diff options
Diffstat (limited to 'HISTORY')
-rw-r--r-- | HISTORY | 2472 |
1 files changed, 2472 insertions, 0 deletions
diff --git a/HISTORY b/HISTORY new file mode 100644 index 00000000..88bf58dc --- /dev/null +++ b/HISTORY @@ -0,0 +1,2472 @@ +Change notes from older releases. For current info see RELEASE-NOTES. + += MediaWiki release notes = + +Security reminder: MediaWiki does not require PHP's register_globals +setting since version 1.2.0. If you have it on, turn it *off* if you can. + +== Changes since 1.5 == + +* (bug 2885) More PHP 5.1 fixes: skin, search, log, undelete + +Code quality: +* Use strval() to make sure we don't accidentally get null on bad revision + text loads or other fields mucking up XML export output +* Clean up duplicate code for selection of changeslist style +* Correct blob caching to reduce redundant blob loads on backups +* (bug 3182) Clear link cache during import to prevent memory leak +* Fixed possible infinite loop in formatComment +* Wrap message page insertions in a transaction to speed up installation +* Avoid notice warning on edit with no User-Agent header +* (bug 3649) Remove obsolete, broken moveCustomMessages script +* Avoid numerous redundant latest-revision lookups in history +* Require PHP 4.3.2 or higher strictly now. +* Tweak infinite-template-handling loop for PHP 5.1.1 string handling change +* Remove unused OutputPage::addCookie() +* Fix for short_open_tag off again; please don't break this, guys +* (bug 4507) Adjust FULLPAGENAMEE escaping to standard form +* (bug 5302) Merge the two #p-search .pBody statements in monobook css. + +Database: +* Finally dropped MySQL 3.23.x support +* Oracle support +* (bug 3056) MySQL 3 compatibility fix: USE INDEX instead of FORCE INDEX +* Update all stats fields on recount.sql +* (bug 3227) Fix SQL injection introduced in experimental code +* Fix table prefix usage in Block::enumBlocks +* (bug 3448) Set page_len on undelete +* (bug 3506) Avoid MySQL error when Listusers returns no results +* Skip update of disused 'rc_cur_time' field (todo: discard the field) +* (bug 3735) Fix to run under MySQL 5's strict mode +* (bug 3786) Experimental support for MySQL 4.1/5.0 utf8 charset mode + NOTE: Enabling this may break existing wikis, and still doesn't + work for all Unicode characters due to MySQL limitations. +* MySQL 5.0 strict mode fix for moving unwatched pages +* Ability to set the table name for external storage servers +* Update ipblocks table in MySQL 5 table defs +* Removed FulltextStoplist.php, no longer used (was for MySQL 3.x workaround) +* Added templatelinks table, to track template inclusions. User-visible effects + will be: + * (inclusion) tag for inclusions in Special:Whatlinkshere + * More accurate list of used templates on the edit page + * More reliable cache invalidation when templates outside the template + namespace are changed +* Respect database prefix in dumpHTML.inc +* Removed read-only check from Database::query() +* Added externallinks table, to track links to arbitrary URLs +* Added job table, for deferred processing of jobs. The immediate application is + to complete the link table refresh operation when templates are changed. +* Don't change the password of the MySQL root user. + +Documentation: +* (bug 3306) Document $wgLocalTZoffset + +Hooks: +(list not complete) +* Move ArticleSave hook execution into Article insert/update functions, + so they get called on non-EditPage actions that use these functions + to create or update pages. +* Added EditFilter hook, and output callback on EditPage::showEditForm() + for a place to add in captcha-type extensions in the edit flow +* (bug 3684) Fix typo in fatal error backtraces in Hooks.php +* Fix for hook callbacks on objects containing no fields +* Add a hook for additional user creation throttle / limiter extensions +* Use $wgOut->parse() in wfGetSiteNotice() instead of creating a new parser + instance. This allows use of extension hooks if required. +* Added AutoAuthenticate hook for external User object suppliers +* Added 'PageRenderingHash' hook for changing the parser cache hash key + from an extension that changes rendering based on nonstandard options. +* Add 'GetInternalURL' hook to match the GetFullURL and GetLocalURL ones +* (bug 4456) Add hook for marking article patrolled +* Add UserRights hook, fires after a user's group memberships are changed + +Images: +* Support SVG rendering with rsvg +* Cap arbitrary SVG renders to given image size or $wgSVGMaxSize pixels wide +* (bug 3127) Render large SVGs at image page size correctly +* Fix scaling of non-integer SVG unit sizes +* (bug 2800) Don't scale up small images on |thumb| without explicit size +* Use the real file link instead of the default-size rasterized version for + large SVG images on image description page +* Include the file name/type/size line for non-resized images +* (bug 3489) PHP 5.1 compat problem with captioned images +* (bug 3643) Fix image page display of large images with resizing disabled +* Added a limit to the size of image files which can be thumbnailed +* (bug 3806) Gracefully fall back to client-side scaling on |thumb| image + that passes $wgMaxImageArea +* (bug 153) Adjust thumbnail size calculations to match consistently; + patch by David Benbennick +* (bug 4162) Add $wgThumbnailEpoch timestamp to force old thumbs to + be rerendered on demand, sitewide +* (bug 1850) Additional fixes so existing local and remote images + get a blue link even if there's no local description page +* Avoid FATAL ERROR when creating thumbnail of non-existing image +* (bug 4207) Wrong image size when using 100x200px syntax to scale image up + patch by David Benbennick +* Don't delete thumbnails when refreshing exif metadata. This caused thumbs + to vanish mysteriously from time to time for files that didn't have metadata. +* (bug 4426) Add link to user_talk page on image pages +* Support a custom convert command for thumbnailing. See DefaultSettings.php + and the comments for $wgCustomConvertCommand, for more information. +* UserCan hook now allows advisory return values, rather than mandatory ones. + +Installer: +* (bug 3782) Throw fatal installation warning if mbstring.func_overload on. + Why do people invent these crazy options that change language semantics? +* Fixed installer bugs 921 and 3914 (issues with using root and so forth) +* (bug 4258) Use ugly urls for ISAPI by default + patch by Rob Church +* Improve installer + * Use a superuser account (such as root), if specifed, to create tables + * Don't overwrite conservative permissions on the mySQL user with ALL + permissions, if said user exists + * Changes to some of the wording of explanations for fields +* (bug 1734) granting db permissions failed with db usernames containg '-' +* Add basic check for session support in PHP and die if not present + +Maintenance: +* Fix problem reported on mailing list where re-initialising stats didn't work (can't insert + duplicate rows with the same id field) +* Added --conf option to command line scripts, allowing the user to specify a + different LocalSettings.php. +* Maintenance script to delete unused text records +* Maintenance script to delete non-current revisions +* Maintenance script to wipe a page and all revisions from the database +* Maintenance script to reassign edits from one user to another +* Maintenance script to find and remove links to a given domain (cleanupSpam.php) +* Fix --report interval option for dumpTextPass + +i18n / Languages: +* Partial support for Basque language (from wikipedia and meta) +* (bug 3141) Partial support for Breton language (thanks Fulup). +* Support for venitian language +* (bug 1334) LanguageGa.php update +* Finnish date format was hardcoded, now implemented properly +* (bug 3190) Added some date format choices for language sr +* (bug 2753) Some namespaces were not translated in LanguageTa.php (Tamil) +* (bug 3204) Fix typo breaking special pages in fy localization +* (bug 3177) Estonian date formats not implemented in LanguageEt.php +* (bug 1020) Changing user interface language does not work immediately +* (bug 3271) Updated LanguageNn.php for HEAD +* Experimental feature to allow translation of block expiry times + Implementation only for Finnish currently +* (bug 3304) Language file for Croatian (LanguageHr.php) +* (bug 2143) Update Vietnamese interface +* (bug 3063) Remove some hardcodings from Hebrew localisation +* (bug 3408) Bulgarian formatNum corrected +* (bug 1512) Disable x-code interp on Esperanto URLs for now, it does more + harm than good under current system by breaking incoming URLs with "ux". + (Editing is not affected, just URLs.) +* (bug 1423) LanguageJa.php update +* Fix language name for dv +* (bug 3503) Update LanguageSq.php from sq.wikipedia.org messages +* (bug 3629) Fix date & time format for Frisian +* (bug 3334) Namespace changes for Polish +* (bug 3580) Change default Dutch language file to more neutral +* (bug 3656) LanguageHr.php - added convertPlural +* (bug 3414) LanguageBe.php - added convertPlural +* (bug 3163) Full translation of LanguageBr +* (bug 3617) Update for portuguese language (pt) +* Namespaces hacks on LanguagePl +* (bug 3682) LanguageSr.php - added convertPlural +* (bug 3694) LanguageTr.php update +* (bug 3711) Removed invisible unicode characters from LanguageHu +* (bug 2981) Linktrail for Tamil (ta) +* (bug 3722) Update of Arabic language (ar) Namespace changes +* Removed hardcoded Norwegian (no) project namespaces +* (bug 2324) image for redirects should be without text and oriented according to content language +* (bug 3666) Don't spew PHP warnings in prefs on unrecognized site language +* (bug 3817) Use localized date formats in preferences; 'no preference' option + localizable as 'datedefault' message. Tweaked lots of languages files... +* (bug 2721) Regression: Use European number separators for vi: wikis +* (bug 3961) minor languageDe changes +* (bug 1984) LanguageKo.php (Korean) update +* (bug 3804) update of LanguageWa.php file +* (bug 3886) Update for Portuguese language (pt) +* (bug 4020) Update namespaces for ms +* (bug 3922) bidi embedding overrides on category links +* (bug 4061) Update of Slovene namespace names (LanguageSl.php) +* (bug 4064) LanguageDe comma changes +* (bug 3922) Further tweaks to bidi overrides in category list for old + versions of Safari and Konqueror +* Fix custom namespaces on wikis set for Portuguese +* (bug 4153) Fix block length localizations in Greek +* (bug 3844) ab: av: ba: ce: & kv: now inherit from LanguageRu.php + ii: & za: now inherit from LanguageZn_cn.php +* (bug 4165) Correct validation for user language selection (data taint) +* (bug 4192) Remove silly 'The Free Encyclopedia' default sitesubtitle +* Use content-lang for sitenotice +* (bug 4233) Update LanguageJa.php +* (bug 4279) Small correction to LanguageDa.php +* (bug 4108, 4336) Remove trailing whitespace from various messages, which + mucks up message updating to create dupe entries +* (bug 4389) Fix math options on zh-hk and zh-tw (but not localized) +* (bug 4392) Update of LanguageSr.php +* (bug 4382) Frisian numeric format +* (bug 4424) Update for Spanish language (es) 100% messages translated +* (bug 4425) Typos in Polish translation +* (bug 4436) Update for Turkish language (tr) +* (bug 4413) Update of Farsi language file (LanguageFa.php) +* Update for LanguageSr (Serbian): magic words +* (bug 137) MediaWiki:Copyrightwarning hardcoding +* (bug 4457) Update for Portuguese language (pt) +* convertPlural breakage fixed a little +* (bug 4144) Support for Sudanese language (Basa Sunda) +* Big cleanup: + - Removed obsolote, badly or untranslated messages + - Removed references to wikipedia/wikimedia etc in messages + - Other cleanup, like removing html and javascript and extension calls + - Removed hardcoded namespaces: Tt, Ms, Ia, Ga, Fo, Bn, Csb, He, Nv, Oc, Tlh + - Removed some useless backwards compatibility hacks + - Fixed formatnum on many languages +* wgAmericanDates check produced incorrect results in languages that don't have + a such distinction +* (bug 4548) Update for Portuguese language (pt): time format +* (bug 4530) Use consistent name for Kurdish +* Tweak default "upload disabled" text +* (bug 4504) Use site language for namespace name resolution +* (bug 4510) Correct Barnes & Noble bookstore URLs +* (bug 3991) Allow the operation of wikicode on Protect move only text +* (bug 4267) Switch dv sd ug ks arc languages to RTL +* Default main page content improved per bug 4690 +* (bug 4615) Update for Portuguese language (pt) +* Separated MessagesSl.php as the other languages. +* (bug 4960) Add additional namespaces variants to Yiddish for compatibility +* (bug 4805) Removed more wikipedia-references from MessagesUk.php +* (bug 5015) Update magic words translation in LanguageBe.php +* (bug 4859) Update for Portuguese messages (pt) +* (bug 4788) One string for MessagesPl +* Restriction types now use restriction-* messages instead of ui messages +* (bug 4685) Slovenian LanguageSl.php hardcodes project namespace +* (bug 5097) Fix Hungarian language (hu): thousands separator +* (bug 5098) Update for Portuguese messages (pt) +* (bug 5113) Spelling error in French language file +* (bug 5105) Magic words for LanguageAr.php +* (bug 3993) Variants for Serbian language +* Typo in English messages file +* (bug 4114) Spacing in watchlist rows (in editing mode) +* Update default "exporttext" to reflect that Special:Import exists +* (bug 4960) Add additional namespaces variants to Yi projects: Yiddish Wikinews fix +* (bug 5357) Add the icon near the user name also in RTL interfaces +* (bug 5156) Update for Hebrew language (he) +* (bug 4497,4704,5010) Added some new language codes. +* (bug 5362) Piedmontese added +* (bug 5349) Update for Portuguese messages (pt) +* (bug 3573) Finished full Greek translation: namespaces +* (bug 5288) Initial localisation for Az +* (bug 4361) Fix "allmessagesnotsupportedui" so it doesn't refer to nonexisting + page +* Tweak wording of "allmessagesnotsupporteddb" + +Parser: +* (bug 2522) {{CURRENTDAY2}} now shows the current day number with two digits +* (bug 3210) Fix Media: links with remote image URL path +* (bug 3405) Don't use raw letters as aliases of MSGNW: and SUBST: +* (bug 3412) Clean up date format handling so ~~~~-sigs work with default + format as designed. Documentation comments updated. +* Fix Parser::unstrip on PHP 5.1.0RC4 +* (bug 3797) Don't expand variables and sigs in comments +* Allow parser cache on redirect targets +* Run wikitext-escaping on plaintext sigs (no wiki markup, just name) +* Check for unbalanced HTML tags on raw sigs (markup allowed, but show + a warning in prefs and use default sig if not balanced) +* Respect <noinclude> and <includeonly> during {{subst:}} expansion as well as + ordinary templates. +* Support <includeonly> in templates loaded through preload= parameter +* (bug 3979) Save correct {{REVISIONID}} into parser cache on edit +* Substitute {{REVISIONID}} correctly in diff display +* (bug 1850) Allow red-links on image pages linked with [[:image:foo]] +* Fix XML validity checks in parser tests on PHP 5.1 +* (bug 4377) "[" is not valid in URLs +* (bug 4453) fix for __TOC__ dollar-number breakage +* Convert unnecessary URL escape codes in external links to their equivalent + character before doing anything with them. This prevents certain kinds of + spam filter evasion. +* (bug 4783) : Fix for "{{ns:0}} does not render" +* Improved support for interwiki transclusion +* (bug 1850) Image link to nonexistent file fixed. +* (bug 5167) Add {{SUBPAGENAME}} and {{SUBPAGENAMEE}} variables +* (bug 4949) Missing : in "addedwatchtext" for English and Spanish +* Allow user-defined functions, which work in a similar way to {{GRAMMAR:}} + etc. Registered via an interface similar to tag hooks. + +Upload: +* (bug 2527) Always set destination filename when new file is selected +* (bug 3076) Support MacBinary-encoded uploads from IE/Mac +* (bug 2554) Tell users they are uploading too large file +* Support for a license selection box on Special:Upload, configurable from MediaWiki:Licenses +* Add 'reupload' and 'reupload-shared' permission keys to restrict new uploads + overwriting existing files; default is the old behavior (allowed). + +Security: +* (bug 3244) Fix remote image loading hack, JavaScript injection on MSIE +* (bug 3280) Respect 'move' group permission on page moves +* (bug 2613) Clear saved passwords from the form +* IP privacy fix for blocklist search on autoblocks +* Security fix for <math> +* Security fix for tables +* Security fix for Special:Upload license selection list +* Add UploadVerification hook for custom file upload validation/security checks +* Blacklist additional MSIE CSS safety tricks +* Fix meta robots tag on Special:Version again to avoid listing vulnerable + versions for convenient harvesting by automated worms +* Sanitizer CSS comment processing order fix +* Forbid usernames that can be interpreted as titles with namespaces, as that + leads to hard-to-manage names. +* (bug 4071) Generate passwords long enough for $wgMinimalPasswordLength +* Add createpage and createtalk permission keys, allowing a quick + switch to disable page creation for anonymous users. +* (bug 675) Add page protection level for unregistered/new accounts +* User::isNewbie now uses the registration date and $wgAutoconfirmAge +* Add 'deletedhistory' permission key for ability to view deleted history + list via Special:Undelete. Default is off, replicating the 1.5 behavior, + but it can be turned back on for random users to replicate the previous + 1.6 dev behavior. +* Set cookies to secure mode based on use of HTTPS or $wgCookieSecure +* (bug 4371) Disallow tilde character in signatures +* Removed broken wgAllowAnonymousMinor and added new group right minoredit +* Added detection for WMF files (application/x-msmetafile), added this + MIME type to the default blacklist. Prevented inline display of images + which are not of known image types. This is in response to + http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability +* Blocked users can no longer roll back, change the protection of, or delete/undelete pages +* Protect against spoofing of X-Forwarded-For header +* XSS issue : now sanitize search query input (fixed in 1.5rc3) +* Remove deprecated $wgOnlySysopsCanPatrol references; use User::isAllowed( 'patrol' ) + per bug 5282. Patch by Alan Harder. +* Prevent registration/login with the username "MediaWiki default" + +Special Pages: +* Rearranged Special:Movepage form to reduce confusion between destination + title and reason input boxes +* (bug 1956) Hide bot uploads from Special:Newimages +* (bug 3220) Fix escaping of block URLs in Recentchanges +* (bug 3284) Ipblocklist paging, substring search +* Allow filtering of robot edits in Special:Watchlist by stting + $wgFilterRobotsWL = true. +* Fix interlanguage links on special pages when extra namespaces configured +* (bug 3475) anon contrib links on Special:Newpages +* Special:Import/importDump fixes: report XML parse errors, accept <minor/> +* (bug 2369) Add separate message for input box on Special:Prefixindex +* (bug 3798) DoubleRedirects no longer has hard coded arrows +* (bug 3803) Fix links on Special:Wantedcategories with miser mode off +* Fix Special:BrokenRedirects on MySQL 5.0 +* (bug 3807) Fix 'all' in namespaces drop-down on contribs, rc +* Fail gracefully on invalid namespace in Special:Newpages +* (bug 3762) Define missing Special:Import UI messages +* (bug 3761) Avoid deprecation warnings in Special:Import +* (bug 2894) Enhanced Recent Changes link fixes +* (bug 4059) fix 'hide minor edits' on Recentchangeslinked +* (bug 146) List number of category members in Special:Categories + (patch by Joel Nothman) +* (bug 4090) Fix diff links in Special:Recentchangeslinked +* (bug 4093) '&bot=1' in Special:Contributions now propagate to other links +* Fix display of old recentchanges records for page moves +* (bug 360) Let Whatlinkshere track [[:image:foo]] links +* (bug 3073) Keep search parameter on paging in Special:Newimages +* Removed Special:Validate, it's been superseded by the Review extension +* (bug 4359) red [[user:#id]] links generated in [[special:Log]] +* (bug 1996) Special page to list redirects +* (bug 4334) Add "watch" links to Special:Unwatchedpages +* Generate target user page links in Special:Ipblocklist where appropriate + (i.e. not an autoblock) +* Generate link to talk page of the blocker in Special:Ipblocklist, move + contribs. link of the target next to their name +* (bug 2714) Backlink from special:whatlinkshere was hard set as 'existing' +* Move parentheses out of <a> link in Special:Contributions +* (bug 3192): properly check 'limit' parameter on Special:Contributions +* (bug 3187) watchlist text refer to unexistent "Stop watching" action +* Add block, block log and general log links to Special:Contributions +* Add contributions link to block log items +* Added optional "hide own edits" feature to Special:Recentchanges +* (bug 5018) Anchors for each message in Special:Allmessages +* Introduce $wgWantedPagesThreshold per bug 5011; Special:Wantedpages will not + list pages with less than this number of links. Defaults to 1. +* (bug 4319) Don't show a "create account" link on the login form when + account creation is disabled. +* JavaScript filter for Special:Allmessages +* (bug 3047) Don't mention talk pages on Special:Movepage when there isn't one +* Show links to user page, talk page and contributions page on Special:Newpages +* Special:Export can now export a list of all contributors to an article (off by default) +* (bug 5372) Add number of files to Special:Statistics +* (bug 2871) Links to talk pages in watchlist editing view +* (bug 5385) Allow hiding anonymous edits on Special:Recentchanges +* (bug 2544) Illogical error reporting order in Special:Userlogin +* (bug 5409) Hide "show/hide patrolled edits" in Special:Recentchanges if patrolling + is disabled +* (bug 5447) Convert first letter of username to uppercase before searching in Special:Listusers +* (bug 759) Wrap redirects on the watchlist editing page in a span, class "watchlistredir" +* (bug 1862) Namespace filtering in watchlists + +Misc.: +* PHP 4.1 compatibility fix: don't use new_link parameter to mysql_connect + if running prior to 4.2.0 as it causes the call to fail +* (bug 3117) Fix display of upload size and type with tidy on +* (bug 2323) Remove "last" tabindex from history page +* (bug 3116) Division by zero on [[Image:Foo.png|123x123px|]] +* Fix display of read-only lockfile message +* Include software-visible client IP address in Special:Version comment + as a proxy debugging aid +* (bug 3170) Page Title failed to obey MediaWiki:Pagetitle. + wikititlesuffix was removed +* Add ability to break off certain debug topics into additional log files; + use $wgDebugLogGroups to configure and wfDebugLog() to log. +* Edit conflict on recreation of deleted page +* (bug 3216) Don't show empty warning page when no warnings. +* (bug 3218) Use proper quoting on history Compare Revisions button +* Fix upgrade from 1.4 due to version number check breakage [for rc future] +* Fix upgrade from 1.4 with no old revisions +* Remove "info" editing toolbar that was shown in browsers which do not +fully support the editing toolbar, but was found to be too confusing. +* Don't override edit conflict suppression on section edits; section merging + should provide the expected transparency here and fits usage patterns better. +* (bug 3292) Fix move-over-redirect test when current entries are not plaintext +* (bug 2078) Don't hide watch tab on preview +* Fix regressions in ChangesList traditional layout +* Fix edit on double-click for move-protected pages in Classic skin +* (bug 3485) Fix bogus warning about filename capitalization when off +* (bug 2570) Add 'watch this page' checkbox on uploads, watch uploads + by default when 'watchdefault' option is on +* Add options to dumpBackup.php for making split/partial dumps by page id +* Added filter options, compression piping, and multiple output streams for + dumpBackup.php +* (bug 3595) Warn and abort if importDump.php called in read-only mode. +* (bug 3598) Update message cache on message page deletion, patch by Tietew +* Added separate noarticletext and newarticletext messages for logged in and anon users. +* (bug 3332) Installation now uses Monobook, validates, plus usability improvements. +* (bug 3660) Update diff3 detection to work with Windows/Cygwin +* (bug 2330) Don't do funny thinks with "links" in MediaWiki:Undeletedtext +* Two-pass data dump for friendliness to the DB (--stub, then dumpTextPass.php) +* Data dump 'prefetch' mode to read normalized text from a prior dump + (requires PHP 5, XMLReader extension) +* (bug 2773) Print style sheet no longer overrides RTL text direction +* (bug 2938) Update MediaWiki:Exporttext to be more general +* Various fixes +* Fix wfMsg*() replacements; args containing literal $[2-9] were wiped +* Added @import for [[MediaWiki:Common.css]] to all skins +* Edit box now remembers scrollbar position on preview +* (bug 3816) Throw edit conflict instead of fatal error when a page is + moved or deleted during section edit +* (bug 3771) Handle internal functions in backtrace in wfAbruptExit() +* (bug 3291) 'last' diff link for last history line when not at end +* (bug 3667) Add missing global in page move code +* (bug 2885) Remove unnecessary reference parameter which broke classic skin + talk notification on PHP 5.0.5 +* (bug 3852) "Redirected from" link no longer obscured on double-redirects +* changed directory hierarchy in images/math/. System upgrades from old to + new hierarchy on the fly. +* (bug 3487) Fix category edit preview with preview-on-bottom +* (bug 918) Search index incorrectly joined words at == headings == +* (bug 3877) Render math images into temp directory, then move to hashed + subdir so you can render new math images and have them work +* (bug 2392) Fix Atom items content type, upgrade to Atom 1.0 +* Allow $wgFeedCacheTimeout of 0 to disable feed caching +* Fix WebRequest::getRequestURL() to strip off the host bits squid prepends +* Require POST for action=purge, to stop bots from purging the cache +* Added local message cache feature ($wgLocalMessageCache), to reduce bandwidth + requirements to the memcached server. +* (bug 3562) for go search, try Caps-Variants-Broken-At-Non-Whitespace +* (bug 2569) Use PATH_SEPARATOR instead of trying to guess based on + DIRECTORY_SEPARATOR (was wrong on NetWare) +* (bug 2740) Accept image deletions on 'enter' submit from MSIE +* (bug 3939) Don't try to load text for interwiki redirect target +* (bug 3948) Avoid notice warning in debug statement in bad search +* Recognize Special:Search consistently so read whitelist works +* (bug 3999) Change atom 1.0 feed id; had been unnecessarily complex due to + unclear language in the spec. Now using the URL, same as the permalink, + which someone else will probably whine about because it's not 'perma' + enough or something. +* (bug 4014) Fix include mode for Allpages on small page sets +* (bug 3996) Fix text for new entries in RC RSS/Atom feed +* (bug 3065) Update both watched namespaces when renaming pages +* Changed mail form to have a bigger message entry box (like for editing + a page +* Fix ulimit parameters for wfShellExec when memory_limit is specified in 'm' +* (bug 2111) Collapsable exif metadata table, clean up display +* Reduce fractions in display of exif exposure time +* (bug 4048) Optional footer link to site privacy policy +* Don't die() when update.php reaches the end of the warning count +* (bug 1915) Fix edit links when 'direction' used with 'oldid'; + using revision ID reported via OutputPage; Skin::editUrlOptions() +* Remove obsolete 'redirect=no' on some edit links +* Include oldid for the second revision on edit link on diff view +* (bug 4035) Fix prev/next revision links on edit page +* (bug 4100, 3049) Add 'edittools' message to hold edit tools, put it + on Special:Upload as well as edit, rearrange edit page pieces a bit. + Copyright warning now above the buttons to ensure it's visible, + template list at the bottom so it can grow. +* Optional summary parameter to action=rollback, for user javascript +* (bug 4167) Fix regression caused by patch for bug 153 +* (bug 4169) Use $wgLegalTitleChars in pipe trick conversions +* (bug 4170) Decode HTML character escapes in sort key +* (bug 4201) Fix user-talk mode for Enotif, and general code cleanup +* (bug 4214) Skip redundant action text inserts into the HTML <title> +* (bug 4212) Skip redundant meta-robots tag for default settings +* Fix regression: old version missing from edit links in Nostalgia skin +* (bug 1600) Trigger edit conflict on duplicate section=new submissions +* (bug 4001) Use local variables properly in wikibits.js akeytt() +* Fix regression: old version missing from edit links on CSS/JS pages +* (bug 3211) Include Date, To mail headers when using PEAR::Mail +* (bug 3407) Fix encoding of subject and from/to headers on notification + mails; userMailer() now takes a MailAddress wrapper object instead of + a raw string to abstract things a level. +* Fixed --server override on dumpTextPass.php +* Added plugin interface for dumpBackup, so additional filters and output + sink types can be registered at runtime from an extension +* (bug 349) Fix for some numeric differences not being highlighted + patch by Andrius Ramanauskas +* (bug 4298) Include rc_id on enhanced RC singleton diff links for patrolling +* Did some refactoring on ChangesList.php merging dupe code +* (bug 1586) Fix interwiki generator for wikimedia obscure domains +* (bug 3493) Mark edits patrolled when they are reverted + patch by Leon Planken +* Removed experimental Amethyst skin from default set +* Upgrade old skin preferences properly at Special:Preferences + (used to spontaneously switch to Classic skin for old numeric pref records) +* (bug 3424) Update page_touched for category members on category page creation +* Log views show message when no matches +* Fix raw sitenotice display on database error +* Fix autoconfirm check for old accounts +* (bug 4368) Don't show useless empty preview on new section creation +* Don't show useless empty preview on new page creation +* (bug 4411) Fix messages diff link for classic skin +* (bug 4385) Separate parser cache entries for non-editing users, so section + edit links don't vanish / appear unwanted on protected pages +* (bug 2726, 3397) Fix [[Special:]] and [[:Image]] links in action=render +* (bug 4419) Remove obsolete magnify.png.old +* Removed $wgUseCategoryMagic option, categories are now enabled unconditionally +* (bug 3318) UI workarounds for disabled items in license selector + MSIE/Win: items now grayed out, JS will revert to 'non selected' if clicked + Safari: JS will revert to 'non selected' if clicked (but not gray) + MSIE/Mac: indented items now visible (JS hack) +* (bug 714) "plainlinks" class issues in IE, Opera +* (bug 4317) Inconsistent "broken redirects" messages +* Default interface text for "selflinks" tweaked +* (bug 3194) default implementation of translateBlockExpiry + which uses ipboptions +* (bug 4446) $wgExportAllowHistory option to explicitly disable history in + Special:Export form, 'exportnohistory' message to translate live hack. +* Maintenance script to delete unused user accounts +* (bug 912) Search box easier to reach in text browsers (lynx, links) +* $wgParserCacheExpireTime added +* Skip loading of RecentChange.php except where needed +* Enforce $wgSVGMaxSize when rendering, even for SVGs with a very large source + size. This is necessary to limit server memory usage. +* Cleanup and error checking on Special:Listredirects +* Clear up some instances of old OutputPage::sysopRequired() function usage +* Improve "upload disabled" notice +* Move parts of index.php to include/Wiki.php in an attempt to both cleanup index.php + and create a MediaWiki-class mediaWiki base object +* (bug 4104) Added OutputPageBeforeHTML hook for tweaking primary wiki output + HTML on final output (cached or not) +* Avoid PHP notice on command-line scripts if empty argument is passed ('') +* (bug 4571) Partial fix hack for {{fulllurl:}} in action=render +* (bug 3502) Bowtie symbol for TeX +* (bug 4000) Support for \textstyle et al. in <math> +* (bug 1663) support color in TeX formulas +* (bug 2026) missing glue around \not= (TeX) +* (bug 4576) Missing '>' broke license selector's first option in IE, Opera +* Override $wgLocaltimezone in parser tests for us outside Iceland and UK +* Fix extra whitespace at end of Wiki.php, DESTROYS XML OUTPUT +* Remove redundant 'echo' statements from MonoBook.php +* (bug 1103) Fix up redirect handling for images, categories + Redirects are now followed from the top-level, outside of the Article + content loading and viewing, for clarity and consistency. +* (bug 4104) 'OutputPageBeforeHTML' hook to postprocess article HTML on + page view (comes after parser cache, if used). Patch by ThomasV. +* Linker::formatComment corrupted the passed title object on PHP 5 + if the comment included a section link. Use clone() to make a safe copy. +* Add wfClone() wrapper since we're still using PHP 4 on some servers. +* Remove obsolete killthread.php +* Added wfDie() wrapper, and some manual die(-1), to force the return code + to the shell to return nonzero when we crap out with an error. +* Allow input of the stub from a compressed file instead of stdin + for dumpTextPass.php; easier to get errors back on the shell +* Added an attractive space on the namespace selector on contribs +* Move PHP 5-friendly XHTML doctype hack to Sanitizer, use for sig checks. + Fixes use of named entities in sigs on PHP 5 +* (bug 4482) Include move comment on the null edit as well as the redirect +* (bug 3990) Use existing session name if session.auto_start is on + Fixes checks for open sessions, such as the cookie warning on login. + Patch by Zbigniew Braniecki. +* Add cache-safe alternate sitenotice for anonymous users. (MediaWiki:Anonnotice) + This is displayed instead of the regular sitenotice, if it exists. If not, the + regular sitenotice shows. If that doesn't exist, the value of $wgSiteNotice is used, + and if that's null, then nothing is shown. +* Spit the generated LocalSettings code out during the installer as an aid + to debugging issues. (Keep this?) +* Use __FILE__ to form path in new LocalSettings.php, so it stays accurate + when the directory is relocated for typical usage. +* Auto-update $wgCacheEpoch when LocalSettings.php changes on new installs. + For typical usage this will be a light burden and should reduce confusion + when the configuration is edited. +* Fix $wgCacheEpoch's effect on client-side caching. +* (bug 1122) gray out 'older revision' when viewing first article revision. +* Clearer message in DefaultSettings.php: edit LocalSettings.php instead +* MonoBook skin top link id changed from "contentTop" to "top" (shared with + name attribute) +* (bug 3350) Missing label for move talk page checkbox. +* (bug 2108) Sort entries when using category browser +* (bug 2393) Fix MIME type for Atom feeds ( application/rss+atom ) +* Add ".deps.php" include-file preloaders for some dynamically-loaded + language and skin classes. Should help with the broken base-class + problem under PHP 5 with APC as opcode cache. See details: + http://mail.wikipedia.org/pipermail/wikitech-l/2006-January/033660.html +* Small changes to tabs in Monobook skin c/o Chris Ware +* (bug 4679) Work around buggy basename() function in PHP5, which breaks + uploads of files starting with multibyte characters on Linux. + wfBaseName() doesn't suffer this bug, and understands backslash on + both Unix and Windows. +* (bug 3603) headscripts variable not hooked up to MonoBook skin +* Allow local cdb-based interwiki cache +* Use the "block", not the "protect" permission, when determining whether to + show a "block user" link in the toolbox +* Fix backup dump text prefetch for XMLReader constant changes in PHP 5.1 +* Suppress useless percentage indicator on output from 7za during dumps +* (bug 4633) Add (previous 200) (next 200) also above catlinks +* (bug 4686) Fix regression where ?diff=0&oldid=0 caused fatal error on + pages with only one revision. Fixes message diff link on first edit. +* Fix dependence on hardcoded UNIQ_PREFIX in LanguageConverter.php +* Do not check lag on external storage servers +* Do not tidy interface messages (unless full tidy is set) +* Do not trust equality propagation and give more hints to MySQL + optimizer for revision fetches (avoids index scans) +* Use revision rate for ETA in dump generation; it tends to be more stable + than the per-page count for full-history dumps. +* Include timestamp in wfDebugLog breakouts +* (bug 4469) Namespace-specific notice to be displayed below site-notice + Edit messages like "MediaWiki:Namespacenotice-" plus namespace name + which is blank for main namespace, or like e.g. "User_talk" +* Adjust user login/creation form hooks to work with a captcha plugin +* (bug 1284) Inline styles for diffs in Recent Changes RSS/Atom feeds +* (bug 4824) IE7 beta 2 broke compatibility with PNG logo workarounds, + and seems to work ok with other bits. No longer including the IE + workarounds JavaScript for IE 7 and above. +* Fix extra namespace for Bulgarian +* (bug 4303) Add $wgFavicon to change the shorticon icon link from + the default /favicon.ico or disable it (if set to false) +* (bug 3347) strip linebreaks in math error source +* (bug 4841) Warning for non-logged-in edits +* (bug 4867) Leave invalid EXIF date fields unformatted instead of + showing a bogus current timestamp +* Reset $wgActionPaths during parser test; corrects some false failures + in the automated test report. +* (bug 4875) Define a div containing the shared image description +* (bug 4860) Expose Title->userCan() as Hooks +* (bug 4828) Fix genitive month-name variable for cs, pl, uk +* (bug 4842) Fix 'show number of watching users' with enhanced RC +* (bug 4889) Fix image talk namespace for Tamil +* (bug 4147) Added cleanupWatchlist.php to clear out bogus watchlist entries +* (partial bug 3456) Disable auto redirect to Main Page after account creation +* (bug 4824) Separate out IE7 CSS compat hacks, fix for RTL pages +* Added support for wikidiff2 and similar external diff engines. +* Allow cookies to be shared between multiple wikis with a shared user database +* Blocking some Unicode whitespace characters in usernames. Should check + if some or all should be blocked from all page titles. +* Unknown log types no longer throw notices everywhere in RecentChanges +* (bug 4502, 5017) Don't render potentially hostile deleted page contents + on Special:Undelete by default; show source, with an optional preview. + The revisions list no longer shows the latest text by default, so it can + still be operated if the text is hostile. +* (bug 5013) Check for existence on "return to" links +* Removed trailing whitespace on a bunch more messages. +* Fix missing bad title check in Special:Booksources +* Remove empty booksources string in fy +* Avoid corrupting <gallery> inside <!-- comment --> +* Remove legacy PHPTal code, hasn't been maintained in ages. +* Tweak Userlogin include order for APC issue +* Don't try to link to current page on protection tab +* More exact checking in Title::equals() to fox moves of numerically similar + page titles. (Odd hex title bug on 64-bit.) +* Fix explicit s-maxage=0 on raw pages; should help with proxy issues in + generated stylesheets... hopefully... +* (bug 4685) More fixes for Slovenian project namespace +* Fixed and enhanced a little the Live Preview, which had been broken for some time +* Added article size limit, $wgMaxArticleSize +* (bug 4974) Don't follow redirected talk page on "new messages" link +* (bug 4970) Make category paging limits configurable +* (bug 4535) Warn user when editing CSS or JS subpage of a skin that doesn't exist +* Make Live Preview an user preference, still controllable by the global variable +* Rename the stub LanguageAls / LanguageGem_alsation to LanguageGsw to follow + updated language code assignments +* (bug 5081) Remove bogus fix for invalid characters in links which simply + broke use of legitimate multiple whitespace characters in bracketed link. +* (bug 4838) Add relative oldids (prev, next, cur) for raw pages + Patch by Lupin +* (bug 5086) Force image resize dimensions on ImageMagick, as for instance + "-resize 100x35!"; some thumbs were off due to differences in rounding and + would be generated smaller than expected. +* (bug 5062) Width sometimes one pixel short when using maximum heights +* Purge thumbnails and metadata cache for action=purge on an image page +* (bug 4273) Bounce back with a message when attempting to submit a new comment + with an empty main textbox (user probably hit Enter in subject field) +* (bug 5141) Gracefully handle the new account link when createaccount off +* (bug 5150 and related) Fix missing ID attribute in HTML namespace selector +* (bug 5152) Proper HTML escaping on subpage breadcrumbs +* (bug 4855) Section edit links now have the section name in the title attribute. +* (bug 2115) Support shift-selecting multiple checkboxes with JavaScript. +* (bug 5161) Don't try to load template list for nonexistent pages +* (bug 5228) Workaround for broken LanguageConverter title overrides; avoid + unnecessary hidden UI work when watch/unwatch is performed on edit +* Fixed bogus master fallback in external storage +* (bug 5246) Add speak:none to "hiddenStructure" class in main.css +* Further work on rev_deleted; changed to a bitfield with several data-hiding + options. Not yet ready for production use; Special:Revisiondelete is + incomplete, and the flags are not preserved across page deletion/undeletion. + To try it; add the 'deleterevision' permission to a privileged group. +* (bug 5270) Fix broken linktrail for br, cv, fr, hr, nn, oc, ta, wa +* Add a clickable contribs link in user tool links (rc, watchlist, diff view) + to see how people like it. (There was one in the old hacked-up diff view.) +* (bug 5236) Load wikibits.js before site-customized javascript +* (bug 4119) Workaround for <nowiki> following link in Walloon; remove capitals + from linktrail, as they're not used anywhere else. +* (bug 4781) Output links with the percent-encoding they're supplied with; + save the normalization for internal link storage. The normalization is a bit + buggy and can make incorrect foldings in the query string and such, so isn't + reliable beyond the hostname where it's used for the spam bulk checker. +* Don't URL-decode in the title attribute for URL links; it can produce false + results that don't code back to their original values. +* (bug 4611) Add user preference (default on) to add new pages to creators's watchlist +* (bug 5286) Fix regression in display of missing/bad revision IDs +* (bug 4729) Add user preference that marks a user's edits as patrolled if user is able to +* (bug 4630) Add user preference to prompt users when entering blank edit summaries +* Added optional suggest feature for the search box. Set wgUseAjax to true to + enable it. +* (bug 5277) Use audio/midi rather that audio/mid +* (bug 5410) Use namespace name when a custom namespace's nstab-NS message is nonexistent +* (bug 5432) Fix inconsistencies in cookie names when using table prefixes +* Additional protections against HTML breakage in table parsing +* (bug 5355) Include skin name and style JS settings in page source; + fixes regression where Opera 6/7 and KHTML CSS fixes weren't applied + when wikibits.js was moved up before user JS inclusion. +* Added $wgColorErrors: if set, database error messages will be highlighted + when running command-line scripts in a Unix terminal. +* (bug 5195) rebuildrecentchanges.php works again; Database::insertSelect now + has a parameter for select options. +* Fix updateSearchIndex.php for new schema +* Fix bogus "filename too short" error when uploading files with a period in the base + name, e.g. "Mr. Zee.png" +* (bug 2139) Show page title in subtitle when viewing "read only" page +* (bug 5452) Update language name for Cree + + + +---- + +== MediaWiki 1.5.8 == + +March 26, 2006 + +MediaWiki 1.5.8 is a security and bugfix maintenance release. + +A bug in decoding of certain encoded links could allow injection of raw +HTML into page output; this could potentially lead to XSS attacks. + +Some minor UI fixes were also made, see the change log at the bottom of +this file. + + +== MediaWiki 1.5.7 == + +March 2, 2006 + +MediaWiki 1.5.7 is a bugfix maintenance release. + +Most importantly, a security issue in the installer has been fixed. The bug +affects new installations of 1.5.6 only. If the user specified the MySQL root +password, to allow the installer to create an unprivileged account, the +installer would not only create the new account but also change the root +password to be equal to the password of the new account. + +Anyone affected by this bug will need to change the root password back +manually. For information about how to change passwords in MySQL please see: +http://dev.mysql.com/doc/refman/5.1/en/passwords.html + +This version includes fixes for compatibility with Internet Explorer 7 +beta 2, and various other bugs; see the full changelog at the end of +the release notes. + + +== MediaWiki 1.5.6 == + +January 19, 2006 + +MediaWiki 1.5.6 is a security and bugfix maintenance release. + +A bug in edit comment formatting could send PHP into an infinite loop +if certain malformed links were included. In most installations, this +would cause the script to fail after PHP's 30-second failsafe timeout. + +Some improvements have been made to the installer which should make +installation possible on a system with a broken MySQL "root" account. + +For several other minor fixes, see the complete changelog at the end +of this file. + + +== MediaWiki 1.5.5 == + +January 5, 2006 + +MediaWiki 1.5.5 is a security and bugfix maintenance release. + +Detection for uploads of Windows Metafile (.wmf) images has been added +to help protect against a client-side vulnerability in unpatched Microsoft +Windows operating systems. + +Sites which have enabled uploads and added non-standard file types +(such as .ogg, .doc, or .pdf) should upgrade to this release to ensure +that malicious .wmf files can't be uploaded with a fake extension; +such files could put visitors to the site at risk. + +For more details on this, see: +http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability + +Additionally, a maintenance script removeUnusedAccounts.php has been added; +this replaces an older Perl script which had not been updated for the new +schema in 1.5. + + +== MediaWiki 1.5.4 == + +December 21, 2005 + +MediaWiki 1.5.4 is a security and bugfix maintenance release. + +A hardcoded internal placeholder string has been replaced with a random +one. This closes a hole where security checks in inline style attributes +could be bypassed, injecting JavaScript code that could execute in +Microsoft Internet Explorer. + +Other browsers would not be vulnerable. + +Several minor fixes are included in this release, most notably a fix +to clear the "you have new messages" flag properly for usernames +containing spaces when e-mail notification is enabled. + +See the changelog at the end of the release notes for a full list of +fixes. + + +== MediaWiki 1.5.3 == + +December 4, 2005 + +MediaWiki 1.5.3 is a security and bugfix maintenance release. + +Validation of the user language option was broken by a code change in +May 2005, opening the possibility of remote code execution as this +parameter is used in forming a class name dynamically created with +eval(). + +The validation has been corrected in this version. All prior 1.5 release +and prelease versions are affected; 1.4 and earlier and not affected. + +Additionally several bugs have been fixed; see the changelog later in +this file for a complete list. + + +== MediaWiki 1.5.2 == + +November 2, 2005 + +MediaWiki 1.5.2 is a bugfix maintenance release. + +A change in PHP 4.4.1 and PHP 5.1.0RC broke handling of extension and +<pre> sections, causing garbage data to be inserted in output and saved +edits. This version works around the change. + +Several other glitches with MySQL 5.0 and PHP 5.0.5 were also fixed; +see the change log below for a complete list. + + +== MediaWiki 1.5.1 == + +October 26, 2005 + +MediaWiki 1.5.1 is a bugfix and security maintenance release, and is a +recommended upgrade for all installations. + +This release includes further corrections to the inline CSS style sanitation +which works around a JavaScript "feature" on Microsoft Internet Explorer. +Users of Microsoft Internet Explorer for Windows may be vulnerable to +XSS injections on prior versions; users of standards-compliant browsers +are not vulnerable. + +Major fixes include: +* Image pages work again with resizing disabled +* Works in MySQL 5.0 strict mode + +There is experimental support in this release for explicitly declaring +the UTF-8 charset in the database; this has been tested with MySQL 5.0.15 +but should work on 4.1 as well. + +IMPORTANT: Changing this setting on an existing wiki may produce interesting +data corruption, depending on server configuration. Page contents should, +usually, be unaffected, but page titles and other items may be. Limitations +in MySQL's Unicode support mean that characters outside the BMP cannot be used +in page titles or various other fields when using this mode. + +Table definitions are in maintenance/mysql5/tables.sql, and the runtime +option to send 'SET NAMES utf8' is set by $wgDBmysql5 = true. + +(MySQL 3.23.x and 4.0.x do not support character set declarations; on these +versions MediaWiki simply works with UTF-8 data and MySQL is blissfully +unaware of it.) + + + +== MediaWiki 1.5.0 final == + +October 5, 2005 + +MediaWiki 1.5.0 is the new stable release branch of MediaWiki, and is +recommended for all new installations. + +Any wikis running a 1.5 beta or release candidate are strongly recommended +to upgrade to the final release, which includes a number of bug fixes and +a security fix for CSS bugs in Microsoft Internet Explorer. + +IMPORTANT: Running a 1.3 or 1.4 wiki and don't want to jump to 1.5 yet? +Be sure to upgrade to 1.3.17 or 1.4.11, also released today. Versions +prior to 1.3.16 and 1.4.10 have a serious data corruption bug which is +triggered by a spambot known to operate in the wild. + + +=== What's new in 1.5? === + +Schema: + The core table schema has changed significantly. This should make better + use of the database's cache and disk I/O, and make significantly speed up + rename and delete operations on pages with very long edit histories. + + Unfortunately this does mean upgrading a wiki of size from 1.4 will require + some downtime for the schema restructuring, but future storage backend + changes should be able to integrate into the new system more easily. + +Permalinks: + The current revision of a page now has a permanent 'oldid' number assigned + immediately, and the id numbers are now preserved across deletion/undeletion. + A permanent reference to the current revision of a page is now just a matter + of going to the 'history' tab and copying the first link in the list. + +Page move log: + Renames of pages are now recorded in Special:Log and the page history. + A handy revert link is available from the log for sysops. + +Editing diff: + Ever lost track of what you'd done so far during an edit? A 'Show diff' + button on the edit page now makes it easy to remember. + +Uploads: + It's now possible to specify the final filename of an upload distinct + from the original filename on your disk. + + An image link for a missing file will now take you straight to the upload page. + + More metadata is pre-extracted from uploaded images, which will ease pressure + on disk or NFS volumes used to store images. EXIF metadata is displayed on + the image description page if PHP is configured with the necessary module. + + If .svg files are added to the upload whitelist, you can choose to render + them to rasterized .png images for inline display using one of several + external helper programs. See DefaultSettings.php for SVG options. + +User accounts: + There are some changes to the user permissions system, with assignable + groups. Note that this does *not* allow you to make pages which are only + accessible to certain groups. + + For details see: http://meta.wikimedia.org/wiki/Help:User_rights + +E-mail: + User-to-user e-mail can now be restricted to require a mail-back confirmation + first to reduce potential for abuse with false addresses. + + Updates to user talk pages and watchlist entries can optionally send e-mail + notifications. + +External hooks: + A somewhat experimental interface for hooking in an external editor + application is included. + +And... + A bunch of stuff we forgot to mention. + + +=== What's gone? === + +Latin-1: + Wikis must now be encoded in Unicode UTF-8; this has been the default for + some time, but some languages could optionally be installed in Latin-1 mode. + This is no longer supported. + + You can check if your current wiki is in Latin-1 mode by using your browser's + "view source"; look for a line like this: + + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + + If it says charset=utf-8, you're ready. If it says charset=iso8859-1, + you may need to convert your data. (English-language wikis avoiding + any accented characters may be able to get away without conversion.) + +MySQL 3.x: + Some optimization hacks for MySQL 3.x have been removed as part of the schema + clean-up (specifically, the inverse_timestamp fields). + + MediaWiki 1.5 may still run on 3.x, but wikis of non-trivial size should + very seriously consider upgrading to a more modern release. MySQL 3.x support + will probably be entirely dropped in the next major release. + +Special:Maintenance + These tools were, ironically enough, not really maintained. This special + page has been removed; insofar as some of its pieces were useful and haven't + already been supplanted by other special pages they should be rewritten in + an efficient and safe manner in the future. + + +=== Caveats === + +Upgrade: + Wikis in Latin-1 encoding are no longer supported; only Unicode UTF-8. + A new option $wgLegacyEncoding is provided to allow on-the-fly recoding of + old page text entries, but other metadata fields (titles, comments etc) need + to be pre-converted. The standard upgrade process does not yet fully automate + this, but you can try the alternate partial-upgrader in upgrade1_5.php. + + The upgrade from 1.4 to 1.5 schema has not been tested for all cases, so + it's possible you may experience problems in some combinations. + +Backups: + The text entries of deleted pages are no longer removed from the main + text table on deletion. If you provide public backup dumps of your databases, + you will probably want to use the new XML-format dump generator, available + as maintenance/dumpBackup.php. + + For more information on how we run our own public data dumps at Wikimedia, + see http://meta.wikimedia.org/wiki/Data_dumps + +PostgreSQL: + The table definitions for PostgreSQL install are out of date. PostgreSQL + support may return in later releases, pending appropriate patches. + +MySQL 4.1+: + Some users may encounter installation problems with MySQL 4.1 or higher + due to strange charset encoding / collation configurations. Try setting + to 'latin1' or 'utf8' if you encounter problems. + + + +== MediaWiki 1.5 release candidate 4 == + +August 29, 2005 + +MediaWiki 1.5rc4 is a preview release of the new 1.5 release series. +It fixes compatibility with PHP 5.1, and corrects two cross-site scripting +security bugs: + +* <math> tags were handled incorrectly when TeX rendering support is off, + as in the default configuration. +* Extension or <nowiki> sections in Wiki table syntax could bypass HTML + style attribute restrictions for cross-site scripting attacks against + Microsoft Internet Explorer + +Wikis where the optional math support has been *enabled* are not vulnerable +to the first, but are vulnerable to the second. + + + +== MediaWiki 1.5 release candidate 3 == + +August 24, 2005 + +MediaWiki 1.5rc3 is a preview release of the new 1.5 release series. +It fixes several major problems in 1.5rc2: + +* Fixed a cross-site scripting injection in the search form + (broken since 1.5beta1) + +* Fixed upgrades from 1.4 database schema + (broken since 1.5rc2) + +1.3 and 1.4 releases are not vulnerable to the XSS bug, but anyone +running an earlier 1.5 beta or release candidate should upgrade +immediately. + + +== MediaWiki 1.5 release candidate 2 == + +August 23, 2005 + +MediaWiki 1.5rc2 is a preview release of the new 1.5 release series. +Numerous bug fixes since last beta, plus a security fix; see change +log below for full details. + +A flaw in the interaction between extensions and HTML attribute +sanitization was discovered which could allow unauthorized use +of offsite resources in style sheets, and possible exploitation +of a JavaScript injection feature on Microsoft Internet Explorer. + +This version expands the returned text and properly checks it +before output. + +A 1.5rc1 release was mistakenly made from the incorrect source code +branch; 1.5rc2 is identical to the actual 1.5rc1 in revision control +except for version number. + + +== MediaWiki 1.5 beta 4 == + +July 30, 2005 + +MediaWiki 1.5 beta 4 is a preview release of the new 1.5 release series. +A number of bugs have been fixed since beta 3; see the full changelist below. + + +== MediaWiki 1.5 beta 3 == + +July 7, 2005 + +MediaWiki 1.5 beta 3 is a preview release of the new 1.5 release +series, with a security update over beta 2. + +Incorrect escaping of a parameter in the page move template could +be used to inject JavaScript code by getting a victim to visit a +maliciously constructed URL. Users of vulnerable releases are +recommended to upgrade to this release. + +Vulnerable versions: +* 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3 +* 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6 +* 1.3 legacy series: not vulnerable + +This release also includes several bug fixes and localization updates. +See the changelog at the end of this file for a detailed list. + + + +== MediaWiki 1.5 beta 2 == + +July 5, 2005 + +MediaWiki 1.5 beta 2 is a preview release of the new 1.5 release series. +While most exciting new bugs should have been ironed out at this point, +third-party wiki operators should probably not run this beta release +on a public site without closely following additional development. + +Anyone who _has_ been running beta 1 is very very strongly advised to +upgrade to beta 2, as it fixes many bugs from the previous beta including +a couple of HTML and SQL injections. + +This release should be followed by one or two release candidates and +a 1.5.0 final within the next few weeks. + +Beta upgraders, note there are some minor database changes. For upgrades +from 1.4, see the file UPGRADE for details on significant database and +configuration file changes. + +Beta 2 includes a preliminary command-line XML wiki dump importer tool, +maintenance/importDump.php, paired with maintenance/dumpBackup.php. +These use the same format as Special:Export and Special:Import, able +to package a wiki's entire page set independent of the backend database +and compression format. + + +== MediaWiki 1.5 beta 1 == + +June 26, 2005 + +MediaWiki 1.5 beta 1 is a preview release, pretty much feature complete, +of the new 1.5 release series. There are several known and likely a number +of unknown bugs; it is not recommended to use this release in a production +environment but would be recommended for testing in mind of an upcoming +deployment. + +A number of significant changes have been made since the alpha releases, +including database changes and a reworking of the user permissions settings. +See the file UPGRADE for details of upgrading and changing your prior +configuration settings for the new system. + + + +== MediaWiki 1.5 alpha 2 == + +June 3, 2005 + +MediaWiki 1.5 alpha 2 includes a lot of bug fixes, feature merges, +and a security update. + +Incorrect handling of page template inclusions made it possible to +inject JavaScript code into HTML attributes, which could lead to +cross-site scripting attacks on a publicly editable wiki. + +Vulnerable releases and fix: +* 1.5 prerelease: fixed in 1.5alpha2 +* 1.4 stable series: fixed in 1.4.5 +* 1.3 legacy series: fixed in 1.3.13 +* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended + + +== MediaWiki 1.5 alpha 1 == + +May 3, 2005 + +This is a testing preview release, being put out mainly to aid testers in +finding installation bugs and other major problems. It is strongly recommended +NOT to run a live production web site on this alpha release. + +** WARNING: USE OF THIS ALPHA RELEASE MAY INFEST YOUR HOUSE WITH ** +** TERMITES, ROT YOUR TEETH, GROW HAIR ON YOUR PALMS, AND PASTE ** +** INNUENDO INTO YOUR C.V. RIGHT BEFORE A JOB INTERVIEW! ** +** DON'T SAY WE DIDN'T WARN YOU, MAN. WE TOTALLY DID RIGHT HERE. ** + + +=== Smaller changes since 1.4 === + +Various bugfixes, small features, and a few experimental things: + +* 'live preview' reduces preview reload burden on supported browsers +* support for external editors for files and wiki pages: + http://meta.wikimedia.org/wiki/Help:External_editors +* Schema reworking: http://meta.wikimedia.org/wiki/Proposed_Database_Schema_Changes/October_2004 +* (bug 15) Allow editors to view diff of their change before actually submitting an edit +* (bug 190) Hide your own edits on the watchlist +* (bug 510): Special:Randompage now works for other namespaces than NS_MAIN. +* (bug 1015) support for the full wikisyntax in <gallery> captions. +* (bug 1105) A "Destination filename" (save as) added to Special:Upload Upload. +* (bug 1352) Images on description pages now get thumbnailed regardless of whether the thumbnail is larger than the original. +* (bug 1662) A new magicword, {{CURRENTMONTHABBREV}} returns the abbreviation of the current month +* (bug 1668) 'Date format' supported for other languages than English, see: + http://mail.wikipedia.org/pipermail/wikitech-l/2005-March/028364.html +* (bug 1739) A new magicword, {{REVISIONID}} give you the article or diff database + revision id, useful for proper citation. +* (bug 1998) Updated the Russian translation. +* (bug 2064) Configurable JavaScript mimetype with $wgJsMimeType +* (bug 2084) Fixed a regular expression in includes/Title.php that was accepting invalid syntax like #REDIRECT [[foo] in redirects +* It's now possible to invert the namespace selection at Special:Allpages and Special:Contributions +* No longer using sorbs.net to check for open proxies by default. +* What was $wgDisableUploads is now $wgEnableUploads, and should be set to true if one wishes to enable uploads. +* Supplying a reason for a block is no longer mandatory +* Language conversion support for category pages +* $wgStyleSheetDirectory is no longer an alias for $wgStyleDirectory; +* Special:Movepage can now take paramaters like Special:Movepage/Page_to_move + (used to just be able to take paramaters via a GET request like index.php?title=Special:Movepage&target=Page_to_move) +* (bug 2151) The delete summary now includes editor name, if only one has edited the article. +* (bug 2105) Fixed from argument to the PHP mail() function. A missing space could prevent sending mail with some versions of sendmail. +* (bug 2228) Updated the Slovak translation +* ...and more! + + +=== Changes since 1.5alpha1 === + +* (bug 73) Category sort key is set to file name when adding category to + file description from upload page (previously it would be set to + "Special:Upload", causing problems with category paging) +* (bug 419) The contents of the navigation toolbar are now editable through + the MediaWiki namespace on the MediaWiki:navbar page. +* (bug 498) The Views heading in MonoBook.php is now localizable +* (bug 898) The wiki can now do advanced sanity check on uploaded files + including virus checks using external programs. +* (bug 1692) Fix margin on unwatch tab +* (bug 1906) Generalize project namespace for Latin localization, update namespaces +* (bug 1975) The name for Limburgish (li) changed from "Lèmburgs" to "Limburgs +* (bug 2019) Wrapped the output of Special:Version in <div dir='ltr'> in order + to preserve the correct flow of text on RTL wikis. +* (bug 2067) Fixed crash on empty quoted HTML attribute +* (bug 2075) Corrected namespace definitions in Tamil localization +* (bug 2079) Removed links to Special:Maintenance from movepagetext message +* (bug 2094) Multiple use of a template produced wrong results in some cases +* (bug 2095) Triple-closing-bracket thing partly fixed +* (bug 2110) "noarticletext" should not display on Image page for "sharedupload" media +* (bug 2150) Fix tab indexes on edit form +* (bug 2152) Add missing bgcolor to attribute whitelist for <td> and <th> +* (bug 2176) Section edit 'show changes' button works correctly now +* (bug 2178) Use temp dir from environment in parser tests +* (bug 2217) Negative ISO years were incorrectly converted to BC notation +* (bug 2234) allow special chars in database passwords during install +* Deprecated the {{msg:template}} syntax for referring to templates, {{msg: is + now the wikisyntax representation of wfMsgForContent() +* Fix for reading incorrectly re-gzipped HistoryBlob entries +* HistoryBlobStub: the last-used HistoryBlob is kept open to speed up + multiple-revision pulls +* Add $wgLegacySchemaConversion update-time option to reduce amount of + copying during the schema upgrade: creates HistoryBlobCurStub reference + records in text instead of copying all the cur_text fields. Requires + that the cur table be left in place until/unless such fields are migrated + into the main text store. +* Special:Export now includes page, revision, and user id numbers by + default (previously this was disabled for no particular reason) +* dumpBackup.php can dump the full database to Export XML, with current + revisions only or complete histories. +* The group table was renamed to groups because "group" is a reserved word in + SQL which caused some inconveniances. +* New fileicons for c, cpp, deb, dvi, exe, h, html, iso, java, mid, mov, o, + ogg, pdf, ps, rm, rpm, tar, tex, ttf and txt files based on the KDE + crystalsvg theme. +* Fixed a bug in Special:Newimages that made it impossible to search for '0' +* Added language variant support for Icelandic, now supports "Íslenzka" +* The #p-nav id in MonoBook is now #p-navigation +* Putting $4 in msg:userstatstext will now give the percentage of + admnistrators out of normal users. +* links and brokenlinks tables merged to pagelinks; this will reduce pain + dealing with moves and deletes of widely-linked pages. +* Add validate table and val_ip column through the updater. +* Simple rate limiter for edits and page moves; set $wgRateLimits + (somewhat experimental; currently needs memcached) +* (bug 2262) Hide math preferences when TeX is not enabled +* (bug 2267) Don't generate thumbnail at the same size as the source image. +* Fix rebuildtextindex.inc for new schema +* Remove linkscc table code, no longer used. +* (bug 2271) Use faster text-only link replacement in image alt text + instead of rerunning expensive link lookup and HTML generation. +* Only build the HTML attribute whitelist tree once. +* Replace wfMungeToUtf8 and do_html_entity_decode with a single function + that does both numeric and named chars: Sanitizer::decodeCharReferences +* Removed some obsolete UTF-8 converter functions +* Fix function comment in debug dump of SQL statements +* (bug 2275) Update search index more or less right on page move +* (bug 2053) Move comment whitespace trimming from edit page to save; + leaves the whitespace from the section comment there on preview. +* (bug 2274) Respect stub threshold in category page list +* (bug 2173) Fatal error when removing an article with an empty title from the watchlist +* Removed -f parameter from mail() usage, likely to cause failures and bounces. +* (bug 2130) Fixed interwiki links with fragments +* (bug 684) Accept an attribute parameter array on parser hook tags +* (bug 814) Integrate AuthPlugin changes to support Ryan Lane's external + LDAP authentication plugin +* (bug 2034) Armor HTML attributes against template inclusion and links munging + +=== Changes since 1.5alpha2 === + +* (bug 2319) Fix parse hook tag matching +* (bug 2329) Fix title formatting in several special pages +* (bug 2223) Add unique index on user_name field to prevent duplicate accounts +* (bug 1976) fix shared user database with a table prefix set +* (bug 2334) Accept null for attribs in wfElement without PHP warning +* (bug 2309) Allow templates and template parameters in HTML attribute zone, + with proper validation checks. (regression from fix for 2304) +* Disallow close tags and enforce empty tags for <hr> and <br> +* Changed user_groups format quite a bit. +* (bug 2368) Avoid fatally breaking PHP 4.1.2 in a debug line +* (bug 2367) Insert correct redirect link record on page move +* (bug 2372) Fix rendering of empty-title inline interwiki links +* (bug 2384) Fix typo in regex for IP address checking +* (bug 650) Prominently link MySQL 4.1 help page in installer if a possible + version conflict is detected +* (bug 2394) Undo incompatible breakage to {{msg:}} compatiblity includes +* (bug 1322) Use a shorter cl_sortkey field to avoid breaking on MySQL 4.1 + when the default charset is set to utf8 +* (bug 2400) don't send confirmation mail on account creation if + $wgEmailAuthentication is false. +* (bug 2172) Fix problem with nowiki beeing replaced by marker strings + when a template with a gallery was used. +* Guard Special:Userrights against form submission forgery +* (bug 2408) page_is_new was inverted (whoops!) +* Added wfMsgHtml() function for escaping messages and leaving params intact +* Fix ordering of Special:Listusers; fix groups list so it shows all groups + when searching for a specific group and can't be split across pages +* (bug 1702) Display a handy upload link instead of a useless blank link + for [[media:]] links to nonexistent files. +* (bug 873) Fix usage of createaccount permission; replaces $wgWhitelistAccount +* (bug 1805) Initialise $wgContLang before $wgUser +* (bug 2277) Added Friulian language file +* (bug 2457) The "Special page" href now links to the current special page + rather than to "". +* (bug 1120) Updated the Czech translation +* A new magic word, {{SCRIPTPATH}}, returns $wgScriptPath +* A new magic word, {{SERVERNAME}}, returns $wgServerName +* A new magic word, {{NUMBEROFFILES}}, returns the number of rows in the image table +* Special:Imagelist displays titles with " " instead of "_" +* Less gratuitous munging of content sample in delete summary +* badaccess/badaccesstext to supercede sysop*, developer* messages +* Changed $wgGroupPermissions to more cut-n-paste-friendly format +* 'developer' group deprecated by default +* Special:Upload now uses 'upload' permission instead of hardcoding login check +* Add 'importupload' permission to disable direct uploads to Special:Import +* (bug 2459) Correct escaping in Special:Log prev/next links +* (bug 2462 etc) Taking out the experimental dash conversion; it broke too many + things for the current parser to handle cleanly +* (bug 2467) Added a Turkish language file +* Fixed a bug in Special:Contributions that caused the namespace selection to + be forgotten between submits +* Special:Watchlist/edit now has namespace subheadings +* (bug 1714) the "Save page" button now has right margin to seperate it from + "Show preview" and "Show changes" +* Special:Statistics now supports action=raw, useful for bots designed to + harwest e.g. article counts from multiple wikis. +* The copyright confirmation box at Special:Upload is now turned off by default + and can be turned back on by setting $wgCopyrightAffirmation to a true value. +* Restored prior text for password reminder button and e-mail, replacing + the factually inaccurate text that was there. +* (bug 2178) Fix temp dir check again +* (bug 2488) Format 'deletedtext' message as wikitext +* (bug 750) Keep line endings consistent in LocalSettings.php +* (bug 1577) Add 'printable version' tab in MonoBook for people who don't + realize you can just hit print to get a nicely formatted printable page. +* Trim whitespace from option values to weather line-ending corruption problems +* Fixed a typo in the Romanian language file (NS_MESIA => NS_MEDIA) +* (bug 2504) Updated the Finnish translation +* (bug 2506, 2512) Updated the Nynorsk translation +* (bug 996) Replace $wgWhitelistEdit with 'edit' permission; fixup UPGRADE + documentation about edit and read whitelists. +* (bug 2515) Fix incremental link table update +* Removed some wikipedia-specifica from LanguageXx.php's +* (bug 2496) Allow MediaWiki:edithelppage to point to external page +* Added a versionRequired() function to OutputPage, useful for extension + writers that want to control what version of MediaWiki their extension + can be used with. +* Serialized user objects now checked for versioning +* Fix for interwiki link regression +* Printable link shorter in monobook +* Experimental Latin-1-and-replication-friendly upgrader script +* (bug 2520) Don't show enotif options when disabled + +== Changes since 1.5beta1 == + +* (bug 2531) Changed the interwiki name for sh (Serbocroatian) to + Srpskohrvatski/Српскохрватски (was Српскохрватски (Srbskohrvatski)) +* Nonzero return code for command-line scripts on wfDebugDieBacktrace() +* Conversion fix for empty old table in upgrade1_5.php +* Try reading revisions from master if no result on slave +* (bug 2538) Suppress notice on user serialized checks +* Fix paging on Special:Contributions +* (bug 2541) Fix unprotect tab +* (bug 1242) category list now show on edit page +* Skip sidebar entries where link text is '-' +* Convert non-UTF-8 URL parameters even if referer is local +* (bug 2460) <img> width & height properly filled when resizing image +* (bug 2273) deletion log comment used user interface langage +* Try reading revision _text_ from master if no result on slave +* Use content-language message cache for raw view of message pages +* (bug 2530) Not displaying talk pages on Special:Watchlist/edit +* Fixed a bug that would occour if $wgCapitalLinks was set to false, a user + agent could create a username that began with a lower case letter that was + not in the ASCII character set ( now user $wgContLang->ucfirst() instead of + PHP ucfirst() ) +* Moved the user name / password validity checking from + LoginForm::addNewAccountInternal() to two new functions, + User::isValidUserName() and User::isValidPassword(), extensions can now do + these checks without rewriting code. +* Fix $wgSiteNotice when MediaWiki:Sitenotice is set to default '-' +* Fixed a bug where the watchlist count without talk pages would be off by a + factor of two. +* upgrade1_5.php uses insert ignore, allows to skip image info initialization +* Fix namespaces in category list. +* Add rebuildImages.php to update image metadata fields +* Special:Ancientpages is expensive in new schema for now +* (bug 2568) Fixed a logic error in the Special:Statistics code which caused + the displayed percentage of admins to be totally off. +* (bug 2560) Don't show blank width/height attributes for missing size +* Don't show bogus messages about watchlist notifications when disabled +* Don't show old debug messages in watchlist +* (bug 2576) Fix recording of transclusion links +* (bug 2577) Allow sysops to enter non-standard block times +* Fixed a bug where Special:Contributions wouldn't remember the 'invert' + status between next/previous buttons. +* Move MonoBook printable link from tab to sidebar +* (bug 2567) Fix HTML escaping on category titles in list +* (bug 2562) Show rollback link for current revisions on diff pages +* (bug 2583) Add --missinig option on rebuildImages.php to add db entries + for uploaded files that don't have them +* (bug 2572) Fix edit conflict handling +* (bug 2595) Show "Earlier" and "Latest" links on history go to the first/last + page in the article history pager. +* Don't show empty-page text in 'Show changes' on new page +* (bug 2591) Check for end, fix limits on Whatlinkshere +* (bug 2584) Fix output of subcategory list +* (bug 2597) Don't crash when undeleting an image description page +* (bug 2564) Don't show "editingold" warning for recent revision +* Various code cleanup and HTML escaping fixlets +* Copy IRC-over-UDP update option from REL1_4 +* (bug 2548) Keep summary on 'show changes' of section edit +* Move center on toc to title part to avoid breaking .toc style usage +* HTML sanitizer: correct multiple attributes by keeping last, not first +* (bug 2614) Fix section edit links on diff-to-current with oldid set + Also fix navigation links on current-with-oldid view. +* (bug 2620) Return to prior behavior for some more things (such as + subpage parent links) on current-diff view. +* (bug 2618) Fix regression from another fix; show initial preview for + categories only if the page does not exist. +* (bug 2625) Keep group & user settings when paging in Listusers +* (bug 2627) Fix regression: diff radio button initial selection +* Copy fix for old search URLs with Lucene search plugin from REL1_4 +* (bug 619) Don't use incompatible diff3 executable on non-Linux systems. +* (bug 2631) Fix Hebrew namespaces. +* (bug 2630) Indicate no-longer-valid cached entries in BrokenRedirects list +* (bug 2644, 2645) "cur" diff links in page history, watchlist and + recentchanges should specify current ID explicitly. +* (bug 2609) Fix text justification preferenced with MonoBook skin. +* (bug 2594) Display article tab as red for non-existent articles. +* (bug 2656) Fix regression: prevent blocked users from reverting images +* (bug 2629) Automatically capitalize usernames again instead of + rejecting lowercase with a useless error message +* (bug 2661) Fix link generation in contribs +* Add support for &preload=Page_name (load text of an existing page into +edit area) and &editintro=Page_name (load text of an existing page instead +of MediaWiki:Newpagetext) to &action=edit, if page is new. +* (bugs 2633, 2672, 2685, 2695) Fix Estonian, Portuguese, Italian, Finnish and + Spanish numeric formatting +* Fixed Swedish numeric formatting +* (bug 2658) Fix signature time, localtime to match timezone offset again +* Files from shared repositories (e.g. commons) now display with their + image description pages when viewed on local wikis. +* Restore compatibility namespace aliases for French Wikipedia +* Fix diff order on Enhanced RC 'changes' link +* (bug 2650) Fix national date type display on wikis that don't support + dynamic date conversion. +* FiveUpgrade: large table hacks, install iw_trans update before links +* (bug 2648) Rename namespaces in Afrikaanse +* Special:Booksources checks if custom list page exists before using it +* (bug 1170) Fixed linktrail for da: and ru: +* (bug 2683) Really fix apostrophe escaping for toolbox tips +* (bug 923) Fix title and subtitle for rclinked special page +* (bug 2642) watchdetails message in several languages used <a></a> instead of [ ] +* (bug 2181) basic CSB language localisation by Tomasz G. Sienicki (thanks for the patch) +* Fix correct use of escaping in edit toolbar bits +* Removed language conversion support from Icelandic +* (bug 2616) Fix proportional image scaling, giving correct height +* (bug 2640) Include width and height attributes on unscaled images +* Workaround for mysterious problem with bogus epoch If-Last-Modified reqs +* (bug 1109) Suppress compressed output on 304 responses +* (bug 2674) Include some site configuration info in export data: + namespaces definitions, case-sensitivity, site name, version. +* Use xml:space="preserve" hint on export <text> elements +* Make language variant selection work again for zh + +== Changes since 1.5beta2 == + +* Escaped & correctly in Special:Contributions +* (bug 2534) Hide edit sections with CSS to make right click to edit section work +* (bug 2708) Avoid undefined notice on cookieless login attempt +* (bug 2188) Correct template namespace for Greek localization +* Fixed number formatting for Dutch +* (bug 1355) add class noprint to commonPrint.css +* (bug 2350) Massive update for Limburgish (li) language using Wikipédia +* Massive update for Arab (ar) language using Wikipédia +* (bug 1560) Massive update for Kurdish (ku) language using Wikipédia +* (bug 2709) Some messages were not read from database +* (bug 2416) Don't allow search engine robots to index or follow nonexisting articles +* Fix escaping in page move template. +* (bug 153) Discrepancy between thumbnail size and <img> height attribute + +== Changes since 1.5beta3 == + +* Fix talk page move handling +* (bug 2721) New language file for Vietnamese with the Vietnamese number notation +* (bug 2749) would appear as a literal in image galleries for Cs, Fr, Fur, Pl and Sv +* (bug 787) external links being rendered when they only have one slash +* Fixed a missing typecast in Language::dateFormat() that would cause some + interesting errors with signitures. +* (bug 2764) Number format for Nds +* (bug 1553) Stop forcing lowercase in Monobook skin for German language. +* (bug 1064) Implements Special:Unusedcategories +* (bug 2311) New language file for Macedonian +* Fix nohistory message on empty page history +* Fix fatal error in history when validation on +* Cleaned up email notification message formatting +* Finally fixed Special:Disambiguations that was broke since SCHEMA_WORK +* (bug 2761) fix capitalization of "i" in Turkish +* (bug 2789) memcached image metadata now cleared after deletion +* Add serialized version number to image metadata cache records +* (bug 2780) Fix thumbnail generation with GD for new image schema +* (bug 2791) Slovene numeric format +* (bug 655) Provide empty search form when searching for nothing +* Nynorsk numeric format fix +* (bug 2825) Fix regression in newtalk notifications for anons w/ enotif off +* (bug 2833) Fix bug in previous fix +* With $wgCapitalLinks off, accept off-by-first-letter-case in 'go' match +* Optional parameters for [[Special:Listusers]] +* (bug 2832) [[Special:Listadmins]] redirects to [[Special:Listusers/sysop]] +* (bug 785) Parser did not get out of <pre> with list elements +* Some shared upload fixes +* (bug 2768) section=new on nonexistent talk page does not add heading +* support preload= parameter for section=new +* show comment subject in preview when using section=new +* use comment form when creating a new talk page +* (bug 460) Properly handle <center> tags as a block. +* Undo inconsistent editing behavior change +* (bug 2835) Back out fix for bug 2802, caused regressions in category sort +* PHP 4.1.2 compatibility fix: define floatval() equivalent if missing +* (bug 2901) Number format for Catalan +* Special:Allpages performance hacks: index memcached caching, removed + inverse checkbox, use friendlier relative offsets in index build +* Bring back "Chick" skin for mobile devices. It needs testing. +* Fix spelling of $wgForwardSearchUrl in DefaultSettings.php +* Specify USE INDEX on Allpages chunk queries, sometimes gets lost + due to bogus optimization +* (bug 275) Section duplication fix +* Remove unused use of undefined variable in UserMailer +* Fix notice on search index update due to non-array +* (bug 2885) Fix fatal errors and notices in PHP 5.1.0beta3 +* (bug 2931) Fix additional notices on reference use in PHP 4.4.0 +* (bug 2774) Add three new $wgHooks to LogPage which enable extensions to add + their own logtypes, see extensions/Renameuser/SpecialRenameuser.php for an + example of this. +* (bug 740) Messages from extensions now appear in Special:Allmessages +* (bug 2857) fixed parsing of lists in <pre> sections +* (bug 796) Trackback support +* Fix 1.5 regression: weird, backwards diff links on new pages in enhanced RC + are now suppressed as before. +* New skin: Simple +* "uselang" and "useskin" URL parameters can now be used in the URL when + viewing a page, to change the language and skin of a page respectively. +* Skins can now be previewed in preferences +* (bug 2943) AuthPlugin::getCanonicalName() name canonicalization hook, + patch from robla +* Wrap revision insert & page update in a transaction, rollback on late + edit conflict. +* (bug 2953) 'other' didn't work in Special:Blockip when localized +* (bug 2958) Rollback and delete auto-summary should be in the project's + content language +* Removed useless protectreason message +* Spelling fix: $wgUrlProtcols -> $wgUrlProtocols +* Switch Moldovan local name to cyrillic +* Fix typo in undefined array index access prevention +* (bug 2947) Update namespaces for sr localization +* (bug 2952) Added Asturian language file with translated namespaces +* (bug 2676) Apply a protective transformation on editing input/output + for browsers that hit the Unicode blacklist. Patch by plugwash. +* (bug 2999) Fix encoding conversion of pl_title in upgrade1_5.php +* compressOld.php disabled, as it's known to be broken. + + +=== Changes since 1.5beta4 === + +* Fix Special:Allmessages under PHP 5 +* (bug 2911) Special:Watchlist allowed only one type of limit at a time +* (bug 693) Special:Allmessages is excessively wide and redundant +* (bug 3001) Updated and applied live hack for recentchanges-based watchlist +* (bug 145) Finish 'exclude redirect' implementation in search form +* Rearranged Special:Movepage form to reduce confusion between destination + title and reason input boxes +* (bug 2527) Always set destination filename when new file is selected +* (bug 3056) MySQL 3 compatibility fix: USE INDEX instead of FORCE INDEX +* PHP 4.1 compatibility fix: don't use new_link parameter to mysql_connect + if running prior to 4.2.0 as it causes the call to fail +* (bug 3117) Fix display of upload size and type with tidy on +* (bug 1487) invalid html on empty list in banlist +* (bug 3017) Hotkey conflict for delete and show changes +* made pixel unit translateable and blocklistline now eats infiniteblock + and expiringblock +* (bug 3092) Wrong numerical separator for big numbers in Serbian. +* (bug 2855) Credit for a uniq author showed its realname even with + $wgAllowRealName=false. +* New special page: SpecialMostlinked +* (bug 2393) Fix MIME type for Atom feeds ( application/rss+atom ) +* Fix display of read-only lockfile message +* Added a new hook, 'AddNewAccount', which is run after account creation +* Update all stats fields on recount.sql +* Include software-visible client IP address in Special:Version comment + as a proxy debugging aid +* (bug 3162) Fix 'undefined property page_is_new' error on watchlist +* (bug 1734) granting db permissions failed with db usernames containg '-' +* (bug 3170) wikititlesuffix was removed, use pagetitle instead +* (bug 3187) watchlist text refer to unexistent "Stop watching" action +* (bug 3190) Added some date format choices for language sr +* (bug 1334) LanguageGa.php update +* (bug 1020) Changing user interface language does not work immediately +* (bug 2753) Some namespaces were not translated in LanguageTa.php (Tamil) +* (bug 3204) Fix typo breaking special pages in fy localization +* (bug 3210) Fix Media: links with remote image URL path +* (bug 3220) Fix escaping of block URLs in Recentchanges +* (bug 3238): Updated LanguageNn.php for 1_5 branch +* (bug 3192): properly check 'limit' parameter on Special:Contributions +* (bug 3244) Fix remote image loading hack, JavaScript injection on MSIE +* Fix URL sanitization in HTML attributes, which broke in this branch +* (bug 3475) anon contrib links on Special:Newpages + + +=== Changes since 1.5rc2 === + +* Fix upgrade from 1.4 due to version number check breakage +* Fix upgrade from 1.4 with no old revisions +* (bug 2108) Sort entries when using category browser +* XSS issue : now sanitize search query input + + +=== Changes since 1.5rc3 === + +* (bug 3280) Respect 'move' group permission on page moves +* (bug 2885) More PHP 5.1 fixes: skin, search, log, undelete +* Security fix for <math> +* Security fix for tables + + +=== Changes since 1.5rc4 === + +* (bug 3292) Fix move-over-redirect test when current entries are not plaintext +* (bug 2078) Don't hide watch tab on preview +* (bug 3306) Document $wgLocalTZoffset +* Support SVG rendering with rsvg +* Cap arbitrary SVG renders to given image size or $wgSVGMaxSize pixels wide +* (bug 3127) Render large SVGs at image page size correctly +* (bug 3448) Set page_len on undelete +* (bug 2800) Don't scale up small iamges on |thumb| without explicit size +* Use the real file link instead of the default-size rasterized version for + large SVG images on image description page +* Include the file name/type/size line for non-resized images +* (bug 3412) Clean up date format handling so ~~~~-sigs work with default + format as designed. Documentation comments updated. +* (bug 1423) LanguageJa.php update +* (bug 3405) Don't use raw letters as aliases of MSGNW: and SUBST: +* (bug 3485) Fix bogus warning about filename capitalization when off +* (bug 2792) Update rebuildrecentchanges.inc for new schema +* Special:Import/importDump fixes: report XML parse errors, accept <minor/> +* (bug 3489) PHP 5.1 compat problem with captioned images +* (bug 3350) Missing label for move talk page checkbox. +* (bug 2570) Add 'watch this page' checkbox on uploads, watch uploads + by default when 'watchdefault' option is on +* (bug 3182) Clear link cache during import to prevent memory leak +* (bug 3573) Full Greek Translation +* (bug 3595) Warn and abort if importDump.php called in read-only mode. +* (bug 3598) Update message cache on message page deletion, patch by Tietew +* Blacklist additional MSIE CSS safety tricks + + +=== Changes since 1.5.0 === + +* (bug 3629) Fix date & time format for Frisian +* (bug 3641) Fix handling of unrecognized file uploads with known extensions +* (bug 3643) Fix image page display of large images with resizing disabled +* Fix meta robots tag on Special:Version again to avoid listing vulnerable + versions for convenient harvesting by automated worms +* (bug 3684) Fix typo in fatal error backtraces in Hooks.php +* Backport fix for reference usage notice in Special:Search on PHP 4.4.0 +* Backport database connect error display fix from HEAD +* (bug 2773) Print style sheet no longer overrides RTL text direction +* MonoBook skin top link id changed from "contentTop" to "top" (shared with + name attribute) +* Wrap message page insertions in a transaction to speed up installation +* Fix Special:MovePage invalid HTML attribute for reason textarea +* Avoid notice warning on edit with no User-Agent header +* (bug 3734) Swapped out obsolete recount.sql with initStats.php +* (bug 3735) Fix to run under MySQL 5's strict mode +* (bug 3786) Experimental support for MySQL 4.1/5.0 utf8 charset mode + NOTE: Enabling this may break existing wikis, and still doesn't + work for all Unicode characters due to MySQL limitations. +* Sanitizer CSS comment processing order fix + + +=== Changes since 1.5.1 === + +* Fix Special:BrokenRedirects on MySQL 5.0 +* (bug 3809) Backport fix for detecting diff3 failure +* MySQL 5.0 strict mode fix for moving unwatched pages +* (bug 3782) Throw fatal installation warning if mbstring.func_overload on. + Why do people invent these crazy options that change language semantics? +* (bug 3762) Define missing Special:Import UI messages +* (bug 3771) Handle internal functions in backtrace in wfAbruptExit() +* (bug 3649) Remove obsolete, broken moveCustomMessages script +* (bug 3667) Add missing global in page move code +* (bug 3761) Avoid deprecation warnings in Special:Import +* (bug 2885) Remove unnecessary reference parameter which broke classic skin + talk notification on PHP 5.0.5 +* (bug 3845) Update attribute.php for 1.5 schema +* Fix Parser::unstrip on PHP 4.4.1 and PHP 5.1.0RC4 + + +=== Changes since 1.5.2 === + +* (bug 3612) Remove old broken version of maintenance/compressOld.php + The working version is in maintenance/storage/compressOld.php +* (bug 2740) Accept image deletions on 'enter' submit from MSIE +* (bug 3933) specify XML namespace for Atom 0.3 feeds +* (bug 3939) Don't try to load text for interwiki redirect target +* (bug 3948) Avoid notice warning in debug statement in bad search +* Recognize Special:Search consistently so read whitelist works +* (bug 4013) typo in fr +* (bug 3996) Fix text for new entries in RC RSS/Atom feed +* (bug 2894) Enhanced Recent Changes link fixes +* (bug 3065) Update both watched namespaces when renaming pages +* Move parentheses out of <a> link in Special:Contributions +* (bug 4071) Generate passwords long enough for $wgMinimalPasswordLength +* (bug 4035) Fix prev/next revision links on edit page +* (bug 4165) Correct validation for user language selection (data taint) +* Clearer message in DefaultSettings.php: edit LocalSettings.php instead + + +=== Changes since 1.5.3 === + +* (bug 3805) Clear 'new messages' flag properly in enotif mode + for usernames containing spaces +* (bug 2714) Backlink from special:whatlinkshere was hard set as 'existing' +* (bug 4249) Typo in entities2literals.pl +* (bug 4233) Update for japanese language +* (bug 4279) Small correction to LanguageDa.php +* (bug 4267) Switch dv sd ug ks arc languages to RTL +* (bug 3991) Allow the operation of wikicode on Protect move only text +* Added AutoAuthenticate hook for external User object suppliers +* Parser internal placeholder string now fully randomized for safety + +=== Changes since 1.5.4 === + +* Maintenance script to delete unused user accounts +* Added detection for WMF files (application/x-msmetafile), added this + MIME type to the default blacklist. Prevented inline display of images + which are not of known image types. This is in response to + http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability + +=== Changes since 1.5.5 === + +* (bug 4258) When installing under IIS, $wgArticlePath = "$wgScript?title=$1" + should be set +* (bug 4510) Correct Barnes & Noble bookstore URLs +* (bug 4504) Use site language for namespace name resolution +* Installer fixes from HEAD backported; now uses a more sensible method of + establishing which mySQL user to use, which clears up bug 921 et al. Minor + changes to installer. +* Fix problem reported on mailing list where re-initialising stats didn't work + (can't insert duplicate rows with the same id field) +* (bug 1122) gray out 'older revision' when viewing first article revision. +* Respect database prefix in dumpHTML.inc +* Minor improvements to removeUnusedAccounts.php maintenance script +* Fix for single-digit week numbers from {{CURRENTWEEK}}, broken by PHP 4.4.1 +* Removed read-only check from Database::query() +* Added --conf option to command line scripts, allowing the user to specify a + different LocalSettings.php. + +=== Changes since 1.5.6 === + +* Default main page content improved per bug 4690 +* Fix dependence on hardcoded UNIQ_PREFIX in LanguageConverter.php +* Fixed Special:Unlockdb +* Maintenance script to delete unused text records +* Maintenance script to delete non-current revisions +* Maintenance script to wipe a page and all revisions from the database +* (bug 4768) Wrong Russian translation (typo) +* Performance bugfix: propagate equality manually for Revision fetches +* (bug 4773) PHP fatal error when invalid title passed to Special:Export +* Added missing table defs. for transcache to installer schemas +* (bug 4824) IE7 beta 2 broke compatibility with PNG logo workarounds, + and seems to work ok with other bits. No longer including the IE + workarounds JavaScript for IE 7 and above. +* (bug 2532) Image directory structure migration bug +* (bug 4881) Correction to the fix for 1487; Ipblocklist showed 'no blocks' + message at the end of the list even if there were blocks. +* (bug 4805) Removed more wikipedia-references from LanguageUk.php +* Introduce $wgWantedPagesThreshold per bug 5011; Special:Wantedpages will not + list pages with less than this number of links. Defaults to 1. +* Allow customisation of paging limits for items in categories using the + $wgCategoryPagingLimit global, per bug 4970. +* Improve "nogomatch" text to make it more obvious that a page can be created. +* (bug 5113) Spelling error in French language file +* Don't change the password of the MySQL root user. + +=== Changes since 1.5.7 === + +* (bug 5180) User login page shows inappropriate email blurb +* Add the "AbortNewAccount" hook on account creation; see hooks.txt for more info. +* Update default "exporttext" to reflect that Special:Import exists +* Add links to useful material to the default main page content +* Fix fragment HTML injection + +=== Changes since 1.5.8 === + +* Fixed obvious mistakes in Finnish (fi) translation +* Fixed obvious mistakes in Kurdish (ku) translation +* Merge two #p-search .pBody statements i monobook/main.css +* (bug 5156) Update for Hebrew language (he) translation +* Add the "UserRights" hook on user group changes; see hooks.txt for more info. +* Translated "listingcontinuesabbrev" for German + +=== Caveats === + +Some output, particularly involving user-supplied inline HTML, may not +produce 100% valid or well-formed XHTML output. Testers are welcome to +set $wgMimeType = "application/xhtml+xml"; to test for remaining problem +cases, but this is not recommended on live sites. (This must be set for +MathML to display properly in Mozilla.) + +---- + +== MediaWiki 1.4.3 == + +(released 2005-04-28) + +MediaWiki 1.4.3 is a bugfix release for the 1.4 stable release series. + +Chiefly, this fixes a compatibility problem with PHP 5 and a minor link +table corruption bug on initial page save. + + +== MediaWiki 1.4.2 == + +(released 2005-04-20) + +MediaWiki 1.4.2 is a security and bug fix release for the 1.4 stable release +series. + +A cross-site scripting injection vulnerability was discovered, which +affects only MSIE clients and is only open if MediaWiki has been +manually configured to run output through HTML Tidy ($wgUseTidy). + +Several other bugs are fixed in this release, see the changelog below. + +All new installations are highly recommended to use 1.4.2 instead of +1.3.x; 1.3.x users should consider upgrading for bug fixes and new +features. Ealier 1.4.x release and beta users should upgrade to this +release for relevant bug fixes; see the changelog later in this file. + + +If you have trouble, remember to read this whole file and the online FAQ page +before asking for help: + +http://meta.wikimedia.org/wiki/MediaWiki_FAQ + + +=== READ THIS FIRST: Upgrading === + +If upgrading from an older release, see the notes in the file UPGRADE. +There are a couple of minor database changes from the beta releases, +and somewhat larger changes from 1.3.x. + +Upgrading from a previous 1.4.x stable release installation should +generally only require copying the new files over the old ones. + + +==== READ THIS FIRST, TOO: MySQL 4.1 AND 5.0 ==== + +MySQL 5.0 is a beta release, not yet ready for production use. If you +are using it, the notes below about 4.1 apply to you too. + +If you have the choice of MySQL 4.0 or MySQL 4.1 and don't need 4.1 for +some other application, you should consider sticking with 4.0 for the +moment. 4.1 may require you to do extra fiddling to get things to work +due to changes that aren't fully backwards-compatible. + +MySQL 4.1 has changed the authentication protocol in an incompatible +way; many PHP installations still use the older client libraries and +CANNOT CONNECT TO THE SERVER WITH A PASSWORD without some changes. + +See: http://dev.mysql.com/doc/mysql/en/Old_client.html + +If MySQL is set with utf-8 as the default character set, installation +may fail with "key too long" errors. Set the default charset to 'latin1' +for installation and it should work. + +The mysqldump backup generator now applies an automatic conversion to +UTF-8, which may irretrivably corrupt your data. Pass the -charset option +with the original default charset (eg 'latin1') to skip the conversion. + + +==== READ THIS FIRST IF RUNNING ON A WINDOWS SERVER ==== + +MediaWiki is tested and deployed primarily under the Apache web server +on Linux Unix systems. There are known to be problems running on +Microsoft's IIS which are not fully resolved. If you have a choice, +try running under Apache on Windows, or on a Unix/Linux box instead. + +If you're having trouble with blank pages on IIS and can't switch, +try the workaround suggested in this bug report: +http://bugzilla.wikimedia.org/show_bug.cgi?id=1763 + + +=== New features === + +* 'Recentchanges Patrol' to mark new edits that haven't yet been viewed. +* New, searchable deletion/upload/protection logs +* Image gallery generation (Special:Newimages and <gallery> tag) +* SVG rasterization support (requires external support tools) +* Users can select from the available localizations to override the + default user interface language. +* Traditional/Simplified Chinese conversion support +* rel="nofollow" support to combat linkspam + +The current implementation adds this attribute to _all_ external URL +links in wiki text (but not internal [[wiki links]] or interwiki links). +To disable the attribute for _all_ external links, add this line to your +LocalSettings.php: + + $wgNoFollowLinks = false + +For background information on nofollow see: + + http://www.google.com/googleblog/2005/01/preventing-comment-spam.html + + +=== Installation and compatibility === + +* The default MonoBook theme now works with PHP 5.0 +* Installation on systems with PHP's safe mode or other oddities + should work more reliably, as MonoBook no longer needs to + create a compiled template file for the wiki to run. +* A table prefix may be specified, to avoid conflicts with other + web applications forced to share a database. +* More thorough UTF-8 input validation; fixes non-ASCII uploaded + filenames from Safari. +* Command-line database upgrade script. + + +=== Customizability === + +* Default user options can now be overridden in LocalSettings. +* Skins system more modular: templates and CSS are now in /skins/ + New skins can be dropped into this directory and used immediately. +* More extension hooks have been added. +* Authentication plugin hook. +* More internal code documentation, generated with phpdoc: + http://www.mediawiki.org/docs/html/ + + +=== Optimization === + +* For many operations, MediaWiki 1.4 should run faster and use + less memory than MediaWiki 1.3. Page rendering is up to twice + as fast. (Use a PHP accelerator such as Turck MMCache for best + results with any PHP application, though!) +* The parser cache no longer requires memcached, and is enabled + by default. This avoids a lot of re-rendering of pages that + have been shown recently, greatly speeding longer page views. +* Support for compiled PHP modules to speed up page diff and + Unicode validation/normalization. (Requires ability to compile + and load PHP extensions). + + +=== What isn't ready yet === + +* A new user/groups permissions scheme has been held back to 1.5. +* An experimental SOAP interface will be made available as an extension +* PostgreSQL support is largely working, minus search and the installer. + You can perform a manual installation. +* E-mail notification of watched page changes and verification of + user-submitted e-mail addresses is not yet included. +* Log pages are not automatically imported into the new log table + at upgrade time. A script to import old text log entries is + incomplete, but may be available in later point releases. +* Some localizations are still incomplete. + + + +== Changelog == + +=== Important security updates === + +A security audit found and fixed a number of problems. Users of MediaWiki +1.3.10 and earlier should upgrade to 1.3.11; users of 1.4 beta releases +prior to 1.4rc1 should upgrade immediately. + +==== Cross-site scripting vulnerability ==== + +XSS injection points can be used to hijack session and authentication +cookies as well as more serious attacks. + +* Media: links output raw text into an attribute value, potentially + abusable for JavaScript injection. This has been corrected. +* Additional checks added to file upload to protect against MSIE and + Safari MIME-type autodetection bugs. + +As of 1.3.10/1.4beta6, per-user customized CSS and JavaScript is disabled +by default as a general precaution. Sites which want this ability may set +$wgAllowUserCss and $wgAllowUserJs in LocalSettings.php. + + +==== Cross-site request forgery ==== + +An attacker could use JavaScript-submitted forms to perform various +restricted actions by tricking an authenticated user into visiting +a malicious web page. A fix for page editing in 1.3.10/1.4beta6 has +been expanded in this release to other forms and functions. + +Authors of bot tools may need to update their code to include the +additional fields. + + +==== Directory traversal ==== + +An unchecked parameter in image deletion could allow an authenticated +administrator to delete arbitary files in directories writable by the +web server, and confirm existence of files not deletable. + + +==== Older issues ==== + +Note that 1.4 beta releases prior to beta 5 include an input validation +error which could lead to execution of arbitrary PHP code on the server. +Users of older betas should upgrade immediately to the current version. + + +Beta 6 also introduces the use of rel="nofollow" attributes on external +links in wiki pages to reduce the effectiveness of wiki spam. This will +cause participating search engines to ignore external URL links from wiki +pages for purposes of page relevancy ranking. + + +=== Misc bugs fixed in beta 1 === + +* (bug 95) Templates no longer limited to 5 inclusions per page +* New user preference for limiting the image size for images on image description + pages +* (bug 530) Allow user to preview article on first edit +* (bug 479) [[RFC 1234]] will now make an internal link +* (bug 511) PhpTal skins shown bogus 'What links here' etc on special pages +* (bug 770) Adding filter and username exact search match for Special:Listusers +* (bug 733) Installer die if it can not write LocalSettings.php +* (bug 705) Various special pages no more show the rss/atom feed links +* (bug 114) use category backlinks in Special:Recentchangeslinked + +=== Beta 2 fixes === + +* (bug 987) Reverted bogus fix for bug 502 +* (bug 992) Fix enhanced recent changes in PHP5 +* (bug 1009) Fix Special:Makesysop when using table prefixes +* (bug 1010) fix broken Commons image link on Classic & Cologne Blue +* (bug 985) Fix auto-summary for section edits +* (bug 995) Close <a> tag +* (bug 1004) renamed norsk language links (twice) +* Login works again when using an old-style default skin +* Fix for load balancing mode, notify if using old settings format +* (bug 1014) Missing image size option on old accounts handled gracefully +* (bug 1027) Fix page moves with table prefix +* (bug 1018) Some pages fail with stub threshold enabled +* (bug 1024) Fix link to high-res image version on Image: pages +* (bug 1016) Fix handling of lines omitting Image: in a <gallery> tag +* security fix for image galleries +* (bug 1039) Avoid error message in certain message cache failure modes +* Fix string escaping with PostgreSQL +* (bug 1015) [partial] -- use comment formatter on image gallery text +* Allow customization of all UI languages +* use $wgForceUIMsgAsContentMsg to make regular UI messages act as content +* new user option for zh users to disable language conversion +* Defer message cache initialization, shaving a few ms off file cache hits +* Fixed Special:Allmessages when using table prefixes +* (bug 996) Fix $wgWhitelistRead to work again +* (bug 1028) fix page move over redirect to not fail on the unique index + +=== Beta 3 fixes === + +* Hide RC patrol markers when patrol is disabled or not allowed to patrol. +* Fix language selection for upgraded accounts +* (bug 1076) navigation links in QueryPage should be translated by wgContLang. +* (bug 922) bogus DOS line endings in LanguageEl.php +* Fix index usage in contribs +* Caching and load limiting options for Recentchanges RSS/Atom feed +* (bug 1074) Add stock icons for non-image files in gallery/Newimages +* Add width and height attributes on thumbs in gallery/Newimages +* Enhance upload extension blacklist to protect against vulnerable + Apache configurations + +=== Beta 4 fixes === + +* (bug 1090) Fix sitesupport links in CB/classic skins +* Gracefully ignore non-legal titles in a <gallery> +* Fix message page caching behavior when $wgCapitalLinks is turned off + after installation and the wiki is subsequently upgraded +* Database error messages include the database server name/address +* Paging support for large categories +* Fix image page scaling when thumbnail generation is disabled +* Select the content language in prefs when bogus interface language is set +* Fix interwiki links in edit comments +* Fix crash on banned user visit +* Avoid PHP warning messages when thumbnail not generated +* (bug 1157) List unblocks correctly in Special:Log +* Fix fatal errors in LanguageLi.php +* Undo overly bright, difficult to read colors in Cologne Blue +* (bug 1162) fix five-tilde date inserter +* Add raw signatures option for those who simply must have cute sigs +* (bug 1164) Let wikitext be used in Loginprompt and Loginend messages +* Add the dreaded <span> to the HTML whitelist +* (bug 1170) Fix Russian linktrail +* (bug 1168) Missing text on the bureaucrat log +* (bug 1180) Fix Makesysop on shared-user-table sites +* (bug 1178) Fix previous diff link when using 'oldid=0' +* (bug 1173) Stop blocked accounts from reverting/deleting images +* Keep generated stylesheets cache-separated for each user +* (bug 1175) Fix "preview on first edit" mode +* Fix revert bug caused by bug 1175 fix +* Fix CSS classes on minor, new, unpatrolled markers in enhanced RC +* Set MySQL 4 boolean search back to 'and' mode by default +* (bug 1193) Fix move-only page protection mode +* Fix zhtable Makefile to include the traditional manual table +* Add memcache timeout for the zh conversion tables +* Allow user customization of the zh conversion tables through + Mediawiki:zhconversiontable +* Add zh-min-man (back) to language names list +* Ported $wgCopyrightIcon setting from REL1_3A +* (bug 1218) Show the original image on image pages if the thumbnail would be + bigger than the original image +* (bug 1213) i18n of Special:Log labels +* (bug 1013) Fix jbo, minnan in language names list +* Added magic word MAG_NOTITLECONVERT to indicate that the title of the page + do not need to be converted. Useful in zh: +* (bug 1224) Use proper date messages for date reformatter +* (bug 1241) Don't show 'cont.' for first entry of the category list +* (bug 1240) Special:Preferences was broken in Slovenian locale when + $wgUseDynamicDates is enabled +* Added magic word MAG_NOCONTENTCONVERT to supress the conversion of the + content of an article. Useful in zh: +* write-lock for updating the zh conversion tables in memcache +* recursively parse subpages of MediaWiki:Zhconversiontable +* (bug 1144) Fix export for fy language +* make removal of an entry from zhconversiontable work +* (bug 752) Don't insert newline in link title for url with %0a +* Fix missing search box contents in MonoBook skin +* Add option to forward search directly to an external URL (eg google) +* Correctly highlight the fallback language variant when the selected + variant is disabled. Used in zh: only for now. + +=== Beta 5 fixes === + +* (bug 1124) Fix ImageGallery XHTML compliance +* (bug 1186) news: in the middle of a word +* (bug 1283) Use underlining and borders to highlight additions/deletions + in diff-view +* Use user's local timezone in Special:Log display +* Show filename for images in gallery by default (restore beta 3 behaviour) +* (bug 1201) Double-escaping in brokenlinks, imagelinks, categorylinks, searchindex +* When using squid reverse proxy, cache the redirect to the Main_Page +* (bug 1302) Fix Norwegian language file +* (bug 1205) Fix broken article saving in PHP 5.1 +* (bug 1206) Implement CURRENTWEEK and CURRENTDOW magic keyword (will give + number of the week and number of the day). +* (bug 1204) Blocks do not expire automatically +* (bug 1184) expiry time of indefinite blocks shown as the current time +* (bug 1317) Fix external links in image captions +* (bug 1084) Fix logo not rendering centrally in IE +* (bug 288) Fix tabs wrapping in IE6 +* (bug 119) Fix full-width tabs with RTL text in IE +* (bug 1323) Fix logo rendering off-screen in IE with RTL language +* Show "block" link in Special:Recentchanges for logged in users, too, if + wgUserSysopBans is true. +* (bug 1326) Use content language for '1movedto2' in edit history +* zh: Fix warning when HTTP_ACCEPT_LANGUAGE is not set +* zh: Fix double conversion for zh-sg and zh-hk +* (bug 1132) Fix concatenation of link lists in refreshLinks +* (bug 1101) Fix memory leak in refreshLinks +* (bug 1339) Fix order of @imports in Cologne Blue CSS +* Don't try to create links without namespaces ([[Category:]] link bug) +* Memcached data compression fixes +* Several valid XHTML fixes +* (bug 624) Fix IE freezing rendering whilst waiting for CSS with MonoBook +* (bug 211) Fix tabbed preferences with XHTML MIME type +* Fix for script execution vulnerability. + +=== Beta 6 fixes === + +* (bug 1335) implement 'tooltip-watch' in Language.php +* Fix linktrail for nn: language +* (bug 1214) Fix prev/next links in Special:Log +* (bug 1354) Fix linktrail for fo: language +* (bug 512) Reload generated CSS on preference change +* (bug 63) Fix displaying as if logged in after logout +* Set default MediaWiki:Sitenotice to '-', avoiding extra database hits +* Skip message cache initialization on raw page view (quick hack) +* Fix notice errors in wfDebugDieBacktrace() in XML callbacks +* Suppress notice error on bogus timestamp input (returns epoch as before) +* Remove unnecessary initialization and double-caching of parser variables +* Call-tree output mode for profiling +* (bug 730) configurable $wgRCMaxAge; don't try to update purged RC entries +* Add $wgNoFollowLinks option to add rel="nofollow" on external links + (on by default) +* (bug 1130) Show actual title when moving page instead of encoded one. +* (bug 925) Fix headings containing <math> +* (bug 1131) Fix headings containing interwiki links +* (bug 1380) Update Nynorsk language file +* (bug 1232) Fix sorting of cached Special:Wantedpages in miser mode +* (bug 1217) Image within an image caption broke rendering +* (bug 1384) Make patrol signs have the same width for page moves as for edits +* (bug 1364) fix "clean up whitespace" in Title:SecureAndSplit +* (bug 1389) i18n for proxyblocker message +* Add fur/Furlan/Friulian to language names list +* Add TitleMoveComplete hook on page renames +* Allow simple comments for each translation rules in MW:Zhconversiontable +* (bug 1402) Make link color of tab subject page link on talk page indicate whether article exists +* (bug 1368) Fix SQL error on stopword/short word search w/ MySQL 3.x +* Translated Hebrew namespace names +* (bug 1429) Stop double-escaping of block comments; fix formatting +* (bug 829) Fix URL-escaping on block success +* (bug 1228) Fix double-escaping on & sequences in [enclosed] URLs +* (bug 1435) Fixed many CSS errors +* (bug 1457) Fix XHTML validation on category column list +* (bug 1458) Don't save if edit form submission is incomplete +* Logged-in edits and preview of user CSS/JS are now locked to a session token. +* Per-user CSS and JavaScript subpage customizations now disabled by default. + They can be re-enabled via $wgAllowUserJs and $wgAllowUserCss. +* Removed .ogg from the default uploads whitelist as an extra precaution. + If your web server is configured to serve Ogg files with the correct + Content-Type header, you can re-add it in LocalSettings.php: + $wgFileExtensions[] = 'ogg'; + +=== RC1 fixes === + +* Fix notice error on nonexistent template in wikitext system message +* (bug 1469) add missing <ul> tags on Special:Log +* (bug 1470) remove extra <ul> tags from Danish log messages +* Fix notice on purge w/ squid mode off +* (bug 1477) hide details of SQL error messages by default + Set $wgShowSQLErrors = true for debugging. +* (bug 1430) Don't check for template data when editing page that doesn't exist +* Recentchanges table purging fixed when using table prefix +* (bug 1431) Avoid redundant objectcache garbage collection +* (bug 1474) Switch to better-cached index for statistics page count +* Run Unicode normalization on all input fields +* Fix translation for allpagesformtext2 in LanguageZh_cn and LanguageZh_tw +* Block image revert without valid login +* (bug 1446) stub Bambara (bm) language file using French messages +* (bug 1432) Update Estonian localization +* (bug 1471) unclosed <p> tag in Danish messages +* convertLinks script fixes +* Corrections to template loop detection +* XHTML encoding fix for usernames containing & in Special:Emailuser +* (for zh) Search for variant links even when conversion is turned off, + to help prevent duplicate articles. +* Disallow ISO 8859-1 C1 characters and "no-break space" in user names + on Latin-1 wikis. +* Correct the name of the main page it LanguageIt +* Allow Special:Makesysop to work for usernames containing SQL special + characters. +* Fix annoying blue line in Safari on scaled-down images on description page +* Increase upload sanity checks +* Fix XSS bug in Media: links +* Add cross-site form submission protection to various actions +* Fix fatal error on some dubious page titles +* Stub threshold displays correctly again + + +=== 1.4.0 final fixes === + +* (bug 65) Fix broken interwiki link encoding on Latin-1 wikis; force to UTF-8 +* (bug 563) Fix UTF-8 interwiki URL redirects via Latin-1 wikis +* (bug 1536) Fix page info +* Support os (Ossetic) as language code, using Russian localization base +* (bug 1610) Support non (Old Norse) as language code, using Icelandic localization base +* (bug 1618) Properly list custom namespaces in Special:Allpages +* (bug 1622) Remove trailing' >' when using category browser +* (bug 1570) Fix php 4.2.x error on conflict merging +* (bug 1585) Fix page title on post-login redirection page +* Run UTF-8 validation on old text in Recentchanges RSS diffs +* (bug 1642) fix a mime type typo in img_auth.php +* Automated interwiki redirects only for local interwikis +* Respect read-only mode on block removals +* Trim old illegal characters from syndication feeds +* Reduce message cache outage recovery delay from 1 day to 5 minutes +* (bug 1403) Update Finnish localization +* (bug 1478) Punjabi localization +* (bug 1667) Update script 5 second countdown. +* (bug 1057) Fix logging table encoding (error on MySQL 4.1) +* (bug 1680) Fix linktrail for fo +* (bug 1653) Removing hardcoded messages in Special:Allmessages +* (bug 1594) Render a hyphen in a formula as − in HTML +* (bug 1495) Fall back to default language MediaWiki: for custom messages +* (bug 1617) Show different error messages for "user does not + exist" and "wrong password" when using AuthPlugin +* (bug 1532), (bug 1544) Changed language names for + 'bn', 'bo', 'dv', 'dz', 'ht', 'ii', 'li', 'lo', 'ng', 'or', 'pa', 'si', + 'ti', 've' +* Fix editing on non-Esperanto wiki with user language pref set to Esperanto +* Make conversion table for zh-sg default to zh-cn, and zh-hk default to zh-tw +* Fix PHP notice in MonoBook when counters disabled +* (bug 1696) Update namespaces, dates in uk localization +* (bug 551) Installer warns about magic_quotes_runtime and magic_quotes_sybase + instead of trying to install with corrupt table files +* Installer no longer tries to move non-default MediaWiki: pages into Template: +* User-to-user email disabled by default ($wgEnableUserEmail) + + +=== 1.4.1 fixes === + +* (bug 1720) fix genitive month names for uk +* (bug 1704) fixed untranslateable string in Special:Log +* (bug 1638) Added Belrusian language file +* (bug 1736) typo in SpecialValidate.php +* (bug 73) Upload doesn't run edit updates on description page (links, + search index and categories) +* (bug 646) <math> fails to recognize \ll and \gg +* (bug 926) \div element from TeX not supported in <math> element +* (bug 1147) add \checkmark to whitelist in texutil.ml +* (bug 937) \limits function from LaTeX not supported in <math> element +* Support for manually converting article title to different Chinese + variants (for zh) +* (bug 1488, bug 1744) Fix encoding for preferences, dates in Latin-1 mode +* (bug 1042) Fix UTF-8 case conversion for PHP <4.3 with mbstring extension +* Fix code typo that broke article credits display +* Installation fixes for running under IIS +* (bug 1556) login page tab order. "remember" checkbox now come after password. +* SQL debug log fixlets +* (bug 1815) Fix namespace in old revision display with mismatched title +* (bug 1788) Fix link duplication when edit/upload comment includes newlines +* Change default on $wgSysopUserBans and $wgSysopRangeBans to true +* Fix link conversion for URL request +* (bug 1851) Updated download URL for the SCIM packages used by zhtable +* (bug 1853) Try stripping quotes from term for 'go' title match +* Fix missing function in Latin1 mode +* (bug 1860) Anchors of interwiki links did not get normalized +* (bug 1847) accept lowercase x in ISBN, do not accept invalid A-W,Y,Z +* Fix link conversion for URL request, hopefully without breaking the wiki +* (bug 1849) New option allows to consider categorized images as used on + Special:Unusedimages +* Localized category namespace for ka (Georgian) +* (bug 1107) Work around includes problem in installer when parent dir is not + readable by the web server +* (bug 1927) Incorrect escaping on wikitext message in Blockip + + +=== 1.4.2 fixes === + +* Fix math options in Finnish localization +* Use in-process Tidy extension if available when $wgUseTidy is on +* (bug 1933) Fix PATH_INFO usage under IIS with PHP ISAPI module +* (bug 1188) <nowiki> in {{subst:}} includes fixed +* (bug 1936) <!-- comments --> in {{subst:}} includes fixed +* Fix a potential MSIE JavaScript injection vector in Tidy mode + + +=== 1.4.3 fixes === + +* (bug 1636) Refs like ţ were misinterpreted as octal in some places +* (bug 1163) Special:Undelete showed oldest revision instead of newest +* (bug 1938) Fix escaping of illegal character references in link text +* (bug 1997) Fix for error on display of renamed items in Recentchanges on PHP5 +* (bug 1949) Profiling typo in rare error case +* (bug 1963) Fix deletion log link when $wgCapitalLinks is off +* (bug 1970) Don't show move tab for immobile pages +* (bug 1770) Page creation recorded links from the 'newarticletext' message +* Optional change to the site_stats table. When applied, this removes the need + for expensive queries in Special:Statistics. + + +=== 1.4.4 fixes === + +* (bug 725) Let dir="ltr" attribute work again in MonoBook on RTL languages +* (bug 2024) Skip JavaScript error for custom skins where .js message not set +* (bug 2025) Updated Indonesian localization +* (bug 2039) Updated Lithuanian localization + + +=== Caveats === + +Some output, particularly involving user-supplied inline HTML, may not +produce 100% valid or well-formed XHTML output. Testers are welcome to +set $wgMimeType = "application/xhtml+xml"; to test for remaining problem +cases, but this is not recommended on live sites. (This must be set for +MathML to display properly in Mozilla.) + + +For notes on 1.3.x and older releases, see HISTORY. + + +=== Online documentation === + +Documentation for both end-users and site administrators is currently being +built up on Meta-Wikipedia, and is covered under the GNU Free Documentation +License: + + http://meta.wikipedia.org/wiki/Help:Contents + + +=== Mailing list === + +A MediaWiki-l mailing list has been set up distinct from the Wikipedia +wikitech-l list: + + http://mail.wikipedia.org/mailman/listinfo/mediawiki-l + +A low-traffic announcements-only list is also available: + http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce + +It's highly recommended that you sign up for one of these lists if you're +going to run a public MediaWiki, so you can be notified of security fixes. + + +=== IRC help === + +There's usually someone online in #mediawiki on irc.freenode.net |