be displayed in the sidebar when $wgInterwikiMagic is true. In a
similar way, links like [[localInterwikiPrefix:File:Image.png]] and
[[localInterwikiPrefix:Category:Hello]] will now render as regular links, and
will not include the file or add the page to the category.
* New special page, MyLanguage, to redirect users to subpages with localised
versions of a page. (Integrated from Extension:Translate)
* MediaWiki now supports multiple password types, including bcrypt and PBKDF2.
The default type can be changed with $wgPasswordDefault and the type
configurations can be changed with $wgPasswordConfig.
* Skins can now define custom styles for default ResourceLoader modules using
the $wgResourceModuleSkinStyles global. See the Vector skin for examples.
* (bug 4488) There is now a preference to watch pages where the user has
rollbacked an edit by default.
* (bug 15484) Users will now be redirected to the login page when they need to
log in, rather than being shown a page asking them to log in and having to
click another link to actually get to the login page.
* A JsonContent and JsonContentHandler were added for extensions to extend.
* (bug 35045) Redirects to sections will now update the URL in browser's address
bar using the HTML5 History API. When [[Dog]] redirects to [[Animals#Dog]],
the user will now see "Animals#Dog" in their browser instead of "Dog#Dog".
* API token handling has been rewritten. Any API module using tokens will need
to be updated. See the entry below under "Action API internal changes".
* Added HTMLAutoCompleteSelectField.
* Added a new hook, "SkinPreloadExistence", to allow extensions to add titles to
link existence cache before the page is rendered.
* Config::set() was moved to its own interface, MutableConfig.
GlobalVarConfig::set() is now deprecated, does not implement MutableConfig.
* A MutableConfig named HashConfig was added, that stores an array of
configuration settings.
* (bug 69418) A MultiConfig implementation was added that supports fallback
to multiple Config instances.
* Update CSSJanus to v1.1.0.
* Added FormatJson::parse() returning status with result or localized error
message
* Added DeletedContribsPager::reallyDoQuery hook allowing extensions to data to
Special:DeletedContributions
* Added DeletedContributionsLineEnding hook allowing extensions to format
Special:DeletedContributions lines
* (T69525) You can now make MediaWiki speed up its thumbnail rendering by using
intermediary thumbnails. $wgThumbnailBuckets must be set to a list of target
thumbnail widths; when a new thumbnail needs to be rendered, MediaWiki will
find the smallest bucket smaller than the original but larger than the target
width + $wgThumbnailMinimumBucketDistance, and it will scale that thumbnail,
rather than the original, down to the target size at greater speed in return
for minor loss of fidelity.
=== Bug fixes in 1.24 ===
* (bug 50572) MediaWiki:Blockip should support gender
* (bug 49116) Footer copyright notice is now always displayed in user language
rather than content language (same as copyright notice for editing interface).
* (bug 62258) A bug was fixed in File::getUnscaledThumb when a height
restriction was present in the parameters. Images with both the "frame"
option and a size specification set will now always ignore the provided
size and display an unscaled image, as the documentation has always
claimed it would.
* (bug 39035) Improved Vector skin performance by removing collapsibleNav,
which used to collapse some sidebar elements by default.
This removes -list id suffixes like p-lang-list: instead of using things like
#p-lang-list, you can do #p-lang .body ul.
* (bug 890) Links in Special:RecentChanges and Special:Watchlist no longer
follow redirects to their target pages.
* Parser now dies early if called recursively, instead of producing subtle bugs.
* (bug 14323) Redirect pages, when viewed with redirect=no, no longer hide the
remaining page content.
* (bug 52587) Maintenance script deleteBatch.php no longer follows redirects
in the file namespace and delete the file on the target page. It will still
however delete the redirect page.
* (bug 22683) {{msgnw:}} and other uses of PPFrame::RECOVER_ORIG will correctly
recover the original code of extension tags.
* (bug 65757) MSSQL: Update script drops unnamed constraints to be prepared
for future updates. Because it's doing so heuristically, it may fail or drop
wrong constraints.
* (bug 67870) wfShellExec() cuts off stdout at multiples of 8192 bytes.
* $wgRunJobsAsync now works with private wikis (e.g. read requires login).
* (bugs 57238, 65206) Blank pages can now be directly created.
* (bug 69789) Title::getContentModel() now loads from the database when
necessary instead of incorrectly returning the default content model.
* (bug 69249) wfBaseConvert() now works around PHP Bug #50175 when using GMP.
* (bug 57909) URLs in the externallinks table will no longer have certain
characters decoded in the query string.
* (bug 67368) LESS mixins like .background-image() correctly flip image
references for RTL stylesheets now.
=== Action API changes in 1.24 ===
* action=parse API now supports prop=modules, which provides the list of
ResourceLoader modules that should be used to enhance the parsed content.
* action=query&meta=siteinfo&siprop=interwikimap returns a new "protorel"
field which is true if protocol-relative urls can be used to access
a particular interwiki map entry.
* list=logevents now provides logpage, which is the page ID from the
logging table, if ids are requested and the user has the permissions.
* action=edit now requires that appendtext, prependtext, or section=new be used
when using the 'redirect' parameter, to prevent clients accidentally
overwriting the target page with the content of the redirect.
* list=logevents will now return an error if both letitle and leprefix are
specified.
* list=logevents has a new parameter, lenamespace, to allow filtering by
namespace.
* action=expandtemplates has a new parameter, prop, and a new output format.
The old format is still used if prop isn't provided, but this is deprecated.
* meta=userinfo can now return the count of unread pages on the watchlist.
* list=watchlist can now filter by unread status.
* The deprecated action=parse&prop=languageshtml has been removed.
* (bug 48071) action=setnotificationtimestamp no longer throws PHP or database
errors when no pages are given.
* (bug 60734) Actions that use ApiPageSet (e.g. purge, watch,
setnotificationtimestamp) will now include continuation information when
using a generator.
* Removed 'props' and 'errors' from action=paraminfo, as they have extremely
limited use and are generally inaccurate, unmaintained, and impossible to
properly maintain.
* Formats dbg, dump, txt, wddx, and yaml are now deprecated.
* action=paraminfo now indicates when a parameter is specifying a submodule.
* The iwurl parameter to prop=iwlinks is deprecated in favor of iwprop=url, for
parallelism with prop=langlinks.
* All tokens should be fetched from action=query&meta=tokens; all other methods
of fetching tokens are deprecated. The value needed for meta=tokens's 'type'
parameter for each module is documented in the action=help output and is
returned from action=paraminfo.
* New action ClearHasMsg that can be used to clear HasMsg flag.
* The cmstartsortkey and cmendsortkey parameters to list=categorymembers are
deprecated in favor of cmstarthexsortkey and cmendhexsortkey.
* (bug 63326) Add blockedtimestamp field to output of blockinfo property for
the list=allusers and list=users modules.
* prop=imageinfo no longer requires iiurlwidth to be set when using iiurlparam.
* Added prop=linkshere, prop=fileusage, and prop=transcludedin, which are
roughly equivalent to list=backlinks, list=imageusage, and list=embeddedin
but can work on a list of titles (including titles from a generator).
* prop=redirects can now filter returned redirects by namespace.
=== Action API internal changes in 1.24 ===
* Methods for handling continuation are added to ApiResult, so actions other
than query that use generators can easily support continuation.
* $wgAPIModules (and the related $wgAPIFormatModules, $wgAPIMetaModules,
$wgAPIPropModules, and $wgAPIListModules settings) now allow API modules
to be specified using a "module spec" array instead of a plain class name.
A "module spec" is an associative array containing at least the 'class' key
for the module's class, and optionally a 'factory' key for the factory
function to use for the module. This is intended for extensions that want
control over the instantiation of their API modules, to allow for proper
dependency injection.
* A new param type 'submodule' is available. Parameters of this type will take
the list of valid values from the module's ApiModuleManager for the group
corresponding to the parameter name.
* The 'APIGetPossibleErrors' and 'APIGetResultProperties' hooks are no longer
used.
* API token handling has been rewritten. Any API module using tokens will need
to be updated:
* ApiBase::needsToken now returns a token type instead of boolean true when a
token is needed. Returning true will throw an exception. See documentation
of that method for details.
* Information for the 'token' parameter is automatically set by ApiBase
getFinalParams and getFinalParamDescription.
* ApiBase::getTokenSalt has been removed.
* The hooks APIQueryInfoTokens, APIQueryRevisionsTokens,
APIQueryRecentChangesTokens, APIQueryUsersTokens, and
ApiTokensGetTokenTypes are deprecated, but are still called to support
backwards-compatible token access.
* ApiBase::validateLimit and ApiBase::validateTimestamp are now protected.
* ApiQueryRedirects was removed; prop=redirects is now implemented by
ApiQueryBacklinksProp along with the newly-added prop modules.
* The following methods have been deprecated and may be removed in a future
release:
* ApiBase::getResultProperties
* ApiBase::getFinalResultProperties
* ApiBase::addTokenProperties
* ApiBase::getRequireOnlyOneParameterErrorMessages
* ApiBase::getRequireMaxOneParameterErrorMessages
* ApiBase::getRequireAtLeastOneParameterErrorMessages
* ApiBase::getTitleOrPageIdErrorMessage
* ApiBase::getPossibleErrors
* ApiBase::getFinalPossibleErrors
* ApiBase::parseErrors
* ApiQuery::setGeneratorContinue
* ApiQueryBase::checkRowCount
* ApiQueryBase::titleToKey
* ApiQueryBase::keyToTitle
* ApiQueryBase::keyPartToTitle
* ApiQueryInfo::getTokenFunctions
* ApiQueryInfo::resetTokenCache
* ApiQueryInfo::getEditToken
* ApiQueryInfo::getDeleteToken
* ApiQueryInfo::getProtectToken
* ApiQueryInfo::getMoveToken
* ApiQueryInfo::getBlockToken
* ApiQueryInfo::getUnblockToken
* ApiQueryInfo::getEmailToken
* ApiQueryInfo::getImportToken
* ApiQueryInfo::getWatchToken
* ApiQueryInfo::getOptionsToken
* ApiQueryRecentChanges::getTokenFunctions
* ApiQueryRecentChanges::getPatrolToken
* ApiQueryRevisions::getTokenFunctions
* ApiQueryRevisions::getRollbackToken
* ApiQueryUsers::getTokenFunctions
* ApiQueryUsers::getUserrightsToken
* The following classes have been deprecated and may be removed in a future
release:
* ApiFormatDbg
* ApiFormatDump
* ApiFormatTxt
* ApiFormatWddx
* ApiFormatYaml
* ApiTokens
* The following class constants have been deprecated and may be removed in a
future release:
* ApiBase::PROP_ROOT
* ApiBase::PROP_LIST
* ApiBase::PROP_TYPE
* ApiBase::PROP_NULLABLE
=== Languages updated in 1.24 ===
MediaWiki supports over 350 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Bugzilla reports.
=== Other changes in 1.24 ===
* The deprecated jquery.delayedBind ResourceLoader module was removed.
* The deprecated function mw.util.toggleToc was removed.
* The Special:Search hooks SpecialSearchGo and SpecialSearchResultsAppend
were removed as they were unused.
* (bug 65477) User::pingLimiter() now has an additional profile point varying
by action being used.
* mediawiki.util.$content no longer supports old versions of the Vector,
Monobook, Modern and CologneBlue skins that don't yet implement the "mw-body"
and/or "mw-body-primary" class name in their html.
* Added pp_sortkey column to page_props table, so pages can be efficiently
queried and sorted by property value (bug 58032).
See $wgPagePropsHaveSortkey if you want to postpone the schema change.
* BREAKING CHANGE: All four built-in MediaWiki skins (Vector, MonoBook, Modern
and Cologne Blue) were moved out of MediaWiki core to their own respective
repositories. They will be installed with the release tarball, but you must
install them separately if installing MediaWiki from source code. A warning
message displayed until you do it should guide you through the process. See
also <https://www.mediawiki.org/wiki/Manual:Skin_configuration>.
* BREAKING CHANGE: Skins built for MediaWiki 1.15 and earlier that do not use
the "headelement" template key are no longer supported. Setting
$useHeadElement = false; is no longer supported and will not cause old keys
like "headlinks", "skinnameclass", etc. to be defined.
* BREAKING CHANGE: The files commonElements.css, commonContent.css and
commonInterface.css (in skins/common/) have been removed. Skins may no longer
rely on their presence and include them in their style modules. ResourceLoader
modules introduced in MediaWiki 1.23 should be loaded instead:
- skins/common/commonElements.css → 'mediawiki.skinning.elements' module
- skins/common/commonContent.css → 'mediawiki.skinning.content' module
- skins/common/commonInterface.css → 'mediawiki.skinning.interface' module
* The deprecated 'SpecialVersionExtensionTypes' hook was removed.
* (bug 63891) Add 'X-Robots-Tag: noindex' header in action=render pages.
* SpecialPage no longer supports the syntax for invoking wfSpecial*() functions.
Special pages should subclass SpecialPage and implement the execute() method.
* (bug 63755) The deprecated constants RC_MOVE and RC_MOVE_OVER_REDIRECT were
removed.
* Special:MostLinkedTemplates has been renamed to Special:MostTranscludedPages.
* The skin autodiscovery mechanism has been deprecated and will be removed in
MediaWiki 1.25. See https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery
for migration guide for creators and users of custom skins that relied on it.
* ResourceLoaderFileModule#getAllStyleFiles now returns all style files and all
skin style files used by the module.
* Removed getLang() from IContextSource and subclasses. (deprecated since 1.19)
* Removed setLang() from subclasses of IContextSource. (deprecated since 1.19)
* Removed WebRequest::escapeAppendQuery(). (deprecated since 1.20)
* Removed info(), purge(), revert() and rollback() from the Article class; they
have since become subclasses of the Action class. (deprecated since 1.19)
* SearchEngineReplacePrefixesComplete hook was removed.
* The "jquery.json" module has been deprecated. Use the "json" module instead.
* Removed HTMLForm::addJS(). (deprecated since 1.18)
* Removed LogEventsList::showHeader(). (deprecated since 1.19)
* Removed ImageGalleryBase::useSkin(). (deprecated since 1.18)
* Removed DatabaseMysqlBase::getLagFromProcesslist(). (deprecated since 1.19)
* Removed LoadBalancer::closeConnecton(). (deprecated since 1.18)
* Removed ApiBase::createContext(). (deprecated since 1.19)
* BREAKING CHANGE: The undocumented Special{$this->getName()}BeforeFormDisplay
set of hooks has been removed and replaced by a single new hook
SpecialPageBeforeFormDisplay.
* (bug 65781) Removed block warning on included {{Special:Contributions}}
* Removed Skin::makeGlobalVariablesScript(). (deprecated since 1.19)
* Removed MWNamespace::isMain(). (deprecated since 1.19)
* Removed Preferences::loadOldSearchNs(). (deprecated since 1.19)
* Removed OutputPage::getStatusMessage(). (deprecated since 1.18)
* Removed OutputPage::isUserJsAllowed(). (deprecated since 1.18)
* Removed Title::updateTitleProtection(). (deprecated since 1.19)
* Removed ParserOptions::setSkin(). (deprecated since 1.19)
* Removed Title::escapeCanonicalURL(). (deprecated since 1.19)
* Removed Title::escapeLocalURL(). (deprecated since 1.19)
* Removed Title::escapeFullURL(). (deprecated since 1.19)
* Removed User::isValidEmailAddr(). (deprecated since 1.18)
* Removed Title::getEscapedText(). (deprecated since 1.19)
* Removed Language::getFallbackLanguageCode(). (deprecated since 1.19)
* Removed WikiPage::isBigDeletion(). (deprecated since 1.19)
* Removed MWInit class which contained functions related to a now discontinued
PHP compiler called hphpc. (deprecated since 1.22)
* ApiResult::enableSizeCheck() and disableSizeCheck() are now obsolete.
* Removed ResourceLoaderGetStartupModules hook. (deprecated since 1.23)
* Removed getFormFields(), onSubmit() and onSuccess() from FormlessAction, as
these were meant specifically for FormAction instead.
* Removed Action::execute().
* Removed AjaxAddScript which has been obsolete since ResourceLoader and
is unused by any modern extension.
* Removed maintenance/nextJobDB.php; no longer in use.
* Removed global function wfViewPrevNext(). (deprecated since 1.19)
* Removed global function xmlsafe() from Export.php. (moved to OAIRepo
extension)
* Removed Title::userCanRead(). (deprecated since 1.19)
* Removed maintenance script importTextFile.php. Use edit.php script instead.
* A _from_namespace field has been added to the templatelinks, pagelinks,
and filelinks tables. Run update.php to apply this change to the schema.
* Removed File::sha1Base36(). (deprecated since 1.19)
* Removed File::getPropsFromPath(). (deprecated since 1.19)
* Removed functions blockedPage(), noCreatePermission(), readOnlyPage() and
userNotLoggedInPage() from EditPage.php. (deprecated since 1.19)
* Removed functions getContent(), getPreloadedText(), mergeChangesInto() and
setPreloadedText() from EditPage.php. (deprecated since 1.21)
* Removed global functions wfArrayLookup(), wfArrayMerge(),
wfDebugDieBacktrace() and wfTime(). (deprecated since 1.22)
* Browser support for Internet Explorer 6 and 7 lowered from Grade A to Grade C,
meaning that JavaScript is no longer executed in these browser versions.
* Browser support for Opera 11 lowered from Grade A to Grade C.
* Removed IEFixes module which existed purely to provide support for MSIE
versions below 7 (conditionally loaded only for those browsers).
* Deprecated SpecialPageFactory::getList() in favor of
SpecialPageFactory::getNames()
* Action::checkCanExecute() no longer has a return value.
* Removed cleanupForIRC(), loadFromCurRow(), newFromCurRow(), notifyRC2UDP()
and sendToUDP() from RecentChange.php. (deprecated since 1.22)
* Removed EnhancedChangesList::arrow(), sideArrow(), downArrow(), spacerArrow().
* Removed Xml::namespaceSelector(). (deprecated since 1.19)
* Removed WikiPage::estimateRevisionCount(). (deprecated since 1.19)
* MYSQL: Enum item added to "major MIME type" columns.
Running update.php on MySQL < v5.1 may result in heavy processing.
* RSS and Atom feeds generated by MediaWiki no longer include a fallback
stylesheet. It was ignored by most browsers these days anyway.
* SpecialSearchNoResults hook has been removed. SpecialSearchResults is now
called unconditionally.
* TablePager::getBody() is now 'final' and can't be overridden in subclasses.
* TablePager::getBody() is deprecated, use getBodyOutput() or getFullOutput().
* Added $outputPage parameter to the SkinTemplateGetLanguageLink hook.
* log_page for move log entries store the original page ID, rather than that
of the new redirect page. This is not retroactive.
* LCStoreAccel was removed. $wgLocalisationCacheConf can no longer be set to
use this store class.
* Html::infoBox() no longer accepts paths relative to skins/common/images/.
* Deprecated defunct Skin::getCommonStylePath().
* Some extensions had their ResourceLoader modules depend on the "mediawiki"
and "jquery" modules. In the past, this behavior was undefined, now it will
throw an error.
* Removed BagOStuff::replace(). (deprecated since 1.23)
* In Linker.php, link(), linkText() and makeBrokenImageLinkObj() now display
warnings if their first parameter is not a Title object. Also makeImageLink()
now requires a Parser as its first parameter.
* (bug 67368) LESS functions embed() and embeddable(), added in MediaWiki 1.23
and broken by design, have been removed. Use appropriate LESS mixins instead.
* Removed cssjanus.py from maintenance directory as it was unused.
* Removed maintenance/purgeOldText.inc and the PurgeRedundantText() function
it contained (superseded by Maintenance::purgeRedundantText() in 1.16).
The purgeOldText.php maintenance script has been retained.
* PHPUnit tests can be found by directory discovery, by adding the directory
path from your UnitTestsList callback. Older versions of MediaWiki core will
barf at this usage.
==== Renamed classes ====
* CLDRPluralRuleConverter_Expression to CLDRPluralRuleConverterExpression
* CLDRPluralRuleConverter_Fragment to CLDRPluralRuleConverterFragment
* CLDRPluralRuleConverter_Operator to CLDRPluralRuleConverterOperator
* CLDRPluralRuleEvaluator_Range to CLDRPluralRuleEvaluatorRange
* CSSJanus_Tokenizer to CSSJanusTokenizer
* MediaWiki_I18N to MediaWikiI18N
* Parser_DiffTest to ParserDiffTest
* RevDel_ArchiveItem to RevDelArchiveItem
* RevDel_ArchiveList to RevDelArchiveList
* RevDel_ArchivedFileItem to RevDelArchivedFileItem
* RevDel_ArchivedFileList to RevDelArchivedFileList
* RevDel_ArchivedRevisionItem to RevDelArchivedRevisionItem
* RevDel_FileItem to RevDelFileItem
* RevDel_FileList to RevDelFileList
* RevDel_Item to RevDelItem
* RevDel_List to RevDelList
* RevDel_LogItem to RevDelLogItem
* RevDel_LogList to RevDelLogList
* RevDel_RevisionItem to RevDelRevisionItem
* RevDel_RevisionList to RevDelRevisionList
* WebInstaller_Complete to WebInstallerComplete
* WebInstaller_Copying to WebInstallerCopying
* WebInstaller_DBConnect to WebInstallerDBConnect
* WebInstaller_DBSettings to WebInstallerDBSettings
* WebInstaller_Document to WebInstallerDocument
* WebInstaller_ExistingWiki to WebInstallerExistingWiki
* WebInstaller_Install to WebInstallerInstall
* WebInstaller_Language to WebInstallerLanguage
* WebInstaller_Name to WebInstallerName
* WebInstaller_Options to WebInstallerOptions
* WebInstaller_Readme to WebInstallerReadme
* WebInstaller_ReleaseNotes to WebInstallerReleaseNotes
* WebInstaller_Restart to WebInstallerRestart
* WebInstaller_Upgrade to WebInstallerUpgrade
* WebInstaller_UpgradeDoc to WebInstallerUpgradeDoc
* WebInstaller_Welcome to WebInstallerWelcome
==== Removed classes ====
* IPBlockForm - Use SpecialBlock directly
* WatchlistEditor - Use SpecialEditWatchlist directly
* FormatExif - Use FormatMetadata directly
* RevertFileAction - Use RevertAction directly
* HistoryPage - Use HistoryAction directly
* RawPage - Use RawAction directly
* StubContLang - Use Language::factory() instead
* XMLReader2 - Use XMLReader directly
* ResourceLoaderLESSFunctions - No longer in use, not intended for public usage
==== Removed files ====
The skins/common/ directory, previously containing some assets intended to be
used by skins and a number of legacy styles and scripts, has been removed. Its
contents have been deleted or relocated into the resources/ directory. Full list
of files that are no longer available follows.
* skins/common/ajax.js
* skins/common/commonContent.css
* skins/common/commonElements.css
* skins/common/commonInterface.css
* skins/common/commonPrint.css
* skins/common/config-cc.css
* skins/common/config.css
* skins/common/config.js
* skins/common/feed.css
* skins/common/IEFixes.js
* skins/common/oldshared.css
* skins/common/protect.js
* skins/common/shared.css
* skins/common/upload.js
* skins/common/wikibits.js
* skins/common/images/add.png
* skins/common/images/ajax-loader.gif
* skins/common/images/arrow_disabled_first_25.png
* skins/common/images/arrow_disabled_last_25.png
* skins/common/images/arrow_disabled_left_25.png
* skins/common/images/arrow_disabled_right_25.png
* skins/common/images/arrow_first_25.png
* skins/common/images/arrow_last_25.png
* skins/common/images/arrow_left_25.png
* skins/common/images/arrow_right_25.png
* skins/common/images/Arr_.png
* skins/common/images/Arr_d.png
* skins/common/images/Arr_l.png
* skins/common/images/Arr_r.png
* skins/common/images/Arr_u.png
* skins/common/images/bullet.gif
* skins/common/images/button_bold.png
* skins/common/images/button_extlink.png
* skins/common/images/button_headline.png
* skins/common/images/button_hr.png
* skins/common/images/button_image.png
* skins/common/images/button_italic.png
* skins/common/images/button_link.png
* skins/common/images/button_media.png
* skins/common/images/button_nowiki.png
* skins/common/images/button_sig.png
* skins/common/images/button_template.png
* skins/common/images/cc-0.png
* skins/common/images/cc-by-nc-sa.png
* skins/common/images/cc-by-sa.png
* skins/common/images/cc-by.png
* skins/common/images/Checker-16x16.png
* skins/common/images/closewindow.png
* skins/common/images/closewindow19x19.png
* skins/common/images/critical-32.png
* skins/common/images/diffunderline.gif
* skins/common/images/download-32.png
* skins/common/images/feed-icon.png
* skins/common/images/feed-icon.svg
* skins/common/images/gnu-fdl.png
* skins/common/images/help-question-hover.gif
* skins/common/images/help-question.gif
* skins/common/images/info-32.png
* skins/common/images/link_icon.gif
* skins/common/images/magnify-clip-rtl.png
* skins/common/images/magnify-clip.png
* skins/common/images/mediawiki.png
* skins/common/images/nextredirectltr.png
* skins/common/images/nextredirectrtl.png
* skins/common/images/poweredby_mediawiki_88x31.png
* skins/common/images/public-domain.png
* skins/common/images/question-small.png
* skins/common/images/question.svg
* skins/common/images/redirectltr.png
* skins/common/images/redirectrtl.png
* skins/common/images/remove.png
* skins/common/images/spinner.gif
* skins/common/images/tick-32.png
* skins/common/images/tipsy-arrow.gif
* skins/common/images/tooltip_icon.png
* skins/common/images/warning-32.png
* skins/common/images/wiki.png
* skins/common/images/Zoom_sans.gif
* skins/common/images/ar/button_bold.png
* skins/common/images/ar/button_headline.png
* skins/common/images/ar/button_italic.png
* skins/common/images/ar/button_link.png
* skins/common/images/ar/button_nowiki.png
* skins/common/images/be-tarask/button_bold.png
* skins/common/images/be-tarask/button_italic.png
* skins/common/images/be-tarask/button_link.png
* skins/common/images/cyrl/button_bold.png
* skins/common/images/cyrl/button_italic.png
* skins/common/images/cyrl/button_link.png
* skins/common/images/de/button_bold.png
* skins/common/images/de/button_italic.png
* skins/common/images/fa/button_bold.png
* skins/common/images/fa/button_headline.png
* skins/common/images/fa/button_italic.png
* skins/common/images/fa/button_link.png
* skins/common/images/fa/button_nowiki.png
* skins/common/images/icons/fileicon-c.png
* skins/common/images/icons/fileicon-cpp.png
* skins/common/images/icons/fileicon-deb.png
* skins/common/images/icons/fileicon-djvu.png
* skins/common/images/icons/fileicon-djvu.xcf
* skins/common/images/icons/fileicon-dvi.png
* skins/common/images/icons/fileicon-exe.png
* skins/common/images/icons/fileicon-h.png
* skins/common/images/icons/fileicon-html.png
* skins/common/images/icons/fileicon-iso.png
* skins/common/images/icons/fileicon-java.png
* skins/common/images/icons/fileicon-mid.png
* skins/common/images/icons/fileicon-mov.png
* skins/common/images/icons/fileicon-o.png
* skins/common/images/icons/fileicon-ogg.png
* skins/common/images/icons/fileicon-ogg.xcf
* skins/common/images/icons/fileicon-pdf.png
* skins/common/images/icons/fileicon-ps.png
* skins/common/images/icons/fileicon-psd.png
* skins/common/images/icons/fileicon-rm.png
* skins/common/images/icons/fileicon-rpm.png
* skins/common/images/icons/fileicon-svg.png
* skins/common/images/icons/fileicon-tar.png
* skins/common/images/icons/fileicon-tex.png
* skins/common/images/icons/fileicon-ttf.png
* skins/common/images/icons/fileicon-txt.png
* skins/common/images/icons/fileicon.png
* skins/common/images/ksh/button_S_italic.png
= MediaWiki 1.23 =
== MediaWiki 1.23.17 ==
=== Changes since 1.23.16 === <!--T:69-->
* Fix syntax errors introduced in 1.23.16 when running PHP 5.3.
== MediaWiki 1.23.16 ==
This is a security and maintenance release of the MediaWiki 1.23 branch.
=== Changes since 1.23.15 ===
* (T68404) CSS3 attr() function with url type is no longer allowed
in inline styles.
* (T156184) $wgRawHtml will no longer apply to internationalization messages.
* Submitting the lgtoken and lgpassword parameters in the query string to
action=login is now deprecated and outputs a warning. They should be submitted
in the POST body instead.
* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow
redirect to interwiki links.
* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
$wgAdvancedSearchHighlighting is true.
* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
their values out of the logs.
* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a
CSRF token.
* (T156184) SECURITY: Escape content model/format url parameter in message.
* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
declaration.
* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
inclusion syntax's link parameter.
* (T108138) SECURITY: Sysops can undelete pages, although the page is protected
against it.
== MediaWiki 1.23.15 ==
This is a maintenance release of the MediaWiki 1.23 branch.
=== Changes since 1.23.14 ===
* BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests
made by MediaWiki via a proxy. Relying on the http_proxy environment
variable is no longer supported.
* (T139565) SECURITY: API: Generate head items in the context of the given title
* (T137264) SECURITY: XSS in unclosed internal links
* (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks
* (T133147) SECURITY: Require login to preview user CSS pages
* (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is
the top file
* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
permissions
* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true
* (T115333) SECURITY: Check read permission when loading page content in
ApiParse
* Remove support for $wgWellFormedXml = false, all output is now well formed
== MediaWiki 1.23.13 ==
This is a maintenance release of the MediaWiki 1.23 branch.
=== Changes since 1.23.12 ===
* (T121892) Fix fatal errors on some Special pages, introduced in 1.23.12.
== MediaWiki 1.23.12 ==
This is a security and maintenance release of the MediaWiki 1.23 branch.
=== Changes since 1.23.11 ===
* (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths
that do not begin with a slash. This enabled trivial XSS attacks.
Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are
"/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an
error.
* (T119309) SECURITY: Use hash_compare() for edit token comparison
* (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting
with '@' as file uploads
* (T115522) SECURITY: Passwords generated by User::randomPassword() can no
longer be shorter than $wgMinimalPasswordLength
* (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could
result in improper blocks being issued
* (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions
and related pages no longer use HTTP redirects and are now redirected by
MediaWiki
== MediaWiki 1.23.11 ==
This is a security and maintenance release of the MediaWiki 1.23 branch.
=== Changes since 1.23.10 ===
* (T91850) SECURITY: Add throttle check in ApiUpload and SpecialUpload
* (T91203, T91205) SECURITY: API: Improve validation in chunked uploading
* (T108616) SECURITY: Avoid exposure of local path in PNG thumbnails
== MediaWiki 1.23.10 ==
This is a security and maintenance release of the MediaWiki 1.23 branch.
=== Changes since 1.23.9 ===
* (T94116) SECURITY: Compare API watchlist token in constant time
* (T97391) SECURITY: Escape error message strings in thumb.php
* (T106893) SECURITY: Don't leak autoblocked IP addresses on
Special:DeletedContributions
* (bug 67644) Make AutoLoaderTest handle namespaces
* (T91653) Minimal PSR-3 debug logger to support backports from 1.25+.
* (T102562) Fix InstantCommons parameters to handle the new HTTPS-only
policy of Wikimedia Commons.
== MediaWiki 1.23.9 ==
This is a security and maintenance release of the MediaWiki 1.23 branch.
=== Changes since 1.23.8 ===
* (T85848, T71210) SECURITY: Don't parse XMP blocks that contain XML entities,
to prevent various DoS attacks.
* (T85848) SECURITY: Don't allow directly calling Xml::isWellFormed, to reduce
likelihood of DoS.
* (T88310) SECURITY: Always expand xml entities when checking SVG's.
* (T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS.
* (T85855) SECURITY: Don't execute another user's CSS or JS on preview.
* (T85349, T85850, T86711) SECURITY: Multiple issues fixed in SVG filtering to
prevent XSS and protect viewer's privacy.
* (bug T68650) Fix indexing of moved pages with PostgreSQL. Requires running
update.php to fix.
* (bug T70087) Fix Special:ActiveUsers page for installations using
PostgreSQL.
== MediaWiki 1.23.8 ==
This is a security and maintenance release of the MediaWiki 1.23 branch.
=== Changes since 1.23.7 ===
* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which
could lead to xss. Permission to edit MediaWiki namespace is required to
exploit this.
* (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in
$wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as
part of its name.
* (bug T74222) The original patch for T74222 was reverted as unnecessary.
== MediaWiki 1.23.7 ==
This is a security and maintenance release of the MediaWiki 1.23 branch.
=== Changes since 1.23.6 ===
* (bugs 66776, 71478) SECURITY: User PleaseStand reported a way to inject code
into API clients that used format=php to process pages that underwent flash
policy mangling. This was fixed along with improving how the mangling was done
for format=json, and allowing sites to disable the mangling using
$wgMangleFlashPolicy.
* (bug 70901) SECURITY: User Jackmcbarn reported that the ability to update
the content model for a page could allow an unprivileged attacker to edit
another user's common.js under certain circumstances. The user right
"editcontentmodel" was added, and is needed to change a revision's content
model.
* (bug 71111) SECURITY: User PleaseStand reported that on wikis that allow raw
HTML, it is not safe to preview wikitext coming from an untrusted source such
as a cross-site request. Thus add an edit token to the form, and when raw HTML
is allowed, ensure the token is provided before showing the preview. This
check is not performed on wikis that both allow raw HTML and anonymous
editing, since there are easier ways to exploit that scenario.
* (bug 72222) SECURITY: Do not show log action when the entry is revdeleted with
DELETED_ACTION. NOTICE: this may be reverted in a future release pending a
public RFC about the desired functionality. This issue was reported by user
Bawolff.
* (bug 71621) Make allowing site-wide styles on restricted special pages a
config option.
* (bug 42723) Added updated version history from 1.19.2 to 1.22.13
* $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that
might be a flash policy directive configurable.
== MediaWiki 1.23.6 ==
This is a maintenance release of the MediaWiki 1.23 branch.
=== Changes since 1.23.5 ===
* (Bug 72274) Job queue not running (HTTP 411) due to missing
Content-Length: header
* (Bug 67440) Allow classes to be registered properly from installer
== MediaWiki 1.23.5 ==
This is a security release of the MediaWiki 1.23 branch.
=== Changes since 1.23.4 ===
* (bug 70672) SECURITY: OutputPage: Remove separation of css and js module
allowance.
== MediaWiki 1.23.4 ==
This is a security and maintenance release of the MediaWiki 1.23 branch.
=== Changes since 1.23.3 ===
* (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style>
elements; normalize style elements and attributes before filtering; add
checks for attributes that contain css; add unit tests for html5sec and
reported bugs.
* (bug 65998) Make MySQLi work with non-standard socket.
* (bug 66986) GlobalVarConfig shouldn't throw exceptions for null-valued config
settings.
== MediaWiki 1.23.3 ==
This is a maintenance release of the MediaWiki 1.23 branch.
=== Changes since 1.23.2 ===
* (bug 68501) Correctly handle incorrect namespace in cleanupTitles.php.
* (bug 64970) Fix support for blobs on DatabaseOracle::update.
* (bug 66574) Display MediaWiki:Loginprompt on the login page.
* (bug 67870) wfShellExec() cuts off stdout at multiples of 8192 bytes.
* (bug 60629) Handle invalid language code gracefully in
Language::fetchLanguageNames.
* (bug 62017) Restore the number of rows shown on Special:Watchlist.
* Check for boolean false result from database query in SqlBagOStuff.
== MediaWiki 1.23.2 ==
This is a security and maintenance release of the MediaWiki 1.23 branch.
=== Changes since 1.23.1 ===
* (bug 68187) SECURITY: Prepend jsonp callback with comment.
* (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used
for loading a new page in Javascript,instead of relying on the URL in the link
that has been clicked.
* (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and
ParserOutput.
* (bug 68313) Preferences: Turn stubthreshold back into a combo box.
* (bug 65214) Fix initSiteStats.php maintenance script.
* (bug 67594) Special:ActiveUsers: Fix to work with PostgreSQL.
== MediaWiki 1.23.1 ==
This is a security and maintenance release of the MediaWiki 1.23 branch.
=== Changes since 1.23.0 ===
* (bug 65839) SECURITY: Prevent external resources in SVG files.
* (bug 67025) Special:Watchlist: Don't try to render empty row.
* (bug 66922) Don't allow some E_NOTICE messages to end up in the
LocalSettings.php.
* (bug 66467) FileBackend: Avoid using popen() when "parallelize" is disabled.
* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects
like only extracting the tail of the file partially or not at all.
* (bug 66182) Removed -x flag on some php files.
== MediaWiki 1.23.0 ==
=== Configuration changes in 1.23 ===
* (bug 13250) Restored method for clearing a watchlist in web UI
so that users with large watchlists don't have to perform
contortions to clear them.
* When $wgJobRunRate is higher than zero, jobs are now executed via an
asynchronous HTTP request to a MediaWiki entry point. This may require
increasing the number of server worker threads. $wgRunJobsAsync has been
added to disable this feature if needed, falling back to executing the job
on the same process but making the execution synchronously.
* $wgDebugLogGroups values may be set to an associative array with a
'destination' key specifying the log destination. The array may also contain
a 'sample' key with a positive integer value N indicating that the log group
should be sampled by dispatching one in every N messages on average. The
sampling is random.
* In addition to the current exception log format, MediaWiki now serializes
exception metadata to JSON and logs it to the 'exception-json' log group.
This makes MediaWiki easier to integrate with log aggregation and analysis
tools.
* $wgSquidServersNoPurge now supports the use of Classless Inter-Domain
Routing (CIDR) notation to specify contiguous blocks of IPv4 and/or IPv6
addresses that should be trusted to provide X-Forwarded-For headers.
* Preferences 'watchcreations', 'watchdefault', 'enotifwatchlistpages' ("Add
pages I create and files I upload to my watchlist", "Add pages and files I
edit to my watchlist", "Email me when a page or file on my watchlist is
changed") are now enabled by default. In addition new user accounts' personal
and talk pages are now watched by them by default.
* $wgLBFactoryConf: Class names have had underscores removed. The configuration
should be updated if LBFactory_Simple or LBFactory_Multi is configured.
* $wgPasswordSenderName has been removed and is no longer functional. To set a
custom mailer name, the system message 'emailsender' should be modified
(default: "{{SITENAME}}").
* (bug 63269) Email notifications were not correctly handling the
[[MediaWiki:Helppage]] message being set to a full URL (the default).
If you customized [[MediaWiki:Enotif body]] (the text of email notifications),
you'll need to edit it locally to include the URL via the new variable
$HELPPAGE instead of the parser functions fullurl and canonicalurl; otherwise
you don't have to do anything.
* $wgDBAhandler was removed as the only class using it was also removed
* The 'max threads' setting was removed from $wgDBservers.
* Support for AdminSettings.php has been completely removed. All configuration
belongs in LocalSettings.php.
* $wgSkipSkin, which has been replaceable by $wgSkipSkins since 2005 (r9249), is
now formally deprecated.
* Removed deprecated $wgDisabledActions as it is hardly used anywhere.
* $wgRateLimitLog has been deprecated and replaced by
$wgDebugLogGroup['ratelimit'].
* $wgLocalInterwikis is an array containing multiple local interwiki prefixes
(interwiki prefixes that point back to the current wiki). This effectively
allows more than one value of $wgLocalInterwiki to be specified and
understood by the parser. The value of $wgLocalInterwiki is automatically
prepended to the start of this array.
* $wgQueryPages has been removed. Query Pages should be added to by using the
wgQueryPages hook.
* $wgHttpOnlyBlacklist has been removed.
* $wgLicenseTerms has been removed as it was unused.
* $wgProfileOnly is now deprecated; set the log file in
$wgDebugLogGroups['profileoutput'] to replace it.
* $wgMaxBacklinksInvalidate was removed; use $wgJobBackoffThrottling instead
* Deprecated ResourceLoaderGetStartupModules hook.
=== New features in 1.23 ===
* ResourceLoader can utilize the Web Storage API to cache modules client-side.
Compared to the browser cache, caching in Web Storage allows ResourceLoader
to be more granular about evicting stale modules from the cache while
retaining the ability to retrieve multiple modules in a single HTTP request.
This capability can be enabled by setting $wgResourceLoaderStorageEnabled to
true. This feature is currently considered experimental and should only be
enabled with care.
* (bug 6092) Add expensive parser functions {{REVISIONID:}}, {{REVISIONUSER:}}
and {{REVISIONTIMESTAMP:}} (with friends).
* Add "wgRelevantUserName" to mw.config containing the current
Skin::getRelevantUser value.
* (bug 56033) Add content model to the page information.
* Added Article::MissingArticleConditions hook to give extensions a chance to
hide their (unrelated) log entries.
* Added LonelyPagesQuery hook to let extensions modify the query used to
generate Special:LonelyPages.
* Added $wgOpenSearchDefaultLimit defining the default number of entries to show
on action=opensearch API call.
* For namespaces with $wgNamespaceProtection (including the MediaWiki
namespace), the "protect" tab will be shown only if there are restriction
levels available that would restrict editing beyond what
$wgNamespaceProtection already applies. The protection form will offer only
those protection levels.
* Added $wgAPIFormatModules, allowing extensions to add additional output
formatting modules for the API.
* (bug 47812) The MediaWiki:Group-user.{css,js} pages can now be used to add
custom CSS or JavaScript enabled only for registered users.
* (bug 52005) Special pages RecentChanges, RecentChangesLinked and Watchlist
now include a legend describing the symbols used in lists of changes.
* Improved the accessibility of the tabs in Special:Preferences.
* Added ApiBeforeMain hook, roughly equivalent to the BeforeInitialize hook:
it's called after everything is set up but before any major processing
happens.
* The jquery.client module now performs a component-wise version comparison in
its #test method when strings are used in the browser map: version '1.10' is
now correctly considered larger than '1.2'. Using numbers in the version map
is not affected.
* All API modules now support an assert parameter, which can either be
'user' or 'bot'. The API will throw an error if the user is not logged
in (user) or does not have the 'bot' userright (bot). Based off of the
AssertEdit extension by Steve Sanbeg.
* [[Special:Diff]] was added, allowing users to create internal links to
revision comparison pages using syntax such as [[Special:Diff/12345]],
[[Special:Diff/12345/prev]] or [[Special:Diff/12345/98765]].
* New user accounts' personal and talk pages are now watched by them by default.
* Added SkinTemplateGetLanguageLink hook to allow changing the html of language
links.
* Added MessageCache::get hook as a new way to customize messages across
multiple sites.
* Added jquery.throttle-debounce ResourceLoader module to limit the number of
callbacks for frequently occurring events.
* Special:ProtectedPages shows now a table. The timestamp, the reason and
the protecting user are also shown.
* Added experimental support for using Microsoft SQL Server as the database
backend.
** Added new Microsoft SQL Server-specific configuration variable
$wgDBWindowsAuthentication, which makes the web server authenticate against
the database server using Integrated Windows Authentication instead of
$wgDBuser/$wgDBpassword.
* HTMLForm 'select', 'selectandother', 'selectorother', 'multiselect', and
'radio' fields can now use message keys as labels via the 'options-messages'
parameter, which overrides the 'options' parameter.
* Admins can expire users passwords manually, or on a schedule using the
$wgPasswordExpirationDays configuration setting.
* Add new hook SendWatchlistEmailNotification, this will be used to determine
whether to send a watchlist email notification.
* (bug 42026) Special:Contributions now includes an option to filter page
creations, similar to the topOnly option.
* Add mediawiki.ui.button styling to all pages so wiki content can use styled
buttons.
* Special:UserLogin/signup now does AJAX checks for invalid and taken usernames,
displaying the error live.
* Added BaseTemplateAfterPortlet hook to allow injecting html after portlets in
skins.
* Support has been added for a JSON based localisation file format. The
installer has been updated to use it.
* Changes to content typography (colors, line-height etc.). See
https://www.mediawiki.org/wiki/Typography_refresh for further information.
* The Vector skin's visual treatment of external links has been simplified to a
single icon (from nine). This should not affect local rules unless they were
re-using these icons, which have now been deleted.
* ResourceLoader: mw.loader.using() now implements a Promise interface.
* Add new hook ChangesListInitRows accessed via
ChangesList::initChangesListRows.
If called by the ChangesList consumer this gives extensions a chance to batch
process the result set prior to rendering.
* A PoolCounterRedis class was added which can be make use of in
$wgPoolCounterConf. This requires at least one Redis 2.6+ server.
* $wgProfileToDatabase was removed. Set $wgProfiler to ProfilerSimpleDB
in StartProfiler.php instead of using this.
* (bug 63444) Made it possible to change the indent string (default: 4 spaces)
used by FormatJson::encode().
=== Bug fixes in 1.23 ===
* (bug 41759) The "updated since last visit" markers (on history pages, recent
changes and watchlist) and the talk page message indicator are now correctly
updated when the user is viewing old revisions of pages, instead of always
acting as if the latest revision was being viewed.
* (bug 56443) Special:ConfirmEmail no longer shows a "Mail a confirmation code"
when the email address is already confirmed. Also, consistently use
"confirmed", rather than "authenticated", when messaging whether or not the
user has confirmed an email address.
* (bug 19415) action=render no longer shows section edit links. This affects
behavior of several other features where (bogus) section edit links will
disappear, such as file description pages loaded via $wgUseInstantCommons or
pages transcluded cross-wiki via $wgEnableScaryTranscluding.
* (bug 56912) Show correct link color on cached result of Special:DeadendPages.
* Classes TitleListDependency and TitleDependency have been removed, as they
have been found unused in core and extensions for a long time.
* (bug 57098) SpecialPasswordReset now obeys returnto parameter
* (bug 37812) ResourceLoader will notice when a module's definition changes and
recompile it accordingly.
* (bug 57201) SpecialRecentChangesFilters hook is now executed for feeds.
* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages
to appear blank or with missing text.
* (bug 56931) Updated the plural rules to CLDR 24. They are in new format
which is detailed in UTS 35 Rev 33. The PHP parser and evaluator as well as
the JavaScript evaluator were updated to support the new format. Plural rules
for some languages have changed, most notably Russian. Affected software
messages have been updated and marked for review at translatewiki.net.
* (bug 23542) imagelinks now stores both the redirect and target (as
templatelinks does).
* (bug 58167) The web installer no longer throws an exception when PHP is
compiled without support for MySQL yet with support for another DBMS.
* (bug 56199) Raw option of parser functions must now match complete word,
to take effect.
* (bug 60543) Special:PrefixIndex forgot stripprefix=1 for "Next page" link
* (bug 29762) Undoing an already-undone edit will now display an appropriate
message instead of leading the user to make a null edit.
* (bug 52659) mediawiki.notification: Notification area remained visible when
empty and thus was stealing pointer events from links on the page.
* (bug 26811) When a DBUnexpectedError occurs, DB server hostnames are now
hidden unless $wgShowExceptionDetails is true, and $wgShowDBErrorBacktrace
no longer applies in such cases.
* (bug 60960) Avoid doing file_exist() checks on data: URIs, as they cause
warnings to be printed on Windows due to large path length.
* (bug 48084) Fixed a bug in the installer that could cause $wgLogo to hold
the wrong path to the placeholder logo (skins/common/images/wiki.png).
* (bug 64289) jquery.textSelection: Don't throw errors on empty collections.
=== Web API changes in 1.23 ===
* (bug 54884) action=parse&prop=categories now indicates hidden and missing
categories.
* action=query&meta=filerepoinfo now returns additional information for each
repo.
* action=parse&prop=languageshtml was deprecated in 1.18 and will be removed in
MediaWiki 1.24.
* action=parse now has disabletoc flag to disable table of contents in output.
* (bug 25702) list=allcategories, list=allimages, list=alllinks, list=allpages,
list=deletedrevs and list=filearchive did not handle case-sensitivity
properly for all parameters.
* ApiQueryBase::titlePartToKey allows an extra parameter that indicates the
namespace in order to properly capitalize the title part.
* (bug 57874) action=feedcontributions no longer has one item more than limit.
* All API modules now support an assert parameter. See the new features section
for more details.
* Added prop=contributors to fetch the list of contributors to the page.
* The following API modules will now return entries where fields have been
revision-deleted: list=deletedrevs, list=filearchive, list=recentchanges,
list=watchlist. "hidden" indicators will be included, in the same style as is
already done for prop=revisions.
* The following API modules will now return the content of revision-deleted
fields, in addition to the "hidden" indicators, if the querying user has the
necessary rights: list=logevents, list=usercontribs, prop=imageinfo,
prop=revisions.
* The above modules, where applicable, will now return entries filtered by
revision-deleted fields if the querying user has the necessary rights. For
example, prop=revisions with rvuser or rvexcludeuser will no longer skip
revisions where the user was revision-deleted if the current user has the
deletedhistory right.
* The 'hideuser' right, used when blocking, is no longer necessary or
sufficient for seeing contributions with revision-deleted in
list=usercontribs.
* list=watchlist now uses the querying user's rights rather than the wlowner's
rights when checking whether wlprop=patrol is allowed.
* (bug 32151) ApiWatch now has pageset capabilities (titles/pageids/generators).
Title parameter is now deprecated.
* (bug 23005) Added action=revisiondelete.
* Added siprop=restrictions to API action=query&meta=siteinfo for querying
possible page restriction (protection) levels and types.
* Added prop 'limitreportdata' and 'limitreporthtml' to action=parse.
* (bug 58627) Provide language names on action=parse&prop=langlinks.
* Deprecated llurl= in favour of llprop=url for action=query&prop=langlinks.
* Added llprop=langname and llprop=autonym for action=query&prop=langlinks.
* prop=redirects is added, to return redirects to the pages in the query.
* list=allredirects is added, to list all redirects pointing to a namespace.
* (bug 42026) Added ucshow={new,!new,top,!top} to list=usercontribs.
Also added newonly to action=feedcontributions.
* (bug 42026) Deprecated uctoponly in favor of ucshow=top.
* list=search no longer has a "srredirects" parameter. Redirects are now
included in all searches.
* Added list=prefixsearch that works like action=opensearch but can be used as
a generator.
* (bug 24782) Various modules will now use unique continuation parameters.
* (bug 63249) Cache RecentChanges Atom feed in varnish for 15 seconds.
=== Languages updated in 1.23 ===
MediaWiki supports over 350 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Bugzilla reports.
* Support was added for Algerian Spoken Arabic (arq).
* Support was added for Riograndenser Hunsrückisch (hrx).
* Support was added for Northern Luri (lrc).
=== Other changes in 1.23 ===
* The rc_type field in the recentchanges table has been superseded by a new
rc_source field. The rc_source field is a string representation of the
change type where rc_type was a numeric constant. This field is not yet
queried but will be in a future release.
** Utilize update.php to create and populate this new field. On larger wikis
which do not wish to update recentchanges table in one large update please
review the SQL and comments in maintenance/archives/patch-rc_source.sql.
** The rc_type field of recentchanges will be deprecated in a future release.
* The global variable $wgArticle has been removed after a lengthy deprecation.
* The global functions addButton and insertTags (for mw.toolbar.addButton and
mw.toolbar.insertTags) now emits mw.log.warn when accessed.
* The ExpandTemplates extension has been moved into MediaWiki core.
* (bug 52812) Removed "Disable search suggestions" from Preference.
* (bug 52809) Removed "Disable browser page caching" from Preference.
* Three new modules intended for use by custom skins were added:
'mediawiki.skinning.elements', 'mediawiki.skinning.content', and
'mediawiki.skinning.interface', representing three levels of standard
MediaWiki styling. Previously skin creators wishing to use them had to refer
to the file names of appropriate files directly, which is now discouraged.
* The modules 'skins.vector' and 'skins.monobook' have been renamed to
'skins.vector.styles' and 'skins.monobook.styles', respectively,
and their definition was changed not to include the common*.css files;
the two skins now load the 'mediawiki.skinning.interface' module instead.
* A page_links_updated field has been added to the page table.
* SpecialPage::getTitle has been deprecated in favor of
SpecialPage::getPageTitle.
* BREAKING CHANGE: Two potentially backwards-incompatible changes have been made
to the 'SpecialWatchlistQuery' hook's last parameter (array $values) to make
the hook more consistent with the 'SpecialRecentChangesQuery' one:
** Several array keys have been renamed: hideMinor → hideminor,
hideBots → hidebots, hideAnons → hideanons, hideLiu → hideliu,
hidePatrolled → hidepatrolled, hideOwn → hidemyself.
** The parameter value is now a FormOptions object, not a plain array (array
access operators should continue to work, as it implements the ArrayAccess
interface).
* Option to mark hooks as deprecated has been added.
* (bug 52811) Preference "Enable section editing via [edit] links" was removed.
* (bug 52813) Preference "Show table of contents (for pages with more than
3 headings)" was removed.
* (bug 52810) Preference "Justify paragraphs" was removed.
* OutputPage::showErrorPage raises a notice if arguments are incoherent.
* Thumbnails that keep failing to render in thumb.php will be rate-limited
against further render attempts for 1 hour. $wgAttemptFailureEpoch can be
altered to reset all rate-limited thumbnails at once.
* (bug 56572) Builds of the OOjs and OOjs UI libraries are now available.
* mw.loader.go and mw.loader.version have been removed.
* (bug 52815) Preference "Enable simplified search bar (Vector skin only)"
was removed.
* A user_password_expires column has been added to the user table. The User
object expects this column to exist. Use update.php to create this new field.
* The jquery.delayedBind ResourceLoader module was deprecated in favor of the
jquery.throttle-debounce module. It will be removed in MediaWiki 1.24.
* mw.user.bucket has been deprecated.
* On Special:PrefixIndex, a table#mw-prefixindex-list-table was changed to
table.mw-prefixindex-list-table to avoid duplicate ids when the special page
is transcluded.
* (bug 62198) window.$j has been deprecated.
* Preference "Disable link title conversion" was removed.
* SpecialRecentChanges no longer includes any functionality for generating feeds
- it has been factored out to ApiFeedRecentChanges. Old URLs redirect to new
ones.
* RecentChange::mExtra['lang'] is no longer set and should no longer be used.
Extensions should read from other configuration variables, including
$wgLocalInterwikis, to identify the current wiki.
* Sections in the parser test framework have been renamed and the old
section names are deprecated. Please use "!!wikitext" and "!!html"
(or "!!html/php") instead of "!!input" and "!!result". This allows
us to extend parser tests to accommodate additional input/output
pairs, such as "!!html/parsoid" (for the output of the Parsoid
parser, where it differs from the PHP parser).
* Special:Search no longer has an "include redirects" option on the advanced
tab. Redirects are now included in all searches.
* mediawiki.api.category's getCategories() 'async' parameter was deprecated.
* The locations of resources have been split between upstream libraries, now in
resources/lib/, local libaries in resources/src/, and local forks of upstream
libraries, also in resources/src/.
* BREAKING CHANGE: The automatically-generated function closure with which
ResourceLoader wraps all modules' JavaScript code now binds the identifier
names 'jQuery' and '$' to the jQuery object of the version of jQuery that is
bundled with MediaWiki. If you bind these names to other objects in global
scope (like Zepto.js or document.querySelectorAll, for example) you will need
to use different names to or re-bind them at the top of each
ResourceLoader-loaded module.
* (bug 52342) Preference "Remember my login" was removed.
* The skin autodiscovery mechanism has been deprecated and will be removed in
MediaWiki 1.25. See https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery
for migration guide for creators and users of custom skins that relied on it.
==== Removed classes ====
* FakeMemCachedClient (deprecated in 1.18)
* RdfMetaData (unused)
* TitleDependency (unused)
* TitleListDependency (unused)
* WikiError (deprecated in 1.17)
* WikiXmlError (deprecated in 1.17)
* WikiErrorMsg (deprecated in 1.17)
==== Renamed classes ====
* CdbReader_DBA to CdbReaderDBA
* CdbReader_PHP to CdbReaderPHP
* CdbWriter_DBA to CdbWriterDBA
* CdbWriter_PHP to CdbWriterPHP
* DiffOp_Add to DiffOpAdd
* DiffOp_Change to DiffOpChange
* DiffOp_Copy to DiffOpCopy
* DiffOp_Delete to DiffOpDelete
* HWLDF_WordAccumulator to HWLDFWordAccumulator
* LBFactory_Fake to LBFactoryFake
* LBFactory_Multi to LBFactoryMulti
* LBFactory_Simple to LBFactorySimple
* LBFactory_Single to LBFactorySingle
* LCStore_Accel to LCStoreAccel
* LCStore_CDB to LCStoreCDB
* LCStore_DB to LCStoreDB
* LCStore_Null to LCStoreNull
* LoadBalancer_Single to LoadBalancerSingle
* LoadMonitor_MySQL to LoadMonitorMySQL
* LoadMonitor_Null to LoadMonitorNull
* LocalisationCache_BulkLoad to LocalisationCacheBulkLoad
* csvStatsOutput to CsvStatsOutput
* extensionLanguages to ExtensionLanguages
* languages to Languages
* statsOutput to StatsOutput
* textStatsOutput to TextStatsOutput
* wikiStatsOutput to WikiStatsOutput
==== Removed methods ====
* ApiBase::getValidNamespaces() (deprecated in 1.17)
* ApiMain::setCachePrivate() (deprecated in 1.17)
* ApiMain::setVaryCookie (deprecated in 1.17)
* Article::doRedirect() (deprecated in 1.18)
* Article::doUnwatch() (deprecated in 1.18)
* Article::doWatch() (deprecated in 1.18)
* Article::forUpdate() (deprecated in 1.18)
* Article::markpatrolled() (deprecated in 1.18)
* Article::unwatch() (deprecated in 1.18)
* Article::watch() (deprecated in 1.18)
* Block::clear() (deprecated in 1.18)
* Block::decodeExpiry() (deprecated in 1.18)
* Block::encodeExpiry() (deprecated in 1.18)
* Block::forUpdate() (deprecated in 1.18)
* Block::infinity() (deprecated in 1.18)
* Block::load() (deprecated in 1.18)
* Block::newFromDB() (deprecated in 1.18)
* Block::normaliseRange() (deprecated in 1.18)
* Block::parseExpiryInput() (deprecated in 1.18)
* CategoryViewer::addSubcategory() (deprecated in 1.17)
* EditPage::spamPage() (deprecated since 1.17)
* Exif::getFormattedData() (deprecated in 1.18)
* Exif::makeFormattedData() (deprecated in 1.18)
* in_string (deprecated in 1.21)
* Language::convertLinkToAllVariants() (deprecated in 1.17)
* LanguageConverter::convertLinkToAllVariants() (deprecated in 1.17)
* Linker::makeBrokenLink() (deprecated in 1.16)
* Linker::makeBrokenLinkObj() (deprecated in 1.16)
* Linker::makeColouredLinkObj() (deprecated in 1.16)
* Linker::makeSizeLinkObj() (deprecated in 1.17)
* MediaWiki::articleFromTitle() (deprecated in 1.18)
* ParserOptions::getkin() (deprecated 1.18)
* ProfilerSimple::getCpuTime (deprecated in 1.20)
* Revision::revText() (deprecated in 1.17)
* SkinTemplate::jstext() (deprecated in 1.21)
* SpecialPage::__call() (deprecated in 1.17)
* SpecialPage::executePath() (deprecated in 1.18)
* SpecialPage::exists() (deprecated in 1.18)
* SpecialPage::file() (deprecated in 1.18)
* SpecialPage::func() (deprecated in 1.18)
* SpecialPage::getGroup() (deprecated in 1.18)
* SpecialPage::getPage() (deprecated in 1.18)
* SpecialPage::getPageByAlias() (deprecated in 1.18)
* SpecialPage::getLocalNameFor() (deprecated in 1.18)
* SpecialPage::getRegularPages() (deprecated in 1.18)
* SpecialPage::getRestrictedPages() (deprecated in 1.18)
* SpecialPage::getTitleForAlias() (deprecated in 1.18)
* SpecialPage::getUsablePages() (deprecated in 1.18)
* SpecialPage::includable() (deprecated in 1.18)
* SpecialPage::init()
* SpecialPage::initAliasList() (deprecated in 1.18)
* SpecialPage::initList() (deprecated in 1.18)
* SpecialPage::name() (deprecated in 1.18)
* SpecialPage::removePage() (deprecated in 1.18)
* SpecialPage::resolveAlias() (deprecated in 1.18)
* SpecialPage::resolveAliasWithSubpage() (deprecated in 1.18)
* SpecialPage::restriction() (deprecated in 1.18)
* SpecialPage::setGroup() (deprecated in 1.18)
* SpecialRecentChanges::feedSetup()
* SpecialRevisionDelete::extractBitField() (deprecated in 1.22)
* User::getPageRenderingHash() (deprecated in 1.17)
* WebRequest::getFileSize() (deprecated in 1.17)
* WebRequest::isPathInfoBad() (deprecated in 1.17)
* wfGenerateToken (deprecated in 1.20)
* wfStreamFile (deprecated in 1.19)
* wfUILang (deprecated in 1.18)
* WikiPage::createUpdates() (deprecated in 1.18)
* WikiPage::quickEdit() (deprecated in 1.18)
* WikiPage::useParserCache() (deprecated in 1.18)
* WikiPage::viewUpdates() (deprecated in 1.18)
==== Removed globals ====
* $wgBetterDirectionality (deprecated in 1.18)
= MediaWiki 1.22 =
== MediaWiki 1.22.15 ==
This is a security and maintenance release of the MediaWiki 1.22 branch.
=== Changes since 1.22.14 ===
* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which
could lead to xss. Permission to edit MediaWiki namespace is required to
exploit this.
* (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in
$wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as
part of its name.
* (bug T74222) The original patch for T74222 was reverted as unnecessary.
== MediaWiki 1.22.14 ==
This is a security and maintenance release of the MediaWiki 1.22 branch.
=== Changes since 1.22.13 ===
* (bugs 66776, 71478) SECURITY: User PleaseStand reported a way to inject code
into API clients that used format=php to process pages that underwent flash
policy mangling. This was fixed along with improving how the mangling was done
for format=json, and allowing sites to disable the mangling using
$wgMangleFlashPolicy.
* (bug 70901) SECURITY: User Jackmcbarn reported that the ability to update
the content model for a page could allow an unprivileged attacker to edit
another user's common.js under certain circumstances. The user right
"editcontentmodel" was added, and is needed to change a revision's content
model.
* (bug 72222) SECURITY: Do not show log action when the entry is revdeleted with
DELETED_ACTION. NOTICE: this may be reverted in a future release pending a
public RFC about the desired functionality. This issue was reported by user
Bawolff.
* (bug 71621) Make allowing site-wide styles on restricted special pages a
config option.
* $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that
might be a flash policy directive configurable.
== MediaWiki 1.22.13 ==
This is a maintenance release of the MediaWiki 1.22 branch.
=== Changes since 1.22.12 ===
* (bug 67440) Allow classes to be registered properly from installer
== MediaWiki 1.22.12 ==
This is a security release of the MediaWiki 1.22 branch.
=== Changes since 1.22.11 ===
* (bug 70672) SECURITY: OutputPage: Remove separation of css and js module
allowance.
== MediaWiki 1.22.11 ==
This is a security release of the MediaWiki 1.22 branch.
=== Changes since 1.22.10 ===
* (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style>
elements; normalize style elements and attributes before filtering; add checks
for attributes that contain css; add unit tests for html5sec and reported
bugs.
== MediaWiki 1.22.10 ==
This is a maintenance release of the MediaWiki 1.22 branch.
=== Changes since 1.22.9 ===
* (bug 64970) Fix support for blobs on DatabaseOracle::update
* (bug 60719) In MediaWiki 1.22, the job queue execution on each page request
was changed (Gerrit change 59797) so, instead of executing the job inside the
same PHP process that's rendering the page, a new PHP cli command is spawned
to execute runJobs.php in the background. It will only work if $wgPhpCli is
set to an actual path or safe mode is off, otherwise, the old method will be
used. See
https://www.mediawiki.org/wiki/Manual:Job_queue#Changes_in_MediaWiki_1.22
for more information. This change was in earlier releases of 1.22 but was not
noted here until now.
== MediaWiki 1.22.9 ==
This is a security and maintenance release of the MediaWiki 1.22 branch.
=== Changes since 1.22.8 ===
* (bug 68187) SECURITY: Prepend jsonp callback with comment.
* (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used
for loading a new page in Javascript,instead of relying on the URL in the
link that has been clicked.
* (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and
ParserOutput.
* (bug 59147) The img_metadata field was not being decoded from bytea into text.
== MediaWiki 1.22.8 ==
This is a security and maintenance release of the MediaWiki 1.22 branch.
=== Changes since 1.22.7 ===
* (bug 65839) SECURITY: Prevent external resources in SVG files.
* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like
only extracting the tail of the file partially or not at all.
== MediaWiki 1.22.7 ==
This is a security and maintenance release of the MediaWiki 1.22 branch.
=== Changes since 1.22.6 ===
* (bug 65501) SECURITY: Don't parse usernames as wikitext on
Special:PasswordReset.
* (bug 36356) Add space between two feed links.
* (bug 63269) Email notifications were not correctly handling the
MediaWiki:Helppage message being set to a full URL. This is a regression from
the 1.22.5 point release, which made the default value for it a URL. If you
customized MediaWiki:Enotif body (the text of email notifications), you'll
need to edit it locally to include the URL via the new variable $HELPPAGE
instead of the parser functions fullurl and canonicalurl; otherwise you don't
have to do anything.
* Add missing uploadstash.us_props for PostgreSQL.
* (bug 56047) Fixed stream wrapper in PhpHttpRequest.
== MediaWiki 1.22.6 ==
This is a security release of the MediaWiki 1.22 branch.
=== Changes since 1.22.5 ===
* (bug 63251) SECURITY: Escape sortKey in pageInfo.
== MediaWiki 1.22.5 ==
This is a security and maintenance release of the MediaWiki 1.22 branch.
=== Changes since 1.22.4 ===
* (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword.
* (bug 62467) Set a title for the context during import on the cli.
* Fix custom local MediaWiki:Helppage values.
* mediawiki.js: Fix documentation breakage.
* (bug 58153) Make MySQLi work with non standard port.
* (bug 53887) Reintroduced a link to help pages in the default sidebar, that any
sysop can customize by editing MediaWiki:Sidebar locally. The link now points
to a mediawiki.org page which is guaranteed to exist. Nothing needs to be done
on your end, but remember to adjust MediaWiki:Sidebar for the needs of your
wikis. Everyone can help with the shared documentation by translating:
https://www.mediawiki.org/wiki/Special:Translate/agg-Help_pages .
* (bug 53888) Corrected a regression in 1.22 which introduced red links on the
login page. If you previously installed 1.22.x and have created a local page
to make the red link blue, write its title as in MediaWiki:helplogin-url if
you didn't already. Otherwise, you don't need to do anything, but you can
translate the help page at <https://www.mediawiki.org/wiki/Help:Logging_in>.
== MediaWiki 1.22.4 ==
This is a maintenance release of the MediaWiki 1.22 branch.
=== Changes since 1.22.3 ===
* Use the correct branch of the extensions' git repositories.
== MediaWiki 1.22.3 ==
This is a security and bugfix release of the MediaWiki 1.22 branch.
=== Changes since 1.22.2 ===
* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted
namespaces. Also disallow iframe elements. * User will get an error including
the namespace name if they use a non- whitelisted namespace.
* (bug 61346) SECURITY: Make token comparison use constant time. It seems like
our token comparison would be vulnerable to timing attacks. This will take
constant time.
* (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.
* (bug 53710) Add sequence support for upsert in DatabaseOracle in the same way
as in selectInsert
* (bug 60231, bug 58719) Various fixes to job running code in Wiki.php: Make it
async on Windows. Fixed possible "invalid filename" errors on Windows.
Redirect output to dev/null to avoid hanging PHP.
* (bug 60083) Correct sequence name for fresh Postgres installation. Spotted by
gebhkla
* (bug 60531) Avoid variable naming conflicts in
DatabasePostgres::selectSQLText. Spotted by gebhkla
* (bug 60094) Fix rebuildall.php fatal error with PostgreSQL.
* (bug 43817) Add error handling if descriptionmsg isn't defined for extension.
* (bug 60543) Special:PrefixIndex omits stripprefix=1 for "Next page" link.
== MediaWiki 1.22.2 ==
This is a security and bugfix release of the MediaWiki 1.22 branch.
=== Changes since 1.22.1 ===
* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media
formats
* (bug 58253) Check for very old PCRE versions in installer and updater
* (bug 60054) Make WikiPage::$mPreparedEdit public
== MediaWiki 1.22.1 ==
This is a security and maintenance release of the MediaWiki 1.22 branch.
=== Changes since 1.22.0 ===
* (bug 57550) SECURITY: Disallow stylesheets in SVG Uploads
* (bug 58088) SECURITY: Don't normalize U+FF3C to \ in CSS Checks
* (bug 58472) SECURITY: Disallow -o-link in styles
* (bug 58553) SECURITY: Return error on invalid XML for SVG Uploads
* (bug 58699) SECURITY: Fix RevDel log entry information leaks
* (bug 58178) Restore compatibility with curl < 7.16.2.
* (bug 56931) Updated the plural rules to CLDR 24. They are in new format which
is detailed in UTS 35 Rev 33. The PHP parser and evaluator as well as the
JavaScript evaluator were updated to support the new format. Plural rules for
some languages have changed, most notably Russian. Affected software messages
have been updated and marked for review at translatewiki.net. This change is
backported from the development branch of MediaWiki 1.23.
* (bug 58434) The broken installer for database backend Oracle was fixed.
* (bug 58167) The web installer no longer throws an exception when PHP is
compiled without support for MySQL yet with support for another DBMS.
* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to
appear blank or with missing text.
* (bug 47055) Changed FOR UPDATE handling in Postgresql
* (bug 57026) Avoid extra parsing in prepareContentForEdit()
== MediaWiki 1.22.0 ==
=== Configuration changes in 1.22 ===
* $wgRedirectScript was removed. It was unused.
* Removed $wgLocalMessageCacheSerialized, it is now always true.
* $wgVectorUseIconWatch is now enabled by default.
* $wgCascadingRestrictionLevels was added.
* ftps, ssh, sftp, xmpp, sip, sips, tel, sms, bitcoin, magnet, urn, and geo
have been whitelisted inside of $wgUrlProtocols.
* $wgDocType and $wgDTD have been removed and are no longer used for the
DOCTYPE.
* $wgHtml5 is no longer used by core. Setting it to false will no longer disable
HTML5. It is still set to true for extension compatibility but doing so in
extensions is deprecated.
* $wgXhtmlDefaultNamespace is no longer used by core. Setting it will no longer
change the xmlns used by MediaWiki. Reliance on this variable by extensions
is deprecated.
* $wgHandheldStyle was removed.
* $wgHandheldForIPhone was removed.
* $wgJsMimeType is no longer used by core. Most usage has been removed since
HTML output is now exclusively HTML5.
* $wgDBOracleDRCP added. True enables persistent connection with DRCP on Oracle.
* $wgLogAutopatrol added to allow disabling logging of autopatrol edits in the
logging table.
Default for $wgLogAutopatrol is true.
* The 'edit' right no longer allows for editing a user's own CSS and JS.
* New rights 'editmyusercss', 'editmyuserjs', 'viewmywatchlist',
'editmywatchlist', 'viewmyprivateinfo', 'editmyprivateinfo', and
'editmyoptions' restrict actions that were formerly allowed by default. They
have been added to the default for $wgGroupPermissions['*'].
* The 'editprotected' right no longer allows bypassing of all page protection
restrictions. Any group using it for this purpose will now need to have all
the individual rights listed in $wgRestrictionTypes for the same effect.
* The 'protect' and 'autoconfirmed' rights are no longer used for the default
page protection levels. The rights 'editprotected' and 'editsemiprotected'
are now used for this purpose instead.
* (bug 40866) wgOldChangeTagsIndex removed.
* $wgNoFollowDomainExceptions now only matches entire domains. For example,
an entry for 'bar.com' will still match 'foo.bar.com' but not 'foobar.com'.
* $wgCopyUploadTimeout and $wgCopyUploadAsyncTimeout added to change the timeout
times for fetching the file during upload by url.
* New key added to $wgGalleryOptions - $wgGalleryOptions['mode'] to set
default gallery mode.
* New hook 'GalleryGetModes' to allow extensions to make new gallery modes.
* The checkbox for staying in HTTPS displayed on the login form when
$wgSecureLogin is enabled has been removed. Instead, whether the user stays in
HTTPS will be determined
based on the user's preferences, and whether they came from HTTPS or not.
* $wgRC2UDPAddress, $wgRC2UDPInterwikiPrefix, $wgRC2UDPOmitBots, $wgRC2UDPPort,
and $wgRC2UDPPrefix configuration options have been deprecated in favor of a
$wgRCFeeds configuration array. $wgRCFeeds makes both the format and
destination of recent change notifications customizable, and allows for
multiple destinations to be specified.
* (bug 53862) portal-url, currentevents-url and helppage have been removed from
the default Sidebar.
* The 'vector-simplesearch' preference is now enabled by default. Previously
it was only enabled if the Vector extension was installed.
* The precise format of metric datagrams produced by the UDP profiler and stats
counter may now be specified as $wgUDPProfilerFormatString and
$wgStatsFormatString, respectively.
* (bug 54597) $wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath, and
$wgProxyMemcExpiry have been removed, along with the open proxy scanner
script they were added for.
* Default value of $wgMaxShellMemory has been tripled (it's now 300 MB).
=== New features in 1.22 ===
* You can now install extensions using Composer.
See https://www.mediawiki.org/wiki/Composer
* (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and
attributes.
* (bug 33454) Language::sprintfDate now has a timezone parameter, and supports
the "eIOPTZ" formatting characters.
* EditWarning: A warning is shown when an editor leaves the edit form without
saving (enabled by default, users can opt-out via the 'useeditwarning'
preference). This feature was moved from the Vector extension, and is now part
of core for all skins. Take care when upgrading that you don't use an older
version of the Vector extension as this feature may conflict.
* New 'mediawiki.ui' CSS module providing mw-ui-* styles for buttons and a
compact vertical form layout.
* HTMLForm supports a new display format 'vform' which applies this compact
vertical
layout and button styling. Special:PasswordReset uses this format.
* New versions of login (Special:UserLogin) and create account
(Special:UserLogin/signup) forms using the "vform" compact vertical form
layout. These forms use new messages that assume a "Help logging in" link, see
https://www.mediawiki.org/wiki/Manual:Page_customizations;
https://www.mediawiki.org/wiki/Account_creation_user_experience/Strings lists
the message key changes.
* (bug 23343) Implemented ability to apply IP blocks to the contents of
X-Forwarded-For headers by adding a new configuration variable
$wgApplyIpBlocksToXff (disabled by default).
* The new hook 'APIGetPossibleErrors' to modify the list of possible errors was
added.
* (bug 25592) LogEventsList::showLogExtract() will now ignore various
Pager-related WebRequest parameters by default, as this is overwhelmingly
likely to be what was intended by users of the method. If any caller wishes
to use these parameters, the new param 'useRequestParams' may be set to true.
* mw.util.addPortletLink: Tooltip is no longer required to be plain (without
an accesskey in it already). As such it now rountrips. Creating a link with a
message as tooltip, grabbing the title attribute and using it to create
another portlet will work as expected.
* (bug 6747) {{ROOTPAGENAME}} introduced, contains the name of the topmost
page without namespace.
* BREAKING CHANGE: (bug 41729) Display editsection links next to headings. Also
change their class name from .editsection to .mw-editsection and place them at
the end of the heading element instead of the beginning. Client-side code and
screen-scrapers will have to be adjusted to handle both cases (old HTML will
still be visible on cached page renders until they are purged); extensions
using the DoEditSectionLink or EditSectionLink hooks might need adjustments as
well.
* (bug 45535) introduced the new 'LanguageLinks' hook for manipulating the
language links associated with a page before display.
* Chosen (http://harvesthq.github.io/chosen/) was added as module
'jquery.chosen'
* HTMLForm will turn multiselect checkboxes into a Chosen interface when setting
cssclass 'mw-chosen'
* rebuildLocalisationCache learned --lang option. Let you rebuild l10n caches
of the specified languages instead of all of them.
* New GetNewMessagesAlert hook allowing extensions to disable or modify the new
messages alert
* New wgUserNewMsgRevisionId JS global for logged in users. This will be null
if the user has no new talk page messages. Otherwise it will be set to the
revision ID of the oldest new talk page message. This will allow gadgets and
extensions to create their own new message alerts on the client side.
* mediawiki.log: Added log.warn wrapper (uses console.warn and console.trace).
* mediawiki.log: Implemented log.deprecate. This method defines a property and
uses ES5 getter/setter to emit a warning when they are used.
* $wgCascadingRestrictionLevels was added, allowing one to specify restriction
levels which can be cascading (previously 'sysop' was hard-coded as the only
one).
* XHTML5 support has been improved. If you set
$wgMimeType = 'application/xhtml+xml' MediaWiki will try outputting markup
according to XHTML5 rules.
* Altered hook 'ProtectionForm::save', adding the reason page protection is
changed as third parameter.
* New hook 'TitleSquidURLs' for manipulating the list of URLs to be purged from
HTTP caches when a page is changed.
* Changed the patrolling system to always show the link for patrolling in case
the current revision is patrollable. This also removed the usage of the rcid
URI parameters.
* Oracle DB backend now supports Database Resident Connection Pooling (DRCP).
Can be enabled by setting $wgDBOracleDRCP=true.
Requires Oracle DB 11gR1 or above, enabled DRCP inside the DB itself and a
propper connect string.
More about DRCP can be found at:
https://oracle-base.com/articles/11g/database-resident-connection-pool-11gr1
* Add a new parameter $patrolFooterShown to hook ArticleViewFooter so the hook
handlers can take further action based on the status of the patrol footer
* A new hook TitleQuickPermissions was added to allow overriding of quick
permissions in the Title class.
* LinkCache singleton can now be altered or cleared, letting one to specify
another instance that does not rely on a database backend.
* MediaWiki's PHPUnit tests can now use PHPUnit installed using composer --dev.
* (bug 43689) The lists of templates used on the page and hidden categories it
is a member of, shown below the edit form, are now collapsible (and collapsed
by default).
* Parser profiling data, formerly only available in the "NewPP limit report"
HTML comment, is now also displayed at the bottom of page previews.
* Added ParserLimitReportPrepare and ParserLimitReportFormat hooks, deprecated
ParserLimitReport hook.
* New user rights have been added to increase granularity in rights management
for extensions such as OAuth:
** editmyusercss controls whether a user may edit their own CSS subpages.
** editmyuserjs controls whether a user may edit their own JS subpages.
** viewmywatchlist controls whether a user may view their watchlist.
** editmywatchlist controls whether a user may edit their watchlist.
** viewmyprivateinfo controls whether a user may access their private
information (e.g. registered email address, real name).
** editmyprivateinfo controls whether a user may change their private
information.
** editmyoptions controls whether a user may change their preferences.
* Add new hook AbortTalkPageEmailNotification, this will be used to determine
whether to send the regular talk page email notification
* Action classes registered in $wgActions are now also supported in the form of
a callback (which returns an instance of Action) instead of providing the name
of a subclass of Action.
* (bug 46513) Vector: Add the collapsibleTabs script from the Vector extension.
* Added $wgRecentChangesFlags for defining new flags for RecentChanges and
watchlists.
* (bug 40518) mw.toolbar: Implemented mw.toolbar.addButtons for adding multiple
button objects in one call.
* Rights used for the default protection levels ('sysop' and 'autoconfirmed')
are now used just for that purpose, instead of overloading other rights. This
allows easy granting of the ability to edit sysop-protected pages without
also granting the ability to protect and unprotect.
* (bug 48256) Make brackets in section edit links accessible to CSS.
They are now wrapped in <span class="mw-editsection-bracket" />.
* (bug 8480) Allow handler specific parameters in galleries (like page number)
* jquery.client: Add detection for Opera 15 and Internet Explorer 11.
* Change tags (used by the AbuseFilter extension) are now shown on diff pages.
* Change tag lists (shown on recent changes, watchlist, user contributions,
history pages, diff pages) now include a link to Special:Tags to distinguish
them from edit summaries.
* Added a new method and hook, User::isEveryoneAllowed() and
UserIsEveryoneAllowed, for use in situations where a "does everyone have this
right?" check is used to avoid more expensive checks.
* (bug 14431) Display "(No difference)" instead of an empty diff (when comparing
revisions in the history or when previewing changes while editing).
* New hook 'IsUploadAllowedFromUrl' is added which can be used to intercept
uploads by URL, useful for blacklisting specific URLs
* (bug 21912) Watchlist token implementation has been refactored and
Special:ResetTokens was added to allow users to reset their tokens
instead of presenting them in Preferences.
* Special:PrefixIndex now lets you strip the searched prefix from the displayed
titles. Given a list of articles named Bug1, Bug2, you can now transclude the
list of bug numbers using: {{Special:PrefixIndex/Bug|stripprefix=1}}.
The special page form received a new checkbox matching that option.
* (bug 23580) Implement javascript callback interface "mw.hook".
* (bug 30713) New mw.hook "wikipage.content".
* (bug 40430) jquery.placeholder gets a new parameter to set the attribute value
to be used.
* $wgHTCPMulticastRouting renamed $wgHTCPRouting since it accepts unicast.
* $wgHTCPRouting rules can now be passed an array of hosts/ports to send purge
too. Can be used whenever several multicast group could be interested by a
specific purge.
* (bug 25931) Add Special:RandomInCategory.
* mediawiki.util: addPortletLink now supports passing a jQuery object as
nextnode.
* <wbr> can now be used inside WikiText.
* WebResponse::setcookie is much more featureful. Callers using PHP's
setcookie() or setrawcookie() should begin using this instead.
* New hook WebResponseSetCookie, called from WebResponse::setcookie().
* New hook ResetSessionID, called when the session id is reset.
* Add a mode parameter to <gallery> tag with potential options of "traditional",
"nolines", "packed", "packed-overlay", or "packed-hover".
* (bug 47399) A success message is now displayed after changing the password.
* Make thumb.php give HTTP redirects for file redirects
* (bug 30607) Special:ListFiles can now show old versions of files. Additionally
Special:AllMyUploads was introduced so the user can get a list of all things
they have ever uploaded, even if it was subsequently overridden.
* Introduced Special:MyFiles and Special:AllMyFiles as an alias for
Special:MyUploads and Special:AllMyUploads respectively.
* IPv6 addresses in X-Forwarded-For headers are now normalised before checking
against allowed proxy lists.
* Add deferrable update support for callback/closure.
* Add TitleMove hook before page renames.
* Revision deletion backend code is moved out of SpecialRevisiondelete
* Added {{REVISIONSIZE}} variable to get the current size of a revision.
* Add support for the LESS stylesheet language to ResourceLoader. LESS is a
stylesheet language that compiles into CSS. ResourceLoader file modules may
include LESS style files; ResourceLoader will compile these files into CSS
before sending them to the client.
** The $wgResourceLoaderLESSVars configuration variable is an associative array
mapping variable names to string CSS values. These variables are considered
declared for all LESS files. Additional variables may be registered by
adding keys to the array.
** $wgResourceLoaderLESSFunctions is an associative array of custom LESS
function names to PHP callables. See
<http://leafo.net/lessphp/docs/#custom_functions>
for more details regarding custom functions.
** $wgResourceLoaderLESSImportPaths is an array of file system paths. Files
referenced in LESS '@import' statements are looked up here first.
* ResourceLoader supports hashes as module cache invalidation trigger (instead
of or in addition to timestamps).
* Added $wgExtensionEntryPointListFiles for use in mergeMessageFileList.php.
* Added a hook, APIQuerySiteInfoStatisticsInfo, to allow extensions to modify
the output of the API query meta=siteinfo&siprop=statistics
* Primary keys have been added to both the archive table and the externallinks
tables.
* Added $wgEnableParserLimitReporting to control whether the NewPP limit report
is output in a HTML comment.
* The 'UnwatchArticle' and 'WatchArticle' hooks now support a Status object
instead of just a boolean return value to abort the hook.
* Added a hook, SpecialWatchlistGetNonRevisionTypes, to allow extensions
with custom recentchanges entries to hook into the Watchlist without
clobbering each other.
* A hidden, empty input field was added to the edit form, and any edit that
fills it in will be rejected. This prevents against the simplest form of
spambots. Previously in the "SimpleAntiSpam" extension by Ryan Schmidt.
* populateRevisionLength.php maintenance script updated to also populate
archive.ar_len field.
* (bug 43571) DatabaseMySQLBase learned to list views, optionally filtered by a
prefix. Also fixed PHPUnit test suite when using a MySQL backend containing
views.
=== Bug fixes in 1.22 ===
* (bug 47271) $wgContentHandlerUseDB should be set to false during the upgrade
* Disable Special:PasswordReset when $wgEnableEmail is false. Previously one
could still navigate to the page by entering the URL directly.
* (bug 47138) Fixed a fatal error when a blocked user tries to automatically
create an account on login due external authentication in some circumstances.
* (bug 23393) HTML <hN> headings containing line breaks are now handled
correctly.
* (bug 45803) Whitespace within == Headline == syntax and within <hN> headings
is now non-significant and not preserved in the HTML output.
* (bug 47218) Special:BlockList now handles correctly user names with spaces
when passed as subpage.
* Pager's properly validate which fields are allowed to be sorted on.
* mw.util.tooltipAccessKeyRegexp: The regex now matches "option-" as well.
Support for Mac "option" was added in 1.16, but the regex was never updated.
* (bug 46768) Usernames of blocking users now display correctly, even if
numeric.
* (bug 39590) Self-transclusions now show the most up to date result always
after save instead of being a revision behind.
* A bias in wfRandomString() toward digits 1-7 has been corrected. Generated
strings will now start with digits 0 and 8-f as often as they should.
* (bug 45371) Removed Parser_LinkHooks and CoreLinkFunctions classes.
* (bug 41545) Allow <kbd>, <samp>, and <var> to be nested like allowed in html.
* PLURAL magic word no longer causes a PHP notice when no matching form exists.
* (bug 36641) Patrol page links no longer show on non-existent revisions.
* (bug 35810) Pages not linked from Special:RecentChanges or Special:NewPages
are patrollable now.
* (bug 30213) JavaScript for search suggestions is now disabled when the API
is disabled, and AJAX patrolling and watching are now disabled when use of
the write API is not allowed.
* (bug 48294) API: Fix chunk upload async mode.
* (bug 46749) Broken files tracking category removed from pages if an image
with that name is uploaded.
* (bug 14176) System messages that are empty were previously incorrectly treated
as non-existent, causing a fallback to the default. This stopped users from
overriding system messages to make them blank.
* (bug 48319) action=parse no longer returns an error if passed none of 'oldid',
'pageid', 'page', 'title', and 'text' (e.g. if only passed 'summary'). A
warning will instead be issued if 'title' is non-default, unless no props are
requested.
* Special:Recentchangeslinked will now include upload log entries
* (bug 41281) Fixed ugly output if file size could not be extracted for
multi-page media.
* (bug 50315) list=logevents API module will now output log entries by anonymous
users.
* (bug 38911) Handle headers with rowspan in jquery.tablesorter
* (bug 658) Converted the table of contents on wiki pages from <table> to <div>
and adjusted skin CSS accordingly. The CSS was carefully crafted to be
backwards-compatible in all reasonable cases (uses of the __TOC__ magic word,
the #toc CSS id and the .toc CSS class). However, particularly bad abuse of
the id or the class can possibly break.
* CSSJanus now supports rgb, hsl, rgba, and hsla color syntaxes.
* Special:Listfiles can no longer be sorted by image name when filtering
by user in miser mode.
* (bug 49074) CSSJanus: Handle values of border-radius correctly.
* Handle relative inclusions ({{../name}}) in main namespace with subpages
enabled correctly (previously MediaWiki tried to include Template:Parent/name
instead of just Parent/name).
* Added $wgAPIUselessQueryPages to allow extensions to flag their query pages
for non-inclusion in ApiQueryQueryPages.
* (bug 50870) mediawiki.notification: Notification area should remain visible
when scrolled down.
* (bug 13438) Special:MIMESearch no longer an expensive special page.
* (bug 48342) Fixed a fatal error when $wgValidateAllHtml is set to true and
the function apache_request_headers() function is not available.
* (bug 33399) LivePreview: Re-run wikipage content handlers
(jquery.makeCollapsible, jquery.tablesorter) after preview content is loaded.
* (bug 51891) Fixed PHP notice on Special:PagesWithProp when no properties
are defined.
* (bug 52006) Corrected documentation of $wgTranscludeCacheExpiry.
* (bug 52077) The APIEditBeforeSave hook is giving the content of the whole
revision as second argument now, rather than just the current section.
* (bug 49694) $wgSpamRegex is now also applied on the new section headline text
adding a new topic on a page
* (bug 41756) Improve treatment of multiple comments on a blank line.
* (bug 51064) Purge upstream caches when deleting file assets.
* (bug 39012) File types with a mime that we do not know the extension for
can no longer be uploaded as an extension that we do know the mime type
for.
* (bug 51742) Add data-sort-value for better sorting of hitcounts Special:Tags
* (bug 26811) On DB error pages, server hostnames are now hidden when both
$wgShowHostnames and $wgShowSQLErrors are false.
* (bug 6200) line breaks in <blockquote> are handled like they are in <div>
* (bug 14931) Default character set now set to 'utf8' when a new MySQL
database is created.
* (bug 47191) Fixed "Column 'si_title' cannot be part of FULLTEXT index"
MySQL error when installing using the binary character set option.
* (bug 45288) Support mysqli PHP extension
* (bug 55818) BREAKING CHANGE: Removed undocumented 'Debug' hook in wfDebug.
This resolves an infinite loop when using $wgDebugFunctionEntry = true.
* (bug 56707) Correct tooltip of "Next n results" on query special pages.
* (bug 56770) mw.util.addPortletLink: Check length before access array index.
=== API changes in 1.22 ===
* (bug 25553) The JSON output formatter now leaves forward slashes unescaped
to improve human readability of URLs and similar strings. Also, a "utf8"
option is now provided to use UTF-8 encoding instead of hex escape codes
for most non-ASCII characters.
* (bug 46626) xmldoublequote parameter was removed. Because of a bug, the
parameter has had no effect since MediaWiki 1.16, and so its removal is
unlikely to impact existing clients.
* (bug 47216) action=query&meta=siteinfo&siprop=skins will now indicate which
skin is the default and which are unusable (e.g. listed in $wgSkipSkins).
* (bug 25325) Added support for wlshow filtering (bots/anon/minor/patrolled)
to action=feedwatchlist.
* WDDX formatted output will actually be formatted (and normal output will no
longer be), and will no longer choke on booleans.
* action=opensearch no longer silently ignores the format parameter.
* action=opensearch now supports format=jsonfm.
* list=usercontribs&ucprop=ids will now include the parent revision id.
* BREAKING CHANGE: action=parse no longer returns all langlinks for the page
with prop=langlinks by default. The new effectivelanglinks parameter will
request that the LanguageLinks hook be called to determine the effective
language links.
* BREAKING CHANGE: list=allpages, list=langbacklinks, and prop=langlinks do not
apply the new LanguageLinks hook, and thus only consider language links
stored in the database.
* (bug 47219) Allow specifying change type of Wikipedia feed items
* prop=imageinfo now allows setting iiurlheight without setting iiurlwidth
* prop=info now adds the content model and page language of the title.
* New upload log entries will now contain information on the relevant
image (sha1 and timestamp).
* (bug 49239) action=parse now can parse in preview and section preview modes.
* (bug 49259) action=patrol now accepts revision ids.
* (bug 48129) list=blocks&bkip= now correctly handles IPv6 CIDR ranges and
honors $wgBlockCIDRLimit. Note any clients passing invalid values to bkip
will now receive an error, rather than the previous behavior listing all
user blocks.
* (bug 48201) action=parse&text=foo now assumes wikitext if no title is given,
rather than using the content model of the page "API".
* action=watch no longer silently ignores hook abort.
* (bug 50785) action=purge with forcelinkupdate=1 no longer queues refreshLinks
jobs in the job queue for link table updates of pages that use the given page
as a template. Instead, forcerecursivelinkupdate=1 is introduced and should
be used if that behaviour is desirable.
* The 'debugLog' property (enabled by $wgDebugToolbar) no longer sets the log
entry values through ApiResult::content but directly. This changes the JSON
output from an array of objects with content in '*' to an array of strings
with the content.
* (bug 51342) prop=imageinfo iicontinue now contains the dbkey, not the text
version of the title.
* (bug 52538) action=edit will now use empty text instead of the contents
of section 0 when passed prependtext or appendtext with section=new.
* Support for the 'gettoken' parameter to action=block and action=unblock,
deprecated since 1.20, has been removed.
* (bug 49090) Token-getting functions will fail when using jsonp callbacks.
* (bug 52699) action=upload returns normalized file name on warning
"exists-normalized" instead of filename to be uploaded to.
* (bug 53884) action=edit will now return an error when the specified section
does not exist in the page.
* Added meta=filerepoinfo API module for getting information about foreign
file repositories, and related ForeignAPIRepo methods getInfo and getApiUrl.
* The new query module list=allfileusages to enumerate file usages was added.
=== Languages updated in 1.22 ===
MediaWiki supports over 350 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Bugzilla reports.
* Batak Toba (bbc-latn) added.
* (bug 46751) Made Buryat (Russia) (буряад) (bxr) fallback to Russian.
=== Other changes in 1.22 ===
* BREAKING CHANGE: Implementation of MediaWiki's JS and JSON value encoding
has changed:
** MediaWiki no longer supports PHP installations in which the native JSON
extension is missing or disabled.
** XmlJsCode objects can no longer be nested inside objects or arrays.
(For Xml::encodeJsCall(), this individually applies to each argument.)
** The sets of characters escaped by default, along with the precise escape
sequences used, have changed (except for the Xml::escapeJsString()
function, which is now deprecated).
* BREAKING CHANGE: The Services_JSON class has been removed. If necessary,
be sure to upgrade affected extensions at the same time (e.g. Collection).
* redirect.php was removed. It was unused.
* ClickTracking integration was dropped from the mediaWiki.user.bucket
JavaScript function. The 'tracked' option is now ignored.
* BREAKING CHANGE: Legacy skins Simple, MySkin, Chick, Standard and Nostalgia
were all removed. (Nostalgia was moved to an extension.) The SkinLegacy and
LegacyTemplate classes that supported them were removed as well and are now a
part of the Nostalgia extension.
* Event namespace used by jquery.makeCollapsible has been changed from
'mw-collapse' to 'mw-collapsible' for consistency with the module name.
* BREAKING CHANGE: The "ExternalAuth" authentication subsystem was removed,
along with its associated globals of $wgExternalAuthType, $wgExternalAuthConf,
$wgAutocreatePolicy and $wgAllowPrefChange. Affected users are encouraged to
use AuthPlugin for external authentication/authorization needs.
* The Quickbar feature of the legacy skin model and the last remnants of it
throughout the code base have been removed.
* Externaledit/externaldiff preference was removed. Very few users used this
feature, and improper configuration can actually prevent a user from editing
* Calling Linker methods using a skin will now output deprecation warnings.
* (bug 46680) "Return to" links are no longer tagged with rel="next".
* BREAKING CHANGE: mw.util.tooltipAccessKeyRegexp: The match group for the
accesskey character is now $6 instead of $5.
* HipHop compiler (hphpc) support was removed. HipHop VM support (hhvm) was
added.
* A new Special:Redirect page was added, providing lookup by revision ID,
user ID, or file name. The old Special:Filepath page was reimplemented
to redirect through Special:Redirect.
* Monobook: Removed the old conditional stylesheets for Opera 6, 7 and 9.
* Support for XHTML 1.0 has been removed. MediaWiki now only outputs (X)HTML5.
* wikibits: User-agent related globals have been deprecated. The following
properties now default to false and emit mw.log.warn: is_gecko, is_chrome_mac,
is_chrome, webkit_version, is_safari_win, is_safari, webkit_match, is_ff2,
ff2_bugs, is_ff2_win, is_ff2_x11, opera95_bugs, opera7_bugs, opera6_bugs,
is_opera_95, is_opera_preseven, is_opera, and ie6_bugs.
* (bug 48276) MediaWiki will now flash a confirmation message upon successfully
editing a page.
* (bug 40785) mediawiki.legacy.ajax has been marked as deprecated. The following
properties now emit mw.log.warn when accessed: sajax_debug, sajax_init_object,
sajax_do_call and wfSupportsAjax.
* BREAKING CHANGE: meta keywords are no longer supported. A
<meta name="keywords" will no longer be output and OutputPage::addKeyword no
longer exists.
* Methods Title::userCanEditCssSubpage and Title::userCanEditJsSubpage,
deprecated since 1.19, have been removed.
* (bug 50134) Hook functions are no longer required to return a value. When a
hook function does not return a value (or when it returns an explicit null),
processing continues. To abort the hook, a hook function must return an
explicit, boolean false or a string error message. Other falsey values are
tantamount to a 'return true' in earlier versions of MediaWiki.
* BREAKING CHANGE: The EditSectionLink hook was removed after being
deprecated since MediaWiki 1.14. Use DoEditSectionLink instead.
* (bug 48256) The 'editsection-brackets' optional message was removed.
Section edit links' brackets can now be customized using CSS by
styling span.mw-editsection-bracket.
* The usePatrol function in ChangesList has been marked as deprecated.
* (bug 50785) A "null edit", that is, a save action in which no changes to the
page text are made and no revision recorded, will no longer send refreshLinks
jobs to the job table to update pages which use the edited page as a template.
* The LivePreviewPrepare and LivePreviewDone events triggered on "jQuery( mw )"
have been deprecated in favour of using mw.hook.
* The 'showjumplinks' user preference has been removed, jump links are now
always included.
* Methods RecentChange::notifyRC2UDP, RecentChange::sendToUDP, and
RecentChange::cleanupForIRC have been deprecated, as it is now the
responsibility of classes implementing the RCFeedFormatter and RCFeedEngine
interfaces to implement the formatting and delivery for recent change
notifications.
* SpecialPrefixindex methods namespacePrefixForm() and showPrefixChunk() have
been made protected. They were accepting form variance arguments, this is now
using properties in the SpecialPrefixindex class.
* (bug 50310) BREAKING CHANGE: wikibits: Drop support for mwCustomEditButtons.
It defaults to an empty array and emits mw.log.warn when accessed.
* BREAKING CHANGE: Special:Disambiguations has been removed from MediaWiki core.
Functions related to disambiguation pages are now handled by the Disambiguator
extension (https://www.mediawiki.org/wiki/Extension:Disambiguator) (bug
35981).
* BREAKING CHANGE: The 'mediawiki.legacy.wikiprintable' module has been removed.
The skins/common/wikiprintable.css file no longer exists. Return value of
Skin#commonPrintStylesheet is ignored. Please use the
'mediawiki.legacy.commonPrint' module instead or base your skin on
SkinTemplate.
* (bug 49629) The hook ExtractThumbParameters has been deprecated in favour
of media handler overriding MediaHandler::parseParamString.
* (bug 46512) The collapsibleNav feature from the Vector extension has been
moved to the Vector skin in core.
* SpecialRecentChanges::addRecentChangesJS() function has been renamed
to addModules() and made protected.
* Methods WatchAction::doWatch and WatchAction::doUnwatch now return a Status
object instead of a boolean.
* Information boxes (CSS classes errorbox, warningbox, successbox) have been
made more subtle.
* BREAKING CHANGE: The module 'mediawiki.legacy.IEFixes' has been removed as it
was unused. The file skins/common/IEFixes.js remains but is only used by
wikibits. The file never contained any re-usable components. To use it in a
skin, load 'mediawiki.legacy.wikibits' (which IEFixes depends on) and that
will import IEFixes automatically if user agent conditions are met.
* Code specific to the Math extension was marked as deprecated.
* mediawiki.util: mw.util.wikiGetlink has been renamed to getUrl. (The old name
still works, but is deprecated.)
= MediaWiki 1.21 =
== MediaWiki 1.21.11 ==
This is a security and maintenance release of the MediaWiki 1.21 branch.
=== Changes since 1.21.10 ===
* (bug 65839) SECURITY: Prevent external resources in SVG files.
* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like
only extracting the tail of the file partially or not at all.
== MediaWiki 1.21.10 ==
This is a security and maintenance release of the MediaWiki 1.21 branch.
=== Changes since 1.21.9 ===
* (bug 65501) SECURITY: Don't parse usernames as wikitext on
Special:PasswordReset.
* (bug 36356) Add space between two feed links.
== MediaWiki 1.21.9 ==
This is a security and maintenance release of the MediaWiki 1.21 branch.
=== Changes since 1.21.8 ===
* (bug 63251) SECURITY: Escape sortKey in pageInfo.
* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to
appear blank or with missing text.
== MediaWiki 1.21.8 ==
This is a security and maintenance release of the MediaWiki 1.21 branch.
=== Changes since 1.21.7 ===
* (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword.
* (bug 62467) Set a title for the context during import on the cli.
== MediaWiki 1.21.7 ==
This is a maintenance release of the MediaWiki 1.21 branch.
=== Changes since 1.21.6 ===
* Use the correct branch of the extensions' git repositories.
== MediaWiki 1.21.6 ==
This is a security release of the MediaWiki 1.21 branch.
=== Changes since 1.21.5 ===
* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted
namespaces. Also disallow iframe elements.
* User will get an error including the namespace name if they use a
non-whitelisted namespace.
* (bug 61346) SECURITY: Make token comparison use constant time. It seems like
our token comparison would be vulnerable to timing attacks. This will take
constant time.
* (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.
== MediaWiki 1.21.5 ==
This is a security release of the MediaWiki 1.21 branch.
=== Changes since 1.21.4 ===
* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media
formats
== MediaWiki 1.21.4 ==
This is a security release of the MediaWiki 1.21 branch.
=== Changes since 1.21.3 ===
* (bug 57550) SECURITY: Disallow stylesheets in SVG Uploads
* (bug 58088) SECURITY: Don't normalize U+FF3C to \ in CSS Checks
* (bug 58472) SECURITY: Disallow -o-link in styles
* (bug 58553) SECURITY: Return error on invalid XML for SVG Uploads
* (bug 58699) SECURITY: Fix RevDel log entry information leaks
== MediaWiki 1.21.3 ==
This is a security and maintenance release of the MediaWiki 1.21 branch.
=== Changes since 1.21.2 ===
* (bug 53032) SECURITY: Don't cache when a call could autocreate
* (bug 55332) SECURITY: Improve css javascript detection
* (bug 49717) Fix behaviour $wgVerifyMimeType = false; in Upload
* Fix comma errors in various js files
* Translations
== MediaWiki 1.21.2 ==
This is a security and maintenance release of the MediaWiki 1.21 branch.
=== Changes since 1.21.1 ===
* SECURITY: Fix extension detection with 2 .'s
* SECURITY: Support for the 'gettoken' parameter to action=block and
action=unblock, deprecated since 1.20, has been removed.
* SECURITY: Sanitize ResourceLoader exception messages
* Purge upstream caches when deleting file assets.
* Unit test suite now runs the AutoLoader tests. Also fixed the autoloading
entry for the PageORMTableForTesting class though it had no impact.
== MediaWiki 1.21.1 ==
This is a maintenance release of the MediaWiki 1.21 branch.
=== Changes since 1.21.0 ===
* An incorrect version number was used for 1.21.0. 1.21.1 has the correct
number.
* A problem with the Oracle SQL table creation was fixed.
* (PdfHandler extension) Fix warning if pdfinfo fails but pdftext succeeds.
== MediaWiki 1.21.0 ==
=== Configuration changes in 1.21 ===
* (bug 29374) $wgVectorUseSimpleSearch is now enabled by default.
* Deprecated $wgAllowRealName is removed. Use $wgHiddenPrefs[] = 'realname'
instead.
* (bug 39957) Added $wgUnwatchedPageThreshold, specifying minimum count
of page watchers required for the number to be accessible to users
without the unwatchedpages permission.
* $wgBug34832TransitionalRollback has been removed.
* (bug 29472) $wgUseDynamicDates has been removed and its functionality
disabled.
=== New features in 1.21 ===
* (bug 38110) Schema changes (adding or dropping tables, indices and
fields) can be now be done separately from other changes that
update.php makes. This is useful in environments that use database
permissions to restrict schema changes but allow the DB user that
MediaWiki normally runs as to perform other changes that update.php
makes. Schema changes can be run separately. See the file UPGRADE
for more information.
* (bug 34876) jquery.makeCollapsible has been improved in performance.
* Added ContentHandler facility to allow extensions to support other content
than wikitext. See docs/contenthandler.txt for details.
* New feature was developed for showing high-DPI thumbnails for high-DPI mobile
and desktop displays (configurable with $wgResponsiveImages).
* Added new backend to represent and store information about sites and site
specific configuration.
* jQuery upgraded from 1.8.2 to 1.8.3.
* jQuery UI upgraded from 1.8.23 to 1.8.24.
* Added separate fa_sha1 field to filearchive table. This allows sha1
searches with the api in miser mode for deleted files.
* Add initial and programmatic sorting for tablesorter.
* Add the event "sortEnd.tablesorter", triggered after sorting has completed.
* The Job system was refactored to allow for different backing stores for
queues as well as cross-wiki access to queues, among other things. The schema
for the DB queue was changed to support better concurrency and reduce
deadlock errors.
* Added ApiQueryORM class to facilitate creation of query API modules based on
tables that have a corresponding ORMTable class.
* (bug 40876) Icon for PSD (Adobe Photoshop) file types.
* (bug 40641) Implemented Special:Version/Credits with a list of contributors.
* (bug 7851) Implemented one-click AJAX patrolling.
* The <data>, <time>, <meta>, and <link> elements are allowed within WikiText
for use with Microdata.
* The HTML5 <mark> tag has been whitelisted.
* Added ParserCloned hook for when the Parser object is cloned.
* Added AlternateEditPreview hook to allow extensions to replace the page
preview from the edit page.
* Added EditPage::showStandardInputs:options hook to allow extensions to add
new fields to the "editOptions" area of the edit form.
* Upload stash DB schema altered to improve upload performance.
* The following global functions are now reporting deprecated warnings in
debug mode: wfMsg, wfMsgNoTrans, wfMsgForContent, wfMsgForContentNoTrans,
wfMsgReal, wfMsgGetKey, wfMsgHtml, wfMsgWikiHtml, wfMsgExt, wfEmptyMsg. Use
the Message class, or the global method wfMessage.
* Added $wgEnableCanonicalServerLink, off by default. If enabled, a
<link rel=canonical> tag is added to every page indicating the correct server
to use.
* Debug message emitted by wfDebugLog() will now be prefixed with the group
name when its logged to the default log file. That is the case whenever the
group has no key in wgDebugLogGroups, that will help triage the default log.
* (bug 24620) Add types to LogFormatter.
* jQuery JSON upgraded from 2.3 to 2.4.0.
* Added GetDoubleUnderscoreIDs hook, for modifying the list of magic words.
* DatabaseUpdater class has two new methods to ease extensions schema changes:
dropExtensionIndex and renameExtensionIndex.
* New preference type - 'api'. Preferences of this type are not shown on
Special:Preferences, but are still available via the action=options API.
* (bug 39397) Hide rollback link if a user is the only contributor of the page.
* $wgPageInfoTransclusionLimit limits the list size of transcluded articles
on the info action. Default is 50.
* Added action=createaccount to allow user account creation.
* (bug 40124) action=options API also allows for setting of arbitrary
preferences, provided that their names are prefixed with 'userjs-'. This
officially reenables the feature that was undocumented and defective
in MW 1.20 (saving preferences using Special:Preferences cleared any
additional fields) and which has been disabled in 1.20.1 as a part of
a security fix (bug 42202).
* Added option to specify "others" as author in extension credits using
"..." as author name.
* Added the ability to limit the wall clock time used by shell processes,
as well as the CPU time. Configurable with $wgMaxShellWallClockTime.
* Allow memory of shell subprocesses to be limited using Linux cgroups
instead of ulimit -v, which tends to cause deadlocks in recent versions
of ImageMagick. Configurable with $wgShellCgroup.
* Added $wgWhitelistReadRegexp for regex whitelisting.
* (bug 5346) Categories that are redirects will be displayed italic in
the category links section at the bottom of a page.
* (bug 43915) New maintenance script deleteEqualMessages.php.
* You can now create checkbox option matrices through the HTMLCheckMatrix
subclass in HTMLForm.
* WikiText now permits the use of WAI-ARIA's role="presentation" inside of
html elements and tables. This allows presentational markup, especially
tables. To be marked up as such.
* maintenance/sql.php learned the --cluster option. Let you run the script
on some external cluster instead of the primary cluster for a given wiki.
* (bug 20281) test the parsing of inline URLs.
* Added Special:PagesWithProp, which lists pages using a particular page
property.
* Implemented language-specific collations for category sorting for 67 languages
based in latin, greek and cyrillic alphabets. This allows one to *finally* get
articles to be correctly sorted on category pages. They are named
'uca-<langcode>', where <langcode> is one of: af, ast, az, be, bg, br, bs, ca,
co, cs, cy, da, de, dsb, el, en, eo, es, et, eu, fi, fo, fr, fur, fy, ga, gd,
gl, hr, hsb, hu, is, it, kk, kl, ku, ky, la, lb, lt, lv, mk, mo, mt, nl, no,
oc, pl, pt, rm, ro, ru, rup, sco, sk, sl, smn, sq, sr, sv, tk, tl, tr, tt, uk,
uz, vi.
* Added 'CategoryAfterPageAdded' and 'CategoryAfterPageRemoved' hooks.
* Added 'HistoryRevisionTools' and 'DiffRevisionTools' hooks.
* Added 'SpecialSearchResultsPrepend' and 'SpecialSearchResultsAppend' hooks.
* (bug 33186) Add image rotation api "imagerotate"
* (bug 34040) Add "User rights management" link on user page toolbox.
* (bug 45526) Add QUnit assertion helper "QUnit.assert.htmlEqual" for asserting
structual equality of HTML (ignoring insignificant differences like
quotmarks, order and whitespace in the attribute list).
* (bug 23393) HTML <hN> headings containing line breaks are now handled
correctly.
* (bug 45803) Whitespace within == Headline == syntax and within <hN> headings
is now non-significant and not preserved in the HTML output.
=== Bug fixes in 1.21 ===
* (bug 40353) SpecialDoubleRedirect should support interwiki redirects.
* (bug 40352) fixDoubleRedirects.php should support interwiki redirects.
* (bug 9237) SpecialBrokenRedirect should not list interwiki redirects.
* (bug 34960) Drop unused fields rc_moved_to_ns and rc_moved_to_title from
recentchanges table.
* (bug 32951) Do not register internal externals with absolute protocol,
when server has relative protocol.
* (bug 39005) When purging proxies listed in $wgSquidServers using HTTP PURGE
method requests, we now send a Host header by default, for Varnish
compatibility. This also works with Squid in reverse-proxy mode. If you wish
to support Squid configured in forward-proxy mode, set
$wgSquidPurgeUseHostHeader to false.
* (bug 37020) sql.php with readline eats semicolon.
* (bug 11748) Properly handle optionally-closed HTML tags when Tidy is
disabled, and don't wrap HTML-syntax definition lists in paragraphs.
* (bug 41409) Diffs while editing an old revision should again diff against the
current revision.
* (bug 41494) Honor $wgLogExceptionBacktrace when logging non-API exceptions
caught during API execution.
* (bug 37963) Fixed loading process for user options.
* (bug 26995) Update filename field on Upload page after having sanitized it.
* (bug 41793) Contribution links to users with 0 edits on Special:ListUsers
didn't show up red.
* (bug 41899) A PHP notice no longer occurs when using the "rvcontinue" API
parameter.
* (bug 42036) Account creation emails now contain canonical (not
protocol-relative) URLs.
* (bug 41990) Fix regression: API edit with redirect=true and lacking
starttimestamp and basetimestamp should not cause an edit conflict.
* (bug 41706) EditPage: Preloaded page should be converted if possible and
needed.
* (bug 41886) Rowspans are no longer exploded by tablesorter until the table is
actually sorted.
* (bug 2865) User interface HTML elements don't use lang attribute.
(completed the fix by adding the lang attribute to firstHeading).
* (bug 42173) Removed namespace prefixes on Special:UncategorizedCategories.
* (bug 36053) Log in "returnto" feature forgets query parameters if no
title parameter was specified.
* (bug 42410) API action=edit now returns correct timestamp for the new edit.
* (bug 14901) Email notification mistakes log action for new page creation.
Enotif no longer sends "page has been created" notifications for some log
actions. The following events now have a correct message: page creation,
deletion, move, restore (undeletion), change (edit). Parameter
$CHANGEDORCREATED is deprecated in 'enotif_body' and scheduled for removal in
MediaWiki 1.23.
* (bug 457) In the sidebar of Vector, CologneBlue, Monobook, and Monobook-based
skins, the heading levels have been changed from (variously per skin)
<h4>, <h5> or <h6> to only <h3>s, with a <h2> hidden heading above them.
If you are styling or scripting the headings in a custom way, this change
will require updates to your site's CSS or JS.
* (bug 41342) jquery.suggestions should cancel any active (async) fetches
before it triggers another fetch.
* (bug 42184) $wgUploadSizeWarning missing second variable.
* (bug 34581) removeUnusedAccounts.php maintenance script now ignores newuser
log when determining whether an account is used.
* (bug 43379) Gracefully fail if rev_len is unavailable for a revision on the
History page.
* (bug 42949) API no longer assumes all exceptions are MWException.
* (bug 41733) Hide "New user message" (.usermessage) element from printable
view.
* (bug 39062) Special:Contributions will display changes that don't have
a parent id instead of just an empty bullet item.
* (bug 37209) "LinkCache doesn't currently know about this title" error fixed.
* wfMerge() now works if $wgDiff3 contains spaces
* (bug 43052) mediawiki.action.view.dblClickEdit.dblClickEdit should trigger
ca-edit click instead opening URL directly.
* (bug 43964) Invalid value of "link" parameter in <gallery> no longer produces
a fatal error.
* (bug 44775) The username field is not pre-filled when creating an account.
* (bug 45069) wfParseUrl() no longer produces a PHP notice if passed a "mailto:"
URL without address
* (bug 45012) Creating an account by e-mail can no longer show a
"password mismatch" error.
* (bug 44599) On Special:Version, HEADs for submodule checkouts (e.g. for
extensions) performed using Git 1.7.8+ should now appear.
* (bug 42184) $wgUploadSizeWarning missing second variable
* (bug 40326) Check if files exist with a different extension during uploading
* (bug 34798) Updated CSS for Atom/RSS recent changes feeds to match on-wiki
diffs.
* (bug 42430) Calling numRows on MySQL no longer propagates unrelated errors.
* (bug 44719) Removed mention of non-existing maintenance/migrateCurStubs.php
script in includes/DefaultSettings.php
* (bug 45143) jquery.badge: Treat non-Latin variants of zero as zero as well.
* (bug 46151) mwdocgen.php should not ignore exit code of doxygen command.
* (bug 41889) Fix $.tablesorter rowspan exploding for complex cases.
=== API changes in 1.21 ===
* prop=revisions can now report the contentmodel and contentformat.
See docs/contenthandler.txt.
* action=edit and action=parse now support contentmodel and contentformat
parameters to control the interpretation of page content.
See docs/contenthandler.txt for details.
* (bug 35693) ApiQueryImageInfo now suppresses errors when unserializing
metadata.
* (bug 40111) Disable minor edit for page/section creation by API.
* (bug 41042) Revert change to action=parse&page=... behavior when the page
does not exist.
* (bug 27202) Add timestamp sort to list=allimages.
* (bug 43137) Don't return the sha1 of revisions through the API if the content
is revision-deleted.
* ApiQueryImageInfo now also returns imageinfo for redirects.
* list=alltransclusions added to enumerate every instance of page embedding
* list=alllinks & alltransclusions now allow both 'from' and 'continue' in
the same query. When both are present, 'from' is simply ignored.
* list=alllinks & alltransclusions now allow 'unique' in generators, to yield
a list of all link/template target pages instead of source pages.
* BREAKING CHANGE: list=logevents output format changed for details of some log
types. Specifically, details that were formerly reported under a key like
"4::foo" will now be reported under a key of simply "foo".
* BREAKING CHANGE: '??_badcontinue' error code was changed to '??badcontinue'
for all query modules.
* ApiQueryBase adds 'badcontinue' error code if module has 'continue' parameter.
* (bug 35885) Removed version parameter and all getVersion() methods.
* action=options now takes a "resetkinds" option, which allows only resetting
certain types of preferences when the "reset" option is set.
* (bug 36751) ApiQueryImageInfo now returns imageinfo for the redirect target
when queried with &redirects=.
* (bug 31849) ApiQueryImageInfo no longer gets confused when asked for info on
a redirect and its target.
* (bug 43849) ApiQueryImageInfo no longer throws exceptions with ForeignDBRepo
redirects.
* On error, any warnings generated before that error will be shown in the
result.
* action=help supports generalized submodules (modules=query+value),
querymodules obsolete
* ApiQueryImageInfo continuation is more reliable. The only major change is
that the imagerepository property will no longer be set on page objects not
processed in the current query (i.e. non-images or those skipped due to
iicontinue).
* Add supports for all pageset capabilities - generators, redirects,
converttitles to action=purge and action=setnotificationtimestamp.
* (bug 43251) prop=pageprops&ppprop= now accepts multiple props to query.
* ApiQueryImageInfo will now limit the number of calls to File::transform made
in any one query. If there are too many, iicontinue will be returned.
* action=query&meta=siteinfo&siprop=general will now return the regexes used for
link trails and link prefixes. Added for Parsoid support.
* Added an API query module list=pageswithprop, which lists pages using a
particular page property.
* Added an API query module list=pagepropnames, which lists all page prop names
currently in use on the wiki.
* (bug 44921) ApiMain::execute() will now return after the CORS check for an
HTTP OPTIONS request.
* (bug 44923) action=upload works correctly if the entire file is uploaded in
the first chunk.
* Added 'continue=' parameter to streamline client iteration over complex query
results
* (bug 44909) API parameters may now be marked as type "upload", which is now
used for action=upload's 'file' and 'chunk' parameters. This type will raise
an error during parameter validation if the parameter is given but not
recognized as an uploaded file.
* (bug 44244) prop=info may now return the number of people watching each page.
* (bug 33304) list=allpages will no longer return duplicate entries when
querying protection.
* (bug 33304) list=allpages will now find really old indefinite protections.
* (bug 45937) meta=allmessages will report a syntactically invalid lang as a
proper error instead of as an uncaught exception.
* (bug 25325) added support for wlshow filtering (bots/anon/minor/patrolled)
to action=feedwatchlist
* WDDX formatted output will actually be formatted (and normal output will no
longer be), and will no longer choke on booleans.
=== API internal changes in 1.21 ===
* For debugging only, a new global $wgDebugAPI removes many API restrictions
when true.
Never use on the production servers, as this flag introduces security holes.
Whenever enabled, a warning will also be added to all output.
* ApiModuleManager now handles all submodules (actions,props,lists) and
instantiation
* Query stores prop/list/meta as submodules
* ApiPageSet can now be used in any action to process titles/pageids/revids or
any generator.
* BREAKING CHANGE: ApiPageSet constructor now has two params instead of three,
with only the first one keeping its meaning. ApiPageSet is now derived from
ApiBase.
* BREAKING CHANGE: ApiQuery::newGenerator() and executeGeneratorModule() were
deleted.
* ApiQueryGeneratorBase::setGeneratorMode() now requires a pageset param.
* $wgAPIGeneratorModules is now obsolete and will be ignored.
* Added flags ApiResult::OVERRIDE and ADD_ON_TOP to setElement() and addValue()
* Internal API calls will now include <warnings> in case of unused parameters
=== Languages updated in 1.21 ===
MediaWiki supports over 350 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Bugzilla reports.
* South Azerbaijani (azb) added.
* (bug 30040) Autonym for nds-nl is now 'Nedersaksies' (was 'Nedersaksisch').
* (bug 45436) Autonym for pi (Pali) is now 'पालि' (was ''पाळि').
* (bug 34977) Now formatted numbers in Spanish use space as separator
for thousands, as mandated by the Real Academia Española.
* (bug 35031) Kurdish formatted numbers now use period and comma
as separators for thousands and decimals respectively.
=== Other changes in 1.21 ===
* BREAKING CHANGE: (bug 44385) Removed the jquery.collapsibleTabs module and
moved it to the Vector extension. It was entirely Vector-extension-specific,
deeply interconnected with the extension, and this functionality really
belongs to the extension instead of the skin anyway. In the unlikely case you
were using it, you have to either copy it to your extension, or install the
Vector extension (and possibly disable its features using config settings if
you don't want them).
* Experimental IBM DB2 support was removed due to lack of interest and
maintainership
* BREAKING CHANGE: Filenames of maintenance scripts were standardized into
lowerCamelCase format, and made more explicit:
- clear_stats.php -> clearCacheStats.php
- clear_interwiki_cache.php -> clearInterwikiCache.php
- initStats.php -> initSiteStats.php
- proxy_check.php -> proxyCheck.php
- stats.php -> showCacheStats.php
- showStats.php -> showSiteStats.php.
Class names were renamed accordingly:
- clear_stats -> ClearCacheStats
- InitStats -> InitSiteStats
- CacheStats -> ShowCacheStats
- ShowStats -> ShowSiteStats.
* BREAKING CHANGE: (bug 38244) Removed the mediawiki.api.titleblacklist module
and moved it to the TitleBlacklist extension.
= MediaWiki 1.20 =
== MediaWiki 1.20.8 ==
This is a security release of the MediaWiki 1.20 branch.
=== Changes since 1.20.7 ===
* (bug 53032) SECURITY: Don't cache when a call could autocreate
* (bug 55332) SECURITY: Improve css javascript detection
* (bug 49717) Fix behaviour $wgVerifyMimeType = false; in Upload
* Fix comma errors in various js files
* Translations
== MediaWiki 1.20.7 ==
This is a security release of the MediaWiki 1.20 branch.
=== Changes since 1.20.6 ===
* SECURITY: Fix extension detection with 2 .'s
* SECURITY: Token-getting functions will fail when using jsonp callbacks.
* SECURITY: Sanitize ResourceLoader exception messages
* Purge upstream caches when deleting file assets.
== MediaWiki 1.20.6 ==
This is a security and maintenance release of the MediaWiki 1.20 branch.
=== Changes since 1.20.5 ===
* (bug 48306) SECURITY: Run file validation checks on chunked uploads, and
chunks of upload, during the upload process.
* (bug 44327) mediawiki.user: Use session ID instead of 1-year cross-session
cookies
* (bug 47202) wikibits: FF2Fixes.css should not be loaded in Firefox 20.
* (bug 31044) Make ResourceLoader behave in read-only mode
== MediaWiki 1.20.5 ==
This is a security and maintenance release of the MediaWiki 1.20 branch.
=== Changes since 1.20.4 ===
* (bug 46590) Add hook AbortChangePassword to Special:ChangePassword
* (bug 47304) SECURITY: Check SVG xml encoding against whitelist
* Localisation updates from http://translatewiki.net.
* mwdocgen.php: Implement --version option.
* Remove svnstat stuff used in Doxygen generation
* (bug 43594) Correctly suppress warnings that were missed after the upstream
* PHP change to E_STRICT being included in E_ALL.
== MediaWiki 1.20.4 ==
This is a security release of the MediaWiki 1.20 branch.
=== Changes since 1.20.3 ===
* (bug 47251) SECURITY: Disable external entities in Import
* (bug 46859) SECURITY: Disable external entities in XMLReader
* (bug 46084) SECURITY: Sanitize $limitReport before outputting
== MediaWiki 1.20.3 ==
This is a security and maintenance release of the MediaWiki 1.20 branch.
=== Changes since MediaWiki 1.20.2 ===
* New preference type - 'api'. Preferences of this type are not shown on
Special:Preferences, but are still available via the action=options API.
(Unbreaks MLEB.)
* (bug 44010) Context is passed to UserGetLanguageObject.
* The recursion guard on RequestContext::getLanguage() was weakened.
* (bug 40585) Don't drop 'step="any"' in HTML input fields.
* (bug 44024) Fixed problems in ObjectCache when using XCache.
* (bug 44010) FauxRequest leaked cookie data from primary request.
* (bug 44135/bug 42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST
* (bug 43518) API action=unblock should return the user name, not the full user
object
* (bug 45355) Prevent read of arbitrary files through mwdoc-filter.php
== MediaWiki 1.20.2 ==
This is a maintenance release of the MediaWiki 1.20 branch
=== Changes since MediaWiki 1.20.1 ===
* (bug 42638) Fix API action=options&reset=1 & unit tests.
* (bug 42370) Fixed backport of 60cc060 to use mDoneWrites — caused
* (bug 42592) User rights, preferences and other things are not saving in
1.20.1.
== MediaWiki 1.20.1 ==
This is a security release of the MediaWiki 1.20 branch
=== Changes since 1.20.0 ===
* (bug 42202) Validate options to prevent html injection
* (bug 40995) Prevent session fixation in Special:UserLogin (CVE-2012-5391)
* (bug 41400) Prevent linker regex from exceeding PCRE backtrack limit
* Javscript Lint fixes
* (bug 40632) Remove CleanupPresentationalAttributes feature
* [Database] Fixed case where trx idle callbacks might be lost.
== MediaWiki 1.20.0 ==
=== PHP 5.3 now required ===
Since 1.20, the lowest supported version of PHP is now 5.3.2. Please
upgrade PHP if you have not done so prior to upgrading MediaWiki.
=== Configuration changes in 1.20 ===
* $wgGitRepositoryViewers defines a mapping from Git remote repository to the
Gitweb instance URL used in Special:Version.
* `$wgUsePathInfo = true;` is no longer needed to make $wgArticlePath work on
servers using like nginx, lighttpd, and apache over fastcgi. MediaWiki now
always extracts path info from REQUEST_URI if it's available.
* The user right 'upload_by_url' is no longer given to sysops by default.
This only affects installations which have $wgAllowCopyUploads set to true.
* Removed f-prot support from $wgAntivirusSetup.
* New variable $wgDBerrorLogTZ to provide dates in the error log in a
different timezone than the wiki timezone set by $wgLocaltimezone.
* New variables $wgDBssl and $wgDBcompress to enable SSL and compression for
database connections, if either are available for the selected DB type.
* $wgUseCombinedLoginLink now defaults to false, making MediaWiki output
separate login and create account links by default.
=== New features in 1.20 ===
* Added TitleIsAlwaysKnown hook which gets called when determining if a page
exists.
* Added NamespaceIsMovable hook which gets called when determining if pages in a
certain namespace can be moved.
* Added SpecialPageBeforeExecute hook which gets called before
SpecialPage::execute.
* Added SpecialPageAfterExecute hook which gets called after
SpecialPage::execute.
* Added ORMTable, ORMRow and ORMResult classes for additional abstraction of
database interaction.
* Added CacheHelper and associated SpecialCachedPage and CachedAction helper
classes.
* (bug 32341) Add upload by URL domain limitation.
* &useskin=default will now always display the default skin. Useful for users
with a preference for the non-default skin to look at something using the
default skin.
* (bug 27619) Remove preference option to display broken links as link?
* (bug 34896) jQuery JSON plugin upgraded to v2.3 (2011-09-17).
* (bug 34302) Add CSS classes to email fields in user preferences.
* Introduced $wgDebugDBTransactions to trace transaction status (currently
PostgreSQL only).
* (bug 23795) Add parser itself to ParserMakeImageParams hook.
* Introduce a cryptographic random number generator source api for use when
generating various tokens.
* (bug 30963) Option on Special:Prefixindex and Special:Allpages to not show
redirects.
* (bug 18062) New message when edit or create the local page of a shared file.
* (bug 22870) Separate interface message when creating a page.
* (bug 17615) nosummary option should be reassigned on preview/captcha.
* (bug 34355) Add a variable and parser function for the namespace number.
* (bug 35649) Special:Version now shows hashes of extensions checked out from
git.
* (bug 35728) Git revisions are now linked on Special:Version.
* "Show Changes" on default messages shows now diff against default message text
* (bug 23006) create #speciale parser function.
* generateSitemap can now optionally skip redirect pages.
* (bug 27757) New API command just for retrieving tokens (not page-based).
* Added GitViewers hook for extensions using external git repositories to have a
web-based repository viewer linked to from Special:Version.
* Memcached debug logs can now be sent to their own file logs by setting
$wgDebugLogFile['memcached'] to some filepath.
* (bug 35685) api.php URL and other entry point URLs are now listed on
Special:Version
* Edit notices can now be translated.
* jQuery upgraded to 1.8.2.
* jQuery UI upgraded to 1.8.23.
* QUnit upgraded from v1.2.0 to v1.10.0.
* (bug 37604) jquery.cookie upgraded to 2011 version.
* (bug 22887) Add warning and tracking category for preprocessor errors
* (bug 31704) Allow selection of associated namespace on the watchlist
* (bug 5445) Now remove autoblocks when a user is unblocked.
* Added $wgLogExceptionBacktrace, on by default, to allow logging of exception
backtraces.
* Added device detection for determining device capabilities.
* QUnit.newMwEnvironment now supports passing a custom setup and/or teardown
function. Arguments signature has changed. First arguments is now an options
object of which 'config' can be a property. Previously 'config' itself was the
first and only argument.
* New getCreator and getOldestRevision methods added to WikiPage class
* (bug 4220) the XML dump format schema now have unique identity constraints
for page and revision identifiers. Patch by Elvis Stansvik.
* cleanupSpam.php now can delete spam pages if --delete was specified instead of
blanking them.
* Added new hook ChangePasswordForm to allow adding of additional fields in
Special:ChangePassword
* Added new function getDomain to AuthPlugin for getting a user's domain
* (bug 23427) New magic word {{PAGEID}} which gives the current page ID.
Will be null on previewing a page being created.
* (bug 37627) UserNotLoggedIn() exception to show a generic error page whenever
a user is not logged in.
* Watched status in changes lists are no longer indicated by <strong></strong>
tags with class "mw-watched". Instead, each line now has a class
"mw-changeslist-line-watched" or "mw-changeslist-line-not-watched", and the
title itself is surrounded by <span></span> tags with class "mw-title".
* Added ContribsPager::reallyDoQuery hook allowing extensions to data to
MyContribs
* Added new hook ParserAfterParse to allow extensions to affect parsed output
after the parse is complete but before block level processing, link holder
replacement, and so on.
* (bug 34678) Added InternalParseBeforeSanitize hook which gets called during
Parser's internalParse method just before the parser removes
unwanted/dangerous HTML tags.
* Added new hook AfterFinalPageOutput to allow modifications to buffered page
output before sent to the client.
* (bug 36783) Implement jQuery Promise interface in mediawiki.api module.
* Make dates in sortable tables sort according to the page content language
instead of the site content language
* (bug 37926) Deleterevision will no longer allow users to delete log entries,
the new deletelogentry permission is required for this.
* (bug 14237) Allow PAGESINCATEGORY to distinguish between 'all', 'pages',
'files' and 'subcats'
* (bug 38362) Make Special:Listuser includeable on wiki pages.
* Added support in jquery.localize for placeholder attributes.
* (bug 38151) Implemented mw.user.getRights for getting and caching the current
user's user rights.
* Session storage can now configured independently of general object cache
storage, by using $wgSessionCacheType. $wgSessionsInMemcached has been
renamed to $wgSessionsInObjectCache, with the old name retained for backwards
compatibility. When this feature is enabled, the expiry time can now be
configured with $wgObjectCacheSessionExpiry.
* Added a Redis client for object caching.
* Implemented mw.user.getGroups for getting and caching user groups.
* (bug 37830) Added $wgRequirePasswordforEmailChange to control whether password
confirmation is required for changing an email address or not.
* HTMLForm mutators can now be chained (they return $this)
* A new message, "api-error-filetype-banned-type", is available for formatting
API upload errors due to the file extension blacklist.
* New hook 'ParserTestGlobals' allows to set globals before running parser
tests.
* Allow importing pages as subpage.
* Add lang and hreflang attributes to language links on Login page.
* (bug 22749) Create Special:MostInterwikis.
* Show change tags when transclude Special:Recentchanges(linked) or
Special:Newpages.
* (bug 23226) Add |class= parameter to image links in order to add class(es) to
HTML img tag.
* (bug 39431) SVG animated status is now shown in long description.
* (bug 39376) jquery.form upgraded to 3.14.
* SVG files will now show the actual width in the SVG's specified units
in the metadata box.
* Added ResourceLoader module "jquery.jStorage" (v0.3.0, http://jStorage.info/).
* (bug 39273) Added AJAX support for "Show changes" (diff) in LivePreview.
* Added ResourceLoader module "jquery.badge".
* mw.util.$content now points to the overall content area in the skin rather
than just page text content area. If you need the old behavior please use
$( '#mw-content-text').
* jsMessage has been replaced with a floating bubble notification system
complete with auto-hide, multi-message support, and message replacement tags.
* jquery.messageBox which appears to be unused by both core and extensions has
been removed.
* (bug 34939) Made link parsing insensitive ([HttP://]).
* (bug 40072) Add CSS classes to items in output of ChangesList pages.
* Added $wgCopyUploadProxy global to define which proxy to use for copy
uploads.
* (bug 40448) mediawiki.legacy.mwsuggest has been replaced with a new module,
mediawiki.searchSuggest, based on SimpleSearch from Extension:Vector.
=== Known issues in 1.20.0 ===
These are issues that we're targeting to be fixed in a later release
in the 1.20 series. Issues may be added or removed from this list as
we see fit. For now, it is comprised of those bugs on the 1.20.0
milestone in Bugzilla.
* (bug 35894): Reports of secret key generation "hanging" on windows
This is probably a bug that has been fixed in PHP. If you run
into this, try upgrading your PHP.
* (bug 38334): PHP Notice: Undefined index: href in /www/w/skins/Vector.php on
line 416
We think this is a problem in some extension. If you see this,
try disabling your extensions and check out the logging patch on
this bug. Or try this patch:
<https://gerrit.wikimedia.org/r/#/c/27937/1/skins/Vector.php>
* (bug 39268): [Regression] Toolbar inserts in main textarea only (instead of
the focussed textarea)
This should only be an issue if you are using the ProofreadPage
extension.
* (bug 40641): Clicking "others" in Special:Version asks to download a file
If you encounter this, you can tell your webserver to serve the
CREDITS file with text/plain MIME type to fix it.
=== Bug fixes in 1.20 ===
* (bug 40939): [Regression] InfoAction: Call to a member function getUserText()
on a non-object
* (bug 40780): searchsuggest-containing line ("containing...") doesn't include
the entered text
* (bug 37714): [Regression] Incomplete log entries
* (bug 27202): API: Add timestamp sort to list=allimages
* (bug 30245) Use the correct way to construct a log page title.
* (bug 34237) Regenerate an empty user_token and save to the database
when we try to set the user's cookies for login.
* (bug 32210) New edit emails for watched pages always provide a link to the
edit which triggered the mail.
* (bug 12021) Added user talk link on Special:Listusers.
* (bug 34445) section edit and TOC hide/show links are excluded from selection
and copy/paste on supporting browsers.
* (bug 34428) Fixed incorrect hash mismatch errors in the DiffHistoryBlob
history compression method.
* (bug 34702) Localised parentheses are now used in more special pages.
* (bug 34723) When editing a script page on a RTL wiki the textbox should be
LTR.
* (bug 34762) Calling close() on a DatabaseBase object now clears the
connection.
* (bug 34863) Show deletion log extract on non-existent file pages if
applicable.
* (bug 28019) Let ?preloadtitle=foo be passed on to target of
Special:MyPage and Special:MyTalk.
* (bug 34929) Show the correct diff when a section edit is rejected by the spam
filter.
* (bug 15816) Add a switch for SETting the search_path (Postgres).
* (bug 34521) Returning to the previous page after logging in loses any array-
valued parameters in the query string.
* (bug 34735) Updated compressOld.php documentation to mention the different
usages of -s and -n parameters depending on compression type.
* (bug 13896) Rendering of devanagari numbers in automatic '#' number lists.
* (bug 33689) Upgrade to 1.19 on Postgres fails due to incomplete query when
trying to defer foreign key for externallinks.
* (bug 32748) Printer friendly version of article decode Unicode chars as a
pretty IRI in footer.
* Removed white border around thumbnails in galleries.
* (bug 31236) "Next" and "Previous" buttons are shown incorrectly in
an RTL environment.
* (bug 35749) Updated maintenance/checkSyntax.php to use Git instead of
Subversion when invoked with the --modified option.
* (bug 35069) On history pages, the " . . " separator after the number of
characters changed in a revision is now suppressed if no text would follow.
* (bug 18704) Add a unique CSS class or ID to the tagfilter table row at
RecentChanges
* (bug 33564) transwiki import sometimes result in invalid title.
* (bug 35572) Blocks appear to succeed even if query fails due to wrong DB
structure
* (bug 31757) Add a word-separator between help-messages in HTMLForm
* (bug 30410) Removed deprecated $wgFilterCallback and the 'filtered' API error.
* (bug 32604) Some messages needs escaping of wikitext inside username.
* (bug 36537) Rename wfArrayToCGI to wfArrayToCgi for consistency with
wfCgiToArray.
* (bug 25946) The message on the top of Special:RecentChanges is now displayed
in user language instead of content language.
* (bug 35264) Wrong type used for <ns> in export.xsd
* (bug 24985) Use $wgTmpDirectory as the default temp directory so that people
who don't have access to /tmp can specify an alternative.
* (bug 27283) SqlBagOStuff breaks PostgreSQL transactions.
* (bug 35727) mw.Api ajax() should put token parameter last.
* (bug 37708) mw.Uri.clone() should make a deep copy.
* (bug 38024) ResourceLoader should not create empty stylesheets for modules
that don't have stylesheets.
* (bug 36812) Special:ActiveUsers "Hide bots" should hide users from any group
having the "bot" user right, instead of just the default "bot" user group.
* (bug 35082) mw.util.addPortletLink incorrectly adds link to mutiple <ul> tags.
* (bug 36991) jquery.tablesorter should extract date sort format from date
string instead of global config. Dates like "April 1 2012" and "1 April 2012"
now sort correctly regardless of the content language's DefaultDateFormat.
* (bug 31895) mw.loader mode now correct when triggered from a $.fn.ready
handler that is bound before mediawiki.js's handler (e.g. browser-userscripts
like greasemonkey).
* (bug 38152) jquery.tablesorter: Use .data() instead of .attr(), so that live
values are used instead of just the fixed values from when the tablesorter
was initialized.
* (bug 38093) Gender of changed user groups missing in Special:Log/rights
* (bug 35893) Special:Block needs to load mediawiki.special.block.js.
* (bug 37331) ResourceLoader modules sometimes execute twice in Firefox
* (bug 31644) GlobalUsage, CentralAuth and AbuseLog extensions should not use
insecure links to foreign wikis in the WikiMap.
* (bug 36073) Avoid duplicate element IDs on File pages.
* (bug 25095) Special:Categories should also include the first relevant item
when "from" is filled.
* (bug 35526) jquery.tablesorter now uses a stable sort.
* (bug 38953) --memory-limit switch not working for runJobs.php.
* (bug 33037) Make subpage of Special:newfiles control how many files
are returned, like in previous versions.
* (bug 36524) "Show" options on Special:RecentChanges and
Special:RecentChangesLinked are now remembered between successive clicks.
* (bug 26069) Page title is no longer "Error" for all error pages.
* (bug 39297) Show warning if thumbnail of animated image will not be animated.
* (bug 38249) Parser will throw an exception instead of outputting gibberish if
PCRE is compiled without support for unicode properties.
* (bug 30390) Suggested file name on Special:Upload should not contain
illegal characters.
* EXIF below sea level GPS altitude data is now shown correctly.
* (bug 39284) jquery.tablesorter should not consider "."" or "?"" to be a
currency.
* (bug 39273) "Show changes" should not be incorrectly displayed in the Live
Preview state.
* Made body-content lang attribute honor the variant language when it is set.
* (bug 36761) "Mark pages as visited" now submits previously established filter
options.
* (bug 39635) PostgreSQL LOCK IN SHARE MODE option is a syntax error.
* (bug 36329) Accesskey tooltips for Firefox 14 on Mac should use "ctrl-option-"
prefix.
* (bug 32552) Drop unused database field cat_hidden from table category.
* (bug 24502) Do not allow multiple language links to the same language.
* (bug 40214) Category pages no longer use deprecated "width" HTML attribute.
* (bug 39941) Add missing stylesheets to the installer pages
* In HTML5 mode, allow new input element types values (such as color, range..)
* (bug 36151) mw.Title: Don't limit extension in title parsing.
* (bug 38158) jquery.byteLimit sometimes causes an unexpected 0 maxLength being
enforced.
* (bug 38163) jquery.byteLimit incorrectly limits input when using methods other
than basic per-char typing.
* (bug 34495) patrol log now credit the user patrolling (instead of patrolled
user).
* (bug 31676) ResourceLoader should work around IE stylesheet limit.
* (bug 40498) ResourceLoader should not output an empty "@media print { }"
block.
* (bug 40500) ResourceLoader should not ignore media-type for urls in debug
mode.
* (bug 40660) ResourceLoaderWikiModule should not convert " " to a space
for pages from the MediaWiki-namespace.
* (bug 40329) (bug 40632) Removed CleanupPresentationalAttributes feature.
=== API changes in 1.20 ===
* (bug 34316) Add ability to retrieve maximum upload size from MediaWiki API.
* (bug 34313) MediaWiki API intro message about "HTML format" should mention
the format parameter.
* (bug 32384) Allow descending order for list=watchlistraw.
* (bug 31883) Limit of bkusers of list=blocks and titles of action=query is
not documented in API help.
* (bug 32492) API now allows editing using pageid.
* (bug 32497) API now allows changing of protection level using pageid.
* (bug 32498) API now allows comparing pages using pageids.
* (bug 30975) API import of pages with invalid characters in this wiki leads to
Fatal Error.
* (bug 30488) API now allows listing of backlinks/embeddedin/imageusage per
pageid.
* (bug 34927) Output media_type for list=filearchive.
* (bug 28814) add properties to output of action=parse.
* (bug 33224) add variants of content language to meta=siteinfo.
* (bug 32643) action=purge with forcelinkupdate no longer crashes when ratelimit
is reached.
* The paraminfo module now also contains result properties for most modules.
* (bug 32348) Allow descending order for list=alllinks.
* (bug 31777) Upload unknown error ``fileexists-forbidden''.
* (bug 32382) Allow descending order for list=iwbacklinks.
* (bug 32381) Allow descending order for list=backlinks, list=embeddedin and
list=imageusage.
* (bug 32383) Allow descending order for list=langbacklinks.
* API meta=siteinfo can now return the list of known variable IDs.
* (bug 35980) list=deletedrevs now honors drdir correctly in "all" mode
(mode #3).
* (bug 29290) API avoids mangling fields in continuation parameters
* (bug 36987) API avoids mangling fields in continuation parameters
* (bug 30836) siteinfo prop=specialpagealiases will no longer return nonexistent
special pages
* (bug 38190) Add "required" flag to some token params for hint in api docs.
* (bug 27567) Add file repo support to prop=duplicatefiles.
* (bug 27610) Add archivename for non-latest image version to list=filearchive
* (bug 38231) Add xml parse tree to action=parse.
* Watchlist notification timestamp may be queried by page and may be updated via
the API.
* (bug 38904) prop=revisions&rvstart=... no longer blows up when continuing.
* (bug 39032) ApiQuery generates help in constructor.
* (bug 11142) Improve file extension blacklist error reporting in API upload.
* (bug 39665) List of query generators is now not built using reflection,
instead it is defined in code.
* (bug 35993) Deprecated gettoken parameter - support will be removed in 1.22.
=== Languages updated in 1.20 ===
MediaWiki supports over 350 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Bugzilla reports.
* Emilian (egl) added.
* Tornedalen Finnish (fit) added.
* Mizo (lus) added.
* Santali (sat) added.
* (bug 34192) Namespace gender aliases for Albanian languages (sq & aln).
* (bug 35541) Namespace gender aliases for Croatian (hr).
* (bug 36012) Space in $separatorTransformTable should be non-breaking in
Portuguese, Esperanto and Udmurt.
* Turoyo (tru) added.
* Cyrillic-Latin language converter added for Uzbek (uz).
=== Other changes in 1.20 ===
* The user_token field is now left empty until a user attempts to login and
cookies need to be set. It is also now possible to reset every user's
user_token simply by clearing the values in the user_token column.
* Removed ./tests/qunit/index.html from core. It wasn't actively maintained and
has been made obsolete when [[Special:JavaScriptTest/qunit]] was introduced,
which actually uses ResourceLoader, LocalSettings and the Skin.
* Removed $wgDBtransactions global. This was only checked in one class
and only applies to MyISAM or similar DBs. Those should only be used
for archived sites anyway. We can't get edit conflicts on such sites,
so the WikiPage code wasn't useful there either.
* Deprecated mw.user.name in favour of mw.user.getName.
* Deprecated mw.user.anonymous in favour of mw.user.isAnon.
* Deprecated DatabaseBase functions newFromParams(), newFromType(), set(),
quote_ident(), and escapeLike() were removed.
* Use of __DIR__ instead of dirname( __FILE__ ).
* OutputPage::wrapWikiMsg() no longer supports the 'options' parameter. It was
not used and complicated migration to Message class.
* Live preview functionality has been improved and moved into the
'mediawiki.action.edit.preview' module. The old 'mediawiki.legacy.preview'
module has been removed.
* (bug 40448) Removed mediawiki.legacy.mwsuggest module, and removed the
following that has become obsolete:
- globals $wgEnableMWSuggest and $wgMWSuggestTemplate.
- mw.config.values wgMWSuggestTemplate and wgSearchNamespaces.
- method SearchEngine::getMWSuggestTemplate().
== MediaWiki 1.19 ==
== MediaWiki 1.19.24 ==
This is a security and maintenance release of the MediaWiki 1.19 branch.
=== Changes since 1.19.23 ===
* ({{bug|T85848}}, {{bug|T71210}}) SECURITY: Don't parse XMP blocks that
contain XML entities, to prevent various DoS attacks.
* ({{bug|T88310}}) SECURITY: Always expand xml entities when checking SVG's.
* ({{bug|T73394}}) SECURITY: Escape > in Html::expandAttributes to prevent XSS.
* ({{bug|T85855}}) SECURITY: Don't execute another user's CSS or JS on preview.
* ({{bug|T85349}}, {{bug|T85850}}, {{bug|T86711}}) SECURITY: Multiple issues
fixed in SVG filtering to prevent XSS and protect viewer's privacy.
== MediaWiki 1.19.23 ==
This is a security and maintenance release of the MediaWiki 1.19 branch.
=== Changes since 1.19.22 ===
* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which
could lead to xss. Permission to edit MediaWiki namespace is required to
exploit this.
* (bug T74222) The original patch for T74222 was reverted as unnecessary.
* Add missing $ in front of variable in OutputPage.php
== MediaWiki 1.19.22 ==
This is a security and maintenance release of the MediaWiki 1.19 branch.
=== Changes since 1.19.21 ===
* ({{bug|66776}}, {{bug|71478}}) SECURITY: User PleaseStand reported a way to
inject code into API clients that used format=php to process pages that
underwent flash policy mangling. This was fixed along with improving how the
mangling was done for format=json, and allowing sites to disable the mangling
using $wgMangleFlashPolicy.
* ({{bug|72222}}) SECURITY: Do not show log action when the entry is revdeleted
with DELETED_ACTION. NOTICE: this may be reverted in a future release pending a
public RFC about the desired functionality. This issue was reported by user
Bawolff.
* ({{bug|71621}}) Make allowing site-wide styles on restricted special pages a
config option.
* $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that
might be a flash policy directive configurable.
== MediaWiki 1.19.21 ==
This is a maintenance release of the MediaWiki 1.19 branch.
=== Changes since 1.19.20 ===
* (bug 67440) Allow classes to be registered properly from installer.
* (bug 47281) Fixed a dumpBackup.php error with --uploads
--include-filesoptions: Unable to find the wrapper "mwstore".
* System administrators are encouraged to upgrade to this release or 1.22+ and
produce a full data dump.
https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Backing_up_a_wiki
* (bug 63049) Removed anonymous functions from ApiFormatBase, added in1.19.13 as
part of the fix for bug 61362, for PHP 5.2 compatibility.
== MediaWiki 1.19.20 ==
This is a security release of the MediaWiki 1.19 branch.
=== Changes since 1.19.19 ===
* (bug 70672) SECURITY: OutputPage: Remove separation of css and js module
allowance.
== MediaWiki 1.19.19 ==
This is a security release of the MediaWiki 1.19 branch.
=== Changes since 1.19.18 ===
* (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style>
elements; normalize style elements and attributes before filtering; add checks
for attributes that contain css; add unit tests for html5sec and reported
bugs.
== MediaWiki 1.19.18 ==
This is a security release of the MediaWiki 1.19 branch.
=== Changes since 1.19.17 ===
* (bug 68187) SECURITY: Prepend jsonp callback with comment.
* (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and
ParserOutput.
== MediaWiki 1.19.17 ==
This is a security and maintenance release of the MediaWiki 1.19 branch.
=== Changes since 1.19.16 ===
* (bug 65839) SECURITY: Prevent external resources in SVG files.
* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like
only extracting the tail of the file partially or not at all.
== MediaWiki 1.19.16 ==
This is a security release of the MediaWiki 1.19 branch.
=== Changes since 1.19.15 ===
* (bug 65501) SECURITY: Don't parse usernames as wikitext on
Special:PasswordReset.
== MediaWiki 1.19.15 ==
This is a security and maintenance release of the MediaWiki 1.19 branch.
=== Changes since 1.19.14 ===
Fixed resetting passwords.
* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to
appear blank or with missing text.
== MediaWiki 1.19.14 ==
This is a security and maintenance release of the MediaWiki 1.19 branch.
=== Changes since 1.19.13 ===
* (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword.
* (bug 62467) Set a title for the context during import on the cli.
== MediaWiki 1.19.13 ==
This is a security and maintenance release of the MediaWiki 1.19 branch.
=== Changes since 1.19.12 ===
* (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.
* Use the correct branch of the extensions' git repositories.
== MediaWiki 1.19.12 ==
This is a security release of the MediaWiki 1.19 branch.
=== Changes since 1.19.11 ===
* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted
namespaces. Also disallow iframe elements. * User will get an error including
the namespace name if they use a non- whitelisted namespace.
* (bug 61346) SECURITY: Make token comparison use constant time. It seems like
our token comparison would be vulnerable to timing attacks. This will take
constant time.
== MediaWiki 1.19.11 ==
This is a security release of the MediaWiki 1.19 branch.
=== Changes since 1.19.10 ===
* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media
formats
== MediaWiki 1.19.10 ==
This is a security release of the MediaWiki 1.19 branch.
=== Changes since 1.19.9 ===
* (bug 57550) SECURITY: Disallow stylesheets in SVG Uploads
* (bug 58088) SECURITY: Don't normalize U+FF3C to \ in CSS Checks
* (bug 58472) SECURITY: Disallow -o-link in styles
* (bug 58553) SECURITY: Return error on invalid XML for SVG Uploads
* (bug 58699) SECURITY: Fix RevDel log entry information leaks
== MediaWiki 1.19.9 ==
This is a security and maintenance release of the MediaWiki 1.19 branch.
=== Changes since 1.19.8 ===
* (bug 53032) SECURITY: Don't cache when a call could autocreate
* (bug 55332) SECURITY: Improve css javascript detection
* (bug 49717) Fix behaviour $wgVerifyMimeType = false; in Upload
* Translations
== MediaWiki 1.19.8 ==
2013-09-03
This is a security and maintenance release of the MediaWiki 1.19 branch.
=== Changes since 1.19.7 ===
* SECURITY: Sanitize ResourceLoader exception messages
* SECURITY: Token-getting functions will fail when using jsonp callbacks.
* SECURITY: Fix extension detection with 2 .'s
* Allow a string other than '*' as condition for DatabaseBase::delete()
* Purge upstream caches when deleting file assets.
* jquery.tablesorter: Add missing dependency on jquery.mwExtension
== MediaWiki 1.19.7 ==
2013-05-21
This is a security release of the MediaWiki 1.19 branch
=== Changes since 1.19.6 ===
* (bug 48306) SECURITY: Run file validation checks on chunked uploads, and
chunks of upload, during the upload process.
== MediaWiki 1.19.6 ==
2013-04-30
This is a security and maintenance release of the MediaWiki 1.19 branch
=== Changes since 1.19.5 ===
* (bug 47304) SECURITY: Check SVG xml encoding against whitelist
* (bug 46590) Added AbortChangePassword hook to allow extensions to abort
password changes from Special:ChangePassword
* Localisation updates from http://translatewiki.net.
* mwdocgen.php: Implement --version option.
* Remove svnstat stuff used in Doxygen generation
* E_USER_DEPRECATED undefined prior to php 5.3
== MediaWiki 1.19.5 ==
2013-04-15
This is a security and maintenance release of the MediaWiki 1.19 branch
=== Changes since 1.19.4 ===
* (bug 47251) SECURITY: Disable external entities in Import
* (bug 46859) SECURITY: Disable external entities in XMLReader
* (bug 46084) SECURITY: Sanitize $limitReport before outputting
* (bug 43594) Fix notices displayed on PHP 5.4
* (bug 40585) Don't drop 'step="any"' in HTML input fields.
== MediaWiki 1.19.4 ==
2013-03-04
This is a security release of the MediaWiki 1.19 branch
=== Changes since 1.19.3 ===
* New preference type - 'api'. Preferences of this type are not shown on
Special:Preferences, but are still available via the action=options API.
* (bug 44010) Context is passed to UserGetLanguageObject.
* The recursion guard on RequestContext::getLanguage() was weakened.
* (bug 44135/bug 42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST
* (bug 43518) API action=unblock should return the user name, not the full user
object
== MediaWiki 1.19.3 ==
2012-11-30
This is a security release of the MediaWiki 1.19 branch
=== Changes since 1.19.2 ===
* (bug 40995) Prevent session fixation in Special:UserLogin (CVE-2012-5391)
* (bug 41400) Prevent linker regex from exceeding PCRE backtrack limit
* Increase permitted runtime for testParserTest (only used for continuous
integration).
* Updated messages translations from http://translatewiki.net/
== MediaWiki 1.19.2 ==
This is a security release of the MediaWiki 1.19 branch
=== Changes since 1.19.1 ===
* (bug 39700) File: link to non-existing file can inject html
* (bug 39823) Hidden block text leaking to admins
* (bug 39184) LDAP password leakage
* (bug 39180) Disallow framing of api results
* (bug 37587) Enforce language codes to be html safe
* (bug 39824) Check global blocks on account creation
== MediaWiki 1.19 ==
MediaWiki 1.19 is a large release that contains many new features and bug
fixes. This is a summary of the major changes of interest to users.
You can consult the RELEASE-NOTES-1.19 file for the full list of changes in
this version.
Our thanks go to everyone who helped to improve MediaWiki by testing the beta
release and submitting bug reports.
=== Changes since 1.19.1 ===
* (bug 38406) Properly quote table names in DatabaseBase::tableName()
* (bug 38249) Parser will throw an exception instead of outputting gibberish if
PCRE is compiled without support for unicode properties.
=== Changes since 1.19.0 ===
* (bug 36568) Fixed "Illegal string offset 'LIMIT'" warnings in updater
* (bug 36938) Correctly escape uselang attribute to prevent xss
* Expanded Blacklist for SVG Files
=== Changes since 1.19 beta 2 ===
* Special:Watchlist no longer sets links to feed when the user is anonymous.
* (bug 35961) Hash comparison should always be strict.
* Fix broken email confirmation expiration caused by MWCryptRand changes.
* (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php
on line 598.
* (bug 36042) 'show' causes a fatal in blocks API.
=== Changes since 1.19 beta 1 ===
* (bug 35014) Including a special page no longer sets the page's title to the
included page
* (bug 35019) Edit summaries are no longer transformed in notification e-mails
* (bug 35152) Help message for e-mail is shown again in user preferences
* (bug 34887) $3 and $4 parameters are now substituted correctly in message
"movepage-moved"
* (bug 34841) Edit links are no longer displayed when display old page versions
* (bug 34889) User name should be normalized on Special:Contributions
* (bug 35051) If heading has a trailing space after == then its name is not
preloaded into edit summary on section edit
* (bug 31417) New ID mw-content-text around the actual page text, without
categories, contentSub, ... The same div often also contains the class
mw-content-ltr/rtl.
* (bug 35303) Proxy and DNS blacklist blocking works again
* (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in
core parser functions which operate on strings, such as padleft.
* (bug 18295) Don't expose strip markers when a tag appears inside a link
inside a heading.
* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token
parameter present.
* (bug 34907) Fixed exposure of tokens through load.php that could have
facilitated CSRF attacks.
* (bug 35317) CSRF in Special:Upload.
=== Configuration changes in 1.19 ===
* Removed SkinTemplateSetupPageCss hook; use BeforePageDisplay instead.
* (bug 27132) movefile right granted by default to registered users.
* Default cookie lifetime ($wgCookieExpiration) is increased to 180 days.
* (bug 31204) Removed old user.user_options.
* $wgMaxImageArea now applies to jpeg files if they are not scaled with
ImageMagick.
* Introduced $wgQueryPageDefaultLimit (defaults to 50) for the number of
items to show by default on query pages (special pages such as Whatlinkshere).
* (bug 32470) Increase the length of ug_group.
* (bug 32239) Removed $wgEnableTooltipsAndAccesskeys.
* Removed $wgVectorShowVariantName.
* Removed $wgExtensionAliasesFiles. Use $wgExtensionMessagesFiles.
* Removed $wgResourceLoaderInlinePrivateModules , now always enabled.
=== New features in 1.19 ===
* (bug 19838) Add ability to get all interwiki prefixes also if the interwiki
cache is used.
* $wgDnsBlacklistUrls now accepts an array with url and key as the
elements to work with DNSBLs that require keys, such as
Project Honeypot.
* (bug 30022) Add support for custom loadScript sources to ResourceLoader.
* (bug 19052) Unicode space separator characters (Zs) now terminates external
links and images links.
* (bug 30160) Add public method to mw.loader to get module names from registry.
* (bug 15558) Parameters to special pages included in wikitext can now be passed
as with templates.
* Installer now issues a warning if mod_security is present.
* (bug 29455) Add support for a filter callback function in jQuery byteLimit
plugin.
* Added two new GetLocalURL hooks to better serve extensions working on a
limited type of titles.
* Added a --no-updates flag to importDump.php that skips updating the links
tables.
* Most presentational html attributes like valign are now converted to inline
css style rules. These attributes were removed from html5 and so we clean
them up when $wgHtml5 is enabled. This can be disabled using
$wgCleanupPresentationalAttributes.
* Magic words (time and number-formatting ones, plus DIRECTIONMARK, but not
NAMESPACE) now depend on the page content language instead of the site
language. In theory this sets the right magic words in system messages,
although they are not used there.
* (bug 30451) Add page_props to RefreshLinks::deleteLinksFromNonexistent.
* (bug 30450) Clear page_props table on page deletion.
* Hook added to check for exempt from account creation throttle.
* (bug 30344) Add configuration variable for setting custom priorities when
generating sitemaps.
* (bug 96170) Add array support for space-separated list attributes (like
'class') in the Html helper class.
* (bug 26470) Add checkered background image on hover on files pages.
* (bug 30774) mediawiki.html: Add support for numbers and booleans in the
attribute values and element contents.
* Conversion script between Tifinagh and Latin for the Tachelhit language.
* (bug 16755) Add options 'noreplace' and 'noerror' to {{DEFAULTSORT:...}}
to stop it from replace an already existing default sort, and suppress error.
* (bug 18578) Rewrote revision delete related messages to allow better
localisation.
* (bug 30364) LanguageConverter now depends on the page content language
instead of the wiki content language.
* Jump links will now be usable in CSS-capable browsers instead of only
in outdated text browsers.
* New common*.css files usable by skins instead of having to copy piles
of generic styles from MonoBook or Vector's css.
* Some deprecated presentational html attributes will now be automatically
converted to css.
* (bug 31297) Add support for namespaces in Special:RecentChanges subpage filter
syntax.
* The default user signature now contains a talk link in addition to the user
link.
* (bug 25306) Add link of old page title to MediaWiki:Delete_and_move_reason.
* Added hook BitmapHandlerCheckImageArea.
* (bug 30062) Add $wgDBprefix option to cli installer.
* getUserPermissionsErrors and getUserPermissionsErrorsExpensive hooks are now
also called when checking for 'read' permission.
* Introduce $wgEnableSearchContributorsByIP which controls whether searching
for an IP address redirects to the contributions list for that IP.
* (bug 8859) Database::update should take array of tables too.
* (bug 19698) Add "Inverse namespaces" option to Special:Contributions.
* (bug 24037) Add byte length of revision to Special:Contributions.
* (bug 1672) Added $wgDisableUploadScriptChecks to allow uploading of files
containing HTML or JS. DISABLING THESE CHECKS IS VERY DANGEROUS.
* New path mappings can be added using the WebRequestPathInfoRouter hook
and adding paths to the PathRouter.
* (bug 32666) Special:ActiveUsers now allows a subpage to be used as value for
the "target" query parameter (eg. Special:ActiveUsers/Username).
* New JavaScript variable wgPageContentLanguage.
* Added new debugging toolbar, enabled with $wgDebugToolbar.
* Differences in the history page now uses slightly better colors for people
perceiving colors differently.
* (bug 32879) Upgrade jQuery to 1.7.1.
* jQuery UI upgraded to 1.8.17.
* Extensions can use the 'Language::getMessagesFileName' hook to define new
languages using messages files outside of core.
* (bug 32512) Add 'Associated namespace' checkbox to Special:Contributions.
* Added $wgSend404Code, true by default, which can be set to false to send a
200 status code instead of 404 for nonexistent articles.
* (bug 33447) Link to the broken image tracking category from
Special:Wantedfiles.
* (bug 27724) Add timestamp to job queue.
* (bug 30339) Implement SpecialPage for running javascript tests. Disabled by
default, due to tests potentially being harmful, not to be run on a production
wiki. Enable by setting $wgEnableJavaScriptTest to true.
* Extensions can use the RequestContextCreateSkin hook to override what skin is
loaded in some contexts.
* (bug 33456) Show $wgQueryCacheLimit on cached query pages.
* (bug 10574) Add an option to allow all pages to be exported by Special:Export.
* mediawiki.js Message object constructor is now publicly available as
mw.Message.
* (bug 29309) Allow CSS class per tooltip (tipsy).
* (bug 33565) Add accesskey/tooltip to submit buttons on Special:EditWatchlist.
* (bug 17959) Inline rendering/thumbnailing for Gimp XCF images.
* (bug 27775) Namespace has it's own XML tag in the XML dump file.
* (bug 30513) Redirect tag is now resolved in XML dump file.
* sha1 xml tag added to XML dump file.
* (bug 33646) Badtitle error page now emits a 400 HTTP status.
* Special:MovePage now has a dropdown menu for namespaces.
* (bug 34420) Special:Version now shows git HEAD sha1 when available.
* (bug 33952) Refactor mw.toolbar to allow dynamic additions at any time.
=== Bug fixes in 1.19 ===
* $wgUploadNavigationUrl should be used for file redlinks if.
$wgUploadMissingFileUrl is not set. The first was used for this
until the second was introduced in 1.17.
* BREAKING CHANGE: Style rules for wikitable are now more specific and prevent
inheritance to nested tables which caused various issues (bug 30485 and bug
33434). If your wiki has overridden rules for ".wikitable", please revise them
and adjust where necessary. For comparison, use the "table.wikitable" section
in skins/common/shared.css as base.
* $wgUploadNavigationUrl is now used for file redlinks if
$wgUploadMissingFileUrl is not set. The former was used for this until the
second was introduced in 1.17.
* (bug 27894) Move 'editondblclick' event listener down from body to
div#bodyContent.
* (bug 30172) The check for posix_isatty() in maintenance scripts did not detect
when the function exists but is disabled. Introduced
Maintenance::posix_isatty().
* (bug 30264) Changed installer-generated LocalSettings.php to use
require_once() instead require() for included extensions.
* Do not convert text in the user interface language to another script.
* (bug 26283) Previewing user JS/CSS pages didn't load other user JS/CSS pages.
* (bug 26486) ResourceLoader modules with paths to nonexistent files cause PHP
warnings/notices to be thrown.
* (bug 30335) Fix for HTMLForms using GET that were breaking when non-friendly
URLs are used.
* (bug 28649) Preventing half truncated multi-byte unicode characters when
truncating log comments.
* Show --batch-size option in help of maintenance scripts that support it.
* (bug 4381) Magic quotes cleaning was not comprehensive, key strings were not
unescaped.
* (bug 23057) Importers no longer can 'edit' or 'create' a fully-protected page
by importing a new revision into it.
* Allow moving the associated talk pages of subpages even if the base page
has no subpage.
* Per page edit-notices now work in namespaces without subpages enabled.
* (bug 31081) $wgEnotifUseJobQ is no longer unconditionally enqueueing jobs.
* (bug 30202) File names are now restricted on upload to 240 bytes, because of
restrictions on some of the database fields.
* Timezones are now recognised in user preferences when offset is different
due to DST.
* (bug 31692) "summary" parameter now also works when undoing revisions.
* (bug 18823) "move succeeded" text displayed bluelinks even when redirect was
suppressed.
* (bug 19186) Special:UserLogin's title on Special:SpecialPages now says
"create account" when the user cannot create an account.
* (bug 31818) 'usercreated' message now supports GENDER.
* (bug 32022) Our phpunit.php script can now be executed from another directory.
* (bug 26020) Setting $wgEmailConfirmToEdit to true no longer removes diffs
from recent changes feeds.
* (bug 30232) add current time to message wlnote on Special:Watchlist.
* (bug 29110) $wgFeedDiffCutoff did not affect new pages.
* (bug 32168) Add wfRemoveDotSegments for use in wfExpandUrl.
* (bug 32358) Do not display "No higher resolution available" for dimensionless
files (like audio files).
* (bug 32168) Add wfAssembleUrl for use in wfExpandUrl.
* (bug 32168) fixed - wfExpandUrl expands dot segments now.
* (bug 31535) Upload comments now truncated properly, and don't have brackets.
* (bug 32086) Special:PermanentLink now shows an error message when no subpage
was specified.
* (bug 30368) Special:Newpages now shows the new page name for moved pages.
* (bug 1697) The way to search blocked usernames in block log should be clearer.
* (bug 29747) eAccelerator shared memory caching has been removed since it is
now disabled by default and is buggy. APC, XCache and WinCache are not
affected.
* Installer now refuses to install if php was not compiled with Ctype support.
* (bug 29475) Remove "trackback" feature entirely from core.
* (bug 32665) Special:BlockList prefills the username in the input field if
using the Special:BlockList/username URL.
* (bug 27721) Make JavaScript variables wgSeparatorTransformTable and
wgDigitTransformTable depend on page content language so the sort script
sorts correctly more often.
* (bug 32230) Expose wgRedirectedFrom in JavaScript.
* (bug 31212) History tab not collapsed when the screen is narrow.
* (bug 15521) Use new section summary when the action of adding a new section
also happens to create the page.
* (bug 32960) Remove EmailAuthenticationTimestamp from database when a
email address is removed.
* (bug 32414) Empty page get a empty bytes attribute in Export/Dump.
* (bug 33101) Viewing a User or User talk of username resembling IP ending
with .xxx causes Internal error.
* Warning about undefined index in certain situations when $wgLogRestrictions
causes the first log type requested to be removed but not the others.
* Use separate message ('prefixindex-namespace') for title of
Special:PrefixIndex rather then re-using Special:AllPages's allinnamespace.
* (bug 33156) Special:Block now allows you to confirm you want to block yourself
when using non-normalized username.
* (bug 33246) News icon shown for news:// URLs but not for news: URLs.
* (bug 33305) Make mw.util.addCSS resistant to IE's @font-face bug by setting
cssText after DOM insertion.
* (bug 30711) When adding a new section to a page with section=new, the text is
now always added to the current version of the page.
* (bug 31719) Fix uploads of SVGs exported by Adobe Illustrator by expanding
XML entities correctly.
* (bug 30914) Embeddable ResourceLoader modules (user.options, user.tokens)
should be loaded in <head> for proper dependency resolution.
* (bug 32702) Removed method Skin::makeGlobalVariablesScript() has been readded
for backward compatibility.
* (bug 31469) Make sure tracking category messages expand variables like
{{NAMESPACE}} relative to correct title.
* (bug 33454) ISO-8601 week-based year number (format character 'o') is now
calculated correctly with respect to timezone.
* (bug 32219) InstantCommons now fetches content from Wikimedia Commons using
HTTPS when the local wiki is served over HTTPS.
* (bug 33525) clearTagHooks doesn't clear function hooks.
* (bug 33523) Function tag hooks don't appear on Special:Version.
* Files with IPTC blocks we can't read no longer prevent extraction of exif
or other metadata.
* (bug 33587) Remove action "historysubmit" from history pages.
* (bug 25800) mw.config wgAction should contain the actually performed action
instead of whatever the query value contains.
* (bug 4438) Add CSS hook for current WikiPage action.
* (bug 33703) Common border-bottom color for <abbr> should inherit default
(text) color.
* (bug 33819) Display file sizes in appropriate units.
* (bug 32948) {{REVISIONID}} and related variables are no longer blank after
doing a null edit.
* (bug 33880) $wgUsersNotifiedOnAllChanges should not send e-mail to user who
made the edit.
* (bug 33902) Decoding %2B with mw.Uri.decode results in ' ' instead of +.
* (bug 33762) QueryPage-based special pages no longer misses *-summary message.
* Other sizes links are no longer generated for wikis without a 404 thumbnail
handler.
* (bug 29454) Enforce byteLimit for page title input on Special:MovePage.
* (bug 34114) CSSMin::remap() doesn't respect its $embed parameter.
* Special:Contributions/newbies now shows the contributions for the user
"newbies". New user contributions are obtained using the form or using
?contribs=newbie in URL.
* It is now possible to delete images that have no corresponding description
pages.
* (bug 33165) GlobalFunctions.php line 1312: Call to a member function
getText() on a non-object.
* (bug 31676) Group dynamically inserted CSS into a single <style> tag, to work
around a bug where not all styles were applied in Internet Explorer.
* (bug 28936, bug 5280) Broken or invalid titles can't be removed from
watchlist.
* (bug 34600) Older skins using useHeadElement=false were broken in 1.18.
* (bug 34604) [mw.config] wgActionPaths should be an object instead of a numeral
array.
* (bug 12262) Indents and lists are now aligned
* (bug 29753) mw.util.tooltipAccessKeyPrefix should be alt-shift for Chrome
on Windows
* (bug 25095) Special:Categories should also include the first relevant item
when "from" is filled.
* (bug 34972) An error occurred while changing your watchlist settings for
[[Special:WhatLinksHere/Example]]
=== API changes in 1.19 ===
* Made action=edit less likely to return "unknownerror", by returning the actual
error message (which may have come from a hook call or similar).
* (bug 19838) siprop=interwikimap can now use the interwiki cache.
* (bug 29748) Add API search prefix support.
* (bug 29684) Set forgotten parameter types in ApiQueryIWLinks.
* (bug 29685) do not output NULL parentid with list=deletedrevs&drprop=parentid.
* siprop=interwikimap and siprop=languages can use silanguagecode to have
a best effort language name translation. Use CLDR extension for best result.
* (bug 30230) action=expandtemplates should not silently override invalid title
inputs.
* (bug 18634) Create API to fetch MediaWiki's language fallback tree structure.
* (bug 26885) Allow show/hide of account blocks, temporary blocks and single IP
address blocks for list=blocks.
* (bug 30591) Add support to only return keys in ApiAllMessages.
* The API now respects $wgShowHostnames and won't share the hostname in
servedby if it's set to false.
* wlexcludeuser parameter added to ApiFeedWatchlist.
* (bug 7304) Links on redirect pages no longer cause the redirect page to show
up as a redirect to the linked page on Special:Whatlinkshere.
* (bug 32609) API: Move captchaid/captchaword of action=edit from core
to Captcha extension(s).
* Added 'APIGetDescription' hook.
* (bug 32688) Paraminfo for parameter "generator" of the query module shows too
many types.
* (bug 32415) Empty page get no size attribute in API output.
* (bug 31759) Undefined property notice in querypages API.
* (bug 32495) API should allow purge by pageids.
* (bug 33147) API examples should explain what they do.
* (bug 33482) Api incorrectly calls ApiBase::parseMultiValue if allowed
values is given as an array.
* (bug 32948) {{REVISIONID}} and related variables are no longer blank after
calling action=purge&forcelinkupdate.
* (bug 34377) action=watch now parses messages using the correct title instead
of "API".
* (bug 35036) WikiLove messages were not automatically updated in JavaScript
after having been changed on-wiki due to a bug in core
=== Languages updated in 1.19 ===
MediaWiki supports over 350 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Bugzilla reports.
* Canadian English (en-ca) (new).
* Norwegian (bokmål) (nb) (renamed from no).
* Uighur (Latin) (ug-latn) was incorrectly marked as right-to-left language.
* (bug 30217) Make pt-br a fallback of pt.
* (bug 31193) Set fallback language of Assamese from Bengali to English.
* Update date format for dsb and hsb: month names need the genitive.
* (bug 28643) Serbian variant conversion improvements (Nikola Smolenski).
* (bug 29405, bug 30809) Lower diacritics are invisible in titles in Indic
languages Assamese, Bengali, Hindi, Malyalam and Odiya.
* (bug 32826) Titles in indic languages are partially cut.
* (bug 33367) Gendered namespaces for Czech.
* (bug 33014) Language::formatSize()/formatBitrate() should be able to deal
with larger numbers (tera-yotta).
=== Other changes in 1.19 ===
* BREAKING CHANGE: Legacy global array 'ta' and global function 'akeytt' have
been removed from wikibits.js.
* jquery.mwPrototypes module was renamed to jquery.mwExtension.
* The maintenance script populateSha1.php was renamed to the more concise
populateImageSha1.php.
* The Client-IP header is no longer checked for when trying to resolve a
client's real IP address.
* (bug 22096) Although IE5.x and below was already unsupported officially,
stylesheets existing exclusively for IE5.0 and IE5.5 have now been removed
(which were in skins 'chick' and 'monobook').
* The constructor for CategoryView has changed, the second parameter is now a
Context source and is required.
* The Title::escape{Local,Full,Canonical}URL methods are deprecated, please use
proper html building methods to escape the normal get{...}URL methods instead.
* The $variant arguments in the Title::get{Local,Full,Link,Canonical}URL methods
have been replaced with a secondary query argument.
* The $variant argument in the hooks for the
Title::get{Local,Full,Link,Canonical}URL methods have been removed, the
variant is now part of the $query argument.
* Removed Title::isValidCssJsSubpage(), deprecated since 1.17 in favor of
using Title::isCssJsSubpage() or checking Title::isWrongCaseCssJsPage().
* Support for the deprecated hook MagicWordMagicWords was removed.
* The Xml::namespaceSelector method has been deprecated, please use
Html::namespaceSelector instead (note that the parameters have changed also).
* (bug 33746) Preload popular ResourceLoader modules (mediawiki.util) as
stop-gap for scripts missing dependencies.
New configuration variable $wgPreloadJavaScriptMwUtil has been introduced for
this (set to false by default for new installations). Set to true if your wiki
has a large amount of user/site scripts that are lacking dependency
information. In the short to medium term these user/site scripts should be
fixed by adding the used modules to the dependencies in the module registry
and/or wrapping them in a callback to mw.loader.using.
== MediaWiki 1.18 ==
== MediaWiki 1.18.6 ==
2012-11-29
This is a maintenance and security release of the MediaWiki 1.18 branch
=== Changes since 1.18.5 ===
* ([[bugzilla:40995|bug 40995]]) Prevent session fixation in Special:UserLogin
(CVE-2012-5391)
* ([[bugzilla:41400|bug 41400]]) Prevent linker regex from exceeding PCRE
backtrack limit
* Localisation updates
* Increase permitted runtime for testParserTest
* ([[bugzilla:36179|bug 36179]]) Unquote 'null' for PostgreSQL.
== MediaWiki 1.18.5 ==
2012-08-30
This is a security release of the MediaWiki 1.18 branch
=== Changes since 1.18.4 ===
* (bug 39700) File: link to non-existing file can inject html
* (bug 39823) Hidden block text leaking to admins
* (bug 39184) LDAP password leakage
* (bug 39180) Disallow framing of api results
* (bug 37587) Enforce language codes to be html safe
* (bug 39824) Check global blocks on account creation
== MediaWiki 1.18.4 ==
2012-06-12
This is a security release of the MediaWiki 1.18 branch.
=== Changes since 1.18.3 ===
* (bug 36938) Correctly escape uselang attribute to prevent xss
* Expanded Blacklist for SVG Files
== MediaWiki 1.18.3 ==
2012-04-25
This is a maintenance release of the MediaWiki 1.18 branch.
=== Changes since 1.18.2 ===
* (bug 35446) Using "{{nse:}}" with an invalid namespace name no longer throws
a PHP warning.
* (bug 35567) The whole password reminder e-mail is now sent in the same
language.
* (bug 35961) Hash comparison should always be strict.
* (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php
on line 598.
* Fix broken email confirmation expiration caused by MWCryptRand changes.
== MediaWiki 1.18.2 ==
2012-03-21
This is a maintenance and security release of the MediaWiki 1.18 branch.
=== Changes since 1.18.1 ===
* (bug 33686) could not get a list of contributors for an article when using
a SQLite database.
* (Bug 33865) Exception thrown in action=parse when attempting to use the title
parameter without setting the text parameter.
* UserMailer could potentially throw a fatal error when a MailAddress object had
an empty email address.
* (Bug 33087) Exchange server rejected mail sent by MediaWiki
* (bug 34528) Edit section tooltips show correction section name again
* (bug 34246) MediaWiki:Whatlinkshere-summary message is displayed again in
Special:Whatlinkshere
* (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in
core parser functions which operate on strings, such as formatnum.
* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token
parameter present.
* (bug 34907) Fixed exposure of tokens through load.php that could have
facilitated CSRF attacks.
* (bug 35317) CSRF in Special:Upload.
== MediaWiki 1.18.1 ==
2012-01-11
This a maintenance and security release of the MediaWiki 1.18 branch.
=== Changes since 1.18.0 ===
* (bug 32712) Fix for search indexing of pages with certain unicode chars
following URL.
* (bug 3901) Lang, hreflang attribs added to sidebar interlanguage links for
screen readers.
* (bug 30774) mediawiki.html: Add support for numbers and booleans in the
attribute values and element contents.
* (bug 32473) [[Special:PasswordReset]] can not be used on private wiki.
* (bug 32853) Fixed CACHE_DBA object cache type.
* (bug 32786) Backward compatibility for extension using 1.17's
Database::newFromType().
* Fixed exception when using Special:WhatLinksHere on a Media: file.
* (bug 32709) Private Wiki users were always taken to Special:Badtitle on login.
* (bug 33240) Sort images are missing but referenced in css.
* (bug 31921) Magic words REVISIONDAY, REVISIONMONTH and REVISIONYEAR were
not showing their values on preview.
* (bug 32702) Removed method Skin::makeGlobalVariablesScript() has been readded
for backward compatibility.
* (bug 30172) The check for posix_isatty() in maintenance scripts did not detect
when the function exists but is disabled. Introduced
Maintenance::posix_isatty().
* (bug 33305) Make mw.util.addCSS resistant to IE's @font-face bug by setting
cssText after DOM insertion.
* (bug 29102) Upgrades no longer fail with the error "Unknown character set:
'mysql4'.
* (bug 25355) Parser generates edit section links for special pages.
* (bug 33321) Adding a line to MediaWiki:Sidebar that contains a pipe, but
doesn't have any pipes after being transformed by MessageCache, causes
exception on all pages.
* Fixed recentchanges FK violation on page delete and cache purge error in
updater for Oracle DB.
* (bug 33117) prop=revisions allows deleted text to be exposed through cache
pollution.
== MediaWiki 1.18.0 ==
2011-11-24
This is the first stable release of the MediaWiki 1.18 branch.
=== Summary of selected changes in 1.18 ===
Selected changes since MediaWiki 1.17 that may be of interest:
* Some of the more commonly used MediaWiki extensions are now included in the
release tarball. These extensions are ConfirmEdit, Gadgets, Nuke,
ParserFunctions, Renameuser, Vector and WikiEditor.
* Gender support has been improved, meaning user pages can display the correct
gender variant of "User" can now be used.
* MediaWiki can now detect the camera orientation of an image from the Exif
metadata, and can rotate the image thumbnail appropriately. Metadata support
has been generally improved, and can now extract IPTC and XMP metadata.
* Improved directionality support in 1.18 means that MediaWiki is better to use
for RTL users.
* MediaWiki now supports protocol - relative URLs in links, interwiki targets
and $wgServer
* Math support has been removed from core
=== Changes since 1.18.0rc1 ===
* (bug 32228) regression in Special:Search which did not conserve profile on
new search
* (bug 32460) Categories were improperly aligned in Simple and CologneBlue
* (bug 32412) TOC links on [[Special:EditWatchlist]] points to the fieldsets
* (bug 32582) Fix TOC show/hide link regression on IE 8
=== Changes since 1.18 beta 1 ===
* (bug 31886) Wrong titles redirecting to Special:Badtitle in the 1.18
deployment.
* (bug 32051) Fix description for wlprop=sizes.
* (bug 31913) Special:MostLinkedTemplates had an incorrect GROUP BY clause
under Microsoft SQL.
* (bug 32100) installer complains about suhosin GET limit.
* (bug 31933) fix 1.18 regression in Monobook sidebar: huge spacing between
portlets on IE 7 and IE 8/9 in compatibility view.
* (bug 32126) Fix 1.18 regression in watchlist editor when items already removed
from watchlist.
* (bug 32183) remove the client-* classes added from user-agent-sniffing onto
the <html> element.
* (bug 29912) Unit tests break if parsertest tables are still present.
* (bug 31694) During installation, tabbing order (cursor focus) goes to logo
instead of 'continue'.
* (bug 29102) Upgrade fails "Unknown character set: 'mysql4".
* (bug 31990) justify paragraphs pref adds extra space to category listing.
* (bug 20148) Better title for [[Special:Disambiguations]] page.
* (bug 31502) TOC is missing on Special:EditWatchlist.
* (bug 32256) API list=search stops at first invalid result.
* (bug 32047) jquery.tablesorter.js: thead is before caption.
* (bug 29854) Store protocol-relative links twice in the externallinks table,
one with http: in el_index and once with https.
* (bug 31822) Error during upgrade due to output buffer reset in stdout.
=== Configuration changes in 1.18 ===
* The WantedPages::getSQL hook has been removed and replaced with
WantedPages::getQueryInfo. This may break older extensions.
* The SkinTemplateBuildContentActionUrlsAfterSpecialPage,
SkinTemplateContentActions and SkinTemplateTabs hooks have been removed in
favor of SkinTemplateNavigation and SkinTemplateNavigation::SpecialPage.
* $wgUseCombinedLoginLink controls whether to output a combined
login / create account link in the personal bar, or to output separate login
and create account links.
* Skin names are no longer created based on a ucfirst version of the key in
$wgValidSkinNames but now the value. This means for
$wgValidSkinNames["monobook"] = "MonoBook"; the skin loader will no longer try
loading SkinMonobook and will instead load SkinMonoBook.
* $wgMaxUploadSize may now be set to an array to specify the upload size limit
per upload type.
* $wgAPICacheHelp added in 1.16 is now removed. To disable API help caching, set
$wgAPICacheHelpTimeout = 0;
* OutputPage::isUserJsAllowed() no longer returns false when scripts are allowed
by the page, but $wgAllowUserJs is set to false.
* Pure "Skin" class based custom skins are no longer supported, all custom skins
should be put together using SkinTemplate and BaseTemplate or QuickTemplate.
* The transliteration for passwords in case they were migrated from an old
Latin-1 install (previous to MediaWiki 1.5) is now only done for wikis with
$wgLegacyEncoding set.
* (bug 27508) Add $wgSVGMetadataCutoff to limit the maximum amount of an SVG we
look at when finding metadata to prevent excessive resource usage.
* $wgSysopUserBans and $wgSysopRangeBans (deprecated in 1.17) are now removed.
Use $wgBlockCIDRLimit = array( 'IPv4' => 43, 'IPv6' => 128 ) to achieve the
same functionality as $wgSysopRangeBans; you can use the BlockIp hook to
replicate $wgSysopUserBans functionality.
* The options on the block form have been standardised such that checking a box
makes the block 'more serious'; so while "check to prevent account creation"
and "check to enable autoblock" remain the same, "check to allow user-talk
edit" is reversed to "check to *disable* user-talk edit", and "check to block
anon-only" becomes "check to block logged-in users too". The default settings
remain the same.
* Most of the field names on the Special:Block form have been changed, which
will probably break screen-scraping bots.
* (bug 26866) The 'trackback' right is no longer granted to sysops by default.
$wgUseTrackbacks is already false by default.
* (bug 17009) the hiddenStructure CSS class, a highly hackish way of at least
*appearing* to hide article elements, has been removed. Use the
ParserFunctions extension to actually remove unwanted elements from the
output.
* (bug 14202) $wgUseTeX has been superseded by the Math extension. To re-enable
math conversion after upgrading, obtain the Math extension from SVN or from
https://www.mediawiki.org/wiki/Extension:Math and add to LocalSettings.php:
require_once "$IP/extensions/Math/Math.php";
* $wgProfiler is now a configuration array, see StartProfiler.sample for
details.
* $wgProfiling has been removed.
* The spyc library is now no longer included in phase3.
* (bug 28343) Unused preferences contextlines/contextchars have been removed
* $wgSkinExtensionFunctions has been removed. Use $wgExtensionFunctions instead.
* $wgProto has been removed. You now only need to set $wgServer to change the
URL protocol.
* $wgRateLimitsExcludedGroups (deprecated in 1.13) has been removed.
* $wgInputEncoding and $wgOutputEncoding (deprecated in 1.5) have now been
removed.
* $wgAllowUserSkin (deprecated in 1.16) has now been removed.
* $wgExtraRandompageSQL (deprecated in 1.16) has now been removed.
* LogReader and LogViewer classes (deprecated in 1.14) have now been removed.
* (bug 26033) Added $wgArticleCountMethod to select the method to use to say
whether a page is an article or not. $wgUseCommaCount is now deprecated.
* $wgEnableDublinCoreRdf and $wgEnableCreativeCommonsRdf no longer work in core,
and the functionality has been moved to the relevant extensions. See
https://www.mediawiki.org/wiki/Extension:DublinCoreRdf and
https://www.mediawiki.org/wiki/Extension:CreativeCommonsRdf as appropriate.
* (bug 21107) Split error "customcssjsprotected" into separate messages for JS
and CSS
* Removed $wgCheckCopyrightUpload from DefaultSettings, since the relevant
feature was removed in about 1.5.
* LogPageValidTypes, LogPageLogName, LogPageLogHeader and LogPageActionText
hooks have been removed.
* New hook "Collation::factory" to allow extensions to create custom
category collations.
* $wgGroupPermissions now supports per namespace permissions.
* $wgEnableAutoRotation enables or disables auto-rotation. Leaving it set to
null will cause MediaWiki to determine if auto-rotation is available.
=== New features in 1.18 ===
* BREAKING CHANGE: action=watch / action=unwatch now requires a token.
* BREAKING CHANGE: Article class hierarchy split into WikiPage (backend)
and Article (frontend) hierarchies. Several hooks now pass a WikiPage object
instead of an Article object. These hooks all use an $article parameter as
documented in hooks.txt. Extensions should be updated to account for this,
though most won't require any changes.
* (bug 27860) Minor edit after clicking 'new section' tab
Now the "This is a minor edit" checkbox is not available when you
create a page or new section.
* (bug 8130) Query pages should limit to content namespaces, not just main
namespace.
* Special:Contribs now redirects to Special:Contributions.
* (bug 6672) Images are now autorotated according to their EXIF orientation.
This only affects thumbnails; the source remains unrotated.
* (bug 25708) Update case mappings and normalization to Unicode 6.0.0.
* New hook ArticlePrepareTextForEdit added, called when preparing text to be
saved.
* New parser option PreSaveTransform added, allows the pre-save transformation
to be selectively disabled.
* Alternative to $wgHooks implemented, using the new Hooks class.
* Add width parameter to Special:Filepath to allow getting the file path of a
thumbnail.
* (bug 26870) Add size to {{filepath:}}.
* Upload warnings now show a thumbnail of the uploaded file.
* Introduced the edittools-upload message, which will be inserted under the
upload form instead of edittools if available.
* (bug 26285) Extensions will be automatically generated on upload if the user
specified a filename without extension.
* (bug 26851) Special:UserRights now allows to prefill the reason field
* New maintenance script to fix double redirects
(maintenance/fixDoubleRedirects.php).
* (bug 23315) New body classes to allow easier styling of special pages.
* (bug 27159) Make email confirmation code expiration time configurable.
* (bug 29047) CSS/JS for each user group is imported from
MediaWiki:Group-sysop.js, MediaWiki:Group-autoconfirmed.css, etc.
* (bug 24230) Uploads of ZIP types, such as MS Office or OpenOffice can now be
safely enabled. A ZIP file reader was added which can scan a ZIP file for
potentially dangerous Java applets. This allows applets to be blocked
specifically, rather than all ZIP files being blocked.
* (bug 2429) Allow selection of associated namespace in recent changes.
* (bug 26217) File size is now checked before uploading in HTML5 browsers.
* CSS stylesheet MediaWiki:Noscript.css is now loaded for users with JavaScript
disabled (enclosed in the head in a <noscript> tag).
* Added UserGetLanguageObject hook to change the language used in $wgLang.
* (bug 14645) When $wgMiserMode is on, expensive special pages are styled
differently (italicized by default) on Special:SpecialPages.
* Added $wgAggregateStatsID, which allows UDP stats to be aggregated over
several wikis.
* When $wgAllowMicrodataAttributes is true, all itemtypes are allowed, not just
the three that were defined in the original specification.
* (bug 14706) Added support for the Imagick PHP extension.
* (bug 18691) Added support for SVG rasterization using the Imagick PHP
extension.
* (bug 2581, bug 6834) Added links to thumbnail in several resolutions to the
file description page. The sizes are set by $wgImageLimits.
* (bug 28031) Add pageCount support to ArchivedFile.
* (bug 27924) PhpHttpRequest doesn't return response body if HTTP != 200.
* Added hook BitmapHandlerTransform to allow extension to transform a file
without overriding the entire handler.
* The parser now attempts to output markers for editsection tokens and defer the
rendering of them post-cache to reduce parser cache fragmentation and ensure
skin customizability of edit section links.
* (bug 24755) AuthPlugin auto-creation of local accounts can now be aborted by
other extensions by handling the 'AbortAutoAccount' hook, similar to the
'AbortNewAccount' triggered by explicit account creations. (They are separate
to avoid loops and confusion; auth plugins like CentralAuth need to handle
AbortNewAccount separately.
* Special:ListFiles is now transcludable.
* (bug 13879) Special:Emailuser asks for suitable target user if called without.
* (bug 16956) IPTC and XMP metadata now extracted from images.
* (bug 23816) A tracking category is now added for any pages with broken images.
* (bug 23495) Allow createAndPromote.php to create non-sysop users.
* (bug 28916) A way to to toggle mw.config legacy globals settings from
LocalSettings.php has been created by introducing $wgLegacyJavaScriptGlobals.
* (bug 28503) Support for ircs:// URL protocols.
* (bug 26033) It is now possible to count all non-redirect pages in content
namespaces as articles.
* Images can now be embedded in an XML dump stream using backupDump.php
--include-files and can be imported using importDump.php --uploads;
furthermore, it can import files from the filesystem using --image-base-path.
* Three new hooks in Special:Undelete, 'UndeleteForm::showHistory',
'UndeleteForm::showRevision' and 'UndeleteForm::undelete', so that extensions
may override the usage of PageArchive class and replace it with their own
class that extends PageArchive.
* (bug 28915) Implement QUnit test suite for MediaWiki JavaScript.
Also built-in support for distribution through a TestSwarm instance.
* (bug 29036) For cascade-protected pages, the mw-textarea-cprotected class is
added to the textarea on the edit form.
* mw.util.wikiScript has been implemented (like wfScript in GlobalFunctions.php)
* (bug 29067) Expose user.tokens (like we do user.options) in ResourceLoader.
* New 'Debug' hook used by wfDebug() and wfDebugLog().
* (bug 27655) Require token for watching/unwatching pages)
* (bug 28904) (bug 29773) Update jQuery version from 1.4.4 to 1.6.2 (the latest
version)
* (bug 29441) Expose CapitalLinks config in JS to allow modules to properly
handle titles on case-sensitive wikis.
* (bug 29397) Implement mw.Title module in core.
* In MySQL 4.1.9+ with replication enabled, fetch the slave lag from SHOW SLAVE
STATUS instead of SHOW PROCESSLIST. This ensures that lag is reported
correctly in the case where there are no write events occurring. Note that
the DB user now needs to have the REPLICATION CLIENT privilege if you are
using replication.
* Language codes in $wgDummyLanguageCodes are now excluded on localization
statistics (maintenance/language/transstat.php).
* (bug 29586) Make the (next 200) links on categories link directly to
the relevant section of the category.
* (bug 29109) Allow the automatic edit summary for redirect creation
show the first bit of the new redirect page.
* (bug 29723) mw.util.wikiGetlink() now defaults to wgPageName.
* (bug 29680) Add GetDefaultSortkey hook to override the default sortkey.
* (bug 16699) {{#language:}} accepts second parameter to specify the language in
which the language name is wanted. Coverage depends on the cldr extension.
* (bug 15802) An easy way to look up messages: language qqx which returns
the message keys.
* (bug 29868) Add support for passing parameters to mw.msg in jquery.localize.
* (bug 29558) $wgMiserMode now disables update.php by default.
* AjaxCategories: Easily add, edit or delete categories on article pages.
Suggests possible categories when typing, all saves are done via AJAX.
Supports editing of multiple categories and then saving them in one batch.
* $wgAutopromoteOnce was added, allowing for users to be automatically promoted
to explicit usergroups. If a group is removed from a user via
Special:UserRights, it will not automatically be re-added. Configuration is
similar to $wgAutopromote (see DefaultSettings.php).
* The PerformRetroactiveAutoblock hook was added to allow overriding or
complementing retroactive autoblock handling. This runs when blocking a user
with the 'autoblock' option.
* MediaWiki now supports using protocol-relative URLs in links, interwiki
targets and $wgServer.
* Introduced $wgVaryOnXFPForAPI which will cause the API to send
Vary: X-Forwarded-Proto headers.
* New maintenance script to refresh image metadata
(maintenance/refreshImageMetadata.php).
* (bug 16428) Include permalink in printable version.
* (bug 30722) Add an identity collation that sorts things based on what the
unicode code point is (aka pre-1.17 behavior).
* (bug 30940) Add a hook in User:getDefaultOptions.
To give extensions a better and more flexible way of providing default
values for preferences a hook has been introduced in User:getDefaultOptions().
Setting preferences in $wgDefaultUserOptions still work fine, but when reading
them (i.e. with array_keys) to get a list of all preferences, then
$wgDefaultUserOptions should no longer be used as it will contain those set
via User:getDefaultOptions().
* (bug 30497) Add client-nojs and client-js classes on document element
to let styles easily hide or show things based on general JS availability.
* (bug 31293) If Special:Userlogin is loaded over HTTPS, display
MediaWiki:loginend-https instead of MediaWiki:loginend, if it's not empty.
Same for signupend on the account creation page.
* (bug 31233) New OutputPage::addJsConfigVars() method to make the output page
specific mw.config map extendable.
* mw.util.wikiScript has been implemented (like wfScript in
GlobalFunctions.php).
=== Bug fixes in 1.18 ===
* (bug 27860) Minor edit after clicking 'new section' tab.
* (bug 23119) WikiError class and subclasses are now marked as deprecated.
* (bug 10871) Javascript and CSS pages in MediaWiki namespace are no longer
treated as wikitext on preview.
* (bug 22753) Output from update.php is more clear when things changed, entries
indicating nothing changed are now all prefixed by "...".
* Page existence is now not revealed (in the colour of the tabs) to users who
cannot read the page in question.
* (bug 19006) {{REVISIONUSER}} no longer acts like {{CURRENTUSER}} in some
cases.
* (bug 16019) $wgArticlePath = "/$1" no longer breaks API edit/watch actions.
* (bug 18372) File types blacklisted by $wgFileBlacklist will no longer be shown
as "Permitted file types" on the upload form.
* (bug 26379) importImages.php gives more descriptive error message on failure.
* (bug 26410) + signs are no longer treated as spaces in internal links if
link has a % sign in it.
* (bug 26412) Search results headers no longer show a bogus edit link.
* (bug 26540) Fixed wrong call to applyPatch in MysqlUpdater.
* (bug 26574) Added 'upload' to $wgRestrictionTypes, allowing upload protected
pages to be queried via the API and Special:ProtectedPages, and allowing
disabling upload protection by removing it from $wgRestrictionTypes.
* If an edit summary exceeds 250 bytes and is truncated, add an ellipse.
* (bug 26638) Database error pages display correctly in RTL languages.
* (bug 26187) Confirmrecreate no longer parses the edit summary.
* (bug 26208) Mark directionality of some interlanguage links.
* (bug 26034) Make the "View / Read" tab in content_navigation style tabs remain
selected when the action is "purge".
* (bug 14267) Support a MediaWiki:Mainpage-nstab override for the subject
namespace tab on the mainpage of a wiki.
* (bug 10158) Do not mention allowing others to contact you when the feature
is disabled ($wgEnableUserEmail=false).
* (bug 26733) Wrap initial table creation in transaction.
* (bug 26729) Category pages should return 404 if they do not exist and have no
members.
* (bug 2585) Image pages should send 404 if no image, no shared image and no
description page.
* Custom editintro's using the editintro url parameter will no longer show
<noinclude> sections on pages they are included on.
* (bug 26449) Keep underlines from headings outside of tables and thumbs by
adding overflow:hidden to h1,h2,h3,h4,h5,h6 (also fixes editsection bunching).
* (bug 26708) Remove background-color:white from tables in Monobook and Vector.
* (bug 28422) Remove color:black from tables in Monobook and Vector. And add it
to table.wikitable instead.
* (bug 26781) {{PAGENAME}} and related parser functions escape their output
better.
* (bug 26716) Provide link to instructions for external editor related
preferences and add a comment to the ini control file explaining what is
going on.
* Trying to upload a file with no extension or with a disallowed MIME type now
gives the right message instead of complaining about a MIME/extension
mismatch.
* (bug 26809) Uploading files with multiple extensions where one of the
extensions is blacklisted now gives the proper extension in the error message.
* (bug 26961) Hide anon edits in watchlist preference now actually works.
* (bug 19751) Filesystem is now checked during image undeletion.
* Send last modified headers for Special:Recentchanges when RC patrol is
enabled, but user cannot see rc patrol links.
* (bug 26548) ForeignAPIRepo (InstantCommons) now works with PDF files
and other multi-paged file formats.
* Files with a mime type that does not match the extension are now properly
thumbnailed.
* (bug 27201) Special:WhatLinksHere output no longer contains duplicate IDs.
* (bug 15905) Nostalgia skin could become more usable by including a Talk:
link at the top of the page.
* (bug 27560) Search queries no longer fail in Walloon language.
* (bug 27679) Broken embedded files with special characters are no longer
double HTML escaped.
* (bug 27700) The upload protection can now also be set for files that do not
exist.
* (bug 27763) Article::getParserOutput() no longer throws a fatal given when an
incorrect revision ID is passed.
* Trim the form field for uploading by url to remove extra spaces which could
cause confusing error messages.
* (bug 27854) Http::isValidURI is way too lax.
* Do not show enotifminoredits preference, if disabled by $wgEnotifMinorEdits.
* AbortLogin returning "ABORTED" now handled. Also allows message identifier
for "ABORTED" reason to be returned and displayed to user.
* (bug 28034) uploading file to local wiki when file exists on shared repository
(commons) gives spurious info in the warning message.
* Usernames get lost when selecting different sorts on Special:listfiles.
* (bug 14005) editing section 0 of an existing but empty page gives no such
section error.
* (bug 26939) Installer does not set $wgMetaNamespace.
* (bug 28166) UploadBase assumes that 'edit' and 'upload' rights are not per
page restrictions.
* Make truncate function automatically consider length of '...' string,
since length can vary by localization.
* (bug 28242) Make redirects generated by urls containing a local interwiki
prefix be a 301 instead of a 302.
* (bug 15641) blocked administrators are now prevented from deleting or
protecting their own talk page; and all blocked users are more
comprehensively prevented from performing other actions.
* (bug 27893) Edit-on-doubleclick now applies only on view and purge actions;
no longer triggers unexpectedly on delete, history etc.
* (bug 28417) Fix PHP notice when importing revision without a listed id.
* (bug 28430) Make html and TeX output of <math> always be left-to-right.
* (bug 28306) Fix exposure of suppressed usernames in ForeignDBRepo.
* (bug 28372) Fix bogus link to suppressed file versions in ForeignDBRepo.
* (bug 27473) Fix regression: bold, italic no longer interfere with linktrail
for ca, kaa.
* (bug 28444) Fix regression: edit-on-doubleclick retains revision id again.
* ' character entity is now allowed in wikitext.
* UtfNormal::cleanUp on an invalid utf-8 sequence no longer returns false if
intl installed.
* (bug 28561) The css class small will no longer make nested elements even
smaller.
* (bug 13172) Array type exif data (like GPS) was not being extracted from
images.
* (bug 28532) wfMsgExt() and wfMsgWikiHtml() use $wgOut->parse().
* (bug 16129) Transcluded special pages expose strip markers when they output
parsed messages.
* (bug 27249) "Installed software" table in Special:Version should always be
left-to-right.
* (bug 28719) Do not call mLinkHolders __destruct explicitly.
* (bug 21196) Article::getContributors() no longer fails on PostgreSQL.
* (bug 28752) XCache doesn't work in CLI mode.
* (bug 28076) Thumbnail height limited to 360 pixels on Special:Listfiles.
* (bug 22227) Special:Listfiles no longer throws an error on bogus file entries.
* (bug 19408) user_properties.up_property: 32 bytes is not enough.
* (bug 25262) Fix for minification of hardcoded data: URIs in CSS.
* (bug 29263) Add LTR class to the shared CSS to be used for left-to-right text
such as SQL queries shown in dberrortext and similar messages in RTL
environments.
* (bug 14977) Fixed $wgServer detection in cases where an IPv6 address is used
as the server name.
* The View X deleted revisions is now shown again on Special:Upload.
* (bug 29071) mediawiki.action.watch.ajax.js should pass uselang to API.
* (bug 28868) Show total pages in the subtitle of an image on the
file description page for multi-paged documents.
* (bug 28883) Message names for different compression types commonly
used in Tiff files.
* When transcluding a special page, do not let it interpret url parameters.
* (bug 28887) Special page classes are no longer re-used during 1 request.
* (bug 28888) Searching for something starting with a # sign no longer tells
the user a page named [[:]] already exists.
* (bug 23002) Imagelinks table not updated after imagemove.
* (bug 27864) Transcluding {{Special:Prefix}} with empty prefix now lists all
pages.
* (bug 18803) JPEG2000 images should not be uploadable as .jpg files.
* (bug 11868) If using links to count articles, the checking will now be based
on the real presence of an internal link instead of the "[[" string.
* (bug 28287) The "your changes" box for edit conflicts is now read-only.
* (bug 28940) When making a thumb of an SVG, and only specifying the height
make the width be the max SVG size, not the natrual width of the SVG.
* (bug 1780) Uploading files with non-ascii characters are now forbidden on
Windows.
* (bug 23464) File: prefixes are now chopped off during uploading.
* (bug 28174) Message config-logo-help amended to not explicitly assume any
LTR/RTL screen layout.
* (bug 28992) Revision numbers in the patrol log are transformed in the user
language.
* (bug 27073) ResourceLoaderDynamicStyles marker should be dynamically appended
to the document head if it doesn't exist.
* (bug 27023) After the document is ready, mw.loader is broken (calls callback
before module is parsed).
* (bug 4330) External URLs without a custom title should be treated as LTR,
even in RTL text.
* (bug 29055) Make "don't send email on minor edits" preference apply to
changes to talk page in addition to watchlist edits.
* (bug 28272) Special:AllMessages should have only one "Go" button.
* (bug 29101) Special:FileDuplicateSearch no longer shows silly message.
* (bug 29048) jQuery.tabIndex: firstTabIndex() should not output the same
as lastTabIndex().
* (bug 29332) Warn if user requests mediawiki-announce subscription but does not
enter an e-mail address.
* (bug 25375) Add canonical namespaces to "wgNamespaceIds" in mw.config.
* The class JpegOrTiffHandler was renamed ExifBitmapHandler.
* (bug 29443) Special:Undelete should use JavaScript to invert all checkboxes
instead of reloading the page.
* (bug 29325) Setting $wgStrictFileExtensions to false no longer gives incorrect
warning.
* (bug 29437) Multiple apostrophes in deleted article title cause odd rendering.
* (bug 29485) RSS feed of Special:RecentChange grouped together multiple
consecutive edits by same user in included diff, but then linked to
a single ungrouped diff.
* Do not try to group together a page creation and edit in the RSS feed of RC.
* (bug 29342) Patrol preferences shouldn't be visible to users who don't have
patrol permissions.
* (bug 29471) Exception no longer thrown for files with invalid date in
metadata.
* (bug 29492) Long-running steps in the installer (such as Upgrade and Install)
no longer cause timeouts.
* (bug 29507) Change 'image link' to 'file link' in Special:Whatlinkshere.
* If the db is really screwed up, and doesn't have a recentchanges table,
make the updater throw an exception instead of a fatal.
* wfArrayToCGI() and wfCgiToArray() now handle nested and associative arrays
correctly.
* (bug 29567) mw.util.addPortletLink should only wrap link in <span> for
"vectorTabs" portlets.
* (bug 8556) Incorrect session failure warning on preview-on-open
namespaces (categories) when combined with $wgRawHtml.
* Use content language in formatting of dates in revertpage message
(rollback revert edit summary) and do not adjust for user timezone.
* (bug 29277) MediaWiki:Filepage.css is also shown on the local wiki
* Make sure Backlink cache does not retrieve interwiki redirects when looking
for redirects to a local page.
* (bug 6100) Allow different directionality (LTR/RTL) for user interface
and wiki content, along with many other RTL and directionality improvements
(such as bugs 28030, 12406, 28349).
* (bug 29712) Removed broken defaultUserOptionOverrides in MessagesXx files and
unneeded CSS flipping of quickbar. Instead, introduce option 5 which sets
left/right according to the directionality of your interface language.
* (bug 19514) Unordered list list-style-image should be IE6-compatible (8-bit).
* (bug 27410) The tag filter on a history page is now within a <label> element.
* (bug 29779) DairikiDiff/WikiDiff <ins> and <del> should undo browser default
styling (strike/underline).
* (bug 28630) Add iwlinks, langlinks, redirect to
RefreshLinks::deleteLinksFromNonexistent.
* (bug 29797) Error: "Tried to load block with invalid type" when subpages
are disabled for user pages.
* (bug 12205) Bidirectional names in action=credits are split and displayed
incorrectly when wrapped to the next line.
* (bug 20781) Move 'mainpagetext' messages to installer's .i18n file.
* (bug 29737) "MediaWiki:Qbsettings-directionality" should refer to script,
not language.
* (bug 26360) $wgSessionHandler was overriding system settings unconditionally.
* Removed AjaxFunctions.php. The last remaining function js_unescape() was moved
to the FCKEditor extension.
* (bug 28762) Resizing to specified height broken for very thin images.
* (bug 29959) Installer fatal when cURL and allow_url_fopen is disabled and user
tries to subscribe to mediawiki-announce.
* (bug 27427) mw.util.getParamValue shouldn't return value from hash even if
param is only present in hash.
* Installer checked for magic_quotes_runtime instead of register_globals.
* (bug 30131) XCache with variable caching disabled no longer used for variable
caching (CACHE_ACCEL)
* $wgSVGMaxSize is now applied to the smaller of width or height, making very
wide pano/timeline/diagram SVGs renderable at saner sizes.
* (bug 30219) The page shown when LocalSettings.php does not exist was broken on
Windows servers.
* (bug 30074) Moving user JS subpages resulted in JS errors because
#REDIRECT [[Foo]] is invalid JS.
* (bug 30335) Fix for HTMLForms using GET breaking when non-friendly URLs
are used.
* (bug 30264) Changed installer-generated LocalSettings.php to use
require_once() instead of require() for included extensions.
* Tracking categories are no longer shown in footer for special pages.
* (bug 30684) Fix bad escaping in mw.message for inexistent messages (i.e.
<key>).
* $wgOverrideSiteFeed no longer double escapes urls.
* The preprocessor no longer fails with a PHP warning about XML_PARSE_HUGE when
processing complex pages using newer versions of libxml2.
* (bug 30907) Special:Unusedcategories should sort ascendingly.
* (bug 28545) When using the uca-default collation, sortkey's starting with a
space (U+20) will sort under an invisible header like in 1.16 rather than a
U+6DE.
* (bug 30192) Thumbnails of archived files are now deleted.
* (bug 30843) mediawiki.Title should not convert extensions (anything after the
last full stop) to lower case).
* (bug 31213) Exception thrown when trying to move file cross-namespace.
* (bug 18424) Special:Prefixindex and Special:Allpages paging links are
really small, and somewhat inconsistent with each other.
* (bug 30466) Entries in iwlinks table are now cleared when moving a page over
redirect.
* (bug 31674) Can't edit watchlist if it contains special pages.
* (bug 32100) Installer complains about Suhosin GET limit even if it is
already set above 1024 bytes.
=== API changes in 1.18 ===
* BREAKING CHANGE: action=watch now requires POST and token.
* (bug 26339) Throw warning when truncating an overlarge API result.
* (bug 14869) Add API module for accessing QueryPage-based special pages.
* (bug 14020) API for Special:Unwatchedpages.
* (bug 24287) Wrap API Help output at 100 characters.
* Add a realname uiprop option to query=userinfo so a user's realname can be
extracted.
* Add a &watchuser option to ApiBlock.
* (bug 26541) Generator-ise ApiQueryRecentChanges.
* action=parse now correctly returns an error for nonexistent pages.
* (bug 25767) Add userrights properties to allusers and users query lists.
* (bug 26558) list=allusers auprop=groups does not list groups a user is
automatically a member of.
* (bug 26559) list=allusers auprop=rights does not match
list=users usprop=rights.
* (bug 26560) On allusers if limit < total number of users, last user gets
duplicate.
* (bug 25135) add "normalized" to action=parse.
* (bug 26460) Add support for listing category members by category pageid.
* (bug 26482) add a imimages param to prop=images.
* (bug 26498) allow LinksUpdate with API.
* (bug 26485) add a elextlinks param to prop=extlinks.
* (bug 26483) add a iwtitles param to prop=iwlinks.
* (bug 26484) add a lltitles param to prop=langlinks.
* (bug 26480) add a pppageprops param to prop=pageprops.
* (bug 26650) Remove $wgAPICacheHelp in favour of $wgAPICacheHelpTimeout.
* (bug 24650) Fix API to work with categorylinks changes.
* Expose list of skins in meta=siteinfo.
* (bug 26548) Add iiurlparam param to query=imageinfo and query=stashimageinfo.
* (bug 27205) aiprop=metadata and aiprop=parsedcomment need help text.
* Add a amtitle param to meta=allmessages.
* (bug 25832) query=allimages now outputs ns/title as well.
* (bug 27199) Thumbnail urls can be fetched for old files as well.
* (bug 27376) when using ApiBase::PARAM_TYPE => 'integer' without a min or
max value, API doesn't validate the input is actually an integer.
* (bug 27479) API error when using both prop=pageprops and
prop=info&inprop=displaytitle.
* (bug 27554) Update API information text to reflect change in bug 26125.
* (bug 27611) list=blocks: Use ipb_by_text instead of join with user table.
* (bug 27616) Add userid of blocked user and blocker to list=blocks.
* (bug 27688) Simplify queries to list user block information.
* (bug 27708) list=users does not have a property to return user id.
* (bug 27715) imageinfo didn't respect revdelete.
* (bug 27862) Useremail module didn't properly return success on success.
* (bug 27590) prop=imageinfo now allows querying the media type.
* (bug 27587) list=filearchive now outputs full title info.
* (bug 27018) Added action=filerevert to revert files to an old version.
* (bug 27897) list=allusers and list=users list hidden users.
* (bug 27717) API's exturlusage module does not respect $wgMiserMode.
* (bug 27588) list=filearchive&faprop=sha1 returns empty attribute.
* (bug 28010) Passing a non existent user to list=users gives internal error.
* (bug 27549) action=query&list=users&usprop=groups doesn't show implicit
groups if a user doesn't have explicit groups.
* (bug 27670) Ordering by timestamp (and usage of start and end) isn't as clear
in auto generated document, as it is on mediawiki.org.
* (bug 27182) API: Add filter by prefix for meta=allmessages.
* (bug 27183) API: Add filter by customisation state for meta=allmessages.
* (bug 27340) API: Allow listing of "small" categories.
* (bug 27342) Add audir param to list=allusers.
* (bug 27203) add fato param to list=filearchive.
* (bug 27341) Add drto param to list=deletedrevs.
* (bug 26630) Add API for Special:ActiveUsers.
* (bug 27020) API: Allow title prefix search of logevents (only when not in
miser mode).
* (bug 26629) add Special:MIMESearch to API.
* (bug 27585) add pagecount to list=filearchive.
* (bug 28104) Namespace for local pages in interwiki backlinks (iwbacklinks)
is missing.
* (bug 27343) Add parseddescription to list=filearchive.
* (bug 27469) label implicit groups in list=allusers&auprop=groups/
list=users&usprop=groups.
* Addition of APIQuerySiteInfoGeneralInfo hook to add extra information to
the general site info results.
* (bug 16288) API: consider making closure status of wikis more clear
with meta=siteinfo.
* (bug 27589) list=allimages&aiprop=archivename is useless.
* (bug 27586) Remove duplication of props in ApiQueryStashImageInfo
by using ApiQueryImageInfo.
* (bug 28226) prop=extlinks&eloffset should be an integer.
* (bug 28070) Fix watchlist RSS for databases that store timestamps in a
real timestamp field.
* API upload errors may now return the parameter that needs to be changed and
a sessionkey to fix the error.
* (bug 28249) allow dupes in meta=allmessages&amargs.
* (bug 28263) cannot import xml with the API, when have not "import" user
right, but "importupload".
* (bug 28365) Added description for uiprop=preferencestoken in meta=userinfo.
* (bug 28394) Set forgotten parameters types in ApiUnblock.
* (bug 28395) Set forgotten parameters types in ApiParse.
* (bug 28368) add hint for multipart/form-data to API information of
action=import&xml=.
* (bug 28391) action=feedwatchlist&allrev should be a bool.
* (bug 28364) add registration date to meta=userinfo.
* (bug 28254) action=paraminfo: Extract type from PARAM_DFLT if
PARAM_TYPE is not set.
* (bug 27712) add parent_id to list=deletedrevs.
* (bug 28455) Add 'toponly' to recentchanges API module.
* (bug 26873) API: Add 'toponly' filter in usercontribs module.
* (bug 28586) YAML: strings that are the same as boolean literals.
* (bug 28591) Update/replace/supplement spyc (YAML parsing library).
* YAML API output is now 1.2 compliant, using JSON as the formatter.
* (bug 28672) give information about misermode on API.
* (bug 28558) Add iw_api and iw_wikiid to meta=siteinfo&siprop=interwikimap
* (bug 26882) Allow listing of indefinite protections with the API.
* (bug 27344) add drprefix param to list=deletedrevs.
* (bug 28560) list=deletedrevs should die, if combination of param is invalid.
* (bug 28238) paraminfo: output both limits for multi param.
* (bug 27179) API: List of extension tags through meta=siteinfo.
* Get a list of function hooks through meta=siteinfo.
* Get a list of all subscribed hooks, and those subscribers.
* (bug 28225) Allow hiding of user groups in list=allusers.
* (bug 27185) API: Add Special:ComparePages.
* (bug 28265) allow outputting of comments for action=expandtemplates.
* (bug 27790) Add query type for querymodules to output of ApiParamInfo.
* (bug 28963) Add langbacklinks query module to the api.
* (bug 27593) API should return error message when sha1/sha1base36 is invalid.
* (bug 28578) API's parse module should not silently override invalid
title inputs.
* (bug 20699) Watchlist API should list log-events.
* (bug 29070) Require a token in API action=watch.
* (bug 29221) Expose oldrevid in ApiQueryWatchlist output.
* (bug 29267) Always give the servername for meta=siteinfo&siprop=dbrepllag.
* (bug 28897) rvparse now respects rvsection for action=query&prop=revisions.
* (bug 25734) API: Possible issue with revids validation.
* (bug 28002) Internal error in ApiFormatRaw::getMimeType.
* (bug 29237) ApiQuery now has an option to output the "iwurl" attribute.
* (bug 28392) Mark action=undelete×tamps as type "timestamp".
* (bug 21346) Make deleted images searchable by hash (disabled in Miser Mode).
* (bug 27595) sha1 search of list=filearchive does not work.
* (bug 26763) Make RSS/Atom of user contributions more visible.
* (bug 25133) Allow redirects also for action=parse&pageid.
* (bug 29745) Fatal error in API search.
* (bug 29476) API returns page title instead of sectiontitle for
srprop=sectiontitle.
* Correct the documentation of srprop properties.
* (bug 28817) Add reference help page link to API Modules.
* (bug 29935) Improve formatting of examples in ApiParamInfo.
* (bug 29938) list=users&usprop=rights shows rights the user doesn't have.
* (bug 24781) The API will include an XML namespace if the includexmlnamespace
parameter is set.
* (bug 29392) Setting the start or end parameter now works with lists blocks,
categorymembers, deletedrevs, logevents, protectedtitles, usercontributions
and watchlist in Postgres.
=== Languages updated in 1.18 ===
MediaWiki supports over 330 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Bugzilla reports.
* Angika (anp) (new).
* Brahui (brh) (new).
* Central Dusun (dtp) (new).
* Jamaican Creole English (jam) (new).
* Khowar (khw) (new).
* Liv (liv) (new).
* Kichwa (qug) (new).
* Tokipona (tp) (removed) 'tokipona' is still valid.
* (bug 17160) Gender specific display text for User namespace.
* Link trail added for sl and sh.
* (bug 27633) Add characters to linkTrail for Portuguese (pt and pt-br).
* (bug 27426) Set $namespaceGenderAliases for Arabic (ar).
* (bug 27385) Set Polish $namespaceGenderAliases.
* (bug 27681) Set $namespaceGenderAliases for Portuguese (pt and pt-br).
* (bug 27785) Fallback language for Kabardian (kbd) is English now.
* (bug 27825) Raw watchlist edit message now uses formatted numbers.
* (bug 28040) Turkish: properly lower case 'I' to 'i' (dotless i) and
uppercase 'i' to 'I' (dotted i).
* Conversion script between Syllabics and Latin for the Inuktitut language.
* Date formats for Indonesian (id) updated.
* Bhojpuri (bho) (renamed from "bh").
* (bug 29031) When translating block log entries, indefinite, infinite, and
infinity are now considered the same.
* Aromanian (rup) (renamed from "rua-rup").
* Kashmiri (ks) split into Kashmiri (Perso-Arabic) (ks-arab) and Kashmiri
(Devanagari) (ks-deva). Defaults to ks-arab.
* (bug 30864) Use bengali numerals for <ol> for Assamese.
* (bug 30817) Restored linktrail for kk (Kazakh).
* (bug 27398) Add $wgExtraGenderNamespaces for configured gendered namespaces.
* (bug 30846) New LanguageOs class.
=== Other changes in 1.18 ===
* Removed legacy wgAjaxWatch javascript global object, no longer in use.
* (bug 28556) Upload support for MacBinary files has been removed (Used by
Internet Explorer 5 for Mac OS 9).
* On wiki farm setups using $wgConf, 'wgCanonicalServer' is now expected to be
set for all wikis. This was already the case for 'wgServer'.
== MediaWiki 1.17 ==
== MediaWiki 1.17.5 ==
2012-06-12
This is a security release of the MediaWiki 1.17 branch.
=== Summary of selected changes in 1.17 ===
Selected changes since MediaWiki 1.16 that may be of interest:
* A new installer has been introduced. It has a wizard-style interface which is
translated into many languages. Many shortcomings in the old installer were
addressed with this rewrite. Note that it is no longer required for the config
directory to be made writable by the webserver. Instead the generated
LocalSettings.php file is offered as a download, which you must then upload
to the wiki's base directory.
* ResourceLoader, a new framework for delivering client-side resources such as
JavaScript and CSS, has been introduced. These resources are now delivered
through the new entry point script "load.php", instead of as static files
served directly by the web server. This allows minification, compression and
client-side caching to be used more effectively, which should provide a net
performance improvement for most users.
* Category sorting has been improved.
** Sorting is now case insensitive.
** Sub-categories, pages and files can now be paged separately.
** When several pages are given the same sort key, they sort by their
names instead of randomly.
* The lowest supported version of PHP is now 5.2.3. If necessary, please
upgrade PHP prior to upgrading MediaWiki.
=== Changes since 1.17.4 ===
* (bug 36938) Correctly escape uselang attribute to prevent xss
* Expanded Blacklist for SVG Files
=== Changes since 1.17.3 ===
* (bug 35961) Hash comparison should always be strict.
* Fix broken email confirmation expiration caused by MWCryptRand changes.
* (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php
on line 598.
=== Changes since 1.17.2 ===
* (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in
core parser functions which operate on strings, such as padleft.
* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token
parameter present.
* (bug 34907) Fixed exposure of tokens through load.php that could have
facilitated CSRF attacks.
* (bug 35317) CSRF in Special:Upload.
=== Changes since 1.17.1 ===
* (bug 33117) prop=revisions allows deleted text to be exposed through cache
pollution.
* (bug 32709) Private Wiki users were always taken to Special:Badtitle on login.
=== Changes since 1.17.0 ===
* (bug 29535) Added missing Creative Commons CC0 icon.
* (bug 29726) Fixed failure to load internationalization messages in
client-side scripts on WebKit-based browsers.
* Fixed a bug in message transformation where the previous language could leak
into later transformations in the UI language.
* (bug 29091) Fixed form of native name for Ossetic language (Иронау -> Ирон)
* Fixed maintenance scripts upgrade1_5.php and rebuildImages.php, they did not
work at all since 1.17 beta 1.
* (bug 29531) Fixed img_auth.php for thumbnails and other filenames with
multiple dots, was broken by the fix for bug 28840.
* In the maintenance script purgeList.php, fixed a fatal error when a page
title is given, instead of a URL.
* (bug 19514) Unordered list list-style-image should be IE6-compatible (8-bit).
* Installer checked for magic_quotes_runtime instead of register_globals.
* $wgSVGMaxSize is now applied to the smaller of width or height, making very
wide pano/timeline/diagram SVGs renderable at saner sizes.
* (bug 29959) Installer fatal when cURL and allow_url_fopen is disabled and user
tries to subscribe to mediawiki-announce.
* Installer checked for magic_quotes_runtime instead of register_globals
* (bug 30131) XCache with variable caching disabled no longer used for variable
caching (CACHE_ACCEL)
* (bug 30264) Changed installer-generated LocalSettings.php to use
require_once() instead require() for included extensions.
* (bug 26486) ResourceLoader modules with paths to nonexistent files cause PHP
warnings/notices to be thrown
* (bug 30907) Special:Unusedcategories should sort ascendingly.
* (bug 30219) The page shown when LocalSettings.php does not exist was broken on
Windows servers.
* Hardcoded NLS_NUMERIC_CHARACTERS for Oracle DB to prevent type conversion
errors.
* Fixed recentchanges FK violation on page delete and cache purge error in
updater for Oracle DB.
* (bug 32276) Skins were generating output using the internal page title which
would allow anonymous users to determine whether a page exists, potentially
leaking private data. In fact, the curid and oldid request parameters would
allow page titles to be enumerated even when they are not guessable.
* (bug 32616) action=ajax requests were dispatched to the relevant internal
functions without any read permission checks being done. This could lead to
data leakage on private wikis.
=== Changes since 1.17.0rc1 ===
* Fixed syntax error in generated LocalSettings.php when a non-default user
rights profile is chosen.
* (bug 29399) Fixed PostgreSQL installation when the DB user for installation
is the same as the one for web access.
* (bug 29233) Fixed failover for DB slave servers. When a DB slave went down,
an error was immediately shown to the user, instead of trying another slave.
Was broken since 1.17 beta 1.
* (bug 29278) Fixed PHP fatal error when attempting to add text to a page via a
redirect.
* (bug 29408) Fixed uploads of files with MIME types that aren't detected by
MediaWiki.
* Removed DEFAULT '' NOT NULL field definitions from Oracle DB schema because
using the DEFAULT value ('') in DML broke Oracle backend as it treats an
empty VARCHAR2 value as NULL. Indexes on Oracle do not require NOT NULL
fields.
=== Changes since 1.17 beta 1 ===
* Fixed warning about missing file "password.js".
* When installing on MySQL, don't attempt to create a new database user if the
same user is used for installation and web access.
* Fixed SQL query errors in queries with table aliases.
* (bug 27891) Fixed the "chronology protector", broken since 1.17beta1, which
ensures that when database replication is used, the new version is seen by
the user immediately after they create or edit an article.
* (bug 28845) Allow PostgreSQL installation using a non-root user account which
has role creation abilities.
* When installing on PostgreSQL and the install account is the same as the web
account, check to make sure that the account has suitable privileges in the
mediawiki schema.
* (bug 28172) Fixed error in PostgreSQL installation when creating the wiki
sysop account.
* Fixed an issue with the Oracle installer in cases where the user is different
to the database name.
* Added "unblockself" to the list of available rights.
* In the installer, fixed the "user rights profile" option, it never worked.
* (bug 29117) Fixed Hebrew localisation of the installer.
* (bug 28840) Reduce the collateral damage caused by the fix for bug 28235 (XSS
on Internet Explorer 6 due to a file extension in the query string) by
reducing the number of URLs that are blocked, and by redirecting the request
to a safer URL where possible instead of blocking it.
* (bug 28812) Fixed documentation of API action=parse.
* (bug 28979) Fixed styling of <abbr> and <acronym>.
* Fixed the error message displayed when you try to create an account by email,
but an email address is not given.
* Fixed JS error due to missing dependency for jquery.suggestions.
* Exposed $wgExtensionAssetsPath in JavaScript.
* (bug 28738) Made ResourceLoader support environments with small URL length
limits. The length limit can be configured via
$wgResourceLoaderMaxQueryLength, and this is set automatically in the
generated LocalSettings.php when the php.ini variable
"suhosin.get.max_value_length" is set. When a URL exceeds this limit, the
request is split up. Also, reduced the average length of load.php URLs by
using a more compact parameter format.
* (bug 25262) Fix for minification of hardcoded data: URIs in CSS.
* (bug 25124) Respect $wgStyleDirectory in ResourceLoader.
* Allow installation when no HTTP client is available, don't throw an exception.
* (bug 27465) Fix metadata extraction for SVG files using unusual namespace
names.
* (bug 29174) Fix regression in upload-by-URL: uploading files larger than the
PHP memory limit should work again.
* Fixed the display of comments in the new user log.
* (bug 28237) When installing extensions using the web-based installer, create
any necessary database tables.
* (bug 28983) Fixed automated installation of extensions that overwrite $path.
* Fixed error caused by missing magic words.
* Fixed breakage of article editing in PostgreSQL due to text search
configuration errors.
* Fixed the HTTPS client used when Curl is not available. This avoids an error
during install about failure of the mediawiki-announce subscription.
* (bug 28162) When installing to PostgreSQL, respect the "database port" input,
it was ignored.
=== Configuration changes in 1.17 ===
* $wgLogAutocreatedAccounts controls whether autocreation of accounts is logged
to new users log.
* (bug 22858) $wgLocalStylePath is by default set to the same value as
$wgStylePath but should never point to a different domain than the site is
on, allowing skins to use .htc files which are not cross-domain friendly.
* $wgFileStore has been deprecated. The only usage $wgFileStore['deleted'] has
been turned into $wgDeletedDirectory.
* $wgDeletedDirectory has been added to specify what directory to place deleted
uploads in.
* IBM DB2 database no longer uses the db specific $wgDBport_db2 variable but the
normal $wgDBport.
* $wgCategoryPrefixedDefaultSortkey was removed and is now always false. This
provides more sensible sorting behavior for categories.
* Removed unused globals: $wgEnableSerializedMessages, $wgCheckSerialized,
$wgUseMemCached, $wgDisableSearchContext, $wgColorErrors, $wgUseZhdaemon,
$wgZhdaemonHost and $wgZhdaemonPort.
* (bug 24408) The include_path is not modified in the default LocalSettings.php
* $wgVectorExtraStyles was removed, and is no longer in use.
* Removed $wgUpdates for database updates; extensions should use
DatabaseUpdater::addExtensionUpdate() via the LoadExtensionSchemaUpdates hook.
* Removed $wgServerName. It doesn't need to be set anymore and is no longer
available as input for other configuration items, either.
* It's no longer necessary for LocalSettings.php to include DefaultSettings.php.
* It's no longer necessary to set $wgCacheEpoch to the file modification time
of LocalSettings.php, in LocalSettings.php itself. Instead, this is done
automatically if $wgInvalidateCacheOnLocalSettingsChange is true (which is
the default).
* $wgCopyrightIcon is deprecated and $wgFooterIcons['copyright']['copyright']
should be used instead.
* $wgSysopUserBans is deprecated, and will be made permanently true in 1.18.
If you need this functionality, you should use the BlockIp hook to filter and
reject such blocks.
* $wgSysopRangeBans is deprecated, you should set $wgBlockCIDRLimit to maximum
(32 for IPv4, 128 for IPv6), equivalent to allowing rangeblocks of only 1
address at a time.
=== New features in 1.17 ===
* (bug 10183) Users can now add personal styles and scripts to all skins via
User:<name>/common.css and /common.js (if user css/js is enabled).
* (bug 22748) Add anchors on Special:ListGroupRights.
* (bug 21981) Add parameter 'showfilename' to <gallery> to automatically
apply the names of the individual files within the gallery.
* Future-proof redirection to fragments in Gecko, so things work a little nicer
if they fix <https://bugzilla.mozilla.org/show_bug.cgi?id=516293>.
* Support git:// and mms:// protocols by default for external links.
* (bug 15810) Blocked admins can no longer unblock themselves without the
'unblockself' permission (which they have by default).
* (bug 18499) Added "enhanced" URL parameter to switch between old and enhanced
changes list.
* (bug 22925) "sp-contributions-blocked-notice-anon" message now displayed when
viewing contributions of a blocked IP address.
* (bug 22474) {{urlencode:}} now takes an optional second parameter for type of
escaping.
* Special:Listfiles now supports a username parameter.
* Special:Random carries over query string parameters.
* (bug 23206) Add Special::Search hook for detecting successful "Go".
* When visiting a "red link" of a deleted file, a deletion and move log excerpt
is provided on the Upload form.
* (bug 22647) Add category details in search results.
* (bug 23276) Add hook to Special:NewPages to modify query.
* Add accesskey 's' and tooltip to 'Save' button at Special:Preferences.
* Add accesskey 'b' and tooltip to the summary field of edit mode.
* (bug 20186) Allow filtering Special:Contributions for RevisionDeleted edits.
* ajaxwatch now uses the API and JQuery, and can be used to animate arbitrary
watch links, not just to watch the page the link is on.
* (bug 20976) "searchmenu-new-nocreate" message now displayed when there
is no title match in search and the user has no rights to create pages.
* (bug 23429) Added new hook WatchlistEditorBuildRemoveLine.
* (bug 22844) Added support for WinCache object caching (for IIS).
* (bug 23580) Add two new events to LivePreview so that scripts can be notified
about the beginning and finishing of LivePreview actions.
* (bug 21278) Now the sidebar allows inclusion of wiki markup.
* (bug 23733) Add IDs to messages used on CSS/JS pages.
* Show validity period of the login cookie in Special:UserLogin and
Special:Preferences.
* Interlanguage links display the page title in their tooltip.
* (bug 23621) New Special:ComparePages to compare (diff) two articles.
* (bug 4597) Provide support in Special:Contributions to show only "current"
contributions
* (bug 17857) {{anchorencode}} acts more like how the parser creates section ids
* (bug 21477) \& can now be used in <math>
* (bug 11641) \dotsc \dotsm \dotsi \dotso can now be used in <math>
* (bug 21475) \mathtt and \textsf can now be used in <math>
* texvc is now run via ulimit4.sh, to limit execution time.
* SQLite now supports $wgSharedDB.
* (bug 8507) Group file links by namespace:title on image pages.
* Stop emitting named entities, so we can use <!DOCTYPE html> while still being
well-formed XML.
* texvc now supports \bcancel and \xcancel in addition to \cancel and \cancelto
* Added scriptExtension setting to $wgForeignFileRepos.
* ForeignApiRepo uses scriptDirUrl if apiBase not set.
* (bug 24212) Added MediaWiki:Filepage.css which is also included on foreign
client wikis.
* (bug 14685) Double underscore magic word usage is now tracked in the
page_props table, as well as the behavioral magic words {{DEFAULTSORT}} and
{{DISPLAYTITLE}}
* (bug 24045) MediaWiki:Ipb-needreblock is now wrapped in a div with class
"mw-ipb-needreblock"
* Non-file pages can no longer be moved to the file namespace, nor vice versa.
* (bug 671) The <dfn>, <kbd> and <samp> elements have been whitelisted in user
input.
* (bug 21503) There's now a "reason" field when creating account for other
users.
* (bug 24418) action=markpatrolled now requires a token.
* A variety of category sort-related fixes, including:
** (bug 164) In English, lowercase and uppercase letters now sort the same.
** (bug 1211) Subcategories, ordinary pages, and files now page separately.
** When several pages are given the same sort key, they sort by their names
instead of randomly.
* (bug 23848) Add {{ARTICLEPATH}} Magic Word.
* (bug 8140) Add dedicated CSS classes to Special:Newpages elements.
* (bug 11005) Add CSS class to empty pages in Special:Newpages.
* The parser cache is now shared amongst users whose different settings aren't
used in the page.
* Any attribute beginning with "data-" can now be used in wikitext, per HTML5.
* (bug 24007) Diff pages now mention the number of users having edited
intermediate revisions.
* Added new hook GetIP.
* Special:Version now displays whether a SQLite database supports full-text
search.
* TS_ISO_8691_BASIC was added as a time format, which is used by ResourceLoader
for versioning.
* Maintenance scripts get a --memory-limit option to override defaults (which
is usually to set it to -1 to disable the limit).
* (bug 25397) Allow uploading (not displaying) of WebP images, disabled
by default.
* (bug 23194) Special:ListFiles now has thumbnails.
* Use hreflang to specify canonical and alternate links, search engine friendly
when a wiki has multiple variant languages.
* (bug 19593) Specifying --server in now works for all maintenance scripts.
* Now rebuildtextindex.php warns if SQLite doesn't support full-text search.
* (bug 10541) Front/backend separation of installation/upgrade code.
* (bug 10596) Allow installer to enable extensions already in extensions folder.
* (bug 20627) Installer should be in languages other than English.
* Support for metadata in SVG files (title, description).
* Special:Search: Add CSS classes to 'none found' and 'create link' messages.
* Add CSS classes (including namespace and pagename) to the enhanced recent
changes/watchlist entries.
* (bug 22463) Add hook 'SkinGetPoweredBy' to make 'powered by' icon/text
customizable.
* Added CSS print pagination to the print stylesheets.
* (bug 25960) Add <link rel=canonical"> for File pages of shared/foreign
file repositories.
* When viewing a redirect, the redirect arrow and redirection target are both
wrapped in a div that has the class "redirectMsg" so that the redirection
arrow can be customized with CSS.
* (bug 21911) Hard coded limit for long page warning removed. New message
[[MediaWiki:Longpage-hint]] (empty by default) can be used instead.
Parameters: $1 shows the formatted textsize in Byte/KB/MB, $2 is the raw
number of the textsize in Byte.
* (bug 3276) Give image <gallery>s fluid width.
* Added uploads link to page subtitle in Special:Contributions.
* Added Special:Myuploads special page that redirects to Special:Listfiles.
* The footerlinks used in Monobook/Vector/Modern are now part of common skin
code, SkinTemplateOutputPageBeforeExec can be used to customize the list.
* Special wrapping setups can now define MW_CONFIG_FILE to load a config file
other than LocalSettings.php. This is like MW_CONFIG_CALLBACK but works in
some cases where MW_CONFIG_CALLBACK will not work.
* (bug 26574) Added 'upload' to $wgRestrictionTypes, allowing upload protected
pages to be queried via the API and Special:ProtectedPages, and allowing
disabling upload protection by removing it from $wgRestrictionTypes.
* The name attribute of HTMLForm fields can now be overridden by passing a
'name' key in the descriptor array. Hidden field names are now treated
consistently with other fields and, by default, prefixed with 'wp'.
* (bug 27402) Add support for disabling MWSuggest.
* (bug 26563) Add bytes changed per revision for stub and full article dumps.
* (bug 27508) Add $wgSVGMetadataCutoff to limit the maximum amount of an svg we
look at when finding metadata to prevent excessive resource usage.
* (bug 198) $wgUpgradeKey allows unlocking the web installer for upgrades
without having to move LocalSettings.php
* Added $wgAllowImageTag, which can be set to true to whitelist the <img> tag
in wikitext.
* (bug 12797) Add $wgGalleryOptions for adjusting of default gallery display
options.
* Added the $wgAllowUserCssPrefs option which allows disabling CSS-based
preferences; which can improve page loading speed.
* Added $wgSQLMode for setting database SQL modes - either performance (null)
or other reasons (such as enabling stricter checks).
* (bug 20193) Added $wgVectorShowVariantName global configuration variable
which causes Vector to render the variants drop-down menu with a label
showing the current variant name. This is off by default, pending further
research into its user experience implications.
* The upload link for missing files can now be set separately from the
navigation link with $wgUploadMissingFileUrl.
* $wgAdditionalMailParams added to allow setting extra options to mail() calls.
* Added $wgSecureLogin to optionally login using HTTPS.
* (bug 25728) Added $wgPasswordSenderName to make the name associated
with $wgPasswordSender configurable.
* (bug 22463) $wgFooterIcons added to allow configuration of the icons shown in
the footers of skins.
* $wgFileCacheDepth can be used to set the depth of the subdirectory hierarchy
used for the file cache. Default value is 2, which matches former behavior.
=== Bug fixes in 1.17 ===
* (bug 17560) Half-broken deletion moved image files to deletion archive
without updating database.
* (bug 22666) Submitting user block form with an invalid user name no longer
throws an error.
* (bug 22665, bug 22667) User '0' can now be unblocked and have its block
settings changed.
* (bug 22606) The body of e-mail address confirmation message is now different
when the address changed.
* (bug 22664) Special:Userrights now accepts '0' as a valid user name.
* (bug 5210) Preload parser now parses <noinclude>, <includeonly> and
redirects.
* (bug 22709) IIS7 mishandles redirects generated by OutputPage::output() when
the URL contains a colon.
* (bug 22353) Categorised recent changes now works again.
* (bug 22747) "Reveal my e-mail address in notification e-mails" preference is
now only displayed when relevant.
* (bug 22772) {{#special:}} parser function now works with subpages.
* (bug 18664) Relative URIs in interwiki links cause failed redirects.
* (bug 19270) Relative URIs in interwiki links break interwiki transclusion.
* (bug 22903) Revdelete log entries now show in the user preferred language.
* (bug 22905) Correctly handle <abbr> followed by ISBN.
* (bug 22940) Namespace aliases pointing to main namespace don't work.
* (bug 15810) Blocked admins can no longer block/unblock other users.
* (bug 22876) Avoid possible PHP Notice if $wgDefaultUserOptions is not
correctly set.
* (bug 14952) Page titles are renormalized after html entities are removed so
that links with non-NFC character references work correctly.
* (bug 22991) wgUserGroups JavaScript variable now reports * group for
anonymous users instead of null.
* (bug 22627) Remove PHP notice when deleting a page only hidden users edited.
* (bug 21520) Anonymous previews now also gives a warning about not being
logged in (anonpreviewwarning).
* (bug 22935) image/x-ms-bmp mime type added for BMP files.
* (bug 23024) Special:ListFiles now escapes file names correctly.
* (bug 22867) "View source" tab is now only displayed if there's source text.
* (bug 19393) Feeds now format dates in user language rather than content
language.
* (bug 22852) "Served in" comment is now the time used to cache a single page
when using rebuildFileCache.php
* (bug 22496) Viewing diff of a redirect page without specifying "oldid"
parameter no longer makes the page displayed as being the redirect target.
* (bug 22918) Feed cache keys now use $wgRenderHashAppend.
* (bug 21916) Last-Modified header is now correct when outputting cached feed.
* (bug 20049) Fixed PHP notice in search highlighter that occurs in some cases.
* (bug 23017) Special:Disambiguations now list pages in content namespaces
rather than only main namespace.
* (bug 23063) $wgMaxAnimatedGifArea is checked against the total size of all
frames, and $wgMaxImageArea against the size of the first frame, rather than
the other way around. Both now default to 12.5 megapixels. Also, images
exceeding $wgMaxImageArea can still be embedded at original size.
* (bug 23078) "All public logs" option on Special:Log is now always the first
item.
* (bug 16817) Group names in user rights log are now singular and in lowercase.
* Special:Preferences no longer crashes if the wiki default date formatting
style is not valid for the user's interface language.
* (bug 23167) Check the watch checkbox by default if the watchcreations
preference is set.
* Maintenance script cleanupTitles is now able to fix titles stored
in a negative namespace (which is invalid).
* (bug 19858) Removed obsolete <big> in interface messages.
* (bug 21456) "Bad title" error when showing non-local interwiki pages no longer
displays incorrect tabs.
* (bug 23190) Improved math representation for text browsers.
* (bug 22015) Improved upload-by-url error handling and error display.
* (bug 17941) $wgMaxUploadSize is now honored by all upload sources.
* (bug 23080) New usernames now limited to 235 bytes so that custom skin files
work.
* (bug 23075) Correct MediaTransformError default width in gallery.
* (bug 16487) The Anonymous user account used on Postgres is no longer
displayed on Special:Listusers.
* (bug 23313) Move watchlisthidepatrolled above token in watchlist preferences
to enhance preference grouping.
* (bug 23298) Interwiki links with prefix only in log summaries now link to the
correct link.
* (bug 23284) Times are now rounded correctly.
* (bug 23375) Added ogv, oga, spx as extensions for ogg files.
* (bug 18408) All required permissions for uploading (upload, edit, create)
are now checked when loading Special:Upload. Toolbar link for Special:Upload
is no longer shown if the user does not have the required permissions.
* (bug 23397) texvc in html mode renders \sim as ˜ not ∼
* (bug 23241) License selector should be disabled during upload of a new
version.
* (bug 23240) Add ID to namespace selector form on Special:Watchlist.
* The pipe | character in urls is now escaped.
* (bug 23422) mp3 files can now be moved.
* (bug 23448) MediaWiki:Summary-preview is now displayed instead of
MediaWiki:Subject-preview when previewing summary.
* (bug 23426) The {{REVISIONMONTH}} variable is now zero-padded and added
new variable {{REVISIONMONTH1}} when unpadded version is needed.
* Special:Userrights didn't recognize user as changing his/her own rights if
user did not capitalize first letter of username.
* (bug 23507) Add styles for printing wikitables.
* (bug 19586) Avoid JS errors in mwsuggest when using old browsers such
as Opera 8.
* (bug 23563) Old skins now support $wgUploadNavigationUrl and take into
account upload rights.
* (bug 1347) Render \phi in math using images, in order to create consistent
and correct render results.
* (bug 16573) Render \epsilon in math using images, in order to create
consistent and correct render results.
* (bug 22541) Support image redirects when using ForeignAPIRepo.
* (bug 22967) Make edit summary length cut-off behave correctly for multibyte
characters.
* (bug 8689) Long numeric lines no longer kill the parser.
* (bug 23740) Article::doRedirect() now use $extraQuery parameter correctly if
the $noRedir parameter is set to true.
* (bug 23688) Correct mime types for Office 2007 OpenXML documents.
* (bug 23787) Corrected $wgDefaultSkin's comment in DefaultSettings.php.
* (bug 23797) Xml::input() now allows '0' for the value parameter.
* (bug 23747) Make sure that on History pages, the RevDel button is not
accidentally activated when hitting enter.
* (bug 23845) Special:ListFiles now uses correct file names without underscores.
* Ask for permanent login in Special:Preferences only if $wgCookieExpiration >
0.
* (bug 16356) Repair dumpInterwiki.inc to use proper normalization.
* (bug 24006) deleteArchivedRevisions.php maintenance script now longer throws
a fatal error.
* (bug 23465) Don't ignore the predefined destination filename on
Special:Upload after following a red link.
* (bug 23642) Recognize mime types of MS OpenXML documents.
* (bug 22784) Normalise underscores and spaces in autocomments.
* (bug 19910) Headings of the form ===+\s+ are now displayed as valid headings.
* (bug 24022) Only check file extensions on the uploadpage when needed.
* (bug 24076) Recognize Office 2003 files with OpenXML trailers.
* (bug 24244) Updated comments in DefaultSettings.php to reflect
Image: --> File: namespace rename.
* Make wfTimestamp recognize negative unix timestamp values.
* (bug 24401) SimpleSearch: No button/text indicating 'Search' if image is
disabled.
* (bug 23293) Do not show change tags when Special:RecentChanges(linked) or
Special:Newpages is transcluded into another page as it messes up the page.
* (bug 24517) LocalFile::newFromKey() and OldLocalFile::newFromKey() no longer
throw fatal errors.
* (bug 23380) Uploaded files that are larger than allowed by PHP now show a
useful error message.
* Uploading to a protected title will allow the user to choose a new name
instead of showing an error page.
* (bug 24425) Use Database::replace instead of delete/insert in
SqlBagOStuff::set to avoid query errors about duplicate keynames.
* (bug 15470) First letters of filenames are always capitalized by upload JS.
* (bug 21215) NoLocalSettings.php doesn't tolerate rewrite rules.
* (bug 21052) Fix link color for stubs in NewPages.
* (bug 24714) Usage of {{#dateformat: }} in wikis without $wgUseDynamicDates no
longer pollutes the parser cache.
* (bug 17031) Correct which characters the parser allows in tag attributes (a
letter, colon or underscore followed by 0 or more letters, numbers, colons,
underscores, hyphens, and/or periods).
* Save 200 useless queries on each category page view.
* Shell commands will now work on Linux in filesystems mounted noexec.
* (bug 24804) Corrected commafying in Polish and Ukrainian.
* "Difference between pages" is now displayed instead of "Difference between
revisions" on diffs when appropriate.
* (bug 23703) ForeignAPIRepo fails on findBySha1() when using a 1.14 install as
a repository due to missing 'name' attribute from the API list=allimages.
* (bug 24898) MediaWiki uses /tmp even if a vHost-specific tempdir is set, also
make wfTempDir() return a sane value for Windows on worst-case.
* (bug 24824) Support ImageMagick 6.5.6-2+ JPEG decoder size hint, to reduce
memory usage when such an ImageMagick is used for scaling.
* Disable multithreaded behavior in recent ImageMagick, to avoid a deadlock
when a resource limit such as $wgMaxShellMemory is hit.
* (bug 24981) Allow extensions to access SpecialUpload variables again.
* (bug 20744) Wiki forgets about an uploaded file.
* (bug 17913) Don't show "older edit" when no older edit available.
* (bug 6204) TOC not properly rendered when using $wgMaxTocLevel.
* (bug 24977) The accesskey in history page now lead directly to the diff
instead of alternating focus between the two buttons.
* (bug 24987) Special:ListUsers does not take external groups into account.
* (bug 20633) update.php has mixed language output.
* SQLite system table names are now never prefixed.
* (bug 25292) SkinSubPageSubtitle hook now passes the Skin object as second
parameter.
* (bug 25167) Correctly load JS fixes for IE6 (fixing a regression in 1.16).
* (bug 25367) wfShellExec() is more explicit when failing due to disabled
passthru().
* (bug 25462) Fix double-escaping for section edit link tooltips.
* action=raw was removed for Special:Statistics. This information is still
available via the API.
* (bug 23934) Groups defined in $wgRevokePermissions but not in
$wgGroupPermissions now appear on Special:ListGroupRights.
* (bug 23923) Special:Prefixindex no longer shows results if nothing was
requested.
* (bug 22308) Search now finds text in default main page immediately after
setup.
* (bug 25697) Make sure empty lines render in diff view.
* Use an actual minus sign in diff views, instead of a hyphen.
* (bug 23732) Clarified "n links" message on Special:MostLinkedFiles.
* (bug 23731) Clarified "n links" message on Special:MostLinkedTemplates.
* (bug 25642) A exception is now thrown instead of a fatal error when using
$wgSMTP without PEAR mail package.
* (bug 19633) When possible, Upscale small SVGs when creating thumbnails.
* (bug 11013) Database driver detection needs rewriting for robustness.
* (bug 13409) Installer prompts could use clarification--now has help boxes.
* (bug 16902) Installer spews warnings when exec() and dl() are not available.
* (bug 19129) Only show MyISAM/InnoDB when supported.
* (bug 17762) Only show other e-mail options when e-mail is globally enabled.
* Cache multiple sizes of InstantCommons thumbnails.
* (bug 25488) Disallowing anonymous users to read pages no longer throws error
on discussion pages with vector as default skin.
* (bug 24833) Files name in includes/diff/ are now less confusing.
* (bug 25713) SpecialPage::resolveAlias() now normalise spaces to underscores.
* (bug 25829) Special:Mypage and Special:Mytalk now forward oldid, diff and dir
parameters.
* (bug 25175) HTML file cache now honor $wgCacheDirectory if
$wgFileCacheDirectory is not set.
* (bug 13353) Diff3 version checks were too strict, did not detect working
diff3.
* (bug 25843) Links to special pages using link= attribute on images are now
normalised like normal links to special pages.
* (bug 21364) External links using link= attribute on images now respect
$wgExternalLinkTarget.
* (bug 17789) Added a note to the total views on Special:Statistics saying that
is doesn't count non-existing pages and special pages.
* (bug 17996) HTTP redirects are now combined when requesting a special page.
* (bug 19944) Link on image thumbnails no longer link to "Media:" namespace in
some cases.
* (bug 25670) wfFindFile() now checks the namespace of the given title, only
"File" and "Media" are allowed now.
* (bug 25872) Rename the HttpRequest class to MWHttpRequest to avoid conflict
with php extension that defines same class.
* (bug 20591) There's now a different message on Special:MovePage when
$wgFixDoubleRedirects is set to false.
* Fixed PHP warnings when updating a broken MySQL database.
* (bug 26023) Corrected deleteBacth.php's documentation.
* (bug 25451) Improved datetime representation in 32 bit php >= 5.2.
* Show "skin does not exist error" only when the skin is inputted in the wrong
case.
* (bug 26164) Potential html injection when the database server isn't available.
* (bug 26160) Upload description set by extensions are not propagated.
* (bug 9675) generateSitemap.php now takes an --urlpath parameter to allow
absolute URLs in the sitemap index (as required e.g. by Google).
* Partial workaround for bug 6220: at least make files on shared repositories
show up as (struck-out) bluelinks instead of redlinks on Special:WantedFiles.
* rebuildFileCache.php no longer creates inappropriate cache files for
redirects.
* (bug 25512) Subcategory list should not include category prefix for members.
* (bug 10871) Javascript and CSS pages in MediaWiki namespace are no longer
treated as wikitext on preview.
* Page existence is now not revealed (in the colour of the tabs) to users who
cannot read the page in question.
* (bug 22753) Output from update.php is more clear when things changed, entries
indicating nothing changed are now all prefixed by "..."
* (bug 16019) $wgArticlePath = "/$1" no longer breaks API edit/watch actions.
* (bug 18372) File types blacklisted by $wgFileBlacklist will no longer be shown
as "Permitted file types" on the upload form.
* (bug 26540) Fixed wrong call to applyPatch in MysqlUpdater.
* (bug 26034) Make the "View / Read" tab in content_navigation style tabs remain
selected when the action is "purge".
* (bug 26733) Wrap initial table creation in transaction.
* (bug 26208) Mark directionality of some interlanguage links.
* (bug 26716) Provide link to instructions for external editor related
preferences.
* (bug 26961) Hide anon edits in watchlist preference now actually works.
* (bug 1379) Installer directory conflicts with some hosts' configuration panel.
* (bug 27781) Installer does not warn about 5.1.x. Added a compatibility
function for array_key_exists().
* Fix XML well-formedness on a few pages when $wgHtml5 is true (the default).
* (bug 28069) MediaWiki fails streaming files when mod_deflate and ob_gzhandler
are also set.
* (bug 26223) Concurrently moving an article to different titles leaks a
redirect revision with no page.
* (bug 15641) Fixed permissions checks in Special:Import which allowed users
without the 'import' permission to import pages from configured import
sources.
* (bug 26449) Keep underlines from headings outside of tables and thumbs by
adding overflow:hidden to h1,h2,h3,h4,h5,h6 (also fixes editsection bunching).
* (bug 26708) Remove background-color:white from tables in Monobook and Vector.
* (bug 26781) {{PAGENAME}} and related parser functions escape their output
better.
* (bug 26716) Provide link to instructions for external editor related
preferences and add a comment to the ini control file explaining what is going
on.
* (bug 28422) Remove color:black from tables in Monobook and Vector. And add it
to table.wikitable instead.
* (bug 27560) Search queries no longer fail in walloon language.
* (bug 27700) The upload protection can now also be set for files that do not
exist.
* (bug 28034) uploading file to local wiki when file exists on shared repository
(commons) gives spurious info in the warning message.
* Usernames get lost when selecting different sorts on Special:listfiles.
* (bug 28166) UploadBase assumes that 'edit' and 'upload' rights are not per
page restrictions.
* (bug 28242) Make redirects generated by urls containing a local interwiki
prefix be a 301 instead of a 302.
* (bug 28568) Entries in the iwlinks table are now removed on page deletion.
* (bug 28306) Fix exposure of suppressed usernames in ForeignDBRepo.
* (bug 28444) Fix regression: edit-on-doubleclick retains revision id again.
* UtfNormal::cleanUp on an invalid utf-8 sequence no longer returns false if
intl installed.
* (bug 26729) Category pages should return 404 if they do not exist and have no
members.
* (bug 28214) When page not found, sends malformed HTTP/1.x instead of HTTP/1.1
in header of response.
* (bug 27634) TOC title appears in wrong language.
* (bug 27761) Fix regression: pages with Esperanto titles containing convertible
character sequences became unreachable.
* (bug 27508) SVGMetadataExtractor takes too much resources on huge svgs.
* (bug 27465) SVG thumbnail generation.
* (bug 27467) preload can leave UNIQ.
* (bug 27539) Allow attributes beginning with a digit in wikitext tag
parameters.
* (bug 27328) using relative paths in CSS imports in MediaWiki:Common.css broken
in 1.17.
* (bug 27333) Fix repetitive last-seen time queries on page history.
* (bug 26250, bug 23817) Fix wfObjectToArray() to descend into arrays; fixes
processing of JSON return values for ForeignAPIRepo when native json module
not present.
* (bug 25675) Fix search suggestions for Special: pages with spaces.
* (bug 25571) Xml::encodeJsVar now passes floats natively instead of converting
to strings.
* (bug 27338) Gallery in 1.17 breaks for audio/video + ogghandler.
* (bug 27302) Don't append the current timestamp for user/site modules when no
user/site JS/CSS is present.
* (bug 27016) dumpTextPass.php now consider the "output" parameter.
* (bug 22606) don't send the "someone registred an account" message when setting
email address (i.e. old one empty) in user preferences.
* (bug 26458) Section edit links appear on pages that user does not have right
to edit.
* (bug 28611) Don't die in SqlBagOStuff::incr() if there's a race condition.
* (bug 16886) Sister projects box moves down the extract of the first result
in IE 7.
* (bug 17398) Fixed "link" parameter in image links with "thumb" or "frame"
parameter.
=== API changes in 1.17 ===
* BREAKING CHANGE: action=patrol now requires POST.
* BREAKING CHANGE: patrol token is no longer the same as edit token.
* BREAKING CHANGE: Session keys returned by ApiUpload are now strings instead
of integers.
* BREAKING CHANGE: (bug 25303) Fix API parameter integer validation to actually
enforce validation on the input values in addition to giving a warning.
Also add flag to enforce (die) if integer out of range.
* (bug 24650) Fix API to work with categorylinks changes.
* action=parse now correctly returns an error for nonexistent pages.
* (bug 27201) Special:WhatLinksHere output no longer contains duplicate IDs.
* (bug 26560) On allusers if limit < total number of users, last user gets
duplicated.
* (bug 27715) imageinfo didn't respect revdelete.
* (bug 27479) API error when using both prop=pageprops and
prop=info&inprop=displaytitle.
* (bug 27862) Useremail module didn't properly return success on success.
* (bug 27590) prop=imageinfo now allows querying the media type.
* (bug 27587) list=filearchive now outputs full title info.
* (bug 27897) list=allusers and list=users list hidden users.
* (bug 22738) Allow filtering by action type on query=logevent.
* (bug 22764) uselang parameter for action=parse.
* (bug 22944) API: watchlist options are inconsistent.
* (bug 22868) don't list infinite block expiry date as "now" in API logevents.
* (bug 22290) prop=revisions now outputs "comment" field even when comment
is empty, for consistency with list=recentchanges.
* (bug 19721) API action=help should have a way to just list for a specific
module.
* (bug 23458) Add support for pageid parameter to action=parse requests.
* (bug 23460) Parse action should have a section option.
* (bug 21346) Make deleted images searchable by hash.
* (bug 23461) Normalise usage of parameter names in parameter descriptions.
* (bug 23548) Allow access of another users watchlist through watchlistraw
using token and username.
* (bug 23524) Api Modules as followup to bug 14473 (Add iwlinks table to
track inline interwiki link usage).
* Add pltitles and tltemplates to prop=links and prop=templates respectively,
similar to prop=categories's clcategories.
* (bug 23834) Invalid "thumbwidth" and "thumbheight" in "imageinfo" query when
thumbnailing larger than original image.
* (bug 23835) Need "thumbmime" result in "imageinfo" query.
* (bug 23851) Repair diff for file redirect pages.
* (bug 24009) Include implicit groups in action=query&list=users&usprop=groups.
* (bug 24016) API: Handle parameters specified in simple string syntax
( 'paramname' => 'defaultval' ) correctly when outputting help.
* (bug 24089) Logevents causes PHP Notice if leprop=title isn't supplied.
* (bug 23473) Give description of properties on all modules.
* (bug 24136) unknownerror when adding new section without summary, but
forceditsummary.
* (bug 22339) Added srwhat=nearmatch to list=search to get a "go" result.
* (bug 24303) Added new &servedby parameter to all actions which adds the
hostname that served the request to the result. It is also added
unconditionally on error.
* (bug 24185) Titles in the Media and Special namespace are now supported for
title normalization in action=query. Special pages have their name resolved
to the local alias.
* (bug 24296) Added converttitles parameter to convert titles to their
canonical language variant.
* (bug 23936) Add "displaytitle" to query/info API.
* (bug 24485) Make iwbacklinks a generator, optionally display iwprefix and
iwtitle.
* (bug 24564) Fix fatal errors when using list=deletedrevs, prop=revisions or
one of the backlinks generators with limit=max.
* (bug 24656) API's parse module needs option to disable PP report.
* PARAM_REQUIRED parameter flag added. If this flag is set, and the end user
does not set the parameter, the API will automatically throw an error.
* (bug 24665) When starttimestamp is not specified, fake it by setting it to
NOW, not to the timestamp of the last edit.
* (bug 24677) axto= parameters added to allcategories, allimages, alllinks,
allmessages, allpages, and allusers.
* (bug 24236) Add add, remove, add-self, remove-self tags to
meta=siteinfo&siprop=usergroups.
* (bug 24484) Add prop=pageprops module.
* (bug 24330) Add &redirect parameter to ?action=edit.
* (bug 24722) For list=allusers&auprop=blockinfo, only show blockedby and
blockreason if the user is actually blocked.
* Add format=dump and format=dumpfm, outputs results in PHP's var_dump() format.
* For required string parameters, if '' is provided, this is now classed as
missing.
* (bug 24724) list=allusers is out by 1 (shows total users - 1).
* (bug 24166) API error when using rvprop=tags.
* Introduced "asynchronous download" mode for upload-by-url. Requires
$wgAllowAsyncCopyUploads to be true.
* sinumberingroup correctly gives size of 'user' group, and omits size of
implicit groups rather than showing 0.
* (bug 25248) API: paraminfo errors with certain modules.
* (bug 24792) API help for action=purge sometimes wrongly stated whether a
POST request was needed due to cache pollution.
* Added iiprop=parsedcomment to prop=imageinfo, similar to prop=revisions.
* Added rvparse to parse revisions. For performance reasons if this option is
used, rvlimit is enforced to 1.
* (bug 25748) If a action=parse request provides an oldid that is actually the
current revision id, try the parser cache, and save it to it if necessary.
* (bug 25463) Export header should not be shown if no pages were requested, to
reduce confusion.
* (bug 25648) API discovery information has been added as RSD link in page
<head> and by providing an API module action=rsd. Added hook
ApiRsdServiceApis for extensions to add their own service to the services
list.
* The HTML of diff output markers has changed. Hyphens are now minus signs,
empty markers are now filled with non-breaking-space characters.
* (bug 25741) Add more data to list=search's srprop.
* (bug 25760) counter property still reported by the API when
$wgDisableCounters enabled.
* (bug 25987) prop=info&inprop=watched now also works for missing pages.
* (bug 26006) prop=langlinks now allows obtaining full URL.
* (bug 26075) ApiDelete.php now calls correctly ArticleDelete hook.
* (bug 26089) add block expiration to blockinfo.
* (bug 26125) prop=imageinfo&iiprop=size now returns the page count if the
file is a multi-page file.
* (bug 10268) Added linktodiffs parameter on action=feedwatchlist.
* (bug 26219) Show API limits for multi values in description.
* (bug 28070) Fix watchlist RSS for databases that store timestamps in a
real timestamp field.
* (bug 27722) list=filearchive now supports revdel.
=== Language support changes in 1.17 ===
MediaWiki supports over 330 languages. Many localizations are updated regularly.
The following languages were added:
* Moroccan Spoken Arabic (ary)
* Banjar (bjn)
* Kabardian (kbd)
* Kabardian (Cyrillic) (kbd-cyrl)
* Latgalian (ltg)
* Minangkabau (min)
* Dutch (informal) (nl-informal)
* Rusyn (rue)
Other significant changes to MediaWiki's language support:
* Fiji Hindi (Devangari script) was removed.
* Removed deprecated language code "dk" (Danish), use "da" instead.
* Link trail added for sl and sh.
* (bug 27633) Add characters to linkTrail for Portuguese (pt and pt-br).
* (bug 23156) Commafy and search normalization updated for Belarusian
(Taraškievica).
* (bug 23283) Native name for Old English -> Ænglisc.
* (bug 23364) Native name for Azerbaijani -> Azərbaycanca.
* (bug 24593) Native name for Sorani now uses only Arabic script.
* (bug 24628) Generic translations for NS_USER/NS_USER_TALK for Esperanto.
* (bug 24917) Polish as fallback for Kashubia.
* (bug 24794) Tatar link trail updated.
* Esperanto date format corrected.
* (bug 28159) Change interwiki name of language kbd to Къэбэрдеибзэ /
Qabardjajəbza.
* (bug 28184) Namespaces for the Latgalian Wikipedia.
* (bug 25010) Bashkir-language interwikis: linktext change from Башҡорт
to Башҡортса.
* (bug 26395) Change name of Cornish language to Kernowek.
=== Other changes in 1.17 ===
* DatabaseFunctions.php that was needed for compatibility with pre-1.3
extensions has been removed.
* XmlFunctions.php has been removed. Use the Xml or Html classes as appropriate.
* The FailFunction "error handling" method has now been removed
* Sysops now have the "suppressredirect" right by default
* Removed $wgRemoteUploads. It was not well supported and superseded by
$wgUploadNavigationUrl.
* (bug 26253) $wgPostCommitUpdateList has been removed
* The PHPUnit test suite has been removed from this release due to serious
issues which should be resolved by the 1.18 release.
* Oracle DB now uses the __destruct function to commit/close connection as it
doesn't commit on close if transation is triggered in OCI.
== MediaWiki 1.16 ==
== MediaWiki 1.16.5 ==
=== Changes since 1.16.4 ===
* (bug 28534) Fixed XSS vulnerability for IE 6 clients. This is the third
attempt at fixing bug 28235.
* (bug 28639) Fixed potential privilege escalation when $wgBlockDisablesLogin
is enabled.
== MediaWiki 1.16.4 ==
=== Changes since 1.16.3 ===
* (bug 28507) The change we made in 1.16.3 to fix bug 28235 (XSS for IE 6
clients) was not actually sufficient to fix that bug. This release contains
a second attempt, hopefully we have fixed it this time.
== MediaWiki 1.16.3 ==
=== Changes since 1.16.2 ===
* (bug 28449) Fixed permissions checks in Special:Import which allowed users
without the 'import' permission to import pages from the configured import
sources.
* (bug 28235) Fixed XSS affecting IE 6 and earlier clients only, due to those
browsers looking for a file extension in the query string of the URL, and
ignoring the Content-Type header if one is found.
* (bug 28450) Fixed a CSS validation issue involving escaped comments, which
led to XSS for Internet Explorer clients and privacy loss for other clients.
== MediaWiki 1.16.2 ==
=== Changes since 1.16.1 ===
* (bug 26642) Fixed incorrect translated namespace due to a regression in the
language converter.
* The interface translations were updated.
* (bug 27093, CVE-2011-0047): Fixed CSS injection vulnerability.
* (bug 27094) Fixed server-side arbitrary script inclusion vulnerability.
Affects Windows servers only. A malicious file with extension ".php" must
exist on the server for the exploit to be effective.
== MediaWiki 1.16.1 ==
=== Changes since 1.16.0 ===
* (bug 24981) Allow extensions to access SpecialUpload variables again
* (bug 24724) list=allusers was out by 1 (shows total users - 1)
* (bug 24166) Fixed API error when using rvprop=tags
* For wikis using French as a content language, Special:Téléchargement works
again as an alias for Special:Upload.
* (bug 25167) Correctly load JS fixes for IE6 (fixing a regression in 1.16.0)
* (bug 25248) Fixed paraminfo errors in certain API modules.
* The installer now has improved handling for situations where safe_mode is
active or exec() and similar functions are disabled.
* (bug 19593) Specifying --server in now works for all maintenance scripts.
* Fixed $wgLicenseTerms register globals.
* (bug 26561) Fixed clickjacking vulnerabilities by introducing support for
X-Frame-Options. The header value can be configured using $wgBreakFrames and
$wgEditPageFrameOptions.
== MediaWiki 1.16.0 ==
=== Changes since 1.16 beta 3 ===
* (bug 23769) Disabled HTML 5 client-side form validation. Was introduced in
1.16 beta 1, but is currently poorly supported by browsers.
* (bug 23175) Re-added window.ta variable for backwards compatibility.
* (bug 23264) Fixed breakage of various command line scripts due to extra line
endings being inserted by Maintenance::output().
* Fixed HTTP client functionality with safe_mode=On.
* Fixed parser tests broken in 1.16 beta 3.
* For Oracle DB backend: fixed parser tests and table prefix feature.
* (bug 23767) Fixed PHP warning when REQUEST_URI is blank (IIS issue).
* Fixed plural function for Northern Sami (se)
* (bug 23597) Fixed conflicts between ID attributes in the Vector skin and
parser-generated heading IDs. Renamed head, panel, head-base and page-base.
* Disabled $wgHitcounterUpdateFreq>1 feature on SQLite, does not work yet.
* (bug 23465) Don't ignore the predefined destination filename on
Special:Upload after following a red link to a file.
* In SQLite full-text search feature: fixed "move page" feature, was non-
functional.
* (bug 24565) Fixed Cache-Control headers sent from API modules, to protect
user privacy in the case where an attacker can access the wiki through the
same HTTP proxy as a logged-in user.
* Fixed an XSS vulnerability in profileinfo.php for installations with
$wgEnableProfileInfo = true (false by default)
* Fixed a case where an X-Vary-Options header was sent despite $wgUseXVO being
false. Fixed a minor header parsing issue when $wgUseXVO = true.
* Fixed a register_globals arbitrary inclusion vulnerability in
MediaWikiParserTest.php, introduced in 1.16 beta 1.
=== Changes since 1.16 beta 2 ===
* Fixed bugs in the [[Special:Userlogin]] and [[Special:Emailuser]] handling of
invalid usernames.
* Fixed sorting in [[Special:Allmessages]]
* (bug 23113) Fixed title in the show/hide links on diff pages
* (bug 23117) Fixed API rollback, was returning "badtoken" for valid requests
* (bug 23127) Re-added missing $1 parameter to the uploadtext message
* Fixed a bug in the Vector skin where personal tools display behind the logo
* (bug 23139) Fixed a bug in edit conflict resolution, where both textboxes
showed the same text.
* (bug 23115, bug 23124) Fixed various problems with <title> and <h1> elements
in page views and previews when the language converter is enabled.
* (bug 23148) Fixed a local path disclosure vulnerability in ImageMagick image
scaling, which was introduced in 1.16 beta 1.
* Improved error checking on installer.
* (bug 22970) Fixed a JavaScript error in the upload destination conflict
check.
* (bug 23167) Check the watch checkbox by default if the watchcreations
preference is set.
* (bug 23171) Improve IE6 version check to avoid false positives.
* (bug 23176) Fixed upload warning override feature "upload new version",
broken in 1.16 beta 1.
* Fixed regression in unwatch links sent out in notification emails. When the
mailing job was deferred via the job queue, the title was incorrect.
* (bug 23534) Fixed SQL query error in API list=allusers.
* Fixed a bug in uploads for non-JavaScript clients. An empty string was used
as the default destination filename, instead of the source filename as
expected.
* (bug 23371) Fixed CSRF vulnerability in "e-mail me my password", "create
account" and "create by e-mail" features of [[Special:Userlogin]]
* (bug 23687) Fixed XSS vulnerability affecting IE clients only, due to a CSS
validation issue.
* Fixed a DoS vulnerability in ImageMagick image scaling. ImageMagick
expanded wildcard characters "?" and "*" in image filenames, potentially
causing large numbers of images to be scaled in response to a single request.
The fix for this involves breaking the scaling of such image filenames until
ImageMagick 6.6.1-5 or later is deployed, see bug 23361 for more details.
* (bug 23608) Fixed invalid HTML in diff pages.
=== Changes since 1.16 beta 1 ===
* Fixed errors in maintenance/patchSql.php
* (bug 19627) Fix regression from r57867 where HTMLForm would output
<element classes="foo bar"> rather than <element class="foo bar">
* Fixed broken "-r" option to maintenance/lag.php
* (bug 23076) Fixed login CSRF vulnerability. Logins now require a token to
be submitted along with the user name and password.
=== Configuration changes in 1.16 ===
* (bug 18222) $wgMinimalPasswordLength default is now 1
* $wgSessionHandler can be used to configure session.save_handler
* $wgLocalFileRepo/$wgForeignFileRepos now have a 'fileMode' parameter to
be used when uploading/moving files
* (bug 18761) $wgHiddenPrefs is a new array for specifying preferences not
to be shown to users
* $wgAllowRealName and $wgAllowUserSkin were deprecated in favor of
$wgHiddenPrefs[] = 'realname', but the former are still retained
for backwards-compatibility
* (bug 9257) $wgRCMaxAge now defaults to three months
* $wgDevelopmentWarnings can be set to true to show warnings about deprecated
functions and other potential errors when developing.
* Subpages are now enabled in the MediaWiki namespace by default. This is
mainly a cosmetic change, and does not in any way affect the MessageCache,
which was already effectively treating the namespace as if it had subpages.
* Oracle: maintenance/ora/user.sql script for creating DB user on oracle with
appropriate privileges. Creating this user with web-install page requires
oci8.privileged_connect set to On in php.ini.
* Removed UserrightsChangeableGroups hook introduced in 1.14
* Added $wgCacheDirectory, to replace $wgFileCacheDirectory,
$wgLocalMessageCache, and any other local caches which need a place to put
files.
* $wgFileCacheDirectory is no longer set to anything by default, and so either
needs to be set explicitly, or $wgCacheDirectory needs to be set instead.
* $wgLocalMessageCache has been removed. Instead, set $wgUseLocalMessageCache
to true
* Removed $wgEnableSerializedMessages and $wgCheckSerialized. Similar
functionality is now available via $wgLocalisationCacheConf.
* $wgMessageCache->addMessages() is deprecated. Messages added via this
interface will not appear in Special:AllMessages.
* $wgRegisterInternalExternals can be used to record external links pointing
to same server
* (bug 19907) $wgCrossSiteAJAXdomains and $wgCrossSiteAJAXdomainExceptions added
to control which external domains may access the API via cross-site AJAX.
* $wgMaintenanceScripts for extensions to add their scripts to the default list
* $wgMemoryLimit has been added, default value '50M'
* $wgExtraRandompageSQL is deprecated, the SpecialRandomGetRandomTitle hook
should be used instead
* (bug 20489) $wgIllegalFileChars added to override the default list of illegal
characters in file names.
* (bug 19646) $wgImgAuthDetails added to display reason access to uploaded file
was denied to users(img_auth only)
* (bug 19646) $wgImgAuthPublicTest added to test to see if img_auth set up
correctly (img_auth only)
* $wgUploadMaintenance added to disable file deletions and restorations during
maintenance
* $wgCapitalLinkOverrides added to configure per-namespace capitalization
* (bug 21172) $wgSorbsUrl can now be an array with multiple DNSBL and renamed
to $wgDnsBlacklistUrls (backward compatibility kept)
* $wgEnableHtmlDiff has been removed
* (bug 3340) $wgBlockCIDRLimit added (default: 16) to configure the low end of
CIDR ranges for blocking
* $wgUseInstantCommons added for quick and easy enabling of Commons as a remote
file repository
* $wgDBAhandler added to choose a DBA handler when using CACHE_DBA
* $wgPreviewOnOpenNamespaces for extensions that create namespaces that behave
similarly to the category namespace.
* $wgEnableSorbs renamed to $wgDnsBlacklistUrls ($wgEnableSorbs kept for
backward compatibility)
* $wgUploadNavigationUrl now also affects inline images that do not
exist. In that case the URL will get (?|&)wpDestFile=<filename> appended to
it as appropriate.
* If $wgLocaltimezone is null, use the server's timezone as the default for
signatures. This was always the behavior documented in DefaultSettings.php
but has not been the actual behavior for some time: instead, UTC was used
by default.
* Added $wgExtensionAssetsPath, to decouple assets serving from $wgScriptPath.
If not specified it will default to $wgScriptPath/extensions
* Added $wgCountTotalSearchHits to make search UI display total number of hits
with some search engines.
* Added $wgAdvertisedFeedTypes to decide what feed types (RSS, Atom, both, or
neither) MediaWiki advertises. Default is array( 'atom' ), so RSS is no
longer advertised by default (but it still works).
* Added $wgMemCachedTimeout, controls how long to wait for data from the
memcached servers.
* New configuration variables $wgDebugTimestamps and $wgDebugPrintHttpHeaders
for controlling debug output.
* New $wgBlockDisablesLogin when set to true disallows blocked users from
logging in.
* (bug 8790) Metadata edition ($wgUseMetadataEdit) has been moved to a separate
extension "MetadataEdit".
=== New features in 1.16 ===
* Add CSS defintion of the 'wikitable' class to shared.css
* (bug 17163) Added MediaWiki:Talkpageheader which will be displayed when
viewing talk pages
* Superfluous border="0" removed from images
* Added new hook 'MessageCacheReplace' into MessageCache.php. For instance
to allow extensions to update caches in similar way as MediaWiki invalidates
a cached MonoBook sidebar
* Special:AllPages: Move hardcoded styles from code to CSS
* (bug 18529) New hook: SoftwareInfo for adding information about the software
to Special:Version
* Added $wgExtPGAlteredFields to allow extensions to easily alter the data
type of columns when using the Postgres backend.
* (bug 16950) Show move log when viewing/creating a deleted page
* (bug 18242) Show the Subversion revision number per extensions in
Special:Version
* (bug 18420) Missing file revisions are handled gracefully now
* (bug 9219) Auth plugins can control editing RealName/Email/Nick preferences
* (bug 18466) Add note or warning when overruling a move (semi-)protection
* (bug 18342) insertTags works in edit summary box
* (bug 18411) The upload form also checks post_max_size
* Watchlist now has a specialized <div> tag that contains a unique class for
each page
* Added Minguo calendar support for the Taiwan Chinese language
* Database: unionQueries function to be used for UNION sql construction, so
it can be overloaded on DB abstraction level for DB specific functionality
* (bug 18849) Implement Japanese and North Korean calendars
* (bug 5755) Introduce {{CURRENTMONTH1}} and {{LOCALMONTH1}} to display the
month number without the leading zero
* (bug 13456) categoriespagetext supports PLURAL
* (bug 18860) Blocks of IPs affecting registered users can now block email
* (bug 17093) Date and time are separate parameters in Special:BlockList
* (bug 11484) Added ISO speed rating to default collapsed EXIF metadata view
* (bug 14866) Messages 'recentchangeslinked-toolbox' and
'recentchangeslinked-toolbox' were added to allow more fine grained
customisation of the user interface
* DISPLAYTITLE now accepts a limited amount of wiki markup (the single-quote
items)
* Special:Search now could search terms in all variant-forms. ONLY apply on
wikis enabled LanguageConverter.
* Add autopromote condition APCOND_BLOCKED to autopromote blocked users to
various user groups.
* Add $wgRevokePermissions as a means of restricting a group's rights. The
syntax is identical to $wgGroupPermissions, but users in these groups will
have these rights stripped from them.
* Added a PHP port of CDB (constant database), for improved local caching when
the DBA extension is not available.
* Introduced a new system for localisation caching. The system is based around
fast fetches of individual messages, minimising memory overhead and startup
time in the typical case. The database backend will be used by default, but
set $wgCacheDirectory to get a faster CDB-based implementation.
* Expanded the number of variables which can be set in the extension messages
files.
* Added a feature to allow per-article process pool size control for the parsing
task, to limit resource usage when the cache for a heavily-viewed article is
invalidated. Requires an external daemon.
* (bug 19576) Moved the id attributes from the anchors accompanying section
headers to the <span class="mw-headline"> elements within the section headers,
removing the redundant anchor elements.
* Parser::setFunctionTagHook now can be used to add a new tag which is parsed at
preprocesor level.
* Added $wgShowArchiveThumbnails, allowing sysadmins to disable thumbnail
display for old versions of images.
* In watchlists and Special:RecentChanges, the difference in page size now
appears in dark green if bytes were added and dark red if bytes were removed.
* Added FSRepo configuration properties thumbUrl and thumbDir, to allow the
thumbnails to be stored in a separate location to the source images.
* If config/ directory is not executable, the command to make it executable
now asks the user to cd to the correct directory
* Add experimental new external authentication framework, ExternalAuth
* (bug 18768) Remove AdminSettings requirements. Maintenance environment
will still load it if it exists, but it's not required for anything
* (bug 19900) The "listgrouprights-key" message is now wrapped in a div with
class "mw-listgrouprights-key"
* (bug 471) Allow RSS feeds for watchlist, using an opt-in security token
* (bug 10812) Interwiki links can have names and descriptions, fetched from
message 'interwiki-desc-PREFIX', not really used anywhere yet though
* (bug 9691) Add type (signup or login) parameter to
AuthPlugin::ModifyUITemplate()
* (bug 14454) "Member of group(s)" in Special:Preferences causes language
difficulties
* (bug 16697) Unicode combining characters are difficult to edit in some
browsers
* Parser test supports uploading results to remote CodeReview instance
* (bug 20013) Added CSS class "mw-version-ext-version" is wrapped on the
extension version in Special:Version
* (bug 20014) Added CSS class "mw-listgrouprights-right-name" is wrapped on the
right name in Special:ListGroupRights
* (bug 12920) New CoreParserFunction {{nse:...}} as an url-friendly equivalent
to {{ns:...}}
* (bug 16322) Allow maintenance scripts to accept DB user/pass over input or
params
* (bug 18566) Maintenance script to un/protect pages
* (bug 671) The HTML <abbr> tag is now permitted.
* RecentChanges now has a legend to explain what the Nmb! flags mean, and the
flags have tooltips.
* (bug 15209) New hook BeforeInitialize called after everything has been setup
but before MediaWiki::performRequestForTitle()
* wgMainPageTitle variable now available to JavaScript code to identify the main
page link, so it doesn't have to be extracted from the link URLs.
* (bug 16836) Display preview of signature in user preferences and describe its
use
* The default output format is now HTML 5 instead of XHTML 1.0 Transitional.
This can be disabled by setting $wgHtml5 = false;. Specific features enabled
if HTML 5 is used:
** Some extra inputs will be autofocused, in supporting browsers.
** The summary attribute has been removed from tables of contents. summary is
obsolete in HTML 5 and wasn't useful here anyway.
** Unnecessary type="" attribute removed for CSS and JS.
** If $wgWellFormedXml is set to false, some bytes will be shaved off of HTML
output by omitting some things like quotation marks where HTML 5 allows.
** (bug 16921) maxlength enabled for page move comments
* The description message in $wgExtensionCredits can be an array with parameters
* New hook SpecialRandomGetRandomTitle allows extensions to modify the selection
criteria used by Special:Random and subclasses, or substitute a custom result,
deprecating the $wgExtraRandompageSQL config variable
* (bug 20318) Distinct CSS classes for ISBN/RFC/PMID special links added
* (bug 20404) Custom fields in the user creation form template can now have
detail labels in prefsectiontip divs.
* MakeSysop and MakeBot are now aliases for Special:UserRights
* IndexPager->mLimitsShown can now be an associative array of limit => text-to-
display-in-limit-form.
* (bug 18880) LogEventsList::showLogExtract() can now take a string-by-reference
and add its HTML to it, rather than having to go straight to $wgOut.
* Added $wgShowDBErrorBacktrace, to allow users to easily gather backtraces for
database connection and query errors.
* Show change block / unblock link on Special:Contributions if user is blocked
* Display note on Special:Contributions if the user is blocked, and provide an
excerpt from the block log.
* (bug 19646) New hook: ImgAuthBeforeStream for tests and functionality before
file is streamed to user, but only when using img_auth
* Note on non-existing user and user talk pages if user does not exist
* New hook ShowMissingArticle so extensions can modify the output for
non-existent pages.
* Admins could disable some variants using $wgDisabledVariants now. ONLY apply
on wikis enabled LanguageConverter.
* (bug 16310) Credits page now lists IP addresses rather than saying the number
of anonymous users that edited the page
* New permission 'sendemail' added. Default right for all registered users. Can
for example be used to prevent new accounts from sending spam.
* (bug 16979) Tracking categories for __INDEX__ and __NOINDEX__
* Two new hooks, ConfirmEmailComplete and InvalidateEmailComplete, which are
called after a user's email has been successfully confirmed or invalidated.
* (bug 19741) Moved the XCF files out of the main MediaWiki distribution, for
a smaller subversion checkout.
* (bug 13750) First letter capitalization can now be a per-namespace setting
* (bug 21073) "User does not exist" message no longer displayed on sub-sub-pages
of existing users
* (bug 21095) Tracking categories produced by the parser (expensive parser
function limit exceeded, __NOINDEX__ tracking, etc) can now be disabled by
setting the system message ([[MediaWiki:expensive-parserfunction-category]]
etc) to "-".
* Added maintenance script sqlite.php for SQLite-specific maintenance tasks.
* Rewrote Special:Upload to allow easier extension.
* Upload errors that can be solved by changing the filename now do not require
reuploading.
* Added $wgRateLimitsExcludedIPs, to allow specific IPs to be whitelisted from
rate limits.
* (bug 21222) When $wgUseTeX is not enabled, <math> is no longer registered with
the parser so extensions are free to implement their own <math> tag
* (bug 21047) Wrap 'cannotdelete' into a div with the generic 'error' class and
an own 'mw-error-cannotdelete' class
* New hook AbortNewAccountAuto, called before account creation from AuthPlugin-
or ExtUser-driven requests.
* (bug 3480) The warning saying that the page has a history when deleting it now
contains the number of revisions in the history
* $wgStylePath and $wgLogo are now set in the default LocalSettings.php file.
* (bug 20186) Allow filtering history for revision deletion.
* New hook OtherBlockLogLink, called in Special:IPBlockList and Special:Block
to show links to block logs of other blocking extensions, i.e. GlobalBlocking
* Added search capabilities to SQLite backend
* rebuildtextindex.php maintenance script now supports databases other than
MySQL
* upgrade1_5.php now requires to be run --update option to prevent confusion
* (bug 17662) Customizable default preload/editintro for new sections in the
respective addsection-preload and addsection-editintro messages
* Added maintenance script checkSyntax.php that checks for PHP syntax errors
and common coding mistakes
* Updated Unicode normalization tables
* (bug 21604) Spellcheck attribute for editsummary
* New wgCategories JavaScript global variable for userscripts.
* (bug 20717) Added checkboxes to hide users with bot and/or sysop group
membership in SpecialActiveusers
* Allow \pagecolor and \definecolor in texvc
* $wgTexvcBackgroundColor contains background color for texvc call
* (bug 21574) Redirects can now have "303 See Other" HTTP status
* EditPage refactored to allow extensions to derive new edit modes much easier.
* (bug 21826) Subsections of Special:Version now also have anchors
* (bug 19791) Add URL of file source as comment to thumbs (for ImageMagick)
* (bug 21946) Sorted wikitables do not properly handle minus signs
* (bug 18885) Red links for media files do not support shared repositories
* Added $wgFixArabicUnicode, to convert deprecated presentation forms in
Arabic text to their modern equivalents, and $wgFixMalayalamUnicode, to
convert ZWJ-based chillu sequences in Malayalam text to their Unicode 5.1
equivalents.
* (bug 22051) Returing false in SpecialContributionsBeforeMainOutput hook now
stops normal output
* Send new password e-mail in users preference language
* LanguageConverter now support nested using of manual convert syntax like
"-{-{}-}-"
* Upload license preview now uses the API instead of action=ajax
* (bug 7346) Add <guid> to RSS to avoid duplicates
* (bug 19996) Added new hooks for Special:Search, which allow to further
restrict/expand it.
* (bug 21936) When a revision has been patrolled, there's now a link back to the
article
* (bug 22315) SpecialRecentChangesQuery hook now pass $query_options and checks
the return value
* Separate unit test suites under t/ and tests/ were merged and moved to
maintenance/tests/.
* importImages.php maintenance script can now use the original uploader and
comment from another wiki.
* Support for Turck MMCache was removed
* (bug 14592) Warn users when they try to move their user page that their
account will not be renamed
* Show block log on non-existing user (talk) pages of currently blocked users
=== Bug fixes in 1.16 ===
* (bug 18031) Make namespace selector on Special:Export remember the previous
selection
* The svn-version version numbers on Special:Version have been removed
* (bug 17374) Special:Export no longer exports two copies of the same page
* (bug 18190) Proper parsing in MediaWiki:Sharedupload message
* (bug 17617) HTML cleanup for ImagePage
* (bug 17964) namespaceDupes.php no longer fails on an empty interwiki table
* Improved error handling for image moving
* (bug 17974) On Special:SpecialPages, restricted special pages are now marked
with <strong> tags, helps with text-based browsers
* (bug 18259) Special:DeletedContributions now also uses
MediaWiki:Sp-contributions-logs for the link to Special:Log
* Don't add empty title="" attributes to links to anchors on the current page
* (bug 18291) rebuildrecentchanges.php failed to add deletion log entries
* (bug 18304) rebuildrecentchanges.php got size changes wrong
* (bug 18170) Fixed a PHP warning in Parser::preSaveTransform() in PHP 5.3
* (bug 18289) Database connection error page now returns correct HTML
* "successbox", "errorbox" and related CSS classes are now available in all
skins
* (bug 18316) Removed superfluous name="fulltext" from Special:Search
* (bug 18331) MediaWiki:Undelete-revision can now have wikitext
* The "noautoblock" flag is no longer displayed in the block log when blocking
an IP address
* (bug 18009) $wgHooks and $wgExtensionFunctions now support closures
* (bug 17948) Maintenance scripts now exit(0) or exit(1) as appropriate
* (bug 18377) Time in Enhanced ChangesList lacking localisation
* (bug 12998) Allow <sup>, <sub>, etc. in DISPLAYTITLE
* (bug 1553) Lowercase navigation headings in German
* (bug 7830) Pending transactions failed to commit on loginToUse() error
* (bug 11613) session.save_handler being over-ridden
* (bug 11381) session.save_handler being set twice (causes error)
* (bug 17835) ForeignAPIRepo throwing error on first page load for file
* (bug 18115) ForeignAPIRepo cache isn't working
* Fixed a bug caused by LanguageConverter.php, which brings an abnormal '}-'
after some parsed math syntax.
* (bug 18441) rebuildrecentchanges.inc no longer ignores $wgLogRestrictions
* (bug 18317) Bolded selections in 1 | 3 | etc days on RecentChanges now use
<strong> instead of hardcoded styles
* (bug 18449) Fixed items number per column on category pages when the total is
divisible by 3
* (bug 18121) maintenance/deleteArchivedRevisions.php no longer deletes
revisions when --delete is not passed
* (bug 13172) GPS coordinates in image Exif data are now actually displayed
* Overhaul of preferences system, includes the following bug fixes:
** (bug 5363) Changes to default preferences now impact registered users.
** (bug 14806) Hook to enable putting preferences in existing tabs.
** (bug 17191) Registration date now listed on preferences page.
** The user_properties table (now used for storing preferences) has been added
to $wgSharedTables.
** Note that this change will break some extensions which have not been adapted
for it.
* (bug 17020) Adding fallback encodings for Traditional and Simplified Chinese
languages while the text is typed as URLs.
* (bug 17614) Prev / Next links are not shown if all results are shown
* (bug 18207) Strange spacing before [[irc:...]] links
* Removed float from the user login form in RTL interface - caused display
problems in FF2
* (bug 15008) Redirect images are now subject to Bad image list rules
* (bug 6802) profileinfo.php now also work on other database servers than MySQL
* (bug 16925) Diffs no longer fail when $wgExternalDiffEngine is set to
'wikidiff' or 'wikidiff2' but extension is not installed
* (bug 18326) Chmod errors in file repos have been hidden
* (bug 18718) Comma after a } create a error in IE
* (bug 18716) Removed redundant class in Modern skin CSS for category links and
tweaked spacing.
* (bug 18656) Use proper directory separators in wfMkdirParents()
* (bug 18549) Make Special:Blockip respect $wgEnableUserEmail and
$wgSysopEmailBans
* (bug 16912) Tooltips on images with link= disappear
* (bug 18389) Localise numbers in EXIF data
* (bug 18522) Wrap MediaWiki:Protect-cascadeon in a div for identification
* (bug 18438) Tweak HTML for preview bar for consistency and accessibility
* (bug 18432) Updated documentation for dumpBackup.php
* Fix array logic in Sanitizer::removeHTMLtags so that it doesn't strip good
tags that were redundantly defined.
* (bug 14118) SpecialPage::getTitleFor does not return a localised name
* (bug 18698) Renaming non entry point maintenance scripts from .inc.php to
.inc
* Deprecated methods Title::getInterwikiLink, Title::userCanCreate(),
Title::userCanEdit() and Title::userCanMove() have been removed
* Only show upload links on file description if $wgEnableUploads = true
and user can upload
* Don't say "You need to log in to upload/move", because it's possible that
uploading/moving is disabled for registered users as well (e.g. only sysops)
* (bug 18943) Handle invalid titles gracefully at Special:Mostlinked
* (bug 8873) Enable variant conversion in text on 'alt' and 'title' attributes
* (bug 10837) Introducing the StubUserVariant class to determine the variant
variable instead of using this to overrule the user language preference.
* (bug 19014) If user had deletedhistory right, but not undeleted right, then
show "view" instead of "view/restore" on logs.
* (bug 19017) TOC level calculation error in an odd case
* (bug 18999) CSS update for RTL interwiki links
* (bug 18925) history.js removes class names of list elements on initialization
* Multiple whitespace in TOC anchors is now stripped, for consistency with the
link from the edit comment
* (bug 19112) Preferences now respects $wgUseExternalEditor
* (bug 18173) MediaWiki now fails when unable to determine a client IP
* (bug 19170) Special:Version should follow the content language direction
* (bug 19160) maintenance/purgeOldText.inc is now compatible with PostgreSQL
* Fixed performance regression in "bad image list" feature
* Show user preference 'Use live preview' if $wgLivePreview is enabled only
* (bug 17014) Blocked users can no longer use Special:UserRights unless they
can add/remove *all* groups (have 'userrights' permission).
* (bug 19294) Always show Sp-contributions-footer(-anon)
* Attempts to restrict reading of pages while anonymous viewing is allowed
via extensions not using the userCan hook and via $wgRevokePermissions now
work.
* (bug 8445) Multiple-character search terms are now handled properly for
Chinese
* (bug 19450) Use formatNum for "Number of edits" in Special:Preferences
* (bug 11242) Check for MySQL storage engines during installation now checks
whether the engines are actually available
* (bug 19390) Omit the "printable version" link on the printable version
* (bug 18394) img_auth.php now respects userCan
* (bug 19509) Uploading to a file named '0' previously treated it as null input
and attempted to upload with the source name. Now warns about not having an
extension (since 0.ext is perfectly valid)
* (bug 19468) Enotif preferences are now only displayed when they are turned on
* (bug 19442) Show/hide options on watchlist only work once
* (bug 19602) PubMed Magic links now use updated NIH url
* (bug 19637) externallinks have links to self
* Don't load Opera 9.5 RTL fixes for Opera 9.6
* Remove five-year-old KHTMLFixes.css, which is unlikely to be relevant anymore
and was causing problems.
* Removed repetition of URIs in the title attributes of external links.
* (bug 19693) User name is now escaped in "Contributions for ..." link on
Special:BlockIP
* (bug 19571) Override buildConcat for SQLite.
* Log in and log out links no longer return to page view when clicked from
history view, edit page, or something similar
* (bug 19513) RTL fixes for new Search UI
* (bug 16497) Special:Allmessages is paginated
* (bug 18708) CSS plainlinks class now available to all skins
* (bug 19590) Database error messages no longer have "MySQL" hardcoded as the
database type
* (bug 19759) successbox on Special:Preferences now correctly aligned on
standard, nostalgia and cologneblue skin
* (bug 19814) interwiki links from file links ([[File:Foo.jpg|link=de:Test]])
are no longer recorded in the pagelinks table
* (bug 19784) date option "ISO 8601" produced illegal id
* (bug 19761) Removed autogenerated <meta keywords> tag with link data.
Keyword set was not useful, and is ignored by modern search engines anyway.
* (bug 19827) Special:SpecialPages title is "Upload file
* (bug 19355) Added .xhtml, .xht to upload file extension blacklist
* (bug 19287) Workaround for lag on history page in Firefox 3.5
* (bug 19564) Updated docs/hooks.txt
* (bug 18751) Fix for buggage in profiling setup for some extensions on PHP 5.1
* (bug 17139) ts_resortTable inconsistent trimming makes date sorting fragile
* (bug 19445) Change oldimage table to use ON UPDATE CASCADE for FK to image
table.
* (bug 14080) Short notation links to subpages didn't work in edit summaries
* (bug 17374) Special:Export no longer exports multiple copies of pages
* (bug 19818) Edits to user CSS/JS subpages can now be marked as patrolled by
users who can't edit them
* (bug 19839) Comments in log items are no more double escaped
* (bug 18161) Fix inconsistent separators in watchlist link toolbars with
"enhanced recent changes"
* (bug 16877) Moving a page over a redirect no longer leaves an orphan entry in
the recentchanges table
* (bug 16009) Limit selection forms based on Pager now links to the correct page
when using long urls
* The display of the language list on the preferences is more comply with the
BCP 47 standards.
* (bug 19849) Custom X-Vary-Options header now disabled unless $wgUseXVO is set
* (bug 19301) Duplicate entries in $wgAddGroups, $wgRemoveGroups,
$wgGroupsAddToSelf and $wgGroupsRemoveFromSelf are no more displayed on
Special:ListGroupRights
* (bug 18799) Special:Userlogin now handles correctly the returnto parameter
to not link back to Special:Userlogout when user's language isn't the same as
content's language
* (bug 19479) Show proper error message when unable to connect to PostgreSQL
database with username/password in MediaWiki's setup
* (bugs 18407, 18409) Special:Upload is now listed on Special:Specialpages only
if uploads are enabled and the user can access it
* (bug 17988) Spaces before [[Category:]] links are no longer ignored
* (bug 19957) All known-failing tests now marked disabled; added --run-disabled
option to parser test suite to run disabled tests if desired.
* (bug 16311) Make recent change flags (n/m/b) <abbr>s instead of <span>s
* (bug 15680) Split the edit tip message of user CSS/JS subpage into
"usercssyoucanpreview" and "userjsyoucanpreview" respectively.
* (bug 12110) Split the rights for editing users' CSS/JS subpage from
"editusercssjs" into "editusercss" and "edituserjs" respectively.
* (bug 19394) RecentChanges feed URLs for log items with no revisions
(eg Newuser, Userrights) are no longer broken
* (bug 17395) Remote file descriptions use user language ($wgLang), not wiki
language ($wgContLang)
* (bug 11867) Lock error on redirect table when running orphans.php
* (bug 18930) initStats.php now refreshes active users count
* (bug 18699) Using the nosummary URL option no longer triggers the "You have
not provided a summary" warning for those who activated it in their
preferences
* (bug 18855) commandLine.inc and Maintenance.php are now properly included
using the full path
* (bug 18497) Fixed broken style sheets in Opera fullscreen mode
* (bug 16084) Default memory limit has be increased to 50M, see $wgMemoryLimit
* (bug 17864/19519) Added proper input normalization in Special:UserRights
* (bug 20086) Add Hook to add extra statistics at the end of Special:Statistics
* (bug 19289) importDump.php can now handle bzip2 and 7zip
* (bug 20131) Fixed a PHP notice for users having the "rollback" right on
Special:RecentChangesLinked
* Do not transform EXIF fields with pure text to avoid results like
foo,bar@example,com
* (bug 20176) Fix login/logout links in skin CologneBlue
* (bug 20203) "Powered by MediaWiki" now has height/width on image tag
* (bug 20273) Fix broken output when no pages are found in the content
namespaces
* (bug 20265) Make AncientPages and UnusedFiles work on SQLite
* Fixed XSS vulnerability for Internet Explorer clients (only pre-release
versions of MediaWiki were affected).
* (bug 14817) Moving a page to a subpage of itself moves it twice
* (bug 20289) $wgMaximumMovedPages should only count pages actually moved
* (bug 15248) Non-breaking spaces and certain other Unicode space characters
are now normalized to ordinary spaces in titles; if your wiki has existing
titles with such characters, run cleanupTitles.php and/or cleanupImages.php
* (bug 11143) Links containing invalid UTF-8 percent-code sequences are now
cleanly disabled instead of breaking parsing entirely on PHP 5.2.
* (bug 20296) Fixed an PHP warning in Language::getMagic() in PHP 5.3
* (bug 20358) Unprotect tab was missing accesskey; now same as protect tab.
* (bug 20317) Cleaned up default main page link accesskey settings
* (bug 20362) Special:Statistics now produces valid HTML when view counters are
enabled
* (bug 19857) maintenance/deleteRevision.php on last revision no longer breaks
target page
* (bug 20365) Page name with c/g/h/j/s/u + x are now correctly handled in
Special:MovePage with Esperanto as content language
* (bug 20364) Fixed regression in GIF metadata loading
* (bug 20299) MediaWiki:Move-subpages and MediaWiki:Move-talk-subpages can now
use wikitext
* (bug 15475) DatabaseBase::setFlag(), DatabaseBase::clearFlag() and
DatabaseBase::getFlag() now have documentation
* (bug 19966) MediaWiki:License-header is now used for the licensing header in
the file description page instead of MediaWiki:License
* (bug 20380) Links to history/deleted edits at the top of
Special:RevisionDelete are no more displayed when doing log suppression
* (bug 8143) Localised parser function names are now correctly case insensitive
if they contain non-ASCII characters
* (bug 19055) maintenance/rebuildrecentchanges.php now purges
Special:Recentchanges's RSS and Atom feed cache
* The installer will now try to bypass PHP's max_execution_time
* (bug 20260) SQLite no longer tries to automatically create the database at
execution time, this now happens only at install time; if it is not available
at script execution, it now throws an exception
* Fixed EditFilterMerged hook so the hookError parameter serves a purpose
(analogous to EditFilter hook)
* (bug 2257) Tag extensions can expand template parameters provided to the tag,
by using a new parameter added to the recursiveTagParse function
* (bug 14900) __INDEX__ and __NOINDEX__ no longer override site config set in
$wgArticleRobotPolicies.
* (bug 20466) Hidden categories are no more displayed when printing
* (bug 20446) When changing user rights with User@remotewiki and remotewiki is
the local wiki, the user is now treated as the local user
* (bug 20494) OutputPage::getArticleBodyOnly() no longer requires an useless
argument
* (bug 20136) Protection form JavaScript now synchronizes the expiry boxes on
any change, in addition to onkeyup.
* Don't link to "edit this page" on MediaWiki:Noarticletext if user is not
allowed to create page. Done via new message
MediaWiki:Noarticletext-nopermission
* Improved compatibility between the Vector skin and addPortletLink() from
wikibits.js: empty portlets are now present but hidden, adding an element to a
portlet unhides it
* (bug 19531) addPortletLink() now wraps inserted labels in a <span> element to
be compatible with the CSS for the Vector skin
* (bug 20578) Wrong localized image metadata - duplicated string?
* (bug 20556) Stub threshold's "other" <input> in Special:Preferences now has a
correct type="text" parameter
* (bug 482) Don't include TOC in the printable version if it has been hidden
* Adjust the time according to the user configuration on Special:Revisiondelete
* (bug 20624) Installation no longer allows "qqq" as the chosen language
* (bug 20634) The installer-created database user will now have all rights on
the database so that upgrades will go more smoothly.
* (bug 18180) Special:Export ignores limit, dir, offset parameters
* User::getBlockedStatus() works for all kinds of user objects and doesn't
assume the user object is equal to the current-user object ($wgUser)
* (bug 20517) Cancel link from edit page now returns to the old version when
editing an old version
* (bug 16902) Installer no longer shows warnings when exec() has been disabled
by disable_functions
* (bug 20726) Title::getLatestRevID's documentation now says that the function
returns false if the page doesn't exist
* (bug 20751) ForeignApiRepo now urldecodes filenames when saving to local cache
* (bug 20730) Fix to Special:Version ViewVC link for branch checkouts
* (bug 20353) wfShellExec() was adding extra quotes on Windows Vista, causing
command line scripts to fail
* (bug 20702) Parser functions can now be used correctly in
MediaWiki:Missing-article
* (bug 14117) "redirected from" is now also shown on foreign file redirects
* (bug 17747) Only display thumbnail column in file history if the image can
be rendered.
* (bug 3421) Live preview no longer breaks user CSS/JS previews
* (bug 11264) The file logo on a file description page for documents (PDF, ...)
now links to the file rather than the file description page
* Password fields built with HTMLForm now still have the type="password"
attribute if $wgHtml5=false.
* (bug 20836) Preload now works for MediaWiki namespace
* (bug 20885) Search box no longer suggests unavailable special pages
* (bug 20948) "Create this page" on Special:Search is no longer displayed when
searching for special pages
* (bug 20524) Hideuser: Show nice error when trying to block hidden user without
hideuser right
* (bug 21026) Fixed file redirects on shared repos on non-English client wikis
* (bug 21030) Fixed schema choices from being overwritten by defining unique
field names per driver.
* (bug 21115) wgCanonicalSpecialPageName javascript variable is now always
false on non-special pages
* (bug 21113) "Other statistics" header on Special:Statistics is no more
displayed when there isn't any entry in it
* (bug 21114) Special:Contributions no longer shows diff links for new
revisions
* (bug 21116) MediaWiki:Templatesused, MediaWiki:Templatesusedpreview and
MediaWiki:Templatesusedsection now support plural
* (bug 21079) There is no more line wrapping between label and field in
Special:Log
* (bug 20256) Fixed SQL errors on Special:Recentchanges and
Special:Recentchangeslinked on SQLite backend
* (bug 20880) Fixed updater failure on SQLite backend
* (bug 21182) Fixed invalid HTML in Special:Listgrouprights
* (bug 20242) Installer no longer promts for user credentials for SQLite
databases
* (bug 20911) Installer failed to create a SQLite database
* (bug 20847) Deprecated deprecated akeytt() removed in wikibits.js leaving
dummy
* (bug 21161) Changing $wgCacheEpoch now always invalidates file cache
* (bug 20268) Fixed row count estimation on SQLite backend
* (bug 20275) Fixed LIKE queries on SQLite backend
* (bug 21234) Moving subpages of titles containing \\ now works properly
* (bug 21006) maintenance/updateArticleCount.php now works again on PostgreSQL
* (bug 19319) Add activeusers-intro message at top of SpecialActiveUsers page
* (bug 21255) Fixed hostname construction for DNSBL checking
* (bug 18019) Users are now warned when moving a file to a name in use on a
shared repository and only users with the 'reupload-shared' permission can
complete the move.
* (bug 18909) Add missing Postgres INSERT SELECT wrapper
* User::isValidPassword now only returns boolean results,
User::getPasswordValidity can be used to get an error message string
* The error message shown in Special:ChangePassword now parses wiki markup
* (bug 19859) Removed experimental HTMLDiff feature
* Removed section edit links in edit conflict form
* Allow SpecialActiveusers to work on non-MySQL databases
* (bug 6579) Fixed protecting images from uploading only
* (bug 18609) Search index was empty for some pages
* (bug 13453) rebuildrecentchanges maintenance script works on PG again
* (bug 16583) Reduce false positives when checking for PHP (on upload, etc.)
* (bug 20112) Bitrotted tests in the t/ directory were failing.
* (bug 21470) MediaWiki:Sp-contributions-explain is now wrapped in a <p> with
id "mw-sp-contributions-explain"
* (bug 19159) Fixed \overleftrightarrow in texvc
* (bug 19391) Fix caching for Recent ChangesFeed.
* (bug 21455) Fixed "Watch this page" checkbox appearing on some special pages
even to non-logged in users
* (bug 21551) Rewrote the Squid purge HTTP client to provide a more robust and
general implementation of HTTP, allowing it to purge non-Squid caches such as
Varnish.
* Fixed corruption of long UDP debug log messages by using socket_sendto()
instead of fsockopen() with fwrite().
* (bug 16884) Fixed feed links in sidebar not complying with URL parameters
of the displayed page
* (bug 21403) memcached class renamed to MWMemecached to avoid conflict with
PHP's memcached extension
* (bug 21650) Both calls to SkinTemplateTabs hook are now compatible
* (bug 21672) Add missing Accept-Language to both Vary and XVO headers
* (bug 21679) "Edit block reasons" link at the bottom of Special:Blockip is now
only displayed to the users that have "editinterface" right
* (bug 21740) Attempting to protect a page that doesn't exist (salting) returns
"unknown error"
* (bug 18762) both redirects and links get fixed one after another if
redirects-only switch is not present
* (bug 20159) thumbnails rerendered if older than $wgThumbnailEpoch
* Fixed a bug which in some situations causes the job queue to grow forever,
due to an infinite loop of job requeues.
* (bug 21523) File that can have multiple pages (djvu, pdf, ...) no longer have
the page selector when they have only one page
* (bug 21559) "logempty" message is now wrapped in a div with class
"mw-warning-logempty" when used in log extract
* (bug 20549) Parser tests were broken on SQLite backend
* (bug 21776) Interwiki urls like http://en.wikibooks.org/wiki/cs: should give
a redirect instead of a baderror.
* (bug 21803) Special:MyContributions now keeps the query string parameters
* Redirecting special pages now keep query string parameters set to "0" (e.g.
for namespace)
* (bug 20765) Special:ListGroupRights no longer misses addables and removables
groups if there are duplicate entries
* (bug 21814) Message shown when rolling back an edit with a deleted username
now shows '(username deleted)' instead of broken user tool links
* (bug 21536) Fixed JavaScript error on Special:Search caused by an incorrect ID
* (bug 21535) RecentChanges RSS feed now always recognises the namespace filter,
previously it sometimes didn't due to caching.
* (bug 20388) ProfilerSimpleText no longer outputs comment on action=raw
* refreshLinks.php now purges orphaned redirect table rows
* (bug 2971) Swap links of hist & diff location on Special:Contributions for
consistency with RC/WL
* (bug 21986) Special page names are now capitalized by content language
* If two log types have the same description, they're now both displayed in the
type selector on Special:Log
* (bug 20115) Special:Userlogin title says "Log in / create account" even if the
user can't create an account
* (bug 2658) Don't attempt to set the TZ environment variable.
* (bug 9794) User rights log entries for foreign user now links to the foreign
user's page if possible
* (bug 14717) Don't load nonexistent CSS fix files for non-Monobook skins
* (bug 22034) Use wfClientAcceptsGzip() in wfGzipHandler instead of
reimplementing it.
* (bug 19226) First line renders differently on many UI messages.
* (bug 21303) Comments are no longer stripped from MediaWiki:Common.js and
skin-specific JS pages
* (bug 5061) Use the more precise thumbcaption thumbimage and thumbinner classes
for image divs.
* (bug 22096) IE50Fixes.css and IE55Fixes.css have been dropped from the
Monobook and Chick skins
* Fixed bug involving unclosed "-{" markup in the language converter
* (bug 21870) No longer include Google logo from an external server on wiki
error.
* (bug 22181) Do not truncate if the ellipsis actually make the string longer
* (bug 16039) Text disappearing after a bad image
* (bug 18784) Internal links like [[File:Foo|caption]] should read 'caption',
not 'File:Foo' when Foo is not an image
* (bug 21518) Special:UserRights no longer displays the user name box for users
that can only change their rights
* (bug 21593) Special:UserRights now lists automatic groups membership
* (bug 22364) Setting $wgUseExternalEditor to false no longer hides the reupload
link from file pages
* Fix bug introduced in MediaWiki 1.12: The author field in
$wgExtensionCredits is no longer sorted with sort() but rather used
as it appears in extensions as was the case before r30117 where it
was unintentionally sorted along with other fields.
* (bug 19334) Textarea no longer jumps when editing longer articles in IE8
* Truncate summary of page moves in revision comment field to avoid broken
multibyte characters
* (bug 22540) ForeignApiRepos no longer try to store thumbnails that don't exist
* (bug 22551) Special:Resetpass now has a "Cancel" button that sends the user to
the page set in the &returnto parameter.
* (bug 19194) Search box in Modern skin doesn't focus with Safari/Chrome
* (bug 17790) Users instantly logged off on HughesNet
* (bug 21549) Make foreign key constraints DEFERRABLE INITIALLY DEFERRED
when using Postgres as the database backend.
== API changes in 1.16 ==
* Added uiprop=changeablegroups to meta=userinfo
* Added usprop=gender to list=users
* (bug 18311) action=purge now works for images too
* Add parentid to prop=revisions output
* (bug 17832) action=delete returns 'unknownerror' instead of 'permissiondenied'
when the user is blocked
* (bug 18546) Added timestamp of new revision to action=edit output
* (bug 18554) Also list hidden revisions in list=usercontribs for privileged
users
* (bug 13049) "API must be accessed from the primary script entry point" error
* (bug 16422) Don't display help for format=jsonfm unless specifically requested
* Added PHP and database version to meta=siteinfo output
* (bug 18533) Add readonly message to meta=siteinfo output
* (bug 18518) Add clprop=hidden to prop=categories
* (bug 18710) Fixed internal error with empty parameter in action=paraminfo
* (bug 18709) Missing descriptions for some parameters in action=paraminfo
output
* (bug 18731) Show correct SVN links for extension modules in api.php?version
* (bug 18730) Add version information to action=paraminfo output
* (bug 18743) Add ucprop=size to list=usercontribs
* (bug 18749) Add generator flag to action=paraminfo output
* Make action=block respect $wgEnableUserEmail and $wgSysopEmailBans
* Made deleting file description pages without files possible
* (bug 18773) Add content flag to siprop=namespaces output
* (bug 18785) Add siprop=languages to meta=siteinfo
* (bug 14200) Added user and excludeuser parameters to list=watchlist and
list=recentchanges
* Added index, fromtitle and byteoffset fields to action=parse&prop=sections
output
* (bug 19313) action=rollback returns wrong revid on master/slave setups
* (bug 19323) action=parse doesn't return section tree on pages with Cite
warnings
* (bug 18720) Add anchor field to action=parse&prop=sections output
* (bug 19423) The initial file description page used caption in user lang
rather than UI lang
* (bug 17809) Add number of users in user groups to meta=siteinfo
* (bug 18533) Add readonly reason to readonly exception
* (bug 19528) Added XSLT parameter to API queries in format=xml
* (bug 19040) Fix prependtext and appendtext in combination with section
parameter in action=edit
* (bug 19090) Added watchlist parameter, deprecated watch and unwatch
parameter in action=edit
* Added fields to list=search output: size, wordcount, timestamp, snippet
* Where supported by backend, list=search adds a 'searchinfo' element with
optional info: 'totalhits' count and 'suggestion' alternate query term
* (bug 19907) $wgCrossSiteAJAXdomains added to allow specified (or all)
external domains to access api.php via AJAX, if the browser supports the
Access-Control-Allow-Origin HTTP header
* (bug 19999) Made metadata and properties of search results optional. Added
srprop and srinfo.
* (bug 20700) Add amprop=default to meta=allmessages to list default value for
customized messages
* Don't parse magic words in meta=allmessages, output messages unparsed
* (bug 21105) list=usercontribs can now list contribs for User:0
* (bug 21085) list=deletedrevs no longer returns only one revision when
drcontinue param is passed
* (bug 21106) Deprecated parameters now tagged in action=paraminfo
* (bug 19004) Added support for tags
* (bug 21083) list=allusers no longer returns current timestamp for users
without registration date
* (bug 20967) action=edit allows creation of invalid titles
* (bug 19523) Add inprop=watched to prop=info
* (bug 21589) API: Separate summary and initial page text for uploads
* (bug 21817) list=usercontribs returns empty result for empty ucuser
* (bug 21441) meta=userinfo&uiprop=options no longer returns default options
for logged-in users under certain circumstances
* (bug 21945) Add chomp control in YAML
* Expand the thumburl to an absolute url to make it consistent with url and
descriptionurl
* (bug 20233) ApiLogin::execute() doesn't handle LoginForm :: RESET_PASS
* (bug 22061) API: add prop=headitems to action=parse
* (bug 22240) API: include time in siteinfo
* (bug 22241) Quick edit is still using the deprecated watch parameter (API:
Setting default for watch/unwatch wrongly set)
* (bug 22245) blfilterredirect=nonredirects in blredirect mode wrongly filtering
* (bug 22248) Output extension URLs in meta=siteinfo&siprop=extensions
* Support key-params arrays in 'descriptionmsg' in
meta=siteinfo&siprop=extensions
* (bug 21922) YAML output should quote asterisk when used as key
* (bug 22297) safesubst: to allow substitution without breaking transclusion
* (bug 18758) API read of watchlist's wl_notificationtimestamp
* (bug 20809) Expose EditFormPreloadText via the API
* (bug 18427) Comment (edit summary) parser option for API
* (bug 18608) API should provide list of CSS styles to apply to rendered output
* (bug 18771) List possible errors in action=paraminfo
=== Languages updated in 1.16 ===
MediaWiki supports over 300 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Bugzilla reports.
* Capiznon (cps) (new)
* North Frisian (frr) (new)
* Kirmanjki (kiu) (new)
* Komi-Permyak (koi) (new)
* Karachay-Balkar (krc) (new)
* Hill Mari (mrj) (new)
* Prussian (prg) (new)
* Romagnol (rgn) (new)
* Lower Silesian (sli) (new)
* Picard (pcd) (new)
* Uyghur (Arabic script) (ug-arab) (new)
* Upper Franconian (vmf) (new)
* Votic (vot) (new)
* Eastern Yiddish (ydd) (removed)
* Iriga Bicolano (bto) (removed)
* Ladin (lld) (removed)
* Laz (lzz) (removed)
* Palembang (plm) (removed)
* Megleno-Romanian (Greek script) (ruq-grek) (removed)
* Tamazight (tzm) (removed)
* Laz (lzz) (new)
* (bug 18474) Sorani (ckb - Central Kurdish) (renamed from ku-arab)
* Add PLURAL function for Scots Gaelic (gd)
* Add Estonian letters äöõšüž to linktrail (et)
* (bug 18776) Native name of Burmese language (my)
* (bug 18806) Use correct unicode characters in spelling of native Chuvash
(Чӑвашла)
* (bug 18864) Updated autonym for Zhuang language
* (bug 18308) Updated date formatting in Occitan (oc)
* (bug 19080) Added ăâîşţșțĂÂÎŞŢȘȚ to Romanion (ro) linktrail
* (bug 19286) Correct commafying function in Polish (pl)
* (bug 19441) Updated date formatting for Lithuanian
* (bug 19630) Added ÄäÇçĞğŇňÖöŞşÜüÝýŽž to Turkmen (tk) linktrail
* (bug 19949) New linktrail for Greek (el)
* (bug 19809) Korean (North Korea) (ko-kp) (new)
* (bug 19968) Fixed "Project talk" namespace name for Maltese (mt)
* (bug 21168) Added áâãàéêçíóôõúü to Portuguese (pt) linktrail
* (bug 21596) Change interwiki link for Kurdish (ku)
* (bug 23767) PHP warning/error when REQUEST_URI returns blank (IIS issue).
== MediaWiki 1.15 ==
== MediaWiki 1.15.5 ==
=== Changes since 1.15.4 ===
* (bug 24565) Fixed Cache-Control headers sent from API modules, to protect
user privacy in the case where an attacker can access the wiki through the
same HTTP proxy as a logged-in user.
* Fixed a minor cookie header parsing issue causing incorrect Cache-Control
headers to be sent.
* Fixed an XSS vulnerability in profileinfo.php for installations with
$wgEnableProfileInfo = true (false by default)
* For backwards compatibility with extensions from 1.14.x or before, restored
the original function ApiMain::requestWriteMode().
* In API login "need token" responses, added the cookieprefix and sessionid
fields, as in MediaWiki 1.16.x. This is an improvement to the CSRF fix
introduced in 1.15.3.
== MediaWiki 1.15.4 ==
=== Changes since 1.15.3 ===
* (bug 23534) Fixed SQL query error in API list=allusers.
* (bug 23371) Fixed CSRF vulnerability in "e-mail me my password", "create
account" and "create by e-mail" features of [[Special:Userlogin]]
* (bug 23687) Fixed XSS vulnerability affecting IE clients only, due to a CSS
validation issue.
== MediaWiki 1.15.3 ==
=== Changes since 1.15.2 ===
* (bug 22828) Fixed deletion on SQLite.
* (bug 23076) Fixed login CSRF vulnerability. Logins now require a token to
be submitted along with the user name and password.
== MediaWiki 1.15.2 ==
=== Changes since 1.15.1 ===
* The installer now includes a check for a data corruption issue with certain
versions of libxml2 2.7 and PHP earlier than 5.2.9, and also for a PHP bug
present in the official release of PHP 5.3.1.
* (bug 20239) MediaWiki:Imagemaxsize does not contain anymore a <br /> tag which
was displayed to the user
* (bug 21150) SQLite no longer raise an error when deleting files
* (bug 20880) Fixed updater failure on SQLite backend
* upgrade1_5.php now requires to be run --update option to prevent confusion
* Fixed a CSS validation issue which allowed external images to be included
into wikis where that is disallowed by configuration.
* Fixed a data leakage vulnerability for private wikis using img_auth.php or
similar image access authentication schemes. Check user permissions before
streaming out scaled images from thumb.php.
== MediaWiki 1.15.1 ==
=== Changes since 1.15.0 ===
* Fixed fatal errors for unusual file repository configurations, such as
ForeignAPIRepo.
* Fixed the "change password" link on Special:Preferences to have the correct
returnto parameter.
* (bug 19693) Fixed cross-site scripting vulnerability in Special:Block
== MediaWiki 1.15.0 ==
=== Changes since 1.15.0rc1 ===
* Removed category redirect feature, implementation was incomplete.
* (bug 18846) Remove update_password_format(), unnecessary, destroys all
passwords if a wiki with $wgPasswordSalt=false is upgraded with the web
installer.
* (bug 19127) Documentation warning for PostgreSQL users who run update.php:
use the same user in AdminSettings.php as in LocalSettings.php.
* Fixed possible web invocation of some maintenance scripts, due to the use of
include() instead of require(). A full exploit would require a very strange
web server configuration.
* Localisation updates.
=== Configuration changes in 1.15 ===
* Added $wgNewPasswordExpiry, to specify an expiry time (in seconds) to
temporary passwords
* Added $wgUseTwoButtonsSearchForm to choose the Search form behavior/look
* Added $wgNoFollowDomainExceptions to allow exempting particular domain names
from rel="nofollow" on external links
* (bug 12970) Brought back $wgUseImageResize.
* Added $wgRedirectOnLogin to allow specifying a specific page to redirect users
to upon logging in (ex: "Main Page")
* Add $wgExportFromNamespaces for enabling/disabling the "export all from
namespace" option (disabled by default)
=== New features in 1.15 ===
* (bug 2242) Add an expiry time to temporary passwords
* (bug 9947) Add PROTECTIONLEVEL parser function to return the protection level
for the current page for a given action
* (bug 17002) Add &minor= and &summary= as parameters in the url when editing,
to automatically add a summary or a minor edit.
* (bug 16852) padleft and padright now accept multiletter pad characters
* When using 'UserCreateForm' hook to add new checkboxes into
Special:UserLogin/signup, the messages can now contain HTML to allow
hyperlinking to the site's Terms of Service page, for example
* Add new hook 'UserLoadFromDatabase' that is called while loading a user
from the database.
* (bug 17045) Options on the block form are prefilled with the options of the
existing block when modifying an existing block.
* (bug 17055) "(show/hide)" links to Special:RevisionDelete now use a CSS class
rather than hardcoded HTML tags
* Added new hook 'WantedPages::getSQL' into SpecialWantedpages.php to allow
extensions to alter the SQL query which is used to get the list of wanted
pages
* (bugs 16957/16969) Add show/hide to preferences for RC patrol options on
specialpages
* (bug 11443) Auto-noindex user/user talk pages for blocked user
* (bug 11644) Add $wgMaxRedirects variable to control how many redirects are
recursed through until the "destination" page is reached.
* Add $wgInvalidRedirectTargets variable to prevent redirects to certain
special pages.
* Use HTML5 rel attributes for some links, where appropriate
* Added optional alternative Search form look - Go button & Advanced search
link instead of Go button & Search button
* (bug 2314) Add links to user custom CSS and JS to Special:Preferences
* More helpful error message on raw page access if PHP_SELF isn't set
* (bug 13040) Gender switch in user preferences
* (bug 13040) {{GENDER:}} magic word for interface messages
* (bug 3301) Optionally sort user list according to account creation time
* Remote description pages for foreign file repos are now fetched in the
content language.
* (bug 17180) If $wgUseFileCache is enabled, $wgShowIPinHeader is automatically
set to false.
* (bug 16604) Mark non-patrolled edits in feeds with "!"
* (bug 16604) Show title/rev in IRC for patrol log
* (bug 16854) Whether a page is being parsed as a preview or section preview
can now be determined and set with ParserOptions.
* Wrap message 'confirmemail_pending' into a div with CSS classes "error" and
"mw-confirmemail-pending"
* (bug 8249) The magic words for namespaces and pagenames can now be used as
parser functions to return the desired namespace or normalized title/title
part for a given title.
* (bug 17110) Styled #mw-data-after-content in cologneblue.css to match the
rest of the font
* (bug 7556) Time zone names in signatures lack i18n
* (bug 3311) Automatic category redirects
* (bug 17236) Suppress 'watch user page link' for IP range blocks
* Wrap message 'searchresulttext' (Special:Search) into a div with
class "mw-searchresult"
* (bug 15283) Interwiki imports can now fetch included templates
* Treat svn:// URLs as external links by default
* New function to convert namespace text for display (only applies on wiki with
LanguageConverter class)
* (bug 17379) Contributions-title is now parsed for magic words.
* Preprocessor output now cached in memcached.
* (bug 14468) Lines in classic RecentChanges and Watchlist have classes
"mw-line-odd" and "mw-line-even" to make styling using css possible.
* (bug 17311) Add a note beside the gender selection menu to tell users that
this information will be public
* Localize time zone regions in Special:Preferences
* Add NUMBEROFACTIVEUSERS magic word, which is like NUMBEROFUSERS, but uses
the active users data from site_stats.
* Add a <link rel="canonical"> tag on redirected page views
* Replace hardcoded '...' as indication of a truncation with the
'ellipsis' message
* Wrap warning message 'editinginterface' into a div with class
'mw-editinginterface'
* (bug 17497) Oasis opendocument added to mime.types
* Remove the link to Special:FileDuplicateSearch from the "file history" section
of image description pages as the list of duplicated files is shown in the
next section anyway.
* Added $wgRateLimitsExcludedIPs, to allow specific IPs to be whitelisted from
rate limits.
* (bug 14981) Shared repositories can now have display names, located at
MediaWiki:Shared-repo-name-REPONAME, where REPONAME is the name in
$wgForeignFileRepos
* Special:ListUsers: Sort list of usergroups by alphabet
* (bug 16762) Special:Movepage now shows a list of subpages when possible
* (bug 17585) Hide legend on Special:Specialpages from non-privileged users
* Added $wgUseTagFilter to control enabling of filter-by-change-tag
* (bug 17291) MediaWiki:Nocontribs now has an optional $1 parameter for the
username
* Wrap special page summary message '$specialPageName-summary' into a div
with class 'mw-specialpage-summary'
* $wgSummarySpamRegex added to handle edit summary spam. This is used *instead*
of $wgSpamRegex for edit summary checks. Text checks still use $wgSpamRegex.
* New function to convert content text to specified language (only applies on
wiki with LanguageConverter class)
* (bug 17844) Redirect users to a specific page when they log in, see
$wgRedirectOnLogin
* Added a link to Special:UserRights on Special:Contributions for privileged
users
* (bug 10336) Added new magic word {{REVISIONUSER}}, which displays the editor
of the displayed revision
* LinkerMakeExternalLink now has an $attribs parameter for link attributes and
a $linkType parameter for the type of external link being made
* (bug 17785) Dynamic dates surrounded with a <span> tag, fixing sortable tables
with dynamic dates.
* (bug 4582) Provide preference-based autoformatting of unlinked dates with the
dateformat parser function.
* (bug 17886) Special:Export now allows you to export a whole namespace (limited
to 5000 pages)
* (bug 17714) Limited TIFF upload support now built in if 'tif' extension is
enabled. Image width and height are now recognized, and when using
ImageMagick, optional flattening to PNG or JPEG for inline display can be
enabled by setting $wgTiffThumbnailType
* Renamed two input IDs on Special:Log from 'page' and 'user' to 'mw-log-page'
and 'mw-log-user', respectively
* Added $wgInvalidUsernameCharacters to disallow certain characters in
usernames during registration (such as "@")
* Added $wgUserrightsInterwikiDelimiter to allow changing the delimiter
used in Special:UserRights to denote the user should be searched for
on a different database
* Add a class if 'missingsummary' is triggered to allow styling of the summary
line
* Title attributes are now always blank on framed and thumbnailed images, and
default to blank on inline images instead of defaulting to the image's
filename. Additionally, the alt attribute now defaults to the filename on
framed and thumbnailed images if no caption or alt attribute is specified.
=== Bug fixes in 1.15 ===
* (bug 16968) Special:Upload no longer throws useless warnings.
* (bug 17000) Special:RevisionDelete now checks if the database is locked
before trying to delete the edit.
* (bug 16852) padleft and padright now handle multibyte characters correctly
* (bug 17010) maintenance/namespaceDupes.php now add the suffix recursively if
the destination page exists
* (bug 17035) Special:Upload now fails gracefully if PHP's file_uploads has
been disabled
* Fixing the caching issue by using -{T|xxx}- syntax (only applies on wiki with
LanguageConverter class)
* Improving the efficiency by using -{A|xxx}- syntax (only applies on wiki with
LanguageConverter class)
* (bug 17054) Added more descriptive errors in Special:RevisionDelete
* (bug 11527) Diff on page with one revision shows "Next" link to same diff
* (bug 8065) Fix summary forcing for new pages
* (bug 10569) redirects to Special:Mypage and Special:Mytalk are no longer
allowed by default. Change $wgInvalidRedirectTargets to re-enable.
* (bug 3043) Feed links of given page are now preceded by standard feed icon
* (bug 17150) escapeLike now escapes literal \ properly
* Inconsistent use of sysop, admin, administrator in system messages changed
to 'administrator'
* (bug 14423) Check block flag validity for block logging
* DB transaction and slave-lag avoidance tweaks for Email Notifications
* (bug 17104) Removed [Mark as patrolled] link for already patrolled revisions
* (bug 17106) Added 'redirect=no' and 'mw-redirect' class to redirects at
"user contributions"
* Rollback links on new pages removed from "user contributions"
* (bug 15811) Re-upload form tweaks: license fields removed, destination locked,
comment label uses better message
* Whole HTML validation ($wgValidateAllHtml) now works with external tidy
* Parser tests no longer fail when $wgExternalLinkTarget is set in
LocalSettings
* (bug 15391) catch DBQueryErrors on external storage insertion. This avoids
error messages on save were the edit in fact is saved.
* (bug 17184) Remove duplicate "z" accesskey in MonoBook
* Parser tests no longer fail when $wgAlwaysUseTidy is set in LocalSettings.php
* Removed redundant dupe warnings on reupload for the same title. Dupe warnings
for identical files at different titles are still given.
* Add 'change tagging' facility, where changes can be tagged internally with
certain designations, which are displayed on various summaries of changes,
and the entries can be styled with CSS.
* (bug 17207) Fix regression breaking category page display on PHP 5.1
* Categoryfinder utility class no longer fails on invalid input or gives wrong
results for category names that include pseudo-namespaces
* (bug 17252) Galician numbering format
* (bug 17146) Fix for UTF-8 and short word search for some possible MySQL
configs
* (bug 7480) Internationalize database error message
* (bug 16555) Number of links to mediawiki.org scaled back on post-installation
* (bug 14938) Removing a section no longer leaves excess whitespace
* (bug 17304) Fixed fatal error when thumbnails couldn't be generated for file
history
* (bug 17283) Remove double URL escaping in show/hide links for log entries
and RevisionDeleteForm::__construct
* (bug 17105) Numeric table sorting broken
* (bug 17231) Transcluding special pages on wikis using language conversion no
longer affects the page title
* (bug 6702) Default system messages updated/improved
* (bug 17190) User ID on preference page no longer has delimeters
* (bug 17341) "Powered by MediaWiki" should be on the left on RTL wikis
* (bug 17404) "userrights-interwiki" right was missing in User::$mCoreRights
* (bug 7509) Separation strings should be configurable
* (bug 17420) Send the correct content type from action=raw when the HTML file
cache is enabled.
* (bug 12746) Do not allow new password e-mails when wiki is in read-only mode
* (bug 17478) Fixed a PHP Strict standards error in
maintenance/cleanupWatchlist.php
* (bug 17488) RSS/Atom links in left toolbar are now localized in classic skin
* (bug 17472) use print <<<EOF in maintenance/importTextFile.php
* Special:PrefixIndex: Move table styling to shared.css, add CSS IDs to tables
use correct message 'allpagesprefix' for input form label, replace _ with ' '
in next page link
* (bug 17506) Exceptions within exceptions now respect $wgShowExceptionDetails
* Fixed excessive job queue utilisation
* File dupe messages for remote repos are now shown only once.
* (bug 14980) Messages 'shareduploadwiki' and 'shareduploadwiki-desc' are now
used as a parameter in 'sharedupload' for easier styling and customization.
* (bug 17482) Formatting error in Special:Preferences#Misc (Opera)
* (bug 17556) <link> parameters in Special:Contributions feeds (RSS and Atom)
now point to the actual contributors' feed.
* ForeignApiRepos now fetch MIME types, rather than trying to figure it locally
* Special:Import: Do not show input field for import depth if
$wgExportMaxLinkDepth == 0
* (bug 17570) $wgMaxRedirects is now correctly respected when following
redirects (was previously one more than $wgMaxRedirects)
* (bug 16335) __NONEWSECTIONLINK__ magic word to suppress new section link.
* (bug 17581) Wrong index name in PostgreSQL's updater: was rc_timestamp_nobot,
changed to rc_timestamp_bot
* (bug 17437) Fixed incorrect link to web-based installer
* (bug 17538) Use shorter URLs in <link> elements
* (bug 13778) Hidden input added to the search form so that using the Enter key
on IE will do a fulltext search like clicking the button does
* (bug 1061) CSS-added icons next to links display through the text and makes
it unreadable in RTL
* Special:Wantedtemplates now works on PostgreSQL
* (bug 14414) maintenance/updateSpecialPages.php no longer throws error with
PostgreSQL
* (bug 17546) Correct Tongan language native name is "lea faka-Tonga"
* (bug 17621) Special:WantedFiles has no link to Special:Whatlinkshere
* (bug 17460) Client ecoding is now correctly set for PostgreSQL
* (bug 17648) Prevent floats from intruding into edit area in previews if no
toolbar present
* (bug 17692) Added (list of members) link to 'user' in Special:Listgrouprights
* (bug 17707) Show file destination as plain text if &wpForReUpload=1
* (bug 10172) Moved setting of "changed since last visit" flags out of the job
queue
* (bug 17761) "show/hide" link in page history in now works for the first
displayed revision if it's not the current one
* (bug 17722) Fix regression where users are unable to change temporary
passwords
* (bug 17799) Special:Random no longer throws a database error when a non-
namespace is given, silently falls back to NS_MAIN
* (bug 17751) The message for bad titles in WantedPages is now localized
* (bug 17860) Moving a page in the "MediaWiki" namespace using SuppressRedirect
no longer corrupts the message cache
* (bug 17900) Fixed User Groups interface log display after saving groups.
* (bug 17897) Fixed string offset error in <pre> tags
* (bug 17778) MediaWiki:Catseparator can now have HTML entities
* (bug 17676) Error on Special:ListFiles when using Postgres
* Special:Export doesn't use raw SQL queries anymore
* (bug 14771) Thumbnail links to individual DjVu pages no longer have
two "page" parameters
* (bug 17972) Special:FileDuplicateSearch form now works correctly on wikis that
don't use PathInfo or short urls
* (bug 17990) trackback.php now has a trackback.php5 alias and works with
$wgScriptExtension
* (bug 14990) Parser tests works again with PostgreSQL
* (bug 11487) Special:Protectedpages doesn't list protections with pr_expiry
IS NULL
* (bug 18018) Deleting a file redirect leaves behind a malfunctioning redirect
* (bug 17537) Disable bad zlib.output_compression output on HTTP 304 responses
* (bug 11213) [edit] section links in printable version no longer appear when
you cut-and-paste article text
* (bug 17405) "Did you mean" to mirror Go/Search behavior of original request
* (bug 18116) 'edittools' is now output identically on edit and upload pages
* (bug 17241) The diffonly URI parameter should cascade to "Next edit" and
"Previous edit" diff links
* (bug 16823) Sidebar search form should not use Special:Search view URL as
target
* (bug 16343) Non-existing, but in use, category pages can be "go" match hits
* Fixed a CSS validation issue which allowed external images to be included
into wikis where that is disallowed by configuration.
* Fixed a data leakage vulnerability for private wikis using img_auth.php or
similar image access authentication schemes. Check user permissions before
streaming out scaled images from thumb.php.
== API changes in 1.15 ==
* (bug 16858) Revamped list=deletedrevs to make listing deleted contributions
and listing all deleted pages possible
* (bug 16844) Added clcategories parameter to prop=categories
* (bug 17025) Add "fileextension" parameter to meta=siteinfo&siprop=
* (bug 17048) Show the 'new' flag in list=usercontribs for the revision that
created the page, even if it's not the top revision
* (bug 17069) Added ucshow=patrolled|!patrolled to list=usercontribs
* action=delete respects $wgDeleteRevisionsLimit and the bigdelete user right
* (bug 15949) Add undo functionality to action=edit
* (bug 16483) Kill filesort in ApiQueryBacklinks caused by missing parentheses.
Building query properly now using makeList()
* (bug 17182) Fix pretty printer so URLs with parentheses in them are
autolinked correctly
* (bug 17224) Added siprop=rightsinfo to meta=siteinfo
* (bug 17239) Added prop=displaytitle to action=parse
* (bug 17317) Added watch parameter to action=protect
* (bug 17007) Added export and exportnowrap parameters to action=query
* (bug 17326) BREAKING CHANGE: Changed output format for iiprop=metadata
* (bug 17355) Added auwitheditsonly parameter to list=allusers
* (bug 17007) Added action=import
* BREAKING CHANGE: Removed rctitles parameter from list=recentchanges because
of performance concerns
* Listing (semi-)deleted revisions and log entries as well in prop=revisions
and list=logevents
* (bug 11430) BREAKING CHANGE: Modules may return fewer results than the
limit and still set a query-continue in some cases
* (bug 17357) Added movesubpages parameter to action=move
* (bug 17433) Added bot flag to list=watchlist&wlprop=flags output
* (bug 16740) Added list=protectedtitles
* Added mainmodule and pagesetmodule parameters to action=paraminfo
* (bug 17502) meta=siteinfo&siprop=namespacealiases no longer lists namespace
aliases already listed in siprop=namespaces
* (bug 17529) rvend ignored when rvstartid is specified
* (bug 17626) Added uiprop=email to list=userinfo
* (bug 13209) Added rvdiffto parameter to prop=revisions
* Manual language conversion improve: Now we can include both ";" and ":" in
conversion rules
* (bug 17795) Don't report views count on meta=siteinfo if $wgDisableCounters
is set
* (bug 17774) Don't hide read-restricted modules like action=query from users
without read rights, but throw an error when they try to use them.
* Don't hide write modules when $wgEnableWriteAPI is false, but throw an error
when someone tries to use them
* BREAKING CHANGE: action=purge requires write rights and, for anonymous users,
a POST request
* (bug 18099) Using appendtext to edit a non-existent page causes an interface
message to be included in the page text
* Fixed the circular template inclusion check, was broken when the loop
involved redirects. Without this, infinite recursion within the parser is
possible.
* (bug 18601) generator=backlinks returns invalid continue parameter
* (bug 18597) Internal error with empty generator= parameter
* (bug 18617) Add xml:space="preserve" attribute to relevant tags in XML output
* (bug 17611) Provide a sensible error message on install when the SQLite data
directory is wrong.
=== Languages updated in 1.15 ===
MediaWiki supports over 300 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Bugzilla reports.
* Austrian German (de-at) (new)
* Swiss Standard German (de-ch) (new)
* Simplified Gan Chinese (gan-hans) (new)
* Traditional Gan Chinese (gan-hant) (new)
* Literary Chinese (lzh) (new)
* Uyghur (Latin script) (ug-latn) (renamed from 'ug')
* Veps (vep) (new)
* Võro (vro) (renamed from fiu-vro)
* (bug 17151) Add magic word alias for #redirect for Vietnamese
* (bug 17288) Messages improved for default language (English)
* (bug 12937) Update native name for Afar
* (bug 16909) 'histlegend' now reuses messages instead of copying them
* (bug 17832) action=delete returns 'unknownerror' instead of 'permissiondenied'
when the user is blocked
* Traditional/Simplified Gan Chinese conversion support
== MediaWiki 1.14 ==
== MediaWiki 1.14.1 ==
=== Changes since 1.14.0 ===
* (bug 17737) Fixed russian URLs for Special:BookSources
* (bug 17713) Using links with only an anchor no longer add an dummy entry in
the pagelinks table
* (bug 17897) Fixed string offset error in <pre> tags
* (bug 17832) Fixed action=delete returning 'unknownerror' instead of
'permissiondenied' when the user is blocked
* Fixed performance regression when accessing deleted (archived) files
* (bug 19693) Fixed cross-site scripting vulnerability in Special:Block
== MediaWiki 1.14.0 ==
=== Changes since 1.14.0rc1 ===
* Fixed the performance of the backlinks API module
* (bug 17420) Send the correct content type from action=raw when the HTML file
cache is enabled.
* (bug 17437) Fixed incorrect link to web-based installer
* (bug 17527) Fixed missing MySQL-specific options in installer
=== Configuration changes in 1.14 ===
* $wgExemptFromUserRobotsControl is an array of namespaces to be exempt from
the effect of the new __INDEX__/__NOINDEX__ magic words. (Default: null, ex-
empt all content namespaces.)
* $wgForwardSearchUrl has been removed entirely. Documented setting since 1.4
has been $wgSearchForwardUrl.
* (bug 15080) $wgOverrideSiteFeed has been added. Setting either
$wgSiteFeed['rss'] or 'atom' to a URL will override the default Recent
Changes feed that appears on all pages.
* $wgSQLiteDataDirMode has been introduced as the default directory mode for
SQLite data directories on creation. Note that this setting is separate from
$wgDirectoryMode, which applies to all normal dirs created by MediaWiki.
* $wgGroupsAddToSelf and $wgGroupsRemoveFromSelf now work more like
$wgAddGroups and $wgRemoveGroups, where the user must belong to a specified
group in order to add or remove those groups from themselves.
Backwards compatibility is maintained.
* $wgRestrictDisplayTitle controls if the use of the {{DISPLAYTITLE}} magic
word is restricted to titles equivalent to the actual page title. This
is true by default, but can be set to false to allow any title.
* $wgSpamRegex may now be an array of multiple regular expressions.
* $wgAjaxSearch has been removed; use $wgEnableMWSuggest instead.
* Editing the MediaWiki namespace is now unconditionally restricted to people
with the editinterface right, configuring this in $wgNamespaceProtection
is not required.
* $wgAllowExternalImagesFrom may now be an array of multiple strings.
* Introduced $wgEnableImageWhitelist to toggle the on-wiki external image
whitelist on or off.
* Added $wgRenderHashAppend to append some string to the parser cache and the
sitenotice cache keys.
* $wgRCChangedSizeThreshold is now a positive integer by default,
* (bug 16006) $wgEnableWriteAPI is now true by default. Authorized can perform
write actions using the API.
* Added $wgRC2UDPInterwikiPrefix which adds an interwiki prefix
($wgLocalInterwiki) onto the page names in the UDP feed.
* Added $wgAllowUserSkin to let the wiki's owner disable user selectable skins
on the wiki. If it's set to false, then the skin used will *always* be
$wgDefaultSkin.
* Added $wgEnotifUseRealName, which allows UserMailer to send out e-mails based
on the user's real name if one is set. Defaults to false (use the username)
* Removed the 'apiThumbCacheDir' option from $wgForeignFileRepos (only used in
ForeignAPIRepo)
* (bug 44) Image namespace and accompanying talk namespace renamed to File.
For backward compatibility purposes, Image still works. External tools may
need to be updated.
* The constants NS_FILE and NS_FILE_TALK can now be used instead of NS_IMAGE and
NS_IMAGE_TALK. The old constants are retained as aliases for compatibility,
and should still be used in code meant to be compatible with v1.13 or older.
* MediaWiki can be forced to use private IPs forwarded by a proxy server by
using $wgUsePrivateIPs.
* The 'BeforeWatchlist' hook has been removed due to internal changes in
Special:Watchlist. 'SpecialWatchlistQuery' should now be used by extensions
to customize the watchlist database query.
=== Migrated extensions ===
The following extensions are migrated into MediaWiki 1.14:
* Special:DeletedContributions to show deleted user contributions (was
extension DeletedContributions)
* Special:Log/newusers recording new users (was extension Newuserlog)
* Special:LinkSearch to search for external links (was extension LinkSearch)
* RenderHash
* NoMoveUserPages
* UniversalEditButton
=== New features in 1.14 ===
* New URL syntaxes for Special:ListUsers - 'Special:ListUsers/USER' and
'Special:ListUsers/GROUP/USER', in addition to the older syntax
'Special:ListUsers/GROUP' where GROUP is a valid group name.
* Configurable per-namespace and per-page notices for the edit form,
respectively MediaWiki:Editnotice-# where # is the namespace number, and
MediaWiki:Editnotice-#-PAGENAME where # is the page's namespace number and
PAGENAME is the page name minus the namespace prefix.
* (bug 8068) New __INDEX__ and __NOINDEX__ magic words allow user control of
search engine indexing on a per-article basis.
* Handheld stylesheet options
* Added 'DoEditSectionLink' hook as a cleaner unified version of the old
'EditSectionLink' and 'EditSectionLinkForOther' hooks. Note that the
'EditSectionLinkForOther' hook has been removed, but 'EditSectionLink' is
run in all cases instead, so extensions using the old hooks should still work
if they ran roughly the same code for both hooks (as is almost certain).
* Signature (~~~~) "cleaning", i.e. template removal, can be disabled with
$wgCleanSignatures=false
* Extensions can use the SkinBuildSidebar hook to modify the content of the
sidebar and add custom portlets to it
* Added 'MakeGlobalVariablesScript' hook for extensions to be able to add vari-
ables into the output of Skin::makeVariablesScript
* (bug 13846) Added $wgAddGroups and $wgRemoveGroups display on
Special:ListGroupRights
* (bug 14377) Add a date selector to history pages
* (bug 15007) New 'pagetitle-view-mainpage' message allows the HTML <title> of
the main page to be customized
* Added $wgDisableTitleConversion to disabling the conversion for all pages on
the wiki
* Added 'noconvertlink' toggle that can be set per user preferences, also
added 'convertlink=no|yes' on GET requests whether have the link titles
being converted or not
* (bug 14921) Special:Contributions/: add user name to <title>
Patch by Emufarmers
* Unescape more "safe" characters when producing URLs, for added prettiness
* Introduced a new hook 'SkinAfterContent' that allows extensions to add text
after the page content and article metadata. Updated all skins and skin
templates to work with that hook.
* (bug 14929) removeUnusedAccounts.php now supports 'ignore-touched' and
'ignore-groups'. Patch by Louperivois
* (bug 15127) Work around minor display glitch in Opera.
* By default, reject file uploads that look like ZIP files, to avoid the
so-called GIFAR vulnerability.
* (bug 15141) Give ability to only list protected pages with the cascading
option enabled on Special:ProtectedPages
* (bug 15157) Special:Watchlist has the same options as Special:Watchlist:
Show/Hide logged in users, Show/Hide anonymous, Invert namespace selection
* Added hook 'UserrightsChangeableGroups' to allow modification of what
groups may be added or removed via the Special:UserRights interface.
* HTML entities like now work (are not escaped) in edit summaries.
* (bug 13815) In the comment for page moves, use the colon-separator message
instead of a hardcoded colon.
* Allow <gallery> to accept image names without an Image: prefix
* Add tooltips to rollback and undo links
* BMP images are now displayed as PNG
* (bug 13471) Added NUMBERINGROUP magic word
* (bug 11884) Now support Flash EXIF attribute
* Show thumbnails in the file history list, patch by User:Agbad
* Added support of piped wikilinks using double-width brackets
* Added an on-wiki external image whitelist. Items in this whitelist are
treated as regular expression fragments to match for when possibly
displaying an external image inline.
* (bugs 15405, 15436) Sort more currency types correctly in sortable tables
* (bug 15422) Sort more different types of numbers in sortable tables
* (bug 2889) MediaWiki:Print.css applies to the printable version
* Category counts (e.g. from {{PAGESINCATEGORY:}}) should be more accurate for
small categories
* After logging in, automatically redirect to wherever you logged in from
* (bug 5619) Break messages used in Special:Statistics down further
* (bug 11029) Add link to Special:Listusers?group=sysop etc at
Special:Statistics
* (bug 15514) Setting $wgRightsText without $wgRightsUrl now produces a
plaintext copyright notice. Patch by Juliano F. Ravasi.
* (bug 15551) Deletion log excerpt is now shown whenever a user vists a
deleted page, even if they are unable to edit it.
* Added Wantedfiles special pages, allowing users to find image links with no
image.
* (bug 12650) It is now possible to set different expiration times for
different restriction types on the protection form.
* (bug 8440) Allow preventing blocked users from editing their talk pages
* Improved upload file type detection for OpenDocument formats
* Added the ability to set the target attribute on external links with
$wgExternalLinkTarget
* api.php now sends "Retry-After" and "X-Database-Lag" HTTP headers if the
maxlag check fails, just like index.php does
* Added "link" parameter to image links, to allow images to link to an
arbitrary title or URL. This should replace inaccessible and incomplete
solutions such as CSS-based overlays and ImageMap.
* (bug 368) Don't use caption for alt attribute; allow manual specification
using new "alt=" parameter for images
* (bug 44) The {{ns:}} core parser function now also accepts localized
namespace names and aliases; also, its output now uses spaces instead of
underscores to match the behavior of the {{NAMESPACE}} magic word
* Added the ability to display user edit counts in Special:ListUsers. Off by
default, enabled with $wgEdititis = true (named after the medical condition
marked by unhealthy obsession with edit counts).
* Added a file cache to the parser to improve page rendering time on pages with
several uses of the same image.
* (bug 1250) Users can still use "show preview" and "show changes" even if the
wiki is set to read-only mode.
* Added a call to the 'UnwatchArticleComplete' hook to the watchlist editor.
This should make it so that ALL user-accessible methods of removing a page
from a watchlist lead to this hook being called (it was previously only
called from within Article.php
* Maximum execution time for shell processes on linux is now configured with
$wgMaxShellTime (180 seconds by default)
* (bug 1306) 'Email user' link no longer shown on user page when emailing
is not available due to lack of confirmed address or disabled preference
* Special:Wanted templates special page added to display missing templates
linked from articles
* Make search matches bold only, not red as well
* (bug 10080) Blocks can be modified without unblocking first
* (bug 15820) Special:BlockIP shows a notice if the user being blocked is
already directly blocked
* (bug 13710) Allow to force "watch this" checkbox via URL using parameter
"watchthis"
* (bug 15125) Add Public Domain to default options when installing. Patch by
Nathan Larson.
* Set a special temporary directory for ImageMagick with $wgImageMagickTempDir
* (bug 16113) Show/hide for redirects in Special:NewPages
* (bug 15903) Upload link was added to Nostalgia skin
* (bug 15761) Add user toggle to omit diff after rollback
* Added the BitmapHandler_ClientOnly media handler, which allows server-side
image scaling to be completely disabled for specific media types, via the
$wgMediaHandlers configuration variable.
* New 'AbortDiffCache' hook can be used to cancel the caching of a diff
* (bug 15835) Added Content-Style-Type meta tag
* (bug 11027) Add parameter to MW:Randompage-nopages so that user can see the
namespace.
* Add id="mw-user-domain-section" to <tr> tag in Userlogin.php template so that
admins with a single domain can hide the domain section using CSS
* Dropped old Paser_OldPP class. Only new parser with preprocessor is used.
* Moved password reset form from Special:Preferences to Special:ResetPass
* Added Special:ChangePassword as a special page alias for Special:ResetPass
* Added complementary function for addHandler() called removeHandler() for
removing events
* Improved security of file uploads for IE clients, using a reverse-engineered
algorithm very similar to IE's content detection algorithm.
* Cascading protection no longer requires that both edit and move are restricted
to sysop, just edit=sysop is enough
* (bug 2391) A warning is now shown for invalid ISBN numbers on
Special:Booksources.
* Installer has been updated to reflect the release of the GFDL 1.3. The URL for
1.2 has been updated, and the 1.3 URL has been given. 1.2 is still
Wikipedia-compatible. RightsCode was changed from 'gfdl' to 'gfdl1_2', so we
can now support 1.2 as well as 1.3 (gfdl1_3).
* (bug 16293) PD URL was changed to the CreativeCommons site on PD (which
auto-detects your language) instead of Wikipedia.
* (bug 16635) The "view and edit watchlist" page (Special:Watchlist/edit) now
includes a table of contents
* File objects returned by wfFindFile() are now cached by default
* (bug 7492) Rights can now be assigned to specific IP addresses and ranges by
using $wgAutopromote (new defines: APCOND_ISIP and APCOND_IPINRANGE)
* Add a 'change block' link to Special:IPBlockList and Special:Log
* (bug 16459) Use native getElementsByClassName where possible, for better
performance in modern browsers
* Enable \cancel and \cancelto in texvc (recompile required)
* Added 'UserCryptPassword' and 'UserComparePasswords' hooks to allow extensions
to implement their own password hashing methods.
* (bug 16760) Add CSS-class to action links of Special:Log
* (bug 505) Time zones can now be specified by location in user preferences,
avoiding the need to manually update for DST. Patch by Brad Jorsch.
* (bug 2585) HTTP 404 return code is now given for a page view if the page
does not exist, allowing spiders and link checkers to detect broken links.
* Special:Log: Add 'change protection' link for unprotected pages too
* Special:Log: Add log type specific CSS classes 'mw-logline-$logtype' to
'li' elements
* (bug 16754) Making arbitrary rows of sortable tables sticky:
|- class="unsortable"
* Show subversion too even if a "normal" version number is available
* (bug 16121) Add a note that a page move was without creating a redirect in the
move log
* Image moving is now enabled for sysops by default
* Make "Did you mean" search feature more noticeable
* (bug 16720) Transcluded Special:NewPages processes "/username="
=== Bug fixes in 1.14 ===
* (bug 14907) DatabasePostgres::fieldType now defined.
* (bug 14659) Passing the default limit param to Special:Recentchanges no more
falls back to the user option
* (bug 14954) Fix regression in Modern and Simple skins
* Recursion loop check added to Categoryfinder class
* Fixed few performance troubles of large job queue processing
* Not setting various parameters in Foreign Repos now fails more gracefully
* (bug 2333) Redirects are properly rendered when previewing an edit.
* (bug 14972) Use localized alias of Special:Search on all search forms
* (bug 11035) Special:Search should have descriptive <title>
* Special pages are now not subject to special handling for "self-links"
* (bug 15053) Syntactically incorrect redirects with another link in them
no longer redirect to the second link
* (bug 15049) Fix for CheckUser extension's log search: usernames containing
a "-" were incorrectly turned into bogus IP range searches.
Patch by Max Semenik.
* (bug 15055) Talk page notifications no longer attempt to send mail when
user's e-mail address is invalid or unconfirmed
* (bug 12370) Add throttle on password attempts. Defaults to max 5 attempts in
5 minutes.
* (bug 15016) 'Templates used on this page' list in view source should be
wrapped in a div with class "templatesUsed"
* (bug 14868) Setting $wgFeedDiffCutoff to 0 now disables generation of the
diff entirely, not just the display of it.
* (bug 6387) Introduced new setting $wgCategoryPrefixedDefaultSortkey which
allows having the unprefixed page title as the default category sortkey
* (bug 15079) Add class="ns-talk" / "ns-subject" to <body>. Also added
ns-special to special pages.
* (bug 15052) Skins should add their name as a class in <body>
* (bug 14165, bug 14294) Wikimedia specific configuration in convertGrammar()
for several languages was removed. The settings have been put in extension
WikimediaMessages. Patch for Czech by Danny B.
* (bug 15101) Displaying only bots edits in Special:Recentchanges now works
again
* (bug 13770) Fixed incorrect detection of PHP's DOM module
* (bug 14790) Export of category pages when using Category: prefix now actually
gives results
* Avoid recursive crazy expansions in section edit comments for pages which
contain '/*' in the title
* Fix excessive memory usage when parsing pages with lots of links
* $wgSpamRegex now matches the edit summary and page move descriptions in
addition to body text.
* Navigation links to images available from a shared repository (like Commons)
from their local talk pages no longer appear as redlinks
* Action=purge on ForeignApiFiles now works (purges their thumbnails and
description pages).
* (bug 15303) Title conversion for templates wasn't working in some cases.
* (bug 15264) Underscores in Special:Search/Foo_bar parameters were taken
literally; now converting them to spaces per expectation.
* (bug 15342) "Invert" checkbox now works correctly when selecting main
namespace in Special:Watchlist
* (bug 15172) 'Go' button of Special:Recentchanges now on the same line as the
last input element (like Special:Watchlist too)
* (bug 15351) Fix fatal error for invalid section fragments in autocomments
* Fixed intermittent deadlock errors involving objectcache table queries.
Use a separate database connection for the objectcache table to avoid
long-lasting locks on that table.
* Respect file restrictions in the file history list
* (bug 15399) Odd/even classes on sortable tables' rows could be slow for large
tables, and have been disabled by default.
* (bug 15482) Special:Recentchangeslinked has no longer two submit buttons
* (bug 15292) New message notification for unregistred users now works again
* (bug 14398) mwsuggest.js: Let width of container be configurable
* (bug 15543) Only include user touched timestamp to generated CSS
* (bug 15497) Removed encoding attribute from <?xml ?> tag
* (bug 12284) Special:Preferences now sets a returnto parameter on the link to
Special:UserLogin. Patch by Marooned.
* Fixed the HTTP accept language string detection length in
LanguageConverter.php, instead of the fixed length language codes.
* Special:RecentChangesLinked no longer shows outgoing links for nonexistent
pages even if there are broken link records with source article id 0 in the
database
* (bug 15598) Special:Newpages default limit uses user preference for
recentchanges limit instead of hardcoded 50.
* (bug 15617) $wgFeedClassesOutputPage::getHeadLinks() respects $wgFeedClasses,
instead of hardcoding rss and atom. Patch by Juliano F. Ravasi.
* (bug 14638) Special:Blockip now provides a link to the block log if the user
has been blocked more than 10 times. Patch by Matt Johnston.
* (bug 12678) Skins don't show Upload link if the user isn't allowed to upload.
* Fixed incorrect usage of DB_LAST in Special:Export. Deprecated DB_LAST.
* (bug 15642) Blocked sysops can no longer block other users
* Http::request() now respects $wgHTTPtimeout when not using cURL
* (bug 15158) Userinvalidcssjstitle not shown on preview
* (bug 15196) Free external links should be numbered in a localised manner
* (bug 15388) Title of Special:PrefixIndex
* Links with no title but a curid parameter now use the curid to pick a page
* (bug 10323) Special:Undelete should have "inverse selection" button
* (bug 15831) Modern skin RTL support is bugous
* (bug 15869) Nostalgia skin does not show page title in printable mode
* (bug 15795) Special:Userrights is now listed on Special:SpecialPages when the
user can only change his rights
* (bug 15846) Categories "leak" from older revisions in certain circumstances
* (bug 15928) Special pages dropdown should be inline in non-MonoBook skins
* (bug 14178) Some uses of UserLoadFromSession hook cause segfault
* (bug 15925) Postitive bytes added on recentchanges and watchlists are now
bolded if above the threshold, previously it only worked for negatives
* Specify apple-touch-icon before favicon in HTML head section to make the
Konqueror browser correctly use the latter
* (bug 15717) Set $separatorTransformTable for language 'eu'
* (bug 15605) Enabled $datePreferences for language 'hr'. Added standard date
preferences.
* (bug 13701) {{NUMBEROFVIEWS}} magic word to show number of total views.
* (bug 5101) Image from Commons doesn't show up when searched in Wikipedia
search box
* (bug 14609) User's namespaces to be searched default not updated after adding
new namespace
* Purge form uses valid XHTML
* (bug 12764) Special:LonelyPages shows transcluded pages
* (bug 16073) Enhanced RecentChanges uses onclick handler with better fallback
if JavaScript is disabled
* (bug 4253) Recentchanges IRC messages no longer include title in diff URLs
* Allow '0' to be an accesskey.
* (bug 8063) Use language-dependent sorting in client-side sortable tables
* (bug 16160) Suggestions box should be resized from left for RTL wikis
* (bug 11533) Fixed insane slowdown when in read-only mode for long periods
of time with CACHE_NONE (default objectcache table configuration).
* Trying to set two different default category sort keys for one page now
produces a warning
* (bug 16143) Fix redirect loop on special pages starting with lower case
letters
* (bug 15737) Fix notices while expanding using PPCustomFrame
* (bug 15544) Non-index entry points cause the "Wiki not set up" message to
have corrupt URLs
* (bug 5101) Image from Commons doesn't show up when searched in Wikipedia
search box
* (bug 4362) [[MediaWiki:History copyright]] no more used with most recent
revision when passing oldid parameter in the url
* (bug 16265) When caching thumbs with the ForeignApiRepo, we now use the same
filename as the remote site.
* (bug 8345) Don't autosummarize where a redirect was left unchanged
* Made thumb caching in ForeignApiFile objects integrated with normal thumb
path naming (/thumbs/hash/file), retired 'apiThumbCacheDir' as a result.
* (bug 5530) Consistency between character encoding in {{PAGENAMEE}},
{{SUBPAGENAMEE}} and {{FULLPAGENAMEE}}
* Safer handling of non-MediaWiki exceptions -- now obeys our settings for
formatting and path exposure.
* Less verbose errors from profileinfo.php when not configured
* Blacklist redirects via Special:Filepath, hard to use.
* Improved input validation on Special:Import form
* Add a .htaccess to deleted images directory for additional protection
against exposure of deleted files with known SHA-1 hashes on default
installations.
* Improved scripting safety heuristics for IE 5/6 content-type detection.
* Improved scripting safety heuristics on SVG uploads.
* (bug 11728) Unify layout of enhanced watchlist/recent changes
* (bug 8702) Properly update stats when running nukePage maintenance script
* (bug 7726) Searches for words less than 4 characters now work without
requiring customization of MySQL server settings
* Honour unchecked "Leave a redirect behind" for moved subpages
* (bug 16440) Broken 0-byte math renderings are now deleted and re-rendered
when page is re-parsed.
* (bug 6100) Unicode BiDi embedding/override characters (U+202A - U+202E) are
now automatically removed from titles; these characters can accidentally end
up in copy-and-pasted titles, and, by overriding normal bidirectional text
handling, can lead to annoying behavior such as text rendering backwards
* Fixed minor bug where the memcached value for how many accounts an IP had
created that day would be increased even if $wgAccountCreationThrottle was
hit. This meant if an IP hit the throttle and then the throttle was raised
later that day, the IP still couldn't create another account, because it
had marked them as having created another account, when their last account
creation had actually failed.
* (bug 12647) Allow autogenerated edit summary messages to be blanked with '-'
* (bug 16026) 'Revision-info' and 'revision-info-current' both accept wiki
markup now.
* (bug 16529) Fix for search suggestions with some third-party JS libraries
* (bug 13342) importScript() generates more consistent URI encoding
* (bug 16577) When a blocked user tries to rollback a page, the block message
is now only displayed once
* (bug 14268) SVG image sizes now extracted with proper XML parser
* (bug 14365) RepoGroup::findFiles() no longer crashes if passed an invalid
title via the API
* (bug 4253, bug 16586) Revision ID is now given instead of title in URLs for
new pages in the recent changes IRC feed
* Ugly tooltips in Special:Statistics were phased out in favor of more direct
information. Went ahead and rewrote SpecialStatistics to subclass SpecialPage
* (bug 5506) Links to files on foreign repositories are now shown consistently
as bluelinks e.g. in logs and edit summaries
* (bug 16623) Add missing </p> tag in Special:LockDB
* (bug 15849) Special:Movepage now throws a more specific error when trying to
move a title to an interwiki target
* (bug 16638) 8-bit URL fallback encoding now set on additional languages using
Arabic script (Persian, Urdu, Sindhi, Punjabi)
* (bug 16656) cleanupTitles and friends should now work in load-balanced
DB environments when $wgDBserver isn't set.
* (bug 3691) Aspect ratio from viewBox attribute is now preserved for SVG
images which do not specify width and height attributes.
* (bug 15027) Internet domain names and IP addresses can now be indexed and
searched sensibly with the default MySQL search backend.
* (bug 11733) Fixed parameter validation in importTextFile.php
* (bug 16712) Special:NewFiles updated to use "newer"/"older" paging messages
for clarity over "previous/next"
* (bug 16612) Fixed "noprint" class for Modern skin print style
* Section anchors now have an "id" attribute as well as a "name" attribute,
even when Tidy is not used
* (bug 16026) revision-info, revision-info-current, cannotdelete,
redirectedfrom, historywarning and difference messages now use Wiki text
rather than raw HTML markup
* (bug 13835) Fix rendering of {{filepath:Wiki.png|nowiki}}
* (bug 16772) Special:Upload now correctly rejects files with spaces in the
file extension (e.g. Foo. jpg).
* Image moving over an existing file no longer throws a database error
* (bug 16786) Restored "redundant" links recently removed from Classic sidebar
* (bug 16850) $wgActionPaths can have query strings now, previously, this broke
local URLs
* (bug 16376) Mention in deleteBatch.php and moveBatch.php maintenance scripts
that STDIN can be used for page list
* (bug 16560) Special:Random returns a page from ContentNamespaces, and no
longer from NS_MAIN
=== API changes in 1.14 ===
* Registration time of users registered before the DB field was created is now
shown as empty instead of the current time.
* API search now falls back to fulltext search by default when using Lucene
or other engine which doesn't support a separate title search function.
This means you can use API search on Wikipedia without explicitly adding
&srwhat=text to the query.
* Added iiprop=bitdepth to imageinfo and aiprop=bitdepth to allimages
* (bug 14713) API-specific permissions (such as 'writeapi' and 'apihighlimits'
are now listed on action=help
* (bug 15044) Added requestid parameter to api.php to facilitate distinguishing
between requests
* (bug 15048) Added limit field for multivalue parameters to action=paraminfo
output.
* When the limit on multivalue parameters is exceeded, a warning is issued
* list=search doesn't list missing pages any more
* (bug 15178) Added clshow to prop=categories to allow filtering for hidden/
non-hidden categories
* (bug 15228) Combining revids= and redirects now throws a warning instead of
an error, and still resolves redirects generated by the generator.
* list={backlinks,embeddedin,imageusage} now return arrays with keys 0, 1, 2,
etc. (AKA lists) instead of arrays with pageIDs as keys (AKA hash tables)
for consistency with other list modules.
* Added action=watch
* (bug 15275) apprefix and related parameters ignore spaces at the end
* action=edit no longer throws unknown error 228 when trying to create an
empty section with section=new
* Database replication lag doesn't cause all action=edit requests to return the
nochange flag any more
* (bug 15392) ApiFormatBase::formatHTML now uses $wgUrlProtocols.
* (bug 15444) action=edit returns "Unknown error: ``AS_END''" where it should
return just "Unknown error"
* (bug 15448) YAML output returns empty values instead of 0
* (bug 15445) Added action=patrol
* (bug 15466) Added action=purge
* (bug 15486) action=block ignores autoblock parameter
* (bug 15492) added rcprop=loginfo to list=recentchanges
* (bug 15527) action=rollback can now revert anonymous editors
* (bug 15535) prop=info&inprop=protection doesn't list pre-1.10 protections
if the page is also protected otherwise (1.10+ style or cascading)
* list=random now has rnredirect parameter, to get random redirects.
* Added APIAfterExecute, APIQueryAfterExecute and APIQueryGeneratorAfterExecute
hooks which allow for extending core modules in a cleaner way
* action=protect checks for invalid protection types and levels
* (bug 15673) Added indentation to format=wddxfm output and improved built-in
WDDX formatter to resemble PHP's more
* (bug 15706) Empty values for apprtype and apprlevel are now silently ignored
rather than causing an exception
* Added uiprop=preferencestoken to meta=userinfo
* (bug 15609) Add inprop=url and inprop=readable to prop=info
* Add ApiDisabled and ApiQueryDisabled classes so individual modules can
be disabled in LocalSettings.php
* (bug 15653) Add prop=duplicatefiles
* (bug 15768) Add list=watchlistraw
* (bug 15647) action=edit with basetimestamp fails if the page has been deleted
and undeleted since the last edit
* (bug 15785) Allow for different expiry times for different protections in
action=protect
* Added allowsduplicates attribute to action=paraminfo output
* (bug 15767) apfilterlanglinks returns duplicate results
* (bug 15845) Added pageid/fromid parameter to action=delete/move, making
manipulation of legacy pages with invalid titles possible
* (bug 15881) Empty or invalid parameters cause database errors
* The maxage and smaxage parameters are now properly validated
* (bug 15945) list=recentchanges doesn't check $wgUseRCPatrol, $wgUseNPPatrol
and patrolmarks right
* (bug 15985) acfrom and aifrom parameters didn't work when sorting in
descending order.
* (bug 15995) Add cmstartsortkey and cmendsortkey parameters to
list=categorymembers
* (bug 16017) list=categorymembers sets invalid continue parameters for
sortkeys containing pipes
* (bug 16018) Added uccontinue parameter to list=usercontribs so paging
works properly when multiple users are queried or a userprefix is used
* (bug 16047) Added activeusers attribute to meta=siteinfo&siprop=statistics
output
* Added redirect resolution to action=parse
* (bug 16074) rvprop=content combined with a generator with a high limit causes
an error
* (bug 16105) Image metadata attributes containing spaces result in invalid XML
* (bug 16126) Added siprop=magicwords to meta=siteinfo
* (bug 16159) Added wlshow=patrolled|!patrolled to list=watchlist
* (bug 16225) Titles like Talk:Talk:Foo broke apfrom and friends
* meta=siteinfo&siprop=interwikimap no longer throws an exception for empty
sifilter parameter.
* (bug 12760) meta=userinfo&uiprop=ratelimits doesn't list group-specific rate
limits
* (bug 16398) meta=userinfo&uiprop=rights lists some rights twice in some cases
* (bug 16408) Added rvgeneratexml to prop=revisions
* (bug 16421) Made list=logevents's leuser accept user names with underscores
instead of spaces
* (bug 16516) Made rvsection=T-2 work
* (bug 16526) Added usprop=emailable to list=users
* (bug 16548) list=search threw errors with an invalid error code
* (bug 16515) Added pst and onlypst parameters to action=parse
* (bug 16541) Added block expiry timestamp to list=logevents output
* (bug 16613) action=protect doesn't tell when &cascade was set but cascading
protection wasn't allowed
* (bug 16626) action=delete now correctly handles empty "reason" param
* (bug 15579) clshow considers all categories !hidden
* (bug 16647) list=allcategories, prop=categories don't return "hidden"
property for hidden categories
* New siprop parameter of 'extensions' to list all installed extensions
* (bug 16672) Include canonical namespace name in
meta=siteinfo&siprop=namespaces.
* (bug 16726) siprop=namespacealiases should also list localized aliases
* (bug 16730) Added apprfiltercascade parameter to list=allpages to filter
cascade-protected pages
=== Languages updated in 1.14 ===
MediaWiki supports over 300 languages. Many localisations are updated
regularly. Below only new and removed languages are listed.
* Bakhtiari (bqi) (new)
* Fiji Hindi (Devanagari script) (hif-deva) (new)
* Krio (kri) (new)
* Lezghian (lez) (new)
* Laz (lzz) (new)
* Eastern Mari (mhr) (new)
* Niuean (niu) (new)
* Oromo (om) (new)
* Plautdietsch (pdt) (new)
* Western Punjabi (pnb) (new)
* Tarantino (roa-tara) (new)
* Serbo-Croatian (sh) (new)
* Tulu (tcy) (new)
== MediaWiki 1.13 ==
== MediaWiki 1.13.5 ==
February 22, 2009
This is a maintenance update to the Summer 2008 snapshot release of MediaWiki.
MediaWiki is now using a "continuous integration" development model with
quarterly snapshot releases. The latest development code is always kept
"ready to run", and in fact runs our own sites on Wikipedia.
Release branches will continue to receive security updates for about a year
from first release, but nonessential bugfixes and feature developments
will be made on the development trunk and appear in the next quarterly release.
Those wishing to use the latest code instead of a branch release can obtain
it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
== Changes since 1.13.4 ==
* (bug 17449) Fixed PostgreSQL installation
* (bug 17527) Fixed missing MySQL-specific options in installer
== Changes since 1.13.3 ==
A number of cross-site scripting (XSS) security vulnerabilities were discovered
in the web-based installer (config/index.php). These vulnerabilities all
require a live installer -- once the installer has been used to install a wiki,
it is deactivated.
Note that cross-site scripting vulnerabilities can be used to attack any website
in the same cookie domain. So if you have an uninstalled copy of MediaWiki on
the same site as an active web service, MediaWiki could be used to attack the
active service.
If you are hosting an old copy of MediaWiki that you have never installed, you
are advised to remove it from the web.
== Changes since 1.13.2 ==
David Remahl of Apple's Product Security team has identified a number of
security issues in previous releases of MediaWiki. Subsequent analysis by the
MediaWiki development team expanded the scope of these vulnerabilities. The
issues with a significant impact are as follows:
* An XSS vulnerability affecting all MediaWiki installations between 1.13.0 and
1.13.2. [CVE-2008-5249]
* A local script injection vulnerability affecting Internet Explorer clients for
all MediaWiki installations with uploads enabled. [CVE-2008-5250]
* A local script injection vulnerability affecting clients with SVG scripting
capability (such as Firefox 1.5+), for all MediaWiki installations with SVG
uploads enabled. [CVE-2008-5250]
* A CSRF vulnerability affecting the Special:Import feature, for all MediaWiki
installations since the feature was introduced in 1.3.0. [CVE-2008-5252]
XSS (cross-site scripting) vulnerabilities allow an attacker to steal an
authorised user's login session, and to act as that user on the wiki. The
authorised user must visit a web page controlled by the attacker in order to
activate the attack. Intranet wikis are vulnerable if the attacker can
determine the intranet URL.
Local script injection vulnerabilities are like XSS vulnerabilities, except
that the attacker must have an account on the local wiki, and there is no
external site involved. The attacker uploads a script to the wiki, which another
user is tricked into executing, with the effect that the attacker is able to act
as the privileged user.
CSRF vulnerabilities allow an attacker to act as an authorised user on the wiki,
but unlike an XSS vulnerability, the attacker can only act as the user in a
specific and restricted way. The present CSRF vulnerability allows pages to be
edited, with forged revision histories. Like an XSS vulnerability, the
authorised user must visit the malicious web page to activate the attack.
These four vulnerabilities are all fixed in this release.
David Remahl also reminded us of some security-related configuration issues:
* By default, MediaWiki stores a backup of deleted images in the images/deleted
directory. If you do not want these images to be publically accessible, make
sure this directory is not accessible from the web. MediaWiki takes some steps
to avoid leaking these images, but these measures are not perfect.
* Set display_errors=off in your php.ini to avoid path disclosure via PHP fatal
errors. This is the default on most shared web hosts.
* Enabling MediaWiki's debugging features, such as $wgShowExceptionDetails, may
lead to path disclosure.
Other changes in this release:
* Avoid fatal error in profileinfo.php when not configured.
* Add a .htaccess to deleted images directory for additional protection against
exposure of deleted files with known SHA-1 hashes on default installations.
* Avoid streaming uploaded files to the user via index.php. This allows
security-conscious users to serve uploaded files via a different domain, and
thus client-side scripts executed from that domain cannot access the login
cookies. Affects Special:Undelete, img_auth.php and thumb.php.
* When streaming files via index.php, use the MIME type detected from the
file extension, not from the data. This reduces the XSS attack surface.
* Blacklist redirects via Special:Filepath. Such redirects exacerbate any
XSS vulnerabilities involving uploads of files containing scripts.
* Internationalisation updates.
== Changes since 1.13.1 ==
* Security: Work around misconfiguration by requiring strict comparisons for
in_array in User::isAllowed().
* (bug 14944) Added $wgShellLocale for configuration of an appropriate locale
to use for LC_CTYPE during shell invocation. For servers that don't have
en_US.utf8. Also added locale detection during install.
* Localisation updates
* Security: Fixed XSS vulnerability in useskin parameter.
== Changes since 1.13.0 ==
* (bug 15460) Fixed intermittent deadlock errors and poor concurrent
performance for installations without memcached.
* (bug 13770) Fixed DOM module detection for installations with both dom
and domxml.
* (bug 15148) Fixed Special:BlockIP for PostgreSQL
* Fixed SQLite support for non-memcached installations
* Localisation updates, Achinese (ace) added.
== Changes since 1.13.0rc2 ==
* (bug 13770) Fixed incorrect detection of PHP's DOM module
* Fix regression from r37834: accesskey tooltip hint should be given for the
minor edit and watch labels on the edit page.
* Updated Chinese simplified/traditional conversion tables
== Changes since 1.13.0rc1 ==
* $wgForwardSearchUrl has been removed entirely. Documented setting since 1.4
has been $wgSearchForwardUrl.
* (bug 14907) DatabasePostgres::fieldType now defined.
* (bug 14966) Fix SearchEngineDummy class for silently non-functional search
on Sqlite instead of horribly fatal error breaky one.
* (bug 14987) Only fix double redirects on page move when the checkbox is
checked
* (bug 13376) Use $wgPasswordSender, not $wgEmergencyContact, as return
address for page update notification mails.
* API: Registration time of users registered before the DB field was created is
now shown as empty instead of the current time.
* (bug 14904): fragments were lost when redirects were fixed.
* Added magic word __STATICREDIRECT__ to suppress the redirect fixer
* (bug 15035) Revert English linkTrail to /^([a-z]+)(.*)$/sD, as it was before
r36253. Multiple reports of breakage due to old (pre-5.0) PCRE libraries,
both bundled with PHP and packaged with distros such as RHEL.
* (bug 14944) Shell invocation of external programs such as ImageMagick convert
was broken in PHP 5.2.6, if the server had a non-UTF-8 locale.
=== Configuration changes in 1.13 ===
* New option $wgFeed can be set false to turn off syndication feeds
* (bug 5745) Special:Whatlinkshere now shows up to $wgMaxRedirectLinksRetrieved
links through each redirect instead of hardcoded 500
* Set $wgUploadSizeWarning to false by default
* Added $wgLBFactoryConf, for generic configuration of multi-master wiki farms
* Removed $wgAlternateMaster, use $wgLBFactoryConf
* (bug 13562) Misspelled option $wgUserNotifedOnAllChanges changed to
$wgUserNotifiedOnAllChanges
* (bug 12860) New option $wgSitemapNamespaces allows sitemaps to be generated
for only some namespaces
* Removed the emailconfirmed implicit group by default. To re-add it, use:
$wgAutopromote['emailconfirmed'] = APCOND_EMAILCONFIRMED;
in your LocalSettings.php.
* (bug 2396) New shared database configuration variables. $wgSharedPrefix allows
you to use a shared database with a different prefix. Or you can now use a
local database and use prefixes to separate wiki and the shared tables. And
the new $wgSharedTables variable allows you to specify a list of tables to
share.
* Automatic edit summaries can be disabled with $wgUseAutomaticEditSummaries
* Duplicates of images are now shown on the image page
* $wgRCFilterByAge allows for the list of dates in recent changes special pages
to be filtered to only those within the range of $wgRCMaxAge
* $wgRCLinkLimits and $wgRCLinkDays allow for customization of the list and
limits displayed on the recent changes special pages
* The "createpage" permission is no longer required when uploading if the target
image page already exists
* $wgMaximumMovedPages restricts the number of pages that can be moved at once
(default 100) with the new subpage-move functionality of Special:Movepage
* Hooks display in Special:Version is now disabled by default, use
$wgSpecialVersionShowHooks = true; to enable it.
* $wgActiveUserEditCount sets the number of edits that must be performed over
a certain number of days to be considered active
* $wgActiveUserDays is that number of days
* $wgRateLimitsExcludedGroups has been deprecated in favor of
$wgGroupPermissions[]['noratelimit']. The former still works, however.
* New $wgGroupPermissions option 'move-subpages' added to control bulk-moving
subpages along with pages. Assigned to 'user' and 'sysop' by default.
* New $wgRC2UDPOmitBots allows user to omit bot edits from UDP output.
Default: false
* Removed $wgEnableCascadingProtection option. Disabling cascading protection
is no longer possible.
* $wgMessageCacheType defines now the type of cache used by the MessageCache
class, previously it was choosen based on $wgParserCacheType
* $wgExtensionAliasesFiles option to simplify adding aliases to special pages
provided by extensions, in a similar way to $wgExtensionMessagesFiles
* Added $wgXMLMimeTypes, an array of XML mimetypes we can check for
with MimeMagic.
* Added $wgDirectoryMode, which allows for setting the default CHMOD value when
creating new directories.
* (bug 14843) $wgCookiePrefix can be set by LocalSettings now, false defaults
current behavior.
=== New features in 1.13 ===
* __HIDDENCAT__ on a category page causes the category to be hidden on the
article page
* Do not show edit permissions errors on a red link click, just redirect to the
article. This is so that readers who don't know what a red link is are not
confused when they are told they are range-blocked.
* Add a new hook ImageBeforeProduceHTML to allow extensions to modify wikitext
image syntax output
* (bug 13100) Added 'preloadtitle' parameter to action=edit§ion=new that
pre-fills the section title field
* (bug 13112) Added Special:RelatedChanges alias to Special:RecentChangesLinked
* (bug 13130) Moved edit token and autosummary fields above edit tools to
reduce broken form submissions
* Add --old-redirects-only option to maintenance/refreshLinks.php, to add old
redirects to the redirect table
* Add links to page and file deletion forms to edit predefined delete reasons
* (bug 13269) Added MediaWiki:Uploadfooter to the bottom of Special:Upload
* (bug 2815) Search results for media now use thumbnail instead of text extract
* When a page doesn't exist, the tab should say "create", not "edit"
* (bug 12882) Added a span with class "patrollink" around "Mark as patrolled"
link on diffs
* Magic word formatnum can now take raw suffix to undo formatting
* Add updatelog table to reliably permit updates that don't change the schema
* Add category table to allow better tracking of category membership counts
** (bug 1212) Give correct membership counts on the pages of large categories
** Use category table for more efficient display of Special:Categories
* (bug 1459) Search for duplicate files by hash: Special:FileDuplicateSearch
* (bug 9447) Added hooks for search result headings
* Image redirects are now enabled by default
* (bug 13450) Email confirmation can now be canceled before the expiration
* (bug 13490) Show upload/file size limit on upload form
* Redesign of Special:UserRights
* Make rev_deleted log entries more intelligible
* (bug 6943) Added PAGESINCATEGORY: magic word
* (bug 13604) Added Special:ListGroupRights
* (bug 6332, 8617) Added message 'mainpage-description' as duplicate of
'mainpage' and added it to message 'sidebar'
* Automatically add old redirects to the redirect table when needed
* (bug 6934) Allow inclusions, links, redirects to be separately toggled on or
off on Special:WhatLinksHere
* Cache image redirects
* (bug 10457) Organize Special:SpecialPages into sections
* Add a new hook EditPageBeforeConflictDiff to allow extensions like FCKeditor
to modify the output for edit conflicts
* Add class="nested" for <fieldset>s so fieldsets inside fieldsets get
a slightly less huge margin and padding
* (bug 13527) Use sitemaps.org format 0.9 instead of a Google-specific format
* Allow \C and \Q as TeX commands to match \R, \N, \Z
* On Special:UserRights, when you can add a group you can't remove or remove
one you can't add, a notice is printed to warn you
* (bug 12698) Create PAGESIZE parser function, to return the size of a page
* Allow the "log in / create account" link in the toolbar to have different
text from Special:UserLogin title (new message 'nav-login-createaccount')
* Say "log in / create account" if an anonymous user can create an account,
otherwise just "log in", consistently across skins
* Special:Shortpages and Special:Longpages now returns pages in all content
namespaces, not just NS_MAIN.
* (bug 889) Improve conflict-handling between shared upload repository
and local one
* Update documentation links in auto-generated LocalSettings.php
* (bug 13584) The new hook SkinTemplateToolboxEnd was added.
* (bug 709) Cannot rename/move images and other media files [EXPERIMENTAL]
* Custom rollback summaries now accept the same arguments as the default message
* (bug 12542) Added hooks for expansion of Special:Listusers
* Drop-down AJAX search suggestions (turn on $wgEnableMWSuggest)
* More relevant search snippets (turn on $wgAdvancedSearchHighlighting)
* (bug 13950) Allow users to watch the user/talk pages of users they block.
* (bug 13970) Allow MonoBook-based skins to specify their own print stylesheet
* Show image links on Special:Whatlinkshere
* Use rel="start", "prev", "next" appropriately on Pager-based pages
* Add support for SQLite
* AutoAuthenticate hook renamed to UserLoadFromSession
* (bug 13232) importScript(), importStylesheet() funcs available to custom JS
* (bug 13095) Search by first letters or digits in [[Special:Categories]]
* Users moving a page can now move all subpages automatically as well
* (bug 14259) Localisation message for upload button on Special:Import is now
'import-upload' instead of 'upload'
* Add information about user group membership to Special:Preferences
* (bug 14146) Wrap usage section on imagepages into <div>s.
* New layout for Special:Specialpages. Restricted pages are marked but not
separated from other pages in their group.
* (bug 14263) Show a diff of the revert on rollback notification page.
* (bug 13434) Show a warning when hash identical files exist
* Sidebar is now cached for all languages
* The User class now contains a public function called isActiveEditor. Figures
out if a user is active based on at least $wgActiveUserEditCount number of
edits in the last $wgActiveUserDays days.
* SpecialSearchResults hook now passes results by reference, so they can be
changed by extensions.
* Add a new hook LinkerMakeExternalLink to allow extensions to modify the output
of external links.
* (bug 14132) Allow user to disable bot edits from being output to UDP.
* (bug 14328) jsMsg() within Wikibits now accepts a DOM object, not just a
string
* (bug 14558) New system message (emailuserfooter) is now added to the footer of
e-mails sent with Special:Emailuser
* Add support for Hijri (Islamic) calendar
* Add a new hook LinkerMakeExternalImage to allow extensions to modify the
output of external (hotlinked) images.
* (bug 14604) Introduced the following features for the LanguageConverter:
Multi-tag support, single conversion flag, remove conversion flag on a single
page, description flag, variant name, multi-variant fallbacks.
* Add zh-mo and zh-my variants for the zh language
* (bugs 4832, 9481, 12890) Special:Recentchangeslinked now has all options that
are in Special:Recentchanges
* Allow an $error message to be passed to ArticleDelete hook
* Allow extensions to modify the user creation form by calling addInputItem();
* Add meta generator tag to HTML output
* MediaWikiPerformAction hook is now passed the MediaWiki object
* Added blank special page Special:BlankPage for benchmarking, etc.
* Foreign repo file descriptions and thumbnails are now cached.
* (bug 11732) Allow localisation of edit button images
* Allow the search box, toolbox and languages box in the Monobook sidebar to be
moved around arbitrarily using special sections in [[MediaWiki:Sidebar]]:
SEARCH, TOOLBOX and LANGUAGES
* Add a new hook NormalizeMessageKey to allow extensions to replace messages
before the database is potentially queried
* (bug 9736) Redirects on Special:Fewestrevisions are now marked as such.
* New date/time formats in Cs localization according to ČSN and PČP.
* Special:Recentchangeslinked now includes changes to transcluded pages and
displayed images; also, the "Show changes to pages linked" checkbox now works
on category pages too, showing all links that are not categorizations
* (bug 4578) Automatically fix redirects broken by a page move
=== Bug fixes in 1.13 ===
* (bug 10677) Add link to the file description page on the shared repository
* (bug 13084) Increase size of source/destination filename fields in upload form
* (bug 13115) rebuildrecentchanges should print the current value of $wgRCMaxAge
* (bug 13140) Show parent categories in category namespace
* (bug 13149) Correctly format 'fileexists' message on Upload page
* Make the default filepageexists message accurate
* (bug 12988) $wgMinimalPasswordLength no longer breaks create user by email
* (bug 13022) Fix upload from URL on PHP 5.0.x
* (bug 13132) Unable to unprotect pages protected with earlier versions of
MediaWiki
* (bug 12723) OpenSearch description name now uses more compact language code
to avoid passing the length limit as often, is customizable per site via
'opensearch-desc' message.
* (bug 13135) Special:Userrights now passes IDs through form submission
to allow functionality on not-quite-right usernames
* (bug 12575) Prevent duplicate patrol log entries from being created
* (bug 13174) __HIDDENCAT__ now applies only to category pages
* (bug 13031) Add links to user pages in e-mail form
* (bug 13147) Description for categoriespagetext (used in Special:Categories)
reworded
* (bug 11561) Fix fatal error when calling action=revert to non-image page
* (bug 12430) Fix call to private method LinkFilter::makeRegex fatal error in
maintenance/cleanupSpam.php
* All skins should have the "mediawiki" class on the body element
* (bug 13019) Message cache for some extensions not loaded at time of editing
* (bug 13247) Prettified ISBN links
* maintenance/refreshLinks.php did not fix page_id 1 with the --new-only option
* (bug 13110) Don't show "Permission error" page if the edit is already rolled
back when using rollback
* (bug 13012) Use content messages for block options when generating the
recentchanges entry
* (bug 13274) Change links for messages to ucfirst
* (bug 13273) Un-hardcode some punctuation (add new messages colon-separator,
autocomment-prefix)
* Parse MediaWiki message translations with a correct language setting on
preview
* (bug 13281) Treat X-Forwarded-For, Client-ip and User-Agent headers as
case-insensitive names.
* Adding the fix for lists in RTL wikis to more skins, and fixing the image toc
* (bug 8157) Remove redirects from Special:Unusedtemplates. Patch by WebBoy.
* (bug 10721) Duplicate section anchors with differing case now disambiguated
for Internet Explorer's sake and standards compliance
* (bug 13298) Tighter limits on Special:Newpages limits when embedding
* Email subject in content language instead of sending user's UI language
* (bug 13251) Allow maintenance rebuild scripts to work with Postgres
* (bug 2084) Fixed incorrect regex to match redirects
* (bug 3131) Manually-specified upload destination filename is no longer
overwritten by browsing for a file after you wrote it.
* (bug 7251) Sidebars generated by MediaWiki:Sidebar now have the class
'generated-sidebar'.
* (bug 13265) Media handler is missing 'image/x-bmp'
* (bug 13407) MediaWiki:Powersearch is used in two places
* (bug 13403) Fix cache invalidation of history pages when old revisions change
* (bug 11563) Deprecated SearchMySQL4 class; merged code to SearchMySQL
* (bug 12801) Fix link in subtitle message in AJAX search
* (bug 13428) Fix regression in protection form layout HTML validity
* (bug 9403) Sanitize newlines from search term input
* (bug 13429) Separate date and time in message sp-newimages-showfrom
* (bug 13137) Allow setting 'editprotected' right separately from 'protect',
so groups may optionally edit protected pages without having 'protect' perms
* Disallow deletion of big pages by means of moving a page to its title and
using the "delete and move" option.
* (bug 13466, 13632) White space differences not shown in diffs
* (bug 1953) Search form now honors namespace selections more reliably
* (bug 12294) Namespace class renamed to MWNamespace for PHP 5.3 compatibility
* PHP 5.3 compatibility fix for wfRunHooks() called with no parameters
* (bug 6447) Trackbacks now work with transactional tables, if enabled
* (bug 6892, 7147) Trackback error handling, optional fields more robust
* (bug 6813) Don't break HTML validator when using trackbacks
* Fix for size checks on SVG images with global 'stroke-width' attribute
* (bug 11874) Inline CSS with !important no longer borken
* (bug 1600) Strip extra == section markup == in new-comment field
* (bug 11325) Wrapped page titles in MonoBook skin spaced more nicely
* (bug 12077) Fix HTML nesting for TOC
* (bug 344) Purge cache for talk/article pages when deleting the other tab
* (bug 13436) Treat image captions correctly when they include option keywords
(like ending with "px" or starting with "upright")
* Trackback display formatting fixed
* Don't die when single-element arrays are passed to SQL query constructors
that have an array index other than 0
* (bug 13522) Fix fatal error in Parser::extractTagsAndParams
* (bug 13532) Use proper timestamp call when reverting images
* (bug 13543) Updated FAQ link in the installer sidebar
* (bug 13540) Date format in confirmation e-mail now matches message language
* (bug 13554) PHP Notice in old pre-processor when list item is empty.
* (bug 13556) Don't show a blank form if no image is attached in Special:Upload
* (bug 13576) maintenance/rebuildrecentchanges.php fails
* (bug 13441) Allow Special:Recentchanges to show bots only
* (bug 13431) Show true message source in Special:Allmessages&ot=php / xml
* (bug 13463) Login successful page doesn't use user's preferred interface
language
* (bug 13630) Fixed warnings for pass by reference at call time in
Special:Revisiondelete when generating the log entry.
* (bug 12064) BeforePageDisplay hook is now called for all skins
* (bug 13624) Fix regression with manual thumb= parameter on images
* (bug 11039) Add missing labels on protection form
* (bug 13458) Preview/edit toolbar spacing now works consistently
* (bug 13433) Fix action=render on Image: pages
* (bug 13678) Fix CSS validation for Monobook
* (bug 13684) Links in Special:ListGroupRights should be in content language
* (bug 13690) Fix PHP notice on accessing some URLs
* Hide (undo) link if user isn't able to edit page
* Invalidate cache of pages that includes images via redirects on upload
* (bug 13705) Don't show rollback link in page history on incorrect revisions
* (bug 13708) Don't set "Search results" title when loading Special:Search
without query
* (bug 13736) Don't show MediaWiki:Anontalkpagetext on non-existent IP addresses
* (bug 13728) Don't trim initial whitespace during section edits
* (bug 13727) Don't delete log entries from recentchanges on page deletion
* (bug 13752) Redirects to sections now work again
* (bug 13725) Upload form watch checkbox state set correctly with wpDestFile
* (bug 13756) Don't show the form and navigation links of Special:Newpages if
the page is included
* When hiding things on WhatLinksHere, generated URLs should hide them too
* Properly escape search terms with regex chars so they appear highlighted in
search results
* (bug 13768) pt_title field encoding fixed
* Do not display empty columns on Special:UserRights if all groups are
changeable or all unchangeable
* Fix fatal error on calling PAGESINCATEGORY with invalid category name
* (bug 13793) Special:Whatlinkshere filters wrong - after paginating instead of
before
* (bug 13796) Show links to parent pages even if some of them are missing
* (bug 13816) Filter by main namespace doesn't work on WhatLinksHere
* (bug 13822) Fatal error on some pages when calculating subpage subtitle
* (bug 13824) AJAX search suggestion now works with non-SkinTemplate skins
* Added 'application/x-dia-diagram' MediaWiki's known MIME types
* (bug 13866) skins/common/shared.css - invalid attribute fixing
* Hide edit section links on Special:Undelete
* (bug 13860) Fix "Justify paragraphs" option for Modern skin
* (bug 13168) accessibility links in Modern skin link to wrong anchor id
* (bug 13185) No line break after 'subpages' class in Modern skin
* (bug 13583) No "poweredby" in Modern skin
* (bug 13880) "Printable" link in Modern skin now formats as print mode
* (bug 13885) Bump default $wgSVGMaxSize from 1024 to 2048 pixels
* (bug 13891) Show categories box even if all categories are hidden and user has
"show hidden categories" option on
* (bug 13915) Undefined variable $wltsfield in includes/SpecialWatchlist.php
* (bug 13913) Special:Whatlinkshere now has correct HTML markup
* (bug 13905) Blacklist Mac IE from HttpOnly cookies; it eats them sometimes
* (bug 13922) Fix bad HTML on empty Special:Prefixindex and Special:Allpages
* (bug 13924) Fix bad HTML on power search form
* (bug 13820) Fix updater for rev_parent_id population
* (bug 13925) Fix bad HTML on search results list
* (bug 13934) Fixing the link to GNU General Public License Version 2
* Show correct accesskey prefix for Firefox 3 beta (Alt-Shift-, not Alt-)
* (bug 13949) Special:PrefixIndex/AllPages paging links contain invalid XML
* (bug 13770) Use Preprocessor_Hash by default to avoid missing DOM module
errors
* (bug 13982) Disable ccmeonemails preference when user-to-user mails disabled
* (bug 13615) Update case mappings and normalization to Unicode 5.1.0
Note that case mappings will only be used if mbstring extension is not
present.
* (bug 14044) Don't increment page view counters on views from bot users
* (bug 14042) Calling Database::limitResult() misplaced the comment in the log
file
* (bug 14047) Fix regression in installer which hid DB-specific options
Also makes SQLite path configurable in the installer.
* (bug 13546) Follow image redirects on image page
* (bug 12644) Template list on edit page now sorted on preview
* (bug 14058) Support pipe trick for namespaces and interwikis with "-"
* Message name filter on Special:Allmessages now case-insensitive
* (bug 13943) Fix image redirect behavior on image pages
* (bug 14093) Do 'sysop' => 'protect' magic in Title::isValidMoveOperation
* (bug 14063) Power search form missing <label> for redirects check
* (bug 14111) Similar filename warning links now lead to correct page
* (bug 14082) Fix for complex text input vs AJAX suggestions on some browsers
* (bug 13693) Categories sometimes claim to have a negative number of members
* (bug 1701) Korean Hangul syllables now broken down properly in Category lists
even if the wiki's overall content language is not Korean
* (bug 12773) addOnloadHook() now calls functions immediately when scripts are
loaded after the primary page completion, instead of dropping them
* (bug 14199) Fix deletion form for image redirect pages
* (bug 14220) Disabling $wgCheckFileExtensions now works without also
disabling $wgStrictFileExtensions
* (bug 14241) Pages can no longer be protected to levels you are not in
* (bug 14296) Fix local name of ang: (Anglo-Saxon)
* (bug 4871) Hardcoded superscript in time zone preferences moved to message
* (bug 6957) E-mail confirmation links now using English special page name
for better compatibility and keeping the links shorter. Avoids problem
with corrupt links in Gmail on IE 6.
* (bug 14273) Fix for HTTP Accept header parsing with spaces as from Konqueror
* (bug 14312) Update LanguageKaa.php for handling transform issues with i to İ
and I to ı
* (bug 13826) MediaWiki:Defaultns accepts Wikicode
* (bug 14324) Creating an account is again possible with $wgEmailConfirmToEdit
set to true
* (bug 13034) Interwiki pages can now be reached using Go search button
* (bug 14362) Change interwiki names of Erzya and Moksha Wikipedias
* (bug 14370) When a grouppage-x message does not exist the entry on the
ListGroupRights special page now links to the project namespace page for it,
not the main namespace page.
* (bug 11659) Urldecode image names in galleries
* (bug 14258, 14368) Fix for subpage renames in replication environments
* (bug 14367) Failed block no longer adds phantom watchlist entry
* (bug 14385) "Move subpages" option no longer tries to move to invalid titles
* (bug 14386) Fix subpage namespace oddity when moving a talk page
* (bug 11771) Signup form now not shown if in read-only mode.
* (bug 12859) $wgRateLimitsExcludedGroups has been deprecated in favor of
$wgGroupPermissions[]['noratelimit'].
* (Bug 13828) Split parameter $1 of MediaWiki:Missingarticle into $1 (=title)
and $2 (=revision numbers)
* (bug 14401) Fix Safari access key tooltips for Windows and >3.1 Mac versions
* (bug 14432) Fix notice regression in Special:Newpages feed mode
* (bug 11951) EditPage::getEditToolbar() is now static.
* (bug 14392) Fix regression breaking table prefix in installer
* (bug 11084) $wgDBprefix replacement for updater SQL will now work for
extension tables using uppercase letters or digits in their names.
* (bug 12311) Fix regression with lists at start of undeletion preview
* (bug 14496) Fix regression with parseinline on Special:Upload.
* We no longer just give up on a missing upload base directory; it's now
created automatically if we have sufficient permissions!
* (bug 14479) MediaWiki:upload-maxfilesize should have a div id wrapper
* (bug 14497) Throw visible errors in installer scripts when SQL files
fail due to database permission or other error
* (bug 14500) Site feed (Recentchanges) no longer shows up on the actual
recent changes page.
* (bug 14511) MediaWiki:Delete-legend is no longer double escaped
* Generate correct section anchors for numeric headers
* (bug 14520) Don't load nonexistent CSS files for Chick/Myskin/Simple skins
* (bug 14551) Cancel upload no longer automatically suppresses warnings
* (bug 13878) Deprecate Article::getDB() in favor of direct wfGetDB() calls
* (bug 4977) Fix for possible squid purging errors when using HTTP purges
and multiple servers
* (bug 14572) Redirects listed on file links on image pages no longer redirect.
* (bug 14537) Change interwiki name for Old Church Slavonic (cu)
* (bug 14583) Fix regression in recent changes "limit to certain categories."
* (bug 14515) HTML nesting cleanup on edit form
* (bug 14647) Removed unused 'townBox' CSS classes
* (bug 14687) OutputPage::addStyle() now adds type="text/css" like it should.
* OpenSearch cleanup; Firefox now sends you to the search page for empty
searches instead of the domain root (which may not even be a wiki).
* (bug 3481) Pages moved shortly after creation are shown at their new title
on Special:Newpages.
* (bug 12716) Trying to unprotect a title that isn't protected no longer
generates a log entry.
* (bug 14088) Excessively long block expiry times are rejected as invalid,
keeps the log page from being distorted.
* (bug 14708) Emulate INSERT...IGNORE with standard SQL for Postgres backend.
* (bug 14646) Fix some double-escaping of HTML in feed output
* (bug 14709) Fix login success message formatting when using cookie check
* (bug 14710) Remove "donate" link from default sidebar
* (bug 14745) Image moving works on sites that transform thumbnails via 404
* (bug 2186) Document.write() in wikibits caused failures when using
application/xhtml+xml. The calls to this have been removed.
* (bug 14764) Fix regression in from Article::lastModified(), failed to work
on non-mySQL schemas.
* (bug 14763) Child classes of Database (DatabasePostgres and DatabaseOracle)
had strict standards issues with setFakeSlaveLag() and setFakeMaster().
* (bug 451) Improve the phrase mappings of the Chinese converter arrays.
* (bug 12487) Rights log is not fully internationalized
* (bug 10837) Language variants no longer override other languages than base
* (bug 14778) 'limit' parameter now applies to history feeds as well as
history pages
* (bug 14845) Bug in prefs javascript: Calling an array item without checking
its existance.
* Accesskeys for minor edit/watch checkboxes on edit now work in Firefox 3
* (bug 12384) Comments in maintenance/*php
* (bug 12441) ./maintenance/generateSitemap.php fix -fspath requiring
a trailing slash.
* (bug 12568) configuration script now produce valid XHTML.
* The accesskey to edit a page is now disabled when editing the page, to pre-
vent conflicts with Safari shortcuts.
=== API changes in 1.13 ===
* Fixing main page display in meta=siteinfo
* (bug 13128) Added patrolled flag to list=recentchanges
* Implemented {bl,ei,iu}redirect (lists links through redirects as well)
* (bug 13154) Introduced subpages flag to meta=siteinfo&siprop=namespaces
* (bug 13157) Added ucuserprefix parameter to list=usercontribs
* (bug 12394) Added rctitles parameter to list=recentchanges, making rcid
retrieval easier
* (bug 13218) Fix inclusion of " character in hyperlinks
* Added watch and unwatch parameters to action=delete and action=move
* Added action=edit
* (bug 11401) Added xmldoublequote to xml formatter
* Added rvsection parameter to prop=revisions to allow fetching the content of
a certain section only
* Introduced list=allimages
* (bug 13371) Build page set from image hashes
* Mark non-existent messages in meta=allmessages as missing
* (bug 13390) One invalid title no longer kills an entire API query
* (bug 13419) Fix gblredirect so it actually works
* (bug 13418) Disable eiredirect because it's useless
* (bug 13395) list=allcategories should use category table
* (bug 13442) Missing pages in prop=langlinks and prop=extlinks are now
handled properly.
* (bug 13444) Add description to list=watchlist
* (bug 13482) Disabled search types handled properly
* Added inprop=talkid,subjectid to prop=info
* Added help text message that specifies whether a module is POST-only
* Added createonly parameter to action=edit
* Replaced $wgAPIUCUserPrefixMinLength by the more generic $wgAPIMaxDBRows
* (bug 11719) Remove trailing blanks in YAML output.
* (bug 13541) Added siprop=specialpagealiases to meta=siteinfo
* Added fallback8bitEncoding and readonly fields to
meta=siteinfo&siprop=general output
* (bug 13544) Added prop=revid to action=parse
* (bug 13603) Added siprop=usergroups to meta=siteinfo
* Cleaned up redirect resolution
* Added possibility to obtain all external links through list=exturlusage
* (bug 13606) Added archivename to iiprop
* (bug 11633) Explicitly convert redirect titles to strings due to PHP's
very weak typing on array keys.
* (bug 12136) Extend allowed characters in JSON callback to ][.'"_A-Za-z0-9
* (bug 11673) Return error 'unknown_action' in specified format
* (bug 13618) Added rcprop=redirect and rcshow=redirect to list=recentchanges
* (bug 13544) Added oldid parameter to action=parse to allow for parsing of old
revisions
* (bug 13718) Return the proper continue parameter for cmsort=timestamp
* action=login now returns the correct waiting time in the details property
* (bug 13792) Broken titles are now silently skipped in search results.
* (bug 13819) exturlusage paging skipped an item
* Fixed handling of usernames containing spaces in list=block
* (bug 13836) Fixed fatal errors resulting from combining iiprop=metadata with
format=xml
* (bug 13735) Added prop=categoryinfo module
* (bug 13945) Retrieve cascading protection sources via inprop=protection
* (bug 13965) Hardcoded 51 limit on titles is too limiting
* (bug 13993) apfrom doesn't work with apdir=descending
* (bug 14018) Introduced alcontinue to list=alllinks to improve paging
* (bug 14013) Added rcshow=patrolled to list=recentchanges
* (bug 14028) Added language attribute to interwiki map in meta=siteinfo
* (bug 14022) Added usprop=registration and auprop=blockinfo
* (bug 14021) Removed titles= support from list=backlinks (has been obsolete
for ages)
* (bug 13829) Expose parse tree via action=expandtemplates
* (bug 13606) Allow deletion of images
* Added iiprop=mime and aiprop=metadata
* Handled unrecognized values for parameters more gracefully
* Handled requesting disallowed tokens more gracefully
* (bug 14140) URL-encoded page titles are now decoded in edit summaries
* (bug 14243) Only accept post requests in action=edit; patch by HardDisk
* action=block now returns an ISO8601 timestamp, like all other modules do
* Added md5 parameter to action=edit
* (bug 14335) Logging in to unified account using API not possible
* Added action=emailuser to send an email to a user
* (bug 14471) Use HTMLTidy and generate limit report in action=parse
* (bug 14459) Added prependtext and appendtext parameters to action=edit
* (bug 14526) Unescaped SQL in list=backlinks
* Added 'hidden' flag to list=allcategories and prop=categoryinfo output
* Added nocreate parameter to action=edit
* (bug 14402) Added maxage and smaxage parameters to api.php
* Added bkip parameter to list=blocks
* (bug 14651) apprefix and similar parameters are now canonicalized
* Added clprop=timestamp to prop=categories
* (bug 14678) API errors now respects $wgShowExceptionDetails and
$wgShowSQLErrors
* (bug 14723) Added time zone and writing direction to meta=siteinfo
* Added APIQueryInfoTokens and APIQueryRevisionsTokens hooks so extensions
can add their own tokens
* Added block and unblock tokens to prop=info as well
* Added paging (limit and continue parameters) to
prop={links,templatelinks,langlinks,extlinks,categories,images}
* Added flag "top" to list=usercontribs if the user is the last contributor to
the page
* list=exturlusage in "list all links" mode can now filter by protocol
== MediaWiki 1.12 ==
== MediaWiki 1.12.4 ==
February 7, 2009
A number of cross-site scripting (XSS) security vulnerabilities were discovered
in the web-based installer (config/index.php). These vulnerabilities all
require a live installer -- once the installer has been used to install a wiki,
it is deactivated.
Note that cross-site scripting vulnerabilities can be used to attack any
website in the same cookie domain. So if you have an uninstalled copy of
MediaWiki on the same site as an active web service, MediaWiki could be used to
attack the active service.
If you are hosting an old copy of MediaWiki that you have never installed, you
are advised to remove it from the web.
== MediaWiki 1.12.3 ==
* Fixed packaging/distribution error. Many files were missing from the
distributed tarball.
== MediaWiki 1.12.2 ==
David Remahl of Apple's Product Security team has identified a number of
security issues in previous releases of MediaWiki. Subsequent analysis by the
MediaWiki development team expanded the scope of these vulnerabilities. The
issues with a significant impact are as follows:
* A local script injection vulnerability affecting Internet Explorer clients
for all MediaWiki installations with uploads enabled. [CVE-2008-5250]
* A local script injection vulnerability affecting clients with SVG scripting
capability (such as Firefox 1.5+), for all MediaWiki installations with SVG
uploads enabled. [CVE-2008-5250]
* A CSRF vulnerability affecting the Special:Import feature, for all MediaWiki
installations since the feature was introduced in 1.3.0. [CVE-2008-5252]
A local script injection vulnerability allows an attacker with a wiki account
to steal another user's login session, and to act as that user on the wiki. The
attacker uploads a malicious script file, and tricks the victim into executing
it.
CSRF vulnerabilities allow an attacker to act as an authorised user on the
wiki, but unlike an XSS vulnerability, the attacker can only act as the user in
a specific and restricted way. The present CSRF vulnerability allows pages to
be edited, with forged revision histories. Like an XSS vulnerability, the
authorised user must visit the malicious web page to activate the attack.
These three vulnerabilities are all fixed in this release.
David Remahl also reminded us of some security-related configuration issues:
* By default, MediaWiki stores a backup of deleted images in the images/deleted
directory. If you do not want these images to be publically accessible, make
sure this directory is not accessible from the web. MediaWiki takes some steps
to avoid leaking these images, but these measures are not perfect.
* Set display_errors=off in your php.ini to avoid path disclosure via PHP fatal
errors. This is the default on most shared web hosts.
* Enabling MediaWiki's debugging features, such as $wgShowExceptionDetails, may
lead to path disclosure.
Other changes in this release:
* Avoid fatal error in profileinfo.php when not configured.
* Add a .htaccess to deleted images directory for additional protection against
exposure of deleted files with known SHA-1 hashes on default installations.
* Avoid streaming uploaded files to the user via index.php. This allows
security-conscious users to serve uploaded files via a different domain, and
thus client-side scripts executed from that domain cannot access the login
cookies. Affects Special:Undelete, img_auth.php and thumb.php.
* When streaming files via index.php, use the MIME type detected from the file
extension, not from the data. This reduces the XSS attack surface.
* Blacklist redirects via Special:Filepath. Such redirects exacerbate any XSS
vulnerabilities involving uploads of files containing scripts.
* Internationalisation updates.
== MediaWiki 1.12.1 ==
Changes since 1.12.0:
* (bug [[bugzilla:13522|13522]]) Fix fatal error in Parser::extractTagsAndParams
* (bug [[bugzilla:12077|12077]]) Fix HTML nesting for TOC
* (bug [[bugzilla:13532|13532]]) Use proper timestamp call when reverting images
* (bug [[bugzilla:13649|13649]], [[bugzilla:14084|14084]]) Bad call to
wfTimestamp()
* (bug [[bugzilla:13770|13770]]) Use Preprocessor_Hash by default to avoid
missing DOM module errors
* (bug [[bugzilla:13442|13442]]) API: Missing pages in prop=langlinks and
prop=extlinks are now handled properly.
* (bug [[bugzilla:13482|13482]]) API: Disabled search types handled properly
* (bug [[bugzilla:13836|13836]]) API: Fixed fatal errors resulting from
combining iiprop=metadata with format=xml
* (bug [[bugzilla:11633|11633]]) API: Explicitly convert redirect titles to
strings due to PHP's very weak typing on array keys.
* API: Fixing main page display in meta=siteinfo
* (bug [[bugzilla:11719|11719]]) API: Remove trailing blanks in YAML output.
* (bug [[bugzilla:13718|13718]]) API: Return the proper continue parameter for
cmsort=timestamp
* Security: Work around misconfiguration by requiring strict comparisons for
in_array in User::isAllowed().
* Security: Fixed XSS vulnerability in useskin parameter.
== MediaWiki 1.12.0 ==
This is the quarterly branch release of [[MediaWiki]] for Winter 2008.
MediaWiki is now using a "continuous integration" development model with
quarterly snapshot releases. The latest development code is always kept "ready
to run", and in fact runs our own sites on [[wikipedia:|Wikipedia]].
Release branches will continue to receive security updates for about a year
from first release, but nonessential bugfixes and feature developments will be
made on the development trunk and appear in the next quarterly release.
Those wishing to use the latest code instead of a branch release can obtain it
from source control: [[Download from SVN]].
Changes since 1.12.0rc1:
*(bug [[bugzilla:13359|13359]]) Double-escaping in [[Special:Allpages]].
*Localization updates.
== MediaWiki 1.12.0rc1 ==
This is a release candidate of the Winter 2008 quarterly snapshot release of
[[MediaWiki]].
MediaWiki is now using a "continuous integration" development model with
quarterly snapshot releases. The latest development code is always kept "ready
to run", and in fact runs our own sites on [[wikipedia:|Wikipedia]].
Release branches will continue to receive security updates for about a year
from first release, but nonessential bugfixes and feature developments will be
made on the development trunk and appear in the next quarterly release.
Those wishing to use the latest code instead of a branch release can obtain it
from source control: [[Download from SVN]].
This is the Winter 2007 quarterly release.
MediaWiki is now using a "continuous integration" development model with
quarterly snapshot releases. The latest development code is always kept
"ready to run", and in fact runs our own sites on Wikipedia.
Release branches will continue to receive security updates for about a year
from first release, but nonessential bugfixes and feature developments
will be made on the development trunk and appear in the next quarterly release.
Those wishing to use the latest code instead of a branch release can obtain
it from source control: https://www.mediawiki.org/wiki/Download_from_SVN
=== Configuration changes in 1.12 ===
* Marking edits as bot edits with Special:Contributions?bot=1 now requires the
markbotedit permission, rather than the rollback permission previously used.
This permission is assigned by default to the sysop group.
* MediaWiki now checks if serialized files are out of date. New configuration
variable $wgCheckSerialized can be set to false to enable old behavior (i.e.
to not check and assume they are always up to date)
* The rollback permission can now be rate-limited using the normal mechanism.
* New configuration variable $wgExtraLanguageNames
* Behavior of $wgAddGroups and $wgRemoveGroups changed. New behavior:
* * Granting the userrights privilege allows arbitrary changing of rights.
* * Without the userrights privilege, a user will be able to add and/or
remove the groups specified in $wgAddGroups and $wgRemoveGroups for
any groups they are in.
* New permission userrights-interwiki for changing user rights on foreign wikis.
* $wgImplicitGroups for groups that are hidden from Special:Listusers, etc.
* $wgAutopromote: automatically promote users who match specified criteria
* $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf: allow users to add or remove
themselves from specified groups via Special:Userrights.
* When $wgUseTidy has been enabled, PHP's Tidy module is now used if it is
present, in preference to an external Tidy executable which may or may not
be present. To force use of external Tidy even when the PHP module is
available, set $wgTidyInternal to false.
=== New features in 1.12 ===
* (bug 10735) Add a warning for non-descriptive filenames at Special:Upload
* Add {{filepath:}} parser function to get full path to an uploaded file,
complementing {{fullurl:}} for pages.
* (bug 11136) If using Postgres, search path is explicitly set if wgDBmwschema
is not set to 'mediawiki', allowing multiple mediawiki instances per user.
* (bug 11151) Add descriptive <title> to revision history page
* (bug 5412) Add feed links for the site to all pages
* (bug 11353) Add ability to retrieve raw section content via action=raw
* (bug 6909) Show relevant deletion log lines when uploading a previously
deleted file
* On SkinTemplate based skins (like MonoBook), omit confusing "edit"/"view
source" tab entirely if the page doesn't exist and the user isn't allowed to
create it
* Clarify instructions given when an exception is thrown
* AuthPlugin added strictUserAuth() method to allow per-user override
of the strict() authentication behavior.
* (bug 7872) Deleted revisions can now be viewed as diffs showing changes
against the previous revision, whether currently deleted or live.
* Added tooltips for the "Go" and "Search" buttons
* (bug 11649) Show input form when Special:Whatlinkshere has no parameters
* isValidEmailAddr hook added to User method of that name, to allow, e.g., re-
stricting e-mail addresses to a specific domain
* Removed "Clear" link in watchlist editor tools, as people were afraid to
click it. Existing clear links will fall back to the raw editor, which is
very easy to clear your watchlist with.
* (bug 1405) Add wgUseNPPatrol option to control patroling for new articles
on Special:Newpages
* LogLine hook added to allow formatting custom entries in Special:Log.
* Support for Iranian calendar
* (bug 1401) Allow hiding logged-in users, bots and patrolled pages on
Special:Newpages
* ChangesListInsertArticleLink hook added for adding extra article info to RC.
* MediaWikiPerformAction hook added for diverting control after the main
globals have been set up but before any actions have been taken.
* BeforeWatchlist hook added for filtering or replacing watchlist.
* SkinTemplateTabAction hook added for altering the properties of tab links.
* OutputPage::getRedirect public method added.
* (bug 11848, 12506) Allow URL parameters 'section', 'editintro' and 'preload'
in Special:Mypage and Special:Mytalk
* Add ot=raw to Special:Allmessages
* Support for Hebrew calendar
* Support for Hebrew numerals in dates and times
* (bug 11315) Signatures can be configured in [[MediaWiki:Signature]] and
[[MediaWiki:Signature-anon]]
* Signatures for anonymous users link to Special:Contributions page rather than
user page
* Added --override switch for disabled pages in updateSpecialPages.php
* Provide a unique message (ipb_blocked_as_range) if unblock of a single IP
fails
because it is part of a blocked range.
* (bug 3973) Use a separate message for the email content when an account is
created by another user
* dumpTextPass.php can spawn fetchText.php as a subprocess, which should restart
cleanly if database connections fail unpleasantly.
* (bug 12028) Add Special:Listbots as shortcut for Special:Listusers/bot
* (bug 9633) Add a predefined list of delete reasons to the deletion form
* Show a warning message when creating/editing a user (talk) page but the user
does not exists
* (bug 8396) Ignore out-of-date serialised message caches
* (bug 12195) Undeleting pages now requires 'undelete' permission
* (bug 11810) Localize displayed semicolons
* (bug 11657) Support for Thai solar calendar
* (bug 943) RSS feed for Recentchangeslinked
* Introduced AbortMove hook
* (bug 2919) Protection of nonexistent pages with regular protection interface.
* Special:Upload now lists permitted/prohibited file extensions.
* Split ambiguous filetype-badtype message into two new messages,
filetype-unwanted-type and filetype-banned-type.
* Added link to the old title in Special:Movepage
* On Special:Movepage, errors are now more noticeable.
* It is now possible to change rights on other local wikis without the MakeSysop
extension
* Add HTML ID's mw-read-only-warning and mw-anon-edit-warning to warnings when
editing to allow CSS styling.
* Parser now returns list of sections
* When a user is prohibited from creating a page, a title of "View source"
makes no sense, and there should be no "Return to [[Page]]" link.
* (bug 12486) Protected titles now give a warning for privileged editors.
* (bug 9939) Special:Search now sets focus to search input box when no existing
search is active
* For Special:Userrights, use GET instead of POST to search for users.
* Allow subpage syntax for Special:Userrights, i.e., Special:Userrights/Name.
* When submitting changes on Special:Userrights, show the full form again, not
just the search box.
* Added exception hooks
* (bug 12574) Allow bots to specify whether an edit should be marked as a bot
edit, via the parameter 'bot'. (Default: '1')
* (bug 12536) User should be able to get MediaWiki version from any page
* (bug 12622) A JavaScript constant to declare whether api.php is available
* Add caching to the AJAX search
* Add APCOND_INGROUPS
* Add DBA caching to installer
* (bug 12585) Added a bunch of parameters to the revertpage message
* Support redirects in image namespace
* (bug 10049) Prefix index search and namespaces in Special:Withoutinterwiki
* (bug 12668) Support for custom iPhone bookmark icon via $wgAppleTouchIcon
* Add option to include templates in Special:Export.
* (bug 12655) Added $wgUserEmailUseReplyTo config option to put sender
address in Reply-To instead of From for user-to-user emails.
This protects against SPF problems and privacy-leaking bounce messages
when using mailers that set the envelope sender to the From header value.
* (bug 11897) Add alias [[Special:CreateAccount]] & [[Special:Userlogin/signup]]
for Special:Userlogin?type=signup
* (bug 12214) Add a predefined list of delete reasons to the file deletion form
* Merged backends for OpenSearch suggestions and AJAX search.
Both now accept namespace prefixes, handle 'Media:' and 'Special:' pages,
and reject interwiki prefixes. PrefixSearch class centralizes this code,
and the backend part can be overridden by the PrefixSearchBackend hook.
* (bug 10365) Localization of Special:Version
* When installing using Postgres, the Pl/Pgsql language is now checked for
and installed when at the superuser level.
* The default robot policy for the entire wiki is now configurable via the
$wgDefaultRobotPolicy setting.
* (bug 12239) Use different separators for autocomments
* (bug 12857) Patrol link on new pages should clear floats
* (bug 12968) Render redirect wikilinks in a redirect class for customization
via user/site CSS.
* EditPageBeforeEditButtons hook added for altering the edit buttons below the
edit box
=== Bug fixes in 1.12 ===
* Subpages are now indexed for searching properly when using PostgreSQL
* (bug 3846) Suppress warnings from, e.g. open_basedir when scanning for
ImageMagick, diff3 et al. during installation [patch by Jan Reininghaus]
* (bug 7027) Shift handling of deletion permissions-checking to
getUserPermissionsErrors.
* Login and signup forms are now more correct for right-to-left languages.
* (bug 5387) Block log items on RecentChanges don't make use of possible
translations
* (bug 11211) Pass, as a parameter to the protectedpagetext interface
message, the level of protection.
* (bug 9611) Supply the blocker and reason for the cantcreateaccounttext
message.
* (bug 8759) Fixed bug where rollback was allowed on protected pages for wikis
where rollback is given to non-sysops.
* (bug 8834) Split off permission for editing user JavaScript and CSS from
editinterface to a new permission key editusercssjs.
* (bug 11266) Set fallback language for Fulfulde (ff) to French
* (bug 11179) Include image version deletion comment in public log
* Fixed notice when accessing special page without read permission and whitelist
is not defined
* (bug 9252) Fix for tidy funkiness when using editintro mode
* (bug 4021) Fix for MySQL wildcard search
* (bug 10699) Fix for MySQL phrase search
* (bug 11321) Fix width of gallerybox when option "width=xxx" is used
* (bug 7890) Special:BrokenRedirects links deleted redirects to a non-existent
page
* Fix initial statistics when installing: add correct values
* (bug 11342) Fix several 'returnto' links in permissions/error pages which
linked to the main page instead of targetted page
* Strike the link to the redirect rather than using an asterisk in
Special:Listredirects
* (bug 11355) Fix false positives in Safe Mode and other config detection
when boolean settings are disabled with 'Off' via php_admin_value/php_value
* (bug 11292) Fixed unserialize errors with Postgres by creating special Blob
object.
* (bug 11363) Make all metadata fields bytea when using Postgres.
* (bug 11331) Add buildConcat() and use CASE not IF for DB compatibility. Make
oldimage cascade delete via image table for Postgres, change fa_storage_key
TEXT.
* (bug 11438) Live Preview chops returned text
* Show the right message on account creation when the user is blocked
* (bug 11450) Fix creation of objectcache table on upgrade
* Fix namespace selection after submit of Special:Newpages
* Make input form of Special:Newpages nicer for RTL wikis
* (bug 11462) Fix typo in LanguageGetSpecialPageAliases hook name
* (bug 11474) Fix unintentional fall-through in math error handling
* (bug 11478) Fix undefined method call in file deletion interface
* (bug 278) Search results no longer highlight incorrect partial word matches
* Compatibility with incorrectly detected old-style DJVU mime types
* (bug 11560) Fix broken HTML output from weird link nesting in edit comments.
Nested links (as in image caption text) still don't work _right_ but they're
less wrong
* (bug 9718) Remove unnecessary css from main.css causing spacing issues on
some browsers.
* (bug 11574) Add an interface message loginstart, which, similarly to loginend,
appears just before the login form. Patch by MinuteElectron.
* Do not cache category pages if using 'from' or 'until'
* Created new hook getUserPermissionsErrors, to go with userCan changes.
* Diff pages did not properly display css/js pages.
* (bug 11620) Add call to User::isValidEmailAddr during accout creation.
* (bug 11629) If $wgEmailConfirmToEdit is true, require people to supply an
email address when registering.
* (bug 11612) Days to show in recent changes cannot be larger than 7
* (bug 11131) Change filearchive width/height columns to int for Postgres
* Support plural in undeleted{revisions,revisions-files,files}
* (bug 11343) If the database is read-only, ensure that undelete fails.
* (bug 11690) Show revert link for page moves in Special:Log to allowed users
only
* Initial-lowercase prefix checks in namespaceDupes.php now actually work.
* Fix regression in LinkBatch.php breaking PHP 5.0
* (bug 11452) wfMsgExt uses sometimes wrong language object for parsing magic
words when called with options ''parsemag'' or ''content''.
* (bug 11727) Support plural in 'historysize' message
* (bug 11744) Incorrect return value from Title::getParentCategories()
* (bug 11762) Fix native language name of Akan (ak)
* (bug 11722) Fix inconsistent case in unprotect tabs
* (bug 11795) Be more paranoid about confirming accept-encoding header is
present
* (bug 11809) Use formatNum() for more numbers
* (bug 11818) Fix native language name of Inuktitut (iu)
* Remove all commas when parsing float numbers in sorted tables
* Limit text field of deletion, protection and user rights changes reasons to
255 characters (already restricted in the database)
* In the deletion default reasons, calculate how much text to get from the
article text, rather than getting 150 characters (which may be too much)
* Add two messages for Special:Blockme which were used but undefined
* (bug 11921) Support plural in message number_of_watching_users_pageview
* If an IP address is blocked as part of a rangeblock, attempting to unblock
the single IP should not unblock the entire range.
* (bug 6695) Fix native language name of Southern Sotho (Sesotho) (st)
* Make action=render follow redirects by default
* If restricted read access was enabled, whitelist didn't work with special
pages which had spaces in theirs names
* If restricted read access was enabled, requests for non-existing special pages
threw an exception
* Feeds for recent changes now provide correct URLs for the change, not just
the page
* Check for if IP is blocked as part of a range when unblocking (see above bug-
fix) was faulty. Now fixed.
* Fixed wpReason URL parameter to action=delete.
* Do not force a password for account creation by email
* Ensure that rate-limiting is applied to rollbacks.
* Make a better rate-limiting error message (i.e. a normal MW error,
rather than an "Internal Server Error").
* Do not present an image bigger than the source when 'frameless' option is used
(to be consistent with the 'thumb' option now)
* Support {{PLURAL}} for import log
* Make sure that the correct log entries are shown on Special:Userrights even
for users with special characters in their names
* The number of watching users in watchlists was always reported as 1
* namespaceDupes.php no longer dies when coming across an illegal title
* (bug 12143) Do not show a link to patrol new pages for non existent pages
* (bug 12166) Fix XHTML validity for Special:Emailuser
* (bug 11346) Users who cannot edit a page can now no longer unprotect it.
* (bug 451) Add a generic Traditional / Simplified Chinese conversion table,
instead of a Traditional conversion with Taiwan variant, and a Simplified
conversion with China variant.
* (bug 12178) Fix wpReason parameter to action=delete, again.
* Graceful behavior for updateRestrictions.php if a page already has records
in the page_restrictions matching its old page_restrictions field.
May help with odd upgrade issues or race condition.
* (bug 11993) Remove contentsub "revision history"
* (bug 11952) Ensure we quote_ident() all schema names as needed
inside of the DatabasePostgres.php file.
* (bug 12184) Exceptions now sent to stderr instead of stdout for command-line
scripts, making for cleaner reporting during batch jobs. PHP errors will also
be redirected in most cases on PHP 5.2.4 and later, switching 'display_errors'
to 'stderr' at runtime.
* (bug 12148) Text highlight wasn't applied to cleanly deleted and added
lines in diff output
* (bug 10166) Fix a PHP warning in Language::getMagic
* Only mark rollback edits as minor if the user can normally mark edits minor
* Escape page names in the move successful page (e.g. for pages with two
apostrophes).
* (bug 12145) Add localized names of kk-variants
* (bug 12259) Localize the numbers in deleted pages on the sysop view
* Set proper page title for successful file deletion
* (bug 11221) Do not show 'Compare selected versions' button for a history page
with one revision only
* (bug 12267) Set the default date format to Thai solar calender for the Thai
language
* (bug 10184) Extensions' stylesheets and scripts should be loaded before
user-customized ones (like Common.css, Common.js)
* (bug 12283) Special:Newpages forgets parameters
* (bug 12031) All namespaces doesn't work in Special:Newpages
* (bug 585) Only create searchindex replica table for parser tests if db is
MySQL
* Allow --record option if parserTests.php to work when using Postgres
* (bug 12296) Simplify cache epoch in default LocalSettings.php
* (bug 12346) XML fix when body double-click and click handlers are present
* Fix regression -- missing feed links in sidebar on Special:Recentchanges
* (bug 12371) Handle more namespace case variants in namespaceDupes.php
* (bug 12380) Bot-friendly EditPage::spamPage
* (bug 8066) Spaces can't be entered in special page aliases
* Hide undo link if user can't edit article
* (bug 12416) Fix password setting for createAndPromote.php
* (bug 3097) Inconsistently usable titles containing HTML character entities
are now forbidden. A run of cleanupTitles.php will fix up existing pages.
* (bug 12446) Permissions check fix for undelete link
* (bug 12451) AJAX title normalization tweaks
* When a user creating a page is not allowed to either create the page nor edit
it, all applicable reasons are now shown.
* (bug 11428) Allow $wgScript inside $wgArticlePath when emulating PATH_INFO
Fixes 'root'-style rewrite configurations
* (bug 12493) Removed hardcoded MAX_FILE_SIZE from Special:Import upload form
* (bug 12489) Special:Userrights listed in restricted section again
* (bug 12553) Fixed invalid XHTML in edit conflict screen
* (bug 12505) Fixed section=0 with action=raw
* (bug 12614) Do not log user rights change that didn't change anything
* (bug 12584) Don't reset cl_timestamp when auto-updating sort key on move
* (bug 12588) Fix selection in namespace selector on Special:Newpages
* Use only default options when generating RSS and Atom syndication links.
This should help prevent infinite link loops that some software may follow,
and will generally keep feed behavior cleaner.
* (bug 12608) Unifying the spelling of getDBkey() in the code.
* (bug 12611) Bot flag ignored in recent changes
* (bug 12617) Decimal and thousands separators for Romanian
* (bug 12567) Fix for misformatted read-only messages on edit, protect.
Also added proper read-only checks to several special pages.
Have removed read-only checks from the general user permission framework.
* Creating a site with a name containing '#' is no longer permitted, since the
name will not work (but $wgSiteName is not checked if manually set).
* (bug 12695) Suppress dvips verbiage from web server error log
* (bug 12716) Unprotecting a non-protected page leaves a log entry
* Log username blocks with canonical form of name instead of input form
* (bug 11593, 12719) Fixes for overzealous invocation of thumb.php.
Non-image handlers and full-size images may now decline it, fixing
mystery failures when using $wgThumbnailScriptPath.
* (bug 12327) Comma in username no longer disrupts mail headers
* (bug 6436) Localization of Special:Import XML parser Error message(s).
* Security fix for API on MSIE
* (bug 12768) Database query syntax error in maintenance/storage/compressOld.inc
* (bug 12753) Empty captions in MediaWiki:Sidebar result in PHP errors
* (bug 12790) Page protection is not logged when edit-protection is used
and move-protection is not
* (bug 12793) Fix for restricted namespaces/pages in Special:Export
* Fix for Special:Export so it doesn't ignore the page named '0'
* Don't display rollback link if the user doesn't have all required permissions
* The comment of a time-limited protection now contains the date in the default
format
* (bug 12880) wfLoadExtensionMessages does not use $fallback from MessagesXx.php
* (bug 12885) Correction for Russian convertPlural function
* (bug 12768) Make DatabasePostgres->hasContraint() schema aware.
* (bug 12735) Truncate usernames in comments using mb_ functions.
* (bug 12892) Poor tab indexing on "delete file" form
* (bug 12660) When creating an account by e-mail, do not send the creator's IP
address
* (bug 12931) Fix wrong global variable in SpecialVersion
* (bug 12919) Use 'deletedrevision' message as content when deleting an old file
version
* (bug 12952) Using Nosuchusershort instead of Nosuchuser when account creation
is disabled
* (bug 12869) Magnify icon alignment should be adjusted using linked CSS
* Fixing message cache updates for MediaWiki messages moves
* (bug 12815) Signature timestamps were always in UTC, even if the timezone code
in parentheses after them claimed otherwise
* (bug 12732) Fix installer and searching to handle built-in tsearch2 for
Postgres.
* (bug 12784) Change "bool" types to smallint to handle Postgres 8.3 strictness.
* (bug 12301) Allow maintenance/findhooks.php to search hooks in multiple
directories.
* (bug 7681, 11559) Cookie values no longer override GET and POST variables.
* (bug 5262) Fully-qualified $wgStylePath no longer corrupted on XML feeds
* (bug 3269) Inaccessible titles ending in '/.' or '/..' now forbidden.
* (bug 12935, 12981) Fully-qualify archive URLs in delete, revert messages
* (bug 12938) Fix template expansion and 404 returns for action=raw with section
* (bug 11567) Fix error checking for PEAR::Mail. UserMailer::send() now returns
true-or-WikiError, which seems to be the calling convention expected by half
its callers already
* (bug 12846) IE rtl.css issue in RTL wikis special:Preferences when selecting
an LTR user language
* (bug 13005) DISPLAYTITLE does not work on preview
* (bug 13004) Fix error on Postgres searches that return too many results.
== Parser changes in 1.12 ==
For help with migration to the MediaWiki 1.12 parser, please visit:
http://meta.wikimedia.org/wiki/Migration_to_the_new_preprocessor
The parser pass order has changed from
* Extension tag strip and render
* HTML normalisation and security
* Template expansion
* Main section...
to
* Template and extension tag parse to intermediate representation
* Template expansion and extension rendering
* HTML normalisation and security
* Main section...
The main effect of this for the user is that the rules for uncovered syntax
have changed.
Uncovered main-pass syntax, such as HTML tags, are now generally valid, whereas
previously in some cases they were escaped. For example, you could have "<ta" in
one template, and "ble>" in another template, and put them together to make a
valid <table> tag. Previously the result would have been "<table>".
Uncovered preprocessor syntax is generally not recognised. For example, if you
have "{{a" in Template:A and "b}}" in Template:B, then "{{a}}{{b}}" will be
converted to a literal "{{ab}}" rather than the contents of Template:Ab. This
was the case previously in HTML output mode, and is now uniformly the case in
the other modes as well. HTML-style comments uncovered by template expansion
will not be recognised by the preprocessor and hence will not prevent template
expansion within them, but they will be stripped by the following HTML security
pass.
Bug 5678 has been fixed. This has a number of user-visible effects related to
the removal of this double-parse. Please see the wiki page for examples.
Message transformation mode has been removed, and replaced with "preprocess"
mode. This means that some MediaWiki namespace messages may need to be updated,
especially ones which took advantage of the terribly counterintuitive behavior
of the former message mode.
The header identification routines for section edit and for numbering section
edit links have been merged. This removes a significant failure mode and fixes a
whole category of bugs (tracked by bug #4899). Wikitext headings uncovered by
template expansion will still be rendered into a heading tag, and will get an
entry in the TOC, but will not have a section edit link. HTML-style headings
will also not have a section edit link. Valid wikitext headings present in the
template source text will get a template section edit link. This is a major
break from previous behavior, but I believe the effects are almost entirely
beneficial.
The main motivation for making these changes was performance. The new two-pass
preprocessor can skip "dead branches" in template expansion, such as unfollowed
#switch cases and unused defaults for template arguments. This provides a
significant performance improvement in template-heavy test cases taken from
Wikipedia. Parser function hooks can participate in this performance improvement
by using the new SFH_OBJECT_ARGS flag during registration.
The pre-expand include size limit has been removed, since there's no efficient
way to calculate such a figure, and it would now be meaningless for performance
anyway. The "preprocessor node count" takes its place, with a generous default
limit.
The context in which XML-style extension tags are called has changed, so
extensions which make use of the parser state may need compatibility changes.
The new preprocessor syntax has been documented in Backus-Naur Form at:
https://www.mediawiki.org/wiki/Preprocessor_ABNF
The ExpandTemplates extension now has the ability to generate an XML parse
tree from wikitext source. This parse tree corresponds closely to the grammar
documented on that page.
=== API changes in 1.12 ===
Full API documentation is available at https://www.mediawiki.org/wiki/API
* (bug 11275) Enable descending sort in categorymembers
* (bug 11308) Allow the API to output the image metadata
* (bug 11296) Temporary fix for escaping of ampersands inside links in
pretty-printed
help document.
* (bug 11405) Expand templates implementation in the API
* (bug 11218) Add option to feedwatchlist to display multiple revisions for each
page.
* (bug 11404) Provide name of exception caught in error code field of internal
api error messages.
* (bug 11534) rvendid doesn't work
* Fixed rvlimit of the revisions query to only enforce the lower query limit if
revision content is requested.
* Include svn revision number (if install is checked-out from svn) in siteinfo
query.
* (bug 11173) Allow limited wikicode rendering via api.php
* (bug 11572) API should provide interface for expanding templates
* (bug 11569) Login should return the cookie prefix
* (bug 11632) Breaking change: Specify the type of a change in the recentchanges
list as 'edit', 'new', 'log' instead of 0, 1, 2, respectively.
* Compatibility fix for PHP 5.0.x.
* Add rctype parameter to list=recentchanges that filters by type
* Add apprtype and apprlevel parameters to filter list=allpages by protection
types and levels
* Add apdir parameter to enable listing all pages from Z to A
* (bug 11721) Use a different title for results than for the help page.
* (bug 11562) Added a user_registration parameter/field to the list=allusers
query.
* (bug 11588) Preserve document structure for empty dataset in backlinks query.
* Outputting list of all user preferences rather than having to request them by
name
* (bug 11206) api.php should honor maxlag
* Make prop=info check for restrictions in the old format too.
* Add apihighlimits permission, default for sysops and bots
* Add limit=max to use maximal limit
* Add action=parse to render parser output. Use it instead of action=render
which has been removed
* Add rvtoken=rollback to prop=revisions
* Add meta=allmessages to get messages from site's messages cache.
* Use bold and italics highlighting only in API help
* Added action={block,delete,move,protect,rollback,unblock,undelete} and
list={blocks,deletedrevs}
* Fixed sessionid attribute in action=login
* Standardized limits. Revisions and Deletedrevisions formerly using
200 / 10000, now 500 / 5000, in line with other modules.
* Added list=allcategories module
* (bug 12321) API list=blocks reveals private data
* Fix output of wfSajaxSearch
* (bug 12413) meta=userinfo missing <query> tag
* Add list of sections to action=parse output
* Added action=logout
* Added cascade flag to prop=info&inprop=protections
* Added wlshow parameter to list=watchlist, similar to rcshow
(list=recentchanges)
* Added support for image thumbnailing to prop=imageinfo
* action={login,block,delete,move,protect,rollback,unblock,undelete} now must be
POSTed
* prop=imageinfo interface changed: iihistory replaced by iilimit, iistart and
iiend parameters
* Added amlang parameter to meta=allmessages
* Added apfilterlanglinks parameter to list=allpages, replacing
query.php?what=nolanglinks
* (bug 12718) Added action=paraminfo module that provides information about API
modules and their parameters
* Added iiurlwidth and iiurlheight parameters to prop=imageinfo
* Added format=txt and format=dbg, imported from query.php
* Added uiprop=editcount to meta=userinfo
* Added list=users which fetches user information
* Added list=random which fetches a list of random pages
* Added page parameter to action=parse to facilitate parsing of existing pages
* Added uiprop=ratelimits to meta=userinfo
* Added siprop=namespacealiases to meta=siteinfo
* Made multiple values for ucuser possible in list=usercontribs
* (bug 12944) Added cmstart and cmend parameters to list=categorymembers
* Allow queries to have a where range that does not match the range field
== MediaWiki 1.11 ==
== MediaWiki 1.11.2 ==
March 2, 2008
This is a security release of the Fall 2007 snapshot release of MediaWiki.
Possible cross-site information leaks using the callback parameter for
JSON-formatted results in the API are prevented by dropping user credentials.
MediaWiki release versions prior to 1.11 are not vulnerable, as they do not
include the callback feature which allows client-side JavaScript on other sites
to reach API data.
Changes in this release:
* User credentials are dropped for API JSON requests using a callback
* Edit tokens are not reported for API JSON requests using a callback
== MediaWiki 1.11.1 ==
January 23, 2008
This is a security and bugfix release of the Fall 2007 snapshot release of
MediaWiki. A potential XSS injection vector affecting api.php only for
Microsoft Internet Explorer users has been closed.
Changes in this release:
* (bug [[bugzilla:11450|11450]]) Fix creation of objectcache table on upgrade
* (bug [[bugzilla:11462|11462]]) Fix typo in LanguageGetSpecialPageAliases hook
name
* Fix regression in LinkBatch.php breaking PHP 5.0
* Security fix for API on MSIE
To work around the vulnerability without upgrading, you may disable the API if
you don't need it:
:[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;
Not vulnerable versions:
* 1.12 or later
* 1.11 >= 1.11.1
* 1.10 >= 1.10.3
* 1.9 >= 1.9.5
* 1.8 any version (if $wgEnableAPI has been left off)
Vulnerable versions:
* 1.11 <= 1.11.0rc1
* 1.10 <= 1.10.2
* 1.9 <= 1.9.4
* 1.8 any version (if $wgEnableAPI has been switched on)
MediaWiki 1.7 and below are not affected as they do not include the API
functionality, however the BotQuery extension is similarly vulnerable unless
updated to the latest SVN version.
== MediaWiki 1.11.0 ==
September 10, 2007
This is the Fall 2007 snapshot release of MediaWiki.
MediaWiki is now using a "continuous integration" development model with
quarterly snapshot releases. The latest development code is always kept "ready
to run", and in fact runs our own sites on Wikipedia.
Release branches will continue to receive security updates for about a year
from first release, but nonessential bugfixes and feature developments will be
made on the development trunk and appear in the next quarterly release.
Those wishing to use the latest code instead of a branch release can obtain it
from source control: [[Download from SVN]]
This is the Summer 2007 branch release of MediaWiki.
MediaWiki is now using a "continuous integration" development model with
quarterly snapshot releases. The latest development code is always kept
"ready to run", and in fact runs our own sites on Wikipedia.
Release branches will continue to receive security updates for about a year
from first release, but nonessential bugfixes and feature developments
will be made on the development trunk and appear in the next quarterly release.
Those wishing to use the latest code instead of a branch release can obtain
it from source control: https://www.mediawiki.org/wiki/Download_from_SVN
== Changes since 1.11.0rc1 ==
A possible HTML/XSS injection vector in the API pretty-printing mode has been
found and fixed.
The vulnerability may be worked around in an unfixed version by simply
disabling the API interface if it is not in use, by adding this to
[[Manual:LocalSettings.php|LocalSettings.php]]:<br />
<code>[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;</code> <br />
(This is the default setting in 1.8.x.)
Not vulnerable versions:
* 1.11 >= 1.11.0
* 1.10 >= 1.10.2
* 1.9 >= 1.9.4
* 1.8 >= 1.8.5
Vulnerable versions:
* 1.11 <= 1.11.0rc1
* 1.10 <= 1.10.1
* 1.9 <= 1.9.3
* 1.8 <= 1.8.4 (if [[Manual:$wgEnableAPI|$wgEnableAPI]] has been switched on)
MediaWiki 1.7 and below are not affected as they do not include the faulty
function, however the [[Extension:BotQuery|BotQuery extension]] is similarly
vulnerable unless updated to the latest SVN version.
== Configuration changes since 1.10 ==
* $wgThumbUpright - Adjust width of upright images when parameter 'upright' is
used
* $wgAddGroups, $wgRemoveGroups - Finer control over who can assign which
usergroups
* $wgEnotifImpersonal, $wgEnotifUseJobQ - Bulk mail options for large sites
* $wgShowHostnames - Expose server host names through the API and HTML comments
* $wgSaveDeletedFiles has been removed, the feature is now enabled
unconditionally
== New features since 1.10 ==
* (bug 8868) Separate "blocked" message for autoblocks
* Adding expiry of block to block messages
* Links to redirect pages in categories are wrapped in
<span class="redirect-in-category"></span>
* Introduced 'ImageOpenShowImageInlineBefore' hook; see docs/hooks.txt for
more information
* (bug 9628) Show warnings about slave lag on Special:Contributions,
Special:Watchlist
* (bug 8818) Expose "wpDestFile" as parameter $1 to "uploaddisabledtext"
* Introducing new image keyword 'upright' and corresponding variable
$wgThumbUpright. This allows better proportional view of upright images
related to landscape images on a page without nailing the width of upright
images to a fix value which makes views for anon unproportional and user
preferences useless
* (bug 6072) Introducing 'border' keyword to the [[Image:]] syntax
* Introducing 'frameless' keyword to [[Image:]] syntax which respects the
user preferences for image width like 'thumb' but without a frame.
* (bug 7960) Link to "what links here" for each "what links here" entry
* Added support for configuration of an arbitrary number of commons-style
file repositories.
* Added a Content-Disposition header to thumb.php output
* Improved thumb.php error handling
* Display file history on local image description pages of shared images
* Added $wgArticleRobotPolicies
* (bug 10076) Additional parameter $7 added to MediaWiki:Blockedtext
containing, the ip, ip range, or username whose block is affecting the
* (bug 7691) Show relevant lines from the deletion log when re-creating a
previously deleted article
* Added variables 'wgRestrictionEdit' and 'wgRestrictionMove' for JS to header
* (bug 9898) Allow viewing all namespaces in Special:Newpages
* (bug 10139) Introduce 'EditSectionLink' and 'EditSectionLinkForOther' hooks;
see docs/hooks.txt for details
* (bug 9769) Provide "watch this page" toggle on protection form
* (bug 9886) Provide clear example "stub link" in Special:Preferences
* (bug 10055) Populate email address and real name properties of User objects
passed to the 'AbortNewAccount' hook
* Show result of Special:Booksources in wiki content language always, it's
normally better maintained than the generic list from the standard message
files
* (bug 7997) Allow users to be blocked from using Special:Emailuser
* (bug 8989) Blacklist 'mhtml' and 'mht' files from upload
* (bug 8760) Allow wiki links in "protectexpiry" message
* (bug 5908) Add "DEFAULTSORTKEY" and "DEFAULTCATEGORYSORT" aliases for
"DEFAULTSORT" magic word
* (bug 10181) Support the XCache object caching mechanism
* (bug 9058) Introduce '--aconf' option for all maintenance scripts, to provide
a path to the AdminSettings.php file
* (bug 8781) Remind users to check file permissions for LocalSettings.php
post-installation
* Use shared.css for all skins and oldshared.css in place of common.css for
pre-Monobook skins. As always, modifications should go in-wiki to MediaWiki:
Common.css and MediaWiki:Monobook.css.
* (bug 8869) Introduce Special:Uncategorizedtemplates
* (bug 8734) Different log message when article protection level is changed
* (bug 8458, 10338) Limit custom signature length to $wgMaxSigChars Unicode
characters
* (bug 10096) Added an ability to query interwiki map table
* On reupload, add a null revision to the image description page
* Group log output by date
* Kurdish interface latin/arabic writing system with transliteration
* Support wiki text in all query page headers
* Add 'Orphanedpages' as an alias to Special:Lonelypages
* (bug 9328) Use "revision-info-current" message in place of "revision-info"
when viewing the current revision of a page, if available
* (bug 8890) Enable wiki text for "license" message
* Throw a showstopper exception when a hook function fails to return a value.
Forgetting to give a 'true' return value is a very common error which tends
to cause hard-to-track-down interactions between extensions.
* Use $wgJobClasses to determine the correct Job to instantiate for a particular
queued task; allows extensions to introduce custom jobs
* (bug 10326) AJAX-based page watching and unwatching has been cleaned up and
enabled by default.
* Added option to install to MyISAM
* (bug 9250) Remove hardcoded minimum image name length of three characters
* Fixed DISPLAYTITLE behavior to reject titles which don't normalise to the
same title as the current page, and enabled by default
* Wrap site CSS and JavaScript in a <pre> tag, like user JS/CSS
* (bug 10196) Add classes and dir="ltr" to the <pre>s on CSS and JS pages (new
classes: mw-code, mw-css, mw-js)
* (bug 6711) Add $wgAddGroups and $wgRemoveGroups to allow finer control over
usergroup assignment.
* Introduce 'UserEffectiveGroups' hook; see docs/hooks.txt for more information
* (bug 10387) Detect and handle '.php5' extension environments at install time
* Introduce 'ShowRawCssJs' hook; see docs/hooks.txt for more information
* (bug 10404) Show rights log for the selected user in Special:Userrights
* New javascript for upload page that will show a warning if a file with the
"destination filename" already exists.
* Add 'editsection-brackets' message to allow localization (or removal) of the
brackets in the "[edit]" link for sections
* (bug 10437) Move texvc styling to shared.css
* Introduce "raw editing" mode for the watchlist, to allow bulk additions,
removals, and convenient exporting of watchlist contents
* Show "undo" links in page histories
* Option to jump to specified time period in user contributions
* Improved feedback on "rollback success" page
* Show distinct 'namespaceprotected' message to users when namespace protection
prevents page editing
* (bug 9936) Per-edit suppression of preview-on-first edit with "preview=no"
* Allow showing a one-off preview on first edit with "preview=yes"
* (bug 9151) Remove timed redirects on "Return to X" pages for accessibility.
* Link to user logs in toolbox when viewing a user page
* (bug 10508) Allow HTML attributes on <gallery>
* (bug 1962) Allow HTML attributes on <math>
* (bug 10530) Introduce optional "sp-contributions-explain" message for
additional explanation in Special:Contributions
* (bug 10520) Preview licences during upload via AJAX (toggle with
$wgAjaxLicensePreview)
* New Parser::setTransparentTagHook for parser extension and template
compatibility
* Introduced 'ContributionsToolLinks' hook; see docs/hooks.txt for more
information
* Add a message if category is empty
* Add CSS compatibility for Opera 9.5
* Remove largely untested handheld stylesheet, which was causing more trouble
than good. Proper handheld support will be added at a future date. For now,
display should be acceptable either with CSS turned off or when using a so-
phisticated handheld browser.
* (bug 3173) Option to offer exported pages as a download, rather than
displaying inline, as in most browsers
* Pass the user as an argument to 'isValidPassword' hook callbacks; see
docs/hooks.txt for more information
* Introduce 'UserGetRights' hook; see docs/hooks.txt for more information
* (bug 9595) Pass new Revision to the 'ArticleInsertComplete' and
'ArticleSaveComplete' hooks; see docs/hooks.txt for more information
* (bug 9575) Accept upload description from GET parameters
* Skip the difference engine cache when 'action=purge' is used while requesting
a difference page, to allow refreshing the cache in case of errors
* (bug 10701) Link to Special:Listusers in default Special:Statistics messages
* Improved file history presentation
* (bug 10739) Users can now enter comments when reverting files
* Improved handling of permissions errors
* (bug 10793) "Mark patrolled" links will now be shown for users with
patrol permissions on all eligible diff pages
* (bug 10655) Show standard tool links for blocked users in block log messages
* Show standard tool links for blocked users in Special:Ipblocklist
* Miscellaneous aesthetic improvements to Special:Ipblocklist
* (bug 10826) Added link trail with Cyrillic characters for Mongolian language
* (bug 10859) Introduce 'UserGetImplicitGroups' hook; see docs/hooks.txt for
more information
* (bug 10832) Include user information when viewing a deleted revision
* (bug 10872) Fall back to sane defaults when generating protection selector
labels for custom restriction levels
* Show edit count in user preferences
* Improved support for audio/video extensions
* (bug 10937) Distinguish overwritten files in upload log
* Introduce 'ArticleUpdateBeforeRedirect' hook; see docs/hooks.txt for more
information
* Confirmation is now required when deleting old versions of files
* (bug 7535) Users can now enter comments when deleting old versions of files
* (bug 11001) Submit Special:Newpages as a GET, rather than a POST request
* The <strong></strong> around links to watched pages in change lists now
has a class - "mw-watched"
* (bug 9002) Provide a "view/restore deleted edits" link on Special:Upload
when a destination filename is provided that corresponds with previous
deleted files
* Make the "invalid special page" message clearer
* Add accesskey 's' and tooltip to 'upload file' button at Special:Upload
* Introduced 'SkinAfterBottomScripts' hook; see docs/hooks.txt for
more information
* (bug 11095) Honour "preview on first edit" preference when preloading
text for a non-existent page
* (bug 11022) Use a more accurate page title for Special:Whatlinkshere and
Special:Recentchangeslinked
* Add link to user contributions in normal watchlist edit mode
* (bug 9426) Add 'newsectionheaderdefaultlevel' message to allow
modification of the heading formatting for new sections when section=new
argument is supplied
* (bug 10836) Add 'newsectionsummary' message to allow modification of the
text that prefixes a new section link in Recent Changes
== Bugfixes since 1.10 ==
* (bug 9712) Use Arabic comma in date/time formats for Arabic and Farsi
* (bug 9670) Follow redirects when render edit section links to transcluded
templates.
* (bug 6204) Fix incorrect unindentation with $wgMaxTocLevel
* (bug 3431) Suppress "next page" link in Special:Search at end of results
* Don't show unblock form if the user doesn't have permission to use it
(cosmetic change, no vulnerabilities existed)
* Subtitle success message when unblocking a block ID instead of a pseudo link
like [[User:#123|#123]]
* Use the standard HTTP fetch functions when retrieving remote wiki pages
through transwiki, so we can take advantage of cURL goodies if available
* Disable user JavaScript on Special:Userlogin, Special:Resetpass and
Special:Preferences, to avoid a compromised script sniffing passwords, etc.
* (bug 9854, 3770) Clip overflow text in gallery boxes for visual cleanliness
instead of letting it flow outside the box or trigger ugly scroll bars.
* Tooltips for print version and permalink
* Links to the MediaWiki namespace for system messages having their default
values are no longer shown as nonexistent (e.g., in red)
* Special:Ipblocklist differentiates between empty list and no search results.
* (bug 5375) profiling does not respect read-only mode.
* (bug 7070) monobook/user.gif has antialias artifacts
* (bug 9123) Safer way when applying $wgLocalTZoffset
* (bug 9896) Documentation for $wgSquidServers and X-FORWARDED-FOR
* (bug 9417) Uploading new versions of images when using Postgres no longer
throws warnings.
* (bug 9908) Using tsearch2 with Postgres 8.1 no longer gives an error.
* (bug 1438) Fix for diff table layout on very wide lines.
Diff style rules have been broken out to common/diff.css,
and the dupes removed from the default skin files.
Skins can still override the default rules.
* (bug 1229) Balance columns in diff display evenly
* Right-align diff line numbers in RTL language display
* (bug 9332) Fix instructions in tests/README
* (bug 9813) Reject usernames containing '#' to avoid silent truncation
of fragments during the normalisation process
* (bug 7989) RSS feeds content now use black text when using white background.
* (bug 9971) Typo in a french language message.
* (bug 9973) Changed size was shown in advanced recentchanges collapsible items
with $wgRCShowChangedSized = false.
* Fix PHP strict standards warning in enhanced recent changes.
* (bug 5850) Added hexadecimal html entities comments for $digitTransformTable
entries.
* (bug 7432) Change language name for Aromanian (roa-rup)
* (bug 908) Unexistent special pages now generate a red link.
* (bug 7899) Added \hline and \vline to the list of allowed TeX commands
* (bug 7993) support mathematical symbol classes
* (bug 10007) Allow Block IP to work with Postgrs again.
* Add Google Wireless Transcoder to the Unicode editing blacklist
* (bug 10083) Fix for Special:Version breakage on PHP 5.2 with some hooks
* (bug 3624) TeX: \ker, \hom, \arg, \dim treated like \sin & \cos
* (bug 10132, 10134) Restore back-compatibility Image::imageUrl() function
* (bug 10113) Fix double-click for view source on protected pages
* (bug 10117) Special:Wantedpages doesn't handle invalid titles in result
set [now prints out a warning]
* (bug 10118) Introduced Special:Mostlinkedtemplates, report which lists
templates with a high number of inclusion links
* (bug 10104) Fixed Database::getLag() for PostgreSQL and Oracle
* (bug 9820) session.save_path check no longer halts installation, but
warns of possible bad values
* (bug 9978) Fixed session.save_path validation when using extended
configuration format, e.g. "5;/tmp"
* Don't generate a diff link in the patrol log if the page doesn't exist
* (bug 10067) Translations for former skins removed from message files
* (bug 9993) Force $wgShowExceptionDetails on during installation
* (bug 9980) Validate administrator username and password during
installation
* (bug 9383) Don't set a default value for BLOB column in rc-deleted
database patch
* (bug 10149) Don't show full template list on section-0 edit
* (bug 9909) Ensure access to binary fields in the math table use encodeBlob()
and decodeBlob()
* (bug 6743) Don't link broken image links to the upload form when uploads
are disabled
* (bug 9679) Improve documentation for $wgSiteNotice
* (bug 10215) Show custom editing introduction when editing existing pages
* (bug 10223) Fix edit link in noarticletext localizations for fr, oc
* (bug 10247) Fix IP address regex to avoid false positive IPv6 matches
* (bug 9948) Workaround for diff regression with old Mozilla versions
* (bug 10265) Fix regression in category image gallery paging
* (bug 8577) Fix some weird misapplications of time zones.
{{CURRENT*}} functions now consistently use UTC as intended, while
{{LOCAL*}} functions return local time per server config or $wgLocaltimezone.
Signature dates for Japanese and other languages including weekday now show
the correct day to match the rest of the time in local time.
* Escape the output of magic variables that return page name or part of it
* (bug 10309) Initialise parser state properly in extractSections(), fixes
some cases where section edits broke because tags were improperly stripped
* Avoid PHP notice errors when doing HTTP proxy purges for an empty list
* As intended, *skip* the HTTP proxy purges when doing HTCP purges
* (bug 9696) Fix handling of brace transformations in "pagemovedtext"
* (bug 10325) Fix regression in form action on Special:Listusers
* Fixed installation on MyISAM or old InnoDB with charset=utf8, was giving
overlong key errors.
* Fixed zero-padding issues with MySQL 5 binary schema
* (bug 10344) Don't follow a redirect after changing its protection level
* (bug 10333) Correct date format in Slovenian
* (bug 10160) Show error message for unknown namespace on Special:Allpages and
Special:Prefixindex; making forms prettier for RTL wikis.
* (bug 10334) Replace normal spaces before percent (%) signs with non-breaking
spaces
* (bug 10372) namespaceDupes.php no longer ignores namespace aliases
* (bug 10198) namespaceDupes.php no longer ignores interwiki prefixes
* namespaceDupes.php should work better for initial-lowercase wikis
* (bug 10377) "Permanent links" to revisions still work if the page is moved
and the redirect deleted
* (bug 7071) Properly handle an 'oldid' passed to view or edit that doesn't
match the given title. Fixes inconsistencies with talk, history, edit links.
* (bug 10397) Fix AJAX watch error fallback when we receive a bogus result
* (bug 10396) Fix AJAX error when $wgScriptPath/index.php is not valid;
using $wgScript now included in JS info
* Use native XMLHttpRequest class in preference to ActiveX on IE 7; this
avoids the "ActiveX "Do you want to allow ActiveX?" prompt when something
security settings are cranked this way and AJAX-y gets used.
* Delay AJAX watch initialization until click so IE 6 with ugly security
settings doesn't prompt you until you use the link.
* (bug 10401) Provide non-redirecting link to original title in Special:Movepage
* Fix broken handling of log views for page titles consisting of one
or more zeros, e.g. "0", "00" etc.
* Fix read permission check for special pages with subpage parameters, e.g.
Special:Confirmemail
* Fix read permission check for unreadable page titles which are numerically
equivalent to a whitelisted title
* '?>' closing tag removed from all files to help avoid problems with extraneous
whitespace (broken XML feeds, etc.)
* Don't use garbled parser cache output when viewing custom CSS or JavaScript
pages
* (bug 10406) Fix Special:Listusers filter form for non-ASCII localizations
* Fix empty message checks for message names containing &
This corrects some odd behavior with sidebar items and custom namespaces
containing ampersands.
* (bug 10375) Change thousands separator character to for Latin (la)
* (bug 10477) Fix AJAX watch for Farsi on Firefox: JavaScript encoding tweak
* (bug 10496) Fix broken DISTINCT option logic in database backend
* Fix CSS media declaration for "screen, projection"; was causing some
validation issues
* (bug 10495) $wgMemcachedDebug set twice in includes/DefaultSettings.php
* (bug 10316) Prevent inconsistent cached skin settings in gen=js by setting
the intended skin directly in the URL.
* (bug 9903) Don't mark redirects in categories as stubs
* (bug 6965) Cannot include "Template:R" with {{R}} (magic word conflict)
* Padding parser functions now work with strings like '0' that evaluate to false
* (bug 10332) Title->userCan( 'edit' ) may return false positive
* Fix bug with <nowiki> in front of links for wikis where linkPrefixExtension is
true
* (bug 10552) Suppress rollback link in history for single-revision pages
* (bug 10538) Gracefully handle invalid input on move success page
* Fix for Esperanto double-x-encoding in move success page
* (bug 10526) Fix toolbar/insertTags behavior for IE 6/7 and Opera (8+)
Now matches the selection behavior on Mozilla / Safari.
Patch by Alex Smotrov.
* Don't show non-functional toolbar buttons on Opera 7 anymore
* (bug 9151) Fix relative subpage links with section fragments
* (bug 10560) Adding a space between category letter heading and "continues"
* (bug 4650) Keep impossibly large/small counts off Special:Statistics
* (bug 10608) PHP notice when installing with PostgreSQL
* (bug 10615) Fix for transwiki import when CURL not available
* (bug 8054) Return search page for empty search requests with ugly URLs
* (bug 10572) Force refresh after clearing visitation timestamps on watchlist
* (bug 10631) Warn when illegal characters are removed from filename at upload
* Fix several JavaScript bugs under MSIE 5/Macintosh
* (bug 10591) Use Arabic numerals (0,1,2...) for the Malayam language
* (bug 10642) Fix shift-click checkbox behavior for Opera 9.0+ and 6.0
* Work around Safari bug with pages ending in ".gz" or ".tgz"
* Removed obsolete maintenance/changeuser.sql script; use RenameUser extension
* (bug 2735) "Preview" shown in title bar for action=submit on special pages
* Removed "restore" links from the deletion log embedded in Special:Undelete
* Improved error reporting and robustness for file delete/undelete.
* Improved speed of file delete by storing the SHA-1 hash in image/oldimage
* Fixed leading zero in base 36 SHA-1 hash
* Protection form no longer produces JavaScript errors
* (bug 10741) File histories show "delete" links for non-sysops
* (bug 10744) Treat "noarticletext" and "noarticletextanon" as wiki text when
used on a non-existent page with "action=info"
* Fix escaping of raw message text when used on a non-existent page with
"action=info"
* (bug 10683) Fix inconsistent handling of URL-encoded titles in links
used in redirects (i.e. they now work)
* (bug 8878) Changes to $dateFormats in German localization (removing unused,
nonexistent formats, putting time after date)
* (bug 10769) Database::update() should return boolean result
* Fix preference checkbox display for right-to-left languages which caused
them to be hidden in IE in some cases
* Fix upload form display in right-to-left languages
* Fixed regression in blocking of username '0'
* (bug 9437) Don't overwrite edit form submission handler when setting up
edit box scroll position preserve/restore behavior
* (bug 10805) Fix "undo" link when viewing the diff of the most recent
change to a page using "diff=0"
* (bug 10765) img_auth.php will now refuse logged-out requests where
$wgWhitelistRead is undefined, instead of (incorrectly) honouring them
* Fixed img_auth.php file name extraction for whitelist checking
* Tweak spacing of email preference display
* Table sorting JavaScript prefers textContent over innerText to allow hidden
sort keys to work on Safari
* (bug 4530) Fix local name of Kurdish language
* (bug 10830) Fix local name of Haitian Creole language
* Fix invalid XHTML in Special:Protectedpages
* Fix comments in contributions and log pages for right-to-left languages
* Make installer include_path-independent, so it should work on hosts which
disable user setting of PHP include_path setting
* glob() is horribly unreliable and doesn't work on some systems, including
free.fr shared hosting. No longer using it in Language::getLanguageNames()
* (bug 10763) Fix multi-insert logic for PostgreSQL
* Fix invalid XHTML when viewing a deleted revision
* Fix syntax error in translations of magic words in Romanian language
* (bug 8737) Fix warnings caused by incorrect use of `/dev/null` when piping
process error output under Windows
* (bug 7890) Don't list redirects to special pages in Special:BrokenRedirects
* (bug 10783) Resizing PNG-24 images with GD no longer causes all alpha
channel transparency to be lost and transparent pixels to be turned black
* (bug 9339) General error pages were transforming messages and their parameters
in the wrong order
* (bug 9026) Incorrect heading numbering when viewing Special:Statistics with
"auto-numbered headings" enabled
* Fixed invalid XHTML in Special:Upload
* (bug 11013) Make sure dl() is available before attempting to use it to check
available databases in installer
* Resizing transparent GIF images with GD now retains transparency by skipping
resampling
* (bug 11065) Fix regression in handling of wiki-formatted EXIF metadata
* Double encoding broke Special:Newpages for some languages
* Adding a newline before the statistics footer, to prevent parsing problems
* Preventing the TOC from appearing in Special:Statistics
* (bug 11082) Fix check for fully-specced table names in Database::tableName
* (bug 11067) Fix regression in upload conflict thumbnail display
* (bug 10985) Resolved cached entries on Special:DoubleRedirects were being
suppressed, breaking paging - now strikes out "fixed" results
* (bug 8393) <sup> and <sub> need to be preserved (without attributes) for
entries in the table of contents
* (bug 11114) Fix regression in read-only mode error display during editing
* Force non-MySQL databases to use an ORDER BY in SpecialAllpages to ensure
that the first page_title is truly the first page title.
* (bug 10836) Change the summary on creating of new section
* Inclusion of Special:Wantedpages now works again
== API changes since 1.10 ==
Full API documentation is available at https://www.mediawiki.org/wiki/API
* New properties: links, templates, images, langlinks, categories, external
links
* Breaking Change: imagelinks renamed into imageusage (il->iu)
* Bug fix: incorrect generator behavior in some cases
* JSON format allows an optional callback function to wrap the result.
* Login module disabled until a more secure solution can be implemented
* (bug 9938) Querying by revision identifier returns the most recent revision
for the corresponding page, rather than the requested revision
* (bug 8772) Filter page revision queries by user
* (bug 9927) User contributions queries do not accept IP addresses
* Watchlist feed now reports a proper feed item when the user is not logged in
* Watchlist feed date bug fixed - automatically shows one last day
* Watchlist feed now allows to specify number of hours to monitor
* list=allpages now returns a list instead of a map in JSON format
* Breaking Change: in json, revisions are now returned as a list, not as a map.
* Add: prop=info can show page is new flag, current page length, and visit
counter.
* Change: Query watchlist now shows flags only when explicitly requested with
wlparam=flags
* rc_this_oldid (textid) is no longer accessible from query watchlist
* action=usercontribs: additional filtering by ucshow=; selection of needed
fields with ucprop=; the textid (rev_text_id) is no longer being exposed
* (bug 9970) Breaking Change: backlinks, embeddedin and imageusage now return
lists in JSON instead of a map, and do not return anything when titles do
not exist
* (bug 9121) Introduced indexpageids query parameter to list the page_id
values of all returned page items
* (bug 10147) Now interwiki titles are not processed but added to a separate
"interwiki" section of the output.
* Added categorymembers list to query for pages in a category.
* (bug 10260) Show page protection status
* (bug 10392) Include MediaWiki version details in version output
* (bug 10411) Site language in meta=siteinfo
* (bug 10391) action=help doesn't return help if format is fancy markup
* backlinks, embeddedin and imageusage lists should use (bl|ei|iu)title
parameter instead of titles. Titles for these lists is obsolete and might stop
working soon.
* Added prop=imageinfo - gets image properties and upload history
* (bug 10211) Added db server replication lag information in meta=siteinfo
* Added external url search within wiki pages (list=exturlusage)
* Added link enumeration (list=alllinks)
* Added registered users enumeration (list=allusers)
* Added full text search in titles and content (list=search)
* (bug 10684) Expanded list=allusers functionality
* Possible breaking change: prop=revisions no longer includes pageid for
rvprop=ids
* Added rvprop=size to prop=revisions (The size will not be shown if it is NULL
in the database)
* list=allpages now allows to filter by article min/max size and protection
status
* Added site statistics (siprop=statistics for meta=siteinfo)
* (bug 10902) Unable to fetch user contributions from IP addresses
* `list=usercontribs` no longer requires that the user exist
* (bug 10971) `aufrom` parameter doesn't work with spaces
* Fix username handling issue with `auprefix` parameter
* Treat underscores as spaces for `aufrom` and `auprefix` parameters
* Added edit/delete/... token retrieval to prop=info
* Added meta=userinfo - logged-in user information, group membership, rights
* (bug 11072) Fix regression in API image history query
* (bug 11115) Adding SHA1 hash to imageinfo query
* (bug 10898) API does not return an edit token for non-existent pages
* (bug 10890) Timestamp support for categorymembers query
* (bug 10980) Add exclude redirects on backlinks
* IPv6 titles in User namespace are normalized (run cleanupTitles.php to fix any
old stray pages)
== Maintenance script changes since 1.10 ==
* Add support for wgMaxTocLevel option in parserTests
* (bug 6823) Disable article view counter in maintenance/dumpHTML.php
* Fix maintenance/importImages.php so it doesn't barf PHP errors when no
suitable files are found, and make the list of extensions an option (defaults
to $wgFileExtensions)
* Add option to maintenance/createAndPromote.php to give the user bureaucrat
permissions (--bureaucrat)
* Allow overwriting existing files with a conflicting name using
maintenance/importImages.php
* (bug 10266) Use native newlines when rebuilding a messages file.
== Languages updated since 1.10 ==
* Afrikaans (af)
* Arabic (ar)
* Bikol (bcl)
* Bulgarian (bg)
* Catalan (ca)
* Danish (da)
* German (de)
* Greek (el)
* Esperanto (eo)
* Spanish (es)
* Estonian (et)
* Extremaduran (ext)
* Farsi (fa)
* Finnish (fi)
* Vöro (fiu-vro)
* French (fr)
* Français Cadien (frc) (new)
* Franco-Provençal/Arpetan (frp)
* Galician (gl)
* Hakka (hak)
* Hebrew (he)
* Upper Sorbian (hsb)
* Haitian (ht)
* Indonesian (id)
* Icelandic (is)
* Italian (it)
* Japanese (ja)
* Georgian (ka)
* Kabyle (kab)
* Kazakh (kk)
* Korean (ko)
* Kinaray-a (krj) (new)
* Kurdish (ku)
* Latin (la)
* Lao (lo)
* Lithuanian (lt)
* Latviešu (lv)
* Malayalam (ml)
* Bahasa Melayu (ms)
* Burmese (my)
* Low German (nds)
* Dutch (nl)
* Norwegian (no)
* Occitan (oc)
* Punjabi (Gurmukhi) (pa)
* Polish (pl)
* Piedmontese (pms)
* Portuguese (pt)
* Romani (rmy)
* Romanian (ro)
* Aromanian (roa-rup)
* Russian (ru)
* Sakha (sah)
* Sango (se) (new)
* Slovak (sk)
* Slovenian (sl)
* Shona (sn)
* Somali (so)
* Albanian (sq)
* Sundanese (su)
* Swedish (sv)
* Tamil (ta)
* Thai (th)
* Tigrinya (ti)
* Setswana (tn)
* Tok Pisin (tpi)
* Uyghur (ug)
* Volapük (vo)
* Winaray (war) (new)
* Yiddish (yi)
* Old Chinese / Late Middle Chinese (zh-classical)
* Chinese (PRC) (zh-cn)
* Chinese (Taiwan) (zh-tw)
* Cantonese (zh-yue)
== MediaWiki 1.10 ==
== MediaWiki 1.10.4 ==
March 2, 2008
* Correction for API path fix, broken in 1.10.3
== MediaWiki 1.10.3 ==
January 23, 2008
This is a security update to the Winter 2007 quarterly release. A potential
XSS injection vector affecting api.php only for Microsoft Internet Explorer
users has been closed.
To work around the vulnerability without upgrading, you may disable the API if
you don't need it:
:[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;
Not vulnerable versions:
* 1.12 or later
* 1.11 >= 1.11.1
* 1.10 >= 1.10.3
* 1.9 >= 1.9.5
* 1.8 any version (if $wgEnableAPI has been left off)
Vulnerable versions:
* 1.11 <= 1.11.0rc1
* 1.10 <= 1.10.2
* 1.9 <= 1.9.4
* 1.8 any version (if $wgEnableAPI has been switched on)
MediaWiki 1.7 and below are not affected as they do not include the API
functionality, however the BotQuery extension is similarly vulnerable unless
updated to the latest SVN version.
== MediaWiki 1.10.2 ==
September 10, 2007
This is a security fix update to the Spring 2007 quarterly release snapshot. A
possible HTML/XSS injection vector in the API pretty-printing mode has been
found and fixed.
The vulnerability may be worked around in an unfixed version by simply
disabling the API interface if it is not in use, by adding this to
LocalSettings.php:
:[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;
Not vulnerable versions:
* 1.11 >= 1.11.0
* 1.10 >= 1.10.2
* 1.9 >= 1.9.4
* 1.8 >= 1.8.5
Vulnerable versions:
* 1.11 <= 1.11.0rc1
* 1.10 <= 1.10.1
* 1.9 <= 1.9.3
* 1.8 <= 1.8.4 (if $wgEnableAPI has been switched on)
MediaWiki 1.7 and below are not affected as they do not include the faulty
function, however the BotQuery extension is similarly vulnerable unless updated
to the latest SVN version.
== MediaWiki 1.10.1 ==
July 13, 2007
This is a bugfix update to the Spring 2007 quarterly release snapshot. A number
of fixes to improve compatibility with PostgreSQL, some versions of MySQL, and
some PHP configurations are included.
Changes since 1.10.0:
* (bug [[bugzilla:9417|9417]]) Uploading new versions of images when using
Postgres no longer throws warnings.
* (bug [[bugzilla:9908|9908]]) Using tsearch2 with Postgres 8.1 no longer gives
an error.
* (bug [[bugzilla:9973|9973]]) Changed size was shown in advanced recentchanges
collapsible items with $wgRCShowChangedSized = false.
* Fixed installation on MyISAM or old InnoDB with charset=utf8, was giving
overlong key errors.
* Fixed zero-padding issues with MySQL 5 binary schema
* (bug [[bugzilla:9820|9820]]) session.save_path check no longer halts
installation, but warns of possible bad values
* (bug [[bugzilla:9978|9978]]) Fixed session.save_path validation when using
extended configuration format, e.g. "5;/tmp"
== MediaWiki 1.10.0 ==
May 9, 2007
This is the quarterly release snapshot for Spring 2007. See below for a full
list of changes since the 1.9.x series.
Changes since 1.10.0rc2:
* (bug [[bugzilla:9808|9808]]) Fix regression that ignored user 'rclimit'
option for Special:Contributions
== MediaWiki 1.10.0rc2 ==
May 4, 2007
THIS IS A RELEASE CANDIDATE MADE AVAILABLE FOR TESTING!
A FINAL 1.10.0 RELEASE WILL APPEAR WITHIN A FEW DAYS.
Changes since 1.10.0rc1:
* Various l10n fixes and updates
* Fix for upgrade of page_restrictions table
* (bug [[bugzilla:9780|9780]]) Fix normalization of titles with initial colon
followed by whitespace
* Fix for regression in upload: wrong size info saved into image table
* Avoid cyclic stub problems when authorization hooks do funny things with the
user and the database at load time
== MediaWiki 1.10.0rc1 ==
This is the Spring 2007 branch release of MediaWiki.
MediaWiki is now using a "continuous integration" development model with
quarterly snapshot releases. The latest development code is always kept
"ready to run", and in fact runs our own sites on Wikipedia.
Release branches will continue to receive security updates for about a year
from first release, but nonessential bugfixes and feature developments
will be made on the development trunk and appear in the next quarterly release.
Those wishing to use the latest code instead of a branch release can obtain
it from source control: https://www.mediawiki.org/wiki/Download_from_SVN
== Configuration changes ==
* A new switch $wgCommandLineDarkBg used by maintenance scripts
(parserTests.php). It lets you specify if your terminal use a dark background,
the colorized output will be made lighter making things easier to read.
* The minimum permissions needed to edit a page in each namespace can now be
customized via the $wgNamespaceProtection array. By default, editing pages in
the MediaWiki namespace requires "editinterface" permission, as before.
* Allow restriction of autoconfirmed permission by edit count. New global
setting $wgAutoConfirmCount (defaulting to zero, naturally).
* Added rate limiter for Special:Emailuser
* Private logs can now be created using $wgLogRestrictions
* (Bug 8590) limited HTML is now always enabled ($wgUserHtml = true).
* Deprecated $wgUseImageResize, thumbnailing will be enabled unconditionally.
== New features since 1.9 ==
* (bug 6937) Introduce "statistics-footer" message, appended to
Special:Statistics
* (bug 6638) List block flags in block log entries
* (bugs 5051, 5376) Tooltips and accesskeys no longer require JavaScript
* Added SkinTemplateOutputPageBeforeExec hook before SkinTemplate::outputPage()
starts page output
(http://lists.wikimedia.org/pipermail/wikitech-l/2007-January/028554.html)
* Introduce "cascading protection" -- implicit protection on pages transcluded
into a page protected with this option enabled
* (bug 8567) Added hook RawPageViewBeforeOutput just before the text is blown
out in action=raw, so extensions might influence the output.
* (bug 3446) Add user preference to hide page content below diffs, can be
overridden by adding diffonly=1 or diffonly=0 to the URL of the diff page
* Add 'purge' privilege to replace the hardcoded check for login state in
determining whether action=purge can be done via GET. Switching the
permission on for anons can be helpful for benchmarking.
* (bug 7842) Link back to deleted revision list from deleted revision preview
* (bug 8619) Add user-aware "unblock" link to Special:Blockip
* (bug 8522) Provide a "delete" link on Special:Brokenredirects for users with
the appropriate permission
* (bug 8628) Add user-aware block list link to Special:Blockip
* (bug 8621) Log revisions marked as patrolled
* Introduce "BookInformation" hook; see docs/hooks.txt for more details
* Add title prefix search for Special:Undelete
* Remove full-archive list from Special:Undelete
* (bug 8136) Introduce 'ArticleUndelete' hook; see docs/hooks.txt for more info
* (bug 8712) Expose user groups as a JavaScript global
* Introduce 'CustomEditor' hook; see docs/hooks.txt for more information
* New special page, Special:Protectedpages, which shows all protected pages
and their protection status (full protection status is not pulled out due
to performance considerations, so it just shows "full protected" or
"semi protected".
* (bug 4133) Allow page protections to be made with an expiry date, in the same
format as block expiry dates. Existing protections are assumed to be infinite,
as are protections made with the new field left blank.
* (bug 8535) Allow certain vertical alignment attributes to be used as image
keywords
* (bug 6987) Allow perrow, widths, and heights attributes for <gallery>
* (bug 3678) Allow disabling MediaWiki:Aboutsite in the same way as
MediaWiki:Disclaimers; Also means that if any of the footer links are
disabled in the wiki's default language (by setting to "-"), they'll also
be disabled in other languages too (e.g. if the user specifies uselang=fr).
* Sort log types in Special:Log
* Added a classname ("mw-toolbar-editbutton") and unique IDs to the edit
toolbar buttons
* Hide irrelevant block options in Special:Blockip based on whether an
IP address/range or username is listed. (Dynamic using JS.)
* (bug 9032) Make quickbarSettings localizable through Special:Allmessages
* (bug 7782) Standardisation of file info at image description pages.
* (bug 1035) View contributions / recentchanges for an IP range.
* (bug 8747) When unwatching pages from Special:Watchlist/edit, put the
confirmation messages in a proper list with a CSS class and id.
* (bug 9118) Show relevant log fragments on deletion confirmatio page
* (bug 9009) Add username entry field to Special:Contributions
* (bug 1723) Article size in history
* (bug 9223) Disallow magic tilde sequences in page titles and usernames
* (bug 6997) Link from Special:log/block to unblock form
* (bug 9117) Link from Special:log/delete to undelete form
* Link from Special:log/protect to change protection form
* (bug 1196) Add IPv6 support added to blocks, more consistancy for IPv6
contribs
* (bug 3984) Searching in logs by title%
* Show thumbnail of existing image if image exists already under this filename
* (bug 5546) Watchlist reflects logged actions like move, protection, undelete
* Support protocols other than HTTP in LinkFilter, use $wgUrlProtocols
* (bug 3069) Warning on upload of scaled down images
* Warning on upload of images with uppercase extension if image with lowercase
extension exists
* (bug 4624) Namespace selection for Special:Whatlinkshere
* Introduce PageHistoryBeforeList and PageHistoryLineEnding hooks; see
docs/hooks.txt for more information
* (bug 9397) Introduce "sp-contributions-footer" and
"sp-contributions-footer-anon" messages, shown at the end of
Special:Contributions as appropriate for the target
* (bug 8421) Expose current action in JavaScript globals (as 'wgAction')
* (bug 9069) Use galleries in query pages dedicated to images
* (bug 9177) Installer now warns of various conditions affecting
session.save_path which can lead to broken session storage
* (bug 9046) Special page to list pages without language links
* (bug 9508) Special page to list articles with the fewest revisions
* Introduce 'FileUpload' hook; see docs/hooks.txt for more information
* Introduce 'SearchUpdate' hook; see docs/hooks.txt for more information
* Introduce 'mywatchlist' message; used on personal menu to link to watchlist
page
* Introduce magic word {{NUMBEROFEDITS}}
* Introduced media handlers for file-type specific operations.
* Improved error reporting for image thumbnailing
* Added sharpening option for ImageMagick thumbnailing
* (bug 9656) Autosummaries will be generated for deletion of pages longer than
500 characters
* Predefined block reasons added to Special:Blockip
* (bug 9196) Installer now check that zend.ze1_compatibility_mode is off
* (bug 9697) Introduce 'InternalParseBeforeLinks' hook; see docs/hooks.txt for
more information
* 'contribsub' message changed to 'contribsub2' with two parameters to permit
better localization. Change is reverse-compatible and can be ignored for
most wikis.
* Adding a 'reason' field to Special:Userrights
== Bugfixes since 1.9 ==
* (bug 7292) Fix site statistics when moving pages in/out of content namespaces
* (bug 8531) Correct local name of Lingála
* Made the PLURAL: parser function return singular on -1 by default
* Fixed up the AjaxSearch
* Fix SpecialVersion->formatCredits input. Version and Url parameters should be
null to be treated properly with isset.
* Page restrictions moved into a new, dedicated table
* Correct tooltip accesskey hint for Opera on the Macintosh
(uses Shift-Esc-, not Ctrl-).
* (bug 8002) Math should render left-to-right even in right-to-left wikis
* Pass e-mail and real name fields to AuthPlugin::addUser, as additional
optional fields, which may be considered useful at registration time.
* PostgreSQL upgrade scripts fixed and updated
* (bug 8613) Fix error when viewing "Recent Changes" and using Postgres.
* Initialise site_stats table at upgrade time if data was missing
* (bug 7250) Updated Unicode normalization tables to Unicode 5.0
* Unmaintained Oracle support files have been removed.
* Use browser default for printing size, don't force to 11pt
* (bug 8632) Fix regression in page protection null edit update
* (bug 8407) Disallow indexing of "printable" versions
* (bug 8643) Correctly escape the page-specific CSS class for non-Monobook skins
* (bug 8629) Document $wgFilterCallback
* (bug 1000) Clarify warning about memory_limit in installer
* Suppress PHP warning about set_time_limit in installer when safe mode is on
* (bug 3000) Fall back to SCRIPT_NAME plus QUERY_STRING when REQUEST_URI is
not available, as on IIS with PHP-CGI
* Missing interwiki row for English Wikipedia restored (as "wikipedia:")
* use configured cache servers for mctest.php
* bucket details in mcc.php
* fix input validation and remove debugging code in compressOld
* full ID range for moveToExternal
* fix resolveStubs.php for compatibility with older serialized data
* maximum line length for bar graphs in getLagTimes.php
* recognize specieswiki in rebuildInterwiki.inc
* profile unicode cleanup in Xml
* log slow parses in Article.php
* profile wfMsgReal
* log mkdir failures
* profile AutoLoader
* rebuild empty DjVu metadata containing ''
* security fix for DjVu metadata retrieval
* Undelete page list can use plural marker
* (bug 8638) Fix update from 1.4 and earlier
* (bug 8641) Fix order of updates to ipblocks table
* (bug 8678) Fix detection of self-links for numeric titles in Parser
* (bug 6171) Magically close tags in tables when not using Tidy.
* Sanitizer now correctly escapes lonely '>' occurring before the first wikitag.
* Ignore self closing on closing tags ( '</div />' now gives '</div>')
* (bug 8673) Minor fix for web service API content-type header
* Fix API revision list on PHP 5.2.1; bad reference assignment
* (bug 8688) Handle underscores/spaces in Special:Blockip and
Special:Ipblocklist in a consistent manner
* (bug 8701) Check database lock status when blocking/unblocking users
* ParserOptions and ParserOutput classes are now in their own files
* (bug 8708) Namespace translations for Zealandic language
* Renamed constructor methods to PHP 5 __construct reserved name
* (bug 8715) Warn users when editing an interface message whether or not the
message page exists
* ar: fix the 'create a new page' on search page when no exact match found
* (bug 8703) Corrected talk and image namespace name for Limburgish (li)
* (bug 8671) Expose "wpDestFile" as a parameter to "uploadtext"
* (bug 8403) Respect bad image list exceptions in galleries on wiki pages
* Allow sending per-user contribution requests to "contributions" query group
* (bug 3717) Update user count for AuthPlugin account autocreation
* (bug 8719) Firefox release notes lie! Fix tooltips for Firefox 2 on x11;
accesskeys default settings appear to be same as Windows.
* Added an option to make Linker::userToolLinks() show the contribs link
red when the user has no edits. Linker::userToolLinksRedContribs() is an
alias to that which should be used to make it more self documentating.
* (bug 8749) Bring MySQL 5 table defs back into sync
* (bug 8751) Set session cookies to HTTPS-only to match other cookies
* (bug 8652) Catch exceptions generated by malformed XML in multipage media
* (bug 8782) Help text in Makefile
* (bug 8777) Suppress 'previous' link on Special:Allpages when at first page
* (bug 8774) Fix path for GNU FDL rights icon on new installs
* Fix multipage selector drop-down for DjVu images to work when title
is passed as a query string parameter; we have to pass the title as
a form parameter or it gets dropped from the form submission URL
* (bug 8819) Fix full path disclosure in with skins dependencies
* Fixed bug affecting HTML formatting in sortable table column titles
* Merged table sorting code into wikibits.js
* (bug 8711) Stop floats in previews from spilling into edit area
* (bug 8858) Safer handling when $wgImageLimits is changed. Added a note
in DefaultSettings to make it clear.
* (bug 4268) Fixed data-loss bug in compressOld batch text compression
affecting pages which had null edits (move, protect, etc) as second
edit in a batch group. Isolated and patched by Travis Derouin.
* Fix for paths in 1.4->1.5 special-case updater script
* (bug 8789) AJAX search: IE users can now use the return key
* (bug 6844) Use <ins> and <del> tags to emphase the differences
* (bug 6684) Fix improper javascript array iteration
* (bug 4347) use MailAddress object for reply-to
* Add AlphabeticPager abstract class
* Use faster AlphabeticPager for Special:Categories
* (bug 8875) Show printable link in MonoBook sidebar for locally nonexistent
pages; perhaps useful for categories and shared images
* Clean up session checks to better handle the case where the session was
opened during the current request. May help with some caching corner
cases.
* (bug 8897) Fix whitespace removal for interlanguage links with link prefix
* Add 'ParserTestTables' hook to expand the list of temporary tables copied
by the parser test harness; use for extensions which require the presence
of other tables while they work.
* Message names changed for AlphabeticPager introduced with r19758
for better localisations.
* (bug 8944) The deprecated is_a() function is used in StubObjects.php
* (bug 8992) Fix a remaining raw use of REQUEST_URI in history
* (bug 8999) User.php gives "undefined user editcount" PHP notice.
* (bug 8984) Fix a database error in Special:Recentchangeslinked
when using the Postgres database.
* Moved the main ob_start() from the default LocalSettings.php to WebStart.php.
The ob_start() section should preferably be removed from older
LocalSettings.php files.
* Give Content-Length header for HTTP/1.0 clients.
* Partial support for Flash cross-domain-policy filtering.
* Lazy-initialize site_stats row on load when empty. Somewhat kinder to
dump-based installations, avoiding PHP warnings when NUMBEROFARTICLES
and such are used.
* Add 'charset' to Content-Type headers on various HTTP error responses
to forestall additional UTF-7-autodetect XSS issues. PHP sends only
'text/html' by default when the script didn't specify more details,
which some inconsiderate browsers consider a license to autodetect
the deadly, hard-to-escape UTF-7.
This fixes an issue with the Ajax interface error message on MSIE when
$wgUseAjax is enabled (not default configuration); this UTF-7 variant
on a previously fixed attack vector was discovered by Moshe BA from BugSec:
http://www.bugsec.com/articles.php?Security=24
* Trackback responses now specify XML content type
* (bug 9044) Send a comment with action=raw pages in CSS/JS output mode
to work around IE/Mac bug where empty pages time out verrrrryyyyy slowly,
particularly with new keepalive-friendly HTTP on Wikipedia
* (bug 8919) Suppress paging links and related messages where there are no
rows to list for query pages
* (bug 9057) Standardize MediaWiki: namespace for oc
* (bug 8132) Suppress "Pages in this category" heading in categories when
there are none
* (bug 8958) Handle search operators better when using tsearch2 (Postgres)
* (bug 8799) Use redirect table for Special:BrokenRedirects and
Special:DoubleRedirects
* (bug 8918) Enable PLURAL option for MediaWiki:showingresults and
MediaWiki:showingresultsnum
* (bug 9122) Fix minor display issue in RTL with section edit link margin
* (bug 5805) Enable PLURAL option for some messages of watchlist and statistic
* (bug 3953) Work around poor display of parenthesis in the in other
languages section of MonoBook skin
* (bug 8539) Enable PLURAL option for another message of recentchanges.
* (bug 8728) MediaWiki:Badfiletype split into 3 messages
* (bug 9131) Allow SpecialContributions to work with Postgres
* (bug 9155) Allow footer info to wrap in Monobook
* (bug 8847) Strip spurious #fragments from request URI to fix redirect
loops on some server configurations
* (bug 9097) column "pr_pagetype" does not exist
* (bug 9217) Balance wfProfile calls in Skin::outputPage
* (bug 9222) PostgreSQL updater should not be version-specific
* Fix fallback implementation of mb_strlen so it works and isn't insanely
slow for large strings, since it's used for page edit lengths
* (bug 8815) Setting password in initUser() breaks LdapAuthentication plugin
* (bug 9256) Add a quick note to index.php header comments
* Make Special:Listusers caseinsensitive for first letter
* Default tidy.conf has been moved from extensions module into includes.
* Ignore lonely '''''
* (bug 9244) When calling edit page for nonexistent section, generate error
inside of just discarding edits, since edit links sometimes go to the wrong
place.
* (bug 9019) No warning during upload if image description page exists, but no
image
* (bug 8582) Allow thumbnailing when imagesize has a space.
* (bug 8716) Change math_inputhash and math_outputhash to bytea for Postgres
* (bug 9343) Correct internal name for Wolof language
* (bug 9363) Fix Postgres error on Recentchangeslinked
* (bug 5142) Fixed call of hook ArticleViewHeader
* (bug 4777) Separate prev/next messages for Special:Whatlinkshere
* Merge approx 15 missing Wikipedia language codes into wikipedia-interwiki.sql
based on Jeff Merkey's mediawiki-1.9.3.WG-20070316.tar.gz.bz2 archive.
* (bug 9411) Fix for shared image descriptions using query-string titles
* (bug 4756) Add user tool links for self created accounts at special:log
instead of sometimes broken block links from newuserlog extension
* (bug 5817) Special:Recentchangeslinked now shows red link for nonexistent
target page instead of silently redirecting
* (bug 8914) Don't transform colons in {{anchorencode:}}
* (bug 9241) Handle edit section links and include size links for cached
templates the same as the first transclusion.
* (bug 9466) "Rollback failed" page doesn't format edit comment
* (bug 9472) Invalid XHTML on cached special pages
* (bug 9472) Invalid XHTML on Special:Newpages
* (bug 4764) "My contributions" not bold when viewing own contributions
* (bug 9194) Add {{PLURAL:...}} to navigation bar of Special:Whatlinkshere
* (bug 9033) Use a more specific error message when users are not able/allowed
to edit page protection levels due to a block, database lock or permissions
* Fixed $wgFeedLimit
* (bug 9270) Corrected help namespace name for Dutch Lower Saxon (nds-nl)
* (bug 929, 4215) Expose "rcdays" user preference in Special:Preferences
* (bug 9554) Extension-provided group name messages not used
* (bug 9565) Translate template namespace name for Hindi (hi)
* (bug 8599) Correct localized names of zh-variants
* (bug 3366) Require skins based on SkinTemplate to override the skinname
property.
* (bug 9220) Removed obsoletes functions in install-utils.inc.
* Removed obsoletes Title::getRelatedCache and Title:touchArray
* (bug 7285) Check MySQL username length during install
* (bug 6910) Correct date/time formats in Vietnamese (vi)
* (bug 9608) Correctly use ORDER BY in dumpLinks.php
* (bug 9609) Correctly use ORDER BY in SpecialWhatlinkshere.php
* Special:Random and Special:Randomredirect now try harder to send the user to
a random page, and will give an error message if none really can be found
instead of sending the user to the main page like they used to
* Fix object variable used for displaying "not-patrolled" CSS class on list
* Fixed interaction of page parameter to ImagePage with the HTML file cache
* Fixed MIME type for SVG files, will be silently changed from image/svg
to image/svg+xml after loading from the database.
* Workaround for djvutoxml bug #1704049 (poor performance). Use djvudump
instead.
* Fixed odd behavior in ImagePage on DjVu thumbnailing errors
* (bug 5439) "Go" title search will now jump to shared/foreign Image: and
MediaWiki: pages that have not been locally edited.
* (bug 9630) Limits links in Whatlinkshere forgot about namespace filter
* Fixed upgrade for the non-standard MySQL schemas
* Disable MySQL's strict mode at session start for MySQL 4.1+, to avoid the
various problems that occur when it is on.
* (bug 9585) Fix regression in tidy usage in Special:Undelete previews
* (bug 3826) Normalize some invalid cookie name characters when setting
up $wgCookiePrefix. Completes application of patch by Anders Kaseorg.
* (bug 9649) Fix RTL form alignment for Special:Movepage
* (bug 9582) Members of bot group now mark edits patrolled by default
* (bug 9669) Fix limit ordering for rebuildrecentchanges; broken since
converted from 1.4 to 1.5 schema
* (bug 9682) Revert PHP 5.1 dependency on warning suppression for SVN info
* (bug 5959) Anchors dropped from stub links
* (bug 3348) Some additional weak password checks: password which is same
as username will now be rejected.
* (bug 8602) Converted Special:Contributions to use an IndexPager. The
interpretation of the offset parameter has changed, and the go parameter
has been removed.
* (bug 6204) Fixes for indentation with $wgMaxTocLevel:
- don't emit too many list close tags after an invisible header
- don't emit too many final list close tags if last header is invisible
- don't emit TOC when there are no visible headers
* (bug 7629) Fix $wgBrowserBlackList to avoid false positive on MSIE
when certain plugins are present which alter the user agent
== Maintenance ==
* New script maintenance/language/checkExtensioni18n.php used to check i18n
progress in the extension repository.
* Running maintenance/parserTests.php with '--record' option, will now
automatically attempt to create the required tables
* --purge option to do additional parser-cache purging for purgeList.php
* Fix hardcoded background color in parserTests.php
* parserTests.php : removed the 'light' option for --color argument, replacing
it with a new global switch : $wgCommandLineDarkBg
* (bug 8780) Clarify message for command-line scripts if LocalSettings.php
exists but is not readable
* dumpBackup / importDump now work with PostgreSQL
* (bug 8975) Use "Maintenance script" as the default username for
importImages.php and importTextFile.php scripts
* (bug 8933) Fix maintenance/reassignEdits.php script
* (bug 9440) Added "mediawikiwiki" interwiki prefix to MediaWiki.org
* (bug 2979) Import now gracefully skips invalid titles with a warning
* Restore '--norc' option for maintenance/importTextFile.php
* Help information for maintenance/importTextFile.php now easier to read on
consoles
* Doxygen documentation now show the revision number of each file, generate
graphs using dot and include a search engine.
== Languages updated ==
* Arabic (ar)
* Aramaic (arc)
* Aymara (ay)
* Belarusian normative (be)
* Belarusian alternative (be-x-old)
* Bulgarian (bg)
* Bihara (bh)
* Breton (br)
* Catalan (ca)
* Czech (cs)
* Danish (da)
* German (de)
* Greek (el)
* Esperanto (eo)
* Spanish (es)
* Estonian (et)
* Basque (eu)
* Finnish (fi)
* Võro (fiu-vro)
* French (fr)
* Hebrew (he)
* Hindi (hi)
* Upper Sorbian (hsb)
* Hungarian (hu)
* Armenian (hy)
* Indonesian (id)
* Italian (it)
* Japanese (ja)
* Javanese (jv)
* Georgian (ka)
* Kabyle (kab)
* Kazakh (kk)
* Korean (ko)
* Kashmiri (ks)
* Ripuarian (ksh)
* Latin (la)
* Luganda (lg)
* Limburgish (li)
* Lithuanian (lt)
* Latvian (lv)
* Marathi (mr)
* Low Saxon (nds)
* Dutch Lower Saxon (nds-nl)
* Nepali (ne)
* Nepal Bhasa (new)
* Dutch (nl)
* Occitan (oc)
* Pali (pi)
* Polish (pl)
* Romanian (ro)
* Russian (ru)
* Sanskrit (sa)
* Sicilian (scn)
* Slovak (sk)
* Sundanese (su)
* Swedish (sv)
* Tahitian (ty)
* Ukrainian (uk)
* Urdu (ur)
* Uzbek (uz)
* Vietnamese (vi)
* Zealandic (zea)
* Old Chinese / Late Middle Chinese (zh-classical)
* Chinese (PRC) (zh-cn)
* Chinese (Taiwan) (zh-tw)
* Cantonese (zh-yue)
== Compatibility ==
MediaWiki 1.10 requires PHP 5 (5.1 recommended). PHP 4 is no longer supported.
PHP 5.0.x fails on 64-bit systems due to serious bugs with array processing:
http://bugs.php.net/bug.php?id=34879
Upgrade affected systems to PHP 5.1 or higher.
MySQL 3.23.x is no longer supported; some older hosts may need to upgrade.
At this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases.
== Upgrading ==
1.10 has several database changes since 1.9, and will not work without schema
updates.
If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
new database fields are filled with data.
If you are upgrading from MediaWiki 1.4.x or earlier, some major database
changes are made, and there is a slightly higher chance that things could
break. Don't forget to always back up your database before upgrading!
See the file UPGRADE for more detailed upgrade instructions.
= MediaWiki release notes =
Security reminder: MediaWiki does not require PHP's register_globals
setting since version 1.2.0. If you have it on, turn it *off* if you can.
= MediaWiki 1.9 =
== MediaWiki 1.9.6 ==
March 2, 2008
* Correction for API path fix, broken in 1.9.5
== MediaWiki 1.9.5 ==
January 23, 2008
This is a security update to the Winter 2007 quarterly release. A potential XSS
injection vector affecting api.php only for Microsoft Internet Explorer users
has been closed.
To work around the vulnerability without upgrading, you may disable the API if
you don't need it:
:[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;
Not vulnerable versions:
* 1.12 or later
* 1.11 >= 1.11.1
* 1.10 >= 1.10.3
* 1.9 >= 1.9.5
* 1.8 any version (if $wgEnableAPI has been left off)
Vulnerable versions:
* 1.11 <= 1.11.0rc1
* 1.10 <= 1.10.2
* 1.9 <= 1.9.4
* 1.8 any version (if $wgEnableAPI has been switched on)
MediaWiki 1.7 and below are not affected as they do not include the API
functionality, however the BotQuery extension is similarly vulnerable unless
updated to the latest SVN version.
== MediaWiki 1.9.4 ==
September 10, 2007
This is a security and bug fix update to the Winter 2007 quarterly release.
Minor compatibility fixes for IIS 5 are included.
* (bug [[bugzilla:8847|8847]]) Strip spurious #fragments from request URI to
fix redirect loops on some server configurations
* A possible HTML/XSS injection vector in the API pretty-printing mode has been
found and fixed.
The vulnerability may be worked around in an unfixed version by simply
disabling the API interface if it is not in use, by adding this to
LocalSettings.php:
:[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;
Not vulnerable versions:
* 1.11 >= 1.11.0
* 1.10 >= 1.10.2
* 1.9 >= 1.9.4
* 1.8 >= 1.8.5
Vulnerable versions:
* 1.11 <= 1.11.0rc1
* 1.10 <= 1.10.1
* 1.9 <= 1.9.3
* 1.8 <= 1.8.4 (if $wgEnableAPI has been switched on)
MediaWiki 1.7 and below are not affected as they do not include the faulty
function, however the BotQuery extension is similarly vulnerable unless updated
to the latest SVN version.
== MediaWiki 1.9.3 ==
February 20, 2007
This is a security and bug-fix update to the Winter 2007 quarterly release.
Minor compatibility fixes for IIS and PostgreSQL are included.
An XSS injection vulnerability based on Microsoft Internet Explorer's UTF-7
charset autodetection was located in the AJAX support module, affecting MSIE
users on MediaWiki 1.6.x and up when the optional setting $wgUseAjax is enabled.
If you are using an extension based on the optional Ajax module, either disable
it or upgrade to a version containing the fix:
* 1.9: fixed in 1.9.3
* 1.8: fixed in 1.8.4
* 1.7: fixed in 1.7.3
* 1.6: fixed in 1.6.10
There is no known danger in the default configuration, with ''$wgUseAjax'' off.
* ([[mediazilla:8992|8992]]) Fix a remaining raw use of REQUEST_URI in history
* ([[mediazilla:8984|8984]]) Fix a database error in
Special:Recentchangeslinked when using the PostgreSQL database.
* Add ''charset'' to Content-Type headers on various HTTP error responses to
forestall additional UTF-7-autodetect XSS issues. PHP sends only ''text/html''
by default when the script didn't specify more details, which some
inconsiderate browsers consider a license to autodetect the deadly,
hard-to-escape UTF-7. This fixes an issue with the Ajax interface error message
on MSIE when ''$wgUseAjax'' is enabled (not default configuration); this UTF-7
variant on a previously fixed attack vector was discovered by Moshe BA from
BugSec: [http://www.bugsec.com/articles.php?Security=24
http://www.bugsec.com/articles.php?Security=24]
* Trackback responses now specify XML content type
== MediaWiki 1.9.2 ==
February 4, 2007
This is a bug-fix update that fixes some installation and other minor issues
with the 1.9.1 release as well as a security issue which was introduced in the
1.9 branch.
JavaScript code which regenerated the "sortable tables" feature did not
properly sanitize input, leading to an HTML injection vulnerability.
* ([[mediazilla:8774|8774]]) Fix path for GNU FDL rights icon on new installs
* ([[mediazilla:8819|8819]]) Fix full path disclosure with skins dependencies
* ([[mediazilla:8819|8819]]) Fixed data-loss bug in compressOld batch text
compression affecting pages which had null edits (move, protect, etc) as second
edit in a batch group. Isolated and patched by Travis Derouin.
* Security fix for sortable tables JavaScript
== MediaWiki 1.9.1 ==
January 24, 2007
This is a bug-fix update that fixes some installation and upgrade issues with
the original 1.9.0 release.
* ([[mediazilla:3000|3000]]) Fall back to SCRIPT_NAME plus QUERY_STRING when
REQUEST_URI is not available, as on IIS with PHP-CGI
* Security fix for DjVu images. (Only affects servers where .djvu file uploads
are enabled and ''$wgDjvuToXML'' is set.)
* ([[mediazilla:8638|8638]]) Fix update from 1.4 and earlier
* ([[mediazilla:8641|8641]]) Fix order of updates to ipblocks table for updates
from <=1.7
* ([[mediazilla:8673|8673]]) Minor fix for web service API content-type header
* Fix API revision list on PHP 5.2.1; bad reference assignment
* Fixed up the AjaxSearch
* Exclude settings files when generating documentation. That could expose the
database user and password to remote users.
* ar: fix the 'create a new page' on search page when no exact match found
* Correct tooltip accesskey hint for Opera on the Macintosh (uses Shift-Esc-,
not Ctrl-).
* ([[mediazilla:8719|8719]]) Firefox release notes lie! Fix tooltips for
Firefox 2 on x11; accesskeys default settings appear to be same as Windows.
== Changes since 1.8 ==
* (bug 8200) Make category lists sorted by name when using Postgres.
* (bug 7841) Support 'IGNORE' inserts for Postgres, fixes watchlist
adding problem.
* (bug 6835) Removing the includes/Parser.php::getTemplateArgs() function,
because it seems to be unused.
* (bug 7139) Increasing the visual width of the edit summary field on larger
screen sizes, for the default monobook skin.
* Fix PHP notice and estimates for dumpBackup.php and friends
* Improved register_globals paranoia checks
* (bug 7545) Fix PHP version check on install
* Disable PHP exception backtrace printing unless $wgShowExceptionDetails
is set. Backtraces may contain sensitive information in function call
parameters.
* (bug 6164) Avoid smashing Cite state if message transformation triggers
during bad image list check, by skipping message transformation.
This isn't a good permanent fix.
* (bug 6918) Stopped borders and backgrounds from showing through floated
tables in Monobook
* (bug 6868) Un-hardcode section edit link style
* (bug 3205) Stop right floats from stacking horizontally in non-Monobook skins
* Added global $wgStyleVersion to centralize bumping CSS and JS file versions
for cache-friendly style and script updating
* (bug 7562) Fix non-ASCII namespaces on Windows/XAMPP servers
* Friendlier check for PHP 5 in command-line scripts; it's common for parallel
PHP 4 and 5 installations to interfere on the command-line.
* Fix regression in autoconfirm permission check
* (bug 3015) Add CSS ids to subcategory and page sections on category pages
* (bug 7587) Fix erroneous id for specialpage tab, enabling informative popup
* (bug 7599) Fix thumbnail purging, PHP notices on HTCP image page purge
* (bug 7581) Update language name for cbk-zam
* (bug 7444) Update namespace translations for Telugu (te), kept old values as
alias for compatibility
* (bug 4525) Move section links down visually to same level as headings
(editsection links are now inside the heading elements)
* Workaround for http://bugs.php.net/bug.php?id=31892 , PATH_INFO and hence
URLs of the style /index.php/Main_Page were broken on some CGI installations.
* (bug 7623) Validate custom HTML id's correctly in Monobook interface
* (bug 2241) Fix collision of 'w' and 'd' accesskeys
* (bug 5795) CSS class added to body based on page name for page-specific
styling
* (bug 6276) Stopped search field from getting too large in Cologne Blue
* (bug 7644) User creations that are aborted by hooks shouldn't be counted
against account creations per day limit
* (bug 7636) Show Firefox 2 users correct accesskey prefix
* (bug 6427) Block blocked IPs from using the mail password function
to allow blocking of flooders
* Include common.css from classic-style skins in main HTML with the bump URL
* (bug 7607) Add Karakalpak (kaa) to Names.php and stub message file for
linktrail
* (bug 7582) Add 'tog-nolangconversion' to MessagesEn.php.
This key is need for languages with variants (zh, sr, kk)
* (bug 7606) MediaWiki messages for "rss" and "atom" missing
* (bug 7609) Add some more '*-summary' messages to MessagesEn.php with empty
strings to allow better localisation via Special:Allmessages. Mark this new
messages as optional for localisation.
* Fix user_newpass upgrade for prefixed tables (reported by Fyren)
* (bug 7663) Include language variant switcher links on Nostalgia skin
* (bug 6531) Fix PHP fatal error on installation page with bad username input.
* (bug 6977) Remove 404 link for autogenerated database documentation.
* (bug 7369) Allow "Show Changes" without requiring edit token.
* (bug 7687) Fix movetalk box checks itself when confirming a delete and move.
* (bug 7684) Obey watchcreated preference for Special:Upload watch checkbox
* (bug 7686) Include id attribute on delete form confirmation button
* Allow compound interwiki prefixes in $wgImportSources
* (bug 7304) Added redirect table to store redirect targets.
* Added querycachetwo table (similar to querycache but has two titles)
* PageArchive can now return a Revision object for more convenient processing
of deleted revision data
* Added 'UndeleteShowRevision' hook in Special:Undelete
* Error message on attempt to view invalid or missing deleted revisions
* Remove unsightly "_" from namespace in Special:Allpages, Special:Prefixindex
* (bug 3224) Allow minor edits by bots to skip new message notification on
user talk pages. This can be disabled by adjusting the 'nominornewtalk'
permission. Patch by Werdna.
* (bug 7741) MATH: fixed broken syntax of underbrace etc. Fixed arrays
* Fix purging for updated SVG files
* (bug 7745) Add id attribute to search button in Monobook
* (bug 7749) MATH: added some more LaTeX symbols, e.g. parallel, diamond, ast...
* (bug 7304) Added code in Article.php to keep redirect table up to date.
* Made special page names case-insensitive and localisable. Care has been taken
to maintain backwards compatibility.
* Used special page subpages in a few more places, instead of query parameters.
* (bug 7758) Added wrapper span to "templates used" explanation to allow CSS
styling (class="mw-templatesUsedExplanation").
* Added {{#special:}} parser function, to give the local default title for
special pages
* (bug 7766) Remove redundant / from AJAX requests, can break some servers
* Add tab links from extensions to classic-based skins (SkinTemplateTab hook)
Provides better cross-skin compatibility for extensions using the modern
skin hooks, such as Oversight
* Moved variant language links on Cologne Blue and Nostalgia to before the
login/logout link
* Fix for parser tests with MySQL 5 in strict mode
* Added block option "enable autoblocks"
* Amend Special:Ipblocklist to note when a block has autoblock DISABLED.
* (bug 7780) Fix regression in editing redirects
* Add whitespace above "templates included on this page" using CSS, not
hardcoded line break.
* Remove entries from redirect table on article deletion
* (bug 7788) Force section headers in new section links for users who have
'prompt for blank edit summaries' on.
* (bug 1133) Special:Emailuser: add an option to send yourself a copy of your
mail.
* (bug 461) Allow "Categories:" link at bottom of pages to be customized via
pagecategorieslink message.
* Sort the list of skins in "My Preferences" -> Skins by alphabetical order.
* (bug 7785) Postgres compatibility for timestamps in RC feeds
* (bug 7550) Normalize user parameter normally on Special:Log
* (bug 7294) Fix PATH search for diff3 on install
* Various fixes related to the blocking change re: autoblocks. On inserting
an IP block, the ipb_enable_autoblock field is now automagically blanked,
because it doesn't make any sense for an IP. Additionally, IP blocks
without the ipb_enable_autoblock option no longer show up as "autoblock
disabled" on Special:Ipblocklist.
* (bug 7774) MATH: aded more amstex functions
* (bug 1182) MATH: fixed inconsistent rendering of upper case Greek letters in
TeX
* Fix regression in streaming page dump generation
* (bug 7801) Add support for parser function hooks in parser tests
* checkUsernames.php now uses wfDebugLog instead of hardcoded path to log
* (bug 7810) Update talk namespaces for Occitan
* Allow case-sensitive URLs to be used for uploading from URLs.
* (bug 1109) Correct fix for compressed 304 responses when additional output
buffers have been installed within the compression handler
* (bug 7819) Move automatic redirect edit summary after pre-save transform
to work properly with subst: fun
* (bug 7826) Fix typos in two English messages.
* (bug 5365) Stop users being prompted to enter an edit summary for null edits,
if they have selected that option in preferences.
* (bug 5936) Show an 'm' to the left of the edit summary on diff pages for minor
edits.
* (bug 7820) Improve error reporting for uploads via URL.
* (bug 5149) When autoblocks are enabled, retroactively apply an autoblock to
the most recently used IP of a user when they are blocked.
* Add an index on (rc_user_text,rc_timestamp) on the recentchanges table. This
will make CheckUser.php and the new retroactive autoblock functionality
faster.
* Fix regression in Special:Undelete for revisions deleted under MediaWiki 1.4
with compression or legacy encoding
* (bug 6737) Fixes for MySQL 5 schema in strict mode
* Approximate height for client-side scaling fallback instead of passing -1
into the HTML output.
* Make the DNSBL to check for proxy blocking configurable via $wgSorbsUrl
* Add experimental recording/reporting mode to parser tests runner, to
compare changes against the previous run.
Additional tables 'testrun' and 'testitem' are in maintenance/testRunner.sql,
source this and pass --record option to parserTests.php
* Make the set of default parser test input files extensible via
$wgParserTestFiles. This can now be appended to by extensions or local
configuration files so that extension or custom tests can be automatically
run along with the main batch.
* Run PHP install version checks on update.php so command-line updaters see
new version requirements
* Do a check for the PHP 5.0.x 64-bit bug, since this is much more disruptive
as of MW 1.8 than it used to be. Install or upgrade now aborts with a
warning and a request to upgrade.
* (bug 6440) Updated indexes to improve backlinking queries (links, templates,
images)
* Switched 'anon-only' block mode to default for IP blocks
* (bug 3687, 7892) Add distinct heading for media files in category display,
with count.
* (bug 1578) Add different icons for external links to audio, video, or PDF in
Monobook.
* Made autoblocks block account creation if the user block has that option
enabled.
* Add auto-summaries to blankings and large removals without summaries.
* (bug 7811) Allow preview of edit summaries.
* (bug 6839) Wikibits.js minor changes to make JS-lint happier.
* (bug 7932) Make sure that edit toolbar clears floats so it appears correctly.
* (bug 6873) When viewing old revisions, add link to diff to current version.
* (bug 3315) Provide rollback link directly on history page.
* Replace 'old-revision-navigation' message with 'revision-info' and
'revision-nav' messages, wrapped in divs with appropriate id's.
* (bug 4178) MediaWiki:Common.js will now be included for all users if
$wgUseSiteJs is enabled, in addition to (if applicable) MediaWiki:Monobook.js
and user JS subpages.
* (bug 7918) "Templates used on this page" changes during preview to reflect
any added or removed templates, and works as expected for section edits.
* (bug 7919) "Templates used on this page" is now shown for read-only pages.
* (bug 7688) When viewing diff, section anchors in autosummary jump to section
on current page instead of loading the latest version.
* (bug 7970) Use current connection explicitly on Database::getServerVersion
* (bug 2001) Tables with class="sortable" can now be dynamically sorted via
JavaScript.
* Added autosummary for new pages with 500 or less characters, and refactor
the autosummary code so it's all done in one function. doEdit is getting too
big!
* (bug 7554) The correct MIME type for SVG images is now displayed on the
image page (image/svg+xml, not image/svg).
* (bug 7883) Added autoblock whitelisting feature, using which specific ranges
can be protected from autoblocking. These ranges are specified, in list
format, in the autoblock_whitelist system message.
* Added placeholders for text injection by hooks to EditPage.php
* (bug 8009) Automatic edit summary for redirects is not filled for edits in
existing pages
* Installer support for experimental MySQL 4.1/5.0 binary-safe schema
* Use INSERT IGNORE for db-based BagOStuff add/insert, for more memcache-like
behavior when keys already exist on add (instead of dying with an error...)
* Add a hook 'UploadForm:initial' before the upload form is generated, and two
member variable for text injection into the form, which can be filled by the
hooks.
* (bug 6295) Add a "revision patching" functionality, where an edit can be
undone
(with a functionality similar to diff rev1 rev2 | patch -R rev3 -o rev3).
This is triggered by including &undo=revid in an edit URL. A link to a URL
that will undo a given edit is shown on NEW revision headers on diff pages.
The link leads to a "Show Changes" page showing what will be done to undo the
edit.
* Fix display of link in "already rolled back" message for image/category pages
* (bug 6016) Left-aligned images should stack vertically, like right-aligned
images, not horizontally.
* Patch from LeonWP: added UploadForm:BeforeProcessing hook in SpecialUpload.php
* Add AuthPluginSetup hook to override $wgAuth after configuration
* Fix regression in authentication hook auto-creation on login
* (bug 8110) Allow spaces in ISBNs
* (bug 8024) Introduce "send me copies of emails I send to others" preference
* Added 'EditPage::attemptSave' hook before an article is saved.
* (bug 8083) Applied patch for sk localisation
* Add a backslash character to the edit token, to prevent edits via certain
broken proxies that mangle such characters in form submissions
* (bug 7461) Allow overwriting pages using importTextFile.php
* (bug 7946) importTextFile.php doesn't perform pre-save transform
* (bug 8117) {{REVISIONTIMESTAMP}} showed weird default if $wgLocalTZoffset set;
now uses current time for previews and if timestamp can't be loaded from DB
* {{REVISIONTIMESTAMP}} now uses site local timezone instead of user timezone
to ensure consistent behavior
* {{REVISIONTIMESTAMP}} and friends should now work on non-MySQL backends
* (bug 7671) Observe canonical media namespace prefix in Linker::formatComment
* Added js variable wgCurRevisionId to the output
* (bug 8141) Cleanup of Parser::doTableStuff, patch by AzaTht
* (bug 8042) Make miser mode caching limits settable via $wgQueryCacheLimit
instead of hardcoding to 1000
* Enable QueryPage classes to override list formatting
* (bug 5485) Show number of intervening revisions in diff view
* (bug 8100) Fix XHTML validity in Taiwanese localization
* Added redirect to section feature. Use it wisely.
* Added a configuration variable allowing the "break out of framesets" feature
to be switched on and off ($wgBreakFrames). Off by default.
* Allow Xml::check() $attribs parameter to override 'value' attribute
* DB schema change: added two columns (rc_old_len and rc_new_len) to the
recentchanges table to store the text lengths before and after the edit
* (bug 1085) Made Special:Recentchanges show the character difference between
the changed revisions
* Removed a redundant <strong> tag from diff pages that was causing display
issues for some users
* (bug 8203) The keyboard shortcut for "log out" was removed, because users
were pressing it when they intended to press the shortcut for "preview".
* (bug 8148) Handle non-removable output buffers gracefully when cleaning
buffers for HTTP 304 responses, StreamFile, and Special:Export.
Duplicated code merged into wfResetOutputBuffers() and wfClearOutputBuffers()
* Special:AllPages : 'next page' link now point to the first title of the next
chunk instead of pointing to the last title of current chunk.
* (bug 4673) Special:AllPages : add a 'previous' link (new message 'prevpage')
* (bug 8121) wfRandom() was not between 0 and 1
* Add static method Parser::createAssocArgs($args), so parser functions can
use the same code to parse arguments as the templates do.
* Change behavior of logins using the temporary e-mailed password (as stored
in user_newpassword hash field). Instead of just logging in silently and
leaving the previous user_password field in place indefinitely, the user
is now prompted to set a new password.
The password-changing form is at Special:Resetpass; currently it's only
usable for changing from the temporary password during login, but it
could perhaps be generalized, replacing the subform in preferences.
Once the new password is set successfully, the temporary password is wiped
so it cannot be used to login a second time, and the login process
is completed.
* Suppress 'mail new password' button on login form if $wgAuth forbids
changing user passwords; it wouldn't work very well...
* Consolidate password length checks and $wgAuth manipulation into
User::setPassword() to avoid duplicate code in different places
that set passwords.
* User::setPassword() now throws PasswordError exceptions if the password
is illegal or cannot be set via $wgAuth. These can be caught and a human-
readable error message displayed by UI code.
* Added Title::isSubpage()
* (bug 8241) Don't consider user pages of User:Foo.css to be CSS subpages
* Set an explicit class on framed thumbnail inner divs and images, changed some
CSS to use these instead of using descendent selectors.
* Accept null parameter to User::setPassword() as indicating the password
field should be cleared to an unusable state. Login will only be possible
after the password is reset, for instance by e-mail.
* (bug 6394) Invalidate the password set for "by e-mail" account creations
to avoid accidental empty password creations.
* Made the show change size function work on page moves, page creations, and
log entries. Also fixed it in the javascript recentchanges.
* (bug 8239) correctly get 50 new contributions when clicking '(50 next)'
* (bug 2259) Fix old regression where e-mail addresses were no longer
confirmed on login with mailed password.
* Add a notification about the confirmation mail sent during account
creation, so people don't immediately go off to request a second one.
* Add a warning on Special:Confirmemail if a code was already sent and has
not yet expired.
* Add user_editcount field to provide data for heuristics on account use.
Incremented on edit, with lazy initialization from past revision data.
Can batch-initialize with maintenance/initEditCount.php (not yet friendly
to replication environments, this will do all accounts in one query).
* Allow raw SQL subsections in Database::update() SET portion as well as
for WHERE portion. Handy for increments and such.
* User::getOption now accept a default value to override default user values
this makes it consistent with WebRequest::get* methods. Corrected code in
various places accordingly.
* (bug 8264) Fix JavaScript global vars for XHTML mode
* Make $wgSiteNotice value wikitext again, for consistency with editable
MediaWiki:Sitenotice and MediaWiki:Anonnotice.
* (bug 8044) When redirecting from the canonical name of the special page
to the localised one, parameters/subpages are omitted
* (bug 8164) Special:Booksources should use GET for form submission
* Rewrite Special:Booksources to clean up interface and remove redundant code
* (bug 7925) Change Special:Allmessages message name filter javascript to be
a bit more responsive and easier on the CPU
* (bug 4488) Support watching pages on deletion; introduces new user preference
* Minor restructuring of Special:Preferences; "watch pages I edit" and "watch
pages I create" options now accessible under "Watchlist" options
* (bug 8153) <nowiki> doesn't work in site notice
* (bug 6690) wfMsgNoTrans() transforms messages
* (bug 8274) Wrap edit tools in a <div> with a specified class
* Detect PHP 5.0.x 64-bit bug and abort in WebStart.php; too many things break
mysteriously otherwise (detection code copied from install-utils.inc)
* (bug 8295) Change handling of <center> tags in doBlockLevels() to match that
of <div>
* (bug 8110) Make magic ISBN linking stricter: only match ten-digit sequences
(plus optional ISBN-13 prefix) with no immediately following alphanumeric
character, disallow multiple consecutive internal redirects
* (bug 2785) Accept optional colon prefix in links when formatting comments
* Don't show "you can view and copy the source of this page" message for
pages which don't exist
* (bug 8310) Blank line added to top of 'post' when page is blank
* (bug 8109) Template parameters ignored in "recentchangestext"
* Gracefully skip redirect-to-fragment on WebKit versions less than 420;
it messes up on current versions of Safari but is ok in the latest
nightlies. Checking the version number will allow it to automatically
work when new releases of Safari appear.
* Fix regression in thumb styles; size and padding didn't match with
new arrangement.
* (bug 8333) Fix quick user data update on login password change on
replication database setups. User data is now pulled from master
instead of slave in User::loadFromDatabase, ensuring that it is
fresh and accurate when read and then saved back into cache.
This was breaking with the Special:Rename operation which
automatically logs the user in with the new password after changing
it; pulling from slave meant the record was often not the updated
one.
* (bug 8335) Set image width to the first valid parameter found.
* (bug 8350) Fix watchlist viewing bug when using Postgres.
* (bug 6603) When warning about invalid file extensions, output the bit
of the extension we actually checked
* (bug 7669) Drop defaults on BLOB/TEXT columns for better compatibility
with MySQL's strict mode, often enabled by the Windows installer.
The defaults are ignored anyway when strict mode is off...
* (bug 7685) Use explicit values for ar_text and ar_flags when deleting,
for better compatibility with MySQL's strict mode
* Update default interwiki values to reflect changed location of ursine:
* (bug 5411) Remove autopatrol preference
* Users who have the "autopatrol" permission will have their edits marked as
patrolled automatically
* Users who do not have the "autopatrol" permission will no longer be able
to mark their own edits as patrolled
* Introduce 'PingLimiter' hook; see docs/hooks.txt for more information
* (bug 532) Tweaked alt text for some interface messages
* (bug 8231) Gave useful alt text to the main <img> on image pages
* (bug 371) Remove alt text for "Enlarge" icon on thumbnails
* Initialize user_editcount to 0 instead of NULL for newly created accounts
* (bug 3696) Strip LRM and RLM characters from titles to work around the
problem some people have where titles cut-and-pasted from lists include
the bidi override characters appended to the lists.
A more thorough blacklist for forbidden and translatable characters would
be wise, though, as might a cleaner method for the lists in the first place.
* Fix regression in email password resets on read-restricted sites
* Set tabindex on fields in deletion form so you don't have to tab through
the links in the sitenotice
* (bug 8271) Show full time and date on viewer for individual deleted
revisions
* (bug 8214) Output file size limit and actual file size in appropriate units
on Special:Upload
* (bug 8016) Purge objectcache table during upgrade processes - use the
--nopurge option to prevent this when running maintenance/update.php
* (bug 7612) Remove superfluous link to Special:Categories from result items
on Special:Mostcategories
* {{PLURAL:}} now handles formatted numbers correctly
* (bug 8331) Added the change size value to watchlists; therefore made
watchlists use RecentChange::newFromRow() instead of newFromCurRow()
* (bug 8351) Fix undo for simple reverts
* (bug 6856) User::clearNotification() does not respect read-only mode
* (bug 6853) Use a checkbox on the installer form to indicate that a superuser
account should be used; this is clearer than the old check which relied on
the password never being an obscure value
* Remove old unused watchlist cache, which was a leftover from the old schema
where watchlists were more expensive to generate
* Minor cosmetic changes to Special:Userrights
* Added wgCanonicalSpecialPageName to JavaScript variables
* Fix image deleting when using Postgres.
* Output both source and destination titles in maintenance/moveBatch.php
* Added basic parser tests for language variants
* Enable selflinks and categories to be written in some of the language variants
* Prevent conversion of JavaScript code in language variants
* Output software version number in maintenance/parserTests.php
* (bug 7169) Use Ajax to watch/unwatch articles if enabled
* Make variant table caching a little more robust, using main language code
in cache key. Probably this is still a bit wonky, though. Was breaking
parser tests when Chinese tables were getting loaded into Serbian code.
* (bug 8380) Be nicer about blank lines in deleteBatch.php
* (bug 8401) Fix regression in SORBS lookup for some DNS setups
* Use raw file descriptor in posix_isatty() check to avoid warning on
Linux systems with at least some versions of PHP
* (bug 5908) Allow overriding the default category sort key for all items on
a page using {{DEFAULTSORT}}
* (bug 6449) Throw a more definitive error message when installation fails
due to an invalid database name
* (bug 5827) Use full text for option link labels on Special:Watchlist
* (bug 8018) Allow hiding minor edits from the watchlist
* (bug 8427) MonoBook RTL IE 7.0 tweaks failed when sidebar's navigation
section is renamed; no longer relies on first section name
* Stabilize client-side table sorting even if the underlying Javascript sort()
implementation is unstable
* Add hook for extensions to add user information to the panel in preferences,
next to the user name and ID.
* (bug 8392) Display protection status of transcluded pages in the edit page
template list. Patch by Fyren, with i18n naming tweak.
* Fix for interwiki transclusion where target wiki uses query string for title
* Resolve namespaces on interwiki Title objects using canonical namespace names
if possible (should not happen, though, outside interwiki transclusion... and
maybe not even then, but it does)
* (bug 8447) Fix SQL typo breaking non-default $wgHitcounterUpdateFreq
* Do not allow previews of deleted images to be cached
* Add global variable $wgDefaultLanguageVariant used to set the default language
variant of a wiki to something different than the main language code
* Add 'variant' option to parserTests - runs test with the given variant as
preferred, utilize it for more parser tests of language variants code
* (bug 6503) Fix bug that stopped certain irrelevant links from being hidden
for printing
* Avoid PHP warning in Creative Commons metadata when a creative commons
license is not actually set up
* (bug 8463) Don't print external link icons for Monobook
* (bug 8461) Support watching pages on move
* (bug 8041) Work around bug with debug_backtrace when Zend Optimizer is
loaded by skipping the function. Use wfDebugBacktrace() wrapper function.
* Reduce config file clutter by setting various script and upload paths
based on $IP or $wgScriptPath in Setup.php. They can still be explicitly
overridden in LocalSettings.php if desired...
* Attempt to detect redirect loops for the canonical title redirect, and
give some hints to the poor confused administrator.
* Introduce new flag 'R' - raw output for language variant escape tags
* Advise users when updates for a query page have been disabled using
$wgDisableQueryPageUpdate
* (bug 8413) Improve comments for $wgNamespaceRobotPolicies
* (bug 8330) Show "bytes" suffix on recent changes diff counter
optionally... if set in rc-changes-size message (default empty for now)
* (bug 8489) Support basic links in <gallery> caption attribute
* (bug 8485) Correct Lingala number formatting
* The MediaWiki namespace is no longer pre-filled with default messages on
install. All default messages will be removed from the MediaWiki namespace
on upgrade.
* Recentchanges RSS/Atom feeds now use a separate message for the description
to avoid cluttering it with useless wiki formatting
* (bug 8417) Handle EXIF unknown dates
* (bug 8372) Return nothing on empty <math> tags.
* New maintenance script to show the cached statistics : showStats.php.
* Count deleted edits when regenerating total edits in maintenance/initStats.php
* (bug 3706) Allow users to be exempted from IP blocks. The ipblock-exempt
permission key has been added to enable this behavior, by default assigned to
sysops.
* (bug 7948) importDump.php now warn that Recentchanges need to be rebuild.
* (bug 7667) allow XHTML namespaces customization
* (bug 8531) Correct local name of Lingála (patch by Raymond)
* Fix regression with default lock file and cache directories; threw visible
warning with open_basedir
== 1.8 Compatibility changes ==
=== Zend Optimizer ===
A bug in some versions of PHP 5 and Zend Optimizer which was triggered under
MediaWiki 1.8.x has been worked around by disabling some internal debugging
features when Zend Optimizer is loaded. This should solve some common
"blank page" problems.
=== PHP 5.0 64-bit ===
MediaWiki now checks for a condition where PHP 5.0.x corrupts array data
on 64-bit systems and warns you to upgrade PHP to solve the problem. This
bug causes Special: pages to fail on affected systems under MediaWiki 1.8
and higher, and subtler data corruption on earlier versions.
The only known workaround is to upgrade PHP to 5.1 or later, which you
probably should do anyway for security reasons!
=== MySQL 5 ===
MediaWiki should now install and run correctly on MySQL 5.0 and higher when
MySQL's "strict mode" is enabled. (This is now the default for many Windows
installations, though it seems to remain off by default on Unix.)
This fixes errors about "cannot default default value for BLOB/TEXT fields".
=== ImageMagick ===
Note that ImageMagick older than 6.x may no longer work for image resizing
due to use of the -thumbnail option.
== 1.8 Behavior changes ==
=== Localized special pages ===
The names of Special: pages can now be localized, so links and URLs to them
are more legible in languages that aren't English.
Not all languages have included localized names yet.
=== E-mail password ===
Users are now required to set a new password for themselves when they first
log in with a newly generated e-mailed password.
Requesting passwords frequently is prevented to reduce abusive mailbombing.
=== Undo revision ===
An "undo" link now appears in diff view for easier reverting of older edits.
When GNU diff3 is available for edit conflict merging, this can make it much
easier to "undo" the changes of an older edit when there are surrounding
changes elsewhere in the page.
The changes must be manually reviewed and approved, as with conventional
full-revision reverts.
=== Blocking ===
User blocks can be set to disable the automatic blocking of IP addresses the
account logs in with.
== 1.8 Database changes ==
* new 'redirect' table stores data on page redirects
* new 'querycachetwo' table used for some cached special pages
* 'ipblocks' table adds 'ipb_enable_autoblock'
* 'recentchanges' table adds 'rc_old_len', 'rc_new_len' for size tracking
* 'user' table has added 'user_newpass_time' and 'user_editcount' fields
* some indexes have been updated on 'recentchanges'
== 1.8 Configuration changes ==
Several configuration options have changed since 1.8:
=== $wgEnableAPI ===
The experimental machine API interface is now enabled by default, read-only.
You can disable it by setting $wgEnableAPI = false; in LocalSettings.php.
=== $wgPathInfo ===
The use of PATH_INFO (the text after the script name in 'index.php/Blah')
is controlled by the $wgUsePathInfo setting. This is now explicitly disabled
for CGI, apache2filter, and ISAPI configurations of PHP, for more consistency
with the autodetection from the installer.
In some rarer configurations you may have to switch $wgUsePathInfo from false
to true or, perhaps, from true to false to make things work properly if bad
PATH_INFO data comes through the server.
The wiki now tries to detect this condition and should show you an error
message describing what to change instead of sending the browser into an
infinite redirect loop.
=== $wgScript and other path settings ===
The following configuration variables are now automatically set in Setup.php
if they are not overridden in LocalSettings.php:
from $wgScriptPath:
+ $wgScript
| \- $wgArticlePath
+ $wgRedirectScript
+ $wgStylePath
+ $wgUploadPath
\- $wgLogo
+ $wgMathPath
from $IP:
- $wgStyleDirectory
+ $wgUploadDirectory
\- $wgMathDirectory
+ $wgTmpDirectory
Newly generated configuration files will by default include only $wgScriptPath
(hardcoded from the installer) and $IP (detected at runtime).
Old configuration files which specify all these values explicitly should
continue to work just fine, but if you use the defaults you can remove them
to reduce clutter.
=== $wgGroupPermissions ===
The sysop group now holds the "autopatrol" and "ipblock-exempt" rights by
default.
"autopatrol" replaces the preference for marking ones own edits patrolled
by default; users holding this permission will automatically have their
edits patrolled, while others cannot mark their own edits as patrolled
even if they have patrolling rights.
"ipblock-exempt" excludes the user from IP blocks; accounts which are blocked
explicitly by name will still be blocked, however. This is given to sysops
to minimize annoyance from accidental "collateral damage"; remember that a
sysop will be able to lift the block if they desire.
The bot group now holds the "nominornewtalk" right. A user with this right
will not trigger new message notifications when making minor edits to user
talk pages. This is meant to minimize annoyance from maintenance bot
processes.
=== $wgUseWatchlistCache ===
Watchlist caching has been removed. The feature was not maintained, and has
been unnecessary since switching to the 'recentchanges' database table
reduced server pressure for Wikipedia's watchlists.
=== $wgBreakFrames ===
MediaWiki in the past attempted to detect when it was embedded in a frameset
and "break out" of it, assuming it to be hostile.
This behavior is now disabled by default, but can be reenabled by setting
$wgBreakFrames to true in LocalSettings.php.
== 1.8 New settings ==
=== $wgVariantArticlePath ===
For languages with script variant support (Chinese, Serbian, and others),
it's possible to use alternate URL paths to select the variant for article
display, setting $wgVariantArticlePath.
Documentation for this setting would be useful.
=== $wgMaxMsgCacheEntrySize ===
The message cache can now skip items larger than a given size; this allows
it to better handle the primary caching case when large CSS and JS blobs are
present.
=== $wgStyleVersion ===
When making significant changes to skin stylesheets and JavaScript files,
you can append a string to this variable to tweak the generated URLs,
forcing newly rendered pages to bring in a fresh version despite server-
or browser-side caching.
Normally this will be set in the course of MediaWiki development, but
if doing development on a custom skin you may wish to poke it as well.
=== $wgRCShowChangedSize ===
Special:Recentchanges and Special:Watchlist now show the number of bytes
added or removed to an article to give an idea of the size of the edit.
This information was previously available only in the IRC update feeds.
To disable this site-wide, set $wgRCShowChangedSize to false.
(Individual users can suppress the data in custom CSS.)
Adjust $wgRCChangedSizeThreshold to trigger highlighting of particularly
large changes.
The formatting of the size figure can be adjusted through the
[[MediaWiki:Rc-change-size]] message.
=== $wgQueryCacheLimit ===
The number of rows stored for "expensive" special pages in miser mode
can now be adjusted up or down from the default 1000.
=== $wgDisableQueryPageUpdate ===
Individual "expensive" special pages can be skipped in processing by
updateSpecialPages if added to this list.
=== $wgSorbsUrl ===
The base hostname for the DNS-based proxy blacklist can now be overridden
when $wgEnableSorbs is set, to use a different blacklist instead of SORBS.
The blacklist would need to respond the same was as SORBS; any positive
response will be taken as a proxy.
=== $wgAjaxWatch ===
Experimental AJAX mode for the watch/unwatch tabs to execute inline.
Does not include the UI messages describing how to reach the watchlist,
so you may not want it on a general-audience site just yet.
=== $wgParserTestFiles ===
MediaWiki's parser test suite can now be expanded with additional test
files. Custom extensions can add their test files to this array, and
they will be run along with the main tests by maintenance/parserTests.php
= MediaWiki 1.8=
== MediaWiki 1.8.5 ==
September 10, 2007
This is a security fix update to the Fall 2006 quarterly release snapshot. A
possible HTML/XSS injection vector in the API pretty-printing mode has been
found and fixed.
The vulnerability may be worked around in an unfixed version by simply
disabling the API interface if it is not in use, by adding this to
LocalSettings.php:
:[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;
(This is the default setting in 1.8.x.)
Not vulnerable versions:
* 1.11 >= 1.11.0
* 1.10 >= 1.10.2
* 1.9 >= 1.9.4
* 1.8 >= 1.8.5
Vulnerable versions:
* 1.11 <= 1.11.0rc1
* 1.10 <= 1.10.1
* 1.9 <= 1.9.3
* 1.8 <= 1.8.4 (if $wgEnableAPI has been switched on)
MediaWiki 1.7 and below are not affected as they do not include the faulty
function, however the BotQuery extension is similarly vulnerable unless updated
to the latest SVN version.
== MediaWiki 1.8.4 ==
February 20, 2007
This is a security and bug-fix update to the Fall 2006 quarterly release.
An XSS injection vulnerability based on Microsoft Internet Explorer's UTF-7
charset autodetection was located in the AJAX support module, affecting MSIE
users on MediaWiki 1.6.x and up when the optional setting
[[Manual:$wgUseAjax|$wgUseAjax]] is enabled.
If you are using an extension based on the optional Ajax module, either disable
it or upgrade to a version containing the fix:
* 1.9: fixed in 1.9.3
* 1.8: fixed in 1.8.4
* 1.7: fixed in 1.7.3
* 1.6: fixed in 1.6.10
There is no known danger in the default configuration, with $wgUseAjax off.
* (bug [[bugzilla:8819|8819]]) Fix full path disclosure with skins dependencies
* Add 'charset' to Content-Type headers on various HTTP error responses to
forestall additional UTF-7-autodetect XSS issues. PHP sends only 'text/html' by
default when the script didn't specify more details, which some inconsiderate
browsers consider a license to autodetect the deadly, hard-to-escape UTF-7.
This fixes an issue with the Ajax interface error message on MSIE when
[[Manual:$wgUseAjax|$wgUseAjax]] is enabled (not default configuration); this
UTF-7 variant on a previously fixed attack vector was discovered by Moshe BA
from BugSec: http://www.bugsec.com/articles.php?Security=24
* Trackback responses now specify XML content type
== MediaWiki 1.8.3 ==
January 9, 2007
MediaWiki 1.8.3 fixes several issues in the Fall 2006 snapshot release:
* ([[mediazilla:7831|7831]]) Regression in AutoAuthenticate hook
* Run PHP install version checks on update.php so command-line updaters see new
version requirements
* Do a check for the PHP 5.0.x 64-bit bug, since this is much more disruptive
as of MW 1.8 than it used to be. Install or upgrade now aborts with a warning
and a request to upgrade.
* XSS fix in AJAX module
An XSS injection vulnerability was located in the AJAX support module,
affecting MediaWiki 1.6.x and up when the optional setting $wgUseAjax is
enabled.
There is no danger in the default configuration, with $wgUseAjax off.
If you are using an extension based on the optional AJAX module, either disable
it or upgrade to a version containing the fix:
== MediaWiki 1.8.2 ==
October 13, 2006
MediaWiki 1.8.2 fixes several issues in the Fall 2006 snapshot release:
* ([[mediazilla:7565|7565]]) Fixed typos in German localisation
* ([[mediazilla:7562|7562]]) Fix non-ASCII namespaces on Windows/XAMPP servers
== MediaWiki 1.8.1 ==
October 11, 2006
MediaWiki 1.8.1 fixes several issues in the Fall 2006 snapshot release:
* Fix PHP notice and estimates for dumpBackup.php and friends
* Improved register_globals paranoia checks
* ([[mediazilla:7545|7545]]) Fix PHP version check on install
* Experimental web API disabled by default
* Disable PHP exception backtrace printing unless $wgShowExceptionDetails is
set. Backtraces may contain sensitive information in function call parameters.
== MediaWiki 1.8.0 ==
October 10, 2006
This is the quarterly release snapshot for Fall 2006. While the code has been
running on Wikipedia for some time, installation and upgrade bits may be less
well tested. Bug fix releases may follow in the coming days or weeks.
MediaWiki is now using a "continuous integration" development model with
quarterly snapshot releases. The latest development code is always kept "ready
to run", and in fact runs our own sites on Wikipedia.
Release branches will continue to receive security updates for about a year
from first release, but nonessential bugfixes and feature development happen
will be made on the development trunk and appear in the next quarterly release.
Those wishing to use the latest code instead of a branch release can obtain it
from source control: [[Download from SVN]]
== Configuration changes ==
* $wgUseETag, to enable/disable sending of HTTP ETag headers (default: disabled)
* $wgLegalTitleChars now includes '+' by default for better compatibility with
importing data dumps from Wikipedia
* $wgDefaultUserOptions now includes all default option settings instead of
only overrides.
== Major new features ==
* ([[mediazilla:7098|7098]]) Add an option to disable/enable sending of HTTP
ETag headers, as it seems to result in broken behaviour in combination with
Squid 2.6 (disabled by default).
* ([[mediazilla:550|550]]) Allow blocks on anonymous users only.
* ([[mediazilla:6420|6420]]) Render thumbnails for DJVU images, support
multipage DJVU display on image pages. Added new 'page=' thumbnail option to
select a page from a multipage djvu for thumbnail generation.
* Full Postgres support is now enabled. It requires version 8.1 or better, and
needs to have both plpgsql and tsearch2 already installed.
* ([[mediazilla:6386|6386]]) fix grammatical errors in danish naming of talk
namespaces.
== Changes since 1.7 ==
* Introduced AjaxResponse object, superceding AjaxCachePolicy
* Changes to sajax_do_call: optionally accept an element to fill instead of a
callback function; take the target function or element as a third parameter;
pass the full XMLHttpRequest object to the handler function, instead of just
the resultText value; use HTTP response codes to report errors.
* (bug 6562) Removed unmaintained ParserXml.php for now
* History paging overlap bug fixed
* (bug 6586) Regression in "unblocked" subtitle
* Don't put empty-page message into view-source when page text is blank
* (bug 6587) Remove redundant "allnonarticles" message
* Block improvements: Allow blocks on anonymous users only. Optionally allow
or disallow account creation from blocked IP addresses. Prevent duplicate
blocks. Fixed the problem of expiry and unblocking erroneously affecting
multiple blocks. Fixed confusing lack of error message when a blocked user
attempts to create an account. Fixed inefficiency of Special:Ipblocklist in
the presence of large numbers of blocks; added indexes and implemented an
indexed pager.
* (bug 6448) Allow filtering of Special:Newpages according to username
* (bug 6618) Improve permissions/error detection in Special:Lockdb
* Quick hack for extension testing: parser test doesn't create new message
cache object.
* (bug 6299) Maintain parser's revision ID across recursive calls to fix
{{REVISIONID}} when Cite extension is used
* (bug 6622) Removed deprecated function Image::newFromTitle
* (bug 6627) Fix regression in Special:Ipblocklist with table prefix
* Removed forced dereferencements (new() returns a reference in PHP5)
* Note about $wgUploadSizeWarning using byte
* (bug 6592) Add most viewed pages summary to Special:Statistics
* Pre-strip characters ignored in IDNs from URLs so they can't be used
to break the blacklists for regular URLs
* Fix regression in blocking of user accounts
* (bug 6635) Fix regression searching for range blocks on Ipblocklist
* Fix regression searching Ipblocklist with ugly URLs
* (bug 6639) Use a consistent default for upload directories
* Preserve entered reason when reporting unconfirmed lock on Special:Lockdb
* (bug 6642) Don't offer to unlock the database when it isn't locked
* cleanupTitles.php changed from --dry-run option to --fix, so default
behavior is now a non-invasive check as with namespaceDupes.php
* (bug 6660) Fix behavior of EditPage::blockedPage() when the article does
not exist; now doesn't show the source box if the user hasn't provided it
(blocked mid-edit) and the page doesn't exist
* Improve default value of "blockedtext"
* (bug 6680) Added localisation for Dutch bookstore list (nl)
* Renamed maintainace script redundanttrans.php to unusedMessages.php - clearer
usage
* Fix regression which allowed some blocked users to create additional accounts
* (bug 6657) Fix Hungarian linktrail
* (bug 6751) Fix preview of blanked section with edit on first preview option
* (bug 5456) Separate MediaWiki:Search into messages for both noun and verb,
introduced 'MediaWiki:Searchbutton'
* Made lines from initialiseMessages() appear as list items during installation
* Moved the bulk of the localisation data from the Language*.php files to the
Messages*.php files. Deleted most of the Languages*.php files.
* Introduced "stub global" framework to provide deferred initialisation of core
modules.
* Removed placeholder values for $wgTitle and $wgArticle, these variables will
now be null during the initialisation process, until they are set by index.php
or another entry point.
* Added DBA cache type, for BDB-style caches.
* Removed custom date format functions, replacing them with a format string in
the style of PHP's date(). Used string identifiers instead of integer
identifiers, in both the language files and user preferences. Migration should
be transparent in most cases.
* Simplified the initialisation API for LoadBalancer objects.
* Removed the broken altencoding feature.
* Moved default user options and toggles from Language to User. Language objects
are still able to define default preference overrides and extra user toggles,
via a slightly different interface.
* Don't include the date option in the parser cache rendering hash unless
$wgUseDynamicDates is enabled.
* Merged LanguageUtf8 with Language. Removed LanguageUtf8.php.
* Removed inclusion of language files from the bottom of Language.php. This is
now consistently done from Language::factory().
* Add the name of the executing maintenance script to the debug log. Start the
profiler during maintenance scripts.
* Added "serialized" directory, for storing precompiled data in serialized form.
* Fix regression in auto-set NS_PROJECT_TALK namespace
* Fix regression in ordering of namespaces
* (bug 6806, 6030) Added several global JS variables for article path, user
name, page title, etc.
* hooks registered with addOnloadHook are now called at the one of the html body
by all skins.
* Split ajax aided search from core ajax framework. Use wgUseAjax to enable the
framework and wgAjaxSearch to enable the suggest feature for the search box.
* Added experimental installer for extensions.
See maintenance/installExtension.php
* Added Tajic (tg) language file.
* (bug 6903) Added Cantonese localisation (zh-yue)
* Fix regression in Korean and Japanese date formatting (day of week)
* (bug 6919) Add English alias magic words for Tatar (tt) language file.
* (bug 6753) Fixed broken Kazakh linktrail (kk)
* (bug 6700) Added Kazakh language variants to Names.php
* (bug 6827) some i18n specific maintenance scripts fails after merge of
localisation-work branch
* Throwed an exception for the deprecated functions OutputPage::sysopRequired
and OutputPage::developerRequired - use OutputPage::permissionRequired
instead.
* Removed the deprecated functions User::isSysop, User::isBureaucrat and
User::isDeveloper - use User::isAllowed instead.
* (bug 769) OutputPage::permissionRequired() should suggest groups with the
needed permission
* (bug 6971) Fix regression in Special:Export history view
* Revamped Special:Imagelist
* (bug 7000) updated MessagesPl.php
* (bug 6946) Fix unexpected behavior change with GET hits to Special:Export
* (bug 1866) Improve navigation on Special:Listusers; user now a starting
point as with Special:Allpages, rather than a pure limit.
* Clean up tab order on Special:Blockip
* (bug 5969) Clean up tab order on Special:Userlogin forms
* (bug 3512) namespaceDupes now handles spaces and initial caps properly
* (bug 7037) Fix regression in login tab order
* (bug 7031) Report missing email on 'email password' instead of false success
* (bug 7010) Don't send email notifications for watched talk pages when user
has selected to receive only updates for their own talk page
* Added {{CURRENTHOUR}}
* Added [[:Image:Foo.png]] style links to the pagelinks table
* Avoid duplicate revision imports with Special:Import
* (bug 7054) Validate email address before sending email confirmation message
* (bug 7061) Format title on "from (page)" links on Special:Allpages
* (bug 7044) Introduce "padleft" and "padright" colon functions
* Pass page title as parameters to "linkshere" and "nolinkshere" and update
default message text
* Allows to upload from publicy accessible URL. Set $wgAllowCopyUploads = true;
in LocalSettings.php
Limited to $wgMaxUploadSize (default:100MB); URL upload is limited to sysops
by default, and displayed as a second line if appropriate
* (bug 832) Return to user page after emailing a user
* (bug 366) Add local-system-timezone equivalents for date/time variables
* (bug 7109) Fix Atom feed version number in header links
* (bug 7075) List registered parser function hooks on Special:Version
* (bug 7059) Introduce "anchorencode" colon function
* Include SVN revision number in {{CURRENTVERSION}} output, where applicable
* Fix bug in wfRunHooks which caused corruption of objects in the hook list
* (bug 4979) Use simplified email addresses when running on Windows
* (bug 4434) Show block log fragment on Special:Blockip
* [[MediaWiki:Disambiguationspage]] may optionally contain wiki links to any
number of disambiguation templates.
* [[Special:Disambiguations]] now shows pages in NS:0 that link to any pages
that embed any of the templates listed at [[MediaWiki:Disambiguationspage]].
* Fix formatting of titles on Special:Undelete
* (bug 7026) Fix action=raw&templates=expand
* (bug 6976) Add namespace and direction classes to classic skins
* (bug 7144) Don't "return to main" from OutputPage::loginToUse() if the user
can't read the main page in the first place
* (bug 7188) Fix minor borkage in HTMLForm
* (bug 6675) Replaced message 'watchthis' with new message 'watchthisupload in
Special:Upload
* Add a quickie script dumpSisterSites.php for generating a page list in the
format for WSR-1 SisterSites support
* (bug 7223) Monobook.js is used for site content, should not be localized
* Set default disabled values for DjVu render options
* Added Xml::option() for generating <option>s easily
* Localized page numbers in drop-down for DjVu page selection
* Fixed linktrail for vi
* (bug 6893) "Call to a member function exists() on a non-object" on
trackback.php with bad input
* (bug 6886) PHP undefined offset on bad input to Special:Revisiondelete
* (bug 6887) PHP error for call to getId() on bad input to
Special:Revisiondelete
* (bug 6888) PHP error for call to getTimestamp() on bad input to
Special:Revisiondelete
* (bug 7252) Use dvipng support in texvc math rastrization. dvipng is required
if texvc is rebuilt.
* (bug 7279) Use wfBaseName in place of basename() in more places
* Clear newtalk marker on diff links with explicit current revision number
* (bug 7064) Replace hard-coded empty message checks with wfEmptyMsg calls
* (bug 6777) Remove some PHP 4 compat cruft
* Add --user, --comment, and --license options to importImages.php
* (bug 6216) The immobile namespace message does not mention the source page
* (bug 7299) Normalize username filter on Special:Newpages
* (bug 7306) RTL text in an LTR wiki breaks appearance of Special:Recentchanges
* (bug 7312) Don't emit SET NAMES utf8 if connection failed
* (bug 7305) Proper compare for bot check on RC notify, should fix overrides
that force edits by non-bot users to bot mode
* Set Vary: Cookie on action=raw generated CSS and JS, to ensure that user
preferences don't get stuck in proxy caches for other people
* (bug 7324) Fix error message for failure of Database::sourceFile()
* (bug 7309) Plurals: use singular form for zero in French and Brazilian
Portuguese
* Add page_no_title_convert field to support language variant conversion
for page titles which shouldn't be converted on display/linking
* Lazy extraction of text chunks in Revision objects, may reduce hits to
external storage when actual text content is not used
* Added experimental $wgRevisionCacheExpiry to cache extracted revision text
in $wgMemc, to further reduce hits to external storage.
Set to 0 (disabled) by default.
* Minor changes to the installer.
* Remove ":" for 'youremail' and 'yourrealname' in
includes/templates/Userlogin.php so that ":" could be used in i18n for
Special:Preferences (like 'username' and 'uid').
* Fix layout for Special:Preferences->Date and Time (position for
'timezonetext').
* Updates to language variant code for Serbian et al
* (bug 6756) Enabling RTL direction for kk-cn
* (bug 6701) Kazakh language variants in MessagesEn.php
* (bug 7335) SVN revision check in Special:Version fails on SVN 1.4 working copy
* (bug 6518) Replaced 'lastmodified' with 'lastmodifiedat' and 'lastmodifiedby'
with 'lastmodifiedatby' with separated parameters for date and time to allow
better localisation. Updated all message files to display the old format for
compatibility.
* (bug 7357) Make supposedly static methods of Skin actually static
* Added info text to Special:Deadendpages and Special:Lonelypages
* Fix regression in cachability of generated CSS and JS for MonoBook skin,
while avoiding clobbering of different users' cached data
* (bug 6849) Block @ from usernames; interferes with multi-database tools and
was meant to be banned years ago... For now existing accounts will not be
prevented fromm login.
* (bug 6092) Introduce magic words {{REVISIONDAY}}, {{REVISIONDAY2},
{{REVISIONMONTH}}, {{REVISIONYEAR}} and {{REVISIONTIMESTAMP}}
* (bug 7425) Preceeding whitespace in [[...]] breaks subpages
* Try to reconnect after transitory database errors in dumpTextPass.php
* (bug 6023) Fixed mismatch of 0/NULL for wl_notificationtimestamp; now
notification mails are working after 'Mark all pages visited' button on
Special:Watchlist is clicked
* Made {{INT:}} a core parser function instead of a special case. The syntax
and behavior is largely unchanged.
* (bug 7448) Fixing the native name for Ewe (ee)
* (bug 6864) Replace message 'editing' with new message 'editinguser' in
Special:Userrights to allow better localisation
* Add '*-summary' for special pages to MessagesEn.php to allow
customizing/translation directly through Special:Allmessages
* (bug 6130, bug 5818) Replaced message 'go' with the new message
'searcharticle' in skins to allow better localisation
* Add + to $wgLegalTitleChars by default. Some sites may have occasional
problems with hard-to-reach pages, but it should be less trouble than
"I can't import dumps from Wikipedia" complaints
* (bug 7460) Revert broken patch for bug 7226 which slows down
Special:Allmessages by a factor of 16
* Committed a bunch of live hacks from Wikimedia servers
* (bug 6889) PHP notices in thumb.php with missing params
* Cleaner error behavior on thumb.php with invalid page selection
* (bug 6617) Validate timestamps on Special:Undelete
* Do fewer unnecessary full writes of user rows; only update user_touched
for watch/unwatch, group membership change, and login operations
* Restructured the languages directory, to avoid problems when people
untar MW 1.8 over the top of a 1.7 installation.
* (bug 6890) SQL query error on bad input to Pager lists
due to negative LIMIT clause, caused by integer wraparound.
* Fixed various bugs related to table prefixes, especially the interaction
between table prefixes and memcached, which was formerly completely broken.
* (bug 7004) PHP iconv() notice on bad password input to Special:Userlogin.
* (bug 6826) Extend pre-save transform context link ("pipe trick")
syntax to pages with commas in title
* Use ImageMagick -thumbnail option instead of -resize to avoid including
excessive metadata in thumbs (requires ImageMagick 6.0.0 or newer).
* (bug 7499) Corrections to Swedish talk namespace names
* (bug 7508) Added option to compress HTML pages by dumpHTML.php
* (bug 7519) Add plural in SpecialWatchlist
* (bug 7459) Magic word variables are always case sensitive
* Replaced {{SERVER}}{{localurl:xxx}} with {{fullurl:xxx}} in localisation files
* Fix regression in Special:Watchlist text header
* (bug 7510) Update article counts etc on undelete
* (bug 7520) Update article counts on XML import
* (bug 7526) Make $wgDefaultUserOptions work again
* (bug 7472) Localize Help namespace for Basque
* (bug 7529) Including a non-existent category in an article places that article
in the category
* (bug 4528) Lack of important LaTeX functions stackrel, rightleftharpoon
* (bug 6721) missing symbols ulcorner, urcorner, llcorner, lrcorner,
twoheadrightarrow, twoheadleftarrow
* (bug 7367) Hyphens sometimes erroneously appended to equations when not
converted to PNG
* Add "title" to the opensearch link to allow automatic adding of the search
engine in Firefox 2
* (bug 7537) Add php5 to $wgFileBlacklist
* (bug 6929) Restore AutoAuthenticate hook
== Languages updated ==
* Albanian (sq)
* Bashkir (ba)
* Bavarian (bar) stub file
* Belarusian (be)
* Bishnupriya (bpy) stub file
* Brazilian Portuguese (pt-br)
* Cantonese (zh-yue)
* Catalan (ca)
* Czech (cs)
* Dutch (nl)
* English (en)
* Finnish (fi)
* French (fr)
* Georgian (ka)
* German (de)
* Hebrew (he)
* Hungarian (hu)
* Indonesian (id)
* Japanese (ja)
* Korean (ko)
* Latin (la)
* Lojban (jbo)
* Macedonian (mk)
* Mazandarani (mzn)
* Polish (pl)
* Portuguese (pt)
* Ripuarian (ksh)
* Romani (rmy)
* Russian (ru)
* Slovak (sk)
* Spanish (es)
* Tajic (tg)
* Tatar (tt)
* Telugu (te)
* Uzbek (uz)
* Yiddish (yi)
== Compatibility ==
MediaWiki 1.8 requires PHP 5 (5.1 recommended). PHP 4 is no longer supported.
MySQL 3.23.x is no longer supported; some older hosts may need to upgrade. At
this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases.
== Upgrading ==
Some minor database changes have been made since 1.7:
* new fields and indexes on ipblocks
* index change on recentchanges
Several changes from 1.5 and 1.6 do require updates to be run on upgrade. To
ensure that these tables are filled with data, run refreshLinks.php after the
upgrade.
If you are upgrading from MediaWiki 1.4.x or earlier, some major database
changes are made, and there is a slightly higher chance that things could
break. Don't forget to always back up your database before upgrading!
=== Caveats ===
Some output, particularly involving user-supplied inline HTML, may not produce
100% valid or well-formed XHTML output. Testers are welcome to set $wgMimeType
= "application/xhtml+xml"; to test for remaining problem cases, but this is not
recommended on live sites. (This must be set for MathML to display properly in
Mozilla.)
= MediaWiki 1.7=
== MediaWiki 1.7.3 ==
February 20, 2007
This is a security and bug-fix update to the Summer 2006 quarterly release.
An XSS injection vulnerability based on Microsoft Internet Explorer's UTF-7
charset autodetection was located in the AJAX support module, affecting MSIE
users on MediaWiki 1.6.x and up when the optional setting
[[Manual:$wgUseAjax|$wgUseAjax]] is enabled.
If you are using an extension based on the optional Ajax module, either disable
it or upgrade to a version containing the fix:
* 1.9: fixed in 1.9.3
* 1.8: fixed in 1.8.4
* 1.7: fixed in 1.7.3
* 1.6: fixed in 1.6.10
There is no known danger in the default configuration, with
[[Manual:$wgUseAjax|$wgUseAjax]] off.
* Add 'charset' to Content-Type headers on various HTTP error responses to
forestall additional UTF-7-autodetect XSS issues. PHP sends only 'text/html' by
default when the script didn't specify more details, which some inconsiderate
browsers consider a license to autodetect the deadly, hard-to-escape UTF-7.
This fixes an issue with the Ajax interface error message on MSIE when
[[Manual:$wgUseAjax|$wgUseAjax]] is enabled (not default configuration); this
UTF-7 variant on a previously fixed attack vector was discovered by Moshe BA
from BugSec: http://www.bugsec.com/articles.php?Security=24
* Trackback responses now specify XML content type
== MediaWiki 1.7.2 ==
January 9, 2007
* Note about $wgUploadSizeWarning using byte
* Update to German bookstore list (de)
* (bug [[bugzilla:6680|6680]]) Added localisation for Dutch bookstore list (nl)
* (bug [[bugzilla:6708|6708]]) Minor updates to Russian translation (ru)
* (bug [[bugzilla:6730|6730]]) Clearer usage of message 'titlematch' in German
translation (de)
* Added direction mark to Special:Listredirects
* XSS fix in AJAX module
An XSS injection vulnerability was located in the AJAX support module,
affecting MediaWiki 1.6.x and up when the optional setting
[[Manual:$wgUseAjax|$wgUseAjax]] is enabled.
There is no danger in the default configuration, with
[[Manual:$wgUseAjax|$wgUseAjax]] off.
If you are using an extension based on the optional AJAX module, either disable
it or upgrade to a version containing the fix:
* 1.9: fixed in 1.9.0rc2
* 1.8: fixed in 1.8.3
* 1.7: fixed in 1.7.2
* 1.6: fixed in 1.6.9
== MediaWiki 1.7.1 ==
July 8, 2006
MediaWiki 1.7.1 is a security and bugfix maintenance release of the Summer 2006
snapshot:
A potential HTML/JavaScript-injection vulnerability in a debugging script has
been fixed. Only versions and configurations of PHP vulnerable to the $GLOBALS
overwrite vulnerability are affected.
As a workaround for existing installs, profileinfo.php may simply be deleted if
it's not being used.
* Fix for 'emailconfirmed' implicit user group
* Fix for upgrades on some versions of MySQL 4.0.x
* Fixed potential XSS in profileinfo.php
* Installer now shows clear error message about old PHP versions rather than a
confusing parse error
== MediaWiki 1.7.0 ==
July 6, 2006
This is the quarterly release snapshot for Summer 2006. While the code
has been running on Wikipedia for some time, installation and upgrade
bits may be less well tested. Bug fix releases may follow in the coming
days or weeks.
MediaWiki is now using a "[[w:en:Continuous_integration|continuous
integration]]" development model with
quarterly snapshot releases. The latest development code is always kept
"ready to run", and in fact runs our own sites on Wikipedia.
Release branches will continue to receive security updates for about a year
from first release, but nonessential bugfixes and feature development happen
will be made on the development trunk and appear in the next quarterly release.
Those wishing to use the latest code instead of a branch release can obtain
it from source control: [[Download from SVN]]
== Changes since 1.6 ==
* (bug 5458) Fix double-URL encoding in block log link in contribs and contribs
link in block log
* (bug 5462) Bogus missing patch warning in updater
* (bug 5461) Use of deprecated "showhideminor" in Special:Recentchangeslinked
* PHP warning when allow_call_time_pass_reference is off
* Update to Finnish localization
* (bug 5467) Link to page histories in watchlist edit mode
* Further additions to Hebrew localisation
* (bug 5476) Invalid xhtml in German localization
* (bug 5479) Id translation for preferences tabs caption
* (bug 5493) Id translation for special pages
* Added skinname and style path parameters to CBT version of MonoBook
* Include subversion revision number in Special:Version if available
* (bug 5344) Fix regression that broke slashes in extension tag parameters
* Improve Special:Log performance on big log sets
* (bug 5507) Changed mediawiki:logouttext from plain to wikitext
* (bug 4760) Prevent creation of entries in protection log when protection
levels haven't changed
* (bug 861) Show page protection/unprotection events in histories
* (bug 5499) Don't clear the tag strip state when asked not to clear state.
Fixes regression with use of <ref> in a template breaking <nowiki> etc.
* Minor improvements to English language files
* Display the anon talk page info message on anon talk pages again
(moved outside the parser cache)
* Optional {{DISPLAYTITLE|title with markup}} magic word
Deactivated by default, set "$wgAllowDisplayTitle = true" in LocalSettings.php
to activate
* Cleaned SpecialContributions a bit
* Added a table to track interlanguage links
* (bug 5544) Fix redirect arrow in Special:Listredirects for right-to-left
languages
* Replace "doubleredirectsarrow" with a content language check that picks the
appropriate arrow
* (bug 5537) Add stub language file for Samogitian (bat-smg); inherits
Lithuanian (lt)
* Don't force edit summaries when a user is editing their own user/talk page
* (bug 5510) Warning produced when using {{SUBPAGENAME}} in some namespaces
* (bug 385) Installer support for PostgreSQL, fixes for PG compatibility
* PersistentObject removed; it doesn't do anything and was broken besides.
All extensions using it have been corrected.
* Propagate ISBN number for Booksources in LanguageNo.php
* (bug 5548) Improvements to Indonesian localisation [patch: Ivan Lanin]
* Add TALKSPACE, SUBJECTSPACE, TALKPAGENAME, SUBJECTPAGENAME (and encoded forms
for all) magic words
* (bug 5403) Fix Special:Newpages RSS/Atom feeds
* Reject malformed addresses in X-Forwarded-For entries
* (bug 3359) Add hooks on completion of file upload
* (bug 5559) Improve detection of ImageMagick [patch: Greg Turnquist]
* (bug 5475) New pages feeds ignore "limit" argument
* (bug 5184) CSS misapplied to elements in Special:Allmessages due to
conflicting anchor identifiers
* (bug 5519) Allow sidebar cache to be disabled; disable it by default.
* Maintenance script to import the contents of a text file into a wiki page
* Add $wgReservedUsernames configuration directive to block account creation/use
* (bug 5576) Remove debugging hack in session check
* (bug 5426) Lowercase treatment of titles in rights log leads to broken links
on Special:Log
* Minor improvements to French localisation files
* (bug 5181) Update "nogomatch" for Slovak
* (bug 5594) Id translation up to # Login and logout pages section
* (bug 5536) Use content language for editing help link
* Improvements to German localisation files
* (bug 5570) Problems using <special page>/parameter link form for long titles
* (bug 3884) Add $user parameter to AddNewUser hook, call it for by-email
registrations as well as self-registrations.
* (bug 4327) Report age of cached data sets in query pages
* (bug 4662) Fix Safari check in wikibits.js
* (bug 4663) Edit toolbar enabled in compatible versions of Safari
* (bug 5572) Edit toolbar enabled in compatible versions of Konqueror (3.5+)
* (bug 5235) Edit toolbar tooltips no longer show JavaScript junk in Opera
* Edit toolbar now works in pure XHTML mode (application/xhtml+xml)
* Add watchlist clear function to allow quick purging of all items
* (bug 5625) Additional namespace translations for Welsh
* Add meta tag and JavaScript variables to cached special pages which provides
the timestamp of the last update, in YYYYMMDDHHMMSS format.
* (bug 5628) More translations for MessagesHr.php
* (bug 5595) Localisation for Bosnian language (bs)
* (bug 2910) Default view preferences for watchlists
* Add "hide bot edits from the watchlist" user preference
* (bug 5250) Introduce Special:Unusedtemplates
* Add user preference setting for an extended watchlist, showing all recent
edits up to a certain edit, and not just the latest edit.
* Made MessageRo.php more general
* (bug 5640) Indonesian localisation improvements
* (bug 5592) Actions are logged with the default language for the
wiki, not the language of the user performing the operation.
* (bug 5644) Error in LanguageBs.php file
* (bug 5646) Compare for identical types in wfElement()
* (bug 5472) Language::userAdjust()->minDiff not initialized on else condition
* (bug 5386) LanguageMk.php: updated namespaces translations
* (bug 5422) Stub for Romani (rmy) language which extends ro
* Fix linktrail for LanguageSr
* (bug 5664) Fix Bosnian linktrail
* (bug 3825) Namespace filtering on Special:Newpages
* (bug 1922) When Special:Wantedpages is cached, mark links to pages
which have since been created
* (bug 5659) Change grammar hacks for Bosnian Wikimedia namespaces.
This sort of special casing should be removed and fixed properly.
* Remove useless whitespace from Special:Brokenredirects header
* Treat "allmessagesnotsupporteddb" as wikitext when echoing; change default
text
* (bug 5497) Regression in HTML normalization in 1.6 (unclosed <li>,<dd>,<dt>)
* (bug 5709) Allow customisation of separator for categories
* (bug 5684) Introduce Special:Randomredirect
* (bug 5611) Add a name attribute to the text box containing source text in
read-only pages
* Indicate when a protected page is an interface message ("protectedinterface")
* (bug 4259) Indicate when a protected page being edited is an interface message
("editinginterface")
* (bug 4834) Fix XHTML output when using $wgMaxTocLevel
* Pass login link to "whitelistedittext" containing 'returnto' parameter
* (bug 5728): mVersion missing from User::__sleep() leading to constant cache
miss
* Updated maintenance/transstat.php so it can show duplicate messages
* Improvements to update scripts; print out the version, check for superuser
credentials before attempting a connection, and produce a friendlier error if
the connection fails
* (bug 5005) Fix XHTML <gallery> output.
* (bug 5315) "Expires: -1" HTTP header made strictly valid (using 1970 date).
* (bug 4825) note in DefaultSettings.php about 'profiling' table creation
* Remove unneeded extra whitespace at top of Special:Categories
* (bug 5679) time units are now using local numerals
* (bug 5751) Updates to Portuguese localisation files
* (bug 5741) Introduce {{NUMBEROFUSERS}} magic word
* (bug 93) <nowiki> tags and tildes in templates
* The returnto parameter is now actually used by SpecialUserlogin.php
* Parser can now know that it is parsing an interface message
* (bug 4737) MediaWiki:Viewcount supports {{PLURAL}} now
* Fix bug in wfMsgExt under PHP 5.1.2
* (bug 5761) Project talk namespace broken in Xal, Os, Udm and Cv
* Rewrite reassignEdits script to be more efficient; support optional updates to
recent changes table; add reporting and silent modes
* Cleaned up formatNum usage in langfiles
* (bug 5716) Warn when a user tries to upload a file which was previously
deleted
* (bug 5565) Add a class attribute to the table on Special:Allpages
* "lang=xx" option for parser test cases to set content language
* (bug 5764) Friulian translation updated
* (bug 5757) Fix premature cutoff in LanguageConverter with extra end markers
* (bug 5516) Show appropriate "return to" link on blocked page
* (bug 5377) Do not auto-login when creating an account as another user
* (bug 5284) Special redirect pages should remember parameters
* Suppress 7za output on dumpBackup
* (bug 5338) Reject extra initial colons in title
* (bug 5487) Escape self-closed HTML pair tags
* Add "raw suffix" magic word for some magic words, e.g. {{NUMBEROFUSERS|R}}
will produce a count minus formatting
* Fix Parser::cleanSig() to use Parser::startExternalParse() and choose an
appropriate output format given the scope of the clean
* (bug 5593) Change "bureaucrat log" to "rights log"
* Show a boilerplate "(none)" in place of a blank within the log action text for
user rights
* (bug 137) Commented out translations for copyrightwarning which mention GNU
FDL
* (bug 5723) Don't count pages linked to from the MediaWiki namespace as
"wanted"
* (bug 5696) Add a third parameter, $3, to "rcnote", passing the current time
formatted according to the current user's settings
* (bug 5780) Thousands and decimal separators for Norwegian
* Updated initStats maintenance script
* (bug 5767) Fix date formats in Vietnamese locale
* (bug 361) URL in URL, they were almost fixed. Now they are.
* (bug 4876) Add __NEWSECTIONLINK__ magic word to force the "new section"
link/tab to show up on specific pages on demand
* Bidi-aid on list pages
* (bug 5782) Allow entries in the bad image list to use canonical namespace
names
* (bug 5789) Treat "loginreqpagetext" as wikitext
* Sanitizer: now handles nested <li> in <ul> or <ol>
* (bug 5796) We require MySQL >=4.0.14
* Add 'EmailConfirmed' hook
* New findhooks.php script to find undocumented hooks.
* Silently ignore errors on profiling table update.
* (bug 5801) Correct handling of underscores in Special:Listusers
* Clean up Special:Listusers; add an "(all)" label to the group selection box
* (bug 5812) Use appropriate link colour in Special:Mostlinked
* (bug 5802) {{CURRENTMONTHNAME}} variable broken in Vietnamese locale
* (bug 5817) Appropriate handling for Special:Recentchangeslinked where the
target page doesn't exist
* Special:Randompage now additionally accepts English namespace name as
parameter
* (bug 2981) Really fixed linktrail for Tamil (ta)
* Disallow substituting Special pages when included into a page
* (bug 5587) Clean up the languages from references to the Groups special page
* Added new group-X and group-X-member messages
* Rewritten removeUnusedAccounts to be more efficient, print names of inactive
accounts
* Redirect Special:Userlist to Special:Listusers
* Introduce $wgAllowTitlesInSVG, which allows the <title> attribute in uploaded
files bearing the image/svg MIME type. Disabled by default due to the vast
majority of web servers being hideously misconfigured. See DefaultSettings.php
for more details.
* Changed default LocalSettings.php to append the previous include path when
setting it
* (bug 5837) Use "members" for the value descriptor in Special:Categories,
Special:Wantedcategories and Special:Mostlinkedcategories.
* (bug 3309) Allow comments when undeleting pages
* Clean up Special:Undelete a bit
* (bug 5805) messages nbytes, ncategories can now use {{plural:}}
* Clean up Special:Imagelist a bit
* (bug 5838) Namespace names for Nds-NL
* (bug 5749) Added Tyvan language files
* (bug 5791) Fix SQL syntax in Special:BrokenRedirects, was causing incorrect
data to show
* (bug 5839) Prevent access to Special:Confirmemail for logged-out users
* (bug 5853) Update for Portuguese messages (pt)
* (bug 5851) Use Cyrillic for Kirghiz language name
* (bug 5841) Allow the 'EditFilter' hook to return a non-fatal error message
* (bug 5846) Link to individual group description pages in Special:Listusers
* (bug 5857) Update for German localisation (de)
* (bug 5858) Update for Russian language (ru)
* (bug 5860) Update for Indonesian language (id)
* (bug 1120) Update for Czech language (Cs)
* Added many missing formatNum calls
* Added grammar function to Belarusian (be)
* (bug 5819) Add 'PersonalUrls' hook
* (bug 5862) Update of Belarusian language (be)
* (bug 5886) Update for Portuguese messages (pt)
* (bug 5586) <gallery> treated text as links
* (bug 5878) Update for Indonesian language (id)
* (bug 5697) Update for Malay language (ms)
* (bug 5890) Update for German language (de)
* (bug 5889) Name for Sindhi language should appear as سنڌي
* --force-normal parameter on dump scripts to force check for ICU extension
* (bug 5895) Update for Dutch language (nl)
* (bug 5891) Linktrail for Polish language (pl)
* User::isBureaucrat , User::isDeveloper , User::isSysop deprecated in
v1.6 now die with a backtrace. They will be removed in v1.8
* dumpTextPass now skips goes to database for entries that were blank in the
previous dump, as this may indicate a broken dump.
* dumpTextPass progress includes percentage of items prefetched
* dumpTextPass can now use 7zip files for prefetch
* (bug 5915) Update to Indonesian localisation (id)
* (bug 5913) Update for German localisation (de)
* (bug 5905) Plural support for Bosnian localisation (bs)
* Groups which won't hit the rate limiter now configurable with
$wgRateLimitsExcludedGroups
* (bug 5806) {{plural:}} support instead of "twin" MediaWiki messages
* (bug 5931) Update for Polish language (pl)
* Ignore the user and user talk namespaces on Special:Wantedpages
* Introduce NUMBEROFPAGES magic word
* (bug 5833) Introduce CURRENTVERSION magic word
* (bug 5370) Allow throttling of password reminder requests with the rate
limiter
* (bug 5683) Respect parser output marked as uncacheable when saving
* (bug 5918) Links autonumbering now work for all defined protocols
* (bug 5935) Improvement to German localisation (de)
* (bug 5937) Register links from gallery captions with the parent parser output
object so that link tables receive those updates too
* (bug 5845) Introduce BASEPAGENAME and BASEPAGENAMEE magic words
* (bug 5941) Use content language when getting the administrator page title for
Special:Statistics
* (bug 5949) Update to Indonesian localisation (id)
* (bug 5862) Update of Belarusian translation (be)
* (bug 5950) Improvements to French localisation
* (bug 5805) {{plural:}} support for counters in some special pages
* (bug 5952) Improvement to German localisation (de)
* Rename conflicting metadata help message to "metadata_help" (was "metadata")
and treat it as wiki text
* Improve preferences input filtering
* Maintenance script to import multiple files into the wiki
* (bug 5957) Update for Hebrew language (he)
* (bug 5962) Update for Italian language (it)
* (bug 5961) Update for Portuguese localisation (pt)
* (bug 5849) Remove some hard-coded references to "Wikipedia" in messages
* (bug 5967) Improvement to German localisation (de)
* (bug 5962) Update for Italian language (it)
* Suppress images in galleries which appear on the bad image list (when
rendering for a wiki page; galleries in special pages and categories are
unaffected)
* Maintenance script to remove orphaned revisions from the database
* (bug 5991) Update for Russian language (ru)
* (bug 6001) PAGENAMEE and FULLPAGENAMEE don't work in FULLURL and LOCALURL
magic words
* (bug 5958) Switch Uzbek language name to use latin script
* (bug 839) Add URLENCODE magic word
* (bug 6004) Update for Polish language (pl)
* (bug 5971) Improvement to German localisation (de)
* (bug 4873) Don't overwrite the subtitle navigation when viewing a redirect
page that isn't current
* (bug 2203) Namespace updates for Thai
* Fix breakage in parser test suite which caused incorrect reporting of the
failure of {{NUMBEROFFILES}}. Now initialises the site_stats table with some
dumb data. Updated the expected output for {{NUMBEROFARTICLES}} to reflect
this.
* (bug 6009) Use {{ns:project}} in messages where appropriate
* (bug 6012) Update to Indonesian localisation (id)
* (bug 6017) Update list of bookstores in German localisation files
* (bug 5187) Allow programmatically bypassing username validation, for scripts
* (bug 6025) SpecialImport: wrong message when no file selected
* (bug 6015) EditPage: add spacing in the boxes "edit is minor" and "watch this"
* (bug 6018) Userrights: new message when no user specified ('nouserspecified')
* (bug 2015) Add "\sim" to ~ conversion for HTML rendering
* (bug 6029) Improvement to German localisation (de)
* (bug 5015) Update be: magic words
* (bug 3974) Add parameter for site URL to "passwordremindertext"
* (bug 6039) Update for Portuguese localisation (pt)
* (bug 764) Add CREATE TEMPORARY TABLES to default database permissions
* Big update to Swedish localisation (sv)
* Use appropriate HTML functions to create the tool links on image pages, so
they don't look garbled when tidy isn't on
* (bug 5511) Fix URL-encoding of usernames in links on Special:Ipblocklist
* (bug 6046) Update to Indonesian localisation (id) #15
* (bug 5523) $wgNoFollowNsExceptions to allow disabling rel="nofollow" in
specially-selected namespaces.
* (bug 6055) Fix for HTML/JS injection bug in variable handler (found by Nick
Jenkins)
* Reordered wiki table handling and __TOC__ extraction in the parser to better
handle some overlapping tag cases.
* Only the first __TOC__ is now turned into a TOC
* (bug 4610) Indicate patrolled status on watchlists and allow users to mark
changes as patrolled using the diff links there
* Add 'DiffViewHeader' hook called before diff page output
* (bug 6051) Improvement to German localisation (de)
* (bug 6054) Update to Indonesian localisation (id) #16
* Add {{CURRENTTIMESTAMP}} magic word
* (bug 6061) Improper escaping in some html forms
* (bug 6065) Remove underscore when using NAMESPACE and TALKSPACE magics.
* (bug 6074) Correct squid purging of offsite upload URLs
* To simplify the lives of extension developers, the logging type arrays
can now be appended to directly by an extension setup function. It is
no longer necessary to write four separate functions just to add a
custom log type.
* (bug 6057) Count "licenses" as a message (and show it in Special:Allmessages)
* Added $wgGrammarForms global
* Fixed hardcoded 'done.' when removing watchlist entries.
* (bug 5962) Update for Italian language (it)
* (bug 6086) Remove vestigial attempt to call Article::validate()
* wfHostname() function for consistent server hostname use in debug messages
* Send thumbnailing error messages to 'thumbnail' log group
* wfShellexec() now accepts an optional parameter to receive the exit code
* Failed, but not zero-length, thumbnail renderings are now removed.
Should help clean up when rsvg fails in weird ways.
* (bug 6081) Change description for Turkmen language
* Increase robustness of parser placeholders; fixes some glitches when
adjacent to identifier-ish constructs such as URLs.
* Shut up the parser test whining about files in a temp directory.
* (bug 6098) Add Aragonese language support (an)
* (bug 6101) Update for Russian language (ru)
* Add $wgIgnoreImageErrors to suppress error messages for thumbnail rendering
problems. If errors are transitory, this should reduce annoying messages
making it into cached display.
* (bug 6103) Wrap self-links in a CSS class ("selflink")
* (bug 6102) For consistency with other markup, normalize all HTML-encoded
character entities in URLs, not just ampersands. This allows use of eg
= when making URLs for template parameters.
* Markup anality: escape </ as <\/ in toolbar javascript for pure correctness
under HTML-compatible browsers.
* (bug 5077) Added hook 'BeforePageDisplay' to SkinTemplate::outputPage
* Replace fatally changed 'uploadnewversion' with 'uploadnewversion-linktext'
* (bug 472) Syndication feeds for the last few edits of page history
* Format edit comments in Recent Changes feed
* Switch incorrectly ordered column headers on Recent Changes feed diffs
* (bug 6117) Use message for history feed description, add German localization
* (bug 1017) fixed thumbnails of animated gifs.
* Add APC as object caching option
* Update to Albanian localization (sq)
* (bug 6099) Introduce {{DIRECTIONMARK}} magic word (with {{DIRMARK}} as an
alias)
* Use optimized php5-only microtime()
* Add possibility to store local message cache as PHP executable script
* Fix profiling table definition
* (bug 6040) Run pre-save transform before calculating the diff. when doing a
"show changes" operation in the editor
* (bug 4033) Respect $wgStyleDirectory when checking available skins
* Remove hideous backslashes from MessagesBr.php
* Fix APC object cache issues, add functionality to installer
* (bug 6133) Update strip state as we work. This mostly fixes extensions
used in Cite.php <ref> tags when Tidy is on.
* (bug 6139) Workaround for transclusion oddities in Vietnamese upload text
* (bug 6136) Update to Catalan language (ca)
* Update to Japanese localization (ja)
* Add /usr/local/bin to the diff3 search paths in the installer
* (bug 6106) Update to Indonesian localisation (id) #17
* (bug 6125) Add links to edit old versions to diff views
* (bug 5127) Auto edit summary when creating/editing redirect page
* (bug 3926) Introduce {{#language:}} magic word
* Fix section links from edit comments for [[:Image:Bla.jpg]] in section titles
* (bug 6126) Allow fallback to customized primary language when user language
message contains '-'; fixes licenses selector on Commons configuration after
recent addition of the message to Messages.php
* (bug 5527) Batch up job queue insertions for, hopefully, better survivability
of lock contention etc. Duplicates are now removed at pop time instead of
at insert time.
* When showing the "blah has been undeleted" page, make sure it's a blue link
* parserTests.php accepts a --file parameter to run an alternate test sutie
* parser tests can now test extensions using !!hooks sections
* Fix oddity with open tag parameters getting stuck on </li>
* (bug 5384) Fix <!-- comments --> in <ref> extension
* Nesting of different tag extensions and comments should now work more
consistently and more safely. A cleaner, one-pass tag strip lets the
'outer' tag either take source (<nowiki>-style) or pass it down to
further parsing (<ref>-style). There should no longer be surprise
expansion of foreign extensions inside HTML output, or differences
in behavior based on the order tags are loaded.
* (bug 885) Pre-save transform no longer silently appends close tags
* Pre-save transform no longer changes the case of close tags
* (bug 6164) Fix regression with <gallery> resetting <ref> state
* Hackaround for IE 7 wrapping bug in MonoBook footer
* New message sp-newimages-showfrom replaces rclistfrom on special:newimages
* Improve handling of ;: definition list construct with overlapping or
nested HTML tags
* (bug 6171) Fix sanitizing of HTML-elements with an optional closing
tag. The sanitizer still needs to learn how to make well-formed XML
in this case.
* Fix fatal error when specifying illegal name for manual thumbnail
* (bug 6184) Use shinier Linker::userLink() to make user links in
Special:Undelete
* (bug 6170) Update for Kashubian translation (csb)
* (bug 6191) Update to Indonesian translation (id) #18
* (bug 6114) Update to Walloon localization (wa)
* Added $wgNamespaceRobotPolicies to allow customisation of robot policies on a
per-namespace basis.
* Add <ol> to the list of block elements for doBlockLevels; avoids <p>s being
interspersed into your ordered lists.
* (bug 5021) Transcluding the same special page twice now works
* Add 'SiteNoticeBefore' and 'SiteNoticeAfter' hooks
* (bug 6182) Date passed in "sp-newimages-showfrom" not adjusted to user time
preferences
* (bug 2587) Fix for section editing with comment prefix
* (bug 2607) Fix for section editing with mix of wiki and HTML headings
* (bug 3342) Fix for section editing with headings wrapped in <noinclude>
* (bug 3476) Fix for section editing with faux headings in extensions
* (bug 5272) Fix for section editing with HTML-heading subsections
* Fix for bogus wiki headings improperly detected with following text
* Fix for HTML headings improperly not detected with preceding/following text
* Section extraction and replacement functions merged into one implementation
on the Parser object, so they can't get out of sync with each other.
* Edit security precautions in raw HTML mode, etc
* (bug 6197) Update to Indonesian translation (id) #19
* (bug 6175) Improvement to German translation (de)
* Redirect Special:Logs to Special:Log
* (bug 6206) Linktrail for Swedish localization (se)
* (bug 3202) Attributes now allowed on <pre> tags
* Sanitizer::validateTagAttributes now available to discard illegal/unsafe
attribute values from an array.
* (bug 3837) Leave <center> as is instead of doing an unsafe text replacement
to <div class="center">. <center> is perfectly valid in the target doctype
(XHTML 1.0 Transitional), while the replacement didn't catch all cases and
could even result in invalid output from valid input.
* (bug 4280) Use 'noindex,nofollow' instead of 'noindex,follow' for default
meta robots tag on diff view and special pages. Should reduce impact of
robots on scrolling special pages, diffs etc on sites where robots.txt
doesn't forbid access.
* Regression fix: suppress warning about session failure when clicking to
edit with 'preview on first edit' enabled.
* (bug 6230) Regression fix: <nowiki> in [URL link text]
* Added AutoLoader.php, which loads classes without need of require_once()
* (bug 5981) Add plural function Slovenian (sl)
* (bug 5945) Introduce {{CONTENTLANGUAGE}} magic word
* {{PLURAL}} can now take up to five forms
* (bug 6243) Fix email for usernames containing dots when using PEAR::Mail
* Remove a number of needless {{ns:project}}-type transforms from messages
files. These usages already have separate label text. Such transforms are
wasteful on each page view.
* Update to Yiddish localization (yi)
* (bug 6254) Update to Indonesian translation (id) #20
* (bug 6255) Fix transclusions starting with "#" or "*" in HTML attributes
* Whitespace now normalized more or less properly in HTML attributes
* Fix regression(?) in behavior of initial-whitespace-pre in <center>
* (bug 6260) Update to Interlingua localization (ia)
* Update to Vlax Romany localization (rmy)
* Update to Latin translation (la)
* Update to Dutch translation (nl)
* Avoid some notices in page history with bad input
* Use double quoted consistently on attributes in linker output; preparing
for new normalization code when tidy not in use
* Replace "nogomatch" with "noexactmatch" and place the magic colon in the
messages themselves. Some minor tweaks to the actual message content.
* Introduce $wgContentNamespaces which allows for articles to exist in
namespaces other than the main namespace, and still be counted as valid
content in the site statistics.
* (bug 5932) Introduce {{PAGESINNAMESPACE}} magic word
* Disable $wgAllowExternalImages by default.
* (bug 2700) Nice things like link completion and signatures now work in
<gallery> tags.
* Cancel output buffering in StreamFile; when used inside gzip buffering this
could cause funny timeout behavior as the Content-Length was wrong.
* Return correct content-type header with 304 responses for StreamFile;
it confuses Safari if you let it return "text/html".
* (bug 6280) Correct GRAMMAR for Slovenian localisation (sl)
* (bug 6162) Change date format for Dutch Low Saxon (nds-nl)
* (bug 6296) Update to Indonesian localisation (id) #21
* Introduce EditFormPreloadText hook, see docs/hooks.txt for more information
* (bug 4054) Add "boteditletter" to recent changes flags
* Update to Catalan localization (ca)
* (bug 2099) Deleted image files can now be archived and undeleted.
Set $wgSaveDeletedFiles on and an appropriate directory path in
$wgFileStore['deleted']['directory']
* (bug 6324) Fix regression in enhanced RC alignment
* Introduce {{NUMBEROFADMINS}} magic word
* Update to Slovak translation (sk)
* Update to Alemannic localization (gsw)
* (bug 6300) Bug fixes for sr: variants
* namespaceDupes.php can now accept an arbitrary prefix, for checking rogue
interwikis and such. Not yet fully automated.
* (bug 6344) Add Special:Uncategorizedimages page
* (bug 6357) Update to Russian translation (ru)
* Workaround possible bug in Firefox nightlies by properly removing the
Content-Encoding header instead of sending explicit 'identity' value
in StreamFile
* (bug 6304) Show timestamp for current revision in diff pages
* Vertically align current version with old version header in diff display
* (bug 6174) Remove redundant "emailforlost" message
* (bug 6189) Show an error to an unprivileged user trying to create account
* (bug 6365) Show user information in the "old revision" navigation links
* Introduce 'FetchChangesList' hook; see docs/hooks.txt for more information
* (bug 6345) Update to Indonesian localisation (id) #22
* (bug 6279) Add genitive month names to Slovenian localisation
* (bug 6351) Update to German translation (de)
* Respect language directionality when displaying arrow in
Special:Brokenredirects
* Remove unused "validation" table definitions from the schema files
* (bug 6398) Work around apparent PCRE bug breaking section editing when
massively-indented preformatted text immediately followed a header
* (bug 6392) Fix misbehaving <br /> in preferences form
* Add translated magic words to Hebrew localization
* (bug 6396) Change name for Chuvash language
* Introduce optional (off by default) language selector bar for user login
and registration. Customisable via the "loginlanguagelinks" message, the
links will preserve "returnto" values. If the user creates an account while
using such a link, then the language in use will be saved as their language
preference.
* Make sure '~~~' '~~~~' '~~~~~' are removed in Nickname preference.
* Rename "ipusuccess" to "unblocked", change the format (now wiki text)
* (bug 2316) Add "caption" attribute to <gallery> tag
* Allow setting the skin object that ImageGallery will use; needed during parse
operations (the skin must come from the ParserOptions, not $wgUser)
* Fix notice in MacBinary detection debug data for files of certain lengths
* (bug 6131) Add type detection for DjVu files, allowing them to be uploaded
with validity checking and size detection. No inline thumbnailing yet,
but could be added in the future.
* (bug 6423) Don't update newtalk flag if page content didn't change (null edits
were causing the newtalk flag to trigger inappropriately)
* Parser functions are now set using magic words.
* (bug 6428) Incorrect form action URL on Special:Newimages with hidebots = 0
set
* (bug 4990) Show page source to blocked users on edits, or their modified
version if blocked during an edit
* (bug 5903) When requesting the raw source of a non-existent message page,
return blank content (as opposed to the message key)
* Improve default blank content of MediaWiki:Common.css and
MediaWiki:Monobook.css
* (bug 6434) Allow customisation of submit button text on Special:Export
* (bug 6314) Add user tool links on page histories
* Fix display of file-type icons in galleries when $wgIgnoreImageErrors is off
* (bug 6438) Update to Indonesian translation (id) #23
* Adding the language code parameter to the hook "LanguageGetMagic", to allow
localizble extensions magic words.
* Update to Romanian translation (ro)
* Update to Esperanto translation (eo)
* Check for preg_match() existence when installing and die out whining about
PCRE if it's not there, instead of throwing a fatal error
* (bug 672) Add MathAfterTexvc hook
* Update to Piedmontese localization (pms)
* dumpBackup can optionally compress via dbzip2
* (bug 2483) Run link updates on change via XML import
* (bug 2481) List imported pages during Special:Import
* (bug 2482) Log and RC entries for Special:Import events
* Allow fetching all revisions from transwiki Special:Import
* Allow fetching all revisions from Special:Export GET request
* Disable output buffering on Special:Export; should help with streaming
large numbers of history items.
* Allow setting a maximum number of revisions for history Special:Export;
pages with more than $wgExportMaxHistory revisions are excluded from
export when history is requested.
* Fix transwiki import of pages with space in name
* Save null edit when importing pages through Special:Import
* Update to Korean translation (ko)
* Show a more specific message when an anonymous user tries to access
Special:Watchlist
* (bug 3278) Paging links in Special:Prefixindex
* Added Latvian localization (lv)
* (bug 6472) Fix regression in Special:Export with multiple pages
* Update to Macedonian translation (mk)
* Allow page moves over historyless self-redirects. Such are usually created
as part of namespace rearrangements, and it's easier to clean them up if
we can move over them.
* Show some error results in moveBatch.php
* (bug 6479) Allow specification of the skin to use during HTML dumps
* (bug 6461) Link to page histories in Special:Newpages
* (bug 6484) Don't do message transformations when preloading messages for
editing
* (bug 6201) Treat spaces as underscores in parameters to {{ns:}}
* (bug 6006) Allow hiding the password change fields using an authentication
plugin
* (bug 6489) Use appropriate link colour on Special:Shortpages
* Added formatnum magic word
* Added Javanese localization (jv)
* (bug 6491) Apply bad image list in category galleries
* (bug 6488) Show relevant log fragment in Special:Movepage
* Fix potential PHP notice in Special:Blockme when $wgBlockOpenProxies is true
* Use mysql_real_escape_string instead of addslashes for string escaping in
the MySQL Database class. This may fix some rare breakage with binary fields.
Note that MediaWiki does not support the multibyte character sets where a
"dumb" byte replacement can be actively dangerous; UTF-8 is always safe
in this regard due to the bit patterns which make head and tail bytes
distinct.
* (bug 6497) Use $wgMetaNamespaceTalk for Esperanto if set
* (bug 6498) Use localized forms for image size in Special:Undelete
* (bug 6485) Update to Indonesian translation (id) #24
* Extension messages translation is now possible.
* Add target namespace override selector for transwiki imports.
$wgImportTargetNamespace specifies the default, to be used for
Wiktionary's 'Transwiki:' namespace etc.
* (bug 6506) Update to German localisation (de)
* (bug 502) Avoid silly tabs on bad title by using virtual special page
* (bug 6511) Add diff links to old revision navigation bar
* (bug 6511) Replace 'oldrevisionnavigation' message with
'old-revision-navigation'
* Fix regression in Polish genitive month forms
* (bug 4037) Make input handling in Special:Allpages and Special:Prefixindex
more consistent: Accept just a namespace prefix and a colon, reject input
with interwiki prefixes, otherwise do what Title::makeTitleSafe() does.
* (bug 6516) Update to Russian translation
* New 'allpagesbadtitle' message for Special:Allpages, based on 'badtitletext'.
* Rename "searchquery" to "searchsubtitle" and support wiki text in it
* Introduce updateArticleCount maintenance script which uses a better check that
reflects what Article::isCountable() tests for
* Introduce 'BadImage' hook; see docs/hooks.txt for more information
* Add "searchsubtitleinvalid" message for searches that are not valid titles.
* (bug 5962) Update to Italian localisation
* (bug 6530) Update to Indonesian localisation (id) #25
* (bug 6523) Fix SVG issue in rebuildImages.php
* (bug 6512) Link to page-specific logs on page histories
* (bug 6504) Allow configuring session name with $wgSessionName
* (bug 6185) Add standard user tool links to log page views
* Update to Venetian translation (vec)
* Update to Slovenian translation (sl)
* Add standard user tool links to deleted revision list
* Separate out EditPage's getContent bits from regular Article getContent.
Cleans up read-only-mode warning on empty pages and neats up some code.
* (bug 6565) Strict JavaScript writing
* (bug 6570) Update to Indonesian localisation (id) #26
* Added Telugu translation (te)
* Update to Catalan translation (ca)
* (bug 6560) Avoid PHP notice when trimming ISBN whitespace
* Added namespace translation to Kannada (ka)
* (bug 6566) Improve input validation on timestamp conversion
* Implicit group "emailconfirmed" for all users whose email addresses are
confirmed
* (bug 6577) Avoid multiline parser breakage on <pre> with newline in attribute
* (bug 6771) Make old revisions of MediaWiki pages available with action=raw
== Compatibility ==
MediaWiki 1.7 requires PHP 5 (5.1 recommended). PHP 4 is no longer supported.
If you are unable to run PHP 5, you may have to stick with 1.6 for now.
MySQL 3.23.x is no longer supported; some older hosts may need to upgrade.
At this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases.
Experimental Oracle support has been dropped as it is unmaintained.
== Upgrading ==
Several changes to the database have been made from 1.6:
* A new "langlinks" table tracks interlanguage links
* A new "filearchive" table stores information on deleted files
* A new "querycache_info" table stores information on query page updates
To ensure that these tables are filled with data, run refreshLinks.php after
the upgrade.
If you are upgrading from MediaWiki 1.4.x or earlier, some major database
changes are made, and there is a slightly higher chance that things could
break. Don't forget to always back up your database before upgrading!
== Configuration changes ==
Some configuration options have changed:
* $wgAllowExternalImages now defaults to off for increased security.
* $wgLocalTZoffset was in hours, it is now using minutes.
* Extensions may register special pages via the $wgSpecialPages array without
forcing an early load of the SpecialPage.php class file.
== Major new features ==
* Deleted files can now be archived and undeleted, if you set up an appropriate
non-web-accessible directory. Set $wgSaveDeletedFiles on and an appropriate
directory path in $wgFileStore['deleted']['directory']
* Experimental PostgreSQL support has been updated. It may or may not be in
usable shape; those interested in PostgreSQL are encouraged to follow 1.8
development.
=== Caveats ===
Some output, particularly involving user-supplied inline HTML, may not
produce 100% valid or well-formed XHTML output. Testers are welcome to
set $wgMimeType = "application/xhtml+xml"; to test for remaining problem
cases, but this is not recommended on live sites. (This must be set for
MathML to display properly in Mozilla.)
= MediaWiki 1.6 =
== MediaWiki 1.6.12 ==
February 7, 2009
This is a security update to the Spring 2006 quarterly release.
A number of cross-site scripting (XSS) security vulnerabilities were discovered
in the web-based installer (config/index.php). These vulnerabilities all
require a live installer -- once the installer has been used to install a
wiki, it is deactivated.
Note that cross-site scripting vulnerabilities can be used to attack any
website in the same cookie domain. So if you have an uninstalled copy of
MediaWiki on the same site as an active web service, MediaWiki could be used to
attack the active service.
If you are hosting an old copy of MediaWiki that you have never installed, you
are advised to remove it from the web.
== MediaWiki 1.6.11 ==
December 15, 2008
This is a security update to the Spring 2006 quarterly release.
David Remahl of Apple's Product Security team has identified a number of
security issues in previous releases of MediaWiki. Subsequent analysis by the
MediaWiki development team expanded the scope of these vulnerabilities. The
issues with a significant impact are as follows:
* An XSS vulnerability affecting Internet Explorer clients for all MediaWiki
installations with uploads enabled. [CVE-2008-5250]
* An XSS vulnerability affecting clients with SVG scripting capability (such as
Firefox 1.5+), for all MediaWiki installations with SVG uploads enabled.
[CVE-2008-5250]
* A CSRF vulnerability affecting the Special:Import feature, for all MediaWiki
installations since the feature was introduced in 1.3.0. [CVE-2008-5252]
XSS (cross-site scripting) vulnerabilities allow an attacker to steal an
authorised user's login session, and to act as that user on the wiki. The
authorised user must visit a web page controlled by the attacker in order to
activate the attack. Intranet wikis are vulnerable if the attacker can
determine the intranet URL, even if the attacker cannot access it.
CSRF vulnerabilities allow an attacker to act as an authorised user on the
wiki, but unlike an XSS vulnerability, the attacker can only act as the user in
a specific and restricted way. The present CSRF vulnerability allows pages to
be edited, with forged revision histories. Like an XSS vulnerability, the
authorised user must visit the malicious web page to activate the attack.
Rather than backport our SVG validation code to this ancient branch, we have
instead disabled SVG uploads. To enable SVG uploads, please upgrade to
MediaWiki 1.13.3 or later.
The other two issues have been fixed.
== MediaWiki 1.6.10 ==
February 20, 2007
This is a security and bug-fix update to the Spring 2006 quarterly release.
An XSS injection vulnerability based on Microsoft Internet Explorer's UTF-7
charset autodetection was located in the AJAX support module, affecting MSIE
users on MediaWiki 1.6.x and up when the optional setting $wgUseAjax is enabled.
If you are using an extension based on the optional Ajax module, either disable
it or upgrade to a version containing the fix:
* 1.9: fixed in 1.9.3
* 1.8: fixed in 1.8.4
* 1.7: fixed in 1.7.3
* 1.6: fixed in 1.6.10
There is no known danger in the default configuration, with $wgUseAjax off.
* ([[mediazilla:8819|bug 8819]]) Fix full path disclosure with skins
dependencies
* Add 'charset' to Content-Type headers on various HTTP error responses to
forestall additional UTF-7-autodetect XSS issues. PHP sends only 'text/html' by
default when the script didn't specify more details, which some inconsiderate
browsers consider a license to autodetect the deadly, hard-to-escape UTF-7.
This fixes an issue with the Ajax interface error message on MSIE when
$wgUseAjax is enabled (not default configuration); this UTF-7 variant on a
previously fixed attack vector was discovered by Moshe BA from BugSec:
http://www.bugsec.com/articles.php?Security=24
* Trackback responses now specify XML content type
== MediaWiki 1.6.9 ==
January 9, 2007
* ([[mediazilla:6621|bug 6621]]) Backported German translation for
'eauthentsent'
* ([[mediazilla:6680|bug 6680]]) Added localisation for Dutch bookstore list
(nl)
* ([[mediazilla:6730|bug 6730]]) Clearer usage of message 'titlematch' in
German translation (de)
* XSS fix in AJAX module
An XSS injection vulnerability was located in the AJAX support module,
affecting MediaWiki 1.6.x and up when the optional setting $wgUseAjax is
enabled.
There is no danger in the default configuration, with $wgUseAjax off.
If you are using an extension based on the optional AJAX module, either disable
it or upgrade to a version containing the fix:
* 1.9: fixed in 1.9.0rc2
* 1.8: fixed in 1.8.3
* 1.7: fixed in 1.7.2
* 1.6: fixed in 1.6.9
== MediaWiki 1.6.8 ==
July 8, 2006
MediaWiki 1.6.8 is a security and bugfix maintenance release of the Spring 2006
snapshot:
A potential HTML/JavaScript-injection vulnerability in a debugging script has
been fixed. Only versions and configurations of PHP vulnerable to the $GLOBALS
overwrite vulnerability are affected.
As a workaround for existing installs, profileinfo.php may simply be deleted if
it's not being used.
* ([[mediazilla:5957|bug 5957]]) Updates to Hebrew translation (he)
* Respect language directionality when displaying arrow in
Special:Brokenredirects
* ([[mediazilla:6415|bug 6415]]) Typo in Parser.php
* Fixed potential XSS in profileinfo.php
== MediaWiki 1.6.7 ==
June 6, 2006
MediaWiki 1.6.7 is a security and bugfix maintenance release of the Spring 2006
snapshot:
An HTML/JavaScript-injection vulnerability in the edit form has been closed.
This vulnerability was new in 1.6.0; MediaWiki versions 1.5.x or earlier are
not affected.
Extensions, comments, and <nowiki><nowiki></nowiki> sections are now handled in
a one-pass way which is more reliable and safer. Under earlier versions of
MediaWiki, certain extensions could be abused to inject HTML/JavaScript into
the page.
Additional precautions are made against offsite form submissions when the
restricted raw HTML mode is enabled.
Some small localization and user interface updates are also included.
*([[MediaZilla:6051|bug 6051]]) Improvement to German localisation (de)
*([[MediaZilla:6017|bug 6017]]) Update bookstore list for German language (de)
*([[MediaZilla:6138|bug 6138]]) Minor grammar tweak in "loginreqlink"
*([[MediaZilla:5957|bug 5957]]) Update for Hebrew language (he)
*Increase robustness of parser placeholders; fixes some glitches when adjacent
to identifier-ish constructs such as URLs.
*([[MediaZilla:5384|bug 5384]]) Fix <nowiki><!-- comments --> in <ref></nowiki>
extension
*Nesting of different tag extensions and comments should now work more
consistently and more safely. A cleaner, one-pass tag strip lets the 'outer'
tag either take source (<nowiki><nowiki></nowiki>-style) or pass it down to
further parsing (<nowiki><ref></nowiki>-style). There should no longer be
surprise expansion of foreign extensions inside HTML output, or differences in
behavior based on the order tags are loaded.
*([[MediaZilla:885|bug 885]]) Pre-save transform no longer silently appends
close tags
*Pre-save transform no longer changes the case of close tags
*Edit security precautions in raw HTML mode, etc
== MediaWiki 1.6.6 ==
May 23, 2006
MediaWiki 1.6.6 is a security and bugfix maintenance release.
An XSS injection vector in brace replacement has been fixed, as have some
potential problems with table parsing. Upgrading is strongly recommended for
all users of 1.6. MediaWiki versions 1.5 and earlier are not affected.
Additionally some localization and user interface updates are included.
* Correct "revertpage" message in English
* ([[MediaZilla:5507|bug 5507]]) Logouttext now uses wiki markup
* (bugs [[MediaZilla:5857|5857]], [[MediaZilla:5957|5957]]) Update for German
localisation (de)
* ([[MediaZilla:5586|bug 5586]]) <nowiki><gallery></nowiki> treated text as
links
* ([[MediaZilla:5957|bug 5957]]) Update for Hebrew language (he)
* ([[MediaZilla:6025|bug 6025]]) SpecialImport: wrong message when no file
selected
* ([[MediaZilla:6015|bug 6015]]) EditPage: add spacing in the boxes "edit is
minor" and "watch this"
* ([[MediaZilla:6018|bug 6018]]) Userrights: new message when no user specified
('nouserspecified')
* ([[MediaZilla:6055|bug 6055]]) Fix for HTML/JS injection bug in variable
handler (found by Nick Jenkins)
* Reordered wiki table handling and <nowiki>__TOC__</nowiki> extraction in the
parser to better handle some overlapping tag cases.
* Only the first <nowiki>__TOC__</nowiki> is now turned into a TOC.
* ([[MediaZilla:361|bug 361]]) URL in URL, they were almost fixed. Now they are.
== MediaWiki 1.6.5 ==
May 2, 2006
* Rolled back the buggy patch for [[MediaZilla:5497|bug 5497]].
== MediaWiki 1.6.4 ==
May 2, 2006
* Further improvements to Hebrew localisation
* ([[MediaZilla:5544|bug 5544]]) Fix redirect arrow in Special:Listredirects
for right-to-left languages
* Replace "doubleredirectsarrow" with a content language check that picks the
appropriate arrow
* Remove live debugging hack which caused errors with certain database names
* ([[MediaZilla:5510|bug 5510]]) Warning produced when using
<nowiki>{{SUBPAGENAME}}</nowiki> in some namespaces
* ([[MediaZilla:5548|bug 5548]]) Improvements to Indonesian localisation
[patch: Ivan Lanin]
* ([[MediaZilla:5403|bug 5403]]) Fix Special:Newpages RSS/Atom feeds
* ([[MediaZilla:3359|bug 3359]]) Add hooks on completion of file upload
* ([[MediaZilla:5184|bug 5184]]) CSS misapplied to elements in
Special:Allmessages due to conflicting anchor identifiers
* ([[MediaZilla:5519|bug 5519]]) Allow sidebar cache to be disabled; disable it
by default.
* Add $wgReservedUsernames configuration directive to block account creation/use
* ([[MediaZilla:5576|bug 5576]]) Remove debugging hack in session check
* ([[MediaZilla:5181|bug 5181]]) Update "nogomatch" for Slovak
* ([[MediaZilla:5594|bug 5594]]) Id translation up to '# Login and logout
pages' section
* ([[MediaZilla:5536|bug 5536]]) Use content language for editing help link
* Minor improvements to English language files
* Improvements to German localisation files
* ([[MediaZilla:5628|bug 5628]]) Translations for MessagesHr.php
* (bugs [[MediaZilla:5595|5595]], [[MediaZilla:5644|5644]]) Localisation for
Bosnian language (bs)
* ([[MediaZilla:5592|bug 5592]]) Actions are logged with the default language
for the wiki, not the language of the user performing the operation.
* ([[MediaZilla:5646|bug 5646]]) Compare for identical types in wfElement()
* Fix for concurrency problem in job queue (image description page invalidation)
* ([[MediaZilla:5497|bug 5497]]) regeression in HTML normalization in 1.6
(unclosed <nowiki><li>,<dd>,<dt></nowiki>)
* ([[MediaZilla:5709|bug 5709]]) Allow customisation of separator for categories
* ([[MediaZilla:4834|bug 4834]]) Fix XHTML output when using $wgMaxTocLevel
* Improvements to update scripts; print out the version, check for superuser
credentials before attempting a connection, and produce a friendlier error if
the connection fails
* ([[MediaZilla:5005|bug 5005]]): Fix XHTML <nowiki><gallery></nowiki> output.
* ([[MediaZilla:5315|bug 5315]]) "Expires: -1" HTTP header made strictly valid
(using 1970 date).
* ([[MediaZilla:4825|bug 4825]]): note in DefaultSettings.php about 'profiling'
table creation
* Remove unneeded extra whitespace at top of Special:Categories
* Rewrite reassignEdits script to be more efficient; support optional updates
to recent changes table; add reporting and silent modes
* Updated initStats maintenance script
* ([[MediaZilla:5723|bug 5723]]) Don't count pages linked to from the MediaWiki
namespace as "wanted"
* ([[MediaZilla:5789|bug 5789]]) Treat "loginreqpagetext" as wikitext
* ([[MediaZilla:5796|bug 5796]]) We require MySQL >=4.0.14
== MediaWiki 1.6.3 ==
April 10, 2006
* Fix disappearing red-linked items in the watchlist editing view
* ([[MediaZilla:5512|bug 5512]]) Spacing in "page has a history" deletion
warning
* ([[MediaZilla:5508|bug 5508]]) Switch ENGINE in table statements back to
TYPE; fixes regression where some versions of MySQL 4.0.x wouldn't work
* Added note about [[Manual:$wgUrlProtocols|$wgUrlProtocols]] format change
== MediaWiki 1.6.2 ==
April 8, 2006
* Further improvements to Hebrew localisation
* Fix 'copyright' message for Romanian
* ([[MediaZilla:5476|bug 5476]]) Invalid xhtml in German localization
* ([[MediaZilla:5479|bug 5479]]) Id translation for preferences tabs caption
* ([[MediaZilla:5493|bug 5493]]) Id translation for special pages
* Additional path fixes in the updater
* ([[MediaZilla:5344|bug 5344]]) Fix regression that broke slashes in extension
tag parameters
== MediaWiki 1.6.1 ==
April 5, 2006
Some minor issues in the 1.6.0 release have been corrected:
* ([[MediaZilla:5458|bug 5458]]) Fix double-URL encoding in block log link in
contribs and contribs link in block log
* ([[MediaZilla:5462|bug 5462]]) Bogus missing patch warning in updater
* ([[MediaZilla:5461|bug 5461]]) Use of deprecated "showhideminor" in
Special:Recentchangeslinked
* PHP warning when allow_call_time_pass_reference is off
* Update to Finnish localization
== MediaWiki 1.6.0 ==
April 5, 2006
MediaWiki is now using a "continuous integration" development model with
quarterly snapshot releases. The latest development code is always kept "ready
to run", and in fact runs our own sites on Wikipedia.
Release branches will continue to receive security updates for about a year
from first release, but nonessential bugfixes and feature development will take
place on the development trunk and will appear in the next quarterly release.
Those wishing to use the latest code instead of a branch release can [[Download
from SVN|obtain it from source control]].
=== What's new in 1.6 ===
'''User interface:'''
* The account creation form has been separated from the user login form.
* Page protection/unprotection uses a new, expanded form
'''Templates:'''
* Categories and "what links here" now update as expected when adding or
removing links in a template.
* Template parameters can now have default values, as <nowiki>{{{name|default
value}}}</nowiki>
'''Uploads:'''
* Optional support for rasterizing SVG images to PNG for inline display
'''Feeds:'''
* Feed generation upgraded to Atom 1.0
* Diffs in RSS and Atom feeds are now colored for improved readability.
'''Database:'''
* MySQL 3.23.x support dropped; 4.0 or later required
* Experimental support for Unicode mode of MySQL 4.1/5.0 (moderately tested)
* Experimental Oracle support (not well tested!)
'''Anti-spam extension support:'''
* [[meta:SpamBlacklist extension|SpamBlacklist extension]] now has support for
automated cleanup.
* Support for a [[meta:ConfirmEdit extension|captcha extension]] to restrict
automated spam edits.
Numerous bug fixes and other behind-the-scenes changes have been made; see the
file HISTORY for a complete change list.
== Changes since 1.5 ==
* (bug 2885) More PHP 5.1 fixes: skin, search, log, undelete
Code quality:
* Use strval() to make sure we don't accidentally get null on bad revision
text loads or other fields mucking up XML export output
* Clean up duplicate code for selection of changeslist style
* Correct blob caching to reduce redundant blob loads on backups
* (bug 3182) Clear link cache during import to prevent memory leak
* Fixed possible infinite loop in formatComment
* Wrap message page insertions in a transaction to speed up installation
* Avoid notice warning on edit with no User-Agent header
* (bug 3649) Remove obsolete, broken moveCustomMessages script
* Avoid numerous redundant latest-revision lookups in history
* Require PHP 4.3.2 or higher strictly now.
* Tweak infinite-template-handling loop for PHP 5.1.1 string handling change
* Remove unused OutputPage::addCookie()
* Fix for short_open_tag off again; please don't break this, guys
* (bug 4507) Adjust FULLPAGENAMEE escaping to standard form
* (bug 5302) Merge the two #p-search .pBody statements in monobook css.
Database:
* Finally dropped MySQL 3.23.x support
* Oracle support
* (bug 3056) MySQL 3 compatibility fix: USE INDEX instead of FORCE INDEX
* Update all stats fields on recount.sql
* (bug 3227) Fix SQL injection introduced in experimental code
* Fix table prefix usage in Block::enumBlocks
* (bug 3448) Set page_len on undelete
* (bug 3506) Avoid MySQL error when Listusers returns no results
* Skip update of disused 'rc_cur_time' field (todo: discard the field)
* (bug 3735) Fix to run under MySQL 5's strict mode
* (bug 3786) Experimental support for MySQL 4.1/5.0 utf8 charset mode
NOTE: Enabling this may break existing wikis, and still doesn't
work for all Unicode characters due to MySQL limitations.
* MySQL 5.0 strict mode fix for moving unwatched pages
* Ability to set the table name for external storage servers
* Update ipblocks table in MySQL 5 table defs
* Removed FulltextStoplist.php, no longer used (was for MySQL 3.x workaround)
* Added templatelinks table, to track template inclusions. User-visible effects
will be:
* (inclusion) tag for inclusions in Special:Whatlinkshere
* More accurate list of used templates on the edit page
* More reliable cache invalidation when templates outside the template
namespace are changed
* Respect database prefix in dumpHTML.inc
* Removed read-only check from Database::query()
* Added externallinks table, to track links to arbitrary URLs
* Added job table, for deferred processing of jobs. The immediate application is
to complete the link table refresh operation when templates are changed.
* Don't change the password of the MySQL root user.
Documentation:
* (bug 3306) Document $wgLocalTZoffset
Hooks:
(list not complete)
* Move ArticleSave hook execution into Article insert/update functions,
so they get called on non-EditPage actions that use these functions
to create or update pages.
* Added EditFilter hook, and output callback on EditPage::showEditForm()
for a place to add in captcha-type extensions in the edit flow
* (bug 3684) Fix typo in fatal error backtraces in Hooks.php
* Fix for hook callbacks on objects containing no fields
* Add a hook for additional user creation throttle / limiter extensions
* Use $wgOut->parse() in wfGetSiteNotice() instead of creating a new parser
instance. This allows use of extension hooks if required.
* Added AutoAuthenticate hook for external User object suppliers
* Added 'PageRenderingHash' hook for changing the parser cache hash key
from an extension that changes rendering based on nonstandard options.
* Add 'GetInternalURL' hook to match the GetFullURL and GetLocalURL ones
* (bug 4456) Add hook for marking article patrolled
* Add UserRights hook, fires after a user's group memberships are changed
Images:
* Support SVG rendering with rsvg
* Cap arbitrary SVG renders to given image size or $wgSVGMaxSize pixels wide
* (bug 3127) Render large SVGs at image page size correctly
* Fix scaling of non-integer SVG unit sizes
* (bug 2800) Don't scale up small images on |thumb| without explicit size
* Use the real file link instead of the default-size rasterized version for
large SVG images on image description page
* Include the file name/type/size line for non-resized images
* (bug 3489) PHP 5.1 compat problem with captioned images
* (bug 3643) Fix image page display of large images with resizing disabled
* Added a limit to the size of image files which can be thumbnailed
* (bug 3806) Gracefully fall back to client-side scaling on |thumb| image
that passes $wgMaxImageArea
* (bug 153) Adjust thumbnail size calculations to match consistently;
patch by David Benbennick
* (bug 4162) Add $wgThumbnailEpoch timestamp to force old thumbs to
be rerendered on demand, sitewide
* (bug 1850) Additional fixes so existing local and remote images
get a blue link even if there's no local description page
* Avoid FATAL ERROR when creating thumbnail of non-existing image
* (bug 4207) Wrong image size when using 100x200px syntax to scale image up
patch by David Benbennick
* Don't delete thumbnails when refreshing exif metadata. This caused thumbs
to vanish mysteriously from time to time for files that didn't have metadata.
* (bug 4426) Add link to user_talk page on image pages
* Support a custom convert command for thumbnailing. See DefaultSettings.php
and the comments for $wgCustomConvertCommand, for more information.
* UserCan hook now allows advisory return values, rather than mandatory ones.
Installer:
* (bug 3782) Throw fatal installation warning if mbstring.func_overload on.
Why do people invent these crazy options that change language semantics?
* Fixed installer bugs 921 and 3914 (issues with using root and so forth)
* (bug 4258) Use ugly urls for ISAPI by default
patch by Rob Church
* Improve installer
* Use a superuser account (such as root), if specifed, to create tables
* Don't overwrite conservative permissions on the mySQL user with ALL
permissions, if said user exists
* Changes to some of the wording of explanations for fields
* (bug 1734) granting db permissions failed with db usernames containg '-'
* Add basic check for session support in PHP and die if not present
Maintenance:
* Fix problem reported on mailing list where re-initialising stats didn't work
(can't insert duplicate rows with the same id field)
* Added --conf option to command line scripts, allowing the user to specify a
different LocalSettings.php.
* Maintenance script to delete unused text records
* Maintenance script to delete non-current revisions
* Maintenance script to wipe a page and all revisions from the database
* Maintenance script to reassign edits from one user to another
* Maintenance script to find and remove links to a given domain
(cleanupSpam.php)
* Fix --report interval option for dumpTextPass
i18n / Languages:
* Partial support for Basque language (from wikipedia and meta)
* (bug 3141) Partial support for Breton language (thanks Fulup).
* Support for venitian language
* (bug 1334) LanguageGa.php update
* Finnish date format was hardcoded, now implemented properly
* (bug 3190) Added some date format choices for language sr
* (bug 2753) Some namespaces were not translated in LanguageTa.php (Tamil)
* (bug 3204) Fix typo breaking special pages in fy localization
* (bug 3177) Estonian date formats not implemented in LanguageEt.php
* (bug 1020) Changing user interface language does not work immediately
* (bug 3271) Updated LanguageNn.php for HEAD
* Experimental feature to allow translation of block expiry times
Implementation only for Finnish currently
* (bug 3304) Language file for Croatian (LanguageHr.php)
* (bug 2143) Update Vietnamese interface
* (bug 3063) Remove some hardcodings from Hebrew localisation
* (bug 3408) Bulgarian formatNum corrected
* (bug 1512) Disable x-code interp on Esperanto URLs for now, it does more
harm than good under current system by breaking incoming URLs with "ux".
(Editing is not affected, just URLs.)
* (bug 1423) LanguageJa.php update
* Fix language name for dv
* (bug 3503) Update LanguageSq.php from sq.wikipedia.org messages
* (bug 3629) Fix date & time format for Frisian
* (bug 3334) Namespace changes for Polish
* (bug 3580) Change default Dutch language file to more neutral
* (bug 3656) LanguageHr.php - added convertPlural
* (bug 3414) LanguageBe.php - added convertPlural
* (bug 3163) Full translation of LanguageBr
* (bug 3617) Update for portuguese language (pt)
* Namespaces hacks on LanguagePl
* (bug 3682) LanguageSr.php - added convertPlural
* (bug 3694) LanguageTr.php update
* (bug 3711) Removed invisible unicode characters from LanguageHu
* (bug 2981) Linktrail for Tamil (ta)
* (bug 3722) Update of Arabic language (ar) Namespace changes
* Removed hardcoded Norwegian (no) project namespaces
* (bug 2324) image for redirects should be without text and oriented according
to content language
* (bug 3666) Don't spew PHP warnings in prefs on unrecognized site language
* (bug 3817) Use localized date formats in preferences; 'no preference' option
localizable as 'datedefault' message. Tweaked lots of languages files...
* (bug 2721) Regression: Use European number separators for vi: wikis
* (bug 3961) minor languageDe changes
* (bug 1984) LanguageKo.php (Korean) update
* (bug 3804) update of LanguageWa.php file
* (bug 3886) Update for Portuguese language (pt)
* (bug 4020) Update namespaces for ms
* (bug 3922) bidi embedding overrides on category links
* (bug 4061) Update of Slovene namespace names (LanguageSl.php)
* (bug 4064) LanguageDe comma changes
* (bug 3922) Further tweaks to bidi overrides in category list for old
versions of Safari and Konqueror
* Fix custom namespaces on wikis set for Portuguese
* (bug 4153) Fix block length localizations in Greek
* (bug 3844) ab: av: ba: ce: & kv: now inherit from LanguageRu.php
ii: & za: now inherit from LanguageZn_cn.php
* (bug 4165) Correct validation for user language selection (data taint)
* (bug 4192) Remove silly 'The Free Encyclopedia' default sitesubtitle
* Use content-lang for sitenotice
* (bug 4233) Update LanguageJa.php
* (bug 4279) Small correction to LanguageDa.php
* (bug 4108, 4336) Remove trailing whitespace from various messages, which
mucks up message updating to create dupe entries
* (bug 4389) Fix math options on zh-hk and zh-tw (but not localized)
* (bug 4392) Update of LanguageSr.php
* (bug 4382) Frisian numeric format
* (bug 4424) Update for Spanish language (es) 100% messages translated
* (bug 4425) Typos in Polish translation
* (bug 4436) Update for Turkish language (tr)
* (bug 4413) Update of Farsi language file (LanguageFa.php)
* Update for LanguageSr (Serbian): magic words
* (bug 137) MediaWiki:Copyrightwarning hardcoding
* (bug 4457) Update for Portuguese language (pt)
* convertPlural breakage fixed a little
* (bug 4144) Support for Sudanese language (Basa Sunda)
* Big cleanup:
- Removed obsolote, badly or untranslated messages
- Removed references to wikipedia/wikimedia etc in messages
- Other cleanup, like removing html and javascript and extension calls
- Removed hardcoded namespaces: Tt, Ms, Ia, Ga, Fo, Bn, Csb, He, Nv, Oc, Tlh
- Removed some useless backwards compatibility hacks
- Fixed formatnum on many languages
* wgAmericanDates check produced incorrect results in languages that don't have
a such distinction
* (bug 4548) Update for Portuguese language (pt): time format
* (bug 4530) Use consistent name for Kurdish
* Tweak default "upload disabled" text
* (bug 4504) Use site language for namespace name resolution
* (bug 4510) Correct Barnes & Noble bookstore URLs
* (bug 3991) Allow the operation of wikicode on Protect move only text
* (bug 4267) Switch dv sd ug ks arc languages to RTL
* Default main page content improved per bug 4690
* (bug 4615) Update for Portuguese language (pt)
* Separated MessagesSl.php as the other languages.
* (bug 4960) Add additional namespaces variants to Yiddish for compatibility
* (bug 4805) Removed more wikipedia-references from MessagesUk.php
* (bug 5015) Update magic words translation in LanguageBe.php
* (bug 4859) Update for Portuguese messages (pt)
* (bug 4788) One string for MessagesPl
* Restriction types now use restriction-* messages instead of ui messages
* (bug 4685) Slovenian LanguageSl.php hardcodes project namespace
* (bug 5097) Fix Hungarian language (hu): thousands separator
* (bug 5098) Update for Portuguese messages (pt)
* (bug 5113) Spelling error in French language file
* (bug 5105) Magic words for LanguageAr.php
* (bug 3993) Variants for Serbian language
* Typo in English messages file
* (bug 4114) Spacing in watchlist rows (in editing mode)
* Update default "exporttext" to reflect that Special:Import exists
* (bug 4960) Add additional namespaces variants to Yi projects: Yiddish Wikinews
fix
* (bug 5357) Add the icon near the user name also in RTL interfaces
* (bug 5156) Update for Hebrew language (he)
* (bug 4497,4704,5010) Added some new language codes.
* (bug 5362) Piedmontese added
* (bug 5349) Update for Portuguese messages (pt)
* (bug 3573) Finished full Greek translation: namespaces
* (bug 5288) Initial localisation for Az
* (bug 4361) Fix "allmessagesnotsupportedui" so it doesn't refer to nonexisting
page
* Tweak wording of "allmessagesnotsupporteddb"
Parser:
* (bug 2522) {{CURRENTDAY2}} now shows the current day number with two digits
* (bug 3210) Fix Media: links with remote image URL path
* (bug 3405) Don't use raw letters as aliases of MSGNW: and SUBST:
* (bug 3412) Clean up date format handling so ~~~~-sigs work with default
format as designed. Documentation comments updated.
* Fix Parser::unstrip on PHP 5.1.0RC4
* (bug 3797) Don't expand variables and sigs in comments
* Allow parser cache on redirect targets
* Run wikitext-escaping on plaintext sigs (no wiki markup, just name)
* Check for unbalanced HTML tags on raw sigs (markup allowed, but show
a warning in prefs and use default sig if not balanced)
* Respect <noinclude> and <includeonly> during {{subst:}} expansion as well as
ordinary templates.
* Support <includeonly> in templates loaded through preload= parameter
* (bug 3979) Save correct {{REVISIONID}} into parser cache on edit
* Substitute {{REVISIONID}} correctly in diff display
* (bug 1850) Allow red-links on image pages linked with [[:image:foo]]
* Fix XML validity checks in parser tests on PHP 5.1
* (bug 4377) "[" is not valid in URLs
* (bug 4453) fix for __TOC__ dollar-number breakage
* Convert unnecessary URL escape codes in external links to their equivalent
character before doing anything with them. This prevents certain kinds of
spam filter evasion.
* (bug 4783) : Fix for "{{ns:0}} does not render"
* Improved support for interwiki transclusion
* (bug 1850) Image link to nonexistent file fixed.
* (bug 5167) Add {{SUBPAGENAME}} and {{SUBPAGENAMEE}} variables
* (bug 4949) Missing : in "addedwatchtext" for English and Spanish
* Allow user-defined functions, which work in a similar way to {{GRAMMAR:}}
etc. Registered via an interface similar to tag hooks.
Upload:
* (bug 2527) Always set destination filename when new file is selected
* (bug 3076) Support MacBinary-encoded uploads from IE/Mac
* (bug 2554) Tell users they are uploading too large file
* Support for a license selection box on Special:Upload, configurable from
MediaWiki:Licenses
* Add 'reupload' and 'reupload-shared' permission keys to restrict new uploads
overwriting existing files; default is the old behavior (allowed).
Security:
* (bug 3244) Fix remote image loading hack, JavaScript injection on MSIE
* (bug 3280) Respect 'move' group permission on page moves
* (bug 2613) Clear saved passwords from the form
* IP privacy fix for blocklist search on autoblocks
* Security fix for <math>
* Security fix for tables
* Security fix for Special:Upload license selection list
* Add UploadVerification hook for custom file upload validation/security checks
* Blacklist additional MSIE CSS safety tricks
* Fix meta robots tag on Special:Version again to avoid listing vulnerable
versions for convenient harvesting by automated worms
* Sanitizer CSS comment processing order fix
* Forbid usernames that can be interpreted as titles with namespaces, as that
leads to hard-to-manage names.
* (bug 4071) Generate passwords long enough for $wgMinimalPasswordLength
* Add createpage and createtalk permission keys, allowing a quick
switch to disable page creation for anonymous users.
* (bug 675) Add page protection level for unregistered/new accounts
* User::isNewbie now uses the registration date and $wgAutoconfirmAge
* Add 'deletedhistory' permission key for ability to view deleted history
list via Special:Undelete. Default is off, replicating the 1.5 behavior,
but it can be turned back on for random users to replicate the previous
1.6 dev behavior.
* Set cookies to secure mode based on use of HTTPS or $wgCookieSecure
* (bug 4371) Disallow tilde character in signatures
* Removed broken wgAllowAnonymousMinor and added new group right minoredit
* Added detection for WMF files (application/x-msmetafile), added this
MIME type to the default blacklist. Prevented inline display of images
which are not of known image types. This is in response to
https://en.wikipedia.org/wiki/Windows_Metafile_vulnerability
* Blocked users can no longer roll back, change the protection of, or
delete/undelete pages
* Protect against spoofing of X-Forwarded-For header
* XSS issue : now sanitize search query input (fixed in 1.5rc3)
* Remove deprecated $wgOnlySysopsCanPatrol references; use
User::isAllowed( 'patrol' )
per bug 5282. Patch by Alan Harder.
* Prevent registration/login with the username "MediaWiki default"
Special Pages:
* Rearranged Special:Movepage form to reduce confusion between destination
title and reason input boxes
* (bug 1956) Hide bot uploads from Special:Newimages
* (bug 3220) Fix escaping of block URLs in Recentchanges
* (bug 3284) Ipblocklist paging, substring search
* Allow filtering of robot edits in Special:Watchlist by setting
$wgFilterRobotsWL = true.
* Fix interlanguage links on special pages when extra namespaces configured
* (bug 3475) anon contrib links on Special:Newpages
* Special:Import/importDump fixes: report XML parse errors, accept <minor/>
* (bug 2369) Add separate message for input box on Special:Prefixindex
* (bug 3798) DoubleRedirects no longer has hard coded arrows
* (bug 3803) Fix links on Special:Wantedcategories with miser mode off
* Fix Special:BrokenRedirects on MySQL 5.0
* (bug 3807) Fix 'all' in namespaces drop-down on contribs, rc
* Fail gracefully on invalid namespace in Special:Newpages
* (bug 3762) Define missing Special:Import UI messages
* (bug 3761) Avoid deprecation warnings in Special:Import
* (bug 2894) Enhanced Recent Changes link fixes
* (bug 4059) fix 'hide minor edits' on Recentchangeslinked
* (bug 146) List number of category members in Special:Categories
(patch by Joel Nothman)
* (bug 4090) Fix diff links in Special:Recentchangeslinked
* (bug 4093) '&bot=1' in Special:Contributions now propagate to other links
* Fix display of old recentchanges records for page moves
* (bug 360) Let Whatlinkshere track [[:image:foo]] links
* (bug 3073) Keep search parameter on paging in Special:Newimages
* Removed Special:Validate, it's been superseded by the Review extension
* (bug 4359) red [[user:#id]] links generated in [[special:Log]]
* (bug 1996) Special page to list redirects
* (bug 4334) Add "watch" links to Special:Unwatchedpages
* Generate target user page links in Special:Ipblocklist where appropriate
(i.e. not an autoblock)
* Generate link to talk page of the blocker in Special:Ipblocklist, move
contribs. link of the target next to their name
* (bug 2714) Backlink from special:whatlinkshere was hard set as 'existing'
* Move parentheses out of <a> link in Special:Contributions
* (bug 3192): properly check 'limit' parameter on Special:Contributions
* (bug 3187) watchlist text refer to unexistent "Stop watching" action
* Add block, block log and general log links to Special:Contributions
* Add contributions link to block log items
* Added optional "hide own edits" feature to Special:Recentchanges
* (bug 5018) Anchors for each message in Special:Allmessages
* Introduce $wgWantedPagesThreshold per bug 5011; Special:Wantedpages will not
list pages with less than this number of links. Defaults to 1.
* (bug 4319) Don't show a "create account" link on the login form when
account creation is disabled.
* JavaScript filter for Special:Allmessages
* (bug 3047) Don't mention talk pages on Special:Movepage when there isn't one
* Show links to user page, talk page and contributions page on Special:Newpages
* Special:Export can now export a list of all contributors to an article (off by
default)
* (bug 5372) Add number of files to Special:Statistics
* (bug 2871) Links to talk pages in watchlist editing view
* (bug 5385) Allow hiding anonymous edits on Special:Recentchanges
* (bug 2544) Illogical error reporting order in Special:Userlogin
* (bug 5409) Hide "show/hide patrolled edits" in Special:Recentchanges if
patrolling is disabled
* (bug 5447) Convert first letter of username to uppercase before searching in
Special:Listusers
* (bug 759) Wrap redirects on the watchlist editing page in a span, class
"watchlistredir"
* (bug 1862) Namespace filtering in watchlists
Misc.:
* PHP 4.1 compatibility fix: don't use new_link parameter to mysql_connect
if running prior to 4.2.0 as it causes the call to fail
* (bug 3117) Fix display of upload size and type with tidy on
* (bug 2323) Remove "last" tabindex from history page
* (bug 3116) Division by zero on [[Image:Foo.png|123x123px|]]
* Fix display of read-only lockfile message
* Include software-visible client IP address in Special:Version comment
as a proxy debugging aid
* (bug 3170) Page Title failed to obey MediaWiki:Pagetitle.
wikititlesuffix was removed
* Add ability to break off certain debug topics into additional log files;
use $wgDebugLogGroups to configure and wfDebugLog() to log.
* Edit conflict on recreation of deleted page
* (bug 3216) Don't show empty warning page when no warnings.
* (bug 3218) Use proper quoting on history Compare Revisions button
* Fix upgrade from 1.4 due to version number check breakage [for rc future]
* Fix upgrade from 1.4 with no old revisions
* Remove "info" editing toolbar that was shown in browsers which do not
fully support the editing toolbar, but was found to be too confusing.
* Don't override edit conflict suppression on section edits; section merging
should provide the expected transparency here and fits usage patterns better.
* (bug 3292) Fix move-over-redirect test when current entries are not plaintext
* (bug 2078) Don't hide watch tab on preview
* Fix regressions in ChangesList traditional layout
* Fix edit on double-click for move-protected pages in Classic skin
* (bug 3485) Fix bogus warning about filename capitalization when off
* (bug 2570) Add 'watch this page' checkbox on uploads, watch uploads
by default when 'watchdefault' option is on
* Add options to dumpBackup.php for making split/partial dumps by page id
* Added filter options, compression piping, and multiple output streams for
dumpBackup.php
* (bug 3595) Warn and abort if importDump.php called in read-only mode.
* (bug 3598) Update message cache on message page deletion, patch by Tietew
* Added separate noarticletext and newarticletext messages for logged in and
anon users.
* (bug 3332) Installation now uses Monobook, validates, plus usability
improvements.
* (bug 3660) Update diff3 detection to work with Windows/Cygwin
* (bug 2330) Don't do funny thinks with "links" in MediaWiki:Undeletedtext
* Two-pass data dump for friendliness to the DB (--stub, then dumpTextPass.php)
* Data dump 'prefetch' mode to read normalized text from a prior dump
(requires PHP 5, XMLReader extension)
* (bug 2773) Print style sheet no longer overrides RTL text direction
* (bug 2938) Update MediaWiki:Exporttext to be more general
* Various fixes
* Fix wfMsg*() replacements; args containing literal $[2-9] were wiped
* Added @import for [[MediaWiki:Common.css]] to all skins
* Edit box now remembers scrollbar position on preview
* (bug 3816) Throw edit conflict instead of fatal error when a page is
moved or deleted during section edit
* (bug 3771) Handle internal functions in backtrace in wfAbruptExit()
* (bug 3291) 'last' diff link for last history line when not at end
* (bug 3667) Add missing global in page move code
* (bug 2885) Remove unnecessary reference parameter which broke classic skin
talk notification on PHP 5.0.5
* (bug 3852) "Redirected from" link no longer obscured on double-redirects
* changed directory hierarchy in images/math/. System upgrades from old to
new hierarchy on the fly.
* (bug 3487) Fix category edit preview with preview-on-bottom
* (bug 918) Search index incorrectly joined words at == headings ==
* (bug 3877) Render math images into temp directory, then move to hashed
subdir so you can render new math images and have them work
* (bug 2392) Fix Atom items content type, upgrade to Atom 1.0
* Allow $wgFeedCacheTimeout of 0 to disable feed caching
* Fix WebRequest::getRequestURL() to strip off the host bits squid prepends
* Require POST for action=purge, to stop bots from purging the cache
* Added local message cache feature ($wgLocalMessageCache), to reduce bandwidth
requirements to the memcached server.
* (bug 3562) for go search, try Caps-Variants-Broken-At-Non-Whitespace
* (bug 2569) Use PATH_SEPARATOR instead of trying to guess based on
DIRECTORY_SEPARATOR (was wrong on NetWare)
* (bug 2740) Accept image deletions on 'enter' submit from MSIE
* (bug 3939) Don't try to load text for interwiki redirect target
* (bug 3948) Avoid notice warning in debug statement in bad search
* Recognize Special:Search consistently so read whitelist works
* (bug 3999) Change atom 1.0 feed id; had been unnecessarily complex due to
unclear language in the spec. Now using the URL, same as the permalink,
which someone else will probably whine about because it's not 'perma'
enough or something.
* (bug 4014) Fix include mode for Allpages on small page sets
* (bug 3996) Fix text for new entries in RC RSS/Atom feed
* (bug 3065) Update both watched namespaces when renaming pages
* Changed mail form to have a bigger message entry box (like for editing
a page
* Fix ulimit parameters for wfShellExec when memory_limit is specified in 'm'
* (bug 2111) Collapsable exif metadata table, clean up display
* Reduce fractions in display of exif exposure time
* (bug 4048) Optional footer link to site privacy policy
* Don't die() when update.php reaches the end of the warning count
* (bug 1915) Fix edit links when 'direction' used with 'oldid';
using revision ID reported via OutputPage; Skin::editUrlOptions()
* Remove obsolete 'redirect=no' on some edit links
* Include oldid for the second revision on edit link on diff view
* (bug 4035) Fix prev/next revision links on edit page
* (bug 4100, 3049) Add 'edittools' message to hold edit tools, put it
on Special:Upload as well as edit, rearrange edit page pieces a bit.
Copyright warning now above the buttons to ensure it's visible,
template list at the bottom so it can grow.
* Optional summary parameter to action=rollback, for user javascript
* (bug 4167) Fix regression caused by patch for bug 153
* (bug 4169) Use $wgLegalTitleChars in pipe trick conversions
* (bug 4170) Decode HTML character escapes in sort key
* (bug 4201) Fix user-talk mode for Enotif, and general code cleanup
* (bug 4214) Skip redundant action text inserts into the HTML <title>
* (bug 4212) Skip redundant meta-robots tag for default settings
* Fix regression: old version missing from edit links in Nostalgia skin
* (bug 1600) Trigger edit conflict on duplicate section=new submissions
* (bug 4001) Use local variables properly in wikibits.js akeytt()
* Fix regression: old version missing from edit links on CSS/JS pages
* (bug 3211) Include Date, To mail headers when using PEAR::Mail
* (bug 3407) Fix encoding of subject and from/to headers on notification
mails; userMailer() now takes a MailAddress wrapper object instead of
a raw string to abstract things a level.
* Fixed --server override on dumpTextPass.php
* Added plugin interface for dumpBackup, so additional filters and output
sink types can be registered at runtime from an extension
* (bug 349) Fix for some numeric differences not being highlighted
patch by Andrius Ramanauskas
* (bug 4298) Include rc_id on enhanced RC singleton diff links for patrolling
* Did some refactoring on ChangesList.php merging dupe code
* (bug 1586) Fix interwiki generator for wikimedia obscure domains
* (bug 3493) Mark edits patrolled when they are reverted
patch by Leon Planken
* Removed experimental Amethyst skin from default set
* Upgrade old skin preferences properly at Special:Preferences
(used to spontaneously switch to Classic skin for old numeric pref records)
* (bug 3424) Update page_touched for category members on category page creation
* Log views show message when no matches
* Fix raw sitenotice display on database error
* Fix autoconfirm check for old accounts
* (bug 4368) Don't show useless empty preview on new section creation
* Don't show useless empty preview on new page creation
* (bug 4411) Fix messages diff link for classic skin
* (bug 4385) Separate parser cache entries for non-editing users, so section
edit links don't vanish / appear unwanted on protected pages
* (bug 2726, 3397) Fix [[Special:]] and [[:Image]] links in action=render
* (bug 4419) Remove obsolete magnify.png.old
* Removed $wgUseCategoryMagic option, categories are now enabled unconditionally
* (bug 3318) UI workarounds for disabled items in license selector
MSIE/Win: items now grayed out, JS will revert to 'non selected' if clicked
Safari: JS will revert to 'non selected' if clicked (but not gray)
MSIE/Mac: indented items now visible (JS hack)
* (bug 714) "plainlinks" class issues in IE, Opera
* (bug 4317) Inconsistent "broken redirects" messages
* Default interface text for "selflinks" tweaked
* (bug 3194) default implementation of translateBlockExpiry
which uses ipboptions
* (bug 4446) $wgExportAllowHistory option to explicitly disable history in
Special:Export form, 'exportnohistory' message to translate live hack.
* Maintenance script to delete unused user accounts
* (bug 912) Search box easier to reach in text browsers (lynx, links)
* $wgParserCacheExpireTime added
* Skip loading of RecentChange.php except where needed
* Enforce $wgSVGMaxSize when rendering, even for SVGs with a very large source
size. This is necessary to limit server memory usage.
* Cleanup and error checking on Special:Listredirects
* Clear up some instances of old OutputPage::sysopRequired() function usage
* Improve "upload disabled" notice
* Move parts of index.php to include/Wiki.php in an attempt to both cleanup
index.php and create a MediaWiki-class mediaWiki base object
* (bug 4104) Added OutputPageBeforeHTML hook for tweaking primary wiki output
HTML on final output (cached or not)
* Avoid PHP notice on command-line scripts if empty argument is passed ('')
* (bug 4571) Partial fix hack for {{fulllurl:}} in action=render
* (bug 3502) Bowtie symbol for TeX
* (bug 4000) Support for \textstyle et al. in <math>
* (bug 1663) support color in TeX formulas
* (bug 2026) missing glue around \not= (TeX)
* (bug 4576) Missing '>' broke license selector's first option in IE, Opera
* Override $wgLocaltimezone in parser tests for us outside Iceland and UK
* Fix extra whitespace at end of Wiki.php, DESTROYS XML OUTPUT
* Remove redundant 'echo' statements from MonoBook.php
* (bug 1103) Fix up redirect handling for images, categories
Redirects are now followed from the top-level, outside of the Article
content loading and viewing, for clarity and consistency.
* (bug 4104) 'OutputPageBeforeHTML' hook to postprocess article HTML on
page view (comes after parser cache, if used). Patch by ThomasV.
* Linker::formatComment corrupted the passed title object on PHP 5
if the comment included a section link. Use clone() to make a safe copy.
* Add wfClone() wrapper since we're still using PHP 4 on some servers.
* Remove obsolete killthread.php
* Added wfDie() wrapper, and some manual die(-1), to force the return code
to the shell to return nonzero when we crap out with an error.
* Allow input of the stub from a compressed file instead of stdin
for dumpTextPass.php; easier to get errors back on the shell
* Added an attractive space on the namespace selector on contribs
* Move PHP 5-friendly XHTML doctype hack to Sanitizer, use for sig checks.
Fixes use of named entities in sigs on PHP 5
* (bug 4482) Include move comment on the null edit as well as the redirect
* (bug 3990) Use existing session name if session.auto_start is on
Fixes checks for open sessions, such as the cookie warning on login.
Patch by Zbigniew Braniecki.
* Add cache-safe alternate sitenotice for anonymous users.
(MediaWiki:Anonnotice) This is displayed instead of the regular sitenotice,
if it exists. If not, the regular sitenotice shows. If that doesn't exist,
the value of $wgSiteNotice is used, and if that's null, then nothing is shown.
* Spit the generated LocalSettings code out during the installer as an aid
to debugging issues. (Keep this?)
* Use __FILE__ to form path in new LocalSettings.php, so it stays accurate
when the directory is relocated for typical usage.
* Auto-update $wgCacheEpoch when LocalSettings.php changes on new installs.
For typical usage this will be a light burden and should reduce confusion
when the configuration is edited.
* Fix $wgCacheEpoch's effect on client-side caching.
* (bug 1122) gray out 'older revision' when viewing first article revision.
* Clearer message in DefaultSettings.php: edit LocalSettings.php instead
* MonoBook skin top link id changed from "contentTop" to "top" (shared with
name attribute)
* (bug 3350) Missing label for move talk page checkbox.
* (bug 2108) Sort entries when using category browser
* (bug 2393) Fix MIME type for Atom feeds ( application/rss+atom )
* Add ".deps.php" include-file preloaders for some dynamically-loaded
language and skin classes. Should help with the broken base-class
problem under PHP 5 with APC as opcode cache. See details:
https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/4NVSC4LAZX6ACO77QVLRQYAWULAJCKJ2/
* Small changes to tabs in Monobook skin c/o Chris Ware
* (bug 4679) Work around buggy basename() function in PHP5, which breaks
uploads of files starting with multibyte characters on Linux.
wfBaseName() doesn't suffer this bug, and understands backslash on
both Unix and Windows.
* (bug 3603) headscripts variable not hooked up to MonoBook skin
* Allow local cdb-based interwiki cache
* Use the "block", not the "protect" permission, when determining whether to
show a "block user" link in the toolbox
* Fix backup dump text prefetch for XMLReader constant changes in PHP 5.1
* Suppress useless percentage indicator on output from 7za during dumps
* (bug 4633) Add (previous 200) (next 200) also above catlinks
* (bug 4686) Fix regression where ?diff=0&oldid=0 caused fatal error on
pages with only one revision. Fixes message diff link on first edit.
* Fix dependence on hardcoded UNIQ_PREFIX in LanguageConverter.php
* Do not check lag on external storage servers
* Do not tidy interface messages (unless full tidy is set)
* Do not trust equality propagation and give more hints to MySQL
optimizer for revision fetches (avoids index scans)
* Use revision rate for ETA in dump generation; it tends to be more stable
than the per-page count for full-history dumps.
* Include timestamp in wfDebugLog breakouts
* (bug 4469) Namespace-specific notice to be displayed below site-notice
Edit messages like "MediaWiki:Namespacenotice-" plus namespace name
which is blank for main namespace, or like e.g. "User_talk"
* Adjust user login/creation form hooks to work with a captcha plugin
* (bug 1284) Inline styles for diffs in Recent Changes RSS/Atom feeds
* (bug 4824) IE7 beta 2 broke compatibility with PNG logo workarounds,
and seems to work ok with other bits. No longer including the IE
workarounds JavaScript for IE 7 and above.
* Fix extra namespace for Bulgarian
* (bug 4303) Add $wgFavicon to change the shorticon icon link from
the default /favicon.ico or disable it (if set to false)
* (bug 3347) strip linebreaks in math error source
* (bug 4841) Warning for non-logged-in edits
* (bug 4867) Leave invalid EXIF date fields unformatted instead of
showing a bogus current timestamp
* Reset $wgActionPaths during parser test; corrects some false failures
in the automated test report.
* (bug 4875) Define a div containing the shared image description
* (bug 4860) Expose Title->userCan() as Hooks
* (bug 4828) Fix genitive month-name variable for cs, pl, uk
* (bug 4842) Fix 'show number of watching users' with enhanced RC
* (bug 4889) Fix image talk namespace for Tamil
* (bug 4147) Added cleanupWatchlist.php to clear out bogus watchlist entries
* (partial bug 3456) Disable auto redirect to Main Page after account creation
* (bug 4824) Separate out IE7 CSS compat hacks, fix for RTL pages
* Added support for wikidiff2 and similar external diff engines.
* Allow cookies to be shared between multiple wikis with a shared user database
* Blocking some Unicode whitespace characters in usernames. Should check
if some or all should be blocked from all page titles.
* Unknown log types no longer throw notices everywhere in RecentChanges
* (bug 4502, 5017) Don't render potentially hostile deleted page contents
on Special:Undelete by default; show source, with an optional preview.
The revisions list no longer shows the latest text by default, so it can
still be operated if the text is hostile.
* (bug 5013) Check for existence on "return to" links
* Removed trailing whitespace on a bunch more messages.
* Fix missing bad title check in Special:Booksources
* Remove empty booksources string in fy
* Avoid corrupting <gallery> inside <!-- comment -->
* Remove legacy PHPTal code, hasn't been maintained in ages.
* Tweak Userlogin include order for APC issue
* Don't try to link to current page on protection tab
* More exact checking in Title::equals() to fox moves of numerically similar
page titles. (Odd hex title bug on 64-bit.)
* Fix explicit s-maxage=0 on raw pages; should help with proxy issues in
generated stylesheets... hopefully...
* (bug 4685) More fixes for Slovenian project namespace
* Fixed and enhanced a little the Live Preview, which had been broken for some
time
* Added article size limit, $wgMaxArticleSize
* (bug 4974) Don't follow redirected talk page on "new messages" link
* (bug 4970) Make category paging limits configurable
* (bug 4535) Warn user when editing CSS or JS subpage of a skin that doesn't
exist
* Make Live Preview an user preference, still controllable by the global
variable
* Rename the stub LanguageAls / LanguageGem_alsation to LanguageGsw to follow
updated language code assignments
* (bug 5081) Remove bogus fix for invalid characters in links which simply
broke use of legitimate multiple whitespace characters in bracketed link.
* (bug 4838) Add relative oldids (prev, next, cur) for raw pages
Patch by Lupin
* (bug 5086) Force image resize dimensions on ImageMagick, as for instance
"-resize 100x35!"; some thumbs were off due to differences in rounding and
would be generated smaller than expected.
* (bug 5062) Width sometimes one pixel short when using maximum heights
* Purge thumbnails and metadata cache for action=purge on an image page
* (bug 4273) Bounce back with a message when attempting to submit a new comment
with an empty main textbox (user probably hit Enter in subject field)
* (bug 5141) Gracefully handle the new account link when createaccount off
* (bug 5150 and related) Fix missing ID attribute in HTML namespace selector
* (bug 5152) Proper HTML escaping on subpage breadcrumbs
* (bug 4855) Section edit links now have the section name in the title
attribute.
* (bug 2115) Support shift-selecting multiple checkboxes with JavaScript.
* (bug 5161) Don't try to load template list for nonexistent pages
* (bug 5228) Workaround for broken LanguageConverter title overrides; avoid
unnecessary hidden UI work when watch/unwatch is performed on edit
* Fixed bogus master fallback in external storage
* (bug 5246) Add speak:none to "hiddenStructure" class in main.css
* Further work on rev_deleted; changed to a bitfield with several data-hiding
options. Not yet ready for production use; Special:Revisiondelete is
incomplete, and the flags are not preserved across page deletion/undeletion.
To try it; add the 'deleterevision' permission to a privileged group.
* (bug 5270) Fix broken linktrail for br, cv, fr, hr, nn, oc, ta, wa
* Add a clickable contribs link in user tool links (rc, watchlist, diff view)
to see how people like it. (There was one in the old hacked-up diff view.)
* (bug 5236) Load wikibits.js before site-customized javascript
* (bug 4119) Workaround for <nowiki> following link in Walloon; remove capitals
from linktrail, as they're not used anywhere else.
* (bug 4781) Output links with the percent-encoding they're supplied with;
save the normalization for internal link storage. The normalization is a bit
buggy and can make incorrect foldings in the query string and such, so isn't
reliable beyond the hostname where it's used for the spam bulk checker.
* Don't URL-decode in the title attribute for URL links; it can produce false
results that don't code back to their original values.
* (bug 4611) Add user preference (default on) to add new pages to creators's
watchlist
* (bug 5286) Fix regression in display of missing/bad revision IDs
* (bug 4729) Add user preference that marks a user's edits as patrolled if user
is able to
* (bug 4630) Add user preference to prompt users when entering blank edit
summaries
* Added optional suggest feature for the search box. Set wgUseAjax to true to
enable it.
* (bug 5277) Use audio/midi rather that audio/mid
* (bug 5410) Use namespace name when a custom namespace's nstab-NS message is
nonexistent
* (bug 5432) Fix inconsistencies in cookie names when using table prefixes
* Additional protections against HTML breakage in table parsing
* (bug 5355) Include skin name and style JS settings in page source;
fixes regression where Opera 6/7 and KHTML CSS fixes weren't applied
when wikibits.js was moved up before user JS inclusion.
* Added $wgColorErrors: if set, database error messages will be highlighted
when running command-line scripts in a Unix terminal.
* (bug 5195) rebuildrecentchanges.php works again; Database::insertSelect now
has a parameter for select options.
* Fix updateSearchIndex.php for new schema
* Fix bogus "filename too short" error when uploading files with a period in the
base name, e.g. "Mr. Zee.png"
* (bug 2139) Show page title in subtitle when viewing "read only" page
* (bug 5452) Update language name for Cree
== Compatibility ==
Older PHP 4.2 and 4.1 releases are no longer supported; PHP 4 users must
upgrade to 4.3 or later.
MediaWiki 1.6 is the last major version to support PHP 4; future versions will
require PHP 5.
MySQL 3.23.x is no longer supported; some older hosts may need to upgrade.
At this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases.
== Upgrading ==
Several changes to the database have been made from 1.5; these are relatively
minor but do require that the update process be run before the new code will
work properly:
* A new "templatelinks" table tracks template inclusions.
* A new "externallinks" table tracks URL links; this can be used by a mass
spam-cleanup tool in the SpamBlacklist extension.
* A new "jobs" table stores a queue of pages to update in the background; this
is used to update links in including pages when templates are edited.
To ensure that these tables are filled with data, run refreshLinks.php after
the upgrade.
If you are upgrading from MediaWiki 1.4.x or earlier, some major database
changes are made, and there is a slightly higher chance that things could
break. Don't forget to always back up your database before upgrading!
=== Caveats ===
Some output, particularly involving user-supplied inline HTML, may not produce
100% valid or well-formed XHTML output. Testers are welcome to set $wgMimeType
= "application/xhtml+xml"; to test for remaining problem cases, but this is not
recommended on live sites. (This must be set for MathML to display properly in
Mozilla.)
= MediaWiki 1.5 =
== MediaWiki 1.5.9 ==
* (bug 3359) Add hooks on completion of file upload
== MediaWiki 1.5.8 ==
March 26, 2006
MediaWiki 1.5.8 is a security and bugfix maintenance release.
A bug in decoding of certain encoded links could allow injection of raw
HTML into page output; this could potentially lead to XSS attacks.
Some minor UI fixes were also made, see the change log at the bottom of
this file.
== MediaWiki 1.5.7 ==
March 2, 2006
MediaWiki 1.5.7 is a bugfix maintenance release.
Most importantly, a security issue in the installer has been fixed. The bug
affects new installations of 1.5.6 only. If the user specified the MySQL root
password, to allow the installer to create an unprivileged account, the
installer would not only create the new account but also change the root
password to be equal to the password of the new account.
Anyone affected by this bug will need to change the root password back
manually. For information about how to change passwords in MySQL please see:
http://dev.mysql.com/doc/refman/5.1/en/passwords.html
This version includes fixes for compatibility with Internet Explorer 7
beta 2, and various other bugs; see the full changelog at the end of
the release notes.
== MediaWiki 1.5.6 ==
January 19, 2006
MediaWiki 1.5.6 is a security and bugfix maintenance release.
A bug in edit comment formatting could send PHP into an infinite loop
if certain malformed links were included. In most installations, this
would cause the script to fail after PHP's 30-second failsafe timeout.
Some improvements have been made to the installer which should make
installation possible on a system with a broken MySQL "root" account.
For several other minor fixes, see the complete changelog at the end
of this file.
== MediaWiki 1.5.5 ==
January 5, 2006
MediaWiki 1.5.5 is a security and bugfix maintenance release.
Detection for uploads of Windows Metafile (.wmf) images has been added
to help protect against a client-side vulnerability in unpatched Microsoft
Windows operating systems.
Sites which have enabled uploads and added non-standard file types
(such as .ogg, .doc, or .pdf) should upgrade to this release to ensure
that malicious .wmf files can't be uploaded with a fake extension;
such files could put visitors to the site at risk.
For more details on this, see:
https://en.wikipedia.org/wiki/Windows_Metafile_vulnerability
Additionally, a maintenance script removeUnusedAccounts.php has been added;
this replaces an older Perl script which had not been updated for the new
schema in 1.5.
== MediaWiki 1.5.4 ==
December 21, 2005
MediaWiki 1.5.4 is a security and bugfix maintenance release.
A hardcoded internal placeholder string has been replaced with a random
one. This closes a hole where security checks in inline style attributes
could be bypassed, injecting JavaScript code that could execute in
Microsoft Internet Explorer.
Other browsers would not be vulnerable.
Several minor fixes are included in this release, most notably a fix
to clear the "you have new messages" flag properly for usernames
containing spaces when e-mail notification is enabled.
See the changelog at the end of the release notes for a full list of
fixes.
== MediaWiki 1.5.3 ==
December 4, 2005
MediaWiki 1.5.3 is a security and bugfix maintenance release.
Validation of the user language option was broken by a code change in
May 2005, opening the possibility of remote code execution as this
parameter is used in forming a class name dynamically created with
eval().
The validation has been corrected in this version. All prior 1.5 release
and prelease versions are affected; 1.4 and earlier and not affected.
Additionally several bugs have been fixed; see the changelog later in
this file for a complete list.
== MediaWiki 1.5.2 ==
November 2, 2005
MediaWiki 1.5.2 is a bugfix maintenance release.
A change in PHP 4.4.1 and PHP 5.1.0RC broke handling of extension and
<pre> sections, causing garbage data to be inserted in output and saved
edits. This version works around the change.
Several other glitches with MySQL 5.0 and PHP 5.0.5 were also fixed;
see the change log below for a complete list.
== MediaWiki 1.5.1 ==
October 26, 2005
MediaWiki 1.5.1 is a bugfix and security maintenance release, and is a
recommended upgrade for all installations.
This release includes further corrections to the inline CSS style sanitation
which works around a JavaScript "feature" on Microsoft Internet Explorer.
Users of Microsoft Internet Explorer for Windows may be vulnerable to
XSS injections on prior versions; users of standards-compliant browsers
are not vulnerable.
Major fixes include:
* Image pages work again with resizing disabled
* Works in MySQL 5.0 strict mode
There is experimental support in this release for explicitly declaring
the UTF-8 charset in the database; this has been tested with MySQL 5.0.15
but should work on 4.1 as well.
IMPORTANT: Changing this setting on an existing wiki may produce interesting
data corruption, depending on server configuration. Page contents should,
usually, be unaffected, but page titles and other items may be. Limitations
in MySQL's Unicode support mean that characters outside the BMP cannot be used
in page titles or various other fields when using this mode.
Table definitions are in maintenance/mysql5/tables.sql, and the runtime
option to send 'SET NAMES utf8' is set by $wgDBmysql5 = true.
(MySQL 3.23.x and 4.0.x do not support character set declarations; on these
versions MediaWiki simply works with UTF-8 data and MySQL is blissfully
unaware of it.)
== MediaWiki 1.5.0 final ==
October 5, 2005
MediaWiki 1.5.0 is the new stable release branch of MediaWiki, and is
recommended for all new installations.
Any wikis running a 1.5 beta or release candidate are strongly recommended
to upgrade to the final release, which includes a number of bug fixes and
a security fix for CSS bugs in Microsoft Internet Explorer.
IMPORTANT: Running a 1.3 or 1.4 wiki and don't want to jump to 1.5 yet?
Be sure to upgrade to 1.3.17 or 1.4.11, also released today. Versions
prior to 1.3.16 and 1.4.10 have a serious data corruption bug which is
triggered by a spambot known to operate in the wild.
=== What's new in 1.5? ===
Schema:
The core table schema has changed significantly. This should make better
use of the database's cache and disk I/O, and make significantly speed up
rename and delete operations on pages with very long edit histories.
Unfortunately this does mean upgrading a wiki of size from 1.4 will require
some downtime for the schema restructuring, but future storage backend
changes should be able to integrate into the new system more easily.
Permalinks:
The current revision of a page now has a permanent 'oldid' number assigned
immediately, and the id numbers are now preserved across deletion/undeletion.
A permanent reference to the current revision of a page is now just a matter
of going to the 'history' tab and copying the first link in the list.
Page move log:
Renames of pages are now recorded in Special:Log and the page history.
A handy revert link is available from the log for sysops.
Editing diff:
Ever lost track of what you'd done so far during an edit? A 'Show diff'
button on the edit page now makes it easy to remember.
Uploads:
It's now possible to specify the final filename of an upload distinct
from the original filename on your disk.
An image link for a missing file will now take you straight to the upload
page.
More metadata is pre-extracted from uploaded images, which will ease pressure
on disk or NFS volumes used to store images. EXIF metadata is displayed on
the image description page if PHP is configured with the necessary module.
If .svg files are added to the upload whitelist, you can choose to render
them to rasterized .png images for inline display using one of several
external helper programs. See DefaultSettings.php for SVG options.
User accounts:
There are some changes to the user permissions system, with assignable
groups. Note that this does *not* allow you to make pages which are only
accessible to certain groups.
For details see: https://www.mediawiki.org/wiki/Manual:User_rights
E-mail:
User-to-user e-mail can now be restricted to require a mail-back confirmation
first to reduce potential for abuse with false addresses.
Updates to user talk pages and watchlist entries can optionally send e-mail
notifications.
External hooks:
A somewhat experimental interface for hooking in an external editor
application is included.
And...
A bunch of stuff we forgot to mention.
=== What's gone? ===
Latin-1:
Wikis must now be encoded in Unicode UTF-8; this has been the default for
some time, but some languages could optionally be installed in Latin-1 mode.
This is no longer supported.
You can check if your current wiki is in Latin-1 mode by using your browser's
"view source"; look for a line like this:
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
If it says charset=utf-8, you're ready. If it says charset=iso8859-1,
you may need to convert your data. (English-language wikis avoiding
any accented characters may be able to get away without conversion.)
MySQL 3.x:
Some optimization hacks for MySQL 3.x have been removed as part of the schema
clean-up (specifically, the inverse_timestamp fields).
MediaWiki 1.5 may still run on 3.x, but wikis of non-trivial size should
very seriously consider upgrading to a more modern release. MySQL 3.x support
will probably be entirely dropped in the next major release.
Special:Maintenance
These tools were, ironically enough, not really maintained. This special
page has been removed; insofar as some of its pieces were useful and haven't
already been supplanted by other special pages they should be rewritten in
an efficient and safe manner in the future.
=== Caveats ===
Upgrade:
Wikis in Latin-1 encoding are no longer supported; only Unicode UTF-8.
A new option $wgLegacyEncoding is provided to allow on-the-fly recoding of
old page text entries, but other metadata fields (titles, comments etc) need
to be pre-converted. The standard upgrade process does not yet fully automate
this, but you can try the alternate partial-upgrader in upgrade1_5.php.
The upgrade from 1.4 to 1.5 schema has not been tested for all cases, so
it's possible you may experience problems in some combinations.
Backups:
The text entries of deleted pages are no longer removed from the main
text table on deletion. If you provide public backup dumps of your databases,
you will probably want to use the new XML-format dump generator, available
as maintenance/dumpBackup.php.
For more information on how we run our own public data dumps at Wikimedia,
see http://meta.wikimedia.org/wiki/Data_dumps
PostgreSQL:
The table definitions for PostgreSQL install are out of date. PostgreSQL
support may return in later releases, pending appropriate patches.
MySQL 4.1+:
Some users may encounter installation problems with MySQL 4.1 or higher
due to strange charset encoding / collation configurations. Try setting
to 'latin1' or 'utf8' if you encounter problems.
== MediaWiki 1.5 release candidate 4 ==
August 29, 2005
MediaWiki 1.5rc4 is a preview release of the new 1.5 release series.
It fixes compatibility with PHP 5.1, and corrects two cross-site scripting
security bugs:
* <math> tags were handled incorrectly when TeX rendering support is off,
as in the default configuration.
* Extension or <nowiki> sections in Wiki table syntax could bypass HTML
style attribute restrictions for cross-site scripting attacks against
Microsoft Internet Explorer
Wikis where the optional math support has been *enabled* are not vulnerable
to the first, but are vulnerable to the second.
== MediaWiki 1.5 release candidate 3 ==
August 24, 2005
MediaWiki 1.5rc3 is a preview release of the new 1.5 release series.
It fixes several major problems in 1.5rc2:
* Fixed a cross-site scripting injection in the search form
(broken since 1.5beta1)
* Fixed upgrades from 1.4 database schema
(broken since 1.5rc2)
1.3 and 1.4 releases are not vulnerable to the XSS bug, but anyone
running an earlier 1.5 beta or release candidate should upgrade
immediately.
== MediaWiki 1.5 release candidate 2 ==
August 23, 2005
MediaWiki 1.5rc2 is a preview release of the new 1.5 release series.
Numerous bug fixes since last beta, plus a security fix; see change
log below for full details.
A flaw in the interaction between extensions and HTML attribute
sanitization was discovered which could allow unauthorized use
of offsite resources in style sheets, and possible exploitation
of a JavaScript injection feature on Microsoft Internet Explorer.
This version expands the returned text and properly checks it
before output.
A 1.5rc1 release was mistakenly made from the incorrect source code
branch; 1.5rc2 is identical to the actual 1.5rc1 in revision control
except for version number.
== MediaWiki 1.5 beta 4 ==
July 30, 2005
MediaWiki 1.5 beta 4 is a preview release of the new 1.5 release series.
A number of bugs have been fixed since beta 3; see the full changelist below.
== MediaWiki 1.5 beta 3 ==
July 7, 2005
MediaWiki 1.5 beta 3 is a preview release of the new 1.5 release
series, with a security update over beta 2.
Incorrect escaping of a parameter in the page move template could
be used to inject JavaScript code by getting a victim to visit a
maliciously constructed URL. Users of vulnerable releases are
recommended to upgrade to this release.
Vulnerable versions:
* 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3
* 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6
* 1.3 legacy series: not vulnerable
This release also includes several bug fixes and localization updates.
See the changelog at the end of this file for a detailed list.
== MediaWiki 1.5 beta 2 ==
July 5, 2005
MediaWiki 1.5 beta 2 is a preview release of the new 1.5 release series.
While most exciting new bugs should have been ironed out at this point,
third-party wiki operators should probably not run this beta release
on a public site without closely following additional development.
Anyone who _has_ been running beta 1 is very very strongly advised to
upgrade to beta 2, as it fixes many bugs from the previous beta including
a couple of HTML and SQL injections.
This release should be followed by one or two release candidates and
a 1.5.0 final within the next few weeks.
Beta upgraders, note there are some minor database changes. For upgrades
from 1.4, see the file UPGRADE for details on significant database and
configuration file changes.
Beta 2 includes a preliminary command-line XML wiki dump importer tool,
maintenance/importDump.php, paired with maintenance/dumpBackup.php.
These use the same format as Special:Export and Special:Import, able
to package a wiki's entire page set independent of the backend database
and compression format.
== MediaWiki 1.5 beta 1 ==
June 26, 2005
MediaWiki 1.5 beta 1 is a preview release, pretty much feature complete,
of the new 1.5 release series. There are several known and likely a number
of unknown bugs; it is not recommended to use this release in a production
environment but would be recommended for testing in mind of an upcoming
deployment.
A number of significant changes have been made since the alpha releases,
including database changes and a reworking of the user permissions settings.
See the file UPGRADE for details of upgrading and changing your prior
configuration settings for the new system.
== MediaWiki 1.5 alpha 2 ==
June 3, 2005
MediaWiki 1.5 alpha 2 includes a lot of bug fixes, feature merges,
and a security update.
Incorrect handling of page template inclusions made it possible to
inject JavaScript code into HTML attributes, which could lead to
cross-site scripting attacks on a publicly editable wiki.
Vulnerable releases and fix:
* 1.5 prerelease: fixed in 1.5alpha2
* 1.4 stable series: fixed in 1.4.5
* 1.3 legacy series: fixed in 1.3.13
* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended
== MediaWiki 1.5 alpha 1 ==
May 3, 2005
This is a testing preview release, being put out mainly to aid testers in
finding installation bugs and other major problems. It is strongly recommended
NOT to run a live production web site on this alpha release.
** WARNING: USE OF THIS ALPHA RELEASE MAY INFEST YOUR HOUSE WITH **
** TERMITES, ROT YOUR TEETH, GROW HAIR ON YOUR PALMS, AND PASTE **
** INNUENDO INTO YOUR C.V. RIGHT BEFORE A JOB INTERVIEW! **
** DON'T SAY WE DIDN'T WARN YOU, MAN. WE TOTALLY DID RIGHT HERE. **
=== Smaller changes since 1.4 ===
Various bugfixes, small features, and a few experimental things:
* 'live preview' reduces preview reload burden on supported browsers
* support for external editors for files and wiki pages:
https://www.mediawiki.org/wiki/Manual:External_editors
* Schema reworking:
https://www.mediawiki.org/wiki/Proposed_Database_Schema_Changes/October_2004
* (bug 15) Allow editors to view diff of their change before actually submitting
an edit
* (bug 190) Hide your own edits on the watchlist
* (bug 510): Special:Randompage now works for other namespaces than NS_MAIN.
* (bug 1015) support for the full wikisyntax in <gallery> captions.
* (bug 1105) A "Destination filename" (save as) added to Special:Upload Upload.
* (bug 1352) Images on description pages now get thumbnailed regardless of
whether the thumbnail is larger than the original.
* (bug 1662) A new magicword, {{CURRENTMONTHABBREV}} returns the abbreviation of
the current month
* (bug 1668) 'Date format' supported for other languages than English, see:
https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/5SH5IDCNYZTRBQQZ33GS7WYDEJ3PSEZE/
* (bug 1739) A new magicword, {{REVISIONID}} give you the article or diff
database revision id, useful for proper citation.
* (bug 1998) Updated the Russian translation.
* (bug 2064) Configurable JavaScript mimetype with $wgJsMimeType
* (bug 2084) Fixed a regular expression in includes/Title.php that was accepting
invalid syntax like #REDIRECT [[foo] in redirects
* It's now possible to invert the namespace selection at Special:Allpages and
Special:Contributions
* No longer using sorbs.net to check for open proxies by default.
* What was $wgDisableUploads is now $wgEnableUploads, and should be set to true
if one wishes to enable uploads.
* Supplying a reason for a block is no longer mandatory
* Language conversion support for category pages
* $wgStyleSheetDirectory is no longer an alias for $wgStyleDirectory;
* Special:Movepage can now take parameters like Special:Movepage/Page_to_move
(used to just be able to take parameters via a GET request like
index.php?title=Special:Movepage&target=Page_to_move)
* (bug 2151) The delete summary now includes editor name, if only one has edited
the article.
* (bug 2105) Fixed from argument to the PHP mail() function. A missing space
could prevent sending mail with some versions of sendmail.
* (bug 2228) Updated the Slovak translation
* ...and more!
=== Changes since 1.5alpha1 ===
* (bug 73) Category sort key is set to file name when adding category to
file description from upload page (previously it would be set to
"Special:Upload", causing problems with category paging)
* (bug 419) The contents of the navigation toolbar are now editable through
the MediaWiki namespace on the MediaWiki:navbar page.
* (bug 498) The Views heading in MonoBook.php is now localizable
* (bug 898) The wiki can now do advanced sanity check on uploaded files
including virus checks using external programs.
* (bug 1692) Fix margin on unwatch tab
* (bug 1906) Generalize project namespace for Latin localization, update
namespaces
* (bug 1975) The name for Limburgish (li) changed from "Lèmburgs" to "Limburgs
* (bug 2019) Wrapped the output of Special:Version in <div dir='ltr'> in order
to preserve the correct flow of text on RTL wikis.
* (bug 2067) Fixed crash on empty quoted HTML attribute
* (bug 2075) Corrected namespace definitions in Tamil localization
* (bug 2079) Removed links to Special:Maintenance from movepagetext message
* (bug 2094) Multiple use of a template produced wrong results in some cases
* (bug 2095) Triple-closing-bracket thing partly fixed
* (bug 2110) "noarticletext" should not display on Image page for "sharedupload"
media
* (bug 2150) Fix tab indexes on edit form
* (bug 2152) Add missing bgcolor to attribute whitelist for <td> and <th>
* (bug 2176) Section edit 'show changes' button works correctly now
* (bug 2178) Use temp dir from environment in parser tests
* (bug 2217) Negative ISO years were incorrectly converted to BC notation
* (bug 2234) allow special chars in database passwords during install
* Deprecated the {{msg:template}} syntax for referring to templates, {{msg: is
now the wikisyntax representation of wfMsgForContent()
* Fix for reading incorrectly re-gzipped HistoryBlob entries
* HistoryBlobStub: the last-used HistoryBlob is kept open to speed up
multiple-revision pulls
* Add $wgLegacySchemaConversion update-time option to reduce amount of
copying during the schema upgrade: creates HistoryBlobCurStub reference
records in text instead of copying all the cur_text fields. Requires
that the cur table be left in place until/unless such fields are migrated
into the main text store.
* Special:Export now includes page, revision, and user id numbers by
default (previously this was disabled for no particular reason)
* dumpBackup.php can dump the full database to Export XML, with current
revisions only or complete histories.
* The group table was renamed to groups because "group" is a reserved word in
SQL which caused some inconveniances.
* New fileicons for c, cpp, deb, dvi, exe, h, html, iso, java, mid, mov, o,
ogg, pdf, ps, rm, rpm, tar, tex, ttf and txt files based on the KDE
crystalsvg theme.
* Fixed a bug in Special:Newimages that made it impossible to search for '0'
* Added language variant support for Icelandic, now supports "Íslenzka"
* The #p-nav id in MonoBook is now #p-navigation
* Putting $4 in msg:userstatstext will now give the percentage of
admnistrators out of normal users.
* links and brokenlinks tables merged to pagelinks; this will reduce pain
dealing with moves and deletes of widely-linked pages.
* Add validate table and val_ip column through the updater.
* Simple rate limiter for edits and page moves; set $wgRateLimits
(somewhat experimental; currently needs memcached)
* (bug 2262) Hide math preferences when TeX is not enabled
* (bug 2267) Don't generate thumbnail at the same size as the source image.
* Fix rebuildtextindex.inc for new schema
* Remove linkscc table code, no longer used.
* (bug 2271) Use faster text-only link replacement in image alt text
instead of rerunning expensive link lookup and HTML generation.
* Only build the HTML attribute whitelist tree once.
* Replace wfMungeToUtf8 and do_html_entity_decode with a single function
that does both numeric and named chars: Sanitizer::decodeCharReferences
* Removed some obsolete UTF-8 converter functions
* Fix function comment in debug dump of SQL statements
* (bug 2275) Update search index more or less right on page move
* (bug 2053) Move comment whitespace trimming from edit page to save;
leaves the whitespace from the section comment there on preview.
* (bug 2274) Respect stub threshold in category page list
* (bug 2173) Fatal error when removing an article with an empty title from the
watchlist
* Removed -f parameter from mail() usage, likely to cause failures and bounces.
* (bug 2130) Fixed interwiki links with fragments
* (bug 684) Accept an attribute parameter array on parser hook tags
* (bug 814) Integrate AuthPlugin changes to support Ryan Lane's external
LDAP authentication plugin
* (bug 2034) Armor HTML attributes against template inclusion and links munging
=== Changes since 1.5alpha2 ===
* (bug 2319) Fix parse hook tag matching
* (bug 2329) Fix title formatting in several special pages
* (bug 2223) Add unique index on user_name field to prevent duplicate accounts
* (bug 1976) fix shared user database with a table prefix set
* (bug 2334) Accept null for attribs in wfElement without PHP warning
* (bug 2309) Allow templates and template parameters in HTML attribute zone,
with proper validation checks. (regression from fix for 2304)
* Disallow close tags and enforce empty tags for <hr> and <br>
* Changed user_groups format quite a bit.
* (bug 2368) Avoid fatally breaking PHP 4.1.2 in a debug line
* (bug 2367) Insert correct redirect link record on page move
* (bug 2372) Fix rendering of empty-title inline interwiki links
* (bug 2384) Fix typo in regex for IP address checking
* (bug 650) Prominently link MySQL 4.1 help page in installer if a possible
version conflict is detected
* (bug 2394) Undo incompatible breakage to {{msg:}} compatibility includes
* (bug 1322) Use a shorter cl_sortkey field to avoid breaking on MySQL 4.1
when the default charset is set to utf8
* (bug 2400) don't send confirmation mail on account creation if
$wgEmailAuthentication is false.
* (bug 2172) Fix problem with nowiki beeing replaced by marker strings
when a template with a gallery was used.
* Guard Special:Userrights against form submission forgery
* (bug 2408) page_is_new was inverted (whoops!)
* Added wfMsgHtml() function for escaping messages and leaving params intact
* Fix ordering of Special:Listusers; fix groups list so it shows all groups
when searching for a specific group and can't be split across pages
* (bug 1702) Display a handy upload link instead of a useless blank link
for [[media:]] links to nonexistent files.
* (bug 873) Fix usage of createaccount permission; replaces $wgWhitelistAccount
* (bug 1805) Initialise $wgContLang before $wgUser
* (bug 2277) Added Friulian language file
* (bug 2457) The "Special page" href now links to the current special page
rather than to "".
* (bug 1120) Updated the Czech translation
* A new magic word, {{SCRIPTPATH}}, returns $wgScriptPath
* A new magic word, {{SERVERNAME}}, returns $wgServerName
* A new magic word, {{NUMBEROFFILES}}, returns the number of rows in the image
table
* Special:Imagelist displays titles with " " instead of "_"
* Less gratuitous munging of content sample in delete summary
* badaccess/badaccesstext to supercede sysop*, developer* messages
* Changed $wgGroupPermissions to more cut-n-paste-friendly format
* 'developer' group deprecated by default
* Special:Upload now uses 'upload' permission instead of hardcoding login check
* Add 'importupload' permission to disable direct uploads to Special:Import
* (bug 2459) Correct escaping in Special:Log prev/next links
* (bug 2462 etc) Taking out the experimental dash conversion; it broke too many
things for the current parser to handle cleanly
* (bug 2467) Added a Turkish language file
* Fixed a bug in Special:Contributions that caused the namespace selection to
be forgotten between submits
* Special:Watchlist/edit now has namespace subheadings
* (bug 1714) the "Save page" button now has right margin to separate it from
"Show preview" and "Show changes"
* Special:Statistics now supports action=raw, useful for bots designed to
harwest e.g. article counts from multiple wikis.
* The copyright confirmation box at Special:Upload is now turned off by default
and can be turned back on by setting $wgCopyrightAffirmation to a true value.
* Restored prior text for password reminder button and e-mail, replacing
the factually inaccurate text that was there.
* (bug 2178) Fix temp dir check again
* (bug 2488) Format 'deletedtext' message as wikitext
* (bug 750) Keep line endings consistent in LocalSettings.php
* (bug 1577) Add 'printable version' tab in MonoBook for people who don't
realize you can just hit print to get a nicely formatted printable page.
* Trim whitespace from option values to weather line-ending corruption problems
* Fixed a typo in the Romanian language file (NS_MESIA => NS_MEDIA)
* (bug 2504) Updated the Finnish translation
* (bug 2506, 2512) Updated the Nynorsk translation
* (bug 996) Replace $wgWhitelistEdit with 'edit' permission; fixup UPGRADE
documentation about edit and read whitelists.
* (bug 2515) Fix incremental link table update
* Removed some wikipedia-specifica from LanguageXx.php's
* (bug 2496) Allow MediaWiki:edithelppage to point to external page
* Added a versionRequired() function to OutputPage, useful for extension
writers that want to control what version of MediaWiki their extension
can be used with.
* Serialized user objects now checked for versioning
* Fix for interwiki link regression
* Printable link shorter in monobook
* Experimental Latin-1-and-replication-friendly upgrader script
* (bug 2520) Don't show enotif options when disabled
== Changes since 1.5beta1 ==
* (bug 2531) Changed the interwiki name for sh (Serbocroatian) to
Srpskohrvatski/Српскохрватски (was Српскохрватски (Srbskohrvatski))
* Nonzero return code for command-line scripts on wfDebugDieBacktrace()
* Conversion fix for empty old table in upgrade1_5.php
* Try reading revisions from master if no result on slave
* (bug 2538) Suppress notice on user serialized checks
* Fix paging on Special:Contributions
* (bug 2541) Fix unprotect tab
* (bug 1242) category list now show on edit page
* Skip sidebar entries where link text is '-'
* Convert non-UTF-8 URL parameters even if referer is local
* (bug 2460) <img> width & height properly filled when resizing image
* (bug 2273) deletion log comment used user interface language
* Try reading revision _text_ from master if no result on slave
* Use content-language message cache for raw view of message pages
* (bug 2530) Not displaying talk pages on Special:Watchlist/edit
* Fixed a bug that would occour if $wgCapitalLinks was set to false, a user
agent could create a username that began with a lower case letter that was
not in the ASCII character set ( now user $wgContLang->ucfirst() instead of
PHP ucfirst() )
* Moved the user name / password validity checking from
LoginForm::addNewAccountInternal() to two new functions,
User::isValidUserName() and User::isValidPassword(), extensions can now do
these checks without rewriting code.
* Fix $wgSiteNotice when MediaWiki:Sitenotice is set to default '-'
* Fixed a bug where the watchlist count without talk pages would be off by a
factor of two.
* upgrade1_5.php uses insert ignore, allows to skip image info initialization
* Fix namespaces in category list.
* Add rebuildImages.php to update image metadata fields
* Special:Ancientpages is expensive in new schema for now
* (bug 2568) Fixed a logic error in the Special:Statistics code which caused
the displayed percentage of admins to be totally off.
* (bug 2560) Don't show blank width/height attributes for missing size
* Don't show bogus messages about watchlist notifications when disabled
* Don't show old debug messages in watchlist
* (bug 2576) Fix recording of transclusion links
* (bug 2577) Allow sysops to enter non-standard block times
* Fixed a bug where Special:Contributions wouldn't remember the 'invert'
status between next/previous buttons.
* Move MonoBook printable link from tab to sidebar
* (bug 2567) Fix HTML escaping on category titles in list
* (bug 2562) Show rollback link for current revisions on diff pages
* (bug 2583) Add --missinig option on rebuildImages.php to add db entries
for uploaded files that don't have them
* (bug 2572) Fix edit conflict handling
* (bug 2595) Show "Earlier" and "Latest" links on history go to the first/last
page in the article history pager.
* Don't show empty-page text in 'Show changes' on new page
* (bug 2591) Check for end, fix limits on Whatlinkshere
* (bug 2584) Fix output of subcategory list
* (bug 2597) Don't crash when undeleting an image description page
* (bug 2564) Don't show "editingold" warning for recent revision
* Various code cleanup and HTML escaping fixlets
* Copy IRC-over-UDP update option from REL1_4
* (bug 2548) Keep summary on 'show changes' of section edit
* Move center on toc to title part to avoid breaking .toc style usage
* HTML sanitizer: correct multiple attributes by keeping last, not first
* (bug 2614) Fix section edit links on diff-to-current with oldid set
Also fix navigation links on current-with-oldid view.
* (bug 2620) Return to prior behavior for some more things (such as
subpage parent links) on current-diff view.
* (bug 2618) Fix regression from another fix; show initial preview for
categories only if the page does not exist.
* (bug 2625) Keep group & user settings when paging in Listusers
* (bug 2627) Fix regression: diff radio button initial selection
* Copy fix for old search URLs with Lucene search plugin from REL1_4
* (bug 619) Don't use incompatible diff3 executable on non-Linux systems.
* (bug 2631) Fix Hebrew namespaces.
* (bug 2630) Indicate no-longer-valid cached entries in BrokenRedirects list
* (bug 2644, 2645) "cur" diff links in page history, watchlist and
recentchanges should specify current ID explicitly.
* (bug 2609) Fix text justification preferenced with MonoBook skin.
* (bug 2594) Display article tab as red for non-existent articles.
* (bug 2656) Fix regression: prevent blocked users from reverting images
* (bug 2629) Automatically capitalize usernames again instead of
rejecting lowercase with a useless error message
* (bug 2661) Fix link generation in contribs
* Add support for &preload=Page_name (load text of an existing page into
edit area) and &editintro=Page_name (load text of an existing page instead
of MediaWiki:Newpagetext) to &action=edit, if page is new.
* (bugs 2633, 2672, 2685, 2695) Fix Estonian, Portuguese, Italian, Finnish and
Spanish numeric formatting
* Fixed Swedish numeric formatting
* (bug 2658) Fix signature time, localtime to match timezone offset again
* Files from shared repositories (e.g. commons) now display with their
image description pages when viewed on local wikis.
* Restore compatibility namespace aliases for French Wikipedia
* Fix diff order on Enhanced RC 'changes' link
* (bug 2650) Fix national date type display on wikis that don't support
dynamic date conversion.
* FiveUpgrade: large table hacks, install iw_trans update before links
* (bug 2648) Rename namespaces in Afrikaanse
* Special:Booksources checks if custom list page exists before using it
* (bug 1170) Fixed linktrail for da: and ru:
* (bug 2683) Really fix apostrophe escaping for toolbox tips
* (bug 923) Fix title and subtitle for rclinked special page
* (bug 2642) watchdetails message in several languages used <a></a> instead of
[ ]
* (bug 2181) basic CSB language localisation by Tomasz G. Sienicki (thanks for
the patch)
* Fix correct use of escaping in edit toolbar bits
* Removed language conversion support from Icelandic
* (bug 2616) Fix proportional image scaling, giving correct height
* (bug 2640) Include width and height attributes on unscaled images
* Workaround for mysterious problem with bogus epoch If-Last-Modified reqs
* (bug 1109) Suppress compressed output on 304 responses
* (bug 2674) Include some site configuration info in export data:
namespaces definitions, case-sensitivity, site name, version.
* Use xml:space="preserve" hint on export <text> elements
* Make language variant selection work again for zh
== Changes since 1.5beta2 ==
* Escaped & correctly in Special:Contributions
* (bug 2534) Hide edit sections with CSS to make right click to edit section
work
* (bug 2708) Avoid undefined notice on cookieless login attempt
* (bug 2188) Correct template namespace for Greek localization
* Fixed number formatting for Dutch
* (bug 1355) add class noprint to commonPrint.css
* (bug 2350) Massive update for Limburgish (li) language using Wikipédia
* Massive update for Arab (ar) language using Wikipédia
* (bug 1560) Massive update for Kurdish (ku) language using Wikipédia
* (bug 2709) Some messages were not read from database
* (bug 2416) Don't allow search engine robots to index or follow nonexisting
articles
* Fix escaping in page move template.
* (bug 153) Discrepancy between thumbnail size and <img> height attribute
== Changes since 1.5beta3 ==
* Fix talk page move handling
* (bug 2721) New language file for Vietnamese with the Vietnamese number
notation
* (bug 2749) would appear as a literal in image galleries for Cs, Fr,
Fur, Pl and Sv
* (bug 787) external links being rendered when they only have one slash
* Fixed a missing typecast in Language::dateFormat() that would cause some
interesting errors with signitures.
* (bug 2764) Number format for Nds
* (bug 1553) Stop forcing lowercase in Monobook skin for German language.
* (bug 1064) Implements Special:Unusedcategories
* (bug 2311) New language file for Macedonian
* Fix nohistory message on empty page history
* Fix fatal error in history when validation on
* Cleaned up email notification message formatting
* Finally fixed Special:Disambiguations that was broke since SCHEMA_WORK
* (bug 2761) fix capitalization of "i" in Turkish
* (bug 2789) memcached image metadata now cleared after deletion
* Add serialized version number to image metadata cache records
* (bug 2780) Fix thumbnail generation with GD for new image schema
* (bug 2791) Slovene numeric format
* (bug 655) Provide empty search form when searching for nothing
* Nynorsk numeric format fix
* (bug 2825) Fix regression in newtalk notifications for anons w/ enotif off
* (bug 2833) Fix bug in previous fix
* With $wgCapitalLinks off, accept off-by-first-letter-case in 'go' match
* Optional parameters for [[Special:Listusers]]
* (bug 2832) [[Special:Listadmins]] redirects to [[Special:Listusers/sysop]]
* (bug 785) Parser did not get out of <pre> with list elements
* Some shared upload fixes
* (bug 2768) section=new on nonexistent talk page does not add heading
* support preload= parameter for section=new
* show comment subject in preview when using section=new
* use comment form when creating a new talk page
* (bug 460) Properly handle <center> tags as a block.
* Undo inconsistent editing behavior change
* (bug 2835) Back out fix for bug 2802, caused regressions in category sort
* PHP 4.1.2 compatibility fix: define floatval() equivalent if missing
* (bug 2901) Number format for Catalan
* Special:Allpages performance hacks: index memcached caching, removed
inverse checkbox, use friendlier relative offsets in index build
* Bring back "Chick" skin for mobile devices. It needs testing.
* Fix spelling of $wgForwardSearchUrl in DefaultSettings.php
* Specify USE INDEX on Allpages chunk queries, sometimes gets lost
due to bogus optimization
* (bug 275) Section duplication fix
* Remove unused use of undefined variable in UserMailer
* Fix notice on search index update due to non-array
* (bug 2885) Fix fatal errors and notices in PHP 5.1.0beta3
* (bug 2931) Fix additional notices on reference use in PHP 4.4.0
* (bug 2774) Add three new $wgHooks to LogPage which enable extensions to add
their own logtypes, see extensions/Renameuser/SpecialRenameuser.php for an
example of this.
* (bug 740) Messages from extensions now appear in Special:Allmessages
* (bug 2857) fixed parsing of lists in <pre> sections
* (bug 796) Trackback support
* Fix 1.5 regression: weird, backwards diff links on new pages in enhanced RC
are now suppressed as before.
* New skin: Simple
* "uselang" and "useskin" URL parameters can now be used in the URL when
viewing a page, to change the language and skin of a page respectively.
* Skins can now be previewed in preferences
* (bug 2943) AuthPlugin::getCanonicalName() name canonicalization hook,
patch from robla
* Wrap revision insert & page update in a transaction, rollback on late
edit conflict.
* (bug 2953) 'other' didn't work in Special:Blockip when localized
* (bug 2958) Rollback and delete auto-summary should be in the project's
content language
* Removed useless protectreason message
* Spelling fix: $wgUrlProtcols -> $wgUrlProtocols
* Switch Moldovan local name to cyrillic
* Fix typo in undefined array index access prevention
* (bug 2947) Update namespaces for sr localization
* (bug 2952) Added Asturian language file with translated namespaces
* (bug 2676) Apply a protective transformation on editing input/output
for browsers that hit the Unicode blacklist. Patch by plugwash.
* (bug 2999) Fix encoding conversion of pl_title in upgrade1_5.php
* compressOld.php disabled, as it's known to be broken.
=== Changes since 1.5beta4 ===
* Fix Special:Allmessages under PHP 5
* (bug 2911) Special:Watchlist allowed only one type of limit at a time
* (bug 693) Special:Allmessages is excessively wide and redundant
* (bug 3001) Updated and applied live hack for recentchanges-based watchlist
* (bug 145) Finish 'exclude redirect' implementation in search form
* Rearranged Special:Movepage form to reduce confusion between destination
title and reason input boxes
* (bug 2527) Always set destination filename when new file is selected
* (bug 3056) MySQL 3 compatibility fix: USE INDEX instead of FORCE INDEX
* PHP 4.1 compatibility fix: don't use new_link parameter to mysql_connect
if running prior to 4.2.0 as it causes the call to fail
* (bug 3117) Fix display of upload size and type with tidy on
* (bug 1487) invalid html on empty list in banlist
* (bug 3017) Hotkey conflict for delete and show changes
* made pixel unit translateable and blocklistline now eats infiniteblock
and expiringblock
* (bug 3092) Wrong numerical separator for big numbers in Serbian.
* (bug 2855) Credit for a uniq author showed its realname even with
$wgAllowRealName=false.
* New special page: SpecialMostlinked
* (bug 2393) Fix MIME type for Atom feeds ( application/rss+atom )
* Fix display of read-only lockfile message
* Added a new hook, 'AddNewAccount', which is run after account creation
* Update all stats fields on recount.sql
* Include software-visible client IP address in Special:Version comment
as a proxy debugging aid
* (bug 3162) Fix 'undefined property page_is_new' error on watchlist
* (bug 1734) granting db permissions failed with db usernames containg '-'
* (bug 3170) wikititlesuffix was removed, use pagetitle instead
* (bug 3187) watchlist text refer to unexistent "Stop watching" action
* (bug 3190) Added some date format choices for language sr
* (bug 1334) LanguageGa.php update
* (bug 1020) Changing user interface language does not work immediately
* (bug 2753) Some namespaces were not translated in LanguageTa.php (Tamil)
* (bug 3204) Fix typo breaking special pages in fy localization
* (bug 3210) Fix Media: links with remote image URL path
* (bug 3220) Fix escaping of block URLs in Recentchanges
* (bug 3238): Updated LanguageNn.php for 1_5 branch
* (bug 3192): properly check 'limit' parameter on Special:Contributions
* (bug 3244) Fix remote image loading hack, JavaScript injection on MSIE
* Fix URL sanitization in HTML attributes, which broke in this branch
* (bug 3475) anon contrib links on Special:Newpages
=== Changes since 1.5rc2 ===
* Fix upgrade from 1.4 due to version number check breakage
* Fix upgrade from 1.4 with no old revisions
* (bug 2108) Sort entries when using category browser
* XSS issue : now sanitize search query input
=== Changes since 1.5rc3 ===
* (bug 3280) Respect 'move' group permission on page moves
* (bug 2885) More PHP 5.1 fixes: skin, search, log, undelete
* Security fix for <math>
* Security fix for tables
=== Changes since 1.5rc4 ===
* (bug 3292) Fix move-over-redirect test when current entries are not plaintext
* (bug 2078) Don't hide watch tab on preview
* (bug 3306) Document $wgLocalTZoffset
* Support SVG rendering with rsvg
* Cap arbitrary SVG renders to given image size or $wgSVGMaxSize pixels wide
* (bug 3127) Render large SVGs at image page size correctly
* (bug 3448) Set page_len on undelete
* (bug 2800) Don't scale up small iamges on |thumb| without explicit size
* Use the real file link instead of the default-size rasterized version for
large SVG images on image description page
* Include the file name/type/size line for non-resized images
* (bug 3412) Clean up date format handling so ~~~~-sigs work with default
format as designed. Documentation comments updated.
* (bug 1423) LanguageJa.php update
* (bug 3405) Don't use raw letters as aliases of MSGNW: and SUBST:
* (bug 3485) Fix bogus warning about filename capitalization when off
* (bug 2792) Update rebuildrecentchanges.inc for new schema
* Special:Import/importDump fixes: report XML parse errors, accept <minor/>
* (bug 3489) PHP 5.1 compat problem with captioned images
* (bug 3350) Missing label for move talk page checkbox.
* (bug 2570) Add 'watch this page' checkbox on uploads, watch uploads
by default when 'watchdefault' option is on
* (bug 3182) Clear link cache during import to prevent memory leak
* (bug 3573) Full Greek Translation
* (bug 3595) Warn and abort if importDump.php called in read-only mode.
* (bug 3598) Update message cache on message page deletion, patch by Tietew
* Blacklist additional MSIE CSS safety tricks
=== Changes since 1.5.0 ===
* (bug 3629) Fix date & time format for Frisian
* (bug 3641) Fix handling of unrecognized file uploads with known extensions
* (bug 3643) Fix image page display of large images with resizing disabled
* Fix meta robots tag on Special:Version again to avoid listing vulnerable
versions for convenient harvesting by automated worms
* (bug 3684) Fix typo in fatal error backtraces in Hooks.php
* Backport fix for reference usage notice in Special:Search on PHP 4.4.0
* Backport database connect error display fix from HEAD
* (bug 2773) Print style sheet no longer overrides RTL text direction
* MonoBook skin top link id changed from "contentTop" to "top" (shared with
name attribute)
* Wrap message page insertions in a transaction to speed up installation
* Fix Special:MovePage invalid HTML attribute for reason textarea
* Avoid notice warning on edit with no User-Agent header
* (bug 3734) Swapped out obsolete recount.sql with initStats.php
* (bug 3735) Fix to run under MySQL 5's strict mode
* (bug 3786) Experimental support for MySQL 4.1/5.0 utf8 charset mode
NOTE: Enabling this may break existing wikis, and still doesn't
work for all Unicode characters due to MySQL limitations.
* Sanitizer CSS comment processing order fix
=== Changes since 1.5.1 ===
* Fix Special:BrokenRedirects on MySQL 5.0
* (bug 3809) Backport fix for detecting diff3 failure
* MySQL 5.0 strict mode fix for moving unwatched pages
* (bug 3782) Throw fatal installation warning if mbstring.func_overload on.
Why do people invent these crazy options that change language semantics?
* (bug 3762) Define missing Special:Import UI messages
* (bug 3771) Handle internal functions in backtrace in wfAbruptExit()
* (bug 3649) Remove obsolete, broken moveCustomMessages script
* (bug 3667) Add missing global in page move code
* (bug 3761) Avoid deprecation warnings in Special:Import
* (bug 2885) Remove unnecessary reference parameter which broke classic skin
talk notification on PHP 5.0.5
* (bug 3845) Update attribute.php for 1.5 schema
* Fix Parser::unstrip on PHP 4.4.1 and PHP 5.1.0RC4
=== Changes since 1.5.2 ===
* (bug 3612) Remove old broken version of maintenance/compressOld.php
The working version is in maintenance/storage/compressOld.php
* (bug 2740) Accept image deletions on 'enter' submit from MSIE
* (bug 3933) specify XML namespace for Atom 0.3 feeds
* (bug 3939) Don't try to load text for interwiki redirect target
* (bug 3948) Avoid notice warning in debug statement in bad search
* Recognize Special:Search consistently so read whitelist works
* (bug 4013) typo in fr
* (bug 3996) Fix text for new entries in RC RSS/Atom feed
* (bug 2894) Enhanced Recent Changes link fixes
* (bug 3065) Update both watched namespaces when renaming pages
* Move parentheses out of <a> link in Special:Contributions
* (bug 4071) Generate passwords long enough for $wgMinimalPasswordLength
* (bug 4035) Fix prev/next revision links on edit page
* (bug 4165) Correct validation for user language selection (data taint)
* Clearer message in DefaultSettings.php: edit LocalSettings.php instead
=== Changes since 1.5.3 ===
* (bug 3805) Clear 'new messages' flag properly in enotif mode
for usernames containing spaces
* (bug 2714) Backlink from special:whatlinkshere was hard set as 'existing'
* (bug 4249) Typo in entities2literals.pl
* (bug 4233) Update for japanese language
* (bug 4279) Small correction to LanguageDa.php
* (bug 4267) Switch dv sd ug ks arc languages to RTL
* (bug 3991) Allow the operation of wikicode on Protect move only text
* Added AutoAuthenticate hook for external User object suppliers
* Parser internal placeholder string now fully randomized for safety
=== Changes since 1.5.4 ===
* Maintenance script to delete unused user accounts
* Added detection for WMF files (application/x-msmetafile), added this
MIME type to the default blacklist. Prevented inline display of images
which are not of known image types. This is in response to
https://en.wikipedia.org/wiki/Windows_Metafile_vulnerability
=== Changes since 1.5.5 ===
* (bug 4258) When installing under IIS, $wgArticlePath = "$wgScript?title=$1"
should be set
* (bug 4510) Correct Barnes & Noble bookstore URLs
* (bug 4504) Use site language for namespace name resolution
* Installer fixes from HEAD backported; now uses a more sensible method of
establishing which mySQL user to use, which clears up bug 921 et al. Minor
changes to installer.
* Fix problem reported on mailing list where re-initialising stats didn't work
(can't insert duplicate rows with the same id field)
* (bug 1122) gray out 'older revision' when viewing first article revision.
* Respect database prefix in dumpHTML.inc
* Minor improvements to removeUnusedAccounts.php maintenance script
* Fix for single-digit week numbers from {{CURRENTWEEK}}, broken by PHP 4.4.1
* Removed read-only check from Database::query()
* Added --conf option to command line scripts, allowing the user to specify a
different LocalSettings.php.
=== Changes since 1.5.6 ===
* Default main page content improved per bug 4690
* Fix dependence on hardcoded UNIQ_PREFIX in LanguageConverter.php
* Fixed Special:Unlockdb
* Maintenance script to delete unused text records
* Maintenance script to delete non-current revisions
* Maintenance script to wipe a page and all revisions from the database
* (bug 4768) Wrong Russian translation (typo)
* Performance bugfix: propagate equality manually for Revision fetches
* (bug 4773) PHP fatal error when invalid title passed to Special:Export
* Added missing table defs. for transcache to installer schemas
* (bug 4824) IE7 beta 2 broke compatibility with PNG logo workarounds,
and seems to work ok with other bits. No longer including the IE
workarounds JavaScript for IE 7 and above.
* (bug 2532) Image directory structure migration bug
* (bug 4881) Correction to the fix for 1487; Ipblocklist showed 'no blocks'
message at the end of the list even if there were blocks.
* (bug 4805) Removed more wikipedia-references from LanguageUk.php
* Introduce $wgWantedPagesThreshold per bug 5011; Special:Wantedpages will not
list pages with less than this number of links. Defaults to 1.
* Allow customisation of paging limits for items in categories using the
$wgCategoryPagingLimit global, per bug 4970.
* Improve "nogomatch" text to make it more obvious that a page can be created.
* (bug 5113) Spelling error in French language file
* Don't change the password of the MySQL root user.
=== Changes since 1.5.7 ===
* (bug 5180) User login page shows inappropriate email blurb
* Add the "AbortNewAccount" hook on account creation; see hooks.txt for more
info.
* Update default "exporttext" to reflect that Special:Import exists
* Add links to useful material to the default main page content
* Fix fragment HTML injection
=== Changes since 1.5.8 ===
* Fixed obvious mistakes in Finnish (fi) translation
* Fixed obvious mistakes in Kurdish (ku) translation
* Merge two #p-search .pBody statements i monobook/main.css
* (bug 5156) Update for Hebrew language (he) translation
* Add the "UserRights" hook on user group changes; see hooks.txt for more info.
* Translated "listingcontinuesabbrev" for German
=== Caveats ===
Some output, particularly involving user-supplied inline HTML, may not
produce 100% valid or well-formed XHTML output. Testers are welcome to
set $wgMimeType = "application/xhtml+xml"; to test for remaining problem
cases, but this is not recommended on live sites. (This must be set for
MathML to display properly in Mozilla.)
= MediaWiki 1.4 =
== MediaWiki 1.4.15 ==
(released March 26, 2006) MediaWiki 1.4.15 is a security maintenance release. A
bug in decoding of certain encoded links could allow injection of raw HTML into
page output; this could potentially lead to XSS attacks. Additionally, this
release may display more correctly in IE7 betas.
== MediaWiki 1.4.14 ==
(released January 19, 2006) MediaWiki 1.4.14 is a security and bugfix
maintenance release. A bug in edit comment formatting could send PHP into an
infinite loop if certain malformed links were included. In most installations,
this would cause the script to fail after PHP's 30-second failsafe timeout. For
several other minor fixes, see the complete changelog at the end of this file.
== MediaWiki 1.4.13 ==
(released January 5, 2006) MediaWiki 1.4.13 is a security maintenance
release.Detection for uploads of Windows Metafile (.wmf) images has been added
to help protect against a client-side vulnerability in unpatched Microsoft
Windows operating systems. Sites which have enabled uploads and added
non-standard file types (such as .ogg, .doc, or .pdf) should upgrade to this
release to ensure that malicious .wmf files can't be uploaded with a fake
extension; such files could put visitors to the site at risk. For more details
on this, see: https://en.wikipedia.org/wiki/Windows_Metafile_vulnerability
== MediaWiki 1.4.12 ==
(released 2005-11-02) MediaWiki 1.4.12 is a bugfix and security maintenance
release. A change in PHP 4.4.1 broke handling of extension and
<nowiki><pre></nowiki> sections, causing garbage data to be inserted in output
and saved edits. This version works around the change. This release includes
further corrections to the inline CSS style sanitation which works around a
JavaScript "feature" on Microsoft Internet Explorer. Users of Microsoft
Internet Explorer for Windows may be vulnerable to XSS injections on prior 1.4
releases; users of standards-compliant browsers are not vulnerable.
== MediaWiki 1.4.11 ==
(released 2005-10-05) MediaWiki 1.4.11 is a security maintenance release.
Unsafe handling of CSS by Microsoft Internet Explorer could be exploited to
produce cross-site scripting attacks by JavaScript injection to clients running
that browser. This release blacklists several additional variants from use in
HTML inline style attributes. All publicly accessible wikis are recommended to
upgrade to reduce the risk to visitors using Microsoft web browsers. Note: the
MediaWiki 1.4.x series is not compatible with PHP 5.0.5 or higher. Upgrade to
the 1.5.0 release if you require this version of PHP 5.
== MediaWiki 1.4.10 ==
(released 2005-09-21) MediaWiki 1.4.10 is a security maintenance release. A bug
in edit submission handling could cause corruption of the previous revision in
the database if an abnormal URL was used, such as those used by some spambots.
Affected releases:
* 1.4.x <= 1.4.9; fixed in 1.4.10
* 1.3.x <= 1.3.15; fixed in 1.3.16
1.5 release candidates are not affected by this problem. All publicly editable
wikis are strongly recommended to upgrade immediately.
1.4 releases can be manually patched by changing this bit in EditPage.php:
<syntaxhighlight lang="php">
function importFormData( &$request ) {
if( $request->wasPosted() ) {
</syntaxhighlight>
to:
<syntaxhighlight lang="php">
function importFormData( &$request ) {
if( $request->getVal( 'action' ) == 'submit' && $request->wasPosted() )
{
</syntaxhighlight>
== MediaWiki 1.4.9 ==
(released 2005-08-29) MediaWiki 1.4.9 is a security maintenance release. It
corrects two cross-site scripting security bugs:
* <nowiki><math></nowiki> tags were handled incorrectly when TeX rendering
support is off, as in the default configuration.
* Extension or <nowiki><nowiki></nowiki> sections in Wiki table syntax could
bypass HTML style attribute restrictions for cross-site scripting attacks
against Microsoft Internet Explorer Wikis where the optional math support has
been *enabled* are not vulnerable to the first, but are vulnerable to the
second.
== MediaWiki 1.4.8 ==
(released 2005-08-23) MediaWiki 1.4.8 is a bug fix and security maintenance
release. A flaw in the interaction between extensions and HTML attribute
sanitization was discovered which could allow unauthorized use of offsite
resources in style sheets, and possible exploitation of a JavaScript injection
feature on Microsoft Internet Explorer. This version expands the returned text
and properly checks it before output. Additionally, an update to
skins/MonoBook.php ensures that sites using the default MonoBook skin will
display correctly in the Internet Explorer 7 beta. (1.3 and 1.5 are not
affected by this bug.)
== MediaWiki 1.4.7 ==
(released 2005-07-16)
MediaWiki 1.4.7 is a bug fix release. Those affected by the following problems
in 1.4.6 should upgrade:
* Watchlist breakage on MySQL 3.23.x and with table prefix enabled
* Possible breakage in watchlist, some image resizing modes on PHP 4.1.2 1.4.6
included a fix for a cross-site scripting vulnerability, so anyone running
older 1.4 releases is very strongly encouraged to upgrade as well. Note to
upgraders: this version of MediaWiki is known to produce a large number of
notice-level warnings under the newly released PHP 4.4.0. These appear however
to be harmless; if you encounter them add this to your LocalSettings.php to
suppress the notices: error_reporting( E_ALL & ~E_NOTICE ); PHP 5.1.0beta3 is
known to be incompatible at this time.
== MediaWiki 1.4.6 ==
(released 2005-07-07) MediaWiki 1.4.6 is a bug fix and security update release.
Incorrect escaping of a parameter in the page move template could
be used to inject JavaScript code by getting a victim to visit a maliciously
constructed URL. Users of vulnerable releases are recommended to upgrade to
this release. Vulnerable versions:
* 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3
* 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6
* 1.3 legacy series: not vulnerable This release also includes fixes for some
rare bug annoying HTTP errors, a PHP 4.1.2 breakage bug, and works around some
template limitations introduced in 1.4.5. See the changelog at the end of this
file for a detailed list of bugs fixed.
== MediaWiki 1.4.5 ==
(released 2005-06-03) MediaWiki 1.4.5 is a security update and bugfix release.
Incorrect handling of page template inclusions made it possible to inject
JavaScript code into HTML attributes, which could lead to cross-site scripting
attacks on a publicly editable wiki. Vulnerable releases and fix:
* 1.5 prerelease: fixed in 1.5alpha2
* 1.4 stable series: fixed in 1.4.5
* 1.3 legacy series: fixed in 1.3.13
* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended This
release also includes a number of bug fixes (see changelog below) and merges
some large-server load balancing patches from Wikipedia. An experimental rate
limiter for page edits and moves can be enabled with global, per-IP,
per-subnet, or per-user bases. See configuration options in
includes/DefaultSettings.php
== MediaWiki 1.4.4 ==
(released 2005-05-04) MediaWiki 1.4.4 is a bugfix release for the 1.4 stable
release series. Some bugs in the installer/updater and refreshLinks maintenance
script were introduced in the last release and have been corrected.
== MediaWiki 1.4.3 ==
(released 2005-04-28)
MediaWiki 1.4.3 is a bugfix release for the 1.4 stable release series.
Chiefly, this fixes a compatibility problem with PHP 5 and a minor link
table corruption bug on initial page save.
== MediaWiki 1.4.2 ==
(released 2005-04-20)
MediaWiki 1.4.2 is a security and bug fix release for the 1.4 stable release
series.
A cross-site scripting injection vulnerability was discovered, which
affects only MSIE clients and is only open if MediaWiki has been
manually configured to run output through HTML Tidy ($wgUseTidy).
Several other bugs are fixed in this release, see the changelog below.
All new installations are highly recommended to use 1.4.2 instead of
1.3.x; 1.3.x users should consider upgrading for bug fixes and new
features. Ealier 1.4.x release and beta users should upgrade to this
release for relevant bug fixes; see the changelog later in this file.
If you have trouble, remember to read this whole file and the online FAQ page
before asking for help:
https://www.mediawiki.org/wiki/Manual:FAQ
=== READ THIS FIRST: Upgrading ===
If upgrading from an older release, see the notes in the file UPGRADE.
There are a couple of minor database changes from the beta releases,
and somewhat larger changes from 1.3.x.
Upgrading from a previous 1.4.x stable release installation should
generally only require copying the new files over the old ones.
==== READ THIS FIRST, TOO: MySQL 4.1 AND 5.0 ====
MySQL 5.0 is a beta release, not yet ready for production use. If you
are using it, the notes below about 4.1 apply to you too.
If you have the choice of MySQL 4.0 or MySQL 4.1 and don't need 4.1 for
some other application, you should consider sticking with 4.0 for the
moment. 4.1 may require you to do extra fiddling to get things to work
due to changes that aren't fully backwards-compatible.
MySQL 4.1 has changed the authentication protocol in an incompatible
way; many PHP installations still use the older client libraries and
CANNOT CONNECT TO THE SERVER WITH A PASSWORD without some changes.
See: http://dev.mysql.com/doc/mysql/en/Old_client.html
If MySQL is set with utf-8 as the default character set, installation
may fail with "key too long" errors. Set the default charset to 'latin1'
for installation and it should work.
The mysqldump backup generator now applies an automatic conversion to
UTF-8, which may irretrivably corrupt your data. Pass the -charset option
with the original default charset (eg 'latin1') to skip the conversion.
==== READ THIS FIRST IF RUNNING ON A WINDOWS SERVER ====
MediaWiki is tested and deployed primarily under the Apache web server
on Linux Unix systems. There are known to be problems running on
Microsoft's IIS which are not fully resolved. If you have a choice,
try running under Apache on Windows, or on a Unix/Linux box instead.
If you're having trouble with blank pages on IIS and can't switch,
try the workaround suggested in this bug report:
http://bugzilla.wikimedia.org/show_bug.cgi?id=1763
=== New features ===
* 'Recentchanges Patrol' to mark new edits that haven't yet been viewed.
* New, searchable deletion/upload/protection logs
* Image gallery generation (Special:Newimages and <gallery> tag)
* SVG rasterization support (requires external support tools)
* Users can select from the available localizations to override the
default user interface language.
* Traditional/Simplified Chinese conversion support
* rel="nofollow" support to combat linkspam
The current implementation adds this attribute to _all_ external URL
links in wiki text (but not internal [[wiki links]] or interwiki links).
To disable the attribute for _all_ external links, add this line to your
LocalSettings.php:
$wgNoFollowLinks = false
For background information on nofollow see:
http://www.google.com/googleblog/2005/01/preventing-comment-spam.html
=== Installation and compatibility ===
* The default MonoBook theme now works with PHP 5.0
* Installation on systems with PHP's safe mode or other oddities
should work more reliably, as MonoBook no longer needs to
create a compiled template file for the wiki to run.
* A table prefix may be specified, to avoid conflicts with other
web applications forced to share a database.
* More thorough UTF-8 input validation; fixes non-ASCII uploaded
filenames from Safari.
* Command-line database upgrade script.
=== Customizability ===
* Default user options can now be overridden in LocalSettings.
* Skins system more modular: templates and CSS are now in /skins/
New skins can be dropped into this directory and used immediately.
* More extension hooks have been added.
* Authentication plugin hook.
* More internal code documentation, generated with phpdoc:
https://doc.wikimedia.org/mediawiki-core/master/php/html/
=== Optimization ===
* For many operations, MediaWiki 1.4 should run faster and use
less memory than MediaWiki 1.3. Page rendering is up to twice
as fast. (Use a PHP accelerator such as Turck MMCache for best
results with any PHP application, though!)
* The parser cache no longer requires memcached, and is enabled
by default. This avoids a lot of re-rendering of pages that
have been shown recently, greatly speeding longer page views.
* Support for compiled PHP modules to speed up page diff and
Unicode validation/normalization. (Requires ability to compile
and load PHP extensions).
=== What isn't ready yet ===
* A new user/groups permissions scheme has been held back to 1.5.
* An experimental SOAP interface will be made available as an extension
* PostgreSQL support is largely working, minus search and the installer.
You can perform a manual installation.
* E-mail notification of watched page changes and verification of
user-submitted e-mail addresses is not yet included.
* Log pages are not automatically imported into the new log table
at upgrade time. A script to import old text log entries is
incomplete, but may be available in later point releases.
* Some localizations are still incomplete.
== Changelog ==
=== Important security updates ===
A security audit found and fixed a number of problems. Users of MediaWiki
1.3.10 and earlier should upgrade to 1.3.11; users of 1.4 beta releases
prior to 1.4rc1 should upgrade immediately.
==== Cross-site scripting vulnerability ====
XSS injection points can be used to hijack session and authentication
cookies as well as more serious attacks.
* Media: links output raw text into an attribute value, potentially
abusable for JavaScript injection. This has been corrected.
* Additional checks added to file upload to protect against MSIE and
Safari MIME-type autodetection bugs.
As of 1.3.10/1.4beta6, per-user customized CSS and JavaScript is disabled
by default as a general precaution. Sites which want this ability may set
$wgAllowUserCss and $wgAllowUserJs in LocalSettings.php.
==== Cross-site request forgery ====
An attacker could use JavaScript-submitted forms to perform various
restricted actions by tricking an authenticated user into visiting
a malicious web page. A fix for page editing in 1.3.10/1.4beta6 has
been expanded in this release to other forms and functions.
Authors of bot tools may need to update their code to include the
additional fields.
==== Directory traversal ====
An unchecked parameter in image deletion could allow an authenticated
administrator to delete arbitrary files in directories writable by the
web server, and confirm existence of files not deletable.
==== Older issues ====
Note that 1.4 beta releases prior to beta 5 include an input validation
error which could lead to execution of arbitrary PHP code on the server.
Users of older betas should upgrade immediately to the current version.
Beta 6 also introduces the use of rel="nofollow" attributes on external
links in wiki pages to reduce the effectiveness of wiki spam. This will
cause participating search engines to ignore external URL links from wiki
pages for purposes of page relevancy ranking.
=== Misc bugs fixed in beta 1 ===
* (bug 95) Templates no longer limited to 5 inclusions per page
* New user preference for limiting the image size for images on image
description pages
* (bug 530) Allow user to preview article on first edit
* (bug 479) [[RFC 1234]] will now make an internal link
* (bug 511) PhpTal skins shown bogus 'What links here' etc on special pages
* (bug 770) Adding filter and username exact search match for Special:Listusers
* (bug 733) Installer die if it can not write LocalSettings.php
* (bug 705) Various special pages no more show the rss/atom feed links
* (bug 114) use category backlinks in Special:Recentchangeslinked
=== Beta 2 fixes ===
* (bug 987) Reverted bogus fix for bug 502
* (bug 992) Fix enhanced recent changes in PHP5
* (bug 1009) Fix Special:Makesysop when using table prefixes
* (bug 1010) fix broken Commons image link on Classic & Cologne Blue
* (bug 985) Fix auto-summary for section edits
* (bug 995) Close <a> tag
* (bug 1004) renamed norsk language links (twice)
* Login works again when using an old-style default skin
* Fix for load balancing mode, notify if using old settings format
* (bug 1014) Missing image size option on old accounts handled gracefully
* (bug 1027) Fix page moves with table prefix
* (bug 1018) Some pages fail with stub threshold enabled
* (bug 1024) Fix link to high-res image version on Image: pages
* (bug 1016) Fix handling of lines omitting Image: in a <gallery> tag
* security fix for image galleries
* (bug 1039) Avoid error message in certain message cache failure modes
* Fix string escaping with PostgreSQL
* (bug 1015) [partial] -- use comment formatter on image gallery text
* Allow customization of all UI languages
* use $wgForceUIMsgAsContentMsg to make regular UI messages act as content
* new user option for zh users to disable language conversion
* Defer message cache initialization, shaving a few ms off file cache hits
* Fixed Special:Allmessages when using table prefixes
* (bug 996) Fix $wgWhitelistRead to work again
* (bug 1028) fix page move over redirect to not fail on the unique index
=== Beta 3 fixes ===
* Hide RC patrol markers when patrol is disabled or not allowed to patrol.
* Fix language selection for upgraded accounts
* (bug 1076) navigation links in QueryPage should be translated by wgContLang.
* (bug 922) bogus DOS line endings in LanguageEl.php
* Fix index usage in contribs
* Caching and load limiting options for Recentchanges RSS/Atom feed
* (bug 1074) Add stock icons for non-image files in gallery/Newimages
* Add width and height attributes on thumbs in gallery/Newimages
* Enhance upload extension blacklist to protect against vulnerable
Apache configurations
=== Beta 4 fixes ===
* (bug 1090) Fix sitesupport links in CB/classic skins
* Gracefully ignore non-legal titles in a <gallery>
* Fix message page caching behavior when $wgCapitalLinks is turned off
after installation and the wiki is subsequently upgraded
* Database error messages include the database server name/address
* Paging support for large categories
* Fix image page scaling when thumbnail generation is disabled
* Select the content language in prefs when bogus interface language is set
* Fix interwiki links in edit comments
* Fix crash on banned user visit
* Avoid PHP warning messages when thumbnail not generated
* (bug 1157) List unblocks correctly in Special:Log
* Fix fatal errors in LanguageLi.php
* Undo overly bright, difficult to read colors in Cologne Blue
* (bug 1162) fix five-tilde date inserter
* Add raw signatures option for those who simply must have cute sigs
* (bug 1164) Let wikitext be used in Loginprompt and Loginend messages
* Add the dreaded <span> to the HTML whitelist
* (bug 1170) Fix Russian linktrail
* (bug 1168) Missing text on the bureaucrat log
* (bug 1180) Fix Makesysop on shared-user-table sites
* (bug 1178) Fix previous diff link when using 'oldid=0'
* (bug 1173) Stop blocked accounts from reverting/deleting images
* Keep generated stylesheets cache-separated for each user
* (bug 1175) Fix "preview on first edit" mode
* Fix revert bug caused by bug 1175 fix
* Fix CSS classes on minor, new, unpatrolled markers in enhanced RC
* Set MySQL 4 boolean search back to 'and' mode by default
* (bug 1193) Fix move-only page protection mode
* Fix zhtable Makefile to include the traditional manual table
* Add memcache timeout for the zh conversion tables
* Allow user customization of the zh conversion tables through
MediaWiki:zhconversiontable
* Add zh-min-man (back) to language names list
* Ported $wgCopyrightIcon setting from REL1_3A
* (bug 1218) Show the original image on image pages if the thumbnail would be
bigger than the original image
* (bug 1213) i18n of Special:Log labels
* (bug 1013) Fix jbo, minnan in language names list
* Added magic word MAG_NOTITLECONVERT to indicate that the title of the page
do not need to be converted. Useful in zh:
* (bug 1224) Use proper date messages for date reformatter
* (bug 1241) Don't show 'cont.' for first entry of the category list
* (bug 1240) Special:Preferences was broken in Slovenian locale when
$wgUseDynamicDates is enabled
* Added magic word MAG_NOCONTENTCONVERT to suppress the conversion of the
content of an article. Useful in zh:
* write-lock for updating the zh conversion tables in memcache
* recursively parse subpages of MediaWiki:Zhconversiontable
* (bug 1144) Fix export for fy language
* make removal of an entry from zhconversiontable work
* (bug 752) Don't insert newline in link title for url with %0a
* Fix missing search box contents in MonoBook skin
* Add option to forward search directly to an external URL (eg google)
* Correctly highlight the fallback language variant when the selected
variant is disabled. Used in zh: only for now.
=== Beta 5 fixes ===
* (bug 1124) Fix ImageGallery XHTML compliance
* (bug 1186) news: in the middle of a word
* (bug 1283) Use underlining and borders to highlight additions/deletions
in diff-view
* Use user's local timezone in Special:Log display
* Show filename for images in gallery by default (restore beta 3 behavior)
* (bug 1201) Double-escaping in brokenlinks, imagelinks, categorylinks,
searchindex
* When using squid reverse proxy, cache the redirect to the Main_Page
* (bug 1302) Fix Norwegian language file
* (bug 1205) Fix broken article saving in PHP 5.1
* (bug 1206) Implement CURRENTWEEK and CURRENTDOW magic keyword (will give
number of the week and number of the day).
* (bug 1204) Blocks do not expire automatically
* (bug 1184) expiry time of indefinite blocks shown as the current time
* (bug 1317) Fix external links in image captions
* (bug 1084) Fix logo not rendering centrally in IE
* (bug 288) Fix tabs wrapping in IE6
* (bug 119) Fix full-width tabs with RTL text in IE
* (bug 1323) Fix logo rendering off-screen in IE with RTL language
* Show "block" link in Special:Recentchanges for logged in users, too, if
wgUserSysopBans is true.
* (bug 1326) Use content language for '1movedto2' in edit history
* zh: Fix warning when HTTP_ACCEPT_LANGUAGE is not set
* zh: Fix double conversion for zh-sg and zh-hk
* (bug 1132) Fix concatenation of link lists in refreshLinks
* (bug 1101) Fix memory leak in refreshLinks
* (bug 1339) Fix order of @imports in Cologne Blue CSS
* Don't try to create links without namespaces ([[Category:]] link bug)
* Memcached data compression fixes
* Several valid XHTML fixes
* (bug 624) Fix IE freezing rendering whilst waiting for CSS with MonoBook
* (bug 211) Fix tabbed preferences with XHTML MIME type
* Fix for script execution vulnerability.
=== Beta 6 fixes ===
* (bug 1335) implement 'tooltip-watch' in Language.php
* Fix linktrail for nn: language
* (bug 1214) Fix prev/next links in Special:Log
* (bug 1354) Fix linktrail for fo: language
* (bug 512) Reload generated CSS on preference change
* (bug 63) Fix displaying as if logged in after logout
* Set default MediaWiki:Sitenotice to '-', avoiding extra database hits
* Skip message cache initialization on raw page view (quick hack)
* Fix notice errors in wfDebugDieBacktrace() in XML callbacks
* Suppress notice error on bogus timestamp input (returns epoch as before)
* Remove unnecessary initialization and double-caching of parser variables
* Call-tree output mode for profiling
* (bug 730) configurable $wgRCMaxAge; don't try to update purged RC entries
* Add $wgNoFollowLinks option to add rel="nofollow" on external links
(on by default)
* (bug 1130) Show actual title when moving page instead of encoded one.
* (bug 925) Fix headings containing <math>
* (bug 1131) Fix headings containing interwiki links
* (bug 1380) Update Nynorsk language file
* (bug 1232) Fix sorting of cached Special:Wantedpages in miser mode
* (bug 1217) Image within an image caption broke rendering
* (bug 1384) Make patrol signs have the same width for page moves as for edits
* (bug 1364) fix "clean up whitespace" in Title:SecureAndSplit
* (bug 1389) i18n for proxyblocker message
* Add fur/Furlan/Friulian to language names list
* Add TitleMoveComplete hook on page renames
* Allow simple comments for each translation rules in MW:Zhconversiontable
* (bug 1402) Make link color of tab subject page link on talk page indicate
whether article exists
* (bug 1368) Fix SQL error on stopword/short word search w/ MySQL 3.x
* Translated Hebrew namespace names
* (bug 1429) Stop double-escaping of block comments; fix formatting
* (bug 829) Fix URL-escaping on block success
* (bug 1228) Fix double-escaping on & sequences in [enclosed] URLs
* (bug 1435) Fixed many CSS errors
* (bug 1457) Fix XHTML validation on category column list
* (bug 1458) Don't save if edit form submission is incomplete
* Logged-in edits and preview of user CSS/JS are now locked to a session token.
* Per-user CSS and JavaScript subpage customizations now disabled by default.
They can be re-enabled via $wgAllowUserJs and $wgAllowUserCss.
* Removed .ogg from the default uploads whitelist as an extra precaution.
If your web server is configured to serve Ogg files with the correct
Content-Type header, you can re-add it in LocalSettings.php:
$wgFileExtensions[] = 'ogg';
=== RC1 fixes ===
* Fix notice error on nonexistent template in wikitext system message
* (bug 1469) add missing <ul> tags on Special:Log
* (bug 1470) remove extra <ul> tags from Danish log messages
* Fix notice on purge w/ squid mode off
* (bug 1477) hide details of SQL error messages by default
Set $wgShowSQLErrors = true for debugging.
* (bug 1430) Don't check for template data when editing page that doesn't exist
* Recentchanges table purging fixed when using table prefix
* (bug 1431) Avoid redundant objectcache garbage collection
* (bug 1474) Switch to better-cached index for statistics page count
* Run Unicode normalization on all input fields
* Fix translation for allpagesformtext2 in LanguageZh_cn and LanguageZh_tw
* Block image revert without valid login
* (bug 1446) stub Bambara (bm) language file using French messages
* (bug 1432) Update Estonian localization
* (bug 1471) unclosed <p> tag in Danish messages
* convertLinks script fixes
* Corrections to template loop detection
* XHTML encoding fix for usernames containing & in Special:Emailuser
* (for zh) Search for variant links even when conversion is turned off,
to help prevent duplicate articles.
* Disallow ISO 8859-1 C1 characters and "no-break space" in user names
on Latin-1 wikis.
* Correct the name of the main page it LanguageIt
* Allow Special:Makesysop to work for usernames containing SQL special
characters.
* Fix annoying blue line in Safari on scaled-down images on description page
* Increase upload sanity checks
* Fix XSS bug in Media: links
* Add cross-site form submission protection to various actions
* Fix fatal error on some dubious page titles
* Stub threshold displays correctly again
=== 1.4.0 final fixes ===
* (bug 65) Fix broken interwiki link encoding on Latin-1 wikis; force to UTF-8
* (bug 563) Fix UTF-8 interwiki URL redirects via Latin-1 wikis
* (bug 1536) Fix page info
* Support os (Ossetic) as language code, using Russian localization base
* (bug 1610) Support non (Old Norse) as language code, using Icelandic
localization base
* (bug 1618) Properly list custom namespaces in Special:Allpages
* (bug 1622) Remove trailing' >' when using category browser
* (bug 1570) Fix php 4.2.x error on conflict merging
* (bug 1585) Fix page title on post-login redirection page
* Run UTF-8 validation on old text in Recentchanges RSS diffs
* (bug 1642) fix a mime type typo in img_auth.php
* Automated interwiki redirects only for local interwikis
* Respect read-only mode on block removals
* Trim old illegal characters from syndication feeds
* Reduce message cache outage recovery delay from 1 day to 5 minutes
* (bug 1403) Update Finnish localization
* (bug 1478) Punjabi localization
* (bug 1667) Update script 5 second countdown.
* (bug 1057) Fix logging table encoding (error on MySQL 4.1)
* (bug 1680) Fix linktrail for fo
* (bug 1653) Removing hardcoded messages in Special:Allmessages
* (bug 1594) Render a hyphen in a formula as − in HTML
* (bug 1495) Fall back to default language MediaWiki: for custom messages
* (bug 1617) Show different error messages for "user does not
exist" and "wrong password" when using AuthPlugin
* (bug 1532), (bug 1544) Changed language names for
'bn', 'bo', 'dv', 'dz', 'ht', 'ii', 'li', 'lo', 'ng', 'or', 'pa', 'si',
'ti', 've'
* Fix editing on non-Esperanto wiki with user language pref set to Esperanto
* Make conversion table for zh-sg default to zh-cn, and zh-hk default to zh-tw
* Fix PHP notice in MonoBook when counters disabled
* (bug 1696) Update namespaces, dates in uk localization
* (bug 551) Installer warns about magic_quotes_runtime and magic_quotes_sybase
instead of trying to install with corrupt table files
* Installer no longer tries to move non-default MediaWiki: pages into Template:
* User-to-user email disabled by default ($wgEnableUserEmail)
=== 1.4.1 fixes ===
* (bug 1720) fix genitive month names for uk
* (bug 1704) fixed untranslateable string in Special:Log
* (bug 1638) Added Belrusian language file
* (bug 1736) typo in SpecialValidate.php
* (bug 73) Upload doesn't run edit updates on description page (links,
search index and categories)
* (bug 646) <math> fails to recognize \ll and \gg
* (bug 926) \div element from TeX not supported in <math> element
* (bug 1147) add \checkmark to whitelist in texutil.ml
* (bug 937) \limits function from LaTeX not supported in <math> element
* Support for manually converting article title to different Chinese
variants (for zh)
* (bug 1488, bug 1744) Fix encoding for preferences, dates in Latin-1 mode
* (bug 1042) Fix UTF-8 case conversion for PHP <4.3 with mbstring extension
* Fix code typo that broke article credits display
* Installation fixes for running under IIS
* (bug 1556) login page tab order. "remember" checkbox now come after password.
* SQL debug log fixlets
* (bug 1815) Fix namespace in old revision display with mismatched title
* (bug 1788) Fix link duplication when edit/upload comment includes newlines
* Change default on $wgSysopUserBans and $wgSysopRangeBans to true
* Fix link conversion for URL request
* (bug 1851) Updated download URL for the SCIM packages used by zhtable
* (bug 1853) Try stripping quotes from term for 'go' title match
* Fix missing function in Latin1 mode
* (bug 1860) Anchors of interwiki links did not get normalized
* (bug 1847) accept lowercase x in ISBN, do not accept invalid A-W,Y,Z
* Fix link conversion for URL request, hopefully without breaking the wiki
* (bug 1849) New option allows to consider categorized images as used on
Special:Unusedimages
* Localized category namespace for ka (Georgian)
* (bug 1107) Work around includes problem in installer when parent dir is not
readable by the web server
* (bug 1927) Incorrect escaping on wikitext message in Blockip
=== 1.4.2 fixes ===
* Fix math options in Finnish localization
* Use in-process Tidy extension if available when $wgUseTidy is on
* (bug 1933) Fix PATH_INFO usage under IIS with PHP ISAPI module
* (bug 1188) <nowiki> in {{subst:}} includes fixed
* (bug 1936) <!-- comments --> in {{subst:}} includes fixed
* Fix a potential MSIE JavaScript injection vector in Tidy mode
=== 1.4.3 fixes ===
* (bug 1636) Refs like ţ were misinterpreted as octal in some places
* (bug 1163) Special:Undelete showed oldest revision instead of newest
* (bug 1938) Fix escaping of illegal character references in link text
* (bug 1997) Fix for error on display of renamed items in Recentchanges on PHP5
* (bug 1949) Profiling typo in rare error case
* (bug 1963) Fix deletion log link when $wgCapitalLinks is off
* (bug 1970) Don't show move tab for immobile pages
* (bug 1770) Page creation recorded links from the 'newarticletext' message
* Optional change to the site_stats table. When applied, this removes the need
for expensive queries in Special:Statistics.
=== 1.4.4 fixes ===
* (bug 725) Let dir="ltr" attribute work again in MonoBook on RTL languages
* (bug 2024) Skip JavaScript error for custom skins where .js message not set
* (bug 2025) Updated Indonesian localization
* (bug 2039) Updated Lithuanian localization
=== Caveats ===
Some output, particularly involving user-supplied inline HTML, may not
produce 100% valid or well-formed XHTML output. Testers are welcome to
set $wgMimeType = "application/xhtml+xml"; to test for remaining problem
cases, but this is not recommended on live sites. (This must be set for
MathML to display properly in Mozilla.)
For notes on 1.3.x and older releases, see HISTORY.
=== Online documentation ===
Documentation for both end-users and site administrators is currently being
built up on MediaWiki.org, and is covered under the GNU Free Documentation
License:
https://www.mediawiki.org/
=== Mailing list ===
A MediaWiki-l mailing list has been set up distinct from the Wikipedia
wikitech-l list:
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
A low-traffic announcements-only list is also available:
http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
It's highly recommended that you sign up for one of these lists if you're
going to run a public MediaWiki, so you can be notified of security fixes.
=== IRC help ===
There's usually someone online in #mediawiki on irc.freenode.net
=MediaWiki 1.3=
== MediaWiki 1.3.18 ==
(released 2005-11-02)
MediaWiki 1.3.18 is a bugfix and security maintenance release. A change in PHP
4.4.1 broke handling of extension and <nowiki><pre></nowiki> sections, causing
garbage data to be inserted in output and saved edits. This version works
around the change. This release includes further corrections to the inline CSS
style sanitation which works around a JavaScript "feature" on Microsoft
Internet Explorer. Users of Microsoft Internet Explorer for Windows may be
vulnerable to XSS injections on prior 1.3 releases; users of
standards-compliant browsers are not vulnerable.
== MediaWiki 1.3.17 ==
(released 2005-10-05)
MediaWiki 1.3.17 is a security maintenance release. Unsafe handling of CSS by
Microsoft Internet Explorer could be exploited to produce cross-site scripting
attacks by JavaScript injection to clients running that browser. This release
blacklists several additional variants from use in HTML inline style
attributes. All publicly accessible wikis are recommended to upgrade to reduce
the risk to visitors using Microsoft web browsers.Note: the MediaWiki 1.3.x
series is not compatible with PHP 5.0.5 or higher. Upgrade to the 1.5.0 release
if you require this version of PHP 5.
== MediaWiki 1.3.16 ==
(released 2005-09-21)
MediaWiki 1.3.16 is a security maintenance release. A bug in edit submission
handling could cause corruption of the previous revision in the database if an
abnormal URL was used, such as those used by some spambots. Affected releases:
* 1.4.x <= 1.4.9; fixed in 1.4.10
* 1.3.x <= 1.3.15; fixed in 1.3.16
1.5 release candidates are not affected by this problem. All publicly editable
wikis are strongly recommended to upgrade immediately.
1.3 releases can be manually patched by changing this bit in
{{manual|EditPage.php}}:
<syntaxhighlight lang="php">
if( $this->tokenOk( $request ) ) {
$this->save = $request->wasPosted() && !$this->preview;
} else {
</syntaxhighlight>
to:
<syntaxhighlight lang="php">
if( $this->tokenOk( $request ) ) {
$this->save = $request->getVal( 'action' ) == 'submit' &&
$request->wasPosted() && !$this->preview;
} else {
</syntaxhighlight>
== MediaWiki 1.3.15, 2005-08-29 ==
MediaWiki 1.3.15 is a security maintenance release. It corrects across-site
scripting security bug:
* <nowiki><math></nowiki> tags were handled incorrectly when TeX rendering
support is off, as in the default configuration. Wikis where the optional math
support has been *enabled* are not vulnerable. The 1.3.x series is no longer
maintained except for security fixes; new users and those seeking bug fixes
should upgrade to 1.4.9 or 1.5.0.
== MediaWiki 1.3.14, 2005-08-23 ==
MediaWiki 1.3.14 is a security maintenance release. A flaw in the interaction
between extensions and HTML attribute sanitization was discovered which could
allow unauthorized use of offsite resources in style sheets, and possible
exploitation of a JavaScript injection feature on Microsoft Internet Explorer.
The 1.3.x series is no longer maintained except for security fixes; new users
and those seeking bug fixes should upgrade to 1.4.8 or 1.5.0. Existing 1.3.x
installations not willing to upgrade to the current stable release should apply
the change manually:
In includes/Parser.php, function {{code|inline=y|lang=php|fixTagAttributes()}}
add:
<syntaxhighlight lang="php">
# Any placeholder items should have been unstripped already before
# we got to this point. Raw text inserted later could be dangerous.
if( strpos( $t, UNIQ_PREFIX ) !== false ) {
wfDebug( "Parser::fixTagAttributes found stripped data placeholder;
dropping attributes\n" );
$t = '';
}
</syntaxhighlight>
If you are actively using extensions to generate HTML attribute values, upgrade
to 1.4 or 1.5 for a more thorough fix.
== MediaWiki 1.3.13, 2005-06-03 ==
MediaWiki 1.3.13 is a security maintenance release. Incorrect handling of page
template inclusions made it possible to inject JavaScript code into HTML
attributes, which could lead to cross-site scripting attacks on a publicly
editable wiki. Vulnerable releases and fix:
* 1.5 prerelease: fixed in 1.5alpha2
* 1.4 stable series: fixed in 1.4.5
* 1.3 legacy series: fixed in 1.3.13
* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended The
1.3.x series is no longer maintained except for security fixes; new users and
those seeking general bug fixes should install 1.4.5. Existing 1.3.x
installations not willing or able to upgrade to the current stable relase
should update the installation to 1.3.13; only includes/Parser.php has changed
from 1.3.12.
== MediaWiki 1.3.12, 2005-02-20 ==
MediaWiki 1.3.12 is a security maintenance release. A cross-site scripting
injection vulnerability was discovered, which affects only MSIE clients and is
only open if MediaWiki has been manually configured to run output through HTML
Tidy ($wgUseTidy). The 1.3.x series is no longer maintained except for security
fixes; new users and those seeking bug fixes should upgrade to 1.4.2. Existing
1.3.x installations using Tidy not willing to upgrade to the current stable
relase should either turn off Tidy or update the installation to 1.3.12.
== MediaWiki 1.3.11, 2005-02-20 ==
MediaWiki 1.3.11 is a security release.
A security audit found and fixed a number of problems. Users of MediaWiki
1.3.10 and earlier should upgrade to 1.3.11; users of 1.4 beta releases should
upgrade to 1.4rc1.
=== Cross-site scripting vulnerability ===
XSS injection points can be used to hijack session and authentication cookies
as well as more serious attacks.
* Media: links output raw text into an attribute value, potentially abusable
for JavaScript injection. This has been corrected.
* Additional checks added to file upload to protect against MSIE and Safari
MIME-type autodetection bugs.
As of <code>1.3.10/1.4beta6</code>, per-user customized CSS and JavaScript is
disabled by default as a general precaution. Sites which want this ability may
set {{wg|AllowUserCss}} and {{wg|AllowUserJs}} in LocalSettings.php.
=== Cross-site request forgery ===
An attacker could use JavaScript-submitted forms to perform various restricted
actions by tricking an authenticated user into visiting a malicious web page. A
fix for page editing in 1.3.10/1.4beta6 has been expanded in this release to
other forms and functions. Authors of bot tools may need to update their code
to include the additional fields.
=== Directory traversal ===
An unchecked parameter in image deletion could allow an authenticated
administrator to delete arbitrary files in directories writable by the web
server, and confirm existence of files not deletable.
== MediaWiki 1.3.10, 2005-02-03 ==
MediaWiki 1.3.10 is a security release.
An attacker could craft a URL which, when visited by a particular logged-in
user, would execute arbitrary JavaScript code on the user's browser in the
wiki's site context. This attack has been blocked, and as an extra precaution
the user CSS and JavaScript subpage support is now disabled by default. Sites
which want this ability may set {{wg|AllowUserCss}} and {{wg|AllowUserJs}} in
{{manual|LocalSettings.php}}. Additional protections have been added against
off-site form submissions
hijacking user credentials. Authors of bot tools may need to update their code
to include additional fields. All wikis running 1.3.x are strongly urged to
upgrade to 1.3.10.
Changes from 1.3.9:
* Logged-in edits and preview of user CSS/JS are now locked to a session token.
* Per-user CSS and JavaScript subpage customizations now disabled by default.
They can be re-enabled via {{wg|AllowUserJs}} and {{wg|AllowUserCss}}.
* Removed .ogg from the default uploads whitelist as an extra precaution. If
your web server is configured to serve Ogg files with the correct Content-Type
header, you can re-add it in LocalSettings.php: {{wg|FileExtensions}}<code>[] =
'ogg'</code>
== MediaWiki 1.3.9, 2004-12-12 ==
MediaWiki 1.3.9 is a security and bug fix release.
A flaw in upload handling has been found which may allow upload and execution
of arbitrary scripts with the permissions of the web server. Only wikis that
have enabled uploads and have a vulnerable Apache configuration will be
affected, but to be safe all wikis should upgrade. Wikis with uploads available
should either disable uploads or upgrade to 1.3.9 immediately; if other files
are customized and require merging changes,
includes/{{manual|SpecialUpload.php}} may be replaced individually to add the
fix. (It is also recommended to configure your web server to disable script
execution in the 'images' subdirectory where uploads are placed, which prevents
most attacks even if the wiki fails.)
Changes from 1.3.8:
* Backported "Templates used in this page"-feature of EditPage
* Allow "MySkin" as a default skin.
* ({{bugzilla|938}}) Parse namespaces correctly on self-interwiki links
* ({{bugzilla|1010}}) fix broken Commons image link on [[Skin:Classic|Classic]]
& [[Skin:Cologne Blue|Cologne Blue]]
* ({{bugzilla|1004}}) Norsk language names for interwiki links changed, Nauruan
language name changed
* Enhance upload extension blacklist to protect against vulnerable Apache
configurations
== MediaWiki 1.3.8, 2004-11-15 ==
MediaWiki 1.3.8 is a bugfix release. Those running wikis with uploads enabled
are strongly recommended to upgrade as this fixes several problems with
overwriting previously-uploaded files.
Changes from 1.3.7:
* ({{bugzilla|506}}) fix {{code|inline=y|lang=html|array_key_exists()}} warning
for IIS servers using ISAPI mode
* ({{bugzilla|718}}) fix bad charset in (file) cached pages
* use local numerals in category page (for Hindi et al)
* alias month abbreviations to month names in Hindi
* add localized numerals for Gujarati and Kannada
* fix Category and project namespaces for Hindi
* Don't output bogus timestamp on [[Special:RecentChanges]] if no entries
* Correct template include path which broke some but not all Windows installs
* Fix edit form submission problem with some PHP versions
* Disallow unreachable titles with %XX hex codes
* Allow page [[0]] to be renamed
* ({{bugzilla|774}}) when saving with <code>section=new</code>, return to the
anchor as with existing numbered section edits
* Experimental shared upload overlay area (disabled by default)
* ({{bugzilla|806}}) Removed some "Wikipedia" hardcoding in German localization
* User option localization fix for some extensions
* ({{bugzilla|809}}) now try to load the mysql php extension if it isn't loaded
* ({{bugzilla|848}}) fix error message in [[Special:Newpages]] RSS and Atom
feeds
* ({{bugzilla|26}}) fix cache headers on anon talk page notification
* ({{bugzilla|874}}) added 'cgi' to {{wg|FileBlacklist}}
* ({{bugzilla|862}}) localize date and time format for Finnish
* ({{bugzilla|548}}) Don't overwrite images until the user confirms it
== MediaWiki 1.3.7, 2004-10-18 ==
Changes from 1.3.6:
* Fix protected-page related security issue.
== MediaWiki 1.3.6, 2004-10-14 ==
Changes from 1.3.5:
* ({{bugzilla|296}}) Variables in user interface messages are no longer
substituted at install time, so changes to the site name etc should be easier
to make
* ({{bugzilla|149}}) [[Special:RecentChanges]] "changes from" link preserves
limit
* ({{bugzilla|433}}) tooltip for "Undelete" tab now labeled correctly
* ({{bugzilla|439}}) unclickable "Move" tab no longer displays on protected
pages
* ({{bugzilla|484}}) graceful deletion of images where the actual file is
missing
* ({{bugzilla|686}}) fixed [[plural]]s in Catalan localization
* Fixed potential HTML/JavaScript injection attack in the
[[Extension:UnicodeConverter|UnicodeConverter]] extension. (This extension is
not enabled by default.)
* Fixed potential HTML/JavaScript injection attack via raw page views to a
maliciously crafted wiki page.
* ({{bugzilla|187}}, {{bugzilla|669}}) Fixed centered thumbnails, using
{{code|inline=y|lang=html|<div>}} instead of {{code|inline=y|lang=html|<span>}}.
* catch MySQL error 2000 during installation.
* ({{bugzilla|704}}) Removed misleading LocalSettings.sample
* Fix cross site scripting bugs in [[Special:Ipblocklist]],
[[Special:EmailUser]]
* Fix SQL injection and cross site scripting bugs in Special:Maintenance
* Fix cross site scripting bugs and possible filename validation vulnerability
in ImagePage.
* and more of that sort
== MediaWiki 1.3.5, 2004-09-30 ==
Changes from 1.3.4:
* Clean up input validation in 'raw' page output mode which was a potential
cross-site scripting opportunity.
== MediaWiki 1.3.4, 2004-09-28 ==
=== SECURITY NOTE ===
As of 1.3.4, MediaWiki performs some screening of newly uploaded files for
validity. (Some) corrupt image files, and HTML files mistakenly or maliciously
masquerading as images, should now be rejected. These checks protect against
Internet Explorer security holes relating to type autodetection which are a
potential cross-site scripting attack vector, and also rejects at least one
known version of the "JPEG virus" which might attack unpatched clients. If you
already have invalid files uploaded this will not protect against them. If you
have expanded the <code>filetype</code> whitelist or disabled the strict type
checking, other dangerous file types may still get through. You should always
be careful when allowing uploads!
Changes from 1.3.3:
* Fixed lots of template-related bugs, esp. for cases where template variables
are used for links, images, etc.
* Fixed transformation of page messages when viewing [[Special:Allmessages]]
* Handle "ISBN ISBN 1234" correctly
* Fixed warning on Category pages
* Fixed some bad error messages on login page
* Fixed history entry for initial main page on install
* Removed problematic <code>{</code> and <code>}</code> from legal title
characters
* Strip leading blank from output in preformatted text.
* Fixed problem when moving pages to titles with '#' in
* Optional {{wg|RawHtml}} for raw {{code|inline=y|lang=html|<html>}} sections.
Use only on limited- participation 'trusted' wikis, as it does not protect
against cross-site scripting attacks. For security, this option can only be
enabled if in {{wg|WhitelistEdit}} mode.
* Fixed problem where pages which were created as a redirect following a move
never showed on [[Special:Randompage]].
* Fixed line spacing on printed table of contents
* Allow links to pages with names of the form [[RFC 1234]]
* Fixed broken edit links being shown for sections from included templates
* Verify that uploaded image files are of the claimed type.
== MediaWiki 1.3.3, 2004-09-09 ==
Changes from 1.3.2:
* Fix for long numeric page titles
* Fix Go search for "0", numeric almost-self-links
* Avoid caching of pages with "You have new messages" headers
* Fix for upgrades as non-root users from 1.2 command-line installs.
* Fix for {{wg|DebugDumpSql}} debug mode.
* {{wg|ExtraNamespaces}} setting for configuring additional namespaces (see
note in {{manual|DefaultSettings.php}})
* 'recache' on query pages now disabled when miser mode is on; special case the
global settings in your {{manual|LocalSettings.php}} to do automatic updates.
* Don't block UTF-8 titles containing byte 0xA0 (bug added in 1.3.2)
* Watch/unwatch tabs now shown on edit pages in MonoBook.
* Fix default skin in Irish localization (ga)
* Add Traditional Chinese localization (zh-tw)
* Changed default sortkey of subcategories. Don't include "Category:"-prefix
any longer
* More helpful info on spam catcher.
* Allow larger offsets for queries such as [[Special:Listusers]]
* Semicolon (;) added to French non-break space rules
* Possible fix for some install errors with path names permission problems.
* Removed [[Project:All system messages]], which has been superseded by the
much faster [[Special:Allmessages]]. This speeds up installation considerably.
== MediaWiki 1.3.2, 2004-08-30 ==
Changes from 1.3.1:
* Fix namespaced page creation links when no go match
* When cookies are disabled, don't show login screen twice
* Install should no longer die when PHP is pre-configured to compress output
* Fixed bug that caused long Japanese pages to time out with Tidy active
* When session.handler is set incorrectly, try automatic override to 'files'
* Watch/Unwatch links back to the affected page instead of Main Page
* Upload link no longer displayed on Monobook if uploading is disabled
* Special:Allmessages faster, shows correct original text, works in safe mode
== MediaWiki 1.3.1, 2004-08-14 ==
Changes from 1.3.0:
* Watchlist parameters now work with register_globals off
* Fixed parsing of ''italics'' and '''bold''' mark-up (again)
* Special:Allpages display is more sensible on smaller wikis
* Fixed XHTML parsing error in classic skins
* Moved pages update watchlist correctly
* Fixed rebuildall.php on case-sensitive Unix filesystems
* Disabled file cache compression by default due to incompatibility with output
buffer compression (ob_gzhandler)
* New magic word {{code|inline=y|PAGENAMEE}} (URL-escaped version of
{{code|inline=y|PAGENAME}})
* Installation avoids blank username; better message on missing XML module
* {{wg|WhitelistAccount}} no longer breaks all logins.
== MediaWiki 1.3.0, 2004-08-11 ==
Look & layout:
* New default layout '[[Skin:MonoBook|MonoBook]]' (available on PHP4 only
currently)
* Print stylesheet now built-in to every page
* More or less correct XHTML 1.0 (served as text/html by default)
Wiki features:
* Image captions can now include links and other basic formatting
* Image bounding box can be specified instead of width, e.g. as 100x100px,
making the image not wider than 100px and not higher than 100px, keeping aspect
ratio.
* Templates have been expanded with parameters, and separated from the
MediaWiki: localization scheme.
* Categories more or less work
* added a special page for listing users with sysop rights.
Editing:
* Automatic merging of edit conflicts that don't directly interfere
* Edit summaries can now include basic formatting and links
Metadata and output:
* Linked Creative Commons copyright metadata (optional)
* RSS 2.0 & Atom 0.3 feeds for Recent Changes, New Pages
Optional modules:
* WikiHiero hieroglyphic module can be added (separate download)
* Timeline module can be added (separate download). Requires ploticus.
* TeX now has an experimental MathML output mode (incomplete!)
Installation and upgrading:
* The old install.php and update.php have been removed. In-place installation
introduced in 1.2 is now the standard installation and upgrade method, see
INSTALL and UPGRADE for directions.
Database:
* The links table has been changed to use a cur_id for l_from. The link tables
must be converted on upgrade, which may entail some downtime.
Code and compatibility:
* Should now run clean with error reporting set to E_ALL.
* register_globals hack from 1.2 has been replaced with safer code
* Bundled PHPTAL 0.7.0 from http://phptal.sourceforge.net/ (with some patches)
* Most image-related code moved to Image.php
* More fixes for PHP 4.1.2 (thanks to Asheesh Laroia)
* URL encoding fix for anchors
* All languages now available in UTF-8 mode
* Various other fixes
=== Caveats ===
Some output, particularly involving user-supplied inline HTML, may not produce
100% valid or well-formed XHTML output. Testers are welcome to set $wgMimeType
= "application/xhtml+xml"; to test for remaining problem cases, but this is not
recommended on live sites. (This must be set for MathML to display properly in
Mozilla.) The new 'MonoBook' skin is not compatible with PHP 5 due to bugs in
the underlying PHPTAL library. It will be automatically disabled when running
on PHP5; the older look and feel will be used instead.
|