diff options
Diffstat (limited to 'RELEASE-NOTES')
| -rw-r--r-- | RELEASE-NOTES | 1284 |
1 files changed, 607 insertions, 677 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 1071830b..7ce61f90 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,12 +1,13 @@ = MediaWiki release notes = -For upgrade instructions please see the UPGRADE file in this directory. +Security reminder: MediaWiki does not require PHP's register_globals +setting since version 1.2.0. If you have it on, turn it *off* if you can. -== MediaWiki 1.13.4 == +== MediaWiki 1.14.0 == -February 7, 2009 +February 22, 2009 -This is a security update to the Summer 2008 snapshot release of MediaWiki. +This is the first stable release of the 2009 Q1 branch of MediaWiki. MediaWiki is now using a "continuous integration" development model with quarterly snapshot releases. The latest development code is always kept @@ -19,687 +20,616 @@ will be made on the development trunk and appear in the next quarterly release. Those wishing to use the latest code instead of a branch release can obtain it from source control: http://www.mediawiki.org/wiki/Download_from_SVN -== Changes since 1.13.3 == - -A number of cross-site scripting (XSS) security vulnerabilities were discovered -in the web-based installer (config/index.php). These vulnerabilities all -require a live installer -- once the installer has been used to install a wiki, -it is deactivated. - -Note that cross-site scripting vulnerabilities can be used to attack any website -in the same cookie domain. So if you have an uninstalled copy of MediaWiki on -the same site as an active web service, MediaWiki could be used to attack the -active service. - -If you are hosting an old copy of MediaWiki that you have never installed, you -are advised to remove it from the web. - -== Changes since 1.13.2 == - -David Remahl of Apple's Product Security team has identified a number of -security issues in previous releases of MediaWiki. Subsequent analysis by the -MediaWiki development team expanded the scope of these vulnerabilities. The -issues with a significant impact are as follows: - -* An XSS vulnerability affecting all MediaWiki installations between 1.13.0 and - 1.13.2. [CVE-2008-5249] -* A local script injection vulnerability affecting Internet Explorer clients for - all MediaWiki installations with uploads enabled. [CVE-2008-5250] -* A local script injection vulnerability affecting clients with SVG scripting - capability (such as Firefox 1.5+), for all MediaWiki installations with SVG - uploads enabled. [CVE-2008-5250] -* A CSRF vulnerability affecting the Special:Import feature, for all MediaWiki - installations since the feature was introduced in 1.3.0. [CVE-2008-5252] - -XSS (cross-site scripting) vulnerabilities allow an attacker to steal an -authorised user's login session, and to act as that user on the wiki. The -authorised user must visit a web page controlled by the attacker in order to -activate the attack. Intranet wikis are vulnerable if the attacker can -determine the intranet URL. - -Local script injection vulnerabilities are like XSS vulnerabilities, except -that the attacker must have an account on the local wiki, and there is no -external site involved. The attacker uploads a script to the wiki, which another -user is tricked into executing, with the effect that the attacker is able to act -as the privileged user. - -CSRF vulnerabilities allow an attacker to act as an authorised user on the wiki, -but unlike an XSS vulnerability, the attacker can only act as the user in a -specific and restricted way. The present CSRF vulnerability allows pages to be -edited, with forged revision histories. Like an XSS vulnerability, the -authorised user must visit the malicious web page to activate the attack. - -These four vulnerabilities are all fixed in this release. - -David Remahl also reminded us of some security-related configuration issues: - -* By default, MediaWiki stores a backup of deleted images in the images/deleted - directory. If you do not want these images to be publically accessible, make - sure this directory is not accessible from the web. MediaWiki takes some steps - to avoid leaking these images, but these measures are not perfect. -* Set display_errors=off in your php.ini to avoid path disclosure via PHP fatal - errors. This is the default on most shared web hosts. -* Enabling MediaWiki's debugging features, such as $wgShowExceptionDetails, may - lead to path disclosure. - -Other changes in this release: - -* Avoid fatal error in profileinfo.php when not configured. -* Add a .htaccess to deleted images directory for additional protection against - exposure of deleted files with known SHA-1 hashes on default installations. -* Avoid streaming uploaded files to the user via index.php. This allows - security-conscious users to serve uploaded files via a different domain, and - thus client-side scripts executed from that domain cannot access the login - cookies. Affects Special:Undelete, img_auth.php and thumb.php. -* When streaming files via index.php, use the MIME type detected from the - file extension, not from the data. This reduces the XSS attack surface. -* Blacklist redirects via Special:Filepath. Such redirects exacerbate any - XSS vulnerabilities involving uploads of files containing scripts. -* Internationalisation updates. - -== Changes since 1.13.1 == - -* Security: Work around misconfiguration by requiring strict comparisons for - in_array in User::isAllowed(). -* (bug 14944) Added $wgShellLocale for configuration of an appropriate locale - to use for LC_CTYPE during shell invocation. For servers that don't have - en_US.utf8. Also added locale detection during install. -* Localisation updates -* Security: Fixed XSS vulnerability in useskin parameter. - -== Changes since 1.13.0 == - -* (bug 15460) Fixed intermittent deadlock errors and poor concurrent - performance for installations without memcached. -* (bug 13770) Fixed DOM module detection for installations with both dom - and domxml. -* (bug 15148) Fixed Special:BlockIP for PostgreSQL -* Fixed SQLite support for non-memcached installations -* Localisation updates, Achinese (ace) added. - -== Changes since 1.13.0rc2 == +NOTE: Installation of MediaWiki on SQLite has been temporarily disabled in this +release due to the discovery of serious problems with the schema. We expect to +fix this problem for the release of 1.15.0. -* (bug 13770) Fixed incorrect detection of PHP's DOM module -* Fix regression from r37834: accesskey tooltip hint should be given for the - minor edit and watch labels on the edit page. -* Updated Chinese simplified/traditional conversion tables +== Changes since 1.14.0rc1 == + +* Fixed the performance of the backlinks API module +* (bug 17420) Send the correct content type from action=raw when the HTML file + cache is enabled. +* (bug 17437) Fixed incorrect link to web-based installer +* (bug 17527) Fixed missing MySQL-specific options in installer -== Changes since 1.13.0rc1 == +=== Configuration changes in 1.14 === +* $wgExemptFromUserRobotsControl is an array of namespaces to be exempt from + the effect of the new __INDEX__/__NOINDEX__ magic words. (Default: null, ex- + empt all content namespaces.) * $wgForwardSearchUrl has been removed entirely. Documented setting since 1.4 has been $wgSearchForwardUrl. +* (bug 15080) $wgOverrideSiteFeed has been added. Setting either + $wgSiteFeed['rss'] or 'atom' to a URL will override the default Recent + Changes feed that appears on all pages. +* $wgSQLiteDataDirMode has been introduced as the default directory mode for + SQLite data directories on creation. Note that this setting is separate from + $wgDirectoryMode, which applies to all normal dirs created by MediaWiki. +* $wgGroupsAddToSelf and $wgGroupsRemoveFromSelf now work more like + $wgAddGroups and $wgRemoveGroups, where the user must belong to a specified + group in order to add or remove those groups from themselves. + Backwards compatibility is maintained. +* $wgRestrictDisplayTitle controls if the use of the {{DISPLAYTITLE}} magic + word is restricted to titles equivalent to the actual page title. This + is true per default, but can be set to false to allow any title. +* $wgSpamRegex may now be an array of multiple regular expressions. +* $wgAjaxSearch has been removed; use $wgEnableMWSuggest instead. +* Editing the MediaWiki namespace is now unconditionally restricted to people + with the editinterface right, configuring this in $wgNamespaceProtection + is not required. +* $wgAllowExternalImagesFrom may now be an array of multiple strings. +* Introduced $wgEnableImageWhitelist to toggle the on-wiki external image + whitelist on or off. +* Added $wgRenderHashAppend to append some string to the parser cache and the + sitenotice cache keys. +* $wgRCChangedSizeThreshold is now a positive integer by default, +* (bug 16006) $wgEnableWriteAPI is now true by default. Authorized can perform + write actions using the API. +* Added $wgRC2UDPInterwikiPrefix which adds an interwiki prefix + ($wgLocalInterwiki) onto the page names in the UDP feed. +* Added $wgAllowUserSkin to let the wiki's owner disable user selectable skins + on the wiki. If it's set to true, then the skin used will *always* be + $wgDefaultSkin. +* Added $wgEnotifUseRealName, which allows UserMailer to send out e-mails based + on the user's real name if one is set. Defaults to false (use the username) +* Removed the 'apiThumbCacheDir' option from $wgForeignFileRepos (only used in + ForeignAPIRepo) +* (bug 44) Image namespace and accompanying talk namespace renamed to File. + For backward compatibility purposes, Image still works. External tools may + need to be updated. +* The constants NS_FILE and NS_FILE_TALK can now be used instead of NS_IMAGE and + NS_IMAGE_TALK. The old constants are retained as aliases for compatibility, + and should still be used in code meant to be compatible with v1.13 or older. +* MediaWiki can be forced to use private IPs forwarded by a proxy server by + using $wgUsePrivateIPs. +* The 'BeforeWatchlist' hook has been removed due to internal changes in + Special:Watchlist. 'SpecialWatchlistQuery' should now be used by extensions + to customize the watchlist database query. + + +=== Migrated extensions === +The following extensions are migrated into MediaWiki 1.14: + +* Special:DeletedContributions to show deleted user contributions (was + extension DeletedContributions) +* Special:Log/newusers recording new users (was extension Newuserlog) +* Special:LinkSearch to search for external links (was extension LinkSearch) +* RenderHash +* NoMoveUserPages +* UniversalEditButton + +=== New features in 1.14 === + +* New URL syntaxes for Special:ListUsers - 'Special:ListUsers/USER' and + 'Special:ListUsers/GROUP/USER', in addition to the older syntax + 'Special:ListUsers/GROUP' where GROUP is a valid group name. +* Configurable per-namespace and per-page notices for the edit form, + respectively MediaWiki:Editnotice-# where # is the namespace number, and + MediaWiki:Editnotice-#-PAGENAME where # is the page's namespace number and + PAGENAME is the page name minus the namespace prefix. +* (bug 8068) New __INDEX__ and __NOINDEX__ magic words allow user control of + search engine indexing on a per-article basis. +* Handheld stylesheet options +* Added 'DoEditSectionLink' hook as a cleaner unified version of the old + 'EditSectionLink' and 'EditSectionLinkForOther' hooks. Note that the + 'EditSectionLinkForOther' hook has been removed, but 'EditSectionLink' is + run in all cases instead, so extensions using the old hooks should still work + if they ran roughly the same code for both hooks (as is almost certain). +* Signature (~~~~) "cleaning", i.e. template removal, can be disabled with + $wgCleanSignatures=false +* Extensions can use the SkinBuildSidebar hook to modify the content of the + sidebar and add custom portlets to it +* Added 'MakeGlobalVariablesScript' hook for extensions to be able to add vari- + ables into into the output of Skin::makeVariablesScript +* (bug 13846) Added $wgAddGroups and $wgRemoveGroups display on + Special:ListGroupRights +* (bug 14377) Add a date selector to history pages +* (bug 15007) New 'pagetitle-view-mainpage' message allows the HTML <title> of + the main page to be customized +* Added $wgDisableTitleConversion to disabling the conversion for all pages on + the wiki +* Added 'noconvertlink' toggle that can be set per user preferences, also + added 'convertlink=no|yes' on GET requests whether have the link titles + being converted or not +* (bug 14921) Special:Contributions/: add user name to <title> + Patch by Emufarmers +* Unescape more "safe" characters when producing URLs, for added prettiness +* Introduced a new hook 'SkinAfterContent' that allows extensions to add text + after the page content and article metadata. Updated all skins and skin + templates to work with that hook. +* (bug 14929) removeUnusedAccounts.php now supports 'ignore-touched' and + 'ignore-groups'. Patch by Louperivois +* (bug 15127) Work around minor display glitch in Opera. +* By default, reject file uploads that look like ZIP files, to avoid the + so-called GIFAR vulnerability. +* (bug 15141) Give ability to only list protected pages with the cascading + option enabled on Special:ProtectedPages +* (bug 15157) Special:Watchlist has the same options as Special:Watchlist: + Show/Hide logged in users, Show/Hide anonymous, Invert namespace selection +* Added hook 'UserrightsChangeableGroups' to allow modification of what + groups may be added or removed via the Special:UserRights interface. +* HTML entities like now work (are not escaped) in edit summaries. +* (bug 13815) In the comment for page moves, use the colon-separator message + instead of a hardcoded colon. +* Allow <gallery> to accept image names without an Image: prefix +* Add tooltips to rollback and undo links +* BMP images are now displayed as PNG +* (bug 13471) Added NUMBERINGROUP magic word +* (bug 11884) Now support Flash EXIF attribute +* Show thumbnails in the file history list, patch by User:Agbad +* Added support of piped wikilinks using double-width brackets +* Added an on-wiki external image whitelist. Items in this whitelist are + treated as regular expression fragments to match for when possibly + displaying an external image inline. +* (bugs 15405, 15436) Sort more currency types correctly in sortable tables +* (bug 15422) Sort more different types of numbers in sortable tables +* (bug 2889) MediaWiki:Print.css applies to the printable version +* Category counts (e.g. from {{PAGESINCATEGORY:}}) should be more accurate for + small categories +* After logging in, automatically redirect to wherever you logged in from +* (bug 5619) Break messages used in Special:Statistics down further +* (bug 11029) Add link to Special:Listusers?group=sysop etc at + Special:Statistics +* (bug 15514) Setting $wgRightsText without $wgRightsUrl now produces a + plaintext copyright notice. Patch by Juliano F. Ravasi. +* (bug 15551) Deletion log excerpt is now shown whenever a user vists a + deleted page, even if they are unable to edit it. +* Added Wantedfiles special pages, allowing users to find image links with no + image. +* (bug 12650) It is now possible to set different expiration times for + different restriction types on the protection form. +* (bug 8440) Allow preventing blocked users from editing their talk pages +* Improved upload file type detection for OpenDocument formats +* Added the ability to set the target attribute on external links with + $wgExternalLinkTarget +* api.php now sends "Retry-After" and "X-Database-Lag" HTTP headers if the + maxlag check fails, just like index.php does +* Added "link" parameter to image links, to allow images to link to an + arbitrary title or URL. This should replace inaccessible and incomplete + solutions such as CSS-based overlays and ImageMap. +* (bug 368) Don't use caption for alt attribute; allow manual specification + using new "alt=" parameter for images +* (bug 44) The {{ns:}} core parser function now also accepts localized + namespace names and aliases; also, its output now uses spaces instead of + underscores to match the behavior of the {{NAMESPACE}} magic word +* Added the ability to display user edit counts in Special:ListUsers. Off by + default, enabled with $wgEdititis = true (named after the medical condition + marked by unhealthy obsession with edit counts). +* Added a file cache to the parser to improve page rendering time on pages with + several uses of the same image. +* (bug 1250) Users can still use "show preview" and "show changes" even if the + wiki is set to read-only mode. +* Added a call to the 'UnwatchArticleComplete' hook to the watchlist editor. + This should make it so that ALL user-accessible methods of removing a page + from a watchlist lead to this hook being called (it was previously only + called from within Article.php +* Maximum execution time for shell processes on linux is now configured with + $wgMaxShellTime (180 seconds by default) +* (bug 1306) 'Email user' link no longer shown on user page when emailing + is not available due to lack of confirmed address or disabled preference +* Special:Wanted templates special page added to display missing templates + linked from articles +* Make search matches bold only, not red as well +* (bug 10080) Blocks can be modified without unblocking first +* (bug 15820) Special:BlockIP shows a notice if the user being blocked is + already directly blocked +* (bug 13710) Allow to force "watch this" checkbox via URL using parameter + "watchthis" +* (bug 15125) Add Public Domain to default options when installing. Patch by + Nathan Larson. +* Set a special temporary directory for ImageMagick with $wgImageMagickTempDir +* (bug 16113) Show/hide for redirects in Special:NewPages +* (bug 15903) Upload link was added to Nostalgia skin +* (bug 15761) Add user toggle to omit diff after rollback +* Added the BitmapHandler_ClientOnly media handler, which allows server-side + image scaling to be completely disabled for specific media types, via the + $wgMediaHandlers configuration variable. +* New 'AbortDiffCache' hook can be used to cancel the caching of a diff +* (bug 15835) Added Content-Style-Type meta tag +* (bug 11027) Add parameter to MW:Randompage-nopages so that user can see the + namespace. +* Add id="mw-user-domain-section" to <tr> tag in Userlogin.php template so that + admins with a single domain can hide the domain section using CSS +* Dropped old Paser_OldPP class. Only new parser with preprocessor is used. +* Moved password reset form from Special:Preferences to Special:ResetPass +* Added Special:ChangePassword as a special page alias for Special:ResetPass +* Added complimentary function for addHandler() called removeHandler() for removing events +* Improved security of file uploads for IE clients, using a reverse-engineered + algorithm very similar to IE's content detection algorithm. +* Cascading protection no longer requires that both edit and move are restricted + to sysop, just edit=sysop is enough +* (bug 2391) A warning is now shown for invalid ISBN numbers on Special:Booksources. +* Installer has been updated to reflect the release of the GFDL 1.3. The URL for 1.2 + has been updated, and the 1.3 URL has been given. 1.2 is still Wikipedia-compatible. + RightsCode was changed from 'gfdl' to 'gfdl1_2', so we can now support 1.2 as well + as 1.3 (gfdl1_3). +* (bug 16293) PD URL was changed to the CreativeCommons site on PD (which auto-detects + your language) instead of Wikipedia. +* (bug 16635) The "view and edit watchlist" page (Special:Watchlist/edit) now + includes a table of contents +* File objects returned by wfFindFile() are now cached by default +* (bug 7492) Rights can now be assigned to specific IP addresses and ranges by + using $wgAutopromote (new defines: APCOND_ISIP and APCOND_IPINRANGE) +* Add a 'change block' link to Special:IPBlockList and Special:Log +* (bug 16459) Use native getElementsByClassName where possible, for better + performance in modern browsers +* Enable \cancel and \cancelto in texvc (recompile required) +* Added 'UserCryptPassword' and 'UserComparePasswords' hooks to allow extensions to implement + their own password hashing methods. +* (bug 16760) Add CSS-class to action links of Special:Log +* (bug 505) Time zones can now be specified by location in user preferences, + avoiding the need to manually update for DST. Patch by Brad Jorsch. +* (bug 2585) HTTP 404 return code is now given for a page view if the page + does not exist, allowing spiders and link checkers to detect broken links. +* Special:Log: Add 'change protection' link for unprotected pages too +* Special:Log: Add log type specific CSS classes 'mw-logline-$logtype' to + 'li' elements +* (bug 16754) Making arbitrary rows of sortable tables sticky: + |- class="unsortable" +* Show subversion too even if a "normal" version number is available +* (bug 16121) Add a note that a page move was without creating a redirect in the + move log +* Image moving is now enabled for sysops by default +* Make "Did you mean" search feature more noticeable +* (bug 16720) Transcluded Special:NewPages processes "/username=" + +=== Bug fixes in 1.14 === + * (bug 14907) DatabasePostgres::fieldType now defined. -* (bug 14966) Fix SearchEngineDummy class for silently non-functional search - on Sqlite instead of horribly fatal error breaky one. -* (bug 14987) Only fix double redirects on page move when the checkbox is - checked -* (bug 13376) Use $wgPasswordSender, not $wgEmergencyContact, as return - address for page update notification mails. -* API: Registration time of users registered before the DB field was created is now +* (bug 14659) Passing the default limit param to Special:Recentchanges no more + falls back to the user option +* (bug 14954) Fix regression in Modern and Simple skins +* Recursion loop check added to Categoryfinder class +* Fixed few performance troubles of large job queue processing +* Not setting various parameters in Foreign Repos now fails more gracefully +* (bug 2333) Redirects are properly rendered when previewing an edit. +* (bug 14972) Use localized alias of Special:Search on all search forms +* (bug 11035) Special:Search should have descriptive <title> +* Special pages are now not subject to special handling for "self-links" +* (bug 15053) Syntactically incorrect redirects with another link in them + no longer redirect to the second link +* (bug 15049) Fix for CheckUser extension's log search: usernames containing + a "-" were incorrectly turned into bogus IP range searches. + Patch by Max Semenik. +* (bug 15055) Talk page notifications no longer attempt to send mail when + user's e-mail address is invalid or unconfirmed +* (bug 12370) Add throttle on password attempts. Defaults to max 5 attempts in + 5 minutes. +* (bug 15016) 'Templates used on this page' list in view source should be + wrapped in a div with class "templatesUsed" +* (bug 14868) Setting $wgFeedDiffCutoff to 0 now disables generation of the + diff entirely, not just the display of it. +* (bug 6387) Introduced new setting $wgCategoryPrefixedDefaultSortkey which + allows having the unprefixed page title as the default category sortkey +* (bug 15079) Add class="ns-talk" / "ns-subject" to <body>. Also added + ns-special to special pages. +* (bug 15052) Skins should add their name as a class in <body> +* (bug 14165, bug 14294) Wikimedia specific configuration in convertGrammar() + for several languages was removed. The settings have been put in extension + WikimediaMessages. Patch for Czech by Danny B. +* (bug 15101) Displaying only bots edits in Special:Recentchanges now works + again +* (bug 13770) Fixed incorrect detection of PHP's DOM module +* (bug 14790) Export of category pages when using Category: prefix now actually + gives results +* Avoid recursive crazy expansions in section edit comments for pages which + contain '/*' in the title +* Fix excessive memory usage when parsing pages with lots of links +* $wgSpamRegex now matches the edit summary and page move descriptions in + addition to body text. +* Navigation links to images available from a shared repository (like Commons) + from their local talk pages no longer appear as redlinks +* Action=purge on ForeignApiFiles now works (purges their thumbnails and + description pages). +* (bug 15303) Title conversion for templates wasn't working in some cases. +* (bug 15264) Underscores in Special:Search/Foo_bar parameters were taken + literally; now converting them to spaces per expectation. +* (bug 15342) "Invert" checkbox now works correctly when selecting main + namespace in Special:Watchlist +* (bug 15172) 'Go' button of Special:Recentchanges now on the same line as the + last input element (like Special:Watchlist too) +* (bug 15351) Fix fatal error for invalid section fragments in autocomments +* Fixed intermittent deadlock errors involving objectcache table queries. + Use a separate database connection for the objectcache table to avoid + long-lasting locks on that table. +* Respect file restrictions in the file history list +* (bug 15399) Odd/even classes on sortable tables' rows could be slow for large + tables, and have been disabled by default. +* (bug 15482) Special:Recentchangeslinked has no longer two submit buttons +* (bug 15292) New message notification for unregistred users now works again +* (bug 14398) mwsuggest.js: Let width of container be configurable +* (bug 15543) Only include user touched timestamp to generated CSS +* (bug 15497) Removed encoding attribute from <?xml ?> tag +* (bug 12284) Special:Preferences now sets a returnto parameter on the link to + Special:UserLogin. Patch by Marooned. +* Fixed the HTTP accept language string detection length in + LanguageConverter.php, instead of the fixed length language codes. +* Special:RecentChangesLinked no longer shows outgoing links for nonexistent + pages even if there are broken link records with source article id 0 in the + database +* (bug 15598) Special:Newpages default limit uses user preference for + recentchanges limit instead of hardcoded 50. +* (bug 15617) $wgFeedClassesOutputPage::getHeadLinks() respects $wgFeedClasses, + instead of hardcoding rss and atom. Patch by Juliano F. Ravasi. +* (bug 14638) Special:Blockip now provides a link to the block log if the user + has been blocked more than 10 times. Patch by Matt Johnston. +* (bug 12678) Skins don't show Upload link if the user isn't allowed to upload. +* Fixed incorrect usage of DB_LAST in Special:Export. Deprecated DB_LAST. +* (bug 15642) Blocked sysops can no longer block other users +* Http::request() now respects $wgHTTPtimeout when not using cURL +* (bug 15158) Userinvalidcssjstitle not shown on preview +* (bug 15196) Free external links should be numbered in a localised manner +* (bug 15388) Title of Special:PrefixIndex +* Links with no title but a curid parameter now use the curid to pick a page +* (bug 10323) Special:Undelete should have "inverse selection" button +* (bug 15831) Modern skin RTL support is bugous +* (bug 15869) Nostalgia skin does not show page title in printable mode +* (bug 15795) Special:Userrights is now listed on Special:SpecialPages when the + user can only change his rights +* (bug 15846) Categories "leak" from older revisions in certain circumstances +* (bug 15928) Special pages dropdown should be inline in non-MonoBook skins +* (bug 14178) Some uses of UserLoadFromSession hook cause segfault +* (bug 15925) Postitive bytes added on recentchanges and watchlists are now + bolded if above the threshold, previously it only worked for negatives +* Specify apple-touch-icon before favicon in HTML head section to make the + Konqueror browser correctly use the latter +* (bug 15717) Set $separatorTransformTable for language 'eu' +* (bug 15605) Enabled $datePreferences for language 'hr'. Added standard date + preferences. +* (bug 13701) {{NUMBEROFVIEWS}} magic word to show number of total views. +* (bug 5101) Image from Commons doesn't show up when searched in Wikipedia + search box +* (bug 14609) User's namespaces to be searched default not updated after adding + new namespace +* Purge form uses valid XHTML +* (bug 12764) Special:LonelyPages shows transcluded pages +* (bug 16073) Enhanced RecentChanges uses onclick handler with better fallback + if JavaScript is disabled +* (bug 4253) Recentchanges IRC messages no longer include title in diff URLs +* Allow '0' to be an accesskey. +* (bug 8063) Use language-dependent sorting in client-side sortable tables +* (bug 16160) Suggestions box should be resized from left for RTL wikis +* (bug 11533) Fixed insane slowdown when in read-only mode for long periods + of time with CACHE_NONE (default objectcache table configuration). +* Trying to set two different default category sort keys for one page now + produces a warning +* (bug 16143) Fix redirect loop on special pages starting with lower case + letters +* (bug 15737) Fix notices while expanding using PPCustomFrame +* (bug 15544) Non-index entry points cause the "Wiki not set up" message to + have corrupt URLs +* (bug 5101) Image from Commons doesn't show up when searched in Wikipedia + search box +* (bug 4362) [[MediaWiki:History copyright]] no more used with most recent + revision when passing oldid parameter in the url +* (bug 16265) When caching thumbs with the ForeignApiRepo, we now use the same + filename as the remote site. +* (bug 8345) Don't autosummarize where a redirect was left unchanged +* Made thumb caching in ForeignApiFile objects integrated with normal thumb + path naming (/thumbs/hash/file), retired 'apiThumbCacheDir' as a result. +* (bug 5530) Consistency between character encoding in {{PAGENAMEE}}, + {{SUBPAGENAMEE}} and {{FULLPAGENAMEE}} +* Safer handling of non-MediaWiki exceptions -- now obeys our settings for + formatting and path exposure. +* Less verbose errors from profileinfo.php when not configured +* Blacklist redirects via Special:Filepath, hard to use. +* Improved input validation on Special:Import form +* Add a .htaccess to deleted images directory for additional protection + against exposure of deleted files with known SHA-1 hashes on default + installations. +* Improved scripting safety heuristics for IE 5/6 content-type detection. +* Improved scripting safety heuristics on SVG uploads. +* (bug 11728) Unify layout of enhanced watchlist/recent changes +* (bug 8702) Properly update stats when running nukePage maintenance script +* (bug 7726) Searches for words less than 4 characters now work without + requiring customization of MySQL server settings +* Honour unchecked "Leave a redirect behind" for moved subpages +* (bug 16440) Broken 0-byte math renderings are now deleted and re-rendered + when page is re-parsed. +* (bug 6100) Unicode BiDi embedding/override characters (U+202A - U+202E) are + now automatically removed from titles; these characters can accidentally end + up in copy-and-pasted titles, and, by overriding normal bidirectional text + handling, can lead to annoying behavior such as text rendering backwards +* Fixed minor bug where the memcached value for how many accounts an IP had + created that day would be increased even if $wgAccountCreationThrottle was + hit. This meant if an IP hit the throttle and then the throttle was raised + later that day, the IP still couldn't create another account, because it + had marked them as having created another account, when their last account + creation had actually failed. +* (bug 12647) Allow autogenerated edit summary messages to be blanked with '-' +* (bug 16026) 'Revision-info' and 'revision-info-current' both accept wiki + markup now. +* (bug 16529) Fix for search suggestions with some third-party JS libraries +* (bug 13342) importScript() generates more consistent URI encoding +* (bug 16577) When a blocked user tries to rollback a page, the block message + is now only displayed once +* (bug 14268) SVG image sizes now extracted with proper XML parser +* (bug 14365) RepoGroup::findFiles() no longer crashes if passed an invalid + title via the API +* (bug 4253, bug 16586) Revision ID is now given instead of title in URLs for + new pages in the recent changes IRC feed +* Ugly tooltips in Special:Statistics were phased out in favor of more direct + information. Went ahead and rewrote SpecialStatistics to subclass SpecialPage +* (bug 5506) Links to files on foreign repositories are now shown consistently + as bluelinks e.g. in logs and edit summaries +* (bug 16623) Add missing </p> tag in Special:LockDB +* (bug 15849) Special:Movepage now throws a more specific error when trying to + move a title to an interwiki target +* (bug 16638) 8-bit URL fallback encoding now set on additional languages using + Arabic script (Persian, Urdu, Sindhi, Punjabi) +* (bug 16656) cleanupTitles and friends should now work in load-balanced + DB environments when $wgDBserver isn't set. +* (bug 3691) Aspect ratio from viewBox attribute is now preserved for SVG + images which do not specify width and height attributes. +* (bug 15027) Internet domain names and IP addresses can now be indexed and + searched sensibly with the default MySQL search backend. +* (bug 11733) Fixed parameter validation in importTextFile.php +* (bug 16712) Special:NewFiles updated to use "newer"/"older" paging messages + for clarity over "previous/next" +* (bug 16612) Fixed "noprint" class for Modern skin print style +* Section anchors now have an "id" attribute as well as a "name" attribute, + even when Tidy is not used +* (bug 16026) revision-info, revision-info-current, cannotdelete, + redirectedfrom, historywarning and difference messages now use Wiki text + rather than raw HTML markup +* (bug 13835) Fix rendering of {{filepath:Wiki.png|nowiki}} +* (bug 16772) Special:Upload now correctly rejects files with spaces in the + file extension (e.g. Foo. jpg). +* Image moving over an existing file no longer throws a database error +* (bug 16786) Restored "redundant" links recently removed from Classic sidebar +* (bug 16850) $wgActionPaths can have query strings now, previously, this broke + local URLs +* (bug 16376) Mention in deleteBatch.php and moveBatch.php maintenance scripts + that STDIN can be used for page list +* (bug 16560) Special:Random returns a page from ContentNamespaces, and no + longer from NS_MAIN +* (bug 16123) Fixed Special:Import on SQLite. +* (bug 16937) Show appropriate error message for attempted installs on + PostgreSQL 7.3 or earlier. +* Disabled SQLite support in the installer. +* Fixed XSS vulnerabilities in the web-based installer. +* Added a meta robots tag to the installer to prevent indexing of potentially + sensitive configuration data. +* (bug 16483) Prevented a filesort in ApiQueryBacklinks caused by missing parentheses. + Building query properly now using makeList() + +=== API changes in 1.14 === + +* Registration time of users registered before the DB field was created is now shown as empty instead of the current time. -* (bug 14904): fragments were lost when redirects were fixed. -* Added magic word __STATICREDIRECT__ to suppress the redirect fixer -* (bug 15035) Revert English linkTrail to /^([a-z]+)(.*)$/sD, as it was before - r36253. Multiple reports of breakage due to old (pre-5.0) PCRE libraries, - both bundled with PHP and packaged with distros such as RHEL. -* (bug 14944) Shell invocation of external programs such as ImageMagick convert - was broken in PHP 5.2.6, if the server had a non-UTF-8 locale. - -== Changes since 1.12 == - -=== Configuration changes in 1.13 === - -* New option $wgFeed can be set false to turn off syndication feeds -* (bug 5745) Special:Whatlinkshere now shows up to $wgMaxRedirectLinksRetrieved - links through each redirect instead of hardcoded 500 -* Set $wgUploadSizeWarning to false by default -* Added $wgLBFactoryConf, for generic configuration of multi-master wiki farms -* Removed $wgAlternateMaster, use $wgLBFactoryConf -* (bug 13562) Misspelled option $wgUserNotifedOnAllChanges changed to - $wgUserNotifiedOnAllChanges -* (bug 12860) New option $wgSitemapNamespaces allows sitemaps to be generated - for only some namespaces -* Removed the emailconfirmed implicit group by default. To re-add it, use: - $wgAutopromote['emailconfirmed'] = APCOND_EMAILCONFIRMED; - in your LocalSettings.php. -* (bug 2396) New shared database configuration variables. $wgSharedPrefix allows - you to use a shared database with a different prefix. Or you can now use a local - database and use prefixes to separate wiki and the shared tables. And the new - $wgSharedTables variable allows you to specify a list of tables to share. -* Automatic edit summaries can be disabled with $wgUseAutomaticEditSummaries -* Duplicates of images are now shown on the image page -* $wgRCFilterByAge allows for the list of dates in recent changes special pages to - be filtered to only those within the range of $wgRCMaxAge -* $wgRCLinkLimits and $wgRCLinkDays allow for customization of the list and limits - displayed on the recent changes special pages -* The "createpage" permission is no longer required when uploading if the target - image page already exists -* $wgMaximumMovedPages restricts the number of pages that can be moved at once - (default 100) with the new subpage-move functionality of Special:Movepage -* Hooks display in Special:Version is now disabled by default, use - $wgSpecialVersionShowHooks = true; to enable it. -* $wgActiveUserEditCount sets the number of edits that must be performed over - a certain number of days to be considered active -* $wgActiveUserDays is that number of days -* $wgRateLimitsExcludedGroups has been deprecated in favor of - $wgGroupPermissions[]['noratelimit']. The former still works, however. -* New $wgGroupPermissions option 'move-subpages' added to control bulk-moving - subpages along with pages. Assigned to 'user' and 'sysop' by default. -* New $wgRC2UDPOmitBots allows user to omit bot edits from UDP output. - Default: false -* Removed $wgEnableCascadingProtection option. Disabling cascading protection - is no longer possible. -* $wgMessageCacheType defines now the type of cache used by the MessageCache class, - previously it was choosen based on $wgParserCacheType -* $wgExtensionAliasesFiles option to simplify adding aliases to special pages - provided by extensions, in a similar way to $wgExtensionMessagesFiles -* Added $wgXMLMimeTypes, an array of XML mimetypes we can check for - with MimeMagic. -* Added $wgDirectoryMode, which allows for setting the default CHMOD value when - creating new directories. -* (bug 14843) $wgCookiePrefix can be set by LocalSettings now, false defaults - current behavior. - -=== New features in 1.13 === - -* __HIDDENCAT__ on a category page causes the category to be hidden on the - article page -* Do not show edit permissions errors on a red link click, just redirect to the - article. This is so that readers who don't know what a red link is are not - confused when they are told they are range-blocked. -* Add a new hook ImageBeforeProduceHTML to allow extensions to modify wikitext - image syntax output -* (bug 13100) Added 'preloadtitle' parameter to action=edit§ion=new that - pre-fills the section title field -* (bug 13112) Added Special:RelatedChanges alias to Special:RecentChangesLinked -* (bug 13130) Moved edit token and autosummary fields above edit tools to - reduce broken form submissions -* Add --old-redirects-only option to maintenance/refreshLinks.php, to add old - redirects to the redirect table -* Add links to page and file deletion forms to edit predefined delete reasons -* (bug 13269) Added MediaWiki:Uploadfooter to the bottom of Special:Upload -* (bug 2815) Search results for media now use thumbnail instead of text extract -* When a page doesn't exist, the tab should say "create", not "edit" -* (bug 12882) Added a span with class "patrollink" around "Mark as patrolled" - link on diffs -* Magic word formatnum can now take raw suffix to undo formatting -* Add updatelog table to reliably permit updates that don't change the schema -* Add category table to allow better tracking of category membership counts -** (bug 1212) Give correct membership counts on the pages of large categories -** Use category table for more efficient display of Special:Categories -* (bug 1459) Search for duplicate files by hash: Special:FileDuplicateSearch -* (bug 9447) Added hooks for search result headings -* Image redirects are now enabled by default -* (bug 13450) Email confirmation can now be canceled before the expiration -* (bug 13490) Show upload/file size limit on upload form -* Redesign of Special:UserRights -* Make rev_deleted log entries more intelligible -* (bug 6943) Added PAGESINCATEGORY: magic word -* (bug 13604) Added Special:ListGroupRights -* (bug 6332, 8617) Added message 'mainpage-description' as duplicate of - 'mainpage' and added it to message 'sidebar' -* Automatically add old redirects to the redirect table when needed -* (bug 6934) Allow inclusions, links, redirects to be separately toggled on or - off on Special:WhatLinksHere -* Cache image redirects -* (bug 10457) Organize Special:SpecialPages into sections -* Add a new hook EditPageBeforeConflictDiff to allow extensions like FCKeditor - to modify the output for edit conflicts -* Add class="nested" for <fieldset>s so fieldsets inside fieldsets get - a slightly less huge margin and padding -* (bug 13527) Use sitemaps.org format 0.9 instead of a Google-specific format -* Allow \C and \Q as TeX commands to match \R, \N, \Z -* On Special:UserRights, when you can add a group you can't remove or remove - one you can't add, a notice is printed to warn you -* (bug 12698) Create PAGESIZE parser function, to return the size of a page -* Allow the "log in / create account" link in the toolbar to have different - text from Special:UserLogin title (new message 'nav-login-createaccount') -* Say "log in / create account" if an anonymous user can create an account, - otherwise just "log in", consistently across skins -* Special:Shortpages and Special:Longpages now returns pages in all content - namespaces, not just NS_MAIN. -* (bug 889) Improve conflict-handling between shared upload repository - and local one -* Update documentation links in auto-generated LocalSettings.php -* (bug 13584) The new hook SkinTemplateToolboxEnd was added. -* (bug 709) Cannot rename/move images and other media files [EXPERIMENTAL] -* Custom rollback summaries now accept the same arguments as the default message -* (bug 12542) Added hooks for expansion of Special:Listusers -* Drop-down AJAX search suggestions (turn on $wgEnableMWSuggest) -* More relevant search snippets (turn on $wgAdvancedSearchHighlighting) -* (bug 13950) Allow users to watch the user/talk pages of users they block. -* (bug 13970) Allow MonoBook-based skins to specify their own print stylesheet -* Show image links on Special:Whatlinkshere -* Use rel="start", "prev", "next" appropriately on Pager-based pages -* Add support for SQLite -* AutoAuthenticate hook renamed to UserLoadFromSession -* (bug 13232) importScript(), importStylesheet() funcs available to custom JS -* (bug 13095) Search by first letters or digits in [[Special:Categories]] -* Users moving a page can now move all subpages automatically as well -* (bug 14259) Localisation message for upload button on Special:Import is now - 'import-upload' instead of 'upload' -* Add information about user group membership to Special:Preferences -* (bug 14146) Wrap usage section on imagepages into <div>s. -* New layout for Special:Specialpages. Restricted pages are marked but not separated - from other pages in their group. -* (bug 14263) Show a diff of the revert on rollback notification page. -* (bug 13434) Show a warning when hash identical files exist -* Sidebar is now cached for all languages -* The User class now contains a public function called isActiveEditor. Figures - out if a user is active based on at least $wgActiveUserEditCount number of - edits in the last $wgActiveUserDays days. -* SpecialSearchResults hook now passes results by reference, so they can be - changed by extensions. -* Add a new hook LinkerMakeExternalLink to allow extensions to modify the output of - external links. -* (bug 14132) Allow user to disable bot edits from being output to UDP. -* (bug 14328) jsMsg() within Wikibits now accepts a DOM object, not just a string -* (bug 14558) New system message (emailuserfooter) is now added to the footer of - e-mails sent with Special:Emailuser -* Add support for Hijri (Islamic) calendar -* Add a new hook LinkerMakeExternalImage to allow extensions to modify the output - of external (hotlinked) images. -* (bug 14604) Introduced the following features for the LanguageConverter: - Multi-tag support, single conversion flag, remove conversion flag on a single - page, description flag, variant name, multi-variant fallbacks. -* Add zh-mo and zh-my variants for the zh language -* (bugs 4832, 9481, 12890) Special:Recentchangeslinked now has all options that - are in Special:Recentchanges -* Allow an $error message to be passed to ArticleDelete hook -* Allow extensions to modify the user creation form by calling addInputItem(); -* Add meta generator tag to HTML output -* MediawikiPerformAction hook is now passed the Mediawiki object -* Added blank special page Special:BlankPage for benchmarking, etc. -* Foreign repo file descriptions and thumbnails are now cached. -* (bug 11732) Allow localisation of edit button images -* Allow the search box, toolbox and languages box in the Monobook sidebar to be - moved around arbitrarily using special sections in [[MediaWiki:Sidebar]]: - SEARCH, TOOLBOX and LANGUAGES -* Add a new hook NormalizeMessageKey to allow extensions to replace messages before - the database is potentially queried -* (bug 9736) Redirects on Special:Fewestrevisions are now marked as such. -* New date/time formats in Cs localization according to ČSN and PČP. -* Special:Recentchangeslinked now includes changes to transcluded pages and - displayed images; also, the "Show changes to pages linked" checkbox now works on - category pages too, showing all links that are not categorizations -* (bug 4578) Automatically fix redirects broken by a page move - -=== Bug fixes in 1.13 === - -* (bug 10677) Add link to the file description page on the shared repository -* (bug 13084) Increase size of source/destination filename fields in upload form -* (bug 13115) rebuildrecentchanges should print the current value of $wgRCMaxAge -* (bug 13140) Show parent categories in category namespace -* (bug 13149) Correctly format 'fileexists' message on Upload page -* Make the default filepageexists message accurate -* (bug 12988) $wgMinimalPasswordLength no longer breaks create user by email -* (bug 13022) Fix upload from URL on PHP 5.0.x -* (bug 13132) Unable to unprotect pages protected with earlier versions of MediaWiki -* (bug 12723) OpenSearch description name now uses more compact language code - to avoid passing the length limit as often, is customizable per site via - 'opensearch-desc' message. -* (bug 13135) Special:Userrights now passes IDs through form submission - to allow functionality on not-quite-right usernames -* (bug 12575) Prevent duplicate patrol log entries from being created -* (bug 13174) __HIDDENCAT__ now applies only to category pages -* (bug 13031) Add links to user pages in e-mail form -* (bug 13147) Description for categoriespagetext (used in Special:Categories) reworded -* (bug 11561) Fix fatal error when calling action=revert to non-image page -* (bug 12430) Fix call to private method LinkFilter::makeRegex fatal error in - maintenance/cleanupSpam.php -* All skins should have the "mediawiki" class on the body element -* (bug 13019) Message cache for some extensions not loaded at time of editing -* (bug 13247) Prettified ISBN links -* maintenance/refreshLinks.php did not fix page_id 1 with the --new-only option -* (bug 13110) Don't show "Permission error" page if the edit is already rolled - back when using rollback -* (bug 13012) Use content messages for block options when generating the - recentchanges entry -* (bug 13274) Change links for messages to ucfirst -* (bug 13273) Un-hardcode some punctuation (add new messages colon-separator, - autocomment-prefix) -* Parse MediaWiki message translations with a correct language setting on preview -* (bug 13281) Treat X-Forwarded-For, Client-ip and User-Agent headers as - case-insensitive names. -* Adding the fix for lists in RTL wikis to more skins, and fixing the image toc -* (bug 8157) Remove redirects from Special:Unusedtemplates. Patch by WebBoy. -* (bug 10721) Duplicate section anchors with differing case now disambiguated - for Internet Explorer's sake and standards compliance -* (bug 13298) Tighter limits on Special:Newpages limits when embedding -* Email subject in content language instead of sending user's UI language -* (bug 13251) Allow maintenance rebuild scripts to work with Postgres -* (bug 2084) Fixed incorrect regex to match redirects -* (bug 3131) Manually-specified upload destination filename is no longer - overwritten by browsing for a file after you wrote it. -* (bug 7251) Sidebars generated by MediaWiki:Sidebar now have the class - 'generated-sidebar'. -* (bug 13265) Media handler is missing 'image/x-bmp' -* (bug 13407) MediaWiki:Powersearch is used in two places -* (bug 13403) Fix cache invalidation of history pages when old revisions change -* (bug 11563) Deprecated SearchMySQL4 class; merged code to SearchMySQL -* (bug 12801) Fix link in subtitle message in AJAX search -* (bug 13428) Fix regression in protection form layout HTML validity -* (bug 9403) Sanitize newlines from search term input -* (bug 13429) Separate date and time in message sp-newimages-showfrom -* (bug 13137) Allow setting 'editprotected' right separately from 'protect', - so groups may optionally edit protected pages without having 'protect' perms -* Disallow deletion of big pages by means of moving a page to its title and - using the "delete and move" option. -* (bug 13466, 13632) White space differences not shown in diffs -* (bug 1953) Search form now honors namespace selections more reliably -* (bug 12294) Namespace class renamed to MWNamespace for PHP 5.3 compatibility -* PHP 5.3 compatibility fix for wfRunHooks() called with no parameters -* (bug 6447) Trackbacks now work with transactional tables, if enabled -* (bug 6892, 7147) Trackback error handling, optional fields more robust -* (bug 6813) Don't break HTML validator when using trackbacks -* Fix for size checks on SVG images with global 'stroke-width' attribute -* (bug 11874) Inline CSS with !important no longer borken -* (bug 1600) Strip extra == section markup == in new-comment field -* (bug 11325) Wrapped page titles in MonoBook skin spaced more nicely -* (bug 12077) Fix HTML nesting for TOC -* (bug 344) Purge cache for talk/article pages when deleting the other tab -* (bug 13436) Treat image captions correctly when they include option keywords - (like ending with "px" or starting with "upright") -* Trackback display formatting fixed -* Don't die when single-element arrays are passed to SQL query constructors - that have an array index other than 0 -* (bug 13522) Fix fatal error in Parser::extractTagsAndParams -* (bug 13532) Use proper timestamp call when reverting images -* (bug 13543) Updated FAQ link in the installer sidebar -* (bug 13540) Date format in confirmation e-mail now matches message language -* (bug 13554) PHP Notice in old pre-processor when list item is empty. -* (bug 13556) Don't show a blank form if no image is attached in Special:Upload -* (bug 13576) maintenance/rebuildrecentchanges.php fails -* (bug 13441) Allow Special:Recentchanges to show bots only -* (bug 13431) Show true message source in Special:Allmessages&ot=php / xml -* (bug 13463) Login successful page doesn't use user's preferred interface language -* (bug 13630) Fixed warnings for pass by reference at call time in - Special:Revisiondelete when generating the log entry. -* (bug 12064) BeforePageDisplay hook is now called for all skins -* (bug 13624) Fix regression with manual thumb= parameter on images -* (bug 11039) Add missing labels on protection form -* (bug 13458) Preview/edit toolbar spacing now works consistently -* (bug 13433) Fix action=render on Image: pages -* (bug 13678) Fix CSS validation for Monobook -* (bug 13684) Links in Special:ListGroupRights should be in content language -* (bug 13690) Fix PHP notice on accessing some URLs -* Hide (undo) link if user isn't able to edit page -* Invalidate cache of pages that includes images via redirects on upload -* (bug 13705) Don't show rollback link in page history on incorrect revisions -* (bug 13708) Don't set "Search results" title when loading Special:Search - without query -* (bug 13736) Don't show MediaWiki:Anontalkpagetext on non-existant IP addresses -* (bug 13728) Don't trim initial whitespace during section edits -* (bug 13727) Don't delete log entries from recentchanges on page deletion -* (bug 13752) Redirects to sections now work again -* (bug 13725) Upload form watch checkbox state set correctly with wpDestFile -* (bug 13756) Don't show the form and navigation links of Special:Newpages if - the page is included -* When hiding things on WhatLinksHere, generated URLs should hide them too -* Properly escape search terms with regex chars so they appear highlighted in - search results -* (bug 13768) pt_title field encoding fixed -* Do not display empty columns on Special:UserRights if all groups are - changeable or all unchangeable -* Fix fatal error on calling PAGESINCATEGORY with invalid category name -* (bug 13793) Special:Whatlinkshere filters wrong - after paginating instead of before -* (bug 13796) Show links to parent pages even if some of them are missing -* (bug 13816) Filter by main namespace doesn't work on WhatLinksHere -* (bug 13822) Fatal error on some pages when calculating subpage subtitle -* (bug 13824) AJAX search suggestion now works with non-SkinTemplate skins -* Added 'application/x-dia-diagram' MediaWiki's known MIME types -* (bug 13866) skins/common/shared.css - invalid attribute fixing -* Hide edit section links on Special:Undelete -* (bug 13860) Fix "Justify paragraphs" option for Modern skin -* (bug 13168) accessibility links in Modern skin link to wrong anchor id -* (bug 13185) No line break after 'subpages' class in Modern skin -* (bug 13583) No "poweredby" in Modern skin -* (bug 13880) "Printable" link in Modern skin now formats as print mode -* (bug 13885) Bump default $wgSVGMaxSize from 1024 to 2048 pixels -* (bug 13891) Show categories box even if all categories are hidden and user has - "show hidden categories" option on -* (bug 13915) Undefined variable $wltsfield in includes/SpecialWatchlist.php -* (bug 13913) Special:Whatlinkshere now has correct HTML markup -* (bug 13905) Blacklist Mac IE from HttpOnly cookies; it eats them sometimes -* (bug 13922) Fix bad HTML on empty Special:Prefixindex and Special:Allpages -* (bug 13924) Fix bad HTML on power search form -* (bug 13820) Fix updater for rev_parent_id population -* (bug 13925) Fix bad HTML on search results list -* (bug 13934) Fixing the link to GNU General Public License Version 2 -* Show correct accesskey prefix for Firefox 3 beta (Alt-Shift-, not Alt-) -* (bug 13949) Special:PrefixIndex/AllPages paging links contain invalid XML -* (bug 13770) Use Preprocessor_Hash by default to avoid missing DOM module errors -* (bug 13982) Disable ccmeonemails preference when user-to-user mails disabled -* (bug 13615) Update case mappings and normalization to Unicode 5.1.0 - Note that case mappings will only be used if mbstring extension is not present. -* (bug 14044) Don't increment page view counters on views from bot users -* (bug 14042) Calling Database::limitResult() misplaced the comment in the log file -* (bug 14047) Fix regression in installer which hid DB-specific options - Also makes SQLite path configurable in the installer. -* (bug 13546) Follow image redirects on image page -* (bug 12644) Template list on edit page now sorted on preview -* (bug 14058) Support pipe trick for namespaces and interwikis with "-" -* Message name filter on Special:Allmessages now case-insensitive -* (bug 13943) Fix image redirect behaviour on image pages -* (bug 14093) Do 'sysop' => 'protect' magic in Title::isValidMoveOperation -* (bug 14063) Power search form missing <label> for redirects check -* (bug 14111) Similar filename warning links now lead to correct page -* (bug 14082) Fix for complex text input vs AJAX suggestions on some browsers -* (bug 13693) Categories sometimes claim to have a negative number of members -* (bug 1701) Korean Hangul syllables now broken down properly in Category lists - even if the wiki's overall content language is not Korean -* (bug 12773) addOnloadHook() now calls functions immediately when scripts are - loaded after the primary page completion, instead of dropping them -* (bug 14199) Fix deletion form for image redirect pages -* (bug 14220) Disabling $wgCheckFileExtensions now works without also - disabling $wgStrictFileExtensions -* (bug 14241) Pages can no longer be protected to levels you are not in -* (bug 14296) Fix local name of ang: (Anglo-Saxon) -* (bug 4871) Hardcoded superscript in time zone preferences moved to message -* (bug 6957) E-mail confirmation links now using English special page name - for better compatibility and keeping the links shorter. Avoids problem - with corrupt links in Gmail on IE 6. -* (bug 14273) Fix for HTTP Accept header parsing with spaces as from Konqueror -* (bug 14312) Update LanguageKaa.php for handling transform issues with i to İ - and I to ı -* (bug 13826) MediaWiki:Defaultns accepts Wikicode -* (bug 14324) Creating an account is again possible with $wgEmailConfirmToEdit - set to true -* (bug 13034) Interwiki pages can now be reached using Go search button -* (bug 14362) Change interwiki names of Erzya and Moksha Wikipedias -* (bug 14370) When a grouppage-x message does not exist the entry on the - ListGroupRights special page now links to the project namespace page for it, - not the main namespace page. -* (bug 11659) Urldecode image names in galleries -* (bug 14258, 14368) Fix for subpage renames in replication environments -* (bug 14367) Failed block no longer adds phantom watchlist entry -* (bug 14385) "Move subpages" option no longer tries to move to invalid titles -* (bug 14386) Fix subpage namespace oddity when moving a talk page -* (bug 11771) Signup form now not shown if in read-only mode. -* (bug 12859) $wgRateLimitsExcludedGroups has been deprecated in favor of - $wgGroupPermissions[]['noratelimit']. -* (Bug 13828) Split parameter $1 of MediaWiki:Missingarticle into $1 (=title) - and $2 (=revision numbers) -* (bug 14401) Fix Safari access key tooltips for Windows and >3.1 Mac versions -* (bug 14432) Fix notice regression in Special:Newpages feed mode -* (bug 11951) EditPage::getEditToolbar() is now static. -* (bug 14392) Fix regression breaking table prefix in installer -* (bug 11084) $wgDBprefix replacement for updater SQL will now work for - extension tables using uppercase letters or digits in their names. -* (bug 12311) Fix regression with lists at start of undeletion preview -* (bug 14496) Fix regression with parseinline on Special:Upload. -* We no longer just give up on a missing upload base directory; it's now - created automatically if we have sufficient permissions! -* (bug 14479) MediaWiki:upload-maxfilesize should have a div id wrapper -* (bug 14497) Throw visible errors in installer scripts when SQL files - fail due to database permission or other error -* (bug 14500) Site feed (Recentchanges) no longer shows up on the actual - recent changes page. -* (bug 14511) MediaWiki:Delete-legend is no longer double escaped -* Generate correct section anchors for numeric headers -* (bug 14520) Don't load nonexistent CSS files for Chick/Myskin/Simple skins -* (bug 14551) Cancel upload no longer automatically suppresses warnings -* (bug 13878) Deprecate Article::getDB() in favor of direct wfGetDB() calls -* (bug 4977) Fix for possible squid purging errors when using HTTP purges - and multiple servers -* (bug 14572) Redirects listed on file links on image pages no longer redirect. -* (bug 14537) Change interwiki name for Old Church Slavonic (cu) -* (bug 14583) Fix regression in recent changes "limit to certain categories." -* (bug 14515) HTML nesting cleanup on edit form -* (bug 14647) Removed unused 'townBox' CSS classes -* (bug 14687) OutputPage::addStyle() now adds type="text/css" like it should. -* OpenSearch cleanup; Firefox now sends you to the search page for empty - searches instead of the domain root (which may not even be a wiki). -* (bug 3481) Pages moved shortly after creation are shown at their new title - on Special:Newpages. -* (bug 12716) Trying to unprotect a title that isn't protected no longer - generates a log entry. -* (bug 14088) Excessively long block expiry times are rejected as invalid, - keeps the log page from being distorted. -* (bug 14708) Emulate INSERT...IGNORE with standard SQL for Postgres backend. -* (bug 14646) Fix some double-escaping of HTML in feed output -* (bug 14709) Fix login success message formatting when using cookie check -* (bug 14710) Remove "donate" link from default sidebar -* (bug 14745) Image moving works on sites that transform thumbnails via 404 -* (bug 2186) Document.write() in wikibits caused failures when using - application/xhtml+xml. The calls to this have been removed. -* (bug 14764) Fix regression in from Article::lastModified(), failed to work - on non-mySQL schemas. -* (bug 14763) Child classes of Database (DatabasePostgres and DatabaseOracle) - had stict standards issues with setFakeSlaveLag() and setFakeMaster(). -* (bug 451) Improve the phrase mappings of the Chinese converter arrays. -* (bug 12487) Rights log is not fully internationalized -* (bug 10837) Language variants no longer override other languages than base -* (bug 14778) 'limit' parameter now applies to history feeds as well as - history pages -* (bug 14845) Bug in prefs javascript: Calling an array item without checking - its existance. -* Accesskeys for minor edit/watch checkboxes on edit now work in Firefox 3 -* (bug 12384) Comments in maintenance/*php -* (bug 12441) ./maintenance/generateSitemap.php fix -fspath requiring - a trailing slash. -* (bug 12568) configuration script now produce valid XHTML. -* The accesskey to edit a page is now disabled when editing the page, to pre- - vent conflicts with Safari shortcuts. - -=== API changes in 1.13 === - -* Fixing main page display in meta=siteinfo -* (bug 13128) Added patrolled flag to list=recentchanges -* Implemented {bl,ei,iu}redirect (lists links through redirects as well) -* (bug 13154) Introduced subpages flag to meta=siteinfo&siprop=namespaces -* (bug 13157) Added ucuserprefix parameter to list=usercontibs -* (bug 12394) Added rctitles parameter to list=recentchanges, making rcid - retrieval easier -* (bug 13218) Fix inclusion of " character in hyperlinks -* Added watch and unwatch parameters to action=delete and action=move -* Added action=edit -* (bug 11401) Added xmldoublequote to xml formatter -* Added rvsection parameter to prop=revisions to allow fetching the content of - a certain section only -* Introduced list=allimages -* (bug 13371) Build page set from image hashes -* Mark non-existent messages in meta=allmessages as missing -* (bug 13390) One invalid title no longer kills an entire API query -* (bug 13419) Fix gblredirect so it actually works -* (bug 13418) Disable eiredirect because it's useless -* (bug 13395) list=allcategories should use category table -* (bug 13442) Missing pages in prop=langlinks and prop=extlinks are now - handled properly. -* (bug 13444) Add description to list=watchlist -* (bug 13482) Disabled search types handled properly -* Added inprop=talkid,subjectid to prop=info -* Added help text message that specifies whether a module is POST-only -* Added createonly parameter to action=edit -* Replaced $wgAPIUCUserPrefixMinLength by the more generic $wgAPIMaxDBRows -* (bug 11719) Remove trailing blanks in YAML output. -* (bug 13541) Added siprop=specialpagealiases to meta=siteinfo -* Added fallback8bitEncoding and readonly fields to - meta=siteinfo&siprop=general output -* (bug 13544) Added prop=revid to action=parse -* (bug 13603) Added siprop=usergroups to meta=siteinfo -* Cleaned up redirect resolution -* Added possibility to obtain all external links through list=exturlusage -* (bug 13606) Added archivename to iiprop -* (bug 11633) Explicitly convert redirect titles to strings due to PHP's - very weak typing on array keys. -* (bug 12136) Extend allowed characters in JSON callback to ][.'"_A-Za-z0-9 -* (bug 11673) Return error 'unknown_action' in specified format -* (bug 13618) Added rcprop=redirect and rcshow=redirect to list=recentchanges -* (bug 13544) Added oldid parameter to action=parse to allow for parsing of old - revisions -* (bug 13718) Return the proper continue parameter for cmsort=timestamp -* action=login now returns the correct waiting time in the details property -* (bug 13792) Broken titles are now silently skipped in search results. -* (bug 13819) exturlusage paging skipped an item -* Fixed handling of usernames containing spaces in list=block -* (bug 13836) Fixed fatal errors resulting from combining iiprop=metadata with - format=xml -* (bug 13735) Added prop=categoryinfo module -* (bug 13945) Retrieve cascading protection sources via inprop=protection -* (bug 13965) Hardcoded 51 limit on titles is too limiting -* (bug 13993) apfrom doesn't work with apdir=descending -* (bug 14018) Introduced alcontinue to list=alllinks to improve paging -* (bug 14013) Added rcshow=patrolled to list=recentchanges -* (bug 14028) Added language attribute to interwiki map in meta=siteinfo -* (bug 14022) Added usprop=registration and auprop=blockinfo -* (bug 14021) Removed titles= support from list=backlinks (has been obsolete - for ages) -* (bug 13829) Expose parse tree via action=expandtemplates -* (bug 13606) Allow deletion of images -* Added iiprop=mime and aiprop=metadata -* Handled unrecognized values for parameters more gracefully -* Handled requesting disallowed tokens more gracefully -* (bug 14140) URL-encoded page titles are now decoded in edit summaries -* (bug 14243) Only accept post requests in action=edit; patch by HardDisk -* action=block now returns an ISO8601 timestamp, like all other modules do -* Added md5 parameter to action=edit -* (bug 14335) Logging in to unified account using API not possible -* Added action=emailuser to send an email to a user -* (bug 14471) Use HTMLTidy and generate limit report in action=parse -* (bug 14459) Added prependtext and appendtext parameters to action=edit -* (bug 14526) Unescaped SQL in list=backlinks -* Added 'hidden' flag to list=allcategories and prop=categoryinfo output -* Added nocreate parameter to action=edit -* (bug 14402) Added maxage and smaxage parameters to api.php -* Added bkip parameter to list=blocks -* (bug 14651) apprefix and similar parameters are now canonicalized -* Added clprop=timestamp to prop=categories -* (bug 14678) API errors now respects $wgShowExceptionDetails and - $wgShowSQLErrors -* (bug 14723) Added time zone and writing direction to meta=siteinfo -* Added APIQueryInfoTokens and APIQueryRevisionsTokens hooks so extensions - can add their own tokens -* Added block and unblock tokens to prop=info as well -* Added paging (limit and continue parameters) to - prop={links,templatelinks,langlinks,extlinks,categories,images} -* Added flag "top" to list=usercontribs if the user is the last contributor to - the page -* list=exturlusage in "list all links" mode can now filter by protocol - -=== Languages updated in 1.13 === +* API search now falls back to fulltext search by default when using Lucene + or other engine which doesn't support a separate title search function. + This means you can use API search on Wikipedia without explicitly adding + &srwhat=text to the query. +* Added iiprop=bitdepth to imageinfo and aiprop=bitdepth to allimages +* (bug 14713) API-specific permissions (such as 'writeapi' and 'apihighlimits' + are now listed on action=help +* (bug 15044) Added requestid parameter to api.php to facilitate distinguishing + between requests +* (bug 15048) Added limit field for multivalue parameters to action=paraminfo + output. +* When the limit on multivalue parameters is exceeded, a warning is issued +* list=search doesn't list missing pages any more +* (bug 15178) Added clshow to prop=categories to allow filtering for hidden/ + non-hidden categories +* (bug 15228) Combining revids= and redirects now throws a warning instead of + an error, and still resolves redirects generated by the generator. +* list={backlinks,embeddedin,imageusage} now return arrays with keys 0, 1, 2, + etc. (AKA lists) instead of arrays with pageIDs as keys (AKA hash tables) + for consistency with other list modules. +* Added action=watch +* (bug 15275) apprefix and related parameters ignore spaces at the end +* action=edit no longer throws unknown error 228 when trying to create an + empty section with section=new +* Database replication lag doesn't cause all action=edit requests to return the + nochange flag any more +* (bug 15392) ApiFormatBase::formatHTML now uses $wgUrlProtocols. +* (bug 15444) action=edit returns "Unknown error: ``AS_END''" where it should + return just "Unknown error" +* (bug 15448) YAML output returns empty values instead of 0 +* (bug 15445) Added action=patrol +* (bug 15466) Added action=purge +* (bug 15486) action=block ignores autoblock parameter +* (bug 15492) added rcprop=loginfo to list=recentchanges +* (bug 15527) action=rollback can now revert anonymous editors +* (bug 15535) prop=info&inprop=protection doesn't list pre-1.10 protections + if the page is also protected otherwise (1.10+ style or cascading) +* list=random now has rnredirect parameter, to get random redirects. +* Added APIAfterExecute, APIQueryAfterExecute and APIQueryGeneratorAfterExecute + hooks which allow for extending core modules in a cleaner way +* action=protect checks for invalid protection types and levels +* (bug 15673) Added indentation to format=wddxfm output and improved built-in + WDDX formatter to resemble PHP's more +* (bug 15706) Empty values for apprtype and apprlevel are now silently ignored + rather than causing an exception +* Added uiprop=preferencestoken to meta=userinfo +* (bug 15609) Add inprop=url and inprop=readable to prop=info +* Add ApiDisabled and ApiQueryDisabled classes so individual modules can + be disabled in LocalSettings.php +* (bug 15653) Add prop=duplicatefiles +* (bug 15768) Add list=watchlistraw +* (bug 15647) action=edit with basetimestamp fails if the page has been deleted + and undeleted since the last edit +* (bug 15785) Allow for different expiry times for different protections in + action=protect +* Added allowsduplicates attribute to action=paraminfo output +* (bug 15767) apfilterlanglinks returns duplicate results +* (bug 15845) Added pageid/fromid parameter to action=delete/move, making + manipulation of legacy pages with invalid titles possible +* (bug 15881) Empty or invalid parameters cause database errors +* The maxage and smaxage parameters are now properly validated +* (bug 15945) list=recentchanges doesn't check $wgUseRCPatrol, $wgUseNPPatrol + and patrolmarks right +* (bug 15985) acfrom and aifrom parameters didn't work when sorting in + descending order. +* (bug 15995) Add cmstartsortkey and cmendsortkey parameters to + list=categorymembers +* (bug 16017) list=categorymembers sets invalid continue parameters for + sortkeys containing pipes +* (bug 16018) Added uccontinue parameter to list=usercontribs so paging + works properly when multiple users are queried or a userprefix is used +* (bug 16047) Added activeusers attribute to meta=siteinfo&siprop=statistics + output +* Added redirect resolution to action=parse +* (bug 16074) rvprop=content combined with a generator with a high limit causes + an error +* (bug 16105) Image metadata attributes containing spaces result in invalid XML +* (bug 16126) Added siprop=magicwords to meta=siteinfo +* (bug 16159) Added wlshow=patrolled|!patrolled to list=watchlist +* (bug 16225) Titles like Talk:Talk:Foo broke apfrom and friends +* meta=siteinfo&siprop=interwikimap no longer throws an exception for empty + sifilter parameter. +* (bug 12760) meta=userinfo&uiprop=ratelimits doesn't list group-specific rate + limits +* (bug 16398) meta=userinfo&uiprop=rights lists some rights twice in some cases +* (bug 16408) Added rvgeneratexml to prop=revisions +* (bug 16421) Made list=logevents's leuser accept user names with underscores + instead of spaces +* (bug 16516) Made rvsection=T-2 work +* (bug 16526) Added usprop=emailable to list=users +* (bug 16548) list=search threw errors with an invalid error code +* (bug 16515) Added pst and onlypst parameters to action=parse +* (bug 16541) Added block expiry timestamp to list=logevents output +* (bug 16613) action=protect doesn't tell when &cascade was set but cascading + protection wasn't allowed +* (bug 16626) action=delete now correctly handles empty "reason" param +* (bug 15579) clshow considers all categories !hidden +* (bug 16647) list=allcategories, prop=categories don't return "hidden" + property for hidden categories +* New siprop parameter of 'extensions' to list all installed extensions +* (bug 16672) Include canonical namespace name in + meta=siteinfo&siprop=namespaces. +* (bug 16726) siprop=namespacealiases should also list localized aliases +* (bug 16730) Added apprfiltercascade parameter to list=allpages to filter + cascade-protected pages +* (bug 16798) JSON encoding errors for some characters outside the BMP +* (bug 16629) prop=info&inprop=protection lists empty legacy protections + incorrectly +* (bug 15261, 16262) API no longer outputs invalid UTF-8 +* Fix broken list=alllinks paging and make alunique actually work + +=== Languages updated in 1.14 === MediaWiki supports over 300 languages. Many localisations are updated regularly. Below only new and removed languages are listed. -* Egyptian Spoken Arabic (arz) (new) -* Southern Balochi (bcc) (new) -* Middle Dutch (dum) (removed) -* British English (en-gb) (new) -* Fiji Hindi (Latin) (hif-latn) (new) -* Old Norse (non) (removed) -* Tarifit (rif) (new) -* Serbian cyrillic iyekvian (sr-jc) (removed) -* Serbian latin iyekavian (sr-jl) (removed) -* Silesian (szl) (new) -* Tajiki (Cyrllic script) (tg-cyrl) (new) -* Tajiki (Latin script) (tg-latn) (new) -* Chinese (Macau) (zh-mo) (new) -* Chinese (Malaysia) (zh-my) (new) +* Bakhtiari (bqi) (new) +* Fiji Hindi (Devanagari script) (hif-deva) (new) +* Krio (kri) (new) +* Lezghian (lez) (new) +* Laz (lzz) (new) +* Eastern Mari (mhr) (new) +* Niuean (niu) (new) +* Oromo (om) (new) +* Plautdietsch (pdt) (new) +* Western Punjabi (pnb) (new) +* Tarantino (roa-tara) (new) +* Serbo-Croatian (sh) (new) +* Tulu (tcy) (new) == Compatibility == -MediaWiki 1.13 requires PHP 5 (5.1 recommended). PHP 4 is no longer supported. +MediaWiki 1.14 requires PHP 5 (5.2 recommended). PHP 4 is no longer supported. PHP 5.0.x fails on 64-bit systems due to serious bugs with array processing: http://bugs.php.net/bug.php?id=34879 @@ -711,16 +641,16 @@ At this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases. == Upgrading == -1.13 has several database changes since 1.12, and will not work without schema +1.14 has several database changes since 1.13, and will not work without schema updates. +If upgrading from before 1.11, and you are using a wiki as a commons reposito- +ry, make sure that it is updated as well. Otherwise, errors may arise due to +database schema changes. + If upgrading from before 1.7, you may want to run refreshLinks.php to ensure new database fields are filled with data. -If upgrading from before 1.11, and you are using a wiki as a commons repository, -make sure that it is updated as well. Otherwise, errors may arise due to -database schema changes. - If you are upgrading from MediaWiki 1.4.x or earlier, some major database changes are made, and there is a slightly higher chance that things could break. Don't forget to always back up your database before upgrading! @@ -736,7 +666,7 @@ set $wgMimeType = "application/xhtml+xml"; to test for remaining problem cases, but this is not recommended on live sites. (This must be set for MathML to display properly in Mozilla.) -For notes on 1.12.x and older releases, see HISTORY. +For notes on 1.13.x and older releases, see HISTORY. === Online documentation === |